Mercurial > hg > fapweb

comparison admajax.php @ 105:a85f258f6beb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Move some things around and modularize the code.
author Matti Hamalainen <ccr@tnsp.org>
date Mon, 21 Oct 2013 16:26:42 +0300
parents ajax.php@32c4654aad50
children ac1df74619cd
comparison
equal deleted inserted replaced
104:c7b1eb993240 105:a85f258f6beb
1 <?
2 //
3 // AJAX request handler backend module
4 //
5 $sessionType = "admin";
6 require "mconfig.inc.php";
7 require "msite.inc.php";
8 require "msession.inc.php";
9
10 // Check if we are allowed to execute
11 if (!stCheckHTTPS() || !stAdmSessionAuth())
12 {
13 stSetupCacheControl();
14
15 stSessionEnd(SESS_ADMIN);
16
17 header("Location: news");
18 exit;
19 }
20
21 stSetupCacheControl();
22
23 // Initiate SQL database connection
24 if (!stConnectSQLDB())
25 die("Could not connect to SQL database.");
26
27 // Fetch non-"hardcoded" settings from SQL database
28 stReloadSettings();
29
30
31 function saveButton()
32 {
33 return "<input type=\"submit\" value=\" Save \" />\n";
34 }
35
36
37 // XMLHttp responses
38 $action = "ERROR";
39 if (stChkRequestItem("action") && stChkRequestItem("type"))
40 {
41 $action = $_REQUEST["action"];
42 $type = $_REQUEST["type"];
43 }
44
45
46 switch ($action)
47 {
48 case "dump":
49 //
50 // Perform generic data dump
51 //
52 if (($res = stExecSQLCond(
53 "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC",
54 "Dump OK.")) !== FALSE)
55 {
56 $out1 = array();
57 $out2 = array();
58
59 foreach ($res as $item)
60 {
61 $out1[] = $item["name"]." &lt;".$item["email"]."&gt;";
62 $out2[] = $item["email"];
63 }
64
65 echo "<br /><hr />".
66 implode(", ", $out1)."<br /><hr /><br />".
67 implode("<br />", $out1)."<br /><hr /><br />".
68 implode(", ", $out2)."<br /><hr /><br />".
69 implode("<br />", $out2)."<br /><hr />";
70
71 }
72 break;
73
74 case "get":
75 //
76 // Get specific data
77 //
78 switch ($type)
79 {
80 case "news":
81 $sql = "SELECT * FROM news ORDER BY utime DESC";
82 break;
83
84 case "attendees":
85 $sql = "SELECT * FROM attendees ORDER BY regtime DESC";
86 break;
87
88 case "voters":
89 break;
90
91 case "compos":
92 $sql = "SELECT * FROM compos ORDER BY id DESC";
93 break;
94
95 case "settings":
96 $prefix = "st";
97
98 echo
99 "<h1>Site settings</h1>\n".
100 "<table>\n";
101 foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item)
102 {
103 echo
104 " <tr>\n".
105 " <td>";
106 $id = $item["key"];
107 switch ($item["vtype"])
108 {
109 case VT_INT:
110 echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]);
111 break;
112 case VT_STR:
113 echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]);
114 break;
115 case VT_BOOL:
116 echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], "");
117 break;
118 }
119 echo "</td>\n".
120 " <td>".$item["desc"]."</td>\n".
121 " </tr>\n";
122 }
123 echo "</table>\n".saveButton();
124
125 foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item)
126 {
127 echo "<h2>".chentities($item["desc"])."</h2>\n".
128 stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]).
129 "\n<br />\n".saveButton();
130 }
131 break;
132
133 case "entries":
134 stGetCompoList(FALSE, FALSE);
135
136 foreach ($compos as $id => $compo)
137 {
138 echo
139 "<form>\n".
140 " <table class=\"misc\">\n".
141 " <tr>\n".
142 " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n".
143 " </tr>\n".
144 " <tr>\n".
145 " <th style=\"width:1%;\">Compo</th>\n".
146 " <th>Title</th>\n".
147 " <th>Author(s)</th>\n".
148 " <th>Filename</th>\n".
149 " <th>Actions</th>\n".
150 " </tr>\n";
151
152 $prefix = "en";
153 foreach ($compo["entries"] as $eid => $entry)
154 {
155 echo
156 " <tr id=\"entry".$eid."\">\n".
157 " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n".
158 " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n".
159 " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n".
160 " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n".
161 " <td>".
162 stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")").
163 stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")").
164 "</td>\n".
165 " </tr>\n";
166 }
167
168 $prefix = "ne";
169 echo
170 " <tr>\n".
171 " <td></td>\n".
172 " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n".
173 " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n".
174 " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n".
175 " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n".
176 " </tr>\n".
177 " </table>\n".
178 "</form>\n";
179 }
180 break;
181 }
182
183 //
184 // Perform query if we need to, output results
185 //
186 if (isset($sql) && ($res = stExecSQLCond($sql, "")) !== FALSE)
187 {
188 if ($type == "news")
189 {
190 foreach ($res as $item)
191 {
192 $id = $item["id"];
193 stPrintNewsItem($item,
194 "<br />".
195 " <button class=\"button\" id=\"ndel".$id.
196 "\" type=\"button\" onclick=\"deleteNews(".$id.
197 ")\">Delete</button>\n"
198 );
199 }
200 }
201 else
202 if ($type == "attendees")
203 {
204 // List of attendees
205 echo
206 "<table class=\"attendees\">\n".
207 " <tr>\n".
208 " <th class=\"name\">Name</th>\n".
209 " <th class=\"groups\">Groups</th>\n".
210 " <th class=\"regtime\">Registered</th>\n".
211 " <th class=\"oneliner\">Oneliner</th>\n".
212 " <th class=\"email\">E-mail</th>\n".
213 " <th>Actions</th>\n".
214 " </tr>\n";
215 $row = 0;
216 foreach ($res as $item)
217 stPrintAttendee($item, $row++, TRUE);
218
219 // For adding a new one
220 $prefix = "ne";
221 echo
222 "</table>\n".
223 "<hr />\n".
224 "<table>\n".
225 " <tr>\n".
226 " <th>Name</th>\n".
227 " <th>Groups</th>\n".
228 " <th>Oneliner</th>\n".
229 " <th>E-mail</th>\n".
230 " <th>Actions</th>\n".
231 " </tr>\n".
232 " <tr>\n".
233 " <td>".stGetFormTextInput(20, 64, "name", "x", $prefix, "")."</td>\n".
234 " <td>".stGetFormTextInput(20, 64, "groups", "x", $prefix, "")."</td>\n".
235 " <td>".stGetFormTextInput(30, 64, "oneliner", "x", $prefix, "")."</td>\n".
236 " <td>".stGetFormTextInput(20, 64, "email", "x", $prefix, "")."</td>\n".
237 " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n".
238 " </tr>\n".
239 "</table>\n";
240 }
241 else
242 if ($type == "compos")
243 {
244 foreach ($res as $item)
245 {
246 $id = $item["id"];
247 $prefix = "co";
248 echo
249 "<div id=\"compo".$id."\">\n".
250 "<h2>#".$id." - ".chentities($item["name"])."</h2>\n".
251 stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n".
252 stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n".
253 stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n".
254 stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n".
255 stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n".
256 stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n".
257 "</div>\n".
258 "<hr />\n";
259 }
260 }
261 }
262 break;
263
264 case "delete":
265 //
266 // Delete entry
267 //
268 if (stChkRequestItem("id"))
269 {
270 $id = intval(stGetRequestItem("id"));
271
272 if ($type == "news")
273 {
274 $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id);
275 stExecSQLCond($sql, "OK, news item ".$id." deleted.");
276 }
277 else
278 if ($type == "attendees")
279 {
280 // Attendees require some more work
281 $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id);
282 stExecSQLCond($sql, "OK, attendee ".$id." deleted.");
283
284 $sql = stPrepareSQL("DELETE FROM votes WHERE voter_id=%d", $id);
285 stExecSQLCond($sql, "OK, attendee ".$id." votes deleted.");
286 }
287 else
288 if ($type == "entries")
289 {
290 // .. as do compo entries
291 $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id);
292 stExecSQLCond($sql, "OK, entry ".$id." deleted.");
293
294 $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id);
295 stExecSQLCond($sql, "OK, entry ".$id." votes deleted.");
296 }
297 }
298 else
299 stSetStatus(901, "No ID specified.");
300 break;
301
302 case "add":
303 //
304 // Add new entry
305 //
306 if ($type == "news" && stChkRequestItem("text") &&
307 stChkRequestItem("author") && stChkRequestItem("title"))
308 {
309 $sql = stPrepareSQL(
310 "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)",
311 time(), "title", "text", "author");
312
313 stExecSQLCond($sql, "OK, news item added.");
314 }
315 else
316 if ($type == "compo" && stChkRequestItem("name") &&
317 stChkRequestItem("description"))
318 {
319 $sql = stPrepareSQL(
320 "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)",
321 "name", "description");
322
323 stExecSQLCond($sql, "OK, compo added.");
324 }
325 else
326 if ($type == "attendees" && stChkRequestItem("name") &&
327 stChkRequestItem("groups") && stChkRequestItem("oneliner") &&
328 stChkRequestItem("email"))
329 {
330 $sql = stPrepareSQL(
331 "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)",
332 time(), "name", "groups", "oneliner", "email");
333
334 stExecSQLCond($sql, "OK, attendee added.");
335 }
336 else
337 if ($type == "entry" && stChkRequestItem("name") &&
338 stChkRequestItem("author") && stChkRequestItem("compo_id"))
339 {
340 $sql = stPrepareSQL(
341 "INSERT INTO entries (name,author,compo_id,filename) VALUES (%S,%S,%D,%S)",
342 "name", "author", "compo_id", "filename");
343
344 stExecSQLCond($sql, "OK, entry added.");
345 }
346 else
347 stSetStatus(902, "No data.");
348 break;
349
350 case "update":
351 //
352 // Update existing entry
353 //
354 if ($type == "attendees" && stChkRequestItem("id") &&
355 stChkRequestItem("email") && stChkRequestItem("oneliner") &&
356 stChkRequestItem("active"))
357 {
358 $sql = stPrepareSQLUpdate("attendees",
359 "WHERE id=".intval(stGetRequestItem("id")),
360 array(
361 "email" => "S",
362 "oneliner" => "S",
363 "active" => "B",
364 ));
365
366 stExecSQLCond($sql, "OK, attendee updated.");
367 }
368 else
369 if ($type == "news" && stChkRequestItem("id") &&
370 stChkRequestItem("text") && stChkRequestItem("author") &&
371 stChkRequestItem("title"))
372 {
373 $sql = stPrepareSQLUpdate("news",
374 "WHERE id=".intval(stGetRequestItem("id")),
375 array(
376 "title" => "S",
377 "text" => "Q",
378 "author" => "S"
379 ));
380
381 stExecSQLCond($sql, "OK, news item updated.");
382 }
383 else
384 if ($type == "compo" && stChkRequestItem("id") &&
385 stChkRequestItem("name") && stChkRequestItem("description") &&
386 stChkRequestItem("visible") && stChkRequestItem("voting") &&
387 stChkRequestItem("showAuthors"))
388 {
389 $sql = stPrepareSQLUpdate("compos",
390 "WHERE id=".intval(stGetRequestItem("id")),
391 array(
392 "name" => "S",
393 "description" => "Q",
394 "visible" => "B",
395 "voting" => "B",
396 "showAuthors" => "B",
397 ));
398
399 stExecSQLCond($sql, "OK, compo updated.");
400 }
401 else
402 if ($type == "entry" && stChkRequestItem("id") &&
403 stChkRequestItem("name") && stChkRequestItem("author") &&
404 stChkRequestItem("compo_id"))
405 {
406 $sql = stPrepareSQLUpdate("entries",
407 "WHERE id=".intval(stGetRequestItem("id")),
408 array(
409 "name" => "S",
410 "author" => "S",
411 "filename" => "S",
412 "compo_id" => "D",
413 ));
414
415 stExecSQLCond($sql, "OK, entry updated.");
416 }
417 else
418 if ($type == "settings")
419 {
420 foreach (stExecSQL("SELECT * FROM settings") as $item)
421 if (stChkRequestItem($item["key"]))
422 {
423 $val = stGetRequestItem($item["key"]);
424 switch ($item["vtype"])
425 {
426 case VT_INT: $vsql = stPrepareSQL("vint=%d", $val); break;
427 case VT_BOOL: $vsql = stPrepareSQL("vint=%d", $val ? 1 : 0); break;
428 case VT_STR: $vsql = stPrepareSQL("vstr=%s", $val); break;
429 case VT_TEXT: $vsql = stPrepareSQL("vtext=%s", $val); break;
430 }
431
432 $sql = "UPDATE settings SET ".$vsql." WHERE key=".$db->quote($item["key"]);
433 stExecSQLCond($sql, "OK, setting updated.");
434 }
435 }
436 else
437 stSetStatus(902, "No data.");
438 break;
439
440 default:
441 stSetStatus(404, "Not Found");
442 break;
443 }
444
445 ?>