Mercurial > hg > fapweb
comparison admajax.php @ 105:a85f258f6beb
Move some things around and modularize the code.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 21 Oct 2013 16:26:42 +0300 |
parents | ajax.php@32c4654aad50 |
children | ac1df74619cd |
comparison
equal
deleted
inserted
replaced
104:c7b1eb993240 | 105:a85f258f6beb |
---|---|
1 <? | |
2 // | |
3 // AJAX request handler backend module | |
4 // | |
5 $sessionType = "admin"; | |
6 require "mconfig.inc.php"; | |
7 require "msite.inc.php"; | |
8 require "msession.inc.php"; | |
9 | |
10 // Check if we are allowed to execute | |
11 if (!stCheckHTTPS() || !stAdmSessionAuth()) | |
12 { | |
13 stSetupCacheControl(); | |
14 | |
15 stSessionEnd(SESS_ADMIN); | |
16 | |
17 header("Location: news"); | |
18 exit; | |
19 } | |
20 | |
21 stSetupCacheControl(); | |
22 | |
23 // Initiate SQL database connection | |
24 if (!stConnectSQLDB()) | |
25 die("Could not connect to SQL database."); | |
26 | |
27 // Fetch non-"hardcoded" settings from SQL database | |
28 stReloadSettings(); | |
29 | |
30 | |
31 function saveButton() | |
32 { | |
33 return "<input type=\"submit\" value=\" Save \" />\n"; | |
34 } | |
35 | |
36 | |
37 // XMLHttp responses | |
38 $action = "ERROR"; | |
39 if (stChkRequestItem("action") && stChkRequestItem("type")) | |
40 { | |
41 $action = $_REQUEST["action"]; | |
42 $type = $_REQUEST["type"]; | |
43 } | |
44 | |
45 | |
46 switch ($action) | |
47 { | |
48 case "dump": | |
49 // | |
50 // Perform generic data dump | |
51 // | |
52 if (($res = stExecSQLCond( | |
53 "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", | |
54 "Dump OK.")) !== FALSE) | |
55 { | |
56 $out1 = array(); | |
57 $out2 = array(); | |
58 | |
59 foreach ($res as $item) | |
60 { | |
61 $out1[] = $item["name"]." <".$item["email"].">"; | |
62 $out2[] = $item["email"]; | |
63 } | |
64 | |
65 echo "<br /><hr />". | |
66 implode(", ", $out1)."<br /><hr /><br />". | |
67 implode("<br />", $out1)."<br /><hr /><br />". | |
68 implode(", ", $out2)."<br /><hr /><br />". | |
69 implode("<br />", $out2)."<br /><hr />"; | |
70 | |
71 } | |
72 break; | |
73 | |
74 case "get": | |
75 // | |
76 // Get specific data | |
77 // | |
78 switch ($type) | |
79 { | |
80 case "news": | |
81 $sql = "SELECT * FROM news ORDER BY utime DESC"; | |
82 break; | |
83 | |
84 case "attendees": | |
85 $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; | |
86 break; | |
87 | |
88 case "voters": | |
89 break; | |
90 | |
91 case "compos": | |
92 $sql = "SELECT * FROM compos ORDER BY id DESC"; | |
93 break; | |
94 | |
95 case "settings": | |
96 $prefix = "st"; | |
97 | |
98 echo | |
99 "<h1>Site settings</h1>\n". | |
100 "<table>\n"; | |
101 foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) | |
102 { | |
103 echo | |
104 " <tr>\n". | |
105 " <td>"; | |
106 $id = $item["key"]; | |
107 switch ($item["vtype"]) | |
108 { | |
109 case VT_INT: | |
110 echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); | |
111 break; | |
112 case VT_STR: | |
113 echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); | |
114 break; | |
115 case VT_BOOL: | |
116 echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); | |
117 break; | |
118 } | |
119 echo "</td>\n". | |
120 " <td>".$item["desc"]."</td>\n". | |
121 " </tr>\n"; | |
122 } | |
123 echo "</table>\n".saveButton(); | |
124 | |
125 foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) | |
126 { | |
127 echo "<h2>".chentities($item["desc"])."</h2>\n". | |
128 stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). | |
129 "\n<br />\n".saveButton(); | |
130 } | |
131 break; | |
132 | |
133 case "entries": | |
134 stGetCompoList(FALSE, FALSE); | |
135 | |
136 foreach ($compos as $id => $compo) | |
137 { | |
138 echo | |
139 "<form>\n". | |
140 " <table class=\"misc\">\n". | |
141 " <tr>\n". | |
142 " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n". | |
143 " </tr>\n". | |
144 " <tr>\n". | |
145 " <th style=\"width:1%;\">Compo</th>\n". | |
146 " <th>Title</th>\n". | |
147 " <th>Author(s)</th>\n". | |
148 " <th>Filename</th>\n". | |
149 " <th>Actions</th>\n". | |
150 " </tr>\n"; | |
151 | |
152 $prefix = "en"; | |
153 foreach ($compo["entries"] as $eid => $entry) | |
154 { | |
155 echo | |
156 " <tr id=\"entry".$eid."\">\n". | |
157 " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n". | |
158 " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n". | |
159 " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". | |
160 " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n". | |
161 " <td>". | |
162 stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). | |
163 stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). | |
164 "</td>\n". | |
165 " </tr>\n"; | |
166 } | |
167 | |
168 $prefix = "ne"; | |
169 echo | |
170 " <tr>\n". | |
171 " <td></td>\n". | |
172 " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n". | |
173 " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n". | |
174 " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n". | |
175 " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". | |
176 " </tr>\n". | |
177 " </table>\n". | |
178 "</form>\n"; | |
179 } | |
180 break; | |
181 } | |
182 | |
183 // | |
184 // Perform query if we need to, output results | |
185 // | |
186 if (isset($sql) && ($res = stExecSQLCond($sql, "")) !== FALSE) | |
187 { | |
188 if ($type == "news") | |
189 { | |
190 foreach ($res as $item) | |
191 { | |
192 $id = $item["id"]; | |
193 stPrintNewsItem($item, | |
194 "<br />". | |
195 " <button class=\"button\" id=\"ndel".$id. | |
196 "\" type=\"button\" onclick=\"deleteNews(".$id. | |
197 ")\">Delete</button>\n" | |
198 ); | |
199 } | |
200 } | |
201 else | |
202 if ($type == "attendees") | |
203 { | |
204 // List of attendees | |
205 echo | |
206 "<table class=\"attendees\">\n". | |
207 " <tr>\n". | |
208 " <th class=\"name\">Name</th>\n". | |
209 " <th class=\"groups\">Groups</th>\n". | |
210 " <th class=\"regtime\">Registered</th>\n". | |
211 " <th class=\"oneliner\">Oneliner</th>\n". | |
212 " <th class=\"email\">E-mail</th>\n". | |
213 " <th>Actions</th>\n". | |
214 " </tr>\n"; | |
215 $row = 0; | |
216 foreach ($res as $item) | |
217 stPrintAttendee($item, $row++, TRUE); | |
218 | |
219 // For adding a new one | |
220 $prefix = "ne"; | |
221 echo | |
222 "</table>\n". | |
223 "<hr />\n". | |
224 "<table>\n". | |
225 " <tr>\n". | |
226 " <th>Name</th>\n". | |
227 " <th>Groups</th>\n". | |
228 " <th>Oneliner</th>\n". | |
229 " <th>E-mail</th>\n". | |
230 " <th>Actions</th>\n". | |
231 " </tr>\n". | |
232 " <tr>\n". | |
233 " <td>".stGetFormTextInput(20, 64, "name", "x", $prefix, "")."</td>\n". | |
234 " <td>".stGetFormTextInput(20, 64, "groups", "x", $prefix, "")."</td>\n". | |
235 " <td>".stGetFormTextInput(30, 64, "oneliner", "x", $prefix, "")."</td>\n". | |
236 " <td>".stGetFormTextInput(20, 64, "email", "x", $prefix, "")."</td>\n". | |
237 " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". | |
238 " </tr>\n". | |
239 "</table>\n"; | |
240 } | |
241 else | |
242 if ($type == "compos") | |
243 { | |
244 foreach ($res as $item) | |
245 { | |
246 $id = $item["id"]; | |
247 $prefix = "co"; | |
248 echo | |
249 "<div id=\"compo".$id."\">\n". | |
250 "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". | |
251 stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". | |
252 stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". | |
253 stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n". | |
254 stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". | |
255 stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". | |
256 stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". | |
257 "</div>\n". | |
258 "<hr />\n"; | |
259 } | |
260 } | |
261 } | |
262 break; | |
263 | |
264 case "delete": | |
265 // | |
266 // Delete entry | |
267 // | |
268 if (stChkRequestItem("id")) | |
269 { | |
270 $id = intval(stGetRequestItem("id")); | |
271 | |
272 if ($type == "news") | |
273 { | |
274 $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); | |
275 stExecSQLCond($sql, "OK, news item ".$id." deleted."); | |
276 } | |
277 else | |
278 if ($type == "attendees") | |
279 { | |
280 // Attendees require some more work | |
281 $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); | |
282 stExecSQLCond($sql, "OK, attendee ".$id." deleted."); | |
283 | |
284 $sql = stPrepareSQL("DELETE FROM votes WHERE voter_id=%d", $id); | |
285 stExecSQLCond($sql, "OK, attendee ".$id." votes deleted."); | |
286 } | |
287 else | |
288 if ($type == "entries") | |
289 { | |
290 // .. as do compo entries | |
291 $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); | |
292 stExecSQLCond($sql, "OK, entry ".$id." deleted."); | |
293 | |
294 $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id); | |
295 stExecSQLCond($sql, "OK, entry ".$id." votes deleted."); | |
296 } | |
297 } | |
298 else | |
299 stSetStatus(901, "No ID specified."); | |
300 break; | |
301 | |
302 case "add": | |
303 // | |
304 // Add new entry | |
305 // | |
306 if ($type == "news" && stChkRequestItem("text") && | |
307 stChkRequestItem("author") && stChkRequestItem("title")) | |
308 { | |
309 $sql = stPrepareSQL( | |
310 "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", | |
311 time(), "title", "text", "author"); | |
312 | |
313 stExecSQLCond($sql, "OK, news item added."); | |
314 } | |
315 else | |
316 if ($type == "compo" && stChkRequestItem("name") && | |
317 stChkRequestItem("description")) | |
318 { | |
319 $sql = stPrepareSQL( | |
320 "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)", | |
321 "name", "description"); | |
322 | |
323 stExecSQLCond($sql, "OK, compo added."); | |
324 } | |
325 else | |
326 if ($type == "attendees" && stChkRequestItem("name") && | |
327 stChkRequestItem("groups") && stChkRequestItem("oneliner") && | |
328 stChkRequestItem("email")) | |
329 { | |
330 $sql = stPrepareSQL( | |
331 "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)", | |
332 time(), "name", "groups", "oneliner", "email"); | |
333 | |
334 stExecSQLCond($sql, "OK, attendee added."); | |
335 } | |
336 else | |
337 if ($type == "entry" && stChkRequestItem("name") && | |
338 stChkRequestItem("author") && stChkRequestItem("compo_id")) | |
339 { | |
340 $sql = stPrepareSQL( | |
341 "INSERT INTO entries (name,author,compo_id,filename) VALUES (%S,%S,%D,%S)", | |
342 "name", "author", "compo_id", "filename"); | |
343 | |
344 stExecSQLCond($sql, "OK, entry added."); | |
345 } | |
346 else | |
347 stSetStatus(902, "No data."); | |
348 break; | |
349 | |
350 case "update": | |
351 // | |
352 // Update existing entry | |
353 // | |
354 if ($type == "attendees" && stChkRequestItem("id") && | |
355 stChkRequestItem("email") && stChkRequestItem("oneliner") && | |
356 stChkRequestItem("active")) | |
357 { | |
358 $sql = stPrepareSQLUpdate("attendees", | |
359 "WHERE id=".intval(stGetRequestItem("id")), | |
360 array( | |
361 "email" => "S", | |
362 "oneliner" => "S", | |
363 "active" => "B", | |
364 )); | |
365 | |
366 stExecSQLCond($sql, "OK, attendee updated."); | |
367 } | |
368 else | |
369 if ($type == "news" && stChkRequestItem("id") && | |
370 stChkRequestItem("text") && stChkRequestItem("author") && | |
371 stChkRequestItem("title")) | |
372 { | |
373 $sql = stPrepareSQLUpdate("news", | |
374 "WHERE id=".intval(stGetRequestItem("id")), | |
375 array( | |
376 "title" => "S", | |
377 "text" => "Q", | |
378 "author" => "S" | |
379 )); | |
380 | |
381 stExecSQLCond($sql, "OK, news item updated."); | |
382 } | |
383 else | |
384 if ($type == "compo" && stChkRequestItem("id") && | |
385 stChkRequestItem("name") && stChkRequestItem("description") && | |
386 stChkRequestItem("visible") && stChkRequestItem("voting") && | |
387 stChkRequestItem("showAuthors")) | |
388 { | |
389 $sql = stPrepareSQLUpdate("compos", | |
390 "WHERE id=".intval(stGetRequestItem("id")), | |
391 array( | |
392 "name" => "S", | |
393 "description" => "Q", | |
394 "visible" => "B", | |
395 "voting" => "B", | |
396 "showAuthors" => "B", | |
397 )); | |
398 | |
399 stExecSQLCond($sql, "OK, compo updated."); | |
400 } | |
401 else | |
402 if ($type == "entry" && stChkRequestItem("id") && | |
403 stChkRequestItem("name") && stChkRequestItem("author") && | |
404 stChkRequestItem("compo_id")) | |
405 { | |
406 $sql = stPrepareSQLUpdate("entries", | |
407 "WHERE id=".intval(stGetRequestItem("id")), | |
408 array( | |
409 "name" => "S", | |
410 "author" => "S", | |
411 "filename" => "S", | |
412 "compo_id" => "D", | |
413 )); | |
414 | |
415 stExecSQLCond($sql, "OK, entry updated."); | |
416 } | |
417 else | |
418 if ($type == "settings") | |
419 { | |
420 foreach (stExecSQL("SELECT * FROM settings") as $item) | |
421 if (stChkRequestItem($item["key"])) | |
422 { | |
423 $val = stGetRequestItem($item["key"]); | |
424 switch ($item["vtype"]) | |
425 { | |
426 case VT_INT: $vsql = stPrepareSQL("vint=%d", $val); break; | |
427 case VT_BOOL: $vsql = stPrepareSQL("vint=%d", $val ? 1 : 0); break; | |
428 case VT_STR: $vsql = stPrepareSQL("vstr=%s", $val); break; | |
429 case VT_TEXT: $vsql = stPrepareSQL("vtext=%s", $val); break; | |
430 } | |
431 | |
432 $sql = "UPDATE settings SET ".$vsql." WHERE key=".$db->quote($item["key"]); | |
433 stExecSQLCond($sql, "OK, setting updated."); | |
434 } | |
435 } | |
436 else | |
437 stSetStatus(902, "No data."); | |
438 break; | |
439 | |
440 default: | |
441 stSetStatus(404, "Not Found"); | |
442 break; | |
443 } | |
444 | |
445 ?> |