Mercurial > hg > fapweb
diff ajax.php @ 0:8019b357cc03
Initial import.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 04 Dec 2012 19:07:18 +0200 |
parents | |
children | 916623924bd5 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ajax.php Tue Dec 04 19:07:18 2012 +0200 @@ -0,0 +1,358 @@ +<? +require "mconfig.inc.php"; +require "msite.inc.php"; + +// Check if we are allowed to execute +if (!stCheckHTTPS() || !stAuthSession()) +{ + header("Status: 404 Not Found"); + exit; +} + +header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 +header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past + + +// Open PDO database connection +if (!stConnectSQLDB()) + die("Could not connect to SQL database."); + + +function setStatus($val, $msg) +{ + global $statusSet; + if (!$statusSet) + { + header("Status: ".$val." ".$msg); + } + $statusSet = TRUE; +} + + +function execSQLCond($sql, $okmsg) +{ + if (($res = stExecSQL($sql)) !== FALSE) + { + if ($okmsg != "") + setStatus(200, $okmsg); + return $res; + } + else + { + setStatus(900, "Error in SQL execution."); + return FALSE; + } +} + + +// XMLHttp responses +$action = "ERROR"; +if (stChkRequestItem("action") && stChkRequestItem("type")) +{ + $action = $_REQUEST["action"]; + $type = $_REQUEST["type"]; +} + + +switch ($action) +{ + case "dump": + if (($res = execSQLCond( + "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", + "Dump OK.")) !== FALSE) + { + $out1 = array(); + $out2 = array(); + + foreach ($res as $item) + { + $out1[] = $item["name"]." <".$item["email"].">"; + $out2[] = $item["email"]; + } + + echo "<br /><hr />". + implode(", ", $out1)."<br /><hr /><br />". + implode("<br />", $out1)."<br /><hr /><br />". + implode(", ", $out2)."<br /><hr /><br />". + implode("<br />", $out2)."<br /><hr />"; + + } + break; + + case "get": + switch ($type) + { + case "news": + $sql = "SELECT * FROM news ORDER BY utime DESC"; + break; + + case "attendees": + $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; + break; + + case "compos": + $sql = "SELECT * FROM compos ORDER BY id DESC"; + break; + + case "entries": + stGetCompoList(TRUE); + + foreach ($compos as $id => $compo) + { + echo + "<form>\n". + " <table class=\"misc\">\n". + " <tr>\n". + " <th colspan=\"3\">".chentities($compo["name"])."</th>\n". + " </tr>\n". + " <tr>\n". + " <th>Title</th>\n". + " <th>Author</th>\n". + " <th>Actions</th>\n". + " </tr>\n"; + + $prefix = "en"; + foreach ($compo["entries"] as $eid => $entry) + { + echo + " <tr id=\"entry".$eid."\">\n". + " <td>".stGetFormTextInput(40, 64, "name", $eid, "en", $entry["name"])."</td>\n". + " <td>".stGetFormTextInput(40, 64, "author", $eid, "en", $entry["author"])."</td>\n". + " <td>". + stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")"). + stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")"). + "</td>\n". + " </tr>\n"; + } + $prefix = "ne"; + echo + " <tr>\n". + " <td>".stGetFormTextInput(40, 64, "name", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(40, 64, "author", $id, "ne", "")."</td>\n". + " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". + " </tr>\n". + " </table>\n". + "</form>\n"; + } + break; + + case "voters": + $sql = "SELECT * FROM voters ORDER BY id ASC"; + } + + if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE) + { + if ($type == "news") + { + foreach ($res as $item) + { + $id = $item["id"]; + stPrintNewsItem($item, + "<br />". + " <button class=\"button\" id=\"ndel".$id. + "\" type=\"button\" onclick=\"deleteNews(".$id. + ")\">Delete</button>\n" + ); + } + } + else + if ($type == "attendees") + { + echo + "<table class=\"attendees\">\n". + " <tr>\n". + " <th>Name</th>\n". + " <th class=\"groups\">Group(s)</th>\n". + " <th class=\"regtime\">Registered</th>\n". + " <th class=\"oneliner\">Oneliner</th>\n". + " <th class=\"email\">E-mail</th>\n". + " <th>Actions</th>\n". + " </tr>\n"; + $row = 0; + foreach ($res as $item) + stPrintAttendee($item, $row++, TRUE); + echo "</table>\n"; + } + else + if ($type == "compos") + { + foreach ($res as $item) + { + $id = $item["id"]; + $prefix = "co"; + echo + "<div id=\"compo".$id."\">\n". + "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". + stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". + stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Enabled")."<br />\n". + stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". + stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". + "</div>\n". + "<hr />\n"; + } + } + else + if ($type == "voters") + { + echo + "<table class=\"misc\">\n". + " <tr>\n". + " <th style=\"width: 5%; text-align: center;\">#</th>\n". + " <th style=\"\">Vote key</th>\n". + " <th style=\"\">Name</th>\n". + " <th style=\"width: 5%; text-align: center;\">Active</th>\n". + " </tr>\n"; + $row = 0; + foreach ($res as $item) + { + $id = $item["id"]; + $prefix = "vo"; + echo + " <tr>\n". + " <tr class=\"".($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n". + " <td>".sprintf("%04d", $id)."</td>\n". + " <td>".chentities($item["key"])."</td>\n". + " <td>".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"], + "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n". + " <td>".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Active", + "onClick=\"updateVoter(".$id.")\"")."</td>\n". + " </tr>\n"; + $row++; + } + echo "</table>\n"; + } + } + break; + + case "delete": + if (stChkRequestItem("id")) + { + $id = intval(stGetRequestItem("id")); + + if ($type == "news") + $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); + else + if ($type == "attendees") + $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); + else + if ($type == "entries") + $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); + + execSQLCond($sql, "OK, ".$type." item ".$id." deleted."); + } + else + setStatus(901, "No ID specified."); + break; + + case "add": + if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) + { + $sql = stPrepareSQL( + "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", + time(), "title", "text", "author"); + + execSQLCond($sql, "OK, news item added."); + } + else + if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description")) + { + $sql = stPrepareSQL( + "INSERT INTO compos (name,description,enabled) VALUES (%S,%Q,0)", + "name", "description", 0); + + execSQLCond($sql, "OK, compo added."); + } + else + if ($type == "entry" && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) + { + $sql = stPrepareSQL( + "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)", + "name", "author", "compo_id"); + + execSQLCond($sql, "OK, entry added."); + } + else + setStatus(902, "No data."); + break; + + case "update": + if ($type == "attendees" && stChkRequestItem("id") && + stChkRequestItem("email") && stChkRequestItem("oneliner")) + { + $sql = stPrepareSQLUpdate("attendees", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "email" => "S", + "oneliner" => "S", + )); + + execSQLCond($sql, "OK, attendee updated."); + } + else + if ($type == "news" && stChkRequestItem("id") && + stChkRequestItem("text") && stChkRequestItem("author") && + stChkRequestItem("title")) + { + $sql = stPrepareSQLUpdate("news", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "title" => "S", + "text" => "Q", + "author" => "S" + )); + + execSQLCond($sql, "OK, news item updated."); + } + else + if ($type == "compo" && stChkRequestItem("id") && + stChkRequestItem("name") && stChkRequestItem("description") && + stChkRequestItem("enabled")) + { + $sql = stPrepareSQLUpdate("compos", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "description" => "Q", + "enabled" => "B", + )); + + execSQLCond($sql, "OK, compo updated."); + } + else + if ($type == "voter" && stChkRequestItem("id") && + stChkRequestItem("name") && stChkRequestItem("enabled")) + { + $sql = stPrepareSQLUpdate("voters", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "enabled" => "B", + )); + + execSQLCond($sql, "OK, voter updated."); + } + else + if ($type == "entry" && stChkRequestItem("id") && + stChkRequestItem("compo_id") && stChkRequestItem("name") && + stChkRequestItem("author")) + { + $sql = stPrepareSQLUpdate("entries", + "WHERE id=".intval(stGetRequestItem("id"). + " AND compo_id=".intval(stGetRequestItem("compo_id"))), + array( + "name" => "S", + "author" => "S", + )); + + execSQLCond($sql, "OK, voter updated."); + } + else + setStatus(902, "No data."); + break; + + default: + setStatus(404, "Not Found"); + break; +} + +?> \ No newline at end of file