Mercurial > hg > fapweb
diff admajax.php @ 105:a85f258f6beb
Move some things around and modularize the code.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Mon, 21 Oct 2013 16:26:42 +0300 |
| parents | ajax.php@32c4654aad50 |
| children | ac1df74619cd |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/admajax.php Mon Oct 21 16:26:42 2013 +0300 @@ -0,0 +1,445 @@ +<? +// +// AJAX request handler backend module +// +$sessionType = "admin"; +require "mconfig.inc.php"; +require "msite.inc.php"; +require "msession.inc.php"; + +// Check if we are allowed to execute +if (!stCheckHTTPS() || !stAdmSessionAuth()) +{ + stSetupCacheControl(); + + stSessionEnd(SESS_ADMIN); + + header("Location: news"); + exit; +} + +stSetupCacheControl(); + +// Initiate SQL database connection +if (!stConnectSQLDB()) + die("Could not connect to SQL database."); + +// Fetch non-"hardcoded" settings from SQL database +stReloadSettings(); + + +function saveButton() +{ + return "<input type=\"submit\" value=\" Save \" />\n"; +} + + +// XMLHttp responses +$action = "ERROR"; +if (stChkRequestItem("action") && stChkRequestItem("type")) +{ + $action = $_REQUEST["action"]; + $type = $_REQUEST["type"]; +} + + +switch ($action) +{ + case "dump": + // + // Perform generic data dump + // + if (($res = stExecSQLCond( + "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", + "Dump OK.")) !== FALSE) + { + $out1 = array(); + $out2 = array(); + + foreach ($res as $item) + { + $out1[] = $item["name"]." <".$item["email"].">"; + $out2[] = $item["email"]; + } + + echo "<br /><hr />". + implode(", ", $out1)."<br /><hr /><br />". + implode("<br />", $out1)."<br /><hr /><br />". + implode(", ", $out2)."<br /><hr /><br />". + implode("<br />", $out2)."<br /><hr />"; + + } + break; + + case "get": + // + // Get specific data + // + switch ($type) + { + case "news": + $sql = "SELECT * FROM news ORDER BY utime DESC"; + break; + + case "attendees": + $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; + break; + + case "voters": + break; + + case "compos": + $sql = "SELECT * FROM compos ORDER BY id DESC"; + break; + + case "settings": + $prefix = "st"; + + echo + "<h1>Site settings</h1>\n". + "<table>\n"; + foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) + { + echo + " <tr>\n". + " <td>"; + $id = $item["key"]; + switch ($item["vtype"]) + { + case VT_INT: + echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); + break; + case VT_STR: + echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); + break; + case VT_BOOL: + echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); + break; + } + echo "</td>\n". + " <td>".$item["desc"]."</td>\n". + " </tr>\n"; + } + echo "</table>\n".saveButton(); + + foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) + { + echo "<h2>".chentities($item["desc"])."</h2>\n". + stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). + "\n<br />\n".saveButton(); + } + break; + + case "entries": + stGetCompoList(FALSE, FALSE); + + foreach ($compos as $id => $compo) + { + echo + "<form>\n". + " <table class=\"misc\">\n". + " <tr>\n". + " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n". + " </tr>\n". + " <tr>\n". + " <th style=\"width:1%;\">Compo</th>\n". + " <th>Title</th>\n". + " <th>Author(s)</th>\n". + " <th>Filename</th>\n". + " <th>Actions</th>\n". + " </tr>\n"; + + $prefix = "en"; + foreach ($compo["entries"] as $eid => $entry) + { + echo + " <tr id=\"entry".$eid."\">\n". + " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n". + " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". + " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n". + " <td>". + stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). + stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). + "</td>\n". + " </tr>\n"; + } + + $prefix = "ne"; + echo + " <tr>\n". + " <td></td>\n". + " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n". + " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". + " </tr>\n". + " </table>\n". + "</form>\n"; + } + break; + } + + // + // Perform query if we need to, output results + // + if (isset($sql) && ($res = stExecSQLCond($sql, "")) !== FALSE) + { + if ($type == "news") + { + foreach ($res as $item) + { + $id = $item["id"]; + stPrintNewsItem($item, + "<br />". + " <button class=\"button\" id=\"ndel".$id. + "\" type=\"button\" onclick=\"deleteNews(".$id. + ")\">Delete</button>\n" + ); + } + } + else + if ($type == "attendees") + { + // List of attendees + echo + "<table class=\"attendees\">\n". + " <tr>\n". + " <th class=\"name\">Name</th>\n". + " <th class=\"groups\">Groups</th>\n". + " <th class=\"regtime\">Registered</th>\n". + " <th class=\"oneliner\">Oneliner</th>\n". + " <th class=\"email\">E-mail</th>\n". + " <th>Actions</th>\n". + " </tr>\n"; + $row = 0; + foreach ($res as $item) + stPrintAttendee($item, $row++, TRUE); + + // For adding a new one + $prefix = "ne"; + echo + "</table>\n". + "<hr />\n". + "<table>\n". + " <tr>\n". + " <th>Name</th>\n". + " <th>Groups</th>\n". + " <th>Oneliner</th>\n". + " <th>E-mail</th>\n". + " <th>Actions</th>\n". + " </tr>\n". + " <tr>\n". + " <td>".stGetFormTextInput(20, 64, "name", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(20, 64, "groups", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(30, 64, "oneliner", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(20, 64, "email", "x", $prefix, "")."</td>\n". + " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". + " </tr>\n". + "</table>\n"; + } + else + if ($type == "compos") + { + foreach ($res as $item) + { + $id = $item["id"]; + $prefix = "co"; + echo + "<div id=\"compo".$id."\">\n". + "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". + stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". + stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". + stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n". + stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". + stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". + stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". + "</div>\n". + "<hr />\n"; + } + } + } + break; + + case "delete": + // + // Delete entry + // + if (stChkRequestItem("id")) + { + $id = intval(stGetRequestItem("id")); + + if ($type == "news") + { + $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); + stExecSQLCond($sql, "OK, news item ".$id." deleted."); + } + else + if ($type == "attendees") + { + // Attendees require some more work + $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); + stExecSQLCond($sql, "OK, attendee ".$id." deleted."); + + $sql = stPrepareSQL("DELETE FROM votes WHERE voter_id=%d", $id); + stExecSQLCond($sql, "OK, attendee ".$id." votes deleted."); + } + else + if ($type == "entries") + { + // .. as do compo entries + $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); + stExecSQLCond($sql, "OK, entry ".$id." deleted."); + + $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id); + stExecSQLCond($sql, "OK, entry ".$id." votes deleted."); + } + } + else + stSetStatus(901, "No ID specified."); + break; + + case "add": + // + // Add new entry + // + if ($type == "news" && stChkRequestItem("text") && + stChkRequestItem("author") && stChkRequestItem("title")) + { + $sql = stPrepareSQL( + "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", + time(), "title", "text", "author"); + + stExecSQLCond($sql, "OK, news item added."); + } + else + if ($type == "compo" && stChkRequestItem("name") && + stChkRequestItem("description")) + { + $sql = stPrepareSQL( + "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)", + "name", "description"); + + stExecSQLCond($sql, "OK, compo added."); + } + else + if ($type == "attendees" && stChkRequestItem("name") && + stChkRequestItem("groups") && stChkRequestItem("oneliner") && + stChkRequestItem("email")) + { + $sql = stPrepareSQL( + "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)", + time(), "name", "groups", "oneliner", "email"); + + stExecSQLCond($sql, "OK, attendee added."); + } + else + if ($type == "entry" && stChkRequestItem("name") && + stChkRequestItem("author") && stChkRequestItem("compo_id")) + { + $sql = stPrepareSQL( + "INSERT INTO entries (name,author,compo_id,filename) VALUES (%S,%S,%D,%S)", + "name", "author", "compo_id", "filename"); + + stExecSQLCond($sql, "OK, entry added."); + } + else + stSetStatus(902, "No data."); + break; + + case "update": + // + // Update existing entry + // + if ($type == "attendees" && stChkRequestItem("id") && + stChkRequestItem("email") && stChkRequestItem("oneliner") && + stChkRequestItem("active")) + { + $sql = stPrepareSQLUpdate("attendees", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "email" => "S", + "oneliner" => "S", + "active" => "B", + )); + + stExecSQLCond($sql, "OK, attendee updated."); + } + else + if ($type == "news" && stChkRequestItem("id") && + stChkRequestItem("text") && stChkRequestItem("author") && + stChkRequestItem("title")) + { + $sql = stPrepareSQLUpdate("news", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "title" => "S", + "text" => "Q", + "author" => "S" + )); + + stExecSQLCond($sql, "OK, news item updated."); + } + else + if ($type == "compo" && stChkRequestItem("id") && + stChkRequestItem("name") && stChkRequestItem("description") && + stChkRequestItem("visible") && stChkRequestItem("voting") && + stChkRequestItem("showAuthors")) + { + $sql = stPrepareSQLUpdate("compos", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "description" => "Q", + "visible" => "B", + "voting" => "B", + "showAuthors" => "B", + )); + + stExecSQLCond($sql, "OK, compo updated."); + } + else + if ($type == "entry" && stChkRequestItem("id") && + stChkRequestItem("name") && stChkRequestItem("author") && + stChkRequestItem("compo_id")) + { + $sql = stPrepareSQLUpdate("entries", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "author" => "S", + "filename" => "S", + "compo_id" => "D", + )); + + stExecSQLCond($sql, "OK, entry updated."); + } + else + if ($type == "settings") + { + foreach (stExecSQL("SELECT * FROM settings") as $item) + if (stChkRequestItem($item["key"])) + { + $val = stGetRequestItem($item["key"]); + switch ($item["vtype"]) + { + case VT_INT: $vsql = stPrepareSQL("vint=%d", $val); break; + case VT_BOOL: $vsql = stPrepareSQL("vint=%d", $val ? 1 : 0); break; + case VT_STR: $vsql = stPrepareSQL("vstr=%s", $val); break; + case VT_TEXT: $vsql = stPrepareSQL("vtext=%s", $val); break; + } + + $sql = "UPDATE settings SET ".$vsql." WHERE key=".$db->quote($item["key"]); + stExecSQLCond($sql, "OK, setting updated."); + } + } + else + stSetStatus(902, "No data."); + break; + + default: + stSetStatus(404, "Not Found"); + break; +} + +?> \ No newline at end of file