Mercurial > hg > fapweb

diff ajax.php @ 59:e5e38ed4e837

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Work on compo entry addition and editing.
author Matti Hamalainen <ccr@tnsp.org>
date Sat, 05 Oct 2013 11:36:09 +0300
parents f9cd2dd42b2e
children e85ed35585fc
line wrap: on
line diff
--- a/ajax.php	Sat Oct 05 10:34:32 2013 +0300
+++ b/ajax.php	Sat Oct 05 11:36:09 2013 +0300
@@ -2,6 +2,7 @@
 //
 // AJAX request handler backend module
 //
+$sessionType = "admin";
 require "mconfig.inc.php";
 require "msite.inc.php";
 require "msession.inc.php";
@@ -9,7 +10,11 @@
 // Check if we are allowed to execute
 if (!stCheckHTTPS() || !stAdmSessionAuth())
 {
-  header("Status: 404 Not Found");
+  stSetupCacheControl();
+
+  stSessionEnd(SESS_ADMIN);
+
+  header("Location: news");
   exit;
 }
 
@@ -158,12 +163,13 @@
             "<form>\n".
             " <table class=\"misc\">\n".
             "  <tr>\n".
-            "   <th colspan=\"3\">#".$id." - ".chentities($compo["name"])."</th>\n".
+            "   <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n".
             "  </tr>\n".
             "  <tr>\n".
             "   <th style=\"width:1%;\">Compo</th>\n".
             "   <th>Title</th>\n".
             "   <th>Author(s)</th>\n".
+            "   <th>Filename</th>\n".
             "   <th>Actions</th>\n".
             "  </tr>\n";
 
@@ -173,15 +179,25 @@
             echo
               "  <tr id=\"entry".$eid."\">\n".
               "   <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n".
-              "   <td>".stGetFormTextInput(35, 64, "name", $eid, "en", $entry["name"])."</td>\n".
+              "   <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n".
               "   <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n".
+              "   <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n".
               "   <td>".
-              stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")").
-              stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")").
+              stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")").
+              stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")").
               "</td>\n".
               "  </tr>\n";
           }
+
+          $prefix = "ne";
           echo
+            "  <tr>\n".
+            "   <td></td>\n".
+            "   <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n".
+            "   <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n".
+            "   <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n".
+            "   <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n".
+            "  </tr>\n".
             " </table>\n".
             "</form>\n";
         }
@@ -320,6 +336,16 @@
       execSQLCond($sql, "OK, attendee added.");
     }
     else
+    if ($type == "entry" && stChkRequestItem("name") &&
+      stChkRequestItem("author") && stChkRequestItem("compo_id"))
+    {
+      $sql = stPrepareSQL(
+        "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)",
+        "name", "author", "compo_id", "filename");
+
+      execSQLCond($sql, "OK, entry added.");
+    }
+    else
       setStatus(902, "No data.");
     break;
 
@@ -380,10 +406,11 @@
       stChkRequestItem("compo_id"))
     {
       $sql = stPrepareSQLUpdate("entries",
-        "WHERE id=".intval(stGetRequestItem("id")).
+        "WHERE id=".intval(stGetRequestItem("id")),
         array(
           "name" => "S",
           "author" => "S",
+          "filename" => "S",
           "compo_id" => "D",
         ));