Mercurial > hg > fapweb
diff ajax.php @ 59:e5e38ed4e837
Work on compo entry addition and editing.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Sat, 05 Oct 2013 11:36:09 +0300 |
parents | f9cd2dd42b2e |
children | e85ed35585fc |
line wrap: on
line diff
--- a/ajax.php Sat Oct 05 10:34:32 2013 +0300 +++ b/ajax.php Sat Oct 05 11:36:09 2013 +0300 @@ -2,6 +2,7 @@ // // AJAX request handler backend module // +$sessionType = "admin"; require "mconfig.inc.php"; require "msite.inc.php"; require "msession.inc.php"; @@ -9,7 +10,11 @@ // Check if we are allowed to execute if (!stCheckHTTPS() || !stAdmSessionAuth()) { - header("Status: 404 Not Found"); + stSetupCacheControl(); + + stSessionEnd(SESS_ADMIN); + + header("Location: news"); exit; } @@ -158,12 +163,13 @@ "<form>\n". " <table class=\"misc\">\n". " <tr>\n". - " <th colspan=\"3\">#".$id." - ".chentities($compo["name"])."</th>\n". + " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n". " </tr>\n". " <tr>\n". " <th style=\"width:1%;\">Compo</th>\n". " <th>Title</th>\n". " <th>Author(s)</th>\n". + " <th>Filename</th>\n". " <th>Actions</th>\n". " </tr>\n"; @@ -173,15 +179,25 @@ echo " <tr id=\"entry".$eid."\">\n". " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n". - " <td>".stGetFormTextInput(35, 64, "name", $eid, "en", $entry["name"])."</td>\n". + " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n". " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". + " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n". " <td>". - stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")"). - stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")"). + stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). + stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). "</td>\n". " </tr>\n"; } + + $prefix = "ne"; echo + " <tr>\n". + " <td></td>\n". + " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n". + " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". + " </tr>\n". " </table>\n". "</form>\n"; } @@ -320,6 +336,16 @@ execSQLCond($sql, "OK, attendee added."); } else + if ($type == "entry" && stChkRequestItem("name") && + stChkRequestItem("author") && stChkRequestItem("compo_id")) + { + $sql = stPrepareSQL( + "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)", + "name", "author", "compo_id", "filename"); + + execSQLCond($sql, "OK, entry added."); + } + else setStatus(902, "No data."); break; @@ -380,10 +406,11 @@ stChkRequestItem("compo_id")) { $sql = stPrepareSQLUpdate("entries", - "WHERE id=".intval(stGetRequestItem("id")). + "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "author" => "S", + "filename" => "S", "compo_id" => "D", ));