Mercurial > hg > fapweb
view ajax.php @ 30:ad25827304b6
Adding entries is now done via the regular entry submission system .. which
is unfinished. To be fixed soon!
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 09 Dec 2012 05:58:14 +0200 |
| parents | 4b5a176805e2 |
| children | 36392d1d6b5f |
line wrap: on
line source
<? require "mconfig.inc.php"; require "msite.inc.php"; // Check if we are allowed to execute if (!stCheckHTTPS() || !stAdmSessionAuth()) { header("Status: 404 Not Found"); exit; } stSetupCacheControl(); // Initiate SQL database connection if (!stConnectSQLDB()) die("Could not connect to SQL database."); // Fetch non-"hardcoded" settings from SQL database stReloadSettings(); function saveButton() { return "<input type=\"submit\" value=\" Save \" />\n"; } function setStatus($val, $msg) { global $statusSet; if (!$statusSet) { header("Status: ".$val." ".$msg); } $statusSet = TRUE; } function execSQLCond($sql, $okmsg) { if (($res = stExecSQL($sql)) !== FALSE) { if ($okmsg != "") setStatus(200, $okmsg); return $res; } else { setStatus(900, "Error in SQL execution."); return FALSE; } } // XMLHttp responses $action = "ERROR"; if (stChkRequestItem("action") && stChkRequestItem("type")) { $action = $_REQUEST["action"]; $type = $_REQUEST["type"]; } switch ($action) { case "dump": if (($res = execSQLCond( "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", "Dump OK.")) !== FALSE) { $out1 = array(); $out2 = array(); foreach ($res as $item) { $out1[] = $item["name"]." <".$item["email"].">"; $out2[] = $item["email"]; } echo "<br /><hr />". implode(", ", $out1)."<br /><hr /><br />". implode("<br />", $out1)."<br /><hr /><br />". implode(", ", $out2)."<br /><hr /><br />". implode("<br />", $out2)."<br /><hr />"; } break; case "get": switch ($type) { case "news": $sql = "SELECT * FROM news ORDER BY utime DESC"; break; case "attendees": $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; break; case "compos": $sql = "SELECT * FROM compos ORDER BY id DESC"; break; case "settings": $prefix = "st"; echo "<h1>Site settings</h1>\n". "<table>\n"; foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) { echo " <tr>\n". " <td>"; $id = $item["key"]; switch ($item["vtype"]) { case VT_INT: echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); break; case VT_STR: echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); break; case VT_BOOL: echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); break; } echo "</td>\n". " <td>".$item["desc"]."</td>\n". " </tr>\n"; } echo "</table>\n".saveButton(); foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) { echo "<h2>".chentities($item["desc"])."</h2>\n". stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). "\n<br />\n".saveButton(); } break; case "entries": stGetCompoList(FALSE, FALSE); foreach ($compos as $id => $compo) { echo "<form>\n". " <table class=\"misc\">\n". " <tr>\n". " <th colspan=\"3\">#".$id." - ".chentities($compo["name"])."</th>\n". " </tr>\n". " <tr>\n". " <th style=\"width:1%;\">Compo</th>\n". " <th>Title</th>\n". " <th>Author(s)</th>\n". " <th>Actions</th>\n". " </tr>\n"; $prefix = "en"; foreach ($compo["entries"] as $eid => $entry) { echo " <tr id=\"entry".$eid."\">\n". " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n". " <td>".stGetFormTextInput(35, 64, "name", $eid, "en", $entry["name"])."</td>\n". " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". " <td>". stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")"). stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")"). "</td>\n". " </tr>\n"; } echo " </table>\n". "</form>\n"; } break; case "users": $sql = "SELECT * FROM users ORDER BY id ASC"; } if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE) { if ($type == "news") { foreach ($res as $item) { $id = $item["id"]; stPrintNewsItem($item, "<br />". " <button class=\"button\" id=\"ndel".$id. "\" type=\"button\" onclick=\"deleteNews(".$id. ")\">Delete</button>\n" ); } } else if ($type == "attendees") { echo "<table class=\"attendees\">\n". " <tr>\n". " <th>Name</th>\n". " <th class=\"groups\">Group(s)</th>\n". " <th class=\"regtime\">Registered</th>\n". " <th class=\"oneliner\">Oneliner</th>\n". " <th class=\"email\">E-mail</th>\n". " <th>Actions</th>\n". " </tr>\n"; $row = 0; foreach ($res as $item) stPrintAttendee($item, $row++, TRUE); echo "</table>\n"; } else if ($type == "compos") { foreach ($res as $item) { $id = $item["id"]; $prefix = "co"; echo "<div id=\"compo".$id."\">\n". "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". "</div>\n". "<hr />\n"; } } else if ($type == "users") { echo "<table class=\"users\">\n". " <tr>\n". " <th class=\"vid\">#</th>\n". " <th class=\"vkey\">User key</th>\n". " <th class=\"vname\">Name</th>\n". " <th class=\"vactive\">Active</th>\n". " </tr>\n"; $row = 0; foreach ($res as $item) { $id = $item["id"]; $prefix = "vo"; echo " <tr>\n". " <tr class=\"".($item["active"] ? "vactive " : ""). ($row % 2 == 1 ? "rodd" : "reven")."\" id=\"user".$id."\">\n". " <td class=\"vid\">".sprintf("%04d", $id)."</td>\n". " <td class=\"vkey\">".chentities($item["key"])."</td>\n". " <td class=\"vname\">".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"], "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n". " <td class=\"vactive\">".stGetFormCheckBoxInput("active", $id, $prefix, $item["active"], "", "onClick=\"updateVoter2(".$id.")\"")."</td>\n". " </tr>\n"; $row++; } echo "</table>\n"; } } break; case "delete": if (stChkRequestItem("id")) { $id = intval(stGetRequestItem("id")); if ($type == "news") $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); else if ($type == "attendees") $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); else if ($type == "entries") $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); execSQLCond($sql, "OK, ".$type." item ".$id." deleted."); } else setStatus(901, "No ID specified."); break; case "add": if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) { $sql = stPrepareSQL( "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", time(), "title", "text", "author"); execSQLCond($sql, "OK, news item added."); } else if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description")) { $sql = stPrepareSQL( "INSERT INTO compos (name,description,visible,voting) VALUES (%S,%Q,0,0)", "name", "description"); execSQLCond($sql, "OK, compo added."); } else setStatus(902, "No data."); break; case "update": if ($type == "attendees" && stChkRequestItem("id") && stChkRequestItem("email") && stChkRequestItem("oneliner")) { $sql = stPrepareSQLUpdate("attendees", "WHERE id=".intval(stGetRequestItem("id")), array( "email" => "S", "oneliner" => "S", )); execSQLCond($sql, "OK, attendee updated."); } else if ($type == "news" && stChkRequestItem("id") && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) { $sql = stPrepareSQLUpdate("news", "WHERE id=".intval(stGetRequestItem("id")), array( "title" => "S", "text" => "Q", "author" => "S" )); execSQLCond($sql, "OK, news item updated."); } else if ($type == "compo" && stChkRequestItem("id") && stChkRequestItem("name") && stChkRequestItem("description") && stChkRequestItem("visible") && stChkRequestItem("voting")) { $sql = stPrepareSQLUpdate("compos", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "description" => "Q", "visible" => "B", "voting" => "B", )); execSQLCond($sql, "OK, compo updated."); } else if ($type == "user" && stChkRequestItem("id") && stChkRequestItem("name") && stChkRequestItem("active")) { $sql = stPrepareSQLUpdate("users", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "active" => "B", )); execSQLCond($sql, "OK, user updated."); } else if ($type == "entry" && stChkRequestItem("id") && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) { $sql = stPrepareSQLUpdate("entries", "WHERE id=".intval(stGetRequestItem("id")). array( "name" => "S", "author" => "S", "compo_id" => "D", )); execSQLCond($sql, "OK, entry updated."); } else if ($type == "settings") { foreach (stExecSQL("SELECT * FROM settings") as $item) if (stChkRequestItem($item["key"])) { $val = stGetRequestItem($item["key"]); switch ($item["vtype"]) { case VT_INT: $vsql = stPrepareSQL("vint=%d", $val); break; case VT_BOOL: $vsql = stPrepareSQL("vint=%d", $val ? 1 : 0); break; case VT_STR: $vsql = stPrepareSQL("vstr=%s", $val); break; case VT_TEXT: $vsql = stPrepareSQL("vtext=%s", $val); break; } $sql = "UPDATE settings SET ".$vsql." WHERE key=".$db->quote($item["key"]); execSQLCond($sql, "OK, setting updated."); } } else setStatus(902, "No data."); break; default: setStatus(404, "Not Found"); break; } ?>