Mercurial > hg > fapweb

view admin.php @ 215:bfd480370a70

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
More work on input validation.
author Matti Hamalainen <ccr@tnsp.org>
date Sun, 17 Nov 2013 22:17:11 +0200
parents 3870601c17c3
children d313f9907610
line wrap: on
line source

<?
//
// FAPWeb Simple Demoparty System
// Party administration page frontend module
// (C) Copyright 2012-2013 Tecnic Software productions (TNSP)
//
$sessionType = "admin";
require_once "mconfig.inc.php";
require_once "msite.inc.php";
require_once "msession.inc.php";
require_once "majax.php";

$pageCSS["admin.css"] = "";

cmLocaleInit();

// Switch to https first, if needed
if (!stCheckHTTPS())
{
  header("Location: https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);
  exit;
}

// Start output
cmPrintPageHeader("FAPWeb Administration",
  " <meta http-equiv=\"Pragma\" content=\"no-cache\" />",
  FALSE);

echo "<div id=\"adminContent\">\n";

// Initiate SQL database connection
if (!stConnectSQLDB())
{
  // Error occured, bail out early
  cmPrintPageFooter();
  exit;
}

// Fetch non-"hardcoded" settings from SQL database
stReloadSettings();

function stCreateSettingsData()
{
  $args = array();

  if (($res = stExecSQL("SELECT * FROM settings")) !== FALSE)
  {
    foreach ($res as $item)
    {
      switch ($item["vtype"])
      {
        case VT_STR:
        case VT_TEXT: $type = 0; break;
        case VT_INT:  $type = 4; break;
        case VT_BOOL: $type = 3; break;
      }
      $args[] = "\"".$item["key"]."\":".$type;
    }
  }

  echo
  "\n".
  "function updateSettings()\n".
  "{\n".
  "  var args = makePostArgs({".implode(",", $args)."}, \"st\", \"\");\n".
  "  sendPOSTRequest(\"action=update&type=settings&\"+args);\n".
  "  return false;\n".
  "}\n";
}

// Check if sessions are enabled
if (!stChkSetting("admPassword"))
{
  echo
    "<h1>Oh noes, admin configuration not done!</h1>\n".
    "<p>Better go and prod that, so you get to use the fine admin interface.</p>\n";
}
else
if (!stAdmSessionAuth(FALSE))
{
  // Perform authentication if we are not in session already
  echo
    "<h1>Party admin login</h1>\n".
    "<p>Please use illegal telepathy over HTTP to provide a password to enter the party administration systembolaget.</p>\n".
    stGetFormStart("admlogin", "admlogin.php").
    stGetFormHiddenInput("mode", "check")."\n".
    stGetFormPasswordInput("admpass", "", "")."\n".
    stGetFormSubmitInput("submit", "Login").
    "</form>\n";
}
else
{
?>
<script type="text/javascript">
// <? stCreateSettingsData(); stCommonAJAX("admajax.php", "admlogout.php", FALSE); ?>


function refreshItems(id,name,msgname)
{
  var msuccess = function(txt)
  {
    var nitem = document.getElementById(id);
    if (nitem) nitem.innerHTML = txt;
  }

  sendPOSTRequest("action=get&type="+name, msuccess);
}


function deleteItem(id,prefix,type,func,dsc)
{
  var msuccess = function(txt)
  {
    var item = document.getElementById(prefix+id);
    item.style.display = "none";
    setTimeout(func, 50);
  }

  // Clearly mark the element when asking confirmation
  var item = document.getElementById(prefix+id);
  var tmp = item.style.background;
  item.style.background = "red";

  // Ask confirmation for deletion
  if (confirm("Are you sure you want to delete "+dsc+" #"+id+"?"))
  {
    // Okay, delete
    sendPOSTRequest("action=delete&type="+type+"&id="+id, msuccess);
  }

  // Restore background
  item.style.background = tmp;
}


function refreshCCSettings()
{
  refreshItems("tabContCCSettings", "settings", "General settings");
}


function refreshCCNews()
{
  refreshItems("tabContCCNews", "news", "News list");
}


function refreshCCAttendees()
{
  refreshItems("tabContCCAttendees", "attendees", "Attendees list");
}


function refreshCCAttendee(cid)
{
  var msuccess = function(txt)
  {
    var nitem = document.getElementById("attendee"+cid);
    if (nitem) nitem.innerHTML = txt;
  }

  sendPOSTRequest("action=get&type=attendee&id="+cid, msuccess);
}


function refreshCCVoters()
{
  refreshItems("tabContCCVoters", "voters", "Voters list");
}


function refreshCCCompos()
{
  refreshItems("tabContCCCompos", "compos", "Compo list");
}


function refreshCCEntries()
{
  refreshItems("tabContCCEntries", "entries", "Entry list");
}


function refreshCCInfo()
{
//  refreshItems("tabContCCInfo", "info", "Info system");
}


function addNews()
{
  var args = makePostArgs({"title":1,"text":1,"author":1}, "nn", "");

  var msuccess = function(txt)
  {
    setTimeout("refreshCCNews();", 50);
  }

  if (args != "")
    sendPOSTRequest("action=add&type=news&"+args, msuccess);

  return false;
}


function deleteNews(id)
{
  deleteItem(id, "news", "news", "refreshCCNews();", "news item");
}


function addAttendee()
{
  var args = makePostArgs({"name":1,"groups":0,"oneliner":0,"email":0}, "ne", "x");

  var msuccess = function(txt)
  {
    setTimeout("refreshCCAttendees();", 50);
  }

  if (args != "")
    sendPOSTRequest("action=add&type=attendees&"+args, msuccess);

  return false;
}


function deleteAttendee(id)
{
  deleteItem(id, "attendee", "attendees", "refreshCCAttendees();", "attendee");
}


function updateAttendee(id)
{
  var args = makePostArgs({"name":1,"groups":0,"oneliner":0,"email":0}, "at", id);

  var msuccess2 = function(txt)
  {
    var nitem = document.getElementById("attendee"+id);
    if (nitem) nitem.innerHTML = txt;
  }

  var msuccess = function(txt)
  {
    sendPOSTRequest("action=get&type=attendee&id="+id+"&edit=1", msuccess2);
  }

  if (args != "")
    sendPOSTRequest("action=update&type=attendees&id="+id+"&"+args, msuccess);
}


var activeAttendee = -1;
var activeTmp = "";

function activateAttendee(id)
{
  var msuccess1 = function(txt)
  {
    var nitem = document.getElementById("attendee"+activeAttendee);
    if (nitem)
    {
      nitem.innerHTML = txt;
      nitem.style.background = activeTmp;
    }
  }

  var msuccess2 = function(txt)
  {
    var nitem = document.getElementById("attendee"+id);
    if (nitem)
    {
      nitem.innerHTML = txt;
      activeTmp = nitem.style.background;
      nitem.style.background = "green";
      activeAttendee = id;
    }
  }

  if (activeAttendee != id)
  {
    if (activeAttendee != -1)
      sendPOSTRequest("action=get&type=attendee&id="+activeAttendee+"&edit=0", msuccess1);

    sendPOSTRequest("action=get&type=attendee&id="+id+"&edit=1", msuccess2);
  }
}


function addCompo()
{
  var args = makePostArgs({"name":1, "description":1}, "nc", "");

  var msuccess = function(txt)
  {
    setTimeout("refreshCCCompos();", 50);
  }

  if (args != "")
    sendPOSTRequest("action=add&type=compo&"+args, msuccess);
  return false;
}


function updateCompo(id)
{
  var args = makePostArgs({"name":1, "description":1, "visible":3, "voting":3, "showAuthors":3}, "co", id);

  if (args != "")
    sendPOSTRequest("action=update&type=compo&id="+id+"&"+args);
}


function addEntry(id)
{
  var args = makePostArgs({"name":1, "author":1, "filename":0, "info":0}, "ne", id);

  var msuccess = function(txt)
  {
    setTimeout("refreshCCEntries();", 50);
  }

  if (args != "")
    sendPOSTRequest("action=add&type=entry&compo_id="+id+"&"+args, msuccess);
  return false;
}


function updateEntry(id)
{
  var args = makePostArgs({"name":1, "author":1, "filename":0, "info":0, "compo_id":2}, "en", id);

  var msuccess = function(txt)
  {
    setTimeout("refreshCCEntries();", 50);
  }

  if (args != "")
    sendPOSTRequest("action=update&type=entry&id="+id+"&"+args, msuccess);
}


function deleteEntry(id)
{
  deleteItem(id, "entry", "entries", "refreshCCEntries();", "entry");
}


var registeredTabs = Object();


function updateTabList(tabset, extra)
{
  var tabs = "";
  var content = "";

  for (var id in registeredTabs[tabset])
  {
    tabs += "<a id=\"tabHead"+ tabset + id +
      "\"href=\"#\" onClick=\"switchActiveTab('"+tabset+"', '"+id+
      "')\">"+ registeredTabs[tabset][id] +"</a>";
    
    content += "<div id=\"tabCont"+ tabset + id +"\"></div>";
  }

  var item = document.getElementById("tabHeaders"+ tabset);
  if (item) item.innerHTML = tabs + extra;

  item = document.getElementById("tabContents"+ tabset);
  if (item) item.innerHTML = content;
}


function registerTab(tabset, id, name)
{
  if (!registeredTabs[tabset])
    registeredTabs[tabset] = Object();

  registeredTabs[tabset][id] = name;
}


function switchActiveTab(tabset, tab)
{
  for (var id in registeredTabs[tabset])
  {
    var tabContent = document.getElementById("tabCont"+ tabset + id);
    var tabHead = document.getElementById("tabHead"+ tabset + id);
    if (tabContent && tabHead)
    {
      tabContent.style.display = (tab == id) ? "block" : "none";
      tabHead.style.borderTop = (tab == id) ? "4px solid white" : "none";
      if (tab == id)
      {
        setTimeout("refresh"+ tabset + id +"();", 10);
      }
    }
  }
}
</script>

<!-- ========================== -->

<div id="nstatus">-</div>
<div id="tabHeadersCC" class="tabHeaders"></div>
<div id="tabContentsCC" class="tabContents"></div>

<script type="text/javascript">
  registerTab("CC", "Settings", "Settings");
  registerTab("CC", "News", "News");
  registerTab("CC", "Attendees", "Attendees");
  registerTab("CC", "Voters", "Voters");
  registerTab("CC", "Compos", "Compos");
  registerTab("CC", "Entries", "Entries");
  registerTab("CC", "Info", "Party Info");
  updateTabList("CC",
    "<a class=\"admin\" href=\"admlogout.php\">Logout</a>" +
    "<a class=\"admin\" href=\"about\">Mainpage</a>");
  switchActiveTab("CC", "Settings");
</script>
<?
}

cmPrintPageFooter();

?>