Mercurial > hg > fapweb
view admin.php @ 286:daa9e22045ad
Simplify and remove remnants of the frontend-based input checking.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 25 Nov 2013 00:15:19 +0200 |
parents | becf97e747d2 |
children | b91e92f18cac |
line wrap: on
line source
<? // // FAPWeb Simple Demoparty System // Party administration page frontend module // (C) Copyright 2012-2013 Tecnic Software productions (TNSP) // $sessionType = "admin"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; require_once "majax.php"; $pageCSS["admin.css"] = ""; cmLocaleInit(); // Switch to https first, if needed if (!stCheckHTTPS()) { header("Location: https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]); exit; } // Start output cmPrintPageHeader("FAPWeb Administration", " <meta http-equiv=\"Pragma\" content=\"no-cache\" />", FALSE); echo "<div id=\"adminContent\">\n"; // Initiate SQL database connection if (!stConnectSQLDB()) { // Error occured, bail out early cmPrintPageFooter(); exit; } // Fetch non-"hardcoded" settings from SQL database stReloadSettings(); function stCreateSettingsData() { $args = array(); if (($res = stExecSQL("SELECT * FROM settings")) !== FALSE) { foreach ($res as $item) { switch ($item["vtype"]) { case VT_STR: case VT_TEXT: $type = 0; break; case VT_INT: $type = 4; break; case VT_BOOL: $type = 3; break; } $args[] = "\"".$item["key"]."\":".$type; } } echo "\n". "function updateSettings()\n". "{\n". " var args = makePostArgs({".implode(",", $args)."}, \"st\", \"\");\n". " sendPOSTRequest(\"action=update&type=settings&\"+args);\n". " return false;\n". "}\n"; } // Check if sessions are enabled if (!stChkSetting("admPassword")) { echo "<h1>Oh noes, admin configuration not done!</h1>\n". "<p>Better go and prod that, so you get to use the fine admin interface.</p>\n"; } else if (!stAdmSessionAuth(FALSE)) { // Perform authentication if we are not in session already echo "<h1>Party admin login</h1>\n". "<p>Please use illegal telepathy over HTTP to provide a password to enter the party administration systembolaget.</p>\n". stGetFormStart("admlogin", "admlogin.php"). stGetFormHiddenInput("mode", "check")."\n". stGetFormPasswordInput("admpass", "", "", "autofocus=\"autofocus\"")."\n". stGetFormSubmitInput("submit", "Login"). "</form>\n"; } else { ?> <script type="text/javascript"> // <? stCreateSettingsData(); stCommonAJAX("admajax.php", "admlogout.php", FALSE); ?> var activeAttendee = -1, prevAttendee = -1; var activeTmp = ""; var registeredTabs = Object(); var activeTabs = Object(); function refreshItems(id,name,extra) { var msuccess = function(txt) { var nitem = document.getElementById(id); if (nitem) nitem.innerHTML = txt; } sendPOSTRequest("action=get&type="+name+extra, msuccess); } function deleteItem(id,prefix,type,func,dsc) { var msuccess = function(txt) { var item = document.getElementById(prefix+id); item.style.display = "none"; setTimeout(func, 50); } // Clearly mark the element when asking confirmation var item = document.getElementById(prefix+id); var tmp = item.style.background; item.style.background = "red"; // Ask confirmation for deletion if (confirm("Are you sure you want to delete "+dsc+" #"+id+"?")) { // Okay, delete sendPOSTRequest("action=delete&type="+type+"&id="+id, msuccess); } // Restore background item.style.background = tmp; } function refreshDispatchCC(id) { switch (id) { case "Settings": refreshItems("tabContCCSettings", "settings", ""); break; case "News": refreshItems("tabContCCNews", "news", ""); break; case "Attendees": refreshItems("tabContCCAttendees", "attendees", ""); break; case "Voting": refreshItems("tabContCCVoting", "voters", ""); break; case "Compos": refreshItems("tabContCCCompos", "compos", ""); break; case "InfoSys": refreshItems("tabContCCInfoSys", "infosys", ""); break; case "Entries": refreshCCEntries(); break; } } function refreshCCAttendee(id) { refreshItems("attendee"+ id, "attendee", "&id="+ id); } function refreshCCEntries() { var msuccess = function(txt) { var nitem = document.getElementById("tabContCCEntries"); if (nitem) { nitem.innerHTML = "<div id=\"tabHeadersCM\" class=\"tabHeadersSub\"></div><div id=\"tabContentsCM\" class=\"tabContentsSub\"></div>"; try { var tmp = JSON.parse("{"+ txt +"}"); registeredTabs["CM"] = tmp; updateTabList("CM", ""); if (activeTabs["CM"]) switchActiveTab("CM", activeTabs["CM"]); } catch (err) { alert("JSON.parse("+ txt +") failure: "+ err); } } } sendPOSTRequest("action=get&type=compolist", msuccess); } function refreshCMEntry(id) { refreshItems("entry"+ id, "entry", "&id="+ id); } function refreshDispatchCM(id) { refreshItems("tabContCM"+ id, "entries", "&id="+ id); } function addNews() { var args = makePostArgs({"title":1,"text":1,"author":1}, "nn", ""); var msuccess = function(txt) { setTimeout("refreshDispatchCC('News');", 50); } if (args != "") sendPOSTRequest("action=add&type=news&"+args, msuccess); return false; } function deleteNews(id) { deleteItem(id, "news", "news", "refreshDispatchCC('News');", "news item"); } function updateNews(id) { var args = makePostArgs({"title":1,"text":1,"author":1}, "ne", id); var msuccess = function(txt) { refreshItems("news"+id, "newsitem", "&id="+id); } if (args != "") sendPOSTRequest("action=update&type=news&id="+id+"&"+args, msuccess); } function addAttendee() { var args = makePostArgs({"name":1,"groups":1,"oneliner":1,"email":1}, "ne", "x"); var msuccess = function(txt) { setTimeout("refreshDispatchCC('Attendees');", 50); } if (args != "") sendPOSTRequest("action=add&type=attendees&"+args, msuccess); return false; } function deleteAttendee(id) { deleteItem(id, "attendee", "attendees", "refreshDispatchCC('Attendees');", "attendee"); } function updateAttendee(id) { var args = makePostArgs({"name":1,"groups":1,"oneliner":1,"email":1}, "at", id); var msuccess = function(txt) { refreshItems("attendee"+id, "attendee", "&id="+id+"&edit=1"); } if (args != "") sendPOSTRequest("action=update&type=attendees&id="+id+"&"+args, msuccess); } function activateAttendee(id) { var msuccess1 = function(txt) { var nitem = document.getElementById("attendee"+prevAttendee); if (nitem) { nitem.innerHTML = txt; nitem.style.background = activeTmp; } } var msuccess2 = function(txt) { var nitem = document.getElementById("attendee"+id); if (nitem) { nitem.innerHTML = txt; activeTmp = nitem.style.background; nitem.style.background = "green"; activeAttendee = id; } } if (activeAttendee != id) { prevAttendee = activeAttendee; activeAttendee = id; if (prevAttendee != -1) sendPOSTRequest("action=get&type=attendee&id="+prevAttendee+"&edit=0", msuccess1); sendPOSTRequest("action=get&type=attendee&id="+id+"&edit=1", msuccess2); } } function addCompo() { var args = makePostArgs({"name":1, "description":1}, "nc", ""); var msuccess = function(txt) { setTimeout("refreshDispatchCC('Compos');", 50); } if (args != "") sendPOSTRequest("action=add&type=compo&"+args, msuccess); return false; } function updateCompo(id) { var args = makePostArgs({"name":1, "description":1, "visible":3, "voting":3, "showAuthors":3}, "co", id); var msuccess = function(txt) { refreshItems("compo"+id, "compo", "&id="+id); } if (args != "") sendPOSTRequest("action=update&type=compo&id="+id+"&"+args, msuccess); } function addEntry(id) { var args = makePostArgs({"name":1, "author":1, "filename":1, "info":1}, "ne", id); var msuccess = function(txt) { setTimeout("refreshDispatchCM("+ id +");", 50); } if (args != "") sendPOSTRequest("action=add&type=entry&compo_id="+id+"&"+args, msuccess); return false; } function updateEntry(id) { var args = makePostArgs({"name":1, "author":1, "filename":1, "info":1, "compo_id":2}, "en", id); var msuccess = function(txt) { // Full update needed, because of possibly changed compo_id setTimeout("refreshCMEntry("+ id +");", 50); } if (args != "") sendPOSTRequest("action=update&type=entry&id="+id+"&"+args, msuccess); } function deleteEntry(cid, id) { deleteItem(id, "entry", "entries", "refreshDispatchCM("+ cid +");", "entry"); } function updateTabList(tabset, extra) { var tabs = ""; var content = ""; for (var id in registeredTabs[tabset]) { var thead = registeredTabs[tabset][id]; tabs += "<a id=\"tabHead"+ tabset + id + "\"href=\"#\" onClick=\"switchActiveTab('"+tabset+"', '"+id+ "')\">"+ thead.replace(/\s/g, " ") +"</a> "; content += "<div id=\"tabCont"+ tabset + id +"\"></div>"; } var item = document.getElementById("tabHeaders"+ tabset); if (item) item.innerHTML = tabs + extra; item = document.getElementById("tabContents"+ tabset); if (item) item.innerHTML = content; } function registerTab(tabset, id, name) { if (!registeredTabs[tabset]) registeredTabs[tabset] = Object(); registeredTabs[tabset][id] = name; } function switchActiveTab(tabset, tab) { for (var id in registeredTabs[tabset]) { var tabContent = document.getElementById("tabCont"+ tabset + id); var tabHead = document.getElementById("tabHead"+ tabset + id); if (tabContent && tabHead) { tabContent.style.display = (tab == id) ? "block" : "none"; tabHead.style.borderTop = (tab == id) ? "4px solid white" : "none"; if (tab == id) { activeTabs[tabset] = id; setTimeout("refreshDispatch"+ tabset +"('"+ id +"');", 10); } } } } </script> <!-- ========================== --> <div id="nstatus">-</div> <div id="tabHeadersCC" class="tabHeaders"></div> <div id="tabContentsCC" class="tabContents"></div> <script type="text/javascript"> registerTab("CC", "Settings", "Settings"); registerTab("CC", "News", "News"); registerTab("CC", "Attendees", "Attendees"); registerTab("CC", "Voting", "Voting"); registerTab("CC", "Compos", "Compos"); registerTab("CC", "Entries", "Entries"); registerTab("CC", "InfoSys", "Infosystem"); updateTabList("CC", "<a class=\"admin\" href=\"admlogout.php\">Logout</a> " + "<a class=\"admin\" href=\"about\">Mainpage</a>"); switchActiveTab("CC", "Settings"); </script> <? } cmPrintPageFooter(); ?>