Mercurial > hg > fapweb
view admajax.php @ 465:dcf645be0f22
Limit length of things.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 06 Dec 2013 19:04:19 +0200 |
parents | a678e904633f |
children | fd192840dbea |
line wrap: on
line source
<? // // FAPWeb Simple Demoparty System // Party administration page AJAX backend module // (C) Copyright 2012-2013 Tecnic Software productions (TNSP) // $sessionType = "admin"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; function stValidateRequestCompoData($full) { if (!stChkRequestItem("name", $fake, array(CHK_ISGT, VT_STR, 0, "Compo name too short"), array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_NAME, "Compo name too long.")) || !stChkRequestItem("description", $fake, array(CHK_ISGT, VT_STR, 10, "Compo description too short"), array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_DESC, "Compo description too long."))) return FALSE; if (!$full) return TRUE; return stChkRequestItem("visible", $fake, array(CHK_TYPE, VT_BOOL, "Invalid data.") ) && stChkRequestItem("voting", $fake, array(CHK_TYPE, VT_BOOL, "Invalid data.") ) && stChkRequestItem("showAuthors", $fake, array(CHK_TYPE, VT_BOOL, "Invalid data.") ); } function stValidateRequestEntryData(&$compo_id) { return stChkRequestItem("name", $fake, array(CHK_ISGT, VT_STR, 0, "Entry name too short."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_NAME, "Entry name too long.") ) && stChkRequestItem("author", $fake, array(CHK_ISGT, VT_STR, 0, "Author name not set."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_AUTHOR, "Entry author too long.") ) && stChkRequestItem("filename", $fake, array(CHK_TYPE, VT_TEXT, "Invalid data."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_FILENAME, "Entry filename too long.") ) && stChkRequestItem("info", $fake, array(CHK_TYPE, VT_TEXT, "Invalid data."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_INFO, "Entry info too long.") ) && stChkRequestItem("compo_id", $compo_id, array(CHK_TYPE, VT_INT, "Invalid compo ID.") ); } function stValidateRequestNewsData() { return stChkRequestItem("text", $fake, array(CHK_ISGT, VT_STR, 0, "News text too short."), array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_TEXT, "News text too long.") ) && stChkRequestItem("author", $fake, array(CHK_ISGT, VT_STR, 0, "News author name too short."), array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_AUTHOR, "News author name too long.") ) && stChkRequestItem("title", $fake, array(CHK_ISGT, VT_STR, 0, "News title too short."), array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_TITLE, "News title too long.") ); } function stGetCompoData($id, $item, $prefix) { return " <h2>#".$id." - ".chentities($item["name"])."</h2>\n". " ".stGetFormTextInput(40, SET_LEN_COMPO_NAME, "name", $id, $prefix, $item["name"])."\n". " ".stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". " ".stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n". " ".stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". " ".stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". " ".stGetFormButtonInput("update", $id, $prefix, "Update", "updateCompo(".$id.")")."\n"; } function stGetNewsItemData($id, $item, $prefix) { return " <h2>".chentities($item["title"])."</h2>\n". " ".stGetFormTextInput(40, SET_LEN_NEWS_TITLE, "title", $id, $prefix, $item["title"]). " - posted ".date("d M Y / H:i", $item["utime"])."<br />\n". " ".stGetFormTextArea(5, 60, "text", $id, $prefix, $item["text"])."<br />\n". " ".stGetFormTextInput(20, SET_LEN_NEWS_AUTHOR, "author", $id, $prefix, $item["author"])."\n". " ".stGetFormButtonInput("", "upd".$id, $prefix, "Update", "updateNews(".$id.")")."\n". " ".stGetFormButtonInput("", "del".$id, $prefix, "Delete", "deleteNews(".$id.")")."\n"; } function stGetEntryItemData($eid, $item, $prefix) { return " <td>".($item["show_id"] > 0 ? $item["show_id"] : "-")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $eid, $prefix, $item["name"])."</td>\n". " <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $eid, $prefix, $item["author"])."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $eid, $prefix, $item["filename"])."</td>\n". " <td>".stGetFormTextArea(2, 30, "info", $eid, $prefix, $item["info"])."</td>\n". " <td>". stGetFormButtonInput("delete", $eid, $prefix, "Del", "deleteEntry(".$item["compo_id"].",".$eid.")"). stGetFormTextInput(3, 3, "compo_id", $eid, $prefix, $item["compo_id"]). stGetFormButtonInput("update", $eid, $prefix, "Upd", "updateEntry(".$item["compo_id"].",".$eid.")"). "</td>\n"; } function stGetVoteKeyClass($item) { global $voteKeyMode; switch ($voteKeyMode) { case VOTE_FREELY: $cond = 0; break; case VOTE_ACTIVATE: $cond = $item["active"]; break; case VOTE_ASSIGN: $cond = $item["key_id"] > 0; break; } return "votekey ".($cond ? "vkeyActive" : "vkeyInactive"); } function stGetVoteKeyItemData($id, $item, $prefix) { global $voteKeyMode, $voteKeyLen; switch ($voteKeyMode) { case VOTE_FREELY: case VOTE_ACTIVATE: $str = sprintf( "<span class=\"keyid\">%03d</span> : ". "<span class=\"keycode\">%s</span>", $id, str_repeat(" ", $voteKeyLen - strlen($item["key"])).$item["key"]); if ($voteKeyMode == VOTE_ACTIVATE) { $str .= stGetFormCheckBoxInput("active", $id, $prefix, $item["active"], FALSE, "class=\"keyactive\" onClick=\"voteKeySetActive(".$id.")\"", ""); } return $str; case VOTE_ASSIGN: $str = " <td class=\"name\">".chentities($item["name"])."</td>\n". " <td class=\"groups\">".chentities($item["groups"])."</td>\n". " <td class=\"vkeynum\">". stGetFormTextInput(5, 5, "key_id", $id, $prefix, $item["key_id"]). stGetFormButtonInput("assign", $id, $prefix, "Set", "voteKeyAssign(".$id.",1)"); if ($item["key_id"] != 0) $str .= stGetFormButtonInput("clear", $id, $prefix, "Clear", "voteKeyAssign(".$id.",0)"); $str .= "</td>\n". " <td class=\"vkey\">"; if ($item["key_id"] > 0) $str .= sprintf("<span class=\"keyid\">%03d</span>". " : <span class=\"keycode\">%s</span>", $item["key_id"], chentities($item["key"])); $str .= "</td>\n"; return $str; } } function stGetInfoOneEntryData($show_id, $compo_id) { if ($show_id > 0) { $sql = stPrepareSQL("SELECT * FROM entries WHERE show_id=%d AND compo_id=%d", $show_id, $compo_id); if (($entry = stFetchSQL($sql)) !== false) return "#".$entry["show_id"]." - ".chentities($entry["name"])." by ".chentities($entry["author"]); } return "-"; } function stGetInfoCurrEntryData($indent) { $compoID = stGetDisplayVar("compoID"); if ($compoID > 0) { $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $compoID); if (($entry = stFetchSQL($sql)) !== false) $strCompo = $entry["id"]." - ".chentities($entry["name"]); $strCurrEntry = stGetInfoOneEntryData(stGetDisplayVar("compoCurrEntry"), $compoID); $strPrevEntry = stGetInfoOneEntryData(stGetDisplayVar("compoPrevEntry"), $compoID); } else $strCompo = $strCurrEntry = $strPrevEntry = "-"; return $indent."<div>Current compo:<br /><b>".$strCompo."</b></div>\n". $indent."<div>Current entry:<br /><b>".$strCurrEntry."</b></div>\n". $indent."<div>Previous entry:<br /><b>".$strPrevEntry."</b></div>\n"; } function stGetInfoCurrEntryList($indent, $outer) { $sql = stPrepareSQL( "SELECT * FROM entries WHERE compo_id=%d ORDER BY show_id ASC", stGetDisplayVar("compoID")); $currShowID = stGetDisplayVar("compoCurrEntry"); if ($currShowID <= 0) $currShowID = -1; $str = stGetOptionListStart("ctrlEntryList", $indent, $outer); if (($res = stExecSQL($sql)) !== false) { foreach ($res as $item) { $str .= $indent." ". stGetOptionListItem($item["show_id"], ($item["show_id"] == $currShowID), sprintf("%3d. %s by %s", $item["show_id"], $item["name"], $item["author"])); } } $str .= stGetOptionListEnd($indent, $outer); return $str; } function stGetInfoRotationLists($indent, $outer) { $sql = "SELECT rotationListData.*, ". "(SELECT COUNT(*) FROM rotationListSlides WHERE list_id=rotationListData.id) AS nslides ". "FROM rotationListData ". "ORDER BY id DESC"; $str = stGetOptionListStart("ctrlRotationLists", $indent, $outer); $currListID = stGetDisplayVar("rotateList"); if (($res = stExecSQL($sql)) !== false) { foreach ($res as $item) { $str .= $indent." ". stGetOptionListItem($item["id"], ($currListID == $item["id"]), $item["name"]." (".$item["nslides"]." slides)"); } } $str .= stGetOptionListEnd($indent, $outer); return $str; } function stGetInfoDisplaySlides($indent, $outer) { $str = stGetOptionListStart("ctrlDisplaySlides", $indent, $outer); $sql = "SELECT * FROM displaySlides ORDER BY id DESC"; if (($res = stExecSQL($sql)) !== false) { foreach ($res as $item) $str .= $indent." ".stGetOptionListItem($item["id"], FALSE, $item["title"]); } $str .= stGetOptionListEnd($indent, $outer); return $str; } function stGetInfoRotationListEditFull($indent, $outer, $list_id) { $sql = stPrepareSQL("SELECT * FROM rotationListData WHERE id=%d", $list_id); if (($data = stFetchSQL($sql)) === false) return ""; $str = ($outer ? $indent."<div class=\"ctrlBox\" id=\"ctrlRotationListEdit\">\n" : ""). $indent." <div class=\"ctrlTitle\">Edit rotation list</div>\n". $indent." ".stGetFormTextInput(30, SET_LEN_ROT_LIST_NAME, "", "ctrlEDRotationListName", "", $data["name"])."\n". $indent." ".stGetFormButtonInput("updname", "", "", "Save", "updateRotationList(".$list_id.")")."\n". "<div>Available slides:</div>\n". stGetOptionListStart("ctrlEDDisplaySlides", $indent." ", TRUE); $sql = "SELECT * FROM displaySlides"; if (($res = stExecSQL($sql)) !== false) { foreach ($res as $item) $str .= $indent." ".stGetOptionListItem($item["id"], FALSE, $item["title"]); } $str .= stGetOptionListEnd($indent." ", TRUE). "<div>List content:</div>\n". stGetInfoRotationListEditData($indent." ", TRUE, $list_id). $indent." <div class=\"ctrlButtons\">\n". // $indent." ".stGetFormButtonInput("moveslideup", "", "", "Move Up", "moveRotationListSlide(".$list_id.", -1)")."\n". // $indent." ".stGetFormButtonInput("moveslidedn", "", "", "Move Down", "moveRotationListSlide(".$list_id.", 1)")."\n". $indent." ".stGetFormButtonInput("addslide", "", "", "Add slide", "addRotationListSlide(".$list_id.")")."\n". $indent." ".stGetFormButtonInput("delslide", "", "", "Remove slide", "removeRotationListSlide(".$list_id.")")."\n". $indent." ".stGetFormButtonInput("closeedit", "", "", "Close", "jsCloseAdminPopup()")."\n". $indent." </div>\n". ($outer ? $indent."</div>\n" : ""); return $str; } function stGetInfoRotationListEditData($indent, $outer, $list_id) { $sql = stPrepareSQL( "SELECT displaySlides.*,rotationListSlides.order_num FROM displaySlides ". "LEFT JOIN rotationListSlides ON displaySlides.id=rotationListSlides.slide_id ". "WHERE rotationListSlides.list_id=%d ". "ORDER BY rotationListSlides.order_num DESC", $list_id); $str = stGetOptionListStart("ctrlEDRotationList", $indent, $outer); if (($res = stExecSQL($sql)) !== false) { foreach ($res as $item) { $str .= $indent." ". stGetOptionListItem($item["id"]."_".$item["order_num"], FALSE, $item["title"]); } } $str .= stGetOptionListEnd($indent, $outer); return $str; } function stGetInfoActiveRotationList($indent, $outer) { $sql = stPrepareSQL("SELECT * FROM rotationListData WHERE id=%d", stGetDisplayVar("rotateList")); $str = $indent.($outer ? "<div id=\"ctrlActiveRotationList\">" : ""). "<b>Active list:</b> "; if (($slist = stFetchSQL($sql)) === false) $str .= "-"; else $str .= chentities(substr($slist["name"], 0, 30)); return $str.($outer ? "</div>\n" : ""); } function stGetInfoDisplaySlideEdit($indent, $outer, $slide_id) { $prefix = "ctrlDisplaySlide"; $str = ($outer ? "<div class=\"ctrlBox\" id=\"".$prefix."Edit\">\n" : ""). $indent." <form method=\"post\" action=\"\" onsubmit=\"return updateDisplaySlide(".$slide_id.")\">\n". $indent." <div class=\"ctrlTitle\">Edit display slide</div>\n"; $sql = stPrepareSQL("SELECT * FROM displaySlides WHERE id=%d", $slide_id); if (($slide = stFetchSQL($sql)) !== false) { $str .= " ".stGetFormTextInput(40, SET_LEN_DISP_SLIDE_TITLE, "", "Title", $prefix, $slide["title"])."<br />\n". " ".stGetFormTextArea(5, 40, "", "Text", $prefix, $slide["text"])."<br />\n"; } $str .= " <div class=\"ctrlButtons\">\n". " ".stGetFormSubmitInput("createslide", "Save slide")."\n". " ".stGetFormButtonInput("cancelslide", "", "", "Close / Cancel", "jsCloseAdminPopup()")."\n". " </div>\n". " </form>\n". ($outer ? "</div>\n" : ""); return $str; } function stGetSaveButton() { return "<input type=\"submit\" value=\" Save \" />\n"; } function stGetShowModeButton($mode, $name, $cmode) { return "<input type=\"radio\" id=\"showMode".$mode. "\" name=\"showMode\" value=\"".$mode."\" ". "onClick=\"setShowMode(".$mode.")\" ". ($cmode == $mode ? "checked=\"checked\" ": "")."/>". "<label for=\"showMode".$mode."\">".chentities($name)."</label>"; } function stRandomizeCompoShowOrder($compo_id, $patch) { $entries = stExecSQL("SELECT id,show_id FROM entries WHERE compo_id=".$compo_id); if ($entries !== FALSE) { $ncount = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$compo_id." AND show_id<>0"); $final = array(); if ($patch && $ncount > 0) { $index = -1; foreach ($entries as $entry) { if ($entry["show_id"] == 0) $final[] = $entry["id"]; if ($entry["show_id"] > $index) $index = $entry["show_id"]; } $index++; } else { foreach ($entries as $entry) $final[] = $entry["id"]; shuffle($final); $index = 1; } foreach ($final as $entry) { $sql = stPrepareSQL("UPDATE entries SET show_id=%d WHERE id=%d", $index, $entry); if (stExecSQL($sql) === false) { stError("Error updating entry show positions."); break; } $index++; } } } // // Check if we are allowed to execute // if (!stCheckHTTPS() || !stAdmSessionAuth() || !stCSRFCheck()) { stSetupCacheControl(); stSessionEnd(SESS_ADMIN); header("Location: ".stGetSetting("defaultPage")); exit; } // // Initialize // stSetupCacheControl(); if (!stConnectSQLDB()) die("Could not connect to SQL database."); stReloadSettings(); stReloadDisplayVars(); $voteKeyMode = stGetSetting("voteKeyMode"); $voteKeyLen = stGetSetting("userKeyLength"); $type = stGetRequestItem("type", ""); switch (stGetRequestItem("action", "")) { case "randomize": // // Randomize entries display order // $patch = intval(stGetRequestItem("patch", 1)); if ($type == "all") { if (($compos = stExecSQL("SELECT id FROM compos")) === FALSE) stError("Eh? SQL error occured."); else foreach ($compos as $compo) stRandomizeCompoShowOrder($compo["id"], $patch); } else if ($type == "compo") { if (stChkRequestItem("id", $compo_id, array(CHK_TYPE, VT_INT, "Invalid data."))) stRandomizeCompoShowOrder($compo_id, $patch); } break; case "check": // // Perform systems check // $errors = 0; echo "<h1>Competitions / voting</h1>\n". "<ul>\n"; echo "<li>".(stGetSetting("allowVoting") ? "Voting <b>IS ENABLED</b>." : "Voting is NOT enabled!")."</li>\n"; if (($compos = stExecSQL("SELECT * FROM compos")) === FALSE) stError("Eh? SQL error occured."); else { foreach ($compos as $compo) { $nentries = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE show_id=0 AND compo_id=".$compo["id"]); if ($nentries > 0) { echo "<li>Compo <b>#".$compo["id"]." - ".$compo["name"]."</b> has NO show order set for some entries.</li>\n"; $errors++; } } } $nenabled = stFetchSQLColumn("SELECT COUNT(*) FROM compos WHERE visible<>0 AND voting<>0"); if ($nenabled == 0) echo "<li>No competitions that are visible and enabled for voting.</li>\n"; $nenabled = stFetchSQLColumn("SELECT COUNT(*) FROM compos WHERE visible=0 AND voting<>0"); if ($nenabled > 0) echo "<li>".$nenabled." competitions that are NOT visible, but are enabled for voting?</li>\n"; $entries = stFetchSQL("SELECT COUNT(*) AS nentries, COUNT(DISTINCT compo_id) AS ncompos FROM entries"); if ($entries !== FALSE) echo "<li><b>".$entries["nentries"]."</b> compo entries in system in <b>".$entries["ncompos"]."</b> compos.</li>\n"; if ($errors == 0) echo "<li>No errors/warnings detected.</li>\n"; echo "</ul>\n"; break; case "ctrl": // // Party information system control // switch ($type) { case "setRotateDuration": if (stChkRequestItem("duration", $duration, array(CHK_TYPE, VT_INT, "Invalid data."), array(CHK_RANGE, VT_INT, array(5, 60), "Invalid slide time value, must be 5 - 60 seconds."))) { stSetDisplayVarUpd("rotateDuration", $duration); } break; case "setActiveRotationList": if (stChkRequestItem("id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { stSetDisplayVarUpd("rotateList", $list_id); } break; case "setShowMode": if (stChkRequestItem("mode", $mode, array(CHK_TYPE, VT_INT, "Invalid data."), array(CHK_RANGE, VT_INT, array(SMODE_DISABLED, SMODE_COMPO), "Invalid mode value."))) { stSetDisplayVarUpd("showMode", $mode); } break; case "setCompoID": if (stChkRequestItem("id", $compo_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { if (stFetchSQL("SELECT id FROM compos WHERE id=".$compo_id) === false) stError("Invalid compo ID ".$compo_id); else if (stSetDisplayVarUpd("compoID", $compo_id)) { stSetDisplayVar("compoCurrEntry", 0); stSetDisplayVar("compoPrevEntry", 0); } } break; case "setEntry": case "nextEntry": case "prevEntry": if (($compo_id = stGetDisplayVar("compoID")) > 0) { $prev = $curr = stGetDisplayVar("compoCurrEntry"); $nentries = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$compo_id); switch ($type) { case "setEntry": if (stChkRequestItem("index", $tmp, array(CHK_TYPE, VT_INT, "Invalid index."))) $curr = $tmp; break; case "nextEntry": if ($curr < $nentries) $curr++; break; case "prevEntry": if ($curr > 1) $curr--; break; } if (!$errorSet) { stSetDisplayVar("compoCurrEntry", $curr); stSetDisplayVar("compoPrevEntry", $prev); stDisplayUpdated(); } } else stError("No valid competition set."); break; case "setTempSlide": if (stChkRequestItem("id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("duration", $slide_dur, array(CHK_RANGE, VT_INT, array(1, 60), "Invalid duration range, should be 1-60 min."))) { $sql = stPrepareSQL("SELECT * FROM displaySlides WHERE id=%d", $slide_id); if (($slide = stFetchSQL($sql)) !== false) { stSetDisplayVar("tempDuration", $slide_dur); stSetDisplayVar("tempSlide", $slide["id"]); stSetDisplayVar("tempSlideSet", TRUE); echo "Temporary slide '".chentities($slide["title"])."' set for <b>".$slide_dur."</b> minutes."; stDisplayUpdated(); } else stError("No such slide ID #".$slide_id); } break; case "copyDisplaySlide": if (stChkRequestItem("id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { $sql = stPrepareSQL("SELECT * FROM displaySlides WHERE id=%d", $slide_id); if (($slide = stFetchSQL($sql)) !== false) { $sql = stPrepareSQL("INSERT INTO displaySlides (title,text) VALUES (%s,%s)", $slide["title"]." (copy)", $slide["text"]); if (stExecSQLCond($sql, "Display slide copied.") !== false) { $new_id = $db->lastInsertId(); echo stGetInfoDisplaySlideEdit("", TRUE, $new_id); } } else stError("No such slide ID #".$slide_id); } break; case "newDisplaySlide": $sql = stPrepareSQL("INSERT INTO displaySlides (title) VALUES (%s)", "New slide"); if (stExecSQLCond($sql, "Display slide created.") !== false) { $slide_id = $db->lastInsertId(); echo stGetInfoDisplaySlideEdit("", TRUE, $slide_id); } break; case "updateDisplaySlide": if (stChkRequestItem("id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("title", $fake, array(CHK_GTEQ, VT_STR, 1, "Slide title too short."), array(CHK_LTEQ, VT_STR, SET_LEN_DISP_SLIDE_TITLE, "Slide title too long.") ) && stChkRequestItem("text", $fake, array(CHK_LTEQ, VT_STR, SET_LEN_DISP_SLIDE_TEXT, "Slide content too long.") )) { $sql = stPrepareSQLUpdate("displaySlides", "WHERE id=".$slide_id, array( "title" => "S", "text" => "S", )); stExecSQLCond($sql, "OK, slide updated."); stDisplayUpdated(); } break; case "deleteDisplaySlide": if (stChkRequestItem("id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { $sql = stPrepareSQL("DELETE FROM displaySlides WHERE id=%d", $slide_id); stExecSQLCond($sql, "Slide deleted."); $sql = stPrepareSQL("DELETE FROM rotationListSlides WHERE slide_id=%d", $slide_id); stExecSQLCond($sql, "Slide list refs deleted."); stDisplayUpdated(); } break; case "newRotationList": $sql = stPrepareSQL("INSERT INTO rotationListData (name) VALUES (%s)", "New list #"); if (stExecSQLCond($sql, "Rotation list created.") !== false) { $list_id = $db->lastInsertId(); $sql = stPrepareSQL("UPDATE rotationListData SET name=%s WHERE id=%d", "New list #".$list_id, $list_id); if (stExecSQLCond($sql, "OK!") !== false) echo stGetInfoRotationListEditFull("", TRUE, $list_id); } break; case "updateRotationList": if (stChkRequestItem("id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("name", $fake, array(CHK_GTEQ, VT_STR, 3, "Rotation list name too short."), array(CHK_LTEQ, VT_STR, SET_LEN_ROT_LIST_NAME, "Rotation list name too long."))) { $sql = stPrepareSQLUpdate("rotationListData", "WHERE id=".$list_id, array( "name" => "S", )); stExecSQLCond($sql, "OK, list updated."); stDisplayUpdated(); } stDisplayUpdated(); break; case "deleteRotationList": if (stChkRequestItem("id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { $sql = stPrepareSQL("DELETE FROM rotationListData WHERE id=%d", $list_id); stExecSQLCond($sql, "List data deleted."); $sql = stPrepareSQL("DELETE FROM rotationListSlides WHERE list_id=%d", $list_id); stExecSQLCond($sql, "List slide refs deleted."); stDisplayUpdated(); } break; case "moveRotationListSlide": if (stChkRequestItem("list_id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("slide_id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("order_num", $order_num, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("dir", $dir, array(CHK_TYPE, VT_INT, "Invalid data."))) { } break; case "addRotationListSlide": if (stChkRequestItem("list_id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("slide_id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { $nslides = stFetchSQLColumn(stPrepareSQL("SELECT COUNT(*) FROM rotationListSlides WHERE list_id=%d", $list_id)); $sql = stPrepareSQL( "INSERT INTO rotationListSlides (list_id,slide_id,order_num) VALUES (%d,%d,%d)", $list_id, $slide_id, $nslides+1); if (stExecSQLCond($sql, "Slide added to list.")) { stNormalizeListSlideOrder($list_id); stDisplayUpdated(); } } break; case "removeRotationListSlide": if (stChkRequestItem("list_id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("slide_id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("order_num", $order_num, array(CHK_TYPE, VT_INT, "Invalid data."))) { $sql = stPrepareSQL("DELETE FROM rotationListSlides WHERE list_id=%d AND slide_id=%d AND order_num=%d", $list_id, $slide_id, $order_num); if (stExecSQLCond($sql, "List slide refs deleted.")) { stNormalizeListSlideOrder($list_id); stDisplayUpdated(); } } break; } break; case "get": // // Get specific data // switch ($type) { case "infoCurrEntryData": echo stGetInfoCurrEntryData("", FALSE); break; case "infoCurrEntryList": echo stGetInfoCurrEntryList("", FALSE); break; case "infoRotationLists": echo stGetInfoRotationLists("", FALSE); break; case "infoDisplaySlides": echo stGetInfoDisplaySlides("", FALSE); break; case "infoRotationListEdit": if (stChkRequestItem("id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data."))) echo stGetInfoRotationListEditFull("", stGetRequestItem("full", TRUE), $list_id); break; case "infoRotationListEditData": if (stChkRequestItem("id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data."))) echo stGetInfoRotationListEditData("", FALSE, $list_id); break; case "infoDisplaySlideEdit": if (stChkRequestItem("id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data."))) echo stGetInfoDisplaySlideEdit("", FALSE, $slide_id); break; case "infoActiveRotationList": echo stGetInfoActiveRotationList("", FALSE); break; case "infoMain": // // Main information control screen // $showMode = stGetDisplayVar("showMode"); echo "<div id=\"ctrlModeControls\">\n". "Active mode:\n". stGetShowModeButton(SMODE_DISABLED, "Off/disabled", $showMode)."\n". stGetShowModeButton(SMODE_ROTATE, "Slide rotation", $showMode)."\n". stGetShowModeButton(SMODE_COMPO, "Compo mode", $showMode)."\n". "<a href=\"show.php\" target=\"_blank\">Open info window</a>\n". "</div>\n". "<div id=\"ctrlSystemControls\">\n". stGetFormButtonInput("syscheck", "", "", "Perform system check", "performSystemCheck()")."\n". stGetFormButtonInput("generate", "", "", "Add missing show positions", "generateEntryPositions(0, 1)")."\n". stGetFormButtonInput("regenerate", "", "", "ReGenerate ALL show positions", "generateEntryPositions(0, 0)")."\n". "</div>\n"; echo "<div class=\"ctrlBox\" id=\"ctrlListRotationLists\">\n". " <div class=\"ctrlTitle\">Rotation lists:</div>\n". " <div class=\"ctrlInfo\">Lists of slides, that are shown for X seconds and 'rotated' to next one.</div>\n". stGetInfoRotationLists(" ", TRUE). " <div class=\"ctrlButtons\">\n". " ".stGetFormButtonInput("setdur", "", "", "Set", "setRotateDuration()")."\n". " ".stGetFormTextInput(3, 5, "", "ctrlRotSlideDuration", "", stGetDisplayVar("rotateDuration"))." sec\n". " - ". " ".stGetFormButtonInput("actlist", "", "", "Set Active", "setActiveRotationList()")."\n". " ".stGetFormButtonInput("editlist", "", "", "Edit", "editRotationList()")."\n". " ".stGetFormButtonInput("newlist", "", "", "New", "newRotationList()")."\n". " ".stGetFormButtonInput("dellist", "", "", "Delete", "deleteRotationList()")."\n". " </div>\n". stGetInfoActiveRotationList(" ", TRUE). "</div>\n"; echo "<div class=\"ctrlBox\" id=\"ctrlListDisplaySlides\">\n". "<div class=\"ctrlTitle\">Display slides:</div>\n". " <div class=\"ctrlInfo\">Editable slides (think 'powerpoint') for information/announcements. ". "Can be collected into slide rotations or set to display as 'temp slide' at any given time.</div>\n". stGetInfoDisplaySlides(" ", TRUE). " <div class=\"ctrlButtons\">\n". " ".stGetFormButtonInput("editslide", "", "", "Edit", "editDisplaySlide()")."\n". " ".stGetFormButtonInput("copyslide", "", "", "Copy", "copyDisplaySlide()")."\n". " ".stGetFormButtonInput("newslide", "", "", "New", "newDisplaySlide()")."\n". " ".stGetFormButtonInput("delslide", "", "", "Delete", "deleteDisplaySlide()")."\n". " </div>\n". " <div class=\"ctrlButtons\">\n". " ".stGetFormTextInput(3, 5, "", "ctrlTempSlideDuration", "", stGetDisplayVar("tempDuration"))." min\n". " ".stGetFormButtonInput("setslide", "", "", "Set Temp", "activateTempSlide()")."\n". " </div>\n". "</div>\n". "<div class=\"ctrlBox\" id=\"ctrlCompoControl\">\n". " <div class=\"ctrlTitle\">Competition control:</div>\n". " <div class=\"ctrlInfo\">Controls for competition showing mode. Select and activate desired compo, then ". "hit 'Next entry' to activate the first entry to show. <b>Notice! You need to have generated 'show positions' ". "before starting compos!</b></div>\n". " <div class=\"ctrlDBox1\">\n". stGetOptionListStart("ctrlCompoList", " ", TRUE); $sql = "SELECT compos.*, ". "(SELECT COUNT(*) FROM entries WHERE compo_id=compos.id) AS nentries ". "FROM compos WHERE nentries > 0 ". "ORDER BY id DESC"; $currCompoID = stGetDisplayVar("compoID"); if (($res = stExecSQL($sql)) !== false) { foreach ($res as $item) { echo " ".stGetOptionListItem($item["id"], ($item["id"] == $currCompoID), sprintf("%-30s (%d entries)", $item["name"], $item["nentries"])); } } echo stGetOptionListEnd(" ", TRUE). " <div class=\"ctrlButtons\">\n". " ".stGetFormButtonInput("setcompo", "", "", "Change compo", "activateCompo()")."\n". " </div>\n". " </div>\n". " <div class=\"ctrlDBox1\">\n". stGetInfoCurrEntryList(" ", TRUE). " <div class=\"ctrlButtons\">\n". " ".stGetFormButtonInput("setentry", "", "", "Set selected entry", "setSelectedEntry()")."\n". " ".stGetFormButtonInput("preventry", "", "", "Prev entry", "switchEntry(-1)")."\n". " ".stGetFormButtonInput("nextentry", "", "", "Next entry", "switchEntry(1)")."\n". " </div>\n". " </div>\n". " <div class=\"ctrlDBox2\" id=\"ctrlCurrEntryData\">\n". stGetInfoCurrEntryData(" "). " </div>\n". "</div>\n"; stGetInfoRotationListEditFull("", TRUE, 0); break; case "news": echo "<form method=\"post\" action=\"\" onsubmit=\"return addNews()\">\n". " ".stGetFormTextInput(40, SET_LEN_NEWS_TITLE, "", "nntitle", "", "")."<br />\n". " ".stGetFormTextArea(5, 60, "", "nntext", "", "")."<br />\n". " ".stGetFormTextInput(20, SET_LEN_NEWS_AUTHOR, "", "nnauthor", "", "orgaz")."\n". " ".stGetFormSubmitInput("nnadd", "Add post")."\n". " ".stGetFormButtonInput("", "", "", "Clear", "this.form.reset()")."\n". "</form>\n". "<hr />\n"; $sql = "SELECT * FROM news ORDER BY utime DESC"; foreach (stExecSQL($sql) as $item) { echo "<div id=\"news".$item["id"]."\">\n". stGetNewsItemData($item["id"], $item, "ne"). "</div>\n". "<hr />\n"; } break; case "newsitem": $res = stFetchSQL(stPrepareSQL("SELECT * FROM news WHERE id=%D", "id")); if ($res !== FALSE) echo stGetNewsItemData($res["id"], $res, "ne"); break; case "attendees": echo "<div class=\"tabHeadersSub\">\n". "<a href=\"print.php?type=emails\" target=\"_blank\">Show plain list of e-mails</a>\n". "</div>\n"; // For adding a new one $prefix = "ne"; echo "<table>\n". " <tr>\n". " <th>Name</th>\n". " <th>Groups</th>\n". " <th>Oneliner</th>\n". " <th>E-mail</th>\n". " <th>Actions</th>\n". " </tr>\n". " <tr>\n". " <td>".stGetFormTextInput(20, SET_LEN_USERNAME, "name", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_GROUPS, "groups", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(30, SET_LEN_ONELINER, "oneliner", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_EMAIL, "email", "x", $prefix, "")."</td>\n". " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". " </tr>\n". "</table>\n". "<hr />\n"; // List of attendees echo "<table class=\"attendees\">\n". " <tr>\n". " <th class=\"name\">Name</th>\n". " <th class=\"groups\">Groups</th>\n". " <th class=\"regtime\">Registered</th>\n". " <th class=\"oneliner\">Oneliner</th>\n". " <th class=\"email\">E-mail</th>\n". " <th>Actions</th>\n". " </tr>\n"; $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; $row = 0; foreach (stExecSQL($sql) as $item) stPrintAttendee($item, $row++, TRUE, TRUE, FALSE); echo "</table>\n"; break; case "attendee": $res = stFetchSQL(stPrepareSQL("SELECT * FROM attendees WHERE id=%D", "id")); if ($res !== FALSE) stPrintAttendee($res, -1, FALSE, TRUE, stGetRequestItem("edit", FALSE)); break; case "votekey": case "votekeyclass": switch ($voteKeyMode) { case VOTE_FREELY: case VOTE_ACTIVATE: $sql = stPrepareSQL("SELECT * FROM votekeys WHERE id=%D", "id"); break; case VOTE_ASSIGN: $sql = stPrepareSQL("SELECT votekeys.key,attendees.* FROM attendees ". "LEFT JOIN votekeys ON votekeys.id=attendees.key_id ". "WHERE attendees.id=%D", "id"); break; } if (($res = stFetchSQL($sql)) !== FALSE) { if ($type == "votekeyclass") echo stGetVoteKeyClass($res); else echo stGetVoteKeyItemData($res["id"], $res, "vk"); } break; case "voters": // Generate vote keys, if needed $numVKeys = stFetchSQLColumn("SELECT COUNT(*) FROM votekeys"); $numUsers = stFetchSQLColumn("SELECT COUNT(*) FROM attendees"); while ($numVKeys < $numUsers) { if (($key = stGenerateUserKey()) !== false) { if (stExecSQL(stPrepareSQL("INSERT INTO votekeys (key) VALUES (%s)", $key)) !== false) $numVKeys++; } } // List of votekeys echo "<div class=\"info\"><b>Voting mode: ".$voteModeData[$voteKeyMode][0]."</b>. ".$voteModeData[$voteKeyMode][1]."</div>\n". "<div class=\"tabHeadersSub\">\n". "<a href=\"print.php?type=votekeys\" target=\"_blank\">Show printable key list</a>\n". "</div>\n"; switch ($voteKeyMode) { case VOTE_FREELY: case VOTE_ACTIVATE: $sql = "SELECT * FROM votekeys ORDER BY votekeys.id ASC"; foreach (stExecSQL($sql) as $item) { // This funny code is to ensure that the cells are of uniform width echo "<div class=\"".stGetVoteKeyClass($item). "\" id=\"vkey".$item["id"]."\">". stGetVoteKeyItemData($item["id"], $item, "vk"). "</div>\n"; } break; case VOTE_ASSIGN: $sql = "SELECT votekeys.key,attendees.* FROM attendees ". "LEFT JOIN votekeys ON votekeys.id=attendees.key_id ". "ORDER BY attendees.regtime DESC"; echo "<table class=\"attendees\">\n". " <tr>\n". " <th class=\"name\">Name</th>\n". " <th class=\"groups\">Groups</th>\n". " <th class=\"vkeynum\">Key #</th>\n". " <th class=\"vkey\">Votekey</th>\n". " </tr>\n"; $index = 0; foreach (stExecSQL($sql) as $item) { echo " <tr class=\"".stGetVoteKeyClass($item). "\" id=\"vkey".$item["id"]."\">\n". stGetVoteKeyItemData($item["id"], $item, "vk"). " </tr>\n"; } echo "</table>\n"; break; } break; case "compos": echo "<form method=\"post\" action=\"\" onsubmit=\"return addCompo()\">\n". " ".stGetFormTextInput(64, SET_LEN_COMPO_NAME, "", "ncname", "", "")."<br />\n". " ".stGetFormTextArea(5, 60, "", "ncdescription", "", "")."<br />\n". " ".stGetFormSubmitInput("nccompo", "Add compo")."\n". " ".stGetFormButtonInput("", "", "", "Clear", "this.form.reset()")."\n". "</form>\n". "<hr />\n"; $sql = "SELECT * FROM compos ORDER BY id DESC"; foreach (stExecSQL($sql) as $item) { echo "<div id=\"compo".$item["id"]."\">\n". stGetCompoData($item["id"], $item, "co"). "</div>\n". "<hr />\n"; } break; case "compo": $res = stFetchSQL(stPrepareSQL("SELECT * FROM compos WHERE id=%D", "id")); if ($res !== FALSE) echo stGetCompoData($res["id"], $res, "co"); break; case "settings": $prefix = "st"; echo "<h1>Site settings</h1>\n". "<form method=\"post\" action=\"\" onsubmit=\"return updateSettings()\">\n". "<table>\n"; foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) { echo " <tr>\n". " <td>"; $id = $item["key"]; switch ($item["vtype"]) { case VT_INT: echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); break; case VT_STR: echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); break; case VT_BOOL: echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); break; } echo "</td>\n". " <td>".$item["desc"]."</td>\n". " </tr>\n"; } echo "</table>\n".stGetSaveButton(); foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) { echo "<h2>".chentities($item["desc"])."</h2>\n". stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). "\n<br />\n". stGetSaveButton(); } echo "</form>\n"; break; case "compolist": $index = 0; foreach (stExecSQL("SELECT * FROM compos") as $compo) { if ($index++ > 0) echo ","; echo "\"".$compo["id"]."\":\"".chentities($compo["name"])."\""; } break; case "entry": $res = stFetchSQL(stPrepareSQL("SELECT * FROM entries WHERE id=%D", "id")); if ($res !== FALSE) echo stGetEntryItemData($res["id"], $res, "en"); break; case "entries": $id = intval(stGetRequestItem("id", 0)); if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) !== false) { $nentries = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$id); $prefix = "ne"; echo "<h1 style=\"margin-bottom: 0px;\">#".$id." - ".chentities($compo["name"]). " (".$nentries." entries)</h1>\n"; if ($nentries > 0) { echo stGetFormButtonInput("generate", "", "", " Add missing show positions ", "generateEntryPositions(".$id.", 1)")."\n". stGetFormButtonInput("regenerate", "", "", " ReGenerate show positions ", "generateEntryPositions(".$id.", 0)")."\n"; } echo "<form>\n". " <table class=\"misc\">\n". " <tr>\n". " <th style=\"width:4%;\">S#</th>\n". " <th>Name</th>\n". " <th>Author(s)</th>\n". " <th>Filename</th>\n". " <th>Info</th>\n". " <th>Actions</th>\n". " </tr>\n". " <tr>\n". " <td></td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $id, $prefix, "")."</td>\n". " <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $id, $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $id, $prefix, "")."</td>\n". // " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $id, $prefix, "")."</td>\n". " <td>".stGetFormTextArea(2, 30, "info", $id, $prefix, "")."</td>\n". " <td>".stGetFormButtonInput("add", $id, $prefix, "Add new", "addEntry(".$id.")")."</td>\n". " </tr>\n". " <tr><td colspan=\"6\"><hr /></td></tr>\n"; foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$id) as $entry) { echo " <tr id=\"entry".$entry["id"]."\">\n". stGetEntryItemData($entry["id"], $entry, "en"). " </tr>\n"; } echo " </table>\n". "</form>\n"; } break; } break; case "delete": // // Delete entry // if (stChkRequestItem("id", $id, array(CHK_TYPE, VT_INT, "Invalid data."))) { if ($type == "news") { $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); stExecSQLCond($sql, "OK, news item ".$id." deleted."); } else if ($type == "attendees") { // Attendees require some more work $sql = stPrepareSQL("SELECT * FROM attendees WHERE id=%d", $id); if (($attn = stFetchSQL($sql)) !== false) { $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); stExecSQLCond($sql, "OK, attendee ".$id." deleted."); // If assigned votekey mode, delete the key and votes as well if ($voteKeyMode == VOTE_ASSIGN && $attn["key_id"] != 0) { $sql = stPrepareSQL("DELETE FROM votekeys WHERE id=%d", $attn["key_id"]); stExecSQLCond($sql, "OK, attendee ".$id." votekey deleted."); $sql = stPrepareSQL("DELETE FROM votes WHERE key_id=%d", $attn["key_id"]); stExecSQLCond($sql, "OK, attendee ".$id." votes deleted."); } } else stError("No such attendee ID #".$id); } else if ($type == "entries") { // .. as do compo entries $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); stExecSQLCond($sql, "OK, entry ".$id." deleted."); $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id); stExecSQLCond($sql, "OK, entry ".$id." votes deleted."); } } else if ($type == "votekeys") { $sql = stPrepareSQL("DELETE FROM votekeys"); stExecSQLCond($sql, "OK, all votekeys purged"); } break; case "add": // // Add new entry // if ($type == "news" && stValidateRequestNewsData()) { $sql = stPrepareSQL( "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", time(), "title", "text", "author"); stExecSQLCond($sql, "OK, news item added."); } else if ($type == "compo" && stValidateRequestCompoData(FALSE)) { $sql = stPrepareSQL( "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)", "name", "description"); stExecSQLCond($sql, "OK, compo added."); } else if ($type == "attendees" && stValidateRequestUserData(TRUE)) { $sql = stPrepareSQL( "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)", time(), "name", "groups", "oneliner", "email"); stExecSQLCond($sql, "OK, attendee added."); } else if ($type == "entry" && stValidateRequestEntryData($fake)) { if (stFetchSQLColumn(stPrepareSQL("SELECT id FROM compos WHERE id=%D", "compo_id")) === FALSE) { stError("No such compo ID."); } else { $sql = stPrepareSQL( "INSERT INTO entries (name,author,compo_id,filename,info) VALUES (%S,%S,%D,%S,%Q)", "name", "author", "compo_id", "filename", "info"); stExecSQLCond($sql, "OK, entry added."); } } break; case "update": // // Update existing entry // if ($type == "settings") { foreach (stExecSQL("SELECT * FROM settings") as $item) if (($val = stGetRequestItem($item["key"], FALSE)) !== FALSE) { $sql = "UPDATE settings SET ".stGetSettingSQL($item, $val)." WHERE key=".$db->quote($item["key"]); stExecSQLCond($sql, "OK, setting updated."); } } else if (stChkRequestItem("id", $id, array(CHK_TYPE, VT_INT, "Invalid data."))) { if ($type == "attendees" && stValidateRequestUserData(TRUE)) { $sql = stPrepareSQLUpdate("attendees", "WHERE id=".$id, array( "name" => "S", "groups" => "S", "email" => "S", "oneliner" => "S", )); stExecSQLCond($sql, "OK, attendee updated."); } else if ($type == "news" && stValidateRequestNewsData()) { $sql = stPrepareSQLUpdate("news", "WHERE id=".$id, array( "title" => "S", "text" => "Q", "author" => "S" )); stExecSQLCond($sql, "OK, news item updated."); } else if ($type == "compo" && stValidateRequestCompoData(TRUE)) { $sql = stPrepareSQLUpdate("compos", "WHERE id=".$id, array( "name" => "S", "description" => "Q", "visible" => "B", "voting" => "B", "showAuthors" => "B", )); stExecSQLCond($sql, "OK, compo updated."); } else if ($type == "entry" && stValidateRequestEntryData($compo_id)) { if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$compo_id) === FALSE) { stError("No such compo ID."); } else { $sql = stPrepareSQLUpdate("entries", "WHERE id=".$id, array( "name" => "S", "author" => "S", "filename" => "S", "info" => "Q", "compo_id" => "D", )); stExecSQLCond($sql, "OK, entry updated."); } } } break; case "votekey": if (stChkRequestItem("id", $id, array(CHK_TYPE, VT_INT, "Invalid data."))) { switch ($type) { case "assign": // Check if already assigned to someone .. $key_id = intval(stGetRequestItem("key_id", 0)); $sql = stPrepareSQL("SELECT * FROM votekeys WHERE id=%d", $key_id); if (stFetchSQL($sql) === false) stError("Invalid key ID #."); else { $sql = stPrepareSQL("SELECT * FROM attendees WHERE key_id=%d", $key_id); if (($attn = stFetchSQL($sql)) !== false && $attn["id"] != $id) stError("That key has already been assigned to another attendee!"); else { // Assign .. $sql = stPrepareSQL("UPDATE attendees SET key_id=%d WHERE id=%d", $key_id, $id); stExecSQLCond($sql, "Assigned key updated."); } } break; case "clear": $sql = stPrepareSQL("UPDATE attendees SET key_id=NULL WHERE id=%d", $id); stExecSQLCond($sql, "Assigned key cleared."); break; case "active": // Autobots activate! $sql = stPrepareSQL("UPDATE votekeys SET active=%B WHERE id=%d", "active", $id); stExecSQLCond($sql, "Votekey status changed."); break; } } break; default: stSetStatus(404, "Not Found"); break; } if (!$errorSet) stSaveDisplayVars(); stDumpAJAXStatusErrors(); ?>