Mercurial > hg > fapweb
view admajax.php @ 300:fd8296895588
Improve error situation reporting in makePostArgs().
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 26 Nov 2013 01:37:35 +0200 |
parents | bbdf1b9c5a07 |
children | 828fc30e3c94 |
line wrap: on
line source
<? // // FAPWeb Simple Demoparty System // Party administration page AJAX backend module // (C) Copyright 2012-2013 Tecnic Software productions (TNSP) // $sessionType = "admin"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; function stValidateRequestCompoData($full) { if (!stChkRequestItem("name", $fake, array(CHK_ISGT, VT_STR, 0, "Compo name too short"), array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_NAME, "Compo name too long.")) || !stChkRequestItem("description", $fake, array(CHK_ISGT, VT_STR, 10, "Compo description too short"), array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_DESC, "Compo description too long."))) return FALSE; if (!$full) return TRUE; return stChkRequestItem("visible", $fake, array(CHK_TYPE, VT_BOOL, "Invalid data.") ) && stChkRequestItem("voting", $fake, array(CHK_TYPE, VT_BOOL, "Invalid data.") ) && stChkRequestItem("showAuthors", $fake, array(CHK_TYPE, VT_BOOL, "Invalid data.") ); } function stValidateRequestEntryData(&$compo_id) { return stChkRequestItem("name", $fake, array(CHK_ISGT, VT_STR, 0, "Entry name too short."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_NAME, "Entry name too long.") ) && stChkRequestItem("author", $fake, array(CHK_ISGT, VT_STR, 0, "Author name not set."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_AUTHOR, "Entry author too long.") ) && stChkRequestItem("filename", $fake, array(CHK_TYPE, VT_TEXT, "Invalid data."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_FILENAME, "Entry filename too long.") ) && stChkRequestItem("info", $fake, array(CHK_TYPE, VT_TEXT, "Invalid data."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_INFO, "Entry info too long.") ) && stChkRequestItem("compo_id", $compo_id, array(CHK_TYPE, VT_INT, "Invalid compo ID.") ); } function stValidateRequestNewsData() { return stChkRequestItem("text", $fake, array(CHK_ISGT, VT_STR, 0, "News text too short."), array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_TEXT, "News text too long.") ) && stChkRequestItem("author", $fake, array(CHK_ISGT, VT_STR, 0, "News author name too short."), array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_AUTHOR, "News author name too long.") ) && stChkRequestItem("title", $fake, array(CHK_ISGT, VT_STR, 0, "News title too short."), array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_TITLE, "News title too long.") ); } function stGetCompoData($id, $item, $prefix) { return " <h2>#".$id." - ".chentities($item["name"])."</h2>\n". " ".stGetFormTextInput(40, SET_LEN_COMPO_NAME, "name", $id, $prefix, $item["name"])."\n". " ".stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". " ".stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n". " ".stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". " ".stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". " ".stGetFormButtonInput("update", $id, $prefix, "Update", "updateCompo(".$id.")")."\n"; } function stGetNewsItemData($id, $item, $prefix) { return " <h2>".chentities($item["title"])."</h2>\n". " ".stGetFormTextInput(40, SET_LEN_NEWS_TITLE, "title", $id, $prefix, $item["title"]). " - posted ".date("d M Y / H:i", $item["utime"])."<br />\n". " ".stGetFormTextArea(5, 60, "text", $id, $prefix, $item["text"])."<br />\n". " ".stGetFormTextInput(20, SET_LEN_NEWS_AUTHOR, "author", $id, $prefix, $item["author"])."\n". " ".stGetFormButtonInput("", "upd".$id, $prefix, "Update", "updateNews(".$id.")")."\n". " ".stGetFormButtonInput("", "del".$id, $prefix, "Delete", "deleteNews(".$id.")")."\n"; } function stGetEntryItemData($eid, $item, $prefix) { return " <td>".($item["show_id"] > 0 ? $item["show_id"] : "-")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $eid, $prefix, $item["name"])."</td>\n". " <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $eid, $prefix, $item["author"])."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $eid, $prefix, $item["filename"])."</td>\n". // " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $eid, $prefix, $item["info"])."</td>\n". " <td>".stGetFormTextArea(2, 30, "info", $eid, $prefix, $item["info"])."</td>\n". " <td>". stGetFormButtonInput("delete", $eid, $prefix, "Del", "deleteEntry(".$item["compo_id"].",".$eid.")"). stGetFormTextInput(3, 3, "compo_id", $eid, $prefix, $item["compo_id"]). stGetFormButtonInput("update", $eid, $prefix, "Upd", "updateEntry(".$item["compo_id"].",".$eid.")"). "</td>\n"; } function stGetSaveButton() { return "<input type=\"submit\" value=\" Save \" />\n"; } // // Check if we are allowed to execute // if (!stCheckHTTPS() || !stAdmSessionAuth()) { stSetupCacheControl(); stSessionEnd(SESS_ADMIN); header("Location: ".stGetSetting("defaultPage")); exit; } // // Initialize // stSetupCacheControl(); if (!stConnectSQLDB()) die("Could not connect to SQL database."); stReloadSettings(); $type = stGetRequestItem("type", ""); switch (stGetRequestItem("action", "")) { case "dump": // // Perform generic data dump // if (($res = stExecSQLCond( "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC")) !== FALSE) { stSetStatus(200, "Dump OK."); $out1 = array(); $out2 = array(); foreach ($res as $item) { $out1[] = chentities($item["name"])." <".chentities($item["email"]).">"; $out2[] = chentities($item["email"]); } echo "<br /><hr />". implode(", ", $out1)."<br /><hr /><br />". implode("<br />", $out1)."<br /><hr /><br />". implode(", ", $out2)."<br /><hr /><br />". implode("<br />", $out2)."<br /><hr />"; } break; case "get": // // Get specific data // switch ($type) { case "news": echo "<form method=\"post\" action=\"\" onsubmit=\"return addNews()\">\n". " ".stGetFormTextInput(40, SET_LEN_NEWS_TITLE, "", "nntitle", "", "")."<br />\n". " ".stGetFormTextArea(5, 60, "", "nntext", "", "")."<br />\n". " ".stGetFormTextInput(20, SET_LEN_NEWS_AUTHOR, "", "nnauthor", "", "orgaz")."\n". " ".stGetFormSubmitInput("nnadd", "Add post")."\n". " ".stGetFormButtonInput("", "", "", "Clear", "this.form.reset()")."\n". "</form>\n". "<hr />\n"; $sql = "SELECT * FROM news ORDER BY utime DESC"; foreach (stExecSQL($sql) as $item) { echo "<div id=\"news".$item["id"]."\">\n". stGetNewsItemData($item["id"], $item, "ne"). "</div>\n". "<hr />\n"; } break; case "newsitem": $res = stFetchSQL(stPrepareSQL("SELECT * FROM news WHERE id=%D", "id")); if ($res !== FALSE) echo stGetNewsItemData($res["id"], $res, "ne"); break; case "attendees": echo "<div class=\"tabHeadersSub\">\n". "<a href=\"print.php?type=emails\" target=\"_blank\">Show plain list of e-mails</a>\n". "</div>\n"; // For adding a new one $prefix = "ne"; echo "<table>\n". " <tr>\n". " <th>Name</th>\n". " <th>Groups</th>\n". " <th>Oneliner</th>\n". " <th>E-mail</th>\n". " <th>Actions</th>\n". " </tr>\n". " <tr>\n". " <td>".stGetFormTextInput(20, SET_LEN_USERNAME, "name", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_GROUPS, "groups", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(30, SET_LEN_ONELINER, "oneliner", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_EMAIL, "email", "x", $prefix, "")."</td>\n". " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". " </tr>\n". "</table>\n". "<hr />\n"; // List of attendees echo "<table class=\"attendees\">\n". " <tr>\n". " <th class=\"name\">Name</th>\n". " <th class=\"groups\">Groups</th>\n". " <th class=\"regtime\">Registered</th>\n". " <th class=\"oneliner\">Oneliner</th>\n". " <th class=\"email\">E-mail</th>\n". " <th>Actions</th>\n". " </tr>\n"; $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; $row = 0; foreach (stExecSQL($sql) as $item) stPrintAttendee($item, $row++, TRUE, TRUE, FALSE); echo "</table>\n"; break; case "attendee": $res = stFetchSQL(stPrepareSQL("SELECT * FROM attendees WHERE id=%D", "id")); if ($res !== FALSE) stPrintAttendee($res, -1, FALSE, TRUE, stGetRequestItem("edit", FALSE)); break; case "voters": // Generate vote keys, if needed $numVKeys = stFetchSQLColumn("SELECT COUNT(*) FROM votekeys"); $numUsers = stFetchSQLColumn("SELECT COUNT(*) FROM attendees"); while ($numVKeys < $numUsers) { if (($key = stGenerateUserKey()) !== false) { if (stExecSQL(stPrepareSQL("INSERT INTO votekeys (key) VALUES (%s)", $key)) !== false) $numVKeys++; } } // List of votekeys $vmode = stGetSetting("voteKeyMode"); echo "<div class=\"info\"><b>Voting mode: ".$voteModeData[$vmode][0]."</b>. ".$voteModeData[$vmode][1]."</div>\n". "<div class=\"tabHeadersSub\">\n". "<a href=\"print.php?type=votekeys\" target=\"_blank\">Show printable key list</a>\n". "</div>\n"; switch ($vmode) { case VOTE_FREELY: case VOTE_ACTIVATE: $sql = "SELECT * FROM votekeys ORDER BY votekeys.id ASC"; $keyLen = stGetSetting("userKeyLength"); $index = 0; foreach (stExecSQL($sql) as $item) { if ($index == 0) echo "<tr>\n"; // This funny code is to ensure that the cells are of uniform width printf("<div class=\"votekey\" id=\"vkey".$item["id"]. "\"><span class=\"keyid\">%03d</span> : ". "<span class=\"keycode\">%s</span>", $item["id"], str_repeat(" ", $keyLen - strlen($item["key"])).$item["key"]); if ($vmode == VOTE_ACTIVATE) { echo stGetFormCheckBoxInput("active", $item["id"], "", $item["active"], "", "class=\"keyactive\" onClick=\"voteKeyActivated(".$item["id"].")\"", "xx")."\n"; } echo "</div>"; } break; case VOTE_ASSIGN: $sql = "SELECT * FROM votekeys ". "LEFT JOIN attendees ON votekeys.voter_id=attendees.id ". "ORDER BY votekeys.id ASC"; echo "<table class=\"attendees\">\n". " <tr>\n". " <th class=\"name\">Name</th>\n". " <th class=\"groups\">Groups</th>\n". // " <th class=\"email\">E-mail</th>\n". " <th class=\"\">Key</th>\n". " </tr>\n"; $row = 0; foreach (stExecSQL($sql) as $item) { print_r($item); } echo "</table>\n"; break; } break; case "compos": echo "<form method=\"post\" action=\"\" onsubmit=\"return addCompo()\">\n". " ".stGetFormTextInput(64, SET_LEN_COMPO_NAME, "", "ncname", "", "")."<br />\n". " ".stGetFormTextArea(5, 60, "", "ncdescription", "", "")."<br />\n". " ".stGetFormSubmitInput("nccompo", "Add compo")."\n". " ".stGetFormButtonInput("", "", "", "Clear", "this.form.reset()")."\n". "</form>\n". "<hr />\n"; $sql = "SELECT * FROM compos ORDER BY id DESC"; foreach (stExecSQL($sql) as $item) { echo "<div id=\"compo".$item["id"]."\">\n". stGetCompoData($item["id"], $item, "co"). "</div>\n". "<hr />\n"; } break; case "compo": $res = stFetchSQL(stPrepareSQL("SELECT * FROM compos WHERE id=%D", "id")); if ($res !== FALSE) echo stGetCompoData($res["id"], $res, "co"); break; case "slides": $sql = "SELECT * FROM displaySlides SORT BY id ASC"; $sql = "SELECT * FROM displayListData SORT BY id ASC"; $sql = "SELECT * FROM displayListSlides SORT BY id ASC"; echo " <table>\n". " <tr>\n". " <td>".stGetFormButtonInput("generate", "", "", " Generate entry show positions ", "generateEntryPositions()")."</td>\n". " <td>".stGetFormButtonInput("generate", "", "", " XXX ", "generateEntryPositions()")."</td>\n". " </tr>\n". " </table>\n"; break; case "settings": $prefix = "st"; echo "<h1>Site settings</h1>\n". "<form method=\"post\" action=\"\" onsubmit=\"return updateSettings()\">\n". "<table>\n"; foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) { echo " <tr>\n". " <td>"; $id = $item["key"]; switch ($item["vtype"]) { case VT_INT: echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); break; case VT_STR: echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); break; case VT_BOOL: echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); break; } echo "</td>\n". " <td>".$item["desc"]."</td>\n". " </tr>\n"; } echo "</table>\n".stGetSaveButton(); foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) { echo "<h2>".chentities($item["desc"])."</h2>\n". stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). "\n<br />\n". stGetSaveButton(); } echo "</form>\n"; break; case "compolist": $index = 0; foreach (stExecSQL("SELECT * FROM compos") as $compo) { if ($index++ > 0) echo ","; echo "\"".$compo["id"]."\":\"".chentities($compo["name"])."\""; } break; case "entry": $res = stFetchSQL(stPrepareSQL("SELECT * FROM entries WHERE id=%D", "id")); if ($res !== FALSE) echo stGetEntryItemData($res["id"], $res, "en"); break; case "entries": $id = intval(stGetRequestItem("id", 0)); if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) !== false) { echo "<h1 style=\"margin-bottom: 0px;\">#".$id." - ".chentities($compo["name"])."</h1>\n". "<form>\n". " <table class=\"misc\">\n". " <tr>\n". " <th style=\"width:4%;\">S#</th>\n". " <th>Name</th>\n". " <th>Author(s)</th>\n". " <th>Filename</th>\n". " <th>Info</th>\n". " <th>Actions</th>\n". " </tr>\n"; foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$id) as $entry) { echo " <tr id=\"entry".$entry["id"]."\">\n". stGetEntryItemData($entry["id"], $entry, "en"). " </tr>\n"; } $prefix = "ne"; echo " <tr>\n". " <td></td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $id, $prefix, "")."</td>\n". " <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $id, $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $id, $prefix, "")."</td>\n". // " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $id, $prefix, "")."</td>\n". " <td>".stGetFormTextArea(2, 30, "info", $id, $prefix, "")."</td>\n". " <td>".stGetFormButtonInput("add", $id, $prefix, "Add new", "addEntry(".$id.")")."</td>\n". " </tr>\n". " </table>\n". "</form>\n"; } break; } break; case "delete": // // Delete entry // if (stChkRequestItem("id", $id, array(CHK_TYPE, VT_INT, "Invalid data."))) { if ($type == "news") { $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); stExecSQLCond($sql, "OK, news item ".$id." deleted."); } else if ($type == "attendees") { // Attendees require some more work $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); stExecSQLCond($sql, "OK, attendee ".$id." deleted."); $sql = stPrepareSQL("DELETE FROM votes WHERE voter_id=%d", $id); stExecSQLCond($sql, "OK, attendee ".$id." votes deleted."); } else if ($type == "entries") { // .. as do compo entries $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); stExecSQLCond($sql, "OK, entry ".$id." deleted."); $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id); stExecSQLCond($sql, "OK, entry ".$id." votes deleted."); } } break; case "add": // // Add new entry // if ($type == "news" && stValidateRequestNewsData()) { $sql = stPrepareSQL( "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", time(), "title", "text", "author"); stExecSQLCond($sql, "OK, news item added."); } else if ($type == "compo" && stValidateRequestCompoData(FALSE)) { $sql = stPrepareSQL( "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)", "name", "description"); stExecSQLCond($sql, "OK, compo added."); } else if ($type == "attendees" && stValidateRequestUserData(TRUE)) { $sql = stPrepareSQL( "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)", time(), "name", "groups", "oneliner", "email"); stExecSQLCond($sql, "OK, attendee added."); } else if ($type == "entry" && stValidateRequestEntryData($fake)) { if (stFetchSQLColumn(stPrepareSQL("SELECT id FROM compos WHERE id=%D", "compo_id")) === FALSE) { stError("No such compo ID."); } else { $sql = stPrepareSQL( "INSERT INTO entries (name,author,compo_id,filename,info) VALUES (%S,%S,%D,%S,%Q)", "name", "author", "compo_id", "filename", "info"); stExecSQLCond($sql, "OK, entry added."); } } break; case "update": // // Update existing entry // if ($type == "settings") { foreach (stExecSQL("SELECT * FROM settings") as $item) if (($val = stGetRequestItem($item["key"], FALSE)) !== FALSE) { $sql = "UPDATE settings SET ".stGetSettingSQL($item, $val)." WHERE key=".$db->quote($item["key"]); stExecSQLCond($sql, "OK, setting updated."); } } if (stChkRequestItem("id", $id, array(CHK_TYPE, VT_INT, "Invalid data."))) { if ($type == "attendees" && stValidateRequestUserData(TRUE)) { $sql = stPrepareSQLUpdate("attendees", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "groups" => "S", "email" => "S", "oneliner" => "S", )); stExecSQLCond($sql, "OK, attendee updated."); } else if ($type == "news" && stValidateRequestNewsData()) { $sql = stPrepareSQLUpdate("news", "WHERE id=".intval(stGetRequestItem("id")), array( "title" => "S", "text" => "Q", "author" => "S" )); stExecSQLCond($sql, "OK, news item updated."); } else if ($type == "compo" && stValidateRequestCompoData(TRUE)) { $sql = stPrepareSQLUpdate("compos", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "description" => "Q", "visible" => "B", "voting" => "B", "showAuthors" => "B", )); stExecSQLCond($sql, "OK, compo updated."); } else if ($type == "entry" && stValidateRequestEntryData($compo_id)) { if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$compo_id) === FALSE) { stError("No such compo ID."); } else { $sql = stPrepareSQLUpdate("entries", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "author" => "S", "filename" => "S", "info" => "Q", "compo_id" => "D", )); stExecSQLCond($sql, "OK, entry updated."); } } } break; default: stSetStatus(404, "Not Found"); break; } stDumpAJAXStatusErrors(); ?>