Mercurial > hg > fapweb
changeset 105:a85f258f6beb
Move some things around and modularize the code.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 21 Oct 2013 16:26:42 +0300 |
parents | c7b1eb993240 |
children | 324f3a415237 |
files | admajax.php admin.inc.php ajax.js ajax.php |
diffstat | 4 files changed, 599 insertions(+), 596 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/admajax.php Mon Oct 21 16:26:42 2013 +0300 @@ -0,0 +1,445 @@ +<? +// +// AJAX request handler backend module +// +$sessionType = "admin"; +require "mconfig.inc.php"; +require "msite.inc.php"; +require "msession.inc.php"; + +// Check if we are allowed to execute +if (!stCheckHTTPS() || !stAdmSessionAuth()) +{ + stSetupCacheControl(); + + stSessionEnd(SESS_ADMIN); + + header("Location: news"); + exit; +} + +stSetupCacheControl(); + +// Initiate SQL database connection +if (!stConnectSQLDB()) + die("Could not connect to SQL database."); + +// Fetch non-"hardcoded" settings from SQL database +stReloadSettings(); + + +function saveButton() +{ + return "<input type=\"submit\" value=\" Save \" />\n"; +} + + +// XMLHttp responses +$action = "ERROR"; +if (stChkRequestItem("action") && stChkRequestItem("type")) +{ + $action = $_REQUEST["action"]; + $type = $_REQUEST["type"]; +} + + +switch ($action) +{ + case "dump": + // + // Perform generic data dump + // + if (($res = stExecSQLCond( + "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", + "Dump OK.")) !== FALSE) + { + $out1 = array(); + $out2 = array(); + + foreach ($res as $item) + { + $out1[] = $item["name"]." <".$item["email"].">"; + $out2[] = $item["email"]; + } + + echo "<br /><hr />". + implode(", ", $out1)."<br /><hr /><br />". + implode("<br />", $out1)."<br /><hr /><br />". + implode(", ", $out2)."<br /><hr /><br />". + implode("<br />", $out2)."<br /><hr />"; + + } + break; + + case "get": + // + // Get specific data + // + switch ($type) + { + case "news": + $sql = "SELECT * FROM news ORDER BY utime DESC"; + break; + + case "attendees": + $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; + break; + + case "voters": + break; + + case "compos": + $sql = "SELECT * FROM compos ORDER BY id DESC"; + break; + + case "settings": + $prefix = "st"; + + echo + "<h1>Site settings</h1>\n". + "<table>\n"; + foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) + { + echo + " <tr>\n". + " <td>"; + $id = $item["key"]; + switch ($item["vtype"]) + { + case VT_INT: + echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); + break; + case VT_STR: + echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); + break; + case VT_BOOL: + echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); + break; + } + echo "</td>\n". + " <td>".$item["desc"]."</td>\n". + " </tr>\n"; + } + echo "</table>\n".saveButton(); + + foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) + { + echo "<h2>".chentities($item["desc"])."</h2>\n". + stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). + "\n<br />\n".saveButton(); + } + break; + + case "entries": + stGetCompoList(FALSE, FALSE); + + foreach ($compos as $id => $compo) + { + echo + "<form>\n". + " <table class=\"misc\">\n". + " <tr>\n". + " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n". + " </tr>\n". + " <tr>\n". + " <th style=\"width:1%;\">Compo</th>\n". + " <th>Title</th>\n". + " <th>Author(s)</th>\n". + " <th>Filename</th>\n". + " <th>Actions</th>\n". + " </tr>\n"; + + $prefix = "en"; + foreach ($compo["entries"] as $eid => $entry) + { + echo + " <tr id=\"entry".$eid."\">\n". + " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n". + " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". + " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n". + " <td>". + stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). + stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). + "</td>\n". + " </tr>\n"; + } + + $prefix = "ne"; + echo + " <tr>\n". + " <td></td>\n". + " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n". + " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". + " </tr>\n". + " </table>\n". + "</form>\n"; + } + break; + } + + // + // Perform query if we need to, output results + // + if (isset($sql) && ($res = stExecSQLCond($sql, "")) !== FALSE) + { + if ($type == "news") + { + foreach ($res as $item) + { + $id = $item["id"]; + stPrintNewsItem($item, + "<br />". + " <button class=\"button\" id=\"ndel".$id. + "\" type=\"button\" onclick=\"deleteNews(".$id. + ")\">Delete</button>\n" + ); + } + } + else + if ($type == "attendees") + { + // List of attendees + echo + "<table class=\"attendees\">\n". + " <tr>\n". + " <th class=\"name\">Name</th>\n". + " <th class=\"groups\">Groups</th>\n". + " <th class=\"regtime\">Registered</th>\n". + " <th class=\"oneliner\">Oneliner</th>\n". + " <th class=\"email\">E-mail</th>\n". + " <th>Actions</th>\n". + " </tr>\n"; + $row = 0; + foreach ($res as $item) + stPrintAttendee($item, $row++, TRUE); + + // For adding a new one + $prefix = "ne"; + echo + "</table>\n". + "<hr />\n". + "<table>\n". + " <tr>\n". + " <th>Name</th>\n". + " <th>Groups</th>\n". + " <th>Oneliner</th>\n". + " <th>E-mail</th>\n". + " <th>Actions</th>\n". + " </tr>\n". + " <tr>\n". + " <td>".stGetFormTextInput(20, 64, "name", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(20, 64, "groups", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(30, 64, "oneliner", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(20, 64, "email", "x", $prefix, "")."</td>\n". + " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". + " </tr>\n". + "</table>\n"; + } + else + if ($type == "compos") + { + foreach ($res as $item) + { + $id = $item["id"]; + $prefix = "co"; + echo + "<div id=\"compo".$id."\">\n". + "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". + stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". + stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". + stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n". + stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". + stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". + stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". + "</div>\n". + "<hr />\n"; + } + } + } + break; + + case "delete": + // + // Delete entry + // + if (stChkRequestItem("id")) + { + $id = intval(stGetRequestItem("id")); + + if ($type == "news") + { + $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); + stExecSQLCond($sql, "OK, news item ".$id." deleted."); + } + else + if ($type == "attendees") + { + // Attendees require some more work + $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); + stExecSQLCond($sql, "OK, attendee ".$id." deleted."); + + $sql = stPrepareSQL("DELETE FROM votes WHERE voter_id=%d", $id); + stExecSQLCond($sql, "OK, attendee ".$id." votes deleted."); + } + else + if ($type == "entries") + { + // .. as do compo entries + $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); + stExecSQLCond($sql, "OK, entry ".$id." deleted."); + + $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id); + stExecSQLCond($sql, "OK, entry ".$id." votes deleted."); + } + } + else + stSetStatus(901, "No ID specified."); + break; + + case "add": + // + // Add new entry + // + if ($type == "news" && stChkRequestItem("text") && + stChkRequestItem("author") && stChkRequestItem("title")) + { + $sql = stPrepareSQL( + "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", + time(), "title", "text", "author"); + + stExecSQLCond($sql, "OK, news item added."); + } + else + if ($type == "compo" && stChkRequestItem("name") && + stChkRequestItem("description")) + { + $sql = stPrepareSQL( + "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)", + "name", "description"); + + stExecSQLCond($sql, "OK, compo added."); + } + else + if ($type == "attendees" && stChkRequestItem("name") && + stChkRequestItem("groups") && stChkRequestItem("oneliner") && + stChkRequestItem("email")) + { + $sql = stPrepareSQL( + "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)", + time(), "name", "groups", "oneliner", "email"); + + stExecSQLCond($sql, "OK, attendee added."); + } + else + if ($type == "entry" && stChkRequestItem("name") && + stChkRequestItem("author") && stChkRequestItem("compo_id")) + { + $sql = stPrepareSQL( + "INSERT INTO entries (name,author,compo_id,filename) VALUES (%S,%S,%D,%S)", + "name", "author", "compo_id", "filename"); + + stExecSQLCond($sql, "OK, entry added."); + } + else + stSetStatus(902, "No data."); + break; + + case "update": + // + // Update existing entry + // + if ($type == "attendees" && stChkRequestItem("id") && + stChkRequestItem("email") && stChkRequestItem("oneliner") && + stChkRequestItem("active")) + { + $sql = stPrepareSQLUpdate("attendees", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "email" => "S", + "oneliner" => "S", + "active" => "B", + )); + + stExecSQLCond($sql, "OK, attendee updated."); + } + else + if ($type == "news" && stChkRequestItem("id") && + stChkRequestItem("text") && stChkRequestItem("author") && + stChkRequestItem("title")) + { + $sql = stPrepareSQLUpdate("news", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "title" => "S", + "text" => "Q", + "author" => "S" + )); + + stExecSQLCond($sql, "OK, news item updated."); + } + else + if ($type == "compo" && stChkRequestItem("id") && + stChkRequestItem("name") && stChkRequestItem("description") && + stChkRequestItem("visible") && stChkRequestItem("voting") && + stChkRequestItem("showAuthors")) + { + $sql = stPrepareSQLUpdate("compos", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "description" => "Q", + "visible" => "B", + "voting" => "B", + "showAuthors" => "B", + )); + + stExecSQLCond($sql, "OK, compo updated."); + } + else + if ($type == "entry" && stChkRequestItem("id") && + stChkRequestItem("name") && stChkRequestItem("author") && + stChkRequestItem("compo_id")) + { + $sql = stPrepareSQLUpdate("entries", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "author" => "S", + "filename" => "S", + "compo_id" => "D", + )); + + stExecSQLCond($sql, "OK, entry updated."); + } + else + if ($type == "settings") + { + foreach (stExecSQL("SELECT * FROM settings") as $item) + if (stChkRequestItem($item["key"])) + { + $val = stGetRequestItem($item["key"]); + switch ($item["vtype"]) + { + case VT_INT: $vsql = stPrepareSQL("vint=%d", $val); break; + case VT_BOOL: $vsql = stPrepareSQL("vint=%d", $val ? 1 : 0); break; + case VT_STR: $vsql = stPrepareSQL("vstr=%s", $val); break; + case VT_TEXT: $vsql = stPrepareSQL("vtext=%s", $val); break; + } + + $sql = "UPDATE settings SET ".$vsql." WHERE key=".$db->quote($item["key"]); + stExecSQLCond($sql, "OK, setting updated."); + } + } + else + stSetStatus(902, "No data."); + break; + + default: + stSetStatus(404, "Not Found"); + break; +} + +?> \ No newline at end of file
--- a/admin.inc.php Mon Oct 21 15:17:04 2013 +0300 +++ b/admin.inc.php Mon Oct 21 16:26:42 2013 +0300 @@ -13,7 +13,7 @@ { case VT_STR: case VT_TEXT: $type = 0; break; - case VT_INT: $type = 4; break; + case VT_INT: $type = 4; break; case VT_BOOL: $type = 3; break; } $args[] = "\"".$item["key"]."\":".$type; @@ -61,159 +61,7 @@ { ?> <script type="text/javascript"> -// <? stCreateSettingsData(); ?> - - -function statusMsg(msg) -{ - document.getElementById("nstatus").innerHTML = msg; -} - - -function strtrim(str) -{ - if (!str || str == null) - return ""; - return str.replace(/^\s+|\s+$/g,'') -} - - -function strencode(str) -{ - return encodeURIComponent(str); -} - - -function createXMLRequest() -{ - var req; - if (window.XMLHttpRequest) - { - // Modern browsers - req = new XMLHttpRequest(); - } - else - { - // Old IE versions - req = new ActiveXObject("Microsoft.XMLHTTP"); - } - return req; -} - - -function sendPOSTRequest(params, success, failure) -{ - var req = createXMLRequest(); - req.open("POST", "ajax.php", true); - req.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); - req.setRequestHeader("Content-length", params.length); - req.setRequestHeader("Connection", "close"); - - req.onreadystatechange = function() - { - if (req.readyState == 4) - { - if (req.status == 404) - { - window.location = "admlogout.php"; - } - else - if (req.status == 200) - { - if (success) - { - success(req.responseText); - } - statusMsg(req.statusText); - } - else - { - if (failure) - { - failure(req.status, req.statusText, req.responseText); - } - else - { - statusMsg("["+req.status+" - "+req.statusText+"] "+ req.responseText); - } - } - } - } - req.send(params); -} - - -function makePostArgs(fields, fprefix, fsuffix) -{ - var res = []; - for (var id in fields) - { - var elem = document.getElementById(fprefix + id + fsuffix); - if (!elem) - { - alert("No such DOM element '"+ fprefix + id + fsuffix +"'."); - return ""; - } - - switch (fields[id]) - { - case 0: - case 1: - case 4: - { - var str = strtrim(elem.value); - if ((fields[id] == 1 || fields[id] == 4) && str == "") - { - alert("One or more of the required fields are empty."); - return ""; - } - if (fields[id] == 4) - res.push(id+"="+parseInt(elem.value)); - else - res.push(id+"="+strencode(str)); - } - break; - - case 2: - res.push(id+"="+parseInt(elem.value)); - break; - - case 3: - res.push(id+"="+(elem.checked ? "1" : "0")); - break; - - } - } - return res.join("&"); -} - - -function refreshItems(id,name,msgname) -{ - var msuccess = function(txt) - { - var nitem = document.getElementById(id); - nitem.innerHTML = txt; - } - - sendPOSTRequest("action=get&type="+name, msuccess); -} - - -function deleteItem(id,prefix,type,func,dsc) -{ - var msuccess = function(txt) - { - var item = document.getElementById(prefix+id); - item.style.display = "none"; - setTimeout(func, 50); - } - - if (confirm("Are you sure you want to delete "+dsc+" #"+id+"?")) - { - sendPOSTRequest("action=delete&type="+type+"&id="+id, msuccess); - } -} +// <? stCreateSettingsData(); include "ajax.js"; ?> function refreshSettings()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ajax.js Mon Oct 21 16:26:42 2013 +0300 @@ -0,0 +1,152 @@ +function statusMsg(msg) +{ + document.getElementById("nstatus").innerHTML = msg; +} + + +function strtrim(str) +{ + if (!str || str == null) + return ""; + return str.replace(/^\s+|\s+$/g,'') +} + + +function strencode(str) +{ + return encodeURIComponent(str); +} + + +function createXMLRequest() +{ + var req; + if (window.XMLHttpRequest) + { + // Modern browsers + req = new XMLHttpRequest(); + } + else + { + // Old IE versions + req = new ActiveXObject("Microsoft.XMLHTTP"); + } + return req; +} + + +function sendPOSTRequest(params, success, failure) +{ + var req = createXMLRequest(); + req.open("POST", "admajax.php", true); + req.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); + req.setRequestHeader("Content-length", params.length); + req.setRequestHeader("Connection", "close"); + + req.onreadystatechange = function() + { + if (req.readyState == 4) + { + if (req.status == 404) + { + window.location = "admlogout.php"; + } + else + if (req.status == 200) + { + if (success) + { + success(req.responseText); + } + statusMsg(req.statusText); + } + else + { + if (failure) + { + failure(req.status, req.statusText, req.responseText); + } + else + { + statusMsg("["+req.status+" - "+req.statusText+"] "+ req.responseText); + } + } + } + } + req.send(params); +} + + +function makePostArgs(fields, fprefix, fsuffix) +{ + var res = []; + for (var id in fields) + { + var elem = document.getElementById(fprefix + id + fsuffix); + if (!elem) + { + alert("No such DOM element '"+ fprefix + id + fsuffix +"'."); + return ""; + } + + switch (fields[id]) + { + case 0: + case 1: + case 4: + { + var str = strtrim(elem.value); + if ((fields[id] == 1 || fields[id] == 4) && str == "") + { + alert("One or more of the required fields are empty."); + return ""; + } + if (fields[id] == 4) + res.push(id+"="+parseInt(elem.value)); + else + res.push(id+"="+strencode(str)); + } + break; + + case 2: + res.push(id+"="+parseInt(elem.value)); + break; + + case 3: + res.push(id+"="+(elem.checked ? "1" : "0")); + break; + + } + } + return res.join("&"); +} + + +function refreshItems(id,name,msgname) +{ + var msuccess = function(txt) + { + var nitem = document.getElementById(id); + nitem.innerHTML = txt; + } + + sendPOSTRequest("action=get&type="+name, msuccess); +} + + +function deleteItem(id,prefix,type,func,dsc) +{ + var msuccess = function(txt) + { + var item = document.getElementById(prefix+id); + item.style.display = "none"; + setTimeout(func, 50); + } + + if (confirm("Are you sure you want to delete "+dsc+" #"+id+"?")) + { + sendPOSTRequest("action=delete&type="+type+"&id="+id, msuccess); + } +} + +
--- a/ajax.php Mon Oct 21 15:17:04 2013 +0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,442 +0,0 @@ -<? -// -// AJAX request handler backend module -// -$sessionType = "admin"; -require "mconfig.inc.php"; -require "msite.inc.php"; -require "msession.inc.php"; - -// Check if we are allowed to execute -if (!stCheckHTTPS() || !stAdmSessionAuth()) -{ - stSetupCacheControl(); - - stSessionEnd(SESS_ADMIN); - - header("Location: news"); - exit; -} - -stSetupCacheControl(); - -// Initiate SQL database connection -if (!stConnectSQLDB()) - die("Could not connect to SQL database."); - -// Fetch non-"hardcoded" settings from SQL database -stReloadSettings(); - - -function saveButton() -{ - return "<input type=\"submit\" value=\" Save \" />\n"; -} - - -// XMLHttp responses -$action = "ERROR"; -if (stChkRequestItem("action") && stChkRequestItem("type")) -{ - $action = $_REQUEST["action"]; - $type = $_REQUEST["type"]; -} - - -switch ($action) -{ - case "dump": - // - // Perform generic data dump - // - if (($res = stExecSQLCond( - "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", - "Dump OK.")) !== FALSE) - { - $out1 = array(); - $out2 = array(); - - foreach ($res as $item) - { - $out1[] = $item["name"]." <".$item["email"].">"; - $out2[] = $item["email"]; - } - - echo "<br /><hr />". - implode(", ", $out1)."<br /><hr /><br />". - implode("<br />", $out1)."<br /><hr /><br />". - implode(", ", $out2)."<br /><hr /><br />". - implode("<br />", $out2)."<br /><hr />"; - - } - break; - - case "get": - // - // Get specific data - // - switch ($type) - { - case "news": - $sql = "SELECT * FROM news ORDER BY utime DESC"; - break; - - case "attendees": - $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; - break; - - case "compos": - $sql = "SELECT * FROM compos ORDER BY id DESC"; - break; - - case "settings": - $prefix = "st"; - - echo - "<h1>Site settings</h1>\n". - "<table>\n"; - foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) - { - echo - " <tr>\n". - " <td>"; - $id = $item["key"]; - switch ($item["vtype"]) - { - case VT_INT: - echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); - break; - case VT_STR: - echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); - break; - case VT_BOOL: - echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); - break; - } - echo "</td>\n". - " <td>".$item["desc"]."</td>\n". - " </tr>\n"; - } - echo "</table>\n".saveButton(); - - foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) - { - echo "<h2>".chentities($item["desc"])."</h2>\n". - stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). - "\n<br />\n".saveButton(); - } - break; - - case "entries": - stGetCompoList(FALSE, FALSE); - - foreach ($compos as $id => $compo) - { - echo - "<form>\n". - " <table class=\"misc\">\n". - " <tr>\n". - " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n". - " </tr>\n". - " <tr>\n". - " <th style=\"width:1%;\">Compo</th>\n". - " <th>Title</th>\n". - " <th>Author(s)</th>\n". - " <th>Filename</th>\n". - " <th>Actions</th>\n". - " </tr>\n"; - - $prefix = "en"; - foreach ($compo["entries"] as $eid => $entry) - { - echo - " <tr id=\"entry".$eid."\">\n". - " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n". - " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n". - " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". - " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n". - " <td>". - stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). - stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). - "</td>\n". - " </tr>\n"; - } - - $prefix = "ne"; - echo - " <tr>\n". - " <td></td>\n". - " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n". - " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n". - " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n". - " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". - " </tr>\n". - " </table>\n". - "</form>\n"; - } - break; - } - - // - // Perform query if we need to, output results - // - if (isset($sql) && ($res = stExecSQLCond($sql, "")) !== FALSE) - { - if ($type == "news") - { - foreach ($res as $item) - { - $id = $item["id"]; - stPrintNewsItem($item, - "<br />". - " <button class=\"button\" id=\"ndel".$id. - "\" type=\"button\" onclick=\"deleteNews(".$id. - ")\">Delete</button>\n" - ); - } - } - else - if ($type == "attendees") - { - // List of attendees - echo - "<table class=\"attendees\">\n". - " <tr>\n". - " <th class=\"name\">Name</th>\n". - " <th class=\"groups\">Groups</th>\n". - " <th class=\"regtime\">Registered</th>\n". - " <th class=\"oneliner\">Oneliner</th>\n". - " <th class=\"email\">E-mail</th>\n". - " <th>Actions</th>\n". - " </tr>\n"; - $row = 0; - foreach ($res as $item) - stPrintAttendee($item, $row++, TRUE); - - // For adding a new one - $prefix = "ne"; - echo - "</table>\n". - "<hr />\n". - "<table>\n". - " <tr>\n". - " <th>Name</th>\n". - " <th>Groups</th>\n". - " <th>Oneliner</th>\n". - " <th>E-mail</th>\n". - " <th>Actions</th>\n". - " </tr>\n". - " <tr>\n". - " <td>".stGetFormTextInput(20, 64, "name", "x", $prefix, "")."</td>\n". - " <td>".stGetFormTextInput(20, 64, "groups", "x", $prefix, "")."</td>\n". - " <td>".stGetFormTextInput(30, 64, "oneliner", "x", $prefix, "")."</td>\n". - " <td>".stGetFormTextInput(20, 64, "email", "x", $prefix, "")."</td>\n". - " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". - " </tr>\n". - "</table>\n"; - } - else - if ($type == "compos") - { - foreach ($res as $item) - { - $id = $item["id"]; - $prefix = "co"; - echo - "<div id=\"compo".$id."\">\n". - "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". - stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". - stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". - stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n". - stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". - stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". - stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". - "</div>\n". - "<hr />\n"; - } - } - } - break; - - case "delete": - // - // Delete entry - // - if (stChkRequestItem("id")) - { - $id = intval(stGetRequestItem("id")); - - if ($type == "news") - { - $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); - stExecSQLCond($sql, "OK, news item ".$id." deleted."); - } - else - if ($type == "attendees") - { - // Attendees require some more work - $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); - stExecSQLCond($sql, "OK, attendee ".$id." deleted."); - - $sql = stPrepareSQL("DELETE FROM votes WHERE voter_id=%d", $id); - stExecSQLCond($sql, "OK, attendee ".$id." votes deleted."); - } - else - if ($type == "entries") - { - // .. as do compo entries - $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); - stExecSQLCond($sql, "OK, entry ".$id." deleted."); - - $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id); - stExecSQLCond($sql, "OK, entry ".$id." votes deleted."); - } - } - else - stSetStatus(901, "No ID specified."); - break; - - case "add": - // - // Add new entry - // - if ($type == "news" && stChkRequestItem("text") && - stChkRequestItem("author") && stChkRequestItem("title")) - { - $sql = stPrepareSQL( - "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", - time(), "title", "text", "author"); - - stExecSQLCond($sql, "OK, news item added."); - } - else - if ($type == "compo" && stChkRequestItem("name") && - stChkRequestItem("description")) - { - $sql = stPrepareSQL( - "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)", - "name", "description"); - - stExecSQLCond($sql, "OK, compo added."); - } - else - if ($type == "attendees" && stChkRequestItem("name") && - stChkRequestItem("groups") && stChkRequestItem("oneliner") && - stChkRequestItem("email")) - { - $sql = stPrepareSQL( - "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)", - time(), "name", "groups", "oneliner", "email"); - - stExecSQLCond($sql, "OK, attendee added."); - } - else - if ($type == "entry" && stChkRequestItem("name") && - stChkRequestItem("author") && stChkRequestItem("compo_id")) - { - $sql = stPrepareSQL( - "INSERT INTO entries (name,author,compo_id,filename) VALUES (%S,%S,%D,%S)", - "name", "author", "compo_id", "filename"); - - stExecSQLCond($sql, "OK, entry added."); - } - else - stSetStatus(902, "No data."); - break; - - case "update": - // - // Update existing entry - // - if ($type == "attendees" && stChkRequestItem("id") && - stChkRequestItem("email") && stChkRequestItem("oneliner") && - stChkRequestItem("active")) - { - $sql = stPrepareSQLUpdate("attendees", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "email" => "S", - "oneliner" => "S", - "active" => "B", - )); - - stExecSQLCond($sql, "OK, attendee updated."); - } - else - if ($type == "news" && stChkRequestItem("id") && - stChkRequestItem("text") && stChkRequestItem("author") && - stChkRequestItem("title")) - { - $sql = stPrepareSQLUpdate("news", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "title" => "S", - "text" => "Q", - "author" => "S" - )); - - stExecSQLCond($sql, "OK, news item updated."); - } - else - if ($type == "compo" && stChkRequestItem("id") && - stChkRequestItem("name") && stChkRequestItem("description") && - stChkRequestItem("visible") && stChkRequestItem("voting") && - stChkRequestItem("showAuthors")) - { - $sql = stPrepareSQLUpdate("compos", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "name" => "S", - "description" => "Q", - "visible" => "B", - "voting" => "B", - "showAuthors" => "B", - )); - - stExecSQLCond($sql, "OK, compo updated."); - } - else - if ($type == "entry" && stChkRequestItem("id") && - stChkRequestItem("name") && stChkRequestItem("author") && - stChkRequestItem("compo_id")) - { - $sql = stPrepareSQLUpdate("entries", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "name" => "S", - "author" => "S", - "filename" => "S", - "compo_id" => "D", - )); - - stExecSQLCond($sql, "OK, entry updated."); - } - else - if ($type == "settings") - { - foreach (stExecSQL("SELECT * FROM settings") as $item) - if (stChkRequestItem($item["key"])) - { - $val = stGetRequestItem($item["key"]); - switch ($item["vtype"]) - { - case VT_INT: $vsql = stPrepareSQL("vint=%d", $val); break; - case VT_BOOL: $vsql = stPrepareSQL("vint=%d", $val ? 1 : 0); break; - case VT_STR: $vsql = stPrepareSQL("vstr=%s", $val); break; - case VT_TEXT: $vsql = stPrepareSQL("vtext=%s", $val); break; - } - - $sql = "UPDATE settings SET ".$vsql." WHERE key=".$db->quote($item["key"]); - stExecSQLCond($sql, "OK, setting updated."); - } - } - else - stSetStatus(902, "No data."); - break; - - default: - stSetStatus(404, "Not Found"); - break; -} - -?> \ No newline at end of file