aboutsummaryrefslogblamecommitdiff
path: root/edit.php
blob: e9a5e3020615210f02524bfe50f43537ae7c6f70 (plain) (tree)
1
2
3
4
5
6
7
8
9
10


                






                                  
                                                                                                      






                                                                                           


















                                                                               

         




































































                                                                                         
 
<?php
session_start();

function clear_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
	try {
		$user = "yota_admin";
		$password = "quaequaquagh6ahwoh6Chahx1EiFooGh";
		$database = "yota_call_db";
		$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	} catch (PDOException $e) {
		echo "Error: " . $e->getMessage();
	}

	try {
		$recvData = json_decode(file_get_contents("php://input"));
		$recvData.id = clear_input($recvData.id);
		$recvData.approved = clear_input($recvData.approved);
		$recvData.specialCall = clear_input($recvData.specialCall);
		$recvData.fromTime = clear_input($recvData.fromTime);
		$recvData.toTime = clear_input($recvData.toTime);
		$recvData.frequencies = clear_input($recvData.frequencies);
		$recvData.modes = clear_input($recvData.modes);
		$recvData.operatorCall = clear_input($recvData.operatorCall);
		$recvData.operatorName = clear_input($recvData.operatorName);
		$recvData.operatorEmail = clear_input($recvData.operatorEmail);
		$recvData.operatorPhone = clear_input($recvData.operatorPhone);
		$recvData.qso = clear_input($recvData.qso);
	} catch {
		die("Can't decode JSON!");
	}

	try {
		if ($recvData->action == "update") {
			$sql = "UPDATE activities SET 
				approved=:approved, 
				specialCall=:specialCall, 
				fromTime=:fromTime, 
				toTime=:toTime, 
				frequencies=:frequencies, 
				modes=:modes, 
				operatorCall=:operatorCall, 
				operatorName=:operatorName, 
				operatorEmail=:operatorEmail, 
				operatorPhone=:operatorPhone, 
				qso=:qso 
				WHERE id=:id";

      $stmt = $conn->prepare($sql);
      $stmt->bindParam(':approved', 			$recvData.approved);
      $stmt->bindParam(':specialCall', 		$recvData.specialCall);
      $stmt->bindParam(':fromTime', 			$recvData.fromTime);
      $stmt->bindParam(':toTime', 				$recvData.toTime);
      $stmt->bindParam(':frequencies', 		$recvData.frequencies);
      $stmt->bindParam(':modes', 					$recvData.modes);
      $stmt->bindParam(':operatorCall', 	$recvData.operatorCall);
      $stmt->bindParam(':operatorName', 	$recvData.operatorName);
      $stmt->bindParam(':operatorEmail', 	$recvData.operatorEmail);
      $stmt->bindParam(':operatorPhone', 	$recvData.operatorPhone);
      $stmt->bindParam(':qso', 						$recvData.qso);
      $stmt->execute();

			echo json_encode($sendData);

		} else if ($recvData->action == "restore") {

			$stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id");
			$stmt->bindParam(':id', $recvData.id);
			$stmt->execute();
			$row = $stmt->fetch();

			$sendData->action=$recvData->action;
			$sendData->id=$row.id;
			$sendData->approved=$row.approved;
			$sendData->specialCall=$row.specialCall;
			$sendData->fromTime=$row.fromTime;
			$sendData->toTime=$row.toTime;
			$sendData->frequencies=$row.frequencies;
			$sendData->modes=$row.modes;
			$sendData->operatorCall=$row.operatorCall;
			$sendData->operatorName=$row.operatorName;
			$sendData->operatorEmail=$row.operatorEmail;
			$sendData->operatorPhone=$row.operatorPhone;
			$sendData->qso=$row.qso;

			echo json_encode($sendData);

		} else if ($recvData->action == "delete") {
			$stmt = $conn->prepare("DELETE FROM activities WHERE id=:id");
			$stmt->bindParam(':id', $recvData.id);
			$stmt->execute();

			$sendData->action=$data.action;
			echo json_encode($sendData);
		}
	} catch ( Exception $e ) {
		if ( $e instanceof PDOException )
			echo "Error: " . $e->getMessage();
		else
			echo "Error in action handling!";
	}
}