<?php
session_start();
function clear_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
try {
$user = "yota_admin";
$password = "quaequaquagh6ahwoh6Chahx1EiFooGh";
$database = "yota_call_db";
$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
try {
$recvData = json_decode(file_get_contents("php://input"));
$recvData.id = clear_input($recvData.id);
$recvData.approved = clear_input($recvData.approved);
$recvData.specialCall = clear_input($recvData.specialCall);
$recvData.fromTime = clear_input($recvData.fromTime);
$recvData.toTime = clear_input($recvData.toTime);
$recvData.frequencies = clear_input($recvData.frequencies);
$recvData.modes = clear_input($recvData.modes);
$recvData.operatorCall = clear_input($recvData.operatorCall);
$recvData.operatorName = clear_input($recvData.operatorName);
$recvData.operatorEmail = clear_input($recvData.operatorEmail);
$recvData.operatorPhone = clear_input($recvData.operatorPhone);
$recvData.qso = clear_input($recvData.qso);
} catch {
die("Can't decode JSON!");
}
try {
if ($recvData->action == "update") {
$sql = "UPDATE activities SET
approved=:approved,
specialCall=:specialCall,
fromTime=:fromTime,
toTime=:toTime,
frequencies=:frequencies,
modes=:modes,
operatorCall=:operatorCall,
operatorName=:operatorName,
operatorEmail=:operatorEmail,
operatorPhone=:operatorPhone,
qso=:qso
WHERE id=:id";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':approved', $recvData.approved);
$stmt->bindParam(':specialCall', $recvData.specialCall);
$stmt->bindParam(':fromTime', $recvData.fromTime);
$stmt->bindParam(':toTime', $recvData.toTime);
$stmt->bindParam(':frequencies', $recvData.frequencies);
$stmt->bindParam(':modes', $recvData.modes);
$stmt->bindParam(':operatorCall', $recvData.operatorCall);
$stmt->bindParam(':operatorName', $recvData.operatorName);
$stmt->bindParam(':operatorEmail', $recvData.operatorEmail);
$stmt->bindParam(':operatorPhone', $recvData.operatorPhone);
$stmt->bindParam(':qso', $recvData.qso);
$stmt->execute();
$sendData->action=$recvData.action;
echo json_encode($sendData);
} else if ($recvData->action == "restore") {
$stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id");
$stmt->bindParam(':id', $recvData.id);
$stmt->execute();
$row = $stmt->fetch();
$sendData->action=$recvData->action;
$sendData->id=$row.id;
$sendData->approved=$row.approved;
$sendData->specialCall=$row.specialCall;
$sendData->fromTime=$row.fromTime;
$sendData->toTime=$row.toTime;
$sendData->frequencies=$row.frequencies;
$sendData->modes=$row.modes;
$sendData->operatorCall=$row.operatorCall;
$sendData->operatorName=$row.operatorName;
$sendData->operatorEmail=$row.operatorEmail;
$sendData->operatorPhone=$row.operatorPhone;
$sendData->qso=$row.qso;
echo json_encode($sendData);
} else if ($recvData->action == "delete") {
$stmt = $conn->prepare("DELETE FROM activities WHERE id=:id");
$stmt->bindParam(':id', $recvData.id);
$stmt->execute();
$sendData->action=$recvData.action;
echo json_encode($sendData);
}
} catch ( Exception $e ) {
if ( $e instanceof PDOException )
echo "Error: " . $e->getMessage();
else
echo "Error in action handling!";
}
}
