Check and debug your code now...

5 files changed, 135 insertions, 14 deletions

diff --git a/admin.php b/admin.php
index 888965c..cb2a5fd 100644
--- a/admin.php
+++ b/admin.php
@@ -24,7 +24,7 @@ session_start();
 ?>
 </nav>
 <main>
-<p id="alert"></p>
+<p id="notice"></p>
 <?php
 if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
   try {
diff --git a/edit.php b/edit.php
index 4ff5b5e..e9a5e30 100644
--- a/edit.php
+++ b/edit.php
@@ -1,6 +1,13 @@
 <?php
 session_start();
 
+function clear_input($data) {
+  $data = trim($data);
+  $data = stripslashes($data);
+  $data = htmlspecialchars($data);
+  return $data;
+}
+
 if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
 	try {
 		$user = "yota_admin";
@@ -9,7 +16,94 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSI
 		$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
 		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 	} catch (PDOException $e) {
-		echo "<p>Error!: " . $e->getMessage() . "</p>";
+		echo "Error: " . $e->getMessage();
+	}
+
+	try {
+		$recvData = json_decode(file_get_contents("php://input"));
+		$recvData.id = clear_input($recvData.id);
+		$recvData.approved = clear_input($recvData.approved);
+		$recvData.specialCall = clear_input($recvData.specialCall);
+		$recvData.fromTime = clear_input($recvData.fromTime);
+		$recvData.toTime = clear_input($recvData.toTime);
+		$recvData.frequencies = clear_input($recvData.frequencies);
+		$recvData.modes = clear_input($recvData.modes);
+		$recvData.operatorCall = clear_input($recvData.operatorCall);
+		$recvData.operatorName = clear_input($recvData.operatorName);
+		$recvData.operatorEmail = clear_input($recvData.operatorEmail);
+		$recvData.operatorPhone = clear_input($recvData.operatorPhone);
+		$recvData.qso = clear_input($recvData.qso);
+	} catch {
+		die("Can't decode JSON!");
 	}
 
+	try {
+		if ($recvData->action == "update") {
+			$sql = "UPDATE activities SET 
+				approved=:approved, 
+				specialCall=:specialCall, 
+				fromTime=:fromTime, 
+				toTime=:toTime, 
+				frequencies=:frequencies, 
+				modes=:modes, 
+				operatorCall=:operatorCall, 
+				operatorName=:operatorName, 
+				operatorEmail=:operatorEmail, 
+				operatorPhone=:operatorPhone, 
+				qso=:qso 
+				WHERE id=:id";
+
+      $stmt = $conn->prepare($sql);
+      $stmt->bindParam(':approved', 			$recvData.approved);
+      $stmt->bindParam(':specialCall', 		$recvData.specialCall);
+      $stmt->bindParam(':fromTime', 			$recvData.fromTime);
+      $stmt->bindParam(':toTime', 				$recvData.toTime);
+      $stmt->bindParam(':frequencies', 		$recvData.frequencies);
+      $stmt->bindParam(':modes', 					$recvData.modes);
+      $stmt->bindParam(':operatorCall', 	$recvData.operatorCall);
+      $stmt->bindParam(':operatorName', 	$recvData.operatorName);
+      $stmt->bindParam(':operatorEmail', 	$recvData.operatorEmail);
+      $stmt->bindParam(':operatorPhone', 	$recvData.operatorPhone);
+      $stmt->bindParam(':qso', 						$recvData.qso);
+      $stmt->execute();
+
+			echo json_encode($sendData);
+
+		} else if ($recvData->action == "restore") {
+
+			$stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id");
+			$stmt->bindParam(':id', $recvData.id);
+			$stmt->execute();
+			$row = $stmt->fetch();
+
+			$sendData->action=$recvData->action;
+			$sendData->id=$row.id;
+			$sendData->approved=$row.approved;
+			$sendData->specialCall=$row.specialCall;
+			$sendData->fromTime=$row.fromTime;
+			$sendData->toTime=$row.toTime;
+			$sendData->frequencies=$row.frequencies;
+			$sendData->modes=$row.modes;
+			$sendData->operatorCall=$row.operatorCall;
+			$sendData->operatorName=$row.operatorName;
+			$sendData->operatorEmail=$row.operatorEmail;
+			$sendData->operatorPhone=$row.operatorPhone;
+			$sendData->qso=$row.qso;
+
+			echo json_encode($sendData);
+
+		} else if ($recvData->action == "delete") {
+			$stmt = $conn->prepare("DELETE FROM activities WHERE id=:id");
+			$stmt->bindParam(':id', $recvData.id);
+			$stmt->execute();
+
+			$sendData->action=$data.action;
+			echo json_encode($sendData);
+		}
+	} catch ( Exception $e ) {
+		if ( $e instanceof PDOException )
+			echo "Error: " . $e->getMessage();
+		else
+			echo "Error in action handling!";
+	}
 }
diff --git a/request-edit.js b/request-edit.js
index 4d8a245..467a7d0 100644
--- a/request-edit.js
+++ b/request-edit.js
@@ -22,12 +22,37 @@ function btnAction(action, btn) {
     if (confirm("Are you sure you want to delete reservation #" + actionData.id + " made by " + actionData.operatorSign + "?"))
       trDom.remove();
 
-  //var xhr = new XMLHttpRequest();
-  //xhr.onreadystatechange = function () {
-  //if (this.readyState == 4 && status == 200) {
-
-  //}
-  //};
-  //xhr.open("POST", "edit.php", true);
-  //xhr.send(JSON.stringify(actionData));
+  var xhr = new XMLHttpRequest();
+  xhr.onreadystatechange = function () {
+    if (this.readyState == 4 && status == 200) {
+      try {
+        // JSON response to object
+        var response = JSON.parse(this.responseText);
+        // Handle various actions
+        if (response.action == "update") {
+          document.getElementById("notice").innerHTML = "Record #" + actionData.id + " updated.";
+        } else if (response.action == "restore") {
+          trData[1].firstElementChild.checked = response.approved;
+          trData[2].firstElementChild.innerHTML = response.operatorSign;
+          trData[3].firstElementChild.innerHTML = response.qso;
+          trData[4].firstElementChild.innerHTML = response.fromTime;
+          trData[5].firstElementChild.innerHTML = response.toTime;
+          trData[6].firstElementChild.innerHTML = response.freqs;
+          trData[7].firstElementChild.innerHTML = response.modes;
+          trData[8].firstElementChild.innerHTML = response.specialSign;
+          trData[9].firstElementChild.innerHTML = response.operatorName;
+          trData[10].firstElementChild.innerHTML = response.operatorEmail;
+          trData[11].firstElementChild.innerHTML = response.operatorPhone;
+          document.getElementById("notice").innerHTML = "Record's #" + actionData.id + " data restored.";
+        } else if (response.action == "delete") {
+          document.getElementById("notice").innerHTML = "Record #" + actionData.id + " deleted.";
+        }
+      } catch {
+        console.log(this.responseText);
+        document.getElementById("notice").innerHTML = "Bad input data!";
+      }
+    }
+  };
+  xhr.open("POST", "edit.php", true);
+  xhr.send(JSON.stringify(actionData));
 }
diff --git a/style.css b/style.css
index c4c5f2f..8d68726 100644
--- a/style.css
+++ b/style.css
@@ -98,10 +98,10 @@ td, th {
 }
 .edit {
     padding: 2px;
-    border-top: 1px solid #333;
-    border-left: 1px solid #333;
-    border-bottom: 1px solid #aaa;
-    border-right: 1px solid #aaa;
+    border-top: 1px solid #444;
+    border-left: 1px solid #444;
+    border-bottom: 1px solid #999;
+    border-right: 1px solid #999;
 }
 
 tr:nth-child(even) {
diff --git a/test/edit.inc.php b/test/edit.inc.php
index a08a48a..46d48b4 100644
--- a/test/edit.inc.php
+++ b/test/edit.inc.php
@@ -4,6 +4,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST["ac
   try {
     $conn = new PDO("mysql:host=localhost;dbname=testdb", "testuser", "testpass");
     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
     $stmt = $conn->prepare("UPDATE tbl1 SET `name`=:name, `from`=:from, `to`=:to WHERE id=:id");
     $stmt->bindParam(':id', $_POST["id"]);
     $stmt->bindParam(':name', $_POST["name"]);
@@ -23,6 +24,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST["ac
   try {
     $conn = new PDO("mysql:host=localhost;dbname=testdb", "testuser", "testpass");
     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
     $stmt = $conn->prepare("SELECT * FROM tbl1 WHERE id=:id");
     $stmt->bindParam(':id', $_POST["id"]);
 		$stmt->execute();