aboutsummaryrefslogtreecommitdiff
path: root/edit.php
diff options
context:
space:
mode:
authorMateja <mail@matejamaric.com>2020-10-04 04:19:03 +0200
committerMateja <mail@matejamaric.com>2020-10-04 04:19:03 +0200
commit06d63e029d941a7993abbfb764237a55715c64da (patch)
tree12fb5891158894c3f94004431efcfc6fba5e66cc /edit.php
parent9bcdc348dc9e93440e1cb5067548241259750cef (diff)
downloadold-php-yota-06d63e029d941a7993abbfb764237a55715c64da.tar.gz
old-php-yota-06d63e029d941a7993abbfb764237a55715c64da.zip
Check and debug your code now...
Diffstat (limited to 'edit.php')
-rw-r--r--edit.php96
1 files changed, 95 insertions, 1 deletions
diff --git a/edit.php b/edit.php
index 4ff5b5e..e9a5e30 100644
--- a/edit.php
+++ b/edit.php
@@ -1,6 +1,13 @@
<?php
session_start();
+function clear_input($data) {
+ $data = trim($data);
+ $data = stripslashes($data);
+ $data = htmlspecialchars($data);
+ return $data;
+}
+
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
try {
$user = "yota_admin";
@@ -9,7 +16,94 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSI
$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
- echo "<p>Error!: " . $e->getMessage() . "</p>";
+ echo "Error: " . $e->getMessage();
+ }
+
+ try {
+ $recvData = json_decode(file_get_contents("php://input"));
+ $recvData.id = clear_input($recvData.id);
+ $recvData.approved = clear_input($recvData.approved);
+ $recvData.specialCall = clear_input($recvData.specialCall);
+ $recvData.fromTime = clear_input($recvData.fromTime);
+ $recvData.toTime = clear_input($recvData.toTime);
+ $recvData.frequencies = clear_input($recvData.frequencies);
+ $recvData.modes = clear_input($recvData.modes);
+ $recvData.operatorCall = clear_input($recvData.operatorCall);
+ $recvData.operatorName = clear_input($recvData.operatorName);
+ $recvData.operatorEmail = clear_input($recvData.operatorEmail);
+ $recvData.operatorPhone = clear_input($recvData.operatorPhone);
+ $recvData.qso = clear_input($recvData.qso);
+ } catch {
+ die("Can't decode JSON!");
}
+ try {
+ if ($recvData->action == "update") {
+ $sql = "UPDATE activities SET
+ approved=:approved,
+ specialCall=:specialCall,
+ fromTime=:fromTime,
+ toTime=:toTime,
+ frequencies=:frequencies,
+ modes=:modes,
+ operatorCall=:operatorCall,
+ operatorName=:operatorName,
+ operatorEmail=:operatorEmail,
+ operatorPhone=:operatorPhone,
+ qso=:qso
+ WHERE id=:id";
+
+ $stmt = $conn->prepare($sql);
+ $stmt->bindParam(':approved', $recvData.approved);
+ $stmt->bindParam(':specialCall', $recvData.specialCall);
+ $stmt->bindParam(':fromTime', $recvData.fromTime);
+ $stmt->bindParam(':toTime', $recvData.toTime);
+ $stmt->bindParam(':frequencies', $recvData.frequencies);
+ $stmt->bindParam(':modes', $recvData.modes);
+ $stmt->bindParam(':operatorCall', $recvData.operatorCall);
+ $stmt->bindParam(':operatorName', $recvData.operatorName);
+ $stmt->bindParam(':operatorEmail', $recvData.operatorEmail);
+ $stmt->bindParam(':operatorPhone', $recvData.operatorPhone);
+ $stmt->bindParam(':qso', $recvData.qso);
+ $stmt->execute();
+
+ echo json_encode($sendData);
+
+ } else if ($recvData->action == "restore") {
+
+ $stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id");
+ $stmt->bindParam(':id', $recvData.id);
+ $stmt->execute();
+ $row = $stmt->fetch();
+
+ $sendData->action=$recvData->action;
+ $sendData->id=$row.id;
+ $sendData->approved=$row.approved;
+ $sendData->specialCall=$row.specialCall;
+ $sendData->fromTime=$row.fromTime;
+ $sendData->toTime=$row.toTime;
+ $sendData->frequencies=$row.frequencies;
+ $sendData->modes=$row.modes;
+ $sendData->operatorCall=$row.operatorCall;
+ $sendData->operatorName=$row.operatorName;
+ $sendData->operatorEmail=$row.operatorEmail;
+ $sendData->operatorPhone=$row.operatorPhone;
+ $sendData->qso=$row.qso;
+
+ echo json_encode($sendData);
+
+ } else if ($recvData->action == "delete") {
+ $stmt = $conn->prepare("DELETE FROM activities WHERE id=:id");
+ $stmt->bindParam(':id', $recvData.id);
+ $stmt->execute();
+
+ $sendData->action=$data.action;
+ echo json_encode($sendData);
+ }
+ } catch ( Exception $e ) {
+ if ( $e instanceof PDOException )
+ echo "Error: " . $e->getMessage();
+ else
+ echo "Error in action handling!";
+ }
}