diff options
-rw-r--r-- | admin.php | 2 | ||||
-rw-r--r-- | edit.php | 96 | ||||
-rw-r--r-- | request-edit.js | 41 | ||||
-rw-r--r-- | style.css | 8 | ||||
-rw-r--r-- | test/edit.inc.php | 2 |
5 files changed, 135 insertions, 14 deletions
@@ -24,7 +24,7 @@ session_start(); ?> </nav> <main> -<p id="alert"></p> +<p id="notice"></p> <?php if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) { try { @@ -1,6 +1,13 @@ <?php session_start(); +function clear_input($data) { + $data = trim($data); + $data = stripslashes($data); + $data = htmlspecialchars($data); + return $data; +} + if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) { try { $user = "yota_admin"; @@ -9,7 +16,94 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSI $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { - echo "<p>Error!: " . $e->getMessage() . "</p>"; + echo "Error: " . $e->getMessage(); + } + + try { + $recvData = json_decode(file_get_contents("php://input")); + $recvData.id = clear_input($recvData.id); + $recvData.approved = clear_input($recvData.approved); + $recvData.specialCall = clear_input($recvData.specialCall); + $recvData.fromTime = clear_input($recvData.fromTime); + $recvData.toTime = clear_input($recvData.toTime); + $recvData.frequencies = clear_input($recvData.frequencies); + $recvData.modes = clear_input($recvData.modes); + $recvData.operatorCall = clear_input($recvData.operatorCall); + $recvData.operatorName = clear_input($recvData.operatorName); + $recvData.operatorEmail = clear_input($recvData.operatorEmail); + $recvData.operatorPhone = clear_input($recvData.operatorPhone); + $recvData.qso = clear_input($recvData.qso); + } catch { + die("Can't decode JSON!"); } + try { + if ($recvData->action == "update") { + $sql = "UPDATE activities SET + approved=:approved, + specialCall=:specialCall, + fromTime=:fromTime, + toTime=:toTime, + frequencies=:frequencies, + modes=:modes, + operatorCall=:operatorCall, + operatorName=:operatorName, + operatorEmail=:operatorEmail, + operatorPhone=:operatorPhone, + qso=:qso + WHERE id=:id"; + + $stmt = $conn->prepare($sql); + $stmt->bindParam(':approved', $recvData.approved); + $stmt->bindParam(':specialCall', $recvData.specialCall); + $stmt->bindParam(':fromTime', $recvData.fromTime); + $stmt->bindParam(':toTime', $recvData.toTime); + $stmt->bindParam(':frequencies', $recvData.frequencies); + $stmt->bindParam(':modes', $recvData.modes); + $stmt->bindParam(':operatorCall', $recvData.operatorCall); + $stmt->bindParam(':operatorName', $recvData.operatorName); + $stmt->bindParam(':operatorEmail', $recvData.operatorEmail); + $stmt->bindParam(':operatorPhone', $recvData.operatorPhone); + $stmt->bindParam(':qso', $recvData.qso); + $stmt->execute(); + + echo json_encode($sendData); + + } else if ($recvData->action == "restore") { + + $stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id"); + $stmt->bindParam(':id', $recvData.id); + $stmt->execute(); + $row = $stmt->fetch(); + + $sendData->action=$recvData->action; + $sendData->id=$row.id; + $sendData->approved=$row.approved; + $sendData->specialCall=$row.specialCall; + $sendData->fromTime=$row.fromTime; + $sendData->toTime=$row.toTime; + $sendData->frequencies=$row.frequencies; + $sendData->modes=$row.modes; + $sendData->operatorCall=$row.operatorCall; + $sendData->operatorName=$row.operatorName; + $sendData->operatorEmail=$row.operatorEmail; + $sendData->operatorPhone=$row.operatorPhone; + $sendData->qso=$row.qso; + + echo json_encode($sendData); + + } else if ($recvData->action == "delete") { + $stmt = $conn->prepare("DELETE FROM activities WHERE id=:id"); + $stmt->bindParam(':id', $recvData.id); + $stmt->execute(); + + $sendData->action=$data.action; + echo json_encode($sendData); + } + } catch ( Exception $e ) { + if ( $e instanceof PDOException ) + echo "Error: " . $e->getMessage(); + else + echo "Error in action handling!"; + } } diff --git a/request-edit.js b/request-edit.js index 4d8a245..467a7d0 100644 --- a/request-edit.js +++ b/request-edit.js @@ -22,12 +22,37 @@ function btnAction(action, btn) { if (confirm("Are you sure you want to delete reservation #" + actionData.id + " made by " + actionData.operatorSign + "?")) trDom.remove(); - //var xhr = new XMLHttpRequest(); - //xhr.onreadystatechange = function () { - //if (this.readyState == 4 && status == 200) { - - //} - //}; - //xhr.open("POST", "edit.php", true); - //xhr.send(JSON.stringify(actionData)); + var xhr = new XMLHttpRequest(); + xhr.onreadystatechange = function () { + if (this.readyState == 4 && status == 200) { + try { + // JSON response to object + var response = JSON.parse(this.responseText); + // Handle various actions + if (response.action == "update") { + document.getElementById("notice").innerHTML = "Record #" + actionData.id + " updated."; + } else if (response.action == "restore") { + trData[1].firstElementChild.checked = response.approved; + trData[2].firstElementChild.innerHTML = response.operatorSign; + trData[3].firstElementChild.innerHTML = response.qso; + trData[4].firstElementChild.innerHTML = response.fromTime; + trData[5].firstElementChild.innerHTML = response.toTime; + trData[6].firstElementChild.innerHTML = response.freqs; + trData[7].firstElementChild.innerHTML = response.modes; + trData[8].firstElementChild.innerHTML = response.specialSign; + trData[9].firstElementChild.innerHTML = response.operatorName; + trData[10].firstElementChild.innerHTML = response.operatorEmail; + trData[11].firstElementChild.innerHTML = response.operatorPhone; + document.getElementById("notice").innerHTML = "Record's #" + actionData.id + " data restored."; + } else if (response.action == "delete") { + document.getElementById("notice").innerHTML = "Record #" + actionData.id + " deleted."; + } + } catch { + console.log(this.responseText); + document.getElementById("notice").innerHTML = "Bad input data!"; + } + } + }; + xhr.open("POST", "edit.php", true); + xhr.send(JSON.stringify(actionData)); } @@ -98,10 +98,10 @@ td, th { } .edit { padding: 2px; - border-top: 1px solid #333; - border-left: 1px solid #333; - border-bottom: 1px solid #aaa; - border-right: 1px solid #aaa; + border-top: 1px solid #444; + border-left: 1px solid #444; + border-bottom: 1px solid #999; + border-right: 1px solid #999; } tr:nth-child(even) { diff --git a/test/edit.inc.php b/test/edit.inc.php index a08a48a..46d48b4 100644 --- a/test/edit.inc.php +++ b/test/edit.inc.php @@ -4,6 +4,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST["ac try { $conn = new PDO("mysql:host=localhost;dbname=testdb", "testuser", "testpass"); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $stmt = $conn->prepare("UPDATE tbl1 SET `name`=:name, `from`=:from, `to`=:to WHERE id=:id"); $stmt->bindParam(':id', $_POST["id"]); $stmt->bindParam(':name', $_POST["name"]); @@ -23,6 +24,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST["ac try { $conn = new PDO("mysql:host=localhost;dbname=testdb", "testuser", "testpass"); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $stmt = $conn->prepare("SELECT * FROM tbl1 WHERE id=:id"); $stmt->bindParam(':id', $_POST["id"]); $stmt->execute(); |