aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--admin.php2
-rw-r--r--edit.php96
-rw-r--r--request-edit.js41
-rw-r--r--style.css8
-rw-r--r--test/edit.inc.php2
5 files changed, 135 insertions, 14 deletions
diff --git a/admin.php b/admin.php
index 888965c..cb2a5fd 100644
--- a/admin.php
+++ b/admin.php
@@ -24,7 +24,7 @@ session_start();
?>
</nav>
<main>
-<p id="alert"></p>
+<p id="notice"></p>
<?php
if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
try {
diff --git a/edit.php b/edit.php
index 4ff5b5e..e9a5e30 100644
--- a/edit.php
+++ b/edit.php
@@ -1,6 +1,13 @@
<?php
session_start();
+function clear_input($data) {
+ $data = trim($data);
+ $data = stripslashes($data);
+ $data = htmlspecialchars($data);
+ return $data;
+}
+
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
try {
$user = "yota_admin";
@@ -9,7 +16,94 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSI
$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
- echo "<p>Error!: " . $e->getMessage() . "</p>";
+ echo "Error: " . $e->getMessage();
+ }
+
+ try {
+ $recvData = json_decode(file_get_contents("php://input"));
+ $recvData.id = clear_input($recvData.id);
+ $recvData.approved = clear_input($recvData.approved);
+ $recvData.specialCall = clear_input($recvData.specialCall);
+ $recvData.fromTime = clear_input($recvData.fromTime);
+ $recvData.toTime = clear_input($recvData.toTime);
+ $recvData.frequencies = clear_input($recvData.frequencies);
+ $recvData.modes = clear_input($recvData.modes);
+ $recvData.operatorCall = clear_input($recvData.operatorCall);
+ $recvData.operatorName = clear_input($recvData.operatorName);
+ $recvData.operatorEmail = clear_input($recvData.operatorEmail);
+ $recvData.operatorPhone = clear_input($recvData.operatorPhone);
+ $recvData.qso = clear_input($recvData.qso);
+ } catch {
+ die("Can't decode JSON!");
}
+ try {
+ if ($recvData->action == "update") {
+ $sql = "UPDATE activities SET
+ approved=:approved,
+ specialCall=:specialCall,
+ fromTime=:fromTime,
+ toTime=:toTime,
+ frequencies=:frequencies,
+ modes=:modes,
+ operatorCall=:operatorCall,
+ operatorName=:operatorName,
+ operatorEmail=:operatorEmail,
+ operatorPhone=:operatorPhone,
+ qso=:qso
+ WHERE id=:id";
+
+ $stmt = $conn->prepare($sql);
+ $stmt->bindParam(':approved', $recvData.approved);
+ $stmt->bindParam(':specialCall', $recvData.specialCall);
+ $stmt->bindParam(':fromTime', $recvData.fromTime);
+ $stmt->bindParam(':toTime', $recvData.toTime);
+ $stmt->bindParam(':frequencies', $recvData.frequencies);
+ $stmt->bindParam(':modes', $recvData.modes);
+ $stmt->bindParam(':operatorCall', $recvData.operatorCall);
+ $stmt->bindParam(':operatorName', $recvData.operatorName);
+ $stmt->bindParam(':operatorEmail', $recvData.operatorEmail);
+ $stmt->bindParam(':operatorPhone', $recvData.operatorPhone);
+ $stmt->bindParam(':qso', $recvData.qso);
+ $stmt->execute();
+
+ echo json_encode($sendData);
+
+ } else if ($recvData->action == "restore") {
+
+ $stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id");
+ $stmt->bindParam(':id', $recvData.id);
+ $stmt->execute();
+ $row = $stmt->fetch();
+
+ $sendData->action=$recvData->action;
+ $sendData->id=$row.id;
+ $sendData->approved=$row.approved;
+ $sendData->specialCall=$row.specialCall;
+ $sendData->fromTime=$row.fromTime;
+ $sendData->toTime=$row.toTime;
+ $sendData->frequencies=$row.frequencies;
+ $sendData->modes=$row.modes;
+ $sendData->operatorCall=$row.operatorCall;
+ $sendData->operatorName=$row.operatorName;
+ $sendData->operatorEmail=$row.operatorEmail;
+ $sendData->operatorPhone=$row.operatorPhone;
+ $sendData->qso=$row.qso;
+
+ echo json_encode($sendData);
+
+ } else if ($recvData->action == "delete") {
+ $stmt = $conn->prepare("DELETE FROM activities WHERE id=:id");
+ $stmt->bindParam(':id', $recvData.id);
+ $stmt->execute();
+
+ $sendData->action=$data.action;
+ echo json_encode($sendData);
+ }
+ } catch ( Exception $e ) {
+ if ( $e instanceof PDOException )
+ echo "Error: " . $e->getMessage();
+ else
+ echo "Error in action handling!";
+ }
}
diff --git a/request-edit.js b/request-edit.js
index 4d8a245..467a7d0 100644
--- a/request-edit.js
+++ b/request-edit.js
@@ -22,12 +22,37 @@ function btnAction(action, btn) {
if (confirm("Are you sure you want to delete reservation #" + actionData.id + " made by " + actionData.operatorSign + "?"))
trDom.remove();
- //var xhr = new XMLHttpRequest();
- //xhr.onreadystatechange = function () {
- //if (this.readyState == 4 && status == 200) {
-
- //}
- //};
- //xhr.open("POST", "edit.php", true);
- //xhr.send(JSON.stringify(actionData));
+ var xhr = new XMLHttpRequest();
+ xhr.onreadystatechange = function () {
+ if (this.readyState == 4 && status == 200) {
+ try {
+ // JSON response to object
+ var response = JSON.parse(this.responseText);
+ // Handle various actions
+ if (response.action == "update") {
+ document.getElementById("notice").innerHTML = "Record #" + actionData.id + " updated.";
+ } else if (response.action == "restore") {
+ trData[1].firstElementChild.checked = response.approved;
+ trData[2].firstElementChild.innerHTML = response.operatorSign;
+ trData[3].firstElementChild.innerHTML = response.qso;
+ trData[4].firstElementChild.innerHTML = response.fromTime;
+ trData[5].firstElementChild.innerHTML = response.toTime;
+ trData[6].firstElementChild.innerHTML = response.freqs;
+ trData[7].firstElementChild.innerHTML = response.modes;
+ trData[8].firstElementChild.innerHTML = response.specialSign;
+ trData[9].firstElementChild.innerHTML = response.operatorName;
+ trData[10].firstElementChild.innerHTML = response.operatorEmail;
+ trData[11].firstElementChild.innerHTML = response.operatorPhone;
+ document.getElementById("notice").innerHTML = "Record's #" + actionData.id + " data restored.";
+ } else if (response.action == "delete") {
+ document.getElementById("notice").innerHTML = "Record #" + actionData.id + " deleted.";
+ }
+ } catch {
+ console.log(this.responseText);
+ document.getElementById("notice").innerHTML = "Bad input data!";
+ }
+ }
+ };
+ xhr.open("POST", "edit.php", true);
+ xhr.send(JSON.stringify(actionData));
}
diff --git a/style.css b/style.css
index c4c5f2f..8d68726 100644
--- a/style.css
+++ b/style.css
@@ -98,10 +98,10 @@ td, th {
}
.edit {
padding: 2px;
- border-top: 1px solid #333;
- border-left: 1px solid #333;
- border-bottom: 1px solid #aaa;
- border-right: 1px solid #aaa;
+ border-top: 1px solid #444;
+ border-left: 1px solid #444;
+ border-bottom: 1px solid #999;
+ border-right: 1px solid #999;
}
tr:nth-child(even) {
diff --git a/test/edit.inc.php b/test/edit.inc.php
index a08a48a..46d48b4 100644
--- a/test/edit.inc.php
+++ b/test/edit.inc.php
@@ -4,6 +4,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST["ac
try {
$conn = new PDO("mysql:host=localhost;dbname=testdb", "testuser", "testpass");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
$stmt = $conn->prepare("UPDATE tbl1 SET `name`=:name, `from`=:from, `to`=:to WHERE id=:id");
$stmt->bindParam(':id', $_POST["id"]);
$stmt->bindParam(':name', $_POST["name"]);
@@ -23,6 +24,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST["ac
try {
$conn = new PDO("mysql:host=localhost;dbname=testdb", "testuser", "testpass");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
$stmt = $conn->prepare("SELECT * FROM tbl1 WHERE id=:id");
$stmt->bindParam(':id', $_POST["id"]);
$stmt->execute();