1 files changed, 95 insertions, 1 deletions

diff --git a/edit.php b/edit.php
index 4ff5b5e..e9a5e30 100644
--- a/edit.php
+++ b/edit.php
@@ -1,6 +1,13 @@
 <?php
 session_start();
 
+function clear_input($data) {
+  $data = trim($data);
+  $data = stripslashes($data);
+  $data = htmlspecialchars($data);
+  return $data;
+}
+
 if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
 	try {
 		$user = "yota_admin";
@@ -9,7 +16,94 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSI
 		$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
 		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 	} catch (PDOException $e) {
-		echo "<p>Error!: " . $e->getMessage() . "</p>";
+		echo "Error: " . $e->getMessage();
+	}
+
+	try {
+		$recvData = json_decode(file_get_contents("php://input"));
+		$recvData.id = clear_input($recvData.id);
+		$recvData.approved = clear_input($recvData.approved);
+		$recvData.specialCall = clear_input($recvData.specialCall);
+		$recvData.fromTime = clear_input($recvData.fromTime);
+		$recvData.toTime = clear_input($recvData.toTime);
+		$recvData.frequencies = clear_input($recvData.frequencies);
+		$recvData.modes = clear_input($recvData.modes);
+		$recvData.operatorCall = clear_input($recvData.operatorCall);
+		$recvData.operatorName = clear_input($recvData.operatorName);
+		$recvData.operatorEmail = clear_input($recvData.operatorEmail);
+		$recvData.operatorPhone = clear_input($recvData.operatorPhone);
+		$recvData.qso = clear_input($recvData.qso);
+	} catch {
+		die("Can't decode JSON!");
 	}
 
+	try {
+		if ($recvData->action == "update") {
+			$sql = "UPDATE activities SET 
+				approved=:approved, 
+				specialCall=:specialCall, 
+				fromTime=:fromTime, 
+				toTime=:toTime, 
+				frequencies=:frequencies, 
+				modes=:modes, 
+				operatorCall=:operatorCall, 
+				operatorName=:operatorName, 
+				operatorEmail=:operatorEmail, 
+				operatorPhone=:operatorPhone, 
+				qso=:qso 
+				WHERE id=:id";
+
+      $stmt = $conn->prepare($sql);
+      $stmt->bindParam(':approved', 			$recvData.approved);
+      $stmt->bindParam(':specialCall', 		$recvData.specialCall);
+      $stmt->bindParam(':fromTime', 			$recvData.fromTime);
+      $stmt->bindParam(':toTime', 				$recvData.toTime);
+      $stmt->bindParam(':frequencies', 		$recvData.frequencies);
+      $stmt->bindParam(':modes', 					$recvData.modes);
+      $stmt->bindParam(':operatorCall', 	$recvData.operatorCall);
+      $stmt->bindParam(':operatorName', 	$recvData.operatorName);
+      $stmt->bindParam(':operatorEmail', 	$recvData.operatorEmail);
+      $stmt->bindParam(':operatorPhone', 	$recvData.operatorPhone);
+      $stmt->bindParam(':qso', 						$recvData.qso);
+      $stmt->execute();
+
+			echo json_encode($sendData);
+
+		} else if ($recvData->action == "restore") {
+
+			$stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id");
+			$stmt->bindParam(':id', $recvData.id);
+			$stmt->execute();
+			$row = $stmt->fetch();
+
+			$sendData->action=$recvData->action;
+			$sendData->id=$row.id;
+			$sendData->approved=$row.approved;
+			$sendData->specialCall=$row.specialCall;
+			$sendData->fromTime=$row.fromTime;
+			$sendData->toTime=$row.toTime;
+			$sendData->frequencies=$row.frequencies;
+			$sendData->modes=$row.modes;
+			$sendData->operatorCall=$row.operatorCall;
+			$sendData->operatorName=$row.operatorName;
+			$sendData->operatorEmail=$row.operatorEmail;
+			$sendData->operatorPhone=$row.operatorPhone;
+			$sendData->qso=$row.qso;
+
+			echo json_encode($sendData);
+
+		} else if ($recvData->action == "delete") {
+			$stmt = $conn->prepare("DELETE FROM activities WHERE id=:id");
+			$stmt->bindParam(':id', $recvData.id);
+			$stmt->execute();
+
+			$sendData->action=$data.action;
+			echo json_encode($sendData);
+		}
+	} catch ( Exception $e ) {
+		if ( $e instanceof PDOException )
+			echo "Error: " . $e->getMessage();
+		else
+			echo "Error in action handling!";
+	}
 }