From 00fda2f0dfdaa1129949f0fa116cfaeff23ab486 Mon Sep 17 00:00:00 2001
From: Mateja <mail@matejamaric.com>
Date: Mon, 28 Sep 2020 19:14:53 +0200
Subject: first commit

---
 admin.php         | 105 ++++++++++++++++++++++++++++++++++
 index.php         |  61 ++++++++++++++++++++
 logout.php        |   7 +++
 reservation.php   | 164 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 style.css         | 135 ++++++++++++++++++++++++++++++++++++++++++++
 test/edit.inc.php |   7 +++
 test/test.inc.php |   4 ++
 test/test.php     |  34 +++++++++++
 test/test2.php    |  56 +++++++++++++++++++
 9 files changed, 573 insertions(+)
 create mode 100644 admin.php
 create mode 100644 index.php
 create mode 100644 logout.php
 create mode 100644 reservation.php
 create mode 100644 style.css
 create mode 100644 test/edit.inc.php
 create mode 100644 test/test.inc.php
 create mode 100644 test/test.php
 create mode 100644 test/test2.php

diff --git a/admin.php b/admin.php
new file mode 100644
index 0000000..2bfdfde
--- /dev/null
+++ b/admin.php
@@ -0,0 +1,105 @@
+<?php
+session_start();
+
+# DB CONNECT
+try {
+  $user = "yota_user";
+  $password = "leex3EThieK0ieLaiVaicaifef5eecei";
+  $database = "yota_call_db";
+  $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
+  $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+} catch (PDOException $e) {
+  echo "<p>Error!: " . $e->getMessage() . "</p>";
+  die();
+}
+
+# SHOLUD SOMETHING BE APPROVED?
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['id']) ) {
+	$stmt = $conn->prepare("UPDATE activities SET approved = true WHERE id=:id");
+echo "lol:" . $_POST['id'];
+	$stmt->bindParam(':id', $_POST['id']);
+	$stmt->execute();
+}
+
+# IS LOGIN LEGITIMATE?
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['email']) && isset($_POST['password'])) {
+    try {
+	$stmt = $conn->prepare("SELECT * FROM admins WHERE email=:email");
+	$stmt->bindParam(':email', $_POST['email']);
+	$stmt->execute();
+	$row = $stmt->fetch();
+	if (password_verify($_POST['password'], $row['password'])){
+		$_SESSION['admin'] = true;
+	} else {
+		$_SESSION['admin'] = false;
+	}
+    } catch (PDOException $e) {
+        echo "<p>Error!: " . $e->getMessage() . "</p>";
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="utf-8"/>
+	<meta name="viewport" content="width=device-width initial-scale=1.0"/>
+	<link href="style.css" rel="stylesheet" type="text/css"/>
+	<title>Yota Callplan</title>
+</head>
+<body>
+<header><a href="http://yota.yu1srs.org.rs/">YOTA</a></header>
+<nav>
+  <a href="/index.php">Activity Plan</a>
+  <a href="/reservation.php">Make reservation</a>
+<?php
+  if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
+    echo '<a class="right" href="/logout.php">Logout</a>';
+  	echo '<a class="active right" href="admin.php">Administration</a>';
+	} else {
+    echo '<a class="active right" href="/admin.php">Login</a>';
+	}
+?>
+</nav>
+<main>
+<?php
+if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
+  try {
+    echo '<div style="overflow-x:auto;">';
+    echo "<table>\n";
+    echo "<tr>";
+    echo "<th>Ime</th>";
+    echo "<th>Prezime</th>";
+    echo "<th>Godine</th>";
+    echo "<th>Actions</th>";
+    echo "</tr>\n";
+    foreach($conn->query("SELECT * FROM activities WHERE approved = false") as $row) {
+      echo "<tr>";
+      echo "<td>" . $row['name'] . "</td>";
+      echo "<td>" . $row['surname'] . "</td>";
+      echo "<td>" . $row['age'] . "</td>";
+      echo '<td><form action="admin.php" method="post">';
+      echo '<input type="hidden" name="id" value="' . $row['id'] . '">';
+      echo '<input type="submit" class="abtn" value="Approve"/>';
+      echo '</form></td>';
+      echo "</tr>\n";
+    }
+    echo "</table>\n</div>\n";
+  } catch (PDOException $e) {
+    echo "<p>Error!: " . $e->getMessage() . "</p>";
+  }
+} else {
+	# Bad pass check...
+	if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == false) echo "<em>Bad credentials!</em>";
+	# Login form
+	echo '<form method="post">';
+	echo '<label for="email">Email:</label>';
+	echo '<input type="email" id="email" name="email">';
+	echo '<label for="password">Password:</label>';
+	echo '<input type="password" id="password" name="password">';
+	echo '<input type="submit" value="Login">';
+	echo '</form>';
+}
+?>
+</main>
+</body>
+</html>
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..47b4069
--- /dev/null
+++ b/index.php
@@ -0,0 +1,61 @@
+<?php
+session_start();
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width initial-scale=1.0"/>
+  <link href="style.css" rel="stylesheet" type="text/css"/>
+  <title>Yota Callplan</title>
+</head>
+<body>
+<header><a href="http://yota.yu1srs.org.rs/">YOTA</a></header>
+<nav>
+  <a class="active" href="index.php">Activity Plan</a>
+  <a href="reservation.php">Make reservation</a>
+<?php
+  if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
+    echo '<a class="right" href="/logout.php">Logout</a>';
+  	echo '<a class="right" href="admin.php">Administration</a>';
+  } else {
+    echo '<a class="right" href="/admin.php">Login</a>';
+  }
+?>
+</nav>
+<main>
+<?php
+  $user = "yota_user";
+  $password = "leex3EThieK0ieLaiVaicaifef5eecei";
+  $database = "yota_call_db";
+  $table = "activities";
+
+  try {
+    $db = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
+		$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+		echo '<div style="overflow-x:auto;">';
+    echo "<table>\n";
+    echo "<tr>";
+    echo "<th>Ime</th>";
+    echo "<th>Prezime</th>";
+    echo "<th>Godine</th>";
+    echo "</tr>\n";
+
+    foreach($db->query("SELECT * FROM $table where approved=true") as $row) {
+      echo "<tr>";
+      echo "<td>" . $row['name'] . "</td>";
+      echo "<td>" . $row['surname'] . "</td>";
+      echo "<td>" . $row['age'] . "</td>";
+      echo "</tr>\n";
+    }
+
+    echo "</table>\n</div>\n";
+  } catch (PDOException $e) {
+    echo "<p>Error!: " . $e->getMessage() . "</p>";
+    die();
+  }
+?>
+</main>
+</body>
+</html>
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..be295fd
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,7 @@
+<?php
+session_start();
+
+session_unset();
+session_destroy();
+header('Location: admin.php');
+?>
diff --git a/reservation.php b/reservation.php
new file mode 100644
index 0000000..84949c5
--- /dev/null
+++ b/reservation.php
@@ -0,0 +1,164 @@
+<?php
+session_start();
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width initial-scale=1.0"/>
+  <link href="style.css" rel="stylesheet" type="text/css"/>
+  <title>Yota Callplan</title>
+</head>
+<body>
+<header><a href="http://yota.yu1srs.org.rs/">YOTA</a></header>
+<nav>
+  <a href="index.php">Activity Plan</a>
+  <a class="active" href="reservation.php">Make reservation</a>
+<?php
+  if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
+    echo '<a class="right" href="/logout.php">Logout</a>';
+    echo '<a class="right" href="admin.php">Administration</a>';
+  } else {
+    echo '<a class="right" href="/admin.php">Login</a>';
+  }
+?>
+</nav>
+<main>
+<?php
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['fname']) && isset($_POST['lname']) && isset($_POST['age'])) {
+    $user = "yota_user";
+    $password = "leex3EThieK0ieLaiVaicaifef5eecei";
+    $database = "yota_call_db";
+    $table = "activities";
+    try {
+        $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
+	$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+	$stmt = $conn->prepare("INSERT INTO activities (name, surname, age) VALUES (:name, :surname, :age)");
+	$stmt->bindParam(':name', $_POST['fname']);
+	$stmt->bindParam(':surname', $_POST['lname']);
+	$stmt->bindParam(':age', $_POST['age']);
+	$stmt->execute();
+	echo "<p>Data inserted.</p>";
+    } catch (PDOException $e) {
+        echo "<p>Error!: " . $e->getMessage() . "</p>";
+    }
+}
+?>
+<form method="post">
+<label for="fname">First name:</label>
+<input type="text" id="fname" name="fname">
+<label for="lname">Last name:</label>
+<input type="text" id="lname" name="lname">
+<label for="age">Age:</label>
+<input type="number" id="age" name="age">
+<input type="submit" value="Submit">
+</form>
+
+<hr>
+<hr>
+<hr>
+
+<form method="post">
+<!-- SPECIAL CALL -->
+<label for="special-call">Special Call:</label>
+<select id="special-call" name="scall">
+  <option value="YT50SCWC">YT50SCWC</option>
+</select> 
+<!-- START TIME -->
+<label for="start-time">Start time:</label>
+<input type="datetime-local" id="start-time" name="stime">
+<!-- END TIME -->
+<label for="end-time">End time:</label>
+<input type="datetime-local" id="end-time" name="etime">
+<!-- BANDS -->
+<fieldset>
+  <legend>I will be active on bands:</legend>
+
+  <input type="checkbox" id="cb1" name="cb1" value="1.8 MHz">
+  <label for="cb1">1.8 MHz</label><br>
+
+  <input type="checkbox" id="cb2" name="cb2" value="3.5 MHz">
+  <label for="cb2">3.5 MHz</label><br>
+
+  <input type="checkbox" id="cb3" name="cb3" value="7 MHz">
+  <label for="cb3">7 MHz</label><br>
+
+  <input type="checkbox" id="cb4" name="cb4" value="10 MHz">
+  <label for="cb4">10 MHz</label><br>
+
+  <input type="checkbox" id="cb5" name="cb5" value="14 MHz">
+  <label for="cb5">14 MHz</label><br>
+
+  <input type="checkbox" id="cb6" name="cb6" value="18 MHz">
+  <label for="cb6">18 MHz</label><br>
+
+  <input type="checkbox" id="cb7" name="cb7" value="21 MHz">
+  <label for="cb7">21 MHz</label><br>
+
+  <input type="checkbox" id="cb8" name="cb8" value="24 MHz">
+  <label for="cb8">24 MHz</label><br>
+
+  <input type="checkbox" id="cb9" name="cb9" value="28 MHz">
+  <label for="cb9">28 MHz</label><br>
+
+  <input type="checkbox" id="cb10" name="cb10" value="50 MHz">
+  <label for="cb10">50 MHz</label><br>
+
+  <input type="checkbox" id="cb11" name="cb11" value="144 MHz">
+  <label for="cb11">144 MHz</label><br>
+
+  <input type="checkbox" id="cb12" name="cb12" value="432 MHz">
+  <label for="cb12">432 MHz</label><br>
+
+  <input type="checkbox" id="cb13" name="cb13" value="1.2 GHz">
+  <label for="cb13">1.2 GHz</label><br>
+
+  <input type="checkbox" id="cb14" name="cb14" value="2.3 GHz">
+  <label for="cb14">2.3 GHz</label><br>
+
+</fieldset>
+<!-- MODES -->
+<fieldset>
+  <legend>I will use modes:</legend>
+
+  <input type="checkbox" id="CW" name="CW" value="CW">
+  <label for="CW">CW</label><br>
+
+  <input type="checkbox" id="SSB" name="SSB" value="SSB">
+  <label for="SSB">SSB</label><br>
+
+  <input type="checkbox" id="FM" name="FM" value="FM">
+  <label for="FM">FM</label><br>
+
+  <input type="checkbox" id="RTTY" name="RTTY" value="RTTY">
+  <label for="RTTY">RTTY</label><br>
+
+  <input type="checkbox" id="MFSK" name="MFSK" value="MFSK">
+  <label for="MFSK">MFSK (JT65, FT8...)</label><br>
+
+  <input type="checkbox" id="IMAGING" name="IMAGING" value="IMAGING">
+  <label for="IMAGING">IMAGING (ATV, SSTV...)</label><br>
+
+  <input type="checkbox" id="OTHER DIGITAL" name="OTHER DIGITAL" value="OTHER DIGITAL">
+  <label for="OTHER DIGITAL">OTHER DIGITAL</label><br>
+
+</fieldset>
+<!-- OPERATOR CALL -->
+<label for="operator-call">Operator call sign:</label>
+<input type="text" id="operator-call" name="ocall">
+<!-- OPERATOR NAME -->
+<label for="operator-name">Operator name:</label>
+<input type="text" id="operator-name" name="oname">
+<!-- OPERATOR EMAIL -->
+<label for="operator-email">Operator email:</label>
+<input type="email" id="operator-email" name="email">
+<!-- OPERATOR PHONE -->
+<label for="operator-phone">Operator phone:</label>
+<input type="tel" id="operator-phone" name="phone">
+<!-- SUBMIT BUTTON -->
+<input type="submit" value="Submit reservation request">
+</form>
+
+</main>
+</body>
+</html>
diff --git a/style.css b/style.css
new file mode 100644
index 0000000..7fee13f
--- /dev/null
+++ b/style.css
@@ -0,0 +1,135 @@
+body {
+    margin: 0;
+    padding: 0;
+    font-family: monospace;
+}
+
+/* HEADER AND NAVBAR STYLING */
+header {
+    background-color:black;
+    padding: 1rem;
+}
+header a {
+    background-color:black;
+    text-decoration: none;
+    font-size: 3rem;
+    color: white;
+}
+header a:hover {
+    text-decoration: underline;
+}
+
+nav {
+    background-color:black;
+    overflow-x: hidden;
+}
+nav a {
+    color: white;
+    background-color:black;
+    font-size: 1rem;
+    text-decoration: none;
+    text-align: center;
+    padding: 1rem;
+    float: left;
+}
+nav a.right {
+    float: right;
+}
+nav a:hover {
+    text-decoration: underline;
+}
+.active {
+    font-weight: bold;
+}
+.right {
+    float: right;
+}
+
+/* MAIN STYLING */
+main {
+    margin: 1rem auto;
+    max-width: 750px;
+
+    line-height: 1.6rem;
+    font-size: 1rem;
+
+    color: #444;
+
+    padding: 0 10px;
+}
+h1,h2,h3 {
+    line-height: 1.2;
+}
+a {
+	  color: #0077AA;
+}
+
+/* TABEL STYLING */
+table {
+    margin: 2rem 0;
+    border-collapse: collapse;
+    width: 100%;
+}
+
+td, th {
+    border: 1px solid #ccc;
+    text-align: left;
+    padding: 8px;
+}
+
+tr:nth-child(even) {
+    background-color: #ddd;
+}
+
+/* FORM STYLING */
+input, select {
+  width: 100%;
+  padding: 12px 10px;
+  margin: 8px 0;
+  display: inline-block;
+  border: 1px solid #ccc;
+  box-sizing: border-box;
+  font-size: 1rem;
+}
+
+input[type=submit] {
+  width: 100%;
+  background-color: #ddd;
+  color: black;
+  border: #ccc 1px solid;
+  padding: 14px 20px;
+  margin: 8px 0;
+}
+
+input[type=submit] {
+  background-color: #ddd;
+}
+
+input[type=checkbox] {
+  padding: 0;
+  margin: 0;
+  width: auto;
+}
+
+input[type=submit]:hover {
+  background-color: #ccc;
+} 
+
+input[type=submit].abtn {
+  background-color: #afa;
+}
+input[type=submit].abtn:hover {
+  background-color: #8f8;
+} 
+
+@media only screen and (max-width: 750px) {
+header {
+  text-align: center;
+}
+  nav a {
+    width: 100%;
+    text-align: center;
+    margin: 0;
+    padding: 1rem 0;
+  }
+}
diff --git a/test/edit.inc.php b/test/edit.inc.php
new file mode 100644
index 0000000..cb0c23f
--- /dev/null
+++ b/test/edit.inc.php
@@ -0,0 +1,7 @@
+<?php
+/*
+if (isset($_POST['subvar'])) {
+  echo $_POST['subvar'];
+}
+*/
+echo $_POST['action'];
diff --git a/test/test.inc.php b/test/test.inc.php
new file mode 100644
index 0000000..853270c
--- /dev/null
+++ b/test/test.inc.php
@@ -0,0 +1,4 @@
+<?php
+if (isset($_POST['your-submit'])) {
+	# echo $_POST['your-submit'];
+}
diff --git a/test/test.php b/test/test.php
new file mode 100644
index 0000000..5bca6ac
--- /dev/null
+++ b/test/test.php
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width initial-scale=1.0"/>
+    <link href="../style.css" rel="stylesheet" type="text/css"/>
+    <title>Test</title>
+</head>
+<body>
+<main>
+<?php
+if($_SERVER["REQUEST_METHOD"] == "POST") {
+	$email = clear_input($_POST['name']);
+	if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+	  echo "You fucking bitch!<br>";
+	} else {
+	  echo "You oki: " . $email . "<br>";
+	}
+}
+function clear_input($data) {
+  $data = trim($data);
+  $data = stripslashes($data);
+  $data = htmlspecialchars($data);
+  return $data;
+}
+include 'test.inc.php';
+?>
+<form method="POST">
+<input type="text" name="name">
+<input type="submit" name="your-submit" value="Submit">
+</form>
+</main>
+</body>
+</html>
diff --git a/test/test2.php b/test/test2.php
new file mode 100644
index 0000000..8f2c697
--- /dev/null
+++ b/test/test2.php
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<title>Test table</title>
+<style>
+  table {
+    border-collapse: collapse;
+  }
+  th, td {
+    border: 1px solid black;
+    padding: 0.2rem;
+  }
+</style>
+
+<script>
+function subAction(action) {
+  var xhttp = new XMLHttpRequest();
+  /*
+  xhttp.onreadystatechange = function() {
+    if(this.readyState == 4 && this.status == 200) {
+      console.log(this.responseText);
+    }
+  }
+  */
+  xhttp.onload = function() {
+    console.log(this.responseText);
+  }
+  xhttp.open("POST", "edit.inc.php", true);
+  xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+  xhttp.send("action=" + action);
+}
+</script>
+
+</head>
+<body>
+<?php
+try {
+  $conn = new PDO("mysql:host=localhost;dbname=testdb", "testuser", "testpass");
+  echo "<table>\n";
+  echo "<tr><th>Name</th><th>Actions</th></tr>\n";
+  foreach ($conn->query("SELECT * FROM tbl1") as $row) {
+    echo "<tr><td contenteditable=\"true\">" . $row['name'] . "</td>";
+    echo "<td>";
+    echo "<button onclick=\"subAction('save')\">Save</button>";
+    echo "<button onclick=\"subAction('delete')\">Delete</button>";
+    echo "</td></tr>\n";
+  }
+  echo "</table>\n";
+}
+catch (PDOException $e) {
+  echo $e->getMessage();
+}
+?>
+</body>
+</html>
-- 
cgit v1.2.3