From a3094caeb564821870870d57efb4a4fc3fd659e7 Mon Sep 17 00:00:00 2001
From: Mateja <mail@matejamaric.com>
Date: Sun, 4 Oct 2020 00:16:49 +0200
Subject: A whole lot of shaking going on...

---
 admin.php              | 105 ++++++++++++++++++++++++++++---------------------
 edit.php               |   2 +-
 handle-reservation.php |   8 ++--
 login.php              |  32 +++++++++++++++
 request-edit.js        |  33 ++++++++++++++++
 reservation.php        |   7 +++-
 style.css              |  29 +++++++++++++-
 test/notes.sql         |   6 +--
 8 files changed, 168 insertions(+), 54 deletions(-)
 create mode 100644 login.php
 create mode 100644 request-edit.js
diff --git a/admin.php b/admin.php
index 39f268c..32f6b03 100644
--- a/admin.php
+++ b/admin.php
@@ -1,33 +1,5 @@
 <?php
 session_start();
-
-# IS LOGIN LEGITIMATE?
-if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['email']) && isset($_POST['password'])) {
-	# DB CONNECT
-	try {
-		$user = "yota_user";
-		$password = "gahdeer6shai9hogai2sai4quuaj1eVu";
-		$database = "yota_call_db";
-
-		$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
-		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-
-		$stmt = $conn->prepare("SELECT * FROM admins WHERE email=:email");
-		$stmt->bindParam(':email', $_POST['email']);
-		$stmt->execute();
-		$row = $stmt->fetch();
-
-		if (password_verify($_POST['password'], $row['password'])){
-			$_SESSION['admin'] = true;
-		} else {
-			$_SESSION['admin'] = false;
-		}
-	} catch (PDOException $e) {
-			echo "<p>Error!: " . $e->getMessage() . "</p>";
-	}
-	$stmt=null;
-	$conn=null;
-}
 ?>
 <!DOCTYPE html>
 <html lang="en">
@@ -52,35 +24,79 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['email']) && isset($_PO
 ?>
 </nav>
 <main>
+<p id="alert"></p>
 <?php
 if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
   try {
+		$user = "yota_admin";
+		$password = "quaequaquagh6ahwoh6Chahx1EiFooGh";
+		$database = "yota_call_db";
+		$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
+		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
     echo '<div style="overflow-x:auto;">';
-    echo "<table>\n";
+    echo "<table><thead>\n";
     echo "<tr>";
-    echo "<th>Ime</th>";
-    echo "<th>Prezime</th>";
-    echo "<th>Godine</th>";
+    echo "<th>ID</th>";
+    echo "<th>Approved</th>";
+    echo "<th>Operator Sign</th>";
+    echo "<th>QSO</th>";
+    echo "<th>From</th>";
+    echo "<th>To</th>";
+    echo "<th>Frequencies</th>";
+    echo "<th>Modes</th>";
+    echo "<th>Special sign</th>";
+    echo "<th>Operator Name</th>";
+    echo "<th>Operator Email</th>";
+    echo "<th>Operator Phone</th>";
     echo "<th>Actions</th>";
-    echo "</tr>\n";
-    foreach($conn->query("SELECT * FROM activities WHERE approved = false") as $row) {
+    echo "</tr></thead><tbody>\n";
+
+    foreach($conn->query("SELECT * FROM activities ORDER BY `id` DESC") as $row) {
       echo "<tr>";
-      echo "<td>" . $row['name'] . "</td>";
-      echo "<td>" . $row['surname'] . "</td>";
-      echo "<td>" . $row['age'] . "</td>";
-      echo '<td><form action="admin.php" method="post">';
-      echo '<input type="hidden" name="id" value="' . $row['id'] . '">';
-      echo '<input type="submit" class="abtn" value="Approve"/>';
-      echo '</form></td>';
-      echo "</tr>\n";
+      echo "<td>" . $row['id'] . "</td>";
+
+			if ($row['approved'])
+				echo "<td><input type=\"checkbox\" checked></td>";
+			else
+				echo "<td class=\"center\"><input type=\"checkbox\"></td>";
+
+      //echo "<td contenteditable=\"true\">" . $row['operatorCall'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['fromTime'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['toTime'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['frequencies'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['modes'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['specialCall'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['operatorName'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['operatorEmail'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['operatorPhone'] . "</td>";
+      //echo "<td contenteditable=\"true\">" . $row['qso'] . "</td>";
+
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['operatorCall'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['qso'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['fromTime'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['toTime'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['frequencies'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['modes'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['specialCall'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['operatorName'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['operatorEmail'] . "</div></td>";
+      echo "<td><div class=\"edit\" contenteditable=\"true\">" . $row['operatorPhone'] . "</div></td>";
+
+			echo "<td>";
+			echo "<button onclick=\"btnAction('update', this)\">Update</button>";
+			echo "<button onclick=\"btnAction('restore', this)\">Restore</button>";
+			echo "<button onclick=\"btnAction('delete', this)\">Delete</button>";
+			echo "</td></tr>\n";
     }
-    echo "</table>\n</div>\n";
+    echo "</tbody></table>\n</div>\n";
   } catch (PDOException $e) {
     echo "<p>Error!: " . $e->getMessage() . "</p>";
   }
 } else {
 	# Bad pass check...
-	if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == false) echo "<em>Bad credentials!</em>";
+	if (isset($_SESSION['admin']) && $_SESSION['admin'] == false)
+		echo "<em>Bad credentials!</em>";
 	# Login form
 	echo '<form method="post">';
 	echo '<label for="email">Email:</label>';
@@ -92,5 +108,6 @@ if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
 }
 ?>
 </main>
+<script src="request-edit.js"></script>
 </body>
 </html>
diff --git a/edit.php b/edit.php
index 3ddada5..4ff5b5e 100644
--- a/edit.php
+++ b/edit.php
@@ -1,7 +1,7 @@
 <?php
 session_start();
 
-if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
 	try {
 		$user = "yota_admin";
 		$password = "quaequaquagh6ahwoh6Chahx1EiFooGh";
diff --git a/handle-reservation.php b/handle-reservation.php
index c61ed3c..bed1949 100644
--- a/handle-reservation.php
+++ b/handle-reservation.php
@@ -59,7 +59,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 
   // Error handling
   if ($is_something_empty) {
-    echo "<p class=\"mid\"><strong>All fields must be filed!</strong></p>";
+    $_SESSION["msg"] = "All fields must be filed!";
   }
   else {
     // Send to DB
@@ -79,9 +79,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
       $stmt->bindParam(':operatorEmail', $operatorEmail);
       $stmt->bindParam(':operatorPhone', $operatorPhone);
       $stmt->execute();
-      echo "<p class=\"mid\">Data inserted.</p>";
+      $_SESSION["msg"] = "Data inserted.";
     } catch (PDOException $e) {
-      echo "<p class=\"mid\">Error!: " . $e->getMessage() . "</p>";
+      $_SESSION["msg"] = "Error!: " . $e->getMessage();
     }
   }
 }
@@ -92,3 +92,5 @@ function clear_input($data) {
   $data = htmlspecialchars($data);
   return $data;
 }
+
+header("Location: reservation.php");
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..6d51326
--- /dev/null
+++ b/login.php
@@ -0,0 +1,32 @@
+<?php
+session_start();
+
+# IS LOGIN LEGITIMATE?
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['email']) && isset($_POST['password'])) {
+	# DB CONNECT
+	try {
+		$user = "yota_user";
+		$password = "gahdeer6shai9hogai2sai4quuaj1eVu";
+		$database = "yota_call_db";
+
+		$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
+		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+		$stmt = $conn->prepare("SELECT * FROM admins WHERE email=:email");
+		$stmt->bindParam(':email', $_POST['email']);
+		$stmt->execute();
+		$row = $stmt->fetch();
+
+		if (password_verify($_POST['password'], $row['password'])) {
+			$_SESSION['admin'] = true;
+		} else {
+			$_SESSION['admin'] = false;
+		}
+	} catch (PDOException $e) {
+			die("Error!: " . $e->getMessage());
+	}
+	$stmt=null;
+	$conn=null;
+}
+
+header("Location: admin.php");
diff --git a/request-edit.js b/request-edit.js
new file mode 100644
index 0000000..4d8a245
--- /dev/null
+++ b/request-edit.js
@@ -0,0 +1,33 @@
+function btnAction(action, btn) {
+  var trDom = btn.parentElement.parentElement;
+  var trData = trDom.children;
+
+  var actionData = {
+    action: action,
+    id: trData[0].innerHTML,
+    approved: trData[1].firstElementChild.checked,
+    operatorSign: trData[2].firstElementChild.innerHTML,
+    qso: trData[3].firstElementChild.innerHTML,
+    fromTime: trData[4].firstElementChild.innerHTML,
+    toTime: trData[5].firstElementChild.innerHTML,
+    freqs: trData[6].firstElementChild.innerHTML,
+    modes: trData[7].firstElementChild.innerHTML,
+    specialSign: trData[8].firstElementChild.innerHTML,
+    operatorName: trData[9].firstElementChild.innerHTML,
+    operatorEmail: trData[10].firstElementChild.innerHTML,
+    operatorPhone: trData[11].firstElementChild.innerHTML
+  }
+
+  if (actionData.action == 'delete')
+    if (confirm("Are you sure you want to delete reservation #" + actionData.id + " made by " + actionData.operatorSign + "?"))
+      trDom.remove();
+
+  //var xhr = new XMLHttpRequest();
+  //xhr.onreadystatechange = function () {
+  //if (this.readyState == 4 && status == 200) {
+
+  //}
+  //};
+  //xhr.open("POST", "edit.php", true);
+  //xhr.send(JSON.stringify(actionData));
+}
diff --git a/reservation.php b/reservation.php
index ec46440..05f6fa7 100644
--- a/reservation.php
+++ b/reservation.php
@@ -24,11 +24,14 @@ session_start();
 ?>
 </nav>
 <main>
+
 <?php
-  require "handle-reservation.php";
+if (isset($_SESSION["msg"])) {
+    echo "<p class=\"mid\"><strong>" . $_SESSION["msg"] . "</strong></p>";
+}
 ?>
 
-<form method="post">
+<form action="handle-reservation.php" method="post">
 <!-- SPECIAL CALL -->
 <label for="special-call">Special Call:</label>
 <select id="special-call" name="scall">
diff --git a/style.css b/style.css
index 6495f91..c4c5f2f 100644
--- a/style.css
+++ b/style.css
@@ -48,6 +48,10 @@ nav a:hover {
     max-width: 750px;
     margin: 1rem auto;
 }
+.alert {
+    font-weight: bold;
+    color: red;
+}
 
 /* MAIN STYLING */
 main {
@@ -70,7 +74,7 @@ a {
 
 /* TABEL STYLING */
 table {
-    margin: 2rem 0;
+    margin: 1rem 0;
     border-collapse: collapse;
     width: 100%;
 }
@@ -86,6 +90,18 @@ td, th {
     border: 1px solid #ccc;
     text-align: left;
     padding: 8px;
+    white-space: nowrap;
+}
+
+.center {
+    text-align: center;
+}
+.edit {
+    padding: 2px;
+    border-top: 1px solid #333;
+    border-left: 1px solid #333;
+    border-bottom: 1px solid #aaa;
+    border-right: 1px solid #aaa;
 }
 
 tr:nth-child(even) {
@@ -117,6 +133,17 @@ input[type=submit] {
   margin: 8px 0;
 }
 
+button {
+  background-color: #eee;
+  color: black;
+  border: #ccc 1px solid;
+  padding: 7px 10px;
+  margin: 2px;
+}
+button:hover {
+  background-color: #f6f6f6;
+}
+
 input[type=submit] {
   background-color: #ddd;
 }
diff --git a/test/notes.sql b/test/notes.sql
index dd59770..fbabe4e 100644
--- a/test/notes.sql
+++ b/test/notes.sql
@@ -22,6 +22,6 @@ CREATE TABLE admins(
         `password` varchar(255) not null
       ) charset=utf8;
 
-GRANT ALL PRIVILEGES ON `yota_db`.* TO `yota_admin`@`localhost` IDENTIFIED BY 'quaequaquagh6ahwoh6Chahx1EiFooGh';
-GRANT SELECT ON `yota_db`.* TO `yota_user`@`localhost` IDENTIFIED BY 'gahdeer6shai9hogai2sai4quuaj1eVu';
-GRANT INSERT ON `yota_db`.`activities` TO `yota_requester`@`localhost` IDENTIFIED BY 'oon5iraeghaidoShi5sheefie2uuz3gu';
+GRANT ALL PRIVILEGES ON `yota_call_db`.* TO `yota_admin`@`localhost` IDENTIFIED BY 'quaequaquagh6ahwoh6Chahx1EiFooGh';
+GRANT SELECT ON `yota_call_db`.* TO `yota_user`@`localhost` IDENTIFIED BY 'gahdeer6shai9hogai2sai4quuaj1eVu';
+GRANT INSERT ON `yota_call_db`.`activities` TO `yota_requester`@`localhost` IDENTIFIED BY 'oon5iraeghaidoShi5sheefie2uuz3gu';
-- 
cgit v1.2.3


Ime	Prezime	Godine	ID	Approved	Operator Sign	QSO	From	To	Frequencies	Modes	Special sign	Operator Name	Operator Email	Operator Phone	Actions
" . $row['name'] . "	" . $row['surname'] . "	" . $row['age'] . "	'; - echo ''; - echo ''; - echo '
" . $row['id'] . "			" . $row['operatorCall'] . "	" . $row['fromTime'] . "	" . $row['toTime'] . "	" . $row['frequencies'] . "	" . $row['modes'] . "	" . $row['specialCall'] . "	" . $row['operatorName'] . "	" . $row['operatorEmail'] . "	" . $row['operatorPhone'] . "	" . $row['qso'] . "	" . $row['operatorCall'] . "	" . $row['qso'] . "	" . $row['fromTime'] . "	" . $row['toTime'] . "	" . $row['frequencies'] . "	" . $row['modes'] . "	" . $row['specialCall'] . "	" . $row['operatorName'] . "	" . $row['operatorEmail'] . "	" . $row['operatorPhone'] . "	"; + echo ""; + echo ""; + echo ""; + echo "