From 00fda2f0dfdaa1129949f0fa116cfaeff23ab486 Mon Sep 17 00:00:00 2001
From: Mateja <mail@matejamaric.com>
Date: Mon, 28 Sep 2020 19:14:53 +0200
Subject: first commit

---
 admin.php | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 admin.php

(limited to 'admin.php')

diff --git a/admin.php b/admin.php
new file mode 100644
index 0000000..2bfdfde
--- /dev/null
+++ b/admin.php
@@ -0,0 +1,105 @@
+<?php
+session_start();
+
+# DB CONNECT
+try {
+  $user = "yota_user";
+  $password = "leex3EThieK0ieLaiVaicaifef5eecei";
+  $database = "yota_call_db";
+  $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
+  $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+} catch (PDOException $e) {
+  echo "<p>Error!: " . $e->getMessage() . "</p>";
+  die();
+}
+
+# SHOLUD SOMETHING BE APPROVED?
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['id']) ) {
+	$stmt = $conn->prepare("UPDATE activities SET approved = true WHERE id=:id");
+echo "lol:" . $_POST['id'];
+	$stmt->bindParam(':id', $_POST['id']);
+	$stmt->execute();
+}
+
+# IS LOGIN LEGITIMATE?
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['email']) && isset($_POST['password'])) {
+    try {
+	$stmt = $conn->prepare("SELECT * FROM admins WHERE email=:email");
+	$stmt->bindParam(':email', $_POST['email']);
+	$stmt->execute();
+	$row = $stmt->fetch();
+	if (password_verify($_POST['password'], $row['password'])){
+		$_SESSION['admin'] = true;
+	} else {
+		$_SESSION['admin'] = false;
+	}
+    } catch (PDOException $e) {
+        echo "<p>Error!: " . $e->getMessage() . "</p>";
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="utf-8"/>
+	<meta name="viewport" content="width=device-width initial-scale=1.0"/>
+	<link href="style.css" rel="stylesheet" type="text/css"/>
+	<title>Yota Callplan</title>
+</head>
+<body>
+<header><a href="http://yota.yu1srs.org.rs/">YOTA</a></header>
+<nav>
+  <a href="/index.php">Activity Plan</a>
+  <a href="/reservation.php">Make reservation</a>
+<?php
+  if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
+    echo '<a class="right" href="/logout.php">Logout</a>';
+  	echo '<a class="active right" href="admin.php">Administration</a>';
+	} else {
+    echo '<a class="active right" href="/admin.php">Login</a>';
+	}
+?>
+</nav>
+<main>
+<?php
+if (isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
+  try {
+    echo '<div style="overflow-x:auto;">';
+    echo "<table>\n";
+    echo "<tr>";
+    echo "<th>Ime</th>";
+    echo "<th>Prezime</th>";
+    echo "<th>Godine</th>";
+    echo "<th>Actions</th>";
+    echo "</tr>\n";
+    foreach($conn->query("SELECT * FROM activities WHERE approved = false") as $row) {
+      echo "<tr>";
+      echo "<td>" . $row['name'] . "</td>";
+      echo "<td>" . $row['surname'] . "</td>";
+      echo "<td>" . $row['age'] . "</td>";
+      echo '<td><form action="admin.php" method="post">';
+      echo '<input type="hidden" name="id" value="' . $row['id'] . '">';
+      echo '<input type="submit" class="abtn" value="Approve"/>';
+      echo '</form></td>';
+      echo "</tr>\n";
+    }
+    echo "</table>\n</div>\n";
+  } catch (PDOException $e) {
+    echo "<p>Error!: " . $e->getMessage() . "</p>";
+  }
+} else {
+	# Bad pass check...
+	if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == false) echo "<em>Bad credentials!</em>";
+	# Login form
+	echo '<form method="post">';
+	echo '<label for="email">Email:</label>';
+	echo '<input type="email" id="email" name="email">';
+	echo '<label for="password">Password:</label>';
+	echo '<input type="password" id="password" name="password">';
+	echo '<input type="submit" value="Login">';
+	echo '</form>';
+}
+?>
+</main>
+</body>
+</html>
-- 
cgit v1.2.3