aboutsummaryrefslogtreecommitdiff
path: root/edit.php
blob: 5bc5b4272e6b429912caddc5f77ffd6de69d1b4a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
session_start();

function clear_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['admin']) && $_SESSION['admin'] == true) {
	try {
		$user = "yota_admin";
		$password = "quaequaquagh6ahwoh6Chahx1EiFooGh";
		$database = "yota_call_db";
		$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	} catch (PDOException $e) {
		echo "Error: " . $e->getMessage();
	}

	try {
		$recvData = json_decode(file_get_contents("php://input"));
		$recvData->id = clear_input($recvData->id);
		$recvData->approved = filter_var($recvData->approved, FILTER_VALIDATE_BOOLEAN);
		$recvData->specialCall = clear_input($recvData->specialCall);
		$recvData->fromTime = clear_input($recvData->fromTime);
		$recvData->toTime = clear_input($recvData->toTime);
		$recvData->frequencies = clear_input($recvData->frequencies);
		$recvData->modes = clear_input($recvData->modes);
		$recvData->operatorCall = clear_input($recvData->operatorCall);
		$recvData->operatorName = clear_input($recvData->operatorName);
		$recvData->operatorEmail = clear_input($recvData->operatorEmail);
		$recvData->operatorPhone = clear_input($recvData->operatorPhone);
		$recvData->qso = clear_input($recvData->qso);

		$recvData->$specialCall = strtoupper($recvData->$specialCall);
		$recvData->$modes = strtoupper($recvData->$modes);
		$recvData->$operatorCall = strtoupper($recvData->$operatorCall);

	} catch (Exception $e) {
		die("Can't decode JSON!");
	}

	try {
		if ($recvData->action == "update") {
			$sql = "UPDATE activities SET 
				approved=:approved, 
				specialCall=:specialCall, 
				fromTime=:fromTime, 
				toTime=:toTime, 
				frequencies=:frequencies, 
				modes=:modes, 
				operatorCall=:operatorCall, 
				operatorName=:operatorName, 
				operatorEmail=:operatorEmail, 
				operatorPhone=:operatorPhone, 
				qso=:qso 
				WHERE id=:id";

			$recvData->approved = $recvData->approved === true ? "1" : "0";

			$stmt = $conn->prepare($sql);
			$stmt->bindParam(':id', 						$recvData->id);
			$stmt->bindParam(':approved', 			$recvData->approved);
			$stmt->bindParam(':specialCall', 		$recvData->specialCall);
			$stmt->bindParam(':fromTime', 			$recvData->fromTime);
			$stmt->bindParam(':toTime', 				$recvData->toTime);
			$stmt->bindParam(':frequencies', 		$recvData->frequencies);
			$stmt->bindParam(':modes', 					$recvData->modes);
			$stmt->bindParam(':operatorCall', 	$recvData->operatorCall);
			$stmt->bindParam(':operatorName', 	$recvData->operatorName);
			$stmt->bindParam(':operatorEmail', 	$recvData->operatorEmail);
			$stmt->bindParam(':operatorPhone', 	$recvData->operatorPhone);
			$stmt->bindParam(':qso', 						$recvData->qso);
			$stmt->execute();

			$sendData->action=$recvData->action;

			echo json_encode($sendData);

		} else if ($recvData->action == "restore") {

			$stmt = $conn->prepare("SELECT * FROM activities WHERE id=:id");
			$stmt->bindParam(':id', $recvData->id);
			$stmt->execute();
			$row = $stmt->fetch();

			$sendData = null;
			$sendData->action=$recvData->action;
			$sendData->id=$row["id"];

			$sendData->approved=$row["approved"];

			$sendData->specialCall=$row["specialCall"];
			$sendData->fromTime=$row["fromTime"];
			$sendData->toTime=$row["toTime"];
			$sendData->frequencies=$row["frequencies"];
			$sendData->modes=$row["modes"];
			$sendData->operatorCall=$row["operatorCall"];
			$sendData->operatorName=$row["operatorName"];
			$sendData->operatorEmail=$row["operatorEmail"];
			$sendData->operatorPhone=$row["operatorPhone"];
			$sendData->qso=$row["qso"];

			$recvData->approved = filter_var($recvData->approved, FILTER_VALIDATE_BOOLEAN);
			echo json_encode($sendData);

		} else if ($recvData->action == "delete") {
			$stmt = $conn->prepare("DELETE FROM activities WHERE id=:id");
			$stmt->bindParam(':id', $recvData->id);
			$stmt->execute();

			$sendData->action=$recvData->action;
			echo json_encode($sendData);
		}
	} catch ( Exception $e ) {
		if ( $e instanceof PDOException )
			echo "Error: " . $e->getMessage();
		else
			echo "Error in action handling!";
	}
}