From 25e935f489de7d13ee1d63609ea810423dc44d6a Mon Sep 17 00:00:00 2001
From: root <root@welcometucode.htu.tuwien.ac.at>
Date: Thu, 16 Jul 2015 01:36:19 +0200
Subject: [PATCH] added exceptions, some more verification, checkboxes
---
db_funcs.php | 39 ++++++++++++++-------------
funcs.php | 38 +++++++++++++-------------
person.php | 75 +++++++++++++++++++++++++++++++---------------------
style.css | 8 +++++-
4 files changed, 92 insertions(+), 68 deletions(-)
diff --git a/db_funcs.php b/db_funcs.php
index 49f4069..f358087 100644
--- a/db_funcs.php
+++ b/db_funcs.php
@@ -20,11 +20,12 @@ function db_get_uinfo($user, $pass){
}
function db_list_anmeldungen(){
- $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE lower(uname)=lower(?)');
- $prep->execute(array($GLOBALS['uname'],));
if($GLOBALS['lvl'] >= 2){
$prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen');
$prep->execute();
+ }else{
+ $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE lower(uname)=lower(?)');
+ $prep->execute(array($GLOBALS['uname'],));
}
return $prep->fetchAll();
}
@@ -32,7 +33,9 @@ function db_list_anmeldungen(){
function db_get_person($id){
$prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE id = ?');
$prep->execute(array($id,));
- return $prep->fetch();
+ $ret = $prep->fetch();
+ if($ret !== FALSE && $ret['uname'] != $GLOBALS['uname'] && $GLOBALS['lvl'] < 2) throw new Exception('PERMISSION_ERROR');
+ return $ret;
}
function db_delete_person($id){
@@ -43,26 +46,25 @@ function db_delete_person($id){
$prep = $GLOBALS['dbc']->prepare('DELETE FROM anmeldungen WHERE id = ? and lower(uname) = ?');
$prep->execute(array($id,$GLOBALS['uname']));
}
- return $prep->rowCount();
+ if($prep->rowCount() != 1)throw new Exception('NOTHING_DELETED');
}
function db_store_person($id, $pdata){
$p = db_get_person($id);
if($p !== FALSE && $p['id'] == $id){
- // found, we do updating, if uname == uname.
- if($p['uname'] == $GLOBALS['uname'] || $GLOBALS['lvl'] >= 2){
- if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
- if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0;
- if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0;
- if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0;
- if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01';
- $prep = $GLOBALS['dbc']->prepare('UPDATE anmeldungen SET nname=?, vname=?, gebdatum=?, nationaliaet=?, sprachen=?, analphabet=?, '.
- 'bemerkungen=?, vorwissen=?, fotoerlaubnis=?, videoerlaubnis=?, status=?,termin=? WHERE id=?');
- $prep->execute(array($pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'],
- $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $pdata['status'], $pdata['termin'], $p['id']));
- return $prep->rowCount();
- }
+ // found, we do updating. We are permitted, as there was no exception rtrieving the personinfo.
+ if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
+ if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0;
+ if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0;
+ if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0;
+ if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01';
+ $prep = $GLOBALS['dbc']->prepare('UPDATE anmeldungen SET nname=?, vname=?, gebdatum=?, nationaliaet=?, sprachen=?, analphabet=?, '.
+ 'bemerkungen=?, vorwissen=?, fotoerlaubnis=?, videoerlaubnis=?, status=?,termin=? WHERE id=?');
+ $prep->execute(array($pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'],
+ $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $pdata['status'], $pdata['termin'], $p['id']));
+ if($prep->rowCount() != 1)throw new Exception('UPDATE_FAILED');
+ return $id;
}else{
// inserting a new person.
if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
@@ -74,8 +76,7 @@ function db_store_person($id, $pdata){
vorwissen, fotoerlaubnis, videoerlaubnis, status, termin) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) returning id;');
$prep->execute(array($GLOBALS['uname'], $pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'],
$pdata['analphabet'], $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $pdata['status'], $pdata['termin']));
- $r = $prep->fetchColumn();
- return -$r;
+ return $prep->fetchColumn();
}
}
diff --git a/funcs.php b/funcs.php
index ee6e456..917705c 100644
--- a/funcs.php
+++ b/funcs.php
@@ -10,11 +10,11 @@ require_once('./db_funcs.php');
require_once('./html_funcs.php');
function login(){
-// if(!isset($_SERVER['HTTPS'])){
-// $url = 'https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
-// header('Location: '.$url, true, 301);
-// exit('<h1>Redirecting to: <a href="'.$url.'">'.$url.'</a></h1>');
-// }
+ if(!isset($_SERVER['HTTPS'])){
+ $url = 'https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
+ header('Location: '.$url, true, 301);
+ exit('<h1>Redirecting to: <a href="'.$url.'">'.$url.'</a></h1>');
+ }
$uinfo = db_get_uinfo($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if($uinfo['lvl'] >= 1){
$GLOBALS['uname'] = $uinfo['uname'];
@@ -42,47 +42,49 @@ function list_anmeldungen(){
}
function store_person(){
- if(!isset($_REQUEST['delete']) && !isset($_REQUEST['save'])) return 0;
+ if(!isset($_REQUEST['delete']) && !isset($_REQUEST['save']))return;
//var_export($_REQUEST);
if(isset($_REQUEST['delete']))return db_delete_person($_REQUEST['id']);
if(isset($_REQUEST['save'])){
- if(!isset($_REQUEST['vname']))return '-vname- not set!';
+ if(!isset($_REQUEST['vname']))throw new Exception('NOT_SET vname');
$pdata['vname']=$_REQUEST['vname'];
- if(!isset($_REQUEST['nname']))return '-nname- not set!';
+ if(!isset($_REQUEST['nname']))throw new Exception('NOT_SET nname');
$pdata['nname']=$_REQUEST['nname'];
- if(!isset($_REQUEST['gebdatum']))return '-gebdatum- not set!';
+ if($pdata['vname'] == '' && $pdata['nname'] == '')throw new Exception('NO_NAME');
+
+ if(!isset($_REQUEST['gebdatum']))throw new Exception('NOT_SET gebdatum');
$pdata['gebdatum']=$_REQUEST['gebdatum'];
- if(!isset($_REQUEST['nationaliaet']))return '-nationaliaet- not set!';
+ if(!isset($_REQUEST['nationaliaet']))throw new Exception('NOT_SET nationalitaet');
$pdata['nationaliaet']=$_REQUEST['nationaliaet'];
- if(!isset($_REQUEST['sprachen']))return '-sprachen- not set!';
+ if(!isset($_REQUEST['sprachen']))throw new Exception('NOT_SET sprachen');
$pdata['sprachen']=$_REQUEST['sprachen'];
- if(!isset($_REQUEST['vorwissen']))return '-vorwissen- not set!';
+ if(!isset($_REQUEST['vorwissen']))throw new Exception('NOT_SET vorwissen');
$pdata['vorwissen']=$_REQUEST['vorwissen'];
- if(!isset($_REQUEST['analphabet']))return '-analphabet- not set!';
+ if(!isset($_REQUEST['analphabet']))$_REQUEST['analphabet'] = '0';
$pdata['analphabet']=$_REQUEST['analphabet'];
- if(!isset($_REQUEST['fotoerlaubnis']))return '-fotoerlaubnis- not set!';
+ if(!isset($_REQUEST['fotoerlaubnis']))$_REQUEST['fotoerlaubnis'] = '0';
$pdata['fotoerlaubnis']=$_REQUEST['fotoerlaubnis'];
- if(!isset($_REQUEST['videoerlaubnis']))return '-videoerlaubnis- not set!';
+ if(!isset($_REQUEST['videoerlaubnis']))$_REQUEST['videoerlaubnis'] = '0';
$pdata['videoerlaubnis']=$_REQUEST['videoerlaubnis'];
- if(!isset($_REQUEST['bemerkungen']))return '-bemerkungen- not set!';
+ if(!isset($_REQUEST['bemerkungen']))throw new Exception('NOT_SET bemerkungen');
$pdata['bemerkungen']=$_REQUEST['bemerkungen'];
- if(!isset($_REQUEST['termin']))return '-termin- not set!';
+ if(!isset($_REQUEST['termin']))throw new Exception('NOT_SET termin');
$pdata['termin']=$_REQUEST['termin'];
- if(!isset($_REQUEST['status']))return '-status- not set!';
+ if(!isset($_REQUEST['status']))throw new Exception('NOT_SET status');
$pdata['status']=$_REQUEST['status'];
return db_store_person($_REQUEST['id'], $pdata);
diff --git a/person.php b/person.php
index 0874adb..335db4b 100644
--- a/person.php
+++ b/person.php
@@ -8,38 +8,53 @@
require_once('./funcs.php');
login();
-$status = store_person();
-$person = get_person($_REQUEST['id']);
-
-if(isset($_REQUEST['api'])){
- header('Content-Type: application/json');
- header('Access-Control-Allow-Origin: *');
- mb_internal_encoding('UTF-8');
- $send['status'] = $status;
- $send['person'] = $person;
- exit(json_encode($send));
-}
+$id = 0;
+try{
+ $id = store_person();
+ $person = get_person($_REQUEST['id']);
+
+ if(isset($_REQUEST['api'])){
+ header('Content-Type: application/json');
+ header('Access-Control-Allow-Origin: *');
+ mb_internal_encoding('UTF-8');
+ $send['status'] = $status;
+ $send['person'] = $person;
+ exit(json_encode($send));
+ }
+
+ echo html_top("Person bearbeiten");
+ echo "<h1>Person bearbeiten</h1>";
-echo html_top("Person bearbeiten");
-echo "<h1>Person bearbeiten</h1>";
+ if(isset($_REQUEST['delete'])){
+ exit('<h2>Person gelöscht</h2><p><a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
-if($status == 1 && isset($_REQUEST['delete'])){
- exit('<h2>Person gelöscht</h2><p><a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
+ }elseif(isset($_REQUEST['save']) && isset($_REQUEST['id'])){
+ echo '<h2>Person aktualisiert</h2>';
-}elseif(!isset($_REQUEST['id']) && isset($_REQUEST['delete'])){
- exit('<h2>Nur existierende Personen können gelöscht werden</h2><p><a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
+ }elseif(isset($_REQUEST['save']) && $id >0){
+ exit('<h2>Person angelegt. ID:'.$id.' (<a href="./person.php?id='.$id.'">Bearbeiten?</a>)</h2>'.
+ '<p><a href="./person.php">neue Person eintragen?</a> oder doch <a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
+ }
+} catch (Exception $e) {
+ $exc = $e->getMessage();
+ if($exc == 'PERMISSION_ERROR'){
+ exit('<h2>Berechtigungsfehler.</h2><p><a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
-}elseif(isset($_REQUEST['id']) && $person == NULL){
- exit('<h2>Person existiert nicht</h2><p>Oder die nötige Berechtigung zum einsehen dieser Person nicht vorhanden.<br>
- <a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
+ }elseif($exc == 'NOTHING_DELETED'){
+ exit('<h2>Nur existierende Personen können gelöscht werden</h2><p><a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
+ }
-}elseif($status == 1 && isset($_REQUEST['save'])){
- echo '<h2>Person aktualisiert</h2>';
-}elseif($status < 0){
- exit('<h2>Person angelegt. ID:'.-$status.' (<a href="./person.php?id='.(-$status).'">Bearbeiten?</a>)</h2>'.
- '<p><a href="./person.php">neue Person eintragen?</a> oder doch <a href="list.php">Zurück zur Ãbersicht</a></p>'.html_bottom());
+ exit('<h2>Unbekannter Fehler!</h2><p>Bitte nutze den Live-Chat, um diesen Fehler zu melden. Bitte Fehlermeldung kopieren!<br>'.
+ '<a href="list.php">Zurück zur Ãbersicht</a></p><h3>Fehlermeldung</h3><pre>'.$e->getMessage()."\n".var_export($_REQUEST,true).'</pre>'.html_bottom());
}
+
+
+$fotoerlaubnis_check = $analphabet_check = $videoerlaubnis_check = '';
+if($person['analphabet'] == '1')$analphabet_check = 'checked="checked"';
+if($person['fotoerlaubnis'] == '1')$fotoerlaubnis_check = 'checked="checked"';
+if($person['videoerlaubnis'] == '1')$videoerlaubnis_check = 'checked="checked"';
+
?>
<p><a href="list.php">Zurück zur Ãbersicht</a></p>
<form method="post" enctype="multipart/form-data">
@@ -51,7 +66,7 @@ if($status == 1 && isset($_REQUEST['delete'])){
<p>Nachname(n)<br>
<input type="text" name="nname" value="<?php echo $person['nname'];?>"></p>
<p>Geboren<br>
-<input type="text" name="gebdatum" value="<?php echo $person['gebdatum'];?>"></p>
+<input type="text" name="gebdatum" value="<?php echo $person['gebdatum'];?>" placeholder="yyyy-mm-dd"></p>
<p>Nationalität<br>
<input type="text" name="nationaliaet" value="<?php echo $person['nationaliaet'];?>"></p>
<p>Sprachkenntnisse<br>
@@ -61,11 +76,11 @@ if($status == 1 && isset($_REQUEST['delete'])){
<p>Status<br>
<input type="text" name="status" value="<?php echo $person['status'];?>"></p>
<p>Analphabet<br>
-<input type="text" name="analphabet" value="<?php echo $person['analphabet'];?>"></p>
+<input type="checkbox" name="analphabet" value="1" <?php echo $analphabet_check;?>></p>
<p>Fotoerlaubnis<br>
-<input type="text" name="fotoerlaubnis" value="<?php echo $person['fotoerlaubnis'];?>"></p>
+<input type="checkbox" name="fotoerlaubnis" value="1" <?php echo $fotoerlaubnis_check;?>></p>
<p>Videoerlaubnis<br>
-<input type="text" name="videoerlaubnis" value="<?php echo $person['videoerlaubnis'];?>"></p>
+<input type="checkbox" name="videoerlaubnis" value="1" <?php echo $videoerlaubnis_check;?>></p>
<p>Besonderes/Bemerkungen<br>
<textarea rows="6" cols="50" name="bemerkungen"><?php echo $person['bemerkungen'];?></textarea></p>
<p>Termin<br>
@@ -76,5 +91,5 @@ if($status == 1 && isset($_REQUEST['delete'])){
</form>
<p><a href="list.php">Zurück zur Ãbersicht</a></p>
-<?php echo html_bottom(); ?>
+<?php echo html_bottom();
diff --git a/style.css b/style.css
index 7a82ba7..1069e41 100644
--- a/style.css
+++ b/style.css
@@ -90,5 +90,11 @@
.footnote {
text-align:right;
font-size: 12px;
- }
+}
+
+table, th, td {
+ border: 1px solid black;
+ padding: 1px;
+ border-spacing: 0px;
+}
--
2.43.0