From 25e935f489de7d13ee1d63609ea810423dc44d6a Mon Sep 17 00:00:00 2001
From: root <root@welcometucode.htu.tuwien.ac.at>
Date: Thu, 16 Jul 2015 01:36:19 +0200
Subject: [PATCH] added exceptions, some more verification, checkboxes

---
 db_funcs.php | 39 ++++++++++++++-------------
 funcs.php    | 38 +++++++++++++-------------
 person.php   | 75 +++++++++++++++++++++++++++++++---------------------
 style.css    |  8 +++++-
 4 files changed, 92 insertions(+), 68 deletions(-)

diff --git a/db_funcs.php b/db_funcs.php
index 49f4069..f358087 100644
--- a/db_funcs.php
+++ b/db_funcs.php
@@ -20,11 +20,12 @@ function db_get_uinfo($user, $pass){
 }
 
 function db_list_anmeldungen(){
-  $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE lower(uname)=lower(?)');
-  $prep->execute(array($GLOBALS['uname'],));
   if($GLOBALS['lvl'] >= 2){
     $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen');
     $prep->execute();
+  }else{
+    $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE lower(uname)=lower(?)');
+    $prep->execute(array($GLOBALS['uname'],));
   }
   return $prep->fetchAll();
 }
@@ -32,7 +33,9 @@ function db_list_anmeldungen(){
 function db_get_person($id){
   $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE id = ?');
   $prep->execute(array($id,));
-  return $prep->fetch();
+  $ret = $prep->fetch();
+  if($ret !== FALSE && $ret['uname'] != $GLOBALS['uname'] && $GLOBALS['lvl'] < 2) throw new Exception('PERMISSION_ERROR');
+  return $ret;
 }
 
 function db_delete_person($id){
@@ -43,26 +46,25 @@ function db_delete_person($id){
     $prep = $GLOBALS['dbc']->prepare('DELETE FROM anmeldungen WHERE id = ? and lower(uname) = ?');
     $prep->execute(array($id,$GLOBALS['uname']));
   }
-  return $prep->rowCount();
+  if($prep->rowCount() != 1)throw new Exception('NOTHING_DELETED');
 }
 
 function db_store_person($id, $pdata){
   $p = db_get_person($id);
 
   if($p !== FALSE && $p['id'] == $id){
-    // found, we do updating, if uname == uname.
-    if($p['uname'] == $GLOBALS['uname'] || $GLOBALS['lvl'] >= 2){
-      if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
-      if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0;
-      if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0;
-      if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0;
-      if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01';
-      $prep = $GLOBALS['dbc']->prepare('UPDATE anmeldungen SET nname=?, vname=?, gebdatum=?, nationaliaet=?, sprachen=?, analphabet=?, '.
-	    'bemerkungen=?, vorwissen=?, fotoerlaubnis=?, videoerlaubnis=?, status=?,termin=? WHERE id=?');
-      $prep->execute(array($pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'],
-	    $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $pdata['status'], $pdata['termin'], $p['id']));
-      return $prep->rowCount();
-	}
+    // found, we do updating. We are permitted, as there was no exception rtrieving the personinfo.
+    if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
+    if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0;
+    if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0;
+    if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0;
+    if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01';
+    $prep = $GLOBALS['dbc']->prepare('UPDATE anmeldungen SET nname=?, vname=?, gebdatum=?, nationaliaet=?, sprachen=?, analphabet=?, '.
+	  'bemerkungen=?, vorwissen=?, fotoerlaubnis=?, videoerlaubnis=?, status=?,termin=? WHERE id=?');
+    $prep->execute(array($pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'],
+	  $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $pdata['status'], $pdata['termin'], $p['id']));
+    if($prep->rowCount() != 1)throw new Exception('UPDATE_FAILED');
+    return $id;
   }else{
     // inserting a new person.
     if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
@@ -74,8 +76,7 @@ function db_store_person($id, $pdata){
 	  vorwissen, fotoerlaubnis, videoerlaubnis, status, termin) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) returning id;');
     $prep->execute(array($GLOBALS['uname'], $pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], 
 	  $pdata['analphabet'], $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $pdata['status'], $pdata['termin']));
-    $r = $prep->fetchColumn(); 
-	return -$r;
+	return $prep->fetchColumn();
   }
 }
 
diff --git a/funcs.php b/funcs.php
index ee6e456..917705c 100644
--- a/funcs.php
+++ b/funcs.php
@@ -10,11 +10,11 @@ require_once('./db_funcs.php');
 require_once('./html_funcs.php');
 
 function login(){
-//  if(!isset($_SERVER['HTTPS'])){
-//    $url = 'https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
-//    header('Location: '.$url, true, 301);
-//    exit('<h1>Redirecting to: <a href="'.$url.'">'.$url.'</a></h1>');
-//  }
+  if(!isset($_SERVER['HTTPS'])){
+    $url = 'https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
+    header('Location: '.$url, true, 301);
+    exit('<h1>Redirecting to: <a href="'.$url.'">'.$url.'</a></h1>');
+  }
   $uinfo = db_get_uinfo($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
   if($uinfo['lvl'] >= 1){
     $GLOBALS['uname'] = $uinfo['uname'];
@@ -42,47 +42,49 @@ function list_anmeldungen(){
 }
 
 function store_person(){
-  if(!isset($_REQUEST['delete']) && !isset($_REQUEST['save'])) return 0;
+  if(!isset($_REQUEST['delete']) && !isset($_REQUEST['save']))return;
 
 //var_export($_REQUEST);
 
   if(isset($_REQUEST['delete']))return db_delete_person($_REQUEST['id']);
   if(isset($_REQUEST['save'])){
 
-    if(!isset($_REQUEST['vname']))return '-vname- not set!';
+    if(!isset($_REQUEST['vname']))throw new Exception('NOT_SET vname');
     $pdata['vname']=$_REQUEST['vname'];
 
-    if(!isset($_REQUEST['nname']))return '-nname- not set!';
+    if(!isset($_REQUEST['nname']))throw new Exception('NOT_SET nname');
     $pdata['nname']=$_REQUEST['nname'];
 
-    if(!isset($_REQUEST['gebdatum']))return '-gebdatum- not set!';
+    if($pdata['vname'] == '' && $pdata['nname'] == '')throw new Exception('NO_NAME');
+
+    if(!isset($_REQUEST['gebdatum']))throw new Exception('NOT_SET gebdatum');
     $pdata['gebdatum']=$_REQUEST['gebdatum'];
 	
-    if(!isset($_REQUEST['nationaliaet']))return '-nationaliaet- not set!';
+    if(!isset($_REQUEST['nationaliaet']))throw new Exception('NOT_SET nationalitaet');
     $pdata['nationaliaet']=$_REQUEST['nationaliaet'];
 
-    if(!isset($_REQUEST['sprachen']))return '-sprachen- not set!';
+    if(!isset($_REQUEST['sprachen']))throw new Exception('NOT_SET sprachen');
     $pdata['sprachen']=$_REQUEST['sprachen'];
 
-    if(!isset($_REQUEST['vorwissen']))return '-vorwissen- not set!';
+    if(!isset($_REQUEST['vorwissen']))throw new Exception('NOT_SET vorwissen');
     $pdata['vorwissen']=$_REQUEST['vorwissen'];
 	
-    if(!isset($_REQUEST['analphabet']))return '-analphabet- not set!';
+    if(!isset($_REQUEST['analphabet']))$_REQUEST['analphabet'] = '0';
     $pdata['analphabet']=$_REQUEST['analphabet'];
 
-    if(!isset($_REQUEST['fotoerlaubnis']))return '-fotoerlaubnis- not set!';
+    if(!isset($_REQUEST['fotoerlaubnis']))$_REQUEST['fotoerlaubnis'] = '0';
     $pdata['fotoerlaubnis']=$_REQUEST['fotoerlaubnis'];
 
-    if(!isset($_REQUEST['videoerlaubnis']))return '-videoerlaubnis- not set!';
+    if(!isset($_REQUEST['videoerlaubnis']))$_REQUEST['videoerlaubnis'] = '0';
     $pdata['videoerlaubnis']=$_REQUEST['videoerlaubnis'];
 
-    if(!isset($_REQUEST['bemerkungen']))return '-bemerkungen- not set!';
+    if(!isset($_REQUEST['bemerkungen']))throw new Exception('NOT_SET bemerkungen');
     $pdata['bemerkungen']=$_REQUEST['bemerkungen'];
 
-    if(!isset($_REQUEST['termin']))return '-termin- not set!';
+    if(!isset($_REQUEST['termin']))throw new Exception('NOT_SET termin');
     $pdata['termin']=$_REQUEST['termin'];
 
-    if(!isset($_REQUEST['status']))return '-status- not set!';
+    if(!isset($_REQUEST['status']))throw new Exception('NOT_SET status');
     $pdata['status']=$_REQUEST['status'];
 
     return db_store_person($_REQUEST['id'], $pdata);
diff --git a/person.php b/person.php
index 0874adb..335db4b 100644
--- a/person.php
+++ b/person.php
@@ -8,38 +8,53 @@
 require_once('./funcs.php');
 login();
 
-$status = store_person();
-$person = get_person($_REQUEST['id']);
-
-if(isset($_REQUEST['api'])){
-  header('Content-Type: application/json');
-  header('Access-Control-Allow-Origin: *');
-  mb_internal_encoding('UTF-8');
-  $send['status'] = $status;
-  $send['person'] = $person;
-  exit(json_encode($send));
-}
+$id = 0;
+try{
+  $id = store_person();
+  $person = get_person($_REQUEST['id']);
+
+  if(isset($_REQUEST['api'])){
+    header('Content-Type: application/json');
+    header('Access-Control-Allow-Origin: *');
+    mb_internal_encoding('UTF-8');
+    $send['status'] = $status;
+    $send['person'] = $person;
+    exit(json_encode($send));
+  }
+
+  echo html_top("Person bearbeiten");
+  echo "<h1>Person bearbeiten</h1>";
 
-echo html_top("Person bearbeiten");
-echo "<h1>Person bearbeiten</h1>";
+  if(isset($_REQUEST['delete'])){
+    exit('<h2>Person gelöscht</h2><p><a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
 
-if($status == 1 && isset($_REQUEST['delete'])){
-  exit('<h2>Person gelöscht</h2><p><a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
+  }elseif(isset($_REQUEST['save']) && isset($_REQUEST['id'])){
+    echo '<h2>Person aktualisiert</h2>';
 
-}elseif(!isset($_REQUEST['id']) && isset($_REQUEST['delete'])){
-  exit('<h2>Nur existierende Personen können gelöscht werden</h2><p><a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
+  }elseif(isset($_REQUEST['save']) && $id >0){
+    exit('<h2>Person angelegt. ID:'.$id.' (<a href="./person.php?id='.$id.'">Bearbeiten?</a>)</h2>'.
+      '<p><a href="./person.php">neue Person eintragen?</a> oder doch <a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
+  }
+} catch (Exception $e) {
+  $exc = $e->getMessage();
+  if($exc == 'PERMISSION_ERROR'){
+    exit('<h2>Berechtigungsfehler.</h2><p><a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
 
-}elseif(isset($_REQUEST['id']) && $person == NULL){
-  exit('<h2>Person existiert nicht</h2><p>Oder die nötige Berechtigung zum einsehen dieser Person nicht vorhanden.<br>
-  <a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
+  }elseif($exc == 'NOTHING_DELETED'){
+    exit('<h2>Nur existierende Personen können gelöscht werden</h2><p><a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
+  }
 
-}elseif($status == 1 && isset($_REQUEST['save'])){
-  echo '<h2>Person aktualisiert</h2>';
-}elseif($status < 0){
-  exit('<h2>Person angelegt. ID:'.-$status.' (<a href="./person.php?id='.(-$status).'">Bearbeiten?</a>)</h2>'.
-  '<p><a href="./person.php">neue Person eintragen?</a> oder doch <a href="list.php">Zurück zur Übersicht</a></p>'.html_bottom());
+  exit('<h2>Unbekannter Fehler!</h2><p>Bitte nutze den Live-Chat, um diesen Fehler zu melden. Bitte Fehlermeldung kopieren!<br>'.
+    '<a href="list.php">Zurück zur Übersicht</a></p><h3>Fehlermeldung</h3><pre>'.$e->getMessage()."\n".var_export($_REQUEST,true).'</pre>'.html_bottom());
 }
 
+
+
+$fotoerlaubnis_check = $analphabet_check = $videoerlaubnis_check = '';
+if($person['analphabet'] == '1')$analphabet_check = 'checked="checked"';
+if($person['fotoerlaubnis'] == '1')$fotoerlaubnis_check = 'checked="checked"';
+if($person['videoerlaubnis'] == '1')$videoerlaubnis_check = 'checked="checked"';
+
 ?>
 <p><a href="list.php">Zurück zur Übersicht</a></p>
 <form method="post" enctype="multipart/form-data">
@@ -51,7 +66,7 @@ if($status == 1 && isset($_REQUEST['delete'])){
 <p>Nachname(n)<br>
 <input type="text" name="nname" value="<?php echo $person['nname'];?>"></p>
 <p>Geboren<br>
-<input type="text" name="gebdatum" value="<?php echo $person['gebdatum'];?>"></p>
+<input type="text" name="gebdatum" value="<?php echo $person['gebdatum'];?>" placeholder="yyyy-mm-dd"></p>
 <p>Nationalität<br>
 <input type="text" name="nationaliaet" value="<?php echo $person['nationaliaet'];?>"></p>
 <p>Sprachkenntnisse<br>
@@ -61,11 +76,11 @@ if($status == 1 && isset($_REQUEST['delete'])){
 <p>Status<br>
 <input type="text" name="status" value="<?php echo $person['status'];?>"></p>
 <p>Analphabet<br>
-<input type="text" name="analphabet" value="<?php echo $person['analphabet'];?>"></p>
+<input type="checkbox" name="analphabet" value="1" <?php echo $analphabet_check;?>></p>
 <p>Fotoerlaubnis<br>
-<input type="text" name="fotoerlaubnis" value="<?php echo $person['fotoerlaubnis'];?>"></p>
+<input type="checkbox" name="fotoerlaubnis" value="1" <?php echo $fotoerlaubnis_check;?>></p>
 <p>Videoerlaubnis<br>
-<input type="text" name="videoerlaubnis" value="<?php echo $person['videoerlaubnis'];?>"></p>
+<input type="checkbox" name="videoerlaubnis" value="1" <?php echo $videoerlaubnis_check;?>></p>
 <p>Besonderes/Bemerkungen<br>
 <textarea rows="6" cols="50" name="bemerkungen"><?php echo $person['bemerkungen'];?></textarea></p>
 <p>Termin<br>
@@ -76,5 +91,5 @@ if($status == 1 && isset($_REQUEST['delete'])){
 </form>
 <p><a href="list.php">Zurück zur Übersicht</a></p>
 
-<?php echo html_bottom(); ?>
+<?php echo html_bottom();
 
diff --git a/style.css b/style.css
index 7a82ba7..1069e41 100644
--- a/style.css
+++ b/style.css
@@ -90,5 +90,11 @@
 .footnote {
   text-align:right;
   font-size: 12px;
-  }
+}
+
+table, th, td {
+  border: 1px solid black;
+  padding: 1px;
+  border-spacing: 0px;
+}
 
-- 
2.43.0