From b625e7fe5c7aec7e89fb36a0931e4df25f9f3bed Mon Sep 17 00:00:00 2001 From: Jan Vales <jan@jvales.net> Date: Tue, 14 Jul 2015 16:40:29 +0200 Subject: [PATCH] das ganze mal committet, bevor was schief geht :) --- db_funcs.php | 77 ++++++++++++++++++++++++++++++++++++ funcs.php | 94 ++++++++++++++++++++++++++++++++++++++++++++ index.php | 5 +++ list.php | 12 ++++++ person.php | 79 +++++++++++++++++++++++++++++++++++++ settings.php.example | 11 ++++++ stats.php | 10 +++++ 7 files changed, 288 insertions(+) create mode 100644 db_funcs.php create mode 100644 funcs.php create mode 100644 index.php create mode 100644 list.php create mode 100644 person.php create mode 100644 settings.php.example create mode 100644 stats.php diff --git a/db_funcs.php b/db_funcs.php new file mode 100644 index 0000000..29ef2df --- /dev/null +++ b/db_funcs.php @@ -0,0 +1,77 @@ +<?php + +/** +* welcome.TU.code Anmeldesystem. +* by Jan Vales <jan@jvales.net> (aka. Someone <someone@somenet.org>) +*/ + +require_once('./settings.php'); + +function db_get_uinfo($user, $pass){ + $lvl = -1; + $prep = $GLOBALS['dbc']->prepare('SELECT uname,lvl FROM users WHERE lower(uname)=lower(?) and pwd=encode(digest(?, \'sha512\'),\'hex\')'); + $prep->execute(array($user, $pass)); + $row = $prep->fetch(); + if(isset($row['uname'])){ + return $row; + }else{ + return NULL; + } +} + +function db_list_anmeldungen(){ + $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE lower(uname)=lower(?)'); + $prep->execute(array($GLOBALS['uname'],)); + if($GLOBALS['lvl'] >= 2){ + $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen'); + $prep->execute(); + } + return $prep->fetchAll(); +} + +function db_get_person($id){ + $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE id = ?'); + $prep->execute(array($id,)); + return $prep->fetch(); +} + +function db_delete_person($id){ + if($GLOBALS['lvl'] >= 2){ + $prep = $GLOBALS['dbc']->prepare('DELETE FROM anmeldungen WHERE id = ?'); + $prep->execute(array($id,)); + }else{ + $prep = $GLOBALS['dbc']->prepare('DELETE FROM anmeldungen WHERE id = ? and lower(uname) = ?'); + $prep->execute(array($id,$GLOBALS['uname'])); + } + return $prep->rowCount(); +} + +function db_store_person($id, $pdata){ + $p = db_get_person($id); + + if($p !== FALSE && $p['id'] == $id){ + // found, we do updating, if uname == uname. + if($p['uname'] == $GLOBALS['uname'] || $GLOBALS['lvl'] >= 2){ + if($pdata['analphabet'] == '')$pdata['analphabet'] = 0; + if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0; + if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0; + if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0; + if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01'; + $prep = $GLOBALS['dbc']->prepare('UPDATE anmeldungen SET nname=?, vname=?, gebdatum=?, nationaliaet=?, sprachen=?, analphabet=?, bemerkungen=?, vorwissen=?, fotoerlaubnis=?, videoerlaubnis=? WHERE id=?'); + $prep->execute(array($pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'], $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $p['id'])); + return $prep->rowCount(); + } + }else{ + // inserting a new person. + if($pdata['analphabet'] == '')$pdata['analphabet'] = 0; + if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0; + if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0; + if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0; + if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01'; + $prep = $GLOBALS['dbc']->prepare('INSERT INTO anmeldungen(uname, nname, vname, gebdatum, nationaliaet, sprachen, analphabet, bemerkungen, vorwissen, fotoerlaubnis, videoerlaubnis) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) returning id;'); + $prep->execute(array($GLOBALS['uname'], $pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'], $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'])); + $r = $prep->fetchColumn(); + return -$r; + } +} + diff --git a/funcs.php b/funcs.php new file mode 100644 index 0000000..f7bf2c4 --- /dev/null +++ b/funcs.php @@ -0,0 +1,94 @@ +<?php + +/** +* welcome.TU.code Anmeldesystem. +* by Jan Vales <jan@jvales.net> (aka. Someone <someone@somenet.org>) +*/ + +require_once('./settings.php'); +require_once('./db_funcs.php'); + +function login(){ +// if(!isset($_SERVER['HTTPS'])){ +// $url = 'https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']; +// header('Location: '.$url, true, 301); +// exit('<h1>Redirecting to: <a href="'.$url.'">'.$url.'</a></h1>'); +// } + $uinfo = db_get_uinfo($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + if($uinfo['lvl'] >= 1){ + $GLOBALS['uname'] = $uinfo['uname']; + $GLOBALS['lvl'] = $uinfo['lvl']; + }else{ + header('WWW-Authenticate: Basic realm="WelcomeTUcode login"'); + header('HTTP/1.0 401 Unauthorized'); + exit('Nicht eingeloggt. Falsche Anmeldedaten?'); + } +} + +function list_anmeldungen(){ + $liste = db_list_anmeldungen(); + $ret = '<table border=1><tr><th>Aktion</th><th>id</th><th>Anmeldung bei</th><th>Nachname(n)</th><th>Vorname(n)</th><th>Geboren</th><th>Nationalität</th><th>Sprachkenntnis</th>'. + '<th>Vorwissen</th><th>Analphabet</th><th>fotoerlaubnis</th><th>Videoerlaubnis</th><th>Bemerkung</th></tr>'; + foreach ($liste as &$person) { + $ret .='<tr id="pers_'.$person['id'].'"><td><a href="./person.php?id='.$person['id'].'">Bearbeiten</a></td><td>'.$person['id'].'</td><td>'.$person['uname'].'</td>'. + '<td>'.$person['nname'].'</td><td>'.$person['vname'].'</td><td>'.$person['gebdatum'].'</td><td>'.$person['nationaliaet'].'</td>'. + '<td>'.$person['sprachen'].'</td><td>'.$person['vorwissen'].'</td><td>'.$person['analphabet'].'</td><td>'.$person['fotoerlaubnis'].'</td>'. + '<td>'.$person['videoerlaubnis'].'</td><td>'.$person['bemerkungen'].'</td></tr>'; +/* echo '<div class="person" id="pers_'.$person['id'].'" style="border:1px solid black;"><div id="pers_'.$person['id'].'_vname">'.$person['vname'].'</div> + <div id="pers_'.$person['id'].'_nname">'.$person['nname'].'</div> <div id="pers_'.$person['id'].'_gebdatum">'.$person['gebdatum'].'</div> + <div id="pers_'.$person['id'].'_nationaliaet">'.$person['nationaliaet'].'</div> <div id="pers_'.$person['id'].'_sprachen">'.$person['sprachen'].'</div> + <div id="pers_'.$person['id'].'_vorwissen">'.$person['vorwissen'].'</div> <div id="pers_'.$person['id'].'_analphabet">'.$person['analphabet'].'</div> + <div id="pers_'.$person['id'].'_fotoerlaubnis">'.$person['fotoerlaubnis'].'</div> <div id="pers_'.$person['id'].'_videoerlaubnis">'.$person['videoerlaubnis'].'</div> + <div class="bemerkung" id="pers_'.$person['id'].'_bemerkungen">'.$person['bemerkungen'].'</div> + </div>';*/ + } + return $ret.'</table>'; +} + +function store_person(){ + if(!isset($_REQUEST['delete']) && !isset($_REQUEST['save'])) return 0; + +//var_export($_REQUEST); + + if(isset($_REQUEST['delete']))return db_delete_person($_REQUEST['id']); + if(isset($_REQUEST['save'])){ + + if(!isset($_REQUEST['vname']))return '-vname- not set!'; + $pdata['vname']=$_REQUEST['vname']; + + if(!isset($_REQUEST['nname']))return '-nname- not set!'; + $pdata['nname']=$_REQUEST['nname']; + + if(!isset($_REQUEST['gebdatum']))return '-gebdatum- not set!'; + $pdata['gebdatum']=$_REQUEST['gebdatum']; + + if(!isset($_REQUEST['nationaliaet']))return '-nationaliaet- not set!'; + $pdata['nationaliaet']=$_REQUEST['nationaliaet']; + + if(!isset($_REQUEST['sprachen']))return '-sprachen- not set!'; + $pdata['sprachen']=$_REQUEST['sprachen']; + + if(!isset($_REQUEST['vorwissen']))return '-vorwissen- not set!'; + $pdata['vorwissen']=$_REQUEST['vorwissen']; + + if(!isset($_REQUEST['analphabet']))return '-analphabet- not set!'; + $pdata['analphabet']=$_REQUEST['analphabet']; + + if(!isset($_REQUEST['fotoerlaubnis']))return '-fotoerlaubnis- not set!'; + $pdata['fotoerlaubnis']=$_REQUEST['fotoerlaubnis']; + + if(!isset($_REQUEST['videoerlaubnis']))return '-videoerlaubnis- not set!'; + $pdata['videoerlaubnis']=$_REQUEST['videoerlaubnis']; + + if(!isset($_REQUEST['bemerkungen']))return '-bemerkungen- not set!'; + $pdata['bemerkungen']=$_REQUEST['bemerkungen']; + + return db_store_person($_REQUEST['id'], $pdata); + } +} + +function get_person($id){ + if(!is_numeric($id)) return NULL; + return db_get_person($id); +} + diff --git a/index.php b/index.php new file mode 100644 index 0000000..23db70e --- /dev/null +++ b/index.php @@ -0,0 +1,5 @@ +<h1>anmeldesystem</h1> + +<p><a href="./list.php">zu der Liste der angemeldeten</a></p> +<p><a href="./stats.php">Stats</a></p> + diff --git a/list.php b/list.php new file mode 100644 index 0000000..1e5a475 --- /dev/null +++ b/list.php @@ -0,0 +1,12 @@ +<?php +require_once('./funcs.php'); + +login(); + +?> + +<h1>Anmeldungsliste</h1> +<p><a href="./person.php">Person hinzufügen</a></p> +<?php echo list_anmeldungen(); ?> +<p><a href="./person.php">Person hinzufügen</a></p> + diff --git a/person.php b/person.php new file mode 100644 index 0000000..044b727 --- /dev/null +++ b/person.php @@ -0,0 +1,79 @@ +<?php + +/** +* welcome.TU.code Anmeldesystem. +* by Jan Vales <jan@jvales.net> (aka. Someone <someone@somenet.org>) +*/ + +require_once('./funcs.php'); + +login(); + +$status = store_person(); +$person = get_person($_REQUEST['id']); + +if(isset($_REQUEST['api'])){ + header('Content-Type: application/json'); + header('Access-Control-Allow-Origin: *'); + mb_internal_encoding('UTF-8'); + $send['status'] = $status; + $send['person'] = $person; + exit(json_encode($send)); +} + +?> + +<h1>Person bearbeiten</h1> +<?php +if($status == 1 && isset($_REQUEST['delete'])){ + echo '<h2>Person gelöscht</h2>'; +}elseif($status == 1 && isset($_REQUEST['save'])){ + echo '<h2>Person aktualisiert</h2>'; +}elseif($status < 0){ + echo '<h2>Person angelegt. ID:'.-$status.'</h2>'; +} +?> +<p><a href="list.php">Zurück zur Ãbersicht</a></p> +<form method="post" enctype="multipart/form-data"> +<input type="submit" name="save" value="Speichern"> <input type="submit" name="delete" value="Löschen"> + +<p>Vorname(n)<br> +<input type="text" name="vname" value="<?php echo $person['vname'];?>"></p> +<p>Nachname(n)<br> +<input type="text" name="nname" value="<?php echo $person['nname'];?>"></p> +<p>Geboren<br> +<input type="text" name="gebdatum" value="<?php echo $person['gebdatum'];?>"></p> +<p>Nationalität<br> +<input type="text" name="nationaliaet" value="<?php echo $person['nationaliaet'];?>"></p> +<p>Sprachkenntnisse<br> +<input type="text" name="sprachen" value="<?php echo $person['sprachen'];?>"></p> +<p>Vorwissen<br> +<input type="text" name="vorwissen" value="<?php echo $person['vorwissen'];?>"></p> +<p>Analphabet<br> +<input type="text" name="analphabet" value="<?php echo $person['analphabet'];?>"></p> +<p>Fotoerlaubnis<br> +<input type="text" name="fotoerlaubnis" value="<?php echo $person['fotoerlaubnis'];?>"></p> +<p>Videoerlaubnis<br> +<input type="text" name="videoerlaubnis" value="<?php echo $person['videoerlaubnis'];?>"></p> +<p>Besonderes/Bemerkungen<br> +<textarea rows="6" cols="50" name="bemerkungen"><?php echo $person['bemerkungen'];?></textarea></p> + +<input type="submit" name="save" value="Speichern"> <input type="submit" name="delete" value="Löschen"> +</form> +<p><a href="list.php">Zurück zur Ãbersicht</a></p> + +<?php + +/* + +<br>Comment or context:<br><textarea rows="3" cols="50" name="comment"></textarea><br>Hashtag, if needed:<br> +<input type="text" name="web_suffix"><br> + Image upload<br><input type="file" name="img"><br> + Image position:<br> + <input type="radio" id="imgtop" name="image_pos" value="1" checked="yes"><label for="imgtop">Top</label><br> + <input type="radio" id="imgbot" name="image_pos" value="2"><label for="imgbot">Bottom</label><br><br> + Comment for Admins/Mods:<br><textarea rows="3" cols="50" name="comment_intern"></textarea><br><br><input type="submit" name="submit" value="Submit"></form>'; +<form> + +*/ + diff --git a/settings.php.example b/settings.php.example new file mode 100644 index 0000000..3cae100 --- /dev/null +++ b/settings.php.example @@ -0,0 +1,11 @@ +<?php + +ini_set('display_errors',1); +ini_set('display_startup_errors',1); +error_reporting(-1); + +$GLOBALS['dbc'] = new PDO('pgsql:host=localhost;port=5432;dbname=SETME;user=SETME;password=SETME'); +$GLOBALS['dbc']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); +$GLOBALS['dbc']->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); + + diff --git a/stats.php b/stats.php new file mode 100644 index 0000000..eee7cea --- /dev/null +++ b/stats.php @@ -0,0 +1,10 @@ +<?php +require_once('./funcs.php'); + +login(); + +?> + +<h1>Stats</h1> +TODO, wenn überhaupt (kann-Ziel) + -- 2.43.0