MastodonStartpage/web/admin/edinstres.php

<?php

require('include/glob.php');
require('include/muoribene.php');
require('include/sessionstart.php');

require('include/menu.php');
$menu['istanze']['href']=null;
$menu['istanze']['selected']=true;
$menu['istanze']['submenu']['modifica']['href']=null;
$menu['istanze']['submenu']['modifica']['selected']=true;
buildmenu($menu);

require('include/myconn.php');

$dbg='';

use function mysqli_real_escape_string as myesc;

function hspech($str) {
	return(htmlspecialchars($str,ENT_QUOTES|ENT_HTML5,'UTF-8'));
}

$dbg.='<pre>'.print_r($_POST,1).'</pre>';

if (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1) {
	$instid=$_POST['id']+0;
	$res=mysqli_query($link,'SELECT * FROM Instances WHERE ID='.$instid)
		or muoribene(__LINE__.': '.mysqli_error($link),true);
	if (mysqli_num_rows($res)!=1)
		muoribene(__LINE__.': There is no instance with ID='.$instid.'.');
	$inst=mysqli_fetch_assoc($res);
}

if (!array_key_exists('id',$_POST) || !array_key_exists('OurDesc',$_POST) || !array_key_exists('OurDescEn',$_POST))
	muoribene(__LINE__.': Malformed input.',true);


$que='UPDATE Instances SET ';

(array_key_exists('Blacklisted',$_POST) && $_POST['Blacklisted']=='on') ? $sets[]='Blacklisted=1' : $sets[]='Blacklisted=0';

(array_key_exists('New',$_POST) && $_POST['New']=='on') ? $sets[]='New=1' : $sets[]='New=0';

(array_key_exists('Chosen',$_POST) && $_POST['Chosen']=='on') ? $sets[]='Chosen=1' : $sets[]='Chosen=0';

(array_key_exists('Visible',$_POST) && $_POST['Visible']=='on') ? $sets[]='Visible=1' : $sets[]='Visible=0';

$_POST['OurDesc']=trim($_POST['OurDesc']);
($_POST['OurDesc']!='') ? $sets[]='OurDesc=\''.myesc($link,$_POST['OurDesc']).'\'' : $sets[]='OurDesc=NULL';

$_POST['OurDescEn']=trim($_POST['OurDescEn']);
($_POST['OurDescEn']!='') ? $sets[]='OurDescEn=\''.myesc($link,$_POST['OurDescEn']).'\'' : $sets[]='OurDescEn=NULL';

if (array_key_exists('LocalityID',$_POST)) {
	if (preg_match('/^[0-9]+$/',$_POST['LocalityID'])===1)
		$sets[]='LocalityID='.($_POST['LocalityID']+0);
	else
		muoribene(__LINE__.': Malformed input.',true);
} else {
	$sets[]='LocalityID=NULL';
}

$que.=implode(', ',$sets).' WHERE ID='.$instid;
$dbg.='QUERONA: '.hspech($que).'<br>'.N;
mysqli_query($link,$que) or muoribene(__LINE__.': '.mysqli_error($link),true);

function multi(&$link,&$instid,&$dbg,$inpid,$table,$column,$line) {
	$queries=array();
	if (array_key_exists($inpid,$_POST)) {
		if (is_array($_POST[$inpid])) {
			$pos=0;
			foreach ($_POST[$inpid] as $val) {
				if (preg_match('/^[0-9]+$/',$val)===1) {
					$pos++;
					$val+=0;
					$queries[]='INSERT INTO '.$table.' (InstID, '.$column.', Pos) VALUES ('.$instid.', '.$val.', '.$pos.')';
				} else {
					muoribene($line.':'.__LINE__.': Malformed input.',true);
				}
			}
		} else {
			muoribene($line.':'.__LINE__.': Malformed input.',true);
		}
	} //qui niente "else {muoribene...}!
	$que='DELETE FROM '.$table.' WHERE InstID='.$instid;
	$dbg.='QUEROTTA: '.hspech($que).'<br>'.N;
	mysqli_query($link,$que) or muoribene($line.':'.__LINE__.': '.mysqli_error($link),true);
	foreach ($queries as $que) {
		$dbg.='QUERINA: '.hspech($que).'<br>'.N;
		mysqli_query($link,$que) or muoribene($line.':'.__LINE__.': '.mysqli_error($link),true);
	}
}

multi($link,$instid,$dbg,'ChosenLangs','InstOurLangs','OurLangID',__LINE__);
multi($link,$instid,$dbg,'ChosenFinModes','InstFinancing','FinID',__LINE__);
multi($link,$instid,$dbg,'ChosenPolicies','InstPolicies','PolID',__LINE__);
multi($link,$instid,$dbg,'ChosenTags','InstTags','TagID',__LINE__);

mysqli_close($link);

?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Mastodon Startpage Admin - «<?php echo($inst['URI']); ?>» form saved</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="Admin pages for Mastodon Startpage">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="icon" type="image/png" href="imgs/icona-32.png" sizes="32x32">
<link rel="icon" type="image/png" href="imgs/icona-192.png" sizes="192x192">
<link rel="icon" type="image/png" href="imgs/icona-512.png" sizes="512x512">
<link rel="apple-touch-icon-precomposed" href="imgs/icona-180.png">
<script language="JavaScript" src="js/menu.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript" src="js/confirma.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript" src="js/alerta.js?v=<?php echo($cjrand); ?>"></script>
<link rel="stylesheet" type="text/css" href="theme.css?v=<?php echo($cjrand); ?>">
<script language="JavaScript">
<!--
//-->
</script>
</head>
<body>

<nav>
<div id="hmenu">
<ul>
<?php echo($menuout); ?>
</ul>
<div id="rightdiv">
<a href="logout.php" class="rlinks"><img src="imgs/esci.svg" title="Sign out"></a>
</div>
</div>
</nav>

<div id="popup">
<div id="inpopup">
<div id="popupcont">
...
</div>
</div>
</div>

<!-- <div id="footer">
</div> -->

<div id="fullscreen">
<div id="middlerow">
...
</div>
</div>

<div id="debug">
<?php echo($dbg); ?>
</div>

</body>
</html>
... 2020-04-03 10:59:02 +02:00			`<?php`

			`require('include/glob.php');`
			`require('include/muoribene.php');`
			`require('include/sessionstart.php');`

			`require('include/menu.php');`
			`$menu['istanze']['href']=null;`
			`$menu['istanze']['selected']=true;`
			`$menu['istanze']['submenu']['modifica']['href']=null;`
			`$menu['istanze']['submenu']['modifica']['selected']=true;`
			`buildmenu($menu);`

			`require('include/myconn.php');`

			`$dbg='';`

			`use function mysqli_real_escape_string as myesc;`

			`function hspech($str) {`
			`return(htmlspecialchars($str,ENT_QUOTES\|ENT_HTML5,'UTF-8'));`
			`}`

			`$dbg.='<pre>'.print_r($_POST,1).'</pre>';`

			`if (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1) {`
			`$instid=$_POST['id']+0;`
			`$res=mysqli_query($link,'SELECT * FROM Instances WHERE ID='.$instid)`
			`or muoribene(__LINE__.': '.mysqli_error($link),true);`
			`if (mysqli_num_rows($res)!=1)`
			`muoribene(__LINE__.': There is no instance with ID='.$instid.'.');`
			`$inst=mysqli_fetch_assoc($res);`
			`}`

			`if (!array_key_exists('id',$_POST) \|\| !array_key_exists('OurDesc',$_POST) \|\| !array_key_exists('OurDescEn',$_POST))`
			`muoribene(__LINE__.': Malformed input.',true);`


			`$que='UPDATE Instances SET ';`

			`(array_key_exists('Blacklisted',$_POST) && $_POST['Blacklisted']=='on') ? $sets[]='Blacklisted=1' : $sets[]='Blacklisted=0';`

			`(array_key_exists('New',$_POST) && $_POST['New']=='on') ? $sets[]='New=1' : $sets[]='New=0';`

			`(array_key_exists('Chosen',$_POST) && $_POST['Chosen']=='on') ? $sets[]='Chosen=1' : $sets[]='Chosen=0';`

			`(array_key_exists('Visible',$_POST) && $_POST['Visible']=='on') ? $sets[]='Visible=1' : $sets[]='Visible=0';`

			`$_POST['OurDesc']=trim($_POST['OurDesc']);`
			`($_POST['OurDesc']!='') ? $sets[]='OurDesc=\''.myesc($link,$_POST['OurDesc']).'\'' : $sets[]='OurDesc=NULL';`

			`$_POST['OurDescEn']=trim($_POST['OurDescEn']);`
			`($_POST['OurDescEn']!='') ? $sets[]='OurDescEn=\''.myesc($link,$_POST['OurDescEn']).'\'' : $sets[]='OurDescEn=NULL';`

			`if (array_key_exists('LocalityID',$_POST)) {`
			`if (preg_match('/^[0-9]+$/',$_POST['LocalityID'])===1)`
			`$sets[]='LocalityID='.($_POST['LocalityID']+0);`
			`else`
			`muoribene(__LINE__.': Malformed input.',true);`
			`} else {`
			`$sets[]='LocalityID=NULL';`
			`}`

			`$que.=implode(', ',$sets).' WHERE ID='.$instid;`
			`$dbg.='QUERONA: '.hspech($que).'<br>'.N;`
			`mysqli_query($link,$que) or muoribene(__LINE__.': '.mysqli_error($link),true);`

			`function multi(&$link,&$instid,&$dbg,$inpid,$table,$column,$line) {`
			`$queries=array();`
			`if (array_key_exists($inpid,$_POST)) {`
			`if (is_array($_POST[$inpid])) {`
			`$pos=0;`
			`foreach ($_POST[$inpid] as $val) {`
			`if (preg_match('/^[0-9]+$/',$val)===1) {`
			`$pos++;`
			`$val+=0;`
			`$queries[]='INSERT INTO '.$table.' (InstID, '.$column.', Pos) VALUES ('.$instid.', '.$val.', '.$pos.')';`
			`} else {`
			`muoribene($line.':'.__LINE__.': Malformed input.',true);`
			`}`
			`}`
			`} else {`
			`muoribene($line.':'.__LINE__.': Malformed input.',true);`
			`}`
			`} //qui niente "else {muoribene...}!`
			`$que='DELETE FROM '.$table.' WHERE InstID='.$instid;`
			`$dbg.='QUEROTTA: '.hspech($que).'<br>'.N;`
			`mysqli_query($link,$que) or muoribene($line.':'.__LINE__.': '.mysqli_error($link),true);`
			`foreach ($queries as $que) {`
			`$dbg.='QUERINA: '.hspech($que).'<br>'.N;`
			`mysqli_query($link,$que) or muoribene($line.':'.__LINE__.': '.mysqli_error($link),true);`
			`}`
			`}`

			`multi($link,$instid,$dbg,'ChosenLangs','InstOurLangs','OurLangID',__LINE__);`
			`multi($link,$instid,$dbg,'ChosenFinModes','InstFinancing','FinID',__LINE__);`
			`multi($link,$instid,$dbg,'ChosenPolicies','InstPolicies','PolID',__LINE__);`
			`multi($link,$instid,$dbg,'ChosenTags','InstTags','TagID',__LINE__);`

			`mysqli_close($link);`

			`?>`
			`<!DOCTYPE HTML>`
			`<html lang="en">`
			`<head>`
			`<title>Mastodon Startpage Admin - «<?php echo($inst['URI']); ?>» form saved</title>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8">`
			`<meta name="description" content="Admin pages for Mastodon Startpage">`
			`<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">`
			`<link rel="icon" type="image/png" href="imgs/icona-32.png" sizes="32x32">`
			`<link rel="icon" type="image/png" href="imgs/icona-192.png" sizes="192x192">`
			`<link rel="icon" type="image/png" href="imgs/icona-512.png" sizes="512x512">`
			`<link rel="apple-touch-icon-precomposed" href="imgs/icona-180.png">`
			`<script language="JavaScript" src="js/menu.js?v=<?php echo($cjrand); ?>"></script>`
			`<script language="JavaScript" src="js/confirma.js?v=<?php echo($cjrand); ?>"></script>`
			`<script language="JavaScript" src="js/alerta.js?v=<?php echo($cjrand); ?>"></script>`
			`<link rel="stylesheet" type="text/css" href="theme.css?v=<?php echo($cjrand); ?>">`
			`<script language="JavaScript">`
			`<!--`
			`//-->`
			`</script>`
			`</head>`
			`<body>`

			`<nav>`
			`<div id="hmenu">`
			`<ul>`
			`<?php echo($menuout); ?>`
			`</ul>`
			`<div id="rightdiv">`
			`<a href="logout.php" class="rlinks"><img src="imgs/esci.svg" title="Sign out"></a>`
			`</div>`
			`</div>`
			`</nav>`

			`<div id="popup">`
			`<div id="inpopup">`
			`<div id="popupcont">`
			`...`
			`</div>`
			`</div>`
			`</div>`

			`<!-- <div id="footer">`
			`</div> -->`

			`<div id="fullscreen">`
			`<div id="middlerow">`
			`...`
			`</div>`
			`</div>`

			`<div id="debug">`
			`<?php echo($dbg); ?>`
			`</div>`

			`</body>`
			`</html>`