MastodonStartpage/web/admin/edinstres.php

165 lines
5.4 KiB
PHP
Raw Normal View History

2020-04-03 10:59:02 +02:00
<?php
require('include/glob.php');
require('include/muoribene.php');
require('include/sessionstart.php');
2020-04-17 23:57:02 +02:00
require('include/myconn.php');
require('include/getadmacc.php');
2020-04-03 10:59:02 +02:00
require('include/menu.php');
2020-04-17 23:57:02 +02:00
$menu['menu']['selected']=true;
2020-04-21 12:35:53 +02:00
$menu['menu']['submenu']['instances']['selected']=true;
2020-04-03 10:59:02 +02:00
buildmenu($menu);
$dbg='';
use function mysqli_real_escape_string as myesc;
function hspech($str) {
return(htmlspecialchars($str,ENT_QUOTES|ENT_HTML5,'UTF-8'));
}
$dbg.='<pre>'.print_r($_POST,1).'</pre>';
if (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1) {
$instid=$_POST['id']+0;
2020-04-21 12:35:53 +02:00
$res=mysqli_query($link,'SELECT ID FROM Instances WHERE ID='.$instid)
2020-04-03 10:59:02 +02:00
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)!=1)
muoribene(__LINE__.': There is no instance with ID='.$instid.'.');
}
2020-04-04 19:17:10 +02:00
if (!array_key_exists('id',$_POST) || !array_key_exists('OurDesc',$_POST) || !array_key_exists('OurDescEN',$_POST))
2020-04-03 10:59:02 +02:00
muoribene(__LINE__.': Malformed input.',true);
$que='UPDATE Instances SET ';
(array_key_exists('Blacklisted',$_POST) && $_POST['Blacklisted']=='on') ? $sets[]='Blacklisted=1' : $sets[]='Blacklisted=0';
(array_key_exists('New',$_POST) && $_POST['New']=='on') ? $sets[]='New=1' : $sets[]='New=0';
(array_key_exists('Chosen',$_POST) && $_POST['Chosen']=='on') ? $sets[]='Chosen=1' : $sets[]='Chosen=0';
(array_key_exists('Visible',$_POST) && $_POST['Visible']=='on') ? $sets[]='Visible=1' : $sets[]='Visible=0';
2020-04-04 19:17:10 +02:00
(array_key_exists('OurLangsLock',$_POST) && $_POST['OurLangsLock']=='on') ? $sets[]='OurLangsLock=1' : $sets[]='OurLangsLock=0';
2020-04-03 10:59:02 +02:00
$_POST['OurDesc']=trim($_POST['OurDesc']);
($_POST['OurDesc']!='') ? $sets[]='OurDesc=\''.myesc($link,$_POST['OurDesc']).'\'' : $sets[]='OurDesc=NULL';
2020-04-04 19:17:10 +02:00
$_POST['OurDescEN']=trim($_POST['OurDescEN']);
($_POST['OurDescEN']!='') ? $sets[]='OurDescEN=\''.myesc($link,$_POST['OurDescEN']).'\'' : $sets[]='OurDescEN=NULL';
2020-04-03 10:59:02 +02:00
if (array_key_exists('LocalityID',$_POST)) {
if (preg_match('/^[0-9]+$/',$_POST['LocalityID'])===1)
$sets[]='LocalityID='.($_POST['LocalityID']+0);
else
muoribene(__LINE__.': Malformed input.',true);
} else {
$sets[]='LocalityID=NULL';
}
2020-04-21 12:35:53 +02:00
$que.=implode(', ',$sets).', LastGuestEdit='.time().' WHERE ID='.$instid;
2020-04-03 10:59:02 +02:00
$dbg.='QUERONA: '.hspech($que).'<br>'.N;
mysqli_query($link,$que) or muoribene(__LINE__.': '.mysqli_error($link),true);
function multi(&$link,&$instid,&$dbg,$inpid,$table,$column,$line) {
$queries=array();
if (array_key_exists($inpid,$_POST)) {
if (is_array($_POST[$inpid])) {
$pos=0;
foreach ($_POST[$inpid] as $val) {
if (preg_match('/^[0-9]+$/',$val)===1) {
$pos++;
$val+=0;
$queries[]='INSERT INTO '.$table.' (InstID, '.$column.', Pos) VALUES ('.$instid.', '.$val.', '.$pos.')';
} else {
muoribene($line.':'.__LINE__.': Malformed input.',true);
}
}
} else {
muoribene($line.':'.__LINE__.': Malformed input.',true);
}
} //qui niente "else {muoribene...}!
$que='DELETE FROM '.$table.' WHERE InstID='.$instid;
$dbg.='QUEROTTA: '.hspech($que).'<br>'.N;
mysqli_query($link,$que) or muoribene($line.':'.__LINE__.': '.mysqli_error($link),true);
foreach ($queries as $que) {
$dbg.='QUERINA: '.hspech($que).'<br>'.N;
mysqli_query($link,$que) or muoribene($line.':'.__LINE__.': '.mysqli_error($link),true);
}
}
multi($link,$instid,$dbg,'ChosenLangs','InstOurLangs','OurLangID',__LINE__);
multi($link,$instid,$dbg,'ChosenFinModes','InstFinancing','FinID',__LINE__);
multi($link,$instid,$dbg,'ChosenPolicies','InstPolicies','PolID',__LINE__);
multi($link,$instid,$dbg,'ChosenTags','InstTags','TagID',__LINE__);
2020-04-21 12:35:53 +02:00
$res=mysqli_query($link,'SELECT *, ID AS IID FROM Instances WHERE ID='.$instid)
or muoribene(__LINE__.': '.mysqli_error($link),true);
$inst=mysqli_fetch_assoc($res);
2020-04-17 23:57:02 +02:00
require('include/columns.php');
require('include/dispinst.php');
$out=dispinst($inst,$cols,$link,$dlang,false,0,0);
2020-04-03 10:59:02 +02:00
mysqli_close($link);
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Mastodon Startpage Admin - «<?php echo($inst['URI']); ?>» form saved</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="Admin pages for Mastodon Startpage">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="icon" type="image/png" href="imgs/icona-32.png" sizes="32x32">
<link rel="icon" type="image/png" href="imgs/icona-192.png" sizes="192x192">
<link rel="icon" type="image/png" href="imgs/icona-512.png" sizes="512x512">
<link rel="apple-touch-icon-precomposed" href="imgs/icona-180.png">
<script language="JavaScript" src="js/menu.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript" src="js/confirma.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript" src="js/alerta.js?v=<?php echo($cjrand); ?>"></script>
<link rel="stylesheet" type="text/css" href="theme.css?v=<?php echo($cjrand); ?>">
<script language="JavaScript">
<!--
//-->
</script>
</head>
<body>
<nav>
<div id="hmenu">
<ul>
<?php echo($menuout); ?>
</ul>
2020-04-17 23:57:02 +02:00
<div class="mtit">Editing results for «<?php echo($inst['URI']); ?>»</div>
2020-04-03 10:59:02 +02:00
<div id="rightdiv">
2020-04-21 12:35:53 +02:00
<img src="imgs/esci.svg" class="rlinks" title="Logout" onclick="document.location.href='logout.php';">
2020-04-03 10:59:02 +02:00
</div>
</div>
</nav>
<div id="popup">
<div id="inpopup">
<div id="popupcont">
...
</div>
</div>
</div>
<!-- <div id="footer">
</div> -->
<div id="fullscreen">
<div id="middlerow">
2020-04-17 23:57:02 +02:00
<?php echo($out); ?>
2020-04-03 10:59:02 +02:00
</div>
</div>
<div id="debug">
<?php echo($dbg); ?>
</div>
</body>
</html>