diff options
Diffstat (limited to 'report')
-rw-r--r-- | report/delete.php | 28 | ||||
-rw-r--r-- | report/edit.php | 43 | ||||
-rw-r--r-- | report/update.php | 28 | ||||
-rw-r--r-- | report/view.php | 32 |
4 files changed, 131 insertions, 0 deletions
diff --git a/report/delete.php b/report/delete.php new file mode 100644 index 0000000..1e43244 --- /dev/null +++ b/report/delete.php @@ -0,0 +1,28 @@ +<?php +require '../config.php'; +require_once(TEMPLATES_PATH . "/header.php"); +require_once(TEMPLATES_PATH . "/panel.php"); +require_once(LIBRARY_PATH . "/functions.php"); + +if(!session_set()) { + echo "You need to be logged in"; + goto redirect; +} + +if($_GET['id'] == "") { + echo "No report to delete"; + goto redirect; +} + +$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); +$query = $conn->prepare("DELETE FROM reports WHERE id=:report_id"); +$query->bindParam(':report_id', $_GET['id']); +if($query->execute()) { + echo "<h2>report deleted</h2>"; +} else { + echo "<h2>report failed to delete</h2>"; +} + +redirect: header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]"); +footer: require_once(TEMPLATES_PATH . "/footer.php"); +?> diff --git a/report/edit.php b/report/edit.php new file mode 100644 index 0000000..ef289bd --- /dev/null +++ b/report/edit.php @@ -0,0 +1,43 @@ +<?php +require '../config.php'; +require_once(TEMPLATES_PATH . "/header.php"); +require_once(TEMPLATES_PATH . "/panel.php"); +require_once(LIBRARY_PATH . "/functions.php"); + +if(!session_set()) { + header("Refresh: 2; URL={$config['urls']['base']}"); + goto footer; +} + +$id = isset($_GET['id']) ? $_GET['id'] : ""; +$title = ""; +$submitter = $_SESSION['user_name']; +$description = ""; + +if($id != "") { + $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); + $query = $conn->prepare("SELECT title, description, users.username AS submitter FROM reports + JOIN users ON reports.author=users.id + WHERE reports.id=:report_id"); + $query->bindParam(':report_id', $id); + $query->execute(); + + $result = $query->fetch(); + $title = $result['title']; + $submitter = $result['submitter']; + $description = $result['description']; +} + +?> + +<form action="update.php?id=<?php echo $id; ?>" method="post"> +<input name="id" type="hidden" value="<?php echo $id; ?>"> +<p>Title: <input name="title" type="text" value="<?php echo $title; ?>"></p> +<p>Submitted by: <?php echo $submitter; ?></p> +<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $description; ?></textarea></p> +<input type="submit" value="submit" > +</form> + +<?php +footer: require_once(TEMPLATES_PATH . "/footer.php"); +?> diff --git a/report/update.php b/report/update.php new file mode 100644 index 0000000..0fadb53 --- /dev/null +++ b/report/update.php @@ -0,0 +1,28 @@ +<?php +require '../config.php'; +require_once(TEMPLATES_PATH . "/header.php"); +require_once(TEMPLATES_PATH . "/panel.php"); +require_once(LIBRARY_PATH . "/functions.php"); + +if(session_set()) { + $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); + $query = $_POST['id'] == "" ? + $conn->prepare("INSERT INTO reports (author, title, description) VALUES (:user_id, :title, :description)") + : $conn->prepare("UPDATE reports SET title=:title, description=:description WHERE id=:report_id"); + if($_POST['id'] == "") { + $query->bindParam(':user_id', $_SESSION['user_id']); + } else { + $query->bindParam(':report_id', $_POST['id']); + } + $query->bindParam(':title', $_POST['title']); + $query->bindParam(':description', $_POST['description']); + if($query->execute()) { + echo "<h2>report submitted</h2>"; + } else { + echo "<h2>report failed to submit</h2>"; + } +} + +header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]"); +footer: require_once(TEMPLATES_PATH . "/footer.php"); +?> diff --git a/report/view.php b/report/view.php new file mode 100644 index 0000000..479f90e --- /dev/null +++ b/report/view.php @@ -0,0 +1,32 @@ +<?php +require '../config.php'; +require_once(TEMPLATES_PATH . "/header.php"); +require_once(TEMPLATES_PATH . "/panel.php"); +require_once(LIBRARY_PATH . "/functions.php"); +require_once(LIBRARY_PATH . "/parsedown.php"); + +if(!isset($_GET['id']) || $_GET['id'] == "") { + echo "<div id='error'>No report selected, redirecting to index...</div>"; + header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]"); + goto footer; +} + +$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); +$query = $conn->prepare("SELECT title, description, users.username AS submitter FROM reports + JOIN users ON reports.author = users.id WHERE reports.id=:report_id"); +$query->bindParam(':report_id', $_GET['id']); +$query->execute(); +$result = $query->fetch(); + +$markdown = new Parsedown(); + +echo "<p><b>$result[title]</b></p>"; +echo "<p>Submitted by $result[submitter]</p>"; +echo '<p>' . $markdown->text($result['description']) . '</p>'; + +if(session_set()) { + echo "<p><a href=edit.php?id=$_GET[id]>Edit</a> | <a href=delete.php?id=$_GET[id]>Delete</a></p>"; +} + +footer: require_once(TEMPLATES_PATH . "/footer.php"); +?> |