From cf270f3726a8037ebef80888eb510172688e13a7 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Fri, 30 Apr 2021 09:35:40 +0300
Subject: CRUD bugs

---
 bug/delete.php | 28 ++++++++++++++++++++++++++++
 bug/edit.php   | 45 +++++++++++++++++++++++++++------------------
 bug/update.php | 31 +++++++++++++------------------
 bug/view.php   | 34 +++++++++++++++++++---------------
 4 files changed, 87 insertions(+), 51 deletions(-)

(limited to 'bug')

diff --git a/bug/delete.php b/bug/delete.php
index e69de29..9054151 100644
--- a/bug/delete.php
+++ b/bug/delete.php
@@ -0,0 +1,28 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+if(!session_set()) {
+    echo "You need to be logged in";
+    goto redirect;
+}
+
+if($_GET['id'] == "") {
+    echo "No bug to delete";
+    goto redirect;
+}
+
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("DELETE FROM bugs WHERE id=:bug_id");
+$query->bindParam(':bug_id', $_GET['id']);
+if($query->execute()) {
+    echo "<h2>bug deleted</h2>";
+} else {
+    echo "<h2>bug failed to delete</h2>";
+}
+
+redirect: header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
+?>
diff --git a/bug/edit.php b/bug/edit.php
index 7eba339..ad1ea36 100644
--- a/bug/edit.php
+++ b/bug/edit.php
@@ -1,33 +1,42 @@
 <?php
-require 'config.php';
+require '../config.php';
 require_once(TEMPLATES_PATH . "/header.php");
 require_once(TEMPLATES_PATH . "/panel.php");
 require_once(LIBRARY_PATH . "/functions.php");
 
-if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No bug selected, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
-
-} else if(!isset($_SESSION['user_id']) || $_SESSION['user_id'] == "") {
+if(!session_set()) {
     echo "<div id='error'>Not logged in, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
+    header("Refresh: 2; URL={$config['urls']['base']}");
+    goto footer;
+}
+
+$id = isset($_GET['id']) ? $_GET['id'] : "";
+$title = "";
+$submitter = $_SESSION['user_name'];
+$description = "";
 
-} else {
+if($id != "") {
     $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $query = $conn->prepare("SELECT title, description, users.username AS submitter FROM bugs 
+        JOIN users ON bugs.author=users.id WHERE bugs.id=:bug_id");
+    $query->bindParam(':bug_id', $id);
+    $query->execute();
 
-    $query = "SELECT title, description, users.username AS submitter FROM bugs JOIN users ON bugs.author = users.id WHERE bugs.id=$_GET[id]";
-    $result = $conn->query($query)->fetch();
+    $result = $query->fetch();
+    $title = $result['title'];
+    $submitter = $result['submitter'];
+    $description = $result['description'];
+}
 ?>
 
-<form action="update.php?id=<?php echo $_GET['id']; ?>" method="post">
-<p>Title: <input name="title" type="text" value="<?php echo $result['title']; ?>"></p>
-<p>Submitted by: <?php echo $result['submitter']; ?></p>
-<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $result['description']; ?></textarea></p>
-<input type="submit" value="update" >
+<form action="update.php?id=<?php echo $id; ?>" method="post">
+<input name="id" type="hidden" value="<?php echo $id; ?>">
+<p>Title: <input name="title" type="text" value="<?php echo $title; ?>"></p>
+<p>Submitted by: <?php echo $submitter; ?></p>
+<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $description; ?></textarea></p>
+<input type="submit" value="submit" >
 </form>
 
 <?php
-}
-
-require_once(TEMPLATES_PATH . "/footer.php");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
 ?>
diff --git a/bug/update.php b/bug/update.php
index f27cdd4..0ee6e26 100644
--- a/bug/update.php
+++ b/bug/update.php
@@ -1,35 +1,30 @@
 <?php
-require 'config.php';
+require '../config.php';
 require_once(TEMPLATES_PATH . "/header.php");
 require_once(TEMPLATES_PATH . "/panel.php");
 require_once(LIBRARY_PATH . "/functions.php");
 
-if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No bug selected, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
-
-} else if(!isset($_SESSION['user_id']) || $_SESSION['user_id'] == "") {
-    echo "<div id='error'>Not logged in, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
-
-} else {
+if(session_set()) {
     $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-
-    $query = $conn->prepare("UPDATE bugs SET title=:title, description=:description WHERE id=:id");
+    $query = $_POST['id'] == "" ?
+        $conn->prepare("INSERT INTO bugs (author, title, description) VALUES (:user_id, :title, :description)")
+      : $conn->prepare("UPDATE bugs SET title=:title, description=:description WHERE id=:bug_id");
+    if($_POST['id'] == "") {
+        $query->bindParam(':user_id', $_SESSION['user_id']);
+    } else {
+        $query->bindParam(':bug_id', $_POST['id']);
+    }
     $query->bindParam(':title', $_POST['title']);
     $query->bindParam(':description', $_POST['description']);
-    $query->bindParam(':id', $_GET['id']);
     
     if ($query->execute()) {
         echo "Data is updated\n";
     } else {
-        echo "User must have sent wrong inputs\n";
+        echo "Query failed\n";
     }
-
-    header("Refresh: 2; URL=view.php?id=$_GET[id]");
-
 }
 
-require_once(TEMPLATES_PATH . "/footer.php");
+header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
 ?>
 
diff --git a/bug/view.php b/bug/view.php
index 2468abb..d1e4335 100644
--- a/bug/view.php
+++ b/bug/view.php
@@ -1,28 +1,32 @@
 <?php
-require 'config.php';
+require '../config.php';
 require_once(TEMPLATES_PATH . "/header.php");
 require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
 require_once(LIBRARY_PATH . "/parsedown.php");
 
 if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No bug selected, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
+    echo "<div id='error'>No bug selected...</div>";
+    header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+    goto footer;
+}
 
-} else {
-    if(isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") {
-        echo "<p><a href=edit.php?id=$_GET[id]>Edit</a></p>";
-    }
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("SELECT title, description, users.username AS submitter FROM bugs 
+    JOIN users ON bugs.author = users.id WHERE bugs.id=:bug_id");
+$query->bindParam(':bug_id', $_GET['id']);
+$query->execute();
+$result = $query->fetch();
 
-    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-    $markdown = new Parsedown();
+$markdown = new Parsedown();
 
-    $query = "SELECT title, description, users.username AS submitter FROM bugs JOIN users ON bugs.author = users.id WHERE bugs.id=$_GET[id]";
-    $result = $conn->query($query)->fetch();
+echo "<p><b>$result[title]</b></p>";
+echo "<p>Submitted by $result[submitter]</p>";
+echo '<p>' . $markdown->text($result['description']) . '</p>';
 
-    echo "<p><b>$result[title]</b></p>";
-    echo "<p>Submitted by $result[submitter]</p>";
-    echo '<p>' . $markdown->text($result['description']) . '</p>';
+if(session_set()) {
+    echo "<p><a href=edit.php?id=$_GET[id]>Edit</a> | <a href=delete.php?id=$_GET[id]>Delete</a></p>";
 }
 
-require_once(TEMPLATES_PATH . "/footer.php");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
 ?>
-- 
cgit v1.2.1