From 7319816b7c712cd16d6e83bcd617c95943b79be6 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Thu, 29 Apr 2021 20:43:35 +0300
Subject: CRUD reports

---
 report/delete.php | 28 ++++++++++++++++++++++++++++
 report/edit.php   | 43 +++++++++++++++++++++++++++++++++++++++++++
 report/update.php | 28 ++++++++++++++++++++++++++++
 report/view.php   | 32 ++++++++++++++++++++++++++++++++
 4 files changed, 131 insertions(+)
 create mode 100644 report/delete.php
 create mode 100644 report/edit.php
 create mode 100644 report/update.php
 create mode 100644 report/view.php

(limited to 'report')

diff --git a/report/delete.php b/report/delete.php
new file mode 100644
index 0000000..1e43244
--- /dev/null
+++ b/report/delete.php
@@ -0,0 +1,28 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+if(!session_set()) {
+    echo "You need to be logged in";
+    goto redirect;
+}
+
+if($_GET['id'] == "") {
+    echo "No report to delete";
+    goto redirect;
+}
+
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("DELETE FROM reports WHERE id=:report_id");
+$query->bindParam(':report_id', $_GET['id']);
+if($query->execute()) {
+    echo "<h2>report deleted</h2>";
+} else {
+    echo "<h2>report failed to delete</h2>";
+}
+
+redirect: header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
+?>
diff --git a/report/edit.php b/report/edit.php
new file mode 100644
index 0000000..ef289bd
--- /dev/null
+++ b/report/edit.php
@@ -0,0 +1,43 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+if(!session_set()) {
+    header("Refresh: 2; URL={$config['urls']['base']}");
+    goto footer;
+}
+
+$id = isset($_GET['id']) ? $_GET['id'] : "";
+$title = "";
+$submitter = $_SESSION['user_name'];
+$description = "";
+
+if($id != "") {
+    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $query = $conn->prepare("SELECT title, description, users.username AS submitter FROM reports 
+        JOIN users ON reports.author=users.id 
+        WHERE reports.id=:report_id");
+    $query->bindParam(':report_id', $id);
+    $query->execute();
+
+    $result = $query->fetch();
+    $title = $result['title'];
+    $submitter = $result['submitter'];
+    $description = $result['description'];
+}
+
+?>
+
+<form action="update.php?id=<?php echo $id; ?>" method="post">
+<input name="id" type="hidden" value="<?php echo $id; ?>">
+<p>Title: <input name="title" type="text" value="<?php echo $title; ?>"></p>
+<p>Submitted by: <?php echo $submitter; ?></p>
+<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $description; ?></textarea></p>
+<input type="submit" value="submit" >
+</form>
+
+<?php
+footer: require_once(TEMPLATES_PATH . "/footer.php");
+?>
diff --git a/report/update.php b/report/update.php
new file mode 100644
index 0000000..0fadb53
--- /dev/null
+++ b/report/update.php
@@ -0,0 +1,28 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+if(session_set()) {
+    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $query = $_POST['id'] == "" ?
+        $conn->prepare("INSERT INTO reports (author, title, description) VALUES (:user_id, :title, :description)")
+      : $conn->prepare("UPDATE reports SET title=:title, description=:description WHERE id=:report_id");
+    if($_POST['id'] == "") {
+        $query->bindParam(':user_id', $_SESSION['user_id']);
+    } else {
+        $query->bindParam(':report_id', $_POST['id']);
+    }
+    $query->bindParam(':title', $_POST['title']);
+    $query->bindParam(':description', $_POST['description']);
+    if($query->execute()) {
+        echo "<h2>report submitted</h2>";
+    } else {
+        echo "<h2>report failed to submit</h2>";
+    }
+}
+
+header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
+?>
diff --git a/report/view.php b/report/view.php
new file mode 100644
index 0000000..479f90e
--- /dev/null
+++ b/report/view.php
@@ -0,0 +1,32 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+require_once(LIBRARY_PATH . "/parsedown.php");
+
+if(!isset($_GET['id']) || $_GET['id'] == "") {
+    echo "<div id='error'>No report selected, redirecting to index...</div>";
+    header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+    goto footer;
+}
+
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("SELECT title, description, users.username AS submitter FROM reports 
+    JOIN users ON reports.author = users.id WHERE reports.id=:report_id");
+$query->bindParam(':report_id', $_GET['id']);
+$query->execute();
+$result = $query->fetch();
+
+$markdown = new Parsedown();
+
+echo "<p><b>$result[title]</b></p>";
+echo "<p>Submitted by $result[submitter]</p>";
+echo '<p>' . $markdown->text($result['description']) . '</p>';
+
+if(session_set()) {
+    echo "<p><a href=edit.php?id=$_GET[id]>Edit</a> | <a href=delete.php?id=$_GET[id]>Delete</a></p>";
+}
+
+footer: require_once(TEMPLATES_PATH . "/footer.php");
+?>
-- 
cgit v1.2.1