ResultManager/subs/part/phases_backend.php
2019-08-08 16:58:29 +03:00

158 lines
5.3 KiB
PHP

<?php
/**
* /subs/phases_backend.php
* @version 1.0
* @desc backend for phases
* @author Fándly Gergő Zoltán (fandlygergo@gmail.hu, systemtest.tk)
* @copy 2017 Fándly Gergő Zoltán
* License:
Result Manager for managing results of students in bilingual school systems.
Copyright (C) 2017 Fándly Gergő Zoltán
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
**/
try{
if(isset($_GET['list'])){
$filter="WHERE id<>0";
$filter_array=array();
if(isset($_POST['filter'])){
if(isset($_POST['f_search'])){
if($_POST['f_search']!=""){
$filter.=" and (name_1 LIKE ? or name_2 LIKE ?)";
array_push($filter_array, "%".$_POST['f_search']."%", "%".$_POST['f_search']."%");
}
}
}
$sql=$db->prepare("SELECT id, name_1, name_2 FROM phases ".$filter." ORDER BY name_1 ASC, name_2 ASC");
$sql->execute($filter_array);
echo "
<table class=\"table\">
<thead>
<tr>
<th data-breakpoints=\"xs sm md\">".$lang['id']."</th>
<th>".$lang['name_1']."</th>
<th>".$lang['name_2']."</th>
".($_SESSION['accesslevel']>=3?"<th data-breakpoints=\"xs sm\">".$lang['tools']."</th>":"")."
</tr>
</thead>
<tbody>
";
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "
<tr>
<td>".$row['id']."</td>
<td>".$row['name_1']."</td>
<td>".$row['name_2']."</td>
".($_SESSION['accesslevel']>=3?"<td>
<button type=\"button\" onclick=\"phasesEdit(".$row['id'].")\">".$lang['edit']."</button>
<button type=\"button\" onclick=\"phasesDelete(".$row['id'].", this)\">".$lang['delete']."</button>
</td>":"")."
</tr>
";
}
echo "
</tbody>
</table>
";
}
if(isset($_POST['new'])){
if($_SESSION['accesslevel']<3){
functions::setError(401);
}
else{
$sql=$db->prepare("SELECT COUNT(id) AS count FROM phases WHERE name_1=:n1 or name_2=:n2");
$sql->execute(array(":n1"=>$_POST['name_1'], ":n2"=>$_POST['name_2']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']>0){
functions::setError(9);
}
else{
$sql=$db->prepare("INSERT INTO phases (name_1, name_2) VALUES (:n1, :n2)");
$sql->execute(array(":n1"=>$_POST['name_1'], ":n2"=>$_POST['name_2']));
$res=$sql->rowCount();
if($res>0){
functions::setMessage(3);
}
else{
functions::setError(4);
}
}
}
}
if(isset($_POST['delete'])){
if($_SESSION['accesslevel']<3){
functions::setError(401);
}
else{
$sql=$db->prepare("DELETE FROM phases WHERE id=:id");
$sql->execute(array(":id"=>$_POST['delete']));
$res=$sql->rowCount();
if($res>0){
functions::setMessage(4);
}
else{
functions::setError(4);
}
}
}
if(isset($_GET['getdata'])){
$sql=$db->prepare("SELECT COUNT(id) AS count, id, name_1, name_2 FROM phases WHERE id=:id");
$sql->execute(array(":id"=>$_GET['getdata']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){
functions::setError(6);
}
else{
echo json_encode($res);
}
}
if(isset($_POST['edit'])){
if($_SESSION['accesslevel']<3){
functions::setError(401);
}
else{
$sql=$db->prepare("SELECT COUNT(id) AS count FROM phases WHERE id=:id");
$sql->execute(array(":id"=>$_POST['edit']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){
functions::setError(6);
}
else{
$sql=$db->prepare("UPDATE phases SET name_1=:n1, name_2=:n2 WHERE id=:id");
$sql->execute(array(":n1"=>$_POST['name_1'], ":n2"=>$_POST['name_2'], ":id"=>$_POST['edit']));
$res=$sql->rowCount();
if($res>0){
functions::setMessage(5);
}
else{
functions::setError(4);
}
}
}
}
}
catch(Exception $e){
functions::setError(500);
error_log($e);
}