diff options
| -rw-r--r-- | dbinit.sql | 2 | ||||
| -rw-r--r-- | manageservices.php | 132 | ||||
| -rw-r--r-- | manageusers.php | 34 |
3 files changed, 159 insertions, 9 deletions
@@ -16,7 +16,7 @@ CREATE TABLE `arfnet2`.`services` ( `id` INT NOT NULL AUTO_INCREMENT , `name` VARCHAR(255) NOT NULL , `type` ENUM('free','standard','premium') NOT NULL , - `billing` DECIMAL NOT NULL , + `billing` TEXT NOT NULL , `description` TEXT NOT NULL , PRIMARY KEY (`id`) ); diff --git a/manageservices.php b/manageservices.php new file mode 100644 index 0000000..c8a17ed --- /dev/null +++ b/manageservices.php @@ -0,0 +1,132 @@ +<?php + +session_start(); + +if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ + header("location: /login.php"); + exit; +} + +$username = $_SESSION["username"]; +$type = $_SESSION["type"]; + +if ($type != "admin") die("Permission denied."); + +require_once "config.php"; + +// Get services +$sql = "SELECT id, name, type, billing, description FROM services"; +$stmt = mysqli_prepare($link, $sql); +mysqli_stmt_execute($stmt); +$result = mysqli_stmt_get_result($stmt); +$services = $result->fetch_all(MYSQLI_ASSOC); + +// GET actions +// delete entry +if (isset($_GET["del"])) { + $sql = "DELETE FROM services WHERE id = ?"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "s", $param_id); + $param_id = $_GET["del"]; + if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) { + echo "SQL error."; + } else header("location: ".$_SERVER['SCRIPT_NAME']); +} + +// POST actions +if ($_SERVER["REQUEST_METHOD"] == "POST") { + // add entry + if (isset($_POST["add"])) { + $sql = "INSERT INTO services (name, type, billing, description) VALUES (?, ?, ?, ?)"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "ssss", $param_name, $param_type, $param_billing, $param_description); + $param_name = $_POST["name"]; + $param_type= $_POST["type"]; + $param_billing = $_POST["billing"]; + $param_description = $_POST["description"]; + + if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { + echo "SQL error."; + } else header("location: ".$_SERVER['SCRIPT_NAME']); + } +} + +function getservicebyid($id) { + global $services; + foreach ($services as $service) { + if ($service["id"] == $id) { + return $service; + } + } +} + +?> + +<!doctype html> +<html> + <head> + <meta charset="UTF-8"> + <link rel="stylesheet" type="text/css" href="/style.css"> + <title>ARFNET CSTIMS</title> + </head> + <body> + <header><a href="https://arf20.com/"> + <img src="arfnet_logo.png" width="64"><span class="title"><strong>ARFNET</strong></span> + </a></header> + <hr> + <main> + <div class="row"> + <div class="col8"> + <h2 class="center">ARFNET Client Service Ticket and Invoice Management System</h2> + <h3><?php echo strtoupper($type[0]).substr($type, 1); ?> panel</h3> + <h3>Service offerings</h3> + + <?php + if (isset($_GET["edit"])) { + $service = getservicebyid($_GET["edit"]); + echo "<div class=\"editform\"><h3>Edit service ".$service["id"]."</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n" + ."<label>Name</label><br><input type=\"text\" name=\"name\" value=\"".$service["name"]."\"><br>\n" + ."<label>Type</label><br><select name=\"type\"><option value=\"free\" ".($service["type"] == "free" ? "selected" : "").">free</option><option value=\"standard\" ".($user["type"] == "standard" ? "selected" : "").">standard</option><option value=\"premium\" ".($user["type"] == "premium" ? "selected" : "").">premium</option></select><br>\n" + ."<label>Billing</label><br><input type=\"text\" name=\"billing\" value=\"".$service["billing"]."\"><br>\n" + ."<label>Description</label><br><textarea name=\"description\" rows=\"10\" cols=\"80\" value=\"".$service["description"]."\"><br>\n" + ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>" + ."</form></div>"; + } + + if (isset($_GET["add"])) { + echo "<div class=\"editform\"><h3>Add service</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n" + ."<label>Name</label><br><input type=\"text\" name=\"name\"><br>\n" + ."<label>Type</label><br><select name=\"type\"><option value=\"free\">free</option><option value=\"standard\">standard</option><option value=\"premium\">premium</option></select><br>\n" + ."<label>Billing</label><br><input type=\"text\" name=\"billing\"><br>\n" + ."<label>Description</label><br><textarea name=\"description\" rows=\"10\" cols=\"80\"></textarea><br>\n" + ."<br><input type=\"submit\" name=\"add\" value=\"Add\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>" + ."</form></div>"; + } + ?> + + <a href="?add">add</a> + <table> + <tr><th>id</th><th>name</th><th>type</th><th>billing</th><th>description</th><th>action</th></tr> + <?php + foreach ($services as $service) { + echo "<tr><td>".$service['id']."</td>" + ."<td>".$service['name']."</td>" + ."<td>".$service['type']."</td>" + ."<td>".$service['billing']."</td>" + ."<td><pre>".$service['description']."</pre></td>" + ."<td><a href=\"?del=".$service['id']."\">del</a> <a href=\"?edit=".$service['id']."\">edit</a></td></tr>\n"; + } + ?> + </table> + + </div> + <div class="col2"> + <h3>Logged as <?php echo $username; ?></h3> + <h3><a href="/logout.php">Logout</h2> + <h3><a href="/admin.php">Back to admin panel</h2> + </div> + </div> + </main> + </body> +</html> + diff --git a/manageusers.php b/manageusers.php index 7fe8cee..15bb6d2 100644 --- a/manageusers.php +++ b/manageusers.php @@ -10,6 +10,8 @@ if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ $username = $_SESSION["username"]; $type = $_SESSION["type"]; +if ($type != "admin") die("Permission denied."); + require_once "config.php"; // Get users @@ -27,7 +29,7 @@ if (isset($_GET["del"])) { mysqli_stmt_bind_param($stmt, "s", $param_id); $param_id = $_GET["del"]; if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) { - echo "SQL error."; + echo "SQL error: ".mysqli_stmt_error($stmt); } else header("location: ".$_SERVER['SCRIPT_NAME']); } @@ -46,12 +48,27 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { $param_status = $_POST["status"]; if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { - echo "SQL error."; + echo "SQL error: ".mysqli_stmt_error($stmt); } else header("location: ".$_SERVER['SCRIPT_NAME']); } - // edit entry + // edit entry + if (isset($_POST["save"])) { + $sql = "UPDATE users SET username = ?, email = ?, password = ?, type = ?, status = ? WHERE id = ?"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "ssssss", $param_username, $param_email, $param_password, $param_type, $param_status, $param_id); + $param_username = $_POST["username"]; + $param_email = $_POST["email"]; + $param_password = empty($_POST["password"]) ? getuserbyid($_POST["id"])["password"] : password_hash($_POST["password"], PASSWORD_DEFAULT); + $param_type = $_POST["type"]; + $param_status = $_POST["status"]; + $param_id = $_POST["id"]; + if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { + echo "email: ".$_POST["email"]; + echo "SQL error: ".mysqli_stmt_error($stmt); + } else header("location: ".$_SERVER['SCRIPT_NAME']); + } } function getuserbyid($id) { @@ -87,24 +104,25 @@ function getuserbyid($id) { <?php if (isset($_GET["edit"])) { $user = getuserbyid($_GET["edit"]); - echo "<div class=\"editform\"><h3>Edit user ".$user["id"]."</h3><form action=\"/manageusers.php\" method=\"post\">\n" + echo "<div class=\"editform\"><h3>Edit user ".$user["id"]."</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n" ."<label>Username</label><br><input type=\"text\" name=\"username\" value=\"".$user["username"]."\"><br>\n" ."<label>Email</label><br><input type=\"text\" name=\"email\" value=\"".$user["email"]."\"><br>\n" - ."<label>Password (empty is unchanged)</label><br><input type=\"text\" name=\"email\"><br>\n" + ."<label>Password (empty is unchanged)</label><br><input type=\"text\" name=\"password\"><br>\n" ."<label>Type</label><br><select name=\"type\"><option value=\"client\" ".($user["type"] == "client" ? "selected" : "").">client</option><option value=\"helpdesk\" ".($user["type"] == "helpdesk" ? "selected" : "").">helpdesk</option><option value=\"accountant\" ".($user["type"] == "accountant" ? "selected" : "").">accountant</option><option value=\"admin\" ".($user["type"] == "admin" ? "selected" : "").">admin</option></select><br>\n" ."<label>Status</label><br><select name=\"status\"><option value=\"unverified\" ".($user["status"] == "unverified" ? "selected" : "").">unverified</option><option value=\"verified\" ".($user["status"] == "verified" ? "selected" : "").">verified</option></select><br>\n" - ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"/manageusers.php\">cancel</a>" + ."<input type=\"hidden\" name=\"id\" value=\"".$user["id"]."\">" + ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>" ."</form></div>"; } if (isset($_GET["add"])) { - echo "<div class=\"editform\"><h3>Add user</h3><form action=\"/manageusers.php\" method=\"post\">\n" + echo "<div class=\"editform\"><h3>Add user</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n" ."<label>Username</label><br><input type=\"text\" name=\"username\"><br>\n" ."<label>Email</label><br><input type=\"text\" name=\"email\"><br>\n" ."<label>Password</label><br><input type=\"text\" name=\"password\"><br>\n" ."<label>Type</label><br><select name=\"type\"><option value=\"client\">client</option><option value=\"helpdesk\">helpdesk</option><option value=\"accountant\">accountant</option><option value=\"admin\">admin</option></select><br>\n" ."<label>Status</label><br><select name=\"status\"><option value=\"unverified\">unverified</option><option value=\"verified\">verified</option></select><br>\n" - ."<br><input type=\"submit\" name=\"add\" value=\"Add\"><a href=\"/manageusers.php\">cancel</a>" + ."<br><input type=\"submit\" name=\"add\" value=\"Add\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>" ."</form></div>"; } ?> |