From 3b86297c2ddcd691842efd22426fc301f6927ffa Mon Sep 17 00:00:00 2001 From: arf20 Date: Mon, 18 Mar 2024 02:44:40 +0100 Subject: Fix manageusers, create manageservices --- dbinit.sql | 2 +- manageservices.php | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++ manageusers.php | 34 ++++++++++---- 3 files changed, 159 insertions(+), 9 deletions(-) create mode 100644 manageservices.php diff --git a/dbinit.sql b/dbinit.sql index d9220d1..bbff3c7 100644 --- a/dbinit.sql +++ b/dbinit.sql @@ -16,7 +16,7 @@ CREATE TABLE `arfnet2`.`services` ( `id` INT NOT NULL AUTO_INCREMENT , `name` VARCHAR(255) NOT NULL , `type` ENUM('free','standard','premium') NOT NULL , - `billing` DECIMAL NOT NULL , + `billing` TEXT NOT NULL , `description` TEXT NOT NULL , PRIMARY KEY (`id`) ); diff --git a/manageservices.php b/manageservices.php new file mode 100644 index 0000000..c8a17ed --- /dev/null +++ b/manageservices.php @@ -0,0 +1,132 @@ +fetch_all(MYSQLI_ASSOC); + +// GET actions +// delete entry +if (isset($_GET["del"])) { + $sql = "DELETE FROM services WHERE id = ?"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "s", $param_id); + $param_id = $_GET["del"]; + if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) { + echo "SQL error."; + } else header("location: ".$_SERVER['SCRIPT_NAME']); +} + +// POST actions +if ($_SERVER["REQUEST_METHOD"] == "POST") { + // add entry + if (isset($_POST["add"])) { + $sql = "INSERT INTO services (name, type, billing, description) VALUES (?, ?, ?, ?)"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "ssss", $param_name, $param_type, $param_billing, $param_description); + $param_name = $_POST["name"]; + $param_type= $_POST["type"]; + $param_billing = $_POST["billing"]; + $param_description = $_POST["description"]; + + if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { + echo "SQL error."; + } else header("location: ".$_SERVER['SCRIPT_NAME']); + } +} + +function getservicebyid($id) { + global $services; + foreach ($services as $service) { + if ($service["id"] == $id) { + return $service; + } + } +} + +?> + + + + + + + ARFNET CSTIMS + + +
+ ARFNET +
+
+
+
+
+

ARFNET Client Service Ticket and Invoice Management System

+

panel

+

Service offerings

+ +

Edit service ".$service["id"]."

\n" + ."

\n" + ."

\n" + ."

\n" + ."

\n" + ."
cancel" + ."
"; + } + ?> + + add + + + " + ."" + ."" + ."" + ."" + ."\n"; + } + ?> +
idnametypebillingdescriptionaction
".$service['id']."".$service['name']."".$service['type']."".$service['billing']."
".$service['description']."
del edit
+ +
+
+

Logged as

+

Logout

+

Back to admin panel

+
+ +
+ + + diff --git a/manageusers.php b/manageusers.php index 7fe8cee..15bb6d2 100644 --- a/manageusers.php +++ b/manageusers.php @@ -10,6 +10,8 @@ if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ $username = $_SESSION["username"]; $type = $_SESSION["type"]; +if ($type != "admin") die("Permission denied."); + require_once "config.php"; // Get users @@ -27,7 +29,7 @@ if (isset($_GET["del"])) { mysqli_stmt_bind_param($stmt, "s", $param_id); $param_id = $_GET["del"]; if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) { - echo "SQL error."; + echo "SQL error: ".mysqli_stmt_error($stmt); } else header("location: ".$_SERVER['SCRIPT_NAME']); } @@ -46,12 +48,27 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { $param_status = $_POST["status"]; if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { - echo "SQL error."; + echo "SQL error: ".mysqli_stmt_error($stmt); } else header("location: ".$_SERVER['SCRIPT_NAME']); } - // edit entry + // edit entry + if (isset($_POST["save"])) { + $sql = "UPDATE users SET username = ?, email = ?, password = ?, type = ?, status = ? WHERE id = ?"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "ssssss", $param_username, $param_email, $param_password, $param_type, $param_status, $param_id); + $param_username = $_POST["username"]; + $param_email = $_POST["email"]; + $param_password = empty($_POST["password"]) ? getuserbyid($_POST["id"])["password"] : password_hash($_POST["password"], PASSWORD_DEFAULT); + $param_type = $_POST["type"]; + $param_status = $_POST["status"]; + $param_id = $_POST["id"]; + if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { + echo "email: ".$_POST["email"]; + echo "SQL error: ".mysqli_stmt_error($stmt); + } else header("location: ".$_SERVER['SCRIPT_NAME']); + } } function getuserbyid($id) { @@ -87,24 +104,25 @@ function getuserbyid($id) {

Edit user ".$user["id"]."

\n" + echo "

Edit user ".$user["id"]."

\n" ."

\n" ."

\n" - ."

\n" + ."

\n" ."

\n" ."

\n" - ."
cancel" + ."" + ."
cancel" ."
"; } if (isset($_GET["add"])) { - echo "

Add user

\n" + echo "

Add user

\n" ."

\n" ."

\n" ."

\n" ."

\n" ."

\n" - ."
cancel" + ."
cancel" ."
"; } ?> -- cgit v1.2.3