/
settings.php
executable file
·108 lines (88 loc) · 2.86 KB
/
settings.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
include ("inc/cookie.php");
include ("inc/db.php");
include ("inc/form.php");
include ("inc/crypt.php");
$page="settings";
$db=sql_conn();
$auth=checkcookies($db);
if (!$auth) {
header("Location: logout.php");
die();
}
$action=gorp($db, "action",false);
$userid=$auth->id;
$output="";
if ($action!==false) {
switch ($action) {
case "save":
$catid=gorp($db, "catid",0);
$title=gorp($db, "title","");
if ($catid==0) {
$query="insert cat values (NULL, \"$userid\", \"$title\")";
} else {
$query="update cat set title=\"$title\" where userid=\"$userid\" and id=\"$catid\"";
}
mysqli_query($db, $query);
header("Location: ".$_SERVER["PHP_SELF"]);
die();
break;
case "delete":
// Check to see if this cat is used.
$catid=gorp($db, "catid",0);
$result=mysqli_query($db, "select count(id) from logins where userid=\"$userid\" and catid=\"$catid\"");
$row=mysqli_fetch_row($result);
if ($row[0]>0) {
header("Location: ".$_SERVER["PHP_SELF"]."?error=1");
} else {
mysqli_query($db, "delete from cat where id = \"$catid\" and userid=\"$userid\"");
header("Location: ".$_SERVER["PHP_SELF"]);
die();
}
break;
case "edit":
$catid=gorp($db, "catid",0);
if ($catid==0) {
$title="";
} else {
$result=mysqli_query($db, "select title from cat where id = \"$catid\" and userid = \"$userid\"");
$row=mysqli_fetch_assoc($result);
$title=$row["title"];
}
$output.="<P CLASS=\"plain\">\n";
$output.="Edit category:\n";
$output.="<P CLASS=\"plain\">\n";
$output.=form_begin($_SERVER["PHP_SELF"],"POST","settings");
$output.=input_hidden("action","save");
$output.=input_hidden("catid",$catid);
$output.=input_text("title",30,255,$title);
$output.=submit("Save");
$output.=form_end();
break;
}
} else {
$result=mysqli_query($db, "select id, title from cat where userid = \"$userid\"");
$error=gorp($db, "error","");
if (!empty($error)) {
$error="<SPAN CLASS=\"error\">Unable to delete. Remove entries from category first</SPAN>";
$output.=$error."<P>\n";
}
$output.="<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"1\">\n";
$output.="<TR>\n";
$output.="<TD CLASS=\"header\" WIDTH=\"200\">Category</TD>\n";
$output.="<TD CLASS=\"header\" WIDTH=\"150\">Action</TD>\n";
$output.="</TR>\n";
while ($row=mysqli_fetch_row($result)) {
$output.="<TR><TD CLASS=\"row\">".$row[1]."</TD>\n";
$output.="<TD CLASS=\"row\"><A HREF=\"".$_SERVER["PHP_SELF"]."?action=edit&catid=".$row[0]."\">Edit</A> | <A HREF=\"".$_SERVER["PHP_SELF"]."?action=delete&catid=".$row[0]."\">Delete</A></TD></TR>\n";
}
$output.="</TABLE>\n<P>\n";
$output.=form_begin($_SERVER["PHP_SELF"],"POST");
$output.=input_hidden("action","edit");
$output.=input_hidden("catid","0");
$output.=submit("New category");
$output.=form_end();
}
include ("inc/header.php");
echo $output;
include ("inc/footer.php");