From 71dc7bae2cb0b137a72ae24019e02bc9f7bcea98 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Wed, 18 Jan 2017 15:19:07 +0100
Subject: [PATCH] add group search, add user individual actions

---
 website/public/styles/adminpanel.css |   4 +
 website/queries/group_page.php       |  31 +++++++-
 website/queries/user.php             |  13 ++++
 website/views/adminpanel.php         | 108 +++++++++++++++++++--------
 4 files changed, 124 insertions(+), 32 deletions(-)

diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index c8e29b6..d5b740e 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -58,6 +58,10 @@
     float: right;
 }
 
+.usertitle {
+    width: 150px;
+}
+
 .usertable {
     width: 100%;
 }
diff --git a/website/queries/group_page.php b/website/queries/group_page.php
index d8bab8f..8f04ca3 100644
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -53,4 +53,33 @@ function select20GroupsByStatusFromN($db, $n, $status) {
     ");
 }
 
-?>
\ No newline at end of file
+function search20GroupsFromNByStatus($db, $n, $keyword, $status) {
+    $q = $db->prepare("
+    SELECT
+        `groupID`,
+        `name`,
+        `status`,
+        `description`
+    FROM
+        `group_page`
+    WHERE
+        `name` LIKE :keyword AND
+        FIND_IN_SET (`status`, :statuses)
+    ORDER BY
+        `name`
+    LIMIT
+        :n, 20
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':n', $n, PDO::PARAM_INT);
+    $statuses = implode(',', $status);
+    $q->bindParam(':statuses', $statuses);
+    $q->execute();
+    return $q;
+}
+
+
+
+?>
diff --git a/website/queries/user.php b/website/queries/user.php
index 42d90bc..de8c52b 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -68,5 +68,18 @@ function search20UsersFromNByStatus($db, $n, $keyword, $status) {
     return $q;
 }
 
+function changeUserStatusByID($db, $id, $status) {
+    $q = $db->query("
+    UPDATE
+        `user`
+    SET
+        `role` = $status
+    WHERE
+        `userID` = $id
+    ");
+
+    return $q;
+}
+
 
 ?>
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 8ce9fb1..d478003 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -29,7 +29,10 @@
     }
 
     </script>
-    <?php include_once("../queries/user.php"); ?>
+    <?php
+        include_once("../queries/user.php");
+        include_once("../queries/group_page.php");
+    ?>
 </head>
 <body>
 
@@ -57,6 +60,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         $groupstatus = $_POST["groupstatus"];
     }
 
+    if (!empty($_POST["actions"]) && !empty($_POST["userID"])) {
+        changeUserStatusByID($db, $_POST["userID"], $_POST["actions"]);
+    }
 
 }
 
@@ -153,7 +159,7 @@ function test_input($data) {
             <br>
 
             <div class="admin-users">
-                <h2>Users:</h2>
+                <h2 class="usertitle">Users:</h2>
 
                 <div class="admin-userpage">
                     <input type="submit" name="prev" value="prev">
@@ -174,44 +180,84 @@ function test_input($data) {
 
                     <!-- Table construction via php PDO. -->
                     <?php
-                    $q = search20UsersFromNByStatus($db, $listnr, $search, $status);
+                    if ($pagetype == 'user') {
+                        $q = search20UsersFromNByStatus($db, $listnr, $search, $status);
 
-                    while($user = $q->fetch(PDO::FETCH_ASSOC)) {
-                        $userID = $user['userID'];
-                        $username = $user['username'];
-                        $role = $user['role'];
-                        $bancomment = $user['bancomment'];
-                        $thispage = htmlspecialchars($_SERVER['PHP_SELF']);
+                        while($user = $q->fetch(PDO::FETCH_ASSOC)) {
+                            $userID = $user['userID'];
+                            $username = $user['username'];
+                            $role = $user['role'];
+                            $bancomment = $user['bancomment'];
+                            $thispage = htmlspecialchars($_SERVER['PHP_SELF']);
 
-                        echo("
+                            echo("
                             <tr>
-                                <td><input type='checkbox'
-                                           name='checkbox-user[]'
-                                           value='$userID'>
-                                </td>
-                                <td>$username</td>
-                                <td>$role</td>
-                                <td>$bancomment</td>
-                                <td>
-                                    <form class='admin-useraction'
-                                          action='$thispage'
-                                          method='post'>
-                                        <select class='action' name='actions'>
-                                            <option value='freeze'>Freeze</option>
-                                            <option value='ban'>Ban</option>
-                                            <option value='restore'>Restore</option>
-                                        </select>
-                                        <input type='hidden' name='userID' value='$userID'>
-                                        <input type='submit' value='Confirm'>
-                                    </form>
-                                </td>
+                            <td><input type='checkbox'
+                            name='checkbox-user[]'
+                            value='$userID'>
+                            </td>
+                            <td>$username</td>
+                            <td>$role</td>
+                            <td>$bancomment</td>
+                            <td>
+                            <form class='admin-useraction'
+                            action='$thispage'
+                            method='post'>
+                            <select class='action' name='actions'>
+                            <option value='2'>Freeze</option>
+                            <option value='3'>Ban</option>
+                            <option value='1'>Restore</option>
+                            </select>
+                            <input type='hidden' name='userID' value='$userID'>
+                            <input type='submit' value='Confirm'>
+                            </form>
+                            </td>
                             </tr>
-                        ");
+                            ");
+                        }
+                    } else {
+                        $q = search20GroupsFromNByStatus($db, $listnr, $search, $groupstatus);
+
+                        while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
+                            $groupID = $group['groupID'];
+                            $name = $group['name'];
+                            $role = $group['status'];
+                            $description = $group['description'];
+                            $thispage = htmlspecialchars($_SERVER['PHP_SELF']);
+
+                            echo("
+                            <tr>
+                            <td><input type='checkbox'
+                            name='checkbox-group[]'
+                            value='$groupID'>
+                            </td>
+                            <td>$name</td>
+                            <td>$role</td>
+                            <td>$description</td>
+                            <td>
+                            <form class='admin-groupaction'
+                            action='$thispage'
+                            method='post'>
+                            <select class='action' name='actions'>
+                            <option value='hide'>Hide</option>
+                            <option value='public'>Public</option>
+                            <option value='restore'>Restore</option>
+                            </select>
+                            <input type='hidden' name='groupID' value='$groupID'>
+                            <input type='submit' value='Confirm'>
+                            </form>
+                            </td>
+                            </tr>
+                            ");
+                        }
                     }
                     ?>
                 </table>
             </div>
         </form>
+        <pre>
+            <?php print_r($_POST); ?>
+        </pre>
     </div>
 </div>
 </body>