MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Kevin prototype #87

Merged
11319801 merged 13 commits from kevin-prototype into master 2017-01-20 14:41:14 +01:00
Conversation 2 Commits 13 Files Changed 5 +357 -98
5 changed files with 357 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
website/public/js/admin.js Normal file
View File

@@ -0,0 +1,44 @@
window.onload = function() {
changeFilter();
};
function checkAll(allbox) {
var checkboxes = document.getElementsByClassName('checkbox-list');
for (var i = 0; i < checkboxes.length; i++) {
if (checkboxes[i].type == 'checkbox') {
checkboxes[i].checked = allbox.checked;
}
}
}
function checkCheckAll(allbox) {
var checkboxes = document.getElementsByClassName('checkbox-list');
var checked = true;
for (var i = 0; i < checkboxes.length; i++) {
if (checkboxes[i].type == 'checkbox') {
if (checkboxes[i].checked == false) {
checked = false;
break;
}
}
}
allbox.checked = checked;
}
function changeFilter() {
if (document.getElementById('group').checked) {
document.getElementById('admin-filter').style.display = 'none';
document.getElementById('admin-groupfilter').style.display = 'inline-block';
document.getElementById('admin-batchactions').style.display = 'none';
document.getElementById('admin-groupbatchactions').style.display = 'inline-block';
} else {
document.getElementById('admin-filter').style.display = 'inline-block';
document.getElementById('admin-groupfilter').style.display = 'none';
document.getElementById('admin-batchactions').style.display = 'inline-block';
document.getElementById('admin-groupbatchactions').style.display = 'none';
}
}

22
website/public/styles/adminpanel.css
View File

@@ -13,7 +13,7 @@
height: auto;
}
.admin-actions {
.admin-batchactions, .admin-groupbatchactions {
display: inline-block;
padding: 8px;
vertical-align: top;
@@ -22,6 +22,10 @@
box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);
}
.admin-searchform {
display: inline-block;
}
.admin-searchbar {
display: inline-block;
margin: 10px;
@@ -44,18 +48,20 @@
width: 120px;
}
.admin-groupfilter {
display: none;
}
.admin-users {
margin: 10px;
}
.admin-userpage {
width: 170px;
margin-bottom: 20px;
.admin-userheading {
width: auto;
float: left;
}
.admin-pageui {
text-align: right;
float: right;
width: auto;
margin-bottom: 20px;
}
.usertitle {

96
website/queries/group_page.php
View File

@@ -1,7 +1,7 @@
<?php
function selectGroupById($groupID) {
return $GLOBALS["db"]->query("
$q = $GLOBALS["db"]->prepare("
SELECT
`group_page`.`name`,
`group_page`.`picture`,
@@ -11,12 +11,16 @@ function selectGroupById($groupID) {
FROM
`group_page`
WHERE
`group_page`.`groupID` = $groupID
`group_page`.`groupID` = :groupID
");
$q->bindParam(':groupID', $groupID);
$q->execute();
return $q;
}
function select20GroupsFromN($n) {
return $GLOBALS["db"]->query("
$q = $GLOBALS["db"]->prepare("
SELECT
`group_page`.`groupID`,
`group_page`.`name`,
@@ -29,12 +33,16 @@ function select20GroupsFromN($n) {
ORDER BY
`group_page`.`name` ASC
LIMIT
$n, 20
:n, 20
");
$q->bindParam(':n', $n);
$q->execute();
return $q;
}
function select20GroupsByStatusFromN($n, $status) {
return $GLOBALS["db"]->query("
$q = $GLOBALS["db"]->prepare("
SELECT
`group_page`.`groupID`,
`group_page`.`name`,
@@ -45,12 +53,17 @@ function select20GroupsByStatusFromN($n, $status) {
FROM
`group_page`
WHERE
`group_page`.`status` = $status
`group_page`.`status` = :status
ORDER BY
`group_page`.`name` ASC
LIMIT
$n, 20
:n, 20
");
$q->bindParam(':status', $status);
$q->bindParam(':n', $n);
$q->execute();
return $q;
}
function search20GroupsFromNByStatus($n, $keyword, $status) {
@@ -80,6 +93,55 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
return $q;
}
function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
$q = $GLOBALS['db']->prepare("
SELECT
`groupID`,
`name`,
`status`,
`description`
FROM
`group_page`
WHERE
`name` LIKE :keyword AND
FIND_IN_SET (`status`, :statuses)
ORDER BY
`name`
LIMIT
:n, :m
");
$keyword = "%$keyword%";
$q->bindParam(':keyword', $keyword);
$q->bindParam(':n', $n, PDO::PARAM_INT);
$q->bindParam(':m', $m, PDO::PARAM_INT);
$statuses = implode(',', $status);
$q->bindParam(':statuses', $statuses);
$q->execute();
return $q;
}
function countSomeGroupsByStatus($keyword, $status) {
$q = $GLOBALS['db']->prepare("
SELECT
COUNT(*)
FROM
`group_page`
WHERE
`name` LIKE :keyword AND
FIND_IN_SET (`status`, :statuses)
ORDER BY
`name`
");
$keyword = "%$keyword%";
$q->bindParam(':keyword', $keyword);
$statuses = implode(',', $status);
$q->bindParam(':statuses', $statuses);
$q->execute();
return $q;
}
function changeGroupStatusByID($id, $status) {
$q = $GLOBALS["db"]->query("
UPDATE
@@ -92,3 +154,23 @@ function changeGroupStatusByID($id, $status) {
return $q;
}
function changeMultipleGroupStatusByID($ids, $status) {
$q = $GLOBALS['db']->prepare("
UPDATE
`group_page`
SET
`status` = :status
WHERE
FIND_IN_SET (`groupID`, :ids)
");
$ids = implode(',', $ids);
$q->bindParam(':ids', $ids);
$q->bindParam(':status', $status);
$q->execute();
return $q;
}
?>

91
website/queries/user.php
View File

@@ -88,7 +88,7 @@ function selectAllUserPosts($userID) {
}
function select20UsersFromN($n) {
return $GLOBALS["db"]->query("
$q = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
@@ -100,8 +100,12 @@ function select20UsersFromN($n) {
`role`,
`username`
LIMIT
$n, 20
:n, 20
");
$q->bindParam(':n', $n);
$q->execute();
return $q;
}
function search20UsersFromN($n, $keyword) {
@@ -156,19 +160,90 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
return $q;
}
function changeUserStatusByID($id, $status) {
$q = $GLOBALS["db"]->query("
UPDATE
function searchSomeUsersByStatus($n, $m, $keyword, $status) {
$q = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
`role`,
`bancomment`
FROM
`user`
SET
`role` = $status
WHERE
`userID` = $id
`username` LIKE :keyword AND
FIND_IN_SET (`role`, :statuses)
ORDER BY
`role`,
`username`
LIMIT
:n, :m
");
$keyword = "%$keyword%";
$q->bindParam(':keyword', $keyword);
$q->bindParam(':n', $n, PDO::PARAM_INT);
$q->bindParam(':m', $m, PDO::PARAM_INT);
$statuses = implode(',', $status);
$q->bindParam(':statuses', $statuses);
$q->execute();
return $q;
}
function countSomeUsersByStatus($keyword, $status) {
$q = $GLOBALS["db"]->prepare("
SELECT
COUNT(*)
FROM
`user`
WHERE
`username` LIKE :keyword AND
FIND_IN_SET (`role`, :statuses)
ORDER BY
`role`,
`username`
");
$keyword = "%$keyword%";
$q->bindParam(':keyword', $keyword);
$statuses = implode(',', $status);
$q->bindParam(':statuses', $statuses);
$q->execute();
return $q;
}
function changeUserStatusByID($id, $status) {
$q = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`role` = :status
WHERE
`userID` = :id
");
$q->bindParam(':status', $status);
$q->bindParam(':id', $id);
$q->execute();
return $q;
}
function changeMultipleUserStatusByID($ids, $status) {
$q = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`role` = :status
WHERE
FIND_IN_SET (`userID`, :ids)
");
$ids = implode(',', $ids);
$q->bindParam(':ids', $ids);
$q->bindParam(':status', $status);
$q->execute();
return $q;
}
function selectRandomNotFriendUser($userID) {
$stmt = $GLOBALS["db"]->prepare("

202
website/views/adminpanel.php
View File

@@ -3,32 +3,7 @@
<head>
<meta charset="utf-8">
<title>Admin Panel</title>
<script type="text/javascript">
window.onload = function() {
changeFilter();
};
function checkAll(allbox) {
var checkboxes = document.getElementsByName('checkbox-user[]');
for (var i = 0; i < checkboxes.length; i++) {
if (checkboxes[i].type == 'checkbox') {
checkboxes[i].checked = allbox.checked;
}
}
}
function changeFilter() {
if (document.getElementById('group').checked) {
document.getElementById('admin-filter').style.display = 'none';
document.getElementById('admin-groupfilter').style.display = 'inline-block';
} else {
document.getElementById('admin-filter').style.display = 'inline-block';
document.getElementById('admin-groupfilter').style.display = 'none';
}
}
</script>
<script src="../public/js/admin.js" charset="utf-8"></script>
<?php
include_once("../queries/user.php");
include_once("../queries/group_page.php");
@@ -39,35 +14,54 @@
<!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
<?php
$search = "";
$listnr = 0; // TODO: add page functionality
$currentpage = 1;
$perpage = 20;
$status = $groupstatus = array();
$pagetype = "user";
if (isset($_GET["search"])) {
$search = test_input($_GET["search"]);
}
if (isset($_GET["pagetype"])) {
$pagetype = test_input($_GET["pagetype"]);
}
if (isset($_GET["status"])) {
$status = $_GET["status"];
}
if (isset($_GET["groupstatus"])) {
$groupstatus = $_GET["groupstatus"];
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!empty($_POST["search"])) {
$search = test_input($_POST["search"]);
}
if (!empty($_POST["pagetype"])) {
$pagetype = test_input($_POST["pagetype"]);
}
if (!empty($_POST["status"])) {
$status = $_POST["status"];
}
if (!empty($_POST["groupstatus"])) {
$groupstatus = $_POST["groupstatus"];
}
if (!empty($_POST["actions"]) && !empty($_POST["userID"])) {
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
} elseif (!empty($_POST["actions"]) && !empty($_POST["groupID"])) {
}
if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
}
if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
}
if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
}
if (isset($_POST["pageselect"])) {
$currentpage = $_POST["pageselect"];
}
}
$listn = ($currentpage-1) * $perpage;
$listm = $currentpage * $perpage;
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
@@ -81,13 +75,10 @@ function test_input($data) {
<div class="admin-title">
<h1>User Management Panel</h1>
</div> <br>
<form class="admin-actionform"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
method="post">
<div class="admin-options">
<form class="admin-searchform"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
method="post">
method="get">
<div class="admin-searchbar">
<h2>Search</h2>
<input type="text"
@@ -147,32 +138,86 @@ function test_input($data) {
</div>
</form>
<div class="admin-actions">
<div class="admin-batchactions" id="admin-batchactions">
<h2>Batch Actions: </h2>
<input type="radio" name="actions" id="freeze" value="freeze">
<label for="freeze">Freeze</label><br>
<input type="radio" name="actions" id="ban" value="ban">
<label for="ban">Ban</label><br>
<input type="radio" name="actions" id="restore" value="restore">
<label for="restore">Restore</label><br><br>
<input type="submit" value="Confirm">
<form class="admin-batchform"
id="admin-batchform"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<input type="radio" name="batchactions" id="freeze" value="2">
<label for="freeze">Freeze</label><br>
<input type="radio" name="batchactions" id="ban" value="3">
<label for="ban">Ban</label><br>
<input type="radio" name="batchactions" id="restore" value="1">
<label for="restore">Restore</label><br><br>
<input type="submit" value="Confirm">
</form>
</div>
<div class="admin-groupbatchactions" id="admin-groupbatchactions">
<h2>Batch Actions: </h2>
<form class="admin-groupbatchform"
id="admin-groupbatchform"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<input type="radio" name="groupbatchactions" id="hide" value="0">
<label for="hide">Hide</label><br>
<input type="radio" name="groupbatchactions" id="public" value="1">
<label for="public">Public</label><br>
<input type="radio" name="groupbatchactions" id="membersonly" value="2">
<label for="membersonly">Member</label><br><br>
<input type="submit" value="Confirm">
</form>
</div>
</div>
<br>
<div class="admin-users">
<h2 class="usertitle">Users:</h2>
<div class="admin-userpage">
<input type="submit" name="prev" value="prev">
1 / 1
<input type="submit" name="next" value="next">
<div class="admin-usertitle">
<div class="admin-userheading">
<h2>Users:</h2>
</div>
<div class="admin-pageui">
<?php
if ($pagetype == "user") {
$pages = countSomeUsersByStatus($search, $status);
} else {
$pages = countSomeGroupsByStatus($search, $groupstatus);
}
$countresults = $pages->fetchColumn();
$mincount = min($listm, $countresults);
$minlist = min($listn + 1, $countresults);
?>
<p class="pagenumber">Current page:</p>
<form class="admin-pageselector"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<select class="admin-pageselect"
name="pageselect"
onchange="this.form.submit()"
value="">
<?php
for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
if ($currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
?>
</select>
</form>
<p class="entriesshown">
<?php
echo "Showing results $minlist to $mincount out of $countresults";
?>
</div>
</div> <br>
<table class="usertable">
<tr>
<th class="table-checkbox">
<input type="checkbox" name="checkall" onchange="checkAll(this)">
<input type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)">
</th>
<th class="table-username">User</th>
<th class="table-status">Status</th>
@@ -182,21 +227,28 @@ function test_input($data) {
<!-- Table construction via php PDO. -->
<?php
$listn = ($currentpage-1) * $perpage;
$listm = $currentpage * $perpage;
if ($pagetype == 'user') {
$q = search20UsersFromNByStatus($listnr, $search, $status);
$q = searchSomeUsersByStatus($listn, $listm, $search, $status);
while($user = $q->fetch(PDO::FETCH_ASSOC)) {
$userID = $user['userID'];
$username = $user['username'];
$role = $user['role'];
$bancomment = $user['bancomment'];
$thispage = htmlspecialchars($_SERVER['PHP_SELF']);
$thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-user[]'
value='$userID'>
class='checkbox-list'
value='$userID'
form='admin-batchform'
onchange=" . "$function" . ">
</td>
<td>$username</td>
<td>$role</td>
@@ -218,20 +270,24 @@ function test_input($data) {
");
}
} else {
$q = search20GroupsFromNByStatus($listnr, $search, $groupstatus);
$q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);
while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
$groupID = $group['groupID'];
$name = $group['name'];
$role = $group['status'];
$description = $group['description'];
$thispage = htmlspecialchars($_SERVER['PHP_SELF']);
$thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-group[]'
value='$groupID'>
class='checkbox-list'
value='$groupID'
form='admin-groupbatchform'
onchange=" . "$function" . ">
</td>
<td>$name</td>
<td>$role</td>
@@ -243,7 +299,7 @@ function test_input($data) {
<select class='action' name='actions'>
<option value='0'>Hide</option>
<option value='1'>Public</option>
<option value='2'>Members-only</option>
<option value='2'>Members</option>
</select>
<input type='hidden' name='groupID' value='$groupID'>
<input type='submit' value='Confirm'>
@@ -256,10 +312,6 @@ function test_input($data) {
?>
</table>
</div>
</form>
<pre>
<?php print_r($_POST); ?>
</pre>
</div>
</div>
</body>