Commit 9ec64c00 authored by BuildTools's avatar BuildTools
Browse files

added admin interface

parent 0c9339d1
<!DOCTYPE HTML>
<?php
if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != "z10" || $_SERVER['PHP_AUTH_PW'] != "kruemel") {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo "Passwort oder Benutzername falsch";
exit;
}
?>
<head>
<title>Admin Bereich</title>
<script src="/adminScripts.js"></script>
</head>
<body onload="onLoad();">
<h2>Administration</h2>
<p>Wähle einen Ausschank aus, um die Reservierungen zu laden</p>
<select id="reservationDate" onchange="loadReservations()"></select>
<button onclick="loadReservations()">Aktualisieren</button>
<input type="checkbox" id="withEnded" onclick="loadReservations()">
<label>mit beendete</label><br>
<table>
<thead>
<tr>
<th>Vorname</th>
<th>Nachname</th>
<th>Start</th>
<th>Ende</th>
<th>Tisch</th>
<th>Beenden</th>
</tr>
</thead>
<tbody id="reservations">
</tbody>
</table>
<h2>Alte Einträge Löschen</h2>
<button>Löschen</button>
</body>
var reservationData;
function onLoad() {
loadOpeningDates();
}
function loadOpeningDates() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
var dropdown = document.getElementById("reservationDate")
var data = JSON.parse(this.responseText);
data.forEach(function(date) {
var option = document.createElement("option");
option.text = date;
dropdown.add(option);
});
loadReservations();
}
};
xhttp.open("GET", "getOpeningDates.php", true);
xhttp.send();
}
function loadReservations() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
reservationData = JSON.parse(this.responseText);
var table = document.getElementById("reservations");
table.innerHTML = "";
for (var i=0; i<reservationData.length; i++) {
var row = table.insertRow(-1);
row.insertCell(0).innerHTML = reservationData[i]["vname"];
row.insertCell(1).innerHTML = reservationData[i]["nname"];
row.insertCell(2).innerHTML = reservationData[i]["start"];
row.insertCell(3).innerHTML = reservationData[i]["end"];
row.insertCell(4).innerHTML = reservationData[i]["tisch"];
var buttonCell = row.insertCell(5);
buttonCell.innerHTML = "<button onclick='endReservation(" + i + ")'>ENDE</button>";
}
}
};
xhttp.open("POST", "getReservationsAdmin.php", true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send("date=" + document.getElementById("reservationDate").value + "&withEnded=" + document.getElementById("withEnded").checked);
}
function endReservation(id) {
if (!confirm("Reservierung für " + reservationData[id]["vname"] + " " + reservationData[id]["nname"] + " wirklich beenden?")) {
return;
}
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
if (this.responseText == "1") {
alert("Reservierung erfolgreich beendet");
} else {
console.log(this.responseText);
alert("Es ist ein Fehler aufgetreten");
}
loadReservations();
}
};
xhttp.open("POST", "endReservationAdmin.php", true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send("id=" + reservationData[id]["id"]);
}
<?PHP
if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != "z10" || $_SERVER['PHP_AUTH_PW'] != "kruemel") {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo "Passwort oder Benutzername falsch";
exit;
}
$user = 'apache';
$pass = 'e164AzpQx564TpJa';
$db = new PDO('mysql:host=localhost;dbname=reservation', $user, $pass);
$statement = $db -> prepare("UPDATE reservation SET end = ?, ended = 1 WHERE id = ?;");
echo $statement->execute(array(date('H:i'), $_POST["id"]));
?>
\ No newline at end of file
......@@ -3,10 +3,11 @@
$pass = 'e164AzpQx564TpJa';
$db = new PDO('mysql:host=localhost;dbname=reservation', $user, $pass);
$query = "SELECT date FROM opening WHERE date >= " . date("Y-m-d");
$result = $db->query($query);
$statement = $db -> prepare("SELECT date FROM opening WHERE date >= ? ORDER BY date ASC");
$statement->execute(array(date("Y-m-d")));
$data = array();
foreach( $result as $row ){
foreach( $statement->fetchAll() as $row ){
array_push($data, $row["date"]);
}
echo json_encode($data);
......
......@@ -3,12 +3,13 @@
$pass = 'e164AzpQx564TpJa';
$db = new PDO('mysql:host=localhost;dbname=reservation', $user, $pass);
// todo prevent sql injection
$query = 'SELECT tables, opentime, closetime FROM opening WHERE date="' . $_GET["date"] . '"';
$result = $db->query($query)->fetch();
$data = array("tables" => $result[0], "open" => $result[1], "close" => $result[2]);
$query = 'SELECT start, end, tisch FROM reservations WHERE date="' . $_GET["date"] . '"';
$query = 'SELECT start, end, tisch FROM reservations WHERE date="' . $_GET["date"] . '" AND ended = 0';
$result = $db->query($query);
$reservations = array();
foreach( $result as $row ){
......
<?PHP
if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != "z10" || $_SERVER['PHP_AUTH_PW'] != "kruemel") {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo "Passwort oder Benutzername falsch";
exit;
}
$user = 'apache';
$pass = 'e164AzpQx564TpJa';
$db = new PDO('mysql:host=localhost;dbname=reservation', $user, $pass);
if ($_POST["withEnded"] == "true") {
$statement = $db -> prepare("SELECT * FROM reservations WHERE date = ? ORDER BY tisch, start, end ASC");
} else {
$statement = $db -> prepare("SELECT * FROM reservations WHERE date = ? AND ended = 0 ORDER BY tisch, start, end ASC");
}
$statement->execute(array($_POST["date"]));
echo json_encode($statement->fetchAll());
?>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment