summaryrefslogblamecommitdiffstats
path: root/prog/inventar/index.php
blob: 4dd38dda12025359181313d5b4f44a4c1166df42 (plain) (tree)

















































































                                                                                                                                                                                                                                              
<?php
$auth = ["test" => "test"];
if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) || (isset($_SERVER['PHP_AUTH_USER']) && $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) {
	header("WWW-Authenticate: Basic realm=inventar");
	header("HTTP/1.0 401 Neprijavljen");
	die("401");
}
?>
<style>
table, td, tr, th {
	border: 1px solid red;
}
</style>
<form>
<input autofocus placeholder="where expression" name=q value="<?= htmlspecialchars($_REQUEST["q"]) ?>" />
<input type=submit />
</form>
<table>
<?php
if (empty($_SERVER['PHP_AUTH_USER']))
	echo "<a href=?prijava=1>prijava</a>";
else
	echo "<form method=post><input type=submit name=dodaj value='dodaj stvar kot {$_SERVER['PHP_AUTH_USER']}' /></form>";
require_once "h.php";
$passed = [];
if (!empty($_POST["izbriši"]))
	$db->exec("delete from stvari where lastnik = '{$_SERVER["PHP_AUTH_USER"]}' and id = '{$_POST["id"]}'");
if (!empty($_POST["dodaj"]) && !empty($_SERVER["PHP_AUTH_USER"]))
	$db->exec("insert into stvari (lastnik) values ('{$_SERVER["PHP_AUTH_USER"]}')");
foreach ($_POST as $k => $v)
	if (is_numeric($k)) {
		foreach ($_POST as $k2 => $v2) {
			$sp = strpos($k2, $k);
			if ($sp) {
				$passed[] = substr($k2, 0, $sp);
			}
		}
		$par = [];
		foreach ($passed as $p) {
			if (!str_contains(strtolower($p), "id"))
				$par[] = "'" . SQLite3::escapeString($p) . "' = '" . SQLite3::escapeString($_POST[$p . $k]) . "'";
		}
		$s = "update stvari set " . implode(", ", $par) . " where lastnik='{$_SERVER["PHP_AUTH_USER"]}' and id={$k}";
		$db->exec($s);
	}
if (!empty($_REQUEST["q"]))
	$ret = $ro->query("select * from stvari where " . $_REQUEST["q"]);
else
	$ret = $ro->query("select * from stvari");
$i = 0;
foreach ($ret as $row) {
	if ($i == 0)
		foreach ($row as $k => $v)
			if ($k != "id" && !is_numeric($k))
				echo "<th>$k</th>";
	echo "<form method=post><tr>";
	foreach ($row as $k => $v) {
		if ($k == "id" || is_numeric($k))
			continue;
		echo "<td id=$k$i>";
		$ok = false;
		foreach (["input", "name"] as $w)
			if (!str_contains(strtolower($v), $w))
				$ok = true;
		if ($k == "slika" && !empty($v))
			echo "<img src=$v></img>";
		if ($k == "lastnik" && $v == $_SERVER['PHP_AUTH_USER']) {
			echo "<input type=submit value=shrani name={$row["id"]} />";
			echo "<input type=hidden name=id value={$row["id"]} />";
			echo "<input type=submit value=izbriši name=izbriši /></td>";
		}
		$last = true;
		if ($row["lastnik"] == $_SERVER['PHP_AUTH_USER'] && $k != "lastnik") {
			echo "<input name=$k{$row["id"]} value=" . htmlspecialchars($v) . " />";
			$last = false;
		} else
			if ($last && $k != "slika")
				echo "$v</td>";
	}
	echo "</form></tr>";
	$i++;
}