diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2023-04-28 21:17:02 +0200 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2023-04-28 21:17:02 +0200 |
commit | 97c5aa834b041bf52b1b9f508d58d39b03f70712 (patch) | |
tree | eb4278adb833fd86529eda097c471d299641ef22 /prog/inventar | |
parent | razno (diff) | |
download | r-97c5aa834b041bf52b1b9f508d58d39b03f70712.tar r-97c5aa834b041bf52b1b9f508d58d39b03f70712.tar.gz r-97c5aa834b041bf52b1b9f508d58d39b03f70712.tar.bz2 r-97c5aa834b041bf52b1b9f508d58d39b03f70712.tar.lz r-97c5aa834b041bf52b1b9f508d58d39b03f70712.tar.xz r-97c5aa834b041bf52b1b9f508d58d39b03f70712.tar.zst r-97c5aa834b041bf52b1b9f508d58d39b03f70712.zip |
Diffstat (limited to 'prog/inventar')
-rw-r--r-- | prog/inventar/h.php | 1 | ||||
-rw-r--r-- | prog/inventar/index.php | 40 |
2 files changed, 25 insertions, 16 deletions
diff --git a/prog/inventar/h.php b/prog/inventar/h.php index 2cba303..9b25d7a 100644 --- a/prog/inventar/h.php +++ b/prog/inventar/h.php @@ -1,4 +1,5 @@ <?php +$auth = [ "username" => "password" ]; header("Content-Security-Policy: script-src 'none'"); // disable js $db = new PDO("sqlite:db", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); if (!$db) diff --git a/prog/inventar/index.php b/prog/inventar/index.php index 4dd38dd..4407939 100644 --- a/prog/inventar/index.php +++ b/prog/inventar/index.php @@ -1,5 +1,10 @@ <?php -$auth = ["test" => "test"]; +// create table stvari (id integer primary key autoincrement, lastnik, ime, opis, vrednost, omejitev, kol, lokacija, slika, datum default CURRENT_TIMESTAMP); +require_once "h.php"; +if (!empty($_REQUEST["src"])) { + header("Content-Type: text/plain"); + die(file_get_contents($_SERVER["SCRIPT_FILENAME"])); +} if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) || (isset($_SERVER['PHP_AUTH_USER']) && $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) { header("WWW-Authenticate: Basic realm=inventar"); header("HTTP/1.0 401 Neprijavljen"); @@ -10,9 +15,15 @@ if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$ table, td, tr, th { border: 1px solid red; } +img { + width: 1cm; +} +img:hover { + width: 5cm; +} </style> <form> -<input autofocus placeholder="where expression" name=q value="<?= htmlspecialchars($_REQUEST["q"]) ?>" /> +<input autofocus placeholder="where expression" name=q value="<?= @htmlspecialchars($_REQUEST["q"]) ?>" /> <input type=submit /> </form> <table> @@ -21,7 +32,6 @@ if (empty($_SERVER['PHP_AUTH_USER'])) echo "<a href=?prijava=1>prijava</a>"; else echo "<form method=post><input type=submit name=dodaj value='dodaj stvar kot {$_SERVER['PHP_AUTH_USER']}' /></form>"; -require_once "h.php"; $passed = []; if (!empty($_POST["izbriši"])) $db->exec("delete from stvari where lastnik = '{$_SERVER["PHP_AUTH_USER"]}' and id = '{$_POST["id"]}'"); @@ -30,23 +40,23 @@ if (!empty($_POST["dodaj"]) && !empty($_SERVER["PHP_AUTH_USER"])) foreach ($_POST as $k => $v) if (is_numeric($k)) { foreach ($_POST as $k2 => $v2) { - $sp = strpos($k2, $k); - if ($sp) { + $sp = strpos($k2, "" . $k); + if ($sp) $passed[] = substr($k2, 0, $sp); - } } $par = []; foreach ($passed as $p) { - if (!str_contains(strtolower($p), "id")) + if (strpos(strtolower($p), "id") === false) $par[] = "'" . SQLite3::escapeString($p) . "' = '" . SQLite3::escapeString($_POST[$p . $k]) . "'"; } $s = "update stvari set " . implode(", ", $par) . " where lastnik='{$_SERVER["PHP_AUTH_USER"]}' and id={$k}"; + echo $s; $db->exec($s); } if (!empty($_REQUEST["q"])) - $ret = $ro->query("select * from stvari where " . $_REQUEST["q"]); + $ret = $ro->query("select * from stvari where " . $_REQUEST["q"] . " order by datum desc"); else - $ret = $ro->query("select * from stvari"); + $ret = $ro->query("select * from stvari order by datum desc"); $i = 0; foreach ($ret as $row) { if ($i == 0) @@ -60,21 +70,19 @@ foreach ($ret as $row) { echo "<td id=$k$i>"; $ok = false; foreach (["input", "name"] as $w) - if (!str_contains(strtolower($v), $w)) + if (strpos(strtolower($v), $w) === FALSE) $ok = true; if ($k == "slika" && !empty($v)) echo "<img src=$v></img>"; - if ($k == "lastnik" && $v == $_SERVER['PHP_AUTH_USER']) { + if ($k == "lastnik" && $v == @$_SERVER['PHP_AUTH_USER']) { echo "<input type=submit value=shrani name={$row["id"]} />"; echo "<input type=hidden name=id value={$row["id"]} />"; echo "<input type=submit value=izbriši name=izbriši /></td>"; } - $last = true; - if ($row["lastnik"] == $_SERVER['PHP_AUTH_USER'] && $k != "lastnik") { - echo "<input name=$k{$row["id"]} value=" . htmlspecialchars($v) . " />"; - $last = false; + if ($row["lastnik"] == @$_SERVER['PHP_AUTH_USER'] && $k != "lastnik") { + echo "<input name=$k{$row["id"]} value='" . htmlspecialchars($v) . "' />"; } else - if ($last && $k != "slika") + if ($row["lastnik"] != @$_SERVER['PHP_AUTH_USER'] && $k != "slika") echo "$v</td>"; } echo "</form></tr>"; |