summaryrefslogtreecommitdiffstats
path: root/prog/inventar
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--prog/inventar/h.php1
-rw-r--r--prog/inventar/index.php40
2 files changed, 25 insertions, 16 deletions
diff --git a/prog/inventar/h.php b/prog/inventar/h.php
index 2cba303..9b25d7a 100644
--- a/prog/inventar/h.php
+++ b/prog/inventar/h.php
@@ -1,4 +1,5 @@
<?php
+$auth = [ "username" => "password" ];
header("Content-Security-Policy: script-src 'none'"); // disable js
$db = new PDO("sqlite:db", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
if (!$db)
diff --git a/prog/inventar/index.php b/prog/inventar/index.php
index 4dd38dd..4407939 100644
--- a/prog/inventar/index.php
+++ b/prog/inventar/index.php
@@ -1,5 +1,10 @@
<?php
-$auth = ["test" => "test"];
+// create table stvari (id integer primary key autoincrement, lastnik, ime, opis, vrednost, omejitev, kol, lokacija, slika, datum default CURRENT_TIMESTAMP);
+require_once "h.php";
+if (!empty($_REQUEST["src"])) {
+ header("Content-Type: text/plain");
+ die(file_get_contents($_SERVER["SCRIPT_FILENAME"]));
+}
if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) || (isset($_SERVER['PHP_AUTH_USER']) && $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) {
header("WWW-Authenticate: Basic realm=inventar");
header("HTTP/1.0 401 Neprijavljen");
@@ -10,9 +15,15 @@ if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$
table, td, tr, th {
border: 1px solid red;
}
+img {
+ width: 1cm;
+}
+img:hover {
+ width: 5cm;
+}
</style>
<form>
-<input autofocus placeholder="where expression" name=q value="<?= htmlspecialchars($_REQUEST["q"]) ?>" />
+<input autofocus placeholder="where expression" name=q value="<?= @htmlspecialchars($_REQUEST["q"]) ?>" />
<input type=submit />
</form>
<table>
@@ -21,7 +32,6 @@ if (empty($_SERVER['PHP_AUTH_USER']))
echo "<a href=?prijava=1>prijava</a>";
else
echo "<form method=post><input type=submit name=dodaj value='dodaj stvar kot {$_SERVER['PHP_AUTH_USER']}' /></form>";
-require_once "h.php";
$passed = [];
if (!empty($_POST["izbriši"]))
$db->exec("delete from stvari where lastnik = '{$_SERVER["PHP_AUTH_USER"]}' and id = '{$_POST["id"]}'");
@@ -30,23 +40,23 @@ if (!empty($_POST["dodaj"]) && !empty($_SERVER["PHP_AUTH_USER"]))
foreach ($_POST as $k => $v)
if (is_numeric($k)) {
foreach ($_POST as $k2 => $v2) {
- $sp = strpos($k2, $k);
- if ($sp) {
+ $sp = strpos($k2, "" . $k);
+ if ($sp)
$passed[] = substr($k2, 0, $sp);
- }
}
$par = [];
foreach ($passed as $p) {
- if (!str_contains(strtolower($p), "id"))
+ if (strpos(strtolower($p), "id") === false)
$par[] = "'" . SQLite3::escapeString($p) . "' = '" . SQLite3::escapeString($_POST[$p . $k]) . "'";
}
$s = "update stvari set " . implode(", ", $par) . " where lastnik='{$_SERVER["PHP_AUTH_USER"]}' and id={$k}";
+ echo $s;
$db->exec($s);
}
if (!empty($_REQUEST["q"]))
- $ret = $ro->query("select * from stvari where " . $_REQUEST["q"]);
+ $ret = $ro->query("select * from stvari where " . $_REQUEST["q"] . " order by datum desc");
else
- $ret = $ro->query("select * from stvari");
+ $ret = $ro->query("select * from stvari order by datum desc");
$i = 0;
foreach ($ret as $row) {
if ($i == 0)
@@ -60,21 +70,19 @@ foreach ($ret as $row) {
echo "<td id=$k$i>";
$ok = false;
foreach (["input", "name"] as $w)
- if (!str_contains(strtolower($v), $w))
+ if (strpos(strtolower($v), $w) === FALSE)
$ok = true;
if ($k == "slika" && !empty($v))
echo "<img src=$v></img>";
- if ($k == "lastnik" && $v == $_SERVER['PHP_AUTH_USER']) {
+ if ($k == "lastnik" && $v == @$_SERVER['PHP_AUTH_USER']) {
echo "<input type=submit value=shrani name={$row["id"]} />";
echo "<input type=hidden name=id value={$row["id"]} />";
echo "<input type=submit value=izbriši name=izbriši /></td>";
}
- $last = true;
- if ($row["lastnik"] == $_SERVER['PHP_AUTH_USER'] && $k != "lastnik") {
- echo "<input name=$k{$row["id"]} value=" . htmlspecialchars($v) . " />";
- $last = false;
+ if ($row["lastnik"] == @$_SERVER['PHP_AUTH_USER'] && $k != "lastnik") {
+ echo "<input name=$k{$row["id"]} value='" . htmlspecialchars($v) . "' />";
} else
- if ($last && $k != "slika")
+ if ($row["lastnik"] != @$_SERVER['PHP_AUTH_USER'] && $k != "slika")
echo "$v</td>";
}
echo "</form></tr>";