diff options
Diffstat (limited to 'prog/inventar')
-rw-r--r-- | prog/inventar/.gitignore | 1 | ||||
-rw-r--r-- | prog/inventar/h.php | 8 | ||||
-rw-r--r-- | prog/inventar/index.php | 82 |
3 files changed, 91 insertions, 0 deletions
diff --git a/prog/inventar/.gitignore b/prog/inventar/.gitignore new file mode 100644 index 0000000..dd5199b --- /dev/null +++ b/prog/inventar/.gitignore @@ -0,0 +1 @@ +*db diff --git a/prog/inventar/h.php b/prog/inventar/h.php new file mode 100644 index 0000000..2cba303 --- /dev/null +++ b/prog/inventar/h.php @@ -0,0 +1,8 @@ +<?php +header("Content-Security-Policy: script-src 'none'"); // disable js +$db = new PDO("sqlite:db", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); +if (!$db) + die("db: " . htmlspecialchars($e->getMessage())); +$ro = new PDO("sqlite:db", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::SQLITE_ATTR_OPEN_FLAGS => PDO::SQLITE_OPEN_READONLY]); +if (!$ro) + die("ro: " . htmlspecialchars($e->getMessage())); diff --git a/prog/inventar/index.php b/prog/inventar/index.php new file mode 100644 index 0000000..4dd38dd --- /dev/null +++ b/prog/inventar/index.php @@ -0,0 +1,82 @@ +<?php +$auth = ["test" => "test"]; +if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) || (isset($_SERVER['PHP_AUTH_USER']) && $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) { + header("WWW-Authenticate: Basic realm=inventar"); + header("HTTP/1.0 401 Neprijavljen"); + die("401"); +} +?> +<style> +table, td, tr, th { + border: 1px solid red; +} +</style> +<form> +<input autofocus placeholder="where expression" name=q value="<?= htmlspecialchars($_REQUEST["q"]) ?>" /> +<input type=submit /> +</form> +<table> +<?php +if (empty($_SERVER['PHP_AUTH_USER'])) + echo "<a href=?prijava=1>prijava</a>"; +else + echo "<form method=post><input type=submit name=dodaj value='dodaj stvar kot {$_SERVER['PHP_AUTH_USER']}' /></form>"; +require_once "h.php"; +$passed = []; +if (!empty($_POST["izbriši"])) + $db->exec("delete from stvari where lastnik = '{$_SERVER["PHP_AUTH_USER"]}' and id = '{$_POST["id"]}'"); +if (!empty($_POST["dodaj"]) && !empty($_SERVER["PHP_AUTH_USER"])) + $db->exec("insert into stvari (lastnik) values ('{$_SERVER["PHP_AUTH_USER"]}')"); +foreach ($_POST as $k => $v) + if (is_numeric($k)) { + foreach ($_POST as $k2 => $v2) { + $sp = strpos($k2, $k); + if ($sp) { + $passed[] = substr($k2, 0, $sp); + } + } + $par = []; + foreach ($passed as $p) { + if (!str_contains(strtolower($p), "id")) + $par[] = "'" . SQLite3::escapeString($p) . "' = '" . SQLite3::escapeString($_POST[$p . $k]) . "'"; + } + $s = "update stvari set " . implode(", ", $par) . " where lastnik='{$_SERVER["PHP_AUTH_USER"]}' and id={$k}"; + $db->exec($s); + } +if (!empty($_REQUEST["q"])) + $ret = $ro->query("select * from stvari where " . $_REQUEST["q"]); +else + $ret = $ro->query("select * from stvari"); +$i = 0; +foreach ($ret as $row) { + if ($i == 0) + foreach ($row as $k => $v) + if ($k != "id" && !is_numeric($k)) + echo "<th>$k</th>"; + echo "<form method=post><tr>"; + foreach ($row as $k => $v) { + if ($k == "id" || is_numeric($k)) + continue; + echo "<td id=$k$i>"; + $ok = false; + foreach (["input", "name"] as $w) + if (!str_contains(strtolower($v), $w)) + $ok = true; + if ($k == "slika" && !empty($v)) + echo "<img src=$v></img>"; + if ($k == "lastnik" && $v == $_SERVER['PHP_AUTH_USER']) { + echo "<input type=submit value=shrani name={$row["id"]} />"; + echo "<input type=hidden name=id value={$row["id"]} />"; + echo "<input type=submit value=izbriši name=izbriši /></td>"; + } + $last = true; + if ($row["lastnik"] == $_SERVER['PHP_AUTH_USER'] && $k != "lastnik") { + echo "<input name=$k{$row["id"]} value=" . htmlspecialchars($v) . " />"; + $last = false; + } else + if ($last && $k != "slika") + echo "$v</td>"; + } + echo "</form></tr>"; + $i++; +} |