summaryrefslogtreecommitdiffstats
path: root/prog/inventar
diff options
context:
space:
mode:
Diffstat (limited to 'prog/inventar')
-rw-r--r--prog/inventar/.gitignore1
-rw-r--r--prog/inventar/h.php8
-rw-r--r--prog/inventar/index.php82
3 files changed, 91 insertions, 0 deletions
diff --git a/prog/inventar/.gitignore b/prog/inventar/.gitignore
new file mode 100644
index 0000000..dd5199b
--- /dev/null
+++ b/prog/inventar/.gitignore
@@ -0,0 +1 @@
+*db
diff --git a/prog/inventar/h.php b/prog/inventar/h.php
new file mode 100644
index 0000000..2cba303
--- /dev/null
+++ b/prog/inventar/h.php
@@ -0,0 +1,8 @@
+<?php
+header("Content-Security-Policy: script-src 'none'"); // disable js
+$db = new PDO("sqlite:db", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
+if (!$db)
+ die("db: " . htmlspecialchars($e->getMessage()));
+$ro = new PDO("sqlite:db", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::SQLITE_ATTR_OPEN_FLAGS => PDO::SQLITE_OPEN_READONLY]);
+if (!$ro)
+ die("ro: " . htmlspecialchars($e->getMessage()));
diff --git a/prog/inventar/index.php b/prog/inventar/index.php
new file mode 100644
index 0000000..4dd38dd
--- /dev/null
+++ b/prog/inventar/index.php
@@ -0,0 +1,82 @@
+<?php
+$auth = ["test" => "test"];
+if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) || (isset($_SERVER['PHP_AUTH_USER']) && $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) {
+ header("WWW-Authenticate: Basic realm=inventar");
+ header("HTTP/1.0 401 Neprijavljen");
+ die("401");
+}
+?>
+<style>
+table, td, tr, th {
+ border: 1px solid red;
+}
+</style>
+<form>
+<input autofocus placeholder="where expression" name=q value="<?= htmlspecialchars($_REQUEST["q"]) ?>" />
+<input type=submit />
+</form>
+<table>
+<?php
+if (empty($_SERVER['PHP_AUTH_USER']))
+ echo "<a href=?prijava=1>prijava</a>";
+else
+ echo "<form method=post><input type=submit name=dodaj value='dodaj stvar kot {$_SERVER['PHP_AUTH_USER']}' /></form>";
+require_once "h.php";
+$passed = [];
+if (!empty($_POST["izbriši"]))
+ $db->exec("delete from stvari where lastnik = '{$_SERVER["PHP_AUTH_USER"]}' and id = '{$_POST["id"]}'");
+if (!empty($_POST["dodaj"]) && !empty($_SERVER["PHP_AUTH_USER"]))
+ $db->exec("insert into stvari (lastnik) values ('{$_SERVER["PHP_AUTH_USER"]}')");
+foreach ($_POST as $k => $v)
+ if (is_numeric($k)) {
+ foreach ($_POST as $k2 => $v2) {
+ $sp = strpos($k2, $k);
+ if ($sp) {
+ $passed[] = substr($k2, 0, $sp);
+ }
+ }
+ $par = [];
+ foreach ($passed as $p) {
+ if (!str_contains(strtolower($p), "id"))
+ $par[] = "'" . SQLite3::escapeString($p) . "' = '" . SQLite3::escapeString($_POST[$p . $k]) . "'";
+ }
+ $s = "update stvari set " . implode(", ", $par) . " where lastnik='{$_SERVER["PHP_AUTH_USER"]}' and id={$k}";
+ $db->exec($s);
+ }
+if (!empty($_REQUEST["q"]))
+ $ret = $ro->query("select * from stvari where " . $_REQUEST["q"]);
+else
+ $ret = $ro->query("select * from stvari");
+$i = 0;
+foreach ($ret as $row) {
+ if ($i == 0)
+ foreach ($row as $k => $v)
+ if ($k != "id" && !is_numeric($k))
+ echo "<th>$k</th>";
+ echo "<form method=post><tr>";
+ foreach ($row as $k => $v) {
+ if ($k == "id" || is_numeric($k))
+ continue;
+ echo "<td id=$k$i>";
+ $ok = false;
+ foreach (["input", "name"] as $w)
+ if (!str_contains(strtolower($v), $w))
+ $ok = true;
+ if ($k == "slika" && !empty($v))
+ echo "<img src=$v></img>";
+ if ($k == "lastnik" && $v == $_SERVER['PHP_AUTH_USER']) {
+ echo "<input type=submit value=shrani name={$row["id"]} />";
+ echo "<input type=hidden name=id value={$row["id"]} />";
+ echo "<input type=submit value=izbriši name=izbriši /></td>";
+ }
+ $last = true;
+ if ($row["lastnik"] == $_SERVER['PHP_AUTH_USER'] && $k != "lastnik") {
+ echo "<input name=$k{$row["id"]} value=" . htmlspecialchars($v) . " />";
+ $last = false;
+ } else
+ if ($last && $k != "slika")
+ echo "$v</td>";
+ }
+ echo "</form></tr>";
+ $i++;
+}