add('Access denied!'); $action = ACT_ERR_DENIED; } if (isset($_REQUEST['id'])) { $id = (int) $_REQUEST['id'] or $id = 0; } $ctypes = array('copper' => 'Copper', 'fibre' => 'Fibre', 'laser' => 'Laserlink', 'radio' => 'Radiolink'); // ========== ACTIONS START =================================================== switch ($submit = form_get_action()) { case NULL: break; case 'add': $action = ACT_ADD; break; case 'view': $action = ACT_VIEW; break; case 'edit': $action = ACT_EDIT; break; case 'del': $action = ACT_DELETE; break; case 'insert': $description = sanitize($_POST['description']); $length = sanitize($_POST['length']); $color = sanitize($_POST['color']); $type = sanitize($_POST['cable_type']); $links = sanitize($_POST['links']); $info = sanitize($_POST['info']); $sql = "INSERT INTO cable (cable_description, cable_color, cable_type, cable_links, cable_length, cable_info) VALUES (:description, :color, :type, :links, :length, :info)"; $sth = $dbh->prepare($sql); try { $sth->bindValue(':description', $description, PDO::PARAM_STR); $sth->bindValue(':length', $length, PDO::PARAM_INT); $sth->bindValue(':color', $color, PDO::PARAM_STR); $sth->bindValue(':type', $type, PDO::PARAM_STR); $sth->bindValue(':links', $info, PDO::PARAM_INT); $sth->bindValue(':info', $info, PDO::PARAM_STR); $sth->execute(); $id = $dbh->lastInsertId(); $action = ACT_VIEW; } catch (PDOException $e) { $g_error->Add($e->getMessage()); if ($e->getCode() == 23000) { // duplicate key $g_warning->Add("Save failed"); $g_warning->Add("Cable description '$description' already in use!"); } // reassign entered values $smarty->assign('length', $length); $smarty->assign('type', $type); $smarty->assign('links', $links); $smarty->assign('color', $color); $smarty->assign('info', $info); $action = ACT_ADD; } break; case 'update': $description = sanitize($_POST['description']); $color = sanitize($_POST['color']); $length = sanitize($_POST['length']); $type = sanitize($_POST['cable_type']); $links = sanitize($_POST['links']); $info = sanitize($_POST['info']); $sql = "UPDATE cable SET cable_description=:desc, cable_color=:color, cable_length=:length, cable_type=:type, cable_links=:links, cable_info=:info WHERE cable_id=:id"; $sth = $dbh->prepare($sql); $sth->bindValue(':id', $id, PDO::PARAM_INT); $sth->bindValue(':desc', $description, PDO::PARAM_STR); $sth->bindValue(':length', $length, PDO::PARAM_INT); $sth->bindValue(':color', $color, PDO::PARAM_STR); $sth->bindValue(':type', $type, PDO::PARAM_STR); $sth->bindValue(':links', $links, PDO::PARAM_INT); $sth->bindValue(':info', $info, PDO::PARAM_STR); try { $sth->execute(); } catch (PDOException $e) { $g_error->Add($e->getMessage()); } $action = ACT_VIEW; break; case 'delete': $sth = $dbh->prepare("DELETE FROM cable WHERE cable_id=?"); try { $sth->execute([$id]); } catch (PDOException $e) { $g_error->Add($e->getMessage()); } $action = ACT_DEFAULT; break; default: $g_error->Add(submit_error($submit)); $valid = FALSE; } // ========== ACTIONS END ===================================================== $smarty->assign("scripts", 'jscolor.js'); include("header.php"); // ========== PAGE CONTENT ==================================================== if ($action == ACT_DEFAULT): // ========== VARIANT: default behavior ======================================= $sql = "SELECT cable_id AS id, cable_description AS description, cable_from_id, cable_to_id, cable_length, cable_links, cable_type, cable_color, CONCAT(LEFT(cable_info, 60), IF(CHAR_LENGTH(cable_info)>60,'...','')) AS info FROM cable ORDER BY cable_description"; $sth = $dbh->query($sql); $smarty->assign("cables", $sth->fetchAll()); $smarty->display("cable.tpl"); elseif ($action == ACT_ADD): // ========== VARIANT: add record ============================================= $smarty->assign('type_options', $ctypes); $smarty->display('cableadd.tpl'); elseif ($action == ACT_VIEW): // ========== VARIANT: view single record ===================================== $sql = "SELECT cable_id AS id, cable_description AS description, cable_from_id, cable_to_id, cable_length, cable_links, cable_type, cable_color AS color, cable_info AS info FROM cable WHERE cable_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$id]); $smarty->assign('cable', $sth->fetch(PDO::FETCH_OBJ)); $smarty->display('cableview.tpl'); elseif ($action == ACT_EDIT): // ========== VARIANT: edit single record ===================================== $sql = "SELECT cable_id AS id, cable_description AS description, cable_from_id, cable_to_id, cable_length, cable_links, cable_type, cable_color AS color, cable_info AS info FROM cable WHERE cable_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$id]); $smarty->assign('cable', $sth->fetch(PDO::FETCH_OBJ)); $smarty->assign('type_options', $ctypes); $smarty->display('cableedit.tpl'); elseif ($action == ACT_DELETE): // ========== VARIANT: delete record ========================================== $sth = $dbh->prepare("SELECT cable_description FROM cable WHERE cable_id=?"); $sth->execute([$id]); $smarty->assign('id', $id); $smarty->assign('description', $sth->fetchColumn()); $smarty->display('cabledel.tpl'); elseif ($action == ACT_ERR_DENIED): // ========== ERROR ACCESS TO PAGE DENIED ===================================== if (isset($_SERVER['HTTP_REFERER'])) { echo '
\n"; } echo ""; else: // ========== ERROR UNKNOWN VARIANT =========================================== echo "Unknown function call: Please report to system development!
\n"; endif; // $action == ... // ========== END OF VARIANTS ================================================= $smarty->display('footer.tpl'); ?>