apa2

1. index.php
2.  
3. <?php
4. error_reporting(E_ALL ^ E_NOTICE);
5. session_start();
6. $dbuid = $_SESSION['userID'];
7. $username = $_SESSION['username'];
8. $fullname = $_SESSION['fullname'];
9. ?>
10. <!--
11. Developed by: Raja Syahrul Mukhzani
12. -->
13. <!doctype html>
14. <html lang="en" dir="ltr">
15. <head>
16. <title>CIEE Mart | Proof Read</title>
17. <meta charset="utf-8">
18. <meta name="viewport" content="width=1000, initial-scale=1">
19. <meta http-equiv="X-UA-Compatible" content="IE=Edge">
20. <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Oxygen:400,700">
21. <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css">
22. <link rel="stylesheet" type="text/css" href="css/layout.css">
23. <script charset="utf-8" src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
24. <script charset="utf-8" src="//cdn.datatables.net/1.10.0/js/jquery.dataTables.js"></script>
25. <script charset="utf-8" src="//cdn.jsdelivr.net/jquery.validation/1.13.1/jquery.validate.min.js"></script>
26. <script charset="utf-8" src="js/file.js"></script>
27. </head>
28. <body>
29.  
30. <div id="page_container">
31.  
32. <div id="navi">
33. <ul>
34. <li><a href="index.php">Home</a></li>
35. <li><a href="update-user.php">Update User</a></li>
36. <li><a href="export-info.php">Export Info</a></li>
37. <li><a href="approval.php">Proofread</a></li>
38. </ul>
39. </div>
40.  
41.  
42. <h1>Proof Read</h1>
43.  
44. <table class="datatable" id="table_users">
45. <thead>
46. <tr>
47. <th>Post ID</th>
48. <th>User ID</th>
49. <th>Category</th>
50. <th>Title</th>
51. <th>Condition</th>
52. <th>Description</th>
53. <th>Price</th>
54. <th>Date</th>
55. <th>Approval</th>
56. <th>Functions</th>
57. </tr>
58. </thead>
59. <tbody>
60. </tbody>
61. </table>
62.  
63. </div>
64.  
65. <div class="lightbox_bg"></div>
66.  
67. <div class="lightbox_container">
68. <div class="lightbox_close"></div>
69. <div class="lightbox_content">
70.  
71. <h2>Add user</h2>
72. <form class="form add" id="form_user" data-id="" novalidate>
73. <div class="input_container">
74. <label for="postID">Post ID: <span class="required"></span></label>
75. <div class="field_container">
76. <input type="text" class="text" name="postID" id="postID" value="" disabled>
77. </div>
78. </div>
79. <div class="input_container">
80. <label for="userID">User ID: <span class="required"></span></label>
81. <div class="field_container">
82. <input type="text" class="text" name="userID" id="userID" value="" disabled>
83. </div>
84. </div>
85. <div class="input_container">
86. <label for="category">Category: <span class="required"></span></label>
87. <div class="field_container">
88. <input type="text" class="text" name="category" id="category" value="" disabled>
89. </div>
90. </div>
91. <div class="input_container">
92. <label for="title">Title: <span class="required"></span></label>
93. <div class="field_container">
94. <input type="text" class="text" name="title" id="title" value="" required>
95. </div>
96. </div>
97. <div class="input_container">
98. <label for="item_condition">Condition: <span class="required"></span></label>
99. <div class="field_container">
100. <input type="text" class="text" name="item_condition" id="item_condition" value="" disabled>
101. </div>
102. </div>
103. <div class="input_container">
104. <label for="description">Description: <span class="required">*</span></label>
105. <div class="field_container">
106. <input type="text" class="text" name="description" id="description" value="" required>
107. </div>
108. </div>
109. <div class="input_container">
110. <label for="price">Price: <span class="required"></span></label>
111. <div class="field_container">
112. <input type="number" class="text" name="price" id="price" value="" disabled>
113. </div>
114. </div>
115. <div class="input_container">
116. <label for="date">Date: <span class="required"></span></label>
117. <div class="field_container">
118. <input type="text" class="text" name="date" id="date" value="" disabled>
119. </div>
120. </div>
121. <div class="input_container">
122. <label for="approval">Approval: <span class="required">*</span></label>
123. <div class="field_container">
124. <input type="text" class="text" name="approval" id="approval" value="" required>
125. </div>
126. </div>
127. <div class="button_container">
128. <button type="submit">Add user</button>
129. </div>
130. </form>
131.  
132. </div>
133. </div>
134.  
135. <noscript id="noscript_container">
136. <div id="noscript" class="error">
137. <p>JavaScript support is needed to use this page.</p>
138. </div>
139. </noscript>
140.  
141. <div id="message_container">
142. <div id="message" class="success">
143. <p>This is a success message.</p>
144. </div>
145. </div>
146.  
147. <div id="loading_container">
148. <div id="loading_container2">
149. <div id="loading_container3">
150. <div id="loading_container4">
151. Loading, please wait...
152. </div>
153. </div>
154. </div>
155. </div>
156.  
157. </body>
158. </html>
159.  
160.  
161.  
162. ----------------------------------------------------------------------
163. file.js
164.  
165. $(document).ready(function(){
166.  
167. // On page load: datatable
168. var table_users = $('#table_users').dataTable({
169. "ajax": "proofreadedit.php?job=get_users",
170. "columns": [
171. { "data": "postID" },
172. { "data": "userID" },
173. { "data": "category" },
174. { "data": "title" },
175. { "data": "item_condition" },
176. { "data": "description" },
177. { "data": "price" },
178. { "data": "date" },
179. { "data": "approval" },
180. { "data": "functions", "sClass": "functions" }
181. ],
182. "aoColumnDefs": [
183. { "bSortable": false, "aTargets": [-1] }
184. ],
185. "lengthMenu": [[10, 25, 50, 100, -1], [10, 25, 50, 100, "All"]],
186. "oLanguage": {
187. "oPaginate": {
188. "sFirst": " ",
189. "sPrevious": " ",
190. "sNext": " ",
191. "sLast": " ",
192. },
193. "sLengthMenu": "Records per page: _MENU_",
194. "sInfo": "Total of _TOTAL_ records (showing _START_ to _END_)",
195. "sInfoFiltered": "(filtered from _MAX_ total records)"
196. }
197. });
198.  
199. // On page load: form validation
200. jQuery.validator.setDefaults({
201. success: 'valid',
202. rules: {
203. access: {
204. required: true,
205. min: 0,
206. max: 1
207. }
208. },
209. errorPlacement: function(error, element){
210. error.insertBefore(element);
211. },
212. highlight: function(element){
213. $(element).parent('.field_container').removeClass('valid').addClass('error');
214. },
215. unhighlight: function(element){
216. $(element).parent('.field_container').addClass('valid').removeClass('error');
217. }
218. });
219. var form_user = $('#form_user');
220. form_user.validate();
221.  
222. // Show message
223. function show_message(message_text, message_type){
224. $('#message').html('<p>' + message_text + '</p>').attr('class', message_type);
225. $('#message_container').show();
226. if (typeof timeout_message !== 'undefined'){
227. window.clearTimeout(timeout_message);
228. }
229. timeout_message = setTimeout(function(){
230. hide_message();
231. }, 8000);
232. }
233. // Hide message
234. function hide_message(){
235. $('#message').html('').attr('class', '');
236. $('#message_container').hide();
237. }
238.  
239. // Show loading message
240. function show_loading_message(){
241. $('#loading_container').show();
242. }
243. // Hide loading message
244. function hide_loading_message(){
245. $('#loading_container').hide();
246. }
247.  
248. // Show lightbox
249. function show_lightbox(){
250. $('.lightbox_bg').show();
251. $('.lightbox_container').show();
252. }
253. // Hide lightbox
254. function hide_lightbox(){
255. $('.lightbox_bg').hide();
256. $('.lightbox_container').hide();
257. }
258. // Lightbox background
259. $(document).on('click', '.lightbox_bg', function(){
260. hide_lightbox();
261. });
262. // Lightbox close button
263. $(document).on('click', '.lightbox_close', function(){
264. hide_lightbox();
265. });
266. // Escape keyboard key
267. $(document).keyup(function(e){
268. if (e.keyCode == 27){
269. hide_lightbox();
270. }
271. });
272.  
273. // Hide iPad keyboard
274. function hide_ipad_keyboard(){
275. document.activeElement.blur();
276. $('input').blur();
277. }
278.  
279. // Add user button
280. /*$(document).on('click', '#add_user', function(e){
281. e.preventDefault();
282. $('.lightbox_content h2').text('Add user');
283. $('#form_user button').text('Add user');
284. $('#form_user').attr('class', 'form add');
285. $('#form_user').attr('data-id', '');
286. $('#form_user .field_container label.error').hide();
287. $('#form_user .field_container').removeClass('valid').removeClass('error');
288. $('#form_user #postID').val('');
289. $('#form_user #userID').val('');
290. $('#form_user #category').val('');
291. $('#form_user #title').val('');
292. $('#form_user #item_condition').val('');
293. $('#form_user #description').val('');
294. $('#form_user #price').val('');
295. $('#form_user #date').val('');
296. $('#form_user #approval').val('');
297. show_lightbox();
298. });*/
299.  
300. // Add user submit form
301. /*$(document).on('submit', '#form_user.add', function(e){
302. e.preventDefault();
303. // Validate form
304. if (form_user.valid() == true){
305. // Send user information to database
306. hide_ipad_keyboard();
307. hide_lightbox();
308. show_loading_message();
309. var form_data = $('#form_user').serialize();
310. var request = $.ajax({
311. url: 'proofreadedit.php?job=add_user',
312. cache: false,
313. data: form_data,
314. dataType: 'json',
315. contentType: 'application/json; charset=utf-8',
316. type: 'get'
317. });
318. request.done(function(output){
319. if (output.result == 'success'){
320. // Reload datable
321. table_users.api().ajax.reload(function(){
322. hide_loading_message();
323. var postID = $('#postID').val();
324. show_message("The Post ID of '" + postID + "' added successfully.", 'success');
325. }, true);
326. } else {
327. hide_loading_message();
328. show_message('Add request failed', 'error');
329. }
330. });
331. request.fail(function(jqXHR, textStatus){
332. hide_loading_message();
333. show_message('Add request failed: ' + textStatus, 'error');
334. });
335. }
336. });*/
337.  
338. // Edit user button
339. $(document).on('click', '.function_edit a', function(e){
340. e.preventDefault();
341. // Get user information from database
342. show_loading_message();
343. var id = $(this).data('id');
344. var request = $.ajax({
345. url: 'proofreadedit.php?job=get_user',
346. cache: false,
347. data: 'id=' + id,
348. dataType: 'json',
349. contentType: 'application/json; charset=utf-8',
350. type: 'get'
351. });
352. request.done(function(output){
353. if (output.result == 'success'){
354. $('.lightbox_content h2').text('Edit post');
355. $('#form_user button').text('Edit post');
356. $('#form_user').attr('class', 'form edit');
357. $('#form_user').attr('data-id', id);
358. $('#form_user .field_container label.error').hide();
359. $('#form_user .field_container').removeClass('valid').removeClass('error');
360. $('#form_user #postID').val(output.data[0].postID);
361. $('#form_user #userID').val(output.data[0].userID);
362. $('#form_user #category').val(output.data[0].category);
363. $('#form_user #title').val(output.data[0].title);
364. $('#form_user #item_condition').val(output.data[0].item_condition);
365. $('#form_user #description').val(output.data[0].description);
366. $('#form_user #price').val(output.data[0].price);
367. $('#form_user #date').val(output.data[0].date);
368. $('#form_user #approval').val(output.data[0].approval);
369. hide_loading_message();
370. show_lightbox();
371. } else {
372. hide_loading_message();
373. show_message('Information request failed', 'error');
374. }
375. });
376. request.fail(function(jqXHR, textStatus){
377. hide_loading_message();
378. show_message('Information request failed: ' + textStatus, 'error');
379. });
380. });
381.  
382. // Edit user submit form
383. $(document).on('submit', '#form_user.edit', function(e){
384. e.preventDefault();
385. // Validate form
386. if (form_user.valid() == true){
387. // Send user information to database
388. hide_ipad_keyboard();
389. hide_lightbox();
390. show_loading_message();
391. var id = $('#form_user').attr('data-id');
392. var form_data = $('#form_user').serialize();
393. var request = $.ajax({
394. url: 'proofreadedit.php?job=edit_user&id=' + id,
395. cache: false,
396. data: form_data,
397. dataType: 'json',
398. contentType: 'application/json; charset=utf-8',
399. type: 'get'
400. });
401. request.done(function(output){
402. if (output.result == 'success'){
403. // Reload datable
404. table_users.api().ajax.reload(function(){
405. hide_loading_message();
406. var postID = $('#postID').val();
407. show_message("The Post ID of '" + postID + "' edited successfully.", 'success');
408. }, true);
409. } else {
410. hide_loading_message();
411. show_message('Edit request failed', 'error');
412. }
413. });
414. request.fail(function(jqXHR, textStatus){
415. hide_loading_message();
416. show_message('Edit request failed: ' + textStatus, 'error');
417. });
418. }
419. });
420.  
421. // Delete user
422. $(document).on('click', '.function_delete a', function(e){
423. e.preventDefault();
424. var postID = $(this).data('name');
425. if (confirm("Are you sure you want to delete '" + postID + "'?")){
426. show_loading_message();
427. var id = $(this).data('id');
428. var request = $.ajax({
429. url: 'proofreadedit.php?job=delete_user&id=' + id,
430. cache: false,
431. dataType: 'json',
432. contentType: 'application/json; charset=utf-8',
433. type: 'get'
434. });
435. request.done(function(output){
436. if (output.result == 'success'){
437. // Reload datable
438. table_users.api().ajax.reload(function(){
439. hide_loading_message();
440. show_message("The name '" + postID + "' deleted successfully.", 'success');
441. }, true);
442. } else {
443. hide_loading_message();
444. show_message('Delete request failed', 'error');
445. }
446. });
447. request.fail(function(jqXHR, textStatus){
448. hide_loading_message();
449. show_message('Delete request failed: ' + textStatus, 'error');
450. });
451. }
452. });
453.  
454. });
455.  
456.  
457. ----------------------------------------------------------------------------------
458. proofreadedit.php
459.  
460. <?php
461. // Database details
462. $db_server = 'localhost';
463. $db_username = 'root';
464. $db_password = '';
465. $db_name = 'test';
466.  
467. // Get job (and id)
468. $job = '';
469. $id = '';
470. if (isset($_GET['job'])){
471. $job = $_GET['job'];
472. if ($job == 'get_users' ||
473. $job == 'get_user' ||
474. $job == 'add_user' ||
475. $job == 'edit_user' ||
476. $job == 'delete_user'){
477. if (isset($_GET['id'])){
478. $id = $_GET['id'];
479. if (!is_numeric($id)){
480. $id = '';
481. }
482. }
483. } else {
484. $job = '';
485. }
486. }
487.  
488. // Prepare array
489. $mysql_data = array();
490.  
491. // Valid job found
492. if ($job != ''){
493.  
494. // Connect to database
495. $db_connection = mysqli_connect($db_server, $db_username, $db_password, $db_name);
496. if (mysqli_connect_errno()){
497. $result = 'error';
498. $message = 'Failed to connect to database: ' . mysqli_connect_error();
499. $job = '';
500. }
501.  
502. // Execute job
503. if ($job == 'get_users'){
504.  
505. // Get users
506. $query = "SELECT * FROM post_ads ORDER BY postID";
507. $query = mysqli_query($db_connection, $query);
508. if (!$query){
509. $result = 'error';
510. $message = 'query error';
511. } else {
512. $result = 'success';
513. $message = 'query success';
514. while ($user = mysqli_fetch_array($query)){
515. $functions = '<div class="function_buttons"><ul>';
516. $functions .= '<li class="function_edit"><a data-id="' . $user['postID'] . '" data-name="' . $user['title'] . '"><span>Edit</span></a></li>';
517. $functions .= '<li class="function_delete"><a data-id="' . $user['postID'] . '" data-name="' . $user['title'] . '"><span>Delete</span></a></li>';
518. $functions .= '</ul></div>';
519. $mysql_data[] = array(
520. "postID" => $user['postID'],
521. "userID" => $user['userID'],
522. "category" => $user['category'],
523. "title" => $user['title'],
524. "item_condition" => $user['item_condition'],
525. "description" => $user['description'],
526. "price" => $user['price'],
527. "date" => $user['date'],
528. "approval" => $user['approval'],
529. "functions" => $functions
530. );
531. }
532. }
533.  
534. } elseif ($job == 'get_user'){
535.  
536. // Get user
537. if ($id == ''){
538. $result = 'error';
539. $message = 'id missing';
540. } else {
541. $query = "SELECT * FROM post_ads WHERE postID = '" . mysqli_real_escape_string($db_connection, $id) . "'";
542. $query = mysqli_query($db_connection, $query);
543. if (!$query){
544. $result = 'error';
545. $message = 'query error';
546. } else {
547. $result = 'success';
548. $message = 'query success';
549. while ($user = mysqli_fetch_array($query)){
550. $mysql_data[] = array(
551. "postID" => $user['postID'],
552. "userID" => $user['userID'],
553. "category" => $user['category'],
554. "title" => $user['title'],
555. "item_condition" => $user['item_condition'],
556. "description" => $user['description'],
557. "price" => $user['price'],
558. "date" => $user['date'],
559. "approval" => $user['approval']
560. );
561. }
562. }
563. }
564.  
565. } elseif ($job == 'add_user'){
566.  
567. // Add user
568. $query = "INSERT INTO post_ads SET ";
569. if (isset($_GET['postID'])) { $query .= "postID = '" . mysqli_real_escape_string($db_connection, $_GET['postID']) . "', "; }
570. if (isset($_GET['userID'])) { $query .= "userID = '" . mysqli_real_escape_string($db_connection, $_GET['userID']) . "', "; }
571. if (isset($_GET['category'])) { $query .= "category = '" . mysqli_real_escape_string($db_connection, $_GET['category']) . "', "; }
572. if (isset($_GET['title'])) { $query .= "title = '" . mysqli_real_escape_string($db_connection, $_GET['title']) . "', "; }
573. if (isset($_GET['item_condition'])) { $query .= "item_condition = '" . mysqli_real_escape_string($db_connection, $_GET['item_condition']) . "', "; }
574. if (isset($_GET['description'])) { $query .= "description = '" . mysqli_real_escape_string($db_connection, $_GET['description']) . "', "; }
575. if (isset($_GET['price'])) { $query .= "price = '" . mysqli_real_escape_string($db_connection, $_GET['price']) . "', "; }
576. if (isset($_GET['date'])) { $query .= "date = '" . mysqli_real_escape_string($db_connection, $_GET['date']) . "', "; }
577. if (isset($_GET['approval'])) { $query .= "approval = '" . mysqli_real_escape_string($db_connection, $_GET['approval']) . "'"; }
578. $query = mysqli_query($db_connection, $query);
579. if (!$query){
580. $result = 'error';
581. $message = 'query error';
582. } else {
583. $result = 'success';
584. $message = 'query success';
585. }
586.  
587. } elseif ($job == 'edit_user'){
588.  
589. // Edit user
590. if ($id == ''){
591. $result = 'error';
592. $message = 'id missing';
593. } else {
594. $query = "UPDATE post_ads SET ";
595. if (isset($_GET['postID'])) { $query .= "postID = '" . mysqli_real_escape_string($db_connection, $_GET['postID']) . "', "; }
596. if (isset($_GET['userID'])) { $query .= "userID = '" . mysqli_real_escape_string($db_connection, $_GET['userID']) . "', "; }
597. if (isset($_GET['category'])) { $query .= "category = '" . mysqli_real_escape_string($db_connection, $_GET['category']) . "', "; }
598. if (isset($_GET['title'])) { $query .= "title = '" . mysqli_real_escape_string($db_connection, $_GET['title']) . "', "; }
599. if (isset($_GET['item_condition'])) { $query .= "item_condition = '" . mysqli_real_escape_string($db_connection, $_GET['item_condition']) . "', "; }
600. if (isset($_GET['description'])) { $query .= "description = '" . mysqli_real_escape_string($db_connection, $_GET['description']) . "', "; }
601. if (isset($_GET['price'])) { $query .= "price = '" . mysqli_real_escape_string($db_connection, $_GET['price']) . "', "; }
602. if (isset($_GET['date'])) { $query .= "date = '" . mysqli_real_escape_string($db_connection, $_GET['date']) . "', "; }
603. if (isset($_GET['approval'])) { $query .= "date = '" . mysqli_real_escape_string($db_connection, $_GET['approval']) . "'"; }
604. $query .= "WHERE postID = '" . mysqli_real_escape_string($db_connection, $id) . "'";
605. $query = mysqli_query($db_connection, $query);
606. if (!$query){
607. $result = 'error';
608. $message = 'query error';
609. } else {
610. $result = 'success';
611. $message = 'query success';
612. }
613. }
614.  
615. } elseif ($job == 'delete_user'){
616.  
617. // Delete user
618. if ($id == ''){
619. $result = 'error';
620. $message = 'id missing';
621. } else {
622. $query = "DELETE FROM post_ads WHERE postID = '" . mysqli_real_escape_string($db_connection, $id) . "'";
623. $query = mysqli_query($db_connection, $query);
624. if (!$query){
625. $result = 'error';
626. $message = 'query error';
627. } else {
628. $result = 'success';
629. $message = 'query success';
630. }
631. }
632.  
633. }
634.  
635. // Close database connection
636. mysqli_close($db_connection);
637.  
638. }
639.  
640. // Prepare data
641. $data = array(
642. "result" => $result,
643. "message" => $message,
644. "data" => $mysql_data
645. );
646.  
647. // Convert PHP array to JSON array
648. $json_data = json_encode($data);
649. print $json_data;
650. ?>