Location: PHPKode > projects > iLP System > Release 2.2/upload/list.php
<?php
/**
 * iLP System Listenanzeige
 * 
 * Autor:		Florian "ApoY2k" Peschka
 * Projekt:		iLP System
 * Paket:		apoy2k.ilp.wrynn
 * Lizenz:		CreativeCommons (by-nc-sa)
 * Kontakt:		hide@address.com
 * Version:		2.1.1
 */

// Benutzer-Login prüfen
if (isset($_SESSION['user']['login']))
{
	// Bestimmte Aufgaben je nach Angabe in der iLPURL erledigen.
	if (isset($tpl['url'][2]))
	{
		if ('add' == $tpl['url'][2])
		{
			// Zusatzheader für die Validierung des Formulars laden.
			if (!isset($tpl['url'][3]))
			{
				$tpl['headincludes'][] = 'list.additem';
			}
			
			/**
			 * Wenn das Formular zum Hinzufügen eines Gegenstandes ausgefüllt und erfolgreich abgeschickt wurde,
			 * die Daten verarbeiten und gegebenenfalls eine Fehlermeldung ausgeben.
			 */
			elseif ('do' == $tpl['url'][3] && '' != $_POST['additem_item_id'])
			{
				// Prüfung, ob der Gegenstand bereits in der Liste vorhanden ist
				$duplicate = $db->prepare("SELECT id FROM ilp_items WHERE item_id = ? AND user_id = ?");
				$duplicate->execute(array($_POST['additem_item_id'], $tpl['user']['id']));
				
				if (0 == $duplicate->rowCount())
				{
					$prep_ins = $db->prepare("INSERT INTO ilp_items (user_id, item_id) VALUES (:user_id, :item_id)");
					$prep_ins->execute(array(':user_id' => $_POST['additem_user_id'], ':item_id' => $_POST['additem_item_id']));
					
					if (1 == $prep_ins->rowCount())
					{
						writeLog($tpl['user']['id'], $tpl['user']['id'], 'user_add_item_to_list', array('item_id' => $_POST['additem_item_id']));
						header('Location: index.php?ilp='.ilpUrlEncode('start;list'));
					}
					else
					{
						$tpl['error']['action'] = 'Gegenstand hinzufügen';
						$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
						$tpl['error']['location'] = 'list.php:36';
						$tpl['error']['result'] = serialize($prep_ins->errorInfo());
						$tpl['error']['level']	= '0 (base-php)';
					}
				}
				else
				{
					$tpl['error']['message'] = $lang['error']['duplicate'];
					$tpl['error']['ref'] = 'start;list;add';
				}
			}
			else
			{
				$tpl['error']['message'] = $lang['error']['itemid'];
				$tpl['error']['ref'] = 'start;list;add';
			}
		}
		
		/**
		 * Gegenstände löschen – Wenn die Sicherheitsabfrage korrekt eingegeben wurde, wird der Gegenstand aus der
		 * Datenbank gelöscht. Dies beinträchtigt nicht den Cache!
		 */
		elseif ('delete' == $tpl['url'][2])
		{
			// Zusatzheader für die Validierung des Formulars laden.
			if ('do' != $tpl['url'][3])
			{
				$tpl['headincludes'][] = 'list.deleteitem';
			}
			
			else
			{
				// PHP-Prüfung der Bestätigung für deaktiviertes Javascript
				if ($lang['list']['delete']['confirm']['delete'] == $_POST['deleteitem_confirm'])
				{
					$prep_del = $db->prepare("DELETE FROM ilp_items WHERE id = :id AND item_id = :item_id AND user_id = :user_id");
					$prep_del->execute(array(':id' => $_POST['deleteitem_id'], ':item_id' => $_POST['deleteitem_item_id'], ':user_id' => $_SESSION['user']['id']));
					
					if (1 == $prep_del->rowCount())
					{
						writeLog($tpl['user']['id'], $tpl['user']['id'], 'user_delete_item_from_list', array('item_id' => $_POST['deleteitem_item_id']));
						header('Location: index.php?ilp='.ilpUrlEncode('start;list'));
					}
					else
					{
						$tpl['error']['action'] = 'Gegenstand löschen – ID: '.$_POST['deleteitem_id'];
						$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
						$tpl['error']['location'] = 'list.php:76';
						$tpl['error']['result'] = serialize($prep_del->errorInfo());
						$tpl['error']['level']	= '0 (base-php)';
					}
				}
				else
				{
					$tpl['error']['message'] = $lang['error']['confirm'];
					$tpl['error']['ref'] = 'start;list;delete;'.$_POST['deleteitem_id'].';'.$_POST['deleteitem_item_id'];
				}
			}
		}
		
		// Gegenstand bearbeiten
		elseif ('edit' == $tpl['url'][2])
		{
			// Zusatzheader für die Validierung des Formulars laden.
			if ('do' != $tpl['url'][3])
			{
				$tpl['headincludes'][] = 'list.edititem';
			}
			
			else
			{
				// Prüfung, ob der Gegenstand bereits in der Liste vorhanden ist
				$duplicate = $db->prepare("SELECT id FROM ilp_items WHERE item_id = ? AND user_id = ?");
				$duplicate->execute(array($_POST['edititem_new_id'], $tpl['user']['id']));
				
				if (0 == $duplicate->rowCount())
				{
					if ('' != $_POST['edititem_new_id'])
					{
						$prep_edit = $db->prepare("UPDATE ilp_items SET item_id = :item_id, item_value = 0 WHERE id = :id AND user_id = :user_id");
						$prep_edit->execute(array(':item_id' => $_POST['edititem_new_id'], ':id' => $_POST['edititem_id'], ':user_id' => $_SESSION['user']['id']));
						
						if (1 == $prep_edit->rowCount())
						{
							writeLog($tpl['user']['id'], $tpl['user']['id'], 'user_edit_item_of_list', array('old_item_id' => $_POST['edititem_old_id'], 'new_item_id' => $_POST['edititem_new_id']));
							header ('Location: index.php?ilp='.ilpUrlEncode('start;list'));
						}
						else
						{
							$tpl['error']['action'] = 'Gegenstand ändern – ID: '.$_POST['edititem_id'];
							$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
							$tpl['error']['location'] = 'list.php:108';
							$tpl['error']['result'] = serialize($prep_edit->errorInfo());
							$tpl['error']['level']	= '0 (base-php)';
						}
					}
					else
					{
						$tpl['error']['message'] = $lang['error']['itemid'];
						$tpl['error']['ref'] = 'start;list;edit;'.$_POST['edititem_id'].';'.$_POST['edititem_item_id'];
					}
				}
				else
				{
					$tpl['error']['message'] = $lang['error']['duplicate'];
					$tpl['error']['ref'] = 'start;list;edit;'.$_POST['edititem_id'].';'.$_POST['edititem_item_id'];
				}
			}
		}
		
		// Änderung beantragen
		elseif ('req' == $tpl['url'][2])
		{
			
			// Zusatzheader für die Validierung des Formulars laden.
			if ('do' != $tpl['url'][3])
			{
				$tpl['headincludes'][] = 'list.reqitem';
			}
			
			else
			{
				if ('' != $_POST['reqitem_item_id'] && '' != $_POST['reqitem_msg'])
				{
					// Array der nötigen Informationen erstellen
					$req_values['id'] = $_POST['reqitem_id'];
					$req_values['old_item_id'] = $_POST['reqitem_old_item_id'];
					$req_values['item_id'] = $_POST['reqitem_item_id'];
					$req_values = serialize($req_values);
					
					$prep_note = $db->prepare("INSERT INTO ilp_reqs (date_sent, type, sent_id, req_values, req_msg) VALUES (NOW(), 1, ?, ?, ?)");
					$prep_note->execute(array($_SESSION['user']['id'], $req_values, $_POST['reqitem_msg']));
					
					if (1 == $prep_note->rowCount())
					{
						writeLog($tpl['user']['id'], $tpl['user']['id'], 'user_req_item_sent', array('old_item_id' => $_POST['reqitem_old_item_id'], 'new_item_id' => $_POST['reqitem_item_id']));
						header ('Location: index.php?ilp='.ilpUrlEncode('start;reqs'));
					}
					else
					{
						$tpl['error']['action'] = 'Gegenstandsänderung anfragen – ID: '.$_POST['reqitem_id'];
						$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
						$tpl['error']['location'] = 'list.php:157';
						$tpl['error']['result'] = serialize($prep_note->errorInfo());
						$tpl['error']['level']	= '0 (base-php)';
					}
				}
				else
				{
					$tpl['error']['message'] = $lang['error']['incomplete'];
					$tpl['error']['ref'] = 'start;list;req;'.$_POST['reqitem_id'].';'.$_POST['reqitem_old_item_id'];
				}
			}
		}
	}
	
	// Wenn keine Angabe oder "show" angegeben wurde, die Liste des Benutzers anzeigen
	elseif (!isset($tpl['url'][2]) || 'show' == $tpl['url'][2])
	{
		$tpl['headincludes'][] = 'list.showitems';
		
		$get_list = $db->prepare("SELECT * FROM ilp_items WHERE user_id = :user_id");
		$get_list->execute(array(':user_id' => $_SESSION['user']['id']));
		
		while ($row = $get_list->fetch(PDO::FETCH_ASSOC))
		{
			$tpl['list'][] = $row;
		}
		
		// Anzahl der Gegenstände in der Liste zählen und speichern
		isset($tpl['list']) ? $tpl['list_length'] = count($tpl['list']) : $tpl['list_length'] = 0;
	}
}

// Wenn der Benutzer nicht eingeloggt ist, Fehlerausgabe erzeugen
else
{
	$tpl['error']['action'] = 'Seite aufrufen: Liste anzeigen';
	$tpl['error']['actor'] = $_SERVER['REMOTE_ADDR'];
	$tpl['error']['location'] = 'list.php';
	$tpl['error']['result'] = 'Zugriff verweigert';
	$tpl['error']['level'] = '0 (base-php)';
}
?>
Return current item: iLP System