diff options
Diffstat (limited to 'action.php')
| -rw-r--r-- | action.php | 81 |
1 files changed, 81 insertions, 0 deletions
@@ -74,6 +74,7 @@ switch($_GET["task"]){ break; case("update"): + lredirect("liste"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); @@ -100,8 +101,10 @@ switch($_GET["task"]){ break; case("add"): + lredirect("liste"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); echo "Method not allowed"; exit; } @@ -119,9 +122,45 @@ switch($_GET["task"]){ $c->flush(); } break; + case("delete"): + lredirect("liste"); + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); + echo "Method not allowed"; + exit; + } + if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){ + print_list("update"); + } else { + //$sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s, adresse = %s, telefonnummer = %s, handynummer = %s, email = %s, geburtstag = %s WHERE member_id = %d;", + // $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"] + //); + $sql = $db->prepare("DELETE FROM " . DBPREFIX . "member WHERE member_id = %d;", $_GET["id"]); + if ( ! $sql ){ + ob_clean(); + echo "SQL preparation failed."; + exit; + } + if ( $result = $db->doQuery($sql) ){ + header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); + //header("Location: /?page=" . $_GET["goto"]); + header("Location: /?page=liste"); + $c->flush(); + exit; + } else { + print_update('update'); + exit; + + } + } + + break; case("account"): + lredirect("liste"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); echo "Method not allowed"; exit; } @@ -173,6 +212,7 @@ switch($_GET["task"]){ case("recover"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); echo "Method not allowed"; exit; } @@ -209,4 +249,45 @@ JG Adlershof"; redirect("recover&track=0"); } break; + case("download"): + lredirect("liste"); + $file = '/tmp/jg_data.txt'; + $fp=fopen($file, 'w'); + if( ! isset($_GET["type"]) || $_GET["type"] == "" || $_GET["type"] == "plain" ){ + $content = "Adressliste der JG \n"; + $content .= "# | Name | Adresse | Telefon | Handy | E-Mail | Geburtstag\n"; + } else { + $content = "Adressliste der JG \n"; + } + $res = $db->doQuery("SELECT * FROM " . DBPREFIX . "member;"); + $content .= "\n"; + $count = 1; + //while ($row = $res->fetch_array(MYSQLI_ASSOC) ){ + while ($row = $res->fetch_array() ){ + + if( ! isset($_GET["type"]) || $_GET["type"] == "" || $_GET["type"] == "plain" ){ + $content .= $count . " | " . $row["name"] . " | " . $row["adresse"] . " | " . $row["telefonnummer"] . " | " . $row["handynummer"] . " | " . $row["email"] . " | " . $row["geburtstag"] . "\n"; + + }else if(($_GET["type"] == "csv")){ + $content .= $count; + for ( $i=1;$i<7;$i++){ + $content .= ';' . $row[$i]; + } + $content .= "\n"; + } + $count++; + } + + fputs($fp, $content); + fclose($fp); + ob_clean(); + header("Content-Type: text/plain; Charset=UTF-8"); + header("Content-Disposition: attachment; filename=\"JG Adressliste ".time().".txt\""); + readfile($file); + unlink($file); + exit; + break; + default: + print_404(); + break; } |