1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
<?php
if ( ! isset($_GET["page"]) || $_GET["page"] != "action" ){
header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
exit;
}
if ( ! isset($_GET["task"]) || $_GET["task"] == "" ){
header($_SERVER["SERVER_PROTOCOL"] . "400 Wrong Request");
header("Location: /?page=index");
}
switch($_GET["task"]){
case("login"):
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
echo "Method not allowed";
exit;
}
if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" ){
failure("not enough information", "400 Bad Request");
}
if ( $jg->login($_POST["name"], $_POST["password"]) ){
header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
header("Location: /?page=" . $_GET["goto"]);
exit;
}
break;
case("update"):
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
echo "Method not allowed";
exit;
}
if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){
exit;
}
$sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s AND adresse = %s AND telefonnummer = %s AND handynummer = %s AND email = %s AND geburtstag = %s WHERE id = %d;",
$_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"]
);
if ( ! $sql )
exit;
if ( $result = $db->doQuery($sql) ){
header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
header("Location: /?page=" . $_GET["goto"]);
}
exit;
break;
case("add"):
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
echo "Method not allowed";
exit;
}
$sql = $db->prepare("INSERT INTO " . DBPREFIX . "member (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL, %s, %s, %s, %s, %s, %s);",
$_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"]
);
if ( ! $sql )
exit;
if ( $result = $db->doQuery($sql) ){
header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
header("Location: /?page=" . $_GET["goto"]);
}
exit;
}
|
