issue #7: functions for delete-tool and update-tool moved to list page.

torbengb · Oct 4, 2020 · 8c6c7da · 8c6c7da
1 parent cdb9485
commit 8c6c7da
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 92 deletions.
diff --git a/.htaccess b/.htaccess
@@ -33,4 +33,4 @@ DirectoryIndex index.php
 #          Deny from all
 #          Satisfy All
 #     </Files>
-#     ## end
+#     ## end
diff --git a/loans/list.php b/loans/list.php
@@ -38,7 +38,8 @@
 		  JOIN tools t ON l.tool = t.id
 		  JOIN users u1 ON l.owner = u1.id
 		  JOIN users u2 ON l.loanedto = u2.id
-		  WHERE l.deleted = '0000-00-00 00:00:00'";
+		  WHERE l.deleted = '0000-00-00 00:00:00'
+		  ORDER BY l.active DESC, t.toolname";
 
   $statement = $connection->prepare($sql);
   $statement->execute();

diff --git a/tools/edit.php b/tools/edit.php
@@ -1,59 +1,6 @@
 <?php
 require "../common/common.php";
 require "../common/header.php";
-
-if (isset($_POST['submit'])) { // Action on SUBMIT:
-  if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
-
-  try { // update the record:
-    $timestamp = date("Y-m-d H:i:s");
-    $record =array(
-      "id" => $_POST['id'],
-      "modified" => $timestamp,
-      "owner" => $_POST['owner'],
-      "offered" => $_POST['offered'],
-      "toolname" => $_POST['toolname'],
-      "brand" => $_POST['brand'],
-      "model" => $_POST['model'],
-      "dimensions" => $_POST['dimensions'],
-      "weight" => $_POST['weight'],
-      "privatenotes" => $_POST['privatenotes'],
-      "publicnotes" => $_POST['publicnotes'],
-      "taxonomy1" => $_POST['taxonomy1'],
-      "taxonomy2" => $_POST['taxonomy2'],
-      "taxonomy3" => $_POST['taxonomy3'],
-      "taxonomy4" => $_POST['taxonomy4'],
-      "taxonomy5" => $_POST['taxonomy5'],
-      "electrical230v" => $_POST['electrical230v'],
-      "electrical400v" => $_POST['electrical400v'],
-      "hydraulic" => $_POST['hydraulic'],
-      "pneumatic" => $_POST['pneumatic']
-    );
-    $sql = 'UPDATE tools 
-            SET modified = :modified,
-              owner = :owner,
-              offered = :offered,
-              toolname = :toolname,
-              brand = :brand,
-              model = :model,
-              dimensions = :dimensions,
-              weight = :weight,
-              privatenotes = :privatenotes,
-              publicnotes = :publicnotes,
-              taxonomy1 = :taxonomy1,
-              taxonomy2 = :taxonomy2,
-              taxonomy3 = :taxonomy3,
-              taxonomy4 = :taxonomy4,
-              taxonomy5 = :taxonomy5,
-              electrical230v = :electrical230v,
-              electrical400v = :electrical400v,
-              hydraulic = :hydraulic,
-              pneumatic = :pneumatic
-            WHERE id = :id';
-    $statement = $connection->prepare($sql);
-    $statement->execute($record);
-  } catch(PDOException $error) { showMessage( __LINE__ , __FILE__ , $sql . "<br>" . $error->getMessage()); }
-}
 
 if (isset($_GET['id'])) { // Action on LOAD:
   try { 
@@ -87,17 +34,11 @@
 
 <h2>Edit a tool</h2>
 
-<?php if (isset($_POST['submit']) && $statement) : ?>
-    <blockquote class="success">Successfully updated your <b><?php echo escape($_POST['toolname']); ?></b> in the <a href="list.php">tool pool</a>.</blockquote>
-<?php endif; ?>
-
-<form method="post">
-    <button class="button delete" type="submit" name="delete" value="<?php echo escape($tool["id"]); ?>" action="list.php">Delete!</button>
-</form>
-
-<form method="post"><input class="button submit" type="submit" name="submit" value="Submit">
+<form action="list.php" method="post">
+  <button class="button delete" type="submit" name="update" value="update">Update</button>
+  <button class="button delete" type="submit" name="delete" value="delete">Delete</button>
   <input type="hidden" name="csrf" value="<?php echo escape($_SESSION['csrf']); ?>">
-  <input type="hidden" name="id" value="<?php echo escape($tool['id']); ?>">
+  <input type="hidden" name="id"   value="<?php echo escape($tool['id']); ?>">
 
   <label class="label" for="owner">Owner
     <select class="input" name="owner" id="owner">
@@ -178,7 +119,7 @@
   <label class="label" for="hydraulic">     <input class="input" type="checkbox" name="hydraulic"      id="hydraulic"      value="1" <?php echo ( escape($tool["hydraulic"]     ) ? "checked" : NULL ) ?>>Hydraulic</label>
   <label class="label" for="pneumatic">     <input class="input" type="checkbox" name="pneumatic"      id="pneumatic"      value="1" <?php echo ( escape($tool["pneumatic"]     ) ? "checked" : NULL ) ?>>Pneumatic</label>
 
-  <input class="button submit" type="submit" name="submit" value="Submit">
+  <button class="button delete" type="submit" name="update" value="update">Update</button>
 </form>
 
 <?php require "../common/footer.php"; ?>
diff --git a/tools/list.php b/tools/list.php
@@ -2,11 +2,78 @@
 require "../common/common.php";
 require "../common/header.php";
 
-$success = null;
+if (isset($_POST['update'])) {
+  echo __LINE__ . ":update:" . $_POST["id"] . "<br>";
+  if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
+
+  try { // update the record:
+    $timestamp = date("Y-m-d H:i:s");
+    $record =array(
+        "id" => $_POST['id'],
+        "modified" => $timestamp,
+        "owner" => $_POST['owner'],
+        "offered" => $_POST['offered'],
+        "toolname" => $_POST['toolname'],
+        "brand" => $_POST['brand'],
+        "model" => $_POST['model'],
+        "dimensions" => $_POST['dimensions'],
+        "weight" => $_POST['weight'],
+        "privatenotes" => $_POST['privatenotes'],
+        "publicnotes" => $_POST['publicnotes'],
+        "taxonomy1" => $_POST['taxonomy1'],
+        "taxonomy2" => $_POST['taxonomy2'],
+        "taxonomy3" => $_POST['taxonomy3'],
+        "taxonomy4" => $_POST['taxonomy4'],
+        "taxonomy5" => $_POST['taxonomy5'],
+        "electrical230v" => $_POST['electrical230v'],
+        "electrical400v" => $_POST['electrical400v'],
+        "hydraulic" => $_POST['hydraulic'],
+        "pneumatic" => $_POST['pneumatic']
+    );
+    $sql = 'UPDATE tools 
+            SET modified = :modified,
+              owner = :owner,
+              offered = :offered,
+              toolname = :toolname,
+              brand = :brand,
+              model = :model,
+              dimensions = :dimensions,
+              weight = :weight,
+              privatenotes = :privatenotes,
+              publicnotes = :publicnotes,
+              taxonomy1 = :taxonomy1,
+              taxonomy2 = :taxonomy2,
+              taxonomy3 = :taxonomy3,
+              taxonomy4 = :taxonomy4,
+              taxonomy5 = :taxonomy5,
+              electrical230v = :electrical230v,
+              electrical400v = :electrical400v,
+              hydraulic = :hydraulic,
+              pneumatic = :pneumatic
+            WHERE id = :id';
+    $statement = $connection->prepare($sql);
+    $statement->execute($record);
+  } catch(PDOException $error) { showMessage( __LINE__ , __FILE__ , $sql . "<br>" . $error->getMessage()); }
+}
+
+if (isset($_POST['delete'])) { // Action on SUBMIT:
+  if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
+
+  try { // update the record:
+    $timestamp = date("Y-m-d H:i:s");
+    $id = $_POST['id'];
+    $sql = "UPDATE tools 
+			SET deleted = '$timestamp'
+			WHERE id = :id";
+    $statement = $connection->prepare($sql);
+    $statement->bindValue(':id', $id);
+    $statement->execute();
+  } catch(PDOException $error) { echo $sql . "<br>" . $error->getMessage(); }
+}
 
 if (isset($_POST['loan'])) { // Action on SUBMIT:
   if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
-  try { 
+  try {
 // first collect the necessary data:
     $id = $_POST["loan"];
     $sql = "SELECT t.owner, t.toolname, u.username 
@@ -43,29 +110,14 @@
   } catch(PDOException $error) { showMessage( __LINE__ , __FILE__ , $sql . "<br>" . $error->getMessage()); }
 }
 
-if (isset($_POST['delete'])) { // Action on SUBMIT:
-  if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
-
-  try { // update the record:
-    $timestamp = date("Y-m-d H:i:s");
-    $id = $_POST["delete"];
-    $sql = "UPDATE tools 
-			SET deleted = '$timestamp'
-			WHERE id = :id";
-    $statement = $connection->prepare($sql);
-    $statement->bindValue(':id', $id);
-    $statement->execute();
-    $success = "Successfully deleted the tool.";
-  } catch(PDOException $error) { showMessage( __LINE__ , __FILE__ , $sql . "<br>" . $error->getMessage()); }
-}
-
 // Action on LOAD:
 try { // load the record:
   $sql = "SELECT t.*, u.username, t1.name AS t1, t2.name AS t2, t3.name AS t3, t4.name AS t4, t5.name AS t5, l.active
     FROM tools t
     JOIN users u ON u.id = t.owner
     LEFT JOIN loans l ON l.tool = t.id 
     			AND l.active = 1
+    			AND l.deleted = '0000-00-00 00:00:00'
     LEFT JOIN taxonomy t1 ON t1.id = t.taxonomy1 -- LEFT includes tools without a taxonomy.
     LEFT JOIN taxonomy t2 ON t2.id = t.taxonomy2 
     LEFT JOIN taxonomy t3 ON t3.id = t.taxonomy3 
@@ -91,20 +143,30 @@
 
 <h2>Tool Pool || <a href="new.php">add new</a></h2>
 
-<?php if (isset($_POST['loan']) && $statement) : ?>
-  <blockquote>Successfully recorded <a href="../loans/list.php">your new loan</a>. Now you may pick up the <b><?php echo escape($toolname) ?></b> from <b><?php echo escape($ownername) ?></b>.</blockquote>
+<?php if (isset($_POST['update']) && $statement) : ?>
+    <blockquote class="success">Successfully updated your <b><?php echo escape($_POST['toolname']); ?></b> in the <a href="list.php">tool pool</a>.</blockquote>
+<?php endif; ?>
+
+<?php if (isset($_POST['delete']) && $statement) : ?>
+    <blockquote class="success">Successfully deleted your <b><?php echo escape($_POST['toolname']); ?></b>!</blockquote>
 <?php endif; ?>
 
-<?php if ($success) echo $success; ?>
+<?php if (isset($_POST['loan']) && $statement) : ?>
+    <blockquote>Successfully recorded <a href="../loans/list.php">your new loan</a>. Now you may pick up the <b><?php echo escape($toolname) ?></b> from <b><?php echo escape($ownername) ?></b>.</blockquote>
+<?php endif; ?>
 
 <form method="post">
   <input name="csrf" type="hidden" value="<?php echo escape($_SESSION['csrf']); ?>">
+    <table><tr><td width="25%" align="right">Legend:</td>
+            <td width="25%" align="center" class="offered">Available</td>
+            <td width="25%" align="center" class="loaned">Waiting list</td>
+            <td width="25%" align="center" class="notoffered">Currently not loanable</td></tr></table>
   <table>
     <thead>
       <tr>
-          <th>Action</th>
+          <th align="center">Action</th>
           <th>Owner</th>
-          <th>Offered</th>
+          <th>Availability</th>
           <th>Tool name</th>
           <th>Brand</th>
           <th>Model</th>
@@ -124,10 +186,10 @@
     <tbody>
     <?php foreach ($result as $row) : ?>
       <tr>
-          <td>
+          <td align="center">
             <button class="button edit" type="submit" name="loan" value="<?php echo escape($row["id"]); ?>">Loan</button>
             <a href="edit.php?id=<?php echo escape($row["id"]); ?>">Edit</a>
-            <button class="button delete" type="submit" name="delete" value="<?php echo escape($row["id"]); ?> action="list.php">Delete!</button>
+            <!--button class="button delete" type="submit" name="delete" value="<?php echo escape($row["id"]); ?> action="list.php">Delete!</button-->
           </td>
           <td><?php echo escape($row["username"]); ?></td>
           <td

diff --git a/tools/new.php b/tools/new.php
@@ -90,7 +90,7 @@
   <label class="label" for="publicnotes">Public notes<input class="input" type="text" name="publicnotes" id="publicnotes"></label>
   <label class="label" for="taxonomy1">Taxonomy 1
     <select class="input" name="taxonomy1" id="taxonomy1">
-      <?php // TODO: make tax2..4 into adaptive dropdowns depending on the parent value.
+      <?php // TODO: issue #10 https://github.com/torbengb/toolpool/issues/10
       foreach ($tax1 as $row) : ?>
         <option value="<?php echo escape($row["id"]); ?>"><?php echo escape($row["name"]); ?></option>
       <?php endforeach; ?>