-
Notifications
You must be signed in to change notification settings - Fork 0
/
edit_software.php
executable file
·176 lines (152 loc) · 4.39 KB
/
edit_software.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
<?php
// *************************************************************
// file: edit_software.php
// created by: Alex Gordon, Elliott Staude
// date: 04-6-2014
// purpose: The page used to edit information on a software item.
//
// *************************************************************
// include nav bar and other default page items
include('header.php');
// check the session to see if the person is authenticated
if(!isset($_SESSION['user'])) {
header('Location: login.php');
}
// Manager or User
if($_SESSION['access']==ADMIN_PERMISSION || USER_PERMISSION) {
?>
<div class="row">
<div class="large-10 large-centered columns">
<h1>Editing Software</h1>
<?php
// get the item ID
$itemID = $_GET['edit'];
// post form data
if (isset($_POST['submit'])){
// post delete item data
if ($_POST['submit'] == "Delete Item")
{
include 'open_db.php';
//display error if database cannot be accessed
if (!$conn )
{
echo('<div data-alert class="alert-box warning">
Sorry! Database is unavailable.
<a href="#" class="close">×</a>
</div>');
echo( print_r( sqlsrv_errors(), true));
}
$deletionSQL = "DELETE FROM dbo.software WHERE index_id = $itemID;";
$deletionAttempt = sqlsrv_query($conn, $deletionSQL);
if(!$deletionAttempt)
{
echo print_r( sqlsrv_errors(), true);
exit;
}
// close the connection
sqlsrv_close($conn);
echo "<h3>Data successfully removed</h3>";
echo "<a class=\"button\" href=\"software.php\">OK</a>";
echo "</div>";
}
else
{
//connect to the database
include 'open_db.php';
//display error if database cannot be accessed
if (!$conn )
{
echo('<div data-alert class="alert-box warning">
Sorry! Database is unavailable.
<a href="#" class="close">×</a>
</div>');
echo( print_r( sqlsrv_errors(), true));
}
//assign form input to variables
include 'dateTime.php';
$last_updated_by = $_SESSION['user'];
$last_updated_at = $dateTime;
$name = $_POST['name'];
$software_type = $_POST['software_type'];
//SQL query to insert variables above into table
$sql = "UPDATE dbo.software SET last_updated_by = '$last_updated_by', last_updated_at = '$last_updated_at', name = '$name', software_type = '$software_type' WHERE software.index_id = $itemID;";
$result = sqlsrv_query($conn, $sql);
//if the query cant be executed
if(!$result)
{
echo print_r( sqlsrv_errors(), true);
exit;
}
// close the connection
sqlsrv_close( $conn);
echo "<h3>Data successfully modified</h3>";
echo "<a class=\"button\" href=\"software.php\">OK</a>";
echo "</div>";
}
}
else
{
include 'open_db.php';
$editQuery = "SELECT * FROM software WHERE software.index_id = $itemID;";
$editResult = sqlsrv_query($conn, $editQuery);
if(!$editResult)
{
echo print_r( sqlsrv_errors(), true);
exit;
}
$item = sqlsrv_fetch_array($editResult, SQLSRV_FETCH_ASSOC);
?>
<!-- form data -->
<form data-abide type="submit" name="submit" enctype='multipart/form-data' <?php echo "action=\"edit_software.php?edit=" . $itemID . "\""; ?> method="POST">
<fieldset>
<legend>Software Info</legend>
<div class="row">
<div class="large-4 columns">
<label>Name</label>
<input type="text" name="name" <?php echo "value=\"" . $item['name'] . "\""; ?> required>
</div>
<div class="large-4 columns">
<label>Software type</label>
<input type="text" name="software_type" <?php echo "value=\"" . $item['software_type'] . "\""; ?> required>
</div>
</div>
</fieldset>
<div class="row">
<?php
if ($_SESSION['access']==ADMIN_PERMISSION)
{
?>
<div class="large-4 columns">
<dl class="accordion" data-accordion>
<dd>
<a href="#deletePanel">Delete</a>
<div id="deletePanel" class="content alert">
<p>Are you sure you want to delete this item? This action cannot be undone.</p>
<input type="submit" name="submit" value="Delete Item" class="button alert" formmethod="post">
</div>
</dd>
</dl>
</div>
<?php
}
?>
<div class="large-4 columns">
<a class="button expand" href="software.php">Cancel</a>
</div>
<div class="large-4 columns">
<input type="submit" name="submit" value="Save Item" class="button expand" formmethod="post">
</div>
</div>
</form>
</div>
<?php
}
}
// Faculty
if($_SESSION['access']==FACULTY_PERMISSION) {
// Faculty and users should not have access to this page.
header('Location: home.php');
}
//footer
include('footer.php')
?>