From 1bb57cc0ceb60872ab1994015611ee4ceeda6681 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= <anton@sijanec.eu>
Date: Sun, 23 Apr 2023 02:14:48 +0200
Subject: razno

---
 prog/inventar/index.php | 82 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 prog/inventar/index.php

(limited to 'prog/inventar/index.php')

diff --git a/prog/inventar/index.php b/prog/inventar/index.php
new file mode 100644
index 0000000..4dd38dd
--- /dev/null
+++ b/prog/inventar/index.php
@@ -0,0 +1,82 @@
+<?php
+$auth = ["test" => "test"];
+if ((isset($_REQUEST["prijava"]) && (empty($_SERVER["PHP_AUTH_USER"]) || $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) || (isset($_SERVER['PHP_AUTH_USER']) && $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])) {
+	header("WWW-Authenticate: Basic realm=inventar");
+	header("HTTP/1.0 401 Neprijavljen");
+	die("401");
+}
+?>
+<style>
+table, td, tr, th {
+	border: 1px solid red;
+}
+</style>
+<form>
+<input autofocus placeholder="where expression" name=q value="<?= htmlspecialchars($_REQUEST["q"]) ?>" />
+<input type=submit />
+</form>
+<table>
+<?php
+if (empty($_SERVER['PHP_AUTH_USER']))
+	echo "<a href=?prijava=1>prijava</a>";
+else
+	echo "<form method=post><input type=submit name=dodaj value='dodaj stvar kot {$_SERVER['PHP_AUTH_USER']}' /></form>";
+require_once "h.php";
+$passed = [];
+if (!empty($_POST["izbriši"]))
+	$db->exec("delete from stvari where lastnik = '{$_SERVER["PHP_AUTH_USER"]}' and id = '{$_POST["id"]}'");
+if (!empty($_POST["dodaj"]) && !empty($_SERVER["PHP_AUTH_USER"]))
+	$db->exec("insert into stvari (lastnik) values ('{$_SERVER["PHP_AUTH_USER"]}')");
+foreach ($_POST as $k => $v)
+	if (is_numeric($k)) {
+		foreach ($_POST as $k2 => $v2) {
+			$sp = strpos($k2, $k);
+			if ($sp) {
+				$passed[] = substr($k2, 0, $sp);
+			}
+		}
+		$par = [];
+		foreach ($passed as $p) {
+			if (!str_contains(strtolower($p), "id"))
+				$par[] = "'" . SQLite3::escapeString($p) . "' = '" . SQLite3::escapeString($_POST[$p . $k]) . "'";
+		}
+		$s = "update stvari set " . implode(", ", $par) . " where lastnik='{$_SERVER["PHP_AUTH_USER"]}' and id={$k}";
+		$db->exec($s);
+	}
+if (!empty($_REQUEST["q"]))
+	$ret = $ro->query("select * from stvari where " . $_REQUEST["q"]);
+else
+	$ret = $ro->query("select * from stvari");
+$i = 0;
+foreach ($ret as $row) {
+	if ($i == 0)
+		foreach ($row as $k => $v)
+			if ($k != "id" && !is_numeric($k))
+				echo "<th>$k</th>";
+	echo "<form method=post><tr>";
+	foreach ($row as $k => $v) {
+		if ($k == "id" || is_numeric($k))
+			continue;
+		echo "<td id=$k$i>";
+		$ok = false;
+		foreach (["input", "name"] as $w)
+			if (!str_contains(strtolower($v), $w))
+				$ok = true;
+		if ($k == "slika" && !empty($v))
+			echo "<img src=$v></img>";
+		if ($k == "lastnik" && $v == $_SERVER['PHP_AUTH_USER']) {
+			echo "<input type=submit value=shrani name={$row["id"]} />";
+			echo "<input type=hidden name=id value={$row["id"]} />";
+			echo "<input type=submit value=izbriši name=izbriši /></td>";
+		}
+		$last = true;
+		if ($row["lastnik"] == $_SERVER['PHP_AUTH_USER'] && $k != "lastnik") {
+			echo "<input name=$k{$row["id"]} value=" . htmlspecialchars($v) . " />";
+			$last = false;
+		} else
+			if ($last && $k != "slika")
+				echo "$v</td>";
+	}
+	echo "</form></tr>";
+	$i++;
+}
-- 
cgit v1.2.3