<?php
session_name('NIMAX');
session_start();
if (!isset($_SESSION["user_id"])) {
echo '<!DOCTYPE html>
<html>
<head>
<title>Redirecting...</title>
<meta http-equiv="refresh" content="1; url=login.php">
<link rel="stylesheet" href="../styles/entries.css">
</head>
<body>
<p>You are not logged in. Redirecting to the login page...</p>
</body>
</html>';
exit;
}
require_once "db_credentials.php";
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PW, DB_NAME);
if (!$dbc) {
die("Connection failed: " . mysqli_connect_error());
}
$message = "";
$editMode = false;
$addMode = false;
$entryToEdit = null;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['action'])) {
$userId = $_SESSION["user_id"];
//cancel edit or add
if ($_POST['action'] == 'cancel_edit' || $_POST['action'] == 'cancel_add') {
$editMode = false;
$addMode = false;
}
// if add button is clicked, show the add menu
elseif ($_POST['action'] == 'show_add') {
$addMode = true;
}
// if add button in menu is clicked insert into db
elseif ($_POST['action'] == 'add') {
$tdDate = mysqli_real_escape_string($dbc, $_POST['tdDate']);
$tdDescription = mysqli_real_escape_string($dbc, $_POST['tdDescription']);
$query = "INSERT INTO NIMAX_entries (tdDate, tdDescription) VALUES ('$tdDate', '$tdDescription')";
if (mysqli_query($dbc, $query)) {
$newEntryId = mysqli_insert_id($dbc);
$message = "Entry added successfully!";
$logQuery = "INSERT INTO NIMAX_log (fiUser, tdAction, fiDate, tdDetails)
VALUES ('$userId', 'add', '$newEntryId', 'Added new entry')";
mysqli_query($dbc, $logQuery);
}
//incase of error
else {
$message = "Error adding entry: " . mysqli_error($dbc);
}
//set addMode to false to go back to default screen
$addMode = false;
}
// prepare the edit screen (fill the inputs with the data)
elseif ($_POST['action'] == 'edit' && isset($_POST['id'])) {
// get the id
$id = $_POST['id'];
$query = "SELECT * FROM NIMAX_entries WHERE idDate = $id";
$result = mysqli_query($dbc, $query);
//incase id is wrong
if (!$result || mysqli_num_rows($result) == 0) {
$message = "Entry not found.";
}
//after selecting entry go into edit mode
else {
//var used with the selected entry
$entryToEdit = mysqli_fetch_assoc($result);
$editMode = true;
}
}
// actual edit of the entry
elseif ($_POST['action'] == 'update' && isset($_POST['id'])) {
$id = $_POST['id'];
$tdDate = mysqli_real_escape_string($dbc, $_POST['tdDate']);
$tdDescription = mysqli_real_escape_string($dbc, $_POST['tdDescription']);
$query = "UPDATE NIMAX_entries
SET tdDate = '$tdDate', tdDescription = '$tdDescription'
WHERE idDate = $id";
if (mysqli_query($dbc, $query)) {
$message = "Entry updated successfully!";
$logQuery = "INSERT INTO NIMAX_log (fiUser, tdAction, fiDate, tdDetails)
VALUES ('$userId', 'edit', '$id', 'Updated entry with id $id')";
mysqli_query($dbc, $logQuery);
}
else {
$message = "Error updating entry: " . mysqli_error($dbc);
}
}
// delete an entry
elseif ($_POST['action'] == 'delete' && isset($_POST['id'])) {
$id = $_POST['id'];
// log it first, then delete
$logQuery = "INSERT INTO NIMAX_log (fiUser, tdAction, fiDate, tdDetails)
VALUES ('$userId', 'delete', '$id', 'Deleted entry with id $id')";
mysqli_query($dbc, $logQuery);
$deleteQuery = "DELETE FROM NIMAX_entries WHERE idDate = $id";
if (mysqli_query($dbc, $deleteQuery)) {
$message = "Entry deleted successfully!";
}
else {
$message = "Error deleting entry: " . mysqli_error($dbc);
}
}
}
$query = "SELECT * FROM NIMAX_entries ORDER BY tdDate DESC";
$result = mysqli_query($dbc, $query);
if (!$result) {
$message = "Error retrieving entries: " . mysqli_error($dbc);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Nimax Entries</title>
<link rel="stylesheet" href="../styles/entries.css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<a href="logout.php" class="logout-button">Logout</a>
<div class="container">
<h1>Nimax Entries</h1>
<?php if ($message != ""): ?>
<p><?= $message ?></p>
<?php endif; ?>
<?php if ($editMode && $entryToEdit): ?>
<h2>Edit Entry</h2>
<form method="post">
<input type="hidden" name="action" value="update">
<input type="hidden" name="id" value="<?= $entryToEdit['idDate'] ?>">
<label for="tdDate">Date:</label>
<input type="date" name="tdDate" value="<?= htmlspecialchars($entryToEdit['tdDate']) ?>" required>
<label for="tdDescription">Description:</label>
<textarea name="tdDescription" rows="5" cols="40" required><?= htmlspecialchars($entryToEdit['tdDescription']) ?></textarea>
<input type="submit" value="Update Entry">
</form>
<form method="post" style="margin-top:10px;">
<input type="hidden" name="action" value="cancel_edit">
<button type="submit">Back to entries</button>
</form>
<?php elseif ($addMode): ?>
<h2>Add New Entry</h2>
<form method="post">
<input type="hidden" name="action" value="add">
<label for="tdDate">Date:</label>
<input type="date" name="tdDate" required>
<label for="tdDescription">Description:</label>
<textarea name="tdDescription" rows="5" cols="40" required></textarea>
<input type="submit" value="Add Entry">
</form>
<form method="post" style="margin-top:10px;">
<input type="hidden" name="action" value="cancel_add">
<button type="submit">Back to entries</button>
</form>
<?php else: ?>
<div class="table-top-controls">
<form method="post">
<input type="hidden" name="action" value="show_add">
<button type="submit" class="add-button">Add New Entry</button>
</form>
</div>
<table>
<thead>
<tr class="table-top-row">
<th colspan="3">Current Entries</th>
</tr>
<tr>
<th>Date</th>
<th>Description</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php if ($result && mysqli_num_rows($result) > 0): ?>
<?php while ($entry = mysqli_fetch_assoc($result)): ?>
<tr>
<td><?= htmlspecialchars($entry['tdDate']) ?></td>
<td><?= htmlspecialchars($entry['tdDescription']) ?></td>
<td class="actions">
<form method="post" style="display:inline;">
<input type="hidden" name="action" value="edit">
<input type="hidden" name="id" value="<?= $entry['idDate'] ?>">
<button type="submit" class="edit-link">Edit</button>
</form>
<form method="post" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this entry?');">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="id" value="<?= $entry['idDate'] ?>">
<button type="submit" class="delete-link">Delete</button>
</form>
</td>
</tr>
<?php endwhile; ?>
<?php else: ?>
<tr>
<td colspan="3">No entries found.</td>
</tr>
<?php endif; ?>
</tbody>
</table>
<?php endif; ?>
</div>
</body>
</html>