<?php
$LINK = mysqli_connect('127.0.0.1','pisjo950','vjPRjFTxDVIoG7)t','pisjo950');
//Error display
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
session_name("cms");
session_start();
//session_destroy();
//logout button
if(isset($_POST['logout']))
{
unset($_SESSION['password']);
unset($_SESSION['username']);
// session_destroy();
//not necessary to destroy all the items in my session
}
if(isset($_POST['login']))
{
$username=$_POST['email'];
$password=$_POST['password'];
//$hashPassword=md5($password);
//use prepared statements -> no SQL injection possible
$statement = $LINK->prepare("SELECT email, password, isAdmin, pk_person
FROM CinePerson
WHERE email= ?");
//s-->string, string,int,string --> sis
//i--integer
$statement->bind_param('s', $username);
$statement->execute();
//removed mysqli_query($LINK, $query), not user friendly
$result =$statement->get_result();
//check if the entered user was found, and the statement was successful
if($result->num_rows>0)
{
//echo "Query has succeeded";
//in row we save the result from our DB
$row=mysqli_fetch_array($result);
if($row)
{
// echo "We hare here 1";
if($row['email']==$username && $row['password']==md5($password))
{
//echo "We hare here 2";
//echo "You are logged in";
$_SESSION['username'] = $_POST['email'];//when all was correct put it into session
$_SESSION['password'] = $_POST['password'];
$_SESSION['isAdmin'] = $row['isAdmin'];
$_SESSION['id'] = $row['pk_person'];
//var_dump($_SESSION);
}
}
else
{
echo "wrong username or password";
}
}
else
{
echo "Query has failed";
}
}
if(!isset($_SESSION['username']))
{
?>
<form id="form" method="POST">
<p>Login:</p>
<input type="text" name="email"></input>
<p>Password:</p>
<input type="password" name="password"></input><br><br>
<button type="submit" name="login">Login</button>
</form>
<?php
}
//show logout button when no session username
if(isset($_SESSION['username']))
{
?>
<!-- Logout Button -->
<form method="POST">
<button type="submit" name="logout">Logout</button>
</form>
<?php
}
$events=[];
//$query="SELECT startDate, endDate, notes,fk_film_contains FROM CineEntry";
$query3="SELECT date, fromTime, toTime, extraTime, fk_film, fk_respo FROM CinePlages";
$result=mysqli_query($LINK,$query3);
while($row=mysqli_fetch_assoc($result)){
$events[]=$row;
}
//format our events so that we can show them properly
$eventsFormated=[];
foreach($events as $event){
//get the right title
//$query2="SELECT title FROM CineFilm WHERE pk_film =$event[fk_film_contains]";
$query4="SELECT title FROM CineFilms WHERE pk_film=$event[fk_film]";
$result2=mysqli_query($LINK,$query4);
$row2=mysqli_fetch_assoc($result2);
// Determine if activated
$activated = !is_null($event['fk_respo']) && $event['fk_respo'] !== '';
$className=$activated ? 'activated-event' : 'inactive-event';
$hidden=strtotime($event['date'])<strtotime(date('Y-m-d'));
if($hidden)
{
$className .= ' hidden-event';
}
$eventsFormated[]=[
'title'=>$row2['title'], //insert the correct film from the DB into the Calendar
'start'=>$event['date'] . 'T' . $event['fromTime'],
'end'=>$event['date'] . 'T' . $event['toTime'],
'className' => $className
];
}
//var_dump($events[0]['startDate']);
//transform into json format
$eventsJson=json_encode($eventsFormated);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fullcalendar@5.11.3/main.min.css" />
<link rel="stylesheet" href="Styles/styles.css">
<link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap" rel="stylesheet">
<script src="https://cdn.jsdelivr.net/npm/fullcalendar@5.11.3/main.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/fullcalendar@5.11.3/locales-all.min.js"></script>
<title>CINE</title>
</head>
<body>
<?php
if(isset($_SESSION['username']))
{
?>
<nav>
<form method="POST">
<a href="index.php?addRespo">Add Responsable</a>
<a href="index.php?calendar">Show Calendar</a>
<!-- admin only -->
<?php if($_SESSION['isAdmin']==1): ?>
<a href="index.php?extra">Extra</a>
<a href="index.php?edit" >Edit Plans</a>
<a href="index.php?Film" >Film Section</a>
<a href="index.php?Users" >Users</a>
<?php endif;?>
</form>
</nav>
<!-- small navbar to navigate to wanted area -->
<?php
if(isset($_GET['calendar']))
{
//check for isAdmin
// Here we show some elemnts in the calendar
echo "We in calendar";
$title = "Calendar";
$descr="Click on a date to reserve new plage for your employees!";
echo "<h1>$title</h1>";
echo "<br>";
echo "<p>$descr</p>";
?>
<!-- He we will display our calnedar -->
<div id="calendar"></div>
<form action="calendar.ics.php" method="GET">
<button type="submit">Download ICS Calendar</button>
</form>
<?php
if(isset($_GET['date']))
{
echo "We in date";
}
}else if(isset($_GET['addRespo']))
{
echo "We in Respo";
$statement = $LINK->prepare("SELECT *, CineFilms.title,CinePerson.name AS respo_name FROM CinePlages LEFT JOIN CineFilms ON CinePlages.fk_film=CineFilms.pk_film LEFT JOIN CinePerson ON CinePlages.fk_respo=CinePerson.pk_person");//SELECT * FROM CineEntry
$statement->execute();
$result = $statement->get_result();
?>
<table>
<th>
<label for="startDate">Id </label>
</th>
<th>
<label for="startDate">Title </label>
</th>
<th>
<label for="endDate">Date </label>
</th>
<th>
<label for="endDate">From </label>
</th>
<th>
<label for="endDate">To </label>
</th>
<th>
<label for="endDate">Extra time </label>
</th>
<th>
<label for="resposable">Responsable</label>
</th>
<th>
<label for="checked?">Accepted? </label>
</th>
<?php
while($row=mysqli_fetch_assoc($result)){
$isChecked = $row['fk_respo'] !== null;
$plageId = $row['pk_plage'];
?>
<tr>
<form method="POST">
<td><?=htmlspecialchars($plageId)?></td>
<td><label name="title"><?=$row['title']?></lable></td>
<td><?=$row['date']?></td>
<td><?=$row['fromTime']?></td>
<td><?=$row['toTime']?></td>
<td><?=$row['extraTime']?></td>
<td><?= htmlspecialchars($row['respo_name'] ?? '') ?></td>
<td>
<input type="hidden" name="plage" value="<?= $plageId ?>">
<label class="switch">
<input type="checkbox" name="respo" value="1"<?= $isChecked ? 'checked' : '' ?> >
<span class="slider"></span>
</label>
<input type="submit" name="save" class="addRespoBtn" value="Register/Unregister">
</td>
<td>
</td>
</form>
</tr>
<?php
}
?>
</table>
<?php
if($_POST)
{
$isCheckedNow=isset($_POST['respo']);
$plageId=$_POST['plage'];
if($isCheckedNow)
{
// Checkbox is checked: update fk_respo to current user ID
$update = $LINK->prepare("UPDATE CinePlages SET fk_respo = ? WHERE pk_plage = ?");
$update->bind_param("ii", $_SESSION['id'], $plageId);
}else
{
// Checkbox is not checked: update fk_respo to NULL
$update = $LINK->prepare("UPDATE CinePlages SET fk_respo = NULL WHERE pk_plage = ?");
$update->bind_param("i", $plageId);
}
$update->execute();
$update->close();
echo "<script>window.location.href = 'index.php?addRespo';</script>";
// var_dump($isCheckedNow);
// var_dump($plageId);
// var_dump($_SESSION);
}
}
else if(isset($_GET['register']))
{
echo "Click on a date to register";
?>
<div id="calendar"></div>
<?php
}
else if(isset($_GET['edit']))
{
echo "We in edit";
$statement = $LINK->prepare("SELECT *, CineFilms.title FROM CinePlages LEFT JOIN CineFilms ON CinePlages.fk_film=CineFilms.pk_film");//SELECT * FROM CineEntry
$statement->execute();
$result = $statement->get_result();
?>
<!-- show old entrys -->
<form method="POST">
<label>
<input type="checkbox" name="showPast" value="1" <?= isset($_SESSION['showPast']) ? 'checked' : '' ?>>
Show past entries
</label>
<button type="submit">Apply</button>
</form>
<table>
<th>
<label for="startDate">Id </label>
</th>
<th>
<label for="startDate">Title </label>
</th>
<th>
<label for="endDate">Date </label>
</th>
<th>
<label for="endDate">From </label>
</th>
<th>
<label for="endDate">To </label>
</th>
<th>
<label for="endDate">Extra time </label>
</th>
<?php
if (isset($_POST['showPast'])) {
$_SESSION['showPast'] = true;
} else {
unset($_SESSION['showPast']);
}
//showPast entrys
$showPast = isset($_SESSION['showPast']);
while($row=mysqli_fetch_assoc($result)){
$isPastDate=strtotime($row['date'])<strtotime(date('Y-m-d'));
$eventDate = strtotime($row['date']);
$today = strtotime(date('Y-m-d'));
$sevenDaysLater = strtotime('+7 days');
$isWithinOneWeek = $eventDate >= $today && $eventDate <= $sevenDaysLater;
$accepted=$row['fk_respo']!=NULL;//is accepted
$disabled=$accepted&&$isWithinOneWeek;
//var_dump($isWithinOneWeek);
if(!$showPast && $eventDate<$today)
{
//empty
}else
{
?>
<tr>
<td><?=$row['pk_plage']?></td>
<td><?=$row['title']?></td>
<td><?=$row['date']?></td>
<td><?=$row['fromTime']?></td>
<td><?=$row['toTime']?></td>
<td><?=$row['extraTime']?></td>
<td><?php if(!$isPastDate && !$disabled):?>
<button onclick="window.location.href='index.php?edits=<?=$row['pk_plage']?>'">Edit</button>
</td>
<td>
<button onclick="if(confirm('Are you sure you want to delete this entry?')) { window.location.href='index.php?remove=<?= $row['pk_plage'] ?>'; }">Remove</button>
<?php endif;?>
</td>
</tr>
<?php
}
}
?>
</table>
<?php
}else if(isset($_GET['edits']))
{
//echo "We here";
$id=$_GET['edits'];
$statement = $LINK->prepare("SELECT *, CineFilms.title FROM CinePlages LEFT JOIN CineFilms ON CinePlages.fk_film=CineFilms.pk_film WHERE pk_plage=? ");
$statement->bind_param('i', $id);
$statement->execute();
$result = $statement->get_result();
if($result)
{
$editRow=mysqli_fetch_array($result);
?>
<div>
<form method="POST">
<br>
<table>
<th>
<h3><?php echo $editRow['title'] ?></h3>
</th>
<tr>
<td>
<label for="dateTime">Date: </label>
<input type="date" name="dateTime" value="<?= $editRow['date'] ?>">
</td>
</tr>
<tr>
<td>
<label for="fromTime">From:</label>
<input type="time" name="fromTime" value="<?= $editRow['fromTime'] ?>">
</td>
</tr>
<tr>
<td>
<label for="toTime">To:</label>
<input type="time" name="toTime" value="<?= $editRow['toTime'] ?>">
</td>
</tr>
<tr>
<td>
<label for="extraTime">Extra time:</label>
<input type="label" name="extraTime" value="<?= $editRow['extraTime'] ?>">
<input type="hidden" name="pk_plage" value="<?= $editRow['pk_plage'] ?>">
</td>
</tr>
</table>
<button type="submit" name="update">Update</button>
</form>
<?php
if($_POST)
{
echo "We in update";
$date=$_POST['dateTime'];
$from=$_POST['fromTime'];
$to=$_POST['toTime'];
$extra=$_POST['extraTime'];
$pk_plage=$_POST['pk_plage'];
$uploadStatemant=$LINK->prepare("UPDATE CinePlages SET date=?, fromTime=?, toTime=?, extraTime=? WHERE pk_plage=?");
$uploadStatemant->bind_param("ssssi", $date,$from,$to,$extra,$pk_plage);
if($uploadStatemant->execute())
{
// echo "Upload successful";
echo "<script>window.location.href = 'index.php?edit';</script>";
}
}
}
}else if(isset($_GET['remove']))
{
//I need a small popup window for making sure
$idToDelete=$_GET['remove'];
$deleteStatement=$LINK->prepare("DELETE FROM CinePlages WHERE pk_plage=?");
$deleteStatement->bind_param('i',$idToDelete);
if($deleteStatement->execute())
{
echo "Delete with success";
echo "<script>window.location.href = 'index.php?edit';</script>";
}
}else if(isset($_GET['extra']))
{
// echo "We in extra";
include 'formExtra.php';
}
else if(isset($_GET['editExtra']))
{
// echo "editExtra?";
include 'formExtraUpdate.php';
}else if(isset($_GET['deleteExtra']))
{
//echo "delet Extra";
include 'formExtraDelete.php';
}else if(isset($_GET['Film']))
{
//echo "Film yo";
include 'formFilm.php';
}else if(isset($_GET['editFilm']))
{
//echo "Film edit";
include 'formFilmUpdate.php';
}else if(isset($_GET['deleteFilm']))
{
include 'formFilmDelete.php';
}else if(isset($_GET['Users']))
{
include 'formUser.php';
}
else if(isset($_GET['editUser']))
{
include 'formUserUpdate.php';
}else if(isset($_GET['deleteUser']))
{
include 'formUserDelete.php';
}
}
?>
<script>
document.addEventListener('DOMContentLoaded', function() {
var calendarEl = document.getElementById('calendar');
var events = <?php echo $eventsJson; ?>;
// Create the calendar
var calendar = new FullCalendar.Calendar(calendarEl, {
initialView: 'dayGridMonth',
headerToolbar: {
left: 'prev,next today',
center: 'title',
right: 'dayGridMonth,timeGridWeek,timeGridDay'
},
events: events, //in the events is where we put the events
eventClassNames: function(arg) {
// arg.event.extendedProps.className or .classNames can be used
return arg.event.classNames; // FullCalendar reads the 'className' from event data and applies it
},
selectable: true,
selectMirror: true,
// Add these new options:
height: 'auto',
contentHeight: 'auto',
// when user clicks on a date
select: function(info) {
<?php
if(isset($_SESSION['isAdmin']) && $_SESSION['isAdmin']==1)
{
?>
var start= info.start
var startDateTime = info.startStr;
var endDateTime = info.endStr;
var startTime= start.getHours().toString();
console.log(startTime);
// Separate date from time
var startDate = startDateTime.split('T')[0]; // get date for sql format
console.log(events);
var startTime = startDateTime.split('T')[1]; // get time for sql format
if (startTime) {
startTime = startTime.substring(0, 5); // // hours and minutes
}
window.location.href = "add.php?date="+startDateTime;
var endTime = endDateTime.split('T')[1]; // hour minutes seconds
//console.log(endTime);
if (endTime) {
endTime = endTime.substring(0, 5);
}
calendar.unselect();
<?php
}
?>
}
});
calendar.render();
calendar.on('dateClick', function(info) {
})
function addEvent(event){
calendar.addEvent(event);
}
});
</script>
</body>
</html>