-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathviewBands.php
158 lines (137 loc) · 5.62 KB
/
viewBands.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
<?php
/*
This file is part of Church Rota.
Copyright (C) 2011 David Bunce
Church Rota is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Church Rota is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Church Rota. If not, see <http://www.gnu.org/licenses/>.
*/
// Include files, including the database connection
include('includes/dbConfig.php');
include('includes/functions.php');
// Start the session. This checks whether someone is logged in and if not redirects them
session_start();
if (isset($_SESSION['is_logged_in']) || $_SESSION['db_is_logged_in'] == true) {
// Just continue the code
} else {
header('Location: login.php');
exit;
}
if (!isAdmin()) {
header('Location: error.php?no=100&page='.basename($_SERVER['SCRIPT_FILENAME']));
exit;
}
// Handle details from the header
$bandMembersID = $_GET['bandMembersID'];
$bandid = $_GET['bandid'];
$formAction = $_GET['formAction'];
$action = $_GET['action'];
// Method to remove someone from the band
if($bandMembersID != "") {
removeBandMembers($bandMembersID);
} else if ($bandid != "") {
removeBand($bandid);
}
// If the form has been sent, we need to handle the data.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if($formAction == "newBand") {
$bandName = $_POST['bandname'];
$sql = ("INSERT INTO cr_bands (bandLeader) VALUES ('$bandName')");
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
} else {
$editbandID = $_GET['band'];
$editskillID = $_POST['name'];
$sql = ("INSERT INTO cr_bandMembers (bandID, skillID) VALUES ('$editbandID', '$editskillID')");
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
}
// After we have inserted the data, we want to head back to the main page
header('Location: viewBands.php');
exit;
}
include('includes/header.php');
if ($action == "newBand") {
?>
<div class="elementBackground">
<h2><a name="addBand">Add a new band:</a></h2>
<form id="addBand" method="post" action="viewBands.php?formAction=newBand">
<fieldset>
<label for="bandname">Band name:</label>
<input id="bandname" type="text" name="bandname" placeholder="Enter band name:" />
<input type="submit" value="Add band" />
</fieldset>
</form>
</div>
<div id="right">
<div class="item"><a href="viewBands.php">View all bands</a></div>
</div>
<?php } else {
$sql = "SELECT * FROM cr_bands ORDER BY bandLeader";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$bandid = $row['bandID'];
?>
<div class="elementBackground">
<h2><a name="section<?php echo $row['bandID']; ?>"><?php echo $row['bandLeader']; ?></a> <?php if(isAdmin()) { echo "
<a href='editBand.php?id=" . $bandid ."'><img src='graphics/tool.png' /></a>
<a href='viewBands.php?skillremove=true&bandid=" . $bandid . "'><img src='graphics/close.png' /></a>"; } ?></h2>
<?php
$bandID = $row['bandID'];
// Selects band members from database and concatanates a username onto them.
$sqlbandMembers = "SELECT * FROM cr_bandMembers WHERE bandID = $bandID";
$resultbandMembers = mysql_query($sqlbandMembers) or die(mysql_error());
echo "<p>";
while($bandMember = mysql_fetch_array($resultbandMembers, MYSQL_ASSOC)) {
if($bandMember['bandID'] == $bandID) {
$sqlskills = "SELECT *,
(SELECT CONCAT(`firstname`, ' ', `lastname`) FROM cr_users WHERE `cr_users`.id = `cr_skills`.`userID`) AS `name`
FROM cr_skills WHERE skillID = '$bandMember[skillID]' ORDER BY name";
$resultskills = mysql_query($sqlskills) or die(mysql_error());
while($rowskills = mysql_fetch_array($resultskills, MYSQL_ASSOC)) {
$bandMembersID = $bandMember['bandMembersID'];
$sqlusers = "";
echo "<strong>" . $rowskills['name'] . "</strong> ";
echo "<em> " . $rowskills['skill'] . "</em>" . " <a href='viewBands.php?skillremove=true&bandMembersID=" . $bandMembersID ."'><img src='graphics/close.png' /></a><br />";
}
}
}
echo "</p>";
$sqladdMembers = "SELECT *,
(SELECT CONCAT(`firstname`, ' ', `lastname`) FROM cr_users WHERE `cr_users`.id = `cr_skills`.`userID` ORDER BY `cr_users`.firstname) AS `name`
FROM cr_skills WHERE groupID = 2 ORDER BY name";
$resultaddMembers = mysql_query($sqladdMembers) or die(mysql_error());
?>
<form id="addMember<?php echo $row['bandID']; ?>" action="viewBands.php?formAction=newMember&band=<?php echo $row['bandID']; ?>" method="post">
<fieldset>
<label for="name">Add members:</label>
<select name="name" id="name">
<?php while($addMember = mysql_fetch_array($resultaddMembers, MYSQL_ASSOC)) {
echo "<option value='" . $addMember['skillID'] . "'>";
echo $addMember['name'] . " - " . $addMember['skill'];
echo "</option>";
} ?>
</select>
<input type="submit" value="Add member" />
</fieldset>
</form>
</div>
<div id="right">
<div class="item"><a href="editBand.php">Add a new band</a></div>
</div>
<?php
}
}
?>
<?php include('includes/footer.php'); ?>