science-ation/manage_teams.php

128 lines
4.8 KiB
PHP

<?php
require_once('common.inc.php');
require_once('user.inc.php');
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']){
switch($_GET['action']){
case 'saveNew':
$teamName = mysql_real_escape_string($_POST['teamname']);
$query = 'INSERT INTO so_teams (schools_id, name) VALUES (' . $_SESSION['schoolid'] . ', "' . $teamName . '")';
$success = mysql_query($query);
draw_page();
break;
case 'save':
$success = false;
$teamId = mysql_real_escape_string($_POST['teamId']);
$teamName = mysql_real_escape_string($_POST['teamname']);
// a quick check to make sure the team being updated does indeed belong
// to this school
$query = 'SELECT COUNT(*) AS tally FROM so_teams WHERE schools_id=' . $_SESSION['schoolid'] . ' AND id=' . $teamId;
$testResults = mysql_fetch_array(mysql_query($query));
if($testResults['tally'] == 1){
// ok, the team belongs to the school that this session belongs to. We can
// can go ahead and save the changes.
$query = 'UPDATE so_teams SET name="' . $teamName . '" ';
$query .= 'WHERE schools_id=' . $_SESSION['schoolid'] . ' ';
$query .= 'AND id=' . $teamId;
$success = mysql_query($query);
}
if($success){
happy_(i18n("Team successfully updated"));
echo("<script type=\"text/javascript\">newname = '$teamName';</script>");
}else{
error_(i18n("Unable to update record"));
echo("<script type=\"text/javascript\">newname = null;</script>");
}
break;
case 'delete':
$success = false;
$teamId = mysql_real_escape_string($_POST['teamId']);
$teamName = mysql_real_escape_string($_POST['teamname']);
// a quick check to make sure the team being updated does indeed belong
// to this school
$query = 'SELECT COUNT(*) AS tally FROM so_teams WHERE schools_id=' . $_SESSION['schoolid'] . ' AND id=' . $teamId;
$testResults = mysql_fetch_array(mysql_query($query));
if($testResults['tally'] == 1){
// ok, the team belongs to the school that this session belongs to. We can
// can go ahead and save the changes.
$query = 'DELETE FROM so_teams ';
$query .= 'WHERE schools_id=' . $_SESSION['schoolid'] . ' ';
$query .= 'AND id=' . $teamId;
if(mysql_query($query)){
$success = true;
}
}
if($success){
happy_(i18n("Team successfully deleted"));
echo("<script type=\"text/javascript\">deleteId = '$teamId';</script>");
}else{
error_(i18n("Unable to delete record"));
echo("<script type=\"text/javascript\">deleteId = null;</script>");
}
break;
default:
draw_page();
}
}else{
echo "this should be redirecting to shcoolaccess.php";
}
function draw_page(){
$title = i18n("Manage Teams");
send_header($title, array("School Access" => "schoolaccess.php"));
?>
<script type="text/javascript">
$(document).ready(function() {
$('#teamaccordion').accordion();
$('#teamaccordion').css('visibility', 'visible');
});
function delete_team(teamId){
var data = $("#editTeam_" + teamId).serializeArray();
$("#debug").load("manage_teams.php?action=delete", data, function(){
$('#teamHeader_' + teamId).remove();
$('#team_' + teamId).remove();
});
}
function saveData(teamId){
var data = $("#editTeam_" + teamId).serializeArray();
$("#debug").load("manage_teams.php?action=save&", data, function(){
if(newname != undefined){
newname = '<span class="ui-icon ui-icon-triangle-1-e"></span><a href="#" tabindex="-1">' + newname + '</a>';
$('#teamHeader_' + teamId).html(newname);
}
});
}
</script>
<?php
echo '<div id="teamaccordion" style="width:40em; visibility:hidden;">';
$teamList = mysql_query("SELECT * FROM so_teams WHERE schools_id = " . $_SESSION['schoolid']);
while($team = mysql_fetch_array($teamList)){
echo '<h3 id="teamHeader_' . $team['id'] . '"><a href="#">' . $team['name'] . "</a></h3>\n";
echo '<div id="team_' . $team['id'] . '">' . "\n";
echo '<form id="editTeam_' . $team['id'] . '" onsubmit="return false;">';
echo i18n('name') . ': <input type="text" name="teamname" value="' . $team['name'] . '"></input>';
echo '<div style="height:1em;"></div>';
echo "<button onclick=\"saveData('" . $team['id'] . "');\">" . i18n('Save') . '</button>';
echo "<button onclick=\"delete_team('" . $team['id'] . "');\">" . i18n('Delete') . '</button>';
echo "<input type=\"hidden\" name=\"teamId\" value=\"" . $team['id'] . "\"></input>";
echo '</form>';
echo "</div>";
}
echo '<h3><a href="#">' . i18n("New Team") . '</a></h3>';
echo '<div id="newTeam">';
echo '<form method="POST" action="manage_teams.php?action=saveNew">';
echo '<label>' . i18n('Name') . '</label><input type="text" style="width:100%" name="teamname"></input>' . "\n";
echo '<div style="height:1em;"></div>';
echo '<input type="submit" value="' . i18n("Save") . '"></input>';
echo '</form>';
echo "</div>\n";
echo '</div>';
send_footer();
}
?>