Better JSless mode

2021-06-24 00:26:19 +02:00 · 2021-06-24 00:26:19 +02:00 · 03f6ff8694
parent c6e6ae59ec
commit 03f6ff8694
9 changed files with 74 additions and 31 deletions
--- a/server/list.php
+++ b/server/list.php
@ -1,10 +1,33 @@
 <?php
 require_once 'ui.php';
-$_SESSION["token_list"] = bin2hex(random_bytes(64));
 if($JSless){
+    $user->online_time_update();
+    if(isset($_POST["action"]) && isset($_POST["user_id"]) && isset($_POST["token_list"]) && $_POST["token_list"] == $_SESSION["token_list"]){
+        if(!$user->hasRole(Role::FULL_VIEWER) && $_POST["user_id"] !== $user->auth->getUserId()){
+            http_response_code(401);
+            t("You are not authorized to perform this action.");
+            exit();
+        }
+        if($_POST["action"] == "activate"){
+            $db->update(
+                DB_PREFIX."_profiles",
+                ["available" => 1, "availability_last_change" => "manual"],
+                ["id" => $_POST["user_id"]]
+            );
+            $user->log("Status changed to 'available'", $_POST["user_id"], $user->auth->getUserId());
+        } else if($_POST["action"] == "deactivate"){
+            $db->update(
+                DB_PREFIX."_profiles",
+                ["available" => 0, "availability_last_change" => "manual"],
+                ["id" => $_POST["user_id"]]
+            );
+            $user->log("Status changed to 'not available'", $_POST["user_id"], $user->auth->getUserId());
+        }
+    }
    $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` ORDER BY available DESC, chief DESC, services ASC, availability_minutes ASC, name ASC");
 } else {
    $query_results = null;
 }
+$_SESSION["token_list"] = bin2hex(random_bytes(64));
 loadtemplate('list.html', ['title' => t("Availability List", false), 'token_list' => $_SESSION['token_list'], 'query_results' => $query_results]);
 bdump($_SESSION);
--- a/server/log.php
+++ b/server/log.php
@ -1,6 +1,7 @@
 <?php
 require_once 'ui.php';
 if($JSless){
+    $user->online_time_update();
    $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_log` ORDER BY `timestamp` DESC");
 } else {
    $query_results = null;
--- a/server/services.php
+++ b/server/services.php
@ -1,6 +1,7 @@
 <?php
 require_once 'ui.php';
 if($JSless){
+    $user->online_time_update();
    $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_services` ORDER BY date DESC, beginning DESC");
 } else {
    $query_results = null;
--- a/server/templates/JSless/base.html
+++ b/server/templates/JSless/base.html
@ -38,6 +38,10 @@
 }
 .topnav .icon {
  display: none;
+}
+table, th, tr {
+  border: 1px solid black;
+  border-collapse: collapse;
 }
  </style>
  <div class="topnav" id="topNavBar">
--- a/server/templates/JSless/edit_user.html
+++ b/server/templates/JSless/edit_user.html
@ -4,60 +4,53 @@
 {% endblock %}

 {% block content %}
-TODO
  {% if modalità == "edit" or modalità == "add" %}
  <form method="post">
    <div class="container">
      <div class="form-group">
        <label for="mail">{{ 'E-mail'|t }}</label>
-        <input id="mail" class="form-control" type="text" name="mail" placeholder="{{ 'user@provider-email-domain.com'|t }}" required>
+        <input id="mail" type="text" name="mail" placeholder="{{ 'user@provider-email-domain.com'|t }}" required>
      </div>
      <div class="form-group">
        <label for="name">{{ 'Name'|t }}</label>
-        <input id="name" class="form-control" type="text" name="name" placeholder="{{ 'Name Surname'|t }}" required>
+        <input id="name" type="text" name="name" placeholder="{{ 'Name Surname'|t }}" required>
      </div>
      <div class="form-group">
        <label for="username">{{ 'Username'|t }}</label>
-        <input id="username" class="form-control" type="text" name="username" placeholder="{{ 'name.surname'|t }}" required>
+        <input id="username" type="text" name="username" placeholder="{{ 'name.surname'|t }}" required>
      </div>
      <div class="form-group">
        <label>{{ 'Password'|t }}</label>
-        <input id="password" class="form-control" type="text" name="password" required>
+        <input id="password" type="text" name="password" required>
      </div>
      <div class="form-group">
        <label for="phone_number">{{ 'Phone number'|t }}</label>
-        <input id="phone_number" class="form-control" type="tel" name="phone_number" required>
+        <input id="phone_number" type="tel" name="phone_number" required>
      </div>
      <div class="form-group">
        <label for="date-picker">{{ 'Birthday'|t }}</label>
-        <input id="date-picker" placeholder="DD/MM/YYY" autocomplete="off" name="birthday" data-provide="datepicker"
-          value="{{ values.date }}" type="text" class="form-control">
+        <input id="date-picker" placeholder="DD/MM/YYY" autocomplete="off" name="birthday" value="{{ values.date }}" type="text">
      </div>
-      <style>
-        .toggle.workaround {
-          border: 1px solid black;
-        }
-      </style>
      <div class="form-group">
        <label for="chief">{{ 'Chief'|t }}</label><br>
-        <input id="chief" class="form-control" type="checkbox" name="chief" data-toggle="toggle" data-style="workaround">
+        <input id="chief" type="checkbox" name="chief">
      </div>
      <div class="form-group">
      <label for="driver">{{ 'Driver'|t }}</label><br>
-      <input id="driver" class="form-control" type="checkbox" name="driver" data-toggle="toggle" data-style="workaround">
+      <input id="driver" type="checkbox" name="driver">
      </div>
      <div class="form-group">
        <label for="visible">{{ 'Visible'|t }}</label><br>
-        <input id="visible" class="form-control" type="checkbox" name="visible" checked data-toggle="toggle" data-style="workaround">
+        <input id="visible" type="checkbox" name="visible" checked>
      </div>
      <div class="form-group">
        <label for="enabled">{{ 'Enabled'|t }}</label><br>
-        <input id="enabled" class="form-control" type="checkbox" name="enabled" checked data-toggle="toggle" data-style="workaround">
+        <input id="enabled" type="checkbox" name="enabled" checked>
      </div>
      <br>
      <input id="modalità" type="hidden" value="{{ modalità }}" name="mod"></input>
      <input id="token" type="hidden" value="{{ token }}" name="token"></input>
-      <button type="submit" class="btn btn-primary">{{ 'Submit'|t }}</button>
+      <button type="submit">{{ 'Submit'|t }}</button>
    </div>
  </form>
  {% endif %}
@ -70,11 +63,6 @@ TODO
      <input id="id" type="hidden" value="{{ id }}" name="id"></input>
      <button id="remove" type="submit">{{ 'Submit'|t }}</button>
    </form>
-    <script nonce="{{ nonce }}">
-      $('form').submit(function () {
-        return confirm("{{ 'The action cannot be canceled. Are you sure you want to continue?'|t }}");
-      });
-    </script>
  </div>
  {% endif %}

--- a/server/templates/JSless/list.html
+++ b/server/templates/JSless/list.html
@ -4,8 +4,18 @@
 <br>
 <div class="text-center">
  <p>{{ 'Are you available in case of alert?'|t }}</p>
-  <button class="btn btn-success">{{ 'Activate'|t }}</button>
-  <button class="btn btn-danger">{{ 'Deactivate'|t }}</button>
+  <form method="post">
+    <input type="hidden" name="token_list" value="{{ token_list }}"/>
+    <input type="hidden" name="action" value="activate"/>
+    <input type="hidden" name="user_id" value="{{ user.id }}"/>
+    <button type="submit" class="btn btn-success">{{ 'Activate'|t }}</button>
+  </form>
+  <form method="post">
+    <input type="hidden" name="token_list" value="{{ token_list }}"/>
+    <input type="hidden" name="action" value="deactivate"/>
+    <input type="hidden" name="user_id" value="{{ user.id }}"/>
+    <button type="submit" class="btn btn-danger">{{ 'Deactivate'|t }}</button>
+  </form>
 </div>
 <br>
 <br>
@ -28,8 +38,21 @@
  </tr>
 {% for row in query_results %}
  <tr class="tBody">
-    <th>{{ username(row.id) }}</th>
-    <th>{{ yesOrNo(row.available) }}</th>
+    {% if (date().timestamp-row.online_time) <= 30 %}
+      <th><u>{{ username(row.id) }}</u></th>
+    {% else %}
+      <th>{{ username(row.id) }}</th>
+    {% endif %}
+    <th>
+      {{ yesOrNo(row.available) }}
+      {% set function = row.available ? "deactivate" : "activate" %}
+      <form method="post">
+        <input type="hidden" name="token_list" value="{{ token_list }}"/>
+        <input type="hidden" name="action" value="{{ function }}"/>
+        <input type="hidden" name="user_id" value="{{ row.id }}"/>
+        <button type="submit">{{ 'Change'|t }}</button>
+      </form>
+    </th>
    {% if user.full_viewer %}
    <th>{{ yesOrNo(row.driver) }}</th>
    {% if row.phone_number %}
@ -52,7 +75,7 @@

 <br><br>
 <p style="text-align: center;">
-  <button class="btn btn-success btn-small">{{ 'Add user'|t }}</button>
+  <a href="edit_user.php?add" class="btn btn-success btn-small">{{ 'Add user'|t }}</a>
 </p>
 <br>
 <br>
--- a/server/trainings.php
+++ b/server/trainings.php
@ -1,6 +1,7 @@
 <?php
 require_once 'ui.php';
 if($JSless){
+    $user->online_time_update();
    $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_trainings` ORDER BY date DESC, beginning desc");
 } else {
    $query_results = null;
--- a/server/translations/en/base.php
+++ b/server/translations/en/base.php
@ -129,5 +129,6 @@ return [
    "no" => "no",
    "You are not authorized to perform this action." => "You are not authorized to perform this action.",
    "Bad request." => "Bad request.",
-    "User not exists." => "User not exists."
+    "User not exists." => "User not exists.",
+    "Change" => "Change"
 ];
--- a/server/translations/it/base.php
+++ b/server/translations/it/base.php
@ -129,5 +129,6 @@ return [
    "no" => "no",
    "You are not authorized to perform this action." => "Non sei autorizzato ad eseguire questa azione.",
    "Bad request." => "Errore nella richiesta.",
-    "User not exists." => "L'utente non esiste."
+    "User not exists." => "L'utente non esiste.",
+    "Change" => "Cambia"
 ];