From 03f6ff869411acdcfd2ddbbb83028cd6255e3aef Mon Sep 17 00:00:00 2001
From: Matteo Gheza <matteo.gheza07@gmail.com>
Date: Thu, 24 Jun 2021 00:26:19 +0200
Subject: [PATCH] Better JSless mode

---
 server/list.php                        | 25 ++++++++++++++++++-
 server/log.php                         |  1 +
 server/services.php                    |  1 +
 server/templates/JSless/base.html      |  4 +++
 server/templates/JSless/edit_user.html | 34 +++++++++-----------------
 server/templates/JSless/list.html      | 33 +++++++++++++++++++++----
 server/trainings.php                   |  1 +
 server/translations/en/base.php        |  3 ++-
 server/translations/it/base.php        |  3 ++-
 9 files changed, 74 insertions(+), 31 deletions(-)

diff --git a/server/list.php b/server/list.php
index a5ac1f4..5f11001 100644
--- a/server/list.php
+++ b/server/list.php
@@ -1,10 +1,33 @@
 <?php
 require_once 'ui.php';
-$_SESSION["token_list"] = bin2hex(random_bytes(64));
 if($JSless){
+    $user->online_time_update();
+    if(isset($_POST["action"]) && isset($_POST["user_id"]) && isset($_POST["token_list"]) && $_POST["token_list"] == $_SESSION["token_list"]){
+        if(!$user->hasRole(Role::FULL_VIEWER) && $_POST["user_id"] !== $user->auth->getUserId()){
+            http_response_code(401);
+            t("You are not authorized to perform this action.");
+            exit();
+        }
+        if($_POST["action"] == "activate"){
+            $db->update(
+                DB_PREFIX."_profiles",
+                ["available" => 1, "availability_last_change" => "manual"],
+                ["id" => $_POST["user_id"]]
+            );
+            $user->log("Status changed to 'available'", $_POST["user_id"], $user->auth->getUserId());
+        } else if($_POST["action"] == "deactivate"){
+            $db->update(
+                DB_PREFIX."_profiles",
+                ["available" => 0, "availability_last_change" => "manual"],
+                ["id" => $_POST["user_id"]]
+            );
+            $user->log("Status changed to 'not available'", $_POST["user_id"], $user->auth->getUserId());
+        }
+    }
     $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` ORDER BY available DESC, chief DESC, services ASC, availability_minutes ASC, name ASC");
 } else {
     $query_results = null;
 }
+$_SESSION["token_list"] = bin2hex(random_bytes(64));
 loadtemplate('list.html', ['title' => t("Availability List", false), 'token_list' => $_SESSION['token_list'], 'query_results' => $query_results]);
 bdump($_SESSION);
diff --git a/server/log.php b/server/log.php
index 9bde2c6..883e823 100644
--- a/server/log.php
+++ b/server/log.php
@@ -1,6 +1,7 @@
 <?php
 require_once 'ui.php';
 if($JSless){
+    $user->online_time_update();
     $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_log` ORDER BY `timestamp` DESC");
 } else {
     $query_results = null;
diff --git a/server/services.php b/server/services.php
index 49adf41..99ad2b6 100644
--- a/server/services.php
+++ b/server/services.php
@@ -1,6 +1,7 @@
 <?php
 require_once 'ui.php';
 if($JSless){
+    $user->online_time_update();
     $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_services` ORDER BY date DESC, beginning DESC");
 } else {
     $query_results = null;
diff --git a/server/templates/JSless/base.html b/server/templates/JSless/base.html
index cde0eef..315c1cb 100644
--- a/server/templates/JSless/base.html
+++ b/server/templates/JSless/base.html
@@ -38,6 +38,10 @@
 }
 .topnav .icon {
   display: none;
+}
+table, th, tr {
+  border: 1px solid black;
+  border-collapse: collapse;
 }
   </style>
   <div class="topnav" id="topNavBar">
diff --git a/server/templates/JSless/edit_user.html b/server/templates/JSless/edit_user.html
index 995be01..a45492a 100644
--- a/server/templates/JSless/edit_user.html
+++ b/server/templates/JSless/edit_user.html
@@ -4,60 +4,53 @@
 {% endblock %}
 
 {% block content %}
-TODO
   {% if modalità == "edit" or modalità == "add" %}
   <form method="post">
     <div class="container">
       <div class="form-group">
         <label for="mail">{{ 'E-mail'|t }}</label>
-        <input id="mail" class="form-control" type="text" name="mail" placeholder="{{ 'user@provider-email-domain.com'|t }}" required>
+        <input id="mail" type="text" name="mail" placeholder="{{ 'user@provider-email-domain.com'|t }}" required>
       </div>
       <div class="form-group">
         <label for="name">{{ 'Name'|t }}</label>
-        <input id="name" class="form-control" type="text" name="name" placeholder="{{ 'Name Surname'|t }}" required>
+        <input id="name" type="text" name="name" placeholder="{{ 'Name Surname'|t }}" required>
       </div>
       <div class="form-group">
         <label for="username">{{ 'Username'|t }}</label>
-        <input id="username" class="form-control" type="text" name="username" placeholder="{{ 'name.surname'|t }}" required>
+        <input id="username" type="text" name="username" placeholder="{{ 'name.surname'|t }}" required>
       </div>
       <div class="form-group">
         <label>{{ 'Password'|t }}</label>
-        <input id="password" class="form-control" type="text" name="password" required>
+        <input id="password" type="text" name="password" required>
       </div>
       <div class="form-group">
         <label for="phone_number">{{ 'Phone number'|t }}</label>
-        <input id="phone_number" class="form-control" type="tel" name="phone_number" required>
+        <input id="phone_number" type="tel" name="phone_number" required>
       </div>
       <div class="form-group">
         <label for="date-picker">{{ 'Birthday'|t }}</label>
-        <input id="date-picker" placeholder="DD/MM/YYY" autocomplete="off" name="birthday" data-provide="datepicker"
-          value="{{ values.date }}" type="text" class="form-control">
+        <input id="date-picker" placeholder="DD/MM/YYY" autocomplete="off" name="birthday" value="{{ values.date }}" type="text">
       </div>
-      <style>
-        .toggle.workaround {
-          border: 1px solid black;
-        }
-      </style>
       <div class="form-group">
         <label for="chief">{{ 'Chief'|t }}</label><br>
-        <input id="chief" class="form-control" type="checkbox" name="chief" data-toggle="toggle" data-style="workaround">
+        <input id="chief" type="checkbox" name="chief">
       </div>
       <div class="form-group">
       <label for="driver">{{ 'Driver'|t }}</label><br>
-      <input id="driver" class="form-control" type="checkbox" name="driver" data-toggle="toggle" data-style="workaround">
+      <input id="driver" type="checkbox" name="driver">
       </div>
       <div class="form-group">
         <label for="visible">{{ 'Visible'|t }}</label><br>
-        <input id="visible" class="form-control" type="checkbox" name="visible" checked data-toggle="toggle" data-style="workaround">
+        <input id="visible" type="checkbox" name="visible" checked>
       </div>
       <div class="form-group">
         <label for="enabled">{{ 'Enabled'|t }}</label><br>
-        <input id="enabled" class="form-control" type="checkbox" name="enabled" checked data-toggle="toggle" data-style="workaround">
+        <input id="enabled" type="checkbox" name="enabled" checked>
       </div>
       <br>
       <input id="modalità" type="hidden" value="{{ modalità }}" name="mod"></input>
       <input id="token" type="hidden" value="{{ token }}" name="token"></input>
-      <button type="submit" class="btn btn-primary">{{ 'Submit'|t }}</button>
+      <button type="submit">{{ 'Submit'|t }}</button>
     </div>
   </form>
   {% endif %}
@@ -70,11 +63,6 @@ TODO
       <input id="id" type="hidden" value="{{ id }}" name="id"></input>
       <button id="remove" type="submit">{{ 'Submit'|t }}</button>
     </form>
-    <script nonce="{{ nonce }}">
-      $('form').submit(function () {
-        return confirm("{{ 'The action cannot be canceled. Are you sure you want to continue?'|t }}");
-      });
-    </script>
   </div>
   {% endif %}
 
diff --git a/server/templates/JSless/list.html b/server/templates/JSless/list.html
index 27f884b..b3b57b8 100644
--- a/server/templates/JSless/list.html
+++ b/server/templates/JSless/list.html
@@ -4,8 +4,18 @@
 <br>
 <div class="text-center">
   <p>{{ 'Are you available in case of alert?'|t }}</p>
-  <button class="btn btn-success">{{ 'Activate'|t }}</button>
-  <button class="btn btn-danger">{{ 'Deactivate'|t }}</button>
+  <form method="post">
+    <input type="hidden" name="token_list" value="{{ token_list }}"/>
+    <input type="hidden" name="action" value="activate"/>
+    <input type="hidden" name="user_id" value="{{ user.id }}"/>
+    <button type="submit" class="btn btn-success">{{ 'Activate'|t }}</button>
+  </form>
+  <form method="post">
+    <input type="hidden" name="token_list" value="{{ token_list }}"/>
+    <input type="hidden" name="action" value="deactivate"/>
+    <input type="hidden" name="user_id" value="{{ user.id }}"/>
+    <button type="submit" class="btn btn-danger">{{ 'Deactivate'|t }}</button>
+  </form>
 </div>
 <br>
 <br>
@@ -28,8 +38,21 @@
   </tr>
 {% for row in query_results %}
   <tr class="tBody">
-    <th>{{ username(row.id) }}</th>
-    <th>{{ yesOrNo(row.available) }}</th>
+    {% if (date().timestamp-row.online_time) <= 30 %}
+      <th><u>{{ username(row.id) }}</u></th>
+    {% else %}
+      <th>{{ username(row.id) }}</th>
+    {% endif %}
+    <th>
+      {{ yesOrNo(row.available) }}
+      {% set function = row.available ? "deactivate" : "activate" %}
+      <form method="post">
+        <input type="hidden" name="token_list" value="{{ token_list }}"/>
+        <input type="hidden" name="action" value="{{ function }}"/>
+        <input type="hidden" name="user_id" value="{{ row.id }}"/>
+        <button type="submit">{{ 'Change'|t }}</button>
+      </form>
+    </th>
     {% if user.full_viewer %}
     <th>{{ yesOrNo(row.driver) }}</th>
     {% if row.phone_number %}
@@ -52,7 +75,7 @@
 
 <br><br>
 <p style="text-align: center;">
-  <button class="btn btn-success btn-small">{{ 'Add user'|t }}</button>
+  <a href="edit_user.php?add" class="btn btn-success btn-small">{{ 'Add user'|t }}</a>
 </p>
 <br>
 <br>
diff --git a/server/trainings.php b/server/trainings.php
index 1d2d588..1b94073 100644
--- a/server/trainings.php
+++ b/server/trainings.php
@@ -1,6 +1,7 @@
 <?php
 require_once 'ui.php';
 if($JSless){
+    $user->online_time_update();
     $query_results = $db->select("SELECT * FROM `".DB_PREFIX."_trainings` ORDER BY date DESC, beginning desc");
 } else {
     $query_results = null;
diff --git a/server/translations/en/base.php b/server/translations/en/base.php
index aa3e935..af2431c 100644
--- a/server/translations/en/base.php
+++ b/server/translations/en/base.php
@@ -129,5 +129,6 @@ return [
     "no" => "no",
     "You are not authorized to perform this action." => "You are not authorized to perform this action.",
     "Bad request." => "Bad request.",
-    "User not exists." => "User not exists."
+    "User not exists." => "User not exists.",
+    "Change" => "Change"
 ];
diff --git a/server/translations/it/base.php b/server/translations/it/base.php
index ce1ebda..78240af 100644
--- a/server/translations/it/base.php
+++ b/server/translations/it/base.php
@@ -129,5 +129,6 @@ return [
     "no" => "no",
     "You are not authorized to perform this action." => "Non sei autorizzato ad eseguire questa azione.",
     "Bad request." => "Errore nella richiesta.",
-    "User not exists." => "L'utente non esiste."
+    "User not exists." => "L'utente non esiste.",
+    "Change" => "Cambia"
 ];