yannic/librarySoftware
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed formatting

Browse source
This commit is contained in:
Yannic 2025-09-26 21:13:51 +02:00
parent 91bb969d66
commit 6ba55c000b
3 changed files with 448 additions and 431 deletions
Download patch file Download diff file Expand all files Collapse all files

507
index.php
View file

@ -1,260 +1,277 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<?php <?php
include "db/bootstrap.php"; include "db/bootstrap.php";
include "db/functions.php"; include "db/functions.php";
session_start(); session_start();
if(empty($_SESSION['csrf_token'])){ if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32)); $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
} }
$books = getBooks($pdo); $books = getBooks($pdo);
$borrowers = getBorrowers($pdo); $borrowers = getBorrowers($pdo);
$activeLoans = getActiveLoans($pdo); $activeLoans = getActiveLoans($pdo);
$lateLoans = getLateLoans($pdo); $lateLoans = getLateLoans($pdo);
?> ?>
<head>
<meta charset="utf-8"> <head>
<link rel="stylesheet" href="style.css"> <meta charset="utf-8">
<title>Bücherei Verwaltung</title> <link rel="stylesheet" href="style.css">
</head> <title>Bücherei Verwaltung</title>
<body> </head>
<h1>Bücherei Verwaltung</h1>
<br> <body>
<h1>Bücherei Verwaltung</h1>
<br>
<table>
<td>
<h2>Neues Buch hinzufügen</h2>
<form id="bookForm">
<label>Titel
<br>
<input type="text" name="title" required>
</label>
<br>
<br>
<label>Autor
<br>
<input type="text" name="author" required>
</label>
<br>
<br>
<label>Lernfeld
<br>
<input type="text" name="area" required>
</label>
<input type="hidden" name="submissionType" value="book">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Buch hinzufügen</button>
</form>
</td>
<td>
<h2>Neue Exemplare hinzufügen</h2>
<form id="copyForm">
<label>Buch
<br>
<select name="book" required>
<option value="">Wähle ein Buch</option>
<?php foreach ($books as $book): ?>
<option value="<?= htmlspecialchars($book['bookID']) ?>">
<?= htmlspecialchars($book['title'] . " by " . $book['author']) ?>
</option>
<?php endforeach; ?>
</select>
</label>
<br>
<br>
<label>Anzahl
<br>
<input type="number" name="amount" value="1" required>
</label>
<br>
<br>
<label>Zustand
<br>
<input type="text" name="condition" required>
</label>
<input type="hidden" name="submissionType" value="copy">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Exemplare hinzufügen</button>
</form>
</td>
<td>
<h2>Ausleiher hinzufügen</h2>
<form id="borrowerForm">
<label>Vorname
<br>
<input type="name" name="firstname" required>
</label>
<br>
<br>
<label>Nachname
<br>
<input type="name" name="lastname" required>
</label>
<br>
<br>
<label>Klasse/Funktion
<br>
<input type="text" name="role" required>
</label>
<input type="hidden" name="submissionType" value="borrower">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Ausleiher hinzufügen</button>
</form>
</td>
<td>
<h2>Buch verleihen</h2>
<form id="loanForm">
<label>Ausleiher
<br>
<select name="borrowerID" required>
<option value="">Wähle einen Ausleiher</option>
<?php foreach ($borrowers as $borrower): ?>
<option value="<?= htmlspecialchars($borrower['borrowerID']) ?>">
<?= htmlspecialchars($borrower['lastName'] . ", " . $borrower['firstName'] . " (" . $borrower['role'] . ")") ?>
</option>
<?php endforeach; ?>
</select>
</label>
<br>
<br>
<label>Buch
<br>
<select id="bookSelect" name="book" required>
<option value="">Wähle ein Buch</option>
<?php foreach ($books as $book): ?>
<option value="<?= htmlspecialchars($book['bookID']) ?>">
<?= htmlspecialchars($book['title'] . " von " . $book['author']) ?>
</option>
<?php endforeach; ?>
</select>
</label>
<br>
<br>
<label>Exemplar
<br>
<select id="copySelect" name="copyID">
<option value="">Bitte zuerst ein Buch wählen</option>
</select>
</label>
<br>
<br>
<label>Ausleihdatum
<br>
<input type="date" name="borrowedDate" value="<?= date("Y-m-d"); ?>">
</label>
<br>
<br>
<label>Rückgabedatum
<br>
<input type="date" name="dueDate"
value="<?= date_add(date_create(date('Y-m-d')), date_interval_create_from_date_string('14 days'))->format('Y-m-d'); ?>">
</label>
<input type="hidden" name="submissionType" value="loan">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Buch verleihen</button>
</form>
</td>
<td>
<h2>Buch einsammeln</h2>
<form id="checkInForm">
<label>Ausleiher wählen
<br>
<select id="borrowerSelect">
<option value="">Wähle einen Ausleiher</option>
<?php foreach ($borrowers as $borrower): ?>
<option value="<?= htmlspecialchars($borrower['borrowerID']) ?>">
<?= htmlspecialchars($borrower['firstName'] . " " . $borrower['lastName']) ?>
</option>
<?php endforeach; ?>
</select>
</label>
<br>
<br>
<label>Wähle ein Exemplar
<br>
<select id="copyReturnSelect" name="copyID-loanID">
<option>Bitte zuerst einen Ausleiher wählen</option>
</select>
</label>
<br>
<br>
<label>Zurückgegeben am
<br>
<input type="date" name="returnedDate" value=<?= date("Y-m-d") ?>>
</label>
<br>
<br>
<button type="submit">Buch einsammeln</button>
<input type="hidden" name="submissionType" value="return">
<input type="hidden" name="csrf_token" value=<?= $_SESSION['csrf_token'] ?>>
</form>
</td>
<table> <table>
<td> <td>
<h2>Neues Buch hinzufügen</h2> <h2>Verliehene Bücher</h2>
<form id="bookForm"> <table>
<label>Titel <th>Vorname</th>
<br> <th>Nachname</th>
<input type="text" name="title" required> <th>Klasse/Funktion</th>
</label> <th>Buch</th>
<br> <th>Exemplar</th>
<br> <th>Ausleihdatum</th>
<label>Autor <th>Rückgabe fällig</th>
<br> <?php foreach ($activeLoans as $loan): ?>
<input type="text" name="author" required> <tr>
</label> <td><?= htmlspecialchars($loan['firstName']) ?></td>
<br> <td><?= htmlspecialchars($loan['lastName']) ?></td>
<br> <td><?= htmlspecialchars($loan['borrowerRole']) ?></td>
<label>Lernfeld <td><?= htmlspecialchars($loan['bookTitle']) ?></td>
<br> <td>#<?= htmlspecialchars($loan['copyID']) ?></td>
<input type="text" name="area" required> <td><?= date_create($loan['borrowedDate'])->format("d.m.Y") ?></td>
</label> <td><?= date_create($loan['dueDate'])->format("d.m.Y") ?></td>
<input type="hidden" name="submissionType" value="book"> </tr>
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>"> <?php endforeach; ?>
<br> </table>
<br>
<button type="submit">Buch hinzufügen</button>
</form>
</td> </td>
<td> <td>
<h2>Neue Exemplare hinzufügen</h2> <h2>Versäumte Rückgaben</h2>
<form id="copyForm"> <table>
<label>Buch <th>Vorname</th>
<br> <th>Nachname</th>
<select name="book" required> <th>Klasse/Funktion</th>
<option value="">Wähle ein Buch</option> <th>Buch</th>
<?php foreach ($books as $book): ?> <th>Exemplar</th>
<option value="<?= htmlspecialchars($book['bookID'])?>"> <th>Ausleihdatum</th>
<?= htmlspecialchars($book['title'] . " by " . $book['author'])?> <th>Rückgabe fällig</th>
</option> <?php foreach ($lateLoans as $lateLoan): ?>
<?php endforeach; ?> <tr>
</select> <td><?= htmlspecialchars($lateLoan['firstName']) ?></td>
</label> <td><?= htmlspecialchars($lateLoan['lastName']) ?></td>
<br> <td><?= htmlspecialchars($lateLoan['borrowerRole']) ?></td>
<br> <td><?= htmlspecialchars($lateLoan['bookTitle']) ?></td>
<label>Anzahl <td>#<?= htmlspecialchars($lateLoan['copyID']) ?></td>
<br> <td><?= date_create($lateLoan['borrowedDate'])->format("d.m.Y") ?></td>
<input type="number" name="amount" value="1" required> <td><?= date_create($lateLoan['dueDate'])->format("d.m.Y") ?></td>
</label> </tr>
<br> <?php endforeach; ?>
<br> </table>
<label>Zustand
<br>
<input type="text" name="condition" required>
</label>
<input type="hidden" name="submissionType" value="copy">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Exemplare hinzufügen</button>
</form>
</td> </td>
<td>
<h2>Ausleiher hinzufügen</h2>
<form id="borrowerForm">
<label>Vorname
<br>
<input type="name" name="firstname" required>
</label>
<br>
<br>
<label>Nachname
<br>
<input type="name" name="lastname" required>
</label>
<br>
<br>
<label>Klasse/Funktion
<br>
<input type="text" name="role" required>
</label>
<input type="hidden" name="submissionType" value="borrower">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Ausleiher hinzufügen</button>
</form>
</td>
<td>
<h2>Buch verleihen</h2>
<form id="loanForm">
<label>Ausleiher
<br>
<select name="borrowerID" required>
<option value="">Wähle einen Ausleiher</option>
<?php foreach ($borrowers as $borrower): ?>
<option value="<?= htmlspecialchars($borrower['borrowerID'])?>">
<?= htmlspecialchars($borrower['lastName'] . ", " . $borrower['firstName'] . " (" . $borrower['role'] . ")")?>
</option>
<?php endforeach; ?>
</select>
</label>
<br>
<br>
<label>Buch
<br>
<select id="bookSelect" name="book" required>
<option value="">Wähle ein Buch</option>
<?php foreach ($books as $book): ?>
<option value="<?= htmlspecialchars($book['bookID'])?>">
<?= htmlspecialchars($book['title'] . " von " . $book['author'])?>
</option>
<?php endforeach; ?>
</select>
</label>
<br>
<br>
<label>Exemplar
<br>
<select id="copySelect" name="copyID">
<option value="">Bitte zuerst ein Buch wählen</option>
</select>
</label>
<br>
<br>
<label>Ausleihdatum
<br>
<input type="date" name="borrowedDate" value="<?=date("Y-m-d");?>">
</label>
<br>
<br>
<label>Rückgabedatum
<br>
<input type="date" name="dueDate" value="<?=date_add(date_create(date('Y-m-d')), date_interval_create_from_date_string('14 days'))->format('Y-m-d');?>">
</label>
<input type="hidden" name="submissionType" value="loan">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Buch verleihen</button>
</form>
</td>
<td>
<h2>Buch einsammeln</h2>
<form id="checkInForm">
<label>Ausleiher wählen
<br>
<select id="borrowerSelect">
<option value="">Wähle einen Ausleiher</option>
<?php foreach ($borrowers as $borrower): ?>
<option value="<?= htmlspecialchars($borrower['borrowerID'])?>">
<?= htmlspecialchars($borrower['firstName'] . " " . $borrower['lastName'])?>
</option>
<?php endforeach; ?>
</select>
</label>
<br>
<br>
<label>Wähle ein Exemplar
<br>
<select id="copyReturnSelect" name="copyID-loanID">
<option>Bitte zuerst einen Ausleiher wählen</option>
</select>
</label>
<br>
<br>
<label>Zurückgegeben am
<br>
<input type="date" name="returnedDate" value=<?= date("Y-m-d") ?>>
</label>
<br>
<br>
<button type="submit">Buch einsammeln</button>
<input type="hidden" name="submissionType" value="return">
<input type="hidden" name="csrf_token" value=<?= $_SESSION['csrf_token'] ?>>
</form>
</td>
<table>
<td>
<h2>Verliehene Bücher</h2>
<table>
<th>Vorname</th><th>Nachname</th><th>Klasse/Funktion</th><th>Buch</th><th>Exemplar</th><th>Ausleihdatum</th><th>Rückgabe fällig</th>
<?php foreach ($activeLoans as $loan): ?>
<tr>
<td><?= htmlspecialchars($loan['firstName'])?></td>
<td><?= htmlspecialchars($loan['lastName'])?></td>
<td><?= htmlspecialchars($loan['borrowerRole'])?></td>
<td><?= htmlspecialchars($loan['bookTitle'])?></td>
<td>#<?= htmlspecialchars($loan['copyID'])?></td>
<td><?= date_create($loan['borrowedDate'])->format("d.m.Y")?></td>
<td><?= date_create($loan['dueDate'])->format("d.m.Y")?></td>
</tr>
<?php endforeach; ?>
</table>
</td>
<td>
<h2>Versäumte Rückgaben</h2>
<table>
<th>Vorname</th><th>Nachname</th><th>Klasse/Funktion</th><th>Buch</th><th>Exemplar</th><th>Ausleihdatum</th><th>Rückgabe fällig</th>
<?php foreach ($lateLoans as $lateLoan): ?>
<tr>
<td><?= htmlspecialchars($lateLoan['firstName'])?></td>
<td><?= htmlspecialchars($lateLoan['lastName'])?></td>
<td><?= htmlspecialchars($lateLoan['borrowerRole'])?></td>
<td><?= htmlspecialchars($lateLoan['bookTitle'])?></td>
<td>#<?= htmlspecialchars($lateLoan['copyID'])?></td>
<td><?= date_create($lateLoan['borrowedDate'])->format("d.m.Y")?></td>
<td><?= date_create($lateLoan['dueDate'])->format("d.m.Y")?></td>
</tr>
<?php endforeach; ?>
</table>
</td>
</table>
<table>
<td>
<h2>Datenbank durchsuchen</h2>
<form id="sqlSelectInputForm">
<label>
SELECT <input style="width: 500px;" type="text" name="sqlSelectTextarea" placeholder="* FROM books WHERE bookID = 5" required></input>
</label>
<input type="hidden" name="submissionType" value="selectRequest">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Abschicken</button>
</form>
</td>
</table>
</table> </table>
<br> <table>
<div id="result"></div> <td>
<h2>Datenbank durchsuchen</h2>
<form id="sqlSelectInputForm">
<label>
SELECT <input style="width: 500px;" type="text" name="sqlSelectTextarea"
placeholder="* FROM books WHERE bookID = 5" required></input>
</label>
<input type="hidden" name="submissionType" value="selectRequest">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<br>
<br>
<button type="submit">Abschicken</button>
</form>
</td>
</table>
</table>
<br>
<div id="result"></div>
<?php include "script.php" ?>
</body>
<?php include "script.php" ?>
</body>
</html> </html>

312
script.php
View file

@ -1,191 +1,191 @@
<script> <script>
document.getElementById('bookForm').addEventListener('submit', function (e) { document.getElementById('bookForm').addEventListener('submit', function (e) {
e.preventDefault(); // prevent normal form submission e.preventDefault(); // prevent normal form submission
const formData = new FormData(this); const formData = new FormData(this);
fetch('submission.php', { fetch('submission.php', {
method: 'POST', method: 'POST',
body: formData body: formData
})
.then(response => response.text())
.then(data => {
document.getElementById('result').innerHTML = data; // show success/error
this.reset(); // reset form after success
}) })
.catch(error => { .then(response => response.text())
document.getElementById('result').innerHTML = 'Error: ' + error; .then(data => {
}); document.getElementById('result').innerHTML = data; // show success/error
}); this.reset(); // reset form after success
})
.catch(error => {
document.getElementById('result').innerHTML = 'Error: ' + error;
});
});
document.getElementById('copyForm').addEventListener('submit', function (e) { document.getElementById('copyForm').addEventListener('submit', function (e) {
e.preventDefault(); // prevent normal form submission e.preventDefault(); // prevent normal form submission
const formData = new FormData(this); const formData = new FormData(this);
fetch('submission.php', { fetch('submission.php', {
method: 'POST', method: 'POST',
body: formData body: formData
})
.then(response => response.text())
.then(data => {
document.getElementById('result').innerHTML = data; // show success/error
this.reset(); // optional: reset form after success
}) })
.catch(error => { .then(response => response.text())
document.getElementById('result').innerHTML = 'Error: ' + error; .then(data => {
}); document.getElementById('result').innerHTML = data; // show success/error
}); this.reset(); // optional: reset form after success
})
.catch(error => {
document.getElementById('result').innerHTML = 'Error: ' + error;
});
});
document.getElementById('borrowerForm').addEventListener('submit', function (e) { document.getElementById('borrowerForm').addEventListener('submit', function (e) {
e.preventDefault(); // prevent normal form submission e.preventDefault(); // prevent normal form submission
const formData = new FormData(this); const formData = new FormData(this);
fetch('submission.php', { fetch('submission.php', {
method: 'POST', method: 'POST',
body: formData body: formData
})
.then(response => response.text())
.then(data => {
document.getElementById('result').innerHTML = data; // show success/error
this.reset(); // optional: reset form after success
}) })
.catch(error => { .then(response => response.text())
document.getElementById('result').innerHTML = 'Error: ' + error; .then(data => {
}); document.getElementById('result').innerHTML = data; // show success/error
}); this.reset(); // optional: reset form after success
})
.catch(error => {
document.getElementById('result').innerHTML = 'Error: ' + error;
});
});
document.getElementById('loanForm').addEventListener('submit', function (e) { document.getElementById('loanForm').addEventListener('submit', function (e) {
e.preventDefault(); // prevent normal form submission e.preventDefault(); // prevent normal form submission
const formData = new FormData(this); const formData = new FormData(this);
fetch('submission.php', { fetch('submission.php', {
method: 'POST', method: 'POST',
body: formData body: formData
})
.then(response => response.text())
.then(data => {
document.getElementById('result').innerHTML = data; // show success/error
this.reset(); // optional: reset form after success
}) })
.catch(error => { .then(response => response.text())
document.getElementById('result').innerHTML = 'Error: ' + error; .then(data => {
}); document.getElementById('result').innerHTML = data; // show success/error
this.reset(); // optional: reset form after success
})
.catch(error => {
document.getElementById('result').innerHTML = 'Error: ' + error;
});
location.reload(); location.reload();
}); });
document.getElementById('checkInForm').addEventListener('submit', function (e) { document.getElementById('checkInForm').addEventListener('submit', function (e) {
e.preventDefault(); // prevent normal form submission e.preventDefault(); // prevent normal form submission
const formData = new FormData(this); const formData = new FormData(this);
fetch('submission.php', { fetch('submission.php', {
method: 'POST', method: 'POST',
body: formData body: formData
})
.then(response => response.text())
.then(data => {
document.getElementById('result').innerHTML = data; // show success/error
this.reset(); // optional: reset form after success
}) })
.catch(error => { .then(response => response.text())
document.getElementById('result').innerHTML = 'Error: ' + error; .then(data => {
}); document.getElementById('result').innerHTML = data; // show success/error
this.reset(); // optional: reset form after success
})
.catch(error => {
document.getElementById('result').innerHTML = 'Error: ' + error;
});
location.reload(); location.reload();
}); });
document.getElementById('sqlSelectInputForm').addEventListener('submit', function (e) { document.getElementById('sqlSelectInputForm').addEventListener('submit', function (e) {
e.preventDefault(); // prevent normal form submission e.preventDefault(); // prevent normal form submission
const formData = new FormData(this); const formData = new FormData(this);
fetch('submission.php', { fetch('submission.php', {
method: 'POST', method: 'POST',
body: formData body: formData
})
.then(response => response.text())
.then(data => {
const container = document.getElementById('result');
container.innerHTML = data; // show success/error
// scroll after the new content is in place
if (container) {
container.scrollIntoView({ behavior: 'smooth' });
}
}) })
.catch(error => { .then(response => response.text())
document.getElementById('result').innerHTML = 'Error: ' + error; .then(data => {
}); const container = document.getElementById('result');
});
document.querySelector("#bookSelect").addEventListener("change", function () { container.innerHTML = data; // show success/error
const csrf_token = "<?= $_SESSION['csrf_token'] ?>";
const bookID = this.value;
const copySelect = document.querySelector("#copySelect");
// reset exemplar list // scroll after the new content is in place
copySelect.innerHTML = '<option value="">Lade Exemplare...</option>'; if (container) {
container.scrollIntoView({ behavior: 'smooth' });
if (bookID) {
fetch("submission.php?submissionType=" + encodeURI("getCopies") + "&bookID=" + encodeURIComponent(bookID) + "&csrf_token=" + encodeURIComponent(csrf_token))
.then(response => response.json())
.then(copies => {
copySelect.innerHTML = "";
if (copies.length === 0) {
copySelect.innerHTML = '<option value="">Keine Exemplare verfügbar</option>';
} else {
copies.forEach(copy => {
const opt = document.createElement("option");
opt.value = copy.copyID;
opt.textContent = "Exemplar #" + copy.copyID + " (" + copy.bookCondition + ")";
copySelect.appendChild(opt);
});
} }
}) })
.catch(err => { .catch(error => {
copySelect.innerHTML = '<option value="">Fehler beim Laden</option>'; document.getElementById('result').innerHTML = 'Error: ' + error;
console.error(err);
}); });
} else { });
copySelect.innerHTML = '<option value="">Bitte zuerst ein Buch wählen</option>';
}
});
document.querySelector("#borrowerSelect").addEventListener("change", function () { document.querySelector("#bookSelect").addEventListener("change", function () {
const csrf_token = "<?= $_SESSION['csrf_token'] ?>"; const csrf_token = "<?= $_SESSION['csrf_token'] ?>";
const borrowerID = this.value; const bookID = this.value;
const copySelect = document.querySelector("#copyReturnSelect"); const copySelect = document.querySelector("#copySelect");
// reset copy list // reset exemplar list
copySelect.innerHTML = '<option value="">Lade Exemplare...</option>'; copySelect.innerHTML = '<option value="">Lade Exemplare...</option>';
if (borrowerID) { if (bookID) {
fetch("submission.php?submissionType=" + encodeURI("getReturnCopies") + "&borrowerID=" + encodeURIComponent(borrowerID) + "&csrf_token=" + encodeURIComponent(csrf_token)) fetch("submission.php?submissionType=" + encodeURI("getCopies") + "&bookID=" + encodeURIComponent(bookID) + "&csrf_token=" + encodeURIComponent(csrf_token))
.then(response => response.json()) .then(response => response.json())
.then(copies => { .then(copies => {
copySelect.innerHTML = ""; copySelect.innerHTML = "";
if (copies.length === 0) { if (copies.length === 0) {
copySelect.innerHTML = '<option value="">Keine Exemplare ausgeliehen</option>'; copySelect.innerHTML = '<option value="">Keine Exemplare verfügbar</option>';
} else { } else {
copies.forEach(copy => { copies.forEach(copy => {
const opt = document.createElement("option"); const opt = document.createElement("option");
opt.value = copy.copyID + "-" + copy.loanID; opt.value = copy.copyID;
opt.textContent = copy.bookTitle + " von " + copy.bookAuthor + " Exemplar #" + copy.copyID + " (" + copy.bookCondition + ")"; opt.textContent = "Exemplar #" + copy.copyID + " (" + copy.bookCondition + ")";
copySelect.appendChild(opt); copySelect.appendChild(opt);
}); });
} }
}) })
.catch(err => { .catch(err => {
copySelect.innerHTML = '<option value="">Fehler beim Laden</option>'; copySelect.innerHTML = '<option value="">Fehler beim Laden</option>';
console.error(err); console.error(err);
}); });
} else { } else {
copySelect.innerHTML = '<option value="">Bitte zuerst einen Ausleiher wählen</option>'; copySelect.innerHTML = '<option value="">Bitte zuerst ein Buch wählen</option>';
} }
}); });
document.querySelector("#borrowerSelect").addEventListener("change", function () {
const csrf_token = "<?= $_SESSION['csrf_token'] ?>";
const borrowerID = this.value;
const copySelect = document.querySelector("#copyReturnSelect");
// reset copy list
copySelect.innerHTML = '<option value="">Lade Exemplare...</option>';
if (borrowerID) {
fetch("submission.php?submissionType=" + encodeURI("getReturnCopies") + "&borrowerID=" + encodeURIComponent(borrowerID) + "&csrf_token=" + encodeURIComponent(csrf_token))
.then(response => response.json())
.then(copies => {
copySelect.innerHTML = "";
if (copies.length === 0) {
copySelect.innerHTML = '<option value="">Keine Exemplare ausgeliehen</option>';
} else {
copies.forEach(copy => {
const opt = document.createElement("option");
opt.value = copy.copyID + "-" + copy.loanID;
opt.textContent = copy.bookTitle + " von " + copy.bookAuthor + " Exemplar #" + copy.copyID + " (" + copy.bookCondition + ")";
copySelect.appendChild(opt);
});
}
})
.catch(err => {
copySelect.innerHTML = '<option value="">Fehler beim Laden</option>';
console.error(err);
});
} else {
copySelect.innerHTML = '<option value="">Bitte zuerst einen Ausleiher wählen</option>';
}
});
</script> </script>

54
submission.php
View file

@ -4,22 +4,22 @@ include "db/functions.php";
session_start(); session_start();
if(empty($_SESSION['csrf_token'])){ if (empty($_SESSION['csrf_token'])) {
die("Invalid request: No token supplied."); die("Invalid request: No token supplied.");
} }
$sessionToken = (string)($_SESSION['csrf_token'] ?? ''); $sessionToken = (string) ($_SESSION['csrf_token'] ?? '');
$postToken = (string)($_POST['csrf_token'] ?? ''); $postToken = (string) ($_POST['csrf_token'] ?? '');
$getToken = (string)($_GET['csrf_token'] ?? ''); $getToken = (string) ($_GET['csrf_token'] ?? '');
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if(!hash_equals($sessionToken, $postToken)){ if (!hash_equals($sessionToken, $postToken)) {
die("Invalid request: Token mismatch."); die("Invalid request: Token mismatch.");
} }
//Book Submission //Book Submission
if($_POST['submissionType'] == "book"){ if ($_POST['submissionType'] == "book") {
$title = $_POST['title'] ?? ''; $title = $_POST['title'] ?? '';
$author = $_POST['author'] ?? ''; $author = $_POST['author'] ?? '';
$area = $_POST['area'] ?? ''; $area = $_POST['area'] ?? '';
@ -32,7 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
//Copy Submission //Copy Submission
if($_POST['submissionType'] == "copy"){ if ($_POST['submissionType'] == "copy") {
$bookID = $_POST['book'] ?? ''; $bookID = $_POST['book'] ?? '';
$amount = $_POST['amount'] ?? ''; $amount = $_POST['amount'] ?? '';
$copyCondition = $_POST['condition'] ?? ''; $copyCondition = $_POST['condition'] ?? '';
@ -45,80 +45,80 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
//Borrower Submission //Borrower Submission
if($_POST['submissionType'] == "borrower"){ if ($_POST['submissionType'] == "borrower") {
$firstname = $_POST['firstname'] ?? ''; $firstname = $_POST['firstname'] ?? '';
$lastname = $_POST['lastname'] ?? ''; $lastname = $_POST['lastname'] ?? '';
$role = $_POST['role'] ?? ''; $role = $_POST['role'] ?? '';
if($firstname && $lastname && $role){ if ($firstname && $lastname && $role) {
addBorrower($pdo, $firstname, $lastname, $role); addBorrower($pdo, $firstname, $lastname, $role);
}else{ } else {
echo "<p>Please fill in all fields.</p>"; echo "<p>Please fill in all fields.</p>";
} }
} }
if($_POST['submissionType'] == "loan"){ if ($_POST['submissionType'] == "loan") {
$copyID = $_POST['copyID'] ?? ''; $copyID = $_POST['copyID'] ?? '';
$borrowerID = $_POST['borrowerID'] ?? ''; $borrowerID = $_POST['borrowerID'] ?? '';
$borrowedDate = $_POST['borrowedDate'] ?? ''; $borrowedDate = $_POST['borrowedDate'] ?? '';
$dueDate = $_POST['dueDate']; $dueDate = $_POST['dueDate'];
if($copyID && $borrowerID && $borrowedDate && $dueDate){ if ($copyID && $borrowerID && $borrowedDate && $dueDate) {
addLoan($pdo, $copyID, $borrowerID, $borrowedDate, $dueDate); addLoan($pdo, $copyID, $borrowerID, $borrowedDate, $dueDate);
}else{ } else {
echo "<p>Please fill in all fields.</p>"; echo "<p>Please fill in all fields.</p>";
} }
} }
if($_POST['submissionType'] == "return"){ if ($_POST['submissionType'] == "return") {
$copyIDLoanID = explode("-", $_POST['copyID-loanID'], 2); $copyIDLoanID = explode("-", $_POST['copyID-loanID'], 2);
$copyID = $copyIDLoanID[0]; $copyID = $copyIDLoanID[0];
$loanID = $copyIDLoanID[1]; $loanID = $copyIDLoanID[1];
$returnedDate = $_POST['returnedDate']; $returnedDate = $_POST['returnedDate'];
if($copyID && $loanID){ if ($copyID && $loanID) {
removeLoan($pdo, $copyID, $loanID, $returnedDate); removeLoan($pdo, $copyID, $loanID, $returnedDate);
}else{ } else {
echo "<p>Please fill in all fields</p>"; echo "<p>Please fill in all fields</p>";
} }
} }
if($_POST['submissionType'] == "selectRequest"){ if ($_POST['submissionType'] == "selectRequest") {
$selectRequest = $_POST['sqlSelectTextarea']; $selectRequest = $_POST['sqlSelectTextarea'];
if($selectRequest){ if ($selectRequest) {
selectRequest($pdo, $selectRequest); selectRequest($pdo, $selectRequest);
}else{ } else {
echo "<p>Please fill in all fields</p>"; echo "<p>Please fill in all fields</p>";
} }
} }
} }
if($_SERVER['REQUEST_METHOD'] == 'GET'){ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if(!hash_equals($sessionToken, $getToken)){ if (!hash_equals($sessionToken, $getToken)) {
die("Invalid request: Token mismatch."); die("Invalid request: Token mismatch.");
} }
if($_GET['submissionType'] == "getCopies"){ if ($_GET['submissionType'] == "getCopies") {
$bookID = $_GET['bookID']; $bookID = $_GET['bookID'];
if($bookID){ if ($bookID) {
$copies = getAvailableCopiesOfBook($pdo, $bookID); $copies = getAvailableCopiesOfBook($pdo, $bookID);
echo json_encode($copies); echo json_encode($copies);
}else{ } else {
echo json_encode([]); echo json_encode([]);
} }
} }
if($_GET['submissionType'] == "getReturnCopies"){ if ($_GET['submissionType'] == "getReturnCopies") {
$borrowerID = $_GET['borrowerID']; $borrowerID = $_GET['borrowerID'];
if($borrowerID){ if ($borrowerID) {
$copies = getBorrowedCopiesOfBorrower($pdo, $borrowerID); $copies = getBorrowedCopiesOfBorrower($pdo, $borrowerID);
echo json_encode($copies); echo json_encode($copies);
}else{ } else {
echo json_encode([]); echo json_encode([]);
} }
} }