mirror of https://github.com/tildeclub/site.git
				
				
				
			
		
			
				
	
	
		
			348 lines
		
	
	
		
			13 KiB
		
	
	
	
		
			PHP
		
	
	
	
			
		
		
	
	
			348 lines
		
	
	
		
			13 KiB
		
	
	
	
		
			PHP
		
	
	
	
| <?php
 | |
| session_start();
 | |
| require_once 'db.php';  // Ensure the database and $db PDO instance are available
 | |
| 
 | |
| // ------------------------------
 | |
| // Utility Function: Check if admin is logged in
 | |
| // ------------------------------
 | |
| function isAdminLoggedIn()
 | |
| {
 | |
|     return isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true;
 | |
| }
 | |
| 
 | |
| // ------------------------------
 | |
| // Handle Admin Login
 | |
| // ------------------------------
 | |
| if (isset($_POST['login'])) {
 | |
|     $username = $_POST['username'] ?? '';
 | |
|     $password = $_POST['password'] ?? '';
 | |
| 
 | |
|     // Prepare a query to fetch the user
 | |
|     $stmt = $db->prepare("SELECT * FROM users WHERE username = :username LIMIT 1");
 | |
|     $stmt->bindValue(':username', $username, PDO::PARAM_STR);
 | |
|     $stmt->execute();
 | |
| 
 | |
|     $user = $stmt->fetch(PDO::FETCH_ASSOC);
 | |
| 
 | |
|     if ($user && password_verify($password, $user['password'])) {
 | |
|         // Successful login
 | |
|         $_SESSION['admin_logged_in'] = true;
 | |
|         header('Location: admin.php');
 | |
|         exit;
 | |
|     } else {
 | |
|         $error = "Invalid credentials. Please try again.";
 | |
|     }
 | |
| }
 | |
| 
 | |
| // ------------------------------
 | |
| // Handle Admin Logout
 | |
| // ------------------------------
 | |
| if (isset($_GET['action']) && $_GET['action'] === 'logout') {
 | |
|     session_destroy();
 | |
|     header('Location: admin.php');
 | |
|     exit;
 | |
| }
 | |
| 
 | |
| // ------------------------------
 | |
| // Handle Creating a New Poll
 | |
| // ------------------------------
 | |
| if (isset($_POST['create_poll']) && isAdminLoggedIn()) {
 | |
|     $questionText = trim($_POST['question_text'] ?? '');
 | |
| 
 | |
|     if (!empty($questionText)) {
 | |
|         $stmt = $db->prepare("INSERT INTO poll_questions (question_text) VALUES (:question_text)");
 | |
|         $stmt->bindValue(':question_text', $questionText, PDO::PARAM_STR);
 | |
|         $stmt->execute();
 | |
|         $successMsg = "Poll question created successfully!";
 | |
|     } else {
 | |
|         $errorMsg = "Please enter a question text.";
 | |
|     }
 | |
| }
 | |
| 
 | |
| // ------------------------------
 | |
| // Handle Adding Options to an Existing Poll
 | |
| // ------------------------------
 | |
| if (isset($_POST['add_option']) && isAdminLoggedIn()) {
 | |
|     $questionId = (int)($_POST['poll_id'] ?? 0);
 | |
|     $optionText = trim($_POST['option_text'] ?? '');
 | |
| 
 | |
|     if ($questionId > 0 && !empty($optionText)) {
 | |
|         // Check if poll question exists
 | |
|         $stmt = $db->prepare("SELECT id FROM poll_questions WHERE id = :id");
 | |
|         $stmt->bindValue(':id', $questionId, PDO::PARAM_INT);
 | |
|         $stmt->execute();
 | |
| 
 | |
|         if ($stmt->fetchColumn()) {
 | |
|             // Insert the new option
 | |
|             $insertOption = $db->prepare("
 | |
|                 INSERT INTO poll_options (question_id, option_text)
 | |
|                 VALUES (:question_id, :option_text)
 | |
|             ");
 | |
|             $insertOption->bindValue(':question_id', $questionId, PDO::PARAM_INT);
 | |
|             $insertOption->bindValue(':option_text', $optionText, PDO::PARAM_STR);
 | |
|             $insertOption->execute();
 | |
| 
 | |
|             // Also initialize poll_results with a 0 vote count for the new option
 | |
|             $optionId = $db->lastInsertId();
 | |
|             $insertResult = $db->prepare("
 | |
|                 INSERT INTO poll_results (question_id, option_id, vote_count)
 | |
|                 VALUES (:question_id, :option_id, 0)
 | |
|             ");
 | |
|             $insertResult->bindValue(':question_id', $questionId, PDO::PARAM_INT);
 | |
|             $insertResult->bindValue(':option_id', $optionId, PDO::PARAM_INT);
 | |
|             $insertResult->execute();
 | |
| 
 | |
|             $successMsg = "Option added successfully!";
 | |
|         } else {
 | |
|             $errorMsg = "Poll question does not exist.";
 | |
|         }
 | |
|     } else {
 | |
|         $errorMsg = "Please select a poll and enter an option text.";
 | |
|     }
 | |
| }
 | |
| 
 | |
| // ------------------------------
 | |
| // Handle Editing an Existing Poll
 | |
| // ------------------------------
 | |
| if (isset($_POST['edit_poll']) && isAdminLoggedIn()) {
 | |
|     $pollId = (int)($_POST['poll_id'] ?? 0);
 | |
|     $newQuestionText = trim($_POST['edit_question_text'] ?? '');
 | |
| 
 | |
|     if ($pollId > 0 && !empty($newQuestionText)) {
 | |
|         // Check if poll question exists
 | |
|         $checkStmt = $db->prepare("SELECT id FROM poll_questions WHERE id = :id");
 | |
|         $checkStmt->bindValue(':id', $pollId, PDO::PARAM_INT);
 | |
|         $checkStmt->execute();
 | |
| 
 | |
|         if ($checkStmt->fetchColumn()) {
 | |
|             // Update the poll question
 | |
|             $updateStmt = $db->prepare("
 | |
|                 UPDATE poll_questions
 | |
|                 SET question_text = :question_text
 | |
|                 WHERE id = :id
 | |
|             ");
 | |
|             $updateStmt->bindValue(':question_text', $newQuestionText, PDO::PARAM_STR);
 | |
|             $updateStmt->bindValue(':id', $pollId, PDO::PARAM_INT);
 | |
|             $updateStmt->execute();
 | |
| 
 | |
|             $successMsg = "Poll question updated successfully!";
 | |
|         } else {
 | |
|             $errorMsg = "Poll question does not exist.";
 | |
|         }
 | |
|     } else {
 | |
|         $errorMsg = "Invalid poll ID or question text.";
 | |
|     }
 | |
| }
 | |
| 
 | |
| // ------------------------------
 | |
| // Handle Deleting an Existing Poll
 | |
| // ------------------------------
 | |
| if (isset($_POST['delete_poll']) && isAdminLoggedIn()) {
 | |
|     $pollId = (int)($_POST['poll_id'] ?? 0);
 | |
| 
 | |
|     if ($pollId > 0) {
 | |
|         // Check if poll question exists
 | |
|         $checkStmt = $db->prepare("SELECT id FROM poll_questions WHERE id = :id");
 | |
|         $checkStmt->bindValue(':id', $pollId, PDO::PARAM_INT);
 | |
|         $checkStmt->execute();
 | |
| 
 | |
|         if ($checkStmt->fetchColumn()) {
 | |
|             // Delete poll_results
 | |
|             $deleteResults = $db->prepare("DELETE FROM poll_results WHERE question_id = :id");
 | |
|             $deleteResults->bindValue(':id', $pollId, PDO::PARAM_INT);
 | |
|             $deleteResults->execute();
 | |
| 
 | |
|             // Delete poll_options
 | |
|             $deleteOptions = $db->prepare("DELETE FROM poll_options WHERE question_id = :id");
 | |
|             $deleteOptions->bindValue(':id', $pollId, PDO::PARAM_INT);
 | |
|             $deleteOptions->execute();
 | |
| 
 | |
|             // Finally, delete the poll question
 | |
|             $deletePoll = $db->prepare("DELETE FROM poll_questions WHERE id = :id");
 | |
|             $deletePoll->bindValue(':id', $pollId, PDO::PARAM_INT);
 | |
|             $deletePoll->execute();
 | |
| 
 | |
|             $successMsg = "Poll deleted successfully!";
 | |
|         } else {
 | |
|             $errorMsg = "Poll question does not exist.";
 | |
|         }
 | |
|     } else {
 | |
|         $errorMsg = "Invalid poll ID.";
 | |
|     }
 | |
| }
 | |
| 
 | |
| // ------------------------------
 | |
| // Fetch All Polls for Display
 | |
| // ------------------------------
 | |
| $polls = [];
 | |
| if (isAdminLoggedIn()) {
 | |
|     $pollsQuery = $db->query("SELECT id, question_text, created_at FROM poll_questions ORDER BY id DESC");
 | |
|     $polls = $pollsQuery->fetchAll(PDO::FETCH_ASSOC);
 | |
| }
 | |
| ?>
 | |
| <!DOCTYPE html>
 | |
| <html>
 | |
| <head>
 | |
|     <meta charset="UTF-8">
 | |
|     <title>Poll Admin</title>
 | |
|     <style>
 | |
|         body { font-family: Arial, sans-serif; margin: 20px; }
 | |
|         .login-box, .admin-content { max-width: 600px; margin: 0 auto; }
 | |
|         .error { color: red; }
 | |
|         .success { color: green; }
 | |
|         h2 { border-bottom: 1px solid #ccc; }
 | |
|         form { margin-bottom: 20px; }
 | |
|         label { display: inline-block; width: 100px; }
 | |
|         input[type=text], input[type=password] { width: 200px; }
 | |
|         .poll-item { border: 1px solid #ccc; padding: 10px; margin-bottom: 20px; }
 | |
|         .poll-options { margin-top: 10px; }
 | |
|         .option-result { margin-left: 20px; }
 | |
|         .inline-form { display: inline-block; margin-right: 10px; }
 | |
|     </style>
 | |
| </head>
 | |
| <body>
 | |
| 
 | |
| <?php if (!isAdminLoggedIn()): ?>
 | |
|     <div class="login-box">
 | |
|         <h2>Admin Login</h2>
 | |
|         
 | |
|         <?php if (!empty($error)): ?>
 | |
|             <div class="error"><?php echo htmlspecialchars($error); ?></div>
 | |
|         <?php endif; ?>
 | |
|         
 | |
|         <form method="post" action="admin.php">
 | |
|             <div>
 | |
|                 <label for="username">Username:</label>
 | |
|                 <input type="text" name="username" id="username" required />
 | |
|             </div>
 | |
|             <div>
 | |
|                 <label for="password">Password:</label>
 | |
|                 <input type="password" name="password" id="password" required />
 | |
|             </div>
 | |
|             <div>
 | |
|                 <button type="submit" name="login">Login</button>
 | |
|             </div>
 | |
|         </form>
 | |
|     </div>
 | |
| 
 | |
| <?php else: ?>
 | |
|     <div class="admin-content">
 | |
|         <h2>Poll Administration</h2>
 | |
|         <p>
 | |
|             <a href="admin.php?action=logout">Logout</a>
 | |
|         </p>
 | |
| 
 | |
|         <!-- Display success or error messages -->
 | |
|         <?php if (!empty($successMsg)): ?>
 | |
|             <div class="success"><?php echo htmlspecialchars($successMsg); ?></div>
 | |
|         <?php endif; ?>
 | |
|         <?php if (!empty($errorMsg)): ?>
 | |
|             <div class="error"><?php echo htmlspecialchars($errorMsg); ?></div>
 | |
|         <?php endif; ?>
 | |
| 
 | |
|         <!-- Section: Create a New Poll -->
 | |
|         <h3>Create a New Poll</h3>
 | |
|         <form method="post" action="admin.php">
 | |
|             <div>
 | |
|                 <label for="question_text">Question:</label>
 | |
|                 <input type="text" name="question_text" id="question_text" required>
 | |
|             </div>
 | |
|             <div>
 | |
|                 <button type="submit" name="create_poll">Create Poll</button>
 | |
|             </div>
 | |
|         </form>
 | |
| 
 | |
|         <!-- Section: Add Options to Existing Poll -->
 | |
|         <h3>Add Options to a Poll</h3>
 | |
|         <?php if (count($polls) > 0): ?>
 | |
|             <form method="post" action="admin.php">
 | |
|                 <div>
 | |
|                     <label for="poll_id">Select Poll:</label>
 | |
|                     <select name="poll_id" id="poll_id">
 | |
|                         <?php foreach ($polls as $poll): ?>
 | |
|                             <option value="<?php echo $poll['id']; ?>">
 | |
|                                 <?php echo htmlspecialchars($poll['question_text']); ?>
 | |
|                             </option>
 | |
|                         <?php endforeach; ?>
 | |
|                     </select>
 | |
|                 </div>
 | |
|                 <div>
 | |
|                     <label for="option_text">Option:</label>
 | |
|                     <input type="text" name="option_text" id="option_text" required>
 | |
|                 </div>
 | |
|                 <div>
 | |
|                     <button type="submit" name="add_option">Add Option</button>
 | |
|                 </div>
 | |
|             </form>
 | |
|         <?php else: ?>
 | |
|             <p>No polls available. Create a new poll first.</p>
 | |
|         <?php endif; ?>
 | |
| 
 | |
|         <!-- Section: Existing Polls & Results -->
 | |
|         <h3>Existing Polls & Results</h3>
 | |
|         <?php if (count($polls) > 0): ?>
 | |
|             <?php foreach ($polls as $poll): ?>
 | |
|                 <div class="poll-item">
 | |
|                     <strong>Question:</strong> 
 | |
|                     <?php echo htmlspecialchars($poll['question_text']); ?><br>
 | |
|                     <em>Created at: <?php echo $poll['created_at']; ?></em>
 | |
| 
 | |
|                     <!-- Edit and Delete forms for the poll -->
 | |
|                     <div style="margin-top: 10px;">
 | |
|                         <!-- Edit Form (inline) -->
 | |
|                         <form method="post" class="inline-form">
 | |
|                             <input type="hidden" name="poll_id" value="<?php echo $poll['id']; ?>">
 | |
|                             <input type="text" name="edit_question_text" value="<?php echo htmlspecialchars($poll['question_text']); ?>" style="width:250px;">
 | |
|                             <button type="submit" name="edit_poll">Save</button>
 | |
|                         </form>
 | |
| 
 | |
|                         <!-- Delete Form (inline) -->
 | |
|                         <form method="post" class="inline-form" onsubmit="return confirm('Are you sure you want to delete this poll?');">
 | |
|                             <input type="hidden" name="poll_id" value="<?php echo $poll['id']; ?>">
 | |
|                             <button type="submit" name="delete_poll">Delete</button>
 | |
|                         </form>
 | |
|                     </div>
 | |
| 
 | |
|                     <!-- Display poll options and vote counts -->
 | |
|                     <?php
 | |
|                         // Fetch options
 | |
|                         $optionsStmt = $db->prepare("
 | |
|                             SELECT po.id as option_id, po.option_text,
 | |
|                                    pr.vote_count
 | |
|                             FROM poll_options po
 | |
|                             LEFT JOIN poll_results pr
 | |
|                                 ON po.id = pr.option_id
 | |
|                             WHERE po.question_id = :question_id
 | |
|                             ORDER BY po.id ASC
 | |
|                         ");
 | |
|                         $optionsStmt->bindValue(':question_id', $poll['id'], PDO::PARAM_INT);
 | |
|                         $optionsStmt->execute();
 | |
|                         $options = $optionsStmt->fetchAll(PDO::FETCH_ASSOC);
 | |
|                     ?>
 | |
|                     <div class="poll-options">
 | |
|                         <?php if (!empty($options)): ?>
 | |
|                             <ul>
 | |
|                                 <?php foreach ($options as $opt): ?>
 | |
|                                     <li>
 | |
|                                         <?php echo htmlspecialchars($opt['option_text']); ?> 
 | |
|                                         <span class="option-result">
 | |
|                                             (Votes: <?php echo $opt['vote_count']; ?>)
 | |
|                                         </span>
 | |
|                                     </li>
 | |
|                                 <?php endforeach; ?>
 | |
|                             </ul>
 | |
|                         <?php else: ?>
 | |
|                             <p>No options for this poll yet.</p>
 | |
|                         <?php endif; ?>
 | |
|                     </div>
 | |
|                 </div>
 | |
|             <?php endforeach; ?>
 | |
|         <?php else: ?>
 | |
|             <p>No polls to display.</p>
 | |
|         <?php endif; ?>
 | |
|     </div>
 | |
| <?php endif; ?>
 | |
| 
 | |
| </body>
 | |
| </html>
 |