-
Notifications
You must be signed in to change notification settings - Fork 0
/
admin_card.php
95 lines (84 loc) · 3.17 KB
/
admin_card.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<!DOCTYPE html>
<html>
<head>
<meta charset = "utf-8"/>
<title>
孙伟杰的图书馆
</title>
</head>
<body bgcolor = "pink">
<h1 align = "center"><?php session_start();echo $_SESSION['username'] ?>:你好!</h1>
<hr color = "lightskyblue"/>
<div>
<a href = "./index.php" onclick="<?php mysqli_close($mydb);?>">log out</a><br>
<a href = "./admin_book.php" onclick="<?php mysqli_close($mydb);?>">book</a>
</div>
<h2 align = "center">借书证管理</h2>
<form name="search_form" action="" method="post" align="center">
cno:<input type="text" name="cno">
name:<input type="text" name="name">
department:<input type="text" name="department">
type: S<input type="radio" name="type" value="S">
T<input type="radio" name="type" value="T">
<input type="submit" name="insert" value="insert/update">
</form><br>
<form name="delete_form" action="" method="post" align="center">
cno:<input type="text" name="del_cno">
<input type="submit" name="delete" value="delete">
</form><br>
<?php
error_reporting(E_ALL || ~E_NOTICE);
session_start();
$mydb = mysqli_connect("localhost:3308",$_SESSION['username'],$_SESSION['pwd']);
mysqli_select_db($mydb,"library");
if(isset($_POST["insert"])&&$_POST["insert"]){
$result = mysqli_query($mydb,"SELECT * FROM CARD where cno = '$_POST[cno]'");
$row = mysqli_fetch_array($result);
if(!$row){
echo '<script>alert("succeed in inserting!")</script>';
mysqli_query($mydb,"insert into card values('$_POST[cno]', '$_POST[name]', '$_POST[department]', '$_POST[type]')");
mysqli_query($mydb,"create user '$_POST[cno]'@'localhost' identified by ''");
mysqli_query($mydb,"grant select,insert,update on library.* to '$_POST[cno]'@'localhost'");
}
else{
echo '<script>alert("succeed in updating!")</script>';
mysqli_query($mydb,"update card set name='$_POST[name]', department='$_POST[department]', type='$_POST[type]' where cno='$_POST[cno]'");
}
unset($_POST["insert"]);
}
if(isset($_POST["delete"])&&$_POST["delete"]){
$result = mysqli_query($mydb,"SELECT * FROM BORROW where cno = '$_POST[del_cno]'");
$row = mysqli_fetch_array($result);
if(!$row||$row["return_date"]!=""){//delete
echo '<script>alert("succeed in deleting!")</script>';
mysqli_query($mydb,"delete from borrow where cno = '$_POST[del_cno]'");
mysqli_query($mydb,"delete from card where cno = '$_POST[del_cno]'");
mysqli_query($mydb,"drop user '$_POST[del_cno]'@'localhost'");
unset($_POST["delete"]);
}
else{//borrowed book and haven't return yet, can't delete
echo '<script>alert("Can\'t remove this user until all borrowed books are returned!")</script>';
}
}
echo "<table border='1' align='center'>
<tr>
<th>cno</th>
<th>name</th>
<th>department</th>
<th>type</th>
</tr>
";
$query = "SELECT * FROM CARD";
$result = mysqli_query($mydb,$query);
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['cno'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['department'] . "</td>";
echo "<td>" . $row['type'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
</body>
</html>