<?php
// robot.robot.update.php
session_start();
echo "<b>" . $_SESSION['uid'] . "</b><hr>";

if ($_SESSION['uid']) {
$admin = $_SESSION['uid'];
}else{

header( "Location: robot.user.login.php" );
}


/* ===== globals 

$dbserver="localhost";
$dbuser="hejni_root";
$dbpass="polmideqwerty1234";
====== */

/* ===== globals ====== */
$file= "globalpass.txt";
if (file_exists($file)) { 
$passed = "file exist " . $file;
include $file; 
}else {

$passed = "file doesn't exist " . $file;
}

/* ===== database name ====== */

$dbname="hejni_users";
$dbname="hejni_robot";


$con=mysqli_connect($dbserver,$dbuser,$dbpass,$dbname) or die ("password " . $passed);

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}


/* ======== form input section ======== */
// remove escape variables for security

$robot = mysqli_real_escape_string($con, $_REQUEST['id']);

$form_action = mysqli_real_escape_string($con, $_REQUEST['action']);

$form_value = mysqli_real_escape_string($con, $_POST['value']);

/* ======== form input section ======== */

// xxxxxx


/*
DELETE FROM `hejni_robot`.`user` WHERE `user`.`uid` = 44563447;

$sql = "UPDATE `robot` SET `" . $form_col . "` = '" . $form_value . "' WHERE (`robot`.`robotid` = " . $form_id . ") AND (`robot`.`admin` = " . $admin . ")";


$sql = "UPDATE `robot` SET `" . $form_col . "` = '" . $form_value . "' WHERE 
(`robot`.`robotid` = " . $form_id . ") AND (`robot`.`admin` = " . $admin . ")";
*/


$user=$_SESSION['uid'];
if ((empty($user)) or (empty($robot)) ) {
$action="favorite skipped";
}else{
if ($form_action=="add") {

$action="favorite add";
$sql = "INSERT INTO `hejni_robot`.`favorites` (`uid`, `robotid`) VALUES ('" . $user . "','" . $robot . "')";

} elseif ($form_action=="del") {
$action="favorite del";

$sql = "DELETE FROM `favorites` WHERE (`uid` = '" . $user . "') AND (`robotid` = '" . $robot . "')";

} // end if
} // end if
// xxxxxx


$_SESSION['action']="user:" . $user . "<br>form:" . $form_action . "<br>if action:" . $action;


if ($form_action){
  if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
  $chng="Changed ";
  }
  echo "1 record added";
}else{
  $chng="Did not Change ";
}

$_SESSION['sql']=$sql;

$_SESSION['message']= $chng . $form_col . " to [ " . $form_value . " ]<br>favorite.php";
$_SESSION['changed'] = $form_id;

// xxxxxx


/*
if ($form_id){
  if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
  $chng="Changed ";
  }
  echo "1 record added";
}else{
  $chng="Did not Change<br>You must enter an id number and select a column:<br>to change ";
}

*/


$_SESSION['changed'] = $form_id . "/" . $form_col;
$_SESSION['changed'] = $form_id;


$_SESSION['message']= $chng .$_SESSION['changed'] . "/" . $form_col . " to [ " . $form_value . " ]<br>robot.robot.update";


$username=$_SESSION['username'];
$password=$_SESSION['password'];

$returnpage=$_SESSION['returnpage'];

mysqli_close($con);

$_SESSION['username']=$username;
$_SESSION['password']=$password;


if($_SESSION['returnpage']){
$_SESSION['message'].="<br>returnpage worked";
header( "Location: $returnpage" );
}else{
$_SESSION['message'].="<br>returnpage failed";

// 
header ( "Location: edit.robot.php" );

// edit.robot.php
}

/* ======== end of code ======== */


/* ====== 
==== database column headers ==== start

robot robot
id admin user name type access online ip
robot user
uid username password email favorites
users user
id username password email

==== database column headers ==== end
==== */

/* ====
UPDATE `hejni_robot`.`robot` SET `location` = 'mars' WHERE `robot`.`id` = 12054978, 

UPDATE `hejni_robot`.`robot` SET `description` = 'a scientific exploration robot' WHERE `robot`.`id` = 12054978;

=== creating a new record ==

INSERT INTO `hejni_robot`.`robot` (`id`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('987086352', '123456789', '12345678', 'Scoochi', 'undersea explorer', 'Atlantis', 'Sub', '123456789', 'Yes', '107.64.0.13');


=== deleting a record ==

DELETE FROM `hejni_robot`.`user` WHERE `user`.`uid` = 44563447;

DELETE FROM `hejni_robot`.`robot` WHERE `user`.`id` = 44563447;


$sql="INSERT INTO robot (`robotid`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('$id', '$admin', '$user', '$name', '$description', '$location', '$type', '$access', '$online', '$ip')";


UPDATE `hejni_robot`.`robot` SET table_to_update.col1 = table_info.col1
WHERE 
table_to_update.ID = table_info.ID, table_to_update.col2 = table_info.col2 

====== */


/*

string fbsql_username ( resource $link_identifier [, string $username ] );

*/
?>