<?php
// robot.robot.update.php
session_start();
echo "-----<b>" . $_SESSION['uid'] . "</b><hr>";

if ($_SESSION['uid']) {
$admin = (int)$_SESSION['uid'];
}else{

header( "Location: robot.user.login.php" );
}


/* ===== globals 

$dbserver="localhost";
$dbuser="hejni_root";
$dbpass="polmideqwerty1234";
====== */

/* ===== globals ====== */
$file= "globalpass.txt";
if (file_exists($file)) { 
$passed = "file exist " . $file;
include $file; 
}else {

$passed = "file doesn't exist " . $file;
}

/* ===== database name ====== */

$dbname="hejni_users";
$dbname="hejni_robot";


$con=mysqli_connect($dbserver,$dbuser,$dbpass,$dbname) or die ("password " . $passed);

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
/*

$form_id = $_REQUEST['id'];
$form_col = $_REQUEST['col'];
$form_value = $_REQUEST['value'];

*/


/* ======== form input section ======== */
// remove escape variables for security
/*
$robotid = mysqli_real_escape_string($con, $_POST['id']);
$admin = mysqli_real_escape_string($con, $_POST['admin']);

 $robotid = (int)$_SESSION['robotid'];
 $admin = (int)$_SESSION['admin'];
*/
$thisbot=(int)$_REQUEST['id'];

$thisbot=(int)$_SESSION['robotid'];
$admin=(int)$_SESSION['uid'];

$user = mysqli_real_escape_string($con, $_POST['user']);

$name = mysqli_real_escape_string($con, $_POST['name']);

$description = mysqli_real_escape_string($con, $_POST['description']);

$location = mysqli_real_escape_string($con, $_POST['location']);

$type = mysqli_real_escape_string($con, $_POST['type']);

$access = mysqli_real_escape_string($con, $_POST['access']);

$online = mysqli_real_escape_string($con, $_POST['online']);

$image = mysqli_real_escape_string($con, $_POST['image']);

$ip = mysqli_real_escape_string($con, $_POST['ip']);


/*
sleep(30);

echo "[" . $robotid . " : " . $admin . " : " . $user . " " . $name . " " . $description . " " . $location . " " . $type . " " . $access . " " . $online . " " . $image . " " . $ip;

wait(30);
*/


/* ======== form input section ======== */

/* ===

empty($thisbot) or empty($admin) or empty($user) or empty($name) or empty($description) or empty($location) or empty($type) or empty($access) or empty($online) or empty($ip)

!isset($robotid) 


if ( !isset($id) ) {
  // returnpage 
  $_SESSION["returnpage']="robot.accesspanel.php";
  $returnpage="robot.accesspanel.php";

  if($_SESSION['returnpage']){
    $_SESSION['message'].="<br>returnpage worked";
    header( "Location: $returnpage" );
  }else{
    $_SESSION['message'].= $error . "<br>returnpage failed";
    // 
    header ( "Location: robot.accesspanel.php" );
    // edit.robot.php
  }
}

=== */


if ( empty($thisbot) ) {

echo "[" . $robotid . "]"; 
  $error="<hr>you did not fill in all spaces";

if ($_SESSION['message'] == (int)$_SESSION['message']){
  $error="<hr><font color='blue'>robotid is an integer</font>";
}else {

  $error="<hr><font color='red'>robotid is not an integer</font>";

}


    $_SESSION['message'] = "robotid [" . $robotid . "]<br>admin [" . $admin . "]<br>user [" . $user . "]<br>name [" . $name . "]<br>description [" . $description . "]<br>location [" . $location . "]<br>type [" . $type . "]<br>access [" . $access . "]<br>online [" . $online . "]<br>image [" . $image . "]<br>ip [" . $ip . "]<br>" . $error;


$error . "<br>returnpage failed";

    // 
    header ( "Location: robot.accesspanel.php" );
}


/*
DELETE FROM `hejni_robot`.`user` WHERE `user`.`uid` = 44563447;

$sql = "UPDATE `robot` SET `" . $form_col . "` = '" . $form_value . "' WHERE (`robot`.`robotid` = " . $form_id . ") AND (`robot`.`admin` = " . $admin . ")";


$sql = "UPDATE `robot` SET `" . $form_col . "` = '" . $form_value . "' WHERE 
(`robot`.`robotid` = " . $form_id . ") AND (`robot`.`admin` = " . $admin . ")";


$sql="INSERT INTO `robot` (`robotid`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('$robotid', '$admin', '$user', '$name', '$description', '$location', '$type', '$access', '$online', '$ip')";


$sql="INSERT INTO `robot` (`robotid`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ($robotid, $admin, $user, $name, $description, $location, $type, $access, $online, $ip)";


$sql = "INSERT INTO `hejni_robot`.`robot` (`robotid`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `image`, `ip`) VALUES ('" . $robotid . "', '" . $admin . "', '" . $user . "', '" . $name . "', '" . $description . "', '" . $location . "', '" . $type . "', '" . $access . "', '" . $online . "', '" . $image . "', '" . $ip . "')";


(`admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `image`, `ip`) VALUES ('" . $admin . "', '" . $user . "', '" . $name . "', '" . $description . "', '" . $location . "', '" . $type . "', '" . $access . "', '" . $online . "', '" . $image . "', '" . $ip . "') 

`user` = '" . $user . "', 
`name` = '" . $name . "', 
`description` = '" . $description . "', 
`location` = '" . $location . "', 
`type` = '" . $type . "', 
`access` = '" . $access . "', 
`online` = '" . $online . "', 
`image` = '" . $image . "', 
`ip` = '" . $ip . "', 


INSERT INTO `hejni_robot`.`robot` (

`robotid` ,
`admin` ,
`user` ,
`name` ,
`description` ,
`location` ,
`type` ,
`access` ,
`online` ,
`image` ,
`ip` ,
`CreationOrder`

)
VALUES (

'112276890', '123456789', '123456789', 'Jonny Sokko','Hero', 'Japan', 'Agent', 'U7', 'Yes', 'Jonny.jpg','123.90.78.134', '8'

);


$sql="INSERT INTO robot (`robotid`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('$id', '$admin', '$user', '$name', '$description', '$location', '$type', '$access', '$online', '$ip')";


$sql = "UPDATE `robot` SET (`user` = '" . $user . "' , `name` = '" . $name . "' , `description` = '" . $description . "' , `location` = '" . $location . "' , `type` = '" . $type . "' , `access` = '" . $access . "' , `online` = '" . $online . "' , `image` = '" . $image . "' , `ip` = '" . $ip . "') WHERE `robot`.`robotid` = '" . $thisbot . "';";


$sql = "UPDATE `robot` SET (`robotid`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('$id', '$admin', '$user', '$name', '$description', '$location', '$type', '$access', '$online', '$ip') WHERE `robot`.`robotid` = '" . $thisbot . "';

$sql = "UPDATE `robot` SET (`user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('$user', '$name', '$description', '$location', '$type', '$access', '$online', '$ip') WHERE `robot`.`robotid` = '" . $thisbot . "';";


$sql = "UPDATE `robot` SET (`name`, `access`, `online`) VALUES ('$name', '$access', '$online') WHERE `robot`.`robotid` = '" . $thisbot . "';";

UPDATE `hejni_robot`.`robot` SET `location` = '$location' WHERE `robot`.`robotid` = '" . $thisbot . "', 
UPDATE `hejni_robot`.`robot` SET `description` = '$description' WHERE `robot`.`robotid` = '" . $thisbot . "';


$sql = "UPDATE `hejni_robot`.`robot` SET 
(`robotid`, `name`, `access`)
VALUES 
('" . $thisbot . "', '" . $name . "', '" . $access . "')";


user', '$name', '$description', '$location', '$type', '$access', '$online', '$ip') WHERE `robot`.`robotid` = '" . $thisbot 

*/

/* ====== test sql to see if works ====== */


$sql = "UPDATE robot SET 
admin = '".$admin."', 
user = '".$user."', 
name = '".$name."', 
description = '".$description."', 
location = '".$location."', 
type = '".$type."', 
access = '".$access."', 
online = '".$online."', 
image = '".$image."', 
ip = '".$ip."' 
WHERE robotid = '".$thisbot."'";

// xxxxxx

if ($admin==$_SESSION['uid'] ){

if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
$chng="Changed ";
}

echo "1 record added";
}elseif ($admin!=$_SESSION['uid'] ){

$_SESSION['changed'] = "You do not have permission to change this robot!";

}else{
$chng="Did not Change<br>You must enter an id number and select a column:<br>to change ";

}

$_SESSION['changed'] = $form_id . "/" . $form_col;
$_SESSION['changed'] = $form_id;


$_SESSION['message']= $chng .$_SESSION['changed'] . "/" . $form_col . " to [ " . $form_value . " ]<br>robot.robot.update";


$username=$_SESSION['username'];
$password=$_SESSION['password'];


$returnpage=$_SESSION['returnpage'];

mysqli_close($con);

$_SESSION['username']=$username;
$_SESSION['password']=$password;


if($_SESSION['returnpage']){
$_SESSION['message'].="<br>returnpage worked";
header( "Location: $returnpage" );
}else{
$_SESSION['message'].="<br>returnpage failed";

// header ( "Location: edit.robot.php" );
header ( "Location: robot.accesspanel.php" );

// edit.robot.php robot.accesspanel.php
}

/* ======== end of code ======== */


/* ====== 
==== database column headers ==== start

robot robot
id admin user name type access online ip
robot user
uid username password email favorites
users user
id username password email

==== database column headers ==== end
==== */

/* ====
UPDATE `hejni_robot`.`robot` SET `location` = 'mars' WHERE `robot`.`id` = 12054978, 

UPDATE `hejni_robot`.`robot` SET `description` = 'a scientific exploration robot' WHERE `robot`.`id` = 12054978;

=== creating a new record ==

INSERT INTO `hejni_robot`.`robot` (`id`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('987086352', '123456789', '12345678', 'Scoochi', 'undersea explorer', 'Atlantis', 'Sub', '123456789', 'Yes', '107.64.0.13');


=== deleting a record ==

DELETE FROM `hejni_robot`.`user` WHERE `user`.`uid` = 44563447;

DELETE FROM `hejni_robot`.`robot` WHERE `user`.`id` = 44563447;


$sql="INSERT INTO robot (`id`, `admin`, `user`, `name`, `description`, `location`, `type`, `access`, `online`, `ip`) VALUES ('$id', '$admin', '$user', '$name', '$description', '$location', '$type', '$access', '$online', '$ip')";


UPDATE `hejni_robot`.`robot` SET table_to_update.col1 = table_info.col1
WHERE 
table_to_update.ID = table_info.ID, table_to_update.col2 = table_info.col2 

====== */


/*

string fbsql_username ( resource $link_identifier [, string $username ] );

*/
?>