Location: PHPKode > projects > GeekDDB > geekddb/public_html/form.php
<?php

// LICENSE

/* Changes

Move over to building display variable instead of echo
changed to php 4.0 variable ($_GET, $_POST) 
changed echo to concacanate $content variable

*/

# this is only required till we stop symbolic linking our development version
# in production it can be a relative link ../../lib-common.php

require_once('lib-common.php');

// include config, functions, common, check_table and header

/* commented out till we sort out the permissions issues
//*** fixed bug in block below ($content changed to $display)

if (!SEC_hasRights('geekddb.edit','geekddb.view','OR')) {
    // Someone is trying to illegally access this page
    COM_errorLog("Someone has tried to illegally access the geekddb Search page.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: $REMOTE_ADDR",1);
    $display = COM_siteHeader();
    $display .=  COM_startBlock($LANG_DB00['access_denied']);
    $display .=  $LANG_DB00['access_denied_msg'];
    $display .=  COM_endBlock();
    $display .=  COM_siteFooter(true);
    echo $display;
    exit;
}
// end temp comment */


include ($_CONF['path'] . 'plugins/geekddb/config.php');
include ($_CONF['path'] . 'plugins/geekddb/functions.php');
include ($_CONF['path'] . 'plugins/geekddb/common.php');
//include ($_CONF['path'] . 'plugins/geekddb/templates/header.php');
include ($_CONF['path'] . "plugins/geekddb/check_table.php");

// HTTP Variables:
/***************** GET ***************************
$form_type
	(insert,search)
	from index.php
$sql
	contains the where clause, without limit and order e.g. "where field = 'value'" (all url encoded)
	from the form or from the navigation buttons 
$page
	the actual page in records results
	from form.php (from the search form or from the navigation tool), from 0......n
$order
	the field used to order the form
$function
	the function: search/update/insert/update......
***************************************************/
if (isset($_GET["form_type"])){
	$form_type = $_GET["form_type"];
} // end if

if (isset($_GET["sql"])){
	$sql = stripslashes($_GET["sql"]);
} // end if

if (isset($_GET["page"])){
	$page = $_GET["page"];
} // end if
else{
	$page = "";
} // end else

if (isset($_GET["order"])){
	$order = stripslashes($_GET["order"]);
} // end 
else{	
	$order = "";
} // end else

if (isset($_GET["function"])){ // from the homepage
	$function = $_GET["function"];
} // end 
else{
	if (isset($_POST["function"])){
		$function = $_POST["function"];
	} // end if
	else{
		$function = "";
	} // end else
} // end else

/***************** POST ***************************
All the variables of the form
	from form.php
$where
	the where clause of delete and edit
	form form.php
$delete_sure
	set to 1 if the user is sure to delete a record
	from form.php
$insert_duplication
	set to 1 if the user want to insert anyway, even if duplication are possible.
***************************************************/

if (isset($_POST["where_field"])){
	$where_field = $_POST["where_field"];
} // end if
else{
	$where_field = "";
} // end else

if (isset($_POST["where_value"])){
	$where_value = $_POST["where_value"];
} // end if
else{
	$where_value = "";
} // end else

if (isset($_POST["delete_sure"])){
	$delete_sure = $_POST["delete_sure"];
} // end if
else{
	$delete_sure = "";
} // end else

if (isset($_POST["insert_duplication"])){
	$insert_duplication = $_POST["insert_duplication"];
} // end if
else{
	$insert_duplication = "";
} // end else

$action = "form.php";

// get the array containg label ant other information about the fields
$fields_labels_ar = build_fields_labels_array($conn, $table_name, $table_internal_name, "1");


switch($function){
	case "insert":
		if ($enable_insert == "1") {
			if ($insert_duplication != "1"){ // otherwise would be checked for two times
				// check values
				$check = 0;
				$check = check_required_fields($_POST, $fields_labels_ar);
				if ($check == 0){
					$message .= display_message ($LANG_DB01['required_fields_missed'], "", "", "");
				} // end if ($check == 0)
				else{ // required fields are ok
					// check textarea length
					$check = 0;
					$check = check_length_fields($_POST, $fields_labels_ar);
					if ($check == 0){
						$message .= display_message ($LANG_DB01['fields_max_length'], "", "", "");
					} // end if ($check == 0)
					else{ // fields length are ok
						$check = 0;
						$content_error_type = "";
						$check = check_fields_types($_POST, $fields_labels_ar, $content_error_type);
						if ($check == 0){
							$message .= display_message ($LANG_DB01['{$content_error_type}_not_valid'], "", "", "");
						} // end if ($check == 0)
						else{ // type field are ok
							$check = 0;
							$check = write_uploaded_files($HTTP_POST_FILES, $fields_labels_ar);
							if ($check == 0){
								//Need to add the reason why the upload failed: file too large, improper filename (such as a .php file), or the file couldn't be found.
								$message .= display_message ($LANG_DB03['upload_error'], "", "", "");
							} // end if ($check == 0)
							else{ // uploaded files are ok
								// check for duplicated insert in the database
								$sql = build_select_duplicated_query($_POST, $conn, $db_name, $table_name, $fields_labels_ar, $string1_similar_ar, $string2_similar_ar);

								if ($sql != ""){ // if there are some duplication
								$message .= display_message ("<h3>".$LANG_DB01['duplication_possible']."</h3>", "", "", "");
									if ($display_is_similar == 1){
										for ($i=0; $i<count($string1_similar_ar); $i++){
											$message .= display_message ("<br>","","","");
											$message .= display_message ($LANG_DB01['i_think_that'],"","","");
											$message .= display_message ($string1_similar_ar[$i],"","","1");
											$message .= display_message ($LANG_DB01['is_similar_to'],"","","");
											$message .= display_message ($string2_similar_ar[$i],"","","1");
										} // end for
									} // end if ($display_is_similar == 1)						
									
									display_sql($sql);

									// execute the select query
									$res_contacts = execute_db("$sql", $conn);

									$results_type = "possible_duplication";
									$select_without_limit = ""; // I don't need it here, I've just a fixed number of results.

									$results_table = build_results_table($conn, $db_name, $table_name, $table_internal_name, $res_contacts, $results_type, "", "", $action, $select_without_limit, "", "");

									$message .= display_message  ($LANG_DB01['similar_records'], "", "", "");

									$insert_duplication_form = build_insert_duplication_form($_POST, $conn, $table_name, $table_internal_name);

									$content .= $insert_duplication_form;
									$content .= $results_table;
								} // end if
								else{ // no duplication
									// insert a new record
									insert_record($HTTP_POST_FILES, $_POST, $conn, $db_name, $table_name, $table_internal_name);
									
									$message .= display_message ("<p>".$LANG_DB01['insert_result'], "", "", "");
									$message .= display_message ($LANG_DB01['record_inserted'], "", "", "1");
									$message .= display_message ("<h3>".$LANG_DB01['insert_record']."</h3>", "", "", "1");

									$form_type = "insert";
									 
									$res_details = "";

									// re-get the array containg label ant other information about the fields, could be changed in the insert (other choices......)
									$fields_labels_ar = build_fields_labels_array($conn, $table_name, $table_internal_name, "1");

									// display the form
									$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
									$content .= $form;
								} // end else
							} // end else
						} // end else
					} // end else
				} // end else
			} // end if ($insert_duplication != "1")

			else{  // $insert_duplication == "1"
				
				// insert a new record
				insert_record($HTTP_POST_FILES, $_POST, $conn, $db_name, $table_name, $table_internal_name);

				$message .= display_message ("<p>".$LANG_DB01['insert_result'], "", "", "");
				$message .= display_message ($LANG_DB01['record_inserted'], "", "", "1");
				$message .= display_message ("<h3>".$LANG_DB01['insert_record']."</h3>", "", "", "1");

				$form_type = "insert";
				$res_details = "";

				// re-get the array containg label ant other information about the fields, could be changed in the insert (other choices......)
				$fields_labels_ar = build_fields_labels_array($conn, $table_name, $table_internal_name, "1");


				// display the form
				$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
				$content .= $form;
				
			} // end else
		} // end if
		break;
	case "search":
		// build the select query
		if (!isset($sql)){ // otherwise we have the $sql from navigation buttons 1 2 3 etc
            $select_without_limit = build_select_query($_POST, $conn, $db_name, $table_name, $table_internal_name, $records_per_page, $page);
        } // end if
        else{
			$select_without_limit = "select * from ".$quote."$table_name".$quote."";
			if ($sql != ""){
				$select_without_limit .= $sql;
			} // end if
        } // end else

		$sql = $select_without_limit;

		if ($order != ""){
			$sql .= " order by ".$quote.$order.$quote;
		} // end if
		
		// execute the select without limit query to get the number of results
		$res_contacts_without_limit = execute_db("$select_without_limit", $conn);

		$results_number = get_num_rows_db($res_contacts_without_limit); // get the number of results
		
		// add limit clause
		$sql .= " limit ".$page*$records_per_page." , ".$records_per_page; // if the user want to move throught pages it isn't necessary to build the first part of the sql query

		display_sql($sql);		

		// execute the select query
		$res_contacts = execute_db("$sql", $conn);

		if ($results_number != 0){ // at least one record found
		
			$message .= display_message ("<br>$results_number ".$LANG_DB01['records_found'], "", "", "1");

			if ($results_number > $records_per_page){

				$pages_number = get_pages_number($results_number, $records_per_page); // get the total number of pages

				$message .= display_message  ("<br>".$LANG_DB01['page'].($page+1).$LANG_DB01['of'].$pages_number, "", "", ""); // "Page n of x" statement

				// build the navigation tool
				$navigation_tool = build_navigation_tool($select_without_limit, $pages_number, $page, $action, "", $order);

				// display the navigation tool
				$content .= "&nbsp;&nbsp;&nbsp;&nbsp;".$navigation_tool."<br><br>";
			} // end if ($results_number > $records_per_page)

			$results_type = "search";

			// build the HTML results table
			$results_table = build_results_table($conn, $db_name, $table_name, $table_internal_name, $res_contacts, $results_type, "", "", $action, $select_without_limit, $page, $order);
			
			// display the HTML results table
			$content .= $results_table;

            if ($mail_feature == 1){ // e-mail feature activeated
                // $send_email_form = build_send_mail_form($select_without_limit);
                // $message .= display_message ("<br><table><tr><td>$send_email_form</td><td valign=\"top\">".$LANG_DB01['mail_to_records']."</td></tr></table>", "", "", "");

				$sql = "select name_mailing from mailing_tab where sent_mailing = '0' order by date_created_mailing desc";
				
				// execute the query
				$res_mailing = execute_db("$sql", $conn);
				if (get_num_rows_db($res_mailing) > 0){ // at least one mailing created
					$add_to_mailing_form = build_add_to_mailing_form($conn, $db_name, $res_mailing, $select_without_limit, $results_number);
					$message .= display_message ("<br><table><tr><td>$add_to_mailing_form</td><td valign=\"top\">".$LANG_DB01['all_records_found']."</td></tr></table>", "", "", "");
				} // end if
            } // end if
		} // end if
		else{
			$message .= display_message ($LANG_DB01['no_records_found'], "", "", "");
		} // end else


		break;
	case "details":
		if ($enable_details == "1"){
			// build the details select query
			$sql = "select * from ".$quote."$table_name".$quote." where ".$quote."$where_field".$quote." = '$where_value'";

			display_sql($sql);

			$message .= display_message ("<h3>".$LANG_DB01['details_of_record']."</h3>", "", "", "");

			// execute the select query
			$res_details = execute_db("$sql", $conn);
			
			// build the HTML details table
			$details_table = build_details_table($conn, $db_name, $table_name, $table_internal_name, $res_details);
			
			// display the HTML details table
			$content .= $details_table;
		} // end if
		break;
	case "edit":
		if ($enable_edit == "1"){
			// build the details select query
			$sql = "select * from ".$quote."$table_name".$quote." where ".$quote."$where_field".$quote." = '$where_value'";

			display_sql($sql);

			$message .= display_message ("<h3>".$LANG_DB01['edit_record']."</h3>", "", "", "");

			// execute the select query
			$res_details = execute_db("$sql", $conn);
			
			$form_type = "update";

			// display the form
			$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
			$content .= $form;
		} // end if
		break;
	case "update":
		if ($enable_edit == "1"){
			$check = 0;
			$check = check_required_fields($_POST, $fields_labels_ar);
			if ($check == 0){
				$message .= display_message ($LANG_DB01['required_fields_missed'], "", "", "");
			} // end if ($check == 0)
			else{ // required fields are ok
				// check textarea length
				$check = 0;
				$check = check_length_fields($_POST, $fields_labels_ar);
				if ($check == 0){
					$message .= display_message ($LANG_DB01['fields_max_length'], "", "", "");
				} // end if ($check == 0)
				else{ // fields length are ok
					$check = 0;
					$content_error_type = "";
					$check = check_fields_types($_POST, $fields_labels_ar, $content_error_type);
					if ($check == 0){
						$message .= display_message ($LANG_DB01['{$content_error_type}_not_valid'], "", "", "");
						$go_back_button = "<form>".$LANG_DB01['please']." <input type=\"button\" value=\"".$LANG_DB02['go_back']."\" onclick=\"javascript:history.back(-1)\"> ".$LANG_DB01['and_check_form']."</form>";
						$message .= display_message ($go_back_button, "", "", "");

					} // end if ($check == 0)
					else{ // type field are ok
						$check = 0;
						$check = write_uploaded_files($HTTP_POST_FILES, $fields_labels_ar);
						if ($check == 0){
							//Need to add the reason why the upload failed: file too large, improper filename (such as a .php file), or the file couldn't be found.
							$message .= display_message ($LANG_DB03['upload_error'], "", "", "");
						}
						else { // filed uploaded are ok

							$update_type = "internal";
							
							// update the record
							update_record($HTTP_POST_FILES, $_POST, $conn, $db_name, $table_name, $table_internal_name, $where_field, $where_value, $update_type);

							$message .= display_message ("<h3>".$LANG_DB01['update_result']."</h3>", "", "", "");
							$message .= display_message ("<p>".$LANG_DB01['record_updated']."</p>", "", "", "1");
						} // end else
					} // end else
				} // end else
			} // end else
		} // end if
		break;
	case "delete":
		if ($enable_delete == "1") {
			if ($delete_sure == "1"){ // the user has  answered yes to the question "Are you sure?"
				// delete a record
				delete_record ($conn, $db_name, $table_name, $where_field, $where_value);
				$message .= display_message ("<h3>".$LANG_DB01['delete_result']."</h3>", "", "", "");
				$message .= display_message ("<p>".$LANG_DB01['record_deleted']."</p>", "", "", "1");
			} // end if
			else{ // the user hasn't already answered to the question
				// display "Are you sure?" confirmation
				$message .= display_message ($LANG_DB01['delete_are_you_sure'], "", "", "");
				$are_you_sure_form = build_are_you_sure_form($where_field, $where_value, $conn, $db_name,  $table_name, $table_internal_name);
				$content .= $are_you_sure_form;
			} // end else
		} // end if
		break; 
	default:
		if (isset($form_type)){
			if ($form_type == "insert"){
				if ($enable_insert == "1") {
					$message .= display_message ("<h3>".$LANG_DB01['insert_record']."</h3>", "", "", "");
					if (required_field_present($conn, $table_name, $table_internal_name)){ // at least one required field
						$message .= display_message ("<p>".$LANG_DB01['required_fields_red']."</p>", "", "", "1");
					} // end if
				} // end if
			} // end if
			else{
				$message .= display_message ("<h3>".$LANG_DB01['search_records']."</h3>", "", "", "");
			} // end else
			$res_details = "";
			// display the form
			$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
			$content .= $form;
		} // end if
		else{
			$message .= display_message ($LANG_DB03['no_functions'], "", "", "");
		} // end else
		break;
} // end swtich ($function)

// include footer
//include ($_CONF['path'] . 'plugins/geekddb/templates/footer.php');

/***
* build link toolbar
*/

$gddb_access = gddb_access($table_name);

$link_toolbar = "<a href=\"index.php?table_name=$table_name\">Home</a> | ";
if (($enable_insert == "1") && ($gddb_access['edit'])) {
    $link_toolbar .= "<a href=\"form.php?form_type=insert&table_name=$table_name\">Insert</a> | ";
}
    $link_toolbar .= "<a href=\"form.php?form_type=search&table_name=$table_name\">Search | ";
    $link_toolbar .= "<a href=\"form.php?function=search&sql=&page=0&table_name=$table_name\">Show All";


/*** DEV debugging printout
$debug_msg = "<PRE>
Table name:     $table_name
User ID:        $_USER[uid]
Username:       $_USER[username]

enable edit:    $enable_edit
enable insert:  $enable_insert
enable delete:  $enable_delete
enable details: $enable_details
Read:           $gddb_access[read]
Edit:           $gddb_access[edit]

</PRE>";

$content .= $debug_msg;
//echo print_r($_POST);
// end debugging */




/**
* Main 
*/

$display = COM_siteHeader();
$T = new Template($_CONF['path'] . 'plugins/geekddb/templates');
$T->set_file('form', 'form.thtml');
$T->set_var('site_url',$_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
//$T->set_var('header', $LANG_DB00['admin']);
$T->set_var('header', "$table_name");
$T->set_var('plugin','geekddb');

$T->set_var('content',"$content");
$T->set_var('message',"$message");
$T->set_var('link_toolbar',"$link_toolbar");

$T->parse('output','form');
$display .=  $T->finish($T->get_var('output'));
$display .=  COM_siteFooter(true);

echo $display;

?>
Return current item: GeekDDB