<?php
// LICENSE
/* Changes
Move over to building display variable instead of echo
changed to php 4.0 variable ($_GET, $_POST)
changed echo to concacanate $content variable
*/
# this is only required till we stop symbolic linking our development version
# in production it can be a relative link ../../lib-common.php
require_once('lib-common.php');
// include config, functions, common, check_table and header
/* commented out till we sort out the permissions issues
//*** fixed bug in block below ($content changed to $display)
if (!SEC_hasRights('geekddb.edit','geekddb.view','OR')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the geekddb Search page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: $REMOTE_ADDR",1);
$display = COM_siteHeader();
$display .= COM_startBlock($LANG_DB00['access_denied']);
$display .= $LANG_DB00['access_denied_msg'];
$display .= COM_endBlock();
$display .= COM_siteFooter(true);
echo $display;
exit;
}
// end temp comment */
include ($_CONF['path'] . 'plugins/geekddb/config.php');
include ($_CONF['path'] . 'plugins/geekddb/functions.php');
include ($_CONF['path'] . 'plugins/geekddb/common.php');
//include ($_CONF['path'] . 'plugins/geekddb/templates/header.php');
include ($_CONF['path'] . "plugins/geekddb/check_table.php");
// HTTP Variables:
/***************** GET ***************************
$form_type
(insert,search)
from index.php
$sql
contains the where clause, without limit and order e.g. "where field = 'value'" (all url encoded)
from the form or from the navigation buttons
$page
the actual page in records results
from form.php (from the search form or from the navigation tool), from 0......n
$order
the field used to order the form
$function
the function: search/update/insert/update......
***************************************************/
if (isset($_GET["form_type"])){
$form_type = $_GET["form_type"];
} // end if
if (isset($_GET["sql"])){
$sql = stripslashes($_GET["sql"]);
} // end if
if (isset($_GET["page"])){
$page = $_GET["page"];
} // end if
else{
$page = "";
} // end else
if (isset($_GET["order"])){
$order = stripslashes($_GET["order"]);
} // end
else{
$order = "";
} // end else
if (isset($_GET["function"])){ // from the homepage
$function = $_GET["function"];
} // end
else{
if (isset($_POST["function"])){
$function = $_POST["function"];
} // end if
else{
$function = "";
} // end else
} // end else
/***************** POST ***************************
All the variables of the form
from form.php
$where
the where clause of delete and edit
form form.php
$delete_sure
set to 1 if the user is sure to delete a record
from form.php
$insert_duplication
set to 1 if the user want to insert anyway, even if duplication are possible.
***************************************************/
if (isset($_POST["where_field"])){
$where_field = $_POST["where_field"];
} // end if
else{
$where_field = "";
} // end else
if (isset($_POST["where_value"])){
$where_value = $_POST["where_value"];
} // end if
else{
$where_value = "";
} // end else
if (isset($_POST["delete_sure"])){
$delete_sure = $_POST["delete_sure"];
} // end if
else{
$delete_sure = "";
} // end else
if (isset($_POST["insert_duplication"])){
$insert_duplication = $_POST["insert_duplication"];
} // end if
else{
$insert_duplication = "";
} // end else
$action = "form.php";
// get the array containg label ant other information about the fields
$fields_labels_ar = build_fields_labels_array($conn, $table_name, $table_internal_name, "1");
switch($function){
case "insert":
if ($enable_insert == "1") {
if ($insert_duplication != "1"){ // otherwise would be checked for two times
// check values
$check = 0;
$check = check_required_fields($_POST, $fields_labels_ar);
if ($check == 0){
$message .= display_message ($LANG_DB01['required_fields_missed'], "", "", "");
} // end if ($check == 0)
else{ // required fields are ok
// check textarea length
$check = 0;
$check = check_length_fields($_POST, $fields_labels_ar);
if ($check == 0){
$message .= display_message ($LANG_DB01['fields_max_length'], "", "", "");
} // end if ($check == 0)
else{ // fields length are ok
$check = 0;
$content_error_type = "";
$check = check_fields_types($_POST, $fields_labels_ar, $content_error_type);
if ($check == 0){
$message .= display_message ($LANG_DB01['{$content_error_type}_not_valid'], "", "", "");
} // end if ($check == 0)
else{ // type field are ok
$check = 0;
$check = write_uploaded_files($HTTP_POST_FILES, $fields_labels_ar);
if ($check == 0){
//Need to add the reason why the upload failed: file too large, improper filename (such as a .php file), or the file couldn't be found.
$message .= display_message ($LANG_DB03['upload_error'], "", "", "");
} // end if ($check == 0)
else{ // uploaded files are ok
// check for duplicated insert in the database
$sql = build_select_duplicated_query($_POST, $conn, $db_name, $table_name, $fields_labels_ar, $string1_similar_ar, $string2_similar_ar);
if ($sql != ""){ // if there are some duplication
$message .= display_message ("<h3>".$LANG_DB01['duplication_possible']."</h3>", "", "", "");
if ($display_is_similar == 1){
for ($i=0; $i<count($string1_similar_ar); $i++){
$message .= display_message ("<br>","","","");
$message .= display_message ($LANG_DB01['i_think_that'],"","","");
$message .= display_message ($string1_similar_ar[$i],"","","1");
$message .= display_message ($LANG_DB01['is_similar_to'],"","","");
$message .= display_message ($string2_similar_ar[$i],"","","1");
} // end for
} // end if ($display_is_similar == 1)
display_sql($sql);
// execute the select query
$res_contacts = execute_db("$sql", $conn);
$results_type = "possible_duplication";
$select_without_limit = ""; // I don't need it here, I've just a fixed number of results.
$results_table = build_results_table($conn, $db_name, $table_name, $table_internal_name, $res_contacts, $results_type, "", "", $action, $select_without_limit, "", "");
$message .= display_message ($LANG_DB01['similar_records'], "", "", "");
$insert_duplication_form = build_insert_duplication_form($_POST, $conn, $table_name, $table_internal_name);
$content .= $insert_duplication_form;
$content .= $results_table;
} // end if
else{ // no duplication
// insert a new record
insert_record($HTTP_POST_FILES, $_POST, $conn, $db_name, $table_name, $table_internal_name);
$message .= display_message ("<p>".$LANG_DB01['insert_result'], "", "", "");
$message .= display_message ($LANG_DB01['record_inserted'], "", "", "1");
$message .= display_message ("<h3>".$LANG_DB01['insert_record']."</h3>", "", "", "1");
$form_type = "insert";
$res_details = "";
// re-get the array containg label ant other information about the fields, could be changed in the insert (other choices......)
$fields_labels_ar = build_fields_labels_array($conn, $table_name, $table_internal_name, "1");
// display the form
$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
$content .= $form;
} // end else
} // end else
} // end else
} // end else
} // end else
} // end if ($insert_duplication != "1")
else{ // $insert_duplication == "1"
// insert a new record
insert_record($HTTP_POST_FILES, $_POST, $conn, $db_name, $table_name, $table_internal_name);
$message .= display_message ("<p>".$LANG_DB01['insert_result'], "", "", "");
$message .= display_message ($LANG_DB01['record_inserted'], "", "", "1");
$message .= display_message ("<h3>".$LANG_DB01['insert_record']."</h3>", "", "", "1");
$form_type = "insert";
$res_details = "";
// re-get the array containg label ant other information about the fields, could be changed in the insert (other choices......)
$fields_labels_ar = build_fields_labels_array($conn, $table_name, $table_internal_name, "1");
// display the form
$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
$content .= $form;
} // end else
} // end if
break;
case "search":
// build the select query
if (!isset($sql)){ // otherwise we have the $sql from navigation buttons 1 2 3 etc
$select_without_limit = build_select_query($_POST, $conn, $db_name, $table_name, $table_internal_name, $records_per_page, $page);
} // end if
else{
$select_without_limit = "select * from ".$quote."$table_name".$quote."";
if ($sql != ""){
$select_without_limit .= $sql;
} // end if
} // end else
$sql = $select_without_limit;
if ($order != ""){
$sql .= " order by ".$quote.$order.$quote;
} // end if
// execute the select without limit query to get the number of results
$res_contacts_without_limit = execute_db("$select_without_limit", $conn);
$results_number = get_num_rows_db($res_contacts_without_limit); // get the number of results
// add limit clause
$sql .= " limit ".$page*$records_per_page." , ".$records_per_page; // if the user want to move throught pages it isn't necessary to build the first part of the sql query
display_sql($sql);
// execute the select query
$res_contacts = execute_db("$sql", $conn);
if ($results_number != 0){ // at least one record found
$message .= display_message ("<br>$results_number ".$LANG_DB01['records_found'], "", "", "1");
if ($results_number > $records_per_page){
$pages_number = get_pages_number($results_number, $records_per_page); // get the total number of pages
$message .= display_message ("<br>".$LANG_DB01['page'].($page+1).$LANG_DB01['of'].$pages_number, "", "", ""); // "Page n of x" statement
// build the navigation tool
$navigation_tool = build_navigation_tool($select_without_limit, $pages_number, $page, $action, "", $order);
// display the navigation tool
$content .= " ".$navigation_tool."<br><br>";
} // end if ($results_number > $records_per_page)
$results_type = "search";
// build the HTML results table
$results_table = build_results_table($conn, $db_name, $table_name, $table_internal_name, $res_contacts, $results_type, "", "", $action, $select_without_limit, $page, $order);
// display the HTML results table
$content .= $results_table;
if ($mail_feature == 1){ // e-mail feature activeated
// $send_email_form = build_send_mail_form($select_without_limit);
// $message .= display_message ("<br><table><tr><td>$send_email_form</td><td valign=\"top\">".$LANG_DB01['mail_to_records']."</td></tr></table>", "", "", "");
$sql = "select name_mailing from mailing_tab where sent_mailing = '0' order by date_created_mailing desc";
// execute the query
$res_mailing = execute_db("$sql", $conn);
if (get_num_rows_db($res_mailing) > 0){ // at least one mailing created
$add_to_mailing_form = build_add_to_mailing_form($conn, $db_name, $res_mailing, $select_without_limit, $results_number);
$message .= display_message ("<br><table><tr><td>$add_to_mailing_form</td><td valign=\"top\">".$LANG_DB01['all_records_found']."</td></tr></table>", "", "", "");
} // end if
} // end if
} // end if
else{
$message .= display_message ($LANG_DB01['no_records_found'], "", "", "");
} // end else
break;
case "details":
if ($enable_details == "1"){
// build the details select query
$sql = "select * from ".$quote."$table_name".$quote." where ".$quote."$where_field".$quote." = '$where_value'";
display_sql($sql);
$message .= display_message ("<h3>".$LANG_DB01['details_of_record']."</h3>", "", "", "");
// execute the select query
$res_details = execute_db("$sql", $conn);
// build the HTML details table
$details_table = build_details_table($conn, $db_name, $table_name, $table_internal_name, $res_details);
// display the HTML details table
$content .= $details_table;
} // end if
break;
case "edit":
if ($enable_edit == "1"){
// build the details select query
$sql = "select * from ".$quote."$table_name".$quote." where ".$quote."$where_field".$quote." = '$where_value'";
display_sql($sql);
$message .= display_message ("<h3>".$LANG_DB01['edit_record']."</h3>", "", "", "");
// execute the select query
$res_details = execute_db("$sql", $conn);
$form_type = "update";
// display the form
$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
$content .= $form;
} // end if
break;
case "update":
if ($enable_edit == "1"){
$check = 0;
$check = check_required_fields($_POST, $fields_labels_ar);
if ($check == 0){
$message .= display_message ($LANG_DB01['required_fields_missed'], "", "", "");
} // end if ($check == 0)
else{ // required fields are ok
// check textarea length
$check = 0;
$check = check_length_fields($_POST, $fields_labels_ar);
if ($check == 0){
$message .= display_message ($LANG_DB01['fields_max_length'], "", "", "");
} // end if ($check == 0)
else{ // fields length are ok
$check = 0;
$content_error_type = "";
$check = check_fields_types($_POST, $fields_labels_ar, $content_error_type);
if ($check == 0){
$message .= display_message ($LANG_DB01['{$content_error_type}_not_valid'], "", "", "");
$go_back_button = "<form>".$LANG_DB01['please']." <input type=\"button\" value=\"".$LANG_DB02['go_back']."\" onclick=\"javascript:history.back(-1)\"> ".$LANG_DB01['and_check_form']."</form>";
$message .= display_message ($go_back_button, "", "", "");
} // end if ($check == 0)
else{ // type field are ok
$check = 0;
$check = write_uploaded_files($HTTP_POST_FILES, $fields_labels_ar);
if ($check == 0){
//Need to add the reason why the upload failed: file too large, improper filename (such as a .php file), or the file couldn't be found.
$message .= display_message ($LANG_DB03['upload_error'], "", "", "");
}
else { // filed uploaded are ok
$update_type = "internal";
// update the record
update_record($HTTP_POST_FILES, $_POST, $conn, $db_name, $table_name, $table_internal_name, $where_field, $where_value, $update_type);
$message .= display_message ("<h3>".$LANG_DB01['update_result']."</h3>", "", "", "");
$message .= display_message ("<p>".$LANG_DB01['record_updated']."</p>", "", "", "1");
} // end else
} // end else
} // end else
} // end else
} // end if
break;
case "delete":
if ($enable_delete == "1") {
if ($delete_sure == "1"){ // the user has answered yes to the question "Are you sure?"
// delete a record
delete_record ($conn, $db_name, $table_name, $where_field, $where_value);
$message .= display_message ("<h3>".$LANG_DB01['delete_result']."</h3>", "", "", "");
$message .= display_message ("<p>".$LANG_DB01['record_deleted']."</p>", "", "", "1");
} // end if
else{ // the user hasn't already answered to the question
// display "Are you sure?" confirmation
$message .= display_message ($LANG_DB01['delete_are_you_sure'], "", "", "");
$are_you_sure_form = build_are_you_sure_form($where_field, $where_value, $conn, $db_name, $table_name, $table_internal_name);
$content .= $are_you_sure_form;
} // end else
} // end if
break;
default:
if (isset($form_type)){
if ($form_type == "insert"){
if ($enable_insert == "1") {
$message .= display_message ("<h3>".$LANG_DB01['insert_record']."</h3>", "", "", "");
if (required_field_present($conn, $table_name, $table_internal_name)){ // at least one required field
$message .= display_message ("<p>".$LANG_DB01['required_fields_red']."</p>", "", "", "1");
} // end if
} // end if
} // end if
else{
$message .= display_message ("<h3>".$LANG_DB01['search_records']."</h3>", "", "", "");
} // end else
$res_details = "";
// display the form
$form = build_form($action, $fields_labels_ar, $form_type, $res_details, $where_field, $where_value, $conn);
$content .= $form;
} // end if
else{
$message .= display_message ($LANG_DB03['no_functions'], "", "", "");
} // end else
break;
} // end swtich ($function)
// include footer
//include ($_CONF['path'] . 'plugins/geekddb/templates/footer.php');
/***
* build link toolbar
*/
$gddb_access = gddb_access($table_name);
$link_toolbar = "<a href=\"index.php?table_name=$table_name\">Home</a> | ";
if (($enable_insert == "1") && ($gddb_access['edit'])) {
$link_toolbar .= "<a href=\"form.php?form_type=insert&table_name=$table_name\">Insert</a> | ";
}
$link_toolbar .= "<a href=\"form.php?form_type=search&table_name=$table_name\">Search | ";
$link_toolbar .= "<a href=\"form.php?function=search&sql=&page=0&table_name=$table_name\">Show All";
/*** DEV debugging printout
$debug_msg = "<PRE>
Table name: $table_name
User ID: $_USER[uid]
Username: $_USER[username]
enable edit: $enable_edit
enable insert: $enable_insert
enable delete: $enable_delete
enable details: $enable_details
Read: $gddb_access[read]
Edit: $gddb_access[edit]
</PRE>";
$content .= $debug_msg;
//echo print_r($_POST);
// end debugging */
/**
* Main
*/
$display = COM_siteHeader();
$T = new Template($_CONF['path'] . 'plugins/geekddb/templates');
$T->set_file('form', 'form.thtml');
$T->set_var('site_url',$_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
//$T->set_var('header', $LANG_DB00['admin']);
$T->set_var('header', "$table_name");
$T->set_var('plugin','geekddb');
$T->set_var('content',"$content");
$T->set_var('message',"$message");
$T->set_var('link_toolbar',"$link_toolbar");
$T->parse('output','form');
$display .= $T->finish($T->get_var('output'));
$display .= COM_siteFooter(true);
echo $display;
?>