<?php
include("common_db.php");
include("functions.php");
dbconnect($host, $username, $password) or die("Couldn't connect to $host");
$strings = loadStrings($lang, 'FORM');
headers();
html();
head($strings['FORM_TITLE'], array('xhr/create-xhr.php?target=\'xhr/get-data.php?action=tl-ops\'%2BString.fromCharCode(38)%2B\'db=\'%2Bindb&caller=reloadTables&tid=tbl&tfunc=clearElem(\'tbl\');'));
menu();
navpane();
echo('<div id="mainpane">');
if(isset($_REQUEST['database'])) {
$db = $_REQUEST['database'];
} else {
//Check the session
if($_SESSION['current_db'] != '') {
$db = mysql_real_escape_string($_SESSION['current_db']);
} else {
//We don't know which database they want. We'll give them a "which database and table?" form
printRequestForm('form.php');
}
}
if(isset($_REQUEST['table'])) {
$table = $tbl = mysql_real_escape_string($_REQUEST['table']);
} else {
//we don't know the table, so we'll reuse the same code that we use if
//the database is unknown, EXCEPT we'll preselect the selected database
//(we do know the database, because the execution wouldn't have got to
//here)
printRequestForm('form.php',$db); //dead end, of course, as pRF never returns
}
//If execution has come this far, then we know the table and the database
//We now check what the primary key of this table is. If there isn't one, we die with an app-
//ropriate error.
$sql = "DESCRIBE `$db`.`$table`";
$fields = mysql_query($sql);
while($r = mysql_fetch_array($fields)) {
if($r[3] == 'PRI') {
//this is the primary key
$pk = $r[0];
}
}
if(!isset($pk)) {
//no primary key
printError($strings['FORM_NOPK']);
}
//The $record_number variable holds the value of the current record being displayed. If it
//is the record number of a new entry, then the record number will be
//'current_number_of_records' + 1.
//This section is a bit nasty, particularly if there's no primary key, or there's a non-integer
//primary key.
if(isset($_REQUEST['number'])) {
$record_number = intval($_REQUEST['number']);
} else {
$record_number = 1; //assume record 1
}
//The $save_type variable will contain either the value "insert" or the value "save", to
//indicate whether a new entry is being saved or the changes to an already existing entry are
//being saved respectively.
if(isset($_REQUEST['save_type'])) {
$save_type = $_REQUEST['save_type'];
} else {
$save_type = ''; //not saving anything
}
//Select the current database
mysql_select_db($db) or printError(sprintf($strings['FORM_ERR_UNABLETOSELECTDB'], $db, mysql_error()));
//If $save_type != '', then either a new record is being inserted or the updates to an already
//existing record are being saved.
if($save_type != '' && ($_SESSION['session_user_status'] == 'admin' || $_SESSION['session_user_status'] == 'normal')) {
$i=0;
$j=0;
//Get the new values
while (list($lvar, $lvalue) = each($_REQUEST)) {
if (ereg("^field", $lvar)) {
$save_values[$i] = "'" . mysql_real_escape_string($lvalue) . "'";
$i++;
}
}
//and the primary key, which is stored in $pk and $number
$i=0;
if($save_type == 'insert') {
$insert_query_values = implode(",", $save_values);
$insert_query = "INSERT INTO `$tbl` VALUES($insert_query_values)";
mysql_query($insert_query);
} else {
$describe_query = "DESCRIBE `$tbl`";
($describe_result = mysql_query($describe_query)) or die("Describe query unsuccesful");
$i=0;
while($row = mysql_fetch_array($describe_result)) {
$current_field = $row['Field'];
$current_save_value = $save_values[$i];
$fields_to_save[$i] = "`$current_field`=$current_save_value";
$i++;
}
$save_conditions = implode(", ", $fields_to_save);
$update_query = "UPDATE `$tbl` SET $save_conditions WHERE `$pk` = '$record_number' LIMIT 1";
mysql_query($update_query) or printError(mysql_error());
}
}
$describe_query = "DESCRIBE `$tbl`";
($describe_result = mysql_query($describe_query)) or die("$describe_query query unsuccesful");
//See if this primary key already exists (i.e., we're viewing and existing record)
$sql = "SELECT * FROM `$tbl` WHERE `$pk` = '$record_number' LIMIT 1";
$result = mysql_query($sql);
if(mysql_num_rows($result) == 1) {
$data_row = mysql_fetch_array($result);
}
//Get the total number of records
$number_of_records = getRowCount($db, $tbl);
//Calculate the number of the previous, next and possible new records.
$previous_record_number = $record_number - 1;
$next_record_number = $record_number + 1;
$new_record_number = $number_of_records + 1;
//The following body of code prints out the 'Record |< < 'x' > >| >* of 'y' displayed
//at the top of the screen.
echo '<form class="rv">' . $strings['FORM_RECORD'];
echo '<a href="form.php?database=' . $db . '&table=' . $table . '&number' . '=1"><img src="images/arrow_first.gif" border="0" alt="' . $strings['FORM_ALT_1ST'] . '" title="' . $strings['FORM_TITLE_1ST'] . '" /></a>';
if($record_number != 1)
echo '<a href="form.php?database=' . $db . '&table=' . $table . '&number=' . $previous_record_number . '"><img src="images/arrow_previous.gif" border="0" alt="' . $strings['FORM_ALT_PREV'] . '" title="' . $strings['FORM_TITLE_PREV'] . '" /></a>';
else
echo '<img src="images/arrow_previous_gray.gif" border="0" title="' . $strings['FORM_TITLE_DPREV'] . '" alt="' . $strings['FORM_ALT_DPREV'] . '" />';
echo '<input type="text" name="record" value="' . $record_number . '" size="10" />';
if($record_number != $number_of_records)
echo '<a href="form.php?database=' . $db . '&table=' . $table . '&number=' . $next_record_number . '"><img src="images/arrow_next.gif" border="0" alt="' . $strings['FORM_ALT_NEXT'] . '" title="' . $strings['FORM_TITLE_NEXT'] . '" /></a>';
else
echo '<img src="images/arrow_next_gray.gif" border="0" alt="' . $strings['FORM_ALT_NEXT'] . '" title="' . $strings['FORM_TITLE_DNEXT'] . '" />';
echo '<a href="form.php?database=' . $db . '&table=' . $table . '&number=' . $number_of_records . '"><img src="images/arrow_last.gif" border="0" alt="' . $strings['FORM_ALT_LAST'] . '" title="' . $strings['FORM_TITLE_LAST'] . '" /></a>';
echo '<a href="form.php?database=' . $db . '&table=' . $table . '&number=' . $new_record_number . '"><img src="images/arrow_new_record.gif" border="0" alt="' . $strings['FORM_ALT_NEW'] . '" title="' . $strings['FORM_TITLE_NEW'] . '" /></a>';
printf("$strings[FORM_OF]</form>", $record_number > $number_of_records ? $record_number : $number_of_records);
$i=0;
echo '<form method="post" action="form.php" class="formform lblock">';
//If $record_number <= $number_of_records, then an already existing record is currently
//selected for viewing in the form. Display the contents of this record.
if(isset($data_row)) {
//Display the record
while($row = mysql_fetch_array($describe_result)) {
$current_field = $row['Field'];
echo '<label for="field' . $i . '">' . $current_field . ': ';
// <input type="text" name="field' . $i . '"
// value="' . $data_row[$i] . '" /></label>';
if($_SESSION['session_user_status'] == 'viewer') {
echo($data_row[$i]);
} else {
echo(generateInputField($row, "field$i", $data_row[$i]));
}
echo('</label>');
$i++;
}
//Will be passed on if the record is saved, to indicate an update of a record.
echo '<input type="hidden" name="save_type" value="update" />';
} else { //new entry
$i = 0;
while($row = mysql_fetch_array($describe_result)) {
$current_field = $row['Field'];
echo '<label for="field' . $i . '">' . $current_field . ': ';
if($_SESSION['session_user_status'] != 'viewer') {
echo(generateInputField($row,"field$i"));
//<input ' . (($_SESSION['session_user_status'] == 'admin' || $_SESSION['session_user_status'] == 'viewer') ? ' disable="disabled"' : '' ) . ' type="text" name="field ' . $i . '" />
}
echo '</label>';
$i++;
}
//Will be passed on if the record is saved, to indicate an insertion of a record.
echo '<input type="hidden" name="save_type" value="insert" />';
}
echo '<input type="hidden" name="database" value="' . $db . '" />';
echo '<input type="hidden" name="table" value="' . $table . '" />';
echo '<input type="hidden" name="number" value="' . $record_number . '" />';
if($_SESSION['session_user_status'] == 'viewer')
echo '<br /><input type="submit" value="' . $strings['FORM_SAVESUBMIT'] . '" disabled="disabled" />';
else
echo '<br /><input type="submit" value="' . $strings['FORM_SAVESUBMIT'] . '" />';
echo "</form></div>"; //div for mainpane
endhtml();
?>