Location: PHPKode > projects > phpMyOrdering > phpMyOrdering-0.1.7-alpha/phpMyPurchasing-0.1.2-alpha/scripts/classes/class.departments.php
<?PHP
/*
 * phpMyPurchasing - All rights reserved.
 * Jason Gerfen [hide@address.com]
 *
 * class.departments.php - Departments management libs
 *
 */

class departments
{

 function process($token,$get,$post,$server)
 {
  global $errors, $handles, $defined;

  $user_details = $handles['encrypt']->DecodeAuthTokenHeavy($token);
		$user = $user_details[0]; $formData['addAppAdmin'] = $username;
  $group = $user_details[3];

  $post = array_merge($post,$this->GenAllErrors($post));

		if(!empty($post['cmd'])) {
			if((!empty($post['txtDepartmentName']))&&(!empty($post['txtDepartmentManager']))&&(!empty($post['txtDepartmentAddress']))&&(!empty($post['txtDepartmentPhone']))&&(!empty($post['txtDepartmentEmail']))) {
				if(($handles['val']->ValidateParagraph($post['txtDeparmentName'])!==-1)&&($handles['val']->ValidateParagraph($post['txtDepartmentManager'])!==-1)&&($handles['val']->ValidateParagraph($post['txtDepartmentAddress'])!==-1)&&($handles['val']->ValidateParagraph($post['txtDepartmentPhone'])!==-1)&&($handles['val']->ValidateParagraph($post['txtDepartmentEmail'])!==-1)) {

 				if($post['cmd']==="addDept") {
      $flag = 'add';
      $sql['main'] = $this->add($token,$order,$post,$user);
					}
 				if($post['cmd']==="editDept") {
      $flag = 'edit';
				  $sql['main'] = $this->edit($post,$user);
 				}
 				if($post['cmd']==="delDept") {
      $flag = 'del';
				  $sql['main'] = $this->delete($post);
      $sql['resource'] = $this->dresource($post);
      $sql['uresource'] = $this->duresource($post);
 				}

     if($post['cmd']!=="delDept") {
      $sql['resource'] = $this->resource($user,$post);
      $sql['gresource'] = $this->gresource($group,$post);
      $sql['uresource'] = $this->uresource($user,$post);
     }

     $result = $this->execute($sql);
     if($result==='-1'){
      $x = $defined['error']; $class = "error";
      $message = "A database error occured when saving changes to '$post[txtDepartmentName]'";
     } else {
      $x = $defined['good']; $class = "good";
      $message = "Changes to '$post[txtDepartmentName]' were successful. $result changes were made.";
     }

     $post['error'] = '<div class="' . $class . '">' . $handles['err']->GenerateErrorImg( $x, "help/help.html", NULL, '800', '800' ) . '&nbsp;' . $message . '</div>';

				} else {
					$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
     $list = "<ul>";
     if($handles['val']->ValidateParagraph($post['txtUDepartmentName'])===-1){ $list .= "<li>Department name field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtDepartmentNameErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtDepartmentManager'])===-1){ $list .= "<li>Department manager field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtDepartmentManagerErr'] = $erlink; }
     if($handles['val']->ValidateParagraph($post['txtDepartmentAddress'])===-1){ $list .= "<li>Department address field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtDepartmentAddressErr'] = $erlink; }
     if($handles['val']->ValidatePhone($post['txtDepartmentPhone'])===-1){ $list .= "<li>Department phone number is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtDepartmentPhoneErr'] = $erlink; }
     if($handles['val']->ValidateParagraph($post['txtDepartmentEmail'])===-1){ $list .= "<li>Department email is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtDepartmentEmailErr'] = $erlink; }
					$list .= "</ul>";
					$post['error'] = '<div class="error">' . $list . '</div>';
				}
			} else {
				$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
    $list = "<ul>";
				if(empty($post['txtDepartmentName'])){ $list .= "<li>Department name is missing</li>"; $post['txtDepartmentNameErr'] = $erlink; }
    if(empty($post['txtDepartmentManager'])){ $list .= "<li>Department manager is missing</li>"; $post['txtDepartmentManagerErr'] = $erlink; }
    if(empty($post['txtDepartmentAddress'])){ $list .= "<li>Department address is missing</li>"; $post['txtDepartmentAddressErr'] = $erlink; }
    if(empty($post['txtDepartmentPhone'])){ $list .= "<li>Department phone is missing</li>"; $post['txtDepartmentPhoneErr'] = $erlink; }
    if(empty($post['txtDepartmentEmail'])){ $list .= "<li>Department email is missing</li>"; $post['txtDepartmentEmailErr'] = $erlink; }
				$list .= "</ul>";
				$post['error'] = '<div class="error">' . $list . '</div>';
			}
		} else {
   $post = array_merge($post, $this->GenAllValues());
  }

  if(function_exists("json_encode")) {
   $jsonDepartments = json_encode(array_map($handles['val']->ValidateXSS,$this->getDepartments()));
  } else {
   $jsonDepartments = $handles['misc']->arr2json(array_map($handles['val']->ValidateXSS,$this->getDepartments()));
  }
  $post['jsonDepartments'] = 'var departments = ' . $jsonDepartments . ';';

  return $post;
 }

 function genAllValues()
 {
  $post['txtDepartmentName'] = '';
  $post['txtDepartmentManager'] = '';
  $post['txtDepartmentAddress'] = '';
  $post['txtDepartmentPhone'] = '';
  $post['txtDepartmentEmail'] = '';
  return $post;
 }

 function genAllErrors($post)
 {
  $post['error'] = '';
  $post['lerror'] = '';
  $post['txtDepartmentNameErr'] = '*';
  $post['txtDepartmentManagerErr'] = '*';
  $post['txtDepartmentAddressErr'] = '*';
  $post['txtDepartmentPhoneErr'] = '*';
  $post['txtDepartmentEmailErr'] = '*';
  return $post;
 }

 function getDepartments()
 {
  global $defined,$handles;
  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  $lvl = "SELECT * FROM `departments` ORDER BY `txtDepartmentName` ASC";
		if(($return = $handles['db']->dbQuery($handles['val']->ValidateSQL($lvl,$dbconn),$dbconn))!==-1) {
   if($handles['db']->dbNumRows($return)>0) {
  	 $data = $handles['db']->dbArrayResultsAssoc($return);
   }
		}
  $handles['db']->dbFixTable("levels", $dbconn);
  $handles['db']->dbFreeData($dbconn);
  $handles['db']->dbCloseConn($dbconn);
  return $data;
 }

 function add($token,$order,$post,$user)
 {
  return "INSERT INTO `departments` (`txtDepartmentName`,`txtDepartmentManager`,`txtDepartmentAddress`,`txtDepartmentPhone`,`txtDepartmentEmail`) VALUES (\"" . $post['txtDepartmentName'] . "\",\"" . $post['txtDepartmentManager'] . "\",\"" . $post['txtDepartmentAddress'] . "\",\"" . $post['txtDepartmentPhone'] . "\",\"" . $post['txtDepartmentEmail'] . "\") ON DUPLICATE KEY UPDATE `txtDepartmentName` = \"" . $post['txtDepartmentName'] . "\",`txtDepartmentManager` = \"" . $post['txtDepartmentManager'] . "\",`txtDepartmentAddress` = \"" . $post['txtDepartmentAddress'] . "\",`txtDepartmentPhone` = \"" . $post['txtDepartmentPhone'] . "\",`txtDepartmentEmail` = \"" . $post['txtDepartmentEmail'] . "\"";
 }

 function edit($post,$user)
 {
  return "UPDATE `departments` SET `txtDepartmentName` = \"" . $post['txtDepartmentName'] . "\",`txtDepartmentManager` = \"" . $post['txtDepartmentManager'] . "\",`txtDepartmentAddress` = \"" . $post['txtDepartmentAddress'] . "\",`txtDepartmentPhone` = \"" . $post['txtDepartmentPhone'] . "\",`txtDepartmentEmail` = \"" . $post['txtDepartmentEmail'] . "\" WHERE `txtDepartmentName` = \"" . $post['txtDepartmentName'] . "\" LIMIT 1";
 }
 
 function delete($post)
 {
  return "DELETE FROM `departments` WHERE `txtDepartmentName` = \"" . $post['txtDepartmentName'] . "\" LIMIT 1";
 }

 function resource($user,$post)
 {
  return "INSERT INTO `resources` (`txtObjectID`,`txtObjectName`,`txtObjectOwner`) VALUES (\"" . md5($post['txtDepartmentName']) . "\", \"" . $post['txtDepartmentName'] . "\", \"" . $user . "\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . md5($post['txtDepartmentName']) . "\",`txtObjectName` = \"" . $post['txtDepartmentName'] . "\"";
 }
 
 function gresource($group,$post)
 {
  return "INSERT INTO `gresources` (`txtObjectID`,`txtObjectGroup`,`txtObjectRead`,`txtObjectWrite`) VALUES (\"" . md5($post['txtDepartmentName']) . "\", \"" . $group . "\", \"1\", \"1\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . md5($post['txtDepartmentName']) . "\",`txtObjectGroup` = \"" . $group . "\",`txtObjectRead` = \"1\", `txtObjectWrite` = \"1\"";
 }

 function uresource($user,$post)
 {
  return "INSERT INTO `uresources` (`txtObjectID`,`txtObjectUser`,`txtObjectRead`,`txtObjectWrite`) VALUES (\"" . md5($post['txtDepartmentName']) . "\", \"" . $user . "\", \"1\", \"1\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . md5($post['txtDepartmentName']) . "\",`txtObjectUser` = \"" . $user . "\",`txtObjectRead` = \"1\", `txtObjectWrite` = \"1\"";
 }

 function dresource($post)
 {
  return "DELETE FROM `resources` WHERE `txtObjectID` = \"" . md5($post['txtDepartmentName']) . "\" LIMIT 1";
 }
 
 function duresource($user)
 {
  return "DELETE FROM `uresources` WHERE `txtObjectID` = \"" . md5($post['txtDepartmentName']) . "\"";
 }

 function dgresource($user)
 {
  return "DELETE FROM `gresources` WHERE `txtObjectID` = \"" . md5($post['txtDepartmentName']) . "\"";
 }

 function execute($sql)
 {
  global $defined, $handles;
  if(count($sql)>0) {
   $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
   foreach($sql as $key => $value) {
    if(($res = $handles['db']->dbQuery($handles['val']->ValidateSQL($value, $dbconn), $dbconn))!==-1) {
     if(($a=$handles['db']->dbNumRowsAffected($dbconn))>0) {
      $a++;
      $return = $a;
			  }
		  } else {
     $return = '-1';
    }
   }
   $handles['db']->dbFixTable("departments", $dbconn);
   $handles['db']->dbFixTable("resources", $dbconn);
   $handles['db']->dbFixTable("gresources", $dbconn);
   $handles['db']->dbFixTable("uresources", $dbconn);
   $handles['db']->dbFreeData($dbconn);
   $handles['db']->dbCloseConn($dbconn);
  }
  return $return;
 }

}

?>
Return current item: phpMyOrdering