/ -> general.php
1 <?php
2
3 // general.php - List, modify, delete and add to general databases
4 // general.php - author: Nico Stuurman <nicost@soureforge.net>
5 /***************************************************************************
6 * This script displays a table with protocols in phplabware. *
7 * *
8 * Copyright (c) 2002 by Ethan Garner,Nico Stuurman<nicost@sf.net> *
9 * ------------------------------------------------------------------------ *
10 * This program is free software; you can redistribute it and/or modify it *
11 * under the terms of the GNU General Public License as published by the *
12 * Free Software Foundation; either version 2 of the License, or (at your *
13 * option) any later version. *
14 \**************************************************************************/
15
16 /// main include thingies
17 require('include.php');
18 require('includes/db_inc.php');
19 require('includes/general_inc.php');
20
21 $tableinfo=new tableinfo($db);
22
23 if (!$tableinfo->id) {
24 printheader($httptitle);
25 navbar($USER['permissions']);
26 echo "<h3 align='center'> Table: <i>$HTTP_GET_VARS[tablename]</i> does not exist.</h3>";
27 printfooter();
28 exit();
29 }
30
31 $tableinfo->queryname=$queryname=$tableinfo->short.'_query';
32 $tableinfo->pagename=$pagename=$tableinfo->short.'_curr_page';
33
34 // read all fields in from the description file
35 $fields_table=comma_array_SQL($db,$tableinfo->desname,columnname,"WHERE display_table='Y'");
36
37 // load plugin php code if it has been defined
38 $plugin_code=get_cell($db,'tableoftables','plugin_code','id',$tableinfo->id);
39 if ($plugin_code)
40 @include($plugin_code);
41
42 // register variables
43 $get_vars='tablename,md,showid,edit_type,add,jsnewwindow,modify';
44 globalize_vars($get_vars, $HTTP_GET_VARS);
45 $post_vars = 'add,md,edit_type,submit,search,searchj,serialsortdirarray';
46 globalize_vars($post_vars, $HTTP_POST_VARS);
47 // hack
48 if (isset($HTTP_POST_VARS['subm']))
49 $submit=$HTTP_POST_VARS['subm'];
50
51 $httptitle .=$tableinfo->label;
52
53 // this shows a record entry in a new window, called through javascript
54 if ($jsnewwindow && $showid && $tableinfo->name) {
55 printheader($httptitle.' - View record ');
56 if (function_exists('plugin_show')){
57 plugin_show($db,$tableinfo,$showid,$USER,$system_settings,false);
58 }
59 else {
60 // find the next and previous ids, so that we can show prev/next buttons
61 $listb=may_read_SQL($db,$tableinfo,$USER,'tempb');
62 $r=$db->Execute($HTTP_SESSION_VARS[$tableinfo->queryname]);
63 while ($r && $r->fields['id']!=$showid && !$r->eof) {
64 $previousid=$r->fields['id'];
65 $r->MoveNext();
66 }
67 if ($r->fields['id']==$showid && !$r->eof) {
68 $r->MoveNext();
69 $nextid=$r->fields['id'];
70 }
71 show_g($db,$tableinfo,$showid,$USER,$system_settings,false,$previousid,$nextid);
72 }
73 //show_report_templates_menu($db,$tableinfo,$showid);
74 printfooter();
75 exit();
76 }
77
78 // open a modify window in a new window, called through javascript
79 if ($jsnewwindow && $modify) {
80 // simply translate a GET variable into a POST variable
81 // it will be picked up below
82 while((list($key, $val) = each($HTTP_GET_VARS))) {
83 // display form with information regarding the record to be changed
84 if (substr($key, 0, 4) == 'mod_' && $val=='Modify') {
85 $HTTP_POST_VARS[$key]=$val;
86 }
87 }
88 }
89
90 // Mode can be changed through a get var and is perpetuated through post vars
91 if ($HTTP_GET_VARS['md'])
92 $md=$HTTP_GET_VARS['md'];
93
94 foreach($HTTP_POST_VARS as $key =>$value) {
95 // for table links, search in the linked table instead of the current one
96 if (substr($key, 0, 3) == 'max') {
97 $cname=substr($key,4);
98 $field=strtok($cname,'_');
99 $value=$HTTP_POST_VARS["$cname"];
100 // we need to replace this value with an id if appropriate
101 if ($value)
102 $HTTP_POST_VARS["$cname"]=find_nested_match($db,$tableinfo,$field,$value);
103 }
104 // check if sortup or sortdown arrow was been pressed
105 else {
106 list($testkey,$testvalue)=explode('_',$key);
107 if ($testkey=='sortup'){
108 $sortup=$testvalue;
109 }
110 if ($testkey=='sortdown') {
111 $sortdown=$testvalue;
112 }
113 }
114 }
115 reset ($HTTP_POST_VARS);
116 if ($searchj || $sortup || $sortdown)
117 $search='Search';
118
119 /*****************************BODY*******************************/
120
121 // check whether user may see this table
122 if (!may_see_table($db,$USER,$tableinfo->id)) {
123 printheader($httptitle);
124 navbar($USER['permissions']);
125 echo "<h3 align='center'>These data are not for you. Sorry;(</h3>\n";
126 printfooter();
127 exit();
128 }
129 // check if something should be modified, deleted or shown
130 while((list($key, $val) = each($HTTP_POST_VARS))) {
131 // display form with information regarding the record to be changed
132 if (substr($key, 0, 3) == 'mod' && $val=='Modify') {
133 printheader($httptitle.' - Modify record ');
134 navbar($USER['permissions']);
135 $modarray = explode('_', $key);
136 $r=$db->Execute("SELECT $tableinfo->fields FROM ".$tableinfo->realname." WHERE id=$modarray[1]");
137 add_g_form($db,$tableinfo,$r->fields,$modarray[1],$USER,$PHP_SELF,$system_settings);
138 printfooter();
139 exit();
140 }
141 if (substr($key, 0, 3) == 'chg') {
142 $chgarray = explode('_', $key);
143 if ($val=='Change') {
144 $Fieldscomma=comma_array_SQL_where($db,$tableinfo->desname,'columnname','display_table','Y');
145 $Fieldsarray=explode(',',$Fieldscomma);
146 reset($HTTP_POST_VARS);
147 while((list($key, $val) = each($HTTP_POST_VARS))) {
148 $testarray=explode('_',$key);
149 if ( ($testarray[1]==$chgarray[1]) && (in_array ($testarray[0],$Fieldsarray))) {
150 if (is_array($val)) {
151 // special treatment for mpulldowns
152 $rk=$db->Execute("SELECT key_table FROM {$tableinfo->desname} WHERE columnname='{$testarray[0]}'");
153 update_mpulldown($db,$rk->fields[0],$testarray[1],$val);
154 }
155 else
156 $change_values[$testarray[0]]=$val;
157 }
158 }
159 if(check_g_data ($db,$change_values,$tableinfo,true))
160 modify($db,$tableinfo->realname,$Fieldscomma,$change_values,$chgarray[1],$USER,$tableinfo->id);
161 break;
162 }
163 }
164 // delete file and show protocol form
165 if (substr($key, 0, 3) == 'def') {
166 printheader($httptitle);
167 navbar($USER['permissions']);
168 $modarray = explode('_', $key);
169 $filename=delete_file($db,$modarray[1],$USER);
170 $id=$HTTP_POST_VARS['id'];
171 if ($filename)
172 echo "<h3 align='center'>Deleted file <i>$filename</i>.</h3>\n";
173 else
174 echo "<h3 align='center'>Failed to delete file <i>$filename</i>.</h3>\n";
175 add_g_form ($db,$tableinfo,$HTTP_POST_VARS,$id,$USER,$PHP_SELF,$system_settings);
176 printfooter();
177 exit();
178 }
179 // show the record only when javascript is not active
180 if (substr($key, 0, 4) == 'view' && !$HTTP_SESSION_VARS['javascript_enabled']) {
181 printheader($httptitle);
182 navbar($USER['permissions']);
183 $modarray = explode('_', $key);
184 if (function_exists('plugin_show'))
185 plugin_show($db,$tableinfo,$showid,$USER,$system_settings,false);
186 else
187 show_g($db,$tableinfo,$modarray[1],$USER,$system_settings,true);
188 printfooter();
189 exit();
190 }
191
192 // Add/modify/delete pulldown menu items
193 if (substr($key, 0, 7) == 'addtype' && ($USER['permissions'] & $LAYOUT)) {
194 printheader($httptitle,'','includes/js/tablemanage.js');
195 $modarray = explode('_', $key);
196 include('includes/type_inc.php');
197 add_type($db,$edit_type);
198 show_type($db,$edit_type,'',$tableinfo->name);
199 printfooter();
200 exit();
201 }
202 if (substr($key, 0, 6) == 'mdtype' && ($USER['permissions'] & $LAYOUT)) {
203 printheader($httptitle,"","includes/js/tablemanage.js");
204 $modarray = explode("_", $key);
205 include("includes/type_inc.php");
206 mod_type($db,$edit_type,$modarray[1]);
207 show_type($db,$edit_type,"",$tableinfo->name);
208 printfooter();
209 exit();
210 }
211 if (substr($key, 0, 6) == 'dltype' && ($USER['permissions'] & $LAYOUT)) {
212 printheader($httptitle,"","includes/js/tablemanage.js");
213 $modarray = explode("_", $key);
214 include('includes/type_inc.php');
215 del_type($db,$edit_type,$modarray[1],$tableinfo);
216 show_type($db,$edit_type,"",$tableinfo->name);
217 printfooter();
218 exit();
219 }
220 }
221
222 if ($edit_type && ($USER['permissions'] & $LAYOUT)) {
223 printheader($httptitle);
224 include('includes/type_inc.php');
225 $assoc_name=get_cell($db,$tableinfo->desname,label,associated_table,$edit_type);
226 show_type($db,$edit_type,$assoc_name,$tableinfo->name);
227 printfooter();
228 exit();
229 }
230
231 printheader($httptitle);
232 navbar($USER['permissions']);
233
234 // provide a means to hyperlink directly to a record
235 if ($showid && !$jsnewwindow) {
236
237 if (function_exists('plugin_show'))
238 plugin_show($db,$tableinfo,$showid,$USER,$system_settings,false);
239 else {
240 show_g($db,$tableinfo,$showid,$USER,$system_settings,true);
241 }
242 printfooter();
243 exit();
244 }
245
246 // when the 'Add' button has been chosen:
247 if ($add) {
248 add_g_form($db,$tableinfo,$field_values,0,$USER,$PHP_SELF,$system_settings);
249 }
250 else {
251 // first handle addition of a new record
252 if ($submit == 'Add Record') {
253 if (!(check_g_data($db, $HTTP_POST_VARS, $tableinfo) &&
254 $id=add($db,$tableinfo->realname,$tableinfo->fields,$HTTP_POST_VARS,$USER,$tableinfo->id) ) ) {
255 add_g_form($db,$tableinfo,$HTTP_POST_VARS,0,$USER,$PHP_SELF,$system_settings);
256 printfooter ();
257 exit;
258 }
259 else {
260 // $id ==-1 when the record was already uploaded
261 if ($id>0) {
262 // mpulldown
263 $rd=$db->Execute('SELECT columnname,key_table FROM '.$tableinfo->desname." WHERE datatype='mpulldown'");
264 while ($rd && !$rd->EOF){
265 update_mpulldown($db,$rd->fields['key_table'],$id,$HTTP_POST_VARS[$rd->fields['columnname']]);
266 $rd->MoveNext();
267 }
268 // upload files
269 $rb=$db->Execute("SELECT id,columnname,associated_table FROM ".$tableinfo->desname." WHERE datatype='file'");
270 while (!$rb->EOF) {
271 $fileid=upload_files($db,$tableinfo->id,$id,$rb->fields['id'],$rb->fields['columnname'],$USER,$system_settings);
272 // try to convert word files into html files
273 if ($fileid)
274 $htmlfileid=process_file($db,$fileid,$system_settings);
275 $rb->MoveNext();
276 }
277 // upload images
278 $rc=$db->Execute("SELECT id,columnname,associated_table,thumb_x_size FROM ".$tableinfo->desname." WHERE datatype='image'");
279 while (!$rc->EOF) {
280 $imageid=upload_files($db,$tableinfo->id,$id,$rc->fields['id'],$rc->fields['columnname'],$USER,$system_settings);
281 // make thumbnails and do image specific stuff
282 if ($imageid)
283 process_image($db,$imageid,$rc->fields['thumb_x_size']);
284 $rc->MoveNext();
285 }
286 // call plugin code to do something with newly added data
287 if (function_exists("plugin_add"))
288 plugin_add($db,$tableinfo->id,$id);
289 }
290 // to not interfere with search form
291 unset ($HTTP_POST_VARS);
292 // or we won't see the new record
293 unset ($HTTP_SESSION_VARS["{$queryname}"]);
294 }
295 }
296 // then look whether it should be modified
297 elseif ($submit=='Modify Record') {
298 // $modfields=comma_array_SQL_where($db,$tableinfo->desname,"columnname","modifiable","Y");
299 // The pdf plugin wants to modify fields that have been set to modifiable=='N'
300 if (! (check_g_data($db,$HTTP_POST_VARS,$tableinfo,true) &&
301 modify($db,$tableinfo->realname,$tableinfo->fields,$HTTP_POST_VARS,$HTTP_POST_VARS['id'],$USER,$tableinfo->id)) ) {
302 add_g_form ($db,$tableinfo,$HTTP_POST_VARS,$HTTP_POST_VARS['id'],$USER,$PHP_SELF,$system_settings);
303 printfooter ();
304 exit;
305 }
306 else {
307 // mpulldown
308 $rd=$db->Execute('SELECT columnname,key_table FROM '.$tableinfo->desname." WHERE datatype='mpulldown'");
309 while ($rd && !$rd->EOF){
310 update_mpulldown($db,$rd->fields['key_table'],$HTTP_POST_VARS['id'],$HTTP_POST_VARS[$rd->fields['columnname']]);
311 $rd->MoveNext();
312 }
313 // upload files and images
314 $rc=$db->Execute("SELECT id,columnname,datatype,thumb_x_size FROM $tableinfo->desname WHERE datatype='file' OR datatype='image'");
315 while (!$rc->EOF) {
316 if ($HTTP_POST_FILES[$rc->fields['columnname']]['name'][0]) {
317 // delete all existing files
318 delete_column_file ($db,$tableinfo->id,$rc->fields['id'],$HTTP_POST_VARS['id'],$USER);
319 // store the file uploaded by the user
320 $fileid=upload_files($db,$tableinfo->id,$HTTP_POST_VARS['id'],$rc->fields['id'],$rc->fields['columnname'],$USER,$system_settings);
321 if ($rc->fields['datatype']=='file') {
322 // try to convert it to an html file
323 if ($fileid)
324 $htmlfileid=process_file($db,$fileid,$system_settings);
325 }
326 elseif ($rc->fields['datatype']=='image'){
327 // make thumbnails and do image specific stuff
328 if ($fileid)
329 process_image($db,$fileid,$rc->fields['thumb_x_size']);
330 }
331 }
332 $rc->MoveNext();
333 }
334 // to not interfere with search form
335 unset ($HTTP_POST_VARS);
336 }
337 }
338 elseif ($submit=='Cancel')
339 // to not interfere with search form
340 unset ($HTTP_POST_VARS);
341 // or deleted
342 elseif ($HTTP_POST_VARS) {
343 reset ($HTTP_POST_VARS);
344 while((list($key, $val) = each($HTTP_POST_VARS))) {
345 if (substr($key, 0, 3) == 'del') {
346 $delarray = explode('_', $key);
347 delete ($db,$tableinfo->id,$delarray[1], $USER);
348 }
349 }
350 }
351
352 if ($search=='Show All') {
353 $num_p_r=$HTTP_POST_VARS['num_p_r'];
354 unset ($HTTP_POST_VARS);
355 ${$pagename}=1;
356 unset ($HTTP_SESSION_VARS[$queryname]);
357 unset ($serialsortdirarray);
358 session_unregister($queryname);
359 }
360 $column=strtok($tableinfo->fields,',');
361 while ($column) {
362 ${$column}=$HTTP_POST_VARS[$column];
363 $column=strtok(",");
364 }
365
366 // sort stuff
367 $sortdirarray=unserialize(stripslashes($serialsortdirarray));
368 $sortstring=sortstring($sortdirarray,$sortup,$sortdown);
369
370 // set the number of records per page
371 $num_p_r=paging($num_p_r,$USER);
372
373 // get a list with all records we may see, create temp table tempb
374 $listb=may_read_SQL($db,$tableinfo,$USER,'tempb');
375
376 // prepare the search statement and remember it
377 $fields_table="id,".$fields_table;
378
379 ${$queryname}=make_search_SQL($db,$tableinfo,$fields_table,$USER,$search,$sortstring,$listb['sql']);
380 $r=$db->Execute(${$queryname});
381
382 // set variables needed for paging
383 $numrows=$r->RecordCount();
384
385 // set the current page to what the user ordered
386 ${$pagename}=current_page(${$pagename},$tableinfo->short,$num_p_r,$numrows);
387
388 // when search fails we'll revert to Show All after showing an error message
389 if (!$r) {
390 echo "<h3 align='center'>The server encountered an error executing your search. Showing all records instead.</h3><br>\n";
391 $num_p_r=$HTTP_POST_VARS['num_p_r'];
392 unset ($HTTP_POST_VARS);
393 ${$pagename}=1;
394 unset (${$queryname});
395 unset ($HTTP_SESSION_VARS[$queryname]);
396 unset ($serialsortdirarray);
397 session_unregister($queryname);
398 ${$queryname}=make_search_SQL($db,$tableinfo,$fields_table,$USER,$search,$sortstring,$listb['sql']);
399 $r=$db->Execute(${$queryname});
400 }
401
402 // work around bug in adodb/mysql
403 $r->Move(1);
404
405 // set $rp->AtFirstPage and $rp->AtLastPage, will be used in nex-Previous buttons
406 first_last_page ($rp,${$pagename},$num_p_r,$numrows);
407
408 // get variables for links
409 $sid=SID;
410 if ($sid) $sid='&'.$sid;
411 if ($tableinfo->name) $sid.="&tablename=$tableinfo->name";
412
413 // print form;
414 $headers = getallheaders();
415
416 $dbstring=$PHP_SELF."?"."tablename=$tableinfo->name&";
417 $formname='g_form';
418 echo "<form name='$formname' method='post' id='generalform' enctype='multipart/form-data' action='$PHP_SELF?$sid'>\n";
419 echo "<input type='hidden' name='md' value='$md'>\n";
420
421 echo "<table border=0 width='50%' align='center'>\n<tr>\n";
422
423 // variable md contains edit/view mode setting. Propagated as post var to remember state. md can only be changed as a get variable
424 $modetext="<a href='$PHP_SELF?tablename=$tableinfo->name&md=";
425
426 $may_write=may_write($db,$tableinfo->id,false,$USER);
427 if ($md=='edit') {
428 $tabletext='Edit Table ';
429 if ($may_write)
430 $modetext.="view&".SID."'>(to view mode)</a>\n";
431 else
432 $modetext="";
433 }
434 else {
435 $tabletext='View Table ';
436 $modetext.="edit'>(to edit mode)</a>\n";
437 }
438 echo "<td align='center'>$tabletext <B>$tableinfo->label</B> $modetext<br>";
439 if ($may_write)
440 echo "<p><a href='$PHP_SELF?&add=Add&tablename=$tableinfo->name&".SID."'>Add Record</a></td>\n";
441 echo "</tr>\n</table>\n";
442 next_previous_buttons($rp,true,$num_p_r,$numrows,${$pagename},$db,$tableinfo);
443
444 // print header of table
445 echo "<table border='1' align='center'>\n";
446
447 // get a list with ids we may see, $listb has all the ids we may see
448 //$r=$db->CacheExecute(2,${$queryname});
449 if ($db_type=='mysql') {
450 $lista=make_SQL_csf ($r,false,'id',$nr_records);
451 if (!$lista)
452 $lista="-1";
453 $lista=" id IN ($lista) ";
454 }
455 else {
456 make_temp_table($db,'tempa',$r);
457 $lista= " ($tableinfo->realname.id=tempa.uniqueid) ";
458 }
459
460 // get a list of all fields that are displayed in the table
461 $Fieldscomma=comma_array_SQL_where($db,$tableinfo->desname,'columnname','display_table','Y');
462 $Labelcomma=comma_array_SQL_where($db,$tableinfo->desname,'label','display_table','Y');
463 $Allfields=getvalues($db,$tableinfo,$Fieldscomma,false,false);
464
465 // javascript to automatically execute search when pulling down
466 $jscript="onChange='document.g_form.searchj.value=\"Search\"; document.g_form.submit()'";
467
468 // row with search form
469 echo "<tr align='center'>\n";
470 echo "<input type='hidden' name='searchj' value=''>\n";
471
472 foreach($Allfields as $nowfield) {
473 if ($HTTP_POST_VARS[$nowfield[name]]) {
474 $list=$listb['sql'];
475 $count=$listb['numrows'];
476 }
477 else {
478 $list=$lista;
479 $count=$listb['numrows'];
480 }
481 searchfield($db,$tableinfo,$nowfield,$HTTP_POST_VARS,$jscript);
482 }
483
484 echo "<td style='width: 5%'><input type=\"submit\" name=\"search\" value=\"Search\"> ";
485 echo "<input type=\"submit\" name=\"search\" value=\"Show All\"></td>";
486 echo "</tr>\n\n";
487
488
489 //display_midbar($Labelcomma);
490 $labelarray=explode (",",$Labelcomma);
491 $fieldarray=explode (",",$Fieldscomma);
492 if ($sortdirarray)
493 echo "<input type='hidden' name='serialsortdirarray' value='".serialize($sortdirarray)."'>\n";
494 echo "<tr>\n";
495 foreach ($labelarray As $key => $fieldlabel)
496 tableheader ($sortdirarray,$fieldarray[$key], $fieldlabel);
497 echo "<th>Action</th>\n";
498 echo "</tr>\n\n";
499
500 if ($md=='edit')
501 display_table_change($db,$tableinfo,$Fieldscomma,${$queryname},$num_p_r,${$pagename},$rp,$r);
502 else
503 display_table_info($db,$tableinfo,$Fieldscomma,${$queryname},$num_p_r,${$pagename},$rp,$r);
504 printfooter($db,$USER);
505 }
506 ?>