requireLogin(); $_admin->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%); sslOn(); require_once CODE_BASE . '/lib/PageNumbers.inc.php'; require_once CODE_BASE . '/lib/SessionCache.inc.php'; require_once CODE_BASE . '/lib/FormValidator.inc.php'; require_once CODE_BASE . '/lib/SortOrder.inc.php'; require_once CODE_BASE . '/lib/TemplateGlue.inc.php'; require_once CODE_BASE . '/lib/Prefs.inc.php'; require_once CODE_BASE . '/lib/RecordLock.inc.php'; require_once CODE_BASE . '/lib/RecordVersion.inc.php'; /****************************************************************************** * CONFIG *****************************************************************************/ // Titles and navigation header. $nav->addPage(_("%TITLE%"), $_SERVER['PHP_SELF']); // The object to validate form input. $fv = new FormValidator(); %SORT_ORDER% // Instantiate page numbers. Total items are set and calculation is done in the getRecordList function. $page = new PageNumbers(); $page->setPerPage(getFormData('per_page'), 100); $page->setPageNumber(getFormData('page_number')); /****************************************************************************** * MAIN *****************************************************************************/ // We may want to use the add/edit interface from another script, so this // allows us to remember which page we came from so we can go back there. if (getFormData('boomerang', false)) { setBoomerangURL($_SERVER['HTTP_REFERER'], '%NAME_PLURAL%'); } if (getFormData('break_list_cache', false)) { // Break the cache because we are changing the list data. SessionCache::breakCache($_SERVER['PHP_SELF']); } // What action to take. switch (getFormData('op')) { case 'add' : $_admin->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_ADD); // Initialize variables for the form template. $frm =& addRecordForm(); $nav->addPage(_("Add %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; break; case 'edit' : $_admin->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_EDIT); // Initialize variables for the form template. $frm =& editRecordForm(getFormData('%PRIMARY_KEY%')); $nav->addPage(_("Edit %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; break; case 'del' : $_admin->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_DELETE); deleteRecord(getFormData('%PRIMARY_KEY%')); if (validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. dieURL($_SERVER['PHP_SELF']); break; case 'insert' : $_admin->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_ADD); if (getFormdata('cancel', false)) { dieURL($_SERVER['PHP_SELF']); } validateInput(); if ($fv->anyErrors()) { $frm =& addRecordForm(); $frm = array_merge($frm, getFormData()); $nav->addPage(_("Add %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; } else { $%PRIMARY_KEY% = insertRecord(getFormData()); if (getFormdata('repeat', false)) { // Display function again. dieURL($_SERVER['PHP_SELF'] . '?op=add'); } else if (validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. dieURL($_SERVER['PHP_SELF']); } break; case 'update' : $_admin->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_EDIT); if (getFormdata('reset', false)) { raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__); dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . getFormData('%PRIMARY_KEY%')); } if (getFormdata('cancel', false)) { // Remove lock $lock = new RecordLock($GLOBALS['_admin']); $lock->select('%DB_TBL%', '%PRIMARY_KEY%', getFormData('%PRIMARY_KEY%')); $lock->remove(); if (validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. dieURL($_SERVER['PHP_SELF']); } validateInput(); if ($fv->anyErrors()) { $frm =& editRecordForm(getFormData('%PRIMARY_KEY%')); $frm = array_merge($frm, getFormData()); $nav->addPage(_("Edit %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; } else { updateRecord(getFormData()); if (getFormdata('repeat', false)) { // Display edit function with next available ID. $qid = dbQuery("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); if (list($next_id) = mysql_fetch_row($qid)) { dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); } else { raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__); } } else if (validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. dieURL($_SERVER['PHP_SELF']); } break; case _("Save rank") : $_admin->requireAccessClearance(ZONE_ADMIN_PROGRAMS_FUNC_REORDER); updateRank(getFormData('rank')); dieURL($_SERVER['PHP_SELF']); break; default : $_admin->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_LIST, _("Permission to view %NAME_PLURAL% list denied.")); $list =& getRecordList(); $main_template = '%ADMIN_LIST_TEMPLATE%'; break; } /****************************************************************************** * TEMPLATE INITIALIZATION *****************************************************************************/ include 'adm_header.ihtml'; include $main_template; include 'adm_footer.ihtml'; /****************************************************************************** * FUNCTIONS *****************************************************************************/ %FORM_VALIDATION% function &addRecordForm() { // set default values for the reset of the fields. $frm['rank'] = '1000'; $frm['publish'] = 'on'; $frm['new_op'] = 'insert'; $frm['submit_caption'] = _("Add %ITEM_TITLE%"); $frm['repeat_caption'] = _("Add & repeat"); $frm['cancel_caption'] = _("Cancel"); return $frm; } function &editRecordForm($id) { $lock = new RecordLock($GLOBALS['_admin']); $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $id); if ($lock->isLocked() && !$lock->isMine()) { $lock->dieErrorPage(); } else { // Get the information for the form. $qid = dbQuery(" SELECT * FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' "); if (!$frm = mysql_fetch_assoc($qid)) { logMsg('Could not find record with %PRIMARY_KEY%: ' . $id, LOG_WARNING, __FILE__, __LINE__); raiseMsg(sprintf(_("The requested record %s could not be found"), $id), MSG_ERR, __FILE__, __LINE__); dieBoomerangURL(); } // Lock this record. $lock->set('%DB_TBL%', '%PRIMARY_KEY%', $id, $frm['address']); // Set misc values for the form. $frm['new_op'] = 'update'; $frm['submit_caption'] = _("Save changes"); $frm['repeat_caption'] = _("Save & edit next"); $frm['reset_caption'] = _("Reset"); $frm['cancel_caption'] = _("Cancel"); $frm['%PRIMARY_KEY%'] = $id; return $frm; } } function deleteRecord($id) { $lock = new RecordLock($GLOBALS['_admin']); $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $id); if ($lock->isLocked() && !$lock->isMine()) { $lock->dieErrorPage(); } else { // Break the cache because we are changing the list data. SessionCache::breakCache($_SERVER['PHP_SELF']); // Get the information for this object. $qid = dbQuery(" SELECT <##> FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' "); if (! list($name) = mysql_fetch_row($qid)) { logMsg('Could not find record with %PRIMARY_KEY%: ' . $id, LOG_WARNING, __FILE__, __LINE__); raiseMsg(sprintf(_("The requested record %s could not be found"), $id), MSG_ERR, __FILE__, __LINE__); dieBoomerangURL(); } // Delete the record. dbQuery("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "'"); raiseMsg(sprintf(_("The %ITEM_TITLE% %s has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); // Unlock record. $lock->remove(); } } function insertRecord($frm) { global $_admin; // Break the cache because we are changing the list data. SessionCache::breakCache($_SERVER['PHP_SELF']); %INSERT% $last_insert_id = mysql_insert_id($GLOBALS['dbh']); // Create version. $version = new RecordVersion(); $version->create('%DB_TBL%', '%PRIMARY_KEY%', $last_insert_id, $frm['<##>']); raiseMsg(sprintf(_("The %ITEM_TITLE% %s has been added."), $frm['<##>']), MSG_SUCCESS, __FILE__, __LINE__); return $last_insert_id; } function updateRecord($frm) { global $_admin; $lock = new RecordLock($GLOBALS['_admin']); $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $frm['%PRIMARY_KEY%']); if ($lock->isLocked() && !$lock->isMine()) { $lock->dieErrorPage(); } else { // Break the cache because we are changing the list data. SessionCache::breakCache($_SERVER['PHP_SELF']); %UPDATE% // Create version. $version = new RecordVersion(); $version->create('%DB_TBL%', '%PRIMARY_KEY%', $frm['%PRIMARY_KEY%'], $frm['<##>']); raiseMsg(sprintf(_("The %ITEM_TITLE% %s has been updated."), $frm['<##>']), MSG_SUCCESS, __FILE__, __LINE__); // Unlock record. $lock->remove(); } } function &getRecordList() { global $page; global $so; $where_clause = ''; // Build search query if available. if (getFormData('search_query', false)) { $qry_words = preg_split('/[^\w]/', getFormData('search_query')); for ($i=0; $i', false)) { // Limit by filter. $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . mysql_real_escape_string(getFormData('filter_<##>')) . "'"; } // Count the total number of records so we can do something about the page numbers. $qid = dbQuery(" SELECT COUNT(*) FROM %DB_TBL% $where_clause "); list($num_results) = mysql_fetch_row($qid); // Set page numbers now we know (needed for next step). $page->setTotalItems($num_results); $page->calculate(); // Final SQL, with sort and page limiters. $sql = " SELECT %DB_TBL%.*, a1.username AS added_admin_username, a2.username AS modified_admin_username FROM %DB_TBL% LEFT JOIN admin_tbl a1 ON (%DB_TBL%.added_by_admin_id = a1.admin_id) LEFT JOIN admin_tbl a2 ON (%DB_TBL%.modified_by_admin_id = a2.admin_id) $where_clause " . $so->getSortOrderSQL() . " " . $page->getLimitSQL() . " "; // A unique key for this query, with the total_items in case db records // were added since the last cache. This identifies a unique set of // cached data, but we must refer to the list that is cached by a more // generic name. so that we can flush the cache (if records updated) // without knowing the hash. $cache_hash = md5($sql . '|' . $page->total_items); if (Prefs::getValue('cache_hash', $_SERVER['PHP_SELF']) != $cache_hash) { SessionCache::breakCache($_SERVER['PHP_SELF']); Prefs::setValue('cache_hash', $cache_hash, $_SERVER['PHP_SELF']); } if (SessionCache::isCached($_SERVER['PHP_SELF'])) { // Get the cached results. $list = SessionCache::getCache($_SERVER['PHP_SELF']); } else { // If the list is not already cached, query now. $qid = dbQuery($sql); // Fill an array with the items for this page. while ($row = mysql_fetch_assoc($qid)) { $list[] = $row; } // Cache the results. SessionCache::putCache($list, $_SERVER['PHP_SELF']); } return $list; } function updateRank($ranks) { if (!is_array($ranks)) { logMsg('Saving rank failed, data posted is not an array: ' . $ranks, LOG_ERR, __FILE__, __LINE__); return false; } // Break the cache because we are changing the list data. SessionCache::breakCache($_SERVER['PHP_SELF']); // Count the ranks with invalid numbers $unspecified_counter = 0; // Go through the array of new ranks. foreach ($ranks as $id => $new_rank) { if ('' == trim($new_rank) || !is_numeric($new_rank) || $new_rank > 2147483646) { // Unspecified entries recieve a sort order of 1000. $new_rank = 1000; $unspecified_counter++; } dbQuery(" UPDATE %DB_TBL% SET rank = '" . mysql_real_escape_string($new_rank) . "' WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' "); } raiseMsg(_("Records have been reordered with the new rank."), MSG_SUCCESS, __FILE__, __LINE__); if ($unspecified_counter > 0) { raiseMsg(sprintf(_("%s items with unspecified ranks were automatically assigned a rank of 1000."), $unspecified_counter), MSG_NOTICE, __FILE__, __LINE__); } } ?>