requireLogin(); // $auth->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%); $app->sslOn(); require_once 'codebase/lib/PageNumbers.inc.php'; require_once 'codebase/lib/SessionCache.inc.php'; require_once 'codebase/lib/FormValidator.inc.php'; require_once 'codebase/lib/SortOrder.inc.php'; require_once 'codebase/lib/TemplateGlue.inc.php'; require_once 'codebase/lib/Prefs.inc.php'; require_once 'codebase/lib/RecordLock.inc.php'; require_once 'codebase/lib/RecordVersion.inc.php'; %ADMIN_UPLOAD_INCLUDE% /****************************************************************************** * CONFIG *****************************************************************************/ // Titles and navigation header. $nav->addPage(_("%TITLE%"), $_SERVER['PHP_SELF']); // The object to validate form input. $fv = new FormValidator(); $cache =& SessionCache::getInstance(); %SORT_ORDER% // Instantiate page numbers. Total items are set and calculation is done in the getRecordList function. $page = new PageNumbers(); $page->setPerPage(getFormData('per_page'), 100); $page->setPageNumber(getFormData('page_number')); // Search limiters retain their values between page requests. $app->carryQuery('search_query'); $app->carryQuery('filter_<##>'); %ADMIN_UPLOAD_CONFIG% /****************************************************************************** * MAIN *****************************************************************************/ %ADMIN_UPLOAD_INIT% // We may want to use the add/edit interface from another script, so this // allows us to remember which page we came from so we can go back there. if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) { $app->setBoomerangURL($_SERVER['HTTP_REFERER'], '%NAME_PLURAL%'); } if (getFormData('break_list_cache', false)) { // Break the cache because we are changing the list data. $cache->delete($_SERVER['PHP_SELF']); } // What action to take. switch (getFormData('op')) { case 'add' : // $auth->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_ADD); // Initialize variables for the form template. $frm =& addRecordForm(); $nav->addPage(_("Add %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; break; case 'edit' : // $auth->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_EDIT); // Initialize variables for the form template. $frm =& editRecordForm(getFormData('%PRIMARY_KEY%')); $nav->addPage(_("Edit %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; break; case 'del' : // $auth->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_DELETE); deleteRecord(getFormData('%PRIMARY_KEY%'));%ADMIN_UPLOAD_DEL% if ($app->validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. $app->dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. $app->dieURL($_SERVER['PHP_SELF']); break; case 'insert' : // $auth->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_ADD); if (getFormdata('cancel', false)) { if ($app->validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. $app->dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. $app->dieURL($_SERVER['PHP_SELF']); } validateInput(); if ($fv->anyErrors()) { $frm =& addRecordForm(); $frm = array_merge($frm, getFormData()); $nav->addPage(_("Add %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; } else { $%PRIMARY_KEY% = insertRecord(getFormData());%ADMIN_UPLOAD_INSERT% if (getFormdata('repeat', false)) { // Display function again. $app->dieURL($_SERVER['PHP_SELF'] . '?op=add'); } else if ($app->validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. $app->dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. $app->dieURL($_SERVER['PHP_SELF']); } break; case 'update' : // $auth->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_EDIT); if (getFormdata('reset', false)) { $app->raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__); $app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . getFormData('%PRIMARY_KEY%')); } if (getFormdata('cancel', false)) { // Remove lock $lock->select('%DB_TBL%', '%PRIMARY_KEY%', getFormData('%PRIMARY_KEY%')); $lock->remove(); if ($app->validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. $app->dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. $app->dieURL($_SERVER['PHP_SELF']); } validateInput(); if ($fv->anyErrors()) { $frm =& editRecordForm(getFormData('%PRIMARY_KEY%')); $frm = array_merge($frm, getFormData()); $nav->addPage(_("Edit %ITEM_TITLE%")); $main_template = '%ADMIN_FORM_TEMPLATE%'; } else {%ADMIN_UPLOAD_UPDATE% updateRecord(getFormData()); if (getFormdata('repeat', false)) { // Display edit function with next available ID. $qid = $db->query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . $db->escapeString(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); if (list($next_id) = mysql_fetch_row($qid)) { $app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); } else { $app->raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__); } } else if ($app->validBoomerangURL('%NAME_PLURAL%')) { // Display boomerang page. $app->dieBoomerangURL('%NAME_PLURAL%'); } // Display default page. $app->dieURL($_SERVER['PHP_SELF']); } break; case _("Save rank") : // $auth->requireAccessClearance(ZONE_ADMIN_PROGRAMS_FUNC_REORDER); updateRank(getFormData('rank')); $app->dieURL($_SERVER['PHP_SELF']); break; default : // $auth->requireAccessClearance(ZONE_ADMIN_%NAME_UPPER%_FUNC_LIST, _("Permission to view %NAME_PLURAL% list denied.")); $list =& getRecordList(); $main_template = '%ADMIN_LIST_TEMPLATE%'; break; } /****************************************************************************** * TEMPLATE INITIALIZATION *****************************************************************************/ include 'header.ihtml'; include $main_template; include 'footer.ihtml'; /****************************************************************************** * FUNCTIONS *****************************************************************************/ %FORM_VALIDATION% function &addRecordForm() { // Set default values for the reset of the fields. $frm = array( %SET_VALUES_DEFAULT%, 'new_op' => 'insert', 'submit_buttons' => array( 'submit' => _("Add %ITEM_TITLE%"), 'repeat' => _("Add & repeat"), 'cancel' => _("Cancel"), ), ); return $frm; } function &editRecordForm($id) { global $lock; $db =& DB::getInstance(); $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $id); if ($lock->isLocked() && !$lock->isMine()) { $lock->dieErrorPage(); } // Get the information for the form. $qid = $db->query(" SELECT * FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "' "); if (!$frm = mysql_fetch_assoc($qid)) { $app->logMsg('Could not find record with %PRIMARY_KEY%: ' . $id, LOG_WARNING, __FILE__, __LINE__); $app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__); $app->dieBoomerangURL(); } // Lock this record. $lock->set('%DB_TBL%', '%PRIMARY_KEY%', $id, $frm['<##>']); // Set misc values for the form. $frm = array_merge(array( %SET_VALUES_DEFAULT%, 'new_op' => 'update', 'submit_buttons' => array( 'submit' => _("Save changes"), 'repeat' => _("Save & edit next"), 'reset' => _("Reset"), 'cancel' => _("Cancel"), ), ), $frm); return $frm; } function deleteRecord($id) { global $lock; $db =& DB::getInstance(); $cache =& SessionCache::getInstance(); $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $id); if ($lock->isLocked() && !$lock->isMine()) { $lock->dieErrorPage(); } // Break the cache because we are changing the list data. $cache->delete($_SERVER['PHP_SELF']); // Get the information for this object. $qid = $db->query(" SELECT <##> FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "' "); if (! list($name) = mysql_fetch_row($qid)) { $app->logMsg('Could not find record with %PRIMARY_KEY%: ' . $id, LOG_WARNING, __FILE__, __LINE__); $app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__); $app->dieBoomerangURL(); } // Delete the record. $db->query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "'"); $app->raiseMsg(sprintf(_("The %ITEM_TITLE% %s has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); // Unlock record. $lock->remove(); } function insertRecord($frm) { global $auth; $db =& DB::getInstance(); $cache =& SessionCache::getInstance(); // Break the cache because we are changing the list data. $cache->delete($_SERVER['PHP_SELF']); %INSERT% $last_insert_id = mysql_insert_id($db->getDBH()); // Create version. $version = RecordVersion::getInstance($GLOBALS['auth']); $version->create('%DB_TBL%', '%PRIMARY_KEY%', $last_insert_id, $frm['<##>']); $app->raiseMsg(sprintf(_("The %ITEM_TITLE% %s has been added."), $frm['<##>']), MSG_SUCCESS, __FILE__, __LINE__); return $last_insert_id; } function updateRecord($frm) { global $auth, $lock; $app =& App::getInstance(); $cache =& SessionCache::getInstance(); $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $frm['%PRIMARY_KEY%']); if ($lock->isLocked() && !$lock->isMine()) { $lock->dieErrorPage(); } // Break the cache because we are changing the list data. $cache->delete($_SERVER['PHP_SELF']); %UPDATE% // Create version. $version = RecordVersion::getInstance($GLOBALS['auth']); $version->create('%DB_TBL%', '%PRIMARY_KEY%', $frm['%PRIMARY_KEY%'], $frm['<##>']); $app->raiseMsg(sprintf(_("The %ITEM_TITLE% %s has been updated."), $frm['<##>']), MSG_SUCCESS, __FILE__, __LINE__); // Unlock record. $lock->remove(); } function &getRecordList() { global $page; global $so; $db =& DB::getInstance(); $prefs =& Prefs::getInstance(); $cache =& SessionCache::getInstance(); $where_clause = ''; // Build search query if available. if (getFormData('search_query', false)) { $qry_words = preg_split('/[^\w]/', getFormData('search_query')); for ($i=0; $i', false)) { // Limit by filter. $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . $db->escapeString(getFormData('filter_<##>')) . "'"; } // Count the total number of records so we can do something about the page numbers. $qid = $db->query(" SELECT COUNT(*) FROM %DB_TBL% $where_clause "); list($num_results) = mysql_fetch_row($qid); // Set page numbers now we know (needed for next step). $page->setTotalItems($num_results); $page->calculate(); // Final SQL, with sort and page limiters. $sql = " SELECT %DB_TBL%.*, a1.username AS added_admin_username, a2.username AS modified_admin_username FROM %DB_TBL% LEFT JOIN admin_tbl a1 ON (%DB_TBL%.added_by_user_id = a1.admin_id) LEFT JOIN admin_tbl a2 ON (%DB_TBL%.modified_by_user_id = a2.admin_id) $where_clause " . $so->getSortOrderSQL() . " " . $page->getLimitSQL() . " "; // A unique key for this query, with the total_items in case db records // were added since the last cache. This identifies a unique set of // cached data, but we must refer to the list that is cached by a more // generic name. so that we can flush the cache (if records updated) // without knowing the hash. $cache_hash = md5($sql . '|' . $page->total_items); if ($prefs->get('cache_hash', $_SERVER['PHP_SELF']) != $cache_hash) { $cache->delete($_SERVER['PHP_SELF']); $prefs->set('cache_hash', $cache_hash, $_SERVER['PHP_SELF']); } if ($cache->exists($_SERVER['PHP_SELF'])) { // Get the cached results. $list = $cache->get($_SERVER['PHP_SELF']); } else { // If the list is not already cached, query now. $qid = $db->query($sql); // Fill an array with the items for this page. while ($row = mysql_fetch_assoc($qid)) { $list[] = $row; } if (isset($list) && !empty($list)) { // Cache the results. $cache->set($list, $_SERVER['PHP_SELF']); } } return $list; } function updateRank($ranks) { $db =& DB::getInstance(); $cache =& SessionCache::getInstance(); if (!is_array($ranks)) { $app->logMsg('Saving rank failed, data posted is not an array: ' . $ranks, LOG_ERR, __FILE__, __LINE__); return false; } // Break the cache because we are changing the list data. $cache->delete($_SERVER['PHP_SELF']); // Count the ranks with invalid numbers $unspecified_counter = 0; // Go through the array of new ranks. foreach ($ranks as $id => $new_rank) { if ('' == trim($new_rank) || !is_numeric($new_rank) || $new_rank > 2147483646) { // Unspecified entries receive a sort order of 10000. $new_rank = 10000; $unspecified_counter++; } $db->query(" UPDATE %DB_TBL% SET rank = '" . $db->escapeString($new_rank) . "' WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "' "); } $app->raiseMsg(_("Records have been reordered with the new rank."), MSG_SUCCESS, __FILE__, __LINE__); if ($unspecified_counter > 0) { $app->raiseMsg(sprintf(_("%s items with unspecified ranks were automatically assigned a rank of 10000."), $unspecified_counter), MSG_NOTICE, __FILE__, __LINE__); } } ?>