3 require_once('../init.php');
7 $fields = array("to_char(sys_edit,'DD.MM.YYYY HH24:mm') AS sys_edit", 'sys_user');
8 foreach ($mask['edit'] as $field => $info) {
9 if ($info['sql'] === false) continue;
10 if ($info['type'] == 'date')
11 $fields[] = sprintf("to_char(%s,'DD.MM.YYYY') AS %s",
12 empty($info['sql']) ? $field : $info['sql'],
14 elseif ($info['type'] != 'passwd')
15 $fields[] = empty($info['sql']) ? $field : $info['sql'] . ' AS ' . $field;
18 $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
19 implode(',', $fields),
20 $mask['table'], $_POST['id']);
22 $sth = pg_query($sql);
23 if ($sth === false) return false;
25 $row = pg_fetch_assoc($sth);
27 foreach ($mask['edit'] as $field => $info)
28 if ($info['type'] == 'boolean')
29 $row[$field] = $row[$field]?true:false;
30 elseif ($info['type'] == 'passwd')
32 elseif (array_key_exists('format', $info))
33 $row[$field] = sprintf($info['format'], $row[$field]);
38 function details($mask)
40 if (empty($_POST['id']))
41 return array('error' => 'Missing ID');
44 foreach ($mask['details']['list'] as $field => $info) {
45 if ($info['type'] == 'date')
46 $fields[] = sprintf("to_char(%s,'DD.MM.YYYY') AS %s",
47 empty($info['sql']) ? $field : $info['sql'],
49 elseif (!array_key_exists('fetch',$info))
50 $fields[] = empty($info['sql']) ? $field : $info['sql'] . ' AS ' . $field;
54 $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
55 implode(',', $fields),
56 $mask['table'], $_POST['id']);
58 $sth = pg_query($sql);
61 return array('error' => pg_last_error(),
64 $row = pg_fetch_assoc($sth);
69 foreach ($mask['details']['list'] as $field => $info)
70 if (array_key_exists('format', $info))
71 $row[$field] = sprintf($info['format'], $row[$field]);
72 elseif (array_key_exists('fetch', $info))
73 $row[$field] = $info['fetch']();
78 function format_decimal($value)
80 $value = str_replace(',','.',$value);
81 return sprintf("%.2f", $value);
86 if (array_key_exists('save', $mask))
87 return $mask['save']($mask);
89 if (empty($_POST['id']))
90 return array('error' => 'Missing ID');
92 $update = array(sprintf("sys_user = '%s'", pg_escape_string($_SESSION['sys']['login'])),
95 foreach ($mask['edit'] as $field => $info) {
96 if ($info['required'] === true && !strlen($_POST[$field]))
97 return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']),
98 'errormsg' => 'Pflichtfelder nicht ausgefüllt');
100 if ($info['type'] == 'boolean') {
101 $update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0);
102 } elseif ($info['type'] == 'number' || $info['type'] == 'hidden' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
103 if (empty($_POST[$field]) && $info['null'] === true)
104 $update[] = sprintf("%s=NULL", $field);
106 $update[] = sprintf("%s=%d", $field, $_POST[$field]);
107 } elseif ($info['type'] == 'decimal') {
108 if (empty($_POST[$field]) && $info['null'] === true)
109 $update[] = sprintf("%s=NULL", $field);
111 $update[] = sprintf("%s=%s", $field, format_decimal($_POST[$field]));
112 } elseif ($info['type'] == 'passwd') {
113 if (!empty($_POST[$field]))
114 $update[] = sprintf("%s='%s'", $field,
115 pg_escape_string(passwd(empty($_POST['login'])?$_SESSION['sys']['login']:$_POST['login'],
118 if (empty($_POST[$field]) && $info['null'] === true)
119 $update[] = sprintf("%s=NULL", $field);
121 $update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field]));
125 $sql = sprintf('UPDATE %s SET %s WHERE id = %d',
126 empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'],
127 implode(', ', $update),
128 intval($_POST['id']));
130 $sth = pg_query($sql);
132 if ($sth === false) {
133 error_log($sql . ': ' . pg_last_error());
134 return array('error' => pg_last_error(),
138 return array('status' => true);
141 function insert($mask)
143 if (array_key_exists('insert', $mask))
144 return $mask['insert']($mask);
146 $fields = array('sys_user','sys_edit');
147 $values = array("'".pg_escape_string($_SESSION['sys']['login'])."'", 'now()');
149 foreach ($mask['edit'] as $field => $info) {
150 if ($info['required'] === true && !strlen($_POST[$field]))
151 return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']),
152 'errormsg' => 'Pflichtfelder nicht ausgefüllt');
154 if ($info['type'] == 'boolean') {
156 $values[] = $_POST[$field] == 'on'?1:0;
157 } elseif ($info['type'] == 'number' || $info['type'] == 'hidden' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
159 if (empty($_POST[$field]) && $info['null'] === true)
162 $values[] = intval($_POST[$field]);
163 } elseif ($info['type'] == 'decimal') {
165 if (empty($_POST[$field]) && $info['null'] === true)
168 $values[] = format_decimal($_POST[$field]);
169 } elseif ($info['type'] == 'passwd') {
170 if (!empty($_POST[$field])) {
172 $values[] = sprintf("'%s'", pg_escape_string(passwd(empty($_POST['login'])?$_SESSION['sys']['login']:$_POST['login'],
177 if (empty($_POST[$field]) && $info['null'] === true)
180 $values[] = sprintf("'%s'", pg_escape_string($_POST[$field]));
184 $sql = sprintf('INSERT INTO %s (%s) VALUES (%s)',
185 empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'],
186 implode(',', $fields),
187 implode(',', $values));
189 $sth = pg_query($sql);
191 if ($sth === false) {
192 error_log($sql . ': ' . pg_last_error());
193 return array('error' => pg_last_error(),
197 return array('status' => true);
200 function delete_or_copy_row($table,$id)
202 if (DELETE_COPY === true) {
203 $sql = sprintf("INSERT INTO %s_deleted SELECT * FROM %s WHERE id = %d",
204 $table, $table, $id);
206 $sth = pg_query($sql);
208 if ($sth === false) {
209 error_log($sql . ': ' . pg_last_error());
210 return array('error' => pg_last_error(),
214 $sql = sprintf("UPDATE %s_deleted SET sys_user='%s',sys_edit=now() WHERE id = %d",
215 $table, $_SESSION['sys']['login'], $id);
217 $sth = pg_query($sql);
219 if ($sth === false) {
220 error_log($sql . ': ' . pg_last_error());
221 return array('error' => pg_last_error(),
226 $sql = sprintf("DELETE FROM %s WHERE id = %d", $table, $_POST['id']);
228 $sth = pg_query($sql);
230 if ($sth === false) {
231 error_log($sql . ': ' . pg_last_error());
232 return array('error' => pg_last_error(),
236 return array('status' => true);
239 function delete_or_copy($mask)
241 if (empty($_POST['id']))
242 return array('error' => 'Missing ID');
244 if (array_key_exists('delete', $mask))
245 return $mask['delete']($mask);
247 if (!empty($mask['edit_table']))
248 return array('error' => 'Cannot handle deletion for secondary table');
250 return delete_or_copy_row($mask['table'],$_POST['id']);
253 function set_variable($name,$mask)
255 if (!array_key_exists('variables',$mask))
256 return array('error' => 'Unknown variable ' . htmlspecialchars($_POST['name']));
258 if (!array_key_exists($_POST['name'],$mask['variables']))
259 return array('error' => 'Unknown variable ' . htmlspecialchars($_POST['name']));
261 $_SESSION[$name . '.' . $_POST['name']] = $_POST['value'];
263 if (array_key_exists('postcall',$mask['variables'][$_POST['name']]))
264 $mask['variables'][$_POST['name']]['postcall']();
266 return array('status' => true);
269 function get_infos($mask)
271 if (!array_key_exists('info',$mask))
272 return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
274 if (!array_key_exists($_POST['name'],$mask['info']))
275 return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
277 if (!array_key_exists('sql',$mask['info'][$_POST['name']]))
278 return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
280 $sql = $mask['info'][$_POST['name']]['sql'];
282 while (preg_match('/\{([^\}]*)\}/', $sql, $matches))
283 $sql = str_replace('{'.$matches[1].'}', $_POST[$matches[1]], $sql);
285 return array('info' => query_db($sql),
286 'parameter' => $_POST);
289 if (empty($_POST['func']))
292 if (empty($_POST['source']))
296 if (load_mask($_POST['source']) === false) exit;
298 $data = array('error' => 'Unknown function');
300 if ($_POST['func'] == 'fetch') {
301 $data = fetch($mask);
302 } elseif ($_POST['func'] == 'details') {
303 $data = details($mask);
304 } elseif ($_POST['func'] == 'save') {
306 } elseif ($_POST['func'] == 'insert') {
307 $data = insert($mask);
308 } elseif ($_POST['func'] == 'delete') {
309 $data = delete_or_copy($mask);
310 } elseif ($_POST['func'] == 'setvar') {
311 $data = set_variable($_POST['source'],$mask);
312 } elseif ($_POST['func'] == 'info') {
313 $data = get_infos($mask);