3 require_once('../init.php');
7 $fields = array("to_char(sys_edit,'DD.MM.YYYY HH24:mm') AS sys_edit", 'sys_user');
8 foreach ($mask['edit'] as $field => $info) {
9 if ($info['sql'] === false) continue;
10 if ($info['type'] == 'date')
11 $fields[] = sprintf("to_char(%s,'DD.MM.YYYY') AS %s",
12 empty($info['sql']) ? $field : $info['sql'],
14 elseif ($info['type'] != 'passwd')
15 $fields[] = empty($info['sql']) ? $field : $info['sql'] . ' AS ' . $field;
18 $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
19 implode(',', $fields),
20 $mask['table'], $_POST['id']);
22 $sth = pg_query($sql);
23 if ($sth === false) return false;
25 $row = pg_fetch_assoc($sth);
27 foreach ($mask['edit'] as $field => $info)
28 if ($info['type'] == 'boolean')
29 $row[$field] = $row[$field]?true:false;
30 elseif ($info['type'] == 'passwd')
32 elseif (array_key_exists('format', $info))
33 $row[$field] = sprintf($info['format'], $row[$field]);
38 function details($mask)
40 if (empty($_POST['id']))
41 return array('error' => 'Missing ID');
43 $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
44 implode(',', array_keys($mask['details']['list'])),
45 $mask['table'], $_POST['id']);
47 $sth = pg_query($sql);
50 return array('error' => pg_last_error(),
53 $row = pg_fetch_assoc($sth);
55 foreach ($mask['details']['list'] as $field => $info)
56 if (array_key_exists('format', $info))
57 $row[$field] = sprintf($info['format'], $row[$field]);
62 function format_decimal($value)
64 $value = str_replace(',','.',$value);
65 return sprintf("%.2f", $value);
70 if (empty($_POST['id']))
71 return array('error' => 'Missing ID');
73 $update = array(sprintf("sys_user = '%s'", pg_escape_string($_SESSION['sys']['login'])),
76 foreach ($mask['edit'] as $field => $info) {
77 if ($info['required'] === true && empty($_POST[$field]))
78 return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']),
79 'errormsg' => 'Pflichtfelder nicht ausgefüllt');
81 if ($info['type'] == 'boolean') {
82 $update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0);
83 } elseif ($info['type'] == 'number' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
84 if (empty($_POST[$field]) && $info['null'] === true)
85 $update[] = sprintf("%s=NULL", $field);
87 $update[] = sprintf("%s=%d", $field, $_POST[$field]);
88 } elseif ($info['type'] == 'decimal') {
89 if (empty($_POST[$field]) && $info['null'] === true)
90 $update[] = sprintf("%s=NULL", $field);
92 $update[] = sprintf("%s=%s", $field, format_decimal($_POST[$field]));
93 } elseif ($info['type'] == 'passwd') {
94 if (!empty($_POST[$field]))
95 $update[] = sprintf("%s='%s'", $field, pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
97 if (empty($_POST[$field]) && $info['null'] === true)
98 $update[] = sprintf("%s=NULL", $field);
100 $update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field]));
104 $sql = 'UPDATE ' . $mask['table'] . ' SET ';
105 $sql .= implode(', ', $update);
106 $sql .= ' WHERE id = ' . intval($_POST['id']);
108 $sth = pg_query($sql);
110 if ($sth === false) {
111 error_log($sql . ': ' . pg_last_error());
112 return array('error' => pg_last_error(),
116 return array('status' => true);
119 function insert($mask)
121 $fields = array('sys_user','sys_edit');
122 $values = array("'".pg_escape_string($_SESSION['sys']['login'])."'", 'now()');
124 foreach ($mask['edit'] as $field => $info) {
125 if ($info['required'] === true && empty($_POST[$field]))
126 return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']),
127 'errormsg' => 'Pflichtfelder nicht ausgefüllt');
129 if ($info['type'] == 'boolean') {
131 $values[] = $_POST[$field] == 'on'?1:0;
132 } elseif ($info['type'] == 'number' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
134 if (empty($_POST[$field]) && $info['null'] === true)
137 $values[] = intval($_POST[$field]);
138 } elseif ($info['type'] == 'decimal') {
140 if (empty($_POST[$field]) && $info['null'] === true)
143 $values[] = format_decimal($_POST[$field]);
144 } elseif ($info['type'] == 'passwd') {
145 if (!empty($_POST[$field])) {
147 $values[] = sprintf("'%s'", pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
151 if (empty($_POST[$field]) && $info['null'] === true)
154 $values[] = sprintf("'%s'", pg_escape_string($_POST[$field]));
158 $sql = 'INSERT INTO ' . $mask['table'] . ' (' . implode(',', $fields) . ') ';
159 $sql .= 'VALUES (' . implode(',', $values) . ')';
161 $sth = pg_query($sql);
163 if ($sth === false) {
164 error_log($sql . ': ' . pg_last_error());
165 return array('error' => pg_last_error(),
169 return array('status' => true);
172 function delete_or_copy($mask)
174 if (empty($_POST['id']))
175 return array('error' => 'Missing ID');
177 if (DELETE_COPY === true) {
178 $sql = sprintf("INSERT INTO %s_deleted SELECT * FROM %s WHERE id = %d",
179 $mask['table'], $mask['table'], $_POST['id']);
181 $sth = pg_query($sql);
183 if ($sth === false) {
184 error_log($sql . ': ' . pg_last_error());
185 return array('error' => pg_last_error(),
189 $sql = sprintf("UPDATE %s_deleted SET sys_user='%s',sys_edit=now() WHERE id = %d",
190 $mask['table'], $_SESSION['sys']['login'], $_POST['id']);
192 $sth = pg_query($sql);
194 if ($sth === false) {
195 error_log($sql . ': ' . pg_last_error());
196 return array('error' => pg_last_error(),
201 $sql = sprintf("DELETE FROM %s WHERE id = %d", $mask['table'], $_POST['id']);
203 $sth = pg_query($sql);
205 if ($sth === false) {
206 error_log($sql . ': ' . pg_last_error());
207 return array('error' => pg_last_error(),
211 return array('status' => true);
214 function set_variable($name,$mask)
216 if (!array_key_exists('variables',$mask))
217 return array('error' => 'Unknown variable ' . htmlspecialchars($_POST['name']));
219 if (!array_key_exists($_POST['name'],$mask['variables']))
220 return array('error' => 'Unknown variable ' . htmlspecialchars($_POST['name']));
222 $_SESSION[$name . '.' . $_POST['name']] = $_POST['value'];
224 if (array_key_exists('postcall',$mask['variables'][$_POST['name']]))
225 $mask['variables'][$_POST['name']]['postcall']();
227 return array('status' => true);
230 function get_infos($mask)
232 if (!array_key_exists('info',$mask))
233 return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
235 if (!array_key_exists($_POST['name'],$mask['info']))
236 return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
238 if (!array_key_exists('sql',$mask['info'][$_POST['name']]))
239 return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
241 $sql = $mask['info'][$_POST['name']]['sql'];
243 while (preg_match('/\{([^\}]*)\}/', $sql, $matches))
244 $sql = str_replace('{'.$matches[1].'}', $_POST[$matches[1]], $sql);
246 return array('info' => query_db($sql));
249 function format_ajax($data)
251 header('Content-type: application/json; charset=UTF-8');
252 echo json_encode($data);
256 if (empty($_POST['func']))
259 if (empty($_POST['source']))
263 if (load_mask($_POST['source']) === false) exit;
265 $data = array('error' => 'Unknown function');
267 if ($_POST['func'] == 'fetch') {
268 $data = fetch($mask);
269 } elseif ($_POST['func'] == 'details') {
270 $data = details($mask);
271 } elseif ($_POST['func'] == 'save') {
273 } elseif ($_POST['func'] == 'insert') {
274 $data = insert($mask);
275 } elseif ($_POST['func'] == 'delete') {
276 $data = delete_or_copy($mask);
277 } elseif ($_POST['func'] == 'setvar') {
278 $data = set_variable($_POST['source'],$mask);
279 } elseif ($_POST['func'] == 'info') {
280 $data = get_infos($mask);