<?php

require_once('../init.php');

function fetch($mask)
{
  $fields = array("to_char(sys_edit,'DD.MM.YYYY HH24:mm') AS sys_edit", 'sys_user');
  foreach ($mask['edit'] as $field => $info)
    if ($info['type'] != 'passwd')
      $fields[] = $field;

  $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
		 implode(',', $fields),
		 $mask['table'], $_POST['id']);

  $sth = pg_query($sql);
  if ($sth === false) return false;

  $row = pg_fetch_assoc($sth);

  foreach ($mask['edit'] as $field => $info)
    if ($info['type'] == 'boolean')
      $row[$field] = $row[$field]?true:false;
    elseif ($info['type'] == 'passwd')
      $row[$field] = '';
    elseif (array_key_exists('format', $info))
      $row[$field] = sprintf($info['format'], $row[$field]);

  return $row;
}

function details($mask)
{
  if (empty($_POST['id']))
    return array('error' => 'Missing ID');

  $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
		 implode(',', array_keys($mask['details']['list'])),
		 $mask['table'], $_POST['id']);

  $sth = pg_query($sql);

  if (!$sth)
    return array('error' => pg_last_error(),
		 'sql' => $sql);

  $row = pg_fetch_assoc($sth);

  foreach ($mask['details']['list'] as $field => $info)
    if (array_key_exists('format', $info))
      $row[$field] = sprintf($info['format'], $row[$field]);

  return $row;
}

function save($mask)
{
  if (empty($_POST['id']))
    return array('error' => 'Missing ID');

  $update = array(sprintf("sys_user = '%s'", pg_escape_string($_SESSION['sys']['login'])),
		  "sys_edit = now()");

  foreach ($mask['edit'] as $field => $info)
    if ($info['type'] == 'boolean') {
      $update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0);
    } elseif ($info['type'] == 'number') {
      $update[] = sprintf("%s=%d", $field, $_POST[$field]);
    } elseif ($info['type'] == 'passwd') {
      if (!empty($_POST[$field]))
	$update[] = sprintf("%s='%s'", $field, pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
    } else {
      $update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field]));
    }

  $sql = 'UPDATE ' . $mask['table'] . ' SET ';
  $sql .= implode(', ', $update);
  $sql .= ' WHERE id = ' . intval($_POST['id']);

  $sth = pg_query($sql);

  if ($sth === false) {
    error_log($sql . ': ' . pg_last_error());
    return array('error' => pg_last_error(),
                 'sql' => $sql);
  }

  return array('status' => true);
}

function insert($mask)
{
  $fields = array('sys_user','sys_edit');
  $values = array("'".pg_escape_string($_SESSION['sys']['login'])."'", 'now()');

  foreach ($mask['edit'] as $field => $info)
    if ($info['type'] == 'boolean') {
      $fields[] = $field;
      $values[] = $_POST[$field] == 'on'?1:0;
    } elseif ($info['type'] == 'number') {
      $fields[] = $field;
      $values[] = intval($_POST[$field]);
    } elseif ($info['type'] == 'passwd') {
      if (!empty($_POST[$field])) {
	$fields[] = $field;
	$values[] = sprintf("'%s'", pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
      }
    } else {
      $fields[] = $field;
      $values[] = sprintf("'%s'", pg_escape_string($_POST[$field]));
    }

  $sql = 'INSERT INTO ' . $mask['table'] . ' (' . implode(',', $fields) . ') ';
  $sql .= 'VALUES (' . implode(',', $values) . ')';

  $sth = pg_query($sql);

  if ($sth === false) {
    error_log($sql . ': ' . pg_last_error());
    return array('error' => pg_last_error(),
                 'sql' => $sql);
  }

  return array('status' => true);
}

function delete_or_copy($mask)
{
  if (empty($_POST['id']))
    return array('error' => 'Missing ID');

  if (DELETE_COPY === true) {
    $sql = sprintf("INSERT INTO %s_deleted SELECT * FROM %s WHERE id = %d",
		   $mask['table'], $mask['table'], $_POST['id']);

    $sth = pg_query($sql);

    if ($sth === false) {
      error_log($sql . ': ' . pg_last_error());
      return array('error' => pg_last_error(),
		   'sql' => $sql);
    }

    $sql = sprintf("UPDATE %s_deleted SET sys_user='%s',sys_edit=now() WHERE id = %d",
		   $mask['table'], $_SESSION['sys']['login'], $_POST['id']);

    $sth = pg_query($sql);

    if ($sth === false) {
      error_log($sql . ': ' . pg_last_error());
      return array('error' => pg_last_error(),
		   'sql' => $sql);
    }
  }

  $sql = sprintf("DELETE FROM %s WHERE id = %d", $mask['table'], $_POST['id']);

  $sth = pg_query($sql);

  if ($sth === false) {
    error_log($sql . ': ' . pg_last_error());
    return array('error' => pg_last_error(),
                 'sql' => $sql);
  }

  return array('status' => true);
}

function format_ajax($data)
{
  header('Content-type: application/json; charset=UTF-8');
  echo json_encode($data);
  exit;
}

if (empty($_POST['func']))
  exit;

if (empty($_POST['source']))
  exit;

connect_db();
if (load_mask($_POST['source']) === false) exit;

$data = array('error' => 'Unknown function');

if ($_POST['func'] == 'fetch') {
  $data = fetch($mask);
} elseif ($_POST['func'] == 'details') {
  $data = details($mask);
} elseif ($_POST['func'] == 'save') {
  $data = save($mask);
} elseif ($_POST['func'] == 'insert') {
  $data = insert($mask);
} elseif ($_POST['func'] == 'delete') {
  $data = delete_or_copy($mask);
}

format_ajax($data);

?>