$info) { if ($info['sql'] === false) continue; if ($info['type'] == 'date') $fields[] = sprintf("to_char(%s,'DD.MM.YYYY') AS %s", empty($info['sql']) ? $field : $info['sql'], $field); elseif ($info['type'] != 'passwd') $fields[] = empty($info['sql']) ? $field : $info['sql'] . ' AS ' . $field; } $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d', implode(',', $fields), $mask['table'], $_POST['id']); $sth = pg_query($sql); if ($sth === false) return false; $row = pg_fetch_assoc($sth); foreach ($mask['edit'] as $field => $info) if ($info['type'] == 'boolean') $row[$field] = $row[$field]?true:false; elseif ($info['type'] == 'passwd') $row[$field] = ''; elseif (array_key_exists('format', $info)) $row[$field] = sprintf($info['format'], $row[$field]); return $row; } function details($mask) { if (empty($_POST['id'])) return array('error' => 'Missing ID'); $fields = array(); foreach ($mask['details']['list'] as $field => $info) { if ($info['type'] == 'date') $fields[] = sprintf("to_char(%s,'DD.MM.YYYY') AS %s", empty($info['sql']) ? $field : $info['sql'], $field); elseif (!array_key_exists('fetch',$info)) $fields[] = empty($info['sql']) ? $field : $info['sql'] . ' AS ' . $field; } if (count($fields)) { $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d', implode(',', $fields), $mask['table'], $_POST['id']); $sth = pg_query($sql); if (!$sth) return array('error' => pg_last_error(), 'sql' => $sql); $row = pg_fetch_assoc($sth); } else { $row = array(); } foreach ($mask['details']['list'] as $field => $info) if (array_key_exists('format', $info)) $row[$field] = sprintf($info['format'], $row[$field]); elseif (array_key_exists('fetch', $info)) $row[$field] = $info['fetch'](); return $row; } function format_decimal($value) { $value = str_replace(',','.',$value); return sprintf("%.2f", $value); } function save($mask) { if (empty($_POST['id'])) return array('error' => 'Missing ID'); $update = array(sprintf("sys_user = '%s'", pg_escape_string($_SESSION['sys']['login'])), "sys_edit = now()"); foreach ($mask['edit'] as $field => $info) { if ($info['required'] === true && !strlen($_POST[$field])) return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']), 'errormsg' => 'Pflichtfelder nicht ausgefüllt'); if ($info['type'] == 'boolean') { $update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0); } elseif ($info['type'] == 'number' || $info['type'] == 'hidden' || ($info['type'] == 'select' && $info['options_string'] !== true)) { if (empty($_POST[$field]) && $info['null'] === true) $update[] = sprintf("%s=NULL", $field); else $update[] = sprintf("%s=%d", $field, $_POST[$field]); } elseif ($info['type'] == 'decimal') { if (empty($_POST[$field]) && $info['null'] === true) $update[] = sprintf("%s=NULL", $field); else $update[] = sprintf("%s=%s", $field, format_decimal($_POST[$field])); } elseif ($info['type'] == 'passwd') { if (!empty($_POST[$field])) $update[] = sprintf("%s='%s'", $field, pg_escape_string(passwd(empty($_POST['login'])?$_SESSION['sys']['login']:$_POST['login'], $_POST[$field]))); } else { if (empty($_POST[$field]) && $info['null'] === true) $update[] = sprintf("%s=NULL", $field); else $update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field])); } } $sql = sprintf('UPDATE %s SET %s WHERE id = %d', empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'], implode(', ', $update), intval($_POST['id'])); $sth = pg_query($sql); if ($sth === false) { error_log($sql . ': ' . pg_last_error()); return array('error' => pg_last_error(), 'sql' => $sql); } return array('status' => true); } function insert($mask) { if (array_key_exists('insert', $mask)) return $mask['insert']($mask); $fields = array('sys_user','sys_edit'); $values = array("'".pg_escape_string($_SESSION['sys']['login'])."'", 'now()'); foreach ($mask['edit'] as $field => $info) { if ($info['required'] === true && !strlen($_POST[$field])) return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']), 'errormsg' => 'Pflichtfelder nicht ausgefüllt'); if ($info['type'] == 'boolean') { $fields[] = $field; $values[] = $_POST[$field] == 'on'?1:0; } elseif ($info['type'] == 'number' || $info['type'] == 'hidden' || ($info['type'] == 'select' && $info['options_string'] !== true)) { $fields[] = $field; if (empty($_POST[$field]) && $info['null'] === true) $values[] = 'NULL'; else $values[] = intval($_POST[$field]); } elseif ($info['type'] == 'decimal') { $fields[] = $field; if (empty($_POST[$field]) && $info['null'] === true) $values[] = 'NULL'; else $values[] = format_decimal($_POST[$field]); } elseif ($info['type'] == 'passwd') { if (!empty($_POST[$field])) { $fields[] = $field; $values[] = sprintf("'%s'", pg_escape_string(passwd(empty($_POST['login'])?$_SESSION['sys']['login']:$_POST['login'], $_POST[$field]))); } } else { $fields[] = $field; if (empty($_POST[$field]) && $info['null'] === true) $values[] = 'NULL'; else $values[] = sprintf("'%s'", pg_escape_string($_POST[$field])); } } $sql = sprintf('INSERT INTO %s (%s) VALUES (%s)', empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'], implode(',', $fields), implode(',', $values)); $sth = pg_query($sql); if ($sth === false) { error_log($sql . ': ' . pg_last_error()); return array('error' => pg_last_error(), 'sql' => $sql); } return array('status' => true); } function delete_or_copy($mask) { if (empty($_POST['id'])) return array('error' => 'Missing ID'); if (!empty($mask['edit_table'])) return array('error' => 'Cannot handle deletion for secondary table'); if (DELETE_COPY === true) { $sql = sprintf("INSERT INTO %s_deleted SELECT * FROM %s WHERE id = %d", $mask['table'], $mask['table'], $_POST['id']); $sth = pg_query($sql); if ($sth === false) { error_log($sql . ': ' . pg_last_error()); return array('error' => pg_last_error(), 'sql' => $sql); } $sql = sprintf("UPDATE %s_deleted SET sys_user='%s',sys_edit=now() WHERE id = %d", $mask['table'], $_SESSION['sys']['login'], $_POST['id']); $sth = pg_query($sql); if ($sth === false) { error_log($sql . ': ' . pg_last_error()); return array('error' => pg_last_error(), 'sql' => $sql); } } $sql = sprintf("DELETE FROM %s WHERE id = %d", $mask['table'], $_POST['id']); $sth = pg_query($sql); if ($sth === false) { error_log($sql . ': ' . pg_last_error()); return array('error' => pg_last_error(), 'sql' => $sql); } return array('status' => true); } function set_variable($name,$mask) { if (!array_key_exists('variables',$mask)) return array('error' => 'Unknown variable ' . htmlspecialchars($_POST['name'])); if (!array_key_exists($_POST['name'],$mask['variables'])) return array('error' => 'Unknown variable ' . htmlspecialchars($_POST['name'])); $_SESSION[$name . '.' . $_POST['name']] = $_POST['value']; if (array_key_exists('postcall',$mask['variables'][$_POST['name']])) $mask['variables'][$_POST['name']]['postcall'](); return array('status' => true); } function get_infos($mask) { if (!array_key_exists('info',$mask)) return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name'])); if (!array_key_exists($_POST['name'],$mask['info'])) return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name'])); if (!array_key_exists('sql',$mask['info'][$_POST['name']])) return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name'])); $sql = $mask['info'][$_POST['name']]['sql']; while (preg_match('/\{([^\}]*)\}/', $sql, $matches)) $sql = str_replace('{'.$matches[1].'}', $_POST[$matches[1]], $sql); return array('info' => query_db($sql), 'parameter' => $_POST); } if (empty($_POST['func'])) exit; if (empty($_POST['source'])) exit; connect_db(); if (load_mask($_POST['source']) === false) exit; $data = array('error' => 'Unknown function'); if ($_POST['func'] == 'fetch') { $data = fetch($mask); } elseif ($_POST['func'] == 'details') { $data = details($mask); } elseif ($_POST['func'] == 'save') { $data = save($mask); } elseif ($_POST['func'] == 'insert') { $data = insert($mask); } elseif ($_POST['func'] == 'delete') { $data = delete_or_copy($mask); } elseif ($_POST['func'] == 'setvar') { $data = set_variable($_POST['source'],$mask); } elseif ($_POST['func'] == 'info') { $data = get_infos($mask); } format_ajax($data); ?>