if (empty($_POST['id']))
return array('error' => 'Missing ID');
- $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
- implode(',', array_keys($mask['details']['list'])),
- $mask['table'], $_POST['id']);
+ $fields = array();
+ foreach ($mask['details']['list'] as $field => $info) {
+ if ($info['type'] == 'date')
+ $fields[] = sprintf("to_char(%s,'DD.MM.YYYY') AS %s",
+ empty($info['sql']) ? $field : $info['sql'],
+ $field);
+ elseif (!array_key_exists('fetch',$info))
+ $fields[] = empty($info['sql']) ? $field : $info['sql'] . ' AS ' . $field;
+ }
- $sth = pg_query($sql);
+ if (count($fields)) {
+ $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d',
+ implode(',', $fields),
+ $mask['table'], $_POST['id']);
- if (!$sth)
- return array('error' => pg_last_error(),
- 'sql' => $sql);
+ $sth = pg_query($sql);
- $row = pg_fetch_assoc($sth);
+ if (!$sth)
+ return array('error' => pg_last_error(),
+ 'sql' => $sql);
+
+ $row = pg_fetch_assoc($sth);
+ } else {
+ $row = array();
+ }
foreach ($mask['details']['list'] as $field => $info)
if (array_key_exists('format', $info))
$row[$field] = sprintf($info['format'], $row[$field]);
+ elseif (array_key_exists('fetch', $info))
+ $row[$field] = $info['fetch']();
return $row;
}
"sys_edit = now()");
foreach ($mask['edit'] as $field => $info) {
- if ($info['required'] === true && empty($_POST[$field]))
+ if ($info['required'] === true && !strlen($_POST[$field]))
return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']),
'errormsg' => 'Pflichtfelder nicht ausgefüllt');
if ($info['type'] == 'boolean') {
$update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0);
- } elseif ($info['type'] == 'number' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
+ } elseif ($info['type'] == 'number' || $info['type'] == 'hidden' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
if (empty($_POST[$field]) && $info['null'] === true)
$update[] = sprintf("%s=NULL", $field);
else
$update[] = sprintf("%s=%s", $field, format_decimal($_POST[$field]));
} elseif ($info['type'] == 'passwd') {
if (!empty($_POST[$field]))
- $update[] = sprintf("%s='%s'", $field, pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
+ $update[] = sprintf("%s='%s'", $field,
+ pg_escape_string(passwd(empty($_POST['login'])?$_SESSION['sys']['login']:$_POST['login'],
+ $_POST[$field])));
} else {
if (empty($_POST[$field]) && $info['null'] === true)
$update[] = sprintf("%s=NULL", $field);
}
}
- $sql = 'UPDATE ' . $mask['table'] . ' SET ';
- $sql .= implode(', ', $update);
- $sql .= ' WHERE id = ' . intval($_POST['id']);
+ $sql = sprintf('UPDATE %s SET %s WHERE id = %d',
+ empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'],
+ implode(', ', $update),
+ intval($_POST['id']));
$sth = pg_query($sql);
function insert($mask)
{
+ if (array_key_exists('insert', $mask))
+ return $mask['insert']($mask);
+
$fields = array('sys_user','sys_edit');
$values = array("'".pg_escape_string($_SESSION['sys']['login'])."'", 'now()');
foreach ($mask['edit'] as $field => $info) {
- if ($info['required'] === true && empty($_POST[$field]))
+ if ($info['required'] === true && !strlen($_POST[$field]))
return array('error' => sprintf('Pflichtfeld %s nicht ausgefüllt', $info['name']),
'errormsg' => 'Pflichtfelder nicht ausgefüllt');
if ($info['type'] == 'boolean') {
$fields[] = $field;
$values[] = $_POST[$field] == 'on'?1:0;
- } elseif ($info['type'] == 'number' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
+ } elseif ($info['type'] == 'number' || $info['type'] == 'hidden' || ($info['type'] == 'select' && $info['options_string'] !== true)) {
$fields[] = $field;
if (empty($_POST[$field]) && $info['null'] === true)
$values[] = 'NULL';
} elseif ($info['type'] == 'passwd') {
if (!empty($_POST[$field])) {
$fields[] = $field;
- $values[] = sprintf("'%s'", pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
+ $values[] = sprintf("'%s'", pg_escape_string(passwd(empty($_POST['login'])?$_SESSION['sys']['login']:$_POST['login'],
+ $_POST[$field])));
}
} else {
$fields[] = $field;
}
}
- $sql = 'INSERT INTO ' . $mask['table'] . ' (' . implode(',', $fields) . ') ';
- $sql .= 'VALUES (' . implode(',', $values) . ')';
+ $sql = sprintf('INSERT INTO %s (%s) VALUES (%s)',
+ empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'],
+ implode(',', $fields),
+ implode(',', $values));
$sth = pg_query($sql);
if (empty($_POST['id']))
return array('error' => 'Missing ID');
+ if (!empty($mask['edit_table']))
+ return array('error' => 'Cannot handle deletion for secondary table');
+
if (DELETE_COPY === true) {
$sql = sprintf("INSERT INTO %s_deleted SELECT * FROM %s WHERE id = %d",
$mask['table'], $mask['table'], $_POST['id']);
return array('status' => true);
}
-function format_ajax($data)
+function get_infos($mask)
{
- header('Content-type: application/json; charset=UTF-8');
- echo json_encode($data);
- exit;
+ if (!array_key_exists('info',$mask))
+ return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
+
+ if (!array_key_exists($_POST['name'],$mask['info']))
+ return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
+
+ if (!array_key_exists('sql',$mask['info'][$_POST['name']]))
+ return array('error' => 'Unknown callback ' . htmlspecialchars($_POST['name']));
+
+ $sql = $mask['info'][$_POST['name']]['sql'];
+
+ while (preg_match('/\{([^\}]*)\}/', $sql, $matches))
+ $sql = str_replace('{'.$matches[1].'}', $_POST[$matches[1]], $sql);
+
+ return array('info' => query_db($sql),
+ 'parameter' => $_POST);
}
if (empty($_POST['func']))
$data = delete_or_copy($mask);
} elseif ($_POST['func'] == 'setvar') {
$data = set_variable($_POST['source'],$mask);
+} elseif ($_POST['func'] == 'info') {
+ $data = get_infos($mask);
}
format_ajax($data);