X-Git-Url: https://git.infodrom.org/?p=misc%2Fkostenrechnung;a=blobdiff_plain;f=ajax%2Fajax.php;h=f095f92bf0489bdd889a10bfaeb4333b009e194f;hp=57f35a3fa4926ceb647aa64e5d0cdd15563d5b51;hb=b5672ad38ca113fcb1ad7c5d15f4c2b8ead4c883;hpb=a19c85f249af5dd5db7b0cc62f3ba45243bbb82d diff --git a/ajax/ajax.php b/ajax/ajax.php index 57f35a3..f095f92 100644 --- a/ajax/ajax.php +++ b/ajax/ajax.php @@ -4,8 +4,13 @@ require_once('../init.php'); function fetch($mask) { + $fields = array('sys_edit', 'sys_user'); + foreach ($mask['edit'] as $field => $info) + if ($info['type'] != 'passwd') + $fields[] = $field; + $sql = sprintf('SELECT id,%s FROM %s WHERE id = %d', - implode(',', array_keys($mask['edit'])), + implode(',', $fields), $mask['table'], $_POST['id']); $sth = pg_query($sql); @@ -46,6 +51,111 @@ function details($mask) return $row; } +function save($mask) +{ + if (empty($_POST['id'])) + return array('error' => 'Missing ID'); + + $update = array(sprintf("sys_user = '%s'", pg_escape_string($_SESSION['sys']['login'])), + "sys_edit = now()"); + + foreach ($mask['edit'] as $field => $info) + if ($info['type'] == 'boolean') { + $update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0); + } elseif ($info['type'] == 'number') { + $update[] = sprintf("%s=%d", $field, $_POST[$field]); + } else { + $update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field])); + } + + $sql = 'UPDATE ' . $mask['table'] . ' SET '; + $sql .= implode(', ', $update); + $sql .= ' WHERE id = ' . intval($_POST['id']); + + $sth = pg_query($sql); + + if ($sth === false) { + error_log($sql . ': ' . pg_last_error()); + return array('error' => pg_last_error(), + 'sql' => $sql); + } + + return array('status' => true); +} + +function insert($mask) +{ + $fields = array('sys_user','sys_edit'); + $values = array("'".pg_escape_string($_SESSION['sys']['login'])."'", 'now()'); + + foreach ($mask['edit'] as $field => $info) + if ($info['type'] == 'boolean') { + $fields[] = $field; + $values[] = $_POST[$field] == 'on'?1:0; + } elseif ($info['type'] == 'number') { + $fields[] = $field; + $values[] = intval($_POST[$field]); + } else { + $fields[] = $field; + $values[] = sprintf("'%s'", pg_escape_string($_POST[$field])); + } + + $sql = 'INSERT INTO ' . $mask['table'] . ' (' . implode(',', $fields) . ') '; + $sql .= 'VALUES (' . implode(',', $values) . ')'; + + $sth = pg_query($sql); + + if ($sth === false) { + error_log($sql . ': ' . pg_last_error()); + return array('error' => pg_last_error(), + 'sql' => $sql); + } + + return array('status' => true); +} + +function delete_or_copy($mask) +{ + if (empty($_POST['id'])) + return array('error' => 'Missing ID'); + + if (DELETE_COPY === true) { + $sql = sprintf("INSERT INTO %s_deleted SELECT * FROM %s WHERE id = %d", + $mask['table'], $mask['table'], $_POST['id']); + + $sth = pg_query($sql); + + if ($sth === false) { + error_log($sql . ': ' . pg_last_error()); + return array('error' => pg_last_error(), + 'sql' => $sql); + } + + $sql = sprintf("UPDATE %s_deleted SET sys_user='%s',sys_edit=now() WHERE id = %d", + $mask['table'], $_SESSION['sys']['login'], $_POST['id']); + + $sth = pg_query($sql); + + if ($sth === false) { + error_log($sql . ': ' . pg_last_error()); + return array('error' => pg_last_error(), + 'sql' => $sql); + } + } + + $sql = sprintf("DELETE FROM %s WHERE id = %d", $mask['table'], $_POST['id']); + + $sth = pg_query($sql); + + if ($sth === false) { + error_log($sql . ': ' . pg_last_error()); + return array('error' => pg_last_error(), + 'sql' => $sql); + } + + return array('status' => true); +} + function format_ajax($data) { header('Content-type: application/json; charset=UTF-8'); @@ -69,7 +179,11 @@ if ($_POST['func'] == 'fetch') { } elseif ($_POST['func'] == 'details') { $data = details($mask); } elseif ($_POST['func'] == 'save') { - error_log('save'); + $data = save($mask); +} elseif ($_POST['func'] == 'insert') { + $data = insert($mask); +} elseif ($_POST['func'] == 'delete') { + $data = delete_or_copy($mask); } format_ajax($data);