* */ /** * Class baskets: contains all the functions and forms to manage the baskets * * @author Claire Figueras * @license GPL * @package maarch * @version 2.1 */ class basket extends dbquery { /** * @access private * @var integer */ private $the_start; /** * Redefinition of the user object constructor : configure the SQL argument order by */ function __construct() { // configure the sql argument order by if(isset($_GET['start'])) { $this->the_start = strip_tags($_GET['start']); } else { $this->the_start = 0; } } /** * Lists the letters of the alphabet to list the baskets */ public function basketlistletters() { ?> connect(); $this->query("select count(*) as total from ".$table_name); $nb_total_1 = $this->fetch_object(); $nb_total = $nb_total_1->total; // define the defaults values $nb_pages = ceil($nb_total/$nb_show); $link = "index.php?page=".$page_name."&start=".$this->the_start."&order=".$this->orderby.$what; if($nb_pages > 1) { $next_start = 0; $page_list1 = '

'._GO_TO_PAGE.' '; $lastpage = 0; for($i = 0;$i <> $nb_pages; $i++) { $page_name = $i + 1; $the_line = $i + 1; if($this->the_start == $next_start) { $page_list1 .= ""; $page_list2 .= ""; } else { $page_list1 .= ""; $page_list2 .= ""; } $next_start = $next_start + $nb_show; $lastpage = $next_start; } $lastpage = $lastpage - $nb_show; $previous = ""; $next = ""; if($this->the_start > 0) { $start_prev = $this->the_start - $nb_show; $previous = ''._PREVIOUS.''; } if($this->the_start <> $lastpage) { $start_next = $this->the_start + $nb_show; $next = ''._NEXT.''; } $page_list1 = $page_list1.""; $page_list2 = $page_list2.""; if($previous <> '' || $next <> '') { if(empty($previous)) { $previous = " "; } if(empty($next)) { $next = " "; } $page_list1 .= $previous." ".$next.'

'; $page_list2 .= $previous." ".$next.'

'; } } $this->query("select * from ".$table_name." ".$where." ".$this->sqlorderby." limit ".$this->the_start.",".$nb_show); echo '

'.$title.'

'; $this->basketlistletters(); echo $page_list1; ?> fetch_object()) { if($color == ' class="col"') { $color = ''; } else { $color = ' class="col"'; } ?> >



BASKET_ID; ?>	BASKET_NAME); ?>	BASKET_DESC); ?>		IS_GENERIC == 'N') { echo ''._DELETE.''; } ?>

query("select BASKET_ID, BASKET_NAME from ".$_SESSION['tablename']['baskets']." where IS_GENERIC = 'N' order by basket_name"); while($line = $this->fetch_object()) { array_push($_SESSION['m_admin']['non_generic_basket'], array("BASKET_ID" => $line->BASKET_ID, "BASKET_NAME" => stripslashes($line->BASKET_NAME))); } $this->query("select group_id, group_desc from ".$_SESSION['tablename']['usergroups']." order by group_desc "); $_SESSION['groups'] = array(); $line = ""; while($line = $this->fetch_object()) { array_push($_SESSION['groups'], array('ID' =>$line->group_id, 'LABEL' => $line->group_desc)); } $_SESSION['services'] = array(); $this->query("select ID, SERVICE from ".$_SESSION['tablename']['services']." where ENABLED = 'Y' order by service"); while($line = $this->fetch_object()) { array_push($_SESSION['services'], array("ID"=>$line->ID, "LABEL" => $line->SERVICE)); } $_SESSION['m_admin']['load_groupbasket'] = true; } /** * Load data from the groupbasket table in the session ( $_SESSION['m_admin']['basket']['groups'] array) * * @param string $id basket identifier */ private function load_groupbasket($id) { $this->connect(); $_SESSION['m_admin']['basket']['groups'] = array(); $i =0; $this->query("select gb.GROUP_ID, gb.CAN_REDIRECT, gb.CAN_DELETE, gb.CAN_INSERT, gb.REDIRECT_BASKETLIST, gb.REDIRECT_GROUPLIST, gb.SEQUENCE, gb.RESULT_PAGE, u.GROUP_DESC from ".$_SESSION['tablename']['groupbasket']." gb, ".$_SESSION['tablename']['usergroups']." u where gb.BASKET_ID = '".$id."' and gb.GROUP_ID = u.GROUP_ID order by u.GROUP_DESC"); while($line2 = $this->fetch_object()) { $_SESSION['m_admin']['basket']['groups'][$i] = array("GROUP_ID" => $line2->GROUP_ID , "GROUP_LABEL" => $line2->GROUP_DESC, "REDIRECT" => $line2->CAN_REDIRECT , "DEL" => $line2->CAN_DELETE , "DUPLIQ" => $line2->CAN_INSERT , "BASKET_LIST" => $line2->REDIRECT_BASKETLIST , "GROUP_LIST" => $line2->REDIRECT_GROUPLIST , "SEQUENCE" => $line2->SEQUENCE, "RESULT_PAGE" => $line2->RESULT_PAGE); $i++; } $_SESSION['m_admin']['groupbasket'] = false ; } /** * Form for the management of the basket. * * @param string $mode administrator mode (modification, suspension, authorization, delete) * @param string $id group identifier (empty by default) */ public function formbasket($mode,$id = "") { $func = new functions(); $state = true; if($mode == "up") { $_SESSION['m_admin']['mode'] = "up"; if(empty($_SESSION['error'])) { $this->connect(); $this->query("select * from ".$_SESSION['tablename']['baskets']." where BASKET_ID = '".$id."' and ENABLED= 'Y'"); if($this->nb_result() == 0) { $_SESSION['error'] = _BASKET_MISSING; $state = false; } else { $_SESSION['m_admin']['basket']['basketId'] = $id; $line = $this->fetch_object(); $_SESSION['m_admin']['basket']['desc'] = stripslashes($line->BASKET_DESC); $_SESSION['m_admin']['basket']['name'] = stripslashes($line->BASKET_NAME); $_SESSION['m_admin']['basket']['clause'] = $line->BASKET_CLAUSE; $_SESSION['m_admin']['basket']['is_generic'] = $line->IS_GENERIC; $_SESSION['m_admin']['basket']['table'] = $line->RES_TABLE; if (! isset($_SESSION['m_admin']['load_groupbasket']) || $_SESSION['m_admin']['load_groupbasket'] == true) { $this->load_groupbasket($id); $_SESSION['m_admin']['groupbasket'] = false ; } } } } if($mode == "add") { echo '

'._BASKET_ADDITION.'

'; } elseif($mode == "up") { echo '

'._BASKET_MODIFICATION.'

'; } ?>

"._BASKET.' '._UNKNOWN."

"; } else { ?>

wash($_POST['basketId'], "alphanum", _THE_ID); } if($mode == "up") { $_SESSION['m_admin']['basket']['basketId'] = $func->wash($_POST['id'], "alphanum", _THE_ID); } //if(isset($_POST['basketname']) && !empty($_POST['basketname'])) //{ $_SESSION['m_admin']['basket']['name'] = $func->wash($_POST['basketname'], "no", _THE_BASKET); //} if (isset($_POST['basketdesc']) && !empty($_POST['basketdesc'])) { $_SESSION['m_admin']['basket']['desc'] = $func->wash($_POST['basketdesc'], "no", _THE_DESC); } else { $_SESSION['m_admin']['basket']['desc'] = ''; } //if ( isset($_POST['table']) && !empty($_POST['table'])) //{ $_SESSION['m_admin']['basket']['table'] = $func->wash($_POST['table'], "no", _THE_TABLE); //} if (isset($_POST['basketclause']) && !empty($_POST['basketclause'])) { $_SESSION['m_admin']['basket']['clause'] = trim($_POST['basketclause']); //$_SESSION['m_admin']['basket']['clause'] = $func->wash($_POST['basketclause'], "no", _THE_TABLE); //$_SESSION['m_admin']['basket']['clause'] = str_replace("\'", "''", _WHERE_CLAUSE ); } else { $_SESSION['m_admin']['basket']['clause'] = ' 1 '; } if(count($_SESSION['m_admin']['basket']['groups']) < 1) { $func->add_error(_BELONGS_TO_NO_GROUP, ""); } } /** * Add ou modify baskets in the database * * @param string $mode up or add */ public function addupbasket($mode) { // add ou modify basket in the database $this->basketinfo($mode); if(!empty($_SESSION['error'])) { if($mode == "up") { if(!empty($_SESSION['m_admin']['basket']['basketId'])) { header("location: index.php?page=basket_up&id=".$_SESSION['m_admin']['basket']['basketId']); exit; } else { header("location: index.php?page=basket"); exit; } } elseif($mode == "add") { header("location: index.php?page=basket_add"); exit; } } else { $this->connect(); if($mode == "add") { $this->query("select BASKET_ID from ".$_SESSION['tablename']['baskets']." where BASKET_ID= '".$_SESSION['m_admin']['basket']['basketId']."'"); if($this->nb_result() > 0) { $_SESSION['error'] = $_SESSION['m_admin']['basket']['basketId']." "._ALREADY_EXISTS."
"; header("location: index.php?page=basket_add"); exit; } else { //$tmp = str_replace("'", "''", $_SESSION['m_admin']['basket']['clause']); $tmp =$_SESSION['m_admin']['basket']['clause']; $this->query("INSERT INTO ".$_SESSION['tablename']['baskets']." ( RES_TABLE, BASKET_ID, BASKET_NAME, BASKET_DESC , BASKET_CLAUSE ) VALUES ( '".$_SESSION['m_admin']['basket']['table']."', '".$_SESSION['m_admin']['basket']['basketId']."', '".$_SESSION['m_admin']['basket']['name']."', '".$_SESSION['m_admin']['basket']['desc']."','".$tmp." ')", "no"); //$this->show(); //exit; //if($_SESSION['m_admin']['basket']['is_generic'] <> "LATE" && $_SESSION['m_admin']['basket']['is_generic'] <> "PERSO") //{ if($_SESSION['m_admin']['basket']['basketId'] <> 'CopyMailBasket') { $syntax = true; $syntax = $this -> where_test(); if($syntax <> true) { $_SESSION['error'] .= " : "._SYNTAX_ERROR_WHERE_CLAUSE."." ; header("location: index.php?page=basket_up&id=".$_SESSION['m_admin']['basket']['basketId']); exit; } } //} $this->load_db(); if($_SESSION['history']['basketadd'] == "true") { require("class_history.php"); $hist = new history(); $hist->add($_SESSION['tablename']['baskets'], $_SESSION['m_admin']['basket']['basketId'],"ADD",_BASKET_ADDED." : ".$_SESSION['m_admin']['basket']['basketId']); } $this->clearbasketinfos(); $_SESSION['error'] = _BASKET_ADDED; header("location: index.php?page=basket"); exit; } } elseif($mode == "up") { $clause = ""; if($_SESSION['m_admin']['basket']['clause'] <> "") { //$tmp = str_replace("'", "''", $_SESSION['m_admin']['basket']['clause']); $tmp = $_SESSION['m_admin']['basket']['clause']; $clause = ", BASKET_CLAUSE = '".$tmp."'"; } $this->query("UPDATE ".$_SESSION['tablename']['baskets']." set BASKET_NAME = '".$_SESSION['m_admin']['basket']['name']."' , RES_TABLE = '".$_SESSION['m_admin']['basket']['table']."', BASKET_DESC = '".$_SESSION['m_admin']['basket']['desc']."' ".$clause." where BASKET_ID = '".$_SESSION['m_admin']['basket']['basketId']."'", "no"); require_once("class_security.php"); $sec = new security(); if($_SESSION['m_admin']['basket']['basketId'] <> 'CopyMailBasket') { $syntax = true; $syntax = $this -> where_test(); if($syntax <> true) { $_SESSION['error'] .= " : "._SYNTAX_ERROR_WHERE_CLAUSE."." ; header("location: index.php?page=basket_up&id=".$_SESSION['m_admin']['basket']['basketId']); exit; } } $this->load_db(); if($_SESSION['history']['basketup'] == "true") { require("class_history.php"); $hist = new history(); $hist->add($_SESSION['tablename']['baskets'], $_SESSION['m_admin']['basket']['basketId'],"UP",_BASKET_UPDATE." : ".$_SESSION['m_admin']['basket']['basketId']); } $this->clearbasketinfos(); $_SESSION['error'] = _BASKET_UPDATED; header("location: index.php?page=basket"); exit; } } } /** * Clean the $_SESSION['m_admin']['basket'] array */ private function clearbasketinfos() { // clear the users add or modification vars $_SESSION['m_admin']['basket'] = array(); $_SESSION['m_admin']['basket']['basketId'] = ""; $_SESSION['m_admin']['basket']['desc'] = ""; $_SESSION['m_admin']['basket']['name'] = ""; $_SESSION['m_admin']['basket']['table'] = ""; $_SESSION['m_admin']['basket']['clause'] = ""; $_SESSION['m_admin']['basket']['is_generic'] = ""; $_SESSION['m_admin']['basket']['groups'] = array(); } /** * Check the basket where clause */ public function where_test() { $_SESSION['error'] =""; $link = mysql_connect( $_SESSION['config']['databaseserver'],$_SESSION['config']['databaseuser'], $_SESSION['config']['databasepassword']); if(!$link) { } else { $db = mysql_select_db($_SESSION['config']['databasename'], $link); } $where = ""; $res2 = true; if( !empty ($_SESSION['m_admin']['basket']['clause'])) { $where = " where ".$_SESSION['m_admin']['basket']['clause'] ; $where = str_replace("\\", "", $where); $where = str_replace("@user", "'".$_SESSION['user']['UserId']."'", $where); $where = str_replace("@groupuser", "('".$_SESSION['user']['primarygroup']."')", $where); } $res = mysql_query("SELECT count(*) from ".$_SESSION['m_admin']['basket']['table']." ".$where); if(!$res ) { $_SESSION['error'] .= " ".$_SESSION['m_admin']['basket']['table']; $res2 = false; } return $res2; } /** * Load the basket data in the database */ public function load_db() { $this->connect(); $this->query("DELETE FROM ".$_SESSION['tablename']['groupbasket'] ." where BASKET_ID = '".$_SESSION['m_admin']['basket']['basketId']."'"); //$this->show(); $grouplistetmp =""; for($i=0; $i < count($_SESSION['m_admin']['basket']['groups'] ); $i++) { $grouplistetmp = $_SESSION['m_admin']['basket']['groups'][$i]['GROUP_LIST']; $grouplistetmp = str_replace("'", "\'", $_SESSION['m_admin']['basket']['groups'][$i]['GROUP_LIST']); //$grouplistetmp = str_replace("''''", "''", $grouplistetmp ); $temp = ereg_replace("^,", "", trim($_SESSION['m_admin']['basket']['groups'][$i]['BASKET_LIST'])); $temp = str_replace("''", "'", $temp); $temp = addslashes($temp); $this->query("INSERT INTO ".$_SESSION['tablename']['groupbasket']." VALUES ('".$_SESSION['m_admin']['basket']['groups'][$i]['GROUP_ID']."', '".$_SESSION['m_admin']['basket']['basketId']."', ".$_SESSION['m_admin']['basket']['groups'][$i]['SEQUENCE'].", '".$temp."', '".$grouplistetmp."' ,'".$_SESSION['m_admin']['basket']['groups'][$i]['REDIRECT']."', '".$_SESSION['m_admin']['basket']['groups'][$i]['DEL']."','".$_SESSION['m_admin']['basket']['groups'][$i]['DUPLIQ']."', '".$_SESSION['m_admin']['basket']['groups'][$i]['RESULT_PAGE']."' )"); // $this->show(); } //exit; } /** * Allow, suspend or delete basket in the database * * @param string $id basket identifier * @param string $mode allow, ban or del */ public function adminbasket($id,$mode) { if(!empty($_SESSION['error'])) { header("location: index.php?page=basket"); exit; } else { $this->connect(); $this->query("select BASKET_ID from ".$_SESSION['tablename']['baskets']." where BASKET_ID = '".$id."'"); if($this->nb_result() == 0) { $_SESSION['error'] = _BASKET_MISSING; header("location: index.php?page=basket"); exit; } else { $info = $this->fetch_object(); if($mode == "allow") { $this->query("Update ".$_SESSION['tablename']['baskets']." set enabled = 'Y' where BASKET_ID = '".$id."'", "no"); if($_SESSION['history']['basketval'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['baskets'], $id,"VAL",_BASKET_AUTORIZATION." : ".$id); } $_SESSION['error'] = _AUTORIZED_BASKET; } elseif($mode == "ban") { $this->query("Update ".$_SESSION['tablename']['baskets']." set enabled = 'N' where basket_id = '".$id."'", "no"); if($_SESSION['history']['basketban'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['baskets'], $id,"BAN",_BASKET_SUSPENSION." : ".$id); } $_SESSION['error'] = _SUSPENDED_BASKET; } elseif($mode == "del" ) { $this->query("delete from ".$_SESSION['tablename']['baskets']." where basket_id = '".$id."'"); $this->query("delete from ".$_SESSION['tablename']['groupbasket']." where basket_id = '".$id."'"); if($_SESSION['history']['basketdel'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['baskets'], $id,"DEL",_BASKET_DELETION." : ".$id); } $_SESSION['error'] = _BASKET_DELETION; } header("location: index.php?page=basket"); exit; } } } public function load_current_basket($id_basket) { $_SESSION['current_basket'] = array(); $_SESSION['current_basket']['id'] = trim($id_basket); $ind = -1; for($i=0; $i < count($_SESSION['user']['baskets']); $i++) { if($_SESSION['user']['baskets'][$i]['basket_id'] == $_SESSION['current_basket']['id']) { $ind = $i; break; } } if($ind > -1) { $_SESSION['current_basket']['table'] = $_SESSION['user']['baskets'][$ind]['table']; $_SESSION['current_basket']['page'] = $_SESSION['user']['baskets'][$ind]['page']; $_SESSION['current_basket']['label'] = $_SESSION['user']['baskets'][$ind]['name']; $_SESSION['current_basket']['clause'] = $_SESSION['user']['baskets'][$ind]['clause']; $_SESSION['current_basket']['can_insert'] = $_SESSION['user']['baskets'][$ind]['can_insert']; $_SESSION['current_basket']['can_modify'] = $_SESSION['user']['baskets'][$ind]['can_modify']; $_SESSION['current_basket']['can_delete'] = $_SESSION['user']['baskets'][$ind]['can_delete']; $_SESSION['current_basket']['can_redirect'] = $_SESSION['user']['baskets'][$ind]['can_redirect']; } $_SESSION['current_basket']['no_action'] = false; if($_SESSION['current_basket']['can_delete'] == false && $_SESSION['current_basket']['can_redirect'] <> 'Y') { $_SESSION['current_basket']['no_action'] = true; } $this->query("select REDIRECT_BASKETLIST, REDIRECT_GROUPLIST from ".$_SESSION['tablename']['groupbasket']." where BASKET_ID = '".$_SESSION['current_basket']['id']."' and GROUP_ID = '".$_SESSION['user']['primarygroup']."'"); $res = $this->fetch_object(); $_SESSION['current_basket']['redirect_services'] = trim(stripslashes($res->REDIRECT_BASKETLIST)); $_SESSION['current_basket']['redirect_users'] = trim($res->REDIRECT_GROUPLIST); if(ereg('.php$', $_SESSION['current_basket']['page'])) { header('location:'.$_SESSION['current_basket']['page']); } else { header('location:index.php?page='.$_SESSION['current_basket']['page']); } } } ?>