Context Navigation

tables.php

Revision 727, 31.5 KB (checked in by brieb, 2 years ago)
Added more rights look ups to certain pages Fixed several path disclosure errors

Line
1	<?php
2	/*
3	$Rev: 249 $ \| $LastChangedBy: brieb $
4	$LastChangedDate: 2007-07-02 15:50:36 -0600 (Mon, 02 Jul 2007) $
5	+-------------------------------------------------------------------------+
6	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
7	\| All rights reserved. \|
8	+-------------------------------------------------------------------------+
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions are \|
12	\| met: \|
13	\| \|
14	\| - Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| \|
17	\| - Redistributions in binary form must reproduce the above copyright \|
18	\| notice, this list of conditions and the following disclaimer in the \|
19	\| documentation and/or other materials provided with the distribution. \|
20	\| \|
21	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
22	\| be used to endorse or promote products derived from this software \|
23	\| without specific prior written permission. \|
24	\| \|
25	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
26	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
27	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
28	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
29	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
30	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
31	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
32	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
33	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
34	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
35	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
36	\| \|
37	+-------------------------------------------------------------------------+
38	*/
39	class phpbmsTable{
40
41	var $db = NULL;
42	var $backurl = NULL;
43	var $verifyErrors = array();
44	var $customFieldsQueryResult = false;
45
46	var $id;
47	var $uuid;
48	var $fields = array();
49
50	var $payemnts;
51
52	/**
53	* $dateFormat
54	*
55	* @var The format of dates being passed to the insert/updates
56	*/
57	var $dateFormat = "";
58
59	/**
60	* $timeFormat
61	*
62	* @var The format of times being passed to the insert/updates
63	*/
64	var $timeFormat = "";
65
66	/**
67	* $encryptedFields
68	*
69	* @var array A list of field names that are encrypted. This affects
70	* the getRecord, insertRecord, and updateRecord.
71	*/
72	var $encryptedFields = array();
73
74
75	/**
76	* Initializes phpBMS Table object
77	*
78	* @param object $db database object
79	* @param string $tabledefid table definition's uuid
80	* @param string $backurl string with the web URL of where to redirect
81	*/
82	function phpbmsTable($db, $tabledefid, $backurl = NULL){
83
84	if(is_object($db))
85	if(get_class($db) == "db")
86	$this->db = $db;
87
88	if($this->db === NULL)
89	$error = new appError(-800,"database object is required for parameter 1.","Initializing phpbmsTable Class");
90
91	$this->uuid = mysql_real_escape_string($tabledefid);
92
93	if(!$this->getTableInfo())
94	$error = new appError(-810,"Table definition not found for id ".$this->id,"Initializing phpbmsTable Class");
95
96	if($backurl == NULL)
97	$this->backurl = APP_PATH."search.php?id=".urlencode($this->uuid);
98	else
99	$this->backurl = $backurl;
100
101	if(defined("DATE_FORMAT"))
102	$this->dateFormat = DATE_FORMAT;
103
104	if(defined("TIME_FORMAT"))
105	$this->timeFormat = TIME_FORMAT;
106
107	}//end function init
108
109
110	/**
111	* rerieves table definition information and creates object variables of the data retrieved
112	*/
113	function getTableInfo(){
114
115	$querystatement = "
116	SELECT
117	*
118	FROM
119	`tabledefs`
120	WHERE
121	`uuid` = '".$this->uuid."'";
122
123	$queryresult = $this->db->query($querystatement);
124
125	if($this->db->numRows($queryresult)){
126
127	foreach($this->db->fetchArray($queryresult) as $key => $value)
128	$this->$key = $value;
129
130	$this->fields = $this->db->tableInfo($this->maintable);
131
132	foreach($this->encryptedFields as $encryptFieldname)
133	$this->fields[$encryptFieldname]["select"] = $this->db->decrypt("`".$encryptFieldname."`");
134
135	return true;
136
137	} else
138	return false;
139
140	}//end function getTableInfo
141
142	// gets a default value for a field
143	// given it's type
144	function getDefaultByType($fieldtype){
145
146	switch ($fieldtype){
147
148	case "blob":
149	case "string":
150	$default = "";
151	break;
152
153	case "real":
154	case "int":
155	$default = 0;
156	break;
157
158	case "date":
159	$default = dateToString(mktime(),"SQL");
160	break;
161
162	case "time":
163	$default = timeToString(mktime(),"SQL");
164	break;
165
166	case "year":
167	$default = @strftime("%Y");
168	break;
169
170	case "datetime":
171	case "timestamp":
172	$default = dateToString(mktime(),"SQL")." ".timeToString(mktime(),"24 Hour");
173	break;
174
175	default:
176	$default = null;
177
178	}//endswitch
179
180	return $default;
181
182	}//end function getDefaultsByType
183
184
185
186	/**
187	* function prepareFieldForSQL
188	*
189	* Given a value, and field type, prepare the
190	* value for SQL insertion (replacing nul with the SQL string NULL,
191	* and typeing variables)
192	*
193	* @param string/int $value to be prepared.
194	* @param string $type mysql field type
195	* @param string $flags A list of flags seperated by spaces (" ").
196	*/
197	function prepareFieldForSQL($value,$type,$flags){
198
199	switch ($type){
200
201	case "blob":
202	case "string":
203	if($value === "" or $value === NULL){
204
205	if(strpos($flags,"not_null") === false)
206	$value = NULL;
207	else
208	$value = "''";
209
210	} else
211	$value = "'".$value."'";
212	break;
213
214	case "real":
215	if($value === "" or $value === NULL){
216
217	if(strpos($flags,"not_null") === false)
218	$value = NULL;
219	else
220	$value = 0;
221
222	} else
223	$value = (real) $value;
224	break;
225
226	case "int":
227	if($value === "" or $value === NULL){
228
229	if(strpos($flags,"not_null") === false)
230	$value = NULL;
231	else
232	$value = 0;
233
234	} else
235	$value = (int) $value;
236	break;
237
238	case "date":
239	if($value === "" or $value === NULL){
240
241	if(strpos($flags,"not_null") === false)
242	$value = NULL;
243	else
244	$value = "'".dateToString(mktime(),"SQL")."'";
245	} else
246	$value = "'".sqlDateFromString($value, $this->dateFormat)."'";
247	break;
248
249	case "time":
250	if($value === "" or $value === NULL){
251
252	if(strpos($flags,"not_null") === false)
253	$value = NULL;
254	else
255	$value = "'".timeToString(mktime(),"SQL")."'";
256
257	} else
258	$value = "'".sqlTimeFromString($value, $this->timeFormat)."'";
259	break;
260
261	case "year":
262	if($value === "" or $value === NULL)
263	if(strpos($flags,"not_null") === false)
264	$value = NULL;
265	else
266	$value = @strftime("%Y");
267	break;
268
269	case "datetime":
270	case "timestamp":
271	if($value === "" or $value === NULL){
272
273	if(strpos($flags,"not_null") === false)
274	$value = NULL;
275	else
276	$value = "'".dateToString(mktime(),"SQL")." ".timeToString(mktime(),"24 Hour")."'";
277
278	} else {
279
280	$datetimearray = explode(" ",$value);
281	$date = null;
282	$time = null;
283
284	//If the value can be split by spaces we assume we
285	// are looking at a "date time"
286	if(count($datetimearray) > 1){
287
288	$date = sqlDateFromString($datetimearray[0], $this->dateFormat);
289
290	//times can have spaces... so we need
291	//to resemble in some cases.
292	if(count($datetimearray) > 2)
293	$datetimearray[1] = $datetimearray[1]." ".$datetimearray[2];
294
295	$time = sqlTimeFromString($datetimearray[1], $this->timeFormat);
296
297	}//endif
298
299	//If we don't have a date, perhaps only a date was passed
300	if(!$date){
301
302	$date = sqlDateFromString($value, $this->dateFormat);
303
304	//still no date?, then assume only a time was passed,
305	// so we need to set the time to the deafult
306	// date.
307	if(!$date)
308	$date = "0000-00-00";
309
310	}//endif
311
312	//if we don't have a time, let's try the getting the
313	//time from the full value.
314	if(!$time)
315	$time = sqlTimeFromString($value, $this->timeFormat);
316
317	$value = "'".trim($date." ".$time)."'";
318
319	}//end if
320
321	break;
322
323	case "password":
324	$value = "ENCODE('".$value."','".ENCRYPTION_SEED."')";
325	break;
326
327	}//end switch
328
329	if($value === NULL)
330	$value = "NULL";
331
332	return $value;
333
334	}//end function prepareFieldForSQL
335
336
337	/**
338	* Retrieves default values for a single record
339	*
340	* Uses the field names to guess a default value. If it cannot find
341	* one of the standard names it sets the default value based on the type
342	*
343	* @retrun array associative array with record defaults
344	*/
345	function getDefaults(){
346
347	$therecord = array();
348
349	foreach($this->fields as $fieldname => $thefield){
350
351	switch($fieldname){
352
353	case "id":
354	case "modifiedby":
355	case "modifieddate":
356	$therecord[$fieldname] = NULL;
357	break;
358
359	case "uuid":
360	$therecord["uuid"] = uuid($this->prefix.":");
361	break;
362
363	case "createdby":
364	$therecord["createdby"] = $_SESSION["userinfo"]["id"];
365	break;
366
367	default:
368	if(strpos($thefield["flags"],"not_null") === false)
369	$therecord[$fieldname] = NULL;
370	else
371	$therecord[$fieldname] = $this->getDefaultByType($thefield["type"]);
372
373	break;
374
375	}//endswitch
376
377	}//endforeach
378
379	return $therecord;
380
381	}//end function getDefaults
382
383
384	/**
385	* Retrieves a single record from the database
386	*
387	* @param integer\|string $id the record id or uuid
388	* @param bool $useUuid specifies whther the $id is a uuid (true) or not. Default is false
389	*
390	* @return array the record as an associative array
391	*/
392	function getRecord($id, $useUuid = false){
393
394	$whereclause = "`".$this->maintable."`.";
395
396	if($useUuid){
397
398	$id = mysql_real_escape_string($id);
399	$whereclause .= "`uuid` = '".$id."'";
400
401	} else {
402
403	$id = (int) $id;
404	$whereclause .= "`id` = ".$id;
405
406	}//endif
407
408	// iterate through all possible fields and comprise a list
409	// of columns to retrieve
410
411	$fieldlist = "";
412	foreach($this->fields as $fieldname => $thefield){
413
414	if(isset($thefield["select"]))
415	$fieldlist .= ", (".$thefield["select"].") AS `".$fieldname."`";
416	else
417	$fieldlist .= ", `".$fieldname."`";
418
419	}//end foreach
420
421	if($fieldlist)
422	$fieldlist = substr($fieldlist, 1);
423
424
425	$querystatement = "
426	SELECT
427	".$fieldlist."
428	FROM
429	`".$this->maintable."`
430	WHERE
431	".$whereclause;
432
433	$queryresult = $this->db->query($querystatement);
434
435	if($this->db->numRows($queryresult))
436	$therecord = $this->db->fetchArray($queryresult);
437	else
438	$therecord = $this-> getDefaults();
439
440	return $therecord;
441
442	}//end getRecord function
443
444
445	/**
446	* prepares variables (usually from a form) for inserting or updating
447	*
448	* @param array $variables associative array with the record information
449	*
450	* @return array associative array with the record information 'prepped'
451	*/
452	function prepareVariables($variables){
453
454	if(isset($variables["uuid"]))
455	if(!$variables["uuid"])
456	$variables["uuid"] = uuid($this->prefix.":");
457
458	return $variables;
459
460	}//end function prepareVariables
461
462
463	/**
464	* function _loadUUIDList
465	*
466	* @param string $tableName The name of a table with `uuid` field.
467	*
468	* @return array A list of uuids used in the table.
469	*/
470	function _loadUUIDList($tableName) {
471
472	$list = array();
473	$tableName = mysql_real_escape_string($tableName);
474
475	$querystatement = "
476	SELECT
477	`uuid`
478	FROM
479	`".$tableName."`
480	";
481
482	$queryresult = $this->db->query($querystatement);
483
484	while($therecord = $this->db->fetchArray($queryresult))
485	$list[] = $therecord["uuid"];
486
487	return $list;
488
489	}//end method --_loadUUIDList--
490
491
492	/**
493	* function _checkForPresentUUID
494	*
495	* @param string $tableName The name of a table with `uuid` field.
496	* @param string $uuid The uuid to be checked.
497	*
498	* @return boolean Whether or not the $uuid is a `uuid` in $tablename.
499	*/
500	function _checkForValidUUID($tableName, $uuid) {
501
502	$tableName = mysql_real_escape_string($tableName);
503	$uuid = mysql_real_escape_string($uuid);
504
505	$querystatement = "
506	SELECT
507	`uuid`
508	FROM
509	`".$tableName."`
510	WHERE
511	`uuid` = '".$uuid."'
512	";
513
514	$queryresult = $this->db->query($querystatement);
515
516	if($this->db->numRows($queryresult))
517	return true;
518	else
519	return false;
520
521	}//end method --_checkForValidUUID--
522
523
524	//verifies if variables passes will constitute a valid record creation/update
525	function verifyVariables($variables){
526
527	$thereturn = array();
528
529	if(!isset($this->verifyErrors))
530	$this->verifyErrors = array();
531
532	if(isset($variables["id"]))
533	if(!is_numeric($variables["id"]) && $variables["id"])
534	$this->verifyErrors[] = "The `id` field must be numeric or equivalent to zero (although positive is recommended).";
535
536	if(isset($variables["uuid"]))
537	if(!$variables["uuid"])
538	$this->verifyErrors[] = "The `uuid` field cannot be blank";
539
540	if(isset($variables["inactive"]))
541	if($variables["inactive"] && $variables["inactive"] != 1)
542	$this->verifyErrors[] = "The `inactive` field must be a boolean (equivalent to 0 or exactly 1).";
543
544	if(count($this->verifyErrors))
545	$thereturn = $this->verifyErrors;
546
547	unset($this->verifyErrors);
548
549	return $thereturn;
550
551	}//end function verifyVariables
552
553
554	/**
555	* function updateRecord
556	*
557	* updates a record
558	*
559	* @param array $variables associative array with the record information
560	* @param int\|NULL $modifiedby The user's id that modiied the record.
561	* If the modified is not passed or is NULL the function will use
562	* the currently logged in user.
563	* @param bool $useUuid specifies whther to use the id or the uuid (true) in the whereclause. Default is false.
564	*
565	* @return bool true or false depending upon update success
566	*/
567	function updateRecord($variables, $modifiedby = NULL, $useUuid = false){
568
569	//escape slashes
570	$variables = addSlashesToArray($variables);
571
572	// if no modified by was passed, use the currently logged in user
573	if($modifiedby === NULL)
574	if(isset($_SESSION["userinfo"]["id"]))
575	$modifiedby = $_SESSION["userinfo"]["id"];
576	else
577	$error = new appError(-840,"Session Timed Out.","Updating Record");
578
579
580	$updatestatement = "
581	UPDATE
582	`".$this->maintable."`
583	SET ";
584
585	foreach($this->fields as $fieldname => $thefield){
586	if(!isset($thefield["select"])){
587
588	switch($fieldname){
589
590	case "id":
591	case "uuid":
592	case "creationdate":
593	case "createdby":
594	break;
595
596	case "modifiedby":
597	$updatestatement .= "`modifiedby` = ".((int) $modifiedby).", ";
598	break;
599
600	case "modifieddate":
601	$updatestatement .= "`modifieddate` = NOW(), ";
602	break;
603
604	default:
605	if(!isset($variables[$fieldname]) && strpos($thefield["flags"],"not_null") !== false)
606	$variables[$fieldname] = $this->getDefaultByType($thefield["type"],true);
607
608	if(isset($variables[$fieldname]))
609	$updatestatement .= "`".$fieldname."` = ".$this->prepareFieldForSQL($variables[$fieldname],$thefield["type"],$thefield["flags"]).", ";
610	break;
611
612	}//end switch field name
613
614	}//end if
615	}//end foreach
616
617	$updatestatement = substr($updatestatement, 0, strlen($updatestatement)-2);
618
619	if(!$useUuid){
620
621	if(!isset($variables["id"]))
622	$variables["id"] = 0;
623
624	$updatestatement .= "
625	WHERE
626	`id`=".((int) $variables["id"]);
627
628	} else {
629
630	if(!isset($variables["uuid"]))
631	$variables["uuid"] = '';
632
633	$updatestatement .= "
634	WHERE
635	`uuid` = '".mysql_real_escape_string($variables["uuid"])."'";
636
637	}//endif
638
639	$this->db->query($updatestatement);
640
641	return true;
642
643	}//end function updateRecord
644
645
646	/**
647	* Inserts a new record into the table.
648	*
649	* @param array $variables associaive array with the record information
650	* @param int $createdby id of the user creating the record. If NULL (default) it will use the currently logged in user
651	* @param bool $overrideID Whether to override the `id` field with the new given value (if it exists)
652	* @param bool $replace use the SQL replace statement (true) instead of insert (false, deault)
653	* @param bool $useUuid generates a uuid and specifies the function to retrn an array with uuid and id instead of just the id
654	*
655	* @return int\|array\|bool retruns the id of the newly created record of false on error. If $useUuid is set to true, it will
656	* return an associaive array with both the new uuid and new id.
657	*/
658	function insertRecord($variables, $createdby = NULL, $overrideID = false, $replace = false, $useUuid = false){
659
660	if($createdby === NULL)
661	if(isset($_SESSION["userinfo"]["id"]))
662	$createdby = $_SESSION["userinfo"]["id"];
663	else
664	$error = new appError(-840,"Session Timed Out.","Creating New Record");
665
666	$variables = addSlashesToArray($variables);
667
668	$fieldlist = "";
669	$insertvalues = "";
670
671	foreach($this->fields as $fieldname => $thefield){
672
673	if(!isset($thefield["select"])){
674
675	switch($fieldname){
676	case "id":
677	if($overrideID && isset($variables["id"])){
678
679	if($variables["id"]){
680	$fieldlist .= "id, ";
681	$insertvalues .= ((int) $variables["id"]).", ";
682	}//end if
683
684	}//endif
685
686	break;
687
688	case "uuid":
689	if(!$useUuid){
690
691	$fieldlist .= "`uuid`, ";
692	$insertvalues .= "'".mysql_real_escape_string($variables["uuid"])."', ";
693
694	}//endif
695	break;
696
697	case "createdby":
698	case "modifiedby":
699	$fieldlist .= $fieldname.", ";
700	$insertvalues .= ((int) $createdby).", ";
701	break;
702
703	case "creationdate":
704	case "modifieddate":
705	$fieldlist .= $fieldname.", ";
706	$insertvalues .= "NOW(), ";
707	break;
708
709	default:
710
711	if(!isset($variables[$fieldname]) && strpos($thefield["flags"],"not_null") !== false)
712	$variables[$fieldname] = $this->getDefaultByType($thefield["type"],true);
713
714	if(isset($variables[$fieldname])){
715
716	$fieldlist .= "`".$fieldname."`, ";
717	$insertvalues .= $this->prepareFieldForSQL($variables[$fieldname],$thefield["type"],$thefield["flags"]).", ";
718
719	}//endif - fieldname
720
721	break;
722
723	}//end switch field name
724
725	}//end if
726
727	}//end foreach
728
729	//generate uuid
730	if($useUuid && isset($this->fields["uuid"])){
731
732	$fieldlist .= "`uuid`, ";
733	$variables["uuid"] = uuid($this->prefix.":");
734	$insertvalues .= "'".$variables["uuid"]."', ";
735
736	}//endif
737
738	$fieldlist = substr($fieldlist, 0, strlen($fieldlist)-2);
739	$insertvalues = substr($insertvalues, 0, strlen($insertvalues)-2);
740
741	if($replace)
742	$insertstatement = "REPLACE";
743	else
744	$insertstatement = "INSERT";
745
746	$insertstatement .= " INTO ".$this->maintable." (".$fieldlist.") VALUES (".$insertvalues.")";
747
748	$insertresult = $this->db->query($insertstatement);
749
750	if($insertresult) {
751
752	$newid = $this->db->insertId();
753
754	if($useUuid)
755	return array("uuid" => $variables["uuid"], "id" => $newid);
756	else
757	return $newid;
758
759	} else
760	return false;
761
762	}//end function insertRecord
763
764
765	// default stucture for processing an addedit page. It assumes that the
766	// page receives it's information through a post, and that it at least
767	// includes a command parameter. The presence of an id field value
768	// dictates wehter the proess should insert or update a record
769	function processAddEditPage(){
770
771	// no command parameter present?
772	if(!isset($_POST["command"])){
773
774	// assuming just entered the page (no POST)
775	// presence of a GET id means editing an existing record
776	// (vs. creating a new)
777	if(isset($_GET["id"])){
778
779	//editing... make sure they have access to edit
780	if(!hasRights($this->editroleid))
781	goURL(APP_PATH."noaccess.php");
782	else {
783
784	$this->getCustomFieldInfo();
785	return $this->getRecord((integer) $_GET["id"]);
786
787	}//endif
788
789	} else {
790
791	//creating new record
792	if(!hasRights($this->addroleid))
793	goURL(APP_PATH."noaccess.php");
794	else {
795
796	$this->getCustomFieldInfo();
797	return $this->getDefaults();
798
799	}//endif
800
801	}//end if GET-id
802
803	} else {
804
805	// command present
806	switch($_POST["command"]){
807
808	//pressed the cancel button
809	case "cancel":
810
811	// if we needed to do any clean up (deleteing temp line items)
812	if(!isset($_POST["id"])) $_POST["id"]=0;
813
814	$theurl = $this->backurl;
815
816	if(isset($_POST["id"]))
817	$theurl .= "#".((int) $_POST["id"]);
818
819	goURL($theurl);
820	break;
821
822	case "save":
823
824	if(!hasRights($this->editroleid))
825	goURL(APP_PATH."noaccess.php");
826
827	$variables = $this->prepareVariables($_POST);
828	$errorArray = $this->verifyVariables($variables);
829
830	if($_POST["id"]) {
831
832	$theid = $variables["id"];
833
834	if(!count($errorArray)){
835
836	$this->updateRecord($variables);
837	if(isset($variables["getid"]))
838	if(is_numeric($variables["getid"]))
839	$theid = (int) $variables["getid"];// special variable to override the
840	//id for get record
841
842	//get record
843	$this->getCustomFieldInfo();
844	$therecord = $this->getRecord($theid);
845	$therecord["phpbmsStatus"] = "Record Updated";
846
847	} else {
848
849	foreach($errorArray as $error)
850	$logError = new appError(-900, $error, "Verification Error");
851
852	//get record
853	$this->getCustomFieldInfo();
854	$therecord = $this->getRecord($theid);
855	$therecord["phpbmsStatus"] = "Data Verification Error";
856
857	}//end if
858
859	return $therecord;
860
861	} else {
862
863	$theid = 0;
864
865	if(!count($errorArray)){
866
867	$theid = $this->insertRecord($variables);
868	//get record
869	$therecord = $this->getRecord($theid);
870	$therecord["phpbmsStatus"] = "<div style=\"float:right;margin-top:-3px;\"><button type=\"button\" accesskey=\"n\" class=\"smallButtons\" onclick=\"document.location='".str_replace("&","&",$_SERVER["REQUEST_URI"])."'\">add new</button></div>";
871	$therecord["phpbmsStatus"] .= "Record Created";
872
873	} else {
874
875	foreach($errorArray as $error)
876	$logError = new appError(-900, $error, "Verification Error");
877
878	//get record
879	$therecord = $this->getRecord($theid);
880	$therecord["phpbmsStatus"] .= "Data Verification Error";
881
882	}//end if
883
884	return $therecord;
885
886	}//endif
887
888	break;
889
890	}//end command switch
891
892	}// end if - command present
893
894	}//end function processAddEditPage
895
896
897	function getCustomFieldInfo(){
898
899	if($this->hascustomfields){
900
901	$querystatement = "
902	SELECT
903	`tabledefid`,
904	`field`,
905	`name`,
906	`format`,
907	`generator`,
908	`roleid`,
909	`required`
910	FROM
911	`tablecustomfields`
912	WHERE
913	`tabledefid` = '".$this->uuid."'
914	ORDER BY
915	`displayorder`";
916
917	$this->customFieldsQueryResult = $this->db->query($querystatement);
918
919	}//end if
920
921	}//end function getCustomFieldInfo
922
923	}//end class
924	?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/include/tables.php

Download in other formats: