Context Navigation

tabledefs_columns.php

Revision 727, 10.9 KB (checked in by brieb, 2 years ago)
Added more rights look ups to certain pages Fixed several path disclosure errors
Property svn:keywords set to `LastChangedBy LastChangedDate LastChangedRevision`

Line
1	<?php
2	/*
3	$Rev$ \| $LastChangedBy$
4	$LastChangedDate$
5	+-------------------------------------------------------------------------+
6	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
7	\| All rights reserved. \|
8	+-------------------------------------------------------------------------+
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions are \|
12	\| met: \|
13	\| \|
14	\| - Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| \|
17	\| - Redistributions in binary form must reproduce the above copyright \|
18	\| notice, this list of conditions and the following disclaimer in the \|
19	\| documentation and/or other materials provided with the distribution. \|
20	\| \|
21	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
22	\| be used to endorse or promote products derived from this software \|
23	\| without specific prior written permission. \|
24	\| \|
25	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
26	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
27	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
28	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
29	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
30	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
31	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
32	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
33	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
34	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
35	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
36	\| \|
37	+-------------------------------------------------------------------------+
38	*/
39
40	include("../../include/session.php");
41	include("include/fields.php");
42
43	include("include/tabledefs_columns_include.php");
44
45	if(!hasRights("Admin"))
46	goURL(APP_PATH."noaccess.php");
47
48	if(!isset($_GET["id"]))
49	$error = new appError(200, "Passed parameter missing", "Invalid request", true);
50
51	$columns = new tableColumns($db, $_GET["id"]);
52
53	//process page
54	$thecommand="";
55	$action="add column";
56	$thecolumn = $columns->getDefaults();
57
58	//grab the table name
59	$querystatement = "
60	SELECT
61	displayname
62	FROM
63	tabledefs
64	WHERE
65	id = ".((int) $_GET["id"]);
66
67	$queryresult = $db->query($querystatement);
68	$tableRecord = $db->fetchArray($queryresult);
69
70	if (isset($_GET["command"]))
71	$thecommand = $_GET["command"];
72
73	if (isset($_POST["command"]))
74	$thecommand = $_POST["command"];
75
76	switch($thecommand){
77
78	case "edit":
79	$queryresult = $columns->get($_GET["columnid"]);
80	$thecolumn = $db->fetchArray($queryresult);
81	$action="edit column";
82	break;
83
84	case "delete":
85	$statusmessage = $columns->delete($_GET["columnid"]);
86	break;
87
88	case "add column":
89	$statusmessage = $columns->add(addSlashesToarray($_POST));
90	break;
91
92	case "edit column":
93	$statusmessage = $columns->update(addSlashesToarray($_POST));
94	break;
95
96	case "moveup":
97	$statusmessage = $columns->move($_GET["columnid"],"up");
98	break;
99
100	case "movedown":
101	$statusmessage = $columns->move($_GET["columnid"],"down");
102	break;
103
104	}//end switch
105
106	$columnsquery = $columns->get();
107
108	$pageTitle = "Table Definition Columns: ".$tableRecord["displayname"];
109
110	$phpbms->cssIncludes[] = "pages/tablecolumns.css";
111
112	//Form Elements
113	//==============================================================
114	$theform = new phpbmsForm();
115
116	$theinput = new inputField("name",$thecolumn["name"],NULL,true,NULL,32,64);
117	$theinput->setAttribute("class","important");
118	$theform->addField($theinput);
119
120	$theinput = new inputBasicList ("align",$thecolumn["align"],array("left"=>"left","center"=>"center","right"=>"right"));
121	$theform->addField($theinput);
122
123	$theinput = new inputCheckbox("wrap",$thecolumn["wrap"]);
124	$theform->addField($theinput);
125
126	$formatArray["None"] = "";
127	$formatArray["Date"] = "date";
128	$formatArray["Time"] = "time";
129	$formatArray["Date and Time"] = "datetime";
130	$formatArray["Currency"] = "currency";
131	$formatArray["Boolean (yes / no)"] = "boolean";
132	$formatArray["File Link"] = "filelink";
133	$formatArray["No Encoding (HTML acceptable)"] = "noencoding";
134	$formatArray["BBCode (Limited BBCode conversion)"] = "bbcode";
135	$theinput = new inputBasicList ("format", $thecolumn["format"], $formatArray);
136	$theform->addField($theinput);
137
138	$theinput = new inputRolesList($db,"roleid",$thecolumn["roleid"],"access (role)");
139	$theform->addField($theinput);
140
141	$theform->jsMerge();
142	//==============================================================
143	//End Form Elements
144
145	include("header.php");
146
147	$phpbms->showTabs("tabledefs entry","tab:b1011143-1d47-520e-5879-3953a4f5055b",$_GET["id"])?><div class="bodyline">
148	<h1><span><?php echo $pageTitle?></span></h1>
149	<div class="fauxP">
150	<table border="0" cellpadding="0" cellspacing="0" class="querytable">
151	<tr>
152	<th nowrap="nowrap" class="queryheader">move</th>
153	<th align="left" nowrap="nowrap" class="queryheader" width="100%">name/field</th>
154	<th align="left" nowrap="nowrap" class="queryheader">align</th>
155	<th align="center" nowrap="nowrap" class="queryheader">wrap</th>
156	<th align="left" nowrap="nowrap" class="queryheader">size</th>
157	<th align="left" nowrap="nowrap" class="queryheader">format</th>
158	<th align="left" nowrap="nowrap" class="queryheader">access</th>
159	<th nowrap="nowrap" class="queryheader"> </th>
160	</tr>
161	<?php
162	$topdisplayorder=-1;
163	$row=1;
164	while($therecord=$db->fetchArray($columnsquery)){
165	$topdisplayorder=$therecord["displayorder"];
166	if($row==1) $row=2; else $row=1;
167	?>
168	<tr class="qr<?php echo $row?> noselects">
169	<td nowrap="nowrap"valign="top">
170	<button type="button" class="graphicButtons buttonUp" onclick="document.location='<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&command=moveup&columnid=".$therecord["id"]?>';"><span>Move Up</span></button>
171	<button type="button" class="graphicButtons buttonDown" onclick="document.location='<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&command=movedown&columnid=".$therecord["id"]?>';"><span>Move Down</span></button>
172	<?php echo $therecord["displayorder"];?>
173	</td>
174	<td valign="top">
175	<strong><?php echo $therecord["name"]?></strong><br />
176	<?php echo htmlQuotes($therecord["column"])?>
177	</td>
178	<td nowrap="nowrap"valign="top"><?php echo $therecord["align"]?></td>
179	<td align="center" nowrap="nowrap"valign="top"><?php echo booleanFormat($therecord["wrap"])?></td>
180	<td nowrap="nowrap" valign="top"><?php if($therecord["size"]) echo $therecord["size"]; else echo " ";?></td>
181	<td valign="top"><?php
182	if($therecord["format"]) {
183	echo array_search($therecord["format"],$formatArray);
184	}else echo " "
185	?></td>
186	<td valign="top"><?php $phpbms->displayRights($therecord["roleid"])?></td>
187	<td nowrap="nowrap"valign="top">
188	<button id="edit<?php echo $therecord["id"]?>" name="doedit" type="button" onclick="document.location='<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&command=edit&columnid=".$therecord["id"]?>';" class="graphicButtons buttonEdit"><span>edit</span></button>
189	<button id="delete<?php echo $therecord["id"]?>" name="dodelete" type="button" onclick="document.location='<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&command=delete&columnid=".$therecord["id"]?>';" class="graphicButtons buttonDelete"><span>delete</span></button>
190	</td>
191	</tr>
192	<?php } ?>
193	<tr class="queryfooter">
194	<td> </td>
195	<td> </td>
196	<td> </td>
197	<td> </td>
198	<td> </td>
199	<td> </td>
200	<td> </td>
201	<td> </td>
202	</tr>
203	</table></div>
204
205	<form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">
206	<fieldset>
207	<legend><?php echo $action?></legend>
208	<input id="columnid" name="columnid" type="hidden" value="<?php echo $thecolumn["id"]?>" />
209	<input id="displayorder" name="displayorder" type="hidden" value="<?php if($action=="add column") echo $topdisplayorder+1; else echo $thecolumn["displayorder"]?>" />
210
211	<p><?php $theform->showField("name")?></p>
212
213	<p>
214	<label for="column">field</label><br />
215	<textarea id="column" name="column" cols="64" rows="2"><?php echo $thecolumn["column"] ?></textarea><br />
216	<span class="notes">This can be a simple SQL field name (e.g notes.title) or a complex SQL field clause (e.g. concat(clients.firstname," ",clients.lastname)</span>
217	</p>
218
219	<p><?php $theform->showField("roleid")?></p>
220
221	<p><?php $theform->showField("align");?></p>
222
223	<p><?php $theform->showField("wrap")?></p>
224
225	<p>
226	<label for="size">column size</label><br />
227	<input id="size" name="size" type="text" value="<?php echo htmlQuotes($thecolumn["size"])?>" size="32" maxlength="128" /><br />
228	<span class="notes">HTML sizing conventions (e.g. 95%, or 150px)</span>
229	</p>
230	<p>
231	<?php $theform->showField("format")?><br />
232	<span class="notes">if you are using HTML code in your field, you will want to choose the no-encoding option, but special character in the database may not display correctly.</span>
233	</p>
234	<p>
235	<label for="sortorder">sorting</label><br />
236	<textarea id="sortorder" name="sortorder" cols="64" rows="2"><?php echo $thecolumn["sortorder"] ?></textarea><br />
237	<span class="notes">
238	sorting affects how phpBMS will sort when you click on the column header. Leave blank if you want the sort to reflect the field exactly.<br />
239	This can be a simple SQL field name (e.g notes.title) or a complex SQL field clause (e.g. concat(clients.firstname," ",clients.lastname).
240	</span>
241	</p>
242
243	<p>
244	<label for="footerquery">footer</label><br />
245	<textarea id="footerquery" name="footerquery" cols="32" rows="2"><?php echo $thecolumn["footerquery"] ?></textarea><br />
246	<span class="notes">SQL Group by function (e.g avg(invoices.totalti) will display the average invoice total at the bottom of the table)</span> </p>
247	</fieldset>
248	<p align="right">
249	<input name="command" id="save" type="submit" value="<?php echo $action?>" class="Buttons" />
250	<?php if($action == "edit column"){?>
251	<input name="command" id="cancel" type="submit" value="cancel edit" class="Buttons" />
252	<?php }?>
253	</p>
254	</form>
255
256	</div>
257	<?php include("footer.php")?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/modules/base/tabledefs_columns.php

Download in other formats: