178 lines
8.2 KiB
PHP
178 lines
8.2 KiB
PHP
|
<?php
|
||
|
include_once(__DIR__."/../../core.php");
|
||
|
|
||
|
function check_query($query) {
|
||
|
if (strpos($query, "INSERT") !== false || strpos($query, "UPDATE") !== false || strpos($query, "TRUNCATE") !== false || strpos($query, "DELETE") !== false || strpos($query, "DROP") !== false) return false;
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
$idutente = $_SESSION['idutente'];
|
||
|
$module_id = filter("id_record");
|
||
|
|
||
|
if ($modules_info[$module_name]["permessi"] == 'rw') {
|
||
|
switch (filter('op')) {
|
||
|
|
||
|
case "update" :
|
||
|
|
||
|
$rs = true;
|
||
|
|
||
|
if (check_query($_POST["options2"])) $dbo->query("UPDATE `zz_modules` SET `name2`=" . prepare($_POST["name2"]) . ", `options2`=" . prepare($_POST["options2"]) . " WHERE `id`=" . prepare($module_id));
|
||
|
else $rs = false;
|
||
|
|
||
|
$dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista` IN (SELECT `id` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . ")");
|
||
|
foreach ($_POST["query"] as $c => $k) {
|
||
|
|
||
|
if (check_query($_POST["query"][$c])) {
|
||
|
if ($_POST["search"][$c] == "on") $_POST["search"][$c] = 1;
|
||
|
else $_POST["search"][$c] = 0;
|
||
|
|
||
|
if ($_POST["slow"][$c] == "on") $_POST["slow"][$c] = 1;
|
||
|
else $_POST["slow"][$c] = 0;
|
||
|
|
||
|
if ($_POST["sum"][$c] == "on") $v_sommabile = 1;
|
||
|
else $v_sommabile = 0;
|
||
|
|
||
|
if ($_POST["grassetto"][$c] == "on") $v_grassetto = 1;
|
||
|
else $v_grassetto = 0;
|
||
|
|
||
|
if ($_POST["id"][$c] != "" && $_POST["query"][$c] != "") {
|
||
|
$id = $_POST["id"][$c];
|
||
|
$query = "UPDATE `zz_viste` SET `name`=" . prepare($_POST["name"][$c]) . ", `query`=" . prepare($_POST["query"][$c]) . ",
|
||
|
`enabled`=" . prepare($_POST["enabled"][$c]) . ", `search`=" . prepare($_POST["search"][$c]) . ",
|
||
|
`slow`=" . prepare($_POST["slow"][$c]) . ", `grassetto`=" . $v_grassetto . ", capo_caratteri =" . prepare($_POST["capo_caratteri"][$c]) . ", `summable`=" . $v_sommabile . ", `allineamento`=" . prepare($_POST["allineamento"][$c]) . ",
|
||
|
`search_inside`=" . prepare($_POST["search_inside"][$c]) . ", `order_by`=" . prepare($_POST["order_by"][$c]) . " WHERE `id`=" . prepare($id);
|
||
|
}
|
||
|
else if ($_POST["query"][$c] != "") {
|
||
|
$order = $dbo->fetchArray("SELECT `order` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . " ORDER BY `order` DESC")[0]["order"] + 1;
|
||
|
$query = "INSERT INTO `zz_viste` (`name`, `id_module`, `query`, `enabled`, `search`, `slow`, `summable`, `search_inside`, `order_by`, `order`) VALUES (" . prepare($_POST["name"][$c]) . ", " . prepare($module_id) . ", " . prepare($_POST["query"][$c]) . ", " . prepare($_POST["enabled"][$c]) . ", " . prepare($_POST["search"][$c]) . ", " . prepare($_POST["slow"][$c]) . ", " . prepare($_POST["sum"][$c]) . ", " . prepare($_POST["search_inside"][$c]) . ", " . prepare($_POST["order_by"][$c]) . ", " . prepare($order) . ")";
|
||
|
}
|
||
|
|
||
|
$dbo->query($query);
|
||
|
if ($_POST["id"][$c] == "") $id = $dbo->last_inserted_id();
|
||
|
foreach ($_POST["gruppi"][$c] as $gruppo) {
|
||
|
$dbo->query("INSERT INTO `zz_gruppi_viste` (`id_gruppo`, `id_vista`) VALUES (" . prepare($gruppo) . ", " . prepare($id) . ")");
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
$rs = false;
|
||
|
}
|
||
|
|
||
|
if ($rs) array_push($_SESSION["infos"], _("Salvataggio completato!"));
|
||
|
else array_push($_SESSION["errors"], _("Ci sono stati alcuni errori durante il salvataggio!"));
|
||
|
|
||
|
break;
|
||
|
|
||
|
case "delete" :
|
||
|
$id = filter("id");
|
||
|
|
||
|
$dbo->query("DELETE FROM `zz_viste` WHERE `id`=" . prepare($id));
|
||
|
$dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista`=" . prepare($id));
|
||
|
|
||
|
break;
|
||
|
|
||
|
case "update_position" :
|
||
|
$start = filter("start", "both", 0, "int") + 1;
|
||
|
$end = filter("end", "both", 0, "int") + 1;
|
||
|
$id = filter("id");
|
||
|
|
||
|
if ($start > $end) {
|
||
|
$dbo->query("UPDATE `zz_viste` SET `order`=`order` + 1 WHERE `order`>=" . prepare($end) . " AND `order`<" . prepare($start) . " AND id_module=" . prepare($module_id));
|
||
|
$dbo->query("UPDATE `zz_viste` SET `order`=" . prepare($end) . " WHERE id=" . prepare($id));
|
||
|
}
|
||
|
else if ($end != $start) {
|
||
|
$dbo->query("UPDATE `zz_viste` SET `order`=`order` - 1 WHERE `order`>" . prepare($start) . " AND `order`<=" . prepare($end) . " AND id_module=" . prepare($module_id));
|
||
|
$dbo->query("UPDATE `zz_viste` SET `order`=" . prepare($end) . " WHERE id=" . prepare($id));
|
||
|
}
|
||
|
|
||
|
redirect($rootdir . "/editor.php?id_module=" . $id_module . "&id_record=" . $id_record);
|
||
|
|
||
|
break;
|
||
|
|
||
|
case "filters":
|
||
|
|
||
|
$rs = true;
|
||
|
|
||
|
foreach ($_POST["query"] as $c => $k) {
|
||
|
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
|
||
|
if ($_POST["id"][$c] != "" && $_POST["query"][$c] != "") {
|
||
|
$id = $_POST["id"][$c];
|
||
|
$rimuovi=$_POST['rimuovi'][$c];
|
||
|
$enabled=$_POST['enabled'][$c];
|
||
|
$name=$_POST['name'][$c];
|
||
|
if ( $rimuovi != 'on' ){
|
||
|
|
||
|
$query = "UPDATE `zz_gruppi_modules` SET
|
||
|
`name`='". $name . "' ,
|
||
|
`idgruppo`='". $_POST['gruppo'][$c] . "' ,
|
||
|
`idmodule`='". $id_record . "' ,
|
||
|
`clause`='". $_POST['query'][$c] . "'
|
||
|
WHERE `id`=" . prepare($id);
|
||
|
$dbo->query($query);
|
||
|
} else {
|
||
|
$dbo->query('DELETE FROM `zz_gruppi_modules` WHERE `id`='.prepare($id));
|
||
|
}
|
||
|
}
|
||
|
else if ($_POST["query"][$c] != "") {
|
||
|
$query = "INSERT INTO `zz_gruppi_modules` (`name`, `idmodule`, `clause`, `enabled`,`idgruppo`,`default` ) VALUES
|
||
|
(" . prepare($_POST["name"][$c]) . ", " . $id_record . ", " . prepare($_POST["query"][$c]) . ",1,". prepare($_POST["gruppo"][$c]) . ",'0')";
|
||
|
$dbo->query($query);
|
||
|
|
||
|
}
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case "delete_vista" :
|
||
|
$dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista` IN (SELECT `id` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . ")");
|
||
|
$dbo->query("DELETE FROM `zz_modules` WHERE `id`=" . prepare($module_id));
|
||
|
$dbo->query("DELETE FROM `zz_viste` WHERE `id_module`=" . prepare($module_id));
|
||
|
array_push( $_SESSION['infos'], "Vista eliminata!" );
|
||
|
break;
|
||
|
|
||
|
case "duplica":
|
||
|
|
||
|
$des_new = save( $_POST['descrizione'] );
|
||
|
if( $dbo->fetchNum("SELECT * FROM zz_modules WHERE id='".$module_id."'" )){
|
||
|
// duplica record in zz_modules
|
||
|
$query="INSERT INTO `zz_modules` (
|
||
|
`name`, `name2`, `module_dir`, `options`, `options2`, `icon`, `version`, `compatibility`, `order`, `parent`, `default`, `default_menu`, `enabled`, `type`, `new`,
|
||
|
`updated_at`, `created_at`, `updated_by`, `created_by`, `moduli_add` )
|
||
|
SELECT `name`, `name2`, `module_dir`, `options`, `options2`, `icon`, `version`, `compatibility`, `order`, `parent`, `default`, `default_menu`, `enabled`, `type`, `new`,
|
||
|
`updated_at`, `created_at`, `updated_by`, `created_by`, `moduli_add` FROM zz_modules WHERE id ='".$module_id."'";
|
||
|
$id_tmp = $dbo->query($query);
|
||
|
$query = "UPDATE zz_modules SET mod_personale='1' , name='".$des_new."' WHERE id=\"".$id_tmp."\"";
|
||
|
$dbo->query( $query );
|
||
|
|
||
|
// duplica record in zz_viste
|
||
|
$query="INSERT INTO `zz_viste` ( `name`, `query`, `order`, `search`, `slow`, `search_inside`, `order_by`, `enabled`, `summable`, `default` )
|
||
|
SELECT `name`, `query`, `order`, `search`, `slow`, `search_inside`, `order_by`, `enabled`, `summable`, `default` FROM zz_viste WHERE id_module ='".$module_id."'";
|
||
|
$id_tmp1 = $dbo->query($query);
|
||
|
$query = "UPDATE zz_viste SET id_module='".$id_tmp."' WHERE id_module='0'";
|
||
|
$dbo->query( $query );
|
||
|
|
||
|
// duplica record in zz_viste
|
||
|
$query = "SELECT * FROM zz_viste WHERE id_module='".$id_tmp."' order by id";
|
||
|
$rs_riga = $dbo->fetchArray($query);
|
||
|
|
||
|
for( $ri=0; $ri<sizeof($rs_riga); $ri++ ){
|
||
|
$query1="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '1' ,'".$rs_riga[$ri]['id']."')";
|
||
|
$query2="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '2' ,'".$rs_riga[$ri]['id']."')";
|
||
|
$query3="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '3' ,'".$rs_riga[$ri]['id']."')";
|
||
|
$query4="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '4' ,'".$rs_riga[$ri]['id']."')";
|
||
|
$dbo->query($query1);
|
||
|
$dbo->query($query2);
|
||
|
$dbo->query($query3);
|
||
|
$dbo->query($query4);
|
||
|
}
|
||
|
|
||
|
$id_record=$id_tmp;
|
||
|
array_push( $_SESSION['infos'], "Vista duplicato!" );
|
||
|
}
|
||
|
else{
|
||
|
array_push( $_SESSION['errors'], "Vista non duplicata!" );
|
||
|
}
|
||
|
|
||
|
break;
|
||
|
|
||
|
}
|
||
|
}
|
||
|
?>
|