query("UPDATE `zz_modules` SET `name2`=" . prepare($_POST["name2"]) . ", `options2`=" . prepare($_POST["options2"]) . " WHERE `id`=" . prepare($module_id)); else $rs = false; $dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista` IN (SELECT `id` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . ")"); foreach ($_POST["query"] as $c => $k) { if (check_query($_POST["query"][$c])) { if ($_POST["search"][$c] == "on") $_POST["search"][$c] = 1; else $_POST["search"][$c] = 0; if ($_POST["slow"][$c] == "on") $_POST["slow"][$c] = 1; else $_POST["slow"][$c] = 0; if ($_POST["sum"][$c] == "on") $v_sommabile = 1; else $v_sommabile = 0; if ($_POST["grassetto"][$c] == "on") $v_grassetto = 1; else $v_grassetto = 0; if ($_POST["id"][$c] != "" && $_POST["query"][$c] != "") { $id = $_POST["id"][$c]; $query = "UPDATE `zz_viste` SET `name`=" . prepare($_POST["name"][$c]) . ", `query`=" . prepare($_POST["query"][$c]) . ", `enabled`=" . prepare($_POST["enabled"][$c]) . ", `search`=" . prepare($_POST["search"][$c]) . ", `slow`=" . prepare($_POST["slow"][$c]) . ", `grassetto`=" . $v_grassetto . ", capo_caratteri =" . prepare($_POST["capo_caratteri"][$c]) . ", `summable`=" . $v_sommabile . ", `allineamento`=" . prepare($_POST["allineamento"][$c]) . ", `search_inside`=" . prepare($_POST["search_inside"][$c]) . ", `order_by`=" . prepare($_POST["order_by"][$c]) . " WHERE `id`=" . prepare($id); } else if ($_POST["query"][$c] != "") { $order = $dbo->fetchArray("SELECT `order` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . " ORDER BY `order` DESC")[0]["order"] + 1; $query = "INSERT INTO `zz_viste` (`name`, `id_module`, `query`, `enabled`, `search`, `slow`, `summable`, `search_inside`, `order_by`, `order`) VALUES (" . prepare($_POST["name"][$c]) . ", " . prepare($module_id) . ", " . prepare($_POST["query"][$c]) . ", " . prepare($_POST["enabled"][$c]) . ", " . prepare($_POST["search"][$c]) . ", " . prepare($_POST["slow"][$c]) . ", " . prepare($_POST["sum"][$c]) . ", " . prepare($_POST["search_inside"][$c]) . ", " . prepare($_POST["order_by"][$c]) . ", " . prepare($order) . ")"; } $dbo->query($query); if ($_POST["id"][$c] == "") $id = $dbo->last_inserted_id(); foreach ($_POST["gruppi"][$c] as $gruppo) { $dbo->query("INSERT INTO `zz_gruppi_viste` (`id_gruppo`, `id_vista`) VALUES (" . prepare($gruppo) . ", " . prepare($id) . ")"); } } else $rs = false; } if ($rs) array_push($_SESSION["infos"], _("Salvataggio completato!")); else array_push($_SESSION["errors"], _("Ci sono stati alcuni errori durante il salvataggio!")); break; case "delete" : $id = filter("id"); $dbo->query("DELETE FROM `zz_viste` WHERE `id`=" . prepare($id)); $dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista`=" . prepare($id)); break; case "update_position" : $start = filter("start", "both", 0, "int") + 1; $end = filter("end", "both", 0, "int") + 1; $id = filter("id"); if ($start > $end) { $dbo->query("UPDATE `zz_viste` SET `order`=`order` + 1 WHERE `order`>=" . prepare($end) . " AND `order`<" . prepare($start) . " AND id_module=" . prepare($module_id)); $dbo->query("UPDATE `zz_viste` SET `order`=" . prepare($end) . " WHERE id=" . prepare($id)); } else if ($end != $start) { $dbo->query("UPDATE `zz_viste` SET `order`=`order` - 1 WHERE `order`>" . prepare($start) . " AND `order`<=" . prepare($end) . " AND id_module=" . prepare($module_id)); $dbo->query("UPDATE `zz_viste` SET `order`=" . prepare($end) . " WHERE id=" . prepare($id)); } redirect($rootdir . "/editor.php?id_module=" . $id_module . "&id_record=" . $id_record); break; case "filters": $rs = true; foreach ($_POST["query"] as $c => $k) { // Fix per la protezone contro XSS, che interpreta la sequenza "query($query); } } break; case "delete_vista" : $dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista` IN (SELECT `id` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . ")"); $dbo->query("DELETE FROM `zz_modules` WHERE `id`=" . prepare($module_id)); $dbo->query("DELETE FROM `zz_viste` WHERE `id_module`=" . prepare($module_id)); array_push( $_SESSION['infos'], "Vista eliminata!" ); break; case "duplica": $des_new = save( $_POST['descrizione'] ); if( $dbo->fetchNum("SELECT * FROM zz_modules WHERE id='".$module_id."'" )){ // duplica record in zz_modules $query="INSERT INTO `zz_modules` ( `name`, `name2`, `module_dir`, `options`, `options2`, `icon`, `version`, `compatibility`, `order`, `parent`, `default`, `default_menu`, `enabled`, `type`, `new`, `updated_at`, `created_at`, `updated_by`, `created_by`, `moduli_add` ) SELECT `name`, `name2`, `module_dir`, `options`, `options2`, `icon`, `version`, `compatibility`, `order`, `parent`, `default`, `default_menu`, `enabled`, `type`, `new`, `updated_at`, `created_at`, `updated_by`, `created_by`, `moduli_add` FROM zz_modules WHERE id ='".$module_id."'"; $id_tmp = $dbo->query($query); $query = "UPDATE zz_modules SET mod_personale='1' , name='".$des_new."' WHERE id=\"".$id_tmp."\""; $dbo->query( $query ); // duplica record in zz_viste $query="INSERT INTO `zz_viste` ( `name`, `query`, `order`, `search`, `slow`, `search_inside`, `order_by`, `enabled`, `summable`, `default` ) SELECT `name`, `query`, `order`, `search`, `slow`, `search_inside`, `order_by`, `enabled`, `summable`, `default` FROM zz_viste WHERE id_module ='".$module_id."'"; $id_tmp1 = $dbo->query($query); $query = "UPDATE zz_viste SET id_module='".$id_tmp."' WHERE id_module='0'"; $dbo->query( $query ); // duplica record in zz_viste $query = "SELECT * FROM zz_viste WHERE id_module='".$id_tmp."' order by id"; $rs_riga = $dbo->fetchArray($query); for( $ri=0; $riquery($query1); $dbo->query($query2); $dbo->query($query3); $dbo->query($query4); } $id_record=$id_tmp; array_push( $_SESSION['infos'], "Vista duplicato!" ); } else{ array_push( $_SESSION['errors'], "Vista non duplicata!" ); } break; } } ?>