<?php
include_once(__DIR__."/../../core.php");
function check_query($query) {
if (strpos($query, "INSERT") !== false || strpos($query, "UPDATE") !== false || strpos($query, "TRUNCATE") !== false || strpos($query, "DELETE") !== false || strpos($query, "DROP") !== false) return false;
return true;
}
$idutente = $_SESSION['idutente'];
$module_id = filter("id_record");
if ($modules_info[$module_name]["permessi"] == 'rw') {
switch (filter('op')) {
case "update" :
$rs = true;
if (check_query($_POST["options2"])) $dbo->query("UPDATE `zz_modules` SET `name2`=" . prepare($_POST["name2"]) . ", `options2`=" . prepare($_POST["options2"]) . " WHERE `id`=" . prepare($module_id));
else $rs = false;
$dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista` IN (SELECT `id` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . ")");
foreach ($_POST["query"] as $c => $k) {
if (check_query($_POST["query"][$c])) {
if ($_POST["search"][$c] == "on") $_POST["search"][$c] = 1;
else $_POST["search"][$c] = 0;
if ($_POST["slow"][$c] == "on") $_POST["slow"][$c] = 1;
else $_POST["slow"][$c] = 0;
if ($_POST["sum"][$c] == "on") $v_sommabile = 1;
else $v_sommabile = 0;
if ($_POST["grassetto"][$c] == "on") $v_grassetto = 1;
else $v_grassetto = 0;
if ($_POST["id"][$c] != "" && $_POST["query"][$c] != "") {
$id = $_POST["id"][$c];
$query = "UPDATE `zz_viste` SET `name`=" . prepare($_POST["name"][$c]) . ", `query`=" . prepare($_POST["query"][$c]) . ",
`enabled`=" . prepare($_POST["enabled"][$c]) . ", `search`=" . prepare($_POST["search"][$c]) . ",
`slow`=" . prepare($_POST["slow"][$c]) . ", `grassetto`=" . $v_grassetto . ", capo_caratteri =" . prepare($_POST["capo_caratteri"][$c]) . ", `summable`=" . $v_sommabile . ", `allineamento`=" . prepare($_POST["allineamento"][$c]) . ",
`search_inside`=" . prepare($_POST["search_inside"][$c]) . ", `order_by`=" . prepare($_POST["order_by"][$c]) . " WHERE `id`=" . prepare($id);
}
else if ($_POST["query"][$c] != "") {
$order = $dbo->fetchArray("SELECT `order` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . " ORDER BY `order` DESC")[0]["order"] + 1;
$query = "INSERT INTO `zz_viste` (`name`, `id_module`, `query`, `enabled`, `search`, `slow`, `summable`, `search_inside`, `order_by`, `order`) VALUES (" . prepare($_POST["name"][$c]) . ", " . prepare($module_id) . ", " . prepare($_POST["query"][$c]) . ", " . prepare($_POST["enabled"][$c]) . ", " . prepare($_POST["search"][$c]) . ", " . prepare($_POST["slow"][$c]) . ", " . prepare($_POST["sum"][$c]) . ", " . prepare($_POST["search_inside"][$c]) . ", " . prepare($_POST["order_by"][$c]) . ", " . prepare($order) . ")";
}
$dbo->query($query);
if ($_POST["id"][$c] == "") $id = $dbo->last_inserted_id();
foreach ($_POST["gruppi"][$c] as $gruppo) {
$dbo->query("INSERT INTO `zz_gruppi_viste` (`id_gruppo`, `id_vista`) VALUES (" . prepare($gruppo) . ", " . prepare($id) . ")");
}
}
else
$rs = false;
}
if ($rs) array_push($_SESSION["infos"], _("Salvataggio completato!"));
else array_push($_SESSION["errors"], _("Ci sono stati alcuni errori durante il salvataggio!"));
break;
case "delete" :
$id = filter("id");
$dbo->query("DELETE FROM `zz_viste` WHERE `id`=" . prepare($id));
$dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista`=" . prepare($id));
break;
case "update_position" :
$start = filter("start", "both", 0, "int") + 1;
$end = filter("end", "both", 0, "int") + 1;
$id = filter("id");
if ($start > $end) {
$dbo->query("UPDATE `zz_viste` SET `order`=`order` + 1 WHERE `order`>=" . prepare($end) . " AND `order`<" . prepare($start) . " AND id_module=" . prepare($module_id));
$dbo->query("UPDATE `zz_viste` SET `order`=" . prepare($end) . " WHERE id=" . prepare($id));
}
else if ($end != $start) {
$dbo->query("UPDATE `zz_viste` SET `order`=`order` - 1 WHERE `order`>" . prepare($start) . " AND `order`<=" . prepare($end) . " AND id_module=" . prepare($module_id));
$dbo->query("UPDATE `zz_viste` SET `order`=" . prepare($end) . " WHERE id=" . prepare($id));
}
redirect($rootdir . "/editor.php?id_module=" . $id_module . "&id_record=" . $id_record);
break;
case "filters":
$rs = true;
foreach ($_POST["query"] as $c => $k) {
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
if ($_POST["id"][$c] != "" && $_POST["query"][$c] != "") {
$id = $_POST["id"][$c];
$rimuovi=$_POST['rimuovi'][$c];
$enabled=$_POST['enabled'][$c];
$name=$_POST['name'][$c];
if ( $rimuovi != 'on' ){
$query = "UPDATE `zz_gruppi_modules` SET
`name`='". $name . "' ,
`idgruppo`='". $_POST['gruppo'][$c] . "' ,
`idmodule`='". $id_record . "' ,
`clause`='". $_POST['query'][$c] . "'
WHERE `id`=" . prepare($id);
$dbo->query($query);
} else {
$dbo->query('DELETE FROM `zz_gruppi_modules` WHERE `id`='.prepare($id));
}
}
else if ($_POST["query"][$c] != "") {
$query = "INSERT INTO `zz_gruppi_modules` (`name`, `idmodule`, `clause`, `enabled`,`idgruppo`,`default` ) VALUES
(" . prepare($_POST["name"][$c]) . ", " . $id_record . ", " . prepare($_POST["query"][$c]) . ",1,". prepare($_POST["gruppo"][$c]) . ",'0')";
$dbo->query($query);
}
}
break;
case "delete_vista" :
$dbo->query("DELETE FROM `zz_gruppi_viste` WHERE `id_vista` IN (SELECT `id` FROM `zz_viste` WHERE `id_module`=" . prepare($module_id) . ")");
$dbo->query("DELETE FROM `zz_modules` WHERE `id`=" . prepare($module_id));
$dbo->query("DELETE FROM `zz_viste` WHERE `id_module`=" . prepare($module_id));
array_push( $_SESSION['infos'], "Vista eliminata!" );
break;
case "duplica":
$des_new = save( $_POST['descrizione'] );
if( $dbo->fetchNum("SELECT * FROM zz_modules WHERE id='".$module_id."'" )){
// duplica record in zz_modules
$query="INSERT INTO `zz_modules` (
`name`, `name2`, `module_dir`, `options`, `options2`, `icon`, `version`, `compatibility`, `order`, `parent`, `default`, `default_menu`, `enabled`, `type`, `new`,
`updated_at`, `created_at`, `updated_by`, `created_by`, `moduli_add` )
SELECT `name`, `name2`, `module_dir`, `options`, `options2`, `icon`, `version`, `compatibility`, `order`, `parent`, `default`, `default_menu`, `enabled`, `type`, `new`,
`updated_at`, `created_at`, `updated_by`, `created_by`, `moduli_add` FROM zz_modules WHERE id ='".$module_id."'";
$id_tmp = $dbo->query($query);
$query = "UPDATE zz_modules SET mod_personale='1' , name='".$des_new."' WHERE id=\"".$id_tmp."\"";
$dbo->query( $query );
// duplica record in zz_viste
$query="INSERT INTO `zz_viste` ( `name`, `query`, `order`, `search`, `slow`, `search_inside`, `order_by`, `enabled`, `summable`, `default` )
SELECT `name`, `query`, `order`, `search`, `slow`, `search_inside`, `order_by`, `enabled`, `summable`, `default` FROM zz_viste WHERE id_module ='".$module_id."'";
$id_tmp1 = $dbo->query($query);
$query = "UPDATE zz_viste SET id_module='".$id_tmp."' WHERE id_module='0'";
$dbo->query( $query );
// duplica record in zz_viste
$query = "SELECT * FROM zz_viste WHERE id_module='".$id_tmp."' order by id";
$rs_riga = $dbo->fetchArray($query);
for( $ri=0; $ri<sizeof($rs_riga); $ri++ ){
$query1="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '1' ,'".$rs_riga[$ri]['id']."')";
$query2="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '2' ,'".$rs_riga[$ri]['id']."')";
$query3="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '3' ,'".$rs_riga[$ri]['id']."')";
$query4="INSERT INTO `zz_gruppi_viste` ( `id_gruppo`, `id_vista` ) values ( '4' ,'".$rs_riga[$ri]['id']."')";
$dbo->query($query1);
$dbo->query($query2);
$dbo->query($query3);
$dbo->query($query4);
}
$id_record=$id_tmp;
array_push( $_SESSION['infos'], "Vista duplicato!" );
}
else{
array_push( $_SESSION['errors'], "Vista non duplicata!" );
}
break;
}
}
?>