PageRenderTime 42ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/library/include/mysql.lib.php

https://bitbucket.org/marcor/gazie
PHP | 622 lines | 501 code | 44 blank | 77 comment | 81 complexity | cd0ecbdbfe96becc4de9abde03ab86ce MD5 | raw file
Possible License(s): LGPL-2.1, LGPL-3.0, GPL-2.0 
    

  1. <?php

    2. 

  2. /*

    3. 

  3.  --------------------------------------------------------------------------

    4. 

  4.                             GAzie - Gestione Azienda

    5. 

  5.     Copyright (C) 2004-2012 - Antonio De Vincentiis Montesilvano (PE)

    6. 

  6.                                 (www.devincentiis.it)

    7. 

  7.                         <http://gazie.it>

    8. 

  8.  --------------------------------------------------------------------------

    9. 

  9.     Questo programma e` free software;   e` lecito redistribuirlo  e/o

    10. 

  10.     modificarlo secondo i  termini della Licenza Pubblica Generica GNU

    11. 

  11.     come e` pubblicata dalla Free Software Foundation; o la versione 2

    12. 

  12.     della licenza o (a propria scelta) una versione successiva.

    13. 

  13. 

    14. 

  14.     Questo programma  e` distribuito nella speranza  che sia utile, ma

    15. 

  15.     SENZA   ALCUNA GARANZIA; senza  neppure  la  garanzia implicita di

    16. 

  16.     NEGOZIABILITA` o di  APPLICABILITA` PER UN  PARTICOLARE SCOPO.  Si

    17. 

  17.     veda la Licenza Pubblica Generica GNU per avere maggiori dettagli.

    18. 

  18. 

    19. 

  19.     Ognuno dovrebbe avere   ricevuto una copia  della Licenza Pubblica

    20. 

  20.     Generica GNU insieme a   questo programma; in caso  contrario,  si

    21. 

  21.     scriva   alla   Free  Software Foundation,  Inc.,   675  Mass Ave,

    22. 

  22.     Cambridge, MA 02139, Stati Uniti.

    23. 

  23.  --------------------------------------------------------------------------

    24. 

  24. */

    25. 

  25. 

    26. 

  26. function connectToDB ()

    27. 

  27. {

    28. 

  28.     global $link, $Host, $Database, $User, $Password;

    29. 

  29.     $count;
    30. 

  30.     //
    31. 

  31.     // Salva il valore precedente di error_reporting().
    32. 

  32.     //
    33. 

  33.     $level = error_reporting();
    34. 

  34.     //
    35. 

  35.     // Tenta per almeno cinque volte di eseguire la connessione.
    36. 

  36.     //
    37. 

  37.     for ($count = 5; $count > 0; $count--)
    38. 

  38.       {
    39. 

  39.         //
    40. 

  40.         // Per i primi quattro tentativi non mostra gli avvertimenti.
    41. 

  41.         //
    42. 

  42.         if ($count > 1)
    43. 

  43.           error_reporting (E_ERROR | E_PARSE | E_NOTICE);
    44. 

  44.         $link = mysql_connect($Host, $User, $Password);

    45. 

  45.         //
    46. 

  46.         // Riprisinta la modalità precedente di segnalazione degli
    47. 

  47.         // errori.
    48. 

  48.         //
    49. 

  49.         error_reporting ($level);
    50. 

  50.         //
    51. 

  51.         // Se non è riuscito a connettersi, attende un po' e poi riprova;
    52. 

  52.         // altrimenti esce.
    53. 

  53.         //
    54. 

  54.         if (!$link)
    55. 

  55.           sleep (rand (3, 7));
    56. 

  56.         else
    57. 

  57.           break;
    58. 

  58.       }
    59. 

  59.     mysql_set_charset('utf8');

    60. 

  60.     if (!$link) die (" Can't connect to MySQL<br />Impossibile connettersi a MySql <br />No se puede conectar a MySQL");

    61. 

  61.     mysql_select_db($Database,$link) or die (

    62. 

  62.              "Was not found, << $Database >>  database! <br />

    63. 

  63.              Could not be installed, try to do so by <a href=\"../../setup/install/install.php\"> clicking HERE! </a><br />

    64. 

  64.              <br />Non &egrave; stata trovata la base dati di nome << $Database >>! <br />

    65. 

  65.              Potrebbe non essere stato installata, prova a farlo <a href=\"../../setup/install/install.php\"> cliccando QUI! </a> <br />

    66. 

  66.              <br />No se ha encontrado, la base de datos << $Database >>  ! <br />

    67. 

  67.              No pudo ser instalado, trate de hacerlo haciendo <a href=\"../../setup/install/install.php\">  clic AQU&Iacute;! </a>");

    68. 

  68. }

    69. 

  69. 

    70. 

  70. function connectIsOk()

    71. 

  71. {

    72. 

  72.     global $Host, $User, $Password, $link;

    73. 

  73.     $result = True;

    74. 

  74.     $link = mysql_connect($Host, $User, $Password) or ($result = False); // In $result l'esito della connessione

    75. 

  75.     return $result;

    76. 

  76. }

    77. 

  77. 

    78. 

  78. function createDatabase($Database)

    79. 

  79. {

    80. 

  80.     global $link;

    81. 

  81.     mysql_query("CREATE DATABASE $Database DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;",$link) or die ("ERRORE: il database $Database non &egrave; stato creato!");

    82. 

  82. }

    83. 

  83. 

    84. 

  84. function databaseIsOk()

    85. 

  85. {

    86. 

  86.     global $link, $Database;

    87. 

  87.     $result = True;

    88. 

  88.     mysql_select_db( $Database, $link) or ($result = False); // In $result l'esito della selezione

    89. 

  89.     return $result;

    90. 

  90. }

    91. 

  91. 

    92. 

  92. function gaz_dbi_query ($query,$ar=false)

    93. 

  93. {

    94. 

  94.     global $link;

    95. 

  95.     $result = mysql_query($query, $link);

    96. 

  96.     if (!$result) die ("Error in gaz_dbi_query:".$query.mysql_error());

    97. 

  97.     if ($ar){

    98. 

  98.         return mysql_affected_rows();

    99. 

  99.     } else {

    100. 

  100.         return $result;

    101. 

  101.     }

    102. 

  102. }

    103. 

  103. 

    104. 

  104. function gaz_dbi_fetch_array ($resource)

    105. 

  105. {

    106. 

  106.     $result = mysql_fetch_array($resource);

    107. 

  107.     return $result;

    108. 

  108. }

    109. 

  109. 

    110. 

  110. function gaz_dbi_fetch_row ($resource)

    111. 

  111. {

    112. 

  112.     $result = mysql_fetch_row($resource);

    113. 

  113.     return $result;

    114. 

  114. }

    115. 

  115. 

    116. 

  116. function gaz_dbi_num_rows ($resource)

    117. 

  117. {

    118. 

  118.     $result = mysql_num_rows($resource);

    119. 

  119.     return $result;

    120. 

  120. }

    121. 

  121. 

    122. 

  122. function gaz_dbi_fetch_object ($resource)

    123. 

  123. {

    124. 

  124.     $result = mysql_fetch_object($resource);

    125. 

  125.     return $result;

    126. 

  126. }

    127. 

  127. 

    128. 

  128. function gaz_dbi_free_result ($result)

    129. 

  129. {

    130. 

  130.     mysql_free_result($result);

    131. 

  131. }

    132. 

  132. 

    133. 

  133. //uso un metodo simile a quello di phpMyAdmin in sql.php per controllare i tipi di campo

    134. 

  134. function gaz_dbi_get_fields_meta($result)

    135. 

  135. {

    136. 

  136.     $fields=array();

    137. 

  137.     $fields['num']=mysql_num_fields($result);

    138. 

  138.     for ($i = 0; $i < $fields['num']; $i++) {

    139. 

  139.         $fields['data'][]=mysql_fetch_field($result, $i);

    140. 

  140.     }

    141. 

  141.     return $fields;

    142. 

  142. }

    143. 

  143. 

    144. 

  144. function gaz_dbi_get_row( $table, $fnm, $fval)

    145. 

  145. {

    146. 

  146.     global $link;

    147. 

  147.     $result = mysql_query("SELECT * FROM $table WHERE $fnm = '$fval'", $link);

    148. 

  148.     if (!$result) die (" Error gaz_dbi_get_row: ".mysql_error());

    149. 

  149.     return mysql_fetch_array( $result);

    150. 

  150. }

    151. 

  151. 

    152. 

  152. function gaz_dbi_put_row ($table, $CampoCond, $ValoreCond , $Campo, $Valore)

    153. 

  153. {

    154. 

  154.     global $link;

    155. 

  155.     $field_results = gaz_dbi_query ("SELECT * FROM ".$table);

    156. 

  156.     $field_meta=gaz_dbi_get_fields_meta($field_results);

    157. 

  157.     $where=' WHERE '.$CampoCond.' = ';

    158. 

  158.     $query = "UPDATE ".$table.' SET '.$Campo.' = ';

    159. 

  159.     for ($j = 0; $j < $field_meta['num']; $j++) {

    160. 

  160.         if ($field_meta['data'][$j]->name==$Campo) {

    161. 

  161.            if ($field_meta['data'][$j]->blob && !empty($Valore)) {

    162. 

  162.               $query .= '0x'.bin2hex($Valore);

    163. 

  163.            } elseif ($field_meta['data'][$j]->numeric && $field_meta['data'][$j]->type != 'timestamp'){

    164. 

  164.               $query .= floatval($Valore);

    165. 

  165.            } else {

    166. 

  166.               $elem = addslashes($Valore); // risolve il classico problema dei caratteri speciali per inserimenti in SQL

    167. 

  167.               $elem = preg_replace("/\\\'/","''",$elem); //cambia lo backslash+singlequote con 2 singlequote come fa phpmyadmin.

    168. 

  168.               $query .="'".$elem."'";

    169. 

  169.            }

    170. 

  170.         }

    171. 

  171.         if ($field_meta['data'][$j]->name==$CampoCond) {

    172. 

  172.            if ($field_meta['data'][$j]->blob && !empty($ValoreCond)) {

    173. 

  173.               $where .= '0x'.bin2hex($Valore);

    174. 

  174.            } elseif ($field_meta['data'][$j]->numeric && $field_meta['data'][$j]->type != 'timestamp'){

    175. 

  175.               $where .= floatval($ValoreCond);

    176. 

  176.            } else {

    177. 

  177.               $elem = addslashes($ValoreCond); // risolve il classico problema dei caratteri speciali per inserimenti in SQL

    178. 

  178.               $elem = preg_replace("/\\\'/","''",$elem); //cambia lo backslash+singlequote con 2 singlequote come fa phpmyadmin.

    179. 

  179.               $where .="'".$elem."'";

    180. 

  180.            }

    181. 

  181.         }

    182. 

  182.     }

    183. 

  183.     $query .= $where.' LIMIT 1';

    184. 

  184.     $result = mysql_query ($query, $link);

    185. 

  185.     if (!$result ) die ("Error gaz_dbi_put_row: <b>$query</b>".mysql_error() );

    186. 

  186.     return $result;

    187. 

  187. }

    188. 

  188. 

    189. 

  189. function gaz_dbi_put_query ($table, $where , $Campo, $Valore)

    190. 

  190. {

    191. 

  191.     global $link;

    192. 

  192.     $result = mysql_query ("UPDATE $table SET $Campo='$Valore' WHERE $where", $link);

    193. 

  193.     if (!$result) die ($where."Error gaz_dbi_put_query: ".mysql_error() );

    194. 

  194. }

    195. 

  195. 

    196. 

  196. function gaz_dbi_del_row( $table, $fname, $fval)

    197. 

  197. {

    198. 

  198.     global $link;

    199. 

  199.     $result = mysql_query("DELETE FROM $table WHERE $fname = '$fval'", $link) or die (" Errore di cancellazione: ".mysql_error());

    200. 

  200.     if (!$result) die ($where."Error gaz_dbi_del_row: ".mysql_error() );

    201. 

  201. }

    202. 

  202. 

    203. 

  203. // restituisce l'id dell'ultimo insert

    204. 

  204. function gaz_dbi_last_id()

    205. 

  205. {

    206. 

  206.     global $link;

    207. 

  207.     $num_id = mysql_insert_id($link);

    208. 

  208.     return $num_id;

    209. 

  209. }

    210. 

  210. 

    211. 

  211. // restituisce il numero record di una query

    212. 

  212. function gaz_dbi_record_count($table, $where)

    213. 

  213. {

    214. 

  214.     global $link;

    215. 

  215.     $result = mysql_query("SELECT * FROM ".$table." WHERE ".$where."" ,$link);

    216. 

  216.     $count = mysql_num_rows($result);

    217. 

  217.     return $count;

    218. 

  218. }

    219. 

  219. 

    220. 

  220. // funzione che compone una query con i parametri: tabella, where, orderby, limit e passo (riga di inizio e n. record)

    221. 

  221. function gaz_dbi_dyn_query($select, $tabella, $where=1, $orderby=2, $limit=0, $passo=2000000)

    222. 

  222. {

    223. 

  223.     global $link, $session;

    224. 

  224.     $query = "SELECT $select FROM $tabella ";

    225. 

  225.     if ($where != '') {

    226. 

  226.         $query .= "WHERE $where ";

    227. 

  227.     }

    228. 

  228.     if ($orderby == '2') {

    229. 

  229.         $query .= "LIMIT $limit, $passo";

    230. 

  230.     } else {

    231. 

  231.         $query .= "ORDER BY $orderby LIMIT $limit, $passo";

    232. 

  232.     }

    233. 

  233.     $result = mysql_query($query, $link);

    234. 

  234.     if (!$result) die (" Errore di gaz_dbi_dyn_query:<b> $query </b> ".mysql_error());

    235. 

  235.     return $result;

    236. 

  236. }

    237. 

  237. 

    238. 

  238. function gaz_dbi_fields($table)

    239. 

  239. {

    240. 

  240.    /*

    241. 

  241.     * $table - il nome della tabella all'interno dell'array $gTables

    242. 

  242.     * questa funzione genera un array(chiave=>valore) contenente tutte le chiavi

    243. 

  243.     * della tabella richiesta a valori nulli o 0 a secondo del tipo

    244. 

  244.     */

    245. 

  245.     global $link, $gTables;

    246. 

  246.     $acc=array();

    247. 

  247.     $field_results = gaz_dbi_query ("SELECT * FROM ".$gTables[$table]);

    248. 

  248.     $field_meta=gaz_dbi_get_fields_meta($field_results);

    249. 

  249.     for ($j = 0; $j < $field_meta['num']; $j++) {

    250. 

  250.               if ($field_meta['data'][$j]->blob && !empty($value[$field_meta['data'][$j]->name])) {

    251. 

  251.                  // i binari

    252. 

  252.                  $acc[$field_meta['data'][$j]->name] = '';

    253. 

  253.               } elseif ($field_meta['data'][$j]->numeric && $field_meta['data'][$j]->type != 'timestamp'){

    254. 

  254.                  // i numerici

    255. 

  255.                  $acc[$field_meta['data'][$j]->name] = 0;

    256. 

  256.               } else {

    257. 

  257.                  // le stringhe di caratteri

    258. 

  258.                  $acc[$field_meta['data'][$j]->name] = '';

    259. 

  259.               }

    260. 

  260.     }

    261. 

  261.     return $acc;

    262. 

  262. }

    263. 

  263. 

    264. 

  264. function gaz_dbi_parse_post($table)

    265. 

  265. {

    266. 

  266.    /*

    267. 

  267.     * $table - il nome della tabella all'interno dell'array $gTables

    268. 

  268.     * questa funzione genera un array(chiave=>valore) contenente le sole chiavi

    269. 

  269.     * omonime presenti in $_POST e con i valori parsati in base al tipo di colonna

    270. 

  270.     */

    271. 

  271.     global $link, $gTables;

    272. 

  272.     $acc=array();

    273. 

  273.     $field_results = gaz_dbi_query ("SELECT * FROM ".$gTables[$table]);

    274. 

  274.     $field_meta=gaz_dbi_get_fields_meta($field_results);

    275. 

  275.     for ($j = 0; $j < $field_meta['num']; $j++) {

    276. 

  276.            if (isset($_POST[$field_meta['data'][$j]->name])) {

    277. 

  277.               if ($field_meta['data'][$j]->blob && !empty($_POST[$field_meta['data'][$j]->name])) {

    278. 

  278.                  // i binari non li considero

    279. 

  279.               } elseif ($field_meta['data'][$j]->numeric && $field_meta['data'][$j]->type != 'timestamp'){

    280. 

  280.                  // i numerici

    281. 

  281.                  $acc[$field_meta['data'][$j]->name] = floatval(preg_replace("/\,/",'.',$_POST[$field_meta['data'][$j]->name]));

    282. 

  282.               } else {

    283. 

  283.                  // le stringhe di caratteri

    284. 

  284.                  $acc[$field_meta['data'][$j]->name] = substr($_POST[$field_meta['data'][$j]->name],0,mysql_field_len($field_results,$j));

    285. 

  285.               }

    286. 

  286.            }

    287. 

  287.     }

    288. 

  288.     return $acc;

    289. 

  289. }

    290. 

  290. 

    291. 

  291. function gaz_dbi_table_insert($table,$value)

    292. 

  292. {

    293. 

  293.    /*

    294. 

  294.     * $table - il nome della tabella all'interno dell'array $gTables

    295. 

  295.     * $value - array associativo del tipo nome_colonna=>valore con i valori da inserire

    296. 

  296.     */

    297. 

  297.     global $link, $gTables;

    298. 

  298.     $first=true;

    299. 

  299.     $auto_increment=false;

    300. 

  300.     $colName='';

    301. 

  301.     $colValue='';

    302. 

  302.     $field_results=gaz_dbi_query ("SELECT * FROM ".$gTables[$table]);

    303. 

  303.     $rs_auto_increment=gaz_dbi_query ("SHOW COLUMNS FROM ".$gTables[$table]);

    304. 

  304.     while ($ai=mysql_fetch_assoc($rs_auto_increment)){

    305. 

  305.           if ($ai['Extra']=='auto_increment'){

    306. 

  306.              $auto_increment=$ai['Field'];

    307. 

  307.           }

    308. 

  308.     }

    309. 

  309.     $field_meta=gaz_dbi_get_fields_meta($field_results);

    310. 

  310.     for ($j = 0; $j < $field_meta['num']; $j++) {

    311. 

  311.        if ($field_meta['data'][$j]->name != $auto_increment) {  // il campo auto increment non dev'essere passato

    312. 

  312.            $colName .= ($first ? $field_meta['data'][$j]->name : ', '.$field_meta['data'][$j]->name);

    313. 

  313.            $colValue .= ($first ? " " : ", ");

    314. 

  314.            $first=false;

    315. 

  315.            if (isset($value[$field_meta['data'][$j]->name])) {

    316. 

  316.               if ($field_meta['data'][$j]->blob && !empty($value[$field_meta['data'][$j]->name])) {

    317. 

  317.                  $colValue .= '0x'.bin2hex($value[$field_meta['data'][$j]->name]);

    318. 

  318.               } elseif ($field_meta['data'][$j]->numeric && $field_meta['data'][$j]->type != 'timestamp'){

    319. 

  319.                  $colValue .= floatval($value[$field_meta['data'][$j]->name]);

    320. 

  320.               } else {

    321. 

  321.                  $elem = addslashes($value[$field_meta['data'][$j]->name]); // risolve il classico problema dei caratteri speciali per inserimenti in SQL

    322. 

  322.                  $elem = preg_replace("/\\\'/","''",$elem); //cambia lo backslash+singlequote con 2 singlequote come fa phpmyadmin.

    323. 

  323.                  $colValue .="'".$elem."'";

    324. 

  324.               }

    325. 

  325.            } elseif ($field_meta['data'][$j]->name == 'adminid') { //l'adminid non lo si deve passare

    326. 

  326.               $colValue .= "'".$_SESSION['Login']."'";

    327. 

  327.            } else {

    328. 

  328.               if ($field_meta['data'][$j]->numeric && $field_meta['data'][$j]->type != 'timestamp'){

    329. 

  329.                  $colValue .='0';

    330. 

  330.               } else {

    331. 

  331.                  $colValue .="''";

    332. 

  332.               }

    333. 

  333.            }

    334. 

  334.        }

    335. 

  335.     }

    336. 

  336.     $query = "INSERT INTO ".$gTables[$table]." ( ".$colName." ) VALUES ( ".$colValue.");";

    337. 

  337.     $result = mysql_query($query, $link);

    338. 

  338.     if (!$result) die ("Error gaz_dbi_table_insert:<b> $query </b> ".mysql_error());

    339. 

  339. }

    340. 

  340. 

    341. 

  341. function gaz_dbi_table_update($table,$id,$newValue)

    342. 

  342. {

    343. 

  343.    /*

    344. 

  344.     * $table - il nome della tabella all'interno dell'array $gTables

    345. 

  345.     * $id - stringa con il valore del campo "codice" da aggiornare o array(0=>nome,1=>valore,2=>nuovo_valore)

    346. 

  346.     * $newValue - array associativo del tipo nome_colonna=>valore con i valori da inserire

    347. 

  347.     */

    348. 

  348.     global $link, $gTables;

    349. 

  349.     $field_results = gaz_dbi_query ("SELECT * FROM ".$gTables[$table]);

    350. 

  350.     $field_meta=gaz_dbi_get_fields_meta($field_results);

    351. 

  351.     $query = "UPDATE ".$gTables[$table].' SET ';

    352. 

  352.     $first = true;

    353. 

  353.     $quote_id="'";

    354. 

  354.     for ($j = 0; $j < $field_meta['num']; $j++) {

    355. 

  355.         if (isset($newValue[$field_meta['data'][$j]->name])) {

    356. 

  356.            $query .= ($first ? $field_meta['data'][$j]->name." = " : ", ".$field_meta['data'][$j]->name." = ");

    357. 

  357.            $first = false;

    358. 

  358.            if ($field_meta['data'][$j]->blob && !empty($newValue[$field_meta['data'][$j]->name])) {

    359. 

  359.               $query .= '0x'.bin2hex($newValue[$field_meta['data'][$j]->name]);

    360. 

  360.            } elseif ($field_meta['data'][$j]->numeric && $field_meta['data'][$j]->type != 'timestamp'){

    361. 

  361.               $query .= floatval($newValue[$field_meta['data'][$j]->name]);

    362. 

  362.            } else {

    363. 

  363.               $elem = addslashes($newValue[$field_meta['data'][$j]->name]); // risolve il classico problema dei caratteri speciali per inserimenti in SQL

    364. 

  364.               $elem = preg_replace("/\\\'/","''",$elem); //cambia lo backslash+singlequote con 2 singlequote come fa phpmyadmin.

    365. 

  365.               $query .="'".$elem."'";

    366. 

  366.            }

    367. 

  367.            //per superare lo STRICT_MODE del server non metto gli apici ai numerici

    368. 

  368.             if ((is_array($id) && $field_meta['data'][$j]->name == $id[0] && $field_meta['data'][$j]->numeric)

    369. 

  369.                || (is_string($id) && $field_meta['data'][$j]->name == 'codice' && $field_meta['data'][$j]->numeric)) {

    370. 

  370.                $quote_id='';

    371. 

  371.            }

    372. 

  372.         } elseif ($field_meta['data'][$j]->name == 'adminid') { //l'adminid non lo si deve passare

    373. 

  373.            $query .= ", adminid = '".$_SESSION['Login']."'";

    374. 

  374.         }

    375. 

  375.     }

    376. 

  376.     //   se in $id c'è un array uso il nome del campo presente all'index [0] ed il valore dell'index [1],

    377. 

  377.     //   eventualmente anche l'index [2] per il nuovo valore del codice che quindi verrà modificato

    378. 

  378.     if (is_array($id)){

    379. 

  379.         if (isset($id[2])){

    380. 

  380.             $query .= ", $id[0] = $quote_id$id[2]$quote_id";

    381. 

  381.         }

    382. 

  382.         $query .= " WHERE $id[0] = $quote_id$id[1]$quote_id";

    383. 

  383.     } else { //altrimenti uso "codice"

    384. 

  384.         $query .= " WHERE codice = $quote_id$id$quote_id";

    385. 

  385.     }

    386. 

  386.     $result = mysql_query ($query, $link);

    387. 

  387.     if (!$result) die ("Error gaz_dbi_table_update:<b> $query </b>".mysql_error() );

    388. 

  388. }

    389. 

  389. 

    390. 

  390. function tableInsert ($table, $columns, $newValue)

    391. 

  391. {

    392. 

  392.     global $link, $gTables;

    393. 

  393.     $first = True;

    394. 

  394.     $colName = "";

    395. 

  395.     $colValue = "";

    396. 

  396.     while(list($key,$field) = each($columns)) {

    397. 

  397.         $colName .= ($first ? $field : ','.$field);

    398. 

  398.         $colValue .= ($first ? " '" : ", '");

    399. 

  399.         $first = False;

    400. 

  400.         $colValue .= (isset($newValue[$field]) ? addslashes($newValue[$field]) : '')."'";

    401. 

  401.     }

    402. 

  402.     $query = "INSERT INTO ".$gTables[$table]." ( ".$colName." ) VALUES ( ".$colValue.")";

    403. 

  403.     $result = mysql_query($query, $link);

    404. 

  404.     if (!$result) die ("Error tableUpdate: ".mysql_error());

    405. 

  405. }

    406. 

  406. 

    407. 

  407. function tableUpdate ($table, $column, $codice, $newValue)

    408. 

  408. {

    409. 

  409.     global $link, $gTables;

    410. 

  410.     $first = True;

    411. 

  411.     $query = "UPDATE ".$gTables[$table].' SET';

    412. 

  412.     while(list($key,$field) = each($column)) {

    413. 

  413.         $query .= ($first ? " $field = '" : ", $field = '");

    414. 

  414.         $first = False;

    415. 

  415.         $query .= (isset($newValue[$field]) ? addslashes($newValue[$field]) : '')."'";

    416. 

  416.     }

    417. 

  417.     //   se in $codice c'è un array uso il nome del campo presente all'index [0],

    418. 

  418.     //   eventualmente anche l'index [2] per il nuovo valore del codice che quindi verrà modificato

    419. 

  419.     if (is_array($codice)){

    420. 

  420.         if (isset($codice[2])){

    421. 

  421.             $query .= ", $codice[0] = '$codice[2]'";

    422. 

  422.         }

    423. 

  423.         $query .= " WHERE $codice[0] = '$codice[1]'";

    424. 

  424.     } else { //altrimenti uso "codice"

    425. 

  425.         $query .= " WHERE codice = '$codice'";

    426. 

  426.     }

    427. 

  427.     $result = mysql_query ($query, $link);

    428. 

  428.     if (!$result) die ("Error tableUpdate: ".mysql_error() );

    429. 

  429. 

    430. 

  430. }

    431. 

  431. 

    432. 

  432. function mergeTable($table1,$campi1,$table2,$campi2,$campomerge,$where)

    433. 

  433. {

    434. 

  434.     global $link;

    435. 

  435.     $result = mysql_query("SELECT $campi1 FROM $table1 LEFT JOIN $table2 ON $table1.$campomerge = $table2.$campomerge WHERE $where", $link);

    436. 

  436.     if (!$result) die (" Error mergeTable: ".mysql_error());

    437. 

  437.     return $result;

    438. 

  438. }

    439. 

  439. 

    440. 

  440. function rigmoiInsert($newValue)

    441. 

  441. {

    442. 

  442.     $table = 'rigmoi';

    443. 

  443.     $columns = array('id_rig','id_tes','tipiva','codiva','periva','imponi','impost');

    444. 

  444.     tableInsert($table, $columns, $newValue);

    445. 

  445. }

    446. 

  446. 

    447. 

  447. function rigmocInsert($newValue)

    448. 

  448. {

    449. 

  449.     $table = 'rigmoc';

    450. 

  450.     $columns = array('id_rig','id_tes','darave','codcon','import');

    451. 

  451.     tableInsert($table, $columns, $newValue);

    452. 

  452. }

    453. 

  453. 

    454. 

  454. function paymovInsert($newValue)

    455. 

  455. {

    456. 

  456.     $table = 'paymov';

    457. 

  457.     $columns = array('id','id_tesdoc_ref','id_rigmoc_pay','id_rigmoc_doc','amount','expiry');

    458. 

  458.     tableInsert($table, $columns, $newValue);

    459. 

  459. }

    460. 

  460. 

    461. 

  461. function rigbroInsert ($newValue)

    462. 

  462. {

    463. 

  463.     $table = 'rigbro';

    464. 

  464.     $columns = array('id_tes','tiprig','codart','descri','id_body_text','unimis','quanti','prelis','sconto','codvat','pervat','codric','provvigione','ritenuta','delivery_date','id_doc','id_mag','status');

    465. 

  465.     tableInsert($table, $columns, $newValue);

    466. 

  466. }

    467. 

  467. 

    468. 

  468. function rigbroUpdate ($codice, $newValue)

    469. 

  469. {

    470. 

  470.     $table = 'rigbro';

    471. 

  471.     $columns = array('id_tes','tiprig','codart','descri','id_body_text','unimis','quanti','prelis','sconto','codvat','pervat','codric','provvigione','ritenuta','delivery_date','id_doc','id_mag','status');

    472. 

  472.     tableUpdate($table, $columns, $codice, $newValue);

    473. 

  473. }

    474. 

  474. 

    475. 

  475. function rigdocInsert ($newValue)

    476. 

  476. {

    477. 

  477.     $table = 'rigdoc';

    478. 

  478.     $columns = array('id_tes','tiprig','codart','descri','id_body_text','unimis','quanti','prelis','sconto','codvat','pervat','codric','provvigione','ritenuta','id_order','id_mag','status');

    479. 

  479.     tableInsert($table, $columns, $newValue);

    480. 

  480. }

    481. 

  481. 

    482. 

  482. function rigdocUpdate ($codice, $newValue)

    483. 

  483. {

    484. 

  484.     $table = 'rigdoc';

    485. 

  485.     $columns = array('id_tes','tiprig','codart','descri','id_body_text','unimis','quanti','prelis','sconto','codvat','pervat','codric','provvigione','ritenuta','id_order','id_mag','status');

    486. 

  486.     tableUpdate($table, $columns, $codice, $newValue);

    487. 

  487. }

    488. 

  488. 

    489. 

  489. function tesbroInsert ($newValue)

    490. 

  490. {

    491. 

  491.     $table = 'tesbro';

    492. 

  492.     $columns = array('seziva','tipdoc','template','print_total','delivery_time','day_of_validity','datemi','protoc','numdoc','numfat','datfat','clfoco','pagame','banapp','vettor','listin','destin','id_des','spediz','portos','imball','traspo','speban','spevar','round_stamp','cauven','caucon','caumag','id_agente','id_pro','sconto','vat_susp','stamp','net_weight','gross_weight','units','volume','initra','geneff','id_contract','id_con','status','adminid');

    493. 

  493.     $newValue['adminid'] = $_SESSION['Login'];

    494. 

  494.     tableInsert($table, $columns, $newValue);

    495. 

  495. }

    496. 

  496. 

    497. 

  497. function tesbroUpdate ($codice, $newValue)

    498. 

  498. {

    499. 

  499.     $table = 'tesbro';

    500. 

  500.     $columns = array('seziva','tipdoc','template','print_total','delivery_time','day_of_validity','datemi','protoc','numdoc','numfat','datfat','clfoco','pagame','banapp','vettor','listin','destin','id_des','spediz','portos','imball','traspo','speban','spevar','round_stamp','cauven','caucon','caumag','id_agente','id_pro','sconto','vat_susp','stamp','net_weight','gross_weight','units','volume','initra','geneff','id_contract','id_con','status','adminid');

    501. 

  501.     $newValue['adminid'] = $_SESSION['Login'];

    502. 

  502.     tableUpdate($table, $columns, $codice, $newValue);

    503. 

  503. }

    504. 

  504. 

    505. 

  505. function tesdocInsert ($newValue)

    506. 

  506. {

    507. 

  507.     $table = 'tesdoc';

    508. 

  508.     $columns = array('seziva','tipdoc','template','datemi','protoc','numdoc','numfat','datfat','clfoco','pagame','banapp','vettor','listin','destin','id_des','spediz','portos','imball','traspo','speban','spevar','round_stamp','cauven','caucon','caumag','id_agente','id_pro','sconto','vat_susp','stamp','net_weight','gross_weight','units','volume','initra','geneff','id_contract','id_con','status','adminid');

    509. 

  509.     $newValue['adminid'] = $_SESSION['Login'];

    510. 

  510.     tableInsert($table, $columns, $newValue);

    511. 

  511. }

    512. 

  512. 

    513. 

  513. function tesdocUpdate ($codice, $newValue)

    514. 

  514. {

    515. 

  515.     $table = 'tesdoc';

    516. 

  516.     $columns = array('seziva','tipdoc','template','datemi','protoc','numdoc','numfat','datfat','clfoco','pagame','banapp','vettor','listin','destin','id_des','spediz','portos','imball','traspo','speban','spevar','round_stamp','cauven','caucon','caumag','id_agente','id_pro','sconto','vat_susp','stamp','net_weight','gross_weight','units','volume','initra','geneff','id_contract','id_con','status','adminid');

    517. 

  517.     $newValue['adminid'] = $_SESSION['Login'];

    518. 

  518.     tableUpdate($table, $columns, $codice, $newValue);

    519. 

  519. }

    520. 

  520. 

    521. 

  521. function tesmovUpdate ($codice, $newValue)

    522. 

  522. {

    523. 

  523.     $table = 'tesmov';

    524. 

  524.     $columns = array( 'caucon', 'descri', 'datreg', 'seziva', 'id_doc', 'protoc', 'numdoc', 'datdoc', 'clfoco', 'regiva', 'operat', 'libgio','adminid');

    525. 

  525.     $newValue['adminid'] = $_SESSION['Login'];

    526. 

  526.     tableUpdate($table, $columns, $codice, $newValue);

    527. 

  527. }

    528. 

  528. 

    529. 

  529. function tesmovInsert ($newValue)

    530. 

  530. {

    531. 

  531.     $table = 'tesmov';

    532. 

  532.     $columns = array( 'caucon', 'descri', 'datreg', 'seziva', 'id_doc', 'protoc', 'numdoc', 'datdoc', 'clfoco', 'regiva', 'operat', 'libgio','adminid');

    533. 

  533.     $newValue['adminid'] = $_SESSION['Login'];

    534. 

  534.     tableInsert($table, $columns, $newValue);

    535. 

  535. }

    536. 

  536. 

    537. 

  537. function movmagInsert ($newValue)

    538. 

  538. {

    539. 

  539.     $table = 'movmag';

    540. 

  540.     $columns = array( 'caumag','operat','datreg','tipdoc','desdoc','datdoc','clfoco','scochi','id_rif','artico','quanti','prezzo','scorig','status','adminid');

    541. 

  541.     $newValue['adminid'] = $_SESSION['Login'];

    542. 

  542.     tableInsert($table, $columns, $newValue);

    543. 

  543. }

    544. 

  544. 

    545. 

  545. function movmagUpdate ($codice, $newValue)

    546. 

  546. {

    547. 

  547.     $table = 'movmag';

    548. 

  548.     $columns = array( 'caumag','operat','datreg','tipdoc','desdoc','datdoc','clfoco','scochi','id_rif','artico','quanti','prezzo','scorig','status','adminid');

    549. 

  549.     $newValue['adminid'] = $_SESSION['Login'];

    550. 

  550.     tableUpdate($table, $columns, $codice, $newValue);

    551. 

  551. }

    552. 

  552. 

    553. 

  553. //===============================================================

    554. 

  554. // Gestione Access Rights

    555. 

  555. //===============================================================

    556. 

  556. function updateAccessRights ($adminid, $moduleid, $access, $enterprise_id=1)

    557. 

  557. {

    558. 

  558.     global $gTables, $link;

    559. 

  559. 

    560. 

  560.     $result = mysql_query ("SELECT * FROM ".$gTables['admin_module']." WHERE adminid='".$adminid."' AND moduleid=".$moduleid.' AND enterprise_id='.$enterprise_id);

    561. 

  561.     if (gaz_dbi_num_rows ($result) < 1) {

    562. 

  562.         $query = "INSERT INTO ".$gTables['admin_module'].

    563. 

  563.                  " (adminid, enterprise_id, moduleid, access) VALUES ('".$adminid."',$enterprise_id,$moduleid,$access)";

    564. 

  564.     } else {

    565. 

  565.         $query = "UPDATE ".$gTables['admin_module'].

    566. 

  566.                  " SET access=".$access.

    567. 

  567.                  " WHERE adminid='".$adminid."' AND moduleid=".$moduleid.' AND enterprise_id='.$enterprise_id;

    568. 

  568.     }

    569. 

  569.     $result = mysql_query($query, $link) or die ("Errore di updateAccessRights ".mysql_error() );

    570. 

  570. }

    571. 

  571. 

    572. 

  572. function getAccessRights($userid='',$enterprise_id=1)

    573. 

  573. {

    574. 

  574.     global $gTables, $link;

    575. 

  575.     $query_co= " AND am.enterprise_id='".$enterprise_id."'";

    576. 

  576.     $ck_co=gaz_dbi_fields('admin_module');

    577. 

  577.     if (!array_key_exists('enterprise_id', $ck_co)){

    578. 

  578.       $query_co='';

    579. 

  579.     };

    580. 

  580.     if ($userid == '') {

    581. 

  581.        $query = 'SELECT module.name,module.link,module.id AS m1_id,module.access,module.weight '.

    582. 

  582.                  'FROM '.$gTables['module'].' AS module '.

    583. 

  583.                  "ORDER BY weight";

    584. 

  584.     } else {

    585. 

  585.         /* LA: 17-02-2008  */

    586. 

  586.         $query = 'SELECT am.adminid, am.access,

    587. 

  587.         m1.id AS m1_id, m1.name, m1.link, m1.icon, m1.class, m1.weight,

    588. 

  588.         m2.id AS m2_id,m2.link AS m2_link,m2.icon AS m2_icon,m2.class AS m2_class,m2.translate_key AS m2_trkey,m2.accesskey AS m2_ackey,m2.weight AS m2_weight,

    589. 

  589.         m3.id AS m3_id,m3.link AS m3_link,m3.icon AS m3_icon,m3.class AS m3_class,m3.translate_key AS m3_trkey,m3.accesskey AS m3_ackey,m3.weight AS m3_weight

    590. 

  590.         FROM '.$gTables['menu_module'].' AS m2 '.

    591. 

  591.         'LEFT JOIN '.$gTables['module'].' AS m1 ON m1.id=m2.id_module '.

    592. 

  592.         'LEFT JOIN '.$gTables['admin_module'].' AS am ON am.moduleid=m1.id '.

    593. 

  593.         'LEFT JOIN '.$gTables['menu_script'].' AS m3 ON m3.id_menu=m2.id '.

    594. 

  594.         "WHERE am.adminid='".$userid."' ".$query_co.

    595. 

  595.         "ORDER BY m1.weight,m1_id,m2.weight,m2_id,m3.weight";

    596. 

  596.     }

    597. 

  597.     $result = mysql_query($query, $link) or die("Query failed getAccessRights ".mysql_error());

    598. 

  598.     return $result;

    599. 

  599. }

    600. 

  600. 

    601. 

  601. function checkAccessRights($adminid,$module,$enterprise_id=0)

    602. 

  602. {

    603. 

  603.     global $gTables, $link;

    604. 

  604.     $ck_co=gaz_dbi_fields('admin_module');

    605. 

  605.     if ( $enterprise_id==0 || (!array_key_exists('enterprise_id', $ck_co)) ) {  // vengo da una vecchia versione (<4.0.12)

    606. 

  606.          $query = 'SELECT am.access FROM '.$gTables['admin_module'].' AS am'.

    607. 

  607.                   ' LEFT JOIN '.$gTables['module'].' AS module ON module.id=am.moduleid'.

    608. 

  608.                   " WHERE am.adminid='".$adminid."' AND module.name='".$module."'";

    609. 

  609.     } else {   //nuove versione >= 4.0.12

    610. 

  610.          $query = 'SELECT am.access FROM '.$gTables['admin_module'].' AS am'.

    611. 

  611.                   ' LEFT JOIN '.$gTables['module'].' AS module ON module.id=am.moduleid'.

    612. 

  612.                   " WHERE am.adminid='".$adminid."' AND module.name='".$module."' AND am.enterprise_id = $enterprise_id ";

    613. 

  613.     }

    614. 

  614.     $result = mysql_query($query, $link) or die ('Errore in query: '.$query.' Errore checkAccessRights '.mysql_error());

    615. 

  615.     if (gaz_dbi_num_rows ($result) < 1) {

    616. 

  616.         return 0;

    617. 

  617.     }

    618. 

  618.     $row = gaz_dbi_fetch_array($result);

    619. 

  619.     return $row['access'];

    620. 

  620. }

    621. 

  621. 

    622. 

  622. ?>
    623.