/tables/edit.php
PHP | 283 lines | 147 code | 57 blank | 79 comment | 48 complexity | f1d6048e13e0b62123ac8dc2ef1236b6 MD5 | raw file
- <?php
- /**
- * upload a new table or update an existing one
- *
- * This script attempts to validate the new or updated article description against a standard PHP XML parser.
- * The objective is to spot malformed or unordered HTML and XHTML tags. No more, no less.
- *
- * Only associates and owners can post and edit tables.
- *
- * Accepted calls:
- * - edit.php/<type>/<id> create a new table for this anchor
- * - edit.php?anchor=<type>:<id> create a new table for the anchor
- * - edit.php/<id> modify an existing table
- * - edit.php?id=<id> modify an existing table
- *
- * If the anchor for this item specifies a specific skin (option keyword '[code]skin_xyz[/code]'),
- * or a specific variant (option keyword '[code]variant_xyz[/code]'), they are used instead default values.
- *
- * @author Bernard Paques
- * @author Vincent Noël
- * @author GnapZ
- * @reference
- * @license http://www.gnu.org/copyleft/lesser.txt GNU Lesser General Public License
- */
- // common definitions and initial processing
- include_once '../shared/global.php';
- include_once 'tables.php';
- // look for the id
- $id = NULL;
- if(isset($_REQUEST['id']))
- $id = $_REQUEST['id'];
- elseif(isset($context['arguments'][0]) && !isset($context['arguments'][1]))
- $id = $context['arguments'][0];
- $id = strip_tags($id);
- // get the item from the database
- $item = Tables::get($id);
- // look for the target anchor on item creation
- $target_anchor = NULL;
- if(isset($_REQUEST['anchor']))
- $target_anchor = $_REQUEST['anchor'];
- if(!isset($target_anchor) && isset($context['arguments'][1]))
- $target_anchor = $context['arguments'][0].':'.$context['arguments'][1];
- // get the related anchor, if any
- $anchor = NULL;
- if(isset($item['anchor']))
- $anchor = Anchors::get($item['anchor']);
- elseif($target_anchor)
- $anchor = Anchors::get($target_anchor);
- // associates and owners can do what they want
- if(Surfer::is_associate() || (is_object($anchor) && $anchor->is_owned()))
- $permitted = TRUE;
- // the default is to disallow access
- else
- $permitted = FALSE;
- // do not always show the edition form
- $with_form = FALSE;
- // load the skin, maybe with a variant
- load_skin('tables', $anchor);
- // do not index this page
- $context->sif('robots','noindex');
- // clear the tab we are in, if any
- if(is_object($anchor))
- $context['current_focus'] = $anchor->get_focus();
- // the path to this page
- if(is_object($anchor) && $anchor->is_viewable())
- $context['path_bar'] = $anchor->get_path_bar();
- else
- $context['path_bar'] = array( 'tables/' => i18n::s('Tables') );
- // the title of the page
- if(isset($item['id']))
- $context['page_title'] = i18n::s('Edit a table');
- else
- $context['page_title'] = i18n::s('Add a table');
- // stop crawlers
- if(Surfer::is_crawler()) {
- Safe::header('Status: 401 Unauthorized', TRUE, 401);
- Logger::error(i18n::s('You are not allowed to perform this operation.'));
- // an anchor is mandatory
- } elseif(!is_object($anchor)) {
- Safe::header('Status: 404 Not Found', TRUE, 404);
- Logger::error(i18n::s('No anchor has been found.'));
- // permission denied
- } elseif(!$permitted) {
- // anonymous users are invited to log in or to register
- if(!Surfer::is_logged()) {
- if(isset($item['id']))
- $link = Tables::get_url($item['id'], 'edit');
- elseif(isset($_REQUEST['anchor']))
- $link = 'tables/edit.php?anchor='.urlencode($_REQUEST['anchor']);
- else
- $link = 'tables/edit.php';
- Safe::redirect($context['url_to_home'].$context['url_to_root'].'users/login.php?url='.urlencode($link));
- }
- // permission denied to authenticated user
- Safe::header('Status: 401 Unauthorized', TRUE, 401);
- Logger::error(i18n::s('You are not allowed to perform this operation.'));
- // maybe posts are not allowed here
- } elseif(!isset($item['id']) && $anchor->has_option('locked') && !Surfer::is_empowered()) {
- Safe::header('Status: 401 Unauthorized', TRUE, 401);
- Logger::error(i18n::s('This page has been locked.'));
- // an error occured
- } elseif(count($context['error'])) {
- $item = $_REQUEST;
- $with_form = TRUE;
- // process uploaded data
- } elseif(isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'POST')) {
- // the follow-up page
- $next = $anchor->get_permalink();
- // display the form on error
- if(!$_REQUEST['id'] = Tables::post($_REQUEST)) {
- $item = $_REQUEST;
- $with_form = TRUE;
- // post-processing
- } else {
- // a new post
- if(!$item['id']) {
- // touch the related anchor
- $anchor->touch('table:create', $_REQUEST['id'], isset($_REQUEST['silent']) && ($_REQUEST['silent'] == 'Y'));
- // clear cache
- Tables::clear($_REQUEST);
- // increment the post counter of the surfer
- Users::increment_posts(Surfer::get_id());
- // an update
- } else {
- // touch the related anchor
- $anchor->touch('table:update', $_REQUEST['id'], isset($_REQUEST['silent']) && ($_REQUEST['silent'] == 'Y'));
- // clear cache
- Tables::clear($_REQUEST);
- }
- // go to the updated page
- Safe::redirect($next);
- }
- // display the form on GET
- } else
- $with_form = TRUE;
- // display the form
- if($with_form) {
- // reference the anchor page
- if(is_object($anchor) && $anchor->is_viewable())
- $context['text'] .= '<p>'.sprintf(i18n::s('In: %s'), Skin::build_link($anchor->get_url(), $anchor->get_title()))."</p>\n";
- // the form to edit an table
- $context['text'] .= '<form method="post" action="'.$context['script_url'].'" onsubmit="return validateDocumentPost(this)" id="main_form"><div>';
- // encode fields
- $fields = array();
- // display info on current version
- if(isset($item['id'])) {
- // the last poster
- if(isset($item['edit_id'])) {
- $text = Users::get_link($item['edit_name'], $item['edit_address'], $item['edit_id'])
- .' '.Skin::build_date($item['edit_date']);
- $fields[] = array(i18n::s('Posted by'), $text);
- }
- }
- // the title
- $label = i18n::s('Title');
- $input = '<textarea name="title" id="title" rows="2" cols="50">'.encode_field(isset($item['title']) ? $item['title'] : '').'</textarea>';
- $hint = i18n::s('Please provide a meaningful title.');
- $fields[] = array($label, $input, $hint);
- // the query
- $label = i18n::s('SQL Query');
- $input = '<textarea name="query" rows="15" cols="50">'.encode_field(isset($item['query']) ? $item['query'] : '').'</textarea>';
- $hint = i18n::s('The SELECT command submitted to the database');
- $fields[] = array($label, $input, $hint);
- // is the first row an url to the zoom page?
- $label = i18n::s('First column');
- $input = '<input type="radio" name="with_zoom" value="N"';
- if(!isset($item['with_zoom']) || ($item['with_zoom'] == 'N'))
- $input .= ' checked="checked"';
- $input .= '/> '.i18n::s('First column contains useful data')
- .BR."\n".'<input type="radio" name="with_zoom" value="T"';
- if(isset($item['with_zoom']) && ($item['with_zoom'] == 'T'))
- $input .= ' checked="checked"';
- $input .= '/> '.i18n::s('First column refers to time')
- .BR."\n".'<input type="radio" name="with_zoom" value="Y"';
- if(isset($item['with_zoom']) && ($item['with_zoom'] == 'Y'))
- $input .= ' checked="checked"';
- $input .= '/> '.i18n::s('First column provides a web address');
- $fields[] = array($label, $input);
- // the description
- $label = i18n::s('Description');
- $input = '<textarea name="description" rows="5" cols="50">'.encode_field(isset($item['description']) ? $item['description'] : '').'</textarea>';
- $hint = i18n::s('As this field may be searched by surfers, please choose adequate searchable words');
- $fields[] = array($label, $input, $hint);
- // build the form
- $context['text'] .= Skin::build_form($fields);
- // bottom commands
- $menu = array();
- $menu[] = Skin::build_submit_button(i18n::s('Submit'), i18n::s('Press [s] to submit data'), 's');
- if(is_object($anchor) && $anchor->is_viewable())
- $menu[] = Skin::build_link($anchor->get_url(), i18n::s('Cancel'), 'span');
- $context['text'] .= Skin::finalize_list($menu, 'assistant_bar');
- // associates may decide to not stamp changes -- complex command
- if(Surfer::is_associate() && Surfer::has_all())
- $context['text'] .= '<p><input type="checkbox" name="silent" value="Y" /> '.i18n::s('Do not change modification date of the main page.').'</p>';
- // transmit the id as a hidden field
- if(isset($item['id']) && $item['id'])
- $context['text'] .= '<input type="hidden" name="id" value="'.$item['id'].'" />';
- // other hidden fields
- $context['text'] .= '<input type="hidden" name="anchor" value="'.$anchor->get_reference().'" />';
- // end of the form
- $context['text'] .= '</div></form>';
- // the script used for form handling at the browser
- Page::insert_script(
- // check that main fields are not empty
- ' func'.'tion validateDocumentPost(container) {'."\n"
- // query is mandatory
- .' if(!container.query.value) {'."\n"
- .' alert("'.i18n::s('Please type a valid SQL query.').'");'."\n"
- .' Yacs.stopWorking();'."\n"
- .' return false;'."\n"
- .' }'."\n"
- // successful check
- .' return true;'."\n"
- .' }'."\n"
- // set the focus on first form field
- .'$("#title").focus();'."\n"
- );
- // the help panel
- $help = '<p>'.i18n::s('Please ensure you are using a compliant and complete SQL SELECT statement.').'</p>'
- .'<p>'.sprintf(i18n::s('For more information check the %s.'), Skin::build_link('http://dev.mysql.com/doc/mysql/en/select.html', i18n::s('MySQL reference page'), 'external')).'</p>'
- .'<p>'.sprintf(i18n::s('%s and %s are available to enhance text rendering.'), Skin::build_link('codes/', i18n::s('YACS codes'), 'open'), Skin::build_link('smileys/', i18n::s('smileys'), 'open')).'</p>';
- $context['components']['boxes'] = Skin::build_box(i18n::s('Help'), $help, 'boxes', 'help');
- }
- // render the skin
- render_skin();
- ?>