| 1 |
<?php
|
1 |
<?php
|
| 2 |
require_once('../lib/functions.php');
|
2 |
require_once('../lib/functions.php');
|
| 3 |
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
|
3 |
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
|
| 4 |
include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
|
4 |
include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
|
| 5 |
else{
|
5 |
else{
|
| 6 |
echo "<b>Could not include SQL library</b><br>\n";
|
6 |
echo "<b>Could not include SQL library</b><br>\n";
|
| 7 |
exit();
|
7 |
exit();
|
| 8 |
}
|
8 |
}
|
| 9 |
if ($config['sql_use_operators'] == 'true'){
|
9 |
if ($config['sql_use_operators'] == 'true'){
|
| 10 |
$use_ops=1;
|
10 |
$use_ops=1;
|
| 11 |
$text1 = 'AND op =';
|
11 |
$text1 = 'AND op =';
|
| 12 |
$text2 = ',op';
|
12 |
$text2 = ',op';
|
| 13 |
}
|
13 |
}
|
| 14 |
$link = da_sql_pconnect($config);
|
14 |
$link = da_sql_pconnect($config);
|
| 15 |
if ($link){
|
15 |
if ($link){
|
| 16 |
foreach($show_attrs as $key => $desc){
|
16 |
foreach($show_attrs as $key => $desc){
|
| 17 |
if ($attrmap["$key"] == 'none')
|
17 |
if ($attrmap["$key"] == 'none')
|
| 18 |
continue;
|
18 |
continue;
|
| 19 |
if ($attrmap["$key"] == ''){
|
19 |
if ($attrmap["$key"] == ''){
|
| 20 |
$attrmap["$key"] = $key;
|
20 |
$attrmap["$key"] = $key;
|
| 21 |
$attr_type["key"] = 'replyItem';
|
21 |
$attr_type["key"] = 'replyItem';
|
| 22 |
$rev_attrmap["$key"] = $key;
|
22 |
$rev_attrmap["$key"] = $key;
|
| 23 |
}
|
23 |
}
|
| 24 |
$i = 0;
|
24 |
$i = 0;
|
| 25 |
$j = -1;
|
25 |
$j = -1;
|
| 26 |
$name = $attrmap["$key"] . $i;
|
26 |
$name = $attrmap["$key"] . $i;
|
| 27 |
while(isset($$name)){
|
27 |
while(isset($$name)){
|
| 28 |
$val=$$name;
|
28 |
$val=$$name;
|
| 29 |
$op_name = $name . '_op';
|
29 |
$op_name = $name . '_op';
|
| 30 |
$i++;
|
30 |
$i++;
|
| 31 |
$j++;
|
31 |
$j++;
|
| 32 |
$name = $attrmap["$key"] . $i;
|
32 |
$name = $attrmap["$key"] . $i;
|
| 33 |
$sql_attr=$attrmap["$key"];
|
33 |
$sql_attr=$attrmap["$key"];
|
| 34 |
$query_key = ($user_type == 'group') ? 'groupname' : 'username';
|
34 |
$query_key = ($user_type == 'group') ? 'groupname' : 'username';
|
| 35 |
if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
|
35 |
if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
|
| 36 |
$table = ($user_type == 'group') ? $config['sql_groupcheck_table'] : $config['sql_check_table'];
|
36 |
$table = ($user_type == 'group') ? $config['sql_groupcheck_table'] : $config['sql_check_table'];
|
| 37 |
$type = 1;
|
37 |
$type = 1;
|
| 38 |
}
|
38 |
}
|
| 39 |
else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
|
39 |
else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
|
| 40 |
$table = ($user_type == 'group') ? $config['sql_groupreply_table'] : $config['sql_reply_table'];
|
40 |
$table = ($user_type == 'group') ? $config['sql_groupreply_table'] : $config['sql_reply_table'];
|
| 41 |
$type = 2;
|
41 |
$type = 2;
|
| 42 |
}
|
42 |
}
|
| 43 |
if ($use_ops){
|
43 |
if ($use_ops){
|
| 44 |
$op_val = $$op_name;
|
44 |
$op_val = $$op_name;
|
| 45 |
if ($op_val != ''){
|
45 |
if ($op_val != ''){
|
| 46 |
$op_val = da_sql_escape_string($link, $op_val);
|
46 |
$op_val = da_sql_escape_string($link, $op_val);
|
| 47 |
if (check_operator($op_val,$type) == -1){
|
47 |
if (check_operator($op_val,$type) == -1){
|
| 48 |
echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
|
48 |
echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
|
| 49 |
continue;
|
49 |
continue;
|
| 50 |
}
|
50 |
}
|
| 51 |
$op_val2 = ",'$op_val'";
|
51 |
$op_val2 = ",'$op_val'";
|
| 52 |
}
|
52 |
}
|
| 53 |
}
|
53 |
}
|
| 54 |
$sql_attr = da_sql_escape_string($link, $sql_attr);
|
54 |
$sql_attr = da_sql_escape_string($link, $sql_attr);
|
| 55 |
$val = da_sql_escape_string($link, $val);
|
55 |
$val = da_sql_escape_string($link, $val);
|
| 56 |
// if we have operators, the operator has changed and the corresponding value exists then update
|
56 |
// if we have operators, the operator has changed and the corresponding value exists then update
|
| 57 |
if ($key != "Filter-Id" && $use_ops && isset($item_vals["$key"]['operator'][$j]) &&
|
57 |
if ($key != "Filter-Id" && $use_ops && isset($item_vals["$key"]['operator'][$j]) &&
|
| 58 |
$op_val != $item_vals["$key"]['operator'][$j] ){
|
58 |
$op_val != $item_vals["$key"]['operator'][$j] ){
|
| 59 |
$res = da_sql_query($link,$config,
|
59 |
$res = da_sql_query($link,$config,
|
| 60 |
"UPDATE $table SET op = '$op_val' WHERE $query_key = '$login'
|
60 |
"UPDATE $table SET op = '$op_val' WHERE $query_key = '$login'
|
| 61 |
AND attribute = '$sql_attr' AND value = '$val';");
|
61 |
AND attribute = '$sql_attr' AND value = '$val';");
|
| 62 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
62 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
| 63 |
echo "<b>Operator change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
63 |
echo "<b>Operator change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
| 64 |
}
|
64 |
}
|
| 65 |
$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
|
65 |
$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
|
| 66 |
// if value is the same as that in the sql database do nothing
|
66 |
// if value is the same as that in the sql database do nothing
|
| 67 |
if (isset($item_vals["$key"]) && $val == $item_vals["$key"][$j])
|
67 |
if (isset($item_vals["$key"]) && $val == $item_vals["$key"][$j])
|
| 68 |
continue;
|
68 |
continue;
|
| 69 |
// if value is null or equals the default value and corresponding value exists then delete
|
69 |
// if value is null or equals the default value and corresponding value exists then delete
|
| 70 |
else if ( isset($member_groups) && ($chkdef || $val == '' || ($sql_attr == "Filter-Id" && $val == "None")) && isset($item_vals["$key"][$j])){
|
70 |
else if ( isset($member_groups) && ($chkdef || $val == '' || ($sql_attr == "Filter-Id" && $val == "None")) && isset($item_vals["$key"][$j])){
|
| 71 |
$res = da_sql_query($link,$config,
|
71 |
$res = da_sql_query($link,$config,
|
| 72 |
"DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr';");
|
72 |
"DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr';");
|
| 73 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
73 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
| 74 |
echo "<b>Delete failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
74 |
echo "<b>Delete failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
| 75 |
}
|
75 |
}
|
| 76 |
// if value is null or equals the default value then don't add it
|
76 |
// if value is null or equals the default value then don't add it
|
| 77 |
else if (isset($default_vals["$key"]) && ($val == '' || check_defaults($val,$op_val,$default_vals["$key"])))
|
77 |
else if (isset($default_vals["$key"]) && ($val == '' || check_defaults($val,$op_val,$default_vals["$key"])))
|
| 78 |
continue;
|
78 |
continue;
|
| 79 |
// if value differs from the sql value then update
|
79 |
// if value differs from the sql value then update
|
| 80 |
else{
|
80 |
else{
|
| 81 |
if (isset($item_vals["$key"][$j]) && (isset($old_val) && $old_val !='') && $sql_attr=='Filter-Id'){
|
81 |
if (isset($item_vals["$key"][$j]) && (isset($old_val) && $old_val !='') && $sql_attr=='Filter-Id'){
|
| 82 |
$old_val = $item_vals["$key"][$j];
|
82 |
$old_val = $item_vals["$key"][$j];
|
| 83 |
$old_val = da_sql_escape_string($link, $old_val);
|
83 |
$old_val = da_sql_escape_string($link, $old_val);
|
| 84 |
// we keep the fourth bit of Filter-Id to warn user about administrator who read imputability logs.
|
84 |
// we keep the fourth bit of Filter-Id to warn user about administrator who read imputability logs.
|
| 85 |
$val[3] = $old_val[3];
|
85 |
$val[3] = $old_val[3];
|
| 86 |
$res = da_sql_query($link,$config,
|
86 |
$res = da_sql_query($link,$config,
|
| 87 |
"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
|
87 |
"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
|
| 88 |
attribute = '$sql_attr' AND value = '$old_val';");
|
88 |
attribute = '$sql_attr' AND value = '$old_val';");
|
| 89 |
// if filter-id does not exit, we create it (ALCASAR 2.9.2 DDB)
|
89 |
// if filter-id does not exit, we create it (ALCASAR 2.9.2 DDB)
|
| 90 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
90 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
| 91 |
$res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','00000000', ':=');");
|
91 |
$res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','00000000', ':=');");
|
| 92 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
92 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
| 93 |
echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
93 |
echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
| 94 |
}
|
94 |
}
|
| 95 |
else{
|
95 |
else{
|
| 96 |
if($val != ''){
|
96 |
if($val != ''){
|
| - |
|
97 |
if (isset($item_vals["$key"][$j])) {
|
| 97 |
$old_val = $item_vals["$key"][$j];
|
98 |
$old_val = $item_vals["$key"][$j];
|
| 98 |
$old_val = da_sql_escape_string($link, $old_val);
|
99 |
$old_val = da_sql_escape_string($link, $old_val);
|
| 99 |
$res = da_sql_query($link,$config,
|
100 |
$res = da_sql_query($link,$config,
|
| 100 |
"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
|
101 |
"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
|
| 101 |
attribute = '$sql_attr' AND value = '$old_val';");
|
102 |
attribute = '$sql_attr' AND value = '$old_val';");
|
| - |
|
103 |
} else {
|
| - |
|
104 |
$res = null;
|
| - |
|
105 |
}
|
| 102 |
// if attribute does not exist, we create it.
|
106 |
// if attribute does not exist, we create it.
|
| 103 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
107 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
| 104 |
$res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','$val' $op_val2);");
|
108 |
$res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','$val' $op_val2);");
|
| 105 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
109 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
| 106 |
echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
110 |
echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
| 107 |
}
|
111 |
}
|
| 108 |
else if (isset($item_vals["$key"][$j])) {
|
112 |
else if (isset($item_vals["$key"][$j])) {
|
| 109 |
// if value is empty, we delete this attribute
|
113 |
// if value is empty, we delete this attribute
|
| 110 |
$old_val = $item_vals["$key"][$j];
|
114 |
$old_val = $item_vals["$key"][$j];
|
| 111 |
$old_val = da_sql_escape_string($link, $old_val);
|
115 |
$old_val = da_sql_escape_string($link, $old_val);
|
| 112 |
if(!empty($old_val))
|
116 |
if(!empty($old_val))
|
| 113 |
$res = da_sql_query($link,$config,"DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr' AND value = '$old_val';");
|
117 |
$res = da_sql_query($link,$config,"DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr' AND value = '$old_val';");
|
| 114 |
}
|
118 |
}
|
| 115 |
}
|
119 |
}
|
| 116 |
}
|
120 |
}
|
| 117 |
}
|
121 |
}
|
| 118 |
}
|
122 |
}
|
| 119 |
}
|
123 |
}
|
| 120 |
else
|
124 |
else
|
| 121 |
echo "<b>Could not connect to SQL database</b><br>\n";
|
125 |
echo "<b>Could not connect to SQL database</b><br>\n";
|
| 122 |
|
126 |
|