Subversion Repositories ALCASAR

Rev

Rev 2342 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1379 richard 1
<?php
2
require_once('../lib/functions.php');
3
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
2342 tom.houday 4
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
1379 richard 5
else{
6
	echo "<b>Could not include SQL library</b><br>\n";
7
	exit();
8
}
1805 clement.si 9
if ($config['sql_use_operators'] == 'true'){
1379 richard 10
	$use_ops=1;
11
	$text1 = 'AND op =';
12
	$text2 = ',op';
13
}
1805 clement.si 14
$link = da_sql_pconnect($config);
1379 richard 15
if ($link){
16
	foreach($show_attrs as $key => $desc){
17
		if ($attrmap["$key"] == 'none')
18
			continue;
19
		if ($attrmap["$key"] == ''){
20
			$attrmap["$key"] = $key;
21
			$attr_type["key"] = 'replyItem';
22
			$rev_attrmap["$key"] = $key;
23
		}
24
		$i = 0;
25
		$j = -1;
26
		$name = $attrmap["$key"] . $i;
27
		while(isset($$name)){
28
			$val=$$name;
29
			$op_name = $name . '_op';
30
			$i++;
31
			$j++;
32
			$name = $attrmap["$key"] . $i;
33
			$sql_attr=$attrmap["$key"];
34
			$query_key = ($user_type == 'group') ? 'groupname' : 'username';
1805 clement.si 35
			if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
36
				$table = ($user_type == 'group') ? $config['sql_groupcheck_table'] : $config['sql_check_table'];
1379 richard 37
				$type = 1;
38
			}
1805 clement.si 39
			else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
40
				$table = ($user_type == 'group') ? $config['sql_groupreply_table'] : $config['sql_reply_table'];
1379 richard 41
				$type = 2;
42
			}
43
			if ($use_ops){
44
				$op_val = $$op_name;
45
				if ($op_val != ''){
1805 clement.si 46
					$op_val = da_sql_escape_string($link, $op_val);
1379 richard 47
					if (check_operator($op_val,$type) == -1){
48
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
49
						continue;
50
					}
51
					$op_val2 = ",'$op_val'";
52
				}
53
			}
1805 clement.si 54
			$sql_attr = da_sql_escape_string($link, $sql_attr);
55
			$val = da_sql_escape_string($link, $val);
1379 richard 56
	// if we have operators, the operator has changed and the corresponding value exists then update
1852 raphael.pi 57
			if ($key != "Filter-Id" && $use_ops && isset($item_vals["$key"]['operator'][$j]) &&
1805 clement.si 58
				$op_val != $item_vals["$key"]['operator'][$j] ){
59
				$res = da_sql_query($link,$config,
1379 richard 60
				"UPDATE $table SET op = '$op_val' WHERE $query_key = '$login'
61
				AND attribute = '$sql_attr' AND value = '$val';");
1805 clement.si 62
				if (!$res || !da_sql_affected_rows($link,$res,$config))
1379 richard 63
					echo "<b>Operator change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
64
			}
1805 clement.si 65
			$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
1379 richard 66
	// 	if value is the same as that in the sql database do nothing
1805 clement.si 67
			if (isset($item_vals["$key"]) && $val == $item_vals["$key"][$j])
1379 richard 68
				continue;
69
	//	if value is null or equals the default value and corresponding value exists then delete
1838 raphael.pi 70
			else if ( isset($member_groups) && ($chkdef || $val == '' || ($sql_attr == "Filter-Id" && $val == "None")) && isset($item_vals["$key"][$j])){
1805 clement.si 71
				$res = da_sql_query($link,$config,
1379 richard 72
				"DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr';");
1805 clement.si 73
				if (!$res || !da_sql_affected_rows($link,$res,$config))
1379 richard 74
					echo "<b>Delete failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
75
			}
76
	//	if value is null or equals the default value then don't add it
1838 raphael.pi 77
			else if (isset($default_vals["$key"]) && ($val == '' || check_defaults($val,$op_val,$default_vals["$key"])))
1379 richard 78
				continue;
79
	//	if value differs from the sql value then update
80
			else{
2342 tom.houday 81
				if (isset($item_vals["$key"][$j]) && (isset($old_val) && $old_val !='') && $sql_attr=='Filter-Id'){
1379 richard 82
					$old_val = $item_vals["$key"][$j];
1805 clement.si 83
					$old_val = da_sql_escape_string($link, $old_val);
2342 tom.houday 84
					// we keep the fourth bit of Filter-Id to warn user about administrator who read imputability logs.
85
					$val[3] = $old_val[3];
1805 clement.si 86
					$res = da_sql_query($link,$config,
1379 richard 87
					"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
88
					attribute = '$sql_attr' AND value = '$old_val';");
2047 richard 89
				// if filter-id does not exit, we create it (ALCASAR 2.9.2 DDB)
1882 raphael.pi 90
					if (!$res || !da_sql_affected_rows($link,$res,$config))
2044 raphael.pi 91
						$res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','00000000', ':=');");
92
					if (!$res || !da_sql_affected_rows($link,$res,$config))
1882 raphael.pi 93
						echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
1379 richard 94
				}
1882 raphael.pi 95
				else{
1884 raphael.pi 96
					if($val != ''){
2047 richard 97
						$old_val = $item_vals["$key"][$j];
98
						$old_val = da_sql_escape_string($link, $old_val);
99
						$res = da_sql_query($link,$config,
100
						"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
101
						attribute = '$sql_attr' AND value = '$old_val';");
102
					//	if attribute does not exist, we create it.     
103
						if (!$res || !da_sql_affected_rows($link,$res,$config))
104
							$res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','$val' $op_val2);");
105
						if (!$res || !da_sql_affected_rows($link,$res,$config))
106
							echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
1884 raphael.pi 107
					}
2343 tom.houday 108
					else if (isset($item_vals["$key"][$j])) {
2047 richard 109
					//	if value is empty, we delete this attribute
110
						$old_val = $item_vals["$key"][$j];
111
						$old_val = da_sql_escape_string($link, $old_val);
2343 tom.houday 112
						if(!empty($old_val))
113
							$res = da_sql_query($link,$config,"DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr' AND value = '$old_val';");
114
					}
1882 raphael.pi 115
				}
1379 richard 116
			}
117
		}
118
	}
119
}
120
else
121
	echo "<b>Could not connect to SQL database</b><br>\n";