Subversion Repositories ALCASAR

Rev

Rev 2044 | Rev 2343 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log

<?php
require_once('../lib/functions.php');
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
        include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
else{
        echo "<b>Could not include SQL library</b><br>\n";
        exit();
}
if ($config['sql_use_operators'] == 'true'){
        $use_ops=1;
        $text1 = 'AND op =';
        $text2 = ',op';
}
$link = da_sql_pconnect($config);
if ($link){
        foreach($show_attrs as $key => $desc){
                if ($attrmap["$key"] == 'none')
                        continue;
                if ($attrmap["$key"] == ''){
                        $attrmap["$key"] = $key;
                        $attr_type["key"] = 'replyItem';
                        $rev_attrmap["$key"] = $key;
                }
                $i = 0;
                $j = -1;
                $name = $attrmap["$key"] . $i;
                while(isset($$name)){
                        $val=$$name;
                        $val = da_sql_escape_string($link, $val);
                        $op_name = $name . '_op';
                        $i++;
                        $j++;
                        $name = $attrmap["$key"] . $i;
                        $sql_attr=$attrmap["$key"];
                        $query_key = ($user_type == 'group') ? 'groupname' : 'username';
                        if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
                                $table = ($user_type == 'group') ? $config['sql_groupcheck_table'] : $config['sql_check_table'];
                                $type = 1;
                        }
                        else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
                                $table = ($user_type == 'group') ? $config['sql_groupreply_table'] : $config['sql_reply_table'];
                                $type = 2;
                        }
                        if ($use_ops){
                                $op_val = $$op_name;
                                if ($op_val != ''){
                                        $op_val = da_sql_escape_string($link, $op_val);
                                        if (check_operator($op_val,$type) == -1){
                                                echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
                                                continue;
                                        }
                                        $op_val2 = ",'$op_val'";
                                }
                        }
                        $sql_attr = da_sql_escape_string($link, $sql_attr);
                        $val = da_sql_escape_string($link, $val);
        // if we have operators, the operator has changed and the corresponding value exists then update
                        if ($key != "Filter-Id" && $use_ops && isset($item_vals["$key"]['operator'][$j]) &&
                                $op_val != $item_vals["$key"]['operator'][$j] ){
                                $res = da_sql_query($link,$config,
                                "UPDATE $table SET op = '$op_val' WHERE $query_key = '$login'
                                AND attribute = '$sql_attr' AND value = '$val';");
                                if (!$res || !da_sql_affected_rows($link,$res,$config))
                                        echo "<b>Operator change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
                        }
                        $chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
        //      if value is the same as that in the sql database do nothing
                        if (isset($item_vals["$key"]) && $val == $item_vals["$key"][$j])
                                continue;
        //      if value is null or equals the default value and corresponding value exists then delete
                        else if ( isset($member_groups) && ($chkdef || $val == '' || ($sql_attr == "Filter-Id" && $val == "None")) && isset($item_vals["$key"][$j])){
                                $res = da_sql_query($link,$config,
                                "DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr';");
                                if (!$res || !da_sql_affected_rows($link,$res,$config))
                                        echo "<b>Delete failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
                        }
        //      if value is null or equals the default value then don't add it
                        else if (isset($default_vals["$key"]) && ($val == '' || check_defaults($val,$op_val,$default_vals["$key"])))
                                continue;
        //      if value differs from the sql value then update
                        else{
                                if (isset($item_vals["$key"][$j]) && (isset($old_val) && $old_val !='') || $sql_attr=='Filter-Id'){
                                        $old_val = $item_vals["$key"][$j];
                                        $old_val = da_sql_escape_string($link, $old_val);
                                        #we keep the fourth bit of Filter-Id to warn user about administrator who read imputability logs.
                                        $val[3]=$old_val[3];
                                        $res = da_sql_query($link,$config,
                                        "UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
                                        attribute = '$sql_attr' AND value = '$old_val';");
                                // if filter-id does not exit, we create it (ALCASAR 2.9.2 DDB)
                                        if (!$res || !da_sql_affected_rows($link,$res,$config))
                                                $res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','00000000', ':=');");
                                        if (!$res || !da_sql_affected_rows($link,$res,$config))
                                                echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
                                }
                                else{
                                        if($val != ''){
                                                $old_val = $item_vals["$key"][$j];
                                                $old_val = da_sql_escape_string($link, $old_val);
                                                $res = da_sql_query($link,$config,
                                                "UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
                                                attribute = '$sql_attr' AND value = '$old_val';");
                                        //      if attribute does not exist, we create it.     
                                                if (!$res || !da_sql_affected_rows($link,$res,$config))
                                                        $res = da_sql_query($link,$config,"INSERT INTO $table ($query_key,attribute,value $text2) VALUES ('$login','$sql_attr','$val' $op_val2);");
                                                if (!$res || !da_sql_affected_rows($link,$res,$config))
                                                        echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
                                        }
                                        else{
                                        //      if value is empty, we delete this attribute
                                                $old_val = $item_vals["$key"][$j];
                                                $old_val = da_sql_escape_string($link, $old_val);
                                                if(isset($old_val) && $old_val != '')
                                                        $res = da_sql_query($link,$config,"DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr' AND value = '$old_val';");
                                        }
                                }
                        }
                }
        }
}
else
        echo "<b>Could not connect to SQL database</b><br>\n";