action.php File Reference

General framework for handling user input and performing actions. More...

Go to the source code of this file.

Functions

 do_action ()
 Perform actions based on user input.

Detailed Description

General framework for handling user input and performing actions.

Definition in file action.php.

Function Documentation

do_action (  ) 

Perform actions based on user input.

This function is the central hub for performing operations on data. Any operation - creation, deletion or editing of users, books, document collections, etc., is handled by - or rather, through - this script.

Parameters:
$_GET['action'] -- the action (e.g. new, edit, delete, ...)
$_GET['item'] -- the item type (e.g. book, user, ...)
$_GET['id'] -- the item's numeric identifier
$_GET['b_ok'] -- "OK" button was clicked
$_GET['b_cancel'] -- "Cancel" button was clicked
Parameters passed via POST requests are understood, too.

Parameters that are not used by action.php, are nevertheless passed to the appropriate backend function via the $INPUT parameter.

This script is responsible for:

  1. handling any data submitted by the user via HTML forms (for example handling any submit buttons pressed by the user)
  2. performing validity checks on user input ($_GET, $_POST)
  3. verifying that the user has the necessary access privileges to perform the requested action
  4. asking the user for confirmation for certain actions (where required)
  5. calling a backend function that implements the desired functionality

Being merely an application framework, this script does not perform any data operations by itself. Instead, it calls a backend function that implements the desired functionality (e.g. del_item() or edit_item()).

All the necessary information on handling data objects (items) and calling the supported actions is gathered from the variables $actions_info[] and $item_info[].

To add a new item or a new action, it should be sufficient to provide an appropriate entry in $actions_info[] and/or $item_info[]. No code in action.php needs to be modified.

Examples of use:

http://yourserver/semapp/action.php?action=edit&item=book&id=123 -- edit the book with id 123

http://yourserver/semapp/action.php?action=new&item=user -- create a new user account

http://yourserver/semapp/action.php?action=delete&item=collection&id=123 -- delete the collection with id 123

Definition at line 76 of file action.php.

References $actions_info, $item_info, $validation_info, check_acl(), check_input(), expire(), redirect(), smarty_init(), sql_exit(), and sql_init().

00076                      {
00077 
00078 global $_GET, $_POST, $_SESSION;
00079 global $actions_info, $item_info, $validation_info;
00080 
00081 if (session_id() == "") { session_start(); }
00082 
00083 $smarty =& smarty_init();
00084 
00085 # syntax
00086 # action.php?action=xxx&item=yyy&id=zz
00087 $INPUT = array_merge($_GET,$_POST);
00088 
00089 ## validation of user input
00090 
00091 $errors = check_input($INPUT, $validation_info); 
00092 
00093 if (!empty($errors)) {
00094         user_error("Missing or malformed input parameter(s): " . join($errors, ", "), E_USER_ERROR); 
00095 }
00096 
00097 $item   = $INPUT['item'];
00098 $id     = $INPUT['id'];
00099 
00100 ## xxx prevent multiple invocations of the same form
00101 
00102 ## xxx ugly hack
00103 
00104 if(isset($INPUT['b_ok_x'])) {
00105         $INPUT['b_ok'] = "yes";
00106         unset($INPUT['b_ok_x']); 
00107         unset($INPUT['b_ok_y']);
00108 }
00109 
00110 ## "cancel" button pressed?
00111 $action = "";   # action
00112 
00113 if (isset($INPUT['action'])) {
00114         # action specified as part of URL
00115 
00116         $action = $INPUT['action'];
00117         unset($INPUT['action']);
00118 
00119 }  else {
00120 
00121         # button pressed?
00122 
00123         foreach ($actions_info as $k => $v) {
00124         $btn = $v['button'];
00125 
00126         if (isset($INPUT[$btn])) {
00127                 $action = $k; 
00128                 unset($INPUT[$btn]);
00129         }
00130         }
00131 }
00132 
00133 # suppress confirmation question (because user told us to shut up)
00134 
00135 if (isset($INPUT['c_dontask'])) {
00136         $_SESSION['noconfirm'][$action][$item] = TRUE;
00137 }
00138 
00139 # user pressed "cancel" button
00140 
00141 if (($action == "cancel") or isset($INPUT['b_cancel'])) {
00142 
00143         if (isset($INPUT['redirect'])) {
00144                 $url = $INPUT['redirect'];
00145         } else {
00146                 $url = $_SESSION['last_page'];
00147                 if (isset($INPUT['document_id']))  {
00148                         $url .= "#id_" .$INPUT['document_id']; 
00149                 } else if (isset($INPUT['id'])) {
00150                         $url .= "#id_" .$INPUT['id']; 
00151                 }
00152         }
00153 
00154 
00155         redirect($url);
00156         exit(0);
00157 }
00158 
00159 $db = sql_init();
00160 
00161 # may the user do what he intends to do? 
00162 
00163 if (!check_acl($actions_info[$action]['acl'],$item,$INPUT['id'],$db)) {
00164         user_error("Permission denied: action '$action' on item type '$item'", 
00165                 E_USER_ERROR); 
00166 }
00167 
00168 # ask the user for confirmation (e.g. when deleting something)
00169 
00170 if (($actions_info[$action]['confirm']) and !isset($INPUT['b_ok'])
00171         and !isset($_SESSION['noconfirm'][$action][$item]) ) {
00172 
00173         $smarty->assign('item', $INPUT['item']);
00174         $smarty->assign('id', $INPUT['id']);
00175         $smarty->assign('action', $action);
00176         $smarty->assign('file', $INPUT['file']);
00177         $smarty->assign('redirect', $INPUT['redirect']);
00178 
00179         $smarty->display("header.tpl");
00180         $smarty->display("confirm.tpl");
00181         $smarty->display("footer.tpl");
00182 
00183         exit(0);
00184 }
00185 
00186 
00187 
00188 # execute the action
00189 
00190 foreach ($actions_info as $v) {
00191         $b = $v['button'];
00192         unset($INPUT[$b]);
00193 }
00194 
00195 
00196 unset($INPUT['action']);
00197 
00198 ## override of $INPUT[] by $actions_info[$action['input'] 
00199 
00200 $INPUT = array_merge($INPUT, $actions_info[$action]['input']);
00201 
00202 
00203 if (isset($actions_info[$action]['url'])) {
00204 
00205         # action is an url --> redirect
00206 
00207         $url = $actions_info[$action]['url'];
00208 
00209         foreach ($INPUT as $k => $v) {
00210                 $url .= urlencode($k) .  "=" . urlencode($v) . "&";
00211         }
00212 
00213         $url = rtrim($url,'&?');
00214 
00215         redirect($url);
00216         exit(0);
00217 
00218 } else if (isset( $actions_info[$action]['eval'])) {
00219 
00220         # action is php code --> eval()
00221 
00222         expire($smarty, $db);
00223 
00224         eval($actions_info[$action]['eval']);
00225 
00226 
00227 } else {
00228         user_error("Unknown action:  $action", E_USER_ERROR); 
00229 }
00230 
00231 # cleanup, go to last_page
00232 
00233 sql_exit($db);
00234 
00235 if (isset($INPUT['redirect']))  {
00236         $url = $INPUT['redirect'];
00237 } else {
00238         $url = $_SESSION['last_page'];
00239         if (isset($INPUT['document_id']))  {
00240                 $url .= "#id_" .$INPUT['document_id']; 
00241         } else if (isset($INPUT['id'])) {
00242                 $url .= "#id_" .$INPUT['id']; 
00243         }
00244 }
00245 
00246 
00247 redirect($url);
00248 
00249 }

Here is the call graph for this function:

Generated on Fri Jul 14 17:38:55 2006 for semapp by  doxygen 1.4.7