00001 <?php
00002
00003 require_once 'Smarty.class.php';
00004 require_once 'error.php';
00005 require_once 'redirect.php';
00006 require_once 'book.php';
00007 require_once 'sql.php';
00008 require_once 'util.php';
00009 require_once 'const.php';
00010 require_once 'config.php';
00011 require_once 'upload.php';
00012
00015
00030
00031 function edit_item($smarty, $INPUT, $db) {
00032
00033 global $_SESSION, $default_role_id, $default_location_id, $debug_level;
00034 global $actions_info, $item_info, $validation_info, $use_z3950;
00035
00036 $default = array(
00037 "page" => "1"
00038 );
00039
00040 ## current time
00041
00042 $now = strftime("%Y-%m-%d %H:%M:%S");
00043
00044 ## apply defaults to $INPUT
00045
00046 $INPUT = array_merge($default, $INPUT);
00047
00048 if (($INPUT['mode'] != "new") and (isset($_SESSION['mode']))) {
00049 $INPUT['mode'] = $_SESSION['mode'];
00050 }
00051
00052 if ($debug_level > 10) {
00053 print "<hr><pre>Input: ";
00054 print_r($INPUT);
00055 print "</pre><hr>";
00056 }
00057
00058 # check for missing id
00059
00060 if (empty($errors) and $INPUT['mode'] != "new" and empty($INPUT['id']) ) {
00061 $errors[] = 'id';
00062 }
00063
00064
00065 if (!empty($errors)) {
00066 user_error("Missing or malformed input parameter(s): " . join($errors, ", "),
00067 E_USER_ERROR);
00068 }
00069
00070 # xxx
00071
00072 if (!isset($INPUT['user_id']) and isset($_SESSION['user'])) {
00073 $INPUT['user_id'] = $_SESSION['user']['id'];
00074 }
00075
00076 # Fetch all information about our item from $item_info[], and
00077 # store it into $item. Use $item_info['DEFAULT'] as a fallback.
00078
00079 $item = $item_info['DEFAULT'];
00080 $item['name'] = $INPUT['item'];
00081
00082 if (isset($item_info[ $INPUT['item'] ])) {
00083 $item = $item_info[ $INPUT['item'] ];
00084 }
00085
00086 # initialize form
00087
00088 if (($_SERVER['REQUEST_METHOD'] == "GET")) {
00089
00090 if ($INPUT['mode'] == "new") {
00091
00092 ## Initialize with default values
00093
00094 if (isset($item['sql_param']['data'])) {
00095 $INPUT = array_merge($item['sql_param']['data'], $INPUT);
00096 }
00097
00098 } else {
00099
00100 ## edit mode: load record from data base
00101
00102 $sql_param = $item['sql_param'];
00103
00104 $sql_param['cond'] = strtr($sql_param['cond'],
00105 array( "@id@" => $INPUT['id']));
00106
00107 $ans = sql_query('select', $sql_param, $db);
00108
00109 if (empty($ans)) {
00110 user_error("No record in database: id=" .
00111 $INPUT['id'] . ", item=" . $item['name'] ,
00112 E_USER_ERROR);
00113 }
00114
00115 $INPUT = array_merge($ans[0], $INPUT);
00116
00117 }
00118 }
00119
00120
00121 ## set default expiry date
00122
00123 if ((!isset($INPUT['expiry_date']) ) or ($INPUT['expiry_date'] < $now)) {
00124 $INPUT['expiry_date'] = get_new_expiry_date();
00125 }
00126
00127 ## process buttons
00128
00129 if (isset($INPUT['b_prio_up'])) {
00130
00131 if ($INPUT['relevance'] < 5) {
00132 $INPUT['relevance'] +=1;
00133 }
00134 }
00135
00136 if (isset($INPUT['b_prio_down'])) {
00137 if ($INPUT['relevance'] > 0) {
00138 $INPUT['relevance'] -=1;
00139 }
00140 }
00141
00142 # "cancel" button pressed?
00143
00144 #if (isset($INPUT['b_cancel'])) {
00145 # return;
00146 #}
00147
00148 # "OK" button pressed?
00149
00150 $display_html_form = (isset($INPUT['b_ok'])) ? FALSE : TRUE;
00151
00152 # stricter checks for user input (per item)
00153
00154 if (! $display_html_form ) {
00155 $errors = check_input($INPUT, $item['validation_info'], FALSE);
00156
00157 if (!empty($errors)) {
00158 # user input was invalid, user must correct it
00159 $display_html_form = TRUE;
00160 }
00161 }
00162
00163 if (isset($INPUT['expiry_date_Day'])) {
00164 $INPUT['expiry_date'] = sprintf("%04d-%02d-%02d",
00165 $INPUT['expiry_date_Year'],
00166 $INPUT['expiry_date_Month'],
00167 $INPUT['expiry_date_Day']);
00168
00169 if ($INPUT['expiry_date'] <= $now) {
00170 # $errors[] = 'expiry_date';
00171 # $display_html_form = TRUE;
00172 }
00173 }
00174
00175
00176 # look up books in library catalogue (z39.50)
00177
00178
00179 if ( $use_z3950 and ($INPUT['mode'] == "new") and
00180 isset($INPUT['b_ok']) and ($INPUT['item'] == "book") ) {
00181
00182 # normalize signature
00183
00184 # if (isset($INPUT['signature'])) {
00185 # $INPUT['signature'] = preg_replace("/[^a-zA-Z0-9 ]/", " ",
00186 # $INPUT['signature']);
00187 # }
00188
00189 # look up book in catalogue
00190
00191 $books = book_info($INPUT);
00192
00193 if (isset($INPUT['ppn'])) {
00194 # note: ppn is a unique identifier
00195
00196 $books2 = array();
00197
00198 foreach ($INPUT['ppn'] as $ppn) {
00199 foreach ($books as $b) {
00200 if ( $b['ppn'] == $ppn )
00201 $books2[] = $b;
00202 }
00203 }
00204 $books = $books2;
00205 }
00206
00207 switch(count($books)) {
00208 case 0:
00209 # wrong signature
00210
00211 $errors[] = 'signature';
00212 $display_html_form = TRUE;
00213 break;
00214
00215 case 1:
00216 break;
00217
00218 default:
00219 # multiple books --> user must select one of them
00220 if (!isset($INPUT['ppn'])) {
00221
00222 $INPUT['page'] = '2';
00223 $display_html_form = TRUE;
00224 }
00225
00226 break;
00227 }
00228 }
00229
00230 if ($display_html_form) {
00231
00232 ## (re-)display the input form
00233
00234 $tpl_vars = $INPUT;
00235
00236 $tpl_vars['item_info'] = $item;
00237 $tpl_vars['errors_info'] = $errors;
00238 $tpl_vars['files_info'] = list_files($INPUT['item'], $INPUT['id']);
00239
00240 if (isset($books)) {
00241 $tpl_vars['books_info'] = $books;
00242 }
00243
00244 $tpl = $item['template'][$INPUT['mode']];
00245
00246 ## query data base for options, etc
00247
00248 $t = array("doc_type", "url_type", "role", "location", "degree");
00249 $tpl_vars['html_options'] = get_html_options($t, $db);
00250
00251 $tpl_vars['html_options']['sex'] =
00252 array( 'm' => "Herr", 'f' => "Frau" );
00253
00254 ### try to resolve document type id
00255
00256 if (!isset($tpl_vars['doc_type_id'])) {
00257
00258 $param = array (
00259 cond => "name = '" . $INPUT['item'] . "'",
00260 tables => "doc_type"
00261 );
00262
00263 $ans = sql_query('select', $param, $db);
00264
00265 if (!empty($ans)) {
00266 $tpl_vars['doc_type_id'] = $ans[0]['id'];
00267 }
00268 }
00269
00270 $tpl_vars['actions_info'] = $actions_info;
00271
00272 # translate state id to state
00273
00274 if (isset($tpl_vars['state_id'])) {
00275
00276 ## translate state name to state id
00277
00278 $ans = sql_query( 'select',
00279 array( tables => "state",
00280 cond => "id = " . $tpl_vars['state_id'],
00281 ) , $db);
00282
00283 if (empty($ans)) {
00284 user_error("Illegal state id",
00285 E_USER_ERROR);
00286 exit(0);
00287 }
00288
00289 $tpl_vars['state'] = $ans[0]['name'];
00290 }
00291
00292 do_template($smarty, $tpl, $tpl_vars);
00293
00294 exit(0);
00295
00296
00297 } else {
00298 ## do post-processing of user input
00299
00300 if (isset($INPUT['c_order_toc'])) {
00301 $INPUT['order_notes'] .= "\nInhaltsverzeichnis bitte einscannen";
00302 };
00303
00304 # "protected" is a checkbox, convert to boolean
00305 $INPUT['protected'] = isset($INPUT['protected']);
00306
00307 # "use_alias" is a checkbox, convert to boolean
00308 $INPUT['use_alias'] = isset($INPUT['use_alias']);
00309
00310 # encrypt password
00311 if (isset($INPUT['password']) and ($INPUT['password'] != "")
00312 and (strncmp("{SHA1}", $INPUT['password'], 6) != 0)) {
00313 $INPUT['password'] = "{SHA1}" .
00314 sha1($INPUT['password']);
00315 }
00316
00317 # set login
00318
00319 if ($INPUT['mode'] == "new" AND $INPUT['item'] == "user") {
00320
00321 $l1 = strtolower($INPUT['forename']);
00322 $l1 = preg_replace("/[^a-zäöüß]/", "", $l1);
00323 $l1 = substr( $l1,0,1);
00324
00325 $l2 = strtolower($INPUT['surname']);
00326 $l2 = preg_replace("/[^a-zäöüß]/", "", $l2);
00327 $l2 = substr( $l2,0,7);
00328
00329 $INPUT['login'] = $l1 . $l2;
00330 }
00331
00332 # items to be modified / stored into database
00333
00334 $items = array();
00335
00336
00337
00338
00339 if (isset($books)) {
00340
00341 # special case: multiple books
00342
00343 foreach ($books as $b) {
00344 $items[] = array_merge($INPUT, $b) ;
00345 }
00346
00347 } else {
00348
00349 # single item, e.g. an article
00350
00351 $items = array( $INPUT );
00352 }
00353
00354
00355 foreach ($items as $i) {
00356
00357 ## $sql_param['data'] is an associative array that holds the
00358 ## data that will be stored into the database.
00359
00360 ## Copy data from $i[] (user input) to $sql_param['data'].
00361 ##
00362
00363 ## Restriction: only certain variables are "allowed",
00364 ## i.e listed in $item['sql_input'][mode]
00365
00366 ## We will construct an INSERT or UPDATE sql query
00367 ## to store the user input into an SQL table.
00368
00369 $action = ($i['mode'] == 'new') ? 'insert' : 'update';
00370
00371 $sql_param = $item['sql_param'];
00372
00373 $sql_param['cond'] = strtr($sql_param['cond'],
00374 array( "@id@" => $i['id']));
00375
00376
00377 # Reset default data when in edit mode, because it would
00378 # overwrite existing data of the record.
00379
00380 if ($i['mode'] != 'new') {
00381 $sql_param['data'] = array();
00382 }
00383
00384 # find out what keys are allowed
00385
00386 $allowed_keys = split(',', $item['sql_input'][$i['mode']]);
00387
00388 # copy data from $i[]
00389
00390 foreach ($allowed_keys as $key) {
00391 if (isset($i[$key])) {
00392 $sql_param['data'][$key] = $i[$key];
00393 }
00394 }
00395
00396 if (isset($sql_param['data']['state'])) {
00397
00398 ## translate state name to state id
00399
00400 $state_name = $sql_param['data']['state'];
00401
00402 $ans = sql_query( 'select',
00403 array( tables => "state",
00404 cond => "name = '$state_name'"
00405 ) , $db);
00406
00407 if (empty($ans)) {
00408 user_error("Illegal state: $state_name ",
00409 E_USER_ERROR);
00410 exit(0);
00411 }
00412
00413 unset($sql_param['data']['state']);
00414 $sql_param['data']['state_id'] = $ans[0]['id'];
00415 $sql_param['data']['last_state_change'] = $now;
00416 }
00417
00418 $sql_param['data']['last_modified'] = $now;
00419
00420 ## execute the SQL query
00421 sql_query($action, $sql_param, $db);
00422
00423
00424 # send e-mail
00425
00426 if ($INPUT['item'] == "email" and $INPUT['mode'] == "new") {
00427
00428 $tpl_vars = $INPUT;
00429
00430 $owner = get_item_owner("document",
00431 $INPUT['document_id'], $db);
00432
00433 $tpl_vars['user_info'] = $owner;
00434
00435 $email_to = $owner['degree_name'] . " ";
00436 $email_to .= $owner['forename'] . " ";
00437 $email_to .= $owner['surname'] . " ";
00438 $email_to .= "<" . $owner['email'] . ">";
00439
00440 $p = array (
00441 "tables" => "document",
00442 "cond" => "id = " . $INPUT['document_id'],
00443 );
00444
00445 $ans = sql_query('select', $p, $db);
00446
00447 if (empty($ans)) {
00448 user_error("invalid document id: ".
00449 $INPUT['document_id'] , E_USER_ERROR);
00450 }
00451
00452 $tpl_vars['document_info'] = $ans[0];
00453
00454 $coll_id = $tpl_vars['document_info']['collection_id'];
00455
00456 $p = array (
00457 "tables" => "collection",
00458 "cond" => "id = " . $coll_id
00459 );
00460
00461 $ans = sql_query('select', $p, $db);
00462
00463 if (empty($ans)) {
00464 user_error("invalid collection id: " .
00465 $coll_id , E_USER_ERROR);
00466 }
00467
00468 $tpl_vars['collection_info'] = $ans[0];
00469
00470 send_email($smarty,'msg_generic.tpl',$tpl_vars,$email_to);
00471 }
00472
00473
00474
00475 # handle file uploads
00476
00477 if ($i['item'] == 'file' and $i['mode'] == 'new') {
00478
00479 # retrieve id of newly created item
00480
00481 $ans = sql_query('last_id', array(), $db);
00482 $i['id'] = $ans[0]['last_id'];
00483
00484 if ($i['id'] <= 0) {
00485 user_error("could not retrieve last_id " ,
00486 E_USER_ERROR);
00487 }
00488
00489
00490 foreach ($_FILES as $f) {
00491
00492 if (!is_uploaded_file($f['tmp_name'])) {
00493 continue;
00494 }
00495
00496 $c = file_get_contents($f['tmp_name']);
00497 $fn = basename($f['name']);
00498 put_file($i['item'], $i['id'], $fn, $c);
00499 }
00500
00501 }
00502 }
00503 }
00504
00505 }
00506 ?>
