| edit_item | ( | $ | smarty, | |
| $ | INPUT, | |||
| $ | db | |||
| ) |
Modify an item (e.g. book, url, collection, user).
This is a function to modify an item, called by action.php.
It can also be create a new item, if called with the parameter $INPUT['action'] set to "new". In this case, the $INPUT['id'] parameter is not required.
- Parameters:
-
$smarty -- Smarty template engine handle $INPUT['item'] -- item type $INPUT['id'] -- id of the item to be edited $INPUT['action'] -- whether to edit an existing item ("edit") or create a new one ("new") $db -- MySQL database handle
Definition at line 31 of file edit_item.php.
References $actions_info, $item_info, $validation_info, book_info(), check_input(), do_template(), get_html_options(), get_item_owner(), get_new_expiry_date(), list_files(), put_file(), send_email(), and sql_query().
00031 { 00032 00033 global $_SESSION, $default_role_id, $default_location_id, $debug_level; 00034 global $actions_info, $item_info, $validation_info, $use_z3950; 00035 00036 $default = array( 00037 "page" => "1" 00038 ); 00039 00040 ## current time 00041 00042 $now = strftime("%Y-%m-%d %H:%M:%S"); 00043 00044 ## apply defaults to $INPUT 00045 00046 $INPUT = array_merge($default, $INPUT); 00047 00048 if (($INPUT['mode'] != "new") and (isset($_SESSION['mode']))) { 00049 $INPUT['mode'] = $_SESSION['mode']; 00050 } 00051 00052 if ($debug_level > 10) { 00053 print "<hr><pre>Input: "; 00054 print_r($INPUT); 00055 print "</pre><hr>"; 00056 } 00057 00058 # check for missing id 00059 00060 if (empty($errors) and $INPUT['mode'] != "new" and empty($INPUT['id']) ) { 00061 $errors[] = 'id'; 00062 } 00063 00064 00065 if (!empty($errors)) { 00066 user_error("Missing or malformed input parameter(s): " . join($errors, ", "), 00067 E_USER_ERROR); 00068 } 00069 00070 # xxx 00071 00072 if (!isset($INPUT['user_id']) and isset($_SESSION['user'])) { 00073 $INPUT['user_id'] = $_SESSION['user']['id']; 00074 } 00075 00076 # Fetch all information about our item from $item_info[], and 00077 # store it into $item. Use $item_info['DEFAULT'] as a fallback. 00078 00079 $item = $item_info['DEFAULT']; 00080 $item['name'] = $INPUT['item']; 00081 00082 if (isset($item_info[ $INPUT['item'] ])) { 00083 $item = $item_info[ $INPUT['item'] ]; 00084 } 00085 00086 # initialize form 00087 00088 if (($_SERVER['REQUEST_METHOD'] == "GET")) { 00089 00090 if ($INPUT['mode'] == "new") { 00091 00092 ## Initialize with default values 00093 00094 if (isset($item['sql_param']['data'])) { 00095 $INPUT = array_merge($item['sql_param']['data'], $INPUT); 00096 } 00097 00098 } else { 00099 00100 ## edit mode: load record from data base 00101 00102 $sql_param = $item['sql_param']; 00103 00104 $sql_param['cond'] = strtr($sql_param['cond'], 00105 array( "@id@" => $INPUT['id'])); 00106 00107 $ans = sql_query('select', $sql_param, $db); 00108 00109 if (empty($ans)) { 00110 user_error("No record in database: id=" . 00111 $INPUT['id'] . ", item=" . $item['name'] , 00112 E_USER_ERROR); 00113 } 00114 00115 $INPUT = array_merge($ans[0], $INPUT); 00116 00117 } 00118 } 00119 00120 00121 ## set default expiry date 00122 00123 if ((!isset($INPUT['expiry_date']) ) or ($INPUT['expiry_date'] < $now)) { 00124 $INPUT['expiry_date'] = get_new_expiry_date(); 00125 } 00126 00127 ## process buttons 00128 00129 if (isset($INPUT['b_prio_up'])) { 00130 00131 if ($INPUT['relevance'] < 5) { 00132 $INPUT['relevance'] +=1; 00133 } 00134 } 00135 00136 if (isset($INPUT['b_prio_down'])) { 00137 if ($INPUT['relevance'] > 0) { 00138 $INPUT['relevance'] -=1; 00139 } 00140 } 00141 00142 # "cancel" button pressed? 00143 00144 #if (isset($INPUT['b_cancel'])) { 00145 # return; 00146 #} 00147 00148 # "OK" button pressed? 00149 00150 $display_html_form = (isset($INPUT['b_ok'])) ? FALSE : TRUE; 00151 00152 # stricter checks for user input (per item) 00153 00154 if (! $display_html_form ) { 00155 $errors = check_input($INPUT, $item['validation_info'], FALSE); 00156 00157 if (!empty($errors)) { 00158 # user input was invalid, user must correct it 00159 $display_html_form = TRUE; 00160 } 00161 } 00162 00163 if (isset($INPUT['expiry_date_Day'])) { 00164 $INPUT['expiry_date'] = sprintf("%04d-%02d-%02d", 00165 $INPUT['expiry_date_Year'], 00166 $INPUT['expiry_date_Month'], 00167 $INPUT['expiry_date_Day']); 00168 00169 if ($INPUT['expiry_date'] <= $now) { 00170 # $errors[] = 'expiry_date'; 00171 # $display_html_form = TRUE; 00172 } 00173 } 00174 00175 00176 # look up books in library catalogue (z39.50) 00177 00178 00179 if ( $use_z3950 and ($INPUT['mode'] == "new") and 00180 isset($INPUT['b_ok']) and ($INPUT['item'] == "book") ) { 00181 00182 # normalize signature 00183 00184 # if (isset($INPUT['signature'])) { 00185 # $INPUT['signature'] = preg_replace("/[^a-zA-Z0-9 ]/", " ", 00186 # $INPUT['signature']); 00187 # } 00188 00189 # look up book in catalogue 00190 00191 $books = book_info($INPUT); 00192 00193 if (isset($INPUT['ppn'])) { 00194 # note: ppn is a unique identifier 00195 00196 $books2 = array(); 00197 00198 foreach ($INPUT['ppn'] as $ppn) { 00199 foreach ($books as $b) { 00200 if ( $b['ppn'] == $ppn ) 00201 $books2[] = $b; 00202 } 00203 } 00204 $books = $books2; 00205 } 00206 00207 switch(count($books)) { 00208 case 0: 00209 # wrong signature 00210 00211 $errors[] = 'signature'; 00212 $display_html_form = TRUE; 00213 break; 00214 00215 case 1: 00216 break; 00217 00218 default: 00219 # multiple books --> user must select one of them 00220 if (!isset($INPUT['ppn'])) { 00221 00222 $INPUT['page'] = '2'; 00223 $display_html_form = TRUE; 00224 } 00225 00226 break; 00227 } 00228 } 00229 00230 if ($display_html_form) { 00231 00232 ## (re-)display the input form 00233 00234 $tpl_vars = $INPUT; 00235 00236 $tpl_vars['item_info'] = $item; 00237 $tpl_vars['errors_info'] = $errors; 00238 $tpl_vars['files_info'] = list_files($INPUT['item'], $INPUT['id']); 00239 00240 if (isset($books)) { 00241 $tpl_vars['books_info'] = $books; 00242 } 00243 00244 $tpl = $item['template'][$INPUT['mode']]; 00245 00246 ## query data base for options, etc 00247 00248 $t = array("doc_type", "url_type", "role", "location", "degree"); 00249 $tpl_vars['html_options'] = get_html_options($t, $db); 00250 00251 $tpl_vars['html_options']['sex'] = 00252 array( 'm' => "Herr", 'f' => "Frau" ); 00253 00254 ### try to resolve document type id 00255 00256 if (!isset($tpl_vars['doc_type_id'])) { 00257 00258 $param = array ( 00259 cond => "name = '" . $INPUT['item'] . "'", 00260 tables => "doc_type" 00261 ); 00262 00263 $ans = sql_query('select', $param, $db); 00264 00265 if (!empty($ans)) { 00266 $tpl_vars['doc_type_id'] = $ans[0]['id']; 00267 } 00268 } 00269 00270 $tpl_vars['actions_info'] = $actions_info; 00271 00272 # translate state id to state 00273 00274 if (isset($tpl_vars['state_id'])) { 00275 00276 ## translate state name to state id 00277 00278 $ans = sql_query( 'select', 00279 array( tables => "state", 00280 cond => "id = " . $tpl_vars['state_id'], 00281 ) , $db); 00282 00283 if (empty($ans)) { 00284 user_error("Illegal state id", 00285 E_USER_ERROR); 00286 exit(0); 00287 } 00288 00289 $tpl_vars['state'] = $ans[0]['name']; 00290 } 00291 00292 do_template($smarty, $tpl, $tpl_vars); 00293 00294 exit(0); 00295 00296 00297 } else { 00298 ## do post-processing of user input 00299 00300 if (isset($INPUT['c_order_toc'])) { 00301 $INPUT['order_notes'] .= "\nInhaltsverzeichnis bitte einscannen"; 00302 }; 00303 00304 # "protected" is a checkbox, convert to boolean 00305 $INPUT['protected'] = isset($INPUT['protected']); 00306 00307 # "use_alias" is a checkbox, convert to boolean 00308 $INPUT['use_alias'] = isset($INPUT['use_alias']); 00309 00310 # encrypt password 00311 if (isset($INPUT['password']) and ($INPUT['password'] != "") 00312 and (strncmp("{SHA1}", $INPUT['password'], 6) != 0)) { 00313 $INPUT['password'] = "{SHA1}" . 00314 sha1($INPUT['password']); 00315 } 00316 00317 # set login 00318 00319 if ($INPUT['mode'] == "new" AND $INPUT['item'] == "user") { 00320 00321 $l1 = strtolower($INPUT['forename']); 00322 $l1 = preg_replace("/[^a-zäöüß]/", "", $l1); 00323 $l1 = substr( $l1,0,1); 00324 00325 $l2 = strtolower($INPUT['surname']); 00326 $l2 = preg_replace("/[^a-zäöüß]/", "", $l2); 00327 $l2 = substr( $l2,0,7); 00328 00329 $INPUT['login'] = $l1 . $l2; 00330 } 00331 00332 # items to be modified / stored into database 00333 00334 $items = array(); 00335 00336 00337 00338 00339 if (isset($books)) { 00340 00341 # special case: multiple books 00342 00343 foreach ($books as $b) { 00344 $items[] = array_merge($INPUT, $b) ; 00345 } 00346 00347 } else { 00348 00349 # single item, e.g. an article 00350 00351 $items = array( $INPUT ); 00352 } 00353 00354 00355 foreach ($items as $i) { 00356 00357 ## $sql_param['data'] is an associative array that holds the 00358 ## data that will be stored into the database. 00359 00360 ## Copy data from $i[] (user input) to $sql_param['data']. 00361 ## 00362 00363 ## Restriction: only certain variables are "allowed", 00364 ## i.e listed in $item['sql_input'][mode] 00365 00366 ## We will construct an INSERT or UPDATE sql query 00367 ## to store the user input into an SQL table. 00368 00369 $action = ($i['mode'] == 'new') ? 'insert' : 'update'; 00370 00371 $sql_param = $item['sql_param']; 00372 00373 $sql_param['cond'] = strtr($sql_param['cond'], 00374 array( "@id@" => $i['id'])); 00375 00376 00377 # Reset default data when in edit mode, because it would 00378 # overwrite existing data of the record. 00379 00380 if ($i['mode'] != 'new') { 00381 $sql_param['data'] = array(); 00382 } 00383 00384 # find out what keys are allowed 00385 00386 $allowed_keys = split(',', $item['sql_input'][$i['mode']]); 00387 00388 # copy data from $i[] 00389 00390 foreach ($allowed_keys as $key) { 00391 if (isset($i[$key])) { 00392 $sql_param['data'][$key] = $i[$key]; 00393 } 00394 } 00395 00396 if (isset($sql_param['data']['state'])) { 00397 00398 ## translate state name to state id 00399 00400 $state_name = $sql_param['data']['state']; 00401 00402 $ans = sql_query( 'select', 00403 array( tables => "state", 00404 cond => "name = '$state_name'" 00405 ) , $db); 00406 00407 if (empty($ans)) { 00408 user_error("Illegal state: $state_name ", 00409 E_USER_ERROR); 00410 exit(0); 00411 } 00412 00413 unset($sql_param['data']['state']); 00414 $sql_param['data']['state_id'] = $ans[0]['id']; 00415 $sql_param['data']['last_state_change'] = $now; 00416 } 00417 00418 $sql_param['data']['last_modified'] = $now; 00419 00420 ## execute the SQL query 00421 sql_query($action, $sql_param, $db); 00422 00423 00424 # send e-mail 00425 00426 if ($INPUT['item'] == "email" and $INPUT['mode'] == "new") { 00427 00428 $tpl_vars = $INPUT; 00429 00430 $owner = get_item_owner("document", 00431 $INPUT['document_id'], $db); 00432 00433 $tpl_vars['user_info'] = $owner; 00434 00435 $email_to = $owner['degree_name'] . " "; 00436 $email_to .= $owner['forename'] . " "; 00437 $email_to .= $owner['surname'] . " "; 00438 $email_to .= "<" . $owner['email'] . ">"; 00439 00440 $p = array ( 00441 "tables" => "document", 00442 "cond" => "id = " . $INPUT['document_id'], 00443 ); 00444 00445 $ans = sql_query('select', $p, $db); 00446 00447 if (empty($ans)) { 00448 user_error("invalid document id: ". 00449 $INPUT['document_id'] , E_USER_ERROR); 00450 } 00451 00452 $tpl_vars['document_info'] = $ans[0]; 00453 00454 $coll_id = $tpl_vars['document_info']['collection_id']; 00455 00456 $p = array ( 00457 "tables" => "collection", 00458 "cond" => "id = " . $coll_id 00459 ); 00460 00461 $ans = sql_query('select', $p, $db); 00462 00463 if (empty($ans)) { 00464 user_error("invalid collection id: " . 00465 $coll_id , E_USER_ERROR); 00466 } 00467 00468 $tpl_vars['collection_info'] = $ans[0]; 00469 00470 send_email($smarty,'msg_generic.tpl',$tpl_vars,$email_to); 00471 } 00472 00473 00474 00475 # handle file uploads 00476 00477 if ($i['item'] == 'file' and $i['mode'] == 'new') { 00478 00479 # retrieve id of newly created item 00480 00481 $ans = sql_query('last_id', array(), $db); 00482 $i['id'] = $ans[0]['last_id']; 00483 00484 if ($i['id'] <= 0) { 00485 user_error("could not retrieve last_id " , 00486 E_USER_ERROR); 00487 } 00488 00489 00490 foreach ($_FILES as $f) { 00491 00492 if (!is_uploaded_file($f['tmp_name'])) { 00493 continue; 00494 } 00495 00496 $c = file_get_contents($f['tmp_name']); 00497 $fn = basename($f['name']); 00498 put_file($i['item'], $i['id'], $fn, $c); 00499 } 00500 00501 } 00502 } 00503 } 00504 00505 }
Here is the call graph for this function:
