* @author Tomas Mudrunka
*/
class Sklad_HTML extends HTML { //TODO: Split into few more methods
- function header($title='') {
+ function header($title='', $uid=0, $user='') {
$home = URL_HOME;
$script = $_SERVER['SCRIPT_NAME'];
$search = htmlspecialchars(@trim($_GET['q']));
$html = $this->head("SōkoMan$title");
$html .= <<<EOF
-<h1><a href="$script/">SōkoMan</a><small>$instance$title</small></h1>
+<h1 style="display: inline;"><a href="$script/">SōkoMan</a><small>$instance$title</small></h1>
+<div style="float:right">Loged in as $user [UID $uid]</div>
<style type="text/css">
* { font-family: arial; }
return preg_replace('(^.|.$)', '', $this->quote($str)); //TODO HACK
}
+ function quote_identifier($str) {
+ return '`'.$this->escape($str).'`'; //TODO HACK
+ }
+
function build_query_select($class, $id=false, $limit=false, $offset=0, $where=false, $search=false, $history=false, $order=false, $suffix_id='_id') {
//Configuration
$join = array(
'item' => array('item_id','item_serial','model_name','model_barcode','model_descript','producer_name','vendor_name')
); //TODO Autodetect
+ //Init
+ if(is_array($where)) foreach($where as $key => $value) $where[$key] = $key.' '.$value; //TODO: escape SQLi!!!
+
//Escaping
$class = $this->escape($class);
//SELECT
- $sql="SELECT * FROM $class\n";
+ $sql="SELECT * FROM `$class`\n";
//JOIN
- if(isset($join[$class])) foreach($join[$class] as $j) $sql .= "LEFT JOIN $j USING($j$suffix_id)\n";
+ if(isset($join[$class])) foreach($join[$class] as $j) $sql .= "LEFT JOIN `$j` USING($j$suffix_id)\n";
//WHERE/REGEXP
if($search) {
$search = $this->quote($search);
$PATH_CHUNKS = preg_split('/\//', $PATH_INFO);
//Sephirot:
if(!isset($PATH_CHUNKS[1])) $PATH_CHUNKS[1]='';
- if($_SERVER['REQUEST_METHOD'] != 'POST' && $PATH_CHUNKS[1]!='barcode') echo $this->html->header($PATH_INFO); //TODO: tyhle podminky naznacujou, ze je v navrhu nejaka drobna nedomyslenost...
+ if($_SERVER['REQUEST_METHOD'] != 'POST' && $PATH_CHUNKS[1]!='barcode') //TODO: tyhle podminky naznacujou, ze je v navrhu nejaka drobna nedomyslenost...
+ echo $this->html->header($PATH_INFO,$this->db->lms->get_authorized_user_id());
switch($PATH_CHUNKS[1]) { //TODO: Move some branches to plugins if possible
case 'test': //test
die('Tell me why you cry');
$history = $PATH_CHUNKS[3] == 'history' ? true : false;
$limit = (int) (isset($PATH_CHUNKS[3]) ? $PATH_CHUNKS[3] : '0');
$offset = (int) (isset($PATH_CHUNKS[4]) ? $PATH_CHUNKS[4] : '0');
- $where = false; //TODO get from URL
+ $where = @is_array($_GET['where']) ? $_GET['where'] : false;
echo $this->render_items($class, $id, $limit, $offset, $where, $search, $history);
echo $this->render_listing_extensions($class, $id, $limit, $offset, $edit);
//print_r(array("<pre>",$_SERVER));
GIT.Harvie.CZ / mirrors / SokoMan.git / blobdiff