X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=index.php;h=8e702dce6ad0a18a90c5de5aff811e394ee03bc0;hb=117817be986b8b046a99e20a82182016c9016026;hp=01a0ebcd4e0ac69d40ed6f20a6372625589da533;hpb=0a027cc76c27c630ecc5bf93d98834709ae63ed9;p=mirrors%2FSokoMan.git diff --git a/index.php b/index.php index 01a0ebc..8e702dc 100755 --- a/index.php +++ b/index.php @@ -103,7 +103,7 @@ class Sklad_HTML extends HTML { $home = URL_HOME; $script = $_SERVER['SCRIPT_NAME']; $search = htmlspecialchars(@trim($_GET['q'])); - $message = htmlspecialchars(@trim($_GET['message'])); + $message = strip_tags(@trim($_GET['message']),''); return << @@ -242,7 +242,7 @@ EOF; return $this->table($table); } - function render_insert_form($class, $columns, $selectbox=array(), $current=false, $multi_insert=true) { + function render_insert_form($class, $columns, $selectbox=array(), $current=false, $hidecols=false, $multi_insert=true) { //echo('
'); print_r($selectbox);
 		//echo('
'); print_r($current);
 		$update = false;
@@ -251,6 +251,8 @@ EOF;
 			$current = array_shift($current);
 		}
 
+		if(!is_array($hidecols)) $hidecols = array('item_author', 'item_valid_from', 'item_valid_till'); //TODO Autodetect
+
 		$html='
';
 		if($multi_insert) $html.='
';
 		//$html.=$this->input('table', $class, 'hidden');
@@ -259,7 +261,7 @@ EOF;
 			$name="values[$class][".$column['Field'].'][]';
 			$val = $update ? $current[$column['Field']] : false;
 			switch(true) {
-				case preg_match('/auto_increment/', $column['Extra']):
+				case (preg_match('/auto_increment/', $column['Extra']) || in_array($column['Field'], $hidecols)):
 					if(!$val) $val = '';
 					$html.=$this->input($name, $val, 'hidden');
 					$html.=$val.'(AUTO)';
@@ -339,23 +341,23 @@ class Sklad_DB extends PDO {
 		if($search) {
 			$search = $this->quote($search);
 			if(!isset($search_fields[$class])) {
-				trigger_error("Ve tride $class zatim vyhledavat nemozno :-(");
-				die();
+				$this->post_redirect_get($class, "Ve tride $class zatim vyhledavat nemozno :-(");
 			}
 			$where[0] = 'FALSE ';
 			foreach($search_fields[$class] as $column) $where[0] .= "OR $column REGEXP $search ";
 		}	elseif($id) $where[1] = "$class$suffix_id = $id";
 		if(!$history && $this->contains_history($class)) $where[2] = $class.'_valid_till=0';
 		if($where) $sql .= 'WHERE '.implode(' AND ', $where)."\n";
+		//ORDER
+		if(!$order) $order = $class.$suffix_id;
+		if($this->contains_history($class)) $order .= ",${class}_valid_from DESC";
+		$sql .= "ORDER BY $order\n";
 		//LIMIT/OFFSET
 		if($limit) {
 			$limit = $this->escape((int)$limit);
 			$offset = $this->escape((int)$offset);
 			$sql .= "LIMIT $offset,$limit\n";
 		}
-		//ORDER
-		if(!$order) $order = $class.$suffix_id;
-		$sql .= "ORDER BY $order";
 
 		return $sql;
 	}
@@ -393,7 +395,8 @@ class Sklad_DB extends PDO {
 			if(!preg_match('/'.$suffix_id.'$/', $column['Field'])) continue;
 			$table=preg_replace('/'.$suffix_id.'$/','',$column['Field']);
 
-			$sql = "SELECT $table$suffix_id, $table$suffix_name FROM $table;"; //TODO History
+			$history = $this->contains_history($table) ? " WHERE ${table}_valid_till=0" : '';
+			$sql = "SELECT $table$suffix_id, $table$suffix_name FROM $table$history;";
 			$result = $this->safe_query($sql, false);
 			if(!$result) continue;
 			$result = $result->fetchAll(PDO::FETCH_ASSOC);
@@ -427,8 +430,8 @@ class Sklad_DB extends PDO {
 			$history_update=false;	foreach($values as $row) if(is_numeric($row[$table.'_id'])) $history_update=true;
 			if($history_update) {
 				$sql .= "UPDATE $table";
-				$sql .= ' SET '.$table.'_valid_till=NOW()';
-				$sql .= ' WHERE '.$table.'_valid_till=0 AND (';
+				$sql .= " SET ${table}_valid_till=NOW()";
+				$sql .= " WHERE ${table}_valid_till=0 AND (";
 				$or = '';
 				foreach($values as $row) {
 					$sql .= $or.' '.$table.'_id='.$row[$table.'_id'];
@@ -493,7 +496,7 @@ class Sklad_DB extends PDO {
 	}
 
 	function delete($table, $id, $suffix_id='_id') {
-		if($this->contains_history($table)) die(trigger_error("V tabulce $table jentak neco mazat nebudes chlapecku :-P")); //TODO post redirect get
+		if($this->contains_history($table)) return false;
 		$key = $this->escape($table.$suffix_id);
 		$table = $this->escape($table);
 		$id = $this->quote($id);
@@ -540,7 +543,7 @@ class Sklad_UI {
 	function render_form_edit($class, $id) {
 		$columns = $this->db->get_columns($class);
 		$selectbox = $this->db->columns_get_selectbox($columns, $class);
-		$current = $this->db->get_listing($class, $id);
+		$current = $this->db->get_listing($class, $id, 1);
 		return $this->html->render_insert_form($class, $columns, $selectbox, $current);
 	}
 
@@ -579,7 +582,6 @@ class Sklad_UI {
 			$html.=$this->render_listing_navigation($class, '*', $limit, $offset);
 		}
 		if($edit)	{
-			$html.='
TODO UPDATE FORM!
'; //TODO: Asi uz je hotovy...
 			$html.= $this->render_form_edit($class, $id);
 			$action = $_SERVER['SCRIPT_NAME']."/$class/$id/delete";
 	    $html.= "";
@@ -599,16 +601,17 @@ class Sklad_UI {
 		new HTTP_Auth('SkladovejSystem', true, array($this->db->lms,'check_auth'));
 	}
 
-	function post_redirect_get($location, $message='') {
+	function post_redirect_get($location, $message='', $error=false) {
 		$location = $this->html->internal_url($location).'?message='.urlencode($message);
 		header('Location: '.$location);
-		die("Location: $location");
+		if($error) trigger_error($message);
+		die("Location: $location");
 	}
 
 	function safe_include($dir,$name,$vars=array(),$ext='.inc.php') {
-		if(preg_match('/[^a-zA-Z0-9-]/',$name)) die(trigger_error('SAFE INCLUDE: Securityfuck.'));
+		if(preg_match('/[^a-zA-Z0-9-]/',$name)) $this->post_redirect_get('', 'SAFE INCLUDE: Securityfuck.', true);
 		$filename="$dir/$name$ext";
-		if(!is_file($filename)) die(trigger_error('SAFE INCLUDE: Fuckfound.'));
+		if(!is_file($filename)) $this->post_redirect_get('', 'SAFE INCLUDE: Fuckfound.', true);
 		foreach($vars as $var => $val) $$var=$val;
 		ob_start();
 		include($filename);
@@ -640,31 +643,27 @@ class Sklad_UI {
 		if($action) switch($action) {
 			case 'new':
 			case 'edit':
-				//if(!isset($_POST['table'])) die(trigger_error("Jest nutno specifikovat tabulku voe!"));
-				//$table=$_POST['table'];
-				$table='item';
+				$table = $class ? $class : 'item';
 				//print_r($values); //debug
 				$last = $this->db->insert_or_update_multitab($values);
 				$last = "$table/$last/";
 				$next = "$table/new/";
-				echo 'Hotovo. Poslední vložený záznam naleznete '.$this->html->link('zde', $last).'.
'.
-					'Další záznam přidáte '.$this->html->link('zde', $next).'.';
-				die();
+				$this->post_redirect_get($last, 'Hotovo. Další záznam přidáte '.$this->html->link('zde', $next).'.');
 				break;
 			case 'delete':
-				if(!isset($_POST['sure']) || !$_POST['sure']) die(trigger_error('Sure user expected :-)'));
-				$this->db->delete($class, $id);
+				if(!isset($_POST['sure']) || !$_POST['sure']) $this->post_redirect_get("$class/$id/edit", 'Sure user expected :-)');
+				$this->db->delete($class, $id) || $this->post_redirect_get("$class/$id/edit", "V tabulce $class jentak neco mazat nebudes chlapecku :-P");
 				$this->post_redirect_get("$class", "Neco (pravdepodobne /$class/$id) bylo asi smazano. Fnuk :'-(");
 				break;
 			case 'image':
 				$image_classes = array('model'); //TODO, use this more widely across the code
-				if(!in_array($class, $image_classes)) die(trigger_error("Nekdo nechce k DB Tride '$class' prirazovat obrazky!"));
+				if(!in_array($class, $image_classes)) $this->post_redirect_get("$class/$id/edit", "Nekdo nechce k DB Tride '$class' prirazovat obrazky!");
 				$image_destination = DIR_IMAGES."/$class/$id.jpg";
-				if($_FILES['image']['name'] == '') die(trigger_error('Kazde neco se musi nejak jmenovat!'));
+				if($_FILES['image']['name'] == '') $this->post_redirect_get("$class/$id/edit", 'Kazde neco se musi nejak jmenovat!', true);
 				if(move_uploaded_file($_FILES['image']['tmp_name'], $image_destination)) {
 					chmod ($image_destination, 0664);
 					$this->post_redirect_get("$class/$id", 'Obrazek se naladoval :)');
-				} else die(trigger_error('Soubor se nenahral :('));
+				} else $this->post_redirect_get("$class/$id/edit", 'Soubor se nenahral :(', true);
 				break;
 			default:
 				trigger_error('Nothin\' to do here my cutie :-*');