MastodonHelp/web/mustard/loadsaverempres.php
pezcurrel 85876775c4 ...
2020-05-07 07:24:56 +02:00

142 lines
4.6 KiB
PHP

<?php
header('Content-Type: application/json; charset=utf-8');
require('include/glob.php');
require('include/muoribenejson.php');
require('include/sessionstart.php');
require('include/myconn.php');
require('include/getadmacc.php');
if ($account['Level']=='guest')
muoribene('Sorry, you are not authorized.',true);
use function mysqli_real_escape_string as myesc;
function nulltonull($arr) {
$newarr=array();
foreach ($arr as $key=>$val)
if (is_null($val))
if ($key!='AndOr')
$newarr[$key]='null';
else
$newarr[$key]='AND';
else
$newarr[$key]=$val;
return($newarr);
}
if (array_key_exists('act',$_POST)) {
if ($_POST['act']=='load' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
$res=mysqli_query($link,'SELECT * FROM PresFiltConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
or muoribene(mysqli_error($link),true);
$buf=array('f'=>array(),'o'=>array());
while ($row=mysqli_fetch_assoc($res))
$buf['f'][]=nulltonull($row);
$res=mysqli_query($link,'SELECT * FROM PresOrdConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
or muoribene(mysqli_error($link),true);
while ($row=mysqli_fetch_assoc($res))
$buf['o'][]=nulltonull($row);
echo(json_encode($buf));
} elseif ($_POST['act']=='save' && array_key_exists('txt',$_POST)) {
$fi=-1;
$oi=-1;
$fqueries=array();
$oqueries=array();
foreach ($_POST as $key=>$val) {
if (preg_match('/^openpar-\d+$/',$key)===1) {
$fi++;
if ($val=='null')
$val='NULL';
else
$val="'".myesc($link,$val)."'";
$fqueries[$fi]['OpenPar']=$val;
}
if (preg_match('/^fieldsel-\d+$/',$key)===1) {
$fqueries[$fi]['Field']="'".myesc($link,$val)."'";
}
if (preg_match('/^condsel-\d+$/',$key)===1) {
$fqueries[$fi]['Cond']="'".myesc($link,$val)."'";
}
if (preg_match('/^valuesel-\d+$/',$key)===1) {
$fqueries[$fi]['ValueSel']="'".myesc($link,$val)."'";
}
if (preg_match('/^valueinp-\d+$/',$key)===1) {
$fqueries[$fi]['ValueInp']="'".myesc($link,$val)."'";
}
if (preg_match('/^closepar-\d+$/',$key)===1) {
if ($val=='null')
$val='NULL';
else
$val="'".myesc($link,$val)."'";
$fqueries[$fi]['ClosePar']=$val;
}
if (preg_match('/^andor-\d+$/',$key)===1) {
$fqueries[$fi]['AndOr']="'".myesc($link,$val)."'";
}
if (preg_match('/^ordfieldsel-\d+$/',$key)===1) {
$oi++;
$oqueries[$oi]['Field']="'".myesc($link,$val)."'";
}
if (preg_match('/^ascdesc-\d+$/',$key)===1) {
$oqueries[$oi]['Sort']="'".myesc($link,$val)."'";
}
}
// print_r($fqueries).N;
// print_r($oqueries).N;
if (array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
$pid=$_POST['pid'];
mysqli_query($link,'DELETE FROM PresFiltConds WHERE PresID='.$pid)
or muoribene(mysqli_error($link),true);
mysqli_query($link,'DELETE FROM PresOrdConds WHERE PresID='.$pid)
or muoribene(mysqli_error($link),true);
mysqli_query($link,'UPDATE Presets SET Name=\''.myesc($link,$_POST['txt']).'\' WHERE ID='.$pid)
or muoribene(mysqli_error($link),true);
} else {
mysqli_query($link,'INSERT INTO Presets SET Name=\''.myesc($link,$_POST['txt']).'\'')
or muoribene(mysqli_error($link),true);
$pid=mysqli_insert_id($link);
echo('{ "pid": '.$pid.' }'.N);
}
$fi=0;
foreach ($fqueries as $row) {
$fi++;
$query='INSERT INTO PresFiltConds SET PresID='.$pid.', OpenPar='.$row['OpenPar'].', Field='.$row['Field'].', Cond='.$row['Cond'].', ';
if (array_key_exists('ValueSel',$row))
$query.='ValueSel='.$row['ValueSel'].', ';
if (array_key_exists('ValueInp',$row))
$query.='ValueInp='.$row['ValueInp'].', ';
$query.='ClosePar='.$row['ClosePar'];
if (array_key_exists('AndOr',$row))
$query.=', AndOr='.$row['AndOr'];
$query.=', Pos='.$fi;
// echo($query.N);
mysqli_query($link,$query)
or muoribene(mysqli_error($link),true);
}
$oi=0;
foreach ($oqueries as $row) {
$oi++;
$query='INSERT INTO PresOrdConds SET PresID='.$pid.', Field='.$row['Field'].', Sort='.$row['Sort'].', Pos='.$oi;
// echo($query.N);
mysqli_query($link,$query)
or muoribene(mysqli_error($link),true);
}
} elseif ($_POST['act']=='remove' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
$pid=$_POST['pid'];
$query='DELETE FROM PresFiltConds WHERE PresID='.$pid;
mysqli_query($link,$query)
or muoribene(mysqli_error($link),true);
$query='DELETE FROM PresOrdConds WHERE PresID='.$pid;
mysqli_query($link,$query)
or muoribene(mysqli_error($link),true);
$query='DELETE FROM Presets WHERE ID='.$pid;
mysqli_query($link,$query)
or muoribene(mysqli_error($link),true);
}
}
mysqli_close($link);
exit(0);
?>