MastodonStartpage/web/admin/loadsaverempres.php

<?php

header('Content-Type: application/json; charset=utf-8');

require('include/glob.php');
require('include/muoribene.php');
require('include/sessionstart.php');
require('include/myconn.php');

use function mysqli_real_escape_string as myesc;

if (array_key_exists('act',$_POST)) {
	if ($_POST['act']=='load' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
		$res=mysqli_query($link,'SELECT * FROM PresFiltConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
			or muoribene(mysqli_error($link),true);
		$buf=array('f'=>array(),'o'=>array());
		while ($row=mysqli_fetch_assoc($res))
			$buf['f'][]=$row;
		$res=mysqli_query($link,'SELECT * FROM PresOrdConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
			or muoribene(mysqli_error($link),true);
		while ($row=mysqli_fetch_assoc($res))
			$buf['o'][]=$row;
		echo(json_encode($buf));
	} elseif ($_POST['act']=='save' && array_key_exists('txt',$_POST)) {
		$fi=-1;
		$oi=-1;
		$fqueries=array(array());
		$oqueries=array(array());
		foreach ($_POST as $key=>$val) {
			if (preg_match('/^openpar-\d+$/',$key)===1) {
				$fi++;
				if ($val=='null')
					$val='NULL';
				else
					$val="'".myesc($link,$val)."'";
				$fqueries[$fi]['OpenPar']=$val;
			}
			if (preg_match('/^fieldsel-\d+$/',$key)===1) {
				$fqueries[$fi]['Field']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^condsel-\d+$/',$key)===1) {
				$fqueries[$fi]['Cond']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^valuesel-\d+$/',$key)===1) {
				$fqueries[$fi]['ValueSel']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^valueinp-\d+$/',$key)===1) {
				$fqueries[$fi]['ValueInp']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^closepar-\d+$/',$key)===1) {
				if ($val=='null')
					$val='NULL';
				else
					$val="'".myesc($link,$val)."'";
				$fqueries[$fi]['ClosePar']=$val;
			}
			if (preg_match('/^andor-\d+$/',$key)===1) {
				$fqueries[$fi]['AndOr']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^ordfieldsel-\d+$/',$key)===1) {
				$oi++;
				$oqueries[$oi]['Field']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^ascdesc-\d+$/',$key)===1) {
				$oqueries[$oi]['Sort']="'".myesc($link,$val)."'";
			}
		}
//		print_r($fqueries).N;
//		print_r($oqueries).N;
		if (array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
			$pid=$_POST['pid'];
			mysqli_query($link,'DELETE FROM PresFiltConds WHERE PresID='.$pid)
				or muoribene(mysqli_error($link),true);
			mysqli_query($link,'DELETE FROM PresOrdConds WHERE PresID='.$pid)
				or muoribene(mysqli_error($link),true);
			mysqli_query($link,'UPDATE Presets SET Name=\''.myesc($link,$_POST['txt']).'\' WHERE ID='.$pid)
				or muoribene(mysqli_error($link),true);
		} else {
			mysqli_query($link,'INSERT INTO Presets SET Name=\''.myesc($link,$_POST['txt']).'\'')
				or muoribene(mysqli_error($link),true);
			$pid=mysqli_insert_id($link);
			echo('{ "pid": '.$pid.' }'.N);
		}
		$fi=0;
		foreach ($fqueries as $row) {
			$fi++;
			$query='INSERT INTO PresFiltConds SET PresID='.$pid.', OpenPar='.$row['OpenPar'].', Field='.$row['Field'].', Cond='.$row['Cond'].', ';
			if (array_key_exists('ValueSel',$row))
				$query.='ValueSel='.$row['ValueSel'].', ';
			if (array_key_exists('ValueInp',$row))
				$query.='ValueInp='.$row['ValueInp'].', ';
			$query.='ClosePar='.$row['ClosePar'];
			if (array_key_exists('AndOr',$row))
				$query.=', AndOr='.$row['AndOr'];
			$query.=', Pos='.$fi;
//			echo($query.N);
			mysqli_query($link,$query)
				or muoribene(mysqli_error($link),true);
		}
		$oi=0;
		foreach ($oqueries as $row) {
			$oi++;
			$query='INSERT INTO PresOrdConds SET PresID='.$pid.', Field='.$row['Field'].', Sort='.$row['Sort'].', Pos='.$oi;
//			echo($query.N);
			mysqli_query($link,$query)
				or muoribene(mysqli_error($link),true);
		}
	} elseif ($_POST['act']=='remove' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
		$pid=$_POST['pid'];
		$query='DELETE FROM PresFiltConds WHERE PresID='.$pid;
		mysqli_query($link,$query)
			or muoribene(mysqli_error($link),true);
		$query='DELETE FROM PresOrdConds WHERE PresID='.$pid;
		mysqli_query($link,$query)
			or muoribene(mysqli_error($link),true);
		$query='DELETE FROM Presets WHERE ID='.$pid;
		mysqli_query($link,$query)
			or muoribene(mysqli_error($link),true);
	}
}

mysqli_close($link);

exit(0);

?>