123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- <?php
- header('Content-Type: application/json; charset=utf-8');
- require('include/glob.php');
- require('include/muoribenejson.php');
- require('include/sessionstart.php');
- require('include/myconn.php');
- require('include/getadmacc.php');
- if ($account['Level']=='guest')
- muoribene('Sorry, you are not authorized.',true);
- use function mysqli_real_escape_string as myesc;
- function nulltonull($arr) {
- $newarr=array();
- foreach ($arr as $key=>$val)
- if (is_null($val))
- if ($key!='AndOr')
- $newarr[$key]='null';
- else
- $newarr[$key]='AND';
- else
- $newarr[$key]=$val;
- return($newarr);
- }
- if (array_key_exists('act',$_POST)) {
- if ($_POST['act']=='load' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
- $res=mysqli_query($link,'SELECT * FROM PresFiltConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
- or muoribene(mysqli_error($link),true);
- $buf=array('f'=>array(),'o'=>array());
- while ($row=mysqli_fetch_assoc($res))
- $buf['f'][]=nulltonull($row);
- $res=mysqli_query($link,'SELECT * FROM PresOrdConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
- or muoribene(mysqli_error($link),true);
- while ($row=mysqli_fetch_assoc($res))
- $buf['o'][]=nulltonull($row);
- echo(json_encode($buf));
- } elseif ($_POST['act']=='save' && array_key_exists('txt',$_POST)) {
- $fi=-1;
- $oi=-1;
- $fqueries=array();
- $oqueries=array();
- foreach ($_POST as $key=>$val) {
- if (preg_match('/^openpar-\d+$/',$key)===1) {
- $fi++;
- if ($val=='null')
- $val='NULL';
- else
- $val="'".myesc($link,$val)."'";
- $fqueries[$fi]['OpenPar']=$val;
- }
- if (preg_match('/^fieldsel-\d+$/',$key)===1) {
- $fqueries[$fi]['Field']="'".myesc($link,$val)."'";
- }
- if (preg_match('/^condsel-\d+$/',$key)===1) {
- $fqueries[$fi]['Cond']="'".myesc($link,$val)."'";
- }
- if (preg_match('/^valuesel-\d+$/',$key)===1) {
- $fqueries[$fi]['ValueSel']="'".myesc($link,$val)."'";
- }
- if (preg_match('/^valueinp-\d+$/',$key)===1) {
- $fqueries[$fi]['ValueInp']="'".myesc($link,$val)."'";
- }
- if (preg_match('/^closepar-\d+$/',$key)===1) {
- if ($val=='null')
- $val='NULL';
- else
- $val="'".myesc($link,$val)."'";
- $fqueries[$fi]['ClosePar']=$val;
- }
- if (preg_match('/^andor-\d+$/',$key)===1) {
- $fqueries[$fi]['AndOr']="'".myesc($link,$val)."'";
- }
- if (preg_match('/^ordfieldsel-\d+$/',$key)===1) {
- $oi++;
- $oqueries[$oi]['Field']="'".myesc($link,$val)."'";
- }
- if (preg_match('/^ascdesc-\d+$/',$key)===1) {
- $oqueries[$oi]['Sort']="'".myesc($link,$val)."'";
- }
- }
- // print_r($fqueries).N;
- // print_r($oqueries).N;
- if (array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
- $pid=$_POST['pid'];
- mysqli_query($link,'DELETE FROM PresFiltConds WHERE PresID='.$pid)
- or muoribene(mysqli_error($link),true);
- mysqli_query($link,'DELETE FROM PresOrdConds WHERE PresID='.$pid)
- or muoribene(mysqli_error($link),true);
- mysqli_query($link,'UPDATE Presets SET Name=\''.myesc($link,$_POST['txt']).'\' WHERE ID='.$pid)
- or muoribene(mysqli_error($link),true);
- } else {
- mysqli_query($link,'INSERT INTO Presets SET Name=\''.myesc($link,$_POST['txt']).'\'')
- or muoribene(mysqli_error($link),true);
- $pid=mysqli_insert_id($link);
- echo('{ "pid": '.$pid.' }'.N);
- }
- $fi=0;
- foreach ($fqueries as $row) {
- $fi++;
- $query='INSERT INTO PresFiltConds SET PresID='.$pid.', OpenPar='.$row['OpenPar'].', Field='.$row['Field'].', Cond='.$row['Cond'].', ';
- if (array_key_exists('ValueSel',$row))
- $query.='ValueSel='.$row['ValueSel'].', ';
- if (array_key_exists('ValueInp',$row))
- $query.='ValueInp='.$row['ValueInp'].', ';
- $query.='ClosePar='.$row['ClosePar'];
- if (array_key_exists('AndOr',$row))
- $query.=', AndOr='.$row['AndOr'];
- $query.=', Pos='.$fi;
- // echo($query.N);
- mysqli_query($link,$query)
- or muoribene(mysqli_error($link),true);
- }
- $oi=0;
- foreach ($oqueries as $row) {
- $oi++;
- $query='INSERT INTO PresOrdConds SET PresID='.$pid.', Field='.$row['Field'].', Sort='.$row['Sort'].', Pos='.$oi;
- // echo($query.N);
- mysqli_query($link,$query)
- or muoribene(mysqli_error($link),true);
- }
- } elseif ($_POST['act']=='remove' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
- $pid=$_POST['pid'];
- $query='DELETE FROM PresFiltConds WHERE PresID='.$pid;
- mysqli_query($link,$query)
- or muoribene(mysqli_error($link),true);
- $query='DELETE FROM PresOrdConds WHERE PresID='.$pid;
- mysqli_query($link,$query)
- or muoribene(mysqli_error($link),true);
- $query='DELETE FROM Presets WHERE ID='.$pid;
- mysqli_query($link,$query)
- or muoribene(mysqli_error($link),true);
- }
- }
- mysqli_close($link);
- exit(0);
- ?>
|