goodoldpaul
/
MastodonStartpage


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142
							<?php

header('Content-Type: application/json; charset=utf-8');

require('include/glob.php');
require('include/muoribenejson.php');
require('include/sessionstart.php');
require('include/myconn.php');
require('include/getadmacc.php');
if ($account['Level']=='guest')
	muoribene('Sorry, you are not authorized.',true);

use function mysqli_real_escape_string as myesc;

function nulltonull($arr) {
	$newarr=array();
	foreach ($arr as $key=>$val)
		if (is_null($val))
			if ($key!='AndOr')
				$newarr[$key]='null';
			else
				$newarr[$key]='AND';
		else
			$newarr[$key]=$val;
	return($newarr);
}

if (array_key_exists('act',$_POST)) {
	if ($_POST['act']=='load' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
		$res=mysqli_query($link,'SELECT * FROM PresFiltConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
			or muoribene(mysqli_error($link),true);
		$buf=array('f'=>array(),'o'=>array());
		while ($row=mysqli_fetch_assoc($res))
			$buf['f'][]=nulltonull($row);
		$res=mysqli_query($link,'SELECT * FROM PresOrdConds WHERE PresID='.$_POST['pid'].' ORDER BY Pos ASC')
			or muoribene(mysqli_error($link),true);
		while ($row=mysqli_fetch_assoc($res))
			$buf['o'][]=nulltonull($row);
		echo(json_encode($buf));
	} elseif ($_POST['act']=='save' && array_key_exists('txt',$_POST)) {
		$fi=-1;
		$oi=-1;
		$fqueries=array();
		$oqueries=array();
		foreach ($_POST as $key=>$val) {
			if (preg_match('/^openpar-\d+$/',$key)===1) {
				$fi++;
				if ($val=='null')
					$val='NULL';
				else
					$val="'".myesc($link,$val)."'";
				$fqueries[$fi]['OpenPar']=$val;
			}
			if (preg_match('/^fieldsel-\d+$/',$key)===1) {
				$fqueries[$fi]['Field']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^condsel-\d+$/',$key)===1) {
				$fqueries[$fi]['Cond']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^valuesel-\d+$/',$key)===1) {
				$fqueries[$fi]['ValueSel']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^valueinp-\d+$/',$key)===1) {
				$fqueries[$fi]['ValueInp']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^closepar-\d+$/',$key)===1) {
				if ($val=='null')
					$val='NULL';
				else
					$val="'".myesc($link,$val)."'";
				$fqueries[$fi]['ClosePar']=$val;
			}
			if (preg_match('/^andor-\d+$/',$key)===1) {
				$fqueries[$fi]['AndOr']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^ordfieldsel-\d+$/',$key)===1) {
				$oi++;
				$oqueries[$oi]['Field']="'".myesc($link,$val)."'";
			}
			if (preg_match('/^ascdesc-\d+$/',$key)===1) {
				$oqueries[$oi]['Sort']="'".myesc($link,$val)."'";
			}
		}
//		print_r($fqueries).N;
//		print_r($oqueries).N;
		if (array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
			$pid=$_POST['pid'];
			mysqli_query($link,'DELETE FROM PresFiltConds WHERE PresID='.$pid)
				or muoribene(mysqli_error($link),true);
			mysqli_query($link,'DELETE FROM PresOrdConds WHERE PresID='.$pid)
				or muoribene(mysqli_error($link),true);
			mysqli_query($link,'UPDATE Presets SET Name=\''.myesc($link,$_POST['txt']).'\' WHERE ID='.$pid)
				or muoribene(mysqli_error($link),true);
		} else {
			mysqli_query($link,'INSERT INTO Presets SET Name=\''.myesc($link,$_POST['txt']).'\'')
				or muoribene(mysqli_error($link),true);
			$pid=mysqli_insert_id($link);
			echo('{ "pid": '.$pid.' }'.N);
		}
		$fi=0;
		foreach ($fqueries as $row) {
			$fi++;
			$query='INSERT INTO PresFiltConds SET PresID='.$pid.', OpenPar='.$row['OpenPar'].', Field='.$row['Field'].', Cond='.$row['Cond'].', ';
			if (array_key_exists('ValueSel',$row))
				$query.='ValueSel='.$row['ValueSel'].', ';
			if (array_key_exists('ValueInp',$row))
				$query.='ValueInp='.$row['ValueInp'].', ';
			$query.='ClosePar='.$row['ClosePar'];
			if (array_key_exists('AndOr',$row))
				$query.=', AndOr='.$row['AndOr'];
			$query.=', Pos='.$fi;
//			echo($query.N);
			mysqli_query($link,$query)
				or muoribene(mysqli_error($link),true);
		}
		$oi=0;
		foreach ($oqueries as $row) {
			$oi++;
			$query='INSERT INTO PresOrdConds SET PresID='.$pid.', Field='.$row['Field'].', Sort='.$row['Sort'].', Pos='.$oi;
//			echo($query.N);
			mysqli_query($link,$query)
				or muoribene(mysqli_error($link),true);
		}
	} elseif ($_POST['act']=='remove' && array_key_exists('pid',$_POST) && preg_match('/^[0-9]+$/',$_POST['pid'])===1) {
		$pid=$_POST['pid'];
		$query='DELETE FROM PresFiltConds WHERE PresID='.$pid;
		mysqli_query($link,$query)
			or muoribene(mysqli_error($link),true);
		$query='DELETE FROM PresOrdConds WHERE PresID='.$pid;
		mysqli_query($link,$query)
			or muoribene(mysqli_error($link),true);
		$query='DELETE FROM Presets WHERE ID='.$pid;
		mysqli_query($link,$query)
			or muoribene(mysqli_error($link),true);
	}
}

mysqli_close($link);

exit(0);

?>