function _getRecords_preview($schemaIn, $options)
{
global $CURRENT_USER, $schema;
// these globals are used by the functions called below
$schema = $schemaIn;
// get productionRecord from database if 'num' was supplied
$previewNum = intval(@$_REQUEST['preview:num']);
list($productionRecords, ) = getRecords(array('tableName' => @$options['tableName'], 'where' => "num = {$previewNum}", 'ignoreHidden' => true, 'ignorePublishDate' => true, 'ignoreRemoveDate' => true, 'loadPseudoFields' => false, 'loadCreatedBy' => false, 'allowSearch' => false, 'loadUploads' => false));
$productionRecord = @$productionRecords[0];
// security: check access
require_once SCRIPT_DIR . "/lib/admin_functions.php";
require_once SCRIPT_DIR . "/lib/user_functions.php";
require_once SCRIPT_DIR . "/lib/login_functions.php";
$CURRENT_USER = getCurrentUserFromCMS();
// v2.51 support preview even if website membership enabled with different accounts table and separate login
global $hasEditorAccess;
// needed by /lib/common.php _getRecordValuesFromFormInput
$hasEditorAccess = userSectionAccess($options['tableName']) >= 9;
$hasAuthorAccess = userSectionAccess($options['tableName']) >= 6;
$userOwnsRecord = !$productionRecord || $CURRENT_USER['num'] == $productionRecord['createdByUserNum'];
// user is creating record (no num) or is owner
if (!$CURRENT_USER) {
die(t("You must be logged in to use this feature!"));
}
if (!$hasAuthorAccess) {
die(t("You don't have permissions to access this menu."));
}
if (!$hasEditorAccess && !$userOwnsRecord) {
die(sprintf(t("You don't have permission to access these records: %s"), $productionRecord['createdByUserNum']));
}
// build up our record from form input
$record = _getRecordValuesFromFormInput('preview:');
// if this is an existing record, load any fields not supplied by form input
$record['num'] = $previewNum;
if ($productionRecord) {
$record = array_merge($productionRecord, $record);
} else {
$record = _addUndefinedDefaultsToNewRecord($record, getMySqlColsAndType(mysql_escape(getTableNameWithPrefix($options['tableName']))));
}
// if there was no production record available, default some fields
if (@$schema['updatedByUserNum']) {
$record['updatedByUserNum'] = $CURRENT_USER['num'];
}
if (@$schema['updatedDate']) {
$record['updatedDate'] = date('Y-m-d H:i:s');
}
$filenameValue = getFilenameFieldValue($record, @$schema['_filenameFields']);
$record['_filename'] = rtrim($filenameValue, '-');
if (@(!$schema['_detailPage'])) {
$record['_link'] = "javascript:alert('Set Detail Page Url for this section in: Admin > Section Editors > Viewer Urls')";
} elseif (@$options['useSeoUrls']) {
$record['_link'] = PREFIX_URL . @$schema['_detailPage'] . '/' . $filenameValue . $record['num'] . "/";
} else {
$record['_link'] = PREFIX_URL . @$schema['_detailPage'] . '?' . $filenameValue . $record['num'];
}
$rows = array($record);
// Add pseudo-fields
if (@$options['loadPseudoFields']) {
_getRecords_addPseudoFields($rows, $options, $schema);
}
// Add uploads
if (@$options['loadUploads']) {
// single record sections: don't use preSaveTempId so if no record has ever been created yet make sure 'num' is set to 1
_getRecords_addUploadFields($rows, $options, $schema, $_REQUEST['preview:preSaveTempId']);
}
// Add createdBy.fields to records
if (@$options['loadCreatedBy'] && @$schema['createdByUserNum']) {
_getRecords_joinTable($rows, $options, 'accounts');
}
// Add joinTable fields
if (@$options['joinTable']) {
_getRecords_joinTable($rows, $options);
}
// get List Details
$listDetails = array();
if ($options['loadListDetails']) {
$listDetails = _getRecords_getListDetails($options, 1, 1, $schema);
}
return array($rows, $listDetails, $schema);
}
function _getColsToValuesForSQLSet($mySqlColsAndTypes, $newRecordValues, $listAllColsForInsert = false)
{
global $schema, $tableName, $isSingleMenu, $SETTINGS;
$currentDate = date("Y-m-d H:i:s");
// set default to required Format: YYYY-MM-DD HH:MM:SS
$colsToValues = array();
// get form submited values
foreach ($newRecordValues as $colName => $newValue) {
$colsToValues[$colName] = $newValue;
}
// add default values for undefined fields (FOR INSERT ONLY)
if ($listAllColsForInsert) {
$colsToValues = _addUndefinedDefaultsToNewRecord($colsToValues, $mySqlColsAndTypes);
}
// set special field values
if (array_key_exists('updatedDate', $mySqlColsAndTypes)) {
$colsToValues['updatedDate'] = $currentDate;
}
if (array_key_exists('updatedByUserNum', $mySqlColsAndTypes)) {
$colsToValues['updatedByUserNum'] = $GLOBALS['CURRENT_USER']['num'];
}
// hash passwords
if ($tableName == 'accounts' && @$colsToValues['password']) {
$colsToValues['password'] = getPasswordDigest(@$_REQUEST['password']);
}
// allow admin to change createdByUserNum
if (@$GLOBALS['hasEditorAccess'] && @$_REQUEST['createdByUserNum']) {
$colsToValues['createdByUserNum'] = $_REQUEST['createdByUserNum'];
}
### get colsToValues string
$colsToValuesString = '';
foreach ($colsToValues as $colName => $value) {
if ($colName == "num" and !$value) {
continue;
}
// skip num with value of 0
// save blank int column values as null
$columnType = @$mySqlColsAndTypes[$colName];
$fieldType = @$schema[$colName]['type'];
$isIntColumn = preg_match("/^(tinyint|smallint|mediumint|int|bigint|float)/i", $columnType);
if ($value == '' && $isIntColumn && $fieldType != 'checkbox') {
$colsToValuesString .= "`{$colName}` = NULL, ";
} else {
$colsToValuesString .= "`{$colName}` = '" . mysql_escape($value) . "', ";
}
}
$colsToValuesString = rtrim($colsToValuesString, ", ");
//
return $colsToValuesString;
}
