function symptoms_form($selected_id = "", $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('symptoms');
if (!$arrPerm[1] && $selected_id == "") {
return "";
}
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='symptoms' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='symptoms' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `symptoms` where `id`='" . makeSafe($selected_id) . "'");
$row = mysql_fetch_array($res);
} else {
}
// code for template based detail view forms
// open the detail view template
if (($_POST['dvprint_x'] != '' || $_GET['dvprint_x'] != '') && $selected_id) {
$templateCode = @implode('', @file('./templates/symptoms_templateDVP.html'));
$dvprint = true;
} else {
$templateCode = @implode('', @file('./templates/symptoms_templateDV.html'));
$dvprint = false;
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Symptom details', $templateCode);
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<input type="image" src="insert.gif" name="insert" alt="' . $Translation['add new record'] . '" onclick="return validateData();">', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
if ($selected_id) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<input type="image" src="print.gif" vspace="1" name="dvprint" id="dvprint" alt="' . $Translation['printer friendly view'] . '" onclick="document.myform.reset(); return true;" style="margin-bottom: 20px;">', $templateCode);
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<input type="image" src="update.gif" vspace="1" name="update" alt="' . $Translation['update record'] . '" onclick="return validateData();">', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
// set records to read only if user can't insert new records
if (!$arrPerm[1]) {
$jsReadOnly .= "\n\n\tif(document.getElementsByName('id').length){ document.getElementsByName('id')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('name').length){ document.getElementsByName('name')[0].readOnly=true; }\n";
$noUploads = true;
}
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<input type="image" src="delete.gif" vspace="1" name="delete" alt="' . $Translation['delete record'] . '" onClick="return confirm(\'' . $Translation['are you sure?'] . '\');">', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', "<input type=image src=deselect.gif vspace=1 name=deselect alt=\"" . $Translation['deselect record'] . "\" onclick=\"document.myform.reset(); return true;\">", $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? "<input type=image src=cancel.gif vspace=1 name=deselect alt=\"" . $Translation['deselect record'] . "\" onclick=\"document.myform.reset(); return true;\">" : '', $templateCode);
}
// process combos
// process foreign key links
if ($selected_id) {
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(name)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(description)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(comments)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(id)%%>', htmlspecialchars($row['id'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(name)%%>', htmlspecialchars($row['name'], ENT_QUOTES), $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(description)%%>', '<textarea name="description" id="description" cols="50" rows="5" class="TextBox">' . htmlspecialchars($row['description'], ENT_QUOTES) . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(description)%%>', $row['description'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(description)%%>', $row['description'], $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(comments)%%>', '<textarea name="comments" id="comments" cols="50" rows="5" class="TextBox">' . htmlspecialchars($row['comments'], ENT_QUOTES) . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(comments)%%>', $row['comments'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(comments)%%>', $row['comments'], $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(name)%%>', '', $templateCode);
$templateCode = str_replace('<%%HTMLAREA(description)%%>', '<textarea name="description" id="description" cols="50" rows="5" class="TextBox"></textarea>', $templateCode);
$templateCode = str_replace('<%%HTMLAREA(comments)%%>', '<textarea name="comments" id="comments" cols="50" rows="5" class="TextBox"></textarea>', $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!--', $templateCode);
$templateCode = str_replace('%%>', '-->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\tif(document.getElementById('" . $name . "_link')!=undefined){\n";
$templateCode .= "\t\tdocument.getElementById('" . $name . "_link').style.visibility='visible';\n";
$templateCode .= "\t}\n";
for ($i = 1; $i < 10; $i++) {
$templateCode .= "\tif(document.getElementById('" . $name . "_plink{$i}')!=undefined){\n";
$templateCode .= "\t\tdocument.getElementById('" . $name . "_plink{$i}').style.visibility='visible';\n";
$templateCode .= "\t}\n";
}
}
$templateCode .= $jsReadOnly;
if (!$selected_id) {
}
$templateCode .= "\n\tfunction validateData(){";
$templateCode .= "\n\t\tif(\$F('name')==''){ alert('" . addslashes($Translation['error:']) . ' "Name": ' . addslashes($Translation['field not null']) . "'); \$('name').focus(); return false; }";
$templateCode .= "\n\t\treturn true;";
$templateCode .= "\n\t}";
$templateCode .= "\n</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= "<script>";
$templateCode .= "document.observe('dom:loaded', function() {";
$templateCode .= "});";
$templateCode .= "</script>";
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: symptoms_dv
if (function_exists('symptoms_dv')) {
$args = array();
symptoms_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
function properties_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('properties');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
$filterer_owner = thisOr(undo_magic_quotes($_REQUEST['filterer_owner']), '');
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: type
$combo_type = new Combo();
$combo_type->ListType = 2;
$combo_type->MultipleSeparator = ', ';
$combo_type->ListBoxHeight = 10;
$combo_type->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/properties.type.csv')) {
$type_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/properties.type.csv')));
$combo_type->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($type_data)));
$combo_type->ListData = $combo_type->ListItem;
} else {
$combo_type->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Residential;;Commercial;;Condo/Townhome;;Multi-Family;;Single-Family;;stores;;office;;shops")));
$combo_type->ListData = $combo_type->ListItem;
}
$combo_type->SelectName = 'type';
$combo_type->AllowNull = false;
// combobox: owner
$combo_owner = new DataCombo();
// combobox: operating_account
$combo_operating_account = new Combo();
$combo_operating_account->ListType = 0;
$combo_operating_account->MultipleSeparator = ', ';
$combo_operating_account->ListBoxHeight = 10;
$combo_operating_account->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/properties.operating_account.csv')) {
$operating_account_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/properties.operating_account.csv')));
$combo_operating_account->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($operating_account_data)));
$combo_operating_account->ListData = $combo_operating_account->ListItem;
} else {
$combo_operating_account->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Operating bank account;;Security deposit bank account")));
$combo_operating_account->ListData = $combo_operating_account->ListItem;
}
$combo_operating_account->SelectName = 'operating_account';
// combobox: country
$combo_country = new Combo();
$combo_country->ListType = 0;
$combo_country->MultipleSeparator = ', ';
$combo_country->ListBoxHeight = 10;
$combo_country->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/properties.country.csv')) {
$country_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/properties.country.csv')));
$combo_country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($country_data)));
$combo_country->ListData = $combo_country->ListItem;
} else {
$combo_country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Afghanistan;;Albania;;Algeria;;American Samoa;;Andorra;;Angola;;Anguilla;;Antarctica;;Antigua, Barbuda;;Argentina;;Armenia;;Aruba;;Australia;;Austria;;Azerbaijan;;Bahamas;;Bahrain;;Bangladesh;;Barbados;;Belarus;;Belgium;;Belize;;Benin;;Bermuda;;Bhutan;;Bolivia;;Bosnia, Herzegovina;;Botswana;;Bouvet Is.;;Brazil;;Brunei Darussalam;;Bulgaria;;Burkina Faso;;Burundi;;Cambodia;;Cameroon;;Canada;;Canary Is.;;Cape Verde;;Cayman Is.;;Central African Rep.;;Chad;;Channel Islands;;Chile;;China;;Christmas Is.;;Cocos Is.;;Colombia;;Comoros;;Congo, D.R. Of;;Congo;;Cook Is.;;Costa Rica;;Croatia;;Cuba;;Cyprus;;Czech Republic;;Denmark;;Djibouti;;Dominica;;Dominican Republic;;Ecuador;;Egypt;;El Salvador;;Equatorial Guinea;;Eritrea;;Estonia;;Ethiopia;;Falkland Is.;;Faroe Is.;;Fiji;;Finland;;France;;French Guiana;;French Polynesia;;French Territories;;Gabon;;Gambia;;Georgia;;Germany;;Ghana;;Gibraltar;;Greece;;Greenland;;Grenada;;Guadeloupe;;Guam;;Guatemala;;Guernsey;;Guinea-bissau;;Guinea;;Guyana;;Haiti;;Heard, Mcdonald Is.;;Honduras;;Hong Kong;;Hungary;;Iceland;;India;;Indonesia;;Iran;;Iraq;;Ireland;;Israel;;Italy;;Ivory Coast;;Jamaica;;Japan;;Jersey;;Jordan;;Kazakhstan;;Kenya;;Kiribati;;Korea, D.P.R Of;;Korea, Rep. Of;;Kuwait;;Kyrgyzstan;;Lao Peoples D.R.;;Latvia;;Lebanon;;Lesotho;;Liberia;;Libyan Arab Jamahiriya;;Liechtenstein;;Lithuania;;Luxembourg;;Macao;;Macedonia, F.Y.R Of;;Madagascar;;Malawi;;Malaysia;;Maldives;;Mali;;Malta;;Mariana Islands;;Marshall Islands;;Martinique;;Mauritania;;Mauritius;;Mayotte;;Mexico;;Micronesia;;Moldova;;Monaco;;Mongolia;;Montserrat;;Morocco;;Mozambique;;Myanmar;;Namibia;;Nauru;;Nepal;;Netherlands Antilles;;Netherlands;;New Caledonia;;New Zealand;;Nicaragua;;Niger;;Nigeria;;Niue;;Norfolk Island;;Norway;;Oman;;Pakistan;;Palau;;Palestinian Terr.;;Panama;;Papua New Guinea;;Paraguay;;Peru;;Philippines;;Pitcairn;;Poland;;Portugal;;Puerto Rico;;Qatar;;Reunion;;Romania;;Russian Federation;;Rwanda;;Samoa;;San Marino;;Sao Tome, Principe;;Saudi Arabia;;Senegal;;Seychelles;;Sierra Leone;;Singapore;;Slovakia;;Slovenia;;Solomon Is.;;Somalia;;South Africa;;South Georgia;;South Sandwich Is.;;Spain;;Sri Lanka;;St. Helena;;St. Kitts, Nevis;;St. Lucia;;St. Pierre, Miquelon;;St. Vincent, Grenadines;;Sudan;;Suriname;;Svalbard, Jan Mayen;;Swaziland;;Sweden;;Switzerland;;Syrian Arab Republic;;Taiwan;;Tajikistan;;Tanzania;;Thailand;;Timor-leste;;Togo;;Tokelau;;Tonga;;Trinidad, Tobago;;Tunisia;;Turkey;;Turkmenistan;;Turks, Caicoss;;Tuvalu;;Uganda;;Ukraine;;United Arab Emirates;;United Kingdom;;United States;;Uruguay;;Uzbekistan;;Vanuatu;;Vatican City;;Venezuela;;Viet Nam;;Virgin Is. British;;Virgin Is. U.S.;;Wallis, Futuna;;Western Sahara;;Yemen;;Yugoslavia;;Zambia;;Zimbabwe")));
$combo_country->ListData = $combo_country->ListItem;
}
$combo_country->SelectName = 'country';
// combobox: State
$combo_State = new Combo();
$combo_State->ListType = 0;
$combo_State->MultipleSeparator = ', ';
$combo_State->ListBoxHeight = 10;
$combo_State->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/properties.State.csv')) {
$State_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/properties.State.csv')));
$combo_State->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($State_data)));
$combo_State->ListData = $combo_State->ListItem;
} else {
$combo_State->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("AL;;AK;;AS;;AZ;;AR;;CA;;CO;;CT;;DE;;DC;;FM;;FL;;GA;;GU;;HI;;ID;;IL;;IN;;IA;;KS;;KY;;LA;;ME;;MH;;MD;;MA;;MI;;MN;;MS;;MO;;MT;;NE;;NV;;NH;;NJ;;NM;;NY;;NC;;ND;;MP;;OH;;OK;;OR;;PW;;PA;;PR;;RI;;SC;;SD;;TN;;TX;;UT;;VT;;VI;;VA;;WA;;WV;;WI;;WY")));
$combo_State->ListData = $combo_State->ListItem;
}
$combo_State->SelectName = 'State';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='properties' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='properties' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `properties` where `id`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_type->SelectedData = $row['type'];
$combo_owner->SelectedData = $row['owner'];
$combo_operating_account->SelectedData = $row['operating_account'];
$combo_country->SelectedData = $row['country'];
$combo_State->SelectedData = $row['State'];
} else {
$combo_type->SelectedText = $_REQUEST['FilterField'][1] == '3' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
$combo_owner->SelectedData = $filterer_owner;
$combo_operating_account->SelectedText = $_REQUEST['FilterField'][1] == '7' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
$combo_country->SelectedText = $_REQUEST['FilterField'][1] == '10' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
$combo_State->SelectedText = $_REQUEST['FilterField'][1] == '13' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
}
$combo_type->Render();
$combo_owner->HTML = '<span id="owner-container' . $rnd1 . '"></span><input type="hidden" name="owner" id="owner' . $rnd1 . '">';
$combo_owner->MatchText = '<span id="owner-container-readonly' . $rnd1 . '"></span><input type="hidden" name="owner" id="owner' . $rnd1 . '">';
$combo_operating_account->Render();
$combo_country->Render();
$combo_State->Render();
ob_start();
?>
<script>
// initial lookup values
var current_owner__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['owner'] : $filterer_owner);
?>
"};
jQuery(function() {
owner_reload__RAND__();
});
function owner_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#owner-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_owner__RAND__.value, t: 'properties', f: 'owner' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="owner"]').val(resp.results[0].id);
jQuery('[id=owner-container-readonly__RAND__]').html('<span id="owner-match-text">' + resp.results[0].text + '</span>');
if(typeof(owner_update_autofills__RAND__) == 'function') owner_update_autofills__RAND__();
});
},
width: '100%',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'properties', f: 'owner' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_owner__RAND__.value = e.added.id;
current_owner__RAND__.text = e.added.text;
jQuery('[name="owner"]').val(e.added.id);
if(typeof(owner_update_autofills__RAND__) == 'function') owner_update_autofills__RAND__();
});
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_owner__RAND__.value, t: 'properties', f: 'owner' }
}).done(function(resp){
jQuery('[id=owner-container__RAND__], [id=owner-container-readonly__RAND__]').html('<span id="owner-match-text">' + resp.results[0].text + '</span>');
if(typeof(owner_update_autofills__RAND__) == 'function') owner_update_autofills__RAND__();
});
<?php
}
?>
}
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/properties_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/properties_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Property details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($AllowInsert) {
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return properties_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return properties_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return properties_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate && !$AllowInsert || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#property_name').replaceWith('<p class=\"form-control-static\" id=\"property_name\">' + (jQuery('#property_name').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('input[name=type]').parent().html('<p class=\"form-control-static\">' + jQuery('input[name=type]:checked').next().text() + '</p>')\n";
$jsReadOnly .= "\tjQuery('#number_of_units').replaceWith('<p class=\"form-control-static\" id=\"number_of_units\">' + (jQuery('#number_of_units').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#photo').replaceWith('<p class=\"form-control-static\" id=\"photo\">' + (jQuery('#photo').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#owner').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#owner_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#country').replaceWith('<p class=\"form-control-static\" id=\"country\">' + (jQuery('#country').val() || '') + '</p>'); jQuery('#country-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#street').replaceWith('<p class=\"form-control-static\" id=\"street\">' + (jQuery('#street').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#City').replaceWith('<p class=\"form-control-static\" id=\"City\">' + (jQuery('#City').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#State').replaceWith('<p class=\"form-control-static\" id=\"State\">' + (jQuery('#State').val() || '') + '</p>'); jQuery('#State-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#ZIP').replaceWith('<p class=\"form-control-static\" id=\"ZIP\">' + (jQuery('#ZIP').val() || '') + '</p>');\n";
$noUploads = true;
} elseif ($AllowInsert) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(type)%%>', $combo_type->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(type)%%>', $combo_type->SelectedData, $templateCode);
$templateCode = str_replace('<%%COMBO(owner)%%>', $combo_owner->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(owner)%%>', $combo_owner->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(owner)%%>', urlencode($combo_owner->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(operating_account)%%>', $combo_operating_account->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(operating_account)%%>', $combo_operating_account->SelectedData, $templateCode);
$templateCode = str_replace('<%%COMBO(country)%%>', $combo_country->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(country)%%>', $combo_country->SelectedData, $templateCode);
$templateCode = str_replace('<%%COMBO(State)%%>', $combo_State->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(State)%%>', $combo_State->SelectedData, $templateCode);
// process foreign key links
if ($selected_id) {
$templateCode = str_replace('<%%PLINK(owner)%%>', $combo_owner->SelectedData ? "<span id=\"rental_owners_plink1\" class=\"hidden\"><a class=\"btn btn-default\" href=\"rental_owners_view.php?SelectedID=" . urlencode($combo_owner->SelectedData) . "\"><i class=\"glyphicon glyphicon-search\"></i></a></span>" : '', $templateCode);
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(property_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(type)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(number_of_units)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(photo)%%>', $noUploads ? '' : '<br><input type=hidden name=MAX_FILE_SIZE value=1024000>' . $Translation['upload image'] . ' <input type="file" name="photo">', $templateCode);
if ($AllowUpdate && $row['photo'] != '') {
$templateCode = str_replace('<%%REMOVEFILE(photo)%%>', '<br><input type="checkbox" name="photo_remove" id="photo_remove" value="1"> <label for="photo_remove" style="color: red; font-weight: bold;">' . $Translation['remove image'] . '</label>', $templateCode);
} else {
$templateCode = str_replace('<%%REMOVEFILE(photo)%%>', '', $templateCode);
}
$templateCode = str_replace('<%%UPLOADFILE(owner)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(operating_account)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(property_reserve)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(lease_term)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(country)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(street)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(State)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ZIP)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(id)%%>', htmlspecialchars($row['id'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(id)%%>', urlencode($urow['id']), $templateCode);
$templateCode = str_replace('<%%VALUE(property_name)%%>', htmlspecialchars($row['property_name'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(property_name)%%>', urlencode($urow['property_name']), $templateCode);
$templateCode = str_replace('<%%VALUE(type)%%>', htmlspecialchars($row['type'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(type)%%>', urlencode($urow['type']), $templateCode);
$templateCode = str_replace('<%%VALUE(number_of_units)%%>', htmlspecialchars($row['number_of_units'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(number_of_units)%%>', urlencode($urow['number_of_units']), $templateCode);
$row['photo'] = $row['photo'] != '' ? $row['photo'] : 'blank.gif';
$templateCode = str_replace('<%%VALUE(photo)%%>', htmlspecialchars($row['photo'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(photo)%%>', urlencode($urow['photo']), $templateCode);
$templateCode = str_replace('<%%VALUE(owner)%%>', htmlspecialchars($row['owner'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(owner)%%>', urlencode($urow['owner']), $templateCode);
$templateCode = str_replace('<%%VALUE(operating_account)%%>', htmlspecialchars($row['operating_account'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(operating_account)%%>', urlencode($urow['operating_account']), $templateCode);
$templateCode = str_replace('<%%VALUE(property_reserve)%%>', htmlspecialchars($row['property_reserve'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(property_reserve)%%>', urlencode($urow['property_reserve']), $templateCode);
$templateCode = str_replace('<%%VALUE(lease_term)%%>', htmlspecialchars($row['lease_term'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(lease_term)%%>', urlencode($urow['lease_term']), $templateCode);
$templateCode = str_replace('<%%VALUE(country)%%>', htmlspecialchars($row['country'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(country)%%>', urlencode($urow['country']), $templateCode);
$templateCode = str_replace('<%%VALUE(street)%%>', htmlspecialchars($row['street'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(street)%%>', urlencode($urow['street']), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', htmlspecialchars($row['City'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode($urow['City']), $templateCode);
$templateCode = str_replace('<%%VALUE(State)%%>', htmlspecialchars($row['State'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(State)%%>', urlencode($urow['State']), $templateCode);
$templateCode = str_replace('<%%VALUE(ZIP)%%>', htmlspecialchars($row['ZIP'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ZIP)%%>', urlencode($urow['ZIP']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(id)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(property_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(property_name)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(type)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(type)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(number_of_units)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(number_of_units)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(photo)%%>', 'blank.gif', $templateCode);
$templateCode = str_replace('<%%VALUE(owner)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(owner)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(operating_account)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(operating_account)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(property_reserve)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(property_reserve)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(lease_term)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(lease_term)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(country)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(country)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(street)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(street)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(State)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(State)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ZIP)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ZIP)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('[id^=\"{$name}_plink\"]').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: properties_dv
if (function_exists('properties_dv')) {
$args = array();
properties_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `sic`.`sic_id`=membership_userrecords.pkValue and membership_userrecords.tableName='sic' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `sic`.`sic_id`=membership_userrecords.pkValue and membership_userrecords.tableName='sic' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`sic`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: sic_init
$render = TRUE;
if (function_exists('sic_init')) {
$args = array();
$render = sic_init($x, getMemberInfo(), $args);
function categories_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('categories');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `categories` where `CategoryID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
} else {
}
ob_start();
?>
<script>
// initial lookup values
jQuery(function() {
});
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/categories_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/categories_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Add/Edit Product Categories', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#Picture').replaceWith('<div class=\"form-control-static\" id=\"Picture\">' + (jQuery('#Picture').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#CategoryName').replaceWith('<div class=\"form-control-static\" id=\"CategoryName\">' + (jQuery('#CategoryName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(CategoryID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Picture)%%>', $noUploads ? '' : '<input type=hidden name=MAX_FILE_SIZE value=204800>' . $Translation['upload image'] . ' <input type="file" name="Picture" id="Picture">', $templateCode);
if ($AllowUpdate && $row['Picture'] != '') {
$templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '<br><input type="checkbox" name="Picture_remove" id="Picture_remove" value="1"> <label for="Picture_remove" style="color: red; font-weight: bold;">' . $Translation['remove image'] . '</label>', $templateCode);
} else {
$templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '', $templateCode);
}
$templateCode = str_replace('<%%UPLOADFILE(CategoryName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Description)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(CategoryID)%%>', htmlspecialchars($row['CategoryID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode($urow['CategoryID']), $templateCode);
$row['Picture'] = $row['Picture'] != '' ? $row['Picture'] : 'blank.gif';
$templateCode = str_replace('<%%VALUE(Picture)%%>', htmlspecialchars($row['Picture'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Picture)%%>', urlencode($urow['Picture']), $templateCode);
$templateCode = str_replace('<%%VALUE(CategoryName)%%>', htmlspecialchars($row['CategoryName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode($urow['CategoryName']), $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5">' . htmlspecialchars($row['Description'], ENT_QUOTES, 'iso-8859-1') . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', $row['Description'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(Description)%%>', nl2br($row['Description']), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Description)%%>', urlencode($urow['Description']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(CategoryID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Picture)%%>', 'blank.gif', $templateCode);
$templateCode = str_replace('<%%VALUE(CategoryName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5"></textarea>', $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: categories_dv
if (function_exists('categories_dv')) {
$args = array();
categories_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `order_details`.`odID`=membership_userrecords.pkValue and membership_userrecords.tableName='order_details' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `order_details`.`odID`=membership_userrecords.pkValue and membership_userrecords.tableName='order_details' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`order_details`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: order_details_init
$render = TRUE;
if (function_exists('order_details_init')) {
$args = array();
$render = order_details_init($x, getMemberInfo(), $args);
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `shippers`.`ShipperID`=membership_userrecords.pkValue and membership_userrecords.tableName='shippers' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `shippers`.`ShipperID`=membership_userrecords.pkValue and membership_userrecords.tableName='shippers' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`shippers`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: shippers_init
$render = TRUE;
if (function_exists('shippers_init')) {
$args = array();
$render = shippers_init($x, getMemberInfo(), $args);
function orders_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('orders');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
$filterer_CustomerID = thisOr(undo_magic_quotes($_REQUEST['filterer_CustomerID']), '');
$filterer_EmployeeID = thisOr(undo_magic_quotes($_REQUEST['filterer_EmployeeID']), '');
$filterer_ShipVia = thisOr(undo_magic_quotes($_REQUEST['filterer_ShipVia']), '');
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: CustomerID
$combo_CustomerID = new DataCombo();
// combobox: EmployeeID
$combo_EmployeeID = new DataCombo();
// combobox: OrderDate
$combo_OrderDate = new DateCombo();
$combo_OrderDate->DateFormat = "mdy";
$combo_OrderDate->MinYear = 1900;
$combo_OrderDate->MaxYear = 2100;
$combo_OrderDate->DefaultDate = parseMySQLDate('1', '1');
$combo_OrderDate->MonthNames = $Translation['month names'];
$combo_OrderDate->NamePrefix = 'OrderDate';
// combobox: RequiredDate
$combo_RequiredDate = new DateCombo();
$combo_RequiredDate->DateFormat = "mdy";
$combo_RequiredDate->MinYear = 1900;
$combo_RequiredDate->MaxYear = 2100;
$combo_RequiredDate->DefaultDate = parseMySQLDate('1', '1');
$combo_RequiredDate->MonthNames = $Translation['month names'];
$combo_RequiredDate->NamePrefix = 'RequiredDate';
// combobox: ShippedDate
$combo_ShippedDate = new DateCombo();
$combo_ShippedDate->DateFormat = "mdy";
$combo_ShippedDate->MinYear = 1900;
$combo_ShippedDate->MaxYear = 2100;
$combo_ShippedDate->DefaultDate = parseMySQLDate('', '');
$combo_ShippedDate->MonthNames = $Translation['month names'];
$combo_ShippedDate->NamePrefix = 'ShippedDate';
// combobox: ShipVia
$combo_ShipVia = new DataCombo();
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `orders` where `OrderID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_CustomerID->SelectedData = $row['CustomerID'];
$combo_EmployeeID->SelectedData = $row['EmployeeID'];
$combo_OrderDate->DefaultDate = $row['OrderDate'];
$combo_RequiredDate->DefaultDate = $row['RequiredDate'];
$combo_ShippedDate->DefaultDate = $row['ShippedDate'];
$combo_ShipVia->SelectedData = $row['ShipVia'];
} else {
$combo_CustomerID->SelectedData = $filterer_CustomerID;
$combo_EmployeeID->SelectedData = $filterer_EmployeeID;
$combo_ShipVia->SelectedData = $filterer_ShipVia;
}
$combo_CustomerID->HTML = '<span id="CustomerID-container' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_CustomerID->MatchText = '<span id="CustomerID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_EmployeeID->HTML = '<span id="EmployeeID-container' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_EmployeeID->MatchText = '<span id="EmployeeID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_ShipVia->HTML = '<span id="ShipVia-container' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_ShipVia->MatchText = '<span id="ShipVia-container-readonly' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
ob_start();
?>
<script>
// initial lookup values
var current_CustomerID__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['CustomerID'] : $filterer_CustomerID);
?>
"};
var current_EmployeeID__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['EmployeeID'] : $filterer_EmployeeID);
?>
"};
var current_ShipVia__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['ShipVia'] : $filterer_ShipVia);
?>
"};
jQuery(function() {
if(typeof(CustomerID_reload__RAND__) == 'function') CustomerID_reload__RAND__();
if(typeof(EmployeeID_reload__RAND__) == 'function') EmployeeID_reload__RAND__();
if(typeof(ShipVia_reload__RAND__) == 'function') ShipVia_reload__RAND__();
});
function CustomerID_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#CustomerID-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="CustomerID"]').val(resp.results[0].id);
jQuery('[id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>');
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
},
width: ($j('fieldset .col-xs-11').width() - 99) + 'px',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'CustomerID' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_CustomerID__RAND__.value = e.added.id;
current_CustomerID__RAND__.text = e.added.text;
jQuery('[name="CustomerID"]').val(e.added.id);
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
if(!$j("#CustomerID-container__RAND__").length){
$j.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' }
}).done(function(resp){
$j('[name="CustomerID"]').val(resp.results[0].id);
$j('[id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>');
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
}
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' }
}).done(function(resp){
jQuery('[id=CustomerID-container__RAND__], [id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>');
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
<?php
}
?>
}
function EmployeeID_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#EmployeeID-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="EmployeeID"]').val(resp.results[0].id);
jQuery('[id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>');
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
},
width: ($j('fieldset .col-xs-11').width() - 99) + 'px',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'EmployeeID' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_EmployeeID__RAND__.value = e.added.id;
current_EmployeeID__RAND__.text = e.added.text;
jQuery('[name="EmployeeID"]').val(e.added.id);
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
if(!$j("#EmployeeID-container__RAND__").length){
$j.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' }
}).done(function(resp){
$j('[name="EmployeeID"]').val(resp.results[0].id);
$j('[id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>');
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
}
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' }
}).done(function(resp){
jQuery('[id=EmployeeID-container__RAND__], [id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>');
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
<?php
}
?>
}
function ShipVia_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#ShipVia-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="ShipVia"]').val(resp.results[0].id);
jQuery('[id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>');
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
},
width: ($j('fieldset .col-xs-11').width() - 99) + 'px',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'ShipVia' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_ShipVia__RAND__.value = e.added.id;
current_ShipVia__RAND__.text = e.added.text;
jQuery('[name="ShipVia"]').val(e.added.id);
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
if(!$j("#ShipVia-container__RAND__").length){
$j.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' }
}).done(function(resp){
$j('[name="ShipVia"]').val(resp.results[0].id);
$j('[id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>');
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
}
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' }
}).done(function(resp){
jQuery('[id=ShipVia-container__RAND__], [id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>');
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
<?php
}
?>
}
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/orders_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/orders_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#CustomerID').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#CustomerID_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#EmployeeID').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#EmployeeID_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#OrderDate').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#OrderDateDay, #OrderDateMonth, #OrderDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#RequiredDate').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#RequiredDateDay, #RequiredDateMonth, #RequiredDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#ShippedDate').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#ShippedDateDay, #ShippedDateMonth, #ShippedDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#ShipVia').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#ShipVia_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#Freight').replaceWith('<div class=\"form-control-static\" id=\"Freight\">' + (jQuery('#Freight').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(CustomerID)%%>', $combo_CustomerID->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(CustomerID)%%>', $combo_CustomerID->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(CustomerID)%%>', urlencode($combo_CustomerID->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(EmployeeID)%%>', $combo_EmployeeID->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(EmployeeID)%%>', $combo_EmployeeID->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(EmployeeID)%%>', urlencode($combo_EmployeeID->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(OrderDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_OrderDate->GetHTML(true) . '</div>' : $combo_OrderDate->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(OrderDate)%%>', $combo_OrderDate->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(RequiredDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_RequiredDate->GetHTML(true) . '</div>' : $combo_RequiredDate->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(RequiredDate)%%>', $combo_RequiredDate->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(ShippedDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_ShippedDate->GetHTML(true) . '</div>' : $combo_ShippedDate->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(ShippedDate)%%>', $combo_ShippedDate->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(ShipVia)%%>', $combo_ShipVia->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(ShipVia)%%>', $combo_ShipVia->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(ShipVia)%%>', urlencode($combo_ShipVia->MatchText), $templateCode);
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array('CustomerID' => array('customers', 'Customer'), 'EmployeeID' => array('employees', 'Employee'), 'ShipVia' => array('shippers', 'Ship Via'));
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(OrderID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(EmployeeID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(OrderDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(RequiredDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ShippedDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ShipVia)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Freight)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(OrderID)%%>', htmlspecialchars($row['OrderID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderID)%%>', urlencode($urow['OrderID']), $templateCode);
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', htmlspecialchars($row['CustomerID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode($urow['CustomerID']), $templateCode);
$templateCode = str_replace('<%%VALUE(EmployeeID)%%>', htmlspecialchars($row['EmployeeID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(EmployeeID)%%>', urlencode($urow['EmployeeID']), $templateCode);
$templateCode = str_replace('<%%VALUE(OrderDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['OrderDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['OrderDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode);
$templateCode = str_replace('<%%VALUE(RequiredDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['RequiredDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(RequiredDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['RequiredDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode);
$templateCode = str_replace('<%%VALUE(ShippedDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['ShippedDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShippedDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['ShippedDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode);
$templateCode = str_replace('<%%VALUE(ShipVia)%%>', htmlspecialchars($row['ShipVia'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShipVia)%%>', urlencode($urow['ShipVia']), $templateCode);
$templateCode = str_replace('<%%VALUE(Freight)%%>', htmlspecialchars($row['Freight'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Freight)%%>', urlencode($urow['Freight']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(OrderID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(EmployeeID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(EmployeeID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(OrderDate)%%>', '1', $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderDate)%%>', urlencode('1'), $templateCode);
$templateCode = str_replace('<%%VALUE(RequiredDate)%%>', '1', $templateCode);
$templateCode = str_replace('<%%URLVALUE(RequiredDate)%%>', urlencode('1'), $templateCode);
$templateCode = str_replace('<%%VALUE(ShippedDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShippedDate)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ShipVia)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShipVia)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Freight)%%>', '0', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Freight)%%>', urlencode('0'), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "\tCustomerID_update_autofills{$rnd1} = function(){\n";
$templateCode .= "\t\tnew Ajax.Request(\n";
if ($dvprint) {
$templateCode .= "\t\t\t'orders_autofill.php?rnd1={$rnd1}&mfk=CustomerID&id='+encodeURIComponent('" . addslashes($row['CustomerID']) . "'),\n";
$templateCode .= "\t\t\t{encoding: 'iso-8859-1', method: 'get'}\n";
} else {
$templateCode .= "\t\t\t'orders_autofill.php?rnd1={$rnd1}&mfk=CustomerID&id=' + encodeURIComponent(current_CustomerID{$rnd1}.value),\n";
$templateCode .= "\t\t\t{encoding: 'iso-8859-1', method: 'get', onCreate: function(){ \$('CustomerID{$rnd1}').disable(); \$('CustomerIDLoading').innerHTML='<img src=loading.gif align=top>'; }, onComplete: function(){" . ($arrPerm[1] || ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) ? "\$('CustomerID{$rnd1}').enable(); " : "\$('CustomerID{$rnd1}').disable(); ") . "\$('CustomerIDLoading').innerHTML='';}}\n";
}
$templateCode .= "\t\t);\n";
$templateCode .= "\t};\n";
if (!$dvprint) {
$templateCode .= "\tif(\$('CustomerID_caption') != undefined) \$('CustomerID_caption').onchange=CustomerID_update_autofills{$rnd1};\n";
}
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: orders_dv
if (function_exists('orders_dv')) {
$args = array();
orders_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
function residence_and_rental_history_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('residence_and_rental_history');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
$filterer_tenant = thisOr(undo_magic_quotes($_REQUEST['filterer_tenant']), '');
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: tenant
$combo_tenant = new DataCombo();
// combobox: duration_of_residency_from
$combo_duration_of_residency_from = new DateCombo();
$combo_duration_of_residency_from->DateFormat = "mdy";
$combo_duration_of_residency_from->MinYear = 1900;
$combo_duration_of_residency_from->MaxYear = 2100;
$combo_duration_of_residency_from->DefaultDate = parseMySQLDate('', '');
$combo_duration_of_residency_from->MonthNames = $Translation['month names'];
$combo_duration_of_residency_from->NamePrefix = 'duration_of_residency_from';
// combobox: to
$combo_to = new DateCombo();
$combo_to->DateFormat = "mdy";
$combo_to->MinYear = 1900;
$combo_to->MaxYear = 2100;
$combo_to->DefaultDate = parseMySQLDate('', '');
$combo_to->MonthNames = $Translation['month names'];
$combo_to->NamePrefix = 'to';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='residence_and_rental_history' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='residence_and_rental_history' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `residence_and_rental_history` where `id`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_tenant->SelectedData = $row['tenant'];
$combo_duration_of_residency_from->DefaultDate = $row['duration_of_residency_from'];
$combo_to->DefaultDate = $row['to'];
} else {
$combo_tenant->SelectedData = $filterer_tenant;
}
$combo_tenant->HTML = '<span id="tenant-container' . $rnd1 . '"></span><input type="hidden" name="tenant" id="tenant' . $rnd1 . '">';
$combo_tenant->MatchText = '<span id="tenant-container-readonly' . $rnd1 . '"></span><input type="hidden" name="tenant" id="tenant' . $rnd1 . '">';
ob_start();
?>
<script>
// initial lookup values
var current_tenant__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['tenant'] : $filterer_tenant);
?>
"};
jQuery(function() {
tenant_reload__RAND__();
});
function tenant_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#tenant-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_tenant__RAND__.value, t: 'residence_and_rental_history', f: 'tenant' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="tenant"]').val(resp.results[0].id);
jQuery('[id=tenant-container-readonly__RAND__]').html('<span id="tenant-match-text">' + resp.results[0].text + '</span>');
if(typeof(tenant_update_autofills__RAND__) == 'function') tenant_update_autofills__RAND__();
});
},
width: '100%',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'residence_and_rental_history', f: 'tenant' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_tenant__RAND__.value = e.added.id;
current_tenant__RAND__.text = e.added.text;
jQuery('[name="tenant"]').val(e.added.id);
if(typeof(tenant_update_autofills__RAND__) == 'function') tenant_update_autofills__RAND__();
});
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_tenant__RAND__.value, t: 'residence_and_rental_history', f: 'tenant' }
}).done(function(resp){
jQuery('[id=tenant-container__RAND__], [id=tenant-container-readonly__RAND__]').html('<span id="tenant-match-text">' + resp.results[0].text + '</span>');
if(typeof(tenant_update_autofills__RAND__) == 'function') tenant_update_autofills__RAND__();
});
<?php
}
?>
}
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/residence_and_rental_history_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/residence_and_rental_history_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Residence and rental history details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($AllowInsert) {
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return residence_and_rental_history_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return residence_and_rental_history_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return residence_and_rental_history_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate && !$AllowInsert || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#tenant').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#tenant_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#address').replaceWith('<p class=\"form-control-static\" id=\"address\">' + (jQuery('#address').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#landlord_or_manager_name').replaceWith('<p class=\"form-control-static\" id=\"landlord_or_manager_name\">' + (jQuery('#landlord_or_manager_name').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#landlord_or_manager_phone').replaceWith('<p class=\"form-control-static\" id=\"landlord_or_manager_phone\">' + (jQuery('#landlord_or_manager_phone').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#monthly_rent').replaceWith('<p class=\"form-control-static\" id=\"monthly_rent\">' + (jQuery('#monthly_rent').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#duration_of_residency_from').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#duration_of_residency_fromDay, #duration_of_residency_fromMonth, #duration_of_residency_fromYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#to').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#toDay, #toMonth, #toYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#reason_for_leaving').replaceWith('<p class=\"form-control-static\" id=\"reason_for_leaving\">' + (jQuery('#reason_for_leaving').val() || '') + '</p>');\n";
$noUploads = true;
} elseif ($AllowInsert) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(tenant)%%>', $combo_tenant->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(tenant)%%>', $combo_tenant->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(tenant)%%>', urlencode($combo_tenant->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(duration_of_residency_from)%%>', $selected_id && !$arrPerm[3] ? '<p class="form-control-static">' . $combo_duration_of_residency_from->GetHTML(true) . '</p>' : $combo_duration_of_residency_from->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(duration_of_residency_from)%%>', $combo_duration_of_residency_from->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(to)%%>', $selected_id && !$arrPerm[3] ? '<p class="form-control-static">' . $combo_to->GetHTML(true) . '</p>' : $combo_to->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(to)%%>', $combo_to->GetHTML(true), $templateCode);
// process foreign key links
if ($selected_id) {
$templateCode = str_replace('<%%PLINK(tenant)%%>', $combo_tenant->SelectedData ? "<span id=\"applicants_and_tenants_plink1\" class=\"hidden\"><a class=\"btn btn-default\" href=\"applicants_and_tenants_view.php?SelectedID=" . urlencode($combo_tenant->SelectedData) . "\"><i class=\"glyphicon glyphicon-search\"></i></a></span>" : '', $templateCode);
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(tenant)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(address)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(landlord_or_manager_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(landlord_or_manager_phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(monthly_rent)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(duration_of_residency_from)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(to)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(reason_for_leaving)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(notes)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(id)%%>', htmlspecialchars($row['id'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(id)%%>', urlencode($urow['id']), $templateCode);
$templateCode = str_replace('<%%VALUE(tenant)%%>', htmlspecialchars($row['tenant'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(tenant)%%>', urlencode($urow['tenant']), $templateCode);
$templateCode = str_replace('<%%VALUE(address)%%>', htmlspecialchars($row['address'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(address)%%>', urlencode($urow['address']), $templateCode);
$templateCode = str_replace('<%%VALUE(landlord_or_manager_name)%%>', htmlspecialchars($row['landlord_or_manager_name'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(landlord_or_manager_name)%%>', urlencode($urow['landlord_or_manager_name']), $templateCode);
$templateCode = str_replace('<%%VALUE(landlord_or_manager_phone)%%>', htmlspecialchars($row['landlord_or_manager_phone'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(landlord_or_manager_phone)%%>', urlencode($urow['landlord_or_manager_phone']), $templateCode);
$templateCode = str_replace('<%%VALUE(monthly_rent)%%>', htmlspecialchars($row['monthly_rent'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(monthly_rent)%%>', urlencode($urow['monthly_rent']), $templateCode);
$templateCode = str_replace('<%%VALUE(duration_of_residency_from)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['duration_of_residency_from'], ENT_QUOTES))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(duration_of_residency_from)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['duration_of_residency_from'], ENT_QUOTES)))), $templateCode);
$templateCode = str_replace('<%%VALUE(to)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['to'], ENT_QUOTES))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(to)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['to'], ENT_QUOTES)))), $templateCode);
$templateCode = str_replace('<%%VALUE(reason_for_leaving)%%>', htmlspecialchars($row['reason_for_leaving'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(reason_for_leaving)%%>', urlencode($urow['reason_for_leaving']), $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(notes)%%>', '<textarea name="notes" id="notes" rows="5">' . htmlspecialchars($row['notes'], ENT_QUOTES) . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(notes)%%>', $row['notes'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(notes)%%>', nl2br($row['notes']), $templateCode);
$templateCode = str_replace('<%%URLVALUE(notes)%%>', urlencode($urow['notes']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(id)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(tenant)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(tenant)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(address)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(address)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(landlord_or_manager_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(landlord_or_manager_name)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(landlord_or_manager_phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(landlord_or_manager_phone)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(monthly_rent)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(monthly_rent)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(duration_of_residency_from)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(duration_of_residency_from)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(to)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(to)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(reason_for_leaving)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(reason_for_leaving)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%HTMLAREA(notes)%%>', '<textarea name="notes" id="notes" rows="5"></textarea>', $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('[id^=\"{$name}_plink\"]').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: residence_and_rental_history_dv
if (function_exists('residence_and_rental_history_dv')) {
$args = array();
residence_and_rental_history_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
function submitlog_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('submitlog');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: pdate
$combo_pdate = new DateCombo();
$combo_pdate->DateFormat = "mdy";
$combo_pdate->MinYear = 1900;
$combo_pdate->MaxYear = 2100;
$combo_pdate->DefaultDate = parseMySQLDate('', '');
$combo_pdate->MonthNames = $Translation['month names'];
$combo_pdate->NamePrefix = 'pdate';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='submitlog' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='submitlog' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `submitlog` where `submid`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_pdate->DefaultDate = $row['pdate'];
} else {
}
// code for template based detail view forms
// open the detail view template
$templateCode = @file_get_contents('./templates/submitlog_templateDV.html');
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Filtered Submissions', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return submitlog_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return submitlog_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return submitlog_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#cstatus').prop('disabled', true);\n";
$jsReadOnly .= "\tjQuery('#logtime').replaceWith('<div class=\"form-control-static\" id=\"logtime\">' + (jQuery('#logtime').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ipaddr').replaceWith('<div class=\"form-control-static\" id=\"ipaddr\">' + (jQuery('#ipaddr').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#company').replaceWith('<div class=\"form-control-static\" id=\"company\">' + (jQuery('#company').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#country').replaceWith('<div class=\"form-control-static\" id=\"country\">' + (jQuery('#country').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#website').replaceWith('<div class=\"form-control-static\" id=\"website\">' + (jQuery('#website').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#website, #website-edit-link').hide();\n";
$jsReadOnly .= "\tjQuery('#contactname').replaceWith('<div class=\"form-control-static\" id=\"contactname\">' + (jQuery('#contactname').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#email').replaceWith('<div class=\"form-control-static\" id=\"email\">' + (jQuery('#email').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#title').replaceWith('<div class=\"form-control-static\" id=\"title\">' + (jQuery('#title').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#version').replaceWith('<div class=\"form-control-static\" id=\"version\">' + (jQuery('#version').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#pdate').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#pdateDay, #pdateMonth, #pdateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#cost').replaceWith('<div class=\"form-control-static\" id=\"cost\">' + (jQuery('#cost').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ptype').replaceWith('<div class=\"form-control-static\" id=\"ptype\">' + (jQuery('#ptype').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#install').replaceWith('<div class=\"form-control-static\" id=\"install\">' + (jQuery('#install').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#os').replaceWith('<div class=\"form-control-static\" id=\"os\">' + (jQuery('#os').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#languages').replaceWith('<div class=\"form-control-static\" id=\"languages\">' + (jQuery('#languages').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#changeinfo').replaceWith('<div class=\"form-control-static\" id=\"changeinfo\">' + (jQuery('#changeinfo').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#category').replaceWith('<div class=\"form-control-static\" id=\"category\">' + (jQuery('#category').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#requirements').replaceWith('<div class=\"form-control-static\" id=\"requirements\">' + (jQuery('#requirements').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ksize').replaceWith('<div class=\"form-control-static\" id=\"ksize\">' + (jQuery('#ksize').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#keywords').replaceWith('<div class=\"form-control-static\" id=\"keywords\">' + (jQuery('#keywords').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#description').replaceWith('<div class=\"form-control-static\" id=\"description\">' + (jQuery('#description').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#descrlarge').replaceWith('<div class=\"form-control-static\" id=\"descrlarge\">' + (jQuery('#descrlarge').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#homepage').replaceWith('<div class=\"form-control-static\" id=\"homepage\">' + (jQuery('#homepage').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#screenshot').replaceWith('<div class=\"form-control-static\" id=\"screenshot\">' + (jQuery('#screenshot').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#screenshot, #screenshot-edit-link').hide();\n";
$jsReadOnly .= "\tjQuery('#icon').replaceWith('<div class=\"form-control-static\" id=\"icon\">' + (jQuery('#icon').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#padfile').replaceWith('<div class=\"form-control-static\" id=\"padfile\">' + (jQuery('#padfile').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#download').replaceWith('<div class=\"form-control-static\" id=\"download\">' + (jQuery('#download').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#aspnumber').replaceWith('<div class=\"form-control-static\" id=\"aspnumber\">' + (jQuery('#aspnumber').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#backlink').replaceWith('<div class=\"form-control-static\" id=\"backlink\">' + (jQuery('#backlink').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#backlink, #backlink-edit-link').hide();\n";
$jsReadOnly .= "\tjQuery('#affiliate').replaceWith('<div class=\"form-control-static\" id=\"affiliate\">' + (jQuery('#affiliate').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#affiliateid').replaceWith('<div class=\"form-control-static\" id=\"affiliateid\">' + (jQuery('#affiliateid').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(pdate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_pdate->GetHTML(true) . '</div>' : $combo_pdate->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(pdate)%%>', $combo_pdate->GetHTML(true), $templateCode);
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(submid)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(cstatus)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(logtime)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ipaddr)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(company)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(country)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(website)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(contactname)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(email)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(title)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(version)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(pdate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(cost)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ptype)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(install)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(os)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(languages)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(changeinfo)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(category)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(requirements)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ksize)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(keywords)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(description)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(descrlarge)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(homepage)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(screenshot)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(icon)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(padfile)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(download)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(aspnumber)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(backlink)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(affiliate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(affiliateid)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(submid)%%>', htmlspecialchars($row['submid'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(submid)%%>', urlencode($urow['submid']), $templateCode);
$templateCode = str_replace('<%%CHECKED(cstatus)%%>', $row['cstatus'] ? "checked" : "", $templateCode);
$templateCode = str_replace('<%%VALUE(logtime)%%>', htmlspecialchars($row['logtime'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(logtime)%%>', urlencode($urow['logtime']), $templateCode);
$templateCode = str_replace('<%%VALUE(ipaddr)%%>', htmlspecialchars($row['ipaddr'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ipaddr)%%>', urlencode($urow['ipaddr']), $templateCode);
$templateCode = str_replace('<%%VALUE(company)%%>', htmlspecialchars($row['company'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(company)%%>', urlencode($urow['company']), $templateCode);
$templateCode = str_replace('<%%VALUE(country)%%>', htmlspecialchars($row['country'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(country)%%>', urlencode($urow['country']), $templateCode);
$templateCode = str_replace('<%%VALUE(website)%%>', htmlspecialchars($row['website'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(website)%%>', urlencode($urow['website']), $templateCode);
$templateCode = str_replace('<%%VALUE(contactname)%%>', htmlspecialchars($row['contactname'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(contactname)%%>', urlencode($urow['contactname']), $templateCode);
$templateCode = str_replace('<%%VALUE(email)%%>', htmlspecialchars($row['email'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(email)%%>', urlencode($urow['email']), $templateCode);
$templateCode = str_replace('<%%VALUE(title)%%>', htmlspecialchars($row['title'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(title)%%>', urlencode($urow['title']), $templateCode);
$templateCode = str_replace('<%%VALUE(version)%%>', htmlspecialchars($row['version'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(version)%%>', urlencode($urow['version']), $templateCode);
$templateCode = str_replace('<%%VALUE(pdate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['pdate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(pdate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['pdate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode);
$templateCode = str_replace('<%%VALUE(cost)%%>', htmlspecialchars($row['cost'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(cost)%%>', urlencode($urow['cost']), $templateCode);
$templateCode = str_replace('<%%VALUE(ptype)%%>', htmlspecialchars($row['ptype'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ptype)%%>', urlencode($urow['ptype']), $templateCode);
$templateCode = str_replace('<%%VALUE(install)%%>', htmlspecialchars($row['install'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(install)%%>', urlencode($urow['install']), $templateCode);
$templateCode = str_replace('<%%VALUE(os)%%>', htmlspecialchars($row['os'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(os)%%>', urlencode($urow['os']), $templateCode);
$templateCode = str_replace('<%%VALUE(languages)%%>', htmlspecialchars($row['languages'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(languages)%%>', urlencode($urow['languages']), $templateCode);
$templateCode = str_replace('<%%VALUE(changeinfo)%%>', htmlspecialchars($row['changeinfo'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(changeinfo)%%>', urlencode($urow['changeinfo']), $templateCode);
$templateCode = str_replace('<%%VALUE(category)%%>', htmlspecialchars($row['category'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(category)%%>', urlencode($urow['category']), $templateCode);
$templateCode = str_replace('<%%VALUE(requirements)%%>', htmlspecialchars($row['requirements'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(requirements)%%>', urlencode($urow['requirements']), $templateCode);
$templateCode = str_replace('<%%VALUE(ksize)%%>', htmlspecialchars($row['ksize'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ksize)%%>', urlencode($urow['ksize']), $templateCode);
$templateCode = str_replace('<%%VALUE(keywords)%%>', htmlspecialchars($row['keywords'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(keywords)%%>', urlencode($urow['keywords']), $templateCode);
$templateCode = str_replace('<%%VALUE(description)%%>', htmlspecialchars($row['description'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(description)%%>', urlencode($urow['description']), $templateCode);
$templateCode = str_replace('<%%VALUE(descrlarge)%%>', htmlspecialchars($row['descrlarge'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(descrlarge)%%>', urlencode($urow['descrlarge']), $templateCode);
$templateCode = str_replace('<%%VALUE(homepage)%%>', htmlspecialchars($row['homepage'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(homepage)%%>', urlencode($urow['homepage']), $templateCode);
$templateCode = str_replace('<%%VALUE(screenshot)%%>', htmlspecialchars($row['screenshot'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(screenshot)%%>', urlencode($urow['screenshot']), $templateCode);
$templateCode = str_replace('<%%VALUE(icon)%%>', htmlspecialchars($row['icon'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(icon)%%>', urlencode($urow['icon']), $templateCode);
$templateCode = str_replace('<%%VALUE(padfile)%%>', htmlspecialchars($row['padfile'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(padfile)%%>', urlencode($urow['padfile']), $templateCode);
$templateCode = str_replace('<%%VALUE(download)%%>', htmlspecialchars($row['download'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(download)%%>', urlencode($urow['download']), $templateCode);
$templateCode = str_replace('<%%VALUE(aspnumber)%%>', htmlspecialchars($row['aspnumber'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(aspnumber)%%>', urlencode($urow['aspnumber']), $templateCode);
$templateCode = str_replace('<%%VALUE(backlink)%%>', htmlspecialchars($row['backlink'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(backlink)%%>', urlencode($urow['backlink']), $templateCode);
$templateCode = str_replace('<%%VALUE(affiliate)%%>', htmlspecialchars($row['affiliate'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(affiliate)%%>', urlencode($urow['affiliate']), $templateCode);
$templateCode = str_replace('<%%VALUE(affiliateid)%%>', htmlspecialchars($row['affiliateid'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(affiliateid)%%>', urlencode($urow['affiliateid']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(submid)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(submid)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%CHECKED(cstatus)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(logtime)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(logtime)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ipaddr)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ipaddr)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(company)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(company)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(country)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(country)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(website)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(website)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(contactname)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(contactname)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(email)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(email)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(title)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(title)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(version)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(version)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(pdate)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(pdate)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(cost)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(cost)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ptype)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ptype)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(install)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(install)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(os)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(os)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(languages)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(languages)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(changeinfo)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(changeinfo)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(category)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(category)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(requirements)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(requirements)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ksize)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ksize)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(keywords)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(keywords)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(description)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(description)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(descrlarge)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(descrlarge)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(homepage)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(homepage)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(screenshot)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(screenshot)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(icon)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(icon)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(padfile)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(padfile)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(download)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(download)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(aspnumber)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(aspnumber)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(backlink)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(backlink)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(affiliate)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(affiliate)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(affiliateid)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(affiliateid)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_REQUEST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
$templateCode .= "\n\tif(document.getElementById('websiteEdit')){ document.getElementById('websiteEdit').style.display='inline'; }";
$templateCode .= "\n\tif(document.getElementById('websiteEditLink')){ document.getElementById('websiteEditLink').style.display='none'; }";
$templateCode .= "\n\tif(document.getElementById('screenshotEdit')){ document.getElementById('screenshotEdit').style.display='inline'; }";
$templateCode .= "\n\tif(document.getElementById('screenshotEditLink')){ document.getElementById('screenshotEditLink').style.display='none'; }";
$templateCode .= "\n\tif(document.getElementById('backlinkEdit')){ document.getElementById('backlinkEdit').style.display='inline'; }";
$templateCode .= "\n\tif(document.getElementById('backlinkEditLink')){ document.getElementById('backlinkEditLink').style.display='none'; }";
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" data-lightbox=".*?"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: submitlog_dv
if (function_exists('submitlog_dv')) {
$args = array();
submitlog_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$x->ColCaption = array("Short name", "Latin name", "Description");
$x->ColNumber = array(2, 3, 4);
$x->Template = 'templates/diseases_templateTV.html';
$x->SelectedTemplate = 'templates/diseases_templateTVS.html';
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
if ($perm[2] == 1) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `diseases`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='diseases' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `diseases`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='diseases' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`diseases`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// handle date sorting correctly
// end of date sorting handler
// hook: diseases_init
$render = TRUE;
if (function_exists('diseases_init')) {
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `companies`.`company_id`=membership_userrecords.pkValue and membership_userrecords.tableName='companies' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `companies`.`company_id`=membership_userrecords.pkValue and membership_userrecords.tableName='companies' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`companies`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: companies_init
$render = TRUE;
if (function_exists('companies_init')) {
$args = array();
$render = companies_init($x, getMemberInfo(), $args);
function getLoggedGroupID()
{
if ($_SESSION['memberGroupID'] != '') {
return $_SESSION['memberGroupID'];
} else {
setAnonymousAccess();
return getLoggedGroupID();
}
}
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `paddata`.`progid`=membership_userrecords.pkValue and membership_userrecords.tableName='paddata' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `paddata`.`progid`=membership_userrecords.pkValue and membership_userrecords.tableName='paddata' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`paddata`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: paddata_init
$render = TRUE;
if (function_exists('paddata_init')) {
$args = array();
$render = paddata_init($x, getMemberInfo(), $args);
function permissions_sql($table, $level = 'all')
{
if (!in_array($level, array('user', 'group'))) {
$level = 'all';
}
$perm = getTablePermissions($table);
$from = '';
$where = '';
$pk = getPKFieldName($table);
if ($perm[2] == 1 || $perm[2] > 1 && $level == 'user') {
// view owner only
$from = 'membership_userrecords';
$where = "(`{$table}`.`{$pk}`=membership_userrecords.pkValue and membership_userrecords.tableName='{$table}' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "')";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $level == 'group') {
// view group only
$from = 'membership_userrecords';
$where = "(`{$table}`.`{$pk}`=membership_userrecords.pkValue and membership_userrecords.tableName='{$table}' and membership_userrecords.groupID='" . getLoggedGroupID() . "')";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
return false;
}
return array('where' => $where, 'from' => $from, 0 => $where, 1 => $from);
}
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `categories`.`CategoryID`=membership_userrecords.pkValue and membership_userrecords.tableName='categories' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `categories`.`CategoryID`=membership_userrecords.pkValue and membership_userrecords.tableName='categories' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`categories`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: categories_init
$render = TRUE;
if (function_exists('categories_init')) {
$args = array();
$render = categories_init($x, getMemberInfo(), $args);
function patients_form($selected_id = "", $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('patients');
if (!$arrPerm[1] && $selected_id == "") {
return "";
}
// combobox: gender
$combo_gender = new Combo();
$combo_gender->ListType = 2;
$combo_gender->MultipleSeparator = ', ';
$combo_gender->ListBoxHeight = 10;
$combo_gender->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/patients.gender.csv')) {
$gender_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/patients.gender.csv')));
$combo_gender->ListItem = explode(";;", $gender_data);
$combo_gender->ListData = explode(";;", $gender_data);
} else {
$combo_gender->ListItem = explode(";;", "Male;;Female;;Other;;Unknown");
$combo_gender->ListData = explode(";;", "Male;;Female;;Other;;Unknown");
}
$combo_gender->SelectName = "gender";
$combo_gender->AllowNull = false;
// combobox: birth_date
$combo_birth_date = new DateCombo();
$combo_birth_date->DateFormat = "mdy";
$combo_birth_date->MinYear = 1900;
$combo_birth_date->MaxYear = 2100;
$combo_birth_date->DefaultDate = parseMySQLDate('', '');
$combo_birth_date->MonthNames = $Translation['month names'];
$combo_birth_date->CSSOptionClass = 'Option';
$combo_birth_date->CSSSelectedClass = 'SelectedOption';
$combo_birth_date->NamePrefix = 'birth_date';
// combobox: state
$combo_state = new Combo();
$combo_state->ListType = 0;
$combo_state->MultipleSeparator = ', ';
$combo_state->ListBoxHeight = 10;
$combo_state->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/patients.state.csv')) {
$state_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/patients.state.csv')));
$combo_state->ListItem = explode(";;", $state_data);
$combo_state->ListData = explode(";;", $state_data);
} else {
$combo_state->ListItem = explode(";;", "AL;;AK;;AS;;AZ;;AR;;CA;;CO;;CT;;DE;;DC;;FM;;FL;;GA;;GU;;HI;;ID;;IL;;IN;;IA;;KS;;KY;;LA;;ME;;MH;;MD;;MA;;MI;;MN;;MS;;MO;;MT;;NE;;NV;;NH;;NJ;;NM;;NY;;NC;;ND;;MP;;OH;;OK;;OR;;PW;;PA;;PR;;RI;;SC;;SD;;TN;;TX;;UT;;VT;;VI;;VA;;WA;;WV;;WI;;WY");
$combo_state->ListData = explode(";;", "AL;;AK;;AS;;AZ;;AR;;CA;;CO;;CT;;DE;;DC;;FM;;FL;;GA;;GU;;HI;;ID;;IL;;IN;;IA;;KS;;KY;;LA;;ME;;MH;;MD;;MA;;MI;;MN;;MS;;MO;;MT;;NE;;NV;;NH;;NJ;;NM;;NY;;NC;;ND;;MP;;OH;;OK;;OR;;PW;;PA;;PR;;RI;;SC;;SD;;TN;;TX;;UT;;VT;;VI;;VA;;WA;;WV;;WI;;WY");
}
$combo_state->SelectName = "state";
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='patients' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='patients' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `patients` where `id`='" . makeSafe($selected_id) . "'");
$row = mysql_fetch_array($res);
$combo_gender->SelectedData = $row["gender"];
$combo_birth_date->DefaultDate = $row["birth_date"];
$combo_state->SelectedData = $row["state"];
$row['filed'] = sqlValue("select DATE_FORMAT(`filed`, '%c/%e/%Y %l:%i%p') from `patients` where `id`='" . makeSafe($selected_id) . "'");
$row['last_modified'] = sqlValue("select DATE_FORMAT(`last_modified`, '%c/%e/%Y %l:%i%p') from `patients` where `id`='" . makeSafe($selected_id) . "'");
} else {
$combo_gender->SelectedText = $_REQUEST['FilterField'][1] == '4' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "Unknown";
$combo_state->SelectedText = $_REQUEST['FilterField'][1] == '9' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
}
$combo_gender->Render();
$combo_state->Render();
// code for template based detail view forms
// open the detail view template
if (($_POST['dvprint_x'] != '' || $_GET['dvprint_x'] != '') && $selected_id) {
$templateCode = @implode('', @file('./templates/patients_templateDVP.html'));
$dvprint = true;
} else {
$templateCode = @implode('', @file('./templates/patients_templateDV.html'));
$dvprint = false;
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Patient details', $templateCode);
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<input type="image" src="insert.gif" name="insert" alt="' . $Translation['add new record'] . '" onclick="return validateData();">', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
if ($selected_id) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<input type="image" src="print.gif" vspace="1" name="dvprint" id="dvprint" alt="' . $Translation['printer friendly view'] . '" onclick="document.myform.reset(); return true;" style="margin-bottom: 20px;">', $templateCode);
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<input type="image" src="update.gif" vspace="1" name="update" alt="' . $Translation['update record'] . '" onclick="return validateData();">', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
// set records to read only if user can't insert new records
if (!$arrPerm[1]) {
$jsReadOnly .= "\n\n\tif(document.getElementsByName('id').length){ document.getElementsByName('id')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('last_name').length){ document.getElementsByName('last_name')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('first_name').length){ document.getElementsByName('first_name')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('gender').length){ var gender=document.getElementsByName('gender'); for(var i=0; i<gender.length; i++){ gender[i].disabled=true; } }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('birth_date').length){ document.getElementsByName('birth_date')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('birth_dateDay').length){ var birth_dateDay=document.getElementsByName('birth_dateDay')[0]; birth_dateDay.disabled=true; birth_dateDay.style.backgroundColor='white'; birth_dateDay.style.color='black'; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('birth_dateMonth').length){ var birth_dateMonth=document.getElementsByName('birth_dateMonth')[0]; birth_dateMonth.disabled=true; birth_dateMonth.style.backgroundColor='white'; birth_dateMonth.style.color='black'; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('birth_dateYear').length){ var birth_dateYear=document.getElementsByName('birth_dateYear')[0]; birth_dateYear.disabled=true; birth_dateYear.style.backgroundColor='white'; birth_dateYear.style.color='black'; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('age').length){ document.getElementsByName('age')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('address').length){ document.getElementsByName('address')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('city').length){ document.getElementsByName('city')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('state').length){ var state=document.getElementsByName('state')[0]; state.disabled=true; state.style.backgroundColor='white'; state.style.color='black'; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('zip').length){ document.getElementsByName('zip')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('home_phone').length){ document.getElementsByName('home_phone')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('work_phone').length){ document.getElementsByName('work_phone')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('mobile').length){ document.getElementsByName('mobile')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('filed').length){ document.getElementsByName('filed')[0].readOnly=true; }\n";
$jsReadOnly .= "\n\n\tif(document.getElementsByName('last_modified').length){ document.getElementsByName('last_modified')[0].readOnly=true; }\n";
$noUploads = true;
}
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<input type="image" src="delete.gif" vspace="1" name="delete" alt="' . $Translation['delete record'] . '" onClick="return confirm(\'' . $Translation['are you sure?'] . '\');">', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', "<input type=image src=deselect.gif vspace=1 name=deselect alt=\"" . $Translation['deselect record'] . "\" onclick=\"document.myform.reset(); return true;\">", $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? "<input type=image src=cancel.gif vspace=1 name=deselect alt=\"" . $Translation['deselect record'] . "\" onclick=\"document.myform.reset(); return true;\">" : '', $templateCode);
}
// process combos
$templateCode = str_replace('<%%COMBO(gender)%%>', $combo_gender->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(gender)%%>', $combo_gender->SelectedData, $templateCode);
$templateCode = str_replace('<%%COMBO(birth_date)%%>', $combo_birth_date->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(birth_date)%%>', $combo_birth_date->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(state)%%>', $combo_state->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(state)%%>', $combo_state->SelectedData, $templateCode);
// process foreign key links
if ($selected_id) {
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(last_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(first_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(gender)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(birth_date)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(age)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(address)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(city)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(state)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(zip)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(home_phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(work_phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(mobile)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(other_details)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(comments)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(filed)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(last_modified)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(id)%%>', htmlspecialchars($row['id'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(last_name)%%>', htmlspecialchars($row['last_name'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(first_name)%%>', htmlspecialchars($row['first_name'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(gender)%%>', htmlspecialchars($row['gender'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(birth_date)%%>', @date('n/j/Y', @strtotime(htmlspecialchars($row['birth_date'], ENT_QUOTES))), $templateCode);
$templateCode = str_replace('<%%VALUE(age)%%>', htmlspecialchars($row['age'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(address)%%>', htmlspecialchars($row['address'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(city)%%>', htmlspecialchars($row['city'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(state)%%>', htmlspecialchars($row['state'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(zip)%%>', htmlspecialchars($row['zip'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(home_phone)%%>', htmlspecialchars($row['home_phone'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(work_phone)%%>', htmlspecialchars($row['work_phone'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(mobile)%%>', htmlspecialchars($row['mobile'], ENT_QUOTES), $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(other_details)%%>', '<textarea name="other_details" id="other_details" cols="50" rows="5" class="TextBox">' . htmlspecialchars($row['other_details'], ENT_QUOTES) . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(other_details)%%>', $row['other_details'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(other_details)%%>', $row['other_details'], $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(comments)%%>', '<textarea name="comments" id="comments" cols="50" rows="5" class="TextBox">' . htmlspecialchars($row['comments'], ENT_QUOTES) . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(comments)%%>', $row['comments'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(comments)%%>', $row['comments'], $templateCode);
$templateCode = str_replace('<%%VALUE(filed)%%>', htmlspecialchars($row['filed'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%VALUE(last_modified)%%>', htmlspecialchars($row['last_modified'], ENT_QUOTES), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(id)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(last_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(first_name)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(gender)%%>', 'Unknown', $templateCode);
$templateCode = str_replace('<%%VALUE(birth_date)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(age)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(address)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(city)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(state)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(zip)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(home_phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(work_phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%VALUE(mobile)%%>', '', $templateCode);
$templateCode = str_replace('<%%HTMLAREA(other_details)%%>', '<textarea name="other_details" id="other_details" cols="50" rows="5" class="TextBox"></textarea>', $templateCode);
$templateCode = str_replace('<%%HTMLAREA(comments)%%>', '<textarea name="comments" id="comments" cols="50" rows="5" class="TextBox"></textarea>', $templateCode);
$templateCode = str_replace('<%%VALUE(filed)%%>', '<%%creationDateTime%%>', $templateCode);
$templateCode = str_replace('<%%VALUE(last_modified)%%>', '<%%editingDateTime%%>', $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!--', $templateCode);
$templateCode = str_replace('%%>', '-->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\tif(document.getElementById('" . $name . "_link')!=undefined){\n";
$templateCode .= "\t\tdocument.getElementById('" . $name . "_link').style.visibility='visible';\n";
$templateCode .= "\t}\n";
for ($i = 1; $i < 10; $i++) {
$templateCode .= "\tif(document.getElementById('" . $name . "_plink{$i}')!=undefined){\n";
$templateCode .= "\t\tdocument.getElementById('" . $name . "_plink{$i}').style.visibility='visible';\n";
$templateCode .= "\t}\n";
}
}
$templateCode .= $jsReadOnly;
if (!$selected_id) {
}
$templateCode .= "\n\tfunction validateData(){";
$templateCode .= "\n\t\tif(\$F('last_name')==''){ alert('" . addslashes($Translation['error:']) . ' "Last name": ' . addslashes($Translation['field not null']) . "'); \$('last_name').focus(); return false; }";
$templateCode .= "\n\t\tif(\$F('first_name')==''){ alert('" . addslashes($Translation['error:']) . ' "First name": ' . addslashes($Translation['field not null']) . "'); \$('first_name').focus(); return false; }";
$templateCode .= "\n\t\tif(\$F('gender')==''){ alert('" . addslashes($Translation['error:']) . ' "Gender": ' . addslashes($Translation['field not null']) . "'); \$('gender').focus(); return false; }";
$templateCode .= "\n\t\treturn true;";
$templateCode .= "\n\t}";
$templateCode .= "\n</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= "<script>";
$templateCode .= "document.observe('dom:loaded', function() {";
$templateCode .= "});";
$templateCode .= "</script>";
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: patients_dv
if (function_exists('patients_dv')) {
$args = array();
patients_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `reports`.`report_id`=membership_userrecords.pkValue and membership_userrecords.tableName='reports' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `reports`.`report_id`=membership_userrecords.pkValue and membership_userrecords.tableName='reports' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`reports`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: reports_init
$render = TRUE;
if (function_exists('reports_init')) {
$args = array();
$render = reports_init($x, getMemberInfo(), $args);
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `residence_and_rental_history`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='residence_and_rental_history' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `residence_and_rental_history`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='residence_and_rental_history' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`residence_and_rental_history`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: residence_and_rental_history_init
$render = TRUE;
if (function_exists('residence_and_rental_history_init')) {
$args = array();
$render = residence_and_rental_history_init($x, getMemberInfo(), $args);
function check_record_permission($table, $id, $perm = 'view')
{
if ($perm != 'edit' && $perm != 'delete') {
$perm = 'view';
}
$perms = getTablePermissions($table);
if (!$perms[$perm]) {
return false;
}
$safe_id = makeSafe($id);
$safe_table = makeSafe($table);
if ($perms[$perm] == 1) {
// own records only
$username = getLoggedMemberID();
$owner = sqlValue("select memberID from membership_userrecords where tableName='{$safe_table}' and pkValue='{$safe_id}'");
if ($owner == $username) {
return true;
}
} elseif ($perms[$perm] == 2) {
// group records
$group_id = getLoggedGroupID();
$owner_group_id = sqlValue("select groupID from membership_userrecords where tableName='{$safe_table}' and pkValue='{$safe_id}'");
if ($owner_group_id == $group_id) {
return true;
}
} elseif ($perms[$perm] == 3) {
// all records
return true;
}
return false;
}
function outcome_areas_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('outcome_areas');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='outcome_areas' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='outcome_areas' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `outcome_areas` where `outcome_area_id`='" . makeSafe($selected_id) . "'", $eo);
$row = mysql_fetch_array($res);
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
} else {
}
ob_start();
?>
<script>
// initial lookup values
jQuery(function() {
});
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/outcome_areas_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/outcome_areas_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Outcome area details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
// process buttons
if ($arrPerm[1]) {
// allow insert?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return outcome_areas_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return outcome_areas_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return outcome_areas_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button tabindex="2" type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate && !$arrPerm[1] || !$selected_id && !$arrPerm[1]) {
$jsReadOnly .= "\tjQuery('#name').replaceWith('<p class=\"form-control-static\" id=\"name\">' + (jQuery('#name').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#description').replaceWith('<p class=\"form-control-static\" id=\"description\">' + (jQuery('#description').val() || '') + '</p>');\n";
$noUploads = true;
}
// process combos
// process foreign key links
if ($selected_id) {
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(outcome_area_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(name)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(description)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(outcome_area_id)%%>', htmlspecialchars($row['outcome_area_id'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome_area_id)%%>', urlencode($urow['outcome_area_id']), $templateCode);
$templateCode = str_replace('<%%VALUE(name)%%>', htmlspecialchars($row['name'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(name)%%>', urlencode($urow['name']), $templateCode);
if ($dvprint) {
$templateCode = str_replace('<%%VALUE(description)%%>', nl2br(htmlspecialchars($row['description'], ENT_QUOTES)), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(description)%%>', htmlspecialchars($row['description'], ENT_QUOTES), $templateCode);
}
$templateCode = str_replace('<%%URLVALUE(description)%%>', urlencode($urow['description']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(outcome_area_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome_area_id)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(name)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(name)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(description)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(description)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>jQuery(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\tjQuery('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\tjQuery('#xs_{$name}_link').removeClass('hidden');\n";
$templateCode .= "\tjQuery('[id^=\"{$name}_plink\"]').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= "<script>";
$templateCode .= "document.observe('dom:loaded', function() {";
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: outcome_areas_dv
if (function_exists('outcome_areas_dv')) {
$args = array();
outcome_areas_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `duck_mrs2016`.`duck_id`=membership_userrecords.pkValue and membership_userrecords.tableName='duck_mrs2016' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `duck_mrs2016`.`duck_id`=membership_userrecords.pkValue and membership_userrecords.tableName='duck_mrs2016' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`duck_mrs2016`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: duck_mrs2016_init
$render = TRUE;
if (function_exists('duck_mrs2016_init')) {
$args = array();
$render = duck_mrs2016_init($x, getMemberInfo(), $args);
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `beneficiary_groups`.`beneficiary_group_id`=membership_userrecords.pkValue and membership_userrecords.tableName='beneficiary_groups' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `beneficiary_groups`.`beneficiary_group_id`=membership_userrecords.pkValue and membership_userrecords.tableName='beneficiary_groups' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`beneficiary_groups`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: beneficiary_groups_init
$render = TRUE;
if (function_exists('beneficiary_groups_init')) {
$args = array();
$render = beneficiary_groups_init($x, getMemberInfo(), $args);
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `employees`.`EmployeeID`=membership_userrecords.pkValue and membership_userrecords.tableName='employees' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `employees`.`EmployeeID`=membership_userrecords.pkValue and membership_userrecords.tableName='employees' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`employees`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: employees_init
$render = TRUE;
if (function_exists('employees_init')) {
$args = array();
$render = employees_init($x, getMemberInfo(), $args);
function outcomes_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('outcomes');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
$filterer_outcome_area = thisOr(undo_magic_quotes($_REQUEST['filterer_outcome_area']), '');
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: outcome_area
$combo_outcome_area = new DataCombo();
// combobox: strata
$combo_strata = new Combo();
$combo_strata->ListType = 0;
$combo_strata->MultipleSeparator = ', ';
$combo_strata->ListBoxHeight = 10;
$combo_strata->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/outcomes.strata.csv')) {
$strata_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/outcomes.strata.csv')));
$combo_strata->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($strata_data)));
$combo_strata->ListData = $combo_strata->ListItem;
} else {
$combo_strata->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Individuals;;Community, Sector & Society")));
$combo_strata->ListData = $combo_strata->ListItem;
}
$combo_strata->SelectName = 'strata';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='outcomes' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='outcomes' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `outcomes` where `outcome_id`='" . makeSafe($selected_id) . "'", $eo);
$row = mysql_fetch_array($res);
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_outcome_area->SelectedData = $row['outcome_area'];
$combo_strata->SelectedData = $row['strata'];
} else {
$combo_outcome_area->SelectedData = $filterer_outcome_area;
$combo_strata->SelectedText = $_REQUEST['FilterField'][1] == '4' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
}
$combo_outcome_area->HTML = $combo_outcome_area->MatchText = '<span id="outcome_area-container' . $rnd1 . '"></span><input type="hidden" name="outcome_area" id="outcome_area' . $rnd1 . '">';
$combo_strata->Render();
ob_start();
?>
<script>
// initial lookup values
var current_outcome_area__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['outcome_area'] : $filterer_outcome_area);
?>
"};
jQuery(function() {
outcome_area_reload__RAND__();
});
function outcome_area_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#outcome_area-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_outcome_area__RAND__.value, t: 'outcomes', f: 'outcome_area' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="outcome_area"]').val(resp.results[0].id);
if(typeof(outcome_area_update_autofills__RAND__) == 'function') outcome_area_update_autofills__RAND__();
});
},
width: '100%',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'outcomes', f: 'outcome_area' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_outcome_area__RAND__.value = e.added.id;
current_outcome_area__RAND__.text = e.added.text;
jQuery('[name="outcome_area"]').val(e.added.id);
if(typeof(outcome_area_update_autofills__RAND__) == 'function') outcome_area_update_autofills__RAND__();
});
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_outcome_area__RAND__.value, t: 'outcomes', f: 'outcome_area' }
}).done(function(resp){
jQuery('#outcome_area-container__RAND__').html('<span id="outcome_area-match-text">' + resp.results[0].text + '</span>');
if(typeof(outcome_area_update_autofills__RAND__) == 'function') outcome_area_update_autofills__RAND__();
});
<?php
}
?>
}
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/outcomes_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/outcomes_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Outcome details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
// process buttons
if ($arrPerm[1]) {
// allow insert?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return outcomes_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return outcomes_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return outcomes_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button tabindex="2" type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate && !$arrPerm[1] || !$selected_id && !$arrPerm[1]) {
$jsReadOnly .= "\tjQuery('#outcome_area').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#outcome_area_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#description').replaceWith('<p class=\"form-control-static\" id=\"description\">' + (jQuery('#description').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#strata').replaceWith('<p class=\"form-control-static\" id=\"strata\">' + (jQuery('#strata').val() || '') + '</p>'); jQuery('#strata-multi-selection-help').hide();\n";
$noUploads = true;
}
// process combos
$templateCode = str_replace('<%%COMBO(outcome_area)%%>', $combo_outcome_area->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(outcome_area)%%>', $combo_outcome_area->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(outcome_area)%%>', urlencode($combo_outcome_area->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(strata)%%>', $combo_strata->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(strata)%%>', $combo_strata->SelectedData, $templateCode);
// process foreign key links
if ($selected_id) {
$templateCode = str_replace('<%%PLINK(outcome_area)%%>', $combo_outcome_area->SelectedData ? "<span id=\"outcome_areas_plink1\" class=\"hidden\"><a class=\"btn btn-default\" href=\"outcome_areas_view.php?SelectedID=" . urlencode($combo_outcome_area->SelectedData) . "\"><i class=\"glyphicon glyphicon-search\"></i></a></span>" : '', $templateCode);
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(outcome_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(outcome_area)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(description)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(strata)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(outcome_id)%%>', htmlspecialchars($row['outcome_id'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome_id)%%>', urlencode($urow['outcome_id']), $templateCode);
$templateCode = str_replace('<%%VALUE(outcome_area)%%>', htmlspecialchars($row['outcome_area'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome_area)%%>', urlencode($urow['outcome_area']), $templateCode);
if ($dvprint) {
$templateCode = str_replace('<%%VALUE(description)%%>', nl2br(htmlspecialchars($row['description'], ENT_QUOTES)), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(description)%%>', htmlspecialchars($row['description'], ENT_QUOTES), $templateCode);
}
$templateCode = str_replace('<%%URLVALUE(description)%%>', urlencode($urow['description']), $templateCode);
$templateCode = str_replace('<%%VALUE(strata)%%>', htmlspecialchars($row['strata'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(strata)%%>', urlencode($urow['strata']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(outcome_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome_id)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(outcome_area)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome_area)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(description)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(description)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(strata)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(strata)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>jQuery(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\tjQuery('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\tjQuery('#xs_{$name}_link').removeClass('hidden');\n";
$templateCode .= "\tjQuery('[id^=\"{$name}_plink\"]').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= "<script>";
$templateCode .= "document.observe('dom:loaded', function() {";
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: outcomes_dv
if (function_exists('outcomes_dv')) {
$args = array();
outcomes_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `customurls`.`customid`=membership_userrecords.pkValue and membership_userrecords.tableName='customurls' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `customurls`.`customid`=membership_userrecords.pkValue and membership_userrecords.tableName='customurls' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`customurls`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: customurls_init
$render = TRUE;
if (function_exists('customurls_init')) {
$args = array();
$render = customurls_init($x, getMemberInfo(), $args);
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `products`.`ProductID`=membership_userrecords.pkValue and membership_userrecords.tableName='products' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `products`.`ProductID`=membership_userrecords.pkValue and membership_userrecords.tableName='products' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`products`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: products_init
$render = TRUE;
if (function_exists('products_init')) {
$args = array();
$render = products_init($x, getMemberInfo(), $args);
?>
</script>
<?php
break;
/************************************************/
/************************************************/
default:
/* default is 'get-records' */
// build the user permissions limiter
$permissionsWhere = $permissionsJoin = '';
if ($permChild[2] == 1) {
// user can view only his own records
$permissionsWhere = "`{$ChildTable}`.`{$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key']}`=`membership_userrecords`.`pkValue` AND `membership_userrecords`.`tableName`='{$ChildTable}' AND LCASE(`membership_userrecords`.`memberID`)='" . getLoggedMemberID() . "'";
} elseif ($permChild[2] == 2) {
// user can view only his group's records
$permissionsWhere = "`{$ChildTable}`.`{$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key']}`=`membership_userrecords`.`pkValue` AND `membership_userrecords`.`tableName`='{$ChildTable}' AND `membership_userrecords`.`groupID`='" . getLoggedGroupID() . "'";
} elseif ($permChild[2] == 3) {
// user can view all records
/* that's the only case remaining ... no need to modify the query in this case */
}
$permissionsJoin = $permissionsWhere ? ", `membership_userrecords`" : '';
// build the count query
$forcedWhere = $userPCConfig[$ChildTable][$ChildLookupField]['forced-where'];
$query = preg_replace('/^select .* from /i', 'SELECT count(1) FROM ', $userPCConfig[$ChildTable][$ChildLookupField]['query']) . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'";
$totalMatches = sqlValue($query);
// make sure $Page is <= max pages
$maxPage = ceil($totalMatches / $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']);
if ($Page > $maxPage) {
$Page = $maxPage;
}
// initiate output data array
$x->ShowTableHeader = 1;
$x->ShowRecordSlots = 0;
$x->HighlightColor = '#FFF0C2';
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if (!in_array($DisplayRecords, array('user', 'group'))) {
$DisplayRecords = 'all';
}
if ($perm[2] == 1 || $perm[2] > 1 && $DisplayRecords == 'user' && !$_REQUEST['NoFilter_x']) {
// view owner only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `employment_and_income_history`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='employment_and_income_history' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "'";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $DisplayRecords == 'group' && !$_REQUEST['NoFilter_x']) {
// view group only
$x->QueryFrom .= ', membership_userrecords';
$x->QueryWhere = "where `employment_and_income_history`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='employment_and_income_history' and membership_userrecords.groupID='" . getLoggedGroupID() . "'";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`employment_and_income_history`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
// hook: employment_and_income_history_init
$render = TRUE;
if (function_exists('employment_and_income_history_init')) {
$args = array();
$render = employment_and_income_history_init($x, getMemberInfo(), $args);
function customers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('customers');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: Country
$combo_Country = new Combo();
$combo_Country->ListType = 0;
$combo_Country->MultipleSeparator = ', ';
$combo_Country->ListBoxHeight = 10;
$combo_Country->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/customers.Country.csv')) {
$Country_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/customers.Country.csv')));
$combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($Country_data)));
$combo_Country->ListData = $combo_Country->ListItem;
} else {
$combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Afghanistan;;Albania;;Algeria;;American Samoa;;Andorra;;Angola;;Anguilla;;Antarctica;;Antigua, Barbuda;;Argentina;;Armenia;;Aruba;;Australia;;Austria;;Azerbaijan;;Bahamas;;Bahrain;;Bangladesh;;Barbados;;Belarus;;Belgium;;Belize;;Benin;;Bermuda;;Bhutan;;Bolivia;;Bosnia, Herzegovina;;Botswana;;Bouvet Is.;;Brazil;;Brunei Darussalam;;Bulgaria;;Burkina Faso;;Burundi;;Cambodia;;Cameroon;;Canada;;Canary Is.;;Cape Verde;;Cayman Is.;;Central African Rep.;;Chad;;Channel Islands;;Chile;;China;;Christmas Is.;;Cocos Is.;;Colombia;;Comoros;;Congo, D.R. Of;;Congo;;Cook Is.;;Costa Rica;;Croatia;;Cuba;;Cyprus;;Czech Republic;;Denmark;;Djibouti;;Dominica;;Dominican Republic;;Ecuador;;Egypt;;El Salvador;;Equatorial Guinea;;Eritrea;;Estonia;;Ethiopia;;Falkland Is.;;Faroe Is.;;Fiji;;Finland;;France;;French Guiana;;French Polynesia;;French Territories;;Gabon;;Gambia;;Georgia;;Germany;;Ghana;;Gibraltar;;Greece;;Greenland;;Grenada;;Guadeloupe;;Guam;;Guatemala;;Guernsey;;Guinea-bissau;;Guinea;;Guyana;;Haiti;;Heard, Mcdonald Is.;;Honduras;;Hong Kong;;Hungary;;Iceland;;India;;Indonesia;;Iran;;Iraq;;Ireland;;Israel;;Italy;;Ivory Coast;;Jamaica;;Japan;;Jersey;;Jordan;;Kazakhstan;;Kenya;;Kiribati;;Korea, D.P.R Of;;Korea, Rep. Of;;Kuwait;;Kyrgyzstan;;Lao Peoples D.R.;;Latvia;;Lebanon;;Lesotho;;Liberia;;Libyan Arab Jamahiriya;;Liechtenstein;;Lithuania;;Luxembourg;;Macao;;Macedonia, F.Y.R Of;;Madagascar;;Malawi;;Malaysia;;Maldives;;Mali;;Malta;;Mariana Islands;;Marshall Islands;;Martinique;;Mauritania;;Mauritius;;Mayotte;;Mexico;;Micronesia;;Moldova;;Monaco;;Mongolia;;Montserrat;;Morocco;;Mozambique;;Myanmar;;Namibia;;Nauru;;Nepal;;Netherlands Antilles;;Netherlands;;New Caledonia;;New Zealand;;Nicaragua;;Niger;;Nigeria;;Niue;;Norfolk Island;;Norway;;Oman;;Pakistan;;Palau;;Palestinian Terr.;;Panama;;Papua New Guinea;;Paraguay;;Peru;;Philippines;;Pitcairn;;Poland;;Portugal;;Puerto Rico;;Qatar;;Reunion;;Romania;;Russian Federation;;Rwanda;;Samoa;;San Marino;;Sao Tome, Principe;;Saudi Arabia;;Senegal;;Seychelles;;Sierra Leone;;Singapore;;Slovakia;;Slovenia;;Solomon Is.;;Somalia;;South Africa;;South Georgia;;South Sandwich Is.;;Spain;;Sri Lanka;;St. Helena;;St. Kitts, Nevis;;St. Lucia;;St. Pierre, Miquelon;;St. Vincent, Grenadines;;Sudan;;Suriname;;Svalbard, Jan Mayen;;Swaziland;;Sweden;;Switzerland;;Syrian Arab Republic;;Taiwan;;Tajikistan;;Tanzania;;Thailand;;Timor-leste;;Togo;;Tokelau;;Tonga;;Trinidad, Tobago;;Tunisia;;Turkey;;Turkmenistan;;Turks, Caicoss;;Tuvalu;;Uganda;;Ukraine;;United Arab Emirates;;United Kingdom;;United States;;Uruguay;;Uzbekistan;;Vanuatu;;Vatican City;;Venezuela;;Viet Nam;;Virgin Is. British;;Virgin Is. U.S.;;Wallis, Futuna;;Western Sahara;;Yemen;;Yugoslavia;;Zambia;;Zimbabwe")));
$combo_Country->ListData = $combo_Country->ListItem;
}
$combo_Country->SelectName = 'Country';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `customers` where `CustomerID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_Country->SelectedData = $row['Country'];
} else {
$combo_Country->SelectedText = $_REQUEST['FilterField'][1] == '9' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
}
$combo_Country->Render();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/customers_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/customers_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#CustomerID').replaceWith('<div class=\"form-control-static\" id=\"CustomerID\">' + (jQuery('#CustomerID').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#CompanyName').replaceWith('<div class=\"form-control-static\" id=\"CompanyName\">' + (jQuery('#CompanyName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ContactName').replaceWith('<div class=\"form-control-static\" id=\"ContactName\">' + (jQuery('#ContactName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ContactTitle').replaceWith('<div class=\"form-control-static\" id=\"ContactTitle\">' + (jQuery('#ContactTitle').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Address').replaceWith('<div class=\"form-control-static\" id=\"Address\">' + (jQuery('#Address').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#City').replaceWith('<div class=\"form-control-static\" id=\"City\">' + (jQuery('#City').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Region').replaceWith('<div class=\"form-control-static\" id=\"Region\">' + (jQuery('#Region').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#PostalCode').replaceWith('<div class=\"form-control-static\" id=\"PostalCode\">' + (jQuery('#PostalCode').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Country').replaceWith('<div class=\"form-control-static\" id=\"Country\">' + (jQuery('#Country').val() || '') + '</div>'); jQuery('#Country-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#Phone').replaceWith('<div class=\"form-control-static\" id=\"Phone\">' + (jQuery('#Phone').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Fax').replaceWith('<div class=\"form-control-static\" id=\"Fax\">' + (jQuery('#Fax').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(Country)%%>', $combo_Country->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(Country)%%>', $combo_Country->SelectedData, $templateCode);
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(CompanyName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ContactName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ContactTitle)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Address)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Region)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(PostalCode)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Country)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Fax)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', htmlspecialchars($row['CustomerID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode($urow['CustomerID']), $templateCode);
$templateCode = str_replace('<%%VALUE(CompanyName)%%>', htmlspecialchars($row['CompanyName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode($urow['CompanyName']), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactName)%%>', htmlspecialchars($row['ContactName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode($urow['ContactName']), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactTitle)%%>', htmlspecialchars($row['ContactTitle'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode($urow['ContactTitle']), $templateCode);
if ($dvprint) {
$templateCode = str_replace('<%%VALUE(Address)%%>', nl2br(htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1')), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(Address)%%>', htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
}
$templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode($urow['Address']), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', htmlspecialchars($row['City'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode($urow['City']), $templateCode);
$templateCode = str_replace('<%%VALUE(Region)%%>', htmlspecialchars($row['Region'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode($urow['Region']), $templateCode);
$templateCode = str_replace('<%%VALUE(PostalCode)%%>', htmlspecialchars($row['PostalCode'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode($urow['PostalCode']), $templateCode);
$templateCode = str_replace('<%%VALUE(Country)%%>', htmlspecialchars($row['Country'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode($urow['Country']), $templateCode);
$templateCode = str_replace('<%%VALUE(Phone)%%>', htmlspecialchars($row['Phone'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode($urow['Phone']), $templateCode);
$templateCode = str_replace('<%%VALUE(Fax)%%>', htmlspecialchars($row['Fax'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode($urow['Fax']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(CompanyName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactTitle)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Address)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Region)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(PostalCode)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Country)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Fax)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: customers_dv
if (function_exists('customers_dv')) {
$args = array();
customers_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
function entries_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('entries');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
$filterer_report = thisOr(undo_magic_quotes($_REQUEST['filterer_report']), '');
$filterer_outcome = thisOr(undo_magic_quotes($_REQUEST['filterer_outcome']), '');
$filterer_indicator = thisOr(undo_magic_quotes($_REQUEST['filterer_indicator']), '');
$filterer_beneficiary_group = thisOr(undo_magic_quotes($_REQUEST['filterer_beneficiary_group']), '');
// populate filterers, starting from children to grand-parents
if ($filterer_indicator && !$filterer_outcome) {
$filterer_outcome = sqlValue("select outcome from indicators where indicator_id='" . makeSafe($filterer_indicator) . "'");
}
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: created
$combo_created = new DateCombo();
$combo_created->DateFormat = "dmy";
$combo_created->MinYear = 1900;
$combo_created->MaxYear = 2100;
$combo_created->DefaultDate = parseMySQLDate('<%%creationDate%%>', '<%%creationDate%%>');
$combo_created->MonthNames = $Translation['month names'];
$combo_created->NamePrefix = 'created';
// combobox: report
$combo_report = new DataCombo();
// combobox: outcome
$combo_outcome = new DataCombo();
// combobox: indicator, filterable by: outcome
$combo_indicator = new DataCombo();
// combobox: beneficiary_group
$combo_beneficiary_group = new DataCombo();
// combobox: beneficiary_group_relevance
$combo_beneficiary_group_relevance = new Combo();
$combo_beneficiary_group_relevance->ListType = 0;
$combo_beneficiary_group_relevance->MultipleSeparator = ', ';
$combo_beneficiary_group_relevance->ListBoxHeight = 10;
$combo_beneficiary_group_relevance->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/entries.beneficiary_group_relevance.csv')) {
$beneficiary_group_relevance_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/entries.beneficiary_group_relevance.csv')));
$combo_beneficiary_group_relevance->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($beneficiary_group_relevance_data)));
$combo_beneficiary_group_relevance->ListData = $combo_beneficiary_group_relevance->ListItem;
} else {
$combo_beneficiary_group_relevance->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("1;;2;;3;;4;;5")));
$combo_beneficiary_group_relevance->ListData = $combo_beneficiary_group_relevance->ListItem;
}
$combo_beneficiary_group_relevance->SelectName = 'beneficiary_group_relevance';
// combobox: reliability
$combo_reliability = new Combo();
$combo_reliability->ListType = 0;
$combo_reliability->MultipleSeparator = ', ';
$combo_reliability->ListBoxHeight = 10;
$combo_reliability->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/entries.reliability.csv')) {
$reliability_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/entries.reliability.csv')));
$combo_reliability->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($reliability_data)));
$combo_reliability->ListData = $combo_reliability->ListItem;
} else {
$combo_reliability->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("1;;2;;3;;4;;5")));
$combo_reliability->ListData = $combo_reliability->ListItem;
}
$combo_reliability->SelectName = 'reliability';
// combobox: intentionality
$combo_intentionality = new Combo();
$combo_intentionality->ListType = 0;
$combo_intentionality->MultipleSeparator = ', ';
$combo_intentionality->ListBoxHeight = 10;
$combo_intentionality->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/entries.intentionality.csv')) {
$intentionality_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/entries.intentionality.csv')));
$combo_intentionality->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($intentionality_data)));
$combo_intentionality->ListData = $combo_intentionality->ListItem;
} else {
$combo_intentionality->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("1;;2;;3;;4;;5")));
$combo_intentionality->ListData = $combo_intentionality->ListItem;
}
$combo_intentionality->SelectName = 'intentionality';
// combobox: equivalence
$combo_equivalence = new Combo();
$combo_equivalence->ListType = 0;
$combo_equivalence->MultipleSeparator = ', ';
$combo_equivalence->ListBoxHeight = 10;
$combo_equivalence->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/entries.equivalence.csv')) {
$equivalence_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/entries.equivalence.csv')));
$combo_equivalence->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($equivalence_data)));
$combo_equivalence->ListData = $combo_equivalence->ListItem;
} else {
$combo_equivalence->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("1;;2;;3;;4;;5")));
$combo_equivalence->ListData = $combo_equivalence->ListItem;
}
$combo_equivalence->SelectName = 'equivalence';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='entries' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='entries' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `entries` where `entry_id`='" . makeSafe($selected_id) . "'", $eo);
$row = mysql_fetch_array($res);
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_created->DefaultDate = $row['created'];
$combo_report->SelectedData = $row['report'];
$combo_outcome->SelectedData = $row['outcome'];
$combo_indicator->SelectedData = $row['indicator'];
$combo_beneficiary_group->SelectedData = $row['beneficiary_group'];
$combo_beneficiary_group_relevance->SelectedData = $row['beneficiary_group_relevance'];
$combo_reliability->SelectedData = $row['reliability'];
$combo_intentionality->SelectedData = $row['intentionality'];
$combo_equivalence->SelectedData = $row['equivalence'];
} else {
$combo_report->SelectedData = $filterer_report;
$combo_outcome->SelectedData = $filterer_outcome;
$combo_indicator->SelectedData = $filterer_indicator;
$combo_beneficiary_group->SelectedData = $filterer_beneficiary_group;
$combo_beneficiary_group_relevance->SelectedText = $_REQUEST['FilterField'][1] == '10' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
$combo_reliability->SelectedText = $_REQUEST['FilterField'][1] == '13' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
$combo_intentionality->SelectedText = $_REQUEST['FilterField'][1] == '14' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
$combo_equivalence->SelectedText = $_REQUEST['FilterField'][1] == '15' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
}
$combo_report->HTML = $combo_report->MatchText = '<span id="report-container' . $rnd1 . '"></span><input type="hidden" name="report" id="report' . $rnd1 . '">';
$combo_outcome->HTML = $combo_outcome->MatchText = '<span id="outcome-container' . $rnd1 . '"></span><input type="hidden" name="outcome" id="outcome' . $rnd1 . '">';
$combo_indicator->HTML = $combo_indicator->MatchText = '<span id="indicator-container' . $rnd1 . '"></span><input type="hidden" name="indicator" id="indicator' . $rnd1 . '">';
$combo_beneficiary_group->HTML = $combo_beneficiary_group->MatchText = '<span id="beneficiary_group-container' . $rnd1 . '"></span><input type="hidden" name="beneficiary_group" id="beneficiary_group' . $rnd1 . '">';
$combo_beneficiary_group_relevance->Render();
$combo_reliability->Render();
$combo_intentionality->Render();
$combo_equivalence->Render();
ob_start();
?>
<script>
// initial lookup values
var current_report__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['report'] : $filterer_report);
?>
"};
var current_outcome__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['outcome'] : $filterer_outcome);
?>
"};
var current_indicator__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['indicator'] : $filterer_indicator);
?>
"};
var current_beneficiary_group__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['beneficiary_group'] : $filterer_beneficiary_group);
?>
"};
jQuery(function() {
report_reload__RAND__();
outcome_reload__RAND__();
<?php
echo !$AllowUpdate || $dvprint ? 'indicator_reload__RAND__(current_outcome__RAND__.value);' : '';
?>
beneficiary_group_reload__RAND__();
});
function report_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#report-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_report__RAND__.value, t: 'entries', f: 'report' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="report"]').val(resp.results[0].id);
if(typeof(report_update_autofills__RAND__) == 'function') report_update_autofills__RAND__();
});
},
width: '100%',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'entries', f: 'report' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_report__RAND__.value = e.added.id;
current_report__RAND__.text = e.added.text;
jQuery('[name="report"]').val(e.added.id);
if(typeof(report_update_autofills__RAND__) == 'function') report_update_autofills__RAND__();
});
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_report__RAND__.value, t: 'entries', f: 'report' }
}).done(function(resp){
jQuery('#report-container__RAND__').html('<span id="report-match-text">' + resp.results[0].text + '</span>');
if(typeof(report_update_autofills__RAND__) == 'function') report_update_autofills__RAND__();
});
<?php
}
?>
}
function outcome_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#outcome-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_outcome__RAND__.value, t: 'entries', f: 'outcome' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="outcome"]').val(resp.results[0].id);
indicator_reload__RAND__(current_outcome__RAND__.value);
if(typeof(outcome_update_autofills__RAND__) == 'function') outcome_update_autofills__RAND__();
});
},
width: '100%',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'entries', f: 'outcome' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_outcome__RAND__.value = e.added.id;
current_outcome__RAND__.text = e.added.text;
jQuery('[name="outcome"]').val(e.added.id);
indicator_reload__RAND__(current_outcome__RAND__.value);
if(typeof(outcome_update_autofills__RAND__) == 'function') outcome_update_autofills__RAND__();
});
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_outcome__RAND__.value, t: 'entries', f: 'outcome' }
}).done(function(resp){
jQuery('#outcome-container__RAND__').html('<span id="outcome-match-text">' + resp.results[0].text + '</span>');
if(typeof(outcome_update_autofills__RAND__) == 'function') outcome_update_autofills__RAND__();
});
<?php
}
?>
}
function indicator_reload__RAND__(filterer_outcome){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#indicator-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { filterer_outcome: filterer_outcome, id: current_indicator__RAND__.value, t: 'entries', f: 'indicator' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="indicator"]').val(resp.results[0].id);
if(typeof(indicator_update_autofills__RAND__) == 'function') indicator_update_autofills__RAND__();
});
},
width: '100%',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { filterer_outcome: filterer_outcome, s: term, p: page, t: 'entries', f: 'indicator' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_indicator__RAND__.value = e.added.id;
current_indicator__RAND__.text = e.added.text;
jQuery('[name="indicator"]').val(e.added.id);
if(typeof(indicator_update_autofills__RAND__) == 'function') indicator_update_autofills__RAND__();
});
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_indicator__RAND__.value, t: 'entries', f: 'indicator' }
}).done(function(resp){
jQuery('#indicator-container__RAND__').html('<span id="indicator-match-text">' + resp.results[0].text + '</span>');
if(typeof(indicator_update_autofills__RAND__) == 'function') indicator_update_autofills__RAND__();
});
<?php
}
?>
}
function beneficiary_group_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#beneficiary_group-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_beneficiary_group__RAND__.value, t: 'entries', f: 'beneficiary_group' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="beneficiary_group"]').val(resp.results[0].id);
if(typeof(beneficiary_group_update_autofills__RAND__) == 'function') beneficiary_group_update_autofills__RAND__();
});
},
width: '100%',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'entries', f: 'beneficiary_group' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_beneficiary_group__RAND__.value = e.added.id;
current_beneficiary_group__RAND__.text = e.added.text;
jQuery('[name="beneficiary_group"]').val(e.added.id);
if(typeof(beneficiary_group_update_autofills__RAND__) == 'function') beneficiary_group_update_autofills__RAND__();
});
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_beneficiary_group__RAND__.value, t: 'entries', f: 'beneficiary_group' }
}).done(function(resp){
jQuery('#beneficiary_group-container__RAND__').html('<span id="beneficiary_group-match-text">' + resp.results[0].text + '</span>');
if(typeof(beneficiary_group_update_autofills__RAND__) == 'function') beneficiary_group_update_autofills__RAND__();
});
<?php
}
?>
}
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/entries_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/entries_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Entry details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
// process buttons
if ($arrPerm[1]) {
// allow insert?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return entries_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return entries_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return entries_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button tabindex="2" type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate && !$arrPerm[1] || !$selected_id && !$arrPerm[1]) {
$jsReadOnly .= "\tjQuery('#report').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#report_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#outcome').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#outcome_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#indicator').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#indicator_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#score').replaceWith('<p class=\"form-control-static\" id=\"score\">' + (jQuery('#score').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#beneficiary_group').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#beneficiary_group_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#beneficiary_group_relevance').replaceWith('<p class=\"form-control-static\" id=\"beneficiary_group_relevance\">' + (jQuery('#beneficiary_group_relevance').val() || '') + '</p>'); jQuery('#beneficiary_group_relevance-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#comment').replaceWith('<p class=\"form-control-static\" id=\"comment\">' + (jQuery('#comment').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#reference').replaceWith('<p class=\"form-control-static\" id=\"reference\">' + (jQuery('#reference').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#reliability').replaceWith('<p class=\"form-control-static\" id=\"reliability\">' + (jQuery('#reliability').val() || '') + '</p>'); jQuery('#reliability-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#intentionality').replaceWith('<p class=\"form-control-static\" id=\"intentionality\">' + (jQuery('#intentionality').val() || '') + '</p>'); jQuery('#intentionality-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#equivalence').replaceWith('<p class=\"form-control-static\" id=\"equivalence\">' + (jQuery('#equivalence').val() || '') + '</p>'); jQuery('#equivalence-multi-selection-help').hide();\n";
$noUploads = true;
}
// process combos
$templateCode = str_replace('<%%COMBO(created)%%>', $selected_id && !$arrPerm[3] ? '<p class="form-control-static">' . $combo_created->GetHTML(true) . '</p>' : $combo_created->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(created)%%>', $combo_created->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(report)%%>', $combo_report->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(report)%%>', $combo_report->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(report)%%>', urlencode($combo_report->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(outcome)%%>', $combo_outcome->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(outcome)%%>', $combo_outcome->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(outcome)%%>', urlencode($combo_outcome->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(indicator)%%>', $combo_indicator->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(indicator)%%>', $combo_indicator->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(indicator)%%>', urlencode($combo_indicator->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(beneficiary_group)%%>', $combo_beneficiary_group->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(beneficiary_group)%%>', $combo_beneficiary_group->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(beneficiary_group)%%>', urlencode($combo_beneficiary_group->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(beneficiary_group_relevance)%%>', $combo_beneficiary_group_relevance->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(beneficiary_group_relevance)%%>', $combo_beneficiary_group_relevance->SelectedData, $templateCode);
$templateCode = str_replace('<%%COMBO(reliability)%%>', $combo_reliability->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(reliability)%%>', $combo_reliability->SelectedData, $templateCode);
$templateCode = str_replace('<%%COMBO(intentionality)%%>', $combo_intentionality->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(intentionality)%%>', $combo_intentionality->SelectedData, $templateCode);
$templateCode = str_replace('<%%COMBO(equivalence)%%>', $combo_equivalence->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(equivalence)%%>', $combo_equivalence->SelectedData, $templateCode);
// process foreign key links
if ($selected_id) {
$templateCode = str_replace('<%%PLINK(report)%%>', $combo_report->SelectedData ? "<span id=\"reports_plink1\" class=\"hidden\"><a class=\"btn btn-default\" href=\"reports_view.php?SelectedID=" . urlencode($combo_report->SelectedData) . "\"><i class=\"glyphicon glyphicon-search\"></i></a></span>" : '', $templateCode);
$templateCode = str_replace('<%%PLINK(outcome)%%>', $combo_outcome->SelectedData ? "<span id=\"outcomes_plink2\" class=\"hidden\"><a class=\"btn btn-default\" href=\"outcomes_view.php?SelectedID=" . urlencode($combo_outcome->SelectedData) . "\"><i class=\"glyphicon glyphicon-search\"></i></a></span>" : '', $templateCode);
$templateCode = str_replace('<%%PLINK(indicator)%%>', $combo_indicator->SelectedData ? "<span id=\"indicators_plink3\" class=\"hidden\"><a class=\"btn btn-default\" href=\"indicators_view.php?SelectedID=" . urlencode($combo_indicator->SelectedData) . "\"><i class=\"glyphicon glyphicon-search\"></i></a></span>" : '', $templateCode);
$templateCode = str_replace('<%%PLINK(beneficiary_group)%%>', $combo_beneficiary_group->SelectedData ? "<span id=\"beneficiary_groups_plink4\" class=\"hidden\"><a class=\"btn btn-default\" href=\"beneficiary_groups_view.php?SelectedID=" . urlencode($combo_beneficiary_group->SelectedData) . "\"><i class=\"glyphicon glyphicon-search\"></i></a></span>" : '', $templateCode);
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(entry_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(created)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(created_by)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(report)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(outcome)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(indicator)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(score)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(beneficiary_group)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(beneficiary_group_relevance)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(comment)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(reference)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(reliability)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(intentionality)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(equivalence)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(entry_id)%%>', htmlspecialchars($row['entry_id'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(entry_id)%%>', urlencode($urow['entry_id']), $templateCode);
$templateCode = str_replace('<%%VALUE(created)%%>', @date('d/m/Y', @strtotime(htmlspecialchars($row['created'], ENT_QUOTES))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(created)%%>', urlencode(@date('d/m/Y', @strtotime(htmlspecialchars($urow['created'], ENT_QUOTES)))), $templateCode);
$templateCode = str_replace('<%%VALUE(created_by)%%>', htmlspecialchars($row['created_by'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(created_by)%%>', urlencode($urow['created_by']), $templateCode);
$templateCode = str_replace('<%%VALUE(report)%%>', htmlspecialchars($row['report'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(report)%%>', urlencode($urow['report']), $templateCode);
$templateCode = str_replace('<%%VALUE(outcome)%%>', htmlspecialchars($row['outcome'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome)%%>', urlencode($urow['outcome']), $templateCode);
$templateCode = str_replace('<%%VALUE(indicator)%%>', htmlspecialchars($row['indicator'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(indicator)%%>', urlencode($urow['indicator']), $templateCode);
$templateCode = str_replace('<%%VALUE(score)%%>', htmlspecialchars($row['score'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(score)%%>', urlencode($urow['score']), $templateCode);
$templateCode = str_replace('<%%VALUE(beneficiary_group)%%>', htmlspecialchars($row['beneficiary_group'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(beneficiary_group)%%>', urlencode($urow['beneficiary_group']), $templateCode);
$templateCode = str_replace('<%%VALUE(beneficiary_group_relevance)%%>', htmlspecialchars($row['beneficiary_group_relevance'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(beneficiary_group_relevance)%%>', urlencode($urow['beneficiary_group_relevance']), $templateCode);
if ($dvprint) {
$templateCode = str_replace('<%%VALUE(comment)%%>', nl2br(htmlspecialchars($row['comment'], ENT_QUOTES)), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(comment)%%>', htmlspecialchars($row['comment'], ENT_QUOTES), $templateCode);
}
$templateCode = str_replace('<%%URLVALUE(comment)%%>', urlencode($urow['comment']), $templateCode);
$templateCode = str_replace('<%%VALUE(reference)%%>', htmlspecialchars($row['reference'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(reference)%%>', urlencode($urow['reference']), $templateCode);
$templateCode = str_replace('<%%VALUE(reliability)%%>', htmlspecialchars($row['reliability'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(reliability)%%>', urlencode($urow['reliability']), $templateCode);
$templateCode = str_replace('<%%VALUE(intentionality)%%>', htmlspecialchars($row['intentionality'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(intentionality)%%>', urlencode($urow['intentionality']), $templateCode);
$templateCode = str_replace('<%%VALUE(equivalence)%%>', htmlspecialchars($row['equivalence'], ENT_QUOTES), $templateCode);
$templateCode = str_replace('<%%URLVALUE(equivalence)%%>', urlencode($urow['equivalence']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(entry_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(entry_id)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(created)%%>', '<%%creationDate%%>', $templateCode);
$templateCode = str_replace('<%%URLVALUE(created)%%>', urlencode('<%%creationDate%%>'), $templateCode);
$templateCode = str_replace('<%%VALUE(created_by)%%>', '<%%creatorUsername%%>', $templateCode);
$templateCode = str_replace('<%%URLVALUE(created_by)%%>', urlencode('<%%creatorUsername%%>'), $templateCode);
$templateCode = str_replace('<%%VALUE(report)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(report)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(outcome)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(outcome)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(indicator)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(indicator)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(score)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(score)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(beneficiary_group)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(beneficiary_group)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(beneficiary_group_relevance)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(beneficiary_group_relevance)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(comment)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(comment)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(reference)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(reference)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(reliability)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(reliability)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(intentionality)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(intentionality)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(equivalence)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(equivalence)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>jQuery(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\tjQuery('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\tjQuery('#xs_{$name}_link').removeClass('hidden');\n";
$templateCode .= "\tjQuery('[id^=\"{$name}_plink\"]').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= "<script>";
$templateCode .= "document.observe('dom:loaded', function() {";
$templateCode .= "\toutcome_update_autofills{$rnd1} = function(){\n";
$templateCode .= "\t\tnew Ajax.Request(\n";
if ($dvprint) {
$templateCode .= "\t\t\t'entries_autofill.php?rnd1={$rnd1}&mfk=outcome&id='+encodeURIComponent('" . addslashes($row['outcome']) . "'),\n";
$templateCode .= "\t\t\t{encoding: 'UTF-8', method: 'get'}\n";
} else {
$templateCode .= "\t\t\t'entries_autofill.php?rnd1={$rnd1}&mfk=outcome&id=' + encodeURIComponent(current_outcome{$rnd1}.value),\n";
$templateCode .= "\t\t\t{encoding: 'UTF-8', method: 'get', onCreate: function(){ \$('outcome{$rnd1}').disable(); \$('outcomeLoading').innerHTML='<img src=loading.gif align=top>'; }, onComplete: function(){" . ($arrPerm[1] || ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) ? "\$('outcome{$rnd1}').enable(); " : "\$('outcome{$rnd1}').disable(); ") . "\$('outcomeLoading').innerHTML='';}}\n";
}
$templateCode .= "\t\t);\n";
$templateCode .= "\t};\n";
if (!$dvprint) {
$templateCode .= "\tif(\$('outcome_caption') != undefined) \$('outcome_caption').onchange=outcome_update_autofills{$rnd1};\n";
}
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: entries_dv
if (function_exists('entries_dv')) {
$args = array();
entries_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}