/
forminput.php
88 lines (68 loc) · 2.77 KB
/
forminput.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<?php
function GETVAL($key){ $val=$_GET[$key]; if (!is_numeric($val)){header('apperror:invalid parameter '.$key);die('invalid parameter '.$key);} return $val;}
function noapos($val){if (is_callable('sql_escape')) return sql_escape($val); return addslashes($val);}
function GETSTR($key){ $val=decode_unicode_url($_GET[$key]); return noapos($val); }
function POSTVAL($key){ $val=$_POST[$key]; if (!is_numeric($val)){header('apperror:invalid parameter '.$key);die('invalid parameter '.$key);} return $val;}
function POSTSTR($key){ $val=decode_unicode_url($_POST[$key]); return noapos($val); }
function decode_unicode_url($str){
$str=utf8_encode($str);
//$str=htmlentities($str); //French accent fix
$res = '';
$i = 0; $max=strlen($str)-6;
while ($i<=$max){
$c=$str[$i];
if ($c=='%'&&$str[$i + 1]=='u'){
$v=hexdec(substr($str,$i+2,4));
$i+=6;
if ($v<0x0080) $c=chr($v); //1 byte
else if ($v<0x0800) $c=chr((($v&0x07c0)>>6)|0xc0).chr(($v&0x3f)|0x80); // 2 bytes: 110xxxxx 10xxxxxx
else $c=chr((($v&0xf000)>>12)|0xe0).chr((($v&0x0fc0)>>6)|0x80).chr(($v&0x3f)|0x80); // 3 bytes: 1110xxxx 10xxxxxx 10xxxxxx
} else $i++;
$res.=$c;
}//while
return $res . substr($str, $i);
}
function date2stamp($date,$hour=0,$min=0,$sec=0){
$parts=explode('-',trim($date));
if (count($parts)!=3) return null;
return mktime($hour,$min,$sec,$parts[1],$parts[2],$parts[0]);
}
function makelookup($id,$fullscale=0){
?>
<div class="minilookup" id="<?echo $id;?>_lookup"><a id="<?echo $id;?>_lookup_closer" class="labelbutton closer" onclick="gid('<?echo $id;?>_lookup').style.display='none';">close</a>
<div id="<?echo $id;?>_lookup_view" class="lookupview"<?if ($fullscale) echo ' style="height:auto;overflow:normal;"';?>></div></div>
<?
}
function cancelpickup($id){
?>
<a class="labelbutton" onclick="cancelpickup('<?echo $id;?>');">edit</a>
<?
}
function logaction($message,$rawobj=null,$syncobj=null){
$user=userinfo();
$userid=$user['userid']+0;
$logname=$user['login'];
$logname=str_replace("'",'',$logname);
global $db;
$wssid=$_GET['wssid_']+0;
if (!isset($rawobj)) $rawobj=array();
$message=noapos($message);
$cobj=array();
foreach ($rawobj as $k=>$v){
if (is_array($v)) continue;
$v=noapos($v);
$v=str_replace('"','"',$v);
$cobj[$k]=$v;
}
$obj=json_encode($cobj);
$obj=str_replace("\\'","'",$obj);
$now=time();
$query="insert into ".TABLENAME_ACTIONLOG."(userid,logname,logdate,logmessage,rawobj) values ($userid,'$logname','$now','$message','$obj')";
if ($syncobj!=''){
$sid=$wssid;
$rectype=$syncobj['rectype'];
$recid=$syncobj['recid']+0;
$query="insert into ".TABLENAME_ACTIONLOG."(userid,logname,logdate,logmessage,rawobj,sid,rectype,recid) values ($userid,'$logname','$now','$message','$obj',$sid,'$rectype',$recid)";
}
sql_query($query,$db);
}