// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
start_session(true);
// --------------------------------------------------------------------
// Initialize preferred display language:
// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)
include 'includes/locales.inc.php';
// include the locales
// --------------------------------------------------------------------
// If there's no stored message available:
if (!isset($_SESSION['HeaderString'])) {
$HeaderString = $loc["Default Welcome Message"];
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''):
// ('' will produce the default 'Web' output style)
if (isset($_REQUEST['viewType'])) {
$viewType = $_REQUEST['viewType'];
} else {
$viewType = "";
}
// Setup an array of arrays holding URL and title information for all RSS feeds available on this page:
// (appropriate <link...> tags will be included in the HTML header for every URL specified)
$rssURLArray = array();
if (isset($_SESSION['user_permissions']) and preg_match("/allow_rss_feeds/", $_SESSION['user_permissions'])) {
$showRows = $_SESSION['userRecordsPerPage'];
// get the default number of records per page preferred by the current user
if (isset($_SESSION['oldMultiRecordQuery'])) {
deleteSessionVariable("oldMultiRecordQuery");
}
// clear any query URL pointing to the last multi-record query
if (isset($_SESSION['lastListViewQuery'])) {
deleteSessionVariable("lastListViewQuery");
}
// clear any SQL query generated for the last List view
if (isset($_SESSION['lastDetailsViewQuery'])) {
deleteSessionVariable("lastDetailsViewQuery");
}
// clear any SQL query generated for the last Details view
// if (isset($_SESSION['lastCitationViewQuery']))
// deleteSessionVariable("lastCitationViewQuery"); // clear any SQL query generated for the last Citation view
if (isset($_SESSION['queryHistory'])) {
deleteSessionVariable("queryHistory");
}
// clear any links to previous search results
} else {
// save an error message:
$HeaderString = "<b><span class=\"warning\">You cannot logout since you are not logged in anymore!</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
}
if (!preg_match("/.*user(_details|_options|_receipt|s)\\.php.*|.*(error|install|query_manager|query_history)\\.php.*/", $referer)) {
// variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'
header("Location: " . $referer);
} else {
header("Location: index.php");
}
function showQueryPage($operation, $viewType, $showRows, $rowOffset)
{
global $officialDatabaseName;
// defined in 'ini.inc.php'
global $displayType;
global $loc;
// defined in 'locales/core.php'
global $client;
// If there's no stored message available:
if (!isset($_SESSION['HeaderString'])) {
$HeaderString = $loc["SearchDB"] . ":";
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// For HTML output, we'll need to reset the value of the '$displayType' variable
// (which, by default, is set to "Export"; see above); otherwise, the 'originalDisplayType'
// parameter in the 'quickSearch' form of the page header would be incorrectly set to "Export"
$displayType = "";
// if '$displayType' is empty, 'show.php' will use the default view that's given in session variable 'userDefaultView'
// Show the login status:
showLogin();
// (function 'showLogin()' is defined in 'include.inc.php')
// DISPLAY header:
// call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- " . $loc["Search"], "index,follow", "Search the " . encodeHTML($officialDatabaseName), "", true, "", $viewType, array());
if (!preg_match("/^Mobile\$/i", $viewType) and !preg_match("/^inc/i", $client)) {
// Note: we omit the visible header in mobile view ('viewType=Mobile') and for include mechanisms!
showPageHeader($HeaderString);
}
// Define variables holding common drop-down elements, i.e. build properly formatted <option> tag elements:
$dropDownConditionals1Array = array("contains" => $loc["contains"], "does not contain" => $loc["contains not"], "is equal to" => $loc["equal to"], "is not equal to" => $loc["equal to not"], "starts with" => $loc["starts with"], "ends with" => $loc["ends with"]);
$dropDownItems1 = buildSelectMenuOptions($dropDownConditionals1Array, "//", "\t\t\t", true);
// function 'buildSelectMenuOptions()' is defined in 'include.inc.php'
$dropDownConditionals2Array = array("is greater than" => $loc["is greater than"], "is less than" => $loc["is less than"], "is within range" => $loc["is within range"], "is within list" => $loc["is within list"]);
$dropDownItems2 = buildSelectMenuOptions($dropDownConditionals2Array, "//", "\t\t\t", true);
$dropDownFieldNames1Array = array("author" => $loc["DropDownFieldName_Author"], "address" => $loc["DropDownFieldName_Address"], "corporate_author" => $loc["DropDownFieldName_CorporateAuthor"], "thesis" => $loc["DropDownFieldName_Thesis"], "", "title" => $loc["DropDownFieldName_Title"], "orig_title" => $loc["DropDownFieldName_OrigTitle"], "", "year" => $loc["DropDownFieldName_Year"], "publication" => $loc["DropDownFieldName_Publication"], "abbrev_journal" => $loc["DropDownFieldName_AbbrevJournal"], "editor" => $loc["DropDownFieldName_Editor"], "", "volume_numeric" => $loc["DropDownFieldName_Volume"], "issue" => $loc["DropDownFieldName_Issue"], "pages" => $loc["DropDownFieldName_Pages"], "", "series_title" => $loc["DropDownFieldName_SeriesTitle"], "abbrev_series_title" => $loc["DropDownFieldName_AbbrevSeriesTitle"], "series_editor" => $loc["DropDownFieldName_SeriesEditor"], "series_volume_numeric" => $loc["DropDownFieldName_SeriesVolume"], "series_issue" => $loc["DropDownFieldName_SeriesIssue"], "", "publisher" => $loc["DropDownFieldName_Publisher"], "place" => $loc["DropDownFieldName_Place"], "", "edition" => $loc["DropDownFieldName_Edition"], "medium" => $loc["DropDownFieldName_Medium"], "issn" => $loc["DropDownFieldName_Issn"], "isbn" => $loc["DropDownFieldName_Isbn"], "", "language" => $loc["DropDownFieldName_Language"], "summary_language" => $loc["DropDownFieldName_SummaryLanguage"], "", "keywords" => $loc["DropDownFieldName_Keywords"], "abstract" => $loc["DropDownFieldName_Abstract"], "", "area" => $loc["DropDownFieldName_Area"], "expedition" => $loc["DropDownFieldName_Expedition"], "conference" => $loc["DropDownFieldName_Conference"], "", "doi" => $loc["DropDownFieldName_Doi"], "url" => $loc["DropDownFieldName_Url"]);
if (isset($_SESSION['loginEmail'])) {
// we only include the 'file' field if the user is logged in
$dropDownFieldNames1Array["file"] = $loc["DropDownFieldName_File"];
}
$dropDownFieldNames1Array[] = "";
$dropDownFieldNames1Array["notes"] = $loc["DropDownFieldName_Notes"];
if (isset($_SESSION['loginEmail'])) {
// we only include the 'location' field if the user is logged in
$dropDownFieldNames1Array["location"] = $loc["DropDownFieldName_Location"];
}
$dropDownFieldNames2Array = array("call_number" => $loc["DropDownFieldName_CallNumber"], "", "serial" => $loc["DropDownFieldName_Serial"], "type" => $loc["DropDownFieldName_Type"], "approved" => $loc["DropDownFieldName_Approved"], "", "created_date" => $loc["DropDownFieldName_CreatedDate"], "created_time" => $loc["DropDownFieldName_CreatedTime"]);
if (isset($_SESSION['loginEmail'])) {
// we only include the 'created_by' field if the user is logged in
$dropDownFieldNames2Array["created_by"] = $loc["DropDownFieldName_CreatedBy"];
}
$dropDownFieldNames2Array[] = "";
$dropDownFieldNames2Array["modified_date"] = $loc["DropDownFieldName_ModifiedDate"];
$dropDownFieldNames2Array["modified_time"] = $loc["DropDownFieldName_ModifiedTime"];
if (isset($_SESSION['loginEmail'])) {
// we only include the 'modified_by' field if the user is logged in
$dropDownFieldNames2Array["modified_by"] = $loc["DropDownFieldName_ModifiedBy"];
}
$dropDownItems3 = buildSelectMenuOptions(array_merge($dropDownFieldNames1Array, $dropDownFieldNames2Array), "//", "\t\t\t", true);
$dropDownConditionals3Array = array("html" => "html", "atom" => "Atom XML", "rss" => "RSS XML", "srw_dc" => "SRW_DC XML", "srw_mods" => "SRW_MODS XML");
$dropDownItems4 = buildSelectMenuOptions($dropDownConditionals3Array, "//", "\t\t\t", true);
// Map CQL indexes to refbase field names:
$indexNamesArray = mapCQLIndexes();
// function 'mapCQLIndexes()' is defined in 'webservice.inc.php'
// --------------------------------------------------------------------
// TODO: when the simple CQL Query Builder interface is done, a call to 'opensearch.php' (or 'opensearch.php?operation=simple')
// should activate that simple GUI-based interface (currently, it activates the advanced interface that you'd normally only
// get via 'opensearch.php?operation=cql' or 'opensearch.php?operation=advanced')
// if (preg_match("/^(advanced|CQL)$/i", $operation))
showQueryFormAdvanced($dropDownItems1, $dropDownItems2, $dropDownItems3, $dropDownItems4, $showRows, $rowOffset, $indexNamesArray, $viewType);
// let's you enter a standard CQL query directly
// else
// showQueryFormSimple($dropDownItems1, $dropDownItems2, $dropDownItems3, $dropDownItems4, $showRows, $rowOffset, $indexNamesArray, $viewType); // let's you build a CQL query via dropdown menues
// --------------------------------------------------------------------
// DISPLAY THE HTML FOOTER:
// call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')
if (!preg_match("/^Mobile\$/i", $viewType) and !preg_match("/^inc/i", $client)) {
// Note: we omit the visible footer in mobile view ('viewType=Mobile') and for include mechanisms!
showPageFooter($HeaderString);
}
displayHTMLfoot();
}
saveSessionVariable("userRecordsPerPage", $defaultUserOptions['records_per_page']);
// '$defaultUserOptions' is defined in 'ini.inc.php'
saveSessionVariable("userAutoCompletions", $defaultUserOptions['show_auto_completions']);
saveSessionVariable("userMainFields", $defaultUserOptions['main_fields']);
}
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $loginUserID);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $loginUserID);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Similarly, get all queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($loginUserID);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Clear the 'errors' and 'formVars' session variables so a future <form> is blank:
deleteSessionVariable("errors");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
deleteSessionVariable("formVars");
// ----------------------------------------------
// (4) Now show the user RECEIPT:
header("Location: user_receipt.php?userID={$userID}");
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
// --------------------------------------------------------------------
function getPermissions($user_OR_groupID, $permissionType, $savePermissionsToSessionVariable)
{
global $tableUserPermissions;
// defined in 'db.inc.php'
// NOTE: the group permissions feature (table 'group_permissions') has not been implemented yet, i.e., currently, only '$permissionType=user' is recognized!
// global $tableGroupPermissions;
// if ($permissionType == "group")
// $tablePermissions = $tableGroupPermissions;
// else
$tablePermissions = $tableUserPermissions;
connectToMySQLDatabase();
// CONSTRUCT SQL QUERY:
// Fetch all permission settings from the 'user_permissions' (or 'group_permissions') table for the current user:
$query = "SELECT allow_add, allow_edit, allow_delete, allow_download, allow_upload, allow_list_view, allow_details_view, allow_print_view, allow_browse_view, allow_sql_search, allow_user_groups, allow_user_queries, allow_rss_feeds, allow_import, allow_export, allow_cite, allow_batch_import, allow_batch_export, allow_modify_options FROM " . $tablePermissions . " WHERE " . $permissionType . "_id = " . quote_smart($user_OR_groupID);
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection
if (mysql_num_rows($result) == 1) {
$userPermissionsArray = array();
// initialize array variables
$userPermissionsFieldNameArray = array();
$row = mysql_fetch_array($result);
// fetch the one row into the array '$row'
$fieldsFound = mysql_num_fields($result);
// count the number of fields
for ($i = 0; $i < $fieldsFound; $i++) {
// Fetch the current attribute name:
$fieldName = getMySQLFieldInfo($result, $i, "name");
$userPermissionsArray[$fieldName] = $row[$i];
// ... append this field's permission value using the field's permission name as key
if ($row[$i] == "yes") {
// if the current permission is set to 'yes'...
$userPermissionsFieldNameArray[] = $fieldName;
}
// ... append this field's permission name (as value) to the array of allowed user actions
}
// join array of allowed user actions with '; ' as separator:
$allowedUserActionsString = implode('; ', $userPermissionsFieldNameArray);
if ($savePermissionsToSessionVariable) {
// Write the resulting string of allowed user actions into a session variable:
saveSessionVariable("user_permissions", $allowedUserActionsString);
}
return $userPermissionsArray;
} else {
if ($savePermissionsToSessionVariable) {
// since no (or more than one) user/group was found with the given ID, we fall back to the default permissions which apply when no user is logged in, i.e.,
// we assume 'user_id' or 'group_id' is zero! (the 'start_session()' function will take care of setting up permissions when no user is logged in)
deleteSessionVariable("user_permissions");
}
// therefore, we delete any existing 'user_permissions' session variable (which is now outdated)
return array();
}
}
function login_page($referer)
{
global $HeaderString;
global $viewType;
global $loginWelcomeMsg;
global $loginStatus;
global $loginLinks;
global $officialDatabaseName;
global $loc;
// Show login status (should be logged out!)
showLogin();
// (function 'showLogin()' is defined in 'include.inc.php')
// If there's no stored message available:
if (!isset($_SESSION['HeaderString'])) {
$HeaderString = $loc['YouNeedToLoginInOrderToMakeChangesToTheDatabase'];
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Login", "index,follow", "User login page. You must be logged in to the " . encodeHTML($officialDatabaseName) . " in order to add, edit or delete records", "", false, "", $viewType, array());
showPageHeader($HeaderString);
// Build the login form:
// Note: we use the fact here, that a page can have both, a GET and POST request.
// (if you POST, but add ?blah=foo to the end of the action URL, the client will GET, then POST)
?>
<form method="POST" action="user_login.php?referer=<?php
echo rawurlencode($referer);
?>
">
<div class="row">
<div class="small-12 column">
<div class="row">
<div class="small-2 columns">
<label for=""><?php
echo $loc["EmailAddress"];
?>
:</label>
</div>
<div class="small-10 columns">
<input type="text" name="loginEmail" size="30">
</div>
</div>
</div>
</div>
<div class="row">
<div class="small-12 column">
<div class="row">
<div class="small-2 columns">
<label for=""><?php
echo $loc["EmailAdressPassword"];
?>
:</label>
</div>
<div class="small-10 columns">
<input type="password" name="loginPassword" size="30">
</div>
</div>
</div>
</div>
<div class="row">
<div class="small-12 column">
<input class="button secondary right" style="margin-bottom: 15px" type="submit" value="Login">
</div>
</div>
<!--<table align="center" border="0" cellpadding="2" cellspacing="5" width="95%" summary="This table holds a login form for the --><?php
//echo encodeHTML($officialDatabaseName);
?>
<!--">-->
<!-- <tr>-->
<!-- <td width="174" valign="bottom">-->
<!-- <b>--><?php
//echo $loc["EmailAddress"];
?>
<!--:</b>-->
<!-- </td>-->
<!-- <td valign="bottom">-->
<!-- <input type="text" name="loginEmail" size="30">-->
<!-- </td>-->
<!-- </tr>-->
<!-- <tr>-->
<!-- <td valign="bottom">-->
<!-- <b>--><?php
//echo $loc["EmailAdressPassword"];
?>
<!--:</b>-->
<!-- </td>-->
<!-- <td valign="bottom">-->
<!-- <input type="password" name="loginPassword" size="30">-->
<!-- </td>-->
<!-- </tr>-->
<!-- <tr>-->
<!-- <td valign="bottom">-->
<!-- -->
<!-- </td>-->
<!-- <td valign="bottom">-->
<!-- <input class="button secondary" type="submit" value="Login">-->
<!-- </td>-->
<!-- </tr>-->
<!--</table>-->
</form><?php
// --------------------------------------------------------------------
// DISPLAY THE HTML FOOTER:
// call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')
showPageFooter($HeaderString);
displayHTMLfoot();
// --------------------------------------------------------------------
}
function atomCollection($result, $rowOffset, $showRows, $exportStylesheet, $displayType)
{
global $databaseBaseURL;
// these variables are defined in 'ini.inc.php'
global $contentTypeCharset;
global $convertExportDataToUTF8;
global $citeStyle;
global $citeOrder;
global $query;
// Individual records are objects and collections of records are strings
$atomCollectionDoc = new XMLDocument();
if ($convertExportDataToUTF8 == "yes" and $contentTypeCharset != "UTF-8") {
$atomCollectionDoc->setEncoding("UTF-8");
} else {
$atomCollectionDoc->setEncoding($contentTypeCharset);
}
// Generate the basic OpenSearch Atom XML tree required for a query response:
$atomCollection = atomGenerateBaseTags("Results");
$showRowsOriginal = $showRows;
// save original value of '$showRows' (which may get modified by the 'seekInMySQLResultsToOffset()' function below)
// Find out how many rows are available and (if there were rows found) seek to the current offset:
// function 'seekInMySQLResultsToOffset()' is defined in 'include.inc.php'
list($result, $rowOffset, $showRows, $rowsFound, $previousOffset, $nextOffset, $showMaxRow) = seekInMySQLResultsToOffset($result, $rowOffset, $showRows, $displayType, "");
// Setup some required variables:
if ($rowsFound != 0 and $showRowsOriginal != 0) {
$startIndex = $rowOffset + 1;
// for OpenSearch, the index of the first search result is 1 while the first row number in a MySQL result set is 0, so we have to add 1
if ($showMaxRow < $rowsFound) {
// if we are not on the last results page
$itemsPerPage = $showRows;
} else {
// last results page
$itemsPerPage = $rowsFound - $rowOffset;
}
// adopt value for '$itemsPerPage' so that it equals the number of records displayed on the last page (which may be less than '$showRows')
if ($rowsFound > $showRows) {
// Calculate the maximum number of pages needed:
$lastPage = $rowsFound / $showRows;
// workaround for always rounding upward (since I don't know better! :-/):
if (preg_match("/[0-9]+\\.[0-9+]/", $lastPage)) {
// if the result number is not an integer
$lastPage = (int) $lastPage + 1;
}
// we convert the number into an integer and add 1
// Calculate the offset of the first record that's displayed on the last results page:
// NOTE: Should the last offset take the current '$rowOffset' into account? I.e., take '$rowOffset' and see
// how many full chunks of '$showRows' can be stacked on top of it until '$rowsFound' is reached.
// The offset of the first of the remaining records then constitutes the '$lastOffset'.
$lastOffset = ($lastPage - 1) * $showRows;
} else {
// there's only one page to be displayed
$lastOffset = 0;
}
} else {
$startIndex = 0;
// note that "0" will currently cause an empty element to be returned (instead of the number "0"), should this be changed?
$itemsPerPage = 0;
$lastOffset = 0;
}
// Extract the 'WHERE' clause from the current SQL query:
$queryWhereClause = extractWHEREclause($query);
// function 'extractWHEREclause()' is defined in 'include.inc.php'
// Setup base URL and its corresponding query parameter for formats
// that are supported by both, 'show.php'/'rss.php' AND 'opensearch.php':
if (!isset($_SESSION['cqlQuery'])) {
// (while 'opensearch.php' writes the user's OpenSearch/CQL query into a session variable, this
// does not happen (and is not possible) if Atom XML is exported via the regular refbase GUI)
// Generate Atom links using 'show.php' URLs (or 'rss.php' in case of RSS XML):
$baseURL = "show.php";
$cqlQuery = "";
$queryParametersArray["where"] = $queryWhereClause;
} else {
// Generate Atom links using 'opensearch.php' URLs:
$baseURL = "opensearch.php";
// Extract the original OpenSearch/CQL query that was saved by 'opensearch.php' as a session variable:
$cqlQuery = $_SESSION['cqlQuery'];
$queryParametersArray["query"] = $cqlQuery;
// Clear the 'cqlQuery' session variable so that subsequent calls of this function won't accidentally use an outdated OpenSearch/CQL query:
// Note: Though we clear the session variable, the current message is still available to this script via '$cqlQuery':
deleteSessionVariable("cqlQuery");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// ----------------------------------------------------------
// Add feed-level tags:
// - 'link' elements:
// NOTE: According to the Atom spec, a feed is limited to ONE 'rel=alternate' link per type and hreflang!
// A) Formats supported by both, 'show.php'/'rss.php' AND 'opensearch.php':
// - RSS feed for full query results:
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "RSS XML", $queryParametersArray, true, $showRows), "alternate", "RSS XML", "Current query results as RSS feed");
// function 'generateURL()' is defined in 'include.inc.php'
// - HTML output for current results page:
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "html", $queryParametersArray, true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "html", "Current results page as HTML");
// - SRW_DC XML data for current results page:
// NOTE: A link to SRW_MODS XML is already used with this type!
// atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "SRW_DC XML", $queryParametersArray, true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "SRW_DC XML", "Current results page as SRW_DC XML data");
// - SRW_MODS XML data for current results page:
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "SRW_MODS XML", $queryParametersArray, true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "SRW_MODS XML", "Current results page as SRW_MODS XML data");
// - Atom XML data for current results page:
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "Atom XML", $queryParametersArray, true, $showRows, $rowOffset, $citeStyle, $citeOrder), "self", "Atom XML", "Current results page");
// - Atom XML data for first results page:
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "Atom XML", $queryParametersArray, true, $showRows, 0, $citeStyle, $citeOrder), "first", "Atom XML", "First results page");
// - Atom XML data for previous results page:
if ($startIndex > $showRows) {
// if there are any previous results pages
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "Atom XML", $queryParametersArray, true, $showRows, $previousOffset, $citeStyle, $citeOrder), "previous", "Atom XML", "Previous results page");
}
// - Atom XML data for next results page:
if ($showMaxRow < $rowsFound) {
// if we are not on the last results page
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "Atom XML", $queryParametersArray, true, $showRows, $nextOffset, $citeStyle, $citeOrder), "next", "Atom XML", "Next results page");
}
// - Atom XML data for last results page:
atomLink($atomCollection, $databaseBaseURL . generateURL($baseURL, "Atom XML", $queryParametersArray, true, $showRows, $lastOffset, $citeStyle, $citeOrder), "last", "Atom XML", "Last results page");
// B) Other export formats supported by 'show.php':
// NOTE: These export formats currently do not support paging of results via '$showRows' and '$rowOffset' and thus always export the entire result set!
// TODO: add links for ADS, ISI and Word XML
// - BibTeX data for all results:
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "BibTeX", array("where" => $queryWhereClause), true, $showRows, $rowOffset, "", $citeOrder), "alternate", "BibTeX", "All results as BibTeX data");
// - Endnote data for all results:
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "Endnote", array("where" => $queryWhereClause), true, $showRows, $rowOffset, "", $citeOrder), "alternate", "Endnote", "All results as Endnote data");
// - RIS data for all results:
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "RIS", array("where" => $queryWhereClause), true, $showRows, $rowOffset, "", $citeOrder), "alternate", "RIS", "All results as RIS data");
// - MODS XML data for all results:
// NOTE: A link to SRW_MODS XML is already used with this type!
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "MODS XML", array("where" => $queryWhereClause), true, $showRows, $rowOffset, "", $citeOrder), "alternate", "MODS XML", "All results as MODS XML data");
// - OAI_DC XML data for all results:
// NOTE: A link to SRW_MODS XML is already used with this type!
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "OAI_DC XML", array("where" => $queryWhereClause), true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "OAI_DC XML", "All results as OAI_DC XML data");
// - ODF XML data for all results:
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "ODF XML", array("where" => $queryWhereClause, "exportType" => "file"), true, $showRows, $rowOffset, "", $citeOrder), "alternate", "ODF XML", "All results as ODF XML data");
// C) Citation formats supported by 'show.php':
// NOTE: Citation formats support paging of results via '$showRows' and '$rowOffset' if the 'client' parameter contains a value that starts with "cli"
// - RTF citations for current results page:
atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "RTF", array("where" => $queryWhereClause, "client" => "cli-refbase_atom-1.0"), true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "RTF", "Current results page as citations in RTF format");
// - PDF citations for current results page:
atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "PDF", array("where" => $queryWhereClause, "client" => "cli-refbase_atom-1.0"), true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "PDF", "Current results page as citations in PDF format");
// - LaTeX citations for current results page:
atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "LaTeX", array("where" => $queryWhereClause, "client" => "cli-refbase_atom-1.0"), true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "LaTeX", "Current results page as citations in LaTeX format");
// - LaTeX .bbl citations for current results page:
// NOTE: A link to LaTeX citations is already used with this type!
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "LaTeX .bbl", array("where" => $queryWhereClause, "client" => "cli-refbase_atom-1.0"), true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "LaTeX .bbl", "Current results page as citations in LaTeX .bbl format");
// - Markdown citations for current results page:
atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "Markdown", array("where" => $queryWhereClause, "client" => "cli-refbase_atom-1.0"), true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "Markdown", "Current results page as citations in Markdown format");
// - ASCII citations for current results page:
// (NOTE: A link to Markdown citations is already used with this type!
// Additionally, ASCII output with 'client=cli...' causes text output to be meant as shell response)
// atomLink($atomCollection, $databaseBaseURL . generateURL("show.php", "ASCII", array("where" => $queryWhereClause, "client" => "cli-refbase_atom-1.0"), true, $showRows, $rowOffset, $citeStyle, $citeOrder), "alternate", "ASCII", "Current results page as citations in ASCII format");
// - 'id':
// NOTE: is this a valid feed ID?
// TODO: should we rather use a feed ID that conforms to the Tag URI (RFC 4151)? Spec: <http://tools.ietf.org/html/rfc4151>;
// or should we use an ID such as '<id>urn:uuid:60a76c80-d399-11d9-b93C-0003939e0af6</id>' ?
addNewBranch($atomCollection, "id", array(), $databaseBaseURL . generateURL($baseURL, "Atom XML", $queryParametersArray, true, $showRows, $rowOffset, $citeStyle, $citeOrder));
// function 'addNewBranch()' is defined in 'webservice.inc.php'
// - OpenSearch elements:
// - 'opensearch:totalResults' contains the number of search results available for the current search:
// NOTE: The OpenSearch spec says: "If the totalResults element does not appear on the page then the
// search client should consider the current page to be the last page of search results."
// So does that, in turn, mean that we should better skip this element on the last results page?
addNewBranch($atomCollection, "opensearch:totalResults", array(), $rowsFound);
// - 'opensearch:startIndex' contains the index of the first search result in the current set of search results:
addNewBranch($atomCollection, "opensearch:startIndex", array(), $startIndex);
// - 'opensearch:itemsPerPage' contains the number of search results returned per page:
addNewBranch($atomCollection, "opensearch:itemsPerPage", array(), $itemsPerPage);
// - 'opensearch:Query' defines a search query that can be performed by search clients:
if (!empty($cqlQuery)) {
// convert query string to UTF-8:
// (if '$convertExportDataToUTF8' is set to "yes" in 'ini.inc.php' and character encoding is not UTF-8 already)
if ($convertExportDataToUTF8 == "yes" and $contentTypeCharset != "UTF-8") {
$cqlQuery = convertToCharacterEncoding("UTF-8", "IGNORE", $cqlQuery);
}
// function 'convertToCharacterEncoding()' is defined in 'include.inc.php'
addNewBranch($atomCollection, "opensearch:Query", array("role" => "request", "title" => "Current query", "searchTerms" => $cqlQuery, "startIndex" => $startIndex, "count" => $itemsPerPage), "");
}
// ----------------------------------------------------------
// Add Atom XML entries:
if ($showRowsOriginal != 0) {
// Define inline text markup to be used by the 'citeRecord()' function:
$markupPatternsArray = array("bold-prefix" => "<b>", "bold-suffix" => "</b>", "italic-prefix" => "<i>", "italic-suffix" => "</i>", "underline-prefix" => "<u>", "underline-suffix" => "</u>", "endash" => "–", "emdash" => "—", "ampersand" => "&", "double-quote" => """, "double-quote-left" => "“", "double-quote-right" => "”", "single-quote" => "'", "single-quote-left" => "‘", "single-quote-right" => "’", "less-than" => "<", "greater-than" => ">", "newline" => "\n<br>\n");
$exportArray = array();
// array for individually exported records
// Generate the export for each record and push them onto an array:
for ($rowCounter = 0; $rowCounter < $showRows && ($row = @mysql_fetch_array($result)); $rowCounter++) {
// Export the current record as Atom XML entry:
$entry = atomEntry($row, $markupPatternsArray);
if (!empty($entry)) {
// unless the record buffer is empty...
array_push($exportArray, $entry);
}
// ...add it to an array of exports
}
// for each of the Atom XML entries in the result set...
foreach ($exportArray as $atom) {
$atomCollection->addXMLasBranch($atom);
}
}
$atomCollectionDoc->setXML($atomCollection);
$atomCollectionString = $atomCollectionDoc->getXMLString();
// Add the XML Stylesheet definition:
// Note that this is just a hack (that should get fixed) since I don't know how to do it properly using the ActiveLink PHP XML Package ?:-/
if (!empty($exportStylesheet)) {
$atomCollectionString = preg_replace("/(?=\\<feed)/i", "<?xml-stylesheet type=\"text/xsl\" href=\"" . $exportStylesheet . "\"?>\n", $atomCollectionString);
}
// NOTE: Firefox >=2.x, Safari >=2.x and IE >=7.x break client-side XSL for RSS and Atom feeds!
// See e.g.: <http://decafbad.com/blog/2006/11/02/firefox-20-breaks-client-side-xsl-for-rss-and-atom-feeds>
// TODO: Re-evaluate: This is a VERY dirty hack that prevents the feed sniffing and subsequent
// browser applied default XSLT stylesheet that has been implemented by FireFox 2, Safari 2
// and Internet Explorer 7. To prevent the feed sniffing we insert a comment before the feed
// element that is larger than 512 bytes. See: <http://feedme.mind-it.info/pivot/entry.php?id=9>
if (!empty($exportStylesheet)) {
$atomCollectionString = preg_replace("/(?=\\<feed)/i", "<!-- This is a comment that has been inserted since Internet Explorer 7, FireFox 2 and Safari 3 break client-side XSL for RSS and Atom feeds, i.e. these browsers don't honour a xml stylesheet instruction but instead apply their own default XSLT stylesheet. While this makes sense for reasons of consistency, it's very unfortunate that there's no proper option to circumvent this behaviour since it effectively prevents custom feed-based GUI solutions that were made for other purposes than the ones intended by the browser developers. Luckily the designers of these browsers use very brittle sniffing techniques that can be overridden by consuming the first 512 bytes of an XML file. This comment provides these essential 512 bytes of crud, thus preventing the feed sniffing and subsequent applied default XSLT stylesheet that has been implemented by Internet Explorer 7, FireFox 2 and Safari 2. But, unfortunately, it destroys the nice simplicity and cleanliness of this Atom feed. For more info see e.g. <http://decafbad.com/blog/2006/11/02/firefox-20-breaks-client-side-xsl-for-rss-and-atom-feeds> and <http://feedme.mind-it.info/pivot/entry.php?id=9>. -->\n", $atomCollectionString);
}
return $atomCollectionString;
}
function showUserData($userID, $userAction, $connection)
{
global $HeaderString;
global $viewType;
global $loginWelcomeMsg;
global $loginStatus;
global $loginLinks;
global $loginEmail;
global $adminLoginEmail;
global $officialDatabaseName;
global $defaultLanguage;
global $tableUsers;
// defined in 'db.inc.php'
global $loc;
// '$loc' is made globally available in 'core.php'
// CONSTRUCT SQL QUERY:
$query = "SELECT * FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// (3) RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// (4) EXTRACT results (since 'user_id' is the unique primary key for the 'users' table, there will be only one matching row)
$row = @mysql_fetch_array($result);
// Build the correct header message:
if (!isset($_SESSION['HeaderString'])) {
// if there's no saved message
if ($userAction == "Delete") {
// provide an appropriate header message:
$HeaderString = "<b><span class=\"warning\">Delete user</span> " . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . ")</b>:";
} elseif (empty($userID)) {
$HeaderString = "Account details and options for anyone who isn't logged in:";
} else {
// provide the default message:
$HeaderString = "Account details and options for <b>" . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . ")</b>:";
}
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// Get the list of "main fields" preferred by the current user:
// NOTE: We have to call function 'getMainFields()' up here since it updates
// session variable 'userMainFields' which gets used in function
// 'buildQuickSearchElements()' (which, in turn, is called from within
// function 'showPageHeader()')
$mainFieldsArray = getMainFields($userID);
// function 'getMainFields()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions:
// (see note for '$mainFieldsArray' which also applies here)
$showAutoCompletions = getPrefAutoCompletions($userID);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Map MySQL field names to localized column names:
$fieldNamesArray = mapFieldNames();
// function 'mapFieldNames()' is defined in 'include.inc.php'
$localizedMainFieldsArray = array();
foreach ($mainFieldsArray as $field) {
if (isset($fieldNamesArray[$field])) {
$localizedMainFieldsArray[$field] = $fieldNamesArray[$field];
} else {
// no localized field name exists, so we use the original field name
$localizedMainFieldsArray[$field] = $field;
}
}
// Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Receipt", "noindex,nofollow", "Receipt page confirming correct entry of user details and options for the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array());
showPageHeader($HeaderString);
// Start main table:
echo "\n<table id=\"accountinfo\" align=\"center\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"95%\" summary=\"This table displays user account details and options\">";
echo "\n<tr>" . "\n\t<td valign=\"top\" width=\"28%\">";
// Start left sub-table:
echo "\n\t\t<table id=\"accountdetails\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account details\">";
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>Account Details:</b></td>";
if (mysql_num_rows($result) == 1) {
// Add edit/delete button:
echo "\n\t\t\t<td align=\"left\">";
// If the admin is logged in, allow the display of a button that will delete the currently shown user:
if (isset($_SESSION['loginEmail']) && $loginEmail == $adminLoginEmail) {
if ($userAction == "Delete") {
echo "<a href=\"user_removal.php?userID=" . $userID . "\"><img src=\"img/delete.gif\" alt=\"" . $loc["delete"] . "\" title=\"" . $loc["LinkTitle_DeleteUser"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
}
if ($userAction != "Delete") {
echo "<a href=\"user_details.php?userID=" . $userID . "\"><img src=\"img/edit.gif\" alt=\"" . $loc["edit"] . "\" title=\"" . $loc["LinkTitle_EditDetails"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
// Display a password reminder:
// (but only if a normal user is logged in -OR- the admin is logged in AND the updated user data are his own!)
if ($loginEmail != $adminLoginEmail | ($loginEmail == $adminLoginEmail && $userID == getUserID($loginEmail))) {
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\"><i>Please record your password somewhere safe for future use!</i></td>\n\t\t</tr>";
}
// Print title, first name, last name and institutional abbreviation:
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\">\n\t\t\t\t";
if (!empty($row["title"])) {
echo $row["title"] . ". ";
}
echo encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . encodeHTML($row["abbrev_institution"]) . ")";
// Since the first name, last name and abbrev. institution fields are mandatory, we don't need to check if they're empty
// Print institution name:
if (!empty($row["institution"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["institution"]);
}
// Print corporate institution name:
if (!empty($row["corporate_institution"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["corporate_institution"]);
}
// If any of the address lines contain data, add a spacer row:
if (!empty($row["address_line_1"]) || !empty($row["address_line_2"]) || !empty($row["address_line_3"]) || !empty($row["zip_code"]) || !empty($row["city"]) || !empty($row["state"]) || !empty($row["country"])) {
echo "\n\t\t\t\t<br>";
}
// Print first address line:
if (!empty($row["address_line_1"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_1"]);
}
// Print second address line:
if (!empty($row["address_line_2"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_2"]);
}
// Print third address line:
if (!empty($row["address_line_3"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_3"]);
}
// Print zip code and city:
if (!empty($row["zip_code"]) && !empty($row["city"])) {
// both fields are available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["zip_code"]) . " " . encodeHTML($row["city"]);
} elseif (!empty($row["zip_code"]) && empty($row["city"])) {
// only 'zip_code' available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["zip_code"]);
} elseif (empty($row["zip_code"]) && !empty($row["city"])) {
// only 'city' field available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["city"]);
}
// Print state:
if (!empty($row["state"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["state"]);
}
// Print country:
if (!empty($row["country"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["country"]);
}
// If any of the phone/url/email fields contain data, add a spacer row:
if (!empty($row["phone"]) || !empty($row["url"]) || !empty($row["email"])) {
echo "\n\t\t\t\t<br>";
}
// Print phone number:
if (!empty($row["phone"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "Phone: " . encodeHTML($row["phone"]);
}
// Print URL:
if (!empty($row["url"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "URL: <a href=\"" . $row["url"] . "\">" . $row["url"] . "</a>";
}
// Print email:
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "Email: <a href=\"mailto:" . $row["email"] . "\">" . $row["email"] . "</a>";
// Since the email field is mandatory, we don't need to check if it's empty
echo "\n\t\t\t</td>\n\t\t</tr>";
} else {
echo "\n\t\t\t<td align=\"right\"></td>\n\t\t</tr>";
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\">(none)</td>\n\t\t</tr>";
}
// Close left sub-table:
echo "\n\t\t</table>";
// Close left table cell of main table:
echo "\n\t</td>";
if ($userAction != "Delete") {
// ------------------------------------------------------------
// Start middle table cell of main table:
echo "\n\t<td valign=\"top\">";
// Start middle sub-table:
echo "\n\t\t<table id=\"accountopt\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account options\">";
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>Display Options:</b></td>" . "\n\t\t\t<td align=\"right\">";
if (mysql_num_rows($result) == 1 or $userID == 0) {
// If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in)
echo "<a href=\"user_options.php?userID=" . $userID . "\"><img src=\"img/options.gif\" alt=\"" . $loc["options"] . "\" title=\"" . $loc["LinkTitle_EditOptions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
// Show the user's selected interface language:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Use language:</td>";
if (mysql_num_rows($result) == 1) {
// If there's a user associated with this user ID
echo "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $row["language"] . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>";
} else {
// no user exists with this user ID
echo "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $defaultLanguage . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>";
}
echo "\n\t\t</tr>";
// get the default number of records per page preferred by the current user:
$recordsPerPage = getDefaultNumberOfRecords($userID);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// show the user's default number of records per page:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Show records per page:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $recordsPerPage . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// show the user's preference for displaying auto-completions:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Show auto-completions:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $loc[$showAutoCompletions] . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
if ($loginEmail == $adminLoginEmail) {
$ShowEnabledDescriptor = "Enabled";
// get all formats/styles/types that are available and were enabled by the admin for the current user:
$userTypesArray = getEnabledUserFormatsStylesTypes($userID, "type", "", false);
// function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php'
$citationStylesArray = getEnabledUserFormatsStylesTypes($userID, "style", "", false);
$citationFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "cite", false);
$exportFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "export", false);
} else {
$ShowEnabledDescriptor = "Show";
// get all formats/styles/types that were selected by the current user
// and (if some formats/styles/types were found) save them as semicolon-delimited string to an appropriate session variable:
$userTypesArray = getVisibleUserFormatsStylesTypes($userID, "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
$citationStylesArray = getVisibleUserFormatsStylesTypes($userID, "style", "");
$citationFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "cite");
$exportFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "export");
// Note: the function 'getVisibleUserFormatsStylesTypes()' will only update the appropriate session variables if
// either a normal user is logged in -OR- the admin is logged in AND the updated user data are his own(*);
// otherwise, the function will simply return an array containing all matching values
// (*) the admin-condition won't apply here, though, since this function gets only called for normal users. This means, that
// the admin is currently not able to hide any items from his popup lists via the admin interface (he'll need to hack the MySQL tables)!
}
// list types:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " reference types:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($userTypesArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $userTypesArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list styles:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " citation styles:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($citationStylesArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $citationStylesArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list cite formats:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " citation formats:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($citationFormatsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $citationFormatsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list export formats:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " export formats:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($exportFormatsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $exportFormatsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list all fields that were selected by the current user as "main fields":
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>\"Main fields\" searches:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($localizedMainFieldsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $localizedMainFieldsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// Close middle sub-table:
echo "\n\t\t</table>";
// Close middle table cell of main table:
echo "\n\t</td>";
// ------------------------------------------------------------
// Start right table cell of main table:
echo "\n\t<td valign=\"top\">";
// Start right sub-table:
echo "\n\t\t<table id=\"accountperm\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account permissions\">";
if ($loginEmail == $adminLoginEmail) {
// get all user permissions for the current user:
$userPermissionsArray = getPermissions($userID, "user", false);
// function 'getPermissions()' is defined in 'include.inc.php'
// map raw field names from table 'user_permissions' with items of the global localization array ('$loc'):
$localizedUserPermissionsArray = array('allow_add' => 'UserPermission_AllowAdd', 'allow_edit' => 'UserPermission_AllowEdit', 'allow_delete' => 'UserPermission_AllowDelete', 'allow_download' => 'UserPermission_AllowDownload', 'allow_upload' => 'UserPermission_AllowUpload', 'allow_list_view' => 'UserPermission_AllowListView', 'allow_details_view' => 'UserPermission_AllowDetailsView', 'allow_print_view' => 'UserPermission_AllowPrintView', 'allow_browse_view' => 'UserPermission_AllowBrowseView', 'allow_sql_search' => 'UserPermission_AllowSQLSearch', 'allow_user_groups' => 'UserPermission_AllowUserGroups', 'allow_user_queries' => 'UserPermission_AllowUserQueries', 'allow_rss_feeds' => 'UserPermission_AllowRSSFeeds', 'allow_import' => 'UserPermission_AllowImport', 'allow_export' => 'UserPermission_AllowExport', 'allow_cite' => 'UserPermission_AllowCite', 'allow_batch_import' => 'UserPermission_AllowBatchImport', 'allow_batch_export' => 'UserPermission_AllowBatchExport', 'allow_modify_options' => 'UserPermission_AllowModifyOptions', 'allow_edit_call_number' => 'UserPermission_AllowEditCallNumber');
$enabledUserActionsArray = array();
// initialize array variables
$disabledUserActionsArray = array();
// separate enabled permission settings from disabled ones and assign localized permission names:
foreach ($userPermissionsArray as $permissionKey => $permissionValue) {
if ($permissionValue == 'yes') {
$enabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]];
} else {
$disabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]];
}
// append this field's localized permission name to the array of disabled user actions
}
if (empty($enabledUserActionsArray)) {
$enabledUserActionsArray[] = "(none)";
}
if (empty($disabledUserActionsArray)) {
$disabledUserActionsArray[] = "(none)";
}
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>User Permissions:</b></td>" . "\n\t\t\t<td align=\"right\">";
if (mysql_num_rows($result) == 1 or $userID == 0) {
// If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in)
echo "<a href=\"user_options.php?userID=" . $userID . "#permissions\"><img src=\"img/options.gif\" alt=\"" . $loc["permissions"] . "\" title=\"" . $loc["LinkTitle_EditPermissions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Enabled features:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . implode("</li>\n\t\t\t\t\t<li>", $enabledUserActionsArray) . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Disabled features:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . implode("</li>\n\t\t\t\t\t<li>", $disabledUserActionsArray) . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
}
// Close right sub-table:
echo "\n\t\t</table>";
// Close right table cell of main table:
echo "\n\t</td>";
}
echo "\n</tr>";
// Close main table:
echo "\n</table>";
}
