Example #1
0
function saveRecord($recordID, $rectype, $url, $notes, $wg, $vis, $personalised, $pnotes, $rating, $tags, $wgTags, $details, $notifyREMOVE, $notifyADD, $commentREMOVE, $commentMOD, $commentADD, &$nonces = null, &$retitleRecs = null, $modeImport = 0)
{
    global $msgInfoSaveRec;
    $msgInfoSaveRec = array();
    // reset the message array
    mysql_query("start transaction");
    //	$log = " saving record ($recordID) ";
    $recordID = intval($recordID);
    $wg = intval($wg);
    if ($wg || !is_logged_in()) {
        // non-member saves are not allowed
        $res = mysql_query("select * from " . USERS_DATABASE . ".sysUsrGrpLinks where ugl_UserID=" . get_user_id() . " and ugl_GroupID=" . $wg);
        if (mysql_num_rows($res) < 1) {
            errSaveRec("invalid workgroup, record save aborted");
            return $msgInfoSaveRec;
        }
    }
    $rectype = intval($rectype);
    if ($recordID && !$rectype) {
        errSaveRec("cannot change existing record to private note, record save aborted");
        return $msgInfoSaveRec;
    }
    if ($vis && !in_array(strtolower($vis), array('hidden', 'viewable', 'pending', 'public'))) {
        $vis = null;
    }
    $now = date('Y-m-d H:i:s');
    // public records data
    if (!$recordID) {
        //		$log .= "- inserting record ";
        mysql__insert("Records", array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg || $wg == 0 ? $wg : get_user_id(), "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_AddedByUGrpID" => get_user_id(), "rec_Added" => $now, "rec_Modified" => $now, "rec_AddedByImport" => $modeImport > 0 ? 1 : 0));
        if (mysql_error()) {
            errSaveRec("database record insert error - " . mysql_error());
            return $msgInfoSaveRec;
        }
        $recordID = mysql_insert_id();
    } else {
        $res = mysql_query("select * from Records left join " . USERS_DATABASE . ".sysUsrGrpLinks on ugl_GroupID=rec_OwnerUGrpID and ugl_UserID=" . get_user_id() . " where rec_ID={$recordID}");
        $record = mysql_fetch_assoc($res);
        if ($wg != $record["rec_OwnerUGrpID"] && $record["rec_OwnerUGrpID"] != get_user_id()) {
            if ($record["rec_OwnerUGrpID"] > 0 && $record["ugl_Role"] != "admin") {
                // user is trying to change the workgroup when they are not an admin
                errSaveRec("user is not a workgroup admin");
                return $msgInfoSaveRec;
            } else {
                if (!is_admin()) {
                    // you must be an database admin to change a public record into a workgroup record
                    errSaveRec("user does not have sufficient authority to change public record to workgroup record");
                    return $msgInfoSaveRec;
                }
            }
        }
        //		$log .= "- updating record ";
        mysql__update("Records", "rec_ID={$recordID}", array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg || $wg == 0 ? $wg : get_user_id(), "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_FlagTemporary" => 0, "rec_Modified" => $now));
        if (mysql_error()) {
            errSaveRec("database record update error - " . mysql_error());
            return $msgInfoSaveRec;
        }
    }
    // public recDetails data
    if ($details) {
        //		$log .= "- inserting details ";
        $dtlIDsByAction = doDetailInsertion($recordID, $details, $rectype, $wg, $nonces, $retitleRecs, $modeImport);
        if (@$dtlIDsByAction['error']) {
            array_push($msgInfoSaveRec['error'], $dtlIDsByAction['error']);
            return $msgInfoSaveRec;
        }
    }
    // check that all the required fields are present
    $res = mysql_query("select rst_ID, rst_DetailTypeID, rst_DisplayName" . " from defRecStructure" . " left join recDetails on dtl_RecID={$recordID} and rst_DetailTypeID=dtl_DetailTypeID" . " where rst_RecTypeID={$rectype} and rst_RequirementType='required' and dtl_ID is null");
    if (mysql_num_rows($res) > 0) {
        //		$log .= "- testing missing detatils ";
        $missed = "";
        while ($row = mysql_fetch_row($res)) {
            $missed = $missed . $row[2] . " ";
        }
        /*****DEBUG****/
        //error_log("MISSED ".$missed);
        // at least one missing field
        if ($modeImport == 2) {
            warnSaveRec("record is missing required field(s): " . $missed);
        } else {
            errSaveRec("record is missing required field(s): " . $missed);
            return $msgInfoSaveRec;
        }
    }
    mysql_query("commit");
    // if we get to here we have a valid save of the core record.
    // calculate title, do an update
    //	$log .= "- filling titlemask ";
    $mask = mysql__select_array("defRecTypes", "rty_TitleMask", "rty_ID={$rectype}");
    $mask = $mask[0];
    $title = fill_title_mask($mask, $recordID, $rectype);
    /*****DEBUG****/
    //error_log("DEBUG >>>>>>MASK=".$mask."=".$title);
    if ($title) {
        mysql_query("update Records set rec_Title = '" . addslashes($title) . "' where rec_ID = {$recordID}");
    }
    // Update memcache: we can do this here since it's only the public data that we cache.
    updateCachedRecord($recordID);
    // private data
    $bkmk = @mysql_fetch_row(mysql_query("select bkm_ID from usrBookmarks where bkm_UGrpID=" . get_user_id() . " and bkm_recID=" . $recordID));
    $bkm_ID = @$bkmk[0];
    if ($personalised) {
        if (!$bkm_ID) {
            // Record is not yet bookmarked, but we want it to be
            mysql_query("insert into usrBookmarks (bkm_Added,bkm_Modified,bkm_UGrpID,bkm_recID) values (now(),now()," . get_user_id() . ",{$recordID})");
            if (mysql_error()) {
                warnSaveRec("trying to create a bookmark - database error - " . mysql_error());
            } else {
                $bkm_ID = mysql_insert_id();
            }
        }
        //		$log .= "- updating bookmark ";
        mysql__update("usrBookmarks", "bkm_ID={$bkm_ID}", array("bkm_Rating" => $rating, "bkm_Modified" => date('Y-m-d H:i:s')));
        //WARNING  tags is assumed to be a complete replacement list for personal tags on this record.
        doTagInsertion($recordID, $bkm_ID, $tags);
    } else {
        if ($bkm_ID) {
            // Record is bookmarked, but the user doesn't want it to be
            //		$log .= "- deleting bookmark ";
            $query = "delete usrBookmarks, usrRecTagLinks " . "from usrBookmarks left join usrRecTagLinks on rtl_RecID = bkm_recID " . "left join usrTags on tag_ID = rtl_TagID " . "where bkm_ID={$bkm_ID} and bkm_recID={$recordID} and bkm_UGrpID = tag_UGrpID and bkm_UGrpID=" . get_user_id();
            /*****DEBUG****/
            //error_log("saveRecord delete bkmk - q = $query");
            mysql_query($query);
            if (mysql_error()) {
                warnSaveRec("database error while removing bookmark- " . mysql_error());
            }
            //saw TODO: add code to remove other personal data reminders, personal notes (woots), etc.
        }
    }
    doWgTagInsertion($recordID, $wgTags);
    if ($notifyREMOVE || $notifyADD) {
        $notifyIDs = handleNotifications($recordID, $notifyREMOVE, $notifyADD);
    }
    if ($commentREMOVE || $commentMOD || $commentADD) {
        $commentIDs = handleComments($recordID, $commentREMOVE, $commentMOD, $commentADD);
    }
    $rval = array("bibID" => $recordID, "bkmkID" => $bkm_ID, "modified" => $now);
    if ($title) {
        $rval["title"] = $title;
    }
    if (@$dtlIDsByAction) {
        $rval["detail"] = $dtlIDsByAction;
    }
    if (@$notifyIDs) {
        $rval["notify"] = $notifyIDs;
    }
    if (@$commentIDs) {
        $rval["comment"] = $commentIDs;
    }
    if (@$msgInfoSaveRec['warning']) {
        $rval["warning"] = $msgInfoSaveRec['warning'];
    }
    if (@$msgInfoSaveRec['error']) {
        //should never get here with error set
        $rval["error"] = $msgInfoSaveRec['error'];
    } else {
        //$rval["usageCount"] =
        updateRecTypeUsageCount();
    }
    /*****DEBUG****/
    //error_log($log);
    return $rval;
}
$def_lang = null;
$base_dir = dirname(__FILE__);
$base_url = '/';
$user_domain = 'verticeinteractive.esy.es';
$show_comments = false;
include dirname(__FILE__) . '/functions.inc.php';
$home_page = '1';
list($page_id, $lang) = parse_uri();
$user_key = "c94/4bulFKXdjb3Qejln1Er5Dk1GgSzbyQ==";
$user_hash = "ab3cc0380c8e5cc0";
$comment_callback = "http://uk.zyro.com/comment_callback/";
$preview = false;
$mod_rewrite = true;
$page = isset($pages[$page_id]) ? $pages[$page_id] : null;
if (!is_null($page)) {
    handleComments($page['id']);
    if (isset($_POST["wb_form_id"])) {
        handleForms($page['id']);
    }
}
ob_start();
if (isset($_REQUEST['view']) && $_REQUEST['view'] == 'news') {
    include dirname(__FILE__) . '/news.php';
} else {
    if (isset($_REQUEST['view']) && $_REQUEST['view'] == 'blog') {
        include dirname(__FILE__) . '/blog.php';
    } else {
        if ($page) {
            $fl = dirname(__FILE__) . '/' . $page['file'];
            if (is_file($fl)) {
                ob_start();
Example #3
0
function saveRecord($recordID, $rectype, $url, $notes, $wg, $vis, $personalised, $pnotes, $rating, $tags, $wgTags, $details, $notifyREMOVE, $notifyADD, $commentREMOVE, $commentMOD, $commentADD, &$nonces = null, &$retitleRecs = null, $modeImport = 0)
{
    global $msgInfoSaveRec;
    $msgInfoSaveRec = array();
    // reset the message array
    mysql_query("start transaction");
    //	$log = " saving record ($recordID) ";
    $recordID = intval($recordID);
    $wg = intval($wg);
    if (!is_logged_in()) {
        errSaveRec("It is not possible to save record if not logged in, record save aborted");
        return $msgInfoSaveRec;
    } else {
        if ($wg != null && intval($wg) > 0 && intval($wg) != get_user_id()) {
            // non-member saves are not allowed
            $uquery = "select * from " . USERS_DATABASE . ".sysUsrGrpLinks where ugl_UserID=" . get_user_id() . " and ugl_GroupID=" . $wg;
            $res = mysql_query($uquery);
            if (mysql_num_rows($res) < 1) {
                errSaveRec("Current user " . get_user_id() . " is not a member of required workgroup " . $wg . ", record save aborted ");
                return $msgInfoSaveRec;
            }
        }
    }
    $rectype = intval($rectype);
    if ($recordID && !$rectype) {
        errSaveRec("cannot change existing record to private note, record save aborted");
        return $msgInfoSaveRec;
    }
    $rectypeName = null;
    $res = mysql_query("select rty_Name from defRecTypes where rty_ID=" . $rectype);
    if ($res) {
        $row = mysql_fetch_row($res);
        if ($row) {
            $rectypeName = $row[0];
        }
    }
    if (!$rectypeName) {
        errSaveRec("record type #{$rectype} is not valid");
        return $msgInfoSaveRec;
    }
    if ($vis) {
        $vis = strtolower(str_replace('"', "", $vis));
        $isvalid = in_array(strtolower($vis), array('hidden', 'viewable', 'pending', 'public'));
        if ($isvalid == false) {
            $vis = null;
        }
    }
    $now = date('Y-m-d H:i:s');
    $wg = $wg >= 0 ? $wg : get_user_id();
    // public records data
    if (!$recordID || $recordID < 0) {
        //new record
        //		$log .= "- inserting record ";
        $recheader = array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg, "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_AddedByUGrpID" => get_user_id(), "rec_Added" => $now, "rec_Modified" => $now, "rec_AddedByImport" => $modeImport > 0 ? 1 : 0);
        if ($recordID < 0) {
            $recordID = abs($recordID);
            $recheader["rec_ID"] = $recordID;
        }
        mysql__insert("Records", $recheader);
        if (mysql_error()) {
            errSaveRec("Database record insert error - " . mysql_error() . "  " . print_r($recheader, true));
            return $msgInfoSaveRec;
        }
        $recordID = mysql_insert_id();
    } else {
        $res = checkPermission($recordID, $wg);
        if ($res !== true) {
            errSaveRec($res);
            return $msgInfoSaveRec;
        }
        //		$log .= "- updating record ";
        mysql__update("Records", "rec_ID={$recordID}", array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg, "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_FlagTemporary" => 0, "rec_Modified" => $now));
        updateRecordIndexEntry(DATABASE, $rectype, $recordID);
        // TODO: Doesn't properly update Elasticsearch
        if (mysql_error()) {
            errSaveRec("Database record update error - " . mysql_error());
            return $msgInfoSaveRec;
        }
    }
    // public recDetails data
    if ($details) {
        //		$log .= "- inserting details ";
        $dtlIDsByAction = doDetailInsertion($recordID, $details, $rectype, $wg, $nonces, $retitleRecs, $modeImport);
        if (@$dtlIDsByAction['error']) {
            array_push($msgInfoSaveRec['error'], $dtlIDsByAction['error']);
            return $msgInfoSaveRec;
        }
    }
    // check that all the required fields are present
    $res = mysql_query("select rst_ID, rst_DetailTypeID, rst_DisplayName" . " from defRecStructure" . " left join recDetails on dtl_RecID={$recordID} and rst_DetailTypeID=dtl_DetailTypeID" . " where rst_RecTypeID={$rectype} and rst_RequirementType='required' and dtl_ID is null");
    if (mysql_num_rows($res) > 0) {
        //		$log .= "- testing missing detatils ";
        $missed = "";
        while ($row = mysql_fetch_row($res)) {
            //ij asked to remove$conceptCode = getDetailTypeConceptID($row[1]);
            $missed = $missed . $row[2];
            //ij asked to remove ." (Code:".$conceptCode.") ";
        }
        // at least one missing field
        if ($missed) {
            $msg = "Missing data for Required field(s) in '{$rectypeName}'. You may need to make fields optional. Missing data: " . $missed;
            if ($modeImport == 2) {
                warnSaveRec($msg);
            } else {
                errSaveRec($msg);
                return $msgInfoSaveRec;
            }
        }
    }
    mysql_query("commit");
    // if we get to here we have a valid save of the core record.
    // calculate title, do an update
    //	$log .= "- filling titlemask ";
    $mask = mysql__select_array("defRecTypes", "rty_TitleMask", "rty_ID={$rectype}");
    $mask = $mask[0];
    $title = fill_title_mask($mask, $recordID, $rectype);
    if ($title) {
        mysql_query("update Records set rec_Title = '" . mysql_real_escape_string($title) . "' where rec_ID = {$recordID}");
    }
    // Update memcache: we can do this here since it's only the public data that we cache.
    updateCachedRecord($recordID);
    updateRecordIndexEntry(USERS_DATABASE, $rectype, $recordID);
    // private data
    $bkmk = @mysql_fetch_row(mysql_query("select bkm_ID from usrBookmarks where bkm_UGrpID=" . get_user_id() . " and bkm_recID=" . $recordID));
    $bkm_ID = @$bkmk[0];
    if ($personalised) {
        if (!$bkm_ID) {
            // Record is not yet bookmarked, but we want it to be
            mysql_query("insert into usrBookmarks (bkm_Added,bkm_Modified,bkm_UGrpID,bkm_recID) values (now(),now()," . get_user_id() . ",{$recordID})");
            if (mysql_error()) {
                warnSaveRec("trying to create a bookmark - database error - " . mysql_error());
            } else {
                $bkm_ID = mysql_insert_id();
            }
        }
        //		$log .= "- updating bookmark ";
        mysql__update("usrBookmarks", "bkm_ID={$bkm_ID}", array("bkm_Rating" => $rating, "bkm_Modified" => date('Y-m-d H:i:s')));
        //WARNING  tags is assumed to be a complete replacement list for personal tags on this record.
        doTagInsertion($recordID, $bkm_ID, $tags);
    } else {
        if ($bkm_ID) {
            // Record is bookmarked, but the user doesn't want it to be
            //		$log .= "- deleting bookmark ";
            $query = "delete usrBookmarks, usrRecTagLinks " . "from usrBookmarks left join usrRecTagLinks on rtl_RecID = bkm_recID " . "left join usrTags on tag_ID = rtl_TagID " . "where bkm_ID={$bkm_ID} and bkm_recID={$recordID} and bkm_UGrpID = tag_UGrpID and bkm_UGrpID=" . get_user_id();
            mysql_query($query);
            if (mysql_error()) {
                warnSaveRec("database error while removing bookmark- " . mysql_error());
            }
            //saw TODO: add code to remove other personal data reminders, personal notes (woots), etc.
        }
    }
    doWgTagInsertion($recordID, $wgTags);
    if ($notifyREMOVE || $notifyADD) {
        $notifyIDs = handleNotifications($recordID, $notifyREMOVE, $notifyADD);
    }
    if ($commentREMOVE || $commentMOD || $commentADD) {
        $commentIDs = handleComments($recordID, $commentREMOVE, $commentMOD, $commentADD);
    }
    $rval = array("bibID" => $recordID, "bkmkID" => $bkm_ID, "modified" => $now);
    if ($title) {
        $rval["title"] = $title;
    }
    if (@$dtlIDsByAction) {
        $rval["detail"] = $dtlIDsByAction;
    }
    if (@$notifyIDs) {
        $rval["notify"] = $notifyIDs;
    }
    if (@$commentIDs) {
        $rval["comment"] = $commentIDs;
    }
    if (@$msgInfoSaveRec['warning']) {
        $rval["warning"] = $msgInfoSaveRec['warning'];
    }
    if (@$msgInfoSaveRec['error']) {
        //should never get here with error set
        $rval["error"] = $msgInfoSaveRec['error'];
    } else {
        //$rval["usageCount"] =
        updateRecTypeUsageCount();
    }
    return $rval;
}