function saveRecord($recordID, $rectype, $url, $notes, $wg, $vis, $personalised, $pnotes, $rating, $tags, $wgTags, $details, $notifyREMOVE, $notifyADD, $commentREMOVE, $commentMOD, $commentADD, &$nonces = null, &$retitleRecs = null, $modeImport = 0) { global $msgInfoSaveRec; $msgInfoSaveRec = array(); // reset the message array mysql_query("start transaction"); // $log = " saving record ($recordID) "; $recordID = intval($recordID); $wg = intval($wg); if ($wg || !is_logged_in()) { // non-member saves are not allowed $res = mysql_query("select * from " . USERS_DATABASE . ".sysUsrGrpLinks where ugl_UserID=" . get_user_id() . " and ugl_GroupID=" . $wg); if (mysql_num_rows($res) < 1) { errSaveRec("invalid workgroup, record save aborted"); return $msgInfoSaveRec; } } $rectype = intval($rectype); if ($recordID && !$rectype) { errSaveRec("cannot change existing record to private note, record save aborted"); return $msgInfoSaveRec; } if ($vis && !in_array(strtolower($vis), array('hidden', 'viewable', 'pending', 'public'))) { $vis = null; } $now = date('Y-m-d H:i:s'); // public records data if (!$recordID) { // $log .= "- inserting record "; mysql__insert("Records", array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg || $wg == 0 ? $wg : get_user_id(), "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_AddedByUGrpID" => get_user_id(), "rec_Added" => $now, "rec_Modified" => $now, "rec_AddedByImport" => $modeImport > 0 ? 1 : 0)); if (mysql_error()) { errSaveRec("database record insert error - " . mysql_error()); return $msgInfoSaveRec; } $recordID = mysql_insert_id(); } else { $res = mysql_query("select * from Records left join " . USERS_DATABASE . ".sysUsrGrpLinks on ugl_GroupID=rec_OwnerUGrpID and ugl_UserID=" . get_user_id() . " where rec_ID={$recordID}"); $record = mysql_fetch_assoc($res); if ($wg != $record["rec_OwnerUGrpID"] && $record["rec_OwnerUGrpID"] != get_user_id()) { if ($record["rec_OwnerUGrpID"] > 0 && $record["ugl_Role"] != "admin") { // user is trying to change the workgroup when they are not an admin errSaveRec("user is not a workgroup admin"); return $msgInfoSaveRec; } else { if (!is_admin()) { // you must be an database admin to change a public record into a workgroup record errSaveRec("user does not have sufficient authority to change public record to workgroup record"); return $msgInfoSaveRec; } } } // $log .= "- updating record "; mysql__update("Records", "rec_ID={$recordID}", array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg || $wg == 0 ? $wg : get_user_id(), "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_FlagTemporary" => 0, "rec_Modified" => $now)); if (mysql_error()) { errSaveRec("database record update error - " . mysql_error()); return $msgInfoSaveRec; } } // public recDetails data if ($details) { // $log .= "- inserting details "; $dtlIDsByAction = doDetailInsertion($recordID, $details, $rectype, $wg, $nonces, $retitleRecs, $modeImport); if (@$dtlIDsByAction['error']) { array_push($msgInfoSaveRec['error'], $dtlIDsByAction['error']); return $msgInfoSaveRec; } } // check that all the required fields are present $res = mysql_query("select rst_ID, rst_DetailTypeID, rst_DisplayName" . " from defRecStructure" . " left join recDetails on dtl_RecID={$recordID} and rst_DetailTypeID=dtl_DetailTypeID" . " where rst_RecTypeID={$rectype} and rst_RequirementType='required' and dtl_ID is null"); if (mysql_num_rows($res) > 0) { // $log .= "- testing missing detatils "; $missed = ""; while ($row = mysql_fetch_row($res)) { $missed = $missed . $row[2] . " "; } /*****DEBUG****/ //error_log("MISSED ".$missed); // at least one missing field if ($modeImport == 2) { warnSaveRec("record is missing required field(s): " . $missed); } else { errSaveRec("record is missing required field(s): " . $missed); return $msgInfoSaveRec; } } mysql_query("commit"); // if we get to here we have a valid save of the core record. // calculate title, do an update // $log .= "- filling titlemask "; $mask = mysql__select_array("defRecTypes", "rty_TitleMask", "rty_ID={$rectype}"); $mask = $mask[0]; $title = fill_title_mask($mask, $recordID, $rectype); /*****DEBUG****/ //error_log("DEBUG >>>>>>MASK=".$mask."=".$title); if ($title) { mysql_query("update Records set rec_Title = '" . addslashes($title) . "' where rec_ID = {$recordID}"); } // Update memcache: we can do this here since it's only the public data that we cache. updateCachedRecord($recordID); // private data $bkmk = @mysql_fetch_row(mysql_query("select bkm_ID from usrBookmarks where bkm_UGrpID=" . get_user_id() . " and bkm_recID=" . $recordID)); $bkm_ID = @$bkmk[0]; if ($personalised) { if (!$bkm_ID) { // Record is not yet bookmarked, but we want it to be mysql_query("insert into usrBookmarks (bkm_Added,bkm_Modified,bkm_UGrpID,bkm_recID) values (now(),now()," . get_user_id() . ",{$recordID})"); if (mysql_error()) { warnSaveRec("trying to create a bookmark - database error - " . mysql_error()); } else { $bkm_ID = mysql_insert_id(); } } // $log .= "- updating bookmark "; mysql__update("usrBookmarks", "bkm_ID={$bkm_ID}", array("bkm_Rating" => $rating, "bkm_Modified" => date('Y-m-d H:i:s'))); //WARNING tags is assumed to be a complete replacement list for personal tags on this record. doTagInsertion($recordID, $bkm_ID, $tags); } else { if ($bkm_ID) { // Record is bookmarked, but the user doesn't want it to be // $log .= "- deleting bookmark "; $query = "delete usrBookmarks, usrRecTagLinks " . "from usrBookmarks left join usrRecTagLinks on rtl_RecID = bkm_recID " . "left join usrTags on tag_ID = rtl_TagID " . "where bkm_ID={$bkm_ID} and bkm_recID={$recordID} and bkm_UGrpID = tag_UGrpID and bkm_UGrpID=" . get_user_id(); /*****DEBUG****/ //error_log("saveRecord delete bkmk - q = $query"); mysql_query($query); if (mysql_error()) { warnSaveRec("database error while removing bookmark- " . mysql_error()); } //saw TODO: add code to remove other personal data reminders, personal notes (woots), etc. } } doWgTagInsertion($recordID, $wgTags); if ($notifyREMOVE || $notifyADD) { $notifyIDs = handleNotifications($recordID, $notifyREMOVE, $notifyADD); } if ($commentREMOVE || $commentMOD || $commentADD) { $commentIDs = handleComments($recordID, $commentREMOVE, $commentMOD, $commentADD); } $rval = array("bibID" => $recordID, "bkmkID" => $bkm_ID, "modified" => $now); if ($title) { $rval["title"] = $title; } if (@$dtlIDsByAction) { $rval["detail"] = $dtlIDsByAction; } if (@$notifyIDs) { $rval["notify"] = $notifyIDs; } if (@$commentIDs) { $rval["comment"] = $commentIDs; } if (@$msgInfoSaveRec['warning']) { $rval["warning"] = $msgInfoSaveRec['warning']; } if (@$msgInfoSaveRec['error']) { //should never get here with error set $rval["error"] = $msgInfoSaveRec['error']; } else { //$rval["usageCount"] = updateRecTypeUsageCount(); } /*****DEBUG****/ //error_log($log); return $rval; }
$def_lang = null; $base_dir = dirname(__FILE__); $base_url = '/'; $user_domain = 'verticeinteractive.esy.es'; $show_comments = false; include dirname(__FILE__) . '/functions.inc.php'; $home_page = '1'; list($page_id, $lang) = parse_uri(); $user_key = "c94/4bulFKXdjb3Qejln1Er5Dk1GgSzbyQ=="; $user_hash = "ab3cc0380c8e5cc0"; $comment_callback = "http://uk.zyro.com/comment_callback/"; $preview = false; $mod_rewrite = true; $page = isset($pages[$page_id]) ? $pages[$page_id] : null; if (!is_null($page)) { handleComments($page['id']); if (isset($_POST["wb_form_id"])) { handleForms($page['id']); } } ob_start(); if (isset($_REQUEST['view']) && $_REQUEST['view'] == 'news') { include dirname(__FILE__) . '/news.php'; } else { if (isset($_REQUEST['view']) && $_REQUEST['view'] == 'blog') { include dirname(__FILE__) . '/blog.php'; } else { if ($page) { $fl = dirname(__FILE__) . '/' . $page['file']; if (is_file($fl)) { ob_start();
function saveRecord($recordID, $rectype, $url, $notes, $wg, $vis, $personalised, $pnotes, $rating, $tags, $wgTags, $details, $notifyREMOVE, $notifyADD, $commentREMOVE, $commentMOD, $commentADD, &$nonces = null, &$retitleRecs = null, $modeImport = 0) { global $msgInfoSaveRec; $msgInfoSaveRec = array(); // reset the message array mysql_query("start transaction"); // $log = " saving record ($recordID) "; $recordID = intval($recordID); $wg = intval($wg); if (!is_logged_in()) { errSaveRec("It is not possible to save record if not logged in, record save aborted"); return $msgInfoSaveRec; } else { if ($wg != null && intval($wg) > 0 && intval($wg) != get_user_id()) { // non-member saves are not allowed $uquery = "select * from " . USERS_DATABASE . ".sysUsrGrpLinks where ugl_UserID=" . get_user_id() . " and ugl_GroupID=" . $wg; $res = mysql_query($uquery); if (mysql_num_rows($res) < 1) { errSaveRec("Current user " . get_user_id() . " is not a member of required workgroup " . $wg . ", record save aborted "); return $msgInfoSaveRec; } } } $rectype = intval($rectype); if ($recordID && !$rectype) { errSaveRec("cannot change existing record to private note, record save aborted"); return $msgInfoSaveRec; } $rectypeName = null; $res = mysql_query("select rty_Name from defRecTypes where rty_ID=" . $rectype); if ($res) { $row = mysql_fetch_row($res); if ($row) { $rectypeName = $row[0]; } } if (!$rectypeName) { errSaveRec("record type #{$rectype} is not valid"); return $msgInfoSaveRec; } if ($vis) { $vis = strtolower(str_replace('"', "", $vis)); $isvalid = in_array(strtolower($vis), array('hidden', 'viewable', 'pending', 'public')); if ($isvalid == false) { $vis = null; } } $now = date('Y-m-d H:i:s'); $wg = $wg >= 0 ? $wg : get_user_id(); // public records data if (!$recordID || $recordID < 0) { //new record // $log .= "- inserting record "; $recheader = array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg, "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_AddedByUGrpID" => get_user_id(), "rec_Added" => $now, "rec_Modified" => $now, "rec_AddedByImport" => $modeImport > 0 ? 1 : 0); if ($recordID < 0) { $recordID = abs($recordID); $recheader["rec_ID"] = $recordID; } mysql__insert("Records", $recheader); if (mysql_error()) { errSaveRec("Database record insert error - " . mysql_error() . " " . print_r($recheader, true)); return $msgInfoSaveRec; } $recordID = mysql_insert_id(); } else { $res = checkPermission($recordID, $wg); if ($res !== true) { errSaveRec($res); return $msgInfoSaveRec; } // $log .= "- updating record "; mysql__update("Records", "rec_ID={$recordID}", array("rec_RecTypeID" => $rectype, "rec_URL" => $url, "rec_ScratchPad" => $notes, "rec_OwnerUGrpID" => $wg, "rec_NonOwnerVisibility" => $vis ? $vis : "viewable", "rec_FlagTemporary" => 0, "rec_Modified" => $now)); updateRecordIndexEntry(DATABASE, $rectype, $recordID); // TODO: Doesn't properly update Elasticsearch if (mysql_error()) { errSaveRec("Database record update error - " . mysql_error()); return $msgInfoSaveRec; } } // public recDetails data if ($details) { // $log .= "- inserting details "; $dtlIDsByAction = doDetailInsertion($recordID, $details, $rectype, $wg, $nonces, $retitleRecs, $modeImport); if (@$dtlIDsByAction['error']) { array_push($msgInfoSaveRec['error'], $dtlIDsByAction['error']); return $msgInfoSaveRec; } } // check that all the required fields are present $res = mysql_query("select rst_ID, rst_DetailTypeID, rst_DisplayName" . " from defRecStructure" . " left join recDetails on dtl_RecID={$recordID} and rst_DetailTypeID=dtl_DetailTypeID" . " where rst_RecTypeID={$rectype} and rst_RequirementType='required' and dtl_ID is null"); if (mysql_num_rows($res) > 0) { // $log .= "- testing missing detatils "; $missed = ""; while ($row = mysql_fetch_row($res)) { //ij asked to remove$conceptCode = getDetailTypeConceptID($row[1]); $missed = $missed . $row[2]; //ij asked to remove ." (Code:".$conceptCode.") "; } // at least one missing field if ($missed) { $msg = "Missing data for Required field(s) in '{$rectypeName}'. You may need to make fields optional. Missing data: " . $missed; if ($modeImport == 2) { warnSaveRec($msg); } else { errSaveRec($msg); return $msgInfoSaveRec; } } } mysql_query("commit"); // if we get to here we have a valid save of the core record. // calculate title, do an update // $log .= "- filling titlemask "; $mask = mysql__select_array("defRecTypes", "rty_TitleMask", "rty_ID={$rectype}"); $mask = $mask[0]; $title = fill_title_mask($mask, $recordID, $rectype); if ($title) { mysql_query("update Records set rec_Title = '" . mysql_real_escape_string($title) . "' where rec_ID = {$recordID}"); } // Update memcache: we can do this here since it's only the public data that we cache. updateCachedRecord($recordID); updateRecordIndexEntry(USERS_DATABASE, $rectype, $recordID); // private data $bkmk = @mysql_fetch_row(mysql_query("select bkm_ID from usrBookmarks where bkm_UGrpID=" . get_user_id() . " and bkm_recID=" . $recordID)); $bkm_ID = @$bkmk[0]; if ($personalised) { if (!$bkm_ID) { // Record is not yet bookmarked, but we want it to be mysql_query("insert into usrBookmarks (bkm_Added,bkm_Modified,bkm_UGrpID,bkm_recID) values (now(),now()," . get_user_id() . ",{$recordID})"); if (mysql_error()) { warnSaveRec("trying to create a bookmark - database error - " . mysql_error()); } else { $bkm_ID = mysql_insert_id(); } } // $log .= "- updating bookmark "; mysql__update("usrBookmarks", "bkm_ID={$bkm_ID}", array("bkm_Rating" => $rating, "bkm_Modified" => date('Y-m-d H:i:s'))); //WARNING tags is assumed to be a complete replacement list for personal tags on this record. doTagInsertion($recordID, $bkm_ID, $tags); } else { if ($bkm_ID) { // Record is bookmarked, but the user doesn't want it to be // $log .= "- deleting bookmark "; $query = "delete usrBookmarks, usrRecTagLinks " . "from usrBookmarks left join usrRecTagLinks on rtl_RecID = bkm_recID " . "left join usrTags on tag_ID = rtl_TagID " . "where bkm_ID={$bkm_ID} and bkm_recID={$recordID} and bkm_UGrpID = tag_UGrpID and bkm_UGrpID=" . get_user_id(); mysql_query($query); if (mysql_error()) { warnSaveRec("database error while removing bookmark- " . mysql_error()); } //saw TODO: add code to remove other personal data reminders, personal notes (woots), etc. } } doWgTagInsertion($recordID, $wgTags); if ($notifyREMOVE || $notifyADD) { $notifyIDs = handleNotifications($recordID, $notifyREMOVE, $notifyADD); } if ($commentREMOVE || $commentMOD || $commentADD) { $commentIDs = handleComments($recordID, $commentREMOVE, $commentMOD, $commentADD); } $rval = array("bibID" => $recordID, "bkmkID" => $bkm_ID, "modified" => $now); if ($title) { $rval["title"] = $title; } if (@$dtlIDsByAction) { $rval["detail"] = $dtlIDsByAction; } if (@$notifyIDs) { $rval["notify"] = $notifyIDs; } if (@$commentIDs) { $rval["comment"] = $commentIDs; } if (@$msgInfoSaveRec['warning']) { $rval["warning"] = $msgInfoSaveRec['warning']; } if (@$msgInfoSaveRec['error']) { //should never get here with error set $rval["error"] = $msgInfoSaveRec['error']; } else { //$rval["usageCount"] = updateRecTypeUsageCount(); } return $rval; }