function calendar_cron_appuntamenti($minutes) { global $CONF, $DB; if (!is_numeric($minutes)) { $minutes = 60; } $curtime = date('H:i:00'); $maxtime = date('H:i:00', mktime(date('H'), date('i') + $minutes, 0, date('n'), date('j'), date('Y'))); $where_conds = "type=1 AND day = CURDATE() AND time > '{$curtime}' AND time <= '{$maxtime}'"; $rs = $DB->Execute(perm_sql_read("SELECT * FROM calendar WHERE operator LIKE " . $_SESSION[fw_userid] . ",,%' AND {$where_conds} ORDER BY time ASC LIMIT 1", 'calendar')); if ($rs) { $app = $rs->GetArray(); if (count($app)) { $info = $app[0]; $div_contents = '<b>' . $info['title'] . '</b> (ore ' . substr($info['time'], 0, 5) . ')'; return ' <script> mydiv = window.parent.document.getElementById(\'appuntamenti_content_div\'); mytab = window.parent.document.getElementById(\'appuntamenti_table_div\'); mybut = window.parent.document.getElementById(\'calendario_button\'); mydiv.innerHTML = \'' . text_to_js($div_contents) . '\'; mytab.style.display = \'inline\'; mybut.className = \'opz-calendar-brillo\'; </script> '; } else { return ' <script> mydiv = window.parent.document.getElementById(\'appuntamenti_content_div\'); mytab = window.parent.document.getElementById(\'appuntamenti_table_div\'); mybut = window.parent.document.getElementById(\'calendario_button\'); mydiv.innerHTML = \'\'; mytab.style.display = \'none\'; mybut.className = \'col-opz-link\'; </script> '; } } }
function menage_search1($search, $target_res = 2, $format_res = 0) { global $DB, $CONF, $SEARCH_TEMPLATE; //Init della ricerca foreach ($search[fields] as $key => $field) { list($type, $options) = explode("||", $field[content]); unset($target); foreach (explode("||", $field[search_field]) as $trg) { $target[] = explode("-", $trg); } unset($cnt); $cntt = array(); foreach ($target as $st) { if (!isset($SQL_SEARCH[$st[0]])) { if (!isset($search[tablesql][$st[0]])) { $SQL_SEARCH[$st[0]] = "SELECT * FROM " . $st[0] . " WHERE %[PERM]% "; } else { $SQL_SEARCH[$st[0]] = $search[tablesql][$st[0]]; } } if ($cntt[$st[0]] == 0) { $SQL_SEARCH[$st[0]] .= " AND ( "; } else { $SQL_SEARCH[$st[0]] .= " OR ("; } $cntt[$st[0]]++; // Create SQL Query according to search type if (is_array($_GET[$key]) && isset($_GET[$key][realval]) && count($_GET[$key][realval]) > 1) { $tcnt = count($_GET[$key][realval]); $linarray = 1; } elseif (is_array($_GET[$key]) && count($_GET[$key]) > 1 && !isset($_GET[$key][realval])) { $tcnt = count($_GET[$key]); $linarray = 1; } else { $tcnt = 1; $linarray = 0; } $opened = 0; for ($cnt = 0; $cnt < $tcnt; $cnt++) { unset($this_round); if (is_array($_GET[$key]) && is_array($_GET[$key][realval])) { $curval = $_GET[$key][realval][$cnt]; } elseif (is_array($_GET[$key])) { $curval = $_GET[$key][$cnt]; } else { $curval = $_GET[$key]; } if (strlen($curval) > 0) { if ($cnt > 0) { $SQL_SEARCH[$st[0]] .= " OR "; } if ($opened != 1 && $linarray == 1) { $SQL_SEARCH[$st[0]] .= " ( "; $opened = 1; } switch ($type) { case "text": $SQL_SEARCH[$st[0]] .= $st[1] . "='" . $curval . "' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "text_like": $SQL_SEARCH[$st[0]] .= $st[1] . " LIKE '%" . $curval . "%' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "text_start": $SQL_SEARCH[$st[0]] .= $st[1] . " LIKE '" . $curval . "%' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "text_end": $SQL_SEARCH[$st[0]] .= $st[1] . " LIKE '%" . $curval . "' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "text_word": $SQL_SEARCH[$st[0]] .= $st[1] . " LIKE '% " . $curval . " %' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "text_ext": $SQL_SEARCH[$st[0]] .= ext_search($st[1], $curval); if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "user_perm": $SQL_SEARCH[$st[0]] .= $st[1] . " LIKE '%U" . $curval . "=33333%'"; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = " "; } break; case "calendar_owner": $SQL_SEARCH[$st[0]] .= $st[1] . " LIKE '" . $curval . ",,%' OR " . $st[1] . " LIKE '%,," . $curval . "' OR " . $st[1] . " LIKE '%,," . $curval . ",,%' OR " . $st[1] . " LIKE '" . $curval . "'"; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = " "; } break; case "num_less": $SQL_SEARCH[$st[0]] .= $st[1] . " <= '" . $curval . "' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "num_more": $SQL_SEARCH[$st[0]] .= $st[1] . " >= '" . $curval . "' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; case "num_equal": $SQL_SEARCH[$st[0]] .= $st[1] . " = '" . $curval . "' "; if (strlen($curval) > 0) { $SEARCH_FIELDS[$st[0]][$st[1]][] = $curval; } break; } $done_seart[$st[0]]++; } } if ($linarray == 1 && $opened == 1) { $SQL_SEARCH[$st[0]] .= " ) "; } $SQL_SEARCH[$st[0]] .= ')'; $SQL_SEARCH[$st[0]] = str_replace("AND ( )", "", $SQL_SEARCH[$st[0]]); } /* //Close sql ) foreach($SQL_SEARCH as $table => $sql) { $SQL_SEARCH[$table].=')'; $SQL_SEARCH[$table]=str_replace("AND ( )","",$SQL_SEARCH[$table]); } */ } foreach ($search[tables] as $table => $options) { list($TABLES[$table][list_var], $TABLES[$table][title], $TABLES[$table][options], $TABLES[$table][permission]) = explode("||", $options); //orig //list($TABLES[$table][list_var],$TABLES[$table][title],,$TABLES[$table][permission])=explode("||",$options);//0k variante 1 //list($TABLES[$table][list_var],,$TABLES[$table][options],$TABLES[$table][permission])=explode("||",$options);//ok variante 2 //list($TABLES[$table][list_var],,$TABLES[$table][options],$TABLES[$table][permission])=explode("||",$options); } //CHECK FOR EMPTY SEARCH if ($search[allow_empty] != 1) { foreach ($SQL_SEARCH as $table => $sql) { if ($done_seart[$table] == 0) { unset($SQL_SEARCH[$table]); } } } //Check for result number foreach ($SQL_SEARCH as $table => $sql) { list($perm_type, $perm_parent) = explode(";;", $TABLES[$table][permission]); if ($perm_type == 0) { $sql = str_replace("%[PERM]%", "1=1", $sql); } //print perm_sql_read($sql,$table).'<br><br>'; $rs = @$DB->Execute(perm_sql_read($sql, $table)); $res = $rs->RecordCount(); $totr += $res; $RESULTNUM[$table] = $res; } $RESULTNUM[total] = $totr; if (isset($search[title])) { $output = str_replace("%[TITLE]%", $search[title], $SEARCH_TEMPLATE[search_title]); } if (isset($search[result_txt])) { $output .= str_replace("%[DESC]%", str_replace("%[FOUND]%", $RESULTNUM[total], $search[result_txt]), $SEARCH_TEMPLATE[search_desc]); } //Render tables results $output .= '<table width="100%" border=0 cellpadding=5>'; foreach ($SQL_SEARCH as $table => $sql) { foreach (explode(";;", $TABLES[$table][options]) as $vopt) { list($opt, $optval) = explode("::", $vopt); switch ($opt) { case "exp": if ($optval == 1) { $start_vis = 1; } break; case "lock": if ($optval == 1) { $noexp = 1; $start_vis = 1; } break; } } if (isset($_GET[$table . "_ordfield"]) || isset($_GET[$table . "_ordtype"]) || isset($_GET[$table . "_st"]) || isset($_GET[$table . "_exp"]) || isset($_GET[$table . "_imp"])) { $start_vis = 1; } if ($start_vis == 1) { $startpic = $SEARCH_TEMPLATE[group_icon_close]; $cur_vis = ""; } else { $startpic = $SEARCH_TEMPLATE[group_icon_open]; $cur_vis = "style=\"display:none\""; } if ($noexp != 1) { $more_tit = '<a href="javascript:rigaDOWN(Array(\'' . $table . '\'),\'ico_' . $table . '\',\'' . $table . '\',\'' . $SEARCH_TEMPLATE[group_icon_close] . '\',\'' . $SEARCH_TEMPLATE[group_icon_open] . '\')"><img src="' . $startpic . '" name="ico_' . $table . '" width="16" height="16" border="0" id="ico_' . $table . '"></a>'; } else { $more_tit = ""; } if ($TABLES[$table][title] != "") { $output .= '<tr><td><h5>' . $TABLES[$table][title] . ' ' . $more_tit . '</h5></td></tr>'; } require_once $CONF[path_base] . $CONF[dir_modules] . $table . "/lists.php"; $curlist = $LISTS[$table][$TABLES[$table][list_var]]; if (isset($SEARCH_FIELDS[$table])) { foreach ($SEARCH_FIELDS[$table] as $fs => $sterm) { if (isset($curlist[search_options])) { $curlist[search_options] .= "||"; } $curlist[search_options] .= "{$fs}::" . implode(";;", $sterm); } } $curlist[sql_select] = $sql; if (isset($curlist[search_options])) { list($perm_type, $perm_parent) = explode(";;", $TABLES[$table][permission]); if ($perm_type == 0) { $sql = str_replace("%[PERM]%", "1=1", $sql); } $curlist[sql_select] = $sql; $curlist[options] .= "||search::1"; } //print $sql; //PRINT if ($target_res == 0) { $curlist[box_title] = ""; unset($curlist[search_options]); $output .= '<tr id="' . $table . '" ' . $cur_vis . '><td>' . draw_list($curlist, $table) . '</td></tr>'; } elseif ($target_res == 1) { return draw_list_file($curlist, $table); } elseif ($target_res == 2) { if ($format_res == 1) { $output .= '<tr id="' . $table . '" ' . $cur_vis . '><td>'; $rs = @$DB->Execute(perm_sql_read($sql, $table)); while (!$rs->EOF) { $res = $rs->FetchRow(); $thisobj = load_fwobject("show", $table, 0); $output .= draw_object($thisobj, $res[id], $table) . "<br>\n"; } $output .= '</tr></td>'; } else { $curlist[box_title] = ""; $output .= '<tr id="' . $table . '" ' . $cur_vis . '><td>' . draw_list($curlist, $table) . '</td></tr>'; } } } $output .= '</table>'; return $output; }
} $res_del[title] = FW_DEL_OK; print draw_response($res_del); } else { $res_del[title] = FW_DEL_KO; print draw_response($res_del); } } else { $res_del[title] = FW_ERROR_NO_PERM_DEL; print draw_response($res_del); } } if (check_perm_mod($module, "r") == 1) { $thissearch = load_fwobject("search", "document", 0); //Check for parent Perm $perm_parent = perm_sql_read("%[PERM]%", "pratiche"); $perm_parent = str_replace("permessi", "p.permessi", $perm_parent); $perm_parent = str_replace("id", "p.id", $perm_parent); $true_sql = "SELECT m.* FROM document m, pratiche p WHERE {$perm_parent} AND p.id=m.ref_id "; //Dati della pratica $qP = "SELECT * FROM pratiche WHERE Id = " . $_GET[ref_prat][realval][0]; $rsP = $DB->Execute($qP); $ThisPrat = $rsP->FetchRow(); $p = $ThisPrat[pr_ref_idcliente]; $titPrat = $ThisPrat[pr_codice]; //Dati del contatto $qC = "SELECT * FROM contact WHERE Id = " . $p; $rsC = $DB->Execute($qC); $ThisCont = $rsC->FetchRow(); $c = $ThisCont[nome]; $St1 = $CONF[gmail_url];
function draw_list_file($list, $module) { global $DB, $LIST_TEMPLATE, $CONF, $curstn, $done_id, $search_fields; $done_id = array(); $start = 0; $subrow = 0; // MAKE OPTION ARRAY AND SQL STATEMENT foreach (explode("||", $list["options"]) as $opt) { list($k, $v) = explode("::", $opt); switch ($k) { case "perpage": $start = isset($_GET[$module . "_st"]) ? intval($_GET[$module . "_st"] * $v) : "0"; $sql_append2 = " LIMIT " . $_GET[$module . "_st"] * $v . "," . $v; $perpage = $v; break; case "defordfield": if (isset($_GET[$module . "_ordfield"])) { $v = $_GET[$module . "_ordfield"]; } $defield = $v; $sql_append1 = " ORDER BY " . $v; break; case "defordtype": if (isset($_GET[$module . "_ordtype"]) && ($_GET[$module . "_ordtype"] == "asc" || $_GET[$module . "_ordtype"] == "desc")) { $v = $_GET[$module . "_ordtype"]; } $deftype = $v; $sql_append1 .= " " . $v; break; case "defordfield2": if (isset($_GET[$module . "_ordfield"])) { $v = $_GET[$module . "_ordfield"]; } $defield = $v; $sql_append1 .= " , " . $v; break; case "defordtype2": if (isset($_GET[$module . "_ordtype"]) && ($_GET[$module . "_ordtype"] == "asc" || $_GET[$module . "_ordtype"] == "desc")) { $v = $_GET[$module . "_ordtype"]; } $deftype = $v; $sql_append1 .= " " . $v; break; case "defordfield3": if (isset($_GET[$module . "_ordfield"])) { $v = $_GET[$module . "_ordfield"]; } $defield = $v; $sql_append1 .= " , " . $v; break; case "defordtype3": if (isset($_GET[$module . "_ordtype"]) && ($_GET[$module . "_ordtype"] == "asc" || $_GET[$module . "_ordtype"] == "desc")) { $v = $_GET[$module . "_ordtype"]; } $deftype = $v; $sql_append1 .= " " . $v; break; case "exp_sub": $defexp_sub = $v == 1 ? 1 : 0; break; case "exp_child": $defexp_child = $v == 1 ? 1 : 0; break; case "action_style": $defact_style = $v; break; case "row_col": $row_col = explode(",,", $v); break; case "search": if ($v == 1) { $is_search = 1; } break; } } if (isset($list[search_options])) { foreach (explode("||", $list["search_options"]) as $sopt) { list($k, $v) = explode("::", $sopt); $search_fields[$k] = explode(";;", $v); } } // CHECK IF THERE ARE SUB-ROW if (isset($list["multilevel"])) { $subrow = 1; list($main, $ref, $def) = explode("||", $list["multilevel"]); if ($is_search != 1) { if (eregi("where", $list["sql_select"])) { $sql_where = " AND {$ref} = '{$def}' "; $sql_where2 = " AND {$ref} = '%ID%' "; } else { $sql_where = " WHERE {$ref} = '{$def}' "; $sql_where2 = " WHERE {$ref} = '%ID%' "; } $sql_ref = $list["sql_select"] . $sql_where2 . $sql_append1 . $sql_append2; } else { if (eregi("where", $list["sql_select"])) { $sql_where2 = " AND {$ref} = '%ID%' "; } else { $sql_where2 = " WHERE {$ref} = '%ID%' "; } $sql_ref = "SELECT * FROM {$module} WHERE %[PERM]% AND {$ref}='%ID%'" . $sql_append1; } } if (strlen($list[box_title]) > 0) { $output .= str_replace("%[TITLE]%", $list[box_title], $LIST_TEMPLATE[list_title]); } $titles = explode("||", $list["titles"]); $fields = explode("||", $list["fields"]); //REMEMBER aggiungere trigger error. if (count($titles) != count($fields)) { return "Error, field number"; } $rs = @$DB->Execute(perm_sql_read($list[sql_select] . $sql_where . $sql_append1 . $sql_append2, $module)); $rstot = @$DB->Execute(perm_sql_read($list[sql_select] . $sql_where . $sql_append1, $module)); //List head $cnt = 0; if ($subrow == 1) { $titar[] = ' '; } foreach ($titles as $value) { $cur = ""; list($val, $type) = explode("::", $value); list($vf, $tf) = explode("::", $fields[$cnt]); $titar[] = $value; $cnt++; } $odd = 0; $arcnt = 0; while (!$rs->EOF) { $row = $rs->FetchRow(); $cnt = 0; $output2 = ""; //Fix for search lists (check if a object is a subitem if ($subrow == 1 && $is_search == 1 && $row[$ref] != $def && !in_array($row[$ref], $done_id)) { $rstmp = @$DB->Execute(perm_sql_read("SELECT * FROM {$module} WHERE %[PERM]% AND id=" . $row[$ref], $module)); $row = $rstmp->FetchRow(); //Explode this row if search result is in a subrow if (!isset($_GET[$module . "_exp"])) { $_GET[$module . "_exp"] = $row[id]; } else { $_GET[$module . "_exp"] .= "," . $row[id]; } } if ($subrow == 1) { $output2 = draw_subrow($row["id"], $sql_ref, 1, $fields, $list["action"], $defexp, $module); if ($output2 == '') { $output2 = ""; $resar[$arcnt][] = ' '; } else { $cnt = 1; } } if (is_array($done_id)) { if (in_array($row[id], $done_id)) { continue; } else { $done_id[] = $row[id]; } } else { $done_id[] = $row[id]; } foreach ($fields as $value) { $cur = format_field($value, $row, $list["action"]); if (isset($search_fields[$value])) { foreach ($search_fields[$value] as $searcht) { $cur = $cur; } } $resar[$arcnt][] = quote_xml($cur); } $arcnt++; } $res[tit] = $titar; $res[res] = $resar; return $res; }
<?php $perm_parent = perm_sql_read("%[PERM]%", "prestazioni"); $SEARCHES[prestazioni][0][form][box_title] = PRESTAZIONI_SEARCH; $SEARCHES[prestazioni][0][form][form_method] = "GET"; $SEARCHES[prestazioni][0][form][box_desc] = ""; $SEARCHES[prestazioni][0][form][name] = "listprestaz"; $SEARCHES[prestazioni][0][form][onpost] = "action::db||table::test||type::add||wf::id"; $SEARCHES[prestazioni][0][form][ignore] = ""; $SEARCHES[prestazioni][0][form][Fields]["ref_id"]["title"] = PRESTAZIONI_REF_PRATICA; $SEARCHES[prestazioni][0][form][Fields]["ref_id"]["content"] = "tselect||||url::" . $CONF[url_base] . $CONF[dir_modules] . "pratiche/pages/pratiche_search_div.php?form_id=print_pres&form_page=1&pr_codice="; $SEARCHES[prestazioni][0][form][Fields]["ref_id"]["from_sql"] = "SELECT * FROM pratiche p WHERE %[PERM]% AND pr_codice LIKE '%[VAL]%%' order by pr_codice asc||val::id;;text::pr_codice;;text2::pr_oggetto;;perm::1;;mod::pratiche;;mul::1"; $SEARCHES[prestazioni][0][form][Fields]["clie"]["title"] = PRESTAZIONI_CUSTOMER; $SEARCHES[prestazioni][0][form][Fields]["clie"]["content"] = "tselect||||"; $SEARCHES[prestazioni][0][form][Fields]["clie"]["from_sql"] = "SELECT * FROM contact WHERE codice LIKE '%[VAL]%%' order by nome asc||val::id;;text::%codice%;;perm::0;;mod::contact;;mul::1"; $SEARCHES[prestazioni][0][form][Fields]["testo"]["title"] = FW_DESC; $SEARCHES[prestazioni][0][form][Fields]["testo"]["content"] = "text||||"; $SEARCHES[prestazioni][0][form][Fields]["day_from"]["title"] = FW_FROM; $SEARCHES[prestazioni][0][form][Fields]["day_from"]["content"] = "date||||"; $SEARCHES[prestazioni][0][form][Fields]["day_to"]["title"] = FW_TO; $SEARCHES[prestazioni][0][form][Fields]["day_to"]["content"] = "date||||"; $SEARCHES[prestazioni][0][form][Fields]["codice"]["title"] = FW_CODE; $SEARCHES[prestazioni][0][form][Fields]["codice"]["content"] = "tselect||||wid::8;;url::" . $CONF[url_base] . $CONF[dir_modules] . "admin/pages/ta_search_div.php?simple_ins=1&form_id=listpratiche&form_page=1&codice="; $SEARCHES[prestazioni][0][form][Fields]["codice"]["from_sql"] = "SELECT * FROM INT_tariffe WHERE tatid LIKE '%[VAL]%%' order by tatid asc||val::tatid;;text2::tatid;;text::tat_desc;;perm::0;;mod::admin;;mul::1;;tab::INT_tariffe;;ids::tatid"; $SEARCHES[prestazioni][0][form][Fields]["operatore"]["title"] = PRESTAZIONI_USER; $SEARCHES[prestazioni][0][form][Fields]["operatore"]["content"] = "tselect||" . $_SESSION[fw_userid] . "||url::" . $CONF[url_base] . $CONF[dir_modules] . "admin/pages/user_search_div.php?form_id=listpratiche&form_page=1&codice="; $SEARCHES[prestazioni][0][form][Fields]["operatore"]["from_sql"] = "SELECT * FROM " . $CONF[auth_db_table] . " WHERE codice LIKE '%[VAL]%%' order by codice asc||val::id;;text::codice;;text2::nome;;perm::0;;mul::0;;tab::users"; $SEARCHES[prestazioni][0][form][Fields]["note"]["title"] = FW_NOTE; $SEARCHES[prestazioni][0][form][Fields]["note"]["content"] = "text||||"; //$SEARCHES[prestazioni][0][form][Fields]["acconti"]["title"]=FW_ACCONTI; //$SEARCHES[prestazioni][0][form][Fields]["acconti"]["content"]="text||||";
function check_form($Form, $post_result, $page = 1) { global $FORM_TEMPLATE, $CUR_LANG, $FORM_TYPE, $CONF, $DB; $cur_page = 1; foreach (explode("||", $Form["onpost"]) as $value) { list($types, $val) = explode("::", $value); switch ($types) { case "action": $faction = $val; break; case "table": $ftable = $val; break; case "wf": $fwheref = $val; break; } } unset($value); unset($val); foreach ($Form["Fields"] as $key => $value) { list($InputType, $valuef, $options) = explode("||", $Form["Fields"][$key]["content"]); //Let's check if there's a group starting or ending if ($InputType == "group") { $group_part = explode("_", $key); if ($group_part[1] == "start") { $cur_group = $key; } elseif ($group_part[1] == "end") { unset($cur_group); } } $pre_err = $err; //check if we're changing page if ($InputType == "page" && $valuef != $cur_page) { $cur_page = $valuef; } //CONVERT DATE FORMAT TO MYSQL if ($InputType == "date" && strlen($post_result[$key]) > 0) { //$mysql_date=$post_result[$key][year].'-'.$post_result[$key][month].'-'.$post_result[$key][day]; $mysql_date = substr($post_result[$key], 6, 4) . "-" . substr($post_result[$key], 3, 2) . "-" . substr($post_result[$key], 0, 2); unset($post_result[$key]); $post_result[$key] = $mysql_date; $_POST[$key] = $mysql_date; $_GET[$key] = $mysql_date; } //CONVERT MSELECT TO ARRAY if ($InputType == "mselect") { if (strlen(trim($post_result[$key])) > 0) { $nr = explode(",,", $post_result[$key]); unset($post_result[$key]); $post_result[$key] = array($nr); $_POST[$key] = $nr; $_GET[$key] = $nr; } else { $_POST[$key] = " "; unset($post_result[$key]); } } //check for real result of a tselect if ($InputType == "tselect" && strlen($post_result[$key][text]) > 0 && $post_result[$key][realval] == "") { unset($rests); unset($ids); unset($perm); unset($mod); unset($mults); list($tsql, $toption) = explode("||", $Form["Fields"][$key][from_sql]); foreach (explode(";;", $toption) as $topt) { list($tokey, $toval) = explode("::", $topt); switch ($tokey) { case "val": $valsql = $toval; break; case "text": $textsql = $toval; break; case "perm": $perm = $toval; break; case "mod": $module = $toval; break; case "mul": $mults = $toval; break; case "ids": $ids = $toval; break; } } if (!isset($ids)) { $ids = "id"; } //Check for permission if ($perm == 1 && isset($module)) { //print perm_sql_read(str_replace("%[VAL]%",$post_result[$key][text],$tsql),$module); $rs = @$DB->Execute(perm_sql_read(str_replace("%[VAL]%", $post_result[$key][text], $tsql), $module)); } else { $rs = @$DB->Execute(str_replace("%[VAL]%", $post_result[$key][text], $tsql)); } unset($exactm); //get Sql results while (!$rs->EOF) { $selec = ""; $row = $rs->FetchRow(); $rests[] = $row[$ids]; if (strlen($rests_error) > 0) { $rests_error .= ", " . $row[$textsql]; } else { $rests_error .= $row[$textsql]; } if ($post_result[$key][text] == $row[$textsql]) { $exactm = $row[$ids]; $exactt = $row[$textsql]; } } if (isset($exactm)) { unset($rests); $rests[] = $exactm; } //Check if query have more than 1 result and multi is set to 0 if (count($rests) > 1 && $mults == 0) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $rests_error, FW_ERRORFORM_TSELECT_MULTI)) . "<BR>\n"; $error[$key] = 1; $_POST[$key][realval] = $rests; $_GET[$key][realval] = $rests; $post_result[$key][realval] = $rests; } else { $_POST[$key][realval] = $rests; $_GET[$key][realval] = $rests; $post_result[$key][realval] = $rests; if ($mults == 0) { if (isset($exactt)) { $restext = $exactt; } else { $restext = $row[$textsql]; } $_POST[$key][text] = $restext; $_GET[$key][text] = $restext; $post_result[$key][text] = $restext; } } unset($rs); unset($row); } if ($cur_page == $page && !in_array($InputType, $CONF[form_ignoretype])) { //Check for specific Regular expression if (isset($Form["Fields"][$key]["reg_check"])) { if (!eregi($Form["Fields"][$key]["reg_check"], $post_result[$key])) { $err++; $error[$key] = 1; if (isset($Form["Fields"][$key]["reg_resp"])) { $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], $Form["Fields"][$key]["reg_resp"]) . "<BR>\n"; } else { $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_REGNOVALID) . "<BR>\n"; } } } //Check for other error type foreach (explode(";;", $Form["Fields"][$key]["er_check"]) as $value) { if (!strstr($value, "::")) { break; } list($type, $val) = explode("::", $value); switch ($type) { case "nodupe": if ($val == 1) { if (!isset($_GET[id])) { $sql_cd = "SELECT * FROM {$ftable} WHERE {$key}='" . $post_result[$key] . "'"; } else { $sql_cd = "SELECT * FROM {$ftable} WHERE {$key}='" . $post_result[$key] . "' AND id <> " . $_GET[id]; } $rs_dupe = $DB->Execute($sql_cd); if ($rs_dupe->RecordCount() > 0) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, FW_ERRORFORM_IS_DUPE)) . "<BR>\n"; $error[$key] = 1; } } break; case "min": if (strlen($post_result[$key]) < $val && $InputType != "checkbox" && $InputType != "select" && $InputType != "mselect" && !isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, FW_ERRORFORM_MINSTR)) . "<BR>\n"; $error[$key] = 1; } if (count($post_result[$key]) < $val && ($InputType == "select" || $InputType == "checkbox" || $InputType == "mselect") && !isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, FW_ERRORFORM_MINSEL)) . "<BR>\n"; $error[$key] = 1; } if ((count($post_result[$key][realval]) < $val || $post_result[$key][realval] == "") && $InputType == "tselect" && !isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, FW_ERRORFORM_MINSEL)) . "<BR>\n"; $error[$key] = 1; } if ((strlen($post_result[$key]) < $val && !is_array($post_result[$key]) || count($post_result[$key]) < $val && is_array($post_result[$key])) && isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, $Form["Fields"][$key]["err_resp"])) . "<BR>\n"; $error[$key] = 1; } break; case "max": if (strlen($post_result[$key]) > $val && $InputType != "checkbox" && $InputType != "select" && !isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, FW_ERRORFORM_MAXSTR)) . "<BR>\n"; $error[$key] = 1; } if (count($post_result[$key]) > $val && ($InputType == "select" || $InputType == "checkbox" || $InputType == "mselect") && !isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, FW_ERRORFORM_MAXSEL)) . "<BR>\n"; $error[$key] = 1; } if ((strlen($post_result[$key]) > $val && !is_array($post_result[$key]) || count($post_result[$key]) > $val && is_array($post_result[$key])) && isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], str_replace("%VAL%", $val, $Form["Fields"][$key]["err_resp"])) . "<BR>\n"; $error[$key] = 1; } break; case "chk": if ($val == 1 && !isset($post_result[$key]) && !isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_NOCHK) . "<BR>\n"; $error[$key] = 1; } elseif ($val == 1 && !isset($post_result[$key]) && isset($Form["Fields"][$key]["err_resp"])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], $Form["Fields"][$key]["err_resp"]) . "<BR>\n"; $error[$key] = 1; } break; case "type": //type management, just Reg. Expression switch ($val) { case "crit": if (!ereg('^(MIN\\*|MED\\.|MAX/)[1-9]{1}$', $post_result[$key])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_TYPECRIT) . "<BR>\n"; $error[$key] = 1; } break; case "float": if (!ereg("^-?[0-9]+((,|\\.)[0-9]{1,})?\$", $post_result[$key]) && strlen($post_result[$key]) > 0) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_TYPEFLOAT) . "<BR>\n"; $error[$key] = 1; } break; case "email": if (eregi("(@.*@)|(\\.\\.)|(@\\.)|(\\.@)|(^\\.)", $post_result[$key]) || !eregi("^.+\\@(\\[?)[-_a-zA-Z0-9\\.]+\\.([a-zA-Z]{2,3}|[0-9]{1,3})(\\]?)\$", $post_result[$key])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_TYPEMAIL) . "<BR>\n"; $error[$key] = 1; } break; case "url": if (!eregi("^https?://[a-z0-9-]+(\\.[a-z0-9-]+)*\\.([0-9]{1,3}|[a-z]{2,4})", $post_result[$key])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_TYPEURL) . "<BR>\n"; $error[$key] = 1; } break; case "phone": if (!eregi("^\\+?[0-9 ]{4}", $post_result[$key])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_TYPEPHONE) . "<BR>\n"; $error[$key] = 1; } break; //File Manager //File Manager case "fimgreq": $arr = @getimagesize($_FILES[$key]['tmp_name']); if (!$arr) { $err++; $resp_er .= "Il campo " . $Form["Fields"][$key]["title"] . "\tnon\tcontiene un\tfile riconosciuto\tcome immagine\tvalida.<BR>\n"; $error[$key] = 1; } break; case "fimg": $arr = @getimagesize($_FILES[$key]['tmp_name']); if (!$arr && isset($_FILES[$key]['tmp_name']) && $_FILES[$key]['tmp_name'] != "") { $err++; $resp_er .= "Il\tcampo\t" . $Form["Fields"][$key]["title"] . " non contiene\tun file\triconosciuto come\timmagine valida.<BR>\n"; $error[$key] = 1; } break; // Check for integer // Check for integer case "int": if (!is_id($post_result[$key])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_TYPEINT) . "<BR>\n"; $error[$key] = 1; } break; case "alfanum": if (!ereg("^[[:alnum:]]+\$", $post_result[$key])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], FW_ERRORFORM_ALFANUM) . "<BR>\n"; $error[$key] = 1; } break; //Check for Module defined error type //Check for Module defined error type default: if (isset($FORM_TYPE[$val])) { if (!eregi($FORM_TYPE[$val][reg_exp], $post_result[$key])) { $err++; $resp_er .= str_replace("%FIELD%", $Form["Fields"][$key]["title"], $FORM_TYPE[$val][err_resp]) . "<BR>\n"; $error[$key] = 1; } } else { //Load the form type definition from the corresponding module, error type name should be in format module_errortype if (strstr($val, "_")) { $type_part = explode("_", $val); require_once $CONF[path_base] . $CONF[dir_modules] . $type_part[0] . "/form.php"; if (isset($FORM_TYPE[$val])) { if (!eregi($FORM_TYPE[$val][reg_exp], $post_result[$key])) { $err++; $resp_er .= str_replace("%FIRLD%", $Form["Fields"][$key]["title"], $FORM_TYPE[$val][err_resp]) . "<BR>\n"; $error[$key] = 1; } } else { trigger_error(str_replace("%ELEMENT%", $val, FW_ERROR_NOFORMERROR), E_USER_NOTICE); } } else { trigger_error(str_replace("%ELEMENT%", $val, FW_ERROR_NOFORMERROR), E_USER_NOTICE); } } break; } break; default: //If it's not a standard error check, lets check if it's a module defined function and run it if (strstr($type, "_")) { $func_name = str_replace("_", "_formerror_", $type); if (!function_exists($func_name)) { $function_part = explode("_", $type); require_once $CONF[path_base] . $CONF[dir_modules] . $function_part[0] . "/form.php"; if (!function_exists($func_name)) { trigger_error(str_replace("%ELEMENT%", $type, FW_ERROR_NOFORMERROR), E_USER_ERROR); } } //Launch error managing function and get result, 1 for ok else resp $res_func = $func_name($Form["Fields"][$key], $key, $post_result[$key], $val); if ($res_func != 1) { $err++; $resp_er .= $res_func; $error[$key] = 1; } unset($res_fun); } else { trigger_error(str_replace("%ELEMENT%", $InputType, FW_ERROR_NOFORMERROR), E_USER_ERROR); } break; } } } //Set group level error if ($err > $pre_err && isset($cur_group)) { $error[$cur_group] = 1; } } if ($err == 0) { return 1; } else { $error["resp"] = $resp_er; return $error; } }
} else { $curmonth = date("m"); } if (isset($_GET[year]) && is_numeric($_GET[year])) { $curyear = $_GET[year]; } else { $curyear = date("Y"); } if (isset($_GET[day]) && is_numeric($_GET[day])) { $curday = $_GET[day]; } elseif ($curmonth == date("m") && $curyear == date("Y")) { $curday = date("d"); } $maxday = howmany_days($curmonth, $curyear); //, pratiche p AND m.ref_prat=p.id type=0 AND $rs = $DB->Execute(perm_sql_read("SELECT * FROM {$module} m WHERE day <= '{$curyear}-{$curmonth}-{$maxday}' AND day >= '{$curyear}-{$curmonth}-01' AND (operator LIKE '" . $_SESSION[fw_userid] . ",,%' OR operator ='" . $_SESSION[fw_userid] . "')", $module)); $cnt = 0; while (!$rs->EOF) { $app = $rs->FetchRow(); $day_app[$app[day]][$cnt] = $app; $day_app[$app[day]][tot]++; $cnt++; } $null = ob_get_contents(); ob_end_clean(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Calendar</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
$result[operatore] = $_SESSION[fw_userid]; $thisform[onpost] = str_replace("type::add", "type::upd", $thisform[onpost]); $thisform[Fields][send][content] = "submit||" . PRESTAZIONI_ADD . "||"; $response[title] = PRESTAZIONI_ADD_DONE; $response[text] = PRESTAZIONI_ADD_DONE_TXT . "<br><br>" . make_button($str_prima_nota, PRESTAZIONI_BACK_LIST); } else { $response[title] = FW_ERROR_NO_PERM; $response[text] = FW_ERROR_NO_PERM_TXT; $iserror = 1; print draw_response($response); } } elseif (isset($_GET[app_id]) && $_POST[form_id] == $thisform["name"]) { $PAGE[PAGE_INTITLE] = STUDIO_ADD_SPESA . " 2"; $PAGE[TXT_TITLE] = STUDIO_ADD_SPESA; $ad = "add"; $rs = $DB->Execute(perm_sql_read("SELECT * FROM calendar m, pratiche p WHERE %[PERM]% AND p.id=m.ref_prat AND m.id=" . $_GET[app_id], "calendar")); if ($result_cal = $rs->FetchRow()) { insert_last_viewed($result_cal[ref_id], "pratiche"); $PAGE_ELEMENT[PAGE][1][0][param] = $result_cal[ref_prat]; //$result[ref_id]=$result_cal[ref_prat]; $rs2 = $DB->Execute("SELECT * FROM pratiche WHERE id=" . $result_cal[ref_prat]); $result_prat = $rs2->FetchRow(); $thisform[Fields][title_pratica][title] = PRESTAZIONI_REF_PRATICA; $thisform[Fields][title_pratica][content] = "text||" . $result_prat[pr_codice] . "||wid::40;;disab::1"; $thisform[Fields][ref_id][content] = "hidden||" . $result_prat[id] . "||"; $thisform[Fields][valore_pratica][content] = "hidden||" . $result_prat[pr_valore] . "||"; $thisform[Fields][tipo_pratica][content] = "hidden||" . $result_prat[pr_comp_cod] . "||"; // ////CONTINUA AD INSERIRE NUOVE PRESTAZIONI //$thisform[Fields][continuaIns][title]=PRESTAZIONI_CONTINUA_INS_TIT; //$thisform[Fields][continuaIns][content]="checkbox||||opt::".PRESTAZIONI_CONTINUA_INS."=>1;;size::1";
function draw_object($object, $id, $module, $real_obj = "") { global $DB, $CONF, $CUR_TEMPLATE; foreach (explode("||", $object[options]) as $value) { list($type, $val) = explode("::", $value); switch ($type) { case "perm": $perm = $val; break; } } if ($real_obj == "") { if ($perm == 0) { $rs = @$DB->Execute(str_replace("%[ID]%", $id, $object[sql_select])); } else { $rs = @$DB->Execute(perm_sql_read(str_replace("%[ID]%", $id, $object[sql_select]), $module)); } //print perm_sql_read(str_replace("%[ID]%",$id,$object[sql_select]),$module); if (!$rs) { return 0; } if ($rs->RecordCount() != 1) { $response[title] = FW_ERROR_NO_OBJ; $response[text] = FW_ERROR_NO_OBJ_FOUND; return draw_response($response); } $this_object = $rs->FetchRow(); log_event("S", $module, $id); } else { $this_object = $real_obj; } $obj_template_content = file_get_contents($CONF[path_base] . $CONF[dir_modules] . $module . "/" . $CONF[dir_template] . $CUR_TEMPLATE[name] . '/' . $object[object_template]); foreach ($object[Fields] as $fname => $ftitle) { list($val, $type) = explode("::", $ftitle); $cur = $this_object[$fname]; if (isset($type)) { switch ($type) { case "low": $val = strtolower($val); break; case "up": $val = strtoupper($val); break; case "date": list($yy, $mm, $dd) = explode('-', $cur); if ($yy != "0000" && $mm != "00" && $dd != "00") { $cur = date($CONF[date_format], mktime(7, 0, 0, $mm, $dd, $yy)); } else { $cur = ""; } break; } } if ($type[0] == "(") { $type = str_replace("(", "", $type); $type = str_replace(")", "", $type); foreach (explode("||", $type) as $v) { list($or, $re) = explode("=>", $v); if ($cur == $or) { $cur = $re; } } } if ($type[0] == "[") { $type = str_replace("[", "", $type); $type = str_replace("]", "", $type); list($sql_q, $field_show) = explode(";;", $type); if (!strstr($cur, ",,")) { $sql_q = str_replace("%ID%", $cur, $sql_q); $type_query = @$DB->Execute($sql_q); $row_query = $type_query->FetchRow(); $cur = $row_query[$field_show]; } else { $newcur = ""; foreach (explode(",,", $cur) as $curr) { $sqln = str_replace("%ID%", $curr, $sql_q); $type_query = @$DB->Execute($sqln); $row_query = $type_query->FetchRow(); $newcur .= $row_query[$field_show] . ' '; } $cur = $newcur; } } if ($type[0] == "{") { $type = str_replace("{", "", $type); $type = str_replace("}", "", $type); list($sql_q, $field_show, $sep) = explode(";;", $type); $sql_q = str_replace("%ID%", $cur, $sql_q); $type_query = @$DB->Execute($sql_q); $cur = ""; $cmul = 0; while (!$type_query->EOF) { if ($cmul > 0) { $cur .= $sep; } $row_query = $type_query->FetchRow(); $cur .= $row_query[$field_show]; $cmul++; } } if (substr($type, 0, 6) == "func=>") { $type = str_replace("func=>", "", $type); $cur = $type($this_object); } if (ereg("^[0-9]+(\\.|,)[0-9]*\$", $cur)) { $cur = str_replace(".", ",", $cur); } $obj_template_content = str_replace("%[" . strtoupper($fname) . "-TITLE]%", $val, $obj_template_content); $obj_template_content = str_replace("%[" . strtoupper($fname) . "]%", $cur, $obj_template_content); } return $obj_template_content; }
$rs = $DB->Execute(perm_sql_read("SELECT * FROM pratiche p WHERE %[PERM]% AND (pr_ref_idcliente=" . $_GET[id] . " OR pr_ref_idavvr=" . $_GET[id] . " OR pr_ref_idbenefic=" . $_GET[id] . " OR pr_ref_idaltri=" . $_GET[id] . ")", "pratiche")); if ($rs->RecordCount() > 0) { $thisobj["Fields"]["button_sitcont"] = make_button_clean(PRATICHE_SITCONT, 'onClick="loadLayerWindow(\'' . $CONF[url_base] . $CONF[dir_modules] . 'contact/pages/contact_sitcont.php?id=' . $_GET[id] . '\');"'); $thislist = load_fwobject("lists", "pratiche", 0); $thislist["sql_select"] = "SELECT * FROM pratiche p WHERE %[PERM]% AND (pr_ref_idcliente=" . $_GET[id] . " OR pr_ref_idavvr=" . $_GET[id] . " OR pr_ref_idbenefic=" . $_GET[id] . " OR pr_ref_idaltri=" . $_GET[id] . ")"; $thisobj["Fields"]["prat_col"] = ' <tr> <th colspan="2" width="100%" align="center"> <b>' . CONTACT_PRAT_RELATED . '</b></th> </tr> <tr> <td width="100%" colspan="2" onMouseOver="this.className=\'pratica-over-sub\'" onMouseOut="this.className=\'null\'">' . draw_list($thislist, "pratiche") . '</td> </tr>'; } else { $thisobj["Fields"]["prat_col"] = ""; $thisobj["Fields"]["button_sitcont"] = ""; } $rs2 = $DB->Execute(perm_sql_read("SELECT * FROM calendar p WHERE %[PERM]% AND (ref_cont=" . $_GET[id] . ")", "calendar")); if ($rs2->RecordCount() > 0) { $restlist = load_fwobject("lists", "calendar", 6); $restlist["sql_select"] = "SELECT * FROM calendar p WHERE %[PERM]% AND (ref_cont=" . $_GET[id] . ")"; $thisobj["Fields"]["pro_restr"] = ' <tr> <th colspan="2" width="100%" align="center"> <b>' . CONTACT_PROVV_RESTR . '</b></th> </tr> <tr> <td width="100%" colspan="2" onMouseOver="this.className=\'pratica-over-sub\'" onMouseOut="this.className=\'null\'">' . draw_list($restlist, "calendar") . '</td> </tr>'; } else { $thisobj["Fields"]["pro_restr"] = ""; } print draw_object($thisobj, intval($_GET[id]), $module); } else { $response[title] = FW_ERROR_NO_PERM;