foreach ($tables as $i) {
$champs = '';
$update = "UPDATE lr.{$i} SET ";
foreach ($aColumnsTot[$id_page] as $key => $val) {
if ($val['modifiable'] == 't' and $val['table_champ'] == $i) {
/*récupération des champs modifiables*/
$champs .= $val['champ_interface'] . ",";
/*construction de l'update*/
if ($val['type'] == 'string') {
$update .= $val['champ_interface'] . " = " . sql_format_quote($_POST[$val['champ_interface']], 'do') . ",";
}
if ($val['type'] == 'val') {
$update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ",";
}
if ($val['type'] == 'bool') {
$update .= $val['champ_interface'] . " = " . sql_format_bool($_POST[$val['champ_interface']]) . ",";
}
if ($val['type'] == 'int') {
$update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ",";
}
}
}
/*SUIVI AVANT UPDATE*/
$select = "SELECT " . rtrim($champs, ',') . " FROM lr.{$i} AS t WHERE uid=" . $id . ";";
if (DEBUG) {
echo "<br>" . $select;
}
$result = pg_query($db, $select) or die("Erreur pgSQL : " . pg_result_error($result));
$backup = pg_fetch_array($result, NULL, PGSQL_ASSOC);
// Old values
foreach ($backup as $field => $val_1) {
$code = "";
}
$query = "UPDATE " . SQL_schema_app . ".utilisateur SET \n\tid_cbn=" . sql_format_num($_POST["id_cbn"]) . ",\n\tnom=" . sql_format($_POST["nom"]) . ",\n\tprenom=" . sql_format($_POST["prenom"]) . ",\n\t" . $code . "\n\ttel_bur=" . sql_format($_POST["tel_bur"]) . ",\n\ttel_port=" . sql_format($_POST["tel_port"]) . ",\n\ttel_int=" . sql_format($_POST["tel_int"]) . ",\n\temail=" . sql_format($_POST["email"]) . ",\n\tweb=" . sql_format($_POST["web"]) . ",\n\t" . $query_niveau . "\n\t" . $query_ref . "\n\tdescr=" . sql_format($_POST["descr"]) . " \n\tWHERE id_user='******';";
echo $query;
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. edit user", $id, "utilisateur");
} else {
//------------------------------------------------------------------------------ ADD
foreach ($rubrique as $key => $val) {
if (empty($_POST["niveau_" . $key])) {
$_POST["niveau_" . $key] = 0;
}
$val_niveau .= sql_format_num($_POST["niveau_" . $key]) . ",";
$key_niveau .= "niveau_" . $key . ",";
if (empty($_POST["ref_" . $key])) {
$_POST["ref_" . $key] = 0;
}
$val_ref .= sql_format_bool($_POST["ref_" . $key]) . ",";
$key_ref .= "ref_" . $key . ",";
}
$id = strtoupper(substr(stripAccents($_POST['prenom']), 0, 2) . substr(stripAccents($_POST['nom']), 0, 2)) . mt_rand(1, 9);
$query = "INSERT INTO " . SQL_schema_app . ".utilisateur (id_user, id_cbn,nom,prenom,login,pw,tel_bur,tel_port,tel_int,email,web,\n\t{$key_niveau}\n\t{$key_ref}\n\tdescr)\n\tVALUES (\n\t\t'" . $id . "',\n\t\t" . sql_format_num($_POST["id_cbn"]) . ",\n\t\t" . sql_format($_POST["nom"]) . ",\n\t\t" . sql_format($_POST["prenom"]) . ",\n\t\t" . sql_format($_POST["login"]) . ",\n\t\t" . sql_format($_POST["pw"]) . ",\n\t\t" . sql_format($_POST["tel_bur"]) . ",\n\t\t" . sql_format($_POST["tel_port"]) . ",\n\t\t" . sql_format($_POST["tel_int"]) . ",\n\t\t" . sql_format($_POST["email"]) . ",\n\t\t" . sql_format($_POST["web"]) . ",\n\t\t{$val_niveau} {$val_ref}\n\t\t" . sql_format($_POST["descr"]) . ");";
echo $query;
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. ajout user", $id, "utilisateur");
}
//------------------------------------------------------------------------------ FONCTIONS
function stripAccents($string)
{
return strtr($string, 'àáâãäçèéêëìíîïñòóôõöùúûüýÿÀÁÂÃÄÇÈÉÊËÌÍÎÏÑÒÓÔÕÖÙÚÛÜÝ', 'aaaaaceeeeiiiinooooouuuuyyAAAAACEEEEIIIINOOOOOUUUUY');
}
/*--------------------------------------------------*/
/*ici ajouter la GESTION DES MODIFICATIONS ET SUIVI*/
/*-------------------------------------------------*/
} else {
// ADD
//------------------------------------------------------------------------------ Valeurs numériques
if ($_POST['etape'] == "") {
$_POST['etape'] = 2;
}
//------------------------------------------------------------------------------
/*Paramètre à ajouter*/
$in["cd_ref"] = sql_format_num($_POST["cd_ref"]);
$in["famille"] = sql_format_quote($_POST["famille"], 'do');
$in["nom_sci"] = sql_format_quote($_POST["nom_sci"], 'do');
$in["cd_rang"] = sql_format($_POST["cd_rang"]);
$in["nom_verna"] = sql_format_quote($_POST["nom_verna"], 'do');
$in["hybride"] = sql_format_bool($_POST["hybride"], 'do');
$rub[$id_page] = 'true';
$uid = add_taxon($in, $rub);
add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "nom", null, sql_format_num($_POST["nom_sci"]), 'applications', 'manuel', 'ajout');
add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "uid", null, $uid, 'applications', 'manuel', 'ajout');
}
/*
if (!DEBUG) {
echo ("<script language=\"javascript\" type=\"text/javascript\">");
echo ("window.location.replace ( \"index.php\")");
echo ("</script>");
}
*/
pg_close($db);
return true;
//------------------------------------------------------------------------------ ADD.
/*SUIVI DES MODIFICATIONS ET UPDATE*/
$liste_champs = '';
foreach ($aColumnsTot[$id_page] as $key => $val) {
if ($val['modifiable'] == 't' and $val['table_champ'] == "ddd" and $val['nom_champ'] != "id_from") {
/*récupération des champs modifiables*/
$liste_champs .= "\"" . $val['champ_interface'] . "\",";
/*construction de l'update*/
if ($val['type'] == 'string') {
$values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ",";
}
if ($val['type'] == 'val') {
$values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ",";
}
if ($val['type'] == 'bool') {
$values .= sql_format_bool($_POST[$val['champ_interface']]) . ",";
}
if ($val['type'] == 'int') {
$values .= sql_format_num($_POST[$val['champ_interface']]) . ",";
}
}
}
$insert = "INSERT INTO fsd.ddd (" . rtrim($liste_champs, ',') . ") VALUES (" . rtrim($values, ',') . ") RETURNING uid";
/*INSERT*/
if (DEBUG) {
echo "<br>" . $insert;
}
$result = pg_query($db, $insert) or die("Erreur pgSQL : " . pg_result_error($result));
$uid = pg_fetch_row($result);
if (!empty($_POST['id_from'])) {
$idfrominsert = null;
if ($val['modifiable'] == 't' and $val['table_champ'] == $i) {
/*récupération des champs modifiables*/
$champs .= "\"" . $i . "\".\"" . $val['nom_champ'] . "\",";
/*verification que l'appli reçoit bien $val['nom_champ']==='nomCompletSyntaxon' */
//echo "1:".$val['nom_champ'];
//if ($val['nom_champ']!=='nomCompletSyntaxon') echo " is nomComplet is false<br>";
//if ($val['nom_champ']==='nomCompletSyntaxon') echo " is nomComplet is true<br>";
/*construction de l'update*/
if ($val['type'] == 'string' and $val['nom_champ'] !== 'nomCompletSyntaxon') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ",";
}
if ($val['type'] == 'val') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ",";
}
if ($val['type'] == 'bool') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_bool($_POST[$val['nom_champ']]) . ",";
}
if ($val['type'] == 'int') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_num($_POST[$val['nom_champ']]) . ",";
}
}
}
//echo "<br> voici l'update avant trim <bre>".$update ;
/*on ajoute le nom complet car parfois ne fonctionne pas en formulaire*/
//si on avait pas ajouté le nomComplet en bout de la variable update, il aurait fallu supprimer la virgule générée par la boucle (d'où le rtrim initial)
//$update = rtrim($update,',')." WHERE \"codeEnregistrementSyntax\" = ".$id.";";
$update .= " \"nomCompletSyntaxon\" = '" . $_POST['nomSyntaxon'] . " " . $_POST['auteurSyntaxon'] . "' ";
/*on ajoute la condition sur le code de l'enregistrement*/
$update .= "WHERE \"codeEnregistrementSyntax\"=" . $id . ";";
if (DEBUG) {
echo "<br> update = " . $update;
