function formXml($formId)
{
$filename = getFormFilename($formId);
if (file_exists($filename)) {
$title = getFormTitle($formId);
header('Content-Type: text/xml; charset=utf-8');
header('Content-Disposition: attachment; filename="' . $title . '.xml";');
readfile($filename);
} else {
error404();
}
}
function render($ele_value, $caption, $markupName, $isDisabled, $element, $entry_id, $screen)
{
// we are going to have to store some kind of flag/counter with the id number of the starting element in the table, and the number of times we need to ignore things
// we need to then listen for this up above and skip those elements as they come up. This is why grids must come before their elements in the form definition
include_once XOOPS_ROOT_PATH . "/modules/formulize/include/griddisplay.php";
$fid = $element->getVar('id_form');
global $gridCounter;
list($grid_title, $grid_row_caps, $grid_col_caps, $grid_background, $grid_start, $grid_count) = compileGrid($ele_value, trans(getFormTitle($fid)), $element);
$headingAtSide = ($ele_value[5] and $grid_title) ? true : false;
// if there is a value for ele_value[5], then the heading should be at the side, otherwise, grid spans form width as it's own chunk of HTML
$gridCounter[$grid_start] = $grid_count;
$gridContents = displayGrid($fid, $entry_id, $grid_row_caps, $grid_col_caps, $grid_title, $grid_background, $grid_start, "", "", true, $screen, $headingAtSide);
if ($headingAtSide) {
// grid contents is the two bits for the xoopsformlabel when heading is at side, otherwise, it's just the contents for the break
return new XoopsFormLabel($gridContents[0], $gridContents[1]);
} else {
return array($gridContents, "head");
// head is the css class of the cell
}
}
function dataExtraction($frame = "", $form, $filter, $andor, $scope, $limitStart, $limitSize, $sortField, $sortOrder, $forceQuery, $mainFormOnly, $includeArchived = false, $id_reqsOnly = false, $resultOnly = false, $filterElements = null)
{
global $xoopsDB;
$limitStart = intval($limitStart);
$limitSize = intval($limitSize);
$sortField = formulize_db_escape($sortField);
if (isset($_GET['debug'])) {
$time_start = microtime_float();
}
if ($scope == "uid=\"blankscope\"") {
return array();
}
if (is_numeric($frame)) {
$frid = $frame;
} elseif ($frame != "") {
$frameid = go("SELECT frame_id FROM " . DBPRE . "formulize_frameworks WHERE frame_name='{$frame}'");
$frid = $frameid[0]['frame_id'];
unset($frameid);
} else {
$frid = "";
}
if (is_numeric($form)) {
$fid = $form;
} elseif ($GLOBALS['formulize_versionFourOrHigher'] == false) {
$formcheck = go("SELECT ff_form_id FROM " . DBPRE . "formulize_framework_forms WHERE ff_frame_id='{$frid}' AND ff_handle='{$form}'");
$fid = $formcheck[0]['ff_form_id'];
unset($formcheck);
}
if (!$fid) {
print "Form Name: " . $form . "<br>";
print "Form id: " . $fid . "<br>";
print "Frame Name: " . $frame . "<br>";
print "Frame id: " . $frid . "<br>";
exit("selected form does not exist in framework");
}
$form_handler = xoops_getmodulehandler('forms', 'formulize');
$formObject = $form_handler->get($fid);
if ($frid and !$mainFormOnly) {
// GET THE LINK INFORMATION FOR THE CURRENT FRAMEWORK BASED ON THE REQUESTED FORM
$linklist1 = go("SELECT fl_form2_id, fl_key1, fl_key2, fl_relationship, fl_unified_display, fl_common_value FROM " . DBPRE . "formulize_framework_links WHERE fl_frame_id = '{$frid}' AND fl_form1_id = '{$fid}'");
$linklist2 = go("SELECT fl_form1_id, fl_key1, fl_key2, fl_relationship, fl_unified_display, fl_common_value FROM " . DBPRE . "formulize_framework_links WHERE fl_frame_id = '{$frid}' AND fl_form2_id = '{$fid}'");
}
// link list 1 is the list of form2s that the requested form links to
// link list 2 is the list of form1s that the requested form links to
// ie: the link list number denotes the position of the requested form in the pair
// print "Frame: $frame ($frid)<br>";
// print "Form: $form ($fid)<br>";
// generate the list of key fields in the current form, so we can use the values in these fields to filter the linked forms. -- sept 27 2005
$linkkeys1 = array();
$linkisparent1 = array();
$linkformids1 = array();
$linktargetids1 = array();
$linkselfids1 = array();
$linkcommonvalue1 = array();
$linkkeys2 = array();
$linkisparent2 = array();
$linkformids2 = array();
$linktargetids2 = array();
$linkselfids2 = array();
$linkcommonvalue2 = array();
if ($frid and !$mainFormOnly) {
if (count($linklist1) > 0) {
foreach ($linklist1 as $theselinks) {
$linkformids1[] = $theselinks['fl_form2_id'];
if ($theselinks['fl_key1'] != 0) {
$handleforlink = formulize_getElementHandleFromID($theselinks['fl_key1']);
$linkkeys1[] = $handleforlink;
$linktargetids1[] = $theselinks['fl_key2'];
$linkselfids1[] = $theselinks['fl_key1'];
} else {
$linkkeys1[] = "";
$linktargetids1[] = "";
}
if ($theselinks['fl_relationship'] == 2) {
// 2 is one to many relationship...this does not appear to be referenced anywhere in the extraction layer!
$linkisparent1[] = 1;
} else {
$linkisparent1[] = 0;
}
$linkcommonvalue1[] = $theselinks['fl_common_value'];
}
}
if (count($linklist2) > 0) {
foreach ($linklist2 as $theselinks) {
$linkformids2[] = $theselinks['fl_form1_id'];
if ($theselinks['fl_key2'] != 0) {
$handleforlink = formulize_getElementHandleFromID($theselinks['fl_key2']);
$linkkeys2[] = $handleforlink;
$linktargetids2[] = $theselinks['fl_key1'];
$linkselfids2[] = $theselinks['fl_key2'];
} else {
$linkkeys2[] = "";
$linktargetids2[] = "";
}
if ($theselinks['fl_relationship'] == 3) {
// 3 is many to one relationship...this does not appear to be referenced anywhere in the extraction layer!
$linkisparent2[] = 1;
} else {
$linkisparent2[] = 0;
}
$linkcommonvalue2[] = $theselinks['fl_common_value'];
}
}
$linkkeys = array_merge($linkkeys1, $linkkeys2);
$linkisparent = array_merge($linkisparent1, $linkisparent2);
$linkformids = array_merge($linkformids1, $linkformids2);
$linktargetids = array_merge($linktargetids1, $linktargetids2);
$linkselfids = array_merge($linkselfids1, $linkselfids2);
$linkcommonvalue = array_merge($linkcommonvalue1, $linkcommonvalue2);
} else {
$linkkeys = "";
$linkisparent = "";
$linkformids = array();
$linktargetids = "";
$linkselfids = "";
$linkcommonvalue = "";
}
//print_r( $linkformids );
$GLOBALS['formulize_linkformidsForCalcs'] = $linkformids;
// now that we have the full details from the framework, figure out the full SQL necessary to get the entire dataset
// This whole approach is predicated on being able to do reliable joins between the key fields of each form
// Structure of the SQL should be...
// SELECT main.entry_id, main.creation_uid, main.mod_uid, main.creation_datetime, main.mod_datetime, main.handle1...main.handleN, f2.entry_id, f2.1..f2.n, etc FROM formulize_A AS main [join syntax] WHERE main.handle1 = "whatever" AND/OR f2.handle1 = "whatever"
// Join syntax: if there are query terms on the f2 or subsequent forms, then use INNER JOIN formulize_B AS f2 ON main.1 LIKE CONCAT('%,', f2.entry_id, ',%') -- or no %, ,% if only one value is allowed
// If there are no query terms on the f2 or subsequent forms, then use LEFT JOIN
// establish the join type and all that
$joinText = "";
$linkSelect = "";
$exportOverrideQueries = array();
$limitClause = "";
if ($limitSize) {
$limitClause = " LIMIT {$limitStart}, {$limitSize} ";
}
if (is_array($filter) or substr($filter, 0, 6) != "SELECT" and substr($filter, 0, 6) != "INSERT") {
// if the filter is not itself a fully formed SQL statement...
$scopeFilter = "";
if (is_array($scope)) {
// assume any arrays are groupid arrays, and so make a valid scope string based on this. Use the new entry owner table.
if (count($scope) > 0) {
$start = true;
foreach ($scope as $groupid) {
// need to loop through the array, and not use implode, so we can sanitize the values
if (!$start) {
$scopeFilter .= " OR scope.groupid=" . intval($groupid);
} else {
$start = false;
$scopeFilter = " AND EXISTS(SELECT 1 FROM " . DBPRE . "formulize_entry_owner_groups AS scope WHERE (scope.entry_id=main.entry_id AND scope.fid=" . intval($fid) . ") AND (scope.groupid=" . intval($groupid);
}
}
$scopeFilter .= ")) ";
// need two closing brackets for the exists statement and its where clause
} else {
// no valid entries found, so show no entries
$scopeFilter = " AND main.entry_id<0 ";
}
} elseif ($scope) {
// need to handle old "uid = X OR..." syntax
$scopeFilter = " AND (" . str_replace("uid", "main.creation_uid", $scope) . ") ";
}
formulize_getElementMetaData("", false, $fid);
// initialize the element metadata for this form...serious performance gain from this
list($formFieldFilterMap, $whereClause, $orderByClause, $oneSideFilters, $otherPerGroupFilterJoins, $otherPerGroupFilterWhereClause) = formulize_parseFilter($filter, $andor, $linkformids, $fid, $frid);
// ***********************
// NOTE: the oneSideFilters are divided into two sections, the AND filters and OR filters for a given form
// These will need to be constructed differently if we are ever to support OR filters that are spread across forms.
// Right now, oneSideFilters get rendered with all other filters for their form, which is fine if the OR filters all belong to the same form
// But if there are OR filters on two different forms, then we will need to do some kind of much more complex handling of the OR filters, or else the count query, and the queries for calculations, will be screwed up
// The proper approach to this would be to have the AND oneSideFilters divided by form, like now, but for the ORs, we would need to loop through all ORs on all forms at once, and concatenate them somehow, ie:
// foreach($oneSideFilters as $thisOneSideFid=>$oneSideFilterData) {
// foreach($oneSideFilterData as $oneSideAndOr=>$thisOneSideFilter) {
// if($oneSideAndOr == "and") { // note, it's forced to lowercase in the parseFilter function
// // then add this filter to the exists/other construction/whatever for this particular form
// } else {
// // then add this filter to a more complex exists/other construction/whatever that contains all the ORs, grouped by form, with ORs in between them
// // ie, the final output would be like: AND ( exists(select 1 from table1 where field11=x or field12=y) OR exists(select 1 from table2 where field21 LIKE '%t%') OR (exists(select 1 from table3 where field31 > 23) )
// // And this entire construction would be then added to queries, to account properly for all the OR operators that had been requested
// }
// }
// }
// NOTE: Oct 17 2011 -- since we are now splitting multiform queries into may different individual collections of entries, it may be possible to do what's suggested above more easily. However, we still need the full where clause at our disposal in the main query that gets the main form entry ids, or else we'll have an incorrect master list of entry ids to return. :-(
// ***********************
if (isset($oneSideFilters[$fid])) {
foreach ($oneSideFilters[$fid] as $thisOneSideFilter) {
$mainFormWhereClause .= " AND ( {$thisOneSideFilter} ) ";
}
} else {
$mainFormWhereClause = "";
}
if ($whereClause) {
$whereClause = "AND {$whereClause}";
}
// create the per-group filters, if any, that apply to this user...only available when all XOOPS is invoked, not available when extract.php is being direct included
global $xoopsDB;
$perGroupFilter = "";
$perGroupFiltersPerForms = array();
// used with exists clauses and other per-form situations
if ($xoopsDB) {
$form_handler = xoops_getmodulehandler('forms', 'formulize');
$perGroupFilter = $form_handler->getPerGroupFilterWhereClause($fid, "main");
$perGroupFiltersPerForms[$fid] = $perGroupFilter;
if ($frid) {
foreach ($linkformids as $id => $thisLinkFid) {
$perGroupFiltersPerForms[$thisLinkFid] = $form_handler->getPerGroupFilterWhereClause($thisLinkFid, "f" . $id);
}
}
}
if ($frid) {
$joinHandles = formulize_getJoinHandles(array(0 => $linkselfids, 1 => $linktargetids));
// get the element handles for these elements, since we need those to properly construct the join clauses
$newJoinText = "";
// "new" variables initilized in each loop
$joinTextIndex = array();
$joinTextTableRef = array();
$linkSelectIndex = array();
$newexistsJoinText = "";
$joinText = "";
// not "new" variables persist (with .= operator)
$existsJoinText = "";
foreach ($linkformids as $id => $linkedFid) {
// validate that the join conditions are valid...either both must have a value, or neither must have a value (match on user id)...otherwise the join is not possible
if ($joinHandles[$linkselfids[$id]] and $joinHandles[$linktargetids[$id]] or $linkselfids[$id] == '' and $linktargetids[$id] == '') {
formulize_getElementMetaData("", false, $linkedFid);
// initialize the element metadata for this form...serious performance gain from this
$linkSelectIndex[$linkedFid] = "f{$id}.entry_id AS f" . $id . "_entry_id, f{$id}.creation_uid AS f" . $id . "_creation_uid, f{$id}.mod_uid AS f" . $id . "_mod_uid, f{$id}.creation_datetime AS f" . $id . "_creation_datetime, f{$id}.mod_datetime AS f" . $id . "_mod_datetime, f{$id}.*";
$linkSelect .= ", f{$id}.entry_id AS f" . $id . "_entry_id, f{$id}.creation_uid AS f" . $id . "_creation_uid, f{$id}.mod_uid AS f" . $id . "_mod_uid, f{$id}.creation_datetime AS f" . $id . "_creation_datetime, f{$id}.mod_datetime AS f" . $id . "_mod_datetime, f{$id}.*";
$joinType = isset($formFieldFilterMap[$linkedFid]) ? "INNER" : "LEFT";
$linkedFormObject = $form_handler->get($linkedFid);
$joinTextTableRef[$linkedFid] = DBPRE . "formulize_" . $linkedFormObject->getVar('form_handle') . " AS f{$id} ON ";
$joinText .= " {$joinType} JOIN " . DBPRE . "formulize_" . $linkedFormObject->getVar('form_handle') . " AS f{$id} ON";
// NOTE: we are aliasing the linked form tables to f$id where $id is the key of the position in the linked form metadata arrays where that form's info is stored
$newexistsJoinText = $existsJoinText ? " {$andor} " : "";
$newexistsJoinText .= " EXISTS(SELECT 1 FROM " . DBPRE . "formulize_" . $linkedFormObject->getVar('form_handle') . " AS f{$id} WHERE ";
// set this up also so we have it available for one to many/many to one calculations that require it
if ($linkcommonvalue[$id]) {
// common value
$newJoinText = " main.`" . $joinHandles[$linkselfids[$id]] . "`=f{$id}.`" . $joinHandles[$linktargetids[$id]] . "`";
} elseif ($linktargetids[$id]) {
// linked selectbox
if ($target_ele_value = formulize_isLinkedSelectBox($linktargetids[$id])) {
if ($target_ele_value[1]) {
// multiple values allowed
$newJoinText = " f{$id}.`" . $joinHandles[$linktargetids[$id]] . "` LIKE CONCAT('%,',main.entry_id,',%')";
} else {
// single value only
$newJoinText = " f{$id}.`" . $joinHandles[$linktargetids[$id]] . "` = main.entry_id";
}
} else {
$main_ele_value = formulize_isLinkedSelectBox($linkselfids[$id]);
// we know it's linked because this is a linked selectbox join, we just need the ele_value properties
if ($main_ele_value[1]) {
// multiple values allowed
$newJoinText = " main.`" . $joinHandles[$linkselfids[$id]] . "` LIKE CONCAT('%,',f{$id}.entry_id,',%')";
} else {
// single value only
$newJoinText = " main.`" . $joinHandles[$linkselfids[$id]] . "` = f{$id}.entry_id";
}
}
} else {
// join by uid
$newJoinText = " main.creation_uid=f{$id}.creation_uid";
}
if (isset($perGroupFiltersPerForms[$linkedFid])) {
$newJoinText .= $perGroupFiltersPerForms[$linkedFid];
}
$joinTextIndex[$linkedFid] = $newJoinText;
$joinText .= $newJoinText;
if (count($oneSideFilters[$linkedFid]) > 0) {
// only setup the existsJoinText when there is a where clause that applies to this form...otherwise, we don't care, this form is not relevant to the query that the calculations will do (except maybe when the mainform is not the one-side form...but that's another story)
$existsJoinText .= $newexistsJoinText . $newJoinText;
foreach ($oneSideFilters[$linkedFid] as $thisOneSideFilter) {
$thisLinkedFidPerGroupFilter = isset($perGroupFiltersPerForms[$linkedFid]) ? $perGroupFiltersPerForms[$linkedFid] : "";
$existsJoinText .= " AND ( {$thisOneSideFilter} {$thisLinkedFidPerGroupFilter}) ";
}
$existsJoinText .= ") ";
// close the exists clause itself
}
}
}
}
// specify the join info for user table (depending whether there's a query on creator_email or not)
$userJoinType = $formFieldFilterMap['creator_email'] ? "INNER" : "LEFT";
$userJoinText = " {$userJoinType} JOIN " . DBPRE . "users AS usertable ON main.creation_uid=usertable.uid";
$sortIsOnMain = true;
if (!$orderByClause and $sortField) {
if ($sortField == "creation_uid" or $sortField == "mod_uid" or $sortField == "creation_datetime" or $sortField == "mod_datetime") {
$elementMetaData['id_form'] = $fid;
} elseif ($sortField == "uid") {
$sortField = "creation_uid";
$elementMetaData['id_form'] = $fid;
} elseif ($sortField == "proxyid") {
$sortField = "mod_uid";
$elementMetaData['id_form'] = $fid;
} elseif ($sortField == "creation_date") {
$sortField = "creation_datetime";
$elementMetaData['id_form'] = $fid;
} elseif ($sortField == "mod_date") {
$sortField = "mod_datetime";
$elementMetaData['id_form'] = $fid;
} elseif ($sortField == "entry_id") {
$sortField = "entry_id";
$elementMetaData['id_form'] = $fid;
} else {
$elementMetaData = formulize_getElementMetaData($sortField, true);
// need to get form that sort field is part of...
}
$sortFid = $elementMetaData['id_form'];
if ($sortFid == $fid) {
$sortFidAlias = "main";
} else {
$sortFidAlias = array_keys($linkformids, $sortFid);
// position of this form in the linking relationships is important for identifying which form alias to use
$sortFidAlias = "f" . $sortFidAlias[0];
$sortIsOnMain = false;
}
$sortFieldMetaData = formulize_getElementMetaData($sortField, true);
if ($sortFieldMetaData['ele_encrypt']) {
$sortFieldFullValue = "AES_DECRYPT({$sortFidAlias}.`{$sortField}`, '" . getAESPassword() . "')";
// sorts as text, which will screw up number fields
} elseif (formulize_isLinkedSelectBox($sortField, true)) {
$ele_value = unserialize($sortFieldMetaData['ele_value']);
$boxproperties = explode("#*=:*", $ele_value[2]);
$target_fid = $boxproperties[0];
$target_element_handle = $boxproperties[1];
$form_handler = xoops_getmodulehandler('forms', 'formulize');
$targetFormObject = $form_handler->get($target_fid);
// note you cannot sort by multi select boxes!
$sortFieldFullValue = "(SELECT sourceSortForm.`" . $target_element_handle . "` FROM " . DBPRE . "formulize_" . $targetFormObject->getVar('form_handle') . " as sourceSortForm WHERE sourceSortForm.`entry_id` = " . $sortFidAlias . ".`" . $sortField . "`)";
} else {
$sortFieldFullValue = "{$sortFidAlias}.`{$sortField}`";
}
$orderByClause = " ORDER BY {$sortFieldFullValue} {$sortOrder} ";
} elseif (!$orderByClause) {
$orderByClause = "ORDER BY main.entry_id";
}
debug_memory("Before retrieving mainresults");
//$beforeQueryTime = microtime_float();
$countMasterResults = "SELECT COUNT(main.entry_id) FROM " . DBPRE . "formulize_" . $formObject->getVar('form_handle') . " AS main ";
$countMasterResults .= "{$userJoinText} {$otherPerGroupFilterJoins} WHERE main.entry_id>0 {$mainFormWhereClause} {$scopeFilter} {$otherPerGroupFilterWhereClause} ";
$countMasterResults .= $existsJoinText ? " AND ({$existsJoinText}) " : "";
$countMasterResults .= isset($perGroupFiltersPerForms[$fid]) ? $perGroupFiltersPerForms[$fid] : "";
if (isset($GLOBALS['formulize_getCountForPageNumbers'])) {
// If there's an LOE Limit in place, check that we're not over it first
global $formulize_LOE_limit;
if ($countMasterResultsRes = $xoopsDB->query($countMasterResults)) {
$countMasterResultsRow = $xoopsDB->fetchRow($countMasterResultsRes);
if ($countMasterResultsRow[0] > $formulize_LOE_limit and $formulize_LOE_limit > 0 and !$forceQuery and !$limitClause) {
return $countMasterResultsRow[0];
} else {
// if we're in a getData call from displayEntries, put the count in a special place for use in generating page numbers
$GLOBALS['formulize_countMasterResultsForPageNumbers'] = $countMasterResultsRow[0];
}
} else {
exit("Error: could not count master results.<br>" . $xoopsDB->error() . "<br>SQL:{$countMasterResults}<br>");
}
unset($GLOBALS['formulize_getCountForPageNumbers']);
}
// now, if there's framework in effect, get the entry ids of the entries in the main form that match the criteria, so we can use a specific query for them instead of the order clause in the master query
$limitByEntryId = "";
$useAsSortSubQuery = "";
if ($frid) {
$limitByEntryId = " AND (";
$entryIdQuery = str_replace("COUNT(main.entry_id)", "main.entry_id as main_entry_id", $countMasterResults);
// don't count the entries, select their id numbers
if (!$sortIsOnMain) {
$sortFieldMetaData = formulize_getElementMetaData($sortField, true);
$sortFormObject = $form_handler->get($sortFid);
if ($sortFieldMetaData['ele_encrypt']) {
$useAsSortSubQuery = "(SELECT max(AES_DECRYPT(`{$sortField}`, '" . getAESPassword() . "')) as subsort FROM " . DBPRE . "formulize_" . $sortFormObject->getVar('form_handle') . " as {$sortFidAlias} WHERE " . $joinTextIndex[$sortFid] . " ORDER BY subsort {$sortOrder}) as usethissort";
} else {
$useAsSortSubQuery = "(SELECT max(`{$sortField}`) as subsort FROM " . DBPRE . "formulize_" . $sortFormObject->getVar('form_handle') . " as {$sortFidAlias} WHERE " . $joinTextIndex[$sortFid] . " ORDER BY subsort {$sortOrder}) as usethissort";
}
$entryIdQuery = str_replace("SELECT main.entry_id as main_entry_id ", "SELECT {$useAsSortSubQuery}, main.entry_id as main_entry_id ", $entryIdQuery);
// sorts as text which will screw up number fields
$thisOrderByClause = " ORDER BY usethissort {$sortOrder} ";
} else {
$thisOrderByClause = $orderByClause;
}
$entryIdQuery .= " {$thisOrderByClause} {$limitClause}";
$entryIdResult = $xoopsDB->query($entryIdQuery);
$start = true;
while ($entryIdValue = $xoopsDB->fetchArray($entryIdResult)) {
$limitByEntryId .= !$start ? " OR " : "";
$limitByEntryId .= "main.entry_id = " . $entryIdValue['main_entry_id'];
$start = false;
}
$limitByEntryId .= ") ";
if (!$start) {
$limitClause = "";
// nullify the existing limitClause since we don't want to use it in the actual query
} else {
$limitByEntryId = "";
}
}
$selectClause = "";
$sqlFilterElements = array();
if ($filterElements) {
// THIS IS HIGHLY EXPERIMENTAL...BECAUSE THE PROCESSING OF DATASETS RELIES RIGHT NOW ON METADATA BEING PRESENT AT THE FRONT OF EACH SET OF FIELDS, THERE IS FURTHER WORK REQUIRED TO MAKE THIS FUNCTION WITH THE CODE THAT PROCESSES ENTRIES
//print_r( $filterElements );
//print_r( $linkformids );
foreach ($filterElements as $passedForm => $passedElements) {
if ($passedForm == $fid) {
$formAlias = "main";
} else {
$keys = array_keys($linkformids, $passedForm);
//print_r( $keys );
$formAlias = "f" . $keys[0];
}
foreach ($passedElements as $thisPassedElement) {
$sqlFilterElements[] = $formAlias . ".`" . formulize_db_escape($thisPassedElement) . "`";
}
}
}
if (count($sqlFilterElements) > 0) {
$selectClause = implode(",", $sqlFilterElements);
} else {
$selectClause = "main.entry_id AS main_entry_id, main.creation_uid AS main_creation_uid, main.mod_uid AS main_mod_uid, main.creation_datetime AS main_creation_datetime, main.mod_datetime AS main_mod_datetime, main.* {$linkSelect}";
}
// if this is being done for gathering calculations, and the calculation is requested on the one side of a one to many/many to one relationship, then we will need to use different SQL to avoid duplicate values being returned by the database
// note: when the main form is on the many side of the relationship, then we need to do something rather different...not sure what it is yet...the SQL as prepared is based on the calculation field and the main form being the one side (and so both are called main), but when field is on one side and main form is many side, then the aliases don't match, and scopefilter issues abound.
// NOTE: Oct 17 2011 - the $oneSideSQL is also used when there are multiple linked subforms, since the exists structure is efficient compared to multiple joins
$oneSideSQL = " FROM " . DBPRE . "formulize_" . $formObject->getVar('form_handle') . " AS main {$userJoinText} WHERE main.entry_id>0 {$scopeFilter} ";
// does the mainFormWhereClause need to be used here too? Needs to be tested. -- further note: Oct 17 2011 -- appears oneSideFilters[fid] is the same as the mainformwhereclause
$oneSideSQL .= $existsJoinText ? " AND ({$existsJoinText}) " : "";
if (count($oneSideFilters[$fid]) > 0) {
foreach ($oneSideFilters[$fid] as $thisOneSideFilter) {
$oneSideSQL .= " {$andor} ( {$thisOneSideFilter} ) ";
// properly introduce these filters...need to move $andor to a higher level and put this inside ( ) ?? or maybe this just all gets redone if/when the OR bug is fixed (see big note up where oneSideFilters are first received from parseFilter function)
}
}
$oneSideSQL .= isset($perGroupFiltersPerForms[$fid]) ? $perGroupFiltersPerForms[$fid] : "";
$restOfTheSQL = " FROM " . DBPRE . "formulize_" . $formObject->getVar('form_handle') . " AS main {$userJoinText} {$joinText} {$otherPerGroupFilterJoins} WHERE main.entry_id>0 {$whereClause} {$scopeFilter} {$perGroupFilter} {$otherPerGroupFilterWhereClause} {$limitByEntryId} {$orderByClause} ";
$restOfTheSQLForExport = " FROM " . DBPRE . "formulize_" . $formObject->getVar('form_handle') . " AS main {$userJoinText} {$joinText} {$otherPerGroupFilterJoins} WHERE main.entry_id>0 {$whereClause} {$scopeFilter} {$perGroupFilter} {$otherPerGroupFilterWhereClause} {$orderByClause} ";
// don't use limitByEntryId since exports include all entries
if (count($linkformids) > 1) {
// AND $dummy == "never") { // when there is more than 1 joined form, we can get an exponential explosion of records returned, because SQL will give you all combinations of the joins
if (!$sortIsOnMain) {
$orderByToUse = " ORDER BY usethissort {$sortOrder} ";
$useAsSortSubQuery = " @rownum:=@rownum+1, {$useAsSortSubQuery},";
// need to add a counter as the first field, used as the master sorting key
} else {
$orderByToUse = $orderByClause;
$useAsSortSubQuery = " @rownum:=@rownum+1, ";
// need to add a counter as the first field, used as the master sorting key
}
$oneSideSQLToUse = str_replace(" AS main {$userJoinText}", " AS main JOIN (SELECT @rownum := 0) as r {$userJoinText}", $oneSideSQL);
// need to add the initialization of the rownum, which is what we use as the master sorting key
$masterQuerySQL = "SELECT {$useAsSortSubQuery} main.entry_id {$oneSideSQLToUse} {$limitByEntryId} {$orderByToUse} ";
$masterQuerySQLForExport = "SELECT {$useAsSortSubQuery} main.entry_id {$oneSideSQLToUse} {$orderByToUse} ";
// no limit by entry id, since all entries should be included in exports
if (!$resultOnly) {
// so let's build a temp table with the unique entry ids in the forms that we care about, and then query each linked form separately for its records, so that we end up processing as few result rows as possible
$masterQuerySQL = "INSERT INTO " . DBPRE . "formulize_temp_extract_REPLACEWITHTIMESTAMP {$masterQuerySQL} ";
$masterQuerySQLForExport = "INSERT INTO " . DBPRE . "formulize_temp_extract_REPLACEWITHTIMESTAMP {$masterQuerySQLForExport} ";
}
} else {
$masterQuerySQL = "SELECT {$selectClause}, usertable.email AS main_email, usertable.user_viewemail AS main_user_viewemail {$restOfTheSQL} ";
$masterQuerySQLForExport = "SELECT {$selectClause}, usertable.email AS main_email, usertable.user_viewemail AS main_user_viewemail {$restOfTheSQLForExport} ";
}
$GLOBALS['formulize_queryForCalcs'] = " FROM " . DBPRE . "formulize_" . $formObject->getVar('form_handle') . " AS main {$userJoinText} {$joinText} WHERE main.entry_id>0 {$whereClause} {$scopeFilter} ";
$GLOBALS['formulize_queryForCalcs'] .= isset($perGroupFiltersPerForms[$fid]) ? $perGroupFiltersPerForms[$fid] : "";
$GLOBALS['formulize_queryForOneSideCalcs'] = $oneSideSQL;
if ($GLOBALS['formulize_returnAfterSettingBaseQuery']) {
return true;
}
// if we are only setting up calculations, then return now that the base query is built
$sortIsOnMainFlag = $sortIsOnMain ? 1 : 0;
// need to include the query first, so the SELECT or INSERT is the first thing in the string, so we catch it properly when coming back through the export process
$GLOBALS['formulize_queryForExport'] = $masterQuerySQLForExport . " -- SEPARATOR FOR EXPORT QUERIES -- " . $sortIsOnMainFlag;
// "$selectClauseToUse FROM " . DBPRE . "formulize_" . $formObject->getVar('form_handle') . " AS main $userJoinText $joinText $otherPerGroupFilterJoins WHERE main.entry_id>0 $whereClause $scopeFilter $perGroupFilter $otherPerGroupFilterWhereClause $limitByEntryId $orderByClause $limitClause";
} else {
// end of if the filter has a SELECT in it
if (strstr($filter, " -- SEPARATOR FOR EXPORT QUERIES -- ")) {
$exportOverrideQueries = explode(" -- SEPARATOR FOR EXPORT QUERIES -- ", $filter);
$masterQuerySQL = $exportOverrideQueries[0];
$sortIsOnMain = $exportOverrideQueries[1];
} else {
$masterQuerySQL = $filter;
// need to split this based on some separator, because export ends up passing in a series of statements
}
}
// after the export query has been generated, then let's put the limit on:
$masterQuerySQL .= $limitClause;
/*global $xoopsUser;
if($xoopsUser->getVar('uid') == 4613) {
$queryTime = $afterQueryTime - $beforeQueryTime;
print "Query time: " . $queryTime . "<br>";
}*/
debug_memory("After retrieving mainresults");
// Debug Code
//global $xoopsUser;
//if($xoopsUser->getVar('uid') == 1) {
// print "<br>Count query: $countMasterResults<br><br>";
// print "Master query: $masterQuerySQL<br>";
//}
formulize_benchmark("Before query");
if (count($linkformids) > 1) {
// AND $dummy=="never") { // when there is more than 1 joined form, we can get an exponential explosion of records returned, because SQL will give you all combinations of the joins, so we create a series of queries that will each handle the main form plus one of the linked forms, then we put all the data together into a single result set below
if ($resultOnly) {
$masterQueryRes = $xoopsDB->query($masterQuerySQL);
} else {
$timestamp = str_replace(".", "", microtime(true));
if (!$sortIsOnMain) {
$creatTableSQL = "CREATE TABLE " . DBPRE . "formulize_temp_extract_{$timestamp} ( `mastersort` BIGINT(11), `throwaway_sort_values` BIGINT(11), `entry_id` BIGINT(11), PRIMARY KEY (`mastersort`), INDEX i_entry_id (`entry_id`) ) ENGINE=MyISAM;";
// when the sort is not on the main form, then we are including a special field in the select statement that we sort it by, so that the order is correct, and so it has to have a place to get inserted here
} else {
$creatTableSQL = "CREATE TABLE " . DBPRE . "formulize_temp_extract_{$timestamp} ( `mastersort` BIGINT(11), `entry_id` BIGINT(11), PRIMARY KEY (`mastersort`), INDEX i_entry_id (`entry_id`) ) ENGINE=MyISAM;";
}
$createTableRes = $xoopsDB->queryF($creatTableSQL);
$gatherIdsRes = $xoopsDB->queryF(str_replace("REPLACEWITHTIMESTAMP", $timestamp, $masterQuerySQL));
$linkQueryRes = array();
if (isset($exportOverrideQueries[2])) {
for ($i = 2; $i < count($exportOverrideQueries); $i++) {
$sql = str_replace("REPLACEWITHTIMESTAMP", $timestamp, $exportOverrideQueries[$i]);
$linkQueryRes[] = $xoopsDB->query($sql);
}
} else {
// FURTHER OPTIMIZATIONS ARE POSSIBLE HERE...WE COULD NOT INCLUDE THE MAIN FORM AGAIN IN ALL THE SELECTS, THAT WOULD IMPROVE THE PROCESSING TIME A BIT, BUT WE WOULD HAVE TO CAREFULLY REFACTOR MORE OF THE LOOPING CODE BELOW THAT PARSES THE ENTRIES, BECAUSE RIGHT NOW IT'S ASSUMING THE FULL MAIN ENTRY IS PRESENT. AT LEAST THE MAIN ENTRY ID WOULD NEED TO STILL BE USED, SINCE WE USE THAT TO SYNCH UP ALL THE ENTRIES FROM THE OTHER FORMS.
foreach ($linkformids as $linkId => $thisLinkFid) {
$linkQuery = "SELECT\r\n main.entry_id AS main_entry_id, main.creation_uid AS main_creation_uid, main.mod_uid AS main_mod_uid, main.creation_datetime AS main_creation_datetime, main.mod_datetime AS main_mod_datetime, main.*, " . $linkSelectIndex[$thisLinkFid] . ", usertable.email AS main_email, usertable.user_viewemail AS main_user_viewemail FROM " . DBPRE . "formulize_" . $formObject->getVar('form_handle') . " AS main\r\n LEFT JOIN " . DBPRE . "users AS usertable ON main.creation_uid=usertable.uid\r\n LEFT JOIN " . $joinTextTableRef[$thisLinkFid] . $joinTextIndex[$thisLinkFid] . "\r\n INNER JOIN " . DBPRE . "formulize_temp_extract_REPLACEWITHTIMESTAMP as sort_and_limit_table ON main.entry_id = sort_and_limit_table.entry_id ";
if (isset($oneSideFilters[$thisLinkFid]) and is_array($oneSideFilters[$thisLinkFid])) {
$start = true;
foreach ($oneSideFilters[$thisLinkFid] as $thisOneSideFilter) {
if (!$start) {
$linkQuery .= " AND ( {$thisOneSideFilter} ) ";
} else {
$linkQuery .= " WHERE ( {$thisOneSideFilter} ) ";
$start = false;
}
}
}
$linkQuery .= " ORDER BY sort_and_limit_table.mastersort";
$linkQueryRes[] = $xoopsDB->query(str_replace("REPLACEWITHTIMESTAMP", $timestamp, $linkQuery));
$GLOBALS['formulize_queryForExport'] .= " -- SEPARATOR FOR EXPORT QUERIES -- " . $linkQuery;
}
}
$dropRes = $xoopsDB->queryF("DROP TABLE " . DBPRE . "formulize_temp_extract_{$timestamp}");
}
} else {
$masterQueryRes = $xoopsDB->query($masterQuerySQL);
}
if ($resultOnly) {
if ($masterQueryRes) {
if ($xoopsDB->getRowsNum($masterQueryRes) > 0) {
return $masterQueryRes;
} else {
return false;
}
}
}
formulize_benchmark("After query");
// need to calculate the derived value metadata
// 1. figure out which fields in the included forms have derived values
// 2. setup the metadata for those fields, according to the order they appear
// -- metadata should be: formhandle (title or framework formhandle), formula, handle (element handle or framework handle)
// 3. call the derived value function from inside the main loop
$linkFormIdsFilter = "";
if ($frid) {
$linkFormIdsFilter = (is_array($linkformids) and count($linkformids) > 0) ? " OR t1.id_form IN (" . implode(",", $linkformids) . ") " : "";
}
$sql = "SELECT t1.ele_value, t2.desc_form, t1.ele_handle, t2.id_form FROM " . DBPRE . "formulize as t1, " . DBPRE . "formulize_id as t2 WHERE t1.ele_type='derived' AND (t1.id_form='{$fid}' {$linkFormIdsFilter} ) AND t1.id_form=t2.id_form ORDER BY t1.ele_order";
$derivedFieldMetadata = array();
if ($res = $xoopsDB->query($sql)) {
if ($xoopsDB->getRowsNum($res) > 0) {
$multipleIndexer = array();
while ($row = $xoopsDB->fetchRow($res)) {
$ele_value = unserialize($row[0]);
// derived fields have ele_value as an array with only one element (that was done to future proof the data model, so we could add other things to ele_value if necessary)
if (!isset($multipleIndexer[$row[1]])) {
$multipleIndexer[$row[1]] = 0;
}
$derivedFieldMetadata[$row[1]][$multipleIndexer[$row[1]]]['formula'] = $ele_value[0];
// use row[1] (the form handle) as the key, so we can eliminate some looping later on
$derivedFieldMetadata[$row[1]][$multipleIndexer[$row[1]]]['handle'] = $row[2];
$derivedFieldMetadata[$row[1]][$multipleIndexer[$row[1]]]['form_id'] = $row[3];
$multipleIndexer[$row[1]]++;
}
}
} else {
print "Error: could not check to see if there were derived value elements in one or more forms. SQL:<br>{$sql}";
}
if (count($linkformids) > 1) {
// AND $dummy == "never") {
// this is a refactoring of the original code that is in the else part of this structure.
// it's virtually the same, except for the part that sets the $masterIndexer, since we will need to reuse masterindex positions when parsing subsequent queries, so we don't just increment the $masterIndexer
// Also, derived value formulas are processed all at the end, because until we've parsed the last query, we don't have a complete set of data for any record in the masterResults array
// once this is proven stable, we should refactor this into a function and have a more unified/common way of parsing query results, but for now we'll keep it split out since we know the old way works intact in its current form and this new one is a little bit experimental
// we need to loop through all the query results that were generated above, and gradually build up the same full results array out of them
// then we also need to loop through all main entries one more time once we're done building, and set all the derived values
// this is done to avoid an exponential explosion of results in the SQL, and instead we only have a linear progression of results to parse
$masterResults = array();
$masterIndexer = -1;
$writtenMains = array();
$masterQueryArrayIndex = array();
foreach ($linkQueryRes as $thisRes) {
// loop through the found data and create the dataset array in "getData" format
$prevFieldNotMeta = true;
$prevFormAlias = "";
$prevMainId = "";
while ($masterQueryArray = $xoopsDB->fetchArray($thisRes)) {
foreach ($masterQueryArray as $field => $value) {
if ($field == "entry_id" or $field == "creation_uid" or $field == "mod_uid" or $field == "creation_datetime" or $field == "mod_datetime" or $field == "main_email" or $field == "main_user_viewemail") {
continue;
}
// ignore those plain fields, since we can only work with the ones that are properly aliased to their respective tables. More details....Must refer to metadata fields by aliases only! since * is included in SQL syntax, fetch_assoc will return plain column names from all forms with the values from those columns.....Also want to ignore the email fields, since the fact they're prefixed with "main" can throwoff the calculation of which entry we're currently writing
if (strstr($field, "creation_uid") or strstr($field, "creation_datetime") or strstr($field, "mod_uid") or strstr($field, "mod_datetime") or strstr($field, "entry_id")) {
// dealing with a new metadata field
$fieldNameParts = explode("_", $field);
// We account for a mainform entry appearing multiple times in the list, because when there are multiple entries in a subform, and SQL returns one row per subform, we need to not change the main form and internal record until we pass to a new mainform entry
if ($prevFieldNotMeta) {
// only do once for each form
$curFormId = $fieldNameParts[0] == "main" ? $fid : $linkformids[substr($fieldNameParts[0], 1)];
// the table aliases are based on the keys of the linked forms in the linkformids array, so if we get the number out of the table alias, that key will give us the form id of the linked form as stored in the linkformids array
$prevFormAlias = $curFormAlias;
$curFormAlias = $fieldNameParts[0];
if ($prevFormAlias == "main") {
// if we just finished up a main form entry, then log that
$writtenMains[$prevMainId] = true;
}
//print "curFormAlias: $curFormAlias<br>prevMainId: $prevMainId<br>current main id: ". $masterQueryArray['main_entry_id'] . "<br><br>";
if ($curFormAlias == "main" and $prevMainId != $masterQueryArray['main_entry_id']) {
if ($writtenMains[$masterQueryArray['main_entry_id']]) {
$masterIndexer = $masterQueryArrayIndex[$masterQueryArray['main_entry_id']];
// use the master index value for this main entry id if we've already logged it
} else {
$masterIndexer = count($masterResults);
// use the next available number for the master indexer
$masterQueryArrayIndex[$masterQueryArray['main_entry_id']] = $masterIndexer;
// log it so we can reuse it for this entry when it comes up in another query
}
$prevMainId = $masterQueryArray['main_entry_id'];
// if the current form is a main, then store it's ID for use later when we're on a new form
}
}
$prevFieldNotMeta = false;
// setup handles to use for metadata fields
if ($curFormAlias == "main") {
if ($field == "main_creation_uid" or $field == "main_mod_uid" or $field == "main_creation_datetime" or $field == "main_mod_datetime" or $field == "main_entry_id") {
$elementHandle = $fieldNameParts[1] . "_" . $fieldNameParts[2];
}
} else {
continue;
// do not include metadata from the linked forms, or anything else (such as email, etc)
}
} elseif (!strstr($field, "main_email") and !strstr($field, "main_user_viewemail")) {
// dealing with a regular element field
$prevFieldNotMeta = true;
$elementHandle = $field;
} else {
// it's some other field...
continue;
}
// Check to see if this is a main entry that has already been catalogued, and if so, then skip it
if ($curFormAlias == "main" and isset($writtenMains[$masterQueryArray['main_entry_id']])) {
continue;
}
//print "<br>$curFormAlias - $field: $value<br>"; // debug line
formulize_benchmark("preping value...");
$valueArray = prepvalues($value, $elementHandle, $masterQueryArray[$curFormAlias . "_entry_id"]);
// note...metadata fields must not be in an array for compatibility with the 'display' function...not all values returned will actually be arrays, but if there are multiple values in a cell, then those will be arrays
formulize_benchmark("done preping value");
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]][$elementHandle] = $valueArray;
if ($elementHandle == "creation_uid" or $elementHandle == "mod_uid" or $elementHandle == "creation_datetime" or $elementHandle == "mod_datetime" or $elementHandle == "entry_id") {
// add in the creator_email when we have done the creation_uid
if ($elementHandle == "creation_uid") {
if (!isset($is_webmaster)) {
global $xoopsUser;
if (is_object($xoopsUser)) {
// determine if the user is a webmaster, in order to control whether the e-mail addresses should be shown or not
$is_webmaster = in_array(XOOPS_GROUP_ADMIN, $xoopsUser->getGroups()) ? true : false;
$gperm_handler =& xoops_gethandler('groupperm');
$view_private_fields = $gperm_handler->checkRight("view_private_elements", $fid, $xoopsUser->getGroups(), getFormulizeModId());
$this_userid = $xoopsUser->getVar('uid');
} else {
$view_private_fields = false;
$is_webmaster = false;
$this_userid = 0;
}
}
if ($is_webmaster or $view_private_fields or $masterQueryArray['main_user_viewemail'] or $masterQueryArray['main_creation_uid'] == $this_userid) {
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]]['creator_email'] = $masterQueryArray['main_email'];
} else {
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]]['creator_email'] = "";
}
}
// for backwards compatibility, replicate the old metadata fields
switch ($elementHandle) {
case "creation_uid":
$old_meta = "uid";
break;
case "mod_uid":
$old_meta = "proxyid";
break;
case "creation_datetime":
$old_meta = "creation_date";
break;
case "mod_datetime":
$old_meta = "mod_date";
break;
}
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]][$old_meta] = $valueArray;
}
}
// end of foreach field loop within a record
}
// end of main while loop for all records
}
// end of foreach linked query result
if (count($derivedFieldMetadata) > 0 and $masterIndexer > -1) {
// if there is derived value info for this data set and we have started to create values...need to do this one more time for the last value that we would have gathered data for...
foreach ($masterResults as $masterIndex => $thisRecord) {
$masterResults[$masterIndex] = formulize_calcDerivedColumns($thisRecord, $derivedFieldMetadata, $frid, $fid);
}
}
} else {
// loop through the found data and create the dataset array in "getData" format
$prevFieldNotMeta = true;
$masterIndexer = -1;
$writtenMains = array();
$prevFormAlias = "";
$prevMainId = "";
//formulize_benchmark("About to prepare results.");
while ($masterQueryArray = $xoopsDB->fetchArray($masterQueryRes)) {
set_time_limit(120);
//formulize_benchmark("Starting to process one entry.");
foreach ($masterQueryArray as $field => $value) {
//formulize_benchmark("Starting to process one value");
if ($field == "entry_id" or $field == "creation_uid" or $field == "mod_uid" or $field == "creation_datetime" or $field == "mod_datetime" or $field == "main_email" or $field == "main_user_viewemail") {
continue;
}
// ignore those plain fields, since we can only work with the ones that are properly aliased to their respective tables. More details....Must refer to metadata fields by aliases only! since * is included in SQL syntax, fetch_assoc will return plain column names from all forms with the values from those columns.....Also want to ignore the email fields, since the fact they're prefixed with "main" can throwoff the calculation of which entry we're currently writing
if (strstr($field, "creation_uid") or strstr($field, "creation_datetime") or strstr($field, "mod_uid") or strstr($field, "mod_datetime") or strstr($field, "entry_id")) {
//formulize_benchmark("Starting to process metadata");
// dealing with a new metadata field
$fieldNameParts = explode("_", $field);
// We account for a mainform entry appearing multiple times in the list, because when there are multiple entries in a subform, and SQL returns one row per subform, we need to not change the main form and internal record until we pass to a new mainform entry
if ($prevFieldNotMeta) {
// only do once for each form
$curFormId = $fieldNameParts[0] == "main" ? $fid : $linkformids[substr($fieldNameParts[0], 1)];
// the table aliases are based on the keys of the linked forms in the linkformids array, so if we get the number out of the table alias, that key will give us the form id of the linked form as stored in the linkformids array
$prevFormAlias = $curFormAlias;
$curFormAlias = $fieldNameParts[0];
if ($prevFormAlias == "main") {
// if we just finished up a main form entry, then log that
$writtenMains[$prevMainId] = true;
}
//print "curFormAlias: $curFormAlias<br>prevMainId: $prevMainId<br>current main id: ". $masterQueryArray['main_entry_id'] . "<br><br>";
if ($curFormAlias == "main" and $prevMainId != $masterQueryArray['main_entry_id']) {
//formulize_benchmark("Done entry, ready to do derived values.");
// now that the entire entry has been processed, do the derived values for it
if (count($derivedFieldMetadata) > 0 and $masterIndexer > -1) {
// if there is derived value info for this data set and we have started to create values...
//print "fid: $fid<br>";
//print "frid: $frid<br>";
formulize_benchmark("before doing derived...");
$masterResults[$masterIndexer] = formulize_calcDerivedColumns($masterResults[$masterIndexer], $derivedFieldMetadata, $frid, $fid);
formulize_benchmark("after doing derived");
}
$masterIndexer++;
// If this is a new main entry, then increment the masterIndexer, since the masterIndexer is used to uniquely identify each main entry
$prevMainId = $masterQueryArray['main_entry_id'];
// if the current form is a main, then store it's ID for use later when we're on a new form
}
}
$prevFieldNotMeta = false;
// setup handles to use for metadata fields
if ($curFormAlias == "main") {
if ($field == "main_creation_uid" or $field == "main_mod_uid" or $field == "main_creation_datetime" or $field == "main_mod_datetime" or $field == "main_entry_id") {
$elementHandle = $fieldNameParts[1] . "_" . $fieldNameParts[2];
} else {
continue;
// do not include main_entry_id as a value in the array...though it should not be in here anyway now that we're checking with strstr for metadata field names above
}
} else {
continue;
// do not include metadata from the linked forms, or anything else (such as email, etc)
}
} elseif (!strstr($field, "main_email") and !strstr($field, "main_user_viewemail")) {
// dealing with a regular element field
$prevFieldNotMeta = true;
$elementHandle = $field;
} else {
// it's some other field
continue;
}
// Check to see if this is a main entry that has already been catalogued, and if so, then skip it
if ($curFormAlias == "main" and isset($writtenMains[$masterQueryArray['main_entry_id']])) {
continue;
}
//print "<br>$curFormAlias - $field: $value<br>"; // debug line
formulize_benchmark("preping value...");
$valueArray = prepvalues($value, $elementHandle, $masterQueryArray[$curFormAlias . "_entry_id"]);
// note...metadata fields must not be in an array for compatibility with the 'display' function...not all values returned will actually be arrays, but if there are multiple values in a cell, then those will be arrays
formulize_benchmark("done preping value");
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]][$elementHandle] = $valueArray;
if ($elementHandle == "creation_uid" or $elementHandle == "mod_uid" or $elementHandle == "creation_datetime" or $elementHandle == "mod_datetime" or $elementHandle == "entry_id") {
// add in the creator_email when we have done the creation_uid
if ($elementHandle == "creation_uid") {
if (!isset($is_webmaster)) {
global $xoopsUser;
if (is_object($xoopsUser)) {
// determine if the user is a webmaster, in order to control whether the e-mail addresses should be shown or not
$is_webmaster = in_array(XOOPS_GROUP_ADMIN, $xoopsUser->getGroups()) ? true : false;
$gperm_handler =& xoops_gethandler('groupperm');
$view_private_fields = $gperm_handler->checkRight("view_private_elements", $fid, $xoopsUser->getGroups(), getFormulizeModId());
$this_userid = $xoopsUser->getVar('uid');
} else {
$view_private_fields = false;
$is_webmaster = false;
$this_userid = 0;
}
}
if ($is_webmaster or $view_private_fields or $masterQueryArray['main_user_viewemail'] or $masterQueryArray['main_creation_uid'] == $this_userid) {
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]]['creator_email'] = $masterQueryArray['main_email'];
} else {
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]]['creator_email'] = "";
}
}
// for backwards compatibility, replicate the old metadata fields
switch ($elementHandle) {
case "creation_uid":
$old_meta = "uid";
break;
case "mod_uid":
$old_meta = "proxyid";
break;
case "creation_datetime":
$old_meta = "creation_date";
break;
case "mod_datetime":
$old_meta = "mod_date";
break;
}
$masterResults[$masterIndexer][getFormTitle($curFormId)][$masterQueryArray[$curFormAlias . "_entry_id"]][$old_meta] = $valueArray;
}
}
// end of foreach field loop within a record
}
// end of main while loop for all records
if (count($derivedFieldMetadata) > 0 and $masterIndexer > -1) {
// if there is derived value info for this data set and we have started to create values...need to do this one more time for the last value that we would have gathered data for...
//print "fid: $fid<br>";
//print "frid: $frid<br>";
$masterResults[$masterIndexer] = formulize_calcDerivedColumns($masterResults[$masterIndexer], $derivedFieldMetadata, $frid, $fid);
}
}
// end if if there's more the 1 linked fid
return $masterResults;
}
function displayForm($formframe, $entry = "", $mainform = "", $done_dest = "", $button_text = "", $settings = "", $titleOverride = "", $overrideValue = "", $overrideMulti = "", $overrideSubMulti = "", $viewallforms = 0, $profileForm = 0, $printall = 0, $screen = null)
{
include_once XOOPS_ROOT_PATH . '/modules/formulize/include/functions.php';
include_once XOOPS_ROOT_PATH . '/modules/formulize/include/extract.php';
formulize_benchmark("Start of formDisplay.");
if ($titleOverride == "formElementsOnly") {
$titleOverride = "all";
$formElementsOnly = true;
}
if (!is_numeric($titleOverride) and $titleOverride != "" and $titleOverride != "all") {
// we can pass in a text title for the form, and that will cause the $titleOverride "all" behaviour to be invoked, and meanwhile we will use this title for the top of the form
$passedInTitle = $titleOverride;
$titleOverride = "all";
}
//syntax:
//displayform($formframe, $entry, $mainform)
//$formframe is the id of the form OR title of the form OR name of the framework. Can also be an array. If it is an array, then flag 'formframe' is the $formframe variable, and flag 'elements' is an array of all the elements that are to be displayed.
//the array option is intended for displaying only part of a form at a time
//$entry is the numeric entry to display in the form -- if $entry is the word 'proxy' then it is meant to force a new form entry when the form is a single-entry form that the user already may have an entry in
//$mainform is the starting form to use, if this is a framework (can be specified by form id or by handle)
//$done_dest is the URL to go to after the form has been submitted
//Steps:
//1. identify form or framework
//2. if framework, check for unified display options
//3. if entry specified, then get data for that entry
//4. drawform with data if necessary
global $xoopsDB, $xoopsUser, $myts;
global $sfidsDrawn;
if (!is_array($sfidsDrawn)) {
$sfidsDrawn = array();
}
$groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS);
$original_entry = $entry;
// flag used to tell whether the function was called with an actual entry specified, ie: we're supposed to be editing this entry, versus the entry being set by coming back form a sub_form or other situation.
$mid = getFormulizeModId();
$currentURL = getCurrentURL();
/* Alter currentURL if necessary.
* Display list of entries screen on-click of form buttons "Save and Leave" and "Leave Page".
*/
if (isset($_GET['sid'])) {
$curr_screen = xoops_getmodulehandler('screen', 'formulize')->get($_GET['sid']);
if ($curr_screen->getVar('type') == 'form') {
$currentURL = $_SERVER['PHP_SELF'] . "?fid=" . $curr_screen->form_id();
}
} elseif (isset($_GET['ve']) && isset($_GET['fid'])) {
$currentURL = $_SERVER['PHP_SELF'] . "?fid=" . $_GET['fid'];
}
// identify form or framework
$elements_allowed = "";
// if a screen object is passed in, select the elements for display based on the screen's settings
if ($screen and is_a($screen, "formulizeFormScreen")) {
$elements_allowed = $screen->getVar("formelements");
}
if (is_array($formframe)) {
$elements_allowed = $formframe['elements'];
$printViewPages = isset($formframe['pages']) ? $formframe['pages'] : "";
$printViewPageTitles = isset($formframe['pagetitles']) ? $formframe['pagetitles'] : "";
$formframetemp = $formframe['formframe'];
unset($formframe);
$formframe = $formframetemp;
}
list($fid, $frid) = getFormFramework($formframe, $mainform);
if ($_POST['deletesubsflag']) {
// if deletion of sub entries requested
foreach ($_POST as $k => $v) {
if (strstr($k, "delbox")) {
$subs_to_del[] = $v;
}
}
if (count($subs_to_del) > 0) {
deleteFormEntries($subs_to_del, intval($_POST['deletesubsflag']));
// deletesubsflag will be the sub form id
sendNotifications($_POST['deletesubsflag'], "delete_entry", $subs_to_del, $mid, $groups);
}
}
if ($_POST['parent_form']) {
// if we're coming back from a subform
$entry = $_POST['parent_entry'];
$fid = $_POST['parent_form'];
}
if ($_POST['go_back_form']) {
// we just received a subform submission
$entry = $_POST['sub_submitted'];
$fid = $_POST['sub_fid'];
$go_back['form'] = $_POST['go_back_form'];
$go_back['entry'] = $_POST['go_back_entry'];
}
// set $entry in the case of a form_submission where we were editing an entry (just in case that entry is not what is used to call this function in the first place -- ie: we're on a subform and the mainform has no entry specified, or we're clicking submit over again on a single-entry form where we started with no entry)
$entrykey = "entry" . $fid;
if ((!$entry or $entry == "proxy") and $_POST[$entrykey]) {
// $entrykey will only be set when *editing* an entry, not on new saves
$entry = $_POST[$entrykey];
}
// this is probably not necessary any more, due to architecture changes in Formulize 3
// formulize_newEntryIds is set when saving data
if (!$entry and isset($GLOBALS['formulize_newEntryIds'][$fid])) {
$entry = $GLOBALS['formulize_newEntryIds'][$fid][0];
}
$member_handler =& xoops_gethandler('member');
$gperm_handler =& xoops_gethandler('groupperm');
if ($profileForm === "new") {
// spoof the $groups array based on the settings for the regcode that has been validated by register.php
$reggroupsq = q("SELECT reg_codes_groups FROM " . XOOPS_DB_PREFIX . "_reg_codes WHERE reg_codes_code=\"" . $GLOBALS['regcode'] . "\"");
$groups = explode("&8(%\$", $reggroupsq[0]['reg_codes_groups']);
if ($groups[0] === "") {
unset($groups);
}
// if a code has no groups associated with it, then kill the null value that will be in position 0 in the groups array.
$groups[] = XOOPS_GROUP_USERS;
$groups[] = XOOPS_GROUP_ANONYMOUS;
}
$uid = $xoopsUser ? $xoopsUser->getVar('uid') : '0';
$single_result = getSingle($fid, $uid, $groups, $member_handler, $gperm_handler, $mid);
$single = $single_result['flag'];
// if we're looking at a single entry form with no entry specified and where the user has no entry of their own, or it's an anonymous user, then set the entry based on a cookie if one is present
// want to do this check here and override $entry prior to the security check since we don't like trusting cookies!
$cookie_entry = (isset($_COOKIE['entryid_' . $fid]) and !$entry and $single and ($single_result['entry'] == "" or intval($uid) === 0)) ? $_COOKIE['entryid_' . $fid] : "";
include_once XOOPS_ROOT_PATH . "/modules/formulize/class/data.php";
$data_handler = new formulizeDataHandler($fid);
if ($cookie_entry) {
// check to make sure the cookie_entry exists...
//$check_cookie_entry = q("SELECT id_req FROM " . $xoopsDB->prefix("formulize_form") . " WHERE id_req=" . intval($cookie_entry));
//if($check_cookie_entry[0]['id_req'] > 0) {
if ($data_handler->entryExists(intval($cookie_entry))) {
$entry = $cookie_entry;
} else {
$cookie_entry = "";
}
}
$owner = ($cookie_entry and $uid) ? $uid : getEntryOwner($entry, $fid);
// if we're pulling a cookie value and there is a valid UID in effect, then assume this user owns the entry, otherwise, figure out who does own the entry
$owner_groups = $data_handler->getEntryOwnerGroups($entry);
if ($single and !$entry and !$overrideMulti and $profileForm !== "new") {
// only adjust the active entry if we're not already looking at an entry, and there is no overrideMulti which can be used to display a new blank form even on a single entry form -- useful for when multiple anonymous users need to be able to enter information in a form that is "one per user" for registered users. -- the pressence of a cookie on the hard drive of a user will override other settings
$entry = $single_result['entry'];
$owner = getEntryOwner($entry, $fid);
unset($owner_groups);
//$owner_groups =& $member_handler->getGroupsByUser($owner, FALSE);
$owner_groups = $data_handler->getEntryOwnerGroups($entry);
}
if ($entry == "proxy") {
$entry = "";
}
// convert the proxy flag to the actual null value expected for new entry situations (do this after the single check!)
$editing = is_numeric($entry);
// will be true if there is an entry we're looking at already
if (!($scheck = security_check($fid, $entry, $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms and !$profileForm) {
print "<p>" . _NO_PERM . "</p>";
return;
}
// main security check passed, so let's initialize flags
$go_back['url'] = substr($done_dest, 0, 1) == "/" ? XOOPS_URL . $done_dest : $done_dest;
// set these arrays for the one form, and they are added to by the framework if it is in effect
$fids[0] = $fid;
if ($entry) {
$entries[$fid][0] = $entry;
} else {
$entries[$fid][0] = "";
}
if ($frid) {
$linkResults = checkForLinks($frid, $fids, $fid, $entries, $gperm_handler, $owner_groups, $mid, $member_handler, $owner, true);
// final true means only include entries from unified display linkages
unset($entries);
unset($fids);
$fids = $linkResults['fids'];
$entries = $linkResults['entries'];
$sub_fids = $linkResults['sub_fids'];
$sub_entries = $linkResults['sub_entries'];
}
// need to handle submission of entries
$formulize_mgr =& xoops_getmodulehandler('elements', 'formulize');
$info_received_msg = 0;
$info_continue = 0;
if ($entries[$fid][0]) {
$info_continue = 1;
}
$add_own_entry = $gperm_handler->checkRight("add_own_entry", $fid, $groups, $mid);
$add_proxy_entries = $gperm_handler->checkRight("add_proxy_entries", $fid, $groups, $mid);
if ($_POST['form_submitted'] and $profileForm !== "new" and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$info_received_msg = "1";
// flag for display of info received message
if (!isset($GLOBALS['formulize_readElementsWasRun'])) {
include_once XOOPS_ROOT_PATH . "/modules/formulize/include/readelements.php";
}
$temp_entries = $GLOBALS['formulize_allWrittenEntryIds'];
// set in readelements.php
if (!$formElementsOnly and ($single or $_POST['target_sub'] or $entries[$fid][0] and ($original_entry or $_POST[$entrykey] and !$_POST['back_from_sub']) or $overrideMulti or $_POST['go_back_form'] and $overrideSubMulti)) {
// if we just did a submission on a single form, or we just edited a multi, then assume the identity of the new entry. Can be overridden by values passed to this function, to force multi forms to redisplay the just-saved entry. Back_from_sub is used to override the override, when we're saving after returning from a multi-which is like editing an entry since entries are saved prior to going to a sub. -- Sept 4 2006: adding an entry in a subform forces us to stay on the same page too! -- Dec 21 2011: added check for !$formElementsOnly so that when we're getting just the elements in the form, we ignore any possible overriding, since that is an API driven situation where the called entry is the only one we want to display, period.
$entry = $temp_entries[$fid][0];
unset($entries);
foreach ($fids as $thisWrittenFid) {
$entries[$thisWrittenFid] = $temp_entries[$thisWrittenFid];
}
// also remove any fids that aren't part of the $temp_entries...added Oct 26 2011...checkforlinks now can return the mainform when we're on a sub! It's smarter, but displayForm (and possibly other places) were not built to assume it was that smart.
$writtenFids = array_keys($temp_entries);
$fids = array_intersect($fids, $writtenFids);
$owner = getEntryOwner($entry, $fid);
unset($owner_groups);
$owner_groups = $data_handler->getEntryOwnerGroups($entry);
//$owner_groups =& $member_handler->getGroupsByUser($owner, FALSE);
$info_continue = 1;
} elseif (!$_POST['target_sub']) {
// as long as the form was submitted and we're not going to a sub form, then display the info received message and carry on with a blank form
if (!$original_entry) {
// if we're on a multi-form where the display form function was called without an entry, then clear the entries and behave as if we're doing a new add
unset($entries);
unset($sub_entries);
$entries[$fid][0] = "";
$sub_entries[$sub_fids[0]][0] = "";
}
$info_continue = 2;
}
}
$sub_entries_synched = synchSubformBlankDefaults($fid, $entry);
foreach ($sub_entries_synched as $synched_sfid => $synched_ids) {
foreach ($synched_ids as $synched_id) {
$sub_entries[$synched_sfid][] = $synched_id;
}
}
if (count($sub_entries_synched) > 0) {
formulize_updateDerivedValues($entry, $fid, $frid);
}
// special use of $settings added August 2 2006 -- jwe -- break out of form if $settings so indicates
// used to allow saving of information when you don't want the form itself to reappear
if ($settings == "{RETURNAFTERSAVE}" and $_POST['form_submitted']) {
return "returning_after_save";
}
// need to add code here to switch some things around if we're on a subform for the first time (add)
// note: double nested sub forms will not work currently, since on the way back to the intermediate level, the go_back values will not be set correctly
// target_sub is only set when adding a sub entry, and adding sub entries is now down by the subform ui
//if($_POST['target_sub'] OR $_POST['goto_sfid']) {
if ($_POST['goto_sfid']) {
$info_continue = 0;
if ($_POST['goto_sfid']) {
$new_fid = $_POST['goto_sfid'];
} else {
$new_fid = $_POST['target_sub'];
}
$go_back['form'] = $fid;
$go_back['entry'] = $temp_entries[$fid][0];
unset($entries);
unset($fids);
unset($sub_fids);
unset($sub_entries);
$fid = $new_fid;
$fids[0] = $new_fid;
if ($_POST['target_sub']) {
// if we're adding a new entry
$entries[$new_fid][0] = "";
} else {
// if we're going to an existing entry
$entries[$new_fid][0] = $_POST['goto_sub'];
}
$entry = $entries[$new_fid][0];
$single_result = getSingle($fid, $uid, $groups, $member_handler, $gperm_handler, $mid);
$single = $single_result['flag'];
if ($single and !$entry) {
$entry = $single_result['entry'];
unset($entries);
$entries[$fid][0] = $entry;
}
unset($owner);
$owner = getEntryOwner($entries[$new_fid][0], $new_fid);
$editing = is_numeric($entry);
unset($owner_groups);
//$owner_groups =& $member_handler->getGroupsByUser($owner, FALSE);
$newFidData_handler = new formulizeDataHandler($new_fid);
$owner_groups = $newFidData_handler->getEntryOwnerGroups($entries[$new_fid][0]);
$info_received_msg = 0;
// never display this message when a subform is displayed the first time.
if ($entry) {
$info_continue = 1;
}
if (!($scheck = security_check($fid, $entries[$fid][0], $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms) {
print "<p>" . _NO_PERM . "</p>";
return;
}
}
// there are several points above where $entry is set, and now that we have a final value, store in ventry
if ($entry > 0 and (!isset($settings['ventry']) or "addnew" != $settings['ventry'])) {
$settings['ventry'] = $entry;
}
// set the alldoneoverride if necessary -- August 22 2006
$config_handler =& xoops_gethandler('config');
$formulizeConfig = $config_handler->getConfigsByCat(0, $mid);
// remove the all done button if the config option says 'no', and we're on a single-entry form, or the function was called to look at an existing entry, or we're on an overridden Multi-entry form
$allDoneOverride = (!$formulizeConfig['all_done_singles'] and !$profileForm and (($single or $overrideMulti or $original_entry) and !$_POST['target_sub'] and !$_POST['goto_sfid'] and !$_POST['deletesubsflag'] and !$_POST['parent_form'])) ? true : false;
if (($allDoneOverride or isset($_POST['save_and_leave']) and $_POST['save_and_leave']) and $_POST['form_submitted']) {
drawGoBackForm($go_back, $currentURL, $settings, $entry);
print "<script type=\"text/javascript\">window.document.go_parent.submit();</script>\n";
return;
} else {
// only do all this stuff below, the normal form displaying stuff, if we are not leaving this page now due to the all done button being overridden
// we cannot have the back logic above invoked when dealing with a subform, but if the override is supposed to be in place, then we need to invoke it
if (!$allDoneOverride and !$formulizeConfig['all_done_singles'] and !$profileForm and ($_POST['target_sub'] or $_POST['goto_sfid'] or $_POST['deletesubsflag'] or $_POST['parent_form']) and ($single or $original_entry or $overrideMulti)) {
$allDoneOverride = true;
}
/*if($uid==1) {
print "Forms: ";
print_r($fids);
print "<br>Entries: ";
print_r($entries);
print "<br>Subforms: ";
print_r($sub_fids);
print "<br>Subentries: ";
print_r($sub_entries); // debug block - ONLY VISIBLE TO USER 1 RIGHT NOW
} */
formulize_benchmark("Ready to start building form.");
$title = "";
foreach ($fids as $this_fid) {
if (!($scheck = security_check($this_fid, $entries[$this_fid][0], $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms) {
continue;
}
// if there is more than one form, try to make the 1-1 links
// and if we made any, then include the newly linked up entries
// in the index of entries that we're keeping track of
if (count($fids) > 1) {
list($form1s, $form2s, $form1EntryIds, $form2EntryIds) = formulize_makeOneToOneLinks($frid, $this_fid);
foreach ($form1EntryIds as $i => $form1EntryId) {
// $form1EntryId set above, now set other values for this iteration based on the key
$form2EntryId = $form2EntryIds[$i];
$form1 = $form1s[$i];
$form2 = $form2s[$i];
if ($form1EntryId) {
$entries[$form1][0] = $form1EntryId;
}
if ($form2EntryId) {
$entries[$form2][0] = $form2EntryId;
}
}
}
unset($prevEntry);
// if there is an entry, then get the data for that entry
if ($entries[$this_fid]) {
$groupEntryWithUpdateRights = ($single == "group" and $gperm_handler->checkRight("update_own_entry", $fid, $groups, $mid) and $entry == $single_result['entry']);
$prevEntry = getEntryValues($entries[$this_fid][0], $formulize_mgr, $groups, $this_fid, $elements_allowed, $mid, $uid, $owner, $groupEntryWithUpdateRights);
}
// display the form
//get the form title: (do only once)
$firstform = 0;
if (!$form) {
$firstform = 1;
$title = isset($passedInTitle) ? $passedInTitle : trans(getFormTitle($this_fid));
if ($screen) {
$title = trans($screen->getVar('title'));
}
unset($form);
if ($formElementsOnly) {
$form = new formulize_elementsOnlyForm($title, 'formulize', "{$currentURL}", "post", true);
} else {
// extended class that puts formulize element names into the tr tags for the table, so we can show/hide them as required
$form = new formulize_themeForm($title, 'formulize', "{$currentURL}", "post", true);
// necessary to trigger the proper reloading of the form page, until Done is called and that form does not have this flag.
if (!isset($settings['ventry'])) {
$settings['ventry'] = 'new';
}
$form->addElement(new XoopsFormHidden('ventry', $settings['ventry']));
}
$form->setExtra("enctype='multipart/form-data'");
// impératif!
if (is_array($settings)) {
$form = writeHiddenSettings($settings, $form);
}
// include who the entry belongs to and the date
// include acknowledgement that information has been updated if we have just done a submit
// form_meta includes: last_update, created, last_update_by, created_by
$breakHTML = "";
if (!$profileForm and $titleOverride != "all") {
// build the break HTML and then add the break to the form
if (!strstr($currentURL, "printview.php")) {
$breakHTML .= "<center class=\"no-print\">";
$breakHTML .= "<p><b>";
if ($info_received_msg) {
$breakHTML .= _formulize_INFO_SAVED . " ";
}
if ($info_continue == 1 and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$breakHTML .= "<p class=\"no-print\">" . _formulize_INFO_CONTINUE1 . "</p>";
} elseif ($info_continue == 2) {
$breakHTML .= "<p class=\"no-print\">" . _formulize_INFO_CONTINUE2 . "</p>";
} elseif (!$entry and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$breakHTML .= "<p class=\"no-print\">" . _formulize_INFO_MAKENEW . "</p>";
}
$breakHTML .= "</b></p>";
$breakHTML .= "</center>";
}
$breakHTML .= "<table cellpadding=5 width=100%><tr><td width=50% style=\"vertical-align: bottom;\">";
$breakHTML .= "<p><b>" . _formulize_FD_ABOUT . "</b><br>";
if ($entries[$this_fid][0]) {
$form_meta = getMetaData($entries[$this_fid][0], $member_handler, $this_fid);
$breakHTML .= _formulize_FD_CREATED . $form_meta['created_by'] . " " . formulize_formatDateTime($form_meta['created']) . "<br>" . _formulize_FD_MODIFIED . $form_meta['last_update_by'] . " " . formulize_formatDateTime($form_meta['last_update']) . "</p>";
} else {
$breakHTML .= _formulize_FD_NEWENTRY . "</p>";
}
$breakHTML .= "</td><td width=50% style=\"vertical-align: bottom;\">";
if (strstr($currentURL, "printview.php") or !formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$breakHTML .= "<p>";
} else {
// get save and button button options
$save_button_text = "";
$done_button_text = "";
if (is_array($button_text)) {
$save_button_text = $button_text[1];
$done_button_text = $button_text[0];
} else {
$done_button_text = $button_text;
}
if (!$done_button_text and !$allDoneOverride) {
$done_button_text = _formulize_INFO_DONE1 . _formulize_DONE . _formulize_INFO_DONE2;
} elseif ($done_button_text != "{NOBUTTON}" and !$allDoneOverride) {
$done_button_text = _formulize_INFO_DONE1 . $done_button_text . _formulize_INFO_DONE2;
// check to see if the user is allowed to modify the existing entry, and if they're not, then we have to draw in the all done button so they have a way of getting back where they're going
} elseif ($entry and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry) or !$entry) {
$done_button_text = "";
} else {
$done_button_text = _formulize_INFO_DONE1 . _formulize_DONE . _formulize_INFO_DONE2;
}
$nosave = false;
if (!$save_button_text and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$save_button_text = _formulize_INFO_SAVEBUTTON;
} elseif ($save_button_text != "{NOBUTTON}" and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$save_button_text = _formulize_INFO_SAVE1 . $save_button_text . _formulize_INFO_SAVE2;
} else {
$save_button_text = _formulize_INFO_NOSAVE;
$nosave = true;
}
$breakHTML .= "<p class='no-print'>" . $save_button_text;
if ($done_button_text) {
$breakHTML .= "<br>" . $done_button_text;
}
}
$breakHTML .= "</p></td></tr></table>";
$form->insertBreak($breakHTML, "even");
} elseif ($profileForm) {
// if we have a profile form, put the profile fields at the top of the form, populated based on the DB values from the _users table
$form = addProfileFields($form, $profileForm);
}
}
if ($titleOverride == "1" and !$firstform) {
// set onetooneTitle flag to 1 when function invoked to force drawing of the form title over again
$title = trans(getFormTitle($this_fid));
$form->insertBreak("<table><th>{$title}</th></table>", "");
}
// if this form has a parent, then determine the $parentLinks
if ($go_back['form'] and !$parentLinks[$this_fid]) {
$parentLinks[$this_fid] = getParentLinks($this_fid, $frid);
}
formulize_benchmark("Before Compile Elements.");
$form = compileElements($this_fid, $form, $formulize_mgr, $prevEntry, $entries[$this_fid][0], $go_back, $parentLinks[$this_fid], $owner_groups, $groups, $overrideValue, $elements_allowed, $profileForm, $frid, $mid, $sub_entries, $sub_fids, $member_handler, $gperm_handler, $title, $screen, $printViewPages, $printViewPageTitles);
formulize_benchmark("After Compile Elements.");
}
// end of for each fids
if (!is_object($form)) {
exit("Error: the form cannot be displayed. Does the current group have permission to access the form?");
}
// DRAW IN THE SPECIAL UI FOR A SUBFORM LINK (ONE TO MANY)
if (count($sub_fids) > 0) {
// if there are subforms, then draw them in...only once we have a bonafide entry in place already
// draw in special params for this form, but only once per page
global $formulize_subformHiddenFieldsDrawn;
if ($formulize_subformHiddenFieldsDrawn != true) {
$formulize_subformHiddenFieldsDrawn = true;
$form->addElement(new XoopsFormHidden('target_sub', ''));
$form->addElement(new XoopsFormHidden('target_sub_instance', ''));
$form->addElement(new XoopsFormHidden('numsubents', 1));
$form->addElement(new XoopsFormHidden('del_subs', ''));
$form->addElement(new XoopsFormHidden('goto_sub', ''));
$form->addElement(new XoopsFormHidden('goto_sfid', ''));
}
foreach ($sub_fids as $subform_id) {
// only draw in the subform UI if the subform hasn't been drawn in previously, courtesy of a subform element in the form.
// Subform elements are recommended since they provide 1. specific placement, 2. custom captions, 3. direct choice of form elements to include
if (in_array($subform_id, $sfidsDrawn) or $elements_allowed or !($scheck = security_check($subform_id, "", $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms) {
// no entry passed so this will simply check whether they have permission for the form or not
continue;
}
$subUICols = drawSubLinks($subform_id, $sub_entries, $uid, $groups, $frid, $mid, $fid, $entry);
unset($subLinkUI);
if (isset($subUICols['single'])) {
$form->insertBreak($subUICols['single'], "even");
} else {
$subLinkUI = new XoopsFormLabel($subUICols['c1'], $subUICols['c2']);
$form->addElement($subLinkUI);
}
}
}
// draw in proxy box if necessary (only if they have permission and only on new entries, not on edits)
if (!strstr($_SERVER['PHP_SELF'], "formulize/printview.php")) {
if ($gperm_handler->checkRight("add_proxy_entries", $fid, $groups, $mid) and !$entries[$fid][0]) {
$form = addOwnershipList($form, $groups, $member_handler, $gperm_handler, $fid, $mid);
} elseif ($entries[$fid][0] and $gperm_handler->checkRight("update_entry_ownership", $fid, $groups, $mid)) {
$form = addOwnershipList($form, $groups, $member_handler, $gperm_handler, $fid, $mid, $entries[$fid][0]);
}
}
// draw in the submitbutton if necessary
if (!$formElementsOnly and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$form = addSubmitButton($form, _formulize_SAVE, $go_back, $currentURL, $button_text, $settings, $temp_entries[$this_fid][0], $fids, $formframe, $mainform, $entry, $profileForm, $elements_allowed, $allDoneOverride, $printall, $screen);
}
if (!$formElementsOnly) {
// add flag to indicate that the form has been submitted
$form->addElement(new XoopsFormHidden('form_submitted', "1"));
if ($go_back['form']) {
// if this is set, then we're doing a subform, so put in a flag to prevent the parent from being drawn again on submission
$form->addElement(new XoopsFormHidden('sub_fid', $fid));
$form->addElement(new XoopsFormHidden('sub_submitted', $entries[$fid][0]));
$form->addElement(new XoopsFormHidden('go_back_form', $go_back['form']));
$form->addElement(new XoopsFormHidden('go_back_entry', $go_back['entry']));
} else {
// drawing a main form...put in the scroll position flag
$form->addElement(new XoopsFormHidden('yposition', 0));
}
// saving message
print "<div id=savingmessage style=\"display: none; position: absolute; width: 100%; right: 0px; text-align: center; padding-top: 50px;\">\n";
global $xoopsConfig;
if (file_exists(XOOPS_ROOT_PATH . "/modules/formulize/images/saving-" . $xoopsConfig['language'] . ".gif")) {
print "<img src=\"" . XOOPS_URL . "/modules/formulize/images/saving-" . $xoopsConfig['language'] . ".gif\">\n";
} else {
print "<img src=\"" . XOOPS_URL . "/modules/formulize/images/saving-english.gif\">\n";
}
print "</div>\n";
drawJavascript($nosave);
if (count($GLOBALS['formulize_renderedElementHasConditions']) > 0) {
drawJavascriptForConditionalElements($GLOBALS['formulize_renderedElementHasConditions'], $entries, $sub_entries);
}
print $form->addElement(new xoopsFormHidden('save_and_leave', 0));
// lastly, put in a hidden element, that will tell us what the first, primary form was that we were working with on this form submission
$form->addElement(new XoopsFormHidden('primaryfid', $fids[0]));
}
global $formulize_governingElements;
global $formulize_oneToOneElements;
global $formulize_oneToOneMetaData;
if (!is_array($formulize_governingElements)) {
$formulize_governingElements = array();
}
if (!is_array($formulize_oneToOneElements)) {
$oneToOneElements = array();
}
if (!is_array($oneToOneMetaData)) {
$oneToOneMetaData = array();
}
if (count($GLOBALS['formulize_renderedElementHasConditions']) > 0) {
$governingElements1 = compileGoverningElementsForConditionalElements($GLOBALS['formulize_renderedElementHasConditions'], $entries, $sub_entries);
foreach ($governingElements1 as $key => $value) {
$oneToOneElements[$key] = false;
}
$formulize_governingElements = mergeGoverningElements($formulize_governingElements, $governingElements1);
}
// add in any onetoone elements that we need to deal with at the same time (in case their joining key value changes on the fly)
if (count($fids) > 1) {
$i = 1;
while ($i <= count($fids)) {
$relationship_handler = xoops_getmodulehandler('frameworks', 'formulize');
$relationship = $relationship_handler->get($frid);
foreach ($relationship->getVar('links') as $thisLink) {
if ($thisLink->getVar('form1') == $fids[$i]) {
$keyElement = $thisLink->getVar('key2');
break;
} elseif ($thisLink->getVar('form2') == $fids[$i]) {
$keyElement = $thisLink->getVar('key1');
break;
}
}
// prepare to loop through elements for the rendered entry, or 'new', if there is no rendered entry
$entryToLoop = isset($entries[$fids[$i]][0]) ? $entries[$fids[$i]][0] : null;
if (!$entryToLoop and isset($GLOBALS['formulize_renderedElementsForForm'][$fids[$i]]['new'])) {
$entryToLoop = 'new';
}
foreach ($GLOBALS['formulize_renderedElementsForForm'][$fids[$i]][$entryToLoop] as $renderedMarkupName => $thisElement) {
$GLOBALS['formulize_renderedElementHasConditions'][$renderedMarkupName] = $thisElement;
$governingElements2 = _compileGoverningElements($entries, _getElementObject($keyElement), $renderedMarkupName);
foreach ($governingElements2 as $key => $value) {
$formulize_oneToOneElements[$key] = true;
$formulize_oneToOneMetaData[$key] = array('onetoonefrid' => $frid, 'onetoonefid' => $fid, 'onetooneentries' => urlencode(serialize($entries)), 'onetoonefids' => urlencode(serialize($fids)));
}
$formulize_governingElements = mergeGoverningElements($formulize_governingElements, $governingElements2);
}
$i++;
}
}
if (count($formulize_governingElements) > 0 and !$formElementsOnly) {
// render this once at the end of rendering the main form!
drawJavascriptForConditionalElements($GLOBALS['formulize_renderedElementHasConditions'], $formulize_governingElements, $formulize_oneToOneElements, $formulize_oneToOneMetaData);
}
$idForForm = $formElementsOnly ? "" : "id=\"formulizeform\"";
// when rendering disembodied forms, don't use the master id!
print "<div {$idForForm}>" . $form->render() . "</div><!-- end of formulizeform -->";
// note, security token is included in the form by the xoops themeform render method, that's why there's no explicity references to the token in the compiling/generation of the main form object
// floating save button
if ($printall != 2 and $formulizeConfig['floatSave'] and !strstr($currentURL, "printview.php") and !$formElementsOnly) {
print "<div id=floattest></div>";
if ($done_text != "{NOBUTTON}" or $save_text != "{NOBUTTON}") {
print "<div id=floatingsave>";
if ($subButtonText == _formulize_SAVE) {
if ($save_text) {
$subButtonText = $save_text;
}
if ($subButtonText != "{NOBUTTON}") {
print "<input type='button' name='submitx' id='submitx' class=floatingsavebuttons onclick=javascript:validateAndSubmit(); value='" . _formulize_SAVE . "' >";
print "<input type='button' name='submit_save_and_leave' id='submit_save_and_leave' class=floatingsavebuttons onclick=javascript:validateAndSubmit('leave'); value='" . _formulize_SAVE_AND_LEAVE . "' >";
}
}
if (($button_text != "{NOBUTTON}" and !$done_text or isset($done_text) and $done_text != "{NOBUTTON}") and !$allDoneOverride) {
if ($done_text) {
$button_text = $done_text_temp;
}
print "<input type='button' class=floatingsavebuttons onclick=javascript:verifyDone(); value='" . _formulize_DONE . "' >";
}
print "</div>";
}
}
// end floating save button
// if we're in Drupal, include the main XOOPS js file, so the calendar will work if present...
// assumption is that the calendar javascript has already been included by the datebox due to no
// $xoopsTpl being in effect in Drupal -- this assumption will fail if Drupal is displaying a pageworks
// page that uses the $xoopsTpl, for instance. (Date select box file itself checks for $xoopsTpl)
global $user;
static $includedXoopsJs = false;
if (is_object($user) and !$includedXoopsJs) {
print "<script type=\"text/javascript\" src=\"" . XOOPS_URL . "/include/xoops.js\"></script>\n";
$includedXoopsJs = true;
}
}
// end of if we're not going back to the prev page because of an all done button override
}
function importCsvSetup(&$importSet, $id_reqs)
{
global $xoopsDB;
// First cell on the first line of the csv file contained the form name.
// This is now provided through formulize variable $fid which is now the id,
// therefore a lookup is required to go from number to name, instead of the
// original name to number.
global $fid;
// 1. verify that files exist
if (!($importSet[1] = fopen($importSet[0][1], "r"))) {
exit("<b>STOPPED</b> csv file <i>" . $importSet[0][0] . "</i> not found.");
}
// 2. get the first row containing form name
// 3. get the second row containing column names
if (feof($importSet[1])) {
exit("<b>STOPPED</b> <i>column names</i> not found.");
} else {
//$importSet[2] = fgetcsv($importSet[1], 4096);
//$importSet[2] = $importSet[2][0];
$importSet[2] = getFormTitle($fid);
$importSet[3] = fgetcsv($importSet[1], 99999);
foreach ($importSet[3] as $id3 => $value3) {
$importSet[3][$id3] = str_replace(chr(19) . chr(16), "", $value3);
}
}
$importSet[4] = $fid;
$form_handler = xoops_getmodulehandler('forms', 'formulize');
$formObject = $form_handler->get($fid);
$importSet[8] = $formObject->getVar('form_handle');
// 5. get the form column ids and process linked elements
if ($importSet[4]) {
$form_elementsq = q("SELECT * FROM " . $xoopsDB->prefix("formulize") . " WHERE id_form='" . $importSet[4] . "'");
if ($form_elementsq == null) {
exit("<br><b>STOPPED</b> formulize form <i>" . $importSet[2] . "</i> elements not found.");
} else {
$importSet[5] = array($form_elementsq, array());
$mapped = array();
$columns = count($importSet[3]);
for ($column = 0; $column < $columns; $column++) {
$cell = $importSet[3][$column];
// need to record location of: _formulize_DE_CALC_CREATOR plus five user profile metadata fields, if they are necessary
if (!is_array($id_reqs)) {
// if we're dealing with a blank template...
if ($cell == _formulize_DE_CALC_CREATOR) {
$importSet[7]['creator'] = $column;
}
if ($cell == _formulize_DE_IMPORT_USERNAME) {
$importSet[7]['username'] = $column;
}
if ($cell == _formulize_DE_IMPORT_FULLNAME) {
$importSet[7]['fullname'] = $column;
}
if ($cell == _formulize_DE_IMPORT_PASSWORD) {
$importSet[7]['password'] = $column;
}
if ($cell == _formulize_DE_IMPORT_EMAIL) {
$importSet[7]['email'] = $column;
}
if ($cell == _formulize_DE_IMPORT_REGCODE) {
$importSet[7]['regcode'] = $column;
}
if ($cell == _formulize_DE_IMPORT_NEWENTRYID) {
// columns with this exact heading will have this entry id used
$importSet[7]['usethisentryid'] = $column;
}
} else {
if ($cell == _formulize_DE_IMPORT_IDREQCOL) {
$importSet[7]['idreqs'] = $column;
}
}
$mapIndex = -1;
$elements = count($form_elementsq);
for ($element = 0; $element < $elements; $element++) {
$caption = $form_elementsq[$element]["ele_caption"];
$colheading = $form_elementsq[$element]["ele_colhead"];
// trans caption added by jwe, June 29 2006, colheading added by jwe July 13, 2006
if ($cell == $caption or $cell == trans($caption) or $cell == $colheading or $cell == trans($colheading)) {
$mapIndex = $element;
// links?
switch ($form_elementsq[$element]["ele_type"]) {
case "select":
$ele_value = unserialize($form_elementsq[$element]["ele_value"]);
$options = $ele_value[2];
if (!is_array($options)) {
if (strstr($options, "#*=:*")) {
$parts = explode("#*=:*", $options);
$sql = "SELECT * FROM " . $xoopsDB->prefix("formulize") . " WHERE id_form='" . $parts[0] . "'" . " AND ele_handle='" . formulize_db_escape($parts[1]) . "'";
$form_elementlinkq = q($sql);
if ($form_elementlinkq == null) {
exit("<br><b>STOPPED</b> <i>" . "form: " . $parts[0] . ", element: " . $parts[1] . "<br>{$sql}");
} else {
//var_dump($form_elementlinkq);
$importSet[5][1][$column] = array($parts[0], $parts[1], $form_elementlinkq[0]);
}
}
}
break;
}
break;
}
}
$mapped[] = $mapIndex;
}
$importSet[6] = $mapped;
}
}
}
function displayEntries($formframe, $mainform = "", $loadview = "", $loadOnlyView = 0, $viewallforms = 0, $screen = null)
{
formulize_benchmark("start of drawing list");
global $xoopsDB, $xoopsUser;
// Set some required variables
$mid = getFormulizeModId();
list($fid, $frid) = getFormFramework($formframe, $mainform);
$gperm_handler =& xoops_gethandler('groupperm');
$member_handler =& xoops_gethandler('member');
$groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS);
$uid = $xoopsUser ? $xoopsUser->getVar('uid') : "0";
if (!($scheck = security_check($fid, "", $uid, "", $groups, $mid, $gperm_handler))) {
print "<p>" . _NO_PERM . "</p>";
return;
}
// must wrap security check in only the conditions in which it is needed, so we don't interfere with saving data in a form (which independently checks the security token)
$formulize_LOESecurityPassed = (isset($GLOBALS['formulize_securityCheckPassed']) and $GLOBALS['formulize_securityCheckPassed']) ? true : false;
if (($_POST['delconfirmed'] or $_POST['cloneconfirmed'] or $_POST['delviewid_formulize'] or $_POST['saveid_formulize'] or is_numeric($_POST['caid'])) and !$formulize_LOESecurityPassed) {
$module_handler =& xoops_gethandler('module');
$config_handler =& xoops_gethandler('config');
$formulizeModule =& $module_handler->getByDirname("formulize");
$formulizeConfig =& $config_handler->getConfigsByCat(0, $formulizeModule->getVar('mid'));
$modulePrefUseToken = $formulizeConfig['useToken'];
$useToken = $screen ? $screen->getVar('useToken') : $modulePrefUseToken;
if (isset($GLOBALS['xoopsSecurity']) and $useToken) {
$formulize_LOESecurityPassed = $GLOBALS['xoopsSecurity']->check();
} else {
// if there is no security token, then assume true -- necessary for old versions of XOOPS.
$formulize_LOESecurityPassed = true;
}
}
// check for all necessary permissions
$add_own_entry = $gperm_handler->checkRight("add_own_entry", $fid, $groups, $mid);
$delete_own_reports = $gperm_handler->checkRight("delete_own_reports", $fid, $groups, $mid);
$delete_other_reports = $gperm_handler->checkRight("delete_other_reports", $fid, $groups, $mid);
$update_other_reports = $gperm_handler->checkRight("update_other_reports", $fid, $groups, $mid);
$update_own_reports = $gperm_handler->checkRight("update_own_reports", $fid, $groups, $mid);
$view_globalscope = $gperm_handler->checkRight("view_globalscope", $fid, $groups, $mid);
$view_groupscope = $gperm_handler->checkRight("view_groupscope", $fid, $groups, $mid);
// Question: do we need to add check here to make sure that $loadview is an available report (move function call from the generateViews function) and if it is not, then nullify
// we may want to be able to pass in any old report, it's kind of like a way to override the publishing process. Problem is unpublished reports or reports that aren't actually published to the user won't show up in the list of views.
// [update: loaded views do not include the list of views, they have no interface at all except quick searches and quick sorts. Since the intention is clearly for them to be accessed through pageworks, we will leave the permission control up to the application designer for now]
$currentURL = getCurrentURL();
// get title
$displaytitle = getFormTitle($fid);
// get default info and info passed to page....
// clear any default search text that has been passed (because the user didn't actually search for anything)
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "search_" and $v == _formulize_DE_SEARCH_HELP) {
unset($_POST[$k]);
break;
// assume this is only sent once, since the help text only appears in the first column
}
}
// check for deletion request (set by 'delete selected' button)
if ($_POST['delconfirmed'] and $formulize_LOESecurityPassed) {
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "delete_" and $v != "") {
$delete_entry_id = substr($k, 7);
// confirm user has permission to delete this entry
if (formulizePermHandler::user_can_delete_entry($fid, $uid, $delete_entry_id)) {
$GLOBALS['formulize_deletionRequested'] = true;
// new syntax for deleteEntry, Sept 18 2005 -- used to handle deleting all unified display entries that are linked to this entry.
if ($frid) {
deleteEntry($delete_entry_id, $frid, $fid, $gperm_handler, $member_handler, $mid);
} else {
deleteEntry($delete_entry_id, "", $fid);
}
}
}
}
}
// check for cloning request and if present then clone entries
if ($_POST['cloneconfirmed'] and $formulize_LOESecurityPassed and $add_own_entry) {
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "delete_" and $v != "") {
$thisentry = substr($k, 7);
cloneEntry($thisentry, $frid, $fid, $_POST['cloneconfirmed']);
// cloneconfirmed is the number of copies required
}
}
}
// handle deletion of view...reset currentView
if ($_POST['delview'] and $formulize_LOESecurityPassed and ($delete_other_reports or $delete_own_reports)) {
if (substr($_POST['delviewid_formulize'], 1, 4) == "old_") {
$delviewid_formulize = substr($_POST['delviewid_formulize'], 5);
} else {
$delviewid_formulize = substr($_POST['delviewid_formulize'], 1);
}
if ($delete_other_reports or $xoopsUser->getVar('uid') == getSavedViewOwner($delviewid_formulize)) {
// "get saved view owner" only works with new saved view format in 2.0 or greater, but since that is 2.5 years old now, should be good to go!
if (substr($_POST['delviewid_formulize'], 1, 4) == "old_") {
$sql = "DELETE FROM " . $xoopsDB->prefix("formulize_reports") . " WHERE report_id='" . $delviewid_formulize . "'";
} else {
$sql = "DELETE FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_id='" . $delviewid_formulize . "'";
}
if (!($res = $xoopsDB->query($sql))) {
exit("Error deleting report: " . $_POST['delviewid_formulize']);
}
unset($_POST['currentview']);
$_POST['resetview'] = 1;
}
}
// if resetview is set, then unset POST and then set currentview to resetview
// intended for when a user switches from a locked view back to a basic view. In that case we want all settings to be cleared and everything to work like the basic view, rather than remembering, for instance, that the previous view had a calculation or a search of something.
// users who view reports (views) that aren't locked can switch back to a basic view and retain settings. This is so they can make changes to a view and then save the updates. It is also a little confusing to switch from a predefined view to a basic one but have the predefined view's settings still hanging around.
// recommendation to users should be to lock the controls for all published views.
// (this routine also invoked when a view has been deleted)
$resetview = false;
if ($_POST['resetview']) {
$resetview = $_POST['currentview'];
foreach ($_POST as $k => $v) {
unset($_POST[$k]);
}
$_POST['currentview'] = $resetview;
}
// handle saving of the view if that has been requested
// only do this if there's a saveid_formulize and they passed the security check, and any one of these: they can update other reports, or this is a "new" view, or this is not a new view, and it belongs to them and they have update own reports permission
if ($_POST['saveid_formulize'] and $formulize_LOESecurityPassed and ($update_other_reports or (is_numeric($_POST['saveid_formulize']) and ($update_own_reports and $xoopsUser->getVar('uid') == getSavedViewOwner($_POST['saveid_formulize'])) or $_POST['saveid_formulize'] == "new"))) {
// gather all values
//$_POST['currentview'] -- from save (they might have updated/changed the scope)
//possible situations:
// user replaced a report, so we need to set that report as the name of the dropdown, value is currentview
// user made a new report, so we need to set that report as the name and the value is currentview
// so name of the report gets sent to $loadedView, which also gets assigned to settings array
// report is either newid or newname if newid is "new"
// newscope goes to $_POST['currentview']
//$_POST['oldcols'] -- from page
//$_POST['asearch'] -- from page
//$_POST['calc_cols'] -- from page
//$_POST['calc_calcs'] -- from page
//$_POST['calc_blanks'] -- from page
//$_POST['calc_grouping'] -- from page
//$_POST['sort'] -- from page
//$_POST['order'] -- from page
//$_POST['hlist'] -- passed from page
//$_POST['hcalc'] -- passed from page
//$_POST['lockcontrols'] -- passed from save
//and quicksearches -- passed with the page
// pubgroups -- passed from save
$_POST['currentview'] = $_POST['savescope'];
$saveid_formulize = $_POST['saveid_formulize'];
$_POST['lockcontrols'] = $_POST['savelock'];
$savegroups = $_POST['savegroups'];
// put name into loadview
if ($saveid_formulize != "new") {
if (!strstr($saveid_formulize, "old_")) {
// if it's not a legacy report...
$sname = q("SELECT sv_name, sv_owner_uid FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_id = \"" . substr($saveid_formulize, 1) . "\"");
if ($sname[0]['sv_owner_uid'] == $uid) {
$loadedView = $saveid_formulize;
} else {
$loadedView = "p" . substr($saveid_formulize, 1);
}
}
}
$savename = $_POST['savename'];
if (get_magic_quotes_gpc()) {
$savename = stripslashes($savename);
}
// flatten quicksearches -- one value in the array for every column in the view
$allcols = explode(",", $_POST['oldcols']);
foreach ($allcols as $thiscol) {
$allquicksearches[] = $_POST['search_' . $thiscol];
}
// need to grab all hidden quick searches and then add any hidden columns to the column list...need to reverse this process when loading views
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "search_" and $v != "") {
if (!in_array(substr($k, 7), $allcols) and substr($v, 0, 1) == "!" and substr($v, -1) == "!") {
$_POST['oldcols'] .= ",hiddencolumn_" . substr($k, 7);
$allquicksearches[] = $v;
}
}
}
$qsearches = implode("&*=%4#", $allquicksearches);
$savename = formulize_db_escape($savename);
$savesearches = formulize_db_escape($_POST['asearch']);
//print $_POST['asearch'] . "<br>";
//print "$savesearches<br>";
$qsearches = formulize_db_escape($qsearches);
if ($frid) {
$saveformframe = $frid;
$savemainform = $fid;
} else {
$saveformframe = $fid;
$savemainform = "";
}
if ($saveid_formulize == "new" or strstr($saveid_formulize, "old_")) {
if ($saveid_formulize == "new") {
$owneruid = $uid;
$moduid = $uid;
} else {
// get existing uid
$olduid = q("SELECT report_uid FROM " . $xoopsDB->prefix("formulize_reports") . " WHERE report_id = '" . substr($saveid_formulize, 5) . "'");
$owneruid = $olduid[0]['report_uid'];
$moduid = $uid;
}
$savesql = "INSERT INTO " . $xoopsDB->prefix("formulize_saved_views") . " (" . "sv_name, " . "sv_pubgroups, " . "sv_owner_uid, " . "sv_mod_uid, " . "sv_formframe, " . "sv_mainform, " . "sv_lockcontrols, " . "sv_hidelist, " . "sv_hidecalc, " . "sv_asearch, " . "sv_sort, " . "sv_order, " . "sv_oldcols, " . "sv_currentview, " . "sv_calc_cols, " . "sv_calc_calcs, " . "sv_calc_blanks, " . "sv_calc_grouping, " . "sv_quicksearches, " . "sv_global_search" . ") VALUES (" . "\"" . formulize_db_escape($savename) . "\", " . "\"" . formulize_db_escape($savegroups) . "\", " . "\"" . formulize_db_escape($owneruid) . "\", " . "\"" . formulize_db_escape($moduid) . "\", " . "\"" . formulize_db_escape($saveformframe) . "\", " . "\"" . formulize_db_escape($savemainform) . "\", " . "\"" . formulize_db_escape($_POST['savelock']) . "\", " . "\"" . formulize_db_escape($_POST['hlist']) . "\", " . "\"" . formulize_db_escape($_POST['hcalc']) . "\", " . "\"" . formulize_db_escape($savesearches) . "\", " . "\"" . formulize_db_escape($_POST['sort']) . "\", " . "\"" . formulize_db_escape($_POST['order']) . "\", " . "\"" . formulize_db_escape($_POST['oldcols']) . "\", " . "\"" . formulize_db_escape($_POST['savescope']) . "\", " . "\"" . formulize_db_escape($_POST['calc_cols']) . "\", " . "\"" . formulize_db_escape($_POST['calc_calcs']) . "\", " . "\"" . formulize_db_escape($_POST['calc_blanks']) . "\", " . "\"" . formulize_db_escape($_POST['calc_grouping']) . "\", " . "\"" . formulize_db_escape($qsearches) . "\", " . "\"" . formulize_db_escape($_POST['global_search']) . "\" " . ")";
} else {
// print "UPDATE " . $xoopsDB->prefix("formulize_saved_views") . " SET sv_pubgroups=\"$savegroups\", sv_mod_uid=\"$uid\", sv_lockcontrols=\"{$_POST['savelock']}\", sv_hidelist=\"{$_POST['hlist']}\", sv_hidecalc=\"{$_POST['hcalc']}\", sv_asearch=\"$savesearches\", sv_sort=\"{$_POST['sort']}\", sv_order=\"{$_POST['order']}\", sv_oldcols=\"{$_POST['oldcols']}\", sv_currentview=\"{$_POST['savescope']}\", sv_calc_cols=\"{$_POST['calc_cols']}\", sv_calc_calcs=\"{$_POST['calc_calcs']}\", sv_calc_blanks=\"{$_POST['calc_blanks']}\", sv_calc_grouping=\"{$_POST['calc_grouping']}\", sv_quicksearches=\"$qsearches\" WHERE sv_id = \"" . substr($saveid_formulize, 1) . "\"";
$savesql = "UPDATE " . $xoopsDB->prefix("formulize_saved_views") . " SET " . "sv_name \t\t\t= \"" . formulize_db_escape($savename) . "\", " . "sv_pubgroups \t\t= \"" . formulize_db_escape($savegroups) . "\", " . "sv_mod_uid \t\t= \"" . formulize_db_escape($uid) . "\", " . "sv_lockcontrols \t= \"" . formulize_db_escape($_POST['savelock']) . "\", " . "sv_hidelist \t\t= \"" . formulize_db_escape($_POST['hlist']) . "\", " . "sv_hidecalc \t\t= \"" . formulize_db_escape($_POST['hcalc']) . "\", " . "sv_asearch \t\t= \"" . formulize_db_escape($savesearches) . "\", " . "sv_sort \t\t\t= \"" . formulize_db_escape($_POST['sort']) . "\", " . "sv_order \t\t\t= \"" . formulize_db_escape($_POST['order']) . "\", " . "sv_oldcols \t\t= \"" . formulize_db_escape($_POST['oldcols']) . "\", " . "sv_currentview \t= \"" . formulize_db_escape($_POST['savescope']) . "\", " . "sv_calc_cols \t\t= \"" . formulize_db_escape($_POST['calc_cols']) . "\", " . "sv_calc_calcs \t\t= \"" . formulize_db_escape($_POST['calc_calcs']) . "\", " . "sv_calc_blanks \t= \"" . formulize_db_escape($_POST['calc_blanks']) . "\", " . "sv_calc_grouping \t= \"" . formulize_db_escape($_POST['calc_grouping']) . "\", " . "sv_quicksearches \t= \"" . formulize_db_escape($qsearches) . "\", " . "sv_global_search = \"" . formulize_db_escape($_POST['global_search']) . "\" " . " WHERE " . "sv_id = \"" . substr($saveid_formulize, 1) . "\"";
}
// save the report
if (!($result = $xoopsDB->query($savesql))) {
exit("Error: unable to save the current view settings. SQL dump: {$savesql}");
}
if ($saveid_formulize == "new" or strstr($saveid_formulize, "old_")) {
if ($owneruid == $uid) {
$loadedView = "s" . $xoopsDB->getInsertId();
} else {
$loadedView = "p" . $xoopsDB->getInsertId();
}
}
$settings['loadedview'] = $loadedView;
// delete legacy report if necessary
if (strstr($saveid_formulize, "old_")) {
$dellegacysql = "DELETE FROM " . $xoopsDB->prefix("formulize_reports") . " WHERE report_id=\"" . substr($saveid_formulize, 5) . "\"";
if (!($result = $xoopsDB->query($dellegacysql))) {
exit("Error: unable to delete legacy report: " . substr($saveid_formulize, 5));
}
}
}
$forceLoadView = false;
if ($screen) {
$loadview = is_numeric($loadview) ? $loadview : $screen->getVar('defaultview');
// flag the screen default for loading if no specific view has been requested
if ($loadview == "mine" or $loadview == "group" or $loadview == "all" or $loadview == "blank" and (!isset($_POST['hlist']) and !isset($_POST['hcalc']))) {
// only pay attention to the "blank" default list if we are on an initial page load, ie: no hcalc or hlist is set yet, and one of those is set on each page load hereafter
$currentView = $loadview;
// if the default is a standard view, then use that instead and don't load anything
unset($loadview);
} elseif ($_POST['userClickedReset']) {
// only set if the user actually clicked that button, and in that case, we want to be sure we load the default as specified for the screen
$forceLoadView = true;
}
}
// set currentView to group if they have groupscope permission (overridden below by value sent from form)
// override with loadview if that is specified
if ($loadview and (!$_POST['currentview'] and $_POST['advscope'] == "" or $forceLoadView)) {
if (substr($loadview, 0, 4) == "old_") {
// this is a legacy view
$loadview = "p" . $loadview;
} elseif (is_numeric($loadview)) {
// new view id
$loadview = "p" . $loadview;
} else {
// new view name -- loading view by name -- note if two reports have the same name, then the first one created will be returned
$viewnameq = q("SELECT sv_id FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_name='{$loadview}' ORDER BY sv_id");
$loadview = "p" . $viewnameq[0]['sv_id'];
}
$_POST['currentview'] = $loadview;
$_POST['loadreport'] = 1;
} elseif ($view_globalscope and !$currentView) {
$currentView = "all";
} elseif ($view_groupscope and !$currentView) {
$currentView = "group";
} elseif (!$currentView) {
$currentView = "mine";
}
// debug block to show key settings being passed back to the page
/*
if($uid == 1) {
print "delview: " . $_POST['delview'] . "<br>";
print "advscope: " . $_POST['advscope'] . "<br>";
print "asearch: " . $_POST['asearch'] . "<br>";
print "Hidelist: " . $_POST['hlist'] . "<br>";
print "Hidecalc: " . $_POST['hcalc'] . "<br>";
print "Lock Controls: " . $_POST['lockcontrols'] . "<br>";
print "Sort: " . $_POST['sort'] . "<br>";
print "Order: " . $_POST['order'] . "<br>";
print "Cols: " . $_POST['oldcols'] . "<br>";
print "Curview: " . $_POST['currentview'] . "<br>";
print "Calculation columns: " . $_POST['calc_cols'] . "<br>";
print "Calculation calcs: " . $_POST['calc_calcs'] . "<br>";
print "Calculation blanks: " . $_POST['calc_blanks'] . "<br>";
print "Calculation grouping: " . $_POST['calc_grouping'] . "<br>";
foreach($_POST as $k=>$v) {
if(substr($k, 0, 7) == "search_" AND $v != "") {
print "$k: $v<br>";
}
}
}*/
// set flag to indicate whether we let the user's scope setting expand beyond their normal permission level (happens when unlocked published views are in effect)
$currentViewCanExpand = false;
// handling change in view, and loading reports/saved views if necessary
if ($_POST['loadreport']) {
if (substr($_POST['currentview'], 1, 4) == "old_") {
// legacy report
// load old report values and then assign them to the correct $_POST keys in order to present the view
$loadedView = $_POST['currentview'];
$settings['loadedview'] = $loadedView;
// kill the quicksearches
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "search_" and $v != "") {
unset($_POST[$k]);
}
}
list($_POST['currentview'], $_POST['oldcols'], $_POST['asearch'], $_POST['calc_cols'], $_POST['calc_calcs'], $_POST['calc_blanks'], $_POST['calc_grouping'], $_POST['sort'], $_POST['order'], $_POST['hlist'], $_POST['hcalc'], $_POST['lockcontrols']) = loadOldReport(substr($_POST['currentview'], 5), $fid, $view_groupscope);
} elseif (is_numeric(substr($_POST['currentview'], 1))) {
// saved or published view
$loadedView = $_POST['currentview'];
$settings['loadedview'] = $loadedView;
// kill the quicksearches, unless we've found a special flag that will cause them to be preserved
if (!isset($_POST['formulize_preserveQuickSearches']) and !isset($_GET['formulize_preserveQuickSearches'])) {
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "search_" and $v != "") {
unset($_POST[$k]);
}
}
}
list($_POST['currentview'], $_POST['oldcols'], $_POST['asearch'], $_POST['calc_cols'], $_POST['calc_calcs'], $_POST['calc_blanks'], $_POST['calc_grouping'], $_POST['sort'], $_POST['order'], $savedViewHList, $savedViewHCalc, $_POST['lockcontrols'], $quicksearches, $_POST['global_search']) = loadReport(substr($_POST['currentview'], 1), $fid, $frid);
if (!isset($_POST['formulize_preserveListCalcPage']) and !isset($_GET['formulize_preserveListCalcPage'])) {
$_POST['hlist'] = $savedViewHList;
$_POST['hcalc'] = $savedViewHCalc;
}
// explode quicksearches into the search_ values
$allqsearches = explode("&*=%4#", $quicksearches);
$colsforsearches = explode(",", $_POST['oldcols']);
for ($i = 0; $i < count($allqsearches); $i++) {
if ($allqsearches[$i] != "") {
$_POST["search_" . str_replace("hiddencolumn_", "", dealWithDeprecatedFrameworkHandles($colsforsearches[$i], $frid))] = $allqsearches[$i];
// need to remove the hiddencolumn indicator if it is present
if (strstr($colsforsearches[$i], "hiddencolumn_")) {
unset($colsforsearches[$i]);
// remove columns that were added to the column list just so we would know the name of the hidden searches
}
}
}
$_POST['oldcols'] = implode(",", $colsforsearches);
// need to reconstruct this in case any columns were removed because of persistent searches on a hidden column
}
$currentView = $_POST['currentview'];
// need to check that the user is allowed to have this scope, unless the view is unlocked
// only works for the default levels of views, not specific group selections that a view might have...that would be more complicated and could be built in later
if ($_POST['lockcontrols']) {
if ($currentView == "all" and !$view_globalscope) {
$currentView = "group";
}
if ($currentView == "group" and !$view_groupscope and !$view_globalscope) {
$currentView = "mine";
}
}
// must check for this and set it here, inside this section, where we know for sure that $_POST['lockcontrols'] has been set based on the database value for the saved view, and not anything else sent from the user!!! Otherwise the user might be injecting a greater scope for themselves than they should have!
$currentViewCanExpand = $_POST['lockcontrols'] ? false : true;
// if the controls are not locked, then we can expand the view for the user so they can see things they wouldn't normally see
// if there is a screen with a top template in effect, then do not lock the controls even if the saved view says we should. Assume that the screen author has compensated for any permission issues.
// we need to do this after rachetting down the visibility controls. Fact is, controlling UI for users is one thing that we can trust the screen author to do, so we don't need to indicate that the controls are locked. But we don't want the visibility to override what people can normally see, so we rachet that down above.
if ($screen and $_POST['lockcontrols']) {
if ($screen->getTemplate('toptemplate') != "") {
$_POST['lockcontrols'] = 0;
}
}
} elseif ($_POST['advscope'] and strstr($_POST['advscope'], ",")) {
// looking for comma sort of means that we're checking that a valid advanced scope is being sent
$currentView = $_POST['advscope'];
} elseif ($_POST['currentview']) {
// could have been unset by deletion of a view or something else, so we must check to make sure it exists before we override the default that was determined above
if (is_numeric(substr($_POST['currentview'], 1))) {
// a saved view was requested as the current view, but we don't want to load the entire thing....this means that we just want to use the view to generate the scope, we don't want to load all settings. So we have to load the view, but discard everything but the view's currentview value
// if we were supposed to load the whole thing, loadreport would have been set in post and the above code would have kicked in
$loadedViewSettings = loadReport(substr($_POST['currentview'], 1), $fid, $frid);
$currentview = $loadedViewSettings[0];
} else {
$currentView = $_POST['currentview'];
}
} elseif ($loadview) {
$currentView = $loadview;
}
// get columns for this form/framework or use columns sent from interface
// ele_handles for a form, handles for a framework, includes handles of all unified display forms
if ($_POST['oldcols']) {
$showcols = explode(",", $_POST['oldcols']);
} else {
// or use the defaults
$showcols = getDefaultCols($fid, $frid);
}
if ($_POST['newcols']) {
$temp_showcols = $_POST['newcols'];
$showcols = explode(",", $temp_showcols);
}
// convert framework handles to element handles if necessary
$showcols = dealWithDeprecatedFrameworkHandles($showcols, $frid);
$showcols = removeNotAllowedCols($fid, $frid, $showcols, $groups);
// converts old format metadata fields to new ones too if necessary
// Create settings array to pass to form page or to other functions
$settings['title'] = $displaytitle;
// get export options
if ($_POST['xport']) {
$settings['xport'] = $_POST['xport'];
if ($_POST['xport'] == "custom") {
$settings['xport_cust'] = $_POST['xport_cust'];
}
}
list($scope, $currentView) = buildScope($currentView, $member_handler, $gperm_handler, $uid, $groups, $fid, $mid, $currentViewCanExpand);
// generate the available views
// pubstart used to indicate to the delete button where the list of published views begins in the current view drop down (since you cannot delete published views)
list($settings['viewoptions'], $settings['pubstart'], $settings['endstandard'], $settings['pickgroups'], $settings['loadviewname'], $settings['curviewid'], $settings['publishedviewnames']) = generateViews($fid, $uid, $groups, $frid, $currentView, $loadedView, $view_groupscope, $view_globalscope, $_POST['curviewid'], $loadOnlyView, $screen, $_POST['lastloaded']);
// this param only used in case of loading of reports via passing in the report id or name through $loadview
if ($_POST['loadviewname']) {
$settings['loadviewname'] = $_POST['loadviewname'];
}
// if a view was loaded, then update the lastloaded value, otherwise preserve the previous value
if ($settings['curviewid']) {
$settings['lastloaded'] = $settings['curviewid'];
} else {
$settings['lastloaded'] = $_POST['lastloaded'];
}
// clear quick searches for any columns not included now
// also, convert any { } terms to literal values for users who can't update other reports, if the last loaded report doesn't belong to them (they're presumably just report consumers, so they don't need to preserve the abstract terms)
$hiddenQuickSearches = array();
// array used to indicate quick searches that should be present even if the column is not displayed to the user
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "search_" and !in_array(substr($k, 7), $showcols)) {
if (substr($v, 0, 1) == "!" and substr($v, -1) == "!") {
// don't strip searches that have ! at front and back
$hiddenQuickSearches[] = substr($k, 7);
continue;
// since the { } replacement is meant for the ease of use of non-admin users, and hiddenQuickSearches never show up to users on screen, we can skip the potentially expensive operations below in this loop
} else {
unset($_POST[$k]);
}
}
// if this is not a report/view that was created by the user, and they don't have update permission, then convert any { } terms to literals
// remove any { } terms that don't have a passed in value (so they appear as "" to users)
// only deal with terms that start and end with { } and not ones where the { } terms is not the entire term
if (is_string($v) and substr($v, 0, 1) == "{" and substr($v, -1) == "}" and substr($k, 0, 7) == "search_" and in_array(substr($k, 7), $showcols)) {
$requestKeyToUse = substr($v, 1, -1);
if (!strstr($requestKeyToUse, "}") and !strstr($requestKeyToUse, "{")) {
// double check that there's no other { } in the term!
$activeViewId = substr($settings['lastloaded'], 1);
// will have a p in front of the number, to show it's a published view (or an s, but that's unlikely to ever happen in this case)
$ownerOfLastLoadedViewData = q("SELECT sv_owner_uid FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_id=" . intval($activeViewId));
$ownerOfLastLoadedView = $ownerOfLastLoadedViewData[0]['sv_owner_uid'];
if (!$update_other_reports and $uid != $ownerOfLastLoadedView) {
if (isset($_POST[$requestKeyToUse])) {
$_POST[$k] = htmlspecialchars(strip_tags(trim($_POST[$requestKeyToUse])));
} elseif (isset($_GET[$requestKeyToUse])) {
$_POST[$k] = htmlspecialchars(strip_tags(trim($_GET[$requestKeyToUse])));
} elseif ($v == "{USER}" and $xoopsUser) {
$_POST[$k] = $xoopsUser->getVar('name') ? $xoopsUser->getVar('name') : $xoopsUser->getVar('uname');
} elseif (!strstr($v, "{BLANK}") and !strstr($v, "{TODAY") and !strstr($v, "{PERGROUPFILTER}") and !strstr($v, "{USER")) {
unset($_POST[$k]);
// clear terms where no match was found, because this term is not active on the current page, so don't confuse users by showing it
}
}
}
}
}
$settings['currentview'] = $currentView;
$settings['currentURL'] = $currentURL;
// no need for both these values now, since framework handles are deprecated
$settings['columns'] = $showcols;
$settings['columnhandles'] = $showcols;
$settings['hlist'] = $_POST['hlist'];
$settings['hcalc'] = $_POST['hcalc'];
// determine if the controls should really be locked...
if ($_POST['lockcontrols']) {
// if a view locks the controls
// only lock the controls when the user is not a member of the currentview groups AND has no globalscope
// OR if they are a member of the currentview groups AND has no groupscope or no globalscope
switch ($currentView) {
case "mine":
$settings['lockcontrols'] = "";
break;
case "all":
if ($view_globalscope) {
$settings['lockcontrols'] = "";
} else {
$settings['lockcontrols'] = "1";
}
break;
case "group":
if ($view_groupscope or $view_globalscope) {
$settings['lockcontrols'] = "";
} else {
$settings['lockcontrols'] = "1";
}
break;
default:
$viewgroups = explode(",", trim($currentView, ","));
// get the groups that the current user has specified scope for, and if none, then look at view form
$formulize_permHandler = new formulizePermHandler($fid);
$groupsWithAccess = $formulize_permHandler->getGroupScopeGroupIds($groups);
if ($groupsWithAccess === false) {
$groupsWithAccess = $gperm_handler->getGroupIds("view_form", $fid, $mid);
$groupsWithAccess = array_intersect($groups, $groupsWithAccess);
// limit to just the user's own groups that have this permission, since what we're checking of below is whether the user's groups with view form meet the condition or not
}
$diff = array_diff($viewgroups, $groupsWithAccess);
if (!isset($diff[0]) and $view_groupscope) {
// if the scopegroups are completely included in the user's groups that have access to the form, and they have groupscope (ie: they would be allowed to see all these entries anyway)
$settings['lockcontrols'] = "";
} elseif ($view_globalscope) {
// if they have global scope
$settings['lockcontrols'] = "";
} else {
// no globalscope and even if they're a member of the scope for this view, they don't have groupscope
$settings['lockcontrols'] = "1";
}
}
} else {
$settings['lockcontrols'] = "";
}
$settings['asearch'] = $_POST['asearch'];
if ($_POST['asearch']) {
$as_array = explode("/,%^&2", $_POST['asearch']);
foreach ($as_array as $k => $one_as) {
$settings['as_' . $k] = $one_as;
}
}
$settings['oldcols'] = implode(",", $showcols);
$settings['ventry'] = $_POST['ventry'];
// get sort and order options
$_POST['sort'] = dealWithDeprecatedFrameworkHandles($_POST['sort'], $frid);
$settings['sort'] = $_POST['sort'];
$settings['order'] = $_POST['order'];
//get all submitted search text
foreach ($_POST as $k => $v) {
if (substr($k, 0, 7) == "search_" and $v != "") {
$thiscol = substr($k, 7);
$searches[$thiscol] = $v;
$temp_key = "search_" . $thiscol;
$settings[$temp_key] = $v;
}
}
// get the submitted global search text
$settings['global_search'] = $_POST['global_search'];
// get all requested calculations...assign to settings array.
$settings['calc_cols'] = $_POST['calc_cols'];
$settings['calc_calcs'] = $_POST['calc_calcs'];
$settings['calc_blanks'] = $_POST['calc_blanks'];
$settings['calc_grouping'] = $_POST['calc_grouping'];
// grab all the locked columns so we can persist them
if (strstr($_POST['formulize_lockedColumns'], ",")) {
$settings['lockedColumns'] = array_unique(explode(",", trim($_POST['formulize_lockedColumns'], ",")));
} elseif (strlen($_POST['formulize_lockedColumns']) > 0) {
$settings['lockedColumns'] = array(intval($_POST['formulize_lockedColumns']));
} else {
$settings['lockedColumns'] = array();
}
// set the requested procedure, if any
$settings['advcalc_acid'] = strip_tags(htmlspecialchars($_POST['advcalc_acid']));
formulize_addProcedureChoicesToPost($settings['advcalc_acid']);
// gather id of the cached data, if any
$settings['formulize_cacheddata'] = strip_tags($_POST['formulize_cacheddata']);
// process a clicked custom button
// must do this before gathering the data!
$messageText = "";
if (isset($_POST['caid']) and $screen and $formulize_LOESecurityPassed) {
$customButtonDetails = $screen->getVar('customactions');
if (is_numeric($_POST['caid']) and isset($customButtonDetails[$_POST['caid']])) {
list($caCode, $caElements, $caActions, $caValues, $caMessageText, $caApplyTo, $caPHP, $caInline) = processCustomButton($_POST['caid'], $customButtonDetails[$_POST['caid']]);
// just processing to get the info so we can process the click. Actual output of this button happens lower down
$messageText = processClickedCustomButton($caElements, $caValues, $caActions, $caMessageText, $caApplyTo, $caPHP, $caInline);
}
}
if ($_POST['ventry']) {
// user clicked on a view this entry link
include_once XOOPS_ROOT_PATH . '/modules/formulize/include/formdisplay.php';
if ($_POST['ventry'] == "addnew" or $_POST['ventry'] == "single") {
$this_ent = "";
} elseif ($_POST['ventry'] == "proxy") {
$this_ent = "proxy";
} else {
$this_ent = $_POST['ventry'];
}
if ($screen and $screen->getVar("viewentryscreen") != "none" and $screen->getVar("viewentryscreen") or $_POST['overridescreen']) {
if (strstr($screen->getVar("viewentryscreen"), "p")) {
// if there's a p in the specified viewentryscreen, then it's a pageworks page -- added April 16 2009 by jwe
$page = intval(substr($screen->getVar("viewentryscreen"), 1));
include XOOPS_ROOT_PATH . "/modules/pageworks/index.php";
return;
} else {
$screen_handler = xoops_getmodulehandler('screen', 'formulize');
if ($_POST['overridescreen']) {
$screenToLoad = intval($_POST['overridescreen']);
} else {
$screenToLoad = intval($screen->getVar('viewentryscreen'));
}
$viewEntryScreenObject = $screen_handler->get($screenToLoad);
if ($viewEntryScreenObject->getVar('type') == "listOfEntries") {
exit("You're sending the user to a list of entries screen instead of some kind of form screen, when they're editing an entry. Check what screen is defined as the screen to use for editing an entry, or what screen id you're using in the viewEntryLink or viewEntryButton functions in the template.");
}
$viewEntryScreen_handler = xoops_getmodulehandler($viewEntryScreenObject->getVar('type') . 'Screen', 'formulize');
$displayScreen = $viewEntryScreen_handler->get($viewEntryScreenObject->getVar('sid'));
if ($displayScreen->getVar('type') == "form") {
if ($_POST['ventry'] != "single") {
$displayScreen->setVar('reloadblank', 1);
// if the user clicked the add multiple button, then specifically override that screen setting so they can make multiple entries
} else {
$displayScreen->setVar('reloadblank', 0);
// otherwise, if they did click the single button, make sure the form reloads with their entry
}
}
$viewEntryScreen_handler->render($displayScreen, $this_ent, $settings);
global $renderedFormulizeScreen;
// picked up at the end of initialize.php so we set the right info in the template when the whole page is rendered
$renderedFormulizeScreen = $displayScreen;
return;
}
} else {
if ($_POST['ventry'] != "single") {
if ($frid) {
displayForm($frid, $this_ent, $fid, $currentURL, "", $settings, "", "", "", "", $viewallforms);
// "" is the done text
return;
} else {
displayForm($fid, $this_ent, "", $currentURL, "", $settings, "", "", "", "", $viewallforms);
// "" is the done text
return;
}
} else {
// if a single entry was requested for a form that can have multiple entries, then specifically override the multiple entry UI (which causes a blank form to appear on save)
if ($frid) {
displayForm($frid, $this_ent, $fid, $currentURL, "", $settings, "", "", "1", "", $viewallforms);
// "" is the done text
return;
} else {
displayForm($fid, $this_ent, "", $currentURL, "", $settings, "", "", "1", "", $viewallforms);
// "" is the done text
return;
}
}
}
// end of "if there's a viewentryscreen, then show that"
}
// check if we're coming back from a page where a form entry was saved, and if so, synch any subform blanks that might have been written on this page load, synch them with the mainform entry that was written
$formToSynch = isset($_POST['primaryfid']) ? intval($_POST['primaryfid']) : 0;
if ($formToSynch) {
if (isset($_POST['entry' . $formToSynch]) and $enryToSynch = $_POST['entry' . $formToSynch]) {
synchSubformBlankDefaults($formToSynch, $entryToSynch);
}
}
include_once XOOPS_ROOT_PATH . "/modules/formulize/include/extract.php";
// create $data and $wq (writable query)
formulize_benchmark("before gathering dataset");
list($data, $wq, $regeneratePageNumbers) = formulize_gatherDataSet($settings, $searches, strip_tags($_POST['sort']), strip_tags($_POST['order']), $frid, $fid, $scope, $screen, $currentURL, intval($_POST['forcequery']));
formulize_benchmark("after gathering dataset/before generating calcs");
if ($settings['calc_cols'] and !$settings['hcalc']) {
//formulize_benchmark("before performing calcs");
$ccols = explode("/", $settings['calc_cols']);
$ccalcs = explode("/", $settings['calc_calcs']);
$cblanks = explode("/", $settings['calc_blanks']);
$cgrouping = explode("/", $settings['calc_grouping']);
$cResults = performCalcs($ccols, $ccalcs, $cblanks, $cgrouping, $frid, $fid);
}
//formulize_benchmark("after performing calcs");
formulize_benchmark("after generating calcs/before creating pagenav");
$formulize_LOEPageNav = formulize_LOEbuildPageNav($data, $screen, $regeneratePageNumbers);
formulize_benchmark("after nav/before interface");
$formulize_buttonCodeArray = array();
list($formulize_buttonCodeArray) = drawInterface($settings, $fid, $frid, $groups, $mid, $gperm_handler, $loadview, $loadOnlyView, $screen, $searches, $formulize_LOEPageNav, $messageText, $hiddenQuickSearches);
// if there is messageText and no custom top template, and no messageText variable in the bottom template, then we have to output the message text here
if ($screen and $messageText) {
if (trim($screen->getTemplate('toptemplate')) == "" and !strstr($screen->getTemplate('bottomtemplate'), 'messageText')) {
print "<p><center><b>{$messageText}</b></center></p>\n";
}
}
formulize_benchmark("before entries");
drawEntries($fid, $showcols, $searches, $frid, $scope, "", $currentURL, $gperm_handler, $uid, $mid, $groups, $settings, $member_handler, $screen, $data, $wq, $regeneratePageNumbers, $hiddenQuickSearches, $cResults);
// , $loadview); // -- loadview not passed any longer since the lockcontrols indicator is used to handle whether things should appear or not.
formulize_benchmark("after entries");
if ($screen) {
formulize_screenLOETemplate($screen, "bottom", $formulize_buttonCodeArray, $settings);
} else {
print $formulize_LOEPageNav;
// redraw page numbers if there is no screen in effect
}
if (isset($formulize_buttonCodeArray['submitButton'])) {
// if a custom top template was in effect, this will have been sent back, so now we display it at the very bottom of the form so it doesn't take up a visible amount of space above (the submitButton is invisible, but does take up space)
print "<p class=\"formulize_customTemplateSubmitButton\">" . $formulize_buttonCodeArray['submitButton'] . "</p>";
}
print "</form>\n";
// end of the form started in drawInterface
print "</div>\n";
// end of the listofentries div, used to call up the working message when the page is reloading, started in drawInterface
}
function displayGrid($fid, $entry = "", $rowcaps, $colcaps, $title = "", $orientation = "horizontal", $startID = "first", $finalCell = "", $finalRow = "", $calledInternal = false, $screen = null, $headingAtSide = "")
{
include_once XOOPS_ROOT_PATH . '/modules/formulize/include/functions.php';
include_once XOOPS_ROOT_PATH . '/modules/formulize/include/elementdisplay.php';
include_once XOOPS_ROOT_PATH . '/modules/formulize/class/data.php';
global $xoopsUser, $xoopsDB;
$numcols = count($colcaps);
if (is_array($finalCell)) {
$numcols = $numcols + 2;
} else {
$numcols = $numcols + 1;
}
$numrows = count($rowcaps);
$actual_numrows = count(array_filter($rowcaps));
# count non-null row captions
if ($title == "{FORMTITLE}") {
$title = trans(getFormTitle($fid));
} else {
$title = trans($title);
}
$currentURL = getCurrentURL();
$uid = $xoopsUser ? $xoopsUser->getVar('uid') : '0';
$mid = getFormulizeModId();
$gperm_handler =& xoops_gethandler('groupperm');
$owner = getEntryOwner($entry, $fid);
$member_handler =& xoops_gethandler('member');
//$owner_groups = $owner ? $member_handler->getGroupsByUser($owner, FALSE) : array(0=>XOOPS_GROUP_ANONYMOUS);
$data_handler = new formulizeDataHandler($fid);
$owner_groups = $owner ? $data_handler->getEntryOwnerGroups($entry) : array(0 => XOOPS_GROUP_ANONYMOUS);
$groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS);
if (!$calledInternal) {
if (!($scheck = security_check($fid, $entry, $uid, $owner, $groups, $mid, $gperm_handler))) {
print "<p>" . _NO_PERM . "</p>";
return;
}
}
// determine if the form is a single entry form and so whether an entry already exists for this form...
$single_result = getSingle($fid, $uid, $groups, $member_handler, $gperm_handler, $mid);
$single = $single_result['flag'];
if ($single and !$entry) {
$entry = $single_result['entry'];
}
if (!$entry) {
$entry = "new";
}
// figure out where we are supposed to start in the form
if (!is_numeric($startID) and $startID !== "first") {
$order_query = q("SELECT ele_order FROM " . $xoopsDB->prefix("formulize") . " WHERE ele_caption = \"{$startID}\" AND id_form=\"{$fid}\"");
} elseif ($startID === "first") {
// get the ele_id of the element with the lowest weight
$order_query = q("SELECT ele_order FROM " . $xoopsDB->prefix("formulize") . " WHERE id_form=\"{$fid}\" ORDER BY ele_order LIMIT 0,1");
} else {
$order_query = q("SELECT ele_order FROM " . $xoopsDB->prefix("formulize") . " WHERE id_form=\"{$fid}\" AND ele_id =\"{$startID}\"");
}
$starting_order = $order_query[0]['ele_order'];
// gather the element IDs that are to be displayed, in order (include to the end of the form, whereas we actually only will display until we run out of cells)
$element_ids_query = q("SELECT ele_id FROM " . $xoopsDB->prefix("formulize") . " WHERE ele_order >= '{$starting_order}' AND id_form='{$fid}' AND ele_type != 'subform' ORDER BY ele_order");
// initialize form
if (!$calledInternal) {
print $GLOBALS['xoopsSecurity']->getTokenHTML();
}
// start buffering the output
ob_start();
// set the title row
if ($headingAtSide) {
$gridContents[0] = $title;
$class = "even";
print "<table class='outer'>\n<tr>";
if ($actual_numrows > 0) {
echo "<td class=head></td>";
}
} else {
print "<table class=outer>\n";
$class = "head";
if ($title) {
print "<tr><th colspan='{$numcols}'>{$title}</th></tr>\n";
}
print "<tr>\n<td class=\"head\"> </td>\n";
}
// draw top row
foreach ($colcaps as $thiscap) {
if ($headingAtSide) {
print "<td class=head>{$thiscap}</td>\n";
} else {
if ($orientation == "vertical" and $class == "even" and !$headingAtSide) {
// only alternate rows
$class = "odd";
} elseif ($orientation == "vertical") {
$class = "even";
}
print "<td class={$class}>{$thiscap}</td>\n";
}
}
if (is_array($finalCell)) {
// draw blank header for last column if there is such a thing
print "<td class=head> </td>\n";
}
print "</tr>\n";
// draw regular rows
$class = "head";
$row_index = 0;
$ele_index = 0;
foreach ($rowcaps as $thiscap) {
if ($orientation == "horizontal" and $class == "even") {
$class = "odd";
} elseif ($orientation == "horizontal") {
$class = "even";
} else {
$class = "head";
}
print "<tr>\n";
if ($headingAtSide) {
if ($actual_numrows > 0) {
print "<td class=\"head\">{$thiscap}</td>\n";
}
} else {
print "<td class={$class}>{$thiscap}</td>\n";
}
foreach ($colcaps as $thiscolcap) {
if ($orientation == "vertical" and $class == "even") {
$class = "odd";
} elseif ($orientation == "vertical") {
$class = "even";
}
print "<td class={$class}>\n";
// display the element starting with the initial one. Keep trying to display something until we're successful (displaying the element might fail if the user does not have permission to view (based on which groups are allowed to view this element)
$rendered = "start";
while ($rendered != "rendered" and $rendered != "rendered-disabled" and isset($element_ids_query[$ele_index])) {
$rendered = displayElement("", $element_ids_query[$ele_index]['ele_id'], $entry, false, $screen);
$ele_index++;
}
if ($rendered != "rendered" and $rendered != "rendered-disabled") {
print " ";
}
print "</td>\n";
}
if (is_array($finalCell)) {
// draw final cell values if they exist
if ($orientation == "vertical") {
$class = "head";
}
if ($finalCell[$row_index]) {
print "<td class={$class}>" . $finalCell[$row_index] . "</td>\n";
} else {
print "<td class={$class}> </td>\n";
}
}
print "</tr>\n";
$row_index++;
}
// draw final row if necessary
if ($finalRow) {
print "<tr>{$finalRow}</tr>\n";
}
print "</table>";
$gridContents[1] = trans(ob_get_clean());
if ($headingAtSide === "") {
// if $headingAtSide is "" (not false) then we print out the grid contents here. Only pass back contents if $headingAtSide is specified as true or false (presumably by the formdisplay.php file), since otherwise for backwards compatibility we need to printout contents here because that's what the behaviour used to be.
print $gridContents[1];
} elseif ($headingAtSide) {
return $gridContents;
} else {
return $gridContents[1];
}
}
function formatFrameworksAsRelationships($frameworks)
{
$relationships = array();
$relationshipIndices = array();
$i = 1;
foreach ($frameworks as $framework) {
$frid = $framework->getVar('frid');
if (isset($relationshipIndices[$frid])) {
continue;
}
$relationships[$i]['name'] = $framework->getVar('name');
$relationships[$i]['content']['frid'] = $frid;
$frameworkLinks = $framework->getVar('links');
$li = 1;
$links = array();
foreach ($frameworkLinks as $link) {
$links[$li]['form1'] = printSmart(getFormTitle($link->getVar('form1')));
$links[$li]['form2'] = printSmart(getFormTitle($link->getVar('form2')));
switch ($link->getVar('relationship')) {
case 1:
$relationship = _AM_FRAME_ONETOONE;
break;
case 2:
$relationship = _AM_FRAME_ONETOMANY;
break;
case 3:
$relationship = _AM_FRAME_MANYTOONE;
break;
}
$links[$li]['relationship'] = printSmart($relationship);
$li++;
}
$relationships[$i]['content']['links'] = $links;
$relationshipIndices[$frid] = true;
$i++;
}
return $relationships;
}
<?php
$apiKey = $_GET['apiKey'];
$formID = $_GET['formID'];
$format = $_GET['format'];
$columnHeaders = $_GET['columnHeaders'];
if ($formID < 1) {
die("Form ID Missing!");
}
include 'form_details.php';
$formTitle = getFormTitle($apiKey, $formID);
$questions = getQuestions($apiKey, $formID, $columnHeaders);
$submissions = getSubmissions($apiKey, $formID);
switch ($format) {
case 'PostgreSQL':
include 'jotform_postgresqldump.php';
$sql = jotform_postgresqldump($apiKey, $format, $formTitle, $questions, $submissions);
break;
case 'Oracle':
include 'jotform_oracledump.php';
$sql = jotform_oracledump($apiKey, $format, $formTitle, $questions, $submissions);
break;
case 'SQL Server':
include 'jotform_sqlserverdump.php';
$sql = jotform_sqlserverdump($apiKey, $format, $formTitle, $questions, $submissions);
break;
case 'DB2':
include 'jotform_db2dump.php';
$sql = jotform_db2dump($apiKey, $format, $formTitle, $questions, $submissions);
break;
case 'Sybase':
