foreach ($aColumnsTot[$id_page] as $key => $val) { if ($val['modifiable'] == 't' and $val['table_champ'] == $i) { /*récupération des champs modifiables*/ $champs .= $val['champ_interface'] . ","; /*construction de l'update*/ if ($val['type'] == 'string') { $update .= $val['champ_interface'] . " = " . sql_format_quote($_POST[$val['champ_interface']], 'do') . ","; } if ($val['type'] == 'val') { $update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ","; } if ($val['type'] == 'bool') { $update .= $val['champ_interface'] . " = " . sql_format_bool($_POST[$val['champ_interface']]) . ","; } if ($val['type'] == 'int') { $update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ","; } } } /*SUIVI AVANT UPDATE*/ $select = "SELECT " . rtrim($champs, ',') . " FROM lr.{$i} AS t WHERE uid=" . $id . ";"; if (DEBUG) { echo "<br>" . $select; } $result = pg_query($db, $select) or die("Erreur pgSQL : " . pg_result_error($result)); $backup = pg_fetch_array($result, NULL, PGSQL_ASSOC); // Old values foreach ($backup as $field => $val_1) { $val_2 = $_POST[$field]; if ($val_1 == 't') { $val_1 = "TRUE";
$code = ""; } $query = "UPDATE " . SQL_schema_app . ".utilisateur SET \n\tid_cbn=" . sql_format_num($_POST["id_cbn"]) . ",\n\tnom=" . sql_format($_POST["nom"]) . ",\n\tprenom=" . sql_format($_POST["prenom"]) . ",\n\t" . $code . "\n\ttel_bur=" . sql_format($_POST["tel_bur"]) . ",\n\ttel_port=" . sql_format($_POST["tel_port"]) . ",\n\ttel_int=" . sql_format($_POST["tel_int"]) . ",\n\temail=" . sql_format($_POST["email"]) . ",\n\tweb=" . sql_format($_POST["web"]) . ",\n\t" . $query_niveau . "\n\t" . $query_ref . "\n\tdescr=" . sql_format($_POST["descr"]) . " \n\tWHERE id_user='******';"; echo $query; $result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. edit user", $id, "utilisateur"); } else { //------------------------------------------------------------------------------ ADD foreach ($rubrique as $key => $val) { if (empty($_POST["niveau_" . $key])) { $_POST["niveau_" . $key] = 0; } $val_niveau .= sql_format_num($_POST["niveau_" . $key]) . ","; $key_niveau .= "niveau_" . $key . ","; if (empty($_POST["ref_" . $key])) { $_POST["ref_" . $key] = 0; } $val_ref .= sql_format_bool($_POST["ref_" . $key]) . ","; $key_ref .= "ref_" . $key . ","; } $id = strtoupper(substr(stripAccents($_POST['prenom']), 0, 2) . substr(stripAccents($_POST['nom']), 0, 2)) . mt_rand(1, 9); $query = "INSERT INTO " . SQL_schema_app . ".utilisateur (id_user, id_cbn,nom,prenom,login,pw,tel_bur,tel_port,tel_int,email,web,\n\t{$key_niveau}\n\t{$key_ref}\n\tdescr)\n\tVALUES (\n\t\t'" . $id . "',\n\t\t" . sql_format_num($_POST["id_cbn"]) . ",\n\t\t" . sql_format($_POST["nom"]) . ",\n\t\t" . sql_format($_POST["prenom"]) . ",\n\t\t" . sql_format($_POST["login"]) . ",\n\t\t" . sql_format($_POST["pw"]) . ",\n\t\t" . sql_format($_POST["tel_bur"]) . ",\n\t\t" . sql_format($_POST["tel_port"]) . ",\n\t\t" . sql_format($_POST["tel_int"]) . ",\n\t\t" . sql_format($_POST["email"]) . ",\n\t\t" . sql_format($_POST["web"]) . ",\n\t\t{$val_niveau} {$val_ref}\n\t\t" . sql_format($_POST["descr"]) . ");"; echo $query; $result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. ajout user", $id, "utilisateur"); } //------------------------------------------------------------------------------ FONCTIONS function stripAccents($string) { return strtr($string, 'àáâãäçèéêëìíîïñòóôõöùúûüýÿÀÁÂÃÄÇÈÉÊËÌÍÎÏÑÒÓÔÕÖÙÚÛÜÝ', 'aaaaaceeeeiiiinooooouuuuyyAAAAACEEEEIIIINOOOOOUUUUY'); }
if ($result == false) { hub_log($id, $fction); } /*erreur*/ unset($query); break; } } else { // ADD //------------------------------------------------------------------------------ Valeurs numériques if ($_POST['etape'] == "") { $_POST['etape'] = 2; } //------------------------------------------------------------------------------ /*Paramètre à ajouter*/ add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "nom", null, sql_format_num($_POST["nom_sci"]), 'applications', 'manuel', 'ajout'); add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "uid", null, $uid, 'applications', 'manuel', 'ajout'); } /* if (!DEBUG) { echo ("<script language=\"javascript\" type=\"text/javascript\">"); echo ("window.location.replace ( \"index.php\")"); echo ("</script>"); } */ pg_close($db); return true; //------------------------------------------------------------------------------ SI PAS ACCES } else { require "../commun/access_denied.php"; }
foreach ($aColumnsTot[$id_page] as $key => $val) { if ($val['modifiable'] == 't' and $val['table_champ'] == "ddd" and $val['nom_champ'] != "id_from") { /*récupération des champs modifiables*/ $liste_champs .= "\"" . $val['champ_interface'] . "\","; /*construction de l'update*/ if ($val['type'] == 'string') { $values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ","; } if ($val['type'] == 'val') { $values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ","; } if ($val['type'] == 'bool') { $values .= sql_format_bool($_POST[$val['champ_interface']]) . ","; } if ($val['type'] == 'int') { $values .= sql_format_num($_POST[$val['champ_interface']]) . ","; } } } $insert = "INSERT INTO fsd.ddd (" . rtrim($liste_champs, ',') . ") VALUES (" . rtrim($values, ',') . ") RETURNING uid"; /*INSERT*/ if (DEBUG) { echo "<br>" . $insert; } $result = pg_query($db, $insert) or die("Erreur pgSQL : " . pg_result_error($result)); $uid = pg_fetch_row($result); if (!empty($_POST['id_from'])) { $idfrominsert = null; foreach ($_POST['id_from'] as $id_from) { $idfrominsert .= "INSERT INTO fsd.lien_champs VALUES (" . $uid[0] . ",{$id_from})"; }
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); } if (!empty($add)) { foreach ($add as $field => $val) { $query = $query . "INSERT INTO lsi.coor_news_tag VALUES ({$id},{$val}); "; } if (DEBUG) { echo "<br>" . $query; } $result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); } //------------------------------------------------------------------------------ } else { // ADD //------------------------------------------------------------------------------ $query = "INSERT INTO lsi.news (abstract,link,link_2,id_subject,date,title) \n\t\tVALUES (\n\t\t" . sql_format_quote($_POST["abstract"], 'do') . ",\n\t\t" . sql_format_quote($_POST["link"], 'do') . ",\n\t\t" . sql_format_quote($_POST["link_2"], 'do') . ",\n\t\t" . sql_format_num($_POST["id_subject"]) . ",\n\t\t" . sql_format($_POST["date"]) . ",\n\t\t" . sql_format_quote($_POST["title"], 'do') . ") RETURNING id;"; // echo $query; if (DEBUG) { echo "<br>" . $query; } $result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); $id = pg_result($result, 0, "id"); $add = $_POST["tag_select"]; $query = ''; if (!empty($add)) { foreach ($add as $field => $val) { $query .= "INSERT INTO lsi.coor_news_tag VALUES ({$id},{$val}); "; } if ($query != '') { $result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); }
/*verification que l'appli reçoit bien $val['nom_champ']==='nomCompletSyntaxon' */ //echo "1:".$val['nom_champ']; //if ($val['nom_champ']!=='nomCompletSyntaxon') echo " is nomComplet is false<br>"; //if ($val['nom_champ']==='nomCompletSyntaxon') echo " is nomComplet is true<br>"; /*construction de l'update*/ if ($val['type'] == 'string' and $val['nom_champ'] !== 'nomCompletSyntaxon') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ","; } if ($val['type'] == 'val') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ","; } if ($val['type'] == 'bool') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_bool($_POST[$val['nom_champ']]) . ","; } if ($val['type'] == 'int') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_num($_POST[$val['nom_champ']]) . ","; } } } //echo "<br> voici l'update avant trim <bre>".$update ; /*on ajoute le nom complet car parfois ne fonctionne pas en formulaire*/ //si on avait pas ajouté le nomComplet en bout de la variable update, il aurait fallu supprimer la virgule générée par la boucle (d'où le rtrim initial) //$update = rtrim($update,',')." WHERE \"codeEnregistrementSyntax\" = ".$id.";"; $update .= " \"nomCompletSyntaxon\" = '" . $_POST['nomSyntaxon'] . " " . $_POST['auteurSyntaxon'] . "' "; /*on ajoute la condition sur le code de l'enregistrement*/ $update .= "WHERE \"codeEnregistrementSyntax\"=" . $id . ";"; if (DEBUG) { echo "<br> update = " . $update; } //----------------------------------------------------------- backup qui enregistre l'état des champs en base, avant l'enregistrement----------------- /*SUIVI AVANT UPDATE*/