foreach ($aColumnsTot[$id_page] as $key => $val) {
if ($val['modifiable'] == 't' and $val['table_champ'] == $i) {
/*récupération des champs modifiables*/
$champs .= $val['champ_interface'] . ",";
/*construction de l'update*/
if ($val['type'] == 'string') {
$update .= $val['champ_interface'] . " = " . sql_format_quote($_POST[$val['champ_interface']], 'do') . ",";
}
if ($val['type'] == 'val') {
$update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ",";
}
if ($val['type'] == 'bool') {
$update .= $val['champ_interface'] . " = " . sql_format_bool($_POST[$val['champ_interface']]) . ",";
}
if ($val['type'] == 'int') {
$update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ",";
}
}
}
/*SUIVI AVANT UPDATE*/
$select = "SELECT " . rtrim($champs, ',') . " FROM lr.{$i} AS t WHERE uid=" . $id . ";";
if (DEBUG) {
echo "<br>" . $select;
}
$result = pg_query($db, $select) or die("Erreur pgSQL : " . pg_result_error($result));
$backup = pg_fetch_array($result, NULL, PGSQL_ASSOC);
// Old values
foreach ($backup as $field => $val_1) {
$val_2 = $_POST[$field];
if ($val_1 == 't') {
$val_1 = "TRUE";
$code = "";
}
$query = "UPDATE " . SQL_schema_app . ".utilisateur SET \n\tid_cbn=" . sql_format_num($_POST["id_cbn"]) . ",\n\tnom=" . sql_format($_POST["nom"]) . ",\n\tprenom=" . sql_format($_POST["prenom"]) . ",\n\t" . $code . "\n\ttel_bur=" . sql_format($_POST["tel_bur"]) . ",\n\ttel_port=" . sql_format($_POST["tel_port"]) . ",\n\ttel_int=" . sql_format($_POST["tel_int"]) . ",\n\temail=" . sql_format($_POST["email"]) . ",\n\tweb=" . sql_format($_POST["web"]) . ",\n\t" . $query_niveau . "\n\t" . $query_ref . "\n\tdescr=" . sql_format($_POST["descr"]) . " \n\tWHERE id_user='******';";
echo $query;
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. edit user", $id, "utilisateur");
} else {
//------------------------------------------------------------------------------ ADD
foreach ($rubrique as $key => $val) {
if (empty($_POST["niveau_" . $key])) {
$_POST["niveau_" . $key] = 0;
}
$val_niveau .= sql_format_num($_POST["niveau_" . $key]) . ",";
$key_niveau .= "niveau_" . $key . ",";
if (empty($_POST["ref_" . $key])) {
$_POST["ref_" . $key] = 0;
}
$val_ref .= sql_format_bool($_POST["ref_" . $key]) . ",";
$key_ref .= "ref_" . $key . ",";
}
$id = strtoupper(substr(stripAccents($_POST['prenom']), 0, 2) . substr(stripAccents($_POST['nom']), 0, 2)) . mt_rand(1, 9);
$query = "INSERT INTO " . SQL_schema_app . ".utilisateur (id_user, id_cbn,nom,prenom,login,pw,tel_bur,tel_port,tel_int,email,web,\n\t{$key_niveau}\n\t{$key_ref}\n\tdescr)\n\tVALUES (\n\t\t'" . $id . "',\n\t\t" . sql_format_num($_POST["id_cbn"]) . ",\n\t\t" . sql_format($_POST["nom"]) . ",\n\t\t" . sql_format($_POST["prenom"]) . ",\n\t\t" . sql_format($_POST["login"]) . ",\n\t\t" . sql_format($_POST["pw"]) . ",\n\t\t" . sql_format($_POST["tel_bur"]) . ",\n\t\t" . sql_format($_POST["tel_port"]) . ",\n\t\t" . sql_format($_POST["tel_int"]) . ",\n\t\t" . sql_format($_POST["email"]) . ",\n\t\t" . sql_format($_POST["web"]) . ",\n\t\t{$val_niveau} {$val_ref}\n\t\t" . sql_format($_POST["descr"]) . ");";
echo $query;
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. ajout user", $id, "utilisateur");
}
//------------------------------------------------------------------------------ FONCTIONS
function stripAccents($string)
{
return strtr($string, 'àáâãäçèéêëìíîïñòóôõöùúûüýÿÀÁÂÃÄÇÈÉÊËÌÍÎÏÑÒÓÔÕÖÙÚÛÜÝ', 'aaaaaceeeeiiiinooooouuuuyyAAAAACEEEEIIIINOOOOOUUUUY');
}
if ($result == false) {
hub_log($id, $fction);
}
/*erreur*/
unset($query);
break;
}
} else {
// ADD
//------------------------------------------------------------------------------ Valeurs numériques
if ($_POST['etape'] == "") {
$_POST['etape'] = 2;
}
//------------------------------------------------------------------------------
/*Paramètre à ajouter*/
add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "nom", null, sql_format_num($_POST["nom_sci"]), 'applications', 'manuel', 'ajout');
add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "uid", null, $uid, 'applications', 'manuel', 'ajout');
}
/*
if (!DEBUG) {
echo ("<script language=\"javascript\" type=\"text/javascript\">");
echo ("window.location.replace ( \"index.php\")");
echo ("</script>");
}
*/
pg_close($db);
return true;
//------------------------------------------------------------------------------ SI PAS ACCES
} else {
require "../commun/access_denied.php";
}
foreach ($aColumnsTot[$id_page] as $key => $val) {
if ($val['modifiable'] == 't' and $val['table_champ'] == "ddd" and $val['nom_champ'] != "id_from") {
/*récupération des champs modifiables*/
$liste_champs .= "\"" . $val['champ_interface'] . "\",";
/*construction de l'update*/
if ($val['type'] == 'string') {
$values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ",";
}
if ($val['type'] == 'val') {
$values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ",";
}
if ($val['type'] == 'bool') {
$values .= sql_format_bool($_POST[$val['champ_interface']]) . ",";
}
if ($val['type'] == 'int') {
$values .= sql_format_num($_POST[$val['champ_interface']]) . ",";
}
}
}
$insert = "INSERT INTO fsd.ddd (" . rtrim($liste_champs, ',') . ") VALUES (" . rtrim($values, ',') . ") RETURNING uid";
/*INSERT*/
if (DEBUG) {
echo "<br>" . $insert;
}
$result = pg_query($db, $insert) or die("Erreur pgSQL : " . pg_result_error($result));
$uid = pg_fetch_row($result);
if (!empty($_POST['id_from'])) {
$idfrominsert = null;
foreach ($_POST['id_from'] as $id_from) {
$idfrominsert .= "INSERT INTO fsd.lien_champs VALUES (" . $uid[0] . ",{$id_from})";
}
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
}
if (!empty($add)) {
foreach ($add as $field => $val) {
$query = $query . "INSERT INTO lsi.coor_news_tag VALUES ({$id},{$val}); ";
}
if (DEBUG) {
echo "<br>" . $query;
}
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
}
//------------------------------------------------------------------------------
} else {
// ADD
//------------------------------------------------------------------------------
$query = "INSERT INTO lsi.news (abstract,link,link_2,id_subject,date,title) \n\t\tVALUES (\n\t\t" . sql_format_quote($_POST["abstract"], 'do') . ",\n\t\t" . sql_format_quote($_POST["link"], 'do') . ",\n\t\t" . sql_format_quote($_POST["link_2"], 'do') . ",\n\t\t" . sql_format_num($_POST["id_subject"]) . ",\n\t\t" . sql_format($_POST["date"]) . ",\n\t\t" . sql_format_quote($_POST["title"], 'do') . ") RETURNING id;";
// echo $query;
if (DEBUG) {
echo "<br>" . $query;
}
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
$id = pg_result($result, 0, "id");
$add = $_POST["tag_select"];
$query = '';
if (!empty($add)) {
foreach ($add as $field => $val) {
$query .= "INSERT INTO lsi.coor_news_tag VALUES ({$id},{$val}); ";
}
if ($query != '') {
$result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result));
}
/*verification que l'appli reçoit bien $val['nom_champ']==='nomCompletSyntaxon' */
//echo "1:".$val['nom_champ'];
//if ($val['nom_champ']!=='nomCompletSyntaxon') echo " is nomComplet is false<br>";
//if ($val['nom_champ']==='nomCompletSyntaxon') echo " is nomComplet is true<br>";
/*construction de l'update*/
if ($val['type'] == 'string' and $val['nom_champ'] !== 'nomCompletSyntaxon') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ",";
}
if ($val['type'] == 'val') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ",";
}
if ($val['type'] == 'bool') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_bool($_POST[$val['nom_champ']]) . ",";
}
if ($val['type'] == 'int') {
$update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_num($_POST[$val['nom_champ']]) . ",";
}
}
}
//echo "<br> voici l'update avant trim <bre>".$update ;
/*on ajoute le nom complet car parfois ne fonctionne pas en formulaire*/
//si on avait pas ajouté le nomComplet en bout de la variable update, il aurait fallu supprimer la virgule générée par la boucle (d'où le rtrim initial)
//$update = rtrim($update,',')." WHERE \"codeEnregistrementSyntax\" = ".$id.";";
$update .= " \"nomCompletSyntaxon\" = '" . $_POST['nomSyntaxon'] . " " . $_POST['auteurSyntaxon'] . "' ";
/*on ajoute la condition sur le code de l'enregistrement*/
$update .= "WHERE \"codeEnregistrementSyntax\"=" . $id . ";";
if (DEBUG) {
echo "<br> update = " . $update;
}
//----------------------------------------------------------- backup qui enregistre l'état des champs en base, avant l'enregistrement-----------------
/*SUIVI AVANT UPDATE*/
