// $Id: collecte_selection.inc.php,v 1.5 2009-05-16 11:12:02 dbellamy Exp $
if (stristr($_SERVER['REQUEST_URI'], ".inc.php")) {
die("no access");
}
if ($idemprcaddie) {
$myCart = new empr_caddie($idemprcaddie);
print aff_empr_cart_titre($myCart);
$droit = verif_droit_proc_empr_caddie($id);
switch ($action) {
case 'form_proc':
$hp = new parameters($id, "empr_caddie_procs");
$hp->gen_form("./circ.php?categ=caddie&sub=gestion&quoi=selection&moyen=selection&action=add_item&idemprcaddie={$idemprcaddie}&id={$id}");
break;
case 'add_item':
if ($droit) {
$hp = new parameters($id, "empr_caddie_procs");
$hp->get_final_query();
echo "<hr />" . $hp->final_query . "<hr />";
$line = pmb_split("\n", $hp->final_query);
$nb_element_avant = $myCart->nb_item;
while (list($cle, $valeur) = each($line)) {
if ($valeur != '') {
if (pmb_strtolower(pmb_substr($valeur, 0, 6)) == "select" || pmb_strtolower(pmb_substr($valeur, 0, 6)) == "create") {
} else {
echo pmb_substr($valeur, 0, 6);
error_message_history($msg['caddie_action_invalid_query'], $msg['requete_selection'], 1);
exit;
}
$result_selection = mysql_query($valeur, $dbh);
if (!$result_selection) {
error_message_history($msg['caddie_action_invalid_query'], $msg['requete_echouee'] . mysql_error(), 1);
//********************************************************************************/
// récupérer ici la procédure à lancer
$sql = $row[2];
//$proc_notice_tpl=$row[4];
$proc_notice_tpl_field = $row[5];
if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters) && $form_type == "") {
$hp = new parameters($id_proc, "procs");
$hp->gen_form("edit.php?categ=procs&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec);
} else {
$param_hidden = "";
if ($force_exec) {
$param_hidden .= "<input type='hidden' name='force_exec' value='" . $force_exec . "' />";
//On a forcé la requete
}
if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters)) {
$hp = new parameters($id_proc, "procs");
$hp->get_final_query();
$sql = $hp->final_query;
$param_hidden .= $hp->get_hidden_values();
//Je mets les paramêtres en champ caché en cas de forçage
$param_hidden .= "<input type='hidden' name='form_type' value='gen_form' />";
//Je mets le marqueur des paramêtres en champ caché en cas de forçage
}
if ($dest != "TABLEAU" && $dest != "TABLEAUHTML" && $dest != "TABLEAUCSV") {
print "<form class=\"form-edit\" id=\"formulaire\" name=\"formulaire\" action='./edit.php?categ=procs&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec . "' method=\"post\">";
print "<input type='button' class='bouton' value='" . htmlentities($msg[654], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=procs\";this.form.submit();'/>";
if (!explain_requete($sql) && SESSrights & EDIT_FORCING_AUTH && !$force_exec) {
print $param_hidden;
print "<input type='button' id='procs_button_exec' class='bouton' value='" . htmlentities($msg["procs_force_exec"], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=procs&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=1\";this.form.submit();' />";
} else {
print "<input type='submit' id='procs_button_exec' class='bouton' value='" . htmlentities($msg[708], ENT_QUOTES, $charset) . "'/>";
function show_results_stats($id_proc = 0)
{
global $msg, $dbh, $form_type, $categ, $numero_page, $limite_page, $sub, $charset;
global $dest, $pmb_set_time_limit, $force_exec, $erreur_explain_rqt, $nombre_lignes_total;
@set_time_limit($pmb_set_time_limit);
//Récupération des variables postées, on en aura besoin pour les liens
$page = $_SERVER[SCRIPT_NAME];
$requete = "SELECT idproc, name, requete, comment, num_vue FROM statopac_request where idproc='" . $id_proc . "' ";
$res = mysql_query($requete, $dbh);
$row = mysql_fetch_row($res);
//Requete et calcul du nombre de pages à afficher selon la taille de la base 'pret'
//********************************************************************************/
// récupérer ici la procédure à lancer
$sql = $row[2];
$sql = str_replace("VUE()", "statopac_vue_{$row['4']}", $sql);
if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters) && $form_type == "") {
$hp = new parameters($id_proc, "statopac_request");
$hp->gen_form("edit.php?categ=stat_opac&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec);
} else {
$param_hidden = "";
if ($force_exec) {
$param_hidden .= "<input type='hidden' name='force_exec' value='" . $force_exec . "' />";
//On a forcé la requete
}
if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters)) {
$hp = new parameters($id_proc, "statopac_request");
$hp->get_final_query();
$sql = $hp->final_query;
$param_hidden .= $hp->get_hidden_values();
//Je mets les paramêtres en champ caché en cas de forçage
$param_hidden .= "<input type='hidden' name='form_type' value='gen_form' />";
//Je mets le marqueur des paramêtres en champ caché en cas de forçage
}
$sql = str_replace("VUE()", "statopac_vue_{$row['4']}", $sql);
if ($dest != "TABLEAU" && $dest != "TABLEAUHTML" && $dest != "TABLEAUCSV") {
print "<form class=\"form-edit\" id=\"formulaire\" name=\"formulaire\" action='./edit.php?categ=stat_opac&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec . "' method=\"post\">";
print "<input type='button' class='bouton' value='" . htmlentities($msg[654], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=stat_opac\";this.form.submit();' />";
if (!explain_requete($sql) && SESSrights & EDIT_FORCING_AUTH && !$force_exec) {
print $param_hidden;
print "<input type='button' id='procs_button_exec' class='bouton' value='" . htmlentities($msg["procs_force_exec"], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=stat_opac&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=1\";this.form.submit();' />";
} else {
print "<input type='submit' id='procs_button_exec' class='bouton' value='" . htmlentities($msg[708], ENT_QUOTES, $charset) . "'/>";
}
print "<br />";
print "</form>";
// la procédure n'a pas de parm ou les paramètres ont été reçus
if (!explain_requete($sql) && !(SESSrights & EDIT_FORCING_AUTH && $force_exec)) {
die("<br /><br />" . $sql . "<br /><br />" . htmlentities($msg["proc_param_explain_failed"], ENT_QUOTES, $charset) . "<br /><br />" . $erreur_explain_rqt);
}
}
$req_nombre_lignes = "";
if (!$nombre_lignes_total) {
$req_nombre_lignes = mysql_query($sql);
if (!$req_nombre_lignes) {
die($sql . "<br /><br />" . mysql_error());
}
$nombre_lignes_total = mysql_num_rows($req_nombre_lignes);
}
$param_hidden .= "<input type='hidden' name='nombre_lignes_total' value='" . $nombre_lignes_total . "' />";
//Je garde le nombre de ligne total pour le pas refaire la requête à la page suivante
//Si aucune limite_page n'a été passée, valeur par défaut : 10
if (!$limite_page) {
$limite_page = 10;
}
$nbpages = $nombre_lignes_total / $limite_page;
// on arondi le nombre de page pour ne pas avoir de virgules, ici au chiffre supérieur
$nbpages_arrondi = ceil($nbpages);
// on enlève 1 au nombre de pages, car la 1ere page affichée ne fait pas partie des pages suivantes
$nbpages_arrondi = $nbpages_arrondi - 1;
if (!$numero_page) {
$numero_page = 0;
}
$limite_mysql = $limite_page * $numero_page;
//REINITIALISATION DE LA REQUETE SQL
switch ($dest) {
case "TABLEAU":
case "TABLEAUHTML":
case "TABLEAUCSV":
if (!$req_nombre_lignes) {
$res = @mysql_query($sql, $dbh) or die($sql . "<br /><br />" . mysql_error());
} else {
$res = $req_nombre_lignes;
}
break;
default:
echo "<h1>" . htmlentities($msg["opac_admin_menu"], ENT_QUOTES, $charset) . " : " . htmlentities($msg["stat_opac_menu"], ENT_QUOTES, $charset) . "</h1>";
echo "<h1>" . htmlentities($row[1], ENT_QUOTES, $charset) . "</h1><h2>" . htmlentities($row[3], ENT_QUOTES, $charset) . "</h2>";
$sql = $sql . " LIMIT " . $limite_mysql . ", " . $limite_page;
// on execute la requete avec les bonnes limites
$res = @mysql_query($sql, $dbh) or die($sql . "<br /><br />" . mysql_error());
echo "<p>";
break;
}
$nbr_lignes = @mysql_num_rows($res);
$nbr_champs = @mysql_num_fields($res);
if ($nbr_lignes) {
switch ($dest) {
case "TABLEAU":
$fichier_temp_nom = tempnam(sys_get_temp_dir(), $fichier_temp_nom);
$workbook = new writeexcel_workbook($fichier_temp_nom);
$worksheet =& $workbook->addworksheet();
$worksheet->write(0, 0, $row[1]);
$worksheet->write(0, 1, $row[3]);
for ($i = 0; $i < $nbr_champs; $i++) {
// entête de colonnes
$fieldname = mysql_field_name($res, $i);
$worksheet->write(2, $i, ${fieldname});
}
for ($i = 0; $i < $nbr_lignes; $i++) {
$row = mysql_fetch_row($res);
$j = 0;
foreach ($row as $dummykey => $col) {
if (is_numeric($col) && preg_match("/^0/", $col)) {
$col = "'" . $col;
}
if (trim($col) == '') {
$col = " ";
}
$worksheet->write($i + 3, $j, $col);
$j++;
}
}
$workbook->close();
$fh = fopen($fichier_temp_nom, "rb");
fpassthru($fh);
unlink($fichier_temp_nom);
break;
case "TABLEAUHTML":
echo "<h1>{$row['1']}</h1><h2>{$row['3']}</h2>{$sql}<br/>";
echo "<table>";
for ($i = 0; $i < $nbr_champs; $i++) {
$fieldname = mysql_field_name($res, $i);
print "<th align='left'>{$fieldname}</th>";
}
for ($i = 0; $i < $nbr_lignes; $i++) {
$row = mysql_fetch_row($res);
echo "<tr>";
foreach ($row as $dummykey => $col) {
/*if (is_numeric($col)){
$col = "'".$col ;
}*/
if (trim($col) == '') {
$col = " ";
}
print '<td>' . $col . '</td>';
}
echo "</tr>";
}
echo "</table>";
break;
case "TABLEAUCSV":
for ($i = 0; $i < $nbr_champs; $i++) {
$fieldname = mysql_field_name($res, $i);
print "{$fieldname}\t";
}
for ($i = 0; $i < $nbr_lignes; $i++) {
$row = mysql_fetch_row($res);
echo "\n";
foreach ($row as $dummykey => $col) {
/* if (is_numeric($col)) {
$col = "\"'".(string)$col."\"" ;
} */
print "{$col}\t";
}
}
break;
default:
echo "<table>";
for ($i = 0; $i < $nbr_champs; $i++) {
$fieldname = mysql_field_name($res, $i);
print "<th align='left'>{$fieldname}</th>";
}
$odd_even = 0;
for ($i = 0; $i < $nbr_lignes; $i++) {
$row = mysql_fetch_row($res);
if ($odd_even == 0) {
echo "\t<tr class='odd'>";
$odd_even = 1;
} elseif ($odd_even == 1) {
echo "\t<tr class='even'>";
$odd_even = 0;
}
foreach ($row as $dummykey => $col) {
if (trim($col) == '') {
$col = " ";
}
print '<td>' . $col . '</td>';
}
echo "</tr>";
}
echo "</table><hr>";
echo "<p align=left size='-3' class='pn-normal'>\n\t\t\t\t\t<form name='navbar' class='form-edit' action='{$page}' method='post'>";
echo "\n\t\t\t\t\t<input type='hidden' name='numero_page' value='{$numero_page}' />\n\t\t\t\t\t<input type='hidden' name='id_proc' value='{$id_proc}' />\n\t\t\t\t\t<input type='hidden' name='categ' value='{$categ}' />\n\t\t\t\t\t<input type='hidden' name='sub' value='{$sub}' />";
print $param_hidden;
// LIENS PAGE SUIVANTE et PAGE PRECEDENTE
// si le nombre de page n'est pas 0 et si la variable numero_page n'est pas définie
// dans cette condition, la variable numero_page est incrémenté et est inférieure à $nombre
// constitution des liens
$suivante = $numero_page + 1;
$precedente = $numero_page - 1;
// affichage du lien précédent si nécéssaire
if ($precedente >= 0) {
$nav_bar .= "<img src='./images/left.gif' border='0' title='{$msg['48']}' alt='[{$msg['48']}]' hspace='3' align='bottom' onClick=\"document.navbar.dest.value='';document.navbar.numero_page.value='{$precedente}'; document.navbar.limite_page.value='{$limite_page}'; document.navbar.submit(); \"/>";
}
for ($i = 0; $i <= $nbpages_arrondi; $i++) {
if ($i == $numero_page) {
$nav_bar .= "<strong>" . ($i + 1) . "/" . ($nbpages_arrondi + 1) . "</strong>";
}
}
if ($suivante <= $nbpages_arrondi) {
$nav_bar .= "<img src='./images/right.gif' border='0' title='{$msg['49']}' alt='[{$msg['49']}]' hspace='3' align='bottom' onClick=\"document.navbar.dest.value='';document.navbar.numero_page.value='{$suivante}'; document.navbar.limite_page.value='{$limite_page}'; document.navbar.submit(); \" />";
}
echo $nav_bar;
echo "\n\t\t\t\t\t<input type='hidden' name='dest' value='' />\n\t\t\t\t\t{$msg['edit_cbgen_mep_afficher']} <input type='text' name='limite_page' value='{$limite_page}' class='saisie-5em' /> {$msg['1905']}\n\t\t\t\t\t<input type='submit' class='bouton' value='" . $msg['actualiser'] . "' onclick=\"this.form.dest.value='';document.navbar.numero_page.value=0;\" /><font size='4'> </font>\n\t\t\t\t\t<input type='image' src='./images/tableur.gif' border='0' onClick=\"this.form.dest.value='TABLEAU';\" alt='Export tableau EXCEL' title='Export tableau EXCEL' /><font size='4'> </font>\n\t\t\t\t\t<input type='image' src='./images/tableur_html.gif' border='0' onClick=\"this.form.dest.value='TABLEAUHTML';\" alt='Export tableau HTML' title='Export tableau HTML' />\n\t\t\t\t\t</form></p>";
break;
}
} else {
echo $msg["etatperso_aucuneligne"];
}
mysql_free_result($res);
}
}
function executeProc($procedure, $idProc, $tparams)
{
global $msg, $dbh, $PMBuserid;
global $pmb_procedure_server_credentials, $pmb_procedure_server_address;
if (SESSrights & ADMINISTRATION_AUTH) {
$name = "";
$report = "";
if ($tparams) {
foreach ($tparams as $aparam => $vparam) {
global ${$aparam};
${$aparam} = $vparam;
}
}
switch ($procedure) {
case INTERNAL:
$hp = new parameters($idProc, "procs");
$hp->get_final_query();
$code_sql = $hp->final_query;
$autorisations = $hp->proc->autorisations;
break;
case EXTERNAL:
$pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials);
if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) {
$aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1]));
$procedure = $aremote_procedure_client->get_proc($idProc, "AP");
$the_procedure = $procedure["procedure"];
if ($procedure["error_message"]) {
$report = htmlentities($msg["remote_procedures_error_server"], ENT_QUOTES, $charset) . ":<br><i>" . $procedure["error_message"] . "</i>";
$result = array("name" => $the_procedure->name, "report" => $report);
return $result;
} else {
if ($the_procedure->params && $the_procedure->params != "NULL") {
$sql = "CREATE TEMPORARY TABLE remote_proc LIKE procs";
mysql_query($sql, $dbh) or die(mysql_error());
$sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . mysql_escape_string($the_procedure->name) . "', '" . mysql_escape_string($the_procedure->sql) . "', '" . mysql_escape_string($the_procedure->comment) . "', '', '" . mysql_escape_string($the_procedure->params) . "', 0)";
mysql_query($sql, $dbh) or die(mysql_error());
$idproc = mysql_insert_id($dbh);
$hp = new parameters($idproc, "remote_proc");
$hp->get_final_query();
$the_procedure->sql = $hp->final_query;
$name = $the_procedure->name;
$code_sql = $the_procedure->sql;
$commentaire = $the_procedure->comment;
}
}
}
break;
}
$linetemp = explode(";", $code_sql);
if ($autorisations) {
$temp_autorisation = explode(" ", $autorisations);
}
$allow = false;
if ($temp_autorisation) {
foreach ($temp_autorisation as $userid) {
if ($userid == $PMBuserid) {
$allow = true;
}
}
if (!$allow) {
$report = $msg["11"];
// throw new Exception($message, $code);
$result = array("name" => $name, "report" => $report);
return $result;
}
}
for ($i = 0; $i < count($linetemp); $i++) {
if (trim($linetemp[$i])) {
$line[] = trim($linetemp[$i]);
}
}
while (list($cle, $valeur) = each($line)) {
if ($valeur) {
// traitement des paramètres
// traitement tri des colonnes
if ($sortfield != "") {
// on cherche à trier sur le champ $trifield
// compose la chaîne de tri
$tri = $sortfield;
if ($desc == 1) {
$tri .= " DESC";
} else {
$tri .= " ASC";
}
// on enlève les doubles espaces dans la procédure
$valeur = ereg_replace("/\\s+/", " ", $valeur);
// supprime un éventuel ; à la fin de la requête
$valeur = ereg_replace("/;\$/", "", $valeur);
// on recherche la première occurence de ORDER BY
$s = stristr($valeur, "order by");
if ($s) {
// y'a déjà une clause order by... moins facile...
// il faut qu'on sache si on aura besoin de mettre une virgule ou pas
if (ereg(",", $s)) {
$virgule = true;
} else {
if (!ereg("{$sortfield}", $s)) {
$virgule = true;
} else {
$virgule = false;
}
}
if ($virgule) {
$tri .= ", ";
}
// regarde si le champ est déjà dans la liste des champs à trier et le remplace si besoin
$new_s = preg_replace("/{$sortfield}, /", "", $s);
$new_s = preg_replace("/{$sortfield}/", "", $new_s);
// ajoute la clause order by correcte
$new_s = preg_replace("/order\\s+by\\s+/i", "order by {$tri}", $new_s);
// replace l'ancienne chaîne par la nouvelle
$valeur = str_replace($s, $new_s, $valeur);
} else {
$valeur .= " order by {$tri}";
}
}
$report .= "<strong>" . $msg["procs_ligne"] . " {$cle} </strong>: {$valeur}<br /><br />";
if (explain_requete($valeur)) {
$res = @mysql_query($valeur, $dbh);
$report .= mysql_error();
$nbr_lignes = @mysql_num_rows($res);
$nbr_champs = @mysql_num_fields($res);
if ($nbr_lignes) {
$report .= "<table >";
for ($i = 0; $i < $nbr_champs; $i++) {
$fieldname = mysql_field_name($res, $i);
$report .= "<th>{$fieldname}</th>";
}
for ($i = 0; $i < $nbr_lignes; $i++) {
$row = mysql_fetch_row($res);
$report .= "<tr>";
foreach ($row as $dummykey => $col) {
if (trim($col) == '') {
$col = ' ';
}
$report .= '<td >' . $col . '</td>';
}
$report .= "</tr>";
}
$report .= "</table><hr />";
$report .= "<font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . mysql_affected_rows($dbh) . "</font>";
} else {
$report .= "<br /><font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . mysql_affected_rows($dbh);
$err = mysql_error($dbh);
if ($err) {
$report .= "<br />{$err}";
}
$report .= "</font><hr />";
}
} else {
// erreur explain_requete
$report .= $valeur . "<br /><br />" . $msg["proc_param_explain_failed"] . "<br /><br />" . $erreur_explain_rqt;
}
}
}
// fin while
$result = array("name" => $name, "report" => $report);
return $result;
}
return array();
}
function make_serialized_task_params()
{
global $dbh, $type_proc, $form_procs, $form_procs_remote;
global $pmb_procedure_server_credentials, $pmb_procedure_server_address;
$t = parent::make_serialized_task_params();
$t["type_proc"] = stripslashes($type_proc);
$t["form_procs"] = stripslashes($form_procs);
$t["form_procs_remote"] = stripslashes($form_procs_remote);
if ($form_procs) {
$hp = new parameters($form_procs, "procs");
$t["envt"] = $hp->make_serialized_parameters_params();
} else {
if ($form_procs_remote) {
$id = $form_procs_remote;
$pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials);
if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) {
$aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1]));
$procedure = $aremote_procedure_client->get_proc($id, "AP");
if (!$procedure["error_message"]) {
$the_procedure = $procedure["procedure"];
if ($the_procedure) {
$sql = "CREATE TEMPORARY TABLE remote_proc LIKE procs";
mysql_query($sql, $dbh) or die(mysql_error());
$sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . mysql_escape_string($the_procedure->name) . "', '" . mysql_escape_string($the_procedure->sql) . "', '" . mysql_escape_string($the_procedure->comment) . "', '', '" . mysql_escape_string($the_procedure->params) . "', 0)";
mysql_query($sql, $dbh) or die(mysql_error());
$idproc = mysql_insert_id($dbh);
$hp = new parameters($idproc, "remote_proc");
$t["envt"] = $hp->make_serialized_parameters_params();
}
}
}
}
}
return serialize($t);
}
function run_form($id, $dbh)
{
global $msg;
global $charset;
global $force_exec;
$hp = new parameters($id, "statopac_request");
if (preg_match_all("|!!(.*)!!|U", $hp->proc->requete, $query_parameters)) {
$hp->gen_form("admin.php?categ=opac&sub=stat§ion=view_list&act=final&id={$id}" . ($force_exec ? "&force_exec={$force_exec}" : ""));
} else {
echo "<script>document.location='admin.php?categ=opac&sub=stat§ion=view_list&act=final&id={$id}" . ($force_exec ? "&force_exec={$force_exec}" : "") . "'</script>";
}
}
function make_serialized_task_params()
{
global $dbh, $type_proc, $form_procs, $form_procs_remote;
global $tocsv_checked, $tocsv_sep, $tocsv_filepath, $tocsv_enclosure;
global $pmb_procedure_server_credentials, $pmb_procedure_server_address;
$t = parent::make_serialized_task_params();
$t['type_proc'] = stripslashes($type_proc);
$t['form_procs'] = stripslashes($form_procs);
$t['form_procs_remote'] = stripslashes($form_procs_remote);
$t['tocsv']['checked'] = $tocsv_checked;
$t['tocsv']['sep'] = stripslashes($tocsv_sep);
$t['tocsv']['filepath'] = stripslashes($tocsv_filepath);
$t['tocsv']['enclosure'] = stripslashes($tocsv_enclosure);
if ($form_procs) {
$hp = new parameters($form_procs, 'procs');
$t['envt'] = $hp->make_serialized_parameters_params();
} else {
if ($form_procs_remote) {
$id = $form_procs_remote;
$pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials);
if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) {
$aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1]));
$procedure = $aremote_procedure_client->get_proc($id, "AP");
if (!$procedure['error_message']) {
$the_procedure = $procedure['procedure'];
if ($the_procedure) {
$sql = "CREATE TEMPORARY TABLE remote_proc LIKE procs";
pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error());
$sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . pmb_mysql_escape_string($the_procedure->name) . "', '" . pmb_mysql_escape_string($the_procedure->sql) . "', '" . pmb_mysql_escape_string($the_procedure->comment) . "', '', '" . pmb_mysql_escape_string($the_procedure->params) . "', 0)";
pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error());
$idproc = pmb_mysql_insert_id($dbh);
$hp = new parameters($idproc, "remote_proc");
$t['envt'] = $hp->make_serialized_parameters_params();
}
}
}
}
}
return serialize($t);
}
function run_form($id, $dbh)
{
global $msg;
global $charset;
global $force_exec;
$hp = new parameters($id, "procs");
if (preg_match_all("|!!(.*)!!|U", $hp->proc->requete, $query_parameters)) {
$hp->gen_form("admin.php?categ=proc&sub=proc&action=final&id=" . $id . "&force_exec=" . $force_exec);
} else {
echo "<script>document.location='admin.php?categ=proc&sub=proc&action=final&id=" . $id . "&force_exec=" . $force_exec . "'</script>";
}
}
function run_form($id, $dbh)
{
global $msg;
global $charset;
$hp = new parameters($id, "empr_caddie_procs");
if (preg_match_all("|!!(.*)!!|U", $hp->proc->requete, $query_parameters)) {
$hp->gen_form("circ.php?categ=caddie&sub=gestion&quoi=procs&action=final&id={$id}");
} else {
echo "<script>document.location='circ.php?categ=caddie&sub=gestion&quoi=procs&action=final&id={$id}'</script>";
}
}
<?php require_once "controllers/controller.php"; require_once "models/model.php"; // Injection de dépendance, On envoi l'objet modèle au controller. Just for Fun. $myModule = new parameters(new parametersModel()); $myModule->load($_REQUEST);
function executeProc($procedure, $idProc, $tparams)
{
global $msg, $dbh, $charset, $PMBuserid;
global $pmb_procedure_server_credentials, $pmb_procedure_server_address;
if (SESSrights & ADMINISTRATION_AUTH) {
$name = '';
$report = '';
if ($tparams['envt']) {
foreach ($tparams['envt'] as $aparam => $vparam) {
global ${$aparam};
${$aparam} = $vparam;
}
}
switch ($procedure) {
case INTERNAL:
$hp = new parameters($idProc, 'procs');
$hp->get_final_query();
$code_sql = $hp->final_query;
$autorisations = $hp->proc->autorisations;
break;
case EXTERNAL:
$pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials);
if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) {
$aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1]));
$procedure = $aremote_procedure_client->get_proc($idProc, "AP");
$the_procedure = $procedure['procedure'];
if ($procedure['error_message']) {
$report = htmlentities($msg['remote_procedures_error_server'], ENT_QUOTES, $charset) . ':<br /><i>' . $procedure['error_message'] . '</i>';
$result = array('name' => $the_procedure->name, 'report' => $report);
return $result;
} else {
if ($the_procedure->params && $the_procedure->params != 'NULL') {
$sql = 'CREATE TEMPORARY TABLE remote_proc LIKE procs';
pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error());
$sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . pmb_mysql_escape_string($the_procedure->name) . "', '" . pmb_mysql_escape_string($the_procedure->sql) . "', '" . pmb_mysql_escape_string($the_procedure->comment) . "', '', '" . pmb_mysql_escape_string($the_procedure->params) . "', 0)";
pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error());
$idproc = pmb_mysql_insert_id($dbh);
$hp = new parameters($idproc, 'remote_proc');
$hp->get_final_query();
$the_procedure->sql = $hp->final_query;
$name = $the_procedure->name;
$code_sql = $the_procedure->sql;
$commentaire = $the_procedure->comment;
}
}
}
break;
}
$linetemp = explode(';', $code_sql);
if ($autorisations) {
$temp_autorisation = explode(' ', $autorisations);
}
$allow = false;
if ($temp_autorisation) {
foreach ($temp_autorisation as $userid) {
if ($userid == $PMBuserid) {
$allow = true;
}
}
if (!$allow) {
$report = $msg[11];
// throw new Exception($message, $code);
$result = array('name' => $name, 'report' => $report);
return $result;
}
}
$line = array();
for ($i = 0; $i < count($linetemp); $i++) {
if (trim($linetemp[$i])) {
$line[] = trim($linetemp[$i]);
}
}
while (list($cle, $valeur) = each($line)) {
if ($valeur) {
$report .= "<strong>" . $msg['procs_ligne'] . " {$cle} </strong>: {$valeur}<br /><br />";
$er = explain_requete($valeur);
if ($er) {
$res = @pmb_mysql_query($valeur, $dbh);
$report .= pmb_mysql_error();
$nbr_lignes = @pmb_mysql_num_rows($res);
$nbr_champs = @pmb_mysql_num_fields($res);
if ($nbr_lignes) {
$report .= "<table >";
for ($i = 0; $i < $nbr_champs; $i++) {
$fieldname = pmb_mysql_field_name($res, $i);
$report .= "<th>{$fieldname}</th>";
}
for ($i = 0; $i < $nbr_lignes; $i++) {
$row = pmb_mysql_fetch_row($res);
$report .= "<tr>";
foreach ($row as $dummykey => $col) {
if (trim($col) == '') {
$col = ' ';
}
$report .= '<td >' . $col . '</td>';
}
$report .= "</tr>";
}
$report .= "</table><hr />";
$report .= "<font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . pmb_mysql_affected_rows($dbh) . "</font>";
} else {
$report .= "<br /><font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . pmb_mysql_affected_rows($dbh);
$err = pmb_mysql_error($dbh);
if ($err) {
$report .= "<br />{$err}";
}
$report .= "</font><hr />";
}
} else {
// erreur explain_requete
$report .= $valeur . "<br /><br />" . $msg['proc_param_explain_failed'] . "<br /><br />" . $erreur_explain_rqt;
}
}
}
// fin while
//Export CSV sur le resultat de la derniere requete
if ($er && $nbr_lignes && $tparams['tocsv']['checked'] == '1' && $tparams['tocsv']['filepath']) {
if (!$tparams['tocsv']['sep']) {
$tparams['tocsv']['sep'] = ',';
}
$trow = array();
if ($tparams['tocsv']['enclosure']) {
for ($i = 0; $i < $nbr_champs; $i++) {
$trow[] = addcslashes(pmb_mysql_field_name($res, $i), $tparams['tocsv']['enclosure']);
}
$row = $tparams['tocsv']['enclosure'] . implode($tparams['tocsv']['enclosure'] . $tparams['tocsv']['sep'] . $tparams['tocsv']['enclosure'], $trow) . $tparams['tocsv']['enclosure'] . "\r\n";
} else {
$row = implode($tparams['tocsv']['sep'], $trow) . "\r\n";
}
file_put_contents($tparams['tocsv']['filepath'], $row);
pmb_mysql_data_seek($res, 0);
for ($i = 0; $i < $nbr_lignes; $i++) {
$trow = pmb_mysql_fetch_row($res);
if ($tparams['tocsv']['enclosure']) {
foreach ($trow as $k => $v) {
$trow[$k] = addcslashes($v, $tparams['tocsv']['enclosure']);
}
$row = $tparams['tocsv']['enclosure'] . implode($tparams['tocsv']['enclosure'] . $tparams['tocsv']['sep'] . $tparams['tocsv']['enclosure'], $trow) . $tparams['tocsv']['enclosure'] . "\r\n";
} else {
$row = implode($tparams['tocsv']['sep'], $trow) . "\r\n";
}
file_put_contents($tparams['tocsv']['filepath'], $row, FILE_APPEND);
}
}
$result = array('name' => $name, 'report' => $report);
return $result;
}
return array();
}
