function _getRecords_preview($schemaIn, $options)
{
global $CURRENT_USER, $schema;
// these globals are used by the functions called below
$schema = $schemaIn;
// get productionRecord from database if 'num' was supplied
$previewNum = intval(@$_REQUEST['preview:num']);
list($productionRecords, ) = getRecords(array('tableName' => @$options['tableName'], 'where' => "num = {$previewNum}", 'ignoreHidden' => true, 'ignorePublishDate' => true, 'ignoreRemoveDate' => true, 'loadPseudoFields' => false, 'loadCreatedBy' => false, 'allowSearch' => false, 'loadUploads' => false));
$productionRecord = @$productionRecords[0];
// security: check access
require_once SCRIPT_DIR . "/lib/admin_functions.php";
require_once SCRIPT_DIR . "/lib/user_functions.php";
require_once SCRIPT_DIR . "/lib/login_functions.php";
$CURRENT_USER = getCurrentUserFromCMS();
// v2.51 support preview even if website membership enabled with different accounts table and separate login
global $hasEditorAccess;
// needed by /lib/common.php _getRecordValuesFromFormInput
$hasEditorAccess = userSectionAccess($options['tableName']) >= 9;
$hasAuthorAccess = userSectionAccess($options['tableName']) >= 6;
$userOwnsRecord = !$productionRecord || $CURRENT_USER['num'] == $productionRecord['createdByUserNum'];
// user is creating record (no num) or is owner
if (!$CURRENT_USER) {
die(t("You must be logged in to use this feature!"));
}
if (!$hasAuthorAccess) {
die(t("You don't have permissions to access this menu."));
}
if (!$hasEditorAccess && !$userOwnsRecord) {
die(sprintf(t("You don't have permission to access these records: %s"), $productionRecord['createdByUserNum']));
}
// build up our record from form input
$record = _getRecordValuesFromFormInput('preview:');
// if this is an existing record, load any fields not supplied by form input
$record['num'] = $previewNum;
if ($productionRecord) {
$record = array_merge($productionRecord, $record);
} else {
$record = _addUndefinedDefaultsToNewRecord($record, getMySqlColsAndType(mysql_escape(getTableNameWithPrefix($options['tableName']))));
}
// if there was no production record available, default some fields
if (@$schema['updatedByUserNum']) {
$record['updatedByUserNum'] = $CURRENT_USER['num'];
}
if (@$schema['updatedDate']) {
$record['updatedDate'] = date('Y-m-d H:i:s');
}
$filenameValue = getFilenameFieldValue($record, @$schema['_filenameFields']);
$record['_filename'] = rtrim($filenameValue, '-');
if (@(!$schema['_detailPage'])) {
$record['_link'] = "javascript:alert('Set Detail Page Url for this section in: Admin > Section Editors > Viewer Urls')";
} elseif (@$options['useSeoUrls']) {
$record['_link'] = PREFIX_URL . @$schema['_detailPage'] . '/' . $filenameValue . $record['num'] . "/";
} else {
$record['_link'] = PREFIX_URL . @$schema['_detailPage'] . '?' . $filenameValue . $record['num'];
}
$rows = array($record);
// Add pseudo-fields
if (@$options['loadPseudoFields']) {
_getRecords_addPseudoFields($rows, $options, $schema);
}
// Add uploads
if (@$options['loadUploads']) {
// single record sections: don't use preSaveTempId so if no record has ever been created yet make sure 'num' is set to 1
_getRecords_addUploadFields($rows, $options, $schema, $_REQUEST['preview:preSaveTempId']);
}
// Add createdBy.fields to records
if (@$options['loadCreatedBy'] && @$schema['createdByUserNum']) {
_getRecords_joinTable($rows, $options, 'accounts');
}
// Add joinTable fields
if (@$options['joinTable']) {
_getRecords_joinTable($rows, $options);
}
// get List Details
$listDetails = array();
if ($options['loadListDetails']) {
$listDetails = _getRecords_getListDetails($options, 1, 1, $schema);
}
return array($rows, $listDetails, $schema);
}
<?php
global $tableName, $schema, $escapedTableName, $isMyAccountMenu;
// Check if old record exists and load it
$query = mysql_escapef("SELECT * FROM `{$escapedTableName}` WHERE num = ? LIMIT 1", @$_REQUEST['num']);
$oldRecord = mysql_get_query($query);
$recordExists = $oldRecord;
$isNewRecord = !$oldRecord;
//
doAction('record_presave', $tableName, $isNewRecord, $oldRecord);
//
$mySqlColsAndTypes = getMySqlColsAndType($escapedTableName);
$newRecordValues = _getRecordValuesFromFormInput();
### Security Checks
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
### error checking
$inputErrors = '';
$maxRecordError = $recordExists ? '' : showMaxRecordsError('returnText');
if ($maxRecordError) {
$inputErrors = $maxRecordError;
} elseif (@$schema['_disableAdd'] && !$recordExists) {
$inputErrors = t('Adding records has been disabled for this section!') . "\n";
} elseif (@$schema['_disableModify'] && $recordExists) {
$inputErrors = t('Modifying records has been disabled for this section!') . "\n";
} else {
$inputErrors = _getInputValidationErrors($mySqlColsAndTypes, $newRecordValues);
}
if ($inputErrors) {
die($inputErrors);