session_start(); $admin = $_SESSION['admin']; //include class, create new Formitable, set primary key field name include "include/Formitable.class.php"; $myconn = mysql_connect($prDbhost, $prDbusername, $prDbpassword); mysql_query("SET NAMES 'utf8'", $myconn); mysql_query("SET CHARACTER SET 'utf8'", $myconn); // initialize Formitable $newForm = new Formitable($myconn, $prDbname, $prTable); $newForm->setPrimaryKey("id"); // if form has been submitted, call Formitable submit method if (isset($_POST['submit'])) { // if not admin, skip (don't update) the following fields if (!$admin) { $skipped = array('emails1', 'schnip', 'dimo', 'sch1', 'sch2'); $newForm->skipFields($skipped); } $newForm->submitForm(); } else { //retrieve a record for update if GET var is set if (isset($_GET['id'])) { $newForm->getRecord($_GET['id']); } else { die("Error...(no get var)"); } // check if school or admin, else die if (!$admin) { $email = $newForm->getFieldValue('emails1'); if (!strcmp($email, $_SESSION['email1']) || !strcmp($email, $_SESSION['email2'])) { } else { $errormsg = iconv('Windows-1253', 'UTF-8', '<h2>Λάθος. Δεν έχετε δικαίωμα να δείτε αυτό το πρόγραμμα...</h2>');
$smarty->assign('folder', 'set'); } else { if ($_REQUEST['filename']) { $objectpath = $_REQUEST['filename']; #$objectpath = basename($objectpath); } } $security = new Security($db); $result = $security->profileObjects($objectpath); if (count($result) == 0) { $assignedTo = 'NONE'; } #create form object $sec = new Formitable($db, 'sionapros_object_profile'); $sec->forceTypes(array('object'), array('hidden')); $sec->skipFields(array('activefolder', 'filename')); $sec->normalizedField('profile_id', 'sionapros_profiles', 'profile_id', 'profile', 'profile_id ASC'); #custom labels $sec->labelField('profile_id', 'Profile *'); //set up regular expressions for field validation $sec->registerValidation("required", ".+", "Field MUST be filled in please."); //set up fields for validation using regexs above $sec->validateField("profile_id", "required"); #set default values $sec->setDefaultValue('object', $objectpath); $nmSQL = "SELECT profile FROM sionapros_profiles WHERE profile_id = {$_POST['profile_id']}"; $nm = $db->execute($nmSQL); $sec->msg_insertSuccess = "The object {$objectpath} is now only accessible to users under the {$nm[0]['profile']} profile."; //set all output to be returned instead of printed $sec->returnOutput = true; $smarty->assign('msg', $msg);