$from = check_date($_REQUEST['from']);
} else {
$from = '';
}
if (isset($_REQUEST['to']) && !empty($_REQUEST['to'])) {
$to = check_date($_REQUEST['to']);
} else {
$to = '';
}
if (isset($_REQUEST['tags']) && !empty($_REQUEST['tags'])) {
$tags = filter_var($_REQUEST['tags'], FILTER_SANITIZE_STRING);
} else {
$tags = '';
}
if (isset($_REQUEST['body']) && !empty($_REQUEST['body'])) {
$body = check_body($_REQUEST['body']);
} else {
$body = '';
}
if (isset($_REQUEST['status']) && !empty($_REQUEST['status'])) {
$status = check_status($_REQUEST['status']);
} else {
$status = '';
}
if (isset($_REQUEST['rating']) && !empty($_REQUEST['rating'])) {
if ($_REQUEST['rating'] === 'no') {
$rating = '0';
} else {
$rating = intval($_REQUEST['rating']);
}
} else {
$title_arr = explode(' ', trim($_GET['title']));
$title = '';
} else {
$title = filter_var(trim($_GET['title']), FILTER_SANITIZE_STRING);
}
} else {
// no title input
$title = '';
}
// BODY
if (isset($_GET['body']) && !empty($_GET['body'])) {
if (strrpos(trim($_GET['body']), " ") !== false) {
$body_arr = explode(' ', trim($_GET['body']));
$body = '';
} else {
$body = filter_var(check_body(trim($_GET['body'])), FILTER_SANITIZE_STRING);
}
} else {
// no body input
$body = '';
}
// FROM
if (isset($_GET['from']) && !empty($_GET['from'])) {
$from = check_date($_GET['from']);
} else {
$from = '';
}
// TO
if (isset($_GET['to']) && !empty($_GET['to'])) {
$to = check_date($_GET['to']);
} else {
$errflag = false;
// CHECKS
// ID
if (is_pos_int($_POST['item_id'])) {
$id = $_POST['item_id'];
if (!item_is_in_team($id, $_SESSION['team_id'])) {
die(_('This section is out of your reach.'));
}
} else {
$id = '';
$msg_arr[] = _("The id parameter is not valid!");
$errflag = true;
}
$title = check_title($_POST['title']);
$date = check_date($_POST['date']);
$body = check_body($_POST['body']);
if (!$errflag) {
// SQL for editDB
$sql = "UPDATE items \n SET title = :title, \n date = :date, \n body = :body, \n userid = :userid \n WHERE id = :id";
$req = $pdo->prepare($sql);
$result1 = $req->execute(array('title' => $title, 'date' => $date, 'body' => $body, 'userid' => $_SESSION['userid'], 'id' => $id));
// we add a revision to the revision table
$sql = "INSERT INTO items_revisions (item_id, body, userid) VALUES(:item_id, :body, :userid)";
$req = $pdo->prepare($sql);
$result2 = $req->execute(array('item_id' => $id, 'body' => $body, 'userid' => $_SESSION['userid']));
// Check if insertion is successful
if ($result1 && $result2) {
header("location: ../database.php?mode=view&id=" . $id);
} else {
$errflag = true;
$msg_arr[] = "Error in the database!";
$req->bindParam(':userid', $userid, PDO::PARAM_INT);
$result[] = $req->execute();
if (in_array(0, $result)) {
$errflag = true;
$error = '17';
} else {
$msg_arr[] = _('Everything was purged successfully.');
$_SESSION['infos'] = $msg_arr;
header('Location: ../admin.php?tab=' . $tab);
exit;
}
}
// DEFAULT EXPERIMENT TEMPLATE
if (isset($_POST['default_exp_tpl'])) {
$tab = '5';
$default_exp_tpl = check_body($_POST['default_exp_tpl']);
$sql = "UPDATE experiments_templates SET\n name = 'default',\n team = :team,\n body = :body\n WHERE userid = 0 AND team = :team";
$req = $pdo->prepare($sql);
$req->bindParam(':team', $_SESSION['team_id']);
$req->bindParam(':body', $default_exp_tpl);
if (!$req->execute()) {
$errflag = true;
$error = '16';
}
}
// REDIRECT USER
if ($errflag) {
$msg_arr[] = sprintf(_("There was an unexpected problem! Please %sopen an issue on GitHub%s if you think this is a bug.") . "<br>E#" . $error, "<a href='https://github.com/elabftw/elabftw/issues/'>", "</a>");
$_SESSION['errors'] = $msg_arr;
header('Location: ../admin.php?tab=' . $tab);
} else {
$errflag = true;
}
} else {
$msg_arr[] = 'The parent registration ID for the salt is not valid!';
$errflag = true;
}
}
}
$mol = check_rxn($_POST['mol']);
$cas_number = isset($_POST['cas_number']) && $_POST['cas_number'] !== '' ? $_POST['cas_number'] : null;
$pubchem_id = isset($_POST['pubchem_id']) && $_POST['pubchem_id'] !== '' ? $_POST['pubchem_id'] : null;
$chemspider_id = isset($_POST['chemspider_id']) && $_POST['chemspider_id'] !== '' ? $_POST['chemspider_id'] : null;
$mwt = isset($_POST['mwt']) ? floatval($_POST['mwt']) ? floatval($_POST['mwt']) : null : null;
$exact_mass = isset($_POST['exact_mass']) ? floatval($_POST['exact_mass']) ? floatval($_POST['exact_mass']) : null : null;
$density = isset($_POST['density']) ? floatval($_POST['density']) ? floatval($_POST['density']) : null : null;
$notes = check_body($_POST['notes']);
$formula = isset($_POST['formula']) ? $_POST['formula'] : null;
// If input errors, redirect back to the experiment form
if ($errflag) {
$_SESSION['errors'] = $msg_arr;
session_write_close();
header("location: compounds.php?mode=view®id={$regid}");
exit;
}
// // if nothing is changed, we can just return.
// if(!$rxnChanged && !$gridChanged && !$prodGridChanged && !$bodyChanged && !$titleChanged && !$gridColumnsChanged && !$prodGridColumnsChanged) {
// unset($_SESSION['new_title']);
// unset($_SESSION['new_date']);
// unset($_SESSION['status']);
// unset($_SESSION['errors']);
// header("location: experiments.php?mode=view&id=$id");
$infoflag = true;
}
// _('Experiment')S TEMPLATES
// add new tpl
if (isset($_POST['new_tpl_form'])) {
// do nothing if the template name is empty
if (empty($_POST['new_tpl_name'])) {
$msg_arr[] = _('You must specify a name for the template!');
$errflag = true;
// template name must be 3 chars at least
} elseif (strlen($_POST['new_tpl_name']) < 3) {
$msg_arr[] = _('The template name must be 3 characters long.');
$errflag = true;
} else {
$tpl_name = filter_var($_POST['new_tpl_name'], FILTER_SANITIZE_STRING);
$tpl_body = check_body($_POST['new_tpl_body']);
$sql = "INSERT INTO experiments_templates(team, name, body, userid) VALUES(:team, :name, :body, :userid)";
$req = $pdo->prepare($sql);
$result = $req->execute(array('team' => $_SESSION['team_id'], 'name' => $tpl_name, 'body' => $tpl_body, 'userid' => $_SESSION['userid']));
$msg_arr[] = _('Experiment template successfully added.');
$infoflag = true;
}
}
// edit templates
if (isset($_POST['tpl_form'])) {
$tpl_id = array();
foreach ($_POST['tpl_id'] as $id) {
$tpl_id[] = $id;
}
$new_tpl_body = array();
foreach ($_POST['tpl_body'] as $body) {
/**
* This is really just a controller function that calls a bunch of other functions. This function is called by ob_start().
* @uses check_head()
* @uses check_meta()
* @uses check_body()
* @uses check_sidebar()
* @uses check_breadcrumb()
* @param string $buffer
* @return string buffer
*/
function on_checkout($buffer)
{
$buffer = check_ie($buffer);
$buffer = check_head($buffer);
$buffer = check_jquery($buffer);
$buffer = check_meta($buffer);
$buffer = check_body($buffer);
$buffer = check_sidebar($buffer);
$buffer = check_breadcrumb($buffer);
$buffer = check_script($buffer);
return $buffer;
}
header('Location: admin.php#items_types');
exit;
} else {
//sql fail
$infos_arr[] = 'There was a problem in the SQL request. Report a bug !';
$_SESSION['errors'] = $infos_arr;
header('Location: admin.php');
exit;
}
}
// add new item type
if (isset($_POST['new_item_type']) && is_pos_int($_POST['new_item_type'])) {
$item_type_name = filter_var($_POST['new_item_type_name'], FILTER_SANITIZE_STRING);
// we remove the # of the hexacode and sanitize string
$item_type_bgcolor = filter_var(substr($_POST['new_item_type_bgcolor'], 1, 6), FILTER_SANITIZE_STRING);
$item_type_template = check_body($_POST['new_item_type_template']);
//TODO
$item_type_tags = '';
$sql = "INSERT INTO items_types(name, bgcolor, template, tags) VALUES(:name, :bgcolor, :template, :tags)";
$req = $bdd->prepare($sql);
$result = $req->execute(array('name' => $item_type_name, 'bgcolor' => $item_type_bgcolor, 'template' => $item_type_template, 'tags' => $item_type_tags));
if ($result) {
$infos_arr[] = 'New item category added successfully.';
$_SESSION['infos'] = $infos_arr;
header('Location: admin.php#items_types');
exit;
} else {
//sql fail
$infos_arr[] = 'There was a problem in the SQL request. Report a bug !';
$_SESSION['errors'] = $infos_arr;
header('Location: admin.php');
