exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// --------------------------------------------------------------------
// If we made it here, then the data is considered valid!
// CONSTRUCT SQL QUERY:
// UPDATE field 'orig_record' in table 'refs':
// original record:
$queryArray[] = "UPDATE {$tableRefs} SET " . "orig_record = -" . $origRecordSerial . " WHERE serial = " . $origRecordSerial;
// duplicate record(s):
$queryArray[] = "UPDATE {$tableRefs} SET " . "orig_record = " . $origRecordSerial . " WHERE serial RLIKE \"^(" . implode("|", $dupRecordSerialsArray) . ")\$\"";
// --------------------------------------------------------------------
// (3) RUN QUERY, (4) DISPLAY HEADER & RESULTS
// (3) RUN the queries on the database through the connection:
foreach ($queryArray as $query) {
$result = queryMySQLDatabase($query);
}
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
$affectedRows = $result ? mysql_affected_rows($connection) : 0;
// get the number of rows that were modified (or return 0 if an error occurred)
if ($affectedRows == 0) {
// we'll file this additional error element here so that the 'errors' session variable isn't empty causing 'duplicate_manager.php' to re-load the form data that were submitted by the user
$errors["ignoredRecords"] = "all";
// return an appropriate error message:
$HeaderString = returnMsg("Nothing was changed by your query!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// Write back session variables:
saveSessionVariable("errors", $errors);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("formVars", $formVars);
// Relocate back to the 'Flag Duplicates' form (script 'duplicate_manager.php'):
function extractFormElementsExtract($showLinks, $citeOrder, $userID)
{
global $tableRefs, $tableUserData;
// defined in 'db.inc.php'
global $loc;
// '$loc' is made globally available in 'core.php'
// Extract form elements (that are unique to the 'extract.php' form):
$sourceText = $_REQUEST['sourceText'];
// get the source text that contains the record serial numbers/cite keys
$startDelim = $_REQUEST['startDelim'];
// get the start delimiter that precedes record serial numbers/cite keys
$endDelim = $_REQUEST['endDelim'];
// get the end delimiter that follows record serial numbers/cite keys
$startDelim = preg_quote($startDelim);
// escape any potential meta-characters
$endDelim = preg_quote($endDelim);
// escape any potential meta-characters
// Extract record serial numbers/cite keys from source text:
$sourceText = "_" . $sourceText;
// Note: by adding a character at the beginning of '$sourceText' we circumvent a problem with the regex pattern below which will strip everything up to the 2nd serial number/cite key if '$sourceText' starts with '$startDelim'
$recordSerialsKeysString = preg_replace("/^.*?(?={$startDelim}.+?{$endDelim}|\$)/s", "", $sourceText);
// remove any text preceeding the first serial number/cite key
$recordSerialsKeysString = preg_replace("/{$startDelim}(.+?){$endDelim}.*?(?={$startDelim}.+?{$endDelim}|\$)/s", "\\1_#_�_~_", $recordSerialsKeysString);
// replace any text between serial numbers/cite keys (or between a serial number/cite key and the end of the text) with "_#_�_~_"; additionally, remove the delimiters enclosing the serial numbers/cite keys
// Note: we do a quick'n dirty approach here, by inserting the string "_#_�_~_" as string delimiter between serial numbers/cite keys. Of course, this will only work as long the string "_#_�_~_" doesn't occur within '$sourceText'.
$recordSerialsKeysString = preg_replace("/(_#_�_~_)?\n?\$/s", "", $recordSerialsKeysString);
// remove any trailing chars (like \n or "_#_�_~_") at end of line
$recordSerialsKeysArray = preg_split("/_#_�_~_/", $recordSerialsKeysString, -1, PREG_SPLIT_NO_EMPTY);
// split string containing the serial numbers/cite keys on the string delimiter "_#_�_~_" (the 'PREG_SPLIT_NO_EMPTY' flag causes only non-empty pieces to be returned)
$recordSerialsKeysArray = array_unique($recordSerialsKeysArray);
// remove any duplicate serial numbers/cite keys from the list of extracted record identifiers
$recordSerialsArray = array();
$escapedRecordKeysArray = array();
$foundRecordSerialsKeysArray = array();
$missingRecordSerialsKeysArray = array();
foreach ($recordSerialsKeysArray as $recordSerialKey) {
if (preg_match("/^\\d+\$/", $recordSerialKey)) {
// every identifier which only contains digits is treated as a serial number! (In other words: cite keys must contain at least one non-digit character)
$recordSerialsArray[] = $recordSerialKey;
} elseif (!empty($recordSerialKey)) {
$escapedRecordKey = preg_quote($recordSerialKey);
// escape any potential meta-characters within cite key
$escapedRecordKeysArray[] = $escapedRecordKey;
}
}
$recordSerialsString = implode("|", $recordSerialsArray);
// merge array of serial numbers again into a string, using "|" as delimiter
$escapedRecordKeysString = implode("|", $escapedRecordKeysArray);
// merge array of cite keys again into a string, using "|" as delimiter
// Construct the SQL query:
// TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
// for the selected records, select all fields that are visible in Citation view:
$query = buildSELECTclause("Cite", $showLinks);
// function 'buildSELECTclause()' is defined in 'include.inc.php'
$query .= " FROM {$tableRefs}";
// add FROM clause
if (isset($_SESSION['loginEmail'])) {
// if a user is logged in...
$query .= " LEFT JOIN {$tableUserData} ON serial = record_id AND user_id = " . quote_smart($userID);
}
// add LEFT JOIN part to FROM clause
// add WHERE clause:
$query .= " WHERE";
if (!empty($recordSerialsArray) or empty($recordSerialsArray) and empty($escapedRecordKeysArray) or empty($recordSerialsArray) and !isset($_SESSION['loginEmail'])) {
// the second condition ensures a valid SQL query if no serial numbers or cite keys were found, same for the third condition if a user isn't logged in and '$sourceText' did only contain cite keys
$query .= " serial RLIKE " . quote_smart("^(" . $recordSerialsString . ")\$");
}
// add any serial numbers to WHERE clause
if (!empty($recordSerialsArray) and (!empty($escapedRecordKeysArray) and isset($_SESSION['loginEmail']))) {
$query .= " OR";
}
if (!empty($escapedRecordKeysArray) and isset($_SESSION['loginEmail'])) {
$query .= " cite_key RLIKE " . quote_smart("^(" . $escapedRecordKeysString . ")\$");
}
// add any cite keys to WHERE clause
// add ORDER BY clause:
if ($citeOrder == "year") {
// sort records first by year (descending), then in the usual way:
$query .= " ORDER BY year DESC, first_author, author_count, author, title";
} elseif ($citeOrder == "type") {
// sort records first by record type (and thesis type), then in the usual way:
$query .= " ORDER BY type DESC, thesis DESC, first_author, author_count, author, year, title";
} elseif ($citeOrder == "type-year") {
// sort records first by record type (and thesis type), then by year (descending), then in the usual way:
$query .= " ORDER BY type DESC, thesis DESC, year DESC, first_author, author_count, author, title";
} elseif ($citeOrder == "creation-date") {
// sort records such that newly added/edited records get listed top of the list:
$query .= " ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC";
} else {
// if any other or no '$citeOrder' parameter is specified, we supply the default ORDER BY pattern (which is suitable for citation in a journal etc.):
$query .= " ORDER BY first_author, author_count, author, year, title";
}
// Check whether the extracted serial numbers and cite keys exist in the database:
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
if (@mysql_num_rows($result) > 0) {
// Loop over each row in the result set:
for ($rowCounter = 0; $row = @mysql_fetch_array($result); $rowCounter++) {
if (!in_array($row["serial"], $foundRecordSerialsKeysArray) or !empty($row["cite_key"]) and !in_array($row["cite_key"], $foundRecordSerialsKeysArray)) {
// add this record's serial number and cite key to the array of found record serials and cite keys:
$foundRecordSerialsKeysArray[] = $row["serial"];
if (!empty($row["cite_key"])) {
$foundRecordSerialsKeysArray[] = $row["cite_key"];
}
}
}
}
$missingRecordSerialsKeysArray = array_diff($recordSerialsKeysArray, $foundRecordSerialsKeysArray);
// get all unique array elements of '$recordSerialsKeysArray' which are not in '$foundRecordSerialsKeysArray'
sort($missingRecordSerialsKeysArray);
if (!empty($escapedRecordKeysArray) and !isset($_SESSION['loginEmail'])) {
// a user can only use cite keys as record identifiers when he's logged in
$messageSuffix = "<br>" . $loc["Warning_LoginToUseCiteKeysAsIdentifiers"] . "!";
} else {
$messageSuffix = "";
}
if (!empty($missingRecordSerialsKeysArray) or !empty($escapedRecordKeysArray) and !isset($_SESSION['loginEmail'])) {
// if some record identifiers could not be found in the database -OR- if a user tries to use cite keys while not being logged in
// return an appropriate error message:
$HeaderString = returnMsg("Following record identifiers could not be found: " . implode(", ", $missingRecordSerialsKeysArray), "warning", "strong", "HeaderString", "", $messageSuffix);
}
// function 'returnMsg()' is defined in 'include.inc.php'
return $query;
}
function addTableIfNotExists($table, $properties)
{
global $connection;
$present = false;
$queryFields = "SHOW TABLES";
$result = queryMySQLDatabase($queryFields);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
while ($row = @mysql_fetch_array($result)) {
// for all tables found, check if any of their names matches the table name that we want to add
if ($row[0] == $table) {
$present = true;
}
}
if (!$present) {
$query = "CREATE TABLE " . $table . " " . $properties;
$result = queryMySQLDatabase($query);
return "true";
} else {
return "false";
}
}
$emailSubject = "New entry: " . $authorString . " " . $yearNo;
if (!empty($publicationName)) {
$emailSubject .= " (" . $publicationName;
if (!empty($volumeNo)) {
$emailSubject .= " " . $volumeNo . ")";
} else {
$emailSubject .= ")";
}
}
$emailBody = "The following record has been added to the " . $officialDatabaseName . ":" . "\n\n author: " . $authorName . "\n title: " . $titleName . "\n year: " . $yearNo . "\n publication: " . $publicationName . "\n volume: " . $volumeNo . "\n issue: " . $issueNo . "\n pages: " . $pagesNo . "\n\n added by: " . $loginFirstName . " " . $loginLastName . "\n details: " . $databaseBaseURL . "show.php?record=" . $serialNo . "\n";
sendEmail($emailRecipient, $emailSubject, $emailBody);
}
} else {
$result = queryMySQLDatabase($queryDeleted);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
$result = queryMySQLDatabase($queryRefs);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
}
// Build correct header message:
$headerMsg = "The record no. " . $serialNo . " has been successfully " . $recordAction . "ed.";
// Append a "Display previous search results" link to the feedback header message if it will be displayed above a single record that was added/edited last:
if (!empty($oldMultiRecordQuery)) {
// Remove any previous 'headerMsg' parameter from the saved query URL:
unset($oldMultiRecordQuery["headerMsg"]);
// After a record has been successfully added/edited/deleted, we include a link to the last multi-record query in the feedback header message if:
// 1) the SQL query in 'oldQuery' is different from that one stored in 'oldMultiRecordQuery', i.e. if 'oldQuery' points to a single record -OR-
// 2) one or more new records have been added/imported
if (!empty($oldQuery) and $oldQuery["sqlQuery"] != $oldMultiRecordQuery["sqlQuery"] and $recordAction != "delet" or $recordAction == "add") {
// Generate a 'search.php' URL that points to the last multi-record query:
$oldMultiRecordQueryURL = generateURL("search.php", "html", $oldMultiRecordQuery, true);
// function 'generateURL()' is defined in 'include.inc.php'
function createNewTableWithParsedTableData($fieldName, $delim)
{
global $loginUserID;
// saved as session variable on login
global $tableRefs, $tableUserData;
// defined in 'db.inc.php'
if (preg_match("/^(user_keys|user_notes|user_file|user_groups)\$/", $fieldName)) {
$query = "SELECT {$fieldName}, record_id, user_id FROM {$tableUserData}";
// WHERE user_id = " . $loginUserID
$userIDTableSpec = "ref_user_id MEDIUMINT UNSIGNED NOT NULL, ";
} else {
$query = "SELECT {$fieldName}, serial FROM {$tableRefs}";
$userIDTableSpec = "";
}
$result = queryMySQLDatabase($query);
$fieldValuesArray = array();
// initialize array variable which will hold the splitted sub-items
// split field values on the given delimiter:
for ($i = 0; $row = @mysql_fetch_array($result); $i++) {
$fieldSubValuesArray = preg_split($delim, $row[$fieldName]);
// split field contents on '$delim' (which is interpreted as perl-style regular expression!)
foreach ($fieldSubValuesArray as $fieldSubValue) {
// // NOTE: we include empty values so that any Browse view query will also display the number of records where the given field is empty
// if (!empty($fieldSubValue))
// {
$fieldSubValue = trim($fieldSubValue);
if ($fieldName == "author") {
$fieldSubValue = trimTextPattern($fieldSubValue, " *\\(eds?\\)", false, true);
}
// remove any existing editor info from the 'author' string, i.e., kill any trailing " (ed)" or " (eds)"
// copy the individual item (as string, ready for database insertion) to the array:
if (preg_match("/^(user_keys|user_notes|user_file|user_groups)\$/", $fieldName)) {
$fieldValuesArray[] = "(NULL, \"" . addslashes($fieldSubValue) . "\", {$row['record_id']}, {$row['user_id']})";
} else {
$fieldValuesArray[] = "(NULL, \"" . addslashes($fieldSubValue) . "\", {$row['serial']})";
}
// }
}
}
// build correct 'ref_...' table and field names:
list($tableName, $fieldName) = buildRefTableAndFieldNames($fieldName);
// NOTE: the below query will only work if the current MySQL user is allowed to CREATE tables ('Create_priv = Y')
// therefore, the CREATE statements should be moved to 'update.sql'!
$queryArray[] = "CREATE TABLE " . $tableName . " (" . $fieldName . "_id MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, " . $fieldName . " VARCHAR(255), " . "ref_id MEDIUMINT UNSIGNED NOT NULL, " . $userIDTableSpec . "INDEX (" . $fieldName . "_id, " . $fieldName . ", ref_id))";
// TODO: Sanitize with quote_smart
foreach ($fieldValuesArray as $fieldValue) {
$queryArray[] = "INSERT INTO " . $tableName . " VALUES " . $fieldValue;
}
// inserting all values at once may cause 'URL too long' server errors:
// $fieldValuesString = implode(", ", $fieldValuesArray); // merge array
// $queryArray[] = "INSERT INTO " . $tableName . " VALUES " . $fieldValuesString;
// RUN the queries on the database through the connection:
foreach ($queryArray as $query) {
$result = queryMySQLDatabase($query);
}
return $tableName;
}
$HeaderString = "<b><span class=\"warning\">There's more than one saved query matching your query title!</span></b>";
} else {
// if ($rowsFound == 0) // nothing found
$HeaderString = "<b><span class=\"warning\">Your saved query couldn't be found!</span></b>";
}
// update the 'userQueries' session variable:
getUserQueries($loginUserID);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Write back session variable:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
// Redirect the browser back to the calling page:
header("Location: " . $referer);
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// We also update the time stamp for that query in the 'queries' table:
$updateQuery = "UPDATE {$tableQueries} SET " . "last_execution = NOW() " . "WHERE user_id = " . quote_smart($loginUserID) . " AND query_id = " . quote_smart($row['query_id']);
$updateResult = queryMySQLDatabase($updateQuery);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
// update the 'userQueries' session variable:
getUserQueries($loginUserID);
// function 'getUserQueries()' is defined in 'include.inc.php'
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
// Build the correct query URL:
// TODO: use function 'generateURL()'
$queryURL = "sqlQuery=" . rawurlencode($row['query']) . "&formType=sqlSearch&submit=" . $row['display_type'] . "&viewType=" . $row['view_type'] . "&showQuery=" . $row['show_query'] . "&showLinks=" . $row['show_links'] . "&showRows=" . $row['show_rows'] . "&citeOrder=" . $row['cite_order'] . "&citeStyle=" . $row['cite_style_selector'];
// call 'search.php' with the correct query URL in order to display all records matching the user's query:
header("Location: search.php?{$queryURL}");
}
function check_login($referer, $loginEmail, $loginPassword)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $connection;
global $HeaderString;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $adminLoginEmail;
global $abbrevInstitution;
global $tableAuth, $tableUserData, $tableUsers;
// defined in 'db.inc.php'
global $loc;
// Get the two character salt from the email address collected from the challenge
$salt = substr($loginEmail, 0, 2);
// Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table)
$crypted_password = crypt($loginPassword, $salt);
// CONSTRUCT SQL QUERY:
$query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
if (isset($_SESSION['formVars'])) {
// delete the 'formVars' session variable:
deleteSessionVariable("formVars");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
$userID = $row["user_id"];
// extract the user's userID from the last query
// Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message)
$query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// CONSTRUCT SQL QUERY
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
$row2 = mysql_fetch_array($result);
// EXTRACT results: fetch the one row into the array '$row2'
// Save the fetched user details to the session file:
// Write back session variables:
saveSessionVariable("loginEmail", $loginEmail);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("loginUserID", $row2["user_id"]);
saveSessionVariable("loginFirstName", $row2["first_name"]);
saveSessionVariable("loginLastName", $row2["last_name"]);
saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]);
saveSessionVariable("userLanguage", $row2["language"]);
saveSessionVariable("lastLogin", $row2["last_login"]);
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $row2["user_id"]);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $row2["user_id"]);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Get all user queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($row2["user_id"]);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Get all export formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation styles that were selected previously by the current user
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes($row2["user_id"], "style", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all document types that were selected previously by the current user
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes($row2["user_id"], "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions($row2["user_id"], "user", true);
// function 'getPermissions()' is defined in 'include.inc.php'
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView($row2["user_id"]);
// function 'getDefaultView()' is defined in 'include.inc.php'
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords($row2["user_id"]);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions($row2["user_id"]);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields($row2["user_id"]);
// function 'getMainFields()' is defined in 'include.inc.php'
// We also update the user's entry within the 'users' table:
$query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}";
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) {
header("Location: " . $referer);
} else {
header("Location: index.php");
}
// back to main page
} else {
// Ensure 'loginEmail' is not registered, so the user is not logged in
if (isset($_SESSION['loginEmail'])) {
// delete the 'loginEmail' session variable:
deleteSessionVariable("loginEmail");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
// Save an error message:
$HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
login_page($referer);
}
// -------------------
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
}
function showUserData($userID, $userAction, $connection)
{
global $HeaderString;
global $viewType;
global $loginWelcomeMsg;
global $loginStatus;
global $loginLinks;
global $loginEmail;
global $adminLoginEmail;
global $officialDatabaseName;
global $defaultLanguage;
global $tableUsers;
// defined in 'db.inc.php'
global $loc;
// '$loc' is made globally available in 'core.php'
// CONSTRUCT SQL QUERY:
$query = "SELECT * FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// (3) RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// (4) EXTRACT results (since 'user_id' is the unique primary key for the 'users' table, there will be only one matching row)
$row = @mysql_fetch_array($result);
// Build the correct header message:
if (!isset($_SESSION['HeaderString'])) {
// if there's no saved message
if ($userAction == "Delete") {
// provide an appropriate header message:
$HeaderString = "<b><span class=\"warning\">Delete user</span> " . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . ")</b>:";
} elseif (empty($userID)) {
$HeaderString = "Account details and options for anyone who isn't logged in:";
} else {
// provide the default message:
$HeaderString = "Account details and options for <b>" . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . ")</b>:";
}
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// Get the list of "main fields" preferred by the current user:
// NOTE: We have to call function 'getMainFields()' up here since it updates
// session variable 'userMainFields' which gets used in function
// 'buildQuickSearchElements()' (which, in turn, is called from within
// function 'showPageHeader()')
$mainFieldsArray = getMainFields($userID);
// function 'getMainFields()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions:
// (see note for '$mainFieldsArray' which also applies here)
$showAutoCompletions = getPrefAutoCompletions($userID);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Map MySQL field names to localized column names:
$fieldNamesArray = mapFieldNames();
// function 'mapFieldNames()' is defined in 'include.inc.php'
$localizedMainFieldsArray = array();
foreach ($mainFieldsArray as $field) {
if (isset($fieldNamesArray[$field])) {
$localizedMainFieldsArray[$field] = $fieldNamesArray[$field];
} else {
// no localized field name exists, so we use the original field name
$localizedMainFieldsArray[$field] = $field;
}
}
// Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Receipt", "noindex,nofollow", "Receipt page confirming correct entry of user details and options for the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array());
showPageHeader($HeaderString);
// Start main table:
echo "\n<table id=\"accountinfo\" align=\"center\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"95%\" summary=\"This table displays user account details and options\">";
echo "\n<tr>" . "\n\t<td valign=\"top\" width=\"28%\">";
// Start left sub-table:
echo "\n\t\t<table id=\"accountdetails\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account details\">";
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>Account Details:</b></td>";
if (mysql_num_rows($result) == 1) {
// Add edit/delete button:
echo "\n\t\t\t<td align=\"left\">";
// If the admin is logged in, allow the display of a button that will delete the currently shown user:
if (isset($_SESSION['loginEmail']) && $loginEmail == $adminLoginEmail) {
if ($userAction == "Delete") {
echo "<a href=\"user_removal.php?userID=" . $userID . "\"><img src=\"img/delete.gif\" alt=\"" . $loc["delete"] . "\" title=\"" . $loc["LinkTitle_DeleteUser"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
}
if ($userAction != "Delete") {
echo "<a href=\"user_details.php?userID=" . $userID . "\"><img src=\"img/edit.gif\" alt=\"" . $loc["edit"] . "\" title=\"" . $loc["LinkTitle_EditDetails"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
// Display a password reminder:
// (but only if a normal user is logged in -OR- the admin is logged in AND the updated user data are his own!)
if ($loginEmail != $adminLoginEmail | ($loginEmail == $adminLoginEmail && $userID == getUserID($loginEmail))) {
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\"><i>Please record your password somewhere safe for future use!</i></td>\n\t\t</tr>";
}
// Print title, first name, last name and institutional abbreviation:
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\">\n\t\t\t\t";
if (!empty($row["title"])) {
echo $row["title"] . ". ";
}
echo encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . encodeHTML($row["abbrev_institution"]) . ")";
// Since the first name, last name and abbrev. institution fields are mandatory, we don't need to check if they're empty
// Print institution name:
if (!empty($row["institution"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["institution"]);
}
// Print corporate institution name:
if (!empty($row["corporate_institution"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["corporate_institution"]);
}
// If any of the address lines contain data, add a spacer row:
if (!empty($row["address_line_1"]) || !empty($row["address_line_2"]) || !empty($row["address_line_3"]) || !empty($row["zip_code"]) || !empty($row["city"]) || !empty($row["state"]) || !empty($row["country"])) {
echo "\n\t\t\t\t<br>";
}
// Print first address line:
if (!empty($row["address_line_1"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_1"]);
}
// Print second address line:
if (!empty($row["address_line_2"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_2"]);
}
// Print third address line:
if (!empty($row["address_line_3"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_3"]);
}
// Print zip code and city:
if (!empty($row["zip_code"]) && !empty($row["city"])) {
// both fields are available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["zip_code"]) . " " . encodeHTML($row["city"]);
} elseif (!empty($row["zip_code"]) && empty($row["city"])) {
// only 'zip_code' available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["zip_code"]);
} elseif (empty($row["zip_code"]) && !empty($row["city"])) {
// only 'city' field available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["city"]);
}
// Print state:
if (!empty($row["state"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["state"]);
}
// Print country:
if (!empty($row["country"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["country"]);
}
// If any of the phone/url/email fields contain data, add a spacer row:
if (!empty($row["phone"]) || !empty($row["url"]) || !empty($row["email"])) {
echo "\n\t\t\t\t<br>";
}
// Print phone number:
if (!empty($row["phone"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "Phone: " . encodeHTML($row["phone"]);
}
// Print URL:
if (!empty($row["url"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "URL: <a href=\"" . $row["url"] . "\">" . $row["url"] . "</a>";
}
// Print email:
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "Email: <a href=\"mailto:" . $row["email"] . "\">" . $row["email"] . "</a>";
// Since the email field is mandatory, we don't need to check if it's empty
echo "\n\t\t\t</td>\n\t\t</tr>";
} else {
echo "\n\t\t\t<td align=\"right\"></td>\n\t\t</tr>";
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\">(none)</td>\n\t\t</tr>";
}
// Close left sub-table:
echo "\n\t\t</table>";
// Close left table cell of main table:
echo "\n\t</td>";
if ($userAction != "Delete") {
// ------------------------------------------------------------
// Start middle table cell of main table:
echo "\n\t<td valign=\"top\">";
// Start middle sub-table:
echo "\n\t\t<table id=\"accountopt\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account options\">";
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>Display Options:</b></td>" . "\n\t\t\t<td align=\"right\">";
if (mysql_num_rows($result) == 1 or $userID == 0) {
// If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in)
echo "<a href=\"user_options.php?userID=" . $userID . "\"><img src=\"img/options.gif\" alt=\"" . $loc["options"] . "\" title=\"" . $loc["LinkTitle_EditOptions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
// Show the user's selected interface language:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Use language:</td>";
if (mysql_num_rows($result) == 1) {
// If there's a user associated with this user ID
echo "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $row["language"] . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>";
} else {
// no user exists with this user ID
echo "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $defaultLanguage . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>";
}
echo "\n\t\t</tr>";
// get the default number of records per page preferred by the current user:
$recordsPerPage = getDefaultNumberOfRecords($userID);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// show the user's default number of records per page:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Show records per page:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $recordsPerPage . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// show the user's preference for displaying auto-completions:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Show auto-completions:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $loc[$showAutoCompletions] . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
if ($loginEmail == $adminLoginEmail) {
$ShowEnabledDescriptor = "Enabled";
// get all formats/styles/types that are available and were enabled by the admin for the current user:
$userTypesArray = getEnabledUserFormatsStylesTypes($userID, "type", "", false);
// function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php'
$citationStylesArray = getEnabledUserFormatsStylesTypes($userID, "style", "", false);
$citationFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "cite", false);
$exportFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "export", false);
} else {
$ShowEnabledDescriptor = "Show";
// get all formats/styles/types that were selected by the current user
// and (if some formats/styles/types were found) save them as semicolon-delimited string to an appropriate session variable:
$userTypesArray = getVisibleUserFormatsStylesTypes($userID, "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
$citationStylesArray = getVisibleUserFormatsStylesTypes($userID, "style", "");
$citationFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "cite");
$exportFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "export");
// Note: the function 'getVisibleUserFormatsStylesTypes()' will only update the appropriate session variables if
// either a normal user is logged in -OR- the admin is logged in AND the updated user data are his own(*);
// otherwise, the function will simply return an array containing all matching values
// (*) the admin-condition won't apply here, though, since this function gets only called for normal users. This means, that
// the admin is currently not able to hide any items from his popup lists via the admin interface (he'll need to hack the MySQL tables)!
}
// list types:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " reference types:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($userTypesArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $userTypesArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list styles:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " citation styles:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($citationStylesArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $citationStylesArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list cite formats:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " citation formats:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($citationFormatsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $citationFormatsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list export formats:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " export formats:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($exportFormatsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $exportFormatsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list all fields that were selected by the current user as "main fields":
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>\"Main fields\" searches:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($localizedMainFieldsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $localizedMainFieldsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// Close middle sub-table:
echo "\n\t\t</table>";
// Close middle table cell of main table:
echo "\n\t</td>";
// ------------------------------------------------------------
// Start right table cell of main table:
echo "\n\t<td valign=\"top\">";
// Start right sub-table:
echo "\n\t\t<table id=\"accountperm\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account permissions\">";
if ($loginEmail == $adminLoginEmail) {
// get all user permissions for the current user:
$userPermissionsArray = getPermissions($userID, "user", false);
// function 'getPermissions()' is defined in 'include.inc.php'
// map raw field names from table 'user_permissions' with items of the global localization array ('$loc'):
$localizedUserPermissionsArray = array('allow_add' => 'UserPermission_AllowAdd', 'allow_edit' => 'UserPermission_AllowEdit', 'allow_delete' => 'UserPermission_AllowDelete', 'allow_download' => 'UserPermission_AllowDownload', 'allow_upload' => 'UserPermission_AllowUpload', 'allow_list_view' => 'UserPermission_AllowListView', 'allow_details_view' => 'UserPermission_AllowDetailsView', 'allow_print_view' => 'UserPermission_AllowPrintView', 'allow_browse_view' => 'UserPermission_AllowBrowseView', 'allow_sql_search' => 'UserPermission_AllowSQLSearch', 'allow_user_groups' => 'UserPermission_AllowUserGroups', 'allow_user_queries' => 'UserPermission_AllowUserQueries', 'allow_rss_feeds' => 'UserPermission_AllowRSSFeeds', 'allow_import' => 'UserPermission_AllowImport', 'allow_export' => 'UserPermission_AllowExport', 'allow_cite' => 'UserPermission_AllowCite', 'allow_batch_import' => 'UserPermission_AllowBatchImport', 'allow_batch_export' => 'UserPermission_AllowBatchExport', 'allow_modify_options' => 'UserPermission_AllowModifyOptions', 'allow_edit_call_number' => 'UserPermission_AllowEditCallNumber');
$enabledUserActionsArray = array();
// initialize array variables
$disabledUserActionsArray = array();
// separate enabled permission settings from disabled ones and assign localized permission names:
foreach ($userPermissionsArray as $permissionKey => $permissionValue) {
if ($permissionValue == 'yes') {
$enabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]];
} else {
$disabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]];
}
// append this field's localized permission name to the array of disabled user actions
}
if (empty($enabledUserActionsArray)) {
$enabledUserActionsArray[] = "(none)";
}
if (empty($disabledUserActionsArray)) {
$disabledUserActionsArray[] = "(none)";
}
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>User Permissions:</b></td>" . "\n\t\t\t<td align=\"right\">";
if (mysql_num_rows($result) == 1 or $userID == 0) {
// If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in)
echo "<a href=\"user_options.php?userID=" . $userID . "#permissions\"><img src=\"img/options.gif\" alt=\"" . $loc["permissions"] . "\" title=\"" . $loc["LinkTitle_EditPermissions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Enabled features:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . implode("</li>\n\t\t\t\t\t<li>", $enabledUserActionsArray) . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Disabled features:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . implode("</li>\n\t\t\t\t\t<li>", $disabledUserActionsArray) . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
}
// Close right sub-table:
echo "\n\t\t</table>";
// Close right table cell of main table:
echo "\n\t</td>";
}
echo "\n</tr>";
// Close main table:
echo "\n</table>";
}
