$buffer .= "</ul>"; $buffer .= "\n<ul class=\"actionButtons\">"; $buffer .= "\n<li><input type=\"button\" class=\"button\" value=\"" . get_opendb_lang_var('check_all') . "\" onClick=\"setCheckboxes(this.form, 'export_columns', true);\"></li>" . "\n<li><input type=\"button\" class=\"button\" value=\"" . get_opendb_lang_var('uncheck_all') . "\" onClick=\"setCheckboxes(this.form, 'export_columns', false);\"></li>" . "\n<li><input type=\"reset\" class=\"reset\" value=\"" . get_opendb_lang_var('reset') . "\"></li>" . "\n<li class=\"submitButton\"><input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('export_items') . "\"></li>" . "</ul>"; $buffer .= '</form>'; return $buffer; } if (is_site_enabled()) { if (is_opendb_valid_session()) { if (is_user_granted_permission(PERM_ADMIN_EXPORT) || is_user_granted_permission(PERM_USER_EXPORT)) { if (!is_numeric($HTTP_VARS['item_id']) && !is_user_granted_permission(PERM_ADMIN_EXPORT)) { $HTTP_VARS['owner_id'] = get_opendb_session_var('user_id'); } if ($HTTP_VARS['op'] == 'export') { $exportPlugin =& get_export_plugin($HTTP_VARS['plugin']); if ($exportPlugin !== NULL) { if (strlen($HTTP_VARS['s_item_type']) == 0 || is_valid_item_type_structure($HTTP_VARS['s_item_type'])) { if ($exportPlugin->get_plugin_type() == 'row') { // Work out page title. if (strlen($HTTP_VARS['owner_id']) > 0) { $page_title = get_opendb_lang_var('type_export_for_name_item_type', array('description' => $exportPlugin->get_display_name(), 'fullname' => fetch_user_name($HTTP_VARS['owner_id']), 'user_id' => $HTTP_VARS['owner_id'], 's_item_type' => $HTTP_VARS['s_item_type'])); } else { if (strlen($HTTP_VARS['s_item_type']) > 0) { $page_title = get_opendb_lang_var('type_export_for_item_type', array('description' => $exportPlugin->get_display_name(), 's_item_type' => $HTTP_VARS['s_item_type'])); } else { $page_title = get_opendb_lang_var('type_export', array('description' => $exportPlugin->get_display_name())); } } if (is_not_empty_array($HTTP_VARS['export_columns'])) { @set_time_limit(600); if (!export_row_items($exportPlugin, $page_title, $HTTP_VARS['include_header'], $HTTP_VARS['export_columns'], $HTTP_VARS['s_item_type'], $HTTP_VARS['owner_id'])) { echo _theme_header($page_title);
function handle_item_insert(&$item_r, $HTTP_VARS, &$errors) { if (is_user_granted_permission(PERM_ITEM_OWNER) && $item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ITEM_ADMIN)) { // Before trying to insert items into this structure, first ensure it is valid. if (is_valid_item_type_structure($item_r['s_item_type'])) { // We need to get the title if (validate_item_attributes('insert', $item_r['s_item_type'], $HTTP_VARS, $errors)) { $fieldname = 'title'; if (!is_array($HTTP_VARS[$fieldname])) { if (preg_match("/new([0-9]+)/", $HTTP_VARS[$fieldname], $matches) && isset($HTTP_VARS[$fieldname . '_' . $matches[0]])) { $fieldname = $fieldname . '_' . $matches[0]; } } $item_r['title'] = $HTTP_VARS[$fieldname]; $is_exists_owner_title = FALSE; $is_exists_title = FALSE; // Check owner context if (get_opendb_config_var('item_input', 'duplicate_title_support') !== TRUE || $HTTP_VARS['confirmed'] != 'true' && get_opendb_config_var('item_input', 'confirm_duplicate_owner_insert') !== FALSE) { $is_exists_owner_title = is_exists_title($item_r['title'], $item_r['s_item_type'], $item_r['owner_id']); } // Only check title/s_item_type context if (get_opendb_config_var('item_input', 'duplicate_title_support') !== TRUE || $HTTP_VARS['confirmed'] != 'true' && get_opendb_config_var('item_input', 'confirm_duplicate_insert') !== FALSE) { $is_exists_title = is_exists_title($item_r['title'], $item_r['s_item_type']); } // Unless duplicate title support is allowed we cannot continue. if (!$is_exists_title && !$is_exists_owner_title || get_opendb_config_var('item_input', 'duplicate_title_support') !== FALSE) { if (!$is_exists_title && !$is_exists_owner_title) { if ($HTTP_VARS['trial_run'] != 'true') { $new_item_id = insert_item($item_r['s_item_type'], $item_r['title']); if ($new_item_id !== FALSE) { $item_r['item_id'] = $new_item_id; // insert any item level attributes handle_item_attributes('insert', $item_r, $HTTP_VARS, $errors); return TRUE; } else { $db_error = db_error(); $errors = array('error' => get_opendb_lang_var('item_not_added'), 'detail' => $db_error); return FALSE; } } else { //if($HTTP_VARS['trial_run'] != 'true') return TRUE; } } else { if ($HTTP_VARS['confirmed'] != 'false') { // if explicitly false, then we are aborting insert. if ($is_exists_owner_title) { $errors = array('error' => get_opendb_lang_var('title_same_type_and_owner_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => ''); return "__CONFIRM_EXISTS_OWNER_TITLE__"; } else { if ($is_exists_title) { $errors = array('error' => get_opendb_lang_var('title_same_type_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => ''); return "__CONFIRM_EXISTS_TITLE__"; } } } else { //insert aborted. return "__ABORTED__"; } } } else { // cannot insert duplicate. if ($is_exists_owner_title) { $errors = array('error' => get_opendb_lang_var('title_same_type_and_owner_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => ''); } else { if ($is_exists_title) { $errors = array('error' => get_opendb_lang_var('title_same_type_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => ''); } } return FALSE; } } else { //if(validate_item_attributes("insert", $item_r['s_item_type'], $errors)) return "__INVALID_DATA__"; } } else { // if(is_valid_item_type_structure($item_r['s_item_type'])) $errors = array('error' => get_opendb_lang_var('invalid_item_type_structure', 's_item_type', $item_r['s_item_type']), 'detail' => ''); // An error like this is a big problem, and should be dealt with quickly, but there is no sense in alarming the // user by sending back an error. return FALSE; } } else { // non-admin user attempting to insert item for someone else. $errors = array('error' => get_opendb_lang_var('operation_not_available')); opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User attemped to insert an item for another user', $item_r); return FALSE; } }
function handle_new_or_site($op, $item_r, $status_type_r, $HTTP_VARS, &$errors) { if (is_user_granted_permission(PERM_ITEM_OWNER) && $item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ITEM_ADMIN)) { if (is_valid_item_type_structure($item_r['s_item_type'])) { $formContents = get_edit_form($op, $item_r, $status_type_r, $HTTP_VARS); if ($formContents != FALSE) { return $formContents; } else { $errors = array('error' => get_opendb_lang_var('undefined_error'), detail => ''); return FALSE; } } else { $errors = array('error' => get_opendb_lang_var('invalid_item_type_structure', 's_item_type', $item_r['s_item_type']), 'detail' => ''); return FALSE; } } else { $errors = array('error' => get_opendb_lang_var('operation_not_available')); opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User attempted to insert an item for another user', $item_r); return FALSE; } }