user_fields.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: user_fields.php,v $
// | $Date: 2004/02/10 01:34:25 $
// | $Revision: 1.31 $
// +-------------------------------------------------------------+
// | File Details:
// | - Custom user field maintenance (administration interface)
// +-------------------------------------------------------------+

error_reporting(E_ALL & ~E_NOTICE);

require_once('./global.php');
//Nullify WTN-WDYL Team

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "view";
}

// globalise variables
$global = array	(
			array('id', 'number'),
			array('type')
);
rg($global);

language_check();

############################### CREATE INDEX ###############################

if ($_REQUEST['do'] == 'createindex') {
	$db->query("SHOW INDEX FROM user");
	while ($index = $db->row_array()) {
		$indexed[$index['Column_name']] = 1;
	}
	$column = $db->query_return("SELECT name FROM user_def WHERE id = '$_REQUEST[id]'");
	$column = $column['name'];
	if (!$indexed[$column]) {
		$db->query("CREATE INDEX $column ON user ($column(20))");
		alert('Index created.');
		$_REQUEST['do'] = 'view';
	} else {
		alert('Index already present.');
	}
}

############################### DELETE INDEX ###############################

if ($_REQUEST['do'] == 'dropindex') {
	$db->query("SHOW INDEX FROM user");
	while ($index = $db->row_array()) {
		$indexed[$index['Column_name']] = 1;
	}
	$column = $db->query_return("SELECT name FROM user_def WHERE id = '$_REQUEST[id]'");
	$column = $column['name'];
	if ($indexed[$column]) {
		$db->query("DROP INDEX $column ON user");
		alert('Index removed.');
		$_REQUEST['do'] = 'view';
	} else {
		alert('No index present.');
	}
}

############################### CREATE NEW PROFILE FIELDS ###############################

if (($_REQUEST['do'] == "new3") OR ($_REQUEST['do'] == "update")) {

	if ($_REQUEST['regex'] != NULL) {
		$match = @preg_match($_REQUEST['regex'], '');
		if (!is_int($match)) { // It's invalid unless $match is an integer
			mistake('The regular expression you specified is invalid. Refer to
				PHP\'s manual
				for current information about PHP\'s implementation of Perl-compatible 
				Regular Expressions. This may assist you in building a valid regular
				expression. Please go back and correct the regular expression.');
		}
	}

	// code for creating a new field
	if ($_REQUEST['do'] == "new3") {

		$query = "INSERT INTO user_def SET ";

		// get max field number
		$db->query("SELECT name FROM user_def WHERE name LIKE 'custom%'");
		while ($results = $db->row_array()) {

			eregi("^custom([0-9]*)", $results[name], $value);
			if ($max < $value[1]) {
				$max = $value[1];
			}
		}

		$max++;
		$name = "custom" . $max;

		// create the column
		$db->query("ALTER TABLE user ADD $name MEDIUMTEXT");

		// sort out field
		$user_field[formtype] = $_REQUEST[formtype];

	// code for updating a field
	} elseif ($_REQUEST['do'] == "update") {
		
		$user_field = $db->query_return("SELECT * FROM user_def WHERE id = " . intval($id));
		$query = "UPDATE user_def SET ";
		$name = $user_field[name];

	}

	############################### THE FIELD DATA ############################### 

	if	(($user_field[formtype] == "checkbox") OR 
		($user_field[formtype] == "radio") OR 
		($user_field[formtype] == "select")) {

		// build array of current data
		$temp_data = unserialize($user_field[data]);
		if (is_array($temp_data)) {
			foreach($temp_data AS $key => $var) {
				$with_content[] = $temp_data[$key][0];
			}
		}
		
		// build array of new data
		if (is_array($_REQUEST[elementid])) {
			$default = 0;
			foreach($_REQUEST[elementid] AS $key => $var) {
				if (!is_int($key)) {
					$key++;
				}

				if ($_REQUEST[name][$key] != "") {
					if ($user_field[formtype] == "radio" or ($user_field[formtype] == "select" AND !$user_field[multiselect])) {
						if ($default) {
							$def = 0;
						} else {
							$def = $_REQUEST[start][$key];
						}
					} else {
						$def = $_REQUEST[start][$key];
					}
					$data[] = array(
						$key,
						$_REQUEST[order][$key],
						$_REQUEST[name][$key],
						$def
						);
				} else {

				// check if there used to be value
					if (is_array($with_content)) {
						if (in_array($key, $with_content)) {

							// row needs to be deleted from the database
							$db->query("
								UPDATE user SET $user_field[name] = REPLACE ($user_field[name], '$key|||', '')
							");

						}		
					}
				}
			}
		}

		// sort based on order
		if (is_array($data)) {
			usort($data, "array_order2"); 
		}
	
		// convert to data to store in database
		$data = serialize($data);

	}

	############################### LANGUAGE BITS ###############################

	if ($settings[language_on]) {

		$_REQUEST[display_name] = serialize($_REQUEST[display_name]);
		$_REQUEST[description] = serialize($_REQUEST[description]);
		$_REQUEST[error_message] = serialize($_REQUEST[error_message]);

	} else {

		$display_name[$settings[default_language]] = $_REQUEST['display_name'];
		$description[$settings[default_language]] = $_REQUEST['description'];
		$error_message[$settings[default_language]] = $_REQUEST['error_message'];

		$_REQUEST[display_name] = serialize($display_name);
		$_REQUEST[description] = serialize($description);
		$_REQUEST[error_message] = serialize($error_message);

	}

	############################### QUERY REDIRECT ############################### 

	$query .= "
		name = '$name',
		data = '".mysql_escape_string($data)."',
		display_name = '".mysql_escape_string($_REQUEST['display_name'])."',
		description = '".mysql_escape_string($_REQUEST['description'])."',
		required = '".mysql_escape_string($_REQUEST['required'])."',
		user_start  = '".mysql_escape_string($_REQUEST['user_start'])."',
		user_viewable = '".mysql_escape_string($_REQUEST['user_viewable'])."',
		user_editable = '".mysql_escape_string($_REQUEST['user_editable'])."',
		tech_viewable = '".mysql_escape_string($_REQUEST['tech_viewable'])."',
		tech_editable = '".mysql_escape_string($_REQUEST['tech_editable'])."',
		displayorder = '".mysql_escape_string($_REQUEST['displayorder'])."',
		extrainput = '".mysql_escape_string($_REQUEST['extrainput'])."',
		extrainput_location = '".mysql_escape_string($_REQUEST['extrainput_location'])."',
		extrainput_text = '".mysql_escape_string($_REQUEST['extrainput_text'])."',
		minlength = '".mysql_escape_string($_REQUEST['minlength'])."',
		maxlength = '".mysql_escape_string($_REQUEST['maxlength'])."',
		maxoptions = '".mysql_escape_string($_REQUEST['maxoptions'])."',
		minoptions = '".mysql_escape_string($_REQUEST['minoptions'])."',
		multiselect = '".mysql_escape_string($_REQUEST['multiselect'])."',
		height = '".mysql_escape_string($_REQUEST['height'])."',
		regex = '".mysql_escape_string($_REQUEST['regex'])."',
		perline = '".mysql_escape_string($_REQUEST['perline'])."',
		error_message = '".mysql_escape_string($_REQUEST['error_message'])."',
		length = '".mysql_escape_string($_REQUEST['length'])."',
		formtype = '$user_field[formtype]'
	";

	if ($_REQUEST['do'] == "new3") {
		$db->query($query);
		$id = $db->last_id();
		jump("user_fields.php?do=edit&id=$id", 'New field has been created<br />Redirecting you to your new field');
	} else {
		$db->query($query . "WHERE id = " . intval($id));
		jump("user_fields.php?do=edit&id=$id", 'Field has been updated<br />Redirecting you to the updated field');
	}

}

############################### EDIT PROFILE FIELDS ###############################

if (($_REQUEST['do'] == "edit") OR ($_REQUEST['do'] == "new2")) {

	// set form action for field editing
	if ($_REQUEST['do'] == "edit") {

		admin_header('User Fields');
	
		$user_field = $db->query_return("
		SELECT * FROM user_def
		WHERE id = '$id'
		");

		echo "
		<form do=\"user_fields.php\" method=\"post\" name=\"fields\">
		<input type=\"hidden\" name=\"do\" value=\"update\">
		<input type=\"hidden\" name=\"id\" value=\"$user_field[id]\">
		";

	// set form action for new field creation
	} else {

		admin_header('User Fields', 'Add New Field');

		$user_field[formtype] = $type;
		echo "
		<form do=\"user_fields.php\" method=\"post\"  name=\"fields\">
		<input type=\"hidden\" name=\"do\" value=\"new3\">
		<input type=\"hidden\" name=\"type\" value=\"$user_field[formtype]\">
		";
	}

	############################### LANGUAGE BITS ############################### 

	$user_field[display_name] = unserialize($user_field[display_name]);
	$user_field[description] = unserialize($user_field[description]);
	$user_field[error_message] = unserialize($user_field[error_message]);

	if ($settings[language_on]) {
		
		$name = "<div id=\"name\"><table cellpadding=\"2\" cellspacing=\"0\">";
		$description = "<div id=\"description\"><table cellpadding=\"2\" cellspacing=\"0\">";
		$error = "<div id=\"error\"><table cellpadding=\"2\" cellspacing=\"0\">";

		$db->query("SELECT * FROM languages WHERE is_selectable = 1");
		while ($lang = $db->row_array()) {