Go to the documentation of this file.00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00016 class tbman_executer {
00017 private $pv;
00018 private $actions;
00019 private $query = "";
00020 private $externalquery = "";
00021 private $fields;
00022
00023 public $formaction;
00024 public $extra_where;
00025
00026 function tbman_executer($postvariables, $extra = "")
00027 {
00028 if(is_string($postvariables))
00029 $this->externalquery = $postvariables;
00030 else if(is_array($postvariables)) {
00031 $this->pv = $postvariables;
00032 $this->actions = explode("|", $this->pv['buttonpressed']);
00033 $this->fields = explode("|", $this->pv['fields']);
00034 $this->externalquery = $this->pv['querystring'];
00035 } else {
00036 $this->pv = $postvariables;
00037 }
00038
00039
00040
00041 @ $result = mysql_query($this->pv['querystring']);
00042 if (!$result) {
00043 displayerror("Error line 26: " . mysql_error());
00044 return;
00045 } else
00046 $this->result = $result;
00047 }
00048
00049 function execute() {
00050 if (isset ($this->pv['tablename'])) {
00051 $this->make_query();
00052 $fields = explode(";", $this->query);
00053 foreach ($fields as $tok) {
00054 if ($tok == "")
00055 continue;
00056 @ $result = mysql_query($tok);
00057 if (!$result) {
00058 displayerror("Error line 42 (tbman_executer.lib.php): " . mysql_error());
00059 return;
00060 }
00061 }
00062 }
00063 require_once ("tbman_renderer.lib.php");
00064 $rendertable = new tbman($this->externalquery);
00065 $rendertable->formaction = $this->formaction;
00066 return $rendertable->make_table();
00067 }
00068
00069 function make_query() {
00070 $pv = $this->pv;
00071 $actions = $this->actions;
00072 $j = 1;
00073 if ($actions[0] == "updatebutton") {
00074 $i = 0;
00075 for (; $i < escape($pv['noOfRows']); $i++) {
00076 if ($actions[$j] == $i) {
00077 $j++;
00078 $this->update($i);
00079 }
00080 }
00081 while (isset ($actions[$j])) {
00082 $this->addrow($i);
00083 $j++;
00084 }
00085 }
00086 elseif ($this->actions[0] == "deletebutton") {
00087 for ($i = 0; $i < escape($pv['noOfRows']); $i++) {
00088 if ($actions[$j] == $i) {
00089 $j++;
00090 $this->delete($i);
00091 }
00092 }
00093 }
00094 }
00095 function delete($i) {
00096 $str = " DELETE FROM " . $this->pv['tablename'] . $this->get_wherestring($i);
00097 $this->query .= $str . ";";
00098 }
00099 function update($i)
00100 {
00101 $pv = $this->pv;
00102 $str = " UPDATE " . escape($pv['tablename']) . " SET ";
00103 foreach ($this->fields as $field) {
00104 $str .= "`" . $field . "` = '" . escape($pv[$field . $i]) . "' ,";
00105 }
00106 $str = substr($str, 0, -1);
00107 $str .= $this->get_wherestring($i);
00108 $this->query .= $str . ";";
00109 }
00110 function get_wherestring($i) {
00111 mysql_data_seek($this->result, $i);
00112 $row = mysql_fetch_assoc($this->result);
00113 $str = " WHERE ";
00114
00115 foreach ($row as $field => $value) {
00116 $str .= "`" . $field . "` = '" . $value . "' AND ";
00117 }
00118 $str .= " 1";
00119 return $str;
00120 }
00121 function addrow($i) {
00122 $pv = $this->pv;
00123 $str = " INSERT INTO " . escape($pv['tablename']) . " (";
00124 $s = 1;
00125 $ss = sizeof($this->fields);
00126 foreach ($this->fields as $field) {
00127 $str .= " `" . $field . "` ";
00128 if ($s < $ss) {
00129 $str .= ", ";
00130 $s++;
00131 }
00132 }
00133
00134 $str .= " ) VALUES ( ";
00135 foreach ($this->fields as $field) {
00136 $str .= " '" . escape($pv[$field . "addRow"]) . "' ,";
00137 }
00138 $str = substr($str, 0, -1);
00139 $str .= " ) ";
00140 $this->query .= $str . ";";
00141 }
00142 }