Good day
my image upload field is not working am not sure why cos i have re-done it so many times now following the tutorial as well but is not working, when i open a new project it does work but on my current project that am working on its not working, i copied files from the project where its working still not working, am thinking someting is broken some where on my files but dont know what could it be?
Please assist as i have been trying to fix this for long now!
Thanks
Urgent - image upload not working
Re: Urgent - image upload not working
Could you explain how is it not working? Do you see a specific error message for example? Could you upload the project file so we can check it?
AppGini plugins to add more power to your apps:
- DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
- Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.
- Need personalized consulting on your specific app and customizations? Book an online call with me here.
-
omphilesithole
- Posts: 26
- Joined: 2015-01-12 13:01
Re: Urgent - image upload not working
notification_dml.php code, the pictureurl does not upload and there is no error, when saving it remains blank
<?php
// Data functions for table notifications
// This script and data application were generated by AppGini 5.31
// Download AppGini for free from http://bigprof.com/appgini/download/
function notifications_insert(){
global $Translation;
if($_GET['insert_x']!=''){$_POST=$_GET;}
// mm: can member insert record?
$arrPerm=getTablePermissions('notifications');
if(!$arrPerm[1]){
return false;
}
$data['title'] = makeSafe($_POST['title']);
if($data['title'] == empty_lookup_value){ $data['title'] = ''; }
$data['message'] = br2nl(makeSafe($_POST['message']));
$data['date'] = parseCode('<%%creationTimestamp%%>', true, true);
$data['pictureurl'] = PrepareUploadedFile('pictureurl', 102400,'jpg|jpeg|gif|png', false, '');
/* for empty upload fields, when saving a copy of an existing record, copy the original upload field */
if($_REQUEST['SelectedID']){
$res = sql("select * from notifications where id='" . makeSafe($_REQUEST['SelectedID']) . "'");
if($row = db_fetch_assoc($res)){
if(!$data['pictureurl']) $data['pictureurl'] = makeSafe($row['pictureurl']);
}
}
// hook: notifications_before_insert
if(function_exists('notifications_before_insert')){
$args=array();
if(!notifications_before_insert($data, getMemberInfo(), $args)){ return false; }
}
$o=array('silentErrors' => true);
sql('insert into `notifications` set `title`=' . (($data['title'] !== '' && $data['title'] !== NULL) ? "'{$data['title']}'" : 'NULL') . ', `message`=' . (($data['message'] !== '' && $data['message'] !== NULL) ? "'{$data['message']}'" : 'NULL') . ', `date`=' . "'{$data['date']}'" . ', ' . ($data['pictureurl']!='' ? "`pictureurl`='{$data['pictureurl']}'" : ($_POST['pictureurl_remove'] != 1 ? '`pictureurl`=`pictureurl`' : '`pictureurl`=NULL')), $o);
if($o['error']!=''){
echo $o['error'];
echo "<a href=\"notifications_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID=db_insert_id(db_link());
// hook: notifications_after_insert
if(function_exists('notifications_after_insert')){
$res = sql("select * from `notifications` where `id`='" . makeSafe($recID) . "' limit 1", $eo);
if($row = db_fetch_assoc($res)){
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args=array();
if(!notifications_after_insert($data, getMemberInfo(), $args)){ return (get_magic_quotes_gpc() ? stripslashes($recID) : $recID); }
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='notifications', pkValue='$recID', memberID='".getLoggedMemberID()."', dateAdded='".time()."', dateUpdated='".time()."', groupID='".getLoggedGroupID()."'", $eo);
return (get_magic_quotes_gpc() ? stripslashes($recID) : $recID);
}
function notifications_delete($selected_id, $AllowDeleteOfParents=false, $skipChecks=false){
// insure referential integrity ...
global $Translation;
$selected_id=makeSafe($selected_id);
// mm: can member delete record?
$arrPerm=getTablePermissions('notifications');
$ownerGroupID=sqlValue("select groupID from membership_userrecords where tableName='notifications' and pkValue='$selected_id'");
$ownerMemberID=sqlValue("select lcase(memberID) from membership_userrecords where tableName='notifications' and pkValue='$selected_id'");
if(($arrPerm[4]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[4]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[4]==3){ // allow delete?
// delete allowed, so continue ...
}else{
return $Translation['You don\'t have enough permissions to delete this record'];
}
// hook: notifications_before_delete
if(function_exists('notifications_before_delete')){
$args=array();
if(!notifications_before_delete($selected_id, $skipChecks, getMemberInfo(), $args))
return $Translation['Couldn\'t delete this record'];
}
sql("delete from `notifications` where `id`='$selected_id'", $eo);
// hook: notifications_after_delete
if(function_exists('notifications_after_delete')){
$args=array();
notifications_after_delete($selected_id, getMemberInfo(), $args);
}
// mm: delete ownership data
sql("delete from membership_userrecords where tableName='notifications' and pkValue='$selected_id'", $eo);
}
function notifications_update($selected_id){
global $Translation;
if($_GET['update_x']!=''){$_POST=$_GET;}
// mm: can member edit record?
$arrPerm=getTablePermissions('notifications');
$ownerGroupID=sqlValue("select groupID from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
$ownerMemberID=sqlValue("select lcase(memberID) from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
if(($arrPerm[3]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[3]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[3]==3){ // allow update?
// update allowed, so continue ...
}else{
return false;
}
$data['title'] = makeSafe($_POST['title']);
if($data['title'] == empty_lookup_value){ $data['title'] = ''; }
$data['message'] = br2nl(makeSafe($_POST['message']));
$data['date'] = parseMySQLDate('', '<%%creationTimestamp%%>');
$data['selectedID']=makeSafe($selected_id);
if($_POST['pictureurl_remove'] == 1){
$data['pictureurl'] = '';
}else{
$data['pictureurl'] = PrepareUploadedFile('pictureurl', 102400, 'jpg|jpeg|gif|png', false, "");
}
// hook: notifications_before_update
if(function_exists('notifications_before_update')){
$args=array();
if(!notifications_before_update($data, getMemberInfo(), $args)){ return false; }
}
$o=array('silentErrors' => true);
sql('update `notifications` set `title`=' . (($data['title'] !== '' && $data['title'] !== NULL) ? "'{$data['title']}'" : 'NULL') . ', `message`=' . (($data['message'] !== '' && $data['message'] !== NULL) ? "'{$data['message']}'" : 'NULL') . ', `date`=`date`' . ', ' . ($data['pictureurl']!='' ? "`pictureurl`='{$data['pictureurl']}'" : ($_POST['pictureurl_remove'] != 1 ? '`pictureurl`=`pictureurl`' : '`pictureurl`=NULL')) . " where `id`='".makeSafe($selected_id)."'", $o);
if($o['error']!=''){
echo $o['error'];
echo '<a href="notifications_view.php?SelectedID='.urlencode($selected_id)."\">{$Translation['< back']}</a>";
exit;
}
// hook: notifications_after_update
if(function_exists('notifications_after_update')){
$res = sql("SELECT * FROM `notifications` WHERE `id`='{$data['selectedID']}' LIMIT 1", $eo);
if($row = db_fetch_assoc($res)){
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = $data['id'];
$args = array();
if(!notifications_after_update($data, getMemberInfo(), $args)){ return; }
}
// mm: update ownership data
sql("update membership_userrecords set dateUpdated='".time()."' where tableName='notifications' and pkValue='".makeSafe($selected_id)."'", $eo);
}
function notifications_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0){
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm=getTablePermissions('notifications');
if(!$arrPerm[1] && $selected_id==''){ return ''; }
$AllowInsert = ($arrPerm[1] ? true : false);
// print preview?
$dvprint = false;
if($selected_id && $_REQUEST['dvprint_x'] != ''){
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = ($dvprint ? rand(1000000, 9999999) : '');
// combobox: date
$combo_date = new DateCombo;
$combo_date->DateFormat = "dmy";
$combo_date->MinYear = 1900;
$combo_date->MaxYear = 2100;
$combo_date->DefaultDate = parseMySQLDate('<%%creationTimestamp%%>', '<%%creationTimestamp%%>');
$combo_date->MonthNames = $Translation['month names'];
$combo_date->NamePrefix = 'date';
if($selected_id){
// mm: check member permissions
if(!$arrPerm[2]){
return "";
}
// mm: who is the owner?
$ownerGroupID=sqlValue("select groupID from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
$ownerMemberID=sqlValue("select lcase(memberID) from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
if($arrPerm[2]==1 && getLoggedMemberID()!=$ownerMemberID){
return "";
}
if($arrPerm[2]==2 && getLoggedGroupID()!=$ownerGroupID){
return "";
}
// can edit?
if(($arrPerm[3]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[3]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[3]==3){
$AllowUpdate=1;
}else{
$AllowUpdate=0;
}
$res = sql("select * from `notifications` where `id`='".makeSafe($selected_id)."'", $eo);
if(!($row = db_fetch_array($res))){
return error_message($Translation['No records found']);
}
$urow = $row; /* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row); /* sanitize data */
$combo_date->DefaultDate = $row['date'];
}else{
}
ob_start();
?>
<script>
// initial lookup values
jQuery(function() {
});
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if($dvprint){
$templateCode = @file_get_contents('./templates/notifications_templateDVP.html');
}else{
$templateCode = @file_get_contents('./templates/notifications_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Notification details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', ($_REQUEST['Embedded'] ? 'Embedded=1' : ''), $templateCode);
// process buttons
if($AllowInsert){
if(!$selected_id) $templateCode=str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return notifications_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
$templateCode=str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return notifications_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if($_REQUEST['Embedded']){
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
}else{
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if($selected_id){
if(!$_REQUEST['Embedded']) $templateCode=str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
if($AllowUpdate){
$templateCode=str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return notifications_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if(($arrPerm[4]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[4]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[4]==3){ // allow delete?
$templateCode=str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode=str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode=str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode=str_replace('<%%DESELECT_BUTTON%%>', ($ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : ''), $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if(($selected_id && !$AllowUpdate && !$AllowInsert) || (!$selected_id && !$AllowInsert)){
$jsReadOnly .= "\tjQuery('#title').replaceWith('<p class=\"form-control-static\" id=\"title\">' + (jQuery('#title').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#message').replaceWith('<p class=\"form-control-static\" id=\"message\">' + (jQuery('#message').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#pictureurl').replaceWith('<p class=\"form-control-static\" id=\"pictureurl\">' + (jQuery('#pictureurl').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#pictureurl, #pictureurl-edit-link').hide();\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
}elseif($AllowInsert){
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);"; // temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);"; // re-enable form change handler
}
// process combos
$templateCode=str_replace('<%%COMBO(date)%%>', ($selected_id && !$arrPerm[3] ? '<p class="form-control-static">' . $combo_date->GetHTML(true) . '</p>' : $combo_date->GetHTML()), $templateCode);
$templateCode=str_replace('<%%COMBOTEXT(date)%%>', $combo_date->GetHTML(true), $templateCode);
// process foreign key links
if($selected_id){
}
// process images
$templateCode=str_replace('<%%UPLOADFILE(id)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(title)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(message)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(date)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(pictureurl)%%>', ($noUploads ? '' : '<br><input type=hidden name=MAX_FILE_SIZE value=102400>'.$Translation['upload image'].' <input type="file" name="pictureurl">'), $templateCode);
if($AllowUpdate && $row['pictureurl']!=''){
$templateCode=str_replace('<%%REMOVEFILE(pictureurl)%%>', '<br><input type="checkbox" name="pictureurl_remove" id="pictureurl_remove" value="1"> <label for="pictureurl_remove" style="color: red; font-weight: bold;">'.$Translation['remove image'].'</label>', $templateCode);
}else{
$templateCode=str_replace('<%%REMOVEFILE(pictureurl)%%>', '', $templateCode);
}
// process values
if($selected_id){
$templateCode=str_replace('<%%VALUE(id)%%>', htmlspecialchars($row['id'], ENT_QUOTES), $templateCode);
$templateCode=str_replace('<%%URLVALUE(id)%%>', urlencode($urow['id']), $templateCode);
$templateCode=str_replace('<%%VALUE(title)%%>', htmlspecialchars($row['title'], ENT_QUOTES), $templateCode);
$templateCode=str_replace('<%%URLVALUE(title)%%>', urlencode($urow['title']), $templateCode);
if($dvprint){
$templateCode = str_replace('<%%VALUE(message)%%>', nl2br(htmlspecialchars($row['message'], ENT_QUOTES)), $templateCode);
}else{
$templateCode = str_replace('<%%VALUE(message)%%>', htmlspecialchars($row['message'], ENT_QUOTES), $templateCode);
}
$templateCode=str_replace('<%%URLVALUE(message)%%>', urlencode($urow['message']), $templateCode);
$templateCode=str_replace('<%%VALUE(date)%%>', @date('d/m/Y', @strtotime(htmlspecialchars($row['date'], ENT_QUOTES))), $templateCode);
$templateCode=str_replace('<%%URLVALUE(date)%%>', urlencode(@date('d/m/Y', @strtotime(htmlspecialchars($urow['date'], ENT_QUOTES)))), $templateCode);
$templateCode=str_replace('<%%VALUE(pictureurl)%%>', htmlspecialchars($row['pictureurl'], ENT_QUOTES), $templateCode);
$templateCode=str_replace('<%%URLVALUE(pictureurl)%%>', urlencode($urow['pictureurl']), $templateCode);
}else{
$templateCode=str_replace('<%%VALUE(id)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(id)%%>', urlencode(''), $templateCode);
$templateCode=str_replace('<%%VALUE(title)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(title)%%>', urlencode(''), $templateCode);
$templateCode=str_replace('<%%VALUE(message)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(message)%%>', urlencode(''), $templateCode);
$templateCode=str_replace('<%%VALUE(date)%%>', '<%%creationTimestamp%%>', $templateCode);
$templateCode=str_replace('<%%URLVALUE(date)%%>', urlencode('<%%creationTimestamp%%>'), $templateCode);
$templateCode=str_replace('<%%VALUE(pictureurl)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(pictureurl)%%>', urlencode(''), $templateCode);
}
// process translations
foreach($Translation as $symbol=>$trans){
$templateCode=str_replace("<%%TRANSLATION($symbol)%%>", $trans, $templateCode);
}
// clear scrap
$templateCode=str_replace('<%%', '<!-- ', $templateCode);
$templateCode=str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if($_POST['dvprint_x'] == ''){
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach($arrTables as $name => $caption){
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('[id^=\"{$name}_plink\"]').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if(!$selected_id){
$templateCode.="\n\tif(document.getElementById('pictureurlEdit')){ document.getElementById('pictureurlEdit').style.display='inline'; }";
$templateCode.="\n\tif(document.getElementById('pictureurlEditLink')){ document.getElementById('pictureurlEditLink').style.display='none'; }";
}
$templateCode.="\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode.="});";
$templateCode.="</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode=preg_replace('/blank.gif" rel="lightbox\[.*?\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode=preg_replace('/<a .*?href="mailto:".*?<\/a>/', '', $templateCode);
// hook: notifications_dv
if(function_exists('notifications_dv')){
$args=array();
notifications_dv(($selected_id ? $selected_id : FALSE), getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
?>
<?php
// Data functions for table notifications
// This script and data application were generated by AppGini 5.31
// Download AppGini for free from http://bigprof.com/appgini/download/
function notifications_insert(){
global $Translation;
if($_GET['insert_x']!=''){$_POST=$_GET;}
// mm: can member insert record?
$arrPerm=getTablePermissions('notifications');
if(!$arrPerm[1]){
return false;
}
$data['title'] = makeSafe($_POST['title']);
if($data['title'] == empty_lookup_value){ $data['title'] = ''; }
$data['message'] = br2nl(makeSafe($_POST['message']));
$data['date'] = parseCode('<%%creationTimestamp%%>', true, true);
$data['pictureurl'] = PrepareUploadedFile('pictureurl', 102400,'jpg|jpeg|gif|png', false, '');
/* for empty upload fields, when saving a copy of an existing record, copy the original upload field */
if($_REQUEST['SelectedID']){
$res = sql("select * from notifications where id='" . makeSafe($_REQUEST['SelectedID']) . "'");
if($row = db_fetch_assoc($res)){
if(!$data['pictureurl']) $data['pictureurl'] = makeSafe($row['pictureurl']);
}
}
// hook: notifications_before_insert
if(function_exists('notifications_before_insert')){
$args=array();
if(!notifications_before_insert($data, getMemberInfo(), $args)){ return false; }
}
$o=array('silentErrors' => true);
sql('insert into `notifications` set `title`=' . (($data['title'] !== '' && $data['title'] !== NULL) ? "'{$data['title']}'" : 'NULL') . ', `message`=' . (($data['message'] !== '' && $data['message'] !== NULL) ? "'{$data['message']}'" : 'NULL') . ', `date`=' . "'{$data['date']}'" . ', ' . ($data['pictureurl']!='' ? "`pictureurl`='{$data['pictureurl']}'" : ($_POST['pictureurl_remove'] != 1 ? '`pictureurl`=`pictureurl`' : '`pictureurl`=NULL')), $o);
if($o['error']!=''){
echo $o['error'];
echo "<a href=\"notifications_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID=db_insert_id(db_link());
// hook: notifications_after_insert
if(function_exists('notifications_after_insert')){
$res = sql("select * from `notifications` where `id`='" . makeSafe($recID) . "' limit 1", $eo);
if($row = db_fetch_assoc($res)){
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args=array();
if(!notifications_after_insert($data, getMemberInfo(), $args)){ return (get_magic_quotes_gpc() ? stripslashes($recID) : $recID); }
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='notifications', pkValue='$recID', memberID='".getLoggedMemberID()."', dateAdded='".time()."', dateUpdated='".time()."', groupID='".getLoggedGroupID()."'", $eo);
return (get_magic_quotes_gpc() ? stripslashes($recID) : $recID);
}
function notifications_delete($selected_id, $AllowDeleteOfParents=false, $skipChecks=false){
// insure referential integrity ...
global $Translation;
$selected_id=makeSafe($selected_id);
// mm: can member delete record?
$arrPerm=getTablePermissions('notifications');
$ownerGroupID=sqlValue("select groupID from membership_userrecords where tableName='notifications' and pkValue='$selected_id'");
$ownerMemberID=sqlValue("select lcase(memberID) from membership_userrecords where tableName='notifications' and pkValue='$selected_id'");
if(($arrPerm[4]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[4]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[4]==3){ // allow delete?
// delete allowed, so continue ...
}else{
return $Translation['You don\'t have enough permissions to delete this record'];
}
// hook: notifications_before_delete
if(function_exists('notifications_before_delete')){
$args=array();
if(!notifications_before_delete($selected_id, $skipChecks, getMemberInfo(), $args))
return $Translation['Couldn\'t delete this record'];
}
sql("delete from `notifications` where `id`='$selected_id'", $eo);
// hook: notifications_after_delete
if(function_exists('notifications_after_delete')){
$args=array();
notifications_after_delete($selected_id, getMemberInfo(), $args);
}
// mm: delete ownership data
sql("delete from membership_userrecords where tableName='notifications' and pkValue='$selected_id'", $eo);
}
function notifications_update($selected_id){
global $Translation;
if($_GET['update_x']!=''){$_POST=$_GET;}
// mm: can member edit record?
$arrPerm=getTablePermissions('notifications');
$ownerGroupID=sqlValue("select groupID from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
$ownerMemberID=sqlValue("select lcase(memberID) from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
if(($arrPerm[3]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[3]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[3]==3){ // allow update?
// update allowed, so continue ...
}else{
return false;
}
$data['title'] = makeSafe($_POST['title']);
if($data['title'] == empty_lookup_value){ $data['title'] = ''; }
$data['message'] = br2nl(makeSafe($_POST['message']));
$data['date'] = parseMySQLDate('', '<%%creationTimestamp%%>');
$data['selectedID']=makeSafe($selected_id);
if($_POST['pictureurl_remove'] == 1){
$data['pictureurl'] = '';
}else{
$data['pictureurl'] = PrepareUploadedFile('pictureurl', 102400, 'jpg|jpeg|gif|png', false, "");
}
// hook: notifications_before_update
if(function_exists('notifications_before_update')){
$args=array();
if(!notifications_before_update($data, getMemberInfo(), $args)){ return false; }
}
$o=array('silentErrors' => true);
sql('update `notifications` set `title`=' . (($data['title'] !== '' && $data['title'] !== NULL) ? "'{$data['title']}'" : 'NULL') . ', `message`=' . (($data['message'] !== '' && $data['message'] !== NULL) ? "'{$data['message']}'" : 'NULL') . ', `date`=`date`' . ', ' . ($data['pictureurl']!='' ? "`pictureurl`='{$data['pictureurl']}'" : ($_POST['pictureurl_remove'] != 1 ? '`pictureurl`=`pictureurl`' : '`pictureurl`=NULL')) . " where `id`='".makeSafe($selected_id)."'", $o);
if($o['error']!=''){
echo $o['error'];
echo '<a href="notifications_view.php?SelectedID='.urlencode($selected_id)."\">{$Translation['< back']}</a>";
exit;
}
// hook: notifications_after_update
if(function_exists('notifications_after_update')){
$res = sql("SELECT * FROM `notifications` WHERE `id`='{$data['selectedID']}' LIMIT 1", $eo);
if($row = db_fetch_assoc($res)){
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = $data['id'];
$args = array();
if(!notifications_after_update($data, getMemberInfo(), $args)){ return; }
}
// mm: update ownership data
sql("update membership_userrecords set dateUpdated='".time()."' where tableName='notifications' and pkValue='".makeSafe($selected_id)."'", $eo);
}
function notifications_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0){
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm=getTablePermissions('notifications');
if(!$arrPerm[1] && $selected_id==''){ return ''; }
$AllowInsert = ($arrPerm[1] ? true : false);
// print preview?
$dvprint = false;
if($selected_id && $_REQUEST['dvprint_x'] != ''){
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = ($dvprint ? rand(1000000, 9999999) : '');
// combobox: date
$combo_date = new DateCombo;
$combo_date->DateFormat = "dmy";
$combo_date->MinYear = 1900;
$combo_date->MaxYear = 2100;
$combo_date->DefaultDate = parseMySQLDate('<%%creationTimestamp%%>', '<%%creationTimestamp%%>');
$combo_date->MonthNames = $Translation['month names'];
$combo_date->NamePrefix = 'date';
if($selected_id){
// mm: check member permissions
if(!$arrPerm[2]){
return "";
}
// mm: who is the owner?
$ownerGroupID=sqlValue("select groupID from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
$ownerMemberID=sqlValue("select lcase(memberID) from membership_userrecords where tableName='notifications' and pkValue='".makeSafe($selected_id)."'");
if($arrPerm[2]==1 && getLoggedMemberID()!=$ownerMemberID){
return "";
}
if($arrPerm[2]==2 && getLoggedGroupID()!=$ownerGroupID){
return "";
}
// can edit?
if(($arrPerm[3]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[3]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[3]==3){
$AllowUpdate=1;
}else{
$AllowUpdate=0;
}
$res = sql("select * from `notifications` where `id`='".makeSafe($selected_id)."'", $eo);
if(!($row = db_fetch_array($res))){
return error_message($Translation['No records found']);
}
$urow = $row; /* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row); /* sanitize data */
$combo_date->DefaultDate = $row['date'];
}else{
}
ob_start();
?>
<script>
// initial lookup values
jQuery(function() {
});
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if($dvprint){
$templateCode = @file_get_contents('./templates/notifications_templateDVP.html');
}else{
$templateCode = @file_get_contents('./templates/notifications_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Notification details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', ($_REQUEST['Embedded'] ? 'Embedded=1' : ''), $templateCode);
// process buttons
if($AllowInsert){
if(!$selected_id) $templateCode=str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return notifications_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
$templateCode=str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return notifications_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if($_REQUEST['Embedded']){
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
}else{
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if($selected_id){
if(!$_REQUEST['Embedded']) $templateCode=str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
if($AllowUpdate){
$templateCode=str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return notifications_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if(($arrPerm[4]==1 && $ownerMemberID==getLoggedMemberID()) || ($arrPerm[4]==2 && $ownerGroupID==getLoggedGroupID()) || $arrPerm[4]==3){ // allow delete?
$templateCode=str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode=str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
}else{
$templateCode=str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode=str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode=str_replace('<%%DESELECT_BUTTON%%>', ($ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : ''), $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if(($selected_id && !$AllowUpdate && !$AllowInsert) || (!$selected_id && !$AllowInsert)){
$jsReadOnly .= "\tjQuery('#title').replaceWith('<p class=\"form-control-static\" id=\"title\">' + (jQuery('#title').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#message').replaceWith('<p class=\"form-control-static\" id=\"message\">' + (jQuery('#message').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#pictureurl').replaceWith('<p class=\"form-control-static\" id=\"pictureurl\">' + (jQuery('#pictureurl').val() || '') + '</p>');\n";
$jsReadOnly .= "\tjQuery('#pictureurl, #pictureurl-edit-link').hide();\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
}elseif($AllowInsert){
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);"; // temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);"; // re-enable form change handler
}
// process combos
$templateCode=str_replace('<%%COMBO(date)%%>', ($selected_id && !$arrPerm[3] ? '<p class="form-control-static">' . $combo_date->GetHTML(true) . '</p>' : $combo_date->GetHTML()), $templateCode);
$templateCode=str_replace('<%%COMBOTEXT(date)%%>', $combo_date->GetHTML(true), $templateCode);
// process foreign key links
if($selected_id){
}
// process images
$templateCode=str_replace('<%%UPLOADFILE(id)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(title)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(message)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(date)%%>', '', $templateCode);
$templateCode=str_replace('<%%UPLOADFILE(pictureurl)%%>', ($noUploads ? '' : '<br><input type=hidden name=MAX_FILE_SIZE value=102400>'.$Translation['upload image'].' <input type="file" name="pictureurl">'), $templateCode);
if($AllowUpdate && $row['pictureurl']!=''){
$templateCode=str_replace('<%%REMOVEFILE(pictureurl)%%>', '<br><input type="checkbox" name="pictureurl_remove" id="pictureurl_remove" value="1"> <label for="pictureurl_remove" style="color: red; font-weight: bold;">'.$Translation['remove image'].'</label>', $templateCode);
}else{
$templateCode=str_replace('<%%REMOVEFILE(pictureurl)%%>', '', $templateCode);
}
// process values
if($selected_id){
$templateCode=str_replace('<%%VALUE(id)%%>', htmlspecialchars($row['id'], ENT_QUOTES), $templateCode);
$templateCode=str_replace('<%%URLVALUE(id)%%>', urlencode($urow['id']), $templateCode);
$templateCode=str_replace('<%%VALUE(title)%%>', htmlspecialchars($row['title'], ENT_QUOTES), $templateCode);
$templateCode=str_replace('<%%URLVALUE(title)%%>', urlencode($urow['title']), $templateCode);
if($dvprint){
$templateCode = str_replace('<%%VALUE(message)%%>', nl2br(htmlspecialchars($row['message'], ENT_QUOTES)), $templateCode);
}else{
$templateCode = str_replace('<%%VALUE(message)%%>', htmlspecialchars($row['message'], ENT_QUOTES), $templateCode);
}
$templateCode=str_replace('<%%URLVALUE(message)%%>', urlencode($urow['message']), $templateCode);
$templateCode=str_replace('<%%VALUE(date)%%>', @date('d/m/Y', @strtotime(htmlspecialchars($row['date'], ENT_QUOTES))), $templateCode);
$templateCode=str_replace('<%%URLVALUE(date)%%>', urlencode(@date('d/m/Y', @strtotime(htmlspecialchars($urow['date'], ENT_QUOTES)))), $templateCode);
$templateCode=str_replace('<%%VALUE(pictureurl)%%>', htmlspecialchars($row['pictureurl'], ENT_QUOTES), $templateCode);
$templateCode=str_replace('<%%URLVALUE(pictureurl)%%>', urlencode($urow['pictureurl']), $templateCode);
}else{
$templateCode=str_replace('<%%VALUE(id)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(id)%%>', urlencode(''), $templateCode);
$templateCode=str_replace('<%%VALUE(title)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(title)%%>', urlencode(''), $templateCode);
$templateCode=str_replace('<%%VALUE(message)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(message)%%>', urlencode(''), $templateCode);
$templateCode=str_replace('<%%VALUE(date)%%>', '<%%creationTimestamp%%>', $templateCode);
$templateCode=str_replace('<%%URLVALUE(date)%%>', urlencode('<%%creationTimestamp%%>'), $templateCode);
$templateCode=str_replace('<%%VALUE(pictureurl)%%>', '', $templateCode);
$templateCode=str_replace('<%%URLVALUE(pictureurl)%%>', urlencode(''), $templateCode);
}
// process translations
foreach($Translation as $symbol=>$trans){
$templateCode=str_replace("<%%TRANSLATION($symbol)%%>", $trans, $templateCode);
}
// clear scrap
$templateCode=str_replace('<%%', '<!-- ', $templateCode);
$templateCode=str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if($_POST['dvprint_x'] == ''){
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach($arrTables as $name => $caption){
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('[id^=\"{$name}_plink\"]').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if(!$selected_id){
$templateCode.="\n\tif(document.getElementById('pictureurlEdit')){ document.getElementById('pictureurlEdit').style.display='inline'; }";
$templateCode.="\n\tif(document.getElementById('pictureurlEditLink')){ document.getElementById('pictureurlEditLink').style.display='none'; }";
}
$templateCode.="\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode.="});";
$templateCode.="</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode=preg_replace('/blank.gif" rel="lightbox\[.*?\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode=preg_replace('/<a .*?href="mailto:".*?<\/a>/', '', $templateCode);
// hook: notifications_dv
if(function_exists('notifications_dv')){
$args=array();
notifications_dv(($selected_id ? $selected_id : FALSE), getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
?>