diff --git a/modules/websubmit/lib/functions/Is_Original_Submitter.py b/modules/websubmit/lib/functions/Is_Original_Submitter.py
index 9ea7e4fae..31f64851c 100644
--- a/modules/websubmit/lib/functions/Is_Original_Submitter.py
+++ b/modules/websubmit/lib/functions/Is_Original_Submitter.py
@@ -1,61 +1,62 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
##
## Name: Is_Original_Submitter
## Description: function Is_Original_Submitter
## This function compares the email of the current logged
## user with the original submitter of the document, then
## check whether the user has special rights.
## Author: T.Baron
##
## PARAMETERS: -
## OUTPUT: HTML
##
execfile("%s/cdsware/websubmit_functions/Retrieve_Data.py" % pylibdir)
def Is_Original_Submitter(parameters,curdir,form):
global uid_email,sysno,uid
doctype = form['doctype']
act = form['act']
email = Get_Field("8560_f",sysno)
email = re.sub("[\n\r ]+","",email)
uid_email = re.sub("[\n\r ]+","",uid_email)
- if re.search(uid_email,email,re.IGNORECASE) == None and not acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act):
+ (auth_code, auth_message) = acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act)
+ if re.search(uid_email,email,re.IGNORECASE) == None and auth_code != 0:
raise functionStop("""
<SCRIPT>
document.forms[0].action="submit.py";
document.forms[0].curpage.value = 1;
document.forms[0].step.value = 0;
document.forms[0].submit();
alert('Only the submitter of this document has the right to do this action. \\nYour login (%s) is different from the one of the submitter (%s).');
</SCRIPT>""" % (uid_email,email))
- elif re.search(uid_email,email,re.IGNORECASE) == None and acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act):
+ elif re.search(uid_email,email,re.IGNORECASE) == None and auth_code == 0:
return ("""
<SCRIPT>
alert('Only the submitter of this document has the right to do this action. \\nYour login (%s) is different from the one of the submitter (%s).\\n\\nAnyway, as you have a special authorization for this type of documents,\\nyou are allowed to proceed! Watch out your actions!');
</SCRIPT>""" % (uid_email,email))
return ""
</protect>
diff --git a/modules/websubmit/lib/functions/Is_Original_Submitter.py.wml b/modules/websubmit/lib/functions/Is_Original_Submitter.py.wml
index 9ea7e4fae..31f64851c 100644
--- a/modules/websubmit/lib/functions/Is_Original_Submitter.py.wml
+++ b/modules/websubmit/lib/functions/Is_Original_Submitter.py.wml
@@ -1,61 +1,62 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
##
## Name: Is_Original_Submitter
## Description: function Is_Original_Submitter
## This function compares the email of the current logged
## user with the original submitter of the document, then
## check whether the user has special rights.
## Author: T.Baron
##
## PARAMETERS: -
## OUTPUT: HTML
##
execfile("%s/cdsware/websubmit_functions/Retrieve_Data.py" % pylibdir)
def Is_Original_Submitter(parameters,curdir,form):
global uid_email,sysno,uid
doctype = form['doctype']
act = form['act']
email = Get_Field("8560_f",sysno)
email = re.sub("[\n\r ]+","",email)
uid_email = re.sub("[\n\r ]+","",uid_email)
- if re.search(uid_email,email,re.IGNORECASE) == None and not acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act):
+ (auth_code, auth_message) = acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act)
+ if re.search(uid_email,email,re.IGNORECASE) == None and auth_code != 0:
raise functionStop("""
<SCRIPT>
document.forms[0].action="submit.py";
document.forms[0].curpage.value = 1;
document.forms[0].step.value = 0;
document.forms[0].submit();
alert('Only the submitter of this document has the right to do this action. \\nYour login (%s) is different from the one of the submitter (%s).');
</SCRIPT>""" % (uid_email,email))
- elif re.search(uid_email,email,re.IGNORECASE) == None and acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act):
+ elif re.search(uid_email,email,re.IGNORECASE) == None and auth_code == 0:
return ("""
<SCRIPT>
alert('Only the submitter of this document has the right to do this action. \\nYour login (%s) is different from the one of the submitter (%s).\\n\\nAnyway, as you have a special authorization for this type of documents,\\nyou are allowed to proceed! Watch out your actions!');
</SCRIPT>""" % (uid_email,email))
return ""
</protect>
diff --git a/modules/websubmit/lib/functions/Is_Referee.py b/modules/websubmit/lib/functions/Is_Referee.py
index 8813a0678..7a8bd0261 100644
--- a/modules/websubmit/lib/functions/Is_Referee.py
+++ b/modules/websubmit/lib/functions/Is_Referee.py
@@ -1,44 +1,45 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
def Is_Referee(parameters,curdir,form):
global uid_email,sysno,rn,uid
doctype = form['doctype']
# Get document category
res = run_sql("SELECT categ FROM sbmAPPROVAL WHERE rn=%s", (rn,))
if len(res) >0:
categ = res[0][0]
else:
categ=""
# Try to retrieve the referee's email from the referee's database
- if not acc_authorize_action(uid, "referee",doctype=doctype, categ=categ):
+ (auth_code, auth_message) = acc_authorize_action(uid, "referee",doctype=doctype, categ=categ)
+ if auth_code != 0:
raise functionStop("""
<SCRIPT>
document.forms[0].action="submit.py";
document.forms[0].curpage.value = 1;
document.forms[0].step.value = 0;
document.forms[0].submit();
alert('Sorry you (%s) have not been recognized as a referee for this type of document.\\nIf you think this is an error, please contact %s');
</SCRIPT>""" % (uid_email,supportemail))
return ""
</protect>
diff --git a/modules/websubmit/lib/functions/Is_Referee.py.wml b/modules/websubmit/lib/functions/Is_Referee.py.wml
index 8813a0678..7a8bd0261 100644
--- a/modules/websubmit/lib/functions/Is_Referee.py.wml
+++ b/modules/websubmit/lib/functions/Is_Referee.py.wml
@@ -1,44 +1,45 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
def Is_Referee(parameters,curdir,form):
global uid_email,sysno,rn,uid
doctype = form['doctype']
# Get document category
res = run_sql("SELECT categ FROM sbmAPPROVAL WHERE rn=%s", (rn,))
if len(res) >0:
categ = res[0][0]
else:
categ=""
# Try to retrieve the referee's email from the referee's database
- if not acc_authorize_action(uid, "referee",doctype=doctype, categ=categ):
+ (auth_code, auth_message) = acc_authorize_action(uid, "referee",doctype=doctype, categ=categ)
+ if auth_code != 0:
raise functionStop("""
<SCRIPT>
document.forms[0].action="submit.py";
document.forms[0].curpage.value = 1;
document.forms[0].step.value = 0;
document.forms[0].submit();
alert('Sorry you (%s) have not been recognized as a referee for this type of document.\\nIf you think this is an error, please contact %s');
</SCRIPT>""" % (uid_email,supportemail))
return ""
</protect>
diff --git a/modules/websubmit/lib/websubmit_engine.py b/modules/websubmit/lib/websubmit_engine.py
index e385669ce..cf48f5a4a 100644
--- a/modules/websubmit/lib/websubmit_engine.py
+++ b/modules/websubmit/lib/websubmit_engine.py
@@ -1,1352 +1,1353 @@
## $Id$
## CDSware WebSubmit in mod_python.
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
## start Python:
<protect>## $Id$</protect>
<protect>## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.</protect>
"""CDSware Submission Web Interface."""
## fill config variables:
pylibdir = "<LIBDIR>/python"
<protect>
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
sys.path.append('%s' % pylibdir)
from cdsware.config import *
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import acc_isRole
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email
from cdsware.messages import *
from mod_python import apache
from cdsware.websubmit_config import *
from cdsware.file import *
def interface(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1):
ln = wash_language(ln)
sys.stdout = req
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
# variable initialisation
t = ""
field = []
fieldhtml = []
level = []
fullDesc = []
text = []
check = []
select = []
radio = []
upload = []
txt = []
noPage = []
# Preliminary tasks
# check that the user is logged in
if uid_email == "" or uid_email == "guest":
warningMsg("<center><font color=red>Sorry, you must log in to perform this action. Please use the top right menu to do so.</font></center>",req)
# check we have minimum fields
if doctype=="" or act=="" or access=="":
return errorMsg("invalid parameter",req)
# retrieve the action and doctype data
if indir == "":
res = run_sql("select dir from sbmACTION where sactname=%s",(act,))
if len(res) == 0:
return errorMsg("cannot find submission directory",req)
else:
row = res[0]
indir = row[0]
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s",(doctype,))
if len(res) == 0:
return errorMsg("unknown document type",req)
else:
docname = res[0][0]
docname = string.replace(docname," "," ")
res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s",(act,))
if len(res) == 0:
return errorMsg("unknown action",req)
else:
actname = res[0][0]
actname = string.replace(actname," "," ")
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s", (subname,))
if len(res) == 0:
return errorMsg("can't figure number of pages",req)
else:
nbpages = res[0][0]
#Get current page
if startPg != "" and (curpage=="" or curpage==0):
curpage = startPg
# retrieve the name of the file in which the reference of
# the submitted document will be stored
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'", (doctype,))
if len(res) == 0:
edsrn = ""
else:
edsrn = res[0][0]
# This defines the path to the directory containing the action data
curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access)
# if this submission comes from another one ($fromdir is then set)
# We retrieve the previous submission directory and put it in the proper one
if fromdir != "":
olddir = "%s/%s/%s/%s" % (storage,fromdir,doctype,access)
if os.path.exists(olddir):
os.rename(olddir,curdir)
# If the submission directory still does not exist, we create it
if not os.path.exists(curdir):
try:
os.makedirs(curdir)
except:
return errorMsg("can't create submission directory",req)
# retrieve the original main menu url ans save it in the "mainmenu" file
if mainmenu != "":
fp = open("%s/mainmenu" % curdir,"w")
fp.write(mainmenu)
fp.close()
# and if the file containing the URL to the main menu exists
# we retrieve it and store it in the $mainmenu variable
if os.path.exists("%s/mainmenu" % curdir):
fp = open("%s/mainmenu" % curdir,"r");
mainmenu = fp.read()
fp.close()
else:
mainmenu = "%s/submit.py" %urlpath
# various authentication related tasks...
if uid_email != "guest" and uid_email != "":
#First save the username (email address) in the SuE file. This way bibconvert will be able to use it if needed
fp = open("%s/SuE" % curdir,"w")
fp.write(uid_email)
fp.close()
# is user authorized to perform this action?
- if acc_isRole("submit",doctype=doctype,act=act) and not acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act):
- return warningMsg("<center><font color=red>Sorry, user %s does not have the right to perform this action. Try logging with another user.</font></center>" % uid_email,req)
+ (auth_code, auth_message) = acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act)
+ if acc_isRole("submit",doctype=doctype,act=act) and auth_code != 0:
+ return warningMsg("<center><font color=red>%s</font></center>" % auth_message, req)
# then we update the "journal of submission"
res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,))
if len(res) == 0:
run_sql("INSERT INTO sbmSUBMISSIONS values (%s,%s,%s,'pending',%s,'',NOW(),NOW())", (uid_email,doctype,act,access,))
else:
run_sql("UPDATE sbmSUBMISSIONS SET md=NOW() WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,))
# Save the form fields entered in the previous submission page
# If the form was sent with the GET method
form = req.form
value = ""
# we parse all the form variables
for key in form.keys():
formfields = form[key]
if re.search("\[\]",key):
filename = key.replace("[]","")
else:
filename = key
# the field is an array
if isinstance(formfields,types.ListType):
fp = open("%s/%s" % (curdir,filename),"w")
for formfield in formfields:
#stripslashes(value)
value = specialchars(formfield)
fp.write(value+"\n")
fp.close()
# the field is a normal string
elif isinstance(formfields,types.StringTypes) and formfields != "":
value = formfields
fp = open("%s/%s" % (curdir,filename),"w")
fp.write(specialchars(value))
fp.close()
# the field is a file
elif hasattr(formfields,"filename"):
if not os.path.exists("%s/files/%s" % (curdir,key)):
try:
os.makedirs("%s/files/%s" % (curdir,key))
except:
return errorMsg("can't create submission directory",req)
filename = formfields.filename
if filename != "":
# This may be dangerous if the file size is bigger than the available memory
data = formfields.file.read()
fp = open("%s/files/%s/%s" % (curdir,key,filename),"w")
fp.write(data)
fp.close()
fp = open("%s/lastuploadedfile" % curdir,"w")
fp.write(filename)
fp.close()
fp = open("%s/%s" % (curdir,key),"w")
fp.write(filename)
fp.close()
# if the found field is the reference of the document
# we save this value in the "journal of submissions"
if uid_email != "" and uid_email != "guest":
if key == edsrn:
run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,))
# Now deal with the cookies
# If the fields must be saved as a cookie, we do so
# In this case, the value of the field will be retrieved and
# displayed as the default value of the field next time the user
# does a submission
if value!="":
res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,))
if len(res) > 0:
if res[0][0] == 1:
setCookie(key,value,uid)
# create interface
# top menu
t=t+"<FORM method=\"POST\" action=\"submit.py\" onSubmit=\"return tester();\">"
t=t+"<center><TABLE cellspacing=0 cellpadding=0 border=0><TR>"
t=t+" <TD class=submitHeader><B>%s </B></TD>" % docname
t=t+" <TD class=submitHeader><small> %s </small></TD>" % actname
t=t+"""
<TD valign=bottom>
<TABLE cellspacing=0 cellpadding=0 border=0 width=100%>
<TR><TD class=submitEmptyPage> </TD>"""
for i in range(1,nbpages+1):
if i == int(curpage):
t=t+"<TD class=submitCurrentPage><small> page:%s </small></TD>" % curpage
else:
t=t+"<TD class=submitPage><small> <A HREF='' onClick=\"if (tester2() == 1){document.forms[0].curpage.value=%s;document.forms[0].submit();return false;} else { return false; }\">%s</A> </small></TD>" % (i,i)
t=t+"<TD class=submitEmptyPage> </TD></TR></TABLE></TD>\n"
t=t+"<TD class=submitHeader align=right> <A HREF='' onClick=\"window.open('summary.py?doctype=%s&act=%s&access=%s&indir=%s','summary','scrollbars=yes,menubar=no,width=500,height=250');return false;\"><font color=white><small>SUMMARY(2)</small></font></A> </TD>\n" % (doctype,act,access,indir)
t=t+"</TR>"
# main cell
t=t+"<TR><TD colspan=5 class=submitHeader><TABLE border=0 cellspacing=0 cellpadding=15 width=\"100%\" class=submitBody><TR><TD><BR>"
# display the static form fields
t=t+"<INPUT type=\"hidden\" name=\"file\" value=\"%s\">\n" % file
t=t+"<INPUT type=\"hidden\" name=\"nextPg\" value=\"%s\">\n" % nextPg
t=t+"<INPUT type=\"hidden\" name=\"access\" value=\"%s\">\n" % access
t=t+"<INPUT type=\"hidden\" name=\"curpage\" value=\"%s\">\n" % curpage
t=t+"<INPUT type=\"hidden\" name=\"nbPg\" value=\"%s\">\n" % nbPg
t = t +"<INPUT type=\"hidden\" name=\"doctype\" value=\"%s\">\n" % doctype
t=t+"<INPUT type=\"hidden\" name=\"act\" value=\"%s\">\n" % act
t=t+"<INPUT type=\"hidden\" name=\"indir\" value=\"%s\">\n" % indir
t=t+"<INPUT type=\"hidden\" name=\"mode\" value=\"U\">\n"
t=t+"<INPUT type=\"hidden\" name=\"step\" value=\"0\">\n"
# For each field to be displayed on the page
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT * FROM sbmFIELD WHERE subname=%s and pagenb=%s ORDER BY fieldnb,fieldnb", (subname,curpage,))
nbFields = 0
for arr in res:
# We retrieve its HTML description
res3 = run_sql("SELECT * FROM sbmFIELDDESC WHERE name=%s", (arr[3],))
arr3 = res3[0]
if arr3[8]==None:
val=""
else:
val=arr3[8]
# we also retrieve and add the javascript code of the checking function, if needed
if arr[7] != '':
res2 = run_sql("SELECT chdesc FROM sbmCHECKS WHERE chname=%s", (arr[7],))
t=t+"<SCRIPT LANGUAGE=\"JavaScript1.1\" TYPE=\"text/javascript\">\n";
t=t+res2[0][0]
t=t+"</SCRIPT>\n"
# If the field is a textarea
if arr3[3] == 'T':
text="<TEXTAREA name=\"%s\" rows=%s cols=%s>%s</TEXTAREA>" % (arr[3],arr3[5],arr3[6],val)
# If the field is a file upload
elif arr3[3] == 'F':
text="<INPUT TYPE=file name=\"%s\" size=%s maxlength=%s>" % (arr[3],arr3[4],arr3[7]);
# If the field is a text input
elif arr3[3] == 'I':
text="<INPUT name=\"%s\" size=%s value=\"%s\">" % (arr[3],arr3[4],val)
# If the field is a hidden input
elif arr3[3] == 'H':
text="<INPUT type=\"hidden\" name=\"%s\" value=\"%s\">" % (arr[3],val)
# If the field is user-defined
elif arr3[3] == 'D':
text=arr3[9]
# If the field is a select box
elif arr3[3] == 'S':
text=arr3[9]
# If the field is an evaluated script
# the execed code should set variable text
elif arr3[3] == 'R':
co = compile(arr3[9].replace("\r\n","\n"),"<string>","exec")
exec(co)
# If the field type is not recognized
else:
text="%s: unknown field type" % arr[1]
# we now determine the exact type of the created field
if arr3[3] not in [ 'D','R']:
field.append(arr[3])
level.append(arr[5])
fullDesc.append(arr[4])
txt.append(arr[6])
check.append(arr[7])
# If the field is not user-defined, we try to determine its type
# (select, radio, file upload...)
# check whether it is a select field or not
if re.search("SELECT",text,re.IGNORECASE) != None:
select.append(1)
else:
select.append(0)
# checks whether it is a radio field or not
if re.search("TYPE=radio",text,re.IGNORECASE) != None:
radio.append(1)
else:
radio.append(0)
# checks whether it is a file upload or not
if re.search("TYPE=file",text,re.IGNORECASE) != None:
upload.append(1)
else:
upload.append(0)
# if the field description contains the "<COMBO>" string, replace
# it by the category selected on the document page submission page
combofile = "combo%s" % doctype
if os.path.exists("%s/%s" % (curdir,combofile)):
f = open("%s/%s" % (curdir,combofile),"r")
combo = f.read()
f.close()
else:
combo=""
text = text.replace("<COMBO>",combo)
# if there is a <YYYY> tag in it, replace it by the current year
year = time.strftime("%Y");
text = text.replace("<YYYY>",year)
fieldhtml.append(text)
# increment the fields counter
nbFields = nbFields + 1
else:
select.append(0)
radio.append(0)
upload.append(0)
field.append(value)
level.append(arr[5])
txt.append(arr[6])
level.append(arr[5])
fullDesc.append(arr[4])
txt.append(arr[6])
check.append(arr[7])
fieldhtml.append(text)
nbFields = nbFields+1
# now displays the html form field(s)
t+="%s\n" % fullDesc[nbFields-1]
t+=text+"\n"
# if there is a file upload field, we change the encoding type
t=t+"<SCRIPT LANGUAGE=\"JavaScript1.1\" TYPE=\"text/javascript\">\n"
for i in range(0,nbFields):
if upload[i] == 1:
t=t+"document.forms[0].encoding = \"multipart/form-data\";\n"
# we don't want the form to be submitted if the user enters 'Return'
t=t+"function tester(){return false;}\n"
# tests if mandatory fields are well filled
t=t+"function tester2(){\n"
for i in range(0,nbFields):
if re.search("%s\[\]"%field[i],fieldhtml[i]):
fieldname = "%s[]" % field[i]
else:
fieldname = field[i]
t=t+" el = document.forms[0].elements['%s'];\n" % fieldname
# If the field must be checked we call the checking function
if check[i] != "":
t=t+"if (%s(el.value)== 0){\n" % check[i]
t=t+" el.focus();\n"
t=t+" return 0;\n"
t=t+"}\n"
# If the field is mandatory, we check a value has been selected
if level[i] == 'M':
if select[i] != 0:
# If the field is a select box
t=t+"if ((el.selectedIndex == -1)||(el.selectedIndex == 0)){\n"
t=t+" alert(\"The field `%s` is Mandatory.\\n Please make a choice in the 'Select:' box\");\n" % txt[i]
t=t+" return 0;\n"
t=t+"}\n"
elif radio[i] != 0:
# If the field is a radio buttonset
t=t+"var check=0;\n"
t=t+"for (var j=0;j<el.length;j++){\n"
t=t+" if (el.options[j].checked){check++;}\n"
t=t+"}\n"
t=t+"if (check == 0){\n"
t=t+" alert(\"Please press a button.\");\n"
t=t+" return 0;\n"
t=t+"}\n"
else:
# If the field is a text input
t=t+"if (el.value == ''){\n"
t=t+" alert(\"The field `%s` is Mandatory. Please fill it in.\");\n" % txt[i]
t=t+" return 0;\n"
t=t+"}\n"
t=t+"return 1;\n"
t=t+"}\n"
t=t+"</SCRIPT><BR> <BR> </TD></TR></TABLE></TD></TR>\n"
# Display the navigation cell
# Display "previous page" navigation arrows
t=t+"<TR><TD colspan=5><TABLE border=0 cellpadding=0 cellspacing=0 width=\"100%\"><TR>\n"
if int(curpage) != 1:
t=t+" <TD class=submitHeader align=left> \n"
t=t+" <A HREF='' onClick=\"if (tester2() == 1){document.forms[0].curpage.value=%s;document.forms[0].submit();return false;} else { return false; }\">" % (int(curpage)-1)
t=t+" <IMG SRC=\"%s/left-trans.gif\" alt=\"previous page\" border=0>\n" % images
t=t+" <strong><font color=white>previous page</A></font></strong></TD>\n"
else:
t=t+" <TD class=submitHeader> </TD>\n"
# Display the submission number
t=t+" <TD class=submitHeader align=center><small>Submission no(1): %s</small></TD>\n" % access
# Display the "next page" navigation arrow
if int(curpage) != int(nbpages):
t=t+" <TD class=submitHeader align=right>\n"
t=t+" <A HREF='' onClick=\"if (tester2()){document.forms[0].curpage.value=%s;document.forms[0].submit();return false;} else {return false;}; return false;\">\n" % (int(curpage)+1)
t=t+" <strong><font color=white> next page</font></strong>\n"
t=t+" <IMG SRC=\"%s/right-trans.gif\" alt=\"next page\" border=0></A> " % images
else:
t=t+" <TD class=submitHeader> </TD>\n"
t=t+"</TR></TABLE></TD></TR></TABLE></center></FORM>"
# # # # # # # # # # # # # # # # # # # # # # # # #
# Fill the fields with the previously saved values
# # # # # # # # # # # # # # # # # # # # # # # # #
t=t+"<SCRIPT LANGUAGE=\"JavaScript1.1\" TYPE=\"text/javascript\">\n"
t=t+"<!-- Fill the fields in with the previous saved values-->\n"
# For each actual form field
for i in range(0,nbFields):
if re.search("%s\[\]"%field[i],fieldhtml[i]):
fieldname = "%s[]" % field[i]
else:
fieldname = field[i]
text = ''
# If a file exists with the name of the field we extract the saved value
if os.path.exists("%s/%s" % (curdir,field[i])):
file = open("%s/%s" % (curdir,field[i]),"r");
text = file.read()
text = re.compile("[\n\r]*$").sub("",text)
text = re.compile("\n").sub("\\n",text)
text = re.compile("\r").sub("",text)
file.close()
# Or if a cookie is set
# If a cookie is found corresponding to the name of the current
# field, we set the value of the field to the cookie's value
elif getCookie(field[i],uid) != None:
value = getCookie(field[i],uid)
value = re.compile("\r").sub("",value)
value = re.compile("\n").sub("\\n",value)
text = value
# If the value isn't empty
if text != '':
if select[i] != 0:
# If the field is a SELECT element
values = text.split("\n")
tmp=""
for val in values:
if tmp != "":
tmp = tmp + " || "
tmp = tmp + "el.options[j].value == \"%s\" || el.options[j].text == \"%s\"" % (val,val)
if tmp != "":
t=t+"\n<!--SELECT field found-->\n"
t=t+"el = document.forms[0].elements['%s'];\n" % fieldname
t=t+"for (var j=0;j<el.length;j++){\n"
t=t+" if (%s){\n" % tmp
t=t+" el.options[j].selected = true;}}\n"
elif radio[i] != 0:
# If the field is a RADIO element
t=t+"\n<!--RADIO field found-->\n"
t=t+"el = document.forms[0].elements['%s'];\n" % fieldname
t=t+"if (el.value == \"%s\"){\n" % text
t=t+" el.checked=true;}\n"
elif upload[i] == 0:
# If the field is not an upload element
t=t+"\n<!--INPUT field found-->\n"
t=t+"el = document.forms[0].elements['%s'];\n" % fieldname
text = text.replace('"','\"')
text = text.replace("\n","\\n")
t=t+"el.value=\"%s\";\n" % text
t=t+"<!--End Fill in section-->\n"
# JS function finish
# This function tests each mandatory field in the whole submission and checks whether
# the field has been correctly filled in or not
# This function is called when the user presses the "End
# Submission" button
if int(curpage) == int(nbpages):
t=t+"\n\nfunction finish() {\n"
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT * FROM sbmFIELD WHERE subname=%s and pagenb!=%s", (subname,curpage,))
nbFields=0
message = ""
select = []
radio = []
upload = []
field = []
level = []
txt = []
for arr in res:
if arr[5] == "M":
res2 = run_sql("SELECT * FROM sbmFIELDDESC WHERE name=%s", (arr[3],));
row2 = res2[0]
if row2[3] in ['D','R']:
if row2[3] == "D":
text = row2[9]
else:
text = eval(row2[9])
formfields = text.split(">")
for formfield in formfields:
match = re.match("name=([^ <>]+)",formfield,re.IGNORECASE)
if match != None:
names = match.groups
for value in names:
if value != "":
value = re.compile("[\"']+").sub("",value)
field.append(value)
level.append(arr[5])
txt.append(arr[6])
noPage.append(arr[1])
check.append(arr[7])
nbFields = nbFields+1
else:
noPage.append(arr[1])
field.append(arr[3])
level.append(arr[5])
txt.append(arr[6])
check.append(arr[7])
nbFields = nbFields+1
# tests each mandatory field
for i in range (0,nbFields):
res = 1
if not os.path.exists("%s/%s" % (curdir,field[i])):
res=0
else:
file = open("%s/%s" % (curdir,field[i]),"r")
text = file.read()
if text == '':
res=0
else:
if text == "Select:":
res=0
if res==0:
message = " alert (\"The field '%s' is mandatory.\\nGoing back to page %s\");\n" % (txt[i],noPage[i])
message = message + " document.forms[0].curpage.value=\"%s\";\n" % noPage[i]
message = message + " document.forms[0].submit();\n"
if message != "":
t=t+message
else:
t=t+"if (tester2()){\n";
t=t+" document.forms[0].action=\"submit.py\";\n"
t=t+" document.forms[0].step.value=1;\n"
t=t+" document.forms[0].submit();\n"
t=t+" } \n"
t=t+" else \n"
t=t+" { \n"
t=t+" return false;\n"
t=t+" }\n"
t=t+"}\n"
t=t+"""
</SCRIPT>
<BR>
<BR>"""
# Display the "back to main menu" button
t=t+"<A HREF=\"%s\" onClick=\"return confirm('Are you sure you want to quit this submission?')\">\n" % mainmenu
t=t+"<IMG SRC=\"%s/mainmenu.gif\" border=0 ALT=\"back to main menu\" align=right></A><BR><BR>\n" % images
t=t+"""
<HR>
<small>(1) you should take note of this number at the beginning of the submission, it will allow you to get your information back in case your browser crashes before the end of the submission.</small><BR>"""
# Add the summary window definition if needed
t=t+" <small>(2) mandatory fields appear in red in the 'Summary' window.</small><BR>\n"
# start display:
req.content_type = "text/html"
req.send_http_header()
p_navtrail = "<a href=\"submit.py\">Submit</a> > <a href=\"submit.py?doctype=%s\">%s</a> > %s" % (doctype,docname,actname)
return page(title="" ,
body=t,
navtrail = p_navtrail,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def endaction(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1,step=1,mode="U"):
global rn,sysno,dismode,curdir,uid,uid_email,lats_step,action_score
dismode = mode
ln = wash_language(ln)
sys.stdout = req
t=""
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value)
# Preliminary tasks
# check that the user is logged in
if uid_email == "" or uid_email == "guest":
return warningMsg("<center><font color=red>Sorry, you must log in to perform this action. Please use the top right menu to do so.</font></center>",req,cdsname,ln)
# check we have minimum fields
if doctype=="" or act=="" or access=="":
return errorMsg("invalid parameter",req,cdsname,ln)
# retrieve the action and doctype data
if indir == "":
res = run_sql("select dir from sbmACTION where sactname=%s", (act,))
if len(res) == 0:
return errorMsg("cannot find submission directory",req,cdsname,ln)
else:
row = res[0]
indir = row[0]
# The following words are reserved and should not be used as field names
reserved_words = ["stop","file","nextPg","startPg","access","curpage","nbPg","act","indir","doctype","mode","step","deleted","file_path","userfile_name"]
# This defines the path to the directory containing the action data
curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access)
# If the submission directory still does not exist, we create it
if not os.path.exists(curdir):
try:
os.makedirs(curdir)
except:
return errorMsg("can't create submission directory",req,cdsname,ln)
# retrieve the original main menu url ans save it in the "mainmenu" file
if mainmenu != "":
fp = open("%s/mainmenu" % curdir,"w")
fp.write(mainmenu)
fp.close()
# and if the file containing the URL to the main menu exists
# we retrieve it and store it in the $mainmenu variable
if os.path.exists("%s/mainmenu" % curdir):
fp = open("%s/mainmenu" % curdir,"r");
mainmenu = fp.read()
fp.close()
else:
mainmenu = "%s/submit.py" % urlpath
# retrieve the name of the file in which the reference of
# the submitted document will be stored
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'",(doctype,))
if len(res) == 0:
edsrn = ""
else:
edsrn = res[0][0]
# Now we test whether the user has already completed the action and
# reloaded the page (in this case we don't want the functions to be called
# once again
reloaded = Test_Reload(uid_email,doctype,act,access)
# if the action has been completed
#if reloaded:
# return warningMsg("<b> Sorry, this action has already been completed. Please go back to the main menu to start a new action.</b>",req)
# We must determine if the action is finished (ie there is no other steps after the current one
res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step > %s", (act,doctype,step,))
if len(res) == 0:
finished = 1
else:
finished = 0
# Save the form fields entered in the previous submission page
# If the form was sent with the GET method
form = req.form
value = ""
# we parse all the form variables
for key in form.keys():
formfields = form[key]
if re.search("\[\]",key):
filename = key.replace("[]","")
else:
filename = key
# the field is an array
if isinstance(formfields,types.ListType):
fp = open("%s/%s" % (curdir,filename),"w")
for formfield in formfields:
#stripslashes(value)
value = specialchars(formfield)
fp.write(value+"\n")
fp.close()
# the field is a normal string
elif isinstance(formfields,types.StringTypes) and formfields != "":
value = formfields
fp = open("%s/%s" % (curdir,filename),"w")
fp.write(specialchars(value))
fp.close()
# the field is a file
elif hasattr(formfields,"filename"):
if not os.path.exists("%s/files/%s" % (curdir,key)):
try:
os.makedirs("%s/files/%s" % (curdir,key))
except:
return errorMsg("can't create submission directory",req,cdsname,ln)
filename = formfields.filename
if filename != "":
# This may be dangerous if the file size is bigger than the available memory
data = formfields.file.read()
fp = open("%s/files/%s/%s" % (curdir,key,filename),"w")
fp.write(data)
fp.close()
fp = open("%s/lastuploadedfile" % curdir,"w")
fp.write(filename)
fp.close()
fp = open("%s/%s" % (curdir,key),"w")
fp.write(filename)
fp.close()
# if the found field is the reference of the document
# we save this value in the "journal of submissions"
if uid_email != "" and uid_email != "guest":
if key == edsrn:
run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,))
# Now deal with the cookies
# If the fields must be saved as a cookie, we do so
# In this case, the value of the field will be retrieved and
# displayed as the default value of the field next time the user
# does a submission
if value!="":
res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,))
if len(res) > 0:
if res[0][0] == 1:
setCookie(key,value,uid)
# those fields are necessary for the navigation
t=t+"<FORM ENCTYPE=\"multipart/form-data\" action=\"submit.py\" method=\"POST\">\n"
t=t+"<INPUT type=\"hidden\" name=\"file\" value=\"%s\">\n" % file
t=t+"<INPUT type=\"hidden\" name=\"nextPg\" value=\"%s\">\n" % nextPg
t=t+"<INPUT type=\"hidden\" name=\"startPg\" value=\"%s\">\n" % startPg
t=t+"<INPUT type=\"hidden\" name=\"access\" value=\"%s\">\n" % access
t=t+"<INPUT type=\"hidden\" name=\"curpage\" value=\"%s\">\n" % curpage
t=t+"<INPUT type=\"hidden\" name=\"nbPg\" value=\"%s\">\n" % nbPg
t=t+"<INPUT type=\"hidden\" name=\"doctype\" value=\"%s\">\n" % doctype
t=t+"<INPUT type=\"hidden\" name=\"act\" value=\"%s\">\n" %act
t=t+"<INPUT type=\"hidden\" name=\"indir\" value=\"%s\">\n" % indir
t=t+"<INPUT type=\"hidden\" name=\"fromdir\" value=\"\">\n"
t=t+"<INPUT type=\"hidden\" name=\"mainmenu\" value=\"%s\">\n" % mainmenu
# parameters for new MESS end scripts
t=t+"<INPUT type=\"hidden\" name=\"mode\" value=\"U\">\n"
t=t+"<INPUT type=\"hidden\" name=\"step\" value=\"1\">\n"
t=t+"<INPUT type=\"hidden\" name=\"deleted\" value=\"no\">\n"
t=t+"<INPUT type=\"hidden\" name=\"file_path\" value=\"\">\n"
t=t+"<INPUT type=\"hidden\" name=\"userfile_name\" value=\"\">\n"
# Get document name
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
if len(res) > 0:
docname = res[0][0]
else:
return errorMsg("unknown type of document",req,cdsname,ln)
# Get action name
res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s", (act,))
if len(res) > 0:
actname = res[0][0]
else:
return errorMsg("unknown action",req,cdsname,ln)
# Get number of pages
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s",(subname,))
if len(res) > 0:
nbpages = res[0][0]
else:
return errorMsg("this action does not apply on this type of document",req,cdsname,ln)
# Display table header
t=t+"<center><TABLE cellspacing=0 cellpadding=0 border=0><TR>"
t=t+" <TD class=submitHeader><B>%s </B></TD>" % docname
t=t+" <TD class=submitHeader><small> %s </small></TD>" % actname
t=t+"""
<TD valign=bottom>
<TABLE cellspacing=0 cellpadding=0 border=0 width=100%>
<TR><TD class=submitEmptyPage> </TD>"""
if finished == 1:
t=t+"<TD class=submitCurrentPage>finished!</TD><TD class=submitEmptyPage> </TD></TR></TABLE></TD>\n"
t=t+"<TD class=submitEmptyPage align=right> </TD>\n"
else:
for i in range(1,nbpages+1):
t=t+"<TD class=submitPage><small> <A HREF='' onClick=\"document.forms[0].curpage.value=%s;document.forms[0].action='submit.py';document.forms[0].step.value=0;document.forms[0].submit();return false;\">%s</A> </small></TD>" % (i,i)
t=t+"<TD class=submitCurrentPage>end of action</TD><TD class=submitEmptyPage> </TD></TR></TABLE></TD>\n"
t=t+"<TD class=submitHeader align=right> <A HREF='' onClick=\"window.open('summary.py?doctype=%s&act=%s&access=%s&indir=%s','summary','scrollbars=yes,menubar=no,width=500,height=250');return false;\"><font color=white><small>SUMMARY(2)</small></font></A> </TD>\n" % (doctype,act,access,indir)
t=t+"</TR>\n"
# Display main cell
t=t+"<TR>\n"
t=t+" <TD colspan=5 class=submitBody>\n"
t=t+" <small><BR><BR>\n"
# we specify here whether we are in the last step of the action or not
res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step>%s", (act,doctype,step,))
if len(res) == 0:
last_step = 1
else:
last_step = 0
# Prints the action details, returning the mandatory score
action_score = action_details(doctype,act)
current_level = get_level(doctype, act)
# Calls all the function's actions
try:
t=t+print_function_calls(doctype, act, step, form)
except functionError,e:
return errorMsg(e.value,req)
except functionStop,e:
if e.value != None:
t=t+e.value
else:
t=t+e
# If the action was mandatory we propose the next mandatory action (if any)
if action_score != -1 and last_step == 1:
t=t+Propose_Next_Action(doctype,action_score,access,current_level,indir)
# If we are in the last step of an action, we can update the "journal of submissions"
if last_step == 1:
if uid_email != "" and uid_email != "guest" and rn != "":
res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,))
if len(res) == 0:
run_sql("INSERT INTO sbmSUBMISSIONS values(%s,%s,%s,'finished',%s,%s,NOW(),NOW())", (uid_email,doctype,act,access,rn,))
else:
run_sql("UPDATE sbmSUBMISSIONS SET md=NOW(),reference=%s,status='finished' WHERE doctype=%s and action=%s and id=%s and email=%s", (rn,doctype,act,access,uid_email,))
t=t+""" <BR><BR>
</TD>
</TR>
<TR class=submitHeader>
<TD class=submitHeader colspan=5 align=center>"""
if finished == 0:
t=t+"<small>Submission no</small>²:\n"
t=t+"<small>%s</small>\n" % access
else:
t=t+" \n"
t=t+"""
</TD>
</TR>
</TABLE>
</center>
</form>
<br>
<br>"""
# Add the "back to main menu" button
if finished == 0:
t=t+ " <A HREF=\"%s\" onClick=\"return confirm('Are you sure you want to quit this submission?')\">\n" % mainmenu
else:
t=t+" <A HREF=\"%s\">\n" % mainmenu
t=t+"<IMG SRC=\"%s/mainmenu.gif\" border=0 ALT=\"back to main menu\" align=\"right\"></A><BR><BR>\n" % images
# start display:
req.content_type = "text/html"
req.send_http_header()
p_navtrail = "<a href=\"submit.py\">Submit</a> > <a href=\"submit.py?doctype=%s\">%s</a> > %s" % (doctype,docname,actname)
return page(title="",
body=t,
navtrail = p_navtrail,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def simpleendaction(doctype="", act="", startPg=1, indir="", access="",step=1,mode="U"):
global rn,sysno,dismode,curdir,uid,uid_email,lats_step,action_score
dismode = mode
# check we have minimum fields
if doctype=="" or act=="" or access=="":
return "invalid parameter"
# retrieve the action and doctype data
if indir == "":
res = run_sql("select dir from sbmACTION where sactname=%s", (act,))
if len(res) == 0:
return "cannot find submission directory"
else:
row = res[0]
indir = row[0]
# This defines the path to the directory containing the action data
curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access)
# If the submission directory still does not exist, we create it
if not os.path.exists(curdir):
return "submission directory %s does not exist" % curdir
# retrieve the name of the file in which the reference of
# the submitted document will be stored
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'",(doctype,))
if len(res) == 0:
edsrn = ""
else:
edsrn = res[0][0]
# Get document name
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
if len(res) > 0:
docname = res[0][0]
else:
return "unknown type of document %s" % doctype
# Get action name
res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s", (act,))
if len(res) > 0:
actname = res[0][0]
else:
return "unknown action %s" % act
# Prints the action details, returning the mandatory score
action_score = action_details(doctype,act)
current_level = get_level(doctype, act)
# Calls all the function's actions
print_function_calls(doctype, act, step, "")
return "ok"
def home(req,c=cdsname,ln=cdslang):
ln = wash_language(ln)
# get user ID:
try:
uid = getUid(req)
except MySQLdb.Error, e:
return errorMsg(e.value)
# start display:
req.content_type = "text/html"
req.send_http_header()
finaltext = ""
finaltext = finaltext + """
<SCRIPT TYPE="text/javascript" LANGUAGE="Javascript1.2">
var allLoaded = 1;
</SCRIPT>
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">Document types available for submission:</th>
</tr>
<tr>
<td class="portalboxbody">
<BR>
Please select the type of document you want to submit:
<BR><BR>
<TABLE width="100%">
<TR>
<TD width="50%" class="narrowsearchboxbody">
"""
finaltext = finaltext + "<FORM method=get action=\"submit.py\">\n"
finaltext = finaltext + "<INPUT type=\"hidden\" name=\"doctype\">"
# Initialise catalogues array
finaltext = finaltext + makeCataloguesTable()
finaltext = finaltext + """
</TD>
</TR>
</TABLE>
</FORM>
</td>
</tr>
</table>"""
p_navtrail = "Submit"
return page(title="",
body=finaltext,
navtrail=p_navtrail,
description="toto",
keywords="keywords",
uid=uid,
language=ln,
urlargs=req.args
)
def makeCataloguesTable():
text = ""
catalogues = []
queryResult = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=0 ORDER BY catalogue_order");
if len(queryResult) != 0:
# Query has executed successfully, so we can proceed to display all
# catalogues in the EDS system...
text = "<UL>\n"
for row in queryResult:
catalogues.append(row[0])
text = text + displayCatalogueBranch(row[0],1,catalogues)
text = text + "</UL>\n"
else:
text = "<h3>No document types yet...</h3>\n"
return text
def displayCatalogueBranch(id_father,level,catalogues):
text = ""
queryResult = run_sql("SELECT name, id FROM sbmCOLLECTION WHERE id=%s", (id_father,))
if len(queryResult) != 0:
row = queryResult[0]
if level == 1:
text = "<LI><font size=\"+1\"><strong>%s</strong></font>\n" % row[0]
else:
if level == 2:
text = "<LI>%s\n" % row[0]
else:
if level > 2:
text = "<LI>%s\n" % row[0]
# display the son document types
res1 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_father=%s ORDER BY catalogue_order", (id_father,))
res2 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=%s ORDER BY catalogue_order", (id_father,))
if len(res1) != 0 or len(res2) != 0:
text = text + "<UL>\n"
if len(res1) != 0:
for row in res1:
text = text + displayDoctypeBranch(row[0],catalogues)
# display the son catalogues
for row in res2:
catalogues.append(row[0])
text = text + displayCatalogueBranch(row[0],level+1,catalogues)
if len(res1) != 0 or len(res2) != 0:
text = text + "</UL>\n"
return text
def displayDoctypeBranch(doctype,catalogues):
text = ""
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
row = res[0]
text = "<LI><a href=\"\" onmouseover=\"javascript:popUpTextWindow('%s',true,event);\" onmouseout=\"javascript:popUpTextWindow('%s',false,event);\" onClick=\"document.forms[0].doctype.value='%s';document.forms[0].submit();return false;\">%s</a>\n" % (doctype,doctype,doctype,row[0])
return text
def action(req,c=cdsname,ln=cdslang,doctype=""):
nbCateg = 0
snameCateg = []
lnameCateg = []
actionShortDesc = []
indir = []
actionbutton = []
statustext = []
t = ""
ln = wash_language(ln)
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value, req)
#parses database to get all data
#first the list of categories
res = run_sql("SELECT * FROM sbmCATEGORIES WHERE doctype=%s ORDER BY lname", (doctype,))
if len(res) > 0:
for arr in res:
nbCateg = nbCateg+1
snameCateg.append(arr[1])
lnameCateg.append(arr[2])
#then data about the document type
res = run_sql("SELECT * FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
if len(res) > 0:
arr = res[0]
docFullDesc = arr[0]
docShortDesc = arr[1]
description = arr[4]
else:
return errorMsg ("Cannot find document %s" % doctype, req)
#then data about associated actions
res2 = run_sql("SELECT * FROM sbmIMPLEMENT LEFT JOIN sbmACTION on sbmACTION.sactname=sbmIMPLEMENT.actname WHERE docname=%s and displayed='Y' ORDER BY sbmIMPLEMENT.buttonorder", (docShortDesc,))
for arr2 in res2:
res = run_sql("SELECT * FROM sbmACTION WHERE sactname=%s", (arr2[1],))
for arr in res:
actionShortDesc.append(arr[1])
indir.append(arr[2])
actionbutton.append(arr[5])
statustext.append(arr[6])
t = """
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
var checked=0;
function tester()
{
"""
if (uid_email == "" or uid_email == "guest"):
t = t + "alert(\"please log in first.\\nUse the top right menu to log in.\");return false;\n";
t = t + """
if (checked == 0)
{
alert ("please select a category");
return false;
}
else
{
return true;
}
}
function clicked()
{
checked=1;
}
function selectdoctype(nb)
{
document.forms[0].act.value = docname[nb];
}
</SCRIPT>
<FORM method=get action="submit.py">"""
t = t + "<INPUT type=\"hidden\" name=\"doctype\" value=\"%s\">\n" % doctype
t = t + "<INPUT type=\"hidden\" name=\"indir\">"
pid = os.getpid()
now = time.time()
t = t + "<input type=hidden name=access value=\"%i_%s\">" % (now,pid)
t = t + """
<INPUT type="hidden" name="act">
<INPUT type="hidden" name="startPg" value=1>"""
t = t + "<INPUT type=hidden name=mainmenu value=\"submit.py?doctype=%s\">\n" % doctype
t = t + """
<table class="searchbox" width="100%" summary="">
<tr>"""
t+=" <th class=\"portalboxheader\">%s</th>" % docFullDesc
t+="""
</tr>
<tr>
<td class="portalboxbody">"""
if description != "":
t = t + "%s" % description
t = t + """
<BR>
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
var nbimg = document.images.length + 1;
</SCRIPT>
<BR>
<TABLE align=center cellpadding=0 cellspacing=0 border=0>
<TR>"""
if nbCateg != 0:
t = t + "<TD align=right>\n"
for i in range(0,nbCateg):
t = t + "%s<INPUT TYPE=radio NAME=\"combo%s\" value=\"%s\" onClick=\"clicked()\"> <BR>\n" % (lnameCateg[i],doctype,snameCateg[i])
t = t + "</TD>\n"
else:
t = t + "<SCRIPT>checked=1;</SCRIPT>\n"
t = t + """
<TD>
</TD>
<TD>
<TABLE>"""
#display list of actions
for i in range(0,len(actionShortDesc)):
t+="<input type=\"submit\" class=\"adminbutton\" value=\"%s\" onClick=\"if (tester()){document.forms[0].indir.value='%s';document.forms[0].act.value='%s';document.forms[0].submit();}; return false;\"><br>" % (statustext[i],indir[i],actionShortDesc[i])
t = t + """
</TABLE>
</TD>
</TR>
</TABLE>
<BR>"""
if nbCateg != 0:
t = t + "<STRONG class=headline>Notice:</STRONG><BR>\nSelect a category and then click the button to perform the action you chose.\n"
t = t + """
<BR><BR>
<BR>
</FORM>
<FORM action="submit.py"><HR>
<font color=black><small>To continue an interrupted submission,
enter your access number directly in the input box.</small></FONT>
<TABLE border=0 bgcolor="#CCCCCC" width="100%"><TR>
<TD width="100%">
<small>Access Number: <INPUT size=15 name=AN>"""
t = t + "<INPUT type=hidden name=doctype value=\"%s\"> <INPUT class=\"adminbutton\" type=submit value=\" go! \">" % doctype
t = t + """</small></TD></TR></TABLE><HR></FORM>
</td>
</tr>
</table>"""
p_navtrail = "<a href=\"submit.py\">Submit</a> > %s" % docFullDesc
return page(title="",
body=t,
navtrail=p_navtrail,
description="toto",
keywords="keywords",
uid=uid,
language=ln,
urlargs=req.args
)
def set_report_number (newrn):
global uid_email,doctype,access,rn
# First we save the value in the global object
rn = newrn
# then we save this value in the "journal of submissions"
if uid_email != "" and uid_email != "guest":
run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (newrn,doctype,access,uid_email,))
def get_report_number():
global rn
return rn
def set_sysno (newsn) :
global sysno
sysno = newsn
def get_sysno() :
global sysno
return sysno
def Request_Print(m, txt):
# The argumemts to this function are the display mode (m) and the text to be displayed (txt)
# If the argument mode is 'ALL' then the text is unconditionally echoed
# m can also take values S (Supervisor Mode) and U (User Mode). In these
# circumstances txt is only echoed if the argument mode is the same as
# the current mode
global dismode
if m == "A" or m == dismode:
return txt
else:
return ""
def Evaluate_Parameter (field, doctype):
# Returns the literal value of the parameter. Assumes that the value is
# uniquely determined by the doctype, i.e. doctype is the primary key in
# the table
# If the table name is not null, evaluate the parameter
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name=%s", (doctype,field,))
# If no data is found then the data concerning the DEF(ault) doctype is used
if len(res) == 0:
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype='DEF' and name=%s", (field,))
if len(res) == 0:
return ""
else:
if res[0][0] != None:
return res[0][0]
else:
return ""
def Get_Parameters (function, doctype):
# Returns the function parameters, in an array, for the function
# Gets a description of the parameter
parray = {}
res = run_sql("SELECT * FROM sbmFUNDESC WHERE function=%s", (function,))
for i in range(0,len(res)):
parameter = res[i][1]
parray[parameter] = Evaluate_Parameter (parameter , doctype)
return parray
def get_level (doctype, action):
res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,))
if len(res) > 0:
return res[0][9]
else:
return 0
def action_details (doctype, action):
# Prints whether the action is mandatory or optional. The score of the
# action is returned (-1 if the action was optional)
res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,))
if len(res)>0:
if res[0][9] != "0":
return res[0][10]
else:
return -1
else:
return -1
def print_function_calls (doctype, action, step, form):
# Calls the functions required by an "action" action on a "doctype" document
# In supervisor mode, a table of the function calls is produced
global htdocsdir,storage,access,pylibdir
t=""
# Get the list of functions to be called
res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step=%s ORDER BY score", (action,doctype,step,))
# If no data is found then the data concerning the DEF(ault) doctype is used
if len(res) == 0:
res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype='DEF' and step=%s ORDER BY score", (action,step,))
if len(res) > 0:
t=t+Request_Print("S", "<br><br>Here is the %s function list for %s documents at level %s <P>" % (action,doctype,step))
t=t+Request_Print("S", "<table border cellpadding = 15><tr><th>Function</th><th>Score</th><th>Running Function</th></tr>")
# while there are functions left...
for function in res:
function_name = function[2]
function_score = function[3]
if os.path.exists("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name)):
t=t+Request_Print("S", "<tr><td>%s</td><td>%s</td><td>" % (function_name,function_score))
# import the function itself
#function = getattr(cdsware.websubmit_functions, function_name)
execfile("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name),globals())
if not globals().has_key(function_name):
t=t+"function %s does not exist...<br>" % function_name
else:
function = globals()[function_name]
# Evaluate the parameters, and place them in an array
parameters = Get_Parameters(function_name,doctype)
# Call function
t=t+function(parameters,curdir,form)
t=t+Request_Print("S","</td></tr>")
else:
t=t+"function %s does not exist...<br>" % function_name
t=t+Request_Print("S","</table>")
else :
t=t+Request_Print("S","<br><br><b>Your chosen action is not supported by the document</b>")
return t
def Propose_Next_Action (doctype,action_score,access,currentlevel,indir):
global machine,storage,act,rn
t=""
res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and level!='0' and level=%s and score>%s ORDER BY score", (doctype,currentlevel,action_score,))
if len(res) > 0:
t=t+Request_Print("A","<BR><BR>You now have to<ul>")
first_score = res[0][10]
for i in range(0,len(res)):
action = res[i]
if action[10] == first_score:
if i > 0:
t=t+Request_Print("A"," <b>or</b>");
res2 = run_sql("SELECT dir FROM sbmACTION WHERE sactname=%s", (action[1],))
nextdir = res2[0][0]
t=t+Request_Print("A","<LI><A HREF=\"\" onClick=\"document.forms[0].action='submit.py';document.forms[0].curpage.value='%s';document.forms[0].startPg.value='%s';document.forms[0].act.value='%s';document.forms[0].doctype.value='%s';document.forms[0].indir.value='%s';document.forms[0].access.value='%s';document.forms[0].fromdir.value='%s';document.forms[0].submit();return false;\"> %s </a>" % (action[11],action[11],action[1],doctype,nextdir,access,indir,action[12]))
t=t+Request_Print("A","</ul>")
return t
def Test_Reload(uid_email,doctype,act,access):
res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s and status='finished'", (doctype,act,access,uid_email,))
if len(res) > 0:
return 1
else:
return 0
class functionError(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
class functionStop(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
def errorMsg(title,req,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
urlargs=req.args)
def warningMsg(title,req,c=cdsname,ln=cdslang):
return page(title="warning",
body = title,
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
urlargs=req.args)
def getCookie(name,uid):
# these are not real http cookies but are stored in the DB
res = run_sql("select value from sbmCOOKIES where uid=%s and name=%s", (uid,name,))
if len(res) > 0:
return res[0][0]
else:
return None
def setCookie(name,value,uid):
# these are not real http cookies but are stored in the DB
res = run_sql("select id from sbmCOOKIES where uid=%s and name=%s", (uid,name,))
if len(res) > 0:
run_sql("update sbmCOOKIES set value=%s where uid=%s and name=%s", (value,uid,name,))
else:
run_sql("insert into sbmCOOKIES(name,value,uid) values(%s,%s,%s)", (name,value,uid,))
return 1
def specialchars(text):
text = string.replace(text,"“","\042");
text = string.replace(text,"”","\042");
text = string.replace(text,"’","\047");
text = string.replace(text,"—","\055");
text = string.replace(text,"\221","\047"); #single-quote left
text = string.replace(text,"\222","\047"); #apostrophe
text = string.replace(text,"\223","\042"); #double quote left
text = string.replace(text,"\224","\042"); #double quote right
text = string.replace(text,"\226","\055"); #long dash
text = string.replace(text,"\205","\056\056\056"); #ellipse
text = string.replace(text,"…","\056\056\056");
return text
</protect>
diff --git a/modules/websubmit/lib/websubmit_engine.py.wml b/modules/websubmit/lib/websubmit_engine.py.wml
index e385669ce..cf48f5a4a 100644
--- a/modules/websubmit/lib/websubmit_engine.py.wml
+++ b/modules/websubmit/lib/websubmit_engine.py.wml
@@ -1,1352 +1,1353 @@
## $Id$
## CDSware WebSubmit in mod_python.
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
## start Python:
<protect>## $Id$</protect>
<protect>## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.</protect>
"""CDSware Submission Web Interface."""
## fill config variables:
pylibdir = "<LIBDIR>/python"
<protect>
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
sys.path.append('%s' % pylibdir)
from cdsware.config import *
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import acc_isRole
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email
from cdsware.messages import *
from mod_python import apache
from cdsware.websubmit_config import *
from cdsware.file import *
def interface(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1):
ln = wash_language(ln)
sys.stdout = req
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
# variable initialisation
t = ""
field = []
fieldhtml = []
level = []
fullDesc = []
text = []
check = []
select = []
radio = []
upload = []
txt = []
noPage = []
# Preliminary tasks
# check that the user is logged in
if uid_email == "" or uid_email == "guest":
warningMsg("<center><font color=red>Sorry, you must log in to perform this action. Please use the top right menu to do so.</font></center>",req)
# check we have minimum fields
if doctype=="" or act=="" or access=="":
return errorMsg("invalid parameter",req)
# retrieve the action and doctype data
if indir == "":
res = run_sql("select dir from sbmACTION where sactname=%s",(act,))
if len(res) == 0:
return errorMsg("cannot find submission directory",req)
else:
row = res[0]
indir = row[0]
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s",(doctype,))
if len(res) == 0:
return errorMsg("unknown document type",req)
else:
docname = res[0][0]
docname = string.replace(docname," "," ")
res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s",(act,))
if len(res) == 0:
return errorMsg("unknown action",req)
else:
actname = res[0][0]
actname = string.replace(actname," "," ")
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s", (subname,))
if len(res) == 0:
return errorMsg("can't figure number of pages",req)
else:
nbpages = res[0][0]
#Get current page
if startPg != "" and (curpage=="" or curpage==0):
curpage = startPg
# retrieve the name of the file in which the reference of
# the submitted document will be stored
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'", (doctype,))
if len(res) == 0:
edsrn = ""
else:
edsrn = res[0][0]
# This defines the path to the directory containing the action data
curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access)
# if this submission comes from another one ($fromdir is then set)
# We retrieve the previous submission directory and put it in the proper one
if fromdir != "":
olddir = "%s/%s/%s/%s" % (storage,fromdir,doctype,access)
if os.path.exists(olddir):
os.rename(olddir,curdir)
# If the submission directory still does not exist, we create it
if not os.path.exists(curdir):
try:
os.makedirs(curdir)
except:
return errorMsg("can't create submission directory",req)
# retrieve the original main menu url ans save it in the "mainmenu" file
if mainmenu != "":
fp = open("%s/mainmenu" % curdir,"w")
fp.write(mainmenu)
fp.close()
# and if the file containing the URL to the main menu exists
# we retrieve it and store it in the $mainmenu variable
if os.path.exists("%s/mainmenu" % curdir):
fp = open("%s/mainmenu" % curdir,"r");
mainmenu = fp.read()
fp.close()
else:
mainmenu = "%s/submit.py" %urlpath
# various authentication related tasks...
if uid_email != "guest" and uid_email != "":
#First save the username (email address) in the SuE file. This way bibconvert will be able to use it if needed
fp = open("%s/SuE" % curdir,"w")
fp.write(uid_email)
fp.close()
# is user authorized to perform this action?
- if acc_isRole("submit",doctype=doctype,act=act) and not acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act):
- return warningMsg("<center><font color=red>Sorry, user %s does not have the right to perform this action. Try logging with another user.</font></center>" % uid_email,req)
+ (auth_code, auth_message) = acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act)
+ if acc_isRole("submit",doctype=doctype,act=act) and auth_code != 0:
+ return warningMsg("<center><font color=red>%s</font></center>" % auth_message, req)
# then we update the "journal of submission"
res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,))
if len(res) == 0:
run_sql("INSERT INTO sbmSUBMISSIONS values (%s,%s,%s,'pending',%s,'',NOW(),NOW())", (uid_email,doctype,act,access,))
else:
run_sql("UPDATE sbmSUBMISSIONS SET md=NOW() WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,))
# Save the form fields entered in the previous submission page
# If the form was sent with the GET method
form = req.form
value = ""
# we parse all the form variables
for key in form.keys():
formfields = form[key]
if re.search("\[\]",key):
filename = key.replace("[]","")
else:
filename = key
# the field is an array
if isinstance(formfields,types.ListType):
fp = open("%s/%s" % (curdir,filename),"w")
for formfield in formfields:
#stripslashes(value)
value = specialchars(formfield)
fp.write(value+"\n")
fp.close()
# the field is a normal string
elif isinstance(formfields,types.StringTypes) and formfields != "":
value = formfields
fp = open("%s/%s" % (curdir,filename),"w")
fp.write(specialchars(value))
fp.close()
# the field is a file
elif hasattr(formfields,"filename"):
if not os.path.exists("%s/files/%s" % (curdir,key)):
try:
os.makedirs("%s/files/%s" % (curdir,key))
except:
return errorMsg("can't create submission directory",req)
filename = formfields.filename
if filename != "":
# This may be dangerous if the file size is bigger than the available memory
data = formfields.file.read()
fp = open("%s/files/%s/%s" % (curdir,key,filename),"w")
fp.write(data)
fp.close()
fp = open("%s/lastuploadedfile" % curdir,"w")
fp.write(filename)
fp.close()
fp = open("%s/%s" % (curdir,key),"w")
fp.write(filename)
fp.close()
# if the found field is the reference of the document
# we save this value in the "journal of submissions"
if uid_email != "" and uid_email != "guest":
if key == edsrn:
run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,))
# Now deal with the cookies
# If the fields must be saved as a cookie, we do so
# In this case, the value of the field will be retrieved and
# displayed as the default value of the field next time the user
# does a submission
if value!="":
res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,))
if len(res) > 0:
if res[0][0] == 1:
setCookie(key,value,uid)
# create interface
# top menu
t=t+"<FORM method=\"POST\" action=\"submit.py\" onSubmit=\"return tester();\">"
t=t+"<center><TABLE cellspacing=0 cellpadding=0 border=0><TR>"
t=t+" <TD class=submitHeader><B>%s </B></TD>" % docname
t=t+" <TD class=submitHeader><small> %s </small></TD>" % actname
t=t+"""
<TD valign=bottom>
<TABLE cellspacing=0 cellpadding=0 border=0 width=100%>
<TR><TD class=submitEmptyPage> </TD>"""
for i in range(1,nbpages+1):
if i == int(curpage):
t=t+"<TD class=submitCurrentPage><small> page:%s </small></TD>" % curpage
else:
t=t+"<TD class=submitPage><small> <A HREF='' onClick=\"if (tester2() == 1){document.forms[0].curpage.value=%s;document.forms[0].submit();return false;} else { return false; }\">%s</A> </small></TD>" % (i,i)
t=t+"<TD class=submitEmptyPage> </TD></TR></TABLE></TD>\n"
t=t+"<TD class=submitHeader align=right> <A HREF='' onClick=\"window.open('summary.py?doctype=%s&act=%s&access=%s&indir=%s','summary','scrollbars=yes,menubar=no,width=500,height=250');return false;\"><font color=white><small>SUMMARY(2)</small></font></A> </TD>\n" % (doctype,act,access,indir)
t=t+"</TR>"
# main cell
t=t+"<TR><TD colspan=5 class=submitHeader><TABLE border=0 cellspacing=0 cellpadding=15 width=\"100%\" class=submitBody><TR><TD><BR>"
# display the static form fields
t=t+"<INPUT type=\"hidden\" name=\"file\" value=\"%s\">\n" % file
t=t+"<INPUT type=\"hidden\" name=\"nextPg\" value=\"%s\">\n" % nextPg
t=t+"<INPUT type=\"hidden\" name=\"access\" value=\"%s\">\n" % access
t=t+"<INPUT type=\"hidden\" name=\"curpage\" value=\"%s\">\n" % curpage
t=t+"<INPUT type=\"hidden\" name=\"nbPg\" value=\"%s\">\n" % nbPg
t = t +"<INPUT type=\"hidden\" name=\"doctype\" value=\"%s\">\n" % doctype
t=t+"<INPUT type=\"hidden\" name=\"act\" value=\"%s\">\n" % act
t=t+"<INPUT type=\"hidden\" name=\"indir\" value=\"%s\">\n" % indir
t=t+"<INPUT type=\"hidden\" name=\"mode\" value=\"U\">\n"
t=t+"<INPUT type=\"hidden\" name=\"step\" value=\"0\">\n"
# For each field to be displayed on the page
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT * FROM sbmFIELD WHERE subname=%s and pagenb=%s ORDER BY fieldnb,fieldnb", (subname,curpage,))
nbFields = 0
for arr in res:
# We retrieve its HTML description
res3 = run_sql("SELECT * FROM sbmFIELDDESC WHERE name=%s", (arr[3],))
arr3 = res3[0]
if arr3[8]==None:
val=""
else:
val=arr3[8]
# we also retrieve and add the javascript code of the checking function, if needed
if arr[7] != '':
res2 = run_sql("SELECT chdesc FROM sbmCHECKS WHERE chname=%s", (arr[7],))
t=t+"<SCRIPT LANGUAGE=\"JavaScript1.1\" TYPE=\"text/javascript\">\n";
t=t+res2[0][0]
t=t+"</SCRIPT>\n"
# If the field is a textarea
if arr3[3] == 'T':
text="<TEXTAREA name=\"%s\" rows=%s cols=%s>%s</TEXTAREA>" % (arr[3],arr3[5],arr3[6],val)
# If the field is a file upload
elif arr3[3] == 'F':
text="<INPUT TYPE=file name=\"%s\" size=%s maxlength=%s>" % (arr[3],arr3[4],arr3[7]);
# If the field is a text input
elif arr3[3] == 'I':
text="<INPUT name=\"%s\" size=%s value=\"%s\">" % (arr[3],arr3[4],val)
# If the field is a hidden input
elif arr3[3] == 'H':
text="<INPUT type=\"hidden\" name=\"%s\" value=\"%s\">" % (arr[3],val)
# If the field is user-defined
elif arr3[3] == 'D':
text=arr3[9]
# If the field is a select box
elif arr3[3] == 'S':
text=arr3[9]
# If the field is an evaluated script
# the execed code should set variable text
elif arr3[3] == 'R':
co = compile(arr3[9].replace("\r\n","\n"),"<string>","exec")
exec(co)
# If the field type is not recognized
else:
text="%s: unknown field type" % arr[1]
# we now determine the exact type of the created field
if arr3[3] not in [ 'D','R']:
field.append(arr[3])
level.append(arr[5])
fullDesc.append(arr[4])
txt.append(arr[6])
check.append(arr[7])
# If the field is not user-defined, we try to determine its type
# (select, radio, file upload...)
# check whether it is a select field or not
if re.search("SELECT",text,re.IGNORECASE) != None:
select.append(1)
else:
select.append(0)
# checks whether it is a radio field or not
if re.search("TYPE=radio",text,re.IGNORECASE) != None:
radio.append(1)
else:
radio.append(0)
# checks whether it is a file upload or not
if re.search("TYPE=file",text,re.IGNORECASE) != None:
upload.append(1)
else:
upload.append(0)
# if the field description contains the "<COMBO>" string, replace
# it by the category selected on the document page submission page
combofile = "combo%s" % doctype
if os.path.exists("%s/%s" % (curdir,combofile)):
f = open("%s/%s" % (curdir,combofile),"r")
combo = f.read()
f.close()
else:
combo=""
text = text.replace("<COMBO>",combo)
# if there is a <YYYY> tag in it, replace it by the current year
year = time.strftime("%Y");
text = text.replace("<YYYY>",year)
fieldhtml.append(text)
# increment the fields counter
nbFields = nbFields + 1
else:
select.append(0)
radio.append(0)
upload.append(0)
field.append(value)
level.append(arr[5])
txt.append(arr[6])
level.append(arr[5])
fullDesc.append(arr[4])
txt.append(arr[6])
check.append(arr[7])
fieldhtml.append(text)
nbFields = nbFields+1
# now displays the html form field(s)
t+="%s\n" % fullDesc[nbFields-1]
t+=text+"\n"
# if there is a file upload field, we change the encoding type
t=t+"<SCRIPT LANGUAGE=\"JavaScript1.1\" TYPE=\"text/javascript\">\n"
for i in range(0,nbFields):
if upload[i] == 1:
t=t+"document.forms[0].encoding = \"multipart/form-data\";\n"
# we don't want the form to be submitted if the user enters 'Return'
t=t+"function tester(){return false;}\n"
# tests if mandatory fields are well filled
t=t+"function tester2(){\n"
for i in range(0,nbFields):
if re.search("%s\[\]"%field[i],fieldhtml[i]):
fieldname = "%s[]" % field[i]
else:
fieldname = field[i]
t=t+" el = document.forms[0].elements['%s'];\n" % fieldname
# If the field must be checked we call the checking function
if check[i] != "":
t=t+"if (%s(el.value)== 0){\n" % check[i]
t=t+" el.focus();\n"
t=t+" return 0;\n"
t=t+"}\n"
# If the field is mandatory, we check a value has been selected
if level[i] == 'M':
if select[i] != 0:
# If the field is a select box
t=t+"if ((el.selectedIndex == -1)||(el.selectedIndex == 0)){\n"
t=t+" alert(\"The field `%s` is Mandatory.\\n Please make a choice in the 'Select:' box\");\n" % txt[i]
t=t+" return 0;\n"
t=t+"}\n"
elif radio[i] != 0:
# If the field is a radio buttonset
t=t+"var check=0;\n"
t=t+"for (var j=0;j<el.length;j++){\n"
t=t+" if (el.options[j].checked){check++;}\n"
t=t+"}\n"
t=t+"if (check == 0){\n"
t=t+" alert(\"Please press a button.\");\n"
t=t+" return 0;\n"
t=t+"}\n"
else:
# If the field is a text input
t=t+"if (el.value == ''){\n"
t=t+" alert(\"The field `%s` is Mandatory. Please fill it in.\");\n" % txt[i]
t=t+" return 0;\n"
t=t+"}\n"
t=t+"return 1;\n"
t=t+"}\n"
t=t+"</SCRIPT><BR> <BR> </TD></TR></TABLE></TD></TR>\n"
# Display the navigation cell
# Display "previous page" navigation arrows
t=t+"<TR><TD colspan=5><TABLE border=0 cellpadding=0 cellspacing=0 width=\"100%\"><TR>\n"
if int(curpage) != 1:
t=t+" <TD class=submitHeader align=left> \n"
t=t+" <A HREF='' onClick=\"if (tester2() == 1){document.forms[0].curpage.value=%s;document.forms[0].submit();return false;} else { return false; }\">" % (int(curpage)-1)
t=t+" <IMG SRC=\"%s/left-trans.gif\" alt=\"previous page\" border=0>\n" % images
t=t+" <strong><font color=white>previous page</A></font></strong></TD>\n"
else:
t=t+" <TD class=submitHeader> </TD>\n"
# Display the submission number
t=t+" <TD class=submitHeader align=center><small>Submission no(1): %s</small></TD>\n" % access
# Display the "next page" navigation arrow
if int(curpage) != int(nbpages):
t=t+" <TD class=submitHeader align=right>\n"
t=t+" <A HREF='' onClick=\"if (tester2()){document.forms[0].curpage.value=%s;document.forms[0].submit();return false;} else {return false;}; return false;\">\n" % (int(curpage)+1)
t=t+" <strong><font color=white> next page</font></strong>\n"
t=t+" <IMG SRC=\"%s/right-trans.gif\" alt=\"next page\" border=0></A> " % images
else:
t=t+" <TD class=submitHeader> </TD>\n"
t=t+"</TR></TABLE></TD></TR></TABLE></center></FORM>"
# # # # # # # # # # # # # # # # # # # # # # # # #
# Fill the fields with the previously saved values
# # # # # # # # # # # # # # # # # # # # # # # # #
t=t+"<SCRIPT LANGUAGE=\"JavaScript1.1\" TYPE=\"text/javascript\">\n"
t=t+"<!-- Fill the fields in with the previous saved values-->\n"
# For each actual form field
for i in range(0,nbFields):
if re.search("%s\[\]"%field[i],fieldhtml[i]):
fieldname = "%s[]" % field[i]
else:
fieldname = field[i]
text = ''
# If a file exists with the name of the field we extract the saved value
if os.path.exists("%s/%s" % (curdir,field[i])):
file = open("%s/%s" % (curdir,field[i]),"r");
text = file.read()
text = re.compile("[\n\r]*$").sub("",text)
text = re.compile("\n").sub("\\n",text)
text = re.compile("\r").sub("",text)
file.close()
# Or if a cookie is set
# If a cookie is found corresponding to the name of the current
# field, we set the value of the field to the cookie's value
elif getCookie(field[i],uid) != None:
value = getCookie(field[i],uid)
value = re.compile("\r").sub("",value)
value = re.compile("\n").sub("\\n",value)
text = value
# If the value isn't empty
if text != '':
if select[i] != 0:
# If the field is a SELECT element
values = text.split("\n")
tmp=""
for val in values:
if tmp != "":
tmp = tmp + " || "
tmp = tmp + "el.options[j].value == \"%s\" || el.options[j].text == \"%s\"" % (val,val)
if tmp != "":
t=t+"\n<!--SELECT field found-->\n"
t=t+"el = document.forms[0].elements['%s'];\n" % fieldname
t=t+"for (var j=0;j<el.length;j++){\n"
t=t+" if (%s){\n" % tmp
t=t+" el.options[j].selected = true;}}\n"
elif radio[i] != 0:
# If the field is a RADIO element
t=t+"\n<!--RADIO field found-->\n"
t=t+"el = document.forms[0].elements['%s'];\n" % fieldname
t=t+"if (el.value == \"%s\"){\n" % text
t=t+" el.checked=true;}\n"
elif upload[i] == 0:
# If the field is not an upload element
t=t+"\n<!--INPUT field found-->\n"
t=t+"el = document.forms[0].elements['%s'];\n" % fieldname
text = text.replace('"','\"')
text = text.replace("\n","\\n")
t=t+"el.value=\"%s\";\n" % text
t=t+"<!--End Fill in section-->\n"
# JS function finish
# This function tests each mandatory field in the whole submission and checks whether
# the field has been correctly filled in or not
# This function is called when the user presses the "End
# Submission" button
if int(curpage) == int(nbpages):
t=t+"\n\nfunction finish() {\n"
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT * FROM sbmFIELD WHERE subname=%s and pagenb!=%s", (subname,curpage,))
nbFields=0
message = ""
select = []
radio = []
upload = []
field = []
level = []
txt = []
for arr in res:
if arr[5] == "M":
res2 = run_sql("SELECT * FROM sbmFIELDDESC WHERE name=%s", (arr[3],));
row2 = res2[0]
if row2[3] in ['D','R']:
if row2[3] == "D":
text = row2[9]
else:
text = eval(row2[9])
formfields = text.split(">")
for formfield in formfields:
match = re.match("name=([^ <>]+)",formfield,re.IGNORECASE)
if match != None:
names = match.groups
for value in names:
if value != "":
value = re.compile("[\"']+").sub("",value)
field.append(value)
level.append(arr[5])
txt.append(arr[6])
noPage.append(arr[1])
check.append(arr[7])
nbFields = nbFields+1
else:
noPage.append(arr[1])
field.append(arr[3])
level.append(arr[5])
txt.append(arr[6])
check.append(arr[7])
nbFields = nbFields+1
# tests each mandatory field
for i in range (0,nbFields):
res = 1
if not os.path.exists("%s/%s" % (curdir,field[i])):
res=0
else:
file = open("%s/%s" % (curdir,field[i]),"r")
text = file.read()
if text == '':
res=0
else:
if text == "Select:":
res=0
if res==0:
message = " alert (\"The field '%s' is mandatory.\\nGoing back to page %s\");\n" % (txt[i],noPage[i])
message = message + " document.forms[0].curpage.value=\"%s\";\n" % noPage[i]
message = message + " document.forms[0].submit();\n"
if message != "":
t=t+message
else:
t=t+"if (tester2()){\n";
t=t+" document.forms[0].action=\"submit.py\";\n"
t=t+" document.forms[0].step.value=1;\n"
t=t+" document.forms[0].submit();\n"
t=t+" } \n"
t=t+" else \n"
t=t+" { \n"
t=t+" return false;\n"
t=t+" }\n"
t=t+"}\n"
t=t+"""
</SCRIPT>
<BR>
<BR>"""
# Display the "back to main menu" button
t=t+"<A HREF=\"%s\" onClick=\"return confirm('Are you sure you want to quit this submission?')\">\n" % mainmenu
t=t+"<IMG SRC=\"%s/mainmenu.gif\" border=0 ALT=\"back to main menu\" align=right></A><BR><BR>\n" % images
t=t+"""
<HR>
<small>(1) you should take note of this number at the beginning of the submission, it will allow you to get your information back in case your browser crashes before the end of the submission.</small><BR>"""
# Add the summary window definition if needed
t=t+" <small>(2) mandatory fields appear in red in the 'Summary' window.</small><BR>\n"
# start display:
req.content_type = "text/html"
req.send_http_header()
p_navtrail = "<a href=\"submit.py\">Submit</a> > <a href=\"submit.py?doctype=%s\">%s</a> > %s" % (doctype,docname,actname)
return page(title="" ,
body=t,
navtrail = p_navtrail,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def endaction(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1,step=1,mode="U"):
global rn,sysno,dismode,curdir,uid,uid_email,lats_step,action_score
dismode = mode
ln = wash_language(ln)
sys.stdout = req
t=""
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value)
# Preliminary tasks
# check that the user is logged in
if uid_email == "" or uid_email == "guest":
return warningMsg("<center><font color=red>Sorry, you must log in to perform this action. Please use the top right menu to do so.</font></center>",req,cdsname,ln)
# check we have minimum fields
if doctype=="" or act=="" or access=="":
return errorMsg("invalid parameter",req,cdsname,ln)
# retrieve the action and doctype data
if indir == "":
res = run_sql("select dir from sbmACTION where sactname=%s", (act,))
if len(res) == 0:
return errorMsg("cannot find submission directory",req,cdsname,ln)
else:
row = res[0]
indir = row[0]
# The following words are reserved and should not be used as field names
reserved_words = ["stop","file","nextPg","startPg","access","curpage","nbPg","act","indir","doctype","mode","step","deleted","file_path","userfile_name"]
# This defines the path to the directory containing the action data
curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access)
# If the submission directory still does not exist, we create it
if not os.path.exists(curdir):
try:
os.makedirs(curdir)
except:
return errorMsg("can't create submission directory",req,cdsname,ln)
# retrieve the original main menu url ans save it in the "mainmenu" file
if mainmenu != "":
fp = open("%s/mainmenu" % curdir,"w")
fp.write(mainmenu)
fp.close()
# and if the file containing the URL to the main menu exists
# we retrieve it and store it in the $mainmenu variable
if os.path.exists("%s/mainmenu" % curdir):
fp = open("%s/mainmenu" % curdir,"r");
mainmenu = fp.read()
fp.close()
else:
mainmenu = "%s/submit.py" % urlpath
# retrieve the name of the file in which the reference of
# the submitted document will be stored
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'",(doctype,))
if len(res) == 0:
edsrn = ""
else:
edsrn = res[0][0]
# Now we test whether the user has already completed the action and
# reloaded the page (in this case we don't want the functions to be called
# once again
reloaded = Test_Reload(uid_email,doctype,act,access)
# if the action has been completed
#if reloaded:
# return warningMsg("<b> Sorry, this action has already been completed. Please go back to the main menu to start a new action.</b>",req)
# We must determine if the action is finished (ie there is no other steps after the current one
res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step > %s", (act,doctype,step,))
if len(res) == 0:
finished = 1
else:
finished = 0
# Save the form fields entered in the previous submission page
# If the form was sent with the GET method
form = req.form
value = ""
# we parse all the form variables
for key in form.keys():
formfields = form[key]
if re.search("\[\]",key):
filename = key.replace("[]","")
else:
filename = key
# the field is an array
if isinstance(formfields,types.ListType):
fp = open("%s/%s" % (curdir,filename),"w")
for formfield in formfields:
#stripslashes(value)
value = specialchars(formfield)
fp.write(value+"\n")
fp.close()
# the field is a normal string
elif isinstance(formfields,types.StringTypes) and formfields != "":
value = formfields
fp = open("%s/%s" % (curdir,filename),"w")
fp.write(specialchars(value))
fp.close()
# the field is a file
elif hasattr(formfields,"filename"):
if not os.path.exists("%s/files/%s" % (curdir,key)):
try:
os.makedirs("%s/files/%s" % (curdir,key))
except:
return errorMsg("can't create submission directory",req,cdsname,ln)
filename = formfields.filename
if filename != "":
# This may be dangerous if the file size is bigger than the available memory
data = formfields.file.read()
fp = open("%s/files/%s/%s" % (curdir,key,filename),"w")
fp.write(data)
fp.close()
fp = open("%s/lastuploadedfile" % curdir,"w")
fp.write(filename)
fp.close()
fp = open("%s/%s" % (curdir,key),"w")
fp.write(filename)
fp.close()
# if the found field is the reference of the document
# we save this value in the "journal of submissions"
if uid_email != "" and uid_email != "guest":
if key == edsrn:
run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,))
# Now deal with the cookies
# If the fields must be saved as a cookie, we do so
# In this case, the value of the field will be retrieved and
# displayed as the default value of the field next time the user
# does a submission
if value!="":
res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,))
if len(res) > 0:
if res[0][0] == 1:
setCookie(key,value,uid)
# those fields are necessary for the navigation
t=t+"<FORM ENCTYPE=\"multipart/form-data\" action=\"submit.py\" method=\"POST\">\n"
t=t+"<INPUT type=\"hidden\" name=\"file\" value=\"%s\">\n" % file
t=t+"<INPUT type=\"hidden\" name=\"nextPg\" value=\"%s\">\n" % nextPg
t=t+"<INPUT type=\"hidden\" name=\"startPg\" value=\"%s\">\n" % startPg
t=t+"<INPUT type=\"hidden\" name=\"access\" value=\"%s\">\n" % access
t=t+"<INPUT type=\"hidden\" name=\"curpage\" value=\"%s\">\n" % curpage
t=t+"<INPUT type=\"hidden\" name=\"nbPg\" value=\"%s\">\n" % nbPg
t=t+"<INPUT type=\"hidden\" name=\"doctype\" value=\"%s\">\n" % doctype
t=t+"<INPUT type=\"hidden\" name=\"act\" value=\"%s\">\n" %act
t=t+"<INPUT type=\"hidden\" name=\"indir\" value=\"%s\">\n" % indir
t=t+"<INPUT type=\"hidden\" name=\"fromdir\" value=\"\">\n"
t=t+"<INPUT type=\"hidden\" name=\"mainmenu\" value=\"%s\">\n" % mainmenu
# parameters for new MESS end scripts
t=t+"<INPUT type=\"hidden\" name=\"mode\" value=\"U\">\n"
t=t+"<INPUT type=\"hidden\" name=\"step\" value=\"1\">\n"
t=t+"<INPUT type=\"hidden\" name=\"deleted\" value=\"no\">\n"
t=t+"<INPUT type=\"hidden\" name=\"file_path\" value=\"\">\n"
t=t+"<INPUT type=\"hidden\" name=\"userfile_name\" value=\"\">\n"
# Get document name
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
if len(res) > 0:
docname = res[0][0]
else:
return errorMsg("unknown type of document",req,cdsname,ln)
# Get action name
res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s", (act,))
if len(res) > 0:
actname = res[0][0]
else:
return errorMsg("unknown action",req,cdsname,ln)
# Get number of pages
subname = "%s%s" % (act,doctype)
res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s",(subname,))
if len(res) > 0:
nbpages = res[0][0]
else:
return errorMsg("this action does not apply on this type of document",req,cdsname,ln)
# Display table header
t=t+"<center><TABLE cellspacing=0 cellpadding=0 border=0><TR>"
t=t+" <TD class=submitHeader><B>%s </B></TD>" % docname
t=t+" <TD class=submitHeader><small> %s </small></TD>" % actname
t=t+"""
<TD valign=bottom>
<TABLE cellspacing=0 cellpadding=0 border=0 width=100%>
<TR><TD class=submitEmptyPage> </TD>"""
if finished == 1:
t=t+"<TD class=submitCurrentPage>finished!</TD><TD class=submitEmptyPage> </TD></TR></TABLE></TD>\n"
t=t+"<TD class=submitEmptyPage align=right> </TD>\n"
else:
for i in range(1,nbpages+1):
t=t+"<TD class=submitPage><small> <A HREF='' onClick=\"document.forms[0].curpage.value=%s;document.forms[0].action='submit.py';document.forms[0].step.value=0;document.forms[0].submit();return false;\">%s</A> </small></TD>" % (i,i)
t=t+"<TD class=submitCurrentPage>end of action</TD><TD class=submitEmptyPage> </TD></TR></TABLE></TD>\n"
t=t+"<TD class=submitHeader align=right> <A HREF='' onClick=\"window.open('summary.py?doctype=%s&act=%s&access=%s&indir=%s','summary','scrollbars=yes,menubar=no,width=500,height=250');return false;\"><font color=white><small>SUMMARY(2)</small></font></A> </TD>\n" % (doctype,act,access,indir)
t=t+"</TR>\n"
# Display main cell
t=t+"<TR>\n"
t=t+" <TD colspan=5 class=submitBody>\n"
t=t+" <small><BR><BR>\n"
# we specify here whether we are in the last step of the action or not
res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step>%s", (act,doctype,step,))
if len(res) == 0:
last_step = 1
else:
last_step = 0
# Prints the action details, returning the mandatory score
action_score = action_details(doctype,act)
current_level = get_level(doctype, act)
# Calls all the function's actions
try:
t=t+print_function_calls(doctype, act, step, form)
except functionError,e:
return errorMsg(e.value,req)
except functionStop,e:
if e.value != None:
t=t+e.value
else:
t=t+e
# If the action was mandatory we propose the next mandatory action (if any)
if action_score != -1 and last_step == 1:
t=t+Propose_Next_Action(doctype,action_score,access,current_level,indir)
# If we are in the last step of an action, we can update the "journal of submissions"
if last_step == 1:
if uid_email != "" and uid_email != "guest" and rn != "":
res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,))
if len(res) == 0:
run_sql("INSERT INTO sbmSUBMISSIONS values(%s,%s,%s,'finished',%s,%s,NOW(),NOW())", (uid_email,doctype,act,access,rn,))
else:
run_sql("UPDATE sbmSUBMISSIONS SET md=NOW(),reference=%s,status='finished' WHERE doctype=%s and action=%s and id=%s and email=%s", (rn,doctype,act,access,uid_email,))
t=t+""" <BR><BR>
</TD>
</TR>
<TR class=submitHeader>
<TD class=submitHeader colspan=5 align=center>"""
if finished == 0:
t=t+"<small>Submission no</small>²:\n"
t=t+"<small>%s</small>\n" % access
else:
t=t+" \n"
t=t+"""
</TD>
</TR>
</TABLE>
</center>
</form>
<br>
<br>"""
# Add the "back to main menu" button
if finished == 0:
t=t+ " <A HREF=\"%s\" onClick=\"return confirm('Are you sure you want to quit this submission?')\">\n" % mainmenu
else:
t=t+" <A HREF=\"%s\">\n" % mainmenu
t=t+"<IMG SRC=\"%s/mainmenu.gif\" border=0 ALT=\"back to main menu\" align=\"right\"></A><BR><BR>\n" % images
# start display:
req.content_type = "text/html"
req.send_http_header()
p_navtrail = "<a href=\"submit.py\">Submit</a> > <a href=\"submit.py?doctype=%s\">%s</a> > %s" % (doctype,docname,actname)
return page(title="",
body=t,
navtrail = p_navtrail,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def simpleendaction(doctype="", act="", startPg=1, indir="", access="",step=1,mode="U"):
global rn,sysno,dismode,curdir,uid,uid_email,lats_step,action_score
dismode = mode
# check we have minimum fields
if doctype=="" or act=="" or access=="":
return "invalid parameter"
# retrieve the action and doctype data
if indir == "":
res = run_sql("select dir from sbmACTION where sactname=%s", (act,))
if len(res) == 0:
return "cannot find submission directory"
else:
row = res[0]
indir = row[0]
# This defines the path to the directory containing the action data
curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access)
# If the submission directory still does not exist, we create it
if not os.path.exists(curdir):
return "submission directory %s does not exist" % curdir
# retrieve the name of the file in which the reference of
# the submitted document will be stored
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'",(doctype,))
if len(res) == 0:
edsrn = ""
else:
edsrn = res[0][0]
# Get document name
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
if len(res) > 0:
docname = res[0][0]
else:
return "unknown type of document %s" % doctype
# Get action name
res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s", (act,))
if len(res) > 0:
actname = res[0][0]
else:
return "unknown action %s" % act
# Prints the action details, returning the mandatory score
action_score = action_details(doctype,act)
current_level = get_level(doctype, act)
# Calls all the function's actions
print_function_calls(doctype, act, step, "")
return "ok"
def home(req,c=cdsname,ln=cdslang):
ln = wash_language(ln)
# get user ID:
try:
uid = getUid(req)
except MySQLdb.Error, e:
return errorMsg(e.value)
# start display:
req.content_type = "text/html"
req.send_http_header()
finaltext = ""
finaltext = finaltext + """
<SCRIPT TYPE="text/javascript" LANGUAGE="Javascript1.2">
var allLoaded = 1;
</SCRIPT>
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">Document types available for submission:</th>
</tr>
<tr>
<td class="portalboxbody">
<BR>
Please select the type of document you want to submit:
<BR><BR>
<TABLE width="100%">
<TR>
<TD width="50%" class="narrowsearchboxbody">
"""
finaltext = finaltext + "<FORM method=get action=\"submit.py\">\n"
finaltext = finaltext + "<INPUT type=\"hidden\" name=\"doctype\">"
# Initialise catalogues array
finaltext = finaltext + makeCataloguesTable()
finaltext = finaltext + """
</TD>
</TR>
</TABLE>
</FORM>
</td>
</tr>
</table>"""
p_navtrail = "Submit"
return page(title="",
body=finaltext,
navtrail=p_navtrail,
description="toto",
keywords="keywords",
uid=uid,
language=ln,
urlargs=req.args
)
def makeCataloguesTable():
text = ""
catalogues = []
queryResult = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=0 ORDER BY catalogue_order");
if len(queryResult) != 0:
# Query has executed successfully, so we can proceed to display all
# catalogues in the EDS system...
text = "<UL>\n"
for row in queryResult:
catalogues.append(row[0])
text = text + displayCatalogueBranch(row[0],1,catalogues)
text = text + "</UL>\n"
else:
text = "<h3>No document types yet...</h3>\n"
return text
def displayCatalogueBranch(id_father,level,catalogues):
text = ""
queryResult = run_sql("SELECT name, id FROM sbmCOLLECTION WHERE id=%s", (id_father,))
if len(queryResult) != 0:
row = queryResult[0]
if level == 1:
text = "<LI><font size=\"+1\"><strong>%s</strong></font>\n" % row[0]
else:
if level == 2:
text = "<LI>%s\n" % row[0]
else:
if level > 2:
text = "<LI>%s\n" % row[0]
# display the son document types
res1 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_father=%s ORDER BY catalogue_order", (id_father,))
res2 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=%s ORDER BY catalogue_order", (id_father,))
if len(res1) != 0 or len(res2) != 0:
text = text + "<UL>\n"
if len(res1) != 0:
for row in res1:
text = text + displayDoctypeBranch(row[0],catalogues)
# display the son catalogues
for row in res2:
catalogues.append(row[0])
text = text + displayCatalogueBranch(row[0],level+1,catalogues)
if len(res1) != 0 or len(res2) != 0:
text = text + "</UL>\n"
return text
def displayDoctypeBranch(doctype,catalogues):
text = ""
res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
row = res[0]
text = "<LI><a href=\"\" onmouseover=\"javascript:popUpTextWindow('%s',true,event);\" onmouseout=\"javascript:popUpTextWindow('%s',false,event);\" onClick=\"document.forms[0].doctype.value='%s';document.forms[0].submit();return false;\">%s</a>\n" % (doctype,doctype,doctype,row[0])
return text
def action(req,c=cdsname,ln=cdslang,doctype=""):
nbCateg = 0
snameCateg = []
lnameCateg = []
actionShortDesc = []
indir = []
actionbutton = []
statustext = []
t = ""
ln = wash_language(ln)
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value, req)
#parses database to get all data
#first the list of categories
res = run_sql("SELECT * FROM sbmCATEGORIES WHERE doctype=%s ORDER BY lname", (doctype,))
if len(res) > 0:
for arr in res:
nbCateg = nbCateg+1
snameCateg.append(arr[1])
lnameCateg.append(arr[2])
#then data about the document type
res = run_sql("SELECT * FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
if len(res) > 0:
arr = res[0]
docFullDesc = arr[0]
docShortDesc = arr[1]
description = arr[4]
else:
return errorMsg ("Cannot find document %s" % doctype, req)
#then data about associated actions
res2 = run_sql("SELECT * FROM sbmIMPLEMENT LEFT JOIN sbmACTION on sbmACTION.sactname=sbmIMPLEMENT.actname WHERE docname=%s and displayed='Y' ORDER BY sbmIMPLEMENT.buttonorder", (docShortDesc,))
for arr2 in res2:
res = run_sql("SELECT * FROM sbmACTION WHERE sactname=%s", (arr2[1],))
for arr in res:
actionShortDesc.append(arr[1])
indir.append(arr[2])
actionbutton.append(arr[5])
statustext.append(arr[6])
t = """
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
var checked=0;
function tester()
{
"""
if (uid_email == "" or uid_email == "guest"):
t = t + "alert(\"please log in first.\\nUse the top right menu to log in.\");return false;\n";
t = t + """
if (checked == 0)
{
alert ("please select a category");
return false;
}
else
{
return true;
}
}
function clicked()
{
checked=1;
}
function selectdoctype(nb)
{
document.forms[0].act.value = docname[nb];
}
</SCRIPT>
<FORM method=get action="submit.py">"""
t = t + "<INPUT type=\"hidden\" name=\"doctype\" value=\"%s\">\n" % doctype
t = t + "<INPUT type=\"hidden\" name=\"indir\">"
pid = os.getpid()
now = time.time()
t = t + "<input type=hidden name=access value=\"%i_%s\">" % (now,pid)
t = t + """
<INPUT type="hidden" name="act">
<INPUT type="hidden" name="startPg" value=1>"""
t = t + "<INPUT type=hidden name=mainmenu value=\"submit.py?doctype=%s\">\n" % doctype
t = t + """
<table class="searchbox" width="100%" summary="">
<tr>"""
t+=" <th class=\"portalboxheader\">%s</th>" % docFullDesc
t+="""
</tr>
<tr>
<td class="portalboxbody">"""
if description != "":
t = t + "%s" % description
t = t + """
<BR>
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
var nbimg = document.images.length + 1;
</SCRIPT>
<BR>
<TABLE align=center cellpadding=0 cellspacing=0 border=0>
<TR>"""
if nbCateg != 0:
t = t + "<TD align=right>\n"
for i in range(0,nbCateg):
t = t + "%s<INPUT TYPE=radio NAME=\"combo%s\" value=\"%s\" onClick=\"clicked()\"> <BR>\n" % (lnameCateg[i],doctype,snameCateg[i])
t = t + "</TD>\n"
else:
t = t + "<SCRIPT>checked=1;</SCRIPT>\n"
t = t + """
<TD>
</TD>
<TD>
<TABLE>"""
#display list of actions
for i in range(0,len(actionShortDesc)):
t+="<input type=\"submit\" class=\"adminbutton\" value=\"%s\" onClick=\"if (tester()){document.forms[0].indir.value='%s';document.forms[0].act.value='%s';document.forms[0].submit();}; return false;\"><br>" % (statustext[i],indir[i],actionShortDesc[i])
t = t + """
</TABLE>
</TD>
</TR>
</TABLE>
<BR>"""
if nbCateg != 0:
t = t + "<STRONG class=headline>Notice:</STRONG><BR>\nSelect a category and then click the button to perform the action you chose.\n"
t = t + """
<BR><BR>
<BR>
</FORM>
<FORM action="submit.py"><HR>
<font color=black><small>To continue an interrupted submission,
enter your access number directly in the input box.</small></FONT>
<TABLE border=0 bgcolor="#CCCCCC" width="100%"><TR>
<TD width="100%">
<small>Access Number: <INPUT size=15 name=AN>"""
t = t + "<INPUT type=hidden name=doctype value=\"%s\"> <INPUT class=\"adminbutton\" type=submit value=\" go! \">" % doctype
t = t + """</small></TD></TR></TABLE><HR></FORM>
</td>
</tr>
</table>"""
p_navtrail = "<a href=\"submit.py\">Submit</a> > %s" % docFullDesc
return page(title="",
body=t,
navtrail=p_navtrail,
description="toto",
keywords="keywords",
uid=uid,
language=ln,
urlargs=req.args
)
def set_report_number (newrn):
global uid_email,doctype,access,rn
# First we save the value in the global object
rn = newrn
# then we save this value in the "journal of submissions"
if uid_email != "" and uid_email != "guest":
run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (newrn,doctype,access,uid_email,))
def get_report_number():
global rn
return rn
def set_sysno (newsn) :
global sysno
sysno = newsn
def get_sysno() :
global sysno
return sysno
def Request_Print(m, txt):
# The argumemts to this function are the display mode (m) and the text to be displayed (txt)
# If the argument mode is 'ALL' then the text is unconditionally echoed
# m can also take values S (Supervisor Mode) and U (User Mode). In these
# circumstances txt is only echoed if the argument mode is the same as
# the current mode
global dismode
if m == "A" or m == dismode:
return txt
else:
return ""
def Evaluate_Parameter (field, doctype):
# Returns the literal value of the parameter. Assumes that the value is
# uniquely determined by the doctype, i.e. doctype is the primary key in
# the table
# If the table name is not null, evaluate the parameter
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name=%s", (doctype,field,))
# If no data is found then the data concerning the DEF(ault) doctype is used
if len(res) == 0:
res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype='DEF' and name=%s", (field,))
if len(res) == 0:
return ""
else:
if res[0][0] != None:
return res[0][0]
else:
return ""
def Get_Parameters (function, doctype):
# Returns the function parameters, in an array, for the function
# Gets a description of the parameter
parray = {}
res = run_sql("SELECT * FROM sbmFUNDESC WHERE function=%s", (function,))
for i in range(0,len(res)):
parameter = res[i][1]
parray[parameter] = Evaluate_Parameter (parameter , doctype)
return parray
def get_level (doctype, action):
res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,))
if len(res) > 0:
return res[0][9]
else:
return 0
def action_details (doctype, action):
# Prints whether the action is mandatory or optional. The score of the
# action is returned (-1 if the action was optional)
res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,))
if len(res)>0:
if res[0][9] != "0":
return res[0][10]
else:
return -1
else:
return -1
def print_function_calls (doctype, action, step, form):
# Calls the functions required by an "action" action on a "doctype" document
# In supervisor mode, a table of the function calls is produced
global htdocsdir,storage,access,pylibdir
t=""
# Get the list of functions to be called
res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step=%s ORDER BY score", (action,doctype,step,))
# If no data is found then the data concerning the DEF(ault) doctype is used
if len(res) == 0:
res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype='DEF' and step=%s ORDER BY score", (action,step,))
if len(res) > 0:
t=t+Request_Print("S", "<br><br>Here is the %s function list for %s documents at level %s <P>" % (action,doctype,step))
t=t+Request_Print("S", "<table border cellpadding = 15><tr><th>Function</th><th>Score</th><th>Running Function</th></tr>")
# while there are functions left...
for function in res:
function_name = function[2]
function_score = function[3]
if os.path.exists("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name)):
t=t+Request_Print("S", "<tr><td>%s</td><td>%s</td><td>" % (function_name,function_score))
# import the function itself
#function = getattr(cdsware.websubmit_functions, function_name)
execfile("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name),globals())
if not globals().has_key(function_name):
t=t+"function %s does not exist...<br>" % function_name
else:
function = globals()[function_name]
# Evaluate the parameters, and place them in an array
parameters = Get_Parameters(function_name,doctype)
# Call function
t=t+function(parameters,curdir,form)
t=t+Request_Print("S","</td></tr>")
else:
t=t+"function %s does not exist...<br>" % function_name
t=t+Request_Print("S","</table>")
else :
t=t+Request_Print("S","<br><br><b>Your chosen action is not supported by the document</b>")
return t
def Propose_Next_Action (doctype,action_score,access,currentlevel,indir):
global machine,storage,act,rn
t=""
res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and level!='0' and level=%s and score>%s ORDER BY score", (doctype,currentlevel,action_score,))
if len(res) > 0:
t=t+Request_Print("A","<BR><BR>You now have to<ul>")
first_score = res[0][10]
for i in range(0,len(res)):
action = res[i]
if action[10] == first_score:
if i > 0:
t=t+Request_Print("A"," <b>or</b>");
res2 = run_sql("SELECT dir FROM sbmACTION WHERE sactname=%s", (action[1],))
nextdir = res2[0][0]
t=t+Request_Print("A","<LI><A HREF=\"\" onClick=\"document.forms[0].action='submit.py';document.forms[0].curpage.value='%s';document.forms[0].startPg.value='%s';document.forms[0].act.value='%s';document.forms[0].doctype.value='%s';document.forms[0].indir.value='%s';document.forms[0].access.value='%s';document.forms[0].fromdir.value='%s';document.forms[0].submit();return false;\"> %s </a>" % (action[11],action[11],action[1],doctype,nextdir,access,indir,action[12]))
t=t+Request_Print("A","</ul>")
return t
def Test_Reload(uid_email,doctype,act,access):
res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s and status='finished'", (doctype,act,access,uid_email,))
if len(res) > 0:
return 1
else:
return 0
class functionError(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
class functionStop(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
def errorMsg(title,req,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
urlargs=req.args)
def warningMsg(title,req,c=cdsname,ln=cdslang):
return page(title="warning",
body = title,
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
urlargs=req.args)
def getCookie(name,uid):
# these are not real http cookies but are stored in the DB
res = run_sql("select value from sbmCOOKIES where uid=%s and name=%s", (uid,name,))
if len(res) > 0:
return res[0][0]
else:
return None
def setCookie(name,value,uid):
# these are not real http cookies but are stored in the DB
res = run_sql("select id from sbmCOOKIES where uid=%s and name=%s", (uid,name,))
if len(res) > 0:
run_sql("update sbmCOOKIES set value=%s where uid=%s and name=%s", (value,uid,name,))
else:
run_sql("insert into sbmCOOKIES(name,value,uid) values(%s,%s,%s)", (name,value,uid,))
return 1
def specialchars(text):
text = string.replace(text,"“","\042");
text = string.replace(text,"”","\042");
text = string.replace(text,"’","\047");
text = string.replace(text,"—","\055");
text = string.replace(text,"\221","\047"); #single-quote left
text = string.replace(text,"\222","\047"); #apostrophe
text = string.replace(text,"\223","\042"); #double quote left
text = string.replace(text,"\224","\042"); #double quote right
text = string.replace(text,"\226","\055"); #long dash
text = string.replace(text,"\205","\056\056\056"); #ellipse
text = string.replace(text,"…","\056\056\056");
return text
</protect>
diff --git a/modules/websubmit/web/admin/actionFunctions.php.wml b/modules/websubmit/web/admin/actionFunctions.php.wml
index deeadcc43..36ce20e6a 100644
--- a/modules/websubmit/web/admin/actionFunctions.php.wml
+++ b/modules/websubmit/web/admin/actionFunctions.php.wml
@@ -1,634 +1,635 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="List of Functions for <i><protect><?print "$action </i>on<i> $doctype";?></protect></I>" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/***********************Function Declarations************************/
function displayFunctions($doctype, $action)
{
global $IMAGES;
$lockStr = "LOCK TABLES sbmFUNCTIONS READ";
# Apply a read lock to the given functions table...
if($lockRes = mysql_query($lockStr))
{
# Execute a query selecting a listing of the functions that make
# up an action for the given document type
$queryResult = mysql_query("SELECT * FROM sbmFUNCTIONS WHERE
doctype='$doctype' and action='$action' ORDER BY step, score");
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
# If there were rows returned by this query (i.e. there are
# functions composing the given action on the given doctype, we
# can display them.
if(mysql_num_rows($queryResult) > 0)
{
# We can now create a table to display the query dynaset in...
print("<TABLE ALIGN='center' BORDER=1 CELLSPACING=0 "
. "CELLPADDING=0>");
# Open the first table row for the column headings...
print("<TR BGCOLOR='#CCDDFF'>");
# Get information about the fields in the table...
$columns = mysql_list_fields(DOCS_DATABASE, "sbmFUNCTIONS");
# Display all of the column headings
for($headerIndex = 2; $headerIndex < mysql_num_fields($columns);
$headerIndex++)
{
print("<TH> ");
print(mysql_field_name($columns, $headerIndex));
print("</TH>");
if(mysql_field_name($columns, $headerIndex) == "function")
{ # Add another column...
print("<TH> </TH>");
}
} // END for
# Now that we have added all of the header columns, we can add
# one more column header offering the user the ability to
# delete a function from the current action on the current
# doctype...
print("<TH STYLE=\"color: red\">Delete</TH>\n");
print("</TR>");
# Make a counter for the rows...
$rowCount = 0;
# Put the contents of the query dynaset into a temporary
# array...
while($dataRow = mysql_fetch_array($queryResult))
{
$allRows[$rowCount] = $dataRow;
$rowCount++;
} // End while
# Reset $rowCount to 0 for use in further processing...
$rowCount = 0;
# Now, we can display the body of the table...
for($i = 0; $i < mysql_num_rows($queryResult); $i++)
{
print("<TR BGCOLOR='#FFFFCC'>");
# For each column...
for($colIndex = 2; $colIndex < mysql_num_fields($columns);
$colIndex++)
{
if(mysql_field_name($columns, $colIndex) == "function")
# If the column is the function name,
# create a link to the description of
# that function in the fundesc table.
{
print("<TD ALIGN='center'>");
print("<A ");
print("HREF='func.php?functionName=");
print(urlencode($allRows[$i][$colIndex]));
print("&doctype=$doctype&action=$action&returnTo="
. "actionFunctions.php' ");
print("onMouseOver=\"");
print("window.defaultstatus = ''; window.status = ");
print("'View parameters taken by ");
print($allRows[$i][$colIndex] . " function for the "
. "$action action, ");
print("on $doctype doctype'\"> ");
print(htmlspecialchars($allRows[$i][$colIndex]));
print("</A></TD>");
# Now we can add the up and down buttons to the
# table.
# Add the small "up" button...
print("<TD><TABLE BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0"
. "><TR>"
. "<FORM ACTION='actionFunctions.php' "
. "METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='calledBefore' "
. "VALUE='true'>"
. "<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>"
. "<INPUT TYPE='hidden' NAME='action' "
. "VALUE='$action'>"
. "<INPUT TYPE='hidden' NAME='up' VALUE='true'>"
. "<INPUT TYPE='hidden' NAME='function' VALUE='"
. $allRows[$i]['function'] . "'>"
. "<INPUT TYPE='hidden' NAME='currentScore' "
. "VALUE='" . $allRows[$i]['score'] . "'>"
. "<INPUT TYPE='hidden' NAME='currentStep' "
. "VALUE='" . $allRows[$i]['step'] . "'>");
if($rowCount == 0)
{
print("<TD>"
. "<IMG SRC='".$IMAGES."/up.gif' BORDER=0 HEIGHT=11"
. " WIDTH=11"
. " ALT='Function Already At Top Of Order. "
. " Unable To Move Up!'>");
} // END if
else
{
print("<INPUT TYPE='hidden' NAME='previousFunct"
. "ion'"
. " VALUE='" . $allRows[$i - 1]['function'] . "'>"
. "<INPUT TYPE='hidden' NAME='previousScore'"
. " VALUE='" . $allRows[$i - 1]['score'] . "'>"
. "<INPUT TYPE='hidden' NAME='previousStep' "
. "VALUE='"
. $allRows[$i - 1]['step'] . "'><TD>"
. "<INPUT TYPE=image SRC='".$IMAGES."/up.gif'"
. " BORDER=0 "
. "HEIGHT=11 WIDTH=11 onClick=\"submit()\">");
} // END else
# Add the small "down" button...
print("</TD></FORM></TR>"
. "<FORM ACTION='actionFunctions.php' "
. "METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='calledBefore' "
. "VALUE='true'>"
. "<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>"
. "<INPUT TYPE='hidden' NAME='action' "
. "VALUE='$action'>"
. "<INPUT TYPE='hidden' NAME='down' VALUE='true'>"
. "<INPUT TYPE='hidden' NAME='function' VALUE='"
. $allRows[$i]['function'] . "'>"
. "<INPUT TYPE='hidden' NAME='currentScore' VALUE='"
. $allRows[$i]['score'] . "'>"
. "<INPUT TYPE='hidden' NAME='currentStep' VALUE='"
. $allRows[$i]['step'] . "'>");
if($rowCount == mysql_num_rows($queryResult) - 1)
{
print("<TD>"
. "<IMG SRC='".$IMAGES."/down.gif' BORDER=0"
. " HEIGHT=11 WIDTH=11"
. " ALT='Function Already At Bottom Of Order. "
. " Unable To Move Down!'>");
} // END if
else
{
print("<INPUT TYPE='hidden' NAME='nextFunction' "
. "VALUE='"
. $allRows[$i + 1]['function'] . "'>"
. "<INPUT TYPE='hidden' NAME='nextScore' VALUE='"
. $allRows[$i + 1]['score'] . "'>"
. "<INPUT TYPE='hidden' NAME='nextStep' VALUE='"
. $allRows[$i + 1]['step'] . "'><TD>"
. "<INPUT TYPE='image' SRC='".$IMAGES."/down.gif'"
. " BORDER=0 HEIGHT=11"
. " WIDTH=11 onClick=\"submit()\">");
} // END else
print("</TD></FORM></TR></TABLE></TD>");
}
else # Just display the value, as per normal.
{
print("<TD ALIGN='center'> ");
print(htmlspecialchars($allRows[$i][$colIndex]));
print("</TD>\n");
} // End else
} // End for
# Now, we can fill the contents of the last column with the
# "delete button" for removing a function...
print("<FORM ACTION='actionFunctions.php' METHOD='post' "
. "onSubmit=\"if(confirm('Really delete this function from"
. " the $action action of the $doctype document type?')) {"
. " return true; } else { return false; }\">\n"
. "<INPUT TYPE='hidden' NAME='deleteFunc' "
. "VALUE='true'>\n<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n<INPUT TYPE='hidden' NAME='action' "
. "VALUE='$action'>\n<INPUT TYPE='hidden' NAME='"
. " calledBefore"
. "' VALUE='true'>\n<INPUT TYPE='hidden' NAME='function' "
. "VALUE='" . $allRows[$i]['function'] . "'>\n<INPUT TYPE='hidden' "
. "NAME='currentScore' VALUE='" . $allRows[$i]['score']
. "'>\n<INPUT TYPE='hidden' NAME='currentStep' VALUE='"
. $allRows[$i]['step'] . "'>\n<TD ALIGN='center'>\n<INPUT "
. "TYPE='image' SRC='".$IMAGES."/answer_bad.gif' BORDER=0 "
. "NAME='remove' HEIGHT=14 WIDTH=14 ALIGN='center'>\n"
. "</TD>\n</FORM>\n");
# We have now completed the current row, and can close it
print("</TR>");
# Increment the value of $rowCount...
$rowCount++;
} // End for
# Close the table, as it is now finished...
print("</TABLE>\n");
# Now, we can display a button to offer the user the chance to
# go back to the listing of actions for the given document
# type.
# This is done using a button.
print("<P><BR>\n<TABLE ALIGN='center' BORDER=0 "
. "CELLSPACING=0>\n"
. "<TR><FORM ACTION='addFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='action' VALUE='$action'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<TD ALIGN='center'><INPUT TYPE='button' VALUE='ADD "
. "FUNCTION' onClick=\"submit();\">\n</TD>\n</FORM>\n"
. "<FORM ACTION='documentEDS.php?doctype=$doctype' METHOD="
. "'post'>\n<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n<TD ALIGN='center'>\n"
. "<INPUT TYPE=button VALUE='FINISHED'"
. " onClick=\"submit()\">\n"
. "</TD>\n</FORM>\n</TR>\n</TABLE>\n");
} // End if
else
{
print("<BR><DIV STYLE='color: red; text-align: center; "
. "font-size"
. ": medium; font-weight: bold'>There Are No Functions "
. "Associated With The $action Action For The $doctype "
. "Document Type</DIV>\n");
# Now, we can offer the user the chance to add functions to
# the given action on the given doctype...
# This requires a table with a form in it, with a button to
# press in order to add the functions.
print("<BR>\n<BR>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0><TR>"
. "<TD ALIGN='center'>");
print("\n<FORM ACTION='addFunctions.php' METHOD='post'>\n");
print("<INPUT TYPE='hidden' NAME='action' VALUE='$action'>\n");
print("<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n");
print("<INPUT TYPE='button' VALUE='ADD FUNCTIONS' onClick=\"");
print("submit()\">\n");
print("</FORM></TD>\n");
print("<TD> </TD>\n");
print("<TD ALIGN='center'><FORM ACTION='' "
. "METHOD='post'>");
print("<INPUT TYPE='button' VALUE='MAIN PAGE' "
. "onClick=\"submit()\">");
print("</FORM></TD>\n");
print("<TD> </TD>\n");
print("<TD ALIGN='center'><FORM>\n");
print("<INPUT TYPE='button' VALUE='BACK' ");
print("onClick=\"parent.history.back();\">\n");
print("</FORM></TD>\n");
print("</TR></TABLE>\n");
} // End else
} # END if
else
{
# Display error message (couldnt lock tables).
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'>\n<SPAN STYLE='color: red'>"
. "Error:</SPAN> Unable to retrieve information.</DIV>\n<BR>".mysql_error()."\n");
print("<TABLE ALIGN='center' CELLSPACING=0 CELLPADDING=0 BORDER="
. "0>\n<TR><FORM ACTION='documentEDS.php' METHOD='post'>\n<INPUT "
. "TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n<TD "
. "ALIGN='center'>\n<INPUT TYPE=button VALUE='OK'"
. " onClick=\"submit()\">\n</TD>\n</FORM>\n</TR>\n</TABLE>\n");
} # END else
} // END function displayFunctions()
function displayPage()
{
global $calledBefore,$doctype,$action,$up,$x,$y,$previousScore,$currentStep,$previousStep,$function,$currentScore,$down,$nextStep,$nextScore,$deleteFunc,$previousFunction,$nextFunction;
if(!($calledBefore))
{
displayFunctions($doctype, $action);
} // END if
else
{
if(isset($up))
{
# Destroy memory space associated with x and y coordinates
# which were passed from the input image...
unset($x);
unset($y);
# Destroy $up...
unset($up);
# Make a query string to update the row to move, to its new
# score and step values...
$queryStringA = "UPDATE sbmFUNCTIONS SET score = "
. "'$previousScore'";
if($previousStep < $currentStep)
{ # If the function aboves step is lower, then we must also
# change this...
$queryStringA = $queryStringA . ", step = "
. "'$previousStep'";
} // END if
$queryStringA = $queryStringA . " WHERE doctype = '$doctype'"
. " AND function = '$function' AND score = "
. "'$currentScore' AND step = '$currentStep' and action='$action'";
# Now, make another query string to update the function that
# was above the function that we have just updated in the
# order. This function should be updated to have the values
# that the function that we just updated had!
$queryStringB = "UPDATE sbmFUNCTIONS SET score = "
. "'$currentScore'";
if($previousStep < $currentStep)
{ # If the function we are alterring to the one above has a
# lower step than the one that came after it in the list,
# we must change the steps around...
$queryStringB = $queryStringB . ", step = '$currentStep'";
} // END if
$queryStringB = $queryStringB . " WHERE doctype = '$doctype'"
. " AND function = '$previousFunction' AND "
. "score = '$previousScore' AND step = "
. "'$previousStep' and action='$action'";
# Lock our tables...
$lockStr = "LOCK TABLES sbmFUNCTIONS WRITE";
if($lockRes = mysql_query($lockStr))
{
# Execute the update on the first function...
$queryResultA = mysql_query($queryStringA) or
die("Could Not Update Table. Error: (A) $queryStringA");
# Execute the update on the second function...
$queryresultB = mysql_query($queryStringB) or
die("Could Not Update Table. Error: (B)");
# Unlock our tables...
$unlockRes = mysql_query("UNLOCK TABLES");
} # END if
else
{
# Couldn't lock tables, therefore couldn't allow write
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'>\n<SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to commit movement."
. "</DIV>\n<BR>\n");
} # END else
unset($lockStr);
# Display the table of functions once again...
displayFunctions($doctype, $action);
} // END if
elseif(isset($down))
{
# Destroy memory space associated with $x and $y coordinates
# which were passed from the input image...
unset($x);
unset($y);
# Destroy $down
unset($down);
# Make a query string to update the row to move, to it's new
# score and step values...
$queryStringA = "UPDATE sbmFUNCTIONS SET score = "
. "'$nextScore'";
if($currentStep < $nextStep)
{ # If the step requires changing also, change it...
$queryStringA = $queryStringA . ", step = '$nextStep'";
}
$queryStringA = $queryStringA . " WHERE doctype = '$doctype'"
. " AND function = '$function' AND score = "
. "'$currentScore' AND step = '$currentStep' and action='$action'";
# Now make another query string to update the function whose
# position in the order the other function is moving to...
$queryStringB = "UPDATE sbmFUNCTIONS SET score = "
. "'$currentScore'";
if($currentStep < $nextStep)
{ # If the step requires changing also, change it...
$queryStringB = $queryStringB . ", step = '$currentStep'";
}
$queryStringB = $queryStringB . " WHERE doctype = '$doctype'"
. "AND function = '$nextFunction' AND score = "
. "'$nextScore' AND step = '$nextStep' and action='$action'";
# Lock our tables...
$lockStr = "LOCK TABLES sbmFUNCTIONS WRITE";
if($lockRes = mysql_query($lockStr))
{
# Execute the query on the first data item...
$queryResultA = mysql_query($queryStringA) or
die("no query A!");
# Execute the query on the second data item...
$queryresultB = mysql_query($queryStringB) or
die("no query B!");
# Unlock our tables...
$unlockRes = mysql_query("UNLOCK TABLES");
} # END if
else
{
# Couldn't lock tables, therefore couldn't allow write
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'>\n<SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to commit movement."
. "</DIV>\n<BR>\n");
} # END else
unset($lockStr);
# Display the table of functions once more...
displayFunctions($doctype, $action);
} // END elseif
elseif(isset($deleteFunc))
{
# This is a call to delete a function from the current action
# of the current doctype.
# Free some wasted space.
unset($deleteFunc);
$delStr = "DELETE FROM sbmFUNCTIONS WHERE doctype = '$doctype"
. "' AND function = '$function' AND score = '$currentScore' "
. "AND step = '$currentStep' and action='$action'";
# Make our LOCK query...
$lockStr = "LOCK TABLES sbmFUNCTIONS WRITE";
if($lockRes = mysql_query($lockStr))
{
$delRes = mysql_query($delStr);
if($delRes)
{
# The deletion query was successful, but did it actually
# delete anything?
if(mysql_affected_rows() == 1)
{
# Perfect! 1 row deleted as expected.
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<SCRIPT TYPE='text/javascript'>\nalert('"
. " Function deleted from action.');\n<"
. "/SCRIPT>\n");
# Mail the admin.
# Get the current date and time...
$dateDets = getdate();
$msgTxt = "The $function function with a score of "
. "$currentScore and step of $currentStep was "
. " deleted from the $action action of the $doctype"
. " document "
. "type on " . $dateDets['weekday'] . " "
. $dateDets['mday'] . " "
. $dateDets['month'] . " " . $dateDets['year']
. ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . ".\n\nWebSubmit Administrator.";
# Send the message...
mail(ADMIN_EMAIL, "${action}.${doctype}.$function "
. "function Deletion", $msgTxt,
"From: WebSubmit_Administrator");
} // END if
elseif(mysql_affected_rows() > 1)
{
# Hmmm! We seem to have deleted more than 1 row.
# Maybe we had a function in twice with exactly the
# same dets or something?
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
# Free the lock & unlock query results...
mysql_free_result($lockRes);
mysql_free_result($unlockRes);
print("<SCRIPT TYPE='text/javascript'>\nalert('The "
. "deletion of the requested function caused "
. mysql_affected_rows() . " rows to be "
. "deleted.\\nIt is possible that the function had "
. "this many entries with exactly\\nthe same score "
. "and step.');\n</SCRIPT>\n");
} // END elseif
else
{
# Ahhhhhh! We have deleted no function!
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:"
. " Unable to delete the requested function. Try "
. "again or inform system "
. "administrator.');\n</SCRIPT>\n");
} // END else
} // END if
else
{
# Deletion query failed.
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Unable to delete the requested function. Try again "
. "or inform system administrator.');\n</SCRIPT>\n");
} // END else
} # END if
else
{
# Could not lock the table. No display allowed.
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'>\n<SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to delete function."
. "</DIV>\n<BR>\n");
} # END else
# Display the table of functions once more...
displayFunctions($doctype, $action);
} // END elseif
else
{
print("<BR><H3 STYLE='text-align: center; font-color: red'>"
. "\nERROR IN UPDATE</H3>\n");
} // END else
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage($doctype);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/addActionEDS.php.wml b/modules/websubmit/web/admin/addActionEDS.php.wml
index ab8b1f6a2..d911e70f2 100644
--- a/modules/websubmit/web/admin/addActionEDS.php.wml
+++ b/modules/websubmit/web/admin/addActionEDS.php.wml
@@ -1,438 +1,438 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Create a new action" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT TYPE='text/javascript'>
<!-- hide
function validateIsInt(param)
// This function validates its parameter to ensure that it is an integer
// value.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// ca8nro@yahoo.co.uk
// Created: 16/11/2000
// Last Modified: 16/11/2000
{
// Create a flag to indicate that we have found a non-digit value
var nonDigit = false;
for(index = 0; index < param.length; index++)
{
if(!(param[index] >= 0 && param[index] <= 9))
{
// In this case, we've found a non-digit value, and can stop
// searching, as the parameter is clearly not an integer
nonDigit = true;
break;
} // END if
} // END for
return true;
} // END function validateIsInt(param)
function checkRequired(sactname, lactname)
// This is a function to ensure that the user enters the required
// parameters for the action.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// ca8nro@yahoo.co.uk
// Created: Long ago!
// Last Modified: 19/12/2000
{
// If the field is left blank by the user...
if((sactname == "") || (lactname == ""))
{ // Alert them, and return false.
alert("Values must be entered into the Action Code,"
+ "Long Action Name fields.");
return false;
} // End if
else // If level has been filled by the user...
{
return true;
} // End else
} // End function checkRequired(param)
// -->
</SCRIPT>
<?
/*********************Function Descriptions***************************/
function enterEDSaction($lactname = "", $dir = "",
$actionbutton = "", $statustext = "", $sactname = "")
{
/*******************************************************************
This function has the task of creating a form in which a user can
enter a new EDS action.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 19/12/2000
Last Modified: 17/01/2001
*******************************************************************/
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below, is "
. "a form in which you can enter the details of a new action."
. "<BR><BR>When you enter a new action, it will not be "
. "accepted by the system unless you have given it a unique "
. "\"Action Code\".<BR>"
. "<BR>You can commit this new action to the database by "
. "clicking on \"SAVE DETAILS\".</P>\n</TD>\n</TR>\n</TABLE>"
. "\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
print("<FORM ACTION='addActionEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='commitAct' VALUE='true'>\n"
. "<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 ALIGN='center' "
. "WIDTH='100%'>\n");
# Get the columns list
$columns = mysql_list_fields(DOCS_DATABASE, "sbmACTION");
# Get the number of fields
$numTblFlds = mysql_num_fields($columns);
# Get the data, so that it can be committed for the modification
# date field (md)...
$dateDets = makeEDSmdDate();
# Now display the upper part of the table - fields that are system
# generated...
print("<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0 BORDER=0>\n<TR>\n<TH BGCOLOR='#D3DCE3' "
. "ALIGN='right' WIDTH='20%'>\nCreation "
. "Date: </TH>\n<TD WIDTH='80%' ALIGN='left' BGCOLOR="
. "'#FFFFCC'><INPUT TYPE='readonly' NAME='cd' VALUE='"
. "$dateDets'>\n</TD>\n</TR>\n<TR>\n<TH WIDTH='20%'"
. " BGCOLOR='#D3DCE3' ALIGN='right'>\nModification "
. "Date: </TH>\n<TD WIDTH='80%' ALIGN='left' "
. "BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' NAME='md' "
. "VALUE='$dateDets'>\n</TD>\n</TR>\n");
# Now create the fields that the user can edit...
# Make the sactname field...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "Action Code: </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<INPUT TYPE='text' NAME='sactname' SIZE="
. mysql_field_len($columns, 1) . " VALUE='"
. ereg_replace("'", "'",
htmlspecialchars(${mysql_field_name($columns, 1)}))
. "'>\n</TD>\n</TR>\n");
print("<input type=\"hidden\" name=\"actionbutton\" value=\"\">");
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# Get the name of the current field...
$currentField = mysql_field_name($columns, $indx);
# Ensure we dont once again print certain fields
if(($currentField != "cd") && ($currentField != "md")
&& ($currentField != "sactname")&& ($currentField != "actionbutton"))
{
# First display the form field label...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' "
. "WIDTH='20%'>\n");
if($currentField == "lactname")
{
print("Action Description: ");
} // END if
else
{
print("$currentField" . ": ");
} // END else
print(" </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<INPUT TYPE='text' NAME="
. "'$currentField' SIZE=");
if(mysql_field_type($columns, $indx) == "blob")
{
print("60");
} // END if
else
{
print(mysql_field_len($columns, $indx));
} // END else
print(" VALUE='" . ereg_replace("'", "'",
htmlspecialchars(${mysql_field_name($columns, $indx)}))
. "'>\n</TD>\n</TR>\n");
} // END if
} // END for
# Now that the table has been created, it can be closed...
print("</TABLE>\n");
# Now make the commit buttons that must be used for the form...
print("<TABLE ALIGN='center' CELLSPACING=2 CELLPADDING=2 BORDER=0>"
. "<TR>\n<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='SAVE DETAIL"
. "S' onClick=\"if(checkRequired(sactname.value, lactname.value"
. ")) { if(confirm('Really Commit This New Action"
. "?')) { submit(); } else { return false; } }\">\n</TD><TD ALIGN='"
. "center'>\n<INPUT TYPE='button' VALUE='RESET' onClick=\"reset();"
. "\">\n</TD>\n</FORM>\n<FORM ACTION='allActionsEDS.php' METHOD='po"
. "st'>\n<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='CANCEL' onC"
. "lick=\"submit();\">\n</TD>\n</FORM>\n</TR>\n</TABLE>\n");
} // END function enterEDSaction()
function displayPage()
{
global $commitAct,$sactname,$lactname,$dir,$actionbutton,$statustext;
if($commitAct)
{
# In this case, the user has entered the details of the new
# action, and these details should be committed to the DB.
# Make sure the sactname field is uppercase...
$sactname = strtoupper($sactname);
# First we can ensure that there is not already an action in the
# DB with the same name as that given to the new action...
# Lock table
mysql_query("LOCK TABLES sbmACTION READ");
$checkRes = mysql_query("SELECT sactname FROM sbmACTION WHERE "
. "sactname = '$sactname'");
if($checkRes)
{
# In this case, the query has worked , so carry on...
if(mysql_num_rows($checkRes) != 0)
{
# Ah-Hah! They have tried to add an action whose ID Code
# is already in use!
mysql_query("UNLOCK TABLES");
# Let the check result go...
mysql_free_result($checkRes);
# Give them an explanatory error message...
print("<P STYLE=\"color: red; text-align: center; font-"
. "size: small; font-weight: bold\">Unable To Commit These"
. " Details. The Action Code Used Already Exists. Try "
. "Again With A New Code.</P>\n");
# Now a JavaScript alert...
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: It "
. "was not possible to commit these details for the new "
. "action because the action code chosen already exists in"
. DOCS_DATABASE . ".\\n\\nTry submitting he details again "
. "with a new action code.</SCRIPT>\n");
# Now redisplay the page...
enterEDSaction($lactname, $dir, $actionbutton,
$statustext);
} // END if
else
{
# The details should now be fine to commit...
# Unlock tables.
mysql_query("UNLOCK TABLES");
# Let the previous result set go...
mysql_free_result($checkRes);
# Make the insert string...
$updStr = "INSERT INTO sbmACTION (lactname, sactname, dir, "
. "cd, md, actionbutton, statustext) VALUES"
. "('$lactname', '$sactname', '$dir', '$cd', '$md', "
. "'$actionbutton', '$statustext')";
# LOCK sbmACTION table as write.
mysql_query("LOCK TABLES sbmACTION WRITE");
# Commit the details...
$updRes = mysql_query($updStr);
if($updRes)
{
# Query worked...
if(mysql_affected_rows() == 1)
{
# Insertion successful...alert user, email admin, and
# redirect browser...
# UNLOCK TABLES.
mysql_query("UNLOCK TABLES");
print("<SCRIPT TYPE='text/javascript'>\nalert('New "
. "Action Added.');\n</SCRIPT>\n");
print("<P STYLE=\"color: green; text-align: center; "
. "font-size: large\">The New Action Has Been Added."
. "</P>\n");
$msgTxt = "A new action has been added to the "
. DOCS_DATABASE;
$msgTxt .= " database.";
$msgTxt .= " This action is the $sactname "
. "action.\n\n";
$msgTxt .= "WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sactname Action Added to "
. "EDS/WebSubmit", $msgTxt,
"From: WebSubmit_Administrator");
# Redirect the browser...
print("<FORM ACTION='allActionsEDS.php' METHOD='post"
. "' NAME='referForm'>\n<INPUT TYPE='hidden'>"
. "</FORM>\n");
print("<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.referForm.submit();\", "
. "1000);\n</SCRIPT>\n");
} // END if
else
{
# Unable to add the thing...
# Now unlock the ACTION table.
mysql_query("UNLOCK TABLES");
# Alert the user...
print("<P STYLE=\"color: red; text-align: center; "
. "font-size: small; font-weight: bold\">Unable To "
. "Commit These Details. Try Again Later.</P>\n");
print("<SCRIPT TYPE='text/javascript'>\nalert('"
. "ERROR: It was not possible to commit the details"
. " for the new action.\\n\\nTry again, or contact "
. "the system administrator.');\n</SCRIPT>\n");
# Redisplay the form - with the details...
enterEDSaction($lactname, $dir, $actionbutton,
$statustext, $sactname);
} // END else
} // END if
else
{
# Couldn't execute insert query
# Now unlock the sbmACTION table.
mysql_query("UNLOCK TABLES");
# Alert the user...
print("<P STYLE=\"color: red; text-align: center; "
. "font-size: small; font-weight: bold\">Unable To "
. "Execute The Query To Commit These Details. Try "
. "Again Later.</P>\n");
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:"
. " It was not possible to execute the query to commit"
. " the details for the new action.\\n\\nTry again, or"
. " contact the system administrator.');\n</SCRIPT>\n");
# Redisplay the form - with the details...
enterEDSaction($lactname, $dir, $actionbutton,
$statustext, $sactname);
} // END else
} // END else
} // END if
else
{
# In this case, we were unable to read from the sbmACTION table
# to see if there was already a record withthe same action
# code as the action that we have just attempted to add. We
# should therefore not try to add the new action, incase we
# cause key inconsistencies in the sbmACTION table. Instead,
# simply redisplay the form, with the new action data in it.
# Unlock tables.
mysql_query("UNLOCK TABLES");
# Alert the user of the problem...
print("<P STYLE=\"color: red; text-align: center; font-size: "
. "small; font-weight: bold\">Unable To Commit These Details."
. " Try Again Later.</P>\n");
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: It was "
. "not possible to perform a query upon the sbmACTION table.\\n"
. "This meant that it was not possible to commit the new acti"
. "on\\n\\nTry again later, or inform the system administrato"
. "r.');\n</SCRIPT>\n");
# Now redisplay the form...
enterEDSaction($lactname, $dir, $actionbutton,
$statustext, $sactname);
} // END else
} // END if
else
{
# In this case, this is the first call to the page, so we should
# just display the form in which the new action will be entered.
enterEDSaction();
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/addCheckEDS.php.wml b/modules/websubmit/web/admin/addCheckEDS.php.wml
index be23fdf79..5a3c929e0 100644
--- a/modules/websubmit/web/admin/addCheckEDS.php.wml
+++ b/modules/websubmit/web/admin/addCheckEDS.php.wml
@@ -1,250 +1,250 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Add a javascript checking function" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listchecks"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/********************Function Declarations****************************/
function makeChecksInputFormEDS($chdesc = "", $chname = "")
{
/*******************************************************************
This function has the task of displaying a form for the inputting
of a new check. The function is passed 3 variables. These are
the $link variable, the $chdesc variable (which is the
description of the check i.e. the actual JavaScript code itself),
and the chname variable (which is the unique name of the check.
The chdesc and chname variables can be defaulted to nothing when
they are left out. This is because depending upon certain error
conditions when we attempt to add a check, we may want to refuse
committment of the check, and redisplay the form with its details
for certain parts to be changed.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 18/12/2000
Last Modified: 18/12/2000
*******************************************************************/
# Provide a quick description of the pages function...
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below, is a"
. " form that allows you to add a new check to EDS.<BR><BR>"
. "An EDS check is a checking function written in JavaScript"
. " that can be applied to a given EDS submission page or "
. "element(s),<BR>to perform some sort of validation task."
. "<BR><BR>It is important that when you create new EDS "
. "checks, you do not give them a name that is already in "
. "use, as the check name must<BR>be unique due to the fact "
. "that it is used to identify a given check when the EDS "
. "system attempts to use it.<BR><BR>When the check has been "
. "written in the text area provided (Check Description), "
. "click on the \"SAVE DETAILS\" button<BR>to commit this new"
. " check to EDS.</P>\n</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Get the current date...
$modifiedDate = makeEDSmdDate();
# Get a list of the fields in the sbmCHECKS table
$columns = mysql_list_fields(DOCS_DATABASE, "sbmCHECKS");
# Now begin making the form...
print("<TABLE WIDTH='100%' ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<FORM ACTION='addCheckEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='addIt' VALUE='true'>\n"
. "<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>Creation "
. "Date: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'"
. "><INPUT TYPE='readonly' NAME='cd' VALUE='$modifiedDate'></TD>\n"
. "<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>Modificat"
. "ion Date: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH="
. "'80%'><INPUT TYPE='readonly' NAME='md' VALUE='$modifiedDate'>"
. "</TD>\n</TR>\n<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH="
. "'20%'>Check Name: </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'><INPUT TYPE='text' NAME='chname' SIZE="
. mysql_field_len($columns, 0) . " VALUE='$chname'>\n</TD>\n</TR>"
. "\n<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>Check Description:"
. " </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><"
. "TEXTAREA COLS=50 ROWS=20 NAME='chdesc'>$chdesc"
. "</TEXTAREA></TD>\n</TR>\n</TABLE>\n");
# Now make a table to contain a set of buttons for the submission of
# the form, resetting of the form, and cancelling of a check
# addition (this will send the browser back to "allChecksEDS.php").
print("<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2 ALIGN='center'>"
. "\n<TR>\n<TD ALIGN='right'><INPUT TYPE='button' VALUE='SAVE DETAI"
. "LS' onClick=\"if(chname.value != '') { submit(); } else { alert("
. "'The \'Check Name\' Field Is Mandatory'); }\"></TD>\n<TD ALIGN='"
. "center'><INPUT TYPE='button' VALUE='RESET' onClick=\"reset();\">"
. "</TD>\n</FORM>\n<FORM ACTION='allChecksEDS.php' METHOD='post'>\n"
. "<TD ALIGN='left'><INPUT TYPE='button' VALUE='CANCEL' onClick=\""
. "submit();\"></TD>\n</TR>\n</TABLE>\n");
} // END function makeChecksInputFormEDS()
function displayPage()
{
global $addIt,$chname,$chdesc;
if($addIt)
{
# In this case, the user has filled in the form to add a new
# check, and has submitted it...
# The first thing to do is to run a quick query to ensure that
# there is not already a check with the same name as that that we
# have just entered...
$quickRes = mysql_query("SELECT chname FROM sbmCHECKS WHERE chname "
. "= '$chname'");
if($quickRes)
{
# Query successful
if(mysql_num_rows($quickRes) != 0)
{
# Check name already used...redisplay form, with the check
# in it
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Checkname Entered Already Exists. Try "
. "Another.</P>\n");
makeChecksInputFormEDS($chdesc);
} // END if
else
{
# Checkname not used, so commit these new details to the
# database
# free the above result for speeds sakes.
mysql_free_result($quickRes);
# Build an insert query string...
$insStr = "INSERT INTO sbmCHECKS (chname, chdesc, cd, md, "
. "chefi1, chefi2) VALUES('$chname', '$chdesc', '$cd', "
. "'$md', '', '')";
# Execute this query...
$insRes = mysql_query($insStr);
if($insRes)
{
# The new check has been entered into the database!
# Inform the user & the administrator, and redirect the
# browser to "allChecksEDS.php".
print("<SCRIPT TYPE='text/javascript'>\nalert('The "
. "$chname check has been successfully added to "
. "EDS.');\n</SCRIPT>\n");
$msgTxt = "The $chname check has been added to the EDS "
. "Database.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "EDS: $chname Check Added",
$msgTxt, "From: WebSubmit_Administrator");
# Make a background...
print("<P STYLE=\"color: green; font-size: large; text-"
. "align: center\">The $chname Check Has Been Added To "
. DOCS_DATABASE . "</P>\n");
# Redirect the browser
print("<FORM ACTION='allChecksEDS.php' METHOD='post' "
. "NAME='referForm'>\n<INPUT TYPE='hidden'></FORM>\n");
print("<SCRIPT LANGUAGE=\"JavaScript\">\n"
. "setTimeout(\"document.referForm.submit();\", "
. "1000);\n</SCRIPT>\n");
} // END if
else
{
# The insert query has failed for some reason.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Unable to commit the details of this check.\\nPlease"
. " try again or inform the system administrator');\n"
. "</SCRIPT>\n");
makeChecksInputFormEDS($chdesc);
} // END else
} // END else
} // END if
else
{
# In this case, we were unable to read from the sbmCHECKS table
# to see if there was already a check with the name of the
# current check. This means that we should not try to commit
# the new check, simply redisplay the form with the check
# details in it, and display an error message to the user...
print("<SCRIPT TYPE='text/javascript'>\nalert('Error: Unable "
. "to verify check name details.\\nContact system administrat"
. "or or retry later.');\n</SCRIPT>\n");
# Redisplay the form wih all of the details in it...
makeChecksInputFormEDS($chdesc, $chname);
} // END else
} // END if
else
{
# In this case, this is the first call to this script, so it can
# simply display the form in which the details of the new
# JavaScript check can be entered...
makeChecksInputFormEDS();
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/addElement2PageEDS.php.wml b/modules/websubmit/web/admin/addElement2PageEDS.php.wml
index 95a523a74..481713335 100644
--- a/modules/websubmit/web/admin/addElement2PageEDS.php.wml
+++ b/modules/websubmit/web/admin/addElement2PageEDS.php.wml
@@ -1,808 +1,808 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Add Element to Page <protect><?print "$pageNumber of $subname"?></protect>" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT LANGUAGE="JavaScript">
<!-- hide
function checkRequired(param)
// This is a function to ensure that the user enters the required
// value for the level parameter of an EDS submission page element
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// ca8nro@yahoo.co.uk
// Created: Long ago!
// Last Modified: 14/12/2000
{
// If the field is left blank by the user...
if((param == "") || ((param.toUpperCase() != "M") &&
(param.toUpperCase() != "O")))
{ // Alert them, and return false.
alert("A value of M or O must be entered in the level field.");
return false;
} // End if
else // If level has been filled by the user...
{
return true;
} // End else
} // End function checkRequired(param)
// -->
</SCRIPT>
<?
/*********************Function Declarations***************************/
function TestFormField( $fidesc, $level )
{
$res = mysql_query("select type,fidesc from sbmFIELDDESC where name='$fidesc'");
$row = mysql_fetch_row($res);
$type = $row[0];
$body = $row[1];
if ($level == "M" && $type == "S" && !ereg(".*<option>[^<]*Select:.*",$body)) {
print "<SCRIPT TYPE='text/javascript'>alert('The mandatory $fidesc select box must begin with \"<option>Select:</option>\"');</SCRIPT>";
return 0;
}
return 1;
}
function procInsrtn($subname, $pageNumber, $fieldnb, $fidesc, $fitext,
$level, $sdesc, $checkn, $doctype, $nPgs)
{
/******************************************************************
This function has the task of actually processing the insertion
of an element into a submission page for a given doctype. It is
passed all of the various values that should be inserted into the
sbmFIELD table. It then constructs an insert query, and inserts
these values into the table. After the insertion has been
completed, it either informs the user that the new values have
successfully been inserted or not, depending upon whether the
query was successful or not.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 14/12/2000
Last Modified: 25/01/2001
******************************************************************/
if (!TestFormField($fidesc,$level)){
return 0;
}
# Now we can begin building the query string...
$insStr = "INSERT INTO sbmFIELD (subname, pagenb, fieldnb, fidesc, "
. "fitext, level, sdesc, checkn, cd, md, fiefi1, fiefi2) VALUES("
. "'$subname', '$pageNumber', '$fieldnb', '$fidesc', '$fitext', "
. "'$level', '$sdesc', '$checkn', NOW(), NOW(), NULL, NULL)";
# Now execute the above query string...
$insRes = mysql_query($insStr);
# Conduct a test to see if the instertion of these details was
# successful...
if($insRes)
{
# In this case, the details have been inserted correctly. This
# means we must update the modification date of the current
# submission, and the modification date of the current document
# type. We must also redirect the browser back to the
# "pageDetsEDS.php" page to show details of the current
# submission page.
# Update the md field for our submission.
$mdResult = mysql_query("UPDATE sbmIMPLEMENT SET md = "
. "'$md' WHERE subname = '$subname'");
if($mdResult)
{
# In this case, the update result for updating the
# modification date of a submission worked, so we can free
# it's result pointer
mysql_free_result($mdResult);
} // END if
else
{
# Update the submission md query error...output a quick alert
print("<SCRIPT TYPE='text/javascript'>alert('ERROR: Unable"
. " to update the Modification Date field for this "
. "submission<BR>in the sbmIMPLEMENT table.');</SCRIPT>\n");
} // END else
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $md);
# Now output a message on screen informing the user that the
# update has been completed
print("<P STYLE=\"color: green; font-weight: bold; font-size: "
. "large; text-align: center\">The New Element Has Been Added"
. "</P>\n");
# Now output a javascript alert saying more or less the same, in
# a little more detail
print("<SCRIPT TYPE='text/javascript'>alert('The $fidesc element"
. " has been added to page $pageNumber of the\\n$subname "
. "submission of the $doctype document type.\\nIt was added "
. "into element position $fieldnb.\\n\\nYour browser has been re"
. "directed to the page where you can view the details of this"
. " submission page.');</SCRIPT>\n");
# Now make a message and send it to the system administrator to
# inform them that this element addition has taken place.
$msgTxt = "A new element has been added to page $pageNumber of "
. "the $subname submission of the $doctype document type. "
. "This new element is an instance of the $fidesc element "
. "description, and was inserted into position $fieldnb."
. "\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$fidesc Element added to $subname page "
. "$pageNumber", $msgTxt, "From: WebSubmit_Administrator");
# Now redirect the browser to "pageDetsEDS.php"
sendToPageDets($subname, $pageNumber, $nPgs, $doctype);
} // END if
else
{
# In this case, the query to insert the new details has failed.
# This means that we must warn the user of this problem, warn the
# administrator by email, and then redirect the page back to the
# "pageDetsEDS.php" page.
# Now output a message on screen informing the user that the
# update has been completed
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Unable To Add This Element To The <EM>$subname</EM>"
. " Submission</P>\n");
# Now output a javascript alert saying more or less the same, in
# a little more detail
print("<SCRIPT TYPE='text/javascript'>alert('Error: It was not "
. " possible to add the $fidesc element\\n to page $pageNumber "
. "of the $subname submission of the $doctype document type.\\n"
. "This is because it was not possible to commit values to the "
. "sbmFIELD table.');</SCRIPT>\n");
# Now make a message and send it to the system administrator to
# inform them that this element addition has taken place.
$msgTxt = "An error ocurred when attempting to add the "
. "$fidesc element to page $pageNumber of "
. "the $subname submission of the $doctype document type. "
. "This error meant that it was not possible to commit the "
. "details for this new element to the sbmFIELD table, and "
. "therefore the element has not been added.\n\nThere may be"
. " a problem with the sbmFIELD table, and this situation should"
. " be looked into as soon as possible.\n\nWebSubmit Administrator "
. "(";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: Unable To Add $fidesc Element To "
. "$subname Page $pageNumber",
$msgTxt, "From: WebSubmit_Administrator");
# Now redirect the browser to "pageDetsEDS.php"
sendToPageDets($subname, $pageNumber, $nPgs, $doctype);
} // END else
} // END function procInsrtn()
//************
function charSmaller($chr, $datum)
{
/**************************************************************
This function simply compares 2 values to see if a character
($chr) is smaller than a given other character ($datum). It was
written because I wanted to split a <SELECT> box which was
massive up into several select boxes alphabetically. The
original select query on the DB returned the results sorted
alphabetically ascending, and it returned any numeric values as
coming before alphabetic values, so I made this function claim
that anything that is not a letter is smaller than the datum if
it is alphabetic. If the datum is not alphabetic, I just let the
computer decide whether or not the $chr is less than the datum,
as I don't really care, as I never intend to call the function
with non-alphabetic datums.
Not brilliant practice I know! :o
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 17/01/2001
Last Modified: 17/01/2001
**************************************************************/
if(($datum >= "A" && $datum <= "Z") ||
($datum >= "a" && $datum <= "z"))
{
# $datum is an alphabetic char, and all is easy...
if(($chr >= "A" && $chr <= "Z") ||
($chr >= "a" && $chr <= "z"))
{
# Here, the character to compare is an alphabetic char.
if(strtolower($chr) < strtolower($datum))
{
# In this case, our letter is less than the allowed limit
return true;
} // END if
else
{
# In this case, the letter has exceeded it's boundary
return false;
} // END else
} // END if
else
{
# Char to compare is not alphabetic. Therefore, we just let
# Mr computer decide!
return ($chr < strtoupper($datum)) ? true : false;
} // END else
} // END if
else
{
# Datum is non-alphabetic...Grrr!
if(($chr >= "A" && $chr <= "Z") ||
($chr >= "a" && $chr <= "z"))
{
# The character is alphabetic
return (strtoupper($chr) < $datum) ? true : false;
} // END if
else
{
# Character is ! alphabetic, so just let Mr Computer decide
return ($chr < $datum) ? true : false;
} // END else
} // END else
} // END function charSmaller()
//*************
function makeEleForm($subname, $pageNumber, $nPgs, $doctype,
$noElements, $fitext = "", $level = "", $sdesc = "",
$checkn = "", $whichBox = "", $fidesc = "")
{
/*******************************************************************
This function has the job of creating the form that is used to
enter the details of a new element for a page. The function
executes a select query to retrieve the codes for each of the
element descriptions from the sbmFIELDDESC table. If this query was
successful, it then proceeds to create the input form.
Otherwise, it creates the relevant error messages.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 15/12/2000
Last Modified: 30/01/2001
*******************************************************************/
# The first thing we need to do is get a list of all element
# descriptions from the sbmFIELDDESC table...
$qRes = mysql_query("SELECT distinct(name) FROM sbmFIELDDESC ORDER BY "
. "name");
if($qRes)
{
# In this case, the query to get a list of all of the elements
# has been successful, so we can continue making the form
if(mysql_num_rows($qRes) <= 0)
{
# In this case, there are no element descriptions stored in
# the sbmFIELDDESC table. This means we can't add an element to
# a page, so we'd better let the user know this!
print("<P CLASS='errorMsg'>There are currently no element "
. "descriptions stored in EDS.<BR>Unable to add a new "
. "element</P>\n");
print("<SCRIPT TYPE=\"text/javascript\">alert('Because there "
. " are no element configuration descriptions stored in the"
. "\\nsbmFIELDDESC table of EDS, it is not possible to add a new"
. " element instance to a submission.\\n\\nIf you wish to add"
. " elements to a submission page, you must first add meta "
. "data about\\nthese elements to the sbmFIELDDESC table.');"
. "</SCRIPT>\n");
# Now redirect the browser
sendToPageDets($subname, $pageNumber, $nPgs, $doctype);
} // END if
else
{
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD ALIGN='"
. "center'>\n<P STYLE=\"color: blue; text-align: center; "
. "font-size: small; font-weight: bold\">The following form "
. "can be used to add a new element to <EM>page $pageNumber"
. "</EM> of the <EM>$subname</EM> submission.<BR>The first "
. "step is to select an element from a list box. The "
. "element selected will determine the configuration "
. "information template<BR>used to create the element for the"
. " submission page.<BR><BR>When the element description has "
. "been selected, enter all of the other details using the "
. "form and submit it by clicking on \"SAVE CHANGES\".<BR><BR"
. "><SPAN STYLE=\"color: green\">There are many EDS element "
. "descriptions. For ease of selection, they have been split"
. " alphabetically into 3 list boxes.<BR>When selecting an "
. "element, please only select from 1 list box. If se"
. "veral are selected, the value will be taken from the<BR>"
. "left-most listbox.</SPAN>\n</P>\n"
. "</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now, begin making the form for the new elements details.
print("<FORM ACTION='addElement2PageEDS.php' METHOD='post'>"
. "\n<INPUT TYPE='hidden' NAME='insertElement' VALUE='true'>"
. "\n<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='nPgs' VALUE='$nPgs'>\n"
. "<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 ALIGN='center'"
. " BGCOLOR='#CECEFF' WIDTH='100%'>\n<TR>\n<TH ALIGN='right' "
. "WIDTH='25%'>\n<SPAN STYLE=\"color: green;\""
. ">Element Description Code: </SPAN></TH>\n<TD "
. "ALIGN='left' WIDTH='75%'>\n");
# We are going to have 3 select boxes (1 for a-h, 1 for i-p
# and 1 for p-z), because there are so many elements.
# Get the number of elements returned by query
$numEles = mysql_num_rows($qRes);
# Put all elements as returned by the query into a 2d array
$eles = resToArray($qRes);
# ****************Make the 1st select list*****************
print("<SELECT NAME='fidesc_A'>\n<OPTION"
. " VALUE='--X--'>-----A..H-----"
. "</OPTION>\n");
for($idx = 0; (($idx < $numEles) &&
(charSmaller($eles[$idx][0][0], "H"))); $idx++)
{
if($eles[$idx][0])
{
print("<OPTION");
if($whichBox == "fidesc_A" && $fidesc == $eles[$idx][0])
{
# The current element descr should be selected
print(" SELECTED");
} // END if
print(" VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($eles[$idx][0]))
. "'>" . ereg_replace("'", "'",
htmlspecialchars($eles[$idx][0]))
. "</OPTION>\n");
} // END if
} // END for
# Close the current select list
print("</SELECT>");
print(" ");
# ****************Make the 2nd select list*****************
print("<SELECT NAME='fidesc_B'>\n<OPTION"
. " VALUE='--X--'>-----I..P-----"
. "</OPTION>\n");
for($idx2 = $idx; (($idx2 < $numEles) &&
(charSmaller($eles[$idx2][0][0], "Q"))); $idx2++)
{
if($eles[$idx2][0])
{
print("<OPTION VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($eles[$idx2][0]))
. "'");
if($whichBox == "fidesc_B" &&
$fidesc == $eles[$idx2][0])
{
# The current element descr should be selected
print(" SELECTED");
} // END if
print(">" . ereg_replace("'", "'",
htmlspecialchars($eles[$idx2][0]))
. "</OPTION>\n");
} // END if
} // END for
# Close the current select list
print("</SELECT>");
print(" ");
# ****************Make the 3rd select list*****************
print("<SELECT NAME='fidesc_C'>\n<OPTION"
. " VALUE='--X--'>-----Q..Z-----"
. "</OPTION>\n");
for($idx3 = $idx2; $idx3 < $numEles; $idx3++)
{
if($eles[$idx3][0])
{
print("<OPTION VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($eles[$idx3][0]))
. "'");
if($whichBox == "fidesc_C" &&
$fidesc == $eles[$idx3][0])
{
# The current element descr should be selected
print(" SELECTED");
} // END if
print(">" . ereg_replace("'", "'",
htmlspecialchars($eles[$idx3][0]))
. "</OPTION>\n");
} // END if
} // END for
# Close the current select list
print("</SELECT>");
# Now close up the newly created listbox
print("\n</TD>\n</TR>\n</TABLE>\n");
# Now, we can present the user with the form in which they can
# fill in the details that will be committed to the sbmFIELD
# table...
# Get the date for the created date & modification date
$theDate = makeEDSmdDate();
# Get information about all of the fields in the fitext table
$cols = mysql_list_fields(DOCS_DATABASE, "sbmFIELD");
print("<BR><TABLE CELLSPACING=0 CELLPADDING=0 ALIGN='center' "
. "WIDTH='100%' BORDER=0>\n<TR><TH ALIGN='right' WIDTH='25%'"
. " BGCOLOR='"
. "#D3DCE3'>Submission Code: </TH>\n<TD WIDTH='75%' ALIG"
. "N='left' BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' NAME='"
. "subname' VALUE='$subname'></TD>\n</TR>\n<TR>\n<TH ALIGN='"
. "right' WIDTH='25%' BGCOLOR='#D3DCE3'>Page Number: </"
. "TH>\n<TD WIDTH='75%' ALIGN='left' BGCOLOR='#FFFFCC'><INPUT"
. " TYPE='readonly' NAME='pageNumber' VALUE='$pageNumber'></T"
. "D>\n</TR>\n<TR>\n<TH ALIGN='right' WIDTH='25%' BGCOLOR='"
. "#D3DCE3'>Field Number: </TH>\n<TD WIDTH='75%' ALIGN='"
. "left' BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' NAME='field"
. "nb' VALUE='" . ($noElements + 1) . "'></TD>\n</TR>\n<TR><"
. "TH ALIGN='right' WIDTH='25%' BGCOLOR='#D3DCE3'>Creation D"
. "ate: </TH><TD WIDTH='75%' ALIGN='left' BGCOLOR='#FFF"
. "FCC'><INPUT TYPE='readonly' NAME='cd' VALUE='$theDate'>"
. "</TD>\n</TR>\n<TR><TH ALIGN='right' WIDTH='25%' BGCOLOR='"
. "#D3DCE3'>Modification Date: </TH>\n<TD WIDTH='75%' "
. "ALIGN='left' BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' "
. "NAME='md' VALUE='$theDate'></TD>\n</TR>\n<TR><TH ALIGN='"
. "right' WIDTH='25%' BGCOLOR='#87CEFA'>Element Label: "
. "</TH><TD WIDTH='75%' ALIGN='left' BGCOLOR='#FFFFCC'><"
. "INPUT TYPE='text' NAME='fitext' SIZE=40 VALUE='"
. ereg_replace("'", "'", htmlspecialchars($fitext))
. "'></TD>\n</TR>\n<TR><TH ALIGN="
. "'right' WIDTH='25%' BGCOLOR='#87CEFA'>Level: </TH><T"
. "D WIDTH='75%' ALIGN='left' BGCOLOR='#FFFFCC'><SELECT NAME="
. "'level'>\n<OPTION VALUE='M'>Mandatory</OPTION>\n<OPTION ");
if($level == "O" || $level == "o")
{
print("SELECTED ");
} // END if
print("VALUE='O'>Optional</OPTION>\n</SELECT>\n"
. "</TD>\n</TR>\n<TR><TH ALIGN='right' WIDTH='25%' BGCOLOR="
. "'#87CEFA'>Short Desc: </TH><TD WIDTH='75%' ALIGN='"
. "left' BGCOLOR='#FFFFCC'><INPUT TYPE='text' NAME='sdesc' "
. "SIZE=40 VALUE='" . ereg_replace("'", "'",
htmlspecialchars($sdesc))
. "'></TD>\n</TR>\n<TR><TH ALIGN='right' WIDTH='25%' BGCOLOR="
. "'#87CEFA'>Check: </TH><TD WIDTH='75%' ALIGN='left' "
. "BGCOLOR='#FFFFCC'>");
# Now, we wish to use a select list of checks to ensure that
# the user can only select checks that are already stored in
# the EDS DB. Therefore, we need to query sbmCHECKS.
if($chksRes = mysql_query("SELECT chname FROM sbmCHECKS ORDER "
. "BY chname"))
{
# Query fine.
if(mysql_num_rows($chksRes) > 0)
{
# Checks to be put into a select box...good!
print("<SELECT NAME='checkn'>\n<OPTION VALUE=''>"
. "NO CHECK</OPTION>\n");
while($stuff = mysql_fetch_row($chksRes))
{
print("<OPTION VALUE='" . ereg_replace("'", "'",
htmlspecialchars($stuff[0]))
. "'");
if($checkn == $stuff[0])
{
# This check was already selected, so note that
print(" SELECTED");
} // END if
print(">" . ereg_replace("'", "'",
htmlspecialchars($stuff[0]))
. "</OPTION>\n");
} // END while
# Close up the select list
print("</SELECT>\n");
} // END if
else
{
# No checks stored in DB! Offer link to add a check page
print("<SPAN STYLE=\"font-size: small; font-weight: "
. "bold; text-align: left; color: red\">There are "
. "currently no " . DOCS_DATABASE . " checks. "
. "<A HREF='addCheckEDS.php'>Add.</A></SPAN><INPUT "
. "TYPE='hidden' NAME='checkn' VALUE=''>\n");
} // END else
} // END if
else
{
# Can't query for checks, therefore can't add any!
print("<SPAN STYLE=\"font-size: small; font-weight: bold;"
. " text-align: left; color: red\">Unable to retrieve "
. "details of checks from " . DOCS_DATABASE . ". "
. "Try adding check later.</SPAN><INPUT TYPE='hidden' "
. "NAME='checkn' VALUE=''>\n");
} // END else
# Close the current table cell
print("</TD>\n</TR>\n</TABLE>");
# Now that we have finished displaying the input fields of the
# form, we can produce some buttons....1 for submitting the
# form, 1 for resetting the form, and 1 for cancelling the
# action (i.e. not adding a new element at all) - this button
# will return you to the "pageDetsEDS.php" page.
print("<TABLE CELLSPACING=1 CELLPADDING=1 ALIGN="
. "'center' BORDER=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE="
. "'button' VALUE='SAVE DETAILS' onClick=\"submit();\">\n"
. "</TD>\n<TD ALIGN='center'>\n<INPUT TYPE='button'"
. " VALUE='RESET' onClick=\"reset();\">\n</TD>\n</FORM>\n<FO"
. "RM ACTION='pageDetsEDS.php' METHOD='post'>\n<INPUT TYPE='h"
. "idden' NAME='subname' VALUE='$subname'>\n<INPUT TYPE='hidd"
. "en' NAME='pageNumber' VALUE='$pageNumber'>\n<INPUT TYPE='"
. "hidden' NAME='nPgs' VALUE='$nPgs'>\n<INPUT TYPE='hidden' "
. "NAME='doctype' VALUE='$doctype'>\n<TD ALIGN='left'>"
. "<INPUT TYPE='button' VALUE='CANCEL' onClick=\"submit();\">"
. "\n</TD>\n</FORM>\n</TR>\n</TABLE>\n");
} // END else
} // END if
else
{
# In this case, the query to retrieve the descriptions of all
# elements has failed, so we can display an error message
# indicating this and redirect the browser to the
# "pageDetsEDS.php" page
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> It was not possible to retrieve the details of "
. "the element descriptions from the <EM>sbmFIELDDESC</EM> "
. "table.<BR>Unable to add element.</P>\n");
# Now display a JavaScript alert saying more or less the same as
# the above message...
print("<SCRIPT TYPE=\"text/javascript\">alert('ERROR: It was not"
. " possible to retrieve the details for the descriptions of the"
. " EDS elements\\nfrom the sbmFIELDDESC table.\\nThis meant that "
. "it was not possible to add a new element to the requested "
. "submission page.\\n\\nPlease inform the system administrator "
. "of this problem.');</SCRIPT>\n");
# Now redirect the browser
sendToPageDets($subname, $pageNumber, $nPgs, $doctype);
} // END else
} // END function makeEleForm()
function displayPage()
{
global $insertElement,$fidesc_A,$fidesc_B,$fidesc_C,$subname,$pageNumber,$nPgs,$doctype,$fieldnb,$fitext,$level,$sdesc,$checkn,$noElements;
# The first thing to do is to work out what sort of call to the script
# this is. It can either be a first call whereby the form to fill in
# must be displayed, or a self-referential call, whereby the new
# element must actually be inserted into the sbmFIELD table.
if(isset($insertElement))
{
# In this case, this call to the page is a call to insert the new
# element details. We must however perform certain tests to ensure
# values have been filled/selected, just incase our JavaScript
# failed (Likely!).
# Free the $insertElement value...
unset($insertElement);
# Now ensure that the value of "level" is in upper case...
$level = strtoupper($level);
if($fidesc_A == "--X--" && $fidesc_B == "--X--" &&
$fidesc_C == "--X--")
{
# No element descr code selected
print("<P STYLE=\"color: red; text-align: center; font-size:"
. " medium; font-weight: bold\">\nNo Element Description "
. "Code Was Selected\n</P>\n");
# Redisplay the form for re-entry.
makeEleForm($subname, $pageNumber, $nPgs, $doctype,
$fieldnb - 1, $fitext, $level, $sdesc, $checkn);
} // END if
elseif($fidesc_A != "--X--")
{
# Perfect...we take the left-most, which in this case is
# $fidesc_A, so it does not matter if $fidesc_B or $fidesc_C
# are selected or not - we don't care.
if($level == "M" || $level == "O")
{
# $level checks out.
if (!procInsrtn($subname, $pageNumber, $fieldnb, $fidesc_A, $fitext, $level, $sdesc, $checkn, $doctype, $nPgs)) {
# Redisplay input form
makeEleForm($subname, $pageNumber, $nPgs, $doctype,$fieldnb - 1, $fitext, "", $sdesc, $checkn, "fidesc_A", $fidesc_A);
}
} // END if
else
{
# Level doesn't check out
print("<P STYLE=\"color: red; text-align: center; font-size:"
. " medium; font-weight: bold\">\nThe Value of the Level "
. "Field Must be \"M\" or \"O\"\n</P>\n");
# Redisplay input form
makeEleForm($subname, $pageNumber, $nPgs, $doctype,
$fieldnb - 1, $fitext, "", $sdesc, $checkn,
"fidesc_A", $fidesc_A);
} // END else
} // END elseif
elseif($fidesc_A == "--X--" && $fidesc_B != "--X--")
{
# Here, $fidesc_A has not been selected, but $fidesc_B has
# been, meaning that $fidesc_B is the leftmost, and we don't
# care whether or not $fidesc_C has been selected - we take B
if($level == "M" || $level == "O")
{
# $level checks out.
if (!procInsrtn($subname, $pageNumber, $fieldnb, $fidesc_B,$fitext, $level, $sdesc, $checkn, $doctype,$nPgs)) {
# Redisplay input form
makeEleForm($subname, $pageNumber, $nPgs, $doctype,$fieldnb - 1, $fitext, "", $sdesc, $checkn, "fidesc_B", $fidesc_B);
}
} // END if
else
{
# $level doesn't check out
print("<P STYLE=\"color: red; text-align: center; font-size:"
. " medium; font-weight: bold\">\nThe Value of the Level "
. "Field Must be \"M\" or \"O\"\n</P>\n");
# Redisplay input form
makeEleForm($subname, $pageNumber, $nPgs, $doctype,
$fieldnb - 1, $fitext, "", $sdesc, $checkn,
"fidesc_B", $fidesc_B);
} // END else
} // END elseif
else
{
# $fidesc_C must be the only one selected
if($level == "M" || $level == "O")
{
# $level checks out.
if (!procInsrtn($subname, $pageNumber, $fieldnb, $fidesc_C,$fitext, $level, $sdesc, $checkn, $doctype,$nPgs)) {
# Redisplay input form
makeEleForm($subname, $pageNumber, $nPgs, $doctype,$fieldnb - 1, $fitext, "", $sdesc, $checkn, "fidesc_C", $fidesc_C);
}
} // END if
else
{
# Level doesn't check out
print("<P STYLE=\"color: red; text-align: center; font-size:"
. " medium; font-weight: bold\">\nThe Value of the Level "
. "Field Must be \"M\" or \"O\"\n</P>\n");
# Redisplay input form
makeEleForm($subname, $pageNumber, $nPgs, $doctype,
$fieldnb - 1, $fitext, "", $sdesc, $checkn,
"fidesc_C", $fidesc_C);
} // END else
} // END else
} // END if
else
{
# In this case, this is the first call to the page, and it is
# necessary to display the form in which the user can enter the
# details of the new element for the given page of the given
# submission of the given doctype.
makeEleForm($subname, $pageNumber, $nPgs, $doctype,
$noElements);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/addElementDescrEDS.php.wml b/modules/websubmit/web/admin/addElementDescrEDS.php.wml
index e0e10de23..802d4e9a1 100644
--- a/modules/websubmit/web/admin/addElementDescrEDS.php.wml
+++ b/modules/websubmit/web/admin/addElementDescrEDS.php.wml
@@ -1,1001 +1,1001 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Add an element description" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listelements"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*********************Function Descriptions***************************/
function enterEDSelementDescr($elename = "", $alephcode = "",
$size = "", $rows = "", $cols = "", $maxlength = "", $val = "",
$fidesc = "", $cookie = 0, $type = "", $modifytext = "")
{
/*******************************************************************
This function has the task of creating the form that allows a
user to enter the details of a new element description.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 10/01/2001
Last Modified: 08/02/2001
*******************************************************************/
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below, is "
. "a form in which you can enter the details of a new "
. "element description."
. "<BR><BR>When you enter a new element description, it will "
. "not be accepted by the system unless you have given it a "
. "unique<BR>\"Element Name\".<BR>"
. "<BR>You can commit this new element description to the "
. "database by clicking on \"SAVE DETAILS\".</P>\n</TD>\n"
. "</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
print("<FORM ACTION='addElementDescrEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='commitElement' VALUE='true'>\n"
. "<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 ALIGN='center' "
. "WIDTH='100%'>\n");
# Get the columns list
$columns = mysql_list_fields(DOCS_DATABASE, "sbmFIELDDESC");
# Get the number of fields
$numTblFlds = mysql_num_fields($columns);
# Get the data, so that it can be committed for the modification
# date field (md)...
$dateDets = makeEDSmdDate();
# Now display the upper part of the table - fields that are system
# generated...
print("<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0 BORDER=0><INPUT TYPE='hidden' NAME='cd' VALUE='"
. "$dateDets'><INPUT TYPE='hidden' NAME='md' "
. "VALUE='$dateDets'>");
# Now create the fields that the user can edit...
# Make the name field...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "Element Name <EM STYLE=\"font-size: small\">"
. "(Req'd)</EM>: </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<INPUT TYPE='text' NAME='elename' SIZE="
. mysql_field_len($columns, 0) . " VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($elename))
. "'>\n</TD>\n</TR>\n");
# Make the modify text field...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "Modification Text: </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<INPUT TYPE='text' NAME='modifytext' SIZE="
. mysql_field_len($columns, 0) . " VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($modifytext))
. "'>\n</TD>\n</TR>\n");
# Make the type field...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "Element Type <EM STYLE=\"font-size: small\">(Req'd)</EM>: "
. "</TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>\n"
. "<SELECT NAME='type'>\n<OPTION VALUE='NONE_SELECTED'>"
. "Select Element Type...</OPTION>\n");
# Now test to see if this is a recall (due to erroneous form
# filling), whereby a given type must be 'selected'.
# Make User defined type option
print("<OPTION ");
if($type == "D")
{
# D was already selected...
print("SELECTED ");
} // END if
print("VALUE='D'>User Defined Input</OPTION>\n");
# Make Select box type option
print("<OPTION ");
if($type == "S")
{
# S was already selected...
print("SELECTED ");
} // END if
print("VALUE='S'>Select Box</OPTION>\n");
# Make File input type option
print("<OPTION ");
if($type == "F")
{
# F was already selected...
print("SELECTED ");
} // END if
print("VALUE='F'>File Input</OPTION>\n");
# Make Hidden input type option...
print("<OPTION ");
if($type == "H")
{
# H was already selected...
print("SELECTED ");
} // END if
print("VALUE='H'>Hidden Input</OPTION>\n");
# Make Text input type option...
print("<OPTION ");
if($type == "I")
{
# I was already selected...
print("SELECTED ");
} // END if
print("VALUE='I'>Text Input</OPTION>\n");
# Make Response type option...
print("<OPTION ");
if($type == "R")
{
# I was already selected...
print("SELECTED ");
} // END if
print("VALUE='R'>Response</OPTION>\n");
# Make TextArea input type option...
print("<OPTION ");
if($type == "T")
{
# T was already selected...
print("SELECTED ");
} // END if
print("VALUE='T'>Text Area Element</OPTION>\n</SELECT>\n</TD>\n"
. "</TR>\n");
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# Get the name of the current field...
$currentField = mysql_field_name($columns, $indx);
# Ensure we dont once again print certain fields
if(($currentField != "cd") && ($currentField != "md")
&& ($currentField != "name") && ($currentField != "type")
&& ($currentField != "cookie") && ($currentField != "modifytext")
&& ($currentField != "fddfi2"))
{
# First display the form field label...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' "
. "WIDTH='20%'>\n");
if($currentField == "alephcode")
{
print("Aleph Code <EM STYLE=\"font-size: small\">"
. "</EM>:");
} // END if
elseif($currentField == "marccode")
{
print("Marc Code:");
} // END elseif
elseif($currentField == "size")
{
print("Size <EM STYLE=\"font-size: small\">(Text"
. ")</EM>:");
} // END elseif
elseif($currentField == "rows")
{
print("No. Rows <EM STYLE=\"font-size: small\">(TextArea)"
. "</EM>:");
} // END elseif
elseif($currentField == "cols")
{
print("No. Cols <EM STYLE=\"font-size: small\">(TextArea)"
. "</EM>:");
} // END elseif
elseif($currentField == "maxlength")
{
print("Max Length <EM STYLE=\"font-size: small\">(Text)"
. "</EM>:");
} // END elseif
elseif($currentField == "val")
{
print("Value <EM STYLE=\"font-size: small\">(Text"
. "/Hidden)</EM>:");
} // END elseif
elseif($currentField == "fidesc")
{
print("Item Description <EM STYLE=\"font-size: small\">"
. "(User Defined)</EM>:");
} // END elseif
else
{
print("$currentField:");
} // END else
print(" </TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='"
. "#FFFFCC'>\n");
if($currentField == "fidesc")
{
# Here, we ought to make a textarea for fidesc...
print("<TEXTAREA NAME='$currentField' ROWS=25 COLS=50>"
. ereg_replace("'", "'",
htmlspecialchars(${mysql_field_name($columns, $indx)}))
. "</TEXTAREA>\n");
} // END if
else
{
# Just a normal text input will do...
print("<INPUT TYPE='text' NAME='$currentField' "
. "SIZE=");
if(mysql_field_type($columns, $indx) == "blob")
{
print("60");
} // END if
else
{
print(mysql_field_len($columns, $indx));
} // END else
print(" VALUE='" . ereg_replace("'", "'",
htmlspecialchars(${mysql_field_name($columns, $indx)}))
. "'>\n");
} // END else
print("</TD>\n</TR>\n");
} // END if
} // END for
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "Sets Cookie?: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC'"
. "WIDTH='80%'>");
printCookie($cookie);
# Close up the cookie row, and the table!
print("</TH>\n</TR>\n</TABLE>\n");
# Now make the commit, reset, and cancel buttons for the form...
print("<TABLE ALIGN='center' CELLSPACING=2 CELLPADDING=2 BORDER=0>"
. "<TR>\n<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='SAVE DETAIL"
. "S' onClick=\"submit();\">\n</TD><TD "
. "ALIGN='center'>\n<INPUT TYPE='button' VALUE='RESET' onClick=\""
. "reset();\">\n</TD>\n</FORM>\n<FORM ACTION='allElementsEDS.php' "
. "METHOD='post'>\n<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='"
. "CANCEL' onClick=\"submit();\">\n</TD>\n</FORM>\n</TR>\n</TABLE>"
. "\n");
} // END enterEDSelementDescr()
//************
function charIsInt($thing)
{
/*******************************************************************
This function tests to see if a string only contains integer
characters.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 11/01/2001
Last Modified: 11/01/2001
*******************************************************************/
# Reset an error flag
$errorFlag = 0;
# get the length of the string..
$len = strlen($thing);
for($i = 0; $i < $len; $i++)
{
if($thing[$i] < "0" || $thing[$i] > "9")
{
$errorFlag = 1;
break;
} // END if
} // END for
# Return true/false depending upon string status
return ($errorFlag == 1) ? false : true;
} // END function charIsInt($thing)
//********
function insertBon($elename)
{
/*******************************************************************
This function has the task of displaying a message on the screen
to say that the insertion of the new element was successful. It
also displays a button to click to send the browser to the page
displaying the details of the new element description.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 11/01/2001
Last Modified: 11/01/2001
*******************************************************************/
print("<P STYLE=\"font-size: large; font-weight: bold; text-align: "
. "center; color: green\">Element Added.<BR>Click To View details."
. "</P>\n<FORM ACTION='elementConfigDetsEDS.php' METHOD='post' NAME"
. "='referForm'>\n<INPUT TYPE='hidden' NAME='name' VALUE='$elename'"
. ">\n<INPUT TYPE='hidden' NAME='caller' VALUE='allElementsEDS.php"
. "'>\n<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 CELLPADDING="
. "0>\n<TR>\n<TD ALIGN='center'>\n<INPUT TYPE='button' VALUE='VIEW "
. "DETAILS' onClick=\"submit();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>"
. "\n<SCRIPT TYPE='text/javascript'>\nsetTimeout(\"document.refer"
. "Form.submit();\",1000);\n</SCRIPT>\n");
} // END function insertBon()
//***********
function insertMal()
{
/*******************************************************************
This function handles the situation whereby the insert of the new
element description has failed, and we wish to inform the user,
and provide a button to click to goto the list all element
descriptions page.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 12/01/2001
Last Modified: 12/01/2001
*******************************************************************/
print("<P CLASS=\"errorMsg\">\n<SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Unable to insert new element description.</P>\n"
. "<TABLE ALIGN='center' BORDER=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='allElementsEDS.php' METHOD='post'>\n<INPUT TYPE="
. "'button' VALUE='OK' onClick=\"submit();\">\n</FORM>\n</TD>\n"
. "</TR>\n</TABLE>\n");
print mysql_error();
} // END function insertMal()
//************
function emailRecord($elename)
{
/*******************************************************************
Since it is necessary to email the admin informing them about the
success of the addition of a new element description, this
function has been written, which does just that.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 11/01/2001
Last Modified: 25/01/2001
*******************************************************************/
$msgTxt = "A new element description was successfully added to the "
. DOCS_DATABASE . " database. This was the $elename element "
. "description.\n\nWebSubmit Administrator. (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$elename Element Description Added",
$msgTxt, "From: WebSubmit_Administrator");
} // END function emailRecord($elename)
function displayPage()
{
global $commitElement,$elename,$alephcode,$marccode,$size,$rows,$cols,$maxlength,$val,$fidesc,$cookie,$type,$modifytext;
if($commitElement)
{
# In this case, this is a self-referential call to the form, and
# it is time to process the addition of the new element.
# Carry out some form validation (I'm not using JavaScript any
# more for this, as it is rubbish), and take the relevant action
# based upon the resuts...
if($type == "NONE_SELECTED")
{
# In this case, the user has not selected a type for the new
# element. Therefore redisplay the form with the values in
# that they have already entered.
print("<P STYLE=\"font-size: medium; text-align: center; "
. "font-weight: bold; color: red\">Selection Of Element "
. "Type is Mandatory.</P>\n");
enterEDSelementDescr($elename, $alephcode, $size,
$rows, $cols, $maxlength, stripslashes($val),
stripslashes($fidesc), $cookie, "",$modifytext);
} // END if
else
{
# The element type was selected, but we must now ensure that
# the other various field combos were correct...
if(!$elename)
{
# User has not input the element name, or aleph code.
print("<P STYLE=\"font-size: medium; text-align: center; "
. "font-weight: bold; color: red\">The Element Name "
. "Field Is Mandatory.</P>\n");
enterEDSelementDescr($elename, $alephcode, $size,
$rows, $cols, $maxlength, stripslashes($val),
stripslashes($fidesc), $cookie, $type, $modifytext);
} // END if
else
{
if(!test_key_legal($elename))
{
# Damn...invalid characters in either the alephcode or
# the element name...
print("<P STYLE=\"font-size: medium; text-align: center"
. "; font-weight: bold; color: red\">The Element Name "
. "May Only Contain Alphabetical"
. " Characters, Integer Digits or Underscores.</P>\n");
enterEDSelementDescr("", $alephcode, $size,
$rows, $cols, $maxlength, stripslashes($val),
stripslashes($fidesc), $cookie, $type,$modifytext);
} // END if
else
{
# General Mandatory fields all filled correctly. Now
# make specialised tests...
if($type == "T")
{
# Element is TextArea - can have rows and cols.
if($rows)
{
if(!charIsInt($rows))
{
# Damn...user has given a non-int value for
# $rows
print("<P STYLE=\"font-size: medium; text-ali"
. "gn: center; font-weight: bold; color: "
. "red\">The <EM>No. Rows</EM> Field Must Have"
. " an Integer Value.</P>");
# Make an error flag to mark this fact...
$rowsInvalid = true;
enterEDSelementDescr($elename,
$alephcode,
$size, "", $cols, $maxlength,
stripslashes($val), stripslashes($fidesc),
$cookie, $type,$modifytext);
} // END if
} // END if
if($cols && !$rowsInvalid)
{
if(!charIsInt($cols))
{
# Damn...user has given a non-int value for
# $rows
print("<P STYLE=\"font-size: medium; text-ali"
. "gn: center; font-weight: bold; color: "
. "red\">The <EM>No. Cols</EM> Field Must Have"
. " an Integer Value.</P>");
# Set an error flag to mark this failure
$colsInvalid = true;
enterEDSelementDescr($elename,
$alephcode, $size, $rows, "", $maxlength,
stripslashes($val),
stripslashes($fidesc), $cookie, $type,$modifytext);
} // END if
} // END if
if(!$rowsInvalid && !$colsInvalid)
{
# Well now. If we have reached this far, then the
# data for the TEXTAREA must all be present and
# valid, so we can finally make this new element
# description, and commit it to the DB.
$insStr = "INSERT INTO sbmFIELDDESC (name, alephcode"
. ", marccode, type, size, rows, cols, maxlength, val, "
. "fidesc, cd, md, modifytext, fddfi2, cookie) VALUES"
. "('$elename', '$alephcode', '$marccode', '$type', NULL, ";
# Deal with rows
if(isset($rows) && $rows != "")
{
# A value was provided for rows...
$insStr .= "'$rows', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
# Deal with cols
if(isset($cols) && $cols != "")
{
# A value was provided for rows...
$insStr .= "'$cols', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
$insStr .= "NULL, NULL, NULL, NOW(), NOW(), ".(isset($modifytext)?"'$modifytext', ":"NULL, ") . " NULL, '$cookie')";
# Execute the insertion
$insRes = mysql_query($insStr);
if($insRes)
{
# In this case, the insertion of the new
# element description has been successful.
# Therefore we need to inform the user and
# redirect the browser.
emailRecord($elename);
insertBon($elename);
} // END if
else
{
# If the insert failed...
insertMal();
} // END else
} // END if
} // END if
elseif($type == "I")
{
# Element is HTML text input - needs size, maxlength,
# val
if($size)
{
if(!charIsInt($size))
{
# Damn...user has given a non-int value for
# $size
print("<P STYLE=\"font-size: medium; text-ali"
. "gn: center; font-weight: bold; color: "
. "red\">The <EM>Size</EM> Field Must Have an"
. " Integer Value.</P>");
# Make a flag to mark this failure
$sizeFailed = true;
enterEDSelementDescr($elename,
$alephcode, "", $rows, $cols, $maxlength,
stripslashes($val), stripslashes($fidesc),
$cookie, $type,$modifytext);
} // END if
} // END if
if($maxlength && !$sizeFailed)
{
if(!charIsInt($maxlength))
{
# User has given a non-int value for $maxlength
print("<P STYLE=\"font-size: medium; text-alig"
. "n: center; font-weight: bold; color: red\">"
. "The <EM>Max Length</EM> Field Must Have an "
. "Integer Value.</P>");
# Make a flag to mark this failure
$maxlengthFailed = true;
enterEDSelementDescr($elename,
$alephcode, $size, $rows, $cols, "",
stripslashes($val), stripslashes($fidesc),
$cookie, $type,$modifytext);
} // END if
} // END if
if(!$sizeFailed && !$maxlengthFailed)
{
# Well now. If we have reached this far, then the
# data for the input must all be present and
# valid, so we can finally make this new element
# description, and commit it to the DB.
$insStr = "INSERT INTO sbmFIELDDESC (name, alephcode, marccode"
. ", type, size, rows, cols, maxlength, val, "
. "fidesc, cd, md, modifytext, fddfi2, cookie) "
. "VALUES('$elename', '$alephcode', '$marccode', '$type', ";
# Deal with size
if(isset($size) && $size != "")
{
# A value was provided for rows...
$insStr .= "'$size', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
$insStr .= "NULL, NULL, ";
# Deal with maxlength
if(isset($maxlength) && $maxlength != "")
{
# A value was provided for rows...
$insStr .= "'$maxlength', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
# Deal with val
if(isset($val) && $val != "")
{
# A value was provided for rows...
$insStr .= "'$val', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
$insStr .= "NULL, NOW(), NOW(), ".(isset($modifytext)?"'$modifytext', ":"NULL, ")."NULL, "
. "'$cookie')";
# Execute the insertion
$insRes = mysql_query($insStr);
if($insRes)
{
# In this case, the insertion of the new
# element description has been successful.
# Therefore we need to inform the user and
# redirect the browser.
emailRecord($elename);
insertBon($elename);
} // END if
else
{
# Insert failed...
insertMal();
} // END else
} // END if
} // END elseif
elseif($type == "H")
{
# Element is hidden - can have val
$insStr = "INSERT INTO sbmFIELDDESC (name, alephcode, marccode, "
. "type, size, rows, cols, maxlength, val, fidesc, "
. "cd, md, modifytext, fddfi2, cookie) VALUES('"
. "$elename', '$alephcode', '$marccode', '$type', NULL, NULL, "
. "NULL, NULL, ";
# Deal with val
if(isset($val) && $val != "")
{
# A value was provided for rows...
$insStr .= "'$val', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
$insStr .= "NULL, NOW(), NOW(), ".(isset($modifytext)?"'$modifytext', ":"NULL, ")."NULL, "
. "'$cookie')";
# Execute the insertion
$insRes = mysql_query($insStr);
if($insRes)
{
# In this case, the insertion of the new element
# description has been successful. Therefore we
# need to inform the user and redirect the
# browser.
emailRecord($elename);
insertBon($elename);
} // END if
else
{
# Insert failed
insertMal();
} // END else
} // END elseif
elseif($type == "F")
{
# Element is file - needs size, maxlength
if($size)
{
if(!charIsInt($size))
{
# Damn...user has given a non-int value for
# $size
print("<P STYLE=\"font-size: medium; text-"
. "align: center; font-weight: bold; color:"
. " red\">The <EM>Size</EM> Field Must Have "
. "an Integer Value.</P>");
# Make a flag to mark this failure
$sizeFailed = true;
enterEDSelementDescr($elename,
$alephcode, "", $rows, $cols, $maxlength,
stripslashes($val), stripslashes($fidesc),
$cookie, $type,$modifytext);
} // END if
} // END if
if($maxlength && !$sizeFailed)
{
if(!charIsInt($maxlength))
{
# User has given a non-int value for $maxlength
print("<P STYLE=\"font-size: medium; text-alig"
. "n: center; font-weight: bold; color: red\">"
. "The <EM>Max Length</EM> Field Must Have an "
. "Integer Value.</P>");
# Make a flag to mark this failure
$maxlengthFailed = true;
enterEDSelementDescr($elename,
$alephcode, $size, $rows, $cols, "",
stripslashes($val), stripslashes($fidesc),
$cookie, $type,$modifytext);
} // END if
} // END if
if(!$sizeFailed && !$maxlengthFailed)
{
# Well now. If we have reached this far, then the
# data for the input must all be present and
# valid, so we can finally make this new element
# description, and commit it to the DB.
$insStr = "INSERT INTO sbmFIELDDESC (name, alephcode"
. ", marccode, type, size, rows, cols, maxlength, val, "
. "fidesc, cd, md, modifytext, fddfi2, cookie) "
. "VALUES('$elename', '$alephcode', '$marccode', '$type', ";
# Deal with size
if(isset($size) && $size != "")
{
# A value was provided for rows...
$insStr .= "'$size', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
$insStr .= "NULL, NULL, ";
# Deal with maxlength
if(isset($maxlength) && $maxlength != "")
{
# A value was provided for rows...
$insStr .= "'$maxlength', ";
} // END if
else
{
# No value was provided for rows...
$insStr .= "NULL, ";
} // END else
$insStr .= "NULL, NULL, NOW(), NOW(), ".(isset($modifytext)?"'$modifytext', ":"NULL, ")."NULL,"
. " '$cookie')";
# Execute the insertion
$insRes = mysql_query($insStr);
if($insRes)
{
# In this case, the insertion of the new
# element description has been successful.
# Therefore we need to inform the user and
# redirect the browser.
emailRecord($elename);
insertBon($elename);
} // END if
else
{
# Insert failed
insertMal();
} // END else
} // END if
} // END elseif
elseif($type == "D")
{
# Element is user defined - needs fidesc
$insStr = "INSERT INTO sbmFIELDDESC (name, alephcode, marccode, "
. "type, size, rows, cols, maxlength, val, fidesc, "
. "cd, md, modifytext, fddfi2, cookie) VALUES('"
. "$elename', '$alephcode', '$marccode', '$type', NULL, NULL, "
. "NULL, NULL, NULL, ";
$insStr .= "'$fidesc', NOW(), NOW(), ".(isset($modifytext)?"'$modifytext', ":"NULL, ")."NULL, "
. "'$cookie')";
# Execute the insertion
$insRes = mysql_query($insStr);
if($insRes)
{
# In this case, the insertion of the new element
# description has been successful. Therefore we
# need to inform the user and redirect the
# browser.
emailRecord($elename);
insertBon($elename);
} // END if
else
{
# Insert failed
insertMal();
} // END else
} // END elseif
elseif($type == "R")
{
# Element is of response type - needs fidesc
$insStr = "INSERT INTO sbmFIELDDESC (name, alephcode, marccode, "
. "type, size, rows, cols, maxlength, val, fidesc, "
. "cd, md, modifytext, fddfi2, cookie) VALUES('"
. "$elename', '$alephcode', '$marccode', '$type', NULL, NULL, "
. "NULL, NULL, NULL, ";
$insStr .= "'$fidesc', NOW(), NOW(), ".(isset($modifytext)?"'$modifytext', ":"NULL, ")."NULL, "
. "'$cookie')";
# Execute the insertion
$insRes = mysql_query($insStr);
if($insRes)
{
# In this case, the insertion of the new element
# description has been successful. Therefore we
# need to inform the user and redirect the
# browser.
emailRecord($elename);
insertBon($elename);
} // END if
else
{
# Insert failed
insertMal();
} // END else
} // END elseif
elseif($type == "S")
{
# Element is user defined - needs fidesc
$insStr = "INSERT INTO sbmFIELDDESC (name, alephcode, marccode, "
. "type, size, rows, cols, maxlength, val, fidesc, "
. "cd, md, modifytext, fddfi2, cookie) VALUES('"
. "$elename', '$alephcode', '$marccode', '$type', NULL, NULL, "
. "NULL, NULL, NULL, ";
$insStr .= "'$fidesc', NOW(), NOW(), ".(isset($modifytext)?"'$modifytext', ":"NULL, ")."NULL, "
. "'$cookie')";
# Execute the insertion
$insRes = mysql_query($insStr);
if($insRes)
{
# In this case, the insertion of the new element
# description has been successful. Therefore we
# need to inform the user and redirect the
# browser.
emailRecord($elename);
insertBon($elename);
} // END if
else
{
# Insert failed
insertMal();
} // END else
} // END elseif
else
{
# Oops! Element type invalid! We must deny
# commitment, and represent the form for the user to
# once again attempt to fill in.
print("<P STYLE=\"font-size: medium; text-align: "
. "center; font-weight: bold; color: red\">Invalid "
. "Element Type is Mandatory.</P>\n");
enterEDSelementDescr($elename, $alephcode,
$size, $rows, $cols, $maxlength,
stripslashes($val), stripslashes($fidesc),
$cookie,"",$modifytext);
} // END else
} // END else
} // END else
} // END else
} // END if
else
{
# In this case, this is not a self-referential call to this page,
# and it is therefore time to display a form in which the user
# can enter the details of the element description...
enterEDSelementDescr();
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/addFunctions.php.wml b/modules/websubmit/web/admin/addFunctions.php.wml
index 7a0f3bf99..b46f35171 100644
--- a/modules/websubmit/web/admin/addFunctions.php.wml
+++ b/modules/websubmit/web/admin/addFunctions.php.wml
@@ -1,570 +1,570 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Add a functions for <i><protect><?print "$action </i>on<i> $doctype";?></protect></I>" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT TYPE='text/javascript'>
<!-- hide
function checkScoreStep(score, step)
// This function checks that the user has entered numeric
// values for the score and step fields
{
// create a variable, foundNonNumeric, which will be a boolean
// variable, to determine whether or not the user has input a
// non-numeric value for score or step.
var foundNonNumericScore = false;
var foundNonNumericStep = false;
if(score != "" && step != "")
{
for(index = 0; index < score.length; index++)
{
if(!(score[index] >= 0 && score[index] <= 9))
{
foundNonNumericScore = true;
break;
} // End if
} // End for
if(!foundNonNumericScore)
{
for(index = 0; index < step.length; index++)
{
if(!(step[index] >= 0 && step[index] <= 9))
{
foundNonNumericStep = true;
break;
} // End if
} // End for
if(!foundNonNumericStep)
{
return true;
} // end if
else
{
alert('Only Numeric Values Are Legal For score and step'
+ ' fields!');
return false;
} // End else
} // End if
else
{
alert('Only Numeric Values Are Legal For score');
return false;
} // End else
} // End if
else
{
alert('It is necessary to enter values into both\n the score'
+ ' and step fields!');
return false;
} // End else
} // End function checkScoreStep(score, step)
// -->
</SCRIPT>
<?
/**********************Function Declarations**************************/
function createActFunsList($selQRes, $action, $doctype)
{
/*****************************************************************
This function has the task of displaying either a table of
functions belonging to a given action on a given doctype, or
displaying a message informing the user that the action for the
doctype has no functions if this is the case.
The function is used in this script to display the functions &
their details (step etc) in a table alongside the new function
input form, so that the user can see the current functions etc
for an action on a doctype as they decide uppon values for their
new function.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 10/10/2000
Lsat Modified: 05/02/2001
*****************************************************************/
# Display an explanation for the top of the column...
print("<H4 STYLE=\"background-color: transparent; text-align: "
. "center\">Functions of the $action action<BR>on the $doctype"
. " document type</H4>\n");
if(mysql_num_rows($selQRes) > 0)
{
# If this clause has been reached, there are functions
# belonging to the current action on the given doctype, and
# therefore we can create a table to display them in for
# reference when adding the new function.
# Get the fields names of the fields in the relevant functions
# table...
$tableFields = mysql_list_fields(DOCS_DATABASE, "sbmFUNCTIONS");
print("<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 "
. "ALIGN='center'>\n<TR BGCOLOR='#CCDDFF'>");
# Display the column titles in the table
makeTableHeaderRow($tableFields, 2);
print("</TR>");
# Now that the table headers have been displayed, it is
# possible to display the table body.
makeTbleBdy($selQRes,2);
# Now close the table, as it is finished.
print("</TABLE>\n");
# Destroy all query result sets etc that are no longer needed
mysql_free_result($tableFields);
} // END if
else
{
# If this clause has been reached, it means that there are no
# functions belonging to the current action on the current
# doctype, and so we should just display a message stating
# this, as opposed to a table of functions.
print("<H4 STYLE=\"text-align: center\">The $action action on"
. " the $doctype<BR>document type has no functions</H4>");
} // END else
} // END function createActFunsList($selQRes)
//*****************
function makeTbleBdy($result, $forIndxStrt = 0)
{
/*******************************************************************
This function is a very simple function that creates the body of
a table, with no bells or whistles, by taking a result set, and
displaying each row of the result set in a row of the table. It
closes each row after it has been displayed. The function is
passed the $result variable, which contains the result set, and
the $forIndxStrt variable, which simply contains an integer,
allowing the function to commence each row at a given cell index.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 10/10/2000
Last Modified: 10/10/2000
*******************************************************************/
# Get the number of fields in the result set
$numTblFlds = mysql_num_fields($result);
while($dataRow = mysql_fetch_array($result))
{
print("<TR BGCOLOR='#FFFFCC'>\n");
# Display each field in a given row...
for($indx = $forIndxStrt; $indx < $numTblFlds; $indx++)
{
print("<TD ALIGN='center'>"
. ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "</TD>\n");
} // END for
# Now close up the table row...
print("</TR>\n");
} // END while
} // END function
//**********************
function pageFocusHome()
{
/******************************************************************
This function is just a simple page to redirect the browser to
the prototype.php page (the administrators home page).
is the page that displays details of a document type and all of
its actions. The function makes a quick form with no inputs, but
an action of prototype.php.
It then pauses for 2 seconds, before submitting this form, and
hence calling the prototype.php script.
This function uses client-side JavaScript to automatically submit
the form after a time delay.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 04/09/2000
Last Modified: 06/02/2001
******************************************************************/
# Make the invisible html form...
print("<FORM ACTION='index.php' METHOD='post' NAME='referForm'>\n"
. "<INPUT TYPE='hidden'>\n"
. "</FORM>\n");
# Now, pause for 2 seconds, and then submit the form...
print("<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.referForm.submit();\", 2000);\n"
. "</SCRIPT>\n");
} // END function pageFocusHome()
//***************
function makeSelectList($queryResult, $listName, $defaultCode,
$defaultText, $valueIndex, $textIndex)
{
/****************************************************************
This function has the task of making a drop down list (type
SELECT in HTML). The list made is of course part of a form, but
this form is not made by this function. It is intended that this
function will be called after the form has been opened, and when
it is desired that a SELECT list be added to a form.
This function is passed 6 variables upon calling. They are as
follows:
1. $queryResult. This is the result of mysql_query - a select
query.
2. $listName. This is the name that the SELECT list will be
given.
3. $defaultCode. This is the default value of the first selected
item of the list.
4. $defaultText. This is the text of the first default selected
item.
5. $valueIndex. The values for each <OPTION> of the SELECT list
will be taken from the array dataRow, which will contain all
fields of a single row of queryResult. $valueIndex will be
the array index for the cell of dataRow that contains the
value desired for the VALUE attribute of the OPTION.
6. $textIndex. This is another index of the dataRow array. It
will contain the text that is to go between OPTION tags, and
hence what the user sees.
I hope this makes sense!
The function will basically build the SELECT list, and will fill
it with the desired values from each row of queryResult. The
SELECT list will then be closed, but note that the form WILL NOT
BE CLOSED.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 29/08/2000
Last Modified: 06/02/2001
****************************************************************/
print("<SELECT NAME='$listName'>\n"
. "<OPTION SELECTED VALUE='$defaultCode'>$defaultText"
. "</OPTION>\n");
# If the query executed successfully, utilise the data
# provided by it. This basically means that if the query was
# unable to trawl any data from the table for cloning it will simply
# ignore the next section of code, and the list will only have the
# default value in it, and hence PHP won't throw out any errors,
# etc...
if($queryResult)
{
while($dataRow = mysql_fetch_array($queryResult))
{
print("<OPTION VALUE='"
. htmlspecialchars($dataRow[$valueIndex])
. "'>");
print(ereg_replace("'", "'",
htmlspecialchars($dataRow[$textIndex])));
print("</OPTION>\n");
} // END while
} // END if
print("</SELECT>\n");
} // END function makeSelectList()
function displayPage($doctype)
{
global $addNow,$funToAdd,$score,$step,$action;
# Now conduct a test to determine the type of call to the page this
# actually is (it can either be the first call to the page, whereby
# the ability to input the new functions details is given to the
# user, or the second call to the page, whereby the actual addition
# processing is done.
if($addNow)
{
# If this condition has been reached, this call to the page is a
# call to actually commit the new function for the given action
# on the given doctype to the relevant functions table.
# It is now possible to commit the new function for the given
# action on the given doctype into the database...
$comStr = "INSERT INTO sbmFUNCTIONS (doctype, function, score, step, action) VALUES('$doctype', '$funToAdd', '$score', '$step','$action')";
$comRes = mysql_query($comStr);
if($comRes)
{
# Display an alert message on the screen of the user informing
# them of the sucessful addition of the new function to the
# given action on the given doctype.
print("<SCRIPT TYPE='text/javascript'>alert('The $funToAdd "
. "function was added to the $action action\\non the "
. "$doctype document type.\\n\\nYou should now examine the"
. " values for each\\nof the functions parameters, and "
. " ensure that\\nthere is an entry for them.\\n\\nYour"
. " browser has been diverted to the screen where you can"
. " investigate this.')</SCRIPT>\n");
# Now redirect the browser to the func.php page...
print("<FORM ACTION='func.php' METHOD='post' NAME='sub'>\n"
. "<INPUT TYPE='hidden' NAME='returnTo' "
. "VALUE='actionFunctions.php'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='action' VALUE='$action'>\n"
. "<INPUT TYPE='hidden' NAME='functionName' "
. "VALUE='$funToAdd'>\n"
. "</FORM>\n"
. "<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.sub.submit();\", 0);\n"
. "</SCRIPT>\n");
# Get the current date and time...
$dateDets = getdate();
# Make the message...
$msgTxt = "Please be informed that the $funToAdd function was"
. " added to the $action action of the $doctype document "
. "type on "
. $dateDets['weekday'] . " " . $dateDets['mday'] . " "
. $dateDets['month'] . " " . $dateDets['year']
. ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . "."
. "\n\nWebSubmit Administrator.";
# Send the message...
mail(ADMIN_EMAIL, "$funToAdd Function Added to $action"
. ".$doctype Action", $msgTxt, "From: WebSubmit_Administrator");
} // END if
else
{
# If this clause has been reached, it means that the insert of
# the new function to the relevant functions has failed. As a
# result, the user should be informed of this by a javascript
# alert, and the browser should redirect to the WebSubmit
# Asdministrator main page.
print("<SCRIPT TYPE='text/javascript'>alert('The $funToAdd "
. "function could not be commited to the functions table,"
. "\\nand hence could not be added to the $action action for"
. " the $doctype document type.\\n\\nPlease Inform System "
. "Administrator.');</SCRIPT>\n");
# We should also email the administrator to inform them of
# this fault, or it may go unnoticed...
# Get the current date and time...
$dateDets = getdate();
# Make the message...
$msgTxt = "I have encountered an error!\n\nI was unable to "
. " add the $funToAdd function to the $action action of the"
. " $doctype document type. This is because I could not "
. "commit the details to the functions table.\n\nThis "
. "fault ocurred on "
. $dateDets['weekday'] . " " . $dateDets['mday'] . " "
. $dateDets['month'] . " " . $dateDets['year']
. ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . "."
. "\n\nYou should investigate this problem as soon as "
. "possible.\n\nWebSubmit Administrator.";
# Send the message...
mail(ADMIN_EMAIL, "ERROR: $funToAdd Function Not Added To "
. "${action}.$doctype", $msgTxt, "From: WebSubmit_Administrator");
# Now redirect the browser to the Administrator main page...
pageFocusHome();
} // END else
} // END if
else
{
# If this clause has been reached, it means that this is the
# first call to the page, whereby the details for inputting a new
# function should be presented to the user.
$selStr = "SELECT * FROM sbmFUNCTIONS WHERE doctype='$doctype' and action='$action'"
. " ORDER BY step, score";
# Execute this query...
$selQRes = mysql_query($selStr) or die("<H4>Unable to obtain a "
. "list of function for the $doctype doctype from the "
. "functions table. Processing Terminated.</H4>\n</TD>\n"
. "</TR>\n</TABLE>\n</BODY>\n</HTML>\n");
# Open a table with two columns, in which to display the page
print("<TABLE BORDER=0 ALIGN='center' WIDTH='100%' CELLSPACING=0"
. " CELLPADDING=0>\n<TR>\n<TD WIDTH='29%'"
. " ALIGN='center' VALIGN='top'>\n");
createActFunsList($selQRes, $action, $doctype);
# free space associated with unused variables/result sets
mysql_free_result($selQRes);
unset($selStr);
# Close the current page dividing table cell, then reopen another
# for the input new function form...
print("</TD>\n<TD WIDTH='1%'>\n </TD>\n<TD WIDTH='60%' "
. "VALIGN='top' ALIGN='center'>\n");
# Now that we have displayed the current usage of functions for
# the given action on the given doctype, it is possible to
# produce the 'addition of another function' facility...
print("<SPAN STYLE='text-align: center; color: navy; font-size:"
. " medium; font-weight: bold'>Add a function to the $action "
. "action of the $doctype document type</SPAN>\n");
# The first task is to obtain a list of all functions in WebSubmit
$funcQuery = mysql_query("SELECT function FROM sbmALLFUNCDESCR ORDER
BY function");
if($funcQuery)
{
# If the query has worked, we can create a select drop-down
# list to contain the functions. The user can then choose one
# of them to add to their action.
# Make a table to contain an input form...
print("<FORM ACTION='addFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='addNow' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='action' VALUE='$action'>\n"
. "<TABLE WIDTH='100%' BORDER=0 ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0>\n<TR>\n<TD ALIGN='right'"
. ">\n<H4 STYLE=\"text-align: right\">Function to "
. "add:</H4></TD>\n<TD> </TD>\n<TD ALIGN='left'>\n");
# Create the list of functions...
makeSelectList($funcQuery, "funToAdd", "NO_FUNC",
"Select...", 0, 0);
print("</TD>\n</TR>\n<TR>\n<TD ALIGN='right'>\n<H4 STYLE=\""
. "text-align: right\">\nScore:</H4>\n</TD>\n"
. "<TD> </TD>\n<TD ALIGN="
. "'left'>\n<INPUT TYPE='text' SIZE=3 NAME='score'>\n"
. "</TD>\n</TR>\n<TR>\n<TD ALIGN='right'>\n<H4 STYLE=\""
. "text-align: right\">\nStep:</H4>\n</TD>\n<TD> "
. "</TD>\n<TD ALIGN='"
. "left'>\n<INPUT TYPE='text' SIZE=3 NAME='step'>\n"
. "</TD>\n</TR>\n<TD> </TD>\n</TR>\n<TR>\n<TD "
. "ALIGN='right'>\n<INPUT "
. "TYPE='button' VALUE='SAVE DETAILS' "
. "onClick=\"if(funToAdd.options[funToAdd.selectedIndex]"
. ".value != 'NO_FUNC') { if(checkScoreStep(score.value, "
. "step.value)) { if(confirm('You are about to add a "
. "function to the\\n$action action for the $doctype "
. "doctype.\\n\\nThis action will require you to manually"
. " provide values for \\nthe function parameters under "
. "this doctype.\\n\\nAre You Sure You Wish To Do "
. "This?')) { submit(); } } } else { alert('Select a "
. " function to add!'); }\">"
. "\n</TD>\n</FORM><FORM ACTION='actionFunctions.php?action=$action&doctype=$doctype' "
. "METHOD='post'>\n<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n<TD> </TD>\n<TD ALIGN='left'>"
. "\n<INPUT "
. "TYPE='button' VALUE='CANCEL' onClick=\"submit();\">\n"
. "</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END if
else
{
# If this clause has been reached, the script has been able to
# query the sbmALLFUNCDESCR table in order to obtain a list of
# all of the WebSubmit functions. In this case, it is simply
# appropriate to display a suitable error message, and send
# the browser focus to the WebSubmit Administrator home page, as it
# is obviously not possible to add a function in this case...
print("<H3>ERROR: Unable To Retrieve WebSubmit Functions List"
. "</H3>\n");
# Now redirect the browser...
pageFocusHome();
} // END else
# Now that the main page has been displayed, it possible to
# close up the page organisation table.
print("</TD>\n</TR>\n</TABLE>\n");
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage($doctype);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/allActionsEDS.php.wml b/modules/websubmit/web/admin/allActionsEDS.php.wml
index 5475e5937..4219f4969 100644
--- a/modules/websubmit/web/admin/allActionsEDS.php.wml
+++ b/modules/websubmit/web/admin/allActionsEDS.php.wml
@@ -1,121 +1,121 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Available Actions" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listactions"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function displayListActionsPage()
{
# Query the "sbmACTION" table, obtaining a list of all EDS actions...
$queryResult = mysql_query("SELECT lactname, sactname FROM sbmACTION "
. "ORDER BY lactname");
if($queryResult)
{
# In this case, the query executed successfully. We can now
# display the results returned by it.
if(mysql_num_rows($queryResult) > 0)
{
# In this case, EDS has actions in it that we can display..
# Display the table header..
print("<TABLE BORDER=0 ALIGN='center'>\n");
# Now display each action item in the table..
while($dataItems = mysql_fetch_row($queryResult))
{
print("<TR>\n<TD ALIGN='left'>\n<A HREF='viewActionEDS."
. "php?actname=" . ereg_replace("'", "'",
htmlspecialchars($dataItems[1]))
. "&caller=allActionsEDS.php'>"
. ereg_replace("'", "'",
htmlspecialchars($dataItems[1]))
. ": "
. ereg_replace("'", "'",
htmlspecialchars($dataItems[0]))
. "</A></TD>\n</TR>\n");
} // END while
# Now that the table has been made, it is possible to close
# it..
print("</TABLE>\n");
} // END if
else
{
# In this case, EDS has no actions in it (very unlikely)..
print("<P STYLE=\"text-align: center; font-size: medium; "
. "color: green\">There are currently no actions stored in "
. "the <EM>" . DOCS_DATABASE . "</EM>.</P>\n");
} // END else
# Now that the actions have been displayed (or not), we can
# display a button to allow the addition of a new action to
# EDS...
print("<FORM ACTION='addActionEDS.php' METHOD='post'><TABLE "
. "BORDER=0 CELLSPACING=0 CELLPADDING=0 ALIGN='center' WIDTH="
. "'100%'>\n<TR><TD ALIGN='center'>\n<INPUT TYPE='button' VALUE"
. "='ADD NEW ACTION' onClick=\"submit();\">\n</TD>\n</TR>\n"
. "</TABLE>\n</FORM>\n");
} // END if
else
{
# In this case, the query has failed, so we can display an error
# message to the user..
print("<P STYLE=\"font-size: large; color: navy; text-align: "
. "center\"><SPAN STYLE=\"color: red\">ERROR:</SPAN> Unable to"
. " query the <EM>sbmACTION</EM> table of the " . DOCS_DATABASE
. " database.<BR>"
. "Please contact system administrator.</P>\n");
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayListActionsPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/allChecksEDS.php.wml b/modules/websubmit/web/admin/allChecksEDS.php.wml
index 4abf7c042..51ffe60c9 100644
--- a/modules/websubmit/web/admin/allChecksEDS.php.wml
+++ b/modules/websubmit/web/admin/allChecksEDS.php.wml
@@ -1,115 +1,116 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Available javascript checking functions" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listchecks"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function displayPage()
{
# Query the sbmCHECKS table to obtain a list of all EDS checks.
$qRes = mysql_query("SELECT * FROM sbmCHECKS ORDER BY chname");
if($qRes)
{
# In this case, the query worked, and we can now obtain a list of
# all of the checks.
if(mysql_num_rows($qRes) < 1)
{
# In this case, there are no checks in the DB, so we can just
# display a message stating this fact...
print("<TABLE WIDTH='100%' BORDER=0 CELLPADDING=0 ALIGN='"
. "center' CELLSPACING=0>\n<TR>\n<TD ALIGN='center'><SPAN "
. "STYLE=\"color: green; text-align: center; font-size: "
. "large\">There are currently no checks in the database</SPA"
. "N></TD>\n</TR>\n</TABLE>\n");
} // END if
else
{
# In this case, there are checks to display, so we can get on
# with it!
# Display the table header..
print("<TABLE BORDER=0 ALIGN='center'>\n");
# Now display each action item in the table..
while($dataItems = mysql_fetch_array($qRes))
{
print("<TR>\n<TD ALIGN='left'>\n<A HREF='viewChecksEDS."
. "php?chname=" . ereg_replace("'", "'",
htmlspecialchars($dataItems["chname"])) . "'>"
. ereg_replace("'", "'",
htmlspecialchars($dataItems["chname"]))
. "</A></TD>\n</TR>\n");
} // END while
# Now that the table has been made, it is possible to close it
print("</TABLE>\n");
} // END else
# Now that the actions have been displayed (or not), we can
# display a button to allow the addition of a new action to EDS
print("<FORM ACTION='addCheckEDS.php' METHOD='post'><TABLE "
. "BORDER=0 CELLSPACING=0 CELLPADDING=0 ALIGN='center' WIDTH="
. "'100%'>\n<TR><TD ALIGN='center'>\n<INPUT TYPE='button' VALUE"
. "='ADD NEW CHECK' onClick=\"submit();\">\n</TD>\n</TR>\n</TAB"
. "LE>\n</FORM>\n");
} // END if
else
{
# In this case, the query failed, so we can display an error
# message
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> It was not possible to obtain a list of checks from "
. "the sbmCHECKS table of the " . DOCS_DATABASE . " database.<BR>"
. "Please contact the system administrator.</P>\n");
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
+
diff --git a/modules/websubmit/web/admin/allElementsEDS.php.wml b/modules/websubmit/web/admin/allElementsEDS.php.wml
index 729d05d52..5c3ecdffc 100644
--- a/modules/websubmit/web/admin/allElementsEDS.php.wml
+++ b/modules/websubmit/web/admin/allElementsEDS.php.wml
@@ -1,167 +1,167 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Available Element Descriptions" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listelements"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function displayPage()
{
# Conduct a select query in order to retrieve the details of all of
# the EDS element descriptions.
$queryResult = mysql_query("SELECT name FROM sbmFIELDDESC ORDER BY "
. "name");
if($queryResult)
{
# Query worked
if(mysql_num_rows($queryResult) < 1)
{
# No elements in EDS
print("<P CLASS=\"errorMsg\">There Are Currently No Element "
. "Descriptions In " . DOCS_DATABASE . "</P>\n");
} // END if
else
{
# In this case, there are elements to display...
# Display the table header..
print("<TABLE BORDER=1 CELLSPACING=3 ALIGN='center'>\n"
. "<TR>\n");
# We only want to display 25 items in a table column (as there
# are many elements desciptions in EDS), so we need to have a
# counter...
$itemCount = 0;
$numEls = mysql_num_rows($queryResult);
# Put all of the elements in an array...
$allOfThem = resToArray($queryResult);
for($i = 0; $i < $numEls; $i++)
{
# Hey, display the element names...
if($itemCount == 0)
{
# First item of a table
print("<TD ALIGN='center' VALIGN='top'>\n"
. "<TABLE ALIGN='center' BORDER=0"
. " CELLSPACING=0 CELLPADDING=0>\n<TR>\n<TD ALIGN='"
. "left'>\n<A HREF='elementConfigDetsEDS.php?name="
. ereg_replace("'", "'",
htmlspecialchars($allOfThem[$i][0]))
. "&caller=allElementsEDS.php'>"
. ereg_replace("'", "'",
htmlspecialchars($allOfThem[$i][0]))
. "</A> </TD>\n</TR>\n");
$itemCount++;
} // END if
elseif($itemCount == 24)
{
# Last item for the current table column...
print("<TR>\n<TD ALIGN='left'>\n<A HREF='elementConfig"
. "DetsEDS.php?name=" . ereg_replace("'", "'",
htmlspecialchars($allOfThem[$i][0]))
. "&caller=allElementsEDS.php'>"
. ereg_replace("'", "'",
htmlspecialchars($allOfThem[$i][0]))
. "</A> </TD>\n</TR>\n</TABLE>\n</TD>\n");
$itemCount = 0;
} // END elseif
else
{
# Just a normal column element
print("<TR>\n<TD ALIGN='left'><A HREF='elementConfigD"
. "etsEDS.php?name=" . ereg_replace("'", "'",
htmlspecialchars($allOfThem[$i][0]))
. "&caller=allElementsEDS.php'>"
. ereg_replace("'", "'",
htmlspecialchars($allOfThem[$i][0]))
. "</A> </TD>\n</TR>\n");
$itemCount++;
} // END else
} // END for
if($itemCount != 0)
{
# Our inner table has not yet been closed up, so we can do
# this
print("</TABLE>\n</TD>\n");
} // END if
# Now that the table has been made, it is possible to close it
print("</TR>\n</TABLE>\n");
} // END else
# Now that the Element description names have been displayed, we
# can display a button that will allow the addition of a new
# element to EDS.
print("<FORM ACTION='addElementDescrEDS.php' METHOD='post'><TA"
. "BLE BORDER=0 CELLSPACING=0 CELLPADDING=0 ALIGN='left' "
. "WIDTH='100%'>\n<TR><TD ALIGN='left'>\n<INPUT TYPE='button'"
. " VALUE='CREATE NEW ELEMENT DESCRIPTION' onClick=\"submit();\">\n"
. "</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END if
else
{
# In this case, the query has failed, so we can display an error
# message to the user..
print("<P STYLE=\"font-size: large; color: navy; text-align: "
. "center\"><SPAN STYLE=\"color: red\">ERROR:</SPAN> Unable to "
. "query the <EM>sbmFIELDDESC</EM> table of the " . DOCS_DATABASE
. " database.<BR>Please contact system administrator.</P>\n");
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/commonPhpFunctions.php.wml b/modules/websubmit/web/admin/commonPhpFunctions.php.wml
index 179e5618b..b11eba2ab 100644
--- a/modules/websubmit/web/admin/commonPhpFunctions.php.wml
+++ b/modules/websubmit/web/admin/commonPhpFunctions.php.wml
@@ -1,891 +1,893 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
</protect>
## load config variables:
define("DOCS_DATABASE", "<DBNAME>");
define("MYSQLDOCMACHINE","<DBHOST>");
define("MYSQLDOCUSERID","<DBUSER>");
define("MYSQLDOCPASSWORD","<DBPASS>");
define("ADMIN_EMAIL","<ADMINEMAIL>");
$IMAGES="<WEBURL>/img";
## okay, config variables loaded, the script can continue:
/*********************************************************************
This script is not executable in a browser. It contains the
definitions of all PHP functions that are common to all of the
scripts in the WebSubmit Administrator system. This script has been
adapted from its WebSubmit counterpart, and contains some of the
functions of that script.
*********************************************************************/
/********************Common Global Constants*************************/
# Make a global constant to store the color for the background of cells
# in the page header for linking to other pages/administrative tools...
define("MENU_NAME_COLOUR", "cornflowerblue");
# Make another golbal constant to store the colour for the background
# of cells for the options in the menus...
define("MENU_OPTION_COLOUR", "#9AE2C0");
/********************Includes*************************/
include("<WEBDIR>/sessinit.inc.php");
require_once("<LIBDIR>/php/cdsware/errors/errorHandling.php");
/*********************Authentication*******************************/
function canUseWebSubmitAdmin($uid,$doctype='%')
{
$uid_email = getEmail($uid);
- if(acc_authorize_action($uid, "cfgwebsubmit") != 1)
- return false;
+ $auth = acc_authorize_action($uid, "cfgwebsubmit");
+
+ if($auth[0] == 0)
+ return array(true, $auth[1]);
else
- return true;
+ return array(false, $auth[1]);
}
function makeEDSmdDate()
{
/****************************************************************
This function creates a date in the numeric format YYYY-MM-DD.
This date is made into a text string, and returned by this
function.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 14/12/2000
Last Modified: 14/12/2000
***************************************************************/
# Get the date, so that it can be committed for the
# modification date field (md) and the creation date field
# (cd)...
$dateDets = getdate();
# Now put the date into a variable in a nice MySQL friendly
# format
$theDate = $dateDets['year'] . "-" . $dateDets['mon'] . "-"
. $dateDets['mday'];
# Now return our newly created date...
return $theDate;
} // END function makeEDSmdDate()
function makeDate()
{
/***************************************************************
This function has the simple task of getting the date from the
system, and printing it to a variable in the form "Thursday 16
Nov 2000, at 11:54". The contents of this string are then
returned to the calling function, to be concatenated to another
string.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 16/11/2000
Last Modified: 16/11/2000
***************************************************************/
# Get the current date and time...
$dateDets = getdate();
# Make a string containing the date...
$dateString = $dateDets['weekday'] . " "
. $dateDets['mday'] . " " . $dateDets['month'] . " "
. $dateDets['year'] . ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'];
# Now return this strings contents...
return $dateString;
} // END function makeDate()
function getCallingPage($theRefererPage)
{
/******************************************************************
We don't want to allow the user to call a page by simply
typing something in the uri bar of his/her browser. We only want
a given page to be called from certain other scripts belonging to
the WebSubmit2 administrator. This is a security feature, as we don't
want the user to be able to corrupt the database either
accidentally, or maliciously by typing URIs of scripts with CGI
variables being passed to them. We can ensure this doesn't
happen by testing the special HTTP variable HTTP_REFERER to
ensure that it contains the name of a legal WebSubmit2 administrator
script.
This function gets the name of the calling page from the
variable theRefererPage, which is actually a copy of the
HTTP_REFERER variable that has been passed from the calling
script. The name of the calling page is then returned to the
calling script for evaluation.
Author: Nicholas Robinson.
Email: Nicholas.Robinson@cern.ch
Created: 09/08/2000
Last Modified: 02/02/2001
*******************************************************************/
# Test to see if the string is empty... if it is, it means that the
# page has not been called by another page...i.e. somebody has typed
# a URL into the location bar. This means we can return a string
# containing a character that would never feature in a URL, so that
# it is known that the page calling was invalid...
# This has actually come about due to the fact that the page can be
# a legitimate call when there is no page name when the page is
# called index.
if($theRefererPage == "")
{
# Return a garbage string so that no confusion is made about the
# referer variable being empty...
return "";
} // END if
else
{
$callingPage = $theRefererPage;
if(strstr($callingPage, '?'))
{
# If it did have variables encoded in the URL...
# Find the position of the question mark that separates the
# page URL from the variables...
$posQuestMark = strpos($callingPage, "?");
# Remove the portion of the string from the ? onwards, as we
# are only required to test the name of the calling page, not
# any arguments passed to it. Set the value of $callingPage...
$callingPage = substr($callingPage, 0, $posQuestMark);
} // End if
$posLastSlash = strrpos($callingPage, "/");
# Increment $posLastSlash, as it is the data after the slash that
# is of interest to us here, as that is the page name...
$posLastSlash++;
# Now, use PHPs substr function to find the remainder of the
# theRefererPage string, which should actually be the name of the
# calling page...
$callingPage = substr($callingPage, $posLastSlash);
# Return the name of the calling page for further processing in
# the system...
return $callingPage;
} // END else
} // End function getCallingPage(theRefererPage)
// ******************************
function displayInvalidEntry()
{
/******************************************************************
This function merely displays a simple warning message on the
screen, informing the user that permission has been denied to
load the page, and provides a link to the home page. This
function will be called when the user has attempted to load one
of the administrator pages in an inappropriate way, such as
typing the URI into the location bar, and pressing enter, instead
of following the WebSubmit2 Administrator pages through the hierarchy
to get to a specific page.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 09/08/2000
Last Modified: 24/10/2000
*****************************************************************/
# Display the error message...
print('<H3 STYLE="color: red">Permission Denied: Please ');
print('Start At The <A HREF="index.php">Main ');
print('Page</A>.</H3>');
} // End function displayInvalidEntry()
// ******************************
function serverConnect($host, $username, $password)
{
/******************************************************************
This function is a very simple function that allows a user to
connect to a mySQL server of their choice. The function uses the
mysql_connect function provided by php to attempt to connect to
the server. If connection fails, an appropriate error message is
displayed, otherwise the connection link is returned.
Function modified on 28/09/2000 to add </td>, </tr>, and </table>
tags, as the message wasn't being printed due to the fact that
when the die() function was executed, it stopped processing,
hence the table that contains the pages data was never being
closed, resulting in it being impossible to display anything in
this table.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 21/08/2000
Last Modified: 28/09/2000
*****************************************************************/
# Make a connection to the database server...
$link = mysql_connect($host, $username, $password) or
die('<BR><P><H3 ALIGN="center">Unable To '
. 'Connect To SQL Server. Try Reload Of Page.'
. '</H3></P></TD></TR></TABLE></BODY>'
. '</HTML>');
# Return the link to the connection...
return $link;
} // END function serverConnect($host, $username, $password)
// ******************************
function dbSelect($dbName)
{
/******************************************************************
This function is a very simple function that allows a user to
select a mySQL database of their choice. The function uses the
mysql_select_db function provided by php to attempt to select the
DB. If selection fails, an appropriate error message is
displayed, and processing terminates. Otherwise the function
ends normally, returning control to the calling function.
Function modified on 28/09/2000 to add </td>, </tr>, and </table>
tags, as the message wasn't being printed due to the fact that
when the die() function was executed, it stopped processing,
hence the table that contains the pages data was never being
closed, resulting in it being impossible to display anything in
this table.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 21/08/2000
Last Modified: 28/09/2000
******************************************************************/
# Select the database...
mysql_select_db($dbName) or
die('<BR><P><H3 ALIGN="center">Unable To Select'
. ' $dbName Database. Try Reload Of Page.'
. '</H3></P></TD></TR></TABLE></BODY>'
. '</HTML>');
} // END function dbSelect($dbName)
// ******************************
function makeTableHeaderRow($columns, $indexValue)
{
/****************************************************************
This function serves the single purpose of producing a header row
for a table. The function is passed a variable $columns, which
is a list of all columns in the table whose header is to be
produced. The function is also passed a variable $indexValue,
which should hold an integer that the for loop index is to be
initialised to. This has the purpose of allowing the table to
start from any column. This function loops through each column in
the table, FROM the column specified by $indexValue, and prints
this columns title inside a table cell using HTMLs <TH> notation.
It should be noted that it does not open or close the table with
the <TABLE> or </TABLE> tags, as it is assumed that it will only
be called to add the header information to a table, as this is a
commonly done thing for all tables.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 23/08/2000
Last Modified: 23/08/2000
****************************************************************/
for($index = $indexValue; $index < mysql_num_fields($columns);
$index++)
{
print('<TH> ');
print(mysql_field_name($columns, $index));
print(' </TH>');
} // END for
} // END function makeTableHeaderRow($columns, $indexValue)
//**********************
function resToArray($queryResult)
{
/******************************************************************
This function has the purpose of making a 2D array from the
result of a select query. The query result pointer is passed to
the function, and each row of the result is read into an array
cell. When the query result set has been exhausted, it is
returned to the calling function.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 28/08/2000
Last Modified: 28/08/2000
******************************************************************/
# Make a counter for the rows...
$rowCount = 0;
# Put the contents of the query dynaset into
# a temporary array...
while($dataRow = mysql_fetch_row($queryResult))
{
$allRows[$rowCount] = $dataRow;
$rowCount++;
} // End while
return $allRows;
} // END function resToArray($queryResult)
//******************
function drawSeparator()
{
/***************************************************************
This is a very simple function to draw a horizontal separator
line across the page. This line is encapsulated in <P>aragraph
tags.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 02/10/2000
Last Modified: 02/10/2000
***************************************************************/
# Draw the horizontal separator line...
print('<P><HR WIDTH="100%" ALIGN="center"></P>');
} // END function drawSeparator()
//***************
function displayParams($paramResult, $function)
{
/**************************************************************
This function has the task of displaying the parameters of a
function in a table. The function is passed a query result,
which should point to a dynaset of parameters. If the result set
contains rows (i.e. there are parameters to display), the query
displays these parameters in the table. If however the result
set is empty (there are no parameters to display), the functions
outputs a suitable message to say this.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 02/10/2000
Last Modified: 31/01/2001
**************************************************************/
global $IMAGES;
if(mysql_num_rows($paramResult) > 0)
{
# Output the parameter details in a table...
print('<BR><TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 '
. 'ALIGN="center"><TR BGCOLOR="#CCDDFF">');
# Output the table headers...
print('<TH>Field</TH>');
print('<TH STYLE="color: red">Delete</TH></TR>');
# Now output the body of the table...
while($dataRow = mysql_fetch_array($paramResult))
{
print('<TR BGCOLOR="#FFFFCC">'
. '<TD> ' . $dataRow['param'] . ' </TD>');
# Now, we can display a button icon on which to click to
# delete a parameter from the current function...
print('<FORM ACTION="veditFunDets.php" METHOD="post" '
. 'onSubmit="if(confirm(\'Really Remove This Parameter '
. 'From This Function?\')) { return true; } else { '
. 'return false; }">'
. '<INPUT TYPE="hidden" NAME="deleteParam" VALUE="true">'
. '<INPUT TYPE="hidden" NAME="function" VALUE="'.$function.'">'
. '<INPUT TYPE="hidden" NAME="param" VALUE="'
. $dataRow['param'] . '">'
. '<TD ALIGN="center"><INPUT TYPE="image" SRC="'
. $IMAGES.'/answer_bad.gif" WIDTH=14 HEIGHT=14 BORDER=0 '
. 'ALT="Delete Parameter" onClick="submit();"></TD>'
. '</FORM></TR>');
} // END while
# Now that the table has been filled, we can close it up...
print('</TABLE>');
} // END if
else
{
# If this clause has been reached, then it means that the
# query on the sbmFUNDESC table has returned no rows, hence
# meaning that the function in question takes no
# parameters...
print('<H4 STYLE="text-align: center; color: red;'
. ' background-color: transparent">This function'
. ' takes'
. ' no parameters</H4>');
} // END else
} // END function displayParams($paramResult, $function)
//***********************
function offerAddParam($function, $formsAction)
{
/****************************************************************
This function has the task of offering the user the option to
add parameters to the function. It effectively displays a table
with cells containing various input boxes where the parameter can
be chosen, and then submitted by means of a submit button.
The function displays one select list for the table part of the
parameter, and one select list for the fields part of the
parameter, if the table that the parameter is to be found in has
been selected.
It had been my intention to implement this feature by means of a
nested dropdown list, made using JavaScript, (as at this stage,
browsers do not support HTML 4s optgroup tag), but for reasons
of compatibility, I have decided against this idea. Maybe at
some point in the future, that is what I shall do. For now
however, I think I shall just use html selection boxes.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 02/10/2000
Last Modified: 03/10/2000
****************************************************************/
dbSelect(DOCS_DATABASE);
# Open a table in which to contain this section...
print('<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 '
. 'ALIGN=center BGCOLOR=#E0E0E0 WIDTH=95%>'
. '<TR><TD ALIGN=left>');
# Output the title of the section, along with a short description
# of how to add a parameter...
print('<H4>Add A Parameter:</H4>'
. '<SMALL><EM>Please select the parameter you want to add to this function:<BR></EM></SMALL>');
# Run a SELECT query to obtain a list of all tables in the WebSubmit
# database. This will be used as the table that the parameter is
# to be found in when a user adds a parameter to the function.
print('<TABLE BORDER=1 ALIGN=center CELLSPACING=0 '
. 'CELLPADDING=0 BGCOLOR=ivory WIDTH=80%>'
. '<TR><TD ALIGN=center WIDTH=50%'
. ' BGCOLOR=ivory>');
print('<FORM ACTION='.$formsAction.' METHOD=get>'
. '<INPUT TYPE=hidden NAME=insertParam'
. ' VALUE=true>'
. '<INPUT TYPE=hidden NAME=function'
. ' VALUE='.$function.'>'
. '<SELECT NAME=theParam>'
. '<OPTION SELECTED VALUE=NO_VALUE>Select a'
. ' field...</OPTION>');
$res = mysql_query("select DISTINCT name from sbmPARAMETERS order by name");
while ($row = mysql_fetch_row($res))
{
print '<option value="'.$row[0].'">'.$row[0].'</OPTION>';
}
print('</SELECT>');
print ' <small>or enter a new one: <INPUT size=25 name=newParam></small>';
# We can now shut the cell down, and insert a button to
# allow the user to add the parameter to the function...
print('</TD></TR></TABLE>');
print('<BR><CENTER><INPUT TYPE=button VALUE=\'UPDATE'
. ' PARAMETER\' onClick="if(theParam.options[theParam.'
. 'selectedIndex].value == \'NO_VALUE\' && newParam.value == \'\')'
. ' { alert(\'A table field must be selected in order'
. ' to add a parameter!\'); } else { if(confirm(\'Warning:'
. '\\nAdding a parameter to a function will mean that'
. ' further manual updating of the WebSubmit database is '
. 'necessary.\\nAre you sure you wish to undertake'
. ' this action?\')) { submit(); } }"'
. '></CENTER></FORM>');
# Now that the section is finished, we can close the table up...
print('</TD></TR></TABLE>');
} // END function offerAddParam()
//*****************
function displayFuncDets($queryResult, $formsAction)
{
/**************************************************************
This function has the task of making an input form that contains
the details of the function (its name, and its description). The
form is contained within 2 tables. The first table contains the
actual input fields for the form, and the second table contains
the submit button for the form, which allows the user to submit
an update to the description field.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 02/10/2000
Last Modified: 02/10/2000
**************************************************************/
# Get a list of the fields in the sbmALLFUNCDESCR table
$fields = mysql_list_fields(DOCS_DATABASE, "sbmALLFUNCDESCR");
# Now get the length of the description field...
$descLen = mysql_field_len($fields, 1);
# Read the only row of the query dynaset into an array...
$dataRow = mysql_fetch_array($queryResult);
# Open an HTML form to allow the user to view the details of
# the function name, and description fields, and to edit the
# function description field if they so wish...
print('<FORM METHOD=post ACTION="'.$formsAction.'">'
. '<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>'
. '<INPUT TYPE='
. 'hidden NAME=function VALUE="' . $dataRow['function']
. '"><TR><TD ALIGN=right><STRONG>'
. '<H4>description:</H4></STRONG></TD>'
. '<TD> </TD><TD ALIGN=left>'
. '<INPUT TYPE=text NAME=description VALUE="'
. ereg_replace("'", "'",
htmlspecialchars($dataRow['description']))
. '" SIZE=60'
. '></TD></TR></TABLE>');
/***************************************************************
Add a submit button to the form to allow the user to update
the function description details if they so wish:
For this, we also need to add 2 new hidden input fields. One
of these is to contain a flag to indicate that the page has
been called before, and the other is to contain a flag to
indicate that the next instance of the page will be for
updating the function description (updateDescr).
***************************************************************/
print('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0'
. ' ALIGN=center><TR><TD>'
. '<INPUT TYPE=hidden NAME=updateFunDets VALUE=true>'
. '</TD><TD ALIGN=center><INPUT TYPE=button '
. 'VALUE="UPDATE'
. ' DETAILS" onClick="submit()"></TD><TD> </TD>'
. '</TR></TABLE></FORM>');
} // END function displayFuncDets($queryResult)
//****************
function makePageBody($function, $formsAction)
{
/*****************************************************************
This is the function that creates the page. It does so by
executing a number of queries, and then calling other functions
to display their results.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 02/10/2000
Last Modified: 22/03/2001
*****************************************************************/
# Execute a query to get all of the information about a given
# function from the sbmFUNDESC table...
# Apply table locks
if($lockRes = mysql_query("LOCK TABLES sbmALLFUNCDESCR READ, sbmFUNDESC READ"))
{
$queryResult = mysql_query("SELECT * FROM sbmALLFUNCDESCR WHERE "
. "function = '$function'");
# If the function has an entry in the mandatory function
# description table (sbmALLFUNCDESCR)...
if($queryResult)
{
# Display the details of the function in a form, offering the
# user the chance to update the description...
displayFuncDets($queryResult, $formsAction);
# Add a separator...
drawSeparator();
# Now display the parameters for the function (if any)...
print('<P><H4>Parameters:</H4></P>');
/*************************************************************
We must test to see if the function takes parameters. If it
does take parameters, these parameters will be found in the
sbmFUNDESC table, as this table contains details of parameters
for functions. This means that we can simply query the sbmFUNDESC
table for functions matching the functions whose details we
are displaying...
*************************************************************/
$paramResult = mysql_query("SELECT param FROM
sbmFUNDESC
WHERE function = '$function'");
# Unlock the tables...
$unlockRes = mysql_query("UNLOCK TABLES");
# Now take the appropriate action (whether to display
# parameters or not), depending upon whether this query
# returned rows...
if($paramResult)
{
# If the query for retrieving parameters has been
# successful, display these parameters...
displayParams($paramResult, $function);
} // END if
else
{
# If this clause has been reached, then the system has been
# unable to query the sbmFUNDESC table for some reason, and
# hence an error message should be displayed...
print('<SCRIPT TYPE="text/javascript">alert("Error:'
. 'Unable to query sbmFUNDESC table. Inform system '
. 'administrator.")</SCRIPT>');
} // END else
# Now, we can once again separate sections with a horizontal
# rule...
drawSeparator();
# Now offer the user the option to add parameters to the
# function
offerAddParam($function, $formsAction);
# Add a separator to close the section...
drawSeparator();
} // END if
else
{
# Unlock the tables...
$unlockRes = mysql_query("UNLOCK TABLES");
# Display error message...
print('<SCRIPT TYPE="text/javascript">alert("Error:'
. 'Unable to retrieve information concerning the function '
. 'from the sbmALLFUNCDESCR table");</SCRIPT>');
} // END else
} # END if
else
{
# Oh dear - unable to get table lock - simply display error
# message.
print('<DIV STYLE="color: navy; text-align: center; font-size:'
. ' large; font-weight: bold"><SPAN STYLE="color: red">Error:'
. '</SPAN> Unable to retrieve function information.</DIV>'
. mysql_error().'<BR>');
} # END else
} // END function makePageBody()
//*****************
function test_key_legal($theKey)
{
/*******************************************************************
It has been decided that it is safe if a unique "key" for a table
is made up only of alphabetical characters, integer digits, and
underscores. This stops any other characters from causing errors
due to "wild card" features. This function loops through a
string and ensures that it meets these requirements. It returns
true if the string is legal, and false if not.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 11/01/2001
Last Modified: 11/01/2001
*******************************************************************/
# Set an error flag to false...
$errorFlag = 0;
# Get the length of the string to be tested...
$len = strlen($theKey);
for($i = 0; $i < $len; $i++)
{
if(($theKey[$i] < "a" || $theKey[$i] > "z")
&& ($theKey[$i] < "A" || $theKey[$i] > "Z")
&& ($theKey[$i] < "0" || $theKey[$i] > "9")
&& ($theKey[$i] != "_"))
{
# If the current character in the string is not an
# alphabetical character, a number, or an underscore, then it
# is illegal!
# Set the error flag...
$errorFlag = 1;
break;
} // END if
} // END for
# Return true/false, depending upon string legality...
return ($errorFlag == 1) ? false : true;
} // END function test_key_legal($theKey)
//*****************
function printCookie($coookeee)
{
/****************************************************************
Because when we are offering the opportunity to change the
details of an element description, we want to offer the user the
chance to change the set cookie flag by using a radio button, we
need to write the same piece of code several times. To counter
this, a nice function has been made.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 30/11/2000
Last Modified: 10/01/2001
****************************************************************/
if($coookeee)
{
print('<INPUT TYPE=radio NAME=cookie '
. 'VALUE=0>No<BR><INPUT TYPE=radio NAME=cookie '
. 'VALUE=1 checked>Yes');
} // END if
else
{
print('<INPUT TYPE=radio NAME=cookie VALUE=0 '
. 'checked>No<BR><INPUT TYPE=radio NAME=cookie '
. 'VALUE=1>Yes');
} // END else
} // END function printCookie($cookeee)
//***************
//************
//**************
function updateEDSDOCTYPEmd($doctype, $md)
{
/******************************************************************
This function has been created, because it is often necessary to
update the modification date field of the sbmDOCTYPE table for a
given EDS doctype. This is because whenever we make alterations
to a submission or its elements etc, we are also making
alterations to the actual doctype that this submission belongs
to. This means that we must update the modification date field
of this doctype to reflect that it has been changed in some way.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 14/12/2000
Last Modified: 14/12/2000
******************************************************************/
$mdResult = mysql_query("UPDATE sbmDOCTYPE SET md = '$md' WHERE "
. "sdocname = '$doctype'");
if($mdResult)
{
# In this case, the update result for updating the
# modification date of a doctype worked, so we can free
# it's result pointer
mysql_free_result($mdResult);
} // END if
else
{
# Update the submission md query error...output a quick alert
print('<SCRIPT TYPE="text/javascript">alert("ERROR: Unable'
. ' to update the Modification Date field for the '
. 'current document type<BR>in the sbmDOCTYPE table.");'
. '</SCRIPT>');
} // END else
} // END function updateEDSDOCTYPEmd($doctype)
//************
function sendToPageDets($subname, $pageNumber, $nPgs, $doctype)
{
/*******************************************************************
This function simply redirects the browser focus to the
"pageDetsEDS.php" page.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 12/12/2000
Last Modified: 06/02/2001
*******************************************************************/
# We can now redirect the browser to the the page showing the
# details of this document type & its submissions
print('<FORM ACTION="pageDetsEDS.php" METHOD="post" '
. 'NAME="referForm">'
. '<INPUT TYPE=hidden NAME=doctype VALUE="'.$doctype.'">'
. '<INPUT TYPE=hidden NAME=subname VALUE="'.$subname.'">'
. '<INPUT TYPE=hidden NAME=pageNumber VALUE="'.$pageNumber
. '"><INPUT TYPE=hidden NAME=nPgs VALUE="'.$nPgs.'">'
. '</FORM>');
print('<SCRIPT TYPE="text/javascript">'
. 'setTimeout("document.referForm.submit();", 1000);'
. '</SCRIPT>');
} // END function sendToPageDets()
/*************End of header file commonPhpFunctions.php*************/
?>
diff --git a/modules/websubmit/web/admin/doctypeCategoriesEDS.php.wml b/modules/websubmit/web/admin/doctypeCategoriesEDS.php.wml
index 57de15691..5ce02f4ff 100644
--- a/modules/websubmit/web/admin/doctypeCategoriesEDS.php.wml
+++ b/modules/websubmit/web/admin/doctypeCategoriesEDS.php.wml
@@ -1,631 +1,631 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Edit categories of the <i><protect><?print $doctype;?></protect></i> document type" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*********************Function Descriptions***************************/
function showCatsEDS($doctype)
{
/*******************************************************************
This function has the task of effectively making the page that
displays all of the categories of the current doctype in a table.
It also makes a button allowing the user to add a new category if
they wish.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 15/01/2001
Last Modified: 15/01/2001
*******************************************************************/
global $IMAGES;
$dataRes = mysql_query("SELECT * FROM sbmCATEGORIES WHERE doctype = "
. "'$doctype' ORDER BY sname");
if($dataRes)
{
# In this case, the query executed successfully.
if(mysql_num_rows($dataRes) > 0)
{
# Rows returned! Build the table...
# Make the headers...
print("<TABLE WIDTH='50%' ALIGN='center' BORDER=1 "
. "CELLSPACING=0 CELLPADDING=0><TR BGCOLOR='#CCDDFF'>"
. "<TH>Category ID</TH><TH>Category"
. " Description</TH><TH> </TH><TH> </TH>"
. "</TR>");
# Now fill the table with its contents...
while($row = mysql_fetch_array($dataRes))
{
print("<TR BGCOLOR='#FFFFCC'><TD ALIGN='center'>"
. $row["sname"] . " </TD><TD ALIGN='center'>"
. $row["lname"] . " </TD>");
# Now add a form for editing this cat.
print("<FORM ACTION='doctypeCategoriesEDS.php' METHOD='"
. "post'><INPUT TYPE='hidden' NAME='editCatForm' VALUE="
. "'true'><INPUT TYPE='hidden' NAME='doctype' VALUE='"
. "$doctype'><INPUT TYPE='hidden' NAME='sname' VALUE='"
. $row["sname"] . "'><TD ALIGN='center'><INPUT TYPE='"
. "image' SRC='".$IMAGES."/edit1.gif' BORDER=0 onClick=\""
. "submit();\" ALIGN='center' WIDTH=18 HEIGHT=18></TD>"
. "</FORM>");
# Now add a form for deleting this cat...
print("<FORM ACTION='doctypeCategoriesEDS.php' METHOD='"
. "post'><INPUT TYPE='hidden' NAME='delCat' VALUE='"
. "true'><INPUT TYPE='hidden' NAME='doctype' VALUE='"
. "$doctype'><INPUT TYPE='hidden' NAME='sname' VALUE='"
. $row["sname"] . "'><TD ALIGN='center'><INPUT TYPE='"
. "image' SRC='".$IMAGES."/answer_bad.gif' BORDER=0 ALIGN='"
. "center' WIDTH=14 HEIGHT=14></TD></FORM>");
# Close up current row...
print("</TR>");
} // END while
# Close table of cats...
print("</TABLE>");
} // END if
else
{
# No rows returned. Simply output a message saying that the
# current doctype does not yet have any categories...
print("<P STYLE=\"color: green; font-size: large; text-align:"
. " center; font-weight: bold\"><EM>$doctype</EM> "
. "Document Type Has No Categories</P>");
} // END else
# Now make a button that the user can press in order to add a new
# category...
print("<FORM ACTION='doctypeCategoriesEDS.php' METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='addCatForm' VALUE='true'>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>"
. "<TABLE ALIGN='center' BORDER=0><TR><TD ALIGN='center'>"
. "<INPUT TYPE='button' VALUE='ADD A CATEGORY' onClick=\""
. "submit();\"></TD></TR></TABLE></FORM>");
# Free the query result...
mysql_free_result($dataRes);
} // END if
else
{
# In this case, the query failed, so we just output the warning
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERROR"
. ":</SPAN> Unable To Retrieve Details of Categories for "
. "<EM>$doctype</EM> Document Type.<BR>Inform System Adminis"
. "trator.</P>");
} // END else
# Make a finished button...
print("<FORM ACTION='documentEDS.php' METHOD='post'><INPUT "
. "TYPE='hidden' NAME='doctype' VALUE='$doctype'><TABLE "
. "ALIGN='center' BORDER=0><TR><TD ALIGN='center'>"
. "<INPUT TYPE='button' VALUE='FINISHED' onClick=\"submit();"
. "\"></TD></TR></TABLE></FORM>");
} // END function showCatsEDS($doctype)
//************
function addEditCatForm($doctype, $formType, $sname = "")
{
/*******************************************************************
This function has the task of creating an html form. This form
will contain the details of a given category for the given
doctype. It is called for both the adding of a new category, and
the editing of an existing category description. The difference
is that a value is passed to the function. This value is a
string containing a word that will be used to determine whether
or not to present the form in a manner in which all details can
be entered into it (for a cat addition), or in a manner in
which there are already cat dets in the form, and only the cat
descr can be edited. When the form is submitted, the relevant
update/insert is carried out.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 15/01/2001
Last Modified: 15/01/2001
*******************************************************************/
# Reset an error flag...
$editQError = 0;
if($formType != "ADD")
{
# Then this must be an edit call, so select the details of the
# cat to edit.
$res = mysql_query("SELECT * FROM sbmCATEGORIES WHERE doctype = '"
. "$doctype' AND sname = '$sname'");
if(!$res)
{
$editQError = 1;
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable To Retrieve Details Of <EM>$sname</EM"
. "> Category.</P>");
showCatsEDS($doctype);
} // END if
else
{
if(mysql_num_rows($res) < 1)
{
# Oh dear, unable to retrieve the dets of this cat
$editQError = 1;
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable To Retrieve Details Of <EM>$sname"
. "</EM> Category.</P>");
showCatsEDS($doctype);
} // END if
elseif(mysql_num_rows($res) > 1)
{
# Too many rows. Data inconsistency problem.
$editQError = 1;
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> More Than 1 Category Was Found With The "
. "ID <EM>$sname</EM For The <EM>$doctype</EM> Document "
. "Type.<BR>Inform System Administrator.</P>");
showCatsEDS($doctype);
} // END elseif
else
{
# Perfect! 1 row as expected
$dataRow = mysql_fetch_array($res);
} // END else
} // END else
} // END if
# Now, if the $editQError flag has not been set, continue building
# the form...
if(!$editQError)
{
# Get a list of the fields in the sbmCATEGORIES table
$columns = mysql_list_fields(DOCS_DATABASE, "sbmCATEGORIES");
# Make page title..
print("<P CLASS=\"errorMsg\">");
print("</P><TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='"
. "center' BGCOLOR='#D3DCE3' BORDER=1 CELLSPACING=0 CELLPADDING"
. "=0><TR><TD ALIGN='center'><P STYLE=\"color: blue; text"
. "-align: center; font-size: small; font-weight: bold\">Below, "
. "is a form that allows you to ");
if($formType == "ADD")
{
print("enter the details of a new category for the <EM>"
. "$doctype</EM> document type.<BR><BR>It is important that "
. "when you create a new category, you do not give it a name "
. "that is already in use for a category,<BR>as the category "
. "name must be unique due to the fact that it is used to ide"
. "ntify a given EDS document category.<BR><BR>When the "
. "category has been entered, click on the \"SAVE DETAILS\""
. " button to commit this new category to EDS.");
} // END if
else
{
print("edit a category description for the <EM>$doctype</EM> "
. "document type.<BR><BR>When the description has been "
. "edited, click on the \"SAVE DETAILS\" button to commit the"
. " changes.");
} // END else
print("</P></TD></TR></TABLE>");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now begin making the form...
print("<TABLE WIDTH='100%' ALIGN='center' BORDER=0 CELLSPACING=0"
. " CELLPADDING=0><FORM ACTION='doctypeCategoriesEDS.php' "
. "METHOD='post'><INPUT TYPE='hidden' NAME='");
# We must ensure that we tell our script next time whether to
# insert the details in the form, or simply update the
# description details.
if($formType == "ADD")
{
print("addCatCommit");
} // END if
else
{
print("editCatCommit");
} // END else
print("' VALUE='true'><TR><TH BGCOLOR='#D3DCE3' ALIGN='"
. "right'WIDTH='20%'>Document Type ID: </TH><TD ALIGN"
. "='left'BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT TYPE='readonl"
. "y' NAME='doctype' VALUE='$doctype'></TD></TR><TR>"
. "<TH BGCOLOR='");
if($formType == "ADD")
{
print("#87CEFA' ALIGN='right' WIDTH='20%'>Category ID: "
. "</TH><TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>"
. "<INPUT TYPE='text' NAME='sname' SIZE="
. mysql_field_len($columns, 1)
. "></TD></TR>");
} // END if
else
{
print("#D3DCE3' ALIGN='right' WIDTH='20%'>Category ID: "
. "</TH><TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>"
. "<INPUT TYPE='readonly' NAME='sname' VALUE='$sname'></TD>"
. "</TR>");
} // END else
print("<TR><TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>"
. "Category Description: </TH><TD ALIGN='left' WIDTH='"
. "80%' BGCOLOR='#FFFFCC'><INPUT TYPE='text' NAME='lname' ");
if($formType != "ADD")
{
# If we're not adding, then there must be a value to edit!
print("VALUE='" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["lname"]))
. "' ");
} // END if
print("SIZE=" . mysql_field_len($columns, 2)
. "></TD></TR></TABLE>");
# Now we can make another table containing the buttons (save,
# reset & cancel)
print("<TABLE ALIGN='center' CELLSPACING=2 CELLPADDING=2 "
. "BORDER=0><TR><TD ALIGN='right'><INPUT TYPE='button' "
. "VALUE='SAVE DETAILS' onClick=\"submit();\"></TD><TD "
. "ALIGN='center'><INPUT TYPE='button' VALUE='RESET' "
. "onClick=\"reset();\"></TD></FORM><FORM ACTION='"
. "doctypeCategoriesEDS.php' METHOD='post'><INPUT TYPE='"
. "hidden' NAME='doctype' VALUE='$doctype'><TD ALIGN='center"
. "'><INPUT TYPE='button' VALUE='CANCEL' onClick=\"submit();"
. "\"></TD></FORM></TR></TABLE>");
} // END if (!$editQError)
} // END function addEditCatForm()
function displayCategoriesList($doctype,$delCat,$addCatForm,$editCatForm,$editCatCommit,$addCatCommit)
{
global $sname,$lname;
if(isset($delCat))
{
# This is a call to delete a given category from the current
# doctype.
# Free the $delCat variable...
unset($delCat);
$delStr = "DELETE FROM sbmCATEGORIES WHERE doctype = '$doctype' AND"
. " sname = '$sname'";
# Execute the delete query...
$delRes = mysql_query($delStr);
if($delRes && mysql_affected_rows() > 0)
{
# In this case, the query has been successful, and rows have
# been deleted...
# Print a message letting the user know of the deletion.
print("<P STYLE=\"color: red; text-align: center; font-size: "
. "small; font-weight: bold\">Category Deleted</P>");
# Get the date, so that it can be committed for the
# modification date field (md) for the current doctype in
# sbmDOCTYPE
$modifiedDate = makeEDSmdDate();
$mdRes = mysql_query("UPDATE sbmDOCTYPE SET md = '$modifiedDate'"
. " WHERE sdocname = '$doctype'");
if($mdRes)
{
# Free this query result...
mysql_free_result($mdRes);
} // END if
else
{
print("<SCRIPT TYPE='text/javascript'>alert('Unable To "
. "Update Modification Date For $doctype Doctype.');"
. "</SCRIPT>");
} // END else
$msgTxt ="The $sname category has been deleted from the "
. "$doctype"
. " document type in the " . DOCS_DATABASE . " database."
. "WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "${doctype}.$sname Category Deleted",
$msgTxt, "From: WebSubmit_Administrator");
# Now simply redisplay the table containing the categories
showCatsEDS($doctype);
} // END if
else
{
# In this case the deletion has failed. This means that we
# must simply output a warning message on the screen, and
# redisplay cats
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable To Delete Category. Retry or Inform"
. " System Administrator.</P>");
} // END else
} // END if
elseif(isset($addCatForm))
{
# In this case, we wish to add a new category, so we can simply
# make a form, allowing the details of the new cat to be
# entered...
unset($addCatForm);
addEditCatForm($doctype, "ADD");
} // END elseif
elseif(isset($addCatCommit))
{
# In this case, we have displayed the form, it has been filled,
# and now we must commit the new cat to the database!
unset($addCatCommit);
if($sname != "" && test_key_legal($sname))
{
$testRes = mysql_query("SELECT * FROM sbmCATEGORIES WHERE "
. "doctype = '$doctype' AND sname = '$sname'");
if($testRes)
{
# Query worked, so we can now ensure that no rows were
# returned
if(mysql_num_rows($testRes) > 0)
{
# Oh dear. This category appears to exist already.
# Better inform them, and simply redisplay all cats.
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: "
. "red\">Warning.</SPAN> The Category Was Not Given A"
. " Unique Name.<BR>Could Not Commit.</P>");
showCatsEDS($doctype);
} // END if
else
{
# No other categories with this name. Commit it!
$addStr = "INSERT INTO sbmCATEGORIES (doctype, sname, "
. "lname) VALUES('$doctype', '$sname', '$lname')";
$addRes = mysql_query($addStr);
if($addRes && mysql_affected_rows() == 1)
{
# Cool, insert successful
print("<P STYLE=\"color: red; font-size: medium; "
. "font-weight: bold; text-align: center\">Categ"
. "ory Added</P>");
# Now update modify date for doctype
$modifiedDate = makeEDSmdDate();
$mdRes = mysql_query("UPDATE sbmDOCTYPE SET md = '"
. "$modifiedDate' WHERE sdocname = '$doctype'");
if($mdRes)
{
# Free this query result...
mysql_free_result($mdRes);
} // END if
else
{
print("<SCRIPT TYPE='text/javascript'>alert('Un"
. "able To Update Modification Date For $doctype "
. "Doctype.');</SCRIPT>");
} // END else
# Now email admin for records sakes...
$msgTxt = "The $sname Category has been added to the"
. " $doctype doctype in the " . DOCS_DATABASE
. " database.WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sname Category Added To "
. "$doctype",
$msgTxt, "From: WebSubmit_Administrator");
showCatsEDS($doctype);
} // END if
else
{
# Bummer, could not insert this cat!
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: "
. "red\">ERROR:</SPAN> Unable to insert category "
. "correctly.</P>");
showCatsEDS($doctype);
} // END else
} // END else
} // END if
else
{
# Unable to retrieve results of test query. Therefore cant
# commit new cat.
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to Verify Category Name. Cannot "
. "Insert.</P>");
showCatsEDS($doctype);
} // END else
} // END if
else
{
print("<P STYLE=\"color: red; text-align: center; font-weig"
. "ht: bold; font-size: medium\">Illegal Characters Used In"
. " Category Name. Please Retry.</P>");
showCatsEDS($doctype);
} // END else
} // END elseif
elseif(isset($editCatForm))
{
# In this case, we must display the details of the selected cat
# in a form for editing...
unset($editCatForm);
addEditCatForm($doctype, "EDIT", $sname);
} // END elseif
elseif(isset($editCatCommit))
{
# In this case, the user has alterred the details of the selected
# cat, and we must commit the update to the DB.
unset($editCatCommit);
$updRes = mysql_query("UPDATE sbmCATEGORIES SET lname = '$lname' "
. "WHERE doctype = '$doctype' AND sname = '$sname'");
if($updRes)
{
# Query worked...
if(mysql_affected_rows() > 0)
{
# Hey hey! An updated was actually carried out!
# Now update modify date for doctype
$modifiedDate = makeEDSmdDate();
$mdRes = mysql_query("UPDATE sbmDOCTYPE SET md = '"
. "$modifiedDate' WHERE sdocname = '$doctype'");
if($mdRes)
{
# Free this query result...
mysql_free_result($mdRes);
} // END if
else
{
print("<SCRIPT TYPE='text/javascript'>alert('Unabl"
. "e To Update Modification Date For $doctype "
. "Doctype.');</SCRIPT>");
} // END else
# Now email admin for records sakes...
$msgTxt = "The description of the $sname Category of the"
. " $doctype doctype has been updated in the "
. DOCS_DATABASE . " database.WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "${doctype}.$sname Category Updated",
$msgTxt, "From: WebSubmit_Administrator");
print("<P STYLE=\"color: red; font-weight: bold; font-size"
. ": medium; text-align: center\">Category Updated."
. "</P>");
showCatsEDS($doctype);
} // END if
else
{
# Well, no update was carried out.
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No Categories Were Updated.<BR>Please "
. "Retry.</P>");
showCatsEDS($doctype);
} // END else
} // END if
else
{
# Update Query Failed...
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable To Update Category.<BR>Please Retry"
. ".</P>");
showCatsEDS($doctype);
} // END else
} // END elseif
else
{
# In this case, this is 1st call to this page. Display the
# categories then!
showCatsEDS($doctype);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayCategoriesList($doctype,$delCat,$addCatForm,$editCatForm,$editCatCommit,$addCatCommit);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/documentEDS.php.wml b/modules/websubmit/web/admin/documentEDS.php.wml
index 9243467c4..55c431b1e 100644
--- a/modules/websubmit/web/admin/documentEDS.php.wml
+++ b/modules/websubmit/web/admin/documentEDS.php.wml
@@ -1,693 +1,693 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Details of the <i><protect><?print $doctype;?></protect></i> document type" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
</protect>
/*********************Function Descriptions***************************/
function displayDocsAndSubs($doctype)
{
/******************************************************************
This function is used to pruduce the entire page. It effectively
performs the queries that retrieve data about the doctype & its
submissions, and then produces the tables that contain this
information.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Last Modified: 25/01/2001
******************************************************************/
global $URLPATH,$IMAGES;
$queryResult = mysql_query("SELECT * FROM sbmDOCTYPE WHERE sdocname ="
. " '$doctype'");
if($queryResult)
{
# In this case, the query has executed successfully, and we have
# retrieved all of the details about the given doctype. We can
# now display them...
# First, we must conduct a test to ensure that there are not
# multiple rows returned, or no rows returned, etc...
if(mysql_num_rows($queryResult) > 1)
{
# If this clause is reached, too many rows have been returned
# by the query. There should only be 1 row returned. -> We
# must inform the user of this error, and email the
# administrator about it.
print('<H3>ERROR: Too many rows have been returned for the '
. $doctype . ' document type from the DOCTYPE table</H3>');
} // END if
elseif(mysql_num_rows($queryResult) < 1)
{
# In this case, no rows have been returned, which means we
# must have a data consistency error going on.
print('<H3>ERROR: No data has been returned from the DOCTYPE'
. ' table for the '.$doctype.' document type</H3>');
} // END elseif
else
{
# In this case, 1 row has been returned, which is perfect!
# Get a list of all fields in the DOCTYPE table...
$doctypeColumns = mysql_list_fields(DOCS_DATABASE, "sbmDOCTYPE");
# Open a table to hold the data...
print('<TABLE ALIGN=center BORDER=1 CELLSPACING=0 '
. 'CELLPADDING=0 WIDTH=85%>');
# Now make the table/form that will be used to contain all
# data about the document type...
$numTblFlds = mysql_num_fields($doctypeColumns);
$dataRow = mysql_fetch_array($queryResult);
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# First, display the field name (but give each field a
# meaningful name)...
print('<TR><TH BGCOLOR=#CCDDFF ALIGN=right '
. 'WIDTH=30%>');
# Get the name of the current field...
$fName = mysql_field_name($doctypeColumns, $indx);
if($fName == "ldocname")
{
print("Document Type Description");
} // END if
elseif($fName == "sdocname")
{
print("Document Type ID");
} // END elseif
elseif($fName == "cd")
{
print("Creation Date");
} // END elseif
elseif($fName == "md")
{
print("Modification Date");
} // END elseif
else
{
print("$fName");
} // END else
print(": </TH>");
# Now display the data in a table field...
print('<TD BGCOLOR=#FFFFCC ALIGN=left>');
# If it is the description field, display it as html - otherwise just
# display the field normally..
if(mysql_field_name($doctypeColumns, $indx) == "description")
{
print("$dataRow[$indx]");
} // END if
else
{
print(ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx])));
} // END else
print(" </TD></TR>");
} // END for
# Now close the doctype table...
print("</TABLE>");
# Now offer a button to edit the document types details..
print('<FORM ACTION="editDoctypeEDS.php" METHOD=post>'
. '<TABLE BORDER=0 ALIGN=center CELLSPACING=4 CELLPADDING=0 '
. '><TR>'
. '<INPUT TYPE=hidden NAME=doctype VALUE='.$doctype.'>'
. '<TD>'
. '<INPUT TYPE=button VALUE="EDIT DOCUMENT TYPE DETAILS"'
. ' onClick="submit();"></TD></FORM>');
# Now we can display a button on which the user can click
# in order to display the CATEGORIES relating to this
# doctype
print('<FORM ACTION="doctypeCategoriesEDS.php" METHOD="'
. 'post"'
. '><INPUT TYPE=hidden NAME=doctype VALUE='.$doctype
. '><TD ALIGN=center'
. '><INPUT TYPE=button VALUE="VIEW CATEGORIES" onClick'
. '="submit();"></TD></FORM>');
print('<FORM ACTION="referees.py" METHOD="'
. 'post"'
. '><INPUT TYPE=hidden NAME=doctype VALUE='.$doctype
. '><TD ALIGN=center'
. '><INPUT TYPE=button VALUE="SIMPLE APPROVAL REFEREES" onClick'
. '="submit();"></TD></TR></TABLE></FORM>');
# Make a horizontal rule to divide the page sections...
drawSeparator();
####################
# Now, we can display each of the actions (submissions) for
# the current doctype...
$actionsQuery = mysql_query("SELECT * FROM sbmIMPLEMENT WHERE "
. "docname = '$doctype' ORDER BY actname");
if($actionsQuery)
{
# In this case, the query executed without error.
# Display a title for this new page section...
print('<P STYLE="font-size: large; color: navy; '
. 'text-align: left">Implemented actions for the '
. '<EM>'.$doctype.'</EM> document type:</P>');
# Now that the section heading has been displayed, the
# table of actions can be displayed on-screen..
if(mysql_num_rows($actionsQuery) != 0)
{
# List columns in the IMPLEMENT TABLE
$implCols = mysql_list_fields(DOCS_DATABASE, "sbmIMPLEMENT");
# Get the number of fields in the IMPLEMENT table...
$imlNoFields = mysql_num_fields($implCols);
# Display the actions for the current doctype in a
# table..
print('<TABLE ALIGN=center WIDTH=90% BORDER=1 '
. 'CELLPADDING=0 CELLSPACING=0><TR '
. 'BGCOLOR=#CCDDFF>');
for($cnt = 1; $cnt < $imlNoFields; $cnt++)
{
# Don't display the subname column..
if(mysql_field_name($implCols, $cnt) != "subname")
{
# Get the current field name...
$curfName = mysql_field_name($implCols, $cnt);
print("<TH>");
# Rename the columns..
if($curfName == "displayed")
{
print("On Submission<BR>Page");
} // END if
elseif($curfName == "actname")
{
print("Action<BR>Name");
} // END elseif
elseif($curfName == "nbpg")
{
print("No.<BR>Pages");
} // END elseif
elseif($curfName == "cd")
{
print("Creation<BR>Date");
} // END elseif
elseif($curfName == "md")
{
print("Modification<BR>Date");
} // END elseif
elseif($curfName == "buttonorder")
{
print("Button<BR>Order");
} // END elseif
elseif($curfName == "statustext")
{
print("Status<BR>Text");
} // END elseif
else
{
print("$curfName");
} // END else
print("</TH>");
} // END if
} // END for
# Make 1 more column the subname column (it is 3rd in the
# IMPLEMENT table)
print("<TH>Edit<br>Submission<br>Pages</TH>");
# Make 1 more column for editing functions
print("<TH>Edit<br>Functions</TH>");
# Make 1 more column for editing the submission item
print("<TH>Edit<br>Submission</TH>");
# Now make 1 more column (in which the delete button
# will be placed)...
print("<TH>Delete<br>Submission</TH>");
# Now the header row can be closed..
print("</TR>");
# Display the table to hold the action data - links 'n'
# all
while($actDataRow = mysql_fetch_array($actionsQuery))
{
print('<TR BGCOLOR=#FFFFCC>');
for($count = 1; $count < $imlNoFields; $count++)
{
# Don't display the subname column..
if(mysql_field_name($implCols, $count) !=
"subname")
{
print('<TD ALIGN=center>');
if(mysql_field_name($implCols, $count) ==
"actname")
{
# Make a link to the page to view details of
# an action
print('<A HREF="viewActionEDS.php?actname='
. ereg_replace("'", "'",
htmlspecialchars($actDataRow[$count]))
. '&caller=documentEDS.php&doctype='
. $doctype.'">'
. ereg_replace("'", "'",
htmlspecialchars($actDataRow[$count]))
. '</A>');
} // END if
else
{
print(ereg_replace("'", "'",
htmlspecialchars($actDataRow[$count])));
} // END else
print(" </TD>");
} // END if
} // END for
# column to edit pages...
print('<TD ALIGN=center><A HREF=viewEditSub'
. 'missionEDS.php?subname='
. $actDataRow["subname"] . '&doctype='.$doctype.'>'
. '<IMG SRC="'.$IMAGES.'/edit1.gif" border=0>'
. '</A></TD>');
# column to edit functions...
print('<TD ALIGN=center><A HREF=action'
. 'Functions.php?action='
. $actDataRow["actname"] . '&doctype='.$doctype.'>'
. '<IMG SRC="'.$IMAGES.'/edit1.gif" border=0>'
. '</A></TD>');
# column to edit the submission...
print('<TD ALIGN=center><A HREF=edit'
. 'ActionDets.php?actname='
. $actDataRow["actname"] . '&doctype='.$doctype.'>'
. '<IMG SRC="'.$IMAGES.'/edit1.gif" border=0>'
. '</A></TD>');
# Now, insert the button for deleting a submission
print('<FORM ACTION=documentEDS.php METHOD=post '
. 'onSubmit="if(confirm(\'Really delete this '
. 'submission, its pages and all of their '
. 'elements?\')) { return true; } else { return '
. 'false; }"><INPUT TYPE=hidden NAME=subname'
. ' VALUE="' . $actDataRow["subname"]
. '"><INPUT TYPE=hidden NAME=doctype VALUE="'
. $doctype.'"><INPUT TYPE=hidden NAME=deleteSub'
. ' VALUE=true><TD ALIGN=center VALIGN="'
. 'middle"><INPUT TYPE=image SRC="'.$IMAGES.'/answer'
. '_bad.gif" WIDTH=14 HEIGHT=14 BORDER=0 ALT="Delet'
. 'e Submission" onClick="submit();"></TD>'
. '</FORM>');
# Close up the current row...
print("</TR>");
} // END while
# Close up the table of submissions...
print("</TABLE>");
} // END if
else
{
# In this case, the current doctype has no actions..
print('<H3 STYLE="color: green">The <EM>$doctype</EM>'
. ' document type currently has no submissions.'
. '</H3>');
} // END else
# Now that the submissions for the current doctype have
# been displayed (or not), we can add a botton to allow the
# addition of new submissions to that doctype..
print('<FORM ACTION="newSubmissionEDS.php" METHOD=post>'
. '<INPUT TYPE=hidden NAME=doctype VALUE='.$doctype.'>'
. '<TABLE ALIGN=center WIDTH=100% CELLSPACING=0 '
. 'CELLPADDING=0 BORDER=0><TR><TD ALIGN=center>'
. '<INPUT TYPE=button VALUE="ADD A NEW ACTION" '
. 'onClick="submit();"></TD></TR></TABLE>'
. '</FORM>');
# Now, we can display a "FINISHED" button..
print('<FORM ACTION="index.php" METHOD=post><TABLE'
. ' BORDER=0 ALIGN=center WIDTH=100% CELLSPACING=0'
. ' CELLPADDING=0><TR><TD ALIGN=center><INPUT '
. 'TYPE=button VALUE=FINISHED onClick="submit();"'
. '></TD></TR></TABLE></FORM>');
} // END if
else
{
# In this case, there was an error while trying to get the
# actions for the given doctype from IMPLEMENT
print('<H2 STYLE="text-align: center; color: navy">'
. '<SPAN STYLE="color: red">ERROR:</SPAN> Unable to '
. 'retrieve data for the <EM>'.$doctype.'</EM> document type'
. ' from the <EM>IMPLEMENT</EM> table.<BR>Please inform '
. 'the system administrator.</H2>');
} // END else
} // END else
} // END if($queryResult)
else
{
# In this case, it was not possible to query the DOCTYPE table.
# This means that there is no point in continuing with the
# displaying of other data, so an error message can be output,
# and we can terminate processing
print('<H2 STYLE="text-align: center; color: navy"><SPAN '
. 'STYLE="color: red">ERROR:</SPAN> Unable to retrieve data '
. 'from the <EM>DOCTYPE</EM> table.<BR>Please inform the system'
. ' administrator.</H2>');
} // END else
} // END function displayDocsAndSubs($doctype)
//************
function killSub($subname)
{
/*******************************************************************
This function simply removes the row for the submission whose
name is passed to it from the actual IMPLEMENT table.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 25/01/2001
Last Modified: 25/01/2001
*******************************************************************/
# Delete the entry for the doctype from the IMPLEMENT table...
$subDelRes = mysql_query("DELETE FROM sbmIMPLEMENT WHERE subname = '"
. "$subname'");
if($subDelRes)
{
# Query worked
# Get the number of rows deleted..
$noRowsDel = mysql_affected_rows();
if($noRowsDel == 1)
{
# Perfect.
# Free some wasted space.
mysql_free_result($subDelRes);
print('<SCRIPT TYPE="text/javascript">alert("'.$subname
. ' submission deleted.");</SCRIPT>');
# Mail the admin...
$msgTxt = "The $subname submission has been deleted "
. "WebSubmit Administrator(" . makeDate()
. ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Deleted", $msgTxt,
"From: WebSubmit_Administrator");
} // END if
elseif($noRowsDel < 1)
{
# Couldn't delete the submission. damn.
# Free wasted space...
mysql_free_result($subDelRes);
print('<SCRIPT TYPE="text/javascript">alert("Unable to '
. 'delete submission. Please retry.");</SCRIPT>');
} // END elseif
else
{
# We have deleted many rows. Etrange.
# Free some wasted space.
mysql_free_result($subDelRes);
print('<SCRIPT TYPE="text/javascript">alert("'.$subname
. ' submission deleted.HOWEVER, '.$noRowsDel
. ' submission records were deleted from database. It is '
. 'possible that there were many records for the same '
. 'submission, which would break consistency rules.'
. 'They have now however, been removed.");</SCRIPT>');
# Mail the admin...
$msgTxt = "The $subname submission has been deleted "
. ". However, $noRowsDel rows were "
. "deleted from IMPLEMENT for this submission. It is "
. "possible that for some reason, there were several "
. "rows for the same submission in this table."
. "WebSubmit Administrator(" . makeDate() . ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: Several Records Deleted "
. "For $subname Submission", $msgTxt,
"From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# Query failed
print('<SCRIPT TYPE="text/javascript">alert("Unable to delete'
. ' $subname.Please Retry.");</SCRIPT>');
} // END else
} // END function killSub($subname)
//************
function deleteAsubmission($subname, $doctype)
{
/*******************************************************************
This function has the purpose of deleting a submission and any
elements that it may have, from an EDS document type. If the
deletion is successful, the user & administrator will be informed
of this fact. If there are any serious problems with the
deletion, the user & admin will also be informed.
It is worth noting that this deletion process will not remove the
"SUBMISSION_NAME.php" file from the access/protection directory
that is used for the various security by the Apache webserver.
This is because my supervisor informed me that doing this would
be unnecessessary.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 25/01/2001
Last Modified: 25/01/2001
*******************************************************************/
# retrieve action name
$res = mysql_query("SELECT actname from sbmIMPLEMENT where subname='$subname'");
$row = mysql_fetch_array($res);
$action = $row['actname'];
# delete functions
$res = mysql_query("DELETE FROM sbmFUNCTIONS where doctype='$doctype' and action='$action'");
# First, execute a query to see how many elements there are for the
# current submission...
$noElesRes = mysql_query("SELECT * FROM sbmFIELD WHERE subname = '"
. "$subname'");
if($noElesRes)
{
# Good, query success...
$noEles = mysql_num_rows($noElesRes);
# Free up the $noElesRes result set to quicken the pace
mysql_free_result($noElesRes);
# Delete all elements for the current doctype submission...
$eleDelRes = mysql_query("DELETE FROM sbmFIELD WHERE subname = '"
. "$subname'");
if($eleDelRes)
{
# Cool, the query was successful
# Get the date for the created date & modification date
$theDate = makeEDSmdDate();
if(mysql_affected_rows() == $noEles)
{
# Perfect! Just the right number of elements deleted!
# Free some wasted space...
mysql_free_result($eleDelRes);
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $theDate);
# Now carry on with the deletion of the submission...
killSub($subname);
} // END if
elseif(mysql_affected_rows() > $noEles)
{
# Oh dear. We have deleted more elements than we meant to!
# Better tell the user, and mail the admin...
print('<SCRIPT TYPE="text/javascript">alert("ERROR: '
. 'When the page elements of the '.$subname.' submission '
. 'were deleted,' . mysql_affected_rows()
. ' elements were deleted, when there were only '.$noEles
. ' elements to delete.The deletion of the '
. 'submission was however, continued.");</SCRIPT>');
$msgTxt = "An error ocurred when the page elements of the"
. "$subname submission were deleted. A total of "
. mysql_affected_rows() . " page elements were "
. "deleted when there were only $noEles page elements to "
. "delete. Despite this fact, the deletion process was "
. "continued, as there is no way to counteract this fact,"
. " or determine which extra elements were deleted."
. "WebSubmit Administrator(" . makeDate() . ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: Too Many Elements Deleted "
. "During $subname Submission Deletion", $msgTxt,
"From: WebSubmit_Administrator");
# Free some wasted space...
mysql_free_result($eleDelRes);
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $theDate);
# Now carry on with the deletion of the submission...
killSub($subname);
} // END elseif
else
{
# Oh dear! We have deleted less elements than we meant to.
# We won't do any more of the deletion, and will simply let
# the user know this fact, and also that they should try
# again.
# Free some wasted space...
mysql_free_result($eleDelRes);
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $theDate);
print('<SCRIPT TYPE="text/javascript">alert("ERROR: '
. 'When deleting the elements for the '.$subname
. ' submission, not all elements were deleted. The '
. 'submission itself has therefore been left un-dele'
. 'ted, and should be deleted again.");</SCRIPT>');
} // END else
} // END if
else
{
# Damn. We could not actually perform the deletion.
print('<SCRIPT TYPE="text/javascript">alert("Unable To '
. 'Perform Deletion.Please Retry.");</SCRIPT>');
} // END else
} // END if
else
{
# We could not see how many elements there were for this
# submission, as our query failed. Therefore, don't go any
# further.
print('<SCRIPT TYPE="text/javascript">alert("Unable To Perfor'
. 'm Deletion - Could Not Retrieve Details Of Submissions '
. 'Page Elements.Please Retry.");</SCRIPT>');
} // END else
} // END function deleteAsubmission($subname, $doctype)
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
{
if(isset($deleteSub))
{
# Okay then, the page has been called to delete a submission
# Free some wasted space...
unset($deleteSub);
# Delete the submission in question...
deleteAsubmission($subname, $doctype);
# Redisplay the page...
displayDocsAndSubs($doctype);
} // END if
else
{
# Non self-referential call to this script, so display our page!
displayDocsAndSubs($doctype);
} // END else
}
/************************End of main script***************************/
?>
diff --git a/modules/websubmit/web/admin/editActionDets.php.wml b/modules/websubmit/web/admin/editActionDets.php.wml
index 2d1dc1e0a..a996de110 100644
--- a/modules/websubmit/web/admin/editActionDets.php.wml
+++ b/modules/websubmit/web/admin/editActionDets.php.wml
@@ -1,580 +1,580 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Edit <i><protect><?print $actname;?></protect></i> action implementation details" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT TYPE='text/javascript'>
<!-- hide
function validateMandOpt(theParameter)
// This is a very simple function, to ensure that the user enters
// either M or O in the level field. (The level can be either Mandatory
// or Optional.
// The function caters for upper and lower case values.
{
if(theParameter == "M" || theParameter == "O" || theParameter == "m"
|| theParameter == "o")
{ // If the parameter passed is M or O...
return true; // ...return true, as everything is fine.
} // end if
else // otherwise, if the parameter is not M or O...
{ // ...alert the user of this, and return false.
alert("You Must Enter M or O For The level Parameter.");
return false;
} // end else
} // End function validateMandOpt(theParameter)
function checkScoreStpage(score, stpage)
// This function checks that the user has entered either a numeric
// value for level, or a
{
// create a variable, foundNonNumeric, which will be a boolean
// variable, to determine whether or not the user has input a
// non-numeric value for score or stpage.
var foundNonNumericScore = false;
var foundNonNumericStpage = false;
if(score != "" || stpage != "")
{
for(index = 0; index < score.length; index++)
{
if(!(score.charAt(index) >= 0 && score.charAt(index) <= 9))
{
foundNonNumericScore = true;
break;
} // End if
} // End for
if (!foundNonNumericScore)
{
for (index = 0; index < stpage.length; index++)
{
if (!(stpage.charAt(index) >= 0 && stpage.charAt(index) <= 9))
{
foundNonNumericStpage = true;
break;
} // End if
}
if (!foundNonNumericStpage)
{
return true;
}
else
{
alert('Only Numeric Values Are Legal For stpage');
return false;
} // End else
} // End if
else
{
alert('Only Numeric Values Are Legal For score');
return false;
} // End else
} // End if
else
return true;
} // End function checkScoreStpage(score, stpage)
// -->
</SCRIPT>
<?
/***********Function Declarations**********************************/
# This function simply displays an ok button, which when pressed,
# returns to the page that displays the doctype and its actions
# (document.php)...
function displayOKButton($doctype)
{
print("<BR><FORM ACTION='documentEDS.php' METHOD='post'>");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0><TR><TD>"
. "<INPUT TYPE='hidden' NAME='doctype' value='$doctype'>"
. "<INPUT TYPE='button' VALUE='OK' onClick=\"submit()\">"
. "</TD></TR></TABLE></FORM>");
} // End function displayOKButton($doctype)
# This function produces an HTML form containing the values of the
# details of the relevant action on a given doctype. It is passed the
# values of $doctype, and $actname, and from these produces the table.
function allowEditOfActionDets($doctype, $actname)
{
global $URLPATH;
# Lock the sbmIMPLEMENT table as READ
if($lockRes = mysql_query("LOCK TABLES sbmIMPLEMENT READ"))
{
# Execute a query on the sbmIMPLEMENT table in the WebSubmit2 DB to
# find the values of the given action ($actname) for the relevant
# doctype ($doctype)
$queryResult = mysql_query("SELECT * FROM sbmIMPLEMENT WHERE
docname = '$doctype' AND actname = '$actname'");
# Unlock the sbmIMPLEMENT table - we are finished with it for now
$unlockRes = mysql_query("UNLOCK TABLES");
# If the query was successful...
if($queryResult)
{
if(mysql_num_rows($queryResult) < 1)
{
# If there were no rows returned by the query...
print("<BR><H3 STYLE='text-align: center; color: "
. "navy'>Error:"
. " No matching actions were found for this document "
. "type.</H3>\n<BR>\n");
} // End if
elseif(mysql_num_rows($queryResult) > 1)
{
# If too many rows ( > 1) were returned by the query, then
# there is obviously some DB consistency error...
print("<BR><H3 STYLE='color: red; text-align: center'>"
. "Error: Too many matching rows found.</H3><BR>");
} // End elseif
else
{
# If 1 row is found, then this is the expected and correct
# result
# Get information about the columns in sbmIMPLEMENT
$columns = mysql_list_fields(DOCS_DATABASE,
"sbmIMPLEMENT");
# Get the data from $queryResult and store it in an array
$dataRow = mysql_fetch_array($queryResult);
# Now, we can display the details of the action on the
# given
# doctype in a form for editing. This requires the fields
# to be put in a table...
print("<FORM ACTION='editActionDets.php' METHOD='post'>");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0>\n");
for($index = 1; $index < mysql_num_fields($columns);
$index++)
{
if(mysql_field_name($queryResult, $index) != "actname" &&
mysql_field_name($queryResult, $index) != "subname" &&
mysql_field_name($queryResult, $index) != "nbpg" &&
mysql_field_name($queryResult, $index) != "cd" &&
mysql_field_name($queryResult, $index) != "md")
{
# Print the field name in the first column...
print("<TR><TD ALIGN='right'><STRONG STYLE='color: "
. "navy'>" . mysql_field_name($columns, $index)
. "</STRONG></TD>\n");
# Add a blank separator column between the 2 main
# columns...
print("<TD> </TD>\n");
# Print the field data in the second column...
print("<TD ALIGN='left'>");
}
if(mysql_field_name($queryResult, $index) == "actname" ||
mysql_field_name($queryResult, $index) == "subname" ||
mysql_field_name($queryResult, $index) == "nbpg" ||
mysql_field_name($queryResult, $index) == "cd" ||
mysql_field_name($queryResult, $index) == "md")
{
# If it is the actname field, we don't want the user
# to update it, so make it read only...
print("<INPUT TYPE='hidden' NAME='");
print(mysql_field_name($queryResult, $index));
print("' VALUE='");
print(ereg_replace("'", "'",
htmlspecialchars($dataRow[$index])));
print("'>");
} # END if
elseif(mysql_field_name($columns, $index) == "displayed")
{
# The level fiel can either be N or Y. This means
# that we can simply make it a SELECT list.
print("<SELECT NAME='"
. mysql_field_name($columns, $index)
. "'><OPTION VALUE='Y'");
if($dataRow[$index] == "Y" ||
$dataRow[$index] == "y")
{
print(" SELECTED");
} # END if
print(">YES</OPTION>\n<OPTION VALUE='N'");
if($dataRow[$index] == "N" ||
$dataRow[$index] == "n")
{
print(" SELECTED");
} # END if
print(">NO</OPTION>\n</SELECT>\n");
} # END elseif
else
{
# If it is any other field, allow the user to update
# it...
print("<INPUT TYPE='text' NAME='");
print(mysql_field_name($columns, $index));
print("' VALUE='");
print(ereg_replace("'", "'",
htmlspecialchars($dataRow[$index])));
print("' SIZE=");
if(mysql_field_name($columns, $index) != "txt")
{
print(mysql_field_len($columns, $index) + 3);
} // END if
else
{
print(mysql_field_len($columns, $index) - 15);
} // END else
print(">");
}
if(mysql_field_name($queryResult, $index) != "actname" &&
mysql_field_name($queryResult, $index) != "subname" &&
mysql_field_name($queryResult, $index) != "nbpg" &&
mysql_field_name($queryResult, $index) != "cd" &&
mysql_field_name($queryResult, $index) != "md")
print("</TD></TR>\n");
} // End for
print("</TR>\n");
/**********************************************************
Before we close up the table, and the form, it is
necessary to add more inputs to the form. One input will
be a hidden input, and will be called calledBefore. It will
be used after the form has been submitted, to determine
whether the call to the page is a recursive call or not
(i.e. the details of the action for the given doctype have
been ammended by the user).
It is also necessary to add a hidden input field to the
form for the doctype field. This will contain the value of
doctype and is necessary because if we didn't include it,
doctype would not be sent.
**********************************************************/
print("<TR><TD><INPUT TYPE='hidden' NAME='calledBefore' "
. "VALUE='true'></TD>\n");
print("<TD><INPUT TYPE='hidden' NAME='doctype' ");
print("VALUE='$doctype'>");
print("</TD>\n</TR></TABLE>\n");
# Let's make a nice on-the-fly javascript function to
# handle our form checking.
print("<SCRIPT TYPE='text/javascript'>\n<!--\n"
. "function verifyChanges(curA, sugA");
for($theIndex = 4; mysql_field_name($columns, $theIndex) !=
""; $theIndex++)
{
print(", cur" . $theIndex . ", sug" . $theIndex);
} # END for
print(")\n{\n if((curA == sugA)");
for($theIndex = 4; mysql_field_name($columns, $theIndex) !=
""; $theIndex++)
{
print(" && (cur" . $theIndex . " == sug" . $theIndex
. ")");
} # END for
print(")\n {\n return false;\n }\n else"
. "\n {\n return true;\n }\n}\n\n// -->\n"
. "</SCRIPT>\n");
# Now, we can add a submit button to the form...
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0><TR>\n"
. "<TD><INPUT TYPE='button' VALUE='SAVE'");
print(" onClick=\"for(i=0; i < "
. "level.length; i++) { if(level[i].selected) { break; } }"
. " if((verifyChanges(escape('");
print(ereg_replace("'","\\'",
htmlspecialchars($dataRow[3])));
print("'), escape(score.value)");
for($theIndex = 4; mysql_field_name($columns, $theIndex) !=
""; $theIndex++)
{
print(", escape('");
print(ereg_replace("'", "\\'",
htmlspecialchars($dataRow[$theIndex])));
print("'), escape(");
print(mysql_field_name($columns, $theIndex));
print(".value)");
} // End for
print(")) || (level[i].value != '"
. ereg_replace("'", "'",
htmlspecialchars($dataRow["level"]))
. "')) { ");
print("if(checkScoreStpage(score.value, stpage.value)) { ");
print("if(confirm('Really Alter These Details?')) { ");
print("submit() } } } else { alert('No Changes Made To "
. "Data! Cannot Submit.'); }\">");
print("</TD>\n<TD> </TD>\n");
print("<TD><INPUT TYPE='reset' "
. "VALUE='RESET'></TD>\n</FORM>");
print("<TD> </TD>\n");
print("<FORM ACTION='documentEDS.php' METHOD='post'><TD>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>"
. "<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit()\"></TD></FORM>\n");
print("</TR></TABLE>\n");
} // End else
} // End if
else
{
# If the query caused an error to be returned...
print("<BR><H3 STYLE='color: red; text-align: center'>"
. "Database Query Error!</H3><BR>\n");
} // End else
} # END if
else
{
# Damn, we couldn't lock the table. We should therefore not
# allow the query to be processed as it is unsafe. We don't want
# to tell the user this fact though, so we should actually just
# lie and tell them that we couldn't get the information from the
# DB.
print("<DIV STYLE='color: navy; font-weight: bold; font-size: "
. "large; text-align: center'><SPAN STYLE='color: red'>Error:"
. "</SPAN> Unable to lock sbmIMPLEMENT table.<br>"
. mysql_error() . "</DIV>\n<BR>\n"
. "<A STYLE='font-size: medium; text-align: center' HREF='"
. "editActionDets.php?doctype=$doctype&actname=$actname'>Please"
. " retry.</A>\n<BR>\n");
} # END else
} // End function allowEditOfActionDets($doctype, $actname)
function displayPage($doctype)
{
global $calledBefore,$x,$y,$actname,$level,$score,$stpage,$endtxt,$displayed,$buttonorder,$statustext;
if(!isset($calledBefore))
{
# Destroy $x and $y, hence freeing wasted memory space...
unset($x);
unset($y);
allowEditOfActionDets($doctype, $actname);
}
else
{
/****************************************************************
If $calledBefore is set, then it means that this is a
recursive call to the page, hence meaning that the user is
updating some details of an action on a document type. This
means that we need to process an update query, followed by
re-displaying the updated data.
****************************************************************/
# Free memory space associated with $calledBefore (and also unset
# it for future processing...
unset($calledBefore);
# Ensure that $doctype, $actname, and $level are all in
# uppercase.
$doctype = strtoupper($doctype);
$actname = strtoupper($actname);
$level = strtoupper($level);
# Now, we can run an update query on the database, updating the
# relevant fields in the sbmIMPLEMENT table for the relevant
# action on the relevant doctype...
/*
Before we run this update query however, we must test the
values of score and stpage. It has been noted that if these
fields are empty, the query will set their values in the DB to
0, not NULL as it should do. This can be corrected by testing
if score and stpage are empty, or have simply been filled with
a value of '0' (zero). If they have a zero value, this can
be inserted, but if they have a NULL value, the keyword 'NULL'
can be explicitly inserted into the query string.
*/
$theDate = makeEDSmdDate();
$queryString = "UPDATE sbmIMPLEMENT SET level = '$level', "
. "score = ";
# Test value of $score...
if(!$score)
{
if($score == '0')
$queryString = $queryString . " '$score', stpage = ";
else
$queryString = $queryString . " NULL, stpage = ";
} // END if
else
{
$queryString = $queryString . " '$score', stpage = ";
} // End testing value of $score
# Test value of $stpage...
if(!$stpage)
{
if($stpage == '0')
$queryString = $queryString . "'$stpage', ";
else
$queryString = $queryString . "NULL, ";
} // END if
else
{
$queryString = $queryString . "'$stpage', ";
} // End testing value of stpage
$queryString .= "endtxt = '$endtxt', displayed='$displayed',buttonorder='$buttonorder',statustext='$statustext',md='$theDate' "
. "WHERE ";
$queryString .= "docname = '$doctype' AND "
. "actname ";
$queryString .= "= '$actname'";
# Apply a WRITE lock to sbmIMPLEMENT...
if($lockRes = mysql_query("LOCK TABLES sbmIMPLEMENT WRITE"))
{
# Now the actual query can be executed...
$queryResult = mysql_query("$queryString");
if($queryResult)
{ # If the query was able to execute successfully...
if(mysql_affected_rows() == 1)
{ # If the query only updated 1 row (as was
# intended)...
# Free the lock...
$unlockRes = mysql_query("UNLOCK TABLES");
# Call the allowEditOFActionDets function to give the
# user the option of further editing the details...
allowEditOfActionDets($doctype, $actname);
} // End if
elseif(mysql_affected_rows() > 1)
{ # If more than 1 row was updated in the query (bad)
# Free the lock...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<H3 STYLE='text-align: center; color: "
. "red'>ERROR: Too Many Rows Updated. There Are "
. "Database Consistency Problems!</H3>\n");
# Display a button to return to the document.php page...
displayOKButton($doctype);
} // End elseif
else
{ # If no rows were updated by the query (bad news)
# Free the lock...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<H3 STYLE='text-align: center; color: red'>ERROR"
. ": Unable To Update Action Details.</H3>\n");
# Display a button to return to the document.php page...
displayOKButton($doctype);
} // End else
} // End if
else
{
# Else, if the query didn't execute properly...
# Free the lock...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<H3 STYLE='text-align: center; color: red'>ERROR: "
. "Unable To Execute Database Update!</H3>");
# Display a button to return to the document.php page...
displayOKButton($doctype);
} // End else
} # END if
else
{
# Damn, we couldn't lock the table. We should therefore not
# allow the query to be processed as it is unsafe. We don't
# want to tell the user this fact though, so we should
# actually just lie and tell them that we couldn't get the
# information from the DB.
print("<DIV STYLE='color: navy; font-weight: bold; font-size:"
. " large; text-align: center'><SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to lock sbmIMPLEMENT table.</DIV>\n");
# Call the allowEditOFActionDets function to give the
# user the option of further editing the details...
allowEditOfActionDets($doctype, $actname);
} # END else
} // End else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1]. "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage($doctype);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/editCatalogues.php.wml b/modules/websubmit/web/admin/editCatalogues.php.wml
index 3faa9b2eb..78f3fd7d2 100644
--- a/modules/websubmit/web/admin/editCatalogues.php.wml
+++ b/modules/websubmit/web/admin/editCatalogues.php.wml
@@ -1,408 +1,409 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Organise webSubmit main page" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_organise"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function makeCataloguesTable()
{
global $catalogues;
$queryResult = mysql_query("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION "
. "where id_father=0 ORDER BY catalogue_order");
if($queryResult)
{
# Query has executed successfully, so we can proceed to display all
# catalogues in the EDS system...
if (mysql_num_rows($queryResult) == 0)
print "<h3>No catalogues yet...</h3>\n";
else
print "<UL>\n";
while ($row = mysql_fetch_array($queryResult))
{
array_push($catalogues,$row[id_son]);
displayCatalogueBranch($row[id_son],1);
}
if (mysql_num_rows($queryResult) != 0)
print "</UL>\n";
} // END if
else
{
# In this case, the query failed, so we can terminate the scripts
# running, and terminate the WebSubmit Administrator session, as no
# further actions can be carried out...
print("<H3>Error: Unable to retrieve data from the catalogues table."
. "</H3>\n");
} // END else
}
function displayCatalogueBranch($id_father,$level)
{
global $catalogues,$IMAGES;
$res = mysql_query("SELECT name,id FROM sbmCOLLECTION WHERE id=$id_father");
$row = mysql_fetch_row($res);
if ($level == 1)
print "<LI><font size=\"+1\"><strong>"
. $row[0]."</strong></font>\n";
elseif ($level == 2)
print "<LI>". $row[0]."\n";
elseif ($level > 2)
print "<LI>". $row[0]."\n";
print "<A HREF=\"editCatalogues.php?upCatalogue=yes&id=" .$row[1]. "\">"
. "<IMG SRC=\"".$IMAGES."/up.gif\" width=14 height=14 border=0 HSPACE=0 VSPACE=0 alt=up></A>\n";
print "<A HREF=\"editCatalogues.php?downCatalogue=yes&id=" .$row[1]. "\">"
. "<IMG SRC=\"".$IMAGES."/down.gif\" width=14 height=14 border=0 HSPACE=0 VSPACE=0 alt=down></A>\n";
print "<A HREF=\"editCatalogues.php?deleteCatalogue=yes&id=" .$row[1]
. "\" onClick=\"if (!confirm('Are you sure you want to delete this catalogue? "
. "All sub-catalogues will be deleted as well!')) {return false} \">"
. "<IMG SRC=\"".$IMAGES."/iconcross.gif\" border=0 HSPACE=0 VSPACE=0></A>\n";
// display the son document types
$res1 = mysql_query("SELECT id_son from sbmCOLLECTION_sbmDOCTYPE WHERE id_father=$id_father ORDER BY catalogue_order");
$res2 = mysql_query("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=$id_father ORDER BY catalogue_order");
if (mysql_num_rows($res1) != 0 || mysql_num_rows($res2) != 0)
print "<UL>\n";
if (mysql_num_rows($res1) != 0)
while ($row = mysql_fetch_array($res1))
displayDoctypeBranch($row[id_son],$id_father);
// display the son catalogues
while ($row = mysql_fetch_array($res2))
{
array_push($catalogues,$row[id_son]);
displayCatalogueBranch($row[id_son],$level+1);
}
if (mysql_num_rows($res1) != 0 || mysql_num_rows($res2) != 0)
print "</UL>\n";
}
function displayDoctypeBranch($doctype,$id_father)
{
global $catalogues,$IMAGES;
$res = mysql_query("SELECT ldocname,sdocname FROM sbmDOCTYPE WHERE sdocname='$doctype'");
$row = mysql_fetch_row($res);
print "<LI><small>"
. "<a href=\"documentEDS.php?doctype=$doctype\">"
. $row[0]."</a></small>\n";
print "<A HREF=\"editCatalogues.php?upDoctype=yes&id=".$row[1]."&id_father=$id_father\">"
. "<IMG SRC=\"".$IMAGES."/up.gif\" width=14 height=14 border=0 HSPACE=0 VSPACE=0 alt=up></A>\n";
print "<A HREF=\"editCatalogues.php?downDoctype=yes&id=" .$row[1]. "&id_father=$id_father\">"
. "<IMG SRC=\"".$IMAGES."/down.gif\" width=14 height=14 border=0 HSPACE=0 VSPACE=0 alt=down></A>\n";
print "<A HREF=\"editCatalogues.php?deleteDoctype=yes&id=" .$doctype. "&id_father=$id_father"
. "\" onClick=\"if (!confirm('Are you sure you want to delete this document type? "
. "')) {return false} \">"
. "<IMG SRC=\"".$IMAGES."/iconcross.gif\" border=0 HSPACE=0 VSPACE=0></A>\n";
}
function deleteBranch($id)
{
// First delete the attached doctypes
$res = mysql_query("DELETE FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_father=$id");
// Then the sub-catalogues
$res = mysql_query("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=$id");
while ($row = mysql_fetch_row($res))
deleteBranch($row[0]);
// Then the catalogue itself
$res = mysql_query("DELETE FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_son=$id");
$res2 = mysql_query("DELETE FROM sbmCOLLECTION WHERE id=$id");
if (!res || !$res2)
print "<h3><font color=red>WARNING:</font> Could not delete catalogue(<EM>".mysql_error()."</EM>)</h3>";
}
function deleteDoctype($id,$id_father)
{
$res = mysql_query("DELETE FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_son='$id' and id_father='$id_father'");
if (!$res)
print "<h3><font color=red>WARNING:</font> Could not delete doctype(<EM>".mysql_error()."</EM>)</h3>";
}
function makeAddCatalogueInterface()
{
global $catalogues;
print "<SMALL>\n";
print("<H2>Add a Catalogue</H2>\n");
print("<br>");
print "<FORM>";
print "<INPUT type=hidden name=addCatalogue value=yes>\n";
print "Catalogue name:<br><INPUT size=50 name=catalogue_name>\n<br>";
print "Attached to: <SELECT name=attached>\n";
print "<OPTION value=\"0\"> top level\n";
reset($catalogues);
while (list($number,$value) = each($catalogues))
{
$res = mysql_query("SELECT name FROM sbmCOLLECTION WHERE id=$value");
$row = mysql_fetch_row($res);
print "<OPTION value=\"$value\">".$row[0]."\n";
}
print "</SELECT><br><br>\n";
print "<CENTER><INPUT type=button value=\"ADD\" onclick=\"submit();\">\n";
print " \n";
print "</CENTER></FORM>\n";
print "</SMALL>\n";
}
function makeAddDoctypeInterface()
{
global $catalogues;
print "<SMALL>\n";
print("<H2>Add a Document Type</H2>\n");
print("<br>");
print "<FORM>";
print "<INPUT type=hidden name=addDoctype value=yes>\n";
print "Document type name: <SELECT multiple name=doctype[] size=5>\n";
$res = mysql_query("SELECT sdocname,ldocname from sbmDOCTYPE order by ldocname");
while ($row = mysql_fetch_array($res))
print "<OPTION value=\"".$row[sdocname]."\">".$row[ldocname];
print "</SELECT>\n<br>";
print "Attached to: <SELECT name=attached>\n";
reset($catalogues);
while (list($number,$value) = each($catalogues))
{
$res = mysql_query("SELECT name FROM sbmCOLLECTION WHERE id=$value");
$row = mysql_fetch_row($res);
print "<OPTION value=\"$value\">".$row[0]."\n";
}
print "</SELECT><br><br>\n";
print "<CENTER><INPUT type=button value=\"ADD\" onclick=\"submit();\">\n";
print " \n";
print "</CENTER></FORM>\n";
print "</SMALL>\n";
}
function upCatalogue($id)
{
// Get father id
$res = mysql_query("SELECT id_father,catalogue_order FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_son='$id'");
$row = mysql_fetch_row($res);
$id_father = $row[0];
$order = $row[1];
// Get smallest number before this one
$res = mysql_query("SELECT MAX(catalogue_order) FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father='$id_father' and catalogue_order < $order");
if (mysql_num_rows($res) != 0)
{
$row = mysql_fetch_row($res);
$neworder = $row[0];
mysql_query("UPDATE sbmCOLLECTION_sbmCOLLECTION SET catalogue_order='$order' WHERE id_father='$id_father' and catalogue_order='$neworder'");
mysql_query("UPDATE sbmCOLLECTION_sbmCOLLECTION SET catalogue_order='$neworder' where id_son='$id'");
}
}
function downCatalogue($id)
{
// Get father id
$res = mysql_query("SELECT id_father,catalogue_order FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_son='$id'");
$row = mysql_fetch_row($res);
$id_father = $row[0];
$order = $row[1];
// Get smallest number after this one
$res = mysql_query("SELECT MIN(catalogue_order) FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father='$id_father' and catalogue_order > $order");
if (mysql_num_rows($res) != 0)
{
$row = mysql_fetch_row($res);
$neworder = $row[0];
mysql_query("UPDATE sbmCOLLECTION_sbmCOLLECTION SET catalogue_order='$order' WHERE id_father='$id_father' and catalogue_order='$neworder'");
mysql_query("UPDATE sbmCOLLECTION_sbmCOLLECTION SET catalogue_order='$neworder' where id_son='$id'");
}
}
function upDoctype($id,$id_father)
{
// Get current order
$res = mysql_query("SELECT catalogue_order FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_son='$id' and id_father='$id_father'");
$row = mysql_fetch_row($res);
$order = $row[0];
// Get smallest number before this one
$res = mysql_query("SELECT MAX(catalogue_order) FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_father='$id_father' and catalogue_order < $order");
if (mysql_num_rows($res) != 0)
{
$row = mysql_fetch_row($res);
$neworder = $row[0];
mysql_query("UPDATE sbmCOLLECTION_sbmDOCTYPE SET catalogue_order='$order' WHERE id_father='$id_father' and catalogue_order='$neworder'");
mysql_query("UPDATE sbmCOLLECTION_sbmDOCTYPE SET catalogue_order='$neworder' where id_son='$id'");
}
}
function downDoctype($id,$id_father)
{
// Get current order
$res = mysql_query("SELECT catalogue_order FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_son='$id' and id_father='$id_father'");
$row = mysql_fetch_row($res);
$order = $row[0];
// Get smallest number after this one
$res = mysql_query("SELECT MIN(catalogue_order) FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_father='$id_father' and catalogue_order > $order");
if (mysql_num_rows($res) != 0)
{
$row = mysql_fetch_row($res);
$neworder = $row[0];
mysql_query("UPDATE sbmCOLLECTION_sbmDOCTYPE SET catalogue_order='$order' WHERE id_father='$id_father' and catalogue_order='$neworder'");
mysql_query("UPDATE sbmCOLLECTION_sbmDOCTYPE SET catalogue_order='$neworder' where id_son='$id'");
}
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
{
if ($addCatalogue == "yes")
{
$res = mysql_query("INSERT INTO sbmCOLLECTION (name) VALUES ('$catalogue_name')");
if ($res)
{
$newid = mysql_insert_id();
$res = mysql_query("SELECT MAX(catalogue_order) FROM sbmCOLLECTION_sbmCOLLECTION where id_father='$attached'");
if (mysql_num_rows($res) != 0)
{
$row = mysql_fetch_row($res);
$order = $row[0] + 1;
}
else
$order = 1;
$res = mysql_query("INSERT INTO sbmCOLLECTION_sbmCOLLECTION (id_father,id_son,catalogue_order) VALUES ($attached,$newid,$order)");
}
else
print "<h3><font color=red>WARNING:</font> Could not insert new catalogue(<EM>".mysql_error()."</EM>)</h3>";
}
if ($addDoctype == "yes")
{
while ($currentdoc = current($doctype))
{
$res = mysql_query("SELECT MAX(catalogue_order) FROM sbmCOLLECTION_sbmDOCTYPE where id_father='$attached'");
if (mysql_num_rows($res) != 0)
{
$row = mysql_fetch_row($res);
$order = $row[0] + 1;
}
else
$order = 1;
$res = mysql_query("INSERT INTO sbmCOLLECTION_sbmDOCTYPE (id_father,id_son,catalogue_order) VALUES ('$attached','$currentdoc','$order')");
if (!$res)
print "<h3><font color=red>WARNING:</font> Could not insert new doctype(<EM>".mysql_error()."</EM>)</h3>";
next($doctype);
}
}
if ($deleteCatalogue == "yes")
deleteBranch($id);
if ($deleteDoctype == "yes")
deleteDoctype($id,$id_father);
if ($upCatalogue == "yes")
upCatalogue($id);
if ($downCatalogue == "yes")
downCatalogue($id);
if ($upDoctype == "yes")
upDoctype($id,$id_father);
if ($downDoctype == "yes")
downDoctype($id,$id_father);
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">This page is "
. "used for defining the catalogues which will appear on"
. " the CDS Submit main page.<br>These catalogues are not necessarily "
. "the same as those defined in the search interface (CDS Search)."
. "</P>\n</TD>\n</TR>\n</TABLE>\n");
print("<br><br>");
# Initialise catalogues array
$catalogues = array();
print "<table width=\"100%\" border=0>\n";
print "<tr><td valign=top>\n";
makeCataloguesTable();
print "</td><td valign=top>\n";
print "<table width=\"100%\" border=0 bgcolor=lightblue cellspacing=20>\n";
print "<tr><td valign=top>\n";
makeAddCatalogueInterface();
print "</td></tr><tr><td valign=top>\n";
makeAddDoctypeInterface();
print "</td></tr></table>\n";
print "</td></tr></table>\n";
print "<hr>\n";
print "<FORM action=index.php>";
print "<CENTER><INPUT type=button value=\"FINISHED\" onClick=\"document.location='index.php';\">\n";
print "</CENTER></FORM>\n";
}
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/editDoctypeEDS.php.wml b/modules/websubmit/web/admin/editDoctypeEDS.php.wml
index a847c5961..00f60ccb8 100644
--- a/modules/websubmit/web/admin/editDoctypeEDS.php.wml
+++ b/modules/websubmit/web/admin/editDoctypeEDS.php.wml
@@ -1,547 +1,547 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Edit details of the <i><protect><?print $doctype;?></protect></i> type of document" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
</protect>
?>
<SCRIPT TYPE='text/javascript'>
<!-- hide
function checkRequired(param)
// This is a function to ensure that the user enters the required
// parameter for the action.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// ca8nro@yahoo.co.uk
// Created: Long ago!
// Last Modified: 16/11/2000
{
// If the field is left blank by the user...
if(param == "")
{ // Alert them, and return false.
alert("You must enter a value in the Long Document Name field.");
return false;
} // End if
else // If level has been filled by the user...
{
return true;
} // End else
} // End function checkRequired(param)
function verifyChanges(curLdocname, sugLdocname, curDocfi1, sugDocfi1)
// Function to test whether the values for the parameters to be changed
// have actually been changed by the user when they submit them to the
// database for update. If not, the function returns false. If so, the
// function returns true.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// Created: 27/07/2000
// Last Modified: 16/11/2000
{
if( (curLdocname == sugLdocname) &&
(curDocfi1 == sugDocfi1))
{
alert("No Change In The Data Has Been Made! Cannot Submit.");
return false;
} // End if
else
{
return true;
} // End else
} // End function verifyChanges()
// -->
</SCRIPT>
<?php
/*********************Function Descriptions***************************/
<protect>
function makeEDSdoctypeButtons($dataRow)
{
/**************************************************************
This function has the simple task of creating and displaying the
"SAVE CHANGES" button, the "RESET" button and the "FINISHED"
button for the edit doctype form. It is bundled into a function,
as it is quite a messy piece of code due to the large parameters
to the JavaScript function "verifyChanges".
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 16/11/2000
Last Modified: 10/01/2001
**************************************************************/
print("<P>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>"
. "\n<INPUT TYPE='button' VALUE='SAVE CHANGES' onClick=\""
. "if(verifyChanges(escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["ldocname"]))
. "'), escape(ldocname.value), escape('"
. ereg_replace("[\n\r]+","\\n",ereg_replace("'","\\'",
htmlspecialchars($dataRow["description"])))
. "'), escape(description.value))) { if(checkRequired("
. "ldocname.value)) { if(confirm('Are You Sure You Wish To Alter "
. "These Details?')) { submit(); } } }\">\n</TD>\n<TD ALIGN='"
. "center'><INPUT TYPE='button' VALUE='RESET' onClick=\"reset();"
. "\">\n</TD>\n</FORM>\n<FORM ACTION='documentEDS.php' METHOD='"
. "post'>\n<INPUT TYPE='hidden' NAME='doctype' VALUE='"
. $dataRow["sdocname"] . "'>\n<TD ALIGN='left'>\n<INPUT TYPE='"
. "button' VALUE='FINISHED' onClick=\"submit();\">\n</TD>\n</FORM>"
. "\n</TR>\n</TABLE>\n</P>\n");
} // END function makeEDSdoctypeButtons($dataRow)
//*************
function displayEDSdoctypeForm($doctype)
{
/*******************************************************************
This function has the task of creating the main form in which the
details of the given document type are displayed. each data item
of the doctype appears in an input box, so that the user can
modify its value, and then save the changes that they have made.
The fields that should not ever be modified by the user (such as
the modification date, etc) are displayed in readonly text fields
so that the user can not tamper with them.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 16/11/2000
Last Modified: 10/01/2001
*******************************************************************/
# Execute a query on the sbmsbmDOCTYPE table for the given action...
$queryResult = mysql_query("SELECT * from sbmDOCTYPE WHERE sdocname = "
. "'$doctype'");
if($queryResult)
{
# The query has executed successfully, so we can continue with
# the production of the page...
# Produce the appropriate output, depending upon the number of
# rows returned by the query...
if(mysql_num_rows($queryResult) == 1)
{
# In this case, as expected, there is one entry for the given
# doctype in the sbmDOCTYPE table..
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1><TR><TD "
. "ALIGN='center'><P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below are "
. "the details of the <EM>$doctype</EM> document type.<BR>You"
. "can edit them by alterring values in boxes, and clicking "
. "on \"SAVE CHANGES\".</P></TD></TR></TABLE>");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now, we are ready to display the details of the given
# doctype in a table. Each data item will be contained within
# a form input box so that it can be edited if this is
# desirable.
print("<FORM ACTION='editDoctypeEDS.php' METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='update' VALUE='true'>"
. "<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 ALIGN='center"
. "' WIDTH='100%'>");
# Now make the table: names & fields...
# Get the columns list
$columns = mysql_list_fields(DOCS_DATABASE, "sbmDOCTYPE");
# Get the number of fields
$numTblFlds = mysql_num_fields($columns);
# Get the row of data
$dataRow = mysql_fetch_array($queryResult);
# Before we display most of the table, we can first display
# the upper part of the table, which will be the sactname, cd,
# and md fields, that can't be modified...
print("<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0 BORDER=0><TR><TH BGCOLOR='#D3DCE3' ALIGN"
. "='right' WIDTH='20%'>Document Type ID: </TH><TD "
. "ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT "
. "TYPE='readonly' NAME='sdocname' VALUE='"
. $dataRow["sdocname"] . "'></TD></TR><TR><TH "
. "BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>Creation "
. "Date: </TH><TD WIDTH='80%' ALIGN='left' BGCOLOR="
. "'#FFFFCC'><INPUT TYPE='readonly' NAME='cd' VALUE='"
. $dataRow["cd"] . "'></TD></TR><TR><TH WIDTH='20%'"
. " BGCOLOR='#D3DCE3' ALIGN='right'>Modification "
. "Date: </TH><TD WIDTH='80%' ALIGN='left' "
. "BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' NAME='md' "
. "VALUE='" . $dataRow["md"] . "'></TD></TR>");
# Now fill this new table with all of the details...
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# Get the name of the current field...
$currentField = mysql_field_name($columns, $indx);
# Ensure that we don't once again print our non-editable
# fields out...
if(($currentField != "sdocname") && ($currentField != "cd")
&& ($currentField != "md"))
{
# First, display the field name...
print("<TR><TH BGCOLOR='#87CEFA' ALIGN='right' "
. "WIDTH='20%'>");
if($currentField == "ldocname")
{
print("Document Type Description: ");
} // END if
else
{
print("$currentField" . ": ");
} // END else
if ($currentField == "description")
{
print (" </TH><TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'><TEXTAREA COLS=60 ROWS=5 WRAP NAME='description'>"
. ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "</TEXTAREA></TD></TR>");
} //END if
else
{
print(" </TH><TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'><INPUT TYPE='text' NAME="
. "'$currentField' SIZE=");
if(mysql_field_type($columns, $indx) == "blob")
{
# This is a text field (lots of characters allowed -
# too many for HTML form in browser to display), so
# just give it a visible length of 60 characters.
print("60");
} // END if
else
{
print(mysql_field_len($columns, $indx));
} // END else
print(" VALUE='" . ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "'></TD></TR>");
} // END else
} // END if
} // END for
# Now that the table has been filled with all of the actions
# details, it can be closed..
print("</TABLE>");
# Now that the form has been drawn, it is possible to produce
# a new table underneath, containing buttons. There will be a
# "SAVE" button, and a "FINISHED button.
makeEDSdoctypeButtons($dataRow);
} // END if
elseif(mysql_num_rows($queryResult) > 1)
{
# In this case, there are many rows for the given doctype in
# the sbmDOCTYPE table, which means that the sbmDOCTYPE table has
# primary key violations..
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> More "
. "than one row of data concerning the <EM>$doctype</EM> "
. "document type was returned from the <EM>sbmDOCTYPE</EM> table"
. "of the" . DOCS_DATABASE . " database.<BR>This indicates "
. "primary key duplication in this table.<BR>Please inform "
. "system administrator.</P>");
# Send a mail to the system admin people to warn them about
# this serious error..
# Get the current date and time...
$dateDets = getdate();
$msgTxt = "When the editDoctypeEDS.php attempted to retrieve"
. "the details of the $doctype document type, several "
. "rows were returned for this document type from the sbmDOCTYPE"
. " table. The query was made using the \"sdocname\" field "
. "as the search key. As the \"sdocname\" field is the "
. "primary key for the sbmDOCTYPE table, this means that there "
. "must be key violations in this table.This problem "
. "should be corrected immediately.WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "sbmDOCTYPE Table Key Violation!", $msgTxt,
"From: WebSubmit_Administrator");
} // END elseif
elseif(mysql_num_rows($queryResult) == 0)
{
# This means that the given doctype has no row in the sbmDOCTYPE
# table..Signifies a database inconsistency error.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No data"
. " concerning the <EM>$doctype</EM> doctype was found in the"
. " <EM>sbmDOCTYPE</EM> table.<BR>This suggests a data "
. "consistency error in the " . DOCS_DATABASE . " database."
. "<BR>Please inform the system administrator.</P>");
# Now send an email to the administrator(s) to inform them of
# this serious error...
$msgTxt = "When the editDoctypeEDS.php script attempted to "
. "retrieve the details of the $doctype document type, no "
. "rows were returned from the sbmDOCTYPE table for this "
. "document type.Because the user had to click a link to"
. " get to this page fpr the given doctype, the details of "
. "this doctype, must be referred to in other tables of EDS."
. " This suggests that there are either data inconsistencies"
. " or concurrency problems within EDS.This should be "
. "investigated and corrected ASAP.WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$doctype Possible Data Inconsistency "
. "Error!", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# Some other sort of error has ocurred, so present the error
# message on the screen.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable"
. " to correctly retrieve data from the <EM>sbmDOCTYPE</EM> "
. "table of " . DOCS_DATABASE . ".<BR>Please inform system "
. "administrator.</P>");
} // END else
} // END if
else
{
# Unfortunately, the query has failed, so we can display an error
# message.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to conduct a query on the "
. "<EM>sbmDOCTYPE</EM> table of " . DOCS_DATABASE . ".<BR>Please"
. " inform system administrator.</P>");
} // END else
} // END function displayEDSdoctypeForm($doctype)
function displayEditPage($update,$doctype)
{
global $ldocname,$description,$sdocname;
# Conduct a test to see if this is the first call to this script, or
# if it is a self-referential call, whereby the user has chosen to
# update values of the given action...
if($update)
{
# In this case, this is a call to update the doctypes details...
# Free memory space associated with $update...
unset($update);
# Get the date, so that it can be committed for the modification
# date field (md)...
$modifiedDate = makeEDSmdDate();
# Begin constructing the UPDATE query string...
$queryString = "UPDATE sbmDOCTYPE SET ldocname = '$ldocname', description = "
. "'$description', md = '$modifiedDate' WHERE "
. "sdocname = '$sdocname'";
# Now actually execute the update query
$updateResult = mysql_query($queryString);
if($updateResult)
{
# If the query could actually be executed without error
if(mysql_affected_rows() == 1)
{
# In this case, only 1 rows was updated, which is as
# expected
# Display a nice message informing the user that the update
# has been carried out...
print("<P STYLE=\"color: green; text-align: center; font-"
. "style: bold; font-size: large\">Document Type "
. "Modification Complete</P>");
# Send the administrator a message to inform them of the
# update that has taken place...
$msgTxt = "An update has been carried out on the $sdocname"
. " document type in the " . DOCS_DATABASE
. " database.WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "EDS Doctype Updated", $msgTxt,
"From: WebSubmit_Administrator");
# We can now redirect the browser to the the page showing
# the details of this document type...
print("<FORM ACTION='documentEDS.php' METHOD='post' "
. "NAME='referForm'>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$sdocname'"
. "></FORM>");
print("<SCRIPT LANGUAGE=\"JavaScript\">"
. "setTimeout(\"document.referForm.submit();\", 0);"
. "</SCRIPT>");
} // END if
elseif(mysql_affected_rows() > 1)
{
# More than 1 row was updated -> bad news: key duplication
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Multiple rows have been updated in the "
. "<EM>sbmDOCTYPE</EM> table.<BR>This has resulted from an "
. "attempt to update the <EM>$sdocname</EM> document type."
. "<BR>Please inform the system administrator.</P>");
# Now, email the administrator to let them know this, as it
# is a potentially dangerous error.
$msgTxt = "When a user updated the details of "
. "the $sdocname document type using the EDS Administrat"
. "or, several rows were affected in the sbmDOCTYPE table. "
. " The update was conducted using the \"sdocname\" field "
. "as the key. As the \"sdocname\" field is the primary "
. "key for the sbmDOCTYPE table, this means that there must "
. "be key violations in this table. There should only "
. "have been 1 row affected by this update.This "
. "problem should be investigated and corrected immediate"
. "ly.WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: sbmDOCTYPE Table Multiple Row"
. " Update!", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# No rows were updated -> Something strange here!
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>"
. "sbmDOCTYPE</EM> table.<BR>This suggests that there could "
. "be data inconsistencies or concurrency problems.<BR>"
. "Please inform the system administrator.</P>");
# Better email the administrator & let them know...
$msgTxt = "When a user attempted to update the details of "
. "the $sdocname document type using the WebSubmit Administrator"
. ", no rows were affected in the sbmDOCTYPE table by this "
. "update.Because the user must have altered a documen"
. "t types details to submit an update on it, it must have"
. " been present at around the time that the user submitte"
. "d their update.This suggests the possibility of "
. "concurrency or data inconsistency problems in this "
. "table.This should be investigated and corrected "
. "ASAP.WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Error: Possible Concurrency Problems",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>sbmDOCTYPE"
. "</EM> table.<BR>This suggests that there could be data "
. "inconsistencies or concurrency problems.<BR>Please inform"
. " the system administrator.</P>");
} // END else
} // END if
else
{
# In this case, this is the first call to the page, so we can
# basically just display the details of the given doctype in a
# form...
displayEDSdoctypeForm($doctype);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayEditPage($update,$doctype);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/editPageElementEDS.php.wml b/modules/websubmit/web/admin/editPageElementEDS.php.wml
index 872a6b98e..7a9916136 100644
--- a/modules/websubmit/web/admin/editPageElementEDS.php.wml
+++ b/modules/websubmit/web/admin/editPageElementEDS.php.wml
@@ -1,702 +1,702 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Edit the <I><protect><?print $fidesc;?></protect></I> Element on page <protect><?print $pageNumber;?></protect> of <protect><?print $subname;?></protect>" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT LANGUAGE="JavaScript">
<!-- hide
function verifyChanges(curFitext, sugFitext, curLevel, sugLevel,
curSdesc, sugSdesc, curCheckn, sugCheckn)
// Function to test whether the values for the parameters to be changed
// have actually been changed by the user when they submit them to the
// database for update. If not, the function returns false. If so, the
// function returns true.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// Created: 27/07/2000
// Last Modified: 31/01/2001
{
if((curFitext == sugFitext) &&
(curLevel == sugLevel) &&
(curSdesc == sugSdesc) &&
(curCheckn == sugCheckn))
{
alert("No Change In The Data Has Been Made! Cannot Submit.");
return false;
} // End if
else
{
return true;
} // End else
} // End function verifyChanges()
// -->
</SCRIPT>
<?
/*********************Function Descriptions***************************/
function makeElementEditInterface($subname, $pageNumber, $fidesc,
$fieldnb, $doctype, $nPgs)
{
/******************************************************************
The purpose of this function is to effectively create the page
that allows the user to edit the details of a given element as it
appears on a given page of a given submission. The function
creates a form that will hold the details of a given element as
it appears on a given page of a given submission in the EDS
system. By altering the details of the element using this form
and then submitting it, the user will be able to alter the
details storred for the element in the database.
The function also creates another form that consists of a
"FINISHED" button. When the user presses this button, the
administrator returns to the page that displays the details of a
submission page and all of its elements, without making any
changes.
The function is passed several parameters. These are the
$subname value, which is the id of the given submission in which
this instance of the element is being used; the $pageNumber
value, which is the page number of the submission on which this
instance of the element is located; the $fidesc value, which is
the description of the element that is being used; the $fieldnb
value, which is the position number of the instance of the
element on the given page of the given submission; the $link
value, which is actually a pointer to a connection to the
database server; the $doctype value, which holds the unique
identifier of the doctype to which the submission belongs. This
is actually passed to the function simply so that the value can
be passed with the form when it is submitted, as it is needed to
correctly display the details of a page when the user moves
backward through the administrator system to the page which
displays the details of a given doctype; the $nPgs value, which
holds a value for the number of pages that make up the given
submission.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 28/11/2000
Last Modified: 09/05/2001
******************************************************************/
# The first step is to execute a query, selecting the detials of the
# given element as it appears on the given page...
$res = mysql_query("SELECT * FROM sbmFIELD WHERE subname = '$subname'"
. " AND pagenb = '$pageNumber' AND fidesc = '$fidesc' AND fieldnb ="
. " '$fieldnb'");
if($res)
{
# The query to retrieve the information about an element of the
# page has worked.
# Produce the appropriate output, depending upon the number of
# rows returned by the query...
if(mysql_num_rows($res) == 1)
{
# In this case, as expected, there is one entry for the given
# doctype in the sbmDOCTYPE table..
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below are "
. "the details of the <EM>$fidesc</EM> element as it "
. "appears on page <EM>$pageNumber</EM> of the <EM>$subname"
. "</EM> submission.<BR>You can edit them by alterring values"
. " in boxes, and clicking on \"SAVE CHANGES\".</P>\n</TD>\n"
. "</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now make the table: names & fields...
# Get the columns list
$columns = mysql_list_fields(DOCS_DATABASE, "sbmFIELD");
# Get the number of fields
$numTblFlds = mysql_num_fields($columns);
# Get the row of data
$dataRow = mysql_fetch_array($res);
# Now, we are ready to display the details of the given
# element of the given page of the given submission in a
# table. Each data item will be contained within a form input
# box so that it can be edited if this is desirable.
print("<FORM ACTION='editPageElementEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='update' VALUE='true'>\n");
# Before we display most of the table, we can first display
# the upper part of the table, which will be the subname,
# pagenb, fieldnb, fidesc, cd, md: fields, that can't be
# modified...
print("<INPUT TYPE='hidden' NAME='subname' VALUE='" . $dataRow["subname"] . "'><INPUT TYPE='hidden' NAME='pageNumber' VALUE='" . $dataRow["pagenb"] . "'><INPUT TYPE='hidden' NAME='fieldnb' VALUE='" . $dataRow["fieldnb"] . "'><INPUT TYPE='hidden' NAME='fidesc' VALUE='" . $dataRow["fidesc"] . "'><INPUT TYPE='hidden' NAME='cd' VALUE='" . $dataRow["cd"] . "'><INPUT TYPE='hidden' NAME='md' VALUE='" . $dataRow["md"] . "'>");
print ("<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 ALIGN='center"
. "' WIDTH='100%'>\n");
# Now fill this new table with all of the details...
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# Get the name of the current field...
$currentField = mysql_field_name($columns, $indx);
# Ensure that we don't once again print our non-editable
# fields out...
if(($currentField != "subname") && ($currentField !=
"pagenb") && ($currentField != "fieldnb") &&
($currentField != "fidesc") && ($currentField != "cd")
&& ($currentField != "md") && ($currentField !=
"fiefi1")
&& ($currentField != "fiefi2"))
{
# First, display the field name...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' "
. "WIDTH='20%'>\n");
if($currentField == "fitext")
{
print("Element Label: ");
} // END if
elseif($currentField == "level")
{
print("Level: ");
} // END elseif
elseif($currentField == "sdesc")
{
print("Short Desc: ");
} // END elseif
elseif($currentField == "checkn")
{
print("Check: ");
} // END elseif
else
{
print("$currentField" . ": ");
} // END else
print(" </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n");
if($currentField == "checkn")
{
# This is the check field, and we must simply present
# a drop-down list full of checks.
if($chksRes = mysql_query("SELECT chname FROM sbmCHECKS"
. " ORDER BY chname"))
{
# Query fine.
if(mysql_num_rows($chksRes) > 0)
{
# Checks to be put into a select box...good!
print("<SELECT NAME='checkn'>\n");
if($dataRow["checkn"] != "")
{
# It has a value, so we can show it.
print("<OPTION VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "'>" . ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "</OPTION>\n");
} // END if
# Add option for having no JavaScript Check for
# the element.
print("<OPTION VALUE=''>--NO JAVASCRIPT "
. "CHECK--</OPTION>\n");
while($stuff = mysql_fetch_row($chksRes))
{
if($stuff[0] != $dataRow["checkn"])
{
# Add the check to the list if it is not
# the currently added check
print("<OPTION VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($stuff[0]))
. "'>" . ereg_replace("'", "'",
htmlspecialchars($stuff[0]))
. "</OPTION>\n");
} // END if
} // END while
# Close up the select list
print("</SELECT>\n");
} // END if
else
{
# No checks stored in DB! We therefore can't
# allow the user to alter the current check
# incase they start putting in weird illegal
# checknames that would break referential
# integrity rules.
print("<INPUT TYPE='readonly' NAME='checkn' "
. "VALUE='" . ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "'> <SPAN STYLE=\"font-size: "
. "small; font-weight: bold; color: red; "
. "text-align: center\">No Checks Stored In "
. DOCS_DATABASE . ". Cannot Allow Ammending. "
. "<A HREF='addCheckEDS.php'>Add Check</A>"
. ".</SPAN>\n");
} // END else
# Free the memory wasting $chksRes result pointer
mysql_free_result($chksRes);
} // END if
else
{
# Can't query for checks, therefore can't edit it!
print("<INPUT TYPE='readonly' NAME='checkn' "
. "VALUE='" . ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "'> <SPAN STYLE=\"font-size: "
. "small; font-weight: bold; color: red; "
. "text-align: center\">Cannot Retrieve Check"
. " Details from " . DOCS_DATABASE . ". Cannot"
. " Allow Ammending of Current Value."
. "</SPAN>\n");
} // END else
} // END if
elseif($currentField == "level")
{
# 'Tis a select list with M or O values that we want
print("<SELECT NAME='$currentField'>\n<OPTION VALUE="
. "'M'>Mandatory</OPTION>\n<OPTION ");
if($dataRow[$indx] == "O" || $dataRow[$indx] == "o")
{
# Make this one selected...
print("SELECTED ");
} // END if
print("VALUE='O'>Optional</OPTION>\n</SELECT>\n");
} // END elseif
else
{
# No need for a listbox...just make it a normal text
# input field...
print("<INPUT TYPE='text' NAME="
. "'$currentField' SIZE=");
if($currentField != "level" &&
mysql_field_type($columns, $indx) == "blob")
{
print("60");
} // END if
else
{
print(mysql_field_len($columns, $indx) + 1);
} // END else
### I'm going to replace all "\n" chars with nothing!
print(" VALUE='" . ereg_replace("\n", " ",
ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx])))
. "'>\n");
} // END else
print("</TD>\n</TR>\n");
} // END if
} // END for
# Now that the table has been filled with all of the actions
# details, it can be closed..
print("</TABLE>\n");
# Now that the form has been drawn, it is possible to produce
# a new table underneath, containing buttons. There will be a
# "SAVE" button, a "RESET" button and a "FINISHED button.
print("<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>"
. "\n<INPUT TYPE='hidden' NAME='nPgs' VALUE='$nPgs'>\n<P>\n"
. "<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"for(i=0; i < "
. "level.length; i++) { if(level[i].selected) { break; } } "
. "if(verifyChanges("
. "escape('" . ereg_replace("\n", " ",
ereg_replace("'","\\'",
htmlspecialchars($dataRow["fitext"])))
. "'), escape(fitext.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["level"]))
. "'), escape(level[i].value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["sdesc"]))
. "'), escape(sdesc.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["checkn"]))
. "'), escape(checkn.options[checkn.selectedIndex].value))) {"
. " if(confirm('Are You Sure You"
. " Want To "
. "Modify These Details?')) { submit(); } }\">\n</TD>\n"
. "<TD ALIGN='center'>\n<INPUT TYPE='button' VALUE='RESET "
. "CHANGES' onClick=\"reset();\">\n</TD>\n</FORM>\n<FORM "
. "ACTION='pageDetsEDS.php' METHOD='post'>\n<INPUT TYPE='"
. "hidden' NAME='subname' VALUE='" . $dataRow["subname"]
. "'>\n<INPUT TYPE='hidden' NAME='pageNumber' VALUE='"
. "$pageNumber'>\n<INPUT TYPE='hidden' NAME='nPgs' VALUE='"
. "$nPgs'>\n<INPUT TYPE='hidden' NAME='doctype' VALUE='"
. "$doctype'>\n<TD ALIGN='center'>\n<INPUT TYPE='button' "
. "VALUE='FINISHED' onClick=\"submit();\">\n</TD>\n</FORM>\n"
. "</TR>\n</TABLE>\n</P>\n");
} // END if
elseif(mysql_num_rows($queryResult) > 1)
{
# In this case, there are more than 1 row for the given
# element instance on a page stored in the sbmFIELD table, which
# means that the sbmFIELD table must have some kind of primary
# key violations..
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> More than one row of data concerning element <EM>"
. "$fieldnb ($fidesc)</EM> on page <EM>$pageNumber</EM> of "
. "the <EM>$subname</EM> submission has been returned from "
. "the <EM>sbmFIELD</EM> table.<BR>This indicates primary key "
. "duplication in this table.<BR>Please inform system "
. "administrator.</P>\n");
# Send a mail to the system admin people to warn them about
# this serious error..
# Get the current date and time...
$dateDets = getdate();
$msgTxt = "When the editDoctypeEDS.php page attempted to "
. "retrieve the details of the <EM>$fieldnb ($fidesc)</EM> on"
. " page <EM>$pageNumber</EM> of the <EM>$subname</EM> "
. "submission, several rows were returned for this element "
. "instance from the sbmFIELD table. The query was made using "
. "the subname, pagenb, fidesc�and fieldnb fields as the "
. "search key. As these fields together should uniquely "
. "identify an instance of an element on a page, there "
. "must be key violations in this table.\n\nThis problem "
. "should be corrected immediately.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "sbmFIELD Table Possible Key Violation!",
$msgTxt, "From: WebSubmit_Administrator");
} // END elseif
elseif(mysql_num_rows($queryResult) == 0)
{
# This means that the given element instance has no entry in
# the sbmFIELD table...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No data concerning element <EM>$fieldnb "
. "($fidesc)</EM> on page <EM>$pageNumber</EM> of the "
. "<EM>$subname</EM> submission was found in the <EM>sbmFIELD"
. "</EM> table.<BR>This suggests a data consistency error in"
. " the " . DOCS_DATABASE . " database.<BR>Please inform the "
. "system administrator.</P>\n");
# Now send an email to the administrator(s) to inform them of
# this serious error...
$msgTxt = "When the editDoctypeEDS.php script attempted to "
. "retrieve the details of element $fieldnb ($fidesc) on page"
. " $pageNumber of the $subname submission, no rows were "
. "returned from the sbmFIELD table.\n\nBecause the user had to "
. "click a link to get to this page for the given element "
. "instance, its details must be referred to in other tables "
. " of EDS. This suggests that there are either data "
. "inconsistencies or concurrency problems within EDS.\n\n"
. "This should be investigated and corrected ASAP.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Possible Data Inconsistency Error!",
$msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# Some other sort of error has ocurred, so present the error
# message on the screen.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to correctly retrieve data from the"
. " <EM>sbmFIELD</EM> table of " . DOCS_DATABASE . ".<BR>Please"
. " inform system administrator.</P>\n");
} // END else
# Now, free the query result...
mysql_free_result($res);
} // END if
else
{
# The query to retrieve the details of the element on the page
# has failed.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to conduct a query on the "
. "<EM>sbmFIELD</EM> table of " . DOCS_DATABASE . ".<BR>Please"
. " inform system administrator.</P>\n");
} // END else
} // END function makeElementEditInterface()
function displayPage()
{
global $doctype,$update,$fitext,$level,$sdesc,$checkn,$subname,$pageNumber,$fidesc,$fieldnb,$nPgs;
# Conduct a test to see if this call to the page is the first call
# to it, whereby it should simply display the information about the
# element in a form, or if it is a self-referential call to the
# page, whereby it should carry out some sort of updating of
# details, then redisplay the information
if($update)
{
# In this case, this is a call to update the elements details...
# Free memory space associated with $update...
unset($update);
# Get the data, so that it can be committed for the modification
# date field (md)...
$dateDets = getdate();
# Now put the date into a variable in a nice MySQL friendly
# format
$modifiedDate = $dateDets['year'] . "-" . $dateDets['mon'] . "-"
. $dateDets['mday'];
# Begin constructing the UPDATE query string...
$queryString = "UPDATE sbmFIELD SET fitext = '$fitext', level = '"
. "$level', sdesc = '$sdesc', checkn = '$checkn', md = '"
. "$modifiedDate' WHERE subname = '$subname' AND pagenb = "
. "'$pageNumber' AND fidesc = '$fidesc' AND fieldnb = "
. "'$fieldnb'";
# Now actually execute the update query
$updateResult = mysql_query($queryString);
if($updateResult)
{
# If the query could actually be executed without error
if(mysql_affected_rows() == 1)
{
# In this case, only 1 rows was updated, which is as
# expected
# Display a nice message informing the user that the update
# has been carried out...
print("<P STYLE=\"color: green; text-align: center; font-"
. "style: bold; font-size: large\">Modification of Element"
. " Complete</P>\n");
# Send the administrator a message to inform them of the
# update that has taken place...
$msgTxt = "An update has been carried out on an element of"
. " the $subname submission. The update was carried out "
. "on element $fieldnb ($fidesc), which appears on page "
. "$pageNumber of the $subname submission in the "
. DOCS_DATABASE . " database.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "${subname}.$fidesc Element Updated "
. " (Page $pageNumber)",
$msgTxt, "From: WebSubmit_Administrator");
# Now, we need to update the modified date field for this
# submission in the sbmIMPLEMENT table, so that the actual
# submission itself shows as having been modified.
$mdResult = mysql_query("UPDATE sbmIMPLEMENT SET md = "
. "'$modifiedDate' WHERE subname = '$subname'");
if($mdResult)
{
# The modification query worked, so free its result
mysql_free_result($mdResult);
} // END if
else
{
# The update query failed, so output a quick alert...
print("<SCRIPT TYPE='text/javascript'>alert('ERROR: "
. "Unable to update the md field for this submission"
. "<BR>in the sbmIMPLEMENT table.');</SCRIPT>\n");
} // END else
# We can now redirect the browser to the the page showing
# the details of this document type...
print("<FORM ACTION='pageDetsEDS.php' METHOD='post' "
. "NAME='referForm'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='subname' VALUE='$subname'>\n"
. "<INPUT TYPE='hidden' NAME='pageNumber' VALUE='"
. "$pageNumber'>\n<INPUT TYPE='hidden' NAME='nPgs' VALUE='"
. "$nPgs'>\n</FORM>\n");
print("<SCRIPT LANGUAGE=\"JavaScript\">\n"
. "setTimeout(\"document.referForm.submit();\", 0);\n"
. "</SCRIPT>\n");
} // END if
elseif(mysql_affected_rows() > 1)
{
# More than 1 row was updated -> bad news: key duplication
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Multiple rows have been updated in the "
. "<EM>sbmFIELD</EM> table.<BR>This has resulted from an "
. "attempt to update element <EM>$fieldnb ($fidesc)</EM> "
. "on page <EM>$pageNumber</EM> of the <EM>$subname</EM> "
. "submission.<BR>Please inform the system administrator."
. "</P>\n");
# Now, email the administrator to let them know this, as it
# is a potentially dangerous error.
$msgTxt = "When a user updated the details of element "
. "$fieldnb ($fidesc) on page $pageNumber of the $subname "
. "submission, using the WebSubmit Administrator, several rows "
. "were affected in the sbmFIELD table. The update was "
. "conducted using the subname, pagenb, fidesc and fieldnb"
. " fields as keys. As an element should only appear once"
. " on a submission page in a certain position, this means"
. " that there must be key violations in the sbmFIELD table. "
. " There should only have been 1 row affected by this "
. " update.\n\nThis problem should be investigated and cor"
. "rected immediately.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: sbmFIELD Table Multiple Row "
. "Update!", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# No rows were updated -> Something strange here!
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>"
. "sbmFIELD</EM> table.<BR>This suggests that there could be"
. " data inconsistencies or concurrency problems.<BR>Plea"
. "se inform the system administrator.</P>\n");
# Better email the administrator & let them know...
$msgTxt = "When a user updated the details of element "
. "$fieldnb ($fidesc) on page $pageNumber of the $subname "
. "submission, using the WebSubmit Administrator, no rows were "
. "affected in the sbmFIELD table by this update.\n\nBecause "
. "the user must have altered this elements details to "
. "submit an update on it, it must have been present at "
. "around the time that the user submitted their update.\n"
. "\nThis suggests the possibility of concurrency or data "
. "inconsistency problems in this table.\n\nThis should"
. " be investigated and corrected ASAP.\n\nEDS Administrat"
. "or (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Error: Possible Concurrency Problems",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>sbmFIELD"
. "</EM> table.<BR>This suggests that there could be data "
. "inconsistencies or concurrency problems.<BR>Please inform"
. " the system administrator.</P>\n");
} // END else
} // END if
else
{
# In this case, this is the first call to the page, so we can
# simply display the details of the given element, as it appears
# on the given page of the given submission...
makeElementEditInterface($subname, $pageNumber, $fidesc,
$fieldnb, $doctype, $nPgs);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1]. "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/editRecordFile.php.wml b/modules/websubmit/web/admin/editRecordFile.php.wml
index 788aa0812..5686ed009 100644
--- a/modules/websubmit/web/admin/editRecordFile.php.wml
+++ b/modules/websubmit/web/admin/editRecordFile.php.wml
@@ -1,296 +1,296 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Edit <i>bibconvert</i> configuration for the <I><protect><?print $doctype;?></protect></i> document type" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*********************Function Declarations***************************/
function criticalFileFailRedirect($functionName, $doctype, $action,
$returnTo)
{
/*******************************************************************
This function simply redirects
the browser to the func.php page. It is called when the file
cannot be opened for reading/writing.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 01/02/2001
Last Modified: 06/02/2001
*******************************************************************/
# Make the functionality to send the page back home...
print("<FORM ACTION='func.php' METHOD='post' NAME='referForm'"
. ">\n<INPUT TYPE='hidden' NAME='functionName' VALUE='"
. "$functionName'>\n<INPUT TYPE='hidden' NAME='doctype' VALU"
. "E='$doctype'>\n<INPUT TYPE='hidden' NAME='action' VALUE='"
. "$action'>\n<INPUT TYPE='hidden' NAME='returnTo' VALUE='"
. "$returnTo'>\n<TABLE BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0 ALIGN='center'>\n<TR>\n<TD ALIGN='center'>"
. "\n<INPUT TYPE='button' VALUE='OK' onClick=\"submit();\""
. ">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n<SCRIPT TYPE='text/"
. "javascript'>\nsetTimeout(\"document.referForm.submit();"
. "\", 1000);\n</SCRIPT>\n");
} // END function criticalFileFailRedirect()
//**************
function doBusiness($file, $functionName, $doctype, $action, $returnTo)
{
/*******************************************************************
This function has the task of reading from the file, and with
this data, producing the page.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 01/02/2001
Last Modified: 01/02/2001
*******************************************************************/
# Test to see if the file already exists.
if(!is_file($file))
{
# The file does not exist. We had better create it...
if(!$filePtr = fopen($file, "w"))
{
# Unable to make the file
print("<SCRIPT TYPE='text/javascript'>\nalert('Error: "
. "The file $file did not exist, nor "
. "could it be created.\\n\\nTry again or inform the "
. "system administrator.');\n</SCRIPT>\n");
# Set an error flag to indicate the failure of this file
# creation.
$file_there = false;
} // END if
else
{
# ok, set file there equal to true, as we have managed to
# create it.
$file_there = true;
} // END else
} // END if
else
{
# File already exists, so we can set the flag to say so...
$file_there = true;
} // END else
# Now we can see if the file exists or not. If so, we can output
# our form, with its details. If not, we can simply present the
# user with an error message, and redirect the page back to
# "func.php".
if($file_there)
{
# Cool. Our file lives.
# Cool. Now we must open our file (Possibly again if it
# hadn't already existed!), and read its contents...
if(!$fPtr = fopen($file, "r"))
{
# Great, the damn file did not open...
print("<SCRIPT TYPE='text/javascript'>\nalert('Unable To Open"
. " File.\\nRetry Or Inform System Administrator.');\n"
. "</SCRIPT>\n");
print("<DIV STYLE=\"color: red; font-size: large; text-align:"
. " center; font-weight: bold\">Unable To Open File."
. "</DIV>\n");
criticalFileFailRedirect($functionName, $doctype, $action,
$returnTo);
} // END if
else
{
# Cool. We have opened it just nicely...
print("<SPAN STYLE=\"color: navy; font-size: medium; font-"
. "weight: bold; text-align: center\">Contents of <EM>"
. "$file</EM></SPAN>\n");
#Separate our page out....
drawSeparator();
# Make our text area with all of the files data in it...
print("<FORM ACTION='editRecordFile.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='saveDets' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='file' VALUE='$file'>\n"
. "<INPUT TYPE='hidden' NAME='functionName' VALUE='"
. "$functionName'>\n<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n<INPUT TYPE='hidden' NAME='action'"
. " VALUE='$action'>\n<INPUT TYPE='hidden' NAME='returnTo"
. "' VALUE='$returnTo'>\n<TABLE ALIGN='center' BORDER=0 "
. "CELLSPACING=0 CELLPADDING=0>\n<TR>\n<TD ALIGN='center"
. "'>\n<TEXTAREA NAME='content' COLS=100 ROWS=25>");
fpassthru($fPtr);
# fpassthru() will have closed our file pointer for us.
print("</TEXTAREA>\n</TD>\n</TR>\n</TABLE><TABLE BORDER=0"
. " CELLSPACING=2 CELLPADDING=2 ALIGN='center'>\n<TR>\n"
. "<TD ALIGN='center'>\n<INPUT TYPE='button' VALUE='"
. "SAVE CHANGES' onClick=\"submit();\">\n</TD>\n<TD ALIGN"
. "='center'>\n<INPUT TYPE='reset' VALUE='RESET CHANGES'"
. ">\n</TD>\n</FORM>\n<FORM ACTION='func.php' METHOD='pos"
. "t'>\n<INPUT TYPE='hidden' NAME='functionName' VALUE='"
. "$functionName'>\n<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n<INPUT TYPE='hidden' NAME='action"
. "' VALUE='$action'>\n<INPUT TYPE='hidden' NAME='returnT"
. "o' VALUE='$returnTo'>\n<TD ALIGN='center'>\n<INPUT TYP"
. "E='button' VALUE='CANCEL' onClick=\"submit();\">\n<"
. "/TD>\n</FORM>\n</TR>\n</TABLE>\n");
} // END else
} // END if
else
{
# File can't be raised. Better just output error messages,
# and redirect page to "func.php".
print("<SCRIPT TYPE='text/javascript'>\nalert('Unable To Open"
. " File.\\nRetry Or Inform System Administrator.');\n"
. "</SCRIPT>\n");
print("<DIV STYLE=\"color: red; font-size: large; text-align:"
. " center; font-weight: bold\">Unable To Open File."
. "</DIV>\n");
criticalFileFailRedirect($functionName, $doctype, $action,
$returnTo);
} // END else
} // END function doBusiness()
function displayPage()
{
global $doctype,$saveDets,$functionName,$action,$returnTo,$content,$file;
# Now perform tests in order to determine what we want to do...
if(isset($saveDets))
{
# In this case, this is a self referential call to the form in
# order to update the file.
# Free some wasted space...
unset($saveDets);
if(!$fh = fopen($file, "w"))
{
# Oh dear. We could not open this file for writing.
print("<SCRIPT TYPE='text/javascript'>\nalert('Unable To Open"
. " File.\\nRetry Or Inform System Administrator.');\n"
. "</SCRIPT>\n");
print("<DIV STYLE=\"color: red; font-size: large; text-align:"
. " center; font-weight: bold\">Unable To Open File."
. "</DIV>\n");
criticalFileFailRedirect($functionName, $doctype, $action,
$returnTo);
} // END if
else
{
# Let's use ereg_replace to replace any weird MAC \015 (CR)
# (\r) chars with nothing.
$content = stripslashes(ereg_replace("\015","",$content));
# Good. We can open our file.
if(!fwrite($fh, $content, strlen($content)))
{
# Couldn't write to the file.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Unable to write details to file.');\n</SCRIPT>\n");
print("<DIV STYLE=\"color: red; font-size: large; text-"
. "align: center; font-weight: bold\">Unable To Open File."
. "</DIV>\n");
fclose($fh);
criticalFileFailRedirect($functionName, $doctype, $action,
$returnTo);
} // END if
else
{
# We should have by now written our details to the file,
# and so should close it.
fclose($fh);
print("<SCRIPT TYPE='text/javascript'>\nalert('File Update"
. "d');\n</SCRIPT>\n<DIV STYLE=\"color: green; font-size:"
. " medium; text-align: center; font-weight: bold\">File "
. "Updated</DIV>\n");
# Now redisplay the main page.
doBusiness($file, $functionName, $doctype, $action,
$returnTo);
} // END else
} // END else
} // END if
else
{
# This is the first call to this script, and it is simply our
# task to display the files dets in a textarea box, offering
# links to update it, or simply leave this form.
doBusiness($file, $functionName, $doctype, $action, $returnTo);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/elementConfigDetsEDS.php.wml b/modules/websubmit/web/admin/elementConfigDetsEDS.php.wml
index c240777cd..ca4e0f3af 100644
--- a/modules/websubmit/web/admin/elementConfigDetsEDS.php.wml
+++ b/modules/websubmit/web/admin/elementConfigDetsEDS.php.wml
@@ -1,1569 +1,1569 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Details of the <I><protect><?print $name;?></protect></I> Form Element" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*********************Function Descriptions***************************/
function Jscript_submit($elementType, $dataRow)
{
/***************************************************************
When the page to display/edit the details of a given EDS element
description is loaded, the fields that are displayed depends upon
the type of element. This means that the JavaScript functions to
check these fields must be generated dynamically, as we dont know
which fields we will need to check until run-time.
Depending upon the type of element, this function makes the
function, passing the relevant params to it, and makes the submit
button to pass the relevant params to the function.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 06/12/2000
Last Modified: 28/01/2001
***************************************************************/
# Test the element type, and make the relevant function & submit
# button.
if($elementType == "T")
{
# Output the Javascript functions...
print("<SCRIPT TYPE='text/javascript'>\n\n<!-" . "- hide\n\n"
. "function verifyChanges(curRows, sugRows, curCols,"
. " sugCols, curCode, sugCode, curMarc, sugMarc, curCoo, sugCoo, curMod, sugMod)"
. "\n{\n if((curRows == sugRows) && (curCols == "
. "sugCols) && (curCoo == sugCoo) && (curCode == sugCode) && (curMarc == sugMarc) && (curMod == sugMod))\n "
. "{\n alert('No Change In The Data Has Been Made! Can"
. "not Submit.');\n return false;\n }\n else\n"
. " {\n return true;\n }\n}\n\n// -->"
. "</SCRIPT>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"for(i=0; i < "
. "cookie.length; i++) { if(cookie[i].checked) { break; } } "
. "if(verifyChanges(escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["rows"]))
. "'), escape(rows.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["cols"]))
. "'), escape(cols.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["alephcode"]))
. "'), escape(alephcode.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["marccode"]))
. "'), escape(marccode.value),escape('");
if($dataRow["cookie"])
{
print("1");
} // END else
else
{
print("0");
} // END else
print("'), escape(cookie[i].value), escape('" . ereg_replace("'","\\'",htmlspecialchars($dataRow["modifytext"])) . "'), escape(modifytext.value))) { submit(); }\">\n</TD>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='RESET CHANGES'"
. " onClick=\"reset();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END if
elseif($elementType == "I")
{
print("<SCRIPT TYPE='text/javascript'>\n\n<!-" . "- hide\n\n"
. "function verifyChanges(curSize, sugSize, curMaxlength,"
. " sugMaxlength, curVal, sugVal, curCode, sugCode, curMarc, sugMarc, curCoo, sugCoo, curMod, sugMod)"
. "\n{\n if((curSize == sugSize) && (curMaxlength == "
. "sugMaxlength) && (curVal == sugVal) && (curCode == sugCode) && (curCoo == "
. "sugCoo) && (curMarc == sugMarc) && (curMod == sugMod))\n "
. "{\n alert('No Change In The Data Has Been Made! Can"
. "not Submit.');\n return false;\n }\n else\n"
. " {\n return true;\n }\n}\n\n// -->"
. "</SCRIPT>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"for(i=0; i < "
. "cookie.length; i++) { if(cookie[i].checked) { break; } } "
. "if(verifyChanges(escape"
. "('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["size"]))
. "'), escape(size.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["maxlength"]))
. "'), escape(maxlength.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["val"]))
. "'), escape(val.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["alephcode"]))
. "'), escape(alephcode.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["marccode"]))
. "'), escape(marccode.value), escape('");
if($dataRow["cookie"])
{
print("1");
} // END else
else
{
print("0");
} // END else
print("'), escape(cookie[i].value), escape('" . ereg_replace("'","\\'",htmlspecialchars($dataRow["modifytext"])) . "'), escape(modifytext.value))) { submit(); }\">\n</TD>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='RESET CHANGES'"
. " onClick=\"reset();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END elseif
elseif($elementType == "H")
{
print("<SCRIPT TYPE='text/javascript'>\n\n<!-" . "- hide\n\n"
. "function verifyChanges(curVal, sugVal, curCode, sugCode, curMarc, sugMarc, curCoo, sugCoo, curMod, sugMod)"
. "\n{\n if((curVal == sugVal) && (curCoo == sugCoo) && (curCode == sugCode) && (curMarc == sugMarc) && (curMod == sugMod))\n "
. " {\n alert('No Change In The Data Has Been Made! "
. "Can not Submit.');\n return false;\n }\n "
. "else\n"
. " {\n return true;\n }\n}\n\n// -->"
. "</SCRIPT>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"for(i=0; i < "
. "cookie.length; i++) { if(cookie[i].checked) { break; } } "
. "if(verifyChanges(escape"
. "('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["val"]))
. "'), escape(val.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["alephcode"]))
. "'), escape(alephcode.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["marccode"]))
. "'), escape(marccode.value), escape('");
if($dataRow["cookie"])
{
print("1");
} // END else
else
{
print("0");
} // END else
print("'), escape(cookie[i].value), escape('" . ereg_replace("'","\\'",htmlspecialchars($dataRow["modifytext"])) . "'), escape(modifytext.value))) { submit(); }\">\n</TD>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='RESET CHANGES'"
. " onClick=\"reset();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END elseif
elseif($elementType == "F")
{
print("<SCRIPT TYPE='text/javascript'>\n\n<!-" . "- hide\n\n"
. "function verifyChanges(curSize, sugSize, curMaxlength,"
. " sugMaxlength, curCode, sugCode, curMarc, sugMarc, curCoo, sugCoo, curMod, sugMod)"
. "\n{\n if((curSize == sugSize) && (curMaxlength == "
. "sugMaxlength) && (curCoo == sugCoo) && (curCode == sugCode) && (curMarc == sugMarc) && (curMod == sugMod))\n "
. "{\n alert('No Change In The Data Has Been Made! Can"
. "not Submit.');\n return false;\n }\n else\n"
. " {\n return true;\n }\n}\n\n// -->"
. "</SCRIPT>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"for(i=0; i < "
. "cookie.length; i++) { if(cookie[i].checked) { break; } } "
. "if(verifyChanges(escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["size"]))
. "'), escape(size.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["maxlength"]))
. "'), escape(maxlength.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["alephcode"]))
. "'), escape(alephcode.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["marccode"]))
. "'), escape(marccode.value), escape('");
if($dataRow["cookie"])
{
print("1");
} // END else
else
{
print("0");
} // END else
print("'), escape(cookie[i].value), escape('" . ereg_replace("'","\\'",htmlspecialchars($dataRow["modifytext"])) . "'), escape(modifytext.value))) { submit(); }\">\n</TD>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='RESET CHANGES'"
. " onClick=\"reset();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END elseif
elseif($elementType == "D")
{
print("<SCRIPT TYPE='text/javascript'>\n\n<!-" . "- hide\n\n"
. "function verifyChanges(curFidesc, sugFidesc, curCode, sugCode, curMarc, sugMarc, curCoo, sugCoo, curMod, sugMod)"
. "\n{\n if(curFidesc == sugFidesc && curCoo == "
. "sugCoo && sugCode == curCode && sugMarc == curMarc && sugMod == curMod)\n "
. "{\n alert('No Change In The Data Has Been Made! Can"
. "not Submit.');\n return false;\n }\n else\n"
. " {\n return true;\n }\n}\n\n// -->"
. "</SCRIPT>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"for(i=0; i < "
. "cookie.length; i++) { if(cookie[i].checked) { break; } } "
. "if(verifyChanges(escape('" . ereg_replace("\r", "",
ereg_replace("\n", "\\n",
ereg_replace("'","\\'",
htmlspecialchars($dataRow["fidesc"]))))
. "'), escape(fidesc.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["alephcode"]))
. "'), escape(alephcode.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["marccode"]))
. "'), escape(marccode.value), escape('");
if($dataRow["cookie"])
{
print("1");
} // END else
else
{
print("0");
} // END else
print("'), escape(cookie[i].value), escape('" . ereg_replace("'","\\'",htmlspecialchars($dataRow["modifytext"])) . "'), escape(modifytext.value))) { submit(); }\">\n</TD>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='RESET CHANGES'"
. " onClick=\"reset();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END elseif
elseif($elementType == "R")
{
print("<SCRIPT TYPE='text/javascript'>\n\n<!-" . "- hide\n\n"
. "function verifyChanges(curFidesc, sugFidesc, curCode, sugCode, curMarc, sugMarc, curMod, sugMod)"
. "\n{\n if(curFidesc == sugFidesc"
. " && sugCode == curCode && sugMarc == curMarc && sugMod == curMod)\n "
. "{\n alert('No Change In The Data Has Been Made! Can"
. "not Submit.');\n return false;\n }\n else\n"
. " {\n return true;\n }\n}\n\n// -->"
. "</SCRIPT>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\" "
. "if(verifyChanges(escape('" . ereg_replace("\r", "",
ereg_replace("\n", "\\n",
ereg_replace("'","\\'",
htmlspecialchars($dataRow["fidesc"]))))
. "'), escape(fidesc.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["alephcode"]))
. "'), escape(alephcode.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["marccode"]))
. "'), escape(marccode.value), escape('");
print("'), escape('" . ereg_replace("'","\\'",htmlspecialchars($dataRow["modifytext"])) . "'), escape(modifytext.value))) { submit(); }\">\n</TD>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='RESET CHANGES'"
. " onClick=\"reset();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END elseif
elseif($elementType == "S")
{
print("<SCRIPT TYPE='text/javascript'>\n\n<!-" . "- hide\n\n"
. "function verifyChanges(curFidesc, sugFidesc, curCode, sugCode, curMarc, sugMarc, curCoo, sugCoo, curMod, sugMod)"
. "\n{\n if(curFidesc == sugFidesc && curCoo == "
. "sugCoo && sugCode == curCode && sugMarc == curMarc && sugMod == curMod)\n "
. "{\n alert('No Change In The Data Has Been Made! Can"
. "not Submit.');\n return false;\n }\n else\n"
. " {\n return true;\n }\n}\n\n// -->"
. "</SCRIPT>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"for(i=0; i < "
. "cookie.length; i++) { if(cookie[i].checked) { break; } } "
. "if(verifyChanges(escape('" . ereg_replace("\r", "",
ereg_replace("\n", "\\n",
ereg_replace("'","\\'",
htmlspecialchars($dataRow["fidesc"]))))
. "'), escape(fidesc.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["alephcode"]))
. "'), escape(alephcode.value), escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["marccode"]))
. "'), escape(marccode.value), escape('");
if($dataRow["cookie"])
{
print("1");
} // END else
else
{
print("0");
} // END else
print("'), escape(cookie[i].value), escape('" . ereg_replace("'","\\'",htmlspecialchars($dataRow["modifytext"])) . "'), escape(modifytext.value))) { submit(); }\">\n</TD>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='RESET CHANGES'"
. " onClick=\"reset();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END elseif
else
{
# Unknown file type, so just output a button not allowing the
# form to be submitted.
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='"
. "button' VALUE='SAVE CHANGES' onClick=\"alert('Unknown "
. "Element Type! Cannot Submit');"
. "\">\n</TD>\n<TD ALIGN='left'>\n<INPUT TYPE='button'"
. "VALUE='RESET CHANGES' onClick=\"reset();\">\n</TD>\n"
. "</TR>\n</TABLE>\n</FORM>\n");
} // END else
} // END function Jscript_submit()
//***************
function fabricateElementDetsFormEDS($name, $caller,
$subname = "", $pageNumber = "", $nPgs = "", $doctype = "")
{
/*****************************************************************
This function has the task of creating the html form that
contains the data of the element description. This form varies
depending upon what kind of "input" the element whose details are
being displayed is. This is because for some inputs, certain
parameters (like size or maxlength) are important, but are not
used for others. This means that we do not need to display
certain fields of the sbmFIELDS table for certain elements, that we
need to dislay for others.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 04/12/2000
Last Modified: 30/01/2001
*****************************************************************/
# Conduct a select query to retrieve the description details of the
# given element from the sbmFIELDDESC table.
$queryResult = mysql_query("SELECT * FROM sbmFIELDDESC WHERE name = "
. "'$name'");
# Take the relevant action depending upon whether it was
# successfully executed or not...
if($queryResult)
{
# In this case, the query executed successfully...
# Produce the appropriate output, depending upon the number of
# rows returned by the query...
if(mysql_num_rows($queryResult) == 1)
{
# In this case, as expected, there is one entry for the given
# element DESCRIPTION in the sbmFIELDDESC table..
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below are "
. "the details of the <EM>$name</EM> element description.<BR>"
. "These details can be edited by alterring the values in the"
. " the various input boxes, and clicking on \"SAVE CHANGES\""
. ".<BR><BR>It is also possible to change the type of the "
. "element description, which will cause the page to<BR>"
. "refresh, displaying the fields relevant to the new element"
. " type.</P>\n</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
print("<DIV STYLE='text-align: center; color: navy; "
. "font-weight: bold; font-size: medium'>Element "
. "Preview</DIV>\n");
# Get the row of data
$dataRow = mysql_fetch_array($queryResult);
# Now, let us make a nice preview of the element...
print("<FORM>\n<TABLE ALIGN='center' BORDER=1 CELLSPACING=0 "
. "CELLPADDING=0 WIDTH='100%' BGCOLOR='#87CEFA'>\n<TR>\n<TD "
. "ALIGN='center' VALIGN='middle'>\n");
$leType = $dataRow["type"];
if($leType == "T")
{
# We can draw a textarea element
print("<TEXTAREA ROWS=" . $dataRow["rows"] . " COLS="
. $dataRow["cols"] . ">\n</TEXTAREA>\n");
} // END if
elseif($leType == "I")
{
# We can draw a normal HTML input...
print("<INPUT TYPE='text' SIZE=" . $dataRow["size"]
. " VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($dataRow["val"]))
. "'>\n");
} // END elseif
elseif($leType == "H")
{
# We can simply say that it is a hidden input field...
print("<DIV STYLE='color: green; text-align: center; "
. "font-weight: bold; font-size: medium'>Hidden Input."
. " Contains Following:<BR><BR><SPAN STYLE='color: red'>"
. ereg_replace("'", "'",
htmlspecialchars($dataRow["val"]))
. "</SPAN></DIV>\n");
} // END elseif
elseif($leType == "F")
{
# We can display a File input...
print("<INPUT TYPE='file' SIZE=" . $dataRow["size"]
. ">\n");
} // END elseif
elseif($leType == "D")
{
# We can display the user defined item - whatever it is
if($dataRow["fidesc"] != "")
{
# If the element has some data definition.
print(" " . $dataRow["fidesc"] . " ");
} // END if
else
{
print("<SPAN STYLE=\"color: green; font-size: medium; "
. "text-align: center; font-weight: bold\">Item "
. "Definition Not Yet Provided</SPAN>\n");
} // END else
} // END elseif
elseif($leType == "S")
{
# We can display the select box
if($dataRow["fidesc"] != "")
{
# If the element has some data definition.
print(" " . $dataRow["fidesc"] . " ");
} // END if
else
{
print("<SPAN STYLE=\"color: green; font-size: medium; "
. "text-align: center; font-weight: bold\">Item "
. "Definition Not Yet Provided</SPAN>\n");
} // END else
} // END elseif
elseif($leType == "R")
{
# We cannot display the response element
print("<SPAN STYLE=\"color: green; font-size: medium; "
. "text-align: center; font-weight: bold\">Response "
. "Item: see description field</SPAN>\n");
} // END elseif
else
{
# Unknown element type. Therefore we can't display it.
print("<DIV STYLE='color: red; text-align: center; "
. "font-weight: bold; font-size: medium'>Unknown "
. "Element Type. Cannot Display.</DIV>\n");
} // END else
# Close up form & table stuff...
print("</TD>\n</TR>\n</TABLE>\n</FORM>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now, we are ready to display the details of the given
# element description in a form within a table. Each field of
# the element description will be contained within a form
# input box so that it can be edited if this is desirable.
# Now let us begin allowing the user to edit certain fields
# Element type (Will be a combo box, that allows you to change
# the type of the element...
print("<FORM ACTION='elementConfigDetsEDS.php' METHOD='post'>"
. "\n<INPUT TYPE='hidden' NAME='changeType' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='caller' VALUE='$caller'>\n"
. "<INPUT TYPE='hidden' NAME='name' VALUE='"
. $dataRow["name"] . "'>\n");
# Add extra fields (if necessary)...
if($caller == "pageDetsEDS.php")
{
print("<INPUT TYPE='hidden' NAME='subname' VALUE='"
. "$subname'>\n<INPUT TYPE='hidden' NAME='doctype' VALUE="
. "'$doctype'>\n<INPUT TYPE='hidden' NAME='pageNumber' "
. "VALUE='$pageNumber'>\n\n<INPUT TYPE='hidden' NAME='"
. "nPgs' VALUE='$nPgs'>\n");
} // END if
print("<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 ALIGN='"
. "center' WIDTH='100%'>\n<TR>\n<TH WIDTH='20%' BGCOLOR='"
. "#87CEFA' ALIGN='right'>\nElement Type: "
. ";</TH>\n<TD WIDTH='80%' ALIGN='left' BGCOLOR='#FFFFCC'>"
. "<SELECT NAME='type' onChange=\"submit();\">\n<OPTION VALUE"
. "='UNKNOWN_TYPE'>Unknown Element Type</OPTION>\n");
# Make User defined type option
print("<OPTION ");
if($dataRow["type"] == "D")
{
# D was already selected...
print("SELECTED ");
} // END if
print("VALUE='D'>User Defined Input</OPTION>\n");
# Make Select box type option
print("<OPTION ");
if($dataRow["type"] == "S")
{
# S was already selected...
print("SELECTED ");
} // END if
print("VALUE='S'>Select Box</OPTION>\n");
# Make File input type option
print("<OPTION ");
if($dataRow["type"] == "F")
{
# F was already selected...
print("SELECTED ");
} // END if
print("VALUE='F'>File Input</OPTION>\n");
# Make Hidden input type option...
print("<OPTION ");
if($dataRow["type"] == "H")
{
# H was already selected...
print("SELECTED ");
} // END if
print("VALUE='H'>Hidden Input</OPTION>\n");
# Make Text input type option...
print("<OPTION ");
if($dataRow["type"] == "I")
{
# I was already selected...
print("SELECTED ");
} // END if
print("VALUE='I'>Text Input</OPTION>\n");
# Make response type option...
print("<OPTION ");
if($dataRow["type"] == "R")
{
# I was already selected...
print("SELECTED ");
} // END if
print("VALUE='R'>Response</OPTION>\n");
# Make TextArea input type option...
print("<OPTION ");
if($dataRow["type"] == "T")
{
# T was already selected...
print("SELECTED ");
} // END if
print("VALUE='T'>Text Area Element</OPTION>\n</SELECT>\n</TD>"
. "\n</TR>\n</TABLE>\n</FORM>\n");
# Now make the main form...
print("<FORM ACTION='elementConfigDetsEDS.php' METHOD='post'>"
. "\n<INPUT TYPE='hidden' NAME='update' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='caller' VALUE='$caller'>\n"
. "<INPUT TYPE='hidden' NAME='type' VALUE='"
. $dataRow["type"] . "'>\n"
. "<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 ALIGN='center"
. "' WIDTH='100%'>\n");
# Now make the table: names & fields...
# Get the columns list
$columns = mysql_list_fields(DOCS_DATABASE, "sbmFIELDDESC");
# Get the number of fields
$numTblFlds = mysql_num_fields($columns);
# Before we display most of the table, we can first display
# the upper part of the table, which will be the fields, that
# shouldn't be modified by the user. These are the name, cd
# and md fields.
$tblHead = "<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0 BORDER=0>\n<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN"
. "='right' WIDTH='20%'>\nElement: </TH>\n<TD "
. "ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT "
. "TYPE='readonly' NAME='name' VALUE='"
. $dataRow["name"] . "'>\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>\nCreation "
. "Date: </TH>\n<TD WIDTH='80%' ALIGN='left' BGCOLOR="
. "'#FFFFCC'><INPUT TYPE='readonly' NAME='cd' VALUE='"
. $dataRow["cd"] . "'>\n</TD>\n</TR>\n<TR>\n<TH WIDTH='20"
. "%' BGCOLOR='#D3DCE3' ALIGN='right'>\nModification Date:"
. " </TH>\n<TD WIDTH='80%' ALIGN='left' BGCOLOR='"
. "#FFFFCC'><INPUT TYPE='readonly' NAME='md' VALUE='"
. $dataRow["md"] . "'>\n</TD>\n</TR>\n";
# Now make the alephcode field...
$tblHead .= "<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nAleph Code:"
. " </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%"
. "'><INPUT TYPE='text' NAME='alephcode' VALUE='"
. $dataRow["alephcode"] . "' SIZE="
. mysql_field_len($columns, 1) . ">\n</TD>\n</TR>\n";
# Now make the marccode field...
$tblHead .= "<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nMarc Code:"
. " </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%"
. "'><INPUT TYPE='text' NAME='marccode' VALUE='"
. $dataRow["marccode"] . "' SIZE="
. mysql_field_len($columns, 2) . ">\n</TD>\n</TR>\n";
# Now make the modifytext field...
$tblHead .= "<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nModification Text:"
. " </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%"
. "'><INPUT TYPE='text' NAME='modifytext' VALUE='"
. $dataRow["modifytext"] . "' SIZE="
. mysql_field_len($columns, 2) . ">\n</TD>\n</TR>\n";
# Now it is possible to show the rest of the data that will be
# editable. The key thing to pay attention to here is
# elements are a form of html forms input. This means that
# there can be several different types of input (text, file,
# etc). Different types of html input use different
# parameters, so depending upon what type of input the element
# whose details are being displayed is, only certain fields
# from the sbmFIELDDESC table will be displayed, and others will
# remain hidden, as they are not used by this element. This
# means that we must test to see what type of element it is,
# and then display the relevant fields based upon this
# determination.
$elementType = $dataRow["type"];
if($elementType == "T")
{
# In this case, the element is a <TEXTAREA> element.
print("$tblHead");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nRows: </TH>\n<TD ALIGN='left' BGCOLOR='#F"
. "FFFCC' WIDTH='80%'><INPUT TYPE='text' name='rows' "
. "VALUE='" . $dataRow["rows"] . "' SIZE="
. mysql_field_len($columns, 5) . ">\n</TD>\n</TR>\n<TR>\n"
. "<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nColu"
. "mns: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' "
. "WIDTH='80%'><INPUT TYPE='text' name='cols' VALUE='"
. $dataRow["cols"] . "' SIZE="
. mysql_field_len($columns, 6) . ">\n</TD>\n"
. "</TR>\n<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' "
. "WIDTH='20%'>\nCookie: </TH>\n<TD ALIGN='left' "
. "BGCOLOR='#FFFFCC' WIDTH='80%'>");
printCookie($dataRow["cookie"]);
# Okay, close up the current row (it is actually the last
# row)
print("</TD>\n</TR>\n");
} // END if
elseif($elementType == "I")
{
# Our item is a normal html text input
print("$tblHead");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nSize: </TH>\n<TD ALIGN='left' BGCOLOR='#F"
. "FFFCC' WIDTH='80%'><INPUT TYPE='text' name='size' VAL"
. "UE='" . $dataRow["size"] . "' SIZE=4"
. " MAXLENGTH=4"
. ">\n</TD>\n</TR>\n<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='ri"
. "ght' WIDTH='20%'>\nMaxlength: </TH>\n<TD ALIGN='"
. "left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT TYPE='text'"
. " name='maxlength' VALUE='" . $dataRow["maxlength"]
. "' SIZE=" . mysql_field_len($columns, 7)
. ">\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nValue:"
. " </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='"
. "80%'><INPUT TYPE='text' name='val' VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($dataRow["val"]))
. "' SIZE=60 >\n</TD>\n</TR>\n<TR>\n"
. "<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nCook"
. "ie: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WID"
. "TH='80%'>");
printCookie($dataRow["cookie"]);
# Okay, close up the current row (it is actually the last
# row)
print("</TD>\n</TR>\n");
} // END elseif
elseif($elementType == "H")
{
# Our item is a hidden input field.
print("$tblHead");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nValue: </TH>\n<TD ALIGN='left' BGCOLOR='#FF"
. "FFCC' WIDTH='80%'><INPUT TYPE='text' name='val' VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($dataRow["val"]))
. "' SIZE=60 >\n</TD>\n</TR>\n<TR>\n"
. "<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nCook"
. "ie: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WID"
. "TH='80%'>");
printCookie($dataRow["cookie"]);
# Okay, close up the current row (it is actually the last
# row)
print("</TD>\n</TR>\n");
} // END elseif
elseif($elementType == "F")
{
# Our item is a file input type.
print("$tblHead");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nSize: </TH>\n<TD ALIGN='left' BGCOLOR='#FFF"
. "FCC' WIDTH='80%'><INPUT TYPE='text' NAME='size' VALUE='"
. $dataRow["size"] . "' SIZE="
. mysql_field_len($columns, 4)
. ">\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nMaxlength"
. ": </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' "
. "WIDTH='80%'><INPUT TYPE='text' name='maxlength' VALUE='"
. $dataRow["maxlength"] . "' SIZE="
. mysql_field_len($columns, 7) . ">\n</TD>\n</TR>\n<TR>\n"
. "<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "Cookie: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC'"
. " WIDTH='80%'>");
printCookie($dataRow["cookie"]);
# Okay, close up the current row (it is actually the last
# row)
print("</TD>\n</TR>\n");
} // END elseif
elseif($elementType == "D")
{
# Our item is a user defined input type.
print("$tblHead");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nItem Description: </TH>\n<TD ALIGN='left' "
. "BGCOLOR='#FFFFCC' WIDTH='80%'><TEXTAREA COLS=100 ROWS=50"
. " NAME='fidesc' wrap='nowrap'>" . ereg_replace("'", "'",
htmlspecialchars($dataRow["fidesc"]))
. "</TEXTAREA>\n</TD>\n</TR>\n<TH BGCOLOR='#87CEFA' "
. "ALIGN='right' WIDTH='20%'>\nCookie: </TH>\n<TD "
. "ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'>");
printCookie($dataRow["cookie"]);
# Okay, close up the current row (it is actually the last
# row)
print("</TD>\n</TR>\n");
} // END elseif
elseif($elementType == "R")
{
# Our item is a response input type.
print("$tblHead");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nItem Description: </TH>\n<TD ALIGN='left' "
. "BGCOLOR='#FFFFCC' WIDTH='80%'><TEXTAREA COLS=100 ROWS=50"
. " NAME='fidesc' wrap='nowrap'>" . ereg_replace("'", "'",
htmlspecialchars($dataRow["fidesc"]))
. "</TEXTAREA>\n</TD>\n</TR>\n");
} // END elseif
elseif($elementType == "S")
{
# Our item is a select box input type.
print("$tblHead");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nItem Description: </TH>\n<TD ALIGN='left' "
. "BGCOLOR='#FFFFCC' WIDTH='80%'><TEXTAREA COLS=100 ROWS=50"
. " NAME='fidesc' wrap='nowrap'>" . ereg_replace("'", "'",
htmlspecialchars($dataRow["fidesc"]))
. "</TEXTAREA>\n</TD>\n</TR>\n<TH BGCOLOR='#87CEFA' "
. "ALIGN='right' WIDTH='20%'>\nCookie: </TH>\n<TD "
. "ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'>");
printCookie($dataRow["cookie"]);
# Okay, close up the current row (it is actually the last
# row)
print("</TD>\n</TR>\n");
} // END elseif
else
{
# Oh dear, this is an element type that is not recognised,
# so we don't want to show the details of it (it would be
# unsafe to do so, as we wouldn't know which fields were
# relevant for showing). We'll just display an error
# message.
} // END else
print("</TABLE>\n");
# Now that the form has been constructed, it is possible to
# produce the buttons that allow the form to either be
# submitted, reset or the user to exit this page without
# making any chages, and return to the page from which they
# came.
if($caller == "pageDetsEDS.php")
{
print("<INPUT TYPE='hidden' NAME='subname' VALUE='"
. "$subname'>\n<INPUT TYPE='hidden' NAME='doctype' VALUE="
. "'$doctype'>\n<INPUT TYPE='hidden' NAME='pageNumber' "
. "VALUE='$pageNumber'>\n\n<INPUT TYPE='hidden' NAME='"
. "nPgs' VALUE='$nPgs'>\n<P>\n");
} // END if
Jscript_submit($elementType, $dataRow);
# Now that the details of this element description have been
# displayed, display links to all of the other submission
# pages that use an instance of this element.
# Make a horizontal rule to divide the page sections...
drawSeparator();
$othersRes = mysql_query("SELECT subname, pagenb FROM "
. "sbmFIELD WHERE fidesc='$name'");
if($othersRes)
{
# The query to discover all of the other submission pages
# that use this submission has been executed successfully.
print("<P STYLE=\"color: navy; font-weight: bold\">Element"
. " Used On The Following Submissions</P>");
print("<TABLE BORDER=0 ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0>\n");
if(mysql_num_rows($othersRes) > 0)
{
while($aRow = mysql_fetch_array($othersRes))
{
$str = "SELECT * FROM sbmIMPLEMENT WHERE subname = '"
. $aRow["subname"] . "' ORDER BY subname";
$sometmpRs = mysql_query("SELECT * FROM sbmIMPLEMENT "
. "WHERE subname = '" . $aRow["subname"]
. "' ORDER BY subname");
if($sometmpRs)
{
# Then the query to get the details of the
# location of each instance of the element has
# worked
if(mysql_num_rows($sometmpRs) == 1)
{
# If there is only one row for the given
# instance of the element as it appears in a
# submission
# Read the record into an array...
$line = mysql_fetch_array($sometmpRs);
# Display a link to a page that contains the
# details of the element instance...
print("<TR>\n");
print("<TD ALIGN='center'><A HREF='pageDets"
. "EDS.php?subname=" . $line["subname"]
. "&pageNumber=" . $aRow["pagenb"] . "&nPgs="
. $line["nbpg"] . "&doctype="
. $line["docname"] . "'>[" . $line["subname"]
. " Page " . $aRow["pagenb"]
. "]</A>\n</TD>\n</TR>\n");
} // END if
} // END if
} // END while
} // END if
else
{
# In this case, there are no submission pages that use
# this element description to make element instances
print("<TR>\n");
print("<TD ALIGN='center'>\n<SPAN STYLE=\"text-align: "
. "center; font-color: red; font-size: small\">Element"
. " Not Used In EDS Submissions</SPAN>\n</TD>\n</TR>");
} // END else
# Close the table up...
print("</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Open a new table, in which to put a "finished" button
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='");
# Send the browser to the correct page...
if($caller == "pageDetsEDS.php")
{
# In this case, we need to pass back all of the extra
# info that is needed for going back to a given page of
# a given submission
print("pageDetsEDS.php' METHOD='post'>\n<INPUT "
. "TYPE='hidden' NAME='subname' VALUE='$subname"
. "'>\n<INPUT TYPE='hidden' NAME='pageNumber' VALUE='"
. "$pageNumber'>\n<INPUT TYPE='hidden' NAME='nPgs' "
. "VALUE='$nPgs'>\n<INPUT TYPE='hidden' NAME='doctype'"
. " VALUE='$doctype'>\n");
} // END if
else
{
# Came from allElementsEDS.php area, so go back!
print("allElementsEDS.php' METHOD='post'>\n");
} // END else
print("<TD ALIGN='center'>\n<INPUT TYPE='button' "
. "VALUE='FINISHED' onClick=\"submit();\">\n</TD>\n</FORM>"
. "\n</TR>\n</TABLE>\n</P>\n");
# Free the query result used to get these links...
mysql_free_result($othersRes);
} // END if
} // END if
elseif(mysql_num_rows($queryResult) > 1)
{
# In this case, there are more than 1 row for the given
# element DESCRIPTION stored in the sbmFIELDDESC table, which
# means that the sbmFIELDDESC table must have some kind of
# primary key violations..
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> More than one row of data concerning the element "
. "description <EM>$name</EM> has been returned from "
. "the <EM>sbmFIELDDESC</EM> table.<BR>This indicates primary "
. "key duplication in this table.<BR>Please inform system "
. "administrator.</P>\n");
# Send a mail to the system admin people to warn them about
# this serious error..
$msgTxt = "When the elementConfigdetsEDS.php page attempted "
. "to retrieve the details of the <EM>$name</EM> element "
. "description, several rows were returned from the sbmFIELDDESC"
. " table. The query was made using the name field as the "
. "search key. As this field should uniquely "
. "identify an element description in EDS, there "
. "must be key violations in this table.\n\nThis problem "
. "should be corrected immediately.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "sbmFIELDDESC Table Possible Key Violation!",
$msgTxt, "From: WebSubmit_Administrator");
} // END elseif
elseif(mysql_num_rows($queryResult) == 0)
{
# This means that the given element DESCRIPTION has no entry
# in the sbmFIELDDESC table. This is a problem, as a link was
# clicked to get to this element, so there are references
# (probably element instances of it) somewhere in EDS, when
# the description of it doesn't exist. In short, this is a
# data inconsistency problem.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No data concerning the <EM>$name</EM> "
. "element description was found in the <EM>sbmFIELDDESC</EM> "
. "table.<BR>This suggests a data consistency error in"
. " the " . DOCS_DATABASE . " database.<BR>Please inform the "
. "system administrator.</P>\n");
# Now send an email to the administrator(s) to inform them of
# this serious error...
$msgTxt = "When the elementConfigDetsEDS.php script attempted"
. " to retrieve the details of the $name element description,"
. " no rows were returned from the sbmFIELDDESC table.\n\n"
. "Because the user had to click a link to get to this page "
. "for the given element description, its details must be "
. "referred to in other tables of EDS. This suggests that "
. "there are either data inconsistencies or concurrency "
. "problems within EDS.\n\nThis should be investigated and "
. "corrected ASAP.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Possible Data Inconsistency Error!",
$msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# Some other sort of error has ocurred, so present the error
# message on the screen.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to correctly retrieve data from the"
. " <EM>sbmFIELDDESC</EM> table of " . DOCS_DATABASE
. ".<BR>Please inform system administrator.</P>\n");
} // END else
# Now, free the query result, as it is no longer needed...
mysql_free_result($queryResult);
} // END if
else
{
# In this case, the query failed, so we must display the relevant
# error message...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to conduct a query on the "
. "<EM>sbmFIELDDESC</EM> table of " . DOCS_DATABASE . ".<BR>Please"
. " inform system administrator.</P>\n");
} // END else
} // END function fabricateElementDetsFormEDS()
function displayPage()
{
global $doctype,$update,$changeType,$val,$rows,$cols,$cookie,$alephcode,$marccode,$type,$size,$maxlength,$fidesc,$name,$subname,$pageNumber,$nPgs,$caller,$modifytext;
# Conduct a test to see if this is the first call to this page, or a
# recursive call whereby the user is attempting to update the
# element descriptions details...
if($update)
{
# In this case, this is a call to update the Element description.
# Therefore, update it, and redirect the "pageDetsEDS.php" page.
$updtStr = "UPDATE sbmFIELDDESC SET ";
# Now, it is necessary to determine what kind of element we are
# actually updating here, as we only need to amend certain fields
# for certain elements, and not for others etc.
if($type == "T")
{
# In this case, the element is a <TEXTAREA> element.
$updtStr .="rows = '$rows', cols = '$cols', cookie = "
. "'$cookie', alephcode = '$alephcode', marccode = '$marccode', modifytext = '$modifytext'";
} // END if
elseif($type == "I")
{
# Our item is a normal html text input
$updtStr .= "size = '$size', maxlength = '$maxlength', val = "
. "'$val', cookie = '$cookie', alephcode = '$alephcode', marccode = '$marccode', modifytext = '$modifytext'";
} // END elseif
elseif($type == "H")
{
# Our item is a hidden input field.
$updtStr .= "val = '$val', cookie = '$cookie', alephcode = '$alephcode', marccode = '$marccode', modifytext = '$modifytext'";
} // END elseif
elseif($type == "F")
{
# Our item is a file input type.
$updtStr .= "size = '$size', maxlength = '$maxlength', cookie"
. " = '$cookie', alephcode = '$alephcode', marccode = '$marccode', modifytext = '$modifytext'";
} // END elseif
elseif($type == "D")
{
# Our item is a user defined input type.
$updtStr .= "fidesc = '$fidesc', cookie = '$cookie', alephcode = '$alephcode', marccode = '$marccode', modifytext = '$modifytext'";
} // END elseif
elseif($type == "R")
{
# Our item is a response input type.
$updtStr .= "fidesc = '$fidesc', alephcode = '$alephcode', marccode = '$marccode', modifytext = '$modifytext'";
} // END elseif
elseif($type == "S")
{
# Our item is a select box input type.
$updtStr .= "fidesc = '$fidesc', cookie = '$cookie', alephcode = '$alephcode', marccode = '$marccode', modifytext = '$modifytext'";
} // END elseif
else
{
# Element type is something unknown, so we will perform no
# updates upon it.
# Set an error flag...
$error = 1;
} // END else
if(isset($error))
{
# The error flag is set, so do no further processing. Simply
# display an error message, and redirect the page to
# pageDetsEDS.php.
print("<SCRIPT TYPE='text/javascript'>alert('Unknown Element "
. "Type. No Update Carried Out.');</SCRIPT>\n");
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Invalid Element Type. Cannot Update."
. "</P>\n");
print("<FORM ACTION='");
# Send the browser to the relevant page...
if($caller == "pageDetsEDS.php")
{
print("pageDetsEDS.php' METHOD='post' "
. "NAME='referForm'>\n"
. "<INPUT TYPE='hidden' NAME='subname' VALUE='$subname'>\n"
. "<INPUT TYPE='hidden' NAME='pageNumber' "
. "VALUE='$pageNumber'>\n<INPUT TYPE='hidden' NAME='nPgs'"
. "VALUE='$nPgs'>\n<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n");
} // END if
else
{
print("allElementsEDS.php' METHOD='post' NAME='referForm'"
. ">\n");
} // END else
print("<TABLE ALIGN='center' BORDER=0>\n<TR>\n<TD ALIGN='"
. "center'>\n<INPUT TYPE='button' VALUE='OK' onClick=\""
. "submit();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n<SCRIPT "
. "LANGUAGE=\"JavaScript\">\nsetTimeout(\"document.referForm"
. ".submit();\", 0);\n</SCRIPT>\n");
} // END if
else
{
# Continue making the query string...
# Get the data, so that it can be committed for the
# modification date field (md)...
$dateDets = getdate();
# Now put the date into a variable in a nice MySQL friendly
# format
$modifiedDate = $dateDets['year'] . "-" . $dateDets['mon']
. "-" . $dateDets['mday'];
$updtStr .= ", md = '$modifiedDate' WHERE name = '$name'";
# Now execute the query, and take the relevant action based
# upon its result...
$updtRes = mysql_query($updtStr);
if($updtStr)
{
# In this case, the update has been executed successfully
# If the query could actually be executed without error
if(mysql_affected_rows() == 1)
{
# In this case, only 1 row was updated, which is as
# expected
# Display a nice message informing the user that the
# update has been carried out...
print("<P STYLE=\"color: green; text-align: center; "
. "font-style: bold; font-size: large\">Element "
. "Description Modification Complete</P>\n");
# Send the administrator a message to inform them of the
# update that has taken place...
$msgTxt = "An update has been carried out on the $name"
. " element description in the " . DOCS_DATABASE
. " database.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$name Element Description Updated",
$msgTxt, "From: WebSubmit_Administrator");
# We can now redirect the browser back to the the page
# showing the details of the element as it appears
# on the given submission type, or simply redisplay the
# form with the elements details in it if this came from
# the allElementsEDS.php area...
print("<FORM ACTION='");
if($caller == "pageDetsEDS.php")
{
print("pageDetsEDS.php' METHOD='post' NAME='referFor"
. "m'>\n<INPUT TYPE='hidden' NAME='subname' VALUE='"
. "$subname'>\n<INPUT TYPE='hidden' NAME='pageNumber"
. "' VALUE='$pageNumber'>\n<INPUT TYPE='hidden' "
. "NAME='nPgs' VALUE='$nPgs'>\n<INPUT TYPE='hidden' "
. "NAME='doctype' VALUE='$doctype'>\n");
} // End if
else
{
print("elementConfigDetsEDS.php' METHOD='post' "
. "NAME='referForm'>\n<INPUT TYPE='hidden' "
. "NAME='caller' VALUE='$caller'>\n<INPUT TYPE='"
. "hidden' NAME='name' VALUE='$name'>\n");
} // END else
print("<TABLE ALIGN='center' BORDER=0>\n<TR>\n<TD "
. "ALIGN='center'>\n<INPUT TYPE='button' VALUE='OK' "
. "onClick=\"submit();\">\n</TD>\n</TR>\n</TABLE>\n"
. "</FORM>\n");
print("<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.referForm.submit();\", "
. "1000);\n</SCRIPT>\n");
} // END if
elseif(mysql_affected_rows() > 1)
{
# More than 1 row was updated -> bad news: key
# duplication
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Multiple rows have been updated in the"
. " <EM>sbmFIELDDESC</EM> table.<BR>This has resulted from"
. " an attempt to update the <EM>$name</EM> element "
. "description."
. "<BR>Please inform the system administrator.</P>\n");
# Now, email the administrator to let them know this, as
# it is a potentially dangerous error.
$msgTxt = "When a user updated the details of "
. "the $name element description using the EDS "
. "Administrator, several rows were affected in the "
. "sbmFIELDDESC table. The update was conducted using the"
. " \"name\" field as the key. As the \"name\" field "
. "is the primary key for the sbmFIELDDESC table, this "
. "means that there must be key violations in this "
. "table. There should only have been 1 row affected "
. "by this update.\n\nThis problem should be investiga"
. "ted and corrected immediately.\n\nWebSubmit Administrator"
. " (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: sbmFIELDDESC Table Multiple Row"
. " Update!", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# No rows were updated -> Something strange here!
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the "
. "<EM>sbmFIELDDESC</EM> table.<BR>This suggests that "
. "there could be data inconsistencies or concurrency "
. "problems.<BR>Please inform the system administrator"
. ".</P>\n");
# Better email the administrator & let them know...
$msgTxt = "When a user attempted to update the details"
. " of the $name element description using the EDS "
. "Administrator, no rows were affected in the sbmFIELDDE"
. "SC table by this update.\n\nBecause the user must "
. "have altered an element descriptions details to "
. "submit an update on it, it must have been present at"
. " around the time that the user submitted their "
. "update.\n\nThis suggests the possibility of "
. "concurrency or data inconsistency problems in this "
. "table.\n\nThis should be investigated and corrected "
. "ASAP.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Error: Possible Concurrency "
. "Problems", $msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# In this case, the execution of the query has not been
# successful, so we can display an error message, and
# redirect the page focus to "pageDetsEDS.php".
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>"
. "sbmFIELDDESC</EM> table.<BR>This was because it was not "
. "possible to conduct an UPDATE query.<BR>Please inform"
. " the system administrator.</P>\n");
} // END else
} // END else
} // END if
elseif(isset($changeType))
{
# In this case, we are changing the element type of the element,
# so we must update the type to the new type, then redisplay the
# form.
# Free wasted space...
unset($changeType);
# Now we must update the type of the element to be whatever was
# selected.
if($type == "UNKNOWN_TYPE")
{
# In this case, we can simply redisplay the form, as the user
# has attempted to set the element type to unknown.
if($caller == "pageDetsEDS.php")
{
# Ensure that the function is called with the info to send
# it back to pageDetsEDS.php in the end.
fabricateElementDetsFormEDS($name, $caller,
$subname, $pageNumber, $nPgs, $doctype);
} // END if
else
{
# Just send the info req'd for eventual resending to the
# allElementsEDS.php page...
fabricateElementDetsFormEDS($name, $caller);
} // END else
} // END if
else
{
# In this case, the element is ready for updating to the new
# type...
# Get the data, so that it can be committed for the
# modification date field (md)...
$dateDets = getdate();
# Now put the date into a variable in a nice MySQL friendly
# format
$modifiedDate = $dateDets['year'] . "-" . $dateDets['mon']
. "-" . $dateDets['mday'];
$chTypeQ = "UPDATE sbmFIELDDESC SET type = '$type', "
. "md = '$modifiedDate'";
# We need to check if the fields concerned with each row are
# blank, and if so, add some default values to them.
# Therefore, we must query the sbmFIELDDESC table.
$valsRes = mysql_query("SELECT * FROM sbmFIELDDESC WHERE name ="
. " '$name'");
if($valsRes)
{
# Query successful
# Read in the result!!!!!
$valsRow = mysql_fetch_array($valsRes);
if($type == "F" || $type == "I")
{
# The input type is a FILE input or a text input, both
# of whom have a size & maxlength field...
if($valsRow["size"] == "")
{
# No val for size, so give it one!
$chTypeQ .= ", size = '" . DEFAULT_SIZE . "'";
} // END if
if($valsRow["maxlength"] == "")
{
# No val for maxlength, so give it one!
$chTypeQ .= ", maxlength = '" . DEFAULT_MAXLENGTH
. "'";
} // END if
} // END if
elseif($type == "T")
{
# We are changing the element to a <textarea> field..
if($valsRow["rows"] == "")
{
# No val for rows, so give it one...
$chTypeQ .= ", rows = '" . DEFAULT_ROWS . "'";
} // END if
if($valsRow["cols"] == "")
{
# No val for cols, so give it one...
$chTypeQ .= ", cols = '" . DEFAULT_COLS . "'";
} // END if
} // END elseif
# (There is no "else", as our select list forbids illegal
# values) - (Also, the other element types can't have
# defaults)
# Free now wasted result space...
mysql_free_result($valsRes);
} // END if
# (No else, as if the query didn't work, we will simply not
# give the element any default values, hence taking chances as
# to whether or not the element can be displayed).
$chTypeQ .= " WHERE name = '$name'";
# Now execute our query.
$chTypeQres = mysql_query($chTypeQ);
if(!$chTypeQres)
{
# Query failed. We will output an error message, and
# simply refresh the screen.
print("<SCRIPT TYPE='text/javascript'>\nalert('Unable to "
. "change element type.');\n</SCRIPT>\n");
} // END if
else
{
# Good. The query worked.
if(mysql_affected_rows() < 1)
{
# Hmmmm. No update has been made. Better just tell the
# user & redisplay the form
print("<SCRIPT TYPE='text/javascript'>\nalert('Unable "
. "To Update Element Type');\n</SCRIPT>\n");
} // END if
elseif(mysql_affected_rows() > 1)
{
# Damn. More than 1 row was affected.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Multiple Element Descriptions Updated');\n"
. "</SCRIPT>\n");
$msgTxt = "When a user attempted to change the type of "
. "the $name element description in the "
. DOCS_DATABASE . " database, "
. mysql_affected_rows() . " rows were updated in "
. "the sbmFIELDDESC table.\n\nWebSubmit Administrator ("
. makeDate() . ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Error: $name Element Desc - Multiple"
. " Updates", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# Cool! 1 element - 1 row - 1 update!
$msgTxt = "The type of the $name element description in"
. " the " . DOCS_DATABASE . " database, has been "
. "changed.\n\nWebSubmit Administrator (" . makeDate() . ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$name Element Desc Type Change",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END else
# Now we can redisplay our form for the new doctype...
if($caller == "pageDetsEDS.php")
{
# Ensure that the function is called with the info to send
# it back to pageDetsEDS.php in the end.
fabricateElementDetsFormEDS($name, $caller,
$subname, $pageNumber, $nPgs, $doctype);
} // END if
else
{
# Just send the info req'd for eventual resending to the
# allElementsEDS.php page...
fabricateElementDetsFormEDS($name, $caller);
} // END else
} // END else
} // END elseif
else
{
# Display the form containing the details of the Element
# description to update...
if($caller == "pageDetsEDS.php")
{
# Ensure that the function is called with the info to send
# it back to pageDetsEDS.php in the end.
fabricateElementDetsFormEDS($name, $caller, $subname,
$pageNumber, $nPgs, $doctype);
} // END if
else
{
# Just send the info req'd for eventual resending to the
# allElementsEDS.php page...
fabricateElementDetsFormEDS($name, $caller);
} // END else
} // END else
}
/**********************Start of main script***************************/
$caller = getCallingPage($HTTP_REFERER);
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1]. "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/func.php.wml b/modules/websubmit/web/admin/func.php.wml
index d04eb1bbf..54622f8ab 100644
--- a/modules/websubmit/web/admin/func.php.wml
+++ b/modules/websubmit/web/admin/func.php.wml
@@ -1,385 +1,386 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="List of parameters of function <I><protect><?print $functionName;?></protect></i> for the <I><protect><?print $doctype;?></protect></i> document type" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*********************Function Declarations**************************/
function displayReturnButton($buttonText, $returnTo, $doctype,
$functionName, $action)
{
/****************************************************************
This function simply outputs a simple button in a table, which is
centered on the page. When the button is clicked, it calls the
script previous to func.php, which is actionFunctions.php
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 24/08/2000
Last Modified: 05/02/2001
****************************************************************/
# Display the button...
print("<BR><TABLE BORDER=0 CELLSPACING=0 ALIGN='center'><TR>");
print("<FORM ACTION='$returnTo' METHOD='post'><TD>\n");
if($returnTo == "funcUsage.php")
{
print("<INPUT TYPE='hidden' NAME='function' "
. "VALUE='$functionName'>");
} // END if
else
{
print("<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>");
print("<INPUT TYPE='hidden' NAME='action' VALUE='$action'>");
} // END else
print("<INPUT TYPE='button' VALUE='$buttonText' onClick=\"");
print("submit()\"></TD></FORM></TR></TABLE>\n");
} // END function displayReturnButton()
//*********************
function makeFuncParamsTableBody($queryResult, $columns, $functionName,
$returnTo, $doctype, $action)
{
/*****************************************************************
This function serves the purpose of creating the main body of the
table of parameters for a given function as part of a given
action performed upon a given doctype. The function does not
actually open or close the table itself, merely build the body
of the table (the data rows). Yhe function is passed the
$queryResult parameter, which is used to get the data for each
row of the table. It is also passed the $columns parameter,
which is used to determine how many columns there are in the
table. It is also passed the $functionName, $doctype and $action
parameters, which are all used in building the hyperlink that
can be clicked on for viewing the value of a given parameter.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 24/08/2000
Last Modified: 08/02/2001
*****************************************************************/
global $HTDOCSDIR,$IMAGES;
while($rowData = mysql_fetch_array($queryResult))
{ # While there are rows of the query dynaset to read...
print("<TR BGCOLOR='#FFFFCC'>\n");
for($colIndex = 0; $colIndex < mysql_num_fields($columns);
$colIndex++)
{ # For each column, display its value...
print("<TD ALIGN='center'> ");
print(htmlspecialchars($rowData[$colIndex]));
print("</TD>\n");
} // End FOR
print("<TD ALIGN='center'> ");
# Execute a select query that will select the value of the
# current rows parameter from the relevant table...
$querStr = "SELECT value FROM sbmPARAMETERS WHERE doctype = '$doctype' and name='" . $rowData['param'] . "'";
# Place a READ lock on the given table...
$lockStr = "LOCK TABLES sbmPARAMETERS READ";
$lockRes = mysql_query($lockStr);
# Execute the SELECT query...
$querRes = mysql_query($querStr);
# Remove the table lock...
if($lockRes)
{
$unlockRes = mysql_query("UNLOCK TABLES");
} # END if
unset($lockStr);
if($querRes)
{
if(mysql_num_rows($querRes) == 1)
{
# Great, we can display our parameter. We must however
# test to see if the current function is the
# "Make_Weblib_Record" function. If it is, it means that
# we must link to the file that is this functions
# parameter. We must allow it to be edited by providing a
# link to it.
# Get the parameters value...
list($value) = mysql_fetch_row($querRes);
if(($functionName == "Make_Weblib_Record") ||
($functionName == "Make_Modify_Record"))
{
# Ok, it is the "Make_Weblib_Record"
# or"Make_Modify_Record" function, so link to the text
# file editor script...
print("<A TITLE='EDIT THE FILE' HREF='editRecordFile"
. ".php?file=$HTDOCSDIR/submit/bibconvert/config/" . ltrim(ereg_replace("'", "'",
htmlspecialchars($value))) . "&doctype="
. ereg_replace("'", "'",
htmlspecialchars($doctype)) . "&function"
. "Name=" . ereg_replace("'", "'",
htmlspecialchars($functionName)) . "&"
. "action=" . ereg_replace("'", "'",
htmlspecialchars($action)) . "&returnTo="
. ereg_replace("'", "'",
htmlspecialchars($returnTo)) . "'>"
. ereg_replace("'", "'",
htmlspecialchars($value)) . "</A>\n");
} // END if
else
{
# Okay, it's not the "Make_Weblib_Record" or
# "Make_Modify_Record" function, so just display the
# value as a standard text field.
print(htmlspecialchars($value));
} // END else
} // END if
elseif(mysql_num_rows($querRes) > 1)
{
/**************
If this condition has been reached, it means that
more than 1 row has been returned by this query. This
means that there are DB consistency errors, as there
should never be more than 1 row for a parameters value
for a given doctype.
**************/
# Mail the administrator to inform them of the error that
# has ocurred...
$errMailTxt = "An error has occurred when attempting to "
. "obtain a parameter value for the " . $rowData['param']
. "parameter of the $functionName function. The data was"
. "selected from the parameters table"
. " for the $doctype document type.\n\nPlease look "
. "into this problem, as it suggests that there are "
. "multiple values for this parameter, which breaks DB"
. "consistency.\n\n"
. "This error occurred on " . $dateDets['weekday'] . " "
. $dateDets['mday'] . " " . $dateDets['month'] . " "
. $dateDets['year'] . ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . ".";
mail(ADMIN_EMAIL, "Error: Multiple Values For A Parameter",
$errMailTxt, "From: WebSubmit_Administrator");
# Inform the user of this error using a javascript alert..
print("<SCRIPT TYPE='text/javascript'>alert('Error:\\n\\n"
. "Too many rows returned when selecting "
. $rowData['param']
. " parameter\\nfrom the parameters"
. " table for $doctype document type');</SCRIPT>");
} // END elseif
else
{
# In this case, no rows have been returned (i.e. there is
# no value in the DB for the parameter on this doctype, so
# a little warning will be displayed in the value cell!
print("<IMG SRC='".$IMAGES."/noway.gif' ALT='No value"
. " stored in the " . $rowData['param'] . " column of"
. " the parameters table for the "
. "$doctype document type.' BORDER=0 WIDTH=14 "
. "HEIGHT=14>\n");
} // END else
} // END if
else
{
/**************************
If this condition has been reached, it means that the query
has failed to execute for some reason.
**************************/
print("<SCRIPT TYPE='text/javascript'>alert('Error:\\t\\t"
. "Unable to select " . $rowData['param']
. " parameter from parameters "
. " table for $doctype document type');</SCRIPT>");
} // END else
# Close the value table data cell...
print("</TD>\n");
# Now display an icon to allow the user to edit the value of the
# parameter. This will require a form with invisible inputs in
# order to pass the relevant parameters to the parameterUpdate
# script...
print("<FORM ACTION='parameterUpdate.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='param' VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($rowData['param']))
. "'>\n<INPUT TYPE='hidden' NAME='functionName' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($functionName))
. "'>\n<INPUT TYPE='hidden' NAME='doctype' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($doctype))
. "'>\n<INPUT TYPE='hidden' NAME='action' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($action))
. "'>\n"
. "<INPUT TYPE='hidden' NAME='returnTo' VALUE='$returnTo'>\n"
. "<TD><INPUT TYPE='image' SRC='".$IMAGES."/edit1.gif' "
. "WIDTH=20 HEIGHT=20 BORDER=0 ALT='Edit Parameter Value' "
. "onClick=\"submit();\"></TD>\n</FORM>\n");
# Close up the table row...
print("</TR>\n");
} // End while
} // END function makeFuncParamsTableBody()
//*******************
function processQuery($queryResult, $doctype, $action, $functionName,
$returnTo)
{
/*****************************************************************
This function is passed a queryResult from the main function of
func.php. The query was a select query to get all rows from the
sbmFUNDESC table for a given function (i.e. all of that functions
parameters). This function tests to see if rows were returned by
this query, and if there were rows returned, a table containing
the details of the parameters is created and output on the fly.
If no rows were returned by the query however, a relevant
informative message is displayed on the screen instead of the
table.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 24/08/2000
Last Modified: 06/02/2001
*****************************************************************/
$numRows = mysql_num_rows($queryResult);
if($numRows > 0)
{
# Get information about the sbmFUNDESC table. This will be used to
# display the column headers in the table of info about the
# chosen function.
$columns = mysql_list_fields(DOCS_DATABASE, "sbmFUNDESC");
# Now, we can create a table to hold the function info. First,
# we will put the column headings in it...
print("<TABLE BORDER=1 CELLSPACING=0 ALIGN='center'>\n");
print("<TR BGCOLOR='#CCDDFF'>\n");
makeTableHeaderRow($columns, 0);
# Add another column for the value of the parameter...
print("<TH> value </TH>\n");
# Add another column for the edit parameter value icon to be put
# in...
print("<TH> </TH>\n</TR>\n");
# Now that the column headers have been displayed for the
# function information table, we can create the rest of the
# table, with the actual information about the function in it.
makeFuncParamsTableBody($queryResult, $columns, $functionName,
$returnTo, $doctype, $action);
# Close the table, as it is now complete...
print("</TABLE>\n");
} // End if
else # If there are no parameters to display...
{
print("<P><H4 STYLE=\"color: red; text-align: center\">The "
. "$functionName function has no parameters to display.</H4>"
. "\n</P>\n");
} // End else
} // END function processQuery()
function displayPage()
{
global $functionName,$doctype,$action,$returnTo;
# Decode the $functionName parameter from url encoding...
$functionName = urldecode($functionName);
# Execute a query on the sbmFUNDESC table, retrieving data about the
# function whose name was passed as an argument to the script.
# The function data really just gives details of the parameters
# that the function takes, and the table that these parameters
# can be found in. The output is sorted in ascending order of
# parameters.
# Lock the sbmFUNDESC table as READ
if($lockRes = mysql_query("LOCK TABLES sbmFUNDESC READ"))
{
$queryResult = mysql_query("SELECT * FROM sbmFUNDESC WHERE
function = '$functionName' ORDER BY param");
$unlockRes = mysql_query("UNLOCK TABLES");
# Test the query result, and take the appropriate action...
processQuery($queryResult, $doctype, $action, $functionName,
$returnTo);
# Display a 'finished' button...
displayReturnButton("FINISHED", $returnTo, $doctype,
$functionName, $action);
} # END if
else
{
# Unable to lock sbmFUNDESC table. Unsafe to read from it, so
# don't.
print("<DIV STYLE='text-align: center; color: navy; font-weight:"
. " bold; font-size: large'><SPAN STYLE='color: red'>Error:"
. "</SPAN> Unable to lock sbmFUNDESC table.</DIV>\n<BR>\n");
# Display a 'OK' button...
displayReturnButton("OK", $returnTo, $doctype,
$functionName, $action);
} # END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/funcUsage.php.wml b/modules/websubmit/web/admin/funcUsage.php.wml
index a9926169c..03dd42995 100644
--- a/modules/websubmit/web/admin/funcUsage.php.wml
+++ b/modules/websubmit/web/admin/funcUsage.php.wml
@@ -1,357 +1,358 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Where the <i><protect><?print $function;?></protect></i> function is used" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listfunctions"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/******************************************************************
This script has been written so that a user can view the usage of a
particular function throughout the WebSubmit system. The script is
passed the variable $function from the calling page (which is
listFunctions.php). The script runs a series of queries,
retrieving all doctypes in the WebSubmit database, then retrieving all
actions for each of these queries, then retrieving all functions
that match with the function name stored in $function, for each of
these actions. This means that a form of hierarchical list can be
built showing on which actions on which doctypes the function being
examined is used.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 21/09/2000
Last Modified: 22/03/2001
******************************************************************/
/**********************Function Declarations***********************/
function killThisScript()
{
/***************************************************************
This is just a simple function to stop the processing of this
script. It will be called whenever a fatal query error occurs.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 21/09/2000
Last Modified: 05/02/2001
***************************************************************/
# Stop processing this script...
die("</TD></TR></TABLE><STRONG STYLE='text-align: center; color: "
. "red>Report Processing Terminated. <A HREF='index.php'>Main "
. "Page.</A></STRONG></TD>\n</TR>\n</TABLE>\n</BODY>\n"
. "</HTML>\n");
} // END function killThisPage()
//***************
function makeFuncUsageList($doctypesQuery, $function)
{
/*******************************************************************
This function takes 2 parameters. The first is a query result
set that points to all of the doctypes in the sbmDOCTYPE table, and
the second is a function name (the one whose usage is to be
examined). The function loops through every doctype in the
result set, and for each one, it executes a query finding all of
the actions on that doctype. For each of these actions, it then
executes a query to see if the function we are examining is used
by that action on that doctype. If it is, it is displayed in a
bullet pointed list. The action on the doctype that the function
is used in is the text that is actually displayed, and it is
displayed as a link to the func.php page, where the parameters
for that function can be displayed.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 25/09/2000
Last Modified: 22/03/2001
*******************************************************************/
if($doctypesQuery) # If the query to get all doctypes was successful
{
# Open an invisible table that will contain the bullet list of
# doctypes and actions in which the function is utilised.
print("<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 "
. "ALIGN='center'>\n<TR><TD>");
# A flag is needed to determine whether or not a doctype has been
# printed on screen (as all actions are indented from this. The
# flag is first set to 0, as no doctype has been displayed at
# first...
$headerDrawn = 0;
# For each document type returned by the query (each doctype in
# the WebSubmit database...
while(list($doctypeItem, $doctypeName) =
mysql_fetch_row($doctypesQuery))
{
# Execute a query to retrieve the actions belonging to this
# particular document type...
# Lock the sbmIMPLEMENT table.
$lockRes = mysql_query("LOCK TABLES sbmIMPLEMENT READ");
$actionsQuery = mysql_query("SELECT actname FROM sbmIMPLEMENT
WHERE docname = '$doctypeItem'");
if($lockRes)
{
# Unlock the table...
$unlockRes = mysql_query("UNLOCK TABLES");
} # END if
# If this actions query was executed successfully...
if($actionsQuery)
{
# For each action of the current document type...
while(list($actItem) = mysql_fetch_row($actionsQuery))
{
# Execute a query to retrieve all of the entries for the
# function being tested for, as part of the current
# action on the current document type...
$string = "SELECT function FROM sbmFUNCTIONS WHERE "
. "doctype = '$doctypeItem' AND function = '$function' and action='${actItem}'";
# Lock the current table as READ.
$lockStr = "LOCK TABLES sbmFUNCTIONS READ";
$lockRes = mysql_query($lockStr);
$functionsQuery = mysql_query($string);
if($lockRes)
{
# Release the locks...
$unlockRes = mysql_query("UNLOCK TABLES");
unset($lockStr);
} # END if
if($functionsQuery) # If the query executed successfully
{
# If rows were returned by the query (i.e. if the
# current action on the current doctype includes the
# function being tested for...
if(mysql_num_rows($functionsQuery) > 0)
{
# If the headerDrawn flag is not set (i.e. the
# doctype bullet point has not yet been displayed
# on the screen...
if(!$headerDrawn)
{
# Write the document type on the screen, and
# then open another HTML unordered list to
# contain action titles...
print("<UL TYPE='disc'>\n<LI><STRONG>"
. "<SMALL>$doctypeName</S"
. "MALL></STRONG></LI>\n"
. "\t<UL TYPE='square'>\n");
# Set the header flag to indicate that the
# doctype title has now been written on the
# screen...
$headerDrawn = 1;
} // END if
# Display the action name as part of the inner
# list...
print("<A HREF='func.php?functionName=$function"
. "&doctype=$doctypeItem&action=$actItem"
. "&returnTo=funcUsage.php'>"
. "<LI>$actItem</LI></A>\n");
} // END if
} // END if
else
{
/**************************************************
This error condition will be reached if for some
reason the query to retrieve functions for the
current action of the current doctype, from the
functions table has failed to execute. This
condition should never really be reached, but it
is my suggestion that if it has, it could be
because field names have been changed in the
functions table, or, more likely, because the
current action is an action that has been created
whereby a corresponding table in the WebSubmit database
has not been created. (All actions must have a
corresponding functions table in WebSubmit.
**************************************************/
# Make a query string to contain the error message to
# be displayed in the alert box...
$funcAlertString = "ERROR:\\n\\n"
. "Unable To Query The functions Table.\\n\\nIt"
. "is possible that field names in this table have"
. " been changed since this\\napplication was "
. "developed."
. "\\n\\nIt is also possible however, that "
. "the WebSubmit action ($actItem) being queried for "
. "functions\\ndoes not have a corresponding "
. "functions table in the WebSubmit database.\\n\\n"
. "All actions in WebSubmit must have corresponding"
. " functions tables.";
# Display the error in an alert box...
print("<SCRIPT TYPE='text/javascript'>alert('"
. "$funcAlertString');</SCRIPT>");
/*********
It would be possible to terminate this script at
this point, but given that it may only be one
functions table that is unqueryable, processing
shall not be terminated, but left to display
other potential results
*********/
} // END else
} // END while
if($headerDrawn)
{
# Reset the headerDrawn flag so that the next document
# type can be tested appropriately...
$headerDrawn = 0;
print("</UL>\n</UL>\n");
} // END if
} // END if
else
{
# This error condition will be reached if for some reason
# the query to select actions belonging to a given doctype
# from the sbmIMPLEMENT table has failed. It should not
# ever really occurr, but it is my suggestion that if it
# has occurred, it is possible that field names in the
# table have been changed, or the sbmIMPLEMENT table name
# has been changed.
# Make an error query string...
$actErrorString = "Error:\\n\\nUnable to query the "
. "sbmIMPLEMENT table.\\n\\nIt is possible that the "
. "names"
. " of the fields in the sbmIMPLEMENT table\\nhave "
. "been changed since the WebSubmit Administrator "
. "application was developed.\\n\\nContact the system"
. " administrator about this problem.";
print("<SCRIPT TYPE='text/javascript'>alert('"
. "$actErrorString');</SCRIPT>\n");
# Terminate the processing of the script...
killThisScript();
} // END else
} // END while
print("</TD>\n</TR>\n</TABLE>\n");
} // END if
else
{
# This error condition will be reached if for some reason the
# query to select doctypes from the sbmDOCTYPE table has failed. It
# should not occur, but is my suggestion that if it has, it is
# possible that field names in the sbmDOCTYPE table have changed, or
# the tablename has changed.
# Make an error query string...
$docErrorString = "ERROR\\n\\nUnable to query the sbmDOCTYPE "
. "table.\\n\\n"
. "It is possible that the names of the fields in the TEST\\n"
. "table have been changed since the WebSubmit Administrator "
. "application was developed.\\n\\nContact the system "
. "administrator about this problem.";
# Output the error in a JavaScript aler box...
print("<SCRIPT TYPE='text/javascript'>alert('$docErrorString');"
. "</SCRIPT>\n");
# Terminate the processing of this script, as nothing further can
# be done if this query has failed...
killThisScript();
} // END else
} // END function makeFuncUsageList($doctypesQuery)
function displayPage()
{
global $function;
#######LOCKS#######
# Place a READ lock on the sbmDOCTYPE table
if($lockRes = mysql_query("LOCK TABLES sbmDOCTYPE READ"))
{
# We must execute a query to return a list of all document types in
# the WebSubmit system. This can be obtained by querying the TEST
# table...
$doctypesQuery = mysql_query("SELECT sdocname, ldocname FROM sbmDOCTYPE ORDER
BY sdocname");
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
# Make the list of doctypes and their actions that the function
# being examined is used in...
makeFuncUsageList($doctypesQuery, $function);
} # END if
else
{
# Could not get a lock...
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'>\n<SPAN STYLE='color: red'>"
. "Error:</SPAN> Unable to retrieve information.</DIV>\n".mysql_error()."<BR>\n");
} # END else
# Make a button to go back to the calling page...
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 CELLPADDING=0>\n"
. "<TR><FORM ACTION='listFunctions.php' METHOD='post'>\n<TD>"
. "<INPUT TYPE='button' VALUE='FINISHED' onClick=\"submit()\">"
. "</TD>\n</TR></TABLE>");
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/index.php.wml b/modules/websubmit/web/admin/index.php.wml
index c72749796..be36af127 100644
--- a/modules/websubmit/web/admin/index.php.wml
+++ b/modules/websubmit/web/admin/index.php.wml
@@ -1,128 +1,130 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="WebSubmit Admin" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
</protect>
function displayDoctypeList()
{
$queryResult = mysql_query("SELECT sdocname, ldocname FROM sbmDOCTYPE "
. "ORDER BY ldocname");
if($queryResult)
{
# Query has executed successfully, so we can proceed to display all
# document types in the EDS system...
makeDoctypeTable($queryResult, "documentEDS.php");
} // END if
else
{
# In this case, the query failed, so we can terminate the scripts
# running, and terminate the WebSubmit Administrator session, as no
# further actions can be carried out...
print('<H3>Error: Unable to retrieve data from the sbmDOCTYPE table.'
. '</H3>');
} // END else
}
function makeDoctypeTable($queryResult, $linkTo)
{
/***************************************************************
This function produces the table of hyperlinks for all of the
doctypes in the system. The table is displayed without borders,
and is centered in the page. The function loops through each
row of the query dynaset that is passed to it ($queryResult),
outputting each record as a row in the table.
The function has been adapted to serve both WebSubmit and EDS, so that
the URL of the page to be linked to is passed as an argument to
the function, and therefore the relevant page is linked to,
depending upon whether it is in the WebSubmit Administrator, or the
WebSubmit Administrator.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: Long Ago!!
Last Modified: 06/02/2001
***************************************************************/
# Begin outputting a table to display the document types in.
# The table has no border.
print('<TABLE ALIGN="center" BORDER=0 WIDTH="100%"><TR>'
. '<TH> <SPAN STYLE="color: navy; font-size: large; '
. 'font-weight: bold; text-align: center">Document Type'
. ' </SPAN></TH></TR><TR><TD ALIGN="center">'
. '<TABLE ALIGN="center" BORDER=0>');
# While there are still records to retrieve from the query...
# ...get each row, assign the fields to $doctype and $name, then...
# ...display the document type fullname in a table as a hyperlink.
# When the hyperlink is clicked, the details of that document type
# are displayed.
while(list($doctype, $name) = mysql_fetch_row($queryResult))
{
print('<TR>');
print('<TD ALIGN="left"><A ');
print('HREF="'.$linkTo.'?doctype='.$doctype.'" onMouseOver = "window.defaultStatus = \'\'; window.status=\'View Details Of ');
print(htmlspecialchars($name));
print(' Document Type\';');
print(' return true">');
print(htmlspecialchars($name));
print(' </A></TD>');
print('</TR>');
} // END while
# Close Table
print('</TABLE></TD></TR></TABLE>');
} // END function makeDoctypeTable($queryResult)
// ***********
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
-
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin");
+
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayDoctypeList();
+
/************************End of main script***************************/
?>
diff --git a/modules/websubmit/web/admin/listFunctions.php.wml b/modules/websubmit/web/admin/listFunctions.php.wml
index a556f8289..11c667359 100644
--- a/modules/websubmit/web/admin/listFunctions.php.wml
+++ b/modules/websubmit/web/admin/listFunctions.php.wml
@@ -1,178 +1,179 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Available Functions" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listfunctions"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*************************Function Declarations********************/
function makeFunctionTable($queryResult)
{
/*****************************************************************
This function produces a table, which contains a list of all of
the functions in the WebSubmit system database. The function is
passed a query result that points to a list of all functions in
the WebSubmit database (obtained by querying the sbmALLFUNCDESCR table
for function).
The table that is produced contains the functions name, a form
with a graphical input button that when pressed, takes the user
to a page where they can view the usage of the function
throughout WebSubmit, and a form with a graphical input button, which
when pressed, takes the user to a page where they can view/edit
details of that particular function (e.g. adding parameters,
changing the function description, etc...
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 18/09/2000
Last Modified: 25/01/2001
*****************************************************************/
global $IMAGES;
# Open the table, and display the column headings...
print("<TABLE ALIGN='center' BORDER=1 CELLSPACING=0 CELLPADDING=0>"
. "\n<TR BGCOLOR='#CCDDFF'>\n<TH>Function Name</TH>\n"
. "<TH>View<BR>Function Usage</TH>\n<TH>View/Edit<BR>Function "
. "Details</TH>\n</TR>\n");
# For each function in the array, (each function in WebSubmit), display
# its name, and make the input forms...
while(list($funName) = mysql_fetch_row($queryResult))
{
print("<TR BGCOLOR='#FFFFCC'>\n<TD> $funName"
. " </TD>\n"
. "<FORM METHOD='post' ACTION='funcUsage.php'><TD "
. "ALIGN='center'><INPUT TYPE='hidden' NAME='function'"
. " VALUE='$funName'><INPUT TYPE='image' BORDER=0 "
. "SRC='".$IMAGES."/tick.gif'></TD></FORM>\n"
. "<FORM METHOD='post' ACTION='veditFunDets.php'><TD "
. "ALIGN='center'><INPUT TYPE='hidden' NAME='function' "
. "VALUE='$funName'><INPUT TYPE='image' BORDER=0"
. " SRC='".$IMAGES."/tick.gif'></TD></FORM>\n</TR>\n");
} // END for
# Close the table...
print("</TABLE>\n");
} // END function makeFunctionTable($queryResult)
/**************************Start of Main Script*********************/
/**********************************************************************
This script displays a table of all functions in the WebSubmit database
on the browser screen. Effectively, it makes a table, containing
the name of each function, and for each function, a link to a page
that shows the functions usage in WebSubmit, and a link to a page that
allows the user to view and/or edit the details of that function.
It is worth making a note at this stage about the operation of this
script. I had at first thought that the WebSubmit table sbmFUNDESC
contained the details of every function in the WebSubmit database, and
therefore it would be possible to simply query this table to get the
names of all functions in WebSubmit. Further observations however,
revealed that sbmFUNDESC only contains entries for functions that take
parameters, which meant that functions without parameters would not
be listed by querying this table. This meant that it was necessaray
to create a new table that contained the function name, and a
descrtiption of the function.
This table was added to mess, and called sbmALLFUNCDESCR. It was
decided that it would be made compulsary that all functions have an
entry in this new table, so that obtaining a list of all functions
in WebSubmit would be very easy and efficient.
**********************************************************************/
function displayPage()
{
# Place a READ lock on the sbmALLFUNCDESCR table
if($lockRes = mysql_query("LOCK TABLES sbmALLFUNCDESCR READ"))
{
# Run a query to retrieve all of the functions in the WebSubmit...
$funcQuery = mysql_query("SELECT function FROM sbmALLFUNCDESCR ORDER
BY function");
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
if($funcQuery) # If the query to get all functions was successful
{
# Display the query results on the screen...
makeFunctionTable($funcQuery);
# Now print out an action button to give the user to add a
# function...
print("<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 "
. "ALIGN='center'>\n"
. "<TR>\n<FORM METHOD='post' ACTION='newFunc.php'><TD "
. "ALIGN='center'><INPUT TYPE='button' VALUE='ADD FUNCTION'"
. " onClick=\"submit();\">\n</TD></FORM>\n</TR>\n"
. "</TABLE>\n");
} // END if
else # If the function did not execute successfully...
{
# Display an error message on the screen in the form of a
# JavaScript alert...
print("<SCRIPT TYPE='text/javascript'>alert('ERROR: Unable"
. " to execute query for all "
. "functions in WebSubmit');</SCRIPT>");
} // END else
} # END if
else
{
# Could not lock the table. No display allowed.
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'>\n<SPAN STYLE='color: red'>"
. "Error:</SPAN> Unable to retrieve information.</DIV>\n<BR>".mysql_error()."\n"
. "<A STYLE='text-align: center; font-size: medium' HREF='"
. "listFunctions.php'>Please retry</A>\n<BR>\n");
} # END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/newDoctypeEDS.php.wml b/modules/websubmit/web/admin/newDoctypeEDS.php.wml
index 0e0bf351a..4e3c86ca6 100644
--- a/modules/websubmit/web/admin/newDoctypeEDS.php.wml
+++ b/modules/websubmit/web/admin/newDoctypeEDS.php.wml
@@ -1,807 +1,807 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Create New Document Type" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_newdoctype"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT TYPE='text/javascript'>
<!-- hide
function checkRequired(ldocname, sdocname, hurl, combon, combot, description,
docfi2)
// This is a function to ensure that the user enters the required
// parameters for the doctype.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// ca8nro@yahoo.co.uk
// Created: Long ago!
// Last Modified: 19/12/2000
{
// If the field is left blank by the user...
if((sdocname == "") || (ldocname == ""))
{ // Alert them, and return false.
alert("Values must be entered into the Doctype Code and "
+ "Long Document Name fields.");
return false;
} // End if
else // If level has been filled by the user...
{
return true;
} // End else
} // End function checkRequired(param)
// -->
</SCRIPT>
<?
function displayDoctypeFormEDS()
{
/*******************************************************************
It is the task of this function to display the form that the user
sees to allow them to enter the details for a new EDS document
type. After all of the details of this document type have been
entered into this form, there is also a select list. This select
list contains the names of all of the other EDS Doctypes. If one
of these doctypes is selected, the new doctype will be cloned
from it.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 19/12/2000
Last Modified: 12/04/2001
*******************************************************************/
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">The form below is"
. "used for entering the details of a new document type.<BR><BR>It"
. " is possible to clone this document type from another EDS "
. "document type by selecting it from the list.<BR>If you do not "
. "wish to clone the document type, simply leave the list on the "
. "selected \"NO CLONE\" option.<BR><BR>When the details have been"
. " entered, click on the \"SAVE DETAILS\" button to commit it to "
. "the database.</P>\n</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now display the form...
print("<FORM ACTION='newDoctypeEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='addDoctype' VALUE='true'>\n");
# Get the columns list
$columns = mysql_list_fields(DOCS_DATABASE, "sbmDOCTYPE");
# Get the number of fields
$numTblFlds = mysql_num_fields($columns);
# Get the current date...
$modifiedDate = makeEDSmdDate();
# Display the system generated fields...
print("<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0 BORDER=0>\n<TR>\n<TH BGCOLOR='#D3DCE3' "
. "ALIGN='right' WIDTH='20%'>\nCreation Date: </TH>\n"
. "<TD WIDTH='80%' ALIGN='left' BGCOLOR='#FFFFCC'><INPUT "
. "TYPE='readonly' NAME='cd' VALUE='$modifiedDate'>\n</TD>\n"
. "</TR>\n<TR>\n<TH WIDTH='20%' BGCOLOR='#D3DCE3' ALIGN='"
. "right'>\nModification Date: </TH>\n<TD WIDTH='80%' "
. "ALIGN='left' BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' "
. "NAME='md' VALUE='$modifiedDate'>\n</TD>\n</TR>\n");
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "Document Type ID: </TH>\n<TD WIDTH='80%' ALIGN='left' "
. "BGCOLOR='#FFFFCC'>\n<INPUT TYPE='text' NAME='sdocname' SIZE="
. mysql_field_len($columns, 1) . ">\n</TD>\n</TR>\n");
# Now add the other fields...
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# Get the name of the current field...
$currentField = mysql_field_name($columns, $indx);
# Ensure that we don't once again print our non-editable
# fields out...
if(($currentField != "sdocname") && ($currentField != "cd")
&& ($currentField != "md"))
{
# First, display the field name...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\n");
if($currentField == "ldocname")
{
print("Document Type Name: ");
} // END if
elseif($currentField == "description")
{
print("Document Type Description: ");
} // END elseif
else
{
print("$currentField" . ": ");
} // END else
if ($currentField == "description")
{
print " </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<TEXTAREA NAME="
. "'$currentField' cols=60 rows=4></TEXTAREA>"
. "\n</TD>\n</TR>\n";
}
else
{
print(" </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<INPUT TYPE='text' NAME="
. "'$currentField' SIZE=");
if(mysql_field_type($columns, $indx) == "blob")
{
print("60");
} // END if
else
{
print(mysql_field_len($columns, $indx));
} // END else
print(">\n</TD>\n</TR>\n");
}
} // END if
} // END for
# Now, we want to create a select list of EDS doctypes...
$queryResult = mysql_query("SELECT sdocname, ldocname FROM sbmDOCTYPE "
. "ORDER BY sdocname");
if($queryResult)
{
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='"
. "20%'>\nDoctype To Clone: </TH>\n<TD ALIGN='left'"
. " WIDTH='80%' BGCOLOR='#FFFFCC'>\n");
print("<SELECT NAME='doc2clone'>\n<OPTION SELECTED VALUE='"
. "NO_CLONE'>None</OPTION>\n");
while($dox = mysql_fetch_array($queryResult))
{
print("<OPTION VALUE='"
. htmlspecialchars($dox["sdocname"])
. "'>" . htmlspecialchars($dox["ldocname"])
. "</OPTION>\n");
} // END while
print("\n</SELECT>\n</TD>\n</TR>\n");
} // END if
# Now close the table...
print("</TABLE>\n");
# Now create the buttons for the form...
print("<TABLE ALIGN='center' CELLSPACING=2 CELLPADDING=2 BORDER=0>"
. "<TR>\n<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='SAVE DETAIL"
. "S' onClick=\"if(checkRequired(ldocname.value, sdocname.value"
. ")) { if(confirm('Really Commit This New Doctype"
. "?')) { submit(); } else { return false; } }\">\n</TD><TD ALIGN='"
. "center'>\n<INPUT TYPE='button' VALUE='RESET' onClick=\"reset();"
. "\">\n</TD>\n</FORM>\n<FORM ACTION='index.php' METHOD='post'>\n"
. "<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='CANCEL' onClick="
. "\"submit();\">\n</TD>\n</FORM>\n</TR>\n</TABLE>\n");
} // END function displayDoctypeFormEDS()
//*************
function processCloningEDS($doc2clone, $sdocname)
{
/*******************************************************************
This function actually deals with the cloning of a document type
from another document type in EDS. This means that it is
necessary for it to search through the sbmIMPLEMENT table looking
for all submissions that belong to the given doctype that is
being cloned. It then changes the 'cd' and 'md' fields to hold
todays date (the date on which the new doctype is being created),
changes the doctype field to hold the doctype of the new doctype,
and changes the subname field to have the action code combined
with the new doctype code, as opposed to the doctype code of the
doctype being cloned along with the action code. All of this
data is then committed to the database.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 19/12/2000
Last Modified: 25/01/2001
*******************************************************************/
# Run a query to get all of the submission types for the doctype to
# be cloned...
$cloneRes1 = mysql_query("SELECT * FROM sbmIMPLEMENT WHERE docname ="
. " '$doc2clone' ORDER BY actname");
if($cloneRes1)
{
# Fine, the query has worked...
# Get the current date...
$modDate = makeEDSmdDate();
# Okay, for each submission
while($sub2Clone = mysql_fetch_array($cloneRes1))
{
# Clone functions
$res = mysql_query("select * from sbmFUNCTIONS where doctype='$doc2clone' and action='".$sub2Clone["actname"]."'");
while ($row = mysql_fetch_array($res))
{
$res2 = mysql_query("select 1 from sbmFUNCTIONS where doctype='$sdocname' and action='".$row["action"]."' and function='".$row["function"]."' and score='".$row['score']."' and step='".$row['step']."'");
if (mysql_num_rows($res2) < 1)
mysql_query("insert into sbmFUNCTIONS(action, doctype, function, score, step) values ('".$row['action']."','$sdocname','".$row['function']."','".$row['score']."','".$row['step']."')");
}
#clone parameters
$res = mysql_query("select * from sbmPARAMETERS where doctype='$doc2clone'");
while ($row = mysql_fetch_array($res))
{
$res2 = mysql_query("select 1 from sbmPARAMETERS where doctype='$sdocname' and name='".$row['name']."'");
if (mysql_num_rows($res2) < 1)
mysql_query("insert into sbmPARAMETERS(doctype, name, value) values ('$sdocname','".$row['name']."','".$row['value']."')");
}
# Make a query to insert this submission data for the new
# doctype...
$subCloneStr = "INSERT INTO sbmIMPLEMENT (docname, actname, displayed, subname, nbpg, cd, md, buttonorder, statustext, level, score, stpage, endtxt) "
. "VALUES ('"
. ereg_replace("'", "\'", $sdocname) . "', '"
. ereg_replace("'", "\'", $sub2Clone["actname"]) . "', '"
. ereg_replace("'", "\'", $sub2Clone["displayed"]) . "', '"
. ereg_replace("'", "\'", $sub2Clone["actname"])
. ereg_replace("'", "\'", $sdocname) . "', '"
. ereg_replace("'", "\'", $sub2Clone["nbpg"])
. "', '$modDate', '$modDate', '"
. ereg_replace("'", "\'", $sub2Clone["buttonorder"]) . "', '"
. ereg_replace("'", "\'", $sub2Clone["statustext"]) . "', '"
. ereg_replace("'", "\'", $sub2Clone["level"]) . "', '"
. ereg_replace("'", "\'", $sub2Clone["score"]) . "', '"
. ereg_replace("'", "\'", $sub2Clone["stpage"]) . "', '"
. ereg_replace("'", "\'", $sub2Clone["endtxt"]) . "')";
$subCloneRes = mysql_query($subCloneStr);
if($subCloneRes)
{
# Good...no query errors.
if(mysql_affected_rows() == 1)
{
# Good...the query inserted the row! Now we can get the
# elements for this submission, and insert them for the
# new doctype.
# Now conduct a select query to get all of the elements
# for this submission.
$cloneStr2 = "SELECT * FROM sbmFIELD WHERE subname = '"
. $sub2Clone["subname"] . "'";
$cloneRes2 = mysql_query($cloneStr2);
if($cloneRes2)
{
# Fine, the query worked...
# For each element of the submission
while($anElement = mysql_fetch_array($cloneRes2))
{
$eleCloneStr = "INSERT INTO sbmFIELD (subname, "
. "pagenb, fieldnb, fidesc, fitext, level, sdesc,"
. " checkn, cd, md, fiefi1, fiefi2) VALUES ('"
. ereg_replace("'", "\'",
$sub2Clone["actname"])
. ereg_replace("'", "\'",
$sdocname) . "', '"
. ereg_replace("'", "\'",
$anElement["pagenb"]) . "', '"
. ereg_replace("'", "\'",
$anElement["fieldnb"]) . "', '"
. ereg_replace("'", "\'",
$anElement["fidesc"]) . "', '"
. ereg_replace("'", "\'",
$anElement["fitext"]) . "', '"
. ereg_replace("'", "\'",
$anElement["level"]) . "', '"
. ereg_replace("'", "\'",
$anElement["sdesc"]) . "', '"
. ereg_replace("'", "\'",
$anElement["checkn"]) . "', '$modDate', '"
. "$modDate', '"
. ereg_replace("'", "\'",
$anElement["fiefi1"]) . "', '"
. ereg_replace("'", "\'",
$anElement["fiefi2"]) . "')";
# Now we can execute this query...
$eleCloneRes = mysql_query($eleCloneStr);
# Now test that all went well with the insert...
if($eleCloneRes)
{
# Good...the query was correct...
if(mysql_affected_rows() != 1)
{
# For some reason, the element was not
# inserted
# Tell the user...
print("<SCRIPT TYPE='text/javascript'>\n"
. "alert('ERROR: Unable to insert element "
. $anElement["fieldnb"] . " ("
. $anElement["fitext"] . ") of page "
. $anElement["pagenb"] . " of the "
. $sub2Clone["actname"] . "$sdocname "
. "submission.\\nThis may have caused "
. "element numberring errors and should be"
. " corrected immediately.\\n\\nPlease inf"
. "orm the system administrator.');\n"
. "</SCRIPT>\n");
# Email the administrator...
$msgTxt = "An error ocurred during the "
."creation of the new $sdocname document "
."type. It was not possible to commit the "
. "details for the " . $anElement["fidesc"]
. " element (number "
. $anElement["fieldnb"]
. ") on page " . $anElement["pagenb"]
. " of the " . $sub2Clone["actname"]
. "$sdocname submission for somereason. "
. " This means that the element will be "
. "missing, and therefore other elements "
. "could be out of sequence, which could be"
. " dangerous for the EDS system.\n\nYou "
. "should fix this problem at once.\n\nEDS "
."Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sdocname creation "
."Error - " . $anElement["fidesc"]
. " Element Missed from "
. $sub2Clone["actname"] . "$sdocname",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# Bad news! the query didn't work.
# Inform the user of the missing element
print("<SCRIPT TYPE='text/javascript'>\nalert("
. "'ERROR: It was not possible to commit the "
. "details for the " . $anElement["fidesc"]
. " element (number " . $anElement["fieldnb"]
. ") of the " . $sub2Clone["actname"]
. "$sdocname submission.');\n</SCRIPT>\n");
# Inform the administrator...
$msgTxt = "An error ocurred during the "
."creation of the new $sdocname document type."
." It was not possible to commit the "
. "details for the " . $anElement["fidesc"]
. " element (number " . $anElement["fieldnb"]
. ") on page " . $anElement["pagenb"]
. " of the " . $sub2Clone["actname"]
. "$sdocname submission, due to a query error."
. " This means that the element will be "
. "missing, and therefore other elements "
. "could be out of sequence, which could be "
. "dangerous for the EDS system.\n\nYou should"
. " fix this problem at once.\n\nEDS "
."Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sdocname Creation Error"
." - " . $anElement["fidesc"] . " Element "
. "Missed From " . $sub2Clone["actname"]
. "$sdocname", $msgTxt,
"From: WebSubmit_Administrator");
} // END else
} // END while
} // END if
else
{
# We couldn't get the details of the elements for the
# current submission. This means that we can simply
# ignore them, and let both the user & admin know.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR"
. ": It was not possible to retrieve details of the "
. "elements for the " . $sub2Clone["subname"]
. "submission.\\nThis meant that it was not possible"
. " to clone these elements\\nfor the new "
. $sub2Clone["actname"] . "$sdocname submission.\\n"
. "\\nIt will therefore be necessary to manually add"
. " any elements to this submission.');\n</SCRIPT>"
. "\n");
# Email the admin...
$msgTxt = "An error ocurred during the creation of "
. "the new $sdocname document type. This new "
. "doctype was being cloned from the $doc2clone "
. "document type. When an attempt was made to read"
. " details of the elements of the "
. $sub2Clone["subname"] . " however, it was not "
. "possible to retrieve these details due to a query"
. " error. This meant that the elements of the new "
. $sub2Clone["actname"] . "$sdocname submission "
. "could not be created, so the submission will have"
. " blank pages. It will be necessary to manually "
. "add these pages to this submission.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sdocname Creation Error - "
.$sub2Clone["actname"] . "$sdocname "
. "Elements Not Cloned", $msgTxt,
"From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# New submission was not inserted. Forget the elements
# for it then!
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "unable to commit the new " . $sub2Clone["actname"]
. "$sdocname to the sbmIMPLEMENT table. Cloned elements "
. "therefore have not been committed.');\n</SCRIPT>\n");
# Mail the administrator...
# Inform the administrator
$msgTxt = "An error ocurred during the creation of the "
. "new $sdocname document type. This new doctype was "
."being cloned from the $doc2clone document type. When"
." an attempt was made to write details for the new "
. $sub2Clone["actname"] . "$sdocname submission, which "
. "was to be cloned from the " . $sub2Clone["subname"]
. " submission, to the sbmIMPLEMENT table, no data was "
. "written. This meant that the "
. $sub2Clone["actname"] . "$sdocname submission could "
. "not be created, and therefore does not exist for the"
. "$sdocname document type.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sdocname Creation Error - "
. $sub2Clone["actname"] . " Submission Not "
. "Cloned", $msgTxt,
"From: WebSubmit_Administrator");
} // END else
} // END if
else
{
$error = mysql_error();
# query failed.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Could not conduct an insert query on the sbmIMPLEMENT "
. "table.\\n" . $sub2Clone["actname"] . "$sdocname "
. "submission and its elements therefore could not be "
."added.\\n error msg: $error');\n</SCRIPT>\n");
# Inform the administrator
$msgTxt = "An error ocurred during the creation of the new"
. " $sdocname document type. This new doctype was being "
. "cloned from the $doc2clone document type. When an "
. "attempt was made to write details for the new "
. $sub2Clone["actname"] . "$sdocname submission, which was"
. " to be cloned from the " . $sub2Clone["subname"]
. " submission, to the sbmIMPLEMENT table, this attempt "
. "failed due to a query error. This meant that the "
. $sub2Clone["actname"] . "$sdocname submission could not "
. "be created, and therefore does not exist for the "
. "$sdocname document type.";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sdocname Creation Error - "
. $sub2Clone["actname"] . "$sdocname Submission "
. "Not Cloned", $msgTxt,
"From: WebSubmit_Administrator");
} // END else
} // END while
# Now that we have cloned the submissions & their pages, we can
# clone the Categories...
$catCloneRes = mysql_query("SELECT * FROM sbmCATEGORIES WHERE "
. "doctype = '$doc2clone' ORDER BY sname");
if($catCloneRes)
{
# Cool. Query successful.
while($cat = mysql_fetch_array($catCloneRes))
{
$catInsStr = "INSERT INTO sbmCATEGORIES (doctype, sname, "
. "lname) VALUES('$sdocname', '" . $cat["sname"]
. "', '" . $cat["lname"] . "')";
$catInsRes = mysql_query($catInsStr);
if(!$catInsRes)
{
# Insert query didn't work
print("<SCRIPT TYPE='text/javascript'>\nalert('"
. "ERROR: Unable to clone " . $cat["sname"]
. " category from $doc2clone doctype.');\n"
. "</SCRIPT>\n");
} // END if
} // END while
} // END if
else
{
# D'oh! Query unsuccessful.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Couldn't retrieve details of the categories of the "
. "$doc2clone doctype.\\n\\nThis meant it was not possib"
. "le to clone them.');\n</SCRIPT>\n");
# Inform the administrator
$msgTxt = "An error ocurred during the creation of the new"
. " $sdocname document type. This new doctype was being "
. "cloned from the $doc2clone document type. When an "
. "attempt was made to retrieve details of the categories "
. "of the $doc2clone doctype, this attempt "
. "failed due to a query error. This meant that the "
. "categories could not be cloned, and therefore do not "
. "exist for the $sdocname document type.";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sdocname Creation Error - "
."Categories Not Cloned", $msgTxt,
"From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# D'OH! The query didn't work...We can't clone here, so we had
# better just let the user know, and terminate this cloning
# function.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: It was not"
. " possible to conduct a query to retrieve the submissions for "
. "the $doc2clone doctype.\\nThis meant that it was impossible "
. "to clone this doctype, and so the cloning process\\nfor the "
. "new $sdocname doctype was terminated.\\n\\nPlease inform the "
. "system administrator.');\n</SCRIPT>\n");
# Mail the administrator...
$msgTxt = "An error ocurred while attempting to create the "
. "$sdocname document type. The user had opted to clone this "
. "new document type from the $doc2clone document type. "
. "However, when this cloning was attempted, it was not possible"
. " to conduct a query on the sbmIMPLEMENT table in order to obtain"
. " details of the submissions belonging to that doctype.\n\nThi"
. "smeant that the cloning of this doctype was not possible, so "
. "infact the new $sdocname document type has not been cloned "
. "from any other doctypes.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$sdocname Creation Cloning Failure",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END function processCloningEDS()
//*************
function processDoctypeAdditionEDS($ldocname, $sdocname, $cd,
$md, $description, $docfi2, $doc2clone)
{
/*******************************************************************
This function deals with the actions to take after the form to
enter a new doctype has been submitted.
Author: Nicholas Robinson (Adapted from it's WebSubmit Manager
Counterpart (processCloning()), also
written by Nicholas Robinson).
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 19/12/2000
Last Modified: 12/04/2001
*******************************************************************/
# Ensure that the doctype code is in uppercase
$sdocname = strtoupper($sdocname);
# Make a test query to see if the current doctype code already
# exists in sbmDOCTYPE
$duplctRes = mysql_query("SELECT sdocname FROM sbmDOCTYPE WHERE "
. "sdocname = '" . ereg_replace("'", "\'", $sdocname) . "'");
if($duplctRes && mysql_num_rows($duplctRes) < 1)
{
# In this case, the doctype has not been duplicated (and the test
# query worked. We can therefore let them attemp to add the new
# doctype. We wouldn't bother if the test query didn't work, or
# there was already a doctype with this code.
# Insert the new doctype values into the
$qRes1str = "INSERT INTO sbmDOCTYPE (ldocname, sdocname, "
. "cd, md, description) VALUES "
. "('" . ereg_replace("'", "\'", $ldocname) . "', '"
. ereg_replace("'", "\'", $sdocname) . "', '$cd', '$md', '"
. ereg_replace("'", "\'", $description) . "')";
# Execute the above query string...
$qRes1 = mysql_query($qRes1str);
} // END if
# Now test to see if the query was successful...
if(!$qRes1) # If it wasn't...
{
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN>New Document Type Could Not Be Committed To "
. "Database.<BR>Ensure Doctype Code Is Not Duplicated."
. "</P>\n");
print("<TABLE ALIGN='center' CELLSPACING=0 CELLPADDING=0 BORDER"
. "=0>\n<TR>\n<FORM ACTION='index.php' METHOD='post'>\n<TD ALIGN"
. "='center'>\n<INPUT TYPE='button' VALUE='OK' onClick=\"submit"
. "();\">\n</TD>\n</FORM>\n</TR>\n</TABLE>\n");
} // END if
else # If it was successful...
{
# Mail the administrators to inform of the new doctype addition
# Get the current date and time...
$dateDets = getdate();
# make a message string for the created doctype mail message...
$msgTxt = "Please be advised that the $sdocname document"
. " type was created in EDS on "
. $dateDets['weekday'] . " " . $dateDets['mday'] . " "
. $dateDets['month'] . " " . $dateDets['year']
. ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . "."
. "\n\nThis new doctype was ";
if($doc2clone != "NO_CLONE")
{
$msgTxt .= "cloned from the $doc2clone document type.";
}// END if
else
{
$msgTxt .= "not cloned from another document type.";
} // END else
$msgTxt .= "\n\nWebSubmit Administrator.";
# Mail the administrator(s) to inform them of the deletion...
mail(ADMIN_EMAIL, "$sdocname Document Type Created", $msgTxt,
"From: WebSubmit_Administrator");
# Print a message on the screen informing the user of the
# successful addition of the doctype...
print("<P STYLE=\"color: green; text-align: center; font-size:"
. " medium\">The <EM>$sdocname</EM> document type has been add"
. "ed to EDS.<BR>If the doctype was cloned however, it is "
. "entirely possible that the cloning process may not have been"
. "100% successful.<BR>If you receive any warning messages about"
. "submissions/pages/elements not cloning properly, do not "
. "ignore them.</P>\n");
# Now, if the user opted to clone another doctype, begin the
# process...
if($doc2clone != "NO_CLONE")
{
processCloningEDS($doc2clone, $sdocname);
} // END if
# Now that the process of adding the doctype is complete, we can
# simply redirect the page to the "documentEDS.php" page, so that
# the user can further view or configure the new doctype.
# Redirect the browser...
print("<FORM ACTION='documentEDS.php' METHOD='post' "
. "NAME='referForm'>\n<INPUT TYPE='hidden' NAME='doctyp"
. "e' VALUE='$sdocname'>\n</FORM>\n");
print("<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.referForm.submit();\", "
. "1000);\n</SCRIPT>\n");
} // END else
} // END function processDoctypeAdditionEDS()
function displayNewDoctypeForm($addDoctype)
{
global $ldocname, $sdocname, $cd, $md, $description, $docfi2, $doc2clone;
# Test to see what kind of call to the page this actually is...
if($addDoctype)
{
# This is a call to actually commit the details of the new
# doctype
unset($addDoctype);
# Begin the long process!
processDoctypeAdditionEDS($ldocname, $sdocname, $cd, $md,
$description, $docfi2, $doc2clone);
} // END if
else
{
# This is the first call to the page, so just display the input
# form
displayDoctypeFormEDS();
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayNewDoctypeForm($addDoctype);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/newFunc.php.wml b/modules/websubmit/web/admin/newFunc.php.wml
index 44dbdf67f..983c97606 100644
--- a/modules/websubmit/web/admin/newFunc.php.wml
+++ b/modules/websubmit/web/admin/newFunc.php.wml
@@ -1,399 +1,400 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Add a function" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listfunctions"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*************************Function Declarations***********************/
function changePageFocusButton($action, $buttonTxt)
{
/**************************************************************
This function has the purpose of outputting a finish button to
allow the user to end the actions that they are carrying out.
The function basically outputs a form with only one input button,
which is clicked by the user to leave the current page. Clicking
the finish button sends the page focus to whatever page name is
passed as an argument to the function.
It should be noted that the function does not place any hidden
inputs into the form, so this function is unacceptable if you
wish to call a page that requires CGI variables to be passed to
it.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 01/10/2000
Last Modified: 03/10/2000
**************************************************************/
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='$action' METHOD='post'>\n"
. "<INPUT TYPE='button' VALUE='$buttonTxt' "
. "onClick=\"submit();\">\n"
. "</FORM>\n</TD>\n</TR>\n</TABLE>\n");
} // END function changePageFocusButton($action, $buttonTxt)
//****************
function displayBlankForm()
{
/***************************************************************
This function will display a blank form that will allow the user
to enter a new function into the WebSubmit system. The function will
produce a form with 2 inputs - one for the function name, and
another for the function description.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 02/10/2000
Last Modified: 03/10/2000
***************************************************************/
global $URLPATH;
# Add a description of the page...
print("<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 "
. "ALIGN='center' BGCOLOR='#E0E0E0'>\n<TR><TD "
. "ALIGN='left'>\n<SMALL><I>Using this facility, it is"
. " possible to add new functions to the WebSubmit system. "
. "The first stage, is to enter the name and the "
. "description of the function into the form below, and "
. "then submit these details...</I>\n</SMALL>\n"
. "</TD>\n</TR>\n</TABLE>\n");
# Get a list of the fields in the sbmALLFUNCDESCR table
$fields = mysql_list_fields(DOCS_DATABASE, "sbmALLFUNCDESCR");
# Get the length of the function field...
$funcLen = mysql_field_len($fields, 0);
# Now get the length of the description field...
$descLen = mysql_field_len($fields, 1);
# Open an HTML form to allow the user to enter the details of
# the function name, and description fields...
print("<FORM METHOD='post' ACTION='newFunc.php'>\n"
. "<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>\n"
. "<TR>\n<TD ALIGN='right'><STRONG><H4>"
. "function:</H4></STRONG></TD>\n"
. "<TD> </TD>\n<TD ALIGN='left'><INPUT TYPE="
. "'text' NAME='thefunction' SIZE=$funcLen>\n"
. "</TD>\n</TR>\n<TR>\n<TD ALIGN='right'><STRONG>"
. "<H4>description:</H4></STRONG></TD>\n"
. "<TD> </TD>\n<TD ALIGN='left'>"
. "<INPUT TYPE='text' NAME='description' "
. " SIZE=60></TD>\n</TR>\n</TABLE>\n");
# Now add a table to contain both a save button, and a cancel
# button...
print("<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 "
. "ALIGN='center'>\n"
. "<INPUT TYPE='hidden' NAME='commitFunction' "
. "VALUE='true'>\n"
. "<TR>\n<TD ALIGN='center'>\n<INPUT TYPE='button' "
. "VALUE='SAVE DETAILS' onClick=\"if(thefunction.value =="
. " '') { alert('A function name must be entered!'); }"
. " else if(confirm('Are you sure you wish to commit this"
. " function to WebSubmit?')) { submit(); "
. "}\">\n</TD>\n</FORM>\n"
. "<FORM ACTION='listFunctions.php' METHOD='post'>\n<TD>\n"
. "<INPUT TYPE='button' VALUE='CANCEL' "
. "onClick=\"submit();\">\n</TD>\n</FORM>\n</TR>\n"
. "</TABLE>\n");
} // END function displayBlankForm()
//***************
function displayPage ()
{
global $commitFunction,$thefunction,$description,$tableSelected,$insertParam,$function,$newParam,$theParam,$updateFunDets;
# Test to see which type of call to this page this actually is, and
# take the appropriate action based upon this...
if($commitFunction)
{
# If this clause has been reached, it means that the user has
# entered the name &/or description for the new function, and has
# chosen to commit it to the WebSubmit database.
########LOCKS########
if($lockRes = mysql_query("LOCK TABLES sbmALLFUNCDESCR WRITE"))
{
$commitResult = mysql_query("INSERT INTO sbmALLFUNCDESCR
(function, description) VALUES ('$thefunction',
'$description')");
$unlockRes = mysql_query("UNLOCK TABLES");
if($commitResult)
{
# In this case, the new function has successfully been
# added to the WebSubmit database, so therefore we can display
# the details for the function (name, description,
# parameters), and also offer the user the opportunity to
# add parameters to it...
# Send an email to the WebSubmit administrator, informing them
# that a new function has been added to the WebSubmit system..
# Get the date for the message...
$dateDets = getDate();
# Create the message text...
$messageText = "Please be advised that the $thefunction "
. "function was added to WebSubmit on " . $dateDets['weekday']
. " " . $dateDets['mday'] . " " . $dateDets['month'] . " "
. $dateDets['year'] . ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . ".\n\nWebSubmit Administrator.";
# Send the message...
mail(ADMIN_EMAIL, "Warning: $thefunction Function Created",
$messageText, "From: WebSubmit_Administrator");
# Display an alert informing the user that the new function
# has been added to the WebSubmit system
print("<SCRIPT TYPE='text/javascript'>alert('The "
. "$thefunction function has been added to the WebSubmit "
. "system');</SCRIPT>\n");
# Display a header for the page...
print("<H3 ALIGN='center'>The <EM>$thefunction</EM> "
. "Function"
. "</H3>\n<BR>\n");
# Now display all of the functions details, and offer the
# opportunity to add parameters to the function...
makePageBody($thefunction, "newFunc.php");
# Display a finished button...
changePageFocusButton("listFunctions.php", "FINISHED");
} // END if($commitResult)
else
{
# In this case, the insert query has been unable to insert
# the new function data into the table, and therefore we
# should display an error message, and redirect the browser
# to the home page.
print("<SCRIPT TYPE='text/javascript'>alert('ERROR:\\n\\n"
. "Unable to commit new function details to sbmALLFUNCDESCR"
. " table.\\n\\nInsert Cancelled.');</SCRIPT>\n");
} // END else
} # END if
else
{
# Damn, we couldn't get a write lock -> output error message.
print("<DIV STYLE='color: navy; font-weight: bold; font-size:"
. " large; text-align: center'><SPAN STYLE='color: red'>Error"
. ":</SPAN> Unable to commit details.</DIV>\n<BR>\n");
# Display a blank form into which the details of the function
# can be entered by the user
displayBlankForm();
} # END else
} // END if($commitFunction)
elseif($tableSelected || $insertParam)
{
# If this is the case, it is time to add a parameter to the
# function, whether it be a call to actually add a parameter to a
# function, or to actually just get the fields in a table (which
# is part of the add a parameter process!)...
if(isset($tableSelected))
{
# Display a title...
print("<H3 ALIGN='center'>The <EM>$function</EM>"
. " Function</H3>\n<BR>\n");
# Make the page, including the table of parameters...
makePageBody($function, "newFunc.php");
# Display a finished button
changePageFocusButton("listFunctions.php", "FINISHED");
} // END if
elseif($insertParam)
{
# here, we actually commit the new paramater, and then recall
# the whole thing...
#######LOCKS#######
if($lockRes = mysql_query("LOCK TABLES sbmFUNDESC WRITE"))
{
if ($newParam != "")
$insertParamRes = mysql_query("INSERT INTO sbmFUNDESC
VALUES('$function', '$newParam')");
else
$insertParamRes = mysql_query("INSERT INTO sbmFUNDESC
VALUES('$function', '$theParam')");
# Remove the locks...
$unlockRes = mysql_query("UNLOCK TABLES");
# Perhaps here we should email admin to let them know that
# the parameter has been added...
# Get the date for the message...
$dateDets = getDate();
# Create the message text...
$messageText = "Please be advised that a parameter was "
. "added to the new $function function on "
. $dateDets['weekday']
. " " . $dateDets['mday'] . " " . $dateDets['month'] . " "
. $dateDets['year'] . ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . ".\n\n"
. "Of course, the function should not yet be used by any"
. " doctypes or actions, but it should be noted that if it"
. " is to be utilised by these doctypes/actions, rows "
. "should be added for the relevant doctype in the "
. "relevant tables of the various parameters."
. "\n\nWebSubmit Administrator.";
# Send the message...
mail(ADMIN_EMAIL, "Parameter Added To New $function "
. "Function",
$messageText, "From: WebSubmit_Administrator");
} # END if
else
{
# Unable to lock table.
print("<DIV STYLE='color: navy; font-weight: bold; "
. "font-size: large; text-align: center'><SPAN "
. "STYLE='color: red'>Error:</SPAN> Unable to commit"
. " updates.</DIV>\n<BR>\n");
} # END else
# Display a title...
print("<H3 ALIGN='center'>The <EM>$function</EM>"
. " Function</H3>\n<BR>\n");
# Display the page again, so more parameters can be added.
makePageBody($function, "newFunc.php");
# Display a finished button
changePageFocusButton("listFunctions.php", "FINISHED");
} // END elseif($insertParam)
} // END elseif($tableSelected || $insertParam)
elseif($updateFunDets)
{
# If this variable is set, then this instance of the page is a
# call to update the value of the description field, and hence
# the update query must be carried out, and then all details of
# the function displayed once again...
# Free the $updateFunDets variable...
unset($updateFunDets);
# Place WRITE lock on the sbmALLFUNCDESCR table...
if($lockRes = mysql_query("LOCK TABLES sbmALLFUNCDESCR WRITE"))
{
$updateDescRes = mysql_query("UPDATE sbmALLFUNCDESCR SET
description = '$description' WHERE function
= '$function'");
$unlockRes = mysql_query("UNLOCK TABLES");
if(!$updateDescRes)
{
# If this clause is reached, the script has been unable to
# update the value of description for some reason, and the
# user should be informed of this...
print("<SCRIPT TYPE='text/javascript'>alert('ERROR:\\n\\n"
. "Unable to update value of description for $function\\n"
. "function in sbmALLFUNCDESCR table.\\n\\n"
. "Please inform administrator.</SCRIPT>\n");
} // END if
# Free up the space associated with the $updateDescRes query
# result...
mysql_free_result($updateDescRes);
} # END if
else
{
# Couldn't lock table. Output error message.
print("<DIV STYLE='color: navy; font-weight: bold; font-size:"
. " large; text-align: center'><SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to retrieve information.</DIV>\n"
. mysql_error()."<BR>\n");
} # END else
# Display a title...
print("<H3 ALIGN='center'>The <EM>$function</EM>"
. " Function</H3>\n<BR>\n");
# Redisplay the page...
makePageBody($function, "newFunc.php");
# Display a finished button
changePageFocusButton("listFunctions.php", "FINISHED");
}
else
{
# In this case, this is the first call to the script, and the
# default add a new function forms can be displayed for the
# user...
# Display a blank form into which the details of the function can
# be entered by the user
displayBlankForm();
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/newSubmissionEDS.php.wml b/modules/websubmit/web/admin/newSubmissionEDS.php.wml
index c733d64cb..6e69f310e 100644
--- a/modules/websubmit/web/admin/newSubmissionEDS.php.wml
+++ b/modules/websubmit/web/admin/newSubmissionEDS.php.wml
@@ -1,1018 +1,1018 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Create a new action for the <i><protect><?print $doctype;?></protect></I> document type" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/*********************Function Declarations***************************/
function sendToDocDets($doctype)
{
/*******************************************************************
For many situations in the process of creating a new submission,
it is necessary to redirect the browser focus to the page that
displays the details of a doctype and it's submissions. For this
reason, this function was created. It simply saves on the
duplication of this code.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 12/12/2000
Last Modified: 12/12/2000
*******************************************************************/
# We can now redirect the browser to the the page showing the
# details of this document type & its submissions
print("<FORM ACTION='documentEDS.php' METHOD='post' "
. "NAME='referForm'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "</FORM>\n");
print("<SCRIPT LANGUAGE=\"JavaScript\">\n"
. "setTimeout(\"document.referForm.submit();\", 1000);\n"
. "</SCRIPT>\n");
} // END function sendToDocDets($doctype)
//*************
function addAct($doctype, $formsAction,
$actSelected = 0, $subToAdd = 0)
{
/*****************************************************************
This function has the task of displaying the forms that allow the
user to add a submission to a document type. The function has
been built to know what kind of call to the page it is by means
of hidden inputs in the forms it makes. If this is the first
call to the function (i.e. a call whereby a user must select an
action to add), it only displays the actions that are available
for adding to the document. Otherwise, it also displays the
other document types that have this submission, and offers the
user the chance to clone the submission from one of these other
document types. It also displays the button that is clicked to
submit the submission addition at this point.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 07/12/2000 (ammended from it's WebSubmit Manager add
a new action to a doctype
counterpart)
Last Modified: 15/03/2001
****************************************************************/
# Make a title for the page, and indeed some sort of informative
# introduction paragraph to explain the purpose of the page to the
# user...
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD ALIGN='center'>\n"
. "<P STYLE=\"color: blue; text-align: center; font-size: small; "
. "font-weight: bold\">The form below is used to add a new "
. "submission to the <EM>$doctype</EM> document type.<BR>The "
. "addition of the new submission is only allowed if it is not "
. "already part of the <EM>$doctype</EM> document type.<BR><BR>It "
. "is also possible to clone a submission from the same submission "
. "as it appears under another doctype.<BR>To do this, the doctype "
. "whose submission is to be cloned must be chosen from the "
. "relevant list box.</P>\n</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# First, output a table to encapsulate the table that will contain
# the list-boxes that allow the user to add a new submission to a
# doctype
print("<TABLE WIDTH='90%' CELLSPACING=0 CELLPADDING=0 BORDER=1 "
. "ALIGN='center' BGCOLOR='#ADD8E6'>\n<TR>\n<TD ALIGN='left'>\n"
. "Select an action to add from the list. If you wish to clone "
. "another action, select the doctype whose action is to be "
. "cloned<BR>\n");
# Now make a unique list of all of the actions in the sbmIMPLEMENT
# table that the current document type already has...
$queryResult = mysql_query("SELECT actname FROM sbmIMPLEMENT WHERE "
. "docname = '$doctype' ORDER BY actname");
if($queryResult)
{
# If this query was successful, continue with the process
# Put the results of the above query into a 2d array...
$gotSubs = resToArray($queryResult);
# Free the resultset pointer occupied by the above query result
mysql_free_result($queryResult);
# Now, conduct another SQL query to get a distinct list of all
# actions in EDS that the current doctype does not have...
# First get the size of the array holding the actions that the
# doctype already has (i.e. the number of actions it already
# has)...
$numActions = sizeof($gotSubs);
$selectStr = "SELECT distinct(sactname), lactname FROM sbmACTION";
# If the current doctype has actions...
if($numActions > 0)
{
$selectStr .= " WHERE sactname != '" . $gotSubs[0][0] . "'";
for($i = 1; $i < $numActions; $i++)
{
$selectStr .= " AND sactname != '" . $gotSubs[$i][0] . "'";
} // END for
} // END if
$selectStr .= " ORDER BY sactname";
# Open a table, in which to place the inputs for adding a new
# submission type
print("<BR><TABLE BORDER=1 BGCOLOR='#FFFFCC' ALIGN='center' "
. "WIDTH='85%' CELLSPACING=0 CELLPADDING=0>\n<TR>\n");
# Execute our 2nd query...
$scndRes = mysql_query($selectStr);
if($scndRes)
{
# Now, we can display the controls for adding the new
# submission type to the current document type...
print("<FORM ACTION='$formsAction' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='actSelected' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<TD ALIGN='center' VALIGN='top' WIDTH='50%'>\n"
. "<H5>Select an action to add to $doctype:</H5>\n"
. "<BR>\n");
# Now make the select list to choose the action from...
print("<SELECT NAME='subToAdd'"
. " onChange=\"if(this.options[this.selectedIndex].value !="
. " 'NO_SUB') { submit(); }\">\n"
. "<OPTION VALUE='NO_SUB'>Select...</OPTION>\n");
while(list($sub, $nom) = mysql_fetch_row($scndRes))
{
print("<OPTION VALUE='" . ereg_replace("'", "'",
htmlspecialchars($sub)) . "'");
if($actSelected && $sub == $subToAdd)
{
print(" SELECTED");
} // END if
print(">" . ereg_replace("'", "'",
htmlspecialchars($sub))
. " (" . ereg_replace("'", "'",
htmlspecialchars($nom))
. ")</OPTION>\n");
} // END while
# Close up the SELECT list, and the current table cell
print("</SELECT>\n<BR>\n </TD>\n</FORM>\n");
# Make a new form...
print("<FORM ACTION='$formsAction' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE="
. "'$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='subToAdd' VALUE="
. "'$subToAdd'>\n"
. "<INPUT TYPE='hidden' NAME='reqToAdd' VALUE="
. "'true'>\n");
print("<TD ALIGN='center' WIDTH='50%' BGCOLOR='#FFFFCC'>\n");
if($actSelected) # If the call to the script is to offer
# the option to clone a submission...
{
# In this case, we can make a drop-down list of all of the
# other submissions of the same type for a different
# document type. The user will then be able to choose the
# submission to clone...
# Query EDS to obtain this list of submissions...
$docsQuery = mysql_query("SELECT docname, subname FROM "
. "sbmIMPLEMENT WHERE actname = '$subToAdd'");
if($docsQuery)
{
if(mysql_num_rows($docsQuery) < 1)
{
print("<H4 STYLE=\"text-align: center; "
. "background-color:"
. " transparent\">No doctypes use this action"
. "</H4>\n");
} // END if
else
{
# Output a description for the input...
print("<H5>"
. "Clone the submission from that of another "
. "doctype?</H5>\n");
# Open a select list...
print("<SELECT NAME='toClone' SIZE=5>\n"
. "<OPTION SELECTED VALUE='NO_CLONE'>NO CLONE"
. "</OPTION>\n");
# Fill the list with values...
while(list($doc, $subnm) =
mysql_fetch_row($docsQuery))
{
print("<OPTION VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($doc))
. "'>"
. ereg_replace("'", "'",
htmlspecialchars($doc))
. "</OPTION>\n");
} // END while
print("</SELECT>\n");
} // END else
} // END if
# Close up the cell that was used to contain the drop down
# list of doctypes to clone...
print("</TD>\n</TR>\n</TABLE>\n");
# Now, offer a submit button to allow the user to actually
# submit their update.
print("<BR>\n<TABLE ALIGN='center' WIDTH='100%' BORDER=0"
. " CELLSPACING=0 CELLPADDING=0>\n<TR><TD ALIGN='center'"
. ">\n<INPUT TYPE='button' VALUE='ADD SUBMISSION' "
. "onClick=\" if(confirm('Warning:\\n\\nYou are about to"
. " add a submission to the $doctype document type.\\n"
. "\\nAre you sure you wish to undertake this action?'))"
. " { submit(); }\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END if
else
{
# If the user has not yet selected an action to add,
# simply leave the cell for the action to clone blank in
# anticipation of the action to add being selected
print(" </TD>\n</TR>\n</TABLE>\n<BR>\n</FORM>\n");
} // END else
} // END if
} // END if
else
{
# In this case, the query to retrieve the list of actions that
# the current doctype does not have submissions for has failed.
# This means that we must terminate processing, as we cannot risk
# allowing impurities to get into the EDS database
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Unable To Retrieve Data Of <EM>$doctype</EM> Doctypes"
. " Submissions.<BR>Submission Addition Impossible</P>\n");
} // END else
# Now that we have made the main part of the interface for adding a
# new action, we can close up the table, as this part is finished...
print("</TD>\n</TR>\n</TABLE>\n");
# We can now add a "CANCEL" button for the user
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now make the button.
print("<TABLE CELLPADDING=0 CELLSPACING=0 BORDER=0 WIDTH='100%' "
. "ALIGN='center'>\n<TR>\n<FORM ACTION='documentEDS.php' METHOD="
. "'post'>\n<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>"
. "<TD ALIGN='center'>\n<INPUT TYPE='button' VALUE='CANCEL' onCli"
. "ck=\"submit();\"></TD>\n</FORM>\n</TR>\n</TABLE>\n");
} // END function addAct()
//*************
function newSubmInputForm($subToAdd, $doctype)
{
/*******************************************************************
This function is called when the user has chosen to add a new
submission type to a given document type, but has chosen not to
clone this new submission from the same submission as it appears
for another doctype. In this situation, it is necessary to
present the user with an input form that contains all of the
fields that are required for inputting the details of the new
submission for the given doctype. The user can then fill in this
form, and submit it to continue with the process.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 08/12/2000 (Modified from actInputForm, a
function in the WebSubmit Manager that
is used for adding a new action
to a doctype without cloning
another).
Last Modified: 08/12/2000
*******************************************************************/
# Get a list of columns in the sbmIMPLEMENT table...
$columns = mysql_list_fields(DOCS_DATABASE, "sbmIMPLEMENT");
print("<FORM ACTION='newSubmissionEDS.php' METHOD='post'>\n"
. "<TABLE ALIGN='center' CELLPADDING=0 BORDER=0 CELLSPACING=0 "
. "WIDTH='100%'>\n");
# Now we can begin to make the input form in which the details of
# the new submission can be entered...
print("<P STYLE=\"font-size: large; color: navy; text-align: "
. "center\">Enter Details For The <EM>$subToAdd"
. "$doctype</EM> Submission</P>\n");
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">You have "
. "chosen to create the <EM>${subToAdd}$doctype</EM> "
. "submission without cloning another submission.<BR>Please "
. "enter the description details for this new submission type"
. " in the form below and click <EM>SAVE</EM>.<BR><BR>If you "
. "have chosen this option erroneously, click cancel and no "
. "new submission will be created.</P>\n</TD>\n</TR>\n"
. "</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Get the date, so that it can be committed for the modification
# date field (md) and the creation date field (cd)...
$theDate = makeEDSmdDate();
# Now make a table in which to enter the submission type dets
# Make some readonly fields in which the details of fields that
# should not be set by the user can be displayed...
print("<FORM ACTION='newSubmissionEDS.php' METHOD='post'>"
. "<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 ALIGN='center"
. "' WIDTH='100%'>\n<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN='right'"
. " WIDTH='20%'>\nDoctype Code: </TH>\n<TD ALIGN='left' "
. "BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT TYPE='readonly' NAME='"
. "docname' VALUE='$doctype'>\n</TD>\n</TR>\n<TR>\n<TH BGCOLOR='"
. "#D3DCE3' ALIGN='right' WIDTH='20%'>\nAction Code: </TH>"
. "\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT "
. "TYPE='readonly' NAME='actname' VALUE='$subToAdd'>\n</TD>\n</TR>"
. "\n<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>\n"
. "Submission Name: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC'"
. " WIDTH='80%'><INPUT TYPE='readonly' NAME='subname' VALUE='"
. "${subToAdd}$doctype'>\n</TD>\n</TR>\n<TR>\n<TH BGCOLOR='#D3DCE3'"
. " ALIGN='right' WIDTH='20%'>\nNumber of Pages: </TH>\n<TD "
. "ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT TYPE='"
. "readonly' NAME='nbpg' VALUE='0'>\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>\nCreation Date:"
. " </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><"
. "INPUT TYPE='readonly' NAME='cd' VALUE='$theDate'>\n</TD>\n</TR>"
. "\n<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>\nModifi"
. "cation Date: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFCC' WIDT"
. "H='80%'><INPUT TYPE='readonly' NAME='md' VALUE='$theDate'>\n"
. "</TD>\n</TR>\n");
# Now that we have displayed the non-user-editable fields, we can
# display a set of free input text fields in which the user can
# enter their data.
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\n"
. "On Submission Page: </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<SELECT NAME='displayed'>"
. "<OPTION value='Y'>YES<OPTION value='N'>NO</SELECT>\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nButton Order:"
. " </TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>\n"
. "<INPUT TYPE='text' NAME='buttonorder' SIZE=40>\n"
. "</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nStatus Text: "
. "</TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>\n<INPUT "
. "TYPE='text' NAME='statustext' SIZE=40 "
. ">\n</TD>\n</TR><TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nGroup Number: "
. "</TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>\n<INPUT "
. "TYPE='text' NAME='level' SIZE=40 "
. " value='0'>\n</TD>\n</TR><TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nScore: "
. "</TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>\n<INPUT "
. "TYPE='text' NAME='score' SIZE=40 "
. " value='0'>\n</TD>\n</TR><TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nStarting Page Number: "
. "</TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>\n<INPUT "
. "TYPE='text' NAME='stpage' SIZE=40 "
. " value='1'>\n</TD>\n</TR><TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>\nEnd Text: "
. "</TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFCC'>\n<INPUT "
. "TYPE='text' NAME='endtxt' SIZE=40 "
. " value=''>\n</TD>\n</TR>\n</TABLE>\n");
# We have now created the visible inputs of the form, so we must add
# any hidden inputs that are required, and display the set of
# buttons that are required to submit, reset, cancel the submission
# addition action.
print("<INPUT TYPE='hidden' NAME='addSansClone' VALUE='true'>\n"
. "<TABLE ALIGN='center' BORDER=0 CELLSPACING=1 CELLPADDING=1"
. ">\n<TR>\n<TD ALIGN='right'>\n<INPUT TYPE='button' "
. "VALUE='SAVE' onClick=\""
. "if(confirm('Really Add This Submission?')) { submit() }\">"
. "</TD>\n<TD ALIGN='center'>\n<INPUT TYPE='button' VALUE='RESET' "
. "onClick=\"reset();\"></TD>\n</FORM><FORM ACTION='documentEDS."
. "php' METHOD='post'>\n<INPUT TYPE='hidden' NAME='doctype' VALUE='"
. "$doctype'><TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='CANCEL'"
. "onClick=\"submit();\"></TD>\n</TR>\n</FORM>\n</TABLE>\n");
} // END function newSubmInputForm($subToAdd, $doctype)
//***************
function processAdditionSansClone($docname, $actname, $subname,
$nbpg, $cd, $md, $displayed, $buttonorder, $statustext, $level, $score, $stpage, $endtxt)
{
/*******************************************************************
This function has the task of adding a new submission to a given
EDS document type, without cloning the submission from another
doctype. The function is passed several arguments by the calling
function. The first of these arguments is the $link variable.
The second is the $docname variable. The third is the $actname
value. The fourth is the $subname value. The fifth is the $nbpg
value. The sixth is the $cd value. The seventh is the $md
value. The eighth is the $level value. The nineth is the
$buttonorder value. The tenth is the $statustext value. Most of
these values can be commited to the sbmIMPLEMENT table to become
part of the new submission types details.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 08/12/2000 (Adapted from it's
counterpart for adding a
new action to the WebSubmit
database)
Last Modified: 25/01/2001
*******************************************************************/
# Ensure that the value of level is in upper case...
$displayed = strtoupper($displayed);
# Make a query string...
$newSubQStr = "INSERT INTO sbmIMPLEMENT (docname, actname,"
. " displayed, subname, nbpg, cd, md, buttonorder, statustext, level, score, stpage, endtxt) "
. "VALUES('$docname', '$actname', '$displayed', '$subname', '$nbpg', "
. "'$cd', '$md', '$buttonorder', '$statustext', '$level', '$score', '$stpage', '$endtxt')";
# Now, we can actually execute the new query, hence adding the new
# submission to the current doctype...
$addSubRes = mysql_query($newSubQStr);
# Take the relevant action depending upon whether or not the query
# was executed successfully
if($addSubRes)
{
# In this case, the query was executed successfully
# Update the doctype modification date in the sbmDOCTYPE table
updateEDSDOCTYPEmd($docname, $md);
# Now output an alert to state that the new submission has been
# entered, and that the user must add their own actions, pages,
# etc to it.
print("<SCRIPT TYPE='text/javascript'>alert('The $subname "
. "submission has been added to the $docname doctype.\\n"
. "It was not cloned from any other submission, so it will"
. " be necessary\\nto manually add pages and elements to it."
. "');</SCRIPT>\n");
# Now, we can email the administrator to let them know of this
# new submission addition for the current doctype.
$msgTxt = "The $subname submission has been added to the "
. "$docname document type. It was not cloned from another "
. "submission.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "EDS: $subname Submission Added", $msgTxt,
"From: WebSubmit_Administrator");
} // END if
else
{
# In this case, the query failed, and therefore no new submission
# has been created for the current doctype. In this case, we can
# simply display the error, and redirect the browser to
# "documentEDS.php", where the details of the current doctype
# will be displayed.
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Unable to commit the details of the new submission "
. "to the sbmIMPLEMENT table.<BR>Please Inform System Administrator"
. ".</P>\n");
} // END else
# redirect the browser to documentEDS.php...
sendToDocDets($docname);
} // END function processAdditionSansClone()
//****************
function processSubmissionCloning($doctype, $toClone, $subToAdd)
{
/*******************************************************************
This function has the 'broad task' of processing the cloning of a
given submission for a given doctype, from another doctype.
Effectively, the function is passed 4 variables. The first
variable is $link. This contains a link to the MySQL database
server. The second variable is $doctype. This variable contains
the unique code of the document that is to have the cloned
submission added to it. The third variable is $toClone. This
variable contains the unique code of the doctype that is to have
one of its actions cloned. The fourth variable is the $subToAdd
variable. This variable contains the unique code of the
submission that is to be added (and hence cloned) to the doctype
referenced by the contents of $doctype.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 11/12/2000 (This functions has
been adapted from
its WebSubmit counterpart
for cloning actions)
Last Modified: 25/01/2001
*******************************************************************/
# The first step is to get the details of the submission to be
# cloned from the doctype to which it belongs, out of the
# sbmIMPLEMENT table.
$subQStrng = "SELECT * FROM sbmIMPLEMENT WHERE actname = '$subToAdd'"
. " AND docname = '$toClone'";
# Now that we have made the query string, we can execute the query
# to get the details of this given submission for the given doctype.
$subQRes = mysql_query($subQStrng);
# Ensure that the query executed properly, as if it was not
# executed, we don't want to begin committing values to the DB and
# corrupting it.
if($subQRes)
{
# In this case, the query has executed fine
if(mysql_num_rows($subQRes) > 0)
{
# In this case, there are rows for the given submission type
# for the given doctype, and we can proceed with the cloning.
# Read the information from the query into an array...
$cloneSubDets = mysql_fetch_array($subQRes);
# Now that we have this information from the sbmIMPLEMENT table,
# we can commit the same information, but for the doctype that
# the submission is to be added to, into the sbmIMPLEMENT table.
# It is worth noting here that if a submission that is to be
# added appears twice for a doctype from whom it is to be
# cloned, (this should not happen if DB consistency is good),
# this script will clone the first ocurrence of this
# submission. This should not matter for the rest of the
# action cloning, such as the functions etc).
# Get the date, so that it can be committed for the
# modification date field (md) and the creation date field
# (cd)
$theDate = makeEDSmdDate();
# Now make the insert query string.
$submInsStr = "INSERT INTO sbmIMPLEMENT (docname, actname,"
. " displayed, subname, nbpg, cd, md, buttonorder, statustext, level, score, stpage, endtxt) "
. "VALUES('$doctype', '$subToAdd', '" . $cloneSubDets["displayed"]
. "', '${subToAdd}$doctype', '" . $cloneSubDets["nbpg"]
. "', '$theDate', '" . "$theDate', '"
. $cloneSubDets["buttonorder"] . "', '"
. $cloneSubDets["statustext"] . "', '"
. $cloneSubDets["level"] . "', '"
. $cloneSubDets["score"] . "', '"
. $cloneSubDets["stpage"] . "', '"
. $cloneSubDets["endtxt"] . "')";
# Now execute the query to insert this data into the database
$submInsRes = mysql_query($submInsStr);
# Test it worked...
if($submInsRes)
{
# Cool...the query worked, and we can proceed to clone all
# of the submissions details.
# Free the result set of the $submInsRes query, as it is no
# longer needed. We can also now begin to clone all of the
# details for all of the pages and elements of this new
# submission...
mysql_free_result($submInsRes);
# Now, we need to query the field table, and obtain the
# details of all elements that belong to the given
# submission (that to be added) of the doctype from which
# it is to be cloned...
$elmntsQStr = "SELECT * FROM sbmFIELD WHERE subname = '"
. "${subToAdd}$toClone' ORDER BY pagenb, fieldnb";
$elmntsQRes = mysql_query($elmntsQStr);
# Ensure this query worked...
if($elmntsQRes)
{
# The query to retrieve all elements executed fine
# Now, for each of the elements, change the subname to
# reflect that of the new submission, the creation date
# and modification date to the current date (that when
# the new submission was created - today!!). Then
# commit the new details (of the new element for the new
# submission to the EDS database into the sbmFIELD table.
while($element = mysql_fetch_array($elmntsQRes))
{
$eleInsStr = "INSERT INTO sbmFIELD (subname, pagenb, "
. "fieldnb, fidesc, fitext, level, sdesc, checkn, "
. "cd, md, fiefi1, fiefi2) VALUES('"
. "${subToAdd}$doctype', '" . $element["pagenb"]
. "', '" . $element["fieldnb"] . "', '"
. $element["fidesc"] . "', '" . $element["fitext"]
. "', '" . $element["level"] . "', '"
. $element["sdesc"] . "', '" . $element["checkn"]
. "', '$theDate', '$theDate', '" . $element["fiefi1"]
. "', '" . $element["fiefi2"] . "')";
# Now execute the above query string...
$eleInsRes = mysql_query($eleInsStr);
# Test that the query worked...
if($eleInsRes && mysql_affected_rows($eleInsRes) < 1)
{
# In this case, the query was successful, and we
# can delete the query result pointer to stop
# memory wastage...
mysql_free_result($eleInsRes);
} // END if
else
{
# In this case our query to add the element has
# failed. We must therefore output an alert for
# our users benefit, and then inform the
# administrator that an element could not be
# commited. We can however carry on cloning the
# other elements.
print("<SCRIPT TYPE=\"text/javascript\">alert('"
. "ERROR: Unable to commit a value for the "
. $element["fidesc"] . " element\\nwhich should"
. " appear in position " . $element["fieldnb"]
. " of page " . $element["pagenb"] . "\\nfor "
. "the new ${subToAdd}$doctype submission.\\n\\n"
. "Please inform the system administrator.');"
. "</SCRIPT>\n");
# Now make a message to send to the administrator
$msgTxt = "An error ocurred when a new submission"
. " was added to the $doctype document type. Thi"
. "s new submission is the ${subToAdd}$doctype "
. "submission and was cloned from the $toClone "
. "document type.\n\nIt was not possible to add "
. "the " . $element["fidesc"] . " element which "
. "should appear in position "
. $element["fieldnb"] . " on page "
. $element["pagenb"] . " of this new submission."
. "\n\nThe cloning of the rest of this submission"
. " was however continued, which means that there"
. " may be problems with elements being out of or"
. "der on this page of the submission.\n\nYou sho"
. "uld examine this and correct any problems imme"
. "diately.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: Unable to Add "
. $element["fidesc"] . " Element "
. "to ${subToAdd}$doctype", $msgTxt,
"From: WebSubmit_Administrator");
} // END else
} // END while
# Now we also clone the functions used in this submission
$res = mysql_query("SELECT action,function,score,step FROM sbmFUNCTIONS WHERE action='$subToAdd' and doctype='$toClone'");
while ($row = mysql_fetch_array($res))
{
$res2 = mysql_query("SELECT 1 from sbmFUNCTIONS where action='".$row['action']."' and doctype='$doctype' and function='".$row['function']."' and score='".$row['score']."' and step='".$row['step']."'");
if (mysql_num_rows($res2) < 1)
mysql_query("INSERT INTO sbmFUNCTIONS (action,doctype,function,score,step) VALUES ('".$row['action']."','$doctype','".$row['function']."','".$row['score']."','".$row['step']."')");
}
#clone parameters
$res = mysql_query("select * from sbmPARAMETERS where doctype='$toClone'");
while ($row = mysql_fetch_array($res))
{
$res2 = mysql_query("select * from sbmPARAMETERS where doctype='$doctype' and name='".$row['name']."'");
if (mysql_num_rows($res2) < 1)
mysql_query("insert into sbmPARAMETERS(doctype, name, value) values ('$doctype','".$row['name']."','".$row['value']."')");
}
# Now that the submission has been cloned, it is
# possible to present the user with a message saying
# this, and redirect their browser to the
# "documentEDS.php" page so that they can look into the
# details of this new submission, and change anything
# that they might feel appropriate. A javascript alert
# should also be displayed however, advising them to
# check all of the values for their new submission and
# ensure that they are correct. We can then mail the
# administrator to let them know that a new submission
# has been created, and that it was cloned from another
# doctype.
print("<SCRIPT TYPE=\"text/javascript\">alert('The "
. "${subToAdd}$doctype has been created. However, "
. "it should be noted that\\nit may not have been poss"
. "ible to clone all elements for this submission,\\n"
. "and you should check that the new submission contai"
. "ns all of the desired elements.\\nYour browser has "
. "been directed to the page where you can do this.');"
. "</SCRIPT>\n");
# Now mail the administrator...
$msgTxt = "The ${subToAdd}$doctype submission type has"
. " been created for the $doctype document type. This"
. " new submission was cloned from the $toClone docume"
. "nt type.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
mail(ADMIN_EMAIL, "${subToAdd}$doctype Submission Added"
. " to $doctype", $msgTxt, "From: WebSubmit_Administrator");
# Now redirect the browser to documentEDS.php
sendToDocDets($doctype);
} // END if
else
{
# Oh dear! We were unable to retrieve the details of
# any elements belonging to the given submission to be
# cloned. We had better terminate the new submission
# addition process here, warn the user that the details
# of the new submission have been added to sbmIMPLEMENT but
# we couldn't get the element details from sbmFIELD, and
# then we should also mail the administrator to inform
# them of this problem.
print("<SCRIPT TYPE=\"text/javascript\">alert('"
. "ERROR: It was not possible to retrieve details for "
. "any of the elements of the ${subToAdd}$toClone "
. "submission from the sbmFIELD table.\\nThis means "
. "that none of the pages or elements for this "
. "submission could be cloned.\\nThere was however a "
. "row commited to the sbmIMPLEMENT table for the new "
. "${subToAdd}$doctype submission.\\nThis means that "
. "the submission will now exist for the new doctype, "
. "but\\nit will be necessary to manually add elements "
. "to the pages.');</SCRIPT>\n");
# Now make a message to send to the administrator
$msgTxt = "An error ocurred when a new submission"
. " was being added to the $doctype document type. Thi"
. "s new submission is the ${subToAdd}$doctype "
. "submission and was to be cloned from the $toClone "
. "document type.\n\nHowever, it was not possible to "
. "retrieve the details of the submission pages and "
. "elements of the $toClone document type from the "
. "sbmFIELD table. This means that it has not been "
. "possible to clone these details. An entry was "
. "however made for the new doctype in the new "
. "submission (${subToAdd}$doctype) in the sbmIMPLEMENT "
. "table, so this new submission will exist, but it "
. "will have empty pages.\n\nThis problem should be "
. "examined, and any inconsistencies in the data for "
. "this new submission should be corrected.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: ${subToAdd}${doctype}: Unable"
. "$toClone Details For Cloning", $msgTxt, "From: "
. "WebSubmit_Administrator");
# Now redirect the browser to documentEDS.php
sendToDocDets($doctype);
} // END else
# Update the doctype modification date in the sbmDOCTYPE table
# so that the actual doctype reflects having been modified
updateEDSDOCTYPEmd($doctype, $theDate);
} // END if
else
{
# In this case, our query to add the details of this newly
# cloned submission failed, so we must output an alert to
# signify this to the user, email the administrators to let
# them know, and terminate the addition of the new
# submission.
print("<SCRIPT TYPE=\"text/javascript\">alert('"
. "ERROR: It was not possible to commit details for "
. "the new ${subToAdd}$doctype submission to the "
. "sbmIMPLEMENT table.\\nThis means that the new "
. "submission could not be created.\\n\\nPlease inform"
. " the system administrator of this problem.');</SCRI"
. "PT>\n");
# Now make a message to send to the administrator
$msgTxt = "An error ocurred when a new submission"
. " was being added to the $doctype document type. Thi"
. "s new submission is the ${subToAdd}$doctype "
. "submission and was to be cloned from the $toClone "
. "document type.\n\nHowever, it was not possible to "
. "commit the details of this new submission to the "
. "sbmIMPLEMENT table. This means that it was not possibl"
. "e to create this new submission.\n\nThis problem "
. "should be examined and corrected ASAP.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: Unable to Commit "
. "${subToAdd}$doctype Submission Details", $msgTxt,
"From: WebSubmit_Administrator");
# Now redirect the browser focus to documentEDS.php
sendToDocDets($doctype);
} // END else
} // END if
} // END if
else
{
# In this case the query to retrieve details of the submission to
# be cloned has failed. We must therefore alert the user and
# redirect the browser.
print("<SCRIPT TYPE=\"text/javascript\">alert('ERROR: It was not"
. " possible to retrieve the details of ${subToAdd}$toClone "
. "submission from the sbmIMPLEMENT table.\\nThis meant that it "
. "could not be cloned, and hence no new submission addition for"
. "\\nthe $doctype document type has been created.');"
. "</SCRIPT>\n");
# Now redirect the browser to the documentEDS.php page
sendToDocDets($doctype);
} // END else
} // END function processSubmissionCloning()
function displayNewSubmissionForm($doctype,$actSelected,$addSansClone,$reqToAdd)
{
global $toClone,$subToAdd,$actSelected,$docname, $actname, $subname,$nbpg, $cd, $md, $displayed, $buttonorder, $statustext, $level, $score, $stpage, $endtxt;
if($actSelected)
{
# In this case, the submission to be added to the current doctype
# has been selected. This means that the offer to clone the same
# submission as it appears for another doctype can now be
# presented to the user...
addAct($doctype, "newSubmissionEDS.php", $actSelected,
$subToAdd);
# We can now also display a cancel button.
} // END if
elseif($addSansClone)
{
# In this case, the user has chosen the submission that they wish
# to add to the current document type, but they have also opted
# not to clone the submission from the same submission as it
# appears for another doctype. This means that we can now build
# a query string, and commit the details of the new submission
# for the current doctype to the database.
processAdditionSansClone($docname, $actname, $subname,
$nbpg, $cd, $md, $displayed, $buttonorder, $statustext, $level, $score, $stpage, $endtxt);
} // END elseif
elseif($reqToAdd)
{
# In this case, the user has chosen to add the new submission,
# with or without cloning it from another doctype. If the choice
# is to clone the submission from another doctype, then we can
# now process the cloning, and commit the relevant values to the
# database.
# Otherwise, if the user has opted to create the new submission
# without cloning it from another doctype, we can display a form
# in which the user will need to enter the relevant details of
# the new submission.
if($toClone == "NO_CLONE")
{
# In this case, the user does not wish to clone the new
# submission type from another doctype. This means that we
# must present them with a form in which to enter the details
# of the submission type.
newSubmInputForm($subToAdd, $doctype);
} // END if
elseif($toClone)
{
# In this case, the user has opted to clone the new submission
# from the same submission under another doctype. This means
# that it is possible to process the cloning of this new
# submission, and then redirect the browser to the
# "documentEDS.php" page so that the user can see the details
# of the new submission and explore them.
processSubmissionCloning($doctype, $toClone,
$subToAdd);
} // END elseif
else
{
# In this case, the user has erroneously failed to select the
# option of either cloning or not, and we must therefore just
# assume that they do not wish to clone anything, and treat
# the addition as a none clone submission addition...
newSubmInputForm($subToAdd, $doctype);
} // END else
} // END elseif
else
{
# This is the default call to the page. It is the first call to
# the page, whereby we simply need to display the first part of
# the forms (that which lists all of the actions that it is legal
# to add as submission types for the current doctype).
addAct($doctype, "newSubmissionEDS.php");
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1]. "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayNewSubmissionForm($doctype,$actSelected,$addSansClone,$reqToAdd);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/pageDetsEDS.php.wml b/modules/websubmit/web/admin/pageDetsEDS.php.wml
index f39ee1346..4e6b94fab 100644
--- a/modules/websubmit/web/admin/pageDetsEDS.php.wml
+++ b/modules/websubmit/web/admin/pageDetsEDS.php.wml
@@ -1,1247 +1,1247 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Details of Submission Page <protect><?print "$pageNumber of $subname"?></protect>" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function makeSubmPgePrev($res, $pageNumber)
{
/******************************************************************
This function has the task of creating and displaying the table
that contains a preview of the elements that make up a submission
page. The function is passed a result pointer that points to a
given submission pages contents. For each row of this pointer
(which indicates a given element that appears on the relevant
page), this function retrieves the configuration information for
this element from the sbmFIELDDESC table, and uses this information
to display the element.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 24/11/2000
Last Modified: 24/11/2000
******************************************************************/
# Open an outer table, in which another table will be placed. The
# inner table will contain the preview of the appearance of the page
# with its current elements can be shown...
print("<P STYLE=\"color: navy; font-size: large; text-align: "
. "left\">Page Preview\n<br> ");
print("<TABLE WIDTH='100%' ALIGN='center' BORDER=1 CELLSPACING=0 "
. "CELLPADDING=0 BGCOLOR='papayawhip'>\n<TR><TD ALIGN='center'>\n");
# Open the inner table, and a dummy form so that the input elements
# can be shown
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<FORM NAME='Dummy'>\n");
if(mysql_num_rows($res) < 1)
{
# This submission page is empty. Just place a nice RED text
# message in the table to let the user know this.
print("<TR>\n<TD ALIGN='center'>\n<P STYLE=\"font-size: large;"
. " color: red; text-align: center\">[Page Has No Elements]"
. "</P>\n</TD>\n</TR>\n");
} // END if
else
{
# In this case, the page has elements to display...
# Open the current row and cell of the table
print("<TR>\n<TD ALIGN='left'>\n");
while($anItem = mysql_fetch_array($res))
{
# For each row (which is an item), determine the properties
# that should be used to display the item by querying the
# sbmFIELDDESC table for data regarding it...
$configRes = mysql_query("SELECT * FROM sbmFIELDDESC WHERE name"
. " = '" . $anItem["fidesc"] . "'");
if($configRes)
{
# Hey hey, everything was fine with query execution. We
# can now proceed to get the properties for the current
# item.
# Get the number of rows returned by this query
$numItemConfigs = mysql_num_rows($configRes);
$anItemsProperties = mysql_fetch_array($configRes);
# Display the text that will accompany the image...
print($anItem["fitext"] . " ");
if($anItemsProperties["type"] == "T")
{
# Our item is an HTML textarea input type.
# Display it...
print("<TEXTAREA NAME=\"" . $anItem["fidesc"] . "\""
. "ROWS=" . $anItemsProperties["rows"] . " COLS="
. $anItemsProperties["cols"] . ">"
. $anItemsProperties["val"] . "</TEXTAREA>");
} // END if
elseif($anItemsProperties["type"] == "I")
{
# Our item is a text input type.
# Display it...
print("<INPUT TYPE=\"text\" NAME=\"" . $anItem["fidesc"]
. "\" SIZE=" . $anItemsProperties["size"] . " VALUE=\""
. $anItemsProperties["val"] . "\">");
} // END elseif
elseif($anItemsProperties["type"] == "H")
{
# Our item is a hidden input field.
# Display it (or not!!)...
print("<INPUT TYPE=\"hidden\" NAME=\""
. $anItem["fidesc"] . "\" VALUE=\""
. $anItemsProperties["val"] . "\">");
} // END elseif
elseif($anItemsProperties["type"] == "F")
{
# Our item is a file input type.
# Display it...
print("<INPUT TYPE=\"file\" NAME=\"" . $anItem["fidesc"]
. "\" SIZE=" . $anItemsProperties["size"]
. ">");
} // END elseif
elseif($anItemsProperties["type"] == "D")
{
# Our item is some other form of input (e.g. a select
# list, or a radio button, etc). Basically, it has a
# description in the database, which is to be used.
print($anItemsProperties["fidesc"]);
} // END elseif
elseif($anItemsProperties["type"] == "S")
{
# Our item is some other form of input (e.g. a select
# list, or a radio button, etc). Basically, it has a
# description in the database, which is to be used.
print($anItemsProperties["fidesc"]);
} // END elseif
elseif($anItemsProperties["type"] == "R")
{
# Our item is some other form of input (e.g. a select
# list, or a radio button, etc). Basically, it has a
# description in the database, which is to be used.
print("<SPAN STYLE=\"color: red; font-size: medium; "
. "text-align: left\">[Response Input Type: evaluate only at runtime]"
. "</SPAN>\n");
} // END elseif
else
{
# Oh dear! This is a field type that we don't recognise
print("<SPAN STYLE=\"color: red; font-size: medium; "
. "text-align: left\">[Unrecognised Input Type]"
. "</SPAN>\n");
} // END else
# If the number of rows returned by the query of the
# sbmFIELDDESC table was greater than 1, we can display a
# small GREEN message so that the user to be aware of this
# error...
if($numItemConfigs > 1)
{
print(" More than one row of "
. "configuration information retrieved. Using first.");
} // END if
} // END if
else
{
# Oh dear! We couldn't query the sbmFIELDDESC table. Better
# give the user an error message, which will sit in the
# place of the expected element...
print("<SPAN STYLE=\"color: red; text-align: left; "
. "font-size: medium\">ERROR: Unable to Execute A Query on"
. " the sbmFIELDDESC Table for this Element.</SPAN>\n");
} // END else
} // END while
# We can now close the current row, as we are finished with it
print("</TD>\n</TR>\n");
} // END else
# Close the form and the inner table...
print("</FORM></TABLE>\n");
# Now close the page preview table...
print("</TD>\n</TR>\n</TABLE>\n");
} // END function makeSubmPgePrev($res)
//*****************
function buildPgeElemntTbl($res, $subname, $pageNumber, $nPgs,
$doctype)
{
/******************************************************************
This function has the task of making the second section of the
page to display the details of a given submission page. The
section created by this function, displays a table of elements
that make up the submission page. Using the tables created by
this function, the user can move individual elements to different
positions on the page, delete elements from the submission page,
click buttons to add new elements to the page, click buttons to
edit the details of individual elements, etc.
The function is passed several parameters, many of which are used
for making the various forms located within the table that the
function creates. The first parameter is the "$res" parameter.
This is a result pointer that contains a reference to several
rows relating to the current page of the current submission.
Each row effectively references an element of the page. The
function is also passed the $link variable, the $subname value
(which is the unique identifier for a submission), the
$pageNumber value (which is the number of the page of the
submission that the given element appears on), the $nPgs value
(which is the number of pages that make up the given submission),
and the $doctype variable (which is the document type that the
submission belongs to).
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 24/11/2000
Last Modified: 14/01/2001
******************************************************************/
global $IMAGES;
print("<P STYLE=\"color: navy; font-size: large; text-align: "
. "left\">Elements on this Page\n");
# Now that we have displayed the "preview page", we need to reset
# the query result set that held the details of each page element
# on the given page back to the first row, so that we can loop
# throught it again in order to display the configuration of the
# elements on the page.
mysql_data_seek($res, 0);
# Okay, $res is now pointing at the first result, so we can begin
# making a table of details for each of the elements...
# Get a list of all fields in the sbmFIELD table...
$fieldCols = mysql_list_fields(DOCS_DATABASE, "sbmFIELD");
# Get the number of fields in the sbmFIELD table...
$noFields = mysql_num_rows($fieldCols);
# Get the number of elements on the page...
$noElements = mysql_num_rows($res);
# Ok, we want to output the fields of the result set in a certain
# order. To do this, we don't want to have to write the code many
# times. This means that we can simply make an array, whereby each
# cell has an index number (corresponding to a certain field of the
# result set), and loop through the cells of this array (0 to
# whatever). Using the integer value contained within each cell of
# the array, we can display that row in the order we want to.
$colOrder = array(2, 3, 1, 4, 5, 6, 7, 8, 9);
# Make another array, that contains the names to be given to each
# column in the table. This array corresponds with the above
# indexes one.
$colNames = array("Item No", "Name", "Page No", "Element Label",
"Level", "Short Desc", "Check", "Creation Date",
"Modification Date");
# get the size of the array, to determine where to end our loop
$noCols2show = count($colOrder);
print("<TABLE WIDTH='100%' ALIGN='center' BORDER=1 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR BGCOLOR='#CCDDFF'>\n");
# Now, display the titles for the table...
for($count = 0; $count < $noCols2show; $count++)
{
if($count == 1)
{
# If we have displayed the first field, we must now include
# another field for some arrow buttons to be placed in...
print("<TH> </TH>\n");
} // END if
print("<TH>" . $colNames[$count] . "</TH>\n");
} // END for
# Now make two more cells (the last 2 columns), for the edit button
# an the delete button (1 column for edit, 1 for delete)
print("<TH> </TH>\n<TH> </TH>\n</TR>\n");
# Set a row counter....
$aCounter = 0;
# Now, put all of the query dynaset rows into an array...
while($element = mysql_fetch_array($res))
{
$allElements[$aCounter] = $element;
$aCounter++;
} // END while
# Now fill in the table with the details of each element...
for($i = 0; $i < $noElements; $i++)
{
print("<TR BGCOLOR='#FFFFCC'>\n");
for($count = 0; $count < $noCols2show; $count++)
{
if($count == 0)
{
# In this place, we want to put a select list containing
# the numbers of each page element. These numbers
# determine the order on the page in which the elements
# appear. The number that the element is currently
# desegnated will be "checked", but the numbers of the
# other elements are also available for selection. If the
# user selects another number, the element is moved into
# that position, and the element that was in this position
# is moved down a place, as are the others below it.
print("<FORM ACTION='pageDetsEDS.php' METHOD='post'>\n"
. "<TD ALIGN='center'><INPUT TYPE='hidden' NAME='"
. "moveDigital' VALUE='true'><INPUT TYPE='hidden' NAME='"
. "subname' VALUE='$subname'><INPUT TYPE='hidden' NAME='"
. "pageNumber' VALUE='$pageNumber'><INPUT TYPE='hidden' "
. "NAME='currFieldnb' VALUE='"
. ($i+1) . "'><INPUT TYPE='hidden'"
. " NAME='fidesc' VALUE='" . $allElements[$i][$colOrder[1]]
. "'><INPUT TYPE='hidden' NAME='maxRowNo' VALUE='"
. "$noElements'><INPUT TYPE='hidden' NAME='nPgs' VALUE='"
. "$nPgs'><INPUT TYPE='hidden' NAME='doctype' VALUE='"
. "$doctype'><SELECT NAME='elementPos' onChange=\""
. "if(this.options[this.selectedIndex].value != "
. ($i+1) . ") { submit(); }\">");
for($index = 1; $index <= $noElements; $index++)
{
print("<OPTION VALUE='$index'");
if($i+1 == $index)
{
print(" SELECTED");
} // END if
print(">$index</OPTION>\n");
} // END for
print("</SELECT>\n</TD>\n</FORM>");
} // END if
elseif($count == 1)
{
# Add the "up" arrow element...
print("<TD ALIGN='center'><TABLE WIDTH='100%' BORDER=0 "
. "CELLPADDING=0 CELLSPACING=0><TR>"
. "<FORM ACTION='pageDetsEDS.php' METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='moveUp' VALUE='true'>"
. "<INPUT TYPE='hidden' NAME='subname' VALUE='$subname'>"
. "<INPUT TYPE='hidden' NAME='pageNumber' VALUE="
. "'$pageNumber'><INPUT TYPE='hidden' NAME='currFieldnb' "
. "VALUE='" . $allElements[$i][$colOrder[0]] . "'><INPUT"
. " TYPE='hidden' NAME='fidesc' VALUE='"
. $allElements[$i][$colOrder[1]] . "'>"
. "<INPUT TYPE='hidden' NAME='nPgs' VALUE='$nPgs'>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>");
if($i == 0)
{
# In this case, this is the first element on the page
print("<TD ALIGN='center'><IMG SRC='".$IMAGES."/up.gif' "
. "BORDER=0 WIDTH=11 HEIGHT=15 ALT='Element Already "
. "First On Page!'>");
} // END if
else
{
print("<INPUT TYPE='hidden' NAME='previousfiDesc' VALUE"
. "='" . $allElements[$i - 1][$colOrder[1]] . "'>"
. "<INPUT TYPE='hidden' NAME='previousFieldnb' VALUE='"
. $allElements[$i - 1][$colOrder[0]] . "'><TD ALIGN='"
. "center'><INPUT TYPE='image' SRC='".$IMAGES
. "/up.gif' BORDER=0 WIDTH=11 HEIGHT=15>");
} // END else
# Now, we can add the "down" arrow element...
print("</TD></FORM></TR>"
. "<FORM ACTION='pageDetsEDS.php' METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='moveDown' VALUE='true'>"
. "<INPUT TYPE='hidden' NAME='subname' VALUE='$subname'>"
. "<INPUT TYPE='hidden' NAME='pageNumber' VALUE="
. "'$pageNumber'><INPUT TYPE='hidden' NAME='currFieldnb' "
. "VALUE='" . $allElements[$i][$colOrder[0]] . "'><INPUT"
. " TYPE='hidden' NAME='fidesc' VALUE='"
. $allElements[$i][$colOrder[1]] . "'>"
. "<INPUT TYPE='hidden' NAME='nPgs' VALUE='$nPgs'>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>");
if($i == ($noElements - 1))
{
# In this case, this is the last element on the page
print("<TD ALIGN='center'><IMG SRC='".$IMAGES."/down.gif'"
. "BORDER=0 WIDTH=11 HEIGHT=15 ALT='Element Is Already "
. "Last On Page!'>");
} // END if
else
{
print("<INPUT TYPE='hidden' NAME='nextfiDesc' VALUE"
. "='" . $allElements[$i + 1][$colOrder[1]] . "'>"
. "<INPUT TYPE='hidden' NAME='nextFieldnb' VALUE='"
. $allElements[$i + 1][$colOrder[0]] . "'><TD ALIGN='"
. "center'><INPUT TYPE='image' SRC='".$IMAGES
. "/down.gif' BORDER=0 WIDTH=11 HEIGHT=15>");
} // END else
print("</TD></FORM></TR></TABLE></TD>");
# Now, we want to make this field a link to the page
# allowing the editing of these dets...
print("<TD ALIGN='center'>\n<A HREF='"
. "elementConfigDetsEDS.php?"
. "name=" . ereg_replace("'", "'",
htmlspecialchars($allElements[$i][$colOrder[$count]]))
. "&subname=$subname&pageNumber=$pageNumber&nPgs=$nPgs&"
. "doctype=$doctype&caller=pageDetsEDS.php'>"
. ereg_replace("'", "'",
htmlspecialchars($allElements[$i][$colOrder[$count]]))
. "</A> </TD>");
} // END elseif
else
{
# Print the relevant element of the result set...
print("<TD ALIGN='center'>\n"
. ereg_replace("'", "'",
htmlspecialchars($allElements[$i][$colOrder[$count]]))
. " </TD>\n");
} // END else
} // END for
# Now that we have output all of our actual data, we can output
# a form, and an image button in the 2nd last column, which will
# allow the user to edit the given page elements details...
print("<FORM ACTION='editPageElementEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='fidesc' VALUE='"
. $allElements[$i][$colOrder[1]] . "'><INPUT TYPE='hidden' "
. "NAME='fieldnb' VALUE='" . $allElements[$i][$colOrder[0]]
. "'><INPUT TYPE='hidden' NAME='pageNumber' VALUE='$pageNumber'>"
. "<INPUT TYPE='hidden' NAME='subname' VALUE='$subname'>"
. "<INPUT TYPE='hidden' NAME='nPgs' VALUE='$nPgs'>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>"
. "<TD ALIGN='center' VALIGN='middle'>\n<INPUT TYPE='image' "
. "SRC='".$IMAGES."/edit1.gif' BORDER=0 onClick=\"submit();\""
. " ALIGN='center'></TD>\n</FORM>\n");
# Now that we have output the "edit details" button, we can make
# one last column that, when clicked, allows us to delete an
# element from the current page.
print("<FORM ACTION='pageDetsEDS.php' METHOD='post' onSubmit=\""
. "if(confirm('The " . $allElements[$i][$colOrder[1]]
. " Element Will Be Permenantly Deleted From This Page.\\n"
. "Are You Sure You Wish To Continue?')) { return true; } else {"
. " return false; }\">\n<INPUT "
. "TYPE='hidden' NAME='deleteElement' VALUE='true'><INPUT TYPE"
. "='hidden' NAME='subname' VALUE='$subname'><INPUT TYPE='hidden"
. "' NAME='pageNumber' VALUE='$pageNumber'><INPUT TYPE='hidden' "
. "NAME='currFieldnb' VALUE='" . $allElements[$i][$colOrder[0]]
. "'><INPUT TYPE='hidden' NAME='fidesc' VALUE='"
. $allElements[$i][$colOrder[1]] . "'><INPUT TYPE='hidden' "
. "NAME='maxRowNo' VALUE='$noElements'><INPUT TYPE='hidden' "
. "NAME='nPgs' VALUE='$nPgs'><INPUT TYPE='hidden' NAME='doctype'"
. " VALUE='$doctype'><TD ALIGN='center' VALIGN='middle'>\n<INPUT"
. " TYPE='image' SRC='".$IMAGES."/answer_bad.gif' BORDER=0 ALIGN='"
. "center' WIDTH=14 HEIGHT=14></TD>"
. "\n</FORM>\n");
# Now we can close the current row of the table
print("</TR>\n");
} // END for
# Now, close up the table...
print("</TABLE>\n");
# Now that the table of elements has been displayed, provide a
# button, which when clicked, will allow the user to add an element
# to the current page of the submission.
print("<FORM ACTION='addElement2PageEDS.php' METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='subname' VALUE='$subname'>\n"
. "<INPUT TYPE='hidden' NAME='nPgs' VALUE='$nPgs'>\n"
. "<INPUT TYPE='hidden' NAME='pageNumber' VALUE='$pageNumber'>\n"
. "<INPUT TYPE='hidden' NAME='noElements' VALUE='$noElements'>\n"
. "<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 CELLPADDING=0 "
. "BORDER=0>\n<TR>\n<TD ALIGN='center'>\n<INPUT TYPE='button' "
. "VALUE='ADD ELEMENT TO PAGE' onClick=\"submit();\">\n</TD>\n</TR>"
. "\n</TABLE>\n</FORM>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now that we have displayed all of the details of the elements, it
# is possible to display a series of links to the other pages of the
# given submission...
print("<TABLE BORDER=0 ALIGN='center' WIDTH='100%' CELLSPACING=0"
. " CELLPADDING=0>\n<TR>\n<TD ALIGN='center'>\n");
# Now, display links to all of the other pages...
for($c = 1; $c <= $nPgs; $c++)
{
if($c == $pageNumber)
{
# Just display the name of the current page...
print("<SMALL>[$subname Page $c] </SMALL>");
} // END if
else
{
# Display an actual link to the page details...
print("[<A HREF='pageDetsEDS.php?subname=$subname"
. "&pageNumber=$c&nPgs=$nPgs&doctype=$doctype'>$subname Page"
. " $c</A>] \n");
} // END else
} // END for
# Now close the table and be done with it...
print("\n</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now simply display a finish button, which when clicked, will
# return the user to the "viewEditSubmissionEDS.php" page.
print("<FORM ACTION='viewEditSubmissionEDS.php' METHOD='post'>"
. "\n<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='subname' VALUE='$subname'>\n"
. "<TABLE ALIGN='center' CELLSPACING=0 CELLPADDING=0 BORDER=0 "
. "WIDTH='100%'>\n<TR><TD ALIGN='center'>\n<INPUT TYPE='button' "
. "VALUE='FINISHED' onClick=\"submit();\">\n</TD>\n</TR>\n</TABLE>"
. "\n</FORM>\n");
} // END function buildPgeElemntTbl()
//**************
function constructSubmPge($subname, $pageNumber, $nPgs,
$doctype)
{
/*******************************************************************
This function has the task of producing the interface for the
"pageDetsEDS.php" page. The function conducts a query to get a
list of all of the elements that appear on the given page of the
given submission type (whose details we are to display). If the
query to retrieve a list of elements was executed without error,
it calls the relevant functions to display the different sections
of the page. Otherwise, it displays a relevant error message on
the screen.
The function is passsed several arguments. It is passed the
$link variable, the $subname value (which is the unique
identifier for a submission), the $pageNumber value (which is the
number of the page of the submission that the given element
appears on), the $nPgs value (which is the number of pages that
make up the given submission), and the $doctype variable (which
is the document type that the submission belongs to).
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 24/11/2000
Last Modified: 24/11/2000
*******************************************************************/
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD ALIGN='center'>\n"
. "<P STYLE=\"color: blue; text-align: center; font-size: small; "
. "font-weight: bold\">This page allows you to view and modify page"
. " $pageNumber of the <EM>$subname</EM> submission.<BR><BR>The "
. "page is composed of 2 main sections:<BR><OL STYLE=\"text-align: "
. "left\"><LI>The preview section. This allows you to obtain a "
. "preview of the shape and form that the page will take with the "
. "current elements and configuration.</LI>\n<LI>\nThe elements "
. "section. This section allows you to view, modify or add "
. "elements to the page. You can also alter the order of "
. "appearance that elements take on the submission page.</LI>\n"
. "</OL>\n</P>\n</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Okay, run a select query to get all elements that appear on the
# current page of the submission type...
$res = mysql_query("SELECT * FROM sbmFIELD WHERE subname = '$subname'"
. " AND pagenb = $pageNumber ORDER BY fieldnb");
if(res)
{
# Hey hey. Everything was good with the query...
makeSubmPgePrev($res, $pageNumber);
# Now that we have produced a nice preview of the current page of
# the submission, it is possible to actually give the details of
# each element.
# Make a horizontal rule to divide the page sections...
drawSeparator();
buildPgeElemntTbl($res, $subname, $pageNumber, $nPgs,
$doctype);
} // END if
else
{
# Oh dear, our query failed for one reason or another. We must
# now display an error message...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Unable to retrieve details of the elements for "
. "<EM>page $pageNumber</EM> of the <EM>$subname</EM> submission"
. " type.<BR>Please inform the system administrator.</P>\n");
} // END else
} // END function constructSubmPge()
//***********
function moveElementUp($previousFieldnb, $subname, $pageNumber,
$fidesc, $currFieldnb, $previousfiDesc, $doctype)
{
/******************************************************************
The task of this function is to process the situation whereby a
user has opted to move an element of a given submission page up
the page by using the "up" arrow button. This function basically
swaps the positions of the element to move, and the element above
it.
The function is passed several parameters. These are the
$previousFieldnb value, the $subname value, the $pageNumber
value, the $fidesc value, the $currFieldnb value, the $link
pointer, the $nPgs value, the $doctype value, and the
$previousfiDesc value.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 24/11/2000
Last Modified: 14/12/2000
******************************************************************/
# Get the current date so that an elements modification date can be
# updated when we move it around the page in its order
# Get the data, so that it can be committed for the modification
# date field (md)...
$modifiedDate = makeEDSmdDate();
# make a query string to alter the elements position.
$queryStringA = "UPDATE sbmFIELD SET fieldnb = '$previousFieldnb', "
. "md = '$modifiedDate' WHERE subname = '$subname' AND pagenb = "
. "'$pageNumber' AND fidesc = '$fidesc' AND fieldnb = "
. "'$currFieldnb'";
# Now make a query string to alter the position of the element above
# the element that we are moving, to that of the element that we are
# moving...
$queryStringB = "UPDATE sbmFIELD SET fieldnb = '$currFieldnb', "
. "md = '$modifiedDate' WHERE subname = '$subname' AND pagenb = "
. "'$pageNumber' AND fidesc = '$previousfiDesc' AND fieldnb = "
. "'$previousFieldnb'";
# Execute the query A
$queryResultA = mysql_query($queryStringA);
if($queryResultA)
{
# If the first query has been successful, execute the 2nd
$queryResultB = mysql_query($queryStringB);
if($queryResultB)
{
# In this case, both queries have executed successfully.
# Free the 2 update query results..
mysql_free_result($queryResultA);
mysql_free_result($queryResultB);
# we must update the "modified date" field in the sbmIMPLEMENT
# table, to reflect the fact that certain changes have been
# made to the given submission, even if they are just moving
# elements around the page.
$mdResult = mysql_query("UPDATE sbmIMPLEMENT SET md = "
. "'$modifiedDate' WHERE subname = '$subname'");
if($mdResult)
{
# Free the result left by this update
mysql_free_result($mdResult);
} // END if
else
{
# The update the date query has failed for some reason
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't update the md in sbmIMPLEMENT!');</SCRIPT>\n");
} // END else
# We must also modify the md field of the doctype record to
# which this submission belongs
updateEDSDOCTYPEmd($doctype, $modifiedDate);
# Now, we can send a quick email to the administrator, saying
# that the given submission has been modified.
$msgTxt = "An update has been carried out on the $subname "
. "submission type in the " . DOCS_DATABASE
. " database. An element was moved to another position "
. "on page $pageNumber.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Type Updated", $msgTxt,
"From: WebSubmit_Administrator");
} // END if
else
{
# In this case, the 2nd query has failed for some reason
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't move an element! (qstringb)');</SCRIPT>\n");
} // END else ($queryStringB)
} // END if
else
{
# The query string A has failed for some reason!
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't move an element (qstringA)');</SCRIPT>\n");
} // END else ($queryResA)
} // END function moveElementUp()
//************
function moveElementDown($nextFieldnb, $subname, $pageNumber, $fidesc,
$currFieldnb, $nextfiDesc, $doctype)
{
/******************************************************************
This function has the task of handling the moving of an element
of a submission page down by one place on the page. This
basically means that it swaps the places of a given element with
the element below it. It then sends the relevant mails to let
the administrators know that this has been done.
The function is passed several paramaters. These are the
$nextFieldnb value, the $subname value, the $pageNumber value,
the $fidesc value, the $currFieldnb value and the $nextfiDesc
value. These are all needed for the execution of the queries to
move the elements.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 24/11/2000
Last Modified: 14/12/2000
******************************************************************/
# Get the current date so that an elements modification date can be
# updated when we move it around the page in its order
# Get the data, so that it can be committed for the modification
# date field (md)...
$modifiedDate = makeEDSmdDate();
# make a query string to alter the elements position.
$queryStringA = "UPDATE sbmFIELD SET fieldnb = '$nextFieldnb', "
. "md = '$modifiedDate' WHERE subname = '$subname' AND pagenb = "
. "'$pageNumber' AND fidesc = '$fidesc' AND fieldnb = "
. "'$currFieldnb'";
# Now make a query string to alter the position of the element above
# the element that we are moving, to that of the element that we are
# moving...
$queryStringB = "UPDATE sbmFIELD SET fieldnb = '$currFieldnb', "
. "md = '$modifiedDate' WHERE subname = '$subname' AND pagenb = "
. "'$pageNumber' AND fidesc = '$nextfiDesc' AND fieldnb = "
. "'$nextFieldnb'";
# Execute the query A
$queryResultA = mysql_query($queryStringA);
if($queryResultA)
{
# If the first query has been successful, execute the 2nd
$queryResultB = mysql_query($queryStringB);
if($queryResultB)
{
# In this case, both queries have executed successfully.
# Free the 2 update query results..
mysql_free_result($queryResultA);
mysql_free_result($queryResultB);
# we must update the "modified date" field in the sbmIMPLEMENT
# table, to reflect the fact that certain changes have been
# made to the given submission, even if they are just moving
# elements around the page.
$mdResult = mysql_query("UPDATE sbmIMPLEMENT SET md = "
. "'$modifiedDate' WHERE subname = '$subname'");
if($mdResult)
{
# Free the result left by this update
mysql_free_result($mdResult);
} // END if
else
{
# The update the date query has failed for some reason
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't update the md in sbmIMPLEMENT!');</SCRIPT>\n");
} // END else
# Now update the modified date field for the actual doctype
# record that this submission belongs to
updateEDSDOCTYPEmd($doctype, $modifiedDate);
# Now, we can send a quick email to the administrator, saying
# that the given submission has been modified.
$msgTxt = "An update has been carried out on the $subname "
. "submission type in the " . DOCS_DATABASE
. " database. An element was moved to another position "
. "on page $pageNumber.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Type Updated", $msgTxt,
"From: WebSubmit_Administrator");
} // END if
else
{
# In this case, the 2nd query has failed for some reason
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't move an element! (qstringb)');</SCRIPT>\n");
} // END else ($queryStringB)
} // END if
else
{
# The query string A has failed for some reason!
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't move an element (qstringA)');</SCRIPT>\n");
} // END else ($queryResA)
} // END function moveElementDown()
//************
function moveElementDigital($subname, $pageNumber, $currFieldnb,
$fidesc, $elementPos, $doctype)
{
/******************************************************************
This function has the task of moving an element of the current
submission page to another position on the page. The movement is
done digitally (i.e. the user selects the position to move the
element to from a select list, and the element appears to slot
right into the position). This function has the job of
re-numbering all of the elements that are affected by this move
(as some other elements may need to be moved up or down to fit
into the place of the moved function. It then moves the element
that is to be moved into the target position.
The function also updates the relevant modified dates for the
moved elements, and the submission type itsself. It also emails
the administrators to let them know of the elements movement.
The function is passed several parameters. These are the
$subname value, the $pageNumber value, the $currFieldnb value,
the $fidesc value, the $maxRowNo value, the $nPgs value, the
$doctype value and the $elementPos value.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 24/11/2000
Last Modified: 14/12/2000
******************************************************************/
# Get the date for modification date details
$modifiedDate = makeEDSmdDate();
# Now get a list of all of the elements on the page
$qResult = mysql_query("SELECT * FROM sbmFIELD WHERE subname = "
. "'$subname' AND pagenb = $pageNumber ORDER BY fieldnb");
# Now, put all of the query dynaset rows into an array...
$idx = 1;
$currentPos = 1;
while($anElement = mysql_fetch_row($qResult))
{
if ($idx == $elementPos && $currFieldnb > $elementPos)
$currentPos++;
if ($idx == $currFieldnb)
$currentPos--;
if ($idx != $currFieldnb)
mysql_query("
UPDATE sbmFIELD
SET fieldnb='$currentPos',
md='$modifiedDate'
WHERE subname='$subname' and
pagenb='$pageNumber' and
fieldnb='".$anElement[2]."' and
fidesc='".$anElement[3]."'");
else
mysql_query("
UPDATE sbmFIELD
SET fieldnb='$elementPos',
md='$modifiedDate'
WHERE subname='$subname' and
pagenb='$pageNumber' and
fieldnb='".$anElement[2]."' and
fidesc='".$anElement[3]."'");
if ($idx == $elementPos && $currFieldnb < $elementPos)
$currentPos++;
$idx++;
$currentPos++;
} // END while
} // END function moveElementDigital()
//*************
function deletePageElement($subname, $pageNumber, $currFieldnb,
$fidesc, $doctype)
{
/******************************************************************
This function has the task of deleting a given element from a
given submission page. When this element is deleted, it is often
necessary to renumber certain other elements on the same page
(those that appeared below the deleted element), as there will be
a gap where the element was removed from. This function deals
with this task when it is necessary. The function also emails
the administrators to let them know that the element has been
deleted from the given page.
The function is passed several parameters. These are the
$subname value, the $pageNumber value, the $currFieldnb value and
the $fidesc value.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 24/11/2000
Last Modified: 14/12/2000
******************************************************************/
# Get the date for modification date details
$dateDets = getdate();
# Now put the date into a variable in a nice MySQL friendly format
$modifiedDate = $dateDets['year'] . "-" . $dateDets['mon'] . "-"
. $dateDets['mday'];
# Now get a list of all of the elements on the page
$qResult = mysql_query("SELECT * FROM sbmFIELD WHERE subname = "
. "'$subname' AND pagenb = $pageNumber ORDER BY fieldnb");
# Now, put all of the query dynaset rows into an array...
$idx = 0;
$numRows = mysql_num_rows($qResult);
while($anElement = mysql_fetch_array($qResult))
{
$elementList[$idx] = $anElement;
$idx++;
} // END while
if($currFieldnb < $numRows)
{
for($k = $currFieldnb; $k < $numRows; $k++)
{
# Make a query string to deal with moving each element
# below the element to move (up until the position to move
# to) up one place in the page elements order.
$moveStr = "UPDATE sbmFIELD SET fieldnb = '"
. ($elementList[$k][2] - 1) . "', md = '$modifiedDate' "
. "WHERE subname = '$subname' AND pagenb = '$pageNumber' "
. "AND fieldnb = '" . $elementList[$k][2] . "'";
# Execute the query to remove the element
$moveRes = mysql_query($moveStr);
if($moveRes)
{
mysql_free_result($moveRes);
} // END if
else
{
# Query hasn't worked
print("<SCRIPT TYPE='text/javascript'>alert('Error: "
. "Couldn't move an element!');</SCRIPT>\n");
}// END else
} // END for
# Make the query string to remove the element
$finalDelStr = "DELETE FROM sbmFIELD WHERE subname = '$subname' "
. "AND pagenb ='$pageNumber' AND fieldnb = '$currFieldnb' "
. "AND fidesc = '$fidesc'";
# Execute the query to remove the element
$finalDelRes = mysql_query($finalDelStr);
if($finalDelRes)
{
# Free the result pointer left by this deletion
mysql_free_result($finalDelRes);
# Now, we can send a quick email to the administrator, saying
# that the given submission has been modified.
$msgTxt = "An update has been carried out on the $subname "
. "submission type in the " . DOCS_DATABASE
. " database. An element was deleted from page $pageNumber"
. ".\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Type Updated", $msgTxt,
"From: WebSubmit_Administrator");
} // END if
else
{
# Query hasn't worked
print("<SCRIPT TYPE='text/javascript'>alert('Error: "
. "Couldn't delete an element!');</SCRIPT>\n");
}// END else
} // END if
else
{
# In this case, the item to be deleted must be the last in the
# list, so we don't need to move any elements around, just delete
# the it.
# Make the query string to remove the element
$finalDelStr = "DELETE FROM sbmFIELD WHERE subname = '$subname' "
. "AND pagenb ='$pageNumber' AND fieldnb = '$currFieldnb' "
. "AND fidesc = '$fidesc'";
# Execute the query to remove the element
$finalDelRes = mysql_query($finalDelStr);
if($finalDelRes)
{
# Free the result pointer left by this deletion
mysql_free_result($finalDelRes);
# Now, we can send a quick email to the administrator, saying
# that the given submission has been modified.
$msgTxt = "An update has been carried out on the $subname "
. "submission type in the " . DOCS_DATABASE
. " database. An element was deleted from page $pageNumber"
. ".\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Type Updated", $msgTxt,
"From: WebSubmit_Administrator");
} // END if
else
{
# Query hasn't worked
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't delete an element!');</SCRIPT>\n");
}// END else
} // END else
# we must update the "modified date" field in the sbmIMPLEMENT
# table, to reflect the fact that certain changes have been
# made to the given submission, even if they are just moving
# elements around the page.
$mdResult = mysql_query("UPDATE sbmIMPLEMENT SET md = "
. "'$modifiedDate' WHERE subname = '$subname'");
if($mdResult)
{
# Free the result left by this update
mysql_free_result($mdResult);
} // END if
else
{
# The update the date query has failed for some reason
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't update the md in sbmIMPLEMENT!');</SCRIPT>\n");
} // END else
# Update the doctype modification date
updateEDSDOCTYPEmd($doctype, $modifiedDate);
} // END function deletePageElement()
function displayPage()
{
global $moveUp,$x,$y,$previousFieldnb,$subname,$pageNumber,$fidesc,$currFieldnb,$previousfiDesc,$doctype,$nPgs,$moveDown,$moveDigital,$elementPos,$deleteElement;
# Conduct a test to see what kind of call to this page this actually
# is, and then take the appropriate action based upon this
# outcome...
if(isset($moveUp))
{
# If the $up variable is set, it means that the user has pressed
# the up arrow button to move an element up in the order in which
# it is placed on the page...
# Free memory associated with X, Y, and up variables...
unset($x);
unset($y);
unset($moveUp);
# Process the element movement...
moveElementUp($previousFieldnb, $subname, $pageNumber, $fidesc,
$currFieldnb, $previousfiDesc, $doctype);
# Redisplay the page...
constructSubmPge($subname, $pageNumber, $nPgs, $doctype);
} // END if
elseif(isset($moveDown))
{
# If this variable is set, it means that the user has pressed the
# down arrow button to move an element down in the order in which
# it is located on the page.
# Free memory associated with X, Y, and up variables...
unset($x);
unset($y);
unset($moveDown);
# Process the element movement...
moveElementDown($nextFieldnb, $subname, $pageNumber, $fidesc,
$currFieldnb, $nextfiDesc, $doctype);
# Redisplay the page...
constructSubmPge($subname, $pageNumber, $nPgs, $doctype);
} // END elseif
elseif(isset($moveDigital))
{
/***************************************************************
In this case, the user has opted to move an element to another
position by selecting the position to move it to from the
select list (the item is then moved directly to this position
in the page element order, hence the reason for calling this a
digital move). When this move is accomplished, the other
elements cascade down/up to fill the vacant position left by
the element to be moved.
***************************************************************/
# Free any memory space used by the moveDigital variable.
unset($moveDigital);
# Process the element movement
moveElementDigital($subname, $pageNumber, $currFieldnb, $fidesc,
$elementPos, $doctype);
# Redisplay the page...
constructSubmPge($subname, $pageNumber, $nPgs, $doctype);
} // END elseif
elseif(isset($deleteElement))
{
# In this case, the user has opted to delete a given element from
# the page. This means that we must delete the element, and then
# reorder the item numbers of all of the other items in order to
# fill the gap left by this element. We also need to alter the
# modified date of the given submission.
# Free any memory space used by the deleteElement flag
unset($deleteElement);
# Process the element deletion...
deletePageElement($subname, $pageNumber, $currFieldnb, $fidesc,
$doctype);
# Redisplay the page...
constructSubmPge($subname, $pageNumber, $nPgs, $doctype);
} // END elseif
else
{
# In this case, it is the first call to the page (a
# non-self-referential call), and we just need to display the
# details of the submission page...
constructSubmPge($subname, $pageNumber, $nPgs, $doctype);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1]. "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/parameterUpdate.php.wml b/modules/websubmit/web/admin/parameterUpdate.php.wml
index bba55cd39..c5e8d4682 100644
--- a/modules/websubmit/web/admin/parameterUpdate.php.wml
+++ b/modules/websubmit/web/admin/parameterUpdate.php.wml
@@ -1,471 +1,471 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Update value of parameter <I><protect><?print $param;?></protect></i> for the <I><protect><?print $doctype;?></protect></i> document type" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function displayParamToUpdate($doctype, $param,
$functionName, $action, $returnTo)
{
/*****************************************************************
This function is used by the "parameterUpdate.php" script. It
executes a select query on the relevant table, retrieving the
value of the required parameter, and placing it into a text input
box in a form. A submit button is also produced for the form.
The purpose of this form is so that the user can alter the value
of the given parameter, and submit the alterations to the
database for update. When the form is submitted, it recursively
calls itself, updates the parameter value, and then redirects to
the 'func.php' script.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 22/08/2000
Last Modified: 22/03/2001
*****************************************************************/
# LOCK the given table as READ...
if(!$lockRes = mysql_query("LOCK TABLES sbmPARAMETERS READ"))
{
# We couldn't get a lock, so we just display the error message
# and return from this function.
print("<DIV STYLE='color: navy; font-weight: bold; font-size:"
. " large; text-align: center'><SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to retrieve information.</DIV>\n"
. "<BR>\n");
print("<TABLE ALIGN='center' CELLSPACING=0 CELLPADDING=0 "
. "BORDER=0>\n<TR>\n<FORM ACTION='func.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='action' VALUE='$action'>\n"
. "<INPUT TYPE='hidden' NAME='functionName' "
. "VALUE='$functionName'>\n"
. "<INPUT TYPE='hidden' NAME='returnTo' VALUE='$returnTo'>\n"
. "<TD ALIGN='center'>\n<INPUT TYPE='button' VALUE='OK' onClick"
. "='submit();'>\n</TD>\n</FORM>\n</TR>\n</TABLE>\n");
return;
} # END if
# Execute a select query on the WebSubmit2 database, getting the value of
# the required parameter...
$queryResult = mysql_query("SELECT value FROM sbmPARAMETERS WHERE
doctype='$doctype' and name='$param'");
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
/******************************************************************
Now, we can test to see if any rows were retrieved by this query.
If there were, then the function has parameters, and we can
display them in a table. If no rows were returned by the query,
then the function has no parameters, and there is no point in
displaying a table. Instead, we can display an appropriate
informative message stating that there are no parameters stored
for the function.
*******************************************************************/
$numRows = mysql_num_rows($queryResult);
if($numRows == 0)
{
/**************************************************************
This query should have returned rows. If none have been
returned, it means that when the function is called for this
doctype, it will search for a value for its parameter in the
column of the table that this query was performed on, but
won't be able to find a result. I.e. the tables are out of
sync.
There could be different reasons for this occurring, but the
most likely is that the user has just added this parameter to
the function, but has not yet updated all of the rows that
utilise it. The best course of action in this case is to give
a message stating that the database stores no value for this
parameter, and that the user should enter one asap. A text
input can also be provided to take care of this.
**************************************************************/
print("<TABLE ALIGN='center' WIDTH='95%' BORDER=1 CELLPADDING=0"
. " CELLSPACING=0 BGCOLOR='#E0E0E0'>\n<TR>\n<TD>\n");
print("<H4>WARNING: There is no value stored in the $param"
. " column of the parameters table for the $doctype document"
. " type. This means that there is no value for this "
. "parameter when the function is used on the $doctype "
. "document type. It is strongly advisable that "
. "a value for the parameter be entered now:</H4>\n");
print("</TD>\n</TR>\n</TABLE>\n<BR>\n");
# Now that the user has been informed about the need for updating
# the parameter value, an input box can be displayed, which the
# user can then use to enter & submit a value for the parameter.
print("<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 "
. "ALIGN='center'>\n"
. "<FORM ACTION='parameterUpdate.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($doctype))
. "'>\n"
. "<INPUT TYPE='hidden' NAME='param' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($param))
. "'>\n"
. "<INPUT TYPE='hidden' NAME='functionName' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($functionName))
. "'>\n"
. "<INPUT TYPE='hidden' NAME='action' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($action))
. "'>\n"
. "<INPUT TYPE='hidden' NAME='calledBefore' "
. "VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='newValue' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='returnTo' "
. "VALUE='$returnTo'>\n");
if ($param == "textMailFTT")
{
print("<TR>\n<TD>\n"
. "<TEXTAREA NAME='paramValue' COLS=60 ROWS=6 "
. "></TEXTAREA>\n</TD>\n</TR>\n</TABLE>\n");
}
else
{
print("<TR>\n<TD>\n"
. "<INPUT TYPE='text' NAME='paramValue' SIZE=60 "
. ">\n</TD>\n</TR>\n</TABLE>\n");
}
# Now display buttons to allow the user to save the new parameter
# value, or to exit from this form...
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0>\n<TR>\n<TD>\n"
. "<INPUT TYPE='button' VALUE='SAVE PARAMETER'"
. " onClick=\"submit();\"></FORM>\n</TD>\n");
# Add a blank between columns...
print("<TD> </TD>\n");
# Add a 'finished' button...
print("<TD>");
displayparamEditFinishedButton($doctype, $action,
$functionName, $returnTo);
# Close up the table...
print("</TD>\n</TR>\n</TABLE>\n");
} // END if
elseif($numRows ==1) # If 1 row was returned, everything is fine!
{
print("<H3 ALIGN='center'>Value Of The <EM>$param");
print("</EM> Parameter:</H3>\n");
# Read the parameter into item, from queryResult...
list($item) = mysql_fetch_row($queryResult);
# Replace all special html characters (<, >, " and &) with the
# html code for them. This prevents html errors.
$item=htmlspecialchars($item);
/***********************************************************
Find the length of the parameter field as defined in the WebSubmit2
database. This field length will be used in the JavaScript
input validation.
***********************************************************/
$fieldLength = mysql_field_len($queryResult, 0);
# Here, we can display the value of the parameter in a text input
# field in a form. There is also a submit button to allow the
# user to submit updates. There are also many hidden fields that
# contain data that is needed elsewhere in the system when the
# FINISHED buttons are used to return to other areas.
print("<TABLE ALIGN='center'><TR><TD>");
print("<FORM ACTION='parameterUpdate.php' METHOD='post'>");
if ($param == "textMailFTT")
{
print("<TR>\n<TD>\n"
. "<TEXTAREA NAME='paramValue' COLS=60 ROWS=6 "
. ">$item</TEXTAREA>\n</TD>\n</TR>\n</TABLE>\n");
}
else
{
print("<INPUT TYPE='text' NAME='paramValue' SIZE=60 VALUE=");
print("\"$item\"></TD>\n</TR>\n</TABLE>\n");
}
# Now open a new table in which to place the hidden fields and
# the submit buttons. This table will be located below the table
# with the text input form...
print("<TABLE ALIGN='center' CELLPADDING=0 CELLSPACING=0 "
. "BORDER=0>\n<TR>\n");
print("<INPUT TYPE='hidden' NAME='doctype' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($doctype))
. "'>");
print("<INPUT TYPE='hidden' NAME='param' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($param))
. "'>");
print("<INPUT TYPE='hidden' NAME='functionName' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($functionName))
. "'>");
print("<INPUT TYPE='hidden' NAME='action' VALUE='"
. ereg_replace("'", "'", htmlspecialchars($action))
. "'>");
print("\n<INPUT TYPE='hidden' NAME='calledBefore' "
. "VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='returnTo' "
. "VALUE='$returnTo'>\n");
print("<TD><INPUT TYPE=button VALUE='UPDATE PARAMETER'");
print(" onClick=");
print( "\"submit()\"></FORM>\n</TD>\n");
# Add a blank column between buttons...
print("<TD> </TD>\n");
# Add a finish button, to allow the user to change their mind
# about adjusting the parameter value, and go back to the
# 'func.php' page...
print("<TD>");
displayparamEditFinishedButton($doctype, $action,
$functionName, $returnTo);
# Close up the table...
print("</TD>\n</TR>\n</TABLE>\n");
} // End elseif
else # IF more than 1 row returned from the query, there
# are definite problems, as there should only be 1
# value for a given function parameter, for a given
# action on a given doctype!
{
print("<P>\n<H3 ALIGN='center'>SQL Error: Too Many");
print(" Rows Returned From Query!</H3>\n</P>\n");
} // END else
} // END function displayParamToUpdate($doctype, $param)
//***********************
function displayparamEditFinishedButton($doctype, $action,
$functionName, $returnTo)
{
/*****************************************************************
This function is used by the "parameterUpdate.php" script. It
displays a "Finished" button, which returns the administrator to
the "func.php" script.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
Created: 22/08/2000
Last Modified: 28/08/2000
*****************************************************************/
print("<FORM ACTION='func.php' METHOD='post'>\n");
print("<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>");
print("<INPUT TYPE='hidden' NAME='action' VALUE='$action'>");
print("<INPUT TYPE='hidden' NAME='functionName' "
. "VALUE='$functionName'>"
. "<INPUT TYPE='hidden' NAME='returnTo' VALUE='$returnTo'>");
print("<INPUT TYPE='button' VALUE='FINISHED' onClick=\"");
print("submit()\">\n</FORM>\n");
} // END function displayparamEditFinishedButton()
// ******************************
function displayPage()
{
global $calledBefore,$doctype,$param,$functionName,$action,$returnTo,$paramValue,$newValue;
# Now test to see if the script has been called before...
if(!($calledBefore))
{
# If the page has not been called before, we must offer the user
# the opportunity to alter the parameter...
# Get the value of the parameter which is to be updated, and put
# it in a text input box in a form, along with an update button.
# The user will be able to update and save changes to this
# parameters value by using this form...
displayParamToUpdate($doctype, $param, $functionName,
$action, $returnTo);
}// End if
else
{
# If this is the second calling of the script, this is where our
# updating fun starts...
/*******************************************************
We must now execute the update query on the database. The
update query will update the parameter value that is held in
the relevant table, to that which was entered by the user
before the "UPDATE" button was pressed. Incidentally, if this
calling of the page is to insert a value in a table for a
parameter that does not have a value, the query will be an
insert query instead of an update query...
*******************************************************/
# Place a lock on the relevant table...
if($lockRes = mysql_query("LOCK TABLES sbmPARAMETERS WRITE"))
{
# Determine the kind of update that must be carried out...
if($newValue)
{
# If this is a call to add a parameter to the system,
# execute an insert query on WebSubmit...
$queryResult = mysql_query("INSERT INTO sbmPARAMETERS
(doctype, name, value) VALUES('$doctype','$param','$paramValue')");
} // END if
else
{
# If this is a call to update the parameters value...
# Execute the update query on the WebSubmit2 database.
$queryResult = mysql_query("UPDATE sbmPARAMETERS SET
value='$paramValue'
WHERE doctype = '$doctype' and name='$param'");
} // END else
if(mysql_affected_rows() == 1) // Update has worked...
{
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<BR><H3 STYLE='color: red; text-align: "
. "center'>Parameter Updated</H3>");
# Now redirect the browser to the "func.php" page once
# more, in order to display all parameter values for the
# function concerned...
print("<FORM ACTION='func.php' METHOD='post' "
. "NAME='referForm'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n"
. "<INPUT TYPE='hidden' NAME='action' VALUE='$action'>\n"
. "<INPUT TYPE='hidden' NAME='functionName' "
. "VALUE='$functionName'>\n"
. "<INPUT TYPE='hidden' NAME='returnTo' "
. "VALUE='$returnTo'>\n"
. "</FORM>\n");
# Now submit the form...
print("<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.referForm.submit();\", 0);\n"
. "</SCRIPT>\n");
} // END if
elseif(mysql_affected_rows() > 1)
{
# If the number of rows updated was greater than 1, there
# has been some DB consistency error, and the administrator
# should be notified...
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<SCRIPT TYPE='text/javascript'>alert('ERROR:\\n\\n"
. "More than 1 row was affected by this update.');"
. "</SCRIPT>");
# Get the date and time of the error occurrence...
$dateDets = getdate();
# Now email the administrator with an error email...
$errMailTxt = "An error has occurred when attempting to "
. "update a parameter value for the $param "
. "parameter of the $functionName function. The data was"
. "selected from the parameters table "
. "for the $doctype document type.\n\nPlease look "
. "into this problem, as it suggests that there are "
. "multiple values for this parameter, which breaks DB"
. "consistency.\n\n"
. "This error occurred on " . $dateDets['weekday'] . " "
. $dateDets['mday'] . " " . $dateDets['month'] . " "
. $dateDets['year'] . ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . ".";
mail(ADMIN_EMAIL, "Error: Multiple Values For A Parameter",
$errMailTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# If this condition has been reached, it means that the
# query has not updated any rows, which is erroneous, as a
# row should have been updated.
# We must unlock our table...
$unlockRes = mysql_query("UNLOCK TABLES");
print("<SCRIPT TYPE='text/javascript'>alert('ERROR:\\n\\n"
. "No parameter value was updated');</SCRIPT>\n");
displayParamToUpdate($doctype, $param,
$functionName, $action, $returnTo);
} // END else
} # END if
else
{
# Couldn't lock the tables. Don't allow update.
print("<DIV STYLE='color: navy; font-weight: bold; font-size:"
. " large; text-align: center'><SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to commit updates.</DIV>\n"
. "<BR>\n");
displayParamToUpdate($doctype, $param,
$functionName, $action, $returnTo);
} # END else
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1]. "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/referees.py b/modules/websubmit/web/admin/referees.py
index edea5e76e..8f8b9b05e 100644
--- a/modules/websubmit/web/admin/referees.py
+++ b/modules/websubmit/web/admin/referees.py
@@ -1,232 +1,233 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
pylibdir = "<LIBDIR>/python"
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
sys.path.append('%s' % pylibdir)
from cdsware.config import cdsname,cdslang
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import *
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email, list_registered_users
from cdsware.messages import *
from cdsware.websubmit_config import *
def index(req,c=cdsname,ln=cdslang,todo="",id="",doctype="",categ="",addusers="",warningText="",role=""):
ln = wash_language(ln)
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
- if not acc_authorize_action(uid, "cfgwebsubmit",verbose=0):
- return errorMsg("You are not authorized to use websubmit admin",req,uid)
+ (auth_code, auth_message) = acc_authorize_action(uid, "cfgwebsubmit",verbose=0)
+ if auth_code != 0:
+ return errorMsg(auth_message, req, uid)
# request for deleting a user
if todo == "deleteuser":
acc_deleteUserRole(id,name_role=role)
# request for adding user(s)
if todo == "adduser":
role = "referee_%s_%s" % (doctype,categ[1])
roleId = acc_getRoleId(role)
# if the role does not exists, we create it
if roleId == 0:
if acc_addRole(role,"referees for document type %s category %s" % (doctype,categ[1])) == 0:
return errorMsg("Cannot create referee role",req)
else:
roleId = acc_getRoleId(role)
# if the action does not exist, we create it
actionId = acc_getActionId("referee")
if actionId == 0:
if acc_addAction("referee","","no",("doctype","categ")) == 0:
return errorMsg("Cannot create action 'referee'",req)
else:
actionId = acc_getActionId("referee")
#create arguments
arg1Id = acc_addArgument("doctype",doctype)
arg2Id = acc_addArgument("categ",categ[1])
# then link the role with the action
if acc_addRoleActionArguments(roleId,actionId,-1,0,0,[arg1Id,arg2Id]) == 0:
return errorMsg("Cannot link role with action",req)
roleId = acc_getRoleId(role)
# For each id in the array
if isinstance(addusers,types.ListType):
for adduser in addusers:
# First check whether this id is not already associated with this rule
myRoles = acc_getUserRoles(adduser)
if not roleId in myRoles:
# Actually add the role to the user
acc_addUserRole(adduser,roleId)
else:
warningText = "<font color=red>Sorry... This user is already a referee for this category.</font>"
else:
# First check whether this id is not already associated with this rule
myRoles = acc_getUserRoles(addusers)
if not roleId in myRoles:
# Actually add the role to the user
acc_addUserRole(addusers,roleId)
else:
warningText = "<font color=red>Sorry... This user is already a referee for this category.</font>"
return page(title="websubmit admin - referee selection",
body=displayRefereesPage(doctype,warningText),
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def displayRefereesPage(doctype,warningText):
t=""
if doctype == "*":
docname = "all catalogues"
else:
res = run_sql("SELECT * FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
docname = res[0][0]
t+=warningText
t+="""
<FORM ACTION='referees.py' METHOD='POST'>
<INPUT TYPE='hidden' NAME='todo' VALUE=''>
<INPUT TYPE='hidden' NAME='id' VALUE=''>
<INPUT TYPE='hidden' NAME='doctype' VALUE='%s'>
<INPUT TYPE='hidden' NAME='categ' VALUE=''>
<INPUT TYPE='hidden' NAME='role' VALUE=''>
<!-- Role: referee -->
<TABLE><TR><TD valign=top>""" %doctype
# call the function to display the table containing the list of associated emails
t+=displayUserTable(doctype)
t+="""
</TD>
<TD valign=top>"""
# call the function to display the form allowing the manager to add new users
t+=displayAddUser(doctype)
t+= """
</TD></TR></TABLE>
<!-- End submissionuser rule -->
<SMALL>
<INPUT class=\"adminbutton\" TYPE=submit VALUE='FINISHED' onclick="document.forms[0].action='documentEDS.php';document.forms[0].submit();">
</SMALL>
</FORM>"""
return t
def displayUserTable(doctype):
t=""
# start displaying the table which will contain the list of email addresses.
t+= """
<table class="searchbox" summary="">
<tr>
<th class="portalboxheader" colspan="2">Referees</th>
</tr>"""
roles = acc_getAllRoles()
referees = {}
for role in roles:
role_name = role[1]
role_id = role[0]
if re.match("^referee_%s_" % doctype,role_name):
# Try to retrieve the referee's email from the referee's database
if acc_getRoleUsers(role_id) != None:
referees[role_name] = acc_getRoleUsers(role_id)
if len(referees) == 0:
t+= "<TR><TD align=center colspan=2><IMG SRC=\"%s/noway.gif\" height=16 width=16></TD></TR>" % images
i=0
for role in referees.keys():
categ = re.match("referee_%s_(.*)" % doctype,role).group(1)
res = run_sql("SELECT lname FROM sbmCATEGORIES WHERE sname=%s and doctype=%s", (categ,doctype,))
if len(res) > 0:
categname = "Referee(s) for category: %s" % res[0][0]
else:
categname = "General Referee(s)"
t+= "<TR><TD colspan=2><small><b>%s</b> </small></TD></TR>" % categname
for referee in referees[role]:
if int(i/2) == i/2:
bgcolor="#eeeeee"
else:
bgcolor="#dddddd"
t+= "<TR bgcolor=%s>" % bgcolor
t+= "<TD align=right><small>"
t+= referee[1]
t+= "</small></TD>"
t+= "<TD><a href=\"\" onClick=\"if (confirm('Are you sure you want to delete this referee?')){document.forms[0].todo.value='deleteuser';document.forms[0].id.value='%s';document.forms[0].role.value='%s';document.forms[0].submit();return false;}else{return false;}\">" % (referee[0],role)
t+= "<IMG SRC=\"%s/iconcross.gif\" border=0></a>" % images
t+= "</TD>";
t+= "</TR>";
i+=1
# close table
t+="</TABLE>"
return t
def displayAddUser(doctype):
t=""
# start displaying the table which will contain the add form
t+= """
<table class="searchbox" summary="">
<tr>
<th class="portalboxheader">Add</th>
</tr>
<tr>
<td>
User:<br>"""
users = list_registered_users()
if len(users) < 20:
numrows = len(users)
else:
numrows = 20
t+= "<SELECT multiple name=addusers size=%s>" % numrows
for user in users:
if user[1] != "":
t+= "<OPTION value=%s>%s" % (user[0],user[1])
t+= "</SELECT><br>"
t+= "<SELECT name=categ>"
t+= "<OPTION value='*'>All categories"
res = run_sql("SELECT lname,sname FROM sbmCATEGORIES WHERE doctype=%s ORDER BY lname", (doctype,))
for row in res:
t+= "<OPTION value=%s>%s" % (row[1],row[0])
t+= "</SELECT><br>"
t+= "<INPUT class=\"adminbutton\" type=button onClick=\"document.forms[0].todo.value='adduser';document.forms[0].submit();\" VALUE=\"ADD\">"
t+= "</small></TD></TR></TABLE>"
return t
def errorMsg(title,req,uid,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
uid=uid,
urlargs=req.args)
</protect>
diff --git a/modules/websubmit/web/admin/referees.py.wml b/modules/websubmit/web/admin/referees.py.wml
index edea5e76e..8f8b9b05e 100644
--- a/modules/websubmit/web/admin/referees.py.wml
+++ b/modules/websubmit/web/admin/referees.py.wml
@@ -1,232 +1,233 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
pylibdir = "<LIBDIR>/python"
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
sys.path.append('%s' % pylibdir)
from cdsware.config import cdsname,cdslang
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import *
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email, list_registered_users
from cdsware.messages import *
from cdsware.websubmit_config import *
def index(req,c=cdsname,ln=cdslang,todo="",id="",doctype="",categ="",addusers="",warningText="",role=""):
ln = wash_language(ln)
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
- if not acc_authorize_action(uid, "cfgwebsubmit",verbose=0):
- return errorMsg("You are not authorized to use websubmit admin",req,uid)
+ (auth_code, auth_message) = acc_authorize_action(uid, "cfgwebsubmit",verbose=0)
+ if auth_code != 0:
+ return errorMsg(auth_message, req, uid)
# request for deleting a user
if todo == "deleteuser":
acc_deleteUserRole(id,name_role=role)
# request for adding user(s)
if todo == "adduser":
role = "referee_%s_%s" % (doctype,categ[1])
roleId = acc_getRoleId(role)
# if the role does not exists, we create it
if roleId == 0:
if acc_addRole(role,"referees for document type %s category %s" % (doctype,categ[1])) == 0:
return errorMsg("Cannot create referee role",req)
else:
roleId = acc_getRoleId(role)
# if the action does not exist, we create it
actionId = acc_getActionId("referee")
if actionId == 0:
if acc_addAction("referee","","no",("doctype","categ")) == 0:
return errorMsg("Cannot create action 'referee'",req)
else:
actionId = acc_getActionId("referee")
#create arguments
arg1Id = acc_addArgument("doctype",doctype)
arg2Id = acc_addArgument("categ",categ[1])
# then link the role with the action
if acc_addRoleActionArguments(roleId,actionId,-1,0,0,[arg1Id,arg2Id]) == 0:
return errorMsg("Cannot link role with action",req)
roleId = acc_getRoleId(role)
# For each id in the array
if isinstance(addusers,types.ListType):
for adduser in addusers:
# First check whether this id is not already associated with this rule
myRoles = acc_getUserRoles(adduser)
if not roleId in myRoles:
# Actually add the role to the user
acc_addUserRole(adduser,roleId)
else:
warningText = "<font color=red>Sorry... This user is already a referee for this category.</font>"
else:
# First check whether this id is not already associated with this rule
myRoles = acc_getUserRoles(addusers)
if not roleId in myRoles:
# Actually add the role to the user
acc_addUserRole(addusers,roleId)
else:
warningText = "<font color=red>Sorry... This user is already a referee for this category.</font>"
return page(title="websubmit admin - referee selection",
body=displayRefereesPage(doctype,warningText),
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def displayRefereesPage(doctype,warningText):
t=""
if doctype == "*":
docname = "all catalogues"
else:
res = run_sql("SELECT * FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,))
docname = res[0][0]
t+=warningText
t+="""
<FORM ACTION='referees.py' METHOD='POST'>
<INPUT TYPE='hidden' NAME='todo' VALUE=''>
<INPUT TYPE='hidden' NAME='id' VALUE=''>
<INPUT TYPE='hidden' NAME='doctype' VALUE='%s'>
<INPUT TYPE='hidden' NAME='categ' VALUE=''>
<INPUT TYPE='hidden' NAME='role' VALUE=''>
<!-- Role: referee -->
<TABLE><TR><TD valign=top>""" %doctype
# call the function to display the table containing the list of associated emails
t+=displayUserTable(doctype)
t+="""
</TD>
<TD valign=top>"""
# call the function to display the form allowing the manager to add new users
t+=displayAddUser(doctype)
t+= """
</TD></TR></TABLE>
<!-- End submissionuser rule -->
<SMALL>
<INPUT class=\"adminbutton\" TYPE=submit VALUE='FINISHED' onclick="document.forms[0].action='documentEDS.php';document.forms[0].submit();">
</SMALL>
</FORM>"""
return t
def displayUserTable(doctype):
t=""
# start displaying the table which will contain the list of email addresses.
t+= """
<table class="searchbox" summary="">
<tr>
<th class="portalboxheader" colspan="2">Referees</th>
</tr>"""
roles = acc_getAllRoles()
referees = {}
for role in roles:
role_name = role[1]
role_id = role[0]
if re.match("^referee_%s_" % doctype,role_name):
# Try to retrieve the referee's email from the referee's database
if acc_getRoleUsers(role_id) != None:
referees[role_name] = acc_getRoleUsers(role_id)
if len(referees) == 0:
t+= "<TR><TD align=center colspan=2><IMG SRC=\"%s/noway.gif\" height=16 width=16></TD></TR>" % images
i=0
for role in referees.keys():
categ = re.match("referee_%s_(.*)" % doctype,role).group(1)
res = run_sql("SELECT lname FROM sbmCATEGORIES WHERE sname=%s and doctype=%s", (categ,doctype,))
if len(res) > 0:
categname = "Referee(s) for category: %s" % res[0][0]
else:
categname = "General Referee(s)"
t+= "<TR><TD colspan=2><small><b>%s</b> </small></TD></TR>" % categname
for referee in referees[role]:
if int(i/2) == i/2:
bgcolor="#eeeeee"
else:
bgcolor="#dddddd"
t+= "<TR bgcolor=%s>" % bgcolor
t+= "<TD align=right><small>"
t+= referee[1]
t+= "</small></TD>"
t+= "<TD><a href=\"\" onClick=\"if (confirm('Are you sure you want to delete this referee?')){document.forms[0].todo.value='deleteuser';document.forms[0].id.value='%s';document.forms[0].role.value='%s';document.forms[0].submit();return false;}else{return false;}\">" % (referee[0],role)
t+= "<IMG SRC=\"%s/iconcross.gif\" border=0></a>" % images
t+= "</TD>";
t+= "</TR>";
i+=1
# close table
t+="</TABLE>"
return t
def displayAddUser(doctype):
t=""
# start displaying the table which will contain the add form
t+= """
<table class="searchbox" summary="">
<tr>
<th class="portalboxheader">Add</th>
</tr>
<tr>
<td>
User:<br>"""
users = list_registered_users()
if len(users) < 20:
numrows = len(users)
else:
numrows = 20
t+= "<SELECT multiple name=addusers size=%s>" % numrows
for user in users:
if user[1] != "":
t+= "<OPTION value=%s>%s" % (user[0],user[1])
t+= "</SELECT><br>"
t+= "<SELECT name=categ>"
t+= "<OPTION value='*'>All categories"
res = run_sql("SELECT lname,sname FROM sbmCATEGORIES WHERE doctype=%s ORDER BY lname", (doctype,))
for row in res:
t+= "<OPTION value=%s>%s" % (row[1],row[0])
t+= "</SELECT><br>"
t+= "<INPUT class=\"adminbutton\" type=button onClick=\"document.forms[0].todo.value='adduser';document.forms[0].submit();\" VALUE=\"ADD\">"
t+= "</small></TD></TR></TABLE>"
return t
def errorMsg(title,req,uid,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
uid=uid,
urlargs=req.args)
</protect>
diff --git a/modules/websubmit/web/admin/removeDoctypeEDS.php.wml b/modules/websubmit/web/admin/removeDoctypeEDS.php.wml
index f59cbf6e4..05722f433 100644
--- a/modules/websubmit/web/admin/removeDoctypeEDS.php.wml
+++ b/modules/websubmit/web/admin/removeDoctypeEDS.php.wml
@@ -1,340 +1,340 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Referees" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_deldoctype"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function displayRemoveDoctypePage($killIt)
{
global $doc2delete;
if($killIt)
{
# In this case, this is the second call to this script, and the
# user has selected the doctype that they wish to kill, and have
# confirmed that they indeed wish to kill it. We can therefore
# begin the removing process. We need to delete from the
# "sbmCATEGORIES", "sbmDOCTYPE", "sbmIMPLEMENT", and "sbmFIELD" tables.
# Get all rows of the sbmIMPLEMENT table relating to this doctype...
$q1Res = mysql_query("SELECT subname FROM sbmIMPLEMENT WHERE "
. "docname = '$doc2delete'");
if($q1Res)
{
# Cool, query worked. Now for each of the subnames, delete
# all of its elements.
while($sub = mysql_fetch_array($q1Res))
{
# Delete all elements & pages for the given submission.
$q2Str = "DELETE FROM sbmFIELD WHERE subname = '"
. $sub["subname"] . "'";
$q2Res = mysql_query($q2Str);
if(!$q2Res)
{
# Bad. Query failed. Output the detailed error message
# on the screen.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:"
. "\\n\\nIt was not possible to conduct a delete query"
. " in order to remove any rows belonging to the "
. $sub["subname"] . " submission\\nof the $doc2delete "
. "document type from the sbmFIELD table.\\n\\nWhen the "
. "delete query was executed, it produced an error. "
. "This means that it is necessary\\nto manually remove"
. " any rows belonging to the " . $sub["subname"]
. " submission of the $doc2delete document type from "
. "the sbmFIELD table.');\n</SCRIPT>\n");
} // END if
} // END while
# Now delete all of the submissions for the current document
# type from the sbmIMPLEMENT table...
$q3Str = "DELETE FROM sbmIMPLEMENT WHERE docname = "
. "'$doc2delete'";
$q3Res = mysql_query($q3Str);
if(!$q3Res)
{
# Bad, query didn't work. Alert the user.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:\\n"
. "\\nIt was not possible to conduct a delete query in "
. "order to remove any rows belonging to the $doc2delete"
. " document type from the sbmIMPLEMENT table.\\nWhen the "
. "delete query was executed, it produced an error. This"
. " means that it is necessary\\nto manually remove any "
. "rows belonging to the $doc2delete doctype that may be "
. "present in the sbmIMPLEMENT table.');\n</SCRIPT>\n");
} // END if
# Now delete the record of the doctype from the "sbmCATEGORIES"
# table...
$q4Res = mysql_query("DELETE FROM sbmCATEGORIES WHERE doctype = "
. "'$doc2delete'");
if(!$q4Res)
{
# Oh dear. Unable to delete the doctypes dets from the
# sbmCATEGORIES table. Alert the user.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:\\n"
. "\\nIt was not possible to conduct a delete query in "
. "order to remove any rows belonging to the $doc2delete "
. "document type from the sbmCATEGORIES table.\\nWhen the "
. "delete query was executed, it produced an error. This "
. "means that it is necessary\\nto manually remove any "
. "rows belonging to the $doc2delete doctype that may be "
. "present in the sbmCATEGORIES table.');\n</SCRIPT>\n");
} // END if
# Now delete the entries for the doctype's function in the actual functions
# table.
$q6Res = mysql_query("DELETE FROM sbmFUNCTIONS WHERE doctype = '"
. "$doc2delete'");
if(!$q6Res)
{
# Unable to delete. Alert the user.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:\\n"
. "\\nIt was not possible to delete the functions\\nof the "
. "$doc2delete document type from the functions table.\\n"
. "\\nThis means that it will be necessary to manually "
. "delete any rows in this table relating to the "
. "$doc2delete doctype.');\n</SCRIPT>\n");
} // END if
# Now delete the entries for the doctype's parameters in the actual parameters
# table.
$q7Res = mysql_query("DELETE FROM sbmPARAMETERS WHERE doctype = '"
. "$doc2delete'");
if(!$q7Res)
{
# Unable to delete. Alert the user.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:\\n"
. "\\nIt was not possible to delete the parameters\\nof the "
. "$doc2delete document type from the parameters table.\\n"
. "\\nThis means that it will be necessary to manually "
. "delete any rows in this table relating to the "
. "$doc2delete doctype.');\n</SCRIPT>\n");
} // END if
# Now delete the entry for the doctype in the "sbmSUBMISSIONS"
# table.
$q8Res = mysql_query("DELETE FROM sbmSUBMISSIONS WHERE doctype = '"
. "$doc2delete'");
if(!$q8Res)
{
# Unable to delete. Alert the user.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:\\n"
. "\\nIt was not possible to delete the details\\nof the "
. "$doc2delete document type from the sbmSUBMISSIONS table.\\n"
. "\\nThis means that it will be necessary to manually "
. "delete any rows in this table relating to the "
. "$doc2delete doctype.');\n</SCRIPT>\n");
} // END if
# Now delete the entry for the doctype in the actual "sbmDOCTYPE"
# table.
$q5Res = mysql_query("DELETE FROM sbmDOCTYPE WHERE sdocname = '"
. "$doc2delete'");
if(!$q5Res)
{
# Unable to delete the record of the doctype from the
# sbmDOCTYPE table. Alert the user.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:\\n"
. "\\nIt was not possible to delete the details\\nof the "
. "$doc2delete document type from the sbmDOCTYPE table.\\n"
. "\\nThis means that it will be necessary to manually "
. "delete any rows in this table relating to the "
. "$doc2delete doctype.');\n</SCRIPT>\n");
} // END if
# Our work here is done, so we can alert the user of this, and
# then redirect the browser to the "home page".
print("<P STYLE=\"text-size: medium; color: green; text-align"
. ": center; font-weight: bold\">The $doc2delete document typ"
. "e has been deleted from the " . DOCS_DATABASE
. " database.</P>\n");
print("<SCRIPT TYPE='text/javascript'>\nalert('The "
. "$doc2delete document type has been deleted from the "
. DOCS_DATABASE . " database.\\n\\nYou should not ignore any "
. "warnings that you may have received on the screen during "
. "the process of this deletion, as these may refer to\\nrows"
. " that could not be deleted for this doctype.');\n"
. "</SCRIPT>\n");
# Redirect the browser...
print("<FORM ACTION='index.php' METHOD='post' "
. "NAME='referForm'>\n"
. "<INPUT TYPE='hidden'>\n</FORM>\n");
print("<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.referForm.submit();\", 0);\n"
. "</SCRIPT>\n");
} // END if
else
{
# Damn, query failed...
# Alert the user, and redirect browser to
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR:\\n\\n"
. "It was not possible to conduct a query to retrieve the "
. "details of the submissions belonging\\nto the $doc2delete "
. "document type from the sbmIMPLEMENT table of the "
. DOCS_DATABASE . " database.\\n\\nWhen the query to retrieve "
. "this information was executed, it produced an error.\\n\\n"
. "This meant that it was not possible to delete the details "
. "of the $doc2delete document type from the " . DOCS_DATABASE
. " database,\\nas if it has any submissions, they could not "
. "be deleted, and as a result, data inconsistencies would be"
. " created.\\n\\nAs no further action can be taken by the "
. "WebSubmit Administrator regarding this doctype deletion, your "
. "browser has\\nbeen redirected to the main page. However, "
. "you should look into the cause of this query error,\\nas "
. "it should not have occurred.');\n</SCRIPT>\n");
} // END else
} // END if
else
{
# In this case, this is the first call to the script, so we just
# need to display the interface for selecting which doctype to
# delete.
# Display a title...
print("<P CLASS=\"errorMsg\">Delete A Doctype</P>\n");
# Get all of the doctypes...
$myRes = mysql_query("SELECT sdocname, ldocname FROM sbmDOCTYPE "
. "ORDER BY ldocname");
if($myRes)
{
# In this case, the query worked...
# Make a little info box...
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">You can "
. "delete a doctype and all of its submissions and their "
. "elements.<BR>Simply choose the doctype from the list, "
. "and click on the \"REMOVE DOCTYPE\" button.</P>\n</TD>\n"
. "</TR>\n</TABLE>\n");
# Make the input form for the element deletion...
print("<FORM ACTION='removeDoctypeEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='killIt' VALUE='true'>\n"
. "<TABLE ALIGN='center' CELLSPACING=0 CELLPADDING=0 "
. "BORDER=0>\n<TR>\n<TH ALIGN='right' BGCOLOR='#87CEFA'>"
. "Document Type: </TH>\n<TD BGCOLOR='#FFFFCC' "
. "ALIGN='center'><SELECT NAME='doc2delete'><OPTION SELECTED "
. "VALUE='DO_NOT_DELETE'>Select A Doctype To Delete"
. "</OPTION>");
# Now fill the select list with all of the doctype values
while(list($code, $desc) = mysql_fetch_row($myRes))
{
print("<OPTION VALUE='"
. ereg_replace("'", "'",
htmlspecialchars($code))
. "'>"
. ereg_replace("'", "'",
htmlspecialchars($desc))
. "</OPTION>\n");
} // END while
# Close up the table...
print("</SELECT></TD>\n</TR>\n</TABLE>\n");
# Produce the submit button...
print("<TABLE ALIGN='center' BORDER=0>\n<TR>\n<TD ALIGN='"
. "center'><INPUT TYPE='button' VALUE='REMOVE DOCTYPE' "
. "onClick=\"for(i=0; i < doc2delete.length; i++) { "
. "if(doc2delete[i].selected) { break; } }"
. " if(doc2delete[i].value != 'DO_NOT_DELETE') { "
. "if(confirm('WARNING! YOU ARE ABOUT TO REMOVE THIS "
. "DOCTYPE FROM EDS!\\n ARE YOU SURE?')) { submit(); }}"
. " else { alert('Select A document Type from the list!'); "
. "}\">\n</TD>\n</TR>\n</TABLE>\n</FORM>\n");
} // END if
else
{
# In this case, the query failed, so we can just output the
# relevant error message, and provide a button for the user to
# click to get back to the "index.php" page.
# Make a message on the screen...
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERRO"
. "R:</SPAN> It was not possible to obtain a list of documen"
. "t types from the sbmDOCTYPE table.<BR>This means that it is "
. "not possible to delete a doctype.</P>\n");
# Provide a button for the user to press to escape this
# situation
print("<FORM ACTION='index.php' METHOD='post'>\n<TABLE ALIG"
. "N='center' BORDER=0 CELLSPACING=0 CELLPADDING=0>\n<TR>\n<"
. "TD ALIGN='center'>\n<INPUT TYPE='button' VALUE='OK' "
. "onClick=\"submit();\">\n</TD>\n</TR>\n</TABLE>\n</FORM>"
. "\n");
} // END else
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayRemoveDoctypePage($killIt);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/veditFunDets.php.wml b/modules/websubmit/web/admin/veditFunDets.php.wml
index c20325b3b..fc52d390b 100644
--- a/modules/websubmit/web/admin/veditFunDets.php.wml
+++ b/modules/websubmit/web/admin/veditFunDets.php.wml
@@ -1,396 +1,397 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="View <i><protect><?print $function;?></protect></i> function details" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listfunctions"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
function displayPage()
{
global $function,$deleteParam,$param,$updateFunDets,$description,$insertParam,$newParam,$theParam;
/******************************************************************
This script produces a page that is used for viewing or configuring
the details of a function in the WebSubmit database. When the page is
called for the first time, i.e. from the 'listFunctions.php' page,
it displays the name of the function, the description of the
function, any parameters that the function may have, and also offers
the ablility to add parameters to the function by presenting a drop
down selection list of tables in WebSubmit.
The page allows the user to alter the description of the function.
This can be done by typing into the description text field, and
clicking on the submit button. The page will then recursively call
itself, update this value in the sbmALLFUNCDESCR table of WebSubmit, and
then redisplay all of the functions details with the new description
The page also allows the user to add a parameter to the function.
In this case, the user must first of all select a table name from
the selection drop down list box. The page will then recursively
call itself again, but this time, also displaying a drop down select
list of fields in the table that the user selected. The user can
then select one of these fields, and click a submit button to add
the new parameter to the function. At this point, the page will
recursively call itself again, but this time adding the new
parameter to the function, and emailing the administrators to
inform them that this action has been carried out. The page will
then redirect to the 'funcUsage.php', which will display the usage
of the function, and the user will be informed that they must update
all of the actions and doctypes that use this function, as they will
need values inserting into the relevant tables for the new
parameter.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
******************************************************************/
if(isset($updateFunDets))
{
# If this variable is set, then this instance of the page is a
# call to update the value of the description field, and hence
# the update query must be carried out, and then all details of
# the function displayed once again...
# Free the $updateFunDets variable...
unset($updateFunDets);
# LOCK THE TABLES
if($lockRes = mysql_query("LOCK TABLES sbmALLFUNCDESCR WRITE"))
{
$updateDescRes = mysql_query("UPDATE sbmALLFUNCDESCR SET "
. "description = '$description' WHERE function = "
. "'$function'");
$unlockRes = mysql_query("UNLOCK TABLES");
if(!$updateDescRes)
{
# If this clause is reached, the script has been unable to
# update the value of description for some reason, and the
# user should be informed of this...
print("<SCRIPT TYPE='text/javascript'>alert('ERROR:\\n\\n"
. "Unable to update value of description for $function\\n"
. "function in sbmALLFUNCDESCR table.\\n\\n"
. "Please inform administrator.</SCRIPT>\n");
} // END if
} # END if
else
{
# Couldn't get lock - therefore no update allowed - tell user
print("<DIV STYLE='color: navy; font-weight: bold; "
. "text-align: center; font-size: large'><SPAN STYLE='color: "
. "red'>Error:</SPAN> Unable to update description.</DIV>\n"
. "<BR>\n");
} # END else
# Free up the space associated with the $updateDescRes query
# result...
mysql_free_result($updateDescRes);
# Redisplay the page...
makePageBody($function, "veditFunDets.php");
# Now, add a finish button that allows the user to leave the page
# and return to the 'listFunctions.php' page...
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='listFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit();\">\n"
. "</FORM>\n</TD>\n</TR>\n</TABLE>\n");
} // END if
elseif(isset($insertParam))
{
# If this variable is set, then this instance of the page is a
# call to add a new parameter to the function...
# LOCK THE TABLES
if($lockRes = mysql_query("LOCK TABLES sbmFUNDESC WRITE"))
{
if ($newParam != "")
$insertParamRes = mysql_query("INSERT INTO sbmFUNDESC
VALUES('$function', '$newParam')");
else
$insertParamRes = mysql_query("INSERT INTO sbmFUNDESC
VALUES('$function', '$theParam')");
$unlockRes = mysql_query("UNLOCK TABLES");
if($insertParamRes)
{
# Now that the parameter has been added, it is necessary to
# display an alert informing the user that the parameter
# has been added, but that they must also update all
# doctypes that use the function to have an actual value
# in the relevant table...
print("<SCRIPT TYPE='text/javascript'>alert('Parameter "
. "Added:"
. "\\n\\nThe $function function will now take a parameter"
. "\\nfrom the $theParam column of the $theTable table."
. "\\n\\nImportant:\\n\\nYour browser has now been "
. "redirected to a page displaying the\\ndocument types"
. " and the actions that this function is utilised in."
. "\\nIt is VERY important that you add a row into the\\n"
. "$theTable table for each of these document types, as"
. " the\\n$function function will now search for this row"
. " when it is called.');</SCRIPT>\n");
# Email the WebSubmit system administrator, and warn them that a
# function has been added to WebSubmit, and that they should
# ensure that all relevant tables have been updated...
# Get the date for the message...
$dateDets = getDate();
# Create the message text...
$messageText = "Please be advised that a parameter was "
. "added"
. " to the $function function on " . $dateDets['weekday']
. " " . $dateDets['mday'] . " " . $dateDets['month'] . " "
. $dateDets['year'] . ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . ".\n\n"
. "The function will search for the value of the new "
. "parameter in the $theParam column of the $theTable "
. "table.\n\nYou should ensure that all document types "
. "that"
. " use this function have a corresponding row in this "
. "table.\n\nInformation about the document types that "
. "utilise this function can be found under the 'WebSubmit "
. "Functions' section of the WebSubmit Administrator "
. "menu.\n\nWebSubmit Administrator.";
# Send the message...
mail(ADMIN_EMAIL, "Parameter Added To $function Function",
$messageText, "From: WebSubmit_Administrator");
# Make a form containing the function name for submitting
# to the 'funcUsage.php' script, so that it is able to
# display the usage of the function in question...
print("<FORM ACTION='funcUsage.php' METHOD='post' "
. "NAME='referForm'>\n<INPUT TYPE='hidden'"
. " NAME='function' VALUE='$function'>\n</FORM>\n");
# Now submit the form...
print("<SCRIPT TYPE='text/javascript'>\n"
. "setTimeout(\"document.referForm.submit();\", 0);\n"
. "</SCRIPT>\n");
} // END if
else
{
# If the insert query did not execute...
print("<SCRIPT TYPE='text/javascript'>alert('ERROR:\\n\\n"
. "It was not possible to add this parameter to the "
. "function.');</SCRIPT>\n");
# Just redisplay the page...
makePageBody($function, "veditFunDets.php");
# Now, add a finish button that allows the user to leave
# the pa'e and return to the 'listFunctions.php' page...
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='listFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit();\">\n"
. "</FORM>\n</TD>\n</TR>\n</TABLE>\n");
} // END else
} # END if
else
{
# Unable to get a lock. Don't commit at any costs!
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'><SPAN STYLE='color: red'>"
. "Error:</SPAN> Unable to insert parameter.</DIV>\n");
# Just redisplay the page...
makePageBody($function, "veditFunDets.php");
# Now, add a finish button that allows the user to leave
# the page and return to the 'listFunctions.php' page...
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='listFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit();\">\n"
. "</FORM>\n</TD>\n</TR>\n</TABLE>\n");
} # END else
} // END elseif
elseif(isset($deleteParam))
{
# This call to this script is a call to delete a given parameter
# from a function.
# LOCK THE TABLES
if($lockRes = mysql_query("LOCK TABLES sbmFUNDESC WRITE"))
{
$delRes = mysql_query("DELETE FROM sbmFUNDESC WHERE function = '"
. "$function' AND param = '$param'");
if($delRes)
{
# Query worked
if(mysql_affected_rows() < 1)
{
# Damn. We deleted no rows for some reason.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Unable to delete requested parameter.\\nTry again "
. "or inform system administrator.');\n</SCRIPT>\n");
} // END if
else
{
# Woo Hoo! We deleted the parameter!
print("<SCRIPT TYPE='text/javascript'>\nalert('Parameter"
. " Deleted.\\n\\nWhen executed, the $function function"
. " will no longer search for the deleted "
. "parameter.');\n</SCRIPT>\n");
# Mail admin...
# Get the current date and time...
$dateDets = getdate();
$msgTxt = "A parameter has been deleted from the "
. "$function"
. " function in the " . DOCS_DATABASE . "database. This "
. "parameter was taken from the $param field of the "
. "$tablename Table. When the function is called by "
. "the WebSubmit system in the future, it will not search "
. "for this parameter.\n\nThis deletion was carried "
. "out on "
. $dateDets['weekday'] . " " . $dateDets['mday'] . " "
. $dateDets['month'] . " " . $dateDets['year']
. ", at " . $dateDets['hours'] . ":"
. $dateDets['minutes'] . ".\n\nWebSubmit Administrator.";
# Send the message...
mail(ADMIN_EMAIL, "Parameter Deleted From $function",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# Damn. Query failed.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Unable "
. "to delete requested parameter.\\nTry again or inform "
. "system administrator.');\n</SCRIPT>\n");
} // END else
} # END if
else
{
# Unable to get lock - don't allow deletion.
print("<DIV STYLE='text-align: center; font-weight: bold; "
. "font-size: large; color: navy'><SPAN STYLE='color: red'>"
. "Error:</SPAN> Unable to delete parameter.</DIV>\n");
} # END else
# Now redisplay the page...
makePageBody($function, "veditFunDets.php");
# Now, add a finish button that allows the user to leave the
# page and return to the 'listFunctions.php' page...
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='listFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit();\">\n"
. "</FORM>\n</TD>\n</TR>\n</TABLE>\n");
} // END elseif
else
{
if(isset($tableSelected))
{
# Make the page, including the table of parameters...
makePageBody($function, "veditFunDets.php",
$tableSelected, $theTable);
# Now, add a finish button that allows the user to leave the
# page and return to the 'listFunctions.php' page...
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='listFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit();\">\n"
. "</FORM>\n</TD>\n</TR>\n</TABLE>\n");
} // END if
else
{
# Make the page once more, as a first call to it...
makePageBody($function, "veditFunDets.php");
# Now, add a finish button that allows the user to leave the
# page and return to the 'listFunctions.php' page...
print("<TABLE ALIGN='center' BORDER=0 CELLPADDING=0 "
. "CELLSPACING=0>\n<TR>\n<TD ALIGN='center'>\n"
. "<FORM ACTION='listFunctions.php' METHOD='post'>\n"
. "<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit();\">\n"
. "</FORM>\n</TD>\n</TR>\n</TABLE>\n");
} // END else
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/viewActionEDS.php.wml b/modules/websubmit/web/admin/viewActionEDS.php.wml
index d8c292b88..ba3ca2705 100644
--- a/modules/websubmit/web/admin/viewActionEDS.php.wml
+++ b/modules/websubmit/web/admin/viewActionEDS.php.wml
@@ -1,574 +1,574 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Details of the <i><protect><?print "$actname";?></protect></I> action" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listactions"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT LANGUAGE="JavaScript">
<!-- hide
function validateIsInt(param)
// This function validates its parameter to ensure that it is an integer
// value.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// ca8nro@yahoo.co.uk
// Created: 16/11/2000
// Last Modified: 16/11/2000
{
// Create a flag to indicate that we have found a non-digit value
var nonDigit = false;
for(index = 0; index < param.length; index++)
{
if(!(param[index] >= 0 && param[index] <= 9))
{
// In this case, we've found a non-digit value, and can stop
// searching, as the parameter is clearly not an integer
nonDigit = true;
break;
} // END if
} // END for
return true;
} // END function validateIsInt(param)
function verifyChanges(curLactname, sugLactname, curDir, sugDir,
curActionbutton, sugActionbutton, curStatustext, sugStatustext)
// Function to test whether the values for the parameters to be changed
// have actually been changed by the user when they submit them to the
// database for update. If not, the function returns false. If so, the
// function returns true.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// Created: 27/07/2000
// Last Modified: 16/11/2000
{
if((curLactname == sugLactname) &&
(curDir == sugDir) && (curActionbutton == sugActionbutton) &&
(curStatustext == sugStatustext))
{
alert("No Change In The Data Has Been Made! Cannot Submit.");
return false;
} // End if
else
{
return true;
} // End else
} // End function verifyChanges()
// -->
</SCRIPT>
<?
function makeButtons($dataRow, $caller, $doctype = "")
{
/**************************************************************
This function has the simple task of creating and displaying the
"SAVE CHANGES" button and the "FINISHED" button for the action
details form. It is bundled into a function, as it is quite a
messy piece of code due to the large parameters to the
JavaScript function "verifyChanges".
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 16/11/2000
Last Modified: 19/12/2000
**************************************************************/
print("<P>\n");
print("<TABLE ALIGN='center' BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0 WIDTH='100%'>\n<TR>\n<TD ALIGN='right'>"
. "\n<INPUT TYPE='button' VALUE='SAVE CHANGES' onClick=\""
. "if(verifyChanges(escape('" . ereg_replace("'","\\'",
htmlspecialchars($dataRow["lactname"]))
. "'), escape(lactname.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["dir"]))
. "'), escape(dir.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["actionbutton"]))
. "'), escape(actionbutton.value), escape('"
. ereg_replace("'","\\'",
htmlspecialchars($dataRow["statustext"]))
. "'), escape(statustext.value))) { submit(); } }\">\n</TD>\n</FORM>\n<FORM ACTION='$caller"
. "' METHOD='post'>\n");
if($caller == "documentEDS.php")
{
# Pass a doctype back to it...
print("<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>\n");
} // END if
print("<TD ALIGN='left'>\n<INPUT TYPE='button' VALUE='FINISHED' "
. "onClick=\"submit();\">\n</TD>\n</FORM>\n</TR>\n</TABLE>\n</P>"
. "\n");
} // END function makeButtons()
//*************
function displayEDSaction($actname, $caller, $doctype = "")
{
/*******************************************************************
This function has the task of displaying the details of an EDS
action. The details are displayed in a form, so that they can be
modified and resubmitted to the database. This function
basically has the task of producing the page to be displayed for
the 'viewActionEDS.php' page.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 16/11/2000
Last Modified: 17/01/2001
*******************************************************************/
# Execute a query on the sbmACTION table for the given action...
$queryResult = mysql_query("SELECT * from sbmACTION WHERE sactname = "
. "'$actname'");
if($queryResult)
{
# The query has executed successfully, so we can continue with
# the production of the page...
# Produce the appropriate output, depending upon the number of
# rows returned by the query...
if(mysql_num_rows($queryResult) == 1)
{
# In this case, as expected, there is one entry for the given
# action in the sbmACTION table..
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below are "
. "the details of the <EM>$actname</EM> action.<BR>You can "
. "edit them by alterring values in boxes, and clicking on "
. "\"SAVE CHANGES\".</P>\n</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now, we are ready to display the details of the given action
# in a table. Each data item will be contained within a form
# input box so that it can be edited if this is desirable.
print("<FORM ACTION='viewActionEDS.php' METHOD='post'>\n"
. "<INPUT TYPE='hidden' NAME='update' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='caller' VALUE='$caller'>\n");
if($caller == "documentEDS.php")
{
# Add a doctype into the equation
print("<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype"
. "'>\n");
} // END if
print("<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 "
. "ALIGN='center' WIDTH='100%'>\n");
# Now make the table: names & fields...
# Get the columns list
$columns = mysql_list_fields(DOCS_DATABASE, "sbmACTION");
# Get the number of field
$numTblFlds = mysql_num_fields($columns);
# Get the row of data
$dataRow = mysql_fetch_array($queryResult);
# Before we display most of the table, we can first display
# the upper part of the table, which will be the sactname, cd,
# and md fields, that can't be modified...
print("<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0 BORDER=0>\n<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN"
. "='right' WIDTH='20%'>\nAction Code: </TH>\n<TD "
. "ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT "
. "TYPE='readonly' NAME='sactname' VALUE='"
. $dataRow["sactname"] . "'>\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>\nCreation "
. "Date: </TH>\n<TD WIDTH='80%' ALIGN='left' BGCOLOR="
. "'#FFFFCC'><INPUT TYPE='readonly' NAME='cd' VALUE='"
. $dataRow["cd"] . "'>\n</TD>\n</TR>\n<TR>\n<TH WIDTH='20%'"
. " BGCOLOR='#D3DCE3' ALIGN='right'>\nModification "
. "Date: </TH>\n<TD WIDTH='80%' ALIGN='left' "
. "BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' NAME='md' "
. "VALUE='" . $dataRow["md"] . "'>\n</TD>\n</TR>\n");
print("<input type=\"hidden\" name=\"actionbutton\" value=\"\">");
# Now fill this new table with all of the details...
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# Get the name of the current field...
$currentField = mysql_field_name($columns, $indx);
# Ensure that we don't once again print our non-editable
# fields out...
if(($currentField != "sactname") && ($currentField != "cd")
&& ($currentField != "md") && ($currentField != "actionbutton"))
{
# First, display the field name...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' "
. "WIDTH='20%'>\n");
if($currentField == "lactname")
{
print("Action Description: ");
} // END if
else
{
print("$currentField" . ": ");
} // END else
print(" </TH>\n<TD ALIGN='left' WIDTH='80%' "
. "BGCOLOR='#FFFFCC'>\n<INPUT TYPE='text' NAME="
. "'$currentField' SIZE=");
if(mysql_field_type($columns, $indx) == "blob")
{
print("60");
} // END if
else
{
print(mysql_field_len($columns, $indx));
} // END else
print(" VALUE='" . ereg_replace("'", "'",
htmlspecialchars($dataRow[$indx]))
. "'>\n</TD>\n</TR>\n");
} // END if
} // END for
# Now that the table has been filled with all of the actions
# details, it can be closed..
print("</TABLE>\n</TABLE>\n");
# Now that the form has been drawn, it is possible to produce
# a new table underneath, containing buttons. There will be a
# "SAVE" button, and a "FINISHED button.
if($caller == "documentEDS.php")
{
makeButtons($dataRow, $caller, $doctype);
} // END if
else
{
makeButtons($dataRow, $caller);
} // END else
} // END if
elseif(mysql_num_rows($queryResult) > 1)
{
# In this case, there are many rows for the given action in
# the sbmACTIONS table, which means that the sbmACTIONS table has
# primary key violations..
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> More "
. "than one row of data concerning the <EM>$actname</EM> "
. "action was returned from the <EM>sbmACTION</EM> table of "
. "the" . DOCS_DATABASE . ".<BR>This indicates primary key "
. "duplication in this table.<BR>Please inform system "
. "administrator.</P>\n");
# Send a mail to the system admin people to warn them about
# this serious error..
$msgTxt = "When a user attempted to look at the details of "
. "the $actname action using the WebSubmit Administrator, several "
. "rows were returned for this action from the sbmACTION table."
. " The query was made using the \"sactname\" as the search"
. " key. As the \"sactname\" field is the primary key for "
. "the sbmACTION table, this means that there must be key "
. "violations in this table.\n\nThis problem should be "
. "corrected immediately.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "sbmACTION Table Key Violation!", $msgTxt,
"From: WebSubmit_Administrator");
} // END elseif
elseif(mysql_num_rows($queryResult) == 0)
{
# This means that the given action has no row in the sbmACTIONS
# table..Signifies a database inconsistency error.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No data"
. " concerning the <EM>$actname</EM> action was found in the"
. " <EM>sbmACTION</EM> table.<BR>This suggests a data "
. "consistency error in the " . DOCS_DATABASE . " database."
. "<BR>Please inform the system administrator.</P>\n");
# Now send an email to the administrator(s) to inform them of
# this serious error...
# Get the current date and time...
$dateDets = getdate();
$msgTxt = "When a user attempted to look at the details of "
. "the $actname action using the WebSubmit Administrator, no rows "
. "were returned from the sbmACTION table for this "
. "action.\n\nBecause the user had to click a link to view "
. "the details of this action, it must be referred to in "
. "other tables of EDS. This means that there are data "
. "inconsistencies within EDS.\n\nThis should be investigated"
. " and corrected ASAP.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Data Inconsistency Error!", $msgTxt,
"From: WebSubmit_Administrator");
} // END elseif
else
{
# Some other sort of error has ocurred, so present the error
# message on the screen.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable"
. " to correctly retrieve data from the <EM>sbmACTION</EM> "
. "table of " . DOCS_DATABASE . ".<BR>Please inform system "
. "administrator.</P>\n");
} // END else
} // END if
else
{
# Unfortunately, the query has failed, so we can display an error
# message.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to conduct a query on the "
. "<EM>sbmACTION</EM> table of " . DOCS_DATABASE . ".<BR>Please"
. " inform system administrator.</P>\n");
} // END else
} // END function displayEDSaction()
function displayPage($update,$actname)
{
global $lactname,$sactname,$dir,$actionbutton,$statustext;
# Conduct a test to see if this is the first call to this script, or
# if it is a self-referential call, whereby the user has chosen to
# update values of the given action...
if($update)
{
# In this case, this is a call to update the actions details...
# Free memory space associated with $update...
unset($update);
# Get the data, so that it can be committed for the modification
# date field (md)...
$dateDets = getdate();
# Now put the date into a variable in a nice MySQL friendly
# format
$modifiedDate = $dateDets['year'] . "-" . $dateDets['mon'] . "-"
. $dateDets['mday'];
# Begin constructing the UPDATE query string...
$queryString = "UPDATE sbmACTION SET lactname = '$lactname', dir ="
. " '$dir', md = '$modifiedDate', actionbutton = '$actionbutton'"
. ", statustext = '$statustext' "
. "WHERE sactname = '$sactname'";
# Now actually execute the update query
$updateResult = mysql_query($queryString);
if($updateResult)
{
# If the query could actually be executed without error
if(mysql_affected_rows() == 1)
{
# In this case, only 1 rows was updated, which is as
# expected
# Send the administrator a message to inform them of the
# update that has taken place...
# Get the current date and time...
$dateDets = getdate();
$msgTxt = "An update has been carried out on the $sactname"
. " action in the " . DOCS_DATABASE . " database.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "EDS Action Updated", $msgTxt,
"From: WebSubmit_Administrator");
# We can now redisplay all of the details for the action
if($caller == "documentEDS.php")
{
displayEDSaction($sactname, $caller, $doctype);
} // END if
else
{
displayEDSaction($sactname, $caller);
} // END else
} // END if
elseif(mysql_affected_rows() > 1)
{
# More than 1 row was updated -> bad news: key duplication
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Multiple rows have been updated in the "
. "<EM>sbmACTION</EM> table.<BR>This has resulted from an "
. "attempt to update the <EM>$sactname</EM> action.<BR>"
. "Please inform the system administrator.</P>\n");
# Now, email the administrator to let them know this, as it
# is a potentially dangerous error.
$msgTxt = "When a user updated the details of "
. "the $sactname action using the WebSubmit Administrator, seve"
. "ral rows were affected in the sbmACTION table. The update"
. " was conducted using the \"sactname\" field as the key."
. " As the \"sactname\" field is the primary key for the "
. "sbmACTION table, this means that there must be key violati"
. "ons in this table. There should only have been 1 row "
. "affected by this update.\n\nThis problem should be "
. "investigated and corrected immediately.\n\nEDS Administ"
. "rator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: sbmACTIONS Table Multiple Row "
. "Update!", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# No rows were updated -> Something strange here!
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>"
. "sbmACTION</EM> table.<BR>This suggests that there could "
. "be data inconsistencies or concurrency problems.<BR>"
. "Please inform the system administrator.</P>\n");
# Better email the administrator & let them know...
$msgTxt = "When a user attempted to update the details of "
. "the $sactname action using the WebSubmit Administrator, no "
. "rows were affected in the sbmACTION table by this update."
. "\n\nBecause the user must have altered an actions "
. "details to submit an update on it, it must have been "
. "present at around the time that the user submitted thei"
. "r update.\n\n"
. "This suggests the possibility of concurrency or data "
. "inconsistency problems in this table.\n\nThis should be"
. " investigated and corrected ASAP.\n\nWebSubmit Administrator "
. "(";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Error: Possible Concurrency Problems",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# The query couldn't be executed due to error(s) ocurring, so
# display an error message
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Unable to update deatails for <EM>$sactname</EM> "
. "action in <EM>sbmACTION</EM> table.<BR>Please inform system "
. "administrator.</P>\n");
} // END else
} // END if
else
{
# In this case, this is the first call to the page, so we can
# basically just display the details of the given action...
if($caller == "documentEDS.php")
{
displayEDSaction($actname, $caller, $doctype);
} // END if
else
{
displayEDSaction($actname, $caller);
} // END else
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage($update,$actname);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/viewChecksEDS.php.wml b/modules/websubmit/web/admin/viewChecksEDS.php.wml
index 35138668c..9b4fedd67 100644
--- a/modules/websubmit/web/admin/viewChecksEDS.php.wml
+++ b/modules/websubmit/web/admin/viewChecksEDS.php.wml
@@ -1,327 +1,327 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Edit the <I><protect><?print $chname;?></protect></i> javascript checking function" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit_listchecks"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
/********************Function Declarations****************************/
function errorOKbutton()
{
/*******************************************************************
This function has the simple task of creating an "OK" button,
which when pressed, sends the browser back to the
"allChecksEDS.php" page. It will only be displayed when there has
been some sort of error ocurrence.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 19/12/2000
Last Modified: 19/12/2000
*******************************************************************/
print("<TABLE ALIGN='center' CELLSPACING=0 CELLPADDING=0 BORDER=0>"
. "\n<FORM ACTION='allChecksEDS.php' METHOD='post'>\n<TR><TD ALIGN"
. "='center'>\n<INPUT TYPE='button' VALUE='OK' onClick=\"submit();"
. "\">\n</TD>\n</TR>\n</FORM>\n</TABLE>\n");
} // END function errorOKbutton()
//*************
function displayEDScheckDetsForm($chname)
{
/*****************************************************************
This function has the task of constructing the form that contains
the details of a given check that is to be viewed or editied. It
first conducts a query on the CHECK table to retrieve the details
of the check. If it can't, it displays the relevant error
messages. Otherwise, it displays all of the details of the check
in an HTML form. It also of course displays the buttons to
submit the form, or go back to another page.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 19/12/2000
Last Modified: 19/12/2000
*****************************************************************/
# Execute a query to retrieve the details of the given check...
$qRes = mysql_query("SELECT * FROM sbmCHECKS WHERE chname = "
. "'$chname'");
if($qRes)
{
# In this case, the query worked sans probleme
if(mysql_num_rows($qRes) < 1)
{
# Oh dear, the current check doesn't seem to exist.
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERR"
. "OR:</SPAN> The $chname Checking Function Does Not Exist "
. "In " . DOCS_DATABASE . ".<BR>Inform System Administrator."
. "</P>\n");
# Display a button...
errorOKbutton();
# Now mail the admin to tell them this news.
$msgTxt = "An error has ocurred while attempting to retrieve "
. "the details of the $chname checking function from "
. DOCS_DATABASE . ". The query to select the details of this "
. "checking function returned no rows. There must have been "
. "a record for this checking function however, because the "
. "use must have clicked on a link for it to retrieve the "
. "details of it.\n\nThis suggests that there is a problem "
. "with concurrency. Perhaps another user deleted the check "
. "from " . DOCS_DATABASE . " just before the user who tried "
. "to view its details clicked on the link to it.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: Cannot Retrieve $chname Check "
. "Details", $msgTxt, "From: WebSubmit_Administrator");
} // END if
elseif(mysql_num_rows($qRes) > 1)
{
# Oh dear...several instances of the current check!
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERR"
. "OR:</SPAN> Several Rows Have Been Retrieved For The "
. "<EM>$chname</EM> Checking Function.<BR>Inform System "
. "Administrator.</P>\n");
errorOKbutton();
# Now mail the admin to tell them this news.
$msgTxt = "An error has ocurred while attempting to retrieve "
. "the details of the $chname checking function from "
. DOCS_DATABASE . ". The query to select the details of this "
. "checking function returned several rows. The 'chname' "
. "field of the sbmCHECKS table should be unique, as it is used "
. "as the key of the table. This means that there should "
. "only ever be 1 row in the sbmCHECKS table for a given chname "
. "value.\n\nThis means that there must be key violations in "
. "the sbmCHECKS table, and this problem should be examined and "
. "corrected immediately.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: sbmCHECKS Table Key Violation "
. "($chname)", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# Perfect! Only one row for this check, as expected...
# Provide a quick description of the pages function...
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Below, is a"
. " table that allows you to view or edit the details of an "
. "EDS JavaScript checking function.<BR><BR>If you wish to "
. "edit the checking function, you can edit the details of "
. "the <EM>Check Description</EM> field, and then click on"
. " the \"SAVE CHANGES\" button.<BR>If you do not wish to "
. "make any changes to the checking function, simply click on"
. " the \"FINISHED\" button, which will return you to the "
. "page<BR>displaying a list of all checks.</P>\n</TD>\n</TR>"
. "\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Get a list of the fields in the sbmCHECKS table
$columns = mysql_list_fields(DOCS_DATABASE, "sbmCHECKS");
# Get the details of the current check to display
$dataRow = mysql_fetch_array($qRes);
# Now begin making the form...
print("<TABLE WIDTH='100%' ALIGN='center' BORDER=0 "
. "CELLSPACING=0 CELLPADDING=0>\n<FORM ACTION='viewChecksEDS"
. ".php' METHOD='post'>\n<INPUT TYPE='hidden' NAME='update"
. "Check' VALUE='true'>\n<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN"
. "='right' WIDTH='20%'>Creation Date: </TH>\n<TD ALI"
. "GN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT TYPE='"
. "readonly' NAME='cd' VALUE='". $dataRow["cd"] . "'></TD>\n"
. "<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>"
. "Modification Date: </TH>\n<TD ALIGN='left' BGCOLOR='"
. "#FFFFCC' WIDTH='80%'><INPUT TYPE='readonly' NAME='md' "
. "VALUE='" . $dataRow["md"] . "'></TD>\n</TR>\n<TR>\n<TH BG"
. "COLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>Check Name:"
. " </TH>\n<TD ALIGN='left' WIDTH='80%' BGCOLOR='#FFFFC"
. "C'><INPUT TYPE='readonly' NAME='chname' VALUE='"
. $dataRow["chname"] . "'>\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>Check "
. "Description: </TH>\n<TD ALIGN='left' BGCOLOR='#FFFFC"
. "C' WIDTH='80%'><TEXTAREA COLS=50 ROWS=20 NAME='chdesc'>"
. $dataRow["chdesc"] . "</TEXTAREA></TD>\n</TR>\n</TABLE>\n");
# Now make an other table to hold the various buttons...
print("<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2 ALIGN='"
. "center'>\n<TR>\n<TD ALIGN='right'><INPUT TYPE='button' "
. "VALUE='SAVE CHANGES' onClick=\"if(confirm('Are You Sure "
. "That You Wish To Alter This Checking Function Descriptio"
. "n?')) { submit(); }\"></TD>\n<TD ALIGN='center'><INPUT "
. "TYPE='button' "
. "VALUE='RESET' onClick=\"reset();\"></TD>\n</FORM>\n<FORM "
. "ACTION='allChecksEDS.php' METHOD='post'>\n<TD ALIGN='left"
. "'><INPUT TYPE='button' VALUE='CANCEL' onClick=\"submit();"
. "\"></TD>\n</TR>\n</TABLE>\n");
} // END else
} // END if
else
{
# In this case, the query to retrieve the details of the given
# check failed, so we can simply output an error message...
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Could not query the <EM>sbmCHECKS</EM> table of "
. DOCS_DATABASE . ".<BR>Contact System Administrator.</P>\n");
# Add a button...
errorOKbutton();
} // END else
} // END function displayEDScheckDetsForm()
function displayPage()
{
global $updateCheck,$chdesc,$chname;
if($updateCheck)
{
# In this case, this call to the script is a call to commit
# updated details of the given check to the database.
# Get the date for the md field...
$modifiedDate = makeEDSmdDate();
# Make an update string...
$updStr = "UPDATE sbmCHECKS SET md = '$modifiedDate', chdesc = '"
. "$chdesc' WHERE chname = '$chname'";
# Now execute the update...
$updRes = mysql_query($updStr);
if($updRes)
{
# The query has worked...
if(mysql_affected_rows() == 1)
{
# In this case, the check has been updated, and we can
# simply let the user know of the update, inform the admin
# of it, and redisplay the check in the form.
print("<SCRIPT TYPE='text/javascript'>\nalert('The Check"
. "ing Function Has Been Updated.');\n</SCRIPT>\n");
$msgTxt = "The $chname checking function has been updated"
. " in " . DOCS_DATABASE . ".\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$chname Check Updated",
$msgTxt, "From: WebSubmit_Administrator");
# Now free the update query result...
mysql_free_result($updRes);
# Redisplay the form with the check in it
displayEDScheckDetsForm($chname);
} // END if
else
{
# The query didn't actually update anything. Hmm.
print("<SCRIPT TYPE='text/javascript'>alert('The Check Wa"
. "s Not Updated. It Is Possible That The Check Descript"
. "ion Was Not Changed.');\n</SCRIPT>\n");
displayEDScheckDetsForm($chname);
} // END else
} // END if
else
{
# In this case, the update has failed, so we can just inform
# the user of this, and redisplay the details of the check in
# the form (pre update - perhaps the user wrote weird stuff,
# or too much).
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: It was "
. "not possible to update this check. The current saved vers"
. "ion of it has been redisplayed.\\nIt is possible that the "
. "values entered for the check were in some way invalid.\\n"
. "\\nPlease inform the system administrator if you think "
. "there is a problem.');\n</SCRIPT>\n");
# Now redisplay the check details in the form...
displayEDScheckDetsForm($chname);
} // END else
} // END if
else
{
# In this case, this is the first call to the script, and we must
# simply display the details of the given check in a form, ready
# for viewing or updating as appropriate.
# Display the interface...
displayEDScheckDetsForm($chname);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid);
+ if (!$auth[0])
+ outWarning($auth[1]);
else
displayPage();
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/admin/viewEditSubmissionEDS.php.wml b/modules/websubmit/web/admin/viewEditSubmissionEDS.php.wml
index 5f1811f71..78971dce9 100644
--- a/modules/websubmit/web/admin/viewEditSubmissionEDS.php.wml
+++ b/modules/websubmit/web/admin/viewEditSubmissionEDS.php.wml
@@ -1,1547 +1,1547 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
<?
require("commonPhpFunctions.php");
?>
#include "cdspage.wml" \
title="Submission Pages of <protect><?print "$subname";?></protect>" \
navtrail_previous_links="<a class=navtrail href=<WEBURL>/admin/<lang:star: index.*.html>><MSG_ADMIN_AREA></a> > <a class=navtrail href=<WEBURL>/admin/websubmit/><MSG_ADMIN_SUBMIT></a>" \
navbar_name="admin" \
navbar_select="websubmit"
<?
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
?>
<SCRIPT LANGUAGE="JavaScript">
<!-- hide
function checkRequired(param)
// This is a function to ensure that the user enters the required
// parameter for the action.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// ca8nro@yahoo.co.uk
// Created: Long ago!
// Last Modified: 23/11/2000
{
// If the field is left blank by the user...
if((param == "") || ((param.toUpperCase() != "Y") &&
(param.toUpperCase() != "N") && (param.toUpperCase() != "O")))
{ // Alert them, and return false.
alert("You must enter a value of Y, N, or O in the displayed field.");
return false;
} // End if
else // If displayed has been filled by the user...
{
return true;
} // End else
} // End function checkRequired(param)<
function verifyChanges(curLevel, sugLevel, curButtonorder, sugButtonorder,
curStatustext, sugStatustext)
// Function to test whether the values for the parameters to be changed
// have actually been changed by the user when they submit them to the
// database for update. If not, the function returns false. If so, the
// function returns true.
// Author: Nicholas Robinson
// Email: Nicholas.Robinson@cern.ch
// Created: 27/07/2000
// Last Modified: 23/11/2000
{
if(((curLevel == sugLevel) || (sugLevel == curLevel.toLowerCase())) &&
(curButtonorder == sugButtonorder) &&
(curStatustext == sugStatustext))
{
alert("No Change In The Data Has Been Made! Cannot Submit.");
return false;
} // End if
else
{
return true;
} // End else
} // End function verifyChanges()
// -->
</SCRIPT>
<?php
/*********************Function Descriptions***************************/
function displayEDSsubDetsForm($subname, $doctype)
{
/*******************************************************************
This function has the task of actually creating the main page
that shows the details of a submission. It conducts the query,
and from this data, builds an HTML form containing the details of
the given submission type. The user can then alter these details
as they see fit. Links to the pages that the submission is
composed of are also provided. The user can follow these links
to see the details of each of these pages.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 23/11/2000
Last Modified: 15/03/2001
*******************************************************************/
global $IMAGES;
# Execute a select query top get the data for the given submission
$queryResult = mysql_query("SELECT * FROM sbmIMPLEMENT WHERE subname ="
. " '$subname'");
# Now check to ensure that the query executed correctly
if($queryResult)
{
# Everything was fine with the query
# Now check the No. rows returned by the query (should be 1)
if(mysql_num_rows($queryResult) == 1)
{
# In this case, everything is as expected...
# Now, display a quick set of page instructions for the user..
print("<TABLE WIDTH='90%' BGCOLOR='#D3DCE3' ALIGN='center' "
. "CELLSPACING=0 CELLPADDING=0 BORDER=1>\n<TR><TD "
. "ALIGN='center'>\n<P STYLE=\"color: blue; text-align: "
. "center; font-size: small; font-weight: bold\">Shown below,"
. " are the details of the \"$subname\" EDS submission.<BR>"
. "Each page number is a link that when clicked, allows you "
. " to further view and or edit the details of that page.<BR>"
. "<BR><BR>It is "
. "also possible to add another page to this submission. "
. "Click \"ADD PAGE\" to do this.</P>\n"
. "</TD>\n</TR>\n</TABLE>\n");
# Make a horizontal rule to divide the page sections...
drawSeparator();
# Now, we can display the details of the submission in a table
print("<FORM ACTION='viewEditSubmissionEDS.php' METHOD='post'"
. ">\n<INPUT TYPE='hidden' NAME='update' VALUE='true'>\n"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'>"
. "<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 ALIGN='center"
. "' WIDTH='100%'>\n");
# Now make the table: names & fields...
# Get a list of the columns in the sbmIMPLEMENT table...
$columns = mysql_list_fields(DOCS_DATABASE, "sbmIMPLEMENT");
# Get the number of fields
$numTblFlds = mysql_num_fields($columns);
# Get the row of data
$dataRow = mysql_fetch_array($queryResult);
# Before we display most of the table, we can first display
# the upper part of the table, which will contain fields
# should be seen, but not be modifiable...
print("<TABLE WIDTH='100%' ALIGN='center' CELLSPACING=0 "
. "CELLPADDING=0 BORDER=0>\n<TR>\n<TH BGCOLOR='#D3DCE3' ALIGN"
. "='right' WIDTH='20%'>\nSubmission Code: </TH>\n<TD "
. "ALIGN='left' BGCOLOR='#FFFFCC' WIDTH='80%'><INPUT "
. "TYPE='readonly' NAME='subname' VALUE='"
. $dataRow["subname"] . "'>\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>\nNumber of "
. "Pages: </TH>\n<TD WIDTH='80%' ALIGN='left' BGCOLOR="
. "'#FFFFCC'><INPUT TYPE='readonly' NAME='nbpg' VALUE='"
. $dataRow["nbpg"] . "'>\n</TD>\n</TR>\n<TR>\n<TH "
. "BGCOLOR='#D3DCE3' ALIGN='right' WIDTH='20%'>\nCreation "
. "Date: </TH>\n<TD WIDTH='80%' ALIGN='left' BGCOLOR="
. "'#FFFFCC'><INPUT TYPE='readonly' NAME='cd' VALUE='"
. $dataRow["cd"] . "'>\n</TD>\n</TR>\n<TR>\n<TH WIDTH='20%'"
. " BGCOLOR='#D3DCE3' ALIGN='right'>\nModification "
. "Date: </TH>\n<TD WIDTH='80%' ALIGN='left' "
. "BGCOLOR='#FFFFCC'><INPUT TYPE='readonly' NAME='md' "
. "VALUE='" . $dataRow["md"] . "'>\n</TD>\n</TR>\n");
# Now fill this new table with all of the details...
for($indx = 0; $indx < $numTblFlds; $indx++)
{
# Get the name of the current field...
$currentField = mysql_field_name($columns, $indx);
# Ensure that we don't once again print our non-editable
# fields out...
} // END for
# Now add the list of pages into the equation...
print("<TR>\n<TH BGCOLOR='#87CEFA' ALIGN='right' WIDTH='20%'>"
. "\nSubmission Pages: </TH>\n<TD ALIGN='left' WIDTH="
. "'80%' BGCOLOR='#FFFFCC'>\n");
# Display a link to each page...
print("<TABLE BORDER=0 ALIGN='left' CELLPADDING=0 CELLSPACING"
. "=0><TR>");
for($count = 1; $count <= $dataRow["nbpg"]; $count++)
{
print("<TD ALIGN='center'>[<A HREF='pageDetsEDS.php?subna"
. "me=" . $dataRow["subname"] . "&pageNumber=$count&nPgs="
. $dataRow["nbpg"] . "&doctype=$doctype'>"
. $dataRow["subname"] . " Page $count</A>] </TD>");
} // END for
print("</TR>\n<TR>\n");
# Now add "move a page higher in the order" and "move a page
# lower in the order" buttons...
for($count = 1; $count <= $dataRow["nbpg"]; $count++)
{
print("<TD ALIGN='center'><TABLE BORDER=0 CELLSPACING=0 "
. "CELLPADDING=0 ALIGN='center'><TR><TD ALIGN='center'>");
# Test to see if this is the first page or the last page.
# If so, then we must only print an image <IMG> of an
# arrow, as opposed to an <A><IMG></A> arrow, as we don't
# want the page to be moved beyond the page 1, or page x
# (at the end) boundaries.
# Add the "left" arrow...
if($count == 1)
{
# Only use a picture
print("<IMG SRC='".$IMAGES."/forbidden_left.gif' ALT='"
. "Unable To Increase Page Order Weighting: Already "
. "First Page!' HEIGHT=14 WIDTH=14>");
} // END if
else
{
print("<A HREF='viewEditSubmissionEDS.php?doctype="
. "$doctype&pageNumber=$count&nPgs=" . $dataRow["nbpg"]
. "&subname=" . $dataRow["subname"] . "&pageLeft=true'"
. " onClick=\"if(confirm('Taking this action will move "
. "a page and all of its elements one page sooner in "
. "the page order sequence.\\nAre you sure you want to "
. "do this?')) { return true; } else { return false; "
. "}\"><IMG BORDER=0 SRC='".$IMAGES."/left.gif' ALT='Incre"
. "ase Page Weighting Order...' HEIGHT=14 WIDTH=14>"
. "</A>");
} // END else
print("</TD><TD ALIGN='center'>");
# Add the "right" arrow...
if($count == $dataRow["nbpg"])
{
# Last page, so only use a picture
print("<IMG SRC='".$IMAGES."/forbidden_right.gif' ALT='"
. "Unable To Decrease Page Order Weighting: Already "
. "Last Page!' HEIGHT=14 WIDTH=14>");
} // END if
else
{
print("<A HREF='viewEditSubmissionEDS.php?doctype="
. "$doctype&pageNumber=$count&nPgs=" . $dataRow["nbpg"]
. "&subname=" . $dataRow["subname"] . "&pageRight=true'"
. " onClick=\"if(confirm('Taking this action will move "
. "a page and all of its elements one page later in the"
. " page order sequence.\\nAre you sure you want to do "
. "this?')) { return true; } else { return false; }\">"
. "<IMG BORDER=0 SRC='".$IMAGES."/right.gif' ALT='Decreas"
. "e Page Weighting Order...' HEIGHT=14 WIDTH=14></A>");
} // END else
print("</TD></TR></TABLE></TD>\n");
} // END for
print("</TR>\n<TR>\n");
# Now add a delete button for each page of the submission
for($count = 1; $count <= $dataRow["nbpg"]; $count++)
{
print("<TD ALIGN='center'><A HREF='viewEditSubmissionEDS."
. "php?doctype=$doctype&pageNumber=$count&nPgs="
. $dataRow["nbpg"] . "&subname=" . $dataRow["subname"]
. "&deletePage=true' onClick=\"if(confirm('Warning: Taking"
. " this action will delete this submission page and all "
. "of the elements on it.\\nThis action is irreversable!"
. "\\nAre you sure you want to do this?'))"
. "{ return true; } else { return false; }\"><IMAGE "
. "SRC='".$IMAGES."/answer_bad.gif' BORDER=0 WIDTH=12 HEIGHT="
. "12 ALT='Delete Page And All Elements'></A></TD>");
} // END for
# Now close up the inner table...
print("</TR>\n</TABLE>");
# Now that the table has been filled with all of the actions
# details, it can be closed..
print(" </TD>\n</TR>\n</TABLE>\n</TABLE>\n");
# Now make the buttons (SAVE CHANGES, ADD PAGE, and FINISH)...
print("<TABLE ALIGN='center' CELLSPACING=2 CELLPADDING=0 "
. "BORDER=0><TR><TD ALIGN='center'></TD></FORM>"
. "<FORM ACTION='viewEditSubmissionEDS.php' METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='nPgs' VALUE='"
. $dataRow["nbpg"] . "'>"
. "<INPUT TYPE='hidden' NAME='addPage' VALUE='true'><INPUT "
. "TYPE='hidden' NAME='subname' VALUE='$subname'><INPUT TYPE="
. "'hidden' NAME='doctype' VALUE='$doctype'><TD><INPUT "
. "TYPE='button' VALUE='ADD A PAGE' onClick=\"if(confirm('Are"
. " You Certain You Wish To Add Another Page To This "
. "Submission?')) { submit(); } else { return false; }\">"
. "</TD></FORM><FORM ACTION='documentEDS.php' METHOD='post'>"
. "<INPUT TYPE='hidden' NAME='doctype' VALUE='$doctype'><TD>"
. "<INPUT TYPE='button' VALUE='FINISHED' onClick=\"submit();"
. "\"></TD></FORM></TR></TABLE>");
} // END if
elseif(mysql_num_rows($queryResult) > 1)
{
# Oops, we have too many rows in the result set. This
# indicates some sort of key duplication in the sbmIMPLEMENT
# table.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> More "
. "than one row of data concerning the <EM>$subname</EM> "
. "action was returned from the <EM>sbmIMPLEMENT</EM> table of "
. "the" . DOCS_DATABASE . " database.<BR>This indicates "
. "primary key duplication in this table.<BR>Please inform "
. "system administrator.</P>\n");
# Send a mail to the system admin people to warn them about
# this serious error..
$msgTxt = "When a user attempted to look further into the "
. "details of the $subname submission using the EDS "
. "Administrator, several rows were returned for this "
. "submission from the sbmIMPLEMENT table."
. " The query was made using the \"subname\" as the search"
. " key. As the \"subname\" field is the primary key for "
. "the sbmIMPLEMENT table, this means that there must be key "
. "violations in this table.\n\nThis problem should be "
. "corrected immediately.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "sbmIMPLEMENT Table Key Violation!", $msgTxt,
"From: WebSubmit_Administrator");
} // END elseif
elseif(mysql_num_rows($queryResult) == 0)
{
# Oops, we have no rows returned...how can this be?
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No data concerning the <EM>$subname</EM> "
. "submission was found in the <EM>sbmIMPLEMENT</EM> table.<BR>"
. "This suggests a data consistency error in the "
. DOCS_DATABASE . " database.<BR>Please inform the system "
. "administrator.</P>\n");
# Now send an email to the administrator(s) to inform them of
# this serious error...
$msgTxt = "When a user attempted to look further into the "
. "details of the $subname submission using the EDS "
. "Administrator, no rows were returned from the sbmIMPLEMENT "
. "table for this submission.\n\nBecause the user had to "
. "click a link to view the details of this submission, it "
. "must be referred to in other tables of EDS. This suggests"
. " that there are data inconsistencies within EDS.\n\nThis "
. "should be investigated and corrected ASAP.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Possible Data Inconsistency Error!",
$msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# Some sort of weird query error must have ocurred.
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to correctly retrieve data from the "
. "<EM>sbmIMPLEMENT</EM> table of " . DOCS_DATABASE
. ".<BR>Please inform system administrator.</P>\n");
} // END else
} // END if
else
{
# In this case, the query failed...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">ERROR:"
. "</SPAN> Unable to query the <EM>sbmIMPLEMENT</EM> table.<BR>"
. "Please inform system administrator.</P>\n");
} // END else
} // END function displayEDSsubDetsForm($subname, $doctype)
//**************
function moveSubPage($doctype, $pageNumber, $nPgs, $subname,
$page2move2)
{
/*****************************************************************
This function has the task of moving a page either to the left,
or to the right, depending upon which direction button the user
has pressed for the movement. The function is passed a variable
$page2move2, which holds the value of the page that the current
page is to be moved to. This must always be either $pageNumber
+ 1, or $pageNumber - 1. This is important, and the way that I
have written this script will only call this function in the
correct manner. This function should not be used for swapping
pages that are separated by other pages, as that should not be
done. If a page is ever to be moved to a location several pages
away, the other pages should be displaced like dominos into the
position to fill the gap!
This function saves a lot of code duplication, as there are many
errors that could happen during the execution of a page movement.
Some of these errors could be rather serious, and so it is
necessary to give both the user amd the system administrator a
detailed explanation of what has happened in each case. This
means big error message sections.
In the EDS database, there is no such entity as a "submission
page". Instead, there are elements, which have a page number and
a submission name. This means that when we move a page, we must
first move all of the elements on it to a temporary page. In
this case, the chosen temporary page number is 0. Next, all
elements on the page whose position our page is being moved to
are given a page number of that of the page that we are moving.
Finally, all of the elements with a page number of 0 are given a
page number of the position that we wanted to move the page to.
This is how this function works - a simple "swap" algorithm.
In the even of an error occurring, the function attempts to put
everything back to the way it was when it started the movement.
Of course this may not be possible. The function gives error
message feedback at all stages possible, letting the admin/user
know whether or not recovery succeeded etc, or where it failed,
and offers suggestions on how to correct the problems.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 18/12/2000
Last Modified: 18/12/2000
*****************************************************************/
# Get the current date for the "md" field...
$modifiedDate = makeEDSmdDate();
# Make a query string to set the 'pagenb' field of all elements on
# the current page to '0' (zero). Done as a temporary measure for
# swapping pages around.
$qStr1 = "UPDATE sbmFIELD SET pagenb = '0' WHERE subname = '$subname'"
. " AND pagenb = '$pageNumber'";
# Now execute the query
$qRes1 = mysql_query($qStr1);
if($qRes1)
{
# Query worked fine, so carry on alterring values
# Set the value of the pagenb field for all elements of the page
# before the page to be moved to have a pagenb value of the
# current page (that which we are moving).
$qStr2 = "UPDATE sbmFIELD SET pagenb = '$pageNumber', md = '"
. "$modifiedDate' WHERE subname = '$subname' AND pagenb = '"
. "$page2move2'";
# Now execute the query
$qRes2 = mysql_query($qStr2);
if($qRes2)
{
# In this case, the query was fine, and we have just moved all
# elements of the page that was before the page we are moving
# to effectively be in the place of the page that we are
# moving...i.e. the page before it now sits in its place.
# Now make a query string to move the elements that are on
# "page zero" to their final position...
$qStr3 = "UPDATE sbmFIELD SET pagenb = '$page2move2"
. "', md = '$modifiedDate' WHERE subname = '$subname' AND "
. "pagenb = '0'";
# Now execute this query...
$qRes3 = mysql_query($qStr3);
if($qRes3)
{
# In this case, the query has been successful, and we
# should now have fully switched our pages around. We
# should now update the md field of the submission in
# sbmIMPLEMENT, and the doctype in sbmDOCTYPE...
# Update the submissions md field...
$mdResult = mysql_query("UPDATE sbmIMPLEMENT SET md = "
. "'$modifiedDate' WHERE subname = '$subname'");
if($mdResult)
{
# Free the result left by this update
mysql_free_result($mdResult);
} // END if
else
{
# The update the date query has failed for some reason
print("<SCRIPT LANGUAGE=\"JavaScript\">alert('Error: "
. "Couldn't update the md in sbmIMPLEMENT!');</SCRIPT>\n");
} // END else
# We must also modify the md field of the doctype record to
# which this submission belongs
updateEDSDOCTYPEmd($doctype, $modifiedDate);
# Now alert the user of the success
print("<SCRIPT TYPE='text/javascript'>\nalert('Page Moved "
. "Successfully.');\n</SCRIPT>\n");
# Now let the admin know of the page movement...
$msgTxt = "Page $pageNumber of the $subname submission of "
. "the $doctype document type has been moved to another "
. "position.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Page Movement",
$msgTxt, "From: WebSubmit_Administrator");
} // END if
else
{
# Nightmare! We now have really messed up data. We have
# the data of the page we wanted to move on a temporary
# page 0. The data of the page whose position we wanted to
# move our original page to is now on our original page!
# The final thing is that we now can't move our data from
# page zero to its final location. I think the best thing
# to do here is to attempt to move the data that is now on
# the original page (the elements we moved in query 2, to
# their original position, and then move the data from page
# Zero back to our current page - hence undoing the whole
# lot of trouble. Hope it works!
$majorRecoveryStr1 = "UPDATE sbmFIELD SET pagenb = '"
. "$page2move2' WHERE subname = '$subname' AND "
. "pagenb = '$pageNumber'";
$majorRecoveryRes1 = mysql_query($majorRecoveryStr1);
if($majorRecoveryRes1)
{
# Nice...first step recovered! Now attempt to return
# the elements on page 0 to their original page...
$majorRecoveryStr2 = "UPDATE sbmFIELD SET pagenb = '"
. "$pageNumber' WHERE subname = '$subname' AND pagenb ="
. " '0'";
$majorRecoveryRes2 = mysql_query($majorRecoveryStr2);
if($majorRecoveryRes2)
{
# Very nice....we have managed to completely recover
# from the whole mess, so we can just inform the user
# that the page movement did not work. Phew!
print("<SCRIPT TYPE='text/javascript'>\nalert('An "
. "error occurred when an attempt was made to move "
. "the requested submission page.\\nWhen a "
. "submission page is moved, all of "
. "the elements on the page to be moved are given a"
. " temporary page number of 0.\\nThe elements of "
. "the page whose position it is to be moved to are"
. " then given a page number of the current page\\n"
. "and then the elements with a page number of 0 are"
. " then given a page number of the page that they "
. "are to be moved to.\\n\\nWhen this page movent "
. "was carried out however, the elements of page to"
. " be moved were moved to\\npage 0 without trouble."
. " The elements of the page whose position the "
. "page to be moved to was to be moved to\\nwere "
. "moved to the position of the page to be moved "
. "without any problem.\\nHowever, when an attempt "
. "was made to move the elements of the temporary "
. "page 0\\nto their new location, this was not "
. "possible.\\n\\nTo rectify this situation, an "
. "attempt was made to return the elements that were"
. " moved to page $pageNumber\\nback to page "
. "$page2move2, which suceeded. An attempt"
. " was then made to move all elements from\\nthe "
. "temporary page 0 back to page $pageNumber (the "
. "page on which they were originally positioned)."
. "\\nThis attempt succeeded.\\n\\nThis means that "
. "the $subname submission should appear as if it "
. "were never changed.\\nYou should however ensure "
. "that the pages of this submission are "
. "un-corrupted by checking each page manually.\\n"
. "\\nYou should inform the system administrator of "
. "this problem.');\n</SCRIPT>\n");
# Now email the administrator and say the same thing
$msgTxt = "A major problem has ocurred with the data"
. " for the $subname submission. An attempt was "
. "made to move page $pageNumber to another position"
. ".\n\nWhen a page is moved, all of the elements on"
. " the page to be moved are given a temporary page "
. "number of 0. The elements of the page whose "
. "position it is to be moved to are then given a "
. "page number of the current page and then the "
. "elements with a page number of 0 are then given a"
. " page number of the page that they are to be "
. "moved to.\n\nWhen this page movent was carried "
. "out for page $pageNumber however, the "
. "elements of page to be moved were moved to page 0"
. " without trouble. The elements of the page whose"
. "position page $pageNumber was to be moved to were"
. " moved to the position of page $pageNumber "
. "without any problem. However, when an attempt "
. "was made to move the elements of the temporary "
. "page 0 to their new location, this was not "
. "possible.\n\nTo rectify this situation, an "
. "attempt was made to return the "
. "elements that were moved to page $pageNumber back"
. " to page $page2move2, which suceeded. "
. " When an attempt was made to move the elements of"
. " the temporary page 0 back to page $pageNumber, "
. "this also succeeded.\n\nThis all means that the "
. "submission SHOULD look as though it were never "
. "altered, and the pages should appear as normal, "
. "as the system correction of the problem appears "
. "to have succeeded. However, you should manually"
. " check this submission to ensure that this is the"
. " case, as it is possible that some elements from "
. "the pages may have been lost.\n\nEDS "
. "Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Page Movement"
. " Error", $msgTxt, "From: WebSubmit_Administrator");
} // END if
else
{
# Couldnt return our page 0 elements to their orig
# page.
# Let the user know
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR"
. ": A major problem has ocurred with the data for "
. "this submission.\\nWhen a page is moved, all of "
. "the elements on the page to be moved are given a"
. " temporary page number of 0.\\nThe elements of "
. "the page whose position it is to be moved to are"
. " then given a page number of the current page\\n"
. "and then the elements with a page number of 0 are"
. " then given a page number of the page that they "
. "are to be moved to.\\n\\nWhen this page movent "
. "was carried out however, the elements of page to"
. " be moved were moved to\\npage 0 without trouble."
. " The elements of the page whose position the "
. "page to be moved to was to be moved to\\nwere "
. "moved to the position of the page to be moved "
. "without any problem.\\nHowever, when an attempt "
. "was made to move the elements of the temporary "
. "page 0\\nto their new location, this was not "
. "possible.\\n\\nTo rectify this situation, an "
. "attempt was made to return the elements that were"
. " moved to page $pageNumber\\nback to page "
. "$page2move2, which suceeded. When an "
. " attempt was made to move the elements of the "
. "temporary page 0 back to page $pageNumber,\\nthis"
. " failed, therefore the elements that were "
. "origionally on page $pageNumber before the move "
. "was attempted\\nare now sitting on the temporary"
. " page 0. This means that when an attempt is made "
. "to view the elements of page $pageNumber,\\nthere"
. " will be nothing there.\\n\\nPlease inform the "
. "system administrator of this problem immediately "
. "so that it can be corrected.');\n</SCRIPT>\n");
# Now email the sys admin to let them know
$msgTxt = "A major problem has ocurred with the data"
. " for the $subname submission. An attempt was "
. "made to move page $pageNumber to another position"
. ".\n\nWhen a page is moved, all of the elements on"
. " the page to be moved are given a temporary page "
. "number of 0. The elements of the page whose "
. "position it is to be moved to are then given a "
. "page number of the current page and then the "
. "elements with a page number of 0 are then given a"
. " page number of the page that they are to be "
. "moved to.\n\nWhen this page movent was carried "
. "out for page $pageNumber however, the "
. "elements of page to be moved were moved to page 0"
. " without trouble. The elements of the page whose"
. "position page $pageNumber was to be moved to were"
. " moved to the position of page $pageNumber "
. "without any problem. However, when an attempt "
. "was made to move the elements of the temporary "
. "page 0 to their new location, this was not "
. "possible.\n\nTo rectify this situation, an "
. "attempt was made to return the "
. "elements that were moved to page $pageNumber back"
. " to page $page2move2, which suceeded. "
. " When an attempt was made to move the elements of"
. " the temporary page 0 back to page $pageNumber, "
. "this failed, therefore the elements that were "
. "origionally on page $pageNumber before the move "
. "was attempted are now sitting on the temporary "
. "page 0.\n\nYou can probably correct this problem "
. "by using the following query. However, you "
. "should investigate first, as this is only a "
. "suggestion.\n\nUPDATE sbmFIELD SET pagenb = '"
. "$pageNumber' WHERE pagenb = '0' AND subname = '"
. "$subname';\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Page Movement"
. " Error", $msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# In this case, we couldn't recover from the major error
# at all....We must let both the user & admin know.
# Let the user know.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "A major problem has ocurred with the data for "
. "this submission.\\nWhen a page is moved, all of "
. "the elements on the page to be moved are given a"
. " temporary page number of 0.\\nThe elements of "
. "the page whose position it is to be moved to are"
. " then given a page number of the current page\\n"
. "and then the elements with a page number of 0 are"
. " then given a page number of the page that they "
. "are to be moved to.\\n\\nWhen this page movent "
. "was carried out however, the elements of page to"
. " be moved were moved to\\npage 0 without trouble."
. " The elements of the page whose position the "
. "page to be moved to was to be moved to\\nwere "
. "moved to the position of the page to be moved "
. "without any problem.\\nHowever, when an attempt "
. "was made to move the elements of the temporary "
. "page 0\\nto their new location, this was not "
. "possible.\\n\\nTo rectify this situation, an "
. "attempt was made to return the elements that were"
. " moved to page $pageNumber\\nback to page "
. "$page2move2.\\nThis attempt failed, "
. "which meant that the elements on page 0 could not"
. " be moved to page $pageNumber\\nas there are "
. "already elements belonging to another page on "
. "there.\\n\\nThe system can do no more to fix this"
. " problem, and you should contact the system "
. "administrator immediately\\nto ensure that this "
. "situation is rectified.');\n</SCRIPT>\n");
# Let the administrator know...
$msgTxt = "A major problem has ocurred with the data"
. " for the $subname submission. An attempt was "
. "made to move page $pageNumber to another position"
. ".\n\nWhen a page is moved, all of the elements on"
. " the page to be moved are given a temporary page "
. "number of 0. The elements of the page whose "
. "position it is to be moved to are then given a "
. "page number of the current page and then the "
. "elements with a page number of 0 are then given a"
. " page number of the page that they are to be "
. "moved to.\n\nWhen this page movent was carried "
. "out for page $pageNumber however, the "
. "elements of page to be moved were moved to page 0"
. " without trouble. The elements of the page whose"
. "position page $pageNumber was to be moved to were"
. " moved to the position of page $pageNumber "
. "without any problem. However, when an attempt "
. "was made to move the elements of the temporary "
. "page 0 to their new location, this was not "
. "possible.\n\nTo rectify this situation, an "
. "attempt was made to return the "
. "elements that were moved to page $pageNumber back"
. " to page $page2move2. This however"
. " failed, which meant that the elements on page 0 "
. "had to remain on page 0.\n\nThis means that there"
. " is a situation where by the elements that belong"
. " on page $pageNumber are now on page 0, and the "
. "elements that belong on page $page2move2"
. " are now on page $pageNumber.\n\nYou should "
. "ensure that this situation is corrected ASAP.\n\n"
. "WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Page Movement "
. "Error", $msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END else
} // END if
else
{
# We now have a problem. We have altered the current pages
# elements to be on page zero, but we can't seem to alter the
# position of the elements on the page before our current
# page. We had better just put back our page zero elements to
# the current page (and hope this works!), and leave the whole
# thing unchenged. We had also better inform our user & the
# administrator of the error.
# Move our page zero elements back - fast!
$errorCorrect = mysql_query("UPDATE sbmFIELD SET pagenb = '"
. "$pageNumber' WHERE subname = '$subname' AND pagenb = '"
. "0'");
if($errorCorrect)
{
# Query worked. Database info is safe! Phew! Just inform
# of the errors...
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: It"
. " was not possible to move the elements of the page that"
. "\\nwhose position page $pageNumber is to be moved to."
. "\\nThis has meant that it is not possible to move page "
. "$pageNumber.\\n\\nPlease inform the system "
. "administrator of this problem.');\n</SCRIPT>\n");
} // END if
else
{
# Oh dear..we have major problems! Nothing more that we
# can do, but inform the user and the administrator.
# Hey hey, let the user know
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: A "
. "major problem has ocurred with the data for this "
. "submission.\\nWhen a page is moved, all of the elements"
. " on the page to be moved are given a temporary page "
. "number of 0.\\nThe elements of the page whose position "
. "it is to be moved to are then given a page number of "
. "the current page\\nand then the elements with a page "
. "number of 0 are then given a page number of the page "
. "that they are to be moved to.\\n\\nHowever, in this "
. "case we moved the current pages elements to page 0, but"
. " when we attempted to move the elements\\nof the page, "
. "whose sequence number is the destination of the current"
. " page, to the current page\\nwe were unable to do this."
. " Then when we recognised this error, and attempted "
. "to\\ncorrect it by moving the page 0 elements back to "
. "their original page, we were\\nunable to do this!\\n\\n"
. "This means that the page that you have tried to move "
. "will now have no elements, as they are all on page 0!"
. "\\n\\nThe administrator should be informed of this "
. "immediately!');\n</SCRIPT>\n");
# Now email the administrator and let them know of this
# major error!
$msgTxt = "A serious error has ocurred while trying to "
. "move a page of a submission to another position.\n\n"
. "When a page is moved, all of the elements on the page "
. "to be moved are given a temporary page number of 0. "
. "The elements of the page whose position it is to be "
. "moved to are then given a page number of that of the "
. "page that we are actually moving, and then the elements"
. " with a page number of 0 are then given a page number "
. "of the page that they are to be moved to.\n\nHowever, "
. "when an attempt was made to move page $pageNumber of "
. "the $subname submission of the $doctype document type "
. "to another position, the elements of page $pageNumber "
. "were moved to 'page 0', but when an attempt was made "
. "to move the elements of the page whose sequence number "
. "is the destination of the current page to the current "
. "page, it was not possible to do this. When this error "
. "was reconised, an attempt was made to correct the "
. "problem by moving all elements of page 0 of the "
. "$subname submission (the temporary page) back to page "
. "$pageNumber. The query to do this also failed, which "
. "effectively left the elements of page $pageNumber of "
. "the $subname submission stranded on page 0.\n\nThis is "
. "a serious problem, but can be corrected by running an "
. "update query to move the elements back to the correct "
. "page. Use the following query to do this manually:\n\n"
. "UPDATE sbmFIELD SET pagenb = '$pageNumber' WHERE subname ="
. " '$subname' and pagenb = '0';\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Page Movement "
. "Error", $msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END else
} // END if
else
{
# We couldn't change the pagenb field for the elements on the
# current field...error!
# Display JavaScript alert giving details of the error...
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: It was not"
. " possible to alter the page numbers for the elements on the "
. "page to be moved.\\nThis error ocurred in the sbmFIELD table.\\n"
. "Unable to carry out page movement - inform system "
. "administrator.');\n</SCRIPT>\n");
# Now email the administrator about the problem that ocurred...
$msgTxt = "An error has ocurred while attempting to move a "
. "submission page. The submission was the $subname submission "
. "of the $doctype document type, and an attempt was made to "
. "move page $pageNumber.\n\nIt was not possible to assign a "
. "temporary value of 0 (zero) to the 'pagenb' field of the "
. "elements belonging to this page in the sbmFIELD table. This "
. "meant that it was not possible to carry out the movement of "
. "the page.\n\nThis problem should be investigated as soon as "
. "possible.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Page Movement Error",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END function moveSubPage()
//*************
function deleteSubmissionPage($subname, $pageNumber, $nPgs, $doctype)
{
/******************************************************************
The task of this function is to delete a page from a given
submission of a given doctype. The function is passed several
variables which allow it to do this.
The function deletes the given page, and then renumbers all
elements for each page after the deleted page. It then the value
for the number of pages that the submission has by 1. It also
updates all relevant modified date fields (elements, submission
and doctype).
In the event of an error occurring, the relevant people are
informed. If an error ocurrs during the renumberring, the
renumberring is terminated to avoid further data corruption. The
admin is informed of this situation, and told what actions should
be taken.
Author: Nicholas Robinson
Email: Nicholas.Robinson@cern.ch
ca8nro@yahoo.co.uk
Created: 18/12/2000
Last Modified: 18/12/2000
******************************************************************/
$updStr = "DELETE FROM sbmFIELD WHERE subname = '$subname' AND "
. "pagenb = '$pageNumber'";
# Execute the above query...
$updRes = mysql_query($updStr);
if($updRes)
{
# In this case, the deletion of the given page has been
# successful, so we can now move any page elements after it down
# to fill in the gap left by the absence of the page...
# Get the current date...
$modifiedDate = makeEDSmdDate();
# Create an error flag & initialise it to 0...
$errorOn = 0;
for($i = $pageNumber + 1; $i <= $nPgs; $i++)
{
# Make the re-order query string...
$reorderStr = "UPDATE sbmFIELD SET pagenb = '" . ($i - 1)
. "', md = '$modifiedDate' WHERE subname = '$subname' AND"
. " pagenb = '$i'";
# Now execute the reorder query...
$reorderRes = mysql_query($reorderStr);
if($reorderRes)
{
# The query worked so free its result...
mysql_free_result($reorderRes);
} // END if
else
{
# Damn, we could not reorder the elements of this page to
# appear on another. The best thing to do is to stop any
# further reordering, and then warn both the user and the
# admin, telling the admin how it can be fixed...
# Let the user know...
print("<SCRIPT TYPE='text/javascript'>\nalert('Error: "
. "During the process of deleting the page, it is "
. "necessary to first delete the elements of the current"
. "\\npage, and then move the elements of all pages after"
. " the deleted page down one page in turn in order to "
. "fill\\nin the gap left by the deleted page. When page"
. " $pageNumber was deleted however, during the process "
. "of moving the pages after it down into the gaps,\\nit "
. "was not possible to move the elements of page $i onto "
. "page " . ($i - 1) . ".\\nThis meant that it was "
. "necessary to stop the process of reordering, as it "
. "would have resulted in further corruption if the "
. "process had been continued.\\n\\nThis problem should "
. "be corrected manually, and you should inform the system"
. " administrator ASAP.');\n</SCRIPT>\n");
# Now email the system admin about this...
$msgTxt = "An error has ocurred during the deletion of a "
. "page from the $subname submission of the $doctype "
. "document type. When a page is deleted from a "
. "submission, the first step is to delete the page to "
. "be deleted. The next step is to move any pages, after"
. " the deleted page, down by 1 position. This involves "
. "renumberring any elements of these pages to have a "
. "value of pagenb - 1.\n\nDuring the renumberring of "
. "elements after the deletion of page $pageNumber from "
. "the $subname submission however, an error ocurred which"
. " meant it was not possible to give the elements that "
. " currently lie on page $i a value of pagenb = "
. ($i - 1) . ".\n\nTo avoid further data corruption, the "
. "re-numberring was terminated after this error, so it "
. "will be necessary to manually decrement by 1 the "
. "'pagenb field for all elements on page $i and each page"
. " after this. It will then be necessary to decrement "
. "the value of the 'nbpg' field in the 'sbmIMPLEMENT' table "
. "for the '$subname' submission.\n\nBEFORE TAKING THESE "
. "ACTIONS, EXAMINE THE DATA TO ENSURE THAT THE USER HAS "
. "NOT ALREADY DONE THIS.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Page Deletion Error",
$msgTxt, "From: WebSubmit_Administrator");
# Now set the value of the $errorOn flag to mark the fact
# that an error has ocurred...
$errorOn = 1;
# Break free of the loop...
break;
} // END else
} // END for
# Now, if $errorOn has not been set, decrement the value of the
# nbpg field in sbmIMPLEMENT for the current submission, and update
# the md field of the current doctype & submission...
if(!$errorOn)
{
# Update the number of pages for this submission
$nmPgUpdtStr = "UPDATE sbmIMPLEMENT SET nbpg = '" . ($nPgs - 1)
. "', md = '$modifiedDate' WHERE subname = '$subname'";
$nmPgUpdtRes = mysql_query($nmPgUpdtStr);
if(!$nmPgUpdtRes)
{
# In this case, the query has failed, so we must inform the
# administrator that they must decrement the number of
# pages for the submission by 1.
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: The"
. " page has been deleted successfully, but it was not "
. "possible\\nto decrement the number of submission pages "
. "for this submission.\\n\\nPlease inform the system "
. "administrator of this.');\n</SCRIPT>\n");
$msgTxt = "An error has ocurred during the deletion of "
. "page $pageNumber of the $subname submission. The page"
. " was successfully deleted, but it was not possible to "
. "decrement the value of the 'nbpg' field for this "
. "submission in the sbmIMPLEMENT table.\n\nThis should be "
. "done manually as soon as possible, as there is now a "
. "blank page in the submission.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Page Deletion Error",
$msgTxt, "From: WebSubmit_Administrator");
} // END if
else
{
# All went well, so we will inform both the user and the
# administrator that the page was deleted successfully.
# Inform the user
print("<SCRIPT TYPE='text/javascript'>\nalert('The page "
. "has been deleted successfully.');\n</SCRIPT>\n");
# Inform the sys admin
$msgTxt = "Page $pageNumber has been deleted from the "
. "$subname submission type.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Page $pageNumber "
. "Deleted", $msgTxt, "From: WebSubmit_Administrator");
} // END else
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $modifiedDate);
} // END if
} // END if
else
{
# We were unable to delete the page, so we can simply let the
# user know this, as there has been no change to the data.
print("<SCRIPT TYPE='text/javascript'>\nalert('An error ocurred"
. " when trying to delete this page, which meant that its "
. "deletion was impossible.\\nNo change to the submission data "
. "has been made.\\n\\nTry again, or inform the system "
. "administrator.');\n</SCRIPT>\n");
} // END else
} // END function deleteSubmissionPage()
function displayPage($update)
{
global $buttonorder,$displayed,$statustext,$subname,$doctype,$addPage,$nPgs,$pageNumber,$pageLeft,$pageRight,$deletePage;
if(isset($update))
{
# If this variable has been set, it means that this call to the
# page is a call to update the detials of a submission type.
# Ensure that "displayed" is storedin the database in uppercase...
$displayed = strtoupper($displayed);
# Get the data, so that it can be committed for the modification
# date field (md)...
$modifiedDate = makeEDSmdDate();
# Make a query update string...
$updStr = "UPDATE sbmIMPLEMENT SET displayed = '$displayed', buttonorder =";
# Ensure that we don't accidentally put the value '0' into the
# buttonorder field, when we actually want to put a NULL into it
# (and vice- versa)...
if(!$buttonorder)
{
if($buttonorder == '0')
$updStr .= " '$buttonorder', ";
else
$updStr .= " NULL, ";
} // END if
else
{
$updStr .= " '$buttonorder', ";
} // END else
$updStr .= "statustext = '$statustext', md = "
. "'$modifiedDate' WHERE subname = '$subname'";
# Now carry out the query execution
$updateRs = mysql_query($updStr);
if($updateRs)
{
# If the query could actually be executed without error
if(mysql_affected_rows() == 1)
{
# In this case, only 1 row was updated, which is as
# expected
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $modifiedDate);
# Display a nice message informing the user that the update
# has been carried out...
print("<SMALL STYLE=\"color: green; font-weight: bold; "
. "text-align: center\">Update Complete</SMALL>\n<BR>\n");
# Send the administrator a message to inform them of the
# update that has taken place...
$msgTxt = "An update has been carried out on the $subname "
. "submission type in the " . DOCS_DATABASE
. " database.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "$subname Submission Type Updated",
$msgTxt, "From: WebSubmit_Administrator");
# Now that we have updated the submission details, we can
# redisplay them in the form for further editing...
displayEDSsubDetsForm($subname, $doctype);
} // END if
elseif(mysql_affected_rows() > 1)
{
# More than 1 row was updated -> bad news: key duplication
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Multiple rows have been updated in the "
. "<EM>sbmIMPLEMENT</EM> table.<BR>This has resulted from an "
. "attempt to update the <EM>$subname</EM> submission "
. "type.<BR>Please inform the system administrator."
. "</P>\n");
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $modifiedDate);
# Now, email the administrator to let them know this, as it
# is a potentially dangerous error.
$msgTxt = "When a user updated the details of "
. "the $subname submission type using the EDS Administra"
. "tor, several rows were affected in the sbmIMPLEMENT table."
. " The update was conducted using the \"subname\" field "
. "as the key. As the \"subname\" field is the primary "
. "key for the sbmIMPLEMENT table, this means that there must"
. " be key violations in this table. There should only "
. "have been 1 row affected by this update.\n\nThis proble"
. "m should be investigated and corrected immediately.\n\n"
. "WebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "ERROR: sbmIMPLEMENT Table Multiple Row "
. "Update!", $msgTxt, "From: WebSubmit_Administrator");
} // END elseif
else
{
# No rows were updated -> Something strange here!
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>"
. "sbmIMPLEMENT</EM> table.<BR>This suggests that there could"
. " be data inconsistencies or concurrency problems.<BR>"
. "Please inform the system administrator.</P>\n");
# Better email the administrator & let them know...
$msgTxt = "When a user attempted to update the details of "
. "the $subname submission type using the EDS Administrat"
. "or, no rows were affected in the sbmIMPLEMENT table by "
. "this update.\n\nBecause the user must have altered a "
. "submission types details to submit an update on it, it "
. "must have been present at around the time that the user"
. " submitted their update.\n\nThis suggests the possibili"
. "ty of concurrency or data inconsistency problems in thi"
. "s table.\n\nThis should be investigated and corrected "
. "ASAP.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Error: Possible Concurrency Problems",
$msgTxt, "From: WebSubmit_Administrator");
} // END else
} // END if
else
{
# Display an error message about this...
print("<P CLASS='errorMsg'><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> No rows have been updated in the <EM>"
. "sbmIMPLEMENT</EM> table.<BR>This suggests that there could"
. " be data inconsistencies or concurrency problems.<BR>Plea"
. "se inform the system administrator.</P>\n");
} // END else
} // END if
elseif($addPage)
{
# In this case, the user has clicked on the button to add a new
# page to the submission. In this case, we must get the current
# number of pages in the document, increment it by 1, and then
# redirect the browser focus to the "pageDetsEDS.php" for the new
# page (which will of course have no elements on it)...
# We have been passed a value for the number of pages, so the
# first thing to do is to increment it
$nPgs++;
# Get the date for modification date details
$modifiedDate = makeEDSmdDate();
# Now, we can update the "nbpg" field in the sbmIMPLEMENT table to
# the value of this "$nPgs" variable, to reflect the addition of
# the new page.
$updRes = mysql_query("UPDATE sbmIMPLEMENT SET nbpg = '$nPgs', md ="
. " '$modifiedDate' WHERE subname = '$subname'");
# Now ensure that this update has been successful...
if($updRes)
{
# In this case, the query has executed without error, but we
# should also ensure that it has only updated one row. This
# should be the case of course, because there should only be
# one row for the current submission in the sbmIMPLEMENT table.
if(mysql_affected_rows() > 1)
{
# In this case, too many rows have been updated. This is
# actually quite a serious error, as it implies a key
# duplication situation in the sbmIMPLEMENT table.
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $modifiedDate);
# Output a JavaScript alert about this...
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: "
. "Several rows were updated in the sbmIMPLEMENT table for "
. "the $subname submission when we added a page to "
. "it.\\nBecause the \"subname\" field is the primary key"
. "for the sbmIMPLEMENT table, this suggests a primary key "
. "violation.\\n\\nPlease inform the system administrator "
. "administrator');</SCRIPT>\n");
# Now we had better mail the administrator and ensure that
# they know about this problem...
$msgTxt = "An error has ocurred when a new page was added "
. "to the $subname submission. When this action was under"
. "taken, more than 1 rows was updated in the sbmIMPLEMENT "
. "table. This means that there must be more than 1 "
. "instance of this submission in this table.\n\nBecause "
. "the \"subname\" field is the primary key for the "
. "sbmIMPLEMENT table, this it is illegal to have more than "
. "one row for the same submission, and this is therefore "
. "a primary key violation.\n\nYou should look into this "
. "situation immediately, as it is a serious error, and "
. "could cause system problems.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Error - $subname Submission "
. "Duplication",
$msgTxt, "From: WebSubmit_Administrator");
# Finally, we can redisplay the current submission pages
# details
displayEDSsubDetsForm($subname, $doctype);
} // END if
elseif(mysql_affected_rows() <= 0)
{
# In this case, no rows have been updated, or a query error
# has ocurred (if the result set is -1)...
# Better output a quick message..
print("<P CLASS=\"errorMsg\"><SPAN STYLE=\"color: red\">"
. "ERROR:</SPAN> Unable to update $subname submission det"
. "ails. No page added.</P>");
# We'd better output a JavaScript alert informing the user
# that no rows were updated...
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: No "
. "rows were updated in the sbmIMPLEMENT table when an "
. "attempt was made\\nto add a new page to the $subname "
. "submission.\\nThis suggests that there is no data in "
. "the table for this submission, which suggests\\nsome "
. "sort of problem with concurrency.\\nIt is possible that"
. " another user deleted this submission at the same "
. "time\\nas the page was added.\\n\\nThe System Administr"
. "ator should be informed of this problem.');\n"
. "</SCRIPT>\n");
# Now email the administrator and let them know the problem
$msgTxt = "An error has ocurred when trying to add a new "
. "page to the $subname submission of the $doctype documen"
. "t type. When an attempt was made to increment the valu"
. "e of the nbpg field in the sbmIMPLEMENT table by 1 for "
. "this submission, no rows were affected by the update.\n"
. "\nThis suggests that the submission does not exist in "
. "this table. There could be concurrency problems, as it"
. " is possible that during the time between the details "
. "of the submission being displayed, and the 'ADD PAGE' "
. "button being pressed by the user, the submission was "
. "deleted by another user.\n\nThis situation should be "
. "investigated.\n\nWebSubmit Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "EDS Error - $subname Not Found",
$msgTxt, "From: WebSubmit_Administrator");
# Here, instead of redisplaying the details of this
# submission, we must redirect the browser to the
# "documentEDS.php" page, as there is no point in
# redisplaying the submission details if it is possible
# that another user has deleted it. If it still exists,
# the user can simply look at the submission again.
print("<FORM NAME='referForm ACTION='documentEDS.php' "
. "METHOD='post'>\n<INPUT TYPE='hidden' NAME='doctype' "
. "VALUE='$doctype'>\n</FORM>\n<SCRIPT TYPE='text/javas"
. "cript'>\nsetTimeout(\"document.referForm.submit();\","
. " 1000);\n</SCRIPT>\n");
} // END elseif
else
{
# In this case, the query was perfect, and only 1 row was
# updated, exactly as planned. In this case, we can output
# a JavaScript alert letting the user know of the success,
# email the admin informing them of the success, and
# redirect the browser to the "pageDetsEDS.php" page.
# Update the md field for our doctype
updateEDSDOCTYPEmd($doctype, $modifiedDate);
# Now display a quick message on screen...
print("<P STYLE=\"color: green; text-align: center; font-"
. "size: large\">New Page Added To <EM>$subname</EM> "
. "Submission.</P>\n");
# Now we can display a JavaScript Alert to say pretty much
# the same thing in a little more detail
print("<SCRIPT TYPE='text/javascript'>\nalert('A new page "
. "has been added to the $subname submission type.\\nThis "
. "new page has been added into position $nPgs.\\nThe new "
. "page currently has no elements on it, and your browser "
. "has been redirected to the \"pageDetsEDS.php\" page\\n"
. "where you can examine this new submission page, and add"
. " new elements to it.');\n</SCRIPT>\n");
# Now we can email the administrator to say much the same
$msgTxt = "A new page has been added to the $subname "
. "submission of the $doctype document type. This new "
. "page has been inserted as the last page in the "
. "submission and therefore is page number $nPgs.\n\nEDS"
. " Administrator (";
$msgTxt .= makeDate();
$msgTxt .= ")";
# Now send the mail..
mail(ADMIN_EMAIL, "Page $nPgs Added To $subname "
. "Submission", $msgTxt, "From: WebSubmit_Administrator");
# Now redirect the browser to "pageDetsEDS.php"
sendToPageDets($subname, $nPgs, $nPgs, $doctype);
} // END else
} // END if
else
{
# In this case, the query has failed due to some kind of
# error. We'd better let the user know this & the admin, and
# then simply redisplay the details of the current submission
print("<SCRIPT TYPE='text/javascript'>\nalert('ERROR: It was "
. "not possible to add a page to the $subname submission of "
. "the $doctype document type.\\nThe system administrator "
. "should be informed of this problem.');\n</SCRIPT>\n");
# Finally, we can redisplay the current submission pages
# details
displayEDSsubDetsForm($subname, $doctype);
} // END else
} // END elseif
elseif(isset($pageLeft))
{
# If this clause has been reached, the user has chosen to move a
# page of the current submission to the left. This means to give
# it a lower page number, and hence give it a higher priority in
# the page order sequence.
moveSubPage($doctype, $pageNumber, $nPgs, $subname,
$pageNumber - 1);
# Now simply redisplay the page that gives details of the
# submission...
displayEDSsubDetsForm($subname, $doctype);
} // END elseif
elseif(isset($pageRight))
{
# If this clause has been reached, the user has chosen to move a
# page of the current submission to the right (give it a higher
# page number, and hence a lower priority in the order sequence)
moveSubPage($doctype, $pageNumber, $nPgs, $subname,
$pageNumber + 1);
# Now simply redisplay the page that gives details of the
# submission...
displayEDSsubDetsForm($subname, $doctype);
} // END elseif
elseif(isset($deletePage))
{
# If this clause has been reached, the user has chosen to delete
# a page and all of its elements from the current submission.
# Process the deletion of an element
deleteSubmissionPage($subname, $pageNumber, $nPgs, $doctype);
# Now simply redisplay the page that gives details of the
# submission...
displayEDSsubDetsForm($subname, $doctype);
} // END elseif
else
{
# In this case, this is the first call to the page. We can
# therefore simply display the details of the submission
displayEDSsubDetsForm($subname, $doctype);
} // END else
}
/**********************Start of main script***************************/
# Connect to the MySQL server
serverConnect(MYSQLDOCMACHINE, MYSQLDOCUSERID, MYSQLDOCPASSWORD);
# Select the CDS Search database...
dbSelect(DOCS_DATABASE);
- if (!canUseWebSubmitAdmin($uid,$doctype))
- outWarning("You are not allowed to access WebSubmit Admin for this "
- . "type of documents");
+ $auth = canUseWebSubmitAdmin($uid,$doctype);
+ if (!$auth[0])
+ outWarning($auth[1][1] . "<br><br>" . "You are not allowed to access WebSubmit Admin for this type of documents");
else
displayPage($update);
/************************End of main script***************************/
</protect>
?>
diff --git a/modules/websubmit/web/publiline.py b/modules/websubmit/web/publiline.py
index e267028e6..2f3b52d26 100644
--- a/modules/websubmit/web/publiline.py
+++ b/modules/websubmit/web/publiline.py
@@ -1,429 +1,430 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
pylibdir = "<LIBDIR>/python"
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
sys.path.append('%s' % pylibdir)
from cdsware.config import cdsname,cdslang,supportemail
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import *
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email, list_registered_users
from cdsware.messages import *
from cdsware.websubmit_config import *
from cdsware.search_engine import search_pattern
execfile("%s/cdsware/websubmit_functions/Retrieve_Data.py" % pylibdir)
execfile("%s/cdsware/websubmit_functions/mail.py" % pylibdir)
def index(req,c=cdsname,ln=cdslang,doctype="",categ="",RN="",send=""):
global uid
ln = wash_language(ln)
t=""
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
if doctype == "":
t=selectDoctype()
elif categ == "":
t=selectCateg(doctype)
elif RN == "":
t=selectDocument(doctype,categ)
else:
t=displayDocument(doctype,categ,RN,send)
return page(title="publication line",
body=t,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def selectDoctype():
t="""
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">List of refereed types of documents</th>
</tr>
<tr>
<td class="portalboxbody">
Select one of the following types of documents to check the documents status:</small>
<blockquote>"""
res = run_sql("select DISTINCT doctype from sbmAPPROVAL")
for row in res:
res2 = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (row[0],))
t+="<li><A HREF='publiline.py?doctype=%s'>%s</A><BR>" % (row[0],res2[0][0])
t+="""</blockquote>
</td>
</tr>
</table>"""
return t
def selectCateg(doctype):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s",(doctype,))
title = res[0][0]
sth = run_sql("select * from sbmCATEGORIES where doctype=%s order by lname",(doctype,))
if len(sth) == 0:
categ = "unknown"
return selectDocument(doctype,categ)
t+="""
<table class="searchbox" width="100%" summary="">
<tr>"""
t+= "<th class=\"portalboxheader\">%s: List of refereed categories</th>" % title
t+="""
</tr>
<tr>
<td class="portalboxbody">
Please choose a category
<blockquote>
<FORM action="publiline.py" method=get>"""
t+=" <INPUT type=hidden name=doctype value='%s'>\n" % doctype
t+=" <INPUT type=hidden name=categ value=''>\n"
t+=" </FORM>\n"
t+="""
<TABLE>
<TR>
<TD align=left>"""
for arr in sth:
waiting = 0
rejected = 0
approved = 0
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='waiting'", (doctype,arr[1],))
waiting = sth2[0][0]
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='approved'",(doctype,arr[1],))
approved = sth2[0][0]
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='rejected'",(doctype,arr[1],))
rejected = sth2[0][0]
num = waiting + approved + rejected
if waiting != 0:
classtext = "class=blocknote"
else:
classtext = ""
t+="<A href=\"\" onClick=\"document.forms[0].categ.value='%s';document.forms[0].submit();return false;\"><SMALL %s>%s</SMALL></A><SMALL> (%s document<SMALL>(</SMALL>s<SMALL>)</SMALL>\n" % (arr[1],classtext,arr[2],num)
if waiting != 0:
t+= "| %s<IMG ALT=\"pending\" SRC=\"%s/waiting_or.gif\" border=0>\n" % (waiting,images)
if approved != 0:
t+= "| %s<IMG ALT=\"approved\" SRC=\"%s/smchk_gr.gif\" border=0>\n" % (approved,images)
if rejected != 0:
t+= "| %s<IMG ALT=\"rejected\" SRC=\"%s/cross_red.gif\" border=0>" % (rejected,images)
t+=")</SMALL><BR>\n"
t+="""
</TD>
<TD>
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">Key:</th>
<tr>
<tr>
<td>"""
t+=" <IMG ALT=\"pending\" SRC=\"%s/waiting_or.gif\" border=0> waiting for approval<BR>" % images
t+=" <IMG ALT=\"approved\" SRC=\"%s/smchk_gr.gif\" border=0> already approved<BR>" % images
t+=" <IMG ALT=\"rejected\" SRC=\"%s/cross_red.gif\" border=0> rejected<BR><BR>\n" % images
t+="""
<SMALL class=blocknote> </SMALL> some documents are pending<BR></SMALL>
</td>
</tr>
</table>
</TD>
</TR>
</TABLE>
</blockquote>
</td>
</tr>
</table>"""
return t
def selectDocument(doctype,categ):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (doctype,))
title = res[0][0]
if categ == "":
categ == "unknown"
t+="""
<table class="searchbox" width="100%" summary="">
<tr>"""
t+= "<th class=\"portalboxheader\">%s - %s: List of refereed documents</th>" % (title,categ)
t+="""
</tr>
<tr>
<td class="portalboxbody">
Click on a report number to have more information
<blockquote>
<FORM action="publiline.py" method=get>"""
t+=" <INPUT type=hidden name=doctype value='%s'>\n" % doctype
t+=" <INPUT type=hidden name=categ value='%s'>\n" % categ
t+=" <INPUT type=hidden name=RN value=''>\n"
t+=" </FORM>\n"
t+="<TABLE class=\"searchbox\">"
t+="<TR><TH class=\"portalboxheader\">Report Number</TH><TH class=\"portalboxheader\">Pending</TH><TH class=\"portalboxheader\">Approved</TH><TH class=\"portalboxheader\">Rejected</TH></TR>"
sth = run_sql("select rn,status from sbmAPPROVAL where doctype=%s and categ=%s order by status DESC,rn DESC",(doctype,categ))
for arr in sth:
RN = arr[0]
status = arr[1]
if status == "waiting":
t+= "<TR><TD align=center><A HREF=\"\" onClick=\"document.forms[0].RN.value='%s';document.forms[0].submit();return false;\">%s</A></TD><TD align=center><IMG ALT=\"check\" SRC=\"%s/waiting_or.gif\"></TD><TD align=center> </TD><TD align=center> </TD></TR>" % (RN,RN,images)
elif status == "rejected":
t+="<TR><TD align=center><A HREF=\"\" onClick=\"document.forms[0].RN.value='%s';document.forms[0].submit();return false;\">%s</A></TD><TD align=center> </TD><TD align=center> </TD><TD align=center><IMG ALT=\"check\" SRC=\"%s/cross_red.gif\"></TD></TR>" % (RN,RN,images)
elif status == "approved":
t+="<TR><TD align=center><A HREF=\"\" onClick=\"document.forms[0].RN.value='%s';document.forms[0].submit();return false;\">%s</A></TD><TD align=center> </TD><TD align=center><IMG ALT=\"check\" SRC=\"%s/smchk_gr.gif\"></TD><TD align=center> </TD></TR>" % (RN,RN,images)
t+= """</TABLE>
</blockquote>
</td>
</tr>
</table>"""
return t
def displayDocument(doctype,categ,RN,send):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (doctype,))
docname = res[0][0]
if categ == "":
categ = "unknown"
sth = run_sql("select rn,status,dFirstReq,dLastReq,dAction,access from sbmAPPROVAL where rn=%s",(RN,))
if len(sth) > 0:
arr = sth[0]
status = arr[1]
dFirstReq = arr[2]
dLastReq = arr[3]
dAction = arr[4]
access = arr[5]
if status == "waiting":
image = "<IMG SRC=\"%s/waiting_or.gif\" ALT=\"\" align=right>" % images
elif status == "approved":
image = "<IMG SRC=\"%s/smchk_gr.gif\" ALT=\"\" align=right>" % images
elif status == "rejected":
image = "<IMG SRC=\"%s/iconcross.gif\" ALT=\"\" align=right>" % images
else:
image = ""
t+="""
<table class="searchbox" summary="">
<tr>"""
t+= "<th class=\"portalboxheader\">%s%s</th>" % (image,RN)
t+="""
</tr>
<tr>
<td class="portalboxbody">"""
else:
return warningMsg("This document has never been requested for approval!<BR> ")
(authors,title,sysno,newrn) = getInfo(doctype,categ,RN)
if send == "Send Again":
if authors == "unknown" or title == "unknown":
SendWarning(doctype,categ,RN,title,authors,access)
else:
SendEnglish(doctype,categ,RN,title,authors,access,sysno)
run_sql("update sbmAPPROVAL set dLastReq=NOW() where rn=%s",(RN,))
t+= "<I><strong class=headline>Your request has been sent to the referee!</strong></I><BR><BR>"
t+= "<FORM action=\"publiline.py\">\n"
t+= "<INPUT type=hidden name=RN value=\"%s\">\n" % RN
t+= "<INPUT type=hidden name=categ value=\"%s\">\n" % categ
t+= "<INPUT type=hidden name=doctype value=\"%s\">\n" % doctype
t+="<SMALL>\n"
if title != "unknown":
t+= "<strong class=headline>Title:</strong>%s<BR><BR>\n" % title
if authors != "":
t+="<strong class=headline>Author:</strong>%s<BR><BR>\n" % authors
if sysno != "":
t+="<strong class=headline>More information:</strong>"
t+= " <A HREF=\"%s?id=%s\">click here</A><BR><BR>\n" % (accessurl,sysno)
if status == "waiting":
t+= "This Document is still <strong class=headline>waiting for approval</strong>.<BR><BR>"
t+="It has first been sent to approval on: <strong class=headline>%s</strong><BR>" % dFirstReq
if dLastReq == "0000-00-00 00:00:00":
t+= "Last approval e-mail was sent on: <strong class=headline>%s</strong><BR>" % dFirstReq
else:
t+= "Last approval e-mail was sent on: <strong class=headline>%s</strong><BR>" % dLastReq
t+="<BR>You can send an approval request e-mail again by clicking the following button:"
t+= "<BR><INPUT class=\"adminbutton\" type=submit name=send value=\"Send Again\" onClick=\"return confirm('WARNING! An e-mail will be send to your referee if you confirm.')\">"
# We also display a button for the referee
- if acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ):
+ (auth_code, auth_message) = acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ)
+ if auth_code == 0:
t+= "<br>As a referee for this document, you may click this button to approve or reject it:"
t+= "<BR><INPUT class=\"adminbutton\" type=submit name=approval value=\"Approve/Reject\" onClick=\"window.location='approve.py?%s';return false;\">" % access
if status == "approved":
t+="This Document has been <strong class=headline>approved</strong>.<BR>Its approved reference is: <strong class=headline>%s</strong><BR><BR>" % newrn
t+="It has first been sent to approval on: <strong class=headline>%s</strong><BR>" % dFirstReq
if dLastReq == "0000-00-00 00:00:00":
t+= "Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dFirstReq
else:
t+= "Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dLastReq
t+="It has been approved on: <strong class=headline>%s</STRONG><BR>" % dAction
if status == "rejected":
t+= "This Document has been <strong class=headline>rejected</STRONG>.<BR><BR>"
t+="It has first been sent to approval on: <strong class=headline>%s</STRONG><BR>" % dFirstReq
if dLastReq == "0000-00-00 00:00:00":
t+= "Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dFirstReq
else:
t+="Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dLastReq
t+= "It has been rejected on: <strong class=headline>%s</STRONG><BR>" % dAction
t+= "</SMALL></FORM>"
t+= """<BR></TD></TR></TABLE>
</blockquote>
</td>
</tr>
</table>"""
return t
# Retrieve info about document
def getInfo(doctype,categ,RN):
result = getInPending(doctype,categ,RN)
if not result:
result = getInAlice(doctype,categ,RN)
return result
#seek info in pending directory
def getInPending(doctype,categ,RN):
PENDIR="%s/pending" % storage
if os.path.exists("%s/%s/%s/AU" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/AU" % (PENDIR,doctype,RN),"r")
authors=fp.read()
fp.close()
else:
authors = ""
if os.path.exists("%s/%s/%s/TI" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/TI" % (PENDIR,doctype,RN),"r")
title=fp.read()
fp.close()
else:
title = ""
if os.path.exists("%s/%s/%s/SN" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/SN" % (PENDIR,doctype,RN),"r")
sysno=fp.read()
fp.close()
else:
sysno = ""
if title == "" and os.path.exists("%s/%s/%s/TIF" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/TIF" % (PENDIR,doctype,RN),"r")
title=fp.read()
fp.close()
if title == "":
return 0
else:
return (authors,title,sysno,"")
#seek info in Alice database
def getInAlice(doctype,categ,RN):
# initialize sysno variable
sysno = ""
searchresults = search_pattern(req=None, p=RN, f="reportnumber").items().tolist()
if len(searchresults) == 0:
return 0
sysno = searchresults[0]
if sysno != "":
title = Get_Field('245__a',sysno)
emailvalue = Get_Field('8560_f',sysno)
authors = Get_Field('100__a',sysno)
authors += "\n%s" % Get_Field('700__a',sysno)
newrn = Get_Field('037__a',sysno)
return (authors,title,sysno,newrn)
else:
return 0
def SendEnglish(doctype,categ,RN,title,authors,access,sysno):
FROMADDR = '%s Submission Engine <%s>' % (cdsname,supportemail)
# retrieve useful information from webSubmit configuration
res = run_sql("select value from sbmPARAMETERS where name='categformatDAM' and doctype=%s", (doctype,))
categformat = res[0][0]
categformat = re.sub("<CATEG>","([^-]*)",categformat)
categs = re.match(categformat,RN)
if categs != None:
categ = categs.group(1)
else:
categ = "unknown"
res = run_sql("select value from sbmPARAMETERS where name='addressesDAM' and doctype=%s",(doctype,))
if len(res) > 0:
otheraddresses = res[0][0]
otheraddresses = otheraddresses.replace("<CATEG>",categ)
else:
otheraddresses = ""
# Build referee's email address
refereeaddress = ""
# Try to retrieve the referee's email from the referee's database
for user in acc_getRoleUsers(acc_getRoleId("referee_%s_%s" % (doctype,categ))):
refereeaddress += user[1] + ","
# And if there are general referees
for user in acc_getRoleUsers(acc_getRoleId("referee_%s_*" % doctype)):
refereeaddress += user[1] + ","
refereeaddress = re.sub(",$","",refereeaddress)
# Creation of the mail for the referee
addresses = ""
if refereeaddress != "":
addresses = refereeaddress + ","
if otheraddresses != "":
addresses += otheraddresses
else:
addresses = re.sub(",$","",addresses)
if addresses=="":
SendWarning(doctype,categ,RN,title,authors,access)
return 0
if authors == "":
authors = "-"
res = run_sql("select value from sbmPARAMETERS where name='directory' and doctype=%s", (doctype,))
directory = res[0][0]
message = """
The document %s has been published as a Communication.
Your approval is requested for it to become an official Note.
Title: %s
Author(s): %s
To access the document(s), select the file(s) from the location:
<%s/getfile.py?recid=%s>
To approve/reject the document, you should go to this URL:
<%s/approve.py?%s>
---------------------------------------------
Best regards.
The submission team.""" % (RN,title,authors,urlpath,sysno,urlpath,access)
# send the mail
body = forge_email(FROMADDR,addresses,adminemail,"Request for Approval of %s" % RN,message)
send_email(FROMADDR,addresses,body,0)
return ""
def SendWarning(doctype,categ,RN,title,authors,access):
FROMADDR = '%s Submission Engine <%s>' % (cdsname,supportemail)
message = "Failed sending approval email request for %s" % RN
# send the mail
body = forge_email(FROMADDR,adminemail,"","Failed sending approval email request",message)
send_email(FROMADDR,adminemail,body,0)
return ""
</protect>
diff --git a/modules/websubmit/web/publiline.py.wml b/modules/websubmit/web/publiline.py.wml
index e267028e6..2f3b52d26 100644
--- a/modules/websubmit/web/publiline.py.wml
+++ b/modules/websubmit/web/publiline.py.wml
@@ -1,429 +1,430 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
pylibdir = "<LIBDIR>/python"
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
sys.path.append('%s' % pylibdir)
from cdsware.config import cdsname,cdslang,supportemail
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import *
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email, list_registered_users
from cdsware.messages import *
from cdsware.websubmit_config import *
from cdsware.search_engine import search_pattern
execfile("%s/cdsware/websubmit_functions/Retrieve_Data.py" % pylibdir)
execfile("%s/cdsware/websubmit_functions/mail.py" % pylibdir)
def index(req,c=cdsname,ln=cdslang,doctype="",categ="",RN="",send=""):
global uid
ln = wash_language(ln)
t=""
# get user ID:
try:
uid = getUid(req)
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
if doctype == "":
t=selectDoctype()
elif categ == "":
t=selectCateg(doctype)
elif RN == "":
t=selectDocument(doctype,categ)
else:
t=displayDocument(doctype,categ,RN,send)
return page(title="publication line",
body=t,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def selectDoctype():
t="""
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">List of refereed types of documents</th>
</tr>
<tr>
<td class="portalboxbody">
Select one of the following types of documents to check the documents status:</small>
<blockquote>"""
res = run_sql("select DISTINCT doctype from sbmAPPROVAL")
for row in res:
res2 = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (row[0],))
t+="<li><A HREF='publiline.py?doctype=%s'>%s</A><BR>" % (row[0],res2[0][0])
t+="""</blockquote>
</td>
</tr>
</table>"""
return t
def selectCateg(doctype):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s",(doctype,))
title = res[0][0]
sth = run_sql("select * from sbmCATEGORIES where doctype=%s order by lname",(doctype,))
if len(sth) == 0:
categ = "unknown"
return selectDocument(doctype,categ)
t+="""
<table class="searchbox" width="100%" summary="">
<tr>"""
t+= "<th class=\"portalboxheader\">%s: List of refereed categories</th>" % title
t+="""
</tr>
<tr>
<td class="portalboxbody">
Please choose a category
<blockquote>
<FORM action="publiline.py" method=get>"""
t+=" <INPUT type=hidden name=doctype value='%s'>\n" % doctype
t+=" <INPUT type=hidden name=categ value=''>\n"
t+=" </FORM>\n"
t+="""
<TABLE>
<TR>
<TD align=left>"""
for arr in sth:
waiting = 0
rejected = 0
approved = 0
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='waiting'", (doctype,arr[1],))
waiting = sth2[0][0]
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='approved'",(doctype,arr[1],))
approved = sth2[0][0]
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='rejected'",(doctype,arr[1],))
rejected = sth2[0][0]
num = waiting + approved + rejected
if waiting != 0:
classtext = "class=blocknote"
else:
classtext = ""
t+="<A href=\"\" onClick=\"document.forms[0].categ.value='%s';document.forms[0].submit();return false;\"><SMALL %s>%s</SMALL></A><SMALL> (%s document<SMALL>(</SMALL>s<SMALL>)</SMALL>\n" % (arr[1],classtext,arr[2],num)
if waiting != 0:
t+= "| %s<IMG ALT=\"pending\" SRC=\"%s/waiting_or.gif\" border=0>\n" % (waiting,images)
if approved != 0:
t+= "| %s<IMG ALT=\"approved\" SRC=\"%s/smchk_gr.gif\" border=0>\n" % (approved,images)
if rejected != 0:
t+= "| %s<IMG ALT=\"rejected\" SRC=\"%s/cross_red.gif\" border=0>" % (rejected,images)
t+=")</SMALL><BR>\n"
t+="""
</TD>
<TD>
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">Key:</th>
<tr>
<tr>
<td>"""
t+=" <IMG ALT=\"pending\" SRC=\"%s/waiting_or.gif\" border=0> waiting for approval<BR>" % images
t+=" <IMG ALT=\"approved\" SRC=\"%s/smchk_gr.gif\" border=0> already approved<BR>" % images
t+=" <IMG ALT=\"rejected\" SRC=\"%s/cross_red.gif\" border=0> rejected<BR><BR>\n" % images
t+="""
<SMALL class=blocknote> </SMALL> some documents are pending<BR></SMALL>
</td>
</tr>
</table>
</TD>
</TR>
</TABLE>
</blockquote>
</td>
</tr>
</table>"""
return t
def selectDocument(doctype,categ):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (doctype,))
title = res[0][0]
if categ == "":
categ == "unknown"
t+="""
<table class="searchbox" width="100%" summary="">
<tr>"""
t+= "<th class=\"portalboxheader\">%s - %s: List of refereed documents</th>" % (title,categ)
t+="""
</tr>
<tr>
<td class="portalboxbody">
Click on a report number to have more information
<blockquote>
<FORM action="publiline.py" method=get>"""
t+=" <INPUT type=hidden name=doctype value='%s'>\n" % doctype
t+=" <INPUT type=hidden name=categ value='%s'>\n" % categ
t+=" <INPUT type=hidden name=RN value=''>\n"
t+=" </FORM>\n"
t+="<TABLE class=\"searchbox\">"
t+="<TR><TH class=\"portalboxheader\">Report Number</TH><TH class=\"portalboxheader\">Pending</TH><TH class=\"portalboxheader\">Approved</TH><TH class=\"portalboxheader\">Rejected</TH></TR>"
sth = run_sql("select rn,status from sbmAPPROVAL where doctype=%s and categ=%s order by status DESC,rn DESC",(doctype,categ))
for arr in sth:
RN = arr[0]
status = arr[1]
if status == "waiting":
t+= "<TR><TD align=center><A HREF=\"\" onClick=\"document.forms[0].RN.value='%s';document.forms[0].submit();return false;\">%s</A></TD><TD align=center><IMG ALT=\"check\" SRC=\"%s/waiting_or.gif\"></TD><TD align=center> </TD><TD align=center> </TD></TR>" % (RN,RN,images)
elif status == "rejected":
t+="<TR><TD align=center><A HREF=\"\" onClick=\"document.forms[0].RN.value='%s';document.forms[0].submit();return false;\">%s</A></TD><TD align=center> </TD><TD align=center> </TD><TD align=center><IMG ALT=\"check\" SRC=\"%s/cross_red.gif\"></TD></TR>" % (RN,RN,images)
elif status == "approved":
t+="<TR><TD align=center><A HREF=\"\" onClick=\"document.forms[0].RN.value='%s';document.forms[0].submit();return false;\">%s</A></TD><TD align=center> </TD><TD align=center><IMG ALT=\"check\" SRC=\"%s/smchk_gr.gif\"></TD><TD align=center> </TD></TR>" % (RN,RN,images)
t+= """</TABLE>
</blockquote>
</td>
</tr>
</table>"""
return t
def displayDocument(doctype,categ,RN,send):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (doctype,))
docname = res[0][0]
if categ == "":
categ = "unknown"
sth = run_sql("select rn,status,dFirstReq,dLastReq,dAction,access from sbmAPPROVAL where rn=%s",(RN,))
if len(sth) > 0:
arr = sth[0]
status = arr[1]
dFirstReq = arr[2]
dLastReq = arr[3]
dAction = arr[4]
access = arr[5]
if status == "waiting":
image = "<IMG SRC=\"%s/waiting_or.gif\" ALT=\"\" align=right>" % images
elif status == "approved":
image = "<IMG SRC=\"%s/smchk_gr.gif\" ALT=\"\" align=right>" % images
elif status == "rejected":
image = "<IMG SRC=\"%s/iconcross.gif\" ALT=\"\" align=right>" % images
else:
image = ""
t+="""
<table class="searchbox" summary="">
<tr>"""
t+= "<th class=\"portalboxheader\">%s%s</th>" % (image,RN)
t+="""
</tr>
<tr>
<td class="portalboxbody">"""
else:
return warningMsg("This document has never been requested for approval!<BR> ")
(authors,title,sysno,newrn) = getInfo(doctype,categ,RN)
if send == "Send Again":
if authors == "unknown" or title == "unknown":
SendWarning(doctype,categ,RN,title,authors,access)
else:
SendEnglish(doctype,categ,RN,title,authors,access,sysno)
run_sql("update sbmAPPROVAL set dLastReq=NOW() where rn=%s",(RN,))
t+= "<I><strong class=headline>Your request has been sent to the referee!</strong></I><BR><BR>"
t+= "<FORM action=\"publiline.py\">\n"
t+= "<INPUT type=hidden name=RN value=\"%s\">\n" % RN
t+= "<INPUT type=hidden name=categ value=\"%s\">\n" % categ
t+= "<INPUT type=hidden name=doctype value=\"%s\">\n" % doctype
t+="<SMALL>\n"
if title != "unknown":
t+= "<strong class=headline>Title:</strong>%s<BR><BR>\n" % title
if authors != "":
t+="<strong class=headline>Author:</strong>%s<BR><BR>\n" % authors
if sysno != "":
t+="<strong class=headline>More information:</strong>"
t+= " <A HREF=\"%s?id=%s\">click here</A><BR><BR>\n" % (accessurl,sysno)
if status == "waiting":
t+= "This Document is still <strong class=headline>waiting for approval</strong>.<BR><BR>"
t+="It has first been sent to approval on: <strong class=headline>%s</strong><BR>" % dFirstReq
if dLastReq == "0000-00-00 00:00:00":
t+= "Last approval e-mail was sent on: <strong class=headline>%s</strong><BR>" % dFirstReq
else:
t+= "Last approval e-mail was sent on: <strong class=headline>%s</strong><BR>" % dLastReq
t+="<BR>You can send an approval request e-mail again by clicking the following button:"
t+= "<BR><INPUT class=\"adminbutton\" type=submit name=send value=\"Send Again\" onClick=\"return confirm('WARNING! An e-mail will be send to your referee if you confirm.')\">"
# We also display a button for the referee
- if acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ):
+ (auth_code, auth_message) = acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ)
+ if auth_code == 0:
t+= "<br>As a referee for this document, you may click this button to approve or reject it:"
t+= "<BR><INPUT class=\"adminbutton\" type=submit name=approval value=\"Approve/Reject\" onClick=\"window.location='approve.py?%s';return false;\">" % access
if status == "approved":
t+="This Document has been <strong class=headline>approved</strong>.<BR>Its approved reference is: <strong class=headline>%s</strong><BR><BR>" % newrn
t+="It has first been sent to approval on: <strong class=headline>%s</strong><BR>" % dFirstReq
if dLastReq == "0000-00-00 00:00:00":
t+= "Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dFirstReq
else:
t+= "Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dLastReq
t+="It has been approved on: <strong class=headline>%s</STRONG><BR>" % dAction
if status == "rejected":
t+= "This Document has been <strong class=headline>rejected</STRONG>.<BR><BR>"
t+="It has first been sent to approval on: <strong class=headline>%s</STRONG><BR>" % dFirstReq
if dLastReq == "0000-00-00 00:00:00":
t+= "Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dFirstReq
else:
t+="Last approval e-mail was sent on: <strong class=headline>%s</STRONG><BR>" % dLastReq
t+= "It has been rejected on: <strong class=headline>%s</STRONG><BR>" % dAction
t+= "</SMALL></FORM>"
t+= """<BR></TD></TR></TABLE>
</blockquote>
</td>
</tr>
</table>"""
return t
# Retrieve info about document
def getInfo(doctype,categ,RN):
result = getInPending(doctype,categ,RN)
if not result:
result = getInAlice(doctype,categ,RN)
return result
#seek info in pending directory
def getInPending(doctype,categ,RN):
PENDIR="%s/pending" % storage
if os.path.exists("%s/%s/%s/AU" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/AU" % (PENDIR,doctype,RN),"r")
authors=fp.read()
fp.close()
else:
authors = ""
if os.path.exists("%s/%s/%s/TI" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/TI" % (PENDIR,doctype,RN),"r")
title=fp.read()
fp.close()
else:
title = ""
if os.path.exists("%s/%s/%s/SN" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/SN" % (PENDIR,doctype,RN),"r")
sysno=fp.read()
fp.close()
else:
sysno = ""
if title == "" and os.path.exists("%s/%s/%s/TIF" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/TIF" % (PENDIR,doctype,RN),"r")
title=fp.read()
fp.close()
if title == "":
return 0
else:
return (authors,title,sysno,"")
#seek info in Alice database
def getInAlice(doctype,categ,RN):
# initialize sysno variable
sysno = ""
searchresults = search_pattern(req=None, p=RN, f="reportnumber").items().tolist()
if len(searchresults) == 0:
return 0
sysno = searchresults[0]
if sysno != "":
title = Get_Field('245__a',sysno)
emailvalue = Get_Field('8560_f',sysno)
authors = Get_Field('100__a',sysno)
authors += "\n%s" % Get_Field('700__a',sysno)
newrn = Get_Field('037__a',sysno)
return (authors,title,sysno,newrn)
else:
return 0
def SendEnglish(doctype,categ,RN,title,authors,access,sysno):
FROMADDR = '%s Submission Engine <%s>' % (cdsname,supportemail)
# retrieve useful information from webSubmit configuration
res = run_sql("select value from sbmPARAMETERS where name='categformatDAM' and doctype=%s", (doctype,))
categformat = res[0][0]
categformat = re.sub("<CATEG>","([^-]*)",categformat)
categs = re.match(categformat,RN)
if categs != None:
categ = categs.group(1)
else:
categ = "unknown"
res = run_sql("select value from sbmPARAMETERS where name='addressesDAM' and doctype=%s",(doctype,))
if len(res) > 0:
otheraddresses = res[0][0]
otheraddresses = otheraddresses.replace("<CATEG>",categ)
else:
otheraddresses = ""
# Build referee's email address
refereeaddress = ""
# Try to retrieve the referee's email from the referee's database
for user in acc_getRoleUsers(acc_getRoleId("referee_%s_%s" % (doctype,categ))):
refereeaddress += user[1] + ","
# And if there are general referees
for user in acc_getRoleUsers(acc_getRoleId("referee_%s_*" % doctype)):
refereeaddress += user[1] + ","
refereeaddress = re.sub(",$","",refereeaddress)
# Creation of the mail for the referee
addresses = ""
if refereeaddress != "":
addresses = refereeaddress + ","
if otheraddresses != "":
addresses += otheraddresses
else:
addresses = re.sub(",$","",addresses)
if addresses=="":
SendWarning(doctype,categ,RN,title,authors,access)
return 0
if authors == "":
authors = "-"
res = run_sql("select value from sbmPARAMETERS where name='directory' and doctype=%s", (doctype,))
directory = res[0][0]
message = """
The document %s has been published as a Communication.
Your approval is requested for it to become an official Note.
Title: %s
Author(s): %s
To access the document(s), select the file(s) from the location:
<%s/getfile.py?recid=%s>
To approve/reject the document, you should go to this URL:
<%s/approve.py?%s>
---------------------------------------------
Best regards.
The submission team.""" % (RN,title,authors,urlpath,sysno,urlpath,access)
# send the mail
body = forge_email(FROMADDR,addresses,adminemail,"Request for Approval of %s" % RN,message)
send_email(FROMADDR,addresses,body,0)
return ""
def SendWarning(doctype,categ,RN,title,authors,access):
FROMADDR = '%s Submission Engine <%s>' % (cdsname,supportemail)
message = "Failed sending approval email request for %s" % RN
# send the mail
body = forge_email(FROMADDR,adminemail,"","Failed sending approval email request",message)
send_email(FROMADDR,adminemail,body,0)
return ""
</protect>
diff --git a/modules/websubmit/web/yourapprovals.py b/modules/websubmit/web/yourapprovals.py
index d205862e4..62a59c950 100644
--- a/modules/websubmit/web/yourapprovals.py
+++ b/modules/websubmit/web/yourapprovals.py
@@ -1,102 +1,103 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
pylibdir = "<LIBDIR>/python"
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
## import interesting modules:
import os
import sys
sys.path.append('%s' % pylibdir)
from cdsware.config import weburl,cdsname,cdslang
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import *
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email, list_registered_users
from cdsware.messages import *
from cdsware.websubmit_config import *
from cdsware.search_engine import search_pattern
def index(req,c=cdsname,ln=cdslang,order="",doctype="",deletedId="",deletedAction="",deletedDoctype=""):
global uid
ln = wash_language(ln)
t=""
# get user ID:
try:
uid = getUid(req)
u_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
t+="""
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">Refereed Documents</th>
</tr>
<tr>
<td class=\"portalboxbody\">"""
res = run_sql("select sdocname,ldocname from sbmDOCTYPE")
for row in res:
doctype = row[0]
docname = row[1]
reftext = ""
if isReferee(uid,doctype,"*"):
reftext+= "<LI><A HREF=\"publiline.py?doctype=%s\">You are general referee</a><br>" % doctype
res2 = run_sql("select sname,lname from sbmCATEGORIES where doctype=%s",(doctype,))
for row2 in res2:
category = row2[0]
categname = row2[1]
if isReferee(uid,doctype,category):
reftext+= "<LI><A HREF=\"publiline.py?doctype=%s&categ=%s\">You are referee for category: %s (%s)</a><br>" % (doctype,category,categname,category)
if reftext != "":
t+= "<UL><LI><b>%s</b><UL><small>" % docname
t+=reftext
t+="</small></UL></UL>"
t+="</td></tr></table>"
return page(title="Your Approvals",
navtrail="""<a class="navtrail" href="%s/youraccount.py/display">Your Account</a>""" % weburl,
body=t,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def isReferee(uid,doctype="",categ=""):
- if acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ):
+ (auth_code, auth_message) = acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ)
+ if auth_code == 0:
return 1
else:
return 0
def errorMsg(title,req,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
urlargs=req.args)
</protect>
diff --git a/modules/websubmit/web/yourapprovals.py.wml b/modules/websubmit/web/yourapprovals.py.wml
index d205862e4..62a59c950 100644
--- a/modules/websubmit/web/yourapprovals.py.wml
+++ b/modules/websubmit/web/yourapprovals.py.wml
@@ -1,102 +1,103 @@
## $Id$
## This file is part of the CERN Document Server Software (CDSware).
## Copyright (C) 2002 CERN.
##
## The CDSware is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## The CDSware is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDSware; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## read config variables:
#include "config.wml"
#include "configbis.wml"
pylibdir = "<LIBDIR>/python"
<protect>
## $Id$
## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES.
## import interesting modules:
import os
import sys
sys.path.append('%s' % pylibdir)
from cdsware.config import weburl,cdsname,cdslang
from cdsware.dbquery import run_sql
from cdsware.access_control_engine import acc_authorize_action
from cdsware.access_control_admin import *
from cdsware.webpage import page, create_error_box
from cdsware.webuser import getUid, get_email, list_registered_users
from cdsware.messages import *
from cdsware.websubmit_config import *
from cdsware.search_engine import search_pattern
def index(req,c=cdsname,ln=cdslang,order="",doctype="",deletedId="",deletedAction="",deletedDoctype=""):
global uid
ln = wash_language(ln)
t=""
# get user ID:
try:
uid = getUid(req)
u_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req)
t+="""
<table class="searchbox" width="100%" summary="">
<tr>
<th class="portalboxheader">Refereed Documents</th>
</tr>
<tr>
<td class=\"portalboxbody\">"""
res = run_sql("select sdocname,ldocname from sbmDOCTYPE")
for row in res:
doctype = row[0]
docname = row[1]
reftext = ""
if isReferee(uid,doctype,"*"):
reftext+= "<LI><A HREF=\"publiline.py?doctype=%s\">You are general referee</a><br>" % doctype
res2 = run_sql("select sname,lname from sbmCATEGORIES where doctype=%s",(doctype,))
for row2 in res2:
category = row2[0]
categname = row2[1]
if isReferee(uid,doctype,category):
reftext+= "<LI><A HREF=\"publiline.py?doctype=%s&categ=%s\">You are referee for category: %s (%s)</a><br>" % (doctype,category,categname,category)
if reftext != "":
t+= "<UL><LI><b>%s</b><UL><small>" % docname
t+=reftext
t+="</small></UL></UL>"
t+="</td></tr></table>"
return page(title="Your Approvals",
navtrail="""<a class="navtrail" href="%s/youraccount.py/display">Your Account</a>""" % weburl,
body=t,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def isReferee(uid,doctype="",categ=""):
- if acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ):
+ (auth_code, auth_message) = acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ)
+ if auth_code == 0:
return 1
else:
return 0
def errorMsg(title,req,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDSware, Internal Error" % c,
language=ln,
urlargs=req.args)
</protect>