/[libdata]/trunk/admin/include/app_controls.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /trunk/admin/include/app_controls.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 72 - (hide annotations)
Thu Mar 18 20:33:37 2004 UTC (20 years, 1 month ago) by dpavlin
File size: 82985 byte(s) 
changes made in version 2.00
1 dpavlin 13 <?php
2     /**********************************************************
3     Function Library: app_controls.php
4 dpavlin 72 Original Author: Paul Bramscher <brams006@umn.edu>
5     Last Modified: 03.15.2004
6 dpavlin 13 ***********************************************************
7     Comments:
8     Functions here are generally related to drawing of HTML
9     form input: text boxes, drop-down boxes, and radio buttons.
10     Other functions include lookup and picklist related duties.
11    
12     These have been separated from forms.php since they are
13     typically used in more than one place. Some are quite
14     generic and are used throughout the system.
15     ***********************************************************
16     Table of Contents:
17     adminReturn
18     authPage
19     authResourceDelete
20     authResourceEdit
21     authSubject
22     dropDownAccountOmit
23     dropDownAuthCourses
24     dropDownAuthPages
25     dropDownAuthSubjects
26     dropDownCourses
27     dropDownCoursesubOmit
28     dropDownCoursesubSelected
29     dropDownFaculty
30     dropDownFacultySelected
31     dropDownField
32     dropDownFieldOmit
33     dropDownFieldSelected
34     dropDownInfotype
35     dropDownPageStaff
36     dropDownPageSubject
37     dropDownResource
38     dropDownServiceLimit
39     dropDownStaff
40     dropDownStaffOmit
41     dropDownStaffSelected
42     existsResSub
43     existsResSubNA
44 dpavlin 72 existsResSubNOTNA
45 dpavlin 13 existsRow
46     getNotIn
47     lookupFaculty
48     lookupField
49     lookupStaff
50 dpavlin 72 msgTableClose
51     msgTableOpen
52 dpavlin 13 recordCount
53     selectCoursesub
54     selectFaculty
55     selectKey
56     selectStaff
57     statQuery
58     textInmySQL
59     textOutHTML
60     textSearchmySQL
61     **********************************************************/
62    
63    
64    
65     /**********************************************************
66     Function: adminReturn($sess_access_level)
67     Author: Paul Bramscher
68     Last Modified: 07.02.2003
69     ***********************************************************
70     Incoming:
71     $sess_access_level Access level of the current
72     session.
73     ***********************************************************
74     Outgoing:
75     None
76     ***********************************************************
77     Purpose:
78     A simple HTML link back to the author console, used
79     throughout the Lumina(r) system. This function may be
80     (optionally) passed the access level of the current user
81     session. Higher access will display more menu link
82     options. Note that each menu, upon arrival, verifies the
83     session and access level so this presents no security
84     risk.
85     **********************************************************/
86     function adminReturn($sess_access_level) {
87    
88     include ("global_vars.php");
89    
90     // Return to admin console
91     printf("<center><br>\n");
92     printf("<a href=\"%sconsole.phtml\">Authoring Console</a>", $GLOBAL_ADMIN_URL);
93    
94     // If manager or higher
95     if ($sess_access_level >= 100) printf(" | <a href=\"%sconsole_manager.phtml\">Manager Functions</a>", $GLOBAL_ADMIN_URL);
96    
97     // If DBA
98     if ($sess_access_level == 1000) printf(" | <a href=\"%sconsole_dba.phtml\">DBA Tools</a>", $GLOBAL_ADMIN_URL);
99    
100     printf("</center>");
101     }
102    
103    
104     /**********************************************************
105 dpavlin 72 Function: authPage($page_id, $sess_access_level, $sess_staff_id)
106 dpavlin 13 Author: Paul Bramscher
107 dpavlin 72 Last Modified: 03.02.2004
108 dpavlin 13 ***********************************************************
109     Incoming:
110     $page_id Page to test authorization
111     $sess_access_level Access level of the current user
112     session.
113     $sess_staff_id staff id of the current user
114     ***********************************************************
115     Outgoing:
116     1 = authorized to work on this page.
117     0 = non-authorized.
118     ***********************************************************
119     Purpose:
120     A check to ensure whether the current user may access the
121     supplied page. The following rules apply:
122    
123     (1) DBA's can edit anything.
124     (2) Managers can edit pages created by anyone within their unit.
125     (3) Page coordinators can edit pages they coordinate.
126     (4) Page maintainers may also edit pages they are assigned to.
127    
128     Some scenarios of pages that are NOT editable:
129    
130     (1) The original page creator is no longer the coordinator,
131     not a DBA, and not assigned as a maintainer. S/he can no
132     longer edit the page.
133     (2) You are a unit managager and used to have access to a page
134     coordinated by one of your employees. S/he switches units,
135     and is now under a new manager. The page can now be accessed
136     by the manager of the new unit and not yourself.
137    
138     etc...
139    
140     **********************************************************/
141 dpavlin 72 function authPage($page_id, $sess_access_level, $sess_staff_id){
142 dpavlin 13
143     /* Access Table Definitions
144     +-----------+--------------+---------+
145     | access_id | access_level | access |
146     +-----------+--------------+---------+
147     | 1 | 0 | Denied |
148     | 2 | 10 | Guest |
149     | 3 | 20 | Author |
150     | 4 | 100 | Manager |
151     | 5 | 1000 | DBA |
152     +-----------+--------------+---------+
153     */
154    
155    
156     // Default no authorization
157     $auth_page = 0;
158    
159    
160     // User is an author. Must be page coordinator or a co-maintainer.
161     if ($sess_access_level == 20) {
162    
163     $sql = "SELECT count(DISTINCT p.page_id) AS auth_page FROM
164     page p
165     LEFT JOIN page_staff ps using (page_id)
166     WHERE p.page_id = "
167     . $page_id
168     . " AND (p.staff_coordinator = "
169     . $sess_staff_id
170     . " OR ps.staff_id = "
171     . $sess_staff_id
172     . ")";
173    
174     }
175    
176    
177     // User is a manager. Must be page coordinator, co-maintainer, or manager of
178     // the coordinator's unit.
179     else if ($sess_access_level == 100) {
180 dpavlin 72
181 dpavlin 13 // Determine libunit
182     $lu_sql = "SELECT libunit_id FROM libunit
183     WHERE head_staff_id = "
184     . $sess_staff_id;
185 dpavlin 72 $lu_rs = xx_tryquery($lu_sql);
186 dpavlin 13
187     $lu_string = "ls.libunit_id IN (";
188     $first_element = 0;
189    
190     // Concatenate the IN clause
191 dpavlin 72 while ($lu_row = xx_fetch_array ($lu_rs, xx_ASSOC)) {
192 dpavlin 13 $libunit_id = $lu_row["libunit_id"];
193     //printf("libunit id was: %d<BR><BR>", $libunit_id);
194    
195     if ($first_element == 0) {
196     $first_element = 1;
197     $lu_string .= $libunit_id;
198     }
199     else $lu_string .= ", " . $libunit_id;
200     }
201    
202     // Cleanup
203     $lu_string .= ") OR";
204    
205     // If nothing found, then return a blank string
206     if ($first_element == 0) $lu_string = "";
207    
208     $sql = "SELECT count(DISTINCT p.page_id) AS auth_page
209     FROM page p
210     LEFT JOIN page_staff ps using (page_id)
211     LEFT JOIN libunit_staff ls on p.staff_coordinator = ls.staff_id
212     WHERE p.page_id = "
213     . $page_id
214     . " AND ("
215     . $lu_string
216     . " p.staff_coordinator = "
217     . $sess_staff_id
218     . " OR ps.staff_id = "
219     . $sess_staff_id
220     . ")";
221     }
222    
223    
224    
225     // DBA. Access everything.
226     else if ($sess_access_level == "1000") {
227     $auth_page = 1;
228     }
229    
230     // Every other access level. No pages at all!
231     else {
232     $auth_page = 0;
233     }
234    
235     // Run the authorized page query if not DBA level
236     if ($sess_access_level >= 20 && $sess_access_level < 1000) {
237    
238 dpavlin 72 $rs = xx_tryquery($sql);
239     $row = xx_fetch_array ($rs, xx_ASSOC);
240 dpavlin 13
241     // Collect the access information
242     $auth_page = $row["auth_page"];
243     }
244    
245     if ($auth_page > 0) $auth_page = 1;
246    
247     return $auth_page;
248    
249     }
250    
251    
252     /**********************************************************
253 dpavlin 72 Function: authResourceDelete($resource_id, $sess_access_level,
254 dpavlin 13 $sess_staff_account)
255     Author: Paul Bramscher
256 dpavlin 72 Last Modified: 03.02.2004
257 dpavlin 13 ***********************************************************
258     Incoming:
259     $resource_id Resource to test authorization
260     $sess_access_level Access level of the current user
261     session.
262     $sess_staff_account x500 id of the current user
263     ***********************************************************
264     Outgoing:
265     1 = authorized to work on this resource
266     0 = non-authorized.
267     ***********************************************************
268     Purpose:
269     A check to ensure whether the current user may delete the
270     supplied resource. The following rules apply:
271    
272     (1) DBA's and managers can delete all resources
273     (2) Any staffperson with access greater than guest and less than
274     manager may delete only those resource s/he has created.
275     **********************************************************/
276 dpavlin 72 function authResourceDelete($resource_id, $sess_access_level,
277 dpavlin 13 $sess_staff_account) {
278    
279     /* Access Table Definitions
280     +-----------+--------------+---------+
281     | access_id | access_level | access |
282     +-----------+--------------+---------+
283     | 1 | 0 | Denied |
284     | 2 | 10 | Guest |
285     | 3 | 20 | Author |
286     | 4 | 100 | Manager |
287     | 5 | 1000 | DBA |
288     +-----------+--------------+---------+
289     */
290    
291    
292     // Default no authorization
293     $auth_resource = 0;
294    
295     /* If wishing to enforce resource delete access against author access,
296     uncomment this portion -- it's been temporarily commented out to allow
297     conversion staff the ability to tweak resources.
298     */
299    
300     // Scenario: guest access < THE USER < manager access
301     if ($sess_access_level > 10 && $sess_access_level < 100 ) {
302    
303     $sql = "SELECT count(r.resource_id) AS auth_resource FROM
304     resource r
305     WHERE r.resource_id = "
306     . $resource_id
307     . " AND r.account_created = '"
308     . $sess_staff_account
309     . "'";
310    
311 dpavlin 72 $rs = xx_tryquery($sql);
312     $row = xx_fetch_array ($rs, xx_ASSOC);
313 dpavlin 13
314     // Collect the access information
315     $auth_resource = $row["auth_resource"];
316    
317     if ($auth_resource > 0) $auth_resource = 1;
318     }
319    
320     // Manager or higher access. Great edit/delete access for everything.
321     else if ($sess_access_level >= 100 ) {
322     $auth_resource = 1;
323     }
324    
325    
326     /* If wishing to enforce resource edit/delete access against author access,
327     uncomment the previous portion and delete this.
328     Note: 08.21.2003 - PFB. Open editing of resources by any author is now verboten.
329    
330 dpavlin 72 // Author or higher access. Grant edit/delete access for everything.
331 dpavlin 13 if ($sess_access_level >= "10" ) {
332     $auth_resource = 1;
333     }
334     */
335    
336     return $auth_resource;
337    
338     }
339    
340    
341     /**********************************************************
342 dpavlin 72 Function: authResourceEdit($resource_id, $sess_access_level,
343 dpavlin 13 $sess_staff_account)
344     Author: Paul Bramscher
345 dpavlin 72 Last Modified: 03.10.2004
346 dpavlin 13 ***********************************************************
347     Incoming:
348     $resource_id Resource to test authorization
349     $sess_access_level Access level of the current user
350     session.
351     $sess_staff_account x500 id of the current user
352     ***********************************************************
353     Outgoing:
354     1 = authorized to work on this resource
355     0 = non-authorized.
356     ***********************************************************
357     Purpose:
358     A check to ensure whether the current user may edit the
359     supplied resource. The following rules apply:
360    
361     (1) Authors and above may edit all resources
362     **********************************************************/
363 dpavlin 72 function authResourceEdit($resource_id, $sess_access_level,
364 dpavlin 13 $sess_staff_account) {
365    
366     /* Access Table Definitions
367     +-----------+--------------+---------+
368     | access_id | access_level | access |
369     +-----------+--------------+---------+
370     | 1 | 0 | Denied |
371     | 2 | 10 | Guest |
372     | 3 | 20 | Author |
373     | 4 | 100 | Manager |
374     | 5 | 1000 | DBA |
375     +-----------+--------------+---------+
376     */
377    
378    
379     // Default no authorization
380     $auth_resource = 0;
381    
382     /* If wishing to enforce resource edit/delete access against author access,
383     uncomment this portion -- it's been temporarily commented out to allow
384     conversion staff the ability to tweak resources.
385     Note: 08.21.2003 - PFB. Resource editing access is now being enforced again.
386    
387    
388     // Scenario: guest access < THE USER < manager access
389     if ($sess_access_level > 10 && $sess_access_level < 100 ) {
390    
391     $sql = "SELECT count(r.resource_id) AS auth_resource FROM
392     resource r
393     WHERE r.resource_id = "
394     . $resource_id
395     . " AND r.account_created = '"
396     . $sess_staff_account
397     . "'";
398    
399 dpavlin 72 $rs = xx_tryquery($sql);
400     $row = xx_fetch_array ($rs, xx_ASSOC);
401 dpavlin 13
402     // Collect the access information
403     $auth_resource = $row["auth_resource"];
404    
405     if ($auth_resource > 0) $auth_resource = 1;
406     }
407    
408    
409    
410     // Manager or higher access. Great edit/delete access for everything.
411     else if ($sess_access_level >= "100" ) {
412     $auth_resource = 1;
413     }
414     */
415    
416     /* If wishing to enforce resource edit/delete access against author access,
417     uncomment the previous portion and delete this.
418     Note: 08.21.2003 - PFB. Open editing of resources by any author is now verboten.
419     Note: 08.26.2003 - PFB. Editing of resources is allowed, but not deleting.
420     */
421    
422     // Author or higher access. Great edit/delete access for everything.
423     if ($sess_access_level >= 10 ) {
424     $auth_resource = 1;
425     }
426    
427     return $auth_resource;
428    
429     }
430    
431    
432     /**********************************************************
433 dpavlin 72 Function: authSubject($sess_access_level, $sess_staff_id,
434 dpavlin 13 $subject_id)
435     Author: Paul Bramscher
436 dpavlin 72 Last Modified: 03.02.2004
437 dpavlin 13 ***********************************************************
438     Incoming:
439     $sess_access_level Access level of the current user
440     session.
441     $sess_staff_id staff id of the current user
442     $subject_id Subject to test authorization
443     ***********************************************************
444     Outgoing:
445     1 = authorized to work on this subject
446     0 = non-authorized.
447     ***********************************************************
448     Purpose:
449     A check to ensure whether the current user may access the
450     supplied subject. The following rules apply:
451    
452     (1) DBA's can edit anything.
453     (2) Managers can edit subjects maintained by anyone within their unit,
454     subjects to which they are personally assigned.
455     (3) Any staffperson, regardless of access, may edit subjects to
456     which they are assigned.
457    
458    
459     **********************************************************/
460 dpavlin 72 function authSubject($sess_access_level, $sess_staff_id,
461 dpavlin 13 $subject_id){
462    
463     /* Access Table Definitions
464     +-----------+--------------+---------+
465     | access_id | access_level | access |
466     +-----------+--------------+---------+
467     | 1 | 0 | Denied |
468     | 2 | 10 | Guest |
469     | 3 | 20 | Author |
470     | 4 | 100 | Manager |
471     | 5 | 1000 | DBA |
472     +-----------+--------------+---------+
473     */
474    
475    
476     // Default no authorization
477     $auth_subject = 0;
478    
479    
480     // Scenario: guest access < THE USER < manager access
481     if ($sess_access_level > 10 && $sess_access_level < 100 ) {
482    
483     $sql = "SELECT count(DISTINCT s.subject_id) AS auth_subject FROM
484     subject s
485     LEFT JOIN sub_staff st using (subject_id)
486     WHERE s.subject_id = "
487     . $subject_id
488     . " AND st.staff_id = "
489     . $sess_staff_id;
490    
491     }
492    
493    
494     // User is a manager.
495     else if ($sess_access_level == 100) {
496    
497    
498     // Determine libunit
499     $lu_sql = "SELECT libunit_id FROM libunit
500     WHERE head_staff_id = "
501     . $sess_staff_id;
502 dpavlin 72 $lu_rs = xx_tryquery($lu_sql);
503 dpavlin 13
504     $lu_string = "ls.libunit_id IN (";
505     $first_element = 0;
506    
507     // Concatenate the IN clause
508 dpavlin 72 while ($lu_row = xx_fetch_array ($lu_rs, xx_ASSOC)) {
509 dpavlin 13 $libunit_id = $lu_row["libunit_id"];
510     //printf("libunit id was: %d<BR><BR>", $libunit_id);
511    
512     if ($first_element == 0) {
513     $first_element = 1;
514     $lu_string .= $libunit_id;
515     }
516     else $lu_string .= ", " . $libunit_id;
517     }
518    
519     // Cleanup
520     $lu_string .= ") OR";
521    
522     // If nothing found, then return a blank string
523     if ($first_element == 0) $lu_string = "";
524    
525    
526     $sql = "SELECT count(DISTINCT s.subject_id) AS auth_subject FROM
527     subject s
528     LEFT JOIN sub_staff st using (subject_id)
529     LEFT JOIN libunit_staff ls on st.staff_id = ls.staff_id
530     WHERE s.subject_id = "
531     . $subject_id
532     . " AND ("
533     . $lu_string
534     . " st.staff_id = "
535     . $sess_staff_id
536     . ")";
537     }
538    
539    
540    
541     // DBA. Access everything.
542     else if ($sess_access_level == "1000") {
543     $auth_subject = 1;
544     }
545    
546     // Every other access level. No subjects at all!
547     else {
548     $auth_subject = 0;
549     }
550    
551     // Run the authorized subject query if not DBA level
552     if ($sess_access_level >= 20 && $sess_access_level < 1000) {
553    
554 dpavlin 72 $rs = xx_tryquery($sql);
555     $row = xx_fetch_array ($rs, xx_ASSOC);
556 dpavlin 13
557     // Collect the access information
558     $auth_subject = $row["auth_subject"];
559     }
560    
561     if ($auth_subject > 0) $auth_subject = 1;
562    
563     return $auth_subject;
564    
565     }
566    
567    
568     /**********************************************************
569 dpavlin 72 Function: dropDownAccountOmit($omit)
570 dpavlin 13 Author: Paul Bramscher
571 dpavlin 72 Last Modified: 03.10.2004
572 dpavlin 13 ***********************************************************
573     Incoming:
574     $omit String of staff's to omit
575     ***********************************************************
576     Outgoing:
577     None
578     ***********************************************************
579     Purpose:
580     Populates a drop-down box on an HTML form with select
581     statements. $omit limits output. Similar to dropDownStaffOmit,
582     but instead of returning the staff_id as the HTML value,
583     it returns the staff_account. This was done for situations in
584     which a relational tie with the staff table is not desirable
585     after the value is inserted. For example, historical statistics.
586     **********************************************************/
587 dpavlin 72 function dropDownAccountOmit($omit){
588     $sql = "SELECT * from staff "
589     . $omit
590     . " ORDER BY last_name, first_name";
591 dpavlin 13
592 dpavlin 72 $rs = xx_tryquery($sql);
593     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
594 dpavlin 13 $last_name = $row["last_name"];
595     $first_name = $row["first_name"];
596     $staff_id = $row["staff_id"];
597     $staff_account = $row["staff_account"];
598    
599     // Make it look more friendly
600     if ($staff_id == 1) $staff = "(N/A)";
601     else $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
602 dpavlin 72 printf("<option value = \""
603     . $staff_account
604     . "\" >"
605     . $staff
606     . "</option>\n");
607 dpavlin 13 };
608     }
609    
610    
611     /**********************************************************
612 dpavlin 72 Function: dropDownAuthCourses($sess_access_level, $sess_staff_id)
613 dpavlin 13 Author: Paul Bramscher
614 dpavlin 72 Last Modified: 03.02.2004
615 dpavlin 13 ***********************************************************
616     Incoming:
617     $sess_access_level Access level of the current user
618     session.
619     $sess_staff_id staff id of the current user
620     ***********************************************************
621     Outgoing:
622     None
623     ***********************************************************
624     Purpose:
625     Identical to dropDownAuthPages, except for a pagetype_id = 3
626     and extra LEFT JOIN to the course table to fetch the
627     course_concat field as the course title.
628    
629     Populates a drop-down box on an HTML form with select
630     options of CourseScribe pages that the current
631     user has authorization to edit. The following rules apply:
632    
633     (1) DBA's can edit anything.
634     (2) Managers can edit pages created by anyone within their unit.
635     (3) Page coordinators can edit pages they coordinate.
636     (4) Page maintainers may also edit pages they are assigned to.
637    
638     Some scenarios of pages that are NOT editable:
639    
640     (1) The original page creator is no longer the coordinator,
641     not a DBA, and not assigned as a maintainer. S/he can no
642     longer edit the page.
643     (2) You are a unit managager and used to have access to a page
644     coordinated by one of your employees. S/he switches units,
645     and is now under a new manager. The course page can now be
646     accessed by the manager of the new unit and not yourself.
647    
648     etc...
649    
650     **********************************************************/
651 dpavlin 72 function dropDownAuthCourses($sess_access_level, $sess_staff_id){
652 dpavlin 13
653     /* Access Table Definitions
654     +-----------+--------------+---------+
655     | access_id | access_level | access |
656     +-----------+--------------+---------+
657     | 1 | 0 | Denied |
658     | 2 | 10 | Guest |
659     | 3 | 20 | Author |
660     | 4 | 100 | Manager |
661     | 5 | 1000 | DBA |
662     +-----------+--------------+---------+
663     */
664    
665    
666     // Behave differently based on access level
667     switch ($sess_access_level) {
668    
669     // Author. Start from the page table.
670     case "20" :
671     $page_sql = "SELECT DISTINCT
672     p.page_id,
673     c.course_concat
674     FROM page p
675     LEFT JOIN page_staff ps using (page_id)
676     LEFT JOIN course c on p.page_id = c.page_id
677     WHERE p.pagetype_id = 3
678     AND
679     (ps.staff_id = "
680     . $sess_staff_id
681     . " OR p.staff_coordinator = "
682     . $sess_staff_id
683     . ") ORDER BY c.course_concat";
684     break;
685    
686     // Manager. Start from the libunit table, work down to pages
687     case "100" :
688    
689     // Determine libunit
690     $lu_sql = "SELECT libunit_id FROM libunit
691     WHERE head_staff_id = "
692     . $sess_staff_id;
693 dpavlin 72 $lu_rs = xx_tryquery($lu_sql);
694 dpavlin 13
695     $lu_string = "ls.libunit_id IN (";
696     $first_element = 0;
697    
698     // Concatenate the IN clause
699 dpavlin 72 while ($lu_row = xx_fetch_array ($lu_rs, xx_ASSOC)) {
700 dpavlin 13 $libunit_id = $lu_row["libunit_id"];
701    
702     if ($first_element == 0) {
703     $first_element = 1;
704     $lu_string .= $libunit_id;
705     }
706     else $lu_string .= ", " . $libunit_id;
707     }
708    
709     // Cleanup
710     $lu_string .= ") OR";
711    
712     // If nothing found, then return a blank string
713     if ($first_element == 0) $lu_string = "";
714    
715     $page_sql = "SELECT DISTINCT
716     p.page_id,
717     c.course_concat
718     FROM page p
719     LEFT JOIN page_staff ps using (page_id)
720     LEFT JOIN course c on p.page_id = c.page_id
721     LEFT JOIN libunit_staff ls on p.staff_coordinator = ls.staff_id
722     WHERE p.pagetype_id = 3
723     AND ("
724     . $lu_string
725     . " ps.staff_id = "
726     . $sess_staff_id
727     . " OR p.staff_coordinator = "
728     . $sess_staff_id
729     . ") ORDER BY c.course_concat";
730     break;
731    
732     // DBA. Access everything.
733     case "1000" :
734 dpavlin 72 dropDownCourses();
735 dpavlin 13 break;
736    
737     // Every other access level. No pages at all!
738     default :
739     break;
740    
741     }
742    
743     // Run the authorized page query if not DBA level
744     if ($sess_access_level >= 20 && $sess_access_level < 1000) {
745    
746 dpavlin 72 $page_rs = xx_tryquery($page_sql);
747 dpavlin 13
748 dpavlin 72 while ($page_row = xx_fetch_array ($page_rs, xx_ASSOC)) {
749 dpavlin 13
750     // Collect the page information
751     $page_id = $page_row["page_id"];
752     $course_concat = $page_row["course_concat"];
753    
754     if (strlen($course_concat) > 45) $course_concat = substr($course_concat, 0, 45) . "...";
755    
756     // Print the options
757     printf("<option value=\"%d\">%s</option>\n", $page_id, $course_concat);
758     }
759    
760     }
761    
762     }
763    
764    
765     /**********************************************************
766 dpavlin 72 Function: dropDownAuthPages($sess_access_level, $sess_staff_id)
767 dpavlin 13 Author: Paul Bramscher
768 dpavlin 72 Last Modified: 03.02.2004
769 dpavlin 13 ***********************************************************
770     Incoming:
771     $sess_access_level Access level of the current user
772     session.
773     $sess_staff_id staff id of the current user
774     ***********************************************************
775     Outgoing:
776     None
777     ***********************************************************
778     Purpose:
779     Populates a drop-down box on an HTML form with select
780     options of PageScribe pages that the current
781     user has authorization to edit. The following rules apply:
782    
783     (1) DBA's can edit anything.
784     (2) Managers can edit pages created by anyone within their unit.
785     (3) Page coordinators can edit pages they coordinate.
786     (4) Page maintainers may also edit pages they are assigned to.
787    
788     Some scenarios of pages that are NOT editable:
789    
790     (1) The original page creator is no longer the coordinator,
791     not a DBA, and not assigned as a maintainer. S/he can no
792     longer edit the page.
793     (2) You are a unit managager and used to have access to a page
794     coordinated by one of your employees. S/he switches units,
795     and is now under a new manager. The page can now be accessed
796     by the manager of the new unit and not yourself.
797    
798     etc...
799    
800     **********************************************************/
801 dpavlin 72 function dropDownAuthPages($sess_access_level, $sess_staff_id){
802 dpavlin 13
803     /* Access Table Definitions
804     +-----------+--------------+---------+
805     | access_id | access_level | access |
806     +-----------+--------------+---------+
807     | 1 | 0 | Denied |
808     | 2 | 10 | Guest |
809     | 3 | 20 | Author |
810     | 4 | 100 | Manager |
811     | 5 | 1000 | DBA |
812     +-----------+--------------+---------+
813     */
814    
815    
816     // Behave differently based on access level
817     switch ($sess_access_level) {
818    
819     // Editor. Start from the page table.
820     case "20" :
821     $page_sql = "SELECT DISTINCT
822     p.page_id,
823     p.page_title
824     FROM page p
825     LEFT JOIN page_staff ps using (page_id)
826     WHERE p.pagetype_id = 2
827     AND
828     (ps.staff_id = "
829     . $sess_staff_id
830     . " OR p.staff_coordinator = "
831     . $sess_staff_id
832     . ") ORDER BY p.page_title";
833     break;
834    
835     // Manager. Start from the libunit table, work down to pages
836     case "100" :
837    
838     // Determine libunit
839     $lu_sql = "SELECT libunit_id FROM libunit
840     WHERE head_staff_id = "
841     . $sess_staff_id;
842 dpavlin 72 $lu_rs = xx_tryquery($lu_sql);
843 dpavlin 13
844     $lu_string = "ls.libunit_id IN (";
845     $first_element = 0;
846    
847     // Concatenate the IN clause
848 dpavlin 72 while ($lu_row = xx_fetch_array ($lu_rs, xx_ASSOC)) {
849 dpavlin 13 $libunit_id = $lu_row["libunit_id"];
850     printf("libunit id was: %d<BR><BR>", $libunit_id);
851    
852     if ($first_element == 0) {
853     $first_element = 1;
854     $lu_string .= $libunit_id;
855     }
856     else $lu_string .= ", " . $libunit_id;
857     }
858    
859     // Cleanup
860     $lu_string .= ") OR";
861    
862     // If nothing found, then return a blank string
863     if ($first_element == 0) $lu_string = "";
864    
865     $page_sql = "SELECT DISTINCT
866     p.page_id,
867     p.page_title
868     FROM page p
869     LEFT JOIN page_staff ps using (page_id)
870     LEFT JOIN libunit_staff ls on p.staff_coordinator = ls.staff_id
871     WHERE p.pagetype_id = 2
872     AND ("
873     . $lu_string
874     . " ps.staff_id = "
875     . $sess_staff_id
876     . " OR p.staff_coordinator = "
877     . $sess_staff_id
878     . ") ORDER BY p.page_title";
879     break;
880    
881     // DBA. Access everything.
882     case "1000" :
883 dpavlin 72 dropDownFieldOmit("page", "page_title", "page_id", " WHERE pagetype_id = 2");
884 dpavlin 13 break;
885    
886     // Every other access level. No pages at all!
887     default :
888     break;
889    
890     }
891    
892     // Run the authorized page query if not DBA level
893     if ($sess_access_level >= 20 && $sess_access_level < 1000) {
894    
895 dpavlin 72 $page_rs = xx_tryquery($page_sql);
896 dpavlin 13
897 dpavlin 72 while ($page_row = xx_fetch_array ($page_rs, xx_ASSOC)) {
898 dpavlin 13
899     // Collect the page information
900     $page_id = $page_row["page_id"];
901     $page_title = $page_row["page_title"];
902    
903     if (strlen($page_title) > 39) $page_title = substr($page_title, 0, 39) . "...";
904    
905     // Print the options
906     printf("<option value=\"%d\">%s</option>\n", $page_id, $page_title);
907     }
908    
909     }
910    
911     }
912    
913    
914     /**********************************************************
915 dpavlin 72 Function: dropDownAuthSubjects($sess_access_level, $sess_staff_id)
916 dpavlin 13 Author: Paul Bramscher
917 dpavlin 72 Last Modified: 03.02.2004
918 dpavlin 13 ***********************************************************
919     Incoming:
920     $sess_access_level Access level of the current user
921     session.
922     $sess_staff_id staff id of the current user
923     ***********************************************************
924     Outgoing:
925     None
926     ***********************************************************
927     Purpose:
928     Populates a drop-down box on an HTML form with select
929     options of SubjectBuilder pages that the current
930     user has authorization to edit. The following rules apply:
931    
932     (1) DBA's can edit anything.
933     (2) Managers can edit subjects on behalf of anyone within their unit.
934     (3) Any staffperson can manage subjects to which s/he is assigned.
935    
936     **********************************************************/
937 dpavlin 72 function dropDownAuthSubjects($sess_access_level, $sess_staff_id){
938 dpavlin 13
939     /* Access Table Definitions
940     +-----------+--------------+---------+
941     | access_id | access_level | access |
942     +-----------+--------------+---------+
943     | 1 | 0 | Denied |
944     | 2 | 10 | Guest |
945     | 3 | 20 | Author |
946     | 4 | 100 | Manager |
947     | 5 | 1000 | DBA |
948     +-----------+--------------+---------+
949     */
950    
951    
952     // Behave differently based on access level
953     switch ($sess_access_level) {
954    
955     // Editor. Start from the subb_staff table.
956     case "20" :
957     $sql = "SELECT
958     s.subject_id,
959     s.subject
960     FROM subject s
961     LEFT JOIN sub_staff ss using (subject_id)
962     WHERE ss.staff_id = "
963     . $sess_staff_id
964     . " ORDER BY s.subject";
965     break;
966    
967     // Manager. Start from the libunit table, work down to pages
968     case "100" :
969    
970     // Determine libunit
971     $lu_sql = "SELECT libunit_id FROM libunit
972     WHERE head_staff_id = "
973     . $sess_staff_id;
974 dpavlin 72 $lu_rs = xx_tryquery($lu_sql);
975 dpavlin 13
976     $lu_string = "ls.libunit_id IN (";
977     $first_element = 0;
978    
979     // Concatenate the IN clause
980 dpavlin 72 while ($lu_row = xx_fetch_array ($lu_rs, xx_ASSOC)) {
981 dpavlin 13 $libunit_id = $lu_row["libunit_id"];
982     printf("libunit id was: %d<BR><BR>", $libunit_id);
983    
984     if ($first_element == 0) {
985     $first_element = 1;
986     $lu_string .= $libunit_id;
987     }
988     else $lu_string .= ", " . $libunit_id;
989     }
990    
991     // Cleanup
992     $lu_string .= ") OR";
993    
994     // If nothing found, then return a blank string
995     if ($first_element == 0) $lu_string = "";
996    
997     $sql = "SELECT DISTINCT
998     s.subject_id,
999     s.subject
1000     FROM subject s
1001     LEFT JOIN sub_staff ss using (subject_id)
1002     LEFT JOIN libunit_staff ls on ss.staff_id = ls.staff_id
1003     WHERE "
1004     . $lu_string
1005     . " ss.staff_id = "
1006     . $sess_staff_id
1007     . " ORDER BY s.subject";
1008    
1009     break;
1010    
1011     // DBA. Access everything.
1012     case "1000" :
1013 dpavlin 72 dropDownFieldOmit("subject", "subject", "subject_id", "WHERE SUBJECT_ID > 1");
1014 dpavlin 13 break;
1015    
1016     // Every other access level. No pages at all!
1017     default :
1018     break;
1019    
1020     }
1021    
1022     // Run the authorized page query if not DBA level
1023     if ($sess_access_level >= 20 && $sess_access_level < 1000) {
1024    
1025 dpavlin 72 $rs = xx_tryquery($sql);
1026 dpavlin 13
1027 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1028 dpavlin 13
1029     // Collect the page information
1030     $subject_id = $row["subject_id"];
1031     $subject = $row["subject"];
1032    
1033     // Print the option
1034     printf("<option value=\"%d\">%s</option>\n", $subject_id, $subject);
1035     }
1036    
1037     }
1038    
1039     }
1040    
1041    
1042     /**********************************************************
1043 dpavlin 72 Function: dropDownCourses()
1044 dpavlin 13 Author: Paul Bramscher
1045 dpavlin 72 Last Modified: 03.10.2004
1046 dpavlin 13 ***********************************************************
1047     Incoming:
1048 dpavlin 72 None
1049 dpavlin 13 ***********************************************************
1050     Outgoing:
1051     None
1052     ***********************************************************
1053     Purpose:
1054     Populates a drop-down box on an HTML form with courseScribe
1055     courses, listed by course name and designator.
1056     **********************************************************/
1057 dpavlin 72 function dropDownCourses() {
1058 dpavlin 13
1059     $sql = "SELECT page_id, course_concat
1060     FROM course
1061     ORDER BY course_concat";
1062    
1063 dpavlin 72 $rs = xx_tryquery($sql);
1064     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1065 dpavlin 13 $page_id = $row["page_id"];
1066     $course_concat = $row["course_concat"];
1067    
1068     if (strlen($course_concat) > 45) $course_concat = substr($course_concat, 0, 45) . "...";
1069    
1070 dpavlin 72 printf("<option value = \""
1071     . $page_id
1072     . "\" >"
1073     . $course_concat
1074     . "</option>\n");
1075 dpavlin 13 };
1076     }
1077    
1078    
1079     /**********************************************************
1080 dpavlin 72 Function: dropDownCoursesubOmit($omit)
1081 dpavlin 13 Author: Paul Bramscher
1082 dpavlin 72 Last Modified: 03.02.2004
1083 dpavlin 13 ***********************************************************
1084     Incoming:
1085     $omit String of coursesub's to omit
1086     ***********************************************************
1087     Outgoing:
1088     None
1089     ***********************************************************
1090     Purpose:
1091     Populates a drop-down box on an HTML form with select
1092     statements. $omit limits output.
1093     **********************************************************/
1094 dpavlin 72 function dropDownCoursesubOmit($omit){
1095 dpavlin 13
1096 dpavlin 72 $sql = "SELECT
1097     coursesub,
1098     coursesub_descr,
1099     coursesub_id,
1100     cip_code
1101     FROM coursesub "
1102 dpavlin 13 . $omit
1103     . " ORDER BY coursesub_descr";
1104    
1105     // Fetch the values
1106 dpavlin 72 $rs = xx_tryquery($sql);
1107     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1108 dpavlin 13 $coursesub = $row["coursesub"];
1109     $coursesub_id = $row["coursesub_id"];
1110     $coursesub_descr = $row["coursesub_descr"];
1111     $cip_code = $row["cip_code"];
1112    
1113     // Limit length
1114 dpavlin 72 if (strlen($coursesub_descr) > 30)
1115     $coursesub_descr = substr($coursesub_descr, 0, 30) . "...";
1116 dpavlin 13
1117 dpavlin 72 printf("<option value = \"%s\">%s | %s [%s]</option>",
1118     $coursesub_id, $coursesub, $coursesub_descr, $cip_code);
1119 dpavlin 13 }
1120     }
1121    
1122    
1123     /**********************************************************
1124 dpavlin 72 Function: dropDownCoursesubSelected($limit, $preselected)
1125 dpavlin 13 Author: Paul Bramscher
1126 dpavlin 72 Last Modified: 03.02.2004
1127 dpavlin 13 ***********************************************************
1128     Incoming:
1129     $limit Additional limit on the box
1130     $preselected Pre-selected course subject
1131     ***********************************************************
1132     Outgoing:
1133     None
1134     ***********************************************************
1135     Purpose:
1136     Populates a drop-down box on an HTML form with select
1137     statements. $limit limits output.
1138     **********************************************************/
1139 dpavlin 72 function dropDownCoursesubSelected($limit, $preselected){
1140 dpavlin 13
1141     $sql = "SELECT
1142     coursesub,
1143     coursesub_descr,
1144     coursesub_id,
1145     cip_code
1146     FROM coursesub ";
1147    
1148     // Concatenate a limit if provided
1149     if (strlen($limit) > 0) $sql .= $limit;
1150    
1151     $sql .= " ORDER BY coursesub_descr";
1152    
1153     // Fetch the values
1154 dpavlin 72 $rs = xx_tryquery($sql);
1155     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1156 dpavlin 13 $coursesub = $row["coursesub"];
1157     $coursesub_id = $row["coursesub_id"];
1158     $coursesub_descr = $row["coursesub_descr"];
1159     $cip_code = $row["cip_code"];
1160    
1161     // Limit length
1162 dpavlin 72 if (strlen($coursesub_descr) > 25)
1163     $coursesub_descr = substr($coursesub_descr, 0, 30) . "...";
1164 dpavlin 13
1165     printf("<option value = \"%d\"", $coursesub_id);
1166     if ($coursesub_id == $preselected) printf(" selected ");
1167     printf(">" . $coursesub . " | " . $coursesub_descr . " [" . $cip_code . "]</option>\n");
1168    
1169     }
1170     }
1171    
1172    
1173     /**********************************************************
1174 dpavlin 72 Function: dropDownFaculty()
1175 dpavlin 13 Author: Paul Bramscher
1176 dpavlin 72 Last Modified: 03.02.2004
1177 dpavlin 13 ***********************************************************
1178     Incoming:
1179 dpavlin 72 None
1180 dpavlin 13 ***********************************************************
1181     Outgoing:
1182     None
1183     ***********************************************************
1184     Purpose:
1185     Populates a drop-down box on an HTML form with select
1186     options of faculty members. They are displayed and ordered
1187 dpavlin 72 in the following format: "last name, first name (staff account)".
1188 dpavlin 13 **********************************************************/
1189 dpavlin 72 function dropDownFaculty(){
1190 dpavlin 13 // Build the SQL.
1191     $sql = "SELECT *
1192     FROM faculty
1193     ORDER BY faculty_lastname, faculty_firstname, faculty_account";
1194 dpavlin 72 $rs = xx_tryquery($sql);
1195    
1196     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1197 dpavlin 13 $faculty_id = $row["faculty_id"];
1198     $faculty_lastname = $row["faculty_lastname"];
1199     $faculty_firstname = $row["faculty_firstname"];
1200     $faculty_account = $row["faculty_account"];
1201    
1202     // Make it look more friendly
1203     if ($faculty_id == 1) $faculty = "(N/A)";
1204     else {
1205     $faculty = $faculty_lastname . ", " . $faculty_firstname;
1206     if (strlen($faculty_account) > 0) $faculty .= " (" . $faculty_account . ")";
1207     }
1208    
1209 dpavlin 72 printf("<option value = \""
1210     . $faculty_id
1211     . "\" >"
1212     . $faculty
1213     . "</option>\n");
1214 dpavlin 13 };
1215     }
1216    
1217    
1218     /**********************************************************
1219 dpavlin 72 Function: dropDownFacultyOmit($omit)
1220 dpavlin 13 Author: Paul Bramscher
1221 dpavlin 72 Last Modified: 03.10.2004
1222 dpavlin 13 ***********************************************************
1223     Incoming:
1224     $omit String of human's to omit
1225     ***********************************************************
1226     Outgoing:
1227     None
1228     ***********************************************************
1229     Purpose:
1230     Populates a drop-down box on an HTML form with select
1231     statements. $omit limits output.
1232     **********************************************************/
1233 dpavlin 72 function dropDownFacultyOmit($omit){
1234 dpavlin 13 $sql = "SELECT * FROM faculty "
1235     . $omit
1236     . " ORDER BY faculty_lastname, faculty_firstname";
1237 dpavlin 72 $rs = xx_tryquery($sql);
1238 dpavlin 13
1239 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1240 dpavlin 13 $faculty_id = $row["faculty_id"];
1241     $faculty_lastname = $row["faculty_lastname"];
1242     $faculty_firstname = $row["faculty_firstname"];
1243     $faculty_account = $row["faculty_account"];
1244    
1245     // Make it look more friendly
1246     if ($faculty_id == 1) $faculty = "(N/A)";
1247     else {
1248     $faculty = $faculty_lastname . ", " . $faculty_firstname;
1249     if (strlen($faculty_account) > 0) $faculty .= " (" . $faculty_account . ")";
1250     }
1251    
1252 dpavlin 72 printf("<option value = \""
1253     . $faculty_id
1254     . "\" >"
1255     . $faculty
1256     . "</option>\n");
1257 dpavlin 13 };
1258     }
1259    
1260    
1261     /**********************************************************
1262 dpavlin 72 Function: dropDownFacultySelected($limit, $preselected)
1263 dpavlin 13 Author: Paul Bramscher
1264 dpavlin 72 Last Modified: 03.02.2004
1265 dpavlin 13 ***********************************************************
1266     Incoming:
1267     $limit Any WHERE clause
1268     $preselected Incoming faculty person to preselect
1269     ***********************************************************
1270     Outgoing:
1271     None
1272     ***********************************************************
1273     Purpose:
1274     Populates a drop-down box on an HTML form with select
1275     statements. $omit limits output.
1276     **********************************************************/
1277 dpavlin 72 function dropDownFacultySelected($limit, $preselected){
1278 dpavlin 13 $sql = "SELECT * FROM faculty "
1279     . $limit
1280     . " ORDER BY faculty_lastname, faculty_firstname";
1281 dpavlin 72 $rs = xx_tryquery($sql);
1282 dpavlin 13
1283 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1284 dpavlin 13 $faculty_id = $row["faculty_id"];
1285     $faculty_lastname = $row["faculty_lastname"];
1286     $faculty_firstname = $row["faculty_firstname"];
1287     $faculty_account = $row["faculty_account"];
1288    
1289     // Make it look more friendly
1290     if ($faculty_id == 1) $faculty = "(N/A)";
1291     else {
1292     $faculty = $faculty_lastname . ", " . $faculty_firstname;
1293     }
1294    
1295     printf("<option value = \"%d\"", $faculty_id);
1296     if ($faculty_id == $preselected) printf(" selected ");
1297     printf(">" . $faculty . "</option>\n");
1298     };
1299     }
1300    
1301    
1302     /**********************************************************
1303 dpavlin 72 Function: dropDownField($table, $field_display,
1304 dpavlin 13 $field_value)
1305     Author: Paul Bramscher
1306 dpavlin 72 Last Modified: 03.10.2004
1307 dpavlin 13 ***********************************************************
1308     Incoming:
1309     $table Table in database to search
1310     $field_display Select displayed to user
1311     $field_value Actual value of the HTML tag
1312     ***********************************************************
1313     Outgoing:
1314     None
1315     ***********************************************************
1316     Purpose:
1317     Populates a drop-down box on an HTML form with select
1318     options. They are ordered by the $field_display field.
1319     Typically, $field_value is the primary key field.
1320     **********************************************************/
1321 dpavlin 72 function dropDownField($table, $field_display, $field_value){
1322 dpavlin 13
1323     $sql = "SELECT "
1324     . $field_display
1325     . ", "
1326     . $field_value
1327     . " FROM "
1328     . $table
1329     . " ORDER BY "
1330     . $field_display;
1331 dpavlin 72 $rs = xx_tryquery($sql);
1332    
1333     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1334 dpavlin 13 $field_display_item = $row[$field_display];
1335     if (strlen($field_display_item) > 40) $field_display_item = substr($field_display_item, 0, 39) . "...";
1336     $field_value_item = $row[$field_value];
1337 dpavlin 72 printf("<option value = \""
1338     . $field_value_item
1339     . "\" >"
1340     . $field_display_item
1341     . "</option>\n");
1342 dpavlin 13 };
1343     }
1344    
1345    
1346     /**********************************************************
1347 dpavlin 72 Function: dropDownFieldOmit($table, $field_display,
1348 dpavlin 13 $field_value, $where)
1349     Author: Paul Bramscher
1350 dpavlin 72 Last Modified: 03.10.2004
1351 dpavlin 13 ***********************************************************
1352     Incoming:
1353     $table Table in database to search
1354     $field_display Select displayed to user
1355     $field_value Actual value of the HTML tag
1356     $where SQL criteria in the list to exlude
1357     ***********************************************************
1358     Outgoing:
1359     None
1360     ***********************************************************
1361     Purpose:
1362     Populates a drop-down box on an HTML form with select
1363     options. They are ordered by the $field_display field.
1364     Typically, $field_value is the primary key field. $where
1365     can be used to filter out results.
1366     **********************************************************/
1367 dpavlin 72 function dropDownFieldOmit($table, $field_display,
1368 dpavlin 13 $field_value, $where){
1369    
1370     $sql = "SELECT "
1371     . $field_display
1372     . ", "
1373     . $field_value
1374     . " FROM "
1375     . $table
1376     . " "
1377     . $where
1378     . " ORDER BY "
1379     . $field_display;
1380 dpavlin 72 $rs = xx_tryquery($sql);
1381    
1382     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1383 dpavlin 13 $field_display_item = $row[$field_display];
1384 dpavlin 72 if (strlen($field_display_item) > 40) $field_display_item = substr($field_display_item, 0, 39) . "...";
1385 dpavlin 13 $field_value_item = $row[$field_value];
1386 dpavlin 72 printf("<option value = \""
1387     . $field_value_item
1388     . "\" >"
1389     . $field_display_item
1390     . "</option>\n");
1391 dpavlin 13 };
1392     }
1393    
1394    
1395     /**********************************************************
1396 dpavlin 72 Function: dropDownFieldSelected($table, $field_display,
1397 dpavlin 13 $field_value, $limit, $preselected)
1398     Author: Paul Bramscher
1399 dpavlin 72 Last Modified: 03.02.2004
1400 dpavlin 13 ***********************************************************
1401     Incoming:
1402     $table Table in database to search
1403     $field_display Select displayed to user
1404     $field_value Actual value of the HTML tag
1405     $preselected A selected $field_value
1406     $limit A WHERE clause
1407     ***********************************************************
1408     Outgoing:
1409     None
1410     ***********************************************************
1411     Purpose:
1412     Populates a drop-down box on an HTML form with select
1413     options. They are ordered by the $field_display field.
1414     Typically, $field_value is the primary key field. The
1415     parameter $preselected determines which (single) selection
1416     is selected.
1417     **********************************************************/
1418 dpavlin 72 function dropDownFieldSelected($table, $field_display,
1419 dpavlin 13 $field_value, $limit, $preselected){
1420    
1421     $sql = "SELECT "
1422     . $field_display
1423     . ", "
1424     . $field_value
1425     . " FROM "
1426     . $table
1427     . " "
1428     . $limit
1429     . " ORDER BY "
1430     . $field_display;
1431 dpavlin 72 $rs = xx_tryquery($sql);
1432 dpavlin 13
1433 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1434 dpavlin 13 $field_display_item = $row[$field_display];
1435     $field_value_item = $row[$field_value];
1436     if (strlen($field_display_item) > 50) $field_display_item = substr($field_display_item, 0, 49) . "...";
1437    
1438     printf("<option value = \"" . $field_value_item . "\" ");
1439     if ($field_value_item == $preselected) printf (" selected");
1440     printf(">" . $field_display_item . "</option>\n");
1441     };
1442     }
1443    
1444    
1445     /**********************************************************
1446 dpavlin 72 Function: dropDownInfotype($infotype_id, $subject_id)
1447 dpavlin 13 Author: Paul Bramscher
1448 dpavlin 72 Last Modified: 03.02.2004
1449 dpavlin 13 ***********************************************************
1450     Incoming:
1451     $subject_id Subject on which to limit the list
1452     ***********************************************************
1453     Outgoing:
1454     None
1455     ***********************************************************
1456     Purpose:
1457     Populates a drop-down box on an HTML form with select
1458     options of information types including general and
1459     master subject-specific.
1460     **********************************************************/
1461 dpavlin 72 function dropDownInfotype($infotype_id, $subject_id){
1462 dpavlin 13
1463     // Initialize
1464     $selected_infotype_id = $infotype_id;
1465    
1466     /*
1467     Collect a string of mastersubjects for this subject.
1468     This will be used in a later SQL query to limit list of infotypes based
1469     on subject.
1470     */
1471    
1472 dpavlin 72 $sql = "SELECT sm.mastersubject_id
1473     FROM sub_mastersubject sm
1474     WHERE sm.subject_id = "
1475 dpavlin 13 . $subject_id;
1476    
1477     // Build the string. Start with the "(N/A)" and the "(ALL)" master subjects.
1478     $masterstring = "(1, 2 ";
1479    
1480 dpavlin 72 $rs = xx_tryquery($sql);
1481     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1482 dpavlin 13 $mastersubject_id = $row["mastersubject_id"];
1483     $masterstring .= ", " . $mastersubject_id;
1484     }
1485     $masterstring .= ")";
1486    
1487     // Build the list of infotypes appropriate to all of the mastersubjects found
1488     $sql = "SELECT i.infotype, i.infotype_id, mi.masterinfotype
1489 dpavlin 72 FROM infotype i, masterinfotype mi
1490     WHERE i.masterinfotype_id = mi.masterinfotype_id
1491     AND i.infotype_id > 0 and mi.masterinfotype_id > 0
1492     AND i.mastersubject_id IN " . $masterstring .
1493     " ORDER BY mi.masterinfotype";
1494     $rs = xx_tryquery($sql);
1495    
1496     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1497 dpavlin 13 $masterinfotype = $row["masterinfotype"];
1498     $infotype_id = $row["infotype_id"];
1499     $infotype = $row["infotype"];
1500    
1501     // Make it look more friendly
1502     $useroutput = $masterinfotype . " -> " . $infotype;
1503    
1504     printf("<option value = \"%d\"", $infotype_id);
1505     if ($infotype_id == $selected_infotype_id) printf (" selected ");
1506     printf(">" . $useroutput . "</option>\n");
1507     };
1508     }
1509    
1510    
1511     /**********************************************************
1512 dpavlin 72 Function: dropDownPageStaff($page_id)
1513 dpavlin 13 Author: Paul Bramscher
1514 dpavlin 72 Last Modified: 03.10.2004
1515 dpavlin 13 ***********************************************************
1516     Incoming:
1517     $page_id PageScribe page involved
1518     ***********************************************************
1519     Outgoing:
1520     None
1521     ***********************************************************
1522     Purpose:
1523     Populates a drop-down box on an HTML form with select
1524     options of staff members. They are displayed and ordered
1525     in the following format: "last name, first name (x500id)".
1526     The staff displayed are those associated as PageScribe
1527     maintainers.
1528     **********************************************************/
1529 dpavlin 72 function dropDownPageStaff($page_id){
1530 dpavlin 13
1531     // Build the SQL.
1532     $sql = "SELECT s.first_name, s.last_name, s.staff_id, s.staff_account
1533     FROM staff s, page_staff ps
1534     WHERE ps.page_id = "
1535     . $page_id
1536     . " AND s.staff_id > 1 AND ps.staff_id = s.staff_id ORDER BY last_name, first_name, staff_account";
1537 dpavlin 72 $rs = xx_tryquery($sql);
1538    
1539     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1540 dpavlin 13 $staff_id = $row["staff_id"];
1541     $last_name = $row["last_name"];
1542     $first_name = $row["first_name"];
1543     $staff_account = $row["staff_account"];
1544    
1545     // Make it look more friendly
1546     $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
1547 dpavlin 72 printf("<option value = \""
1548     . $staff_id
1549     . "\" >"
1550     . $staff
1551     . "</option>\n");
1552 dpavlin 13 };
1553     }
1554    
1555    
1556     /**********************************************************
1557 dpavlin 72 Function: dropDownPageSubject($page_id)
1558 dpavlin 13 Author: Paul Bramscher
1559 dpavlin 72 Last Modified: 03.10.2004
1560 dpavlin 13 ***********************************************************
1561     Incoming:
1562     $page_id PageScribe page involved
1563     ***********************************************************
1564     Outgoing:
1565     None
1566     ***********************************************************
1567     Purpose:
1568     Populates a drop-down box on an HTML form with select
1569     options of associated RQS subjects for the supplied page id.
1570     **********************************************************/
1571 dpavlin 72 function dropDownPageSubject($page_id){
1572 dpavlin 13
1573     // Build the SQL.
1574     $sql = "SELECT s.subject_id, s.subject
1575     FROM subject s, page_subject ps
1576     WHERE ps.page_id = "
1577     . $page_id
1578     . " AND s.subject_id > 1 AND ps.subject_id = s.subject_id ORDER BY s.subject";
1579 dpavlin 72 $rs = xx_tryquery($sql);
1580    
1581     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1582 dpavlin 13 $subject_id = $row["subject_id"];
1583     $subject = $row["subject"];
1584    
1585 dpavlin 72 printf("<option value = \""
1586     . $subject_id
1587     . "\" >"
1588     . $subject
1589     . "</option>\n");
1590 dpavlin 13 };
1591     }
1592    
1593    
1594     /**********************************************************
1595 dpavlin 72 Function: dropDownResource($key_id, $letter, $masterinfotype_id, $feature_id)
1596 dpavlin 13 Author: Paul Bramscher
1597 dpavlin 72 Last Modified: 03.02.2004
1598 dpavlin 13 ***********************************************************
1599     Incoming:
1600     $key_id "0" for a new resource, otherwise
1601     indicates a pre-selected resource
1602     $limit Starting with letter A-Z or freetext.
1603     $masterinfotype_id To limit by the masterinfotype.
1604     $feature_id To limit by feature id
1605     ***********************************************************
1606     Outgoing:
1607     None
1608     ***********************************************************
1609     Purpose:
1610     Populates an HTML drop-down box of resources in the
1611     following format: ID#:TT:AA. Where ID is the resource
1612     ID#, TT is the first 35 char. of the title, and AA is the
1613     first 35 characters of the author.
1614    
1615     NOTE: Currently only titles are displayed, the author
1616     portion has been commented out.
1617    
1618     If incoming $limit is a single character (a letter), then
1619     the query checks against all titles starting with it.
1620     Otherwise it checks against all titles or annotations
1621     containing that string.
1622     **********************************************************/
1623 dpavlin 72 function dropDownResource($key_id, $limit, $masterinfotype_id, $feature_id){
1624 dpavlin 13
1625     // Clean up the limit string
1626     if (strlen($limit) > 0) $limit = textSearchmySQL($limit);
1627    
1628     // Build the query
1629     $sql = "SELECT DISTINCT r.resource_id, r.title, r.author
1630     FROM resource r
1631     LEFT JOIN infotype i using (infotype_id)
1632     LEFT JOIN masterinfotype m on i.masterinfotype_id = m.masterinfotype_id
1633     LEFT JOIN res_feature rf on r.resource_id = rf.resource_id
1634     WHERE r.infotype_id = i.infotype_id AND i.masterinfotype_id = m.masterinfotype_id";
1635    
1636     // If a single letter, limit to title match
1637     if (strlen($limit) == 1) $sql .= " AND title LIKE '" . $limit . "%'";
1638    
1639     // If incoming freetext, query title or annotation
1640     if (strlen($limit) > 1) $sql .= " AND ((title LIKE '%" . $limit . "%') OR (annotation LIKE '%" . $limit . "%'))";
1641    
1642    
1643     // Limit by masterinfotype_id
1644     if ($masterinfotype_id > 0) $sql .= " AND m.masterinfotype_id = " . $masterinfotype_id;
1645    
1646     // Limit by feature
1647     if ($feature_id > 0) $sql .= " AND rf.feature_id = " . $feature_id;
1648    
1649     $sql .=" ORDER BY title, author, resource_id";
1650    
1651 dpavlin 72 $rs = xx_tryquery($sql);
1652    
1653     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1654 dpavlin 13 $resource_id = $row["resource_id"];
1655     $title = $row["title"];
1656     //$author = $row["author"];
1657    
1658     // Trim and add ellipsis
1659     if (strlen($title) > 65) $title = substr($title, 0, 65) . "...";
1660     //if (strlen($author) > 35) $author = substr($author, 0, 35) . "...";
1661    
1662     $display = $title;
1663     //if (strlen($author) > 0) $display .= " | " .$author;
1664     $display .= " | ID: " . $resource_id;
1665    
1666     if ($resource_id == $key_id) $selected = "selected";
1667     else $selected = "";
1668    
1669     printf("<option %s value = \""
1670     . $resource_id
1671     . "\" >"
1672     . $display . "</option>\n", $selected);
1673     };
1674     }
1675    
1676    
1677     /**********************************************************
1678 dpavlin 72 Function: dropDownServiceLimit($servicetype_id)
1679 dpavlin 13 Author: Paul Bramscher
1680 dpavlin 72 Last Modified: 03.02.2004
1681 dpavlin 13 ***********************************************************
1682     Incoming:
1683     $servicetype_id Service type to limit the picklist
1684     ***********************************************************
1685     Outgoing:
1686     None
1687     ***********************************************************
1688     Purpose:
1689     Populates a drop-down box on an HTML form with select
1690     options for library services, limited to a supplied service
1691     type id.
1692     **********************************************************/
1693 dpavlin 72 function dropDownServiceLimit($servicetype_id){
1694 dpavlin 13
1695     $sql = "SELECT DISTINCT s.service, s.service_id FROM service s
1696     LEFT JOIN serv_servtype ss using (service_id)
1697 dpavlin 72 LEFT JOIN servicetype v on ss.servicetype_id = v.servicetype_id
1698     WHERE s.service_id > 1";
1699 dpavlin 13
1700     if ($servicetype_id > 0) {
1701 dpavlin 72 $sql .= " AND ss.servicetype_id = "
1702 dpavlin 13 . $servicetype_id;
1703     }
1704    
1705     $sql .= " ORDER BY s.service";
1706    
1707 dpavlin 72 $rs = xx_tryquery($sql);
1708 dpavlin 13
1709 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1710 dpavlin 13 $service = $row["service"];
1711     $service_id = $row["service_id"];
1712     if (strlen($service) > 50) $service = substr($service, 0, 49) . "...";
1713    
1714     printf("<option value=\"%d\">%s</option>\n", $service_id, $service);
1715     };
1716     }
1717    
1718    
1719     /**********************************************************
1720 dpavlin 72 Function: dropDownStaff()
1721 dpavlin 13 Author: Paul Bramscher
1722 dpavlin 72 Last Modified: 03.10.2004
1723 dpavlin 13 ***********************************************************
1724     Incoming:
1725 dpavlin 72 None
1726 dpavlin 13 ***********************************************************
1727     Outgoing:
1728     None
1729     ***********************************************************
1730     Purpose:
1731     Populates a drop-down box on an HTML form with select
1732     options of staff members. They are displayed and ordered
1733     in the following format: "last name, first name (x500id)".
1734     **********************************************************/
1735 dpavlin 72 function dropDownStaff(){
1736 dpavlin 13
1737     // Build the SQL
1738     $sql = "SELECT *
1739     FROM staff
1740     ORDER BY last_name, first_name, staff_account";
1741 dpavlin 72 $rs = xx_tryquery($sql);
1742    
1743     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1744 dpavlin 13 $staff_id = $row["staff_id"];
1745     $last_name = $row["last_name"];
1746     $first_name = $row["first_name"];
1747     $staff_account = $row["staff_account"];
1748    
1749     // Make it look more friendly
1750     if ($staff_id == 1) $staff = "(N/A)";
1751     else $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
1752 dpavlin 72 printf("<option value = \""
1753     . $staff_id
1754     . "\" >"
1755     . $staff
1756     . "</option>\n");
1757 dpavlin 13 };
1758     }
1759    
1760    
1761     /**********************************************************
1762 dpavlin 72 Function: dropDownStaffOmit($omit)
1763 dpavlin 13 Author: Paul Bramscher
1764 dpavlin 72 Last Modified: 03.10.2004
1765 dpavlin 13 ***********************************************************
1766     Incoming:
1767     $omit String of staff's to omit
1768     ***********************************************************
1769     Outgoing:
1770     None
1771     ***********************************************************
1772     Purpose:
1773     Populates a drop-down box on an HTML form with select
1774     statements. $omit limits output.
1775     **********************************************************/
1776 dpavlin 72 function dropDownStaffOmit($omit){
1777 dpavlin 13
1778     // Build the SQL
1779     $sql = "SELECT * from staff "
1780     . $omit
1781     . " ORDER BY last_name, first_name";
1782 dpavlin 72 $rs = xx_tryquery($sql);
1783 dpavlin 13
1784 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1785 dpavlin 13 $last_name = $row["last_name"];
1786     $first_name = $row["first_name"];
1787     $staff_id = $row["staff_id"];
1788     $staff_account = $row["staff_account"];
1789    
1790     // Make it look more friendly
1791     if ($staff_id == 1) $staff = "(N/A)";
1792     else $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
1793 dpavlin 72 printf("<option value = \""
1794     . $staff_id
1795     . "\" >"
1796     . $staff
1797     . "</option>\n");
1798 dpavlin 13 };
1799     }
1800    
1801    
1802     /**********************************************************
1803 dpavlin 72 Function: dropDownStaffSelected($selected_id)
1804 dpavlin 13 Author: Paul Bramscher
1805 dpavlin 72 Last Modified: 03.10.2004
1806 dpavlin 13 ***********************************************************
1807     Incoming:
1808     $selected_id Selected staff id
1809     ***********************************************************
1810     Outgoing:
1811     None
1812     ***********************************************************
1813     Purpose:
1814     Populates a drop-down box on an HTML form with select
1815     statements. Selected id represents the preselected staff.
1816     **********************************************************/
1817 dpavlin 72 function dropDownStaffSelected($selected_id){
1818 dpavlin 13
1819     // Build the SQL
1820     $sql = "SELECT * from staff WHERE staff_id > 1 ORDER BY last_name, first_name";
1821 dpavlin 72 $rs = xx_tryquery($sql);
1822    
1823     while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1824 dpavlin 13 $last_name = $row["last_name"];
1825     $first_name = $row["first_name"];
1826     $staff_id = $row["staff_id"];
1827     printf("<option value = \"" . $staff_id . "\" ");
1828     if ($staff_id == $selected_id) printf (" selected");
1829     printf(">" . $last_name . ", " . $first_name . "</option>\n");
1830     };
1831     }
1832    
1833    
1834     /**********************************************************
1835     Function: existsFaculty
1836     Author: Paul Bramscher
1837 dpavlin 72 Last Modified: 03.02.2004
1838 dpavlin 13 ***********************************************************
1839     Incoming:
1840     $faculty_firstname Faculty first name
1841     $faculty_lastname Faculty last name
1842     ***********************************************************
1843     Outgoing:
1844     "1" if a match exists, "0" if not
1845     ***********************************************************
1846     Purpose:
1847     This function checks to see whether a match against the
1848     supplied faculty first and last name already exists.
1849     **********************************************************/
1850 dpavlin 72 function existsFaculty($faculty_firstname, $faculty_lastname){
1851 dpavlin 13
1852     // Build the sql
1853     $faculty_firstname = textInmySQL($faculty_firstname);
1854     $faculty_lastname = textInmySQL($faculty_lastname);
1855    
1856     $sql = "SELECT * FROM faculty WHERE faculty_firstname = '"
1857     . $faculty_firstname
1858     . "' AND faculty_lastname = '"
1859     . $faculty_lastname
1860     . "'";
1861    
1862     $faculty_id = 0;
1863 dpavlin 72 $rs = xx_tryquery($sql);
1864 dpavlin 13
1865     // Concatenate the NOT IN clause
1866 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
1867 dpavlin 13 if ($faculty_id == 0) $faculty_id = $row["faculty_id"];
1868     }
1869    
1870     return $faculty_id;
1871     }
1872    
1873    
1874     /**********************************************************
1875     Function: existsResSub
1876     Author: Paul Bramscher
1877 dpavlin 72 Last Modified: 03.02.2004
1878 dpavlin 13 ***********************************************************
1879     Incoming:
1880     $resource_id Record ID
1881     $subject_id Subject ID
1882     ***********************************************************
1883     Outgoing:
1884     "1" if an association already exists, "0" if not
1885     ***********************************************************
1886     Purpose:
1887     This function checks to see whether a resource has already
1888     been attached to a given subject id.
1889     **********************************************************/
1890 dpavlin 72 function existsResSub($resource_id, $subject_id){
1891 dpavlin 13
1892     // Build the sql
1893     $sql = "SELECT * FROM res_sub_infotype WHERE resource_id = "
1894     . $resource_id
1895     . " AND subject_id = "
1896     . $subject_id;
1897    
1898 dpavlin 72 $rs = xx_tryquery($sql);
1899 dpavlin 42 $rowcount = xx_num_rows($rs);
1900 dpavlin 13 if ($rowcount >= 1){
1901     $rowcount = 1;
1902     }
1903     else $rowcount = 0;
1904    
1905     return $rowcount;
1906     }
1907    
1908    
1909     /**********************************************************
1910     Function: existsResSubNA
1911     Author: Paul Bramscher
1912 dpavlin 72 Last Modified: 03.02.2004
1913 dpavlin 13 ***********************************************************
1914     Incoming:
1915     $resource_id Record ID
1916     $subject_id Subject ID
1917     ***********************************************************
1918     Outgoing:
1919     "1" if an association already exists, "0" if not
1920     ***********************************************************
1921     Purpose:
1922     This function is similar to existsResSub, but with checks
1923     specifically to see whether the (N/A) type information type
1924     is currently assigned to the resource-subject combination.
1925     **********************************************************/
1926 dpavlin 72 function existsResSubNA($resource_id, $subject_id){
1927 dpavlin 13
1928     // Build the sql
1929     $sql = "SELECT * FROM res_sub_infotype WHERE resource_id = "
1930     . $resource_id
1931     . " AND subject_id = "
1932     . $subject_id
1933     . " AND infotype_id = 1";
1934    
1935 dpavlin 72 $rs = xx_tryquery($sql);
1936 dpavlin 42 $rowcount = xx_num_rows($rs);
1937 dpavlin 13 if ($rowcount == 1){
1938     $rowcount = 1;
1939     }
1940     else $rowcount = 0;
1941    
1942     return $rowcount;
1943     }
1944    
1945    
1946     /**********************************************************
1947 dpavlin 72 Function: existsResSubNOTNA
1948     Author: Paul Bramscher
1949     Last Modified: 03.02.2004
1950     ***********************************************************
1951     Incoming:
1952     $resource_id Record ID
1953     $subject_id Subject ID
1954     ***********************************************************
1955     Outgoing:
1956     "1" if an association already exists, "0" if not
1957     ***********************************************************
1958     Purpose:
1959     This function is similar to existsResSubNA, but it checks to
1960     see if the combination of resource/subject appears in the
1961     res_sub_infotype table under a heading other than N/A for
1962     the infotype.
1963     **********************************************************/
1964     function existsResSubNOTNA($resource_id, $subject_id){
1965    
1966     // Build the sql
1967     $sql = "SELECT * FROM res_sub_infotype WHERE resource_id = "
1968     . $resource_id
1969     . " AND subject_id = "
1970     . $subject_id
1971     . " AND infotype_id <> 1";
1972    
1973     $rs = xx_tryquery($sql);
1974     $rowcount = xx_num_rows($rs);
1975     if ($rowcount == 1){
1976     $rowcount = 1;
1977     }
1978     else $rowcount = 0;
1979    
1980     return $rowcount;
1981     }
1982    
1983    
1984     /**********************************************************
1985 dpavlin 13 Function: existsRow
1986     Author: Paul Bramscher
1987 dpavlin 72 Last Modified: 03.02.2004
1988 dpavlin 13 ***********************************************************
1989     Incoming:
1990     $table Table to search
1991     $key_field Field against which to search
1992     $key_id Limit for the where clause
1993     ***********************************************************
1994     Outgoing:
1995     "1" if the row exists, "0" if not
1996     ***********************************************************
1997     Purpose:
1998     Useful in performing delete and other operations to make
1999     sure that a row entity exists matching the supplied key
2000     before going any further.
2001     **********************************************************/
2002 dpavlin 72 function existsRow($table, $key_field, $limit_id){
2003 dpavlin 13 // Cast as integer to avoid future problems
2004     $limit_id = (int) $limit_id;
2005    
2006     // Build the sql
2007     $sql = "SELECT "
2008     . $key_field
2009     . " FROM "
2010     . $table
2011     . " WHERE "
2012     . $key_field
2013     . "="
2014     . $limit_id;
2015    
2016 dpavlin 72 $rs = xx_tryquery($sql);
2017 dpavlin 42 $rowcount = xx_num_rows($rs);
2018 dpavlin 13 if ($rowcount >= 1){
2019     $rowcount = 1;
2020     }
2021     else $rowcount = 0;
2022    
2023     return $rowcount;
2024     }
2025    
2026    
2027     /**********************************************************
2028     Function: getNotIn
2029     Author: Paul Bramscher
2030 dpavlin 72 Last Modified: 03.02.2004
2031 dpavlin 13 ***********************************************************
2032     Incoming:
2033     $in_field Name of ID field to return
2034     $static_field Name of the "other" ID field in the
2035     bridging table
2036     $static_value Value for the other ID field to
2037     limit by
2038     $table Bridging table involved
2039     ***********************************************************
2040     Outgoing:
2041     $in_string Concatenated string of $in_field
2042     ID's to be excluded from a drop-down
2043     box.
2044     ***********************************************************
2045     Purpose:
2046     This applies to a bridging table with a dual primary key.
2047     For example, in the res_loc table, produce a list of all
2048     location_id's associated with a particular resource_id.
2049     This list is comma-separated and returned to an
2050     assignment-type form in which drop-down boxes of the
2051     current selections are displayed alongside remaining
2052     selections. The remaining (available) selections need to
2053     exclude the current ones. Thus, this function builds the
2054     NOT IN portion of the SQL WHERE clause.
2055     **********************************************************/
2056 dpavlin 72 function getNotIn($in_field, $static_field,
2057 dpavlin 13 $static_value, $table) {
2058    
2059     // Initialze
2060     $in_string = "(";
2061     $first_element = 0;
2062    
2063     // Build the sql
2064     $sql = "SELECT "
2065     . $in_field
2066     . " FROM "
2067     . $table
2068     . " WHERE "
2069     . $static_field
2070     . " = "
2071     . $static_value;
2072    
2073 dpavlin 72 $rs = xx_tryquery($sql);
2074 dpavlin 13
2075     // Concatenate the NOT IN clause
2076 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
2077 dpavlin 13 $in_element = $row[$in_field];
2078    
2079     if ($first_element == 0) {
2080     $first_element = 1;
2081     $in_string .= "'" . $in_element . "'";
2082     }
2083     else $in_string .= ", '" . $in_element . "'";
2084     }
2085    
2086     // Cleanup
2087     $in_string .= ")";
2088    
2089     // If nothing found, then return a blank string
2090     if ($first_element == 0) $in_string = "";
2091    
2092     // Done, return to calling function
2093     return $in_string;
2094     }
2095    
2096    
2097     /**********************************************************
2098 dpavlin 72 Function: lookupFaculty($faculty_id)
2099 dpavlin 13 Author: Paul Bramscher
2100 dpavlin 72 Last Modified: 03.02.2004
2101 dpavlin 13 ***********************************************************
2102     Incoming:
2103     $faculty_id Faculty ID number to retrieve
2104     ***********************************************************
2105     Outgoing:
2106     Faculty name in {First Name} {Last Name} format.
2107     ***********************************************************
2108     Purpose:
2109     Performs a lookup on faculty ID to retrieve name.
2110     **********************************************************/
2111 dpavlin 72 function lookupFaculty($faculty_id){
2112    
2113 dpavlin 13 $sql = "SELECT faculty_firstname, faculty_lastname FROM faculty WHERE faculty_id = "
2114     . $faculty_id;
2115 dpavlin 72 $rs = xx_tryquery($sql);
2116     $row = xx_fetch_array ($rs, xx_ASSOC);
2117 dpavlin 13 $faculty_lastname = $row["faculty_lastname"];
2118     $faculty_firstname = $row["faculty_firstname"];
2119    
2120     $faculty_name .= $faculty_firstname . " " . $faculty_lastname;
2121 dpavlin 72
2122 dpavlin 13 return $faculty_name;
2123     }
2124    
2125    
2126     /**********************************************************
2127 dpavlin 72 Function: lookupField($table, $key_field, $key_value,
2128 dpavlin 13 $desc_field)
2129     Author: Paul Bramscher
2130 dpavlin 72 Last Modified: 03.02.2004
2131 dpavlin 13 ***********************************************************
2132     Incoming:
2133     $table Table in database to search
2134     $key_field Name of field on which to lookup
2135     $key_value Value to attempt lookup with
2136     $desc_field Descriptive value to return
2137     ***********************************************************
2138     Outgoing:
2139     A descriptive name for an ID number.
2140     ***********************************************************
2141     Purpose:
2142     Performs a lookup, typically on an ID field, to retrieve a
2143     user-friendly descriptive name to the page.
2144     **********************************************************/
2145 dpavlin 72 function lookupField($table, $key_field, $key_value,
2146 dpavlin 13 $desc_field){
2147    
2148     $sql = "SELECT "
2149     . $desc_field
2150     . " FROM "
2151     . $table
2152     . " WHERE "
2153     . $key_field
2154     . "='"
2155     . $key_value
2156     . "'";
2157 dpavlin 72 $rs = xx_tryquery($sql);
2158     $row = xx_fetch_array ($rs, xx_ASSOC);
2159 dpavlin 42 if (xx_num_rows($rs) == 1) $result = $row[$desc_field];
2160 dpavlin 13 else $result = "";
2161    
2162     return $result;
2163     }
2164    
2165    
2166     /**********************************************************
2167 dpavlin 72 Function: lookupStaff($staff_id)
2168 dpavlin 13 Author: Paul Bramscher
2169 dpavlin 72 Last Modified: 03.10.2004
2170 dpavlin 13 ***********************************************************
2171     Incoming:
2172     $staff_id Staff ID number to retrieve
2173     ***********************************************************
2174     Outgoing:
2175     Staff name in {First Name} {Last Name} format.
2176     ***********************************************************
2177     Purpose:
2178     Performs a lookup on staff ID to retrieve name.
2179     **********************************************************/
2180 dpavlin 72 function lookupStaff($staff_id){
2181 dpavlin 13
2182     $sql = "SELECT first_name, last_name FROM staff WHERE staff_id = "
2183     . $staff_id;
2184 dpavlin 72 $rs = xx_tryquery($sql);
2185     $row = xx_fetch_array ($rs, xx_ASSOC);
2186 dpavlin 13 $last_name = $row["last_name"];
2187     $first_name = $row["first_name"];
2188    
2189     $staff_name .= $first_name . " " . $last_name;
2190    
2191     return $staff_name;
2192     }
2193    
2194    
2195     /**********************************************************
2196 dpavlin 72 Function: msgTableClose()
2197 dpavlin 13 Author: Paul Bramscher
2198 dpavlin 72 Last Modified: 03.15.2004
2199 dpavlin 13 ***********************************************************
2200     Incoming:
2201 dpavlin 72 None
2202 dpavlin 13 ***********************************************************
2203     Outgoing:
2204     None
2205     ***********************************************************
2206     Purpose:
2207 dpavlin 72 Closes the message box table.
2208 dpavlin 13 **********************************************************/
2209 dpavlin 72 function msgTableClose () {
2210    
2211     printf("</td></tr></table>\n");
2212     printf("</center>\n");
2213 dpavlin 13
2214     }
2215    
2216    
2217     /**********************************************************
2218 dpavlin 72 Function: msgTableOpen ($colspan, $header)
2219     Author: Paul Bramscher
2220     Last Modified: 03.15.2004
2221     ***********************************************************
2222     Incoming:
2223     $colspan Columns to span the first
2224     row.
2225     $header Message to appear in the
2226     first table header row.
2227     ***********************************************************
2228     Outgoing:
2229     None
2230     ***********************************************************
2231     Purpose:
2232     Starts the drawing of a message box table.
2233     **********************************************************/
2234     function msgTableOpen ($colspan, $header) {
2235    
2236     // Table
2237     printf("<center>\n");
2238     printf("<table width=\"50%%\" class=\"backLight\" border=\"1\" cellpadding=\"4\">\n");
2239    
2240     // Row header
2241     printf("<tr><td class=\"cellPlain\" colspan=\"%d\" >\n", $colspan);
2242     printf("%s", $header);
2243     printf("</td></tr>\n");
2244    
2245     // Initial cell
2246     printf("<tr><td>\n");
2247     }
2248    
2249    
2250     /**********************************************************
2251     Function: recordCount($table, $limit_field,
2252 dpavlin 13 $limit_where, $type)
2253     Author: Paul Bramscher
2254 dpavlin 72 Last Modified: 03.02.2004
2255 dpavlin 13 ***********************************************************
2256     Incoming:
2257     $table Table in database to query
2258     $limit_field Field to limit
2259     $limit_where Criteria upon which to limit
2260     $type "N" for numeric or "C" for character
2261     ***********************************************************
2262     Outgoing:
2263     None
2264     ***********************************************************
2265     Purpose:
2266     This function is typically used in conjunction with a
2267     printf statement elsewhere "This operation affects
2268     N record(s). Do you wish to proceed?" This function
2269     returns a value for N.
2270     **********************************************************/
2271 dpavlin 72 function recordCount($table, $limit_field,
2272 dpavlin 13 $limit_where, $type) {
2273    
2274     // Guard against single quotes
2275     $limit_where = addslashes($limit_where);
2276    
2277     $sql = "SELECT "
2278     . $limit_field
2279     . " FROM "
2280     . $table
2281     . " WHERE "
2282     . $limit_field
2283     . "=";
2284    
2285     // If the field is numeric
2286     if ($type == "N") {
2287     $sql .= $limit_where;
2288     }
2289    
2290     // If character, use single-quotes
2291     else {
2292     $sql .= "'"
2293     .$limit_where
2294     . "'";
2295     }
2296    
2297     // Open the query and take a row count
2298 dpavlin 72 $rs = xx_tryquery($sql);
2299 dpavlin 42 $count = xx_num_rows($rs);
2300 dpavlin 13
2301     return $count;
2302     }
2303    
2304    
2305     /**********************************************************
2306 dpavlin 72 Function: selectCoursesub($limit)
2307 dpavlin 13 Author: Paul Bramscher
2308 dpavlin 72 Last Modified: 03.10.2004
2309 dpavlin 13 ***********************************************************
2310     Incoming:
2311     $limit String to limit the results by
2312     ***********************************************************
2313     Outgoing:
2314     None
2315     ***********************************************************
2316     Purpose:
2317     Draws a table with all course subjects for basic
2318     command add/edit/ delete selection.
2319     **********************************************************/
2320 dpavlin 72 function selectCoursesub($limit){
2321 dpavlin 13
2322 dpavlin 72 printf("<table width=\"90%%\" border = \"1\" cellpadding = \"2\" >\n");
2323     printf("<tr>\n");
2324     printf("<td class = \"cellPlain\">ID</td>\n");
2325     printf("<td class = \"cellPlain\">Subject</td>\n");
2326     printf("<td class = \"cellPlain\">Subject Description</td>\n");
2327     printf("<td class = \"cellPlain\">Campus</td>\n");
2328     printf("<td class = \"cellPlain\">CIP Code</td>\n");
2329     printf("<td class = \"cellPlain\">Select</td>\n");
2330 dpavlin 13 printf("</tr>");
2331    
2332     // Build the sql
2333     $sql = "SELECT
2334     c.coursesub_id,
2335     c.coursesub,
2336     c.coursesub_descr,
2337     c.cip_code,
2338     p.campus
2339     FROM
2340     coursesub c
2341     LEFT JOIN campus p on c.campus_id = p.campus_id
2342     WHERE coursesub_id > 1";
2343    
2344     if (strlen($limit) > 0 && $limit != "*") {
2345    
2346     $limit = textSearchmySQL($limit);
2347    
2348     $sql .= " AND (coursesub LIKE '%"
2349     . $limit
2350     . "%' OR coursesub_descr LIKE '%"
2351     . $limit
2352     . "%')";
2353    
2354     }
2355    
2356     // Order the display
2357     $sql .= " ORDER BY coursesub_descr";
2358    
2359 dpavlin 72 $rs = xx_tryquery($sql);
2360 dpavlin 13
2361     // Initialize row counter
2362     $rowcount = 0;
2363    
2364 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
2365 dpavlin 13 $coursesub_id = $row["coursesub_id"];
2366     $coursesub = Trim($row["coursesub"]);
2367     $coursesub_descr = Trim($row["coursesub_descr"]);
2368     $campus = Trim($row["campus"]);
2369     $cip_code = Trim($row["cip_code"]);
2370    
2371     // Make every other row colored
2372     if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2373     else $color = "";
2374    
2375     printf("<tr>");
2376    
2377 dpavlin 72 printf("<td %s>%d</td>\n", $color, $coursesub_id);
2378     printf("<td %s>%s</td>\n", $color, $coursesub);
2379     printf("<td %s>%s</td>\n", $color, $coursesub_descr);
2380     printf("<td %s>%s</td>\n", $color, $campus);
2381     printf("<td %s>%s</td>\n", $color, $cip_code);
2382 dpavlin 13
2383 dpavlin 72 printf("<td %s>&nbsp;<input type = \"Radio\" name = \"coursesub_id\" value =\"%d\" >&nbsp;</td>\n", $color, $coursesub_id);
2384 dpavlin 13
2385 dpavlin 72 printf("</tr>\n");
2386 dpavlin 13
2387     $rowcount++;
2388     };
2389 dpavlin 72 printf("</table>\n");
2390 dpavlin 13 }
2391    
2392    
2393     /**********************************************************
2394 dpavlin 72 Function: selectFaculty()
2395 dpavlin 13 Author: Paul Bramscher
2396 dpavlin 72 Last Modified: 03.10.2004
2397 dpavlin 13 ***********************************************************
2398     Incoming:
2399 dpavlin 72 None
2400 dpavlin 13 ***********************************************************
2401     Outgoing:
2402     None
2403     ***********************************************************
2404     Purpose:
2405     Draws a table with all faculty for basic command add/edit/
2406     delete selection.
2407     **********************************************************/
2408 dpavlin 72 function selectFaculty(){
2409 dpavlin 13
2410 dpavlin 72 printf("<table width=\"90%%\" border = \"1\" cellpadding = \"2\" >\n");
2411     printf("<tr>\n");
2412     printf("<td class = \"cellPlain\">ID</td>\n");
2413     printf("<td class = \"cellPlain\">Faculty name</td>\n");
2414     printf("<td class = \"cellPlain\">Account</td>\n");
2415     printf("<td class = \"cellPlain\">Email</td>\n");
2416     printf("<td class = \"cellPlain\">Select</td>\n");
2417 dpavlin 13 printf("</tr>");
2418    
2419     // Build the sql
2420     $sql = "SELECT
2421     f.faculty_id,
2422     f.faculty_firstname,
2423     f.faculty_lastname,
2424     f.faculty_account,
2425     f.faculty_email
2426     FROM
2427     faculty f
2428     WHERE faculty_id > 1";
2429    
2430     // Order the display
2431     $sql .= " ORDER BY faculty_lastname, faculty_firstname";
2432    
2433 dpavlin 72 $rs = xx_tryquery($sql);
2434 dpavlin 13
2435     // Row counter
2436     $rowcount = 0;
2437    
2438 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
2439 dpavlin 13 $faculty_id = $row["faculty_id"];
2440     $faculty_firstname = Trim($row["faculty_firstname"]);
2441     $faculty_lastname = Trim($row["faculty_lastname"]);
2442     $faculty_account = $row["faculty_account"];
2443     $faculty_email = $row["faculty_email"];
2444    
2445     // For display purposes
2446     if (strlen($faculty_account) < 1) $faculty_account = "&nbsp;";
2447     if (strlen($faculty_email) < 1) $faculty_email = "&nbsp;";
2448    
2449     // Make every other row colored
2450     if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2451     else $color = "";
2452    
2453     printf("<tr>");
2454    
2455 dpavlin 72 printf("<td %s>%d</td>\n", $color, $faculty_id);
2456     printf("<td %s>%s, %s</td>\n", $color, $faculty_lastname, $faculty_firstname);
2457     printf("<td %s>%s</td>\n", $color, $faculty_account);
2458     printf("<td %s>%s</td>\n", $color, $faculty_email);
2459 dpavlin 13
2460 dpavlin 72 printf("<td %s>&nbsp;<input type = \"Radio\" name = \"faculty_id\" value =\"%d\" >&nbsp;</td>\n", $color, $faculty_id);
2461 dpavlin 13
2462 dpavlin 72 printf("</tr>\n");
2463 dpavlin 13
2464     $rowcount++;
2465     };
2466 dpavlin 72 printf("</table>\n");
2467 dpavlin 13 }
2468    
2469    
2470     /**********************************************************
2471 dpavlin 72 Function: selectKey($display, $display_field,
2472 dpavlin 13 $key_field, $limit, $table)
2473     Author: Paul Bramscher
2474 dpavlin 72 Last Modified: 03.10.2004
2475 dpavlin 13 ***********************************************************
2476     Incoming:
2477     $display A form header to display to user
2478     $display_field Meaningful field in the table to display
2479     $key_field The table primary key (no composites)
2480     $table Table in database to search
2481     $limit Field to limit $field_display by
2482     ***********************************************************
2483     Outgoing:
2484     None
2485     ***********************************************************
2486     Purpose:
2487     Does a simple text dump to show descriptive values and
2488     their associated primary keys in a small table. If
2489     $limit is defined, then limit the result set to display
2490     only $display_field which matches a like cause. Each
2491     result is indicated by a radio button named key_id to be
2492     used in a form to select one of them for further
2493     processing (editing, deleting, etc).
2494    
2495     Note that the pick-list filters out the primary key #1,
2496     (N/A) rows which are present in many tables as system
2497     placeholders.
2498     **********************************************************/
2499 dpavlin 72 function selectKey($display, $display_field,
2500 dpavlin 13 $key_field, $limit, $table){
2501    
2502     $sql = "SELECT "
2503     . $display_field
2504     . ", "
2505     . $key_field
2506     . " FROM "
2507     . $table
2508     . " WHERE ("
2509     . $key_field
2510     . " != 1 AND "
2511     . $display_field
2512     . " != '(N/A)')";
2513    
2514     if (strlen($limit) > 0){
2515    
2516     // Attach a limit unless "*" is indicated
2517     if ($limit != "*") {
2518     $sql .= " AND "
2519     . $display_field
2520     . " LIKE '%"
2521     . $limit
2522     . "%'";
2523    
2524     }
2525    
2526    
2527     // Order the display
2528     $sql .= " ORDER BY " . $display_field;
2529    
2530 dpavlin 72 $rs = xx_tryquery($sql);
2531 dpavlin 13
2532     printf("<table width=\"60%%\" border = \"1\" >\n");
2533     printf("<tr><td class=\"cellPlain\">Description</td>\n");
2534     printf("<td class=\"cellPlain\">Select</td></tr>\n");
2535    
2536     $rowcount = 0;
2537    
2538 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
2539 dpavlin 13 $field_display_item = $row[$display_field];
2540     $field_value_item = (int) Trim($row[$key_field]);
2541    
2542     // Make every other row colored
2543     if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2544     else $color = "";
2545    
2546     printf("<tr>\n");
2547     printf("<td %s>%s", $color, $field_display_item);
2548     printf("</td>\n");
2549     printf("<td %s><input type =\"Radio\" name =\"key_id\" value =\"%s\"></td>\n",
2550     $color, $field_value_item);
2551     printf("</tr>\n");
2552    
2553     $rowcount++;
2554     };
2555     printf("</table>\n");
2556     }
2557     else {
2558     printf("You must limit by some criteria before proceeding.<BR>\n");
2559     }
2560     }
2561    
2562    
2563     /**********************************************************
2564 dpavlin 72 Function: selectStaff()
2565 dpavlin 13 Author: Paul Bramscher
2566 dpavlin 72 Last Modified: 03.10.2004
2567 dpavlin 13 ***********************************************************
2568     Incoming:
2569 dpavlin 72 None
2570 dpavlin 13 ***********************************************************
2571     Outgoing:
2572     None
2573     ***********************************************************
2574     Purpose:
2575     Draws a table with all staff for basic command add/edit/
2576     delete selection.
2577     **********************************************************/
2578 dpavlin 72 function selectStaff(){
2579 dpavlin 13
2580 dpavlin 72 printf("<table width=\"90%%\" border = \"1\" cellpadding = \"2\" >\n");
2581     printf("<tr>\n");
2582     printf("<td class = \"cellPlain\">ID</td>\n");
2583     printf("<td class = \"cellPlain\">Staff name</td>\n");
2584     printf("<td class = \"cellPlain\">Staff Account</td>\n");
2585     printf("<td class = \"cellPlain\">Local pwd?</td>\n");
2586     printf("<td class = \"cellPlain\">Access</td>\n");
2587     printf("<td class = \"cellPlain\">Level</td>\n");
2588     printf("<td class = \"cellPlain\">Last login</td>\n");
2589     printf("<td class = \"cellPlain\">Last ip</td>\n");
2590     printf("<td class = \"cellPlain\">Select</td>\n");
2591 dpavlin 13 printf("</tr>");
2592    
2593     // Build the sql
2594     $sql = "SELECT
2595     s.staff_id,
2596     s.staff_account,
2597     s.password,
2598     s.first_name,
2599     s.last_name,
2600     s.last_login,
2601     s.last_ip,
2602     a.access,
2603     a.access_level
2604     FROM
2605     staff s, access a
2606     WHERE staff_id > 1 AND s.access_id = a.access_id";
2607    
2608     // Order the display
2609     $sql .= " ORDER BY last_name, first_name";
2610    
2611 dpavlin 72 $rs = xx_tryquery($sql);
2612 dpavlin 13
2613     $rowcount = 0;
2614    
2615 dpavlin 72 while ($row = xx_fetch_array ($rs, xx_ASSOC)) {
2616 dpavlin 13 $first_name = Trim($row["first_name"]);
2617     $last_name = Trim($row["last_name"]);
2618     $staff_account = $row["staff_account"];
2619     $staff_id = $row["staff_id"];
2620     $access = Trim($row["access"]);
2621     $access_level = Trim($row["access_level"]);
2622     $last_login = Trim($row["last_login"]);
2623     $last_ip = Trim($row["last_ip"]);
2624    
2625     // See whether the local password has been set
2626     if (strlen($row["password"]) > 0) $local_pwd = "<b>Yes</b>";
2627     else $local_pwd = "No";
2628    
2629     // For display purposes
2630     if (strlen($last_login) < 1) $last_login = "&nbsp;";
2631     if (strlen($last_ip) < 1) $last_ip = "&nbsp;";
2632    
2633     // Make every other row colored
2634     if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2635     else $color = "";
2636    
2637     printf("<tr>");
2638    
2639 dpavlin 72 printf("<td %s>%d</td>\n", $color, $staff_id);
2640     printf("<td %s>%s, %s</td>\n", $color, $last_name, $first_name);
2641     printf("<td %s>%s</td>\n", $color, $staff_account);
2642     printf("<td %s>%s</td>\n", $color, $local_pwd);
2643     printf("<td %s>%s</td>\n", $color, $access);
2644     printf("<td %s>%d</td>\n", $color, $access_level);
2645     printf("<td %s>%s</td>\n", $color, $last_login);
2646     printf("<td %s>%s</td>\n", $color, $last_ip);
2647 dpavlin 13
2648     printf("<td %s>&nbsp;<input type = \"Radio\" name = \"staff_id\"
2649 dpavlin 72 value =\"%d\" >&nbsp;</td>\n", $color, $staff_id);
2650 dpavlin 13
2651 dpavlin 72 printf("</tr>\n");
2652 dpavlin 13
2653     $rowcount++;
2654     };
2655 dpavlin 72 printf("</table>\n");
2656 dpavlin 13 }
2657    
2658    
2659     /**********************************************************
2660 dpavlin 72 Function: statQuery($sql)
2661 dpavlin 13 Author: Paul Bramscher
2662 dpavlin 72 Last Modified: 03.02.2004
2663 dpavlin 13 ***********************************************************
2664     Incoming:
2665     $sql A SQL statement to execute. The
2666     SELECT must have a COUNT(*) in it.
2667     The stat logic should be in WHERE.
2668     ***********************************************************
2669     Outgoing:
2670     $result The numerical result of the query,
2671     or else "UNKNOWN" in case of error.
2672     ***********************************************************
2673     Purpose:
2674     Accepts a simple SQL statement, performs the lookup, and
2675     drawns the result in a two-column table row. The first
2676     column is $label explaining the purpose of the lookup,
2677     the second column is the numerical figure of the $sql.
2678     **********************************************************/
2679    
2680 dpavlin 72 function statQuery($sql){
2681     $rs = xx_tryquery($sql);
2682     $row = xx_fetch_array ($rs, xx_ASSOC);
2683 dpavlin 13
2684     // We should be getting only a single row.
2685 dpavlin 42 if (xx_num_rows($rs) == 1) $result = $row["COUNT(*)"];
2686 dpavlin 13 else $result = "UNKNOWN";
2687    
2688     return $result;
2689     }
2690    
2691    
2692     /**********************************************************
2693     Function: textInmySQL
2694     Author: Paul Bramscher
2695     Last Modified: 09.23.2003
2696     ***********************************************************
2697     Purpose:
2698     This function creates filtering rules for input into
2699     mySQL. Depending on your configuration of the PHP
2700     variable magic_quotes_gpc, security needs, and possible
2701     foreign character set issues you may want to change this.
2702     **********************************************************/
2703     function textInmySQL($incoming) {
2704    
2705     // Replace single quotes with two single quotes
2706     $outgoing = ereg_replace("'","''",$incoming);
2707    
2708     return $outgoing;
2709    
2710     }
2711    
2712     /**********************************************************
2713     Function: textOutHTML
2714     Author: Paul Bramscher
2715     Last Modified: 04.21.2003
2716     ***********************************************************
2717     Purpose:
2718     This function will help render some data more presentable
2719     on HTML forms, particularly pre-setting form field values
2720     which might contain a double-quote. This function may also
2721     be extended to cover other cases.
2722     **********************************************************/
2723     function textOutHTML($incoming) {
2724    
2725     // Replace double quotes with the HTML &quot;
2726     $outgoing = ereg_replace("\"","&quot;",$incoming);
2727    
2728     return $outgoing;
2729    
2730     }
2731    
2732    
2733     /**********************************************************
2734     Function: textSearchmySQL
2735     Author: Paul Bramscher
2736     Last Modified: 05.20.2003
2737     ***********************************************************
2738     Purpose:
2739     This function is to be used on HTML search forms
2740     that might contain a single quote. They are escaped with
2741     a backslash. Any other potential SELECT filtering can
2742     happen here.
2743     **********************************************************/
2744     function textSearchmySQL($incoming) {
2745    
2746     // Replace single quotes with two single quotes
2747     // You may need to uncomment this.
2748     $outgoing = ereg_replace("'","\'",$incoming);
2749    
2750     // You may need to comment this out, and uncomment the previous.
2751     //$outgoing = $incoming;
2752    
2753     return $outgoing;
2754    
2755     }
2756 dpavlin 72 ?>
  ViewVC Help
Powered by ViewVC 1.1.26