$value) { $value = htmlspecialchars($value); // Bugzilla #13 ${$name} = $value; } $tmp = $PHP_SELF; $tmp_root = split("/", $tmp); $tmp_cnt = count($tmp_root); $tmp_cnt--; $link_page = $tmp_root[$tmp_cnt]; //reset($HTTP_POST_VARS); //while (list($name, $value) = each($HTTP_POST_VARS)) { ################################################################## ### STANDARDIZE CONFIGURATION SECTION : MODIFIED BY THE SEARCH ### WIZARD WHEN OUTPUTING FINAL INCLUDE FILE. ################################################################## $SEARCH_NAME = "ctest"; $TABLE_NAME = "UDT_CAMTESTPAGE"; $DROPDOWNBOX_PRIKEY_SORTORDER = "ASC"; $DROPDOWNBOX_DATE_POSTED_SORTORDER = "ASC"; $DROPDOWNBOX_Company_Name = "on"; $DROPDOWNBOX_Company_Name_SORTORDER = "ASC"; $DROPDOWNBOX_Contact_Name = "on"; $DROPDOWNBOX_Contact_Name_SORTORDER = "ASC"; $DROPDOWNBOX_Contact_Phone_SORTORDER = "ASC"; $DROPDOWNBOX_emailaddr_SORTORDER = "ASC"; $DROPDOWNBOX_subjectline_SORTORDER = "ASC"; $DROPDOWNBOX_comments_SORTORDER = "ASC"; $DROPDOWNBOX_AUTO_IMAGE_SORTORDER = "ASC"; $NXT = " Next >> "; $DISPLAY_PRIKEY = "0"; $DISPLAY_DATE_POSTED = "B"; $DISPLAY_Company_Name = "B"; $DISPLAY_Contact_Name = "B"; $DISPLAY_Contact_Phone = "B"; $DISPLAY_emailaddr = "B"; $DISPLAY_subjectline = "B"; $DISPLAY_comments = "B"; $DISPLAY_AUTO_IMAGE = "0"; $DETAILS_DISPLAY = "S"; $DBSEARCH_BASE = "standard"; ################################################################# ### MANAGE RECORD EDIT/UPDATE NOW BEFORE WE CLOUD VARIABLE ### DATA WITH CHANGES. ################################################################# if ($SAVE_UPDATED_REC == "ON") { $ulerr = 0; if ($FILE1 != "none" && $FILE1 != "" && $FILE1['name'] != '') { // Is there even a file here to upload? $filename = "FILE1_name"; $filename = ${$filename}; $filesize = "FILE1_size"; $filesize = ${$filesize}; $FILE = "FILE1"; $FILE = ${$FILE}; // ----------------------------------------------------------------------- // Only allow .JPG and .GIF Images Under 60K, otherwise some idiot will // try to upload a 300dpi scanned image of his dog or something! // ----------------------------------------------------------------------- $fileok = 0; $checkfor = strtolower($filename); $filename = eregi_replace(" ", "_", $filename); // $filename = sterilize($filename); if (strstr($checkfor, ".gif") || strstr($checkfor, ".jpg") || strstr($checkfor, ".jpeg")) { $filename = $filename; $newfile = "$doc_root/images/UDT-UPLOAD_".$filename; if ($filesize < 60000) { $fileok = 1; } $DATA_TABLE_FILENAME = "UDT-UPLOAD_".$filename; // Bad habit of reusing $filename alot! } if($fileok == 1 ) { # Security FIX uncomment to fixcomment // $newfile = stripslashes($newfile); // $tempfile = stripslashes($FILE); // @unlink($newfile); // // if(@copy($tempfile, $newfile)) { $ulerr = 0; } else { $ulerr = 1; } } else { $ulerr = 2; } if ($ulerr == 1) { echo "The server timed out during upload. Retry using the back button."; exit; } if ($ulerr == 2) { echo "This file is larger than 60k or is not a valid file type."; exit; } } // End if there is even a file to upload check // Let's Update the Data Table to Reflect the user changes. Again, we must take the // long way around the bend to do this because we don't know what kind of data is // used in the table... $SQL_STRING = "UPDATE $TABLE_NAME SET "; $tmp_date = ""; // Prepare our tmp date string register $tmp_time = ""; // Prepare our tmp time string register as well reset($HTTP_POST_VARS); // while (list($name, $value) = each($HTTP_POST_VARS)) { foreach($_POST as $name=>$value) { $value = eregi_replace("\n", " ", $value); $value = eregi_replace("\r", "", $value); $value = stripslashes($value); // First strip all slashes for insurance and refreshes $value = addslashes($value); // Now add slashes for proper mysql data storage if (ereg("VALUE_", $name) && !ereg("_DATEYEAR", $name) && !ereg("_DATEMONTH", $name) && !ereg("_DATEDAY", $name) && !ereg("_TIMEHOUR", $name) && !ereg("_TIMEMIN", $name)) { // This is a proper value $name = ereg_replace("VALUE_", "", $name); if ($name == "AUTO_IMAGE" && $FILE1 != "none") { $value = "$DATA_TABLE_FILENAME"; if ($DATA_TABLE_FILENAME == "") { $value = $VALUE_AUTO_IMAGE; } } if (eregi("Email", $name)) { $BRAND_NEW_EMAIL = $value; } $SQL_STRING .= "$name = '$value', "; } if (ereg("_DATE", $name)) { if (ereg("_DATEMONTH", $name)) { $tmp_date .= "$value-"; } if (ereg("_DATEDAY", $name)) { $tmp_date .= "$value"; } if (ereg("_DATEYEAR", $name)) { $tmp_date = "$value-" . $tmp_date; $name = ereg_replace("VALUE_", "", $name); $name = ereg_replace("_DATEYEAR", "", $name); $SQL_STRING .= "$name = '$tmp_date', "; // Now add to SQL string for processing $tmp_date = ""; // Reset tmp date string in case of a second date value } } if (ereg("_TIME", $name)) { if (ereg("_TIMEHOUR", $name)) { $tmp_time .= "$value:"; } if (ereg("_TIMEMIN", $name)) { $tmp_time .= "$value:00"; // Add minute to time string $name = ereg_replace("VALUE_", "", $name); $name = ereg_replace("_TIMEMIN", "", $name); $SQL_STRING .= "$name = '$tmp_time', "; // Now add to SQL string for processing $tmp_time = ""; // Reset tmp time string in case of a second time value } } } // End WHILE loop // A bi-product of this loop method is the extra comma we // get at the end of our new sql_string. Let's remove it. $tmp = strlen($SQL_STRING); $new = $tmp - 2; $SQL_STRING = substr($SQL_STRING, 0, $new); $EDIT_WHERE_STRING = stripslashes($EDIT_WHERE_STRING); $SQL_STRING .= " WHERE prikey = '".$recid."'"; // echo "$SQL_STRING"; // exit; if ( !mysql_query("$SQL_STRING") ) { // UPDATE DATA NOW! //echo "
$SQL_STRING

"; echo "Unable to save record data!

\n"; echo "Check your information for problematic characters like single (apostrophe) and double (standard) quotes, \n"; echo "commas, ampersands (&), semicolons, question marks, etc.

\n"; echo "\n\n\n\n\n\n"; exit; } echo "[ Record Update Complete ]

"; } // End Save/Update Rec Function ################################################################## ### CHECK SECURITY CLEARANCE ################################################################## $ALLOW_ACCESS_DB = 0; if ($GROUPS != "") { $grp_tmp = split(";", $GROUPS); // Split this user's sec code groups into individual array $grp_cnt = count($grp_tmp); // How Many sec groups does this user have access to? for ($gl=0;$gl<=$grp_cnt;$gl++) { // Check Users Access level against required sec level for this search if ($grp_tmp[$gl] != "") { if (eregi("$SEARCH_SECURITY_CODE", $grp_tmp[$gl])) { $ALLOW_ACCESS_DB = 1; } } } } // End if $GROUPS isset if ($SEARCH_SECURITY_CODE == "Public") { $ALLOW_ACCESS_DB = 1; } if ($ALLOW_ACCESS_DB != 1) { $SDB_STEP_CONTROL = "10000"; // Just don't display anything to unauthorized user } ################################################################## ### START INCLUDE FORM DATA. ITS THE SAME NO MATTER WHICH STEP ### THAT WE ARE EXECUTING. ################################################################## echo "
\n"; echo "\n"; // pr variable is provided by the template-builder program ################################################################## // // ######## // ## ## // ## // ## // ## // ## // ## ## // ######### // // INITIAL DISPLAY RESULTS (A) ################################################################## if ($SDB_STEP_CONTROL == 2) { $dropdown_activation = 0; // Zero dropdown & keyword activation flags $keyword_activation = 0; $sort_pass = ""; // Normal Form Submit Read // ------------------------------------------------------- reset($HTTP_POST_VARS); // while (list($name, $value) = each($HTTP_POST_VARS)) { foreach($_POST as $name=>$value) { $value = stripslashes($value); // Strip all slashes from passed data ${$name} = $value; if (eregi("DROPSEARCH_", $name)) { $dropdown_activation = 1; } if (eregi("KEY_SEARCH_FOR", $name)) { $keyword_activation = 1; } $sort_pass .= "&$name=$value"; } // In Case of Sort Command // ------------------------------------------------------- reset($HTTP_GET_VARS); // while (list($name, $value) = each($HTTP_GET_VARS)) { foreach($_POST as $name=>$value) { $value = stripslashes($value); // Strip all slashes from passed data ${$name} = $value; if (eregi("DROPSEARCH_", $name)) { $dropdown_activation = 1; } if (eregi("KEY_SEARCH_FOR", $name)) { $keyword_activation = 1; } $sort_pass .= "&$name=$value"; } // Find which fields are to be search by keyword routine and // place them into $search_fields var $search_fields = ""; $initital_display = ""; $result = mysql_query("SELECT * FROM $TABLE_NAME"); $numberFields = mysql_num_fields($result); $numberFields--; for ($x=0;$x<=$numberFields;$x++) { $fieldname[$x] = mysql_field_name($result, $x); $fieldname[$x] = $fieldname[$x]; $fieldtype[$x] = mysql_field_type($result, $x); $fieldtype[$x] = strtoupper($fieldtype[$x]); $fieldlength[$x] = mysql_field_len($result, $x); $meta = mysql_fetch_field($result, $x); $field_keyflag[$x] = $meta->primary_key; $tmp = "KEYWORD_SEARCH_".$fieldname[$x]; if (${$tmp} == "on") { $search_fields .= "$fieldname[$x],"; } $tmp = "DISPLAY_".$fieldname[$x]; if (${$tmp} == "I" || ${$tmp} == "B") { $initial_display .= "$fieldname[$x],"; } } $str_tmp = strlen($search_fields); $str_new = $str_tmp - 1; $search_fields = substr($search_fields, 0, $str_new); // Remove extra comma in string // In case a single field was selected to search via keywords // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if ($KEY_FIELD_SEARCH != "all") { $search_fields = $KEY_FIELD_SEARCH; $search_fields = rtrim($search_fields); $search_fields = ltrim($search_fields); // Trim extra spaces from right and left of drop down selection } // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $str_tmp = strlen($initial_display); $str_new = $str_tmp - 1; $initial_display = substr($initial_display, 0, $str_new); // Remove extra comma in string $SQL_SEARCH = ""; // Clear search string if ($SQL_LAST_SEARCH == "") { // Check for return from Details Page // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ //if ($SEARCH_BOOL == "" && $dropdown_activation == 1) { if (($SEARCH_BOOL == "" || $SEARCH_BOOL=='SELONLY') && $dropdown_activation == 1) { # This means that there is no keyword search activated and # the entire search is based on drop down selection // Make sure to select prikey so detail link doesn't bomb //=============================================================== if ( !eregi("prikey", $initial_display) ) { $initial_display = "PRIKEY,".$initial_display; } $SQL_SEARCH .= "SELECT $initial_display FROM $TABLE_NAME WHERE ("; $found1 = false; $drop_down_empty_search = ''; reset($HTTP_POST_VARS); // while (list($name, $value) = each($HTTP_POST_VARS)) { foreach($_POST as $name=>$value) { $value = stripslashes($value); // Strip all slashes from passed data if (eregi("DROPSEARCH_", $name)) { $tmp = eregi_replace("DROPSEARCH_", "", $name); if ($value != "") { $SQL_SEARCH .= "$tmp LIKE '$value' AND "; $found1 = true; } else { // Cameron Fix so that searching all works again. $SQL_SEARCH_OTHER .= "$tmp <> 'NULL' OR "; // If you comment this back in it will cause the problem where selecting a value from one dropdown but leaving other dropdowns blank // will select all records because it does a "field = value or [all other dd field options] == <>" // $SQL_SEARCH_OTHER .= "$tmp <> 'NULL' OR "; } } } // End While Loop if($found1==false){ $SQL_SEARCH .= $drop_down_empty_search; } // In Case of Sort Command // ------------------------------------------------------- reset($HTTP_GET_VARS); // while (list($name, $value) = each($HTTP_GET_VARS)) { foreach($_POST as $name=>$value) { $value = stripslashes($value); // Strip all slashes from passed data if (eregi("DROPSEARCH_", $name)) { $tmp = eregi_replace("DROPSEARCH_", "", $name); if ($value != "") { $SQL_SEARCH .= "$tmp LIKE '$value' AND "; $found1 = true; } else { $SQL_SEARCH_OTHER .= "$tmp <> 'NULL' OR "; } } } // End While Loop if(!$found1){ $SQL_SEARCH .= $SQL_SEARCH_OTHER; } $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 4; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra comma in string $SQL_SEARCH .= ")"; } // End if only drop down search // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if (($SEARCH_BOOL == "" || $SEARCH_BOOL == "KEYONLY") && $keyword_activation == 1) { // This means that there is no dropdown selection activated and // the entire search is based on a keyword search $SQL_SEARCH .= "SELECT * FROM $TABLE_NAME WHERE "; $fn_array = split(",", $search_fields); $fn_array_cnt = count($fn_array); // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Now Generate Search Strings // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if ($KEY_SEARCH_FOR == "") { // This must be an "ALL" search for ($x=0;$x<=$fn_array_cnt;$x++) { if ($fn_array[$x] != "") { $SQL_SEARCH .= "$fn_array[$x] <> 'NULL' OR "; } } $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 4; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra comma in string } else { // Then; this means keywords have been entered $KEY_SEARCH_FOR = addslashes($KEY_SEARCH_FOR); // Some ass will use ' or " in search $KEY_SEARCH_FOR = strtoupper($KEY_SEARCH_FOR); // Make search case insensitive $tmp = split(" ", $KEY_SEARCH_FOR); $key_cnt = count($tmp); for ($y=0;$y<=$fn_array_cnt;$y++) { // Outer Loop for field names $SQL_SEARCH .= "("; for ($x=0;$x<=$key_cnt;$x++) { // Inner Loop for keywords if ($tmp[$x] != "" && $fn_array[$y] != "") { $SQL_SEARCH .= "UPPER($fn_array[$y]) LIKE '%$tmp[$x]%' OR "; } } // End inner loop $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 4; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra OR in string $SQL_SEARCH .= ") OR "; } // End outer loop $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 6; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra AND in string } // End Search String Build } // End Keyword Only Search Build // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if ($keyword_activation == 1 && $dropdown_activation == 1 && $SQL_SEARCH == "") { // This is a dual search with a BOOL value if ($SEARCH_BOOL == "KEYANDSEL") { $BOOLEAN_OPER = "AND"; } if ($SEARCH_BOOL == "KEYORSEL") { $BOOLEAN_OPER = "OR"; } $SQL_SEARCH = "SELECT * FROM $TABLE_NAME WHERE ("; $fn_array = split(",", $search_fields); $fn_array_cnt = count($fn_array); // ############################################ // STEP 1: COMPILE KEYWORDS FOR SEARCH CRITERIA // ############################################ if ($SEARCH_BOOL != "SELONLY") { if ($KEY_SEARCH_FOR == "") { // This must be an "ALL" search for ($x=0;$x<=$fn_array_cnt;$x++) { if ($fn_array[$x] != "") { $SQL_SEARCH .= "$fn_array[$x] <> 'NULL' OR "; } } $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 4; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra OR in string } else { // Then; this means keywords have been entered $KEY_SEARCH_FOR = addslashes($KEY_SEARCH_FOR); // Some ass will use ' or " in search $KEY_SEARCH_FOR = strtoupper($KEY_SEARCH_FOR); // Make search case insensitive $tmp = split(" ", $KEY_SEARCH_FOR); $key_cnt = count($tmp); for ($y=0;$y<=$fn_array_cnt;$y++) { // Outer Loop for field names $SQL_SEARCH .= "("; for ($x=0;$x<=$key_cnt;$x++) { // Inner Loop for keywords if ($tmp[$x] != "" && $fn_array[$y] != "") { $SQL_SEARCH .= "UPPER($fn_array[$y]) LIKE '%$tmp[$x]%' OR "; } } // End inner loop $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 4; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra OR in string $SQL_SEARCH .= ") OR "; } // End outer loop $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 6; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra AND in string } // End Search String Build $SQL_SEARCH .= ") $BOOLEAN_OPER ("; } // End Drop Down Only Check // ############################################ // STEP 2: COMPILE DROP DOWN BOX SELECTIONS // Display for selection only // ############################################ //echo "0[$SQL_SEARCH]

"; reset($HTTP_POST_VARS); // while (list($name, $value) = each($HTTP_POST_VARS)) { foreach($_POST as $name=>$value) { $value = stripslashes($value); // Strip all slashes from passed data if (eregi("DROPSEARCH_", $name)) { $tmp = eregi_replace("DROPSEARCH_", "", $name); if ($value != "") { $SQL_SEARCH .= "$tmp = '".str_replace(".", "_", $value)."' AND "; //echo "1(".$SQL_SEARCH.")
"; $foundVal = 1; } } } // End While Loop //echo "1[$SQL_SEARCH]

"; // In Case of Sort Command // ------------------------------------------------------- reset($HTTP_GET_VARS); while (list($name, $value) = each($HTTP_GET_VARS)) { $value = stripslashes($value); // Strip all slashes from passed data if (eregi("DROPSEARCH_", $name)) { $tmp = eregi_replace("DROPSEARCH_", "", $name); if ($value != "") { $SQL_SEARCH .= "$tmp = '".str_replace(".", "_", $value)."' AND "; //echo "1(".$SQL_SEARCH.")
"; $foundVal = 1; } } } //echo "2[$SQL_SEARCH]

"; if($foundVal == 1){ $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 4; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra comma in string $SQL_SEARCH .= ")"; }else{ $str_tmp = strlen($SQL_SEARCH); $str_new = $str_tmp - 8; $SQL_SEARCH = substr($SQL_SEARCH, 0, $str_new); // Remove extra comma in string } //echo "3[$SQL_SEARCH]

"; } // End Dual Search // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Do Search Now... echo line is for testing purposes only and should // remain commented out. If you are having trouble with searches, this // line will print to the screen the final SQL_SEARCH string used to // locate client search // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // echo "[$SQL_SEARCH]

"; } else { // End if $SQL_LAST_SEARCH is blank $SQL_SEARCH = stripslashes($SQL_LAST_SEARCH); } // Parse out trouble characters //============================================================ $SQL_SEARCH = str_replace(".", "_", $SQL_SEARCH); //echo ""; exit; // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Build Sort Routine // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if ($SORT_ORDER == "") { $SORT_ORDER = "ORDER BY PRIKEY"; } else { $SORT_ORDER = "ORDER BY ".$SORT_ORDER; } // Perform actual query now // ------------------------------------ echo "\n\n\n\n"; if(!$result = mysql_query("$SQL_SEARCH $SORT_ORDER")){ echo "\n\n\n\n"; }else{ echo "\n\n\n\n"; } $numfound = mysql_num_rows($result); // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Now display INITIAL results to end-user // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if ($numfound > 0) { // We found matches to this search echo "
\n"; echo "There are [$numfound] record(s) that meet your search criteria.

\n\n"; echo "\n"; echo "          \n"; echo "
\n"; echo "\n\n"; $fn_array = split(",", $initial_display); $fn_array_cnt = count($fn_array); $fn_array_cnt--; echo "\n"; echo "\n"; for ($x=0;$x<=$fn_array_cnt;$x++) { $this_field = eregi_replace("_", " ", $fn_array[$x]); $this_field = strtolower($this_field); $this_field = ucwords($this_field); if ( strtoupper($this_field) != "PRIKEY" ) { $SORT_LINK = "\"Sort\""; echo "\n"; } } echo "\n"; /// Display initial results as form with hidden fields containing mysql search info ###========================================================================================= $i = 0; // Reset Record Count while ($row = mysql_fetch_array($result)) { echo "\n"; if ($BGCOLOR == "WHITE") { $BGCOLOR = "#EFEFEF"; } else { $BGCOLOR = "WHITE"; } echo "\n"; echo "\n"; // Edit Tab echo "\n"; for ($x=0;$x<=$fn_array_cnt;$x++) { $tmp = $row[$fn_array[$x]]; if ( strtoupper($fn_array[$x]) != "PRIKEY" ) { echo "\n"; } } echo "\n"; $i++; } // End While Loop echo "
Details".$SORT_LINK."$this_field
\n"; echo "\n"; echo "\n"; echo "\n"; if($row['PRIKEY'] != '') { echo "\n"; } elseif($row['prikey'] != '') { echo "\n"; } else { echo "\n"; } echo "\n"; echo "$tmp
\n"; } else { echo "
Sorry, there were no records found that match your search.
Please try again.

\n\n"; $SDB_STEP_CONTROL = ""; } } // End Step Two ################################################################## // // ##### // ## // ## // ## // ## // ## // ## // ######### // ################################################################## if ($SDB_STEP_CONTROL == "") { echo "\n"; // ------------------------------------------------------------ // Get all field data about selected use table // ------------------------------------------------------------ $result = mysql_query("SELECT * FROM $TABLE_NAME"); $numberFields = mysql_num_fields($result); $numberFields--; $keyword_activation = 0; $dropdown_activation = 0; for ($x=0;$x<=$numberFields;$x++) { $fieldname[$x] = mysql_field_name($result, $x); $fieldname[$x] = $fieldname[$x]; $fieldtype[$x] = mysql_field_type($result, $x); $fieldtype[$x] = $fieldtype[$x]; $fieldlength[$x] = mysql_field_len($result, $x); $meta = mysql_fetch_field($result, $x); $field_keyflag[$x] = $meta->primary_key; $tmp = "KEYWORD_SEARCH_".$fieldname[$x]; if (${$tmp} == "on") { $keyword_activation = 1; } $tmp = "DROPDOWNBOX_".$fieldname[$x]; if (${$tmp} == "on") { $dropdown_activation = 1; } } // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Start End-User Form Display // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Build Keyword Display // --------------------------------------- $key_opts = "\n"; $tmp = strlen($keydisplay); $new_tmp = $tmp - 2; $keydisplay = substr($keydisplay, 0, $new_tmp); $keydisplay = eregi_replace("_", " ", $keydisplay); // Format Keyword display string for proper viewing $keydisplay = strtolower($keydisplay); $keydisplay = ucwords($keydisplay); $DSP_S = $SEARCH_NAME; $DSP_S = eregi_replace("_", " ", $DSP_S); $SEARCH_COUNT = 1; $USER_FORM = ""; $USER_FORM .= "\n"; $USER_FORM .= "\n"; $USER_FORM .= "

SEARCH $DSP_S

\n"; if ($keyword_activation == 1) { $USER_FORM .= "$SEARCH_COUNT. Search by Keyword: (Separate multiple keywords by spaces)
[ $keydisplay ]

\n"; $USER_FORM .= " in $key_opts

\n"; $SEARCH_COUNT++; } // End, If keywords are in use if ($dropdown_activation == 1) { $USER_FORM .= "$SEARCH_COUNT. Detail Search:

\n"; $USER_FORM .= "\n"; $x = 0; // Reset our field counter $width_count = 0; // Place two drop down selections per row; so lets reset while ($x <= $numberFields) { if ($width_count == 2) { $width_count = 0; $USER_FORM .= "\n"; $spacer_flag = 1; } $tmp_data = "DROPDOWNBOX_".$fieldname[$x]; $tmp_sort = "DROPDOWNBOX_".$fieldname[$x]."_SORTORDER"; $tmp_sort = ${$tmp_sort}; if (${$tmp_data} == "on") { // Has drop down been activated for this field? if ($width_count == 0) { $USER_FORM .= ""; } $this_option = "\n"; $result = mysql_query("SELECT DISTINCT $fieldname[$x] FROM $TABLE_NAME ORDER BY $fieldname[$x] $tmp_sort"); // Index this field while ($row = mysql_fetch_array($result)) { $v = $row[$fieldname[$x]]; $this_option .= "\n"; } $display_fn = eregi_replace("_", " ", $fieldname[$x]); $display_fn = strtolower($display_fn); $display_fn = ucwords($display_fn); $USER_FORM .= "\n"; $width_count++; } // End if Drop Down activated for this field $x++; // Increment our field counter } // End Field While Loop if ($width_count == 0) { $USER_FORM .= "\n"; } if ($width_count == 1 && $spacer_falg == 1) { $USER_FORM .= "\n"; } if ($width_count == 1 && $spacer_flag != 1) { $USER_FORM .= "\n"; } if ($width_count == 2) { $USER_FORM .= "\n"; } $USER_FORM .= "
$display_fn:
 
    
    
\n"; // End Drop Down Table $SEARCH_COUNT++; } // End, If Dropdown Activation is on if ($keyword_activation == 1 && $dropdown_activation == 1) { // Show Search Detail Options // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $USER_FORM .= "

$SEARCH_COUNT. Define Search Method: \n"; $USER_FORM .= "\n\n"; } // End, If keyword + dropdown activation $USER_FORM .= "
\n\n"; $USER_FORM .= "
\n"; // End End-User Display Table // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ echo $USER_FORM; } // End Step One ################################################################## // // ######## // ## // ## // ##### // ## // ## // ## // ####### // ################################################################## if ($SDB_STEP_CONTROL == "3") { echo "\n"; if ($DETAILS_DISPLAY == "C") { // If this is a custom include details page; is so show now include("media/$DETAILS_DISPLAY_INC"); } else { // Otherwise; use standard display echo "\n\n"; echo "\n\n"; echo "
     \n"; echo "     \n"; echo "\n"; echo "
\n\n"; $result = mysql_query("SELECT * FROM $TABLE_NAME"); $numberFields = mysql_num_fields($result); $numberFields--; $detail_display = ""; for ($x=0;$x<=$numberFields;$x++) { $fieldname[$x] = mysql_field_name($result, $x); $fieldname[$x] = $fieldname[$x]; $tmp = "DISPLAY_".$fieldname[$x]; if (${$tmp} == "D" || ${$tmp} == "B") { $detail_display .= "$fieldname[$x], "; } } $str_tmp = strlen($detail_display); $str_new = $str_tmp - 2; $detail_display = substr($detail_display, 0, $str_new); // Remove extra comma in string $SQL_SEARCH = stripslashes($SQL_SEARCH); // Remove slashes from "posted" transfer //$SQL_SEARCH = ereg_replace("SELECT (.*) FROM", "SELECT $detail_display, AUTO_SECURITY_AUTH FROM", $SQL_SEARCH); // Replace previous "selected fields" with Detail fields // echo "[$SQL_SEARCH]

"; $EDIT_SECURITY_CHECK = ""; // Clear Security Check for Record Owner $result = mysql_query("SELECT * FROM $TABLE_NAME WHERE PRIKEY = '$ROW_NUM'"); $i = $ROW_NUM; // Set Row Counter to PriKey Value while ($row = mysql_fetch_array($result)) { if ($i == $ROW_NUM) { // Display this record $EDIT_SECURITY_CHECK = $row[AUTO_SECURITY_AUTH]; // Does this record have an edit MD5 key? if ($row[AUTO_IMAGE] != "NULL" && eregi("AUTO_IMAGE", $detail_display)) { // ############################################ // Show "Image Ready" display for this record // ############################################ $tmp = split(",", $detail_display); $tmp_cnt = count($tmp); // --------------------------------------------------------------------------- // Get Image Data Now because we already know that AUTO_IMAGE has data in it. // --------------------------------------------------------------------------- $iname = $row[AUTO_IMAGE]; $iname = chop($iname); $iname = ltrim($iname); $iname = rtrim($iname); $imagename = "$doc_root/images/$iname"; if (file_exists("$imagename")) { $tempArray = getImageSize("$imagename"); $origW = $tempArray[0]; $origH = "HEIGHT=" . $tempArray[1]; if ($origW > 275) { $origW = "275"; $origH = ""; } $WH = "WIDTH=$origW $origH"; $THIS_IMAGE = ""; } else { $THIS_IMAGE = ""; } // --------------------------------------------------------------------------- echo "\n"; echo "\n"; for ($x=0;$x<=$tmp_cnt;$x++) { // Format Field for proper match $this_field = chop($tmp[$x]); $this_field = ltrim($this_field); $this_field = rtrim($this_field); if ($this_field != "" && $this_field != "AUTO_IMAGE" && $this_field != "AUTO_SECURITY_AUTH") { // In case of wierd split routine; bi-product of PHP if ($row[$this_field] == "NULL") { $display_value = "  "; } else { $display_value = $row[$this_field]; } // Now Let's add some cool stuff like email and web linking, etc. if (eregi("email", $this_field)) { $display_value = "$display_value"; } if (eregi("http://", $display_value)) { $display_value = "$display_value"; } $this_field = strtolower($this_field); $this_field = ucwords($this_field); echo "\n"; $tmp_row_counter++; } } // End For Loop through field names // echo "\n"; // Visual Spacing echo "
  


$THIS_IMAGE
$this_field:$display_value
 
\n"; // ======================= END IMAGE DISPLAY ========================= } else { // ############################################ // Show Non-Image display for this record // ############################################ echo "\n"; $tmp = split(",", $detail_display); $tmp_cnt = count($tmp); $tmp_row_counter = 0; for ($x=0;$x<=$tmp_cnt;$x++) { if ($tmp_row_counter == 0) { echo "\n"; } // Format Field for proper match $this_field = chop($tmp[$x]); $this_field = ltrim($this_field); $this_field = rtrim($this_field); // Check for an authorized user logged in as owner // of this record if ($this_field != "" && $this_field != "AUTO_IMAGE") { // In case of wierd split routine; bi-product of PHP if ($row[$this_field] == "NULL") { $display_value = "  "; } else { $display_value = $row[$this_field]; } // Now Let's add some cool stuff like email and web linking, etc. if (eregi("email", $this_field)) { $display_value = "$display_value"; } if (eregi("http://", $display_value)) { $display_value = "$display_value"; } $this_field = strtolower($this_field); $this_field = ucwords($this_field); echo "\n"; $tmp_row_counter++; } if ($tmp_row_counter == 2) { echo "\n"; $tmp_row_counter = 0; } } // End For Loop through field names if ($tmp_row_counter == 1) { echo "\n"; } // In case of ODD ending count echo "
$this_field:$display_value
 
\n"; } // End Auto_Image Check } // End If ROW_NUM is found $i++; } // End While Loop } // End Details Display Type Check // ------------------------------------------------------------------ // Is the owner of the Record logged in via sec login? If so, allow // this user to edit record data from site now. (Cool Feature if I // do say so myself-- Thanks Jim!) // ------------------------------------------------------------------ if ($GROUPS != "" && $MD5CODE == $EDIT_SECURITY_CHECK) { echo "\n\n
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n\n"; echo "\n\n"; echo "\n\n"; echo "\n\n\n\n"; echo "Welcome $OWNER_NAME. Since this is your record
information, you may edit this data now.

\n"; echo "
\n\n"; } // ------------------------------------------------------------------ echo "
\n\n"; echo "\n\n
\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n\n"; } // End Step Three ################################################################## // // ######## ###### ###### ########## // ## ## ## ## ## // ## ## ## ## ## // ####### ## ## ## ## // ## ## ## ## ## // ## ## ## ## ## // ## ## ## ## ## // ######## ####### ###### ## // ################################################################## if ($EDIT_DB_RECORD == "YES") { $result = mysql_query("SELECT * FROM $TABLE_NAME"); $numberFields = mysql_num_fields($result); $numberFields--; $detail_display = ""; for ($x=0;$x<=$numberFields;$x++) { $fieldname[$x] = mysql_field_name($result, $x); $fieldname[$x] = $fieldname[$x]; $tmp = "DISPLAY_".$fieldname[$x]; if (${$tmp} == "D" || ${$tmp} == "B") { $detail_display .= "$fieldname[$x], "; } } $str_tmp = strlen($detail_display); $str_new = $str_tmp - 2; $detail_display = substr($detail_display, 0, $str_new); // Remove extra comma in string $SQL_SEARCH = stripslashes($SQL_LAST_SEARCH); // Remove slashes from "posted" transfer $SQL_SEARCH = ereg_replace("SELECT (.*) FROM", "SELECT $detail_display FROM", $SQL_SEARCH); // Replace previous "selected fields" with Detail fields $SEC_EMAIL_CHECK = ""; // Clear Security Check for Record Owner One More Time in case we has session thief $result = mysql_query("SELECT $detail_display FROM $TABLE_NAME WHERE PRIKEY = '$PRIKEY_DATA'"); $numberFields = mysql_num_fields($result); $numberFields--; $i = $PRIKEY_DATA; // Reset Row Counter while ($row = mysql_fetch_array($result)) { if ($i == $PRIKEY_DATA) { // Here's our Key! (Crude but effective) for ($z=0;$z<=$numberFields;$z++) { $FIELD_DATA[$z] = $row[$z]; // Place data values into array for next section } } // End if $i $i++; // Must increment count !important! } // End While // -------------------------------------------------------------------------- // Present Edit Form for User. Remember to utilize ENCRYPT-FORM for image // upload capability here. Do we move these images to another folder? You // guys figure it out... I've got a deadline. :) // -------------------------------------------------------------------------- echo "\n\n"; // Close that great idea we had for all the previous steps. :) echo "\n\n
\n\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n\n\n"; echo "\n\n\n"; echo "\n\n\n"; $EDIT_FLAG = "on"; // This routine was used in the tool as well; let's just keep it the same and force feed the edit echo "\n"; $edit_tmp = ""; for ($x=0;$x<=$numberFields;$x++) { if ($BGCOLOR == "WHITE") { $BGCOLOR="#EFEFEF"; } else { $BGCOLOR="WHITE"; } echo "\n"; echo "\n\n"; } // End Field Loop ($x) // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Only Display Upload New Image Feature if "AUTO_IMAGE" is a Display Field. // // DEVNOTE: // If you want to disable this feature, simply comment out the following IF function // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if (eregi("AUTO_IMAGE", $detail_display)) { if ($BGCOLOR == "WHITE") { $BGCOLOR="#EFEFEF"; } else { $BGCOLOR="WHITE"; } echo "\n"; $YES_IMAGE_UPLOAD = 1; } // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Show Submit and finsih form if ($BGCOLOR == "WHITE") { $BGCOLOR="#EFEFEF"; } else { $BGCOLOR="WHITE"; } if ($YES_IMAGE_UPLOAD == 1) { echo "\n\n\n\n"; } else { echo "\n\n\n\n"; } // End Image Upload Check echo "\n"; echo "
\n"; $fieldname[$x] = mysql_field_name($result, $x); $fieldname[$x] = $fieldname[$x]; $fieldtype[$x] = mysql_field_type($result, $x); $fieldlength[$x] = mysql_field_len($result, $x); $fieldtype[$x] = strtoupper($fieldtype[$x]); $meta = mysql_fetch_field($result, $x); if ($EDIT_FLAG == "on") { $this_val = addslashes($FIELD_DATA[$x]); if ($this_val != "") { $edit_tmp .= "$fieldname[$x] LIKE '".str_replace(".", "_", $this_val)."' AND "; } } $display_fieldname = eregi_replace("_", " ", $fieldname[$x]); // Format Field names for screen display $display_textbox = "MAXLENGTH=$fieldlength[$x]"; // Make sure textbox entry can be no longer than set field length echo "$display_fieldname  ($fieldtype[$x]) :\n"; echo ""; if ($fieldtype[$x] == "STRING" || $fieldtype[$x] == "INT") { if ($fieldname[$x] != "AUTO_IMAGE") { if ($meta->primary_key == 1) { $DIS = "DISABLED"; $this_value = "NULL"; if ($FIELD_DATA[$x] != "") { echo "\n"; $this_value = $FIELD_DATA[$x]; } else { echo "\n"; } } else { $DIS = ""; $this_value = "$FIELD_DATA[$x]"; } echo "\n"; } else { echo "\n"; } // End Auto-Image Check } // End STING/INT Check // --------------------------------------------------------- // Check for BLOB Field Now // --------------------------------------------------------- if ($fieldtype[$x] == "BLOB" || $fieldtype[$x] == "LONGBLOB") { echo "\n"; } // --------------------------------------------------------- // Check for Date Field // --------------------------------------------------------- if ($fieldtype[$x] == "DATE") { if ($EDIT_FLAG == "on") { $F_DATA = split("-", $FIELD_DATA[$x]); } $this_month = date("M"); $this_day = date("d"); $this_year = date("Y"); echo " "; echo " "; echo ""; } // End Date Select // --------------------------------------------------------- // Check for Time Field Now // --------------------------------------------------------- if ($fieldtype[$x] == "TIME") { if ($EDIT_FLAG == "on") { $F_DATA = split(":", $FIELD_DATA[$x]); } echo " "; echo " AM"; if ($EDIT_FLAG == "on") { echo "\n\n\n\n"; } } // End Time Selections echo "
\n"; echo "Image Upload Instructions:
If you wish to upload a new image for your record you may do so now. It must be a .GIF or .JPG image that is no \n"; echo "larger than 60k in file size. If you do not know what this means, please consult the webmaster for more details.\n\n"; echo "

\n"; echo "NEW IMAGE:  \n"; echo "\n"; echo "
\n"; echo "\n\n"; echo "
\n
\n"; if ($EDIT_FLAG == "on") { $tmp = strlen($edit_tmp); $new = $tmp - 5; $edit_tmp = substr($edit_tmp, 0, $new); echo "\n\n\n\n"; echo "\n\n\n\n"; } echo "
\n"; } // End Edit Data Record ?>