2017-08-04 16:28:16 +02:00
< ? php
2020-09-07 15:04:06 +02:00
/*
* OpenSTAManager : il software gestionale open source per l ' assistenza tecnica e la fatturazione
2021-01-20 15:08:51 +01:00
* Copyright ( C ) DevCode s . r . l .
2020-09-07 15:04:06 +02:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*/
2017-08-04 16:28:16 +02:00
include_once __DIR__ . '/../../core.php' ;
2019-02-01 17:44:31 +01:00
use Models\Module ;
2017-08-04 16:28:16 +02:00
switch ( filter ( 'op' )) {
case 'update' :
2018-07-19 15:33:32 +02:00
$options2 = htmlspecialchars_decode ( post ( 'options2' ), ENT_QUOTES );
2017-08-04 16:28:16 +02:00
2018-07-19 15:33:32 +02:00
if ( check_query ( $options2 )) {
2024-03-05 16:01:45 +01:00
$dbo -> query ( 'UPDATE `zz_modules` SET `options2`=' . prepare ( $options2 ) . ' WHERE `id`=' . prepare ( $id_record ));
$dbo -> query ( 'UPDATE `zz_modules_lang` SET `title`=' . prepare ( post ( 'title' )) . ' WHERE (`id_record`=' . prepare ( $id_record ) . ' AND `id_lang`=' . prepare ( setting ( 'Lingua' )) . ')' );
2017-08-09 08:11:04 +02:00
$rs = true ;
2017-08-04 16:28:16 +02:00
} else {
$rs = false ;
}
if ( $rs ) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Salvataggio completato!' ));
2017-08-04 16:28:16 +02:00
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Ci sono stati alcuni errori durante il salvataggio!' ));
2017-08-04 16:28:16 +02:00
}
break ;
case 'fields' :
$rs = true ;
2018-11-09 07:17:37 +01:00
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
$queries = ( array ) $_POST [ 'query' ];
foreach ( $queries as $c => $query ) {
if ( check_query ( $query )) {
2017-08-04 16:28:16 +02:00
$array = [
2018-11-09 07:17:37 +01:00
'query' => $query ,
2018-07-19 15:33:32 +02:00
'visible' => post ( 'visible' )[ $c ],
'search' => post ( 'search' )[ $c ],
'slow' => post ( 'slow' )[ $c ],
'format' => post ( 'format' )[ $c ],
2022-02-24 12:55:47 +01:00
'html_format' => post ( 'html_format' )[ $c ],
2018-07-19 15:33:32 +02:00
'summable' => post ( 'sum' )[ $c ],
'search_inside' => post ( 'search_inside' )[ $c ],
'order_by' => post ( 'order_by' )[ $c ],
2017-08-09 08:11:04 +02:00
'id_module' => $id_record ,
2017-08-04 16:28:16 +02:00
];
2024-03-11 11:21:05 +01:00
$name = post ( 'name' )[ $c ];
2018-11-09 07:17:37 +01:00
if ( ! empty ( post ( 'id' )[ $c ]) && ! empty ( $query )) {
2018-07-19 15:33:32 +02:00
$id = post ( 'id' )[ $c ];
2017-08-04 16:28:16 +02:00
$dbo -> update ( 'zz_views' , $array , [ 'id' => $id ]);
2024-03-11 11:21:05 +01:00
$dbo -> update ( 'zz_views_lang' , [
'name' => $name
], [ 'id_record' => $id , 'id_lang' => setting ( 'Lingua' )]);
2018-11-09 07:17:37 +01:00
} elseif ( ! empty ( $query )) {
2018-10-30 20:03:30 +01:00
$array [ 'order' ] = orderValue ( 'zz_views' , 'id_module' , $id_record );
2017-08-04 16:28:16 +02:00
$dbo -> insert ( 'zz_views' , $array );
$id = $dbo -> lastInsertedID ();
}
2017-08-24 10:39:32 +02:00
// Aggiornamento dei permessi relativi
2018-07-19 15:33:32 +02:00
$dbo -> sync ( 'zz_group_view' , [ 'id_vista' => $id ], [ 'id_gruppo' => ( array ) post ( 'gruppi' )[ $c ]]);
2017-08-04 16:28:16 +02:00
} else {
$rs = false ;
}
}
if ( $rs ) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Salvataggio completato!' ));
2017-08-04 16:28:16 +02:00
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Ci sono stati alcuni errori durante il salvataggio!' ));
2017-08-04 16:28:16 +02:00
}
break ;
case 'filters' :
$rs = true ;
2018-11-09 07:17:37 +01:00
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
$queries = ( array ) $_POST [ 'query' ];
foreach ( $queries as $c => $query ) {
$query = $_POST [ 'query' ][ $c ];
2017-08-04 16:28:16 +02:00
2018-11-09 07:17:37 +01:00
if ( check_query ( $query )) {
2017-08-04 16:28:16 +02:00
$array = [
2018-07-19 15:33:32 +02:00
'name' => post ( 'name' )[ $c ],
'idgruppo' => post ( 'gruppo' )[ $c ],
2017-08-09 08:11:04 +02:00
'idmodule' => $id_record ,
2018-11-09 07:17:37 +01:00
'clause' => $query ,
2018-07-19 15:33:32 +02:00
'position' => ! empty ( post ( 'position' )[ $c ]) ? 'HVN' : 'WHR' ,
2017-08-04 16:28:16 +02:00
];
2018-11-09 07:17:37 +01:00
if ( ! empty ( post ( 'id' )[ $c ]) && ! empty ( $query )) {
2018-07-19 15:33:32 +02:00
$id = post ( 'id' )[ $c ];
2017-08-04 16:28:16 +02:00
$dbo -> update ( 'zz_group_module' , $array , [ 'id' => $id ]);
2018-11-09 07:17:37 +01:00
} elseif ( ! empty ( $query )) {
2017-08-04 16:28:16 +02:00
$dbo -> insert ( 'zz_group_module' , $array );
$id = $dbo -> lastInsertedID ();
}
} else {
$rs = false ;
}
}
if ( $rs ) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Salvataggio completato!' ));
2017-08-04 16:28:16 +02:00
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Ci sono stati alcuni errori durante il salvataggio!' ));
2017-08-04 16:28:16 +02:00
}
break ;
case 'change' :
$id = filter ( 'id' );
$rs = $dbo -> fetchArray ( 'SELECT enabled FROM zz_group_module WHERE id=' . prepare ( $id ));
2018-11-09 07:17:37 +01:00
$dbo -> update ( 'zz_group_module' , [
2018-11-30 16:10:15 +01:00
'enabled' => ! empty ( $rs [ 0 ][ 'enabled' ]) ? 0 : 1 ,
2018-11-09 07:17:37 +01:00
], [ 'id' => $id ]);
2017-08-04 16:28:16 +02:00
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Salvataggio completato!' ));
2017-08-04 16:28:16 +02:00
break ;
2017-09-13 13:05:35 +02:00
case 'test' :
2019-02-01 17:44:31 +01:00
$module_query = Util\Query :: getQuery ( Module :: find ( $id_record ));
2017-09-13 13:05:35 +02:00
$dbo -> fetchArray ( $module_query . ' LIMIT 1' );
break ;
2017-08-04 16:28:16 +02:00
case 'delete' :
$id = filter ( 'id' );
$dbo -> query ( 'DELETE FROM `zz_views` WHERE `id`=' . prepare ( $id ));
$dbo -> query ( 'DELETE FROM `zz_group_view` WHERE `id_vista`=' . prepare ( $id ));
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Eliminazione completata!' ));
2017-08-04 16:28:16 +02:00
break ;
case 'delete_filter' :
$id = filter ( 'id' );
$dbo -> query ( 'DELETE FROM `zz_group_module` WHERE `id`=' . prepare ( $id ));
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Eliminazione completata!' ));
2017-08-04 16:28:16 +02:00
break ;
case 'update_position' :
2020-08-06 11:34:32 +02:00
$order = explode ( ',' , post ( 'order' , true ));
2018-11-30 16:10:15 +01:00
2020-08-06 11:34:32 +02:00
foreach ( $order as $i => $id_riga ) {
2024-03-11 11:21:05 +01:00
$dbo -> query ( 'UPDATE `zz_views` SET `order` = ' . prepare ( $i ) . ' WHERE `id`=' . prepare ( $id_riga ));
2017-08-04 16:28:16 +02:00
}
2018-11-30 16:10:15 +01:00
2020-08-25 09:29:32 +02:00
break ;
case 'update_visible' :
$visible = filter ( 'visible' );
$id_riga = filter ( 'id_vista' );
2024-03-11 11:21:05 +01:00
$dbo -> query ( 'UPDATE `zz_views` SET `visible` = ' . prepare ( $visible ) . ' WHERE `id` = ' . prepare ( $id_riga ));
2020-08-25 09:29:32 +02:00
2017-08-04 16:28:16 +02:00
break ;
}