1<?php 2require_once dirname(__FILE__).'/accesscheck.php'; 3 4$id = !empty($_GET['id']) ? sprintf('%d', $_GET['id']) : 0; 5ob_end_flush(); 6 7if (!$id) { 8 Fatal_Error($GLOBALS['I18N']->get('No such attribute:')." $id"); 9 10 return; 11} 12 13if (!isset($tables['attribute'])) { 14 $tables['attribute'] = 'attribute'; 15 $tables['user_attribute'] = 'user_attribute'; 16} 17if (!isset($table_prefix)) { 18 $table_prefix = 'phplist_'; 19} 20 21$res = Sql_Query("select * from $tables[attribute] where id = $id"); 22$data = Sql_Fetch_array($res); 23$table = $table_prefix.'listattr_'.$data['tablename']; 24switch ($data['type']) { 25 case 'checkboxgroup': 26 case 'select': 27 case 'radio': 28 break; 29 default: 30 print $GLOBALS['I18N']->get('This datatype does not have editable values'); 31 32 return; 33} 34 35?> 36<div class="panel"> 37 <div class="header"></div><!-- ENDOF .header --> 38 <div class="content"> 39 <h3 id="attribute-name"><?php echo htmlspecialchars(stripslashes($data['name'])) ?></h3> 40 <div class="actions"> 41 <?php 42 echo PageLinkButton('attributes', s('Back to attributes'), ''); 43 44 if (!isset($_GET['action']) || $_GET['action'] != 'new') { 45 echo PageLinkButton('editattributes', $GLOBALS['I18N']->get('add new'), "id=$id&action=new"); 46 } 47 48 $button = new ConfirmButton( 49 s('Are you sure you want to delete all values?'), 50 PageURL2("editattributes&id=$id&deleteall=yes", s('delete all')), 51 s('Delete all')); 52 53 echo $button->show(); 54 ?> 55 </div> 56 <hr/> 57 <?php echo formStart(' class="editattributesAdd" ') ?> 58 <input type="hidden" name="action" value="add"/> 59 <input type="hidden" name="id" value="<?php echo $id ?>"/> 60 61 62 <?php 63 64 if (isset($_POST['addnew'])) { 65 $items = explode("\n", $_POST['itemlist']); 66 $query = sprintf('select max(listorder) as listorder from %s', $table); 67 $maxitem = Sql_Fetch_Row_Query($query); 68 if (!Sql_Affected_Rows() || !is_numeric($maxitem[0])) { 69 $listorder = 1; // insert the listorder as it's in the textarea / start with 1 ' 70 } else { 71 $listorder = $maxitem[0] + 1; // One more than the maximum 72 } 73 foreach ($items as $key => $val) { 74 $val = strip_tags($val); 75 if ($val != '') { 76 $query = sprintf('insert into %s (name,listorder) values("%s","%s")', $table, $val, $listorder); 77 $result = Sql_query($query); 78 } 79 ++$listorder; 80 } 81 } 82 83 if (isset($_POST['listorder']) && is_array($_POST['listorder'])) { 84 foreach ($_POST['listorder'] as $key => $val) { 85 Sql_Query(sprintf('update %s set listorder = %d where id = %d', sql_escape($table), $val, $key)); 86 } 87 } 88 89 function giveAlternative($table, $delete, $attributeid) 90 { 91 echo $GLOBALS['I18N']->get('Alternatively you can replace all values with another one:').formStart(' class="editattributesAlternatives" '); 92 echo '<select name="replace"><option value="0">-- '.$GLOBALS['I18N']->get('Replace with').'</option>'; 93 $req = Sql_Query("select * from $table order by listorder,name"); 94 while ($row = Sql_Fetch_array($req)) { 95 if ($row['id'] != $delete) { 96 printf('<option value="%d">%s</option>', $row['id'], $row['name']); 97 } 98 } 99 echo '</select>'; 100 printf('<input type="hidden" name="delete" value="%d" />', $delete); 101 printf('<input type="hidden" name="id" value="%d" />', $attributeid); 102 printf('<input class="submit" type="submit" name="deleteandreplace" value="%s" /><hr class="line" />', 103 $GLOBALS['I18N']->get('Delete and replace')); 104 } 105 106 function deleteItem($table, $attributeid, $delete) 107 { 108 global $tables; 109 if (isset($_REQUEST['replace'])) { 110 $replace = sprintf('%d', $_REQUEST['replace']); 111 } else { 112 $replace = 0; 113 } 114 // delete the index in delete 115 $valreq = Sql_Fetch_Row_query("select name from $table where id = $delete"); 116 $val = $valreq[0]; 117 118 // check dependencies 119 $dependencies = array(); 120 $result = Sql_query("select distinct userid from $tables[user_attribute] where 121 attributeid = $attributeid and value = $delete"); 122 while ($row = Sql_fetch_array($result)) { 123 array_push($dependencies, $row['userid']); 124 } 125 126 if (count($dependencies) == 0) { 127 $result = Sql_query("delete from $table where id = $delete"); 128 } elseif ($replace) { 129 $result = Sql_Query("update $tables[user_attribute] set value = $replace where value = $delete"); 130 $result = Sql_query("delete from $table where id = $delete"); 131 } else { 132 echo $GLOBALS['I18N']->get('Cannot delete'); 133 echo " <b>$val</b><br />"; 134 echo $GLOBALS['I18N']->get('The following subscriber(s) are dependent on this value<br />Update the subscriber profiles to not use this attribute value and try again').'<br/>'; 135 136 for ($i = 0; $i < count($dependencies); ++$i) { 137 echo PageLink2('user', $GLOBALS['I18N']->get('user').' '.$dependencies[$i], 138 "id=$dependencies[$i]")."<br />\n"; 139 if ($i > 10) { 140 echo $GLOBALS['I18N']->get('* Too many to list, total dependencies:').' 141 ' .count($dependencies).'<br /><br />'; 142 giveAlternative($table, $delete, $attributeid); 143 144 return 0; 145 } 146 } 147 echo '<br />'; 148 giveAlternative($table, $delete, $attributeid); 149 } 150 151 return 1; 152 } 153 154 if (isset($_GET['delete'])) { 155 if (!verifyCsrfGetToken(true)) { 156 echo Error(s('No Access')); 157 158 return; 159 } 160 deleteItem($table, $id, sprintf('%d', $_GET['delete'])); 161 } elseif (isset($_GET['deleteall'])) { 162 if (!verifyCsrfGetToken(true)) { 163 echo Error(s('No Access')); 164 165 return; 166 } 167 $count = 0; 168 $errcount = 0; 169 $res = Sql_Query("select id from $table"); 170 while ($row = Sql_Fetch_Row($res)) { 171 if (deleteItem($table, $id, $row[0])) { 172 ++$count; 173 } else { 174 ++$errcount; 175 if ($errcount > 10) { 176 echo $GLOBALS['I18N']->get('* Too many errors, quitting')."<br /><br /><br />\n"; 177 break; 178 } 179 } 180 } 181 } 182 183 if (isset($_GET['action']) && $_GET['action'] == 'new') { 184 185 // ?? 186 ?> 187 188 <p><?php echo $GLOBALS['I18N']->get('Add new').' '.htmlspecialchars(stripslashes($data['name'])).', '.$GLOBALS['I18N']->get('one per line') ?></p> 189 <textarea name="itemlist" rows="20" cols="50"></textarea> 190 <input class="submit" type="submit" name="addnew" 191 value="<?php echo $GLOBALS['I18N']->get('Add new').' '.htmlspecialchars(stripslashes($data['name'])) ?>"/> 192 <br/> 193 <hr/> 194 <?php 195 196 } 197 198 $req = Sql_query("SELECT * FROM $table order by listorder,name"); 199 $num = Sql_Affected_Rows(); 200 if ($num < ATTRIBUTEVALUE_REORDER_LIMIT && $num > 25) { 201 printf('<input class="submit" type="submit" name="action" value="%s" /><br /><br />', 202 $GLOBALS['I18N']->get('Change order')); 203 } 204 205 while ($row = Sql_Fetch_array($req)) { 206 printf('<div class="row-value"><span class="delete"><a href="javascript:deleteRec(\'%s\');">'.$GLOBALS['I18N']->get('delete').'</a></span>', 207 PageURL2('editattributes', '', "id=$id&delete=".$row['id'])); 208 if ($num < ATTRIBUTEVALUE_REORDER_LIMIT) { 209 printf(' <input type="text" name="listorder[%d]" value="%s" size="5" class="listorder" />', $row['id'], 210 $row['listorder']); 211 } 212 printf(' %s %s </div>', htmlspecialchars($row['name']), 213 ($row['name'] == $data['default_value']) ? '('.$GLOBALS['I18N']->get('default').')' : ''); 214 } 215 if ($num && $num < ATTRIBUTEVALUE_REORDER_LIMIT) { 216 printf('<br /><input class="submit" type="submit" name="action" value="%s" />', 217 $GLOBALS['I18N']->get('Change order')); 218 } 219 220 ?> 221 </form> 222 223 </div> <!-- eo content --> 224</div> <!-- eo panel --> 225