1<?php
2/**
3 * Mediante questo file si possono creare, modificare e cancellare nuove statistiche sul database.
4 * Le statistiche sono impostata come query e sono registrate nella tabella di registro "stats"
5 *
6 * @desc File di gestione delle statistiche impostate dall'utente.
7 * @package VFront
8 * @subpackage Stats
9 * @author Mario Marcello Verona <marcelloverona@gmail.com>
10 * @copyright 2007-2010 M.Marcello Verona
11 * @version 0.96 $Id: stat.personal.php 949 2011-04-23 23:22:10Z marciuz $
12 * @license http://www.gnu.org/licenses/gpl.html GNU Public License
13 */
14
15
16require_once("../inc/conn.php");
17require_once("../inc/layouts.php");
18require_once("../inc/func.comuni.php");
19require_once("../inc/func.frontend.php");
20require_once("../inc/func.stat.php");
21//require_once("./stat.graph.php");
22require_once("./stat.graph2.php");
23
24proteggi(1);
25
26
27
28
29############################################
30#
31#	REGISTRA NUOVA
32#
33
34if(isset($_GET['crea']) && count($_POST)>0){
35
36	proteggi(2);
37
38	$_dati = $vmreg->recursive_escape($_POST);
39
40
41	$sql=sprintf("INSERT INTO {$db1['frontend']}{$db1['sep']}stat
42				  (nome_stat, desc_stat, def_stat, auth_stat , autore, tipo_graph, published, data_stat)
43				  VALUES
44				  ('%s','%s','%s',%d,%d,'%s',%d,'%s')",
45				  $_dati['nome_stat'],
46				  $_dati['desc_stat'],
47				  $_dati['def_stat'],
48				  $_dati['auth_stat'],
49				  $_SESSION['user']['uid'],
50				  trim($_dati['tipo_graph']),
51				  $_dati['publish'],
52				  date('Y-m-d H:i:s')
53				  );
54
55	$q=$vmreg->query($sql);
56
57	if($vmreg->affected_rows($q)==1){
58
59		$id=$vmreg->insert_id($db1['frontend'].".stat",'id_stat');
60
61		header("Location: ".$_SERVER['PHP_SELF']."?id_s=$id");
62
63	}
64	else{
65
66		header("Location: index.php?feed=konew");
67	}
68
69
70	exit;
71
72}
73
74
75
76
77
78
79
80
81############################################
82#
83#	APPLICA MODIFICA
84#
85
86if(isset($_GET['applica_mod']) && count($_POST)>0){
87
88	proteggi(2);
89
90	$_dati = $vmreg->recursive_escape($_POST);
91
92
93	$sql=sprintf("UPDATE {$db1['frontend']}{$db1['sep']}stat
94				  SET nome_stat='%s', desc_stat='%s', def_stat='%s',
95					auth_stat=%d , tipo_graph='%s', published=%d, data_stat='%s'
96				  WHERE id_stat=%d
97				  ",
98				  $_dati['nome_stat'],
99				  $_dati['desc_stat'],
100				  $_dati['def_stat'],
101				  $_dati['auth_stat'],
102				  trim($_dati['tipo_graph']),
103				  $_dati['publish'],
104				  date("Y-m-d H:i:s"),
105				  $_dati['id_stat']);
106
107	$q=$vmreg->query($sql);
108
109	if($vmreg->affected_rows($q)==1){
110
111		header("Location: index.php?feed=okmod");
112
113	}
114	else{
115
116		header("Location: index.php?feed=komod");
117	}
118
119
120	exit;
121
122}
123
124
125
126
127
128
129
130
131
132############################################
133#
134#	APPLICA ELIMINA
135#
136
137if(isset($_POST['elimina_stat']) && intval($_POST['elimina_stat'])>0){
138
139	proteggi(2);
140
141	$sql=sprintf("DELETE FROM  {$db1['frontend']}{$db1['sep']}stat
142				  WHERE id_stat=%d
143				  LIMIT 1
144				  ",
145				  $_POST['elimina_stat']);
146
147	$q=$vmreg->query($sql);
148
149	if($vmreg->affected_rows($q)==1){
150
151		header("Location: index.php?feed=okdel");
152
153	}
154	else{
155
156		header("Location: ".$_SERVER['PHP_SELF']."?feed=kodel");
157	}
158
159
160	exit;
161
162}
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178####################################################
179#
180#	CREA UNA NUOVA STATISTICA
181#
182#
183
184if(isset($_GET['new']) || isset($_GET['modifica'])){
185
186	proteggi(2);
187
188	// Caso modifica
189	if(isset($_GET['modifica'])){
190
191		// prendi i dati
192		$q=$vmreg->query("SELECT nome_stat, desc_stat, def_stat, autore, auth_stat, tipo_graph , published
193						FROM {$db1['frontend']}{$db1['sep']}stat WHERE id_stat=".intval($_GET['modifica']));
194
195		$RS=$vmreg->fetch_assoc($q);
196
197
198		// Verifica il diritto di modifica!
199		if($RS['autore']!=$_SESSION['user']['uid'] && $_SESSION['user']['livello']<3){
200
201			header("Location: ".$_SERVER['PHP_SELF']."?errore=noauth");
202			exit;
203		}
204
205		$azione='applica_mod';
206		$titolo=_('Modify statistics');
207		$titolo2=$titolo." <span class=\"var\">".$RS['nome_stat']."</span>";
208
209		$txt_button=_("Modify statistics");
210
211	}
212	else{
213
214		// valori predefiniti
215
216		$RS=array('nome_stat'=>'',
217				  'desc_stat'=>'',
218				  'def_stat'=>'',
219				  'auth_stat'=>1,
220				  'autore'=>'',
221				  'tipo_graph'=>'barre');
222
223
224		$azione='crea';
225
226		$titolo=$titolo2=_("Create new statistic");
227
228		$txt_button=_("Register a new statistic");
229	}
230
231
232
233	$chk_auth[1] = ($RS['auth_stat']==1) ? "checked=\"checked\"" : "";
234	$chk_auth[2] = ($RS['auth_stat']==2) ? "checked=\"checked\"" : "";
235	$chk_auth[3] = ($RS['auth_stat']==3) ? "checked=\"checked\"" : "";
236
237	$chk_tipo_graph[1] = (trim($RS['tipo_graph'])=='barre') ? "checked=\"checked\"" : "";
238	$chk_tipo_graph[2] = (trim($RS['tipo_graph'])=='torta') ? "checked=\"checked\"" : "";
239
240
241
242
243
244
245
246	$files=array('js/test_query.js','js/yav/yav.js','js/yav/yav-config-it.js');
247
248	echo openLayout1($titolo,$files);
249
250	echo breadcrumbs(array("HOME","ADMIN",
251						   "index.php"=>_("statistics"),
252							strtolower($titolo)));
253
254	echo "<h1>$titolo2</h1>\n";
255
256	echo "<script type=\"text/javascript\">
257
258	var rules=new Array();
259
260	rules[0]='nome_stat|required|"._("The name of the statistic is required")."';
261	rules[1]='def_stat|required|"._("No SQL definition for the statistics")."';
262
263	</script>\n";
264
265
266	echo "<form name=\"f1\" action=\"".$_SERVER['PHP_SELF']."?$azione\" method=\"post\" onsubmit=\"return performCheck('f1', rules, 'classic');\" >\n";
267
268	echo "<fieldset style=\"width:70%; padding:20px;\">\n";
269	echo "<legend style=\"font-weigth:bold\">"._("Parameter for new statistic")."</legend>\n";
270
271
272	$input_modifica = (isset($_GET['modifica'])) ? "<input type=\"hidden\" name=\"id_stat\" value=\"".intval($_GET['modifica'])."\" />\n" : "";
273
274	$chk_publish = (isset($_GET['modifica']) && $RS['published']==1) ? 'checked="checked"' : '';
275
276	echo "
277
278		<label for=\"nome_stat\">"._("Name of statistic:")."</label><br />
279		<input type=\"text\" id=\"nome_stat\" name=\"nome_stat\" size=\"40\" maxlength=\"240\" value=\"".$RS['nome_stat']."\" />
280		<div class=\"info-campo\" >"._("Name for custom statistic")."</div>
281
282		<label for=\"desc_stat\">"._("Description of statistic:")."</label><br />
283		<textarea id=\"desc_stat\" name=\"desc_stat\" cols=\"50\" rows=\"4\" >".$RS['desc_stat']."</textarea>
284		<div class=\"info-campo\" >"._("Description of custom statistic")."</div>
285
286		<br />
287
288		<p>"._("Access method for new statistics")."<br />
289			<input type=\"radio\" id=\"auth_stat1\" name=\"auth_stat\" value=\"1\" ".$chk_auth[1]." /> <label for=\"auth_stat1\">"._("Public")."</label><br />
290			<input type=\"radio\" id=\"auth_stat2\" name=\"auth_stat\" value=\"2\" ".$chk_auth[2]." /> <label for=\"auth_stat2\">"._("Accessible only to my group")."</label><br />
291			<input type=\"radio\" id=\"auth_stat3\" name=\"auth_stat\" value=\"3\" ".$chk_auth[3]." /> <label for=\"auth_stat3\">"._("Allow only by me")."</label><br />
292		</p>
293
294
295		<p>
296			<input type=\"hidden\" id=\"publish_0\" name=\"publish\" value=\"0\" />
297			<input type=\"checkbox\" id=\"publish_1\" name=\"publish\" value=\"1\" ".$chk_publish." /> <label for=\"publish_1\">"._("Published in home page")."</label><br />
298		</p>
299
300
301		<p>"._("Type of graph:")."<br />
302			<input type=\"radio\" id=\"graph_type1\" name=\"tipo_graph\" value=\"barre\" ".$chk_tipo_graph[1]." /> <label for=\"graph_type1\">"._("Bar graph")."</label><br />
303			<input type=\"radio\" id=\"graph_type2\" name=\"tipo_graph\" value=\"torta\" ".$chk_tipo_graph[2]." /> <label for=\"graph_type2\">"._("Pie graph")."</label><br />
304		</p>
305
306
307		<label for=\"def_stat\">"._("Definition of statistic")."</label>
308			<input value=\""._("Test")."\" onclick=\"try_query(document.getElementById('def_stat').value,2)\" type=\"button\" />
309			<span id=\"feed_altro_2\" class=\"feed_altro\">&nbsp;</span>
310			<br />
311		<textarea  id=\"def_stat\" name=\"def_stat\" cols=\"60\" rows=\"7\" >".$RS['def_stat']."</textarea>
312		<div class=\"info-campo\" >"._("SQL Query to definie the statistic")."</div>
313
314		$input_modifica
315
316		<input type=\"submit\"  name=\"invia\" value=\"  $txt_button  \" />\n";
317
318
319	echo "</fieldset>\n";
320
321	echo "</form>\n";
322
323	echo closeLayout1();
324
325	exit;
326
327}
328
329
330
331
332
333
334
335
336
337
338#####################################################
339#
340#	MOSTRA UNA STATISTICA DA ID
341#
342#####################################################
343
344
345
346if(isset($_GET['id_s'])){
347
348	$errore=false;
349
350	$ID_STAT= (int) $_GET['id_s'];
351
352	$sql="SELECT s.nome_stat, s.desc_stat, s.def_stat, s.auth_stat , s.autore, s.tipo_graph, s.data_stat, u.gid
353		  FROM {$db1['frontend']}{$db1['sep']}stat s, {$db1['frontend']}{$db1['sep']}utente u
354		  WHERE id_stat=$ID_STAT
355		  AND u.id_utente=s.autore";
356
357	$q=$vmreg->query($sql);
358
359	$RS=$vmreg->fetch_assoc($q);
360
361
362	if($vmreg->num_rows($q)==0){
363
364			$errore='norecord';
365	}
366
367
368
369	// Controllo di propriet� validi per i non admin
370
371
372
373	if($_SESSION['user']['livello']<3){
374
375		if($RS['auth_stat']==2 && $RS['gid']!=$_SESSION['gid']){
376
377			$errore='nogid';
378		}
379
380		if($RS['auth_stat']==3 && $RS['autore']!=$_SESSION['user']['uid']) {
381
382			$errore='nouser';
383		}
384
385	}
386
387
388	// testo la query
389	$test_q1=$vmsql->query_try($RS['def_stat']);
390
391	if($test_q1==0){
392
393		$errore='noquery';
394	}
395	else if($test_q1==-1){
396		$errore='danger';
397	}
398	else{
399
400
401		// Non ci sono errori fino a qui, vai avanti
402
403		$q_stat=$vmsql->query($RS['def_stat']);
404
405		list($etichette, $frequenze)=$vmsql->fetch_row_all($q_stat,true);
406
407
408		// se non ci sono dati
409		if(count($etichette)==0 || count($frequenze)==0){
410
411			$errore='nodata';
412		}
413	}
414
415
416
417	// se non ci sono errori
418	if($errore===false){
419
420		// prendo la frequenza più grande per la scala
421		$duplicato_freq=$frequenze;
422		rsort($duplicato_freq);
423		$scala=$duplicato_freq[0]*1.1;
424
425		$scala = ($scala<5) ? 5: $scala;
426
427		$stima_altezza = round(count($frequenze)*22.5,0);
428
429		$stima_altezza = ($stima_altezza<300) ? 300: $stima_altezza;
430
431		$nome_file_tmp = 'img_pers';
432
433		// Grafico a barre
434		if(trim($RS['tipo_graph'])=='barre'){
435
436			//$grafico=barre($frequenze,$etichette,$scala,$RS['nome_stat'],$nome_file_tmp,550,$stima_altezza);
437			$grafico=barre_pchart($frequenze,$etichette,$scala,$RS['nome_stat'],$nome_file_tmp,550,$stima_altezza);
438		}
439
440		// Grafico a torta
441		else if(trim($RS['tipo_graph'])=='torta'){
442
443			//$grafico=torta($frequenze,$etichette,$RS['nome_stat'],$nome_file_tmp);
444			$grafico=torta_pchart($frequenze,$etichette,$RS['nome_stat'],$nome_file_tmp);
445		}
446
447
448
449
450		if($grafico){
451
452			$OUT='';
453
454			// SCRIVE UNA TABELLA:
455
456			$OUT.="<table summary=\"cont\" class=\"tab-cont\">\n<tr>";
457
458			if($grafico){
459
460				$OUT.= "<td><img src=\""._PATH_TMP_HTTP."/$nome_file_tmp.png?".time()."\" alt=\"test\"   class=\"img-stat\" /></td>\n";
461			}
462
463			if(trim($RS['tipo_graph'])=='torta'){
464				$OUT.= "<td>".stat_tabella($etichette,$frequenze,array("valore","n"),true) . "</td>";
465			}
466			else{
467				$OUT.= "<td>".stat_tabella($etichette,$frequenze,array("valore","n")) . "</td>";
468			}
469
470			$OUT.="</tr></table>\n";
471
472		}
473
474
475		$nome_stat_html=htmlentities(stripslashes($RS['nome_stat']), ENT_QUOTES, FRONT_ENCODING);
476
477		$files=array("sty/stat.css");
478
479		// prendi autore
480		$q_a=$vmreg->query("SELECT ".$vmreg->concat("nome, ' ' , cognome")." FROM {$db1['frontend']}{$db1['sep']}utente WHERE id_utente=".intval($RS['autore']));
481
482		list($nome_autore) = $vmreg->fetch_row($q_a);
483
484		echo openLayout1("Statistica ".$RS['nome_stat'],$files);
485
486
487		if(isset($_GET['ref']) && $_GET['ref']=='home'){
488
489			echo breadcrumbs(array("HOME",$nome_stat_html));
490
491		}
492		else{
493
494			echo breadcrumbs(array("HOME","ADMIN","index.php"=>_("statistics"),$nome_stat_html));
495		}
496
497
498
499		echo "<h1>$nome_stat_html</h1>\n";
500
501		echo "<div style=\"padding:10px; background-color:#FFF2CF;width:40em;margin:3px 3px 16px 3px;border:1px solid #444;\">\n";
502
503		echo "<p><b>"._("Description")."</b>: ".htmlentities($RS['desc_stat'],ENT_QUOTES,FRONT_ENCODING)."</p>";
504		echo "<p><b>"._("Author")."</b>: ".$nome_autore."</p>";
505		echo "<p><b>"._("Definition date")."</b>: ".date_encode($RS['data_stat'])."</p>";
506
507		echo "</div>\n";
508
509		echo $OUT;
510
511		echo closeLayout1();
512	}
513
514	else{
515
516		$files=array("sty/stat.css");
517
518		echo openLayout1(_("Statistic")." ".$RS['nome_stat'],$files);
519
520		if($_GET['ref']=='home'){
521
522			echo breadcrumbs(array("HOME",$nome_stat_html));
523
524		}
525		else{
526			echo breadcrumbs(array("HOME","ADMIN","index.php"=>_("statistics"),$nome_stat_html));
527		}
528
529		echo "<h1>"._("Cannot display the data")."</h1>\n";
530
531		switch($errore){
532
533			case 'nogid' : echo "<p><strong>"._("Warning!")."</strong> "._("You are trying to access a public statistic for a group of users of which you are not a member.")."</p>\n";
534			break;
535
536			case 'nouser' : echo "<p><strong>"._("Warning!")."</strong> "._("You are trying to access a private statistic of which you are not the author.")."</p>\n";
537			break;
538
539			case 'noquery' : echo "<p><strong>"._("Warning!")."</strong> "._("You are trying to access a statistic which seems to have a mistake in the SQL. Please check the query definition")."</p>\n";
540			break;
541
542			case 'nodata' : echo "<p>"._("No data returned for this statistic")."</p>\n";
543			break;
544
545			case 'danger' : echo "<p>"._("The SQL query contains unsafe words and was not performed.")."</p>\n";
546			break;
547
548			case 'norecord' : echo "<p><strong>"._("Warning!")."</strong> "._("You are asking for a non-existent statistic")."</p>\n";
549			break;
550
551			default : echo "<p><strong>"._("Warning!")."</strong> "._("There is a generic error in displaying statistics ")."</p>\n";
552
553		}
554
555
556
557		echo closeLayout1();
558
559	}
560
561
562
563}
564
565
566if(isset($_GET['elimina'])){
567
568		proteggi(2);
569
570		$ID_STAT= (int) $_GET['elimina'];
571
572		$sql="SELECT s.nome_stat, s.desc_stat, s.def_stat, s.auth_stat ,
573			  s.autore, s.tipo_graph, s.data_stat, u.gid, "
574			  .$vmreg->concat("u.nome, ' ' , u.cognome", 'nomecognome')."
575			  FROM {$db1['frontend']}{$db1['sep']}stat s, {$db1['frontend']}{$db1['sep']}utente u
576			  WHERE id_stat=$ID_STAT
577			  AND u.id_utente=s.autore";
578
579		$q=$vmreg->query($sql);
580
581		$RS=$vmreg->fetch_assoc($q);
582
583		echo openLayout1(_("Statistic")." ".$RS['nome_stat']);
584
585		echo breadcrumbs(array("HOME","ADMIN","index.php"=>_("statistics"),_("delete statistic")));
586
587		echo "<h1>"._("Delete statistic")."</h1>\n";
588
589		echo "<div style=\"padding:10px; background-color:#FFF2CF;width:40em;margin:3px 3px 16px 3px;border:1px solid #444;\">\n";
590
591		echo "<p><b>ID</b>: $ID_STAT</p>";
592		echo "<p><b>"._("Description")."</b>: ".htmlentities($RS['desc_stat'],ENT_QUOTES,FRONT_ENCODING)."</p>";
593		echo "<p><b>"._("Author")."</b>: ".$RS['nomecognome']."</p>";
594		echo "<p><b>"._("Graph type")."</b>: ".trim($RS['tipo_graph'])."</p>";
595		echo "<p><b>"._("Definition date")."</b>: ".date_encode($RS['data_stat'])."</p>";
596
597		echo "</div>\n";
598
599
600		echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" >\n";
601
602		// info statistica...
603
604		echo "<p><strong>"._("Warning!")."</strong> "._("Do you really want to remove this statistic? This operation cannot be undone")."</p>\n";
605
606		echo "<input type=\"hidden\" name=\"elimina_stat\" value=\"".intval($_GET['elimina'])."\" />\n";
607		echo "<input type=\"submit\" name=\"esegui_elimina_stat\" value=\""._("Delete statistic")."\" />\n";
608
609		echo "&nbsp; "._("or")." &nbsp; <a href=\"index.php\">"._("go back")."</a>";
610
611		echo "</form>\n";
612
613
614		echo closeLayout1();
615
616
617}
618
619
620?>