You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
478 lines
28 KiB
478 lines
28 KiB
<?php
|
|
// turn on warnings and notice during developement
|
|
include('initialize/PhpErrorSettings.inc.php');
|
|
// Project: Web Reference Database (refbase) <http://www.refbase.net>
|
|
// Copyright: Matthias Steffens <mailto:refbase@extracts.de> and the file's
|
|
// original author(s).
|
|
//
|
|
// This code is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY. Please see the GNU General Public
|
|
// License for more details.
|
|
//
|
|
// File: ./user_options_modify.php
|
|
// Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/user_options_modify.php $
|
|
// Author(s): Matthias Steffens <mailto:refbase@extracts.de>
|
|
//
|
|
// Created: 26-Oct-04, 20:57
|
|
// Modified: $Date: 2017-04-13 02:00:18 +0000 (Thu, 13 Apr 2017) $
|
|
// $Author: karnesky $
|
|
// $Revision: 1416 $
|
|
|
|
// This script validates user options selected within the form provided by 'user_options.php'.
|
|
// If validation succeeds, it UPDATEs the corresponding table fields for that user and redirects to a receipt page;
|
|
// if it fails, it creates error messages and these are later displayed by 'user_options.php'.
|
|
// TODO: I18n
|
|
|
|
|
|
// Incorporate some include files:
|
|
include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password
|
|
include 'includes/include.inc.php'; // include common functions
|
|
include 'initialize/ini.inc.php'; // include common variables
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// START A SESSION:
|
|
// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
|
|
start_session(true);
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// Initialize preferred display language:
|
|
// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)
|
|
include 'includes/locales.inc.php'; // include the locales
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// Clear any errors that might have been found previously:
|
|
$errors = array();
|
|
|
|
// Write the (POST) form variables into an array:
|
|
foreach($_POST as $varname => $value)
|
|
$formVars[$varname] = $value;
|
|
|
|
// Since checkbox form fields do only get included in the '$_POST' array if they were marked,
|
|
// we have to add appropriate array elements for all checkboxes that weren't set:
|
|
// (we deal with permission checkboxes separately below)
|
|
if (!isset($formVars["export_cite_keys"]))
|
|
$formVars["export_cite_keys"] = "no";
|
|
|
|
if (!isset($formVars["autogenerate_cite_keys"]))
|
|
$formVars["autogenerate_cite_keys"] = "no";
|
|
|
|
if (!isset($formVars["prefer_autogenerated_cite_keys"]))
|
|
$formVars["prefer_autogenerated_cite_keys"] = "no";
|
|
|
|
if (!isset($formVars["use_custom_cite_key_format"]))
|
|
$formVars["use_custom_cite_key_format"] = "no";
|
|
|
|
// $formVars["use_custom_handling_of_nonascii_chars_in_cite_keys"] is handled (differently) below
|
|
|
|
if (!isset($formVars["uniquify_duplicate_cite_keys"]))
|
|
$formVars["uniquify_duplicate_cite_keys"] = "no";
|
|
|
|
if (!isset($formVars["use_custom_text_citation_format"]))
|
|
$formVars["use_custom_text_citation_format"] = "no";
|
|
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// First of all, check if this script was called by something else than 'user_options.php':
|
|
if (!preg_match("#/user_options\.php#i", $referer)) // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'
|
|
{
|
|
// return an appropriate error message:
|
|
$HeaderString = returnMsg($loc["Warning_InvalidCallToScript"] . " '" . scriptURL() . "'!", "warning", "strong", "HeaderString"); // functions 'returnMsg()' and 'scriptURL()' are defined in 'include.inc.php'
|
|
|
|
header("Location: " . $referer); // redirect to calling page
|
|
|
|
exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// (1) OPEN CONNECTION, (2) SELECT DATABASE
|
|
connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php'
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// VALIDATE FORM DATA:
|
|
|
|
// (Note: checking for missing/incorrect input of the language field isn't really necessary if a popup is used as input field -- as it is right now)
|
|
// // Validate the language
|
|
// if (empty($formVars["languageName"]))
|
|
// // Language cannot be a null string
|
|
// $errors["languageName"] = "The language field cannot be blank:";
|
|
|
|
// Validate the number of records per page
|
|
if (($_REQUEST['userID'] != 0) AND !preg_match("/^[1-9]+[0-9]*$/", $formVars["recordsPerPageNo"])) // this form element is disabled for anonymous users ('userID=0')
|
|
$errors["recordsPerPageNo"] = "Please enter a number (positive integer greater than zero):";
|
|
|
|
// Note: currently, the user must select at least one item within the type/style/format lists. Alternatively, we could grey out the corresponding interface elements
|
|
// if a user deselects all items. Or, hiding the corresponding interface elements *completely* would actually give the user the possibility to remove unwanted/unneeded "features"!
|
|
|
|
// Validate the reference type selector
|
|
if (empty($formVars["referenceTypeSelector"]))
|
|
$errors["referenceTypeSelector"] = "You must choose at least one reference type:";
|
|
|
|
// Validate the citation style selector
|
|
if (empty($formVars["citationStyleSelector"]))
|
|
$errors["citationStyleSelector"] = "You must choose at least one citation style:";
|
|
|
|
// Validate the cite format selector
|
|
if (empty($formVars["citationFormatSelector"]))
|
|
$errors["citationFormatSelector"] = "You must choose at least one citation format:";
|
|
|
|
// Validate the export format selector
|
|
if (empty($formVars["exportFormatSelector"]))
|
|
$errors["exportFormatSelector"] = "You must choose at least one export format:";
|
|
|
|
// Validate the main fields selector
|
|
if (($_REQUEST['userID'] != 0) AND empty($formVars["mainFieldsSelector"])) // this form element is disabled for anonymous users ('userID=0')
|
|
$errors["mainFieldsSelector"] = "You must specify at least one field as \"main field\":";
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// Now the script has finished the validation, check if there were any errors:
|
|
if (count($errors) > 0)
|
|
{
|
|
// Write back session variables:
|
|
saveSessionVariable("errors", $errors); // function 'saveSessionVariable()' is defined in 'include.inc.php'
|
|
saveSessionVariable("formVars", $formVars);
|
|
|
|
// There are errors. Relocate back to the client form:
|
|
header("Location: user_options.php?userID=" . $_REQUEST['userID']); // 'userID' got included as hidden form tag by 'user_options.php'
|
|
|
|
exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// If we made it here, then the data is considered valid!
|
|
|
|
// CONSTRUCT SQL QUERY:
|
|
// If a user is logged in and has submitted 'user_options.php' with a 'userID' parameter:
|
|
// (while the admin has no restrictions, a normal user can only submit 'user_options.php' with his own 'userID' as parameter!)
|
|
if (isset($_SESSION['loginEmail']) && ($_REQUEST['userID'] != "")) // -> perform an update:
|
|
{
|
|
if ($loginEmail != $adminLoginEmail) // if not admin logged in ('$adminLoginEmail' is specified in 'ini.inc.php')
|
|
$userID = getUserID($loginEmail); // Get the 'user_id' using 'loginEmail' (function 'getUserID()' is defined in 'include.inc.php')
|
|
else // if the admin is logged in he should be able to make any changes to account data/options of _other_ users...
|
|
$userID = $_REQUEST['userID']; // ...in this case we accept 'userID' from the GET/POST request (it got included as hidden form tag by 'user_options.php')
|
|
|
|
// UPDATE - construct queries to update the relevant table fields for this user
|
|
|
|
// a) update the language field of the 'users' table:
|
|
if ($userID != 0) // the 'languageName' form element is disabled for anonymous users ('userID=0'), and there isn't an entry with 'user_id=0' in table 'users'
|
|
$queryArray[] = "UPDATE $tableUsers SET "
|
|
. "language = " . quote_smart($formVars["languageName"]) . " "
|
|
. "WHERE user_id = " . quote_smart($userID);
|
|
|
|
|
|
if ($loginEmail == $adminLoginEmail) // if the admin is logged in
|
|
{
|
|
// b) update all entries for this user within the 'user_types' table:
|
|
|
|
// - first, get a list of IDs for all types within the 'user_types' table that are available and were enabled by the admin for the current user:
|
|
$enabledUserTypesArray = getEnabledUserFormatsStylesTypes($userID, "type", "", true); // function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php'
|
|
|
|
$enabledUserTypesInSelectedTypesArray = array_intersect($enabledUserTypesArray, $formVars["referenceTypeSelector"]);
|
|
|
|
$enabledUserTypesNOTInSelectedTypesArray = array_diff($enabledUserTypesArray, $formVars["referenceTypeSelector"]);
|
|
|
|
$selectedTypesNOTInEnabledUserTypesArray = array_diff($formVars["referenceTypeSelector"], $enabledUserTypesArray);
|
|
|
|
if (!empty($enabledUserTypesNOTInSelectedTypesArray))
|
|
{
|
|
// - remove types which do exist within the 'user_types' table but were deselected by the admin:
|
|
$enabledUserTypesNOTInSelectedTypesString = implode("|", $enabledUserTypesNOTInSelectedTypesArray); // join array of type IDs using a pipe as separator
|
|
|
|
$queryArray[] = "DELETE FROM $tableUserTypes "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND type_id RLIKE " . quote_smart("^(" . $enabledUserTypesNOTInSelectedTypesString . ")$");
|
|
}
|
|
|
|
if (!empty($selectedTypesNOTInEnabledUserTypesArray))
|
|
{
|
|
// - insert types that were selected by the admin but which do not yet exist within the 'user_types' table:
|
|
$selectedTypesNOTInEnabledUserTypesString = implode("|", $selectedTypesNOTInEnabledUserTypesArray); // join array of type IDs using a pipe as separator
|
|
|
|
$insertTypesQuery = "INSERT INTO $tableUserTypes VALUES ";
|
|
|
|
foreach ($selectedTypesNOTInEnabledUserTypesArray as $newUserTypeID)
|
|
$insertTypesQueryValues[] = "(NULL, " . quote_smart($newUserTypeID) . ", " . quote_smart($userID) . ", 'true')";
|
|
|
|
$queryArray[] = $insertTypesQuery . implode(", ", $insertTypesQueryValues) . ";";
|
|
}
|
|
|
|
// ---------------------
|
|
// c) update all entries for this user within the 'user_styles' table:
|
|
|
|
// - first, get a list of IDs for all styles within the 'user_styles' table that are available and were enabled by the admin for the current user:
|
|
$enabledUserStylesArray = getEnabledUserFormatsStylesTypes($userID, "style", "", true); // function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php'
|
|
|
|
$enabledUserStylesInSelectedStylesArray = array_intersect($enabledUserStylesArray, $formVars["citationStyleSelector"]);
|
|
|
|
$enabledUserStylesNOTInSelectedStylesArray = array_diff($enabledUserStylesArray, $formVars["citationStyleSelector"]);
|
|
|
|
$selectedStylesNOTInEnabledUserStylesArray = array_diff($formVars["citationStyleSelector"], $enabledUserStylesArray);
|
|
|
|
if (!empty($enabledUserStylesNOTInSelectedStylesArray))
|
|
{
|
|
// - remove styles which do exist within the 'user_styles' table but were deselected by the admin:
|
|
$enabledUserStylesNOTInSelectedStylesString = implode("|", $enabledUserStylesNOTInSelectedStylesArray); // join array of style IDs using a pipe as separator
|
|
|
|
$queryArray[] = "DELETE FROM $tableUserStyles "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND style_id RLIKE " . quote_smart("^(" . $enabledUserStylesNOTInSelectedStylesString . ")$");
|
|
}
|
|
|
|
if (!empty($selectedStylesNOTInEnabledUserStylesArray))
|
|
{
|
|
// - insert styles that were selected by the admin but which do not yet exist within the 'user_styles' table:
|
|
$selectedStylesNOTInEnabledUserStylesString = implode("|", $selectedStylesNOTInEnabledUserStylesArray); // join array of style IDs using a pipe as separator
|
|
|
|
$insertStylesQuery = "INSERT INTO $tableUserStyles VALUES ";
|
|
|
|
foreach ($selectedStylesNOTInEnabledUserStylesArray as $newUserStyleID)
|
|
$insertStylesQueryValues[] = "(NULL, " . quote_smart($newUserStyleID) . ", " . quote_smart($userID) . ", 'true')";
|
|
|
|
$queryArray[] = $insertStylesQuery . implode(", ", $insertStylesQueryValues) . ";";
|
|
}
|
|
|
|
// ---------------------
|
|
// d) update all cite entries for this user within the 'user_formats' table:
|
|
|
|
// - first, get a list of IDs for all cite formats within the 'user_formats' table that are available and were enabled by the admin for the current user:
|
|
$enabledUserFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "cite", true); // function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php'
|
|
|
|
$enabledUserFormatsInSelectedFormatsArray = array_intersect($enabledUserFormatsArray, $formVars["citationFormatSelector"]);
|
|
|
|
$enabledUserFormatsNOTInSelectedFormatsArray = array_diff($enabledUserFormatsArray, $formVars["citationFormatSelector"]);
|
|
|
|
$selectedFormatsNOTInEnabledUserFormatsArray = array_diff($formVars["citationFormatSelector"], $enabledUserFormatsArray);
|
|
|
|
if (!empty($enabledUserFormatsNOTInSelectedFormatsArray))
|
|
{
|
|
// - remove cite formats which do exist within the 'user_formats' table but were deselected by the admin:
|
|
$enabledUserFormatsNOTInSelectedFormatsString = implode("|", $enabledUserFormatsNOTInSelectedFormatsArray); // join array of format IDs using a pipe as separator
|
|
|
|
$queryArray[] = "DELETE FROM $tableUserFormats "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND format_id RLIKE " . quote_smart("^(" . $enabledUserFormatsNOTInSelectedFormatsString . ")$");
|
|
}
|
|
|
|
if (!empty($selectedFormatsNOTInEnabledUserFormatsArray))
|
|
{
|
|
// - insert cite formats that were selected by the admin but which do not yet exist within the 'user_formats' table:
|
|
$selectedFormatsNOTInEnabledUserFormatsString = implode("|", $selectedFormatsNOTInEnabledUserFormatsArray); // join array of format IDs using a pipe as separator
|
|
|
|
$insertFormatsQuery = "INSERT INTO $tableUserFormats VALUES ";
|
|
|
|
foreach ($selectedFormatsNOTInEnabledUserFormatsArray as $newUserFormatID)
|
|
$insertFormatsQueryValues[] = "(NULL, " . quote_smart($newUserFormatID) . ", " . quote_smart($userID) . ", 'true')";
|
|
|
|
$queryArray[] = $insertFormatsQuery . implode(", ", $insertFormatsQueryValues) . ";";
|
|
}
|
|
|
|
// ---------------------
|
|
// e) update all export entries for this user within the 'user_formats' table:
|
|
|
|
// - first, get a list of IDs for all export formats within the 'user_formats' table that are available and were enabled by the admin for the current user:
|
|
$enabledUserFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "export", true); // function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php'
|
|
|
|
$enabledUserFormatsInSelectedFormatsArray = array_intersect($enabledUserFormatsArray, $formVars["exportFormatSelector"]);
|
|
|
|
$enabledUserFormatsNOTInSelectedFormatsArray = array_diff($enabledUserFormatsArray, $formVars["exportFormatSelector"]);
|
|
|
|
$selectedFormatsNOTInEnabledUserFormatsArray = array_diff($formVars["exportFormatSelector"], $enabledUserFormatsArray);
|
|
|
|
if (!empty($enabledUserFormatsNOTInSelectedFormatsArray))
|
|
{
|
|
// - remove export formats which do exist within the 'user_formats' table but were deselected by the admin:
|
|
$enabledUserFormatsNOTInSelectedFormatsString = implode("|", $enabledUserFormatsNOTInSelectedFormatsArray); // join array of format IDs using a pipe as separator
|
|
|
|
$queryArray[] = "DELETE FROM $tableUserFormats "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND format_id RLIKE " . quote_smart("^(" . $enabledUserFormatsNOTInSelectedFormatsString . ")$");
|
|
}
|
|
|
|
if (!empty($selectedFormatsNOTInEnabledUserFormatsArray))
|
|
{
|
|
// - insert export formats that were selected by the admin but which do not yet exist within the 'user_formats' table:
|
|
$selectedFormatsNOTInEnabledUserFormatsString = implode("|", $selectedFormatsNOTInEnabledUserFormatsArray); // join array of format IDs using a pipe as separator
|
|
|
|
$insertFormatsQuery = "INSERT INTO $tableUserFormats VALUES ";
|
|
|
|
foreach ($selectedFormatsNOTInEnabledUserFormatsArray as $newUserFormatID)
|
|
$insertFormatsQueryValues[] = "(NULL, " . quote_smart($newUserFormatID) . ", " . quote_smart($userID) . ", 'true')";
|
|
|
|
$queryArray[] = $insertFormatsQuery . implode(", ", $insertFormatsQueryValues) . ";";
|
|
}
|
|
|
|
// ---------------------
|
|
// f) update all permission settings for this user within the 'user_permissions' table:
|
|
|
|
// get all user permissions for the current user (as they were before submit of 'user_options.php'):
|
|
$userPermissionsArray = getPermissions($userID, "user", false); // function 'getPermissions()' is defined in 'include.inc.php'
|
|
|
|
// copy all array elements that deal with permission settings from the '$formVars' array to '$updatedUserPermissionsArray':
|
|
// (note that, except hidden permission settings, only those permission settings were included in the '$formVars' array whose checkboxes were marked!)
|
|
$updatedUserPermissionsArray = array();
|
|
foreach($formVars as $itemKey => $itemValue)
|
|
if (preg_match("/^allow/i", $itemKey))
|
|
$updatedUserPermissionsArray[$itemKey] = $itemValue; // allow the particular feature ('$itemValue' will be 'yes' anyhow)
|
|
|
|
// then, all permission settings that aren't contained within '$updatedUserPermissionsArray' must have been unchecked:
|
|
// (note: this logic only works if all permission settings queried by function 'getPermissions()' are also made available by 'user_options.php' -- either as checkbox or as hidden form tag!)
|
|
foreach($userPermissionsArray as $permissionKey => $permissionValue)
|
|
if (!isset($updatedUserPermissionsArray[$permissionKey]))
|
|
$updatedUserPermissionsArray[$permissionKey] = 'no'; // disallow the particular feature
|
|
|
|
// update all user permissions for the current user:
|
|
$updateSucceeded = updateUserPermissions(array($userID), $updatedUserPermissionsArray); // function 'updateUserPermissions()' is defined in 'include.inc.php'
|
|
}
|
|
|
|
// ---------------------------------------------------------------
|
|
|
|
else // if a normal user is logged in
|
|
{
|
|
// b) update all entries for this user within the 'user_types' table:
|
|
$typeIDString = implode("|", $formVars["referenceTypeSelector"]); // join array of type IDs using a pipe as separator
|
|
|
|
$queryArray[] = "UPDATE $tableUserTypes SET "
|
|
. "show_type = \"true\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND type_id RLIKE " . quote_smart("^(" . $typeIDString . ")$");
|
|
|
|
$queryArray[] = "UPDATE $tableUserTypes SET "
|
|
. "show_type = \"false\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND type_id NOT RLIKE " . quote_smart("^(" . $typeIDString . ")$");
|
|
|
|
// c) update all entries for this user within the 'user_styles' table:
|
|
$styleIDString = implode("|", $formVars["citationStyleSelector"]); // join array of style IDs using a pipe as separator
|
|
|
|
$queryArray[] = "UPDATE $tableUserStyles SET "
|
|
. "show_style = \"true\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND style_id RLIKE " . quote_smart("^(" . $styleIDString . ")$");
|
|
|
|
$queryArray[] = "UPDATE $tableUserStyles SET "
|
|
. "show_style = \"false\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND style_id NOT RLIKE " . quote_smart("^(" . $styleIDString . ")$");
|
|
|
|
// d) update all cite entries for this user within the 'user_formats' table:
|
|
$citeFormatIDString = implode("|", $formVars["citationFormatSelector"]); // join array of format IDs using a pipe as separator
|
|
|
|
$queryArray[] = "UPDATE $tableUserFormats SET "
|
|
. "show_format = \"true\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND format_id RLIKE " . quote_smart("^(" . $citeFormatIDString . ")$");
|
|
|
|
$queryArray[] = "UPDATE $tableUserFormats SET "
|
|
. "show_format = \"false\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND format_id NOT RLIKE " . quote_smart("^(" . $citeFormatIDString . ")$");
|
|
|
|
// e) update all export entries for this user within the 'user_formats' table:
|
|
$exportFormatIDString = implode("|", $formVars["exportFormatSelector"]); // join array of format IDs using a pipe as separator
|
|
|
|
$queryArray[] = "UPDATE $tableUserFormats SET "
|
|
. "show_format = \"true\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND format_id RLIKE " . quote_smart("^(" . $exportFormatIDString . ")$");
|
|
|
|
$queryArray[] = "UPDATE $tableUserFormats SET "
|
|
. "show_format = \"false\" "
|
|
. "WHERE user_id = " . quote_smart($userID) . " AND format_id NOT RLIKE " . quote_smart("^(" . $exportFormatIDString . ")$") . " AND format_id NOT RLIKE " . quote_smart("^(" . $citeFormatIDString . ")$"); // we need to include '$citeFormatIDString' here, otherwise the user's selected cite formats would get deleted again
|
|
}
|
|
|
|
// ---------------------------------------------------------------
|
|
|
|
// f) update the user's options in the 'user_options' table:
|
|
if (!isset($formVars["use_custom_handling_of_nonascii_chars_in_cite_keys"]))
|
|
$nonASCIICharsInCiteKeys = "NULL"; // use the site default given in '$handleNonASCIICharsInCiteKeysDefault' in 'ini.inc.php'
|
|
else
|
|
$nonASCIICharsInCiteKeys = quote_smart($formVars["nonascii_chars_in_cite_keys"]); // use the setting chosen by the user
|
|
|
|
if ($userID != 0)
|
|
{
|
|
$recordsPerPage = $formVars["recordsPerPageNo"];
|
|
$showAutoCompletions = $formVars["showAutoCompletionsRadio"];
|
|
$mainFieldsString = implode(", ", $formVars["mainFieldsSelector"]); // join array of the user's preferred main fields using a comma (and whitespace) as separator
|
|
}
|
|
else // the 'recordsPerPageNo', 'showAutoCompletionsRadio' and 'mainFieldsSelector' form elements are disabled for anonymous users ('userID=0'), so we load the defaults:
|
|
{
|
|
$recordsPerPage = getDefaultNumberOfRecords(0); // function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
|
|
$showAutoCompletions = getPrefAutoCompletions(0); // function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
|
|
$mainFieldsString = implode(", ", getMainFields(0)); // function 'getMainFields()' is defined in 'include.inc.php'
|
|
}
|
|
|
|
// we account for the possibility that no entry in table 'user_options' exists for the current user
|
|
// (in which case an entry will be added):
|
|
|
|
// check if there's already an entry for the current user within the 'user_options' table:
|
|
// CONSTRUCT SQL QUERY:
|
|
$query = "SELECT option_id FROM $tableUserOptions WHERE user_id = " . quote_smart($userID);
|
|
|
|
// RUN the query on the database through the connection:
|
|
$result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'
|
|
|
|
if (mysqli_num_rows($result) == 1) // if there's already an existing user_data entry, we perform an UPDATE action:
|
|
$queryArray[] = "UPDATE $tableUserOptions SET "
|
|
. "export_cite_keys = " . quote_smart($formVars["export_cite_keys"])
|
|
. ", autogenerate_cite_keys = " . quote_smart($formVars["autogenerate_cite_keys"])
|
|
. ", prefer_autogenerated_cite_keys = " . quote_smart($formVars["prefer_autogenerated_cite_keys"])
|
|
. ", use_custom_cite_key_format = " . quote_smart($formVars["use_custom_cite_key_format"])
|
|
. ", cite_key_format = " . quote_smart($formVars["cite_key_format"])
|
|
. ", uniquify_duplicate_cite_keys = " . quote_smart($formVars["uniquify_duplicate_cite_keys"])
|
|
. ", nonascii_chars_in_cite_keys = " . $nonASCIICharsInCiteKeys // already quote_smart
|
|
. ", use_custom_text_citation_format = " . quote_smart($formVars["use_custom_text_citation_format"])
|
|
. ", text_citation_format = " . quote_smart($formVars["text_citation_format"])
|
|
. ", records_per_page = " . quote_smart($recordsPerPage)
|
|
. ", show_auto_completions = " . quote_smart($showAutoCompletions)
|
|
. ", main_fields = " . quote_smart($mainFieldsString)
|
|
. " WHERE user_id = " . quote_smart($userID);
|
|
|
|
else // otherwise we perform an INSERT action:
|
|
$queryArray[] = "INSERT INTO $tableUserOptions SET "
|
|
. "export_cite_keys = " . quote_smart($formVars["export_cite_keys"])
|
|
. ", autogenerate_cite_keys = " . quote_smart($formVars["autogenerate_cite_keys"])
|
|
. ", prefer_autogenerated_cite_keys = " . quote_smart($formVars["prefer_autogenerated_cite_keys"])
|
|
. ", use_custom_cite_key_format = " . quote_smart($formVars["use_custom_cite_key_format"])
|
|
. ", cite_key_format = " . quote_smart($formVars["cite_key_format"])
|
|
. ", uniquify_duplicate_cite_keys = " . quote_smart($formVars["uniquify_duplicate_cite_keys"])
|
|
. ", nonascii_chars_in_cite_keys = " . $nonASCIICharsInCiteKeys // already quote_smart
|
|
. ", use_custom_text_citation_format = " . quote_smart($formVars["use_custom_text_citation_format"])
|
|
. ", text_citation_format = " . quote_smart($formVars["text_citation_format"])
|
|
. ", records_per_page = " . quote_smart($recordsPerPage)
|
|
. ", show_auto_completions = " . quote_smart($showAutoCompletions)
|
|
. ", main_fields = " . quote_smart($mainFieldsString)
|
|
. ", user_id = " . quote_smart($userID)
|
|
. ", option_id = NULL"; // inserting 'NULL' into an auto_increment PRIMARY KEY attribute allocates the next available key value
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
// (3) RUN the queries on the database through the connection:
|
|
foreach($queryArray as $query)
|
|
$result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'
|
|
|
|
// ----------------------------------------------
|
|
|
|
// we'll only update the appropriate session variables if either a normal user is logged in -OR- the admin is logged in AND the updated user data are his own:
|
|
if (($loginEmail != $adminLoginEmail) | (($loginEmail == $adminLoginEmail) && ($userID == getUserID($loginEmail))))
|
|
{
|
|
// Write back session variables:
|
|
saveSessionVariable("userLanguage", $formVars["languageName"]); // function 'saveSessionVariable()' is defined in 'include.inc.php'
|
|
|
|
// Note: the user's types/styles/formats will be written to their corresponding session variables in function 'getVisibleUserFormatsStylesTypes()'
|
|
// which will be called by the following receipt page ('user_receipt.php') anyhow, so we won't call the function here...
|
|
// The same is true for the user's preferred number of records per page, the user's pref setting to show auto-completions and for the
|
|
// list of "main fields" which will be saved to session variables from within 'user_receipt.php' thru functions 'getMainFields()',
|
|
// 'getDefaultNumberOfRecords()' and 'getPrefAutoCompletions()', respectively.
|
|
}
|
|
|
|
// Clear the 'errors' and 'formVars' session variables so a future <form> is blank:
|
|
deleteSessionVariable("errors"); // function 'deleteSessionVariable()' is defined in 'include.inc.php'
|
|
deleteSessionVariable("formVars");
|
|
|
|
// ----------------------------------------------
|
|
|
|
// (4) Now show the user RECEIPT:
|
|
header("Location: user_receipt.php?userID=$userID");
|
|
|
|
// (5) CLOSE the database connection:
|
|
disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
|
|
|
|
// --------------------------------------------------------------------
|
|
?>
|