✏️ 正在编辑: UserFields.php
路径:
/home/eblama1/sms.karnplayinland.com/modules/Users/UserFields.php
提示:
您可以编辑任何文件(包括二进制文件),但请注意不当修改可能导致文件损坏。
<?php /** * User Fields * * @package RosarioSIS * @subpackage modules */ require_once 'ProgramFunctions/Fields.fnc.php'; $_REQUEST['id'] = issetVal( $_REQUEST['id'], '' ); $_REQUEST['category_id'] = issetVal( $_REQUEST['category_id'], '' ); DrawHeader( ProgramTitle() ); //$_ROSARIO['allow_edit'] = true; if ( isset( $_POST['tables'] ) && is_array( $_POST['tables'] ) && AllowEdit() ) { $table = issetVal( $_REQUEST['table'] ); if ( ! in_array( $table, [ 'staff_field_categories', 'staff_fields' ] ) ) { // Security: SQL prevent INSERT or UPDATE on any table $table = ''; $_REQUEST['tables'] = []; } foreach ( (array) $_REQUEST['tables'] as $id => $columns ) { // FJ fix SQL bug invalid sort order. if ( ( empty( $columns['SORT_ORDER'] ) || is_numeric( $columns['SORT_ORDER'] ) ) && ( empty( $columns['COLUMNS'] ) || is_numeric( $columns['COLUMNS'] ) ) ) { // FJ added SQL constraint TITLE is not null. if ( ! isset( $columns['TITLE'] ) || ! empty( $columns['TITLE'] ) ) { if ( isset( $columns['SELECT_OPTIONS'] ) && $columns['SELECT_OPTIONS'] ) { // @since 6.0 Trim select options. $columns['SELECT_OPTIONS'] = trim( $columns['SELECT_OPTIONS'] ); } // FJ Fix PHP fatal error: check Include file exists. if ( isset( $columns['INCLUDE'] ) && $columns['INCLUDE'] ) { $include_file_path = 'modules/' . $columns['INCLUDE'] . '.inc.php'; // @since 4.5 Include Student/User Info tab from custom plugin. $plugins_include_file_path = 'plugins/' . $columns['INCLUDE'] . '.inc.php'; if ( ! file_exists( $include_file_path ) && ! file_exists( $plugins_include_file_path ) ) { // File does not exist: reset + error. unset( $columns['INCLUDE'] ); $error[] = sprintf( _( 'The include file was not found: "%s"' ), $include_file_path . ', ' . $plugins_include_file_path ); } } // Update Field / Category. if ( $id !== 'new' ) { if ( isset( $columns['CATEGORY_ID'] ) && $columns['CATEGORY_ID'] != $_REQUEST['category_id'] ) { $_REQUEST['category_id'] = $columns['CATEGORY_ID']; } DBUpdate( $table, $columns, [ 'ID' => (int) $id ] ); } // New Field / Category. else { $insert_columns = []; // New Field. if ( $table === 'staff_fields' ) { if ( isset( $columns['CATEGORY_ID'] ) ) { $_REQUEST['category_id'] = $columns['CATEGORY_ID']; unset( $columns['CATEGORY_ID'] ); } $insert_columns = [ 'CATEGORY_ID' => (int) $_REQUEST['category_id'] ]; } $id = DBInsert( $table, $insert_columns + $columns, 'id' ); if ( $id ) { if ( $table === 'staff_fields' ) { AddDBField( 'staff', $id, $columns['TYPE'] ); $_REQUEST['id'] = $id; } elseif ( $table === 'staff_field_categories' ) { // Add to profile or permissions of user creating it. DBInsert( User( 'PROFILE_ID' ) ? 'profile_exceptions' : 'staff_exceptions', [ ( User( 'PROFILE_ID' ) ? 'PROFILE_ID' : 'USER_ID' ) => ( User( 'PROFILE_ID' ) ? User( 'PROFILE_ID' ) : User( 'STAFF_ID' ) ), 'MODNAME' => 'Users/User.php&category_id=' . $id, 'CAN_USE' => 'Y', 'CAN_EDIT' => 'Y', ] ); $_REQUEST['category_id'] = $id; } } } } else $error[] = _( 'Please fill in the required fields' ); } else $error[] = _( 'Please enter valid Numeric data.' ); } // Unset tables & redirect URL. RedirectURL( 'tables' ); } // Delete Field / Category. if ( $_REQUEST['modfunc'] === 'delete' && AllowEdit() ) { if ( isset( $_REQUEST['id'] ) && intval( $_REQUEST['id'] ) > 0 ) { if ( DeletePrompt( _( 'User Field' ) ) ) { DeleteDBField( 'staff', $_REQUEST['id'] ); // Unset modfunc & ID & redirect URL. RedirectURL( [ 'modfunc', 'id' ] ); } } elseif ( intval( $_REQUEST['category_id'] ) > 0 ) { if ( DeletePrompt( _( 'User Field Category' ) . ' ' . _( 'and all fields in the category' ) ) ) { DeleteDBFieldCategory( 'staff', $_REQUEST['category_id'] ); // Remove from profiles and permissions. $delete_sql = "DELETE FROM profile_exceptions WHERE MODNAME='Users/User.php&category_id=" . $_REQUEST['category_id'] . "';"; $delete_sql .= "DELETE FROM staff_exceptions WHERE MODNAME='Users/User.php&category_id=" . $_REQUEST['category_id'] . "';"; DBQuery( $delete_sql ); // Unset modfunc & category ID & redirect URL. RedirectURL( [ 'modfunc', 'category_id' ] ); } } } if ( ! $_REQUEST['modfunc'] ) { echo ErrorMessage( $error ); $RET = []; $title = ''; // ADDING & EDITING FORM. if ( $_REQUEST['id'] && $_REQUEST['id'] !== 'new' ) { $RET = DBGet( "SELECT ID,CATEGORY_ID,TITLE,TYPE,SELECT_OPTIONS, DEFAULT_SELECTION,SORT_ORDER,REQUIRED, (SELECT TITLE FROM staff_field_categories WHERE ID=CATEGORY_ID) AS CATEGORY_TITLE FROM staff_fields WHERE ID='" . (int) $_REQUEST['id'] . "'" ); $RET = $RET[1]; $title = ParseMLField( $RET['CATEGORY_TITLE'] ) . ' - ' . ParseMLField( $RET['TITLE'] ); } elseif ( $_REQUEST['category_id'] && $_REQUEST['category_id'] !== 'new' && $_REQUEST['id'] !== 'new' ) { $RET = DBGet( "SELECT ID AS CATEGORY_ID,TITLE,ADMIN,TEACHER,PARENT,NONE,SORT_ORDER,INCLUDE,COLUMNS FROM staff_field_categories WHERE ID='" . (int) $_REQUEST['category_id'] . "'" ); $RET = $RET[1]; $title = ParseMLField( $RET['TITLE'] ); } elseif ( $_REQUEST['id'] === 'new' ) { $title = _( 'New User Field' ); $RET['ID'] = 'new'; $RET['CATEGORY_ID'] = $_REQUEST['category_id']; } elseif ( $_REQUEST['category_id'] === 'new' ) { $title = _( 'New User Field Category' ); $RET['CATEGORY_ID'] = 'new'; $RET['COLUMNS'] = ''; $RET['ADMIN'] = $RET['TEACHER'] = $RET['PARENT'] = $RET['NONE'] = ''; $RET['INCLUDE'] = ''; } if ( $_REQUEST['category_id'] && ! $_REQUEST['id'] ) { $extra_fields = []; $extra_fields[] = TextInput( $RET['COLUMNS'], 'tables[' . $_REQUEST['category_id'] . '][COLUMNS]', _( 'Display Columns' ), ' type="number" min="1" max="6"' ); if ( $_REQUEST['category_id'] != 1 ) { $extra_fields[] = '<table><tr class="st"><td>' . CheckboxInput( $RET['ADMIN'], 'tables[' . $_REQUEST['category_id'] . '][ADMIN]', _( 'Administrator' ), '', $_REQUEST['category_id'] === 'new', button( 'check' ), button( 'x' ) ) . '</td><td>' . CheckboxInput( $RET['TEACHER'], 'tables[' . $_REQUEST['category_id'] . '][TEACHER]', _( 'Teacher' ), '', $_REQUEST['category_id'] === 'new', button( 'check' ), button( 'x' ) ) . '</td></tr><tr><td>' . CheckboxInput( $RET['PARENT'], 'tables[' . $_REQUEST['category_id'] . '][PARENT]', _( 'Parent' ), '', $_REQUEST['category_id'] === 'new', button( 'check' ), button( 'x' ) ) . '</td><td>' . CheckboxInput( $RET['NONE'], 'tables[' . $_REQUEST['category_id'] . '][NONE]', _( 'No Access' ), '', $_REQUEST['category_id'] === 'new', button( 'check' ), button( 'x' ) ) . '</td></tr></table>' . FormatInputTitle( _( 'Profiles' ), '', false, '' ); } if ( $_REQUEST['category_id'] > 2 || $_REQUEST['category_id'] === 'new' ) { // TODO: check if INCLUDE file (+ ".inc.php") exsits. $extra_fields[] = TextInput( $RET['INCLUDE'], 'tables[' . $_REQUEST['category_id'] . '][INCLUDE]', _( 'Include (should be left blank for most categories)' ) ); } } echo GetFieldsForm( 'staff', $title, $RET, issetVal( $extra_fields, [] ) ); // CATEGORIES. $categories_RET = DBGet( "SELECT ID,TITLE,SORT_ORDER FROM staff_field_categories ORDER BY SORT_ORDER IS NULL,SORT_ORDER,TITLE" ); // DISPLAY THE MENU. echo '<div class="st">'; FieldsMenuOutput( $categories_RET, $_REQUEST['category_id'] ); echo '</div>'; // FIELDS. if ( $_REQUEST['category_id'] && $_REQUEST['category_id'] !== 'new' && $categories_RET ) { $fields_RET = DBGet( "SELECT ID,TITLE,TYPE,SORT_ORDER FROM staff_fields WHERE CATEGORY_ID='" . (int) $_REQUEST['category_id'] . "' ORDER BY SORT_ORDER IS NULL,SORT_ORDER,TITLE", [ 'TYPE' => 'MakeFieldType' ] ); echo '<div class="st">'; FieldsMenuOutput( $fields_RET, $_REQUEST['id'], $_REQUEST['category_id'] ); echo '</div>'; } }
💾 保存文件
← 返回文件管理器