/[libdata]/branches/paul/admin/include/app_controls.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /branches/paul/admin/include/app_controls.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 67 - (show annotations)
Thu Mar 18 19:24:54 2004 UTC (20 years, 1 month ago) by dpavlin
File size: 83390 byte(s) 
updated to libdata 2.00
1 <?php
2 /**********************************************************
3 Function Library: app_controls.php
4 Original Author: Paul Bramscher <brams006@umn.edu>
5 Last Modified: 03.15.2004
6 ***********************************************************
7 Comments:
8 Functions here are generally related to drawing of HTML
9 form input: text boxes, drop-down boxes, and radio buttons.
10 Other functions include lookup and picklist related duties.
11
12 These have been separated from forms.php since they are
13 typically used in more than one place. Some are quite
14 generic and are used throughout the system.
15 ***********************************************************
16 Table of Contents:
17 adminReturn
18 authPage
19 authResourceDelete
20 authResourceEdit
21 authSubject
22 dropDownAccountOmit
23 dropDownAuthCourses
24 dropDownAuthPages
25 dropDownAuthSubjects
26 dropDownCourses
27 dropDownCoursesubOmit
28 dropDownCoursesubSelected
29 dropDownFaculty
30 dropDownFacultySelected
31 dropDownField
32 dropDownFieldOmit
33 dropDownFieldSelected
34 dropDownInfotype
35 dropDownPageStaff
36 dropDownPageSubject
37 dropDownResource
38 dropDownServiceLimit
39 dropDownStaff
40 dropDownStaffOmit
41 dropDownStaffSelected
42 existsResSub
43 existsResSubNA
44 existsResSubNOTNA
45 existsRow
46 getNotIn
47 lookupFaculty
48 lookupField
49 lookupStaff
50 msgTableClose
51 msgTableOpen
52 recordCount
53 selectCoursesub
54 selectFaculty
55 selectKey
56 selectStaff
57 statQuery
58 textInmySQL
59 textOutHTML
60 textSearchmySQL
61 **********************************************************/
62
63
64
65 /**********************************************************
66 Function: adminReturn($sess_access_level)
67 Author: Paul Bramscher
68 Last Modified: 07.02.2003
69 ***********************************************************
70 Incoming:
71 $sess_access_level Access level of the current
72 session.
73 ***********************************************************
74 Outgoing:
75 None
76 ***********************************************************
77 Purpose:
78 A simple HTML link back to the author console, used
79 throughout the Lumina(r) system. This function may be
80 (optionally) passed the access level of the current user
81 session. Higher access will display more menu link
82 options. Note that each menu, upon arrival, verifies the
83 session and access level so this presents no security
84 risk.
85 **********************************************************/
86 function adminReturn($sess_access_level) {
87
88 include ("global_vars.php");
89
90 // Return to admin console
91 printf("<center><br>\n");
92 printf("<a href=\"%sconsole.phtml\">Authoring Console</a>", $GLOBAL_ADMIN_URL);
93
94 // If manager or higher
95 if ($sess_access_level >= 100) printf(" | <a href=\"%sconsole_manager.phtml\">Manager Functions</a>", $GLOBAL_ADMIN_URL);
96
97 // If DBA
98 if ($sess_access_level == 1000) printf(" | <a href=\"%sconsole_dba.phtml\">DBA Tools</a>", $GLOBAL_ADMIN_URL);
99
100 printf("</center>");
101 }
102
103
104 /**********************************************************
105 Function: authPage($page_id, $sess_access_level, $sess_staff_id)
106 Author: Paul Bramscher
107 Last Modified: 03.02.2004
108 ***********************************************************
109 Incoming:
110 $page_id Page to test authorization
111 $sess_access_level Access level of the current user
112 session.
113 $sess_staff_id staff id of the current user
114 ***********************************************************
115 Outgoing:
116 1 = authorized to work on this page.
117 0 = non-authorized.
118 ***********************************************************
119 Purpose:
120 A check to ensure whether the current user may access the
121 supplied page. The following rules apply:
122
123 (1) DBA's can edit anything.
124 (2) Managers can edit pages created by anyone within their unit.
125 (3) Page coordinators can edit pages they coordinate.
126 (4) Page maintainers may also edit pages they are assigned to.
127
128 Some scenarios of pages that are NOT editable:
129
130 (1) The original page creator is no longer the coordinator,
131 not a DBA, and not assigned as a maintainer. S/he can no
132 longer edit the page.
133 (2) You are a unit managager and used to have access to a page
134 coordinated by one of your employees. S/he switches units,
135 and is now under a new manager. The page can now be accessed
136 by the manager of the new unit and not yourself.
137
138 etc...
139
140 **********************************************************/
141 function authPage($page_id, $sess_access_level, $sess_staff_id){
142
143 /* Access Table Definitions
144 +-----------+--------------+---------+
145 | access_id | access_level | access |
146 +-----------+--------------+---------+
147 | 1 | 0 | Denied |
148 | 2 | 10 | Guest |
149 | 3 | 20 | Author |
150 | 4 | 100 | Manager |
151 | 5 | 1000 | DBA |
152 +-----------+--------------+---------+
153 */
154
155
156 // Default no authorization
157 $auth_page = 0;
158
159
160 // User is an author. Must be page coordinator or a co-maintainer.
161 if ($sess_access_level == 20) {
162
163 $sql = "SELECT count(DISTINCT p.page_id) AS auth_page FROM
164 page p
165 LEFT JOIN page_staff ps using (page_id)
166 WHERE p.page_id = "
167 . $page_id
168 . " AND (p.staff_coordinator = "
169 . $sess_staff_id
170 . " OR ps.staff_id = "
171 . $sess_staff_id
172 . ")";
173
174 }
175
176
177 // User is a manager. Must be page coordinator, co-maintainer, or manager of
178 // the coordinator's unit.
179 else if ($sess_access_level == 100) {
180
181 // Determine libunit
182 $lu_sql = "SELECT libunit_id FROM libunit
183 WHERE head_staff_id = "
184 . $sess_staff_id;
185 $lu_rs = mysql_tryquery($lu_sql);
186
187 $lu_string = "ls.libunit_id IN (";
188 $first_element = 0;
189
190 // Concatenate the IN clause
191 while ($lu_row = mysql_fetch_array ($lu_rs, MYSQL_ASSOC)) {
192 $libunit_id = $lu_row["libunit_id"];
193 //printf("libunit id was: %d<BR><BR>", $libunit_id);
194
195 if ($first_element == 0) {
196 $first_element = 1;
197 $lu_string .= $libunit_id;
198 }
199 else $lu_string .= ", " . $libunit_id;
200 }
201
202 // Cleanup
203 $lu_string .= ") OR";
204
205 // If nothing found, then return a blank string
206 if ($first_element == 0) $lu_string = "";
207
208 $sql = "SELECT count(DISTINCT p.page_id) AS auth_page
209 FROM page p
210 LEFT JOIN page_staff ps using (page_id)
211 LEFT JOIN libunit_staff ls on p.staff_coordinator = ls.staff_id
212 WHERE p.page_id = "
213 . $page_id
214 . " AND ("
215 . $lu_string
216 . " p.staff_coordinator = "
217 . $sess_staff_id
218 . " OR ps.staff_id = "
219 . $sess_staff_id
220 . ")";
221 }
222
223
224
225 // DBA. Access everything.
226 else if ($sess_access_level == "1000") {
227 $auth_page = 1;
228 }
229
230 // Every other access level. No pages at all!
231 else {
232 $auth_page = 0;
233 }
234
235 // Run the authorized page query if not DBA level
236 if ($sess_access_level >= 20 && $sess_access_level < 1000) {
237
238 $rs = mysql_tryquery($sql);
239 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
240
241 // Collect the access information
242 $auth_page = $row["auth_page"];
243 }
244
245 if ($auth_page > 0) $auth_page = 1;
246
247 return $auth_page;
248
249 }
250
251
252 /**********************************************************
253 Function: authResourceDelete($resource_id, $sess_access_level,
254 $sess_staff_account)
255 Author: Paul Bramscher
256 Last Modified: 03.02.2004
257 ***********************************************************
258 Incoming:
259 $resource_id Resource to test authorization
260 $sess_access_level Access level of the current user
261 session.
262 $sess_staff_account x500 id of the current user
263 ***********************************************************
264 Outgoing:
265 1 = authorized to work on this resource
266 0 = non-authorized.
267 ***********************************************************
268 Purpose:
269 A check to ensure whether the current user may delete the
270 supplied resource. The following rules apply:
271
272 (1) DBA's and managers can delete all resources
273 (2) Any staffperson with access greater than guest and less than
274 manager may delete only those resource s/he has created.
275 **********************************************************/
276 function authResourceDelete($resource_id, $sess_access_level,
277 $sess_staff_account) {
278
279 /* Access Table Definitions
280 +-----------+--------------+---------+
281 | access_id | access_level | access |
282 +-----------+--------------+---------+
283 | 1 | 0 | Denied |
284 | 2 | 10 | Guest |
285 | 3 | 20 | Author |
286 | 4 | 100 | Manager |
287 | 5 | 1000 | DBA |
288 +-----------+--------------+---------+
289 */
290
291
292 // Default no authorization
293 $auth_resource = 0;
294
295 /* If wishing to enforce resource delete access against author access,
296 uncomment this portion -- it's been temporarily commented out to allow
297 conversion staff the ability to tweak resources.
298 */
299
300 // Scenario: guest access < THE USER < manager access
301 if ($sess_access_level > 10 && $sess_access_level < 100 ) {
302
303 $sql = "SELECT count(r.resource_id) AS auth_resource FROM
304 resource r
305 WHERE r.resource_id = "
306 . $resource_id
307 . " AND r.account_created = '"
308 . $sess_staff_account
309 . "'";
310
311 $rs = mysql_tryquery($sql);
312 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
313
314 // Collect the access information
315 $auth_resource = $row["auth_resource"];
316
317 if ($auth_resource > 0) $auth_resource = 1;
318 }
319
320 // Manager or higher access. Great edit/delete access for everything.
321 else if ($sess_access_level >= 100 ) {
322 $auth_resource = 1;
323 }
324
325
326 /* If wishing to enforce resource edit/delete access against author access,
327 uncomment the previous portion and delete this.
328 Note: 08.21.2003 - PFB. Open editing of resources by any author is now verboten.
329
330 // Author or higher access. Grant edit/delete access for everything.
331 if ($sess_access_level >= "10" ) {
332 $auth_resource = 1;
333 }
334 */
335
336 return $auth_resource;
337
338 }
339
340
341 /**********************************************************
342 Function: authResourceEdit($resource_id, $sess_access_level,
343 $sess_staff_account)
344 Author: Paul Bramscher
345 Last Modified: 03.10.2004
346 ***********************************************************
347 Incoming:
348 $resource_id Resource to test authorization
349 $sess_access_level Access level of the current user
350 session.
351 $sess_staff_account x500 id of the current user
352 ***********************************************************
353 Outgoing:
354 1 = authorized to work on this resource
355 0 = non-authorized.
356 ***********************************************************
357 Purpose:
358 A check to ensure whether the current user may edit the
359 supplied resource. The following rules apply:
360
361 (1) Authors and above may edit all resources
362 **********************************************************/
363 function authResourceEdit($resource_id, $sess_access_level,
364 $sess_staff_account) {
365
366 /* Access Table Definitions
367 +-----------+--------------+---------+
368 | access_id | access_level | access |
369 +-----------+--------------+---------+
370 | 1 | 0 | Denied |
371 | 2 | 10 | Guest |
372 | 3 | 20 | Author |
373 | 4 | 100 | Manager |
374 | 5 | 1000 | DBA |
375 +-----------+--------------+---------+
376 */
377
378
379 // Default no authorization
380 $auth_resource = 0;
381
382 /* If wishing to enforce resource edit/delete access against author access,
383 uncomment this portion -- it's been temporarily commented out to allow
384 conversion staff the ability to tweak resources.
385 Note: 08.21.2003 - PFB. Resource editing access is now being enforced again.
386
387
388 // Scenario: guest access < THE USER < manager access
389 if ($sess_access_level > 10 && $sess_access_level < 100 ) {
390
391 $sql = "SELECT count(r.resource_id) AS auth_resource FROM
392 resource r
393 WHERE r.resource_id = "
394 . $resource_id
395 . " AND r.account_created = '"
396 . $sess_staff_account
397 . "'";
398
399 $rs = mysql_tryquery($sql);
400 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
401
402 // Collect the access information
403 $auth_resource = $row["auth_resource"];
404
405 if ($auth_resource > 0) $auth_resource = 1;
406 }
407
408
409
410 // Manager or higher access. Great edit/delete access for everything.
411 else if ($sess_access_level >= "100" ) {
412 $auth_resource = 1;
413 }
414 */
415
416 /* If wishing to enforce resource edit/delete access against author access,
417 uncomment the previous portion and delete this.
418 Note: 08.21.2003 - PFB. Open editing of resources by any author is now verboten.
419 Note: 08.26.2003 - PFB. Editing of resources is allowed, but not deleting.
420 */
421
422 // Author or higher access. Great edit/delete access for everything.
423 if ($sess_access_level >= 10 ) {
424 $auth_resource = 1;
425 }
426
427 return $auth_resource;
428
429 }
430
431
432 /**********************************************************
433 Function: authSubject($sess_access_level, $sess_staff_id,
434 $subject_id)
435 Author: Paul Bramscher
436 Last Modified: 03.02.2004
437 ***********************************************************
438 Incoming:
439 $sess_access_level Access level of the current user
440 session.
441 $sess_staff_id staff id of the current user
442 $subject_id Subject to test authorization
443 ***********************************************************
444 Outgoing:
445 1 = authorized to work on this subject
446 0 = non-authorized.
447 ***********************************************************
448 Purpose:
449 A check to ensure whether the current user may access the
450 supplied subject. The following rules apply:
451
452 (1) DBA's can edit anything.
453 (2) Managers can edit subjects maintained by anyone within their unit,
454 subjects to which they are personally assigned.
455 (3) Any staffperson, regardless of access, may edit subjects to
456 which they are assigned.
457
458
459 **********************************************************/
460 function authSubject($sess_access_level, $sess_staff_id,
461 $subject_id){
462
463 /* Access Table Definitions
464 +-----------+--------------+---------+
465 | access_id | access_level | access |
466 +-----------+--------------+---------+
467 | 1 | 0 | Denied |
468 | 2 | 10 | Guest |
469 | 3 | 20 | Author |
470 | 4 | 100 | Manager |
471 | 5 | 1000 | DBA |
472 +-----------+--------------+---------+
473 */
474
475
476 // Default no authorization
477 $auth_subject = 0;
478
479
480 // Scenario: guest access < THE USER < manager access
481 if ($sess_access_level > 10 && $sess_access_level < 100 ) {
482
483 $sql = "SELECT count(DISTINCT s.subject_id) AS auth_subject FROM
484 subject s
485 LEFT JOIN sub_staff st using (subject_id)
486 WHERE s.subject_id = "
487 . $subject_id
488 . " AND st.staff_id = "
489 . $sess_staff_id;
490
491 }
492
493
494 // User is a manager.
495 else if ($sess_access_level == 100) {
496
497
498 // Determine libunit
499 $lu_sql = "SELECT libunit_id FROM libunit
500 WHERE head_staff_id = "
501 . $sess_staff_id;
502 $lu_rs = mysql_tryquery($lu_sql);
503
504 $lu_string = "ls.libunit_id IN (";
505 $first_element = 0;
506
507 // Concatenate the IN clause
508 while ($lu_row = mysql_fetch_array ($lu_rs, MYSQL_ASSOC)) {
509 $libunit_id = $lu_row["libunit_id"];
510 //printf("libunit id was: %d<BR><BR>", $libunit_id);
511
512 if ($first_element == 0) {
513 $first_element = 1;
514 $lu_string .= $libunit_id;
515 }
516 else $lu_string .= ", " . $libunit_id;
517 }
518
519 // Cleanup
520 $lu_string .= ") OR";
521
522 // If nothing found, then return a blank string
523 if ($first_element == 0) $lu_string = "";
524
525
526 $sql = "SELECT count(DISTINCT s.subject_id) AS auth_subject FROM
527 subject s
528 LEFT JOIN sub_staff st using (subject_id)
529 LEFT JOIN libunit_staff ls on st.staff_id = ls.staff_id
530 WHERE s.subject_id = "
531 . $subject_id
532 . " AND ("
533 . $lu_string
534 . " st.staff_id = "
535 . $sess_staff_id
536 . ")";
537 }
538
539
540
541 // DBA. Access everything.
542 else if ($sess_access_level == "1000") {
543 $auth_subject = 1;
544 }
545
546 // Every other access level. No subjects at all!
547 else {
548 $auth_subject = 0;
549 }
550
551 // Run the authorized subject query if not DBA level
552 if ($sess_access_level >= 20 && $sess_access_level < 1000) {
553
554 $rs = mysql_tryquery($sql);
555 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
556
557 // Collect the access information
558 $auth_subject = $row["auth_subject"];
559 }
560
561 if ($auth_subject > 0) $auth_subject = 1;
562
563 return $auth_subject;
564
565 }
566
567
568 /**********************************************************
569 Function: dropDownAccountOmit($omit)
570 Author: Paul Bramscher
571 Last Modified: 03.10.2004
572 ***********************************************************
573 Incoming:
574 $omit String of staff's to omit
575 ***********************************************************
576 Outgoing:
577 None
578 ***********************************************************
579 Purpose:
580 Populates a drop-down box on an HTML form with select
581 statements. $omit limits output. Similar to dropDownStaffOmit,
582 but instead of returning the staff_id as the HTML value,
583 it returns the staff_account. This was done for situations in
584 which a relational tie with the staff table is not desirable
585 after the value is inserted. For example, historical statistics.
586 **********************************************************/
587 function dropDownAccountOmit($omit){
588 $sql = "SELECT * from staff "
589 . $omit
590 . " ORDER BY last_name, first_name";
591
592 $rs = mysql_tryquery($sql);
593 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
594 $last_name = $row["last_name"];
595 $first_name = $row["first_name"];
596 $staff_id = $row["staff_id"];
597 $staff_account = $row["staff_account"];
598
599 // Make it look more friendly
600 if ($staff_id == 1) $staff = "(N/A)";
601 else $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
602 printf("<option value = \""
603 . $staff_account
604 . "\" >"
605 . $staff
606 . "</option>\n");
607 };
608 }
609
610
611 /**********************************************************
612 Function: dropDownAuthCourses($sess_access_level, $sess_staff_id)
613 Author: Paul Bramscher
614 Last Modified: 03.02.2004
615 ***********************************************************
616 Incoming:
617 $sess_access_level Access level of the current user
618 session.
619 $sess_staff_id staff id of the current user
620 ***********************************************************
621 Outgoing:
622 None
623 ***********************************************************
624 Purpose:
625 Identical to dropDownAuthPages, except for a pagetype_id = 3
626 and extra LEFT JOIN to the course table to fetch the
627 course_concat field as the course title.
628
629 Populates a drop-down box on an HTML form with select
630 options of CourseScribe pages that the current
631 user has authorization to edit. The following rules apply:
632
633 (1) DBA's can edit anything.
634 (2) Managers can edit pages created by anyone within their unit.
635 (3) Page coordinators can edit pages they coordinate.
636 (4) Page maintainers may also edit pages they are assigned to.
637
638 Some scenarios of pages that are NOT editable:
639
640 (1) The original page creator is no longer the coordinator,
641 not a DBA, and not assigned as a maintainer. S/he can no
642 longer edit the page.
643 (2) You are a unit managager and used to have access to a page
644 coordinated by one of your employees. S/he switches units,
645 and is now under a new manager. The course page can now be
646 accessed by the manager of the new unit and not yourself.
647
648 etc...
649
650 **********************************************************/
651 function dropDownAuthCourses($sess_access_level, $sess_staff_id){
652
653 /* Access Table Definitions
654 +-----------+--------------+---------+
655 | access_id | access_level | access |
656 +-----------+--------------+---------+
657 | 1 | 0 | Denied |
658 | 2 | 10 | Guest |
659 | 3 | 20 | Author |
660 | 4 | 100 | Manager |
661 | 5 | 1000 | DBA |
662 +-----------+--------------+---------+
663 */
664
665
666 // Behave differently based on access level
667 switch ($sess_access_level) {
668
669 // Author. Start from the page table.
670 case "20" :
671 $page_sql = "SELECT DISTINCT
672 p.page_id,
673 c.course_concat
674 FROM page p
675 LEFT JOIN page_staff ps using (page_id)
676 LEFT JOIN course c on p.page_id = c.page_id
677 WHERE p.pagetype_id = 3
678 AND
679 (ps.staff_id = "
680 . $sess_staff_id
681 . " OR p.staff_coordinator = "
682 . $sess_staff_id
683 . ") ORDER BY c.course_concat";
684 break;
685
686 // Manager. Start from the libunit table, work down to pages
687 case "100" :
688
689 // Determine libunit
690 $lu_sql = "SELECT libunit_id FROM libunit
691 WHERE head_staff_id = "
692 . $sess_staff_id;
693 $lu_rs = mysql_tryquery($lu_sql);
694
695 $lu_string = "ls.libunit_id IN (";
696 $first_element = 0;
697
698 // Concatenate the IN clause
699 while ($lu_row = mysql_fetch_array ($lu_rs, MYSQL_ASSOC)) {
700 $libunit_id = $lu_row["libunit_id"];
701
702 if ($first_element == 0) {
703 $first_element = 1;
704 $lu_string .= $libunit_id;
705 }
706 else $lu_string .= ", " . $libunit_id;
707 }
708
709 // Cleanup
710 $lu_string .= ") OR";
711
712 // If nothing found, then return a blank string
713 if ($first_element == 0) $lu_string = "";
714
715 $page_sql = "SELECT DISTINCT
716 p.page_id,
717 c.course_concat
718 FROM page p
719 LEFT JOIN page_staff ps using (page_id)
720 LEFT JOIN course c on p.page_id = c.page_id
721 LEFT JOIN libunit_staff ls on p.staff_coordinator = ls.staff_id
722 WHERE p.pagetype_id = 3
723 AND ("
724 . $lu_string
725 . " ps.staff_id = "
726 . $sess_staff_id
727 . " OR p.staff_coordinator = "
728 . $sess_staff_id
729 . ") ORDER BY c.course_concat";
730 break;
731
732 // DBA. Access everything.
733 case "1000" :
734 dropDownCourses();
735 break;
736
737 // Every other access level. No pages at all!
738 default :
739 break;
740
741 }
742
743 // Run the authorized page query if not DBA level
744 if ($sess_access_level >= 20 && $sess_access_level < 1000) {
745
746 $page_rs = mysql_tryquery($page_sql);
747
748 while ($page_row = mysql_fetch_array ($page_rs, MYSQL_ASSOC)) {
749
750 // Collect the page information
751 $page_id = $page_row["page_id"];
752 $course_concat = $page_row["course_concat"];
753
754 if (strlen($course_concat) > 45) $course_concat = substr($course_concat, 0, 45) . "...";
755
756 // Print the options
757 printf("<option value=\"%d\">%s</option>\n", $page_id, $course_concat);
758 }
759
760 }
761
762 }
763
764
765 /**********************************************************
766 Function: dropDownAuthPages($sess_access_level, $sess_staff_id)
767 Author: Paul Bramscher
768 Last Modified: 03.02.2004
769 ***********************************************************
770 Incoming:
771 $sess_access_level Access level of the current user
772 session.
773 $sess_staff_id staff id of the current user
774 ***********************************************************
775 Outgoing:
776 None
777 ***********************************************************
778 Purpose:
779 Populates a drop-down box on an HTML form with select
780 options of PageScribe pages that the current
781 user has authorization to edit. The following rules apply:
782
783 (1) DBA's can edit anything.
784 (2) Managers can edit pages created by anyone within their unit.
785 (3) Page coordinators can edit pages they coordinate.
786 (4) Page maintainers may also edit pages they are assigned to.
787
788 Some scenarios of pages that are NOT editable:
789
790 (1) The original page creator is no longer the coordinator,
791 not a DBA, and not assigned as a maintainer. S/he can no
792 longer edit the page.
793 (2) You are a unit managager and used to have access to a page
794 coordinated by one of your employees. S/he switches units,
795 and is now under a new manager. The page can now be accessed
796 by the manager of the new unit and not yourself.
797
798 etc...
799
800 **********************************************************/
801 function dropDownAuthPages($sess_access_level, $sess_staff_id){
802
803 /* Access Table Definitions
804 +-----------+--------------+---------+
805 | access_id | access_level | access |
806 +-----------+--------------+---------+
807 | 1 | 0 | Denied |
808 | 2 | 10 | Guest |
809 | 3 | 20 | Author |
810 | 4 | 100 | Manager |
811 | 5 | 1000 | DBA |
812 +-----------+--------------+---------+
813 */
814
815
816 // Behave differently based on access level
817 switch ($sess_access_level) {
818
819 // Editor. Start from the page table.
820 case "20" :
821 $page_sql = "SELECT DISTINCT
822 p.page_id,
823 p.page_title
824 FROM page p
825 LEFT JOIN page_staff ps using (page_id)
826 WHERE p.pagetype_id = 2
827 AND
828 (ps.staff_id = "
829 . $sess_staff_id
830 . " OR p.staff_coordinator = "
831 . $sess_staff_id
832 . ") ORDER BY p.page_title";
833 break;
834
835 // Manager. Start from the libunit table, work down to pages
836 case "100" :
837
838 // Determine libunit
839 $lu_sql = "SELECT libunit_id FROM libunit
840 WHERE head_staff_id = "
841 . $sess_staff_id;
842 $lu_rs = mysql_tryquery($lu_sql);
843
844 $lu_string = "ls.libunit_id IN (";
845 $first_element = 0;
846
847 // Concatenate the IN clause
848 while ($lu_row = mysql_fetch_array ($lu_rs, MYSQL_ASSOC)) {
849 $libunit_id = $lu_row["libunit_id"];
850 printf("libunit id was: %d<BR><BR>", $libunit_id);
851
852 if ($first_element == 0) {
853 $first_element = 1;
854 $lu_string .= $libunit_id;
855 }
856 else $lu_string .= ", " . $libunit_id;
857 }
858
859 // Cleanup
860 $lu_string .= ") OR";
861
862 // If nothing found, then return a blank string
863 if ($first_element == 0) $lu_string = "";
864
865 $page_sql = "SELECT DISTINCT
866 p.page_id,
867 p.page_title
868 FROM page p
869 LEFT JOIN page_staff ps using (page_id)
870 LEFT JOIN libunit_staff ls on p.staff_coordinator = ls.staff_id
871 WHERE p.pagetype_id = 2
872 AND ("
873 . $lu_string
874 . " ps.staff_id = "
875 . $sess_staff_id
876 . " OR p.staff_coordinator = "
877 . $sess_staff_id
878 . ") ORDER BY p.page_title";
879 break;
880
881 // DBA. Access everything.
882 case "1000" :
883 dropDownFieldOmit("page", "page_title", "page_id", " WHERE pagetype_id = 2");
884 break;
885
886 // Every other access level. No pages at all!
887 default :
888 break;
889
890 }
891
892 // Run the authorized page query if not DBA level
893 if ($sess_access_level >= 20 && $sess_access_level < 1000) {
894
895 $page_rs = mysql_tryquery($page_sql);
896
897 while ($page_row = mysql_fetch_array ($page_rs, MYSQL_ASSOC)) {
898
899 // Collect the page information
900 $page_id = $page_row["page_id"];
901 $page_title = $page_row["page_title"];
902
903 if (strlen($page_title) > 39) $page_title = substr($page_title, 0, 39) . "...";
904
905 // Print the options
906 printf("<option value=\"%d\">%s</option>\n", $page_id, $page_title);
907 }
908
909 }
910
911 }
912
913
914 /**********************************************************
915 Function: dropDownAuthSubjects($sess_access_level, $sess_staff_id)
916 Author: Paul Bramscher
917 Last Modified: 03.02.2004
918 ***********************************************************
919 Incoming:
920 $sess_access_level Access level of the current user
921 session.
922 $sess_staff_id staff id of the current user
923 ***********************************************************
924 Outgoing:
925 None
926 ***********************************************************
927 Purpose:
928 Populates a drop-down box on an HTML form with select
929 options of SubjectBuilder pages that the current
930 user has authorization to edit. The following rules apply:
931
932 (1) DBA's can edit anything.
933 (2) Managers can edit subjects on behalf of anyone within their unit.
934 (3) Any staffperson can manage subjects to which s/he is assigned.
935
936 **********************************************************/
937 function dropDownAuthSubjects($sess_access_level, $sess_staff_id){
938
939 /* Access Table Definitions
940 +-----------+--------------+---------+
941 | access_id | access_level | access |
942 +-----------+--------------+---------+
943 | 1 | 0 | Denied |
944 | 2 | 10 | Guest |
945 | 3 | 20 | Author |
946 | 4 | 100 | Manager |
947 | 5 | 1000 | DBA |
948 +-----------+--------------+---------+
949 */
950
951
952 // Behave differently based on access level
953 switch ($sess_access_level) {
954
955 // Editor. Start from the subb_staff table.
956 case "20" :
957 $sql = "SELECT
958 s.subject_id,
959 s.subject
960 FROM subject s
961 LEFT JOIN sub_staff ss using (subject_id)
962 WHERE ss.staff_id = "
963 . $sess_staff_id
964 . " ORDER BY s.subject";
965 break;
966
967 // Manager. Start from the libunit table, work down to pages
968 case "100" :
969
970 // Determine libunit
971 $lu_sql = "SELECT libunit_id FROM libunit
972 WHERE head_staff_id = "
973 . $sess_staff_id;
974 $lu_rs = mysql_tryquery($lu_sql);
975
976 $lu_string = "ls.libunit_id IN (";
977 $first_element = 0;
978
979 // Concatenate the IN clause
980 while ($lu_row = mysql_fetch_array ($lu_rs, MYSQL_ASSOC)) {
981 $libunit_id = $lu_row["libunit_id"];
982 printf("libunit id was: %d<BR><BR>", $libunit_id);
983
984 if ($first_element == 0) {
985 $first_element = 1;
986 $lu_string .= $libunit_id;
987 }
988 else $lu_string .= ", " . $libunit_id;
989 }
990
991 // Cleanup
992 $lu_string .= ") OR";
993
994 // If nothing found, then return a blank string
995 if ($first_element == 0) $lu_string = "";
996
997 $sql = "SELECT DISTINCT
998 s.subject_id,
999 s.subject
1000 FROM subject s
1001 LEFT JOIN sub_staff ss using (subject_id)
1002 LEFT JOIN libunit_staff ls on ss.staff_id = ls.staff_id
1003 WHERE "
1004 . $lu_string
1005 . " ss.staff_id = "
1006 . $sess_staff_id
1007 . " ORDER BY s.subject";
1008
1009 break;
1010
1011 // DBA. Access everything.
1012 case "1000" :
1013 dropDownFieldOmit("subject", "subject", "subject_id", "WHERE SUBJECT_ID > 1");
1014 break;
1015
1016 // Every other access level. No pages at all!
1017 default :
1018 break;
1019
1020 }
1021
1022 // Run the authorized page query if not DBA level
1023 if ($sess_access_level >= 20 && $sess_access_level < 1000) {
1024
1025 $rs = mysql_tryquery($sql);
1026
1027 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1028
1029 // Collect the page information
1030 $subject_id = $row["subject_id"];
1031 $subject = $row["subject"];
1032
1033 // Print the option
1034 printf("<option value=\"%d\">%s</option>\n", $subject_id, $subject);
1035 }
1036
1037 }
1038
1039 }
1040
1041
1042 /**********************************************************
1043 Function: dropDownCourses()
1044 Author: Paul Bramscher
1045 Last Modified: 03.10.2004
1046 ***********************************************************
1047 Incoming:
1048 None
1049 ***********************************************************
1050 Outgoing:
1051 None
1052 ***********************************************************
1053 Purpose:
1054 Populates a drop-down box on an HTML form with courseScribe
1055 courses, listed by course name and designator.
1056 **********************************************************/
1057 function dropDownCourses() {
1058
1059 $sql = "SELECT page_id, course_concat
1060 FROM course
1061 ORDER BY course_concat";
1062
1063 $rs = mysql_tryquery($sql);
1064 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1065 $page_id = $row["page_id"];
1066 $course_concat = $row["course_concat"];
1067
1068 if (strlen($course_concat) > 45) $course_concat = substr($course_concat, 0, 45) . "...";
1069
1070 printf("<option value = \""
1071 . $page_id
1072 . "\" >"
1073 . $course_concat
1074 . "</option>\n");
1075 };
1076 }
1077
1078
1079 /**********************************************************
1080 Function: dropDownCoursesubOmit($omit)
1081 Author: Paul Bramscher
1082 Last Modified: 03.02.2004
1083 ***********************************************************
1084 Incoming:
1085 $omit String of coursesub's to omit
1086 ***********************************************************
1087 Outgoing:
1088 None
1089 ***********************************************************
1090 Purpose:
1091 Populates a drop-down box on an HTML form with select
1092 statements. $omit limits output.
1093 **********************************************************/
1094 function dropDownCoursesubOmit($omit){
1095
1096 $sql = "SELECT
1097 coursesub,
1098 coursesub_descr,
1099 coursesub_id,
1100 cip_code
1101 FROM coursesub "
1102 . $omit
1103 . " ORDER BY coursesub_descr";
1104
1105 // Fetch the values
1106 $rs = mysql_tryquery($sql);
1107 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1108 $coursesub = $row["coursesub"];
1109 $coursesub_id = $row["coursesub_id"];
1110 $coursesub_descr = $row["coursesub_descr"];
1111 $cip_code = $row["cip_code"];
1112
1113 // Limit length
1114 if (strlen($coursesub_descr) > 30)
1115 $coursesub_descr = substr($coursesub_descr, 0, 30) . "...";
1116
1117 printf("<option value = \"%s\">%s | %s [%s]</option>",
1118 $coursesub_id, $coursesub, $coursesub_descr, $cip_code);
1119 }
1120 }
1121
1122
1123 /**********************************************************
1124 Function: dropDownCoursesubSelected($limit, $preselected)
1125 Author: Paul Bramscher
1126 Last Modified: 03.02.2004
1127 ***********************************************************
1128 Incoming:
1129 $limit Additional limit on the box
1130 $preselected Pre-selected course subject
1131 ***********************************************************
1132 Outgoing:
1133 None
1134 ***********************************************************
1135 Purpose:
1136 Populates a drop-down box on an HTML form with select
1137 statements. $limit limits output.
1138 **********************************************************/
1139 function dropDownCoursesubSelected($limit, $preselected){
1140
1141 $sql = "SELECT
1142 coursesub,
1143 coursesub_descr,
1144 coursesub_id,
1145 cip_code
1146 FROM coursesub ";
1147
1148 // Concatenate a limit if provided
1149 if (strlen($limit) > 0) $sql .= $limit;
1150
1151 $sql .= " ORDER BY coursesub_descr";
1152
1153 // Fetch the values
1154 $rs = mysql_tryquery($sql);
1155 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1156 $coursesub = $row["coursesub"];
1157 $coursesub_id = $row["coursesub_id"];
1158 $coursesub_descr = $row["coursesub_descr"];
1159 $cip_code = $row["cip_code"];
1160
1161 // Limit length
1162 if (strlen($coursesub_descr) > 25)
1163 $coursesub_descr = substr($coursesub_descr, 0, 30) . "...";
1164
1165 printf("<option value = \"%d\"", $coursesub_id);
1166 if ($coursesub_id == $preselected) printf(" selected ");
1167 printf(">" . $coursesub . " | " . $coursesub_descr . " [" . $cip_code . "]</option>\n");
1168
1169 }
1170 }
1171
1172
1173 /**********************************************************
1174 Function: dropDownFaculty()
1175 Author: Paul Bramscher
1176 Last Modified: 03.02.2004
1177 ***********************************************************
1178 Incoming:
1179 None
1180 ***********************************************************
1181 Outgoing:
1182 None
1183 ***********************************************************
1184 Purpose:
1185 Populates a drop-down box on an HTML form with select
1186 options of faculty members. They are displayed and ordered
1187 in the following format: "last name, first name (staff account)".
1188 **********************************************************/
1189 function dropDownFaculty(){
1190 // Build the SQL.
1191 $sql = "SELECT *
1192 FROM faculty
1193 ORDER BY faculty_lastname, faculty_firstname, faculty_account";
1194 $rs = mysql_tryquery($sql);
1195
1196 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1197 $faculty_id = $row["faculty_id"];
1198 $faculty_lastname = $row["faculty_lastname"];
1199 $faculty_firstname = $row["faculty_firstname"];
1200 $faculty_account = $row["faculty_account"];
1201
1202 // Make it look more friendly
1203 if ($faculty_id == 1) $faculty = "(N/A)";
1204 else {
1205 $faculty = $faculty_lastname . ", " . $faculty_firstname;
1206 if (strlen($faculty_account) > 0) $faculty .= " (" . $faculty_account . ")";
1207 }
1208
1209 printf("<option value = \""
1210 . $faculty_id
1211 . "\" >"
1212 . $faculty
1213 . "</option>\n");
1214 };
1215 }
1216
1217
1218 /**********************************************************
1219 Function: dropDownFacultyOmit($omit)
1220 Author: Paul Bramscher
1221 Last Modified: 03.10.2004
1222 ***********************************************************
1223 Incoming:
1224 $omit String of human's to omit
1225 ***********************************************************
1226 Outgoing:
1227 None
1228 ***********************************************************
1229 Purpose:
1230 Populates a drop-down box on an HTML form with select
1231 statements. $omit limits output.
1232 **********************************************************/
1233 function dropDownFacultyOmit($omit){
1234 $sql = "SELECT * FROM faculty "
1235 . $omit
1236 . " ORDER BY faculty_lastname, faculty_firstname";
1237 $rs = mysql_tryquery($sql);
1238
1239 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1240 $faculty_id = $row["faculty_id"];
1241 $faculty_lastname = $row["faculty_lastname"];
1242 $faculty_firstname = $row["faculty_firstname"];
1243 $faculty_account = $row["faculty_account"];
1244
1245 // Make it look more friendly
1246 if ($faculty_id == 1) $faculty = "(N/A)";
1247 else {
1248 $faculty = $faculty_lastname . ", " . $faculty_firstname;
1249 if (strlen($faculty_account) > 0) $faculty .= " (" . $faculty_account . ")";
1250 }
1251
1252 printf("<option value = \""
1253 . $faculty_id
1254 . "\" >"
1255 . $faculty
1256 . "</option>\n");
1257 };
1258 }
1259
1260
1261 /**********************************************************
1262 Function: dropDownFacultySelected($limit, $preselected)
1263 Author: Paul Bramscher
1264 Last Modified: 03.02.2004
1265 ***********************************************************
1266 Incoming:
1267 $limit Any WHERE clause
1268 $preselected Incoming faculty person to preselect
1269 ***********************************************************
1270 Outgoing:
1271 None
1272 ***********************************************************
1273 Purpose:
1274 Populates a drop-down box on an HTML form with select
1275 statements. $omit limits output.
1276 **********************************************************/
1277 function dropDownFacultySelected($limit, $preselected){
1278 $sql = "SELECT * FROM faculty "
1279 . $limit
1280 . " ORDER BY faculty_lastname, faculty_firstname";
1281 $rs = mysql_tryquery($sql);
1282
1283 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1284 $faculty_id = $row["faculty_id"];
1285 $faculty_lastname = $row["faculty_lastname"];
1286 $faculty_firstname = $row["faculty_firstname"];
1287 $faculty_account = $row["faculty_account"];
1288
1289 // Make it look more friendly
1290 if ($faculty_id == 1) $faculty = "(N/A)";
1291 else {
1292 $faculty = $faculty_lastname . ", " . $faculty_firstname;
1293 }
1294
1295 printf("<option value = \"%d\"", $faculty_id);
1296 if ($faculty_id == $preselected) printf(" selected ");
1297 printf(">" . $faculty . "</option>\n");
1298 };
1299 }
1300
1301
1302 /**********************************************************
1303 Function: dropDownField($table, $field_display,
1304 $field_value)
1305 Author: Paul Bramscher
1306 Last Modified: 03.10.2004
1307 ***********************************************************
1308 Incoming:
1309 $table Table in database to search
1310 $field_display Select displayed to user
1311 $field_value Actual value of the HTML tag
1312 ***********************************************************
1313 Outgoing:
1314 None
1315 ***********************************************************
1316 Purpose:
1317 Populates a drop-down box on an HTML form with select
1318 options. They are ordered by the $field_display field.
1319 Typically, $field_value is the primary key field.
1320 **********************************************************/
1321 function dropDownField($table, $field_display, $field_value){
1322
1323 $sql = "SELECT "
1324 . $field_display
1325 . ", "
1326 . $field_value
1327 . " FROM "
1328 . $table
1329 . " ORDER BY "
1330 . $field_display;
1331 $rs = mysql_tryquery($sql);
1332
1333 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1334 $field_display_item = $row[$field_display];
1335 if (strlen($field_display_item) > 40) $field_display_item = substr($field_display_item, 0, 39) . "...";
1336 $field_value_item = $row[$field_value];
1337 printf("<option value = \""
1338 . $field_value_item
1339 . "\" >"
1340 . $field_display_item
1341 . "</option>\n");
1342 };
1343 }
1344
1345
1346 /**********************************************************
1347 Function: dropDownFieldOmit($table, $field_display,
1348 $field_value, $where)
1349 Author: Paul Bramscher
1350 Last Modified: 03.10.2004
1351 ***********************************************************
1352 Incoming:
1353 $table Table in database to search
1354 $field_display Select displayed to user
1355 $field_value Actual value of the HTML tag
1356 $where SQL criteria in the list to exlude
1357 ***********************************************************
1358 Outgoing:
1359 None
1360 ***********************************************************
1361 Purpose:
1362 Populates a drop-down box on an HTML form with select
1363 options. They are ordered by the $field_display field.
1364 Typically, $field_value is the primary key field. $where
1365 can be used to filter out results.
1366 **********************************************************/
1367 function dropDownFieldOmit($table, $field_display,
1368 $field_value, $where){
1369
1370 $sql = "SELECT "
1371 . $field_display
1372 . ", "
1373 . $field_value
1374 . " FROM "
1375 . $table
1376 . " "
1377 . $where
1378 . " ORDER BY "
1379 . $field_display;
1380 $rs = mysql_tryquery($sql);
1381
1382 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1383 $field_display_item = $row[$field_display];
1384 if (strlen($field_display_item) > 40) $field_display_item = substr($field_display_item, 0, 39) . "...";
1385 $field_value_item = $row[$field_value];
1386 printf("<option value = \""
1387 . $field_value_item
1388 . "\" >"
1389 . $field_display_item
1390 . "</option>\n");
1391 };
1392 }
1393
1394
1395 /**********************************************************
1396 Function: dropDownFieldSelected($table, $field_display,
1397 $field_value, $limit, $preselected)
1398 Author: Paul Bramscher
1399 Last Modified: 03.02.2004
1400 ***********************************************************
1401 Incoming:
1402 $table Table in database to search
1403 $field_display Select displayed to user
1404 $field_value Actual value of the HTML tag
1405 $preselected A selected $field_value
1406 $limit A WHERE clause
1407 ***********************************************************
1408 Outgoing:
1409 None
1410 ***********************************************************
1411 Purpose:
1412 Populates a drop-down box on an HTML form with select
1413 options. They are ordered by the $field_display field.
1414 Typically, $field_value is the primary key field. The
1415 parameter $preselected determines which (single) selection
1416 is selected.
1417 **********************************************************/
1418 function dropDownFieldSelected($table, $field_display,
1419 $field_value, $limit, $preselected){
1420
1421 $sql = "SELECT "
1422 . $field_display
1423 . ", "
1424 . $field_value
1425 . " FROM "
1426 . $table
1427 . " "
1428 . $limit
1429 . " ORDER BY "
1430 . $field_display;
1431 $rs = mysql_tryquery($sql);
1432
1433 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1434 $field_display_item = $row[$field_display];
1435 $field_value_item = $row[$field_value];
1436 if (strlen($field_display_item) > 50) $field_display_item = substr($field_display_item, 0, 49) . "...";
1437
1438 printf("<option value = \"" . $field_value_item . "\" ");
1439 if ($field_value_item == $preselected) printf (" selected");
1440 printf(">" . $field_display_item . "</option>\n");
1441 };
1442 }
1443
1444
1445 /**********************************************************
1446 Function: dropDownInfotype($infotype_id, $subject_id)
1447 Author: Paul Bramscher
1448 Last Modified: 03.02.2004
1449 ***********************************************************
1450 Incoming:
1451 $subject_id Subject on which to limit the list
1452 ***********************************************************
1453 Outgoing:
1454 None
1455 ***********************************************************
1456 Purpose:
1457 Populates a drop-down box on an HTML form with select
1458 options of information types including general and
1459 master subject-specific.
1460 **********************************************************/
1461 function dropDownInfotype($infotype_id, $subject_id){
1462
1463 // Initialize
1464 $selected_infotype_id = $infotype_id;
1465
1466 /*
1467 Collect a string of mastersubjects for this subject.
1468 This will be used in a later SQL query to limit list of infotypes based
1469 on subject.
1470 */
1471
1472 $sql = "SELECT sm.mastersubject_id
1473 FROM sub_mastersubject sm
1474 WHERE sm.subject_id = "
1475 . $subject_id;
1476
1477 // Build the string. Start with the "(N/A)" and the "(ALL)" master subjects.
1478 $masterstring = "(1, 2 ";
1479
1480 $rs = mysql_tryquery($sql);
1481 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1482 $mastersubject_id = $row["mastersubject_id"];
1483 $masterstring .= ", " . $mastersubject_id;
1484 }
1485 $masterstring .= ")";
1486
1487 // Build the list of infotypes appropriate to all of the mastersubjects found
1488 $sql = "SELECT i.infotype, i.infotype_id, mi.masterinfotype
1489 FROM infotype i, masterinfotype mi
1490 WHERE i.masterinfotype_id = mi.masterinfotype_id
1491 AND i.infotype_id > 0 and mi.masterinfotype_id > 0
1492 AND i.mastersubject_id IN " . $masterstring .
1493 " ORDER BY mi.masterinfotype";
1494 $rs = mysql_tryquery($sql);
1495
1496 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1497 $masterinfotype = $row["masterinfotype"];
1498 $infotype_id = $row["infotype_id"];
1499 $infotype = $row["infotype"];
1500
1501 // Make it look more friendly
1502 $useroutput = $masterinfotype . " -> " . $infotype;
1503
1504 printf("<option value = \"%d\"", $infotype_id);
1505 if ($infotype_id == $selected_infotype_id) printf (" selected ");
1506 printf(">" . $useroutput . "</option>\n");
1507 };
1508 }
1509
1510
1511 /**********************************************************
1512 Function: dropDownPageStaff($page_id)
1513 Author: Paul Bramscher
1514 Last Modified: 03.10.2004
1515 ***********************************************************
1516 Incoming:
1517 $page_id PageScribe page involved
1518 ***********************************************************
1519 Outgoing:
1520 None
1521 ***********************************************************
1522 Purpose:
1523 Populates a drop-down box on an HTML form with select
1524 options of staff members. They are displayed and ordered
1525 in the following format: "last name, first name (x500id)".
1526 The staff displayed are those associated as PageScribe
1527 maintainers.
1528 **********************************************************/
1529 function dropDownPageStaff($page_id){
1530
1531 // Build the SQL.
1532 $sql = "SELECT s.first_name, s.last_name, s.staff_id, s.staff_account
1533 FROM staff s, page_staff ps
1534 WHERE ps.page_id = "
1535 . $page_id
1536 . " AND s.staff_id > 1 AND ps.staff_id = s.staff_id ORDER BY last_name, first_name, staff_account";
1537 $rs = mysql_tryquery($sql);
1538
1539 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1540 $staff_id = $row["staff_id"];
1541 $last_name = $row["last_name"];
1542 $first_name = $row["first_name"];
1543 $staff_account = $row["staff_account"];
1544
1545 // Make it look more friendly
1546 $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
1547 printf("<option value = \""
1548 . $staff_id
1549 . "\" >"
1550 . $staff
1551 . "</option>\n");
1552 };
1553 }
1554
1555
1556 /**********************************************************
1557 Function: dropDownPageSubject($page_id)
1558 Author: Paul Bramscher
1559 Last Modified: 03.10.2004
1560 ***********************************************************
1561 Incoming:
1562 $page_id PageScribe page involved
1563 ***********************************************************
1564 Outgoing:
1565 None
1566 ***********************************************************
1567 Purpose:
1568 Populates a drop-down box on an HTML form with select
1569 options of associated RQS subjects for the supplied page id.
1570 **********************************************************/
1571 function dropDownPageSubject($page_id){
1572
1573 // Build the SQL.
1574 $sql = "SELECT s.subject_id, s.subject
1575 FROM subject s, page_subject ps
1576 WHERE ps.page_id = "
1577 . $page_id
1578 . " AND s.subject_id > 1 AND ps.subject_id = s.subject_id ORDER BY s.subject";
1579 $rs = mysql_tryquery($sql);
1580
1581 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1582 $subject_id = $row["subject_id"];
1583 $subject = $row["subject"];
1584
1585 printf("<option value = \""
1586 . $subject_id
1587 . "\" >"
1588 . $subject
1589 . "</option>\n");
1590 };
1591 }
1592
1593
1594 /**********************************************************
1595 Function: dropDownResource($key_id, $letter, $masterinfotype_id, $feature_id)
1596 Author: Paul Bramscher
1597 Last Modified: 03.02.2004
1598 ***********************************************************
1599 Incoming:
1600 $key_id "0" for a new resource, otherwise
1601 indicates a pre-selected resource
1602 $limit Starting with letter A-Z or freetext.
1603 $masterinfotype_id To limit by the masterinfotype.
1604 $feature_id To limit by feature id
1605 ***********************************************************
1606 Outgoing:
1607 None
1608 ***********************************************************
1609 Purpose:
1610 Populates an HTML drop-down box of resources in the
1611 following format: ID#:TT:AA. Where ID is the resource
1612 ID#, TT is the first 35 char. of the title, and AA is the
1613 first 35 characters of the author.
1614
1615 NOTE: Currently only titles are displayed, the author
1616 portion has been commented out.
1617
1618 If incoming $limit is a single character (a letter), then
1619 the query checks against all titles starting with it.
1620 Otherwise it checks against all titles or annotations
1621 containing that string.
1622 **********************************************************/
1623 function dropDownResource($key_id, $limit, $masterinfotype_id, $feature_id){
1624
1625 // Clean up the limit string
1626 if (strlen($limit) > 0) $limit = textSearchmySQL($limit);
1627
1628 // Build the query
1629 $sql = "SELECT DISTINCT r.resource_id, r.title, r.author
1630 FROM resource r
1631 LEFT JOIN infotype i using (infotype_id)
1632 LEFT JOIN masterinfotype m on i.masterinfotype_id = m.masterinfotype_id
1633 LEFT JOIN res_feature rf on r.resource_id = rf.resource_id
1634 WHERE r.infotype_id = i.infotype_id AND i.masterinfotype_id = m.masterinfotype_id";
1635
1636 // If a single letter, limit to title match
1637 if (strlen($limit) == 1) $sql .= " AND title LIKE '" . $limit . "%'";
1638
1639 // If incoming freetext, query title or annotation
1640 if (strlen($limit) > 1) $sql .= " AND ((title LIKE '%" . $limit . "%') OR (annotation LIKE '%" . $limit . "%'))";
1641
1642
1643 // Limit by masterinfotype_id
1644 if ($masterinfotype_id > 0) $sql .= " AND m.masterinfotype_id = " . $masterinfotype_id;
1645
1646 // Limit by feature
1647 if ($feature_id > 0) $sql .= " AND rf.feature_id = " . $feature_id;
1648
1649 $sql .=" ORDER BY title, author, resource_id";
1650
1651 $rs = mysql_tryquery($sql);
1652
1653 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1654 $resource_id = $row["resource_id"];
1655 $title = $row["title"];
1656 //$author = $row["author"];
1657
1658 // Trim and add ellipsis
1659 if (strlen($title) > 65) $title = substr($title, 0, 65) . "...";
1660 //if (strlen($author) > 35) $author = substr($author, 0, 35) . "...";
1661
1662 $display = $title;
1663 //if (strlen($author) > 0) $display .= " | " .$author;
1664 $display .= " | ID: " . $resource_id;
1665
1666 if ($resource_id == $key_id) $selected = "selected";
1667 else $selected = "";
1668
1669 printf("<option %s value = \""
1670 . $resource_id
1671 . "\" >"
1672 . $display . "</option>\n", $selected);
1673 };
1674 }
1675
1676
1677 /**********************************************************
1678 Function: dropDownServiceLimit($servicetype_id)
1679 Author: Paul Bramscher
1680 Last Modified: 03.02.2004
1681 ***********************************************************
1682 Incoming:
1683 $servicetype_id Service type to limit the picklist
1684 ***********************************************************
1685 Outgoing:
1686 None
1687 ***********************************************************
1688 Purpose:
1689 Populates a drop-down box on an HTML form with select
1690 options for library services, limited to a supplied service
1691 type id.
1692 **********************************************************/
1693 function dropDownServiceLimit($servicetype_id){
1694
1695 $sql = "SELECT DISTINCT s.service, s.service_id FROM service s
1696 LEFT JOIN serv_servtype ss using (service_id)
1697 LEFT JOIN servicetype v on ss.servicetype_id = v.servicetype_id
1698 WHERE s.service_id > 1";
1699
1700 if ($servicetype_id > 0) {
1701 $sql .= " AND ss.servicetype_id = "
1702 . $servicetype_id;
1703 }
1704
1705 $sql .= " ORDER BY s.service";
1706
1707 $rs = mysql_tryquery($sql);
1708
1709 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1710 $service = $row["service"];
1711 $service_id = $row["service_id"];
1712 if (strlen($service) > 50) $service = substr($service, 0, 49) . "...";
1713
1714 printf("<option value=\"%d\">%s</option>\n", $service_id, $service);
1715 };
1716 }
1717
1718
1719 /**********************************************************
1720 Function: dropDownStaff()
1721 Author: Paul Bramscher
1722 Last Modified: 03.10.2004
1723 ***********************************************************
1724 Incoming:
1725 None
1726 ***********************************************************
1727 Outgoing:
1728 None
1729 ***********************************************************
1730 Purpose:
1731 Populates a drop-down box on an HTML form with select
1732 options of staff members. They are displayed and ordered
1733 in the following format: "last name, first name (x500id)".
1734 **********************************************************/
1735 function dropDownStaff(){
1736
1737 // Build the SQL
1738 $sql = "SELECT *
1739 FROM staff
1740 ORDER BY last_name, first_name, staff_account";
1741 $rs = mysql_tryquery($sql);
1742
1743 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1744 $staff_id = $row["staff_id"];
1745 $last_name = $row["last_name"];
1746 $first_name = $row["first_name"];
1747 $staff_account = $row["staff_account"];
1748
1749 // Make it look more friendly
1750 if ($staff_id == 1) $staff = "(N/A)";
1751 else $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
1752 printf("<option value = \""
1753 . $staff_id
1754 . "\" >"
1755 . $staff
1756 . "</option>\n");
1757 };
1758 }
1759
1760
1761 /**********************************************************
1762 Function: dropDownStaffOmit($omit)
1763 Author: Paul Bramscher
1764 Last Modified: 03.10.2004
1765 ***********************************************************
1766 Incoming:
1767 $omit String of staff's to omit
1768 ***********************************************************
1769 Outgoing:
1770 None
1771 ***********************************************************
1772 Purpose:
1773 Populates a drop-down box on an HTML form with select
1774 statements. $omit limits output.
1775 **********************************************************/
1776 function dropDownStaffOmit($omit){
1777
1778 // Build the SQL
1779 $sql = "SELECT * from staff "
1780 . $omit
1781 . " ORDER BY last_name, first_name";
1782 $rs = mysql_tryquery($sql);
1783
1784 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1785 $last_name = $row["last_name"];
1786 $first_name = $row["first_name"];
1787 $staff_id = $row["staff_id"];
1788 $staff_account = $row["staff_account"];
1789
1790 // Make it look more friendly
1791 if ($staff_id == 1) $staff = "(N/A)";
1792 else $staff = $last_name . ", " . $first_name . " (" . $staff_account . ")";
1793 printf("<option value = \""
1794 . $staff_id
1795 . "\" >"
1796 . $staff
1797 . "</option>\n");
1798 };
1799 }
1800
1801
1802 /**********************************************************
1803 Function: dropDownStaffSelected($selected_id)
1804 Author: Paul Bramscher
1805 Last Modified: 03.10.2004
1806 ***********************************************************
1807 Incoming:
1808 $selected_id Selected staff id
1809 ***********************************************************
1810 Outgoing:
1811 None
1812 ***********************************************************
1813 Purpose:
1814 Populates a drop-down box on an HTML form with select
1815 statements. Selected id represents the preselected staff.
1816 **********************************************************/
1817 function dropDownStaffSelected($selected_id){
1818
1819 // Build the SQL
1820 $sql = "SELECT * from staff WHERE staff_id > 1 ORDER BY last_name, first_name";
1821 $rs = mysql_tryquery($sql);
1822
1823 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1824 $last_name = $row["last_name"];
1825 $first_name = $row["first_name"];
1826 $staff_id = $row["staff_id"];
1827 printf("<option value = \"" . $staff_id . "\" ");
1828 if ($staff_id == $selected_id) printf (" selected");
1829 printf(">" . $last_name . ", " . $first_name . "</option>\n");
1830 };
1831 }
1832
1833
1834 /**********************************************************
1835 Function: existsFaculty
1836 Author: Paul Bramscher
1837 Last Modified: 03.02.2004
1838 ***********************************************************
1839 Incoming:
1840 $faculty_firstname Faculty first name
1841 $faculty_lastname Faculty last name
1842 ***********************************************************
1843 Outgoing:
1844 "1" if a match exists, "0" if not
1845 ***********************************************************
1846 Purpose:
1847 This function checks to see whether a match against the
1848 supplied faculty first and last name already exists.
1849 **********************************************************/
1850 function existsFaculty($faculty_firstname, $faculty_lastname){
1851
1852 // Build the sql
1853 $faculty_firstname = textInmySQL($faculty_firstname);
1854 $faculty_lastname = textInmySQL($faculty_lastname);
1855
1856 $sql = "SELECT * FROM faculty WHERE faculty_firstname = '"
1857 . $faculty_firstname
1858 . "' AND faculty_lastname = '"
1859 . $faculty_lastname
1860 . "'";
1861
1862 $faculty_id = 0;
1863 $rs = mysql_tryquery($sql);
1864
1865 // Concatenate the NOT IN clause
1866 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
1867 if ($faculty_id == 0) $faculty_id = $row["faculty_id"];
1868 }
1869
1870 return $faculty_id;
1871 }
1872
1873
1874 /**********************************************************
1875 Function: existsResSub
1876 Author: Paul Bramscher
1877 Last Modified: 03.02.2004
1878 ***********************************************************
1879 Incoming:
1880 $resource_id Record ID
1881 $subject_id Subject ID
1882 ***********************************************************
1883 Outgoing:
1884 "1" if an association already exists, "0" if not
1885 ***********************************************************
1886 Purpose:
1887 This function checks to see whether a resource has already
1888 been attached to a given subject id.
1889 **********************************************************/
1890 function existsResSub($resource_id, $subject_id){
1891
1892 // Build the sql
1893 $sql = "SELECT * FROM res_sub_infotype WHERE resource_id = "
1894 . $resource_id
1895 . " AND subject_id = "
1896 . $subject_id;
1897
1898 $rs = mysql_tryquery($sql);
1899 $rowcount = mysql_num_rows($rs);
1900 if ($rowcount >= 1){
1901 $rowcount = 1;
1902 }
1903 else $rowcount = 0;
1904
1905 return $rowcount;
1906 }
1907
1908
1909 /**********************************************************
1910 Function: existsResSubNA
1911 Author: Paul Bramscher
1912 Last Modified: 03.02.2004
1913 ***********************************************************
1914 Incoming:
1915 $resource_id Record ID
1916 $subject_id Subject ID
1917 ***********************************************************
1918 Outgoing:
1919 "1" if an association already exists, "0" if not
1920 ***********************************************************
1921 Purpose:
1922 This function is similar to existsResSub, but with checks
1923 specifically to see whether the (N/A) type information type
1924 is currently assigned to the resource-subject combination.
1925 **********************************************************/
1926 function existsResSubNA($resource_id, $subject_id){
1927
1928 // Build the sql
1929 $sql = "SELECT * FROM res_sub_infotype WHERE resource_id = "
1930 . $resource_id
1931 . " AND subject_id = "
1932 . $subject_id
1933 . " AND infotype_id = 1";
1934
1935 $rs = mysql_tryquery($sql);
1936 $rowcount = mysql_num_rows($rs);
1937 if ($rowcount == 1){
1938 $rowcount = 1;
1939 }
1940 else $rowcount = 0;
1941
1942 return $rowcount;
1943 }
1944
1945
1946 /**********************************************************
1947 Function: existsResSubNOTNA
1948 Author: Paul Bramscher
1949 Last Modified: 03.02.2004
1950 ***********************************************************
1951 Incoming:
1952 $resource_id Record ID
1953 $subject_id Subject ID
1954 ***********************************************************
1955 Outgoing:
1956 "1" if an association already exists, "0" if not
1957 ***********************************************************
1958 Purpose:
1959 This function is similar to existsResSubNA, but it checks to
1960 see if the combination of resource/subject appears in the
1961 res_sub_infotype table under a heading other than N/A for
1962 the infotype.
1963 **********************************************************/
1964 function existsResSubNOTNA($resource_id, $subject_id){
1965
1966 // Build the sql
1967 $sql = "SELECT * FROM res_sub_infotype WHERE resource_id = "
1968 . $resource_id
1969 . " AND subject_id = "
1970 . $subject_id
1971 . " AND infotype_id <> 1";
1972
1973 $rs = mysql_tryquery($sql);
1974 $rowcount = mysql_num_rows($rs);
1975 if ($rowcount == 1){
1976 $rowcount = 1;
1977 }
1978 else $rowcount = 0;
1979
1980 return $rowcount;
1981 }
1982
1983
1984 /**********************************************************
1985 Function: existsRow
1986 Author: Paul Bramscher
1987 Last Modified: 03.02.2004
1988 ***********************************************************
1989 Incoming:
1990 $table Table to search
1991 $key_field Field against which to search
1992 $key_id Limit for the where clause
1993 ***********************************************************
1994 Outgoing:
1995 "1" if the row exists, "0" if not
1996 ***********************************************************
1997 Purpose:
1998 Useful in performing delete and other operations to make
1999 sure that a row entity exists matching the supplied key
2000 before going any further.
2001 **********************************************************/
2002 function existsRow($table, $key_field, $limit_id){
2003 // Cast as integer to avoid future problems
2004 $limit_id = (int) $limit_id;
2005
2006 // Build the sql
2007 $sql = "SELECT "
2008 . $key_field
2009 . " FROM "
2010 . $table
2011 . " WHERE "
2012 . $key_field
2013 . "="
2014 . $limit_id;
2015
2016 $rs = mysql_tryquery($sql);
2017 $rowcount = mysql_num_rows($rs);
2018 if ($rowcount >= 1){
2019 $rowcount = 1;
2020 }
2021 else $rowcount = 0;
2022
2023 return $rowcount;
2024 }
2025
2026
2027 /**********************************************************
2028 Function: getNotIn
2029 Author: Paul Bramscher
2030 Last Modified: 03.02.2004
2031 ***********************************************************
2032 Incoming:
2033 $in_field Name of ID field to return
2034 $static_field Name of the "other" ID field in the
2035 bridging table
2036 $static_value Value for the other ID field to
2037 limit by
2038 $table Bridging table involved
2039 ***********************************************************
2040 Outgoing:
2041 $in_string Concatenated string of $in_field
2042 ID's to be excluded from a drop-down
2043 box.
2044 ***********************************************************
2045 Purpose:
2046 This applies to a bridging table with a dual primary key.
2047 For example, in the res_loc table, produce a list of all
2048 location_id's associated with a particular resource_id.
2049 This list is comma-separated and returned to an
2050 assignment-type form in which drop-down boxes of the
2051 current selections are displayed alongside remaining
2052 selections. The remaining (available) selections need to
2053 exclude the current ones. Thus, this function builds the
2054 NOT IN portion of the SQL WHERE clause.
2055 **********************************************************/
2056 function getNotIn($in_field, $static_field,
2057 $static_value, $table) {
2058
2059 // Initialze
2060 $in_string = "(";
2061 $first_element = 0;
2062
2063 // Build the sql
2064 $sql = "SELECT "
2065 . $in_field
2066 . " FROM "
2067 . $table
2068 . " WHERE "
2069 . $static_field
2070 . " = "
2071 . $static_value;
2072
2073 $rs = mysql_tryquery($sql);
2074
2075 // Concatenate the NOT IN clause
2076 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
2077 $in_element = $row[$in_field];
2078
2079 if ($first_element == 0) {
2080 $first_element = 1;
2081 $in_string .= "'" . $in_element . "'";
2082 }
2083 else $in_string .= ", '" . $in_element . "'";
2084 }
2085
2086 // Cleanup
2087 $in_string .= ")";
2088
2089 // If nothing found, then return a blank string
2090 if ($first_element == 0) $in_string = "";
2091
2092 // Done, return to calling function
2093 return $in_string;
2094 }
2095
2096
2097 /**********************************************************
2098 Function: lookupFaculty($faculty_id)
2099 Author: Paul Bramscher
2100 Last Modified: 03.02.2004
2101 ***********************************************************
2102 Incoming:
2103 $faculty_id Faculty ID number to retrieve
2104 ***********************************************************
2105 Outgoing:
2106 Faculty name in {First Name} {Last Name} format.
2107 ***********************************************************
2108 Purpose:
2109 Performs a lookup on faculty ID to retrieve name.
2110 **********************************************************/
2111 function lookupFaculty($faculty_id){
2112
2113 $sql = "SELECT faculty_firstname, faculty_lastname FROM faculty WHERE faculty_id = "
2114 . $faculty_id;
2115 $rs = mysql_tryquery($sql);
2116 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
2117 $faculty_lastname = $row["faculty_lastname"];
2118 $faculty_firstname = $row["faculty_firstname"];
2119
2120 $faculty_name .= $faculty_firstname . " " . $faculty_lastname;
2121
2122 return $faculty_name;
2123 }
2124
2125
2126 /**********************************************************
2127 Function: lookupField($table, $key_field, $key_value,
2128 $desc_field)
2129 Author: Paul Bramscher
2130 Last Modified: 03.02.2004
2131 ***********************************************************
2132 Incoming:
2133 $table Table in database to search
2134 $key_field Name of field on which to lookup
2135 $key_value Value to attempt lookup with
2136 $desc_field Descriptive value to return
2137 ***********************************************************
2138 Outgoing:
2139 A descriptive name for an ID number.
2140 ***********************************************************
2141 Purpose:
2142 Performs a lookup, typically on an ID field, to retrieve a
2143 user-friendly descriptive name to the page.
2144 **********************************************************/
2145 function lookupField($table, $key_field, $key_value,
2146 $desc_field){
2147
2148 $sql = "SELECT "
2149 . $desc_field
2150 . " FROM "
2151 . $table
2152 . " WHERE "
2153 . $key_field
2154 . "='"
2155 . $key_value
2156 . "'";
2157 $rs = mysql_tryquery($sql);
2158 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
2159 if (mysql_num_rows($rs) == 1) $result = $row[$desc_field];
2160 else $result = "";
2161
2162 return $result;
2163 }
2164
2165
2166 /**********************************************************
2167 Function: lookupStaff($staff_id)
2168 Author: Paul Bramscher
2169 Last Modified: 03.10.2004
2170 ***********************************************************
2171 Incoming:
2172 $staff_id Staff ID number to retrieve
2173 ***********************************************************
2174 Outgoing:
2175 Staff name in {First Name} {Last Name} format.
2176 ***********************************************************
2177 Purpose:
2178 Performs a lookup on staff ID to retrieve name.
2179 **********************************************************/
2180 function lookupStaff($staff_id){
2181
2182 $sql = "SELECT first_name, last_name FROM staff WHERE staff_id = "
2183 . $staff_id;
2184 $rs = mysql_tryquery($sql);
2185 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
2186 $last_name = $row["last_name"];
2187 $first_name = $row["first_name"];
2188
2189 $staff_name .= $first_name . " " . $last_name;
2190
2191 return $staff_name;
2192 }
2193
2194
2195 /**********************************************************
2196 Function: msgTableClose()
2197 Author: Paul Bramscher
2198 Last Modified: 03.15.2004
2199 ***********************************************************
2200 Incoming:
2201 None
2202 ***********************************************************
2203 Outgoing:
2204 None
2205 ***********************************************************
2206 Purpose:
2207 Closes the message box table.
2208 **********************************************************/
2209 function msgTableClose () {
2210
2211 printf("</td></tr></table>\n");
2212 printf("</center>\n");
2213
2214 }
2215
2216
2217 /**********************************************************
2218 Function: msgTableOpen ($colspan, $header)
2219 Author: Paul Bramscher
2220 Last Modified: 03.15.2004
2221 ***********************************************************
2222 Incoming:
2223 $colspan Columns to span the first
2224 row.
2225 $header Message to appear in the
2226 first table header row.
2227 ***********************************************************
2228 Outgoing:
2229 None
2230 ***********************************************************
2231 Purpose:
2232 Starts the drawing of a message box table.
2233 **********************************************************/
2234 function msgTableOpen ($colspan, $header) {
2235
2236 // Table
2237 printf("<center>\n");
2238 printf("<table width=\"50%%\" class=\"backLight\" border=\"1\" cellpadding=\"4\">\n");
2239
2240 // Row header
2241 printf("<tr><td class=\"cellPlain\" colspan=\"%d\" >\n", $colspan);
2242 printf("%s", $header);
2243 printf("</td></tr>\n");
2244
2245 // Initial cell
2246 printf("<tr><td>\n");
2247 }
2248
2249
2250 /**********************************************************
2251 Function: recordCount($table, $limit_field,
2252 $limit_where, $type)
2253 Author: Paul Bramscher
2254 Last Modified: 03.02.2004
2255 ***********************************************************
2256 Incoming:
2257 $table Table in database to query
2258 $limit_field Field to limit
2259 $limit_where Criteria upon which to limit
2260 $type "N" for numeric or "C" for character
2261 ***********************************************************
2262 Outgoing:
2263 None
2264 ***********************************************************
2265 Purpose:
2266 This function is typically used in conjunction with a
2267 printf statement elsewhere "This operation affects
2268 N record(s). Do you wish to proceed?" This function
2269 returns a value for N.
2270 **********************************************************/
2271 function recordCount($table, $limit_field,
2272 $limit_where, $type) {
2273
2274 // Guard against single quotes
2275 $limit_where = addslashes($limit_where);
2276
2277 $sql = "SELECT "
2278 . $limit_field
2279 . " FROM "
2280 . $table
2281 . " WHERE "
2282 . $limit_field
2283 . "=";
2284
2285 // If the field is numeric
2286 if ($type == "N") {
2287 $sql .= $limit_where;
2288 }
2289
2290 // If character, use single-quotes
2291 else {
2292 $sql .= "'"
2293 .$limit_where
2294 . "'";
2295 }
2296
2297 // Open the query and take a row count
2298 $rs = mysql_tryquery($sql);
2299 $count = mysql_num_rows($rs);
2300
2301 return $count;
2302 }
2303
2304
2305 /**********************************************************
2306 Function: selectCoursesub($limit)
2307 Author: Paul Bramscher
2308 Last Modified: 03.10.2004
2309 ***********************************************************
2310 Incoming:
2311 $limit String to limit the results by
2312 ***********************************************************
2313 Outgoing:
2314 None
2315 ***********************************************************
2316 Purpose:
2317 Draws a table with all course subjects for basic
2318 command add/edit/ delete selection.
2319 **********************************************************/
2320 function selectCoursesub($limit){
2321
2322 printf("<table width=\"90%%\" border = \"1\" cellpadding = \"2\" >\n");
2323 printf("<tr>\n");
2324 printf("<td class = \"cellPlain\">ID</td>\n");
2325 printf("<td class = \"cellPlain\">Subject</td>\n");
2326 printf("<td class = \"cellPlain\">Subject Description</td>\n");
2327 printf("<td class = \"cellPlain\">Campus</td>\n");
2328 printf("<td class = \"cellPlain\">CIP Code</td>\n");
2329 printf("<td class = \"cellPlain\">Select</td>\n");
2330 printf("</tr>");
2331
2332 // Build the sql
2333 $sql = "SELECT
2334 c.coursesub_id,
2335 c.coursesub,
2336 c.coursesub_descr,
2337 c.cip_code,
2338 p.campus
2339 FROM
2340 coursesub c
2341 LEFT JOIN campus p on c.campus_id = p.campus_id
2342 WHERE coursesub_id > 1";
2343
2344 if (strlen($limit) > 0 && $limit != "*") {
2345
2346 $limit = textSearchmySQL($limit);
2347
2348 $sql .= " AND (coursesub LIKE '%"
2349 . $limit
2350 . "%' OR coursesub_descr LIKE '%"
2351 . $limit
2352 . "%')";
2353
2354 }
2355
2356 // Order the display
2357 $sql .= " ORDER BY coursesub_descr";
2358
2359 $rs = mysql_tryquery($sql);
2360
2361 // Initialize row counter
2362 $rowcount = 0;
2363
2364 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
2365 $coursesub_id = $row["coursesub_id"];
2366 $coursesub = Trim($row["coursesub"]);
2367 $coursesub_descr = Trim($row["coursesub_descr"]);
2368 $campus = Trim($row["campus"]);
2369 $cip_code = Trim($row["cip_code"]);
2370
2371 // Make every other row colored
2372 if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2373 else $color = "";
2374
2375 printf("<tr>");
2376
2377 printf("<td %s>%d</td>\n", $color, $coursesub_id);
2378 printf("<td %s>%s</td>\n", $color, $coursesub);
2379 printf("<td %s>%s</td>\n", $color, $coursesub_descr);
2380 printf("<td %s>%s</td>\n", $color, $campus);
2381 printf("<td %s>%s</td>\n", $color, $cip_code);
2382
2383 printf("<td %s>&nbsp;<input type = \"Radio\" name = \"coursesub_id\" value =\"%d\" >&nbsp;</td>\n", $color, $coursesub_id);
2384
2385 printf("</tr>\n");
2386
2387 $rowcount++;
2388 };
2389 printf("</table>\n");
2390 }
2391
2392
2393 /**********************************************************
2394 Function: selectFaculty()
2395 Author: Paul Bramscher
2396 Last Modified: 03.10.2004
2397 ***********************************************************
2398 Incoming:
2399 None
2400 ***********************************************************
2401 Outgoing:
2402 None
2403 ***********************************************************
2404 Purpose:
2405 Draws a table with all faculty for basic command add/edit/
2406 delete selection.
2407 **********************************************************/
2408 function selectFaculty(){
2409
2410 printf("<table width=\"90%%\" border = \"1\" cellpadding = \"2\" >\n");
2411 printf("<tr>\n");
2412 printf("<td class = \"cellPlain\">ID</td>\n");
2413 printf("<td class = \"cellPlain\">Faculty name</td>\n");
2414 printf("<td class = \"cellPlain\">Account</td>\n");
2415 printf("<td class = \"cellPlain\">Email</td>\n");
2416 printf("<td class = \"cellPlain\">Select</td>\n");
2417 printf("</tr>");
2418
2419 // Build the sql
2420 $sql = "SELECT
2421 f.faculty_id,
2422 f.faculty_firstname,
2423 f.faculty_lastname,
2424 f.faculty_account,
2425 f.faculty_email
2426 FROM
2427 faculty f
2428 WHERE faculty_id > 1";
2429
2430 // Order the display
2431 $sql .= " ORDER BY faculty_lastname, faculty_firstname";
2432
2433 $rs = mysql_tryquery($sql);
2434
2435 // Row counter
2436 $rowcount = 0;
2437
2438 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
2439 $faculty_id = $row["faculty_id"];
2440 $faculty_firstname = Trim($row["faculty_firstname"]);
2441 $faculty_lastname = Trim($row["faculty_lastname"]);
2442 $faculty_account = $row["faculty_account"];
2443 $faculty_email = $row["faculty_email"];
2444
2445 // For display purposes
2446 if (strlen($faculty_account) < 1) $faculty_account = "&nbsp;";
2447 if (strlen($faculty_email) < 1) $faculty_email = "&nbsp;";
2448
2449 // Make every other row colored
2450 if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2451 else $color = "";
2452
2453 printf("<tr>");
2454
2455 printf("<td %s>%d</td>\n", $color, $faculty_id);
2456 printf("<td %s>%s, %s</td>\n", $color, $faculty_lastname, $faculty_firstname);
2457 printf("<td %s>%s</td>\n", $color, $faculty_account);
2458 printf("<td %s>%s</td>\n", $color, $faculty_email);
2459
2460 printf("<td %s>&nbsp;<input type = \"Radio\" name = \"faculty_id\" value =\"%d\" >&nbsp;</td>\n", $color, $faculty_id);
2461
2462 printf("</tr>\n");
2463
2464 $rowcount++;
2465 };
2466 printf("</table>\n");
2467 }
2468
2469
2470 /**********************************************************
2471 Function: selectKey($display, $display_field,
2472 $key_field, $limit, $table)
2473 Author: Paul Bramscher
2474 Last Modified: 03.10.2004
2475 ***********************************************************
2476 Incoming:
2477 $display A form header to display to user
2478 $display_field Meaningful field in the table to display
2479 $key_field The table primary key (no composites)
2480 $table Table in database to search
2481 $limit Field to limit $field_display by
2482 ***********************************************************
2483 Outgoing:
2484 None
2485 ***********************************************************
2486 Purpose:
2487 Does a simple text dump to show descriptive values and
2488 their associated primary keys in a small table. If
2489 $limit is defined, then limit the result set to display
2490 only $display_field which matches a like cause. Each
2491 result is indicated by a radio button named key_id to be
2492 used in a form to select one of them for further
2493 processing (editing, deleting, etc).
2494
2495 Note that the pick-list filters out the primary key #1,
2496 (N/A) rows which are present in many tables as system
2497 placeholders.
2498 **********************************************************/
2499 function selectKey($display, $display_field,
2500 $key_field, $limit, $table){
2501
2502 $sql = "SELECT "
2503 . $display_field
2504 . ", "
2505 . $key_field
2506 . " FROM "
2507 . $table
2508 . " WHERE ("
2509 . $key_field
2510 . " != 1 AND "
2511 . $display_field
2512 . " != '(N/A)')";
2513
2514 if (strlen($limit) > 0){
2515
2516 // Attach a limit unless "*" is indicated
2517 if ($limit != "*") {
2518 $sql .= " AND "
2519 . $display_field
2520 . " LIKE '%"
2521 . $limit
2522 . "%'";
2523
2524 }
2525
2526
2527 // Order the display
2528 $sql .= " ORDER BY " . $display_field;
2529
2530 $rs = mysql_tryquery($sql);
2531
2532 printf("<table width=\"60%%\" border = \"1\" >\n");
2533 printf("<tr><td class=\"cellPlain\">Description</td>\n");
2534 printf("<td class=\"cellPlain\">Select</td></tr>\n");
2535
2536 $rowcount = 0;
2537
2538 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
2539 $field_display_item = $row[$display_field];
2540 $field_value_item = (int) Trim($row[$key_field]);
2541
2542 // Make every other row colored
2543 if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2544 else $color = "";
2545
2546 printf("<tr>\n");
2547 printf("<td %s>%s", $color, $field_display_item);
2548 printf("</td>\n");
2549 printf("<td %s><input type =\"Radio\" name =\"key_id\" value =\"%s\"></td>\n",
2550 $color, $field_value_item);
2551 printf("</tr>\n");
2552
2553 $rowcount++;
2554 };
2555 printf("</table>\n");
2556 }
2557 else {
2558 printf("You must limit by some criteria before proceeding.<BR>\n");
2559 }
2560 }
2561
2562
2563 /**********************************************************
2564 Function: selectStaff()
2565 Author: Paul Bramscher
2566 Last Modified: 03.10.2004
2567 ***********************************************************
2568 Incoming:
2569 None
2570 ***********************************************************
2571 Outgoing:
2572 None
2573 ***********************************************************
2574 Purpose:
2575 Draws a table with all staff for basic command add/edit/
2576 delete selection.
2577 **********************************************************/
2578 function selectStaff(){
2579
2580 printf("<table width=\"90%%\" border = \"1\" cellpadding = \"2\" >\n");
2581 printf("<tr>\n");
2582 printf("<td class = \"cellPlain\">ID</td>\n");
2583 printf("<td class = \"cellPlain\">Staff name</td>\n");
2584 printf("<td class = \"cellPlain\">Staff Account</td>\n");
2585 printf("<td class = \"cellPlain\">Local pwd?</td>\n");
2586 printf("<td class = \"cellPlain\">Access</td>\n");
2587 printf("<td class = \"cellPlain\">Level</td>\n");
2588 printf("<td class = \"cellPlain\">Last login</td>\n");
2589 printf("<td class = \"cellPlain\">Last ip</td>\n");
2590 printf("<td class = \"cellPlain\">Select</td>\n");
2591 printf("</tr>");
2592
2593 // Build the sql
2594 $sql = "SELECT
2595 s.staff_id,
2596 s.staff_account,
2597 s.password,
2598 s.first_name,
2599 s.last_name,
2600 s.last_login,
2601 s.last_ip,
2602 a.access,
2603 a.access_level
2604 FROM
2605 staff s, access a
2606 WHERE staff_id > 1 AND s.access_id = a.access_id";
2607
2608 // Order the display
2609 $sql .= " ORDER BY last_name, first_name";
2610
2611 $rs = mysql_tryquery($sql);
2612
2613 $rowcount = 0;
2614
2615 while ($row = mysql_fetch_array ($rs, MYSQL_ASSOC)) {
2616 $first_name = Trim($row["first_name"]);
2617 $last_name = Trim($row["last_name"]);
2618 $staff_account = $row["staff_account"];
2619 $staff_id = $row["staff_id"];
2620 $access = Trim($row["access"]);
2621 $access_level = Trim($row["access_level"]);
2622 $last_login = Trim($row["last_login"]);
2623 $last_ip = Trim($row["last_ip"]);
2624
2625 // See whether the local password has been set
2626 if (strlen($row["password"]) > 0) $local_pwd = "<b>Yes</b>";
2627 else $local_pwd = "No";
2628
2629 // For display purposes
2630 if (strlen($last_login) < 1) $last_login = "&nbsp;";
2631 if (strlen($last_ip) < 1) $last_ip = "&nbsp;";
2632
2633 // Make every other row colored
2634 if ($rowcount % 2 == 0) $color = " class=\"backLight\" ";
2635 else $color = "";
2636
2637 printf("<tr>");
2638
2639 printf("<td %s>%d</td>\n", $color, $staff_id);
2640 printf("<td %s>%s, %s</td>\n", $color, $last_name, $first_name);
2641 printf("<td %s>%s</td>\n", $color, $staff_account);
2642 printf("<td %s>%s</td>\n", $color, $local_pwd);
2643 printf("<td %s>%s</td>\n", $color, $access);
2644 printf("<td %s>%d</td>\n", $color, $access_level);
2645 printf("<td %s>%s</td>\n", $color, $last_login);
2646 printf("<td %s>%s</td>\n", $color, $last_ip);
2647
2648 printf("<td %s>&nbsp;<input type = \"Radio\" name = \"staff_id\"
2649 value =\"%d\" >&nbsp;</td>\n", $color, $staff_id);
2650
2651 printf("</tr>\n");
2652
2653 $rowcount++;
2654 };
2655 printf("</table>\n");
2656 }
2657
2658
2659 /**********************************************************
2660 Function: statQuery($sql)
2661 Author: Paul Bramscher
2662 Last Modified: 03.02.2004
2663 ***********************************************************
2664 Incoming:
2665 $sql A SQL statement to execute. The
2666 SELECT must have a COUNT(*) in it.
2667 The stat logic should be in WHERE.
2668 ***********************************************************
2669 Outgoing:
2670 $result The numerical result of the query,
2671 or else "UNKNOWN" in case of error.
2672 ***********************************************************
2673 Purpose:
2674 Accepts a simple SQL statement, performs the lookup, and
2675 drawns the result in a two-column table row. The first
2676 column is $label explaining the purpose of the lookup,
2677 the second column is the numerical figure of the $sql.
2678 **********************************************************/
2679
2680 function statQuery($sql){
2681 $rs = mysql_tryquery($sql);
2682 $row = mysql_fetch_array ($rs, MYSQL_ASSOC);
2683
2684 // We should be getting only a single row.
2685 if (mysql_num_rows($rs) == 1) $result = $row["COUNT(*)"];
2686 else $result = "UNKNOWN";
2687
2688 return $result;
2689 }
2690
2691
2692 /**********************************************************
2693 Function: textInmySQL
2694 Author: Paul Bramscher
2695 Last Modified: 09.23.2003
2696 ***********************************************************
2697 Purpose:
2698 This function creates filtering rules for input into
2699 mySQL. Depending on your configuration of the PHP
2700 variable magic_quotes_gpc, security needs, and possible
2701 foreign character set issues you may want to change this.
2702 **********************************************************/
2703 function textInmySQL($incoming) {
2704
2705 // Replace single quotes with two single quotes
2706 $outgoing = ereg_replace("'","''",$incoming);
2707
2708 return $outgoing;
2709
2710 }
2711
2712 /**********************************************************
2713 Function: textOutHTML
2714 Author: Paul Bramscher
2715 Last Modified: 04.21.2003
2716 ***********************************************************
2717 Purpose:
2718 This function will help render some data more presentable
2719 on HTML forms, particularly pre-setting form field values
2720 which might contain a double-quote. This function may also
2721 be extended to cover other cases.
2722 **********************************************************/
2723 function textOutHTML($incoming) {
2724
2725 // Replace double quotes with the HTML &quot;
2726 $outgoing = ereg_replace("\"","&quot;",$incoming);
2727
2728 return $outgoing;
2729
2730 }
2731
2732
2733 /**********************************************************
2734 Function: textSearchmySQL
2735 Author: Paul Bramscher
2736 Last Modified: 05.20.2003
2737 ***********************************************************
2738 Purpose:
2739 This function is to be used on HTML search forms
2740 that might contain a single quote. They are escaped with
2741 a backslash. Any other potential SELECT filtering can
2742 happen here.
2743 **********************************************************/
2744 function textSearchmySQL($incoming) {
2745
2746 // Replace single quotes with two single quotes
2747 // You may need to uncomment this.
2748 $outgoing = ereg_replace("'","\'",$incoming);
2749
2750 // You may need to comment this out, and uncomment the previous.
2751 //$outgoing = $incoming;
2752
2753 return $outgoing;
2754
2755 }
2756 ?>
  ViewVC Help
Powered by ViewVC 1.1.26