// Copyright: Matthias Steffens and the file's // original author(s). // // This code is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY. Please see the GNU General Public // License for more details. // // File: ./receipt.php // Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/receipt.php $ // Author(s): Matthias Steffens // // Created: 02-Jan-03, 22:43 // Modified: $Date: 2012-02-27 20:25:30 +0000 (Mon, 27 Feb 2012) $ // $Author: msteffens $ // $Revision: 1337 $ // This php script will display a feedback page after any action of // adding/editing/deleting a record. It will display links to the // modified/added record as well as to the previous search results page (if any) // TODO: I18n // Incorporate some include files: include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password include 'includes/header.inc.php'; // include header include 'includes/footer.inc.php'; // include footer include 'includes/include.inc.php'; // include common functions include 'initialize/ini.inc.php'; // include common variables // -------------------------------------------------------------------- // START A SESSION: // call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables: start_session(true); // -------------------------------------------------------------------- // Initialize preferred display language: // (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function) include 'includes/locales.inc.php'; // include the locales // -------------------------------------------------------------------- // First of all, check if this script was called by something else than 'record.php' (via 'modify.php'): // Notes: - although 'receipt.php' gets actually called by 'modify.php', the referrer will be still set to 'record.php' // - if a user clicks on Login/Logout while viewing a 'receipt.php' page she should get directed back to this receipt page (which is why 'receipt.php' must be also among the recognized referrers) if (!preg_match("/.*(record|receipt)\.php.*/", $referer)) // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php' { // return an appropriate error message: $HeaderString = returnMsg($loc["Warning_InvalidCallToScript"] . " '" . scriptURL() . "'!", "warning", "strong", "HeaderString"); // functions 'returnMsg()' and 'scriptURL()' are defined in 'include.inc.php' header("Location: " . $referer); // redirect to calling page exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< } // [ Extract form variables sent through POST/GET by use of the '$_REQUEST' variable ] // [ !! NOTE !!: for details see & ] // Extract the type of action requested by the user (either 'add', 'edit', 'delet' or ''): // ('' will be treated equal to 'add') $recordAction = $_REQUEST['recordAction']; if ("$recordAction" == "") $recordAction = "add"; // '' will be treated equal to 'add' // Extract the id number of the record that was added/edited/deleted by the user: $serialNo = $_REQUEST['serialNo']; // Extract the header message that was returned by 'modify.php': $HeaderString = $_REQUEST['headerMsg']; // Function 'showLogin()' in 'include.inc.php' requires the header string being available in the '$headerMsg' variable so that it gets included within the Login/Logout links: $headerMsg = $HeaderString; // Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''): // ('' will produce the default 'Web' output style) if (isset($_REQUEST['viewType'])) $viewType = $_REQUEST['viewType']; else $viewType = ""; // Get the query URL of the last multi-record query: if (isset($_SESSION['oldMultiRecordQuery'])) $oldMultiRecordQuery = $_SESSION['oldMultiRecordQuery']; else $oldMultiRecordQuery = ""; // -------------------------------------------------------------------- // (4) DISPLAY HEADER & RESULTS // (NOTE: Since there's no need to query the database here, we won't perform any of the following: (1) OPEN CONNECTION, (2) SELECT DATABASE, (3) RUN QUERY, (5) CLOSE CONNECTION) // Show the login status: showLogin(); // (function 'showLogin()' is defined in 'include.inc.php') // (4a) DISPLAY header: // call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'): displayHTMLhead(encodeHTML($officialDatabaseName) . " -- Record Action Feedback", "noindex,nofollow", "Feedback page that confirms any adding, editing or deleting of records in the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array()); showPageHeader($HeaderString); // (4b) DISPLAY results: // construct the correct SQL query that will link back to the added/edited record: $sqlQuery = buildSELECTclause("Display", "1", "", true, false); // function 'buildSELECTclause()' is defined in 'include.inc.php' if (isset($_SESSION['loginEmail'])) // if a user is logged in, show user specific fields: $sqlQuery .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . quote_smart($loginUserID) . " WHERE serial RLIKE " . quote_smart("^(" . $serialNo . ")$") . " ORDER BY author, year DESC, publication"; // we simply use the fixed default ORDER BY clause here else // if NO user logged in, don't display any user specific fields: $sqlQuery .= " FROM $tableRefs WHERE serial RLIKE " . quote_smart("^(" . $serialNo . ")$") . " ORDER BY author, year DESC, publication"; // we simply use the fixed default ORDER BY clause here $sqlQuery = rawurlencode($sqlQuery); // Generate a 'search.php' URL that points to the formerly displayed results page: if (!empty($oldMultiRecordQuery)) $oldMultiRecordQueryURL = generateURL("search.php", "html", $oldMultiRecordQuery, true); // function 'generateURL()' is defined in 'include.inc.php' // Build a TABLE, containing one ROW and DATA tag: echo "\n" . "\n" . "\n\t" . "\n" . "\n

" . "\n\t\tChoose how to proceed:  "; if (isset($_SESSION['user_permissions']) AND preg_match("/allow_details_view/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable does contain 'allow_details_view'... { if ($recordAction != "delet") echo "\n\t\tShow " . $recordAction . "ed record"; if ($recordAction != "delet" && !empty($oldMultiRecordQuery)) echo "\n\t\t  -OR-  "; } if (!empty($oldMultiRecordQuery)) // only provide a link to any previous search results if '$oldMultiRecordQuery' isn't empty echo "\n\t\tDisplay previous search results"; if ((isset($_SESSION['user_permissions']) AND preg_match("/allow_details_view/", $_SESSION['user_permissions']) AND ($recordAction != "delet")) || !empty($oldMultiRecordQuery)) echo "\n\t\t  -OR-  "; echo "\n\t\tGoto " . encodeHTML($officialDatabaseName) . " Home"; // we include the link to the home page here so that "Choose how to proceed:" never stands without any link to go echo "\n\t

"; // -------------------------------------------------------------------- // DISPLAY THE HTML FOOTER: // call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php') showPageFooter($HeaderString); displayHTMLfoot(); // -------------------------------------------------------------------- ?>