#!/usr/bin/perl # MimerDesk # Web based groupware and eLearning environment # www.mimerdesk.org # # Copyright (C) 2001 Ionstream Ltd. # www.ionstream.fi # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the Free # Software Foundation; either version 2 of the License, or (at your option) # any later version. # # This program is distributed with a hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # $Id: products.html,v 1.8 2002/06/06 14:58:02 inf Exp $ #"""""""""""""""""""""""""""""""""""""""""# # # # MimerDesk: product database # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # (c) Ionstream Oy 1999 - 2001 # # # # Programmed by: Hannes Muurinen # # # #_________________________________________# use lib::MimerDesk; use strict; use vars qw($form $APPLICATION $USER $IP $LAST_ACT $FORWARDED $TIME_USED $IDLE $ACTIVEGRP $REVIEWS_NAME $no_year_given $colors %default_custom_names $error_messages $trans $admin_status $GROUPACTIVOR $PRODUCT_INFO $PRODUCT_CATEGORY $PRODUCT_REVIEW $REVIEW_COMMENT $edit_on $default_none_given_text ); use CGI::Carp "fatalsToBrowser"; sub print_template; $no_year_given = -2147483648; # the default epoch value in databases for 'no publishing year given' %default_custom_names = ( custom1 => 'Publisher', author_title => 'Author'); # database table names: $PRODUCT_INFO = 'product_info'; $PRODUCT_CATEGORY = 'product_category'; $PRODUCT_REVIEW = 'product_review'; $REVIEW_COMMENT = 'review_comment'; $edit_on = 'true'; read_config('../config/mimerdesk.cfg'); $config{'theme'} = 'default'; $APPLICATION = 'Resources - Reviews'; # The main program ################### $colors = initialize('colors'); $form = decode_multipart(); $form->{'ID'} =~ tr/0-9//cd; $form->{'auth'} =~ tr/0-9a-z//cd; $form->{'sort'} = 'name' if $form->{'sort'} eq ''; # name = 'sort alphabetically according to the product name' ($USER, $IP, $LAST_ACT, $FORWARDED, $TIME_USED, $IDLE, $ACTIVEGRP) = authenticate($form->{'ID'}, $form->{'auth'}, $form->{'changeGroup'}); $trans = lib::MimerDesk->new_gettext(program => 'products',language => $config{'language'}); $APPLICATION = $trans->gettext('Resources - Reviews'); $REVIEWS_NAME = $trans->gettext('Public reviews'); $default_none_given_text = '-'; #check if the program should behave as a group tool: if ($form->{'grouptool'} =~ /^\d+$/) { lock_tables('READ', 'groupusers'); db_list("SELECT RIGHTS,USER FROM groupusers where USER = '$USER' and GID = '$form->{'grouptool'}'"); while (my $ref = $sth->fetchrow_hashref()) { $admin_status = $ref->{'RIGHTS'}; $GROUPACTIVOR = $ref->{'USER'}; } db_end(); unlock_tables(); if (!$GROUPACTIVOR) { lock_tables('READ', 'users'); db_list("SELECT * FROM users where nimi = '$USER'"); while (my $ref = $sth->fetchrow_hashref()) {$admin_status = $ref->{'flags'};} db_end(); unlock_tables(); } else { # group databases: $PRODUCT_INFO = "$form->{'grouptool'}_$PRODUCT_INFO"; $PRODUCT_CATEGORY = "$form->{'grouptool'}_$PRODUCT_CATEGORY"; $PRODUCT_REVIEW = "$form->{'grouptool'}_$PRODUCT_REVIEW"; $REVIEW_COMMENT = "$form->{'grouptool'}_$REVIEW_COMMENT"; lock_tables('READ', 'groups'); db_list("SELECT GRPNAME,GID FROM groups where GID = '$form->{'grouptool'}'"); while (my $ref = $sth->fetchrow_hashref()) {$REVIEWS_NAME = tagged('a', {href => "group.html?ID=$form->{'ID'}&auth=$form->{'auth'}&changeGroup=$ref->{'GID'}", onMouseOver => "doClock(); return true", class => "contentLinkBlue", content => $ref->{'GRPNAME'}});} db_end(); unlock_tables(); } } else { lock_tables('READ', 'users'); db_list("SELECT * FROM users where nimi = '$USER'"); while (my $ref = $sth->fetchrow_hashref()) {$admin_status = $ref->{'flags'};} db_end(); unlock_tables(); } $edit_on = '' if $admin_status !~ /R0/; #only people with 'R0' admin status can do some serious stuff $error_messages = add_category() if ($form->{'submitaction'} eq 'add category'); $error_messages = add_product() if ($form->{'UPDATE'} ne ''); $error_messages = delete_product() if ($form->{'DELETE'} ne '' and $form->{'productID'} ne ''); if ($form->{'upload'} eq 'Upload' and $form->{'showproducts'}) {upload();} elsif ($form->{'picdelete'} and $form->{'showproducts'}) {pic_delete();} elsif ($form->{'addproduct'} and $form->{'showproducts'}) {print_template("$config{'theme'}_product_add");} elsif ($form->{'picpreviewpop'}) {pic_preview();} elsif ($form->{'showproducts'}) {print_template("$config{'theme'}_product_list");} elsif ($form->{'addcategory'} and $edit_on) {print_template("$config{'theme'}_product_add_categories");} #only admins can add main categories else {print_template("$config{'theme'}_product_categories");} # Subs: ########### # print_template # # 1. makes the calendar / error message (if invalid data is given) # 2. prints the header # 3. concatenates the different parts of the page # 4. replaces the <<>>-tags (including the <>-tag) # 5. prints the rest of the page # sub print_template { my ($template, $ref, $fulltemplate, $calendar, $navigation_right, $calinfo, $navigation_left); $template = shift; print_header('pragma'); $ref = get_template('maintemplate',$template); $ref->{'maintemplate'} =~ s/<>/$ref->{$template}/m; $fulltemplate = $ref->{'maintemplate'}; if ($GROUPACTIVOR) { $fulltemplate = create_buttons($fulltemplate, 'Group', 'Reviews', $form); $APPLICATION = $trans->gettext('Group - Reviews'); } else {$fulltemplate = create_buttons($fulltemplate, 'Resources', 'Reviews', $form);} $fulltemplate =~ s/<>/minea/gm; $ref = get_template('js_doClock', 'js_help', 'js_gotosite'); my $stuff = $ref->{'js_doClock'}.$ref->{'js_help'}.$ref->{'js_gotosite'}; $fulltemplate =~ s/<>/$stuff/ms; $fulltemplate =~ s/<>/$form->{'grouptool'}/msg; $fulltemplate =~ s/<>/$REVIEWS_NAME/msg; $fulltemplate =~ s/<>/MimerDesk\: $APPLICATION/ms; if ($form->{'addproduct'}) {$fulltemplate = replace_add_prod_tags($fulltemplate);} elsif ($form->{'showproducts'}) {$fulltemplate = replace_info_tags($fulltemplate);} elsif ($form->{'addcategory'}) {$fulltemplate = replace_add_category_tags($fulltemplate);} else {$fulltemplate = replace_category_tags($fulltemplate);} $fulltemplate =~ s/<>/$error_messages/gm; $fulltemplate = replace_tags($fulltemplate, $USER, $form->{'auth'}, $form->{'ID'}, $TIME_USED); $fulltemplate = add_popups($fulltemplate, $USER, $form->{'auth'}, $form->{'ID'}); print $fulltemplate; db_end('disconnect'); exit; } ######################################################################### # add_product - adds a product to db # #-----------------------------------------------------------------------# # add_product() # # # # arguments are read from the form # # # # Usage: # # add_product() # # # ######################################################################### sub add_product { my $form_errors = check_add_prod_form_errors() if ($form->{'UPDATE'} eq 'Add product' or $form->{'UPDATE'} eq 'Modify product'); return $form_errors if $form_errors ne ''; my $message; my $year = $form->{'ppubtime'}; $year = $no_year_given if $form->{'ppubtime'} eq ''; $form->{'pictures'} =~ tr/\/\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\n\r//d; ($year,$form->{'pname'},$form->{'pauthor'},$form->{'custom1'},$form->{'custom2'},$form->{'custom3'},$form->{'custom4'},$form->{'otherinfo'},$form->{'pictures'},$form->{'showproducts'}) = prepare_fordb($year,$form->{'pname'},$form->{'pauthor'},$form->{'custom1'},$form->{'custom2'},$form->{'custom3'},$form->{'custom4'},$form->{'otherinfo'},$form->{'pictures'},$form->{'showproducts'}); if ($form->{'UPDATE'} eq "Add product") { my %dbstuff = ( IDnumber => 'NULL', name => $form->{'pname'}, custom0 => $form->{'pauthor'}, custom1 => $form->{'custom1'}, custom2 => $form->{'custom2'}, custom3 => $form->{'custom3'}, custom4 => $form->{'custom4'}, pub_datetime => $year, other_info => $form->{'otherinfo'}, picture => $form->{'pictures'}, sender => $USER, categoryID => $form->{'showproducts'} ); db_insert($PRODUCT_INFO, \%dbstuff); db_end(); $message = tagged('div', {class => 'success', content => $trans->gettext('Item added successfully!')}); } elsif ($form->{'UPDATE'} eq "Modify product") { my %dbstuff = ( name => $form->{'pname'}, custom0 => $form->{'pauthor'}, custom1 => $form->{'custom1'}, custom2 => $form->{'custom2'}, custom3 => $form->{'custom3'}, custom4 => $form->{'custom4'}, pub_datetime => $year, other_info => $form->{'otherinfo'}, picture => $form->{'pictures'} ); db_update($PRODUCT_INFO,\%dbstuff,"IDnumber='$form->{'productID'}' and sender = '$USER'"); db_end(); $message = tagged('div', {class => 'success', content => $trans->gettext('Item modified successfully!')}); } $form->{'addproduct'} = ''; return $message; } ######################################################################### # check_add_prod_form_errors - checks the form # #-----------------------------------------------------------------------# # check_add_prod_form_errors() # # # # Usage: # # check_add_prod_form_errors() # # # ######################################################################### sub check_add_prod_form_errors { my $errormessage; $errormessage .= tagged('div', {class => 'error', content => $trans->gettext('You must specify name!')}) . tag('br') if !$form->{'pname'}; $errormessage .= tagged('div', {class => 'error', content => $trans->gettext('You must specify author!')}) . tag('br') if !$form->{'pauthor'}; $errormessage .= tagged('div', {class => 'error', content => $trans->gettext('Invalid publishing year!')}) . tag('br') if $form->{'ppubtime'} !~ /^[0-9]*$/; $errormessage .= tagged('div', {class => 'error', content => $trans->gettext('HaX0r error!')}) . tag('br') if !$form->{'showproducts'}; return $errormessage; } ######################################################################### # delete_product - removes a product from db # #-----------------------------------------------------------------------# # delete_product() # # # # arguments are read from the form # # # # Usage: # # delete_product() # # # ######################################################################### sub delete_product { if($edit_on) { db_delete($PRODUCT_INFO,"IDnumber='$form->{'productID'}' and sender = '$USER'"); db_end(); my @revIDlist; db_list("SELECT IDnumber FROM $PRODUCT_REVIEW where productID = '$form->{'productID'}'"); while (my $ref = $sth->fetchrow_hashref()) {push @revIDlist, $ref->{'IDnumber'};} db_end(); #remove the reviews of this book: db_delete($PRODUCT_REVIEW,"productID = '$form->{'productID'}'"); db_end(); # is this one needed? #remove the comments of the reviews concerning the removed book: foreach (@revIDlist) { db_delete($REVIEW_COMMENT,"reviewID = '$_'"); db_end(); # is this one needed? } $form->{'addproduct'} = ''; return tagged('div', {class => 'success', content => $trans->gettext('Item deleted')}); } else { $form->{'addproduct'} = ''; return tagged('div', {class => 'error', content => $trans->gettext('You must have admin status to remove items (all the reviews and comments related to this item will also be removed)!')}); } } ######################################################################### # replace_add_prod_tags - replaces some HTML-tags # #-----------------------------------------------------------------------# # replace_add_prod_tags($some_text_with_tags) # # # # Usage: # # $HTML = replace_add_prod_tags($HTML) # # # ######################################################################### sub replace_add_prod_tags { my $template = shift; my ($some_HTML,@custom_names,@custom_shit); my %translations = ('Add' => $trans->gettext('Add item'), 'Modify' => $trans->gettext('Modify item')); $template =~ s/<>/$form->{'showproducts'}/msg; $template =~ s/<>/$translations{$form->{'addproduct'}}/msg; db_list("SELECT name,category,c0_name,c1_name,c2_name,c3_name,c4_name FROM $PRODUCT_CATEGORY where IDnumber=$form->{'showproducts'}"); while (my $ref = $sth->fetchrow_hashref()) { $ref->{'c1_name'} = $default_custom_names{'custom1'} if $ref->{'c1_name'} eq ''; $ref->{'c0_name'} = $default_custom_names{'author_title'} if $ref->{'c0_name'} eq ''; $template =~ s/<>/$ref->{'c0_name'}/msg; $template =~ s/<>/$ref->{'category'} : $ref->{'name'}/msg; @custom_names = ($ref->{'c0_name'},$ref->{'c1_name'},$ref->{'c2_name'},$ref->{'c3_name'},$ref->{'c4_name'}); } db_end(); if($form->{'productID'} ne '' and $form->{'addproduct'} eq 'Modify') { db_list("SELECT * FROM $PRODUCT_INFO where IDnumber = '$form->{'productID'}' and sender = '$USER' and categoryID = '$form->{'showproducts'}'"); while (my $ref = $sth->fetchrow_hashref()) { $form->{'picture'} = $ref->{'picture'} if $form->{'picture'} eq ''; $form->{'pname'} = $ref->{'name'} if $form->{'pname'} eq ''; $form->{'pauthor'} = $ref->{'custom0'} if $form->{'pauthor'} eq ''; $form->{'ppubtime'} = $ref->{'pub_datetime'} if $form->{'ppubtime'} eq ''; $form->{'ppubtime'} = '' if $form->{'ppubtime'} == $no_year_given; @custom_shit = ($ref->{'custom0'},$ref->{'custom1'},$ref->{'custom2'},$ref->{'custom3'},$ref->{'custom4'}); $form->{'otherinfo'} = $ref->{'other_info'} if $form->{'otherinfo'} eq ''; } db_end(); } $template =~ s/<>/$form->{'pname'}/msg; $template =~ s/<>/$form->{'pauthor'}/msg; $template =~ s/<>/$form->{'ppubtime'}/msg; $template =~ s/<>/$form->{'otherinfo'}/msg; $template =~ s/<>/$form->{'productID'}/msg; $template =~ s/<>/$form->{'addproduct'}/msg; # replace the PICS -tag: my ($rivi,$num,$pic, $is_selected); my @pictures = `ls $config{'xtrapics'}/`; foreach $pic (@pictures) { $pic =~ s/\n//; $num = $num + 1; if ($pic eq $form->{'picture'}) {$is_selected = 'SELECTED';} else {$is_selected = '';} $rivi .= "\n"; } $template =~ s/<>/$rivi/m; if ($form->{'picpreview'}) { $some_HTML = pic_preview_popup();} else { $some_HTML = '';} $template =~ s/<>/$some_HTML/m; $some_HTML = ''; foreach(1..4) { $custom_shit[$_] = $form->{"custom${_}"} if $form->{"custom${_}"} ne ''; $some_HTML .= startrow() . column(width => '20%', bgcolor => '#CEDFE8', class => 'content', content => $custom_names[$_]) . column(width => '80%', bgcolor => '#FFFFFF', content => textfield(name => "custom${_}", value => $custom_shit[$_], size => "50", maxlength => "100")) . endrow() if $custom_names[$_] ne ''; } $template =~ s/<>/$some_HTML/ms; $some_HTML = qq[$form->{'addproduct'} item ]; $some_HTML .= qq[Remove item ] if ($form->{'addproduct'} eq 'Modify' and $edit_on); # only people with admin-status can remove items $some_HTML .= qq[ Cancel]; $template =~ s/<>/$some_HTML/ms; return $template; } ######################################################################### # replace_info_tags - replaces some HTML-tags # #-----------------------------------------------------------------------# # replace_info_tags($some_text_with_tags) # # # # Usage: # # $HTML = replace_info_tags($HTML) # # # ######################################################################### sub replace_info_tags { my $template = shift; my ($some_HTML); $template =~ s/<>/$form->{'showproducts'}/msg; $some_HTML = make_info_table(); $template =~ s/<>/$some_HTML/ms; db_list("SELECT name,category,c0_name,c1_name FROM $PRODUCT_CATEGORY where IDnumber=$form->{'showproducts'}"); while (my $ref = $sth->fetchrow_hashref()) { $ref->{'c1_name'} = $default_custom_names{'custom1'} if $ref->{'c1_name'} eq ''; $ref->{'c0_name'} = $default_custom_names{'author_title'} if $ref->{'c0_name'} eq ''; $template =~ s/<>/$ref->{'c0_name'}/msg; $template =~ s/<>/$ref->{'c1_name'}/msg; $template =~ s/<>/$ref->{'category'} : $ref->{'name'}/msg; } db_end(); return $template; } ######################################################################### # make_info_table - makes the product database HTML-table # #-----------------------------------------------------------------------# # make_info_table() # # # # All needed arguments are read from the form. # # # # Usage: # # $HTML_table = make_info_table() # # # ######################################################################### sub make_info_table { my ($sort, $where, $the_table); if ($form->{'sort'} eq 'name') { $sort = 'name';} elsif ($form->{'sort'} eq 'author') { $sort = 'custom0';} elsif ($form->{'sort'} eq 'custom') { $sort = 'custom1';} else {$sort = 'pub_datetime';} $where = "where categoryID = '$form->{'showproducts'}' and"; ($form->{'author'},$form->{'name'},$form->{'pubtime'},$form->{'custom'}) = prepare_fordb($form->{'author'},$form->{'name'},$form->{'pubtime'},$form->{'publisher'}); $where .= " custom0 = '$form->{'author'}' and" if $form->{'author'} ne ''; $where .= " name = '$form->{'name'}' and" if $form->{'name'} ne ''; $where .= " pub_datetime = '$form->{'pubtime'}' and" if $form->{'pubtime'} ne ''; $where .= " custom1 = '$form->{'custom'}' and" if $form->{'custom'} ne ''; $where =~ s/and$//; # remove the last 'and' $the_table = ''; my @productIDlist; db_list("SELECT * FROM $PRODUCT_INFO $where order by $sort"); while (my $ref = $sth->fetchrow_hashref()) { my $pubdate = $ref->{'pub_datetime'}; $ref->{'custom1'} = $trans->gettext($default_none_given_text) if $ref->{'custom1'} eq ''; $pubdate = $trans->gettext($default_none_given_text) if $ref->{'pub_datetime'} == $no_year_given; #no time given => time = $no_year_given my ($linkauthor, $linkpub) = ($ref->{'custom0'},$ref->{'custom1'}); # the variables in which the names converted suitable for the form are stored $linkauthor =~ s/\s/\+/gm; # " " replaced with "+" $linkpub =~ s/\s/\+/gm; # " " replaced with "+" $the_table .= qq[ $ref->{'name'} $ref->{'custom0'} $ref->{'custom1'} $pubdate
<{'IDnumber'}>>
]; push @productIDlist, $ref->{'IDnumber'}; } db_end(); foreach(@productIDlist) { db_list("SELECT count(*) FROM $PRODUCT_REVIEW where productID = '$_'"); my $productcount = join "", $sth->fetchrow_array(); db_end(); $the_table =~ s/<>/$productcount/ms; } $the_table = qq[].$trans->gettext('No items were found from the database with the current search parameters!').qq[] if $the_table eq ''; return $the_table; } ######################################################################### # replace_add_category_tags - replaces some HTML-tags # #-----------------------------------------------------------------------# # replace_add_category_tags($some_text_with_tags) # # # # Usage: # # $HTML = replace_add_category_tags($HTML) # # # ######################################################################### sub replace_add_category_tags { my $template = shift; my ($some_HTML, @categories); db_list("SELECT distinct category FROM $PRODUCT_CATEGORY order by category"); while (my $ref = $sth->fetchrow_hashref()) {push @categories, $ref->{'category'};} db_end(); $some_HTML = $trans->gettext('Select one from the list: ') . dropdownmenu( name => 'main_category_dropdown', order => \@categories, default => $form->{'main_category_dropdown'} ) . $trans->gettext('
Add new main category: '). textfield( name => 'new_main_category', value => $form->{'new_main_category'}, size => '25', maxlength => '100'); $template =~ s/<>/$some_HTML/ms; $some_HTML = textfield( name => 'cat_name', value => $form->{'cat_name'}, size => '50', maxlength => '255'); $template =~ s/<>/$some_HTML/ms; $some_HTML = textarea( name => 'description', value => $form->{'description'}, wrap => 'continuous', rows => '5', cols => '50'); $template =~ s/<>/$some_HTML/ms; $form->{'c0_name'} = $default_custom_names{'author_title'} if $form->{'c0_name'} eq ''; $form->{'c1_name'} = $default_custom_names{'custom1'} if $form->{'c1_name'} eq ''; $some_HTML = textfield( name => 'c0_name', value => $form->{'c0_name'}, size => '50', maxlength => '50'); $template =~ s/<>/$some_HTML/ms; $template =~ s/<>/$form->{'addcategory'}/ms; foreach(1..4) { $some_HTML = textfield( name => "c${_}_name", value => $form->{"c${_}_name"}, size => '50', maxlength => '50'); $template =~ s/<>/$some_HTML/ms; } return $template; } ######################################################################### # replace_category_tags - replaces some HTML-tags # #-----------------------------------------------------------------------# # replace_category_tags($some_text_with_tags) # # # # Usage: # # $HTML = replace_category_tags($HTML) # # # ######################################################################### sub replace_category_tags { my $template = shift; my $some_HTML = make_category_table(); $template =~ s/<>/$some_HTML/ms; if ($edit_on) {$some_HTML = tagged('a', {href=> "products.html?ID=$form->{'ID'}&auth=$form->{'auth'}&addcategory=Add&grouptool=$form->{'grouptool'}", onMouseOver => "doClock(); return true", content => image(src => "<>addcatecory.gif", border=>"0", alt =>$trans->gettext('Add new category'))});} else {$some_HTML = '';} $template =~ s/<>/$some_HTML/ms; return $template; } ######################################################################### # make_category_table - makes the product database HTML-table # #-----------------------------------------------------------------------# # make_category_table() # # # # All needed arguments are read from the form. # # # # Usage: # # $HTML_table = make_category_table() # # # ######################################################################### sub make_category_table { my ($the_table, @categories); $the_table = ''; db_list("SELECT distinct category FROM $PRODUCT_CATEGORY order by category"); while (my $ref = $sth->fetchrow_hashref()) {push @categories, $ref->{'category'};} db_end(); foreach my $category (@categories) { $the_table .= startrow(bgcolor => $colors->{'sectitle'}) . column(colspan => '3', class => 'blackTitleSec', content => $category) . endrow(); my (@idlist); db_list("SELECT name,description,IDnumber FROM $PRODUCT_CATEGORY where category='$category' order by name"); while (my $ref = $sth->fetchrow_hashref()) { $the_table .= startrow(bgcolor => '#FFFFFF') . column(content => "{'ID'}&auth=$form->{'auth'}&showproducts=$ref->{'IDnumber'}&sort=name&grouptool=$form->{'grouptool'}\" onMouseOver=\"doClock(); return true\" class=\"blackTitleLink\">$ref->{'name'}
$ref->{'description'}", class => 'content') . column(content => "<{'IDnumber'}>>", class => 'content') . column(content => "<{'IDnumber'}>>", class => 'content') . endrow(); push @idlist,$ref->{'IDnumber'}; } db_end(); foreach my $temppi (@idlist) { db_list("SELECT count(*) FROM $PRODUCT_INFO where categoryID = '$temppi'"); my $productcount = join "", $sth->fetchrow_array(); db_end(); $the_table =~ s/<>/$productcount/ms; db_list("SELECT count(*) FROM $PRODUCT_REVIEW,$PRODUCT_INFO where $PRODUCT_INFO.categoryID = '$temppi' and $PRODUCT_INFO.IDnumber = $PRODUCT_REVIEW.productID"); $productcount = join "", $sth->fetchrow_array(); db_end(); $the_table =~ s/<>/$productcount/ms; } } $the_table = qq[].$trans->gettext('No categories were found from the database!').qq[] if $the_table eq ''; return $the_table; } ######################################################################### # add_category - adds new category # #-----------------------------------------------------------------------# # add_category() # # # # All needed arguments are read from the form. # # # # Usage: # # add_category() # # # ######################################################################### sub add_category { if($edit_on) { my $form_errors = check_add_category_form_errors(); return $form_errors if $form_errors ne ''; my $category = $form->{'new_main_category'}; $category = $form->{'main_category_dropdown'} if $category eq ''; $category = 'None' if $category eq ''; $form->{'c1_name'} = $default_custom_names{'custom1'} if $form->{'c1_name'} eq ''; $form->{'c0_name'} = $default_custom_names{'author_title'} if $form->{'c0_name'} eq ''; ($form->{'cat_name'},$category,$form->{'c0_name'},$form->{'c1_name'},$form->{'c2_name'},$form->{'c3_name'},$form->{'c4_name'},$form->{'description'},$USER) = prepare_fordb($form->{'cat_name'},$category,$form->{'c0_name'},$form->{'c1_name'},$form->{'c2_name'},$form->{'c3_name'},$form->{'c4_name'},$form->{'description'},$USER); my %db = ( 'IDnumber' => 'NULL', 'name' => $form->{'cat_name'}, 'category' => $category, 'c0_name' => $form->{'c0_name'}, 'c1_name' => $form->{'c1_name'}, 'c2_name' => $form->{'c2_name'}, 'c3_name' => $form->{'c3_name'}, 'c4_name' => $form->{'c4_name'}, 'description' => $form->{'description'}, 'moderator' => $USER); db_insert($PRODUCT_CATEGORY,\%db); db_end(); $form->{'addcategory'} = ''; return tagged('div', {class => 'success', content => $trans->gettext('New category added!')}); } else { $form->{'addcategory'} = ''; return tagged('div', {class => 'error', content => $trans->gettext('You must have admin rights to add new category!')}); } } ######################################################################### # check_add_category_form_errors - checks the form # #-----------------------------------------------------------------------# # check_add_category_form_errors() # # # # Usage: # # check_add_category_form_errors() # # # ######################################################################### sub check_add_category_form_errors { my $errormessage; $errormessage .= tagged('div', {class => 'error', content => $trans->gettext('You must specify name!')}) .tag('br') if !$form->{'cat_name'}; return $errormessage; } ######################## # Upload a new picture # ######################## sub upload { my $prefix = $form->{'file-to-upload-01', 'tiedostonimi'}; $prefix =~ s/(.*)\.(.*)$/$2/; $prefix =~ s/\n//; $prefix = lc $prefix; if ($prefix =~ /jpg/ || $prefix =~ /gif/ || $prefix =~ /png/) { unlink("$config{'xtrapics'}".'/'."$form->{'file-to-upload-01', 'tiedostonimi'}"); rename $form->{'file-to-upload-01'},"$config{'xtrapics'}".'/'."$form->{'file-to-upload-01', 'tiedostonimi'}"; write_log("$USER uploaded a new image named $form->{'file-to-upload-01' , 'tiedostonimi'}", 'notify'); } else { unlink($form->{'file-to-upload-01' , 'tiedostonimi'}); write_log("$USER tried to upload a file named $form->{'file-to-upload-01' , 'tiedostonimi'}", 'error'); } print_template("$config{'theme'}_product_add"); } ########################### # Delete selected picture # ########################### sub pic_delete { $form->{'pictures'} =~ tr/\/\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\n\r//d; unlink("$config{'xtrapics'}".'/'."$form->{'pictures'}"); print_template("$config{'theme'}_product_add"); } ############################ # Preview selected picture # ############################ sub pic_preview { $form->{'pictures'} =~ tr/\/\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\n\r//d; display_pic(); } ####################################################### # Makes the popup command to preview selected picture # ####################################################### sub pic_preview_popup { $form->{'pictures'} =~ tr/\/\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\n\r//d; my $tmpwindowID = (int rand 1000000); return "productPopUp(\'ID=$form->{'ID'}\&auth=$form->{'auth'}\&picpreviewpop=true\&pictures=$form->{'pictures'}\&grouptool=$form->{'grouptool'}\',$tmpwindowID,screen.width-50,screen.height-50)"; } ################### # Display picture # ################### sub display_pic { my $piclocation; if ($form->{'pictures'} eq '') { $piclocation = "$config{'loc_pictures'}/nopic.gif"; } else { $piclocation = "$config{'loc_server'}/newspics/$form->{'pictures'}"; } print_header('pragma'); print < Preview picture [$form->{'pictures'}]


Close this window
EOF exit; }