interface/forms/CAMOS/admin.php

   1 <?php
   2 require_once('../../globals.php');
   3 require_once("$srcdir/acl.inc");
   4 ?>
   5 <?php
   6 // Check authorization.
   7 if (!acl_check('admin', 'super')) {
   8     die(xlt('Not authorized'));
   9 }
  10
  11
  12 if ($_POST['export']) {
  13     if (!verifyCsrfToken($_POST["csrf_token_form"])) {
  14         csrfNotVerified();
  15     }
  16
  17     $temp = tmpfile();
  18     if ($temp === false) {
  19         echo "<h1>" . xlt("failed") . "</h1>";
  20     } else {
  21         $query1 = "select id, category from ".mitigateSqlTableUpperCase("form_CAMOS_category");
  22         $statement1 = sqlStatement($query1);
  23         while ($result1 = sqlFetchArray($statement1)) {
  24                 $tmp = $result1['category'];
  25                 $tmp = "<category>$tmp</category>"."\n";
  26                 fwrite($temp, $tmp);
  27                 $query2 = "select id,subcategory from ".mitigateSqlTableUpperCase("form_CAMOS_subcategory")." where category_id=?";
  28                 $statement2 = sqlStatement($query2, array($result1['id']));
  29             while ($result2 = sqlFetchArray($statement2)) {
  30                 $tmp = $result2['subcategory'];
  31                 $tmp = "<subcategory>$tmp</subcategory>"."\n";
  32                 fwrite($temp, $tmp);
  33                 $query3 = "select item, content from ".mitigateSqlTableUpperCase("form_CAMOS_item")." where subcategory_id=?";
  34                 $statement3 = sqlStatement($query3, array($result2['id']));
  35                 while ($result3 = sqlFetchArray($statement3)) {
  36                     $tmp = $result3['item'];
  37                     $tmp = "<item>$tmp</item>"."\n";
  38                     fwrite($temp, $tmp);
  39                     $tmp = preg_replace(array("/\n/","/\r/"), array("\\\\n","\\\\r"), $result3['content']);
  40                     $tmp = "<content>$tmp</content>"."\n";
  41                     fwrite($temp, $tmp);
  42                 }
  43             }
  44         }
  45
  46         rewind($temp);
  47             header("Pragma: public");
  48             header("Expires: 0");
  49             header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
  50         header("Content-Type: text/plain");
  51             header("Content-Disposition: attachment; filename=\"CAMOS_export.txt\"");
  52
  53         fpassthru($temp);
  54         fclose($temp);
  55     }
  56 }
  57
  58 if ($_POST['import']) {
  59     if (!verifyCsrfToken($_POST["csrf_token_form"])) {
  60         csrfNotVerified();
  61     }
  62 ?>
  63 <?php
  64     $fname = '';
  65 foreach ($_FILES as $file) {
  66     $fname = $file['tmp_name'];
  67 }
  68
  69     $handle = @fopen($fname, "r");
  70 if ($handle === false) {
  71     echo "<h1>" . xlt('Error opening uploaded file for reading') . "</h1>";
  72 } else {
  73     $category = '';
  74     $category_id = 0;
  75     $subcategory = '';
  76     $subcategory_id = 0;
  77     $item = '';
  78     $item_id = 0;
  79     $content = '';
  80     while (!feof($handle)) {
  81         $buffer = fgets($handle);
  82         if (preg_match('/<category>(.*?)<\/category>/', $buffer, $matches)) {
  83             $category = trim($matches[1]); //trim in case someone edited by hand and added spaces
  84             $statement = sqlStatement("select id from ".mitigateSqlTableUpperCase("form_CAMOS_category")." where category like ?", array($category));
  85             if ($result = sqlFetchArray($statement)) {
  86                 $category_id = $result['id'];
  87             } else {
  88                 $query = "INSERT INTO ".mitigateSqlTableUpperCase("form_CAMOS_category")." (user, category) ".
  89                 "values (?, ?)";
  90                 sqlInsert($query, array($_SESSION['authUser'], $category));
  91                 $statement = sqlStatement("select id from ".mitigateSqlTableUpperCase("form_CAMOS_category")." where category like ?", array($category));
  92                 if ($result = sqlFetchArray($statement)) {
  93                     $category_id = $result['id'];
  94                 }
  95             }
  96         }
  97
  98         if (preg_match('/<subcategory>(.*?)<\/subcategory>/', $buffer, $matches)) {
  99             $subcategory = trim($matches[1]);
 100             $statement = sqlStatement("select id from ".mitigateSqlTableUpperCase("form_CAMOS_subcategory")." where subcategory " .
 101                 "like ? and category_id = ?", array($subcategory, $category_id));
 102             if ($result = sqlFetchArray($statement)) {
 103                 $subcategory_id = $result['id'];
 104             } else {
 105                 $query = "INSERT INTO ".mitigateSqlTableUpperCase("form_CAMOS_subcategory")." (user, subcategory, category_id) ".
 106                 "values (?, ?, ?)";
 107                 sqlInsert($query, array($_SESSION['authUser'], $subcategory, $category_id));
 108                 $statement = sqlStatement("select id from ".mitigateSqlTableUpperCase("form_CAMOS_subcategory")." where subcategory " .
 109                 "like ? and category_id = ?", array($subcategory, $category_id));
 110                 if ($result = sqlFetchArray($statement)) {
 111                     $subcategory_id = $result['id'];
 112                 }
 113             }
 114         }
 115
 116         if ((preg_match('/<(item)>(.*?)<\/item>/', $buffer, $matches)) ||
 117         (preg_match('/<(content)>(.*?)<\/content>/s', $buffer, $matches))) {
 118             $mode = $matches[1];
 119             $value = trim($matches[2]);
 120             $insert_value = '';
 121             if ($mode == 'item') {
 122                 $postfix = 0;
 123                 $statement = sqlStatement("select id from ".mitigateSqlTableUpperCase("form_CAMOS_item")." where item like ? " .
 124                 "and subcategory_id = ?", array($value, $subcategory_id));
 125                 if ($result = sqlFetchArray($statement)) {//let's count until we find a number available
 126                     $postfix = 1;
 127                     $inserted_duplicate = false;
 128                     while ($inserted_duplicate === false) {
 129                         $insert_value = $value."_".$postfix;
 130                         $inner_statement = sqlStatement("select id from ".mitigateSqlTableUpperCase("form_CAMOS_item")." ".
 131                             "where item like ? " .
 132                             "and subcategory_id = ?", array($insert_value, $subcategory_id));
 133                         if (!($inner_result = sqlFetchArray($inner_statement))) {//doesn't exist
 134                             $inner_query = "INSERT INTO ".mitigateSqlTableUpperCase("form_CAMOS_item")." (user, item, subcategory_id) ".
 135                             "values (?, ?, ?)";
 136                             sqlInsert($inner_query, array($_SESSION['authUser'], $insert_value, $subcategory_id));
 137                             $inserted_duplicate = true;
 138                         } else {
 139                             $postfix++;
 140                         }
 141                     }
 142                 } else {
 143                     $query = "INSERT INTO ".mitigateSqlTableUpperCase("form_CAMOS_item")." (user, item, subcategory_id) ".
 144                     "values (?, ?, ?)";
 145                     sqlInsert($query, array($_SESSION['authUser'], $value, $subcategory_id));
 146                 }
 147
 148                 if ($postfix == 0) {
 149                     $insert_value = $value;
 150                 }
 151
 152                 $statement = sqlStatement("select id from ".mitigateSqlTableUpperCase("form_CAMOS_item")." where item like ? " .
 153                 "and subcategory_id = ?", array($insert_value, $subcategory_id));
 154                 if ($result = sqlFetchArray($statement)) {
 155                     $item_id = $result['id'];
 156                 }
 157             } elseif ($mode == 'content') {
 158                 $statement = sqlStatement("select content from ".mitigateSqlTableUpperCase("form_CAMOS_item")." where id = ?", array($item_id));
 159                 if ($result = sqlFetchArray($statement)) {
 160                     //$content = "/*old*/\n\n".$result['content']."\n\n/*new*/\n\n$value";
 161                     $content = $value;
 162                 } else {
 163                     $content = $value;
 164                 }
 165
 166                 $query = "UPDATE ".mitigateSqlTableUpperCase("form_CAMOS_item")." set content = ? where id = ?";
 167                 sqlInsert($query, array($content, $item_id));
 168             }
 169         }
 170     }
 171
 172     fclose($handle);
 173 }
 174 }
 175 ?>
 176 <html>
 177 <head>
 178 <title>
 179 admin
 180 </title>
 181 </head>
 182 <body>
 183 <p>
 184 <?php echo xlt("Click 'export' to export your Category, Subcategory, Item, Content data to a text file. Any resemblance of this file to an XML file is purely coincidental. The opening and closing tags must be on the same line, they must be lowercase with no spaces. To import, browse for a file and click 'import'. If the data is completely different, it will merge with your existing data. If there are similar item names, The old one will be kept and the new one saved with a number added to the end."); ?>
 185 <?php echo xlt("This feature is very experimental and not fully tested. Use at your own risk!"); ?>
 186 </p>
 187 <form enctype="multipart/form-data" method="POST">
 188 <input type="hidden" name="csrf_token_form" value="<?php echo attr(collectCsrfToken()); ?>" />
 189 <input type="hidden" name="MAX_FILE_SIZE" value="12000000" />
 190 <?php echo xlt('Send this file'); ?>: <input type="file" name="userfile"/>
 191 <input type="submit" name="import" value='<?php echo xla("Import"); ?>'/>
 192 <input type="submit" name="export" value='<?php echo xla("Export"); ?>'/>
 193 </form>
 194 </body>
 195 </html>