X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_controls.inc;h=515cf999322cd0adabcdc3169b49e0086c692b87;hb=de09a35c9e55aceaf1c71052cbb40f44e4b3bbc7;hp=a6140df5e3bde056e7f45908446ca09ead06a62d;hpb=953b3605810699962454b624e19bd0779b17e7f7;p=fa-stable.git diff --git a/includes/ui/ui_controls.inc b/includes/ui/ui_controls.inc index a6140df5..515cf999 100644 --- a/includes/ui/ui_controls.inc +++ b/includes/ui/ui_controls.inc @@ -9,9 +9,27 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ +/* + Retrieve value of POST variable(s). + For $name passed as array $dflt is not used, + default values can be passed as values with non-numeric keys instead. + If some field have user formatted numeric value, pass float default value to + convert automatically to POSIX. +*/ function get_post($name, $dflt='') { - return ((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]); + if (is_array($name)) { + $ret = array(); + foreach($name as $key => $dflt) + if (!is_numeric($key)) { + $ret[$key] = is_float($dflt) ? input_num($key, $dflt) : get_post($key, $dflt); + } else { + $ret[$dflt] = get_post($dflt, null); + } + return $ret; + } else + return is_float($dflt) ? input_num($name, $dflt) : + ((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]); } //--------------------------------------------------------------------------------- @@ -31,36 +49,73 @@ function start_form($multi=false, $dummy=false, $action="", $name="") } +/* + Flush hidden fields buffer. +*/ +function output_hidden() +{ + global $hidden_fields; + + if (is_array($hidden_fields)) + echo implode('', $hidden_fields); + $hidden_fields = array(); +} //--------------------------------------------------------------------------------- function end_form($breaks=0) { + global $Ajax, $hidden_fields; + + $_SESSION['csrf_token'] = hash('sha256', uniqid(mt_rand(), true)); if ($breaks) br($breaks); - echo "\n"; + hidden('_focus'); + hidden('_modified', get_post('_modified', 0)); + hidden('_token', $_SESSION['csrf_token']); + + output_hidden(); echo "\n"; + $Ajax->activate('_token'); +} + +function check_csrf_token() +{ + if ($_SESSION['csrf_token'] != @$_POST['_token']) + { + display_error(_("Request from outside of this page is forbidden.")); + error_log(_("CSRF attack detected from: ").@$_SERVER['HTTP_HOST'].' ('.@$_SERVER['HTTP_REFERER'].')'); + return false; + } + return true; } -function start_table($extra="", $padding='2', $spacing='0') +function start_table($class=false, $extra="", $padding='2', $spacing='0') { echo "
\n"; + echo " cellpadding='$padding' cellspacing='$spacing'>\n"; } function end_table($breaks=0) { echo "
\n"; + output_hidden(); if ($breaks) br($breaks); } -function start_outer_table($extra="", $padding='2', $spacing='0', $br=false) +function start_outer_table($class=false, $extra="", $padding='2', $spacing='0', $br=false) { if ($br) br(); - start_table($extra, $padding, $spacing); + start_table($class, $extra, $padding, $spacing); echo "\n"; // outer table } @@ -69,7 +124,8 @@ function table_section($number=1, $width=false) if ($number > 1) { echo "\n"; - $width = ($width ? "width=$width" : ""); + output_hidden(); + $width = ($width ? "width='$width'" : ""); //echo "\n"; // outer table echo "\n"; // outer table } @@ -79,7 +135,10 @@ function table_section($number=1, $width=false) function end_outer_table($breaks=0, $close_table=true) { if ($close_table) + { echo "\n"; + output_hidden(); + } echo "\n"; end_table($breaks); } @@ -125,15 +184,28 @@ function access_string($label, $clean=false) return $clean ? $label : array($label, $access); } -function hyperlink_back($center=true, $no_menu=true) +function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0, $final=false) { + global $path_to_root; + if ($center) echo "
"; - start_table("width=20%"); + $id = 0; + if ($no_menu && $trans_no != 0) + { + include_once($path_to_root."/admin/db/attachments_db.inc"); + $id = has_attachment($type_no, $trans_no); + $attach = get_attachment_string($type_no, $trans_no); + echo $attach; + } + $width = ($id != 0 ? "30%" : "20%"); + start_table(false, "width='$width'"); start_row(); if ($no_menu) + { echo ""._("Print")."\n"; - echo "".($no_menu ? _("Close") : _("Back"))."\n"; + } + echo "".($no_menu ? _("Close") : _("Back"))."\n"; end_row(); end_table(); if ($center) @@ -180,7 +252,6 @@ function viewer_link($label, $url='', $class='', $id='', $icon=null) } else $preview_str = $label; - return $preview_str; } @@ -200,12 +271,12 @@ function submenu_option($title, $url, $id=null) function submenu_view($title, $type, $number, $id=null) { - display_note(get_trans_view_str($type, $number, $title, false, 'menu_option', $id), 0, 1); + display_note(get_trans_view_str($type, $number, $title, false, 'viewlink', $id), 0, 1); } function submenu_print($title, $type, $number, $id=null, $email=0, $extra=0) { - display_note(print_document_link($number, $title, true, $type, false, 'menu_option', $id, $email, $extra), 0, 1); + display_note(print_document_link($number, $title, true, $type, false, 'printlink', $id, $email, $extra), 0, 1); } //----------------------------------------------------------------------------------- @@ -253,18 +324,20 @@ function hyperlink_params_separate_td($target, $label, $params) //-------------------------------------------------------------------------------------------------- -function alt_table_row_color(&$k) +function alt_table_row_color(&$k, $extra_class=null) { + $classes = $extra_class ? array($extra_class) : array(); if ($k == 1) { - echo "\n"; + array_push($classes, 'oddrow'); $k = 0; } else { - echo "\n"; + array_push($classes, 'evenrow'); $k++; } + echo "\n"; } function table_section_title($msg, $colspan=2) @@ -320,13 +393,73 @@ function div_end() { global $ajax_divs, $Ajax; + output_hidden(); if (count($ajax_divs)) { $div = array_pop($ajax_divs); if ($div[1] !== null) $Ajax->addUpdate($div[1], $div[0], ob_get_flush()); - echo ""; } + echo ""; +} + +//----------------------------------------------------------------------------- +// Tabbed area: +// $name - prefix for widget internal elements: +// Nth tab submit name: {$name}_N +// div id: _{$name}_div +// sel (hidden) name: _{$name}_sel +// $tabs - array of tabs; string: tab title or array(tab_title, enabled_status) + +function tabbed_content_start($name, $tabs, $dft='') { + global $Ajax; + + $selname = '_'.$name.'_sel'; + $div = '_'.$name.'_div'; + + $sel = find_submit($name.'_', false); + if($sel==null) + $sel = get_post($selname, (string)($dft==='' ? key($tabs) : $dft)); + + if ($sel!==@$_POST[$selname]) + $Ajax->activate($name); + + $_POST[$selname] = $sel; + + div_start($name); + $str = "\n"; + $str .= "
\n"; + $str .= "\n"; + $str .= "
\n"; + echo $str; +} + +function tabbed_content_end() { + output_hidden(); + echo "
"; // content box (don't change to div_end() unless div_start() is used above) + div_end(); // tabs widget +} + +function tab_changed($name) +{ + $to = find_submit("{$name}_", false); + if (!$to) return null; + + return array('from' => $from = get_post("_{$name}_sel"), + 'to' => $to); } /* Table editor interfaces. Key is editor type @@ -336,13 +469,13 @@ function div_end() */ $popup_editors = array( 'customer' => array('/sales/manage/customers.php?debtor_no=', - 113, _("Customers")), + 113, _("Customers"), 900, 500), 'branch' => array('/sales/manage/customer_branches.php?SelectedBranch=', - 114, _("Branches")), + 114, _("Branches"), 900, 700), 'supplier' => array('/purchasing/manage/suppliers.php?supplier_id=', - 113, _("Suppliers")), + 113, _("Suppliers"), 900, 700), 'item' => array('/inventory/manage/items.php?stock_id=', - 115, _("Items")) + 115, _("Items"), 800, 600) ); /* Bind editors for various selectors. @@ -357,7 +490,8 @@ function set_editor($type, $input, $caller=true) $key = $caller===true ? $popup_editors[$type][1] : $caller; - $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input); + $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input, + $popup_editors[$type][3], $popup_editors[$type][4]); $help = 'F' . ($key - 111) . ' - '; $help .= $popup_editors[$type][2]; @@ -467,4 +601,44 @@ function editor_return($vars, $restore_fun='') { } } +function confirm_dialog($submit, $msg) { + if (find_post($submit)) { + display_warning($msg); + br(); + submit_center_first('DialogConfirm', _("Proceed"), '', true); + submit_center_last('DialogCancel', _("Cancel"), '', 'cancel'); + return 0; + } else + return get_post('DialogConfirm', 0); +} + +/* + Block menu/shortcut links during transaction procesing. +*/ +function page_processing($msg = false) +{ + global $Ajax; + + if ($msg === true) + $msg = _('Entered data has not been saved yet.\nDo you want to abandon changes?'); + + $js = "_validate._processing=" . ( + $msg ? '\''.strtr($msg, array("\n"=>'\\n')) . '\';' : 'null;'); + if (in_ajax()) { + $Ajax->addScript(true, $js); + } else + add_js_source($js); +} + +function page_modified($status = true) +{ + global $Ajax; + + $js = "_validate._modified=" . ($status ? 1:0).';'; + if (in_ajax()) { + $Ajax->addScript(true, $js); + } else + add_js_source($js); +} + ?> \ No newline at end of file