Menu

#433 complex custom field but facing problem

Future_Requests
open
nobody
None
1
2019-02-04
2019-02-02
ahmed
No

I have added a custom field to the user table, and I named it "technician" tinyint(1) and it's become check mark and it's working fine.

after that, I make SQL query in the config file to produce an array of technicians and add them to select options.

its working fine but the problem is its printing the technician name plus array key, check the attached image

and I want also to prevent users to see these options, I want only the admins can see these options while they approve the reservation.

I am using the latest version

Regards

1 Attachments
mrbs.jpg

Discussion

  • ahmed

    ahmed - 2019-02-02

    this is the code I have added to the config file

    $sql = 'SELECT name FROM mrbs_users WHERE technician=1';

mysql_select_db($db_database);
$retval = mysql_query( $sql, $ccoonn );
if(! $retval )
{
  die('Could not get data: ' . mysql_error());
}
$technicians = array();
while($row = mysql_fetch_ASSOC($retval))
{
$technicians [] = $row ;
}

$select_options['entry.technician_name'] = $technicians;



mysql_close($ccoonn);
     

  • Campbell Morrison

    Campbell Morrison - 2019-02-03

    The problem is that you are not creating a simple array, which is what I think you want, but an array of associative arrays, which MRBS treats as option groups in the select element.

    Instead of 

    $technicians [] = $row ;

    you want

    $technicians[] = $row['name'];

    The other thing to note is that the mysql_ functions are deprecated as of PHP 5.5.0 and removed as of PHP 7.0.0. You should instead use mysqli or PDO. The easiest thing to do would be to make use of MRBS's database abstraction class - look at how some other database queries are handled in MRBS - but to do this you will need to wait until they are available. I'd suggest creating your own file called, for example, 'myconfig.inc', adding a require_once 'myconfig.inc' to the bottom of defaultincludes.inc and then putting your code to populate $select_options['entry.technician_name'] in myconfig.inc. It would look something like

    <?php
$sql = "SELECT name FROM $tbl_users WHERE technician=1";
$select_options['entry.technician_name'] = db()->query_array($sql);

    And that's all the code you'd need (though I haven't tested it). Note that I have used $tbl_users instead of mrbs_users as that will cater for changes in the table prefix. You might also want to order your array by changing your query to 

    <?php
$sql = "SELECT name FROM $tbl_users WHERE technician=1 ORDER BY name";
$select_options['entry.technician_name'] = db()->query_array($sql);
     

    Last edit: Campbell Morrison 2019-02-03

  • Campbell Morrison

    Campbell Morrison - 2019-02-03

    PS This isn't an MRBS bug. It would be better to raise future such questions as Support Requests. Thanks.

     

  • Campbell Morrison

    Campbell Morrison - 2019-02-03

    To answer your last question, if you only want admins to be able to see the technician field on the edit_entry form, then you'll have to edit edit_entry.php and change line 1713 from:

          $fieldset->addElement(get_field_custom($key));

    to

          if ($is_admin || ($key != 'technician_name'))
      {
        $fieldset->addElement(get_field_custom($key));
      }
      else
      {
        if ((isset($custom_fields[$key]))
        {
          $form->addHiddenInput(VAR_PREFIX . $key, $custom_fields[$key]);
        }
      }

    Ideally you'd also add some code in edit_entry_handler.php to guard against users changing the hidden input on the form.

     

  • ahmed

    ahmed - 2019-02-03

    Great
    working fine, thanks mate

    and sorry for posting in the wrong section :)

    I found an extra bracket placed incorrectly in your last code

          if ($is_admin || ($key != 'technician_name'))
      {
        $fieldset->addElement(get_field_custom($key));
      }
      else
      {
        if (isset($custom_fields[$key])) // here
        {
          $form->addHiddenInput(VAR_PREFIX . $key, $custom_fields[$key]);
        }
      }
     

  • ahmed

    ahmed - 2019-02-03

    I search in edit_entry_handler.php

    but I couldn't find where I have to prevent users from showing the hidden input.
    and I logged in as a user and inspect the page and didn't find hidden input, I think it's working fine "what do you think?"

     

  • Campbell Morrison

    Campbell Morrison - 2019-02-04

    It depends on (a) how tech-savvy you think your users are and (b) the impact if they do manage to change the technician name.

    If you do want to put in a check then you should add the following code at line 435 of edit_entry_handler.php, ie at the beginning of the if (isset($id)) block:

      if (!$is_admin)
  {
    // Make sure the technician name hasn't been altered by the user
    $custom_fields['technician_name'] = db()->query1("SELECT technician_name FROM $tbl_entry WHERE id=? LIMIT 1", array($id));
  }
     

  • ahmed

    ahmed - 2019-02-04

    Do you mean like this?

    if (isset($id))
{
  if (!$is_admin)
  {
    // Make sure the technician name hasn't been altered by the user
    $custom_fields['technician_name'] = db()->query1("SELECT technician_name FROM $tbl_entry WHERE id=? LIMIT 1", array($id));
  }
  // Editing an existing booking: get the room_id from the database (you can't
  // get it from $rooms because they are the new rooms)
  $target_room = db()->query1("SELECT room_id FROM $tbl_entry WHERE id=? LIMIT 1", array($id));
  if ($target_room < 0)
  {
    // Ideally we should give more feedback to the user when this happens, or
    // even lock the entry once a user starts to edit it.
    $message = "Tried to edit an entry that no longer exists - probably because " .
               "somebody else has deleted it in the meantime.";
    trigger_error($message, E_USER_NOTICE);
    header("Location: $returl");
    exit;
  }
}
     

  • Campbell Morrison

    Campbell Morrison - 2019-02-04

    Yes

     
MongoDB Logo MongoDB