functions.inc.php:

- new function db_where_clause($condition, $struct) to create a WHERE clause.
  bool values are converted with db_get_boolean() based on $struct

model/DomainHandler.php - view():
- build WHERE clause with db_where_clause()
- new array $colformat for columns which need special handling in the field list
  (that's more readable than tons of elseif on the long term, and allows easier
  customization (hook/$CONF value?))



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1228 a1433add-5e2c-0410-b055-b7f2511e0802

functions.inc.php

@@ -1878,6 +1878,30 @@ function db_in_clause($field, $values) {
 	. "') ";
 }
 
+/**
+ * db_where_clause
+ * Action: builds and returns a WHERE clause for database queries. All given conditions will be AND'ed.
+ * Call: db_where_clause (array $conditions, array $struct)
+ * param array $conditios: array('field' => 'value', 'field2' => 'value2, ...)
+ * param array $struct - field structure, used for automatic bool conversion
+ */
+function db_where_clause($condition, $struct) {
+    if (!is_array($condition)) {
+        die('db_where_cond: parameter $cond is not an array!');
+    } elseif (count($condition) == 0) {
+        die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks 
+    } elseif(!is_array($struct)) {
+        die('db_where_cond: parameter $struct is not an array!');
+    }
+
+    foreach($condition as $field => $value) {
+        if (isset($struct[$field]) && $struct[$field]['type'] == 'bool') $value = db_get_boolean($value);
+        $parts[] = "$field='" . escape_string($value) . "'";
+    }
+    $query = " WHERE " . join(" AND ", $parts) . " ";
+	return $query;
+}
+
 //
 // table_by_key
 // Action: Return table name for given key

model/DomainHandler.php

@@ -248,27 +248,32 @@ class DomainHandler extends PFAHandler {
         $select_cols = array();
         $bool_fields = array();
 
+        $colformat = array(
+            # TODO: replace hardcoded %Y-%m-%d with a country-specific date format via *.lang?
+            'ts' => "DATE_FORMAT(###KEY###, '%Y-%m-%d') AS ###KEY###, ###KEY### AS _###KEY###",
+        );
+
         # get list of fields to display
         foreach($this->struct as $key=>$row) {
             if ( $row['display_in_list'] != 0 && $row['not_in_db'] == 0 ) {
-                if ($row['type'] == 'ts') {
-                    # TODO: replace hardcoded %Y-%m-%d with a country-specific date format via *.lang?
-                    $select_cols[] = "DATE_FORMAT($key, '%Y-%m-%d') AS $key, $key AS _$key"; # timestamps formatted as date, raw data in _fieldname
-                } elseif ($row['type'] == 'bool') {
-                    $bool_fields[] = $key; # remember boolean fields (will be converted to integer 0/1 later)  - TODO: do this in the sql query with CASE?
-                    $select_cols[] = $key;
+                if (isset($colformat[$row['type']])) {
+                    $select_cols[] = str_replace('###KEY###', $key, $colformat[$row['type']] );
                 } else {
                     $select_cols[] = $key;
                 }
+
+                if ($row['type'] == 'bool') {
+                    $bool_fields[] = $key; # remember boolean fields (will be converted to integer 0/1 later)  - TODO: do this in the sql query/$colformat with CASE?
+                }
             }
         }
 
         $cols = join(',', $select_cols);
         $table = table_by_key($this->db_table);
-        $id_field = $this->id_field;
-        $E_username = escape_string($this->username);
 
-        $result = db_query("SELECT $cols FROM $table WHERE $id_field='$E_username'");
+        $where = db_where_clause( array($this->id_field => $this->username), $this->struct);
+        $result = db_query("SELECT $cols FROM $table $where");
+
         if ($result['rows'] != 0) {
             $this->return = db_array($result['result']);
             foreach ($bool_fields as $field) {