Context Navigation

general_labels.php

Revision 704, 15.6 KB (checked in by brieb, 2 years ago)
Fixed several SQL injection vulnerabilities Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI Fixed severa path disclosure errors
Property svn:keywords set to `LastChangedBy LastChangedDate LastChangedRevision`

Line
1	<?php
2	/*
3	$Rev$ \| $LastChangedBy$
4	$LastChangedDate$
5	+-------------------------------------------------------------------------+
6	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
7	\| All rights reserved. \|
8	+-------------------------------------------------------------------------+
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions are \|
12	\| met: \|
13	\| \|
14	\| - Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| \|
17	\| - Redistributions in binary form must reproduce the above copyright \|
18	\| notice, this list of conditions and the following disclaimer in the \|
19	\| documentation and/or other materials provided with the distribution. \|
20	\| \|
21	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
22	\| be used to endorse or promote products derived from this software \|
23	\| without specific prior written permission. \|
24	\| \|
25	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
26	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
27	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
28	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
29	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
30	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
31	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
32	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
33	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
34	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
35	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
36	\| \|
37	+-------------------------------------------------------------------------+
38	*/
39
40	if(!class_exists("phpbmsReport"))
41	include("report_class.php");
42
43	/**
44	* Handles Label Printing
45	*/
46	class pdfLabels extends phpbmsReport{
47
48	/**
49	* $maintable
50	* @var string the SQL name of the main table to print.
51	*/
52	var $maintable = "";
53
54	/**
55	* $skipLabels
56	* @var int number of lables to skip before printing.
57	*/
58	var $skipLabels = 0;
59
60
61	/**
62	* function pdfLabels
63	*
64	* initialization function
65	*/
66	function pdfLabels($db, $reportUUID, $tabledefUUID){
67
68	parent::phpbmsReport($db, $reportUUID, $tabledefUUID);
69
70	$therecord = $this->getTableDefInfo();
71
72	$this->maintable = $therecord["maintable"];
73
74	$this->checkForDefaultSettings();
75
76	}//end function init
77
78
79	/**
80	* function checkForDefaultSettings
81	*
82	* Checks to make sure loaded report Settings exist and are correct
83	*/
84	function checkForDefaultSettings(){
85
86	if(!isset($this->settings["maxRows"]))
87	$this->settings["maxRows"] = 10;
88
89	if(!isset($this->settings["maxColumns"]))
90	$this->settings["maxColumns"] = 3;
91
92	if(!isset($this->settings["columnMargin"]))
93	$this->settings["columnMargin"] = 1/8;
94
95	if(!isset($this->settings["labelHeight"]))
96	$this->settings["labelHeight"] = 1;
97
98	if(!isset($this->settings["labelWidth"]))
99	$this->settings["labelWidth"] = 2 + (5/8);
100
101	if(!isset($this->settings["startTop"]))
102	$this->settings["startTop"] = 1/2;
103
104	if(!isset($this->settings["startLeft"]))
105	$this->settings["startLeft"] = 3/16;
106
107	if(!isset($this->settings["borderDebug"]))
108	$this->settings["borderDebug"] = 0;
109
110	if(!isset($this->settings["queryStatement"]))
111	$this->settings["queryStatement"] = 'SELECT "no data in first row" AS `rowText1`, "no data in second row" AS `rowText2` FROM `'.$this->maintable.'`';
112
113	if(!isset($this->settings["defaultSortOrder"]))
114	$this->settings["defaultSortOrder"] = '';
115
116	if(!isset($this->settings["fileName"]))
117	$this->settings["fileName"] = $this->maintable.'-labels.pdf';
118
119	if(!isset($this->settings["labelMarginTop"]))
120	$this->settings["labelMarginTop"] = 1/8;
121
122	if(!isset($this->settings["labelMarginLeft"]))
123	$this->settings["labelMarginLeft"] = 1/16;
124
125	if(!isset($this->settings["rowText1Font"]))
126	$this->settings["rowText1Font"] = "Arial,B,9";
127
128	}//end function checkForDefaultSettings
129
130
131	/**
132	* function siplaySkipLabels
133	*
134	* Displays dialog so that people can skip labels when printing
135	*/
136	function displaySkipLabels(){
137
138	global $phpbms;
139
140	$pageTitle = "Label Options";
141	$phpbms->showMenu = false;
142	$phpbms->cssIncludes[] = "pages/historyreports.css";
143	include("header.php");
144
145	?>
146	<form action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" name="print_form">
147	<div class="bodyline" id="reportOptions">
148
149	<h1 id="topTitle"><span>Label Options</span></h1>
150
151	<p>
152	<label for="skipLabels">skip first labels</label><br />
153	<input name="skipLabels" id="skipLabels" value="0" size="3" maxlength="3" />
154	</p>
155	<p align="right">
156	<input name="command" type="submit" class="Buttons" id="print" value="print" />
157	<input name="cancel" type="button" class="Buttons" id="cancel" value="cancel" onclick="window.close();" />
158	</p>
159
160	</div>
161	</form>
162	<?php
163
164	include("footer.php");
165
166	}//end function displaySkipLabels
167
168
169	/**
170	* function generate
171	*
172	* Generates the PDF report
173	*/
174	function generate(){
175
176	if($this->skipLabels >= $this->settings["maxRows"] * $this->settings["maxColumns"])
177	$this->skipLabels = 0;
178
179	if($this->settings["defaultSortOrder"] && !$this->sortOrder)
180	$this->sortOrder = $this->settings["defaultSortOrder"];
181
182	$querystatement = $this->assembleSQL($this->settings["queryStatement"]);
183
184	$queryresult = $this->db->query($querystatement);
185
186	if(!class_exists("phpbmsPDFReport"))
187	include("pdfreport_class.php");
188
189	$pdf = new phpbmsPDFReport($this->db, "P", "in");
190
191	$pdf->Open();
192	$pdf->SetMargins(0,0);
193
194	$pdf->AddPage();
195
196	$thex = $this->settings["startLeft"];
197	$they = $this->settings["startTop"];
198	$rowcount = 1;
199	$totalcount = 1;
200	$column = 1;
201	$textRows = 0;
202
203	/**
204	* skipping labels
205	*/
206	while($totalcount <= $this->skipLabels){
207
208	if($rowcount > $this->settings["maxRows"]){
209
210	$column++;
211	$they = $this->settings["startTop"];
212	$thex += $this->settings["labelWidth"] + $this->settings["columnMargin"];
213	$rowcount = 1;
214
215	}//endif
216
217	$they += $this->settings["labelHeight"];
218	$rowcount++;
219	$totalcount++;
220
221	}//endwhile
222
223	$thisCount = $this->db->numRows($queryresult);
224
225	while($therecord = $this->db->fetchArray($queryresult)){
226
227	//initialize amount of text rows
228	if(!$textRows){
229
230	$textRows = 0;
231
232	foreach($therecord as $key=>$value)
233	if(strpos($key, "rowText") === 0)
234	$textRows++;
235
236	}//endif
237
238	if($rowcount > $this->settings["maxRows"]){
239
240	$column++;
241	$they = $this->settings["startTop"];
242	$thex += $this->settings["labelWidth"] + $this->settings["columnMargin"];
243	$rowcount = 1;
244
245	}//endif
246
247	if($column > $this->settings["maxColumns"]){
248
249	$pdf->AddPage();
250	$thex = $this->settings["startLeft"];
251	$they = $this->settings["startTop"];
252	$rowcount = 1;
253	$column = 1;
254
255	}//endif
256
257	$pdf = $this->printLabel($pdf, $therecord, $thex, $they, $textRows);
258
259	$they += $this->settings["labelHeight"];
260	$rowcount++;
261
262
263	}//endwhile $therecord
264
265	$this->reportOutput = $pdf;
266
267	}//end function generate
268
269
270	/**
271	* function printLabel
272	*
273	* generates the contents on an individual label, and adds them to the PDF
274	*
275	* @param object $pdf the PDF object
276	* @param array $therecord the data record
277	* @param int $thex x corrdinate of current PDF
278	* @param int $they y coordinate of current PDF
279	* @param int $textRows number of text rows that will be printed
280	*
281	* @return object returns the modified PDF object
282	*/
283	function printLabel($pdf, $therecord, $thex, $they, $textRows){
284
285	$pdf->SetXY($thex + $this->settings["labelMarginLeft"], $they + $this->settings["labelMarginTop"]);
286
287
288	$textHeight = 0.135;
289
290	for($i=1; $i<= $textRows; $i++){
291
292	if(isset($this->settings["rowText".$i."Font"]))
293	$pdf = $this->setFont($pdf, $this->settings["rowText".$i."Font"]);
294
295	if(isset($this->settings["rowText".$i."Height"]))
296	$textHeight = $this->settings["rowText".$i."Height"];
297
298	if($therecord["rowText".$i])
299	$pdf->Cell($this->settings["labelWidth"] - $this->settings["labelMarginLeft"], $textHeight, $therecord["rowText".$i], $this->settings["borderDebug"], 2, "L");
300
301	//$pdf->SetX($thex + $this->settings["labelMarginLeft"]);
302
303	}//endfor
304
305	return $pdf;
306
307	}//end function printLabel
308
309
310	/**
311	* function setFont
312	*
313	* Sets the current PDF font stle based on the passed setting
314	*
315	* @param object $pdf PDF object
316	* @param string $setting comma separated list of FPDF font paramaters
317	*
318	* @return object PDF object with font set appropriately
319	*/
320	function setFont($pdf, $setting){
321
322	$settings = explode(",", $setting);
323
324	if(!isset($settings[1]))
325	$settings[1] = "";
326
327	if(!isset($settings[2]))
328	$settings[2] ="";
329
330	$pdf->SetFont($settings[0], $settings[1], $settings[2]);
331
332	return $pdf;
333
334	}//end function setfont
335
336
337	/**
338	* function output
339	*
340	* sends the generated PDF through the browser
341	*/
342	function output(){
343
344	$filename = cleanFilename($this->settings["fileName"]);
345	$this->reportOutput->Output($filename, "D");
346
347	}//end function output
348
349
350	/**
351	* function addingRecordDefaultSettings
352	*
353	* Creates an array of settings associative arrays for use by the system when
354	* a new report record is added that references the file containing this class
355	*
356	* @retrun array of settings. Each setting should itself be
357	* an associative array containing the following
358	* name: name of the setting
359	* defaultvalue: default value for setting
360	* type: (string, int, real, bool) type for value of setting
361	* required: (0,1) whether the setting is required or not
362	* description: brief description for what this setting is used for.
363	*/
364	function addingRecordDefaultSettings(){
365
366	$settings[] = array(
367	"name"=>"maxRows",
368	"defaultValue"=>10,
369	"type"=>"int",
370	"required"=>1,
371	"description"=>"Number of label rows per page"
372	);
373
374	$settings[] = array(
375	"name"=>"maxColumns",
376	"defaultValue"=>3,
377	"type"=>"int",
378	"required"=>1,
379	"description"=>"Number of label columns per page"
380	);
381
382	$settings[] = array(
383	"name"=>"startTop",
384	"defaultValue"=>1/2,
385	"type"=>"real",
386	"required"=>1,
387	"description"=>"Top Margin of page"
388	);
389
390	$settings[] = array(
391	"name"=>"startLeft",
392	"defaultValue"=>3/16,
393	"type"=>"real",
394	"required"=>1,
395	"description"=>"Left Margin of page"
396	);
397
398	$settings[] = array(
399	"name"=>"columnMargin",
400	"defaultValue"=>1/8,
401	"type"=>"real",
402	"required"=>1,
403	"description"=>"Distance between columns"
404	);
405
406	$settings[] = array(
407	"name"=>"labelHeight",
408	"defaultValue"=>1,
409	"type"=>"real",
410	"required"=>1,
411	"description"=>"Height of a single label"
412	);
413
414	$settings[] = array(
415	"name"=>"labelHeight",
416	"defaultValue"=>2 + 5/8,
417	"type"=>"real",
418	"required"=>1,
419	"description"=>"Width of a single label"
420	);
421
422	$settings[] = array(
423	"name"=>"labelMarginLeft",
424	"defaultValue"=>1/16,
425	"type"=>"real",
426	"required"=>1,
427	"description"=>"Distance from left between the start of an individual to the text being put on it"
428	);
429
430	$settings[] = array(
431	"name"=>"labelMarginTop",
432	"defaultValue"=>1/8,
433	"type"=>"real",
434	"required"=>1,
435	"description"=>"Distance from top between start of an individual to the text being put on it"
436	);
437
438	$settings[] = array(
439	"name"=>"queryStatement",
440	"defaultValue"=>'SELECT "no data in first row" AS `rowText1`, "no data in second row" AS `rowText2` FROM `'.$this->maintable.'`',
441	"type"=>"text",
442	"required"=>1,
443	"description"=>"SQL SELECT and FROM clauses defining the data to be retrieved. Each line printed should be selected as a column in the format `rowText(X)`, where (X) is the line number it will be printed on"
444	);
445
446	$settings[] = array(
447	"name"=>"rowText1Font",
448	"defaultValue"=>"Arial,B,9",
449	"type"=>"string",
450	"required"=>0,
451	"description"=>"Comma separated list of FPDF font parameters defining font settings for the label text. You can change the font on subsequent lines by adding an additional setting rowText(x)Font where (x) is the line number the font change occurs."
452	);
453
454	return $settings;
455
456	}//endfunction addingRecordDefaultSettings
457
458	}//end class pdfLabels
459
460
461	/**
462	* PROCESSING
463	* =============================================================================
464	*/
465	if(!isset($noOutput)){
466
467	//IE needs caching to be set to private in order to display PDFS
468	session_cache_limiter('private');
469
470	//set encoding to latin1 (fpdf doesnt like utf8)
471	$sqlEncoding = "latin1";
472	require_once("../include/session.php");
473
474	checkForReportArguments();
475
476	$report = new pdfLabels($db, $_GET["rid"], $_GET["tid"]);
477
478	if(!isset($_POST["skipLabels"]))
479	$report->displaySkipLabels();
480	else{
481
482	$report->skipLabels = (int) $_POST["skipLabels"];
483
484	$report->setupFromPrintScreen();
485	$report->generate();
486	$report->output();
487
488	}//endif
489
490
491	}//end if
492
493	/**
494	* When adding a new report record, the add/edit needs to know what the class
495	* name is so that it can instantiate it, and grab it's default settings.
496	*/
497	if(isset($addingReportRecord))
498	$reportClass ="pdfLabels";
499
500	?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/report/general_labels.php

Download in other formats: