Context Navigation

report_class.php

Revision 727, 9.9 KB (checked in by brieb, 2 years ago)
Added more rights look ups to certain pages Fixed several path disclosure errors

Line
1	<?php
2	/*
3	$Rev: 290 $ \| $LastChangedBy: brieb $
4	$LastChangedDate: 2007-08-27 18:15:00 -0600 (Mon, 27 Aug 2007) $
5	+-------------------------------------------------------------------------+
6	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
7	\| All rights reserved. \|
8	+-------------------------------------------------------------------------+
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions are \|
12	\| met: \|
13	\| \|
14	\| - Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| \|
17	\| - Redistributions in binary form must reproduce the above copyright \|
18	\| notice, this list of conditions and the following disclaimer in the \|
19	\| documentation and/or other materials provided with the distribution. \|
20	\| \|
21	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
22	\| be used to endorse or promote products derived from this software \|
23	\| without specific prior written permission. \|
24	\| \|
25	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
26	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
27	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
28	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
29	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
30	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
31	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
32	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
33	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
34	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
35	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
36	\| \|
37	+-------------------------------------------------------------------------+
38	*/
39
40	/**
41	* Basic reporting class
42	*
43	* The phpbmsReport class handles basic processing of reports and report type
44	* functions. It is designed to be extended by a specifc report. It provides
45	* functions for retrieving the where clause, sort order and group by fields
46	* as well as retrieving report settings
47	* @author Brian Rieb <brieb@kreotek.com>
48	*/
49	class phpbmsReport{
50
51	/**
52	* $db
53	* @var object the database object
54	*/
55	var $db;
56
57	/**
58	* $whereClasue
59	* @var string whereclause used to filter results
60	*/
61	var $whereClause = "";
62
63	/**
64	* $sortOrder
65	* @var string sortorder for results
66	*/
67	var $sortOrder = "";
68
69	/**
70	* $groupBy
71	* @var string sort order for result SQL
72	*/
73	var $groupBy = "";
74
75	/**
76	* $reportOutput
77	* @var string output generated by report
78	*/
79	var $reportOutput = "";
80
81	/**
82	* $settings
83	* @var array array of report settings
84	*/
85	var $settings = array();
86
87	/**
88	* $reportUUID;
89	* @var string UUID of report record
90	*/
91	var $reportUUID = "";
92
93	/**
94	* $tabledefUUID
95	* @var string UUID of table definition that initiated report
96	*/
97	var $tabledefUUID = "";
98
99
100	/**
101	* function phpbmsReport
102	*
103	* Initialization Function
104	*
105	* @param object $db database object
106	* @param string $reportUUID UUID of report record
107	* @param string $tabledefUUID UUID of table definition that initiated report
108	*/
109	function phpBMSReport($db, $reportUUID, $tabledefUUID){
110
111	$this->db = $db;
112
113	$this->reportUUID = mysql_real_escape_string($reportUUID);
114
115	$this->tabledefUUID = mysql_real_escape_string($tabledefUUID);
116
117	$this->checkRights();
118
119	$this->retrieveReportSettings();
120
121	}//end function init
122
123
124	/**
125	* function checkRight
126	*
127	* Checks report record and current user to make sure they have rights to run this report
128	*/
129	function checkRights(){
130
131	$querystatement = "
132	SELECT
133	`roleid`
134	FROM
135	`reports`
136	WHERE
137	`uuid` = '".$this->reportUUID."'
138	";
139
140	$queryresult = $this->db->query($querystatement);
141
142	if($this->db->numRows($queryresult)){
143
144	$therecord = $this->db->fetchArray($queryresult);
145
146	if(!hasRights($therecord["roleid"]))
147	goURL(APP_PATH."noaccess.php");
148
149	} else
150	$error = new appError(500, "Bad report uuid");
151
152	}//end function checkRights
153
154	/**
155	* function retrieveReportSettings()
156	*
157	* Retrieves settings for specific report from database and stores them in
158	* settings array.
159	*/
160	function retrieveReportSettings(){
161
162	$querystatement = "
163	SELECT
164	`name`,
165	`value`,
166	`type`
167	FROM
168	reportsettings
169	WHERE
170	reportuuid = '".$this->reportUUID."'";
171
172	$queryresult = $this->db->query($querystatement);
173
174	while($therecord = $this->db->fetchArray($queryresult)){
175
176	switch($therecord["type"]){
177
178	case "int":
179	$therecord["value"] = (int) $therecord["value"];
180	break;
181
182	case "bool":
183	$therecord["value"] = (bool) $therecord["value"];
184	break;
185
186	case "real":
187	$therecord["value"] = (real) $therecord["value"];
188	break;
189
190	}//endswitch
191
192	$this->settings[$therecord["name"]] = $therecord["value"];
193
194	}//endwhile
195
196	}//end function retrieveReportSettings
197
198	/**
199	* function setupFromPrintScreen
200	*
201	* Retrieves session information pertaining to printing as set by the print
202	* screen.
203	*/
204	function setupFromPrintScreen(){
205
206	if(isset($_SESSION["printing"]["sortorder"]))
207	$this->sortOrder = $_SESSION["printing"]["sortorder"];
208
209	if(isset($_SESSION["printing"]["whereclause"])){
210
211	if(strpos($_SESSION["printing"]["whereclause"],"WHERE") === 0)
212	$this->whereClause = substr($this->whereClause, 5);
213
214	$this->whereClause = $_SESSION["printing"]["whereclause"];
215
216	}//endif
217
218	//backwards compatibility
219	if(strpos($this->whereClause, "where ") === 0)
220	$this->whereClause = substr($this->whereClause, 6);
221
222	}//end function setupFromPrintScreen
223
224	/**
225	* function getTableDefInfo
226	*
227	* Retrieves pertinent table definition information
228	* @return array table definition record information
229	*/
230	function getTableDefInfo(){
231
232	$querystatement = "
233	SELECT
234	*
235	FROM
236	tabledefs
237	WHERE
238	uuid = '".$this->tabledefUUID."'";
239
240	$queryresult = $this->db->query($querystatement);
241
242	return $this->db->fetchArray($queryresult);
243
244	}//end function getTableDefInfo
245
246	/**
247	* function assembleSQL
248	*
249	* assembles record query
250	*
251	* @param string $querystatement SELECT and FROM clauses of SQL statement
252	*
253	* @return string Retruns full SQL statement
254	*/
255	function assembleSQL($querystatement){
256
257	if($this->whereClause)
258	$querystatement .= "
259	WHERE
260	".$this->whereClause;
261
262	if($this->groupBy)
263	$querystatement .= "
264	GROUP BY
265	".$this->groupBy;
266
267	if($this->sortOrder)
268	$querystatement .= "
269	ORDER BY
270	".$this->sortOrder;
271	return $querystatement;
272
273	}//end function assembleSQL
274
275
276	/**
277	* function showNoRecords
278	*
279	* Outputs simple no records error
280	*/
281	function showNoRecords(){
282
283	?>
284	<h1 id="noRecord">No Records</h1>
285	<p>No valid records for this report.</p>
286	<?php
287
288	}//end function showNoRecords
289
290
291	/**
292	* function addingRecordDefaultSettings
293	*
294	* Creates an array of settings associative arrays for use by the system when
295	* a new report record is added that references the file containing this class
296	*
297	* @retrun array of settings. Each setting should itself be
298	* an associative array containing the following
299	* name: name of the setting
300	* defaultvalue: default value for setting
301	* type: (string, text, int, real, bool) type for value of setting
302	* required: (0,1) whether the setting is required or not
303	* description: brief description for what this setting is used for.
304	*/
305	function addingRecordDefaultSettings(){
306
307	$settings[] = array(
308	"name"=>"reportTitle",
309	"defaultValue"=>"Report",
310	"type"=>"string",
311	"required"=>0,
312	"description"=>"Report Title"
313	);
314
315	return $settings;
316
317	}//endfunction addingRecordDefaultSettings
318
319	}//end class
320
321	/**
322	* function checkForReportArguments
323	*
324	* used before class instatiation to make sure POST arguments are set correctly
325	*/
326	function checkForReportArguments(){
327
328	if(!isset($_GET["tid"]))
329	$error = new appError(200,"URL variable missing: tid");
330
331	if(!isset($_GET["rid"]))
332	$error = new appError(200,"URL variable missing: rid");
333
334	}//end function checkForReportArguments
335	?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/report/report_class.php

Download in other formats: