Changeset 485 for trunk/phpbms/include
- Timestamp:
- 04/07/09 11:44:18 (3 years ago)
- Location:
- trunk/phpbms/include
- Files:
-
- 8 modified
-
common_functions.php (modified) (24 diffs)
-
db.php (modified) (15 diffs)
-
fields.php (modified) (1 diff)
-
imports.php (modified) (16 diffs)
-
jstransport.php (modified) (4 diffs)
-
login_include.php (modified) (1 diff)
-
session.php (modified) (9 diffs)
-
tables.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpbms/include/common_functions.php
r427 r485 40 40 // it should be instanced in session.php 41 41 class phpbms{ 42 42 43 43 var $db; 44 44 var $modules = array();//array of installed modules … … 48 48 var $bottomJS = array(); 49 49 var $onload = array(); 50 50 51 51 var $showFooter = true; 52 52 var $showMenu = true; 53 53 54 54 function phpbms($db){ 55 55 $this->db = $db; 56 56 57 57 $this->modules = $this->getModules(); 58 58 } … … 65 65 } 66 66 } 67 67 68 68 function showJsIncludes(){ 69 69 foreach($this->jsIncludes as $theinclude){ … … 84 84 }//end method 85 85 86 86 87 87 function getModules(){ 88 88 $modules = array(); 89 89 90 90 $querystatement = "SELECT * FROM `modules`"; 91 91 $queryresult = $this->db->query($querystatement); 92 92 while($therecord = $this->db->fetchArray($queryresult)) 93 93 $modules[$therecord["name"]] = $therecord; 94 94 95 95 return $modules; 96 96 } 97 97 98 98 99 99 function displayRights($roleid,$rolename = NULL){ 100 100 switch($roleid){ 101 101 102 102 case 0: 103 103 echo "EVERYONE"; 104 104 break; 105 105 106 106 case -100: 107 107 echo "Administrators"; 108 108 break; 109 109 110 110 default: 111 111 if(!$rolename){ 112 112 $querystatement = "SELECT name FROM roles WHERE id=".((int) $roleid); 113 113 $queryresult = $this->db->query($querystatement); 114 114 115 115 $therecord = $this->db->fetchArray($queryresult); 116 116 $rolename = $therecord["name"]; 117 117 }//end if 118 118 119 119 echo $rolename; 120 120 }//end case … … 123 123 124 124 function showTabs($tabgroup,$currenttabid,$recordid=0){ 125 125 126 126 $querystatement="SELECT id,name,location,enableonnew,notificationsql,tooltip,roleid FROM tabs WHERE tabgroup=\"".$tabgroup."\" ORDER BY displayorder"; 127 127 $queryresult=$this->db->query($querystatement); 128 129 ?><ul class="tabs"><?php 128 129 ?><ul class="tabs"><?php 130 130 while($therecord=$this->db->fetchArray($queryresult)){ 131 131 132 132 if(hasRights($therecord["roleid"])){ 133 133 134 134 ?><li <?php if($therecord["id"]==$currenttabid) echo "class=\"tabsSel\"" ?>><?php 135 135 if($therecord["id"]==$currenttabid || ($recordid==0 && $therecord["enableonnew"]==0)){ … … 143 143 $therecord["notificationsql"]=str_replace("{{id}}",((int) $recordid),$therecord["notificationsql"]); 144 144 $notificationresult=$this->db->query($therecord["notificationsql"]); 145 145 146 146 if($this->db->numRows($notificationresult)!=0){ 147 147 $notificationrecord=$this->db->fetchArray($notificationresult); … … 153 153 } 154 154 } 155 155 156 156 echo $opener.$therecord["name"].$closer; 157 158 ?></li><?php 157 158 ?></li><?php 159 159 }//endif hasRights 160 }//end whilt 160 }//end whilt 161 161 ?> 162 162 </ul><?php … … 165 165 166 166 function getUserName($id=0){ 167 167 168 168 $querystatement="select concat(firstname,\" \",lastname) as name from users where id=".((int) $id); 169 169 $queryresult = $this->db->query($querystatement); 170 170 171 171 $tempinfo = $this->db->fetchArray($queryresult); 172 172 return trim($tempinfo["name"]); 173 173 174 174 }// end method 175 175 … … 222 222 if(count($temparray)==3) 223 223 $thedate=mktime(0,0,0,(int) $temparray[1],(int) $temparray[2],(int) $temparray[0]); 224 else 224 else 225 225 return false; 226 226 break; … … 231 231 if(count($temparray)==4) 232 232 $thedate=mktime(0,0,0,(int) $temparray[1],(int) $temparray[2],(int) $temparray[3]); 233 else 233 else 234 234 return false; 235 235 break; 236 236 237 237 case "English, UK": 238 238 $datestring="/".ereg_replace(",.","/",$datestring); … … 240 240 if(count($temparray)==4) 241 241 $thedate=mktime(0,0,0,(int) $temparray[2],(int) $temparray[1],(int) $temparray[3]); 242 else 242 else 243 243 return false; 244 244 break; 245 245 246 246 case "Dutch, NL": 247 247 $datestring="-".ereg_replace(",.","-",$datestring); … … 249 249 if(count($temparray)==4) 250 250 $thedate=mktime(0,0,0,(int) $temparray[2],(int) $temparray[1],(int) $temparray[3]); 251 else 251 else 252 252 return false; 253 253 break; … … 302 302 $datestring=strftime("%Y-%m-%d",$thedate); 303 303 break; 304 304 305 305 case "English, US": 306 306 $datestring=strftime("%m/%d/%Y",$thedate); 307 307 break; 308 308 309 309 case "English, UK": 310 310 $datestring=strftime("%d/%m/%Y",$thedate); … … 349 349 if($format=="24 Hour") 350 350 $timestring=$sqltime; 351 else 351 else 352 352 $timestring=timeToString(stringToTime($sqltime,"24 Hour"),$format); 353 353 return $timestring; … … 362 362 if(count($tempdatearray)>1 && count($temptimearray)>1) 363 363 $thedatetime=mktime((int) $temptimearray[0],(int) $temptimearray[1],(int) $temptimearray[2],(int) $tempdatearray[1],(int) $tempdatearray[2],(int) $tempdatearray[0]); 364 } 364 } 365 365 return $thedatetime; 366 366 } … … 371 371 if($sqldatetime!=""){ 372 372 $datetimearray=explode(" ",$sqldatetime); 373 373 374 374 $datestring=trim($datetimearray[0]); 375 375 if($dateformat=="SQL") 376 376 $datestring=$datestring; 377 else 377 else 378 378 $datestring=dateToString(stringToDate($datestring,"SQL"),$dateformat); 379 379 if(isset($datetimearray[1])){ … … 381 381 if($timeformat=="24 Hour") 382 382 $timestring=$timestring; 383 else 383 else 384 384 $timestring=timeToString(stringToTime($timestring,"24 Hour"),$timeformat); 385 385 } … … 400 400 settype($datetime, 'string'); 401 401 eregi('(....)(..)(..)(..)(..)(..)',$datetime,$matches); 402 array_shift ($matches); 402 array_shift ($matches); 403 403 foreach (array('year','month','day','hour','minute','second') as $var) { 404 404 $$var = (int) array_shift($matches); 405 405 } 406 407 406 407 408 408 $thedatetime=mktime($hour,$minute,$second,$month,$day,$year); 409 409 410 410 return trim(dateToString($thedatetime,$dateformat)." ".timeToString($thedatetime,$timeformat)); 411 411 } … … 448 448 $number=str_replace(DECIMAL_SYMBOL,".",$number); 449 449 $number=((real) $number); 450 450 451 451 return $number; 452 452 } 453 453 454 454 // Phone/Email functions 455 //===================================================================== 456 function validateEmail($value){ 457 458 $thereturn = false; 459 $atPos = strpos($value, "@"); 460 461 //@ symobol must be after first char 462 if($atPos > 0){ 463 464 $dotPos = strpos($value, ".", $atPos); 465 $length = strlen($value); 466 467 //the dot must be at least 2 chars away from at 468 //it also must not be the last char in the string 469 if( ($dotPos > ($atPos + 1)) && ($length > ($dotPos + 1)) ) 470 $thereturn = true; 471 472 }//end if 473 474 return $thereturn; 475 476 }//end function --validateEmail-- 477 478 479 function validatePhone($number){ 480 481 //need to decide on the phone reg ex based upon settings information 482 switch(PHONE_FORMAT){ 483 484 case "US - Loose": 485 $phoneRegEx = "/^(?:[\+]?(?:[\d]{1,3})?(?:\s*[\(\.-]?(\d{3})[\)\.-])?\s*(\d{3})[\.-](\d{4}))(?:(?:[ ]+(?:[xX]|(?:[eE][xX][tT][\.]?)))[ ]?[\d]{1,5})?$/"; 486 break; 487 488 case "US - Strict": 489 $phoneRegEx = "/^[2-9]\d{2}-\d{3}-\d{4}$/"; 490 break; 491 492 case "UK - Loose": 493 $phoneRegEx = "/^((\(?0\d{4}\)?\s?\d{3}\s?\d{3})|(\(?0\d{3}\)?\s?\d{3}\s?\d{4})|(\(?0\d{2}\)?\s?\d{4}\s?\d{4}))(\s?\#(\d{4}|\d{3}))?$/"; 494 break; 495 496 case "International": 497 $phoneRegEx = "/^(\(?\+?[0-9]*\)?)?[0-9_\- \(\)]*$/"; 498 break; 499 case "No Verification": 500 $phoneRegEx = "/.*/"; 501 break; 502 }//end switch 503 504 return preg_match($phoneRegEx,$number); 505 506 }//end function --validatePhone-- 455 507 456 508 //============================================================================ … … 496 548 497 549 //This function prepares an array for SQL manipulation. 498 550 499 551 if(get_magic_quotes_runtime() || get_magic_quotes_gpc()){ 500 501 foreach ($thearray as $key=>$value) 552 553 foreach ($thearray as $key=>$value) 502 554 if(is_array($value)) 503 555 $thearray[$key]= addSlashesToArray($value); 504 556 else 505 557 $thearray[$key] = mysql_real_escape_string(stripslashes($value)); 506 507 } else 558 559 } else 508 560 foreach ($thearray as $key=>$value) 509 561 if(is_array($value)) 510 $thearray[$key]= addSlashesToArray($value); 562 $thearray[$key]= addSlashesToArray($value); 511 563 else 512 564 $thearray[$key] = mysql_real_escape_string($value); 513 565 514 566 return $thearray; 515 567 516 568 }//end function 517 569 … … 522 574 if(!isset($sqlEncoding)) 523 575 $sqlEncoding = ""; 524 576 525 577 switch ($sqlEncoding){ 526 578 527 579 case "latin1": 528 580 $encoding = "ISO-8859-15"; 529 581 break; 530 582 531 583 case "utf8": 532 584 default: 533 585 $encoding = "UTF-8"; 534 586 break; 535 587 536 588 }//endswitch 537 589 538 590 return htmlspecialchars($string, ENT_COMPAT, $encoding); 539 591 … … 605 657 $value=$value; 606 658 break; 607 608 659 660 609 661 case "bbcode": 610 662 $value=htmlQuotes($value); 611 663 612 664 // This list needs to be expanded 613 665 $bbcodelist["[b]"] = "<strong>"; … … 615 667 $bbcodelist["[br]"] = "<br />"; 616 668 $bbcodelist["[space]"] = " "; 617 669 618 670 foreach($bbcodelist as $bbcode => $translation) 619 671 $value = str_replace($bbcode, $translation, $value); 620 621 break; 622 672 673 break; 674 623 675 default: 624 676 $value=htmlQuotes($value); … … 639 691 640 692 function nl_langinfo($constant){ 641 642 return $constant; 643 693 694 return $constant; 695 644 696 }//end function 645 697 646 698 function nl_setup(){ 647 699 648 700 $date = mktime(0,0,0,10,7,2007); 649 701 650 702 for($i = 1; $i<=7; $i++){ 651 703 652 704 define("ABDAY_".$i, date("D", $date)); 653 705 define("DAY_".$i, date("l"), $date); 654 706 655 707 $date = strtotime("tomorrow", $date); 656 708 }//end for 657 658 709 710 659 711 for($i = 1; $i<=12; $i++){ 660 712 661 713 $date = mktime(0, 0, 0, $i, 1, 2007); 662 714 663 715 define("ABMON_".$i, date("M", $date)); 664 716 define("MON_".$i, date("F"), $date); 665 717 666 718 }//end for 667 719 668 720 }//end function 669 721 670 722 nl_setup(); 671 723 672 724 }//end if 673 725 ?> -
trunk/phpbms/include/db.php
r427 r485 1 <?php 1 <?php 2 2 /* 3 3 $Rev: 249 $ | $LastChangedBy: brieb $ … … 41 41 //we may want to do more than connect via mysql; 42 42 var $type="mysql"; 43 43 44 44 // mysql vars; 45 45 var $db_link; … … 49 49 var $dbpass; 50 50 var $pconnect=true; 51 51 52 52 var $showError=false; 53 53 var $logError=true; 54 54 var $stopOnError=true; 55 55 var $errorFormat="xhtml"; 56 56 57 57 var $error = NULL; 58 58 59 59 function db($connect = true, $hostname = NULL, $schema = NULL, $user = NULL, $pass = NULL, $pconnect = NULL, $type = "mysql"){ 60 60 61 61 if($type!="mysql") 62 62 $this->type=$type; … … 69 69 if($hostname!=NULL) 70 70 $this->hostname = $hostname; 71 71 72 72 if(defined("MYSQL_DATABASE")) 73 73 $this->schema = MYSQL_DATABASE; 74 74 if($schema!=NULL) 75 75 $this->schema = $schema; 76 76 77 77 if(defined("MYSQL_USER")) 78 78 $this->dbuser = MYSQL_USER; 79 79 if($schema!=NULL) 80 80 $this->dbuser = $user; 81 81 82 82 if(defined("MYSQL_USERPASS")) 83 83 $this->dbpass = MYSQL_USERPASS; 84 84 if($schema!=NULL) 85 85 $this->dbpass = $pass; 86 86 87 87 if(defined("MYSQL_PCONNECT")) 88 88 $this->pconnect = MYSQL_PCONNECT; 89 89 if($pconnect!=NULL) 90 90 $this->pconnect = $pconnect; 91 break; 91 break; 92 92 } 93 93 94 94 if($connect){ 95 95 if($this->connect()){ … … 97 97 return $this->db_link; 98 98 else 99 return false; 99 return false; 100 100 } else 101 101 return false; … … 106 106 function connect(){ 107 107 // This functions connects to the database. It uses pconnect if the variable is set; 108 108 109 109 if($this->pconnect) 110 110 $this->db_link = @ mysql_pconnect($this->hostname,$this->dbuser,$this->dbpass); 111 111 else 112 112 $this->db_link = @ mysql_connect($this->hostname,$this->dbuser,$this->dbpass); 113 113 114 if(!$this->db_link){ 115 114 116 $error = new appError(-400,"Could not connect to database server.\n\n".$this->getError(),"",$this->showError,$this->stopOnError,false,$this->errorFormat); 115 117 return false; 116 } else 118 119 } else 117 120 return $this->db_link; 118 } 119 120 121 122 }//end function connect 123 124 121 125 function selectSchema($schema=NULL){ 122 126 if($schema!=NULL) 123 127 $this->schema=$schema; 124 128 125 129 if(! @ mysql_select_db($this->schema,$this->db_link)){ 126 $error = new appError(-410,"Could not open schema ".$this->schema,"",$this->showError,$this->stopOnError,false,$this->errorFormat); 130 $error = new appError(-410,"Could not open schema ".$this->schema,"",$this->showError,$this->stopOnError,false,$this->errorFormat); 127 131 return false; 128 132 } else 129 return true; 133 return true; 130 134 } 131 135 … … 134 138 switch($this->type){ 135 139 case "mysql": 136 if(!isset($this->db_link)) 137 if(!$this->d ataB()) die($this->error);140 if(!isset($this->db_link)) 141 if(!$this->db()) die($this->error); 138 142 $queryresult = @ mysql_query($sqlstatement,$this->db_link); 139 143 if(!$queryresult){ … … 141 145 $error = new appError(-420,$this->getError($this->db_link)."\n\nStatement: ".$sqlstatement,"",$this->showError,$this->stopOnError,$this->logError,$this->errorFormat); 142 146 return false; 143 } 144 break; 145 }//end case 146 147 } 148 break; 149 }//end case 150 147 151 $this->error=NULL; 148 152 return $queryresult; … … 153 157 154 158 switch($this->type){ 155 case "mysql": 159 case "mysql": 156 160 @ mysql_query("SET NAMES ".$encoding, $this->db_link); 157 161 break; 158 162 159 163 }//endswitch 160 164 … … 163 167 164 168 function getError($link = NULL){ 165 166 switch($this->type){ 167 case "mysql": 168 $thereturn = mysql_error($link); 169 170 switch($this->type){ 171 case "mysql": 172 if($link) 173 $thereturn = @ mysql_error($link); 174 else 175 $thereturn = @ mysql_error(); 169 176 break; 170 177 }//end switch --type-- 171 172 return $thereturn; 173 178 179 return $thereturn; 180 174 181 }//end method --getError-- 175 182 176 183 177 184 function numRows($queryresult){ … … 200 207 }//end function 201 208 202 209 203 210 function startTransaction(){ 204 205 switch($this->type){ 206 211 212 switch($this->type){ 213 207 214 case "mysql": 208 215 $this->query("START TRANSACTION;"); 209 216 break; 210 217 211 218 }//end switch 212 219 213 220 }//end method --startTransaction-- 214 215 221 222 216 223 function commitTransaction(){ 217 218 switch($this->type){ 219 224 225 switch($this->type){ 226 220 227 case "mysql": 221 228 $this->query("COMMIT;"); 222 229 break; 223 230 224 231 }//end switch 225 232 226 233 }//end method --startTransaction-- 227 228 234 235 229 236 function rollbackTransaction(){ 230 231 switch($this->type){ 232 237 238 switch($this->type){ 239 233 240 case "mysql": 234 241 $this->query("ROLLBACK;"); 235 242 break; 236 243 237 244 }//end switch 238 245 239 246 }//end method --startTransaction-- 240 247 241 248 242 249 function seek($queryresult,$rownum){ … … 278 285 return $thereturn; 279 286 }//end function 280 281 287 288 282 289 function tableInfo($tablename){ 283 290 //this function returns a multi-dimensional array describing the fields in a given table … … 291 298 $thereturn[$name]["type"] = @ mysql_field_type($queryresult,$offset); 292 299 $thereturn[$name]["length"] = mysql_field_len($queryresult,$offset); 293 $thereturn[$name]["flags"] = mysql_field_flags($queryresult,$offset); 300 $thereturn[$name]["flags"] = mysql_field_flags($queryresult,$offset); 294 301 } 295 302 } … … 305 312 case "mysql": 306 313 $thereturn = @ mysql_insert_id($this->db_link); 307 break; 314 break; 308 315 } 309 316 310 317 return $thereturn; 311 318 } 312 319 313 320 function affectedRows(){ 314 321 $thereturn = false; … … 316 323 case "mysql": 317 324 $thereturn = @ mysql_affected_rows($this->db_link); 318 break; 325 break; 319 326 } 320 327 321 328 return $thereturn; 322 329 } 323 330 324 331 }//end db class 325 332 ?> -
trunk/phpbms/include/fields.php
r447 r485 451 451 ?><option value="0" <?php 452 452 if ($this->value==0 || $this->value==""){ 453 echo " selected=\"selected\" " ?>><none></option><?php453 echo " selected=\"selected\" "; 454 454 }//end if --value-- 455 ?>><none></option><?php 455 456 }//end if --hasblank-- 456 457 -
trunk/phpbms/include/imports.php
r433 r485 1 1 <?php 2 2 class phpbmsImport{ 3 3 4 4 var $table; 5 5 var $error = ""; … … 10 10 var $data; 11 11 var $revertID = 0; 12 12 13 13 // Do not manually override 14 14 var $transactionRecords = array(); 15 15 var $tempFileID = 0; 16 16 var $pageType = "main"; 17 17 18 18 function phpbmsImport($table, $importType = "csv"){ 19 19 20 20 $this->table = $table; 21 21 $this->importType = $importType; … … 25 25 break; 26 26 }//end switch 27 27 28 28 $this->table->db->logError = true; 29 29 //So, that, when there is a db error, it will go all the way through and not just stop 30 30 $this->table->db->stopOnError = false; 31 //Won't display db errors, just log them. 31 //Won't display db errors, just log them. 32 32 $this->table->db->showError = false; 33 33 if(isset($_POST["pageType"])) 34 34 $this->pageType = $_POST["pageType"]; 35 35 36 36 if(isset($_POST["tempFileID"])) 37 37 $this->tempFileID = ((int)$_POST["tempFileID"]); 38 38 39 39 }//end method --imports-- 40 40 41 41 function _parseFromData($data){ 42 42 43 43 switch($this->importType){ 44 44 45 45 case "csv": 46 46 47 47 if(is_readable($data)){ 48 48 $contents = $this->_getFile($data); 49 49 50 50 if(is_readable($contents)){ 51 51 $this->docError = "invalid csv document"; 52 52 return false; 53 53 }//end if 54 54 55 55 }//end if 56 56 57 57 $this->parser->parse($data); 58 58 59 59 if(!count($this->parser->titles) || !count($this->parser->data)){ 60 60 $this->docError = "invalid csv document"; 61 return false; 61 return false; 62 62 }//end if 63 63 64 64 return true; 65 65 break; 66 66 67 67 }//end swtich 68 68 69 69 }//end method --_parseFromFile-- 70 71 70 71 72 72 function _getTransactionData(){ 73 73 //needs to be changed for more complicated tables … … 75 75 foreach($this->transactionIDs as $theid) 76 76 $inStatement .= $theid.","; 77 77 78 78 if($inStatement){ 79 79 80 80 $inStatement = substr($inStatement, 0, -1); 81 81 82 82 $querystatement = " 83 83 SELECT … … 88 88 `id` IN (".$inStatement."); 89 89 "; 90 90 91 91 $queryresult = $this->table->db->query($querystatement); 92 92 93 93 while($therecord = $this->table->db->fetchArray($queryresult)) 94 94 $this->transactionRecords[] = $therecord; 95 96 }//end if 97 95 96 }//end if 97 98 98 }//end method --_getTransactionData-- 99 100 99 100 101 101 function _getFile($fileName){ 102 102 if(function_exists('file_get_contents')){ … … 106 106 $file = addslashes(fread(fopen($fileName, 'r'), filesize($fileName))); 107 107 }//end if 108 108 109 109 return $file; 110 110 }//end method --_getFile-- 111 111 112 112 //DO NOT CALL IN TRANSACTION 113 113 function _storeTempCSV($fileName){ 114 114 115 115 $querystatement = " 116 116 INSERT INTO … … 136 136 '".$_SESSION["userinfo"]["id"]."', 137 137 '".$_SESSION["userinfo"]["id"]."' 138 138 139 139 ) 140 140 "; 141 141 142 142 $this->table->db->query($querystatement); 143 143 144 144 $id = $this->table->db->insertId(); 145 145 146 146 if($id) 147 147 $this->tempFileID = ((int) $id); 148 148 else 149 149 $this->error .= '<li> inserting temporary file failure </li>'; 150 150 151 151 }//end method --_storeTempCSV-- 152 153 152 153 154 154 function _getTempCSV($tempFileID){ 155 155 156 156 if($tempFileID){ 157 157 158 158 $querystatement = " 159 159 SELECT … … 164 164 id = ".((int)$tempFileID)." 165 165 "; 166 166 167 167 $queryresult = $this->table->db->query($querystatement); 168 168 169 169 $therecord = $this->table->db->fetchArray($queryresult); 170 170 171 171 return $therecord["file"]; 172 172 173 173 }//end if 174 174 175 175 return false; 176 176 177 177 }//end method --_getTempCSV-- 178 178 179 179 //DO NOT CALL IN TRANSACTION 180 180 function _removeTempCSV($tempFileID = 0){ 181 181 182 182 $querystatement = " 183 183 DELETE FROM … … 192 192 ); 193 193 "; 194 194 195 195 $queryresult = $this->table->db->query($querystatement); 196 196 197 197 $querystatement = " 198 198 ALTER TABLE … … 200 200 AUTO_INCREMENT = ".((int) $tempFileID)."; 201 201 "; 202 202 203 203 $queryresult = $this->table->db->query($querystatement); 204 204 205 205 }//end method --_removeTempCSV-- 206 206 207 207 //DO NOT USE THIS METHOD INSIDE AN OPEN TRANSACTION. 208 208 //IT WILL AUTOMATICALLY COMMIT THE TRANSACTION 209 209 function _revertAutoIncrement($revertID = 0){ 210 210 211 211 //check to see if there is a revert id (i.e. there was a valid insert) 212 212 if($revertID) 213 213 if(is_numeric($revertID)){ 214 214 215 215 $querystatement = " 216 216 ALTER TABLE … … 218 218 AUTO_INCREMENT = ".((int) $revertID)."; 219 219 "; 220 220 221 221 $this->table->db->query($querystatement); 222 222 223 223 }//end if 224 224 225 225 }//end method --_revertAutoIncrement-- 226 227 226 227 228 228 function importRecords($rows, $titles){ 229 229 230 230 switch($this->importType){ 231 232 case "csv": 231 232 case "csv": 233 233 //count total fieldnames (top row of csv document) 234 234 $fieldNum = count($titles); 235 235 236 236 //the file starts at line number 1, but since line 1 is 237 237 //supposed to be the fieldnames in the table(s), the lines 238 238 //being insereted start @ 2. 239 239 $rowNum = 2; 240 240 241 241 //get the data one row at a time 242 242 foreach($rows as $rowData){ 243 244 $theid = 0; 245 243 244 $theid = 0; // set for when verifification does not pass 245 $verify = array(); //set for when number of field rows does not match number of titles 246 246 247 //trim off leading/trailing spaces 247 248 $trimmedRowData = array(); 249 248 250 foreach($rowData as $name => $data) 249 251 $trimmedRowData[$name] = trim($data); 250 252 251 253 //check to see if number of fieldnames is consistent for each row 252 254 $rowFieldNum = count($trimmedRowData); 253 255 254 256 //if valid, insert, if not, log error and don't insert. 255 if($rowFieldNum == $fieldNum) 256 $theid = $this->table->insertRecord($trimmedRowData); 257 else 257 if($rowFieldNum == $fieldNum){ 258 $verify = $this->table->verifyVariables($trimmedRowData); 259 if(!count($verify)) 260 $theid = $this->table->insertRecord($trimmedRowData); 261 }else 258 262 $this->error .= '<li> incorrect amount of fields for line number '.$rowNum.'.</li>'; 259 263 260 264 if($theid){ 261 265 //keep track of the ids in the transaction to be able to select them 262 266 //for preview purposes 263 267 $this->transactionIDs[] = $theid; 264 268 265 269 //get first id to correct auto increment 266 270 if(!$this->revertID) … … 268 272 }else 269 273 $this->error .= '<li> failed insert for line number '.$rowNum.'.</li>'; 270 274 275 foreach($verify as $error) 276 $this->error .= '<li class="subError">'.$error.'</li>'; 277 271 278 $rowNum++; 272 279 273 280 }//end foreach 274 281 break; 275 282 276 283 }//end switch 277 284 278 285 }//end method --importRecords-- 279 280 286 287 281 288 function displayTransaction($recordsArray, $fieldsArray){ 282 289 //needs to be changed for more complicated tables … … 317 324 <?php 318 325 }//end if 319 326 320 327 }//end method --displayTransaction-- 321 322 328 329 323 330 function processImportPage(){ 324 331 325 332 $this->table->getTableInfo(); 326 333 327 334 if(!isset($_POST["command"])){ 328 335 329 336 //happens upon first coming to page 330 337 331 338 //remove any other temporary csv files in the `files` table 332 339 //present from previous imports 333 340 $this->_removeTempCSV(); 334 341 335 342 //check to see if user has the rights to be here. 336 343 //If not, kick him to the no access page. 337 344 if(!hasRights($this->table->importroleid)) 338 345 goURL(APP_PATH."noaccess.php"); 339 346 340 347 }else{ 341 348 //form has been submitted 342 349 switch($_POST["command"]){ 343 350 344 351 //cancel button pressed. 345 352 case "cancel": … … 354 361 }//end if 355 362 break; 356 363 357 364 case "upload": 358 365 359 366 //check for valid file upload 360 367 if(!$_FILES["import"]["error"] && ($_FILES["import"]["size"] > 0)){ 361 368 362 369 //check and parse the file 363 370 if($this->_parseFromData($_FILES["import"]["tmp_name"])){ 364 371 365 372 //start transaction 366 373 $this->table->db->startTransaction(); 367 374 368 375 $this->importRecords($this->parser->data, $this->parser->titles); 369 376 370 377 //get data for preview purposes 371 378 $this->_getTransactionData(); 372 379 //"undo" any inserts 373 380 $this->table->db->rollbackTransaction(); 374 381 375 382 //DO NOT CALL IN TRANSACTION 376 383 //ALTER TABLES AUTO COMMIT AND THE FILE NEEDS TO CARRY … … 378 385 $this->_revertAutoIncrement($this->revertID); 379 386 $this->_storeTempCSV($_FILES["import"]["tmp_name"]); 380 387 381 388 }//end if 382 389 383 390 }else 384 391 $this->docError .= "failed file upload"; 385 392 386 393 //switch page types 387 394 $this->pageType = "confirm"; 388 395 389 396 if(!$this->error && !$this->docError){ 390 397 $therecord["phpbmsStatus"] = "Confirm Import"; … … 394 401 }else 395 402 $therecord["phpbmsStatus"] = "Import Error"; 396 403 397 404 break; 398 405 399 406 case "import": 400 407 401 408 //get the contents of the stored csv document 402 409 $CSVcontents = $this->_getTempCSV($this->tempFileID); 403 410 404 411 //parser uses newline character to be able to parse the last line 405 412 if(substr($CSVcontents,-1,1) != "\n") 406 413 $CSVcontents .= "\n"; 407 408 414 415 409 416 $this->parser->parse($CSVcontents); 410 417 411 418 $this->importRecords($this->parser->data, $this->parser->titles); 412 419 413 420 $this->table->db->commitTransaction(); 414 421 415 422 //DO NOT CALL IN TRANSACTION 416 423 417 424 //get rid of temporary csv document 418 425 $this->_removeTempCSV($this->tempFileID); 419 426 420 427 $therecord["phpbmsStatus"] = "Record(s) Imported"; 421 428 //change page type 422 429 $this->pageType = "main"; 423 430 break; 424 431 425 432 }//end command switch 426 433 427 434 }// end if 428 435 429 436 //display the title 430 437 $therecord["title"] = $this->table->displayname." Import"; 431 438 return $therecord; 432 439 433 440 }//end method --imports-- 434 441 435 442 }//end class --imports-- 436 437 443 444 438 445 //this class is to have different buttons, and no created/modified. 439 446 if(class_exists("phpbmsForm")){ 440 447 class importForm extends phpbmsForm{ 441 448 442 449 function importForm($action = NULL, $method="post", $name="record", $onsubmit="return validateForm(this);", $dontSubmit = true){ 443 450 444 451 parent::phpbmsForm($action,$method,$name,$onsubmit,$dontSubmit); 445 452 446 453 }//end method --importForm-- 447 448 function startForm($pageTitle, $pageType ){449 450 ?><form action="<?php echo str_replace("&","&",$this->action) ?>" method="<?php echo $this->method?>" name="<?php echo $this->name?>" onsubmit="<?php echo $this->onsubmit?>" <?php 454 455 function startForm($pageTitle, $pageType, $numberOfRecords = 0){ 456 457 ?><form action="<?php echo str_replace("&","&",$this->action) ?>" method="<?php echo $this->method?>" name="<?php echo $this->name?>" onsubmit="<?php echo $this->onsubmit?>" <?php 451 458 if(isset($this->enctype)) echo ' enctype="'.$this->enctype.'" '; 452 459 if(isset($this->id)) echo ' id="'.$this->id.'" '; 453 ?>><?php 460 ?>><?php 454 461 if($this->dontSubmit){ 455 462 ?><div id="dontSubmit"><input type="submit" value=" " onclick="return false;" /></div><?php 456 463 } ?> 457 <div id="topButtons"><?php $this->showButtons(1, $pageType ); ?></div>458 <h1 id="h1Title"><span><?php echo $pageTitle ?></span></h1><?php 459 464 <div id="topButtons"><?php $this->showButtons(1, $pageType, $numberOfRecords); ?></div> 465 <h1 id="h1Title"><span><?php echo $pageTitle ?></span></h1><?php 466 460 467 }//end method --startForm-- 461 462 function showButtons($ids = 1, $pageType = "main" ){468 469 function showButtons($ids = 1, $pageType = "main", $numberOfRecords = 0){ 463 470 ?> 464 471 <div class="importCancels"> 465 472 <?php if($pageType == "main"){ ?> 466 <input <?php if($ids==1) {?>accesskey=" i"<?php }?> title="Upload (alt+u)" id="uploadButton<?php echo $ids?>" name="command" type="submit" value="upload" class="Buttons" />473 <input <?php if($ids==1) {?>accesskey="u"<?php }?> title="Upload (alt+u)" id="uploadButton<?php echo $ids?>" name="command" type="submit" value="upload" class="Buttons" /> 467 474 <input id="cancelButton<?php echo $ids?>" name="command" type="submit" value="cancel" class="Buttons" <?php if($ids==1) {?>accesskey="x" <?php }?> title="(access key+x)" /> 468 475 <?php }else{?> 469 <input type="submit" class="Buttons" value="import" name="command" id="import<?php echo $ids?>" title="commit" />476 <input type="submit" class="Buttons" value="import" name="command" id="import<?php echo $ids?>" title="commit" <?php echo ($numberOfRecords? '':'disabled="disabled"') ?>/> 470 477 <input type="submit" class="Buttons" value="cancel" name="command" id="cancelButton<?php echo $ids?>" title="rollback"/> 471 478 <?php }//end if ?> 472 479 </div><?php 473 480 }//end method --showButtons-- 474 481 475 482 }//end class --importForm-- 476 483 } -
trunk/phpbms/include/jstransport.php
r440 r485 1 <?php 1 <?php 2 2 $loginNoKick=true; 3 3 $loginNoDisplayError=true; 4 require_once("session.php"); 5 4 require_once("session.php"); 5 6 6 //phone formating 7 ?>phoneRegExpression=<?php 7 ?>phoneRegExpression=<?php 8 8 switch(PHONE_FORMAT){ 9 9 case "US - Loose": … … 11 11 break; 12 12 case "US - Strict": 13 ?>/^[2-9]\d{2}-\d{3}-\d{4}$/;<?php 13 ?>/^[2-9]\d{2}-\d{3}-\d{4}$/;<?php 14 14 break; 15 15 case "UK - Loose": 16 16 ?>/^((\(?0\d{4}\)?\s?\d{3}\s?\d{3})|(\(?0\d{3}\)?\s?\d{3}\s?\d{4})|(\(?0\d{2}\)?\s?\d{4}\s?\d{4}))(\s?\#(\d{4}|\d{3}))?$/;<?php 17 break; 17 break; 18 18 case "International": 19 19 ?>/^(\(?\+?[0-9]*\)?)?[0-9_\- \(\)]*$/;<?php 20 break; 21 } 22 20 break; 21 case "No Verification": 22 ?>/.*/;<?php 23 break; 24 } 25 23 26 //date formating 24 27 ?>APP_PATH="<?php echo htmlQuotes(APP_PATH)?>";<?php … … 26 29 //date formating 27 30 ?>DATE_FORMAT="<?php echo htmlQuotes(DATE_FORMAT)?>";<?php 28 31 29 32 //time formating 30 33 ?>TIME_FORMAT="<?php echo htmlQuotes(TIME_FORMAT)?>";<?php … … 40 43 41 44 ?>LOGIN_REFRESH=<?php echo LOGIN_REFRESH?>;<?php 42 45 43 46 if(defined("TERM1_DAYS")){ 44 47 ?>TERM1_DAYS=<?php echo TERM1_DAYS?>;<?php 45 48 }//end if 46 47 ?>MONTH_NAMES_LONG= [ <?php 48 49 50 ?>MONTH_NAMES_LONG= [ <?php 51 49 52 $mNames = ""; 50 53 for($i=0; $i < 11; $i++) 51 54 $mNames .= ', "'.strftime("%B", mktime(0, 0, 0, $i+1, 1, 1974)).'"'; 52 55 $mNames = substr($mNames, 2); 53 56 54 57 echo $mNames; 55 56 ?> ];<?php 58 59 ?> ];<?php 57 60 58 61 if(isset($phpbms->modules["bms"])){ 59 62 60 63 ?>TERM1_DAYS=<?php echo TERM1_DAYS?>;<?php 61 64 62 65 }//end if 63 66 64 67 65 68 ?> -
trunk/phpbms/include/login_include.php
r311 r485 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 function verifyLogin($username,$password,$db){ 40 $thereturn = "Login Failed"; 41 42 $querystatement = "SELECT id, firstname, lastname, email, phone, department, employeenumber, admin 43 FROM users 44 WHERE login=\"".mysql_real_escape_string($username)."\" 45 AND password=ENCODE(\"".mysql_real_escape_string($password)."\",\"".mysql_real_escape_string(ENCRYPTION_SEED)."\") 46 AND revoked=0 AND portalaccess=0"; 47 48 $queryresult = $db->query($querystatement); 49 50 if($db->numRows($queryresult)){ 51 39 class login{ 40 41 var $db; 42 43 function login($db){ 44 45 $this->db = $db; 46 47 }//end function init 48 49 50 function verify($username, $password){ 51 52 $querystatement = " 53 SELECT 54 id, 55 firstname, 56 lastname, 57 email, 58 phone, 59 department, 60 employeenumber, 61 admin 62 FROM 63 users 64 WHERE 65 login = '".mysql_real_escape_string($username)."' 66 AND password = ENCODE('".mysql_real_escape_string($password)."','".mysql_real_escape_string(ENCRYPTION_SEED)."') 67 AND revoked = 0 68 AND portalaccess = 0"; 69 70 $queryresult = $this->db->query($querystatement); 71 72 if($this->db->numRows($queryresult)){ 73 52 74 //We found a record that matches in the database 53 75 // populate the session and go in 54 $_SESSION["userinfo"] =$db->fetchArray($queryresult);55 76 $_SESSION["userinfo"] = $this->db->fetchArray($queryresult); 77 56 78 // Next get the users roles, and populate the session with them 57 $_SESSION["userinfo"]["roles"][]=0; 58 $querystatement = "SELECT roleid FROM rolestousers WHERE userid=".$_SESSION["userinfo"]["id"]; 59 $rolesqueryresult = $db->query($querystatement); 60 61 while($rolerecord=$db->fetchArray($rolesqueryresult)) 79 $_SESSION["userinfo"]["roles"][] = 0; 80 $querystatement = " 81 SELECT 82 roleid 83 FROM 84 rolestousers 85 WHERE userid=".$_SESSION["userinfo"]["id"]; 86 87 $rolesqueryresult = $this->db->query($querystatement); 88 89 while($rolerecord = $this->db->fetchArray($rolesqueryresult)) 62 90 $_SESSION["userinfo"]["roles"][]=$rolerecord["roleid"]; 63 64 65 $querystatement = "UPDATE users SET modifieddate=modifieddate, lastlogin=Now() WHERE id = ".$_SESSION["userinfo"]["id"];66 $updateresult = $db->query($querystatement);67 91 68 $_SESSION["tableparams"]=array(); 92 //update lastlogin 93 $ip = $_SERVER["REMOTE_ADDR"]; 94 95 $updatestatement = " 96 UPDATE 97 users 98 SET 99 modifieddate = modifieddate, 100 lastlogin = Now(), 101 `lastip` = '".$ip."' 102 WHERE 103 id = ".$_SESSION["userinfo"]["id"]; 104 105 $this->db->query($updatestatement); 106 107 $_SESSION["tableparams"] = array(); 69 108 70 109 goURL(DEFAULT_LOAD_PAGE); 71 } else 72 return "Login Failed"; 73 } 110 111 } else { 112 113 //log login attempt 114 $log = new phpbmsLog("Login attempt failed for user '".$username."'", "SECURITY"); 115 116 return "Login Failed"; 117 118 }//endif numrows 74 119 75 120 76 // Start Code 77 //================================================================================================================= 78 79 $failed=""; 80 if (isset($_POST["name"])) { 81 $variables=addSlashesToArray($_POST); 82 $failed=verifyLogin($variables["name"],$variables["password"],$db); 83 } else 84 $_POST["name"]=""; 85 ?> 121 }//end function verify 122 123 }//end class -
trunk/phpbms/include/session.php
r402 r485 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 40 // Turn on/or off debugging 39 41 @ define("APP_DEBUG",true); 40 42 if(APP_DEBUG) 41 43 error_reporting(E_ALL); 42 44 45 46 // Error Class - This class reports errors. It can also log these errors 47 // to the phpBMS log table in some cases. 43 48 class appError{ 49 44 50 var $number=0; 45 51 var $title=""; … … 48 54 var $logerror=true; 49 55 var $format="xhtml"; 50 56 57 //init 51 58 function appError($number=0,$details="",$title="",$display=false,$stop=true,$logerror=true,$format="xhtml"){ 59 52 60 $this->title = $title; 53 54 55 61 $this->details = $details; 56 57 62 $this->stop = $stop; 58 63 59 64 $this->logerror = $logerror; 60 65 $this->format = $format; 61 66 $this->number = $number; 62 67 68 // find a predetermined title; 63 69 if($this->number<0){ 70 64 71 switch($number){ 72 case -300: 73 $this->title = "settings.php file not readable"; 74 $this->details = 75 'If this is the initial installation of the program, 76 you may wan to run the installer. Use your web browser to navigate to:<br /><br /> 77 78 <a href="'.APP_PATH.'install">phpBMS Installation</a><br /><br /> 79 80 If your application already has a settings.php file in the main phpbms directory, you may need to give your web server rights to read the file.'; 81 break; 65 82 case -400: 66 83 case -410: … … 71 88 case -460: 72 89 $this->title="Database Error"; 73 break; 74 } 75 } 76 90 break; 91 }//end case; 92 93 }//endif this->number 94 77 95 if($display || APP_DEBUG) $this->display($format); 78 96 if($logerror) $this->logError(); 79 97 if($this->stop) exit; 80 } 81 82 function display($format=NULL){ 83 84 if($format==NULL) 85 $format=$this->format; 86 98 99 }//eend function init 100 101 102 //This function outputs the error to screen either in 103 // XHTML, plain text, or JSON format 104 function display($format = NULL){ 105 106 if($format == NULL) 107 $format = $this->format; 108 87 109 switch(strtolower($format)){ 110 88 111 case "json": 89 112 90 echo "{\n"; 91 echo "\"error\" : { \"id\" : ".$this->number; 92 if($this->title) 93 echo ", \"title\" : \"".addslashes($this->title)."\""; 94 if($this->details) 95 echo ", \"details\" : \"".addslashes($this->details)."\""; 96 echo "\n}"; 97 98 break; 99 113 $return["id"] = $this->number; 114 $return["title"] = $this->title; 115 $return["details"] = $this->details; 116 117 echo json_encode($return); 118 119 break; 120 100 121 case "xhtml": 101 122 102 $this->details = str_replace("\n","<br />", htmlspecialchars($this->details,ENT_COMPAT,"UTF-8")); 123 // Unsure if this line is needed, as it limits what we can do with detail print out 124 //$this->details = str_replace("\n","<br />", htmlspecialchars($this->details,ENT_COMPAT,"UTF-8")); 103 125 104 126 if(defined("APP_PATH")){ 127 105 128 if(!defined("STYLESHEET")) 106 129 define("STYLESHEET","mozilla"); 107 ?><link href="<?php echo APP_PATH ?>common/stylesheet/<?php echo STYLESHEET ?>/base.css" rel="stylesheet" type="text/css" /><?php 130 131 ?><link href="<?php echo APP_PATH ?>common/stylesheet/<?php echo STYLESHEET ?>/base.css" rel="stylesheet" type="text/css" /><?php 132 108 133 } else { 109 //if the app_path is not defined, we can try including the mozilla stylesheet, relative to 134 135 //if the app_path is not defined, we can try including the mozilla stylesheet, relative to 110 136 // the assumed phpbms root 111 ?><link href="common/stylesheet/mozilla/base.css" rel="stylesheet" type="text/css" /><?php 137 ?><link href="common/stylesheet/mozilla/base.css" rel="stylesheet" type="text/css" /><?php 138 112 139 }//end if 140 113 141 ?><div class="bodyline"> 114 142 <h1><span>phpBMS Error: <?php echo $this->number; if($this->title) echo " ".$this->title?></span></h1> … … 118 146 </div> 119 147 <?php } //end if?> 120 </div><?php 121 122 break;123 148 </div><?php 149 150 break; 151 124 152 default: 125 153 126 154 echo "phpBMS Error: ".$this->number; 127 155 if($this->title) echo ": ".$this->title; 128 156 if($this->details) echo " - ".$this->details; 129 130 break;157 158 break; 131 159 }//end switch 132 160 }// end dispaly function 133 161 162 163 // this function logs the error in the phpBMS log table 134 164 function logError(){ 165 135 166 $message = $_SERVER["REQUEST_URI"]."\n"; 136 167 $message .= $this->number; 168 137 169 if($this->title) 138 170 $message.=": ".$this->title; 171 139 172 if($this->details) 140 173 $message.="\n\n".$this->details; 141 174 142 175 $log = new phpbmsLog($message,"ERROR"); 176 143 177 }//end logError 144 178 145 179 }//end appError class 146 180 181 182 // This is the class for logging items tot the phpBMS 183 // log table; 147 184 class phpbmsLog{ 148 149 var $db =NULL;150 var $type ="ERROR";151 var $value ="";152 var $userid =2;153 185 186 var $db = NULL; 187 var $type = "ERROR"; 188 var $value = ""; 189 var $userid = 2; 190 154 191 function phpbmsLog($value=NULL,$type=NULL,$userid=NULL,$db=NULL,$sendLog=true){ 155 192 … … 158 195 if($db){ 159 196 if(is_object($db)){ 160 $this->db=$db; 161 197 198 $this->db = $db; 199 162 200 $this->db->showError=false; 163 201 $this->db->logError=false; 164 202 $this->db->stopOnError=false; 165 } 166 } 167 else{ 203 204 }//endif object 205 206 } else { 207 168 208 if(class_exists("db")){ 209 169 210 $this->db= new db(false); 170 211 171 212 $this->db->showError=false; 172 213 $this->db->logError=false; 173 214 $this->db->stopOnError=false; 174 215 175 216 $this->db->connect(); 176 217 $this->db->selectSchema(); 177 } else 218 219 } else 178 220 return false; 179 } 180 221 222 }//endif db 223 181 224 if($value) 182 $this->value=$value; 225 $this->value = $value; 226 183 227 if($type) 184 $this->type=$type; 228 $this->type = $type; 229 185 230 if($userid) 186 $this->userid =((int) $userid);187 231 $this->userid = ((int) $userid); 232 188 233 if($sendLog) 189 234 return $this->sendLog(); 190 235 else 191 236 return true; 192 193 }//end function 194 237 238 }//end function init 239 240 241 // inserts record into log table 195 242 function sendLog(){ 196 197 $ip=$_SERVER["REMOTE_ADDR"]; 198 199 $querystatement="INSERT INTO `log` (`type`,`value`,`userid`,`ip`) VALUES ("; 200 $querystatement.="\"".mysql_real_escape_string($this->type)."\", "; 201 $querystatement.="\"".mysql_real_escape_string($this->value)."\", "; 202 $querystatement.=$this->userid.", "; 203 $querystatement.="\"".$ip."\")"; 204 205 $this->db->query($querystatement); 206 207 } 208 }//end phpbmslog 209 210 211 243 244 $ip = $_SERVER["REMOTE_ADDR"]; 245 246 $insertstatement = " 247 INSERT INTO 248 `log` 249 (`type`, `value`, `userid`, `ip`) VALUES ( 250 '".mysql_real_escape_string($this->type)."', 251 '".mysql_real_escape_string($this->value)."', 252 ".$this->userid.", 253 '".$ip."' 254 )"; 255 256 $this->db->query($insertstatement); 257 258 }//end function sendLog 259 260 }//end class phpbmslog 261 262 263 // This class handles the loading of the database, session and application 264 // variables, as well as verifying API level logins 212 265 class phpbmsSession{ 213 266 214 var $db =null;267 var $db = null; 215 268 216 269 function loadDBSettings($reportError = true){ 270 217 271 // This functions looks for the settings.php file, and loads 218 272 // the database variables as constants. As an added benefit 219 273 // it adds the phpBMS root as an included path. 220 221 $path=""; 222 $count=1; 274 223 275 224 276 //need to look for settings file... only go up a total of 10 directories 225 $currdirectory= getcwd(); 226 227 while(!file_exists("settings.php") and ($count<10)){ 277 $currdirectory = getcwd(); 278 279 //Prep the setting of the application path; 280 $currentURL = explode("/",$_SERVER["PHP_SELF"]); 281 array_pop($currentURL); 282 283 $count = 0; 284 $path = ""; 285 286 //We need to find the applications root 287 while(!file_exists("phpbmsversion.php") && $count < 9){ 288 228 289 $path.="../"; 229 290 @ chdir("../"); 230 291 $count++; 231 } 232 292 293 }//end while 294 295 //Now set the Web location (APP_PATH) 296 $appPath = "/"; 297 for($i = 0; $i < count($currentURL) - $count; $i++) 298 if($currentURL[$i]) 299 $appPath .= $currentURL[$i]."/"; 300 301 define("APP_PATH", $appPath); 302 233 303 $settingsfile = @ fopen("settings.php","r"); 304 234 305 if($settingsfile){ 235 //loop through the settings file and load variables into the session 306 307 //loop through the settings file and load variables into the session 236 308 while( !feof($settingsfile)) { 237 $line=NULL; 238 $key=NULL; 239 $value=NULL; 240 $line=fscanf($settingsfile,"%[^=]=%[^[]]",$key,$value); 309 310 $line = NULL; 311 $key = NULL; 312 $value = NULL; 313 $line = @ fscanf($settingsfile,"%[^=]=%[^[]]",$key,$value); 314 241 315 if ($line){ 316 242 317 $key=trim($key); 243 318 $value=trim($value); 244 if($key!="" and !strpos($key,"]")){ 319 320 if($key!="" and !strpos($key,"]")){ 321 245 322 $startpos=strpos($value,"\""); 246 323 $endpos=strrpos($value,"\""); 324 247 325 if($endpos!=false) 248 326 $value=substr($value,$startpos+1,$endpos-$startpos-1); 249 if(strpos($key,"mysql_")===0){ 327 328 if(strpos($key,"mysql_")===0) 250 329 define(strtoupper($key),$value); 251 } 252 } 253 } 254 } 255 330 331 }//endif key 332 333 }//endif line 334 335 }//endwhile 336 256 337 @ fclose($settingsfile); 257 338 … … 261 342 262 343 //this adds the phpbms root to the include path 263 if ( ! 264 265 266 267 268 269 270 define( "PATH_SEPARATOR", ";" );271 else272 273 344 if ( !defined( "PATH_SEPARATOR" ) ) { 345 346 //if we cannot determin the OS, we will assume its unix 347 if(!isset($_ENV["OS"])) 348 $_ENV["OS"] = "unix"; 349 350 if ( strpos( $_ENV["OS"], "Win" ) !== false ) 351 define( "PATH_SEPARATOR", ";" ); 352 else 353 define( "PATH_SEPARATOR", ":" ); 354 274 355 }//end if 275 356 276 $pathToAdd=@ getcwd(); 277 ini_set("include_path",ini_get("include_path").PATH_SEPARATOR.$pathToAdd); 278 279 //Now to set the path 280 $pathrev = strrev($_SERVER["PHP_SELF"]); 281 $choppos=0; 282 283 for($x=0;$x<$count;$x++) 284 $choppos = strpos($pathrev,"/",$choppos+1); 285 define("APP_PATH",strrev(substr($pathrev,$choppos))); 286 357 $pathToAdd = @ getcwd(); 358 359 //Now we include the root application path to php's include path 360 if(ini_set("include_path", ini_get("include_path").PATH_SEPARATOR.$pathToAdd) === false && $reportError) 361 $error = new appError(-310, "Your implementation of PHP does not allow changing of the include path. You may need to modify your PHP settings to allow phpBMS to modify this php ini setting. If you are using a web hosting company, you may need to contact them to allow this.", "Cannot add to include path", true, true, false); 362 363 364 //return directory to current directory 287 365 @ chdir ($currdirectory); 366 288 367 return $path; 368 289 369 } else { 370 290 371 if($reportError) 291 $error= new appError(-300,"You may need to run the install process, or set the permission on your settings file correctly.","Settings File Could Not Be Read",true,true,false); 372 $error = new appError(-300,"","",true,true,false); 373 292 374 return false; 293 } 375 376 }//endif settingsfile 377 294 378 }//end function 295 379 380 296 381 function loadSettings($encoding = "utf8"){ 297 // We are going to make sure that we are using utf8 382 383 // We are going to make sure that we are using utf8 298 384 // but it works only in mySQL 5, so we supress errors 299 385 // when trying it. 300 386 if($this->db==NULL) 301 387 $error=new appError(-310,"","Database not loaded"); 302 388 303 389 $this->db->logError = false; 304 390 $this->db->stopOnError = false; 305 391 306 392 $this->db->setEncoding($encoding); 307 393 308 394 $this->db->logError = true; 309 395 310 396 $querystatement = "SELECT name,value FROM settings"; 311 397 … … 313 399 314 400 if(!$queryresult){ 401 315 402 $error= new appError(-310,"If you have not ran the update script for phpBMS, please run it before logging in.","Could Not Retrieve Settings From Database"); 316 403 return false; 404 317 405 } else { 406 318 407 while($therecord=$this->db->fetchArray($queryresult)){ 319 408 320 409 //old versions used a reserved constant in certain php versions 321 410 if($therecord["name"] == "currency_symbol") 322 411 $therecord["name"] = "currency_sym"; 323 412 324 413 if(!defined(strtoupper($therecord["name"]))) 325 414 define(strtoupper($therecord["name"]),$therecord["value"]); … … 330 419 if(!isset($_SERVER['REQUEST_URI'])) { 331 420 $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME']; 332 421 333 422 if(!defined("HOUR_FORMAT")) 334 423 define("HOUR_FORMAT","%I"); 335 424 336 425 // Append the query string if it exists and isn't null 337 426 if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) … … 342 431 343 432 return true; 344 } 345 } 346 347 433 434 }//endif queryresult 435 436 }//end function 437 438 439 // This is in a function in case we want to do sessions differently in the future 348 440 function startSession(){ 349 // This is in a function in case we want to do sessions differently in the future 350 441 351 442 session_name("phpBMS".preg_replace('/\W/',"",APPLICATION_NAME)."v096ID"); 352 443 session_start(); 353 } 354 355 356 function verifyAPIlogin($user,$pass){ 357 $thereturn=false; 444 445 }//end function startSesion 446 447 448 function verifyAPIlogin($user, $pass){ 449 450 $thereturn = false; 358 451 $this->db->stopOnError = false; 359 360 $querystatement = "SELECT id, firstname, lastname, email, phone, department, employeenumber, admin 361 FROM users 362 WHERE login!=\"Scheduler\" AND login=\"".mysql_real_escape_string($user)."\" 363 AND password=ENCODE(\"".mysql_real_escape_string($pass)."\",\"".mysql_real_escape_string(ENCRYPTION_SEED)."\") 364 AND revoked=0 AND portalaccess=1"; 452 453 $querystatement = " 454 SELECT 455 id, 456 firstname, 457 lastname, 458 email, 459 phone, 460 department, 461 employeenumber, 462 admin 463 FROM 464 users 465 WHERE 466 login != 'Scheduler' 467 AND login = '".mysql_real_escape_string($user)."' 468 AND password = ENCODE('".mysql_real_escape_string($pass)."', '".mysql_real_escape_string(ENCRYPTION_SEED)."') 469 AND revoked = 0 470 AND portalaccess = 1"; 471 365 472 $queryresult = $this->db->query($querystatement); 473 366 474 if(!$queryresult) { 475 367 476 $error = new appError(-720,"","Error retrieving user record",true,true,true,"json"); 368 477 return false; 369 } 370 478 479 }//endif 480 371 481 if($this->db->numRows($queryresult)){ 482 372 483 //We found a record that matches in the database 373 484 // populate the session and go in 374 $_SESSION["userinfo"]=$this->db->fetchArray($queryresult); 375 376 $querystatement="UPDATE users SET modifieddate=modifieddate, lastlogin=Now() WHERE id = ".$_SESSION["userinfo"]["id"]; 377 $queryresult=@ $this->db->query($querystatement); 378 if(!$queryresult) { 485 $_SESSION["userinfo"] = $this->db->fetchArray($queryresult); 486 487 $querystatement = " 488 UPDATE 489 users 490 SET 491 modifieddate=modifieddate, 492 lastlogin=Now() 493 WHERE 494 id = ".$_SESSION["userinfo"]["id"]; 495 496 $queryresult = @ $this->db->query($querystatement); 497 498 if(!$queryresult) 379 499 $error = new appError(-730,"","Error Updating User Login Time",true,true,true,"json"); 380 } else 381 $thereturn=true; 382 } 383 return $thereturn; 384 } 385 386 }//end loginSession class 387 388 389 // Start Code 390 //================================================================================================================= 391 //php <4.3.0 compatibility 392 if(!function_exists("mysql_real_escape_string")){ 393 function mysql_real_escape_string($string){ 394 return mysql_escape_string($string); 395 } 396 397 function utf8_replaceEntity($result){ 398 $value = (int)$result[1]; 399 $string = ''; 400 401 $len = round(pow($value,1/8)); 402 403 for($i=$len;$i>0;$i--){ 404 $part = ($value & (255>>2)) | pow(2,7); 405 if ( $i == 1 ) $part |= 255<<(8-$len); 406 407 $string = chr($part) . $string; 408 409 $value >>= 6; 410 } 411 412 return $string; 413 } 414 415 if(!function_exists("mysql_real_escape_string")){ 416 function html_entity_decode($string){ 417 return preg_replace_callback('/&#([0-9]+);/u','utf8_replaceEntity',$string); 418 }//end function 419 }//end if 420 421 }// end PHP<4.3 compatibility 500 else 501 $thereturn = true; 502 503 }//endif numrows 504 505 return $thereturn; 506 507 }//end function verifyAPIlogin 508 509 510 //Check to see if install folders are present. If so, do not continue. 511 function checkForInstallDirs($errorFormat = "xhtml"){ 512 513 //first lets check for the main programs install folder 514 if(file_exists("install") && is_dir("install")) 515 $error = new appError(-353,"You must remove the install directory and all modules' install directories before phpBMS can run.","Main Install Directory Present",true,true,true,$errorFormat); 516 517 $thedir= @ opendir("modules"); 518 519 while($entry = readdir($thedir)){ 520 521 if($entry != "." && $entry != ".." && $entry != "base" && $entry != "sample" && is_dir("modules/".$entry)){ 522 523 if(file_exists("modules/".$entry."/install") && is_dir("modules/".$entry."/install")){ 524 525 $error = new appError(-354,"You must remove the install directory and all modules' install directories before phpBMS can run.","Module '".$entry."' Install Directory Present",true,true,true,$errorFormat); 526 527 }//endif 528 529 }//endif 530 531 }//end if 532 533 }//end function checkForInstallDirs 534 535 }//end phpbmsSession class 536 422 537 423 538 424 539 // Start Login verification Code 425 //============================================================================== ===================================540 //============================================================================== 426 541 if(!isset($sqlEncoding)) 427 542 $sqlEncoding = "utf8"; 428 543 429 544 if(!defined("noStartup")){ 545 430 546 $scriptname = basename($_SERVER["PHP_SELF"]); 431 547 $phpbmsSession = new phpbmsSession; 432 548 433 549 //Testing for API login 434 550 if(strpos($scriptname,"api_")!==false){ 435 551 if(isset($_POST["phpbmsusername"]) && isset($_POST["phpbmspassword"])){ 552 436 553 $phpbmsSession->loadDBSettings(APP_DEBUG); 437 554 555 if(!APP_DEBUG) 556 $phpbmsSession->checkForInstallDirs("json"); 557 438 558 include_once("include/db.php"); 439 559 $db = new db(); 440 560 $phpbmsSession->db = $db; 441 561 442 include_once("common_functions.php"); 562 include_once("common_functions.php"); 443 563 $phpbmsSession->loadSettings($sqlEncoding); 444 564 $phpbms = new phpbms($db); 445 446 565 566 447 567 if(!$phpbmsSession->verifyAPILogin($_POST["phpbmsusername"],$_POST["phpbmspassword"])) 448 568 $error = new appError(-700,"","Login credentials incorrect",true,true,true,"json"); 569 449 570 } else 450 571 $error= new appError(-710,"","No login credentials passed",true,true,true,"json"); 572 451 573 } else { 452 574 453 575 $phpbmsSession->loadDBSettings(APP_DEBUG); 454 455 576 577 if(!APP_DEBUG) 578 $phpbmsSession->checkForInstallDirs(); 579 580 //start database 456 581 include_once("include/db.php"); 457 582 $db = new db(); 458 583 459 584 $phpbmsSession->db = $db; 460 585 586 //load application settings from table 461 587 $phpbmsSession->loadSettings($sqlEncoding); 462 588 463 589 include_once("common_functions.php"); 464 590 $phpbms = new phpbms($db); 465 591 466 592 if(!isset($noSession)) 467 593 $phpbmsSession->startSession(); 468 594 469 595 if (!isset($_SESSION["userinfo"]) && $scriptname != "index.php") { 470 596 471 597 if(isset($loginNoKick)){ 598 472 599 if(!isset($loginNoDisplayError)) 473 600 exit(); 601 474 602 } else{ 603 475 604 goURL(APP_PATH."index.php"); 476 } 477 } 478 479 } 480 481 $db->stopOnError=true; 605 606 }//endif 607 608 }//endif iseet userinfo 609 610 }//endif 611 612 $db->stopOnError = true; 613 482 614 }//end if 483 615 -
trunk/phpbms/include/tables.php
r427 r485 39 39 40 40 41 class phpbmsTable{ 42 43 var $db = NULL; 44 var $backurl = NULL; 45 46 // The table definition record id. 47 var $id=0; 48 49 var $fields = array(); 50 51 function phpbmsTable($db,$tabledefid = 0,$backurl = NULL){ 52 53 if(is_object($db)) 54 if(get_class($db)=="db") 55 $this->db = $db; 56 if($this->db === NULL) 57 $error = new appError(-800,"database object is required for parameter 1.","Initializing phpbmsTable Class"); 58 59 $this->id = ((int) $tabledefid); 60 61 if($backurl == NULL) 62 $this->backurl = APP_PATH."search.php?id=".$this->id; 63 else 64 $this->backurl = $backurl; 65 66 if(!$this->getTableInfo()) 67 $error = new appError(-810,"Table definition not found for id ".$this->id,"Initializing phpbmsTable Class"); 68 } 69 70 71 function getTableInfo(){ 72 $querystatement = "SELECT * FROM tabledefs WHERE id=".$this->id; 73 74 $queryresult = $this->db->query($querystatement); 75 76 if($this->db->numRows($queryresult)){ 77 foreach($this->db->fetchArray($queryresult) as $key => $value) 78 $this->$key = $value; 79 80 $this->fields = $this->db->tableInfo($this->maintable); 81 82 return true; 83 } else 84 return false; 85 } 86 87 function getDefaultByType($fieldtype){ 88 $default = NULL; 89 90 switch ($fieldtype){ 91 case "blob": 92 case "string": 93 $default = ""; 94 break; 95 case "real": 96 case "int": 97 $default = 0; 98 break; 99 case "date": 100 $default=dateToString(mktime(),"SQL"); 101 break; 102 case "time": 103 $default=timeToString(mktime(),"SQL"); 104 break; 105 case "year": 106 $default=strftime("%Y"); 107 break; 108 case "datetime": 109 case "timestamp": 110 $default = dateToString(mktime(),"SQL")." ".timeToString(mktime(),"24 Hour"); 111 break; 112 } 113 114 return $default; 115 116 } 117 118 function prepareFieldForSQL($value,$type,$flags){ 119 switch ($type){ 120 121 case "blob": 122 case "string": 123 if($value === "" or $value === NULL){ 124 if(strpos($flags,"not_null") === false) 125 $value = NULL; 126 else 127 $value = "''"; 128 } else 129 $value = "'".$value."'"; 130 break; 131 132 case "real": 133 if($value === "" or $value === NULL){ 134 if(strpos($flags,"not_null") === false) 135 $value = NULL; 136 else 137 $value = 0; 138 } else 139 $value = (real) $value; 140 break; 141 142 case "int": 143 if($value === "" or $value === NULL){ 144 if(strpos($flags,"not_null") === false) 145 $value = NULL; 146 else 147 $value = 0; 148 } else 149 $value = (int) $value; 150 break; 151 152 case "date": 153 if($value === "" or $value === NULL){ 154 if(strpos($flags,"not_null") === false) 155 $value = NULL; 156 else 157 $value = "'".dateToString(mktime(),"SQL")."'"; 158 } else 159 $value = "'".sqlDateFromString($value)."'"; 160 break; 161 162 case "time": 163 if($value === "" or $value === NULL){ 164 if(strpos($flags,"not_null") === false) 165 $value = NULL; 166 else 167 $value = "'".timeToString(mktime(),"SQL")."'"; 168 } else 169 $value = "'".sqlTimeFromString($value)."'"; 170 break; 171 172 case "year": 173 if($value === "" or $value === NULL) 174 if(strpos($flags,"not_null") === false) 175 $value = NULL; 176 else 177 $value = strftime("%Y"); 178 break; 179 180 case "datetime": 181 case "timestamp": 182 if($value === "" or $value === NULL){ 183 if(strpos($flags,"not_null") === false) 184 $value = NULL; 185 else 186 $value = "'".dateToString(mktime(),"SQL")." ".timeToString(mktime(),"24 Hour")."'"; 187 } else{ 188 $datetimearray = explode(" ",$value); 189 if(count($datetimearray) > 1){ 190 $value = "'".sqlDateFromString($datetimearray[0])." ".sqlTimeFromString($datetimearray[1])."'"; 191 } else 192 $value = "'".$value."'"; 193 } 194 break; 195 case "password": 196 $value = "ENCODE('".$value."','".ENCRYPTION_SEED."')"; 197 break; 198 }//end case 199 200 201 if($value === NULL) 202 $value = "NULL"; 203 return $value; 204 }//end method 205 206 207 function getDefaults(){ 208 $therecord = array(); 209 210 foreach($this->fields as $fieldname => $thefield){ 211 switch($fieldname){ 212 case "id": 213 case "modifiedby": 214 case "modifieddate": 215 $therecord[$fieldname] = NULL; 216 break; 217 218 case "createdby": 219 $therecord["createdby"] = $_SESSION["userinfo"]["id"]; 220 break; 221 222 default: 223 if(strpos($thefield["flags"],"not_null") === false) 224 $therecord[$fieldname] = NULL; 225 else { 226 $therecord[$fieldname] = $this->getDefaultByType($thefield["type"]); 227 } 228 break; 229 }//end switch 230 }//end foreach 231 232 return $therecord; 233 } 234 235 236 function getRecord($id = 0){ 237 $id = (int) $id; 238 239 $querystatement = "SELECT "; 240 241 foreach($this->fields as $fieldname => $thefield){ 242 if(isset($thefield["select"])) 243 $querystatement .= "(".$thefield["select"].") AS `".$fieldname."`, "; 41 class phpbmsTable{ 42 43 var $db = NULL; 44 var $backurl = NULL; 45 var $verifyErrors = array(); 46 47 // The table definition record id. 48 var $id=0; 49 50 var $fields = array(); 51 52 function phpbmsTable($db,$tabledefid = 0,$backurl = NULL){ 53 54 if(is_object($db)) 55 if(get_class($db)=="db") 56 $this->db = $db; 57 if($this->db === NULL) 58 $error = new appError(-800,"database object is required for parameter 1.","Initializing phpbmsTable Class"); 59 60 $this->id = ((int) $tabledefid); 61 62 if($backurl == NULL) 63 $this->backurl = APP_PATH."search.php?id=".$this->id; 244 64 else 245 $querystatement .= "`".$fieldname."`, "; 246 }//end foreach 247 $querystatement = substr($querystatement, 0, strlen($querystatement)-2); 248 249 $querystatement .= " FROM `".$this->maintable."` WHERE `".$this->maintable."`.`id` = ".$id; 250 251 $queryresult = $this->db->query($querystatement); 252 253 if($this->db->numRows($queryresult)) 254 $therecord = $this->db->fetchArray($queryresult); 255 else 256 $therecord = $this-> getDefaults(); 257 258 return $therecord; 259 }//end getRecord function 260 261 262 function updateRecord($variables, $modifiedby = NULL){ 263 $variables = addSlashesToArray($variables); 264 265 if($modifiedby === NULL) 266 if(isset($_SESSION["userinfo"]["id"])) 267 $modifiedby = $_SESSION["userinfo"]["id"]; 268 else 269 $error = new appError(-840,"Session Timed Out.","Creating New Record"); 270 271 if(!isset($variables["id"])) 272 $error = new appError(-820,"id not set","Updating Record"); 273 274 $updatestatement = "UPDATE `".$this->maintable."` SET "; 275 276 foreach($this->fields as $fieldname => $thefield){ 277 if(!isset($thefield["select"])){ 65 $this->backurl = $backurl; 66 67 if(!$this->getTableInfo()) 68 $error = new appError(-810,"Table definition not found for id ".$this->id,"Initializing phpbmsTable Class"); 69 } 70 71 72 function getTableInfo(){ 73 $querystatement = "SELECT * FROM tabledefs WHERE id=".$this->id; 74 75 $queryresult = $this->db->query($querystatement); 76 77 if($this->db->numRows($queryresult)){ 78 foreach($this->db->fetchArray($queryresult) as $key => $value) 79 $this->$key = $value; 80 81 $this->fields = $this->db->tableInfo($this->maintable); 82 83 return true; 84 } else 85 return false; 86 } 87 88 function getDefaultByType($fieldtype){ 89 $default = NULL; 90 91 switch ($fieldtype){ 92 case "blob": 93 case "string": 94 $default = ""; 95 break; 96 case "real": 97 case "int": 98 $default = 0; 99 break; 100 case "date": 101 $default=dateToString(mktime(),"SQL"); 102 break; 103 case "time": 104 $default=timeToString(mktime(),"SQL"); 105 break; 106 case "year": 107 $default=strftime("%Y"); 108 break; 109 case "datetime": 110 case "timestamp": 111 $default = dateToString(mktime(),"SQL")." ".timeToString(mktime(),"24 Hour"); 112 break; 113 } 114 115 return $default; 116 117 } 118 119 function prepareFieldForSQL($value,$type,$flags){ 120 switch ($type){ 121 122 case "blob": 123 case "string": 124 if($value === "" or $value === NULL){ 125 if(strpos($flags,"not_null") === false) 126 $value = NULL; 127 else 128 $value = "''"; 129 } else 130 $value = "'".$value."'"; 131 break; 132 133 case "real": 134 if($value === "" or $value === NULL){ 135 if(strpos($flags,"not_null") === false) 136 $value = NULL; 137 else 138 $value = 0; 139 } else 140 $value = (real) $value; 141 break; 142 143 case "int": 144 if($value === "" or $value === NULL){ 145 if(strpos($flags,"not_null") === false) 146 $value = NULL; 147 else 148 $value = 0; 149 } else 150 $value = (int) $value; 151 break; 152 153 case "date": 154 if($value === "" or $value === NULL){ 155 if(strpos($flags,"not_null") === false) 156 $value = NULL; 157 else 158 $value = "'".dateToString(mktime(),"SQL")."'"; 159 } else 160 $value = "'".sqlDateFromString($value)."'"; 161 break; 162 163 case "time": 164 if($value === "" or $value === NULL){ 165 if(strpos($flags,"not_null") === false) 166 $value = NULL; 167 else 168 $value = "'".timeToString(mktime(),"SQL")."'"; 169 } else 170 $value = "'".sqlTimeFromString($value)."'"; 171 break; 172 173 case "year": 174 if($value === "" or $value === NULL) 175 if(strpos($flags,"not_null") === false) 176 $value = NULL; 177 else 178 $value = strftime("%Y"); 179 break; 180 181 case "datetime": 182 case "timestamp": 183 if($value === "" or $value === NULL){ 184 if(strpos($flags,"not_null") === false) 185 $value = NULL; 186 else 187 $value = "'".dateToString(mktime(),"SQL")." ".timeToString(mktime(),"24 Hour")."'"; 188 } else{ 189 $datetimearray = explode(" ",$value); 190 if(count($datetimearray) > 1){ 191 $value = "'".sqlDateFromString($datetimearray[0])." ".sqlTimeFromString($datetimearray[1])."'"; 192 } else 193 $value = "'".$value."'"; 194 } 195 break; 196 case "password": 197 $value = "ENCODE('".$value."','".ENCRYPTION_SEED."')"; 198 break; 199 }//end case 200 201 202 if($value === NULL) 203 $value = "NULL"; 204 return $value; 205 }//end method 206 207 208 function getDefaults(){ 209 $therecord = array(); 210 211 foreach($this->fields as $fieldname => $thefield){ 278 212 switch($fieldname){ 279 213 case "id": 280 case "creationdate": 214 case "modifiedby": 215 case "modifieddate": 216 $therecord[$fieldname] = NULL; 217 break; 218 281 219 case "createdby": 282 break; 220 $therecord["createdby"] = $_SESSION["userinfo"]["id"]; 221 break; 222 223 default: 224 if(strpos($thefield["flags"],"not_null") === false) 225 $therecord[$fieldname] = NULL; 226 else { 227 $therecord[$fieldname] = $this->getDefaultByType($thefield["type"]); 228 } 229 break; 230 }//end switch 231 }//end foreach 232 233 return $therecord; 234 } 235 236 237 function getRecord($id = 0){ 238 $id = (int) $id; 239 240 $querystatement = "SELECT "; 241 242 foreach($this->fields as $fieldname => $thefield){ 243 if(isset($thefield["select"])) 244 $querystatement .= "(".$thefield["select"].") AS `".$fieldname."`, "; 245 else 246 $querystatement .= "`".$fieldname."`, "; 247 }//end foreach 248 $querystatement = substr($querystatement, 0, strlen($querystatement)-2); 249 250 $querystatement .= " FROM `".$this->maintable."` WHERE `".$this->maintable."`.`id` = ".$id; 251 252 $queryresult = $this->db->query($querystatement); 253 254 if($this->db->numRows($queryresult)) 255 $therecord = $this->db->fetchArray($queryresult); 256 else 257 $therecord = $this-> getDefaults(); 258 259 return $therecord; 260 }//end getRecord function 261 262 263 function prepareVariables($variables){ 264 265 return $variables; 266 267 }//end method --prepareVariables-- 268 269 270 function verifyVariables($variables){ 271 272 $thereturn = array(); 273 274 if(!isset($this->verifyErrors)) 275 $this->verifyErrors = array(); 276 277 if(isset($variables["id"])) 278 if(!is_numeric($variables["id"]) && $variables["id"]) 279 $this->verifyErrors[] = "The `id` field must be numeric or equivalent to zero (although positive is reccomended)."; 280 281 if(isset($variables["inactive"])) 282 if($variables["inactive"] && $variables["inactive"] != 1) 283 $this->verifyErrors[] = "The `inactive` field must be a boolean (equivalent to 0 or exactly 1)."; 283 284 284 case "modifiedby": 285 $updatestatement .= "`modifiedby` = ".((int) $modifiedby).", "; 286 break; 287 288 case "modifieddate": 289 $updatestatement .= "`modifieddate` = NOW(), "; 290 break; 291 292 default: 293 if(!isset($variables[$fieldname]) && strpos($thefield["flags"],"not_null") !== false) 294 $variables[$fieldname] = $this->getDefaultByType($thefield["type"],true); 295 296 if(isset($variables[$fieldname])) 297 $updatestatement .= "`".$fieldname."` = ".$this->prepareFieldForSQL($variables[$fieldname],$thefield["type"],$thefield["flags"]).", "; 298 break; 299 }//end switch field name 300 }//end if 301 }//end foreach 302 $updatestatement = substr($updatestatement, 0, strlen($updatestatement)-2); 303 304 $updatestatement .= " WHERE `id`=".((int) $variables["id"]); 305 306 $updateresult = $this->db->query($updatestatement); 307 308 return true; 309 } 310 311 312 function insertRecord($variables,$createdby = NULL, $overrideID = false){ 313 314 if($createdby === NULL) 315 if(isset($_SESSION["userinfo"]["id"])) 316 $createdby = $_SESSION["userinfo"]["id"]; 285 if(count($this->verifyErrors)) 286 $thereturn = $this->verifyErrors; 287 288 unset($this->verifyErrors); 289 290 return $thereturn; 291 292 }//end method --verifyVariables-- 293 294 295 function updateRecord($variables, $modifiedby = NULL){ 296 297 $variables = addSlashesToArray($variables); 298 299 if($modifiedby === NULL) 300 if(isset($_SESSION["userinfo"]["id"])) 301 $modifiedby = $_SESSION["userinfo"]["id"]; 302 else 303 $error = new appError(-840,"Session Timed Out.","Creating New Record"); 304 305 if(!isset($variables["id"])) 306 $error = new appError(-820,"id not set","Updating Record"); 307 308 $updatestatement = "UPDATE `".$this->maintable."` SET "; 309 310 foreach($this->fields as $fieldname => $thefield){ 311 if(!isset($thefield["select"])){ 312 switch($fieldname){ 313 case "id": 314 case "creationdate": 315 case "createdby": 316 break; 317 318 case "modifiedby": 319 $updatestatement .= "`modifiedby` = ".((int) $modifiedby).", "; 320 break; 321 322 case "modifieddate": 323 $updatestatement .= "`modifieddate` = NOW(), "; 324 break; 325 326 default: 327 if(!isset($variables[$fieldname]) && strpos($thefield["flags"],"not_null") !== false) 328 $variables[$fieldname] = $this->getDefaultByType($thefield["type"],true); 329 330 if(isset($variables[$fieldname])) 331 $updatestatement .= "`".$fieldname."` = ".$this->prepareFieldForSQL($variables[$fieldname],$thefield["type"],$thefield["flags"]).", "; 332 break; 333 }//end switch field name 334 }//end if 335 }//end foreach 336 $updatestatement = substr($updatestatement, 0, strlen($updatestatement)-2); 337 338 $updatestatement .= " WHERE `id`=".((int) $variables["id"]); 339 340 $updateresult = $this->db->query($updatestatement); 341 342 343 return true; 344 } 345 346 347 function insertRecord($variables,$createdby = NULL, $overrideID = false){ 348 349 if($createdby === NULL) 350 if(isset($_SESSION["userinfo"]["id"])) 351 $createdby = $_SESSION["userinfo"]["id"]; 352 else 353 $error = new appError(-840,"Session Timed Out.","Creating New Record"); 354 355 356 $variables = addSlashesToArray($variables); 357 358 $fieldlist = ""; 359 $insertvalues = ""; 360 foreach($this->fields as $fieldname => $thefield){ 361 if(!isset($thefield["select"])){ 362 switch($fieldname){ 363 case "id": 364 if(isset($variables["id"])) 365 if($overrideID && $variables["id"]){ 366 $fieldlist .= "id, "; 367 $insertvalues .= ((int) $variables["id"]).", "; 368 }//endif 369 break; 370 371 case "createdby": 372 case "modifiedby": 373 $fieldlist .= $fieldname.", "; 374 $insertvalues .= ((int) $createdby).", "; 375 break; 376 377 case "creationdate": 378 case "modifieddate": 379 $fieldlist .= $fieldname.", "; 380 $insertvalues .= "NOW(), "; 381 break; 382 383 default: 384 if(!isset($variables[$fieldname]) && strpos($thefield["flags"],"not_null") !== false) 385 $variables[$fieldname] = $this->getDefaultByType($thefield["type"],true); 386 387 if(isset($variables[$fieldname])){ 388 $fieldlist .= "`".$fieldname."`, "; 389 $insertvalues .= $this->prepareFieldForSQL($variables[$fieldname],$thefield["type"],$thefield["flags"]).", "; 390 }//endif - fieldname 391 break; 392 }//end switch field name 393 }//end if 394 }//end foreach 395 $fieldlist = substr($fieldlist, 0, strlen($fieldlist)-2); 396 $insertvalues = substr($insertvalues, 0, strlen($insertvalues)-2); 397 398 $insertstatement = "INSERT INTO ".$this->maintable." (".$fieldlist.") VALUES (".$insertvalues.")"; 399 $insertresult = $this->db->query($insertstatement); 400 401 if($insertresult) 402 return $this->db->insertId(); 317 403 else 318 $error = new appError(-840,"Session Timed Out.","Creating New Record"); 319 320 321 $variables = addSlashesToArray($variables); 322 323 $fieldlist = ""; 324 $insertvalues = ""; 325 foreach($this->fields as $fieldname => $thefield){ 326 if(!isset($thefield["select"])){ 327 switch($fieldname){ 328 case "id": 329 if(isset($variables["id"])) 330 if($overrideID && $variables["id"]){ 331 $fieldlist .= "id, "; 332 $insertvalues .= ((int) $variables["id"]).", "; 333 }//endif 334 break; 335 336 case "createdby": 337 case "modifiedby": 338 $fieldlist .= $fieldname.", "; 339 $insertvalues .= ((int) $createdby).", "; 340 break; 341 342 case "creationdate": 343 case "modifieddate": 344 $fieldlist .= $fieldname.", "; 345 $insertvalues .= "NOW(), "; 346 break; 347 348 default: 349 if(!isset($variables[$fieldname]) && strpos($thefield["flags"],"not_null") !== false) 350 $variables[$fieldname] = $this->getDefaultByType($thefield["type"],true); 351 352 if(isset($variables[$fieldname])){ 353 $fieldlist .= "`".$fieldname."`, "; 354 $insertvalues .= $this->prepareFieldForSQL($variables[$fieldname],$thefield["type"],$thefield["flags"]).", "; 355 }//endif - fieldname 356 break; 357 }//end switch field name 358 }//end if 359 }//end foreach 360 $fieldlist = substr($fieldlist, 0, strlen($fieldlist)-2); 361 $insertvalues = substr($insertvalues, 0, strlen($insertvalues)-2); 362 363 $insertstatement = "INSERT INTO ".$this->maintable." (".$fieldlist.") VALUES (".$insertvalues.")"; 364 $insertresult = $this->db->query($insertstatement); 365 366 if($insertresult) 367 return $this->db->insertId(); 368 else 369 return false; 370 } 371 372 373 function processAddEditPage(){ 374 if(!isset($_POST["command"])){ 375 376 if(isset($_GET["id"])){ 377 //editing 378 if(!hasRights($this->editroleid)) 379 goURL(APP_PATH."noaccess.php"); 380 else 381 return $this->getRecord((integer) $_GET["id"]); 382 } else { 383 if(!hasRights($this->addroleid)) 384 goURL(APP_PATH."noaccess.php"); 385 else 386 return $this->getDefaults(); 404 return false; 405 } 406 407 408 function processAddEditPage(){ 409 if(!isset($_POST["command"])){ 410 411 if(isset($_GET["id"])){ 412 //editing 413 if(!hasRights($this->editroleid)) 414 goURL(APP_PATH."noaccess.php"); 415 else 416 return $this->getRecord((integer) $_GET["id"]); 417 } else { 418 if(!hasRights($this->addroleid)) 419 goURL(APP_PATH."noaccess.php"); 420 else 421 return $this->getDefaults(); 422 } 387 423 } 388 } 389 else 390 { 391 switch($_POST["command"]){ 392 case "cancel": 393 // if we needed to do any clean up (deleteing temp line items) 394 if(!isset($_POST["id"])) $_POST["id"]=0; 395 396 $theurl = $this->backurl; 397 398 if(isset($_POST["id"])) 399 $theurl .= "#".((int) $_POST["id"]); 400 goURL($theurl); 401 break; 402 case "save": 403 if($_POST["id"]) { 404 $this->updateRecord($_POST); 405 $theid = $_POST["id"]; 406 //get record 407 $therecord = $this->getRecord($theid); 408 $therecord["phpbmsStatus"]="Record Updated"; 409 410 return $therecord; 411 } 412 else { 413 $theid = $this->insertRecord($_POST); 414 415 //get record 416 $therecord=$this->getRecord($theid); 417 $therecord["phpbmsStatus"] = "<div style=\"float:right;margin-top:-3px;\"><button type=\"button\" class=\"smallButtons\" onclick=\"document.location='".str_replace("&","&",$_SERVER["REQUEST_URI"])."'\">add new</button></div>"; 418 $therecord["phpbmsStatus"] .= "Record Created"; 419 420 return $therecord; 421 } 422 break; 423 }//end command switch 424 }// end if 425 }// end function 426 } 424 else 425 { 426 switch($_POST["command"]){ 427 case "cancel": 428 // if we needed to do any clean up (deleteing temp line items) 429 if(!isset($_POST["id"])) $_POST["id"]=0; 430 431 $theurl = $this->backurl; 432 433 if(isset($_POST["id"])) 434 $theurl .= "#".((int) $_POST["id"]); 435 goURL($theurl); 436 break; 437 case "save": 438 439 $variables = $this->prepareVariables($_POST); 440 $errorArray = $this->verifyVariables($variables); 441 442 if($_POST["id"]) { 443 444 $theid = $variables["id"]; 445 446 if(!count($errorArray)){ 447 448 $this->updateRecord($variables); 449 450 //get record 451 $therecord = $this->getRecord($theid); 452 $therecord["phpbmsStatus"] = "Record Updated"; 453 }else{ 454 foreach($errorArray as $error) 455 $logError = new appError(-900, $error, "Verification Error"); 456 457 //get record 458 $therecord = $this->getRecord($theid); 459 $therecord["phpbmsStatus"] = "Data Verification Error"; 460 }//end if 461 462 463 464 return $therecord; 465 } 466 else { 467 468 $theid = 0; 469 470 if(!count($errorArray)){ 471 $theid = $this->insertRecord($variables); 472 //get record 473 $therecord = $this->getRecord($theid); 474 $therecord["phpbmsStatus"] = "<div style=\"float:right;margin-top:-3px;\"><button type=\"button\" class=\"smallButtons\" onclick=\"document.location='".str_replace("&","&",$_SERVER["REQUEST_URI"])."'\">add new</button></div>"; 475 $therecord["phpbmsStatus"] .= "Record Created"; 476 }else{ 477 foreach($errorArray as $error) 478 $logError = new appError(-900, $error, "Verification Error"); 479 480 //get record 481 $therecord = $this->getRecord($theid); 482 $therecord["phpbmsStatus"] .= "Data Verification Error"; 483 }//end if 484 485 return $therecord; 486 } 487 break; 488 }//end command switch 489 }// end if 490 }// end function 491 }//end class 427 492 ?>
