Context Navigation

← Previous Changeset
Next Changeset →

Changeset 726

Timestamp:

01/06/10 23:35:21 (2 years ago)

Author:

brieb

Message:

We bother to program security roles, and then forget to set those roles for the most crucial area - users. Ugh!

Location:

trunk/phpbms

Files:

: 4 modified

install/tabledefs.sql (modified) (1 diff)
install/updatev0.98.sql (modified) (5 diffs)
loadsearch.php (modified) (1 diff)
modules/base/tabledefs_addedit.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/phpbms/install/tabledefs.sql

r647	r726
1		INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:afe6d297-b484-4f0b-57d4-1c39412e9dfb', 'Users', 'usr', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'users', 'users', 'modules/base/users_addedit.php', '~~', 'modules/base/users_addedit.php', '', NULL, 'Admin', '~~', 'Admin', 'Admin', 'revoke', '0', '1', 'users.id !=0', 'users.id', '', '', '', 1, NOW(), 1, NOW());
2		INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:8d19c73c-42fb-d829-3681-d20b4dbe43b9', 'Relationships', 'rln', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'relationships', '(`relationships` INNER JOIN `tabledefs` AS `fromtable` ON `relationships`.`fromtableid`=`fromtable`.`uuid`) INNER JOIN `tabledefs` AS `totable` ON `relationships`.`totableid`=`totable`.`uuid`', 'modules/base/relationships_addedit.php', '~~', 'modules/base/relationships_addedit.php', '', NULL, 'Admin', '~~', 'Admin', 'Admin', 'delete', '0', '0', 'relationships.id != 0', 'fromtable.displayname, name', '', '', '', 1, NOW(), 1, NOW());
	1	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:afe6d297-b484-4f0b-57d4-1c39412e9dfb', 'Users', 'usr', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'users', 'users', 'modules/base/users_addedit.php', 'Admin', 'modules/base/users_addedit.php', 'Admin', NULL, 'Admin', 'Admin', 'Admin', 'Admin', 'revoke', '0', '1', 'users.id !=0', 'users.id', '', '', '', 1, NOW(), 1, NOW());
	2	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:8d19c73c-42fb-d829-3681-d20b4dbe43b9', 'Relationships', 'rln', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'relationships', '(`relationships` INNER JOIN `tabledefs` AS `fromtable` ON `relationships`.`fromtableid`=`fromtable`.`uuid`) INNER JOIN `tabledefs` AS `totable` ON `relationships`.`totableid`=`totable`.`uuid`', 'modules/base/relationships_addedit.php', 'Admin', 'modules/base/relationships_addedit.php', 'Admin', NULL, 'Admin', 'Admin', 'Admin', 'Admin', 'delete', '0', '0', 'relationships.id != 0', 'fromtable.displayname, name', '', '', '', 1, NOW(), 1, NOW());
3	3	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3', 'Table Definitions', 'tbld', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'tabledefs', '`tabledefs` LEFT JOIN `modules` ON `tabledefs`.`moduleid` = `modules`.`uuid`', 'modules/base/tabledefs_addedit.php', 'Admin', 'modules/base/tabledefs_addedit.php', 'Admin', NULL, 'Admin', 'Admin', 'Admin', 'Admin', 'delete', '0', '0', 'tabledefs.id != 0', 'modules.name, tabledefs.displayname', '', '', '', 1, NOW(), 1, NOW());
4	4	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1', 'Notes', 'note', 'table', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'notes', 'notes', 'modules/base/notes_addedit.php', '', 'modules/base/notes_addedit.php', '', NULL, 'Admin', '', 'Admin', 'Admin', 'delete', '0', '1', 'notes.type=\'NT\' AND notes.createdby = {{$_SESSION[\'userinfo\'][\'id\']}} AND completed=0', 'notes.category,notes.type,notes.importance DESC,notes.creationdate', 'search', 'My Unread Notes', 'new', 1, NOW(), 1, NOW());
5		INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:d595ef42-db9d-2233-1b9b-11dfd0db9cbb', 'Reports', 'rpt', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'reports', '`reports` LEFT JOIN `tabledefs` ON `reports`.`tabledefid` = `tabledefs`.`uuid`', 'modules/base/reports_addedit.php', '~~', 'modules/base/reports_addedit.php', '', NULL, 'Admin', '~~', 'Admin', 'Admin', 'delete', '0', '0', 'reports.id != 0', 'tabledefid,displayorder DESC, reports.name', '', '', '', 1, NOW(), 1, NOW());
6		INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:e251524a-2da4-a0c9-8725-d3d0412d8f4a', 'Saved Searches/Sorts', 'sss', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'usersearches', '(`usersearches` LEFT JOIN `users` ON `usersearches`.`userid` = `users`.`uuid`) INNER JOIN `tabledefs` ON `usersearches`.`tabledefid`=`tabledefs`.`uuid`', 'modules/base/usersearches_edit.php', '~~', 'N/A', '', NULL, 'Admin', '~~', 'Admin', 'Admin', 'delete', '0', '0', 'usersearches.id != 0', 'usersearches.name', '', '', '', 1, NOW(), 1, NOW());
	5	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:d595ef42-db9d-2233-1b9b-11dfd0db9cbb', 'Reports', 'rpt', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'reports', '`reports` LEFT JOIN `tabledefs` ON `reports`.`tabledefid` = `tabledefs`.`uuid`', 'modules/base/reports_addedit.php', 'Admin', 'modules/base/reports_addedit.php', 'Admin', NULL, 'Admin', 'Admin', 'Admin', 'Admin', 'delete', '0', '0', 'reports.id != 0', 'tabledefid,displayorder DESC, reports.name', '', '', '', 1, NOW(), 1, NOW());
	6	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:e251524a-2da4-a0c9-8725-d3d0412d8f4a', 'Saved Searches/Sorts', 'sss', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'usersearches', '(`usersearches` LEFT JOIN `users` ON `usersearches`.`userid` = `users`.`uuid`) INNER JOIN `tabledefs` ON `usersearches`.`tabledefid`=`tabledefs`.`uuid`', 'modules/base/usersearches_edit.php', 'Admin', 'N/A', 'Admin', NULL, 'Admin', 'Admin', 'Admin', 'Admin', 'delete', '0', '0', 'usersearches.id != 0', 'usersearches.name', '', '', '', 1, NOW(), 1, NOW());
7	7	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:83187e3d-101e-a8a5-037f-31e9800fed2d', 'Menu', 'menu', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'menu', '((menu LEFT JOIN menu as parentmenu on menu.parentid=parentmenu.uuid) LEFT JOIN roles on menu.roleid=roles.uuid)', 'modules/base/menu_addedit.php', 'Admin', 'modules/base/menu_addedit.php', 'Admin', NULL, 'Admin', 'Admin', 'Admin', 'Admin', 'delete', '0', '0', 'menu.id!=0', 'if(parentmenu.name is null,menu.displayorder,parentmenu.displayorder+(menu.displayorder+1)/10000)', '', '', '', 1, NOW(), 1, NOW());
8		INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:ea159d67-5e89-5b7f-f5a0-c740e147cd73', 'Installed Modules', 'mod', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'modules', 'modules', 'modules/base/modules_view.php', '~~', 'modules/base/modules_view.php', '', NULL, 'Admin', '~~', 'Admin', 'Admin', 'NA', '0', '0', 'modules.id!=0', 'modules.name', '', '', '', 1, NOW(), 1, NOW());
	8	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:ea159d67-5e89-5b7f-f5a0-c740e147cd73', 'Installed Modules', 'mod', 'system', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'modules', 'modules', 'modules/base/modules_view.php', 'Admin', 'modules/base/modules_view.php', 'Admin', NULL, 'Admin', 'Admin', 'Admin', 'Admin', 'NA', '0', '0', 'modules.id!=0', 'modules.name', '', '', '', 1, NOW(), 1, NOW());
9	9	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:2bc3e683-81f9-694a-9550-a0c7263057de', 'Tasks', NULL, 'view', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'notes', '((`notes` LEFT JOIN `users` AS `assignedto` ON `assignedto`.`uuid` = `notes`.`assignedtoid`) LEFT JOIN `users` as `assignedby` ON `assignedby`.`uuid`=`notes`.`assignedbyid`)', 'modules/base/notes_addedit.php?backurl=../../search.php?id=23', '', 'modules/base/notes_addedit.php?ty=TS&backurl=../../search.php?id=23', '', NULL, 'Admin', '', 'Admin', 'Admin', 'delete', '0', '0', 'notes.type=\'TS\' AND notes.createdby = {{$_SESSION[\'userinfo\'][\'id\']}} AND completed=0', 'notes.category,notes.enddate,notes.endtime,notes.startdate,notes.starttime,notes.importance DESC,notes.subject', 'search', 'My Uncompleted Tasks', '', 1, NOW(), 1, NOW());
10	10	INSERT INTO `tabledefs` (`uuid`, `displayname`, `prefix`, `type`, `moduleid`, `maintable`, `querytable`, `editfile`, `editroleid`, `addfile`, `addroleid`, `importfile`, `importroleid`, `searchroleid`, `advsearchroleid`, `viewsqlroleid`, `deletebutton`, `canpost`, `hascustomfields`, `defaultwhereclause`, `defaultsortorder`, `defaultsearchtype`, `defaultcriteriafindoptions`, `defaultcriteriaselection`, `createdby`, `creationdate`, `modifiedby`, `modifieddate`) VALUES ('tbld:0fcca651-6c34-c74d-ac04-2d88f602dd71', 'Events', NULL, 'view', 'mod:29873ee8-c12a-e3f6-9010-4cd24174ffd7', 'notes', '((`notes` LEFT JOIN `users` AS `assignedto` ON `assignedto`.`uuid` = `notes`.`assignedtoid`) LEFT JOIN `users` as `assignedby` ON `assignedby`.`uuid`=`notes`.`assignedbyid`)', 'modules/base/notes_addedit.php?backurl=../../search.php?id=24', '', 'modules/base/notes_addedit.php?ty=EV&backurl=../../search.php?id=24', '', NULL, 'Admin', '', 'Admin', 'Admin', 'delete', '0', '0', 'notes.type=\'EV\' AND notes.createdby = {{$_SESSION[\'userinfo\'][\'id\']}} AND ((notes.startdate = year(notes.startdate)=year(curdate()) and week(notes.startdate)=week(curdate())))', 'notes.startdate DESC,notes.starttime DESC,notes.enddate DESC,notes.endtime DESC,notes.importance', 'search', NULL, NULL, 1, NOW(), 1, NOW());

trunk/phpbms/install/updatev0.98.sql

r715	r726
335	335	UPDATE `tabledefs` SET
336	336	`uuid` = 'tbld:afe6d297-b484-4f0b-57d4-1c39412e9dfb',
	337	`searchroleid` = -100,
	338	`addroleid` = -100,
	339	`editroleid` = -100,
337	340	`prefix` = 'usr'
338	341	WHERE
…	…
341	344	UPDATE `tabledefs` SET
342	345	`uuid`='tbld:8d19c73c-42fb-d829-3681-d20b4dbe43b9',
	346	`searchroleid` = -100,
	347	`addroleid` = -100,
	348	`editroleid` = -100,
343	349	`prefix` = 'rln',
344	350	`querytable` = '(`relationships` INNER JOIN `tabledefs` AS `fromtable` ON `relationships`.`fromtableid`=`fromtable`.`uuid`) INNER JOIN `tabledefs` AS `totable` ON `relationships`.`totableid`=`totable`.`uuid`'
…	…
361	367	UPDATE `tabledefs` SET
362	368	`uuid`='tbld:d595ef42-db9d-2233-1b9b-11dfd0db9cbb',
	369	`searchroleid` = -100,
	370	`addroleid` = -100,
	371	`editroleid` = -100,
363	372	`prefix` = 'rpt',
364	373	`querytable` = '`reports` LEFT JOIN `tabledefs` ON `reports`.`tabledefid` = `tabledefs`.`uuid`'
…	…
368	377	UPDATE `tabledefs` SET
369	378	`uuid`='tbld:e251524a-2da4-a0c9-8725-d3d0412d8f4a',
	379	`searchroleid` = -100,
	380	`addroleid` = -100,
	381	`editroleid` = -100,
370	382	`prefix` = 'sss',
371	383	`querytable` = '(`usersearches` LEFT JOIN `users` ON `usersearches`.`userid` = `users`.`uuid`) INNER JOIN `tabledefs` ON `usersearches`.`tabledefid`=`tabledefs`.`uuid`'
…	…
375	387	UPDATE `tabledefs` SET
376	388	`uuid`='tbld:ea159d67-5e89-5b7f-f5a0-c740e147cd73',
	389	`searchroleid` = -100,
	390	`addroleid` = -100,
	391	`editroleid` = -100,
377	392	`prefix` = 'mod'
378	393	WHERE

trunk/phpbms/loadsearch.php

r725	r726
37	37	+-------------------------------------------------------------------------+
38	38	*/
39		require("include/session.php");
40
41		class savedSearch{
42
43		var $db;
44
45		function savedSearch($db){
46		$this->db=$db;
47		}
48
49		function delete($id){
50		$querystatement="DELETE FROM usersearches
51		WHERE id=".((int) $id);
52		$queryresult = $this->db->query($querystatement);
53
54		echo "success";
55		}
56
57
58		/**
59		* saves current search
60		*
61		* @param string $name name to save search as
62		* @param integer $tabledefid table definition's id
63		* @param string $userid uuid of user
64		*/
65		function save($name,$tabledefid,$userid){
66
67		$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
68
69		$querystatement = "
70		SELECT
71		`prefix`
72		FROM
73		`tabledefs`
74		WHERE
75		`uuid` = '".$uuid."'
76		";
	39
	40	class savedSearch{
	41
	42	var $db;
	43
	44	function savedSearch($db){
	45
	46	$this->db=$db;
	47
	48	}//end function init
	49
	50
	51	function delete($id){
	52
	53	$querystatement="DELETE FROM usersearches
	54	WHERE id=".((int) $id);
	55	$queryresult = $this->db->query($querystatement);
	56
	57	echo "success";
	58
	59	}//end function delete
	60
	61
	62	/**
	63	* saves current search
	64	*
	65	* @param string $name name to save search as
	66	* @param integer $tabledefid table definition's id
	67	* @param string $userid uuid of user
	68	*/
	69	function save($name,$tabledefid,$userid){
	70
	71	$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
	72
	73	$querystatement = "
	74	SELECT
	75	`prefix`
	76	FROM
	77	`tabledefs`
	78	WHERE
	79	`uuid` = '".$uuid."'";
	80
	81	$queryresult = $this->db->query($querystatement);
	82
	83	$therecord = $this->db->fetchArray($queryresult);
	84	$prefix = $therecord["prefix"];
	85
	86	$insertstatement = "
	87	INSERT INTO
	88	usersearches
	89	(
	90	userid,
	91	tabledefid,
	92	name,
	93	`type`,
	94	sqlclause,
	95	`uuid`
	96	) VALUES (
	97	'".mysql_real_escape_string($userid)."',
	98	'".mysql_real_escape_string($uuid)."',
	99	'".mysql_real_escape_string($name)."',
	100	'SCH',
	101	'".addslashes($_SESSION["tableparams"][$tabledefid]["querywhereclause"])."',
	102	'".uuid($prefix.":")."'
	103	)";
	104
	105	$this->db->query($insertstatement);
	106
	107	echo "search saved";
	108
	109	}//endfunction save
	110
	111
	112	/**
	113	* displays sql clause for saved search
	114	*
	115	* @param integer $id savedsearch id
	116	*/
	117	function get($id){
	118
	119	$querystatement="
	120	SELECT
	121	sqlclause
	122	FROM
	123	usersearches
	124	WHERE id=".((int) $id);
	125
	126	$queryresult = $this->db->query($querystatement);
	127
	128	$therecord = $this->db->fetchArray($queryresult);
	129
	130	echo $therecord["sqlclause"];
	131
	132	}//end function
	133
	134
	135	/**
	136	* generates the select input of saved searches
	137	*
	138	* @param mysql query result $queryresult
	139	*/
	140	function showSavedSearchList($queryresult){
	141
	142	$numrows = $this->db->numRows($queryresult);
	143
	144	?>
	145	<select id="LSList" name="LSList" <?php if ($numrows<1) echo "disabled" ?> size="10" style="width:170px;height:160px;" onchange="LSsearchSelect(this,'<?php echo APP_PATH ?>')">
	146	<?php if($numrows<1) {?>
	147
	148	<option value="NA">No Saved Searches</option>
	149
	150	<?php
	151	} else {
	152
	153	$numglobal=0;
	154
	155	while($therecord=$this->db->fetchArray($queryresult))
	156	if($therecord["userid"]<1) $numglobal++;
	157
	158	$this->db->seek($queryresult,0);
	159
	160	if($numglobal>0){ ?>
	161	<option value="NA" style="font-style:italic;font-weight:bold"> -- global searches ---------</option>
	162	<?php
	163	}//end if
	164
	165	$userqueryline = true;
	166
	167	while($therecord=$this->db->fetchArray($queryresult)){
	168
	169	if ($therecord["userid"] != '' and $userqueryline) {
	170
	171	$userqueryline = false;
	172
	173	?><option value="NA" style="font-style:italic;font-weight:bold"> -- user searches ---------</option><?php
	174
	175	}//endif
	176
	177	?><option value="<?php echo $therecord["id"]?>"><?php echo $therecord["name"]?></option><?php
	178
	179	}// end while
	180
	181	}//end if
	182	?>
	183	</select>
	184	<?php
	185
	186	}//end function showSavedSearchList
	187
	188
	189	/**
	190	* displays the load box for saved searches
	191	*
	192	* @param integer $tabledefid id of tabledef
	193	* @param string $userid uuid of user
	194	* @param string $securitywhere additional security based where clause to pass
	195	*/
	196	function showLoad($tabledefid,$userid,$securitywhere){
	197
	198	$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
	199
	200	$querystatement = "
	201	SELECT
	202	id,
	203	name,
	204	userid
	205	FROM
	206	usersearches
	207	WHERE
	208	tabledefid = '".$uuid."'
	209	AND type='SCH'
	210	AND (
	211	(userid = '' ".$securitywhere.")
	212	OR userid = '".$userid."')
	213	ORDER BY
	214	userid,
	215	name";
77	216
78	217	$queryresult = $this->db->query($querystatement);
79	218
80		$therecord = $this->db->fetchArray($queryresult);
81		$prefix = $therecord["prefix"];
82
83		$insertstatement = "
84		INSERT INTO
85		usersearches
86		(
87		userid,
88		tabledefid,
89		name,
90		`type`,
91		sqlclause,
92		`uuid`
93		) VALUES (
94		'".mysql_real_escape_string($userid)."',
95		'".mysql_real_escape_string($uuid)."',
96		'".mysql_real_escape_string($name)."',
97		'SCH',
98		'".addslashes($_SESSION["tableparams"][$tabledefid]["querywhereclause"])."',
99		'".uuid($prefix.":")."'
100		)";
101
102		$this->db->query($insertstatement);
103
104		echo "search saved";
105
106		}//endfunction save
107
108
109		/**
110		* displays sql clause for saved search
111		*
112		* @param integer $id savedsearch id
113		*/
114		function get($id){
115
116		$querystatement="
117		SELECT
118		sqlclause
119		FROM
120		usersearches
121		WHERE id=".((int) $id);
122
123		$queryresult = $this->db->query($querystatement);
124
125		$therecord = $this->db->fetchArray($queryresult);
126
127		echo $therecord["sqlclause"];
128
129		}//end function
130
131
132		/**
133		* generates the select input of saved searches
134		*
135		* @param mysql query result $queryresult
136		*/
137		function showSavedSearchList($queryresult){
138
139		$numrows = $this->db->numRows($queryresult);
140
141		?>
142		<select id="LSList" name="LSList" <?php if ($numrows<1) echo "disabled" ?> size="10" style="width:170px;height:160px;" onchange="LSsearchSelect(this,'<?php echo APP_PATH ?>')">
143		<?php if($numrows<1) {?>
144
145		<option value="NA">No Saved Searches</option>
146
147		<?php
148		} else {
149
150		$numglobal=0;
151
152		while($therecord=$this->db->fetchArray($queryresult))
153		if($therecord["userid"]<1) $numglobal++;
154
155		$this->db->seek($queryresult,0);
156
157		if($numglobal>0){ ?>
158		<option value="NA" style="font-style:italic;font-weight:bold"> -- global searches ---------</option>
159		<?php
160		}//end if
161
162		$userqueryline = true;
163
164		while($therecord=$this->db->fetchArray($queryresult)){
165
166		if ($therecord["userid"] != '' and $userqueryline) {
167
168		$userqueryline = false;
169
170		?><option value="NA" style="font-style:italic;font-weight:bold"> -- user searches ---------</option><?php
171
172		}//endif
173
174		?><option value="<?php echo $therecord["id"]?>"><?php echo $therecord["name"]?></option><?php
175
176		}// end while
177
178		}//end if
179		?>
180		</select>
181		<?php
182
183		}//end function showSavedSearchList
184
185
186		/**
187		* displays the load box for saved searches
188		*
189		* @param integer $tabledefid id of tabledef
190		* @param string $userid uuid of user
191		* @param string $securitywhere additional security based where clause to pass
192		*/
193		function showLoad($tabledefid,$userid,$securitywhere){
194
195		$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
196
197		$querystatement = "
198		SELECT
199		id,
200		name,
201		userid
202		FROM
203		usersearches
204		WHERE
205		tabledefid = '".$uuid."'
206		AND type='SCH'
207		AND (
208		(userid = '' ".$securitywhere.")
209		OR userid = '".$userid."')
210		ORDER BY
211		userid,
212		name";
213
214		$queryresult = $this->db->query($querystatement);
215
216		if(!$queryresult)
217		$error = new appError(500,"Cannot retrieve saved search information");
218
219		$querystatement="
220		SELECT
221		advsearchroleid
222		FROM
223		tabledefs
224		WHERE id= '".$tabledefid."'";
225
226		$tabledefresult = $this->db->query($querystatement);
227
228		if(!$tabledefresult)
229		$error = new appError(500,"Cannot retrieve table definition information.");
230
231		$tableinfo=$this->db->fetchArray($tabledefresult);
232
233		?>
234		<table border="0" cellpadding="0" cellspacing="0">
235		<tr>
236		<td valign="top">
237		<p>
238		<label for="LSList">saved searches</label><br />
239		<?php $this->showSavedSearchList($queryresult)?>
240		</p>
241		</td>
242		<td valign="top" width="100%">
243		<p>
244		<label for="LSSelectedSearch">name</label><br />
245		<input type="text" id="LSSelectedSearch" size="10" readonly="readonly" class="uneditable" />
246		</p>
247		<p>
248		<textarea id="LSSQL" rows="8" cols="10" <?php if(!hasRights($tableinfo["advsearchroleid"])) echo " readonly=\"readonly\""?>></textarea>
249		</p>
250		</td>
251		<td valign="top">
252		<p><br/><input id="LSLoad" type="button" onclick="LSRunSearch()" class="Buttons" disabled="disabled" value="run search"/></p>
253		<p><input id="LSDelete" type="button" onclick="LSDeleteSearch('<?php echo APP_PATH ?>')" class="Buttons" disabled="disabled" value="delete"/></p>
254		<div id="LSResults"> </div>
255		</td>
256		</tr>
257		</table>
258		<?php
259
260		}//end function showLoad
261
262		}//end class
	219	if(!$queryresult)
	220	$error = new appError(500,"Cannot retrieve saved search information");
	221
	222	$querystatement="
	223	SELECT
	224	advsearchroleid
	225	FROM
	226	tabledefs
	227	WHERE id= '".$tabledefid."'";
	228
	229	$tabledefresult = $this->db->query($querystatement);
	230
	231	if(!$tabledefresult)
	232	$error = new appError(500,"Cannot retrieve table definition information.");
	233
	234	$tableinfo=$this->db->fetchArray($tabledefresult);
	235
	236	?>
	237	<table border="0" cellpadding="0" cellspacing="0">
	238	<tr>
	239	<td valign="top">
	240	<p>
	241	<label for="LSList">saved searches</label><br />
	242	<?php $this->showSavedSearchList($queryresult)?>
	243	</p>
	244	</td>
	245	<td valign="top" width="100%">
	246	<p>
	247	<label for="LSSelectedSearch">name</label><br />
	248	<input type="text" id="LSSelectedSearch" size="10" readonly="readonly" class="uneditable" />
	249	</p>
	250	<p>
	251	<textarea id="LSSQL" rows="8" cols="10" <?php if(!hasRights($tableinfo["advsearchroleid"])) echo " readonly=\"readonly\""?>></textarea>
	252	</p>
	253	</td>
	254	<td valign="top">
	255	<p><br/><input id="LSLoad" type="button" onclick="LSRunSearch()" class="Buttons" disabled="disabled" value="run search"/></p>
	256	<p><input id="LSDelete" type="button" onclick="LSDeleteSearch('<?php echo APP_PATH ?>')" class="Buttons" disabled="disabled" value="delete"/></p>
	257	<div id="LSResults"> </div>
	258	</td>
	259	</tr>
	260	</table>
	261	<?php
	262
	263	}//end function showLoad
	264
	265	}//end class
263	266
264	267

trunk/phpbms/modules/base/tabledefs_addedit.php

r703	r726
69	69	$theform->addField($theinput);
70	70
71		$theinput = new inputCheckbox("apiaccessible",$therecord["apiaccessible"],"api accessible");
	71	$theinput = new inputCheckbox("apiaccessible",$therecord["apiaccessible"],"api accessible");
72	72	$theform->addField($theinput);
73	73

phpBMS

Context Navigation

Changeset 726

Legend:

trunk/phpbms/install/tabledefs.sql

trunk/phpbms/install/updatev0.98.sql

trunk/phpbms/loadsearch.php

trunk/phpbms/modules/base/tabledefs_addedit.php

Download in other formats: