public function getEntityCountForList($listId)
{
$query = 'select count(*) from entityList EL inner join entityListItem ELI on EL.id =ELI.entityListId';
$query .= ' where EL.entity="product" and EL.id=' . Database::queryNumber($listId) . ' and EL.tenantid=' . Database::queryNumber($this->tenantid) . ';';
$data = Database::executeQuery($query);
if ($data->num_rows == 0) {
//no match found.
return 0;
} else {
$r = mysqli_fetch_row($data);
return $r[0];
}
}
protected function getEntityCountQuery($filters)
{
// override base to allow searching for features by the following:
// author (or authorid), same result
$where = '';
if (array_key_exists('news', $filters)) {
$where = ' and isNewsItem=1';
}
if (array_key_exists('author', $filters)) {
// use author
$where = ' and author = ' . Database::queryNumber($filters['author']);
} elseif (array_key_exists('authorid', $filters)) {
// use author
$where = ' and author = ' . Database::queryNumber($filters['authorid']);
}
$query = 'select count(*) from ' . lcfirst($this->getName()) . ' where tenantid=' . $this->tenantid . $where;
return $query;
}
protected function getEntitiesQuery($filters, $return, $offset)
{
$name = null;
$description = null;
if (isset($filters["locationid"])) {
$query = "call getMediaByLocationId(" . Database::queryNumber($filters["locationid"]) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . ");";
return $query;
} else {
if (isset($filters["name"])) {
$name = $filters["name"];
}
if (isset($filters["description"])) {
$description = $filters["description"];
}
$query = "call getMediaItemsEx(" . Database::queryString($name) . "," . Database::queryString($description) . "," . Database::queryNumber($this->tenantid) . "," . Database::queryNumber($this->userid) . "," . Database::queryNumber($return) . "," . Database::queryNumber($offset) . ");";
return $query;
}
}
public function setTenantAccess($data)
{
// TO DO: 1. remove all exiting tenants
// 2. cycle through $data and add access to each tenant specified
$queries = array("call removeTenantUsers(" . $this->id . ");");
$tenants = $data->{'tenants'};
foreach ($tenants as $tenant) {
$query = "call addTenantUserRole(" . Database::queryNumber($this->id) . "," . Database::queryNumber($tenant->{'tenantid'}) . "," . Database::queryString($tenant->{'role'}) . ");";
array_push($queries, $query);
}
Database::executeQueriesInTransaction($queries);
}
protected function getEntitiesQuery($filters, $return, $offset)
{
// override default since we don't need tenantID on this one.
$query = 'call getTenants(' . Database::queryNumber($this->userid) . ', ' . Database::queryNumber($return) . ', ' . Database::queryNumber($offset) . ');';
return $query;
}
* get parameters are:
* collection: name of the pageCollection to update (e.g. 'home')
* pageid: id of the page
* sort: new sort/sequence number for the page
*/
include_once dirname(__FILE__) . '/../partials/pageCheck.php';
include_once dirname(__FILE__) . '/../classes/utility.php';
include_once dirname(__FILE__) . '/../classes/service.php';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$collection = Utility::getRequestVariable("collection", "");
$pageid = Utility::getRequestVariable("pageid", "");
$sort = Utility::getRequestVariable("sort", "");
if ($collection == "") {
Service::returnError('collection parameter is required.');
}
if ($pageid == "") {
Service::returnError('pageid parameter is required.');
}
if ($sort == "") {
Service::returnError('sort parameter is required.');
}
if (!$user->hasRole('admin', $tenantID)) {
Service::returnError('Access denied.', 403);
}
$query = "call setPageSortOrderForCollection(" . Database::queryString($collection) . "," . Database::queryNumber($pageid) . "," . Database::queryNumber($sort) . "," . Database::queryNumber($tenantID) . ");";
Database::executeQuery($query);
$json = '{"success":true}';
Service::returnJSON($json);
} else {
Service::returnError('Unsupported HTTP method.');
}
public function updatepassword($pass)
{
$secure_pass = generateHash($pass);
$query = "UPDATE user SET password = " . Database::queryString($secure_pass) . ' WHERE id = ' . Database::queryNumber($this->id);
return Database::executeQuery($query);
}
include_once dirname(__FILE__) . '/../partials/pageCheck.php';
include_once dirname(__FILE__) . '/../classes/database.php';
include_once dirname(__FILE__) . '/../classes/utility.php';
include_once dirname(__FILE__) . '/../classes/service.php';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$event = Utility::getRequestVariable('event', 'unknown event');
$entityType = Utility::getRequestVariable('entityType', 'unknown entity');
$entityId = Utility::getRequestVariable('entityId', 0);
$query = "INSERT INTO event (event,entityType,entityId,userId,sessionId,tenantId) values (";
$query .= Database::queryString($event);
$query .= ',' . Database::queryString($entityType);
$query .= ',' . Database::queryNumber($entityId);
$query .= ',' . Database::queryNumber($userID);
$query .= ',' . Database::queryString(session_id());
$query .= ',' . Database::queryNumber($tenantID);
$query .= ")";
$errorMsg = '';
try {
Database::executeQuery($query);
} catch (Exception $ex) {
$errorMsg = $ex->getMessage();
}
if (strlen($errorMsg) > 0) {
Service::returnError($errorMsg);
} else {
Service::returnJSON('{result: true}');
}
} else {
echo "Unsupported HTTP method.";
}
// to do: add more data validations
Utility::debug('Updating location', 5);
$query = "call updateLocation(" . Database::queryString($data->{'id'});
$query .= "," . Database::queryString($data->{'name'});
$query .= "," . Database::queryString($data->{'address'});
$query .= "," . Database::queryString($data->{'city'});
$query .= "," . Database::queryString($data->{'state'});
$query .= "," . Database::queryString($data->{'phone'});
$query .= "," . Database::queryString($data->{'url'});
$query .= "," . Database::queryString($data->{'imageurl'});
$query .= "," . Database::queryNumber($data->{'latitude'});
$query .= "," . Database::queryNumber($data->{'longitude'});
$query .= "," . Database::queryString($data->{'shortdescription'});
$query .= "," . Database::queryString($data->{'googleReference'});
$query .= "," . Database::queryString($data->{'googlePlacesId'});
$query .= "," . Database::queryNumber($data->{'tenantid'});
$query .= ')';
try {
$result = Database::executeQuery($query);
} catch (Exception $e) {
$result = false;
if ($debug > 0) {
// don't reveal errors unless in debug mode
$errMessage = $e->getMessage();
} else {
$errMessage = 'Unknown error.';
}
}
if (!$result) {
header(' ', true, 500);
echo 'Unable to save location. ' . $errMessage;
function fetchData($originLat, $originLong, $destLat, $destLong, $maxDetour, $numToReturn, $filter, $tenantID, $userID)
{
// build query
if (strlen($filter) > 0) {
$query = "call getLocationsOnRouteByCategoryIdList(";
} else {
$query = "call getLocationsOnRoute(";
}
$query .= Database::queryNumber($originLat);
$query .= ', ' . Database::queryNumber($originLong);
$query .= ', ' . Database::queryNumber($destLat);
$query .= ', ' . Database::queryNumber($destLong);
$query .= ', ' . Database::queryNumber($maxDetour);
$query .= ', ' . Database::queryNumber($numToReturn);
$query .= ', ' . Database::queryNumber($tenantID);
$query .= ', ' . Database::queryNumber($userID);
if (strlen($filter) > 0) {
$query .= ', ' . Database::queryString($filter);
}
$query .= ')';
$data = Database::executeQuery($query);
return $data;
}
}
$response = '{"id":' . json_encode($newID) . "}";
Utility::debug('Endorsement added: ID=' . $newID, 5);
header('Content-Type: application/json');
echo $response;
}
} else {
// this is an existing record: update
// to do: add data validations
Utility::debug('Updating endorsement', 5);
echo 'Unable to uodate endorsement: method is not yet implemented';
header(' ', true, 500);
}
} elseif ($_SERVER['REQUEST_METHOD'] == "DELETE") {
$json = file_get_contents('php://input');
$data = json_decode($json);
// to do: got to figure out how to secure this sucker
$id = $data->{'id'};
if (!$id > 0) {
echo 'Unable to delete endorsement: an ID is required';
header(' ', true, 400);
die;
}
Utility::debug('Deleting endorsement id=' . $id, 5);
$query = "call deleteLocationEndorsement(" . Database::queryNumber($id);
$query .= "," . Database::queryNumber($tenantID);
$query .= ')';
$result = Database::executeQuery($query);
} else {
echo "Unsupported HTTP method.";
}
function getSavePropertySQL($id, $key, $value)
{
$tablename = lcfirst($this->getName()) . 'Property';
$idname = lcfirst($this->getName()) . 'id';
// key is a reserved word, making this a bit of a pain (hence appendeding table name)
$query = 'insert into ' . $tablename . ' (' . $idname . ',' . $tablename . '.key,value)';
$query .= ' values (' . Database::queryNumber($id);
$query .= ', ' . Database::queryString($key);
$query .= ', ' . Database::queryString($value) . ');';
return $query;
}
public static function getBatchStatus($id, $tenantid, $userid)
{
$query = 'call getBatchById(' . Database::queryNumber($id) . ',' . $tenantid . ',' . $userid . ')';
$result = Database::executeQuery($query);
return $result;
}
protected function getEntitiesQuery($filters, $return, $offset)
{
return "call getAssignments(" . Database::queryNumber($this->userid) . ',' . $return . ',' . $offset . ',' . $this->tenantid . ');';
}
