PHP session_readonly Beispiele

Beispiel #1

Datei: Class.DeleteView.inc.php Projekt: sayemk/a2billing

 /** Format and execute the Delete query */
 public function PerformAction(&$form)
 {
     $dbg_elem = new DbgElem();
     $dbhandle = $form->a2billing->DBHandle();
     if ($form->FG_DEBUG > 0) {
         array_unshift($form->pre_elems, $dbg_elem);
     }
     $del_clauses = array();
     try {
         foreach ($form->model as $fld) {
             $qc = $fld->delQueryClause($dbhandle, $form);
             if ($qc) {
                 if (is_string($qc)) {
                     $del_clauses[] = $qc;
                 } elseif (is_array($qc)) {
                     $del_clauses = array_merge($del_clauses, $qc);
                 } else {
                     throw new Exception("Why clause " . gettype($qc) . " ?");
                 }
             }
         }
     } catch (Exception $ex) {
         $form->setAction('ask-del');
         $form->pre_elems[] = new ErrorElem($ex->getMessage());
         $dbg_elem->content .= $ex->getMessage() . ' (' . $ex->getCode() . ")\n";
         // 			throw new Exception( $err_str);
     }
     $query = "DELETE FROM " . $form->model_table;
     // Protect against a nasty update!
     if (count($del_clauses) < 1) {
         $form->pre_elems[] = new ErrorElem("Cannot delete, internal error");
         $dbg_elem->content .= "Delete: no query clauses!\n";
     }
     $query .= ' WHERE ' . implode(' AND ', $del_clauses) . ';';
     $dbg_elem->content .= $query . "\n";
     /* Note: up till now, no data has been quoted/sanitized. Thus, we
        feed it direcltly to the second part of the query. Pgsql, in particular,
        can handle a binary transfer of that data to the db, in a well protected
        manner */
     if (session_readonly()) {
         $dbg_elem->content .= "Read-only: query not performed.\n";
         $form->pre_elems[] = new StringElem(_("Read only. No data has been altered."));
         $form->setAction('list');
         return;
     }
     if ($form->FG_DEBUG > 4) {
         $form->setAction('ask-del');
         $dbg_elem->content .= "Debug mode, won't delete!\n";
         return;
     }
     $res = $dbhandle->Execute($query);
     if (!$res) {
         $form->setAction('ask-del');
         $form->pre_elems[] = new ErrorElem(str_params(_("Cannot delete %1, database error."), array($form->model_name_s), 1));
         $dbg_elem->content .= $dbhandle->ErrorMsg() . "\n";
         // 			throw new Exception( $err_str);
     } elseif ($dbhandle->Affected_Rows() < 1) {
         // No result rows: update clause didn't match
         $dbg_elem->content .= ".. EOF, no rows!";
         $dbg_elem->obj = $dbhandle->Affected_Rows();
         $form->pre_elems[] = new ErrorElem(str_params(_("Cannot delete %1, record not found."), array($form->model_name_s), 1));
         $form->setAction('list');
     } else {
         $dbg_elem->content .= "Success: DELETE " . $dbhandle->Affected_Rows() . "\n";
         $form->pre_elems[] = new StringElem(_("Record successfully removed from the database."));
         $form->setAction('list');
     }
 }

Beispiel #2

Datei: common.php Projekt: gfts/1btcxe-frontend

}
if (!empty($_SERVER["HTTPS"])) {
    ini_set('session.cookie_secure', 1);
}
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_path', '/');
ini_set('expose_php', 'off');
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Powered-By: WLOX');
/* Readonly Sessions */
if (empty($ajax)) {
    session_start();
    session_regenerate();
} else {
    session_readonly();
}
/* Current File Name */
$CFG->self = basename($_SERVER['SCRIPT_FILENAME']);
/* Check for Email Auth */
if (!empty($_REQUEST['email_auth']) && !empty($_REQUEST['authcode'])) {
    $email_authcode = urlencode($_REQUEST['authcode']);
    $email_authcode_request = $CFG->self == 'withdraw.php';
    User::logIn(false, false, $email_authcode, $email_authcode_request);
}
/* Common Info */
API::add('Lang', 'getTable');
API::add('Currencies', 'get');
API::add('User', 'verifyLogin');
API::add('Settings', 'get');
$query = API::send();

Beispiel #3

Datei: Class.AddView.inc.php Projekt: sayemk/a2billing

 public function PerformAction(&$form)
 {
     $dbg_elem = new DbgElem();
     $dbhandle = $form->a2billing->DBHandle();
     if ($form->FG_DEBUG > 0) {
         array_unshift($form->pre_elems, $dbg_elem);
     }
     // just build the value list..
     $ins_data = array();
     try {
         foreach ($form->model as $fld) {
             $fld->buildInsert($ins_data, $form);
         }
     } catch (Exception $ex) {
         $form->setAction('ask-add2');
         $form->pre_elems[] = new ErrorElem($ex->getMessage());
         $dbg_elem->content .= $ex->message . ' (' . $ex->getCode() . ")\n";
         // 			throw new Exception( $err_str);
     }
     $ins_keys = array();
     $ins_values = array();
     $ins_qm = array();
     foreach ($ins_data as $ins) {
         $ins_keys[] = $ins[0];
         if (count($ins) > 2) {
             $ins_qm[] = $ins[2];
         } else {
             $ins_qm[] = '?';
         }
         $ins_values[] = $ins[1];
     }
     if (substr($form->model_table, 0, 5) == 'ONLY ') {
         $mtable = substr($form->model_table, 5);
     } else {
         $mtable = $form->model_table;
     }
     $dbg_elem->content .= "Query: INSERT INTO " . $mtable . "(";
     $dbg_elem->content .= implode(', ', $ins_keys);
     $dbg_elem->content .= ") VALUES(" . var_export($ins_values, true) . ");\n";
     $query = "INSERT INTO " . $mtable . "(" . implode(', ', $ins_keys) . ") VALUES(" . implode(',', $ins_qm) . ");";
     /* Note: up till now, no data has been quoted/sanitized. Thus, we
        feed it direcltly to the second part of the query. Pgsql, in particular,
        can handle a binary transfer of that data to the db, in a well protected
        manner */
     if (session_readonly()) {
         $dbg_elem->content .= "Read-only: query not performed.\n";
         $form->pre_elems[] = new StringElem(_("Read only. No data has been altered."));
         $form->setAction('list');
         return;
     }
     $res = $dbhandle->Execute($query, $ins_values);
     if (!$res) {
         $form->setAction('ask-add2');
         $form->pre_elems[] = new ErrorElem(str_params(_("Cannot create new %1, database error."), array($form->model_name_s), 1));
         $dbg_elem->content .= $dbhandle->ErrorMsg() . "\n";
         // 			throw new Exception( $err_str);
     } else {
         $dbg_elem->content .= ".. success: " . gettype($res) . "\n";
         $form->pre_elems[] = new StringElem(_("New data has successfully been inserted into the database."));
         $form->setAction('list');
     }
 }

Beispiel #4

Datei: A2B_entity_astuser.php Projekt: sayemk/a2billing

$HD_Form->checkRights(ACX_CUSTOMER);
$HD_Form->init();
$HD_Form->views['tooltip'] = new DetailsMcView();
$PAGE_ELEMS[] =& $HD_Form;
$PAGE_ELEMS[] = new AddNewButton($HD_Form);
$HD_Form->model[] = new PKeyFieldEH(_("ID"), 'id');
$HD_Form->model[] = new SqlBigRefField(_("Card"), 'card_id', 'cc_card', 'id', 'username', _("Corresponding card"));
$HD_Form->model[] = new SqlBigRefField(_("Booth"), 'booth_id', 'cc_booth', 'id', 'peername', _("Booth (if no card)"));
$HD_Form->model[] = new SqlRefField(_("Config"), "config", "cc_ast_users_config", "id", "cfg_name");
$HD_Form->model[] = new BoolField(_("SIP"), 'has_sip', _("If true, the peer will have a SIP entry"));
$HD_Form->model[] = new BoolField(_("IAX"), 'has_iax', _("If true, the peer will have a IAX2 entry"));
$HD_Form->model[] = DontList(new TextFieldN(_("Default IP"), 'defaultip', _("Default IP to ring user at.")));
$HD_Form->model[] = new TextField(_("Host"), 'host', _("Statically bind user with some IP/DNS or 'dynamic' for users that will register."));
end($HD_Form->model)->def_value = 'dynamic';
$HD_Form->model[] = new TextFieldN(_("Name B"), 'peernameb', _("Override asterisk username, so that a second device can be registered"));
if (!session_readonly()) {
    $HD_Form->model[] = dontList(new TextFieldN(_("Secret B"), 'secretb', _("Override asterisk secret from card/booth, so that a second device can be registered")));
}
$HD_Form->model[] = dontList(new TextFieldN(_("Callerid B"), 'callerid', _("Override callerid.")));
$HD_Form->model[] = DontList(new TextFieldN(_("From user"), 'fromuser', _("Override user string.")));
$HD_Form->model[] = DontList(new TextFieldN(_("Call group"), 'callgroup', _("When this device is called, set the call group so that others can pick it up.")));
$HD_Form->model[] = DontList(new TextFieldN(_("Pickup group"), 'pickupgroup', _("Allow this device to pick up calls made to those groups.")));
$HD_Form->model[] = DontList(new TextFieldN(_("Device Model"), 'devmodel', _("Provision model of device.")));
$HD_Form->model[] = DontList(new TextFieldN(_("MAC"), 'macaddr', _("MAC address of provisioned device.")));
$HD_Form->model[] = DontList(new TextField(_("D Secret"), 'devsecret', _("Device secret, provision safety.")));
$HD_Form->model[] = DontList(new IntFieldN(_("Provision Name"), 'provi_name', _("Provisioned name (display text)")));
$HD_Form->model[] = DontList(new IntFieldN(_("Provision Num"), 'provi_num', _("Provision configuration number")));
$HD_Form->model[] = DontList(new DateTimeFieldN(_("Last provisioned"), 'provi_date', _("Last provision timestamp")));
$HD_Form->model[] = new DelBtnField();
if ($HD_Form->getAction() == 'tooltip') {
    require "PP_bare_page.inc.php";

Beispiel #5

Datei: Class.TextField.inc.php Projekt: sayemk/a2billing

 public function editQueryField(&$dbhandle)
 {
     if (session_readonly()) {
         return;
     }
     return parent::editQueryField($dbhandle);
 }

Beispiel #6

Datei: Class.FormHandler.inc.php Projekt: sayemk/a2billing

 function init($sA2Billing = null, $stdActions = true)
 {
     if (!$this->rights_checked) {
         error_log("Attempt to use FormHandler w/o rights!");
         die;
     }
     if ($sA2Billing) {
         $this->a2billing =& $sA2Billing;
     } else {
         $this->a2billing =& A2Billing::instance();
     }
     if (isset($GLOBALS['FG_DEBUG'])) {
         $this->FG_DEBUG = $GLOBALS['FG_DEBUG'];
     }
     // Fill a local array with dirty versions of data..
     if (!$this->prefix) {
         $this->_dirty_vars = array_merge($_GET, $_POST);
     } else {
         $tmp_arr = array_merge($_GET, $_POST);
         $tlen = strlen($this->prefix);
         $this->_dirty_vars = array();
         // Find vars matching prefix and strip that!
         foreach ($tmp_arr as $key => $data) {
             if (strncmp($this->prefix, $key, $tlen) == 0) {
                 $this->_dirty_vars[substr($key, $tlen)] = $data;
             }
         }
     }
     // set action, for a start:
     $this->action = $this->getpost_single('action');
     if ($this->action == null) {
         $this->action = 'list';
     }
     if ($this->order = $this->getpost_single('order')) {
         $this->addFollowParam('order', $this->order);
     } else {
         $this->order = $this->default_order;
     }
     if ($this->sens = $this->getpost_single('sens')) {
         $this->addFollowParam('sens', $this->sens);
     } else {
         $this->sens = $this->default_sens;
     }
     if ($this->cpage = $this->getpost_single('cpage')) {
         $this->addFollowParam('cpage', $this->cpage);
     }
     if ($this->ndisp = $this->getpost_single('ndisp')) {
         $this->addFollowParam('ndisp', $this->ndisp);
     } else {
         $this->ndisp = 30;
     }
     if ($stdActions) {
         $this->views['idle'] = new IdleView();
         $this->views['list'] = new ListView();
         if (!session_readonly()) {
             $this->views['edit'] = new EditView();
             $this->views['add'] = new AddView();
             $this->views['delete'] = new DeleteView();
             $this->views['object-edit'] = new ObjEditView();
         }
         $this->views['ask-add'] = new AskAddView();
         $this->views['ask-add2'] = new AskAdd2View();
         $this->views['ask-edit2'] = new AskEdit2View();
         $this->views['ask-edit'] = new AskEditView();
         $this->views['ask-del'] = new AskDelView();
         $this->views['details'] = new DetailsView();
         if ($this->FG_DEBUG) {
             $this->views['dump-form'] = new DbgDumpView();
         }
     }
 }

Beispiel #7

Datei: Class.EditView.inc.php Projekt: sayemk/a2billing

 /** Format and execute the Update query */
 public function PerformAction(&$form)
 {
     $dbg_elem = new DbgElem();
     $dbhandle = $form->a2billing->DBHandle();
     if ($form->FG_DEBUG > 0) {
         array_unshift($form->pre_elems, $dbg_elem);
     }
     // just build the value list..
     $upd_data = array();
     $upd_clauses = array();
     try {
         foreach ($form->model as $fld) {
             $fld->buildUpdate($upd_data, $form);
             $qc = $fld->editQueryClause($dbhandle, $form);
             if ($qc) {
                 if (is_string($qc)) {
                     $upd_clauses[] = $qc;
                 } elseif (is_array($qc)) {
                     $upd_clauses = array_merge($upd_clauses, $qc);
                 } else {
                     throw new Exception("Why clause " . gettype($qc) . " ?");
                 }
             }
         }
     } catch (Exception $ex) {
         $form->action = 'ask-edit2';
         $form->pre_elems[] = new ErrorElem($ex->getMessage());
         $dbg_elem->content .= $ex->getMessage() . ' (' . $ex->getCode() . ")\n";
         // 			throw new Exception( $err_str);
     }
     $upd_values = array();
     $query = "UPDATE " . $form->model_table . " SET ";
     $query_u = array();
     foreach ($upd_data as $upd) {
         if (is_array($upd)) {
             $query_u[] = $upd[0] . " = ? ";
             $upd_values[] = $upd[1];
         } elseif (is_string($upd)) {
             $query_u[] = $upd;
         }
     }
     $query .= implode(", ", $query_u);
     $query_dbg = $query;
     // format a string that contains the values, too
     $query_dbg .= "( " . var_export($upd_values, true) . ") ";
     // Protect against a nasty update!
     if (count($upd_clauses) < 1) {
         $form->pre_elems[] = new ErrorElem("Cannot update, internal error");
         $dbg_elem->content .= "Update: no query clauses!\n";
     }
     $query .= ' WHERE ' . implode(' AND ', $upd_clauses) . ';';
     $query_dbg .= ' WHERE ' . implode(' AND ', $upd_clauses) . ';';
     $dbg_elem->content .= $query_dbg . "\n";
     /* Note: up till now, no data has been quoted/sanitized. Thus, we
        feed it direcltly to the second part of the query. Pgsql, in particular,
        can handle a binary transfer of that data to the db, in a well protected
        manner */
     if (session_readonly()) {
         $dbg_elem->content .= "Read-only: query not performed.\n";
         $form->pre_elems[] = new StringElem(_("Read only. No data has been altered."));
         $form->setAction('list');
         return;
     }
     $res = $dbhandle->Execute($query, $upd_values);
     if (!$res) {
         $form->setAction('ask-edit2');
         $form->pre_elems[] = new ErrorElem(str_params(_("Cannot update %1, database error."), array($form->model_name_s), 1));
         $dbg_elem->content .= $dbhandle->ErrorMsg() . "\n";
         // 			throw new Exception( $err_str);
     } elseif ($dbhandle->Affected_Rows() < 1) {
         // No result rows: update clause didn't match
         $dbg_elem->content .= ".. EOF, no rows!";
         $dbg_elem->obj = $dbhandle->Affected_Rows();
         $form->pre_elems[] = new ErrorElem(str_params(_("Cannot update %1, record not found."), array($form->model_name_s), 1));
         $form->setAction('ask-edit2');
     } else {
         $dbg_elem->content .= "Success: UPDATE " . $dbhandle->Affected_Rows() . "\n";
         $form->pre_elems[] = new StringElem(_("Data has successfully been updated in the database."));
         $form->setAction('list');
     }
 }