function parseSelect($str)
{
global $replace;
$str = strReplaceAssoc($replace, $str);
$arr = explode("\n", $str);
foreach ($arr as $k => $v) {
$v = trim($v);
if (!empty($v)) {
$tmp = strReplaceAssoc(array('<value>' => '', '</value>' => '', '<title>' => '', '</title>' => ''), $v);
if (empty($tmp)) {
$tmp = "";
}
$new[] = $tmp;
}
}
$count = count($new);
for ($i = 0; $i < $count;) {
if (!isset($new[$i + 1])) {
$insert[] = $new[$i] . '|' . '';
} else {
$insert[] = $new[$i] . '|' . $new[$i + 1];
}
$i = $i + 2;
}
return join("\n", $insert);
}
function queryDB(&$db, $structure, $table)
{
global $statsMethodDefs, $constraintTypes, $orderOptions, $shortNames;
global $specialTables, $specialFields;
global $wonitorStructure, $ns2plusStructure;
$isWonitor = $structure == $wonitorStructure;
// select data
$dataFields = array();
$dataRequests = ['all'];
if (isset($_GET['data'])) {
$dataRequests = explode(',', strReplaceAssoc($shortNames, $_GET['data']));
}
foreach ($dataRequests as $value) {
$dataField = $value;
$dataFieldRename = '';
/* i.e. data=length_sum, data=winner_avg, data=numPlayers_cnt */
$dataStatsMethod = substr($value, -4);
if (isset($statsMethodDefs[$dataStatsMethod])) {
$dataField = substr($value, 0, -4);
} else {
$dataStatsMethod = '';
}
if ($dataField == '') {
continue;
} elseif (isset($specialFields[$dataField])) {
$dataFields[] = $specialFields[$dataField];
continue;
} elseif (isValidField($structure, $table, $dataField)) {
$dataFieldQuery = getFieldQuery($structure, $table, $dataField);
} else {
exit;
// exit here to indicate sth is wrong
}
if ($dataFieldQuery != $dataField) {
$dataFieldRename = ' AS ' . $dataField;
}
if ($dataStatsMethod == '') {
$dataFields[] = $dataFieldQuery . $dataFieldRename;
} else {
// COUNT ( length ) AS length_cnt , length
$dataFields[] = $statsMethodDefs[$dataStatsMethod] . '(' . $dataFieldQuery . ') AS ' . $dataField . $dataStatsMethod . ($dataStatsMethod == '_cnt' ? ', ' . $dataFieldQuery . $dataFieldRename : '');
// no injection here because we tested the fields earlier
}
}
if (!$dataFields) {
exit;
// data field is required
}
$data = implode(', ', $dataFields);
// grouping
$groupBy = array();
if (isset($_GET['group_by'])) {
$groups = explode(',', $_GET['group_by']);
foreach ($groups as $index => $value) {
if ($value == '') {
continue;
}
$group = explode('_every_', $value);
$groupField = $group[0];
if (!isValidField($structure, $table, $groupField)) {
continue;
}
$groupFieldQuery = getFieldQuery($structure, $table, $groupField);
if (isset($group[1])) {
$binsize = (double) $group[1];
if ($binsize == 0) {
$binsize = 1;
}
$data .= ', CAST(' . $groupFieldQuery . '/' . $binsize . ' AS INTEGER)*' . $binsize . ' AS [group' . ($index + 1) . ']';
// no injection here because we tested the group earlier
//$data .= ', ROUND(' . $groupField . '/' . $binsize . ')*' . $binsize.' AS [group'.($index==0 ? '' : $index+1 ).']';
} else {
$data .= ', ' . $groupFieldQuery . ' AS [group' . ($index + 1) . ']';
}
$groupBy[] = '[group' . ($index + 1) . ']';
}
}
// constraints
$constraints = array();
$bindings = array();
foreach ($_GET as $key => $value) {
if (strlen($key) < 3) {
continue;
}
$constraintField = substr($key, 0, -3);
$constraintType = substr($key, -3);
if (($constraintField == 'map' || $constraintField == 'mapName') && strpos($value, '@official') !== false) {
$officialMaps = 'ns2_biodome,ns2_caged,ns2_derelict,ns2_descent,ns2_docking,ns2_eclipse,ns2_kodiak,ns2_mineshaft,ns2_refinery,ns2_summit,ns2_tram,ns2_veil';
$value = str_replace('@official', $officialMaps, $value);
}
$constraintValues = explode(',', $value);
/* i.e. map_is=..., length_gt=..., numPlayers_ge=... */
if (!isset($constraintTypes[$constraintType])) {
continue;
}
if (!isValidField($structure, $table, $constraintField)) {
continue;
}
$constraintFieldQuery = getFieldQuery($structure, $table, $constraintField);
if ($constraintType == '_is') {
// IS constraints are chained with OR
$subconstraint = array();
foreach ($constraintValues as $index => $constraintValue) {
// numPlayers >= :numPlayers_ge1
$subconstraint[] = $constraintFieldQuery . ' ' . $constraintTypes[$constraintType] . ' :' . $key . ($index + 1);
}
if (count($subconstraint) == 1) {
// no ugly brackets in query for a single constraint
$constraints[] = $subconstraint[0];
} else {
$constraints[] = '( ' . implode(' OR ', $subconstraint) . ' )';
}
} else {
foreach ($constraintValues as $index => $constraintValue) {
$constraints[] = $constraintFieldQuery . ' ' . $constraintTypes[$constraintType] . ' :' . $key . ($index + 1);
}
}
foreach ($constraintValues as $index => $constraintValue) {
$bindings[] = array('key' => ':' . $key . ($index + 1), 'value' => $constraintValue);
}
}
// ordering
$orderBy = array();
if (isset($_GET['order_by'])) {
$orders = explode(',', $_GET['order_by']);
foreach ($orders as $index => $value) {
$order = explode('_', $value);
// NOTE we can't have fieldnames with _ because auf this
$orderField = $order[0];
$orderDirection = $order[1];
if (!isValidField($structure, $table, $orderField)) {
continue;
}
$orderFieldQuery = getFieldQuery($structure, $table, $orderField);
$orderBy[] = $orderField . (isset($orderDirection, $orderOptions[$orderDirection]) ? ' ' . $orderOptions[$orderDirection] : '');
}
}
// build and prepare query
$query = 'SELECT ' . $data;
if (isset($specialTables[$table])) {
$query .= ' FROM (' . $specialTables[$table] . ') AS ' . $table . ' ';
// NOTE this is safe because we checked the table exists
} else {
$query .= ' FROM ' . $table;
// NOTE this is safe because we checked the table exists
}
if ($constraints) {
$query .= ' WHERE ' . implode(' AND ', $constraints);
}
if ($groupBy) {
$query .= ' GROUP BY ' . implode(', ', $groupBy);
}
if ($orderBy) {
$query .= ' ORDER BY ' . implode(', ', $orderBy);
}
if (isset($_GET['showQuery'])) {
echo $query . "<br /><br />\n";
}
$statement = $db->prepare($query);
// bind values
foreach ($bindings as $binding) {
$statement->bindValue($binding['key'], $binding['value'], is_numeric($binding['value']) ? PDO::PARAM_INT : PDO::PARAM_STR);
// NOTE this is safe because we check the key above
}
// query db
$statement->setFetchMode(PDO::FETCH_ASSOC);
$statement->execute();
$result = [];
$fetch = isset($_GET['fetch']) ? $_GET['fetch'] : 'all';
switch ($fetch) {
case 'first':
$result = $statement->fetch() || null;
break;
case 'last':
$result = $statement->fetchAll();
$result = count($result) > 1 ? $result[count($result) - 1] : null;
break;
default:
case 'all':
$result = $statement->fetchAll();
}
// print results
echo json_encode($result) . "\n";
//foreach( $result as $row ) {var_dump( $row );}
}
if ($ebays->title != '') {
$carlist .= '<tr>';
$carlist .= '<td>' . $ebays->title . ' </td>';
$carlist .= '<td> - $' . number_format($ebays->buyItNowPrice, 2) . '</td>';
$carlist .= '</tr>';
$flage = true;
$common->update('contact', array("mail_date" => $currentTimestamp, 'status' => 1), ' id=' . $contact_id);
}
}
}
}
$carlist .= '</table>';
//echo $carlist; die;
if ($flage) {
$replaces = array('[CUSTOMER_NAME]' => $name, '[CAR_LIST]' => $carlist, '[ADDRESS]' => $address, '[TELEPHONE]' => $phone, '[EMAIL_ADDRESS]' => $adminemail, '[TERMS_URL]' => DEFAULT_URL);
$messages = strReplaceAssoc($replaces, $message);
$headers = "From: " . $adminemail . "\r\n";
$headers .= "Reply-To: " . $adminemail . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
//echo $messages; die;
//mail($toEmail,$subject,$messages,$headers);
sendSmtpMail($toEmail, $subject, $message);
$common->save('email_log', array("email" => $toEmail, "content" => $messages, "sent_date" => $currentTimestamp, "next_date" => $next, 'status' => 1));
if ($i == $count) {
$_SESSION['success_msg'] = "Mail Sent Succefully";
echo '<script>alert("thanks");window.location.href="' . DEFAULT_ADMIN_URL . '/template/reminder/index.php";</script>';
exit;
}
$i++;
}
