function permissions($parameters, $arg1 = '', $arg2 = '', $arg3 = '') { if ($arg1 or $arg2 or $arg3) { $module = $arg1 ? $arg1 : $GLOBALS['zig']['current']['module']; $script = $arg2 ? $arg2 : $GLOBALS['zig']['current']['script']; $action = $arg3 ? $arg3 : $GLOBALS['zig']['current']['action']; $field_name = "all"; $field_value = "all"; } else { if (is_array($parameters)) { $module = array_key_exists("module", $parameters) ? $parameters['module'] : $GLOBALS['zig']['current']['module']; $script = array_key_exists("script", $parameters) ? $parameters['script'] : $GLOBALS['zig']['current']['script']; $action = array_key_exists("action", $parameters) ? $parameters['action'] : $GLOBALS['zig']['current']['action']; $tab = array_key_exists("tab", $parameters) ? $parameters['tab'] : NULL; $field_name = array_key_exists("field_name", $parameters) ? $parameters['field_name'] : "all"; $field_value = array_key_exists("field_value", $parameters) ? $parameters['field_value'] : "all"; } } $module = $module == "{any}" ? NULL : $module; $directory = $module; $script = $script == "{any}" ? NULL : $script; $action = $action == "{any}" ? NULL : $action; $zig_info_obj = new zig_info(); $user = zig("info", "user"); $user_id = zig("info", "user_id"); $group = $zig_info_obj->group(); $pre = zig("config", "pre"); $zig_global_database = zig("config", "global_database"); $script = $script ? $script : $GLOBALS['zig']['current']['script']; $script = addslashes($script); $sql = "SELECT `{$pre}applications`.`name` AS module,`{$pre}tabs`.`name` AS tab \n\t\t\t\t\tFROM `{$zig_global_database}`.`{$pre}tabs`,`{$zig_global_database}`.`{$pre}applications` \n\t\t\t\t\tWHERE \n\t\t\t\t\t\t`directory`='{$directory}' \n\t\t\t\t\tAND `{$pre}tabs`.`module`=`{$pre}applications`.`name` \n\t\t\t\t\tAND `{$pre}tabs`.`link`='{$script}' LIMIT 1"; $result = zig("query", $sql); $fetch = $result->fetchRow(); $module = $fetch['module']; $tab = $fetch['tab']; $where_tab = $tab ? " AND (tab='{$tab}' OR tab='all') " : NULL; $where_action = $tab ? " AND (action='{$action}' OR action='all') " : NULL; $sql = "SELECT users \n\t\t\t\tFROM `{$zig_global_database}`.`{$pre}permissions` \n\t\t\t\tWHERE \n\t\t\t\t\t(zig_parent_id='{$user_id}' OR users='{$user}' OR users='{$group}' OR users='all') \n\t\t\t\tAND (module='{$module}' OR module='all') {$where_tab} {$where_action} \n\t\t\t\tAND (field_name='{$field_name}' OR field_name='all') \n\t\t\t\tAND (field_value='{$field_value}' OR field_value='all') \n\t\t\t\tAND permission='allow' LIMIT 1"; $result = zig("query", $sql, "permissions.lib.php", false); $permission = $result->RecordCount(); if ($permission == 1) { $sql = "SELECT users \n\t\t\t\t\tFROM {$zig_global_database}.{$pre}permissions \n\t\t\t\t\tWHERE \n\t\t\t\t\t\t(zig_parent_id='{$user_id}' OR users='{$user}' OR users='{$group}' OR users='all') \n\t\t\t\t\tAND (module='{$module}' OR module='all') {$where_tab} {$where_action} \n\t\t\t\t\tAND (field_name='{$field_name}' OR field_name='all') \n\t\t\t\t\tAND (field_value='{$field_value}' OR field_value='all') \n\t\t\t\t\tAND permission='deny' LIMIT 1"; $result = zig("query", $sql); $permission = $result->RecordCount() ? false : true; /* if($module=="zig-helpdesk") { print " m=".$module ; print " t=".$tab ; print " a=".$action ; print " u=".$user ; print " p=".$permission ; print " sql=".$sql ; print "<br /><br />" ; // exit() ; }*/ } $zig_return['value'] = $permission; $zig_return['return'] = 1; return $zig_return; }
function config($parameters, $arg1 = '', $arg2 = '', $arg3 = '') { if ($arg1 or $arg2 or $arg3) { $name = $arg1; $module = $arg2 ? $arg2 : NULL; $config = $arg3 ? $arg3 : NULL; $result = "all"; $tab = NULL; $action = isset($GLOBALS['zig']['current']['action']) ? $GLOBALS['zig']['current']['action'] : NULL; $user = NULL; } else { if (is_array($parameters)) { $name = array_key_exists("name", $parameters) ? $parameters['name'] : NULL; $module = array_key_exists("module", $parameters) ? $parameters['module'] : NULL; $config = array_key_exists("config", $parameters) ? $parameters['config'] : NULL; $result = array_key_exists("result", $parameters) ? $parameters['result'] : NULL; $tab = array_key_exists("tab", $parameters) ? $parameters['tab'] : NULL; $action = array_key_exists("action", $parameters) ? $parameters['action'] : (isset($GLOBALS['zig']['current']['action']) ? $GLOBALS['zig']['current']['action'] : NULL); $user = array_key_exists("user", $parameters) ? $parameters['user'] : NULL; } } if (!$module) { $fileBaseDirectory = dirname(__FILE__); $baseDirectory = explode("zig-api", $fileBaseDirectory); $baseDirectory = str_replace("\\", "/", $baseDirectory[0]); $debug_backtrace = debug_backtrace(); $module = $debug_backtrace[1]['file']; $module = str_replace("\\", "/", $module); $module = str_replace($baseDirectory, "", $module); $splitted_module = explode("/", $module); $module = $splitted_module[0]; $current_module = NULL; if (array_key_exists("zig", $GLOBALS)) { $current_module = array_key_exists("current", $GLOBALS['zig']) ? array_key_exists("module", $GLOBALS['zig']['current']) ? $GLOBALS['zig']['current']['module'] : NULL : NULL; } $module = ($module == "zig-api" and $current_module != "zig-api" and $current_module != '') ? $module : ($module ? $module : "zig-api"); } $pre = NULL; $zig_global_database = NULL; $value = NULL; if (array_key_exists("zig", $GLOBALS)) { if (array_key_exists("sql", $GLOBALS['zig'])) { $pre = array_key_exists("pre", $GLOBALS['zig']['sql']) ? $GLOBALS['zig']['sql']['pre'] : NULL; $zig_global_database = array_key_exists("global_database", $GLOBALS['zig']['sql']) ? $GLOBALS['zig']['sql']['global_database'] : NULL; } } $original_config = $config ? $config : 0; $original_module = $module ? $module : 0; $original_tab = $tab ? $tab : 0; $original_action = $action ? $action : 0; $original_user = $user ? $user : 0; if ($pre and $zig_global_database) { $record = 0; $value = NULL; $value_check = $this->config_check($original_config, $original_module, $original_tab, $original_action, $original_user, $name); if ($value_check) { $value = $value_check; } else { if ($module != "all" and $module != "zig-api") { $module_sql = "SELECT `name` FROM `{$zig_global_database}`.`{$pre}applications` WHERE `directory`='{$module}' AND `zig_status`<>'deleted' LIMIT 1"; $module_result = $GLOBALS['zig']['adodb']->Execute($module_sql); $module_fetch = $module_result->fetchRow(); $module = $module_fetch['name'] ? $module_fetch['name'] : "all"; $error_number = $GLOBALS['zig']['adodb']->ErrorNo(); } if (!$user) { require_once "../zig-api/lib/info.lib.php"; $zig_info_obj = new zig_info(); $user_return = $zig_info_obj->info("info", "user"); $user = array_key_exists("value", $user_return) ? $user_return['value'] : NULL; } $script = isset($GLOBALS['zig']['current']['script']) ? $GLOBALS['zig']['current']['script'] : NULL; $limit = is_numeric($result) ? "LIMIT {$result}" : NULL; if (!$tab) { // -- Start set tab $tab_sql = "SELECT `name` FROM `{$zig_global_database}`.`{$pre}tabs` WHERE (`module`='{$module}' OR `module`='all') AND `link`='{$script}' AND `zig_status`<>'deleted' LIMIT 1"; $tab_result = $GLOBALS['zig']['adodb']->Execute($tab_sql); $tab_fetch = $tab_result->fetchRow(); $tab = $tab_fetch['name'] ? $tab_fetch['name'] : "all"; $error_number = $GLOBALS['zig']['adodb']->ErrorNo(); // -- End set tab } if ($config) { $config_names[] = $config; } else { $value_check = $this->config_check($original_config, $module, $tab, $original_action, $original_user, "config"); if ($value_check) { $config_names = $value_check; } else { $config_sql = "SELECT `value` FROM `{$zig_global_database}`.`{$pre}configs` WHERE (`module`='{$module}' OR `module`='all') AND (`tab`='{$tab}' OR `tab`='all') AND `config`='default' AND (`action`='{$action}' OR `action`='all') AND (`users`='{$user}' OR `users`='all') AND `name`='config' AND `zig_status`<>'deleted' ORDER BY `priority` LIMIT 1"; $config_result = $GLOBALS['zig']['adodb']->Execute($config_sql); $error_number = $GLOBALS['zig']['adodb']->ErrorNo(); $config_count = $config_result->RecordCount(); if ($config_count and !$error_number) { while ($config_fetch = $config_result->fetchRow()) { if ($config_fetch['value']) { $config_names[] = $config_fetch['value']; } } } $config_names[] = "default"; $GLOBALS[$original_config][$module][$tab][$original_action][$original_user]['config'] = $config_names; if ($original_config) { $_SESSION[$original_config][$module][$tab][$original_action][$original_user]['config'] = $config_names; } } } foreach ($config_names as $config) { $value_check = $this->config_check($config, $module, $tab, $action, $user, $name); if ($value_check) { $value = $value_check; break; } if ($user and !$error_number) { $sql = "SELECT `value` FROM `{$zig_global_database}`.`{$pre}configs` WHERE (`module`='{$module}' OR `module`='all') AND (`tab`='{$tab}' OR `tab`='all') AND `config`='{$config}' AND (`action`='{$action}' OR `action`='all') AND `users`='{$user}' AND `name`='{$name}' AND `zig_status`<>'deleted' ORDER BY `priority` {$limit}"; $result = $GLOBALS['zig']['adodb']->Execute($sql); $error_number = $GLOBALS['zig']['adodb']->ErrorNo(); $record = $error_number ? 0 : $result->RecordCount(); } if ($error_number) { $zig_result['error'] = "Script: config.lib.php<br />"; $zig_result['error'] .= isset($sql) ? "SQL Statement: {$sql}<br />" : "SQL Statement: [blank]<br />"; $zig_result['error'] .= "SQL Error: " . $GLOBALS['zig']['adodb']->ErrorMsg(); } else { if ($record == 0) { $value_check = $this->config_check($config, $module, $tab, $action, $user, $name); if ($value_check) { $value = $value_check; break; } $sql = "SELECT `value` FROM `{$zig_global_database}`.`{$pre}configs` WHERE (`module`='{$module}' OR `module`='all') AND `tab`='{$tab}' AND (`config`='{$config}' OR `config`='all') AND (`action`='{$action}' OR `action`='all') AND `users`='all' AND `name`='{$name}' AND `zig_status`<>'deleted' ORDER BY `priority` {$limit}"; $result = $GLOBALS['zig']['adodb']->Execute($sql); $record = $result->RecordCount(); } if ($record == 0) { $sql = "SELECT `value` FROM `{$pre}configs` WHERE (`module`='{$module}' OR `module`='all') AND (`tab`='{$tab}' OR `tab`='all') AND (`config`='{$config}' OR `config`='all') AND (`action`='{$action}' OR `action`='all') AND `users`='all' AND `name`='{$name}' AND `zig_status`<>'deleted' ORDER BY `priority` {$limit}"; $result = $GLOBALS['zig']['adodb']->Execute($sql); $record = $result->RecordCount(); } if ($record == 0) { if ($module != "zig-api") { $module = "zig-api"; } else { if ($config != "default") { $config = "default"; } } if ($record == 0 and $module != "zig-api" and $config != "default") { $module = "zig-api"; $config = "default"; } $value_check = $this->config_check($config, $module, $tab, $action, $user, $name); if ($value_check) { $value = $value_check; break; } $sql = "SELECT `value` FROM `{$zig_global_database}`.`{$pre}configs` WHERE (`module`='{$module}' OR `module`='all') AND (`tab`='{$tab}' OR `tab`='all') AND (`config`='{$config}' OR `config`='all') AND (`action`='{$action}' OR `action`='all') AND `users`='{$user}' AND `name`='{$name}' AND `zig_status`<>'deleted' ORDER BY `priority` {$limit}"; $result = $GLOBALS['zig']['adodb']->Execute($sql); $record = $result->RecordCount(); if (!$record) { $value_check = $this->config_check($config, $module, $tab, $action, $user, $name); if ($value_check) { $value = $value_check; break; } $sql = "SELECT `value` FROM `{$zig_global_database}`.`{$pre}configs` WHERE (`module`='{$module}' OR `module`='all') AND (`tab`='{$tab}' OR `tab`='all') AND (`config`='{$config}' OR `config`='all') AND (`action`='{$action}' OR `action`='all') AND `users`='all' AND `name`='{$name}' AND `zig_status`<>'deleted' ORDER BY `priority` {$limit}"; $result = $GLOBALS['zig']['adodb']->Execute($sql); $record = $result->RecordCount(); } } if ($record > 1) { while ($fetch = $result->fetchRow()) { $value[] = $fetch['value']; } } else { if ($record) { $fetch = $result->fetchRow(); $value = $fetch['value']; } } } if ($value) { break; } } $name = str_replace(" ", "_", $name); $config = $config ? $config : 0; $module = $module ? $module : 0; $tab = $tab ? $tab : 0; $action = $action ? $action : 0; $user = $user ? $user : 0; $GLOBALS[$config][$module][$tab][$action][$user][$name] = $value; if ($config) { $_SESSION[$config][$module][$tab][$action][$user][$name] = $value; } $GLOBALS[$original_config][$original_module][$original_tab][$original_action][$original_user][$name] = $value; if ($original_config) { $_SESSION[$original_config][$original_module][$original_tab][$original_action][$original_user][$name] = $value; } } } $zig_result['return'] = 1; $zig_result['value'] = $value; return $zig_result; }
function logit($parameters, $arg1 = '', $arg2 = '', $arg3 = '') { if ($arg1 or $arg2 or $arg3) { $type = $arg1; $script = $arg2; $log_message = $arg3; } else { if (is_array($parameters)) { $type = array_key_exists("type", $parameters) ? $parameters['type'] : NULL; $script = array_key_exists("script", $parameters) ? $parameters['script'] : NULL; $log_message = array_key_exists("log_message", $parameters) ? $parameters['log_message'] : NULL; } } $log_message = strtolower($log_message); $sql_query_type = NULL; $record_action = NULL; require_once "../zig-api/lib/info.lib.php"; $info_object = new zig_info(); $user = $info_object->user(); $pre = $GLOBALS['zig']['sql']['pre']; $zig_global_database = $GLOBALS['zig']['sql']['global_database']; $script = $GLOBALS['zig']['current']['script']; $module = $GLOBALS['zig']['current']['module']; $action = $GLOBALS['zig']['current']['action']; $sql = "SELECT `a`.`module`,`a`.`name`\n\t\t\t\tFROM `zig_tabs` `a`,`zig_applications` `b` \n\t\t\t\tWHERE `a`.`module`=`b`.`name` AND `directory`='{$module}' AND `a`.`link`='{$script}' \n\t\t\t\tLIMIT 1"; $result = $GLOBALS['zig']['adodb']->Execute($sql); $fetch = $result->fetchRow(); $module = $fetch['module']; $tab = $fetch['name']; // -- Start Record Action if (stripos($log_message, "select ") == 0 and stripos($log_message, "select ") !== false) { $sql_query_type = "select"; $record_action = "search"; } else { if (stripos($log_message, "update ") == 0 and stripos($log_message, "update ") !== false) { $sql_query_type = "update"; if (stripos(strtolower(str_replace("`", "", $log_message)), "set zig_status='deleted'")) { $record_action = "delete"; $splitted_log = explode(" where ", str_replace("`", "", $log_message)); $splitted_where = explode("id", $splitted_log[1]); } else { $record_action = "edit"; } } else { if (stripos($log_message, "insert into ") == 0 and stripos($log_message, "insert into ") !== false) { $sql_query_type = "insert"; $record_action = "add"; } else { if (stripos($log_message, "show ") == 0 and stripos($log_message, "show ") !== false) { $sql_query_type = "show"; } } } } // -- End Record Action $sql = "INSERT INTO `{$zig_global_database}`.`{$pre}logs` (zig_created,zig_user,log_type,module,tab,action,script,record_action,sql_query_type,log_message) VALUES(NOW(),'{$user}','{$type}','{$module}','{$tab}','{$action}','{$script}','{$record_action}','{$sql_query_type}',\"{$log_message}\") "; $result = $GLOBALS['zig']['adodb']->Execute($sql); $error_number = $GLOBALS['zig']['adodb']->ErrorNo(); if ($error_number) { $zig_result['error'] = "Script: {$script}<br />"; $zig_result['error'] .= "SQL Statement: {$sql}<br />"; $zig_result['error'] .= "SQL Error: " . $GLOBALS['zig']['adodb']->ErrorMsg(); } $zig_result['return'] = 1; return $zig_result; }