function GenerateDownload() { $loc = rmabs(__FILE__ . ".GenerateDownload"); $sql = 'SELECT * FROM Users'; $result = SqlQuery($loc, $sql); $first = true; header('Content-Type: application/csv'); header('Content-Disposition: attachment; filename="Users_' . date("Y-m-d") . '.csv";'); $ff = fopen('php://memory', 'w'); //rewind($f); $fieldnames = array(); while ($row = $result->fetch_assoc()) { if ($first) { $fieldnames = array_keys($row); fputcsv($ff, $fieldnames, ","); $first = false; } $data = array(); foreach ($fieldnames as $k) { if (isset($row[$k])) { $data[] = $row[$k]; } else { $data[] = ""; } } fputcsv($ff, $data); } fseek($ff, 0); header('Content-Type: application/csv'); header('Content-Disposition: attachment; filename="Users_' . date("Y-m-d") . '.csv";'); fpassthru($ff); }
function up() { $sql = "CREATE TABLE priority\n\t\t\t\t(\n\t\t\t\t\tid int2 primary key,\n\t\t\t\t\tname text\n\t\t\t\t)"; SqlAlterSchema($sql); SqlQuery("insert into priority (id, name) values (1, 'Low')", array()); SqlQuery("insert into priority (id, name) values (2, 'Medium')", array()); SqlQuery("insert into priority (id, name) values (3, 'High')", array()); $sql = "ALTER TABLE request add column priority_id int2 references priority not null default 1"; SqlAlterSchema($sql); }
function get_all_accounts() { $loc = rmabs(__FILE__ . ".get_all_accounts"); $sql = "SELECT UserID from Users"; $result = SqlQuery($loc, $sql); while ($row = $result->fetch_assoc()) { $aws[] = intval($row["UserID"]); } return $aws; }
function GetWorkOrderPrereqInfo($userid) { $loc = "userlib.php->GetUserInfo"; $sql = 'SELECT * FROM UserView WHERE UserID=' . SqlClean($userid); $result = SqlQuery($loc, $sql); if ($result->num_rows != 1) { return false; } $row = $result->fetch_assoc(); return $row; }
function changeactive($wid, $active) { global $username; $loc = rmabs(__FILE__ . ".changeactive"); $sql = 'UPDATE WorkOrders SET Active=' . intval($active) . ' WHERE WID=' . intval($wid); $result = SqlQuery($loc, $sql); $action = "archvied"; if ($active) { $action = "resurrected"; } return 'Work Order ' . intval($wid) . ' has been ' . $action . ' by ' . $username . '.'; }
function GetPicCaption($wid, $picid) { $loc = rmabs(__FILE__ . ".GetPicCaption"); if (empty($wid) || empty($picid)) { return ""; } $sql = 'SELECT * From AppendedData Where WID=' . intval($wid) . ' AND PicID=' . intval($picid); $result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { return ""; } $row = $result->fetch_assoc(); return $row["TextInfo"]; }
function delete_workorder($woinfo) { global $username; $loc = rmabs(__FILE__ . ".delete_workorder"); $wid = $woinfo["WID"]; $sql = "DELETE FROM Assignments WHERE WID=" . intval($wid); SqlQuery($loc, $sql); $sql = "DELETE FROM AppendedData WHERE WID=" . intval($wid); SqlQuery($loc, $sql); $sql = "DELETE FROM WorkOrders WHERE WID=" . intval($wid); SqlQuery($loc, $sql); $widstr = WIDStr($wid, $woinfo["Revision"], $woinfo["IsApproved"]); $msg = "Work Order " . $widstr . " deleted by " . $username . "."; log_msg($loc, $msg); return $msg; }
function GetAllWorkers() { $loc = rmabs(__FILE__ . "GetAllWorkers"); $sql = 'SELECT * FROM AllActiveUsersView ORDER BY LastName, FirstName'; $result = SqlQuery($loc, $sql); $d = array(); while ($row = $result->fetch_assoc()) { $tags = ArrayFromSlashStr($row["Tags"]); if (CheckArrayForEasyMatch($tags, "worker")) { $row["AbbrivatedName"] = MakeAbbrivatedName($row); $d[] = $row; } } return $d; }
function DeleteAllPrefsForUser($userid) { $loc = "preflib.php->DeleteAllPrefsForUser"; $sql = 'DELETE FROM Prefs WHERE UserID=' . intval($userid); $result = SqlQuery($loc, $sql); log_msg($loc, 'All preferences deleted successfully for user ' . intval($userid)); }
function graphsGetRanges($name) { global $is_lbf, $pid, $table; if ($is_lbf) { // Like below, but for LBF data. $ranges = sqlQuery("SELECT " . "MAX(CONVERT(ld.field_value, SIGNED)) AS max_" . add_escape_custom($name) . ", " . "MAX(UNIX_TIMESTAMP(f.date)) AS max_date, " . "MIN(UNIX_TIMESTAMP(f.date)) AS min_date " . "FROM forms AS f, lbf_data AS ld WHERE " . "f.pid = ? AND " . "f.formdir = ? AND " . "f.deleted = 0 AND " . "ld.form_id = f.form_id AND " . "ld.field_id = ? AND " . "ld.field_value != '0'", array($pid, $table, $name)); } else { $ranges = SqlQuery("SELECT " . "MAX(CONVERT(" . add_escape_custom($name) . ",SIGNED)) AS " . "max_" . add_escape_custom($name) . ", " . "MAX(UNIX_TIMESTAMP(date)) as max_date, " . "MIN(UNIX_TIMESTAMP(date)) as min_date " . "FROM " . add_escape_custom($table) . " " . "WHERE " . add_escape_custom($name) . " != 0 " . "AND pid = ?", array($pid)); } return $ranges; }
function GetPicIDForUserID($userid) { $loc = 'piclib.php->GetPicIDForUserID'; $sql = 'SELECT PicID From UserPics WHERE UserID=' . intval($userid); $result = SqlQuery($loc, $sql); while ($row = $result->fetch_assoc()) { $picid = $row["PicID"]; return $picid; } return 0; }
function MakeGifImages() { $loc = 'badges_showall.php->MakeAllBadges'; $sql = 'SELECT * FROM UserView ORDER BY BadgeID'; $result = SqlQuery($loc, $sql); $nempty = 0; $nmade = 0; $nfail = 0; while ($row = $result->fetch_assoc()) { if ($row["Active"] == false) { continue; } $tags = ArrayFromSlashStr($row["Tags"]); if (!in_array("member", $tags)) { continue; } $badgeid = $row["BadgeID"]; if (empty($badgeid)) { $nempty++; continue; } $r = MakeGif($row); if ($r === true) { $nmade++; } else { $nfail++; } } $status = 'Images Made: ' . $nmade . ', Members without BadgeIDs: ' . $nempty; if ($nfail > 0) { $status .= ', Failures: ' . $nfail . '. (See sys log!)'; } log_msg($loc, array('All gif images made!', $status)); return $status; }
function ShowRawScans($badgeid) { $loc = "attendance_user.php->ShowRawScans()"; $sql = 'SELECT * from RawScans WHERE BadgeID="' . $badgeid . '"'; $result = SqlQuery($loc, $sql); while ($row = $result->fetch_assoc()) { echo '<div style="display: block; height: 20px; ">'; echo '<br>' . "\n"; echo '<div style="float: left; width: 180px;">'; echo $row["ScanTime"]; echo '</div>' . "\n"; $dir = ""; if ($row["Direction"] == 0) { $dir = "Scan In"; } if ($row["Direction"] == 1) { $dir = "Scan Out"; } if ($row["Direction"] == 2) { $dir = "?"; } echo '<div style="float: left; width: 100px;">'; echo $dir; echo '</div>' . "\n"; echo '<div style="float: left; width: 80px;">'; echo $row["Flags"]; echo '</div>' . "\n"; echo '<div style="clear: both;"></div>' . "\n"; echo '</div>'; } }
function down() { SqlQuery("drop table entry"); SqlQuery("drop table project"); SqlQuery("drop table person"); }
exit; } // If blood pressure, then collect the other reading to allow graphing both in same graph $isBP = 0; if ($name == "bps" || $name == "bpd") { // Set BP flag and collect other pressure reading $isBP = 1; if ($name == "bps") { $name_alt = "bpd"; } if ($name == "bpd") { $name_alt = "bps"; } // Collect the pertinent vitals and ranges. $values_alt = SqlStatement("SELECT " . add_escape_custom($name_alt) . ", " . "UNIX_TIMESTAMP(date) as unix_date " . "FROM " . add_escape_custom($table) . " " . "WHERE pid=? ORDER BY date", array($pid)); $ranges_alt = SqlQuery("SELECT MAX(CONVERT(" . add_escape_custom($name_alt) . ",SIGNED)) AS " . "max_" . add_escape_custom($name_alt) . ", " . "MAX(UNIX_TIMESTAMP(date)) as max_date, " . "MIN(UNIX_TIMESTAMP(date)) as min_date " . "FROM " . add_escape_custom($table) . " " . "WHERE pid=?", array($pid)); } // Prepare look and feel of data points $s = new scatter_line('#DB1750', 2); $def = new hollow_dot(); $def->size(4)->halo_size(3)->tooltip('#val#<br>#date:Y-m-d H:i#'); $s->set_default_dot_style($def); if ($isBP) { //set up the other blood pressure line $s_alt = new scatter_line('#0000FF', 2); $s_alt->set_default_dot_style($def); } // Prepare and insert data $data = array(); while ($row = sqlFetchArray($values)) { if ($row["{$name}"]) {
<?php if ($_POST['add']) { //validate $pat = "^[a-z]{2}\$"; if (!check_pattern($_POST['lang_code'], $pat)) { echo htmlspecialchars(xl("Code must be two letter lowercase"), ENT_NOQUOTES) . '<br>'; $err = 'y'; } $sql = "SELECT * FROM lang_languages WHERE lang_code LIKE ? or lang_description LIKE ? limit 1"; $res = SqlQuery($sql, array("%" . $_POST['lang_code'] . "%", "%" . $_POST['lang_name'])); if ($res) { echo htmlspecialchars(xl("Data Alike is already in database, please change code and/or description"), ENT_NOQUOTES) . '<br>'; $err = 'y'; } if ($err == 'y') { $val_lang_code = $_POST['lang_code']; $val_lang_name = $_POST['lang_name']; } else { //insert into the main table $sql = "INSERT INTO lang_languages SET lang_code=?, lang_description=?"; SqlStatement($sql, array($_POST['lang_code'], $_POST['lang_name'])); //insert into the log table - to allow persistant customizations insert_language_log($_POST['lang_name'], $_POST['lang_code'], '', ''); echo htmlspecialchars(xl('Language definition added'), ENT_NOQUOTES) . '<br>'; } } ?> <TABLE> <FORM name="lang_form" METHOD=POST ACTION="?m=language" onsubmit="return top.restoreSession()">
function down() { SqlQuery("drop table session_exercise"); SqlQuery("drop table session"); SqlQuery("drop table exercise"); }
function GetSqlTable($tablename, $filter = "") { $loc = "databaselib.php->GetSqlTable"; $sql = "SELECT * FROM " . $tablename; if (!empty($filter)) { $sql .= ' ' . $filter; } $result = SqlQuery($loc, $sql); $table = array(); while ($row = $result->fetch_assoc()) { $table[] = $row; } return $table; }
} a:visited { color: <?php echo $font_color; ?> ; } a:active { color: <?php echo $font_color; ?> ; } a:hover { color: <?php echo $font_color; ?> ; } </style> </head> <body bgcolor = "<?php echo $bgcolor; ?> "> <?php SqlQuery(); ?> </body> </html>
function StoreEvent($fields) { $loc = 'readerlib.php=>StoreEvent'; $sql = 'INSERT INTO EventTimes (Name, StartTime, EndTime, Type, Purpose) '; $sql .= 'VALUES ('; $sql .= ' "' . SqlClean($fields["Name"]) . '"'; $sql .= ', "' . SqlClean($fields["StartTime"]) . '"'; $sql .= ', "' . SqlClean($fields["EndTime"]) . '"'; $sql .= ', "' . SqlClean($fields["Type"]) . '"'; $sql .= ', "' . SqlClean($fields["Purpose"]) . '"'; $sql .= ')'; SqlQuery($loc, $sql); }
<?php require_once "language.inc.php"; if ($_POST['add']) { //validate if ($_POST['constant_name'] == "") { echo htmlspecialchars(xl('Constant name is blank'), ENT_NOQUOTES) . '<br>'; $err = 'y'; } $sql = "SELECT * FROM lang_constants WHERE constant_name=? limit 1"; $res = SqlQuery($sql, array($_POST['constant_name'])); if ($res) { echo htmlspecialchars(xl('Data Alike is already in database, please change constant name'), ENT_NOQUOTES) . '<br>'; $err = 'y'; } if ($err == 'y') { $val_constant = $_POST['constant_name']; } else { //insert into the main table $sql = "INSERT INTO lang_constants SET constant_name=?"; SqlStatement($sql, array($_POST['constant_name'])); //insert into the log table - to allow persistant customizations insert_language_log('', '', $_POST['constant_name'], ''); echo htmlspecialchars(xl('Constant', '', '', ' ') . $_POST['constant_name'] . xl('added', '', ' '), ENT_NOQUOTES) . '<br>'; } // echo "$sql here "; } ?> <TABLE> <FORM name="cons_form" METHOD=POST ACTION="?m=constant" onsubmit="return top.restoreSession()">
if ($author != "") { $sql = "SELECT FirstName, LastName FROM Users WHERE UserID = " . $author; $result = SqlQuery($loc, $sql); if ($row = $result->fetch_assoc()) { $authorName = $row["FirstName"] . " " . $row["LastName"]; } } if (isset($_SESSION["ERROR"])) { $error_msg = $_SESSION["ERROR"]; $sql = "SELECT * FROM ActiveWorkOrders"; } else { $sql = CreateFilterSQL($filters); } /* lib function that returns filtering SQL Query */ //print $sql; /*used for testing*/ $filterresult = SqlQuery($loc, $sql); $pagetitle = ""; $pagetext = ""; if ($sql != "") { if ($view == "full") { $tableheader = array("WO", "Title", "Receiving IPT", "DateNeeded", "CAP", "AP", "AS", "F ", "C"); } else { $tableheader = array("WO", "Title", "Receiving IPT", "DateNeeded"); } $tabledata = array(); while ($row = $filterresult->fetch_assoc()) { $wid = $row["WID"]; $rev = $row["Revision"]; $app = $row["Approved"] || $row["ApprovedByCap"]; $woname = WIDStrHtml($wid, $rev, $app); unset($dd);
function UpdateUser($param_list, $userid = 0) { global $config; $loc = "userlib.php->UpdateUser"; $pwchanged = false; $fields = array(array("LastName", "str"), array("FirstName", "str"), array("PasswordHash", "str"), array("NickName", "str"), array("Title", "str"), array("BadgeID", "str"), array("Email", "str"), array("Tags", "str"), array("Active", "bool")); if ($userid != 0) { $sql = "SELECT * FROM Users WHERE UserID=" . intval($userid); $result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { $error_msg = "Unable to update user. UserID=" . intval($userid) . " not found."; log_msg($loc, $error_msg); return $error_msg; } } else { if (!IsFieldInParamList("UserName", $param_list)) { $error_msg = 'Unable to update user. No UserName or UserID Given.'; log_msg($loc, $error_msg); return $error_msg; } $username = GetValueFromParamList($param_list, "UserName"); $sql = 'SELECT * FROM Users WHERE UserName="******"'; $result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { $error_msg = 'Unable to update user. UserName="******" not found.'; log_msg($loc, $error_msg); return $error_msg; } $row = $result->fetch_assoc(); $userid = intval($row["UserID"]); } // If the BadgeID is being changed we need to make sure its not a duplicate. if (IsFieldInParamList("BadgeID", $param_list)) { $badgeid = GetValueFromParamList($param_list, "BadgeID"); if (!blank($badgeid)) { if (!VerifyBadgeFormat($badgeid)) { $error_msg = 'Unable to update user. Bad Format for BadgeID. Must be in form of "A000".'; log_msg($loc, $error_msg); return $error_msg; } $sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"'; $result = SqlQuery($loc, $sql); while ($row = $result->fetch_assoc()) { if ($row["UserID"] != $userid) { $error_msg = 'Unable to update user. BadgeID ' . $badgeid . ' already in use.'; log_msg($loc, $error_msg); return $error_msg; } } } } // At this point, move all values into a seperate array, but treat password special. $data = array(); $c = 0; foreach ($param_list as $param_spec) { if (!isset($param_spec["FieldName"])) { continue; } if (!isset($param_spec["Value"])) { continue; } if ($param_spec["FieldName"] == "Password") { $pw = $param_spec["Value"]; if (empty($pw)) { continue; } $v = crypt($pw, $config["Salt"]); $pwchanged = true; $fn = "PasswordHash"; $data[$fn] = $v; $c++; continue; } $fn = $param_spec["FieldName"]; $v = $param_spec["Value"]; $data[$fn] = $v; $c++; } if ($c <= 0) { $error_msg = "Unable to update user. UserID=" . intval($userid) . ". Nothing to update."; log_msg($loc, $error_msg); return $error_msg; } // At this point, we have a userid that we can count on, and the data. $sql = 'UPDATE Users SET '; $sql .= GenerateSqlSet($data, $fields); $sql .= " WHERE UserID=" . intval($userid); SqlQuery($loc, $sql); $msg = 'Info for User ' . $userid . ' updated by ' . GetUserName() . '. '; if ($pwchanged) { $msg .= '(Including a password change.)'; } log_msg($loc, $msg); return true; }
// Created: 11/10/15 SS // -------------------------------------------------------------------- require_once "libs/all.php"; session_start(); log_page(); CheckLogin(); CheckEditor(); $loc = 'workorders_listids.php'; $timer = new Timer(); include "forms/header.php"; include "forms/navform.php"; include "forms/workorders_menubar.php"; echo '<div class="content_area">'; echo '<h2>List of Known Work Order IDs</h2>'; $sql = 'SELECT * FROM WorkOrders ORDER BY DateNeeded'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { // output data of each row echo "<br>\n"; echo '<table class="members_userlist">' . "\n<tr>\n"; echo "<th align=left width=80><u>WorkOrder ID</u></th>"; echo "<th align=left width=200><u>Name</u></th>"; echo "<th align=left width=200><u>Due Date</u></th>"; echo "<th align=left width=200><u>Requesting Approval</u></th>"; echo "<th align=left width=200><u>Receiving Approval</u></th>"; echo "<th align=left width=200><u>Office Approval</u></th>"; // echo "<th align=left width=200><u>Completed?</u></th>"; while ($row = $result->fetch_assoc()) { $WorkOrderID = $row["WorkOrderID"]; $WorkOrderName = $row["WorkOrderName"]; echo "\n<tr>";
public function LoadData($tn) { $this->tn = $tn; $sql = 'SELECT Distinct ScoutID FROM RawTeamInfo WHERE TeamNumber=' . intval($tn); $result = SqlQuery($this->loc, $sql); $this->Scouts = array(); while ($row = $result->fetch_assoc()) { $id = intval($row["ScoutID"]); $info = GetUserInfo($id); $this->Scouts[] = $info; } $sql = 'SELECT PicID FROM TeamPics WHERE TeamNumber=' . intval($tn); $result = SqlQuery($this->loc, $sql); $this->PicIDs = array(); while ($row = $result->fetch_assoc()) { $this->PicIDs[] = intval($row["PicID"]); } $data = GetTeamInfo($tn); if (isset($data["BestPicID"])) { $this->BestPicID = $data["BestPicID"]; } if (isset($data["NickName"])) { $this->NickName = $data["NickName"]; } }