function _getRecords_getQuery($options, $schema) { global $VIEWER_NAME, $TABLE_PREFIX; // create fieldlist $selectFields = "`{$options['tableName']}`.*"; // add left joins $LEFT_JOIN = ''; if (@$options['leftJoin']) { // Fix $_REQUEST keys containing tablename __replaceUnderscoresInRequest($options['tableName']); // add qualified fieldsnames to schema foreach (array_keys(getSchemaFields($schema)) as $fieldname) { $schema["{$options['tableName']}.{$fieldname}"] = $schema[$fieldname]; $schema["{$options['tableName']}.{$fieldname}"]['name'] = $fieldname; } // foreach ($options['leftJoin'] as $foreignTable => $foreignKey) { /* get ON condition * Modified pregmatch statment: * \b= match 'ON ' anywhere in string. * /i= don't match case. * \s= space */ if (preg_match("/\\bON\\s/i", $foreignKey)) { $ON_CONDITION = $foreignKey; } else { $ON_CONDITION = "ON {$options['tableName']}.`{$foreignKey}` = {$foreignTable}.num"; } // add left join $LEFT_JOIN .= "LEFT JOIN `{$TABLE_PREFIX}{$foreignTable}` AS `{$foreignTable}` {$ON_CONDITION}\n"; // add fieldnames to SELECT $foreignSchemaFields = getSchemaFields($foreignTable); $validFieldTypes = array('textfield', 'textbox', 'wysiwyg', 'date', 'list', 'checkbox'); foreach (array_keys($foreignSchemaFields) as $fieldname) { if (in_array(@$foreignSchemaFields[$fieldname]['type'], $validFieldTypes) || @$fieldname == 'num') { $selectFields .= ",\n {$foreignTable}.`{$fieldname}` as `{$foreignTable}.{$fieldname}`"; } // Fix $_REQUEST keys containing tablename __replaceUnderscoresInRequest($foreignTable); // add fieldnames to schema $schema["{$foreignTable}.{$fieldname}"] = $foreignSchemaFields[$fieldname]; $schema["{$foreignTable}.{$fieldname}"]['name'] = $fieldname; } } } // create where $where = @$options['where']; if ($options['allowSearch']) { $defaultWhere = _createDefaultWhereWithFormInput($schema, '', $options); if ($options['requireSearchMatch'] && !$defaultWhere) { $defaultWhere = "0 = 1"; } // always false if (!$where) { $where = $defaultWhere; } elseif ($where && $defaultWhere) { $where = "({$where}) AND ({$defaultWhere})"; } // v2.51 Fixed potential AND/OR precedence issue by adding () AND () } if (@$schema['createdByUserNum'] && @$schema['_hideRecordsFromDisabledAccounts'] && !@$options['includeDisabledAccounts']) { if ($where) { $where .= " AND "; } $subquery = "SELECT num FROM `{$TABLE_PREFIX}accounts` WHERE disabled != 1 AND (expiresDate > NOW() OR neverExpires = 1)"; $where .= "{$options['tableName']}.createdByUserNum IN ({$subquery})"; } $where = _addWhereConditionsForSpecialFields($schema, $where, $options, $options['tableName']); // adds WHERE to beginning of string, do this LAST if (@$options['orWhere']) { $where = preg_replace("/^\\s*WHERE\\s*/i", '', $where); // remove WHERE keyword if ($where) { $where = "({$where}) OR {$options['orWhere']}"; } else { $where = $options['orWhere']; } if ($where) { $where = "\nWHERE {$where}"; } } // add select expr if (@$options['addSelectExpr']) { $selectFields .= ", {$options['addSelectExpr']}"; } // create query $query = "SELECT SQL_CALC_FOUND_ROWS {$selectFields}\n"; $query .= "FROM `{$TABLE_PREFIX}{$options['tableName']}` as `{$options['tableName']}`\n"; $query .= $LEFT_JOIN; $query .= "{$where}\n"; $query .= @$options['groupBy'] ? " GROUP BY {$options['groupBy']}" : ''; $query .= @$options['having'] ? " HAVING {$options['having']}" : ''; $query .= @$options['orderBy'] ? " ORDER BY {$options['orderBy']}" : ''; if (@$options['limit']) { $query .= "\n LIMIT " . (int) $options['limit']; } if (@$options['offset']) { $query .= "\nOFFSET " . (int) $options['offset']; } if (@$options['debugSql']) { print "<xmp>{$query}</xmp>"; } return $query; }
function _getRecordValuesFromFormInput($fieldPrefix = '') { global $schema, $CURRENT_USER, $tableName, $isMyAccountMenu; $recordValues = array(); $specialFields = array('num', 'createdDate', 'createdByUserNum', 'updatedDate', 'updatedByUserNum'); // load schema columns foreach (getSchemaFields($schema) as $fieldname => $fieldSchema) { if (!userHasFieldAccess($fieldSchema)) { continue; } // skip fields that the user has no access to if ($tableName == 'accounts' && $fieldname == 'isAdmin' && !$CURRENT_USER['isAdmin']) { continue; } // skip admin only fields // special cases: don't let user set values for: if (in_array($fieldname, $specialFields)) { continue; } if ($isMyAccountMenu) { if (@(!$fieldSchema['myAccountField'])) { continue; } // my account - skip fields not displayed or allowed to be edited in "my account" if ($fieldname == 'password' && !@$_REQUEST[$fieldPrefix . 'password']) { continue; } // my account - skip password field if no value submitted } // switch (@$fieldSchema['type']) { case 'textfield': case 'wysiwyg': case 'checkbox': case 'parentCategory': $recordValues[$fieldname] = $_REQUEST[$fieldPrefix . $fieldname]; break; case 'textbox': $fieldValue = $_REQUEST[$fieldPrefix . $fieldname]; if ($fieldSchema['autoFormat']) { $fieldValue = preg_replace("/\r\n|\n/", "<br/>\n", $fieldValue); // add break tags } $recordValues[$fieldname] = $fieldValue; break; case 'date': $recordValues[$fieldname] = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $_REQUEST["{$fieldPrefix}{$fieldname}:year"], $_REQUEST["{$fieldPrefix}{$fieldname}:mon"], $_REQUEST["{$fieldPrefix}{$fieldname}:day"], _getHour24ValueFromDateInput($fieldPrefix . $fieldname), (int) @$_REQUEST["{$fieldPrefix}{$fieldname}:min"], (int) @$_REQUEST["{$fieldPrefix}{$fieldname}:sec"]); break; case 'list': if (is_array(@$_REQUEST[$fieldPrefix . $fieldname]) && @$_REQUEST[$fieldPrefix . $fieldname]) { // store multi-value fields as tab delimited with leading/trailing tabs // for easy matching of single values - LIKE "%\tvalue\t%" $recordValues[$fieldname] = "\t" . join("\t", $_REQUEST[$fieldPrefix . $fieldname]) . "\t"; } else { $recordValues[$fieldname] = @$_REQUEST[$fieldPrefix . $fieldname]; } break; case 'upload': // images need to be loaded with seperate function call. break; case 'dateCalendar': _updateDateCalendar($fieldname); break; // ignored fields // ignored fields case '': // ignore these fields when saving user input // ignore these fields when saving user input case 'none': // ... // ... case 'separator': // ... // ... case 'relatedRecords': // ... // ... case 'accessList': // ... break; default: die(__FUNCTION__ . ": field '{$fieldname}' has unknown field type '" . @$fieldSchema['type'] . "'"); break; } } return $recordValues; }
function getTableRow($record, $value, $formType) { global $isMyAccountMenu; $parentTable = $GLOBALS['menu']; // set field attributes $relatedTable = $this->relatedTable; $relatedWhere = getEvalOutput(@$this->relatedWhere); $seeMoreLink = @$this->relatedMoreLink ? "?menu={$relatedTable}&search=1&_ignoreSavedSearch=1&" . getEvalOutput($this->relatedMoreLink) : ''; // load list functions require_once "lib/menus/default/list_functions.php"; require_once "lib/viewer_functions.php"; // save and update globals list($originalMenu, $originalTableName, $originalSchema) = array($GLOBALS['menu'], $GLOBALS['tableName'], $GLOBALS['schema']); $GLOBALS['menu'] = $relatedTable; $GLOBALS['tableName'] = $relatedTable; $GLOBALS['schema'] = loadSchema($relatedTable); $GLOBALS['schema'] = array_merge($GLOBALS['schema'], getSchemaFields($GLOBALS['schema'])); // v2.16+, add pseudo-fields name and _tableName to all fieldSchemas. Doing this once here instead of every time in loadSchema() is less expensive // load list data list($listFields, $records, $metaData) = list_functions_init(array('isRelatedRecords' => true, 'tableName' => $relatedTable, 'where' => $relatedWhere, 'perPage' => @$this->relatedLimit)); ### show header $html = ''; $recordCount = count($records); $oneOrZero = $recordCount > 0 ? 1 : 0; $seeMoreHTML = $seeMoreLink ? "<br/><a href='{$seeMoreLink}'>" . htmlencode(t("see related records >>")) . "</a>" : ''; $showingText = sprintf(t('Showing %1$s - %2$s of %3$s related records'), $oneOrZero, $recordCount, $metaData['totalRecords']); ob_start(); ?> <tr><td colspan="2"> <div class="clear"></div> <div class="content-box"> <div class="content-box-header"> <div style="float:right; text-align: right; line-height: 110%"> <?php echo $showingText; ?> <?php echo $seeMoreHTML; ?> </div> <h3><?php echo $this->label; ?> <!-- --></h3> <div class="clear"></div> </div> <!-- End .content-box-header --> <div class="content-box-content"> <?php $html .= ob_get_clean(); ### show body // show list ob_start(); showListTable($listFields, $records, array('isRelatedRecords' => true, 'showView' => @$this->relatedView, 'showModify' => @$this->relatedModify, 'showErase' => @$this->relatedErase, 'showCreate' => @$this->relatedCreate)); $html .= ob_get_clean(); ### get footer $buttonsRight = ''; if (@$this->relatedCreate) { // show "create" button for related records $buttonsRight = relatedRecordsButton(t('Create'), "?menu={$relatedTable}&action=edit&{$parentTable}Num=###"); } $tableName = $relatedTable; $isRelatedTable = true; $buttonsRight = applyFilters('list_buttonsRight', $buttonsRight, $tableName, $isRelatedTable); $html .= <<<__FOOTER__ <div style='float:right; padding-top: 3px'> {$buttonsRight} </div> <div class='clear'></div> </div><!-- End .content-box-content --> </div><!-- End .content-box --> </td></tr> __FOOTER__; // reset globals list($GLOBALS['menu'], $GLOBALS['tableName'], $GLOBALS['schema']) = array($originalMenu, $originalTableName, $originalSchema); // return $html; }
<?php // load libraries require_once "lib/menus/default/common.php"; require_once file_exists('lib/wysiwyg_custom.php') ? 'lib/wysiwyg_custom.php' : 'lib/wysiwyg.php'; // set globals global $TABLE_PREFIX, $tableName, $escapedTableName, $action, $schema, $CURRENT_USER, $hasEditorAccess, $hasAuthorAccess, $hasViewerAccess, $hasViewerAccessOnly, $hasAuthorViewerAccess, $isMyAccountMenu, $isSingleMenu; $isMyAccountMenu = $menu == '_myaccount'; $tableName = $isMyAccountMenu ? 'accounts' : $menu; $schema = loadSchema($tableName); $schema = array_merge($schema, getSchemaFields($schema)); // v2.16+, add pseudo-fields name and _tableName to all fieldSchemas. Doing this once here instead of every time in loadSchema() is less expensive $escapedTableName = mysql_escape($TABLE_PREFIX . $tableName); $hasEditorAccess = userSectionAccess($tableName) >= 9; $hasAuthorAccess = userSectionAccess($tableName) >= 6; $hasViewerAccess = userSectionAccess($tableName) >= 3; $hasViewerAccessOnly = userSectionAccess($tableName) == 3; $hasAuthorViewerAccess = userSectionAccess($tableName) >= 7; $isSingleMenu = @$schema['menuType'] == 'single'; // get action if ($isSingleMenu && $hasAuthorAccess) { $_defaultAction = 'edit'; } elseif ($isSingleMenu && $hasViewerAccess) { $_defaultAction = 'view'; } else { $_defaultAction = 'list'; } $action = getRequestedAction($_defaultAction); // doAction('section_init', $tableName, $action); //