Ejemplo n.º 1
0
function check_user($user, $pass)
{
    global $emergency_password, $admin_dsn;
    if (!isset($admin_dsn)) {
        if (defined('DSN')) {
            $admin_dsn = DSN;
        } else {
            die('No DSN nor admin_dsn, check config.php');
        }
    }
    $alm_user = new alm_userTable();
    $pass = md5($alm_user->escape($pass));
    $alm_user->readEnv();
    $alm_user_data = @$alm_user->readDataFilter("idalm_user='******' AND password='******'");
    if (almdata::basicError($alm_user->data, $admin_dsn) && $pass === $emergency_password) {
        $_SESSION['idalm_user'] = '******';
        $_SESSION['alm_user'] = '******';
        return true;
    } elseif (is_array($alm_user_data)) {
        //Cargar Credenciales
        $_SESSION['credentials'] = get_credentials($alm_user_data[0]['idalm_user']);
        $_SESSION['idalm_role'] = $alm_user_data[0]['idalm_role'];
        $_SESSION['idalm_user'] = $alm_user_data[0]['idalm_user'];
        $_SESSION['alm_user'] = $alm_user_data[0]['alm_user'];
        return true;
    } else {
        return false;
    }
}
Ejemplo n.º 2
0
                         }
                         if (!isset($global_dd[$campo]['name'])) {
                             $global_dd[$campo]['name'] = null;
                         }
                         $sql_fix .= "ALTER TABLE {$data->name} ADD COLUMN " . genColumnSQL($data->dd[$campo], $dbtype, $global_dd[$campo]['name'] === $data->key) . ";\n";
                     }
                 }
             }
         } else {
             $tables_output .= "{$green}<br/>";
         }
     }
     break;
 case 'exec':
     if (isset($_REQUEST['sqlcmd'])) {
         $sqlcmd = almdata::escape($_REQUEST['sqlcmd']);
     } else {
         $sqlcmd = '';
     }
     if (!isset($_REQUEST['fix'])) {
         $output .= '<form><input type="hidden" name="action" value="exec"/><textarea name="sqlcmd" cols="80">' . $sqlcmd . '</textarea><br/><input type="submit" value="Ejecutar SQL"></form>';
     } else {
         $output .= "SQL Aplicado: " . $sqlcmd;
     }
     if ($sqlcmd) {
         $data = new Data();
         $data->execSql($sqlcmd);
         $sqldata = $data->getArray();
         $output .= "<pre>" . print_r($sqldata, 1) . "</pre>";
     }
     break;
Ejemplo n.º 3
0
$sql_fix = '';
if (almdata::isError($this->data)) {
    #$existe = $this->catalogTableExists($this->name);
    $sqlcmd = "SELECT * FROM {$this->name} LIMIT 1";
    @$this->execSql($sqlcmd);
    if (almdata::isError($this->data)) {
        $sql_fix = genSQL($this->name);
        $this->execSql($sql_fix);
        echo "AUTO SQL {$sql_fix}<br/>\n";
    } else {
        $campos = preg_split('/,/', $this->table_fields);
        foreach ($campos as $campo) {
            #$existe = $this->catalogColumnExists($campo['name']);
            $sqlcmd = "SELECT {$campo} FROM {$this->name} LIMIT 1";
            @$this->execSql($sqlcmd);
            if (almdata::isError($this->data)) {
                list($tmp, $campo) = preg_split('/\\./', $campo);
                $size = isset($this->dd[$campo]['size']) && $this->dd[$campo]['size'] > 0 ? '(' . $this->dd[$campo]['size'] . ')' : '';
                if (!isset($this->key)) {
                    $this->key = false;
                }
                if (!isset($global_dd[$campo])) {
                    $global_dd[$campo] = null;
                }
                if (!isset($global_dd[$campo]['name'])) {
                    $global_dd[$campo]['name'] = null;
                }
                $sql_fix = "ALTER TABLE {$this->name} ADD COLUMN " . genColumnSQL($this->dd[$campo], $dbtype, $global_dd[$campo]['name'] === $this->key) . "; ";
                $this->execSql($sql_fix);
                echo "AUTO SQL {$sql_fix}<br/>\n";
            }
Ejemplo n.º 4
0
            break;
        case 'bool':
        case 'boolean':
            $value = isset($this->request[$column['name']]) ? $this->request[$column['name']] : '0';
            $value = !$value || $value == 'false' || $value == '0' ? '0' : '1';
            $values .= $column['name'] . "=" . "'" . $value . "'";
            break;
        case 'date':
        case 'datenull':
            $value = $this->request[$column['name']];
            if (isset($value) && $value != '0-00-0') {
                $value = almdata::escape($this->request[$column['name']]);
                $values .= $column['name'] . "= '" . $value . "'";
            } else {
                $values .= $column['name'] . "=NULL";
            }
            break;
        default:
            if (isset($this->request[$column['name']])) {
                $value = $this->escaped ? $this->request[$column['name']] : almdata::escape($this->request[$column['name']]);
                $values .= $column['name'] . "=" . "'" . $value . "'";
            } else {
                $values .= $column['name'] . "=NULL";
            }
            break;
    }
    $n++;
    if ($maxcols && $n + $skipped_cols >= $maxcols) {
        break;
    }
}
Ejemplo n.º 5
0
<?php

$this->execSql($sqlcmd);
for ($i = 0; $i < $this->num; $i++) {
    $row = almdata::fetchRow(null, false);
    $array_rows[] = $row[0];
}
Ejemplo n.º 6
0
<?php

global $DSN;
// FIXME: hay una variable DSN? o esto es para algun backward-compatibility?
if ($DSN) {
    $this->database = almdata::connect($DSN);
} else {
    $this->database = almdata::connect(DSN);
}
$this->num = 0;
$this->cols = 0;
$this->max = MAXROWS;
$this->current_pg = isset($_REQUEST['pg']) ? (int) $_REQUEST['pg'] : '1';
Ejemplo n.º 7
0
<?php

#  function check_error($sqlcmd, $extra = '', $die = false) {
if (almdata::isError($sqlcmd)) {
    $error_msg = $this->errors[md5($sqlcmd)];
    if ($extra) {
        $error_msg .= " -- " . $extra;
    }
    $error_msg .= " -- " . $_SERVER['SCRIPT_NAME'];
    if (DEBUG === true) {
        print '<table bgcolor="red"><tr><td>';
        trigger_error(htmlentities($error_msg) . "<br/>\n");
        print '</td></tr></table>';
    }
    error_log(date("[D M d H:i:s Y]") . " Error: " . $error_msg . "\n");
    if ($die) {
        die;
    }
} elseif (ALM_SQL_DEBUG !== false && $extra) {
    $this->sql_log($extra);
}
Ejemplo n.º 8
0
<?php

if ($cache === true && file_exists($this->filecache) && time() - filemtime($this->filecache) <= ALM_CACHE_TIME) {
    $array_rows = unserialize(file_get_contents($this->filecache));
} else {
    for ($i = 0; $i < $this->num; $i++) {
        $row = almdata::fetchRow($this->data);
        if (isset($row[$this->key])) {
            if ($row[$this->key] == $this->current_id) {
                $this->current_record = $row;
            }
        }
        if ($this->html) {
            foreach ($row as $key => $val) {
                $row[$key] = htmlentities($val, ENT_COMPAT, 'UTF-8');
            }
        }
        $array_rows[] = $row;
    }
    if (isset($array_rows) && $cache === true) {
        file_put_contents($this->filecache, serialize($array_rows));
    }
}
Ejemplo n.º 9
0
if (!isset($id)) {
    foreach ($this->keys as $key => $val) {
        $id[] = null;
    }
}
foreach ($id as $key => $val) {
    if (empty($val)) {
        $val = $this->request[$this->keys[$key]];
    }
    $keyfilter[] = $this->keys[$key] . " = '{$val}'";
}
$filter = join(' AND ', $keyfilter);
# Borra imagenes o archivos relacionados a este registro
$getfiles = $this->getFiles();
if (!empty($getfiles)) {
    $tmp = $this->readRecord($id);
    foreach ($getfiles as $val) {
        if (!empty($tmp[$val])) {
            # CDN? Remove object
            if (isset($this->dd[$val]['extra']['cdn']) && $this->dd[$val]['extra']['cdn'] === true) {
                $cloudfiles = almdata::cdn_connect();
                $cloudfiles->delete_object($tmp[$val]);
            } else {
                unlink(ROOTDIR . '/files/' . $this->name . '/' . $tmp[$val]);
            }
        }
    }
}
# Borra registro en base de datos
$sqlcmd = "DELETE FROM {$this->name} WHERE {$filter}";
$result = $this->query($sqlcmd);
Ejemplo n.º 10
0
<?php

//FIXME: Solo usa la primera llave, qué pasa con tablas que usan más de una llave?
if (!$sqlcmd) {
    $key = $this->keys[0];
    if (isset($this->dd[$this->name])) {
        $sqlcmd = "SELECT {$key}, {$this->name} FROM {$this->name} _WHERE_ ORDER BY {$this->name}.{$this->name}";
    } else {
        $sqlcmd = "SELECT {$key}, {$key} AS {$this->name} FROM {$this->name} _WHERE_ ORDER BY {$this->name}";
    }
}
/* $sqlcmd no contiene comando sql sino nombre de la tabla !?! */
global $global_dd;
if (!preg_match("/^SELECT/", $sqlcmd)) {
    $table = $sqlcmd;
    $id = $global_dd[$table]['keys'][0];
    $descriptor = $global_dd[$table]['descriptor'];
    $sqlcmd = "SELECT {$id}, {$descriptor} FROM {$sqlcmd} _WHERE_ ORDER BY {$descriptor}";
}
if ($filter) {
    $sqlcmd = preg_replace('/_WHERE_/ ', "WHERE {$filter}", $sqlcmd);
} else {
    $sqlcmd = preg_replace('/_WHERE_/ ', '', $sqlcmd);
}
$result = $this->query($sqlcmd);
$num = almdata::rows($result);
$menu = array();
for ($i = 0; $i < $num; $i++) {
    $r = almdata::fetchRow($result, false);
    $menu[$r[0]] = $r[1];
}
Ejemplo n.º 11
0
 /**
  * obtiene el ultimo error del db server, distintos comandos para cada db server
  * @param string $data FIXME: que es esto?
  * @param string $dsn dsn de conexion a db server
  * @return string conteniendo el ultimo error (last_error)
  * FIXME: por que hacer switch(dbtype) aqui?
  */
 function basicError($data = null, $dsn)
 {
     list($dbtype, $dbname, $host, $username, $pass) = almdata::parseDSN($dsn);
     switch ($dbtype) {
         case 'pgsql':
             $error = @pg_last_error();
             break;
         case 'sqlite':
             $error = @sqlite_last_error();
             break;
         case 'mysql':
             $error = @mysql_error();
             break;
         default:
             $error = null;
     }
     return $error;
 }
Ejemplo n.º 12
0
<?php

if ($this->database) {
    $tmpvar = almdata::escape($tmpvar);
}
switch ($type) {
    case 'varchar':
        $type = 'string';
        break;
    case 'numeric':
        $tmpvar = number_format((double) str_replace(',', '', $tmpvar), 2, '.', '');
        $type = 'float';
        break;
    case 'int':
    case 'smallint':
    case 'serial':
        $tmpvar = (int) str_replace(',', '', $tmpvar);
        $type = 'int';
        break;
    default:
        $type = 'string';
}
settype($tmpvar, $type);
#if ($type == 'string') {
if ($type == 'string' && !$allow_js) {
    $tmpvar = preg_replace("/<script[^>]*?>.*?<\\/script>/i", "", $tmpvar);
}
if ($type == 'string' && !$html) {
    $tmpvar = strip_tags($tmpvar, ALM_ALLOW_TAGS);
}
Ejemplo n.º 13
0
<?php

if (preg_match("/(?!')'(\\s*?);/", $sqlcmd)) {
    error_log(date("[D M d H:i:s Y]") . " Query invalido. " . $sqlcmd . "\n");
    return false;
}
$result = almdata::query($sqlcmd);
$this->check_error($sqlcmd, $sqlcmd);
Ejemplo n.º 14
0
function performTests()
{
    global $failed, $test_output, $action, $admin_db_failed, $public_db_failed, $admin_dsn, $public_dsn, $smarty, $global_dd, $alm_connect;
    $failed = false;
    $red = '<font color="red">FALL&Oacute;</font>';
    $green = '<font color="green">PAS&Oacute;</font>';
    # Old versions don't use admin_dsn public_dsn but simply a DSN constant
    if (!isset($admin_dsn)) {
        $admin_dsn = DSN;
    }
    if (!isset($public_dsn)) {
        $public_dsn = DSN;
    }
    $test_output .= "Probando conexion a base de datos (public)... ";
    unset($alm_connect[$public_dsn]);
    $db = almdata::connect($public_dsn);
    if (almdata::basicError($db, $public_dsn) || !$alm_connect[$public_dsn]) {
        $error_msg = almdata::basicError($db, $public_dsn);
        $test_output .= "{$red} <i>{$error_msg}</i><br/>";
        $failed = true;
        $public_db_failed = true;
    } else {
        $test_output .= "{$green}<br/>";
    }
    # Check admin connection last, so that we stay admin...
    $test_output = "Probando conexion a base de datos (admin)... ";
    unset($alm_connect[$admin_dsn]);
    $db = almdata::connect($admin_dsn);
    if (almdata::basicError($db, $admin_dsn) || !$alm_connect[$admin_dsn]) {
        $error_msg = almdata::basicError($db, $admin_dsn);
        $test_output .= "{$red} <i>{$error_msg}</i><br/>";
        $failed = true;
        $admin_db_failed = true;
    } else {
        $test_output .= "{$green}<br/>";
    }
    $test_output .= "Probando configuracion de PHP... ";
    if (get_cfg_var('short_open_tag') != 1) {
        $test_output .= "{$red} <i>short_open_tag = " . get_cfg_var('short_open_tag') . "</i><br/>";
        $failed = true;
    } else {
        $test_output .= "{$green}<br/>";
    }
    $test_output .= "Probando permisos de directorios... ";
    if (checkPerms($smarty->compile_dir) !== true) {
        $test_output .= "{$red} <i> {$smarty->compile_dir} = " . checkPerms($smarty->compile_dir) . "</i><br/>";
    }
    if (checkPerms($smarty->cache_dir) !== true) {
        $test_output .= "{$red} <i> {$smarty->cache_dir} = " . checkPerms($smarty->cache_dir) . "</i><br/>";
    }
    $logs_dir = ROOTDIR . '/logs';
    if (checkPerms($logs_dir) !== true) {
        $test_output .= "{$red} <i> {$logs_dir} = " . checkPerms($logs_dir) . "</i><br/>";
    }
    $files_dir = ROOTDIR . '/files';
    if (checkPerms($files_dir) !== true) {
        $test_output .= "{$red} <i> {$files_dir} = " . checkPerms($files_dir) . "</i><br/>";
    }
    if (checkPerms($smarty->compile_dir) === true && checkPerms($smarty->cache_dir) === true) {
        $test_output .= "{$green}<br/>";
    } else {
        $failed = true;
    }
    $test_output .= "Dónde está almidón? ";
    if (defined('ALMIDONDIR')) {
        $test_output .= '<font color="green">' . ALMIDONDIR . '</font><br/>';
    } else {
        $failed = true;
        $test_output .= $red;
    }
    $test_output .= "BD Almidonizada? ";
    list($type, $tmp) = preg_split('/:\\/\\//', $admin_dsn);
    if ($type == 'pgsql') {
        $sqlcmd = "SELECT relname FROM pg_class WHERE  pg_class.relkind = 'r' AND pg_class.relname LIKE 'alm_%'";
    } elseif ($type == 'mysql') {
        $sqlcmd = "SHOW TABLES LIKE 'alm_%';";
    }
    $data = new Data();
    $var = @$data->getList($sqlcmd);
    if (count($var) >= 5) {
        $test_output .= '<font color="green">' . print_r($var, 1) . '</font>';
    } else {
        #$failed = true;
        $test_output .= $red;
    }
    if ($failed) {
        $action = 'failed';
        $test_output .= '<br/><br/><font color="red">Por favor corregir antes de continuar con la instalaci&oacute;n</font>';
    }
}
Ejemplo n.º 15
0
 /**
  * "escapea" una cadena para poder usarla de manera segura en comando sql
  * @param string $var cadena a "escapear"
  * @return string escaped string, lista para usar en sql
  */
 function escape($var)
 {
     return almdata::escape($var);
 }