function check_user($user, $pass)
{
global $emergency_password, $admin_dsn;
if (!isset($admin_dsn)) {
if (defined('DSN')) {
$admin_dsn = DSN;
} else {
die('No DSN nor admin_dsn, check config.php');
}
}
$alm_user = new alm_userTable();
$pass = md5($alm_user->escape($pass));
$alm_user->readEnv();
$alm_user_data = @$alm_user->readDataFilter("idalm_user='******' AND password='******'");
if (almdata::basicError($alm_user->data, $admin_dsn) && $pass === $emergency_password) {
$_SESSION['idalm_user'] = '******';
$_SESSION['alm_user'] = '******';
return true;
} elseif (is_array($alm_user_data)) {
//Cargar Credenciales
$_SESSION['credentials'] = get_credentials($alm_user_data[0]['idalm_user']);
$_SESSION['idalm_role'] = $alm_user_data[0]['idalm_role'];
$_SESSION['idalm_user'] = $alm_user_data[0]['idalm_user'];
$_SESSION['alm_user'] = $alm_user_data[0]['alm_user'];
return true;
} else {
return false;
}
}
}
if (!isset($global_dd[$campo]['name'])) {
$global_dd[$campo]['name'] = null;
}
$sql_fix .= "ALTER TABLE {$data->name} ADD COLUMN " . genColumnSQL($data->dd[$campo], $dbtype, $global_dd[$campo]['name'] === $data->key) . ";\n";
}
}
}
} else {
$tables_output .= "{$green}<br/>";
}
}
break;
case 'exec':
if (isset($_REQUEST['sqlcmd'])) {
$sqlcmd = almdata::escape($_REQUEST['sqlcmd']);
} else {
$sqlcmd = '';
}
if (!isset($_REQUEST['fix'])) {
$output .= '<form><input type="hidden" name="action" value="exec"/><textarea name="sqlcmd" cols="80">' . $sqlcmd . '</textarea><br/><input type="submit" value="Ejecutar SQL"></form>';
} else {
$output .= "SQL Aplicado: " . $sqlcmd;
}
if ($sqlcmd) {
$data = new Data();
$data->execSql($sqlcmd);
$sqldata = $data->getArray();
$output .= "<pre>" . print_r($sqldata, 1) . "</pre>";
}
break;
$sql_fix = '';
if (almdata::isError($this->data)) {
#$existe = $this->catalogTableExists($this->name);
$sqlcmd = "SELECT * FROM {$this->name} LIMIT 1";
@$this->execSql($sqlcmd);
if (almdata::isError($this->data)) {
$sql_fix = genSQL($this->name);
$this->execSql($sql_fix);
echo "AUTO SQL {$sql_fix}<br/>\n";
} else {
$campos = preg_split('/,/', $this->table_fields);
foreach ($campos as $campo) {
#$existe = $this->catalogColumnExists($campo['name']);
$sqlcmd = "SELECT {$campo} FROM {$this->name} LIMIT 1";
@$this->execSql($sqlcmd);
if (almdata::isError($this->data)) {
list($tmp, $campo) = preg_split('/\\./', $campo);
$size = isset($this->dd[$campo]['size']) && $this->dd[$campo]['size'] > 0 ? '(' . $this->dd[$campo]['size'] . ')' : '';
if (!isset($this->key)) {
$this->key = false;
}
if (!isset($global_dd[$campo])) {
$global_dd[$campo] = null;
}
if (!isset($global_dd[$campo]['name'])) {
$global_dd[$campo]['name'] = null;
}
$sql_fix = "ALTER TABLE {$this->name} ADD COLUMN " . genColumnSQL($this->dd[$campo], $dbtype, $global_dd[$campo]['name'] === $this->key) . "; ";
$this->execSql($sql_fix);
echo "AUTO SQL {$sql_fix}<br/>\n";
}
break;
case 'bool':
case 'boolean':
$value = isset($this->request[$column['name']]) ? $this->request[$column['name']] : '0';
$value = !$value || $value == 'false' || $value == '0' ? '0' : '1';
$values .= $column['name'] . "=" . "'" . $value . "'";
break;
case 'date':
case 'datenull':
$value = $this->request[$column['name']];
if (isset($value) && $value != '0-00-0') {
$value = almdata::escape($this->request[$column['name']]);
$values .= $column['name'] . "= '" . $value . "'";
} else {
$values .= $column['name'] . "=NULL";
}
break;
default:
if (isset($this->request[$column['name']])) {
$value = $this->escaped ? $this->request[$column['name']] : almdata::escape($this->request[$column['name']]);
$values .= $column['name'] . "=" . "'" . $value . "'";
} else {
$values .= $column['name'] . "=NULL";
}
break;
}
$n++;
if ($maxcols && $n + $skipped_cols >= $maxcols) {
break;
}
}
<?php
$this->execSql($sqlcmd);
for ($i = 0; $i < $this->num; $i++) {
$row = almdata::fetchRow(null, false);
$array_rows[] = $row[0];
}
<?php
global $DSN;
// FIXME: hay una variable DSN? o esto es para algun backward-compatibility?
if ($DSN) {
$this->database = almdata::connect($DSN);
} else {
$this->database = almdata::connect(DSN);
}
$this->num = 0;
$this->cols = 0;
$this->max = MAXROWS;
$this->current_pg = isset($_REQUEST['pg']) ? (int) $_REQUEST['pg'] : '1';
<?php
# function check_error($sqlcmd, $extra = '', $die = false) {
if (almdata::isError($sqlcmd)) {
$error_msg = $this->errors[md5($sqlcmd)];
if ($extra) {
$error_msg .= " -- " . $extra;
}
$error_msg .= " -- " . $_SERVER['SCRIPT_NAME'];
if (DEBUG === true) {
print '<table bgcolor="red"><tr><td>';
trigger_error(htmlentities($error_msg) . "<br/>\n");
print '</td></tr></table>';
}
error_log(date("[D M d H:i:s Y]") . " Error: " . $error_msg . "\n");
if ($die) {
die;
}
} elseif (ALM_SQL_DEBUG !== false && $extra) {
$this->sql_log($extra);
}
<?php
if ($cache === true && file_exists($this->filecache) && time() - filemtime($this->filecache) <= ALM_CACHE_TIME) {
$array_rows = unserialize(file_get_contents($this->filecache));
} else {
for ($i = 0; $i < $this->num; $i++) {
$row = almdata::fetchRow($this->data);
if (isset($row[$this->key])) {
if ($row[$this->key] == $this->current_id) {
$this->current_record = $row;
}
}
if ($this->html) {
foreach ($row as $key => $val) {
$row[$key] = htmlentities($val, ENT_COMPAT, 'UTF-8');
}
}
$array_rows[] = $row;
}
if (isset($array_rows) && $cache === true) {
file_put_contents($this->filecache, serialize($array_rows));
}
}
if (!isset($id)) {
foreach ($this->keys as $key => $val) {
$id[] = null;
}
}
foreach ($id as $key => $val) {
if (empty($val)) {
$val = $this->request[$this->keys[$key]];
}
$keyfilter[] = $this->keys[$key] . " = '{$val}'";
}
$filter = join(' AND ', $keyfilter);
# Borra imagenes o archivos relacionados a este registro
$getfiles = $this->getFiles();
if (!empty($getfiles)) {
$tmp = $this->readRecord($id);
foreach ($getfiles as $val) {
if (!empty($tmp[$val])) {
# CDN? Remove object
if (isset($this->dd[$val]['extra']['cdn']) && $this->dd[$val]['extra']['cdn'] === true) {
$cloudfiles = almdata::cdn_connect();
$cloudfiles->delete_object($tmp[$val]);
} else {
unlink(ROOTDIR . '/files/' . $this->name . '/' . $tmp[$val]);
}
}
}
}
# Borra registro en base de datos
$sqlcmd = "DELETE FROM {$this->name} WHERE {$filter}";
$result = $this->query($sqlcmd);
<?php
//FIXME: Solo usa la primera llave, qué pasa con tablas que usan más de una llave?
if (!$sqlcmd) {
$key = $this->keys[0];
if (isset($this->dd[$this->name])) {
$sqlcmd = "SELECT {$key}, {$this->name} FROM {$this->name} _WHERE_ ORDER BY {$this->name}.{$this->name}";
} else {
$sqlcmd = "SELECT {$key}, {$key} AS {$this->name} FROM {$this->name} _WHERE_ ORDER BY {$this->name}";
}
}
/* $sqlcmd no contiene comando sql sino nombre de la tabla !?! */
global $global_dd;
if (!preg_match("/^SELECT/", $sqlcmd)) {
$table = $sqlcmd;
$id = $global_dd[$table]['keys'][0];
$descriptor = $global_dd[$table]['descriptor'];
$sqlcmd = "SELECT {$id}, {$descriptor} FROM {$sqlcmd} _WHERE_ ORDER BY {$descriptor}";
}
if ($filter) {
$sqlcmd = preg_replace('/_WHERE_/ ', "WHERE {$filter}", $sqlcmd);
} else {
$sqlcmd = preg_replace('/_WHERE_/ ', '', $sqlcmd);
}
$result = $this->query($sqlcmd);
$num = almdata::rows($result);
$menu = array();
for ($i = 0; $i < $num; $i++) {
$r = almdata::fetchRow($result, false);
$menu[$r[0]] = $r[1];
}
/**
* obtiene el ultimo error del db server, distintos comandos para cada db server
* @param string $data FIXME: que es esto?
* @param string $dsn dsn de conexion a db server
* @return string conteniendo el ultimo error (last_error)
* FIXME: por que hacer switch(dbtype) aqui?
*/
function basicError($data = null, $dsn)
{
list($dbtype, $dbname, $host, $username, $pass) = almdata::parseDSN($dsn);
switch ($dbtype) {
case 'pgsql':
$error = @pg_last_error();
break;
case 'sqlite':
$error = @sqlite_last_error();
break;
case 'mysql':
$error = @mysql_error();
break;
default:
$error = null;
}
return $error;
}
<?php
if ($this->database) {
$tmpvar = almdata::escape($tmpvar);
}
switch ($type) {
case 'varchar':
$type = 'string';
break;
case 'numeric':
$tmpvar = number_format((double) str_replace(',', '', $tmpvar), 2, '.', '');
$type = 'float';
break;
case 'int':
case 'smallint':
case 'serial':
$tmpvar = (int) str_replace(',', '', $tmpvar);
$type = 'int';
break;
default:
$type = 'string';
}
settype($tmpvar, $type);
#if ($type == 'string') {
if ($type == 'string' && !$allow_js) {
$tmpvar = preg_replace("/<script[^>]*?>.*?<\\/script>/i", "", $tmpvar);
}
if ($type == 'string' && !$html) {
$tmpvar = strip_tags($tmpvar, ALM_ALLOW_TAGS);
}
<?php
if (preg_match("/(?!')'(\\s*?);/", $sqlcmd)) {
error_log(date("[D M d H:i:s Y]") . " Query invalido. " . $sqlcmd . "\n");
return false;
}
$result = almdata::query($sqlcmd);
$this->check_error($sqlcmd, $sqlcmd);
function performTests()
{
global $failed, $test_output, $action, $admin_db_failed, $public_db_failed, $admin_dsn, $public_dsn, $smarty, $global_dd, $alm_connect;
$failed = false;
$red = '<font color="red">FALLÓ</font>';
$green = '<font color="green">PASÓ</font>';
# Old versions don't use admin_dsn public_dsn but simply a DSN constant
if (!isset($admin_dsn)) {
$admin_dsn = DSN;
}
if (!isset($public_dsn)) {
$public_dsn = DSN;
}
$test_output .= "Probando conexion a base de datos (public)... ";
unset($alm_connect[$public_dsn]);
$db = almdata::connect($public_dsn);
if (almdata::basicError($db, $public_dsn) || !$alm_connect[$public_dsn]) {
$error_msg = almdata::basicError($db, $public_dsn);
$test_output .= "{$red} <i>{$error_msg}</i><br/>";
$failed = true;
$public_db_failed = true;
} else {
$test_output .= "{$green}<br/>";
}
# Check admin connection last, so that we stay admin...
$test_output = "Probando conexion a base de datos (admin)... ";
unset($alm_connect[$admin_dsn]);
$db = almdata::connect($admin_dsn);
if (almdata::basicError($db, $admin_dsn) || !$alm_connect[$admin_dsn]) {
$error_msg = almdata::basicError($db, $admin_dsn);
$test_output .= "{$red} <i>{$error_msg}</i><br/>";
$failed = true;
$admin_db_failed = true;
} else {
$test_output .= "{$green}<br/>";
}
$test_output .= "Probando configuracion de PHP... ";
if (get_cfg_var('short_open_tag') != 1) {
$test_output .= "{$red} <i>short_open_tag = " . get_cfg_var('short_open_tag') . "</i><br/>";
$failed = true;
} else {
$test_output .= "{$green}<br/>";
}
$test_output .= "Probando permisos de directorios... ";
if (checkPerms($smarty->compile_dir) !== true) {
$test_output .= "{$red} <i> {$smarty->compile_dir} = " . checkPerms($smarty->compile_dir) . "</i><br/>";
}
if (checkPerms($smarty->cache_dir) !== true) {
$test_output .= "{$red} <i> {$smarty->cache_dir} = " . checkPerms($smarty->cache_dir) . "</i><br/>";
}
$logs_dir = ROOTDIR . '/logs';
if (checkPerms($logs_dir) !== true) {
$test_output .= "{$red} <i> {$logs_dir} = " . checkPerms($logs_dir) . "</i><br/>";
}
$files_dir = ROOTDIR . '/files';
if (checkPerms($files_dir) !== true) {
$test_output .= "{$red} <i> {$files_dir} = " . checkPerms($files_dir) . "</i><br/>";
}
if (checkPerms($smarty->compile_dir) === true && checkPerms($smarty->cache_dir) === true) {
$test_output .= "{$green}<br/>";
} else {
$failed = true;
}
$test_output .= "Dónde está almidón? ";
if (defined('ALMIDONDIR')) {
$test_output .= '<font color="green">' . ALMIDONDIR . '</font><br/>';
} else {
$failed = true;
$test_output .= $red;
}
$test_output .= "BD Almidonizada? ";
list($type, $tmp) = preg_split('/:\\/\\//', $admin_dsn);
if ($type == 'pgsql') {
$sqlcmd = "SELECT relname FROM pg_class WHERE pg_class.relkind = 'r' AND pg_class.relname LIKE 'alm_%'";
} elseif ($type == 'mysql') {
$sqlcmd = "SHOW TABLES LIKE 'alm_%';";
}
$data = new Data();
$var = @$data->getList($sqlcmd);
if (count($var) >= 5) {
$test_output .= '<font color="green">' . print_r($var, 1) . '</font>';
} else {
#$failed = true;
$test_output .= $red;
}
if ($failed) {
$action = 'failed';
$test_output .= '<br/><br/><font color="red">Por favor corregir antes de continuar con la instalación</font>';
}
}
/**
* "escapea" una cadena para poder usarla de manera segura en comando sql
* @param string $var cadena a "escapear"
* @return string escaped string, lista para usar en sql
*/
function escape($var)
{
return almdata::escape($var);
}