function check_user($user, $pass) { global $emergency_password, $admin_dsn; if (!isset($admin_dsn)) { if (defined('DSN')) { $admin_dsn = DSN; } else { die('No DSN nor admin_dsn, check config.php'); } } $alm_user = new alm_userTable(); $pass = md5($alm_user->escape($pass)); $alm_user->readEnv(); $alm_user_data = @$alm_user->readDataFilter("idalm_user='******' AND password='******'"); if (almdata::basicError($alm_user->data, $admin_dsn) && $pass === $emergency_password) { $_SESSION['idalm_user'] = '******'; $_SESSION['alm_user'] = '******'; return true; } elseif (is_array($alm_user_data)) { //Cargar Credenciales $_SESSION['credentials'] = get_credentials($alm_user_data[0]['idalm_user']); $_SESSION['idalm_role'] = $alm_user_data[0]['idalm_role']; $_SESSION['idalm_user'] = $alm_user_data[0]['idalm_user']; $_SESSION['alm_user'] = $alm_user_data[0]['alm_user']; return true; } else { return false; } }
} if (!isset($global_dd[$campo]['name'])) { $global_dd[$campo]['name'] = null; } $sql_fix .= "ALTER TABLE {$data->name} ADD COLUMN " . genColumnSQL($data->dd[$campo], $dbtype, $global_dd[$campo]['name'] === $data->key) . ";\n"; } } } } else { $tables_output .= "{$green}<br/>"; } } break; case 'exec': if (isset($_REQUEST['sqlcmd'])) { $sqlcmd = almdata::escape($_REQUEST['sqlcmd']); } else { $sqlcmd = ''; } if (!isset($_REQUEST['fix'])) { $output .= '<form><input type="hidden" name="action" value="exec"/><textarea name="sqlcmd" cols="80">' . $sqlcmd . '</textarea><br/><input type="submit" value="Ejecutar SQL"></form>'; } else { $output .= "SQL Aplicado: " . $sqlcmd; } if ($sqlcmd) { $data = new Data(); $data->execSql($sqlcmd); $sqldata = $data->getArray(); $output .= "<pre>" . print_r($sqldata, 1) . "</pre>"; } break;
$sql_fix = ''; if (almdata::isError($this->data)) { #$existe = $this->catalogTableExists($this->name); $sqlcmd = "SELECT * FROM {$this->name} LIMIT 1"; @$this->execSql($sqlcmd); if (almdata::isError($this->data)) { $sql_fix = genSQL($this->name); $this->execSql($sql_fix); echo "AUTO SQL {$sql_fix}<br/>\n"; } else { $campos = preg_split('/,/', $this->table_fields); foreach ($campos as $campo) { #$existe = $this->catalogColumnExists($campo['name']); $sqlcmd = "SELECT {$campo} FROM {$this->name} LIMIT 1"; @$this->execSql($sqlcmd); if (almdata::isError($this->data)) { list($tmp, $campo) = preg_split('/\\./', $campo); $size = isset($this->dd[$campo]['size']) && $this->dd[$campo]['size'] > 0 ? '(' . $this->dd[$campo]['size'] . ')' : ''; if (!isset($this->key)) { $this->key = false; } if (!isset($global_dd[$campo])) { $global_dd[$campo] = null; } if (!isset($global_dd[$campo]['name'])) { $global_dd[$campo]['name'] = null; } $sql_fix = "ALTER TABLE {$this->name} ADD COLUMN " . genColumnSQL($this->dd[$campo], $dbtype, $global_dd[$campo]['name'] === $this->key) . "; "; $this->execSql($sql_fix); echo "AUTO SQL {$sql_fix}<br/>\n"; }
break; case 'bool': case 'boolean': $value = isset($this->request[$column['name']]) ? $this->request[$column['name']] : '0'; $value = !$value || $value == 'false' || $value == '0' ? '0' : '1'; $values .= $column['name'] . "=" . "'" . $value . "'"; break; case 'date': case 'datenull': $value = $this->request[$column['name']]; if (isset($value) && $value != '0-00-0') { $value = almdata::escape($this->request[$column['name']]); $values .= $column['name'] . "= '" . $value . "'"; } else { $values .= $column['name'] . "=NULL"; } break; default: if (isset($this->request[$column['name']])) { $value = $this->escaped ? $this->request[$column['name']] : almdata::escape($this->request[$column['name']]); $values .= $column['name'] . "=" . "'" . $value . "'"; } else { $values .= $column['name'] . "=NULL"; } break; } $n++; if ($maxcols && $n + $skipped_cols >= $maxcols) { break; } }
<?php $this->execSql($sqlcmd); for ($i = 0; $i < $this->num; $i++) { $row = almdata::fetchRow(null, false); $array_rows[] = $row[0]; }
<?php global $DSN; // FIXME: hay una variable DSN? o esto es para algun backward-compatibility? if ($DSN) { $this->database = almdata::connect($DSN); } else { $this->database = almdata::connect(DSN); } $this->num = 0; $this->cols = 0; $this->max = MAXROWS; $this->current_pg = isset($_REQUEST['pg']) ? (int) $_REQUEST['pg'] : '1';
<?php # function check_error($sqlcmd, $extra = '', $die = false) { if (almdata::isError($sqlcmd)) { $error_msg = $this->errors[md5($sqlcmd)]; if ($extra) { $error_msg .= " -- " . $extra; } $error_msg .= " -- " . $_SERVER['SCRIPT_NAME']; if (DEBUG === true) { print '<table bgcolor="red"><tr><td>'; trigger_error(htmlentities($error_msg) . "<br/>\n"); print '</td></tr></table>'; } error_log(date("[D M d H:i:s Y]") . " Error: " . $error_msg . "\n"); if ($die) { die; } } elseif (ALM_SQL_DEBUG !== false && $extra) { $this->sql_log($extra); }
<?php if ($cache === true && file_exists($this->filecache) && time() - filemtime($this->filecache) <= ALM_CACHE_TIME) { $array_rows = unserialize(file_get_contents($this->filecache)); } else { for ($i = 0; $i < $this->num; $i++) { $row = almdata::fetchRow($this->data); if (isset($row[$this->key])) { if ($row[$this->key] == $this->current_id) { $this->current_record = $row; } } if ($this->html) { foreach ($row as $key => $val) { $row[$key] = htmlentities($val, ENT_COMPAT, 'UTF-8'); } } $array_rows[] = $row; } if (isset($array_rows) && $cache === true) { file_put_contents($this->filecache, serialize($array_rows)); } }
if (!isset($id)) { foreach ($this->keys as $key => $val) { $id[] = null; } } foreach ($id as $key => $val) { if (empty($val)) { $val = $this->request[$this->keys[$key]]; } $keyfilter[] = $this->keys[$key] . " = '{$val}'"; } $filter = join(' AND ', $keyfilter); # Borra imagenes o archivos relacionados a este registro $getfiles = $this->getFiles(); if (!empty($getfiles)) { $tmp = $this->readRecord($id); foreach ($getfiles as $val) { if (!empty($tmp[$val])) { # CDN? Remove object if (isset($this->dd[$val]['extra']['cdn']) && $this->dd[$val]['extra']['cdn'] === true) { $cloudfiles = almdata::cdn_connect(); $cloudfiles->delete_object($tmp[$val]); } else { unlink(ROOTDIR . '/files/' . $this->name . '/' . $tmp[$val]); } } } } # Borra registro en base de datos $sqlcmd = "DELETE FROM {$this->name} WHERE {$filter}"; $result = $this->query($sqlcmd);
<?php //FIXME: Solo usa la primera llave, qué pasa con tablas que usan más de una llave? if (!$sqlcmd) { $key = $this->keys[0]; if (isset($this->dd[$this->name])) { $sqlcmd = "SELECT {$key}, {$this->name} FROM {$this->name} _WHERE_ ORDER BY {$this->name}.{$this->name}"; } else { $sqlcmd = "SELECT {$key}, {$key} AS {$this->name} FROM {$this->name} _WHERE_ ORDER BY {$this->name}"; } } /* $sqlcmd no contiene comando sql sino nombre de la tabla !?! */ global $global_dd; if (!preg_match("/^SELECT/", $sqlcmd)) { $table = $sqlcmd; $id = $global_dd[$table]['keys'][0]; $descriptor = $global_dd[$table]['descriptor']; $sqlcmd = "SELECT {$id}, {$descriptor} FROM {$sqlcmd} _WHERE_ ORDER BY {$descriptor}"; } if ($filter) { $sqlcmd = preg_replace('/_WHERE_/ ', "WHERE {$filter}", $sqlcmd); } else { $sqlcmd = preg_replace('/_WHERE_/ ', '', $sqlcmd); } $result = $this->query($sqlcmd); $num = almdata::rows($result); $menu = array(); for ($i = 0; $i < $num; $i++) { $r = almdata::fetchRow($result, false); $menu[$r[0]] = $r[1]; }
/** * obtiene el ultimo error del db server, distintos comandos para cada db server * @param string $data FIXME: que es esto? * @param string $dsn dsn de conexion a db server * @return string conteniendo el ultimo error (last_error) * FIXME: por que hacer switch(dbtype) aqui? */ function basicError($data = null, $dsn) { list($dbtype, $dbname, $host, $username, $pass) = almdata::parseDSN($dsn); switch ($dbtype) { case 'pgsql': $error = @pg_last_error(); break; case 'sqlite': $error = @sqlite_last_error(); break; case 'mysql': $error = @mysql_error(); break; default: $error = null; } return $error; }
<?php if ($this->database) { $tmpvar = almdata::escape($tmpvar); } switch ($type) { case 'varchar': $type = 'string'; break; case 'numeric': $tmpvar = number_format((double) str_replace(',', '', $tmpvar), 2, '.', ''); $type = 'float'; break; case 'int': case 'smallint': case 'serial': $tmpvar = (int) str_replace(',', '', $tmpvar); $type = 'int'; break; default: $type = 'string'; } settype($tmpvar, $type); #if ($type == 'string') { if ($type == 'string' && !$allow_js) { $tmpvar = preg_replace("/<script[^>]*?>.*?<\\/script>/i", "", $tmpvar); } if ($type == 'string' && !$html) { $tmpvar = strip_tags($tmpvar, ALM_ALLOW_TAGS); }
<?php if (preg_match("/(?!')'(\\s*?);/", $sqlcmd)) { error_log(date("[D M d H:i:s Y]") . " Query invalido. " . $sqlcmd . "\n"); return false; } $result = almdata::query($sqlcmd); $this->check_error($sqlcmd, $sqlcmd);
function performTests() { global $failed, $test_output, $action, $admin_db_failed, $public_db_failed, $admin_dsn, $public_dsn, $smarty, $global_dd, $alm_connect; $failed = false; $red = '<font color="red">FALLÓ</font>'; $green = '<font color="green">PASÓ</font>'; # Old versions don't use admin_dsn public_dsn but simply a DSN constant if (!isset($admin_dsn)) { $admin_dsn = DSN; } if (!isset($public_dsn)) { $public_dsn = DSN; } $test_output .= "Probando conexion a base de datos (public)... "; unset($alm_connect[$public_dsn]); $db = almdata::connect($public_dsn); if (almdata::basicError($db, $public_dsn) || !$alm_connect[$public_dsn]) { $error_msg = almdata::basicError($db, $public_dsn); $test_output .= "{$red} <i>{$error_msg}</i><br/>"; $failed = true; $public_db_failed = true; } else { $test_output .= "{$green}<br/>"; } # Check admin connection last, so that we stay admin... $test_output = "Probando conexion a base de datos (admin)... "; unset($alm_connect[$admin_dsn]); $db = almdata::connect($admin_dsn); if (almdata::basicError($db, $admin_dsn) || !$alm_connect[$admin_dsn]) { $error_msg = almdata::basicError($db, $admin_dsn); $test_output .= "{$red} <i>{$error_msg}</i><br/>"; $failed = true; $admin_db_failed = true; } else { $test_output .= "{$green}<br/>"; } $test_output .= "Probando configuracion de PHP... "; if (get_cfg_var('short_open_tag') != 1) { $test_output .= "{$red} <i>short_open_tag = " . get_cfg_var('short_open_tag') . "</i><br/>"; $failed = true; } else { $test_output .= "{$green}<br/>"; } $test_output .= "Probando permisos de directorios... "; if (checkPerms($smarty->compile_dir) !== true) { $test_output .= "{$red} <i> {$smarty->compile_dir} = " . checkPerms($smarty->compile_dir) . "</i><br/>"; } if (checkPerms($smarty->cache_dir) !== true) { $test_output .= "{$red} <i> {$smarty->cache_dir} = " . checkPerms($smarty->cache_dir) . "</i><br/>"; } $logs_dir = ROOTDIR . '/logs'; if (checkPerms($logs_dir) !== true) { $test_output .= "{$red} <i> {$logs_dir} = " . checkPerms($logs_dir) . "</i><br/>"; } $files_dir = ROOTDIR . '/files'; if (checkPerms($files_dir) !== true) { $test_output .= "{$red} <i> {$files_dir} = " . checkPerms($files_dir) . "</i><br/>"; } if (checkPerms($smarty->compile_dir) === true && checkPerms($smarty->cache_dir) === true) { $test_output .= "{$green}<br/>"; } else { $failed = true; } $test_output .= "Dónde está almidón? "; if (defined('ALMIDONDIR')) { $test_output .= '<font color="green">' . ALMIDONDIR . '</font><br/>'; } else { $failed = true; $test_output .= $red; } $test_output .= "BD Almidonizada? "; list($type, $tmp) = preg_split('/:\\/\\//', $admin_dsn); if ($type == 'pgsql') { $sqlcmd = "SELECT relname FROM pg_class WHERE pg_class.relkind = 'r' AND pg_class.relname LIKE 'alm_%'"; } elseif ($type == 'mysql') { $sqlcmd = "SHOW TABLES LIKE 'alm_%';"; } $data = new Data(); $var = @$data->getList($sqlcmd); if (count($var) >= 5) { $test_output .= '<font color="green">' . print_r($var, 1) . '</font>'; } else { #$failed = true; $test_output .= $red; } if ($failed) { $action = 'failed'; $test_output .= '<br/><br/><font color="red">Por favor corregir antes de continuar con la instalación</font>'; } }
/** * "escapea" una cadena para poder usarla de manera segura en comando sql * @param string $var cadena a "escapear" * @return string escaped string, lista para usar en sql */ function escape($var) { return almdata::escape($var); }