// $Id: collecte_selection.inc.php,v 1.5 2009-05-16 11:12:02 dbellamy Exp $ if (stristr($_SERVER['REQUEST_URI'], ".inc.php")) { die("no access"); } if ($idemprcaddie) { $myCart = new empr_caddie($idemprcaddie); print aff_empr_cart_titre($myCart); $droit = verif_droit_proc_empr_caddie($id); switch ($action) { case 'form_proc': $hp = new parameters($id, "empr_caddie_procs"); $hp->gen_form("./circ.php?categ=caddie&sub=gestion&quoi=selection&moyen=selection&action=add_item&idemprcaddie={$idemprcaddie}&id={$id}"); break; case 'add_item': if ($droit) { $hp = new parameters($id, "empr_caddie_procs"); $hp->get_final_query(); echo "<hr />" . $hp->final_query . "<hr />"; $line = pmb_split("\n", $hp->final_query); $nb_element_avant = $myCart->nb_item; while (list($cle, $valeur) = each($line)) { if ($valeur != '') { if (pmb_strtolower(pmb_substr($valeur, 0, 6)) == "select" || pmb_strtolower(pmb_substr($valeur, 0, 6)) == "create") { } else { echo pmb_substr($valeur, 0, 6); error_message_history($msg['caddie_action_invalid_query'], $msg['requete_selection'], 1); exit; } $result_selection = mysql_query($valeur, $dbh); if (!$result_selection) { error_message_history($msg['caddie_action_invalid_query'], $msg['requete_echouee'] . mysql_error(), 1);
//********************************************************************************/ // récupérer ici la procédure à lancer $sql = $row[2]; //$proc_notice_tpl=$row[4]; $proc_notice_tpl_field = $row[5]; if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters) && $form_type == "") { $hp = new parameters($id_proc, "procs"); $hp->gen_form("edit.php?categ=procs&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec); } else { $param_hidden = ""; if ($force_exec) { $param_hidden .= "<input type='hidden' name='force_exec' value='" . $force_exec . "' />"; //On a forcé la requete } if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters)) { $hp = new parameters($id_proc, "procs"); $hp->get_final_query(); $sql = $hp->final_query; $param_hidden .= $hp->get_hidden_values(); //Je mets les paramêtres en champ caché en cas de forçage $param_hidden .= "<input type='hidden' name='form_type' value='gen_form' />"; //Je mets le marqueur des paramêtres en champ caché en cas de forçage } if ($dest != "TABLEAU" && $dest != "TABLEAUHTML" && $dest != "TABLEAUCSV") { print "<form class=\"form-edit\" id=\"formulaire\" name=\"formulaire\" action='./edit.php?categ=procs&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec . "' method=\"post\">"; print "<input type='button' class='bouton' value='" . htmlentities($msg[654], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=procs\";this.form.submit();'/>"; if (!explain_requete($sql) && SESSrights & EDIT_FORCING_AUTH && !$force_exec) { print $param_hidden; print "<input type='button' id='procs_button_exec' class='bouton' value='" . htmlentities($msg["procs_force_exec"], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=procs&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=1\";this.form.submit();' />"; } else { print "<input type='submit' id='procs_button_exec' class='bouton' value='" . htmlentities($msg[708], ENT_QUOTES, $charset) . "'/>";
function show_results_stats($id_proc = 0) { global $msg, $dbh, $form_type, $categ, $numero_page, $limite_page, $sub, $charset; global $dest, $pmb_set_time_limit, $force_exec, $erreur_explain_rqt, $nombre_lignes_total; @set_time_limit($pmb_set_time_limit); //Récupération des variables postées, on en aura besoin pour les liens $page = $_SERVER[SCRIPT_NAME]; $requete = "SELECT idproc, name, requete, comment, num_vue FROM statopac_request where idproc='" . $id_proc . "' "; $res = mysql_query($requete, $dbh); $row = mysql_fetch_row($res); //Requete et calcul du nombre de pages à afficher selon la taille de la base 'pret' //********************************************************************************/ // récupérer ici la procédure à lancer $sql = $row[2]; $sql = str_replace("VUE()", "statopac_vue_{$row['4']}", $sql); if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters) && $form_type == "") { $hp = new parameters($id_proc, "statopac_request"); $hp->gen_form("edit.php?categ=stat_opac&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec); } else { $param_hidden = ""; if ($force_exec) { $param_hidden .= "<input type='hidden' name='force_exec' value='" . $force_exec . "' />"; //On a forcé la requete } if (preg_match_all("|!!(.*)!!|U", $sql, $query_parameters)) { $hp = new parameters($id_proc, "statopac_request"); $hp->get_final_query(); $sql = $hp->final_query; $param_hidden .= $hp->get_hidden_values(); //Je mets les paramêtres en champ caché en cas de forçage $param_hidden .= "<input type='hidden' name='form_type' value='gen_form' />"; //Je mets le marqueur des paramêtres en champ caché en cas de forçage } $sql = str_replace("VUE()", "statopac_vue_{$row['4']}", $sql); if ($dest != "TABLEAU" && $dest != "TABLEAUHTML" && $dest != "TABLEAUCSV") { print "<form class=\"form-edit\" id=\"formulaire\" name=\"formulaire\" action='./edit.php?categ=stat_opac&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=" . $force_exec . "' method=\"post\">"; print "<input type='button' class='bouton' value='" . htmlentities($msg[654], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=stat_opac\";this.form.submit();' />"; if (!explain_requete($sql) && SESSrights & EDIT_FORCING_AUTH && !$force_exec) { print $param_hidden; print "<input type='button' id='procs_button_exec' class='bouton' value='" . htmlentities($msg["procs_force_exec"], ENT_QUOTES, $charset) . "' onClick='this.form.action=\"./edit.php?categ=stat_opac&sub=&action=execute&id_proc=" . $id_proc . "&force_exec=1\";this.form.submit();' />"; } else { print "<input type='submit' id='procs_button_exec' class='bouton' value='" . htmlentities($msg[708], ENT_QUOTES, $charset) . "'/>"; } print "<br />"; print "</form>"; // la procédure n'a pas de parm ou les paramètres ont été reçus if (!explain_requete($sql) && !(SESSrights & EDIT_FORCING_AUTH && $force_exec)) { die("<br /><br />" . $sql . "<br /><br />" . htmlentities($msg["proc_param_explain_failed"], ENT_QUOTES, $charset) . "<br /><br />" . $erreur_explain_rqt); } } $req_nombre_lignes = ""; if (!$nombre_lignes_total) { $req_nombre_lignes = mysql_query($sql); if (!$req_nombre_lignes) { die($sql . "<br /><br />" . mysql_error()); } $nombre_lignes_total = mysql_num_rows($req_nombre_lignes); } $param_hidden .= "<input type='hidden' name='nombre_lignes_total' value='" . $nombre_lignes_total . "' />"; //Je garde le nombre de ligne total pour le pas refaire la requête à la page suivante //Si aucune limite_page n'a été passée, valeur par défaut : 10 if (!$limite_page) { $limite_page = 10; } $nbpages = $nombre_lignes_total / $limite_page; // on arondi le nombre de page pour ne pas avoir de virgules, ici au chiffre supérieur $nbpages_arrondi = ceil($nbpages); // on enlève 1 au nombre de pages, car la 1ere page affichée ne fait pas partie des pages suivantes $nbpages_arrondi = $nbpages_arrondi - 1; if (!$numero_page) { $numero_page = 0; } $limite_mysql = $limite_page * $numero_page; //REINITIALISATION DE LA REQUETE SQL switch ($dest) { case "TABLEAU": case "TABLEAUHTML": case "TABLEAUCSV": if (!$req_nombre_lignes) { $res = @mysql_query($sql, $dbh) or die($sql . "<br /><br />" . mysql_error()); } else { $res = $req_nombre_lignes; } break; default: echo "<h1>" . htmlentities($msg["opac_admin_menu"], ENT_QUOTES, $charset) . " : " . htmlentities($msg["stat_opac_menu"], ENT_QUOTES, $charset) . "</h1>"; echo "<h1>" . htmlentities($row[1], ENT_QUOTES, $charset) . "</h1><h2>" . htmlentities($row[3], ENT_QUOTES, $charset) . "</h2>"; $sql = $sql . " LIMIT " . $limite_mysql . ", " . $limite_page; // on execute la requete avec les bonnes limites $res = @mysql_query($sql, $dbh) or die($sql . "<br /><br />" . mysql_error()); echo "<p>"; break; } $nbr_lignes = @mysql_num_rows($res); $nbr_champs = @mysql_num_fields($res); if ($nbr_lignes) { switch ($dest) { case "TABLEAU": $fichier_temp_nom = tempnam(sys_get_temp_dir(), $fichier_temp_nom); $workbook = new writeexcel_workbook($fichier_temp_nom); $worksheet =& $workbook->addworksheet(); $worksheet->write(0, 0, $row[1]); $worksheet->write(0, 1, $row[3]); for ($i = 0; $i < $nbr_champs; $i++) { // entête de colonnes $fieldname = mysql_field_name($res, $i); $worksheet->write(2, $i, ${fieldname}); } for ($i = 0; $i < $nbr_lignes; $i++) { $row = mysql_fetch_row($res); $j = 0; foreach ($row as $dummykey => $col) { if (is_numeric($col) && preg_match("/^0/", $col)) { $col = "'" . $col; } if (trim($col) == '') { $col = " "; } $worksheet->write($i + 3, $j, $col); $j++; } } $workbook->close(); $fh = fopen($fichier_temp_nom, "rb"); fpassthru($fh); unlink($fichier_temp_nom); break; case "TABLEAUHTML": echo "<h1>{$row['1']}</h1><h2>{$row['3']}</h2>{$sql}<br/>"; echo "<table>"; for ($i = 0; $i < $nbr_champs; $i++) { $fieldname = mysql_field_name($res, $i); print "<th align='left'>{$fieldname}</th>"; } for ($i = 0; $i < $nbr_lignes; $i++) { $row = mysql_fetch_row($res); echo "<tr>"; foreach ($row as $dummykey => $col) { /*if (is_numeric($col)){ $col = "'".$col ; }*/ if (trim($col) == '') { $col = " "; } print '<td>' . $col . '</td>'; } echo "</tr>"; } echo "</table>"; break; case "TABLEAUCSV": for ($i = 0; $i < $nbr_champs; $i++) { $fieldname = mysql_field_name($res, $i); print "{$fieldname}\t"; } for ($i = 0; $i < $nbr_lignes; $i++) { $row = mysql_fetch_row($res); echo "\n"; foreach ($row as $dummykey => $col) { /* if (is_numeric($col)) { $col = "\"'".(string)$col."\"" ; } */ print "{$col}\t"; } } break; default: echo "<table>"; for ($i = 0; $i < $nbr_champs; $i++) { $fieldname = mysql_field_name($res, $i); print "<th align='left'>{$fieldname}</th>"; } $odd_even = 0; for ($i = 0; $i < $nbr_lignes; $i++) { $row = mysql_fetch_row($res); if ($odd_even == 0) { echo "\t<tr class='odd'>"; $odd_even = 1; } elseif ($odd_even == 1) { echo "\t<tr class='even'>"; $odd_even = 0; } foreach ($row as $dummykey => $col) { if (trim($col) == '') { $col = " "; } print '<td>' . $col . '</td>'; } echo "</tr>"; } echo "</table><hr>"; echo "<p align=left size='-3' class='pn-normal'>\n\t\t\t\t\t<form name='navbar' class='form-edit' action='{$page}' method='post'>"; echo "\n\t\t\t\t\t<input type='hidden' name='numero_page' value='{$numero_page}' />\n\t\t\t\t\t<input type='hidden' name='id_proc' value='{$id_proc}' />\n\t\t\t\t\t<input type='hidden' name='categ' value='{$categ}' />\n\t\t\t\t\t<input type='hidden' name='sub' value='{$sub}' />"; print $param_hidden; // LIENS PAGE SUIVANTE et PAGE PRECEDENTE // si le nombre de page n'est pas 0 et si la variable numero_page n'est pas définie // dans cette condition, la variable numero_page est incrémenté et est inférieure à $nombre // constitution des liens $suivante = $numero_page + 1; $precedente = $numero_page - 1; // affichage du lien précédent si nécéssaire if ($precedente >= 0) { $nav_bar .= "<img src='./images/left.gif' border='0' title='{$msg['48']}' alt='[{$msg['48']}]' hspace='3' align='bottom' onClick=\"document.navbar.dest.value='';document.navbar.numero_page.value='{$precedente}'; document.navbar.limite_page.value='{$limite_page}'; document.navbar.submit(); \"/>"; } for ($i = 0; $i <= $nbpages_arrondi; $i++) { if ($i == $numero_page) { $nav_bar .= "<strong>" . ($i + 1) . "/" . ($nbpages_arrondi + 1) . "</strong>"; } } if ($suivante <= $nbpages_arrondi) { $nav_bar .= "<img src='./images/right.gif' border='0' title='{$msg['49']}' alt='[{$msg['49']}]' hspace='3' align='bottom' onClick=\"document.navbar.dest.value='';document.navbar.numero_page.value='{$suivante}'; document.navbar.limite_page.value='{$limite_page}'; document.navbar.submit(); \" />"; } echo $nav_bar; echo "\n\t\t\t\t\t<input type='hidden' name='dest' value='' />\n\t\t\t\t\t{$msg['edit_cbgen_mep_afficher']} <input type='text' name='limite_page' value='{$limite_page}' class='saisie-5em' /> {$msg['1905']}\n\t\t\t\t\t<input type='submit' class='bouton' value='" . $msg['actualiser'] . "' onclick=\"this.form.dest.value='';document.navbar.numero_page.value=0;\" /><font size='4'> </font>\n\t\t\t\t\t<input type='image' src='./images/tableur.gif' border='0' onClick=\"this.form.dest.value='TABLEAU';\" alt='Export tableau EXCEL' title='Export tableau EXCEL' /><font size='4'> </font>\n\t\t\t\t\t<input type='image' src='./images/tableur_html.gif' border='0' onClick=\"this.form.dest.value='TABLEAUHTML';\" alt='Export tableau HTML' title='Export tableau HTML' />\n\t\t\t\t\t</form></p>"; break; } } else { echo $msg["etatperso_aucuneligne"]; } mysql_free_result($res); } }
function executeProc($procedure, $idProc, $tparams) { global $msg, $dbh, $PMBuserid; global $pmb_procedure_server_credentials, $pmb_procedure_server_address; if (SESSrights & ADMINISTRATION_AUTH) { $name = ""; $report = ""; if ($tparams) { foreach ($tparams as $aparam => $vparam) { global ${$aparam}; ${$aparam} = $vparam; } } switch ($procedure) { case INTERNAL: $hp = new parameters($idProc, "procs"); $hp->get_final_query(); $code_sql = $hp->final_query; $autorisations = $hp->proc->autorisations; break; case EXTERNAL: $pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials); if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) { $aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1])); $procedure = $aremote_procedure_client->get_proc($idProc, "AP"); $the_procedure = $procedure["procedure"]; if ($procedure["error_message"]) { $report = htmlentities($msg["remote_procedures_error_server"], ENT_QUOTES, $charset) . ":<br><i>" . $procedure["error_message"] . "</i>"; $result = array("name" => $the_procedure->name, "report" => $report); return $result; } else { if ($the_procedure->params && $the_procedure->params != "NULL") { $sql = "CREATE TEMPORARY TABLE remote_proc LIKE procs"; mysql_query($sql, $dbh) or die(mysql_error()); $sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . mysql_escape_string($the_procedure->name) . "', '" . mysql_escape_string($the_procedure->sql) . "', '" . mysql_escape_string($the_procedure->comment) . "', '', '" . mysql_escape_string($the_procedure->params) . "', 0)"; mysql_query($sql, $dbh) or die(mysql_error()); $idproc = mysql_insert_id($dbh); $hp = new parameters($idproc, "remote_proc"); $hp->get_final_query(); $the_procedure->sql = $hp->final_query; $name = $the_procedure->name; $code_sql = $the_procedure->sql; $commentaire = $the_procedure->comment; } } } break; } $linetemp = explode(";", $code_sql); if ($autorisations) { $temp_autorisation = explode(" ", $autorisations); } $allow = false; if ($temp_autorisation) { foreach ($temp_autorisation as $userid) { if ($userid == $PMBuserid) { $allow = true; } } if (!$allow) { $report = $msg["11"]; // throw new Exception($message, $code); $result = array("name" => $name, "report" => $report); return $result; } } for ($i = 0; $i < count($linetemp); $i++) { if (trim($linetemp[$i])) { $line[] = trim($linetemp[$i]); } } while (list($cle, $valeur) = each($line)) { if ($valeur) { // traitement des paramètres // traitement tri des colonnes if ($sortfield != "") { // on cherche à trier sur le champ $trifield // compose la chaîne de tri $tri = $sortfield; if ($desc == 1) { $tri .= " DESC"; } else { $tri .= " ASC"; } // on enlève les doubles espaces dans la procédure $valeur = ereg_replace("/\\s+/", " ", $valeur); // supprime un éventuel ; à la fin de la requête $valeur = ereg_replace("/;\$/", "", $valeur); // on recherche la première occurence de ORDER BY $s = stristr($valeur, "order by"); if ($s) { // y'a déjà une clause order by... moins facile... // il faut qu'on sache si on aura besoin de mettre une virgule ou pas if (ereg(",", $s)) { $virgule = true; } else { if (!ereg("{$sortfield}", $s)) { $virgule = true; } else { $virgule = false; } } if ($virgule) { $tri .= ", "; } // regarde si le champ est déjà dans la liste des champs à trier et le remplace si besoin $new_s = preg_replace("/{$sortfield}, /", "", $s); $new_s = preg_replace("/{$sortfield}/", "", $new_s); // ajoute la clause order by correcte $new_s = preg_replace("/order\\s+by\\s+/i", "order by {$tri}", $new_s); // replace l'ancienne chaîne par la nouvelle $valeur = str_replace($s, $new_s, $valeur); } else { $valeur .= " order by {$tri}"; } } $report .= "<strong>" . $msg["procs_ligne"] . " {$cle} </strong>: {$valeur}<br /><br />"; if (explain_requete($valeur)) { $res = @mysql_query($valeur, $dbh); $report .= mysql_error(); $nbr_lignes = @mysql_num_rows($res); $nbr_champs = @mysql_num_fields($res); if ($nbr_lignes) { $report .= "<table >"; for ($i = 0; $i < $nbr_champs; $i++) { $fieldname = mysql_field_name($res, $i); $report .= "<th>{$fieldname}</th>"; } for ($i = 0; $i < $nbr_lignes; $i++) { $row = mysql_fetch_row($res); $report .= "<tr>"; foreach ($row as $dummykey => $col) { if (trim($col) == '') { $col = ' '; } $report .= '<td >' . $col . '</td>'; } $report .= "</tr>"; } $report .= "</table><hr />"; $report .= "<font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . mysql_affected_rows($dbh) . "</font>"; } else { $report .= "<br /><font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . mysql_affected_rows($dbh); $err = mysql_error($dbh); if ($err) { $report .= "<br />{$err}"; } $report .= "</font><hr />"; } } else { // erreur explain_requete $report .= $valeur . "<br /><br />" . $msg["proc_param_explain_failed"] . "<br /><br />" . $erreur_explain_rqt; } } } // fin while $result = array("name" => $name, "report" => $report); return $result; } return array(); }
function make_serialized_task_params() { global $dbh, $type_proc, $form_procs, $form_procs_remote; global $pmb_procedure_server_credentials, $pmb_procedure_server_address; $t = parent::make_serialized_task_params(); $t["type_proc"] = stripslashes($type_proc); $t["form_procs"] = stripslashes($form_procs); $t["form_procs_remote"] = stripslashes($form_procs_remote); if ($form_procs) { $hp = new parameters($form_procs, "procs"); $t["envt"] = $hp->make_serialized_parameters_params(); } else { if ($form_procs_remote) { $id = $form_procs_remote; $pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials); if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) { $aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1])); $procedure = $aremote_procedure_client->get_proc($id, "AP"); if (!$procedure["error_message"]) { $the_procedure = $procedure["procedure"]; if ($the_procedure) { $sql = "CREATE TEMPORARY TABLE remote_proc LIKE procs"; mysql_query($sql, $dbh) or die(mysql_error()); $sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . mysql_escape_string($the_procedure->name) . "', '" . mysql_escape_string($the_procedure->sql) . "', '" . mysql_escape_string($the_procedure->comment) . "', '', '" . mysql_escape_string($the_procedure->params) . "', 0)"; mysql_query($sql, $dbh) or die(mysql_error()); $idproc = mysql_insert_id($dbh); $hp = new parameters($idproc, "remote_proc"); $t["envt"] = $hp->make_serialized_parameters_params(); } } } } } return serialize($t); }
function run_form($id, $dbh) { global $msg; global $charset; global $force_exec; $hp = new parameters($id, "statopac_request"); if (preg_match_all("|!!(.*)!!|U", $hp->proc->requete, $query_parameters)) { $hp->gen_form("admin.php?categ=opac&sub=stat§ion=view_list&act=final&id={$id}" . ($force_exec ? "&force_exec={$force_exec}" : "")); } else { echo "<script>document.location='admin.php?categ=opac&sub=stat§ion=view_list&act=final&id={$id}" . ($force_exec ? "&force_exec={$force_exec}" : "") . "'</script>"; } }
function make_serialized_task_params() { global $dbh, $type_proc, $form_procs, $form_procs_remote; global $tocsv_checked, $tocsv_sep, $tocsv_filepath, $tocsv_enclosure; global $pmb_procedure_server_credentials, $pmb_procedure_server_address; $t = parent::make_serialized_task_params(); $t['type_proc'] = stripslashes($type_proc); $t['form_procs'] = stripslashes($form_procs); $t['form_procs_remote'] = stripslashes($form_procs_remote); $t['tocsv']['checked'] = $tocsv_checked; $t['tocsv']['sep'] = stripslashes($tocsv_sep); $t['tocsv']['filepath'] = stripslashes($tocsv_filepath); $t['tocsv']['enclosure'] = stripslashes($tocsv_enclosure); if ($form_procs) { $hp = new parameters($form_procs, 'procs'); $t['envt'] = $hp->make_serialized_parameters_params(); } else { if ($form_procs_remote) { $id = $form_procs_remote; $pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials); if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) { $aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1])); $procedure = $aremote_procedure_client->get_proc($id, "AP"); if (!$procedure['error_message']) { $the_procedure = $procedure['procedure']; if ($the_procedure) { $sql = "CREATE TEMPORARY TABLE remote_proc LIKE procs"; pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error()); $sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . pmb_mysql_escape_string($the_procedure->name) . "', '" . pmb_mysql_escape_string($the_procedure->sql) . "', '" . pmb_mysql_escape_string($the_procedure->comment) . "', '', '" . pmb_mysql_escape_string($the_procedure->params) . "', 0)"; pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error()); $idproc = pmb_mysql_insert_id($dbh); $hp = new parameters($idproc, "remote_proc"); $t['envt'] = $hp->make_serialized_parameters_params(); } } } } } return serialize($t); }
function run_form($id, $dbh) { global $msg; global $charset; global $force_exec; $hp = new parameters($id, "procs"); if (preg_match_all("|!!(.*)!!|U", $hp->proc->requete, $query_parameters)) { $hp->gen_form("admin.php?categ=proc&sub=proc&action=final&id=" . $id . "&force_exec=" . $force_exec); } else { echo "<script>document.location='admin.php?categ=proc&sub=proc&action=final&id=" . $id . "&force_exec=" . $force_exec . "'</script>"; } }
function run_form($id, $dbh) { global $msg; global $charset; $hp = new parameters($id, "empr_caddie_procs"); if (preg_match_all("|!!(.*)!!|U", $hp->proc->requete, $query_parameters)) { $hp->gen_form("circ.php?categ=caddie&sub=gestion&quoi=procs&action=final&id={$id}"); } else { echo "<script>document.location='circ.php?categ=caddie&sub=gestion&quoi=procs&action=final&id={$id}'</script>"; } }
<?php require_once "controllers/controller.php"; require_once "models/model.php"; // Injection de dépendance, On envoi l'objet modèle au controller. Just for Fun. $myModule = new parameters(new parametersModel()); $myModule->load($_REQUEST);
function executeProc($procedure, $idProc, $tparams) { global $msg, $dbh, $charset, $PMBuserid; global $pmb_procedure_server_credentials, $pmb_procedure_server_address; if (SESSrights & ADMINISTRATION_AUTH) { $name = ''; $report = ''; if ($tparams['envt']) { foreach ($tparams['envt'] as $aparam => $vparam) { global ${$aparam}; ${$aparam} = $vparam; } } switch ($procedure) { case INTERNAL: $hp = new parameters($idProc, 'procs'); $hp->get_final_query(); $code_sql = $hp->final_query; $autorisations = $hp->proc->autorisations; break; case EXTERNAL: $pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials); if ($pmb_procedure_server_address && count($pmb_procedure_server_credentials_exploded) == 2) { $aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1])); $procedure = $aremote_procedure_client->get_proc($idProc, "AP"); $the_procedure = $procedure['procedure']; if ($procedure['error_message']) { $report = htmlentities($msg['remote_procedures_error_server'], ENT_QUOTES, $charset) . ':<br /><i>' . $procedure['error_message'] . '</i>'; $result = array('name' => $the_procedure->name, 'report' => $report); return $result; } else { if ($the_procedure->params && $the_procedure->params != 'NULL') { $sql = 'CREATE TEMPORARY TABLE remote_proc LIKE procs'; pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error()); $sql = "INSERT INTO remote_proc (idproc, name, requete, comment, autorisations, parameters, num_classement) VALUES (0, '" . pmb_mysql_escape_string($the_procedure->name) . "', '" . pmb_mysql_escape_string($the_procedure->sql) . "', '" . pmb_mysql_escape_string($the_procedure->comment) . "', '', '" . pmb_mysql_escape_string($the_procedure->params) . "', 0)"; pmb_mysql_query($sql, $dbh) or die(pmb_mysql_error()); $idproc = pmb_mysql_insert_id($dbh); $hp = new parameters($idproc, 'remote_proc'); $hp->get_final_query(); $the_procedure->sql = $hp->final_query; $name = $the_procedure->name; $code_sql = $the_procedure->sql; $commentaire = $the_procedure->comment; } } } break; } $linetemp = explode(';', $code_sql); if ($autorisations) { $temp_autorisation = explode(' ', $autorisations); } $allow = false; if ($temp_autorisation) { foreach ($temp_autorisation as $userid) { if ($userid == $PMBuserid) { $allow = true; } } if (!$allow) { $report = $msg[11]; // throw new Exception($message, $code); $result = array('name' => $name, 'report' => $report); return $result; } } $line = array(); for ($i = 0; $i < count($linetemp); $i++) { if (trim($linetemp[$i])) { $line[] = trim($linetemp[$i]); } } while (list($cle, $valeur) = each($line)) { if ($valeur) { $report .= "<strong>" . $msg['procs_ligne'] . " {$cle} </strong>: {$valeur}<br /><br />"; $er = explain_requete($valeur); if ($er) { $res = @pmb_mysql_query($valeur, $dbh); $report .= pmb_mysql_error(); $nbr_lignes = @pmb_mysql_num_rows($res); $nbr_champs = @pmb_mysql_num_fields($res); if ($nbr_lignes) { $report .= "<table >"; for ($i = 0; $i < $nbr_champs; $i++) { $fieldname = pmb_mysql_field_name($res, $i); $report .= "<th>{$fieldname}</th>"; } for ($i = 0; $i < $nbr_lignes; $i++) { $row = pmb_mysql_fetch_row($res); $report .= "<tr>"; foreach ($row as $dummykey => $col) { if (trim($col) == '') { $col = ' '; } $report .= '<td >' . $col . '</td>'; } $report .= "</tr>"; } $report .= "</table><hr />"; $report .= "<font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . pmb_mysql_affected_rows($dbh) . "</font>"; } else { $report .= "<br /><font color='#ff0000'>" . $msg['admin_misc_lignes'] . " " . pmb_mysql_affected_rows($dbh); $err = pmb_mysql_error($dbh); if ($err) { $report .= "<br />{$err}"; } $report .= "</font><hr />"; } } else { // erreur explain_requete $report .= $valeur . "<br /><br />" . $msg['proc_param_explain_failed'] . "<br /><br />" . $erreur_explain_rqt; } } } // fin while //Export CSV sur le resultat de la derniere requete if ($er && $nbr_lignes && $tparams['tocsv']['checked'] == '1' && $tparams['tocsv']['filepath']) { if (!$tparams['tocsv']['sep']) { $tparams['tocsv']['sep'] = ','; } $trow = array(); if ($tparams['tocsv']['enclosure']) { for ($i = 0; $i < $nbr_champs; $i++) { $trow[] = addcslashes(pmb_mysql_field_name($res, $i), $tparams['tocsv']['enclosure']); } $row = $tparams['tocsv']['enclosure'] . implode($tparams['tocsv']['enclosure'] . $tparams['tocsv']['sep'] . $tparams['tocsv']['enclosure'], $trow) . $tparams['tocsv']['enclosure'] . "\r\n"; } else { $row = implode($tparams['tocsv']['sep'], $trow) . "\r\n"; } file_put_contents($tparams['tocsv']['filepath'], $row); pmb_mysql_data_seek($res, 0); for ($i = 0; $i < $nbr_lignes; $i++) { $trow = pmb_mysql_fetch_row($res); if ($tparams['tocsv']['enclosure']) { foreach ($trow as $k => $v) { $trow[$k] = addcslashes($v, $tparams['tocsv']['enclosure']); } $row = $tparams['tocsv']['enclosure'] . implode($tparams['tocsv']['enclosure'] . $tparams['tocsv']['sep'] . $tparams['tocsv']['enclosure'], $trow) . $tparams['tocsv']['enclosure'] . "\r\n"; } else { $row = implode($tparams['tocsv']['sep'], $trow) . "\r\n"; } file_put_contents($tparams['tocsv']['filepath'], $row, FILE_APPEND); } } $result = array('name' => $name, 'report' => $report); return $result; } return array(); }