/** * @param Array keys * @param Boolean forLookup * @param String _table * @param String _field * @param String pageType * @return Array */ public function GetAddedDataLookupQuery($keys, $forLookup, $_table, $_field, $pageType) { $lookupMainSettings = getLookupMainTableSettings($this->tName, $_table, $_field, $pageType); if(!$lookupMainSettings) return array(); global $conn; $LookupSQL = ""; $mainField = $_field; $mainTable = $lookupMainSettings->getTableName(); $linkFieldName = $lookupMainSettings->getLinkField($mainField); $dispfield = $lookupMainSettings->getDisplayField($mainField); $nLookupType = $lookupMainSettings->getLookupType($mainField); if($nLookupType == LT_QUERY) { if($lookupMainSettings->getCustomDisplay($mainField)) $this->pSet->getSQLQuery()->AddCustomExpression($dispfield, $this->pSet, $mainTable, $mainField); $lookupQueryObj = $this->pSet->getSQLQuery()->CloneObject(); } else { $LookupSQL = "select "; $LookupSQL .= GetFullFieldName($linkFieldName, $this->tName, true); if($linkFieldName != $dispfield) $LookupSQL .= "," . $this->pSet->getLWDisplayField($mainField, true); $LookupSQL.=" from ".AddTableWrappers($this->strOriginalTableName); } $data = 0; $lookupIndexes = array("linkFieldIndex" => 0, "displayFieldIndex" => 0); if(count($keys)) { $where = KeyWhere($keys); if($nLookupType == LT_QUERY) $LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $where)); else $LookupSQL.=" where ".$where; $lookupIndexes = GetLookupFieldsIndexes($lookupMainSettings, $mainField); LogInfo($LookupSQL); if($forLookup) { $rs=db_query($LookupSQL,$conn); $data = $this->cipherer->DecryptFetchedArray($rs); } else if($LookupSQL) { $rs = db_query($LookupSQL,$conn); $data = db_fetch_numarray($rs); $data[$lookupIndexes["linkFieldIndex"]] = $this->cipherer->DecryptField($linkFieldName, $data[$lookupIndexes["linkFieldIndex"]]); if($nLookupType == LT_QUERY) $data[$lookupIndexes["displayFieldIndex"]] = $this->cipherer->DecryptField($dispfield, $data[$lookupIndexes["displayFieldIndex"]]); } } return array($data, array("linkField" => $linkFieldName, "displayField" => $dispfield , "linkFieldIndex" => $lookupIndexes["linkFieldIndex"], "displayFieldIndex" => $lookupIndexes["displayFieldIndex"])); }
/** * Read current values from the database * * @return {array} array of current record data */ function getCurrentRecordInternal() { if (!is_null($this->data)) { return $this->data; } global $conn; $query = $this->gQuery->Copy(); $strWhereClause = KeyWhere($this->keys); $strSQL = $this->gQuery->gSQLWhere($strWhereClause); $strSQLbak = $strSQL; // Before Query event if ($this->eventsObject->exists("BeforeQueryEdit")) { $this->eventsObject->BeforeQueryEdit($strSQL, $strWhereClause, $this); } if ($strSQLbak == $strSQL) { $strSQL = $this->gQuery->gSQLWhere($strWhereClause); } LogInfo($strSQL); $rs = db_query($strSQL, $conn); $this->data = $this->cipherer->DecryptFetchedArray($rs); if (!$this->data && $this->mode == EDIT_SIMPLE) { return $this->data; } foreach ($this->editFields as $fName) { if (@$_POST["a"] != "edited" && $this->pSet->isAutoUpdate($fName) && $this->pSet->getDefaultValue($fName) !== "") { $this->data[$fName] = $this->pSet->getDefaultValue($fName); } } if ($this->readEditValues) { foreach ($this->editFields as $fName) { $editFormat = $this->pSet->getEditFormat($fName); if ($editFormat == EDIT_FORMAT_DATABASE_FILE && $editFormat != EDIT_FORMAT_DATABASE_IMAGE && $editFormat != EDIT_FORMAT_FILE && !$this->pSet->isReadonly($fName)) { $this->data[$fName] = $this->editValues[$fName]; } } } if ($this->eventsObject->exists("ProcessValuesEdit")) { $this->eventsObject->ProcessValuesEdit($this->data, $this); } return $this->data; }
if ($pageObject->isShowDetailTables && !isMobile()) { $ids = $id; $pageObject->jsSettings['tableSettings'][$strTableName]['dpParams'] = array(); } // Before Process event if ($eventObj->exists("BeforeProcessView")) { $eventObj->BeforeProcessView($conn); } $strWhereClause = ''; $strHavingClause = ''; if (!$all) { // show one record only $keys = array(); $strWhereClause = ""; $keys["Record ID"] = postvalue("editid1"); $strWhereClause = KeyWhere($keys); $strSQL = gSQLWhere($strWhereClause); } else { if ($_SESSION[$strTableName . "_SelectedSQL"] != "" && @$_REQUEST["records"] == "") { $strSQL = $_SESSION[$strTableName . "_SelectedSQL"]; $strWhereClause = @$_SESSION[$strTableName . "_SelectedWhere"]; } else { $strWhereClause = @$_SESSION[$strTableName . "_where"]; $strHavingClause = @$_SESSION[$strTableName . "_having"]; $strSQL = gSQLWhere($strWhereClause, $strHavingClause); } // order by $strOrderBy = $_SESSION[$strTableName . "_order"]; if (!$strOrderBy) { $strOrderBy = $gstrOrderBy; }
$returnJSON = array("success" => false, "error" => 'Error: You have not permission for read this text'); echo printJSON($returnJSON); return; } if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (full text) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept($pSet->getFieldIndex($field)); } $keysArr = $pSet->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); } $where = KeyWhere($keys); $sql = $gQuery->gSQLWhere($where); $qResult = $_connection->query($sql); if (!$qResult || !($data = $cipherer->DecryptFetchedArray($qResult->fetchAssoc()))) { $returnJSON = array("success" => false, "error" => 'Error: Wrong SQL query'); echo printJSON($returnJSON); return; } $fieldValue = $data[$field]; $sessionPrefix = $pSet->getOriginalTableName(); if ($mode == LIST_DASHBOARD) { //set the session prefix for the dashboard list page $sessionPrefix = "Dashboard_" . $pSet->getOriginalTableName(); } if ($lookup) { //set the session prefix for the lookup list page
/** * Read current values from the database * * @return {array} array of current record data */ function getCurrentRecordInternal() { if (!is_null($this->data)) return $this->data; global $gstrOrderBy, $conn; $strWhereClause = ''; $strHavingClause = ''; if(!$this->all) { $strWhereClause = KeyWhere($this->keys); if($this->pSet->getAdvancedSecurityType()!=ADVSECURITY_ALL) $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Search")); $strSQL = $this->gQuery->gSQLWhere($strWhereClause); } else { if ($_SESSION[$this->tName."_SelectedSQL"]!="" && @$_REQUEST["records"]=="") { $strSQL = $_SESSION[$this->tName."_SelectedSQL"]; $strWhereClause=@$_SESSION[$this->tName."_SelectedWhere"]; } else { $strWhereClause = @$_SESSION[$this->tName."_where"]; $strHavingClause = @$_SESSION[$this->tName."_having"]; $strSearchCriteria = @$_SESSION[$this->tName."_criteria"]; $joinFromPart = @$_SESSION[$this->tName."_joinFromPart"]; if($this->pSet->getAdvancedSecurityType()==ADVSECURITY_VIEW_OWN && $strWhereClause=="") $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Search")); //$strSQL = $this->gQuery->gSQLWhere($strWhereClause, $strHavingClause, $strSearchCriteria); $strSQL = SQLQuery::gSQLWhere_having($this->gQuery->HeadToSql(), $this->gQuery->FromToSql().$joinFromPart, $this->gQuery->WhereToSql(), $this->gQuery->GroupByToSql(), $this->gQuery->Having()->toSql($this->gQuery), $strWhereClause, $strHavingClause, $strSearchCriteria); } // order by $strOrderBy = $_SESSION[$this->tName."_order"]; if(!$strOrderBy) $strOrderBy = $gstrOrderBy; $strSQL.=" ".trim($strOrderBy); } $strSQLbak = $strSQL; if($this->eventsObject->exists("BeforeQueryView")) $this->eventsObject->BeforeQueryView($strSQL, $strWhereClause, $this); if($strSQLbak == $strSQL) { //$strSQL = $this->gQuery->gSQLWhere($strWhereClause, $strHavingClause); $strSQL = SQLQuery::gSQLWhere_having($this->gQuery->HeadToSql(), $this->gQuery->FromToSql().$joinFromPart, $this->gQuery->WhereToSql(), $this->gQuery->GroupByToSql(), $this->gQuery->Having()->toSql($this->gQuery), $strWhereClause, $strHavingClause, $strSearchCriteria); if($this->all) { $numrows = $this->gQuery->gSQLRowCount($strWhereClause, $strHavingClause, $strSearchCriteria); $strSQL.=" ".trim($strOrderBy); } } else { // changed $strSQL - old style if($this->all) $numrows = GetRowCount($strSQL); } if(!$this->all) { LogInfo($strSQL); $rs = db_query($strSQL, $conn); } else { // Pagination: $nPageSize = 0; if(@$_REQUEST["records"]=="page" && $numrows) { $mypage = (integer)@$_SESSION[$this->tName."_pagenumber"]; $nPageSize = (integer)@$_SESSION[$this->tName."_pagesize"]; if($numrows <= ($mypage-1)*$nPageSize) $mypage = ceil($numrows/$nPageSize); if(!$nPageSize) $nPageSize = $gPageSize; if(!$mypage) $mypage = 1; $strSQL.=" limit ".(($mypage-1)*$nPageSize).",".$nPageSize; } $rs = db_query($strSQL,$conn); } $this->data = $this->cipherer->DecryptFetchedArray($rs); if(sizeof($this->data) && $this->eventsObject->exists("ProcessValuesView")) $this->eventsObject->ProcessValuesView($this->data, $this); return $this->data; }
/** * @param Boolean forLookup * @param String mainTableShortName * @param String mainField * @param String pageType * @return Array */ protected function GetAddedDataLookupQuery($forLookup, $mainTableShortName, $mainField, $pageType) { $lookupMainSettings = getLookupMainTableSettings($this->tName, $mainTableShortName, $mainField, $pageType); if (!$lookupMainSettings) { return array(); } $LookupSQL = ""; $mainTable = $lookupMainSettings->getTableName(); $linkFieldName = $lookupMainSettings->getLinkField($mainField); $dispfield = $lookupMainSettings->getDisplayField($mainField); if ($lookupMainSettings->getCustomDisplay($mainField)) { $this->pSet->getSQLQuery()->AddCustomExpression($dispfield, $this->pSet, $mainTable, $mainField); } $lookupQueryObj = $this->pSet->getSQLQuery()->CloneObject(); $data = array(); $lookupIndexes = array("linkFieldIndex" => 0, "displayFieldIndex" => 0); if (count($this->keys)) { $where = KeyWhere($this->keys); $LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $where)); $lookupIndexes = GetLookupFieldsIndexes($lookupMainSettings, $mainField); LogInfo($LookupSQL); if ($forLookup) { $data = $this->cipherer->DecryptFetchedArray($this->connection->query($LookupSQL)->fetchAssoc()); } else { if ($LookupSQL) { $data = $this->connection->query($LookupSQL)->fetchNumeric(); $data[$lookupIndexes["linkFieldIndex"]] = $this->cipherer->DecryptField($linkFieldName, $data[$lookupIndexes["linkFieldIndex"]]); $data[$lookupIndexes["displayFieldIndex"]] = $this->cipherer->DecryptField($dispfield, $data[$lookupIndexes["displayFieldIndex"]]); } } } return array($data, array("linkField" => $linkFieldName, "displayField" => $dispfield, "linkFieldIndex" => $lookupIndexes["linkFieldIndex"], "displayFieldIndex" => $lookupIndexes["displayFieldIndex"])); }
/** * Delete selected records */ function deleteRecords() { global $globalEvents; $this->deleteMessage = ""; if (@$_REQUEST["mdelete"]) { foreach (@$_REQUEST["mdelete"] as $ind) { for ($i = 0; $i < count($this->arrKeyFields); $i++) { $keys[$this->arrKeyFields[$i]] = refine($_REQUEST["mdelete" . ($i + 1)][mdeleteIndex($ind)]); } $this->selectedRecs[] = $keys; } } elseif (@$_REQUEST["selection"]) { foreach (@$_REQUEST["selection"] as $keyblock) { $arr = explode("&", refine($keyblock)); if (count($arr) < count($this->arrKeyFields)) { continue; } for ($i = 0; $i < count($this->arrKeyFields); $i++) { $keys[$this->arrKeyFields[$i]] = urldecode(@$arr[$i]); } $this->selectedRecs[] = $keys; } } $this->recordsDeleted = 0; $this->lockDelRec = array(); foreach ($this->selectedRecs as $keys) { $where = KeyWhere($keys); // delete only owned records if ($this->nSecOptions != ADVSECURITY_ALL && $this->nLoginMethod == SECURITY_TABLE && $this->createLoginPage) { $where = whereAdd($where, SecuritySQL("Delete")); } $strSQl = "delete from " . AddTableWrappers($this->origTName) . " where " . $where; $retval = true; $deletedrs = db_query(SQLQuery::gSQLWhere_having($this->gsqlHead, $this->gsqlFrom, $this->gsqlWhereExpr, $this->gsqlGroupBy, $this->gsqlHaving, $where), $this->conn); $deleted_values = $this->cipherer->DecryptFetchedArray($deletedrs); if ($globalEvents->exists("IsRecordEditable", $this->tName)) { if (!$globalEvents->IsRecordEditable($deleted_values, true, $this->tName)) { continue; } } if ($this->eventExists("BeforeDelete")) { $tdeleteMessage = $this->deleteMessage; $retval = $this->eventsObject->BeforeDelete($where, $deleted_values, $tdeleteMessage, $this); $this->deleteMessage = $tdeleteMessage; } $lockRecord = false; if ($this->lockingObj) { $lockWhere = ""; foreach ($keys as $keysvalue) { $lockWhere .= rawurlencode($keysvalue) . "&"; } $lockWhere = substr($lockWhere, 0, -1); $lockSQL = "select * from " . AddTableWrappers("") . " where " . AddFieldWrappers("keys") . "=" . db_prepare_string($lockWhere) . " and " . AddFieldWrappers("table") . "=" . db_prepare_string($this->origTName) . " and " . AddFieldWrappers("action") . "=1"; $lockSet = db_query($lockSQL, $this->conn); if ($data = db_fetch_array($lockSet)) { $lockRecord = true; $this->lockDelRec[] = $keys; } if ($this->mode == LIST_SIMPLE) { $_SESSION[$this->sessionPrefix . "_lockDelRec"] = $this->lockDelRec; } } if (!$lockRecord && @$_REQUEST["a"] == "delete" && $retval) { $this->recordsDeleted++; // delete associated uploaded files if any DeleteUploadedFiles($this->pSet, $deleted_values); LogInfo($strSQl); db_exec($strSQl, $this->conn); if ($this->audit && $deleted_values) { $fieldsList = $this->pSet->getFieldsList(); $i = 0; foreach ($deleted_values as $key => $value) { if (IsBinaryType($this->pSet->getFieldType($fieldsList[$i]))) { $deleted_audit_values[$fieldsList[$i]] = $value; } else { $deleted_audit_values[$key] = $value; } $i++; } $this->audit->LogDelete($this->tName, $deleted_audit_values, $keys); } if ($this->eventExists("AfterDelete")) { $tdeleteMessage = $this->deleteMessage; $this->eventsObject->AfterDelete($where, $deleted_values, $tdeleteMessage, $this); $this->deleteMessage = $tdeleteMessage; } } if (strlen($this->deleteMessage)) { $this->xt->assignbyref("message", $this->deleteMessage); $this->xt->assign("message_block", true); } } if (count($this->selectedRecs) && $this->eventExists("AfterMassDelete")) { $this->eventsObject->AfterMassDelete($this->recordsDeleted, $this); } }
/** * Read values from the database by keys * * @return {mixed} array of current record data or false */ function getRecordData() { global $conn, $gSettings, $gQuery, $cipherer; if ($this->location != PAGE_EDIT && $this->location != PAGE_VIEW && $this->location != PAGE_LIST && $this->location != 'grid' && !$next) { return false; } if ($this->isGetNext) { $this->isGetNext = false; $keys = $this->selectedKeys[$this->nextInd]; $this->nextInd = $this->nextInd + 1; } else { $keys = $this->currentKeys; } $strWhereClause = KeyWhere($keys); $strSQL = $gQuery->gSQLWhere($strWhereClause); $strSQLbak = $strSQL; if ($strSQLbak == $strSQL) { $strSQL = $gQuery->gSQLWhere($strWhereClause); } LogInfo($strSQL); $rs = db_query($strSQL, $conn); $data = $cipherer->DecryptFetchedArray($rs); foreach ($data as $fName => $val) { $isBlobField = false; if ($this->location == PAGE_EDIT) { $editFormat = $gSettings->getEditFormat($fName); if ($editFormat == EDIT_FORMAT_DATABASE_FILE || $editFormat == EDIT_FORMAT_DATABASE_IMAGE) { $isBlobField = true; } if (@$_POST["a"] != "edited" && $gSettings->isAutoUpdate($fName) && $gSettings->getDefaultValue($fName)) { $data[$fName] = $gSettings->getDefaultValue($fName); } } else { $viewFormat = $gSettings->getViewFormat($fName); if ($viewFormat == FORMAT_DATABASE_FILE || $viewFormat == FORMAT_DATABASE_IMAGE || $viewFormat == FORMAT_FILE_IMAGE) { $isBlobField = true; } } if ($isBlobField) { if ($data[$fName]) { $data[$fName] = true; } else { $data[$fName] = false; } } } return $data; }
function GetAddedDataLookupQuery($pageObject, $keys, $forLookup) { global $conn, $strTableName, $strOriginalTableName; $LookupSQL = ""; $linkfield = ""; $dispfield = ""; $noBlobReplace = false; $lookupFieldName = ""; if ($LookupSQL && $nLookupType != LT_QUERY) { $LookupSQL .= " from " . AddTableWrappers($strOriginalTableName); } $data = 0; $lookupIndexes = array("linkFieldIndex" => 0, "displayFieldIndex" => 0); if (count($keys)) { $where = KeyWhere($keys); if ($nLookupType == LT_QUERY) { $LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $where)); } else { $LookupSQL .= " where " . $where; } $lookupIndexes = GetLookupFieldsIndexes($lookupPSet, $lookupFieldName); LogInfo($LookupSQL); if ($forLookup) { $rs = db_query($LookupSQL, $conn); $data = $pageObject->cipherer->DecryptFetchedArray($rs); } else { if ($LookupSQL) { $rs = db_query($LookupSQL, $conn); $data = db_fetch_numarray($rs); $data[$lookupIndexes["linkFieldIndex"]] = $pageObject->cipherer->DecryptField($linkFieldName, $data[$lookupIndexes["linkFieldIndex"]]); if ($nLookupType == LT_QUERY) { $data[$lookupIndexes["displayFieldIndex"]] = $pageObject->cipherer->DecryptField($dispfield, $data[$lookupIndexes["displayFieldIndex"]]); } } } } return array($data, array("linkField" => $linkFieldName, "displayField" => $dispfield, "linkFieldIndex" => $lookupIndexes["linkFieldIndex"], "displayFieldIndex" => $lookupIndexes["displayFieldIndex"])); }
/** * @intellisense */ function GetImageFromDB($gQuery, $forPDF = false, $params = array()) { global $cman; if (!$forPDF) { $table = postvalue("table"); $strTableName = GetTableByShort($table); $settings = new ProjectSettings($strTableName); if (!checkTableName($table)) { return ''; } @ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); $field = postvalue("field"); if (!$settings->checkFieldPermissions($field)) { return DisplayNoImage(); } // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); } } else { $table = @$params["table"]; $strTableName = GetTableByShort($table); if (!checkTableName($table)) { exit(0); } $settings = new ProjectSettings($strTableName); $field = @$params["field"]; // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = @$params["key" . ($ind + 1)]; } } $connection = $cman->byTable($strTableName); if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (image) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field)); } $where = KeyWhere($keys); $sql = $gQuery->gSQLWhere($where); $data = $connection->query($sql)->fetchAssoc(); if ($forPDF) { if ($data) { return $data[$field]; } } else { if (!$data) { return DisplayNoImage(); } if (postvalue('src') == 1) { $value = myfile_get_contents('images/icons/jpg.png'); } else { $value = $connection->stripSlashesBinary($data[$field]); } if (!$value) { if (postvalue("alt")) { $value = $connection->stripSlashesBinary($data[postvalue("alt")]); if (!$value) { return DisplayNoImage(); } } else { return DisplayNoImage(); } } $itype = SupposeImageType($value); if (!$itype) { return DisplayFile(); } if (!isset($pdf)) { header("Content-Type: " . $itype); header("Cache-Control: private"); SendContentLength(strlen_bin($value)); } echoBinary($value); return ''; } }
/** * Read values from the database by keys * * @return {mixed} array of current record data or false */ function getRecordData() { global $gSettings, $gQuery, $cipherer, $strTableName, $cman; if ($this->location != PAGE_EDIT && $this->location != PAGE_VIEW && $this->location != PAGE_LIST && $this->location != 'grid' && !$next) { return false; } $connection = $cman->byTable($strTableName); if ($this->isGetNext) { $this->isGetNext = false; $keys = $this->selectedKeys[$this->nextInd]; $this->nextInd = $this->nextInd + 1; } else { $keys = $this->currentKeys; } $strWhereClause = KeyWhere($keys); if ($gSettings->getAdvancedSecurityType() != ADVSECURITY_ALL) { if ($this->location == PAGE_EDIT) { $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Edit")); } else { $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Search")); } } $strSQL = $gQuery->gSQLWhere($strWhereClause); $strSQLbak = $strSQL; if ($strSQLbak == $strSQL) { $strSQL = $gQuery->gSQLWhere($strWhereClause); } LogInfo($strSQL); $data = $cipherer->DecryptFetchedArray($connection->query($strSQL)->fetchAssoc()); $res = array(); // .net compatibility foreach ($data as $fName => $val) { $res[$fName] = $val; $isBlobField = false; if ($this->location == PAGE_EDIT) { $editFormat = $gSettings->getEditFormat($fName); if ($editFormat == EDIT_FORMAT_DATABASE_FILE || $editFormat == EDIT_FORMAT_DATABASE_IMAGE) { $isBlobField = true; } if (@$_POST["a"] != "edited" && $gSettings->getAutoUpdateValue($fName)) { $res[$fName] = $gSettings->getAutoUpdateValue($fName); } } else { $viewFormat = $gSettings->getViewFormat($fName); if ($viewFormat == FORMAT_DATABASE_FILE || $viewFormat == FORMAT_DATABASE_IMAGE || $viewFormat == FORMAT_FILE_IMAGE) { $isBlobField = true; } } if ($isBlobField) { if ($data[$fName]) { $res[$fName] = true; } else { $res[$fName] = false; } } } return $res; }
/** * Read current values from the database * * @return {array} array of current record data */ function getCurrentRecordInternal() { if (!is_null($this->data)) return $this->data; global $conn; $query = $this->gQuery->Copy(); $strWhereClause = KeyWhere($this->keys); if($this->pSet->getAdvancedSecurityType()!=ADVSECURITY_ALL) // select only owned records $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Edit")); $strSQL = $this->gQuery->gSQLWhere($strWhereClause); $strSQLbak = $strSQL; // Before Query event if($this->eventsObject->exists("BeforeQueryEdit")) $this->eventsObject->BeforeQueryEdit($strSQL, $strWhereClause, $this); if($strSQLbak == $strSQL) $strSQL = $this->gQuery->gSQLWhere($strWhereClause); LogInfo($strSQL); $rs = db_query($strSQL, $conn); $this->data = $this->cipherer->DecryptFetchedArray($rs); if(!$this->data && $this->mode == EDIT_SIMPLE) return $this->data; foreach($this->editFields as $fName) { if(@$_POST["a"]!= "edited" && $this->pSet->getAutoUpdateValue($fName) !== "") $this->data[$fName] = $this->pSet->getAutoUpdateValue($fName); } if($this->readEditValues) { foreach($this->editFields as $fName) { $editFormat = $this->pSet->getEditFormat($fName); if($editFormat == EDIT_FORMAT_DATABASE_FILE && $editFormat!=EDIT_FORMAT_DATABASE_IMAGE && $editFormat!=EDIT_FORMAT_FILE && !$this->pSet->isReadonly($fName)) $this->data[$fName] = $this->editValues[$fName]; } } if($this->eventsObject->exists("ProcessValuesEdit")) $this->eventsObject->ProcessValuesEdit($this->data, $this); return $this->data; }
/** * @param Boolean useOldKeys * @return String */ public function getWhereClause($useOldKeys) { $strWhereClause = ""; if ($useOldKeys) { $strWhereClause = KeyWhere($this->oldKeys); } else { if ($this->checkKeysSet()) { $strWhereClause = KeyWhere($this->keys); } elseif ($this->mode == EDIT_DASHBOARD) { $whereComponents = $this->getWhereComponents(); $strWhereClause = $whereComponents["searchWhere"]; } else { $strWhereClause = $_SESSION[$this->sessionPrefix . "_where"]; } } if ($this->pSet->getAdvancedSecurityType() != ADVSECURITY_ALL) { // select only owned records $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Edit", $this->tName)); } return $strWhereClause; }
$selected_recs[] = $keys; } } elseif (@$_REQUEST["selection"]) { foreach (@$_REQUEST["selection"] as $keyblock) { $arr = explode("&", refine($keyblock)); if (count($arr) < 1) { continue; } $keys = array(); $keys["id"] = urldecode($arr[0]); $selected_recs[] = $keys; } } foreach ($selected_recs as $keys) { $sWhere = $sWhere . " or "; $sWhere .= KeyWhere($keys); } $strSQL = $gQuery->gSQLWhere($sWhere); $strWhereClause = $sWhere; } else { $strWhereClause = @$_SESSION[$strTableName . "_where"]; $strHavingClause = @$_SESSION[$strTableName . "_having"]; $strSearchCriteria = @$_SESSION[$strTableName . "_criteria"]; $strSQL = $gQuery->gSQLWhere($strWhereClause, $strHavingClause, $strSearchCriteria); } if (postvalue("pdf")) { $strWhereClause = @$_SESSION[$strTableName . "_pdfwhere"]; } $_SESSION[$strTableName . "_pdfwhere"] = $strWhereClause; $strOrderBy = $_SESSION[$strTableName . "_order"]; if (!$strOrderBy) {
/** * Read current values from the database * @return Array The current record data */ public function getCurrentRecordInternal() { if (!is_null($this->data)) { return $this->data; } $strWhereClause = ""; $orderClause = ""; $keysSet = $this->checkKeysSet(); if ($keysSet) { $strWhereClause = KeyWhere($this->keys); } elseif ($this->mode == VIEW_DASHBOARD) { $whereComponents = $this->getWhereComponents(); $strWhereClause = $whereComponents["searchWhere"]; } else { $orderClause = $this->getOrderByClause(); $strWhereClause = $_SESSION[$this->sessionPrefix . "_where"]; } if ($this->pSet->getAdvancedSecurityType() != ADVSECURITY_ALL) { $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Search", $this->tName)); } $strSQL = $this->gQuery->gSQLWhere($strWhereClause); if (!$keysSet) { $strSQL = applyDBrecordLimit($strSQL . $orderClause, 1, $this->connection->dbType); } $strSQLbak = $strSQL; $strWhereClauseBak = $strWhereClause; if ($this->eventsObject->exists("BeforeQueryView")) { $this->eventsObject->BeforeQueryView($strSQL, $strWhereClause, $this); } if ($strSQLbak == $strSQL && $strWhereClauseBak != $strWhereClause) { // user didn't change the query string but changed $strWhereClause $strSQL = $this->gQuery->gSQLWhere($strWhereClause); if (!$keysSet) { $strSQL = applyDBrecordLimit($strSQL . $orderClause, 1, $this->connection->dbType); } } LogInfo($strSQL); $fetchedArray = $this->connection->query($strSQL)->fetchAssoc(); $this->data = $this->cipherer->DecryptFetchedArray($fetchedArray); if (!$keysSet) { $this->keys = $this->getKeysFromData($this->data); $this->setKeysForJs(); } if (sizeof($this->data) && $this->eventsObject->exists("ProcessValuesView")) { $this->eventsObject->ProcessValuesView($this->data, $this); } return $this->data; }
// after edit event if ($pageObject->lockingObj && $inlineedit == EDIT_INLINE) { $pageObject->lockingObj->UnlockRecord($strTableName, $savedKeys, ""); } if ($auditObj || $eventObj->exists("AfterEdit")) { foreach ($dataold as $idx => $val) { if (!array_key_exists($idx, $evalues)) { $evalues[$idx] = $val; } } } if ($auditObj) { $auditObj->LogEdit($strTableName, $evalues, $dataold, $keys); } if ($eventObj->exists("AfterEdit")) { $eventObj->AfterEdit($evalues, KeyWhere($keys), $dataold, $keys, (bool) $inlineedit, $pageObject); } $mesClass = "mes_ok"; } elseif ($inlineedit != EDIT_INLINE) { $mesClass = "mes_not"; } } else { $message = $usermessage; $readevalues = true; $status = "DECLINED"; } } if ($readevalues) { $keys = $savedKeys; } }
function GetImageFromDB($gQuery, $forPDF = false, $params = array()) { global $conn; if (!$forPDF) { $table = postvalue("table"); $strTableName = GetTableByShort($table); $settings = new ProjectSettings($strTableName); if (!checkTableName($table)) { return ''; } //include("include/".$table."_variables.php"); @ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); if (!isLogged() || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) { header("Location: login.php"); return; } $field = postvalue("field"); if (!$settings->checkFieldPermissions($field)) { return DisplayNoImage(); } // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); } } else { $table = @$params["table"]; $strTableName = GetTableByShort($table); if (!checkTableName($table)) { exit(0); } $settings = new ProjectSettings($strTableName); $field = @$params["field"]; // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = @$params["key" . ($ind + 1)]; } } if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (image) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field)); } $where = KeyWhere($keys); $sql = $gQuery->gSQLWhere($where); $rs = db_query($sql, $conn); if ($forPDF) { if ($rs && ($data = db_fetch_array($rs))) { return $data[$field]; } } else { if (!$rs || !($data = db_fetch_array($rs))) { return DisplayNoImage(); } if (postvalue('src') == 1 && strlen($data[$field]) > 51200) { $value = myfile_get_contents('images/icons/jpg.png'); } else { $value = db_stripslashesbinary($data[$field]); } if (!$value) { if (postvalue("alt")) { $value = db_stripslashesbinary($data[postvalue("alt")]); if (!$value) { return DisplayNoImage(); } } else { return DisplayNoImage(); } } $itype = SupposeImageType($value); if (!$itype) { return DisplayFile(); } if (!isset($pdf)) { header("Content-Type: " . $itype); header("Cache-Control: private"); SendContentLength(strlen_bin($value)); } echoBinary($value); return ''; } }
/** * Read current values from the database * * @return {array} array of current record data */ function getCurrentRecordInternal() { if (!is_null($this->data)) { return $this->data; } global $gstrOrderBy, $conn; $strWhereClause = ''; $strHavingClause = ''; if (!$this->all) { // show one record only $this->setKeys(); $strWhereClause = KeyWhere($this->keys); $strSQL = $this->gQuery->gSQLWhere($strWhereClause); } else { if ($_SESSION[$this->tName . "_SelectedSQL"] != "" && @$_REQUEST["records"] == "") { $strSQL = $_SESSION[$this->tName . "_SelectedSQL"]; $strWhereClause = @$_SESSION[$this->tName . "_SelectedWhere"]; } else { $strWhereClause = @$_SESSION[$this->tName . "_where"]; $strHavingClause = @$_SESSION[$this->tName . "_having"]; $strSearchCriteria = @$_SESSION[$this->tName . "_criteria"]; $strSQL = $this->gQuery->gSQLWhere($strWhereClause, $strHavingClause, $strSearchCriteria); } // order by $strOrderBy = $_SESSION[$this->tName . "_order"]; if (!$strOrderBy) { $strOrderBy = $gstrOrderBy; } $strSQL .= " " . trim($strOrderBy); } $strSQLbak = $strSQL; if ($this->eventsObject->exists("BeforeQueryView")) { $this->eventsObject->BeforeQueryView($strSQL, $strWhereClause, $this); } if ($strSQLbak == $strSQL) { $strSQL = $this->gQuery->gSQLWhere($strWhereClause, $strHavingClause); if ($this->all) { $numrows = $this->gQuery->gSQLRowCount($strWhereClause, $strHavingClause, $strSearchCriteria); $strSQL .= " " . trim($strOrderBy); } } else { // changed $strSQL - old style if ($this->all) { $numrows = GetRowCount($strSQL); } } if (!$this->all) { LogInfo($strSQL); $rs = db_query($strSQL, $conn); } else { // Pagination: $nPageSize = 0; if (@$_REQUEST["records"] == "page" && $numrows) { $mypage = (int) @$_SESSION[$this->tName . "_pagenumber"]; $nPageSize = (int) @$_SESSION[$this->tName . "_pagesize"]; if ($numrows <= ($mypage - 1) * $nPageSize) { $mypage = ceil($numrows / $nPageSize); } if (!$nPageSize) { $nPageSize = $gPageSize; } if (!$mypage) { $mypage = 1; } $maxrecs = $nPageSize; $strSQL .= " limit " . $nPageSize . " offset " . ($mypage - 1) * $nPageSize; } $rs = db_query($strSQL, $conn); } $this->data = $this->cipherer->DecryptFetchedArray($rs); if (sizeof($this->data) && $this->eventsObject->exists("ProcessValuesView")) { $this->eventsObject->ProcessValuesView($this->data, $this); } return $this->data; }
/** * @param Boolean useOldKeys * @return String */ public function getWhereClause($useOldKeys) { $strWhereClause = ""; if ($useOldKeys) { $strWhereClause = KeyWhere($this->oldKeys); } else { if ($this->checkKeysSet()) { $strWhereClause = KeyWhere($this->keys); } elseif ($this->mode == EDIT_DASHBOARD) { $whereComponents = $this->getWhereComponents(); $strWhereClause = $whereComponents["searchWhere"]; } else { $strWhereClause = $_SESSION[$this->sessionPrefix . "_where"]; } } return $strWhereClause; }