$msg = html2cell($done); #echo $done; #ereg('<error>(.*)</error>(.*)<message>(.*)</message>', $done, $s3qlout); if ($msg[2]['error_code'] == '0') { #echo str_replace(array('&rule_id='.$_REQUEST['rule_id'], '&action=delete'),array('',''),$action['editrules']); Header('Location:' . str_replace(array('&rule_id=' . $_REQUEST['rule_id'], '&action=delete'), array('', ''), $action['editrules'])); #since resource has became extinct, redirect to the project's page exit; } else { $message .= '<br />' . $msg[2]['message']; } } #include all the javascript functions for the menus... include '../S3DBjavascript.php'; #and the short menu for the resource script $rule_info = URIinfo('R' . $rule_id, $user_id, $key, $db); $message .= "Do you really want to delete this rule? <br /> Select 'Delete Rule' to remove all the statements that depend on this rule; select 'Unlink' to remove the rule from this project but leave it available for other projects"; } ?> <table class="middle" width="100%" align="center"> <tr><td> <table class="insidecontents" width="90%" align="center" border="0"> <tr><td class="message" colspan="9"><br /></td></tr> <tr bgcolor="#80BBFF"><td align="center" colspan="8">Delete Rule<input type="hidden" name="rule_id" value="7"></td></tr> <tr class="odd"> <?php echo '<td class="message" colspan="8">' . $message . '</b><br /><br /></td>'; ?> </tr> <tr class="odd">
function fileUploadFromValue($s3ql, $db, $user_id) { //is there a filename? $filename = $s3ql['where']['file_name'] != '' ? $s3ql['where']['file_name'] : 'file_' . random_string(10) . '_' . $s3ql['where']['rule_id'] . '_' . $s3ql['where']['item_id'] . '.txt'; //when statement_id is provided, use it; if file exists, append, otherwise create if ($s3ql['where']['statement_id'] != '') { $statement_id = $s3ql['where']['statement_id']; $stat_info = URIinfo('S' . $statement_id, $user_id, $s3ql['key'], $db); if (!is_array($stat_info)) { $msg = "Statement " . $statement_id . " not found"; return $msg; } elseif (!$stat_info['change']) { $msg = "User does not have permission to edut S" . $statement_id . "."; return $msg; } if ($s3ql['where']['file_name'] != '' && $stat_info['file_name'] != $filename) { $msg = "Statement_id " . $statement_id . " does not have a file called " . $filename; return $msg; } $filename = $stat_info['file_name']; $rule_id = $stat_info['rule_id']; $project_id = $stat_info['project_id']; $folder = $stat_info['project_folder']; $item_id = $stat_info['item_id']; } ereg('.*\\.([a-zA-Z0-9]*)$', $filename, $tmp); $extension = $tmp[1]; $name = ereg_replace('\\.' . $extension . '$', '', $filename); if ($statement_id) { //if there is already #find the file, open it, add the fragment and return $maindir = $GLOBALS['s3db_info']['server']['db']['uploads_folder'] . $GLOBALS['s3db_info']['server']['db']['uploads_file']; $fileLocation = $maindir . '/' . $folder; $file_in_folder = $fileLocation . '/' . $name . '_' . $project_id . '_' . $item_id . '_' . $rule_id . '_' . strval($statement_id) . '.' . $extension; if (is_file($file_in_folder)) { $a = fopen($file_in_folder, 'a'); if (fwrite($a, $s3ql['where']['value'])) { $s3ql['statement_id'] = $statement_id; $s3ql['file_name'] = $filename; return $s3ql; } } } //when the file already exists, append the value to the end of the file if (!$s3ql['where']['statement_id'] && $s3ql['where']['file_name'] != '') { $s3qlS = compact('db', 'user_id'); $s3qlS['from'] = 'statement'; $where = array_filter(array_diff_key($s3ql['where'], array('value' => ''))); $s3qlS['where'] = $where; $statements = S3QLaction($s3qlS); if (count($statements) > 1) { $msg = "There is more than 1 file to be updated. Plase specify statement_id where the file should be edited."; return $msg; } else { #find the file, open it, add the fragment and return $folder = $statements[0]['project_folder']; $maindir = $GLOBALS['s3db_info']['server']['db']['uploads_folder'] . $GLOBALS['s3db_info']['server']['db']['uploads_file']; $fileLocation = $maindir . '/' . $folder; $file_in_folder = $fileLocation . '/' . $name . '_' . $statements[0]['project_id'] . '_' . $statements[0]['item_id'] . '_' . $statements[0]['rule_id'] . '_' . strval($statements[0]['statement_id']) . '.' . $extension; if (is_file($file_in_folder)) { $a = fopen($file_in_folder, 'a'); if (fwrite($a, $s3ql['where']['value'])) { $s3ql['statement_id'] = $statements[0]['statement_id']; $s3ql['file_name'] = $filename; return $s3ql; } } } } //If we have not appended anything, create the file at this point //create a filekey $filekey = generateAFilekey(array('filename' => $filename, 'filesize' => '', 'db' => $db, 'user_id' => $user_id)); $filedata = get_filekey_data($filekey, $db); //crate a new file on the s3db side $maindir = $GLOBALS['s3db_info']['server']['db']['uploads_folder'] . $GLOBALS['s3db_info']['server']['db']['uploads_file']; $fileFullName = $maindir . '/tmps3db/' . $filedata['file_id'] . '.' . $extension; $fileCreated = fopen($fileFullName, 'w'); if (!$fileCreated) { return false; } else { fwrite($fileCreated, $s3ql['where']['value']); fclose($fileCreated); //$filedata = get_filekey_data($filekey, $db); //now remove the value and add the filekey to the query $s3ql['where'] = array_filter(array_diff_key($s3ql['where'], array('value' => '', 'file_name' => ''))); $s3ql['where']['filekey'] = $filekey; return $s3ql; } }
Header('Location: http://' . $def . '/s3db/'); exit; } $key = $_GET['key']; #Get the key, send it to check validity include_once '../core.header.php'; if ($key) { $user_id = get_entry('access_keys', 'account_id', 'key_id', $key, $db); } else { $user_id = $_SESSION['user']['account_id']; } $args = '?key=' . $_REQUEST['key']; $remoteelement = 'project'; $remoteelement_id = $GLOBALS['s3ids'][$remoteelement]; include '../webActions.php'; $deployment_info = URIinfo('D' . $GLOBALS['Did'], $user_id, $key, $db); #CREATE THE HEADER AND SET THE TPL FILE //if(!$deployment_info['add_data']) //{ // //echo "User cannot create projects in this Deployment"; //exit; //} if ($_POST['submit']) { $s3ql = compact('user_id', 'db'); $s3ql['insert'] = $remoteelement; $s3ql['where'] = array($remoteelement_id => $_POST[$remoteelement_id]); $s3ql['format'] = 'html'; $done = S3QLaction($s3ql); $msg = html2cell($done); $msg = $msg[2];
if (file_exists('../config.inc.php')) { include '../config.inc.php'; } else { Header('Location: http://' . $def . '/s3db/'); exit; } $key = $_GET['key']; #Get the key, send it to check validity include_once '../core.header.php'; if ($key) { $user_id = get_entry('access_keys', 'account_id', 'key_id', $key, $db); } else { $user_id = $_SESSION['user']['account_id']; } $statement_id = $_REQUEST['statement_id']; $statement_info = URIinfo('S' . $statement_id, $user_id, $key, $db); if (!$statement_info['delete']) { echo "User cannot delete this statement"; exit; } else { $project_info = get_info('project', $statement_info['project_id'], $db); $instance_info = get_info('instance', $statement_info['resource_id'], $db); $statements[0] = $statement_info; $statements = include_rule_info($statements, $project_id, $db); $statements = include_button_notes($statements, $project_id, $db); $statements = Values2Links($statements); $statement_info = $statements[0]; #echo '<pre>';print_r($statement_info); if ($_POST['delete_statement'] != '') { $s3ql = compact('db', 'user_id'); $s3ql['delete'] = 'statement';
if ($class_id == '' && $project_id == '' && $_SESSION['queryresult'] == '') { echo $GLOBALS['messages']['something_missing'] . "<message>Please specify a class_id</message>"; exit; } if ($_SESSION['queryresult'] != '') { $class_id = $_REQUEST['collection_id'] == '' ? $_REQUEST['class_id'] : $_REQUEST['collection_id']; } if ($project_id != '') { $project_info = URIinfo('P' . $project_id, $user_id, $key, $db); if (!$project_info['view']) { echo $GLOBALS['messages']['no_permission_message'] . '<message>User does not have permission in project</message>'; exit; } } if ($class_id != '') { $class_info = URIinfo('C' . $class_id, $user_id, $key, $db); if (!$class_info['view']) { echo $GLOBALS['messages']['no_permission_message'] . '<message>User does not have permission in class</message>'; exit; } } $s3ql = compact('db', 'user_id'); require_once 'Spreadsheet/Excel/Writer.php'; // Creating a workbook $workbook = new Spreadsheet_Excel_Writer(); // sending HTTP headers // Creating a worksheet per resource if ($class_id != '') { $class_id = $_REQUEST['class_id']; $resources[0] = $class_info; } else {
$project_id = $_REQUEST['project_id']; $rule_id = $_REQUEST['rule_id']; $class_id = $_REQUEST['collection_id'] != '' ? $_REQUEST['collection_id'] : $_REQUEST['class_id']; $uid = 'C' . $class_id; if ($rule_id == '' && $class_id == '') { echo "Please specify a class_id or a rule_id" . exit; } if ($rule_id != '') { $rule_info = URIinfo('R' . $rule_id, $user_id, $key, $db); if (!$rule_info['view']) { echo "User does not have access to this rule"; exit; } } if ($class_id) { $collection_info = URIinfo('C' . $class_id, $user_id, $key, $db); #$pl = permission4Resource(array('uid'=>'C'.$class_id, 'shared_with'=>'U'.$user_id, 'db'=>$db, 'user_id'=>$user_id)); #$info['C'.$class_id] = URIinfo('C'.$class_id, $user_id, $key, $db); #$pl = permission_level($pl,'C'.$class_id, $user_id, $db); if (!$collection_info['view']) { echo "User does not have access to this class"; exit; } } # #define a few usefull html vars if ($_GET['page'] != '') { $_SESSION['current_page'] = $_GET['page']; } else { $_SESSION['current_page'] = 1; }
function selectQuery($D) { global $timer; extract($D); if ($s3ql['from'] == 'deployment') { $data[0] = array('mothership' => $GLOBALS['s3db_info']['deployment']['mothership'], 'deployment_id' => $GLOBALS['s3db_info']['deployment']['Did'], 'self' => '1', 'description' => $GLOBALS['s3db_info']['server']['site_intro'], 'url' => S3DB_URI_BASE, 'message' => 'Successfully connected to deployment ' . $GLOBALS['s3db_info']['deployment']['Did'] . '. Please provice a key to query the data (for example: ' . ($_SERVER['https'] == 'on' ? 'https://' : 'http://') . $def . S3DB_URI_BASE . '/URI.php?key=xxxxxxxx. For syntax specification and instructions refer to http://s3db.org/'); #return $data; } #echo '<pre>';print_r($s3ql); if (in_array($s3ql['from'], array_keys($GLOBALS['plurals']))) { $s3ql['from'] = $GLOBALS['plurals'][$s3ql['from']]; } #echo '<pre>';print_r($s3ql);exit; if ($s3ql['from'] == 'classes') { $s3ql['from'] = 'collections'; } if ($s3ql['from'] == 'instances') { $s3ql['from'] = 'items'; } if ($s3ql['from'] == 'keys' && $_SESSION['db'] == '') { return formatReturn($GLOBALS['error_codes']['not_a_query'], 'Access keys cannot be queried in the API.', $s3ql['format'], ''); exit; } if (eregi('^t', $s3ql['shared'])) { $shared = true; #shared being set to true will tell s3ql that he should not only retrieved uid native to the upstream resource being queried, but those that propagate toward it $s3ql = array_delete($s3ql, 'shared'); } if ($s3ql['from'] == 'permission' && $user_id != 1) { return formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User cannot query permissions.', $s3ql['format'], ''); exit; } if (eregi('^t', $s3ql['shared'])) { $shared = true; #shared being set to true will tell s3ql that he should not only retrieved uid native to the upstream resource being queried, but those that propagate toward it $s3ql = array_delete($s3ql, 'shared'); } if (eregi('complete', $s3ql['display'])) { $complete = true; #complete will tell s3ql that dictionary terms should be added to the output $s3ql = array_delete($s3ql, 'display'); } $target = $s3ql['from']; $letter = strtoupper(substr($s3ql['from'], 0, 1)); $table = strval($target); $element = $target; $cols = $GLOBALS['dbstruct'][$target]; $element_id = $s3ql['where'][$GLOBALS['s3ids'][$element]]; if ($table != '' && !in_array($table, array_keys($GLOBALS['dbstruct']))) { return formatReturn($GLOBALS['error_codes']['not_a_query'], 'Not a valid query.', '', $s3ql['format']); } #manage data in select #echo '<pre>';print_r($s3ql); #array_keys contains the things to replace and array_values the replacements if ($s3ql['select'] != '' && $s3ql['select'] != '*') { $s3ql_out = ereg_replace(' ', '', $s3ql['select']); #take out all the spaces $returnFields = explode(',', $s3ql_out); if (!ereg($GLOBALS['s3ids'][$element], $s3ql['select'])) { if (ereg('count|max|min', $s3ql['select'])) { $SQLfun = ereg_replace("\\(.*\\)", "", $select); $SQLfun = ereg_replace("count as count", "count", $SQLfun); $s3ql['select'] = '*'; } else { $s3ql['select'] .= ',' . $GLOBALS['s3ids'][$element]; } } ##Because of the new code, will also have to add the parent ids to the query #$parents = $GLOBALS['inherit'][$GLOBALS['s3ids'][$element]]; $parents = $GLOBALS['inherit'][$GLOBALS['COREids'][$GLOBALS['singulars'][$element]]]; ##duuuhhh if (is_array($parents)) { foreach ($parents as $p) { if (!in_array($p, $returnFields)) { $s3ql['select'] .= ',' . str_replace($toreplace, $replacements, $p); } } } } else { $s3ql['select'] = '*'; } #echo $s3ql['select'];exit; #echo '<pre>';print_r($s3ql);exit; $toreplace = array_keys($GLOBALS['s3map'][$target]); $replacements = array_values($GLOBALS['s3map'][$target]); #to replace query str with replacements, remove the spaces and explode by commas $select = explode(',', str_replace(' ', '', $s3ql['select'])); foreach ($select as $s_key => $str_select) { if (in_array($str_select, $toreplace)) { $select[$s_key] = $replacements[array_search($str_select, $toreplace)]; } } #echo '<pre>';print_r($select);exit; $s3ql['select'] = implode(',', array_unique($select)); #$s3ql['select'] = str_replace($toreplace, $replacements, $s3ql['select']); #echo '<pre>';print_r($s3ql['select']); $select = urldecode($s3ql['select']); $select = eregi_replace('uid', $GLOBALS['s3ids'][$element] . ' as uid', $select); $select = eregi_replace('uri', $GLOBALS['s3ids'][$element] . ' as uri', $select); $select = eregi_replace('(,).*permissionOnResource', '', $select); #echo $P['out'].$P['SQLfun']; if ($select == $SQLfun) { $SQLfun = ''; } #$s3ql_where_keys = str_replace(array('item_id', 'collection_id'), array('instance_id', 'class_id'), array_keys($s3ql['where'])); #$s3ql['where'] = array_combine($s3ql_where_keys, $s3ql['where']); #transofrmt s3ql and get the return Fields $tranformed = S3QLselectTransform(compact('s3ql', 'db', 'user_id')); extract($tranformed); #anything that is queried must also go come out in the select if ($s3ql['where'] && $select != '*') { foreach ($s3ql['where'] as $more_outputs => $more_value) { if (!substr($select, $more_outputs)) { $select .= "," . str_replace($toreplace, $replacements, $more_outputs); } } } ##for statements, select must find file_name a well so that it is transofmred into a link if ($letter == 'S' && !ereg('file_name', $select)) { $select .= ',file_name'; } $s3ql['select'] = $select; if ($timer) { $timer->setMarker('queryInterpreted'); } #If there is any sort of S3 UID in the query, check its score when compared to the from $score = array('D' => '7', 'G' => '6', 'U' => '5', 'P' => '4', 'C' => '3', 'R' => '3', 'I' => '2', 'S' => '1'); $fromScore = $score[strtoupper(substr($target, 0, 1))]; $s3Ids = array_merge($GLOBALS['COREids'], array('rulelog' => 'rule_id', 'statementlog' => 'statement_id')); #echo '<pre>';print_r($s3ql); $shared_with_query = array(); foreach ($s3Ids as $COREelement => $COREelement_id) { if ($s3ql['where'][$COREelement_id] != '' && !ereg('^~|regexp', $s3ql['where'][$COREelement_id])) { $id_name = $COREelement_id; $id_letter = strtoupper(substr($id_name, 0, 1)); $whereScore[strtoupper(substr($id_name, 0, 1)) . $s3ql['where'][$COREelement_id]] = $score[strtoupper(substr($id_name, 0, 1))]; #when idNameScore is < $fromScore, then we know: we are trying to query all resources that can view another particular resource (for example,all users that can view project x #echo $id_name;exit; $uid = strtoupper(substr($COREelement, 0, 1)) . $s3ql['where'][$COREelement_id]; $uid_info = uid($uid); #Use URIinfo to find all data about this resource $element_info = URIinfo($uid, $user_id, $key, $db, $timer); $WhereInfo[$uid_info['uid']] = $element_info; if (!is_array($element_info)) { return formatReturn($GLOBALS['error_codes']['something_does_not_exist'], $uid . ' does not exist', $s3ql['format'], ''); exit; } elseif ($id_letter != strtoupper(substr($element, 0, 1))) { ##Shared_with is any UID that can eb shared with any of the elements being requested (for example, Collection_id is shared_with Project, but Project_id is not shared with Project array_push($shared_with_query, $uid); #do permissions on this uid propagate? #echo '<pre>';print_r($whereScore);exit; } else { $self_id = $s3ql['where'][$COREelement_id]; if (!$element_info['view']) { return formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission on ' . $uid, $s3ql['format'], ''); exit; } } } } #echo '<pre>';print_r($WhereInfo);exit; if ($self_id != '') { $data[0] = $element_info; if (ereg('^(U|G)$', $letter) && count($WhereInfo) == 2) { $whereId = array_diff(array_keys($WhereInfo), array($letter . $self_id)); $D = array('shared_with' => $letter . $self_id, 'uid' => $whereId[0], 'strictsharedwith' => 1, 'strictuid' => 1, 'db' => $db, 'user_id' => $user_id, 'stream' => 'upstream', 'timer' => $timer); ##Look for shared_with in uid instead of uid in shared_with #echo 'ola';exit; #$data[0]['permissionOnResource']=permission4Resource($D); $p = array('shared_with' => $letter . $self_id, 'uid' => $whereId[0]); $hasP = has_permission($p, $db); $effective_permission_resource = permission4resource(array('user_id' => $self_id, 'shared_with' => $letter . $self_id, 'db' => $db, 'uid' => $whereId[0], 'strictsharedwith' => 1, 'strictuid' => 1, 'timer' => $timer, 'toFindInfo' => $WhereInfo[$whereId[0]])); if ($hasP || $effective_permission_resource != '') { $data[0]['permissionOnResource'] = $effective_permission_resource; $data[0]['assigned_permissionOnEntity'] = $hasP != "" ? $hasP : '---'; $data[0]['effective_permissionOnEntity'] = $effective_permission_resource; } else { return array(); } } } else { #echo 'ola';exit; #start building the query: $user_query = "select " . $select . " from s3db_" . $GLOBALS['s3tables'][$table]; if (!user_is_admin($user_id, $db)) { $cols = array_diff($cols, array('account_pwd', 'account_phone', 'account_email', 'project_folder')); } #remove a few cols from query if ($timer) { $timer->setMarker('user is admin check'); } #echo $user_id;exit; ## echo $user_query;exit; #now add some constrains necessary due to the type of resource if (!(user_is_admin($user_id, $db) && $s3ql['where']['status'] == 'I')) { if (ereg('projects|classes|instances|rules|statements', $target)) { $status = "status!='I' and "; } } $user_query_const .= " where " . $status . $GLOBALS['s3ids'][$target] . "!='0'"; ### #Filter query according to the element being requested $user_query_const .= filterByElement($s3ql, $user_id, $db); if ($user_query_const) { $user_query .= $user_query_const; } else { exit; } if ($timer) { $timer->setMarker('query filter'); } if ($shared && !empty($shared_with_query) && strtoupper(substr($target, 0, 1)) != 'U') { #the "shared with" are the upstream resources being queried. These may or not be in the permissions table (if the are remote). This basically finds not only elements that were created within a certain uid (for example Ix of Cx), but those that were later shared with that uid (for example Iy created within Cy but later shared with Iy) $uidQuery = simpleQueryUID($shared_with_query, $element, $db); if ($uidQuery) { extract($uidQuery); if (!ereg('G', $letter)) { #query groups has a special syntax, it is already included in the query $user_query .= $finalUID; } ##IS IT INCREASING THE QUERY TIME ABSURDELLY? } #else { #Go on with the regular query # return formatReturn($GLOBALS['error_codes']['no_results'], 'Your query on '.$target.' did not return any results', $format,''); # } if ($timer) { $timer->setMarker('Query to find shared UID'); } } #now constrainthe query to resources that user cann access. Check for inherited permissions and direct permissions. Project is connected to deployment, rule and class to project, and so on. (see S3DB third report for the schema) #Fetch the cols of what is to be returned. Check for SqL functions. This will only affect the output if ($s3ql['select'] != '') { $out = urldecode($s3ql['select']); $SQLfun = ereg_replace("\\(.*\\)", "", $out); $SQLfun = ereg_replace("count as count", "count", $SQLfun); $P['out'] . $P['SQLfun']; if ($out == $SQLfun) { $SQLfun = ''; } else { $extracol = $out; } } #echo $SQLfun; #Extract from the s3ql the value that are part of the syntax and assume the rest are the SQL extras (limit, creted_by, etc) $syntax = array('key', 'select', 'from', 'where', 'format'); foreach ($s3ql as $i => $value) { if (!in_array($i, $syntax) && $value != '') { $SQLextra[$i] = ' ' . ereg_replace('_', ' ', $i) . ' ' . $value; } } #echo '<pre>';print_r($SQLextra);exit; #if there is orderby, move to the beginnign of the array if ($SQLextra['order_by'] != '') { $SQLextra = array_merge(array('order_by' => $SQLextra['order_by']), $SQLextra); } if (is_array($SQLextra)) { foreach ($SQLextra as $key => $value) { $query_extra .= $value; } } #Put in $P the values of what is queried, add to cols, if not already there, whatever is queried. Check if there are regular expressions anywhere. equalit will be replace by the regular expression $cols = $GLOBALS['dbstruct'][$table]; foreach ($cols as $col) { if ($s3ql['where'][$col] != '') { if (!in_array($col, $GLOBALS['COREids']) && $col != $GLOBALS['COREids'][$element]) { $user_query_fields .= ' and ' . $col . ' ' . parse_regexp($s3ql['where'][$col]); } $P[$col] = parse_regexp($s3ql['where'][$col]); } } #when the default query is performed, that is, not shared ids are requested, the query is faster is core_id are added if (!$shared) { if (is_array($s3ql['where']) && !empty($s3ql['where'])) { foreach ($s3ql['where'] as $q_field => $q_value) { if (in_array($q_field, $GLOBALS['COREids']) || $q_field == $GLOBALS['COREids'][$element]) { $sql_col = str_replace($toreplace, $replacements, $q_field); if (!ereg('U|G', $letter)) { ## Users and groups do not have the reousrce in the users table $user_query_fields .= ' and ' . $sql_col . ' ' . parse_regexp($q_value); } else { #Because users queries do not include the parent_id in the talbe itself, they will involve a query in perm table #$u_uid=letter($q_field).$q_value; } } } } } #glue them together. $user_query .= $user_query_fields . $query_extra; if ($timer) { $timer->setMarker('done building query'); } ###Finally perform the query on whatever table is specified #$user_query = "select * from s3db_resource where resource_class_id = '389';"; #if($_REQUEST['su3d']){ #echo $user_query; #$timer->display(); #exit; #} ##run it #complete query on LOCAL resources $db->query($user_query, __LINE__, __FILE__); $dbdata = get_object_vars($db); if ($timer) { $timer->setMarker('done with query'); } if ($dbdata['Errno'] != '0') { return formatReturn($GLOBALS['error_codes']['something_went_wrong'], $dbdata['Error'], $format, ''); } #put it in a nice structured variable $cols = $GLOBALS['dbstruct'][$target]; if (is_array($returnFields) && $extracol == '') { $cols = array_unique(array_merge($cols, $returnFields)); } #echo '<pre>';print_r($cols); while ($db->next_record()) { #echo '<pre>';print_r($db); $resultStr .= "\$data[] = Array("; if ($extracol != '') { $resultStr .= "'" . $extracol . "'=>'" . $db->f($SQLfun) . "',"; } foreach ($cols as $col) { $resultStr .= "'" . $col . "'=>'" . addslashes($db->f($col)) . "'"; if ($col != end($cols)) { $resultStr .= ","; } if ($col == $GLOBALS['s3ids'][$target]) { $retrieved['ids_str'] .= $retrieved['ids_str'] == '' ? $db->f($col) : '|' . $db->f($col); } } $resultStr .= ");"; } #echo $resultStr; #evaluate the long string eval($resultStr); if (is_array($data)) { $data = array_filter($data); } if ($timer) { $timer->setMarker('query results captured'); } #more often than not, a query is made that retrieves all rules/collection data; this data can be reused for permission migration if ($user_query_fields == "" && $SQLextra == "") { $all_data[letter($target)] = $data; } #BEFORE outputting data, are there any remote resources where the user is allowed? $ucode = strtoupper(substr($element, 0, 1)); $ucode_and_id = $ucode . $element_id; ##Added ability to search locally on april 15 2008 to optimize queries ###Added ability to seeek permissions from file on jan 12 2009 to speed permissiosn query if (!ereg('users|groups|projects|keys|rulelog|statementlog|permission', $s3ql['from']) && !ereg('true|1', $s3ql['where']['local'])) { #REMOTE USERS< GROUPS< PROJECTS ARE INSERTED INTO DEPLOYMENT,M NO NEED TO FIND THEM AGAIN ##Added ability to search locally on april 15 to optimize queries ###Added ability to seeek permissions from file on jan 12 2009 to speed permissiosn query list($remoteIDS, $local_not_native) = remotePermissions(compact('s3ql', 'self_id', 'uidQuery', 'permissionsQuery', 'user_id', 'db', 'timer', 'shared_with_query', 'user_self_query', 'letter')); if ($timer) { $timer->setMarker('remote permisions queried'); } ##NOTE: Local_not_native data need to be retrieve as well if (is_array($remoteIDS) && !empty($remoteIDS)) { foreach ($remoteIDS as $rem_id) { #$rem_uid = substr($rem_id['uid'],1,strlen($rem_id['uid'])); $rem_uid = $rem_id['uid']; $rem_resource_data = URIinfo($rem_uid, $user_id, $s3ql['key'], $db); #echo '<pre>';print_r($rem_resource_data);exit; if (is_array($rem_resource_data)) { $rem_resource_data['shared_with'] = $rem_id['shared_with']; $rem_resource_data['uid'] = $rem_id['uid']; $rem_resource_data['permission_level'] = $rem_id['permission_level']; } #echo '<pre>';print_r($rem_resource_data);exit; #concatenate them in the results; THIS SHOWS ONLY REMOTE RESOURCES THAT ARE AVAILABLE AT THE MOMENT! if (is_array($s3ql['where'])) { foreach ($s3ql['where'] as $query_field => $query_value) { if ($query_value != $rem_resource_data[$query_field]) { if (!in_array($query_field, $GLOBALS['COREids'])) { $rem_resource_data = array(); } } } } if (is_array($data) && is_array($rem_resource_data)) { array_push($data, $rem_resource_data); } elseif (is_array($rem_resource_data) && !empty($rem_resource_data)) { $data[] = $rem_resource_data; } } if ($timer) { $timer->setMarker('Remote data retrieved'); } } } if (is_array($data)) { $data = array_filter($data); } #now we're ready to display the data $pack = compact('data', 'whereScore', 'WhereInfo', 'fromScore', 's3ql', 'key', 'target', 'db', 'user_id', 'cols', 'returnFields', 's3ql_out', 'target', 'uidQuery', 'timer', 'shared_with_query', 'all_data', 'letter', 'model'); if (!ereg('keys|accesslog|rulelog|statementlog|permission', $s3ql['from'])) { $data = includeAllData($pack); } } ##if complete was requested, let's retrieve every link and distribute accordingly rather that querying by uid, would would take much longer if ($complete) { $alluid = array(); foreach ($data as $kuid => $data_info) { array_push($alluid, $letter . $data_info[$GLOBALS['s3ids'][$element]]); } include_once S3DB_SERVER_ROOT . '/s3dbcore/dictionary.php'; $s3qlL = compact('user_id', 'db'); $s3qlL['from'] = 'links'; $formatL = 'array'; $links = query_user_dictionaries($s3qlL, $db, $user_id, $formatL); if (is_array($links) && !empty($links)) { foreach ($links as $moreData) { if ($moreData['uid'] != '') { $foundIt = array_search($moreData['uid'], $alluid); if ($foundIt) { $data[$foundIt]['links'][$moreData['relation']] = $moreData['value']; } #$data[$moreData['uid']]['links'][$moreData['relation']]=$moreData['value']; } } } if ($timer) { $timer->setMarker('Dictionary data included!'); } } if (is_array($data) && !empty($data)) { $data = array_combine(range(0, count($data) - 1), $data); return $data; } else { #$emptycols = array(array_combine($cols, array_fill(1,count($cols), ''))); #echo '<pre>';print_r($emptycols);exit; return array(); #return formatReturn($GLOBALS['error_codes']['no_results'], 'Your query returned no results', $format,''); } }
exit; } #Get the key, send it to check validity $key = $_GET['key']; include_once 'core.header.php'; if ($key) { $user_id = get_entry('access_keys', 'account_id', 'key_id', $key, $db); } else { $user_id = $_SESSION['user']['account_id']; } $class_id = $_REQUEST['class_id'] != '' ? $_REQUEST['class_id'] : ($_REQUEST['collection_id'] != '' ? $_REQUEST['collection_id'] : $_REQUEST['entity_id']); $uid = 'C' . $class_id; $element = 'class'; #Universal variables $uid_info = uid($class_id); $resource_info = URIinfo($uid, $user_id, $key, $db); $class_info = $resource_info; $rule_id = $resource_info['rule_id']; if ($_REQUEST['orderBy']) { $SQLextra['order_by'] = ' order by ' . $_REQUEST['orderBy'] . ' ' . $_REQUEST['direction']; } #Define the outgoing links there are going to exist in this page $s3ql = compact('user_id', 'db'); $s3ql['from'] = 'users'; $s3ql['where']['class_id'] = $class_id; $users = S3QLaction($s3ql); $aclGrid = aclGrid(compact('user_id', 'db', 'users')); $s3ql = compact('db', 'user_id'); $s3ql['from'] = 'rules'; $s3ql['where']['subject_id'] = $class_id; $s3ql['where']['object'] = "!='UID'";
include 'adminheader.php'; $section_num = '2'; $website_title = $GLOBALS['s3db_info']['server']['site_title'] . ' - Edit Profile'; #if(!$_SESSION['db']){ //"How old is this key?"; #$sql = "select expires,created from s3db_access_keys where key_id='".$key."' and expires>='".date('Y-m-d H:i:s')."'"; #$db->query($sql); #if($db->next_record()){ #$expires = $db->f('expires'); #$created = $db->f('created_on'); #} #echo (strtotime($expires)-strtotime($created));exit; #} #echo '<pre>';print_r($useredited);exit; #$useredited = s3info('user', $id, $db); $useredited = URIinfo('U' . $id, $user_id, $key, $db); $account_id = $id; $imp_user_id = $id; $account_addr_id = $useredited['account_addr_id']; #find the groups where user belongs - the only one he can edit $s3ql = compact('user_id', 'db'); $s3ql['select'] = '*'; $s3ql['from'] = 'groups'; $s3ql['where']['user_id'] = $user_id; $admin_groups = S3QLaction($s3ql); $admin_groups_ids = grab_id('group', $admin_groups); #add admin group to the list of groups. if ($user_id == '1') { $mainGroup = array('groupname' => 'Admin', 'group_id' => '1'); if (is_array($admin_groups) && !empty($admin_groups)) { array_push($admin_groups, array(0 => $mainGroup));
$s3ql['from'] = 'collections'; $s3ql['order_by'] = 'entity'; $allclasses = S3QLaction($s3ql); $object_select .= '<select name = "object_id" onChange="window.location=this.options[this.selectedIndex].value">'; if (is_array($classes)) { foreach ($allclasses as $class_info) { $object_select .= '<option value="#' . $class_info['class_id'] . '">' . $class_info['entity'] . ' (C' . $class_info['class_id'] . ')</option>'; } } $object_select .= '<option value="' . str_replace(array('literal_object=0', 'class_object=1'), array('', ''), $action['inspectrules']) . '&literal_object=1">(New)</option>'; $object_select .= '<option value="' . str_replace(array('literal_object=1'), array(''), $action['inspectrules']) . '&any_class=1">(View all collections)</option>'; $object_select .= '<option value="' . str_replace(array('&any_class=1'), array('&any_class=0'), $action['inspectrules']) . '">(View only project collections)</option>'; $object_select .= '</select>'; } else { if ($_REQUEST['rule_id']) { $rule_info = URIinfo('R' . $_REQUEST['rule_id'], $user_id, $key, $db); $selected = array('class_id' => $rule_info['object_id'], 'entity' => $rule_info['object']); } $object_select .= objectInputSelect(compact('classes', 'user_id', 'db', 'selected')); } ?> <script type="text/javascript"> function verbSelected() { var verb_id = document.getElementById('verb_id'); var selected = verb_id.options[verb_id.selectedIndex].value; if (selected=='new') { document.getElementById('verb_holder').innerHTML = '<input type="text" name="verb" id="verb"><input type="button" name="edit_item_verb" value="Choose from Items" onClick="window.location=window.location.href.replace(\'literal_verb=1\',\'\').replace(\'item_verb=0\',\'\')">'; }
function display_option($C) { extract($C); #echo '<pre>';print_r($cells); $action = $GLOBALS['webaction']; $tablecells .= ''; $tablecells .= '<form name = "importform" action = "' . $action['excelimport'] . '" method="POST">'; $tablecells .= "<table width='100%'><tr bgcolor=lightyellow><td>3. Select fields to be updated</td></tr></table>"; $tablecells .= "<TABLE border=1>"; $tablecells .= "<TR>"; #start the row where the rule are displayed #echo '<pre>';print_r($cells);exit; foreach ($cells['rules'] as $col => $rules) { if ($col == 0) { $tablecells .= '<TD><BR>UID<BR><br>'; $tablecells .= '<input type="button" value="Check all" name="fieldcheck' . $col . '" onClick="this.value=check_rule(' . $col . ')" checked><BR></TD>'; } elseif ($col == 1) { $tablecells .= '<TD>'; $tablecells .= 'Notes'; $tablecells .= '<BR><br><br><input type="button" value="Check all" "fieldcheck' . $col . '" onClick="this.value=check_rule(' . $col . ')" checked><BR>'; $tablecells .= '</TD>'; } elseif ($col >= 2) { if (is_array($rules['rule_info'])) { $tablecells .= '<TD>' . $rules['rule_info']['verb'] . '<BR><font color=blue>' . $rules['rule_info']['object'] . '<BR>(rule id ' . $rules['rule_info']['rule_id'] . ')</font><BR><input type="button" value="Check all" name="fieldcheck' . $col . '" onClick="this.value=check_rule(' . $col . ')" checked></TD>'; } else { $tablecells .= '<TD><BR>' . $rules['verb'] . '<BR><font color=red>' . $rules['object'] . '<BR>(rule id NOT FOUND)</font>'; $tablecells .= '<br>'; $tablecells .= 'create rule?'; $tablecells .= '<input type="checkbox" name="newrule_0_' . $col . '" checked>'; $tablecells .= '<input type="button" value="Check all" name="fieldcheck' . $col . '" onClick="this.value=check_rule(' . $col . ')" checked></TD>'; } } } $tablecells .= "</TR>"; foreach ($cells['data'] as $row => $row_data) { $tablecells .= '<TR>'; for ($col = 0; $col < count($cells['rules']); $col++) { if ($col == 0) { $tablecells .= '<TD>'; if ($row_data['UID'] == '') { $tablecells .= '(no UID)'; $tablecells .= '<input type="checkbox" name="newinstance_' . $row . '" id="confirm_me' . $col . '[]" checked>'; } elseif ($row_data['UID'] != '' && !is_array($row_data['instance_info'])) { #so, the instance was not found? $tablecells .= '<font color=red>'; $tablecells .= '(UID not found)'; $tablecells .= '</font>'; $tablecells .= '<br>new?'; $tablecells .= '<input type="checkbox" name="newinstance_' . $row . '" id="confirm_me' . $col . '[]" checked>'; } else { $tablecells .= instanceButton($row_data['instance_info']); $tablecells .= '<input type="checkbox" name="confirminstance_' . $row . '" id="confirm_me' . $col . '[]" checked>'; } $tablecells .= '</TD>'; } elseif ($col == 1) { $tablecells .= '<TD>'; if (!is_array($row_data['instance_info']) && $row_data[1] == '') { #no a ,no b $tablecells .= '(notes empty)'; } elseif ($row_data[1] != '' && !is_array($row_data['instance_info'])) { #a but no b $tablecells .= $row_data[1]; $tablecells .= '<input type="checkbox" name="confirmnotes_' . $row . '" id="confirm_me' . $col . '[]" checked>'; } elseif ($row_data[1] == '' && is_array($row_data['instance_info']) && $row_data['instance_info']['notes'] != '') { #b but no a $tablecells .= 'old:' . $row_data['instance_info']['notes'] . '<br>'; $tablecells .= 'new: (empty)<br>'; if ($row_data['instance_info']['add_data']) { $tablecells .= '<font color=red>'; $tablecells .= 'delete?'; $tablecells .= '</font>'; $tablecells .= '<input type="checkbox" name="confirmnotes_' . $row . '" value="editnotes_' . $row_data['instance_info']['resource_id'] . '" id="confirm_me' . $col . '[]" checked>'; } else { #uh ho, you're not allowed! $tablecells .= '<font color=red>'; $tablecells .= 'User is not allowed to change instance_id ' . $row_data['instance_info']['resource_id']; $tablecells .= '</font>'; } } elseif ($row_data[1] != '' && is_array($row_data['instance_info']) && $row_data['instance_info']['notes'] == $row_data[1]) { #a==b #this is an intance where notes were NOT modified $tablecells .= $row_data[1]; $tablecells .= '<br>'; $tablecells .= '<font color=navy>'; $tablecells .= '(no change)'; $tablecells .= '</font>'; } elseif ($row_data[1] != '' && is_array($row_data['instance_info']) && $row_data[1] != $row_data['instance_info']['notes']) { #a!=b this is an intance where notes were modified $tablecells .= 'old:' . $row_data['instance_info']['notes'] . '<br>'; if ($row_data['instance_info']['add_data']) { $tablecells .= '<font color=DarkGreen>'; $tablecells .= 'new:' . $row_data[1] . ''; $tablecells .= '</font>'; $tablecells .= '<br>edit?'; $tablecells .= '<input type="checkbox" name="confirmnotes_' . $row . '" value="editnotes_' . $row_data['instance_info']['resource_id'] . '" id="confirm_me' . $col . '[]" checked>'; } else { $tablecells .= '<font color=red>'; $tablecells .= 'User is not allowed to change instance_id ' . $row_data['instance_info']['resource_id']; $tablecells .= '</font>'; } } $tablecells .= '</TD>'; } elseif ($col >= 2) { $tablecells .= '<TD>'; $statement_info = $row_data[$col]['statement_info']; #if ($rules['rule_info']['rule_id']=='') {#no rule #$tablecells .='(Data will NOT be imported)'; #} #else if ($statement_info['value'] == '' && $row_data[$col]['newvalue'] == '') { $tablecells .= ''; } elseif ($row_data[$col]['newvalue'] != '' && empty($statement_info['value'])) { #a but not b this means nothing was there, no checking required except for rule if (!is_array($cells['rules'][$col]['rule_info'])) { $tablecells .= $row_data[$col]['newvalue']; } elseif ($cells['rules'][$col]['rule_info']['object_id'] == '') { $tablecells .= $row_data[$col]['newvalue']; } else { $IN_instance_info = s3info('instance', $row_data[$col]['newvalue'], $db); if (!is_array($IN_instance_info)) { $tablecells .= '<font color=red>'; $tablecells .= '(UID ' . $row_data[$col]['newvalue'] . ' not found)'; $tablecells .= '<br>'; $tablecells .= 'Please insert a valid resource'; $tablecells .= '</font>'; $tablecells .= get_rule_drop_down_menu(array('select_name' => 'selectstatement_' . $row . '_' . $col, 'rule_info' => $cells['rules'][$col]['rule_info'], 'db' => $db, 'user_id' => $user_id, 'project_id' => $project_id, 'instance_id' => $row_data['instance_info']['resource_id'])); } else { #object is a resource and instance was found $tablecells .= instanceButton($IN_instance_info); } } $tablecells .= '<br>'; $tablecells .= '<input type="checkbox" name="insertstatement_' . $row . '_' . $col . '" value="insertstatement_' . $row_data['instance_info']['resource_id'] . '_' . $rule_id . '" id="confirm_me' . $col . '[]" checked>'; } elseif ($row_data[$col]['newvalue'] == '' && is_array($statement_info) && $statement_info['value'] != '') { #b but not a #here is something being deleted if ($statement_info['change']) { if ($statement_info['file_name'] != '') { $tablecells .= '<font color=red>'; $tablecells .= '(statement contains a file, please change it in the interface)<br /><a href=# onClick="window.open(\'' . $action['instance'] . '&instance_id=' . $statement_info['resource_id'] . '\')">Edit</a>'; $tablecells .= '</font>'; } else { if ($cells['rules'][$col]['rule_info']['object_id'] == '') { $tablecells .= 'old: ' . $statement_info['value']; } else { $OUT_instance_info = get_info('instance', $statement_info['value'], $db); $tablecells .= 'old: ' . instanceButton($OUT_instance_info); } $tablecells .= '<br>'; $tablecells .= '<font color=red>'; $tablecells .= 'new: (empty)<br>'; $tablecells .= 'delete?'; $tablecells .= '</font>'; $tablecells .= '<input type="checkbox" name="deletestatement_' . $row . '_' . $col . '" value="deletestatement_' . $row_data['instance_info']['resource_id'] . '_' . $rule_id . '" id="confirm_me' . $col . '[]">'; } } else { $tablecells .= 'old: ' . $statement_info['value']; $tablecells .= '<font color=red>'; $tablecells .= 'User does not have permission to delete statement_id ' . $statement_info['statement_id'] . '!!'; $tablecells .= '</font>'; } } elseif ($row_data[$col]['newvalue'] != '' && is_array($statement_info) && $statement_info['value'] == $row_data[$col]['newvalue']) { #a==b nothing to change if ($cells['rules'][$col]['rule_info']['object_id'] == '') { $tablecells .= $statement_info['value']; } else { $OUT_instance_info = get_info('instance', $statement_info['value'], $db); $tablecells .= instanceButton($OUT_instance_info); } $tablecells .= '<font color=navy>'; $tablecells .= '<br>'; $tablecells .= '(no change)'; $tablecells .= '</font>'; } elseif ($row_data[$col]['newvalue'] != '' && is_array($statement_info) && $statement_info['value'] != '' && $statement_info['value'] != $row_data[$col]['newvalue']) { #a!=b if ($statement_info['change']) { if ($statement_info['file_name'] != '') { $tablecells .= '<font color=red>'; $tablecells .= '(statement contains a file, please change it in the interface)<br /><a href=# onClick="window.open(\'' . $action['instance'] . '&instance_id=' . $statement_info['resource_id'] . '\')">Edit</a>'; $tablecells .= '</font>'; } else { if ($cells['rules'][$col]['rule_info']['object_id'] == '') { $tablecells .= 'old: ' . $statement_info['value']; $tablecells .= '<br>'; $tablecells .= 'new: ' . $row_data[$col]['newvalue']; } else { $OLD_instance_info = URIinfo('I' . $statement_info['value'], $user_id, $key, $db); $NEW_instance_info = URIinfo('I' . $row_data[$col]['newvalue'], $user_id, $key, $db); $tablecells .= 'old: ' . instanceButton($OLD_instance_info); $tablecells .= '<br>'; if (!is_array($NEW_instance_info)) { $tablecells .= '<font color=red>'; $tablecells .= '(UID ' . $row_data[$col]['newvalue'] . ' not found)'; $tablecells .= '<br>'; $tablecells .= 'Please insert a valid resource'; $tablecells .= '</font>'; $tablecells .= get_rule_drop_down_menu(array('select_name' => 'selectstatement_' . $row . '_' . $col, 'rule_info' => $cells['rules'][$col]['rule_info'], 'db' => $db, 'user_id' => $user_id, 'project_id' => $project_id, 'instance_id' => $row_data['instance_info']['resource_id'])); } else { $NEW_instance_info = URIinfo('I' . $row_data[$col]['newvalue'], $user_id, $key, $db); $tablecells .= 'new: ' . instanceButton($NEW_instance_info); } } $tablecells .= '<br>'; $tablecells .= '<font color=DarkGreen>'; $tablecells .= 'edit?'; $tablecells .= '</font>'; $tablecells .= '<input type="checkbox" name="editstatement_' . $row . '_' . $col . '" value="editstatement_' . $row_data['instance_info']['resource_id'] . '_' . $rule_id . '" id="confirm_me' . $col . '[]" checked>'; } } else { $tablecells .= 'old: ' . $statement_info['value']; $tablecells .= '<font color=red>'; $tablecells .= 'User does not have permission to delete statement_id ' . $statement_info['statement_id'] . '!!'; $tablecells .= '</font>'; } } $tablecells .= '</TD>'; } } $tablecells .= '</TR>'; } $tablecells .= '<input type="submit" name="InsertinDB" value="Import ' . $resource_info['entity'] . '"><BR>'; $tablecells .= '</table>'; return $tablecells; }
function create_project_set($P) { extract($P); $Puid = 'P' . $project_id; $project_data = URIinfo($Puid, $user_id, '', $db); $node_set_str .= sprintf("\t%s\n", '<PROJECT>'); $node_set_str .= sprintf("\t%s\n", '<ID>' . urlencode($project_data['project_id']) . '</ID>'); $node_set_str .= sprintf("\t%s\n", '<NAME>' . urlencode($project_data['project_name']) . '</NAME>'); $node_set_str .= sprintf("\t%s\n", '<DESCRIPTION>' . urlencode($project_data['project_description']) . '</DESCRIPTION>'); #$node_set_str .= sprintf("\t%s\n", '<TOTAL_RESOURCES>'.$nr_of_resources.'</TOTAL_RESOURCES>'); $node_set_str .= create_resource_nodes($P); $node_set_str .= sprintf("\t%s\n", '</PROJECT>'); return $node_set_str; }
function rootIDinfo($s3idNames, $REQUESTdat, $argv, $user_id, $key, $db) { if (!in_array('uid', array_keys($REQUESTdat))) { $specified_id = array_intersect($s3idNames, array_keys($REQUESTdat)); } else { $specified_id = $GLOBALS['COREletterInv'][letter($REQUESTdat['uid'])]; } #echo '<pre>';print_r($REQUESTdat);exit; if (count($specified_id) != '1') { if (is_array($argv)) { $inData = array_diff($argv, array($key, 'rdf.php')); } if (is_array($inData)) { foreach ($inData as $key => $value) { list($idname[], $id[]) = explode('=', $value); } $specified_id = array_intersect($s3idNames, $idname); } if (count($specified_id) != '1') { echo $GLOBALS['messages']['something_missing'] . "<message>Please specify 1 and only 1 id for the root of the ontology</message>"; exit; } else { $inData = array_combine($idname, $id); $rootID = $id[0]; $specified_id = $idname[0]; } } else { $inData = $REQUESTdat; $specified_id = array_combine(array('0'), $specified_id); $specified_id = $specified_id[0]; $rootID = $REQUESTdat[$specified_id]; if ($rootID == '') { $rootID = ereg_replace('^' . letter($REQUESTdat['uid']), '', $REQUESTdat['uid']); $specified_id = $GLOBALS['COREletterInv'][letter($REQUESTdat['uid'])]; } } $specified_id_type = array_search($specified_id, $s3idNames); $letter = strtoupper(substr($specified_id, 0, 1)); $specified_id_info = URIinfo($letter . $rootID, $user_id, $key, $db); return compact('letter', 'specified_id', 'specified_id_type', 'specified_id_info', 'inData', 'rootID'); }
function create_tree_items($tree_items_file, $othervars) { extract($othervars); $deployment_info = URIinfo('D' . $GLOBALS['Did'], $user_id, $key, $db); #Change the struct for project #wait for allprojects.php to retrieve all the projects first and put them on session :-) $s3ql['db'] = $db; $s3ql['user_id'] = $user_id; $s3ql['from'] = 'projects'; $s3ql['order_by'] = 'project_id asc'; #echo '<pre>';print_r($s3ql); $projects = S3QLaction($s3ql); #echo '<pre>';print_r($projects); $treeitem .= sprintf("%s\n", "var TREE_ITEMS = [ ['Projects', '" . $action['listprojects'] . "',"); #print_r ($project_resources); if (is_array($projects)) { foreach ($projects as $project_info) { #$acl = find_final_acl($user_id, $project_info['project_id'], $db); $treeitem .= sprintf("%s\n", "['" . addslashes(urldecode($project_info['project_name'])) . "', '" . $action['project'] . "&project_id=" . $project_info['project_id'] . "',"); #open the project #Create the tree node for each shared resource if (is_array($_SESSION[$user_id]['resources'][$project_info['project_id']])) { $classes = $_SESSION[$user_id]['resources'][$project_info['project_id']]; } else { $s3ql = compact('user_id', 'db'); $s3ql['select'] = '*'; $s3ql['from'] = 'collections'; $s3ql['where']['project_id'] = $project_info['project_id']; $classes = S3QLaction($s3ql); #echo $project_info['project_id'];echo '<pre>';print_r($classes); #$classes = S3QLaction($s3ql); } #echo '<pre>';print_r($classes); if (is_array($classes)) { /*$s3ql=compact('user_id','db'); $s3ql['select']='*'; $s3ql['from'] = 'rules'; $s3ql['where']['project_id'] = $project_info['project_id']; #$s3ql['where']['object']="!='UID'"; $rules = S3QLaction($s3ql); #echo '<pre>';print_r($rules); #separate the rules per subject foreach ($rules as $rule_info) { if($rule_info['object']!='UID') $subject_rules['C'.$rule_info['subject_id']][] = $rule_info; } */ #echo '<pre>';print_r($subject_rules);exit; foreach ($classes as $resource_info) { #$rule_id = get_rule_id_by_entity_id($resource_info['resource_id'], $resource_info['project_id'], $db); $treeitem .= sprintf("%s\n", "\t['" . addslashes(urldecode($resource_info['entity'])) . "', '" . $action['resource'] . "&project_id=" . $project_info['project_id'] . "&class_id=" . $resource_info['resource_id'] . "&rule_id=" . $rule_id . "',"); #open the resource #List the rules for each shared resource $rules = $subject_rules['C' . $resource_info['class_id']]; #Make the node for each rule /* if (is_array($rules)) {foreach ($rules as $rule_info) {$treeitem .= " ['".addslashes(urldecode($rule_info['verb']))."<B>|</B>".addslashes(urldecode($rule_info['object']))."', '".$action['querypage']."&project_id=".$project_info['project_id']."&class_id=".$resource_info['resource_id']."&rule_id=".$rule_info['rule_id']."'";#open the verb|object $treeitem .= sprintf("%s\n", "],"); #close the verb|object } } #Make a node for new rule */ if ($resource_info['view']) { $treeitem .= "\t\t['<I>[Query " . addslashes(urldecode($resource_info['entity'])) . "]</I>', '" . $action['querypage'] . "&class_id=" . $resource_info['resource_id'] . "&project_id=" . $project_info['project_id'] . "'"; #query page for class $treeitem .= sprintf("%s\n", "],"); $treeitem .= "\t\t['<I>[List all " . addslashes(urldecode($resource_info['entity'])) . "]</I>', '" . $action['querypage'] . "&class_id=" . $resource_info['resource_id'] . "&project_id=" . $project_info['project_id'] . "&listall=yes'"; #list instances $treeitem .= sprintf("%s\n", "],"); } if ($resource_info['add_data']) { $treeitem .= "\t\t['<I>[Add " . addslashes(urldecode($resource_info['entity'])) . "]</I>', '" . $action['insertinstance'] . "&class_id=" . $resource_info['resource_id'] . "&project_id=" . $project_info['project_id'] . "'"; #add instance $treeitem .= sprintf("%s\n", "],"); $treeitem .= "\t\t['<I>[Add rule]</I>', '" . $action['createrule'] . "&project_id=" . $project_info['project_id'] . "&class_id=" . $resource_info['resource_id'] . "&rule_id=" . $rule_id . "'"; #open the verb|object $treeitem .= sprintf("%s\n", "],"); #close the verb|object } $treeitem .= sprintf("%s\n", "\t],"); #close the shared resource #Create a node for new resource } } if ($project_info['add_data']) { $treeitem .= sprintf("%s\n", "\t['[<I>New Collection</I>]', '" . $action['createclass'] . "&project_id=" . $project_info['project_id'] . "',"); #open the resource $treeitem .= sprintf("%s\n", "\t],"); #close the shared resource } $treeitem .= sprintf("%s\n", "],"); #close the project } } #Create a node for new project if ($deployment_info['propagate']) { $treeitem .= sprintf("%s\n", "['[<I>New project</I>]', '" . $action['createproject'] . "',"); #open the project $treeitem .= sprintf("%s\n", "],"); #close the project } $treeitem .= "] ];"; #close the tree return $treeitem; }
function validate_access_key_inputs($I) { if (is_array($I)) { extract($I); } if ($inputs['UID'] != '') { $element_info = URI($inputs['UID'], $user_id, $db); } if ($inputs['user_id'] != '') { $user_info = URIinfo('U' . $inputs['user_id'], $user_id, $key, $db); } if ($inputs['key_id'] == '' || $inputs['expires'] == '') { return 0; } elseif (strlen($inputs['key_id']) < 10) { return 1; } elseif (!ereg("([2-5][0-9][0-9][0-9])-([0-1][0-9])-([0-3][0-9])", $inputs['expires'])) { return 2; } elseif (access_key_exists($inputs['key_id'], $db)) { return 3; } elseif ($inputs['expires'] < date('Y-m-d')) { return 4; } elseif (htmlentities($inputs['key_id']) != $inputs['key_id']) { return 8; } elseif ($inputs['UID'] != '' && !is_array($element_info)) { return 6; } elseif ($inputs['UID'] != '' && $element_info['created_by'] != $user_id) { return 7; } elseif ($inputs['user_id'] != '' && $user_info['created_by'] != $user_id && $user_id != 1) { return 9; } else { return 5; } }
} #just to know where we are... $thisScript = end(explode('/', $_SERVER['SCRIPT_FILENAME'])) . '?' . $_SERVER['argv'][0]; $key = $_GET['key']; #echo '<pre>';print_r($_GET); #Get the key, send it to check validity include_once '../core.header.php'; if ($key) { $user_id = get_entry('access_keys', 'account_id', 'key_id', $key, $db); } else { $user_id = $_SESSION['user']['account_id']; } #Universal variables $instance_id = $_REQUEST['item_id'] != '' ? $_REQUEST['item_id'] : $_REQUEST['instance_id']; if ($instance_id) { $instance_info = URIinfo('I' . $instance_id, $user_id, $key, $db); } #echo '<pre>';print_r($instance_info);exit; if ($instance_id == '') { echo "Please specify a valid item_id"; exit; } else { if (!$instance_info['add_data']) { echo "User cannot add statements in this instance"; exit; } else { #include all the javascript functions for the menus... include '../S3DBjavascript.php'; #and the short menu for the resource script if ($class_id == '') { $class_id = $instance_info['resource_class_id'];
<?php #Viewuser.php is a general interface to visualize user infomation. Can be accessed by anyoen with permission on the user (creator of the user, general admin or user himself) include 'adminheader.php'; $section_num = '2'; $website_title = $GLOBALS['s3db_info']['server']['site_title'] . ' - view user account'; $site_intro = $GLOBALS['s3db_info']['server']['site_intro']; include S3DB_SERVER_ROOT . '/s3style.php'; include S3DB_SERVER_ROOT . '/tabs.php'; if (!empty($_REQUEST['id'])) { //echo $_GET['id']; $account_id = $_GET['id']; $userviewed = URIinfo('U' . $account_id, $user_id, $key, $db); $account_addr_id = $userviewed['account_addr_id']; } $s3ql = compact('user_id', 'db'); $s3ql['select'] = '*'; $s3ql['from'] = 'groups'; $s3ql['where']['user_id'] = $userviewed['account_id']; $groups = S3QLaction($s3ql); $account_groups = create_static_group_list($groups, $userviewed['account_id']); $view_message = 'View User Account'; $content_width = '70%'; $button = '<input type="button" name="back" value="Back to User Account List" onClick="window.location=\'' . $action['listusers'] . '\'">'; $account_lid = $userviewed['account_lid']; $account_status = $userviewed['account_status']; if ($userviewed['account_status'] == 'A') { $account_status = 'Active'; //$checked= 'checked'); } else { $account_status = 'Inactive';
#Reading the UID should return a letter, C, I, R, S, U or P and a number. #queries will be only on exact ID if ($uid == '') { $letter = 'U'; $t = $GLOBALS['s3codes'][$letter]; $ID = $user_id; $element_info = $user_info; $data[0] = include_all(compact('letter', 'info', 'element_info', 'user_id', 'db', 'key')); $data[0]['uid'] = $GLOBALS['Did'] . ($letter != 'U' ? '|U' . $user_id : '') . '|' . $letter . $ID; } else { $letter = letter($uid); $t = $GLOBALS['s3codes'][$letter]; $uid_info = uid($uid); $ID = substr($uid_info['uid'], 1, strlen($uid_info['uid'])); if ($ID != '' && $letter != '') { $element_info = URIinfo($uid, $user_id, $key, $db); #Find the appropriate table information from each table where to look for the UID #User_id does not need to check if there is permissions to perform the query, all others need permission if (!is_array($element_info)) { echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'UID ' . $uid . ' does not exist', $format, ''); exit; } if (!$element_info['view']) { echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission on uid ' . $uid, $format, ''); exit; #echo ($no_permission_message.'<message>user does not have permission on uid '.$uid.' </message>'); #exit; } ereg('<error>([0-9]+)</error>.*<message>(.*)</message>', $element_info, $s3qlout); if ($s3qlout != '' && $s3qlout[1] != '0') { echo formatReturn($s3qlout[1], $s3qlout[2]);
function selectQuery($D) { extract($D); if ($s3ql['from'] == 'deployment') { $data[0] = array('mothership' => $GLOBALS['s3db_info']['deployment']['mothership'], 'deployment_id' => $GLOBALS['s3db_info']['deployment']['Did'], 'description' => $GLOBALS['s3db_info']['server']['site_intro'], 'url' => S3DB_URI_BASE, 'message' => 'Successfully connected to deployment ' . $GLOBALS['s3db_info']['deployment']['Did'] . '. Please provice a key to query the data (for example: ' . ($_SERVER['https'] == 'on' ? 'https://' : 'http://') . $def . S3DB_URI_BASE . '/URI.php?key=xxxxxxxx. For syntax specification and instructions refer to http://s3db.org/'); return $data; } #echo '<pre>';print_r($s3ql); if (in_array($s3ql['from'], array_keys($GLOBALS['plurals']))) { $s3ql['from'] = $GLOBALS['plurals'][$s3ql['from']]; } #echo '<pre>';print_r($s3ql);exit; if ($s3ql['from'] == 'classes') { $s3ql['from'] = 'collections'; } if ($s3ql['from'] == 'instances') { $s3ql['from'] = 'items'; } if ($s3ql['from'] == 'keys' && $_SESSION['db'] == '') { return formatReturn($GLOBALS['error_codes']['not_a_query'], 'Access keys cannot be queried in the API.', $s3ql['format'], ''); exit; } $target = $s3ql['from']; $letter = strtoupper(substr($s3ql['from'], 0, 1)); $table = strval($target); $element = $target; $cols = $GLOBALS['dbstruct'][$target]; $element_id = $s3ql['where'][$GLOBALS['s3ids'][$element]]; if ($table != '' && !in_array($table, array_keys($GLOBALS['dbstruct']))) { return formatReturn($GLOBALS['error_codes']['not_a_query'], 'Not a valid query.', '', $s3ql['format']); } #manage data in select #echo '<pre>';print_r($s3ql); #array_keys contains the things to replace and array_values the replacements if ($s3ql['select'] != '' && $s3ql['select'] != '*') { $s3ql_out = ereg_replace(' ', '', $s3ql['select']); #take out all the spaces $returnFields = explode(',', $s3ql_out); if (!ereg($GLOBALS['s3ids'][$element], $s3ql['select'])) { if (ereg('count|max|min', $s3ql['select'])) { $SQLfun = ereg_replace("\\(.*\\)", "", $select); $SQLfun = ereg_replace("count as count", "count", $SQLfun); $s3ql['select'] = '*'; } else { $s3ql['select'] .= ',' . $GLOBALS['s3ids'][$element]; } } } else { $s3ql['select'] = '*'; } #echo '<pre>';print_r($s3ql);exit; $toreplace = array_keys($GLOBALS['s3map'][$target]); $replacements = array_values($GLOBALS['s3map'][$target]); $s3ql['select'] = str_replace($toreplace, $replacements, $s3ql['select']); $select = urldecode($s3ql['select']); $select = eregi_replace('uid', $GLOBALS['s3ids'][$element] . ' as uid', $select); $select = eregi_replace('uri', $GLOBALS['s3ids'][$element] . ' as uri', $select); #echo $P['out'].$P['SQLfun']; if ($select == $SQLfun) { $SQLfun = ''; } #$s3ql_where_keys = str_replace(array('item_id', 'collection_id'), array('instance_id', 'class_id'), array_keys($s3ql['where'])); #$s3ql['where'] = array_combine($s3ql_where_keys, $s3ql['where']); #transofrmt s3ql and get the return Fields $tranformed = S3QLselectTransform(compact('s3ql', 'db', 'user_id')); extract($tranformed); #If there is any sort of S3 UID in the query, check its score when compared to the from $score = array('D' => '7', 'G' => '6', 'U' => '5', 'P' => '4', 'C' => '3', 'R' => '3', 'I' => '2', 'S' => '1'); $fromScore = $score[strtoupper(substr($target, 0, 1))]; $s3Ids = array_merge($GLOBALS['COREids'], array('rulelog' => 'rule_id', 'statementlog' => 'statement_id')); #echo '<pre>';print_r($s3ql);exit; $shared_with_query = array(); foreach ($s3Ids as $COREelement => $COREelement_id) { if ($s3ql['where'][$COREelement_id] != '' && !ereg('^~|regexp', $s3ql['where'][$COREelement_id])) { $id_name = $COREelement_id; $id_letter = strtoupper(substr($id_name, 0, 1)); $whereScore[strtoupper(substr($id_name, 0, 1)) . $s3ql['where'][$COREelement_id]] = $score[strtoupper(substr($id_name, 0, 1))]; #when idNameScore is < $fromScore, then we know: we are trying to query all resources that can view another particular resource (for example,all users that can view project x #echo $id_name;exit; $uid = strtoupper(substr($COREelement, 0, 1)) . $s3ql['where'][$COREelement_id]; $uid_info = uid($uid); $element_info = URIinfo($uid, $user_id, $key, $db); $WhereInfo[$uid_info['uid']] = $element_info; #echo '<pre>';print_r($user_info); #echo '<pre>';print_r($element_info);exit; if (!is_array($element_info)) { return formatReturn($GLOBALS['error_codes']['something_does_not_exist'], $uid . ' does not exist', $s3ql['format'], ''); exit; } elseif ($id_letter != strtoupper(substr($element, 0, 1))) { ##Shared_with is any UID that can eb shared with any of the elements being requested (for example, Collection_id is shared_with Project, but Project_id is not shared with Project array_push($shared_with_query, $uid); #do permissions on this uid propagate? #echo '<pre>';print_r($whereScore);exit; } else { $self_id = $s3ql['where'][$COREelement_id]; if (!$element_info['view']) { return formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission on ' . $uid, $s3ql['format'], ''); exit; } } } } #echo '<pre>';print_r($WhereInfo);exit; if ($self_id != '') { $data[0] = $element_info; } else { #start building the query: $user_query = "select " . $select . " from s3db_" . $GLOBALS['s3tables'][$table]; if (!user_is_admin($user_id, $db)) { $cols = array_diff($cols, array('account_pwd', 'account_phone', 'account_email', 'project_folder')); } #remove a few cols from query #echo $user_query;exit; #now add some constrains necessary due to the type of resource if (!(user_is_admin($user_id, $db) && $s3ql['where']['status'] == 'I')) { if (ereg('projects|classes|instances|rules|statements', $target)) { $status = "status!='I' and "; } } $user_query_const .= " where " . $status . $GLOBALS['s3ids'][$target] . "!='0'"; ### #Filter query according to the element being requested $user_query_const .= filterByElement($s3ql, $user_id, $db); if ($user_query_const) { $user_query .= $user_query_const; } else { exit; } if (!empty($shared_with_query) && strtoupper(substr($target, 0, 1)) != 'U') { ##Added 15Apr08 for faster queries (taking too long on MySQL using table joins) $uidQuery = simpleQueryUID($shared_with_query, $element, $db); if ($uidQuery) { extract($uidQuery); $user_query .= $finalUID; } elseif ($user_id != '1') { return formatReturn($GLOBALS['error_codes']['no_results'], 'Your query on ' . $target . ' did not return any results', $format, ''); } } #echo 'ola'.$uidQuery;exit; #now constrainthe query to resources that user cann access. Check for inherited permissions and direct permissions. Project is connected to deployment, rule and class to project, and so on. (see S3DB third report for the schema) #Fetch the cols of what is to be returned. Check for SqL functions. This will only affect the output if ($s3ql['select'] != '') { $out = urldecode($s3ql['select']); $SQLfun = ereg_replace("\\(.*\\)", "", $out); $SQLfun = ereg_replace("count as count", "count", $SQLfun); $P['out'] . $P['SQLfun']; if ($out == $SQLfun) { $SQLfun = ''; } else { $extracol = $out; } } #echo $SQLfun; #Extract from the s3ql the value that are part of the syntax and assume the rest are the SQL extras (limit, creted_by, etc) $syntax = array('key', 'select', 'from', 'where', 'format'); foreach ($s3ql as $i => $value) { if (!in_array($i, $syntax) && $value != '') { $SQLextra[$i] = ' ' . ereg_replace('_', ' ', $i) . ' ' . $value; } } #echo '<pre>';print_r($SQLextra);exit; #if there is orderby, move to the beginnign of the array if ($SQLextra['order_by'] != '') { $SQLextra = array_merge(array('order_by' => $SQLextra['order_by']), $SQLextra); } if (is_array($SQLextra)) { foreach ($SQLextra as $key => $value) { $query_extra .= $value; } } #Put in $P the values of what is queried, add to cols, if not already there, whatever is queried. Check if there are regular expressions anywhere. equalit will be replace by the regular expression $cols = $GLOBALS['dbstruct'][$table]; foreach ($cols as $col) { if ($s3ql['where'][$col] != '') { if (!in_array($col, $GLOBALS['COREids']) && $col != $GLOBALS['COREids'][$element]) { $user_query_fields .= ' and ' . $col . ' ' . parse_regexp($s3ql['where'][$col]); } $P[$col] = parse_regexp($s3ql['where'][$col]); } } #glue them together. $user_query .= $user_query_fields . $query_extra; ###Finally perform the query on whatever table is specified #$user_query = "select * from s3db_resource where resource_class_id = '389';"; //echo $user_query; //exit; #run it #complete query on LOCAL resources $db->query($user_query, __LINE__, __FILE__); $dbdata = get_object_vars($db); #echo '<pre>';print_r($dbdata); #exit; if ($dbdata['Errno'] != '0') { return formatReturn($GLOBALS['error_codes']['something_went_wrong'], $dbdata['Error'], $format, ''); } #put it in a nice structured variable $cols = $GLOBALS['dbstruct'][$target]; if (is_array($returnFields) && $extracol == '') { $cols = array_unique(array_merge($cols, $returnFields)); } #echo '<pre>';print_r($cols); while ($db->next_record()) { #echo '<pre>';print_r($db); $resultStr .= "\$data[] = Array("; if ($extracol != '') { $resultStr .= "'" . $extracol . "'=>'" . $db->f($SQLfun) . "',"; } foreach ($cols as $col) { $resultStr .= "'" . $col . "'=>'" . addslashes($db->f($col)) . "'"; if ($col != end($cols)) { $resultStr .= ","; } if ($col == $GLOBALS['s3ids'][$target]) { $retrieved['ids_str'] .= $retrieved['ids_str'] == '' ? $db->f($col) : '|' . $db->f($col); } } $resultStr .= ");"; } #echo $resultStr; #evaluate the long string eval($resultStr); if (is_array($data)) { $data = array_filter($data); } #echo '<pre>';print_r($data); #BEFORE outputting data, are there any remote resources where the user is allowed? $ucode = strtoupper(substr($element, 0, 1)); $ucode_and_id = $ucode . $element_id; ##Added ability to search locally on april 15 to optimize queries if (!ereg('users|group|projects|keys|rulelog|statementlog', $s3ql['from']) && !ereg('true|1', $s3ql['where']['local'])) { #REMOTE USERS< GROUPS< PROJECTS ARE INSERTED INTO DEPLOYMENT,M NO NEED TO FIND THEM AGAIN #Remote permissions query: changed 23Mar08 for specifying query in uid $remote_permissions_query .= "select * from s3db_permission where uid " . $regexp . " '^" . $GLOBALS['s3codesInv'][$GLOBALS['singulars'][$s3ql['from']]] . "' and permission_level " . $regexp . " '(1|2)\$'"; #the idea is to select anything that does not exist locally $remote_permissions_query .= " and id not in (select " . $GLOBALS['s3ids'][$GLOBALS['s3codes'][$letter]] . " from s3db_" . $GLOBALS['s3tables'][$GLOBALS['s3codes'][$letter]] . ")"; if ($user_self_query != '') { $remote_permissions_query .= " and id = '" . $self_id . "'"; } if ($uidQuery != '') { $remote_permissions_query .= " and id " . $regexp . " '^(" . $uidQuery['str_ids'] . ")\$'"; } if ($permissionsQuery != '') { $remote_permissions_query .= " and id " . $regexp . " '^(" . $permissionsQuery['str_ids'] . ")\$'"; } #echo $remote_permissions_query;exit; $db->query($remote_permissions_query, __LINE__, __FILE__); #this will return ALL the elements shared by USER while ($db->next_record()) { $remote_id[] = array('uid' => $db->f('uid'), 'shared_with' => $db->f('shared_with'), 'permission_level' => $db->f('permission_level')); } if (is_array($remote_id)) { foreach ($remote_id as $rem_id) { #$rem_uid = substr($rem_id['uid'],1,strlen($rem_id['uid'])); $rem_uid = $rem_id['uid']; $rem_resource_data = URIinfo($rem_uid, $user_id, $s3ql['key'], $db); #echo '<pre>';print_r($rem_resource_data);exit; if (is_array($rem_resource_data)) { $rem_resource_data['shared_with'] = $rem_id['shared_with']; $rem_resource_data['uid'] = $rem_id['uid']; $rem_resource_data['permission_level'] = $rem_id['permission_level']; } #echo '<pre>';print_r($rem_resource_data);exit; #concatenate them in the results; THIS SHOWS ONLY REMOTE RESOURCES THAT ARE AVAILABLE AT THE MOMENT! if (is_array($s3ql['where'])) { foreach ($s3ql['where'] as $query_field => $query_value) { if ($query_value != $rem_resource_data[$query_field]) { if (!in_array($query_field, $GLOBALS['COREids'])) { $rem_resource_data = array(); } } } } if (is_array($data) && is_array($rem_resource_data)) { array_push($data, $rem_resource_data); } elseif (is_array($rem_resource_data) && !empty($rem_resource_data)) { $data[] = $rem_resource_data; } } } } if (is_array($array)) { $data = array_filter($data); } #echo '<pre>';print_r($data);exit; #now we're ready to display the data $pack = compact('data', 'whereScore', 'WhereInfo', 'fromScore', 's3ql', 'key', 'target', 'db', 'user_id', 'cols', 'returnFields', 'target', 'uidQuery'); if (!ereg('keys|accesslog', $s3ql['from'])) { $data = includeAllData($pack); } } #echo '<pre>';print_r($data);exit; #$data = filterDataForQuery($data, $cols,$returnFields, $whereScore, $fromScore, $s3ql, $key, $target, $db, $user_id); if (is_array($data) && !empty($data)) { $data = array_combine(range(0, count($data) - 1), $data); return $data; } else { return formatReturn($GLOBALS['error_codes']['no_results'], 'Your query returned no results', $format, ''); } }
} $key = $_GET['key']; #Get the key, send it to check validity include_once 'core.header.php'; if ($key) { $user_id = get_entry('access_keys', 'account_id', 'key_id', $key, $db); } else { $user_id = $_SESSION['user']['account_id']; } #Universal variables $sortorder = $_REQUEST['orderBy']; $direction = $_REQUEST['direction']; $project_id = $_REQUEST['project_id']; $uid_info = uid($project_id); #$acl = find_final_acl($user_id, $project_id, $db); $project_info = URIinfo('P' . $project_id, $user_id, $key, $db); $uni = compact('db', 'acl', 'user_id', 'key', 'project_id', 'dbstruct', 'sortorder', 'direction'); #relevant extra arguments #$args = '?key='.$_REQUEST['key'].'&project_id='.$_REQUEST['project_id']; #Define the page actions include 'webActions.php'; #include the specification of the link map. Must be put in here becuase arguments vary. if ($project_id == '') { echo "Please specify a project_id"; exit; } elseif (!$project_info['view']) { echo "User does not have access in this project."; exit; } else { #$project_info = S3QLinfo('project', $project_id, $user_id,$db); #$project_info = URI('P'.$project_id, $user_id, $db);
function getRuleValidation($rule_id, $key, $user_id, $db) { $rule_info = URIinfo('R' . $rule_id, $user_id, $key, $db); return $rule_info['validation']; }