function get_value($dest = DST_VARIABLE, $parent = null)
{
if ($dest == DST_DATABASE) {
if (isset($this->value) && imp($this->value) || $this->empty_to_null == false) {
return "'" . db_esc($this->value) . "'";
} else {
return "NULL";
}
} else {
if ($dest == DST_HTML_DISPLAY) {
if ($this->type == "money" && imp($this->value)) {
$c = $parent->currency;
if ($this->currency && isset($parent->data_fields[$this->currency])) {
$c = $parent->get_value($this->currency);
}
if (!$c) {
alloc_error("db_field::get_value(): No currency specified for " . $parent->classname . "." . $this->name . " (currency:" . $c . ")");
} else {
if ($this->value == $parent->all_row_fields[$this->name]) {
return page::money($c, $this->value, "%mo");
}
}
}
return page::htmlentities($this->value);
} else {
return $this->value;
}
}
}
function show_permission_list($template_name)
{
global $TPL;
$roles = permission::get_roles();
if ($_REQUEST["submit"] || $_REQUEST["filter"] != "") {
$where = " where tableName like '%" . db_esc($_REQUEST["filter"]) . "%' ";
// TODO: Add filtering to permission list
}
$db = new db_alloc();
$db->query("SELECT * FROM permission {$where} ORDER BY tableName, sortKey");
while ($db->next_record()) {
$permission = new permission();
$permission->read_db_record($db);
$permission->set_values();
$TPL["actions"] = $permission->describe_actions();
$TPL["odd_even"] = $TPL["odd_even"] == "odd" ? "even" : "odd";
$TPL["roleName"] = $roles[$TPL["roleName"]];
include_template($template_name);
}
}
function get_assoc_array($key = false, $value = false, $sel = false, $where = array())
{
$key or $key = $this->key_field->get_name();
$value or $value = "*";
$value != "*" and $key_sql = $key . ",";
$q = sprintf('SELECT %s %s FROM %s WHERE 1=1 ', db_esc($key_sql), db_esc($value), db_esc($this->data_table));
$pkey_sql = " OR " . $this->key_field->get_name() . " = ";
if (is_array($sel) && count($sel)) {
foreach ($sel as $s) {
$extra .= $pkey_sql . sprintf("%d", $s);
}
} else {
if ($sel) {
$extra = $pkey_sql . db_esc($sel);
}
}
// If they haven't specifically asked for inactive or all
// records, we default to giving them only active records.
if (is_object($this->data_fields[$this->data_table . "Active"]) && !isset($where[$this->data_table . "Active"])) {
$where[$this->data_table . "Active"] = 1;
// Else get all records
} else {
if ($where[$this->data_table . "Active"] == "all") {
unset($where[$this->data_table . "Active"]);
}
}
if (is_array($where) && count($where)) {
foreach ($where as $colname => $colvalue) {
$q .= " AND " . $colname . " = '" . db_esc($colvalue) . "'";
}
}
$q .= $extra;
if (is_object($this->data_fields[$this->data_table . "Sequence"])) {
$q .= " ORDER BY " . db_esc($this->data_table) . "Sequence";
} else {
if (is_object($this->data_fields[$this->data_table . "Seq"])) {
$q .= " ORDER BY " . db_esc($this->data_table) . "Seq";
} else {
if ($value != "*") {
$q .= " ORDER BY " . db_esc($value);
}
}
}
$db = new db_alloc();
$db->query($q);
$rows = array();
while ($row = $db->row()) {
if ($this->read_db_record($db)) {
if ($value && $value != "*") {
$v = $row[$value];
} else {
$v = $row;
}
$rows[$row[$key]] = $v;
}
}
return $rows;
}
function prepare()
{
$args = func_get_args();
if (count($args) == 1) {
return $args[0];
}
// First element of $args get assigned to zero index of $clean_args
// Array_shift removes the first value and returns it..
$clean_args[] = array_shift($args);
// The rest of $args are escaped and then assigned to $clean_args
foreach ($args as $arg) {
if (is_array($arg)) {
foreach ((array) $arg as $v) {
$str .= $comma . "'" . db_esc($v) . "'";
$comma = ",";
}
$clean_args[] = $str;
} else {
$clean_args[] = db_esc($arg);
}
}
// Have to use this coz we don't know how many args we're gonna pass to sprintf..
$query = @call_user_func_array("sprintf", $clean_args);
// Trackdown poorly formulated queries
$err = error_get_last();
if ($err["type"] == 2 && in_str("sprintf", $err["message"])) {
$e = new Exception();
alloc_error("Error in prepared query: \n" . $e->getTraceAsString() . "\n" . print_r($err, 1) . "\n" . print_r($clean_args, 1));
}
return $query;
}
<?php
// Update old entries in the interested parties table that don't have names
$db = new db_alloc();
$db2 = new db_alloc();
$extra_interested_parties = config::get_config_item("defaultInterestedParties");
foreach ((array) $extra_interested_parties as $name => $email) {
$q = prepare("UPDATE interestedParty SET fullName = '%s' WHERE emailAddress = '%s' AND (fullName is NULL or fullName = '')", db_esc($name), db_esc($email));
$db2->query($q);
}
}
}
if ($_POST["table_num_op_2"][$v] != "") {
if (preg_match("/([^\\d]{1,2})(\\d\\d\\d\\d-\\d\\d?-\\d\\d?)/", $_POST["table_num_op_2"][$v], $m)) {
$query["where"] .= " AND " . db_esc($_POST["table_name"][$v]) . " " . db_esc($m[1]) . "'" . db_esc($m[2]) . "'";
} else {
$query["where"] .= " AND " . db_esc($_POST["table_name"][$v]) . " " . db_esc($_POST["table_num_op_2"][$v]);
}
}
}
}
if ($_POST["table_groupby"] != "") {
if (!isset($query["group"])) {
$query["group"] = " GROUP BY " . db_esc($_POST["table_groupby"]);
} else {
$query["group"] .= "," . db_esc($_POST["table_groupby"]);
}
}
$final_query = $query["start"] . $query["select"] . $query["from"] . $query["join"] . $query["where"] . $query["group"];
if ($query["select"]) {
$db = new db_alloc();
$db->query($final_query);
$fields = explode(",", $query["select"]);
$TPL["result_row"] = "<tr>";
foreach ($fields as $field) {
$TPL["result_row"] .= "<th>" . $field . "</th>";
}
$TPL["result_row"] .= "</tr>";
if (!$_POST["generate_file"]) {
$start_row_separator = "<tr class='%s'>";
$end_row_separator = "</tr>\n";
public static function get_permitted_tfs($requested_tfs = array())
{
$current_user =& singleton("current_user");
// If admin, just use the requested tfs
if ($current_user->have_role('admin')) {
$rtn = $requested_tfs;
// If not admin, then remove the items from $requested_tfs that the user can't access
} else {
$allowed_tfs = (array) tf::get_tfs_for_person($current_user->get_id());
foreach ((array) $requested_tfs as $tf) {
if (in_array($tf, $allowed_tfs)) {
$rtn[] = $tf;
}
}
}
// db_esc everything
foreach ((array) $rtn as $tf) {
$r[] = db_esc($tf);
}
return (array) array_unique((array) $r);
}
function install_peopleaggregator()
{
global $path_prefix;
?>
<h2>Detecting URLs</h2>
<ul>
<?php
// find base url (minus http:// suffix)
if (!preg_match("|^(.*?)/config/index.php\$|", $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $m)) {
dienow("Unable to find base URL");
}
$base_url_bare = $m[1];
// make sure the base url is valid
if (!can_get_peepagg_txt("http://{$base_url_bare}/peopleaggregator.txt")) {
dienow("Unable to guess base URL - I think it should be http://{$base_url_bare}/ but that URL does not seem to work.");
}
note("Good: we can access the system at http://{$base_url_bare}/");
// try stripping off the first url part (i.e. www.asdf -> asdf)
$base_url_suffix = preg_replace("|^[^\\.]+\\.(.*)\$|", "\$1", $base_url_bare);
$allow_spawning = FALSE;
// check if it doesn't have any dots (e.g. http://colinux/web/config/)
// - i.e. not suitable for sharing cookies over domains.
if ($base_url_suffix == $base_url_bare) {
note("Apparently running on an internal web server - not possible to run multiple networks.");
} else {
if (preg_match("|^\\d+\\.\\d+\\.\\d+\\.\\d+|", $base_url_bare)) {
note("Running with an IP address rather than a domain name - not possible to run multiple networks.");
} else {
if (can_get_peepagg_txt("http://{$base_url_suffix}/peopleaggregator.txt")) {
note("It looks like it is also accessible at <code>http://{$base_url_suffix}/</code>; trying <code>{$base_url_suffix}</code> as the root URL.");
} else {
note("It is not accessible at <code>http://{$base_url_suffix}/</code>; trying <code>{$base_url_bare}</code> as the root URL.");
$base_url_suffix = $base_url_bare;
}
if (can_get_peepagg_txt("http://some-random-domain.{$base_url_suffix}/peopleaggregator.txt")) {
note("It looks like the server is set up to host <code>*.{$base_url_suffix}</code>, so network spawning is possible.");
$allow_spawning = TRUE;
} else {
warn("Wildcard domains do not appear to be enabled (cannot access the root of this install at http://some_random_domain.{$base_url_suffix}/) so network spawning will be disabled.");
}
}
}
global $base_url, $domain_suffix;
if ($allow_spawning) {
$base_url = "http://%network_name%.{$base_url_suffix}";
} else {
$base_url = "http://{$base_url_bare}";
}
$domain_suffix = preg_replace("|/.*\$|", "", $base_url_suffix);
// stash $base_url away as config.inc will modify it
$base_url_config = $base_url;
note("Base URL: <code>{$base_url}</code>" . ($domain_suffix ? "; domain suffix: <code>{$domain_suffix}</code>" : ""));
?>
</ul>
<h2>Configuration</h2>
<?php
$admin_password = get_default("admin_password", "");
$admin_password2 = get_default("admin_password2", "");
$mysql_server = get_default("mysql_server", "localhost");
$mysql_dbname = get_default("mysql_dbname", "peopleaggregator");
$mysql_username = get_default("mysql_username", "peopleaggregator");
$mysql_password = get_default("mysql_password", "");
$mysql_root_username = get_default("mysql_root_username", "root");
$mysql_root_password = get_default("mysql_root_password", "");
$home_network_config = str_replace("%network_name%", "www", $base_url) . "/config/";
?>
<form method="POST" action="<?php
echo $home_network_config;
?>
#check">
<div class="config">
<p>Some operations (upgrading, and content administration) require an administrator password for access. Please enter an administrator password here.</p>
<div class="config_item"><label for="admin_password">Admin password</label>
<input type="password" id="admin_password" name="admin_password" value="<?php
echo $admin_password;
?>
"><?php
if (!$admin_password) {
echo " ← must not be blank!";
}
?>
</div>
<div class="config_item"><label for="admin_password">Repeat admin password</label>
<input type="password" id="admin_password2" name="admin_password2" value="<?php
echo $admin_password2;
?>
"><?php
if (!$admin_password2) {
echo " ← must not be blank!";
} else {
if ($admin_password != $admin_password2) {
echo " ← must be the same as above!";
}
}
?>
</div>
<p>Enter your database details below.</p>
<div class="config_item"><label for="mysql_server">MySQL server</label>
<input type="text" name="mysql_server" value="<?php
echo $mysql_server;
?>
"></div>
<div class="config_item"><label for="mysql_dbname">MySQL database name</label>
<input type="text" name="mysql_dbname" value="<?php
echo $mysql_dbname;
?>
"></div>
<div class="config_item"><label for="mysql_username">MySQL username</label>
<input type="text" name="mysql_username" value="<?php
echo $mysql_username;
?>
"></div>
<div class="config_item"><label for="mysql_password">MySQL password</label>
<input type="password" name="mysql_password" value="<?php
echo $mysql_password;
?>
"><?php
if (!$mysql_password) {
echo " ← must not be blank!";
}
?>
</div>
<p>If the database has not been created yet, you can enter your database administrator ("root") login details here to have it created automatically:</p>
<div class="config_item"><label for="mysql_root_username">Administrator username</label>
<input type="text" name="mysql_root_username" value="<?php
echo $mysql_root_username;
?>
"></div>
<div class="config_item"><label for="mysql_root_password">Administrator password</label>
<input type="password" name="mysql_root_password" value="<?php
echo $mysql_root_password;
?>
"></div>
<p><input type="submit" value="Set up PeopleAggregator"></p>
</div>
</form>
<?php
// only exec the rest after someone clicks 'setup'
if (!$_POST) {
exit;
}
// wrap install process in exception handler so we can roll back
$rollback_cmds = array();
try {
?>
<h2 id="check">Checking config details</h2>
<ul>
<?php
if (!$admin_password) {
focus_field("admin_password");
dienow("You must supply an admin password");
}
if ($admin_password != $admin_password2) {
focus_field("admin_password");
dienow("Both admin paswords must be the same");
}
if (!$mysql_password) {
focus_field("mysql_password");
dienow("You may not use a blank password for the MySQL connection");
}
$user_link = @mysql_connect($mysql_server, $mysql_username, $mysql_password);
if ($user_link) {
note("Able to connect to the MySQL server at {$mysql_server} with supplied login details.");
// make sure the DB isn't already populated
if (!mysql_select_db($mysql_dbname, $user_link)) {
note("Database does not exist or is inaccessible");
mysql_close($user_link);
$user_link = FALSE;
} else {
$sth = run_query("SHOW TABLES", $user_link);
if (mysql_num_rows($sth)) {
throw new Installation_Failure("The database {$mysql_dbname} already contains data. Please wipe it out or recreate the database before installing PeopleAggregator. If PeopleAggregator is already installed here, you will have to create your local_config.php file manually.");
}
}
} else {
note("Unable to connect to the MySQL server using the supplied login details");
}
if (!$user_link) {
note("Trying administrator login...");
$admin_link = @mysql_connect($mysql_server, $mysql_root_username, $mysql_root_password);
if (!$admin_link) {
dienow("Unable to connect to the MySQL server with the supplied login details or as an administrator");
}
note("Able to connect to the MySQL server with the supplied administrator login details - a new database will be created.");
// make sure the db doesn't already exist
if (mysql_select_db($mysql_dbname, $admin_link)) {
throw new Installation_Failure("Database {$mysql_dbname} already exists");
}
// create it
$sql = "CREATE DATABASE " . db_esc($mysql_dbname);
$rollback_cmds[] = array("sql", "DROP DATABASE " . db_esc($mysql_dbname), $admin_link);
run_query($sql, $admin_link);
// now grant permissions with successively looser hostnames until
// we find one that lets the web server access the database.
foreach (array("localhost", "localhost.localdomain", $_SERVER['SERVER_NAME'], gethostbyname($_SERVER['SERVER_NAME']), "%") as $server_host) {
$sql = "GRANT ALL ON " . db_esc($mysql_dbname) . ".* TO " . db_esc($mysql_username) . "@" . db_esc($server_host) . " IDENTIFIED BY '" . mysql_real_escape_string($mysql_password) . "'";
run_query($sql, $admin_link);
if (($user_link = mysql_connect($mysql_server, $mysql_username, $mysql_password)) && mysql_select_db($mysql_dbname, $user_link)) {
note("Successfully logged in to new database using credentials from host {$server_host}");
break;
}
}
if (!$user_link) {
throw new Installation_Failure("Failed to grant access credentials that would allow the web server to access the database. Please try creating the database manually.");
}
}
if (!$user_link) {
throw new Installation_Failure("Something went wrong - we should have successfully connected to the DB by now");
}
// set all local_config.php vars
global $peepagg_dsn;
$peepagg_dsn = "mysql://{$mysql_username}:{$mysql_password}@{$mysql_server}/{$mysql_dbname}";
$logger_logFile = "{$path_prefix}/log/pa.log";
$default_relation_id = 1;
// now write out local_config.php
$local_config_text = "<" . "?php\n\n// local_config.php: This file contains server-specific settings like\n// the database password, the base URL of this installation, and\n// debugging flags. Anything in default_config.php can be overridden\n// here.\n\n// If you want to change project-specific things like the site name,\n// you can use project_config.php.\n\n// Global defaults, which are shared by all other PeopleAggregator\n// installations, are in default_config.php.\n\n// Database details.\n\$peepagg_dsn = \"{$peepagg_dsn}\";\n\n// URL to the root of the server.\n\$base_url = \"{$base_url_config}\";\n\n// Parent domain part of the URL.\n\$domain_suffix = \"{$domain_suffix}\";\n";
if ($allow_spawning) {
$local_config_text .= "\n// Network operation is enabled. To disable, set \$_PA->enable_networks\n// to FALSE. To disable network spawning without deactivating existing\n// networks, set \$_PA->enable_network_spawning to FALSE.\n";
} else {
$local_config_text .= "\n// Network operation disabled as wildcard domains are not configured.\n// Comment out the following line to enable network creation (after\n// configuring wildcard DNS, etc).\n\$_PA->enable_networks = FALSE;\n";
}
$local_config_text .= "\n// Path to log file (you may wish to change this to /var/log/somewhere/pa.log).\n\$logger_logFile = \"\$path_prefix/log/pa.log\";\n\n// Administration password\n\$admin_password = \"{$admin_password}\";\n\n// When a new user registers on the site, they will automatically be marked as a friend of the user with this ID.\n// (The default is 1, so everyone will be a friend of the first user.)\n\$default_relation_id = {$default_relation_id};\n\n?" . ">\n";
global $config_fn;
note("Writing local_config.php");
$rollback_cmds[] = array("delete", $config_fn);
if (!file_put_contents($config_fn, $local_config_text)) {
throw new Installation_Failure("Unable to write {$config_fn}");
}
// define LOCAL_CONFIG_OVERRIDE to tell config.inc to load our new
// temporary local_config.php rather than look for it in the global
// location
define("LOCAL_CONFIG_LOCATION_OVERRIDE", $config_fn);
// now set up databases
note("Initializing database ... ");
run_query_file(dirname(__FILE__) . "/../../db/PeepAgg.mysql", $user_link);
note("Running database upgrade script and installing default module settings ... ");
try {
require_once dirname(__FILE__) . "/../update/run_scripts.php";
run_update_scripts();
} catch (Exception $e) {
throw new Installation_Failure("Error updating database or installing default module settings: " . $e->getMessage());
}
global $do_auto_update;
if (!$do_auto_update) {
note("Skipping auto-upgrade preparation as it is disabled for this installation.");
} else {
note("Preparing system for auto-upgradeability ... ");
require_once "Subversion/PAStateStore.php";
try {
$store = new Subversion_PAStateStore($path_prefix);
$store->initialize();
note("Subversion update root: <code>" . $store->get_repository_root() . "</code>; path: <code>" . $store->get_repository_path() . "</code>; revision: " . $store->get_revision());
} catch (Exception $e) {
throw new Installation_Failure("Error preparing auto-upgrade system: " . $e->getMessage());
}
}
?>
</ul>
<h2>All done!</h2>
<p class="good">Your database has been initialized and a <code>local_config.php</code> file has been written at <code><?php
echo $config_fn;
?>
</code>. To finish the installation, please move this file up into the parent of the 'web' directory, then <a href="../">click here</a>.</p>
<p>The following command will do this on Linux/UNIX:</p>
<p style="margin-left: 5em"><code>mv <?php
echo realpath($config_fn);
?>
<?php
echo $path_prefix;
?>
/</code></p>
<?php
//throw new Installation_Failure("foo");
} catch (Installation_Failure $e) {
warn("Installation failed (" . $e->getMessage() . ") - undoing operations");
foreach (array_reverse($rollback_cmds) as $cmd) {
switch ($cmd[0]) {
case 'sql':
list(, $sql, $link) = $cmd;
note("DB query: {$sql}");
mysql_query($sql, $link);
break;
case 'delete':
list(, $fn) = $cmd;
note("Delete: {$fn}");
unlink($fn);
break;
default:
warn("Unknown rollback command type: " . $cmd[0]);
break;
}
}
}
}
