/**
* @param mixed $field
* @param string $expression
* @param string $alias
*/
private function getSelectExpression($expression, $field, $alias, $fieldAlias = self::DEFAULT_TABLE_ALIAS)
{
$validExpressions = ['SUM', 'MIN', 'MAX', 'AVG', 'COUNT'];
if (in_array(trim(strtoupper($expression)), $validExpressions)) {
if (strpos($field, '.') === false) {
$field = getFullFieldName($field, $fieldAlias);
}
$this->queryFields[] = sprintf('%s(%s) AS %s', $expression, $field, $alias);
}
}
/**
* Login method
*
*/
function LogIn($pUsername,$pPassword){
// username and password are stored in the database
global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string)$pUsername;
$strPassword = (string)$pPassword;
$cipherer = new RunnerCipherer("webreport_users");
$sUsername = $strUsername;
$sPassword = $strPassword;
if($cipherer->isFieldEncrypted($cUserNameField))
$strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$strUsername = db_prepare_string($strUsername);
else
$strUsername = (0+$strUsername);
}
if($cipherer->isFieldEncrypted($cPasswordField))
$strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true);
else
{
if(NeedQuotes($cPasswordFieldType))
$strPassword = db_prepare_string($strPassword);
else
$strPassword = (0+$strPassword);
}
$fieldList = "";
$lSet = new ProjectSettings("webreport_users", PAGE_LIST);
if($lSet->GetTableData(".sqlquery"))
$fieldList = $lSet->GetTableData(".sqlquery")->toSql();
if($fieldList)
{
if(!$this->pSet->isCaseInsensitiveUsername()) {
$where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)).
"=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword;
} else {
$where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)).
"=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false).
"=".$strPassword;
}
$tempSQLQuery = $lSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$strSQL = $tempSQLQuery->toSql();
}
else
{
$strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword;
}
$rs = db_query($strSQL,$conn);
$data = $cipherer->DecryptFetchedArray($rs);
if($data){
if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){
$logged=true;
$pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername;
}
}
if($logged && $this->isCaptchaOk)
{
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword);
return true;
}
else {
if($this->auditObj)
{
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
}
