$res = sql("select * from membership_userrecords where recID='{$recID}'", $eo);
if ($row = db_fetch_assoc($res)) {
// get record data
$tableName = $row['tableName'];
$pkValue = $row['pkValue'];
$memberID = strtolower($row['memberID']);
$dateAdded = @date($adminConfig['PHPDateTimeFormat'], $row['dateAdded']);
$dateUpdated = @date($adminConfig['PHPDateTimeFormat'], $row['dateUpdated']);
$groupID = $row['groupID'];
} else {
// no such record exists
die("<div class=\"status\">Error: Record not found!</div>");
}
}
// get pk field name
$pkField = getPKFieldName($tableName);
// get field list
if (!($res = sql("show fields from `{$tableName}`", $eo))) {
errorMsg("Couldn't retrieve field list from '{$tableName}'");
}
while ($row = db_fetch_assoc($res)) {
$field[] = $row['Field'];
}
$res = sql("select * from `{$tableName}` where `{$pkField}`='" . makeSafe($pkValue, false) . "'", $eo);
if ($row = db_fetch_assoc($res)) {
?>
<h2>Table: <?php
echo $tableName;
?>
</h2>
<table class="table table-striped">
function getCSVData($tn, $pkValue, $stripTags = true)
{
// get pk field name for given table
if (!($pkField = getPKFieldName($tn))) {
return "";
}
// get a concat string to produce a csv list of field values for given table record
if (!($res = sql("show fields from `{$tn}`", $eo))) {
return "";
}
while ($row = db_fetch_assoc($res)) {
$csvFieldList .= "`{$row['Field']}`,";
}
$csvFieldList = substr($csvFieldList, 0, -1);
$csvData = sqlValue("select CONCAT_WS(', ', {$csvFieldList}) from `{$tn}` where `{$pkField}`='" . makeSafe($pkValue, false) . "'");
return $stripTags ? strip_tags($csvData) : $csvData;
}
function permissions_sql($table, $level = 'all')
{
if (!in_array($level, array('user', 'group'))) {
$level = 'all';
}
$perm = getTablePermissions($table);
$from = '';
$where = '';
$pk = getPKFieldName($table);
if ($perm[2] == 1 || $perm[2] > 1 && $level == 'user') {
// view owner only
$from = 'membership_userrecords';
$where = "(`{$table}`.`{$pk}`=membership_userrecords.pkValue and membership_userrecords.tableName='{$table}' and lcase(membership_userrecords.memberID)='" . getLoggedMemberID() . "')";
} elseif ($perm[2] == 2 || $perm[2] > 2 && $level == 'group') {
// view group only
$from = 'membership_userrecords';
$where = "(`{$table}`.`{$pk}`=membership_userrecords.pkValue and membership_userrecords.tableName='{$table}' and membership_userrecords.groupID='" . getLoggedGroupID() . "')";
} elseif ($perm[2] == 3) {
// view all
// no further action
} elseif ($perm[2] == 0) {
// view none
return false;
}
return array('where' => $where, 'from' => $from, 0 => $where, 1 => $from);
}
<?php
$currDir = dirname(__FILE__);
require "{$currDir}/incCommon.php";
// validate input
$recID = intval($_GET['recID']);
$res = sql("select tableName, pkValue from membership_userrecords where recID='{$recID}'", $eo);
if ($row = db_fetch_row($res)) {
sql("delete from membership_userrecords where recID='{$recID}'", $eo);
if ($pkName = getPKFieldName($row[0])) {
sql("delete from `{$row['0']}` where `{$pkName}`='" . addslashes($row[1]) . "'", $eo);
}
}
if ($_SERVER['HTTP_REFERER']) {
redirect($_SERVER['HTTP_REFERER'], TRUE);
} else {
redirect("admin/pageViewRecords.php");
}
$arrTables = getTableList();
// get a list of tables with records that have no owners
foreach ($arrTables as $tn => $tc) {
$countOwned = sqlValue("select count(1) from membership_userrecords where tableName='{$tn}'");
$countAll = sqlValue("select count(1) from `{$tn}`");
if ($countAll > $countOwned) {
$arrTablesNoOwners[$tn] = $countAll - $countOwned;
}
}
// process ownership request
if ($_POST['assignOwners'] != '') {
ignore_user_abort();
foreach ($arrTablesNoOwners as $tn => $tc) {
$groupID = intval($_POST["ownerGroup_{$tn}"]);
$memberID = makeSafe(strtolower($_POST["ownerMember_{$tn}"]));
$pkf = getPKFieldName($tn);
if ($groupID) {
$insertBegin = "insert into membership_userrecords (tableName, pkValue, groupID, memberID, dateAdded, dateUpdated) values ";
$ts = time();
$res = sql("select `{$tn}`.`{$pkf}` from `{$tn}` left join membership_userrecords on `{$tn}`.`{$pkf}`=membership_userrecords.pkValue and membership_userrecords.tableName='{$tn}' where membership_userrecords.pkValue is null");
while ($row = mysql_fetch_row($res)) {
$insert .= "('{$tn}', '{$row['0']}', '{$groupID}', " . ($memberID ? "'{$memberID}'" : "NULL") . ", {$ts}, {$ts}),";
if (strlen($insert) > 50000) {
sql($insertBegin . substr($insert, 0, -1));
$insert = '';
}
}
if ($insert != '') {
sql($insertBegin . substr($insert, 0, -1));
$insert = '';
}