function Login_Process()
{
$arg2 = $this->directlogin == true ? 'direct' : '';
// only process if user hit "post"
if (gp('gp_posted', '', false) == '') {
return;
}
vgfSet('LoginAttemptOK', false);
// Error title
vgfSet('ERROR_TITLE', '*');
// If the user supplied a loginUID, this is a post and we
// must process the request.
$ale = vgaGet('login_errors', array());
$app = $GLOBALS['AG']['application'];
$em000 = isset($ale['000']) ? $ale['000'] : "That username/password combination did not work. Please try again.";
$em001 = isset($ale['001']) ? $ale['001'] : "That username/password combination did not work. Please try again.";
$em002 = isset($ale['002']) ? $ale['002'] : "That username/password combination did not work. Please try again.";
$em099 = isset($ale['099']) ? $ale['099'] : "That username/password combination did not work. Please try again.";
$terror = "";
$uid = gp('loginUID');
$uid = MakeUserID($uid);
//$uid = str_replace('@','_',$uid);
//$uid = str_replace('.','_',$uid);
$pwd = gp("loginPWD", "", false);
// First check, never allow the database server's superuser
// account
//
if ($uid == "postgres") {
ErrorAdd($em000);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as postgres");
fwLogEntry('1011', 'Attempt login as postgres', '', $arg2);
}
return;
}
$app = $GLOBALS['AG']['application'];
if (substr($uid, 0, strlen($app)) == $app) {
ErrorAdd($em001);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as group role");
fwLogEntry('1012', 'Attempt login as group role', $uid, $arg2);
}
return;
}
// Begin with a connection attempt.
// on fail, otherwise continue
$tcs = @SQL_CONN($uid, $pwd);
if ($tcs === false) {
ErrorAdd($em099);
if (vgfGet('loglogins', false)) {
sysLog(LOG_NOTICE, "Andromeda:{$app}:Bad login attempt server rejected");
fwLogEntry('1013', 'Server rejected username/password', $uid, $arg2);
}
return;
} else {
SQL_CONNCLOSE($tcs);
}
// The rest of this routine uses an admin connection. If we
// have an error, we must close the connection before returning!
// ...yes, yes, that's bad form, all complaints to /dev/null
//
if (vgfGet('loglogins', false)) {
fwLogEntry('1010', 'Login OK', $uid, $arg2);
}
scDBConn_Push();
// See if they are a root user. If not, do they have an
// active account?
$root = false;
$admin = false;
$group_id_eff = '';
$results = SQL("\n Select oid\n FROM pg_roles \n WHERE rolname = CAST('{$uid}' as name)\n AND rolsuper= true");
$cr = SQL_NUMROWS($results);
if ($cr != 0) {
$root = true;
} else {
$results = SQL("Select * from users WHERE LOWER(user_id)='{$uid}'" . "AND (user_disabled<>'Y' or user_disabled IS NULL)");
$cr = SQL_NUMROWS($results);
if ($cr == 0) {
scDBConn_Pop();
ErrorAdd($em002);
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt code 002");
return;
} else {
$userinfo = SQL_Fetch_Array($results);
$group_id_eff = $userinfo['group_id_eff'];
SessionSet('user_name', $userinfo['user_name']);
}
}
// Flag if the user is an administrator
if ($root == true) {
$admin = true;
} else {
$results = SQL("select count(*) as admin from usersxgroups " . "where user_id='{$uid}' and group_id ='{$app}" . "_admin'");
$row = SQL_FETCH_ARRAY($results);
$admin = intval($row["admin"]) > 0 ? true : false;
}
// Get the users' groups
$groups = "";
if ($root) {
$results = SQL("\n select group_id \n from zdd.groups \n where COALESCE(grouplist,'')=''");
} else {
$results = SQL("select group_id from usersxgroups WHERE LOWER(user_id)='{$uid}'");
}
while ($row = SQL_FETCH_ARRAY($results)) {
$agroups[] = "'" . trim($row['group_id']) . "'";
#$groups.=ListDelim($groups)."'".trim($row["group_id"])."'";
}
$groups = array();
if (!empty($agroups)) {
$groups = implode(",", $agroups);
}
//scDBConn_Pop();
// We have a successful login. If somebody else was already
// logged in, we need to wipe out that person's session. But
// don't do this if there was an anonymous login.
if (LoggedIn()) {
$uid_previous = SessionGet('UID');
if ($uid != $uid_previous) {
//Session_Destroy();
SessionReset();
//Index_Hidden_Session_Start(false);
}
}
// We know who they are and that they can connect,
// see if there is any app-specific confirmation required
//
if (function_exists('app_login_process')) {
//echo "Calling the process now";
if (!app_login_process($uid, $pwd, $admin, $groups)) {
return;
}
}
// Protect the session from hijacking, generate a new ID
Session_regenerate_id();
// We now have a successful connection, set some
// flags and lets go
//
vgfSet('LoginAttemptOK', true);
SessionSet("UID", $uid);
SessionSet("PWD", $pwd);
SessionSet("ADMIN", $admin);
SessionSet("ROOT", $root);
SessionSet("GROUP_ID_EFF", $group_id_eff);
SessionSet("groups", $groups);
if (gp('gpz_page') == '') {
# KFD 9/12/08, extra command to not change page
if (gp('st2keep') != 1) {
gpSet('gp_page', '');
}
}
$GLOBALS['session_st'] = 'N';
// for "N"ormal
// -------------------------------------------------------------------
// We are about to make the menu. Before doing so, see if there
// are any variables set for the menu layout. Set defaults and then
// load from database.
//
$this->pmenu = array('MENU_TYPE' => vgaGet('MENU_TYPE', 'div'), 'MENU_CLASS_MODL' => vgaGet('MENU_CLASS_MODL', 'modulename'), 'MENU_CLASS_ITEM' => vgaGet('MENU_CLASS_ITEM', 'menuentry'), 'MENU_TICK' => vgaGET('MENU_TICK', ' - '));
//$sql = "SELECT * from variables WHERE variable like 'MENU%'";
//$dbres = SQL($sql);
//while ($row = SQL_FETCH_ARRAY($dbres)) {
// $this->pmenu[trim($row['variable'])]=trim($row['variable_value']);
//}
// -------------------------------------------------------------------
// KFD 10/28/06, Modified to examine "nomenu" instead of permsel
// pulls all tables user has nomenu='N'. The basic idea is
// to remove from $AGMENU the stuff they don't see
//
// GET AGMENU
$AGMENU = array();
// avoid compiler warning, populated next line
include "ddmodules.php";
// Pull distinct modules person has any menu options in.
$sq = "SELECT DISTINCT module\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND group_id iN ({$groups})";
$modules = SQL_AllRows($sq, 'module');
$AGkeys = array_keys($AGMENU);
foreach ($AGkeys as $AGkey) {
if (!isset($modules[$AGkey])) {
unset($AGMENU[$AGkey]);
}
}
// Now recurse the remaining modules and do the same trick
// for each one, removing the tables that don't exist
foreach ($AGMENU as $module => $moduleinfo) {
$sq = "SELECT DISTINCT table_id\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND module = '{$module}'\n AND group_id iN ({$groups})";
$tables = SQL_AllRows($sq, 'table_id');
$tkeys = array_keys($moduleinfo['items']);
foreach ($tkeys as $tkey) {
if (!isset($tables[$tkey])) {
unset($AGMENU[$module]['items'][$tkey]);
}
}
}
// KFD 12/18/06. Put all table permissions into session
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND nomenu='N'", 'table_id');
SessionSet('TABLEPERMSMENU', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permsel='Y'", 'table_id');
SessionSet('TABLEPERMSSEL', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permins='Y'", 'table_id');
SessionSet('TABLEPERMSINS', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permupd='Y'", 'table_id');
SessionSet('TABLEPERMSUPD', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permdel='Y'", 'table_id');
SessionSet('TABLEPERMSDEL', array_keys($table_perms));
//echo "<div style='background-color:white'>";
//echo "$uid $groups $group_id_eff";
//hprint_r(SessionGet('TABLEPERMSMENU'));
//hprint_r(SessionGet('TABLEPERMSSEL'));
//echo "</div>";
// KFD 7/9/07, we always use joomla templates now, don't need
// options to turn them off
//if(defined('_ANDROMEDA_JOOMLA')) {
// In a hybrid situation, put the menu into the session
SessionSet('AGMENU', $AGMENU);
//}
$HTML_Menu = "";
$WML_Menu = "";
/*
foreach ($AGMENU as $key=>$module) {
//if($key=="datadict") continue;
//if($key=="sysref") continue;
$HTML_Module="";
$WML_Module="";
foreach($module["items"] as $itemname=>$item) {
if (!isset($item["mode"])) { $item["mode"]="normal"; }
switch ($item["mode"]) {
case "normal":
$ins=false;
$extra=array();
if($item['menu_parms']<>'') {
$aextras=explode('&',$item['menu_parms']);
foreach($aextras as $aextra) {
list($var,$value)=explode("=",$aextra);
$extra[$var]=$value;
}
}
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,$ins,$extra
);
$WML_Module.="<div>";
$WML_Module.=hLink(
'',$item['description'],'?gp_page='.$itemname
);
$WML_Module.="</div>";
break;
case "ins":
//if ($admin || isset($tables_ins[$item["name"]])) {
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,true
);
//}
break;
#$HTML_Module.=
# "\n<font class=\"tablename\">- <a href=\"index.php?gp_page=".$itemname."\">".
# $item["description"]."</a></font><br />";
}
}
// the module is defined AFTER its contents so it can be
// left off if it has no entries
if ($HTML_Module!="") {
$HTML_Menu.=$this->_MenuModule($module['description']);
$HTML_Menu.=$HTML_Module;
}
if ($WML_Module!="") {
$WML_Menu.="<div><b>".$module['description']."</b></div>";
$WML_Menu.=$WML_Module;
}
}
*/
DynamicSave("menu_" . $uid . ".php", $HTML_Menu);
DynamicSave("menu_wml_" . $uid . ".php", $WML_Menu);
// -------------------------------------------------------------------
// Fetch and cache user preferences
if (vgaGet('member_profiles')) {
cacheMember_Profiles();
}
// -------------------------------------------------------------------
// Now find the user's table permissions more precisely table by table
$sql = "select p.table_id,\n\t\t\t\tmax(case when p.permins='Y' then 1 else 0 end) as permins,\n\t\t\t\tmax(case when p.permupd='Y' then 1 else 0 end) as permupd,\n\t\t\t\tmax(case when p.permdel='Y' then 1 else 0 end) as permdel,\n\t\t\t\tmax(case when p.permsel='Y' then 1 else 0 end) as permsel\n\t\t\t\tfrom zdd.perm_tabs P\n\t\t\t\tWHERE group_id in ({$groups})\n\t\t\t\tGROUP BY p.table_id";
//echo $sql;
$results = SQL($sql);
$HTML_Perms = "<?php\n\$table_perms = array();\n";
while ($row = SQL_FETCH_ARRAY($results)) {
$tn = $row["table_id"];
$ti = $row["permins"];
$tu = $row["permupd"];
$td = $row["permdel"];
$ts = $row["permsel"];
$HTML_Perms .= "\$table_perms[\"{$tn}\"]=array(\"ins\"=>{$ti},\"upd\"=>{$tu},\"del\"=>{$td},\"sel\"=>{$ts});\n";
}
$HTML_Perms .= "?>\n";
DynamicSave("perms_" . $uid . ".php", $HTML_Perms);
/* October 28, 2006, KFD. Rem'd this all out, column and row security
made this irrelevant
// -------------------------------------------------------------------
// Find out if this user has any UID Columns, columns that create
// filters on the user's UID
$sql = "Select column_id FROM groupuids WHERE group_id IN ($groups)";
//echo $sql;
$results = SQL($sql);
$groupuids = array();
while ($row = SQL_FETCH_ARRAY($results)) {
//echo "Found this one".$row["column_id"];
$groupuids[$row["column_id"]] = $row["column_id"];
}
SessionSet("groupuids",$groupuids);
*/
scDBConn_Pop();
return;
}
/**
name:SQLX_Insert
parm:string/array table
parm:array Row
parm:bool Rewrite_Skey
parm:bool Clip_Fields
returns:int
In its most basic form, this routine accepts a [[Row Array]]
and attempts to insert it into a table. Upon success, the routine
returns the skey value of the new row.
The first entry can be either a [[Table Reference]] or the name of
a table. The second entry is always a [[Row Array]]. This function
makes use of the dictionary to determine the correct formatting of all
columns, and ignores any column in the [[Row Array]] that is not
in the table.
The third parameter is used by the framework, and should always be
false. If the third parameter is set to true, then this routine
executes a [[gpSet]] with the value of skey for the new row, making
it look like this row came from the browser.
If the fourth parameter is true, values are clipped to column width
to prevent overflows. This almost guarantees the insert will succeed,
but should only be done if it is acceptable to throw away the ends of
columns.
*/
function SQLX_Insert($table, $colvals, $rewrite_skey = true, $clip = false)
{
# KFD 6/12/08, use new and improved
errorsClear();
if (!is_array($table)) {
$table = DD_TableRef($table);
}
$table_id = $table["table_id"];
$view_id = ddTable_idResolve($table_id);
$tabflat =& $table["flat"];
$new_cols = "";
$new_vals = "";
foreach ($tabflat as $colname => $colinfo) {
if (isset($colvals[$colname])) {
//if($colvals[$colname]<>'') {
if (DD_ColInsertsOK($colinfo, 'db')) {
# KFD 6/18/08, % signs really mess things up
#if(strpos($colvals[$colname],'%')!==false) {
# ErrorAdd("The % sign may not be in a saved value");
# vgfSet('ErrorRow_'.$table_id,$colvals);
# return 0;
#}
$cliplen = $clip ? $colinfo['colprec'] : 0;
$new_cols .= ListDelim($new_cols) . " " . $colname;
$new_vals .= ListDelim($new_vals) . " " . SQL_FORMAT($colinfo["type_id"], $colvals[$colname], $cliplen);
}
//}
}
}
if (!Errors()) {
$sql = "INSERT INTO " . $view_id . " ({$new_cols}) VALUES ({$new_vals})";
}
x4Debug($sql);
x4Debug(SessionGet('UID'));
// ERRORROW CHANGE 5/30/07, big change, SQLX_* routines now save
// the row for the table if there was an error
$errflag = false;
SQL($sql, $errflag);
if ($errflag) {
vgfSet('ErrorRow_' . $table_id, $colvals);
}
$notices = pg_last_notice($GLOBALS["dbconn"]);
$retval = 0;
$matches = array();
# KFD 10/18/08. This venerable line has been quietly working forever,
# until today! The problem turned out to be the table
# name had a number in it, which screwed it up! So
# I've changed one line here.
#preg_match_all("/SKEY(\D*)(\d*);/",$notices,$matches);
preg_match_all("/SKEY(.*\\s)(\\d*);/iu", $notices, $matches);
if (isset($matches[2][0])) {
$retval = $matches[2][0];
if ($rewrite_skey) {
gpSet("gp_skey", $matches[2][0]);
gpSet("gp_action", "edit");
}
}
// Possibly cache the row
$cache_pkey0 = vgfget('cache_pkey', array());
$cache_pkey = array_flip($cache_pkey0);
if (isset($cache_pkey[$table_id])) {
CacheRowPut($table, $colvals);
}
return $retval;
}
function xajax()
{
if (gp('gp_xajax') != '1') {
return $this->xAjaxColSave();
}
// No conditionals here, this is always ajax
echo "xajax|";
$tid = gp('gp_table_id');
$parms['gp_table_id'] = $tid;
$parms['gp_page'] = 'x_import';
$parms['gp_xajax'] = '1';
$parms['gp_map'] = gp('gp_map', '');
//$a1=aFromgp('gp_');
//hprint_r($a1);
//$a2=aFromgp('txt_');
//hprint_r($a2);
// Look for a map delete command
if (gpExists('gp_del')) {
SQL("Delete from importmaps where importmap=" . SQLFC(gp('gp_del')));
if (gp('gp_del') == gp('gp_map')) {
gpSet('gp_map', '');
$parms['gp_map'] = '';
}
}
// Look for a map insert command. If found and works, automatically
// select this as the map we want.
$row = aFromGP('txt_');
if (count($row) > 0 && gpExists('gp_new')) {
$dd = DD_TableRef('importmaps');
$row['table_id'] = gp('gp_table_id');
SQLX_Insert($dd, $row);
if (!Errors()) {
gpSet('gp_map', $row['importmap']);
$parms['gp_map'] = gp('gp_map');
}
}
// Display a list of maps we may use
$maps = SQL_AllRows("Select importmap,name_prefix from importmaps\n where table_id=" . SQLFC($tid), 'importmap');
//hprint_r($maps);
?>
<h2>Map Selection</h2>
<p>Please choose a map to use. If no map exists, please create
a new one. After a map is chosen you can map individual columns.
</p>
<table id="x2data1">
<thead>
<tr><th>Map Name
<th>Select
<th>Delete
</thead>
<tbody>
<?php
foreach ($maps as $map) {
$px = $parms;
$px['gp_map'] = $map['importmap'];
$hp1 = http_build_query($px);
$px['gp_del'] = $map['importmap'];
$hp2 = http_build_query($px);
echo $map['importmap'] == $parms['gp_map'] ? '<tr class="hilite">' : '<tr>';
?>
<td><?php
echo $map['importmap'];
?>
<td><a href="javascript:andrax('?<?php
echo $hp1;
?>
')">Select</a>
<td><a href="javascript:andrax('?<?php
echo $hp2;
?>
')">Delete</a>
<?php
}
// Now the row for a new entry
$px = $parms;
$px['gp_new'] = 1;
$hp = "'?" . http_build_query($px);
$hp .= "&txt_importmap='+ob('txt_importmap').value";
?>
<tr><td><input name="txt_importmap" id="txt_importmap">
<td>
<td><a href="javascript:andrax(<?php
echo $hp;
?>
)">Create</a>
</table>
<?php
// If they have not picked a map, we are done. If we continue
// we will let them pick individual columns.
if ($parms['gp_map'] == '') {
return;
}
// Get column listing from dictionary
$dd = DD_TableRef(gp('gp_table_id'));
$cols = array_keys($dd['flat']);
// Get cols available from import
$fi = SessionGet('importfile');
$FILE = fopen($fi['uname'], 'r');
$sline = fsGets($FILE);
$aline = explode('|', $sline);
array_unshift($aline, '');
$aline = array_combine($aline, $aline);
// make keys and values the same
fclose($FILE);
// Get current map
$mapcols = SQL_AllRows("Select column_id,column_id_src FROM importmapcolumns\n WHERE importmap=" . SQLFC(gp('gp_map')) . "\n AND table_id =" . SQLFC(gp('gp_table_id')), 'column_id');
?>
<hr />
<h2>Individual Column Mappings</h2>
<table id="x2data1">
<thead><tr><th>Destination Column</td>
<th>Caption</td>
<th>Source Column</td>
</thead>
<tbody>
<?php
foreach ($cols as $col) {
$value = ArraySafe($mapcols, $col, array());
$value = ArraySafe($value, 'column_id_src', '');
$px = $parms;
$px['gp_xajax'] = $col;
$andrax = "?" . http_build_query($px);
$extra = "onchange=\"andrax('{$andrax}&gp_xval='+this.value)\"";
$hSelect = hSelectFromAA($aline, 'anycol', $value, $extra);
if ($dd['flat'][$col]['uino'] != 'Y') {
?>
<tr><td><?php
echo $col;
?>
<td><?php
echo $dd['flat'][$col]['description'];
?>
<td><?php
echo $hSelect;
?>
<?php
}
}
?>
</tbody>
</table>
<?php
$href = '?gp_page=x_import&gp_table_id=' . $tid . '&gp_fbproc=1' . '&gp_map=' . $parms['gp_map'];
?>
<hr />
<h2>File Process</h2>
<p>The file <?php
echo $fi['name'];
?>
was uploaded, size
<?php
echo number_format($fi['size']);
?>
bytes.
</p>
<p><a href="javascript:SetAndPost('gp_nofile',1)">
Upload A Different File
</a>
</p>
<p><a href="javascript:Popup('<?php
echo $href;
?>
')">Process Now</a>
</p>
<?php
}
function main()
{
// ------------------------------------------------
// Branch out to ajax handling functions
if (gpExists('fwajax')) {
return $this->FWAjax();
}
// ...early return
// ------------------------------------------------
// Public sites can turn off table maintenance pages
if (vgfGet('suppress_maintenance', false)) {
return;
}
vgfset('maintenance', true);
# KFD 2/17/09 Sourceforge 2546056
# If we are in default main code branch, and
# there is no data dictionary, the user has
# called a bad page.
if (!isset($this->table['projections'])) {
?>
<h1>Bad Page Request</h1>
<p>There is no page <?php
echo hx(gp('gp_page'));
?>
<?php
return;
}
// If a "fk jump", retrieve skey and make it look
// like an edit call.
if (gp('gp_pk') != '') {
$pkval = gp("gp_pk");
$pkcol = $this->table["pks"];
$pktyp = $this->table['flat'][$pkcol]["type_id"];
$table_id = $this->table["table_id"];
// KFD 10/26/06, used to be $table_id
$sq = "SELECT skey FROM " . $this->view_id . " WHERE " . $pkcol . " = " . SQL_Format($pktyp, $pkval);
gpSet('gp_skey', SQL_OneValue('skey', $sq));
gpSet('gp_mode', 'upd');
}
// If we were invoked by a child table, don't do this
if (is_null($this->table_obj_child)) {
// KFD 10/26/06, keep as $table_id
Hidden('gp_page', $this->table_id);
// always return to same page
Hidden('gp_mode', '');
Hidden('gp_skey', '');
Hidden('gp_action', '');
Hidden('gp_save', '');
hidden('gp_copy', '');
}
// Work out what to do if mode is blank. Might mean
// upd, might mean browse.
$mode = gp('gp_mode');
$skey = gp('gp_skey');
if ($mode == '') {
$mode = $this->MainCheckForMover();
if ($mode == '') {
$mode = $skey == '' ? 'browse' : 'upd';
gpSet('gp_mode', $mode);
}
}
$this->mode = $mode;
// KFD 8/13/07, Experimental COPY ability
if (gp('gp_action') == 'copy') {
$mode = 'ins';
gpSet('gp_mode', 'ins');
}
switch ($mode) {
case 'search':
$this->PageSubtitle .= " (Lookup Mode)";
break;
case 'ins':
$this->PageSubtitle .= " (New Entry)";
break;
}
// ----------------------------------------------
// Generate the main HTML elements
if ($mode == 'browse') {
$this->hBrowse();
} elseif ($mode == 'mover') {
$this->hMover();
} else {
$this->hBoxes($mode);
}
if ($mode != "mover") {
$this->hButtonBar($mode);
}
$this->hLinks($mode);
$this->hExtra($mode);
// Now if this is a child table in a 1:M, it will not actually
// output its own stuff, it will invoke its parent, so let's
// buffer the output
if ($this->table_id_parent != '') {
ob_start();
}
// Echo out the HTML
$this->ehMain();
// Put this out at end, after all HTML has been output
if ($mode == "search") {
//$controls=vgfGet('gpControls');
$controls = ContextGet('OldRow');
$hScript = '';
foreach ($controls as $key => $info) {
$hScript .= "\nob('x2t_{$key}').value='';";
}
jqDocReady("function clearBoxes() { \n" . $hScript . "}\n\n");
}
// Again, if this is a child table in a 1:M, capture the output and
// make it the responsibility of the parent
if ($this->table_id_parent != '') {
$this->h['Complete'] = ob_get_clean();
// Wipe out and replace all gp variables, fool the parent object
$OldRow = ContextGet('OldRow', array());
$gpsave = aFromGP('gp_');
gpUnsetPrefix('gp_');
$dd = ContextGet('drilldown', array());
$dd1 = array_pop($dd);
gpSet('gp_skey', $dd1['skey']);
// Now invoke the parent object, tell it about us
$object = objPage($this->table_id_parent);
$object->table_obj_child = $this;
$object->main();
// Replace the wiped out gp variables
gpUnsetPrefix('gp_');
gpSetFromArray('gp_', $gpsave);
ContextSet('OldRow', $OldRow);
// Force the menu to come from the parent
vgaSet('menu_selected', $this->table_id_parent);
}
}
function MD5_ForgotPage3()
{
$UID = gp('uid');
$md5 = gp('md5');
$pw1 = gp('pw1');
$pw2 = gp('pw2');
fwLogEntry('1025', 'PW Change Attempt', $UID);
if ($pw1 != $pw2) {
ErrorAdd("Password values did not match");
}
if (strlen($pw1) < 6) {
ErrorAdd("Password must be at least 5 characters");
}
if (!preg_match("/[0-9]/", $pw1)) {
ErrorAdd("Password must contain at least one numeric digit");
}
if (!preg_match("/[a-z]/", $pw1)) {
ErrorAdd("Password must contain at least one lower case character");
}
if (!preg_match("/[A-Z]/", $pw1)) {
ErrorAdd("Password must contain at least one upper case character");
}
if (strpos(strtolower($pw1), strtolower($UID)) !== false) {
ErrorAdd("You cannot use your user_id in your password!");
}
if (Errors()) {
echo hErrors();
gpSet('gpp', '2');
ErrorsClear();
return;
}
$row = array('user_id' => $UID, 'md5' => $md5, 'member_password' => $pw1);
SQLX_Insert('users_pwverifies', $row);
if (Errors()) {
echo hErrors();
gpSet('gpp', '2');
ErrorsClear();
return;
} else {
fwLogEntry('1026', 'PW Change Success', $UID);
?>
<p>Your password has been set, you can now
<a href="?gp_page=x_login">Login</a>.
<?php
}
}
function browseFetch()
{
$mtime = microtime(true);
$table_id = $this->dd['table_id'];
$tabPar = gp('tableIdPar');
# This is the list of columns to return. Maybe override
# if there is something specific named for this table
$acols = explode(',', $this->dd['projections']['_uisearch']);
if ($tabPar != '') {
if (isset($this->dd['projections']['child_' . $tabPar])) {
$acols = explode(',', $this->dd['projections']['child_' . $tabPar]);
}
}
# By default the search criteria come from the
# variables, unless it is a child table search
$vals = aFromGP('x6w_');
$awhere = array();
$projSort = '';
if ($tabPar == '') {
$vals2 = array();
} else {
$vals2 = $this->fetchParent();
$vals = array_merge($vals, $vals2);
# KFD 12/27/08, if the sortdesc flag has been set on any
# columns in the projection, those columns
# become the default sort. Work it up here
# and set them aside.
$proj = 'child_' . $tabPar;
$aprojSort = array();
if (isset($this->dd['projdetails'][$proj])) {
foreach ($this->dd['projdetails'][$proj] as $column => $sortasc) {
if ($sortasc == 'Y') {
$aprojSort[] = "+{$column}";
}
if ($sortasc == 'N') {
$aprojSort[] = "-{$column}";
}
}
}
$projSort = implode(",", $aprojSort);
}
# Build the where clause
#
$this->flat = $this->dd['flat'];
$allowNoFilters = false;
foreach ($vals as $column_id => $colvalue) {
if (!isset($this->flat[$column_id])) {
continue;
}
if ($colvalue == '*') {
$awhere = array();
# KFD 2/17/09 Sourceforge 2609083
# Doing this returned all rows on regular
# searches. Whatever it was for, it cannot
# be done here this way.
#gpSet('xReturnAll','Y');
$allowNoFilters = true;
break;
}
$colinfo = $this->flat[$column_id];
$exact = isset($vals2[$column_id]);
$expre = gp('x6exactPre', 0);
//$tcv = trim($colvalue);
$tcv = $colvalue;
$type = $colinfo['type_id'];
if ($tcv != "") {
if ($exact) {
gpSet('x6exactPre', 1);
}
// trap for a % sign in non-string
$xwhere = sqlFilter($this->flat[$column_id], $tcv);
if ($xwhere != '') {
$awhere[] = "({$xwhere})";
}
if ($exact && $expre == 0) {
gpUnset('x6exactpre');
}
}
}
# <----- RETURN (MAYBE)
# Sourceforge 2612788 - this is actually an exit, not
# a return.
if (count($awhere) == 0) {
if (gp('xReturnAll', 'N') == 'N' && !$allowNoFilters) {
exit;
}
}
# Generate the limit
$SLimit = ' LIMIT 100';
if ($tabPar != '') {
if (a($this->dd['fk_parents'][$tabPar], 'uiallrows', 'N') == 'Y') {
$SLimit = ' LIMIT 100';
}
}
if (gp('xReturnAll', 'N') == 'Y') {
$SLimit = '';
}
# Build the Order by
#
$ascDesc = gp('sortAD') == 'ASC' ? ' ASC' : ' DESC';
$aorder = array();
$searchsort = '';
if (gpExists('sortAsc')) {
x6Debug(gp('sortAsc'));
$ascDesc = gp('sortAsc') == 'true' ? ' ASC' : ' DESC';
$aorder[] = gp('sortCol') . ' ' . gp('sortAD');
} else {
# KFD 12/27/08, Use the search sort that was
# set aside above if it is there
$searchsort = $projSort == '' ? trim(arr($this->dd, 'uisearchsort', '')) : $projSort;
}
if ($searchsort != '') {
$aocols = explode(",", $searchsort);
foreach ($aocols as $pmcol) {
$char1 = substr($pmcol, 0, 1);
$column_id = substr($pmcol, 1);
if ($char1 == '+') {
$aorder[] = $column_id . ' ASC';
} else {
$aorder[] = $column_id . ' DESC';
}
}
$SQLOrder = " ORDER BY " . implode(',', $aorder);
} else {
# KFD 6/18/08, new routine that works out sort
$aorder = sqlOrderBy($vals);
if (count($aorder) == 0) {
$SQLOrder = '';
} else {
$SQLOrder = " ORDER BY " . implode(',', $aorder);
}
}
# just before building the query, drop out
# any columns that have a table_id_fko to the parent
foreach ($acols as $idx => $column_id) {
if ($this->flat[$column_id]['table_id_fko'] == $tabPar && $tabPar != '') {
unset($acols[$idx]);
}
}
// Build the where and limit
if (count($awhere) == 0) {
$SWhere = '';
} else {
$SWhere = ' WHERE ' . implode(' AND ', $awhere);
}
// Retrieve data
#$SQL ="SELECT skey,".implode(',',$acols)
# KFD 11/15/08. We can actually select *, because the grid
# works out what columns it needs, and we
# don't want to accidentally reduce the column
# list and exclude something it needs.
$SQL = "SELECT * " . " FROM " . $this->dd['viewname'] . $SWhere . $SQLOrder . $SLimit;
$answer = SQL_AllRows($SQL);
# These parameters have to be sent from the back. They
# figure everything out.
$sortable = gp('xSortable', 'N') == 'Y';
$gridHeight = gp('xGridHeight', 500);
$lookups = gp('xLookups', 'N') == 'Y';
$edit = 0;
$childedit = in_array($this->dd['x6childwrites'], array('Y', 'grid'));
if ($tabPar != '' && $childedit) {
$edit = 1;
}
# The button bar is either a 1/0 or a list of buttons.
# Make the simple setting first, then possibly override
$bb = gp('xButtonBar', 'N') == 'Y' || $edit;
if ($tabPar != '' && $this->dd['x6childwrites'] == 'detail') {
$bb = 'new';
}
# Now grab us a grid
$grid = new androHTMLGrid($gridHeight, $table_id, $lookups, $sortable, $bb, $edit);
$this->gridGeneric($grid, $this->dd, $tabPar, $vals2);
$grid->addData($answer);
$grid->hp['x6profile'] = 'grid';
# Put some important properties on the grid!
$grid->ap['xGridHeight'] = $gridHeight;
$grid->ap['xReturnAll'] = gp('xReturnAll', 'N');
if ($tabPar != '') {
$grid->ap['x6tablePar'] = $tabPar;
}
# If they asked for the entire grid, send it back
# as *MAIN* and let the browser put it where it belongs
if (gp('sendGrid', 0) == 1) {
if (count($answer) == 0) {
$grid->noResults();
}
x6html('*MAIN*', $grid->bufferedRender());
return;
}
# ..otherwise just send the body back. But kill
# any script they created.
if (count($answer) == 0) {
$grid->noResults();
}
$mtimer = microtime(true);
$grid->dbody->render();
exit;
}
function index_hidden_page()
{
global $AG;
$sessok = !LoggedIn() ? false : true;
// KFD 3/6/08, moved here from the main stream of index_hidden
// because these are relevant only to page processing
if (gpExists('x_module')) {
SessionSet('AGMENU_MODULE', gp('x_module'));
} elseif (vgaGet('nomodule') != '' && SessionGet('AGMENU_MODULE') == '') {
SessionSet('AGMENU_MODULE', vgaGet('nomodule'));
}
// If the search flag is set, we need to know what class for this
// application handles searchs
if (gpExists('gp_search')) {
gpSet('gp_page', vgaGet('SEARCH_CLASS'));
}
// Load up a list of pages that public users are allowed to see,
// with home and password always there.
global $MPPages;
// allows it to be in applib
$MP = array();
//$MPPages= array();
// This is the old method, load $MPPages from its own file
if (file_exists_incpath('appPublicMenu.php')) {
include_once 'appPublicMenu.php';
}
if (!is_array($MPPages)) {
$MPPages = array();
}
$MPPages['x_home'] = 'Home Page';
$MPPages['x_login'] = '******';
$MPPages['x_noauth'] = 'Authorization Required';
$MPPages['x_password'] = "******";
$MPPages['x_mpassword'] = "******";
$MPPages['x_paypalipn'] = 'Paypal IPN';
// If the install page exists, it will be used, no getting
// around it.
$install = $GLOBALS['AG']['dirs']['application'] . 'install.php';
$instal2 = $GLOBALS['AG']['dirs']['application'] . 'install.done.php';
if (file_exists($install)) {
if (gp('gp_install') == 'finish') {
rename($install, $instal2);
} else {
$MPPages['install'] = 'install';
gpSet('gp_page', 'install');
}
}
// First pass is to look for the "flaglogin" flag. This says save all
// current page settings and go to login screen. They will be restored
// on a successful login. Very useful for links that say "Login to
// see nifty stuff..."
if (gp('gp_flaglogin') == '1') {
gpSet('gp_flaglogin', '');
gpToSession();
gpSet('gp_page', 'x_login');
}
// Second pass redirection, pick default page if there
// is none, and verify public pages.
//
$gp_page = gp('gp_page');
if ($gp_page == '') {
if (vgfGet('LoginAttemptOK') === true && vgfGet('x4') === true) {
$gp_page = 'x4init';
gpSet('gp_page', 'x4init');
SessionSet('TEMPLATE', 'x4');
} else {
if (function_exists('appNoPage')) {
$gp_page = appNoPage();
} else {
if (!LoggedIn()) {
$gp_page = FILE_EXISTS_INCPATH('x_home.php') ? 'x_home' : 'x_login';
} else {
// KFD 3/2/07, pull vga stuff to figure defaults
if (vgaGet('nopage') != '') {
$gp_page = vgaGet('nopage');
} else {
$gp_page = 'x_welcome';
}
}
}
}
}
// If they are trying to access a restricted page and are not
// logged in, cache their request and redirect to login page
if (!$sessok && !isset($MPPages[$gp_page])) {
if (vgfGet('loglogins', false)) {
fwLogEntry('1014', 'Page access w/o login', $gp_page);
}
gpToSession();
$gp_page = 'x_login';
}
// If pos is activated and the current requested page does not
// match what they are cleared for, redirect to login
if (vgaGet('POS_SECURITY', false) == true && SessionGet('ADMIN') == false) {
if (SessionGet('POS_PAGE', '', 'FW') != $gp_page) {
gpToSession();
$gp_page = 'x_login';
}
}
gpSet('gp_page', $gp_page);
// Make any database saves. Do this universally, even if save
// was not selected. If errors, reset to previous request.
//if(gp('gp_save')=='1') processPost();
processPost();
if (Errors()) {
gpSetFromArray('gp_', aFromGp('gpx_'));
}
// Put Userid where HTML forms can find it
//vgfSet("UID",SessionGet("UID"));
//if (vgfSet("UID")=="") { vgfSet("UID","Not Logged In"); }
// THIS IS NEWER X_TABLE2 version of drilldown commands,
// considerably simpler than the older ones. It makes use of
// three gp_dd variables.
//
// Notice how we process drillbacks FIRST, allowing a link
// to contain both drillback and drilldown, for the super-nifty
// effect of a "drill-across"
hidden('gp_dd_page');
hidden('gp_dd_skey');
hidden('gp_dd_back');
if (intval(gp('gp_dd_back')) > 0 && $sessok) {
// this is drillback
$dd = ContextGet('drilldown', array());
$back = intval(gp('gp_dd_back'));
if (count($dd) >= $back) {
$spot = count($dd) - $back;
$aback = $dd[$spot];
gpSet('gp_skey', $aback['skey']);
gpSet('gp_page', $aback['page']);
$gp_page = $aback['page'];
gpSet('gpx_skey', $aback['skey']);
gpSet('gpx_page', $aback['page']);
gpSetFromArray('parent_', $aback['parent']);
if (!gpExists('gp_mode')) {
gpSet('gp_mode', 'upd');
}
$dd = $spot == 0 ? array() : array_slice($dd, 0, $spot);
ContextSet('drilldown', $dd);
ContextSet('drilldown_top', $aback['page']);
//ContextSet('drilldown_level',count($dd));
}
}
if (gp('gp_dd_page') != '' && $sessok) {
// this is drilldown...
$matches = DrillDownMatches();
$matches = array_merge($matches, aFromGP('parent_'));
$dd = ContextGet('drilldown', array());
$newdd = array('matches' => $matches, 'parent' => aFromGP('parent_'), 'skey' => gp('gpx_skey'), 'page' => gp('gpx_page'));
$dd[] = $newdd;
ContextSet('drilldown', $dd);
ContextSet('drilldown_top', gp('gp_dd_page'));
//ContextSet('drilldown_level',count($dd));
// having saved the stack, redirect to new page.
$tnew = gp('gp_dd_page');
$gp_page = $tnew;
gpSet('gp_page', $tnew);
if (gp('gp_dd_skey') != '') {
gpSet('gp_skey', gp('gp_dd_skey'));
gpSet('gp_mode', 'upd');
}
// Clear search of new page, set filters to blank
processPost_TableSearchResultsClear($tnew);
ConSet('table', $tnew, 'search', array());
}
// If no drilldown commands were received, and we are not on
// the page that is the top, user must have picked a new page
// altogether, wipe out the drilldown stack
if (gp('gp_page') != ContextGet('drilldown_top', '')) {
ContextSet('drilldown', array());
ContextSet('drilldown_top', '');
}
// Must always have these on the user's form. These can
// be retired with x_Table, they are for old drilldown
//
hidden("dd_page", "");
hidden("dd_ddc", "");
hidden("dd_ddv", "");
hidden("dd_ddback", "");
hidden("dd_action", "searchexecute");
hidden("dd_skey", "");
// Load user preferences just before display
UserPrefsLoad();
$dir = $GLOBALS['AG']['dirs']['root'] . 'application/';
if (file_exists($dir . $gp_page . ".page.yaml")) {
include 'androPage.php';
$obj_page = new androPage();
if ($obj_page->flag_buffer) {
ob_start();
}
$obj_page->main($gp_page);
if ($obj_page->flag_buffer) {
vgfSet("HTML", ob_get_clean());
//ob_end_clean();
}
vgfSet("PageSubtitle", $obj_page->PageSubtitle);
} else {
$obj_page = DispatchObject($gp_page);
if ($obj_page->flag_buffer) {
ob_start();
}
$obj_page->main();
if ($obj_page->flag_buffer && vgfGet('HTML') == '') {
vgfSet("HTML", ob_get_contents());
ob_end_clean();
}
vgfSet("PageSubtitle", $obj_page->PageSubtitle);
}
// Save context onto the page. Note that it is not really
// protected by these methods, just compressed and obscured.
//
$t2 = serialize($GLOBALS['AG']['clean']['gpContext']);
$t2 = gzcompress($t2);
$t2 = base64_encode($t2);
Hidden('gpContext', $t2);
// KFD 3/7/07, give the app the final opportunity to process
// things before the display, while logged in.
if (function_exists('appdisplaypre')) {
appDisplayPre();
}
// ...and write output and we are done. Assume if there was
// no buffering that the output is already done.
if ($obj_page->flag_buffer != false) {
// Work out what template we are using
index_hidden_template('x2');
// KFD 5/30/07, send back only main content if asked
if (gp('ajxBUFFER') == 1) {
echo "andromeda_main_content|";
ehStandardContent();
echo "|-|_focus|" . vgfGet('HTML_focus');
$ajax = ElementReturn('ajax', array());
echo '|-|' . implode('|-|', $ajax);
echo '|-|_title|' . vgfGet('PageTitle');
} elseif (defined('_VALID_MOS')) {
// This is the default branch, using a Joomla template
// DUPLICATE ALERT: This code copied into
// index_hidden_x4Dispatch() above
global $J;
$mainframe = $J['mainframe'];
$my = $J['my'];
$mosConfig_absolute_path = $J['mC_absolute_path'];
$mosConfig_live_site = $J['mC_live_site'];
$template_color = $J['template_color'];
$template_color = 'red';
$file = $GLOBALS['AG']['dirs']['root'] . '/templates/' . $mainframe->GetTemplate() . "/index.php";
include $file;
} elseif ($obj_page->html_template !== '') {
// This is newer style, let the class specify the template.
include $obj_page->html_template . '.php';
} else {
// This is old style, defaults to "html_main.php", can be
// set also by vgaSet() or by gp(gp_out)
$html_main = vgaGet('html_main') == '' ? 'html_main' : vgaGet('html_main');
switch (CleanGet("gp_out", "", false)) {
case "print":
include "html_print.php";
break;
case "info":
include "html_info.php";
break;
case "":
include $html_main . ".php";
break;
default:
}
}
}
}
function main()
{
gpSet('gp_posted', '1');
$this->main_pr_execute();
}
