Example #1
0
 // Load appropriate user level for this disease.
 lovd_isAuthorized('disease', $nID);
 // This call will make database queries if necessary.
 lovd_requireAUTH(LEVEL_CURATOR);
 $sUnit = 'disease';
 $sCategory = 'Phenotype';
 if (POST) {
     $_DB->beginTransaction();
     foreach ($_POST['columns'] as $nOrder => $sColID) {
         $nOrder++;
         // Since 0 is the first key in the array.
         $_DB->query('UPDATE ' . TABLE_SHARED_COLS . ' SET col_order = ? WHERE ' . $sUnit . 'id = ? AND colid = ?', array($nOrder, $nID, $sCategory . '/' . $sColID));
     }
     $_DB->commit();
     // Write to log...
     lovd_writeLog('Event', LOG_EVENT, 'Updated the column order for ' . $sUnit . ' ' . $nID);
     // Thank the user...
     $_T->printHeader();
     $_T->printTitle();
     lovd_showInfoTable('Successfully updated the column order for ' . $sUnit . ' ' . $nID . '!', 'success');
     if (isset($_GET['in_window'])) {
         // We're in a new window, refresh opener en close window.
         print '      <SCRIPT type="text/javascript">setTimeout(\'opener.location.reload();self.close();\', 1000);</SCRIPT>' . "\n\n";
     } else {
         print '      <SCRIPT type="text/javascript">setTimeout(\'window.location.href=\\\'' . lovd_getInstallURL() . $_PE[0] . '/' . $nID . '\\\';\', 1000);</SCRIPT>' . "\n\n";
     }
     $_T->printFooter();
     exit;
 }
 $_T->printHeader();
 $_T->printTitle();
Example #2
0
        $_STAT['update_checked_date'] = $sNow;
        $_STAT['update_version'] = 'Error';
        $_STAT['update_released_date'] = '';
        $_STAT['update_level'] = 0;
        $_STAT['update_description'] = '';
    } elseif (preg_match('/^Package\\s*:\\s*LOVD\\nVersion\\s*:\\s*([1-9]\\.[0-9](\\.[0-9])?\\-([0-9a-z-]{2,11}))(\\nReleased\\s*:\\s*([0-9]{4}\\-[0-9]{2}\\-[0-9]{2}))?\\nPriority\\s*:\\s*([0-9])\\nDescription\\s*:\\s*(.+)$/s', $sUpdates, $aUpdates) && is_array($aUpdates)) {
        // Now update the database - new version detected.
        $_DB->query('UPDATE ' . TABLE_STATUS . ' SET update_checked_date = ?, update_version = ?, update_level = ?, update_description = ?, update_released_date = ?', array($sNow, $aUpdates[1], $aUpdates[6], $aUpdates[7], $aUpdates[5]));
        $_STAT['update_checked_date'] = $sNow;
        $_STAT['update_version'] = $aUpdates[1];
        $_STAT['update_released_date'] = $aUpdates[5];
        $_STAT['update_level'] = $aUpdates[6];
        $_STAT['update_description'] = rtrim($aUpdates[7]);
    } else {
        // Error during update check.
        lovd_writeLog('Error', 'CheckUpdate', 'Could not parse upstream server output:' . "\n" . $sUpdates);
        $_DB->query('UPDATE ' . TABLE_STATUS . ' SET update_checked_date = ?, update_version = "Error", update_level = 0, update_description = "", update_released_date = NULL', array($sNow));
        $_STAT['update_checked_date'] = $sNow;
        $_STAT['update_version'] = 'Error';
        $_STAT['update_released_date'] = '';
        $_STAT['update_level'] = 0;
        $_STAT['update_description'] = '';
    }
}
// Process...
if ($_STAT['update_version'] == 'Error') {
    $sType = 'error';
    $sMessage = 'An error occured while checking for updates. For more information, see the error log. Please try again later.';
} elseif (lovd_calculateVersion($_STAT['update_version']) > lovd_calculateVersion($_SETT['system']['version'])) {
    $sType = 'newer';
    $sMessage = 'There is an update to LOVD available. More information is below.<BR>' . "\n" . '<B>Latest version</B>: ' . $_STAT['update_version'] . '<BR>' . "\n" . '<B>Release date</B>: ' . $_STAT['update_released_date'] . '<BR>' . "\n" . '<B>Priority level</B>: ' . $_SETT['update_levels'][$_STAT['update_level']] . '<BR>' . "\n" . '<B>Release info</B>: ' . str_replace("\n", '<BR>', $_STAT['update_description']) . '<BR>' . "\n" . '<B>Download</B>: <A href="' . dirname($_SETT['update_URL']) . '/download.php?version=' . $_STAT['update_version'] . '&amp;type=tar.gz">GZIPped TARball</A> or <A href="' . dirname($_SETT['update_URL']) . '/download.php?version=' . $_STAT['update_version'] . '&amp;type=zip">ZIP archive</A><BR>' . "\n" . '<A href="' . $_SETT['upstream_URL'] . $_SETT['system']['tree'] . '/changelog.txt" target="_blank">See the changelog</A>' . "\n";
Example #3
0
                 $_DB->query('INSERT INTO ' . TABLE_CURATES . ' VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE allow_edit = VALUES(allow_edit), show_order = VALUES(show_order)', array($nUserID, $sID, (int) in_array($nUserID, $_POST['allow_edit']), in_array($nUserID, $_POST['shown']) ? $nOrder : 0));
                 // FIXME; Without detailed user info we can't include elaborate logging. Would we want that anyway?
                 //   We could rapport things here more specifically because MySQL can tell us if there has been an update (2) or an insert (1) or nothing changed (0).
             } else {
                 // Just sort and update visibility!
                 $_DB->query('UPDATE ' . TABLE_CURATES . ' SET show_order = ? WHERE geneid = ? AND userid = ?', array(in_array($nUserID, $_POST['shown']) ? $nOrder : 0, $sID, $nUserID));
             }
         }
         if (ACTION == 'authorize') {
             // Now everybody should be updated. Remove whoever should no longer be in there.
             $_DB->query('DELETE FROM c USING ' . TABLE_CURATES . ' AS c, ' . TABLE_USERS . ' AS u WHERE c.userid = u.id AND c.geneid = ? AND c.userid NOT IN (?' . str_repeat(', ?', count($_POST['curators']) - 1) . ') AND (u.level < ? OR u.id = ?)', array_merge(array($sID), $_POST['curators'], array($_AUTH['level'], $_AUTH['id'])));
         }
         // If we get here, it all succeeded.
         $_DB->commit();
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, $sLogMessage);
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0] . '/' . $sID);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully updated the curator list!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password fields!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 // Now, build $aCurators, which contains info about the curators currently selected (from DB or, if available, POST!).
Example #4
0
 $zData = $_DATA->loadEntry($nID);
 require ROOT_PATH . 'inc-lib-form.php';
 if (!empty($_POST)) {
     lovd_errorClean();
     // Mandatory fields.
     if (empty($_POST['password'])) {
         lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
     }
     // User had to enter his/her password for authorization.
     if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
         lovd_errorAdd('password', 'Please enter your correct password for authorization.');
     }
     if (!lovd_error()) {
         $_DATA->deleteEntry($nID);
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Deleted announcement ' . $nID . ' (' . $zData['type'] . ') - ' . lovd_shortenString(strip_tags($zData['announcement']), 150));
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully deleted the announcement!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password fields!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #5
0
function lovd_emailError($sErrorCode, $sSubject, $sTo, $bHalt = false)
{
    // Formats email errors for the error log, and optionally halts the system.
    // Format the error message.
    // FIXME; Kan makkelijker??? // Een str_replace() zou ook wel werken... Deze code staat op minimaal 3 plaatsen.
    $sError = preg_replace('/^' . preg_quote(rtrim(lovd_getInstallURL(false), '/'), '/') . '/', '', $_SERVER['REQUEST_URI']) . ' returned error in code block ' . $sErrorCode . '.' . "\n" . 'Error : Couldn\'t send a mail with subject "' . $sSubject . '" to ' . $sTo;
    // If the system needs to be halted, send it through to lovd_displayError() who will print it on the screen,
    // write it to the system log, and halt the system. Otherwise, just log it to the database.
    if ($bHalt) {
        lovd_displayError('SendMail', $sError);
    } else {
        lovd_writeLog('Error', 'SendMail', $sError);
    }
}
Example #6
0
 function getRowCountForViewList($aSQL, $aArgs = array(), $bDebug = false)
 {
     // Attempt to speed up the "counting" part of the VL queries.
     // ViewList queries are counting the number of total hits using the
     // MySQL extension SQL_CALC_FOUND_ROWS. This works well for queries
     // sorted on non-indexed fields, where the query itself also requires a
     // full scan through the results. However,for queries that are normally
     // fast when LIMITed, this slows down the query a lot.
     // This function here will attempt to reduce the given query to a simple
     // SELECT COUNT(*) statement with as few joins as needed, resulting in
     // an as fast query as possible.
     // The $bDebug argument lets this function just return the SQL that is produced.
     global $_DB, $_INI;
     // If we don't have a HAVING clause, we can simply drop the SELECT information.
     $aColumnsNeeded = array();
     $aTablesNeeded = array();
     if (!$aSQL['GROUP_BY'] && !$aSQL['HAVING'] && !$aSQL['ORDER_BY']) {
         $aSQL['SELECT'] = '';
     } else {
         if ($aSQL['GROUP_BY']) {
             // We do have GROUP BY... We'll need to keep only the columns in the SELECT that are aliases,
             // but non-alias columns that are used for grouping must also be kept in the JOIN!
             // Parse GROUP BY! Can be a mix of real columns and aliases.
             if (preg_match_all('/\\b(?:(\\w+)\\.)?(\\w+)\\b/', $aSQL['GROUP_BY'], $aRegs)) {
                 // This code is the same as for the ORDER BY parsing.
                 for ($i = 0; $i < count($aRegs[0]); $i++) {
                     // 1: table referred to (real columns without alias only);
                     // 2: alias, or column name in given table.
                     if ($aRegs[1][$i]) {
                         // Real table. We don't need this in the SELECT unless it's also in the HAVING, but we definitely need this in the JOIN.
                         $aTablesNeeded[] = $aRegs[1][$i];
                     } elseif ($aRegs[2][$i]) {
                         // Alias only. Keep this column for the SELECT. When parsing the SELECT, we'll find out from which table(s) it is.
                         $aColumnsNeeded[] = $aRegs[2][$i];
                     }
                 }
             }
         }
         if ($aSQL['HAVING']) {
             // We do have HAVING, so now we'll have to see what we need to keep, the rest we toss out.
             // Parse HAVING! These are no fields directly from tables, but all aliases, so this parsing is different from parsing WHERE.
             // We don't care about AND/OR or anything... we just want the aliases.
             if (preg_match_all('/\\b(\\w+)\\s(?:[!><=]+|IS (?:NOT )?NULL|LIKE )/', $aSQL['HAVING'], $aRegs)) {
                 $aColumnsNeeded = array_merge($aColumnsNeeded, $aRegs[1]);
             }
         }
         if ($aSQL['ORDER_BY']) {
             // We do have ORDER BY... We'll need to keep only the columns in the SELECT that are aliases,
             // but non-alias columns that are used for sorting must also be kept in the JOIN!
             // Parse ORDER BY! Can be a mix of real columns and aliases.
             // Adding a comma in the end, so we can use a simpler pattern that always ends with one.
             // FIXME: Wait, why are we parsing the ORDER_BY??? We can just drop it... and drop the cols which it uses... right?
             if (false && preg_match_all('/\\b(?:(\\w+)\\.)?(\\w+)(?:\\s(?:ASC|DESC))?,/', $aSQL['ORDER_BY'] . ',', $aRegs)) {
                 // This code is the same as for the GROUP BY parsing.
                 for ($i = 0; $i < count($aRegs[0]); $i++) {
                     // 1: table referred to (real columns without alias only);
                     // 2: alias, or column name in given table.
                     if ($aRegs[1][$i]) {
                         // Real table. We don't need this in the SELECT unless it's also in the HAVING, but we definitely need this in the JOIN.
                         $aTablesNeeded[] = $aRegs[1][$i];
                     } elseif ($aRegs[2][$i]) {
                         // Alias only. Keep this column for the SELECT. When parsing the SELECT, we'll find out from which table it is.
                         $aColumnsNeeded[] = $aRegs[2][$i];
                     }
                 }
             }
             // We never need an ORDER BY to get the number of results, so...
             $aSQL['ORDER_BY'] = '';
         }
     }
     $aColumnsNeeded = array_unique($aColumnsNeeded);
     if (!$aColumnsNeeded) {
         $aSQL['SELECT'] = '';
     }
     // Now that we know which columns we should keep, we can parse the SELECT clause to see what we can remove.
     $aColumnsUsed = array();
     // Will contain limited information on the columns defined in the SELECT syntax.
     if ($aSQL['SELECT'] && $aColumnsNeeded) {
         // Analyzing the SELECT. This is quite difficult as we can have simple SELECTs but also really complicated ones,
         // such as GROUP_CONCAT() or subselects. These should all be parsed and needed tables should be identified.
         //                    t.* || t.col                    [t.col || "value" || (t.col ... val) || FUNCTION() || CASE ... END] AS alias
         if (preg_match_all('/(([a-z0-9_]+)\\.(?:\\*|[a-z0-9_]+)|(?:(?:([a-z0-9_]+)\\.[a-z0-9_]+|".*"|[A-Z_]*\\(.+\\)|CASE .+ END) AS +([a-z0-9_]+|`[A-Za-z0-9_\\/]+`)))(?:,|$)/U', $aSQL['SELECT'], $aRegs)) {
             for ($i = 0; $i < count($aRegs[0]); $i++) {
                 // First we'll store the column information, later we'll loop though it to see which tables they refer to.
                 // 1: entire SELECT string incl. possible alias;
                 // 2: table referred to (fields without alias only);
                 // 3: table referred to (simple fields with alias only);
                 // 4: alias, if present.
                 // Try to see which table(s) is/are used here.
                 $aTables = array();
                 $sTable = $aRegs[2][$i] ? $aRegs[2][$i] : $aRegs[3][$i];
                 if ($sTable) {
                     $aTables[] = $sTable;
                 } else {
                     // OK, this was no simple SELECT string. This was GROUP_CONCAT, COUNT() or similar.
                     // Especially (GROUP_)CONCAT can contain quite some different columns and even tables.
                     // Analyzing the field definition... We don't care about its structure or anything... we just want tables.
                     // There should *always* be table aliases, so it's going to be easy.
                     // With subqueries however, this will fail a bit. It will find table aliases that may be of tables in the subquery.
                     //  However, in the worst case scenario it will keep tables that are not necessary to be kept.
                     if (preg_match_all('/\\b(\\w+)\\.(?:`|[A-Za-z]|\\*)/', $aRegs[1][$i], $aRegsTables)) {
                         $aTables = array_unique($aRegsTables[1]);
                     }
                 }
                 // Key: alias or, when not available, the SELECT statement (table.col).
                 $aColumnsUsed[$aRegs[4][$i] ? $aRegs[4][$i] : $aRegs[1][$i]] = array('SQL' => $aRegs[1][$i], 'tables' => $aTables);
                 // We don't need more info anyway.
             }
         }
         // Now, loop the parsed columns, check which fields are needed, rebuild the SELECT statement, and store which tables will be needed.
         $aSQL['SELECT'] = '';
         foreach ($aColumnsUsed as $sCol => $aCol) {
             if (in_array($sCol, $aColumnsNeeded)) {
                 $aSQL['SELECT'] .= (!$aSQL['SELECT'] ? '' : ', ') . $aCol['SQL'];
                 $aTablesNeeded = array_merge($aTablesNeeded, $aCol['tables']);
             }
         }
     }
     // Analyzing the WHERE... We don't care about AND/OR or anything... we just want tables.
     // WHERE clauses *always* contain the table aliases, so it's going to be easy.
     if (preg_match_all('/\\b(\\w+)\\.(?:`|[A-Za-z])/', $aSQL['WHERE'], $aRegs)) {
         $aTablesNeeded = array_merge($aTablesNeeded, $aRegs[1]);
     }
     // When we're running filters on the custom columns, we never use a table alias,
     // because we don't know where the column comes from.
     // To solve this, we must parse the column and fetch the used alias from the query.
     // We're specifically looking for custom columns *not* prefixed by a table alias.
     if (preg_match_all('/[^.](?:`(\\w+)\\/[A-Za-z0-9_\\/]+`)/', $aSQL['WHERE'], $aRegs)) {
         // To not reproduce code, we'll use lovd_getTableInfoByCategory().
         // Loop columns and find tables.
         foreach ($aRegs[1] as $sCategory) {
             $aTableInfo = lovd_getTableInfoByCategory($sCategory);
             if (isset($aTableInfo['table_sql']) && preg_match_all('/' . $aTableInfo['table_sql'] . ' AS (\\w+)\\b/i', $aSQL['FROM'], $aRegsTables)) {
                 $aTablesNeeded = array_merge($aTablesNeeded, $aRegsTables[1]);
             } else {
                 // OK, this really shouldn't happen. Either the column wasn't a
                 // category we recognized, or the SQL was too complicated?
                 // Let's log this.
                 lovd_writeLog('Error', 'LOVD-Lib', 'LOVD_Object::getRowCountForViewList() - Function identified custom column category ' . $sCategory . ', but couldn\'t find corresponding table alias in query.' . "\n" . 'URL: ' . preg_replace('/^' . preg_quote(rtrim(lovd_getInstallURL(false), '/'), '/') . '/', '', $_SERVER['REQUEST_URI']) . "\n" . 'From: ' . $aSQL['FROM']);
             }
         }
     }
     $aTablesNeeded = array_unique($aTablesNeeded);
     // Now, SELECT should be as small as possible. What's left in the SELECT is needed.
     // See which tables we can't remove from the JOIN because they're in SELECT, or because they're in the WHERE.
     // (INNER JOINs will never be removed).
     // Now shorten the JOIN as much as possible!
     // Tables *always* use aliases so we'll just search for those.
     // While matching, we add a space before the FROM so that we can match the first table as well, but it won't have a JOIN statement captured.
     $aTablesUsed = array();
     if (preg_match_all('/\\s?((?:LEFT(?: OUTER)?|INNER) JOIN)?\\s(' . preg_quote(TABLEPREFIX, '/') . '_[a-z0-9_]+) AS ([a-z0-9]+)\\s/', ' ' . $aSQL['FROM'], $aRegs)) {
         for ($i = 0; $i < count($aRegs[0]); $i++) {
             // 1: JOIN syntax;
             // 2: full table name;
             // 3: table alias.
             $aTablesUsed[$aRegs[3][$i]] = array('name' => $aRegs[2][$i], 'join' => $aRegs[1][$i]);
         }
     }
     // Loop these tables in reverse, and remove JOINs as much as possible!
     foreach (array_reverse(array_keys($aTablesUsed)) as $sTableAlias) {
         if (!$aTablesUsed[$sTableAlias]['join'] || in_array($sTableAlias, $aTablesNeeded)) {
             // We've reached a table that we need, abort now.
             break;
             // FIXME: Actually, it's possible that more tables can be left out, although in most cases we're really done now.
             //   To find out, we'd actually need to analyze which tables we're joining together.
         }
         // OK, this table is not needed. Get rid of it.
         if ($aTablesUsed[$sTableAlias]['join'] != 'INNER JOIN' && ($nPosition = strrpos($aSQL['FROM'], $aTablesUsed[$sTableAlias]['join'])) !== false) {
             $aSQL['FROM'] = rtrim(substr($aSQL['FROM'], 0, $nPosition));
             unset($aTablesUsed[$sTableAlias]);
         }
     }
     // If we have no SELECT left, we can surely do a simple SELECT COUNT(*) FROM ... or
     // a SELECT COUNT(*) FROM (SELECT ...)A. We can't do a simple SELECT COUNT(*) if
     // we have a GROUP_BY, because it will separate the counts.
     // In case we still have a SELECT, and we create a subquery while the
     // SELECT has double columns (happens rarely), we get a query error. In
     // that case we could drop the first column's declaration, or otherwise
     // keep using the SQL_CALC_FOUND_ROWS().
     // For now, we'll just take our chances. If this query will fail, LOVD
     // will fall back on the original SQL_CALC_FOUND_ROWS() method.
     $bInSubQuery = false;
     if (!$aSQL['SELECT']) {
         // If we just have one table left, we might be able to drop the GROUP BY.
         // If so, we can use a simple COUNT(*) query instead of a nested one.
         // In 99%, if not all, of the cases we can just drop the GROUP BY since
         // we "always" put it on the first table's ID, but just to be sure:
         if (count($aTablesUsed) == 1 && $aSQL['GROUP_BY'] == current(array_keys($aTablesUsed)) . '.id') {
             // Using one table, and grouping on its ID.
             $aSQL['GROUP_BY'] = '';
         }
         if (!$aSQL['GROUP_BY']) {
             // Simple SELECT COUNT(*) FROM ...
             $aSQL['SELECT'] = 'COUNT(*)';
         } else {
             // We'll have to create a bigger query around this...
             // We'll build that query in the end.
             $bInSubQuery = true;
             $aSQL['SELECT'] = '1';
         }
     } else {
         // SELECT is left (meaning we had a HAVING), we have to use a subquery!
         $bInSubQuery = true;
     }
     // Delete LIMIT, we don't want that anymore...
     $aSQL['LIMIT'] = '';
     $sSQLOut = $this->buildSQL($aSQL);
     // Now, build the subquery if we need it.
     if ($bInSubQuery) {
         $sSQLOut = 'SELECT COUNT(*) FROM (' . $sSQLOut . ')A';
     }
     if ($bDebug) {
         return $sSQLOut;
     }
     // Run the query, fetch the result and return.
     // We'll return false when we failed.
     $nCount = false;
     $qCount = $_DB->query($sSQLOut, $aArgs, false);
     if ($qCount !== false) {
         $nCount = $qCount->fetchColumn();
     }
     if ($nCount === false) {
         // We failed, log this. Actually, why aren't query errors logged if they're not fatal?
         lovd_queryError('QueryOptimizer', $sSQLOut, 'Error in ' . __FUNCTION__ . '() while executing optimized query.', false);
         // As a fallback, use SQL_CALC_FOUND_ROWS() for MySQL instances, or
         // a count() on a full result set otherwise. The latter is super
         // inefficient, and only meant for small SQLite databases.
         if ($_INI['database']['driver'] == 'mysql') {
             $this->aSQLViewList['SELECT'] = 'SQL_CALC_FOUND_ROWS ' . $this->aSQLViewList['SELECT'];
             $this->aSQLViewList['LIMIT'] = '0';
             $_DB->query($this->buildSQL($this->aSQLViewList), $aArgs);
             $nCount = $_DB->query('SELECT FOUND_ROWS()')->fetchColumn();
         } else {
             // Super inefficient, only for low-volume (sqlite) databases!
             $nCount = count($_DB->query($this->buildSQL($this->aSQLViewList), $aArgs)->fetchAllColumn());
         }
     }
     return $nCount;
 }
Example #7
0
     if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
         lovd_errorAdd('password', 'Please enter your correct password for authorization.');
     }
     if (!lovd_error()) {
         // Get genes which are modified before we delete the entry.
         // Only when phenotype, individual and variant are marked or public.
         if ($zData['statusid'] >= STATUS_MARKED) {
             $aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t ' . 'INNER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) ' . 'INNER JOIN ' . TABLE_VARIANTS . ' AS vog ON (vog.id = vot.id) ' . 'INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (s2v.variantid = vog.id) ' . 'INNER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s.id = s2v.screeningid) ' . 'INNER JOIN ' . TABLE_INDIVIDUALS . ' AS i ON (i.id = s.individualid) ' . 'INNER JOIN ' . TABLE_PHENOTYPES . ' AS p ON (p.individualid = i.id) ' . 'WHERE vog.statusid >= ? AND i.statusid >= ? AND p.id = ?', array(STATUS_MARKED, STATUS_MARKED, $nID))->fetchAllColumn();
         }
         $_DATA->deleteEntry($nID);
         if ($zData['statusid'] >= STATUS_MARKED && $aGenes) {
             // Change updated date for genes.
             lovd_setUpdatedDate($aGenes);
         }
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Deleted phenotype information entry ' . $nID . ' (Owner: ' . $zData['owner'] . ')');
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . 'individuals/' . $zData['individualid']);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully deleted the phenotype information entry!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password fields!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #8
0
        // Wrong ID, apparently.
        // FIXME: This function and its use is a bit messy.
        lovd_showPageAccessDenied(null, PAGE_TITLE, 'No such ID!');
        exit;
    } elseif ($zData['locked'] && ACTION == 'lock' || !$zData['locked'] && ACTION == 'unlock') {
        // Can't unlock someone that is not locked or lock someone that is already locked.
        $_T->printHeader();
        $_T->printTitle();
        lovd_showInfoTable('User is already ' . ACTION . 'ed!', 'stop');
        $_T->printFooter();
        exit;
    }
    // The actual query.
    $_DB->query('UPDATE ' . TABLE_USERS . ' SET login_attempts = ' . ($zData['locked'] ? 0 : 3) . ' WHERE id = ?', array($nID));
    // Write to log...
    lovd_writeLog('Event', LOG_EVENT, ucfirst(ACTION) . 'ed user ' . $nID . ' - ' . $zData['username'] . ' (' . $zData['name'] . ') - with level ' . $_SETT['user_levels'][$zData['level']]);
    // Return the user where they came from.
    header('Refresh: 0; url=' . lovd_getInstallURL() . CURRENT_PATH);
    exit;
}
if (PATH_COUNT == 2 && ctype_digit($_PE[1]) && ACTION == 'submissions') {
    // URL: /users/00001?submissions
    // Manage unfinished submissions
    $nID = sprintf('%05d', $_PE[1]);
    define('PAGE_TITLE', 'Manage unfinished submissions for user #' . $nID);
    $_T->printHeader();
    $_T->printTitle();
    if ($_AUTH && $_AUTH['id'] == $nID) {
        // Require submitter clearance.
        lovd_requireAUTH();
        lovd_showInfoTable('Below are lists of your unfinished submissions', 'information');
Example #9
0
             if (count($aOutput)) {
                 $_DB->query('DELETE vog FROM ' . TABLE_VARIANTS . ' AS vog INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (vog.id = s2v.variantid) WHERE s2v.screeningid IN (?' . str_repeat(', ?', count($aOutput) - 1) . ')', $aOutput);
             }
         }
         // Get genes which are modified only when individual and variant status is marked or public.
         if ($_POST['statusid'] >= STATUS_MARKED) {
             $aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t ' . 'INNER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) ' . 'INNER JOIN ' . TABLE_VARIANTS . ' AS vog ON (vog.id = vot.id) ' . 'INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (s2v.variantid = vog.id) ' . 'INNER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s.id = s2v.screeningid) ' . 'WHERE vog.statusid >= ? AND s.individualid = ?', array(STATUS_MARKED, $nID))->fetchAllColumn();
         }
         $_DATA->deleteEntry($nID);
         if ($_POST['statusid'] >= STATUS_MARKED && $aGenes) {
             // Change updated date for genes.
             lovd_setUpdatedDate($aGenes);
         }
         $_DB->commit();
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Deleted individual information entry ' . $nID . ' (Owner: ' . $zData['owner'] . ')');
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully deleted the individual information entry!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password field!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #10
0
function lovd_soapError($e, $bHalt = true)
{
    // Formats SOAP errors for the error log, and optionally halts the system.
    if (!is_object($e)) {
        return false;
    }
    // Try to detect if arguments have been passed, and isolate them from the stacktrace.
    $sMethod = '';
    $sArgs = '';
    foreach ($e->getTrace() as $aTrace) {
        if (isset($aTrace['function']) && $aTrace['function'] == '__call') {
            // This is the low level SOAP call. Isolate used method and arguments from here.
            list($sMethod, $aArgs) = $aTrace['args'];
            if ($aArgs && is_array($aArgs) && isset($aArgs[0])) {
                $aArgs = $aArgs[0];
                // Not sure why the call's argument are in a sub array, but oh, well.
                foreach ($aArgs as $sArg => $sValue) {
                    $sArgs .= (!$sArgs ? '' : "\n") . "\t\t" . $sArg . ':' . $sValue;
                }
            }
            break;
        }
    }
    // Format the error message.
    $sError = preg_replace('/^' . preg_quote(rtrim(lovd_getInstallURL(false), '/'), '/') . '/', '', $_SERVER['REQUEST_URI']) . ' returned error in module \'' . $sMethod . '\'.' . "\n" . (!$sArgs ? '' : 'Arguments:' . "\n" . $sArgs . "\n") . 'Error message:' . "\n" . str_replace("\n", "\n\t\t", $e->__toString());
    // If the system needs to be halted, send it through to lovd_displayError() who will print it on the screen,
    // write it to the system log, and halt the system. Otherwise, just log it to the database.
    if ($bHalt) {
        return lovd_displayError('SOAP', $sError);
    } else {
        return lovd_writeLog('Error', 'SOAP', $sError);
    }
}
Example #11
0
                 // If one of the transcripts currently present in the database is not present in $_POST, we will want to remove it.
                 $aToRemove[] = $nTranscript;
                 $aGenesUpdated[] = $sGene;
             }
         }
         if (!empty($aToRemove)) {
             // Remove transcript mapping from variant...
             $_DB->query('DELETE FROM ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' WHERE id = ? AND transcriptid IN (?' . str_repeat(', ?', count($aToRemove) - 1) . ')', array_merge(array($nID), $aToRemove));
         }
         if ($zData['statusid'] >= STATUS_MARKED) {
             lovd_setUpdatedDate($aGenesUpdated);
         }
         // If we get here, it all succeeded.
         $_DB->commit();
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Updated the transcript list for variant #' . $nID);
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . CURRENT_PATH . (!empty($aNewTranscripts) ? '?edit#' . implode(',', $aNewTranscripts) : ''));
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully updated the transcript list!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password fields!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #12
0
         } else {
             $_BAR[1]->setMessage('Done importing!', 'done');
         }
         $_BAR[1]->setMessageVisibility('done', true);
         if (count($aDone)) {
             $sMessage = '';
             foreach ($aDone as $sSection => $n) {
                 $sMessage .= (!$sMessage ? '' : ', ') . $n . ' ' . $sSection;
             }
             $sMessage = preg_replace('/, ([^,]+)/', " and \$1", $sMessage);
         } else {
             $sMessage = 'new links only';
         }
         $aGenes = array_unique($aGenes);
         $nGenes = count($aGenes);
         lovd_writeLog('Event', LOG_EVENT, 'Imported ' . $sMessage . '; ran ' . $nDone . ' queries' . (!$aGenes ? '' : ' (' . ($nGenes > 100 ? $nGenes . ' genes' : implode(', ', $aGenes)) . ')') . '.');
         lovd_setUpdatedDate($aGenes);
     }
     // FIXME: Why is this not empty?
     //var_dump(implode("\n", $aData));
     $_T->printFooter();
     exit;
 }
 // Errors...
 $_BAR[0]->remove();
 $_BAR[0]->setMessageVisibility('', false);
 $_BAR[0]->setMessageVisibility('done', false);
 if (!lovd_error() && !$nDataTotal) {
     if ($sMode == 'update') {
         lovd_showInfoTable('No entries found that can be updated via the import file.', 'stop');
     }
Example #13
0
 function checkFields($aData, $zData = false)
 {
     // Checks fields before submission of data.
     global $_AUTH, $_DB, $_PE, $_SETT;
     // Mandatory fields.
     $this->aCheckMandatory = array('name', 'institute', 'address', 'city', 'countryid', 'email', 'username');
     // These password fields are only not mandatory when we're editing.
     if (ACTION != 'edit') {
         $this->aCheckMandatory[] = 'password_1';
         $this->aCheckMandatory[] = 'password_2';
     }
     parent::checkFields($aData);
     // Email address.
     if (!empty($aData['email'])) {
         $aEmail = explode("\r\n", $aData['email']);
         foreach ($aEmail as $sEmail) {
             if (!lovd_matchEmail($sEmail)) {
                 lovd_errorAdd('email', 'Email "' . htmlspecialchars($sEmail) . '" is not a correct email address' . ($sEmail && $sEmail == trim($sEmail) ? '' : '. Make sure there are no spaces or empty lines left in the email field') . '.');
             }
         }
     }
     if (lovd_getProjectFile() == '/install/index.php' || ACTION == 'create') {
         // Check username format.
         if ($aData['username'] && !lovd_matchUsername($aData['username'])) {
             lovd_errorAdd('username', 'Please fill in a correct username; 4 to 20 characters and starting with a letter followed by letters, numbers, dots, underscores and dashes only.');
         }
     }
     if (in_array(ACTION, array('create', 'register'))) {
         // Does the username exist already?
         if ($aData['username']) {
             if ($_DB->query('SELECT COUNT(*) FROM ' . TABLE_USERS . ' WHERE username = ?', array($aData['username']))->fetchColumn()) {
                 lovd_errorAdd('username', 'There is already a user with this username. Please choose another one.');
             }
         }
     }
     // One of two password fields entered... check 'em.
     if ($aData['password_1'] || $aData['password_2']) {
         if ($aData['password_1'] && $aData['password_2']) {
             // Both entered.
             if ($aData['password_1'] != $aData['password_2']) {
                 lovd_errorAdd('password_2', 'The \'' . (in_array(ACTION, array('edit', 'change_password')) ? 'New p' : 'P') . 'assword\' fields are not equal. Please try again.');
             } else {
                 // Password quality.
                 if (!lovd_matchPassword($aData['password_1'])) {
                     lovd_errorAdd('password_1', 'Your password is found too weak. Please fill in a proper password; at least 4 characters long and containing at least one number or special character.');
                 }
             }
         } else {
             if (in_array(ACTION, array('edit', 'change_password'))) {
                 lovd_errorAdd('password_2', 'If you want to change the current password, please fill in both \'New password\' fields.');
             } else {
                 lovd_errorAdd('password_2', 'Please fill in both \'Password\' fields.');
             }
         }
     }
     // Check given security IP range.
     if (!empty($aData['allowed_ip'])) {
         // This function will throw an error itself (second argument).
         $bIP = lovd_matchIPRange($aData['allowed_ip'], 'allowed_ip');
         if (lovd_getProjectFile() == '/install/index.php' || ACTION == 'edit' && $_PE[1] == $_AUTH['id']) {
             // Check given security IP range.
             if ($bIP && !lovd_validateIP($aData['allowed_ip'], $_SERVER['REMOTE_ADDR'])) {
                 // This IP range is not allowing the current IP to connect. This ain't right.
                 // If IP address is actually IPv6, then complain that we can't restrict at all.
                 // Otherwise, be clear the current setting just doesn't match.
                 if (strpos($_SERVER['REMOTE_ADDR'], ':') !== false) {
                     // IPv6...
                     lovd_errorAdd('allowed_ip', 'Your current IP address is IPv6 (' . $_SERVER['REMOTE_ADDR'] . '), which is not supported by LOVD to restrict access to your account.');
                 } else {
                     lovd_errorAdd('allowed_ip', 'Your current IP address is not matched by the given IP range. This would mean you would not be able to get access to LOVD with this IP range.');
                 }
             }
         }
     } else {
         // We're not sure if $aData == $_POST. But we'll just do this. It can't harm I guess.
         $_POST['allowed_ip'] = '*';
     }
     // Level can't be higher or equal than the current user.
     if (!empty($aData['level']) && $aData['level'] >= $_AUTH['level']) {
         lovd_writeLog('Error', 'HackAttempt', 'Tried to upgrade user ID ' . $_PE[1] . ' to level ' . $_SETT['user_levels'][$aData['level']] . ')');
         lovd_errorAdd('level', 'User level is not permitted. Hack attempt.');
     }
     // XSS attack prevention. Deny input of HTML.
     lovd_checkXSS();
 }
Example #14
0
             }
             // Check if referer is given, check it, then forward the user.
             if (!empty($_POST['referer'])) {
                 // Location is within this LOVD installation.
                 $sLocation = $_POST['referer'];
             } else {
                 // Redirect to proper location will be done somewhere else in this code.
                 $sLocation = lovd_getInstallURL() . 'login';
             }
             header('Location: ' . $sLocation);
             exit;
         }
     }
     // The bad logins end up here!
     if (!$zUser || !lovd_error() && !lovd_verifyPassword($_POST['password'], $zUser['password'])) {
         lovd_writeLog('Auth', 'AuthError', $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') tried logging in using ' . $_POST['username'] . '/' . str_repeat('*', strlen($_POST['password'])));
         lovd_errorAdd('', 'Invalid Username/Password combination.');
         // This may not actually update (user misspelled his username) but we can call the query anyway.
         if ($_CONF['lock_users']) {
             $_DB->query('UPDATE ' . TABLE_USERS . ' SET login_attempts = login_attempts + 1 WHERE username = ? AND level < ' . LEVEL_ADMIN, array($_POST['username']), false);
         }
         // Check if the user is locked, now.
         if ($zUser && $zUser['login_attempts'] >= 3 - 1) {
             lovd_errorAdd('password', 'Your account is now locked, since this is the third time a wrong password was provided.');
         }
         // The "Forgot my password" option.
         if ($_CONF['allow_unlock_accounts']) {
             lovd_errorAdd('', 'Did you <A href="reset_password">forget your password</A>?');
         }
     }
 }
Example #15
0
     // Mandatory fields.
     if (empty($_POST['password'])) {
         lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
     }
     // User had to enter his/her password for authorization.
     if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
         lovd_errorAdd('password', 'Please enter your correct password for authorization.');
     }
     if (!lovd_error()) {
         // Query text.
         // This also deletes the entries in variants.
         $_DATA->deleteEntry($nID);
         // Change updated date for gene.
         lovd_setUpdatedDate($zData['geneid']);
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Deleted transcript information entry ' . $nID . ' - ' . $zData['geneid'] . ' (' . $zData['name'] . ')');
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully deleted the transcript information entry!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password fields!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #16
0
 // Ask Mutalyzer about the transcripts within this range.
 // FIXME: Is this really necessary if all variants only want to be mapped on the transcripts in the database?
 $aTranscriptData = array();
 try {
     // Can throw notice when TranscriptMappingInfo is not present (when no transcripts are available, for instance).
     $aTranscriptsWithinRange = @$_Mutalyzer->getTranscriptsMapping(array('build' => $_CONF['refseq_build'], 'chrom' => 'chr' . $sChromosome, 'pos1' => $nStart, 'pos2' => $nEnd, 'method' => 1))->getTranscriptsMappingResult->TranscriptMappingInfo;
 } catch (SoapFault $e) {
     // Call failed, due to network problems, perhaps? Don't run the mapping script now!
     define('MAPPING_NO_RESTART', true);
     if (!empty($_GET['variantid'])) {
         // We were trying to map a specific variant. Set the MAPPING_ERROR flag so the user understands we tried it.
         $_DB->query('UPDATE ' . TABLE_VARIANTS . ' SET mapping_flags = ' . ($aVariants[0]['mapping_flags'] | MAPPING_ERROR) . ' WHERE id = ?', array($aVariants[0]['id']));
         $aVariantUpdates = array();
     }
     if (empty($_SESSION['mapping']['time_error']) || time() - $_SESSION['mapping']['time_error'] > $tLogInterval) {
         lovd_writeLog('Error', LOG_EVENT, 'Error while running the Mutalyzer getTranscriptsMapping webservice.');
     }
     // Forget the variants we had selected. This will skip the loop below and take us straight to the update-and-exit part.
     $aVariants = array();
     $nVariants = 0;
 }
 if (!empty($aTranscriptsWithinRange) && is_array($aTranscriptsWithinRange)) {
     // Of the detected transcripts, we want to know their GENE and POSITIONS.
     foreach ($aTranscriptsWithinRange as $oTranscript) {
         $aTranscript = get_object_vars($oTranscript);
         // Record the transcript accession, gene symbol and start and end positions.
         $sTranscriptNM = $aTranscript['name'];
         $nVersion = $aTranscript['version'];
         if (empty($aTranscriptData[$sTranscriptNM]) || $aTranscriptData[$sTranscriptNM]['version'] < $nVersion) {
             // Be sure to remember only the latest version!
             $aTranscriptData[$sTranscriptNM]['version'] = $nVersion;
Example #17
0
         // Search for effected genes before the deletion on SCR2VAR, else we can't find the link.
         // Get genes which are modified only when linked variant is marked or public.
         $aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t ' . 'INNER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) ' . 'INNER JOIN ' . TABLE_VARIANTS . ' AS vog ON (vog.id = vot.id) ' . 'INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (s2v.variantid = vog.id) ' . 'INNER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s.id = s2v.screeningid) ' . 'INNER JOIN ' . TABLE_INDIVIDUALS . ' AS i ON (i.id = s.individualid) ' . 'WHERE vog.statusid >= ? AND i.statusid >= ? AND s2v.screeningid = ?', array(STATUS_MARKED, STATUS_MARKED, $nID))->fetchAllColumn();
         if (isset($_POST['remove_variants']) && $_POST['remove_variants'] == 'remove') {
             // This also deletes the entries in TABLE_SCR2VAR.
             $_DB->query('DELETE FROM ' . TABLE_VARIANTS . ' WHERE id IN (?' . str_repeat(', ?', count($aVariantsRemovable) - 1) . ')', $aVariantsRemovable);
         }
         // This also deletes the entries in TABLE_SCR2GENES and TABLE_SCR2VAR.
         $_DATA->deleteEntry($nID);
         if ($aGenes) {
             // Change updated date for genes
             lovd_setUpdatedDate($aGenes);
         }
         $_DB->commit();
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Deleted screening information entry ' . $nID);
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . 'individuals/' . $zData['individualid']);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully deleted the screening information entry!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password fields!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #18
0
    lovd_errorPrint();
    // Tooltip JS code.
    lovd_includeJS('inc-js-tooltip.php');
    // Allow checking the database URL.
    lovd_includeJS('inc-js-submit-settings.php');
    // Table.
    print '      <FORM action="install/?step=' . $_GET['step'] . '&amp;sent=true" method="post">' . "\n";
    // Array which will make up the form table.
    $aForm = array_merge($_SYSSETTING->getForm(), array('skip', array('', '', 'submit', 'Continue &raquo;')));
    lovd_viewForm($aForm);
    print '</FORM>' . "\n\n";
    $_T->printFooter();
    exit;
} elseif ($_GET['step'] == 3) {
    $_GET['step']++;
}
if ($_GET['step'] == 4) {
    // Step 5: Done.
    if (!($_DB->query('SHOW TABLES LIKE "' . TABLE_CONFIG . '"')->fetchColumn() && $_DB->query('SELECT COUNT(*) FROM ' . TABLE_CONFIG)->fetchColumn())) {
        // Didn't finish previous step correctly.
        //header('Location: ' . PROTOCOL . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?step=' . ($_GET['step'] - 2));
        header('Location: ' . PROTOCOL . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?step=' . ($_GET['step'] - 1));
        exit;
    }
    $_T->printHeader();
    lovd_printSideBar();
    lovd_writeLog('Install', 'Installation', 'Installation of LOVD ' . $_STAT['version'] . ' complete');
    print '      <B>Done</B><BR>' . "\n" . '      <BR>' . "\n\n" . '      The installation of LOVD ' . $_STAT['version'] . ' is now complete.<BR>' . "\n" . '      <BR>' . "\n\n" . '      <BUTTON onclick="window.location.href=\'' . lovd_getInstallURL() . 'setup?newly_installed\';" style="font-weight : bold; font-size : 11px;">Continue to Setup area &gt;&gt;</BUTTON>' . "\n\n";
    $_T->printFooter();
    exit;
}
Example #19
0
 $_DATA = new LOVD_Column();
 if (!empty($_POST)) {
     lovd_errorClean();
     // Mandatory fields.
     if (empty($_POST['password'])) {
         lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
     }
     // User had to enter his/her password for authorization.
     if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
         lovd_errorAdd('password', 'Please enter your correct password for authorization.');
     }
     if (!lovd_error()) {
         // Query text.
         $_DATA->deleteEntry($sColumnID);
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Deleted column ' . $sColumnID);
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0] . '/' . $sCategory);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully deleted the column ' . $sColumnID . '!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password field!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #20
0
                 $nSQLFailed++;
                 $sSQLFailed .= '<SPAN style="background : #C0C0C0;">' . sprintf('%' . strlen(count($aSQL)) . 'd', $i) . '</SPAN> ' . htmlspecialchars($sSQL) . ';\\n';
             }
         }
         if ($nSQLFailed) {
             $sSQLFailed .= '</PRE>';
             $_BAR->setMessage($sSQLFailed);
             $_BAR->setMessage('After executing th' . ($nSQLFailed == 1 ? 'is query' : 'ese queries') . ', please try again.', 'done');
             $_BAR->setMessageVisibility('done', true);
             break;
         }
         usleep(300000);
     }
     if (!$nSQLFailed) {
         // Upgrade complete, all OK!
         lovd_writeLog('Install', 'Upgrade', 'Successfully upgraded LOVD from ' . $_STAT['version'] . ' to ' . $_SETT['system']['version'] . ', executing ' . $nSQLDone . ' quer' . ($nSQLDone == 1 ? 'y' : 'ies'));
         $_BAR->setProgress(100);
         $_BAR->setMessage('Successfully upgraded to ' . $_SETT['system']['version'] . '!<BR>Executed ' . $nSQLDone . ' database quer' . ($nSQLDone == 1 ? 'y' : 'ies') . '.');
     } else {
         // Bye bye, they should not see the form!
         print '</BODY>' . "\n" . '</HTML>' . "\n";
         exit;
     }
     // Remove update lock.
     $_DB->query('UPDATE ' . TABLE_STATUS . ' SET lock_update = 0');
 }
 // Now that this is over, let the user proceed to whereever they were going!
 if ($bLocked) {
     // Have to force upgrade...
     $_SERVER['REQUEST_URI'] .= ($_SERVER['QUERY_STRING'] ? '&' : '?') . 'force_lock';
 } else {
Example #21
0
function lovd_showPageAccessDenied($sLogMessage = null, $sPageTitle = 'Access denied', $sInfoText = 'You do not have access to this content.')
{
    // Show a page saying access denied.
    global $_T;
    $_T->printHeader();
    if (!is_null($sPageTitle)) {
        $_T->printTitle($sPageTitle);
    } else {
        $_T->printTitle();
    }
    if (!is_null($sLogMessage)) {
        lovd_writeLog('Error', 'HackAttempt', $sLogMessage);
    }
    lovd_showInfoTable($sInfoText, 'stop');
    $_T->printFooter();
}
Example #22
0
         }
         // This optimalization is normally done in updateEntry().
         if (empty($_POST['proxy_port'])) {
             // Empty port number, insert NULL instead of 0.
             $_POST['proxy_port'] = NULL;
         }
         // Query text.
         $sSQL = 'UPDATE ' . TABLE_CONFIG . ' SET ';
         $aSQL = array();
         foreach ($aFields as $key => $sField) {
             $sSQL .= (!$key ? '' : ', ') . $sField . ' = ?';
             $aSQL[] = $_POST[$sField];
         }
         $q = $_DB->query($sSQL, $aSQL, true, true);
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Edited system configuration');
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . 'setup');
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully edited the system settings!', 'success');
         $_T->printFooter();
         exit;
     }
 } else {
     // Load current values.
     $_POST = array_merge($_POST, $zData);
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();
Example #23
0
            $bMail = lovd_sendMail($aTo, $sSubject, $sBody, $_SETT['email_headers'], true, $_CONF['send_admin_submissions']);
            // Thank the user...
            $_T->printHeader();
            $_T->printTitle();
            if ($bMail) {
                print '      Successfully reset your password.<BR>' . "\n" . '      We\'ve sent you an email containing your new password. With this new password, you can <A href="' . ROOT_PATH . 'login.php">unlock your account</A> and choose a new password.<BR><BR>' . "\n\n";
            } else {
                // Couldn't send confirmation...
                lovd_writeLog('Error', LOG_EVENT, 'Error sending email for account ' . $_AUTH['username'] . ' (' . $zData['name'] . ')');
                print '      Due to an error, we couldn\'t send you an email containing your new password. Our apologies for the inconvenience.<BR><BR>' . "\n\n";
            }
            $_T->printFooter();
            exit;
        } else {
            unset($_POST['username']);
            lovd_writeLog('Auth', LOG_EVENT, $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') tried to reset password for denied account ' . $_POST['username']);
        }
    }
    $_T->printHeader();
    $_T->printTitle();
    print '      If you forgot your password, please fill in your username here. A new random password will be generated and emailed to the known email address. You need this new password to unlock your account and choose a new password.<BR>' . "\n" . '      <BR>' . "\n\n";
    lovd_errorPrint();
    // Table.
    print '      <FORM action="' . CURRENT_PATH . '" method="post">' . "\n";
    // Array which will make up the form table.
    $aForm = array(array('POST', '', '', '', '30%', '20', '70%'), array('Username', '', 'text', 'username', 20), 'skip', array('', '', 'submit', 'Reset password'));
    lovd_viewForm($aForm);
    print '</FORM>' . "\n\n";
    $_T->printFooter();
    exit;
}
Example #24
0
 if (!empty($_POST)) {
     lovd_errorClean();
     // Mandatory fields.
     if (empty($_POST['password'])) {
         lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
     }
     // User had to enter his/her password for authorization.
     if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
         lovd_errorAdd('password', 'Please enter your correct password for authorization.');
     }
     if (!lovd_error()) {
         // Query text.
         // This also deletes the entries in cols2links.
         $_DATA->deleteEntry($nID);
         // Write to log...
         lovd_writeLog('Event', LOG_EVENT, 'Deleted custom link ' . $nID . ' - ' . $zData['name'] . ' (' . $zData['pattern_text'] . ')');
         // Thank the user...
         header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
         $_T->printHeader();
         $_T->printTitle();
         lovd_showInfoTable('Successfully deleted the custom link!', 'success');
         $_T->printFooter();
         exit;
     } else {
         // Because we're sending the data back to the form, I need to unset the password fields!
         unset($_POST['password']);
     }
 }
 $_T->printHeader();
 $_T->printTitle();
 lovd_errorPrint();