function upload_termsfile($parent_id, $domain, $has_codes, $has_descr) { if (!@$_REQUEST['uploading']) { return null; } if (!$_FILES['import_file']['size']) { return array('error' => 'Error occurred during import - file had zero size'); } $filename = $_FILES['import_file']['tmp_name']; $parsed = array(); $row = 0; if (($handle = fopen($filename, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); if ($num > 0) { $desc = ''; $code = ''; $label = substr(trim($data[0]), 0, 499); if (count($data) > 1) { $code = substr(trim($data[1]), 0, 99); if (count($data) > 2) { $desc = implode(',', array_slice($data, 2)); $desc = substr($desc, 0, 999); } } if ($label == '') { $label = $code; } if ($label != '') { array_push($parsed, array($code, $label, $desc, $domain, $parent_id, 1)); $row++; } } } } if ($handle) { fclose($handle); } if ($row == 0) { return array('error' => 'No appropriate line found to process in import file'); } $mysqli = mysqli_connection_overwrite(DATABASE); $colNames = array('trm_Code', 'trm_Label', 'trm_Description', 'trm_Domain', 'trm_ParentTermID', 'trm_AddedByImport'); $rv['parent'] = $parent_id; $rv['result'] = array(); //result foreach ($parsed as $ind => $dt) { $res = updateTerms($colNames, "1-1", $dt, $mysqli); array_push($rv['result'], $res); } $rv['terms'] = getTerms(); $mysqli->close(); return $rv; }
* the License. */ /** * Corsstabs server side DB requests * * @author Artem Osmakov <*****@*****.**> * @copyright (C) 2005-2016 University of Sydney * @link http://HeuristNetwork.org * @version 3.1.0 * @license http://www.gnu.org/licenses/gpl-3.0.txt GNU License 3.0 * @package Heurist academic knowledge management system */ require_once dirname(__FILE__) . '/../../common/connect/applyCredentials.php'; require_once dirname(__FILE__) . '/../../common/php/dbMySqlWrappers.php'; require_once dirname(__FILE__) . '/../../search/parseQueryToSQL.php'; $mysqli = mysqli_connection_overwrite("hdb_" . @$_REQUEST['db']); $params = $_REQUEST; if (@$_REQUEST['a'] == 'minmax') { $response = recordSearchMinMax($mysqli, $params); } else { if (@$_REQUEST['a'] == 'pointers') { $response = recordSearchDistictPointers($mysqli, $params); } else { if (@$_REQUEST['a'] == 'crosstab') { $response = getCrossTab($mysqli, $params); } else { $response = array("status" => "INVALID REQUEST"); } } } header('Content-type: text/javascript');
error_exit("Sorry, you need to be a database owner to be able to modify the database structure"); } $legalMethods = array("saveRectype", "saveRT", "saveRTS", "deleteRTS", "saveRTC", "deleteRTC", "saveRTG", "saveDetailType", "saveDT", "saveDTG", "saveTerms", "mergeTerms", "deleteTerms", "deleteDT", "deleteRT", "deleteRTG", "deleteDTG", "checkDTusage"); $method = @$_REQUEST['method']; if ($method && !in_array($_REQUEST['method'], $legalMethods)) { $method = null; } if (!$method) { error_exit("Invalid call to saveStructure, there is no valid 'method' parameter"); } else { $data = @$_REQUEST['data']; //decode and unpack data if ($data) { $data = json_decode(urldecode(@$_REQUEST['data']), true); } $mysqli = mysqli_connection_overwrite(DATABASE); // mysqli mysql_connection_overwrite(DATABASE); // need for getRecordInfoLibrary switch ($method) { //{ rectype: // {colNames:{ common:[rty_name,rty_OrderInGroup,.......], // dtFields:[rst_DisplayName, ....]}, // defs : {-1:[[common:['newRecType name',56,34],dtFields:{dty_ID:[overide name,76,43], 160:[overide name2,136,22]}], // [common:[...],dtFields:{nnn:[....],...,mmm:[....]}]], // 23:{common:[....], dtFields:{nnn:[....],...,mmm:[....]}}}}} case 'saveRectype': case 'saveRT': // Record type if (!array_key_exists('rectype', $data) || !array_key_exists('colNames', $data['rectype']) || !array_key_exists('defs', $data['rectype'])) { error_exit("Invalid data structure sent with saveRectype method call to saveStructure.php");
function upload_termsfile($parent_id, $domain, $has_codes, $has_descr) { if (!@$_REQUEST['uploading']) { return null; } if (!$_FILES['import_file']['size']) { return array('error' => 'Error occurred during import - file had zero size'); } $filename = $_FILES['import_file']['tmp_name']; $parsed = array(); $row = 0; if (($handle = fopen($filename, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); if ($num > 0) { if ($has_codes) { $code = substr(trim($data[0]), 0, 99); $ind = 1; } else { $code = ''; $ind = 0; } if ($num > $ind) { $label = substr(trim($data[$ind]), 0, 399); $len = strlen($label); if ($len > 0 && $len < 400) { $desc = ""; if ($has_descr) { $ind++; for ($c = $ind; $c < $num; $c++) { if ($c > 1) { $desc = $desc . ","; } $desc = $desc . $data[$c]; } } array_push($parsed, array($code, $label, substr($desc, 0, 999), $domain, $parent_id, 1)); $row++; } } } } } if ($handle) { fclose($handle); } if ($row == 0) { return array('error' => 'No one appropriate line found'); } $db = mysqli_connection_overwrite(DATABASE); //artem's $colNames = array('trm_Code', 'trm_Label', 'trm_Description', 'trm_Domain', 'trm_ParentTermID', 'trm_AddedByImport'); $rv['parent'] = $parent_id; $rv['result'] = array(); //result foreach ($parsed as $ind => $dt) { $res = updateTerms($colNames, "1-1", $dt, $db); array_push($rv['result'], $res); } $rv['terms'] = getTerms(); $db->close(); return $rv; }
/** * * * @param mixed $colNames * @param mixed $recID * @param mixed $rt */ function updateReportSchedule($colNames, $recID, $values) { global $db, $sys_usrReportSchedule_ColumnNames; $ret = null; if (count($colNames) && count($values)) { $db = mysqli_connection_overwrite(DATABASE); $isInsert = $recID < 0; $query = ""; $fieldNames = ""; $parameters = array(""); $fieldNames = join(",", $colNames); foreach ($colNames as $colName) { $val = array_shift($values); if (array_key_exists($colName, $sys_usrReportSchedule_ColumnNames)) { if ($query != "") { $query = $query . ","; } if ($isInsert) { $query = $query . "?"; } else { $query = $query . "{$colName} = ?"; } $parameters[0] = $parameters[0] . $sys_usrReportSchedule_ColumnNames[$colName]; //take datatype from array array_push($parameters, $val); } } //for columns if ($query != "") { if ($isInsert) { $query = "insert into usrReportSchedule (" . $fieldNames . ") values (" . $query . ")"; } else { $query = "update usrReportSchedule set " . $query . " where rps_ID = {$recID}"; } $rows = execSQL($db, $query, $parameters, true); if ($rows == 0 || is_string($rows)) { $oper = $isInsert ? "inserting" : "updating"; $ret = "error {$oper} in updateReportSchedule - " . $rows; //$msqli->error; } else { if ($isInsert) { $recID = $db->insert_id; $ret = -$recID; } else { $ret = $recID; } } } $db->close(); } //if column names if ($ret == null) { $ret = "no data supplied for updating report - {$recID}"; } return $ret; }
$targetDBName = @$_GET["importingTargetDBName"]; $tempDBName = @$_GET["tempDBName"]; $sourceDBName = @$_GET["sourceDBName"]; $importRtyID = @$_GET["importRtyID"]; $sourceDBID = @$_GET["sourceDBID"]; $importRefdRectypes = @$_GET["noRecursion"] && $_GET["noRecursion"] == 1 ? false : true; $importVocabs = @$_GET["importVocabs"] == 1; $strictImport = @$_GET["strict"] && $_GET["strict"] == 1 ? true : false; $currentDate = date("d-m"); $error = false; $importLog = array(); $importedRecTypes = array(); //import field id -> target id - IMPORTANT for proper titlemask conversion $fields_correspondence = array(); mysql_connection_insert($targetDBName); $mysqli = mysqli_connection_overwrite($targetDBName); // mysqli for saveStructureLib switch ($_GET["action"]) { case "crosswalk": crosswalk(); break; case "import": import(); break; case "drop": dropDB(); break; default: echo "Error: Unknown action received"; } exit;
function updateProgress($mysqli, $session_id, $is_init, $value) { //mysql_connection_overwrite(DATABASE); $need_close = false; if ($mysqli === null) { $need_close = true; $mysqli = mysqli_connection_overwrite(DATABASE); } if ($is_init) { //check that session table exists $from_res = $mysqli->query("show tables like 'tmpUsrSession'"); if ($from_res && $from_res->num_rows > 0) { //remove old data //mysql_query('DELETE FtmpUsrSession where field_id<'.); } else { //recreate $mysqli->query('CREATE TABLE tmpUsrSession(field_id varchar(32) NOT NULL, field_data varchar(32), PRIMARY KEY (field_id))'); } } if ($value == null) { $query = "select field_data from tmpUsrSession where field_id=" . $session_id; $from_res = $mysqli->query($query); if ($from_res) { // && $from_res->num_rows > 0 $res = $from_res->fetch_row(); if ($need_close) { $mysqli->close(); } return $res[0]; } else { //error_log('>>>>NOT FOUND '.$query); } } else { if ($value == 'REMOVE') { $mysqli->query("DELETE FROM tmpUsrSession where field_id=" . $session_id); //error_log('DELTE '.$mysqli->error.' '.$mysqli->affected_rows); } else { //write if ($is_init) { $query = "insert into tmpUsrSession values (" . $session_id . ",'" . $value . "')"; $res = $mysqli->query($query); } else { $query = "update tmpUsrSession set field_data='" . $value . "' where field_id=" . $session_id; $res = $mysqli->query($query); } //$mysqli->commit(); } } if ($need_close) { $mysqli->close(); } return null; }
/** * * * @param mixed $colNames * @param mixed $recID * @param mixed $rt */ function updateReportSchedule($colNames, $recID, $values) { global $db, $sys_usrReportSchedule_ColumnNames; $ret = null; if (count($colNames) && count($values)) { $db = mysqli_connection_overwrite(DATABASE); $isInsert = $recID < 0; $query = ""; $fieldNames = ""; $parameters = array(""); $fieldNames = join(",", $colNames); foreach ($colNames as $colName) { $val = array_shift($values); if (array_key_exists($colName, $sys_usrReportSchedule_ColumnNames)) { if ($query != "") { $query = $query . ","; } if ($isInsert) { $query = $query . "?"; } else { $query = $query . "{$colName} = ?"; } $parameters[0] = $parameters[0] . $sys_usrReportSchedule_ColumnNames[$colName]; //take datatype from array array_push($parameters, $val); } } //for columns if ($query != "") { if ($isInsert) { $query = "insert into usrReportSchedule (" . $fieldNames . ") values (" . $query . ")"; } else { $query = "update usrReportSchedule set " . $query . " where rps_ID = {$recID}"; } //temporary alter the structure of table 2016-05-17 - remark it in one year $res = mysql_query("SHOW FIELDS FROM usrReportSchedule where Field='rps_IntervalMinutes'"); $struct = mysql_fetch_assoc($res); if (strpos($struct['Type'], 'tinyint') !== false) { mysql_query('ALTER TABLE `usrReportSchedule` CHANGE COLUMN `rps_IntervalMinutes` `rps_IntervalMinutes` INT NULL DEFAULT NULL'); } $rows = execSQL($db, $query, $parameters, true); if ($rows == 0 || is_string($rows)) { $oper = $isInsert ? "inserting" : "updating"; $ret = "error {$oper} in updateReportSchedule - " . $rows . ' ' . $query; //$msqli->error; } else { if ($isInsert) { $recID = $db->insert_id; $ret = -$recID; } else { $ret = $recID; } } } $db->close(); } //if column names if ($ret == null) { $ret = "no data supplied for updating report - {$recID}"; } return $ret; }
/** * Main function * * @param mixed $_REQUEST */ function executeSmartyTemplate($params) { global $smarty, $outputfile, $isJSout, $rtStructs, $dtStructs, $dtTerms, $gparams, $max_allowed_depth, $publishmode, $execution_counter, $execution_total_counter, $session_id, $mysqli; set_time_limit(0); //no script execution time limit mysql_connection_overwrite(DATABASE); //AO: mysql_connection_select - does not work since there is no access to stored procedures(getTemporalDateString) // which Steve used in some queries //TODO SAW grant ROuser EXECUTE on getTemporalDate and any other readonly procs //load definitions (USE CACHE) //$rtStructs = getAllRectypeStructures(true); //$dtStructs = getAllDetailTypeStructures(true); //$dtTerms = getTerms(true); $params["f"] = 1; //always search (do not use cache) $isJSout = array_key_exists("mode", $params) && $params["mode"] == "js"; //use javascript wrap $outputfile = array_key_exists("output", $params) ? $params["output"] : null; $publishmode = array_key_exists("publish", $params) ? intval($params['publish']) : 0; $emptysetmessage = array_key_exists("emptysetmessage", $params) ? $params['emptysetmessage'] : null; $gparams = $params; //keep to use in other functions if (!array_key_exists("limit", $params)) { //not defined if ($publishmode == 0) { $limit_for_interface = intval(@$_SESSION[HEURIST_SESSION_DB_PREFIX . 'heurist']["display-preferences"]['smarty-output-limit']); if (!$limit_for_interface || $limit_for_interface < 1) { $limit_for_interface = 50; //default limit in dispPreferences } $params["limit"] = $limit_for_interface; //force limit } else { $params["limit"] = PHP_INT_MAX; } } if (@$params['recordset']) { //we already have the list of record ids if (is_array($params['recordset'])) { $qresult = $params['recordset']; } else { $qresult = json_decode($params['recordset'], true); } //truncate recordset - limit does not work for publish mode if ($publishmode == 0 && $qresult && array_key_exists('recIDs', $qresult)) { $recIDs = explode(',', $qresult['recIDs']); if ($params["limit"] < count($recIDs)) { $qresult['recIDs'] = implode(',', array_slice($recIDs, 0, $params["limit"])); } } } else { if (@$params['h4'] == 1) { //search with h4 search engine and got list of ids /* for future use $params['detail']='ids'; $params['vo']='h3'; $qresult = recordSearch($system, $params); */ $url = ""; foreach ($params as $key => $value) { $url = $url . $key . "=" . urlencode($value) . "&"; } $url = HEURIST_BASE_URL . "hserver/controller/record_search.php?" . $url . "&detail=ids&vo=h3"; $result = loadRemoteURLviaSocket($url); // loadRemoteURLContent($url); $qresult = json_decode($result, true); } else { $qresult = loadSearch($params); //from search/getSearchResults.php - loads array of records based og GET request } } // EMPTY RESULT SET - EXIT if (!$qresult || !array_key_exists('recIDs', $qresult) && !array_key_exists('records', $qresult) || $qresult['resultCount'] == 0) { if ($emptysetmessage) { $error = $emptysetmessage; // allows publisher of URL to customise the message if no records retrieved } else { if ($publishmode > 0) { $error = "<b><font color='#ff0000'>Note: There are no records in this view. The URL will only show records to which the viewer has access. Unless you are logged in to the database, you can only see records which are marked as Public visibility</font></b>"; } else { $error = "<b><font color='#ff0000'>Search or Select records to see template output</font></b>"; } } if ($isJSout) { $error = add_javascript_wrap4($error, null); } if ($publishmode > 0 && $outputfile != null) { //save empty output into file save_report_output2($error . "<div style=\"padding:20px;font-size:110%\">Currently there are no results</div>"); } else { echo $error; } exit; } //get name of template file $template_file = array_key_exists('template', $params) ? $params['template'] : null; //get template body from request (for execution from editor) $template_body = array_key_exists('template_body', $params) ? $params['template_body'] : null; if (null != $template_file) { if (substr($template_file, -4) != ".tpl") { $template_file = $template_file . ".tpl"; } if (file_exists(HEURIST_SMARTY_TEMPLATES_DIR . $template_file)) { $content = file_get_contents(HEURIST_SMARTY_TEMPLATES_DIR . $template_file); } else { $error = "<b><font color='#ff0000'>Template file {$template_file} does not exist</font></b>"; echo $error; if ($publishmode > 0 && $outputfile != null) { //save empty output into file save_report_output2($error); } exit; } } else { $content = $template_body; } //verify that template has new features //need to detect $heurist->getRecord - if it is not found this is old version - show error message if (strpos($content, '$heurist->getRecord(') === false) { $error = '<p>To improve performance we have made some small changes to the report template specifications (July 2016).</p>' . '<p>You will need to add {$r = $heurist->getRecord($r)} immediately after the start of the main record loop, like this:<p/>' . '{*------------------------------------------------------------*}' . '<br/>{foreach $results as $r}' . '<br/><b>{$r = $heurist->getRecord($r)}</b>' . '<br/>{*------------------------------------------------------------*}' . '<p>and similar expressions for record pointer loops - example: {$r.f103 = $heurist->getRecord($r.f103)}</p>' . '<p>Please generate a new report to obtain an example of the syntax, or simply send your report template to ' . '<br/>support at HeuristNetwork dot org and we will adjust the template for you.</p>'; if ($publishmode > 0 && $outputfile != null) { save_report_output2($error); } else { echo $error; } exit; } $k = strpos($content, "{*depth"); $kp = 8; if (is_bool($k) && !$k) { $k = strpos($content, "{* depth"); $kp = 9; } if (is_numeric($k) && $k >= 0) { $nd = substr($content, $k + $kp, 1); //strpos($content,"*}",$k)-$k-8); if (is_numeric($nd) && $nd < 3) { $max_allowed_depth = $nd; } } //end pre-parsing of template $mysqli = mysqli_connection_overwrite(DATABASE); if ($publishmode == 0 && $session_id != null) { updateProgress($mysqli, $session_id, true, '0,0'); } //convert to array that will assigned to smarty variable if (array_key_exists('recIDs', $qresult)) { $results = explode(",", $qresult["recIDs"]); $execution_total_counter = count($results); /* OLD WAY $records = explode(",", $qresult["recIDs"]); $results = array(); $k = 0; $execution_total_counter = count($records); //'tot_count'=>$tot_count, foreach ($records as $recordID){ if(smarty_function_progress(array('done'=>$k), $smarty)){ echo 'Execution was terminated'; return; } $rec = loadRecord($recordID, false, true); //from search/getSearchResults.php $res1 = getRecordForSmarty($rec, 0, $k); $res1["recOrder"] = $k; $k++; array_push($results, $res1); } */ } else { $records = $qresult["records"]; $execution_total_counter = count($records); //'tot_count'=>$tot_count, //v5.5+ $results = array_column($records, 'recID'); $results = array_map(function ($value) { return @$value['recID'] ? $value['recID'] : array(); }, $records); /* OLD WAY $records = $qresult["records"]; $execution_total_counter = count($records); //'tot_count'=>$tot_count, $results = array(); $k = 0; foreach ($records as $rec){ if(smarty_function_progress(array('done'=>$k), $smarty)){ echo 'Execution was terminated'; return; } $res1 = getRecordForSmarty($rec, 0, $k); $res1["recOrder"] = $k; $k++; array_push($results, $res1); } */ } //activate default template - generic list of records //we have access to 2 methods getRecord and getRelatedRecords $heuristRec = new ReportRecord(); //$smarty->registerObject('heurist', $heuristRec, array('getRecord'), false); $smarty->assignByRef('heurist', $heuristRec); $smarty->assign('results', $results); //assign //$smarty->getvar() ini_set('display_errors', 'false'); // 'stdout' ); $smarty->error_reporting = 0; if ($template_body) { //execute template from string - modified template in editor //error report level: 1 notices, 2 all, 3 debug mode $replevel = array_key_exists('replevel', $params) ? $params['replevel'] : 0; if ($replevel == "1" || $replevel == "2") { ini_set('display_errors', 'true'); // 'stdout' ); $smarty->debugging = false; if ($replevel == "2") { $smarty->error_reporting = E_ALL & ~E_STRICT & ~E_NOTICE; } else { $smarty->error_reporting = E_NOTICE; } } else { $smarty->debugging = $replevel == "3"; } $smarty->debug_tpl = dirname(__FILE__) . '/debug_html.tpl'; //save temporary template //this is user name $template_file = "_temp.tpl"; $template_file = "_" . get_user_username() . ".tpl"; $file = fopen($smarty->template_dir . $template_file, "w"); fwrite($file, $template_body); fclose($file); //$smarty->display('string:'.$template_body); } else { // usual way - from file if (!$template_file) { $template_file = 'test01.tpl'; } $smarty->debugging = false; $smarty->error_reporting = 0; if ($outputfile != null) { $smarty->registerFilter('output', 'smarty_output_filter'); } else { if ($isJSout) { $smarty->registerFilter('output', 'add_javascript_wrap5'); } } } //DEBUG $smarty->registerFilter('post', 'smarty_post_filter'); if ($publishmode == 0 && $session_id != null) { updateProgress($mysqli, $session_id, true, '0,' . count($results)); /*session_start(); $_SESSION[HEURIST_SESSION_DB_PREFIX.'heurist']['smarty_progress2'] = '0,'.count($results); session_write_close();*/ } $execution_counter = -1; $execution_total_counter = count($results); try { $smarty->display($template_file); } catch (Exception $e) { echo 'Exception on execution: ', $e->getMessage(), "\n"; } if ($publishmode == 0 && $session_id != null) { updateProgress($mysqli, $session_id, false, 'REMOVE'); } $mysqli->close(); }
/** * updateMimetypes * * @param mixed $colNames * @param mixed $recID * @param mixed $rt */ function updateMimetypes($colNames, $recID, $values) { global $defFileExtToMimetype; $ret = null; if (count($colNames) && count($values)) { $db = mysqli_connection_overwrite(DATABASE); $isInsert = $recID < 0; $query = ""; $fieldNames = ""; $parameters = array(""); $parameters2 = array(""); $fieldNames = join(",", $colNames); foreach ($colNames as $colName) { $val = array_shift($values); if (array_key_exists($colName, $defFileExtToMimetype)) { if ($query != "") { $query = $query . ","; } if ($isInsert) { if ($colName == "fxm_Extension") { $recID = $val; $parameters2[0] = $defFileExtToMimetype[$colName]; //take datatype from array array_push($parameters2, $val); } $query = $query . "?"; } else { $query = $query . "{$colName} = ?"; } $parameters[0] = $parameters[0] . $defFileExtToMimetype[$colName]; //take datatype from array array_push($parameters, $val); } } //for columns //check for duplication /*if($isInsert){ $querydup = "select fxm_Extension from defFileExtToMimetype where fxm_Extension=?"; $rows = execSQL($db, $querydup, $parameters2, false); if(is_array(@rows)){ $ret = "error insert duplicate extension"; $query = ""; } }*/ if ($query != "") { if ($isInsert) { $query = "insert into defFileExtToMimetype (" . $fieldNames . ") values (" . $query . ")"; } else { $query = "update defFileExtToMimetype set " . $query . " where fxm_Extension = '{$recID}'"; } $rows = execSQL($db, $query, $parameters, true); if ($rows == 0 || is_string($rows)) { $oper = $isInsert ? "inserting" : "updating"; $ret = "Error {$oper} for Mime types - " . $rows; //$msqli->error; } else { if ($isInsert) { //$recID = $db->insert_id; $ret = "-1"; } else { $ret = 1; } } } $db->close(); } //if column names if ($ret == null) { $ret = "no data supplied for updating Mime types - {$recID}"; } return $ret; }