/**
* read_config reads the config from database and stores it in an array
*
* @return void
*/
private function read_config()
{
// prepare config
$config = array();
// get db-object
$db = Db::newDb();
// prepare sql-statement
$sql = "SELECT c.name,c.value\n\t\t\t\tFROM config AS c";
// execute statement
$result = $db->query($sql);
// fetch result
while (list($name, $value) = $result->fetch_array(MYSQL_NUM)) {
$config[$name] = $value;
}
// set config
$this->set_config($config);
}
/**
* dbselect_value the text value for this field from
* db using the field-config (select_list#select_value)
*
* @return string value from db
*/
public function dbhierselect_value()
{
// get db-object
$db = Db::newDb();
// get config
$config = $this->get_config();
$sql = explode('|', $config['sql'][2], 3);
// separate value
list($v_first, $v_second) = explode('|', $this->get_value(), 2);
// execute query
$value = $sql[0] . $v_first . $sql[1] . $v_second . $sql[2];
$result = $db->query($value);
// fetch result
$field_values = $result->fetch_array(MYSQL_ASSOC);
// return
return $field_values;
}
/**
* check_rights if the loggedin user has rights on the given table and
* table_id
*
* @param int $table_id id of the entry
* @param string $table name of the table
* @param bool $public if true, include public-access in check
* @return bool true if user has rights, false otherwise
*/
public static function check_rights($table_id, $table, $public = false)
{
// get groups
$groups = $_SESSION['user']->groups();
// get rights for given id and table
// get db-object
$db = Db::newDb();
// prepare sql-statement
$sql = 'SELECT r.id,r.g_id
FROM rights AS r
WHERE r.table_name = "' . $table . '"
AND r.table_id = ' . (int) $table_id;
// execute
$result = $db->query($sql);
// fetch result
$all_rights = array();
while (list($id, $g_id) = $result->fetch_array(MYSQL_NUM)) {
// set variables to array
$all_rights[$id] = $g_id;
}
// walk through groups and check if in rights
foreach ($groups as $no => $group_id) {
if ($public) {
if (in_array($group_id, $all_rights)) {
return true;
}
} else {
if (in_array($group_id, $all_rights) && $group_id != 0) {
return true;
}
}
}
// else return false
return false;
}
/**
* return_all_users returns all users from db as array containing
* user-objects
*
* @param array $exclude array containing usernames not to include in list
* @return array array containing all user-objects
*/
public function return_all_users($exclude = array())
{
// prepare return
$users = array();
// get db-object
$db = Db::newDb();
// prepare sql-statement
$sql = "SELECT u.username\n\t\t\t\tFROM user AS u";
// execute statement
$result = $db->query($sql);
//fetch result
while (list($username) = $result->fetch_array(MYSQL_NUM)) {
// safe object in array
$user = new User();
$user->change_user($username, false);
// exclude
if (!in_array($username, $exclude)) {
$users[] = $user;
}
}
// return
return $users;
}
/**
* check_ann_value checks if the given calendar-entry has values on the
* given preset-id
*
* @param int $cid id of the calendar-entry
* @return bool true if calendar-entry and preset has values, false otherwise
*/
public static function check_ann_value($cid)
{
// get db-object
$db = Db::newDb();
// prepare sql-statement
$sql = "\n\t\t\tSELECT v.id\n\t\t\tFROM value AS v\n\t\t\tWHERE v.table_name = 'calendar'\n\t\t\tAND v.table_id = {$cid}";
// execute
$result = $db->query($sql);
// check result
if ($result->num_rows > 0) {
return true;
} else {
return false;
}
}
/**
* writeDb writes the protocol-entry to db
*
* @return void
*/
public function writeDb($action = 'new')
{
// prepare timestamp
$timestamp = date('Y-m-d', strtotime($this->get_date()));
// get db-object
$db = Db::newDb();
// check action
if ($action == 'new') {
// insert
// prepare sql-statement
$sql = "INSERT INTO protocol\n\t\t\t\t\t\t(id,\n\t\t\t\t\t\tdate,\n\t\t\t\t\t\ttype,\n\t\t\t\t\t\tlocation,\n\t\t\t\t\t\tprotocol,\n\t\t\t\t\t\tpreset_id,\n\t\t\t\t\t\tvalid,\n\t\t\t\t\t\tmember,\n\t\t\t\t\t\towner,\n\t\t\t\t\t\tcorrectable,\n\t\t\t\t\t\trecorder)\n\t\t\t\t\tVALUES (null,'" . $db->real_escape_string($timestamp) . "'," . $db->real_escape_string($this->get_type('i')) . ",'" . $db->real_escape_string($this->get_location()) . "','" . $db->real_escape_string($this->get_protocol()) . "'," . $db->real_escape_string($this->get_preset()->get_id()) . "," . $db->real_escape_string($this->get_valid()) . ",'" . $db->real_escape_string($this->get_member(true, "|")) . "'," . $db->real_escape_string($this->get_owner()) . ",'" . $db->real_escape_string($this->get_correctable()) . "','" . $db->real_escape_string($this->get_recorder()) . "')";
// execute;
$db->query($sql);
// get insert_id
$insert_id = $db->insert_id;
// set id and preset_id
$this->set_id($insert_id);
// write rights
try {
$this->get_rights()->write_db($insert_id);
} catch (Exception $e) {
throw new Exception('DbActionUnknown', $e->getCode());
}
} elseif ($action == 'update') {
// update
// prepare sql-statement
$sql = "UPDATE protocol\n\t\t\t\t\tSET\n\t\t\t\t\t\tdate='" . $db->real_escape_string($timestamp) . "',\n\t\t\t\t\t\ttype=" . $db->real_escape_string($this->get_type('i')) . ",\n\t\t\t\t\t\tlocation='" . $db->real_escape_string($this->get_location()) . "',\n\t\t\t\t\t\tprotocol='" . $db->real_escape_string($this->get_protocol()) . "',\n\t\t\t\t\t\tpreset_id=" . $db->real_escape_string($this->get_preset()->get_id()) . ",\n\t\t\t\t\t\tvalid=" . $db->real_escape_string($this->get_valid()) . ",\n\t\t\t\t\t\tmember='" . $db->real_escape_string($this->get_member(true, "|")) . "',\n\t\t\t\t\t\tcorrectable='" . $db->real_escape_string($this->get_correctable()) . "',\n\t\t\t\t\t\trecorder='" . $db->real_escape_string($this->get_recorder()) . "'\n\t\t\t\t\tWHERE id = " . $db->real_escape_string($this->get_id());
// execute
$db->query($sql);
// write rights
try {
$this->get_rights()->write_db($this->get_id());
} catch (Exception $e) {
throw new Exception('DbActionUnknown', $e->getCode());
}
} else {
// error
$errno = $GLOBALS['Error']->error_raised('DbActionUnknown', 'write_protocol', $action);
throw new Exception('DbActionUnknown', $errno);
}
// close db
$db->close();
}
/**
* check_preset checks if the given id exists in db and is of $table
*
* @param int $id id of the preset
* @param string $table tablename the id is associated with
* @return bool true if id exists and match $table, false otherwise
*/
public static function check_preset($id, $table)
{
// get db-object
$db = Db::newDb();
// prepare sql
$sql = "SELECT p.id,p.table\n\t\t\t\tFROM preset AS p\n\t\t\t\tWHERE id={$id}\n\t\t\t\tAND p.table='{$table}'";
// execute
$result = $db->query($sql);
if ($result->num_rows == 0) {
return false;
} else {
return true;
}
}
/**
* get_movements returns the htmlstring of the movements
*
* @param object $inventory the inventory object
* @return string html of the movement list
*/
private function get_movements($inventory)
{
// get id
$id = $inventory->get_id();
// get preset
$preset = $inventory->get_preset();
// get fields
$fields = $preset->get_fields();
// get db-object
$db = Db::newDb();
// prepare sql-statement
$sql = "SELECT u.name,m.id,m.date_time\n\t\t\t\tFROM user AS u, inventory_movement AS m\n\t\t\t\tWHERE m.action = 'taken'\n\t\t\t\tAND m.inventory_id = {$id}\n\t\t\t\tAND u.id = m.user_id\n\t\t\t\tORDER BY m.date_time DESC";
// execute
$result = $db->query($sql);
$movements = array();
while (list($name, $movement_id, $date_time) = $result->fetch_array(MYSQL_NUM)) {
// smarty
$movements[] = array('href' => 'inventory.php?id=movement&mid=' . $movement_id, 'title' => parent::lang('class.InventoryView#get_movements#date#title'), 'content' => date('d.m.Y', strtotime($date_time)), 'name' => $name);
}
// return
return $movements;
}
/**
* new_row inserts a new row in $table
*
* @param string $table table to insert row
* @return string HTML-string for the form or message
*/
private function new_row($table)
{
// prepare return
$return = '';
// get url-parameters
$link = '';
if ($table == 'defaults') {
$link = 'administration.php?id=' . $this->get('id');
} else {
$link = 'administration.php?id=' . $this->get('id') . '&field=' . $table;
}
// get db-object
$db = Db::newDb();
// prepare statement
$sql = "SELECT * FROM {$table}";
// execute
$result = $db->query($sql);
// table info
$tinfo = $result->fetch_fields();
// prepare form
$form = new HTML_QuickForm2('new_' . $table, 'post', array('name' => 'new_' . $table, 'action' => $link . '&action=new'));
// add datasource (valid = 1)
$datasource['valid'] = 1;
$form->addDataSource(new HTML_QuickForm2_DataSource_Array($datasource));
// renderer
$renderer = HTML_QuickForm2_Renderer::factory('default');
$renderer->setOption('required_note', parent::lang('class.AdministrationView#new_row#form#requiredNote'));
// get values and fields
$i = 0;
$fields = array();
foreach ($tinfo as $col) {
// check translation
$translated_col = '';
if (parent::lang('class.AdministrationView#tableRows#name#' . $col->name) != "class.AdministrationView#tableRows#name#{$col->name} not translated") {
$translated_col = parent::lang('class.AdministrationView#tableRows#name#' . $col->name);
} else {
$translated_col = $col->name;
}
// check id
if ($col->name != 'id') {
// col->type
// 252 = text, 253 = varchar; 1 = tinyint(boolean); 3 = int
// add field
$field = null;
// check category
if ($col->name == 'category') {
// get options
$cat_sql = "SELECT id,name FROM category WHERE valid=1";
$cat_result = $db->query($cat_sql);
$options = array('--');
while (list($id, $name) = $cat_result->fetch_array(MYSQL_NUM)) {
$options[$id] = $name;
}
// select
$field = $form->addElement('select', $col->name, array());
$field->setLabel($translated_col . ':');
// load options
$field->loadOptions($options);
// add rules
if ($table == 'defaults') {
$field->addRule('required', parent::lang('class.AdministrationView#new_row#rule#requiredSelect'));
$field->addRule('callback', parent::lang('class.AdministrationView#new_row#rule#checkSelect'), array($this, 'callback_check_select'));
}
} else {
// check type
if ($col->type == 252) {
// textarea
$field = $form->addElement('textarea', $col->name, array());
$field->setLabel($translated_col . ':');
// add rules
$field->addRule('regex', parent::lang('class.AdministrationView#new_row#rule#regexp.allowedChars') . ' [' . $_SESSION['GC']->get_config('textarea.desc') . ']', $_SESSION['GC']->get_config('textarea.regexp'));
// required
if ($table == 'defaults') {
$field->addRule('required', parent::lang('class.AdministrationView#new_row#rule#required'));
}
} elseif ($col->type == 253 || $col->type == 3) {
// input
$field = $form->addElement('text', $col->name, array());
$field->setLabel($translated_col . ':');
// add rules
$field->addRule('regex', parent::lang('class.AdministrationView#new_row#rule#regexp.allowedChars') . ' [' . $_SESSION['GC']->get_config('textarea.desc') . ']', $_SESSION['GC']->get_config('textarea.regexp'));
// required
if ($table == 'defaults') {
$field->addRule('required', parent::lang('class.AdministrationView#new_row#rule#required'));
}
} elseif ($col->type == 1) {
// input
$field = $form->addElement('checkbox', $col->name, array());
$field->setLabel($translated_col . ':');
}
}
}
// increment field-counter
$i++;
}
// submit-button
$form->addSubmit('submit', array('value' => parent::lang('class.AdministrationView#new_row#form#submitButton')));
// validate
if ($form->validate()) {
// set output
$return .= $this->p('class="edit_caption"', parent::lang('class.AdministrationView#new_row#caption#done'));
// get data
$data = $form->getValue();
// prepare statement
$sql = "INSERT INTO {$table} ";
$sql_field = "(id,";
$sql_value = " VALUES (NULL,";
foreach ($data as $field => $value) {
// check translation
$translated_field = '';
if (parent::lang('class.AdministrationView#tableRows#name#' . $field) != "class.AdministrationView#tableRows#name#{$field} not translated") {
$translated_field = parent::lang('class.AdministrationView#tableRows#name#' . $field);
} else {
$translated_field = $field;
}
// check field
if (substr($field, 0, 5) != '_qf__' && $field != 'submit') {
// add fields to sql
$sql_field .= "{$field},";
$sql_value .= "'{$value}',";
// add fields to output
$return .= $this->p('', "{$translated_field} = '" . nl2br(htmlentities(utf8_decode($value))) . "'");
}
}
$sql_field = substr($sql_field, 0, -1) . ")";
$sql_value = substr($sql_value, 0, -1) . ")";
$sql .= $sql_field . $sql_value;
// execute
$result = $db->query($sql);
// add table content
$return .= $this->list_table_content($table, $this->get('page'));
} else {
$return .= $this->p('', parent::lang('class.AdministrationView#new_row#caption#edit'));
$return .= $form->render($renderer);
}
// return
return $return;
}
/**
* movement_last_values returns an array containing the field values
* of the last movement
*
* @return array array contains tht field values of the last movement
*/
public function movement_last_values()
{
// get db-object
$db = Db::newDb();
// get last movements
$id = Inventory::movement_last_row($db, $this->get_id(), 'id', 2);
// prepare sql-statement
$sql = "SELECT v.field_id,v.value\n\t\t\t\tFROM value AS v\n\t\t\t\tWHERE table_name = 'inventory_movement'\n\t\t\t\tAND table_id = " . $id[1];
// execute
$result = $db->query($sql);
// fetch result
$return = array();
while (list($field_id, $value) = $result->fetch_array(MYSQL_NUM)) {
$return['inventory-' . $field_id] = $value;
}
// return
return $return;
}
/**
* user controles the actions for usersettings
*
* @return string the html-string of usersettings-page
*/
private function user()
{
// smarty-template
$sUserPasswd = new JudoIntranetSmarty();
// prepare return
$return = '';
// check login
if ($_SESSION['user']->get_loggedin()) {
// smarty
$sUserPasswd->assign('pagecaption', parent::lang('class.MainView#user#caption#general') . ' ' . $_SESSION['user']->get_userinfo('name'));
// check action
if ($this->get('action') == 'passwd') {
// smarty
$sUserPasswd->assign('section', parent::lang('class.MainView#user#caption#passwd'));
// prepare form
$form = new HTML_QuickForm2('passwd', 'post', array('name' => 'passwd', 'action' => 'index.php?id=user&action=passwd'));
// add elementgroup
$passwd = $form->addElement('group', 'password', array());
// add fields
$passwd1 = $passwd->addElement('password', 'password1', array());
$passwd2 = $passwd->addElement('password', 'password2', array());
// add label
$passwd->setLabel(parent::lang('class.MainView#user#passwd#label') . ':');
// submit-button
$form->addSubmit('submit', array('value' => parent::lang('class.MainView#user#passwd#submitButton')));
// renderer
$renderer = HTML_QuickForm2_Renderer::factory('default');
$renderer->setOption('required_note', parent::lang('class.MainView#user#form#requiredNote'));
// add rules
$passwd->addRule('required', parent::lang('class.MainView#user#rule#required'));
$passwd->addRule('callback', parent::lang('class.MainView#user#rule#checkPasswd'), array($this, 'callback_check_passwd'));
// validate
if ($form->validate()) {
// get values
$data = $form->getValue();
// get db-object
$db = Db::newDb();
// prepare sql-statement
$sql = "UPDATE user\n\t\t\t\t\t\t\tSET password='******'password']['password1']) . "'\n\t\t\t\t\t\t\tWHERE id=" . $_SESSION['user']->get_id();
// execute statement
$result = $db->query($sql);
// smarty message
$sUserPasswd->assign('message', parent::lang('class.MainView#user#validate#passwdChanged'));
} else {
// smarty form and return
$sUserPasswd->assign('form', $form->render($renderer));
}
return $sUserPasswd->fetch('smarty.user.passwd.tpl');
} else {
return 'default content';
}
} else {
// not authorized
$errno = $GLOBALS['Error']->error_raised('NotAuthorized', 'entry:' . $this->get('id'), $this->get('id'));
$GLOBALS['Error']->handle_error($errno);
return $GLOBALS['Error']->to_html($errno);
}
}
/**
* listCorrections returns an array of all corrections of this protocol
*
* @param int $id id of the protocol to be checked
* @return array list of all corrections of the given protocol id
*/
public static function listCorrections($pid)
{
// get db-object
$db = Db::newDb();
// prepare sql-statement
$sql = "SELECT *\n\t\t\t\tFROM protocol_correction\n\t\t\t\tWHERE pid = " . $pid;
// execute
$result = $db->query($sql);
// get result
$corrections = array();
while ($correction = $result->fetch_array(MYSQL_ASSOC)) {
$corrections[] = $correction;
}
// close db
$db->close();
// return
return $corrections;
}
