public function render()
{
//============================================
// Pull items from database
//============================================
$data = new data_trans($this->data_src);
$data->data_query($this->strsql);
$result = $data->data_assoc_result();
foreach ($result as $row) {
//-----------------------------------------
// Create Radio Button
//-----------------------------------------
$tmp_radio = new radio($this->name, $row[$this->opt_key]);
//-----------------------------------------
// Is Checked?
//-----------------------------------------
if (isset($this->checked_value)) {
if ($this->checked_value == $row[$this->opt_key]) {
$tmp_radio->set_attribute('checked', 'checked');
}
}
//-----------------------------------------
// Element Attributes
//-----------------------------------------
if (isset($this->elements_attrs[$row[$this->opt_key]])) {
$tmp_radio->attrs($this->elements_attrs[$row[$this->opt_key]]);
}
//-----------------------------------------
// Output
//-----------------------------------------
$tmp_radio->render();
print ' ' . $row[$this->opt_val];
if ($this->style == 'newline') {
print '<br/>';
} else {
if ($this->style == 'custom') {
print $this->custom_style;
}
}
print "\n";
}
}
public function __construct()
{
// Set class variables
$this->status = false;
$this->data_src = strtolower($_SESSION['auth_data_source']);
// Set this local file path
$local_path = dirname(__FILE__);
//*****************************************
// Load and Set Authentication Parameters
//*****************************************
if ($this->data_src != 'none' && $this->data_src != 'custom') {
$this->data_type = $_SESSION['auth_data_type'];
$this->user_table = $_SESSION['auth_user_table'];
$this->user_field = $_SESSION['auth_user_field'];
$this->add_to_where = isset($_SESSION['auth_add_to_where']) ? $_SESSION['auth_add_to_where'] : '';
// Password Security
$valid_pass_sec_types = array('clear' => 'clear', 'md5' => 'md5', 'sha1' => 'sha1');
$this->auth_pass_security = isset($_SESSION['auth_pass_security']) ? strtolower($_SESSION['auth_pass_security']) : 'clear';
if (!isset($valid_pass_sec_types[$this->auth_pass_security])) {
$this->auth_pass_security = 'clear';
}
// Set User ID and Password
if (isset($_POST['user']) && isset($_POST['pass'])) {
$this->user = addslashes($_POST['user']);
switch ($this->auth_pass_security) {
case 'md5':
$this->pass = md5($_POST['pass']);
break;
case 'sha1':
$this->pass = sha1($_POST['pass']);
break;
case 'sha256':
$this->pass = hash('sha256', $_POST['pass']);
break;
default:
$this->pass = $_POST['pass'];
break;
}
}
// Load Data Transaction Class
require_once $_SESSION['frame_path'] . '/core/data_access/data_trans.class.php';
} else {
if ($this->data_src == 'custom') {
// Load Database Engine
require_once $_SESSION['frame_path'] . '/core/data_access/data_trans.class.php';
require_once $_SESSION['frame_path'] . '/plugins/qdba.inc.php';
$this->data_type = 'custom';
} else {
$this->data_type = 'none';
}
}
//*****************************************
// Setup the Query
//*****************************************
switch ($this->data_type) {
case 'ldap':
$search_dn = $this->user_table . ',';
$ldapFilter = "(&(uid={$this->user}))";
$query = array($search_dn, $ldapFilter);
break;
case 'mysql':
case 'pgsql':
case 'mysqli':
case 'oracle':
case 'sqlite':
case 'mssql':
case 'sqlsrv':
case 'sqlite':
case 'db2':
$query = "select * from {$this->user_table} where {$this->user_field} = '{$this->user}'";
if ($this->add_to_where != '') {
$query .= " and {$this->add_to_where}";
}
break;
case 'custom':
break;
default:
// Kerberos or other SSO Authentication
if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
$_SESSION['userid'] = $_SERVER['REMOTE_USER'];
} else {
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
$_SESSION['userid'] = $_SERVER['PHP_AUTH_USER'];
} else {
$_SESSION['userid'] = 'none';
}
}
$this->status = true;
break;
}
//*****************************************
// Perform Authentication
//*****************************************
if ($this->data_src != 'none' && $this->data_src != 'custom') {
$data_auth = new data_trans($this->data_src);
$data_auth->data_query($query);
$user_info = $data_auth->data_assoc_result();
$num_rows = $data_auth->data_num_rows();
$auth_user = strtolower($this->data_type) == 'ldap' && isset($user_info[0]) ? $user_info[0]['dn'] : $this->user;
if ($num_rows <= 0) {
$this->status = false;
} elseif ($data_auth->data_user_bind($auth_user, $this->pass)) {
$_SESSION['userid'] = $this->user;
$_SESSION['passwd'] = $this->pass;
// Set Name of User
switch ($this->data_type) {
case 'ldap':
$_SESSION['ldap_userid'] = $user_info[0]['dn'];
$_SESSION['name'] = isset($user_info[0][$_SESSION['auth_fname_field']][0]) ? $user_info[0][$_SESSION['auth_fname_field']][0] : '';
break;
case 'mysql':
case 'pgsql':
case 'mysqli':
case 'oracle':
case 'sqlite':
case 'mssql':
case 'sqlsrv':
case 'sqlite':
case 'db2':
$_SESSION['first_name'] = isset($user_info[0][$_SESSION['auth_fname_field']]) ? $user_info[0][$_SESSION['auth_fname_field']] : '';
$_SESSION['last_name'] = isset($user_info[0][$_SESSION['auth_lname_field']]) ? $user_info[0][$_SESSION['auth_lname_field']] : '';
$_SESSION['name'] = $_SESSION['first_name'] . ' ' . $_SESSION['last_name'];
break;
}
$this->status = true;
}
} else {
if ($this->data_src == 'custom') {
if (function_exists('custom_login')) {
$custom_ret_val = call_user_func('custom_login');
$this->status = (bool) $custom_ret_val;
if ($this->status) {
$_SESSION['userid'] = (string) $custom_ret_val;
}
} else {
trigger_error('Custom login handler function "custom_login() is not defined. Authentication automatically failed."');
}
if ($this->status) {
if (!isset($_SESSION['first_name'])) {
$_SESSION['first_name'] = '';
}
if (!isset($_SESSION['last_name'])) {
$_SESSION['last_name'] = '';
}
if (!isset($_SESSION['name'])) {
$_SESSION['name'] = '';
}
}
}
}
}
protected function set_data_source($data_source, $table)
{
// Set Data to Empty Array
$this->data = array();
// Set Class Name
$this->class_name = get_class($this);
// Set Transaction default to run
$this->print_trans = false;
// Set Quoted Types
$this->quoted_types = array();
$this->quoted_types['mysqli'] = array('char' => '', 'date' => '', 'text' => '', 'tinytext' => '', 'mediumtext' => '', 'longtext' => '', 'varchar' => '', 'enum' => '', 'timestamp' => '', 'datetime' => '', 'time' => '', 'year' => '');
$this->quoted_types['mysql'] = $this->quoted_types['mysqli'];
$this->quoted_types['pgsql'] = array('char' => '', 'date' => '', 'text' => '', 'varchar' => '', 'time' => '', 'timestamp' => '', 'xml' => '');
$this->quoted_types['oracle'] = array('CHAR' => '', 'NCHAR' => '', 'VARCHAR' => '', 'VARCHAR2' => '', 'VARCHAR2' => '', 'DATE' => '', 'TIMESTAMP' => '', 'CLOB' => '', 'NCLOB' => '');
$this->quoted_types['sqlsrv'] = array('char' => '', 'varchar' => '', 'text' => '', 'nchar' => '', 'nvarchar' => '', 'ntext' => '', 'date' => '', 'datetimeoffset' => '', 'datetime' => '', 'datetime2' => '', 'smalldatetime' => '', 'time' => '', 'xml' => '');
$this->quoted_types['mssql'] = $this->quoted_types['sqlsrv'];
$this->quoted_types['sqlite'] = array('TEXT' => '');
$this->quoted_types['db2'] = array('CHARACTER' => '', 'VARCHAR' => '', 'DATE' => '', 'TIME' => '', 'TIMESTAMP' => '');
// Initialize No Save Empty Data Types and Save Default Data Types Arrays
$this->no_save_empty_types = array();
$this->save_default_types = array();
// Setup Bind Parameters
$this->reset_bind_vars();
// Set Data Source
$this->data_source = $data_source;
settype($data_source, 'string');
if (!isset($_SESSION[$this->data_source])) {
trigger_error('Data Source does not exist.', E_USER_ERROR);
} else {
// Set Database
$this->database = $_SESSION[$this->data_source]['source'];
// Set Database Type
$this->db_type = isset($_SESSION[$this->data_source]['type']) ? $_SESSION[$this->data_source]['type'] : false;
// Set Table and schema
$this->table = $table;
settype($table, 'string');
$table_parts = explode('.', $this->table);
if (is_array($table_parts)) {
$this->table = $table_parts[count($table_parts) - 1];
if (isset($table_parts[count($table_parts) - 2])) {
$this->schema = $table_parts[count($table_parts) - 2];
}
}
// Pull Table Info
$data1 = new data_trans($this->data_source);
switch ($this->db_type) {
case 'mysql':
case 'mysqli':
$strsql = "SHOW COLUMNS FROM {$this->table}";
$data1->data_query($strsql);
$meta_data = $data1->data_assoc_result();
foreach ($meta_data as $field) {
$this->table_info[$field['Field']] = array();
$fld_type = explode('(', $field['Type']);
if (count($fld_type) > 1) {
$this->table_info[$field['Field']]['data_type'] = $fld_type[0];
if ($fld_type[0] != 'enum') {
$this->table_info[$field['Field']]['length'] = substr($fld_type[1], 0, strlen($fld_type[1]) - 1);
}
} else {
$this->table_info[$field['Field']]['data_type'] = $field['Type'];
$this->table_info[$field['Field']]['length'] = NULL;
}
$this->table_info[$field['Field']]['nullable'] = strtoupper($field['Null']) == 'YES' ? 1 : 0;
$this->table_info[$field['Field']]['load_default'] = $field['Default'];
$this->table_info[$field['Field']]['no_save'] = false;
$this->table_info[$field['Field']]['no_load'] = false;
$this->table_info[$field['Field']]['quotes'] = 'auto';
$this->table_info[$field['Field']]['can_bind_param'] = true;
}
break;
case 'pgsql':
$strsql = 'SELECT * FROM information_schema.columns';
$strsql .= " WHERE table_catalog = '{$this->database}'";
if (!empty($this->schema)) {
$strsql .= " and table_schema = '{$this->schema}'";
}
$strsql .= " and table_name = '{$this->table}' order by ordinal_position";
$data1->data_query($strsql);
$meta_data = $data1->data_assoc_result();
foreach ($meta_data as $field) {
$this->table_info[$field['column_name']] = array();
$this->table_info[$field['column_name']]['data_type'] = $field['udt_name'];
$this->table_info[$field['column_name']]['length'] = $field['character_maximum_length'];
$this->table_info[$field['column_name']]['nullable'] = strtoupper($field['is_nullable']) == 'YES' ? 1 : 0;
$this->table_info[$field['column_name']]['load_default'] = $field['column_default'];
$this->table_info[$field['column_name']]['no_save'] = false;
$this->table_info[$field['column_name']]['no_load'] = false;
$this->table_info[$field['column_name']]['quotes'] = 'auto';
$this->table_info[$field['column_name']]['can_bind_param'] = true;
}
break;
case 'oracle':
$tmp_tbl = strtoupper($this->table);
$strsql = "select * from ALL_TAB_COLUMNS where table_name = '{$tmp_tbl}'";
$data1->data_query($strsql);
$meta_data = $data1->data_assoc_result();
foreach ($meta_data as $field) {
$this->table_info[$field['COLUMN_NAME']] = array();
$this->table_info[$field['COLUMN_NAME']]['data_type'] = $field['DATA_TYPE'];
$this->table_info[$field['COLUMN_NAME']]['length'] = $field['DATA_LENGTH'];
$this->table_info[$field['COLUMN_NAME']]['nullable'] = strtoupper($field['NULLABLE']) == 'YES' ? 1 : 0;
$this->table_info[$field['COLUMN_NAME']]['load_default'] = $field['DATA_DEFAULT'];
$this->table_info[$field['COLUMN_NAME']]['no_save'] = false;
$this->table_info[$field['COLUMN_NAME']]['no_load'] = false;
$this->table_info[$field['COLUMN_NAME']]['quotes'] = 'auto';
$this->table_info[$field['COLUMN_NAME']]['can_bind_param'] = true;
}
break;
case 'sqlsrv':
case 'mssql':
$strsql = "select * from information_schema.columns where table_name = '{$this->table}'";
if (!empty($this->schema)) {
$strsql .= " and table_schema = '{$this->schema}'";
}
$data1->data_query($strsql);
$meta_data = $data1->data_assoc_result();
foreach ($meta_data as $field) {
$this->table_info[$field['COLUMN_NAME']] = array();
$this->table_info[$field['COLUMN_NAME']]['data_type'] = $field['DATA_TYPE'];
$this->table_info[$field['COLUMN_NAME']]['length'] = $field['CHARACTER_MAXIMUM_LENGTH'];
$this->table_info[$field['COLUMN_NAME']]['nullable'] = strtoupper($field['IS_NULLABLE']) == 'YES' ? 1 : 0;
$this->table_info[$field['COLUMN_NAME']]['load_default'] = $field['COLUMN_DEFAULT'];
$this->table_info[$field['COLUMN_NAME']]['no_save'] = false;
$this->table_info[$field['COLUMN_NAME']]['no_load'] = false;
$this->table_info[$field['COLUMN_NAME']]['quotes'] = 'auto';
$this->table_info[$field['COLUMN_NAME']]['can_bind_param'] = true;
}
break;
case 'sqlite':
break;
case 'db2':
if (!strstr($this->table, '/')) {
trigger_error('Table and schema must be specified in the format of [SCHEMA]/[TABLE]');
} else {
list($schema, $table) = explode('/', $this->table);
$strsql = "\n\t\t\t\t\t\t\tSELECT \n\t\t\t\t\t\t\t\t* \n\t\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\t\tQSYS2/SYSCOLUMNS \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\tTABLE_NAME = '{$table}' \n\t\t\t\t\t\t\t\tand TABLE_SCHEMA = '{$schema}'\n\t\t\t\t\t\t";
$data1->data_query($strsql);
$meta_data = rs_trim($data1->data_assoc_result(), true, true);
foreach ($meta_data as $field) {
$this->table_info[$field['COLUMN_NAME']] = array();
$this->table_info[$field['COLUMN_NAME']]['data_type'] = $field['DATA_TYPE'];
$this->table_info[$field['COLUMN_NAME']]['length'] = $field['LENGTH'];
$this->table_info[$field['COLUMN_NAME']]['nullable'] = strtoupper($field['IS_NULLABLE']) == 'Y' ? 1 : 0;
$this->table_info[$field['COLUMN_NAME']]['load_default'] = strtoupper($field['HAS_DEFAULT']) == 'Y' ? $field['COLUMN_DEFAULT'] : '';
$load_def =& $this->table_info[$field['COLUMN_NAME']]['load_default'];
if ($load_def[0] == "'") {
$load_def = substr($load_def, 1);
}
if ($load_def[strlen($load_def) - 1] == "'") {
$load_def = substr($load_def, 0, strlen($load_def) - 1);
}
$load_def = trim($load_def);
$this->table_info[$field['COLUMN_NAME']]['no_save'] = false;
$this->table_info[$field['COLUMN_NAME']]['no_load'] = false;
$this->table_info[$field['COLUMN_NAME']]['quotes'] = 'auto';
$this->table_info[$field['COLUMN_NAME']]['can_bind_param'] = true;
}
}
break;
}
}
return true;
}
public function render($buffer = false)
{
//============================================
// Pull items from database
//============================================
$data = new data_trans($this->data_src);
$data->data_query($this->strsql);
$result = $data->data_assoc_result();
$this->inset_val = '';
ob_start();
if (!is_array($this->select_value)) {
settype($this->select_value, 'string');
}
//============================================
// Added "Blank" Options
//============================================
foreach ($this->blank as $bv) {
//-----------------------------------------
// Option Attributes: Value
//-----------------------------------------
$o_attrs = array('value' => $bv[0]);
//-----------------------------------------
// Selected Value
//-----------------------------------------
if (isset($this->select_value)) {
if (is_array($this->select_value) && isset($this->select_value[$bv[0]])) {
$o_attrs['selected'] = 'selected';
} else {
settype($bv[0], 'string');
if ($this->select_value === $bv[0]) {
$o_attrs['selected'] = 'selected';
}
}
}
//-----------------------------------------
// Create Option Element
//-----------------------------------------
$o = new gen_element('option', $bv[1], $o_attrs);
$o->force_endtag(1);
//-----------------------------------------
// Element Attributes
//-----------------------------------------
if (isset($this->elements_attrs[$bv[0]])) {
$o->attrs($this->elements_attrs[$bv[0]]);
}
$o->render();
}
//============================================
// Options
//============================================
$opt_group = null;
foreach ($result as $row) {
//-----------------------------------------
// Option Attributes: Value
//-----------------------------------------
$o_attrs = array('value' => $row[$this->opt_key]);
//-----------------------------------------
// Option Group
//-----------------------------------------
if ($this->opt_group && isset($row[$this->opt_group]) && $row[$this->opt_group] !== $opt_group) {
$opt_group = $row[$this->opt_group];
print new gen_element('optgroup', '', array('label' => $row[$this->opt_group]));
}
//-----------------------------------------
// Selected Value
//-----------------------------------------
if (isset($this->select_value)) {
settype($row[$this->opt_key], 'string');
if ($this->select_value === $row[$this->opt_key]) {
$o_attrs['selected'] = 'selected';
}
}
//-----------------------------------------
// Selected Value
//-----------------------------------------
if (isset($this->select_value)) {
if (is_array($this->select_value) && isset($this->select_value[$row[$this->opt_key]])) {
$o_attrs['selected'] = 'selected';
} else {
settype($row[$this->opt_key], 'string');
if ($this->select_value === $row[$this->opt_key]) {
$o_attrs['selected'] = 'selected';
}
}
}
//-----------------------------------------
// Create Option Element
//-----------------------------------------
$o = new gen_element('option', $row[$this->opt_val], $o_attrs);
$o->force_endtag(1);
//-----------------------------------------
// Element Attributes
//-----------------------------------------
if (isset($this->elements_attrs[$row[$this->opt_key]])) {
$o->attrs($this->elements_attrs[$row[$this->opt_key]]);
}
//-----------------------------------------
// Output
//-----------------------------------------
$o->render();
}
$this->inset_val .= ob_get_clean();
parent::render($buffer);
}
function qdb_lookup($data_source, $sql, $fields = '', $bind_params = false, $opts = false)
{
// Check if fields are not specified
if ($fields == '') {
trigger_error('ERROR: qdb_lookup(): No return fields specified!!');
}
// New Data Transaction
$data1 = new data_trans($data_source);
if (!empty($opts['debug'])) {
$data1->data_debug(true);
}
$data1->set_opt('make_bind_params_refs', 1);
// Use Bind Parameters
if (is_array($bind_params) && count($bind_params)) {
// Prepare Query
$prep_status = $data1->prepare($sql);
// Execute Query
$exec_status = $data1->execute($bind_params);
} else {
// Execute Query
$query_result = $data1->data_query($sql);
}
// Pull result set
$result = $data1->data_assoc_result();
// If result set empty, return false
if (count($result) <= 0) {
return false;
} else {
// Multiple fields specified
if (is_array($fields)) {
$return_vals = array();
foreach ($fields as $index) {
if (array_key_exists($index, $result[0])) {
$return_vals[$index] = $result[0][$index];
} else {
trigger_error("ERROR: qdb_lookup(): Field '{$index}' does not exist in record set!!");
}
}
} else {
if (array_key_exists($fields, $result[0])) {
return $result[0][$fields];
} else {
trigger_error("ERROR: qdb_lookup(): Field '{$fields}' does not exist in record set!!");
}
}
}
}