Example #1
0
 public function render()
 {
     //============================================
     // Pull items from database
     //============================================
     $data = new data_trans($this->data_src);
     $data->data_query($this->strsql);
     $result = $data->data_assoc_result();
     foreach ($result as $row) {
         //-----------------------------------------
         // Create Radio Button
         //-----------------------------------------
         $tmp_radio = new radio($this->name, $row[$this->opt_key]);
         //-----------------------------------------
         // Is Checked?
         //-----------------------------------------
         if (isset($this->checked_value)) {
             if ($this->checked_value == $row[$this->opt_key]) {
                 $tmp_radio->set_attribute('checked', 'checked');
             }
         }
         //-----------------------------------------
         // Element Attributes
         //-----------------------------------------
         if (isset($this->elements_attrs[$row[$this->opt_key]])) {
             $tmp_radio->attrs($this->elements_attrs[$row[$this->opt_key]]);
         }
         //-----------------------------------------
         // Output
         //-----------------------------------------
         $tmp_radio->render();
         print ' ' . $row[$this->opt_val];
         if ($this->style == 'newline') {
             print '<br/>';
         } else {
             if ($this->style == 'custom') {
                 print $this->custom_style;
             }
         }
         print "\n";
     }
 }
 public function __construct()
 {
     // Set class variables
     $this->status = false;
     $this->data_src = strtolower($_SESSION['auth_data_source']);
     // Set this local file path
     $local_path = dirname(__FILE__);
     //*****************************************
     // Load and Set Authentication Parameters
     //*****************************************
     if ($this->data_src != 'none' && $this->data_src != 'custom') {
         $this->data_type = $_SESSION['auth_data_type'];
         $this->user_table = $_SESSION['auth_user_table'];
         $this->user_field = $_SESSION['auth_user_field'];
         $this->add_to_where = isset($_SESSION['auth_add_to_where']) ? $_SESSION['auth_add_to_where'] : '';
         // Password Security
         $valid_pass_sec_types = array('clear' => 'clear', 'md5' => 'md5', 'sha1' => 'sha1');
         $this->auth_pass_security = isset($_SESSION['auth_pass_security']) ? strtolower($_SESSION['auth_pass_security']) : 'clear';
         if (!isset($valid_pass_sec_types[$this->auth_pass_security])) {
             $this->auth_pass_security = 'clear';
         }
         // Set User ID and Password
         if (isset($_POST['user']) && isset($_POST['pass'])) {
             $this->user = addslashes($_POST['user']);
             switch ($this->auth_pass_security) {
                 case 'md5':
                     $this->pass = md5($_POST['pass']);
                     break;
                 case 'sha1':
                     $this->pass = sha1($_POST['pass']);
                     break;
                 case 'sha256':
                     $this->pass = hash('sha256', $_POST['pass']);
                     break;
                 default:
                     $this->pass = $_POST['pass'];
                     break;
             }
         }
         // Load Data Transaction Class
         require_once $_SESSION['frame_path'] . '/core/data_access/data_trans.class.php';
     } else {
         if ($this->data_src == 'custom') {
             // Load Database Engine
             require_once $_SESSION['frame_path'] . '/core/data_access/data_trans.class.php';
             require_once $_SESSION['frame_path'] . '/plugins/qdba.inc.php';
             $this->data_type = 'custom';
         } else {
             $this->data_type = 'none';
         }
     }
     //*****************************************
     // Setup the Query
     //*****************************************
     switch ($this->data_type) {
         case 'ldap':
             $search_dn = $this->user_table . ',';
             $ldapFilter = "(&(uid={$this->user}))";
             $query = array($search_dn, $ldapFilter);
             break;
         case 'mysql':
         case 'pgsql':
         case 'mysqli':
         case 'oracle':
         case 'sqlite':
         case 'mssql':
         case 'sqlsrv':
         case 'sqlite':
         case 'db2':
             $query = "select * from {$this->user_table} where {$this->user_field} = '{$this->user}'";
             if ($this->add_to_where != '') {
                 $query .= " and {$this->add_to_where}";
             }
             break;
         case 'custom':
             break;
         default:
             // Kerberos or other SSO Authentication
             if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
                 $_SESSION['userid'] = $_SERVER['REMOTE_USER'];
             } else {
                 if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
                     $_SESSION['userid'] = $_SERVER['PHP_AUTH_USER'];
                 } else {
                     $_SESSION['userid'] = 'none';
                 }
             }
             $this->status = true;
             break;
     }
     //*****************************************
     // Perform Authentication
     //*****************************************
     if ($this->data_src != 'none' && $this->data_src != 'custom') {
         $data_auth = new data_trans($this->data_src);
         $data_auth->data_query($query);
         $user_info = $data_auth->data_assoc_result();
         $num_rows = $data_auth->data_num_rows();
         $auth_user = strtolower($this->data_type) == 'ldap' && isset($user_info[0]) ? $user_info[0]['dn'] : $this->user;
         if ($num_rows <= 0) {
             $this->status = false;
         } elseif ($data_auth->data_user_bind($auth_user, $this->pass)) {
             $_SESSION['userid'] = $this->user;
             $_SESSION['passwd'] = $this->pass;
             // Set Name of User
             switch ($this->data_type) {
                 case 'ldap':
                     $_SESSION['ldap_userid'] = $user_info[0]['dn'];
                     $_SESSION['name'] = isset($user_info[0][$_SESSION['auth_fname_field']][0]) ? $user_info[0][$_SESSION['auth_fname_field']][0] : '';
                     break;
                 case 'mysql':
                 case 'pgsql':
                 case 'mysqli':
                 case 'oracle':
                 case 'sqlite':
                 case 'mssql':
                 case 'sqlsrv':
                 case 'sqlite':
                 case 'db2':
                     $_SESSION['first_name'] = isset($user_info[0][$_SESSION['auth_fname_field']]) ? $user_info[0][$_SESSION['auth_fname_field']] : '';
                     $_SESSION['last_name'] = isset($user_info[0][$_SESSION['auth_lname_field']]) ? $user_info[0][$_SESSION['auth_lname_field']] : '';
                     $_SESSION['name'] = $_SESSION['first_name'] . ' ' . $_SESSION['last_name'];
                     break;
             }
             $this->status = true;
         }
     } else {
         if ($this->data_src == 'custom') {
             if (function_exists('custom_login')) {
                 $custom_ret_val = call_user_func('custom_login');
                 $this->status = (bool) $custom_ret_val;
                 if ($this->status) {
                     $_SESSION['userid'] = (string) $custom_ret_val;
                 }
             } else {
                 trigger_error('Custom login handler function "custom_login() is not defined. Authentication automatically failed."');
             }
             if ($this->status) {
                 if (!isset($_SESSION['first_name'])) {
                     $_SESSION['first_name'] = '';
                 }
                 if (!isset($_SESSION['last_name'])) {
                     $_SESSION['last_name'] = '';
                 }
                 if (!isset($_SESSION['name'])) {
                     $_SESSION['name'] = '';
                 }
             }
         }
     }
 }
Example #3
0
 protected function set_data_source($data_source, $table)
 {
     // Set Data to Empty Array
     $this->data = array();
     // Set Class Name
     $this->class_name = get_class($this);
     // Set Transaction default to run
     $this->print_trans = false;
     // Set Quoted Types
     $this->quoted_types = array();
     $this->quoted_types['mysqli'] = array('char' => '', 'date' => '', 'text' => '', 'tinytext' => '', 'mediumtext' => '', 'longtext' => '', 'varchar' => '', 'enum' => '', 'timestamp' => '', 'datetime' => '', 'time' => '', 'year' => '');
     $this->quoted_types['mysql'] = $this->quoted_types['mysqli'];
     $this->quoted_types['pgsql'] = array('char' => '', 'date' => '', 'text' => '', 'varchar' => '', 'time' => '', 'timestamp' => '', 'xml' => '');
     $this->quoted_types['oracle'] = array('CHAR' => '', 'NCHAR' => '', 'VARCHAR' => '', 'VARCHAR2' => '', 'VARCHAR2' => '', 'DATE' => '', 'TIMESTAMP' => '', 'CLOB' => '', 'NCLOB' => '');
     $this->quoted_types['sqlsrv'] = array('char' => '', 'varchar' => '', 'text' => '', 'nchar' => '', 'nvarchar' => '', 'ntext' => '', 'date' => '', 'datetimeoffset' => '', 'datetime' => '', 'datetime2' => '', 'smalldatetime' => '', 'time' => '', 'xml' => '');
     $this->quoted_types['mssql'] = $this->quoted_types['sqlsrv'];
     $this->quoted_types['sqlite'] = array('TEXT' => '');
     $this->quoted_types['db2'] = array('CHARACTER' => '', 'VARCHAR' => '', 'DATE' => '', 'TIME' => '', 'TIMESTAMP' => '');
     // Initialize No Save Empty Data Types and Save Default Data Types Arrays
     $this->no_save_empty_types = array();
     $this->save_default_types = array();
     // Setup Bind Parameters
     $this->reset_bind_vars();
     // Set Data Source
     $this->data_source = $data_source;
     settype($data_source, 'string');
     if (!isset($_SESSION[$this->data_source])) {
         trigger_error('Data Source does not exist.', E_USER_ERROR);
     } else {
         // Set Database
         $this->database = $_SESSION[$this->data_source]['source'];
         // Set Database Type
         $this->db_type = isset($_SESSION[$this->data_source]['type']) ? $_SESSION[$this->data_source]['type'] : false;
         // Set Table and schema
         $this->table = $table;
         settype($table, 'string');
         $table_parts = explode('.', $this->table);
         if (is_array($table_parts)) {
             $this->table = $table_parts[count($table_parts) - 1];
             if (isset($table_parts[count($table_parts) - 2])) {
                 $this->schema = $table_parts[count($table_parts) - 2];
             }
         }
         // Pull Table Info
         $data1 = new data_trans($this->data_source);
         switch ($this->db_type) {
             case 'mysql':
             case 'mysqli':
                 $strsql = "SHOW COLUMNS FROM {$this->table}";
                 $data1->data_query($strsql);
                 $meta_data = $data1->data_assoc_result();
                 foreach ($meta_data as $field) {
                     $this->table_info[$field['Field']] = array();
                     $fld_type = explode('(', $field['Type']);
                     if (count($fld_type) > 1) {
                         $this->table_info[$field['Field']]['data_type'] = $fld_type[0];
                         if ($fld_type[0] != 'enum') {
                             $this->table_info[$field['Field']]['length'] = substr($fld_type[1], 0, strlen($fld_type[1]) - 1);
                         }
                     } else {
                         $this->table_info[$field['Field']]['data_type'] = $field['Type'];
                         $this->table_info[$field['Field']]['length'] = NULL;
                     }
                     $this->table_info[$field['Field']]['nullable'] = strtoupper($field['Null']) == 'YES' ? 1 : 0;
                     $this->table_info[$field['Field']]['load_default'] = $field['Default'];
                     $this->table_info[$field['Field']]['no_save'] = false;
                     $this->table_info[$field['Field']]['no_load'] = false;
                     $this->table_info[$field['Field']]['quotes'] = 'auto';
                     $this->table_info[$field['Field']]['can_bind_param'] = true;
                 }
                 break;
             case 'pgsql':
                 $strsql = 'SELECT * FROM information_schema.columns';
                 $strsql .= " WHERE table_catalog = '{$this->database}'";
                 if (!empty($this->schema)) {
                     $strsql .= " and table_schema = '{$this->schema}'";
                 }
                 $strsql .= " and table_name = '{$this->table}' order by ordinal_position";
                 $data1->data_query($strsql);
                 $meta_data = $data1->data_assoc_result();
                 foreach ($meta_data as $field) {
                     $this->table_info[$field['column_name']] = array();
                     $this->table_info[$field['column_name']]['data_type'] = $field['udt_name'];
                     $this->table_info[$field['column_name']]['length'] = $field['character_maximum_length'];
                     $this->table_info[$field['column_name']]['nullable'] = strtoupper($field['is_nullable']) == 'YES' ? 1 : 0;
                     $this->table_info[$field['column_name']]['load_default'] = $field['column_default'];
                     $this->table_info[$field['column_name']]['no_save'] = false;
                     $this->table_info[$field['column_name']]['no_load'] = false;
                     $this->table_info[$field['column_name']]['quotes'] = 'auto';
                     $this->table_info[$field['column_name']]['can_bind_param'] = true;
                 }
                 break;
             case 'oracle':
                 $tmp_tbl = strtoupper($this->table);
                 $strsql = "select * from ALL_TAB_COLUMNS where table_name = '{$tmp_tbl}'";
                 $data1->data_query($strsql);
                 $meta_data = $data1->data_assoc_result();
                 foreach ($meta_data as $field) {
                     $this->table_info[$field['COLUMN_NAME']] = array();
                     $this->table_info[$field['COLUMN_NAME']]['data_type'] = $field['DATA_TYPE'];
                     $this->table_info[$field['COLUMN_NAME']]['length'] = $field['DATA_LENGTH'];
                     $this->table_info[$field['COLUMN_NAME']]['nullable'] = strtoupper($field['NULLABLE']) == 'YES' ? 1 : 0;
                     $this->table_info[$field['COLUMN_NAME']]['load_default'] = $field['DATA_DEFAULT'];
                     $this->table_info[$field['COLUMN_NAME']]['no_save'] = false;
                     $this->table_info[$field['COLUMN_NAME']]['no_load'] = false;
                     $this->table_info[$field['COLUMN_NAME']]['quotes'] = 'auto';
                     $this->table_info[$field['COLUMN_NAME']]['can_bind_param'] = true;
                 }
                 break;
             case 'sqlsrv':
             case 'mssql':
                 $strsql = "select * from information_schema.columns where table_name = '{$this->table}'";
                 if (!empty($this->schema)) {
                     $strsql .= " and table_schema = '{$this->schema}'";
                 }
                 $data1->data_query($strsql);
                 $meta_data = $data1->data_assoc_result();
                 foreach ($meta_data as $field) {
                     $this->table_info[$field['COLUMN_NAME']] = array();
                     $this->table_info[$field['COLUMN_NAME']]['data_type'] = $field['DATA_TYPE'];
                     $this->table_info[$field['COLUMN_NAME']]['length'] = $field['CHARACTER_MAXIMUM_LENGTH'];
                     $this->table_info[$field['COLUMN_NAME']]['nullable'] = strtoupper($field['IS_NULLABLE']) == 'YES' ? 1 : 0;
                     $this->table_info[$field['COLUMN_NAME']]['load_default'] = $field['COLUMN_DEFAULT'];
                     $this->table_info[$field['COLUMN_NAME']]['no_save'] = false;
                     $this->table_info[$field['COLUMN_NAME']]['no_load'] = false;
                     $this->table_info[$field['COLUMN_NAME']]['quotes'] = 'auto';
                     $this->table_info[$field['COLUMN_NAME']]['can_bind_param'] = true;
                 }
                 break;
             case 'sqlite':
                 break;
             case 'db2':
                 if (!strstr($this->table, '/')) {
                     trigger_error('Table and schema must be specified in the format of [SCHEMA]/[TABLE]');
                 } else {
                     list($schema, $table) = explode('/', $this->table);
                     $strsql = "\n\t\t\t\t\t\t\tSELECT \n\t\t\t\t\t\t\t\t* \n\t\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\t\tQSYS2/SYSCOLUMNS \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\tTABLE_NAME = '{$table}' \n\t\t\t\t\t\t\t\tand TABLE_SCHEMA = '{$schema}'\n\t\t\t\t\t\t";
                     $data1->data_query($strsql);
                     $meta_data = rs_trim($data1->data_assoc_result(), true, true);
                     foreach ($meta_data as $field) {
                         $this->table_info[$field['COLUMN_NAME']] = array();
                         $this->table_info[$field['COLUMN_NAME']]['data_type'] = $field['DATA_TYPE'];
                         $this->table_info[$field['COLUMN_NAME']]['length'] = $field['LENGTH'];
                         $this->table_info[$field['COLUMN_NAME']]['nullable'] = strtoupper($field['IS_NULLABLE']) == 'Y' ? 1 : 0;
                         $this->table_info[$field['COLUMN_NAME']]['load_default'] = strtoupper($field['HAS_DEFAULT']) == 'Y' ? $field['COLUMN_DEFAULT'] : '';
                         $load_def =& $this->table_info[$field['COLUMN_NAME']]['load_default'];
                         if ($load_def[0] == "'") {
                             $load_def = substr($load_def, 1);
                         }
                         if ($load_def[strlen($load_def) - 1] == "'") {
                             $load_def = substr($load_def, 0, strlen($load_def) - 1);
                         }
                         $load_def = trim($load_def);
                         $this->table_info[$field['COLUMN_NAME']]['no_save'] = false;
                         $this->table_info[$field['COLUMN_NAME']]['no_load'] = false;
                         $this->table_info[$field['COLUMN_NAME']]['quotes'] = 'auto';
                         $this->table_info[$field['COLUMN_NAME']]['can_bind_param'] = true;
                     }
                 }
                 break;
         }
     }
     return true;
 }
Example #4
0
 public function render($buffer = false)
 {
     //============================================
     // Pull items from database
     //============================================
     $data = new data_trans($this->data_src);
     $data->data_query($this->strsql);
     $result = $data->data_assoc_result();
     $this->inset_val = '';
     ob_start();
     if (!is_array($this->select_value)) {
         settype($this->select_value, 'string');
     }
     //============================================
     // Added "Blank" Options
     //============================================
     foreach ($this->blank as $bv) {
         //-----------------------------------------
         // Option Attributes: Value
         //-----------------------------------------
         $o_attrs = array('value' => $bv[0]);
         //-----------------------------------------
         // Selected Value
         //-----------------------------------------
         if (isset($this->select_value)) {
             if (is_array($this->select_value) && isset($this->select_value[$bv[0]])) {
                 $o_attrs['selected'] = 'selected';
             } else {
                 settype($bv[0], 'string');
                 if ($this->select_value === $bv[0]) {
                     $o_attrs['selected'] = 'selected';
                 }
             }
         }
         //-----------------------------------------
         // Create Option Element
         //-----------------------------------------
         $o = new gen_element('option', $bv[1], $o_attrs);
         $o->force_endtag(1);
         //-----------------------------------------
         // Element Attributes
         //-----------------------------------------
         if (isset($this->elements_attrs[$bv[0]])) {
             $o->attrs($this->elements_attrs[$bv[0]]);
         }
         $o->render();
     }
     //============================================
     // Options
     //============================================
     $opt_group = null;
     foreach ($result as $row) {
         //-----------------------------------------
         // Option Attributes: Value
         //-----------------------------------------
         $o_attrs = array('value' => $row[$this->opt_key]);
         //-----------------------------------------
         // Option Group
         //-----------------------------------------
         if ($this->opt_group && isset($row[$this->opt_group]) && $row[$this->opt_group] !== $opt_group) {
             $opt_group = $row[$this->opt_group];
             print new gen_element('optgroup', '', array('label' => $row[$this->opt_group]));
         }
         //-----------------------------------------
         // Selected Value
         //-----------------------------------------
         if (isset($this->select_value)) {
             settype($row[$this->opt_key], 'string');
             if ($this->select_value === $row[$this->opt_key]) {
                 $o_attrs['selected'] = 'selected';
             }
         }
         //-----------------------------------------
         // Selected Value
         //-----------------------------------------
         if (isset($this->select_value)) {
             if (is_array($this->select_value) && isset($this->select_value[$row[$this->opt_key]])) {
                 $o_attrs['selected'] = 'selected';
             } else {
                 settype($row[$this->opt_key], 'string');
                 if ($this->select_value === $row[$this->opt_key]) {
                     $o_attrs['selected'] = 'selected';
                 }
             }
         }
         //-----------------------------------------
         // Create Option Element
         //-----------------------------------------
         $o = new gen_element('option', $row[$this->opt_val], $o_attrs);
         $o->force_endtag(1);
         //-----------------------------------------
         // Element Attributes
         //-----------------------------------------
         if (isset($this->elements_attrs[$row[$this->opt_key]])) {
             $o->attrs($this->elements_attrs[$row[$this->opt_key]]);
         }
         //-----------------------------------------
         // Output
         //-----------------------------------------
         $o->render();
     }
     $this->inset_val .= ob_get_clean();
     parent::render($buffer);
 }
Example #5
0
function qdb_lookup($data_source, $sql, $fields = '', $bind_params = false, $opts = false)
{
    // Check if fields are not specified
    if ($fields == '') {
        trigger_error('ERROR: qdb_lookup(): No return fields specified!!');
    }
    // New Data Transaction
    $data1 = new data_trans($data_source);
    if (!empty($opts['debug'])) {
        $data1->data_debug(true);
    }
    $data1->set_opt('make_bind_params_refs', 1);
    // Use Bind Parameters
    if (is_array($bind_params) && count($bind_params)) {
        // Prepare Query
        $prep_status = $data1->prepare($sql);
        // Execute Query
        $exec_status = $data1->execute($bind_params);
    } else {
        // Execute Query
        $query_result = $data1->data_query($sql);
    }
    // Pull result set
    $result = $data1->data_assoc_result();
    // If result set empty, return false
    if (count($result) <= 0) {
        return false;
    } else {
        // Multiple fields specified
        if (is_array($fields)) {
            $return_vals = array();
            foreach ($fields as $index) {
                if (array_key_exists($index, $result[0])) {
                    $return_vals[$index] = $result[0][$index];
                } else {
                    trigger_error("ERROR: qdb_lookup(): Field '{$index}' does not exist in record set!!");
                }
            }
        } else {
            if (array_key_exists($fields, $result[0])) {
                return $result[0][$fields];
            } else {
                trigger_error("ERROR: qdb_lookup(): Field '{$fields}' does not exist in record set!!");
            }
        }
    }
}