require_once 'inheritance/iConnector.inter.php'; require_once 'inheritance/bConnector.class.php'; require_once 'inheritance/iConfig.inter.php'; // helper require_once 'helper/ConnectorSelector.class.php'; require_once 'helper/ParameterObject.class.php'; require_once 'helper/SecureModeHelper.class.php'; $dObj = new ParameterObject($_POST['options']); require_once 'config.class.inc.php'; // the point where the user config is loaded (removed dynamic path configuration from js for security reasons) $desired_connector = $dObj->getAttribute(PO::ATTR_CONNECTOR); $cs = new ConnectorSelector(); $connector = $cs->getConector($desired_connector); // try to select the connector // host, username, password, db $authRes = $connector->authenticate(Config::getHost(), Config::getUsername(), Config::getPassword(), $dObj->getAttribute(PO::ATTR_DATABASE_NAME)); $checkRes = SecureModeHelper::checkTable($dObj->getAttribute(PO::ATTR_TABLE), $dObj); if (is_numeric($checkRes)) { // we are returned a string in valid case or an int in failure case $data = array('success' => false); if ($checkRes === SecureModeHelper::FAILURE_TABLE_INVALID) { $data['error_str'] = 'You tried to us a table which is not on the whitelist due Secure Mode. Disable Secure Mode or add ' . $dObj->getAttribute(PO::ATTR_TABLE) . ' to the list of allowed tables'; } elseif ($checkRes === SecureModeHelper::FAILURE_FIELD_INVALID) { $data['error_str'] = 'You tried to us a table field which is not on the whitelist due Secure Mode. Disable Secure Mode or add all desired fields to the list of allowed fields'; } elseif ($checkRes === SecureModeHelper::FAILURE_DB_INVALID) { $data['error_str'] = 'You tried to select a DB which is not on the whitelist due Secure Mode. Disable Secure Mode or add ' . $dObj->getAttribute(PO::ATTR_DATABASE_NAME) . ' to the list of allowed DBs'; } } elseif (!is_numeric($dObj->getAttribute(PO::ATTR_ELEMENTS_PER_PAGE))) { $data = array('success' => false, 'error_str' => 'You configured Elements-PerPage failed the Security rules'); } elseif (!is_numeric($dObj->getAttribute(PO::ATTR_PAGE)) && !is_null($dObj->getAttribute(PO::ATTR_PAGE))) { $data = array('success' => false, 'error_str' => 'You desired page failed the Security rules');