/** * Prepares the delete SQL query to be executed * @access protected */ function prepareSQL() { tNG_log::log('tNG_delete', 'prepareSQL', 'begin'); parent::prepareSQL(); // check if we have a valid primaryKey if (!$this->primaryKey) { $ret = new tNG_error('DEL_NO_PK_SET', array(), array()); } // check the primary key value if (!isset($this->primaryKeyColumn['value'])) { $ret = new tNG_error('DEL_NO_PK_VAL', array(), array()); } $ret = null; $sql = 'DELETE FROM ' . $this->table . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' = '; $sql .= KT_escapeForSql($this->primaryKeyColumn['value'], $this->primaryKeyColumn['type']); $this->setSQL($sql); tNG_log::log('tNG_delete', 'prepareSQL', 'end'); return $ret; }
/** * Prepares the insert SQL query to be executed * @access protected */ function prepareSQL() { tNG_log::log('tNG_insert', 'prepareSQL', 'begin'); parent::prepareSQL(); // check the columns number $sql = 'INSERT INTO ' . $this->table; $tmColStr = $tmValStr = ''; $KT_sp = false; //generate the column and the value strings foreach ($this->columns as $colName => $colDetail) { $colType = $colDetail['type']; $colValue = $colDetail['value']; $colMethod = $colDetail['method']; if ($colMethod != 'HIDDEN') { // if we handle a hidden field, we should not use it in the update SQL. $sep = $KT_sp ? ', ' : ''; // set the separator ',' (first time will be none) $KT_sp = true; //build the nameList and valueList $tmColStr = $tmColStr . $sep . KT_escapeFieldName($colName); if ($colType == "FILE_TYPE") { // if we handle a file upload, the file name will be set afterwards. $tmValStr = $tmValStr . $sep . "''"; } else { $tmValStr = $tmValStr . $sep . KT_escapeForSql($colValue, $colType); } } } if (!$KT_sp) { // no column was actually added die('tNG_insert.prepareSQL:<br />Please specify some fields to insert.'); } // build the final SQL $sql .= ' (' . $tmColStr . ') values (' . $tmValStr . ')'; $this->setSQL($sql); tNG_log::log('tNG_insert', 'prepareSQL', 'end'); return null; }
function sortList($primaryKeyValue, $foreignKeyValue, $over_primaryKeyValue, $insert_position) { if ($insert_position != "before" && $insert_position != "after") { $insert_position = "before"; } require_once realpath(dirname(__FILE__) . '/' . '/../../../../Connections/' . $this->connectionName . '.php'); $hostname = 'MM_' . $this->connectionName . '_HOSTNAME'; $connWrap = null; if (empty($GLOBALS[$hostname])) { // we are on mysql // Make unified connection variable $database = 'database_' . $this->connectionName; $connWrap = new KT_Connection($GLOBALS[$this->connectionName], $GLOBALS[$database]); } else { $connWrap = $GLOBALS[$this->connectionName]; } // GET CURRENT ORDER VALUE $sql = 'SELECT ' . KT_escapeFieldName($this->orderFieldName) . ' FROM ' . $this->tableName . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' = ' . KT_escapeForSql($primaryKeyValue, "NUMERIC_TYPE"); $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'select current order failed: ' . $connWrap->ErrorMsg())); } // UPDATE ORDER VALUE IF CURRENT IS NULL if (is_null($rs->Fields($this->orderFieldName))) { // update order to the max + 1 value $sql = 'SELECT MAX(' . KT_escapeFieldName($this->orderFieldName) . ')+1 as max_order' . ' FROM ' . $this->tableName; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'select max order failed: ' . $connWrap->ErrorMsg())); } $max_order = (int) $rs->Fields("max_order"); $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderFieldName) . ' = ' . KT_escapeForSql($max_order, "NUMERIC_TYPE") . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' = ' . KT_escapeForSql($primaryKeyValue, "NUMERIC_TYPE"); $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'update order value failed: ' . $connWrap->ErrorMsg())); } return "OK"; } $currentOrderValue = (int) $rs->Fields($this->orderFieldName); // GET TARGET POSITION $insert_as_min = false; $insert_as_max = false; if (!isset($over_primaryKeyValue) || $over_primaryKeyValue == "") { if ($insert_position == "before") { $sql = 'SELECT MIN(' . KT_escapeFieldName($this->orderFieldName) . ') as target_order'; $insert_as_min = true; } else { $sql = 'SELECT MAX(' . KT_escapeFieldName($this->orderFieldName) . ') as target_order'; $insert_as_max = true; } $sql .= ' FROM ' . $this->tableName . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' != ' . KT_escapeForSql($primaryKeyValue, "NUMERIC_TYPE"); if (isset($this->foreignKey)) { if (isset($foreignKeyValue) && $foreignKeyValue != "") { $sql .= ' AND ' . KT_escapeFieldName($this->foreignKey) . ' = ' . KT_escapeForSql($foreignKeyValue, "NUMERIC_TYPE"); } else { $sql .= ' AND ' . KT_escapeFieldName($this->foreignKey) . ' is null OR ' . KT_escapeFieldName($this->foreignKey) . '=0'; } } $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'select target order failed: ' . $connWrap->ErrorMsg())); } if ($rs->EOF) { // keep the current value for order, as there are no other items in the category return 'OK'; } $targetOrderValue = (int) $rs->Fields("target_order"); } else { $sql = 'SELECT ' . KT_escapeFieldName($this->orderFieldName) . ' FROM ' . $this->tableName . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' = ' . KT_escapeForSql($over_primaryKeyValue, "NUMERIC_TYPE"); $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'select targeted order failed: ' . $connWrap->ErrorMsg())); } $targetOrderValue = (int) $rs->Fields($this->orderFieldName); if ($insert_position == "after") { if ($currentOrderValue > $targetOrderValue) { $sql = 'SELECT ' . KT_escapeFieldName($this->orderFieldName) . ' FROM ' . $this->tableName . ' WHERE ' . KT_escapeFieldName($this->orderFieldName) . ' > ' . KT_escapeForSql($targetOrderValue, "NUMERIC_TYPE") . ' ORDER BY ' . KT_escapeFieldName($this->orderFieldName) . ' ASC'; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'select targeted order value failed: ' . $connWrap->ErrorMsg())); } if (!$rs->EOF) { $targetOrderValue = (int) $rs->Fields($this->orderFieldName); } } } else { if ($currentOrderValue < $targetOrderValue) { $sql = 'SELECT ' . KT_escapeFieldName($this->orderFieldName) . ' FROM ' . $this->tableName . ' WHERE ' . KT_escapeFieldName($this->orderFieldName) . ' < ' . KT_escapeForSql($targetOrderValue, "NUMERIC_TYPE") . ' ORDER BY ' . KT_escapeFieldName($this->orderFieldName) . ' DESC'; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'select targeted order value failed: ' . $connWrap->ErrorMsg())); } if (!$rs->EOF) { $targetOrderValue = (int) $rs->Fields($this->orderFieldName); } } } } if ($currentOrderValue < $targetOrderValue) { if (!$insert_as_min) { // if the order field has unique key set on it, must assure thare are no duplicates in order field // get the max + 1 value $sql = 'SELECT MAX(' . KT_escapeFieldName($this->orderFieldName) . ')+1 as max_order' . ' FROM ' . $this->tableName; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'assure unique order: select max order failed: ' . $connWrap->ErrorMsg())); } $max_order = (int) $rs->Fields("max_order"); // add max+1 value to all the items that need to be shift $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderFieldName) . '=' . KT_escapeFieldName($this->orderFieldName) . '+ ' . $max_order . ' WHERE ' . KT_escapeFieldName($this->orderFieldName) . ' <= ' . $targetOrderValue . ' AND ' . KT_escapeFieldName($this->orderFieldName) . ' > ' . $currentOrderValue; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'shift order values: ' . $connWrap->ErrorMsg())); } // place current item to its final position $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderFieldName) . '=' . $targetOrderValue . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' = ' . KT_escapeForSql($primaryKeyValue, "NUMERIC_TYPE"); $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'update item position: ' . $connWrap->ErrorMsg())); } // substract (max+2) from all the items that were previously shift $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderFieldName) . '=' . KT_escapeFieldName($this->orderFieldName) . ' - ' . ($max_order + 1) . ' WHERE ' . KT_escapeFieldName($this->orderFieldName) . ' >= ' . $max_order; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'shift back order values: ' . $connWrap->ErrorMsg())); } } } if ($currentOrderValue > $targetOrderValue) { if (!$insert_as_max) { // if the order field has unique key set on it, must assure thare are no duplicates in order field // get the max + 1 value $sql = 'SELECT MAX(' . KT_escapeFieldName($this->orderFieldName) . ')+1 as max_order' . ' FROM ' . $this->tableName; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'assure unique order: select max order failed: ' . $connWrap->ErrorMsg())); } $max_order = (int) $rs->Fields("max_order"); // add max+1 value to all the items that need to be shift $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderFieldName) . '=' . KT_escapeFieldName($this->orderFieldName) . '+ ' . $max_order . ' WHERE ' . KT_escapeFieldName($this->orderFieldName) . ' >= ' . $targetOrderValue . ' AND ' . KT_escapeFieldName($this->orderFieldName) . ' < ' . $currentOrderValue; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'shift order values: ' . $connWrap->ErrorMsg())); } // place current item to its final position $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderFieldName) . '=' . $targetOrderValue . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' = ' . KT_escapeForSql($primaryKeyValue, "NUMERIC_TYPE"); $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'update item position: ' . $connWrap->ErrorMsg())); } // substract (max+2) from all the items that were previously shift $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderFieldName) . '=' . KT_escapeFieldName($this->orderFieldName) . ' - ' . ($max_order - 1) . ' WHERE ' . KT_escapeFieldName($this->orderFieldName) . ' >= ' . $max_order; $rs = $connWrap->Execute($sql); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'shift back order values: ' . $connWrap->ErrorMsg())); } } } return "OK"; }
/** * transform the date value in a valid SQL condition; used for calculating the filter * @param string column name; * @param array column array information * @param column value; * @return string; * @access public */ function prepareDateCondition($columnName, &$arr, $value) { $year = ''; $month = ''; $day = ''; $hour = ''; $min = ''; $sec = ''; $dateType = ''; $modifier = ''; $date1 = ''; $date2 = ''; $compareType1 = ''; $compareType2 = ''; $condJoin = ''; $cond = ''; $myDate = ''; $dateArr = array(); if (!isset($GLOBALS['KT_db_time_format_internal'])) { KT_getInternalTimeFormat(); } // extract modifier and date from value if (preg_match('/^(<|>|=|<=|>=|=<|=>|<>|!=)\\s*\\d+.*$/', $value, $matches)) { $modifier = trim($matches[1]); $value = trim(substr($value, strlen($modifier))); } elseif (preg_match('/^[^\\d]+/', $value)) { $ret = ''; return $ret; } // prepare modifier for databases that do not support != if ($modifier == '!=') { $modifier = '<>'; } /* date pieces isolation */ // year only if (preg_match('/^\\d+$/', $value)) { $dateType = 'y'; $year = $value; } // year month if (preg_match('/^\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+$/', $value)) { $dateType = 'm'; $dateArr = preg_split('/([-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,])/', $value, -1, PREG_SPLIT_NO_EMPTY); $month = $dateArr[0]; $year = $dateArr[1]; if (strlen($month) > 2) { $month = $dateArr[1]; $year = $dateArr[0]; } } // full date (year, month, day) if (preg_match('/^\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+$/', $value)) { $dateType = 'd'; list($year, $month, $day) = $this->getDateParts($value); } // full date & hour if (preg_match('/^\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+\\s+\\d+[^\\d]*$/', $value)) { $dateType = 'h'; $myParts = strpos($value, ' '); $datePart = substr($value, 0, $myParts); $timePart = substr($value, $myParts + 1); list($year, $month, $day) = $this->getDateParts($datePart); list($hour, $min, $sec) = $this->getTimeParts($timePart, 'HH'); } // full date + hour, minutes if (preg_match('/^\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+\\s+\\d+:\\d+[^\\d]*$/', $value)) { $dateType = 'i'; $myParts = strpos($value, ' '); $datePart = substr($value, 0, $myParts); $timePart = substr($value, $myParts + 1); list($year, $month, $day) = $this->getDateParts($datePart); list($hour, $min, $sec) = $this->getTimeParts($timePart, 'HH:ii'); } // full date time if (preg_match('/^\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+[-\\/\\[\\]\\(\\)\\*\\|\\+\\.=,]{1}\\d+\\s+\\d+:\\d+:\\d+[^\\d]*$/', $value)) { $dateType = 's'; $myParts = strpos($value, ' '); $datePart = substr($value, 0, $myParts); $timePart = substr($value, $myParts + 1); list($year, $month, $day) = $this->getDateParts($datePart); list($hour, $min, $sec) = $this->getTimeParts($timePart, 'HH:ii:ss'); } if ($dateType == '') { $dateType = 't'; $value = KT_formatDate2DB($value); } /* prepare date parts */ // 1 or 2 digits year if (preg_match('/^\\d{1,2}$/', $year)) { if ($year < 70) { $year = 2000 + $year; } else { $year = 1900 + $year; } } if ($month < 1 || $month > 12) { $month = '01'; } if ($hour > 23) { $hour = '00'; } if ($min > 59) { $min = '00'; } if ($sec > 59) { $sec = '00'; } /* prepare condition operators based on modifiers */ switch ($modifier) { case '>=': $compareType1 = '>='; $compareType2 = ''; $condJoin = ''; break; case '<=': $compareType1 = ''; $compareType2 = '<='; $condJoin = ''; break; case '<': $compareType1 = '<'; $compareType2 = ''; $condJoin = ''; break; case '>': $compareType1 = ''; $compareType2 = '>'; $condJoin = ''; break; case '<>': $compareType1 = '<'; $compareType2 = '>'; $condJoin = 'OR'; break; default: $compareType1 = '>='; $compareType2 = '<='; $condJoin = 'AND'; break; } /* prepare dates for filtering */ switch ($dateType) { case 'y': $date1 = KT_convertDate($year . '-01-01', 'yyyy-mm-dd', $GLOBALS['KT_db_date_format']); $date2 = KT_convertDate($year . '-12-31', 'yyyy-mm-dd', $GLOBALS['KT_db_date_format']); break; case 'm': $date1 = KT_convertDate($year . '-' . $month . '-01', 'yyyy-mm-dd', $GLOBALS['KT_db_date_format']); $maxday = KT_getDaysOfMonth($month, $year); $date2 = KT_convertDate($year . '-' . $month . '-' . $maxday, 'yyyy-mm-dd', $GLOBALS['KT_db_date_format']); break; case 'd': $date1 = KT_convertDate($year . '-' . $month . '-' . $day . ' 00:00:00', 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $date2 = KT_convertDate($year . '-' . $month . '-' . $day . ' 23:59:59', 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); break; case 'h': $date1 = KT_convertDate($year . '-' . $month . '-' . $day . ' ' . $hour . ':00:00', 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $date2 = KT_convertDate($year . '-' . $month . '-' . $day . ' ' . $hour . ':59:59', 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); break; case 'i': $date1 = KT_convertDate($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $min . ':00', 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $date2 = KT_convertDate($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $min . ':59', 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); break; case 's': $date1 = KT_convertDate($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $min . ':' . $sec, 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $date2 = KT_convertDate($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $min . ':' . $sec, 'yyyy-mm-dd HH:ii:ss', $GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $compareType1 = '='; $compareType2 = ''; $condJoin = ''; break; case 't': $date1 = $value; $date2 = ''; $compareType1 = '='; $compareType2 = ''; $condJoin = ''; break; default: $dateType = ''; $compareType1 = ''; $compareType2 = ''; $condJoin = ''; break; } if ($dateType != '') { $cond = '('; if ($compareType1 != '') { $cond .= KT_escapeFieldName($columnName) . ' ' . $compareType1 . ' ' . KT_escapeForSql($date1, $arr['type']); } if ($compareType2 != '') { if ($compareType1 != '') { $cond .= ' ' . $condJoin . ' '; } $cond .= KT_escapeFieldName($columnName) . ' ' . $compareType2 . ' ' . KT_escapeForSql($date2, $arr['type']); } $cond .= ')'; } return $cond; }
require_once dirname(realpath(__FILE__)) . '/../../Connections/' . $vars['conn'] . '.php'; $KT_conn = ${$vars['conn']}; $KT_conndb = ${'database_' . $vars['conn']}; // mysql adodb abstraction layer if (is_resource($KT_conn)) { $conn = new KT_Connection($KT_conn, $KT_conndb); } else { $conn =& $KT_conn; } KT_setDbType($conn); $el = KT_getRealValue('GET', 'el'); $text = KT_getRealValue('GET', 'text'); $sql = 'INSERT INTO ' . $vars['table'] . ' (' . KT_escapeFieldName($vars['updatefield']) . ') VALUES (' . KT_escapeForSql($text, 'STRING_TYPE') . ')'; $conn->Execute($sql); $ERROR = $conn->ErrorMsg(); $sql = 'SELECT ' . KT_escapeFieldName($vars['idfield']) . ' AS id FROM ' . $vars['table'] . ' WHERE ' . KT_escapeFieldName($vars['updatefield']) . ' = ' . KT_escapeForSql($text, 'STRING_TYPE'); $rsName = $vars['rsName']; ${$rsName} = $conn->Execute($sql); ${'row_' . $rsName} = ${$rsName}->fields; $text = KT_escapeJS($text); //JSRecordset($rsName); ?> <html><body onLoad="parent.MXW_DynamicObject_reportDone('<?php echo $el; ?> ', isError)"> <?php if (${'row_' . $rsName}['id'] != '') { ?> <script> var isError = false;
/** * Get the local recordset associated to this transaction * @return object resource Recordset resource * @access protected */ function getLocalRecordset() { tNG_log::log('tNG_multipleUpdate', 'getLocalRecordset'); $sql = ''; $tmpArr = $this->columns; $tmpArr[$this->primaryKey]['type'] = $this->primaryKeyColumn['type']; $tmpArr[$this->primaryKey]['method'] = $this->primaryKeyColumn['method']; $tmpArr[$this->primaryKey]['reference'] = $this->primaryKeyColumn['reference']; foreach ($tmpArr as $colName => $colDetails) { if ($sql != '') { $sql .= ','; } $sql .= KT_escapeFieldName($colName); } $sql .= ', ' . KT_escapeFieldName($this->primaryKey) . ' as ' . KT_escapeFieldName($this->pkName); $sql = 'SELECT ' . $sql . ' FROM ' . $this->table; $tmp_colValue = KT_getRealValue($this->primaryKeyColumn['method'], $this->primaryKeyColumn['reference'] . "_1"); $pkv = KT_getRealValue($this->primaryKeyColumn['method'], $this->primaryKeyColumn['reference']); if (isset($tmp_colValue)) { $sql = $sql . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' IN ('; $sql = $sql . KT_escapeForSql($pkv, $this->primaryKeyColumn['type']); $cnt = 1; while (true) { $tmp_colValue = KT_getRealValue($this->primaryKeyColumn['method'], $this->primaryKeyColumn['reference'] . "_" . $cnt++); if (isset($tmp_colValue)) { $sql = $sql . ", " . KT_escapeForSql($tmp_colValue, $this->primaryKeyColumn['type']); } else { break; } } $sql = $sql . ')'; } else { $sql = $sql . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . '='; $sql = $sql . KT_escapeForSql($pkv, $this->primaryKeyColumn['type']); } $rs = false; if (isset($_SESSION['KT_lastUsedList']) && isset($_SESSION['sorter_tso_' . $_SESSION['KT_lastUsedList']])) { $tmp_sql = $sql . ' ORDER BY ' . $_SESSION['sorter_tso_' . $_SESSION['KT_lastUsedList']]; $table_columns = array(); if (isset($this->connection->servermodel)) { $res = $this->connection->Execute('SELECT * FROM ' . $this->table . ' LIMIT 1'); $table_columns = array_keys($res->fields); } else { $res = $this->connection->MetaColumns($this->table); foreach ($res as $field => $col) { $table_columns[] = $col->name; } } $order_column = str_replace(' DESC', '', $_SESSION['sorter_tso_' . $_SESSION['KT_lastUsedList']]); $order_column = explode('.', $order_column); $order_column = $order_column[count($order_column) - 1]; if (in_array($order_column, $table_columns)) { if (isset($this->connection->servermodel)) { $rs = $this->connection->MySQL_Execute($tmp_sql); } else { $rs = $this->connection->Execute($tmp_sql); } } } if (!$rs) { if (isset($this->connection->servermodel)) { $rs = $this->connection->MySQL_Execute($sql); } else { $rs = $this->connection->Execute($sql); } } if (!$rs) { tNG_log::log('KT_ERROR'); $this->setError(new tNG_error('MUPD_RS', array(), array($this->connection->ErrorMsg(), $sql))); echo $this->dispatcher->getErrorMsg(); exit; } return $rs; }
/** * Retrieve and store the saved values from database; * @return string * @access public */ function saveData() { tNG_log::log('tNG' . $this->transactionType, "saveData"); $keyName = $this->getPrimaryKey(); $keyValue = $this->getPrimaryKeyValue(); $keyType = $this->getColumnType($keyName); $escapedKeyValue = KT_escapeForSql($keyValue, $keyType); $sql = 'SELECT * FROM ' . $this->getTable() . ' WHERE ' . KT_escapeFieldName($keyName) . ' = ' . $escapedKeyValue; $rs = $this->connection->Execute($sql); if ($rs === false) { return new tNG_error('FIELDS_SAVEDATA_ERROR', array(), array($sql, $this->connection->ErrorMsg())); } $this->savedData = $rs->fields; return null; }
/** * Read the forbidden words file and return the words in an array. * @return array of forbidden words * @access public */ function getWords() { $arr = array(); if ($this->table != '' && $this->field != '') { $sql = 'SELECT ' . KT_escapeFieldName($this->field) . ' AS myfield FROM ' . $this->table; $rs = $this->tNG->connection->Execute($sql); if ($this->tNG->connection->errorMsg() != '') { $this->error = new tNG_error('BADWORDS_SQL_ERROR', array(), array($this->tNG->connection->errorMsg(), $sql)); return $arr; } while (!$rs->EOF) { $arr[] = trim($rs->Fields('myfield')); $rs->MoveNext(); } $rs->Close(); } else { $file = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'tNG_ChkForbiddenWords.txt'; if (!file_exists($file)) { $this->error = new tNG_error('BADWORDS_FILE_ERROR', array(), array($file)); return $arr; } if ($fd = @fopen($file, 'rb')) { while (!feof($fd)) { $tmp = fgets($fd, 4096); $tmp = addcslashes($tmp, '/.()[]{}|^$'); if (trim($tmp) != '') { $arrTmp = explode(',', $tmp); foreach ($arrTmp as $k => $v) { $arr[] = trim($v); } } } fclose($fd); } else { $this->error = new tNG_error('BADWORDS_FILE_ERROR', array(), array($file)); return $arr; } } return $arr; }
/** * Executes all sub-transactions * @access protected */ function prepareSQL() { tNG_log::log('tNG_import', 'prepareSQL', 'begin'); $ret = $this->prepareData(); if ($ret === null) { $this->noSuccess = 0; $this->noSkip = 0; $failed = false; $line = $this->lineStart; $tNGindex = 1; for ($k = 0; $k < count($this->data); $k++) { $dataarr = $this->data[$k]; $skipped = false; $line++; /* if ( !is_array($dataarr) || count($dataarr) < 1 || (count($dataarr) == 1 && reset($dataarr) == '') ) { // skip empty lines continue; } */ // exports the values line to be available for KT_getRealValue and KT_DynamicData unset($GLOBALS[$this->importReference]); $GLOBALS[$this->importReference] = $dataarr; unset($GLOBALS[$this->importReference . '_LINE']); $GLOBALS[$this->importReference . '_LINE'] = $line; $isInsert = true; $uniqueColName = $this->uniqueKey; if ($uniqueColName != '') { $uniqueColDetails = $this->computeMultipleValues($this->columns[$uniqueColName], $tNGindex); if ($uniqueColDetails['value'] != '') { $sql = 'SELECT ' . KT_escapeFieldName($uniqueColName) . ' FROM ' . $this->getTable() . ' WHERE ' . KT_escapeFieldName($uniqueColName) . ' = ' . KT_escapeForSql($uniqueColDetails['value'], $uniqueColDetails['type']); $rs = $this->connection->Execute($sql); if ($rs === false) { $failed = true; $ret = new tNG_error('IMPORT_SQL_ERROR', array(), array($sql, $this->connection->ErrorMsg())); tNG_log::log('KT_ERROR'); break; } if ($rs->recordCount() >= 1) { // duplicates found if ($this->handleDuplicates == "SKIP") { // ignore case $isInsert = false; $this->noSkip++; continue; } if ($this->handleDuplicates == "UPDATE") { // update case $isInsert = false; $this->multTNGs[$tNGindex - 1] = new tNG_update($this->connection); } if ($this->handleDuplicates == "SKIPWITHERROR") { // throw error case $isInsert = false; $skipped = true; $this->noSkip++; $this->multTNGs[$tNGindex - 1] = new tNG_insert($this->connection); $this->multTNGs[$tNGindex - 1]->setError(new tNG_error($this->importType . '_IMPORT_DUPLICATE_ERROR', array($line, $uniqueColDetails['value'], $uniqueColName), array())); } } } } if ($isInsert) { $this->multTNGs[$tNGindex - 1] = new tNG_insert($this->connection); } $this->multTNGs[$tNGindex - 1]->setDispatcher($this->dispatcher); $this->multTNGs[$tNGindex - 1]->multipleIdx = $tNGindex; // register triggers for ($j = 0; $j < sizeof($this->multTriggers); $j++) { call_user_func_array(array(&$this->multTNGs[$tNGindex - 1], "registerConditionalTrigger"), $this->multTriggers[$j]); } $this->multTNGs[$tNGindex - 1]->setTable($this->table); // add columns foreach ($this->columns as $colName => $colDetails) { $colDetails = $this->computeMultipleValues($colDetails, $tNGindex); $this->columns[$colName]['value'] = $colDetails['value']; if ($this->multTNGs[$tNGindex - 1]->transactionType == '_update') { if ($colName != $uniqueColName) { $this->multTNGs[$tNGindex - 1]->addColumn($colName, $colDetails['type'], $colDetails['method'], $colDetails['reference']); } } else { $this->multTNGs[$tNGindex - 1]->addColumn($colName, $colDetails['type'], $colDetails['method'], $colDetails['reference'], $colDetails['default']); } } if ($this->multTNGs[$tNGindex - 1]->transactionType == '_update') { $this->multTNGs[$tNGindex - 1]->setPrimaryKey($uniqueColName, $uniqueColDetails['type'], 'VALUE', $uniqueColDetails['value']); } else { $this->multTNGs[$tNGindex - 1]->setPrimaryKey($this->primaryKey, $this->primaryKeyColumn['type']); } $this->multTNGs[$tNGindex - 1]->compileColumnsValues(); if ($this->getError()) { $this->multTNGs[$tNGindex - 1]->setError($this->getError()); } $this->multTNGs[$tNGindex - 1]->setStarted(true); $this->multTNGs[$tNGindex - 1]->doTransaction(); if (!$skipped) { if ($this->multTNGs[$tNGindex - 1]->getError()) { $err = $this->multTNGs[$tNGindex - 1]->getError(); $tmp_all_errmsg = ''; $tmp_unique_details = ''; if ($uniqueColName != '') { if ($uniqueColDetails['value'] != '') { $tmp_unique_details = ' (' . $uniqueColName . ' = ' . $uniqueColDetails['value'] . ')'; } } foreach ($err->fieldErrors as $tmp_col => $tmp_errmsg) { $tmp_all_errmsg .= "\n<br /> - " . $tmp_col . " : " . $tmp_errmsg; } if ($tmp_all_errmsg == '') { $tmp_all_errmsg = $err->getDetails(); } $lineErr = $line . $tmp_unique_details; $newErr = new tNG_error($this->importType . '_IMPORT_LINE_ERROR', array($lineErr, $tmp_all_errmsg), array()); $this->multTNGs[$tNGindex - 1]->setError($newErr); $failed = true; } else { $this->noSuccess++; if ($this->getPrimaryKey() == $this->multTNGs[$tNGindex - 1]->getPrimaryKey()) { $this->primaryKeyColumn['value'] = $this->multTNGs[$tNGindex - 1]->getPrimaryKeyValue(); } } } $tNGindex++; } if (!$failed) { for ($i = 0; $i < sizeof($this->multTNGs); $i++) { if ($this->multTNGs[$i]->getError()) { $failed = true; $ret = new tNG_error('IMPORT_SKIPPED', array(), array()); tNG_log::log('KT_ERROR'); break; } } } if ($failed) { if ($ret === null) { $ret = new tNG_error('IMPORT_ERROR', array(), array()); tNG_log::log('KT_ERROR'); } if ($this->executeSubSets === false) { for ($i = 0; $i < sizeof($this->multTNGs); $i++) { if (!$this->multTNGs[$i]->getError()) { $this->multTNGs[$i]->setError($ret); $this->multTNGs[$i]->executeTriggers('ERROR'); } } } } if ($this->executeSubSets === false) { $this->noSuccess = 0; } } else { tNG_log::log('KT_ERROR'); } tNG_log::log('tNG_import', 'prepareSQL', 'end'); return $ret; }
function UpdateOrder($id, $order) { $sql = 'UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->orderField) . ' = ' . KT_escapeForSql($order, "NUMERIC_TYPE") . ' WHERE ' . KT_escapeFieldName($this->pk) . ' = ' . KT_escapeForSql($id, $this->pkType); $this->connection->Execute($sql) or die("Internal Error. Table Order:<br/>\n" . $this->connection->ErrorMsg()); }
/** * contruct the SQL and execute it. it is using as value for the field the primarey key value from the transaction; * return mix null or error object; * @access public */ function Execute() { $pk_value = $this->tNG->getPrimaryKeyValue(); $pk_type = $this->tNG->getColumnType($this->tNG->getPrimaryKey()); $pk_value = KT_escapeForSql($pk_value, $pk_type); if (count($this->fileRenameRule) > 0 || count($this->folderRenameRule) > 0) { $sql = 'SELECT * FROM ' . $this->table . ' WHERE ' . KT_escapeFieldName($this->field) . " = " . $pk_value; $rs = $this->tNG->connection->Execute($sql); if ($rs === false) { return new tNG_error('DEL_DR_SQL_ERROR', array(), array($this->tNG->connection->ErrorMsg(), $sql)); } if ($rs->RecordCount() == 0) { return null; } } // prepare to delete files if (count($this->fileRenameRule) > 0) { $fullFileName = array(); $fullFileNameFolder = array(); for ($i = 0; $i < count($this->fileRenameRule); $i++) { while (!$rs->EOF) { $arr = array(); foreach ($rs->fields as $col => $value) { $arr[$col] = $value; } $folder = $this->fileFolder[$i]; $fileName = KT_DynamicData($this->fileRenameRule[$i], $this->tNG, '', false, $arr); // security if (substr(KT_realpath($folder . $fileName), 0, strlen($folder)) != $folder) { $baseFileName = dirname(KT_realpath($folder . $fileName, false)); $ret = new tNG_error("FOLDER_DEL_SECURITY_ERROR", array(), array($baseFileName, $folder)); return $ret; } $fullFileName[] = $fileName; $fullFileNameFolder[] = $folder; $rs->MoveNext(); } $rs->MoveFirst(); } } // prepare to delete related folders if (count($this->folderRenameRule) > 0) { $relatedFolder = array(); for ($i = 0; $i < count($this->folderRenameRule); $i++) { while (!$rs->EOF) { $arr = array(); foreach ($rs->fields as $col => $value) { $arr[$col] = $value; } $folder = $this->folder[$i]; $f = KT_DynamicData($this->folderRenameRule[$i], $this->tNG, '', false, $arr); // security if (substr(KT_realpath($folder . $f), 0, strlen($folder)) != $folder) { $baseFileName = dirname(KT_realpath($folder . $f, false)); $ret = new tNG_error("FOLDER_DEL_SECURITY_ERROR", array(), array($baseFileName, $folder)); return $ret; } $relatedFolder[] = $folder . $f; $rs->MoveNext(); } $rs->MoveFirst(); } } // delete reocords $sql = "DELETE FROM " . $this->table . " WHERE " . KT_escapeFieldName($this->field) . " = " . $pk_value; $ret = $this->tNG->connection->Execute($sql); if ($ret === false) { return new tNG_error('DEL_DR_SQL_ERROR', array(), array($this->tNG->connection->ErrorMsg(), $sql)); } // delete files if (count($this->fileRenameRule) > 0) { for ($i = 0; $i < count($fullFileName); $i++) { if (file_exists($fullFileNameFolder[$i] . $fullFileName[$i])) { $delRet = @unlink($fullFileNameFolder[$i] . $fullFileName[$i]); $path_info = KT_pathinfo($fullFileNameFolder[$i] . $fullFileName[$i]); $this->deleteThumbnails($path_info['dirname'] . '/thumbnails/', $path_info['basename']); } } } // delete related folder if (count($this->folderRenameRule) > 0) { for ($i = 0; $i < count($relatedFolder); $i++) { $folder = new KT_Folder(); // delete thumbnails $folder->deleteFolderNR($relatedFolder[$i]); } } return null; }
/** * Return the values for extra columns to use in insert/update SQL; * Only for PRO version * @param string foreign key value * @param array selected values * @return array * @access public */ function getExtraColumnsValues($fk, $insertValues) { $arr = array(); if (!in_array($fk, $insertValues)) { return $arr; } if (count($this->columns) > 0) { $arr['cols'] = array(); $arr['values'] = array(); $arr['update'] = array(); $fkReference = $this->fkReference; $idxReference = ""; if (isset($this->tNG->multipleIdx)) { $idxReference = '_' . $this->tNG->multipleIdx; $idxReference = preg_quote($idxReference, '/'); } $fkReference = preg_quote($fkReference, '/'); foreach ($this->columns as $colName => $arrTmp) { $arr['cols'][] = KT_escapeFieldName($colName); if ($arrTmp['method'] == 'VALUE') { $arr['values'][] = KT_escapeForSql($arrTmp['value'], $arrTmp['type'], false); $arr['update'][] = KT_escapeFieldName($colName) . '=' . $arr['values'][count($arr['values']) - 1]; } else { $found = false; foreach ($_POST as $key => $val) { if (preg_match('/^' . $fkReference . '_' . $colName . '_' . $fk . $idxReference . '$/', $key)) { if ($arrTmp['type'] == 'DATE_TYPE') { $val = KT_formatDate2DB($val); } $arr['values'][] = KT_escapeForSql($val, $arrTmp['type'], false); $arr['update'][] = KT_escapeFieldName($colName) . '=' . $arr['values'][count($arr['values']) - 1]; $found = true; break; } } if (!$found && $this->columns[$colName]['default'] != '') { $val = KT_DynamicData($this->columns[$colName]['default'], null); if ($this->columns[$colName]['type'] == 'DATE_TYPE') { $val = KT_formatDate2DB($val); } $arr['values'][] = KT_escapeForSql($val, $arrTmp['type'], false); $arr['update'][] = KT_escapeFieldName($colName) . '=' . $arr['values'][count($arr['values']) - 1]; } } } } return $arr; }
/** * Main method of the class. Update the value of the order column; * @return mix null or error object * @access public */ function Execute() { $sql = 'SELECT MAX(' . KT_escapeFieldName($this->field) . ') + 1 AS kt_sortvalue FROM ' . $this->table; if ($this->mode == 'FIRST') { $sql = 'SELECT MIN(' . KT_escapeFieldName($this->field) . ') AS kt_sortvalue FROM ' . $this->table; } $ret = $this->tNG->connection->Execute($sql); if ($ret === false) { return new tNG_error('SET_ORDER_FIELD_SQL_ERROR', array(), array($this->tNG->connection->ErrorMsg(), $sql)); } $value = $ret->Fields('kt_sortvalue'); if ($value == '' || !is_numeric($value)) { $value = 1; } if ($this->mode == 'FIRST') { if ($value < 2) { $sql = 'UPDATE ' . $this->table . ' SET ' . KT_escapeFieldName($this->field) . ' = ' . KT_escapeFieldName($this->field) . ' + 1'; $ret = $this->tNG->connection->Execute($sql); if ($ret === false) { return new tNG_error('SET_ORDER_FIELD_SQL_ERROR', array(), array($this->tNG->connection->ErrorMsg(), $sql)); } } else { $value = $value - 1; } } $this->tNG->addColumn($this->field, 'NUMERIC_TYPE', 'VALUE', $value); return null; }
/** * Get the local recordset associated to this transaction * @return object resource Recordset resource * @access public */ function getLocalRecordset() { tNG_log::log('tNG_update', 'getLocalRecordset'); $sql = ''; $tmpArr = $this->columns; $tmpArr[$this->primaryKey]['type'] = $this->primaryKeyColumn['type']; $tmpArr[$this->primaryKey]['method'] = $this->primaryKeyColumn['method']; $tmpArr[$this->primaryKey]['reference'] = $this->primaryKeyColumn['reference']; foreach ($tmpArr as $colName => $colDetails) { if ($sql != '') { $sql .= ','; } $sql .= KT_escapeFieldName($colName); } $sql .= ', ' . KT_escapeFieldName($this->primaryKey) . ' as ' . KT_escapeFieldName($this->pkName); $sql = 'SELECT ' . $sql . ' FROM ' . $this->table; $sql = $sql . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' ='; $pkValue = KT_getRealValue($this->primaryKeyColumn['method'], $this->primaryKeyColumn['reference']); $sql = $sql . KT_escapeForSql($pkValue, $this->primaryKeyColumn['type']); if (isset($this->connection->servermodel)) { $rs = $this->connection->MySQL_Execute($sql); } else { $rs = $this->connection->Execute($sql); } if (!$rs) { tNG_log::log('KT_ERROR'); $this->setError(new tNG_error('UPD_RS', array(), array($this->connection->ErrorMsg(), $sql))); echo $this->dispatcher->getErrorMsg(); exit; } return $rs; }
function updateValue($pkvalue, $fieldvalue) { if (!$this->isEnabled) { return array('error' => array('code' => 'Update Error', 'message' => 'You don\'t have permission to use the edit inplace!')); } require_once realpath(dirname(__FILE__) . '/' . '/../../../../Connections/' . $this->connectionName . '.php'); $hostname = 'MM_' . $this->connectionName . '_HOSTNAME'; $connWrap = null; if (empty($GLOBALS[$hostname])) { // we are on mysql // Make unified connection variable $database = 'database_' . $this->connectionName; $connWrap = new KT_Connection($GLOBALS[$this->connectionName], $GLOBALS[$database]); } else { $connWrap = $GLOBALS[$this->connectionName]; } $rs = $connWrap->Execute('UPDATE ' . $this->tableName . ' SET ' . KT_escapeFieldName($this->editField) . ' = ' . KT_escapeForSql($fieldvalue, $this->editFieldType) . ' WHERE ' . KT_escapeFieldName($this->primaryKey) . ' = ' . KT_escapeForSql($pkvalue, "NUMERIC_TYPE")); if ($rs !== false) { return "OK"; /* $rs = $connWrap->Execute('SELECT '. KT_escapeFieldName($this->editField) . ' FROM '. $this->tableName . ' WHERE '. KT_escapeFieldName($this->primaryKey) .' = '. KT_escapeForSql($pkvalue, "NUMERIC_TYPE")); if ($rs === false) { return array('error' => array('code' => 'SQL Error', 'message' => 'Field selection error: '.$connWrap->ErrorMsg())); } if (!$rs->EOF) { return $rs->Fields($this->editField); } return ""; */ } else { return array('error' => array('code' => 'SQL Error', 'message' => 'Update failed: ' . $connWrap->ErrorMsg())); } }
function IncludeDynamic(&$connection, $tableName, $urlField, $fileField, $titleField, $keywordsField, $descriptionField) { KT_setDbType($connection); $sql = "SELECT " . KT_escapeFieldName($urlField) . "," . KT_escapeFieldName($fileField); if ($titleField != "") { $sql .= "," . KT_escapeFieldName($titleField); } if ($keywordsField != "") { $sql .= "," . KT_escapeFieldName($keywordsField); } if ($descriptionField != "") { $sql .= "," . KT_escapeFieldName($descriptionField); } $sql .= " FROM " . $tableName; $localRs = $connection->Execute($sql); if (!$localRs) { $res_errorMsg = KT_getResource('SQL_ERROR', 'MXI', array($connection->ErrorMsg(), $sql)); die($res_errorMsg); } $this->IncludeDynamicRecordset($localRs, $urlField, $fileField, $titleField, $keywordsField, $descriptionField); }
/** * execute method of the class; check if record exists and return null or error; * @param none * @return mix null or error object if record exists * @access public */ function Execute() { $where = array(); $i = 0; foreach ($this->field as $field) { if ($i++ == 0) { $first = $field; } $type = $this->tNG->getColumnType($field); $value = $this->tNG->getColumnValue($field); $where[] = KT_escapeFieldName($field) . " = " . KT_escapeForSql($value, $type); } $sql = "SELECT * FROM " . $this->table . " WHERE " . implode(' AND ', $where); if (in_array($this->tNG->transactionType, array('_update', '_multipleUpdate'))) { $pk = $this->tNG->getPrimaryKey(); $pk_value = $this->tNG->getPrimaryKeyValue(); $pk_type = $this->tNG->getColumnType($this->tNG->getPrimaryKey()); $pk_value = KT_escapeForSql($pk_value, $pk_type); $sql .= " AND " . $pk . " <> " . $pk_value; } $ret = $this->tNG->connection->Execute($sql); if ($ret === false) { return new tNG_error('CHECK_TF_SQL_ERROR', array(), array($this->tNG->connection->ErrorMsg(), $sql)); } if (!$ret->EOF) { $useSavedData = false; if (in_array($this->tNG->transactionType, array('_delete', '_multipleDelete'))) { $useSavedData = true; } $this->errorMsg = KT_DynamicData($this->errorMsg, $this->tNG, '', $useSavedData); if ($GLOBALS['tNG_debug_mode'] == 'DEVELOPMENT') { $err = new tNG_error('TRIGGER_MESSAGE__CHECK_UNIQUE', array(implode(', ', $this->field)), array()); } else { $err = new tNG_error('%s', array($this->errorMsg), array()); } if (count($this->field) == 1 && isset($this->tNG->columns[$this->field[$first]])) { // set field error to $this->errorMsg $err->setFieldError($this->field[$first], '%s', array($this->errorMsg)); if ($this->tNG->columns[$this->field[$first]]['method'] != 'POST') { // set composed message as user error $err->addDetails('%s', array($this->errorMsg), array('')); } } else { // set composed message as user error $err->addDetails('%s', array($this->errorMsg), array('')); } return $err; } return null; }
function Trigger_UpdatePassword_CheckOldPassword(&$tNG) { $password_field = $GLOBALS['tNG_login_config']['password_field']; $password_value = $tNG->getColumnValue($password_field); $old_password_value = KT_DynamicData("{POST.old_" . $password_field . "}", $tNG); if ($old_password_value != "" && $password_value == "") { $errObj = new tNG_error("UPDATEPASS_NO_NEW_PASS", array(), array()); $errObj->setFieldError($password_field, "UPDATEPASS_NO_NEW_PASS_FIELDERR", array()); return $errObj; } if ($password_value != "") { if ($GLOBALS['tNG_login_config']['password_encrypt'] == "true") { if ($old_password_value != "") { $old_password_value = tNG_encryptString($old_password_value); } } $table = $GLOBALS['tNG_login_config']['table']; $pk_field = $GLOBALS['tNG_login_config']['pk_field']; $pk_value = KT_escapeForSql($tNG->getPrimaryKeyValue(), $GLOBALS['tNG_login_config']['pk_type']); $sql = "SELECT " . KT_escapeFieldName($password_field) . " FROM " . $table . " WHERE " . KT_escapeFieldName($pk_field) . "=" . $pk_value; $rs = $tNG->connection->Execute($sql); if (!is_object($rs)) { return new tNG_error("LOGIN_RECORDSET_ERR", array(), array()); } if ($rs->RecordCount() == 0) { return new tNG_error("UPDATEPASS_NO_RECORD", array(), array()); } if ($rs->RecordCount() != 1) { return new tNG_error("UPDATEPASS_TOMANY_RECORDS", array(), array()); } $db_password_value = $rs->Fields($GLOBALS['tNG_login_config']['password_field']); if ($db_password_value != $old_password_value) { $tNG->addColumn("old_" . $password_field, "STRING_TYPE", "VALUE", ""); $errObj = new tNG_error("UPDATEPASS_WRONG_OLD_PASS", array(), array()); $errObj->setFieldError("old_" . $password_field, "UPDATEPASS_WRONG_OLD_PASS_FIELDERR", array()); return $errObj; } } return null; }
/** * Increment the counter * @return nothing * @access public */ function incrementCounter() { // increment in the same table if ($this->table != '' && count($this->pk) > 0 && $this->counterField != '') { $fileHash = $this->downloadHash; $this->pk['value'] = $fileHash['pk']; $sql = 'UPDATE ' . $this->table . ' SET ' . KT_escapeFieldName($this->counterField) . ' = ' . KT_escapeFieldName($this->counterField) . '+ 1 WHERE ' . KT_escapeFieldName($this->pk['field']) . ' = ' . KT_escapeForSql($this->pk['value'], $this->pk['type'], false); $ret = $this->conn->Execute($sql); if ($ret === false) { $this->setError(new tNG_error('INCREMENTER_ERROR', array(), array($this->conn->ErrorMsg(), $sql))); return; } } // increment in the MTM table if ($this->counterFieldMtm != '' && $this->tableMtm != '' && count($this->fkMtm) > 0 && count($this->pkMtm) > 0) { $fileHash = $this->downloadHash; if (!isset($fileHash['fkMtm']) || $fileHash['fkMtm'] == '') { $this->setError(new tNG_error('INCREMENTER_ERROR_FK', array(), array($this->fkMtm['field']))); return; } $this->fkMtm['value'] = $fileHash['fkMtm']; if (!isset($fileHash['pkMtm']) || $fileHash['pkMtm'] == '') { $this->setError(new tNG_error('INCREMENTER_ERROR_FK', array(), array($this->pkMtm['field']))); return; } $this->pkMtm['value'] = $fileHash['pkMtm']; $sql = 'UPDATE ' . $this->tableMtm . ' SET ' . KT_escapeFieldName($this->counterFieldMtm) . ' = ' . KT_escapeFieldName($this->counterFieldMtm) . '+ 1 WHERE ' . KT_escapeFieldName($this->pkMtm['field']) . ' = ' . KT_escapeForSql($this->pkMtm['value'], $this->pkMtm['type'], false) . ' AND ' . KT_escapeFieldName($this->fkMtm['field']) . ' = ' . KT_escapeForSql($this->fkMtm['value'], $this->fkMtm['type'], false); $ret = $this->conn->Execute($sql); if ($ret === false) { $this->setError(new tNG_error('INCREMENTER_ERROR', array(), array($this->conn->ErrorMsg(), $sql))); return; } } return null; }
/** * execute method of the class; * @param none * @return mix null or error object if records exists and the value of the throwErrorIfExists; * @access public */ function Execute() { $field_value = KT_escapeForSql($this->value, $this->type); $sql = "SELECT " . KT_escapeFieldName($this->field) . " FROM " . $this->table . " WHERE " . KT_escapeFieldName($this->field) . " = " . $field_value; $ret = $this->tNG->connection->Execute($sql); if ($ret === false) { return new tNG_error('CHECK_TF_SQL_ERROR', array(), array($this->tNG->connection->ErrorMsg(), $sql)); } $useSavedData = false; if (in_array($this->tNG->transactionType, array('_delete', '_multipleDelete'))) { $useSavedData = true; } if ($this->throwErrorIfExists && !$ret->EOF) { $err = new tNG_error('DEFAULT_TRIGGER_MESSAGE', array(), array()); return $err; } if (!$this->throwErrorIfExists && $ret->EOF) { $err = new tNG_error('DEFAULT_TRIGGER_MESSAGE', array(), array()); return $err; } return null; }
/** * Prepares the custom SQL query to be executed * @access protected */ function prepareSQL() { tNG_log::log('tNG_login', 'prepareSQL', 'begin'); $table = $GLOBALS['tNG_login_config']['table']; $pk_column = $this->getPrimaryKey(); $user_column = $GLOBALS['tNG_login_config']['user_field']; $password_column = $GLOBALS['tNG_login_config']['password_field']; $sql = "SELECT " . $table . ".*, " . KT_escapeFieldName($pk_column) . " AS kt_login_id, " . KT_escapeFieldName($user_column) . " AS kt_login_user, " . KT_escapeFieldName($password_column) . " AS kt_login_password "; if (isset($GLOBALS['tNG_login_config']['max_tries']) && isset($GLOBALS['tNG_login_config']['max_tries_field']) && isset($GLOBALS['tNG_login_config']['max_tries_disableinterval']) && isset($GLOBALS['tNG_login_config']['max_tries_disabledate_field']) && $GLOBALS['tNG_login_config']['max_tries'] != '' && $GLOBALS['tNG_login_config']['max_tries_field'] != '' && $GLOBALS['tNG_login_config']['max_tries_disableinterval'] != '' && $GLOBALS['tNG_login_config']['max_tries_disabledate_field'] != '') { $sql .= ', ' . KT_escapeFieldName($GLOBALS['tNG_login_config']['max_tries_field']) . ' AS kt_login_maxtries, ' . KT_escapeFieldName($GLOBALS['tNG_login_config']['max_tries_disabledate_field']) . ' AS kt_login_maxtriesdate '; } if (isset($GLOBALS['tNG_login_config']['registration_date_field']) && isset($GLOBALS['tNG_login_config']['expiration_interval_field']) && isset($GLOBALS['tNG_login_config']['expiration_interval_default']) && $GLOBALS['tNG_login_config']['registration_date_field'] != '' && $GLOBALS['tNG_login_config']['expiration_interval_default'] != '' && $GLOBALS['tNG_login_config']['expiration_interval_field'] != '') { $sql .= ', ' . KT_escapeFieldName($GLOBALS['tNG_login_config']['expiration_interval_field']) . ' AS kt_login_expiration_interval, ' . KT_escapeFieldName($GLOBALS['tNG_login_config']['registration_date_field']) . ' AS kt_login_regdate '; } $sql .= " FROM " . $table; if ($this->loginType == 'form') { $sql .= " WHERE " . KT_escapeFieldName($user_column) . "={kt_login_user}"; } else { $sql .= " WHERE " . KT_escapeFieldName($pk_column) . "={kt_login_id}"; } $sql = KT_DynamicData($sql, $this, "SQL"); $this->setSQL($sql); tNG_log::log('tNG_login', 'prepareSQL', 'end'); return null; }