<?php
require 'authorize.php';
require 'db_login.php';
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require_once "{$root}/lib/inc.php";
//check table Authority
$userAdminLevel = $_SESSION['adminLevel'];
if (domesticSlave($userAdminLevel, 'Zz9')) {
$cQuery = sqlinjection_free($_GET['query']);
if ($_POST['query']) {
$cQuery = $_POST['query'];
}
$filters = split("[?:@\$][?:@\$]", $cQuery);
if (count($filters) > 4) {
echo 'bad query. Duplicate Operators ~&|~';
die;
}
$dbTable = sqlinjection_free(trim($filters[0]));
$dbTable = strtolower($dbTable);
$cQuery = $dbTable . substr($cQuery, strlen($filters[0]));
$cQuery = str_replace($filters[0], $dbTable, $cQuery);
$rFilter = null;
$cString = null;
$sString = null;
$filterCount = 0;
$start = strlen($filters[0]);
for ($i = 1; $i < count($filters); $i++) {
if ($cQuery[strpos($cQuery, $filters[$i], $start) - 1] == '?' and $cQuery[strpos($cQuery, $filters[$i], $start) - 2] == '?' and !$rFilter) {
$rFilter = $filters[$i];
} elseif ($cQuery[strpos($cQuery, $filters[$i], $start) - 1] == ':' and $cQuery[strpos($cQuery, $filters[$i], $start) - 2] == ':' and !$cString) {
}
}
}
}
}
}
foreach ($dbtUpdate['cells'] as $rid => &$row) {
foreach ($row as $cid => &$cell) {
foreach ($cell as $pid => $prop) {
$liveDBTable['cells'][$rid][$cid][$pid] = $prop;
}
}
}
}
echo '<?xml version="1.0" encoding="UTF-8"?><dbTableExecuter>';
if (domesticSlave($_SESSION['adminLevel'], 'Zz8')) {
$dbTable = sqlinjection_free($_POST['dbTable']);
$dbTable = strtolower($dbTable);
$tableOps = explode("\$,\$", $_POST['tableOperation']);
//Get update.
foreach ($_SESSION['tables'] as $utn => $ut) {
$liveDBTable = getLiveTable($utn);
if ($liveDBTable) {
foreach ($liveDBTable['dbtUpdates'] as $i => &$sdbtu) {
if ($sdbtu and !$sdbtu['data']['swallowedBy'][$_SESSION['uid']]) {
$dbtu = $sdbtu['data'];
foreach ($dbtu as $key => &$value) {
if ($key == 'cells') {
foreach ($value as $rid => &$row) {
foreach ($row as $cid => &$cell) {
if ($liveDBTable['usersData'][$_SESSION['uid']]['authorization'] == "*" or $liveDBTable['usersData'][$_SESSION['uid']]['cells'][$rid][$cid]['sKey'] and $cell['sKey'] == $liveDBTable['usersData'][$_SESSION['uid']]['cells'][$rid][$cid]['sKey']) {
function tableAllowed($dbTable)
{
if (authorizeTransit($_SESSION['adminLevel'], 'Zz0')) {
return true;
}
if (domesticSlave($_SESSION['adminLevel'], 'Zz9')) {
if (strpos($dbTable, '_' . $_SESSION['username'])) {
return TRUE;
}
require '../adminLevelDecoder.php';
if (strpos($dbTable, '_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][0]]['label'] . '_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][2]]['label'])) {
return TRUE;
}
}
if (anyDeptSlave($_SESSION['function'][$_POST['role']]['aL'], 'Zz0')) {
require '../adminLevelDecoder.php';
if (strpos($dbTable, strtolower('_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][0]]['label'] . '_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][2]]['label']))) {
return TRUE;
}
}
return FALSE;
}
