function Login_Process() { $arg2 = $this->directlogin == true ? 'direct' : ''; // only process if user hit "post" if (gp('gp_posted', '', false) == '') { return; } vgfSet('LoginAttemptOK', false); // Error title vgfSet('ERROR_TITLE', '*'); // If the user supplied a loginUID, this is a post and we // must process the request. $ale = vgaGet('login_errors', array()); $app = $GLOBALS['AG']['application']; $em000 = isset($ale['000']) ? $ale['000'] : "That username/password combination did not work. Please try again."; $em001 = isset($ale['001']) ? $ale['001'] : "That username/password combination did not work. Please try again."; $em002 = isset($ale['002']) ? $ale['002'] : "That username/password combination did not work. Please try again."; $em099 = isset($ale['099']) ? $ale['099'] : "That username/password combination did not work. Please try again."; $terror = ""; $uid = gp('loginUID'); $uid = MakeUserID($uid); //$uid = str_replace('@','_',$uid); //$uid = str_replace('.','_',$uid); $pwd = gp("loginPWD", "", false); // First check, never allow the database server's superuser // account // if ($uid == "postgres") { ErrorAdd($em000); if (vgfGet('loglogins', false)) { sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as postgres"); fwLogEntry('1011', 'Attempt login as postgres', '', $arg2); } return; } $app = $GLOBALS['AG']['application']; if (substr($uid, 0, strlen($app)) == $app) { ErrorAdd($em001); if (vgfGet('loglogins', false)) { sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as group role"); fwLogEntry('1012', 'Attempt login as group role', $uid, $arg2); } return; } // Begin with a connection attempt. // on fail, otherwise continue $tcs = @SQL_CONN($uid, $pwd); if ($tcs === false) { ErrorAdd($em099); if (vgfGet('loglogins', false)) { sysLog(LOG_NOTICE, "Andromeda:{$app}:Bad login attempt server rejected"); fwLogEntry('1013', 'Server rejected username/password', $uid, $arg2); } return; } else { SQL_CONNCLOSE($tcs); } // The rest of this routine uses an admin connection. If we // have an error, we must close the connection before returning! // ...yes, yes, that's bad form, all complaints to /dev/null // if (vgfGet('loglogins', false)) { fwLogEntry('1010', 'Login OK', $uid, $arg2); } scDBConn_Push(); // See if they are a root user. If not, do they have an // active account? $root = false; $admin = false; $group_id_eff = ''; $results = SQL("\n Select oid\n FROM pg_roles \n WHERE rolname = CAST('{$uid}' as name)\n AND rolsuper= true"); $cr = SQL_NUMROWS($results); if ($cr != 0) { $root = true; } else { $results = SQL("Select * from users WHERE LOWER(user_id)='{$uid}'" . "AND (user_disabled<>'Y' or user_disabled IS NULL)"); $cr = SQL_NUMROWS($results); if ($cr == 0) { scDBConn_Pop(); ErrorAdd($em002); sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt code 002"); return; } else { $userinfo = SQL_Fetch_Array($results); $group_id_eff = $userinfo['group_id_eff']; SessionSet('user_name', $userinfo['user_name']); } } // Flag if the user is an administrator if ($root == true) { $admin = true; } else { $results = SQL("select count(*) as admin from usersxgroups " . "where user_id='{$uid}' and group_id ='{$app}" . "_admin'"); $row = SQL_FETCH_ARRAY($results); $admin = intval($row["admin"]) > 0 ? true : false; } // Get the users' groups $groups = ""; if ($root) { $results = SQL("\n select group_id \n from zdd.groups \n where COALESCE(grouplist,'')=''"); } else { $results = SQL("select group_id from usersxgroups WHERE LOWER(user_id)='{$uid}'"); } while ($row = SQL_FETCH_ARRAY($results)) { $agroups[] = "'" . trim($row['group_id']) . "'"; #$groups.=ListDelim($groups)."'".trim($row["group_id"])."'"; } $groups = array(); if (!empty($agroups)) { $groups = implode(",", $agroups); } //scDBConn_Pop(); // We have a successful login. If somebody else was already // logged in, we need to wipe out that person's session. But // don't do this if there was an anonymous login. if (LoggedIn()) { $uid_previous = SessionGet('UID'); if ($uid != $uid_previous) { //Session_Destroy(); SessionReset(); //Index_Hidden_Session_Start(false); } } // We know who they are and that they can connect, // see if there is any app-specific confirmation required // if (function_exists('app_login_process')) { //echo "Calling the process now"; if (!app_login_process($uid, $pwd, $admin, $groups)) { return; } } // Protect the session from hijacking, generate a new ID Session_regenerate_id(); // We now have a successful connection, set some // flags and lets go // vgfSet('LoginAttemptOK', true); SessionSet("UID", $uid); SessionSet("PWD", $pwd); SessionSet("ADMIN", $admin); SessionSet("ROOT", $root); SessionSet("GROUP_ID_EFF", $group_id_eff); SessionSet("groups", $groups); if (gp('gpz_page') == '') { # KFD 9/12/08, extra command to not change page if (gp('st2keep') != 1) { gpSet('gp_page', ''); } } $GLOBALS['session_st'] = 'N'; // for "N"ormal // ------------------------------------------------------------------- // We are about to make the menu. Before doing so, see if there // are any variables set for the menu layout. Set defaults and then // load from database. // $this->pmenu = array('MENU_TYPE' => vgaGet('MENU_TYPE', 'div'), 'MENU_CLASS_MODL' => vgaGet('MENU_CLASS_MODL', 'modulename'), 'MENU_CLASS_ITEM' => vgaGet('MENU_CLASS_ITEM', 'menuentry'), 'MENU_TICK' => vgaGET('MENU_TICK', ' - ')); //$sql = "SELECT * from variables WHERE variable like 'MENU%'"; //$dbres = SQL($sql); //while ($row = SQL_FETCH_ARRAY($dbres)) { // $this->pmenu[trim($row['variable'])]=trim($row['variable_value']); //} // ------------------------------------------------------------------- // KFD 10/28/06, Modified to examine "nomenu" instead of permsel // pulls all tables user has nomenu='N'. The basic idea is // to remove from $AGMENU the stuff they don't see // // GET AGMENU $AGMENU = array(); // avoid compiler warning, populated next line include "ddmodules.php"; // Pull distinct modules person has any menu options in. $sq = "SELECT DISTINCT module\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND group_id iN ({$groups})"; $modules = SQL_AllRows($sq, 'module'); $AGkeys = array_keys($AGMENU); foreach ($AGkeys as $AGkey) { if (!isset($modules[$AGkey])) { unset($AGMENU[$AGkey]); } } // Now recurse the remaining modules and do the same trick // for each one, removing the tables that don't exist foreach ($AGMENU as $module => $moduleinfo) { $sq = "SELECT DISTINCT table_id\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND module = '{$module}'\n AND group_id iN ({$groups})"; $tables = SQL_AllRows($sq, 'table_id'); $tkeys = array_keys($moduleinfo['items']); foreach ($tkeys as $tkey) { if (!isset($tables[$tkey])) { unset($AGMENU[$module]['items'][$tkey]); } } } // KFD 12/18/06. Put all table permissions into session $table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND nomenu='N'", 'table_id'); SessionSet('TABLEPERMSMENU', array_keys($table_perms)); $table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permsel='Y'", 'table_id'); SessionSet('TABLEPERMSSEL', array_keys($table_perms)); $table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permins='Y'", 'table_id'); SessionSet('TABLEPERMSINS', array_keys($table_perms)); $table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permupd='Y'", 'table_id'); SessionSet('TABLEPERMSUPD', array_keys($table_perms)); $table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permdel='Y'", 'table_id'); SessionSet('TABLEPERMSDEL', array_keys($table_perms)); //echo "<div style='background-color:white'>"; //echo "$uid $groups $group_id_eff"; //hprint_r(SessionGet('TABLEPERMSMENU')); //hprint_r(SessionGet('TABLEPERMSSEL')); //echo "</div>"; // KFD 7/9/07, we always use joomla templates now, don't need // options to turn them off //if(defined('_ANDROMEDA_JOOMLA')) { // In a hybrid situation, put the menu into the session SessionSet('AGMENU', $AGMENU); //} $HTML_Menu = ""; $WML_Menu = ""; /* foreach ($AGMENU as $key=>$module) { //if($key=="datadict") continue; //if($key=="sysref") continue; $HTML_Module=""; $WML_Module=""; foreach($module["items"] as $itemname=>$item) { if (!isset($item["mode"])) { $item["mode"]="normal"; } switch ($item["mode"]) { case "normal": $ins=false; $extra=array(); if($item['menu_parms']<>'') { $aextras=explode('&',$item['menu_parms']); foreach($aextras as $aextra) { list($var,$value)=explode("=",$aextra); $extra[$var]=$value; } } $HTML_Module.=$this->_MenuItem( $item['description'],$itemname,$ins,$extra ); $WML_Module.="<div>"; $WML_Module.=hLink( '',$item['description'],'?gp_page='.$itemname ); $WML_Module.="</div>"; break; case "ins": //if ($admin || isset($tables_ins[$item["name"]])) { $HTML_Module.=$this->_MenuItem( $item['description'],$itemname,true ); //} break; #$HTML_Module.= # "\n<font class=\"tablename\">- <a href=\"index.php?gp_page=".$itemname."\">". # $item["description"]."</a></font><br />"; } } // the module is defined AFTER its contents so it can be // left off if it has no entries if ($HTML_Module!="") { $HTML_Menu.=$this->_MenuModule($module['description']); $HTML_Menu.=$HTML_Module; } if ($WML_Module!="") { $WML_Menu.="<div><b>".$module['description']."</b></div>"; $WML_Menu.=$WML_Module; } } */ DynamicSave("menu_" . $uid . ".php", $HTML_Menu); DynamicSave("menu_wml_" . $uid . ".php", $WML_Menu); // ------------------------------------------------------------------- // Fetch and cache user preferences if (vgaGet('member_profiles')) { cacheMember_Profiles(); } // ------------------------------------------------------------------- // Now find the user's table permissions more precisely table by table $sql = "select p.table_id,\n\t\t\t\tmax(case when p.permins='Y' then 1 else 0 end) as permins,\n\t\t\t\tmax(case when p.permupd='Y' then 1 else 0 end) as permupd,\n\t\t\t\tmax(case when p.permdel='Y' then 1 else 0 end) as permdel,\n\t\t\t\tmax(case when p.permsel='Y' then 1 else 0 end) as permsel\n\t\t\t\tfrom zdd.perm_tabs P\n\t\t\t\tWHERE group_id in ({$groups})\n\t\t\t\tGROUP BY p.table_id"; //echo $sql; $results = SQL($sql); $HTML_Perms = "<?php\n\$table_perms = array();\n"; while ($row = SQL_FETCH_ARRAY($results)) { $tn = $row["table_id"]; $ti = $row["permins"]; $tu = $row["permupd"]; $td = $row["permdel"]; $ts = $row["permsel"]; $HTML_Perms .= "\$table_perms[\"{$tn}\"]=array(\"ins\"=>{$ti},\"upd\"=>{$tu},\"del\"=>{$td},\"sel\"=>{$ts});\n"; } $HTML_Perms .= "?>\n"; DynamicSave("perms_" . $uid . ".php", $HTML_Perms); /* October 28, 2006, KFD. Rem'd this all out, column and row security made this irrelevant // ------------------------------------------------------------------- // Find out if this user has any UID Columns, columns that create // filters on the user's UID $sql = "Select column_id FROM groupuids WHERE group_id IN ($groups)"; //echo $sql; $results = SQL($sql); $groupuids = array(); while ($row = SQL_FETCH_ARRAY($results)) { //echo "Found this one".$row["column_id"]; $groupuids[$row["column_id"]] = $row["column_id"]; } SessionSet("groupuids",$groupuids); */ scDBConn_Pop(); return; }
/** * @deprecated */ function hDetailFromAHCols($ahcols, $name, $tabindex, $display = '') { // Apply the names ahColsNames($ahcols, $name, $tabindex); //hprint_r($ahcols); //exit; // Always pull the previously generated calcrow and // update it with the name prefix, then save it back again. $calcRow = vgaGet('calcRow'); $calcRow = str_replace('--NAME-PREFIX--', $name, $calcRow); vgaSet('calcRow', $calcRow); ob_start(); $first = ''; if ($display == '') { echo "\n<fieldset>"; } foreach ($ahcols as $colname => $ahcol) { // Establish names of crucial items $cname = $ahcol['cname']; $cnmer = $cname . "_err"; // if no first focus, set it now if ($first == '' && vgfGet('HTML_focus') == '' && $ahcol['writable']) { vgfSet('HTML_focus', $cname); } // Replace out the HTML $html = $ahcol['htmlnamed']; // KFD 9/7/07, replace the HTML if it is a WYSIWYG column if ($ahcol['type_id'] == 'mime-h' || $ahcol['type_id'] == 'mime-h-f') { $html = '--MIME-H--' . $ahcol['cname'] . '--MIME-H--'; } if ($ahcol['type_id'] == 'date') { jqDocReady("\$('input[data-date-format]').each(\n function() {\n if (typeof(\$(this).attr('readonly')) == 'undefined') {\n \$(this).datepicker().on('changeDate',function() {\n \$(this).datepicker('hide');\n });\n }\n });\n "); } // Replace out the stuff to the right $hrgt = $ahcol['hrgtnamed']; switch ($display) { case '': echo "\n<div class=\"control-group {$cname}--ERROR--CLASS\"><label class=\"control-label\">" . $ahcol['description'] . ":</label>"; echo "\n<div class=\"controls\">{$html} {$hrgt}"; echo "\n<span class=\"help-inline\" id=\"{$cnmer}\">{$cname}--ERROR--</span>"; echo "\n<span class=\"help-inline\">" . $ahcol['tooltip'] . "</span></div></div>"; break; case 'tds': echo "\n<div class=\"controls\">{$html}</div>"; break; } } if ($display == '') { echo "</fieldset>"; } return ob_get_clean(); }
</td></tr> </table> </td> <td id="tc-right"> <?php echo ehStandardContent(); ?> </td> </tr> </table> <!-- This plus body:height95% gives perm scroll bar--> <br><br><br> <!-- Ending --> <?php // If a different menu has been forced, use that $gm = vgaGet('menu_selected', ''); if ($gm != '') { $gp = 'menu_' . ($gm != '' ? $gm : gp('gp_page')); ?> <script> ob("<?php echo $gp; ?> ").className="menuselected"; </script> <?php } // Script goes out at absolute end, after <html> element is closed if (vgfGet("HTML_focus") != "") { ?> <script>
function __construct($table_id = '') { // Grab table ID if given, otherwise try to figure // one out, but only if we don't have one if ($table_id != '') { $this->table_id = $table_id; } else { if ($this->table_id == '') { $this->table_id = get_class($this); } } // Load data dictionary. This is not a tragedy if // the page has no table, just forget about it. $this->table = DD_TableRef($this->table_id); $this->view_id = ''; if (is_array($this->table)) { if (isset($this->table['projections']['_uisearch'])) { // capure this directly so it can be overridden $this->projections['_uisearch'] = $this->table['projections']['_uisearch']; } $this->view_id = DDTable_IDResolve($this->table_id); } // Look for an application-level variable for button_images /** level:class The property "button_images" can be overridden by setting an application-level property with the [[vgaSet()]] function. */ if (vgaGet('button_images', '') != '') { $this->button_images = vgaGet('button_images'); } // Set the page subtitle if we can find it if ($this->PageSubtitle == '') { $this->PageSubtitle = ArraySafe($this->table, "description", "PLEASE SET -PageSubtitle-"); } // Set the flag_buffer to false if we detect any flags // that would do that if (gpExists('gp_ajaxcol')) { $this->flag_buffer = false; } if (gpExists('gp_fbproc')) { $this->flag_buffer = false; } if (gpExists('gp_xajax')) { $this->flag_buffer = false; } if (gpExists('fwajax')) { $this->flag_buffer = false; } // This array can be used to override properties on // child objects invoked by this object $this->children = array(); // Now set all child tables to be 'drilldown', unless // overridden in datadictionary if (isset($this->table['fk_children'])) { foreach ($this->table['fk_children'] as $table_child => $tabinfo) { $display = trim(ArraySafe($tabinfo, 'uidisplay', 'drilldown')); $this->children[$table_child]['display'] = $display != '' ? $display : 'drilldown'; } } // KFD 6/30/07, allow a gp variable to specify which control to // set focus. Do it early so it can be overrridden if (gpexists('html_focus')) { vgfset('HTML_focus', 'x2t_' . hx(gp('html_focus'))); } // ((((((((((((((((((((((((((((*)))))))))))))))))))))))))))))))) // ((((((((((((((((( Run Custom-level Construct )))))))))))))))) $this->construct_custom(); $this->custom_construct(); // ((((((((((((((((( Run Custom-level Construct )))))))))))))))) // ((((((((((((((((((((((((((((*)))))))))))))))))))))))))))))))) // Now pass through child tables again, removing any setting // that is not allowed by security privs. Notice we do this // after the custom_construct, since that is where a setting might // be that conflicts with security setting. if (isset($this->table['fk_children'])) { $a = array_keys($this->table['fk_children']); foreach ($this->table['fk_children'] as $table_child => $tabinfo) { if (!DDUserPerm($table_child, 'menu')) { $this->children[$table_child]['display'] = 'none'; } } } }
function index_hidden_page() { global $AG; $sessok = !LoggedIn() ? false : true; // KFD 3/6/08, moved here from the main stream of index_hidden // because these are relevant only to page processing if (gpExists('x_module')) { SessionSet('AGMENU_MODULE', gp('x_module')); } elseif (vgaGet('nomodule') != '' && SessionGet('AGMENU_MODULE') == '') { SessionSet('AGMENU_MODULE', vgaGet('nomodule')); } // If the search flag is set, we need to know what class for this // application handles searchs if (gpExists('gp_search')) { gpSet('gp_page', vgaGet('SEARCH_CLASS')); } // Load up a list of pages that public users are allowed to see, // with home and password always there. global $MPPages; // allows it to be in applib $MP = array(); //$MPPages= array(); // This is the old method, load $MPPages from its own file if (file_exists_incpath('appPublicMenu.php')) { include_once 'appPublicMenu.php'; } if (!is_array($MPPages)) { $MPPages = array(); } $MPPages['x_home'] = 'Home Page'; $MPPages['x_login'] = '******'; $MPPages['x_noauth'] = 'Authorization Required'; $MPPages['x_password'] = "******"; $MPPages['x_mpassword'] = "******"; $MPPages['x_paypalipn'] = 'Paypal IPN'; // If the install page exists, it will be used, no getting // around it. $install = $GLOBALS['AG']['dirs']['application'] . 'install.php'; $instal2 = $GLOBALS['AG']['dirs']['application'] . 'install.done.php'; if (file_exists($install)) { if (gp('gp_install') == 'finish') { rename($install, $instal2); } else { $MPPages['install'] = 'install'; gpSet('gp_page', 'install'); } } // First pass is to look for the "flaglogin" flag. This says save all // current page settings and go to login screen. They will be restored // on a successful login. Very useful for links that say "Login to // see nifty stuff..." if (gp('gp_flaglogin') == '1') { gpSet('gp_flaglogin', ''); gpToSession(); gpSet('gp_page', 'x_login'); } // Second pass redirection, pick default page if there // is none, and verify public pages. // $gp_page = gp('gp_page'); if ($gp_page == '') { if (vgfGet('LoginAttemptOK') === true && vgfGet('x4') === true) { $gp_page = 'x4init'; gpSet('gp_page', 'x4init'); SessionSet('TEMPLATE', 'x4'); } else { if (function_exists('appNoPage')) { $gp_page = appNoPage(); } else { if (!LoggedIn()) { $gp_page = FILE_EXISTS_INCPATH('x_home.php') ? 'x_home' : 'x_login'; } else { // KFD 3/2/07, pull vga stuff to figure defaults if (vgaGet('nopage') != '') { $gp_page = vgaGet('nopage'); } else { $gp_page = 'x_welcome'; } } } } } // If they are trying to access a restricted page and are not // logged in, cache their request and redirect to login page if (!$sessok && !isset($MPPages[$gp_page])) { if (vgfGet('loglogins', false)) { fwLogEntry('1014', 'Page access w/o login', $gp_page); } gpToSession(); $gp_page = 'x_login'; } // If pos is activated and the current requested page does not // match what they are cleared for, redirect to login if (vgaGet('POS_SECURITY', false) == true && SessionGet('ADMIN') == false) { if (SessionGet('POS_PAGE', '', 'FW') != $gp_page) { gpToSession(); $gp_page = 'x_login'; } } gpSet('gp_page', $gp_page); // Make any database saves. Do this universally, even if save // was not selected. If errors, reset to previous request. //if(gp('gp_save')=='1') processPost(); processPost(); if (Errors()) { gpSetFromArray('gp_', aFromGp('gpx_')); } // Put Userid where HTML forms can find it //vgfSet("UID",SessionGet("UID")); //if (vgfSet("UID")=="") { vgfSet("UID","Not Logged In"); } // THIS IS NEWER X_TABLE2 version of drilldown commands, // considerably simpler than the older ones. It makes use of // three gp_dd variables. // // Notice how we process drillbacks FIRST, allowing a link // to contain both drillback and drilldown, for the super-nifty // effect of a "drill-across" hidden('gp_dd_page'); hidden('gp_dd_skey'); hidden('gp_dd_back'); if (intval(gp('gp_dd_back')) > 0 && $sessok) { // this is drillback $dd = ContextGet('drilldown', array()); $back = intval(gp('gp_dd_back')); if (count($dd) >= $back) { $spot = count($dd) - $back; $aback = $dd[$spot]; gpSet('gp_skey', $aback['skey']); gpSet('gp_page', $aback['page']); $gp_page = $aback['page']; gpSet('gpx_skey', $aback['skey']); gpSet('gpx_page', $aback['page']); gpSetFromArray('parent_', $aback['parent']); if (!gpExists('gp_mode')) { gpSet('gp_mode', 'upd'); } $dd = $spot == 0 ? array() : array_slice($dd, 0, $spot); ContextSet('drilldown', $dd); ContextSet('drilldown_top', $aback['page']); //ContextSet('drilldown_level',count($dd)); } } if (gp('gp_dd_page') != '' && $sessok) { // this is drilldown... $matches = DrillDownMatches(); $matches = array_merge($matches, aFromGP('parent_')); $dd = ContextGet('drilldown', array()); $newdd = array('matches' => $matches, 'parent' => aFromGP('parent_'), 'skey' => gp('gpx_skey'), 'page' => gp('gpx_page')); $dd[] = $newdd; ContextSet('drilldown', $dd); ContextSet('drilldown_top', gp('gp_dd_page')); //ContextSet('drilldown_level',count($dd)); // having saved the stack, redirect to new page. $tnew = gp('gp_dd_page'); $gp_page = $tnew; gpSet('gp_page', $tnew); if (gp('gp_dd_skey') != '') { gpSet('gp_skey', gp('gp_dd_skey')); gpSet('gp_mode', 'upd'); } // Clear search of new page, set filters to blank processPost_TableSearchResultsClear($tnew); ConSet('table', $tnew, 'search', array()); } // If no drilldown commands were received, and we are not on // the page that is the top, user must have picked a new page // altogether, wipe out the drilldown stack if (gp('gp_page') != ContextGet('drilldown_top', '')) { ContextSet('drilldown', array()); ContextSet('drilldown_top', ''); } // Must always have these on the user's form. These can // be retired with x_Table, they are for old drilldown // hidden("dd_page", ""); hidden("dd_ddc", ""); hidden("dd_ddv", ""); hidden("dd_ddback", ""); hidden("dd_action", "searchexecute"); hidden("dd_skey", ""); // Load user preferences just before display UserPrefsLoad(); $dir = $GLOBALS['AG']['dirs']['root'] . 'application/'; if (file_exists($dir . $gp_page . ".page.yaml")) { include 'androPage.php'; $obj_page = new androPage(); if ($obj_page->flag_buffer) { ob_start(); } $obj_page->main($gp_page); if ($obj_page->flag_buffer) { vgfSet("HTML", ob_get_clean()); //ob_end_clean(); } vgfSet("PageSubtitle", $obj_page->PageSubtitle); } else { $obj_page = DispatchObject($gp_page); if ($obj_page->flag_buffer) { ob_start(); } $obj_page->main(); if ($obj_page->flag_buffer && vgfGet('HTML') == '') { vgfSet("HTML", ob_get_contents()); ob_end_clean(); } vgfSet("PageSubtitle", $obj_page->PageSubtitle); } // Save context onto the page. Note that it is not really // protected by these methods, just compressed and obscured. // $t2 = serialize($GLOBALS['AG']['clean']['gpContext']); $t2 = gzcompress($t2); $t2 = base64_encode($t2); Hidden('gpContext', $t2); // KFD 3/7/07, give the app the final opportunity to process // things before the display, while logged in. if (function_exists('appdisplaypre')) { appDisplayPre(); } // ...and write output and we are done. Assume if there was // no buffering that the output is already done. if ($obj_page->flag_buffer != false) { // Work out what template we are using index_hidden_template('x2'); // KFD 5/30/07, send back only main content if asked if (gp('ajxBUFFER') == 1) { echo "andromeda_main_content|"; ehStandardContent(); echo "|-|_focus|" . vgfGet('HTML_focus'); $ajax = ElementReturn('ajax', array()); echo '|-|' . implode('|-|', $ajax); echo '|-|_title|' . vgfGet('PageTitle'); } elseif (defined('_VALID_MOS')) { // This is the default branch, using a Joomla template // DUPLICATE ALERT: This code copied into // index_hidden_x4Dispatch() above global $J; $mainframe = $J['mainframe']; $my = $J['my']; $mosConfig_absolute_path = $J['mC_absolute_path']; $mosConfig_live_site = $J['mC_live_site']; $template_color = $J['template_color']; $template_color = 'red'; $file = $GLOBALS['AG']['dirs']['root'] . '/templates/' . $mainframe->GetTemplate() . "/index.php"; include $file; } elseif ($obj_page->html_template !== '') { // This is newer style, let the class specify the template. include $obj_page->html_template . '.php'; } else { // This is old style, defaults to "html_main.php", can be // set also by vgaSet() or by gp(gp_out) $html_main = vgaGet('html_main') == '' ? 'html_main' : vgaGet('html_main'); switch (CleanGet("gp_out", "", false)) { case "print": include "html_print.php"; break; case "info": include "html_info.php"; break; case "": include $html_main . ".php"; break; default: } } } }
function mosShowListMenu($menutype) { // ------------------------------------------------------- // Andromeda Code: If we are in an Andromeda situation // then everything is vastly simplified, we already have // the menu and we don't do much conversion // ------------------------------------------------------- if (defined('_ANDROMEDA_JOOMLA')) { if (!LoggedIn()) { return; } // KFD 7/6/07, cache the menu so we don't have to do // this on every call. // Cachegrind cost to build menu : 259 / 199 // Cachegrind cost logging in : 140 // Cachegrind cost login, cache to session: 2!!!! // Cachegrind cost to cache to disk : 400! # KFD 4/17/08, rebuild menu if they switched modes # KFD 6/21/08, simplify this by just looking at x4Welcome #$menu_mode = gpExists('x4Page') # ? (vgfGet('x4menu',false)==true ? 'x4' : 'classic') # : 'classic'; $menu_mode = configGet('x4welcome', 'N') == 'Y' ? 'x4' : 'classic'; vgfSet('menu_mode', $menu_mode); # KFD 6/21/08 (END) if ($menu_mode != SessionGet('menu_mode')) { sessionSet('menu', ''); sessionSet('menu_mode', $menu_mode); } $menu = SessionGet('menu', ''); if ($menu != '') { echo $menu; return; } ob_start(); $children = array(); $open = array(); $indents = array(array("<ul>", "<li>", "</li>", "</ul>")); $class_sfx = null; $hilightid = SessionGET('AGMENU_MODULE'); $hilightid = ''; $menus = SessionGET("AGMENU"); foreach ($menus as $menuid => $menuinfo) { //if($menuid=='datadict') continue; //if($menuid=='sysref') continue; $x = new joomla_fake(); $x->type = 'url'; $x->id = $menuid; if (sessionGet('menu_mode') == 'x4') { $x->link = 'javascript:void(0);'; } else { $x->link = "?x_module=" . urlencode($menuid); } $x->browserNav = ''; $x->name = $menuinfo['description']; $children[0][] = $x; foreach ($menuinfo['items'] as $page => $pageinfo) { $x = new joomla_fake(); $x->type = 'url'; $x->id = $page; # KFD 6/26/08, the vgfX(x4) was experimental, get rid of it #if(vgfGet('x4')===true) { # $pd = $pageinfo['description']; # $x->link="javascript:x4Page('$page','$pd')"; #} #else { # KFD 6/26/08, work out the menu mode first $xmode = 'x2'; if (sessionGet('menu_mode') == 'x4') { $xmode = a($pageinfo, 'uix2', 'N') == 'Y' ? 'x2' : 'x4'; } if ($xmode == 'x4') { $x->link = '?x4Page=' . urlencode($page); $x->link .= '&x4Return=' . vgaGet('nopage', 'menu'); } else { $x->link = "?x_module={$menuid}&x2=1&gp_page=" . urlencode($page); } if (ArraySafe($pageinfo, 'menu_parms') != '') { $x->link .= '&' . urlencode($pageinfo['menu_parms']); } #} $x->browserNav = ''; $x->name = $pageinfo['description']; $children[$menuid][] = $x; } } mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid); $menu = ob_get_clean(); echo $menu; SessionSet('menu', $menu); //$fsMenuFileHTML=ob_get_clean(); //file_put_contents($fsMenuFile,$fsMenuFileHTML); //echo $fsMenuFileHTML; return; } // ------------------------------------------------------- // Andromeda Code: END // ------------------------------------------------------- global $database, $my, $cur_template, $Itemid; global $mosConfig_absolute_path, $mosConfig_live_site, $mosConfig_shownoauth; $class_sfx = null; $hilightid = null; /* If a user has signed in, get their user type */ $intUserType = 0; if ($my->gid) { switch ($my->usertype) { case 'Super Administrator': $intUserType = 0; break; case 'Administrator': $intUserType = 1; break; case 'Editor': $intUserType = 2; break; case 'Registered': $intUserType = 3; break; case 'Author': $intUserType = 4; break; case 'Publisher': $intUserType = 5; break; case 'Manager': $intUserType = 6; break; } } else { /* user isn't logged in so make their usertype 0 */ $intUserType = 0; } if ($mosConfig_shownoauth) { $database->setQuery("SELECT m.*, count(p.parent) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering "); } else { $database->setQuery("SELECT m.*, sum(case when p.published=1 then 1 else 0 end) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1' AND m.access <= '{$my->gid}'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering "); } $rows = $database->loadObjectList('id'); echo $database->getErrorMsg(); //work out if this should be highlighted $sql = "SELECT m.* FROM #__menu AS m" . "\nWHERE menutype='" . $menutype . "' AND m.published='1'"; $database->setQuery($sql); $subrows = $database->loadObjectList('id'); $maxrecurse = 5; $parentid = $Itemid; //this makes sure toplevel stays hilighted when submenu active while ($maxrecurse-- > 0) { $parentid = getParentRow($subrows, $parentid); if (isset($parentid) && $parentid >= 0 && $subrows[$parentid]) { if (vgfGet('menu_mode') != 'x4') { $hilightid = $parentid; } } else { break; } } if (vgfGet('menu_mode') == 'x4') { $hilightid = ''; } //echo "<!--[if lte IE 7]>\n"; include_once "{$mosConfig_absolute_path}/templates/" . $cur_template . "/js/ie.js"; //echo "<![endif]-->\n"; $indents = array(array("<ul>", "<li>", "</li>", "</ul>")); // establish the hierarchy of the menu $children = array(); // first pass - collect children foreach ($rows as $v) { $pt = $v->parent; $list = @$children[$pt] ? $children[$pt] : array(); array_push($list, $v); $children[$pt] = $list; } // second pass - collect 'open' menus $open = array($Itemid); $count = 20; // maximum levels - to prevent runaway loop $id = $Itemid; while (--$count) { if (isset($rows[$id]) && $rows[$id]->parent > 0) { $id = $rows[$id]->parent; $open[] = $id; } else { break; } } $class_sfx = null; mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid); }