<?php
require_once "config.inc.php";
require_once "mydbclass.inc.php";
$db = new myDB(DB_HOST, DB_USER, DB_PASS);
$db->SelectDB('siri');
$rows = array();
$rs = $this->mysqli->query($sql);
echo $this->mysqli->error;
while ($row = $rs->fetch_assoc()) {
$rows[] = $row;
/*foreach($row as $key=>$value)
{
echo "<br/>".$key." ".$value;
}*/
}
//echo "Count".count($rows);
echo $this->mysqli->error;
return $rows;
}
public function __destruct()
{
$this->mysqli->close();
}
}
$db = new myDB();
$mobile = $_GET['mobile'];
$pass = md5($_GET['pass']);
$sql = "SELECT UserName,Mobile FROM `users` WHERE Mobile='{$mobile}' AND Password='******'";
$data = $db->query_1($sql);
//echo "<pre>";
//echo "<br/>".$k." ".$v;
//echo "<br/>".$k." " .$v;
//echo $first."<br/>";
echo json_encode($data, JSON_FORCE_OBJECT);
}
<?php
include_once "mydbclass.php";
$db = new myDB('127.0.0.1', 'root', 'passwd');
$db->SelectDB('Home');
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
$db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport);
//Hat sich ein User angemeldet
$sql = "select sc.session_id,u.id,u.login from auth.session_content sc left join auth.\"user\" u on ";
$sql .= "(E'--- ' || u.login || chr(10) )=sc.sess_value left join auth.session s on s.id=sc.session_id ";
$sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
$rs = $db->getAll($sql);
if (count($rs) != 1) {
// Garnicht mit ERP angemeldet oder zu viele Sessions, sollte die ERP drauf achten
unset($_SESSION);
$Url = preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']);
header("location:" . $Url . "controller.pl?action=LoginScreen/user_login");
}
$auth = array();
$uid = $rs[0]["id"];
$auth["login"] = $rs[0]["login"];
$sql = "select * from auth.user_config where user_id=" . $uid;
$rs = $db->getAll($sql);
$keys = array("countrycode", "stylesheet", "vclimit", "signature", "email", "tel", "fax", "name");
foreach ($rs as $row) {
if (in_array($row["cfg_key"], $keys)) {
$auth[$row["cfg_key"]] = $row["cfg_value"];
}
}
$auth["lang"] = $auth["countrycode"] != '' ? $auth["countrycode"] : 'en';
$auth["stylesheet"] = substr($auth["stylesheet"], 0, -4);
//Welcer Mandant ist verbunden
$sql = "SELECT sess_value FROM auth.session_content WHERE session_id = '{$cookie}' and sess_key='client_id'";
$rs = $db->getOne($sql);
$mandant = substr($rs['sess_value'], 4);
$sql = 'SELECT id as manid,name as mandant,dbhost,dbport,dbname,dbuser,dbpasswd FROM auth.clients WHERE id = ' . $mandant;
$rs = $db->getOne($sql);
$auth = array_merge($auth, $rs);
//Eine der Gruppen des Users darf sales_all_edit
$sql = "SELECT granted from auth.group_rights G where G.right = 'sales_all_edit' ";
$sql .= "and G.group_id in (select group_id from auth.user_group where user_id = " . $uid . ")";
$rs3 = $db->getAll($sql);
$auth["sales_edit_all"] = 'f';
if ($rs3) {
foreach ($rs3 as $row) {
if ($row["granted"] == 't') {
$auth["sales_edit_all"] = 't';
break;
}
}
}
// Ist der User ein CRM-Supervisor?
$sql = "SELECT count(*) as cnt from auth.user_group left join auth.group on id=group_id where name = 'CRMTL' and user_id = " . $uid;
$rs = $db->getOne($sql);
$auth['CRMTL'] = $rs['cnt'];
//Session update
$sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $cookie . "'";
$db->query($sql, "authuser_3");
//Token lesen
$sql = "SELECT * FROM auth.session WHERE id = '" . $cookie . "'";
$rsa = $db->getOne($sql);
$auth['token'] = $rsa['api_token'];
return $auth;
}
function Article_getOnce($id)
{
$newDB = new myDB('news');
$query = "SELECT title, annotation, time, text FROM article WHERE id={$id}";
return $newDB->select($query);
}
<?php /****************************************************************** * Project: The Three Little Pigs - Siri Proxy | Web Interface * Project start date: 21-01-2012 * Author: Dimitrios Kanellopoulos * T: www.twitter.com/jimmykane9 * * File: connection.inc.php * Last update: 02-02-2012 ******************************************************************/ require_once "mydbclass.inc.php"; $db = new myDB(DB_HOST, DB_USER, DB_PASS); $db->SelectDB(DB_NAME);
function anmelden()
{
ini_set("gc_maxlifetime", "3600");
global $ERPNAME;
// ! das funzt nicht mit $_SESSION[ERPNAME] weil die Session in loginok.php zerstört wird...
global $erpConfigFile;
//Konfigurationsfile der ERP einlesen
$deep = is_dir("../" . $ERPNAME) ? "../" : "../../";
// anmelden() aus einem Unterverzeichnis
if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf")) {
$lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf", "r");
} else {
if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default")) {
$lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default", "r");
} else {
return false;
}
}
$dbsec = false;
$tmp = fgets($lxo, 512);
//Parameter für die Auth-DB in der ERP-Konfiguration finden
while (!feof($lxo)) {
if (preg_match("/^[\\s]*#/", $tmp) || $tmp == "\n") {
//Kommentar, ueberlesen
$tmp = fgets($lxo, 512);
continue;
}
if ($dbsec && preg_match("!\\[.+]!", $tmp)) {
$dbsec = false;
}
if ($dbsec) {
if (preg_match("/db[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbname = $hits[1];
}
if (preg_match("/password[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbpasswd = $hits[1];
}
if (preg_match("/user[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbuser = $hits[1];
}
if (preg_match("/host[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbhost = $hits[1] ? $hits[1] : "localhost";
}
if (preg_match("/port[ ]*=[ ]*([0-9]+)/", $tmp, $hits)) {
$dbport = $hits[1] ? $hits[1] : "5432";
}
if (preg_match("/\\[[a-z]+/", $tmp)) {
$dbsec = false;
}
$tmp = fgets($lxo, 512);
continue;
}
if (preg_match("/cookie_name[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$cookiename = $hits[1];
}
//if ( preg_match("/dbcharset[ ]*=[ ]*(.+)/",$tmp,$hits) ) $dbcharset = $hits[1];
if (preg_match("/session_timeout[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$sesstime = $hits[1];
}
if (preg_match("!\\[authentication/database\\]!", $tmp)) {
$dbsec = true;
}
$tmp = fgets($lxo, 512);
}
if (!$cookiename) {
$cookiename = $_SESSION['erpConfigFile'] . '_session_id';
}
if (!$sesstime) {
$sesstime = 480;
}
fclose($lxo);
$cookie = $_COOKIE[$cookiename];
if (!$cookie) {
header("location: ups.html");
}
// Benutzer anmelden
error_log("!{$ERPNAME}!{$dbhost},{$dbport},{$dbuser},{$dbpasswd},{$dbname},{$cookie}!", 0);
$auth = authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie);
if (!$auth) {
return false;
}
// Anmeldung des Users fehlgeschlagen
chkdir($auth["dbname"]);
// gibt es unter dokumente ein Verzeichnis mit dem Instanznamen
chkdir($auth["dbname"] . '/tmp/');
foreach ($auth as $key => $val) {
$_SESSION[$key] = $val;
}
// Mandanten + Userdaten in Session speichern
$_SESSION["sessid"] = $cookie;
$_SESSION["cookie"] = $cookiename;
$_SESSION["sesstime"] = $sesstime;
// Benutzer/Gruppen/Gruppenzuordnung aus der ERP als Arrays in Session schreiben
$db_new = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport);
$sql_all_users = "SELECT usr.id AS user_id, usr.login, usrc.cfg_value AS name FROM auth.user AS usr INNER JOIN auth.user_config AS usrc ON usr.id = usrc.user_id WHERE usrc.cfg_key = 'name' ORDER by usr.id";
$sql_all_groups = "SELECT grp.id AS grp_id, grp.name AS grp_name FROM auth.group AS grp ORDER by grp.id";
$sql_all_assignments = "SELECT usrg.user_id AS user_id, usrg.group_id AS group_id FROM auth.user_group AS usrg ORDER by usrg.user_id";
$all_users = $db_new->getAll($sql_all_users);
$all_groups = $db_new->getAll($sql_all_groups);
$all_assignments = $db_new->getAll($sql_all_assignments);
// $_SESSSION['ok'] da anmelden 2x durchlaufen wird ?? Bessere Lösung ?
if (!$_SESSION['ok']) {
$_SESSION['all_erp_users'] = $all_users;
$_SESSION['all_erp_groups'] = $all_groups;
$_SESSION['all_erp_assignments'] = $all_assignments;
}
$_SESSION['ok'] = "1";
// Mit der Mandanten-DB verbinden
$_SESSION["db"] = new myDB($_SESSION["dbhost"], $_SESSION["dbuser"], $_SESSION["dbpasswd"], $_SESSION["dbname"], $_SESSION["dbport"]);
if (!$_SESSION["db"]) {
return false;
} else {
$_SESSION['Admin'] = $auth['Admin'];
$charset = ini_get("default_charset");
//if ( $charset == "" ) $charset = $dbcharset;
if ($charset == "") {
$charset = 'UTF8';
}
$_SESSION["charset"] = $charset;
include_once "inc/UserLib.php";
$user_data = getUserStamm(0, $_SESSION["login"]);
$BaseUrl = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$BaseUrl .= $_SERVER['HTTP_HOST'];
$BaseUrl .= preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']);
if ($user_data) {
foreach ($user_data as $key => $val) {
$_SESSION[$key] = $val;
}
}
if (isset($_SESSION['sql_error']) && $_SESSION['sql_error']) {
$_SESSION['db']->setShowError(true);
} else {
$_SESSION['db']->setShowError(false);
}
$_SESSION['dir_mode'] = $user_data['dir_mode'] != '' ? octdec($user_data['dir_mode']) : 493;
// 0755
$_SESSION["loginCRM"] = $user_data["id"];
$_SESSION['theme'] = $user_data['theme'] == '' || $user_data['theme'] == 'base' ? '' : $user_data['theme'];
$sql = "SELECT * from schema_info where tag like 'relea%' order by itime desc limit 1";
$rs = $_SESSION["db"]->getOne($sql);
$tmp = substr($rs['tag'], 8);
$_SESSION["ERPver"] = strtr($tmp, '_', '.');
$_SESSION["menu"] = makeMenu($_SESSION["sessid"], $_SESSION["token"]);
$_SESSION["basepath"] = $BaseUrl;
$_SESSION['token'] = False;
return true;
}
}
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
$db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, true);
$sql = "select sc.session_id,u.id from auth.session_content sc left join auth.user u on ";
$sql .= "u.login=sc.sess_value left join auth.session s on s.id=sc.session_id ";
$sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
// order by s.mtime desc";
$rs = $db->getAll($sql, "authuser_1");
if (!$rs) {
return false;
}
$stmp = "";
if (count($rs) > 1) {
header("location:../login.pl?action=logout");
/*foreach($rs as $row) {
$stmp.=$row["session_id"].",";
}
$sql1="delete from session where id in (".substr($stmp,-1).")";
$sql2="delete from session_content where session_id in (".substr($stmp,-1).")";
$db->query($sql1,"authuser_A");
$db->query($sql2,"authuser_B");
$sql3="insert into session ";*/
}
$sql = "select * from auth.user where id=" . $rs[0]["id"];
$rs1 = $db->getAll($sql, "authuser_1");
if (!$rs1) {
return false;
}
$auth = array();
$auth["login"] = $rs1[0]["login"];
$sql = "select * from auth.user_config where user_id=" . $rs[0]["id"];
$rs1 = $db->getAll($sql, "authuser_2");
$keys = array("dbname", "dbpasswd", "dbhost", "dbport", "dbuser");
foreach ($rs1 as $row) {
if (in_array($row["cfg_key"], $keys)) {
$auth[$row["cfg_key"]] = $row["cfg_value"];
}
}
$sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $rs[0]["session_id"] . "'";
$db->query($sql, "authuser_3");
return $auth;
}