public static function isAdmin($formID, $username = NULL) { if (isnull($username)) { $username = sessionGet("username"); } return self::getCount($formID, $username, mfcs::AUTH_ADMIN) || trim(strtolower(users::user('status', 'user'))) == 'systems'; }
public static function insert($action, $objectID = 0, $formID = 0, $info = NULL) { $sql = sprintf("INSERT INTO `logs` (`username`,`IP`,`action`,`objectID`,`formID`,`info`,`date`) VALUES('%s','%s','%s','%s','%s','%s','%s')", mfcs::$engine->openDB->escape(users::user('username')), mfcs::$engine->openDB->escape($_SERVER['REMOTE_ADDR']), mfcs::$engine->openDB->escape($action), mfcs::$engine->openDB->escape($objectID), mfcs::$engine->openDB->escape($formID), mfcs::$engine->openDB->escape($info), time()); $sqlResult = mfcs::$engine->openDB->query($sql); if (!$sqlResult['result']) { errorHandle::newError(__METHOD__ . "() - : " . $sqlResult['error'], errorHandle::DEBUG); return FALSE; } return TRUE; }
public static function isUserAuthentic() { $authentic = Auth::instance(); if ($authentic->logged_in()) { if ((self::$user = User::getAuthenticUser()) && ($account_id = self::getAuthenticAttr('account_id'))) { self::$user['Account'] = Doctrine::getTable('Account')->find($account_id, Doctrine::HYDRATE_ARRAY); if (self::getAttr('account_id') != $account_id) { self::masqueradeAccount(self::getAttr('account_id')); } return TRUE; } $authentic->logout(TRUE); } self::$user = array(); self::restoreUser(); return FALSE; }
public static function updateUserProjects() { $currentProjectsIDs = array_keys(sessionGet('currentProject')); $submittedProjectsIDs = isset(mfcs::$engine->cleanPost['MYSQL']['selectedProjects']) ? mfcs::$engine->cleanPost['MYSQL']['selectedProjects'] : array(); try { // Delete project IDs that disappeared $deletedIDs = array_diff($currentProjectsIDs, $submittedProjectsIDs); if (sizeof($deletedIDs)) { $deleteSQL = sprintf("DELETE FROM users_projects WHERE userID='%s' AND projectID IN (%s)", users::user('ID'), implode(',', $deletedIDs)); $deleteSQLResult = mfcs::$engine->openDB->query($deleteSQL); if (!$deleteSQLResult['result']) { throw new Exception("MySQL Error - " . $deleteSQLResult['error']); } } // Add project IDs that appeared $addedIDs = array_diff($submittedProjectsIDs, $currentProjectsIDs); if (sizeof($addedIDs)) { $keyPairs = array(); foreach ($addedIDs as $addedID) { $keyPairs[] = sprintf("('%s','%s')", users::user('ID'), $addedID); } $insertSQL = sprintf("INSERT INTO users_projects (userID,projectID) VALUES %s", implode(',', $keyPairs)); $insertSQLResult = mfcs::$engine->openDB->query($insertSQL); if (!$insertSQLResult['result']) { throw new Exception("MySQL Error - " . $insertSQLResult['error']); } } // If we get here either nothing happened, or everything worked (no errors happened) $result = array('success' => TRUE, 'deletedIDs' => $deletedIDs, 'addedIDs' => $addedIDs); } catch (Exception $e) { $result = array('success' => FALSE, 'errorMsg' => $e->getMessage()); } return $result; }
public static function applyFieldVariables($formatString) { // Process user variables if (stripos($formatString, '%userid%') !== FALSE) { $formatString = str_ireplace('%userid%', users::user('ID'), $formatString); } if (stripos($formatString, '%username%') !== FALSE) { $formatString = str_ireplace('%username%', users::user('username'), $formatString); } if (stripos($formatString, '%firstname%') !== FALSE) { $formatString = str_ireplace('%firstname%', users::user('firstname'), $formatString); } if (stripos($formatString, '%lastname%') !== FALSE) { $formatString = str_ireplace('%lastname%', users::user('lastname'), $formatString); } // Process static (no custom format) date/time variables if (stripos($formatString, '%date%') !== FALSE) { $formatString = str_ireplace('%date%', date('Y-m-d'), $formatString); } if (stripos($formatString, '%time%') !== FALSE) { $formatString = str_ireplace('%time%', date('H:i:s'), $formatString); } if (stripos($formatString, '%time12%') !== FALSE) { $formatString = str_ireplace('%time12%', date('g:i:s A'), $formatString); } if (stripos($formatString, '%time24%') !== FALSE) { $formatString = str_ireplace('%time24%', date('H:i:s'), $formatString); } if (stripos($formatString, '%timestamp%') !== FALSE) { $formatString = str_ireplace('%timestamp%', time(), $formatString); } // Process custom date/time variables $formatString = preg_replace_callback('/%date\\((.+?)\\)%/i', function ($matches) { return date($matches[1]); }, $formatString); // And, return the result return $formatString; }
private static function createTable($data, $headers = NULL, $pagination = TRUE, $formID = NULL) { $table = new tableObject("array"); $table->summary = "Object Listing"; $table->sortable = FALSE; $table->class = "table table-striped table-bordered"; $table->id = "objectListingTable"; $table->layout = TRUE; if (isnull($headers)) { $headers = array(); $headers[] = "System IDNO"; $headers[] = "Form IDNO"; $headers[] = "Title"; $headers[] = "View"; $headers[] = "Edit"; // $headers[] = "Revisions"; } $table->headers($headers); $userPaginationCount = users::user('pagination', 25); if ($pagination && sizeof($data) > $userPaginationCount) { $engine = mfcs::$engine; $pagination = new pagination(sizeof($data)); $pagination->itemsPerPage = $userPaginationCount; $pagination->currentPage = isset($engine->cleanGet['MYSQL'][$pagination->urlVar]) ? $engine->cleanGet['MYSQL'][$pagination->urlVar] : 1; $startPos = $userPaginationCount * ($pagination->currentPage - 1); $dataNodes = array_slice($data, $startPos, $userPaginationCount); $tableHTML = $table->display($dataNodes); $tableHTML .= $pagination->nav_bar(); $tableHTML .= sprintf('<p><span class="paginationJumpLabel">Jump to Page:</span> %s</p>', $pagination->dropdown()); $tableHTML .= sprintf('<p><span class="paginationJumpLabel">Records per page:</span> %s</p>', $pagination->recordsPerPageDropdown()); $tableHTML .= sprintf('<p><form id="jumpToIDNOForm"><span class="paginationJumpLabel">Jump to IDNO:</span> <input type="text" name="jumpToIDNO" id="jumpToIDNO" data-formid="%s" value="" /></form></p>', isnull($formID) ? "" : htmlSanitize($formID)); return $tableHTML; } else { return $table->display($data); } }
public static function update($objectID, $formID, $data, $metadata, $parentID = 0, $modifiedTime = NULL) { if (!is_array($data)) { errorHandle::newError(__METHOD__ . "() - : data is not array", errorHandle::DEBUG); return FALSE; } // Get the current Form if (($form = forms::get($formID)) === FALSE) { errorHandle::newError(__METHOD__ . "() - retrieving form by formID", errorHandle::DEBUG); return FALSE; } // the form is an object form, make sure that it has an ID field defined. if (($idnoInfo = forms::getFormIDInfo($formID)) === FALSE) { errorHandle::newError(__METHOD__ . "() - no IDNO field for object form.", errorHandle::DEBUG); return FALSE; } // begin transactions $result = mfcs::$engine->openDB->transBegin("objects"); if ($result !== TRUE) { errorHandle::newError(__METHOD__ . "() - unable to start database transactions", errorHandle::DEBUG); return FALSE; } // place old version into revision control // excluding metadata objects if ($metadata == 0) { $rcs = revisions::create(); $return = $rcs->insertRevision($objectID); if ($return !== TRUE) { mfcs::$engine->openDB->transRollback(); mfcs::$engine->openDB->transEnd(); errorHandle::newError(__METHOD__ . "() - unable to insert revisions", errorHandle::DEBUG); return FALSE; } } // insert new version $sql = sprintf("UPDATE `objects` SET `parentID`='%s', `data`='%s', `formID`='%s', `metadata`='%s', `modifiedTime`='%s', `modifiedBy`='%s' WHERE `ID`='%s'", isset(mfcs::$engine->cleanPost['MYSQL']['parentID']) ? mfcs::$engine->cleanPost['MYSQL']['parentID'] : mfcs::$engine->openDB->escape($parentID), encodeFields($data), mfcs::$engine->openDB->escape($formID), mfcs::$engine->openDB->escape($metadata), isnull($modifiedTime) ? time() : $modifiedTime, mfcs::$engine->openDB->escape(users::user('ID')), mfcs::$engine->openDB->escape($objectID)); $sqlResult = mfcs::$engine->openDB->query($sql); if (!$sqlResult['result']) { mfcs::$engine->openDB->transRollback(); mfcs::$engine->openDB->transEnd(); errorHandle::newError(__METHOD__ . "() - " . $sql . " -- " . $sqlResult['error'], errorHandle::DEBUG); return FALSE; } // Insert into the new data table if (self::insertObjectData($objectID, $data, $formID) === FALSE) { mfcs::$engine->openDB->transRollback(); mfcs::$engine->openDB->transEnd(); errorHandle::newError(__METHOD__ . "() - inserting objects", errorHandle::DEBUG); return FALSE; } // Update duplicate matching table if (duplicates::updateDupeTable($formID, $objectID, $data) === FALSE) { mfcs::$engine->openDB->transRollback(); mfcs::$engine->openDB->transEnd(); errorHandle::newError(__METHOD__ . "() - updating dupe matching", errorHandle::DEBUG); return FALSE; } // if it is an object form (not a metadata form) // do the IDNO stuff // We only have to do this if the IDNO is managed by the user if ($form['metadata'] == "0" && $idnoInfo['managedBy'] != "system") { // the form is an object form, make sure that it has an ID field defined. if (($idnoInfo = forms::getFormIDInfo($formID)) === FALSE) { errorHandle::newError(__METHOD__ . "() - no IDNO field for object form.", errorHandle::DEBUG); return FALSE; } $idno = isset(mfcs::$engine->cleanPost['MYSQL']['idno']) && !isempty(mfcs::$engine->cleanPost['MYSQL']['idno']) ? mfcs::$engine->cleanPost['MYSQL']['idno'] : self::getIDNOForObjectID($objectID); if ($idno === FALSE || isempty($idno)) { mfcs::$engine->openDB->transRollback(); mfcs::$engine->openDB->transEnd(); return FALSE; } if (!self::updateIDNO($objectID, $idno)) { mfcs::$engine->openDB->transRollback(); mfcs::$engine->openDB->transEnd(); errorHandle::newError(__METHOD__ . "() - updating the IDNO: " . $sqlResult['error'], errorHandle::DEBUG); return FALSE; } } // end transactions mfcs::$engine->openDB->transCommit(); mfcs::$engine->openDB->transEnd(); return TRUE; }