public function save_password($username, $password)
{
if ($username == "") {
return false;
} else {
if (is_false($password["password_hashed"])) {
$password["password"] = hash(PASSWORD_HASH, $password["password"] . hash(PASSWORD_HASH, $username));
}
}
$query = "update users set password=%s where username=%s";
return $this->db->query($query, $password["password"], $username) != false;
}
function is_boolean()
{
$params = func_get_args();
$count = func_num_args();
$value = null;
if (_get_value($params, $count, $value)) {
if (!is_true($value) && !is_false($value)) {
return false;
}
return true;
}
return false;
}
public function update_profile($profile)
{
$profile["status"] = USER_STATUS_ACTIVE;
$keys = array("email", "notification_key", "notification_method", "daily_report");
if ($profile["password"] != "") {
array_push($keys, "password");
array_push($keys, "status");
if (is_false($profile["password_hashed"])) {
$profile["password"] = hash(PASSWORD_HASH, $profile["password"] . hash(PASSWORD_HASH, $this->user->username));
}
}
$profile["daily_report"] = is_true($profile["daily_report"]) ? YES : NO;
return $this->db->update("users", $this->user->id, $profile, $keys) !== false;
}
public function __construct($db, $settings, $user)
{
$this->db = $db;
$this->settings = $settings;
$this->user = $user;
/* AJAX request
*/
if ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" || $_GET["output"] == "ajax") {
$this->ajax_request = true;
}
/* Select module
*/
if (is_true(ENFORCE_HTTPS) && $_SERVER["HTTPS"] != "on") {
header(sprintf("Location: https://%s%s", $_SERVER["HTTP_HOST"], $_SERVER["REQUEST_URI"]));
header("Strict-Transport-Security: max-age=31536000");
$this->module = ERROR_MODULE;
$this->http_code = 301;
} else {
if (is_false(WEBSITE_ONLINE) && $_SERVER["REMOTE_ADDR"] != WEBSITE_ONLINE) {
$this->module = "banshee/offline";
} else {
if ($this->db->connected == false) {
if (module_exists("setup") && is_true(DEBUG_MODE)) {
$this->module = "setup";
} else {
$this->module = ERROR_MODULE;
$this->http_code = 500;
}
} else {
list($this->url) = explode("?", $_SERVER["REQUEST_URI"], 2);
$path = trim($this->url, "/");
if ($path == "") {
$page = $this->settings->start_page;
} else {
if (valid_input($path, VALIDATE_URL, VALIDATE_NONEMPTY)) {
$page = $path;
} else {
$this->module = ERROR_MODULE;
$this->http_code = 404;
}
}
$this->pathinfo = explode("/", $page);
}
}
}
if ($this->module === null) {
$this->select_module($page);
}
}
public function execute()
{
$menu = array("Authentication & authorization" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "Flags" => array("cms/flag", "flags.png"), "User switch" => array("cms/switch", "switch.png")), "Content" => array("Agenda" => array("cms/agenda", "agenda.png"), "Dictionary" => array("cms/dictionary", "dictionary.png"), "F.A.Q." => array("cms/faq", "faq.png"), "Files" => array("cms/file", "file.png"), "Forum" => array("cms/forum", "forum.png"), "Guestbook" => array("cms/guestbook", "guestbook.png"), "Languages" => array("cms/language", "language.png"), "Links" => array("cms/links", "links.png"), "Menu" => array("cms/menu", "menu.png"), "News" => array("cms/news", "news.png"), "Pages" => array("cms/page", "page.png"), "Polls" => array("cms/poll", "poll.png"), "Weblog" => array("cms/weblog", "weblog.png")), "Photo album" => array("Albums" => array("cms/album", "album.png"), "Collections" => array("cms/collection", "collection.png"), "Photos" => array("cms/photo", "photo.png")), "Newsletter" => array("Newsletter" => array("cms/newsletter", "newsletter.png"), "Subscriptions" => array("cms/subscriptions", "subscriptions.png")), "System" => array("Logging" => array("cms/logging", "logging.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png"), "API test" => array("cms/apitest", "apitest.png")));
/* Show warnings
*/
if ($this->user->is_admin) {
if (module_exists("setup")) {
$this->output->add_system_warning("The setup module is still available. Remove it from settings/public_modules.conf.");
}
if ($this->user->id == 1 && $this->user->password == "c10b391ff5e75af6ee8469539e6a5428f09eff7e693d6a8c4de0e5525cd9b287") {
$this->output->add_system_warning("Don't forget to change the password of the admin account!");
}
if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") {
$this->output->add_system_warning("Don't forget to change the secret_website_code setting.");
}
if (is_true(DEBUG_MODE)) {
$this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
}
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
}
/* Show icons
*/
if (is_false(MULTILINGUAL)) {
unset($menu["Content"]["Languages"]);
}
$access_list = page_access_list($this->db, $this->user);
$private_modules = config_file("private_modules");
$this->output->open_tag("menu");
foreach ($menu as $text => $section) {
$this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__")));
foreach ($section as $text => $info) {
list($module, $icon) = $info;
if (in_array($module, $private_modules) == false) {
continue;
}
if (isset($access_list[$module])) {
$access = $access_list[$module] > 0;
} else {
$access = true;
}
$this->output->add_tag("entry", $module, array("text" => $text, "access" => show_boolean($access), "icon" => $icon));
}
$this->output->close_tag();
}
$this->output->close_tag();
}
public function execute()
{
$menu = array("Authentication, authorization & system" => array("Users" => array("cms/user", "users.png"), "Roles" => array("cms/role", "roles.png"), "Organisations" => array("cms/organisation", "organisations.png"), "Access" => array("cms/access", "access.png"), "User switch" => array("cms/switch", "switch.png"), "Action log" => array("cms/action", "action.png"), "Settings" => array("cms/settings", "settings.png")), "Content" => array("Files" => array("cms/file", "file.png"), "Hostnames" => array("cms/hostname", "hostname.gif"), "Menu" => array("cms/menu", "menu.png"), "Pages" => array("cms/page", "page.png"), "Webservers" => array("cms/webserver", "webserver.png")));
/* Show warnings
*/
if ($this->user->is_admin) {
if ($this->user->id == 1 && $this->user->password == "610706e9a48f85476e04d270bd6dc7492cdcd9ad7e91878007dff629ab11f195") {
$this->output->add_system_warning("Don't forget to change the password of the admin account!");
}
if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") {
$this->output->add_system_warning("Don't forget to change the secret_website_code setting.");
}
if (is_true(DEBUG_MODE)) {
$this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
}
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
}
/* Show icons
*/
if (is_false(MULTILINGUAL)) {
unset($menu["Content"]["Languages"]);
}
$access_list = page_access_list($this->db, $this->user);
$private_pages = config_file("private_pages");
$this->output->open_tag("menu");
foreach ($menu as $text => $section) {
$this->output->open_tag("section", array("text" => $text, "class" => strtr(strtolower($text), " &", "__")));
foreach ($section as $text => $info) {
list($page, $icon) = $info;
if (in_array($page, $private_pages) == false) {
continue;
}
if (isset($access_list[$page])) {
$access = $access_list[$page] > 0;
} else {
$access = true;
}
$this->output->add_tag("entry", $page, array("text" => $text, "access" => show_boolean($access), "icon" => $icon));
}
$this->output->close_tag();
}
$this->output->close_tag();
}
function validate_session($credential_store = 'credential')
{
$pk_entity = -1;
if (is_missing($_SESSION, $credential_store)) {
# Server has no session credentials stored.
}
if (is_missing_or_empty($_SESSION, $credential_store)) {
error_log("db_lib/validate_session() credential exists, but is empty");
return -1;
}
$entity_record = $_SESSION[$credential_store];
$pk_entity = intval($entity_record['entity']);
if ($pk_entity <= 0) {
return -1;
}
if (is_false($entity_record, 'entity')) {
$pk_entity = null;
return -1;
}
return $pk_entity;
}
public function generate()
{
if ($this->disabled) {
return;
}
if (headers_sent() == false && $this->http_status != 200) {
header(sprintf("Status: %d", $this->http_status));
}
switch ($this->mode) {
case "json":
$data = $this->array;
$data = $this->optimize_for_json($data);
header("Content-Type: application/json");
$result = json_encode($data["output"]);
break;
case "xml":
header("Content-Type: text/xml");
$result = $this->document;
break;
case "data":
header("Content-Type: text/plain");
$result = $this->document;
break;
case null:
$xslt_file = "../views/" . $this->page->view . ".xslt";
if (($result = parent::transform($xslt_file)) === false) {
header("Status: 500");
header("Content-Type: text/plain");
$result = "Banshee: Fatal XSL Transformation error.\n";
if (file_exists($xslt_file) == false) {
$result .= sprintf("%s: file not found.\n", substr($xslt_file, 3));
} else {
$result .= sprintf("%s: invalid XML.\n", substr($xslt_file, 3));
}
break;
}
/* Print headers
*/
if (headers_sent() == false) {
header("X-Frame-Options: sameorigin");
if ($this->activate_hiawatha_cache()) {
header("X-Hiawatha-Cache: " . $this->hiawatha_cache_time);
}
header("Content-Type: " . $this->content_type);
header("Content-Language: " . $this->language);
if (is_false(ini_get("zlib.output_compression"))) {
if ($this->can_gzip_output($result)) {
header("Content-Encoding: gzip");
$result = gzencode($result, 6);
}
header("Content-Length: " . strlen($result));
}
header("Vary: Accept-Encoding");
header("X-Powered-By: Banshee PHP framework v" . BANSHEE_VERSION);
}
break;
default:
$result = "Unknown output type";
}
return $result;
}
function executeQuery($sql_query_str)
{
set_error_handler("txtdbapi_error_handler");
txtdbapi_clear_errors();
debug_printb("[executeQuery] Query: {$sql_query_str}<br>");
// Parse Query
$start = getmicrotime();
$sqlParser = new SqlParser($sql_query_str);
$sqlQuery = $sqlParser->parseSqlQuery();
debug_print("parseSqlQuery: " . (getmicrotime() - $start) . " seconds elapsed<br>");
// free $sqlParser
unset($sqlParser);
$sqlParser = "";
// Test Query
if (!$sqlQuery || !$sqlQuery->test()) {
restore_error_handler();
return false;
}
$start = getmicrotime();
debug_printb("[executeQuery] Parsed Query:<br>");
if (TXTDBAPI_DEBUG) {
$sqlQuery->dump();
}
// Dispatch
switch ($sqlQuery->type) {
case "SELECT":
$rc = $this->executeSelectQuery($sqlQuery);
break;
case "INSERT":
$rc = $this->executeInsertQuery($sqlQuery);
break;
case "DELETE":
$rc = $this->executeDeleteQuery($sqlQuery);
break;
case "UPDATE":
$rc = $this->executeUpdateQuery($sqlQuery);
break;
case "CREATE TABLE":
$rc = $this->executeCreateTableQuery($sqlQuery);
break;
case "DROP TABLE":
$rc = $this->executeDropTableQuery($sqlQuery);
break;
case "CREATE DATABASE":
$rc = $this->executeCreateDatabaseQuery($sqlQuery);
break;
case "DROP DATABASE":
$rc = $this->executeDropDatabaseQuery($sqlQuery);
break;
case "LIST TABLES":
$rc = $this->executeListTablesQuery($sqlQuery);
break;
default:
print_error_msg("Invalid or unsupported Query Type: " . $sqlQuery->type);
restore_error_handler();
return false;
}
if (is_false($rc)) {
print_error_msg("Query '" . $sql_query_str . "' failed");
}
debug_printb("[executeQuery] Query execution done: " . (getmicrotime() - $start) . " seconds elapsed<br>");
restore_error_handler();
return $rc;
}
function parseResultSetFromFileForAppend($fd)
{
$start = getmicrotime();
$rs = new ResultSet();
// COLUMN NAMES
// read with a maximum of 1000 bytes, until there is a newline included (or eof)
$buf = "";
while (is_false(strstr($buf, "\n"))) {
$buf .= fgets($fd, 1000);
if (feof($fd)) {
print_error_msg("Invalid Table File!<br>");
return null;
}
}
// remove newline
remove_last_char($buf);
$rec = $this->parseRowFromLine($buf);
$rs->setColumnNames($rec);
// COLUMN TYPES
// read with a maximum of 1000 bytes, until there is a newline included (or eof)
$buf = "";
while (is_false(strstr($buf, "\n"))) {
$buf .= fgets($fd, 1000);
if (feof($fd)) {
print_error_msg("Invalid Table File!<br>");
return null;
}
}
// remove newline
remove_last_char($buf);
$rec = $this->parseRowFromLine($buf);
$rs->setColumnTypes($rec);
// COLUMN DEFAULT VALUES
// read with a maximum of 1000 bytes, until there is a newline included (or eof)
$buf = "";
while (is_false(strstr($buf, "\n"))) {
$buf .= fgets($fd, 1000);
if (feof($fd)) {
break;
// there's no newline after the colum types => empty table
}
}
// remove newline
if (last_char($buf) == "\n") {
remove_last_char($buf);
}
$rec = $this->parseRowFromLine($buf);
$rs->setColumnDefaultValues($rec);
// get file size
fseek($fd, 0, SEEK_END);
$size = ftell($fd);
$lastRecSize = min($size, ASSUMED_RECORD_SIZE);
$lastRecPos = false;
while (is_false($lastRecPos)) {
fseek($fd, -$lastRecSize, SEEK_END);
$buf = fread($fd, $lastRecSize);
$lastRecSize = $lastRecSize * 2;
$lastRecSize = min($size, $lastRecSize);
if ($lastRecSize < 1) {
print_error_message("lastRecSize should not be 0! Contact developer please!");
}
$lastRecPos = $this->getLastRecordPosInString($buf);
if (TXTDBAPI_VERBOSE_DEBUG) {
echo "<hr>pass! <br>";
echo "lastRecPos: " . $lastRecPos . "<br>";
echo "buf: " . $buf . "<br>";
}
}
$buf = trim(substr($buf, $lastRecPos));
verbose_debug_print("buf after substr() and trim(): " . $buf . "<br>");
$rs->reset();
$row = $this->parseRowFromLine($buf);
if (TXTDBAPI_VERBOSE_DEBUG) {
echo "parseResultSetFromFileForAppend(): last Row:<br>";
print_r($row);
echo "<br>";
}
$rs->appendRow($row);
$rs->setColumnAliases(create_array_fill(count($rs->colNames), ""));
$rs->setColumnTables(create_array_fill(count($rs->colNames), ""));
$rs->setColumnTableAliases(create_array_fill(count($rs->colNames), ""));
$rs->setColumnFunctions(create_array_fill(count($rs->colNames), ""));
$rs->colFuncsExecuted = create_array_fill(count($rs->colNames), false);
debug_print("<i>III: parseResultSetFromFileForAppend: " . (getmicrotime() - $start) . " seconds elapsed</i><br>");
return $rs;
}
public function save_oke($user)
{
$result = true;
if (isset($user["id"])) {
if (($current = $this->get_user($user["id"])) == false) {
$this->output->add_message("User not found.");
return false;
}
/* Non-admins cannot edit admins
*/
if ($this->user->is_admin == false) {
if ($this->access_allowed_for_non_admin($current) == false) {
$this->output->add_message("You are not allowed to edit this user.");
$this->user->log_action("unauthorized update attempt of user %d", $user["id"]);
return false;
}
}
/* Username changed need password to be reset
*/
if ($user["username"] != $current["username"] && $user["password"] == "") {
$this->output->add_message("Username change needs password to be re-entered.");
$result = false;
}
}
/* Check username
*/
if ($user["username"] == "" || $user["fullname"] == "") {
$this->output->add_message("The username and full name cannot be empty.");
$result = false;
} else {
if (valid_input($user["username"], VALIDATE_LETTERS . VALIDATE_NUMBERS) == false) {
$this->output->add_message("Invalid characters in username.");
$result = false;
} else {
if (($check = $this->db->entry("users", $user["username"], "username")) != false) {
if ($check["id"] != $user["id"]) {
$this->output->add_message("Username already exists.");
$result = false;
}
}
}
}
/* Check password
*/
if (isset($user["id"]) == false) {
if ($user["password"] == "" && is_false($user["generate"])) {
$this->output->add_message("Fill in the password or let Banshee generate one.");
$result = false;
}
}
/* Check e-mail
*/
if (valid_email($user["email"]) == false) {
$this->output->add_message("Invalid e-mail address.");
$result = false;
} else {
if (($check = $this->db->entry("users", $user["email"], "email")) != false) {
if ($check["id"] != $user["id"]) {
$this->output->add_message("E-mail address already exists.");
$result = false;
}
}
}
/* Check certificate serial
*/
if (valid_input($user["cert_serial"], VALIDATE_NUMBERS) == false) {
$this->output->add_message("The certificate serial must be a number.");
$result = false;
}
return $result;
}
public function testIsNotFalse()
{
$this->assertFalse(is_false(null));
}
function parseNextChar()
{
if (!(++$this->currentPos < strlen($this->workingStr))) {
return false;
}
$this->currentChar = $this->workingStr[$this->currentPos];
$c = $this->currentChar;
verbose_debug_print("<hr>");
verbose_debug_print("StringParser:: current char: '" . $c . "' <br>");
// update escape char tracking vars
if ($this->currentIsEscape) {
$this->lastWasEscape = true;
$this->currentIsEscape = false;
} else {
$this->lastWasEscape = false;
$this->currentIsEscape = false;
}
// escape char:
if ($c == $this->escapeChar) {
verbose_debug_print("StringParser:: escape char matched: " . $c . "<br>");
// last was escape: 2 escape chars => the char is used, and the escapement meaning is lost
if ($this->lastWasEscape) {
$this->currentIsEscape = false;
$this->lastWasEscape = false;
$this->currentElement .= $c;
// last was not escape, so the current has escape meaning
} else {
$this->currentIsEscape = true;
// add only if we don't remove escape chars
if (!$this->removeEscapeChars) {
$this->currentElement .= $c;
}
}
return true;
}
// handle quote chars (only if the last was no escape char)
if (!$this->lastWasEscape) {
for ($j = 0; $j < count($this->quoteChars); ++$j) {
if ($c == $this->quoteChars[$j]) {
// are we in this quotes OR not in other quotes => swap quote var
if ($this->inQuotes[$j] || is_false(in_array(1, $this->inQuotes))) {
$this->inQuotes[$j] = !$this->inQuotes[$j];
// add only if $this->removeQuotes isn't set
if (!$this->removeQuotes) {
$this->currentElement .= $c;
}
// else ignore the quotes meaning, but add it anyway
} else {
$this->currentElement .= $c;
}
return true;
}
}
}
// handle whitespace chars (if we are not in quotes)
if (is_false(in_array(1, $this->inQuotes))) {
for ($j = 0; $j < count($this->whitespaceChars); ++$j) {
if ($c == $this->whitespaceChars[$j]) {
verbose_debug_print("StringParser:: whitespace matched: '" . $c . "' nr: " . $j . "<br>");
// whitespace found, return element if the strlen() is > 0
if (strlen($this->currentElement) > 0) {
//++$this->currentPos; // skip the whitespace
// break all for's an return $element:
//break 2;
$this->elementFinished = true;
return true;
}
// ignore the whitespace => continue
return true;
}
}
}
// search for specialElements, but only if we are not in quotes
if (is_false(in_array(1, $this->inQuotes))) {
$testStr = substr($this->workingStr, $this->currentPos, $this->specialElementsMaxLen);
verbose_debug_print("StringParser:: testStr is " . $testStr . "<br>");
if (!is_false($specialElem = array_search_stri_start($testStr, $this->specialElements))) {
verbose_debug_print("special Element found: " . $specialElem . "<br>");
// specialElement found!
// strlen(element)>0 ? return current element
if (strlen($this->currentElement) > 0) {
verbose_debug_print("returning last Element !<br>");
$this->elementFinished = true;
--$this->currentPos;
return true;
// make the specialElement the current element and return it
} else {
verbose_debug_print("returning specialElement !<br>");
$this->currentElement = $specialElem;
$this->currentPos += strlen($specialElem);
--$this->currentPos;
$this->elementFinished = true;
return true;
}
}
}
// none of the previous tests matches, add the current char to the element
verbose_debug_print("StringParser:: normal char...<br>");
$this->currentElement .= $c;
return true;
}
function parseSelectQuery()
{
$colNames = array();
$colTables = array();
$colAliases = array();
$colFuncs = array();
$fieldValues = array();
$tables = array();
$tableAliases = array();
$groupColumns = array();
$orderColumns = array();
$orderTypes = array();
$where_expr = "";
$distinct = 0;
// parse Distinct
if (strtoupper($this->peekNextElement()) == "DISTINCT") {
$distinct = 1;
$this->skipNextElement();
}
// parse Columns
$arrElements = array();
$colIndex = -1;
while ($this->parseNextElements(",", array("FROM"), $arrElements)) {
++$colIndex;
$colNames[$colIndex] = "";
$colTables[$colIndex] = "";
$colAliases[$colIndex] = "";
$colFuncs[$colIndex] = "";
// FUNC() | FUNC(col) | FUNC(table.col) | FUNC(col) AS alias | FUNC(table.col) AS alias | FUNC() AS alias
// function ?
if (count($arrElements) >= 3 && $arrElements[1] == "(") {
$colFuncs[$colIndex] = strtoupper($arrElements[0]);
// remove function from $arrElements
array_splice($arrElements, 0, 2);
$pos = array_search(")", $arrElements);
if (!is_false($pos) && !_is_null($pos)) {
array_splice($arrElements, $pos, 1);
}
}
// *empty array* | col | table.col | col AS alias | table.col AS alias | AS alias
// table ?
if (count($arrElements) >= 3 && $arrElements[1] == ".") {
$colTables[$colIndex] = $arrElements[0];
array_splice($arrElements, 0, 2);
}
// *empty array* | col | col AS alias | AS alias
// alias ?
if (count($arrElements) >= 3 && strtoupper($arrElements[1]) == "AS") {
$colAliases[$colIndex] = $arrElements[2];
array_splice($arrElements, 1, 2);
}
// *empty array* | col | AS alias
// alias on function without column
if (count($arrElements) >= 2 && strtoupper($arrElements[0]) == "AS") {
$colAliases[$colIndex] = $arrElements[1];
array_splice($arrElements, 0, 2);
}
// *empty array* | col
// column name ?
if (count($arrElements) >= 1) {
$colNames[$colIndex] = $arrElements[0];
array_splice($arrElements, 0, 1);
}
if (count($arrElements) > 0) {
$errStr = "Unexpected Element(s): ";
for ($i = 0; $i < count($arrElements); ++$i) {
$errStr .= $arrElements[$i] . " ";
}
print_error_msg($errStr);
return null;
}
}
// skip FROM
$this->skipNextElement();
// parse Tables
$arrElements = array();
while ($this->parseNextElements(",", array("GROUP", "WHERE", "ORDER", "LIMIT", ";"), $arrElements)) {
$tables[] = $arrElements[0];
if (count($arrElements) > 2 && strtoupper($arrElements[1]) == "AS") {
$tableAliases[] = $arrElements[2];
// mysql like Table aliasing support, without AS
} else {
if (count($arrElements) > 1) {
$tableAliases[] = $arrElements[1];
// end of mysql like Table aliasing support
} else {
$tableAliases[] = "";
}
}
}
// parse Where statement (Raw, because the escape-chars are needend in the ExpressionParser)
if (strtoupper($this->peekNextElement()) == "WHERE") {
$this->skipNextElement();
while (!is_empty_str($elem = $this->peekNextElementRaw())) {
if (strtoupper($elem) == "GROUP" || strtoupper($elem) == "ORDER" || $elem == ";" || strtoupper($elem) == "LIMIT") {
break;
}
$this->skipNextElement();
// no " " on points
if ($elem == ".") {
remove_last_char($where_expr);
$where_expr .= $elem;
} else {
$where_expr .= $elem . " ";
}
}
}
debug_print("WHERE EXPR: {$where_expr}<br>");
// parse GROUP BY
$groupColumnIndex = 0;
if (strtoupper($this->peekNextElement()) == "GROUP") {
$this->skipNextElement();
if (strtoupper($this->parseNextElement()) != "BY") {
print_error_msg("BY expected");
return null;
}
while (!is_empty_str($elem = $this->peekNextElement())) {
if ($elem == ";" || strtoupper($elem) == "LIMIT" || strtoupper($elem) == "ORDER") {
break;
}
$this->skipNextElement();
if ($elem == ",") {
$groupColumnIndex++;
} else {
if (!isset($groupColumns[$groupColumnIndex])) {
$groupColumns[$groupColumnIndex] = $elem;
} else {
$groupColumns[$groupColumnIndex] .= $elem;
}
}
}
}
// parse ORDER BY
$orderColumnIndex = 0;
if (strtoupper($this->peekNextElement()) == "ORDER") {
$this->skipNextElement();
if (strtoupper($this->parseNextElement()) != "BY") {
print_error_msg("BY expected");
return null;
}
while (!is_empty_str($elem = $this->peekNextElement())) {
if ($elem == ";" || strtoupper($elem) == "LIMIT") {
break;
}
$this->skipNextElement();
if ($elem == ",") {
$orderColumnIndex++;
} else {
if (strtoupper($elem) == "ASC") {
$orderTypes[$orderColumnIndex] = ORDER_ASC;
} else {
if (strtoupper($elem) == "DESC") {
$orderTypes[$orderColumnIndex] = ORDER_DESC;
} else {
if (!isset($orderColumns[$orderColumnIndex])) {
$orderColumns[$orderColumnIndex] = $elem;
} else {
$orderColumns[$orderColumnIndex] .= $elem;
}
$orderTypes[$orderColumnIndex] = ORDER_ASC;
}
}
}
}
}
// parse LIMIT
$limit = array();
if (strtoupper($this->peekNextElement()) == "LIMIT") {
$this->skipNextElement();
while (!is_empty_str($elem = $this->peekNextElement())) {
if ($elem == ";") {
break;
}
$this->skipNextElement();
if ($elem != ",") {
$limit[] = $elem;
}
}
}
$sqlObj = new SqlQuery("SELECT", $colNames, $tables, $colAliases, $colTables, $where_expr, $groupColumns, $orderColumns, $orderTypes, $limit);
$sqlObj->tableAliases = $tableAliases;
$sqlObj->colFuncs = $colFuncs;
$sqlObj->distinct = $distinct;
return $sqlObj;
}
public function save_access($page_id, $roles)
{
if ($this->db->query("delete from page_access where page_id=%d", $page_id) === false) {
return false;
}
if (is_array($roles) == false) {
return true;
}
foreach ($roles as $role_id => $has_role) {
if (is_false($has_role) || $role_id == ADMIN_ROLE_ID) {
continue;
}
$values = array("page_id" => (int) $page_id, "role_id" => (int) $role_id, "level" => 1);
if ($this->db->insert("page_access", $values) === false) {
return false;
}
}
return true;
}
/**
* vdebug()
*
* @param mixed $data
* @param bool $die FALSE
* @param bool $add_var_dump FALSE
* @param bool $add_last_query TRUE
* @return void
*/
function vdebug($data, $die = false, $add_var_dump = false, $add_last_query = true)
{
$CI =& get_instance();
$CI->load->library('unit_test');
$bt = debug_backtrace();
$src = file($bt[0]["file"]);
$line = $src[$bt[0]['line'] - 1];
# Match the function call and the last closing bracket
preg_match('#' . __FUNCTION__ . '\\((.+)\\)#', $line, $match);
$max = strlen($match[1]);
$varname = NULL;
$c = 0;
for ($i = 0; $i < $max; $i++) {
if ($match[1][$i] == "(") {
$c++;
} elseif ($match[1][$i] == ")") {
$c--;
}
if ($c < 0) {
break;
}
$varname .= $match[1][$i];
}
if (is_object($data)) {
$message = 'Variable holds an OBJECT';
} elseif (is_array($data)) {
$message = 'Variable holds an ARRAY';
} elseif (is_string($data)) {
$message = 'Variable holds a STRING';
} elseif (is_int($data)) {
$message = 'Variable holds a INTEGER';
} elseif (is_true($data)) {
$message = 'Variable holds a TRUE BOOLEAN';
} elseif (is_false($data)) {
$message = 'Variable holds a FALSE BOOLEAN';
} elseif (is_null($data)) {
$message = 'Variable is NULL';
} elseif (is_float($data)) {
$message = 'Variable is FLOAT';
} else {
$message = 'N/A';
}
$output = '<div style="clear:both;"></div>';
$output .= '<meta charset="UTF-8" />';
$output .= '<style>::selection{background-color:#E13300!important;color:#fff}::moz-selection{background-color:#E13300!important;color:#fff}::webkit-selection{background-color:#E13300!important;color:#fff}div.debugbody{background-color:#fff;margin:40px;font:9px/12px normal;font-family:Arial,Helvetica,sans-serif;color:#4F5155;min-width:500px}a.debughref{color:#039;background-color:transparent;font-weight:400}h1.debugheader{color:#444;background-color:transparent;border-bottom:1px solid #D0D0D0;font-size:12px;line-height:14px;font-weight:700;margin:0 0 14px;padding:14px 15px 10px;font-family:Consolas}code.debugcode{font-family:Consolas,Monaco,Courier New,Courier,monospace;font-size:12px;background-color:#f9f9f9;border:1px solid #D0D0D0;color:#002166;display:block;margin:10px 0;padding:5px 10px 15px}pre.debugpre{display:block;padding:0;margin:0;color:#002166;font:12px/14px normal;font-family:Consolas,Monaco,Courier New,Courier,monospace;background:0;border:0}div.debugcontent{margin:0 15px}p.debugp{margin:0;padding:0}.debugitalic{font-style:italic}.debutextR{text-align:right;margin-bottom:0;margin-top:0}.debugbold{font-weight:700}p.debugfooter{text-align:right;font-size:11px;border-top:1px solid #D0D0D0;line-height:32px;padding:0 10px;margin:20px 0 0}div.debugcontainer{margin:10px;border:1px solid #D0D0D0;-webkit-box-shadow:0 0 8px #D0D0D0}code.debug p{padding:0;margin:0;width:100%;text-align:right;font-weight:700;text-transform:uppercase;border-bottom:1px dotted #CCC;clear:right}code.debug span{float:left;font-style:italic;color:#CCC}</style>';
$output .= '<div class="debugbody"><div class="debugcontainer">';
$output .= '<h1 class="debugheader">' . $varname . '</h1>';
$output .= '<div class="debugcontent">';
$output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: Variable Type</p>' . $message . '</code>';
if ($add_last_query) {
if ($CI->db->last_query()) {
$output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: $CI->db->last_query()</p>';
$output .= $CI->db->last_query();
$output .= '</code>';
}
}
$output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: print_r</p><pre class="debugpre">';
ob_start();
print_r($data);
$output .= trim(ob_get_clean());
$output .= '</pre></code>';
if ($add_var_dump) {
$output .= '<code class="debugcode"><p class="debugp debugbold debutextR">:: var_dump</p><pre class="debugpre">';
ob_start();
var_dump($data);
$vardump = trim(ob_get_clean());
$vardump = preg_replace("/\\]\\=\\>\n(\\s+)/m", "] => ", $vardump);
$output .= $vardump;
$output .= '</pre></code>';
}
$output .= '</div><p class="debugfooter">Vayes Debug Helper © Yahya A. Erturan</p></div></div>';
$output .= '<div style="clear:both;"></div>';
if (PHP_SAPI == 'cli') {
echo $varname . ' = ' . PHP_EOL . $output . PHP_EOL . PHP_EOL;
return;
}
echo $output;
if ($die) {
exit;
}
}
public function execute()
{
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["submit_button"] == "Save user") {
/* Fix password
*/
if (is_true($_POST["generate"])) {
$_POST["password"] = random_string(10);
$_POST["password_hashed"] = false;
}
if (is_false($_POST["password_hashed"]) && $_POST["password"] != "") {
$_POST["plaintext"] = $_POST["password"];
$_POST["password"] = hash(PASSWORD_HASH, $_POST["password"] . hash(PASSWORD_HASH, $_POST["username"]));
}
/* Save user
*/
if ($this->model->save_oke($_POST) == false) {
$this->show_user_form($_POST);
} else {
if (isset($_POST["id"]) === false) {
/* Create user
*/
if ($this->model->create_user($_POST) === false) {
$this->output->add_message("Database error while creating user.");
$this->show_user_form($_POST);
} else {
$this->user->log_action("user %s created", $_POST["username"]);
if (is_true($_POST["generate"])) {
$this->model->send_notification($_POST);
}
$this->show_user_overview();
}
} else {
/* Update user
*/
$username = $this->model->get_username($_POST["id"]);
if ($this->model->update_user($_POST) === false) {
$this->output->add_message("Database error while updating user.");
$this->show_user_form($_POST);
} else {
if ($_POST["username"] == $username) {
$name = $_POST["id"];
} else {
$name = sprintf("%s -> %s", $username, $_POST["username"]);
}
$this->user->log_action("user %s updated", $name);
if (is_true($_POST["generate"])) {
$this->model->send_notification($_POST);
}
$this->show_user_overview();
}
}
}
} else {
if ($_POST["submit_button"] == "Delete user") {
/* Delete user
*/
$username = $this->model->get_username($_POST["id"]);
if ($this->model->delete_oke($_POST["id"]) == false) {
$this->show_user_form($_POST);
} else {
if ($this->model->delete_user($_POST["id"]) == false) {
$this->output->add_tag("result", "Database error while deleting user.");
} else {
$this->user->log_action("user %s deleted", $username);
$this->show_user_overview();
}
}
} else {
$this->show_user_overview();
}
}
} else {
if ($this->page->pathinfo[2] == "new") {
/* Show the user webform
*/
$user = array("organisation_id" => $this->user->organisation_id, "roles" => array(ADMIN_ROLE_ID + 1), "status" => USER_STATUS_CHANGEPWD);
$this->show_user_form($user);
} else {
if (valid_input($this->page->pathinfo[2], VALIDATE_NUMBERS, VALIDATE_NONEMPTY)) {
/* Show the user webform
*/
if (($user = $this->model->get_user($this->page->pathinfo[2])) == false) {
$this->output->add_tag("result", "User not found.");
} else {
$this->show_user_form($user);
}
} else {
/* Show a list of all users
*/
$this->show_user_overview();
}
}
}
}
function page_access_list($db, $user)
{
$access_rights = array();
/* Public pages on disk
*/
$public = page_to_module(config_file("public_pages"));
foreach ($public as $page) {
$access_rights[$page] = 1;
}
/* Private pages on disk
*/
$private_pages = page_to_module(config_file("private_pages"));
foreach ($private_pages as $page) {
$access_rights[$page] = $user->is_admin ? YES : NO;
}
if ($user->logged_in && $user->is_admin == false) {
$query = "select * from roles where id in " . "(select role_id from user_role where user_id=%d)";
if (($roles = $db->execute($query, $user->id)) === false) {
return false;
}
foreach ($roles as $role) {
$role = array_slice($role, 2);
foreach ($role as $page => $level) {
$level = (int) $level;
if ($user->is_admin && $level == NO) {
$level = YES;
}
if (isset($access_rights[$page]) == false) {
$access_rights[$page] = $level;
} else {
if ($access_rights[$page] < $level) {
$access_rights[$page] = $level;
}
}
}
}
}
/* Pages in database
*/
if (($pages = $db->execute("select * from pages")) === false) {
return false;
}
foreach ($pages as $page) {
$access_rights[ltrim($page["url"], "/")] = is_false($page["private"]) || $user->is_admin ? YES : NO;
}
if ($user->logged_in && $user->is_admin == false) {
$conditions = $rids = array();
foreach ($user->role_ids as $rid) {
array_push($conditions, "role_id=%d");
array_push($rids, $rid);
}
$query = "select p.url,a.level from pages p, page_access a " . "where p.id=a.page_id and (" . implode(" or ", $conditions) . ")";
if (($pages = $db->execute($query, $rids)) === false) {
return false;
}
foreach ($pages as $page) {
$url = ltrim($page["url"], "/");
if ($access_rights[$url] < $page["level"]) {
$access_rights[$url] = $page["level"];
}
}
}
return $access_rights;
}
function split_full_colname($fullColName, &$colName, &$colTable, &$colFunc)
{
$colName = "";
$colTable = "";
$colFunc = "";
// direct value ?
if (is_numeric($fullColName) || has_quotes($fullColName)) {
$colName = trim($fullColName);
return true;
}
if (!is_false($pos = strpos($fullColName, "("))) {
$colFunc = strtoupper(trim(substr($fullColName, 0, $pos)));
$fullColName = substr($fullColName, $pos + 1);
}
if (!is_false($pos = strpos($fullColName, ".")) && $colFunc != "EVAL") {
$colTable = substr($fullColName, 0, $pos);
$colName = substr($fullColName, $pos + 1);
} else {
$colName = $fullColName;
}
$colName = trim($colName);
if ($colFunc) {
if (last_char($colName) == ")") {
remove_last_char($colName);
} else {
print_error_msg(") expected after {$colName}!");
return false;
}
}
$colName = trim($colName);
$colTable = trim($colTable);
return true;
}
protected static function NOT_FALSE($var1)
{
return !is_false($var1) ? true : false;
}
function parseSelectQuery()
{
$colNames = array();
$colTables = array();
$colAliases = array();
$colFuncs = array();
$fieldValues = array();
$tables = array();
$tableAliases = array();
$groupColumns = array();
$orderColumns = array();
$orderTypes = array();
$where_expr = "";
$distinct = 0;
$joins = array();
// parse Distinct
if (strtoupper($this->peekNextElement()) == "DISTINCT") {
$distinct = 1;
$this->skipNextElement();
}
// parse Columns
$arrElements = array();
$colIndex = -1;
while ($this->parseNextElements(",", array("FROM"), $arrElements)) {
++$colIndex;
$colNames[$colIndex] = "";
$colTables[$colIndex] = "";
$colAliases[$colIndex] = "";
$colFuncs[$colIndex] = "";
// FUNC() | FUNC(col) | FUNC(table.col) | FUNC(col) AS alias | FUNC(table.col) AS alias | FUNC() AS alias
// function ?
if (count($arrElements) >= 3 && $arrElements[1] == "(") {
$colFuncs[$colIndex] = strtoupper($arrElements[0]);
// remove function from $arrElements
array_splice($arrElements, 0, 2);
$pos = array_search(")", $arrElements);
if (!is_false($pos) && !_is_null($pos)) {
array_splice($arrElements, $pos, 1);
}
}
// *empty array* | col | table.col | col AS alias | table.col AS alias | AS alias
// table ?
if (count($arrElements) >= 3 && $arrElements[1] == ".") {
$colTables[$colIndex] = $arrElements[0];
array_splice($arrElements, 0, 2);
}
// *empty array* | col | col AS alias | AS alias
// alias ?
if (count($arrElements) >= 3 && strtoupper($arrElements[1]) == "AS") {
$colAliases[$colIndex] = $arrElements[2];
array_splice($arrElements, 1, 2);
}
// *empty array* | col | AS alias
// alias on function without column
if (count($arrElements) >= 2 && strtoupper($arrElements[0]) == "AS") {
$colAliases[$colIndex] = $arrElements[1];
array_splice($arrElements, 0, 2);
}
// *empty array* | col
// column name ?
if (count($arrElements) >= 1) {
$colNames[$colIndex] = $arrElements[0];
array_splice($arrElements, 0, 1);
}
if (count($arrElements) > 0) {
$errStr = "Unexpected Element(s): ";
for ($i = 0; $i < count($arrElements); ++$i) {
$errStr .= $arrElements[$i] . " ";
}
print_error_msg($errStr);
return null;
}
}
// skip FROM
$this->skipNextElement();
// parse Tables
$arrElements = array();
$tableIndex = 0;
$joinIndex = 0;
while ($elem = $this->peekNextElement()) {
$elemUpper = strtoupper($elem);
if (in_array($elemUpper, array("GROUP", "WHERE", "ORDER", "LIMIT", ";"))) {
break;
}
if ($elemUpper == "AS") {
$this->skipNextElement();
$tableAliases[$tableIndex] = $this->parseNextElement();
continue;
}
if ($elemUpper == "LEFT") {
if (!isset($joins[$joinIndex])) {
$joins[$joinIndex] = new Join();
}
$joins[$joinIndex]->type = JOIN_LEFT;
$this->skipNextElement();
continue;
}
if ($elemUpper == "RIGHT") {
if (!isset($joins[$joinIndex])) {
$joins[$joinIndex] = new Join();
}
$joins[$joinIndex]->type = JOIN_RIGHT;
$this->skipNextElement();
continue;
}
if ($elemUpper == "INNER") {
if (!isset($joins[$joinIndex])) {
$joins[$joinIndex] = new Join();
}
$joins[$joinIndex]->type = JOIN_INNER;
$this->skipNextElement();
continue;
}
if ($elemUpper == "JOIN") {
if (!isset($joins[$joinIndex])) {
$joins[$joinIndex] = new Join();
}
$joins[$joinIndex]->leftTableIndex = $tableIndex;
$this->skipNextElement();
$tables[++$tableIndex] = $this->parseNextElement();
$tableAliases[$tableIndex] = "";
$joins[$joinIndex]->rightTableIndex = $tableIndex;
continue;
}
if ($elemUpper == "OUTER") {
$this->skipNextElement();
// ignore
continue;
}
if ($elemUpper == ",") {
++$tableIndex;
$this->skipNextElement();
continue;
}
if ($elemUpper == "ON") {
$exprElements = array();
$this->skipNextElement();
$this->parseNextElements("", array(",", "GROUP", "WHERE", "ORDER", "LIMIT", ";", "LEFT", "RIGHT", "INNER", "OUTER", "JOIN"), $exprElements);
foreach ($exprElements as $exprElem) {
// no spaces on .'s
if ($exprElem == ".") {
remove_last_char($joins[$joinIndex]->expr);
$joins[$joinIndex]->expr .= $exprElem;
} else {
$joins[$joinIndex]->expr .= $exprElem . " ";
}
}
$joinIndex++;
continue;
}
// if table is allready set its an alias without AS, else its the table name
if (isset($tables[$tableIndex])) {
$tableAliases[$tableIndex] = $elem;
$this->skipNextElement();
} else {
$tables[$tableIndex] = $elem;
$tableAliases[$tableIndex] = "";
$this->skipNextElement();
}
}
// parse Where statement (Raw, because the escape-chars are needend in the ExpressionParser)
if (strtoupper($this->peekNextElement()) == "WHERE") {
$this->skipNextElement();
while (!is_empty_str($elem = $this->peekNextElementRaw())) {
if (strtoupper($elem) == "GROUP" || strtoupper($elem) == "ORDER" || $elem == ";" || strtoupper($elem) == "LIMIT") {
break;
}
$this->skipNextElement();
// no " " on points
if ($elem == ".") {
remove_last_char($where_expr);
$where_expr .= $elem;
} else {
$where_expr .= $elem . " ";
}
}
}
debug_print("WHERE EXPR: {$where_expr}<br>");
// parse GROUP BY
$groupColumnIndex = 0;
if (strtoupper($this->peekNextElement()) == "GROUP") {
$this->skipNextElement();
if (strtoupper($this->parseNextElement()) != "BY") {
print_error_msg("BY expected");
return null;
}
while (!is_empty_str($elem = $this->peekNextElement())) {
if ($elem == ";" || strtoupper($elem) == "LIMIT" || strtoupper($elem) == "ORDER") {
break;
}
$this->skipNextElement();
if ($elem == ",") {
$groupColumnIndex++;
} else {
if (!isset($groupColumns[$groupColumnIndex])) {
$groupColumns[$groupColumnIndex] = $elem;
} else {
$groupColumns[$groupColumnIndex] .= $elem;
}
}
}
}
// parse ORDER BY
$orderColumnIndex = 0;
if (strtoupper($this->peekNextElement()) == "ORDER") {
$this->skipNextElement();
if (strtoupper($this->parseNextElement()) != "BY") {
print_error_msg("BY expected");
return null;
}
while (!is_empty_str($elem = $this->peekNextElement())) {
if ($elem == ";" || strtoupper($elem) == "LIMIT") {
break;
}
$this->skipNextElement();
if ($elem == ",") {
$orderColumnIndex++;
} else {
if (strtoupper($elem) == "ASC") {
$orderTypes[$orderColumnIndex] = ORDER_ASC;
} else {
if (strtoupper($elem) == "DESC") {
$orderTypes[$orderColumnIndex] = ORDER_DESC;
} else {
if (!isset($orderColumns[$orderColumnIndex])) {
$orderColumns[$orderColumnIndex] = $elem;
} else {
$orderColumns[$orderColumnIndex] .= $elem;
}
$orderTypes[$orderColumnIndex] = ORDER_ASC;
}
}
}
}
}
// parse LIMIT
$limit = array();
if (strtoupper($this->peekNextElement()) == "LIMIT") {
$this->skipNextElement();
while (!is_empty_str($elem = $this->peekNextElement())) {
if ($elem == ";") {
break;
}
$this->skipNextElement();
if ($elem != ",") {
$limit[] = $elem;
}
}
}
$sqlObj = new SqlQuery("SELECT", $colNames, $tables, $colAliases, $colTables, $where_expr, $groupColumns, $orderColumns, $orderTypes, $limit);
$sqlObj->tableAliases = $tableAliases;
$sqlObj->colFuncs = $colFuncs;
$sqlObj->distinct = $distinct;
$sqlObj->joins = $joins;
return $sqlObj;
}