lovd_showInfoTable('Can\'t uninstall LOVD - Uninstall lock in place.', 'warning');
$_T->printFooter();
exit;
}
if (!empty($_POST)) {
lovd_errorClean();
if (!isset($_GET['confirm'])) {
// Check password.
if (!lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
}
if (!lovd_error()) {
if (isset($_GET['confirm'])) {
// Check password.
if (!lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
if (!lovd_error()) {
// OK, uninstall the lot.
print ' <B>Uninstalling LOVD...</B><BR>' . "\n" . ' <BR>' . "\n\n";
require ROOT_PATH . 'class/progress_bar.php';
// This already puts the progress bar on the screen.
$_BAR = new ProgressBar('', 'Initiating removal of LOVD...');
$_T->printFooter(false);
// The false prevents the footer to actually close the <BODY> and <HTML> tags.
// Now we're still in the <BODY> so the progress bar can add <SCRIPT> tags as much as it wants.
flush();
// The reason to invert the tables is to handle all foreign key constraints nicely.
$aTables = array_reverse($_TABLES);
$nTables = count($aTables);
function checkFields($aData, $zData = false)
{
// Checks fields before submission of data.
global $_AUTH, $_SETT;
$aForm = $this->getForm();
$aFormInfo = array();
if ($aForm) {
$aFormInfo = $aForm[0];
if (!in_array($aFormInfo[0], array('GET', 'POST'))) {
// We're not working on a full form array, possibly an incomplete VOT form.
$aFormInfo = array('POST');
} else {
unset($aForm[0]);
}
} else {
// No form information available.
$aForm = array();
}
if (lovd_getProjectFile() != '/import.php') {
// Always mandatory... unless importing.
$this->aCheckMandatory[] = 'password';
}
$aHeaders = array();
// Validate form by looking at the form itself, and check what's needed.
foreach ($aForm as $aField) {
if (!is_array($aField)) {
// 'skip', 'hr', etc...
continue;
}
@(list($sHeader, $sHelp, $sType, $sName) = $aField);
if (lovd_getProjectFile() == '/import.php') {
// During import, we don't mention the field names how they appear on screen, but using their IDs which are used in the file.
$sHeader = $sName;
}
$aHeaders[$sName] = $sHeader;
// Trim() all fields. We don't want those spaces in the database anyway.
if (lovd_getProjectFile() != '/import.php' && isset($aData[$sName]) && !is_array($aData[$sName])) {
$GLOBALS['_' . $aFormInfo[0]][$sName] = trim($GLOBALS['_' . $aFormInfo[0]][$sName]);
$aData[$sName] = trim($aData[$sName]);
}
// Mandatory fields, as defined by child object.
if (in_array($sName, $this->aCheckMandatory) && (!isset($aData[$sName]) || $aData[$sName] === '')) {
lovd_errorAdd($sName, 'Please fill in the \'' . $sHeader . '\' field.');
}
if ($sType == 'select') {
if (!empty($aField[7])) {
// The browser fails to send value if selection list w/ multiple selection options is left empty.
// This is causing notices in the code.
if (!isset($aData[$sName])) {
$GLOBALS['_' . $aFormInfo[0]][$sName] = array();
$aData[$sName] = array();
}
}
// Simple check on non-custom columns (custom columns have their own function for this) to see if the given value is actually allowed.
// 0 is a valid entry for the check for mandatory fields, so we should also check if 0 is a valid entry in the selection list!
if (strpos($sName, '/') === false && isset($aData[$sName]) && $aData[$sName] !== '') {
$Val = $aData[$sName];
$aOptions = array_keys($aField[5]);
if (lovd_getProjectFile() == '/import.php' && !is_array($Val)) {
$Val = explode(';', $Val);
// Normally the form sends an array, but from the import I need to create an array.
} elseif (!is_array($Val)) {
$Val = array($Val);
}
foreach ($Val as $sValue) {
$sValue = trim($sValue);
// Trim whitespace from $sValue to ensure match independent of whitespace.
if (!in_array($sValue, $aOptions)) {
if (lovd_getProjectFile() == '/import.php') {
lovd_errorAdd($sName, 'Please select a valid entry from the \'' . $sHeader . '\' selection box, \'' . strip_tags($sValue) . '\' is not a valid value. Please choose from these options: \'' . implode('\', \'', $aOptions) . '\'.');
} else {
lovd_errorAdd($sName, 'Please select a valid entry from the \'' . $sHeader . '\' selection box, \'' . strip_tags($sValue) . '\' is not a valid value.');
}
}
}
}
} elseif ($sType == 'checkbox') {
// The browser fails to send value if checkbox is left empty.
// This is causing problems sometimes with MySQL, since INT
// columns can't receive an empty string if STRICT is on.
if (!isset($aData[$sName])) {
$GLOBALS['_' . $aFormInfo[0]][$sName] = 0;
$aData[$sName] = 0;
} elseif (!in_array($aData[$sName], array('0', '1'))) {
lovd_errorAdd($sName, 'The field \'' . $sHeader . '\' must contain either a \'0\' or a \'1\'.');
}
}
if ($sName == 'password') {
// Password is in the form, it must be checked. Assuming here that it is also considered mandatory.
if (!empty($aData['password']) && !lovd_verifyPassword($aData['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
}
}
// Check all fields that we receive for data type and maximum length.
// No longer to this through $aForm, because when importing,
// we do have data to check but no $aForm entry linked to it.
foreach ($aData as $sFieldname => $sFieldvalue) {
if (!is_string($sFieldvalue)) {
// Checks below currently do not handle non-string values.
continue;
}
$sNameClean = preg_replace('/^\\d{' . $_SETT['objectid_length']['transcripts'] . '}_/', '', $sFieldname);
// Remove prefix (transcriptid) that LOVD_TranscriptVariants puts there.
if (isset($aHeaders[$sFieldname])) {
$sHeader = $aHeaders[$sFieldname];
} else {
$sHeader = $sFieldname;
}
// Checking free text fields for max length, data types, etc.
if ($sMySQLType = lovd_getColumnType(constant($this->sTable), $sNameClean)) {
// FIXME; we're assuming here, that $sName equals the database name. Which is true in probably most/every case, but even so...
// FIXME; select fields might also benefit from having this check (especially for import).
// Check max length.
$nMaxLength = lovd_getColumnLength(constant($this->sTable), $sNameClean);
if (!empty($sFieldvalue)) {
// For numerical columns, maxlength works differently!
if (in_array($sMySQLType, array('DECIMAL', 'DECIMAL_UNSIGNED', 'FLOAT', 'FLOAT_UNSIGNED', 'INT', 'INT_UNSIGNED'))) {
// SIGNED cols: negative values.
if (in_array($sMySQLType, array('DECIMAL', 'INT')) && (int) $sFieldvalue < (int) ('-' . str_repeat('9', $nMaxLength))) {
lovd_errorAdd($sFieldname, 'The \'' . $sHeader . '\' field is limited to numbers no lower than -' . str_repeat('9', $nMaxLength) . '.');
}
// ALL numerical cols (except floats): positive values.
if (substr($sMySQLType, 0, 5) != 'FLOAT' && (int) $sFieldvalue > (int) str_repeat('9', $nMaxLength)) {
lovd_errorAdd($sFieldname, 'The \'' . $sHeader . '\' field is limited to numbers no higher than ' . str_repeat('9', $nMaxLength) . '.');
}
} elseif (strlen($sFieldvalue) > $nMaxLength) {
lovd_errorAdd($sFieldname, 'The \'' . $sHeader . '\' field is limited to ' . $nMaxLength . ' characters, you entered ' . strlen($sFieldvalue) . '.');
}
}
// Check data type.
if (!empty($sFieldvalue)) {
switch ($sMySQLType) {
case 'DATE':
if (!lovd_matchDate($sFieldvalue)) {
lovd_errorAdd($sFieldname, 'The field \'' . $sHeader . '\' must contain a date in the format YYYY-MM-DD, "' . htmlspecialchars($sFieldvalue) . '" does not match.');
}
break;
case 'DATETIME':
if (!preg_match('/^[0-9]{4}[.\\/-][0-9]{2}[.\\/-][0-9]{2}( [0-9]{2}\\:[0-9]{2}\\:[0-9]{2})?$/', $sFieldvalue)) {
lovd_errorAdd($sFieldname, 'The field \'' . $sHeader . '\' must contain a date, possibly including a time, in the format YYYY-MM-DD HH:MM:SS, "' . htmlspecialchars($sFieldvalue) . '" does not match.');
}
break;
case 'DECIMAL':
case 'DECIMAL_UNSIGNED':
case 'FLOAT':
case 'FLOAT_UNSIGNED':
if (!is_numeric($sFieldvalue) || substr($sMySQLType, -8) == 'UNSIGNED' && $sFieldvalue < 0) {
lovd_errorAdd($sFieldname, 'The field \'' . $sHeader . '\' must contain a' . (substr($sMySQLType, -8) != 'UNSIGNED' ? '' : ' positive') . ' number, "' . htmlspecialchars($sFieldvalue) . '" does not match.');
}
break;
case 'INT':
case 'INT_UNSIGNED':
if (!preg_match('/^' . ($sMySQLType != 'INT' ? '' : '\\-?') . '[0-9]*$/', $sFieldvalue)) {
lovd_errorAdd($sFieldname, 'The field \'' . $sHeader . '\' must contain a' . ($sMySQLType == 'INT' ? 'n' : ' positive') . ' integer, "' . htmlspecialchars($sFieldvalue) . '" does not match.');
}
break;
}
}
}
}
return $aData;
}
$_SESSION['password_force_change'] = true;
}
// Check if referer is given, check it, then forward the user.
if (!empty($_POST['referer'])) {
// Location is within this LOVD installation.
$sLocation = $_POST['referer'];
} else {
// Redirect to proper location will be done somewhere else in this code.
$sLocation = lovd_getInstallURL() . 'login';
}
header('Location: ' . $sLocation);
exit;
}
}
// The bad logins end up here!
if (!$zUser || !lovd_error() && !lovd_verifyPassword($_POST['password'], $zUser['password'])) {
lovd_writeLog('Auth', 'AuthError', $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') tried logging in using ' . $_POST['username'] . '/' . str_repeat('*', strlen($_POST['password'])));
lovd_errorAdd('', 'Invalid Username/Password combination.');
// This may not actually update (user misspelled his username) but we can call the query anyway.
if ($_CONF['lock_users']) {
$_DB->query('UPDATE ' . TABLE_USERS . ' SET login_attempts = login_attempts + 1 WHERE username = ? AND level < ' . LEVEL_ADMIN, array($_POST['username']), false);
}
// Check if the user is locked, now.
if ($zUser && $zUser['login_attempts'] >= 3 - 1) {
lovd_errorAdd('password', 'Your account is now locked, since this is the third time a wrong password was provided.');
}
// The "Forgot my password" option.
if ($_CONF['allow_unlock_accounts']) {
lovd_errorAdd('', 'Did you <A href="reset_password">forget your password</A>?');
}
}
// Of the selected persons, at least one should be shown AND able to edit!
$bCurator = false;
foreach ($_POST['curators'] as $nUserID) {
if (in_array($nUserID, $_POST['allow_edit']) && in_array($nUserID, $_POST['shown'])) {
$bCurator = true;
break;
}
}
if (!$bCurator) {
lovd_errorAdd('', 'Please select at least one curator that is allowed to edit <I>and</I> is shown on the gene home page!');
}
}
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
} elseif ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
// User had to enter his/her password for authorization.
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
} else {
// MUST select at least one visible curator!
if (empty($_POST['curators']) || empty($_POST['shown'])) {
lovd_errorAdd('', 'Please select at least one curator to be shown on the gene home page!');
}
}
if (!lovd_error()) {
// What's by far the most efficient code-wise is just insert/update all we've got and delete everything else.
// Prepare log for changes.
// (depends on current database status, so we create the log message before
// the changes are committed, but log the actual message afterwards).
$sLogMessage = lovd_prepareCuratorLogMessage($sID, $_POST['curators'], $_POST['allow_edit'], $_POST['shown']);
}
}
if (FORMAT == 'text/plain' && !defined('FORMAT_ALLOW_TEXTPLAIN')) {
die(AJAX_NO_AUTH);
}
$sFile = ROOT_PATH . 'class/object_' . strtolower($sObject) . 's.php';
if (!file_exists($sFile)) {
header('HTTP/1.0 404 Not Found');
exit;
}
require $sFile;
$sObjectClassname = 'LOVD_' . str_replace('_', '', $sObject);
$_DATA = new $sObjectClassname($sObjectID, $nID);
if (POST && ACTION == 'applyFR') {
// Apply find & replace.
if ($_AUTH['level'] < LEVEL_CURATOR || !isset($_POST['password']) || !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
// Not authorized for find & replace.
die(AJAX_NO_AUTH);
}
$aFROptions['sFRMatchType'] = isset($_POST['FRMatchType_' . $sViewListID]) ? $_POST['FRMatchType_' . $sViewListID] : null;
$aFROptions['bFRReplaceAll'] = isset($_POST['FRReplaceAll_' . $sViewListID]) ? $_POST['FRReplaceAll_' . $sViewListID] : null;
if (!isset($_POST['FRFieldname_' . $sViewListID]) || !isset($_POST['FRSearch_' . $sViewListID]) || !isset($_POST['FRReplace_' . $sViewListID])) {
die(AJAX_DATA_ERROR);
}
// Setup search filters before applying find & replace.
list($WHERE, $HAVING, $aArguments, $aBadSyntaxColumns, $aColTypes) = $_DATA->processViewListSearchArgs($_POST);
// Update where/having clauses based on search filters (needed for LOVD_Object->buildSQL()).
if ($WHERE) {
$_DATA->aSQLViewList['WHERE'] .= ($_DATA->aSQLViewList['WHERE'] ? ' AND ' : '') . $WHERE;
}
if ($HAVING) {
