// Load appropriate user level for this disease.
lovd_isAuthorized('disease', $nID);
// This call will make database queries if necessary.
lovd_requireAUTH(LEVEL_CURATOR);
$sUnit = 'disease';
$sCategory = 'Phenotype';
if (POST) {
$_DB->beginTransaction();
foreach ($_POST['columns'] as $nOrder => $sColID) {
$nOrder++;
// Since 0 is the first key in the array.
$_DB->query('UPDATE ' . TABLE_SHARED_COLS . ' SET col_order = ? WHERE ' . $sUnit . 'id = ? AND colid = ?', array($nOrder, $nID, $sCategory . '/' . $sColID));
}
$_DB->commit();
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Updated the column order for ' . $sUnit . ' ' . $nID);
// Thank the user...
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully updated the column order for ' . $sUnit . ' ' . $nID . '!', 'success');
if (isset($_GET['in_window'])) {
// We're in a new window, refresh opener en close window.
print ' <SCRIPT type="text/javascript">setTimeout(\'opener.location.reload();self.close();\', 1000);</SCRIPT>' . "\n\n";
} else {
print ' <SCRIPT type="text/javascript">setTimeout(\'window.location.href=\\\'' . lovd_getInstallURL() . $_PE[0] . '/' . $nID . '\\\';\', 1000);</SCRIPT>' . "\n\n";
}
$_T->printFooter();
exit;
}
$_T->printHeader();
$_T->printTitle();
$_STAT['update_checked_date'] = $sNow;
$_STAT['update_version'] = 'Error';
$_STAT['update_released_date'] = '';
$_STAT['update_level'] = 0;
$_STAT['update_description'] = '';
} elseif (preg_match('/^Package\\s*:\\s*LOVD\\nVersion\\s*:\\s*([1-9]\\.[0-9](\\.[0-9])?\\-([0-9a-z-]{2,11}))(\\nReleased\\s*:\\s*([0-9]{4}\\-[0-9]{2}\\-[0-9]{2}))?\\nPriority\\s*:\\s*([0-9])\\nDescription\\s*:\\s*(.+)$/s', $sUpdates, $aUpdates) && is_array($aUpdates)) {
// Now update the database - new version detected.
$_DB->query('UPDATE ' . TABLE_STATUS . ' SET update_checked_date = ?, update_version = ?, update_level = ?, update_description = ?, update_released_date = ?', array($sNow, $aUpdates[1], $aUpdates[6], $aUpdates[7], $aUpdates[5]));
$_STAT['update_checked_date'] = $sNow;
$_STAT['update_version'] = $aUpdates[1];
$_STAT['update_released_date'] = $aUpdates[5];
$_STAT['update_level'] = $aUpdates[6];
$_STAT['update_description'] = rtrim($aUpdates[7]);
} else {
// Error during update check.
lovd_writeLog('Error', 'CheckUpdate', 'Could not parse upstream server output:' . "\n" . $sUpdates);
$_DB->query('UPDATE ' . TABLE_STATUS . ' SET update_checked_date = ?, update_version = "Error", update_level = 0, update_description = "", update_released_date = NULL', array($sNow));
$_STAT['update_checked_date'] = $sNow;
$_STAT['update_version'] = 'Error';
$_STAT['update_released_date'] = '';
$_STAT['update_level'] = 0;
$_STAT['update_description'] = '';
}
}
// Process...
if ($_STAT['update_version'] == 'Error') {
$sType = 'error';
$sMessage = 'An error occured while checking for updates. For more information, see the error log. Please try again later.';
} elseif (lovd_calculateVersion($_STAT['update_version']) > lovd_calculateVersion($_SETT['system']['version'])) {
$sType = 'newer';
$sMessage = 'There is an update to LOVD available. More information is below.<BR>' . "\n" . '<B>Latest version</B>: ' . $_STAT['update_version'] . '<BR>' . "\n" . '<B>Release date</B>: ' . $_STAT['update_released_date'] . '<BR>' . "\n" . '<B>Priority level</B>: ' . $_SETT['update_levels'][$_STAT['update_level']] . '<BR>' . "\n" . '<B>Release info</B>: ' . str_replace("\n", '<BR>', $_STAT['update_description']) . '<BR>' . "\n" . '<B>Download</B>: <A href="' . dirname($_SETT['update_URL']) . '/download.php?version=' . $_STAT['update_version'] . '&type=tar.gz">GZIPped TARball</A> or <A href="' . dirname($_SETT['update_URL']) . '/download.php?version=' . $_STAT['update_version'] . '&type=zip">ZIP archive</A><BR>' . "\n" . '<A href="' . $_SETT['upstream_URL'] . $_SETT['system']['tree'] . '/changelog.txt" target="_blank">See the changelog</A>' . "\n";
$_DB->query('INSERT INTO ' . TABLE_CURATES . ' VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE allow_edit = VALUES(allow_edit), show_order = VALUES(show_order)', array($nUserID, $sID, (int) in_array($nUserID, $_POST['allow_edit']), in_array($nUserID, $_POST['shown']) ? $nOrder : 0));
// FIXME; Without detailed user info we can't include elaborate logging. Would we want that anyway?
// We could rapport things here more specifically because MySQL can tell us if there has been an update (2) or an insert (1) or nothing changed (0).
} else {
// Just sort and update visibility!
$_DB->query('UPDATE ' . TABLE_CURATES . ' SET show_order = ? WHERE geneid = ? AND userid = ?', array(in_array($nUserID, $_POST['shown']) ? $nOrder : 0, $sID, $nUserID));
}
}
if (ACTION == 'authorize') {
// Now everybody should be updated. Remove whoever should no longer be in there.
$_DB->query('DELETE FROM c USING ' . TABLE_CURATES . ' AS c, ' . TABLE_USERS . ' AS u WHERE c.userid = u.id AND c.geneid = ? AND c.userid NOT IN (?' . str_repeat(', ?', count($_POST['curators']) - 1) . ') AND (u.level < ? OR u.id = ?)', array_merge(array($sID), $_POST['curators'], array($_AUTH['level'], $_AUTH['id'])));
}
// If we get here, it all succeeded.
$_DB->commit();
// Write to log...
lovd_writeLog('Event', LOG_EVENT, $sLogMessage);
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0] . '/' . $sID);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully updated the curator list!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password fields!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
// Now, build $aCurators, which contains info about the curators currently selected (from DB or, if available, POST!).
$zData = $_DATA->loadEntry($nID);
require ROOT_PATH . 'inc-lib-form.php';
if (!empty($_POST)) {
lovd_errorClean();
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
}
// User had to enter his/her password for authorization.
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
if (!lovd_error()) {
$_DATA->deleteEntry($nID);
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Deleted announcement ' . $nID . ' (' . $zData['type'] . ') - ' . lovd_shortenString(strip_tags($zData['announcement']), 150));
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully deleted the announcement!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password fields!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
function lovd_emailError($sErrorCode, $sSubject, $sTo, $bHalt = false)
{
// Formats email errors for the error log, and optionally halts the system.
// Format the error message.
// FIXME; Kan makkelijker??? // Een str_replace() zou ook wel werken... Deze code staat op minimaal 3 plaatsen.
$sError = preg_replace('/^' . preg_quote(rtrim(lovd_getInstallURL(false), '/'), '/') . '/', '', $_SERVER['REQUEST_URI']) . ' returned error in code block ' . $sErrorCode . '.' . "\n" . 'Error : Couldn\'t send a mail with subject "' . $sSubject . '" to ' . $sTo;
// If the system needs to be halted, send it through to lovd_displayError() who will print it on the screen,
// write it to the system log, and halt the system. Otherwise, just log it to the database.
if ($bHalt) {
lovd_displayError('SendMail', $sError);
} else {
lovd_writeLog('Error', 'SendMail', $sError);
}
}
function getRowCountForViewList($aSQL, $aArgs = array(), $bDebug = false)
{
// Attempt to speed up the "counting" part of the VL queries.
// ViewList queries are counting the number of total hits using the
// MySQL extension SQL_CALC_FOUND_ROWS. This works well for queries
// sorted on non-indexed fields, where the query itself also requires a
// full scan through the results. However,for queries that are normally
// fast when LIMITed, this slows down the query a lot.
// This function here will attempt to reduce the given query to a simple
// SELECT COUNT(*) statement with as few joins as needed, resulting in
// an as fast query as possible.
// The $bDebug argument lets this function just return the SQL that is produced.
global $_DB, $_INI;
// If we don't have a HAVING clause, we can simply drop the SELECT information.
$aColumnsNeeded = array();
$aTablesNeeded = array();
if (!$aSQL['GROUP_BY'] && !$aSQL['HAVING'] && !$aSQL['ORDER_BY']) {
$aSQL['SELECT'] = '';
} else {
if ($aSQL['GROUP_BY']) {
// We do have GROUP BY... We'll need to keep only the columns in the SELECT that are aliases,
// but non-alias columns that are used for grouping must also be kept in the JOIN!
// Parse GROUP BY! Can be a mix of real columns and aliases.
if (preg_match_all('/\\b(?:(\\w+)\\.)?(\\w+)\\b/', $aSQL['GROUP_BY'], $aRegs)) {
// This code is the same as for the ORDER BY parsing.
for ($i = 0; $i < count($aRegs[0]); $i++) {
// 1: table referred to (real columns without alias only);
// 2: alias, or column name in given table.
if ($aRegs[1][$i]) {
// Real table. We don't need this in the SELECT unless it's also in the HAVING, but we definitely need this in the JOIN.
$aTablesNeeded[] = $aRegs[1][$i];
} elseif ($aRegs[2][$i]) {
// Alias only. Keep this column for the SELECT. When parsing the SELECT, we'll find out from which table(s) it is.
$aColumnsNeeded[] = $aRegs[2][$i];
}
}
}
}
if ($aSQL['HAVING']) {
// We do have HAVING, so now we'll have to see what we need to keep, the rest we toss out.
// Parse HAVING! These are no fields directly from tables, but all aliases, so this parsing is different from parsing WHERE.
// We don't care about AND/OR or anything... we just want the aliases.
if (preg_match_all('/\\b(\\w+)\\s(?:[!><=]+|IS (?:NOT )?NULL|LIKE )/', $aSQL['HAVING'], $aRegs)) {
$aColumnsNeeded = array_merge($aColumnsNeeded, $aRegs[1]);
}
}
if ($aSQL['ORDER_BY']) {
// We do have ORDER BY... We'll need to keep only the columns in the SELECT that are aliases,
// but non-alias columns that are used for sorting must also be kept in the JOIN!
// Parse ORDER BY! Can be a mix of real columns and aliases.
// Adding a comma in the end, so we can use a simpler pattern that always ends with one.
// FIXME: Wait, why are we parsing the ORDER_BY??? We can just drop it... and drop the cols which it uses... right?
if (false && preg_match_all('/\\b(?:(\\w+)\\.)?(\\w+)(?:\\s(?:ASC|DESC))?,/', $aSQL['ORDER_BY'] . ',', $aRegs)) {
// This code is the same as for the GROUP BY parsing.
for ($i = 0; $i < count($aRegs[0]); $i++) {
// 1: table referred to (real columns without alias only);
// 2: alias, or column name in given table.
if ($aRegs[1][$i]) {
// Real table. We don't need this in the SELECT unless it's also in the HAVING, but we definitely need this in the JOIN.
$aTablesNeeded[] = $aRegs[1][$i];
} elseif ($aRegs[2][$i]) {
// Alias only. Keep this column for the SELECT. When parsing the SELECT, we'll find out from which table it is.
$aColumnsNeeded[] = $aRegs[2][$i];
}
}
}
// We never need an ORDER BY to get the number of results, so...
$aSQL['ORDER_BY'] = '';
}
}
$aColumnsNeeded = array_unique($aColumnsNeeded);
if (!$aColumnsNeeded) {
$aSQL['SELECT'] = '';
}
// Now that we know which columns we should keep, we can parse the SELECT clause to see what we can remove.
$aColumnsUsed = array();
// Will contain limited information on the columns defined in the SELECT syntax.
if ($aSQL['SELECT'] && $aColumnsNeeded) {
// Analyzing the SELECT. This is quite difficult as we can have simple SELECTs but also really complicated ones,
// such as GROUP_CONCAT() or subselects. These should all be parsed and needed tables should be identified.
// t.* || t.col [t.col || "value" || (t.col ... val) || FUNCTION() || CASE ... END] AS alias
if (preg_match_all('/(([a-z0-9_]+)\\.(?:\\*|[a-z0-9_]+)|(?:(?:([a-z0-9_]+)\\.[a-z0-9_]+|".*"|[A-Z_]*\\(.+\\)|CASE .+ END) AS +([a-z0-9_]+|`[A-Za-z0-9_\\/]+`)))(?:,|$)/U', $aSQL['SELECT'], $aRegs)) {
for ($i = 0; $i < count($aRegs[0]); $i++) {
// First we'll store the column information, later we'll loop though it to see which tables they refer to.
// 1: entire SELECT string incl. possible alias;
// 2: table referred to (fields without alias only);
// 3: table referred to (simple fields with alias only);
// 4: alias, if present.
// Try to see which table(s) is/are used here.
$aTables = array();
$sTable = $aRegs[2][$i] ? $aRegs[2][$i] : $aRegs[3][$i];
if ($sTable) {
$aTables[] = $sTable;
} else {
// OK, this was no simple SELECT string. This was GROUP_CONCAT, COUNT() or similar.
// Especially (GROUP_)CONCAT can contain quite some different columns and even tables.
// Analyzing the field definition... We don't care about its structure or anything... we just want tables.
// There should *always* be table aliases, so it's going to be easy.
// With subqueries however, this will fail a bit. It will find table aliases that may be of tables in the subquery.
// However, in the worst case scenario it will keep tables that are not necessary to be kept.
if (preg_match_all('/\\b(\\w+)\\.(?:`|[A-Za-z]|\\*)/', $aRegs[1][$i], $aRegsTables)) {
$aTables = array_unique($aRegsTables[1]);
}
}
// Key: alias or, when not available, the SELECT statement (table.col).
$aColumnsUsed[$aRegs[4][$i] ? $aRegs[4][$i] : $aRegs[1][$i]] = array('SQL' => $aRegs[1][$i], 'tables' => $aTables);
// We don't need more info anyway.
}
}
// Now, loop the parsed columns, check which fields are needed, rebuild the SELECT statement, and store which tables will be needed.
$aSQL['SELECT'] = '';
foreach ($aColumnsUsed as $sCol => $aCol) {
if (in_array($sCol, $aColumnsNeeded)) {
$aSQL['SELECT'] .= (!$aSQL['SELECT'] ? '' : ', ') . $aCol['SQL'];
$aTablesNeeded = array_merge($aTablesNeeded, $aCol['tables']);
}
}
}
// Analyzing the WHERE... We don't care about AND/OR or anything... we just want tables.
// WHERE clauses *always* contain the table aliases, so it's going to be easy.
if (preg_match_all('/\\b(\\w+)\\.(?:`|[A-Za-z])/', $aSQL['WHERE'], $aRegs)) {
$aTablesNeeded = array_merge($aTablesNeeded, $aRegs[1]);
}
// When we're running filters on the custom columns, we never use a table alias,
// because we don't know where the column comes from.
// To solve this, we must parse the column and fetch the used alias from the query.
// We're specifically looking for custom columns *not* prefixed by a table alias.
if (preg_match_all('/[^.](?:`(\\w+)\\/[A-Za-z0-9_\\/]+`)/', $aSQL['WHERE'], $aRegs)) {
// To not reproduce code, we'll use lovd_getTableInfoByCategory().
// Loop columns and find tables.
foreach ($aRegs[1] as $sCategory) {
$aTableInfo = lovd_getTableInfoByCategory($sCategory);
if (isset($aTableInfo['table_sql']) && preg_match_all('/' . $aTableInfo['table_sql'] . ' AS (\\w+)\\b/i', $aSQL['FROM'], $aRegsTables)) {
$aTablesNeeded = array_merge($aTablesNeeded, $aRegsTables[1]);
} else {
// OK, this really shouldn't happen. Either the column wasn't a
// category we recognized, or the SQL was too complicated?
// Let's log this.
lovd_writeLog('Error', 'LOVD-Lib', 'LOVD_Object::getRowCountForViewList() - Function identified custom column category ' . $sCategory . ', but couldn\'t find corresponding table alias in query.' . "\n" . 'URL: ' . preg_replace('/^' . preg_quote(rtrim(lovd_getInstallURL(false), '/'), '/') . '/', '', $_SERVER['REQUEST_URI']) . "\n" . 'From: ' . $aSQL['FROM']);
}
}
}
$aTablesNeeded = array_unique($aTablesNeeded);
// Now, SELECT should be as small as possible. What's left in the SELECT is needed.
// See which tables we can't remove from the JOIN because they're in SELECT, or because they're in the WHERE.
// (INNER JOINs will never be removed).
// Now shorten the JOIN as much as possible!
// Tables *always* use aliases so we'll just search for those.
// While matching, we add a space before the FROM so that we can match the first table as well, but it won't have a JOIN statement captured.
$aTablesUsed = array();
if (preg_match_all('/\\s?((?:LEFT(?: OUTER)?|INNER) JOIN)?\\s(' . preg_quote(TABLEPREFIX, '/') . '_[a-z0-9_]+) AS ([a-z0-9]+)\\s/', ' ' . $aSQL['FROM'], $aRegs)) {
for ($i = 0; $i < count($aRegs[0]); $i++) {
// 1: JOIN syntax;
// 2: full table name;
// 3: table alias.
$aTablesUsed[$aRegs[3][$i]] = array('name' => $aRegs[2][$i], 'join' => $aRegs[1][$i]);
}
}
// Loop these tables in reverse, and remove JOINs as much as possible!
foreach (array_reverse(array_keys($aTablesUsed)) as $sTableAlias) {
if (!$aTablesUsed[$sTableAlias]['join'] || in_array($sTableAlias, $aTablesNeeded)) {
// We've reached a table that we need, abort now.
break;
// FIXME: Actually, it's possible that more tables can be left out, although in most cases we're really done now.
// To find out, we'd actually need to analyze which tables we're joining together.
}
// OK, this table is not needed. Get rid of it.
if ($aTablesUsed[$sTableAlias]['join'] != 'INNER JOIN' && ($nPosition = strrpos($aSQL['FROM'], $aTablesUsed[$sTableAlias]['join'])) !== false) {
$aSQL['FROM'] = rtrim(substr($aSQL['FROM'], 0, $nPosition));
unset($aTablesUsed[$sTableAlias]);
}
}
// If we have no SELECT left, we can surely do a simple SELECT COUNT(*) FROM ... or
// a SELECT COUNT(*) FROM (SELECT ...)A. We can't do a simple SELECT COUNT(*) if
// we have a GROUP_BY, because it will separate the counts.
// In case we still have a SELECT, and we create a subquery while the
// SELECT has double columns (happens rarely), we get a query error. In
// that case we could drop the first column's declaration, or otherwise
// keep using the SQL_CALC_FOUND_ROWS().
// For now, we'll just take our chances. If this query will fail, LOVD
// will fall back on the original SQL_CALC_FOUND_ROWS() method.
$bInSubQuery = false;
if (!$aSQL['SELECT']) {
// If we just have one table left, we might be able to drop the GROUP BY.
// If so, we can use a simple COUNT(*) query instead of a nested one.
// In 99%, if not all, of the cases we can just drop the GROUP BY since
// we "always" put it on the first table's ID, but just to be sure:
if (count($aTablesUsed) == 1 && $aSQL['GROUP_BY'] == current(array_keys($aTablesUsed)) . '.id') {
// Using one table, and grouping on its ID.
$aSQL['GROUP_BY'] = '';
}
if (!$aSQL['GROUP_BY']) {
// Simple SELECT COUNT(*) FROM ...
$aSQL['SELECT'] = 'COUNT(*)';
} else {
// We'll have to create a bigger query around this...
// We'll build that query in the end.
$bInSubQuery = true;
$aSQL['SELECT'] = '1';
}
} else {
// SELECT is left (meaning we had a HAVING), we have to use a subquery!
$bInSubQuery = true;
}
// Delete LIMIT, we don't want that anymore...
$aSQL['LIMIT'] = '';
$sSQLOut = $this->buildSQL($aSQL);
// Now, build the subquery if we need it.
if ($bInSubQuery) {
$sSQLOut = 'SELECT COUNT(*) FROM (' . $sSQLOut . ')A';
}
if ($bDebug) {
return $sSQLOut;
}
// Run the query, fetch the result and return.
// We'll return false when we failed.
$nCount = false;
$qCount = $_DB->query($sSQLOut, $aArgs, false);
if ($qCount !== false) {
$nCount = $qCount->fetchColumn();
}
if ($nCount === false) {
// We failed, log this. Actually, why aren't query errors logged if they're not fatal?
lovd_queryError('QueryOptimizer', $sSQLOut, 'Error in ' . __FUNCTION__ . '() while executing optimized query.', false);
// As a fallback, use SQL_CALC_FOUND_ROWS() for MySQL instances, or
// a count() on a full result set otherwise. The latter is super
// inefficient, and only meant for small SQLite databases.
if ($_INI['database']['driver'] == 'mysql') {
$this->aSQLViewList['SELECT'] = 'SQL_CALC_FOUND_ROWS ' . $this->aSQLViewList['SELECT'];
$this->aSQLViewList['LIMIT'] = '0';
$_DB->query($this->buildSQL($this->aSQLViewList), $aArgs);
$nCount = $_DB->query('SELECT FOUND_ROWS()')->fetchColumn();
} else {
// Super inefficient, only for low-volume (sqlite) databases!
$nCount = count($_DB->query($this->buildSQL($this->aSQLViewList), $aArgs)->fetchAllColumn());
}
}
return $nCount;
}
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
if (!lovd_error()) {
// Get genes which are modified before we delete the entry.
// Only when phenotype, individual and variant are marked or public.
if ($zData['statusid'] >= STATUS_MARKED) {
$aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t ' . 'INNER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) ' . 'INNER JOIN ' . TABLE_VARIANTS . ' AS vog ON (vog.id = vot.id) ' . 'INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (s2v.variantid = vog.id) ' . 'INNER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s.id = s2v.screeningid) ' . 'INNER JOIN ' . TABLE_INDIVIDUALS . ' AS i ON (i.id = s.individualid) ' . 'INNER JOIN ' . TABLE_PHENOTYPES . ' AS p ON (p.individualid = i.id) ' . 'WHERE vog.statusid >= ? AND i.statusid >= ? AND p.id = ?', array(STATUS_MARKED, STATUS_MARKED, $nID))->fetchAllColumn();
}
$_DATA->deleteEntry($nID);
if ($zData['statusid'] >= STATUS_MARKED && $aGenes) {
// Change updated date for genes.
lovd_setUpdatedDate($aGenes);
}
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Deleted phenotype information entry ' . $nID . ' (Owner: ' . $zData['owner'] . ')');
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . 'individuals/' . $zData['individualid']);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully deleted the phenotype information entry!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password fields!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
// Wrong ID, apparently.
// FIXME: This function and its use is a bit messy.
lovd_showPageAccessDenied(null, PAGE_TITLE, 'No such ID!');
exit;
} elseif ($zData['locked'] && ACTION == 'lock' || !$zData['locked'] && ACTION == 'unlock') {
// Can't unlock someone that is not locked or lock someone that is already locked.
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('User is already ' . ACTION . 'ed!', 'stop');
$_T->printFooter();
exit;
}
// The actual query.
$_DB->query('UPDATE ' . TABLE_USERS . ' SET login_attempts = ' . ($zData['locked'] ? 0 : 3) . ' WHERE id = ?', array($nID));
// Write to log...
lovd_writeLog('Event', LOG_EVENT, ucfirst(ACTION) . 'ed user ' . $nID . ' - ' . $zData['username'] . ' (' . $zData['name'] . ') - with level ' . $_SETT['user_levels'][$zData['level']]);
// Return the user where they came from.
header('Refresh: 0; url=' . lovd_getInstallURL() . CURRENT_PATH);
exit;
}
if (PATH_COUNT == 2 && ctype_digit($_PE[1]) && ACTION == 'submissions') {
// URL: /users/00001?submissions
// Manage unfinished submissions
$nID = sprintf('%05d', $_PE[1]);
define('PAGE_TITLE', 'Manage unfinished submissions for user #' . $nID);
$_T->printHeader();
$_T->printTitle();
if ($_AUTH && $_AUTH['id'] == $nID) {
// Require submitter clearance.
lovd_requireAUTH();
lovd_showInfoTable('Below are lists of your unfinished submissions', 'information');
if (count($aOutput)) {
$_DB->query('DELETE vog FROM ' . TABLE_VARIANTS . ' AS vog INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (vog.id = s2v.variantid) WHERE s2v.screeningid IN (?' . str_repeat(', ?', count($aOutput) - 1) . ')', $aOutput);
}
}
// Get genes which are modified only when individual and variant status is marked or public.
if ($_POST['statusid'] >= STATUS_MARKED) {
$aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t ' . 'INNER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) ' . 'INNER JOIN ' . TABLE_VARIANTS . ' AS vog ON (vog.id = vot.id) ' . 'INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (s2v.variantid = vog.id) ' . 'INNER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s.id = s2v.screeningid) ' . 'WHERE vog.statusid >= ? AND s.individualid = ?', array(STATUS_MARKED, $nID))->fetchAllColumn();
}
$_DATA->deleteEntry($nID);
if ($_POST['statusid'] >= STATUS_MARKED && $aGenes) {
// Change updated date for genes.
lovd_setUpdatedDate($aGenes);
}
$_DB->commit();
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Deleted individual information entry ' . $nID . ' (Owner: ' . $zData['owner'] . ')');
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully deleted the individual information entry!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password field!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
function lovd_soapError($e, $bHalt = true)
{
// Formats SOAP errors for the error log, and optionally halts the system.
if (!is_object($e)) {
return false;
}
// Try to detect if arguments have been passed, and isolate them from the stacktrace.
$sMethod = '';
$sArgs = '';
foreach ($e->getTrace() as $aTrace) {
if (isset($aTrace['function']) && $aTrace['function'] == '__call') {
// This is the low level SOAP call. Isolate used method and arguments from here.
list($sMethod, $aArgs) = $aTrace['args'];
if ($aArgs && is_array($aArgs) && isset($aArgs[0])) {
$aArgs = $aArgs[0];
// Not sure why the call's argument are in a sub array, but oh, well.
foreach ($aArgs as $sArg => $sValue) {
$sArgs .= (!$sArgs ? '' : "\n") . "\t\t" . $sArg . ':' . $sValue;
}
}
break;
}
}
// Format the error message.
$sError = preg_replace('/^' . preg_quote(rtrim(lovd_getInstallURL(false), '/'), '/') . '/', '', $_SERVER['REQUEST_URI']) . ' returned error in module \'' . $sMethod . '\'.' . "\n" . (!$sArgs ? '' : 'Arguments:' . "\n" . $sArgs . "\n") . 'Error message:' . "\n" . str_replace("\n", "\n\t\t", $e->__toString());
// If the system needs to be halted, send it through to lovd_displayError() who will print it on the screen,
// write it to the system log, and halt the system. Otherwise, just log it to the database.
if ($bHalt) {
return lovd_displayError('SOAP', $sError);
} else {
return lovd_writeLog('Error', 'SOAP', $sError);
}
}
// If one of the transcripts currently present in the database is not present in $_POST, we will want to remove it.
$aToRemove[] = $nTranscript;
$aGenesUpdated[] = $sGene;
}
}
if (!empty($aToRemove)) {
// Remove transcript mapping from variant...
$_DB->query('DELETE FROM ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' WHERE id = ? AND transcriptid IN (?' . str_repeat(', ?', count($aToRemove) - 1) . ')', array_merge(array($nID), $aToRemove));
}
if ($zData['statusid'] >= STATUS_MARKED) {
lovd_setUpdatedDate($aGenesUpdated);
}
// If we get here, it all succeeded.
$_DB->commit();
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Updated the transcript list for variant #' . $nID);
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . CURRENT_PATH . (!empty($aNewTranscripts) ? '?edit#' . implode(',', $aNewTranscripts) : ''));
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully updated the transcript list!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password fields!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
} else {
$_BAR[1]->setMessage('Done importing!', 'done');
}
$_BAR[1]->setMessageVisibility('done', true);
if (count($aDone)) {
$sMessage = '';
foreach ($aDone as $sSection => $n) {
$sMessage .= (!$sMessage ? '' : ', ') . $n . ' ' . $sSection;
}
$sMessage = preg_replace('/, ([^,]+)/', " and \$1", $sMessage);
} else {
$sMessage = 'new links only';
}
$aGenes = array_unique($aGenes);
$nGenes = count($aGenes);
lovd_writeLog('Event', LOG_EVENT, 'Imported ' . $sMessage . '; ran ' . $nDone . ' queries' . (!$aGenes ? '' : ' (' . ($nGenes > 100 ? $nGenes . ' genes' : implode(', ', $aGenes)) . ')') . '.');
lovd_setUpdatedDate($aGenes);
}
// FIXME: Why is this not empty?
//var_dump(implode("\n", $aData));
$_T->printFooter();
exit;
}
// Errors...
$_BAR[0]->remove();
$_BAR[0]->setMessageVisibility('', false);
$_BAR[0]->setMessageVisibility('done', false);
if (!lovd_error() && !$nDataTotal) {
if ($sMode == 'update') {
lovd_showInfoTable('No entries found that can be updated via the import file.', 'stop');
}
function checkFields($aData, $zData = false)
{
// Checks fields before submission of data.
global $_AUTH, $_DB, $_PE, $_SETT;
// Mandatory fields.
$this->aCheckMandatory = array('name', 'institute', 'address', 'city', 'countryid', 'email', 'username');
// These password fields are only not mandatory when we're editing.
if (ACTION != 'edit') {
$this->aCheckMandatory[] = 'password_1';
$this->aCheckMandatory[] = 'password_2';
}
parent::checkFields($aData);
// Email address.
if (!empty($aData['email'])) {
$aEmail = explode("\r\n", $aData['email']);
foreach ($aEmail as $sEmail) {
if (!lovd_matchEmail($sEmail)) {
lovd_errorAdd('email', 'Email "' . htmlspecialchars($sEmail) . '" is not a correct email address' . ($sEmail && $sEmail == trim($sEmail) ? '' : '. Make sure there are no spaces or empty lines left in the email field') . '.');
}
}
}
if (lovd_getProjectFile() == '/install/index.php' || ACTION == 'create') {
// Check username format.
if ($aData['username'] && !lovd_matchUsername($aData['username'])) {
lovd_errorAdd('username', 'Please fill in a correct username; 4 to 20 characters and starting with a letter followed by letters, numbers, dots, underscores and dashes only.');
}
}
if (in_array(ACTION, array('create', 'register'))) {
// Does the username exist already?
if ($aData['username']) {
if ($_DB->query('SELECT COUNT(*) FROM ' . TABLE_USERS . ' WHERE username = ?', array($aData['username']))->fetchColumn()) {
lovd_errorAdd('username', 'There is already a user with this username. Please choose another one.');
}
}
}
// One of two password fields entered... check 'em.
if ($aData['password_1'] || $aData['password_2']) {
if ($aData['password_1'] && $aData['password_2']) {
// Both entered.
if ($aData['password_1'] != $aData['password_2']) {
lovd_errorAdd('password_2', 'The \'' . (in_array(ACTION, array('edit', 'change_password')) ? 'New p' : 'P') . 'assword\' fields are not equal. Please try again.');
} else {
// Password quality.
if (!lovd_matchPassword($aData['password_1'])) {
lovd_errorAdd('password_1', 'Your password is found too weak. Please fill in a proper password; at least 4 characters long and containing at least one number or special character.');
}
}
} else {
if (in_array(ACTION, array('edit', 'change_password'))) {
lovd_errorAdd('password_2', 'If you want to change the current password, please fill in both \'New password\' fields.');
} else {
lovd_errorAdd('password_2', 'Please fill in both \'Password\' fields.');
}
}
}
// Check given security IP range.
if (!empty($aData['allowed_ip'])) {
// This function will throw an error itself (second argument).
$bIP = lovd_matchIPRange($aData['allowed_ip'], 'allowed_ip');
if (lovd_getProjectFile() == '/install/index.php' || ACTION == 'edit' && $_PE[1] == $_AUTH['id']) {
// Check given security IP range.
if ($bIP && !lovd_validateIP($aData['allowed_ip'], $_SERVER['REMOTE_ADDR'])) {
// This IP range is not allowing the current IP to connect. This ain't right.
// If IP address is actually IPv6, then complain that we can't restrict at all.
// Otherwise, be clear the current setting just doesn't match.
if (strpos($_SERVER['REMOTE_ADDR'], ':') !== false) {
// IPv6...
lovd_errorAdd('allowed_ip', 'Your current IP address is IPv6 (' . $_SERVER['REMOTE_ADDR'] . '), which is not supported by LOVD to restrict access to your account.');
} else {
lovd_errorAdd('allowed_ip', 'Your current IP address is not matched by the given IP range. This would mean you would not be able to get access to LOVD with this IP range.');
}
}
}
} else {
// We're not sure if $aData == $_POST. But we'll just do this. It can't harm I guess.
$_POST['allowed_ip'] = '*';
}
// Level can't be higher or equal than the current user.
if (!empty($aData['level']) && $aData['level'] >= $_AUTH['level']) {
lovd_writeLog('Error', 'HackAttempt', 'Tried to upgrade user ID ' . $_PE[1] . ' to level ' . $_SETT['user_levels'][$aData['level']] . ')');
lovd_errorAdd('level', 'User level is not permitted. Hack attempt.');
}
// XSS attack prevention. Deny input of HTML.
lovd_checkXSS();
}
}
// Check if referer is given, check it, then forward the user.
if (!empty($_POST['referer'])) {
// Location is within this LOVD installation.
$sLocation = $_POST['referer'];
} else {
// Redirect to proper location will be done somewhere else in this code.
$sLocation = lovd_getInstallURL() . 'login';
}
header('Location: ' . $sLocation);
exit;
}
}
// The bad logins end up here!
if (!$zUser || !lovd_error() && !lovd_verifyPassword($_POST['password'], $zUser['password'])) {
lovd_writeLog('Auth', 'AuthError', $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') tried logging in using ' . $_POST['username'] . '/' . str_repeat('*', strlen($_POST['password'])));
lovd_errorAdd('', 'Invalid Username/Password combination.');
// This may not actually update (user misspelled his username) but we can call the query anyway.
if ($_CONF['lock_users']) {
$_DB->query('UPDATE ' . TABLE_USERS . ' SET login_attempts = login_attempts + 1 WHERE username = ? AND level < ' . LEVEL_ADMIN, array($_POST['username']), false);
}
// Check if the user is locked, now.
if ($zUser && $zUser['login_attempts'] >= 3 - 1) {
lovd_errorAdd('password', 'Your account is now locked, since this is the third time a wrong password was provided.');
}
// The "Forgot my password" option.
if ($_CONF['allow_unlock_accounts']) {
lovd_errorAdd('', 'Did you <A href="reset_password">forget your password</A>?');
}
}
}
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
}
// User had to enter his/her password for authorization.
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
if (!lovd_error()) {
// Query text.
// This also deletes the entries in variants.
$_DATA->deleteEntry($nID);
// Change updated date for gene.
lovd_setUpdatedDate($zData['geneid']);
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Deleted transcript information entry ' . $nID . ' - ' . $zData['geneid'] . ' (' . $zData['name'] . ')');
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully deleted the transcript information entry!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password fields!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
// Ask Mutalyzer about the transcripts within this range.
// FIXME: Is this really necessary if all variants only want to be mapped on the transcripts in the database?
$aTranscriptData = array();
try {
// Can throw notice when TranscriptMappingInfo is not present (when no transcripts are available, for instance).
$aTranscriptsWithinRange = @$_Mutalyzer->getTranscriptsMapping(array('build' => $_CONF['refseq_build'], 'chrom' => 'chr' . $sChromosome, 'pos1' => $nStart, 'pos2' => $nEnd, 'method' => 1))->getTranscriptsMappingResult->TranscriptMappingInfo;
} catch (SoapFault $e) {
// Call failed, due to network problems, perhaps? Don't run the mapping script now!
define('MAPPING_NO_RESTART', true);
if (!empty($_GET['variantid'])) {
// We were trying to map a specific variant. Set the MAPPING_ERROR flag so the user understands we tried it.
$_DB->query('UPDATE ' . TABLE_VARIANTS . ' SET mapping_flags = ' . ($aVariants[0]['mapping_flags'] | MAPPING_ERROR) . ' WHERE id = ?', array($aVariants[0]['id']));
$aVariantUpdates = array();
}
if (empty($_SESSION['mapping']['time_error']) || time() - $_SESSION['mapping']['time_error'] > $tLogInterval) {
lovd_writeLog('Error', LOG_EVENT, 'Error while running the Mutalyzer getTranscriptsMapping webservice.');
}
// Forget the variants we had selected. This will skip the loop below and take us straight to the update-and-exit part.
$aVariants = array();
$nVariants = 0;
}
if (!empty($aTranscriptsWithinRange) && is_array($aTranscriptsWithinRange)) {
// Of the detected transcripts, we want to know their GENE and POSITIONS.
foreach ($aTranscriptsWithinRange as $oTranscript) {
$aTranscript = get_object_vars($oTranscript);
// Record the transcript accession, gene symbol and start and end positions.
$sTranscriptNM = $aTranscript['name'];
$nVersion = $aTranscript['version'];
if (empty($aTranscriptData[$sTranscriptNM]) || $aTranscriptData[$sTranscriptNM]['version'] < $nVersion) {
// Be sure to remember only the latest version!
$aTranscriptData[$sTranscriptNM]['version'] = $nVersion;
// Search for effected genes before the deletion on SCR2VAR, else we can't find the link.
// Get genes which are modified only when linked variant is marked or public.
$aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t ' . 'INNER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) ' . 'INNER JOIN ' . TABLE_VARIANTS . ' AS vog ON (vog.id = vot.id) ' . 'INNER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (s2v.variantid = vog.id) ' . 'INNER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s.id = s2v.screeningid) ' . 'INNER JOIN ' . TABLE_INDIVIDUALS . ' AS i ON (i.id = s.individualid) ' . 'WHERE vog.statusid >= ? AND i.statusid >= ? AND s2v.screeningid = ?', array(STATUS_MARKED, STATUS_MARKED, $nID))->fetchAllColumn();
if (isset($_POST['remove_variants']) && $_POST['remove_variants'] == 'remove') {
// This also deletes the entries in TABLE_SCR2VAR.
$_DB->query('DELETE FROM ' . TABLE_VARIANTS . ' WHERE id IN (?' . str_repeat(', ?', count($aVariantsRemovable) - 1) . ')', $aVariantsRemovable);
}
// This also deletes the entries in TABLE_SCR2GENES and TABLE_SCR2VAR.
$_DATA->deleteEntry($nID);
if ($aGenes) {
// Change updated date for genes
lovd_setUpdatedDate($aGenes);
}
$_DB->commit();
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Deleted screening information entry ' . $nID);
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . 'individuals/' . $zData['individualid']);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully deleted the screening information entry!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password fields!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
lovd_errorPrint();
// Tooltip JS code.
lovd_includeJS('inc-js-tooltip.php');
// Allow checking the database URL.
lovd_includeJS('inc-js-submit-settings.php');
// Table.
print ' <FORM action="install/?step=' . $_GET['step'] . '&sent=true" method="post">' . "\n";
// Array which will make up the form table.
$aForm = array_merge($_SYSSETTING->getForm(), array('skip', array('', '', 'submit', 'Continue »')));
lovd_viewForm($aForm);
print '</FORM>' . "\n\n";
$_T->printFooter();
exit;
} elseif ($_GET['step'] == 3) {
$_GET['step']++;
}
if ($_GET['step'] == 4) {
// Step 5: Done.
if (!($_DB->query('SHOW TABLES LIKE "' . TABLE_CONFIG . '"')->fetchColumn() && $_DB->query('SELECT COUNT(*) FROM ' . TABLE_CONFIG)->fetchColumn())) {
// Didn't finish previous step correctly.
//header('Location: ' . PROTOCOL . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?step=' . ($_GET['step'] - 2));
header('Location: ' . PROTOCOL . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?step=' . ($_GET['step'] - 1));
exit;
}
$_T->printHeader();
lovd_printSideBar();
lovd_writeLog('Install', 'Installation', 'Installation of LOVD ' . $_STAT['version'] . ' complete');
print ' <B>Done</B><BR>' . "\n" . ' <BR>' . "\n\n" . ' The installation of LOVD ' . $_STAT['version'] . ' is now complete.<BR>' . "\n" . ' <BR>' . "\n\n" . ' <BUTTON onclick="window.location.href=\'' . lovd_getInstallURL() . 'setup?newly_installed\';" style="font-weight : bold; font-size : 11px;">Continue to Setup area >></BUTTON>' . "\n\n";
$_T->printFooter();
exit;
}
$_DATA = new LOVD_Column();
if (!empty($_POST)) {
lovd_errorClean();
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
}
// User had to enter his/her password for authorization.
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
if (!lovd_error()) {
// Query text.
$_DATA->deleteEntry($sColumnID);
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Deleted column ' . $sColumnID);
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0] . '/' . $sCategory);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully deleted the column ' . $sColumnID . '!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password field!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
$nSQLFailed++;
$sSQLFailed .= '<SPAN style="background : #C0C0C0;">' . sprintf('%' . strlen(count($aSQL)) . 'd', $i) . '</SPAN> ' . htmlspecialchars($sSQL) . ';\\n';
}
}
if ($nSQLFailed) {
$sSQLFailed .= '</PRE>';
$_BAR->setMessage($sSQLFailed);
$_BAR->setMessage('After executing th' . ($nSQLFailed == 1 ? 'is query' : 'ese queries') . ', please try again.', 'done');
$_BAR->setMessageVisibility('done', true);
break;
}
usleep(300000);
}
if (!$nSQLFailed) {
// Upgrade complete, all OK!
lovd_writeLog('Install', 'Upgrade', 'Successfully upgraded LOVD from ' . $_STAT['version'] . ' to ' . $_SETT['system']['version'] . ', executing ' . $nSQLDone . ' quer' . ($nSQLDone == 1 ? 'y' : 'ies'));
$_BAR->setProgress(100);
$_BAR->setMessage('Successfully upgraded to ' . $_SETT['system']['version'] . '!<BR>Executed ' . $nSQLDone . ' database quer' . ($nSQLDone == 1 ? 'y' : 'ies') . '.');
} else {
// Bye bye, they should not see the form!
print '</BODY>' . "\n" . '</HTML>' . "\n";
exit;
}
// Remove update lock.
$_DB->query('UPDATE ' . TABLE_STATUS . ' SET lock_update = 0');
}
// Now that this is over, let the user proceed to whereever they were going!
if ($bLocked) {
// Have to force upgrade...
$_SERVER['REQUEST_URI'] .= ($_SERVER['QUERY_STRING'] ? '&' : '?') . 'force_lock';
} else {
function lovd_showPageAccessDenied($sLogMessage = null, $sPageTitle = 'Access denied', $sInfoText = 'You do not have access to this content.')
{
// Show a page saying access denied.
global $_T;
$_T->printHeader();
if (!is_null($sPageTitle)) {
$_T->printTitle($sPageTitle);
} else {
$_T->printTitle();
}
if (!is_null($sLogMessage)) {
lovd_writeLog('Error', 'HackAttempt', $sLogMessage);
}
lovd_showInfoTable($sInfoText, 'stop');
$_T->printFooter();
}
}
// This optimalization is normally done in updateEntry().
if (empty($_POST['proxy_port'])) {
// Empty port number, insert NULL instead of 0.
$_POST['proxy_port'] = NULL;
}
// Query text.
$sSQL = 'UPDATE ' . TABLE_CONFIG . ' SET ';
$aSQL = array();
foreach ($aFields as $key => $sField) {
$sSQL .= (!$key ? '' : ', ') . $sField . ' = ?';
$aSQL[] = $_POST[$sField];
}
$q = $_DB->query($sSQL, $aSQL, true, true);
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Edited system configuration');
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . 'setup');
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully edited the system settings!', 'success');
$_T->printFooter();
exit;
}
} else {
// Load current values.
$_POST = array_merge($_POST, $zData);
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();
$bMail = lovd_sendMail($aTo, $sSubject, $sBody, $_SETT['email_headers'], true, $_CONF['send_admin_submissions']);
// Thank the user...
$_T->printHeader();
$_T->printTitle();
if ($bMail) {
print ' Successfully reset your password.<BR>' . "\n" . ' We\'ve sent you an email containing your new password. With this new password, you can <A href="' . ROOT_PATH . 'login.php">unlock your account</A> and choose a new password.<BR><BR>' . "\n\n";
} else {
// Couldn't send confirmation...
lovd_writeLog('Error', LOG_EVENT, 'Error sending email for account ' . $_AUTH['username'] . ' (' . $zData['name'] . ')');
print ' Due to an error, we couldn\'t send you an email containing your new password. Our apologies for the inconvenience.<BR><BR>' . "\n\n";
}
$_T->printFooter();
exit;
} else {
unset($_POST['username']);
lovd_writeLog('Auth', LOG_EVENT, $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') tried to reset password for denied account ' . $_POST['username']);
}
}
$_T->printHeader();
$_T->printTitle();
print ' If you forgot your password, please fill in your username here. A new random password will be generated and emailed to the known email address. You need this new password to unlock your account and choose a new password.<BR>' . "\n" . ' <BR>' . "\n\n";
lovd_errorPrint();
// Table.
print ' <FORM action="' . CURRENT_PATH . '" method="post">' . "\n";
// Array which will make up the form table.
$aForm = array(array('POST', '', '', '', '30%', '20', '70%'), array('Username', '', 'text', 'username', 20), 'skip', array('', '', 'submit', 'Reset password'));
lovd_viewForm($aForm);
print '</FORM>' . "\n\n";
$_T->printFooter();
exit;
}
if (!empty($_POST)) {
lovd_errorClean();
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
}
// User had to enter his/her password for authorization.
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
if (!lovd_error()) {
// Query text.
// This also deletes the entries in cols2links.
$_DATA->deleteEntry($nID);
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Deleted custom link ' . $nID . ' - ' . $zData['name'] . ' (' . $zData['pattern_text'] . ')');
// Thank the user...
header('Refresh: 3; url=' . lovd_getInstallURL() . $_PE[0]);
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Successfully deleted the custom link!', 'success');
$_T->printFooter();
exit;
} else {
// Because we're sending the data back to the form, I need to unset the password fields!
unset($_POST['password']);
}
}
$_T->printHeader();
$_T->printTitle();
lovd_errorPrint();