function ajaxGetUsersAsPulldown()
{
global $TABLE_PREFIX, $hasEditorAccess, $tableName;
if (!$hasEditorAccess) {
return '';
}
// must have section admin access
// get users with access to this section
$query = "SELECT u.num, u.username\n FROM {$TABLE_PREFIX}accounts u\n JOIN {$TABLE_PREFIX}_accesslist a ON u.num = a.userNum\n WHERE a.accessLevel > 1 AND a.tableName IN ('all','{$tableName}')\n ORDER BY username";
$users = mysql_select_query($query);
// get option values
$userNums = array_pluck($users, 'num');
$userNames = array_pluck($users, 'username');
$optionsHTML = getSelectOptions(null, $userNums, $userNames);
// show pulldown
$selectHTML = "<select name='createdByUserNum'>\n";
$selectHTML .= "<option value=''>" . htmlencode(t("<select user>")) . "</option>\n";
$selectHTML .= $optionsHTML;
$selectHTML .= "</select>\n";
//
print $selectHTML;
exit;
}
function _upgradeToVersion1_24()
{
global $SETTINGS, $APP, $TABLE_PREFIX;
if ($SETTINGS['programVersion'] >= '1.24') {
return;
}
### Update account with "Editor" access to all sections to have Editor access
### to all by User Accounts so upgrading doesn't grant additional access
// get list of accounts to update
$query = "SELECT * FROM `{$TABLE_PREFIX}_accesslist` acl\n";
$query .= " JOIN `{$TABLE_PREFIX}accounts` a\n";
$query .= " ON acl.tableName = 'all' AND acl.accessLevel = 9 AND a.num = acl.userNum AND a.isAdmin != 1\n";
$records = mysql_select_query($query);
// update users
$schemaTables = getSchemaTables();
foreach ($records as $user) {
// insert new access levels
$insertRows = '';
$randomId = uniqid('', true);
foreach ($schemaTables as $tableName) {
if ($tableName == 'accounts') {
continue;
}
if ($tableName == '_accesslist') {
continue;
}
if ($tableName == 'uploads') {
continue;
}
if ($insertRows) {
$insertRows .= ",\n";
}
$escapedUserNum = mysql_escape($user['num']);
$escapedTableName = mysql_escape($tableName);
$accessLevel = '9';
$maxRecords = "NULL";
$escapedSaveId = mysql_escape($randomId);
$insertRows .= "('{$escapedUserNum}', '{$escapedTableName}', '{$accessLevel}', {$maxRecords}, '{$escapedSaveId}')";
}
$insertQuery = "INSERT INTO `{$TABLE_PREFIX}_accesslist`\n";
$insertQuery .= "(userNum, tableName, accessLevel, maxRecords, randomSaveId)\n";
$insertQuery .= "VALUES {$insertRows}\n";
mysql_query($insertQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
// delete old access levels
$deleteQuery = "DELETE FROM `{$TABLE_PREFIX}_accesslist`\n";
$deleteQuery .= "WHERE userNum = '" . mysql_escape($user['num']) . "'\n";
$deleteQuery .= " AND randomSaveId != '" . mysql_escape($randomId) . "'\n";
mysql_query($deleteQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
}
//
saveAndRefresh('1.24');
}
function mysql_select($tableName, $whereEtc = 'TRUE')
{
if (is_array($whereEtc)) {
$whereEtc = mysql_where($whereEtc);
}
$fullTableName = getTableNameWithPrefix($tableName);
$query = "SELECT * FROM `{$fullTableName}` WHERE {$whereEtc}";
$records = mysql_select_query($query);
// add _tableName key to records
foreach ($records as $key => $record) {
$records[$key]['_tableName'] = $tableName;
}
return $records;
}
function _removeOldDemos()
{
global $TABLE_PREFIX;
$rows = mysql_select_query("SHOW TABLES LIKE '{$TABLE_PREFIX}(demo%)_%'", true);
foreach ($rows as $row) {
$tableName = $row[0];
// check table date and expiry
preg_match("/^{$TABLE_PREFIX}\\(demo(\\d+).*?\\)_/", $tableName, $matches) or die("Error: Table '{$tableName}' doesn't seem to match naming scheme of demo table!");
$tableCreatedTime = $matches[1];
$hasExpired = $tableCreatedTime < time() - MAX_DEMO_TIME;
// drop expired tables
if ($hasExpired) {
$query = "DROP TABLE IF EXISTS `{$tableName}`";
mysql_query($query);
#print "Debug: $query<br/>";
}
}
}
function getRecordsCustom($options)
{
$originalOptions = $options;
//Save original options in case we need them later.
// error checking
$errors = '';
if (!is_array($options)) {
die("First argument for " . __FUNCTION__ . "() must be an array!<br/>\n");
}
if (!@$options['query']) {
$errors .= "No 'query' value specified in options!<br/>\n";
}
if (preg_match("/\\bLIMIT\\b/i", $options['query'])) {
die("Query must not include a LIMIT as we'll be adding that.");
}
if ($errors) {
die($errors);
}
// set defaults
$options['pageNum'] = @$options['pageNum'] ? intval($options['pageNum']) : max(intval(@$_REQUEST['page']), 1);
$options['limit'] = @$options['perPage'] ? intval($options['perPage']) : intval(@$options['limit']);
$options['offset'] = @$options['perPage'] ? ($options['pageNum'] - 1) * $options['perPage'] + @$options['offset'] : @$options['offset'];
$options['offset'] = min($options['offset'], PHP_INT_MAX);
// don't overflow php integers when casting to int later (can cause negative numbers which is harmless but causes mysql error)
if ($options['offset'] && !$options['limit']) {
$options['limit'] = 1000000;
}
// if offset and no limit set limit to high number as per MySQL docs
// add SQL_CALC_FOUND_ROWS and LIMIT to query
if (!preg_match("/SQL_CALC_FOUND_ROWS/i", $options['query'])) {
// add SQL_CALC_FOUND_ROWS if needed
$options['query'] = preg_replace("/^\\s*SELECT\\b/si", "SELECT SQL_CALC_FOUND_ROWS", $options['query']);
if (!preg_match("/SQL_CALC_FOUND_ROWS/i", $options['query'])) {
die("Couldn't add SQL_CALC_FOUND_ROWS to select query");
}
}
$options['query'] .= ' ' . mysql_limit($options['perPage'], $options['pageNum']);
// add limit to query
// get records
$records = mysql_select_query($options['query']);
// Add _tableName key
if (array_key_exists('tableName', $options)) {
foreach ($records as $key => $record) {
$records[$key]['_tableName'] = $options['tableName'];
}
}
// get meta data
$rowCount = count($records);
$totalRecords = (int) mysql_select_found_rows();
$fakeSchema = array('_listPage' => "javascript:alert('You must set _listPage manually')");
$listDetails = _getRecords_getListDetails($options, $rowCount, $totalRecords, $fakeSchema);
// See if pagenum is too high. If so, call getRecordsCustom() again with an in-bounds page num
if ($listDetails && $options['pageNum'] > $listDetails['totalPages']) {
$originalOptions['pageNum'] = $listDetails['totalPages'];
return getRecordsCustom($originalOptions);
}
//
return array($records, $listDetails);
}
<td class="labelColumn"> </td>
<td><?php
echo t('Example: plugin1.php, plugin2.php');
?>
</td>
</tr>
<tr><td colspan="2" style="border-bottom: 1px solid #ddd"> </td></tr>
<tr>
<td class="labelColumn"><a href="http://dev.mysql.com/doc/refman/5.0/en/show-index.html" target="_blank"><?php
echo t("MySQL Indexes");
?>
</a></td>
<td>
<?php
$indexKeys = array('Key_name', 'Column_name', 'Non_unique', 'Seq_in_index', 'Collation', 'Cardinality', 'Sub_part', 'Packed', 'Null', 'Index_type', 'Comment');
$indexDetails = mysql_select_query("SHOW INDEXES FROM `" . mysql_escape($tableName) . "`") or die("MySQL Error: " . htmlencode(mysql_error()));
?>
<table border="0" cellspacing="0" cellpadding="0" style="padding: 2px 0px 1px 0px;" class="data">
<?php
print "<tr style='font-weight: bold'>\n";
foreach ($indexKeys as $label) {
print "<td>" . htmlencode($label) . "</td>\n";
}
print "</tr>\n";
foreach ($indexDetails as $indexRow) {
print "<tr>\n";
foreach ($indexKeys as $key) {
print "<td>" . htmlencode(@$indexRow[$key]) . "</td>\n";
}
print "</tr>\n";
function __getCategoryNames_asSelectOptions($fieldname)
{
$tableName = @$_REQUEST['tableName'];
// options
$showRootOption = $fieldname == 'rootCategoryNum';
$showEmptyOptionFirst = $fieldname == 'defaultCategoryNum';
// eg: <select>
// if no table...
if (!$tableName) {
$htmlOptions = "<option value=''>" . htmlencode(t('<select section above>')) . "</option>";
} else {
// load categories
$query = "SELECT num, name, breadcrumb, depth\n FROM `{$GLOBALS['TABLE_PREFIX']}{$tableName}` ORDER BY `globalOrder`";
$categories = mysql_select_query($query);
// load option values
$selectedValues = @$_REQUEST[$fieldname];
$optionValues = array_pluck($categories, 'num');
$optionLabels = array();
foreach ($categories as $category) {
//$optionLabels[] = htmlencode($category['breadcrumb']);
$optionLabels[] = str_repeat(" ", $category['depth']) . htmlencode($category['name']);
}
// get html
$htmlOptions = '';
if ($showRootOption) {
$htmlOptions .= "<option value=''>" . t('Root (show all categories)') . "</option>\n";
}
$htmlOptions .= getSelectOptions($selectedValues, $optionValues, $optionLabels, $showEmptyOptionFirst, false);
if (!$optionValues) {
$htmlOptions .= "<option value=''>" . htmlencode(t('<no records found>')) . "</option>\n";
}
}
//
return $htmlOptions;
}
function _displayRecordAccessErrors($action)
{
global $CURRENT_USER, $hasEditorAccess, $hasAuthorAccess, $hasAuthorViewerAccess, $schema, $tableName, $escapedTableName, $isSingleMenu;
//
$isAuthor = !$CURRENT_USER['isAdmin'] && !$hasEditorAccess && $hasAuthorAccess;
$recordNums = array_unique(array_merge((array) @$_REQUEST['selectedRecords'], (array) @$_REQUEST['num']));
$recordNumsAsCSV = join(',', array_map('intval', $recordNums));
// escape nums by converting them to integers
$invalidNums = array();
// don't allow authors to edit records they don't own
$allowAuthorViewerAccess = $hasAuthorViewerAccess && in_array($action, array('view', 'uploadList'));
if ($isAuthor && $recordNums && !$isSingleMenu && !$allowAuthorViewerAccess) {
$accessWhere = "`createdByUserNum` = '{$CURRENT_USER['num']}'";
$accessWhere = applyFilters('record_access_where', $accessWhere, $tableName);
// this is also called in list_functions_init()
$query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND !({$accessWhere})";
$records = mysql_select_query($query, true);
// these are records not owned by the user (who has author access)
foreach ($records as $record) {
$invalidNums[] = $record[0];
}
}
// User Accounts: don't allow non-admin's to edit 'isAdmin' accounts
if ($tableName == 'accounts' && !$CURRENT_USER['isAdmin'] && $recordNums) {
$query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND isAdmin = '1'";
$records = mysql_select_query($query, true);
// these are records not owned by the user (who has author access)
foreach ($records as $record) {
$invalidNums[] = $record[0];
}
}
// show errors
if ($invalidNums) {
$invalidNumsAsCSV = join(',', $invalidNums);
$error = sprintf(t("You don't have permission to access these records: %s"), $invalidNumsAsCSV);
showInterfaceError($error);
}
}
function getUploadRecords($tablename, $fieldname, $recordNum, $preSaveTempId = "", $uploadNumsAsCSV = null)
{
global $TABLE_PREFIX;
//
$query = "SELECT * FROM `{$TABLE_PREFIX}uploads` ";
$query .= " WHERE tableName = '" . mysql_escape($tablename) . "' AND ";
$query .= " fieldName = '" . mysql_escape($fieldname) . "' AND ";
if ($recordNum) {
$query .= "recordNum = '" . mysql_escape($recordNum) . "' ";
} else {
if ($preSaveTempId) {
$query .= "preSaveTempId = '" . mysql_escape($preSaveTempId) . "' ";
} else {
die("You must specify either a record 'num' or 'preSaveTempId'!");
}
}
if ($uploadNumsAsCSV) {
$query .= " AND num IN(" . mysql_escape($uploadNumsAsCSV) . ") ";
}
$query .= " ORDER BY `order`, num";
$records = mysql_select_query($query);
// add pseudo-fields
$schema = loadSchema($tablename);
foreach (array_keys($records) as $index) {
$record =& $records[$index];
_addUploadPseudoFields($record, $schema, $fieldname);
}
// showme($records);
//
return $records;
}
function &mysql_fetch($query, $firstRowOnly = false, $indexedArray = false)
{
if ($firstRowOnly) {
return mysql_get_query($query, $indexedArray);
} else {
return mysql_select_query($query, $indexedArray);
}
}
