function ajaxGetUsersAsPulldown() { global $TABLE_PREFIX, $hasEditorAccess, $tableName; if (!$hasEditorAccess) { return ''; } // must have section admin access // get users with access to this section $query = "SELECT u.num, u.username\n FROM {$TABLE_PREFIX}accounts u\n JOIN {$TABLE_PREFIX}_accesslist a ON u.num = a.userNum\n WHERE a.accessLevel > 1 AND a.tableName IN ('all','{$tableName}')\n ORDER BY username"; $users = mysql_select_query($query); // get option values $userNums = array_pluck($users, 'num'); $userNames = array_pluck($users, 'username'); $optionsHTML = getSelectOptions(null, $userNums, $userNames); // show pulldown $selectHTML = "<select name='createdByUserNum'>\n"; $selectHTML .= "<option value=''>" . htmlencode(t("<select user>")) . "</option>\n"; $selectHTML .= $optionsHTML; $selectHTML .= "</select>\n"; // print $selectHTML; exit; }
function _upgradeToVersion1_24() { global $SETTINGS, $APP, $TABLE_PREFIX; if ($SETTINGS['programVersion'] >= '1.24') { return; } ### Update account with "Editor" access to all sections to have Editor access ### to all by User Accounts so upgrading doesn't grant additional access // get list of accounts to update $query = "SELECT * FROM `{$TABLE_PREFIX}_accesslist` acl\n"; $query .= " JOIN `{$TABLE_PREFIX}accounts` a\n"; $query .= " ON acl.tableName = 'all' AND acl.accessLevel = 9 AND a.num = acl.userNum AND a.isAdmin != 1\n"; $records = mysql_select_query($query); // update users $schemaTables = getSchemaTables(); foreach ($records as $user) { // insert new access levels $insertRows = ''; $randomId = uniqid('', true); foreach ($schemaTables as $tableName) { if ($tableName == 'accounts') { continue; } if ($tableName == '_accesslist') { continue; } if ($tableName == 'uploads') { continue; } if ($insertRows) { $insertRows .= ",\n"; } $escapedUserNum = mysql_escape($user['num']); $escapedTableName = mysql_escape($tableName); $accessLevel = '9'; $maxRecords = "NULL"; $escapedSaveId = mysql_escape($randomId); $insertRows .= "('{$escapedUserNum}', '{$escapedTableName}', '{$accessLevel}', {$maxRecords}, '{$escapedSaveId}')"; } $insertQuery = "INSERT INTO `{$TABLE_PREFIX}_accesslist`\n"; $insertQuery .= "(userNum, tableName, accessLevel, maxRecords, randomSaveId)\n"; $insertQuery .= "VALUES {$insertRows}\n"; mysql_query($insertQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); // delete old access levels $deleteQuery = "DELETE FROM `{$TABLE_PREFIX}_accesslist`\n"; $deleteQuery .= "WHERE userNum = '" . mysql_escape($user['num']) . "'\n"; $deleteQuery .= " AND randomSaveId != '" . mysql_escape($randomId) . "'\n"; mysql_query($deleteQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); } // saveAndRefresh('1.24'); }
function mysql_select($tableName, $whereEtc = 'TRUE') { if (is_array($whereEtc)) { $whereEtc = mysql_where($whereEtc); } $fullTableName = getTableNameWithPrefix($tableName); $query = "SELECT * FROM `{$fullTableName}` WHERE {$whereEtc}"; $records = mysql_select_query($query); // add _tableName key to records foreach ($records as $key => $record) { $records[$key]['_tableName'] = $tableName; } return $records; }
function _removeOldDemos() { global $TABLE_PREFIX; $rows = mysql_select_query("SHOW TABLES LIKE '{$TABLE_PREFIX}(demo%)_%'", true); foreach ($rows as $row) { $tableName = $row[0]; // check table date and expiry preg_match("/^{$TABLE_PREFIX}\\(demo(\\d+).*?\\)_/", $tableName, $matches) or die("Error: Table '{$tableName}' doesn't seem to match naming scheme of demo table!"); $tableCreatedTime = $matches[1]; $hasExpired = $tableCreatedTime < time() - MAX_DEMO_TIME; // drop expired tables if ($hasExpired) { $query = "DROP TABLE IF EXISTS `{$tableName}`"; mysql_query($query); #print "Debug: $query<br/>"; } } }
function getRecordsCustom($options) { $originalOptions = $options; //Save original options in case we need them later. // error checking $errors = ''; if (!is_array($options)) { die("First argument for " . __FUNCTION__ . "() must be an array!<br/>\n"); } if (!@$options['query']) { $errors .= "No 'query' value specified in options!<br/>\n"; } if (preg_match("/\\bLIMIT\\b/i", $options['query'])) { die("Query must not include a LIMIT as we'll be adding that."); } if ($errors) { die($errors); } // set defaults $options['pageNum'] = @$options['pageNum'] ? intval($options['pageNum']) : max(intval(@$_REQUEST['page']), 1); $options['limit'] = @$options['perPage'] ? intval($options['perPage']) : intval(@$options['limit']); $options['offset'] = @$options['perPage'] ? ($options['pageNum'] - 1) * $options['perPage'] + @$options['offset'] : @$options['offset']; $options['offset'] = min($options['offset'], PHP_INT_MAX); // don't overflow php integers when casting to int later (can cause negative numbers which is harmless but causes mysql error) if ($options['offset'] && !$options['limit']) { $options['limit'] = 1000000; } // if offset and no limit set limit to high number as per MySQL docs // add SQL_CALC_FOUND_ROWS and LIMIT to query if (!preg_match("/SQL_CALC_FOUND_ROWS/i", $options['query'])) { // add SQL_CALC_FOUND_ROWS if needed $options['query'] = preg_replace("/^\\s*SELECT\\b/si", "SELECT SQL_CALC_FOUND_ROWS", $options['query']); if (!preg_match("/SQL_CALC_FOUND_ROWS/i", $options['query'])) { die("Couldn't add SQL_CALC_FOUND_ROWS to select query"); } } $options['query'] .= ' ' . mysql_limit($options['perPage'], $options['pageNum']); // add limit to query // get records $records = mysql_select_query($options['query']); // Add _tableName key if (array_key_exists('tableName', $options)) { foreach ($records as $key => $record) { $records[$key]['_tableName'] = $options['tableName']; } } // get meta data $rowCount = count($records); $totalRecords = (int) mysql_select_found_rows(); $fakeSchema = array('_listPage' => "javascript:alert('You must set _listPage manually')"); $listDetails = _getRecords_getListDetails($options, $rowCount, $totalRecords, $fakeSchema); // See if pagenum is too high. If so, call getRecordsCustom() again with an in-bounds page num if ($listDetails && $options['pageNum'] > $listDetails['totalPages']) { $originalOptions['pageNum'] = $listDetails['totalPages']; return getRecordsCustom($originalOptions); } // return array($records, $listDetails); }
<td class="labelColumn"> </td> <td><?php echo t('Example: plugin1.php, plugin2.php'); ?> </td> </tr> <tr><td colspan="2" style="border-bottom: 1px solid #ddd"> </td></tr> <tr> <td class="labelColumn"><a href="http://dev.mysql.com/doc/refman/5.0/en/show-index.html" target="_blank"><?php echo t("MySQL Indexes"); ?> </a></td> <td> <?php $indexKeys = array('Key_name', 'Column_name', 'Non_unique', 'Seq_in_index', 'Collation', 'Cardinality', 'Sub_part', 'Packed', 'Null', 'Index_type', 'Comment'); $indexDetails = mysql_select_query("SHOW INDEXES FROM `" . mysql_escape($tableName) . "`") or die("MySQL Error: " . htmlencode(mysql_error())); ?> <table border="0" cellspacing="0" cellpadding="0" style="padding: 2px 0px 1px 0px;" class="data"> <?php print "<tr style='font-weight: bold'>\n"; foreach ($indexKeys as $label) { print "<td>" . htmlencode($label) . "</td>\n"; } print "</tr>\n"; foreach ($indexDetails as $indexRow) { print "<tr>\n"; foreach ($indexKeys as $key) { print "<td>" . htmlencode(@$indexRow[$key]) . "</td>\n"; } print "</tr>\n";
function __getCategoryNames_asSelectOptions($fieldname) { $tableName = @$_REQUEST['tableName']; // options $showRootOption = $fieldname == 'rootCategoryNum'; $showEmptyOptionFirst = $fieldname == 'defaultCategoryNum'; // eg: <select> // if no table... if (!$tableName) { $htmlOptions = "<option value=''>" . htmlencode(t('<select section above>')) . "</option>"; } else { // load categories $query = "SELECT num, name, breadcrumb, depth\n FROM `{$GLOBALS['TABLE_PREFIX']}{$tableName}` ORDER BY `globalOrder`"; $categories = mysql_select_query($query); // load option values $selectedValues = @$_REQUEST[$fieldname]; $optionValues = array_pluck($categories, 'num'); $optionLabels = array(); foreach ($categories as $category) { //$optionLabels[] = htmlencode($category['breadcrumb']); $optionLabels[] = str_repeat(" ", $category['depth']) . htmlencode($category['name']); } // get html $htmlOptions = ''; if ($showRootOption) { $htmlOptions .= "<option value=''>" . t('Root (show all categories)') . "</option>\n"; } $htmlOptions .= getSelectOptions($selectedValues, $optionValues, $optionLabels, $showEmptyOptionFirst, false); if (!$optionValues) { $htmlOptions .= "<option value=''>" . htmlencode(t('<no records found>')) . "</option>\n"; } } // return $htmlOptions; }
function _displayRecordAccessErrors($action) { global $CURRENT_USER, $hasEditorAccess, $hasAuthorAccess, $hasAuthorViewerAccess, $schema, $tableName, $escapedTableName, $isSingleMenu; // $isAuthor = !$CURRENT_USER['isAdmin'] && !$hasEditorAccess && $hasAuthorAccess; $recordNums = array_unique(array_merge((array) @$_REQUEST['selectedRecords'], (array) @$_REQUEST['num'])); $recordNumsAsCSV = join(',', array_map('intval', $recordNums)); // escape nums by converting them to integers $invalidNums = array(); // don't allow authors to edit records they don't own $allowAuthorViewerAccess = $hasAuthorViewerAccess && in_array($action, array('view', 'uploadList')); if ($isAuthor && $recordNums && !$isSingleMenu && !$allowAuthorViewerAccess) { $accessWhere = "`createdByUserNum` = '{$CURRENT_USER['num']}'"; $accessWhere = applyFilters('record_access_where', $accessWhere, $tableName); // this is also called in list_functions_init() $query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND !({$accessWhere})"; $records = mysql_select_query($query, true); // these are records not owned by the user (who has author access) foreach ($records as $record) { $invalidNums[] = $record[0]; } } // User Accounts: don't allow non-admin's to edit 'isAdmin' accounts if ($tableName == 'accounts' && !$CURRENT_USER['isAdmin'] && $recordNums) { $query = "SELECT num FROM `{$escapedTableName}` WHERE num IN ({$recordNumsAsCSV}) AND isAdmin = '1'"; $records = mysql_select_query($query, true); // these are records not owned by the user (who has author access) foreach ($records as $record) { $invalidNums[] = $record[0]; } } // show errors if ($invalidNums) { $invalidNumsAsCSV = join(',', $invalidNums); $error = sprintf(t("You don't have permission to access these records: %s"), $invalidNumsAsCSV); showInterfaceError($error); } }
function getUploadRecords($tablename, $fieldname, $recordNum, $preSaveTempId = "", $uploadNumsAsCSV = null) { global $TABLE_PREFIX; // $query = "SELECT * FROM `{$TABLE_PREFIX}uploads` "; $query .= " WHERE tableName = '" . mysql_escape($tablename) . "' AND "; $query .= " fieldName = '" . mysql_escape($fieldname) . "' AND "; if ($recordNum) { $query .= "recordNum = '" . mysql_escape($recordNum) . "' "; } else { if ($preSaveTempId) { $query .= "preSaveTempId = '" . mysql_escape($preSaveTempId) . "' "; } else { die("You must specify either a record 'num' or 'preSaveTempId'!"); } } if ($uploadNumsAsCSV) { $query .= " AND num IN(" . mysql_escape($uploadNumsAsCSV) . ") "; } $query .= " ORDER BY `order`, num"; $records = mysql_select_query($query); // add pseudo-fields $schema = loadSchema($tablename); foreach (array_keys($records) as $index) { $record =& $records[$index]; _addUploadPseudoFields($record, $schema, $fieldname); } // showme($records); // return $records; }
function &mysql_fetch($query, $firstRowOnly = false, $indexedArray = false) { if ($firstRowOnly) { return mysql_get_query($query, $indexedArray); } else { return mysql_select_query($query, $indexedArray); } }