function portal_get_link_info($link_id)
{
$query = 'SELECT * FROM portal_links WHERE link_id = ?';
$params = array($link_id);
$results = mystery_select_query($query, $params, 'portal_dbh');
if (count($results) > 0) {
return $results[0];
} else {
return $results;
}
}
function mystery_configure()
{
// This function gets the configuration from the databse and stores
// it in the $_MYSTERY variable
global $_MYSTERY;
$query = 'SELECT directive, value FROM ' . $_MYSTERY['table_prefix'] . 'configuration';
$params = array();
$config_variables = mystery_select_query($query, $params);
for ($i = 0; $i < count($config_variables); $i++) {
$_MYSTERY[$config_variables[$i]['directive']] = $config_variables[$i]['value'];
}
return $i;
}
function mystery_session_read($id)
{
// this function gets session data from the database
global $_MYSTERY;
$maxlifetime = ini_get('session.gc_maxlifetime');
$table = $_MYSTERY['table_prefix'] . 'sessions';
$cutoff = date('YmdHis', time() - $maxlifetime);
$query = 'SELECT session_data FROM ' . $table . ' WHERE session_key = ? AND session_timestamp > ?';
$params = array($id, $cutoff);
// mystery_print_r($query, $params); exit;
$session_data = mystery_select_query($query, $params);
if (count($session_data) > 0) {
return $session_data[0]['session_data'];
} else {
return '';
}
}
function portal_get_activity_comments($diy_id, $member_id = '')
{
$comments = array();
$query = 'SELECT *, DATE_FORMAT(pcr.last_update, "%M %e, %Y") AS formatted_date FROM portal_comments_ratings AS pcr LEFT JOIN portal_members AS pm ON pcr.comment_author=pm.member_id WHERE comment_diy_identifier = ?';
$params = array($diy_id);
if ($member_id != '') {
$query .= ' AND comment_author = ?';
$params[] = $member_id;
}
$query .= ' ORDER BY pcr.last_update DESC';
$comments = mystery_select_query($query, $params, 'portal_dbh');
return $comments;
}
<?php
// This file provides lists of activities available from the diy
$page_title = 'Activity Listing';
echo '<p><em>This page will be used during the workshop to make it easier for everyone to share each other\'s activities. After the workshop, this page
will be incorporated into the standard activity selection panel so that you can use them with your students.</em></p>';
/*
$query_conditions[] = 'public = ?';
$query_params[] = 1;
*/
$query = 'SELECT member_username FROM portal_members WHERE member_school = ?';
$params = array($_SESSION['portal']['member_school']);
$results = mystery_select_query($query, $params, 'portal_dbh');
$school_members = mystery_convert_results_to_simple_array($results, 'member_username');
//mystery_print_r($school_members);
$conditions = array();
$params = array();
switch ($_PORTAL['activity']) {
case 'my':
// only my activities
$conditions[] = 'login = ?';
$params[] = $_SESSION['portal']['member_username'];
break;
case 'school':
// other's in my school activities but not mine
$conditions[] = 'login <> ?';
$params[] = $_SESSION['portal']['member_username'];
$conditions[] = 'login IN ("' . implode('","', $school_members) . '")';
break;
case 'world':
$conditions[] = 'login NOT IN ("' . implode('","', $school_members) . '")';
function mystery_display_view_data_page()
{
global $_MYSTERY;
// shortcut to make life easier
$t =& $_MYSTERY['table_info'][$_REQUEST['table']];
//mystery_print_r($t);
echo '<h1>Data from ', $t['display_name'], '</h1>';
$query_string = @$_REQUEST['query_string'];
if ($query_string == '') {
// if the admin added a semicolon at the end, strip it
$query_string = preg_replace('~;\\s*?$~', '', $t['default_query']);
// if the admin didn't enter a default query, make the simple select *
if ($query_string == '') {
$query_string = 'SELECT * FROM ' . $t['real_name'];
}
}
// Make sure that this query is displayable (i.e., contains SELECT)
if (!preg_match('~^select ~i', $query_string) || preg_match('~into (outfile|dumpfile)~i', $query_string)) {
mystery_log_violation('Green', 'View data query contained an outfile phrase or did not begin with select - ' . $query_string);
}
// Store the value of the $query_string variable without any order_by clauses
$prev_query_string = $query_string;
// Check for foreign keys and add data to associative array that can be referenced
// by the field values later in the script
if (count($t['foreign_keys'] > 0)) {
reset($t['foreign_keys']);
$fk_field_display = array();
for ($i = 0; $i < count($t['foreign_keys']); $i++) {
while (list($eds_key, $eds_value) = each($t['foreign_keys'])) {
$query = 'SELECT DISTINCT ' . mystery_convert_csv_to_concat($t['foreign_keys'][$eds_key]['label']) . ' AS fk_label, ' . $foreign_keys[$eds_key]['value'] . ' AS fk_value FROM ' . $foreign_keys[$eds_key]['table'] . ' ORDER BY fk_label';
$params = array();
$result = mystery_select_query($query, $params);
for ($i = 0; $i < count($result); $i++) {
$fk_field_display[$eds_key][$result[$i]['fk_value']] = htmlspecialchars($result[$i]['fk_label']);
}
}
}
}
// If the user is a row access user, only grab her rows
//PAUL, START HERE>>>>
if ($this_access_type == 'row' && $this_table_owner_key != '') {
$glue_word = ' WHERE ';
if (preg_match('~ where ~i', $query_string)) {
$glue_word = ' AND ';
}
$user_term = $this_table_owner_key . '="' . $this_owner_id . '"';
$where_clause = $glue_word . $user_term;
if (!preg_match("~{$user_term}~i", $query_string)) {
$query_string .= $where_clause;
$glue_word = ' AND ';
}
}
// Set the field to sort the results by and the direction
if ($order_by == '') {
$order_by = $this_table_default_order_field;
}
if ($reverse_sort == '') {
$reverse_sort = $this_table_default_reverse_sort;
}
if ($reverse_sort == 'yes') {
$desc = ' DESC';
} else {
$desc = '';
}
if ($order_by != '') {
$query_string .= ' ORDER BY ' . $order_by . $desc;
}
if ($in_admin_group == 'yes') {
echo '<p><small>', $query_string, '</small></p>';
}
// Perform the query
$result = mysql_query($query_string, $dbh);
$error_message = mysql_error();
// Show an error if one occurs now
if ($error_message != '') {
$error_message = mysql_errno() . ': ' . $error_message;
echo '<p><span class="error">ERROR: ', $error_message, '</span></p>';
}
}
function mystery_get_table_related_tables($table_id)
{
// Check for any related fields/tables to this table
// This is used to preserve referential data integrity.
global $_MYSTERY;
$rd_query = 'SELECT foreign_table_value_field AS field, foreign_table_label_field AS field_display, local_table_field AS related_field, table_real_name AS related_table, table_id AS related_table_id, table_display_name AS related_table_display_name,table_primary_key AS related_table_pk FROM ' . $_MYSTERY['table_prefix'] . 'foreign_keys AS mfk LEFT JOIN ' . $_MYSTERY['table_prefix'] . 'tables AS mt ON mfk.local_table_id=mt.table_id WHERE foreign_table_id = ?';
$params = array($table_id);
$rd_result = mystery_select_query($rd_query, $params);
$_MYSTERY['table_info'][$table_id]['relations'] = array();
for ($i = 0; $i < count($rd_result); $i++) {
$_MYSTERY['table_info'][$table_id]['relations']['field'][] = $rd_result[$i]['field'];
$_MYSTERY['table_info'][$table_id]['relations']['field_display'][] = $rd_result[$i]['field_display'];
$_MYSTERY['table_info'][$table_id]['relations']['related_field'][] = $rd_result[$i]['related_field'];
$_MYSTERY['table_info'][$table_id]['relations']['related_table'][] = $rd_result[$i]['related_table'];
$_MYSTERY['table_info'][$table_id]['relations']['related_table_id'][] = $rd_result[$i]['related_table_id'];
$_MYSTERY['table_info'][$table_id]['relations']['related_table_display_name'][] = $rd_result[$i]['related_table_display_name'];
$_MYSTERY['table_info'][$table_id]['relations']['related_table_pk'][] = $rd_result[$i]['related_table_pk'];
}
}
function portal_get_class_accommodations($class_id)
{
$query = 'SELECT * FROM portal_accommodation_usage WHERE usage_type = ? AND usage_type_id = ?';
$params = array('class', $class_id);
$results = mystery_select_query($query, $params, 'portal_dbh');
return $results;
}
function mystery_internal_auth($username, $password)
{
// This function performs standard Mystery authentication
// It returns an associative array:
//
// $user_info['user_username']
// $user_info['user_first_name']
// $user_info['user_last_name']
// $user_info['user_email']
//
// Why the username? Because the user may enter their email address instead.
global $_MYSTERY;
$user_info = array();
$query = 'SELECT * FROM ' . $_MYSTERY['table_prefix'] . 'users WHERE (user_username = ? OR user_email = ?) AND user_password = ?';
$params = array($username, $username, md5($password));
$results = mystery_select_query($query, $params);
if (count($results) > 0) {
// check this users ip address restriction as well
if ($results[0]['user_valid_ip'] == '*') {
// make it a proper regular expression
$results[0]['user_valid_ip'] = '.*';
}
if (preg_match('~' . $results[0]['user_valid_ip'] . '~', $_SERVER['REMOTE_ADDR'])) {
// user authenticates and matches the ip restriction. Set their user info.
$user_info['user_username'] = $results[0]['user_username'];
$user_info['user_first_name'] = $results[0]['user_first_name'];
$user_info['user_last_name'] = $results[0]['user_last_name'];
$user_info['user_email'] = $results[0]['user_email'];
// set a flag so we know they used mystery to login
$_SESSION['mystery_login'] = '******';
}
}
return $user_info;
}
