public static function getString($blueprint, $field, $id)
{
$tag = "Binary::getString()";
Log::debug("{$tag}: {$blueprint}, {$field}, {$id}");
$query = "SELECT {$field} FROM {$blueprint} WHERE id={$id}";
$sql = new DatabaseQuery($query);
try {
$sql->doQuery();
if ($sql->get_num_rows() == 1) {
$row = $sql->get_next_row();
$binaryString = $row->{$field};
return $binaryString;
} else {
Log::warning("{$tag}: {$blueprint}.{$field}.{$id} not found");
throw new Exception("{$tag}: {$blueprint}.{$field}.{$id} not found");
}
} catch (Exception $e) {
Log::error("{$tag}: [{$sql->err_code}] {$sql->err_message}");
throw $e;
}
}
public static function checkPassword($entitySignature, $loginKey, $passwdKey, $login, $passwd)
{
$tag = "Login::checkPassword()";
Log::notice("{$tag}: <{$login}>");
try {
$blueprint = BlueprintReader::read($entitySignature);
$authTable = $blueprint->getKey();
$passwdField = $blueprint->get($passwdKey);
$encType = $passwdField->getEncType();
if ($encType != "plain") {
$passwd = hash($encType, $passwd);
}
} catch (Exception $e) {
Log::error("{$tag}: " . $e->getMessage());
return false;
}
$query = "SELECT {$passwdKey} FROM {$authTable} WHERE {$loginKey}='{$login}'";
$sql = new DatabaseQuery($query);
try {
$sql->doQuery();
if ($sql->get_num_rows() == 0) {
Log::notice("{$tag}: Login not found.");
return false;
} else {
if ($sql->get_num_rows() == 1) {
$row = $sql->get_next_row();
$_passwd = $row->{$passwdKey};
if ($_passwd == $passwd) {
Log::notice("{$tag}: Password Correct");
return true;
} else {
Log::notice("{$tag}: Password INCORRECT");
return false;
}
} else {
if ($sql->get_num_rows() > 1) {
Log::warning("{$tag}: Multiple matches for login.");
return false;
}
}
}
} catch (Exception $e) {
Log::error("{$tag}: " . $e->getMessage());
return false;
}
}
/**
* Constructor
* Use $db->createResult( $parent, $name ) instead
*
* @param Database|DatabaseTable $parent
* @param string $name
*
* @since 1.0.0
*/
public function __construct($parent, $name)
{
if ($parent instanceof Database) {
// basic result
$this->db = $parent;
$this->table = $this->db->schema()->getAlias($name);
$this->query = DatabaseQuery::getInstance()->from($this->table);
} else {
// result referenced to parent
$this->parent = $parent;
$this->db = $parent->getDatabase();
$this->query = $parent->getDatabaseQuery();
// determine type of reference based on conventions and user hints
$this->table = $this->db->schema()->isAlias($name) ? $this->db->schema()->getTable($name) : $name;
if ($parent->getTable() == $this->table) {
$this->key = $this->db->schema()->getPrimary($this->getTable());
$this->parentKey = $this->db->schema()->getReference($parent->getTable(), $name);
} else {
$this->key = $this->db->schema()->getBackReference($parent->getTable(), $name);
$this->parentKey = $this->db->schema()->getPrimary($parent->getTable());
}
}
}
public static function validateField(Entity $entity, $key)
{
$tag = "EntityValidator::validateField({$key})";
Log::debug("{$tag}");
try {
$value = $entity->get($key);
$blueprint = $entity->blueprint();
$field = $blueprint->get($key);
$displayName = $field->getDisplayName();
$dataType = $field->getDataType();
if ($field->isRequired()) {
if (empty($value) && $value != "0") {
return "Missing required value '{$displayName}'";
}
}
if (!empty($value) || $value == "0") {
switch ($dataType) {
case "string":
$max = $field->getMax();
if (!empty($max) && strlen($value) > $max) {
return "'{$displayName}' exceeds maximum character limit ({$max})";
}
$regexp = $field->getRegexp();
if (!empty($regexp)) {
if (!ereg($regexp, $value)) {
$example = $field->getExample();
return "'{$displayName}' does not match the required pattern '{$example}'";
}
}
break;
case "int":
if (!is_numeric($value) || strpos($value, ".")) {
return "'{$displayName}' must be an integer";
}
$min = $field->getMin();
if ((!empty($min) || $min == "0") && $value < $min) {
return "'{$displayName}' less than minimum required ({$min})";
}
$max = $field->getMax();
if ((!empty($max) || $max == "0") && $value > $max) {
return "'{$displayName}' greater than maximum allowed ({$max})";
}
break;
case "decimal":
if (!is_numeric($value)) {
return "'{$displayName}' must be a number";
}
$min = $field->getMin();
if ((!empty($min) || $min == "0") && $value < $min) {
return "'{$displayName}' less than minimum required ({$min})";
}
$max = $field->getMax();
if ((!empty($max) || $max == "0") && $value > $max) {
return "'{$displayName}' greater than maximum allowed ({$max})";
}
$precision = $field->getPrecision();
if ($decimalPosition = strpos($value, ".")) {
$decimals = substr($value, $decimalPosition + 1);
if (!empty($precision) && strlen($decimals) > $precision) {
return "'{$displayName}' has more than {$precision} allowed digits after decimal point";
}
}
break;
case "date":
$regexp = "^([0-9]{4})\\-([0-9]{2})\\-([0-9]{2})\$";
$example = $field->getExample();
if (!ereg($regexp, $value, $regs)) {
return "'{$displayName}' does not match required pattern '{$example}'";
}
$year = $regs[1];
$month = $regs[2];
$day = $regs[3];
if (!checkdate($month, $day, $year)) {
return "'{$displayName}' is not a valid date";
}
break;
case "datetime":
$regexp = "^([0-9]{4})\\-([0-9]{2})\\-([0-9]{2}) ([0-9]{2})\\:([0-9]{2})\\:([0-9]{2})\$";
$example = $field->getExample();
if (!ereg($regexp, $value, $regs)) {
return "'{$displayName}' does not match required pattern '{$example}'";
}
$year = $regs[1];
$month = $regs[2];
$day = $regs[3];
$hour = $regs[4];
$minute = $regs[5];
$seconds = $regs[6];
if (!checkdate($month, $day, $year)) {
return "'{$displayName}' contains an valid date";
}
if ($hour > 23 || $minute > 59 || $seconds > 59) {
return "'{$displayName}' contains an invalid time";
}
break;
case "time":
$regexp = "^([0-9]{2})\\:([0-9]{2})(\\:([0-9]{2}))?\$";
$example = $field->getExample();
if (!ereg($regexp, $value, $regs)) {
return "'{$displayName}' does not match required pattern '{$example}'";
}
$hour = $regs[1];
$minute = $regs[2];
$seconds = $regs[4];
if ($hour > 23 || $minute > 59 || $seconds > 59) {
return "'{$displayName}' contains an invalid time";
}
break;
case "enum":
$enumOptions = $field->getEnumOptions();
if (!in_array($value, $enumOptions)) {
return "'{$value}' is not a valid selection for '{$displayName}'";
}
break;
case "text":
$min = $field->getMin();
$max = $field->getMax();
$mimeType = $field->getMimeType();
break;
case "binary":
$min = $field->getMin();
$max = $field->getMax();
$mimeType = $field->getMimeType();
break;
}
// END: switch($dataType)
if ($field->isUnique()) {
if ($dataType == "int") {
$query = "SELECT id FROM " . $blueprint->getKey() . " WHERE " . $field->getKey() . "={$value}";
} else {
$query = "SELECT id FROM " . $blueprint->getKey() . " WHERE " . $field->getKey() . "='{$value}'";
}
try {
$sql = new DatabaseQuery($query);
$sql->doQuery();
if ($sql->get_num_rows() > 0) {
$row = $sql->get_next_row();
$id = $row->id;
if ($id == $entity->getId()) {
// this entity is simply using its own pre-existing unique value for key
} else {
// unique value is already in use for this key
return "'{$value}' is already in use for '{$displayName}'";
}
}
} catch (Exception $e) {
// query failed
Log::error("{$tag}: " . $e->getMessage());
return "Unable to validate uniqueness of '{$displayName}'";
}
}
}
// END: if((!empty($value)) || ($value==0))
} catch (Exception $e) {
// blueprint does not contain a field for $key
Log::warning("{$tag}: No field defined for '{$key}'");
// do not report an error
return false;
}
return false;
}
public function login($email, $password)
{
//Select users row from database base on $email
$selection = 1;
$login_connection_select_result = parent::findUserForLogin($email);
while ($login_connection_select_result) {
// echo $login_connection_select_result['email'];
$password = $login_connection_select_result['user_salt'] . $password;
/* echo "<br>";
echo "<br>";
echo $r['user_salt'];*/
$password = $this->hashData($password);
/* echo "<br>";
echo "<br>";
echo $password;*/
$is_active = (bool) $login_connection_select_result['is_active'];
$is_verified = (bool) $login_connection_select_result['is_verified'];
/* echo $is_active;
echo $is_verified;*/
if ($password == $login_connection_select_result['password']) {
if ($is_active == true && $is_verified == true) {
/* echo "Sucess";*/
$random = $this->randomString();
$token = $_SERVER['HTTP_USER_AGENT'] . $random;
$token = $this->hashData($token);
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$session_id = 1;
$user_id = $login_connection_select_result['id'];
$encryption_key = $this->encryption_key;
$encrypted_user_id = $this->encode($user_id);
$time = time();
setcookie("athToken", $encrypted_user_id, time() + 86400);
//Setup sessions vars
if (!isset($_SESSION)) {
session_start();
}
$message = parent::insertLoginSession($login_connection_select_result['id'], $session_id, $token, $user_agent);
/* echo "0";*/
return "0";
} else {
if ($is_active == true) {
echo "You're not an verified user";
/* echo "2";*/
return "2";
} else {
if ($is_verified == true) {
echo "You're not an activated user";
/* echo "3";*/
return "3";
} else {
echo "You're not activated/verified";
/* echo "4";*/
return "4";
}
}
}
} else {
echo "You're credentials are incorect";
/* echo "1";*/
return "1";
}
}
/* } catch (PDOException $pe) {
die("Could not connect to the database $dbname :" . $pe->getMessage());
}*/
}
public function findWhere($keys, $values)
{
$tag = "EntityDAO: findWhere()";
Log::notice("{$tag}: ({$keys}, {$values})");
$blueprint = $this->blueprint;
$timezone_offset = $this->timezone_offset_select;
$blueprintKey = $this->tableName();
$query = new EntityQuery($blueprint, $timezone_offset);
if (!is_array($keys) && !is_array($values)) {
// convert non-array arguments into single element arrays
$keys = array($keys);
$values = array($values);
} else {
if (is_array($keys) && !is_array($values) || count($keys) != count($values)) {
throw new Exception("Length of (key,value) arguments do not match");
}
}
try {
for ($i = 0; $i < count($keys); $i++) {
$key = $keys[$i];
$value = $values[$i];
$field = $blueprint->get($key);
switch ($field->getDataType()) {
case "int":
$query->where("{$blueprintKey}.{$key}={$value}");
break;
case "datetime":
case "time":
$query->where("{$blueprintKey}.{$key}=CONVERT_TZ('{$value}', '{$timezone_offset}', '" . BPTimezone::UTC . "')");
break;
default:
$query->where("{$blueprintKey}.{$key}='{$value}'");
break;
}
}
} catch (Exception $e) {
Log::error("{$tag}: Field [{$key}] is not defined by [" . $blueprint->getKey() . "]");
throw $e;
}
try {
$sql = new DatabaseQuery($query->toString());
$sql->doQuery();
$matches = array();
$num_rows = $sql->get_num_rows();
Log::debug("{$tag}: Found {$num_rows} matches");
for ($i = 0; $i < $sql->get_num_rows(); $i++) {
$row = $sql->get_next_row();
$entity = new Entity($blueprint);
$entity->setId($row->id);
$entity->setModified($row->modified);
foreach ($blueprint->fields() as $field) {
$key = $field->getKey();
$value = $row->{$key};
if ($field->isForeignKey()) {
$foreignValueColumn = str_replace(".", "_", $field->getForeignValue());
$foreignValue = $row->{$foreignValueColumn};
$entity->setForeignValue($key, $foreignValue);
}
switch ($field->getDataType()) {
case "binary":
if (get_magic_quotes_gpc()) {
$value = stripslashes($str);
}
$lengthKey = $key . "_length";
$length = $row->{$lengthKey};
$entity->length($key, $length);
break;
}
$entity->set($key, $value);
}
$matches[] = $entity;
}
return $matches;
} catch (Exception $e) {
Log::error("{$tag}: [" . $sql->err_code . "] " . $sql->err_message);
throw $e;
}
}
public static function session_handler_write($session_id, $session_data)
{
$tag = "Session::session_handler_write({$session_id})";
Log::debug($tag);
try {
// For maximum performace, query the database directly (do not use EntityDAO)
$session_table_name = substr(BPConfig::$session_blueprint, 0, strpos(BPConfig::$session_blueprint, "."));
$session_field_id = BPConfig::$session_field_id;
$session_field_data = BPConfig::$session_field_data;
// Prepare session_data
//Log::debug("$session_data");
$session_data = DatabaseSanitizer::sanitize($session_data);
$session_data = base64_encode($session_data);
$query = "SELECT id FROM {$session_table_name} WHERE " . $session_field_id . "='{$session_id}'";
$sql = new DatabaseQuery($query);
$sql->doQuery();
if ($sql->get_num_rows() == 0) {
// Insert a new session
$insert = "INSERT INTO {$session_table_name} ({$session_field_id},{$session_field_data}) " . "VALUES ('" . DatabaseSanitizer::sanitize($session_id) . "','" . $session_data . "')";
$sql = new DatabaseUpdate($insert, "insert");
$sql->doUpdate();
return true;
} else {
// Update an existing session
$update = "UPDATE {$session_table_name} SET {$session_field_data}='" . $session_data . "'" . " WHERE {$session_field_id}='" . DatabaseSanitizer::sanitize($session_id) . "'";
$sql = new DatabaseUpdate($update, "insert");
$sql->doUpdate();
return true;
}
} catch (Exception $e) {
Log::error("{$tag}: Caught: " . $e->getMessage());
return false;
}
}
public function render()
{
$tag = "FormXMLDrafter: render()";
Log::debug("{$tag}");
// convenience pointers
$id = $this->id;
$entityId = $this->entityId;
$entityBP = $this->entityBlueprint;
$formBP = $this->formBlueprint;
$fields = $this->formFields;
$params = $this->params;
// encode params for inclusion in html
$encodedParams = ParamEncoder::encode($params);
// init xml respose
$xml = new SimpleXmlElement("<bpXmlDraftRendering></bpXmlDraftRendering>");
$rendering = $xml;
$rendering->addAttribute("id", $id);
$rendering->addAttribute("type", "form");
$rendering->addAttribute("entitySignature", $entityBP->signature());
if ($formBP) {
$rendering->addAttribute("formSignature", $formBP->signature());
}
$rendering->addAttribute("entityId", $entityId);
$rendering->addAttribute("params", $encodedParams);
foreach ($fields as $f) {
// collect data for this field
$key = $f->getKey();
$entityField = $entityBP->get($key);
// add new <field> to xml response
$fieldPtr = $rendering->addChild("field");
$fieldPtr->addAttribute("key", $key);
/*
// add details for this <field>
*/
// displayName
$fieldPtr->addChild("displayName", $f->displayName);
// dataType
$fieldPtr->addChild("dataType", $f->dataType);
// value
// replace "&" with "&" to prevent xml errors
$f->value = str_replace("&", "&", $f->value);
switch ($f->dataType) {
case "string":
if ($entityField->getEncType() != "plain") {
$fieldPtr->addChild("value", "********");
} else {
$fieldPtr->addChild("value", $f->value);
}
break;
case "binary":
$binaryValue = !empty($f->value) ? "/blueprints/binary/" . $entityBP->getKey() . "/" . $key . "/" . $entityId : "";
$binaryValuePtr = $fieldPtr->addChild("value", $binaryValue);
$binaryValuePtr->addAttribute("mimeType", $entityField->getMimeType());
break;
default:
$fieldPtr->addChild("value", $f->value);
}
// foreign value options
if ($entityField->isForeignKey()) {
$enumPtr = $fieldPtr->addChild("foreignOptions");
$foreignKey = substr($entityField->getForeignKey(), strpos($entityField->getForeignKey(), ".") + 1);
$foreignValue = substr($entityField->getForeignValue(), strpos($entityField->getForeignValue(), ".") + 1);
$foreignTable = substr($entityField->getForeignKey(), 0, strpos($entityField->getForeignKey(), "."));
$query = "SELECT {$foreignKey}, {$foreignValue} FROM {$foreignTable} ORDER BY {$foreignValue}";
// TODO: include WHERE cluase from formBlueprint->field:where
$sql = new DatabaseQuery($query);
try {
$sql->doQuery();
$num_rows = $sql->get_num_rows();
for ($i = 0; $i < $num_rows; $i++) {
$row = $sql->get_next_row();
$foreignKeyResult = $row->{$foreignKey};
$foreignValueResult = $row->{$foreignValue};
// clean
$foreignValueResult = htmlentities($foreignValueResult);
$optionPtr = $enumPtr->addChild("foreignOption", $foreignValueResult);
$optionPtr->addAttribute("key", $foreignKeyResult);
}
} catch (Exception $e) {
Log::error("Caught Exception: " . $e->getMessage());
}
}
// enumOptions
if ($f->dataType == "enum") {
$enumPtr = $fieldPtr->addChild("enumOptions");
$enumOptions = $entityField->getEnumOptions();
foreach ($enumOptions as $e) {
$enumPtr->addChild("enumOption", $e);
}
}
// validation errors
if ($f->err) {
$errPtr = $fieldPtr->addChild("validationError");
$errPtr->addChild("message", $f->err);
}
}
// END: foreach($fields as $f)
// Return XML string
// NOTE: using DomDocument provides more flexibility (supressing empty tags, and removing xml declaration)
// This xml cannot contain an xml declaration, because we plan on embedding it in another xml document
$dom = new DomDocument();
$dom->loadXML($xml->asXML());
$node = $dom->getElementsByTagName("bpXmlDraftRendering")->item(0);
return $dom->saveXML($node, LIBXML_NOEMPTYTAG);
}
public function render()
{
$tag = "FormDrafter: render()";
Log::debug("$tag");
// convenience pointers
$id = $this->id;
$entityId = $this->entityId;
$entityBP = $this->entityBlueprint;
$formBP = $this->formBlueprint;
$fields = $this->formFields;
$params = $this->params;
// encode params for inclusion in html
$encodedParams = ParamEncoder::encode($params);
// translate buttonPlacement into html element
$buttonContainer = "tfoot";
if( array_key_exists("buttonPlacement", $params) )
{
if($params["buttonPlacement"] == "thead")
$buttonContainer = "thead";
else
$buttonContainer = "tfoot";
}
// turn on output buffering
@ob_end_flush();
ob_start();
?>
<div class="bp-draft-rendering" id="<?= $id ?>" type="form" renderer="FormDrafter" entitySignature="<?= $entityBP->signature(); ?>" formSignature="<?= ($formBP) ? $formBP->signature() : ""; ?>" entityId="<?= $entityId ?>" params="<?= $encodedParams ?>">
<form class="bp-form" method="POST" <?= (array_key_exists("action", $params)) ? "action='" . $params["action"] . "'" : "" ?>>
<table class="bp-form-table">
<?
if( array_key_exists("buttons", $params) )
{
echo "<" . $buttonContainer . ">"; // OPEN: <thead> or <tfoot>
?>
<tr>
<td colspan="2" align="<?= $params["buttonAlignment"] ?>" class="bp-form-buttons">
<?
$buttonKeys = array_keys($params["buttons"]);
foreach($buttonKeys as $b)
{
?>
<input type="button" class="bp-form-button" value="<?= $b ?>" onClick="<?= $params["buttons"]["$b"] ?>" />
<?
}
?>
</td>
</tr>
<?
echo "</" . $buttonContainer. ">"; // CLOSE: </thead> or </tfoot>
}
?>
<tbody>
<?
foreach($fields as $f)
{
$key = $f->getKey();
$entityField = $entityBP->get($key);
if($f->display != "hidden")
{
?>
<tr>
<td class="bp-form-label"><?= $f->displayName; ?></td>
<td class="bp-form-input">
<?
if(!$entityField->isForeignKey())
{
switch($f->dataType)
{
case "string":
if($entityField->getEncType() == "plain")
{
?><input type="text" name="<?= $key ?>" value="<?= $f->value; ?>" class="<?= ($f->err) ? "bp-validation-error" : "" ?>" <?= ($f->err) ? "title='" . $f->err . "'" : "" ?> /><?
}
else
{
?>
<input type="password" name="<?= $key ?>" value="********" class="<?= ($f->err) ? "bp-validation-error" : "" ?>" <?= ($f->err) ? "title='" . $f->err . "'" : "" ?> disabled="true" size="10" />
<button class="bp-form-encoded-clear" href="<?= $key ?>">Edit</button>
<?
}
break;
case "text":
?><textarea name="<?= $key ?>" class="<?= ($f->err) ? "bp-validation-error" : "" ?>" <?= ($f->err) ? "title='" . $f->err . "'" : "" ?>><?= $f->value; ?></textarea><?
break;
case "int":
case "decimal":
?><input type="text" name="<?= $key ?>" value="<?= $f->value ?>" class="<?= ($f->err) ? "bp-validation-error" : "" ?>" /><?
break;
case "date":
?><input type="text" name="<?= $key ?>" value="<?= $f->value ?>" class="bp-form-input-date <?= ($f->err) ? "bp-validation-error" : "" ?>" /><?
break;
case "datetime":
?><input type="text" name="<?= $key ?>" value="<?= $f->value ?>" class="bp-form-input-datetime <?= ($f->err) ? "bp-validation-error" : "" ?>" /><?
break;
case "time":
?><input type="text" name="<?= $key ?>" value="<?= $f->value ?>" class="bp-form-input-time <?= ($f->err) ? "bp-validation-error" : "" ?>" /><?
break;
case "enum":
$enumOptions = $entityField->getEnumOptions();
if(count($enumOptions) <= 2)
{
?><div class="<?= ($f->err) ? "bp-validation-error" : "" ?>" <?= ($f->err) ? "title='" . $f->err . "'" : "" ?>><?
foreach($enumOptions as $e)
{
?><input type="radio" name="<?= $key ?>" value="<?= $e ?>" <?= ($f->value==$e) ? "CHECKED" : "" ?>><?= $e ?><?
}
?></div><?
}
else
{
?>
<select name="<?= $key ?>" class="<?= ($f->err) ? "bp-validation-error" : "" ?>">
<option value=""></option>
<?
foreach($enumOptions as $e)
{
?><option value="<?= $e ?>" <?= ($f->value==$e) ? "SELECTED" : "" ?>><?= $e ?></option><?
}
?>
</select>
<?
}
break;
case "binary":
?><span class="bp-form-binary"><?
if(empty($f->value))
{
?>
<input type="file" name="<?= $key ?>" />
<?
}
else
{
?>
<a href="/blueprints/binary/<?= $entityBP->getKey() ?>/<?= $key ?>/<?= $entityId ?>"><?= $entityField->getMimeType(); ?></a>
<button class="bp-form-binary-clear" href="<?= $key ?>">Clear</button>
<?
}
?></span><?
break;
}
} // END: if(!$f->isForeignKey())
else
{
$foreignKey = substr($entityField->getForeignKey(), strpos($entityField->getForeignKey(), ".")+1);
$foreignValue = substr($entityField->getForeignValue(), strpos($entityField->getForeignValue(), ".")+1);
$foreignTable = substr($entityField->getForeignKey(), 0, strpos($entityField->getForeignKey(), "."));
$query = "SELECT $foreignKey, $foreignValue FROM $foreignTable ORDER BY $foreignValue";
// TODO: include WHERE cluase from formBlueprint->field:where
$sql = new DatabaseQuery($query);
try
{
$sql->doQuery();
?>
<select name="<?= $key ?>" class="<?= ($f->err) ? "bp-validation-error" : "" ?>">
<option value=""></option>
<?
$num_rows = $sql->get_num_rows();
for($i=0; $i<$num_rows; $i++)
{
$row = $sql->get_next_row();
$foreignKeyResult = $row->$foreignKey;
$foreignValueResult = $row->$foreignValue;
?>
<option value="<?= $foreignKeyResult ?>" <?= ($f->value==$foreignKeyResult) ? "SELECTED" : ""; ?>><?= $foreignValueResult ?></option>
<?
}
?>
</select>
<?
}
catch(Exception $e)
{
Log::error("Caught Exception: " . $e->getMessage());
}
}
?>
</td>
</tr>
<?
} // END: if($f->display != "hidden")
else
{
?>
<input type="hidden" name="<?= $key ?>" value="<?= $f->value ?>" />
<?
}
} // END: foreach($fields as $f)
?>
</tbody>
</table>
</form>
</div>
<?
// return contents of output buffer
$html = ob_get_contents();
ob_end_clean();
return $html;
}
public function render()
{
$tag = "FilterDrafter: render()";
Log::debug("$tag");
// convenience pointers
$id = $this->id;
$entityBP = $this->entityBlueprint;
$filterBP = $this->filterBlueprint;
$filters = $this->filters;
$params = $this->params;
// encode params for inclusion in html
$encodedParams = ParamEncoder::encode($params);
// translate buttonPlacement into html element
$buttonContainer = "tfoot";
if( array_key_exists("buttonPlacement", $params) )
{
if($params["buttonPlacement"] == "thead")
$buttonContainer = "thead";
else
$buttonContainer = "tfoot";
}
// turn on output buffering
@ob_end_flush();
ob_start();
?>
<div class="bp-draft-rendering" id="<?= $id ?>" type="filter" renderer="FilterDrafter" entitySignature="<?= $entityBP->signature(); ?>" filterSignature="<?= ($filterBP) ? $filterBP->signature() : ""; ?>" params="<?= $encodedParams ?>">
<form class="bp-filter-form">
<table class="bp-filter-table">
<?
if( array_key_exists("buttons", $params) )
{
echo "<" . $buttonContainer . ">"; // OPEN: <thead> or <tfoot>
?>
<tr>
<td colspan="2" align="<?= $params["buttonAlignment"] ?>" class="bp-form-buttons">
<?
$buttonKeys = array_keys($params["buttons"]);
foreach($buttonKeys as $b)
{
?>
<input type="button" class="bp-form-button" value="<?= $b ?>" onClick="<?= $params["buttons"]["$b"] ?>" />
<?
}
?>
</td>
</tr>
<?
echo "</" . $buttonContainer. ">"; // CLOSE: </thead> or </tfoot>
}
?>
<tbody>
<?
foreach($filters as $f)
{
$key = $f->getKey();
$type = $f->type;
?>
<tr>
<td class="bp-filter-label"><?= $f->displayName; ?></td>
<td class="bp-filter-input">
<?
if(!$f->isForeignKey())
{
switch($f->dataType)
{
case "string":
case "text":
?><input type="text" key="<?= $key ?>" name="<?= $key . "_" . $type ?>" value="<?= $f->value["$type"]; ?>" /><?
break;
case "int":
case "decimal":
case "date":
case "datetime":
switch($type)
{
case "min":
case "max":
case "equals":
?><input type="text" key="<?= $key ?>" name="<?= $key . "_" . $type ?>" value="<?= $f->value["$type"]; ?>" /><?
break;
case "range":
?><input type="text" key="<?= $key ?>" name="<?= $key . "_min" ?>" value="<?= $f->value["min"]; ?>" /> to <input type="text" key="<?= $key ?>" name="<?= $key . "_max" ?>" value="<?= $f->value["max"]; ?>" /><?
break;
}
break;
case "enum":
$entityField = $entityBP->get($key);
$enumOptions = $entityField->getEnumOptions();
?>
<select key="<?= $key ?>" name="<?= $key . "_" . $type ?>">
<option value=""></option>
<?
foreach($enumOptions as $e)
{
?><option value="<?= $e ?>" <?= ($f->value["$type"]==$e) ? "SELECTED" : "" ?>><?= $e ?></option><?
}
?>
</select>
<?
break;
case "binary":
// TODO: render; type=not null|size
break;
} // END: switch($f->dataType)
} // END: if(!$f->isForeignKey())
else
{
$foreignKey = substr($f->foreignKey, strpos($f->foreignKey, ".")+1);
$foreignValue = substr($f->foreignValue, strpos($f->foreignValue, ".")+1);
$foreignTable = substr($f->foreignKey, 0, strpos($f->foreignKey, "."));
$query = "SELECT $foreignKey, $foreignValue FROM $foreignTable";
// TODO: include WHERE cluase from filterBlueprint->field:where
$sql = new DatabaseQuery($query);
try
{
$sql->doQuery();
?>
<select key="<?= $key ?>" name="<?= $key . "_equals" ?>">
<option value=""></option>
<?
$num_rows = $sql->get_num_rows();
for($i=0; $i<$num_rows; $i++)
{
$row = $sql->get_next_row();
$foreignKeyResult = $row->$foreignKey;
$foreignValueResult = $row->$foreignValue;
?>
<option value="<?= $foreignKeyResult ?>" <?= ($f->value["equals"]==$foreignKeyResult) ? "SELECTED" : ""; ?>><?= $foreignValueResult ?></option>
<?
}
?>
</select>
<?
}
catch(Exception $e)
{
Log::error("Caught Exception: " . $e->getMessage());
}
}
?>
</td>
</tr>
<?
}
?>
</tbody>
</table>
</form>
</div>
<?
// return contents of output buffer
$html = ob_get_contents();
ob_end_clean();
return $html;
}
<?php
require_once 'classes/database.php';
// session_start();
$track_instance = new DatabaseQuery();
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
if (property_exists($request, "client_timestamp") && property_exists($request, "client_gmt")) {
if (!empty($request->client_timestamp)) {
$client_timestamp_track = $request->client_timestamp;
} else {
$client_timestamp_track = "Not found";
}
if (!empty($request->client_gmt)) {
$client_gmt_track = $request->client_gmt;
} else {
$client_gmt_track = "Not found";
}
} else {
$client_timestamp_track = "Not found";
$client_gmt_track = "Not found";
}
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$client_ip = $_SERVER['HTTP_CLIENT_IP'];
public function render()
{
$tag = "FilterXMLDrafter: render()";
Log::debug("{$tag}");
// convenience pointers
$id = $this->id;
$entityBP = $this->entityBlueprint;
$filterBP = $this->filterBlueprint;
$filters = $this->filters;
$params = $this->params;
// encode params for inclusion in html
$encodedParams = ParamEncoder::encode($params);
// init xml respose
$xml = new SimpleXmlElement("<bpXmlDraftRendering />");
$rendering = $xml;
$rendering->addAttribute("id", $id);
$rendering->addAttribute("type", "filter");
$rendering->addAttribute("entitySignature", $entityBP->signature());
if ($filterBP) {
$rendering->addAttribute("filterSignature", $filterBP->signature());
}
$rendering->addAttribute("params", $encodedParams);
foreach ($filters as $f) {
// collect data for this field
$key = $f->getKey();
$type = $f->type;
// add new <field> to xml response
$fieldPtr = $rendering->addChild("field");
$fieldPtr->addAttribute("key", $key);
$fieldPtr->addChild("type", $type);
$fieldPtr->addChild("dataType", $f->dataType);
$fieldPtr->addChild("displayName", $f->displayName);
// enum options
if ($f->dataType == "enum") {
$enumPtr = $fieldPtr->addChild("enumOptions");
$entityField = $entityBP->get($key);
$enumOptions = $entityField->getEnumOptions();
foreach ($enumOptions as $e) {
$enumPtr->addChild("option", $e);
}
}
// value
if (!$f->isForeignKey()) {
if ($f->hasValue()) {
$filterValue = $f->value;
// an array
$valuePtr = $fieldPtr->addChild("value");
if (array_key_exists("equals", $filterValue)) {
$ptr = $valuePtr->addChild("equals", $filterValue["equals"]);
$ptr->addAttribute("name", $key . "_equals");
}
if (array_key_exists("like", $filterValue)) {
$ptr = $valuePtr->addChild("like", $filterValue["like"]);
$ptr->addAttribute("name", $key . "_like");
}
if (array_key_exists("min", $filterValue)) {
$ptr = $valuePtr->addChild("min", $filterValue["min"]);
$ptr->addAttribute("name", $key . "_min");
}
if (array_key_exists("max", $filterValue)) {
$ptr = $valuePtr->addChild("max", $filterValue["max"]);
$ptr->addAttribute("name", $key . "_max");
}
}
} else {
$enumPtr = $fieldPtr->addChild("foreignOptions");
$foreignKey = substr($f->foreignKey, strpos($f->foreignKey, ".") + 1);
$foreignValue = substr($f->foreignValue, strpos($f->foreignValue, ".") + 1);
$foreignTable = substr($f->foreignKey, 0, strpos($f->foreignKey, "."));
$query = "SELECT {$foreignKey}, {$foreignValue} FROM {$foreignTable}";
// TODO: include WHERE clause from filterBlueprint->field:where
$sql = new DatabaseQuery($query);
try {
$sql->doQuery();
$num_rows = $sql->get_num_rows();
for ($i = 0; $i < $num_rows; $i++) {
$row = $sql->get_next_row();
$foreignKeyResult = $row->{$foreignKey};
$foreignValueResult = $row->{$foreignValue};
$optionPtr = $enumPtr->addChild("option");
$optionPtr->addAttribute("key", $foreignKeyResult);
$optionPtr->addChild("value", $foreignValueResult);
}
} catch (Exception $e) {
Log::error("Caught Exception: " . $e->getMessage());
}
}
}
// END: foreach($filters as $f)
// Return XML string
// NOTE: using DomDocument provides more flexibility (supressing empty tags, and removing xml declaration)
// This xml cannot contain an xml declaration, because we plan on embedding it in another xml document
$dom = new DomDocument();
$dom->loadXML($xml->asXML());
$node = $dom->getElementsByTagName("bpXmlDraftRendering")->item(0);
return $dom->saveXML($node, LIBXML_NOEMPTYTAG);
}
echo "time = " . $access->get("time") . "<br/>";
echo "<br/>";
echo "<strong>Forcing update in session timezone: {$session_timezone_offset}</strong><br/><br/>";
// Update the Access (force Session timezone)
unset($accessDAO);
$accessDAO = new EntityDAO($accessBP, $session_timezone_offset);
$access->set("time", date("Y-m-d H:i:s"));
$access->set("description", "Updated Timezone (with forced session timezone) Test");
$accessDAO->update($access);
echo "Updated Access with id {$access_id}<br/>";
echo "<br/>";
unset($access);
// Load Access with EntityQuery
$accessQuery = new EntityQuery($accessBP);
$accessQuery->where("Access.id={$access_id}");
echo "QUERY:<br/>" . $accessQuery->toString() . "<br/><br/>";
$sql = new DatabaseQuery($accessQuery->toString());
$sql->doQuery();
echo "Selected Access with id {$access_id}<br/>";
$row = $sql->get_next_row();
$modified = $row->modified;
$time = $row->time;
echo "modified = {$modified}<br/>";
echo "time = {$time}<br/>";
echo "<br/>";
unset($row);
unset($sql);
unset($accessQuery);
} catch (Exception $e) {
echo "Caught: " . $e->getMessage() . "<br/><br/>";
}
private function test_access_rule_ownership($rule, $identity, $entityId)
{
$tag = "Guardian: test_access_rule_ownership()";
Log::debug("{$tag}");
$ownerIdentifier = (string) $rule;
$keyPath = $rule["keyPath"];
$identityKeyPath = $rule["identityKeyPath"];
list($ownershipTable, $ownershipField) = explode(".", $keyPath);
list($identityTable, $identityField) = explode(".", $identityKeyPath);
@(list($ownerIdentifierTable, $ownerIdentifierField) = explode(".", $ownerIdentifier));
Log::debug("{$tag}: Rule requires ownership of '{$entityId}' from keyPath '{$keyPath}'");
if ($ownershipTable == $identityTable) {
// TEST FOR DIRECT OWNERSHIP BY IDENTITY
try {
$query = "SELECT {$ownershipField} FROM {$ownershipTable} WHERE id={$entityId}";
$sql = new DatabaseQuery($query);
$sql->doQuery();
if ($sql->get_num_rows() == 1) {
$row = $sql->get_next_row();
$owner_id = $row->{$ownershipField};
if ($owner_id == $identity) {
Log::debug("{$tag}: {$ownershipTable} with ID {$entityId} is owned by requestor");
return true;
} else {
Log::debug("{$tag}: {$ownershipTable} with ID {$entityId} is not owned by requestor");
return false;
}
} else {
Log::warning("{$tag}: {$ownershipTable} with ID {$entityId} was not found");
return false;
}
} catch (Exception $e) {
Log::error("{$tag}: Caught: " . $e->getMessage());
return false;
}
} else {
if (!empty($ownerIdentifier)) {
// TEST FOR INDIRECT OWNERSHIP BY AFFILIATION
// Lookup the "group" that owns this record (in $keyPath)
// Verify that the requestor is Affiliated with this group
try {
$query = "SELECT {$ownershipField} FROM {$ownershipTable} WHERE id={$entityId}";
$sql = new DatabaseQuery($query);
$sql->doQuery();
if ($sql->get_num_rows() == 1) {
$row = $sql->get_next_row();
$owner_id = $row->{$ownershipField};
Log::debug("Rule requires ownership through affiliation with '{$owner_id}' from keyPath '{$ownerIdentifier}'");
$query = "SELECT {$ownerIdentifierField} FROM {$ownerIdentifierTable} WHERE {$identityField}={$identity}";
$sql = new DatabaseQuery($query);
$sql->doQuery();
// NOTE:
// "affiliations" may be defined in such a way that each identity has multiple affiliations
// check each matching affiliation for this identity
if ($sql->get_num_rows() > 0) {
for ($i = 0; $i < $sql->get_num_rows(); $i++) {
$row = $sql->get_next_row();
$_affiliation = $row->{$ownerIdentifierField};
if ($_affiliation == $owner_id) {
Log::debug("{$tag}: Found matching affiliation '{$_affiliation}'");
return true;
}
}
Log::debug("{$tag}: No records with matching affiliation '{$owner_id}'");
return false;
} else {
Log::debug("{$tag}: No affiliation records matching this identity");
return false;
}
} else {
Log::warning("{$tag}: {$ownershipTable} with ID {$entityId} was not found");
return false;
}
} catch (Exception $e) {
Log::error("{$tag}: Caught: " . $e->getMessage());
return false;
}
} else {
Log::error("{$tag}: Invalid <Ownership> rule");
return false;
}
}
}
protected function initReportRows()
{
$tag = "ReportDrafter: initReportRows()";
Log::debug("$tag");
/*
// Build the results table
*/
$reportColumnNames = array();
$reportRows = array();
// convenience pointers
$query = $this->query;
$reportBP = $this->reportBlueprint;
$rowIdKey = $reportBP->getRowIdKey();
try
{
$sql = new DatabaseQuery($query->toString());
$sql->doQuery();
// determine which fields to render
$fields = $reportBP->fields();
if(count($fields) == 0)
{
// use sql result meta data for fields
Log::debug("$tag: Using meta data to determine fields");
$fields = array();
$num_cols = $sql->get_num_columns();
for($i=0; $i<$num_cols; $i++)
{
$col_name = $sql->get_column_name($i);
// create a new ListField for this column
$f = new Field($col_name);
$f->setDisplayName($col_name);
$fields[] = $f;
}
}
$num_rows = $sql->get_num_rows();
if($num_rows > 0)
{
for($i=0; $i<$num_rows; $i++)
{
$row = $sql->get_next_row();
$id = $row->$rowIdKey;
$reportRow = new ListRow($id);
foreach($fields as $f)
{
// NOTE: treat "f" as a generic Field
$key = $f->getKey();
// add to list of column names
$reportColumnNames["$key"] = $f->getDisplayName();
// retrieve value for field
$value = $row->$key;
/*
// FORMAT VALUES
*/
if( (!empty($value)) || ($value=="0") )
{
// format by report blueprint format string
if(count($reportBP->fields()) > 0)
{
try
{
$reportField = $reportBP->get($key);
$format = $reportField->getFormat();
if(!empty($format))
{
if("password" == strtolower($format))
{
$value = "********";
}
} // END: if(!empty($format))
}
catch(Exception $e)
{
// Report Blueprint does not contain a field for current key
// Continue...
}
}
} // END: if( (!empty($value) || ($value=="0") )
// Look for additional column attributes from report blueprint
$href = null;
if(count($reportBP->fields()) > 0)
{
try
{
$reportField = $reportBP->get($key);
$href = $reportField->getHref();
// replace references to report fields with their values
if(!empty($href)) { $href = $this->replaceKeys($href, $row); }
}
catch(Exception $e)
{
// Report Blueprint does not contain a field for current key
// Continue...
}
}
// add a new report column to the report row
$reportRow->addColumn($key, $value, $href);
} // END: foreach($fields as $f)
$reportRows[$i] = $reportRow;
} // END: for($i=0; $i<$num_rows; $i++)
$this->reportColumnNames = $reportColumnNames;
$this->reportRows = $reportRows;
} // END: if($num_rows > 0)
}
catch(Exception $e)
{
throw($e);
}
} // END: protected function initReportRows()
public function AddSong($url, $title)
{
parent::addSong($url, $title);
}
/**
* create a query
*
* @return DatabaseQuery
*
* @since 1.0.0
*/
public function getDatabaseQuery()
{
return DatabaseQuery::getInstance();
}
Log::debug("* domain = {$domain}");
Log::debug("* destination = {$destination}");
Log::debug("* login = {$login}");
// Lookup Member by Login
$memberBP = BlueprintReader::read($entity_blueprint);
$memberDAO = new EntityDAO($memberBP);
$matches = $memberDAO->findWhere($login_key, $login);
if (count($matches) == 1) {
$member = $matches[0];
$member_id = $member->getId();
// Throttle the login attempts
$num_failed_attempts = 0;
if (BPConfig::$login_throttle_enabled) {
$loginThrottleTable = substr(BPConfig::$login_throttle_blueprint, 0, strpos(BPConfig::$login_throttle_blueprint, "."));
$query = "SELECT * FROM " . $loginThrottleTable . " WHERE (" . BPConfig::$login_throttle_field_id . "={$member_id}) AND (time >= (UTC_TIMESTAMP() - INTERVAL " . BPConfig::$login_throttle_lockout_period . " SECOND) )";
$sql = new DatabaseQuery($query);
$sql->doQuery();
$num_failed_attempts = $sql->get_num_rows();
}
if ($num_failed_attempts >= BPConfig::$login_throttle_lockout_attempts) {
Log::warning("* THROTTLE LOCKOUT: " . $num_failed_attempts . " failed login attempts during the last " . BPConfig::$login_throttle_lockout_period . " seconds");
$status = "error";
$message = "Login throttle has prevented another attempt.";
} else {
// Check Password
if (Login::checkPassword($entity_blueprint, $login_key, $passwd_key, $login, $passwd)) {
Login::start($login, $domain);
// ! TODO: inject BPConfig::$guardian_identity_session_key into the users session
$status = "success";
$message = "Login Successful.";
} else {
private static function prepareData(Blueprint $blueprint, $where = NULL, array $filters = NULL)
{
$tag = "EntityExporter::prepareData()";
Log::notice("{$tag}");
/*
// BUILD QUERY
*/
$query = new EntityQuery($blueprint);
// WHERE
if ($where != NULL) {
$query->where($where);
}
// FILTERS
if ($filters != NULL) {
foreach ($filters as $key => $value) {
if (ereg("^filter_(.+)_(.+)", $key, $regs)) {
$filter_field = $regs[1];
$filter_type = $regs[2];
$field = $blueprint->get($filter_field);
switch ($field->getDataType()) {
case "string":
switch ($filter_type) {
case "like":
$query->where("{$filter_field} LIKE '%{$value}%'");
break;
case "equals":
$query->where("{$filter_field}='{$value}'");
break;
}
break;
case "int":
switch ($filter_type) {
case "equals":
$query->where("{$filter_field}={$value}");
break;
case "min":
$query->where("{$filter_field}>={$value}");
break;
case "max":
$query->where("{$filter_field}<={$value}");
}
break;
case "decimal":
switch ($filter_type) {
case "equals":
$query->where("{$filter_field}='{$value}'");
break;
case "min":
$query->where("{$filter_field}>='{$value}'");
break;
case "max":
$query->where("{$filter_field}<='{$value}'");
}
break;
case "date":
case "datetime":
switch ($filter_type) {
case "equals":
$query->where("{$filter_field}='{$value}'");
break;
case "min":
$query->where("{$filter_field}>='{$value}'");
break;
case "max":
$query->where("{$filter_field}<='{$value}'");
}
break;
case "enum":
switch ($filter_type) {
case "like":
$query->where("{$filter_field} LIKE '%{$value}%'");
break;
case "equals":
$query->where("{$filter_field}='{$value}'");
break;
}
break;
}
// END: switch($field->getDataType())
}
// END: if(ereg("^filter_(.+)_(.+)", $key, $regs))
}
// END: foreach($filters as $key=>$value)
}
// END: if($filters != NULL)
// Execute Query
$sql = new DatabaseQuery($query->toString());
try {
$sql->doQuery();
$num_rows = $sql->get_num_rows();
Log::debug("{$tag}: Exporting {$num_rows} rows");
return $sql;
} catch (Exception $e) {
Log::error("{$tag}: [" . $sql->err_code . "] " . $sql->err_message);
throw $e;
}
}
protected function initListRows()
{
$tag = "ListDrafter: initListRows()";
Log::debug("$tag");
/*
// Build the results table
*/
$listColumnNames = array();
$listRows = array();
// convenience pointers
$query = $this->entityQuery;
$entityBP = $this->entityBlueprint;
$listBP = $this->listBlueprint;
// determine which fields to render
if($listBP) {$fields = $listBP->fields(); } else { $fields = $entityBP->fields(); }
try
{
$sql = new DatabaseQuery($query->toString());
$sql->doQuery();
$num_rows = $sql->get_num_rows();
if($num_rows > 0)
{
for($i=0; $i<$num_rows; $i++)
{
$row = $sql->get_next_row();
$id = $row->id;
$listRow = new ListRow($id);
foreach($fields as $f)
{
// NOTE: treat "f" as a generic Field
$key = $f->getKey();
// add to list of column names
$listColumnNames["$key"] = $f->getDisplayName();
// get field definition from entityBlueprint
$entityField = $entityBP->get($key);
// retrieve value for field
if($entityField->isForeignKey())
{
$foreignValue = str_replace(".", "_", $entityField->getForeignValue());
$value = $row->$foreignValue;
}
else
{
$value = $row->$key;
}
/*
// Format Values
*/
if( (!empty($value)) || ($value=="0") )
{
// first by datatype
switch($entityField->getDataType())
{
case "string":
if($entityField->getEncType() != "plain") { $value = "********"; }
break;
case "text":
break;
case "binary":
$lengthKey = $key . "_length";
$bytes = $row->$lengthKey;
$value = "<a href='/blueprints/binary.php?action=file&blueprint=" . $entityBP->getKey() . "&field=$key&id=$id'>" . Binary::formatLength($bytes) . "</a>";
break;
}
// then, by list blueprint format string
if($listBP)
{
$listField = $listBP->get($key);
$format = $listField->getFormat();
if(!empty($format))
{
switch($entityField->getDataType())
{
case "string":
case "text":
// formatter string specifies truncation length
if(strlen($value) > $format) { $value = substr($value, 0, $format) . "..."; }
break;
case "enum":
// formatter string specifies truncation length
if(strlen($value) > $format) { $value = substr($value, 0, $format); }
break;
case "date":
case "datetime":
// formatter string specifies php date format
$time = strtotime($value);
$value = date($format, $time);
break;
case "binary":
break;
}
}
}
// look for additional column attributes from listBlueprint
$href = null;
if($listBP)
{
$listField = $listBP->get($key);
$href = $listField->getHref();
// replace references to entity fields with their values
if(!empty($href)) { $href = $this->replaceKeys($href, $row); }
}
}
// add a new list column to the list row
$listRow->addColumn($key, $value, @$href);
} // END: foreach($field as $f)
$listRows[$i] = $listRow;
} // END: for($i=0; $i<$num_rows; $i++)
$this->listColumnNames = $listColumnNames;
$this->listRows = $listRows;
} // END: if($num_rows > 0)
}
catch(Exception $e)
{
// ? can we throw exceptions from a / to a constructor?
throw($e);
}
} // END: protected function initListRows()
