function select($queries_list)
{
foreach ($queries_list as $key => $query_data) {
$query_data["sql"] = _decrypt($query_data["sql"]);
if (!empty($query_data["fieldToIndex"])) {
$query_data["fieldToIndex"] = _decrypt($query_data["fieldToIndex"]);
}
if ($this->_checkQuery($query_data["sql"])) {
trigger_error("You can use onlye the SELECT mysql statement", E_USER_ERROR);
}
$result = mysql_query($query_data["sql"], $this->dbLink);
if (!$result) {
$response["data"][$key] = false;
continue;
}
$row_index = 0;
while ($result_row = mysql_fetch_assoc($result)) {
$response["data"][$key][] = $result_row;
if (empty($query_data["fieldToIndex"])) {
continue;
}
$response["indexes"][$key][$query_data["fieldToIndex"] . ":" . $result_row[$query_data["fieldToIndex"]]] = $row_index++;
}
}
return $response;
}
/**
* Form token validation
* @param array $validations The array of validation rules
* @return void
*/
function form_validate($validations = null)
{
if (!isset($_POST['lc_formToken_' . _cfg('formTokenName')])) {
Validation::addError('', _t('Invalid form token.'));
return false;
}
$token = _decrypt(session_get(_cfg('formTokenName')));
$postedToken = _decrypt(_post($_POST['lc_formToken_' . _cfg('formTokenName')]));
$result = false;
# check token first
if ($token == $postedToken) {
# check referer if it is requesting in the same site
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] && _cfg('siteDomain')) {
$siteDomain = _cfg('siteDomain');
$siteDomain = preg_replace('/^www\\./', '', $siteDomain);
$parsedURL = parse_url($_SERVER['HTTP_REFERER']);
$parsedURL['host'] = preg_replace('/^www\\./', '', $parsedURL['host']);
if (strcasecmp($siteDomain, $parsedURL['host']) == 0) {
$result = true;
}
}
}
if ($result == false) {
Validation::addError('', _t('Error occured during form submission. Please refresh the page to try again.'));
return false;
}
if ($validations && Validation::check($validations) === false) {
return false;
}
return true;
}
function CheckLogin($username, $db)
{
//this queries session table for the actual session and gets user data. similar to ADOdb's cryptsession stuff set $is_auth = true if successful
_prunesession($db);
//prune database.
$res = $db->execute("select * from auth_sessions where sessid=? and sess_time > now()-?", array($this->sessid, AUTH_MAX_LIFETIME));
if ($db->ErrorMsg() == '') {
$data = mysql_fetch_array($res);
} else {
$data = array();
}
if (!empty($data)) {
$info = _decrypt($data['crypt_data']);
$stuff = unserialize("::", $info);
if ($stuff['user'] == $username) {
$this->is_auth = true;
//we have a session and time, we can be pretty sure its same user
} else {
$this->is_auth = false;
$this->LogOut($username, $this->sessid, $db);
}
} else {
$this->is_auth = false;
return false;
}
if ($this->is_auth == true) {
$this->sessdata = $stuff;
return $this->is_auth;
} else {
return false;
}
}
/**
* 下载数据包
* @param string $hash 下载秘钥
* @return
*/
public function download($hash = null)
{
if (is_null($hash)) {
$filename = $this->path . '/' . $this->name . '.zip';
} else {
$filename = _decrypt($hash, self::$key);
}
// 文件打包
header("Cache-Control: public");
header("Content-Description: File Transfer");
header('Content-disposition: attachment; filename=' . basename($filename));
//文件名
header("Content-Type: application/zip");
//zip格式的
header("Content-Transfer-Encoding: binary");
//告诉浏览器,这是二进制文件
header('Content-Length: ' . filesize($filename));
//告诉浏览器,文件大小
@readfile($filename);
}
function decrypt($key)
{
if ($this->cipher == null) {
return false;
}
$data_content =& _decrypt($key, $this->cipher, $this->content);
if ($this->description != null) {
$data_description =& _decrypt($key, $this->cipher, $this->description);
}
if ($data_content !== false) {
$this->content =& $data;
if ($this->description != null) {
$this->description =& $data_description;
}
return true;
}
return false;
}
