function Login_Process()
{
$arg2 = $this->directlogin == true ? 'direct' : '';
// only process if user hit "post"
if (gp('gp_posted', '', false) == '') {
return;
}
vgfSet('LoginAttemptOK', false);
// Error title
vgfSet('ERROR_TITLE', '*');
// If the user supplied a loginUID, this is a post and we
// must process the request.
$ale = vgaGet('login_errors', array());
$app = $GLOBALS['AG']['application'];
$em000 = isset($ale['000']) ? $ale['000'] : "That username/password combination did not work. Please try again.";
$em001 = isset($ale['001']) ? $ale['001'] : "That username/password combination did not work. Please try again.";
$em002 = isset($ale['002']) ? $ale['002'] : "That username/password combination did not work. Please try again.";
$em099 = isset($ale['099']) ? $ale['099'] : "That username/password combination did not work. Please try again.";
$terror = "";
$uid = gp('loginUID');
$uid = MakeUserID($uid);
//$uid = str_replace('@','_',$uid);
//$uid = str_replace('.','_',$uid);
$pwd = gp("loginPWD", "", false);
// First check, never allow the database server's superuser
// account
//
if ($uid == "postgres") {
ErrorAdd($em000);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as postgres");
fwLogEntry('1011', 'Attempt login as postgres', '', $arg2);
}
return;
}
$app = $GLOBALS['AG']['application'];
if (substr($uid, 0, strlen($app)) == $app) {
ErrorAdd($em001);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as group role");
fwLogEntry('1012', 'Attempt login as group role', $uid, $arg2);
}
return;
}
// Begin with a connection attempt.
// on fail, otherwise continue
$tcs = @SQL_CONN($uid, $pwd);
if ($tcs === false) {
ErrorAdd($em099);
if (vgfGet('loglogins', false)) {
sysLog(LOG_NOTICE, "Andromeda:{$app}:Bad login attempt server rejected");
fwLogEntry('1013', 'Server rejected username/password', $uid, $arg2);
}
return;
} else {
SQL_CONNCLOSE($tcs);
}
// The rest of this routine uses an admin connection. If we
// have an error, we must close the connection before returning!
// ...yes, yes, that's bad form, all complaints to /dev/null
//
if (vgfGet('loglogins', false)) {
fwLogEntry('1010', 'Login OK', $uid, $arg2);
}
scDBConn_Push();
// See if they are a root user. If not, do they have an
// active account?
$root = false;
$admin = false;
$group_id_eff = '';
$results = SQL("\n Select oid\n FROM pg_roles \n WHERE rolname = CAST('{$uid}' as name)\n AND rolsuper= true");
$cr = SQL_NUMROWS($results);
if ($cr != 0) {
$root = true;
} else {
$results = SQL("Select * from users WHERE LOWER(user_id)='{$uid}'" . "AND (user_disabled<>'Y' or user_disabled IS NULL)");
$cr = SQL_NUMROWS($results);
if ($cr == 0) {
scDBConn_Pop();
ErrorAdd($em002);
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt code 002");
return;
} else {
$userinfo = SQL_Fetch_Array($results);
$group_id_eff = $userinfo['group_id_eff'];
SessionSet('user_name', $userinfo['user_name']);
}
}
// Flag if the user is an administrator
if ($root == true) {
$admin = true;
} else {
$results = SQL("select count(*) as admin from usersxgroups " . "where user_id='{$uid}' and group_id ='{$app}" . "_admin'");
$row = SQL_FETCH_ARRAY($results);
$admin = intval($row["admin"]) > 0 ? true : false;
}
// Get the users' groups
$groups = "";
if ($root) {
$results = SQL("\n select group_id \n from zdd.groups \n where COALESCE(grouplist,'')=''");
} else {
$results = SQL("select group_id from usersxgroups WHERE LOWER(user_id)='{$uid}'");
}
while ($row = SQL_FETCH_ARRAY($results)) {
$agroups[] = "'" . trim($row['group_id']) . "'";
#$groups.=ListDelim($groups)."'".trim($row["group_id"])."'";
}
$groups = array();
if (!empty($agroups)) {
$groups = implode(",", $agroups);
}
//scDBConn_Pop();
// We have a successful login. If somebody else was already
// logged in, we need to wipe out that person's session. But
// don't do this if there was an anonymous login.
if (LoggedIn()) {
$uid_previous = SessionGet('UID');
if ($uid != $uid_previous) {
//Session_Destroy();
SessionReset();
//Index_Hidden_Session_Start(false);
}
}
// We know who they are and that they can connect,
// see if there is any app-specific confirmation required
//
if (function_exists('app_login_process')) {
//echo "Calling the process now";
if (!app_login_process($uid, $pwd, $admin, $groups)) {
return;
}
}
// Protect the session from hijacking, generate a new ID
Session_regenerate_id();
// We now have a successful connection, set some
// flags and lets go
//
vgfSet('LoginAttemptOK', true);
SessionSet("UID", $uid);
SessionSet("PWD", $pwd);
SessionSet("ADMIN", $admin);
SessionSet("ROOT", $root);
SessionSet("GROUP_ID_EFF", $group_id_eff);
SessionSet("groups", $groups);
if (gp('gpz_page') == '') {
# KFD 9/12/08, extra command to not change page
if (gp('st2keep') != 1) {
gpSet('gp_page', '');
}
}
$GLOBALS['session_st'] = 'N';
// for "N"ormal
// -------------------------------------------------------------------
// We are about to make the menu. Before doing so, see if there
// are any variables set for the menu layout. Set defaults and then
// load from database.
//
$this->pmenu = array('MENU_TYPE' => vgaGet('MENU_TYPE', 'div'), 'MENU_CLASS_MODL' => vgaGet('MENU_CLASS_MODL', 'modulename'), 'MENU_CLASS_ITEM' => vgaGet('MENU_CLASS_ITEM', 'menuentry'), 'MENU_TICK' => vgaGET('MENU_TICK', ' - '));
//$sql = "SELECT * from variables WHERE variable like 'MENU%'";
//$dbres = SQL($sql);
//while ($row = SQL_FETCH_ARRAY($dbres)) {
// $this->pmenu[trim($row['variable'])]=trim($row['variable_value']);
//}
// -------------------------------------------------------------------
// KFD 10/28/06, Modified to examine "nomenu" instead of permsel
// pulls all tables user has nomenu='N'. The basic idea is
// to remove from $AGMENU the stuff they don't see
//
// GET AGMENU
$AGMENU = array();
// avoid compiler warning, populated next line
include "ddmodules.php";
// Pull distinct modules person has any menu options in.
$sq = "SELECT DISTINCT module\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND group_id iN ({$groups})";
$modules = SQL_AllRows($sq, 'module');
$AGkeys = array_keys($AGMENU);
foreach ($AGkeys as $AGkey) {
if (!isset($modules[$AGkey])) {
unset($AGMENU[$AGkey]);
}
}
// Now recurse the remaining modules and do the same trick
// for each one, removing the tables that don't exist
foreach ($AGMENU as $module => $moduleinfo) {
$sq = "SELECT DISTINCT table_id\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND module = '{$module}'\n AND group_id iN ({$groups})";
$tables = SQL_AllRows($sq, 'table_id');
$tkeys = array_keys($moduleinfo['items']);
foreach ($tkeys as $tkey) {
if (!isset($tables[$tkey])) {
unset($AGMENU[$module]['items'][$tkey]);
}
}
}
// KFD 12/18/06. Put all table permissions into session
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND nomenu='N'", 'table_id');
SessionSet('TABLEPERMSMENU', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permsel='Y'", 'table_id');
SessionSet('TABLEPERMSSEL', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permins='Y'", 'table_id');
SessionSet('TABLEPERMSINS', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permupd='Y'", 'table_id');
SessionSet('TABLEPERMSUPD', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permdel='Y'", 'table_id');
SessionSet('TABLEPERMSDEL', array_keys($table_perms));
//echo "<div style='background-color:white'>";
//echo "$uid $groups $group_id_eff";
//hprint_r(SessionGet('TABLEPERMSMENU'));
//hprint_r(SessionGet('TABLEPERMSSEL'));
//echo "</div>";
// KFD 7/9/07, we always use joomla templates now, don't need
// options to turn them off
//if(defined('_ANDROMEDA_JOOMLA')) {
// In a hybrid situation, put the menu into the session
SessionSet('AGMENU', $AGMENU);
//}
$HTML_Menu = "";
$WML_Menu = "";
/*
foreach ($AGMENU as $key=>$module) {
//if($key=="datadict") continue;
//if($key=="sysref") continue;
$HTML_Module="";
$WML_Module="";
foreach($module["items"] as $itemname=>$item) {
if (!isset($item["mode"])) { $item["mode"]="normal"; }
switch ($item["mode"]) {
case "normal":
$ins=false;
$extra=array();
if($item['menu_parms']<>'') {
$aextras=explode('&',$item['menu_parms']);
foreach($aextras as $aextra) {
list($var,$value)=explode("=",$aextra);
$extra[$var]=$value;
}
}
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,$ins,$extra
);
$WML_Module.="<div>";
$WML_Module.=hLink(
'',$item['description'],'?gp_page='.$itemname
);
$WML_Module.="</div>";
break;
case "ins":
//if ($admin || isset($tables_ins[$item["name"]])) {
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,true
);
//}
break;
#$HTML_Module.=
# "\n<font class=\"tablename\">- <a href=\"index.php?gp_page=".$itemname."\">".
# $item["description"]."</a></font><br />";
}
}
// the module is defined AFTER its contents so it can be
// left off if it has no entries
if ($HTML_Module!="") {
$HTML_Menu.=$this->_MenuModule($module['description']);
$HTML_Menu.=$HTML_Module;
}
if ($WML_Module!="") {
$WML_Menu.="<div><b>".$module['description']."</b></div>";
$WML_Menu.=$WML_Module;
}
}
*/
DynamicSave("menu_" . $uid . ".php", $HTML_Menu);
DynamicSave("menu_wml_" . $uid . ".php", $WML_Menu);
// -------------------------------------------------------------------
// Fetch and cache user preferences
if (vgaGet('member_profiles')) {
cacheMember_Profiles();
}
// -------------------------------------------------------------------
// Now find the user's table permissions more precisely table by table
$sql = "select p.table_id,\n\t\t\t\tmax(case when p.permins='Y' then 1 else 0 end) as permins,\n\t\t\t\tmax(case when p.permupd='Y' then 1 else 0 end) as permupd,\n\t\t\t\tmax(case when p.permdel='Y' then 1 else 0 end) as permdel,\n\t\t\t\tmax(case when p.permsel='Y' then 1 else 0 end) as permsel\n\t\t\t\tfrom zdd.perm_tabs P\n\t\t\t\tWHERE group_id in ({$groups})\n\t\t\t\tGROUP BY p.table_id";
//echo $sql;
$results = SQL($sql);
$HTML_Perms = "<?php\n\$table_perms = array();\n";
while ($row = SQL_FETCH_ARRAY($results)) {
$tn = $row["table_id"];
$ti = $row["permins"];
$tu = $row["permupd"];
$td = $row["permdel"];
$ts = $row["permsel"];
$HTML_Perms .= "\$table_perms[\"{$tn}\"]=array(\"ins\"=>{$ti},\"upd\"=>{$tu},\"del\"=>{$td},\"sel\"=>{$ts});\n";
}
$HTML_Perms .= "?>\n";
DynamicSave("perms_" . $uid . ".php", $HTML_Perms);
/* October 28, 2006, KFD. Rem'd this all out, column and row security
made this irrelevant
// -------------------------------------------------------------------
// Find out if this user has any UID Columns, columns that create
// filters on the user's UID
$sql = "Select column_id FROM groupuids WHERE group_id IN ($groups)";
//echo $sql;
$results = SQL($sql);
$groupuids = array();
while ($row = SQL_FETCH_ARRAY($results)) {
//echo "Found this one".$row["column_id"];
$groupuids[$row["column_id"]] = $row["column_id"];
}
SessionSet("groupuids",$groupuids);
*/
scDBConn_Pop();
return;
}
/**
* @deprecated
*/
function hDetailFromAHCols($ahcols, $name, $tabindex, $display = '')
{
// Apply the names
ahColsNames($ahcols, $name, $tabindex);
//hprint_r($ahcols);
//exit;
// Always pull the previously generated calcrow and
// update it with the name prefix, then save it back again.
$calcRow = vgaGet('calcRow');
$calcRow = str_replace('--NAME-PREFIX--', $name, $calcRow);
vgaSet('calcRow', $calcRow);
ob_start();
$first = '';
if ($display == '') {
echo "\n<fieldset>";
}
foreach ($ahcols as $colname => $ahcol) {
// Establish names of crucial items
$cname = $ahcol['cname'];
$cnmer = $cname . "_err";
// if no first focus, set it now
if ($first == '' && vgfGet('HTML_focus') == '' && $ahcol['writable']) {
vgfSet('HTML_focus', $cname);
}
// Replace out the HTML
$html = $ahcol['htmlnamed'];
// KFD 9/7/07, replace the HTML if it is a WYSIWYG column
if ($ahcol['type_id'] == 'mime-h' || $ahcol['type_id'] == 'mime-h-f') {
$html = '--MIME-H--' . $ahcol['cname'] . '--MIME-H--';
}
if ($ahcol['type_id'] == 'date') {
jqDocReady("\$('input[data-date-format]').each(\n function() {\n if (typeof(\$(this).attr('readonly')) == 'undefined') {\n \$(this).datepicker().on('changeDate',function() {\n \$(this).datepicker('hide');\n });\n }\n });\n ");
}
// Replace out the stuff to the right
$hrgt = $ahcol['hrgtnamed'];
switch ($display) {
case '':
echo "\n<div class=\"control-group {$cname}--ERROR--CLASS\"><label class=\"control-label\">" . $ahcol['description'] . ":</label>";
echo "\n<div class=\"controls\">{$html} {$hrgt}";
echo "\n<span class=\"help-inline\" id=\"{$cnmer}\">{$cname}--ERROR--</span>";
echo "\n<span class=\"help-inline\">" . $ahcol['tooltip'] . "</span></div></div>";
break;
case 'tds':
echo "\n<div class=\"controls\">{$html}</div>";
break;
}
}
if ($display == '') {
echo "</fieldset>";
}
return ob_get_clean();
}
</td></tr>
</table>
</td>
<td id="tc-right">
<?php
echo ehStandardContent();
?>
</td>
</tr>
</table>
<!-- This plus body:height95% gives perm scroll bar-->
<br><br><br>
<!-- Ending -->
<?php
// If a different menu has been forced, use that
$gm = vgaGet('menu_selected', '');
if ($gm != '') {
$gp = 'menu_' . ($gm != '' ? $gm : gp('gp_page'));
?>
<script>
ob("<?php
echo $gp;
?>
").className="menuselected";
</script>
<?php
}
// Script goes out at absolute end, after <html> element is closed
if (vgfGet("HTML_focus") != "") {
?>
<script>
function __construct($table_id = '')
{
// Grab table ID if given, otherwise try to figure
// one out, but only if we don't have one
if ($table_id != '') {
$this->table_id = $table_id;
} else {
if ($this->table_id == '') {
$this->table_id = get_class($this);
}
}
// Load data dictionary. This is not a tragedy if
// the page has no table, just forget about it.
$this->table = DD_TableRef($this->table_id);
$this->view_id = '';
if (is_array($this->table)) {
if (isset($this->table['projections']['_uisearch'])) {
// capure this directly so it can be overridden
$this->projections['_uisearch'] = $this->table['projections']['_uisearch'];
}
$this->view_id = DDTable_IDResolve($this->table_id);
}
// Look for an application-level variable for button_images
/**
level:class
The property "button_images" can be overridden by setting
an application-level property with the [[vgaSet()]] function.
*/
if (vgaGet('button_images', '') != '') {
$this->button_images = vgaGet('button_images');
}
// Set the page subtitle if we can find it
if ($this->PageSubtitle == '') {
$this->PageSubtitle = ArraySafe($this->table, "description", "PLEASE SET -PageSubtitle-");
}
// Set the flag_buffer to false if we detect any flags
// that would do that
if (gpExists('gp_ajaxcol')) {
$this->flag_buffer = false;
}
if (gpExists('gp_fbproc')) {
$this->flag_buffer = false;
}
if (gpExists('gp_xajax')) {
$this->flag_buffer = false;
}
if (gpExists('fwajax')) {
$this->flag_buffer = false;
}
// This array can be used to override properties on
// child objects invoked by this object
$this->children = array();
// Now set all child tables to be 'drilldown', unless
// overridden in datadictionary
if (isset($this->table['fk_children'])) {
foreach ($this->table['fk_children'] as $table_child => $tabinfo) {
$display = trim(ArraySafe($tabinfo, 'uidisplay', 'drilldown'));
$this->children[$table_child]['display'] = $display != '' ? $display : 'drilldown';
}
}
// KFD 6/30/07, allow a gp variable to specify which control to
// set focus. Do it early so it can be overrridden
if (gpexists('html_focus')) {
vgfset('HTML_focus', 'x2t_' . hx(gp('html_focus')));
}
// ((((((((((((((((((((((((((((*))))))))))))))))))))))))))))))))
// ((((((((((((((((( Run Custom-level Construct ))))))))))))))))
$this->construct_custom();
$this->custom_construct();
// ((((((((((((((((( Run Custom-level Construct ))))))))))))))))
// ((((((((((((((((((((((((((((*))))))))))))))))))))))))))))))))
// Now pass through child tables again, removing any setting
// that is not allowed by security privs. Notice we do this
// after the custom_construct, since that is where a setting might
// be that conflicts with security setting.
if (isset($this->table['fk_children'])) {
$a = array_keys($this->table['fk_children']);
foreach ($this->table['fk_children'] as $table_child => $tabinfo) {
if (!DDUserPerm($table_child, 'menu')) {
$this->children[$table_child]['display'] = 'none';
}
}
}
}
function index_hidden_page()
{
global $AG;
$sessok = !LoggedIn() ? false : true;
// KFD 3/6/08, moved here from the main stream of index_hidden
// because these are relevant only to page processing
if (gpExists('x_module')) {
SessionSet('AGMENU_MODULE', gp('x_module'));
} elseif (vgaGet('nomodule') != '' && SessionGet('AGMENU_MODULE') == '') {
SessionSet('AGMENU_MODULE', vgaGet('nomodule'));
}
// If the search flag is set, we need to know what class for this
// application handles searchs
if (gpExists('gp_search')) {
gpSet('gp_page', vgaGet('SEARCH_CLASS'));
}
// Load up a list of pages that public users are allowed to see,
// with home and password always there.
global $MPPages;
// allows it to be in applib
$MP = array();
//$MPPages= array();
// This is the old method, load $MPPages from its own file
if (file_exists_incpath('appPublicMenu.php')) {
include_once 'appPublicMenu.php';
}
if (!is_array($MPPages)) {
$MPPages = array();
}
$MPPages['x_home'] = 'Home Page';
$MPPages['x_login'] = '******';
$MPPages['x_noauth'] = 'Authorization Required';
$MPPages['x_password'] = "******";
$MPPages['x_mpassword'] = "******";
$MPPages['x_paypalipn'] = 'Paypal IPN';
// If the install page exists, it will be used, no getting
// around it.
$install = $GLOBALS['AG']['dirs']['application'] . 'install.php';
$instal2 = $GLOBALS['AG']['dirs']['application'] . 'install.done.php';
if (file_exists($install)) {
if (gp('gp_install') == 'finish') {
rename($install, $instal2);
} else {
$MPPages['install'] = 'install';
gpSet('gp_page', 'install');
}
}
// First pass is to look for the "flaglogin" flag. This says save all
// current page settings and go to login screen. They will be restored
// on a successful login. Very useful for links that say "Login to
// see nifty stuff..."
if (gp('gp_flaglogin') == '1') {
gpSet('gp_flaglogin', '');
gpToSession();
gpSet('gp_page', 'x_login');
}
// Second pass redirection, pick default page if there
// is none, and verify public pages.
//
$gp_page = gp('gp_page');
if ($gp_page == '') {
if (vgfGet('LoginAttemptOK') === true && vgfGet('x4') === true) {
$gp_page = 'x4init';
gpSet('gp_page', 'x4init');
SessionSet('TEMPLATE', 'x4');
} else {
if (function_exists('appNoPage')) {
$gp_page = appNoPage();
} else {
if (!LoggedIn()) {
$gp_page = FILE_EXISTS_INCPATH('x_home.php') ? 'x_home' : 'x_login';
} else {
// KFD 3/2/07, pull vga stuff to figure defaults
if (vgaGet('nopage') != '') {
$gp_page = vgaGet('nopage');
} else {
$gp_page = 'x_welcome';
}
}
}
}
}
// If they are trying to access a restricted page and are not
// logged in, cache their request and redirect to login page
if (!$sessok && !isset($MPPages[$gp_page])) {
if (vgfGet('loglogins', false)) {
fwLogEntry('1014', 'Page access w/o login', $gp_page);
}
gpToSession();
$gp_page = 'x_login';
}
// If pos is activated and the current requested page does not
// match what they are cleared for, redirect to login
if (vgaGet('POS_SECURITY', false) == true && SessionGet('ADMIN') == false) {
if (SessionGet('POS_PAGE', '', 'FW') != $gp_page) {
gpToSession();
$gp_page = 'x_login';
}
}
gpSet('gp_page', $gp_page);
// Make any database saves. Do this universally, even if save
// was not selected. If errors, reset to previous request.
//if(gp('gp_save')=='1') processPost();
processPost();
if (Errors()) {
gpSetFromArray('gp_', aFromGp('gpx_'));
}
// Put Userid where HTML forms can find it
//vgfSet("UID",SessionGet("UID"));
//if (vgfSet("UID")=="") { vgfSet("UID","Not Logged In"); }
// THIS IS NEWER X_TABLE2 version of drilldown commands,
// considerably simpler than the older ones. It makes use of
// three gp_dd variables.
//
// Notice how we process drillbacks FIRST, allowing a link
// to contain both drillback and drilldown, for the super-nifty
// effect of a "drill-across"
hidden('gp_dd_page');
hidden('gp_dd_skey');
hidden('gp_dd_back');
if (intval(gp('gp_dd_back')) > 0 && $sessok) {
// this is drillback
$dd = ContextGet('drilldown', array());
$back = intval(gp('gp_dd_back'));
if (count($dd) >= $back) {
$spot = count($dd) - $back;
$aback = $dd[$spot];
gpSet('gp_skey', $aback['skey']);
gpSet('gp_page', $aback['page']);
$gp_page = $aback['page'];
gpSet('gpx_skey', $aback['skey']);
gpSet('gpx_page', $aback['page']);
gpSetFromArray('parent_', $aback['parent']);
if (!gpExists('gp_mode')) {
gpSet('gp_mode', 'upd');
}
$dd = $spot == 0 ? array() : array_slice($dd, 0, $spot);
ContextSet('drilldown', $dd);
ContextSet('drilldown_top', $aback['page']);
//ContextSet('drilldown_level',count($dd));
}
}
if (gp('gp_dd_page') != '' && $sessok) {
// this is drilldown...
$matches = DrillDownMatches();
$matches = array_merge($matches, aFromGP('parent_'));
$dd = ContextGet('drilldown', array());
$newdd = array('matches' => $matches, 'parent' => aFromGP('parent_'), 'skey' => gp('gpx_skey'), 'page' => gp('gpx_page'));
$dd[] = $newdd;
ContextSet('drilldown', $dd);
ContextSet('drilldown_top', gp('gp_dd_page'));
//ContextSet('drilldown_level',count($dd));
// having saved the stack, redirect to new page.
$tnew = gp('gp_dd_page');
$gp_page = $tnew;
gpSet('gp_page', $tnew);
if (gp('gp_dd_skey') != '') {
gpSet('gp_skey', gp('gp_dd_skey'));
gpSet('gp_mode', 'upd');
}
// Clear search of new page, set filters to blank
processPost_TableSearchResultsClear($tnew);
ConSet('table', $tnew, 'search', array());
}
// If no drilldown commands were received, and we are not on
// the page that is the top, user must have picked a new page
// altogether, wipe out the drilldown stack
if (gp('gp_page') != ContextGet('drilldown_top', '')) {
ContextSet('drilldown', array());
ContextSet('drilldown_top', '');
}
// Must always have these on the user's form. These can
// be retired with x_Table, they are for old drilldown
//
hidden("dd_page", "");
hidden("dd_ddc", "");
hidden("dd_ddv", "");
hidden("dd_ddback", "");
hidden("dd_action", "searchexecute");
hidden("dd_skey", "");
// Load user preferences just before display
UserPrefsLoad();
$dir = $GLOBALS['AG']['dirs']['root'] . 'application/';
if (file_exists($dir . $gp_page . ".page.yaml")) {
include 'androPage.php';
$obj_page = new androPage();
if ($obj_page->flag_buffer) {
ob_start();
}
$obj_page->main($gp_page);
if ($obj_page->flag_buffer) {
vgfSet("HTML", ob_get_clean());
//ob_end_clean();
}
vgfSet("PageSubtitle", $obj_page->PageSubtitle);
} else {
$obj_page = DispatchObject($gp_page);
if ($obj_page->flag_buffer) {
ob_start();
}
$obj_page->main();
if ($obj_page->flag_buffer && vgfGet('HTML') == '') {
vgfSet("HTML", ob_get_contents());
ob_end_clean();
}
vgfSet("PageSubtitle", $obj_page->PageSubtitle);
}
// Save context onto the page. Note that it is not really
// protected by these methods, just compressed and obscured.
//
$t2 = serialize($GLOBALS['AG']['clean']['gpContext']);
$t2 = gzcompress($t2);
$t2 = base64_encode($t2);
Hidden('gpContext', $t2);
// KFD 3/7/07, give the app the final opportunity to process
// things before the display, while logged in.
if (function_exists('appdisplaypre')) {
appDisplayPre();
}
// ...and write output and we are done. Assume if there was
// no buffering that the output is already done.
if ($obj_page->flag_buffer != false) {
// Work out what template we are using
index_hidden_template('x2');
// KFD 5/30/07, send back only main content if asked
if (gp('ajxBUFFER') == 1) {
echo "andromeda_main_content|";
ehStandardContent();
echo "|-|_focus|" . vgfGet('HTML_focus');
$ajax = ElementReturn('ajax', array());
echo '|-|' . implode('|-|', $ajax);
echo '|-|_title|' . vgfGet('PageTitle');
} elseif (defined('_VALID_MOS')) {
// This is the default branch, using a Joomla template
// DUPLICATE ALERT: This code copied into
// index_hidden_x4Dispatch() above
global $J;
$mainframe = $J['mainframe'];
$my = $J['my'];
$mosConfig_absolute_path = $J['mC_absolute_path'];
$mosConfig_live_site = $J['mC_live_site'];
$template_color = $J['template_color'];
$template_color = 'red';
$file = $GLOBALS['AG']['dirs']['root'] . '/templates/' . $mainframe->GetTemplate() . "/index.php";
include $file;
} elseif ($obj_page->html_template !== '') {
// This is newer style, let the class specify the template.
include $obj_page->html_template . '.php';
} else {
// This is old style, defaults to "html_main.php", can be
// set also by vgaSet() or by gp(gp_out)
$html_main = vgaGet('html_main') == '' ? 'html_main' : vgaGet('html_main');
switch (CleanGet("gp_out", "", false)) {
case "print":
include "html_print.php";
break;
case "info":
include "html_info.php";
break;
case "":
include $html_main . ".php";
break;
default:
}
}
}
}
function mosShowListMenu($menutype)
{
// -------------------------------------------------------
// Andromeda Code: If we are in an Andromeda situation
// then everything is vastly simplified, we already have
// the menu and we don't do much conversion
// -------------------------------------------------------
if (defined('_ANDROMEDA_JOOMLA')) {
if (!LoggedIn()) {
return;
}
// KFD 7/6/07, cache the menu so we don't have to do
// this on every call.
// Cachegrind cost to build menu : 259 / 199
// Cachegrind cost logging in : 140
// Cachegrind cost login, cache to session: 2!!!!
// Cachegrind cost to cache to disk : 400!
# KFD 4/17/08, rebuild menu if they switched modes
# KFD 6/21/08, simplify this by just looking at x4Welcome
#$menu_mode = gpExists('x4Page')
# ? (vgfGet('x4menu',false)==true ? 'x4' : 'classic')
# : 'classic';
$menu_mode = configGet('x4welcome', 'N') == 'Y' ? 'x4' : 'classic';
vgfSet('menu_mode', $menu_mode);
# KFD 6/21/08 (END)
if ($menu_mode != SessionGet('menu_mode')) {
sessionSet('menu', '');
sessionSet('menu_mode', $menu_mode);
}
$menu = SessionGet('menu', '');
if ($menu != '') {
echo $menu;
return;
}
ob_start();
$children = array();
$open = array();
$indents = array(array("<ul>", "<li>", "</li>", "</ul>"));
$class_sfx = null;
$hilightid = SessionGET('AGMENU_MODULE');
$hilightid = '';
$menus = SessionGET("AGMENU");
foreach ($menus as $menuid => $menuinfo) {
//if($menuid=='datadict') continue;
//if($menuid=='sysref') continue;
$x = new joomla_fake();
$x->type = 'url';
$x->id = $menuid;
if (sessionGet('menu_mode') == 'x4') {
$x->link = 'javascript:void(0);';
} else {
$x->link = "?x_module=" . urlencode($menuid);
}
$x->browserNav = '';
$x->name = $menuinfo['description'];
$children[0][] = $x;
foreach ($menuinfo['items'] as $page => $pageinfo) {
$x = new joomla_fake();
$x->type = 'url';
$x->id = $page;
# KFD 6/26/08, the vgfX(x4) was experimental, get rid of it
#if(vgfGet('x4')===true) {
# $pd = $pageinfo['description'];
# $x->link="javascript:x4Page('$page','$pd')";
#}
#else {
# KFD 6/26/08, work out the menu mode first
$xmode = 'x2';
if (sessionGet('menu_mode') == 'x4') {
$xmode = a($pageinfo, 'uix2', 'N') == 'Y' ? 'x2' : 'x4';
}
if ($xmode == 'x4') {
$x->link = '?x4Page=' . urlencode($page);
$x->link .= '&x4Return=' . vgaGet('nopage', 'menu');
} else {
$x->link = "?x_module={$menuid}&x2=1&gp_page=" . urlencode($page);
}
if (ArraySafe($pageinfo, 'menu_parms') != '') {
$x->link .= '&' . urlencode($pageinfo['menu_parms']);
}
#}
$x->browserNav = '';
$x->name = $pageinfo['description'];
$children[$menuid][] = $x;
}
}
mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid);
$menu = ob_get_clean();
echo $menu;
SessionSet('menu', $menu);
//$fsMenuFileHTML=ob_get_clean();
//file_put_contents($fsMenuFile,$fsMenuFileHTML);
//echo $fsMenuFileHTML;
return;
}
// -------------------------------------------------------
// Andromeda Code: END
// -------------------------------------------------------
global $database, $my, $cur_template, $Itemid;
global $mosConfig_absolute_path, $mosConfig_live_site, $mosConfig_shownoauth;
$class_sfx = null;
$hilightid = null;
/* If a user has signed in, get their user type */
$intUserType = 0;
if ($my->gid) {
switch ($my->usertype) {
case 'Super Administrator':
$intUserType = 0;
break;
case 'Administrator':
$intUserType = 1;
break;
case 'Editor':
$intUserType = 2;
break;
case 'Registered':
$intUserType = 3;
break;
case 'Author':
$intUserType = 4;
break;
case 'Publisher':
$intUserType = 5;
break;
case 'Manager':
$intUserType = 6;
break;
}
} else {
/* user isn't logged in so make their usertype 0 */
$intUserType = 0;
}
if ($mosConfig_shownoauth) {
$database->setQuery("SELECT m.*, count(p.parent) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering ");
} else {
$database->setQuery("SELECT m.*, sum(case when p.published=1 then 1 else 0 end) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1' AND m.access <= '{$my->gid}'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering ");
}
$rows = $database->loadObjectList('id');
echo $database->getErrorMsg();
//work out if this should be highlighted
$sql = "SELECT m.* FROM #__menu AS m" . "\nWHERE menutype='" . $menutype . "' AND m.published='1'";
$database->setQuery($sql);
$subrows = $database->loadObjectList('id');
$maxrecurse = 5;
$parentid = $Itemid;
//this makes sure toplevel stays hilighted when submenu active
while ($maxrecurse-- > 0) {
$parentid = getParentRow($subrows, $parentid);
if (isset($parentid) && $parentid >= 0 && $subrows[$parentid]) {
if (vgfGet('menu_mode') != 'x4') {
$hilightid = $parentid;
}
} else {
break;
}
}
if (vgfGet('menu_mode') == 'x4') {
$hilightid = '';
}
//echo "<!--[if lte IE 7]>\n";
include_once "{$mosConfig_absolute_path}/templates/" . $cur_template . "/js/ie.js";
//echo "<![endif]-->\n";
$indents = array(array("<ul>", "<li>", "</li>", "</ul>"));
// establish the hierarchy of the menu
$children = array();
// first pass - collect children
foreach ($rows as $v) {
$pt = $v->parent;
$list = @$children[$pt] ? $children[$pt] : array();
array_push($list, $v);
$children[$pt] = $list;
}
// second pass - collect 'open' menus
$open = array($Itemid);
$count = 20;
// maximum levels - to prevent runaway loop
$id = $Itemid;
while (--$count) {
if (isset($rows[$id]) && $rows[$id]->parent > 0) {
$id = $rows[$id]->parent;
$open[] = $id;
} else {
break;
}
}
$class_sfx = null;
mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid);
}
