function load($oid) { $q = new DBQuery(); $q->addQuery('*'); $q->addTable('risks'); $q->addWhere('risk_id = ' . $oid); return db_loadObject($q->prepare(), $this); }
function load($oid) { $q = new DBQuery(); $q->addTable('departments', 'dep'); $q->addQuery('dep.*'); $q->addWhere('dep.dept_id = ' . $oid); $sql = $q->prepare(); $q->clear(); return db_loadObject($sql, $this); }
} // load the company types $types = dPgetSysVal('CompanyType'); // load the record data $q = new DBQuery(); $q->addTable('companies'); $q->addQuery('companies.*'); $q->addQuery('con.contact_first_name'); $q->addQuery('con.contact_last_name'); $q->addJoin('users', 'u', 'u.user_id = companies.company_owner'); $q->addJoin('contacts', 'con', 'u.user_contact = con.contact_id'); $q->addWhere('companies.company_id = ' . $company_id); $sql = $q->prepare(); $q->clear(); $obj = null; if (!db_loadObject($sql, $obj) && $company_id > 0) { // $AppUI->setMsg( ' $qid =& $q->exec(); Company' ); // What is this for? $AppUI->setMsg("invalidID", UI_MSG_ERROR, true); $AppUI->redirect(); } // collect all the users for the company owner list $q = new DBQuery(); $q->addTable('users', 'u'); $q->addTable('contacts', 'con'); $q->addQuery('user_id'); $q->addQuery('CONCAT_WS(", ",contact_last_name,contact_first_name)'); $q->addOrder('contact_last_name'); $q->addWhere('u.user_contact = con.contact_id'); $owners = $q->loadHashList(); // setup the title block $ttl = $company_id > 0 ? "Edit Company" : "Add Company";
// check if this record has dependencies to prevent deletion $msg = ''; $obj = new CCompany(); $canDelete = $obj->canDelete($msg, $company_id); // load the record data $q = new DBQuery(); $q->addTable('companies', 'c'); $q->addQuery('c.*, u.user_id'); $q->addQuery('CONCAT(co.contact_first_name, " ", co.contact_last_name) AS contact_name'); $q->addJoin('users', 'u', 'u.user_id = c.company_owner'); $q->addJoin('contacts', 'co', 'u.user_contact = co.contact_id'); $q->addWhere('c.company_id = ' . $company_id); $sql = $q->prepare(); $q->clear(); $obj = null; if (!db_loadObject($sql, $obj)) { $AppUI->setMsg('Company'); $AppUI->setMsg("invalidID", UI_MSG_ERROR, true); $AppUI->redirect(); } else { $AppUI->savePlace(); } // load the list of project statii and company types $pstatus = dPgetSysVal('ProjectStatus'); $types = dPgetSysVal('CompanyType'); // setup the title block $titleBlock = new CTitleBlock('Company Information'); if ($canEdit) { $titleBlock->addCell(); $titleBlock->addButton($AppUI->_('new company'), 'index.php?m=companies&a=addedit'); }
/** * Login function * * A number of things are done in this method to prevent illegal entry: * <ul> * <li>The username and password are trimmed and escaped to prevent malicious * SQL being executed * </ul> * The schema previously used the MySQL PASSWORD function for encryption. This * Method has been deprecated in favour of PHP's MD5() function for database independance. * The check_legacy_password option is no longer valid * * Upon a successful username and password match, several fields from the user * table are loaded in this object for convenient reference. The style, localces * and preferences are also loaded at this time. * * @param string The user login name * @param string The user password * @return boolean True if successful, false if not */ function login($username, $password) { require_once DP_BASE_DIR . '/classes/authenticator.class.php'; $auth_method = dPgetConfig('auth_method', 'sql'); if (@$_POST['login'] != 'login' && @$_POST['login'] != $this->_('login', UI_OUTPUT_RAW) && $_REQUEST['login'] != $auth_method) { die('You have chosen to log in using an unsupported or disabled login method'); } $auth =& getauth($auth_method); $username = trim(db_escape($username)); $password = trim($password); if (!$auth->authenticate($username, $password)) { return false; } $user_id = $auth->userId($username); $username = $auth->username; // Some authentication schemes may collect username in various ways. // Now that the password has been checked, see if they are allowed to // access the system if (!isset($GLOBALS['acl'])) { $GLOBALS['acl'] =& new dPacl(); } if (!$GLOBALS['acl']->checkLogin($user_id)) { dprint(__FILE__, __LINE__, 1, 'Permission check failed'); return false; } $q = new DBQuery(); $q->addTable('users'); $q->addQuery('user_id, contact_first_name as user_first_name, contact_last_name as user_last_name, contact_company as user_company, contact_department as user_department, contact_email as user_email, user_type'); $q->addJoin('contacts', 'con', 'contact_id = user_contact'); $q->addWhere("user_id = {$user_id} AND user_username = '******'"); $sql = $q->prepare(); $q->clear(); dprint(__FILE__, __LINE__, 7, "Login SQL: {$sql}"); if (!db_loadObject($sql, $this)) { dprint(__FILE__, __LINE__, 1, 'Failed to load user information'); return false; } // load the user preferences $this->loadPrefs($this->user_id); $this->setUserLocale(); $this->checkStyle(); return true; }
function format_field($value, $type, $ticket = NULL) { global $CONFIG; global $AppUI; global $canEdit; switch ($type) { case "user": if ($value) { $output = query2result("SELECT CONCAT_WS(' ',contact_first_name,contact_last_name) as name FROM users u LEFT JOIN contacts ON u.user_contact = contact_id WHERE user_id = '{$value}'"); } else { $output = "-"; } break; case "status": if ($canEdit) { $output = create_selectbox("type_toggle", array("Open" => $AppUI->_("Open"), "Processing" => $AppUI->_("Processing"), "Closed" => $AppUI->_("Closed"), "Deleted" => $AppUI->_("Deleted")), $value); } else { $output = chooseSelectedValue("type_toggle", array("Open" => $AppUI->_("Open"), "Processing" => $AppUI->_("Processing"), "Closed" => $AppUI->_("Closed"), "Deleted" => $AppUI->_("Deleted")), $value); } break; case "priority_view": $priority = $CONFIG["priority_names"][$value]; $color = $CONFIG["priority_colors"][$value]; if ($value == 3) { $priority = "<strong>{$priority}</strong>"; } if ($value == 4) { $priority = "<blink><strong>{$priority}</strong></blink>"; } $output = "<font color=\"{$color}\">{$priority}</font>"; break; case "priority_select": if ($canEdit) { $output = create_selectbox("priority_toggle", $CONFIG["priority_names"], $value); } else { $output = chooseSelectedValue("priority_toggle", $CONFIG["priority_names"], $value); } break; case "assignment": $options[0] = "-"; $query = "SELECT user_id as id, CONCAT_WS(' ',contact_first_name,contact_last_name) as name FROM users u LEFT JOIN contacts ON u.user_contact = contact_id ORDER BY name"; $result = do_query($query); while ($row = result2hash($result)) { $options[$row["id"]] = $row["name"]; } if ($canEdit) { $output = create_selectbox("assignment_toggle", $options, $value); } else { $output = chooseSelectedValue("assignment_toggle", $options, $value); } break; case "view": if ($CONFIG["index_link"] == "latest") { $latest_value = query2result("SELECT ticket FROM tickets WHERE parent = '{$value}' ORDER BY ticket DESC LIMIT 1"); if ($latest_value) { $value = $latest_value; } } $output = "<a href=index.php?m=ticketsmith&a=view&ticket={$value}>{$value} "; $output .= "<img src=images/icons/pencil.gif border=0></a>"; break; case "attach": $output = "<A href=index.php?m=ticketsmith&a=attach&ticket={$value}>"; $output .= "Link</a>"; break; case "doattach": $output = "<A href=index.php?m=ticketsmith&a=attach&newparent={$value}&dosql=reattachticket&ticket={$ticket}>"; $output .= "Link</a>"; break; case "open_date": $output = get_time_ago($value); if ($CONFIG["warning_active"]) { if (time() - $value > $CONFIG["warning_age"] * 3600) { $output = "<font color=\"" . $CONFIG["warning_color"] . "\"><xb>" . $output . "</strong></font>"; } } break; case "activity_date": if (!$value) { $output = "<em>" . $AppUI->_('none') . "</em>"; } else { $output = get_time_ago($value); } $latest_followup_type = query2result("SELECT type FROM tickets WHERE parent = '{$ticket}' ORDER BY timestamp DESC LIMIT 1"); if ($latest_followup_type) { $latest_followup_type = preg_replace("/(\\w+)\\s.*/", "\\1", $latest_followup_type); $output .= " [{$latest_followup_type}]"; } break; case "elapsed_date": $output = date($CONFIG["date_format"], $value); $time_ago = get_time_ago($value); $output .= " <em>({$time_ago})</em>"; break; case "body": if ($CONFIG["wordwrap"]) { $value = word_wrap($value, 78); } $value = htmlspecialchars($value); $output = "<table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"10\">\n"; $output .= "<tr><td bgcolor=\"" . $CONFIG["ticket_color"] . "\">\n<tt><pre>\n"; $url_find = "/(http|https|ftp|news|telnet|finger)(:\\/\\/[^ \">\\t\\r\\n]*)/"; $url_replace = "<a href=\"\\1\\2\" target=\"new\">"; $url_replace .= "<span style=\"font-size: 10pt;\">\\1\\2</span></a>"; $value = preg_replace($url_find, $url_replace, $value); $output .= stripslashes($value); $output .= "\n</pre></tt>\n</td></tr>\n</table>\n"; break; case "followup": $output = "\n<tt>\n"; $output .= "<textarea style='font-family: monospace;' name=\"followup\" wrap=\"hard\" cols=\"72\" rows=\"20\">\n"; $signature = query2result("SELECT user_signature FROM users WHERE user_id = '{$AppUI->user_id}'"); if ($signature) { $output .= "\n"; $output .= "-- \n"; $output .= $signature; } $output .= "\n\n"; $output .= "---- " . $AppUI->_('Original message') . " ----\n\n"; if ($CONFIG["wordwrap"]) { $value = word_wrap($value, 70, true); } $value = htmlspecialchars($value); $output .= $value; $output .= "\n</textarea>\n"; $output .= "</tt>\n"; break; case "subject": $value = preg_replace("/\\s*Re:\\s*/i", "", $value); $value = preg_replace("/(\\[\\#\\d+\\])(\\w+)/", "\\2", $value); $value = "Re: " . $value; $value = htmlspecialchars($value); @($output .= "<input type=\"text\" name=\"subject\" value=\"{$value}\" size=\"70\">\n"); break; case "cc": $value = htmlspecialchars($value); $output = "<input type=\"text\" name=\"cc\" value=\"{$value}\" size=\"70\">"; break; case "recipient": $value = htmlspecialchars($value); $output = "<input type=\"text\" name=\"recipient\" value=\"{$value}\" size=\"70\">"; break; case "original_author": if ($value) { $value = preg_replace('/\\"/', '', $value); $output = htmlspecialchars($value); } else { $output = "<em>(" . $AppUI->_('original ticket author') . ")</em>"; } break; case "email": if ($value) { $value = preg_replace('/\\"/', '', $value); $output = htmlspecialchars($value); } else { $output = "<em>" . $AppUI->_('none') . "</em>"; } break; case 'ticket_company': $q = new DBQuery(); $q->addTable('companies'); $q->addQuery('companies.*'); $q->addWhere('companies.company_id = ' . $value); $sql = $q->prepare(); if (!db_loadObject($sql, $obj)) { // it all dies! } $output = '<a href="index.php?m=companies&a=view&company_id=' . $value . '">' . $obj->company_name . '</a>'; break; case 'ticket_project': $q = new DBQuery(); $q->addTable('projects'); $q->addQuery('projects.*'); $q->addWhere('projects.project_id = ' . $value); $sql = $q->prepare(); if (!db_loadObject($sql, $obj)) { // it all dies! } $output = '<a href="index.php?m=projects&a=view&project_id=' . $value . '">' . $obj->project_name . '</a>'; break; default: $output = $value ? htmlspecialchars($value) : "<em>" . $AppUI->_('none') . "</em>"; } return $output; }
$q->leftJoin('projects', 'p', 'p.project_id = task_project'); $q->leftJoin('task_log', 'tl', 'tl.task_log_task = task_id'); $q->addWhere('task_id = ' . $task_id); $q->addQuery('tasks.*'); $q->addQuery('project_name, project_color_identifier'); $q->addQuery('u1.user_username as username'); $q->addQuery('ROUND(SUM(task_log_hours),2) as log_hours_worked'); $q->addGroup('task_id'); // check if this record has dependencies to prevent deletion $msg = ''; $obj = new CTask(); $canDelete = $obj->canDelete($msg, $task_id); //$obj = null; $sql = $q->prepare(); $q->clear(); if (!db_loadObject($sql, $obj, true, false)) { $AppUI->setMsg('Task'); $AppUI->setMsg("invalidID", UI_MSG_ERROR, true); $AppUI->redirect(); } else { $AppUI->savePlace(); } if (!$obj->canAccess($AppUI->user_id)) { $AppUI->redirect("m=public&a=access_denied"); } // retrieve any state parameters if (isset($_GET['tab'])) { $AppUI->setState('TaskLogVwTab', $_GET['tab']); } $tab = $AppUI->getState('TaskLogVwTab') !== NULL ? $AppUI->getState('TaskLogVwTab') : 0; // get the prefered date format
function load($oid) { $sql = "SELECT * FROM helpdesk_items WHERE item_id = {$oid}"; return db_loadObject($sql, $this); }
<table class="table-stroke my-style" id="home_visit_guide" data-role="table" data-mode="reflow" data-filter="false" data-filter-placeholder="ค้นหา..."> <thead> <tr> <th>ลำดับ</th> <th>ICD10</th> <th data-priority="2">วินิจฉัย</th> <th data-priority="3">Diag type</th> </tr> </thead> <tbody> <?php $sql = "select ci.icd10,icd.name,dxtype,dt.name as typename \r\n from \r\n clinic_persist_icd ci\r\n join icd101 icd on icd.code=ci.icd10 \r\n join diagtype dt on dt.diagtype=ci.dxtype\r\n where hn={$obj->patient_hn} \r\n group by icd10 order by dxtype"; $obj = null; db_loadObject($sql, $obj); $obj_detail = null; $row = 1; $obj_detail = db_loadList($AppUI, $sql, NULL); foreach ($obj_detail as $key_detail) { ?> <tr> <td><?php echo $row; ?> </td> <td><?php echo $key_detail['icd10']; ?> </td> <td><?php
/** * Generic check for whether dependencies exist for this object in the db schema * * Can be overloaded/supplemented by the child class * @param string $msg Error message returned * @param int Optional key index * @param array Optional array to compiles standard joins: * format [label => 'Label', name => 'table name', idfield => 'field', joinfield => 'field'] * @return true|false */ function canDelete(&$msg, $oid = null, $joins = null) { global $AppUI; // First things first. Are we allowed to delete? $acl =& $AppUI->acl(); if (!$acl->checkModuleItem($this->_permission_name, 'delete', $oid)) { $msg = $AppUI->_('noDeletePermission'); return false; } $k = $this->_tbl_key; if ($oid) { $this->{$k} = intval($oid); } if (is_array($joins)) { $q = new DBQuery(); $q->addTable($this->_tbl, 'k'); $q->addQuery($k); $i = 0; foreach ($joins as $table) { $table_alias = 't' . $i++; $q->addJoin($table['name'], $table_alias, $table_alias . '.' . $table['joinfield'] . ' = ' . 'k' . '.' . $k); $q->addQuery('COUNT(DISTINCT ' . $table_alias . '.' . $table['idfield'] . ') AS ' . $table['idfield'] . $table_alias); } $q->addWhere($k . " = '" . $this->{$k} . "'"); $q->addGroup($k); $sql = $q->prepare(true); $obj = null; if (!db_loadObject($sql, $obj)) { $msg = db_error(); return false; } $msg = array(); $i = 0; foreach ($joins as $table) { $table_alias = 't' . $i++; $k = $table['idfield'] . $table_alias; if ($obj->{$k}) { $msg[] = $table_alias . '.' . $AppUI->_($table['label']); } } if (count($msg)) { $msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg); return false; } } return true; }
/** * Generic check for whether dependencies exist for this object in the db schema * * Can be overloaded/supplemented by the child class * @param string $msg Error message returned * @param int Optional key index * @param array Optional array to compiles standard joins: format [label=>'Label',name=>'table name',idfield=>'field',joinfield=>'field'] * @return true|false */ function canDelete(&$msg, $oid = null, $joins = null) { global $AppUI; // First things first. Are we allowed to delete? $acl =& $AppUI->acl(); if (!$acl->checkModuleItem($this->_tbl, "delete", $oid)) { $msg = $AppUI->_("noDeletePermission"); return false; } $k = $this->_tbl_key; if ($oid) { $this->{$k} = intval($oid); } if (is_array($joins)) { $select = "{$k}"; $join = ""; $q = new DBQuery(); $q->addTable($this->_tbl); $q->addWhere("{$k} = '" . $this->{$k} . "'"); $q->addGroup($k); foreach ($joins as $table) { $q->addQuery("COUNT(DISTINCT {$table['idfield']}) AS {$table['idfield']}"); $q->addJoin($table['name'], $table['name'], "{$table['joinfield']} = {$k}"); } $sql = $q->prepare(); $q->clear(); $obj = null; if (!db_loadObject($sql, $obj)) { $msg = db_error(); return false; } $msg = array(); foreach ($joins as $table) { $k = $table['idfield']; if ($obj->{$k}) { $msg[] = $AppUI->_($table['label']); } } if (count($msg)) { $msg = $AppUI->_("noDeleteRecord") . ": " . implode(', ', $msg); return false; } else { return true; } } return true; }
$q->addQuery('contact_first_name, contact_last_name'); $q->addQuery('project_id'); $q->addQuery('task_id, task_name'); $q->addTable('links'); $q->leftJoin('users', 'u', 'link_owner = user_id'); $q->leftJoin('contacts', 'c', 'user_contact = contact_id'); $q->leftJoin('projects', 'p', 'project_id = link_project'); $q->leftJoin('tasks', 't', 'task_id = link_task'); $q->addWhere('link_id = ' . $link_id); // check if this record has dependancies to prevent deletion $msg = ''; $obj = new CLink(); $canDelete = $obj->canDelete($msg, $link_id); // load the record data $obj = null; if (!db_loadObject($q->prepare(), $obj) && $link_id > 0) { $AppUI->setMsg('Link'); $AppUI->setMsg("invalidID", UI_MSG_ERROR, true); $AppUI->redirect(); } // setup the title block $ttl = $link_id ? "Edit Link" : "Add Link"; $titleBlock = new CTitleBlock($ttl, 'folder5.png', $m, "{$m}.{$a}"); $titleBlock->addCrumb("?m={$m}", "links list"); $canDelete = getPermission($m, 'delete', $link_id); if ($canDelete && $link_id > 0) { $titleBlock->addCrumbDelete('delete link', $canDelete, $msg); } $titleBlock->show(); if ($obj->link_project) { $link_project = $obj->link_project;
function canDelete(&$msg, $oid = null, $joins = null) { global $AppUI; // First things first. Are we allowed to delete? $acl =& $AppUI->acl(); if (!$acl->checkModuleItem('task_log', "delete", $oid)) { $msg = $AppUI->_("noDeletePermission"); return false; } $k = $this->_tbl_key; if ($oid) { $this->{$k} = intval($oid); } if (is_array($joins)) { $select = "{$k}"; $join = ""; foreach ($joins as $table) { $select .= ",\nCOUNT(DISTINCT {$table['idfield']}) AS {$table['idfield']}"; $join .= "\nLEFT JOIN {$table['name']} ON {$table['joinfield']} = {$k}"; } $sql = "SELECT {$select}\nFROM {$this->_tbl}\n{$join}\nWHERE {$k} = " . $this->{$k} . " GROUP BY {$k}"; $obj = null; if (!db_loadObject($sql, $obj)) { $msg = db_error(); return false; } $msg = array(); foreach ($joins as $table) { $k = $table['idfield']; if ($obj->{$k}) { $msg[] = $AppUI->_($table['label']); } } if (count($msg)) { $msg = $AppUI->_("noDeleteRecord") . ": " . implode(', ', $msg); return false; } else { return true; } } return true; }
$AppUI->redirect("m=public&a=access_denied"); } $q = new DBQuery(); $q->addTable('file_folders'); $q->addQuery('file_folders.*'); $q->addWhere("file_folder_id={$folder}"); $sql = $q->prepare(); // check if this record has dependancies to prevent deletion $msg = ''; $obj = new CFileFolder(); if ($folder > 0) { $canDelete = $obj->canDelete($msg, $folder); } // load the record data $obj = null; if (!db_loadObject($sql, $obj) && $folder > 0) { $AppUI->setMsg('File Folder'); $AppUI->setMsg("invalidID", UI_MSG_ERROR, true); $AppUI->redirect(); } $folders = getFolderSelectList(); // setup the title block $ttl = $folder ? "Edit File Folder" : "Add File Folder"; $titleBlock = new CTitleBlock($ttl, 'folder5.png', $m, "{$m}.{$a}"); $titleBlock->addCrumb("?m=files", "files list"); if ($canEdit && $folder > 0) { $titleBlock->addCrumbDelete('delete file folder', $canDelete, $msg); } $titleBlock->show(); ?> <script language="javascript">