function Page_Main()
{
$GLOBALS["Page"] =& $this;
$post = ew_StripSlashes($_POST);
if (count($post) == 0) {
die("Missing post data.");
}
//$sql = $qs->getValue("s");
$sql = @$post["s"];
$sql = ew_Decrypt($sql);
if ($sql == "") {
die("Missing SQL.");
}
if (strpos($sql, "{filter}") > 0) {
$filters = "";
for ($i = 0; $i < 5; $i++) {
// Get the filter values (for "IN")
$filter = ew_Decrypt(@$post["f" . $i]);
if ($filter != "") {
$value = @$post["v" . $i];
if ($value == "") {
if ($i > 0) {
// Empty parent field
//continue; // Allow
ew_AddFilter($filters, "1=0");
}
// Disallow
continue;
}
$arValue = explode(",", $value);
$fldtype = intval(@$post["t" . $i]);
for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) {
$arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype));
}
$filter = str_replace("{filter_value}", implode(",", $arValue), $filter);
ew_AddFilter($filters, $filter);
}
}
$sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql);
}
// Get the query value (for "LIKE" or "=")
$value = ew_AdjustSql(@$post["q"]);
if ($value != "") {
$sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql);
$sql = str_replace("{query_value}", $value, $sql);
}
// Replace {query_value_n}
preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out);
$cnt = count($out[0]);
for ($i = 0; $i < $cnt; $i++) {
$j = $out[1][$i];
$v = ew_AdjustSql(@$post["q" . $j]);
$sql = str_replace("{query_value_" . $j . "}", $v, $sql);
}
$this->GetLookupValues($sql);
}
function Page_Main()
{
$post = ew_StripSlashes($_POST);
if (count($post) == 0) {
die("Missing post data.");
}
//$sql = $qs->getValue("s");
$sql = $post["s"];
$sql = TEAdecrypt($sql, EW_RANDOM_KEY);
if ($sql == "") {
die("Missing SQL.");
}
if (strpos($sql, "{filter}") > 0) {
$filters = "";
for ($i = 0; $i < 5; $i++) {
// Get the filter values (for "IN")
$filter = TEAdecrypt($post["f" . $i], EW_RANDOM_KEY);
if ($filter != "") {
$value = $post["v" . $i];
if ($value == "") {
if ($i > 0) {
// Empty parent field
//continue; // Allow
ew_AddFilter($filters, "1=0");
}
// Disallow
continue;
}
$arValue = explode(",", $value);
$fldtype = intval($post["t" . $i]);
for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) {
$arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype));
}
$filter = str_replace("{filter_value}", implode(",", $arValue), $filter);
ew_AddFilter($filters, $filter);
}
}
$sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql);
}
// Get the query value (for "LIKE" or "=")
$value = ew_AdjustSql(@$post["q"]);
if ($value != "") {
$sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql);
$sql = str_replace("{query_value}", $value, $sql);
}
// Check custom function
$fn = @$post["fn"];
if ($fn != "" && function_exists($fn)) {
// Custom function(&$sql)
$sql = $fn($sql);
}
$this->GetLookupValues($sql);
}
function cField($tblvar, $tblname, $fldvar, $fldname, $fldexp, $fldtype, $flddtfmt, $upload, $fldvirtualexp, $fldvirtual, $forceselect, $fldviewtag = "")
{
$this->TblVar = $tblvar;
$this->TblName = $tblname;
$this->FldVar = $fldvar;
$this->FldName = $fldname;
$this->FldExpression = $fldexp;
$this->FldType = $fldtype;
$this->FldDataType = ew_FieldDataType($fldtype);
$this->FldDateTimeFormat = $flddtfmt;
$this->AdvancedSearch = new cAdvancedSearch();
if ($upload) {
$this->Upload = new cUpload($this->TblVar, $this->FldVar);
}
$this->FldVirtualExpression = $fldvirtualexp;
$this->FldIsVirtual = $fldvirtual;
$this->FldForceSelection = $forceselect;
$this->FldViewTag = $fldviewtag;
}
function __construct($tblvar, $tblname, $fldvar, $fldname, $fldexp, $fldbsexp, $fldtype, $flddtfmt, $upload, $fldvirtualexp, $fldvirtual, $forceselect, $fldvirtualsrch, $fldviewtag = "", $fldhtmltag = "")
{
global $Language;
$this->TblVar = $tblvar;
$this->TblName = $tblname;
$this->FldVar = $fldvar;
$this->FldName = $fldname;
$this->FldExpression = $fldexp;
$this->FldBasicSearchExpression = $fldbsexp;
$this->FldType = $fldtype;
$this->FldDataType = ew_FieldDataType($fldtype);
$this->FldDateTimeFormat = $flddtfmt;
$this->AdvancedSearch = new cAdvancedSearch($this->TblVar, $this->FldVar);
if ($upload) {
$this->Upload = new cUpload($this->TblVar, $this->FldVar);
}
$this->FldVirtualExpression = $fldvirtualexp;
$this->FldIsVirtual = $fldvirtual;
$this->FldForceSelection = $forceselect;
$this->FldVirtualSearch = $fldvirtualsrch;
$this->FldViewTag = $fldviewtag;
$this->FldHtmlTag = $fldhtmltag;
if (isset($_GET[$fldvar])) {
$this->setQueryStringValue($_GET[$fldvar], FALSE);
}
if (isset($_POST[$fldvar])) {
$this->setFormValue($_POST[$fldvar], FALSE);
}
$this->ReqErrMsg = $Language->Phrase("EnterRequiredField");
}
function cField($tblvar, $fldvar, $fldname, $fldexpression, $fldtype, $flddtfmt, $upload = FALSE)
{
$this->TblVar = $tblvar;
$this->FldVar = $fldvar;
$this->FldName = $fldname;
$this->FldExpression = $fldexpression;
$this->FldType = $fldtype;
$this->FldDataType = ew_FieldDataType($fldtype);
$this->FldDateTimeFormat = $flddtfmt;
$this->AdvancedSearch = new cAdvancedSearch();
if ($upload) {
$this->Upload = new cUpload($this->TblVar, $this->FldVar, $this->FldDataType == EW_DATATYPE_BLOB);
}
}
function Page_Main()
{
global $conn;
$GLOBALS["Page"] =& $this;
$post = ew_StripSlashes($_POST);
if (count($post) == 0) {
die("Missing post data.");
}
//$sql = $qs->getValue("s");
$sql = @$post["s"];
$sql = ew_Decrypt($sql);
if ($sql == "") {
die("Missing SQL.");
}
$dbid = @$post["d"];
$conn = ew_Connect($dbid);
// Global Page Loading event (in userfn*.php)
Page_Loading();
if (ob_get_length()) {
// Clear output
ob_clean();
}
if (strpos($sql, "{filter}") > 0) {
$filters = "";
$ar = preg_grep('/^f\\d+$/', array_keys($post));
foreach ($ar as $key) {
// Get the filter values (for "IN")
$filter = ew_Decrypt(@$post[$key]);
if ($filter != "") {
$i = preg_replace('/^f/', '', $key);
$value = @$post["v" . $i];
if ($value == "") {
if ($i > 0) {
// Empty parent field
//continue; // Allow
ew_AddFilter($filters, "1=0");
}
// Disallow
continue;
}
$arValue = explode(",", $value);
$fldtype = intval(@$post["t" . $i]);
$flddatatype = ew_FieldDataType($fldtype);
$bValidData = TRUE;
for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) {
if ($flddatatype == EW_DATATYPE_NUMBER && !is_numeric($arValue[$j])) {
$bValidData = FALSE;
break;
} else {
$arValue[$j] = ew_QuotedValue($arValue[$j], $flddatatype, $dbid);
}
}
if ($bValidData) {
$filter = str_replace("{filter_value}", implode(",", $arValue), $filter);
} else {
$filter = "1=0";
}
$fn = @$post["fn" . $i];
if ($fn == "" || !function_exists($fn)) {
$fn = "ew_AddFilter";
}
$fn($filters, $filter);
}
}
$sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql);
}
// Get the query value (for "LIKE" or "=")
$value = ew_AdjustSql(@$_GET["q"], $dbid);
// Get the query value from querystring
if ($value == "") {
$value = ew_AdjustSql(@$post["q"], $dbid);
}
// Get the value from post
if ($value != "") {
$sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\'', $dbid), $sql);
$sql = str_replace("{query_value}", $value, $sql);
}
// Replace {query_value_n}
preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out);
$cnt = count($out[0]);
for ($i = 0; $i < $cnt; $i++) {
$j = $out[1][$i];
$v = ew_AdjustSql(@$post["q" . $j], $dbid);
$sql = str_replace("{query_value_" . $j . "}", $v, $sql);
}
$this->GetLookupValues($sql, $dbid);
$result = ob_get_contents();
// Global Page Unloaded event (in userfn*.php)
Page_Unloaded();
if (ob_get_length()) {
// Clear output
ob_clean();
}
// Close connection
ew_CloseConn();
// Output
echo $result;
}
