function get_announcements_block() { $buffer = ''; if (is_user_granted_permission(PERM_ADMIN_ANNOUNCEMENTS)) { // include a login warning if user password and email are still the defaults if (get_opendb_session_var('user_id') == 'admin') { $announcements_rs = get_admin_announcements_rs(); while (list(, $announcement_r) = each($announcements_rs)) { $buffer .= "<li><h4>" . $announcement_r['heading'] . "</h4>\n\t\t\t\t\t<p class=\"content\">" . $announcement_r['message'] . "<a class=\"adminLink\" href=\"" . $announcement_r['link'] . "\">" . $announcement_r['link_text'] . "</a></p>"; } } } if (get_opendb_config_var('welcome.announcements', 'enable') !== FALSE && is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) { $results = fetch_announcement_rs('submit_on', 'DESC', 0, get_opendb_config_var('welcome.announcements', 'display_count'), 'Y', 'Y'); if ($results) { while ($announcement_r = db_fetch_assoc($results)) { $buffer .= "<li><h4>" . $announcement_r['title'] . "</h4>"; $buffer .= "<small class=\"submitDate\">" . get_localised_timestamp(get_opendb_config_var('welcome.announcements', 'datetime_mask'), $announcement_r['submit_on']) . "</small>"; $buffer .= "<p class=\"content\">" . nl2br($announcement_r['content']) . "</p></li>"; } db_free_result($results); } } if (strlen($buffer) > 0) { return "\n<div id=\"announcements\">" . "<h3>" . get_opendb_lang_var('announcements') . "</h3>" . "\n<ul>" . $buffer . "\n</ul></div>"; } else { return NULL; } }
function export_type_items(&$exportPlugin, $page_title, $s_item_type, $item_id, $instance_no, $owner_id, $restrict_status_type_r = NULL) { // the $restrict_status_type_r is ignored for a single item if (is_numeric($item_id) && is_numeric($instance_no)) { send_header($exportPlugin, $page_title); $item_r = fetch_item_instance_r($item_id, $instance_no); if ($item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) { send_data(get_export_type_item($exportPlugin, $item_id, $instance_no, $item_r['s_item_type'], $item_r['title'], $owner_id)); } send_footer($exportPlugin); return TRUE; } else { $itemresults = fetch_export_item_rs($s_item_type, $owner_id, $restrict_status_type_r); if ($itemresults) { send_header($exportPlugin, $page_title); while ($item_r = db_fetch_assoc($itemresults)) { send_data(get_export_type_item($exportPlugin, $item_r['item_id'], NULL, $item_r['s_item_type'], $item_r['title'], $owner_id, $include_parent_related_item)); } db_free_result($itemresults); send_footer($exportPlugin); return TRUE; } } //else return FALSE; }
function isAvailable($userid) { if (($this->getConfigId() == NULL || get_opendb_config_var($this->getConfigId(), 'enable') === TRUE) && ($this->getPermId() == NULL || is_user_granted_permission($this->getPermId(), $userid))) { return TRUE; } else { return FALSE; } }
function theme_header($pageid, $title, $include_menu, $mode, $user_id) { global $PHP_SELF; global $HTTP_VARS; global $ADMIN_TYPE; if ($pageid == 'install') { $pageTitle = get_opendb_title_and_version() . " Installation"; } else { $pageTitle = get_opendb_title(); } echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">" . "\n<html>" . "\n<head>" . "\n<title>" . $pageTitle . (!empty($title) ? " - {$title}" : "") . "</title>" . "\n<meta http-equiv=\"Content-Type\" content=\"" . get_content_type_charset() . "\">" . "\n<link rel=\"icon\" href=\"" . theme_image_src("icon-16x16.png") . "\" type=\"image/png\" />" . "\n<link rel=\"search\" type=\"application/opensearchdescription+xml\" title=\"" . get_opendb_title() . " Title Search\" href=\"./searchplugins.php?type=title\">" . "\n<link rel=\"search\" type=\"application/opensearchdescription+xml\" title=\"" . get_opendb_title() . " UPC Search\" href=\"./searchplugins.php?type=upc\">" . get_theme_css($pageid, $mode) . get_opendb_rss_feeds_links() . get_theme_javascript($pageid) . "</head>" . "\n<body>"; echo "<div id=\"header\">"; echo "<h1><a href=\"index.php\">" . $pageTitle . "</a></h1>"; if ($include_menu) { echo "<ul class=\"headerLinks\">"; $help_page = get_opendb_help_page($pageid); if ($help_page != NULL) { echo "<li class=\"help\"><a href=\"help.php?page=" . $help_page . "\" target=\"_new\" title=\"" . get_opendb_lang_var('help') . "\">" . theme_image("help.png") . "</a></li>"; } $printable_page_url = get_printable_page_url($pageid); if ($printable_page_url != NULL) { echo "<li><a href=\"" . $printable_page_url . "\" target=\"_new\" title=\"" . get_opendb_lang_var('printable_version') . "\">" . theme_image("printable.gif") . "</a></li>"; } if (is_exists_my_reserve_basket($user_id)) { echo "<li><a href=\"borrow.php?op=my_reserve_basket\">" . theme_image("basket.png", get_opendb_lang_var('item_reserve_list')) . "</a></li>"; } if (is_user_granted_permission(PERM_VIEW_LISTINGS, NULL, TRUE)) { echo "<li><form class=\"quickSearch\" action=\"listings.php\">" . "<input type=\"hidden\" name=\"search_list\" value=\"y\">" . "<input type=\"hidden\" name=\"title_match\" value=\"partial\">" . "<input type=\"text\" class=\"text\" name=\"title\" size=\"10\" value=\"Title Search\" onfocus=\"if(this.value=='Title Search'){this.value='';this.style.color='black';}\" onblur=\"if(this.value==''){this.value='Title Search';this.style.color='gray';}\">" . "</form></li>"; } if (is_user_granted_permission(PERM_VIEW_ADVANCED_SEARCH, NULL, TRUE)) { echo "<li><a href=\"search.php\" title=\"" . get_opendb_lang_var('advanced_search') . "\">" . get_opendb_lang_var('advanced') . "</a></li>"; } if (strlen($user_id) > 0) { echo "<li class=\"login\"><a href=\"logout.php\">" . get_opendb_lang_var('logout', 'user_id', $user_id) . "</a></li>"; } else { echo "<li class=\"login\"><a href=\"login.php?op=login\">" . get_opendb_lang_var('login') . "</a></li>"; } echo "</ul>"; } echo "</div>"; echo "<div id=\"content\" class=\"{$pageid}Content\">"; if ($include_menu) { if ($pageid == 'admin') { echo "\n<div id=\"admin-menu\" class=\"menuContainer toggleContainer\" onclick=\"return toggleVisible('admin-menu');\">\r\n <span id=\"admin-menu-toggle\" class=\"menuToggle toggleHidden\">" . get_opendb_lang_var('admin_tools') . "</span>\r\n <div id=\"admin-menu-content\" class=\"menuContent elementHidden\">\r\n <h2 class=\"menu\">Admin Tools</h2>"; $menu_options_rs = get_system_admin_tools_menu(); echo get_menu_options_list($menu_options_rs); echo "\n</div>"; echo "\n</div>"; } echo "\n<div id=\"menu\" class=\"menuContainer toggleContainer\" onclick=\"return toggleVisible('menu');\">"; echo "<span id=\"menu-toggle\" class=\"menuToggle toggleHidden\">" . get_opendb_lang_var('main_menu') . "</span>"; echo "<div id=\"menu-content\" class=\"menuContent elementHidden\">"; echo "<h2 class=\"menu\">" . get_opendb_lang_var('main_menu') . '</h2>'; echo get_menu_options_list(get_menu_options($user_id)); echo "\n</div>"; echo "\n</div>"; } }
function get_opendb_rss_feeds() { $feeds_r = array(); if (is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) { $feeds_r[] = array(feed => 'announcements', title => get_opendb_lang_var('announcements')); } if (is_user_granted_permission(PERM_VIEW_LISTINGS)) { $feeds_r[] = array(feed => 'new_items', title => get_opendb_lang_var('new_items_added')); } return $feeds_r; }
function get_list_username($user_id, $mode, $subject = NULL, $redirect_link = NULL, $redirect_url = NULL) { // Do not include email link, if Current User. if ($user_id == get_opendb_session_var('user_id')) { return get_opendb_lang_var('current_user', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id)); } else { $user_name = get_opendb_lang_var('user_name', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id)); if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) { return "<a href=\"user_profile.php?uid=" . $user_id . "&subject=" . urlencode(ifempty($subject, get_opendb_lang_var('no_subject'))) . "&redirect_link=" . urlencode($redirect_link) . "&redirect_url=" . urlencode($redirect_url) . "\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>"; } else { return $user_name; } } }
/** * Is current user able to see UID address * * @param unknown_type $HTTP_VARS * @param unknown_type $address_type_r * @return unknown */ function is_user_address_visible($HTTP_VARS, $address_type_r) { if ($address_type_r['public_address_ind'] == 'Y') { return TRUE; } else { if (is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) { return TRUE; } else { if ($address_type_r['borrow_address_ind'] == 'Y' && is_owner_and_borrower(get_opendb_session_var('user_id'), $HTTP_VARS['uid']) || is_owner_and_borrower($HTTP_VARS['uid'], get_opendb_session_var('user_id'))) { return TRUE; } else { return FALSE; } } } }
function fetch_export_item_instance_rs($s_item_type, $owner_id) { $query = "SELECT i.id as item_id, ii.instance_no, i.title, i.s_item_type, ii.owner_id, ii.borrow_duration, ii.s_status_type, ii.status_comment, UNIX_TIMESTAMP(ii.update_on) AS update_on " . "FROM user u, item i, item_instance ii, s_status_type sst " . "WHERE u.user_id = ii.owner_id AND i.id = ii.item_id AND sst.s_status_type = ii.s_status_type "; if (strlen($s_item_type) > 0) { $query .= "AND i.s_item_type = '{$s_item_type}'"; } // can only export items for active users. $query .= "AND u.active_ind = 'Y' "; if (strlen($owner_id) > 0) { $query .= " AND ii.owner_id = '{$owner_id}' "; } if (!is_user_granted_permission(PERM_ITEM_ADMIN)) { $query .= " AND ( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') "; } $query .= "ORDER by i.id, ii.instance_no"; $result = db_query($query); if ($result && db_num_rows($result) > 0) { return $result; } else { return FALSE; } }
} else { // final fallback output_cache_file($file_cache_r['url']); } return TRUE; } else { return FALSE; } } if (is_site_enabled()) { if (is_opendb_valid_session() || is_site_public_access()) { $isThumbnail = ifempty($HTTP_VARS['op'], 'fullscreen') == 'thumbnail'; if (is_numeric($HTTP_VARS['id'])) { $file_cache_r = fetch_file_cache_r($HTTP_VARS['id']); if ($file_cache_r !== FALSE) { if ($file_cache_r['cache_type'] != 'ITEM' || is_user_granted_permission(PERM_VIEW_ITEM_COVERS)) { handle_file_cache($file_cache_r, $isThumbnail); } else { opendb_not_authorised_page(); } } else { opendb_operation_not_available(); } } else { if (strlen($HTTP_VARS['tmpId']) > 0) { $url = get_url_from_temp_file_cache($HTTP_VARS['tmpId']); if ($url !== FALSE) { output_cache_file($url); } else { opendb_operation_not_available(); }
} else { if ($HTTP_VARS['op'] == 'send_to_uids' && (is_not_empty_array($HTTP_VARS['user_id_rs']) || strlen(trim($HTTP_VARS['checked_user_id_rs_list'])) > 0)) { if ($HTTP_VARS['op2'] == 'send' && send_email_to_userids($HTTP_VARS['user_id_rs'], $from_user_r['user_id'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) { // do nothing } else { show_email_form(get_user_ids_tovalue($HTTP_VARS['user_id_rs']), get_opendb_lang_var('site_users', 'user_desc', get_opendb_config_var('site', 'title')), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors); } } } echo _theme_footer(); } else { opendb_not_authorised_page(PERM_ADMIN_SEND_EMAIL, $HTTP_VARS); } } else { if ($HTTP_VARS['op'] == 'send_to_uid' && is_user_permitted_to_receive_email($HTTP_VARS['uid'])) { if (is_user_granted_permission(PERM_SEND_EMAIL)) { echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']); echo "<h2>" . get_opendb_lang_var('send_email') . "</h2>"; $from_user_r = fetch_user_r(get_opendb_session_var('user_id')); $HTTP_VARS['toname'] = trim(strip_tags($HTTP_VARS['toname'])); if ($HTTP_VARS['op2'] == 'send' && send_email_to_userids(array($HTTP_VARS['uid']), $from_user_r['user_id'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) { // do nothing } else { show_email_form($HTTP_VARS['uid'], fetch_user_name($HTTP_VARS['uid']), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors); } echo _theme_footer(); } else { opendb_not_authorised_page(PERM_SEND_EMAIL, $HTTP_VARS); } } else { opendb_operation_not_available();
function is_user_admin_changed_user() { if (get_opendb_config_var('login', 'enable_change_user') !== FALSE && strlen(get_opendb_session_var('admin_user_id')) > 0 && is_user_granted_permission(PERM_ADMIN_LOGIN, get_opendb_session_var('admin_user_id'))) { return TRUE; } else { return FALSE; } }
function is_exists_my_reserve_basket($borrower_id) { // the right to be a borrower can be revoked at any time, even if // a user has active borrower records. if (is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) { return fetch_my_basket_item_cnt($borrower_id) > 0; } else { return FALSE; } }
function perform_newpassword($HTTP_VARS, &$errors) { if (!is_user_valid($HTTP_VARS['uid'])) { opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not exist', array($HTTP_VARS['uid'])); // make user look successful to prevent mining for valid userids return TRUE; } else { if (!is_user_active($HTTP_VARS['uid'])) { // Do not allow new password operation for 'deactivated' user. opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User is not active', array($HTTP_VARS['uid'])); return FALSE; } else { if (!is_user_granted_permission(PERM_CHANGE_PASSWORD, $HTTP_VARS['uid'])) { opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not have permission to change password', array($HTTP_VARS['uid'])); return FALSE; } else { if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') === FALSE && !is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) { opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: Password change is disabled', array($HTTP_VARS['uid'])); return FALSE; } else { opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User requested to be emailed a new password', array($HTTP_VARS['uid'])); $user_r = fetch_user_r($HTTP_VARS['uid']); $user_passwd = generate_password(8); // only send if valid user (email) if (strlen($user_r['email_addr']) > 0) { $pass_result = update_user_passwd($HTTP_VARS['uid'], $user_passwd); if ($pass_result === TRUE) { $subject = get_opendb_lang_var('lost_password'); $message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('new_passwd_email') . "\n\n" . get_opendb_lang_var('userid') . ": " . $HTTP_VARS['uid'] . "\n" . get_opendb_lang_var('password') . ": " . $user_passwd; if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) { return TRUE; } else { return "EMAIL_NOT_SENT"; } } } else { $errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address."; return FALSE; } } } } } }
$result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage()); } } else { $result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder()); } } else { opendb_not_authorised_page(); } } else { echo _theme_header(get_opendb_lang_var('item_not_found')); echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>"; echo _theme_footer(); } } else { if ($HTTP_VARS['op'] == 'my_history') { if (is_user_valid($HTTP_VARS['uid']) && $HTTP_VARS['uid'] !== get_opendb_session_var('user_id') && is_user_granted_permission(PERM_ADMIN_BORROWER)) { $page_title = get_opendb_lang_var('borrower_history_for_fullname', array('fullname' => fetch_user_name($HTTP_VARS['uid']), 'user_id' => $HTTP_VARS['uid'])); if (is_numeric($listingObject->getItemsPerPage())) { $listingObject->setTotalItems(fetch_my_history_item_cnt($HTTP_VARS['uid'])); if ($listingObject->getTotalItemCount() > 0) { $result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage()); } } else { $result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder()); } } else { $page_title = get_opendb_lang_var('my_history'); if (is_numeric($listingObject->getItemsPerPage())) { $listingObject->setTotalItems(fetch_my_history_item_cnt(get_opendb_session_var('user_id'))); if ($listingObject->getTotalItemCount() > 0) { $result = fetch_my_history_item_rs(get_opendb_session_var('user_id'), $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
function handle_item_relation_delete($item_r, $status_type_r, $HTTP_VARS, &$errors) { if ($item_r['owner_id'] != get_opendb_session_var('user_id') && !is_user_granted_permission(PERM_ITEM_ADMIN)) { $errors = array('error' => get_opendb_lang_var('cannot_delete_relation_item_not_owned'), 'detail' => ''); opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User to delete item relationship they do not own', $item_r); return FALSE; } if ($HTTP_VARS['confirmed'] == 'true') { delete_related_item_instance_relationship($item_r['item_id'], $item_r['instance_no'], $HTTP_VARS['parent_item_id'], $HTTP_VARS['parent_instance_no']); } else { if ($HTTP_VARS['confirmed'] != 'false') { return "__CONFIRM__"; } else { // confirmation required. return "__ABORTED__"; } } }
function build_borrower_stats() { if (get_opendb_config_var('borrow', 'enable') !== FALSE) { echo "<h3>" . get_opendb_lang_var('borrow_stats') . "</h3>"; echo "<table class=\"itemStats\">"; echo "<tr class=\"navbar\">"; echo "<th>" . get_opendb_lang_var('owner') . "</th>"; echo "<th>" . theme_image('reserved.gif', get_opendb_lang_var('reserved'), "borrowed_item") . "</th>"; echo "<th>" . theme_image('borrowed.gif', get_opendb_lang_var('borrowed'), "borrowed_item") . "</th>"; echo "</tr>"; $result = fetch_user_rs(PERM_ITEM_OWNER); if ($result) { $toggle = TRUE; // Totals. $sum_loaned = 0; $sum_reserved = 0; while ($user_r = db_fetch_assoc($result)) { $user_name = get_opendb_lang_var('user_name', array('fullname' => $user_r['fullname'], 'user_id' => $user_r['user_id'])); echo "<tr class=\"data\"><th>"; if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) { echo "<a href=\"user_profile.php?uid=" . $user_r['user_id'] . "\">" . $user_name . "</a>"; } else { echo $user_name; } echo "</th>"; $reserved_total = fetch_owner_reserved_item_cnt($user_r['user_id']); $sum_reserved += $reserved_total; echo "\n<td>"; if ($reserved_total > 0) { echo $reserved_total; } else { echo "-"; } echo "</td>"; $loan_total = fetch_owner_borrowed_item_cnt($user_r['user_id']); $sum_loaned += $loan_total; echo "\n<td>"; if ($loan_total > 0) { echo $loan_total; } else { echo "-"; } echo "</td>"; echo "</tr>"; } //while ($user_r = db_fetch_assoc($result)) db_free_result($result); echo "<tr class=\"data totals\"><th>" . get_opendb_lang_var('totals') . "</th>"; // sum loaned. if (get_opendb_config_var('borrow', 'enable') !== FALSE) { echo "<td>" . $sum_reserved . "</td>"; echo "<td>" . $sum_loaned . "</td>"; } echo "</tr>"; } echo "</table>"; } }
function get_menu_options($user_id) { $menu_options = array(); if (is_user_granted_permission(PERM_ITEM_OWNER, $user_id)) { $menu_options['items'][] = array(link => get_opendb_lang_var('add_new_item'), url => "item_input.php?op=site-add&owner_id={$user_id}"); $menu_options['listings'][] = array(link => get_opendb_lang_var('list_my_items'), url => "listings.php?owner_id={$user_id}"); } if (is_user_granted_permission(PERM_VIEW_LISTINGS)) { $menu_options['listings'][] = array(link => get_opendb_lang_var('list_all_items'), url => "listings.php"); } if (is_file_upload_enabled()) { if (is_user_granted_permission(PERM_ADMIN_IMPORT, $user_id)) { $menu_options['items'][] = array(link => get_opendb_lang_var('import_items'), url => "import.php"); } else { if (is_user_granted_permission(PERM_USER_IMPORT, $user_id)) { $menu_options['items'][] = array(link => get_opendb_lang_var('import_my_items'), url => "import.php"); } } } if (is_user_granted_permission(PERM_ADMIN_EXPORT, $user_id)) { $menu_options['items'][] = array(link => get_opendb_lang_var('export_items'), url => "export.php"); } else { if (is_user_granted_permission(PERM_USER_EXPORT, $user_id)) { $menu_options['items'][] = array(link => get_opendb_lang_var('export_my_items'), url => "export.php"); } } if (get_opendb_config_var('borrow', 'enable') !== FALSE) { if (is_exists_borrowed() && is_user_granted_permission(PERM_ADMIN_BORROWER, $user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('items_borrowed'), url => "borrow.php?op=all_borrowed"); } if (is_exists_reserved() && is_user_granted_permission(PERM_ADMIN_BORROWER, $user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('items_reserved'), url => "borrow.php?op=all_reserved"); } if (is_exists_borrower_history($user_id) && is_user_granted_permission(PERM_USER_BORROWER, $user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('my_history'), url => "borrow.php?op=my_history"); } if (is_exists_borrower_borrowed($user_id) && is_user_granted_permission(PERM_USER_BORROWER, $user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('my_borrowed_items'), url => "borrow.php?op=my_borrowed"); } if (is_exists_borrower_reserved($user_id) && is_user_granted_permission(PERM_USER_BORROWER, $user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('my_reserved_items'), url => "borrow.php?op=my_reserved"); } if (get_opendb_config_var('borrow', 'reserve_basket') !== FALSE && is_exists_my_reserve_basket($user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('item_reserve_list'), url => "borrow.php?op=my_reserve_basket&order_by=title&sortorder=ASC"); } if (is_user_granted_permission(PERM_ITEM_OWNER, $user_id)) { if (is_exists_owner_reserved($user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('check_out_item(s)'), url => "borrow.php?op=owner_reserved"); } if (is_exists_owner_borrowed($user_id)) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('check_in_item(s)'), url => "borrow.php?op=owner_borrowed"); } } if (is_user_granted_permission(PERM_ADMIN_BORROWER, $user_id)) { if (is_exists_history()) { $menu_options['borrow'][] = array(link => get_opendb_lang_var('borrower_history'), url => "borrow.php?op=admin_history"); } $menu_options['borrow'][] = array(link => get_opendb_lang_var('quick_check_out'), url => "quick_checkout.php?op=checkout"); $menu_options['borrow'][] = array(link => get_opendb_lang_var('quick_check_in'), url => "quick_checkout.php?op=checkin"); } } if (is_user_granted_permission(PERM_VIEW_ADVANCED_SEARCH)) { $menu_options['search'][] = array(link => get_opendb_lang_var('advanced_search'), url => "search.php"); } if (is_user_granted_permission(PERM_VIEW_STATS)) { $menu_options['stats'][] = array(link => get_opendb_lang_var('statistics'), url => "stats.php"); } if (is_exists_opendb_rss_feeds()) { $menu_options['feeds'][] = array(link => get_opendb_lang_var('rss_feeds'), url => "rss.php"); } if (is_user_granted_permission(PERM_EDIT_USER_PROFILE, $user_id)) { $menu_options['users'][] = array(link => get_opendb_lang_var('edit_my_info'), url => "user_admin.php?op=edit&user_id={$user_id}"); } if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') !== FALSE && is_user_granted_permission(PERM_CHANGE_PASSWORD, $user_id)) { $menu_options['users'][] = array(link => get_opendb_lang_var('change_my_password'), url => "user_admin.php?op=change_password&user_id={$user_id}"); } if (is_user_granted_permission(PERM_ADMIN_USER_LISTING, $user_id)) { if (is_exist_users_not_activated()) { $menu_options['users'][] = array(link => get_opendb_lang_var('activate_users'), url => "user_listing.php?restrict_active_ind=X&order_by=fullname&sortorder=ASC"); } $menu_options['users'][] = array(link => get_opendb_lang_var('user_list'), url => "user_listing.php?order_by=fullname&sortorder=ASC"); } if (is_user_granted_permission(PERM_ADMIN_CREATE_USER, $user_id)) { $menu_options['users'][] = array(link => get_opendb_lang_var('add_new_user'), url => "user_admin.php?op=new_user"); } if (is_user_granted_permission(PERM_ADMIN_CHANGE_USER, $user_id)) { $menu_options['users'][] = array(link => get_opendb_lang_var('change_user'), url => "user_admin.php?op=change_user"); } if (is_user_granted_permission(PERM_ADMIN_SEND_EMAIL, $user_id)) { if (is_valid_opendb_mailer()) { $menu_options['users'][] = array(link => get_opendb_lang_var('email_users'), url => "email.php?op=send_to_all"); } } if (is_user_granted_permission(PERM_ADMIN_TOOLS, $user_id)) { $menu_options['admin_tools'][] = array(link => get_opendb_lang_var('admin_tools'), url => "admin.php"); } return $menu_options; }
$arrayOfUniqueCatValuesCount = 0; // Now sort all values into alphabetical order! if (is_array($arrayOfUniqueCategories)) { asort($arrayOfUniqueCategories); reset($arrayOfUniqueCategories); while (list($value, $display) = each($arrayOfUniqueCategories)) { $arrayOfUniqueCatValues .= "\narrayOfUniqueCatValues[{$arrayOfUniqueCatValuesCount}] = new LookupAttribute('',\"{$value}\",\"{$display}\");"; $arrayOfUniqueCatValuesCount++; } } // Now wrap and return return "\n<script language=\"JavaScript\">\n<!-- // hide from stupid browsers\n" . $buffer . "\n// -->\n</script>\n"; } if (is_site_enabled()) { if (is_opendb_valid_session() || is_site_public_access()) { if (is_user_granted_permission(PERM_VIEW_ADVANCED_SEARCH)) { $page_title = get_opendb_lang_var('advanced_search'); echo _theme_header($page_title); echo encode_search_javascript_arrays($item_type_rs, $category_type_rs, $item_attribute_type_rs); echo "<h2>" . $page_title . "</h2>"; echo "\n<form name=\"search\" method=\"GET\" action=\"listings.php\">"; echo "\n<input type=\"hidden\" name=\"datetimemask\" value=\"" . get_opendb_config_var('search', 'datetime_mask') . "\">"; echo "\n<input type=\"hidden\" name=\"search_list\" value=\"y\">"; echo "<table class=\"searchForm\">"; echo format_field(get_opendb_lang_var('title'), "\n<input type=\"text\" class=\"text\" id=\"search-title\" size=\"50\" name=\"title\">" . "\n<ul class=\"searchInputOptions\">" . "\n<li><input type=\"radio\" class=\"radio\" name=\"title_match\" value=\"word\">" . get_opendb_lang_var('word_match') . "</li>" . "\n<li><input type=\"radio\" class=\"radio\" name=\"title_match\" value=\"partial\" CHECKED>" . get_opendb_lang_var('partial_match') . "</li>" . "\n<li><input type=\"radio\" class=\"radio\" name=\"title_match\" value=\"exact\">" . get_opendb_lang_var('exact_match') . "</li>" . "\n<li><input type=\"checkbox\" class=\"checkbox\" name=\"title_case\" value=\"case_sensitive\">" . get_opendb_lang_var('case_sensitive') . "</li>" . "\n</ul>"); if (@count($category_type_rs) > 1) { $catTypeSelect = "<select name=\"category\" id=\"search-category\">" . "\n<option value=\"\">-------------- " . get_opendb_lang_var('all') . " --------------"; reset($category_type_rs); while (list($value, $display) = each($category_type_rs)) { $catTypeSelect .= "\n<option value=\"{$value}\">{$display}"; }
function get_upload_form($HTTP_VARS) { global $PHP_SELF; $buffer .= "\n<form name=\"main\" action=\"{$PHP_SELF}\" method=\"POST\" enctype=\"multipart/form-data\">"; $buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"upload\">"; $buffer .= "\n<table>"; if (is_user_granted_permission(PERM_ADMIN_IMPORT)) { $buffer .= format_field(get_opendb_lang_var('owner'), custom_select('owner_id', fetch_user_rs(PERM_USER_IMPORT), '%fullname% (%user_id%)', 1, ifempty($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')), 'user_id')); } else { $buffer .= "\n<input type=\"hidden\" name=\"owner_id\" value=\"" . $HTTP_VARS['owner_id'] . "\">"; } $buffer .= format_field(get_opendb_lang_var('item_type'), single_select('s_item_type', fetch_item_type_rs(TRUE), "%value% - %display%", NULL, $HTTP_VARS['s_item_type'])); $buffer .= format_field(get_opendb_lang_var('file'), "<input type=\"file\" class=\"file\" size=\"25\" name=\"uploadfile\">"); $buffer .= "\n</table>"; $buffer .= "\n<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">"; $buffer .= "\n</form>"; return $buffer; }
echo format_footer_links($instance_info_links_r); echo "</div>"; if (get_opendb_config_var('item_review', 'enable') !== FALSE) { echo "<div class=\"{$otherTabsClass}\" id=\"reviews\">"; echo get_item_review_block($item_r); echo "</div>"; } echo "</div>"; // end of tab content echo "</div>"; // end of tabContainer } else { echo _theme_header(get_opendb_lang_var('item_not_found')); echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>"; } if (is_export_plugin(get_opendb_config_var('item_display', 'export_link')) && is_user_granted_permission(PERM_USER_EXPORT)) { $footer_links_r[] = array(url => "export.php?op=export&plugin=" . get_opendb_config_var('item_display', 'export_link') . "&item_id=" . $item_r['item_id'] . "&instance_no=" . $item_r['instance_no'], text => get_opendb_lang_var('export_item_record')); } // Include a Back to Listing link. if (is_opendb_session_var('listing_url_vars')) { $footer_links_r[] = array(url => "listings.php?" . get_url_string(get_opendb_session_var('listing_url_vars')), text => get_opendb_lang_var('back_to_listing')); } echo format_footer_links($footer_links_r); echo _theme_footer(); } else { opendb_not_authorised_page(PERM_VIEW_ITEM_DISPLAY, $HTTP_VARS); } } else { // invalid login, so login instead. redirect_login($PHP_SELF, $HTTP_VARS); }
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ $_OVRD_OPENDB_LANGUAGE = 'english'; // This must be first - includes config.php require_once "./include/begin.inc.php"; include_once "./lib/database.php"; include_once "./lib/auth.php"; include_once "./lib/logging.php"; include_once "./lib/utils.php"; include_once "./lib/parseutils.php"; include_once "./lib/widgets.php"; include_once "./lib/admin.php"; define('OPENDB_ADMIN_TOOLS', 'true'); if (is_site_enabled()) { if (is_opendb_valid_session()) { if (is_user_granted_permission(PERM_ADMIN_TOOLS)) { $HTTP_VARS['type'] = ifempty($HTTP_VARS['type'], 'config'); $ADMIN_TYPE = $HTTP_VARS['type']; $ADMIN_DIR = './admin/' . $ADMIN_TYPE; if (file_exists("./admin/" . $ADMIN_TYPE . "/functions.php")) { include_once "./admin/" . $ADMIN_TYPE . "/functions.php"; } if (file_exists("./admin/" . $ADMIN_TYPE . "/ajaxjobs.php")) { require_once "./lib/xajax/xajax_core/xajax.inc.php"; $xajax = new xajax("admin.php?type={$ADMIN_TYPE}"); $xajax->configure('javascript URI', 'lib/xajax/'); $xajax->configure('debug', false); $xajax->configure('statusMessages', true); $xajax->configure('waitCursor', true); include_once "./admin/" . $ADMIN_TYPE . "/ajaxjobs.php"; $xajax->processRequest();
/** * NOTE: PRIVATE FUNCTION. Will return the FROM and WHERE clauses for a selection from the item table. If $owner_id defined, will limit to only items owned by owner_id If $s_item_type defined, will limit to only items of that type. If $category defined, will limit to only items of that category. If $letter defined will limit to item.title starting with that letter. If $interest_level defined will limit to items with that interest level or higher. @param $HTTP_VARS['...'] variables supported: owner_id, s_item_type, s_item_type[], s_item_type_group, title, title_match, category, rating, attribute_type, lookup_attribute_val, attribute_val, attr_match, update_on, datetimemask, update_on_days, letter, start_item_id s_status_type[], status_comment, not_s_status_type[], interest_level */ function from_and_where_clause($HTTP_VARS, $column_display_config_rs = NULL, $query_type = 'LISTING') { // For checking whether count (DISTINCT ...) is supported, and thus // whether we have to do any special processing! $from_r[] = 'item i'; $from_r[] = 'item_instance ii'; $where_r[] = 'ii.item_id = i.id'; // only parent items should ever be listed. // // Owner restriction // if (strlen($HTTP_VARS['owner_id']) > 0) { $where_r[] = 'ii.owner_id = \'' . $HTTP_VARS['owner_id'] . '\''; } else { if (strlen($HTTP_VARS['not_owner_id']) > 0) { //For not showing current user items. $where_r[] = 'ii.owner_id <> \'' . $HTTP_VARS['not_owner_id'] . '\''; } } // // Item Type / Item Type group restriction // if (!is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) > 0) { $where_r[] = 'i.s_item_type = \'' . $HTTP_VARS['s_item_type'] . '\''; } else { if (strlen($HTTP_VARS['s_item_type_group']) > 0) { $from_r[] = 's_item_type_group_rltshp sitgr'; $where_r[] = 'sitgr.s_item_type = i.s_item_type'; $where_r[] = 'sitgr.s_item_type_group = \'' . $HTTP_VARS['s_item_type_group'] . '\''; } else { if (is_not_empty_array($HTTP_VARS['s_item_type'])) { $where_r[] = 'i.s_item_type IN(' . format_sql_in_clause($HTTP_VARS['s_item_type']) . ')'; } } } $from_r[] = 's_status_type sst'; $where_r[] = 'sst.s_status_type = ii.s_status_type'; // // Status Type restriction // if (is_not_empty_array($HTTP_VARS['s_status_type'])) { $where_r[] = 'sst.s_status_type IN(' . format_sql_in_clause($HTTP_VARS['s_status_type']) . ')'; } else { if ($HTTP_VARS['s_status_type'] != 'ALL' && strlen($HTTP_VARS['s_status_type']) > 0) { $where_r[] = 'sst.s_status_type = \'' . $HTTP_VARS['s_status_type'] . '\''; } } // no need for such a restriction if current user is item admin if (!is_user_granted_permission(PERM_ITEM_ADMIN)) { $where_r[] = "( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') "; } // // User and Status type restriction // if (strcmp($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')) !== 0) { // not current user $from_r[] = 'user u'; $where_r[] = 'u.user_id = ii.owner_id'; $where_r[] = 'u.active_ind = \'Y\''; } // // Status Comment restriction // if (strlen($HTTP_VARS['status_comment']) > 0) { // Escape only the single quote! $HTTP_VARS['status_comment'] = str_replace("'", "\\'", $HTTP_VARS['status_comment']); if ($HTTP_VARS['status_comment_match'] != 'exact') { $parser = new BooleanParser(); $statements = $parser->parseBooleanStatement($HTTP_VARS['status_comment']); if (is_array($statements)) { $where_r[] = build_boolean_clause($statements, 'ii.status_comment', $HTTP_VARS['status_comment_match'], 'AND', $HTTP_VARS['status_comment_case']); } } else { if (is_null($HTTP_VARS['status_comment_case'])) { $where_r[] = 'ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\''; } else { $where_r[] = 'BINARY ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\''; } } } // // Title restriction // if (strlen($HTTP_VARS['title']) > 0) { // Escape only the single quote! $HTTP_VARS['title'] = str_replace("'", "\\'", $HTTP_VARS['title']); if ($HTTP_VARS['title_match'] != 'exact') { $parser = new BooleanParser(); $statements = $parser->parseBooleanStatement($HTTP_VARS['title']); if (is_array($statements)) { $where_r[] = build_boolean_clause($statements, 'i.title', $HTTP_VARS['title_match'], 'AND', $HTTP_VARS['title_case']); } } else { if (is_null($HTTP_VARS['title_case'])) { $where_r[] = 'i.title = \'' . $HTTP_VARS['title'] . '\''; } else { $where_r[] = 'BINARY i.title = \'' . $HTTP_VARS['title'] . '\''; } } } else { if (strlen($HTTP_VARS['letter']) > 0) { // Numeric match. if ($HTTP_VARS['letter'] == '#') { $where_r[] = 'ASCII(LEFT(title,1)) BETWEEN ASCII(\'0\') AND ASCII(\'9\')'; } else { $where_r[] = 'UPPER(LEFT(i.title,1)) = \'' . strtoupper($HTTP_VARS['letter']) . '\''; } } } // // Last Updated support // if (strlen($HTTP_VARS['update_on']) > 0) { if (strlen($HTTP_VARS['datetimemask']) > 0) { $timestamp = get_timestamp_for_datetime($HTTP_VARS['update_on'], $HTTP_VARS['datetimemask']); if ($timestamp !== FALSE) { $where_r[] = 'ii.update_on >= FROM_UNIXTIME(' . $timestamp . ')'; } else { // by default get items from 1 day ago, if update_on can not be parsed correctly. $where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-1)'; } } else { $where_r[] = 'ii.update_on >= \'' . $HTTP_VARS['update_on'] . '\''; } } else { if (is_numeric($HTTP_VARS['update_on_days'])) { // GIve us all records updated in the last however many days. $where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['update_on_days'] . ')'; } } // // Item Attribute listing/restriction // if (is_array($column_display_config_rs)) { for ($i = 0; $i < count($column_display_config_rs); $i++) { if ($column_display_config_rs[$i]['column_type'] == 's_attribute_type') { if ($column_display_config_rs[$i]['search_attribute_ind'] != 'y') { // either LISTING or COUNT if ($query_type != 'COUNT') { $left_join = 'LEFT JOIN item_attribute ia' . $i . ' ON ' . 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\' AND ia' . $i . '.attribute_no = 1'; // So we can work out which search attribute types to display if (is_numeric($column_display_config_rs[$i]['order_no'])) { $left_join .= ' AND ia' . $i . '.order_no = ' . $column_display_config_rs[$i]['order_no']; } $left_join_from_r[] = $left_join; } } else { // search attribute $from_r[] = 'item_attribute ia' . $i; // now do the where clause. $where_r[] = 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\''; // AND ia'.$i.'.attribute_no = 1'; if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%' && $column_display_config_rs[$i]['attr_match'] != 'exact') { $parser = new BooleanParser(); $statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val']))); if (is_array($statements)) { if ($column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') { $where_r[] = build_boolean_clause($statements, 'ia' . $i . '.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']); } else { $where_r[] = build_boolean_clause($statements, 'ia' . $i . '.attribute_val', $column_display_config_rs[$i]['attr_match'], 'AND', $HTTP_VARS['attr_case']); } } } else { if (strlen($column_display_config_rs[$i]['lookup_attribute_val']) > 0 && $column_display_config_rs[$i]['lookup_attribute_val'] != '%' && $column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') { $value = str_replace("'", "\\'", $column_display_config_rs[$i]['lookup_attribute_val']); $where_r[] = 'ia' . $i . '.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\''; } else { if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%') { if (starts_with($column_display_config_rs[$i]['attribute_val'], '"') && ends_with($column_display_config_rs[$i]['attribute_val'], '"')) { $column_display_config_rs[$i]['attribute_val'] = substr($column_display_config_rs[$i]['attribute_val'], 1, -1); } $value = strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val'])); $where_r[] = 'UPPER(ia' . $i . '.attribute_val) = \'' . str_replace('\\_', '_', $value) . '\''; } } } if (strlen($HTTP_VARS['attr_update_on']) > 0) { if (strlen($HTTP_VARS['datetimemask']) > 0) { $timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']); if ($timestamp !== FALSE) { $where_r[] = 'ia' . $i . '.update_on >= FROM_UNIXTIME(' . $timestamp . ')'; } else { // by default get items from 1 day ago, if update_on can not be parsed correctly. $where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-1)'; } } else { $where_r[] = 'ia' . $i . '.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\''; } } else { if (is_numeric($HTTP_VARS['attr_update_on_days'])) { // GIve us all records updated in the last however many days. $where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')'; } } } } else { if ($column_display_config_rs[$i]['column_type'] == 's_field_type') { if ($column_display_config_rs[$i]['s_field_type'] == 'CATEGORY') { $from_r[] = 's_item_attribute_type catsiat'; $from_r[] = 's_attribute_type catsat'; $where_r[] = 'catsiat.s_item_type = i.s_item_type AND catsat.s_attribute_type = catsiat.s_attribute_type AND catsat.s_field_type = \'CATEGORY\''; $left_join_clause = 'LEFT JOIN item_attribute catia ON ' . 'catia.item_id = i.id AND (catia.instance_no = 0 OR catia.instance_no = ii.instance_no) AND catia.s_attribute_type = catsiat.s_attribute_type AND catia.order_no = catsiat.order_no'; if (strlen($HTTP_VARS['category']) > 0 || strcasecmp($HTTP_VARS['attr_match'], 'category') === 0 && strlen($HTTP_VARS['attribute_val']) > 0) { // Support specifying $attribute_val for $category where $attr_match=="category"! // If item_type && item_type_group are not set! if (strlen($HTTP_VARS['attribute_type']) > 0 && !is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) == 0 && strlen($HTTP_VARS['s_item_type_group']) == 0) { $where_r[] = 'catsat.s_attribute_type = \'' . $HTTP_VARS['attribute_type'] . '\''; } // Escape single quotes only. $value = strtoupper(str_replace("'", "\\'", ifempty($HTTP_VARS['category'], $HTTP_VARS['attribute_val']))); $where_r[] = 'UPPER(catia.lookup_attribute_val) = \'' . str_replace('\\_', '_', $value) . '\''; } else { $left_join_clause .= ' AND catia.attribute_no = 1'; } $left_join_from_r[] = $left_join_clause; } else { if ($column_display_config_rs[$i]['s_field_type'] == 'INTEREST') { // can only restrict interest level if its displayed as a column if (strlen($HTTP_VARS['interest_level']) > 0) { $where_r[] = "it.item_id = ii.item_id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'" . " AND it.level >= " . $HTTP_VARS['interest_level']; $from_r[] = "user_item_interest it"; } else { $left_join_from_r[] = "LEFT JOIN user_item_interest it ON it.item_id = i.id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'"; } } } } } } } // If attribute_val specified without a attribute_type, then do a loose join to item_attribute table, // only on attribute_val column. if (strlen($HTTP_VARS['attribute_type']) == 0 && (strlen($HTTP_VARS['attribute_val']) > 0 || strlen($HTTP_VARS['attr_update_on']) > 0 || strlen($HTTP_VARS['attr_update_on_days']) > 0)) { $from_r[] = 'item_attribute ia'; // now do the where clause. $where_r[] = 'ia.item_id = i.id '; //AND ia.attribute_no = 1'; if ($HTTP_VARS['attr_match'] != 'exact') { $parser = new BooleanParser(); $statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $HTTP_VARS['attribute_val']))); if (is_array($statements)) { if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) { $where_r[] = build_boolean_clause($statements, 'ia.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']); } else { $where_r[] = build_boolean_clause($statements, 'ia.attribute_val', $HTTP_VARS['attr_match'], 'AND', $HTTP_VARS['attr_case']); } } } else { // attr_match = 'exact' if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) { $value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']); $where_r[] = 'ia.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\''; } else { $value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']); if (is_null($HTTP_VARS['attr_case'])) { $where_r[] = '( ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . '\')'; } else { $where_r[] = '( BINARY ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . '\')'; } } } if (strlen($HTTP_VARS['attr_update_on']) > 0) { if (strlen($HTTP_VARS['datetimemask']) > 0) { $timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']); if ($timestamp !== FALSE) { $where_r[] = 'ia.update_on >= FROM_UNIXTIME(' . $timestamp . ')'; } else { // by default get items from 1 day ago, if update_on can not be parsed correctly. $where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-1)'; } } else { $where_r[] = 'ia.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\''; } } else { if (is_numeric($HTTP_VARS['attr_update_on_days'])) { // GIve us all records updated in the last however many days. $where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')'; } } } // // Review restrictions // if (strlen($HTTP_VARS['rating']) > 0) { $where_r[] = 'r.item_id = i.id AND r.rating >= ' . $HTTP_VARS['rating']; $from_r[] = 'review r'; } // // Item ID range restriction (Used by Import script) // if (strlen($HTTP_VARS['item_id_range']) > 0) { $where_r[] = 'i.id IN (' . expand_number_range($HTTP_VARS['item_id_range']) . ')'; } // // Now build the SQL query // if (is_array($from_r)) { $from_clause = ''; for ($i = 0; $i < count($from_r); $i++) { if (strlen($from_clause) > 0) { $from_clause .= ', '; } $from_clause .= $from_r[$i]; } $query .= 'FROM (' . $from_clause . ') '; } if (is_array($left_join_from_r)) { $left_join_from_clause = ''; for ($i = 0; $i < count($left_join_from_r); $i++) { if (strlen($left_join_from_clause) > 0) { $left_join_from_clause .= ' '; } $left_join_from_clause .= $left_join_from_r[$i]; } $query .= $left_join_from_clause . ' '; } if (is_array($where_r)) { $where_clause = ''; for ($i = 0; $i < count($where_r); $i++) { if (strlen($where_clause) > 0) { $where_clause .= ' AND '; } $where_clause .= $where_r[$i]; } $query .= 'WHERE ' . $where_clause; } return $query; }
if ($HTTP_VARS['confirmed'] == 'false') { echo "<p class=\"success\">" . get_opendb_lang_var('review_not_deleted') . "</p>"; } else { echo get_op_confirm_form($PHP_SELF, get_opendb_lang_var('confirm_delete_review'), $HTTP_VARS); } } } else { echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>"; } } else { echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>"; } } else { if ($HTTP_VARS['op'] == 'edit') { if (get_opendb_config_var('item_review', 'update_support') !== FALSE) { if (is_review_author($review_r['sequence_number']) || is_user_granted_permission(PERM_ADMIN_REVIEWER)) { echo get_edit_form('update', $review_r, $HTTP_VARS); } else { echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>"; } } else { echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>"; } } else { if ($HTTP_VARS['op'] == 'add') { echo get_edit_form('insert', array(), $HTTP_VARS); } } } } }
function handle_new_or_site($op, $item_r, $status_type_r, $HTTP_VARS, &$errors) { if (is_user_granted_permission(PERM_ITEM_OWNER) && $item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ITEM_ADMIN)) { if (is_valid_item_type_structure($item_r['s_item_type'])) { $formContents = get_edit_form($op, $item_r, $status_type_r, $HTTP_VARS); if ($formContents != FALSE) { return $formContents; } else { $errors = array('error' => get_opendb_lang_var('undefined_error'), detail => ''); return FALSE; } } else { $errors = array('error' => get_opendb_lang_var('invalid_item_type_structure', 's_item_type', $item_r['s_item_type']), 'detail' => ''); return FALSE; } } else { $errors = array('error' => get_opendb_lang_var('operation_not_available')); opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User attempted to insert an item for another user', $item_r); return FALSE; } }
function validate_borrower_id($borrower_id, &$errors) { if (strlen($borrower_id) > 0) { if (!is_user_active($borrower_id)) { $errors[] = get_opendb_lang_var('invalid_borrower_user', 'user_id', $HTTP_VARS['borrower_id']); return FALSE; } else { if (!is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) { $errors[] = get_opendb_lang_var('user_must_be_borrower', 'user_id', $HTTP_VARS['borrower_id']); return FALSE; } else { return TRUE; } } } else { return FALSE; } }
function get_related_items_listing($item_r, $HTTP_VARS, $related_mode) { global $PHP_SELF; $buffer = ''; $results = fetch_item_instance_relationship_rs($item_r['item_id'], $item_r['instance_no'], $related_mode); if ($results) { $listingObject = new HTML_Listing($PHP_SELF, $HTTP_VARS); $listingObject->setBufferOutput(TRUE); $listingObject->setNoRowsMessage(get_opendb_lang_var('no_items_found')); $listingObject->setShowItemImages(TRUE); $listingObject->setIncludeFooter(FALSE); $listingObject->addHeaderColumn(get_opendb_lang_var('type'), 'type', FALSE); $listingObject->addHeaderColumn(get_opendb_lang_var('title'), 'title', FALSE); $listingObject->addHeaderColumn(get_opendb_lang_var('action'), 'action', FALSE); $listingObject->addHeaderColumn(get_opendb_lang_var('status'), 'status', FALSE); $listingObject->addHeaderColumn(get_opendb_lang_var('status_comment'), 'status_comment', FALSE); $listingObject->addHeaderColumn(get_opendb_lang_var('category'), 'category', FALSE); $listingObject->startListing(NULL); while ($related_item_r = db_fetch_assoc($results)) { $listingObject->startRow(); $listingObject->addItemTypeImageColumn($related_item_r['s_item_type']); $listingObject->addTitleColumn($related_item_r); $action_links_rs = NULL; if (is_user_granted_permission(PERM_ITEM_OWNER) && get_opendb_session_var('user_id') === $item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) { $action_links_rs[] = array(url => 'item_input.php?op=edit&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'edit.gif', text => get_opendb_lang_var('edit')); if (get_opendb_config_var('listings', 'show_refresh_actions') && is_item_legal_site_type($related_item_r['s_item_type'])) { $action_links_rs[] = array(url => 'item_input.php?op=site-refresh&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'refresh.gif', text => get_opendb_lang_var('refresh')); } $action_links_rs[] = array(url => 'item_input.php?op=delete&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'] . '&parent_item_id=' . $item_r['item_id'] . '&parent_instance_no=' . $item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete')); $action_links_rs[] = array(url => 'item_input.php?op=delete-relation&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'] . '&parent_item_id=' . $related_item_r['item_id'] . '&parent_instance_no=' . $related_item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete_relationship')); } $listingObject->addActionColumn($action_links_rs); $status_type_r = fetch_status_type_r($related_item_r['s_status_type']); $listingObject->addThemeImageColumn($status_type_r['img'], $status_type_r['description'], $status_type_r['description'], 's_status_type'); //type // If a comment is allowed and defined, add it in. if ($status_type_r['status_comment_ind'] == 'Y' || get_opendb_session_var('user_id') === $related_item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) { // support newlines in this field $listingObject->addColumn(nl2br($related_item_r['status_comment'])); } else { $listingObject->addColumn(get_opendb_lang_var('not_applicable')); } $attribute_type_r = fetch_sfieldtype_item_attribute_type_r($related_item_r['s_item_type'], 'CATEGORY'); if (is_array($attribute_type_r)) { if ($attribute_type_r['lookup_attribute_ind'] === 'Y') { $attribute_val = fetch_attribute_val_r($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']); } else { $attribute_val = fetch_attribute_val($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']); } $listingObject->addAttrDisplayColumn($related_item_r, $attribute_type_r, $attribute_val); } $listingObject->endRow(); } $listingObject->endListing(); $buffer =& $listingObject->getContents(); unset($listingObject); return $buffer; } else { return NULL; } }
} if (get_opendb_config_var('borrow', 'enable') !== FALSE && get_opendb_config_var('listings.borrow', 'enable') !== FALSE) { if (is_item_borrowed($item_r['item_id'], $item_r['instance_no'])) { if (is_user_allowed_to_checkin_item($item_r['item_id'], $item_r['instance_no'])) { $action_links_rs[] = array(url => 'item_borrow.php?op=check_in&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'check_in_item.gif', text => get_opendb_lang_var('check_in_item')); } } else { if (get_opendb_config_var('borrow', 'quick_checkout') !== FALSE && get_opendb_config_var('listings.borrow', 'quick_checkout_action') !== FALSE && $status_type_rs[$item_r['s_status_type']]['borrow_ind'] == 'Y' && is_user_allowed_to_checkout_item($item_r['item_id'], $item_r['instance_no'])) { $action_links_rs[] = array(url => 'item_borrow.php?op=quick_check_out&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'quick_check_out.gif', text => get_opendb_lang_var('quick_check_out')); } } } if ($item_r['owner_id'] != get_opendb_session_var('user_id')) { // Reservation/Cancel Information. if (get_opendb_config_var('borrow', 'enable') !== FALSE && get_opendb_config_var('listings.borrow', 'enable') !== FALSE) { if (is_user_granted_permission(PERM_USER_BORROWER) && $status_type_rs[$item_r['s_status_type']]['borrow_ind'] == 'Y') { if (is_item_reserved_or_borrowed($item_r['item_id'], $item_r['instance_no'])) { if (is_item_reserved_by_user($item_r['item_id'], $item_r['instance_no'])) { $action_links_rs[] = array(url => 'item_borrow.php?op=cancel_reserve&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'cancel_reserve.gif', text => get_opendb_lang_var('cancel')); } else { if (!is_item_borrowed_by_user($item_r['item_id'], $item_r['instance_no'])) { if ((get_opendb_config_var('borrow', 'allow_reserve_if_borrowed') !== FALSE || !is_item_borrowed($item_r['item_id'], $item_r['instance_no'])) && (get_opendb_config_var('borrow', 'allow_multi_reserve') !== FALSE || !is_item_reserved($item_r['item_id'], $item_r['instance_no']))) { if (get_opendb_config_var('borrow', 'reserve_basket') !== FALSE && get_opendb_config_var('listings.borrow', 'basket_action') !== FALSE) { $action_links_rs[] = array(url => 'borrow.php?op=update_my_reserve_basket&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'add_reserve_basket.gif', text => get_opendb_lang_var('add_to_reserve_list')); } if (get_opendb_config_var('listings.borrow', 'reserve_action') !== FALSE) { $action_links_rs[] = array(url => 'item_borrow.php?op=reserve&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'reserve_item.gif', text => get_opendb_lang_var('reserve')); } } } }
function is_user_permitted_to_receive_email($user_id) { return is_user_valid($user_id) && is_user_active($user_id) && is_user_granted_permission(PERM_RECEIVE_EMAIL, $user_id); }
function handle_user_password_change($user_id, $HTTP_VARS, &$errors) { $user_r = fetch_user_r($user_id); if (is_not_empty_array($user_r)) { // If at least one password specified, we will try to perform update. if (strlen($HTTP_VARS['pwd']) > 0 || strlen($HTTP_VARS['confirmpwd']) > 0) { if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') !== FALSE || is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) { if ($HTTP_VARS['pwd'] != $HTTP_VARS['confirmpwd']) { $error = get_opendb_lang_var('passwds_do_not_match'); } else { if (strlen($HTTP_VARS['pwd']) == 0) { $error = get_opendb_lang_var('passwd_not_specified'); } else { if (update_user_passwd($user_id, $HTTP_VARS['pwd'])) { return TRUE; } else { $error = db_error(); return FALSE; } } } } else { return FALSE; } } else { $error = get_opendb_lang_var('passwd_not_specified'); return FALSE; } } else { return FALSE; } }
function writeRowImpl($row_column_rs) { if ($this->_toggle) { $this->rowclass = "oddRow"; } else { $this->rowclass = "evenRow"; } $this->_write("\n<tr class=\"" . $this->rowclass . "\">"); for ($i = 0; $i < count($row_column_rs); $i++) { $header_column_r = $this->_header_column_rs[$i]; $columnClass = NULL; if (strlen($header_column_r['fieldname']) > 0) { $columnClass = $header_column_r['fieldname']; } switch ($row_column_rs[$i]['column_type']) { case 'action_links': $this->_write('<td class="action_links ' . $columnClass . '">'); $this->_write(ifempty(format_action_links($row_column_rs[$i]['action_links']), get_opendb_lang_var('not_applicable'))); $this->_write('</td>'); break; case 'username': $this->_write('<td class="username ' . $columnClass . '">'); $user_id = $row_column_rs[$i]['user_id']; $fullname = $row_column_rs[$i]['fullname']; if ($user_id == get_opendb_session_var('user_id')) { $this->_write(get_opendb_lang_var('current_user', array('fullname' => $fullname, 'user_id' => $user_id))); } else { $user_name = get_opendb_lang_var('user_name', array('fullname' => $fullname, 'user_id' => $user_id)); if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_USER_PROFILE)) { $item_title = ''; // lets find the title column. for ($j = 0; $j < count($row_column_rs); $j++) { if ($row_column_rs[$j]['column_type'] == 'title') { $item_title = trim(strip_tags($row_column_rs[$j]['item_title'])); break; } } $url = "user_profile.php?uid=" . $user_id; if (is_array($row_column_rs[$i]['extra_http_vars'])) { $url .= "&" . get_url_string($row_column_rs[$i]['extra_http_vars']); } $url .= "&subject=" . urlencode(ifempty($item_title, get_opendb_lang_var('no_subject'))); $this->_write("<a href=\"{$url}\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>"); } else { $this->_write($user_name); } } $this->_write('</td>'); break; case 'interest': // opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, "_xajax=" . $_xajax===NULL?"nulles":"nonnul"); $item_id = $row_column_rs[$i]['item_id']; $instance_no = $row_column_rs[$i]['instance_no']; $level = $row_column_rs[$i]['level']; if ($level > 0) { $this->addHelpEntry(get_opendb_lang_var('interest_help'), 'interest_1.gif', 'interest'); $new_level_value = 0; $level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_1.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_remove') . "\"" . " title=\"" . get_opendb_lang_var('interest_remove') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}', '{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >"; } else { $new_level_value = 1; $level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_0.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_mark') . "\"" . " title=\"" . get_opendb_lang_var('interest_mark') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}','{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >"; } $this->_write('<td class="interest ' . $columnClass . '">'); $this->_write("<input id=\"new_level_value_{$item_id}" . "_{$instance_no}\" type=\"hidden\" value=\"{$new_level_value}\" />"); $this->_write($level_display); $this->_write('</td>'); break; case 'item_type_image': $this->_write('<td class="item_type_image ' . $columnClass . '">'); $s_item_type = $row_column_rs[$i]['s_item_type']; if (!is_array($this->_item_type_rs[$s_item_type]) || strlen($this->_item_type_rs[$s_item_type]['image']) == 0) { $this->_item_type_rs[$s_item_type] = fetch_item_type_r($s_item_type); // expand to the actual location once only. if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0) { $this->_item_type_rs[$s_item_type]['image'] = theme_image_src($this->_item_type_rs[$s_item_type]['image']); } else { $this->_item_type_rs[$s_item_type]['image'] = 'none'; } if (strlen($this->_item_type_rs[$s_item_type]['description']) > 0) { $this->_item_type_rs[$s_item_type]['description'] = htmlspecialchars($this->_item_type_rs[$s_item_type]['description']); } else { $this->_item_type_rs[$s_item_type]['description'] = NULL; } } if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0 && $this->_item_type_rs[$s_item_type]['image'] != 'none') { $this->_write(theme_image($this->_item_type_rs[$s_item_type]['image'], $this->_item_type_rs[$s_item_type]['description'], 's_item_type')); } else { // otherwise write the item type itself in place of the image. $this->_write($s_item_type); } $this->_write('</td>'); break; case 'theme_image': $this->_write('<td class="' . $columnClass . '">'); $this->_write(theme_image($row_column_rs[$i]['src'], htmlspecialchars($row_column_rs[$i]['title']), $row_column_rs[$i]['type'])); $this->_write('</td>'); break; case 'title': $title_href_link = $row_column_rs[$i]['title_href_link']; $is_item_reviewed = $row_column_rs[$i]['is_item_reviewed']; $is_borrowed_or_returned = $row_column_rs[$i]['is_borrowed_or_returned']; $item_title = ''; if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) { $item_title = '<a href="' . $title_href_link . '">' . $row_column_rs[$i]['item_title'] . '</a>'; } else { $item_title = $row_column_rs[$i]['item_title']; } if ($is_item_reviewed) { // show star if rated - Add it to the actual title, so we can do a bit more with title masks $this->addHelpEntry(get_opendb_lang_var('item_reviewed'), 'rs.gif', 'item_reviewed'); $item_title .= theme_image('rs.gif', get_opendb_lang_var('item_reviewed'), 'item_reviewed'); } if ($is_borrowed_or_returned) { $this->addHelpEntry(get_opendb_lang_var('youve_borrow_or_return'), 'tick.gif', 'borrow_or_return'); $item_title .= theme_image("tick.gif", get_opendb_lang_var('youve_borrow_or_return'), 'borrow_or_return'); // show tick if previously borrowed or returned. } $this->_write('<td class="title ' . $columnClass . '">'); $this->_write($item_title); $this->_write('</td>'); break; case 'coverimage': $item_cover_image = $row_column_rs[$i]['item_cover_image']; $title_href_link = $row_column_rs[$i]['title_href_link']; $this->_write('<td class="coverimage ' . $columnId . 'Column">'); $file_r = file_cache_get_image_r($item_cover_image, 'listing'); if (is_array($file_r)) { $cover_image_tag = '<img src="' . $file_r['thumbnail']['url'] . '"'; if (is_numeric($file_r['thumbnail']['width'])) { $cover_image_tag .= ' width="' . $file_r['thumbnail']['width'] . '"'; } if (is_numeric($file_r['thumbnail']['height'])) { $cover_image_tag .= ' height="' . $file_r['thumbnail']['height'] . '"'; } $cover_image_tag .= '>'; if ($this->_mode != 'printable' && $this->_include_href_links) { $cover_image_tag = '<a href="' . $title_href_link . '">' . $cover_image_tag . '</a>'; } $this->_write($cover_image_tag); } $this->_write('</td>'); break; case 'display': $this->_write('<td class="' . $columnClass . '">'); $this->_write(get_display_field($row_column_rs[$i]['attribute_type'], $row_column_rs[$i]['prompt'], $row_column_rs[$i]['display_type'], $row_column_rs[$i]['value'], FALSE)); $this->_write('</td>'); break; case 'attribute_display': $this->_write('<td class="' . $columnClass . '">'); $this->_write(get_item_display_field($row_column_rs[$i]['item_r'], $row_column_rs[$i]['attribute_type_r'], $row_column_rs[$i]['value'], FALSE)); $this->_write('</td>'); break; case 'checkbox': $this->_write('<td class="checkbox">'); $value = $row_column_rs[$i]['value']; $this->_write('<input type="checkbox" class="checkbox" name="' . $this->_header_column_rs[$i]['fieldname'] . '[]" value="' . $value . '">'); $this->_write('</td>'); break; default: $this->_write('<td class="' . $columnClass . '">'); $this->_write($row_column_rs[$i]['value']); $this->_write('</td>'); break; } } $this->_write("\n</tr>"); }