/** * read_config reads the config from database and stores it in an array * * @return void */ private function read_config() { // prepare config $config = array(); // get db-object $db = Db::newDb(); // prepare sql-statement $sql = "SELECT c.name,c.value\n\t\t\t\tFROM config AS c"; // execute statement $result = $db->query($sql); // fetch result while (list($name, $value) = $result->fetch_array(MYSQL_NUM)) { $config[$name] = $value; } // set config $this->set_config($config); }
/** * dbselect_value the text value for this field from * db using the field-config (select_list#select_value) * * @return string value from db */ public function dbhierselect_value() { // get db-object $db = Db::newDb(); // get config $config = $this->get_config(); $sql = explode('|', $config['sql'][2], 3); // separate value list($v_first, $v_second) = explode('|', $this->get_value(), 2); // execute query $value = $sql[0] . $v_first . $sql[1] . $v_second . $sql[2]; $result = $db->query($value); // fetch result $field_values = $result->fetch_array(MYSQL_ASSOC); // return return $field_values; }
/** * check_rights if the loggedin user has rights on the given table and * table_id * * @param int $table_id id of the entry * @param string $table name of the table * @param bool $public if true, include public-access in check * @return bool true if user has rights, false otherwise */ public static function check_rights($table_id, $table, $public = false) { // get groups $groups = $_SESSION['user']->groups(); // get rights for given id and table // get db-object $db = Db::newDb(); // prepare sql-statement $sql = 'SELECT r.id,r.g_id FROM rights AS r WHERE r.table_name = "' . $table . '" AND r.table_id = ' . (int) $table_id; // execute $result = $db->query($sql); // fetch result $all_rights = array(); while (list($id, $g_id) = $result->fetch_array(MYSQL_NUM)) { // set variables to array $all_rights[$id] = $g_id; } // walk through groups and check if in rights foreach ($groups as $no => $group_id) { if ($public) { if (in_array($group_id, $all_rights)) { return true; } } else { if (in_array($group_id, $all_rights) && $group_id != 0) { return true; } } } // else return false return false; }
/** * return_all_users returns all users from db as array containing * user-objects * * @param array $exclude array containing usernames not to include in list * @return array array containing all user-objects */ public function return_all_users($exclude = array()) { // prepare return $users = array(); // get db-object $db = Db::newDb(); // prepare sql-statement $sql = "SELECT u.username\n\t\t\t\tFROM user AS u"; // execute statement $result = $db->query($sql); //fetch result while (list($username) = $result->fetch_array(MYSQL_NUM)) { // safe object in array $user = new User(); $user->change_user($username, false); // exclude if (!in_array($username, $exclude)) { $users[] = $user; } } // return return $users; }
/** * check_ann_value checks if the given calendar-entry has values on the * given preset-id * * @param int $cid id of the calendar-entry * @return bool true if calendar-entry and preset has values, false otherwise */ public static function check_ann_value($cid) { // get db-object $db = Db::newDb(); // prepare sql-statement $sql = "\n\t\t\tSELECT v.id\n\t\t\tFROM value AS v\n\t\t\tWHERE v.table_name = 'calendar'\n\t\t\tAND v.table_id = {$cid}"; // execute $result = $db->query($sql); // check result if ($result->num_rows > 0) { return true; } else { return false; } }
/** * writeDb writes the protocol-entry to db * * @return void */ public function writeDb($action = 'new') { // prepare timestamp $timestamp = date('Y-m-d', strtotime($this->get_date())); // get db-object $db = Db::newDb(); // check action if ($action == 'new') { // insert // prepare sql-statement $sql = "INSERT INTO protocol\n\t\t\t\t\t\t(id,\n\t\t\t\t\t\tdate,\n\t\t\t\t\t\ttype,\n\t\t\t\t\t\tlocation,\n\t\t\t\t\t\tprotocol,\n\t\t\t\t\t\tpreset_id,\n\t\t\t\t\t\tvalid,\n\t\t\t\t\t\tmember,\n\t\t\t\t\t\towner,\n\t\t\t\t\t\tcorrectable,\n\t\t\t\t\t\trecorder)\n\t\t\t\t\tVALUES (null,'" . $db->real_escape_string($timestamp) . "'," . $db->real_escape_string($this->get_type('i')) . ",'" . $db->real_escape_string($this->get_location()) . "','" . $db->real_escape_string($this->get_protocol()) . "'," . $db->real_escape_string($this->get_preset()->get_id()) . "," . $db->real_escape_string($this->get_valid()) . ",'" . $db->real_escape_string($this->get_member(true, "|")) . "'," . $db->real_escape_string($this->get_owner()) . ",'" . $db->real_escape_string($this->get_correctable()) . "','" . $db->real_escape_string($this->get_recorder()) . "')"; // execute; $db->query($sql); // get insert_id $insert_id = $db->insert_id; // set id and preset_id $this->set_id($insert_id); // write rights try { $this->get_rights()->write_db($insert_id); } catch (Exception $e) { throw new Exception('DbActionUnknown', $e->getCode()); } } elseif ($action == 'update') { // update // prepare sql-statement $sql = "UPDATE protocol\n\t\t\t\t\tSET\n\t\t\t\t\t\tdate='" . $db->real_escape_string($timestamp) . "',\n\t\t\t\t\t\ttype=" . $db->real_escape_string($this->get_type('i')) . ",\n\t\t\t\t\t\tlocation='" . $db->real_escape_string($this->get_location()) . "',\n\t\t\t\t\t\tprotocol='" . $db->real_escape_string($this->get_protocol()) . "',\n\t\t\t\t\t\tpreset_id=" . $db->real_escape_string($this->get_preset()->get_id()) . ",\n\t\t\t\t\t\tvalid=" . $db->real_escape_string($this->get_valid()) . ",\n\t\t\t\t\t\tmember='" . $db->real_escape_string($this->get_member(true, "|")) . "',\n\t\t\t\t\t\tcorrectable='" . $db->real_escape_string($this->get_correctable()) . "',\n\t\t\t\t\t\trecorder='" . $db->real_escape_string($this->get_recorder()) . "'\n\t\t\t\t\tWHERE id = " . $db->real_escape_string($this->get_id()); // execute $db->query($sql); // write rights try { $this->get_rights()->write_db($this->get_id()); } catch (Exception $e) { throw new Exception('DbActionUnknown', $e->getCode()); } } else { // error $errno = $GLOBALS['Error']->error_raised('DbActionUnknown', 'write_protocol', $action); throw new Exception('DbActionUnknown', $errno); } // close db $db->close(); }
/** * check_preset checks if the given id exists in db and is of $table * * @param int $id id of the preset * @param string $table tablename the id is associated with * @return bool true if id exists and match $table, false otherwise */ public static function check_preset($id, $table) { // get db-object $db = Db::newDb(); // prepare sql $sql = "SELECT p.id,p.table\n\t\t\t\tFROM preset AS p\n\t\t\t\tWHERE id={$id}\n\t\t\t\tAND p.table='{$table}'"; // execute $result = $db->query($sql); if ($result->num_rows == 0) { return false; } else { return true; } }
/** * get_movements returns the htmlstring of the movements * * @param object $inventory the inventory object * @return string html of the movement list */ private function get_movements($inventory) { // get id $id = $inventory->get_id(); // get preset $preset = $inventory->get_preset(); // get fields $fields = $preset->get_fields(); // get db-object $db = Db::newDb(); // prepare sql-statement $sql = "SELECT u.name,m.id,m.date_time\n\t\t\t\tFROM user AS u, inventory_movement AS m\n\t\t\t\tWHERE m.action = 'taken'\n\t\t\t\tAND m.inventory_id = {$id}\n\t\t\t\tAND u.id = m.user_id\n\t\t\t\tORDER BY m.date_time DESC"; // execute $result = $db->query($sql); $movements = array(); while (list($name, $movement_id, $date_time) = $result->fetch_array(MYSQL_NUM)) { // smarty $movements[] = array('href' => 'inventory.php?id=movement&mid=' . $movement_id, 'title' => parent::lang('class.InventoryView#get_movements#date#title'), 'content' => date('d.m.Y', strtotime($date_time)), 'name' => $name); } // return return $movements; }
/** * new_row inserts a new row in $table * * @param string $table table to insert row * @return string HTML-string for the form or message */ private function new_row($table) { // prepare return $return = ''; // get url-parameters $link = ''; if ($table == 'defaults') { $link = 'administration.php?id=' . $this->get('id'); } else { $link = 'administration.php?id=' . $this->get('id') . '&field=' . $table; } // get db-object $db = Db::newDb(); // prepare statement $sql = "SELECT * FROM {$table}"; // execute $result = $db->query($sql); // table info $tinfo = $result->fetch_fields(); // prepare form $form = new HTML_QuickForm2('new_' . $table, 'post', array('name' => 'new_' . $table, 'action' => $link . '&action=new')); // add datasource (valid = 1) $datasource['valid'] = 1; $form->addDataSource(new HTML_QuickForm2_DataSource_Array($datasource)); // renderer $renderer = HTML_QuickForm2_Renderer::factory('default'); $renderer->setOption('required_note', parent::lang('class.AdministrationView#new_row#form#requiredNote')); // get values and fields $i = 0; $fields = array(); foreach ($tinfo as $col) { // check translation $translated_col = ''; if (parent::lang('class.AdministrationView#tableRows#name#' . $col->name) != "class.AdministrationView#tableRows#name#{$col->name} not translated") { $translated_col = parent::lang('class.AdministrationView#tableRows#name#' . $col->name); } else { $translated_col = $col->name; } // check id if ($col->name != 'id') { // col->type // 252 = text, 253 = varchar; 1 = tinyint(boolean); 3 = int // add field $field = null; // check category if ($col->name == 'category') { // get options $cat_sql = "SELECT id,name FROM category WHERE valid=1"; $cat_result = $db->query($cat_sql); $options = array('--'); while (list($id, $name) = $cat_result->fetch_array(MYSQL_NUM)) { $options[$id] = $name; } // select $field = $form->addElement('select', $col->name, array()); $field->setLabel($translated_col . ':'); // load options $field->loadOptions($options); // add rules if ($table == 'defaults') { $field->addRule('required', parent::lang('class.AdministrationView#new_row#rule#requiredSelect')); $field->addRule('callback', parent::lang('class.AdministrationView#new_row#rule#checkSelect'), array($this, 'callback_check_select')); } } else { // check type if ($col->type == 252) { // textarea $field = $form->addElement('textarea', $col->name, array()); $field->setLabel($translated_col . ':'); // add rules $field->addRule('regex', parent::lang('class.AdministrationView#new_row#rule#regexp.allowedChars') . ' [' . $_SESSION['GC']->get_config('textarea.desc') . ']', $_SESSION['GC']->get_config('textarea.regexp')); // required if ($table == 'defaults') { $field->addRule('required', parent::lang('class.AdministrationView#new_row#rule#required')); } } elseif ($col->type == 253 || $col->type == 3) { // input $field = $form->addElement('text', $col->name, array()); $field->setLabel($translated_col . ':'); // add rules $field->addRule('regex', parent::lang('class.AdministrationView#new_row#rule#regexp.allowedChars') . ' [' . $_SESSION['GC']->get_config('textarea.desc') . ']', $_SESSION['GC']->get_config('textarea.regexp')); // required if ($table == 'defaults') { $field->addRule('required', parent::lang('class.AdministrationView#new_row#rule#required')); } } elseif ($col->type == 1) { // input $field = $form->addElement('checkbox', $col->name, array()); $field->setLabel($translated_col . ':'); } } } // increment field-counter $i++; } // submit-button $form->addSubmit('submit', array('value' => parent::lang('class.AdministrationView#new_row#form#submitButton'))); // validate if ($form->validate()) { // set output $return .= $this->p('class="edit_caption"', parent::lang('class.AdministrationView#new_row#caption#done')); // get data $data = $form->getValue(); // prepare statement $sql = "INSERT INTO {$table} "; $sql_field = "(id,"; $sql_value = " VALUES (NULL,"; foreach ($data as $field => $value) { // check translation $translated_field = ''; if (parent::lang('class.AdministrationView#tableRows#name#' . $field) != "class.AdministrationView#tableRows#name#{$field} not translated") { $translated_field = parent::lang('class.AdministrationView#tableRows#name#' . $field); } else { $translated_field = $field; } // check field if (substr($field, 0, 5) != '_qf__' && $field != 'submit') { // add fields to sql $sql_field .= "{$field},"; $sql_value .= "'{$value}',"; // add fields to output $return .= $this->p('', "{$translated_field} = '" . nl2br(htmlentities(utf8_decode($value))) . "'"); } } $sql_field = substr($sql_field, 0, -1) . ")"; $sql_value = substr($sql_value, 0, -1) . ")"; $sql .= $sql_field . $sql_value; // execute $result = $db->query($sql); // add table content $return .= $this->list_table_content($table, $this->get('page')); } else { $return .= $this->p('', parent::lang('class.AdministrationView#new_row#caption#edit')); $return .= $form->render($renderer); } // return return $return; }
/** * movement_last_values returns an array containing the field values * of the last movement * * @return array array contains tht field values of the last movement */ public function movement_last_values() { // get db-object $db = Db::newDb(); // get last movements $id = Inventory::movement_last_row($db, $this->get_id(), 'id', 2); // prepare sql-statement $sql = "SELECT v.field_id,v.value\n\t\t\t\tFROM value AS v\n\t\t\t\tWHERE table_name = 'inventory_movement'\n\t\t\t\tAND table_id = " . $id[1]; // execute $result = $db->query($sql); // fetch result $return = array(); while (list($field_id, $value) = $result->fetch_array(MYSQL_NUM)) { $return['inventory-' . $field_id] = $value; } // return return $return; }
/** * user controles the actions for usersettings * * @return string the html-string of usersettings-page */ private function user() { // smarty-template $sUserPasswd = new JudoIntranetSmarty(); // prepare return $return = ''; // check login if ($_SESSION['user']->get_loggedin()) { // smarty $sUserPasswd->assign('pagecaption', parent::lang('class.MainView#user#caption#general') . ' ' . $_SESSION['user']->get_userinfo('name')); // check action if ($this->get('action') == 'passwd') { // smarty $sUserPasswd->assign('section', parent::lang('class.MainView#user#caption#passwd')); // prepare form $form = new HTML_QuickForm2('passwd', 'post', array('name' => 'passwd', 'action' => 'index.php?id=user&action=passwd')); // add elementgroup $passwd = $form->addElement('group', 'password', array()); // add fields $passwd1 = $passwd->addElement('password', 'password1', array()); $passwd2 = $passwd->addElement('password', 'password2', array()); // add label $passwd->setLabel(parent::lang('class.MainView#user#passwd#label') . ':'); // submit-button $form->addSubmit('submit', array('value' => parent::lang('class.MainView#user#passwd#submitButton'))); // renderer $renderer = HTML_QuickForm2_Renderer::factory('default'); $renderer->setOption('required_note', parent::lang('class.MainView#user#form#requiredNote')); // add rules $passwd->addRule('required', parent::lang('class.MainView#user#rule#required')); $passwd->addRule('callback', parent::lang('class.MainView#user#rule#checkPasswd'), array($this, 'callback_check_passwd')); // validate if ($form->validate()) { // get values $data = $form->getValue(); // get db-object $db = Db::newDb(); // prepare sql-statement $sql = "UPDATE user\n\t\t\t\t\t\t\tSET password='******'password']['password1']) . "'\n\t\t\t\t\t\t\tWHERE id=" . $_SESSION['user']->get_id(); // execute statement $result = $db->query($sql); // smarty message $sUserPasswd->assign('message', parent::lang('class.MainView#user#validate#passwdChanged')); } else { // smarty form and return $sUserPasswd->assign('form', $form->render($renderer)); } return $sUserPasswd->fetch('smarty.user.passwd.tpl'); } else { return 'default content'; } } else { // not authorized $errno = $GLOBALS['Error']->error_raised('NotAuthorized', 'entry:' . $this->get('id'), $this->get('id')); $GLOBALS['Error']->handle_error($errno); return $GLOBALS['Error']->to_html($errno); } }
/** * listCorrections returns an array of all corrections of this protocol * * @param int $id id of the protocol to be checked * @return array list of all corrections of the given protocol id */ public static function listCorrections($pid) { // get db-object $db = Db::newDb(); // prepare sql-statement $sql = "SELECT *\n\t\t\t\tFROM protocol_correction\n\t\t\t\tWHERE pid = " . $pid; // execute $result = $db->query($sql); // get result $corrections = array(); while ($correction = $result->fetch_array(MYSQL_ASSOC)) { $corrections[] = $correction; } // close db $db->close(); // return return $corrections; }