} break; } } $result = array(); // traversing searchable fields foreach ($allSearchFields as $f) { // filter fields by type $fType = $pSet->getFieldType($f); if (!IsCharType($fType) && !IsNumberType($fType) && !IsGuid($fType) || in_array($f, $detailKeys)) { continue; } if ($_connection->dbType == nDATABASE_Oracle && IsTextType($fType)) { continue; } if ($searchField != '' && $searchField != GoodFieldName($f) || !$pSet->checkFieldPermissions($f)) { continue; } $fieldControl = $controls->getControl($f); $isAggregateField = $pSet->isAggregateField($f); $where = $fieldControl->getSuggestWhere($searchOpt, $searchFor, $isAggregateField); $having = $fieldControl->getSuggestHaving($searchOpt, $searchFor, $isAggregateField); if (!strlen($where) && !strlen($having)) { continue; } $where = whereAdd($where . $masterWhere, $strSecuritySql); $clausesData = $fieldControl->getSelectColumnsAndJoinFromPart($searchFor, $searchOpt, true); $selectColumns = $clausesData["selectColumns"]; $fromClause = $gQuery->FromToSql() . $clausesData["joinFromPart"]; $distinct = "DISTINCT"; if ($_connection->dbType == nDATABASE_MSSQLServer || $_connection->dbType == nDATABASE_Access) {
$field = postvalue("field"); $pageType = postvalue('pagetype'); $mainTable = postvalue("maintable"); $mainField = postvalue("mainfield"); $lookup = false; if ($mainTable && $mainField) { $lookup = true; } if (!checkTableName($table)) { exit(0); } require_once "include/" . $table . "_variables.php"; $pSet = new ProjectSettings(GetTableByShort($table), $pageType); $cipherer = new RunnerCipherer(GetTableByShort($table), $pSet); $_connection = $cman->byTable($strTableName); if (!$pSet->checkFieldPermissions($field)) { $returnJSON = array("success" => false, "error" => 'Error: You have not permission for read this text'); echo printJSON($returnJSON); return; } if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (full text) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept($pSet->getFieldIndex($field)); } $keysArr = $pSet->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); }
function GetImageFromDB($gQuery, $forPDF = false, $params = array()) { global $conn; if (!$forPDF) { $table = postvalue("table"); $strTableName = GetTableByShort($table); $settings = new ProjectSettings($strTableName); if (!checkTableName($table)) { return ''; } //include("include/".$table."_variables.php"); @ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); if (!isLogged() || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) { header("Location: login.php"); return; } $field = postvalue("field"); if (!$settings->checkFieldPermissions($field)) { return DisplayNoImage(); } // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); } } else { $table = @$params["table"]; $strTableName = GetTableByShort($table); if (!checkTableName($table)) { exit(0); } $settings = new ProjectSettings($strTableName); $field = @$params["field"]; // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = @$params["key" . ($ind + 1)]; } } if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (image) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field)); } $where = KeyWhere($keys); $sql = $gQuery->gSQLWhere($where); $rs = db_query($sql, $conn); if ($forPDF) { if ($rs && ($data = db_fetch_array($rs))) { return $data[$field]; } } else { if (!$rs || !($data = db_fetch_array($rs))) { return DisplayNoImage(); } if (postvalue('src') == 1 && strlen($data[$field]) > 51200) { $value = myfile_get_contents('images/icons/jpg.png'); } else { $value = db_stripslashesbinary($data[$field]); } if (!$value) { if (postvalue("alt")) { $value = db_stripslashesbinary($data[postvalue("alt")]); if (!$value) { return DisplayNoImage(); } } else { return DisplayNoImage(); } } $itype = SupposeImageType($value); if (!$itype) { return DisplayFile(); } if (!isset($pdf)) { header("Content-Type: " . $itype); header("Cache-Control: private"); SendContentLength(strlen_bin($value)); } echoBinary($value); return ''; } }
if ($field == "") { echo "<p>No field name received</p>"; return; } if ($isPDF) { $requestAction = 'GET'; } else { $requestAction = $_REQUEST['_action']; } $pSet = new ProjectSettings($strTableName, $pageType); if ($requestAction == "POST") { if ($pageType == PAGE_ADD && !$pSet->appearOnAddPage($field) && !$pSet->appearOnInlineAdd($field) || $pageType == PAGE_EDIT && !$pSet->appearOnEditPage($field) && !$pSet->appearOnInlineEdit($field) || $pageType == PAGE_REGISTER && !$pSet->appearOnRegisterOrSearchPage($field, $pageType) || $pageType != PAGE_ADD && $pageType != PAGE_EDIT && $pageType != PAGE_REGISTER) { exit("You have no permissions for this action"); } } else { if (!$pSet->checkFieldPermissions($field) && ($pageType != PAGE_ADD || !$pSet->appearOnAddPage($field) && !$pSet->appearOnInlineAdd($field))) { exit("You have no permissions for this action"); } } if (!$isPDF) { add_nocache_headers(); } include_once "include/" . GetTableURL($strTableName) . "_variables.php"; // check if logged in if ($requestAction == 'POST') { $havePermission = CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Add") || CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Edit"); } else { $havePermission = CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search"); } if (!isLogged() && $pageType != PAGE_REGISTER || !$havePermission) { header("Location: login.php");
/** * @intellisense */ function GetImageFromDB($gQuery, $forPDF = false, $params = array()) { global $cman; if (!$forPDF) { $table = postvalue("table"); $strTableName = GetTableByShort($table); $settings = new ProjectSettings($strTableName); if (!checkTableName($table)) { return ''; } @ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); $field = postvalue("field"); if (!$settings->checkFieldPermissions($field)) { return DisplayNoImage(); } // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); } } else { $table = @$params["table"]; $strTableName = GetTableByShort($table); if (!checkTableName($table)) { exit(0); } $settings = new ProjectSettings($strTableName); $field = @$params["field"]; // construct sql $keysArr = $settings->getTableKeys(); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = @$params["key" . ($ind + 1)]; } } $connection = $cman->byTable($strTableName); if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (image) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field)); } $where = KeyWhere($keys); $sql = $gQuery->gSQLWhere($where); $data = $connection->query($sql)->fetchAssoc(); if ($forPDF) { if ($data) { return $data[$field]; } } else { if (!$data) { return DisplayNoImage(); } if (postvalue('src') == 1) { $value = myfile_get_contents('images/icons/jpg.png'); } else { $value = $connection->stripSlashesBinary($data[$field]); } if (!$value) { if (postvalue("alt")) { $value = $connection->stripSlashesBinary($data[postvalue("alt")]); if (!$value) { return DisplayNoImage(); } } else { return DisplayNoImage(); } } $itype = SupposeImageType($value); if (!$itype) { return DisplayFile(); } if (!isset($pdf)) { header("Content-Type: " . $itype); header("Cache-Control: private"); SendContentLength(strlen_bin($value)); } echoBinary($value); return ''; } }
} break; } } } $controls = new EditControlsContainer(null, $pSet, PAGE_LIST, $cipherer); // proccess fields and create sql foreach ($allSearchFields as $f) { $fType = $pSet->getFieldType($f); // filter fields by type if (!IsCharType($fType) && !IsNumberType($fType) && !IsGuid($fType) || in_array($f, $detailKeys)) { continue; } else { } // get suggest for field if (($searchField == '' || $searchField == GoodFieldName($f)) && $pSet->checkFieldPermissions($f)) { $where = ""; $having = ""; if (!$gQuery->IsAggrFuncField($pSet->getFieldIndex($f) - 1)) { $where = $searchClauseObj->getSuggestWhere($controls->getControl($f), $suggestAllContent, $searchFor); } elseif ($gQuery->IsAggrFuncField($pSet->getFieldIndex($f) - 1)) { $having = $searchClauseObj->getSuggestWhere($controls->getControl($f), $suggestAllContent, $searchFor); } if (!strlen($where) && !strlen($having)) { continue; } // prepare common vals $where = whereAdd($where . $masterWhere, $strSecuritySql); $distinct = "DISTINCT"; $sqlHead = "SELECT " . $distinct . " " . GetFullFieldName($f) . " "; if ($gQuery->HasGroupBy()) {