}
break;
}
}
$result = array();
// traversing searchable fields
foreach ($allSearchFields as $f) {
// filter fields by type
$fType = $pSet->getFieldType($f);
if (!IsCharType($fType) && !IsNumberType($fType) && !IsGuid($fType) || in_array($f, $detailKeys)) {
continue;
}
if ($_connection->dbType == nDATABASE_Oracle && IsTextType($fType)) {
continue;
}
if ($searchField != '' && $searchField != GoodFieldName($f) || !$pSet->checkFieldPermissions($f)) {
continue;
}
$fieldControl = $controls->getControl($f);
$isAggregateField = $pSet->isAggregateField($f);
$where = $fieldControl->getSuggestWhere($searchOpt, $searchFor, $isAggregateField);
$having = $fieldControl->getSuggestHaving($searchOpt, $searchFor, $isAggregateField);
if (!strlen($where) && !strlen($having)) {
continue;
}
$where = whereAdd($where . $masterWhere, $strSecuritySql);
$clausesData = $fieldControl->getSelectColumnsAndJoinFromPart($searchFor, $searchOpt, true);
$selectColumns = $clausesData["selectColumns"];
$fromClause = $gQuery->FromToSql() . $clausesData["joinFromPart"];
$distinct = "DISTINCT";
if ($_connection->dbType == nDATABASE_MSSQLServer || $_connection->dbType == nDATABASE_Access) {
$field = postvalue("field");
$pageType = postvalue('pagetype');
$mainTable = postvalue("maintable");
$mainField = postvalue("mainfield");
$lookup = false;
if ($mainTable && $mainField) {
$lookup = true;
}
if (!checkTableName($table)) {
exit(0);
}
require_once "include/" . $table . "_variables.php";
$pSet = new ProjectSettings(GetTableByShort($table), $pageType);
$cipherer = new RunnerCipherer(GetTableByShort($table), $pSet);
$_connection = $cman->byTable($strTableName);
if (!$pSet->checkFieldPermissions($field)) {
$returnJSON = array("success" => false, "error" => 'Error: You have not permission for read this text');
echo printJSON($returnJSON);
return;
}
if (!$gQuery->HasGroupBy()) {
// Do not select any fields except current (full text) field.
// If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
// Just don't do anything in that case.
$gQuery->RemoveAllFieldsExcept($pSet->getFieldIndex($field));
}
$keysArr = $pSet->getTableKeys();
$keys = array();
foreach ($keysArr as $ind => $k) {
$keys[$k] = postvalue("key" . ($ind + 1));
}
function GetImageFromDB($gQuery, $forPDF = false, $params = array())
{
global $conn;
if (!$forPDF) {
$table = postvalue("table");
$strTableName = GetTableByShort($table);
$settings = new ProjectSettings($strTableName);
if (!checkTableName($table)) {
return '';
}
//include("include/".$table."_variables.php");
@ini_set("display_errors", "1");
@ini_set("display_startup_errors", "1");
if (!isLogged() || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) {
header("Location: login.php");
return;
}
$field = postvalue("field");
if (!$settings->checkFieldPermissions($field)) {
return DisplayNoImage();
}
// construct sql
$keysArr = $settings->getTableKeys();
$keys = array();
foreach ($keysArr as $ind => $k) {
$keys[$k] = postvalue("key" . ($ind + 1));
}
} else {
$table = @$params["table"];
$strTableName = GetTableByShort($table);
if (!checkTableName($table)) {
exit(0);
}
$settings = new ProjectSettings($strTableName);
$field = @$params["field"];
// construct sql
$keysArr = $settings->getTableKeys();
$keys = array();
foreach ($keysArr as $ind => $k) {
$keys[$k] = @$params["key" . ($ind + 1)];
}
}
if (!$gQuery->HasGroupBy()) {
// Do not select any fields except current (image) field.
// If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
// Just don't do anything in that case.
$gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field));
}
$where = KeyWhere($keys);
$sql = $gQuery->gSQLWhere($where);
$rs = db_query($sql, $conn);
if ($forPDF) {
if ($rs && ($data = db_fetch_array($rs))) {
return $data[$field];
}
} else {
if (!$rs || !($data = db_fetch_array($rs))) {
return DisplayNoImage();
}
if (postvalue('src') == 1 && strlen($data[$field]) > 51200) {
$value = myfile_get_contents('images/icons/jpg.png');
} else {
$value = db_stripslashesbinary($data[$field]);
}
if (!$value) {
if (postvalue("alt")) {
$value = db_stripslashesbinary($data[postvalue("alt")]);
if (!$value) {
return DisplayNoImage();
}
} else {
return DisplayNoImage();
}
}
$itype = SupposeImageType($value);
if (!$itype) {
return DisplayFile();
}
if (!isset($pdf)) {
header("Content-Type: " . $itype);
header("Cache-Control: private");
SendContentLength(strlen_bin($value));
}
echoBinary($value);
return '';
}
}
if ($field == "") {
echo "<p>No field name received</p>";
return;
}
if ($isPDF) {
$requestAction = 'GET';
} else {
$requestAction = $_REQUEST['_action'];
}
$pSet = new ProjectSettings($strTableName, $pageType);
if ($requestAction == "POST") {
if ($pageType == PAGE_ADD && !$pSet->appearOnAddPage($field) && !$pSet->appearOnInlineAdd($field) || $pageType == PAGE_EDIT && !$pSet->appearOnEditPage($field) && !$pSet->appearOnInlineEdit($field) || $pageType == PAGE_REGISTER && !$pSet->appearOnRegisterOrSearchPage($field, $pageType) || $pageType != PAGE_ADD && $pageType != PAGE_EDIT && $pageType != PAGE_REGISTER) {
exit("You have no permissions for this action");
}
} else {
if (!$pSet->checkFieldPermissions($field) && ($pageType != PAGE_ADD || !$pSet->appearOnAddPage($field) && !$pSet->appearOnInlineAdd($field))) {
exit("You have no permissions for this action");
}
}
if (!$isPDF) {
add_nocache_headers();
}
include_once "include/" . GetTableURL($strTableName) . "_variables.php";
// check if logged in
if ($requestAction == 'POST') {
$havePermission = CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Add") || CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Edit");
} else {
$havePermission = CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search");
}
if (!isLogged() && $pageType != PAGE_REGISTER || !$havePermission) {
header("Location: login.php");
/**
* @intellisense
*/
function GetImageFromDB($gQuery, $forPDF = false, $params = array())
{
global $cman;
if (!$forPDF) {
$table = postvalue("table");
$strTableName = GetTableByShort($table);
$settings = new ProjectSettings($strTableName);
if (!checkTableName($table)) {
return '';
}
@ini_set("display_errors", "1");
@ini_set("display_startup_errors", "1");
$field = postvalue("field");
if (!$settings->checkFieldPermissions($field)) {
return DisplayNoImage();
}
// construct sql
$keysArr = $settings->getTableKeys();
$keys = array();
foreach ($keysArr as $ind => $k) {
$keys[$k] = postvalue("key" . ($ind + 1));
}
} else {
$table = @$params["table"];
$strTableName = GetTableByShort($table);
if (!checkTableName($table)) {
exit(0);
}
$settings = new ProjectSettings($strTableName);
$field = @$params["field"];
// construct sql
$keysArr = $settings->getTableKeys();
$keys = array();
foreach ($keysArr as $ind => $k) {
$keys[$k] = @$params["key" . ($ind + 1)];
}
}
$connection = $cman->byTable($strTableName);
if (!$gQuery->HasGroupBy()) {
// Do not select any fields except current (image) field.
// If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
// Just don't do anything in that case.
$gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field));
}
$where = KeyWhere($keys);
$sql = $gQuery->gSQLWhere($where);
$data = $connection->query($sql)->fetchAssoc();
if ($forPDF) {
if ($data) {
return $data[$field];
}
} else {
if (!$data) {
return DisplayNoImage();
}
if (postvalue('src') == 1) {
$value = myfile_get_contents('images/icons/jpg.png');
} else {
$value = $connection->stripSlashesBinary($data[$field]);
}
if (!$value) {
if (postvalue("alt")) {
$value = $connection->stripSlashesBinary($data[postvalue("alt")]);
if (!$value) {
return DisplayNoImage();
}
} else {
return DisplayNoImage();
}
}
$itype = SupposeImageType($value);
if (!$itype) {
return DisplayFile();
}
if (!isset($pdf)) {
header("Content-Type: " . $itype);
header("Cache-Control: private");
SendContentLength(strlen_bin($value));
}
echoBinary($value);
return '';
}
}
}
break;
}
}
}
$controls = new EditControlsContainer(null, $pSet, PAGE_LIST, $cipherer);
// proccess fields and create sql
foreach ($allSearchFields as $f) {
$fType = $pSet->getFieldType($f);
// filter fields by type
if (!IsCharType($fType) && !IsNumberType($fType) && !IsGuid($fType) || in_array($f, $detailKeys)) {
continue;
} else {
}
// get suggest for field
if (($searchField == '' || $searchField == GoodFieldName($f)) && $pSet->checkFieldPermissions($f)) {
$where = "";
$having = "";
if (!$gQuery->IsAggrFuncField($pSet->getFieldIndex($f) - 1)) {
$where = $searchClauseObj->getSuggestWhere($controls->getControl($f), $suggestAllContent, $searchFor);
} elseif ($gQuery->IsAggrFuncField($pSet->getFieldIndex($f) - 1)) {
$having = $searchClauseObj->getSuggestWhere($controls->getControl($f), $suggestAllContent, $searchFor);
}
if (!strlen($where) && !strlen($having)) {
continue;
}
// prepare common vals
$where = whereAdd($where . $masterWhere, $strSecuritySql);
$distinct = "DISTINCT";
$sqlHead = "SELECT " . $distinct . " " . GetFullFieldName($f) . " ";
if ($gQuery->HasGroupBy()) {
