function authenticate($U, $P, $recordar = 0, $by = 'usuario')
{
$RESULT = false;
if (trim($U) != '' && trim($P) != '') {
$db = new db();
$db->connect();
$sql = ' SELECT * FROM usuarios
WHERE ( ' . $by . ' = "' . mysql_real_escape_string($U) . '" )
AND ( password = "******" )
';
$db->query($sql);
// no existe
$RESULT = false;
while ($record = $db->next()) {
// LOGEAR
$this->creaSession($record);
$RESULT = true;
if ($recordar) {
$two_months = time() + 30 * 24 * 3600;
setcookie('id_usuario', $U, $two_months);
setcookie('contrasena', $P, $two_months);
}
}
$db->close();
}
return $RESULT;
}
public function VerDetallePais()
{
$db = new db();
$db->connect();
$query = 'SELECT * FROM albaranes WHERE id_albaranes = ' . $this->id_albaranes;
$db->query($query);
$r = $db->next();
$db->close();
return $r;
}
function verCiudadPais()
{
$db = new db();
$db->connect();
$query = 'SELECT * FROM lista_estados WHERE id_pais = ' . $this->id_pais;
$db->query($query);
$Arr = array();
while ($r = $db->next()) {
$Arr[] = $r;
}
return $Arr;
$db->close();
}
public static function verEstadosPais()
{
$db = new db();
$db->connect();
$query = 'SELECT * FROM lista_estados WHERE id_pais = ' . self::$id_pais;
$db->query($query);
$Arr = array();
while ($r = $db->next()) {
$Arr[] = $r;
}
$db->close();
return $Arr;
}
public function verFuncionalidades()
{
$db = new db();
$db->connect();
$query = 'SELECT * FROM fk_privileges';
$db->query($query);
$Arr = array();
while ($r = $db->next()) {
$r['privilege_desc'] = utf8_encode($r['privilege_desc']);
$Arr[] = $r;
}
$db->close();
return $Arr;
}
function fk_select_text($table, $fields, $id_selected)
{
$db = new db();
$OPTION[0] = '';
$OPTION[1] = '';
$table_ar = trim($table);
$table_ar = explode(' ', $table_ar);
$table_ar = $table_ar[0];
$rec = new ActiveRecord($table_ar);
$WHERE = ' WHERE ' . $rec->id_field_name . ' = "' . $id_selected . '" ';
$SQL = 'SELECT ' . $fields . ' FROM ' . $table . ' ' . $WHERE;
$db->query($SQL);
if ($opt = $db->next()) {
$OPTION[0] = htmlentities($opt[0]);
$OPTION[1] = htmlentities($opt[1]);
}
return $OPTION;
}
/**
*@package AppForm
*@method get_id_record($id_record)
*@desc returns id record related to $record_num
*@since v0.1
**/
private function get_id_record($record_num = 1)
{
$db = new db();
$id_record = 0;
// Get
$record_num = $record_num - 1 > 0 ? $record_num - 1 : 0;
// SELECT {id} FROM TABLE WHERE 1=1 {AND} limit {record_num},1
$db->set_select($this->DbRecord->id_field_name);
$db->set_table($this->model);
$db->set_where(' 1 = 1 ');
if ($this->DbRecord->SqlAnd != '') {
$db->add_and($this->DbRecord->SqlAnd);
}
$db->set_limit(1, $record_num);
$db->query();
if ($row = $db->next()) {
$id_record = $row[0];
} else {
// Find first
$this->record_number = 1;
if ($this->total_records == 0) {
$this->record_number = 0;
}
//select ID_USUARIO from USUARIOS WHERE TRUE LIMIT 0,1
$db->set_select($this->DbRecord->id_field_name);
$db->set_table($this->model);
$db->set_where(' 1=1 ');
if ($this->DbRecord->SqlAnd != '') {
$db->add_and($this->DbRecord->SqlAnd);
}
$db->set_limit(1, 0);
$db->query();
if ($row = $db->next()) {
$id_record = $row[0];
}
}
return $id_record;
}
function fk_select_text($table, $fields, $id_selected)
{
$db = new db();
$OPTION[0] = '';
$OPTION[1] = '';
$rec = new ActiveRecord($table);
$WHERE = ' WHERE ' . $rec->id_field_name . ' = "' . $id_selected . '" ';
$SQL = 'SELECT ' . $fields . ' FROM ' . $table . ' ' . $WHERE;
$db->query($SQL);
if ($opt = $db->next()) {
$OPTION[0] = $opt[0];
$OPTION[1] = $opt[1];
}
return $OPTION;
}
function priv_paquete($codigo_paquete)
{
$db = new db();
$sql = 'SELECT count(id_paquete_usuario)
FROM paquetes_usuario pu
INNER JOIN paquetes p ON pu.id_paquete = p.id_paquete
WHERE pu.id_usuario = "' . $_SESSION['id_usuario'] . '"
AND pu.fecha_fin >= CURDATE()
AND p.codigo ="' . $codigo_paquete . '" ';
$db->query($sql);
$found = $db->next();
$tot = $found[0];
if ($tot >= 1) {
return TRUE;
} else {
return FALSE;
}
}
private function leaveACommentDisabled()
{
?>
<li class="leave-comment">
<div class="c1_6 col-md-1 hidden-xs">
<?php
if (Security::is_logged()) {
$imagen = '';
$db = new db();
$db->query_assoc('select * from usuarios usr
left join uploads upl on upl.id_upload = usr.imagen
where usr.id_usuario = "' . $_SESSION['id_usuario'] . '"
');
if ($rec = $db->next()) {
$imagen = $rec['archivo'];
}
} else {
$imagen = '';
}
if ($imagen != '') {
?>
<div class="user-img"><img src="<?php
echo http_uploads() . '/' . $imagen;
?>
"></div><?php
} else {
?>
<div class="user-img no-pho"></div><?php
}
?>
</div>
<div class="c5_6 col-md-11 ">
<?php
if ($this->show_detail) {
?>
<table class="user-data">
<tr>
<td colspan="2">
<div id="message-err-<?php
echo $this->id_obj;
?>
" class="fk-error-message"
style="display: none"></div>
</td>
</tr>
<tr>
<td>Nombre(Requerido):</td>
<td><input type="text" id="name-user-<?php
echo $this->id_obj;
?>
"
name="name-user-<?php
echo $this->id_obj;
?>
" value="" /></td>
</tr>
<tr>
<td>Email(Requerido):</td>
<td><input type="text" id="email-user-<?php
echo $this->id_obj;
?>
"
name="email-user<?php
echo $this->id_obj;
?>
" value="" /></td>
</tr>
<tr>
<td>Sitio web:</td>
<td><input type="text" id="web-user-<?php
echo $this->id_obj;
?>
"
name="web-user<?php
echo $this->id_obj;
?>
" value="" /></td>
</tr>
</table><?php
}
?>
<table class="txt-data">
<tr>
<td><textarea id="leave-comment-<?php
echo $this->id_obj;
?>
-disabled" class="form-control disabled" disabled="disabled"> </textarea></td>
</tr>
</table>
<button type="button" class="btn btn-danger btn-xs" id="leave-comment-btn-<?php
echo $this->id_obj;
?>
-disabled"> Comentar <i class="fa fa-comment"></i></button>
</div>
<div class="clear"></div>
</li>
<?php
}
public static function hasPriv_Field($id_user, $table, $field)
{
$db = new db();
$db->connect();
$id_controller = 0;
$id_accion = 0;
$id_priv = 0;
$id_perfil = 0;
$id_mode_priv = 2;
// Privilegios sobre: 1 Pantalla, 2 campo, 3 Pantalla y campo
// si no hay nada que evite ver este campo default: tiene priv
$has_priv['access'] = 1;
$has_priv['read_only'] = 0;
// Encontrar el privilegio
$sql = 'SELECT p.id_priv
FROM fk_privileges p
WHERE p.id_mode_priv ="' . $id_mode_priv . '"
AND p.table_name = "' . $table . '"
AND p.field_name = "' . $field . '" LIMIT 1
';
$db->query($sql);
if ($rec = $db->next()) {
$id_priv = $rec['id_priv'];
}
if ($id_priv != 0) {
// Si existe el privilegio, por default el acceso es false
$has_priv['access'] = 0;
$has_priv['read_only'] = 0;
// Encontrar perfil del usuario
$sql = 'SELECT id_perfil from ' . self::$db_tbl_usuarios . '
where ' . self::$db_fld_id_usuario . ' = "' . $id_user . '" ';
$db->query($sql);
if ($rec = $db->next()) {
$id_perfil = $rec[0];
}
// 1) encontrar priv de excepcion
$sql = 'SELECT p_usr.permitir_acceso as access,solo_lectura as read_only
FROM fk_privileges_usuarios p_usr
WHERE p_usr.id_usuario = "' . $id_user . '"
AND p_usr.id_priv = "' . $id_priv . '"
LIMIT 1';
$db->query($sql);
if ($rec = $db->next()) {
$acceso = $rec['access'];
$read_only = $rec['read_only'];
} else {
//2) Si no hay registros de excepcion, buscar los del perfil
// encontrar priv de perfil...
$sql = 'SELECT p_pf.access,p_pf.read_only
FROM fk_perfiles_privs p_pf
WHERE p_pf.id_perfil = "' . $id_perfil . '"
AND p_pf.id_priv = "' . $id_priv . '"
LIMIT 1
';
$db->query($sql);
if ($rec = $db->next()) {
$acceso = $rec['access'];
$read_only = $rec['read_only'];
}
}
if (isset($acceso) && isset($read_only)) {
$has_priv['access'] = $acceso;
$has_priv['read_only'] = $read_only;
}
}
return $has_priv;
}
public function TakePermisosUsuario()
{
$db = new db();
$db->connect();
$query = 'SELECT * FROM fk_perfiles_privs WHERE id_usuario = ' . $this->id_usuario;
$db->query($query);
$Arr = array();
while ($r = $db->next()) {
$Arr[] = $r;
}
return $Arr;
}
protected function runQueryProcess()
{
$this->db_queryapplist = new db();
$db_queryapplist_2 = new db();
// SELECT FOUND_ROWS()
$this->ProcessSqlFormat();
$this->db_queryapplist->query_assoc($this->sql_exec);
// Obtener total de registros para paginador
$db_queryapplist_2->query_assoc('SELECT FOUND_ROWS() as total');
$rec_tot = $db_queryapplist_2->next();
$this->tot_regs = $rec_tot['total'];
$this->creaVariablesPaginador();
if ($this->page > $this->tot_pages) {
// Si el usuario mete valores mayores a la pagina, regresa a pagina 1
$this->formaLimit(1);
$this->ProcessSqlFormat();
$this->db_queryapplist->query_assoc($this->sql_exec);
$this->creaVariablesPaginador();
}
}
/**
*@package AppForm
*@method get_id_record($id_record)
*@desc returns id record related to $record_num
*@since v0.1
**/
private function get_id_record($record_num = 1)
{
$db = new db();
$id_record = 0;
// Get
$record_num = $record_num - 1 > 0 ? $record_num - 1 : 0;
$sql = 'select ' . $this->DbRecord->id_field_name . ' from ' . $this->model . ' WHERE TRUE ' . $this->DbRecord->SqlAnd . ' LIMIT ' . $record_num . ',1';
$db->query($sql);
if ($row = $db->next()) {
$id_record = $row[0];
} else {
// Find first
$this->record_number = 1;
if ($this->total_records == 0) {
$this->record_number = 0;
}
$sql = 'select ' . $this->DbRecord->id_field_name . ' from ' . $this->model . ' WHERE TRUE ' . $this->DbRecord->SqlAnd . ' LIMIT 0,1';
$db->query($sql);
if ($row = $db->next()) {
$id_record = $row[0];
}
}
return $id_record;
}
public function verPerfilPriv()
{
$db = new db();
$db->connect();
$query = 'SELECT * FROM fk_perfiles_privs WHERE id_usuario = ' . $this->id_perfil . ' AND id_priv = ' . $this->id_priv;
$db->query($query);
$r = $db->next();
return $r;
}
private function printComments()
{
$db = new db();
$db->connect();
$sql = 'SELECT *,now() as ahora FROM ' . $this->table . ' WHERE ' . $this->code_field . ' = "' . $this->code . '"
AND ' . $this->id_table2coment_field . ' = "' . $this->id_tab_val . '"';
$db->query($sql);
while ($rec = $db->next()) {
$this->printOneComent($rec);
}
}
public function getFileList()
{
$db = new db();
$db->connect();
$db->query('SELECT * FROM ' . $this->table . ' ;');
$list = '';
while ($rec = $db->next()) {
$list .= $rec['archivo'] . '<br>';
}
$db->close();
return $list;
}
private function generateJSON()
{
// no mostrar errores como warnings, ya que afecta el resultado y marca error en {json}
ini_set('display_errors', 0);
// MySQL connection
$db = new db();
$db->connect();
// Get Columns
$this->get_columns();
//Limit
$this->setLimit();
//Ordering
$this->setOrder();
//Filtering
$this->setFilter();
$this->sQuery = "SELECT SQL_CALC_FOUND_ROWS " . $this->sql_fields . "\n\t\t\t FROM " . $this->sql_table . " " . $this->sWhere . " " . $this->sOrder . " " . $this->sLimit . " ;";
$db->query($this->sQuery);
$out_ini = '';
$out_regs = '';
$out_fin = '';
#--------------------------------------
# REGISTROS
#--------------------------------------
while ($aRow = $db->next()) {
$out_regs .= "[";
foreach ($this->arr_columns as $k => $col) {
if (isset($col['type']) && @$col['type'] == 'special') {
$out_regs .= '"' . addslashes($this->procesa_columnas_esp($col, $aRow)) . '",';
} else {
$out_regs .= '"' . addslashes($aRow[$col]) . '",';
}
}
$out_regs = substr_replace($out_regs, "", -1);
$out_regs .= "],";
}
$out_regs = substr_replace($out_regs, "", -1);
#--------------------------------------
# TOTALES
#--------------------------------------
$this->sQuery = "SELECT FOUND_ROWS()";
$db->query($this->sQuery);
$aResultFilterTotal = $db->next();
$iFilteredTotal = $aResultFilterTotal[0];
$this->sQuery = "\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM " . $this->sql_table . "\n\t\t";
$db->query($this->sQuery);
$aResultTotal = $db->next();
$iTotal = $aResultTotal[0];
$out_ini .= '{';
$out_ini .= '"sEcho": ' . intval(@$_GET['sEcho']) . ', ';
$out_ini .= '"iTotalRecords": ' . $iTotal . ', ';
$out_ini .= '"iTotalDisplayRecords": ' . $iFilteredTotal . ', ';
$out_ini .= '"aaData": [ ';
#--------------------------------------
# Cerrar cadena output
#--------------------------------------
$out_fin .= '] }';
#--------------------------------------
# FORTAMEAR output
#--------------------------------------
$sOutput = $out_ini . $out_regs . $out_fin;
return $sOutput;
}
