/** * Get list of contacts to notify at location item * * @param array $data location_id and location_item_id * @return array content. */ public function read($data = array()) { if (!isset($data['location_id']) || !isset($data['location_item_id']) || !$data['location_item_id']) { return array(); } $location_id = (int) $data['location_id']; $location_item_id = $data['location_item_id']; // in case of bigint $sql = "SELECT phpgw_notification.id, phpgw_notification.contact_id,phpgw_notification.user_id," . " phpgw_notification.is_active,phpgw_notification.entry_date,phpgw_notification.notification_method," . " first_name, last_name" . " FROM phpgw_notification" . " {$this->_join} phpgw_contact_person ON phpgw_notification.contact_id = phpgw_contact_person.person_id" . " WHERE location_id = {$location_id} AND location_item_id = '{$location_item_id}'"; $this->_db->query($sql, __LINE__, __FILE__); $values = array(); $dateformat = $GLOBALS['phpgw_info']['user']['preferences']['common']['dateformat']; $lang_yes = lang('yes'); $lang_no = lang('no'); while ($this->_db->next_record()) { $values[] = array('id' => $this->_db->f('id'), 'location_id' => $location_id, 'location_item_id' => $location_item_id, 'contact_id' => $this->_db->f('contact_id'), 'is_active' => $this->_db->f('is_active'), 'notification_method' => $this->_db->f('notification_method', true), 'user_id' => $this->_db->f('user_id'), 'entry_date' => $GLOBALS['phpgw']->common->show_date($this->_db->f('entry_date'), $dateformat), 'first_name' => $this->_db->f('first_name', true), 'last_name' => $this->_db->f('last_name', true)); } $contacts = CreateObject('phpgwapi.contacts'); $socommon = CreateObject('property.socommon'); foreach ($values as &$entry) { $comms = execMethod('addressbook.boaddressbook.get_comm_contact_data', $entry['contact_id']); $entry['email'] = $comms[$entry['contact_id']]['work email']; $entry['sms'] = $comms[$entry['contact_id']]['mobile (cell) phone']; $entry['is_active_text'] = $entry['is_active'] ? $lang_yes : $lang_no; $sql = "SELECT account_id FROM phpgw_accounts WHERE person_id = " . (int) $entry['contact_id']; $this->_db->query($sql, __LINE__, __FILE__); if ($this->_db->next_record()) { $account_id = $this->_db->f('account_id'); $prefs = $socommon->create_preferences('property', $account_id); $entry['email'] = isset($entry['email']) && $entry['email'] ? $entry['email'] : $prefs['email']; $entry['sms'] = isset($entry['sms']) && $entry['sms'] ? $entry['sms'] : $prefs['cellphone']; } } return $values; }
/** * Load the config values for the current module * @todo change to protected * * @return array the config values */ public function read_repository() { $this->config_data = array(); $this->db->query("SELECT * FROM phpgw_config WHERE config_app='{$this->module}'", __LINE__, __FILE__); while ($this->db->next_record()) { $test = @unserialize($this->db->f('config_value', true)); if ($test) { $this->config_data[$this->db->f('config_name')] = $test; } else { $this->config_data[$this->db->f('config_name')] = $this->db->f('config_value', true); } } return $this->config_data; }
/** * Get the name of the handler * * @param string $email the target email address * @return array the message handler - empty array means not found or user doesn't have access to the app */ function get_handler($email) { $email = $this->db->db_addslashes($email); $sql = "SELECT handler_id, handler, is_active FROM phpgw_mail_handler WHERE target_email = '{$email}' AND is_active = 1"; $this->db->query($sql, __LINE__, __FILE__); if ($this->db->next_record()) { $retval = array('handler_id' => $this->db->f('handler_id', true), 'handler' => $this->db->f('handler', true), 'is_active' => !!$this->db->f('is_active')); $handler_parts = explode('.', $retval['handler']); // app.class.method if (isset($GLOBALS['phpgw_info']['user']['apps'][$handler_parts[0]])) { return $retval; } } return array(); }
/** * Find locations within an application * * @param bool $grant Used for finding locations where users can grant rights to others * @param string $appname Name of application in question * @param bool $allow_c_attrib Used for finding locations where custom attributes can be applied * @param bool $have_categories for finding locations which have categories * * @return array Array locations */ public function get_locations($grant = false, $appname = '', $allow_c_attrib = false, $c_function = false, $have_categories = false) { if (!$appname) { $appname = $GLOBALS['phpgw_info']['flags']['currentapp']; } $appname = $this->_db->db_addslashes($appname); $filter = " WHERE app_name='{$appname}' AND phpgw_locations.name != 'run'"; $join_categories = ''; if ($have_categories) { $join_categories = "{$this->_join} phpgw_categories ON phpgw_locations.location_id = phpgw_categories.location_id"; } if ($allow_c_attrib) { $filter .= ' AND allow_c_attrib = 1'; } if ($grant) { $filter .= ' AND allow_grant = 1'; } if ($c_function) { $filter .= ' AND allow_c_function = 1'; } $sql = "SELECT phpgw_locations.location_id, phpgw_locations.name, phpgw_locations.descr FROM phpgw_locations" . " {$this->_join} phpgw_applications ON phpgw_locations.app_id = phpgw_applications.app_id" . " {$join_categories}" . " {$filter} ORDER BY phpgw_locations.name"; $this->_db->query($sql, __LINE__, __FILE__); $locations = array(); while ($this->_db->next_record()) { $locations[$this->_db->f('name')] = $this->_db->f('descr', true); } return $locations; }
public function get_total_cost_and_area($org_units = array(), $selected_location = '') { if (!$org_units) { return array(); } $ts = time(); $filtermethod = 'WHERE rental_party.id IN (' . implode(',', $org_units) . ')'; //active contract $filtermethod .= " AND ({$ts} >= rental_contract.date_start AND (rental_contract.date_end IS NULL OR {$ts} <= rental_contract.date_end))"; $join_method = ''; if ($selected_location) { $filtermethod .= " AND location_code {$this->_db->like} '{$selected_location}%'"; $join_method = " {$this->_db->join} rental_contract_composite ON (rental_contract.id = rental_contract_composite.contract_id)" . " {$this->_db->join} rental_composite ON (rental_contract_composite.composite_id = rental_composite.id)" . " {$this->_db->join} rental_unit ON (rental_composite.id = rental_unit.composite_id) "; } $sql = "SELECT sum(total_price::numeric) AS sum_total_price FROM" . " rental_contract {$this->_db->join} rental_contract_party ON (rental_contract.id = rental_contract_party.contract_id)" . " {$this->_db->join} rental_party ON (rental_party.id = rental_contract_party.party_id)" . " {$this->_db->join} rental_contract_price_item ON (rental_contract.id = rental_contract_price_item.contract_id)" . " {$join_method}{$filtermethod} AND NOT is_one_time"; $this->_db->query($sql, __LINE__, __FILE__); $values = array(); $this->_db->next_record(); $values['sum_total_price'] = $this->_db->f('sum_total_price'); $sql = "SELECT sum(rental_contract.rented_area::numeric) AS sum_total_area FROM" . " rental_contract {$this->_db->join} rental_contract_party ON (rental_contract.id = rental_contract_party.contract_id)" . " {$this->_db->join} rental_party ON (rental_party.id = rental_contract_party.party_id)" . " {$join_method}{$filtermethod}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $values['sum_total_area'] = $this->_db->f('sum_total_area'); return $values; }
/** * Change the order functions * * @param integer $id the function to reposition * @param string $resort the direction to move the item - up/down * @param string $appname the module for the function * @param string $location the location for the function * * @return bool was the item moved? */ public function resort($id, $resort, $appname, $location) { if (!$location || !$appname) { return false; } $id = (int) $id; if ($resort == 'down') { $resort = 'down'; } else { $resort = 'up'; } $location_id = $GLOBALS['phpgw']->locations->get_id($appname, $location); $this->_db->transaction_begin(); $sql = 'SELECT custom_sort FROM phpgw_cust_function' . " WHERE location_id = {$location_id} AND id = {$id}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $custom_sort = $this->_db->f('custom_sort'); $sql = 'SELECT MAX(custom_sort) AS max_sort FROM phpgw_cust_function' . " WHERE location_id = {$location_id}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $max_sort = $this->_db->f('max_sort'); $update = false; switch ($resort) { case 'down': if ($max_sort > $custom_sort) { $new_sort = $custom_sort + 1; $update = true; } break; case 'up': default: if ($custom_sort > 1) { $new_sort = $custom_sort - 1; $update = true; } break; } if (!$update) { // nothing to be done - assume all is ok return true; } $sql = "UPDATE phpgw_cust_function SET custom_sort = {$custom_sort}" . " WHERE location_id = {$location_id}" . " AND custom_sort = {$new_sort}"; $this->_db->query($sql, __LINE__, __FILE__); $sql = "UPDATE phpgw_cust_function SET custom_sort = {$new_sort}" . " WHERE location_id = {$location_id} AND id = {$id}"; $this->_db->query($sql, __LINE__, __FILE__); return $this->_db->transaction_commit(); }
/** * Protect against brute force attacks, block login if too many unsuccessful login attmepts * * @param string $login account_lid (evtl. with domain) * @param string $ip the ip that made the request * * @return boolean login blocked? */ protected function _login_blocked($login, $ip) { $blocked = false; $block_time = time() - $GLOBALS['phpgw_info']['server']['block_time'] * 60; $ip = $this->_db->db_addslashes($ip); if (isset($GLOBALS['phpgw_info']['server']['sessions_checkip']) && $GLOBALS['phpgw_info']['server']['sessions_checkip']) { $sql = 'SELECT COUNT(*) AS cnt FROM phpgw_access_log' . " WHERE account_id = 0 AND ip = '{$ip}' AND li > {$block_time}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $false_ip = $this->_db->f('cnt'); if ($false_ip > $GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']) { $blocked = true; } } $login = $this->_db->db_addslashes($login); $sql = 'SELECT COUNT(*) AS cnt FROM phpgw_access_log' . " WHERE account_id = 0 AND (loginid='{$login}' OR loginid LIKE '{$login}#%')" . " AND li > {$block_time}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $false_id = $this->_db->f('cnt'); if ($false_id > $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']) { $blocked = true; } if ($blocked && isset($GLOBALS['phpgw_info']['server']['admin_mails']) && $GLOBALS['phpgw_info']['server']['admin_mails'] && $GLOBALS['phpgw_info']['server']['login_blocked_mail_time'] < (time() - 5) * 60) { // notify admin(s) via email $from = 'phpGroupWare@' . $GLOBALS['phpgw_info']['server']['mail_suffix']; $subject = lang("phpGroupWare: login blocked for user '%1', IP: %2", $login, $ip); $body = lang('Too many unsuccessful attempts to login: '******'%2', %3 for the IP %4", $false_id, $login, $false_ip, $ip); if (!is_object($GLOBALS['phpgw']->send)) { $GLOBALS['phpgw']->send = createObject('phpgwapi.send'); } $subject = $GLOBALS['phpgw']->send->encode_subject($subject); $admin_mails = explode(',', $GLOBALS['phpgw_info']['server']['admin_mails']); foreach ($admin_mails as $to) { $GLOBALS['phpgw']->send->msg('email', $to, $subject, $body, '', '', '', $from, $from); } // save time of mail, to not send to many mails $config = createObject('phpgwapi.config', 'phpgwapi'); $config->read_repository(); $config->value('login_blocked_mail_time', time()); $config->save_repository(); } return $blocked; }
/** * Get entry date of the related item * * @param string $appname the application name for the location * @param string $origin_location the location name of the origin * @param string $target_location the location name of the target * @param integer $id id of the referenced item (parent) * @param integer $entity_id id of the entity type if the type is a entity * @param integer $cat_id id of the entity_category type if the type is a entity * * @return array date_info and link to related items */ public function get_child_date($appname, $origin_location, $target_location, $id, $entity_id = '', $cat_id = '') { $dateformat = $GLOBALS['phpgw_info']['user']['preferences']['common']['dateformat']; $location1_id = $GLOBALS['phpgw']->locations->get_id($appname, $origin_location); $location2_id = $GLOBALS['phpgw']->locations->get_id($appname, $target_location); $sql = "SELECT entry_date, location2_item_id FROM phpgw_interlink WHERE location1_item_id = {$id} AND location1_id = {$location1_id} AND location2_id = {$location2_id}"; $this->_db->query($sql, __LINE__, __FILE__); $date_info = array(); while ($this->_db->next_record()) { $date_info[] = array('entry_date' => $GLOBALS['phpgw']->common->show_date($this->_db->f('entry_date'), $dateformat), 'target_id' => $this->_db->f('location2_item_id')); } foreach ($date_info as &$entry) { $entry['link'] = $this->get_relation_link(array('location' => $target_location), $entry['target_id']); if ($cat_id) { $entry['descr'] = $this->soadmin_entity->read_category_name($entity_id, $cat_id); } else { $entry['descr'] = lang($target_location); } } return array('date_info' => $date_info); }
/** * List available links * * @param string $app the module to link to * @param string $loc the location to link to * @param int $id the id to link to * @return array list of links in the following format - ['link_id'] = array('app' => 'string', 'summary' => 'string', 'account_id' => int, 'view' => 'string', 'edit' => 'string') */ public function list_links($app, $loc, $id) { $app = $this->db->db_addslashes($app); $loc = (int) $loc; $id = (int) $id; $owner = (int) $GLOBALS['phpgw_info']['user']['account_id']; $sql = 'SELECT interlink_id, app1_name, app1_loc, app1_id, app2_name, app2_loc, app2_id, is_private, account_id' . ' FROM phpgw_interlink' . " WHERE (app1_name = '{$app}' AND app1_loc = '{$loc}' AND app1_id = '{$id}')" . " OR (app2_name = '{$app}' AND app2_loc = '{$loc}' AND app2_id = '{$id}')" . " AND ( is_private = 0 OR (is_private = 1 AND account_id = {$owner}) )" . ' AND is_active = 1 AND active_from >= ' . time(); $recs = array(); while ($this->db->next_record()) { if ($this->db->f('app1_name') == $app) { $recs[] = array('interlink_id' => $this->db->f('interlink_id'), 'app2_name' => $this->db->f('app2_name'), 'app2_loc' => $this->db->f('app2_loc'), 'app2_id' => $this->db->f('app2_id'), 'is_private' => !!$this->db->f('is_private'), 'account_id' => $this->db->f('account_id')); } else { $recs[] = array('interlink_id' => $this->db->f('interlink_id'), 'app1_name' => $this->db->f('app1_name'), 'app1_loc' => $this->db->f('app1_loc'), 'app1_id' => $this->db->f('app1_id'), 'is_private' => !!$this->db->f('is_private'), 'account_id' => $this->db->f('account_id')); } } foreach ($recs as &$rec) { $rec['summary'] = $this->get_summary($rec); $rec['owner'] = $GLOBALS['phpgw']->accounts->id2name($rec['account_id']); } return $recs; }
/** * Finds the next ID for a record at a table * * @param string $table tablename in question * @param array $key conditions for finding the next id * * @return int the next id */ protected function _next_id($table = null, $key = null) { if (!$table) { return 0; } $next_id = 0; $where = ''; if (is_array($key)) { foreach ($key as $col => $val) { if ($val) { $val = $this->_db->db_addslashes($val); $condition[] = "{$col} = '{$val}"; } } $where = 'WHERE ' . implode("' AND ", $condition) . "'"; } $sql = "SELECT max(id) as maximum FROM {$table} {$where}"; $this->_db->query($sql, __LINE__, __FILE__); if ($this->_db->next_record()) { $next_id = $this->_db->f('maximum'); } ++$next_id; return $next_id; }
/** * get the image data * * @return void * @private */ private function getImageData($getBinary = false) { $this->db->query('SELECT l.Name,c.Dat FROM ' . CONTENT_TABLE . ' c JOIN ' . LINK_TABLE . ' l ON c.ID=l.CID WHERE l.DID=' . intval($this->imageID) . ' AND l.DocumentTable="tblFile"'); while ($this->db->next_record()) { if ($this->db->f('Name') === 'origwidth') { $this->imageWidth = $this->db->f('Dat'); } else { if ($this->db->f('Name') === 'origheight') { $this->imageHeight = $this->db->f('Dat'); } } if ($this->db->f('Name') === 'xfocus') { $this->xfocus = $this->db->f('Dat'); } if ($this->db->f('Name') === 'yfocus') { $this->yfocus = $this->db->f('Dat'); } } $imgdat = getHash('SELECT ID,Filename,Extension,Path FROM ' . FILE_TABLE . ' WHERE ID=' . intval($this->imageID), $this->db); if (!$imgdat) { return false; } $this->imageFileName = $imgdat['Filename']; $this->imagePath = $imgdat['Path']; $this->imageExtension = $imgdat['Extension']; if ($getBinary) { $this->getBinaryData(); } return true; }
/** * Gets a custom saved setting from the database * * @param string $name Configuration key name * @access public * @return string Configuration key value */ function get_setting($name) { $this->db->query("SELECT * FROM settings WHERE name='{$name}'"); if ($this->db->next_record()) { return $this->db->f('value'); } return false; }
/** * Reads ACL accounts from database and return array with accounts that have certain rights for a given location * * @param integer $required Required access rights in bitmap form * @param string $location location within Application name * @param string $appname Application name * if empty string the value of $GLOBALS['phpgw_info']['flags']['currentapp'] is used * * @return array Array with accounts */ public function get_user_list_right($required, $location, $appname = '') { $myaccounts =& $GLOBALS['phpgw']->accounts; $active_accounts = array(); $accounts = array(); $users = array(); if (!$appname) { $appname = $GLOBALS['phpgw_info']['flags']['currentapp']; } $appname = $this->_db->db_addslashes($appname); $location = $this->_db->db_addslashes($location); if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') { $account_objects = $GLOBALS['phpgw']->accounts->get_list('both', -1, 'ASC', 'account_lastname', $query = '', -1); // maybe $query could be used for filtering on active accounts? $active_accounts = array(); foreach ($account_objects as $account_object) { $active_accounts[] = array('account_id' => $account_object->id, 'account_type' => $account_object->type); } } else { $sql = "SELECT account_id, account_type FROM phpgw_accounts" . " {$this->_join} phpgw_acl on phpgw_accounts.account_id = phpgw_acl.acl_account" . " {$this->_join} phpgw_locations on phpgw_acl.location_id = phpgw_locations.location_id" . " WHERE account_status = 'A' AND phpgw_locations.name = '{$location}'" . " ORDER BY account_lastname ASC"; $this->_db->query($sql, __LINE__, __FILE__); while ($this->_db->next_record()) { $active_accounts[] = array('account_id' => $this->_db->f('account_id'), 'account_type' => $this->_db->f('account_type')); } } foreach ($active_accounts as $entry) { $this->_account_id = $entry['account_id']; if ($this->check($location, $required, $appname)) { if ($entry['account_type'] == 'g') { $members = $myaccounts->member($entry['account_id'], true); if (isset($members) and is_array($members)) { foreach ($members as $user) { $accounts[$user['account_id']] = $user['account_id']; } unset($members); } } else { $accounts[$entry['account_id']] = $entry['account_id']; } } } unset($active_accounts); unset($myaccounts); $sql = "SELECT account_id FROM phpgw_accounts WHERE account_status = 'I'"; $this->_db->query($sql, __LINE__, __FILE__); while ($this->_db->next_record()) { unset($accounts[$this->_db->f('account_id')]); } if (isset($accounts) and is_array($accounts)) { foreach ($accounts as $account_id) { $this->_account_id = $account_id; if (!$this->check($location, $required, $appname)) { unset($accounts[$account_id]); } } } $accounts = array_keys($accounts); if (isset($accounts) && count($accounts) > 0) { $sql = 'SELECT * FROM phpgw_accounts where account_id in (' . implode(',', $accounts) . ') ORDER BY account_lastname'; $this->_db->query($sql, __LINE__, __FILE__); while ($this->_db->next_record()) { $users[] = array('account_id' => $this->_db->f('account_id'), 'account_lid' => $this->_db->f('account_lid'), 'account_type' => $this->_db->f('account_type'), 'account_firstname' => $this->_db->f('account_firstname'), 'account_lastname' => $this->_db->f('account_lastname'), 'account_status' => $this->_db->f('account_status'), 'account_expires' => $this->_db->f('account_expires')); } } return $users; }