/**
* Determine whether an error that occurred is a recoverable (user) error
* or a system error.
*
* @return string "user" or "system"
*/
public function getErrorType()
{
$this->_setErrorVariables();
return parent::getErrorType();
}
/**
* Gives all the attributes that can be used for the import.
*
* @return array the attributes
*/
public function getUsableAttributes()
{
$selected = $value == 'new' ? false : true;
$criteria = [];
if (!in_array($value, array('new', 'none', ''))) {
$db = Db::getInstance();
$rows = $db->getRows('SELECT * FROM atk_exportcriteria WHERE id = ' . (int) $value);
$criteria = unserialize($rows[0]['criteria']);
}
$atts = [];
$attriblist = $this->invoke('getExportAttributes');
foreach ($attriblist as $key => $value) {
$flags = $value->m_flags;
$class = strtolower(get_class($value));
if ($value->hasFlag(Attribute::AF_AUTOKEY) || $value->hasFlag(Attribute::AF_HIDE_VIEW) || !(strpos($class, 'dummy') === false) || !(strpos($class, 'image') === false) || !(strpos($class, 'tabbedpane') === false)) {
continue;
}
if (method_exists($this->m_node, 'getExportAttributeGroup')) {
$group = $this->m_node->getExportAttributeGroup($value->m_name);
} else {
$group = $value->m_tabs[0];
}
if (in_array($group, $atts)) {
$atts[$group] = [];
}
// selected options based on a new selection, or no selection
if (empty($criteria)) {
$atts[$group][] = array('name' => $key, 'text' => $value->label(), 'checked' => $selected == true ? !$value->hasFlag(Attribute::AF_HIDE_LIST) : false);
} else {
$atts[$group][] = array('name' => $key, 'text' => $value->label(), 'checked' => in_array('export_' . $key, $criteria) ? true : false);
}
}
return $atts;
}
/**
* Wrapper for escapeSQL function.
*
* @param string $string The string to escape.
* @param bool $wildcard Set to true to convert wildcard chars ('%').
* False (default) will leave them unescaped.
*
* @return string A SQL compatible version of the input string.
*/
public static function escapeSQL($string, $wildcard = false)
{
$db = Db::getInstance();
return $db->escapeSQL($string, $wildcard);
}
/**
* Get details for the query.
*
* @param array $queries Array with queries
* @param int $id The index in the queries array we want the details from
*
* @return string The query details
*/
public function queryDetails($queries, $id)
{
$output = '<h1>Query</h1>';
$query = $queries[$id]['query'];
$output .= $this->highlightQuery($query);
$db = Db::getInstance();
if (strtolower(substr(trim($query), 0, 6)) == 'select') {
$output .= '<h1>Resultset</h1>';
$result = $db->getRows($query);
if (count($result)) {
$output .= $this->arrToTable($result, $_REQUEST['full'], $id);
} else {
$output .= 'Query returned no rows';
}
$output .= '<h1>Explain plan</h1>';
$result = $db->getRows('EXPLAIN ' . $query);
$output .= $this->arrToTable($result);
}
if ($queries[$id]['trace'] != '') {
$output .= '<h1>Backtrace</h1>';
$output .= $queries[$id]['trace'];
}
return $output;
}
public function selectUser($user)
{
$usertable = Config::getGlobal('auth_usertable');
$sspifield = Config::getGlobal('auth_sspi_accountfield');
$leveltable = Config::getGlobal('auth_leveltable');
$levelfield = Config::getGlobal('auth_levelfield');
$userpk = Config::getGlobal('auth_userpk');
$userfk = Config::getGlobal('auth_userfk', $userpk);
$grouptable = Config::getGlobal('auth_grouptable');
$groupfield = Config::getGlobal('auth_groupfield');
$groupparentfield = Config::getGlobal('auth_groupparentfield');
$db = Db::getInstance(Config::getGlobal('auth_database'));
if ($usertable == $leveltable || $leveltable == '') {
// Level and userid are stored in the same table.
// This means one user can only have one level.
$query = "SELECT * FROM {$usertable} WHERE {$sspifield} ='{$user}'";
} else {
// Level and userid are stored in two separate tables. This could
// mean (but doesn't have to) that a user can have more than one
// level.
$qryobj = $db->createQuery();
$qryobj->addTable($usertable);
$qryobj->addField("{$usertable}.*");
$qryobj->addField('usergroup.*');
$qryobj->addJoin($leveltable, 'usergroup', "{$usertable}.{$userpk} = usergroup.{$userfk}", true);
$qryobj->addCondition("{$usertable}.{$sspifield} = '{$user}'");
if (!empty($groupparentfield)) {
$qryobj->addField("grp.{$groupparentfield}");
$qryobj->addJoin($grouptable, 'grp', "usergroup.{$levelfield} = grp.{$groupfield}", true);
}
$query = $qryobj->buildSelect();
}
$recs = $db->getRows($query);
return $recs;
}
/**
* Get the database connection for this node.
*
* @return Db Database connection instance
*/
public function getDb()
{
if ($this->m_db == null) {
return Db::getInstance();
} else {
if (is_object($this->m_db)) {
return $this->m_db;
} else {
// must be a named connection
return Db::getInstance($this->m_db);
}
}
}
/**
* This function returns the list of users that may login. This can be
* used to display a dropdown of users from which to choose.
*
* @return array List of users as an associative array with the following
* format: array of records, each record is an associative
* array with a userid and a username field.
*/
public function getUserList()
{
$db = Db::getInstance(Config::getGlobal('auth_database'));
$query = 'SELECT * FROM ' . Config::getGlobal('auth_usertable');
$accountdisablefield = Config::getGlobal('auth_accountdisablefield');
$accountenableexpression = Config::getGlobal('auth_accountenableexpression');
if ($accountenableexpression != '') {
$query .= " WHERE {$accountenableexpression}";
if ($accountdisablefield != '') {
$query .= " AND {$accountdisablefield} = 0";
}
} else {
if ($accountdisablefield != '') {
$query .= " WHERE {$accountdisablefield} = 0";
}
}
$recs = $db->getRows($query);
$userlist = [];
$stringparser = new StringParser(Config::getGlobal('auth_userdescriptor'));
for ($i = 0, $_i = count($recs); $i < $_i; ++$i) {
$userlist[] = array('userid' => $recs[$i][Config::getGlobal('auth_userfield')], 'username' => $stringparser->parse($recs[$i]));
}
usort($userlist, array('auth_db', 'userListCompare'));
return $userlist;
}
private function rememberMeDeleteToken($id)
{
$db = Db::getInstance();
$dbTable = Config::getGlobal('auth_rememberme_dbtable');
$sql = "DELETE FROM `{$dbTable}` WHERE id = ?";
$stmt = $db->prepare($sql);
$stmt->execute([$id]);
$db->commit();
}
/**
* Store the value of this attribute in the database.
*
* @param Db $db The database object
* @param array $record The record which holds the values to store
* @param string $mode The mode we're in
*
* @return bool True if succesfull, false if not
*/
public function store($db, $record, $mode)
{
// Read the current actions available/editable and user rights before changing them
$user = SecurityManager::atkGetUser();
$isAdmin = $user['name'] == 'administrator' || $this->canGrantAll();
$allActions = $this->getAllActions($record, false);
$editableActions = $this->getEditableActions($record);
$delquery = 'DELETE FROM ' . Config::getGlobal('auth_accesstable') . '
WHERE ' . $this->m_accessField . "='" . $record[$this->m_ownerInstance->primaryKeyField()] . "'";
if ($db->query($delquery)) {
$checked = $record[$this->fieldName()];
$children = [];
if (!empty($this->m_parentAttrName)) {
$children = $this->getChildGroups($db, $record[$this->m_ownerInstance->primaryKeyField()]);
}
foreach ($checked as $node => $actions) {
$actions = array_unique($actions);
$nodeModule = Tools::getNodeModule($node);
$nodeType = Tools::getNodeType($node);
$validActions = [];
if (is_array($allActions[$nodeModule][$nodeType])) {
$validActions = array_intersect($actions, $allActions[$nodeModule][$nodeType]);
}
// If you're not an admin, leave out all actions which are not editable (none if no editable actions available)
if (!$isAdmin) {
$validActions = isset($editableActions[$nodeModule][$nodeType]) ? array_intersect($validActions, $editableActions[$nodeModule][$nodeType]) : [];
}
foreach ($validActions as $action) {
$query = 'INSERT INTO ' . Config::getGlobal('auth_accesstable') . ' (node, action, ' . $this->m_accessField . ') ';
$query .= "VALUES ('" . $db->escapeSQL($node) . "','" . $db->escapeSQL($action) . "','" . $record[$this->m_ownerInstance->primaryKeyField()] . "')";
if (!$db->query($query)) {
// error.
return false;
}
}
if (count($children) > 0 && count($validActions) > 0) {
$query = 'DELETE FROM ' . Config::getGlobal('auth_accesstable') . ' ' . 'WHERE ' . $this->m_accessField . ' IN (' . implode(',', $children) . ') ' . "AND node = '" . $db->escapeSQL($node) . "' " . "AND action NOT IN ('" . implode("','", $validActions) . "')";
if (!$db->query($query)) {
// error.
return false;
}
}
}
}
return true;
}
/**
* Get database instance for this attribute. Will return the owner
* instance database instance unless the owner instance is not set
* in which case the default instance will be returned.
*
* @return Db database instance
*/
public function getDb()
{
if (is_object($this->getOwnerInstance())) {
return $this->getOwnerInstance()->getDb();
}
return Db::getInstance();
}
/**
* Clones the database structure of the given database
* to this database. This also means the complete database
* is emptied beforehand.
*
* @param Db $otherDb other database instance
*/
public function cloneAll($otherDb)
{
$this->dropAll();
$tables = $otherDb->table_names();
foreach ($tables as $table) {
$ddl = $this->createDdl();
$metadata = $otherDb->metadata($table['table_name']);
$ddl->loadMetaData($metadata);
$query = $ddl->buildCreate();
$this->query($query);
}
}
/**
* Drop an existing index.
*
* @param string $name Index name
*
* @return bool
*/
public function dropIndex($name)
{
$table = $this->m_db->quoteIdentifier($this->m_table);
$name = $this->m_db->quoteIdentifier($this->getIndexName($name));
return $this->m_db->query("DROP INDEX {$name} ON {$table}");
}
