/** * Login method * @param String pUsername * @param String pPassword */ function LogIn($pUsername, $pPassword) { // username and password are stored in the database global $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField; $logged = false; $strUsername = (string) $pUsername; $strPassword = (string) $pPassword; $loginSet = ProjectSettings::getForLogin(); $cipherer = RunnerCipherer::getForLogin($loginSet); $sUsername = $strUsername; $sPassword = $strPassword; if ($cipherer->isFieldEncrypted($cUserNameField)) { $strUsername = $cipherer->MakeDBValue($cUserNameField, $strUsername, "", true); } else { if (NeedQuotes($cUserNameFieldType)) { $strUsername = $this->connection->prepareString($strUsername); } else { $strUsername = 0 + $strUsername; } } if ($cipherer->isFieldEncrypted($cPasswordField)) { $strPassword = $cipherer->MakeDBValue($cPasswordField, $strPassword, "", true); } else { if (NeedQuotes($cPasswordFieldType)) { $strPassword = $this->connection->prepareString($strPassword); } else { $strPassword = 0 + $strPassword; } } if ($loginSet) { if (!$this->pSet->isCaseInsensitiveUsername()) { $where = $this->getFieldSQLDecrypt($cUserNameField) . "=" . $strUsername . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword; } else { $where = $this->connection->upper($this->getFieldSQLDecrypt($cUserNameField)) . "=" . $this->pSet->getCaseSensitiveUsername($strUsername) . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword; } $tempSQLQuery = $loginSet->GetTableData(".sqlquery"); $tempSQLQuery->addWhere($where); $strSQL = $tempSQLQuery->toSql(); } else { $strSQL = "select * from " . $this->connection->addTableWrappers("DashboardUsers") . " where " . $this->connection->addFieldWrappers($cUserNameField) . "=" . $strUsername . " and " . $this->connection->addFieldWrappers($cPasswordField) . "=" . $strPassword; } $data = $cipherer->DecryptFetchedArray($this->connection->query($strSQL)->fetchAssoc()); if ($data) { if ($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField]) == $this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField] == $sPassword) { $logged = true; $pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername; } } if ($logged && $this->isCaptchaOk) { DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword, $this); SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword, $this); return true; } if ($this->auditObj) { $this->auditObj->LogLoginFailed($pUsername); $this->auditObj->LoginUnsuccessful($pUsername); } return false; }
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } if ($SearchFor == "none" || $SearchFor != "on" && $SearchFor != "off") { return ""; } $fullFieldName = $this->getFieldSQLDecrypt(); $bNeedQuotes = NeedQuotes($this->type); return CheckboxField::constructFieldWhere($fullFieldName, $bNeedQuotes, $SearchFor == "on", $this->type, $this->connection->dbType); }
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } if ($SearchFor == "none") { return ""; } if (NeedQuotes($this->type)) { $fullFieldName = GetFullFieldName($this->field); if ($SearchFor == "on") { $whereStr = "(" . $fullFieldName . "<>'0' "; if (!$this->isOracle) { $whereStr .= " and " . $fullFieldName . "<>'' "; } $whereStr .= " and " . $fullFieldName . " is not null)"; $whereStr .= " and abs(case textregexeq(" . $fullFieldName . ", '^(\\-)?[[:digit:]]+(\\.[[:digit:]]+)?\$') when true then to_number(" . $fullFieldName . ", '999999999') else 0 end) > 0"; $whereStr .= " and abs(val(" . $fullFieldName . ")) > 0"; return $whereStr; } elseif ($SearchFor == "off") { $whereStr = "(" . GetFullFieldName($this->field) . "='0' "; if (!$this->isOracle) { $whereStr .= " or " . GetFullFieldName($this->field) . "='' "; } $whereStr .= " or " . GetFullFieldName($this->field) . " is null)"; $whereStr .= " or abs(case textregexeq(" . $fullFieldName . ", '^(\\-)?[[:digit:]]+(\\.[[:digit:]]+)?\$') when true then to_number(" . $fullFieldName . ", '999999999') else 0 end) = 0"; $whereStr .= " or abs(val(" . $fullFieldName . ")) = 0"; return $whereStr; } } else { if ($SearchFor == "on") { return "(" . GetFullFieldName($this->field) . "<>0 and " . GetFullFieldName($this->field) . " is not null)"; } elseif ($SearchFor == "off") { return "(" . GetFullFieldName($this->field) . "=0 or " . GetFullFieldName($this->field) . " is null)"; } } return ""; }
/** * Get an SQL string containing the intervals totals * to add them then to the SELECT clause * @return String */ protected function getTotals() { $type = $this->pSet->getFieldType($this->fName); $bNeedQuotes = NeedQuotes($type); $fullFieldName = $this->getDbFieldName($this->fName); $fullTotalFieldName = $this->getDbFieldName($this->totalsfName); $booleanData = array("checked", "unchecked"); $totals = array(); foreach ($booleanData as $type) { $checked = $type == "checked"; $caseCondition = CheckboxField::constructFieldWhere($fullFieldName, $bNeedQuotes, $checked, $type, $this->connection->dbType); $caseStatement = $this->getCaseStatement($caseCondition, $fullTotalFieldName, "null"); $totals[] = $this->aggregate . "(" . $caseStatement . ") as " . $this->connection->addFieldWrappers($type); if ($this->useTotals && $this->fName != $this->totalsfName) { $caseStatement = $this->getCaseStatement($caseCondition, $fullFieldName, "null"); $totals[] = $this->aggregate . "(" . $caseStatement . ") as " . $this->connection->addFieldWrappers($this->fName . $type); } } return implode(", ", $totals); }
function add_db_quotes($field, $value, $table = "", $type = null) { global $strTableName; if ($table == "") { $table = $strTableName; } $pSet = new ProjectSettings($table); if ($type == null) { $type = $pSet->getFieldType($field); } if (IsBinaryType($type)) { return db_addslashesbinary($value); } if (($value === "" || $value === FALSE || is_null($value)) && !IsCharType($type)) { return "null"; } if (NeedQuotes($type)) { if (!IsDateFieldType($type)) { $value = db_prepare_string($value); } else { $value = db_datequotes($value); } } else { $strvalue = (string) $value; $strvalue = str_replace(",", ".", $strvalue); if (is_numeric($strvalue)) { $value = $strvalue; } else { $value = 0; } } return $value; }
function PrepareValue($value, $type) { if (IsDateFieldType($type)) { return db_datequotes($value); } if (NeedQuotes($type)) { return db_prepare_string($value); } else { return 0 + $value; } }
/** * @param Mixed rs * @param Number nPageSize */ protected function WriteTableData($rs, $nPageSize) { $exportFields = $this->pSet->getExportFields(); $totalFieldsData = $this->pSet->getTotalsFields(); if ($this->eventsObject->exists("ListFetchArray")) { $row = $this->eventsObject->ListFetchArray($rs, $this); } else { $row = $this->cipherer->DecryptFetchedArray($this->connection->fetch_array($rs)); } // write header echo "<tr>"; if ($_REQUEST["type"] == "excel") { foreach ($exportFields as $field) { echo '<td style="width: 100" x:str>' . PrepareForExcel($this->pSet->label($field)) . '</td>'; } } else { foreach ($exportFields as $field) { echo "<td>" . $this->pSet->label($field) . "</td>"; } } echo "</tr>"; $totals = array(); $totalsFields = array(); foreach ($totalFieldsData as $data) { if (!in_array($data["fName"], $exportFields)) { continue; } $totals[$data["fName"]] = array("value" => 0, "numRows" => 0); $totalsFields[] = array('fName' => $data["fName"], 'totalsType' => $data["totalsType"], 'viewFormat' => $this->pSet->getViewFormat($data["fName"])); } // write data rows $iNumberOfRows = 0; $this->viewControls->forExport = "export"; while ((!$nPageSize || $iNumberOfRows < $nPageSize) && $row) { countTotals($totals, $totalsFields, $row); $values = array(); foreach ($exportFields as $field) { $fType = $this->pSet->getFieldType($field); if (IsBinaryType($fType)) { $values[$field] = "código binario demasiado grande – no puede ser desplegado"; } else { $values[$field] = $this->getViewControl($field)->getExportValue($row, ""); } } $eventRes = true; if ($this->eventsObject->exists('BeforeOut')) { $eventRes = $this->eventsObject->BeforeOut($row, $values, $this); } if ($eventRes) { $iNumberOfRows++; echo "<tr>"; foreach ($exportFields as $field) { $fType = $this->pSet->getFieldType($field); if (IsCharType($fType)) { if ($_REQUEST["type"] == "excel") { echo '<td x:str>'; } else { echo '<td>'; } } else { echo '<td>'; } $editFormat = $this->pSet->getEditFormat($field); if ($editFormat == EDIT_FORMAT_LOOKUP_WIZARD) { if ($this->pSet->NeedEncode($field)) { if ($_REQUEST["type"] == "excel") { echo PrepareForExcel($values[$field]); } else { echo $values[$field]; } } else { echo $values[$field]; } } elseif (IsBinaryType($fType)) { echo $values[$field]; } else { if ($editFormat == FORMAT_CUSTOM || $this->pSet->isUseRTE($field)) { echo $values[$field]; } elseif (NeedQuotes($field)) { if ($_REQUEST["type"] == "excel") { echo PrepareForExcel($values[$field]); } else { echo $values[$field]; } } else { echo $values[$field]; } } echo '</td>'; } echo "</tr>"; } if ($this->eventsObject->exists("ListFetchArray")) { $row = $this->eventsObject->ListFetchArray($rs, $this); } else { $row = $this->cipherer->DecryptFetchedArray($this->connection->fetch_array($rs)); } } if (count($totalFieldsData)) { echo "<tr>"; foreach ($totalFieldsData as $data) { if (!in_array($data["fName"], $exportFields)) { continue; } echo "<td>"; if (strlen($data["totalsType"])) { if ($data["totalsType"] == "COUNT") { echo "Contar" . ": "; } elseif ($data["totalsType"] == "TOTAL") { echo "Total" . ": "; } elseif ($data["totalsType"] == "AVERAGE") { echo "Promedio" . ": "; } echo runner_htmlspecialchars(GetTotals($data["fName"], $totals[$data["fName"]]["value"], $data["totalsType"], $totals[$data["fName"]]["numRows"], $this->pSet->getViewFormat($data["fName"]), PAGE_EXPORT)); } echo "</td>"; } echo "</tr>"; } }
/** * @param String field * @param Mixed value * @param String table The datasource table name * @param String type * @intellisense */ function add_db_quotes($field, $value, $table = "", $type = null) { global $strTableName, $locale_info, $cman; if ($table == "") { $table = $strTableName; } $pSet = new ProjectSettings($table); $connection = $cman->byTable($table); if ($type == null) { $type = $pSet->getFieldType($field); } if (IsBinaryType($type)) { return $connection->addSlashesBinary($value); } if (($value === "" || $value === FALSE || is_null($value)) && !IsCharType($type)) { return "null"; } if (NeedQuotes($type)) { if (!IsDateFieldType($type)) { $value = $connection->prepareString($value); } else { $y = "(\\d\\d\\d\\d)"; $m = "(0?[1-9]|1[0-2])"; $d = "(0?[1-9]|[1-2][0-9]|3[0-1])"; $delim = "(-|" . preg_quote($locale_info["LOCALE_SDATE"], "/") . ")"; $reg = "/" . $d . $delim . $m . $delim . $y . "|" . $m . $delim . $d . $delim . $y . "|" . $y . $delim . $m . $delim . $d . "/"; if (!preg_match($reg, $value, $matches)) { return "null"; } $value = $connection->addDateQuotes($value); } } else { $strvalue = (string) $value; if (is_numeric($strvalue)) { $value = str_replace(",", ".", $strvalue); } else { $value = 0; } if ($connection->dbType == nDATABASE_PostgreSQL) { // if boolean type field, add quotes if ($type == 11) { $value = strtolower($value); if (!strlen($value) || $value == 0 || $value == "0" || $value == "false" || $value == "f" || $value == "n" || $value == "no" || $value == "off") { $value = "f"; } else { $value = "t"; } $value = $connection->prepareString($value); } } } return $value; }
public function showDBValue(&$data, $keylink) { global $conn, $strTableName; $value = $data[$this->field]; if (!strlen($value)) { return ""; } $where = ""; $out = ""; $lookupvalue = $value; $iquery = "field=" . htmlspecialchars(rawurlencode($this->field)) . $keylink; $where = GetLWWhere($this->field, $this->container->pageType); if ($this->pSet->multiSelect($this->field)) { $arr = splitvalues($value); $numeric = true; $type = $this->pSet->getLWLinkFieldType($this->field); if (!$type) { foreach ($arr as $val) { if (strlen($val) && !is_numeric($val)) { $numeric = false; break; } } } else { $numeric = !NeedQuotes($type); } $in = ""; foreach ($arr as $val) { if ($numeric && !strlen($val)) { continue; } if (strlen($in)) { $in .= ","; } if ($numeric) { $in .= $val + 0; } else { $in .= db_prepare_string($this->cipherer->EncryptField($this->nLookupType == LT_QUERY ? $this->linkFieldName : $this->field, $val)); } } if (strlen($in)) { if ($this->nLookupType == LT_QUERY) { $inWhere = GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " in (" . $in . ")"; if (strlen($where)) { $inWhere .= " and (" . $where . ")"; } $LookupSQL = $this->lookupQueryObj->toSql(whereAdd($this->lookupQueryObj->m_where->toSql($this->lookupQueryObj), $inWhere)); } else { $LookupSQL = $this->LookupSQL . $this->pSet->getLWLinkField($this->field) . " in (" . $in . ")"; if (strlen($where)) { $LookupSQL .= " and (" . $where . ")"; } } LogInfo($LookupSQL); $rsLookup = db_query($LookupSQL, $conn); $found = false; $lookupArrTmp = array(); $lookupArr = array(); while ($lookuprow = db_fetch_numarray($rsLookup)) { $lookupArrTmp[] = $lookuprow[$this->displayFieldIndex]; } $lookupArr = array_unique($lookupArrTmp); $localData = $data; foreach ($lookupArr as $lookupvalue) { if ($found) { $out .= ","; } $found = true; if ($this->pSet->getViewFormat($this->field) != "Custom") { $localData[$this->field] = $lookupvalue; } $outVal = $this->localControlsContainer->showDBValue($this->field, $localData, $keylink, $lookupvalue); $out .= $this->nLookupType == LT_QUERY || $this->linkAndDisplaySame ? $this->cipherer->DecryptField($this->nLookupType == LT_QUERY ? $this->displayFieldName : $this->field, $outVal) : $outVal; } return $out; } } else { $found = false; $strdata = $this->cipherer->MakeDBValue($this->nLookupType == LT_QUERY ? $this->linkFieldName : $this->field, $value, "", "", true); if ($this->nLookupType == LT_QUERY) { $strWhere = GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " = " . $strdata; if (strlen($where)) { $strWhere .= " and (" . $where . ")"; } $LookupSQL = $this->lookupQueryObj->toSql(whereAdd($this->lookupQueryObj->m_where->toSql($this->lookupQueryObj), $strWhere)); } else { $strWhere = $this->pSet->getLWLinkField($this->field) . " = " . $strdata; if (strlen($where)) { $strWhere .= " and (" . $where . ")"; } $LookupSQL = $this->LookupSQL . $strWhere; } LogInfo($LookupSQL); $rsLookup = db_query($LookupSQL, $conn); if ($lookuprow = db_fetch_numarray($rsLookup)) { $lookupvalue = $lookuprow[$this->displayFieldIndex]; $found = true; } } if (!$out) { if ($found && ($this->nLookupType == LT_QUERY || $this->linkAndDisplaySame)) { $lookupvalue = $this->cipherer->DecryptField($this->nLookupType == LT_QUERY ? $this->displayFieldName : $this->field, $lookupvalue); } $localData = $data; if ($this->pSet->getViewFormat($this->field) != "Custom") { $localData[$this->field] = $lookupvalue; } $out = $this->localControlsContainer->showDBValue($this->field, $localData, $keylink, $lookupvalue); } return $out; }
$value = $cipherer->MakeDBValue($cUserNameField,$value,"","",true); else { if(NeedQuotes($cUserNameFieldType)) $value=db_prepare_string($value); else $value=(0+$value); } $sWhere="(".GetFullFieldName($cUserNameField,"webreport_users",false)."=".$value; $value=$strUsernameEmail; if($cipherer->isFieldEncrypted($cEmailField)) $value = $cipherer->MakeDBValue($cEmailField,$value,"","",true); else { if(NeedQuotes($cEmailFieldType)) $value=db_prepare_string($value); else $value=(0+$value); } $sWhere.=" or ".GetFullFieldName($cEmailField,"webreport_users",false)."=".$value.")"; if($tosearch && $globalEvents->exists("BeforeRemindPassword")) $tosearch = $globalEvents->BeforeRemindPassword($strUsernameEmail,$strUsernameEmail, $pageObject); if($tosearch) { $selectClause = "select ".GetFullFieldName($cUserNameField,"webreport_users",false)." as ".AddFieldWrappers($cUserNameField) .",".GetFullFieldName($cPasswordField,"webreport_users",false)." as ".AddFieldWrappers($cPasswordField); // prevent aliases mixing
} $value = @$_SESSION["UserID"]; if ($cipherer->isFieldEncrypted($cUserNameField)) { $value = $cipherer->MakeDBValue($cUserNameField, $value, "", true); } else { if (NeedQuotes($cUserNameFieldType)) { $value = $pageObject->connection->prepareString($value); } else { $value = 0 + $value; } } $passvalue = $values["newpass"]; if ($cipherer->isFieldEncrypted($cPasswordField)) { $passvalue = $cipherer->MakeDBValue($cPasswordField, $passvalue); } else { if (NeedQuotes($cPasswordFieldType)) { $passvalue = $pageObject->connection->prepareString($passvalue); } else { $passvalue = 0 + $passvalue; } } $sWhere = " where " . $pageObject->getFieldSQLDecrypt($cUserNameField) . "=" . $value; $strSQL = "select " . $pageObject->getFieldSQLDecrypt($cPasswordField); $strSQL .= " as " . $pageObject->connection->addFieldWrappers($cPasswordField) . " from " . $pageObject->connection->addTableWrappers($cLoginTable) . $sWhere; $qResult = $pageObject->connection->query($strSQL); $row = $cipherer->DecryptFetchedArray($qResult->fetchAssoc()); if ($row && $values['oldpass'] == $row[$cPasswordField]) { if ($pageObject->pwdStrong && !checkpassword($values['newpass'])) { $msg = ""; $pwdLen = GetGlobalData("pwdLen", 0); if ($pwdLen) {
/** * @param String value * @return String */ protected function getDbPreparedValuesList($value) { if (!$this->pSet->multiSelect($this->field)) { return ""; } $values = splitvalues($value); $type = $this->pSet->getLWLinkFieldType($this->field); $numeric = true; if (!$type) { foreach ($values as $val) { if (strlen($val) && !is_numeric($val)) { $numeric = false; break; } } } else { $numeric = !NeedQuotes($type); } $listValues = array(); foreach ($values as $val) { if ($numeric && !strlen($val)) { continue; } if ($numeric) { $listValues[] = $val + 0; } else { $fName = $this->nLookupType == LT_QUERY ? $this->linkFieldName : $this->field; $listValues[] = $this->lookupConnection->prepareString($this->cipherer->EncryptField($fName, $val)); } } return implode(",", $listValues); }
function WRadd_db_quotes($field,$value,$table="") { $type = WRGetFieldType($table.".".$field); if(IsBinaryType($type)) return db_addslashesbinary($value); if(($value==="" || $value===FALSE) && !IsCharType($type)) return "null"; if(NeedQuotes($type)) { if(!IsDateFieldType($type)) $value=db_prepare_string($value); else $value=db_datequotes($value); } else { $strvalue = (string)$value; $strvalue = str_replace(",",".",$strvalue); if(is_numeric($strvalue)) $value=$strvalue; else $value=0; } return $value; }
/** * */ function PrepareValue($value, $type) { if ($this->_connection->dbType == nDATABASE_Oracle || $this->_connection->dbType == nDATABASE_DB2 || $this->_connection->dbType == nDATABASE_Informix) { if (IsBinaryType($type)) { if ($this->_connection->dbType == nDATABASE_Oracle) { return "EMPTY_BLOB()"; } return "?"; } if ($this->_connection->dbType == nDATABASE_Informix && IsTextType($type)) { return "?"; } } if (IsDateFieldType($type)) { if (!$value) { return "null"; } else { $this->_connection->addDateQuotes($value); } } if (NeedQuotes($type)) { return $this->_connection->prepareString($value); } return 0 + $value; }
// security - end // construct sql $keys = DBGetTableKeys($table); if(!count($keys)) exit(); $strkeywhere = ""; foreach($keys as $idx=>$k) { if(strlen($strkeywhere)) $strkeywhere.=" and "; $strkeywhere.=AddTableWrappers($table).".".AddFieldWrappers($k)."="; $type=WRGetFieldType($table.".".$k); if(NeedQuotes($type)) $strkeywhere.=db_prepare_string(postvalue("key".($idx+1))); else { $value=postvalue("key".($idx+1)); $strvalue = (string)$value; $strvalue = str_replace(",",".",$strvalue); if(is_numeric($strvalue)) $value=$strvalue; else $value=0; $strkeywhere.=$value; } } $strSQL = $rpt_array['sql'] . " WHERE ". $strkeywhere;
function WRadd_db_quotes($field, $value, $table = "") { $connection = getWebreportConnection(); $type = WRGetFieldType($table . "." . $field); if (IsBinaryType($type)) { return $connection->addSlashesBinary($value); } if (($value === "" || $value === FALSE) && !IsCharType($type)) { return "null"; } if (NeedQuotes($type)) { if (!IsDateFieldType($type)) { $value = $connection->prepareString($value); } else { $value = $connection->addDateQuotes($value); } } else { $strvalue = (string) $value; $strvalue = str_replace(",", ".", $strvalue); if (is_numeric($strvalue)) { $value = $strvalue; } else { $value = 0; } } return $value; }
/** * Get filter's WHERE clause condition basing on the filter's type * * @param String filterType A string representing the filter's type * @param String fName * @param String fValue * @param String dbType * @return String */ function getFilterWhereByType($filterType, $fName, $fValue, $sValue, $parentValues, $connection) { $pSet = new ProjectSettings($this->tName, PAGE_SEARCH); $fullFieldName = RunnerPage::_getFieldSQLDecrypt($fName, $connection, $pSet, $this->cipherer); $fieldType = $pSet->getFieldType($fName); $dateField = IsDateFieldType($fieldType); $timeField = IsTimeType($fieldType); if ($dateField || $timeField) { include_once getabspath("classes/controls/FilterControl.php"); include_once getabspath("classes/controls/FilterIntervalSlider.php"); include_once getabspath("classes/controls/FilterIntervalDateSlider.php"); } switch ($filterType) { case 'interval': $intervalData = $pSet->getFilterIntervalDatabyIndex($fName, $fValue); if (!count($intervalData)) { return ""; } include_once getabspath("classes/controls/FilterControl.php"); include_once getabspath("classes/controls/FilterIntervalList.php"); return FilterIntervalList::getIntervalFilterWhere($fName, $intervalData, $pSet, $this->cipherer, $this->tName, $connection); case 'equals': if (!count($parentValues)) { return $fullFieldName . "=" . $this->cipherer->MakeDBValue($fName, $fValue, "", true); } $wheres = array(); $wheres[] = $fullFieldName . "=" . $this->cipherer->MakeDBValue($fName, $fValue, "", true); $parentFiltersNames = $pSet->getParentFiltersNames($fName); foreach ($parentFiltersNames as $key => $parentName) { $wheres[] = RunnerPage::_getFieldSQLDecrypt($parentName, $connection, $pSet, $this->cipherer) . "=" . $this->cipherer->MakeDBValue($parentName, $parentValues[$key], "", true); } return "(" . implode(" AND ", $wheres) . ")"; case 'checked': if ($fValue != "on" && $fValue != "off") { return ""; } $bNeedQuotes = NeedQuotes($fieldType); include_once getabspath("classes/controls/Control.php"); include_once getabspath("classes/controls/CheckboxField.php"); return CheckboxField::constructFieldWhere($fullFieldName, $bNeedQuotes, $fValue == "on", $pSet->getFieldType($fName), $connection->dbType); case 'slider': if ($dateField) { return FilterIntervalDateSlider::getDateSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName); } if ($timeField) { include_once getabspath("classes/controls/FilterIntervalTimeSlider.php"); return FilterIntervalTimeSlider::getTimeSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName); } return $this->cipherer->MakeDBValue($fName, $fValue, "", true) . "<=" . $fullFieldName . " AND " . $fullFieldName . "<=" . $this->cipherer->MakeDBValue($fName, $sValue, "", true); case 'moreequal': if ($dateField) { return FilterIntervalDateSlider::getDateSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName); } if ($timeField) { include_once getabspath("classes/controls/FilterIntervalTimeSlider.php"); return FilterIntervalTimeSlider::getTimeSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName); } return $this->cipherer->MakeDBValue($fName, $fValue, "", true) . "<=" . $fullFieldName; case 'lessequal': if ($dateField) { return FilterIntervalDateSlider::getDateSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName); } if ($timeField) { include_once getabspath("classes/controls/FilterIntervalTimeSlider.php"); return FilterIntervalTimeSlider::getTimeSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName); } return $fullFieldName . "<=" . $this->cipherer->MakeDBValue($fName, $fValue, "", true); default: return ""; } }
function InsertRecord($arr, $recInd) { global $goodlines, $conn, $error_message, $keys_present, $keys, $strOriginalTableName, $strTableName, $eventObj, $locale_info, $auditObj; $ret = 1; $rawvalues = array(); foreach ($arr as $key => $val) { $rawvalues[$key] = $val; $type = GetFieldType($key); if (!NeedQuotes($type)) { $value = (string) $val; $value = str_replace(",", ".", $value); if (strlen($value) > 0) { $value = str_replace($locale_info["LOCALE_SCURRENCY"], "", $value); $arr[$key] = 0 + $value; } else { $arr[$key] = NULL; } } } $retval = true; if ($eventObj->exists('BeforeInsert')) { $retval = $eventObj->BeforeInsert($rawvalues, $arr); } if ($retval) { $fields = array_keys($arr); foreach ($fields as $key => $val) { $fields_list[$key] = AddFieldWrappers(GetFullFieldName($val)); } $values_list = ""; foreach ($arr as $key => $val) { if (!is_null($arr[$key])) { $values_list .= add_db_quotes($key, $val) . ", "; } else { $values_list .= "NULL, "; } } if (strlen($values_list) > 0) { $values_list = substr($values_list, 0, strlen($values_list) - 2); } $sql = "insert into " . AddTableWrappers($strOriginalTableName) . " (" . implode(",", $fields_list) . ") values (" . $values_list . ")"; if (db_exec_import($sql, $conn)) { $goodlines++; if ($auditObj) { $aKeys = GetKeysArray($arr, true); $auditObj->LogAdd($strTableName, $arr, $aKeys); } } else { $temp_error_message = "<b>Error:</b> in the line: " . implode(",", $arr) . ' <a linkType="debugOpener" recId="' . $recInd . '" href="" onclick="importMore(' . $recInd . ');">More info</a><br>'; $temp_error_message .= '<div id="importDebugInfoTable' . $recInd . '" cellpadding="3" cellspacing="1" align="center" style="display: none;"><p class="error">SQL query: ' . $sql . '; </p><p class="error">DB error: ' . db_error($conn) . ';</p></div>'; $temp_error_message .= "<br><br>"; // we'll try to update the record if ($keys_present) { $sql = "update " . AddTableWrappers($strOriginalTableName) . " set "; $sqlset = ""; $where = " where "; foreach ($fields as $k => $val) { if (!in_array(AddFieldWrappers($fields[$k]), $keys)) { if (!is_null($arr[$val])) { $sqlset .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . ", "; } else { $sqlset .= $fields_list[$k] . "=NULL, "; } } else { $where .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . " and "; } } if (strlen($sqlset) > 0) { $sql .= substr($sqlset, 0, strlen($sqlset) - 2); } $where = substr($where, 0, strlen($where) - 5); $sql .= " " . $where; $rstmp = db_query("select * from " . AddTableWrappers($strOriginalTableName) . " " . $where, $conn); $data = db_fetch_array($rstmp); if ($data) { if ($auditObj) { foreach ($data as $key => $val) { $auditOldValues[$key] = $val; } } if (db_exec_import($sql, $conn)) { // update successfull $goodlines++; if ($auditObj) { $aKeys = GetKeysArray($arr); $auditObj->LogEdit($strTableName, $arr, $auditOldValues, $aKeys); } } else { echo 'not updated'; // update not successfull $error_message .= $temp_error_message; $ret = 0; } } else { $error_message .= $temp_error_message; $ret = 0; } } else { $error_message .= $temp_error_message; } } return $ret; } }
/** * Login method * */ function LogIn($pUsername,$pPassword){ // username and password are stored in the database global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField; $logged = false; $strUsername = (string)$pUsername; $strPassword = (string)$pPassword; $cipherer = new RunnerCipherer("webreport_users"); $sUsername = $strUsername; $sPassword = $strPassword; if($cipherer->isFieldEncrypted($cUserNameField)) $strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true); else { if(NeedQuotes($cUserNameFieldType)) $strUsername = db_prepare_string($strUsername); else $strUsername = (0+$strUsername); } if($cipherer->isFieldEncrypted($cPasswordField)) $strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true); else { if(NeedQuotes($cPasswordFieldType)) $strPassword = db_prepare_string($strPassword); else $strPassword = (0+$strPassword); } $fieldList = ""; $lSet = new ProjectSettings("webreport_users", PAGE_LIST); if($lSet->GetTableData(".sqlquery")) $fieldList = $lSet->GetTableData(".sqlquery")->toSql(); if($fieldList) { if(!$this->pSet->isCaseInsensitiveUsername()) { $where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)). "=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword; } else { $where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)). "=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false). "=".$strPassword; } $tempSQLQuery = $lSet->GetTableData(".sqlquery"); $tempSQLQuery->addWhere($where); $strSQL = $tempSQLQuery->toSql(); } else { $strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword; } $rs = db_query($strSQL,$conn); $data = $cipherer->DecryptFetchedArray($rs); if($data){ if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){ $logged=true; $pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername; } } if($logged && $this->isCaptchaOk) { DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword); SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword); return true; } else { if($this->auditObj) { $this->auditObj->LogLoginFailed($pUsername); $this->auditObj->LoginUnsuccessful($pUsername); } return false; } }