/**
* Login method
* @param String pUsername
* @param String pPassword
*/
function LogIn($pUsername, $pPassword)
{
// username and password are stored in the database
global $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string) $pUsername;
$strPassword = (string) $pPassword;
$loginSet = ProjectSettings::getForLogin();
$cipherer = RunnerCipherer::getForLogin($loginSet);
$sUsername = $strUsername;
$sPassword = $strPassword;
if ($cipherer->isFieldEncrypted($cUserNameField)) {
$strUsername = $cipherer->MakeDBValue($cUserNameField, $strUsername, "", true);
} else {
if (NeedQuotes($cUserNameFieldType)) {
$strUsername = $this->connection->prepareString($strUsername);
} else {
$strUsername = 0 + $strUsername;
}
}
if ($cipherer->isFieldEncrypted($cPasswordField)) {
$strPassword = $cipherer->MakeDBValue($cPasswordField, $strPassword, "", true);
} else {
if (NeedQuotes($cPasswordFieldType)) {
$strPassword = $this->connection->prepareString($strPassword);
} else {
$strPassword = 0 + $strPassword;
}
}
if ($loginSet) {
if (!$this->pSet->isCaseInsensitiveUsername()) {
$where = $this->getFieldSQLDecrypt($cUserNameField) . "=" . $strUsername . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword;
} else {
$where = $this->connection->upper($this->getFieldSQLDecrypt($cUserNameField)) . "=" . $this->pSet->getCaseSensitiveUsername($strUsername) . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword;
}
$tempSQLQuery = $loginSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$strSQL = $tempSQLQuery->toSql();
} else {
$strSQL = "select * from " . $this->connection->addTableWrappers("DashboardUsers") . " where " . $this->connection->addFieldWrappers($cUserNameField) . "=" . $strUsername . " and " . $this->connection->addFieldWrappers($cPasswordField) . "=" . $strPassword;
}
$data = $cipherer->DecryptFetchedArray($this->connection->query($strSQL)->fetchAssoc());
if ($data) {
if ($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField]) == $this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField] == $sPassword) {
$logged = true;
$pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername;
}
}
if ($logged && $this->isCaptchaOk) {
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword, $this);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword, $this);
return true;
}
if ($this->auditObj) {
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest)
{
$baseResult = $this->baseSQLWhere($strSearchOption);
if ($baseResult === false) {
return "";
}
if ($baseResult != "") {
return $baseResult;
}
if ($SearchFor == "none" || $SearchFor != "on" && $SearchFor != "off") {
return "";
}
$fullFieldName = $this->getFieldSQLDecrypt();
$bNeedQuotes = NeedQuotes($this->type);
return CheckboxField::constructFieldWhere($fullFieldName, $bNeedQuotes, $SearchFor == "on", $this->type, $this->connection->dbType);
}
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest)
{
$baseResult = $this->baseSQLWhere($strSearchOption);
if ($baseResult === false) {
return "";
}
if ($baseResult != "") {
return $baseResult;
}
if ($SearchFor == "none") {
return "";
}
if (NeedQuotes($this->type)) {
$fullFieldName = GetFullFieldName($this->field);
if ($SearchFor == "on") {
$whereStr = "(" . $fullFieldName . "<>'0' ";
if (!$this->isOracle) {
$whereStr .= " and " . $fullFieldName . "<>'' ";
}
$whereStr .= " and " . $fullFieldName . " is not null)";
$whereStr .= " and abs(case textregexeq(" . $fullFieldName . ", '^(\\-)?[[:digit:]]+(\\.[[:digit:]]+)?\$') when true then to_number(" . $fullFieldName . ", '999999999') else 0 end) > 0";
$whereStr .= " and abs(val(" . $fullFieldName . ")) > 0";
return $whereStr;
} elseif ($SearchFor == "off") {
$whereStr = "(" . GetFullFieldName($this->field) . "='0' ";
if (!$this->isOracle) {
$whereStr .= " or " . GetFullFieldName($this->field) . "='' ";
}
$whereStr .= " or " . GetFullFieldName($this->field) . " is null)";
$whereStr .= " or abs(case textregexeq(" . $fullFieldName . ", '^(\\-)?[[:digit:]]+(\\.[[:digit:]]+)?\$') when true then to_number(" . $fullFieldName . ", '999999999') else 0 end) = 0";
$whereStr .= " or abs(val(" . $fullFieldName . ")) = 0";
return $whereStr;
}
} else {
if ($SearchFor == "on") {
return "(" . GetFullFieldName($this->field) . "<>0 and " . GetFullFieldName($this->field) . " is not null)";
} elseif ($SearchFor == "off") {
return "(" . GetFullFieldName($this->field) . "=0 or " . GetFullFieldName($this->field) . " is null)";
}
}
return "";
}
/**
* Get an SQL string containing the intervals totals
* to add them then to the SELECT clause
* @return String
*/
protected function getTotals()
{
$type = $this->pSet->getFieldType($this->fName);
$bNeedQuotes = NeedQuotes($type);
$fullFieldName = $this->getDbFieldName($this->fName);
$fullTotalFieldName = $this->getDbFieldName($this->totalsfName);
$booleanData = array("checked", "unchecked");
$totals = array();
foreach ($booleanData as $type) {
$checked = $type == "checked";
$caseCondition = CheckboxField::constructFieldWhere($fullFieldName, $bNeedQuotes, $checked, $type, $this->connection->dbType);
$caseStatement = $this->getCaseStatement($caseCondition, $fullTotalFieldName, "null");
$totals[] = $this->aggregate . "(" . $caseStatement . ") as " . $this->connection->addFieldWrappers($type);
if ($this->useTotals && $this->fName != $this->totalsfName) {
$caseStatement = $this->getCaseStatement($caseCondition, $fullFieldName, "null");
$totals[] = $this->aggregate . "(" . $caseStatement . ") as " . $this->connection->addFieldWrappers($this->fName . $type);
}
}
return implode(", ", $totals);
}
function add_db_quotes($field, $value, $table = "", $type = null)
{
global $strTableName;
if ($table == "") {
$table = $strTableName;
}
$pSet = new ProjectSettings($table);
if ($type == null) {
$type = $pSet->getFieldType($field);
}
if (IsBinaryType($type)) {
return db_addslashesbinary($value);
}
if (($value === "" || $value === FALSE || is_null($value)) && !IsCharType($type)) {
return "null";
}
if (NeedQuotes($type)) {
if (!IsDateFieldType($type)) {
$value = db_prepare_string($value);
} else {
$value = db_datequotes($value);
}
} else {
$strvalue = (string) $value;
$strvalue = str_replace(",", ".", $strvalue);
if (is_numeric($strvalue)) {
$value = $strvalue;
} else {
$value = 0;
}
}
return $value;
}
function PrepareValue($value, $type)
{
if (IsDateFieldType($type)) {
return db_datequotes($value);
}
if (NeedQuotes($type)) {
return db_prepare_string($value);
} else {
return 0 + $value;
}
}
/**
* @param Mixed rs
* @param Number nPageSize
*/
protected function WriteTableData($rs, $nPageSize)
{
$exportFields = $this->pSet->getExportFields();
$totalFieldsData = $this->pSet->getTotalsFields();
if ($this->eventsObject->exists("ListFetchArray")) {
$row = $this->eventsObject->ListFetchArray($rs, $this);
} else {
$row = $this->cipherer->DecryptFetchedArray($this->connection->fetch_array($rs));
}
// write header
echo "<tr>";
if ($_REQUEST["type"] == "excel") {
foreach ($exportFields as $field) {
echo '<td style="width: 100" x:str>' . PrepareForExcel($this->pSet->label($field)) . '</td>';
}
} else {
foreach ($exportFields as $field) {
echo "<td>" . $this->pSet->label($field) . "</td>";
}
}
echo "</tr>";
$totals = array();
$totalsFields = array();
foreach ($totalFieldsData as $data) {
if (!in_array($data["fName"], $exportFields)) {
continue;
}
$totals[$data["fName"]] = array("value" => 0, "numRows" => 0);
$totalsFields[] = array('fName' => $data["fName"], 'totalsType' => $data["totalsType"], 'viewFormat' => $this->pSet->getViewFormat($data["fName"]));
}
// write data rows
$iNumberOfRows = 0;
$this->viewControls->forExport = "export";
while ((!$nPageSize || $iNumberOfRows < $nPageSize) && $row) {
countTotals($totals, $totalsFields, $row);
$values = array();
foreach ($exportFields as $field) {
$fType = $this->pSet->getFieldType($field);
if (IsBinaryType($fType)) {
$values[$field] = "código binario demasiado grande – no puede ser desplegado";
} else {
$values[$field] = $this->getViewControl($field)->getExportValue($row, "");
}
}
$eventRes = true;
if ($this->eventsObject->exists('BeforeOut')) {
$eventRes = $this->eventsObject->BeforeOut($row, $values, $this);
}
if ($eventRes) {
$iNumberOfRows++;
echo "<tr>";
foreach ($exportFields as $field) {
$fType = $this->pSet->getFieldType($field);
if (IsCharType($fType)) {
if ($_REQUEST["type"] == "excel") {
echo '<td x:str>';
} else {
echo '<td>';
}
} else {
echo '<td>';
}
$editFormat = $this->pSet->getEditFormat($field);
if ($editFormat == EDIT_FORMAT_LOOKUP_WIZARD) {
if ($this->pSet->NeedEncode($field)) {
if ($_REQUEST["type"] == "excel") {
echo PrepareForExcel($values[$field]);
} else {
echo $values[$field];
}
} else {
echo $values[$field];
}
} elseif (IsBinaryType($fType)) {
echo $values[$field];
} else {
if ($editFormat == FORMAT_CUSTOM || $this->pSet->isUseRTE($field)) {
echo $values[$field];
} elseif (NeedQuotes($field)) {
if ($_REQUEST["type"] == "excel") {
echo PrepareForExcel($values[$field]);
} else {
echo $values[$field];
}
} else {
echo $values[$field];
}
}
echo '</td>';
}
echo "</tr>";
}
if ($this->eventsObject->exists("ListFetchArray")) {
$row = $this->eventsObject->ListFetchArray($rs, $this);
} else {
$row = $this->cipherer->DecryptFetchedArray($this->connection->fetch_array($rs));
}
}
if (count($totalFieldsData)) {
echo "<tr>";
foreach ($totalFieldsData as $data) {
if (!in_array($data["fName"], $exportFields)) {
continue;
}
echo "<td>";
if (strlen($data["totalsType"])) {
if ($data["totalsType"] == "COUNT") {
echo "Contar" . ": ";
} elseif ($data["totalsType"] == "TOTAL") {
echo "Total" . ": ";
} elseif ($data["totalsType"] == "AVERAGE") {
echo "Promedio" . ": ";
}
echo runner_htmlspecialchars(GetTotals($data["fName"], $totals[$data["fName"]]["value"], $data["totalsType"], $totals[$data["fName"]]["numRows"], $this->pSet->getViewFormat($data["fName"]), PAGE_EXPORT));
}
echo "</td>";
}
echo "</tr>";
}
}
/**
* @param String field
* @param Mixed value
* @param String table The datasource table name
* @param String type
* @intellisense
*/
function add_db_quotes($field, $value, $table = "", $type = null)
{
global $strTableName, $locale_info, $cman;
if ($table == "") {
$table = $strTableName;
}
$pSet = new ProjectSettings($table);
$connection = $cman->byTable($table);
if ($type == null) {
$type = $pSet->getFieldType($field);
}
if (IsBinaryType($type)) {
return $connection->addSlashesBinary($value);
}
if (($value === "" || $value === FALSE || is_null($value)) && !IsCharType($type)) {
return "null";
}
if (NeedQuotes($type)) {
if (!IsDateFieldType($type)) {
$value = $connection->prepareString($value);
} else {
$y = "(\\d\\d\\d\\d)";
$m = "(0?[1-9]|1[0-2])";
$d = "(0?[1-9]|[1-2][0-9]|3[0-1])";
$delim = "(-|" . preg_quote($locale_info["LOCALE_SDATE"], "/") . ")";
$reg = "/" . $d . $delim . $m . $delim . $y . "|" . $m . $delim . $d . $delim . $y . "|" . $y . $delim . $m . $delim . $d . "/";
if (!preg_match($reg, $value, $matches)) {
return "null";
}
$value = $connection->addDateQuotes($value);
}
} else {
$strvalue = (string) $value;
if (is_numeric($strvalue)) {
$value = str_replace(",", ".", $strvalue);
} else {
$value = 0;
}
if ($connection->dbType == nDATABASE_PostgreSQL) {
// if boolean type field, add quotes
if ($type == 11) {
$value = strtolower($value);
if (!strlen($value) || $value == 0 || $value == "0" || $value == "false" || $value == "f" || $value == "n" || $value == "no" || $value == "off") {
$value = "f";
} else {
$value = "t";
}
$value = $connection->prepareString($value);
}
}
}
return $value;
}
public function showDBValue(&$data, $keylink)
{
global $conn, $strTableName;
$value = $data[$this->field];
if (!strlen($value)) {
return "";
}
$where = "";
$out = "";
$lookupvalue = $value;
$iquery = "field=" . htmlspecialchars(rawurlencode($this->field)) . $keylink;
$where = GetLWWhere($this->field, $this->container->pageType);
if ($this->pSet->multiSelect($this->field)) {
$arr = splitvalues($value);
$numeric = true;
$type = $this->pSet->getLWLinkFieldType($this->field);
if (!$type) {
foreach ($arr as $val) {
if (strlen($val) && !is_numeric($val)) {
$numeric = false;
break;
}
}
} else {
$numeric = !NeedQuotes($type);
}
$in = "";
foreach ($arr as $val) {
if ($numeric && !strlen($val)) {
continue;
}
if (strlen($in)) {
$in .= ",";
}
if ($numeric) {
$in .= $val + 0;
} else {
$in .= db_prepare_string($this->cipherer->EncryptField($this->nLookupType == LT_QUERY ? $this->linkFieldName : $this->field, $val));
}
}
if (strlen($in)) {
if ($this->nLookupType == LT_QUERY) {
$inWhere = GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " in (" . $in . ")";
if (strlen($where)) {
$inWhere .= " and (" . $where . ")";
}
$LookupSQL = $this->lookupQueryObj->toSql(whereAdd($this->lookupQueryObj->m_where->toSql($this->lookupQueryObj), $inWhere));
} else {
$LookupSQL = $this->LookupSQL . $this->pSet->getLWLinkField($this->field) . " in (" . $in . ")";
if (strlen($where)) {
$LookupSQL .= " and (" . $where . ")";
}
}
LogInfo($LookupSQL);
$rsLookup = db_query($LookupSQL, $conn);
$found = false;
$lookupArrTmp = array();
$lookupArr = array();
while ($lookuprow = db_fetch_numarray($rsLookup)) {
$lookupArrTmp[] = $lookuprow[$this->displayFieldIndex];
}
$lookupArr = array_unique($lookupArrTmp);
$localData = $data;
foreach ($lookupArr as $lookupvalue) {
if ($found) {
$out .= ",";
}
$found = true;
if ($this->pSet->getViewFormat($this->field) != "Custom") {
$localData[$this->field] = $lookupvalue;
}
$outVal = $this->localControlsContainer->showDBValue($this->field, $localData, $keylink, $lookupvalue);
$out .= $this->nLookupType == LT_QUERY || $this->linkAndDisplaySame ? $this->cipherer->DecryptField($this->nLookupType == LT_QUERY ? $this->displayFieldName : $this->field, $outVal) : $outVal;
}
return $out;
}
} else {
$found = false;
$strdata = $this->cipherer->MakeDBValue($this->nLookupType == LT_QUERY ? $this->linkFieldName : $this->field, $value, "", "", true);
if ($this->nLookupType == LT_QUERY) {
$strWhere = GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " = " . $strdata;
if (strlen($where)) {
$strWhere .= " and (" . $where . ")";
}
$LookupSQL = $this->lookupQueryObj->toSql(whereAdd($this->lookupQueryObj->m_where->toSql($this->lookupQueryObj), $strWhere));
} else {
$strWhere = $this->pSet->getLWLinkField($this->field) . " = " . $strdata;
if (strlen($where)) {
$strWhere .= " and (" . $where . ")";
}
$LookupSQL = $this->LookupSQL . $strWhere;
}
LogInfo($LookupSQL);
$rsLookup = db_query($LookupSQL, $conn);
if ($lookuprow = db_fetch_numarray($rsLookup)) {
$lookupvalue = $lookuprow[$this->displayFieldIndex];
$found = true;
}
}
if (!$out) {
if ($found && ($this->nLookupType == LT_QUERY || $this->linkAndDisplaySame)) {
$lookupvalue = $this->cipherer->DecryptField($this->nLookupType == LT_QUERY ? $this->displayFieldName : $this->field, $lookupvalue);
}
$localData = $data;
if ($this->pSet->getViewFormat($this->field) != "Custom") {
$localData[$this->field] = $lookupvalue;
}
$out = $this->localControlsContainer->showDBValue($this->field, $localData, $keylink, $lookupvalue);
}
return $out;
}
$value = $cipherer->MakeDBValue($cUserNameField,$value,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$value=db_prepare_string($value);
else
$value=(0+$value);
}
$sWhere="(".GetFullFieldName($cUserNameField,"webreport_users",false)."=".$value;
$value=$strUsernameEmail;
if($cipherer->isFieldEncrypted($cEmailField))
$value = $cipherer->MakeDBValue($cEmailField,$value,"","",true);
else
{
if(NeedQuotes($cEmailFieldType))
$value=db_prepare_string($value);
else
$value=(0+$value);
}
$sWhere.=" or ".GetFullFieldName($cEmailField,"webreport_users",false)."=".$value.")";
if($tosearch && $globalEvents->exists("BeforeRemindPassword"))
$tosearch = $globalEvents->BeforeRemindPassword($strUsernameEmail,$strUsernameEmail, $pageObject);
if($tosearch)
{
$selectClause = "select ".GetFullFieldName($cUserNameField,"webreport_users",false)." as ".AddFieldWrappers($cUserNameField)
.",".GetFullFieldName($cPasswordField,"webreport_users",false)." as ".AddFieldWrappers($cPasswordField);
// prevent aliases mixing
}
$value = @$_SESSION["UserID"];
if ($cipherer->isFieldEncrypted($cUserNameField)) {
$value = $cipherer->MakeDBValue($cUserNameField, $value, "", true);
} else {
if (NeedQuotes($cUserNameFieldType)) {
$value = $pageObject->connection->prepareString($value);
} else {
$value = 0 + $value;
}
}
$passvalue = $values["newpass"];
if ($cipherer->isFieldEncrypted($cPasswordField)) {
$passvalue = $cipherer->MakeDBValue($cPasswordField, $passvalue);
} else {
if (NeedQuotes($cPasswordFieldType)) {
$passvalue = $pageObject->connection->prepareString($passvalue);
} else {
$passvalue = 0 + $passvalue;
}
}
$sWhere = " where " . $pageObject->getFieldSQLDecrypt($cUserNameField) . "=" . $value;
$strSQL = "select " . $pageObject->getFieldSQLDecrypt($cPasswordField);
$strSQL .= " as " . $pageObject->connection->addFieldWrappers($cPasswordField) . " from " . $pageObject->connection->addTableWrappers($cLoginTable) . $sWhere;
$qResult = $pageObject->connection->query($strSQL);
$row = $cipherer->DecryptFetchedArray($qResult->fetchAssoc());
if ($row && $values['oldpass'] == $row[$cPasswordField]) {
if ($pageObject->pwdStrong && !checkpassword($values['newpass'])) {
$msg = "";
$pwdLen = GetGlobalData("pwdLen", 0);
if ($pwdLen) {
/**
* @param String value
* @return String
*/
protected function getDbPreparedValuesList($value)
{
if (!$this->pSet->multiSelect($this->field)) {
return "";
}
$values = splitvalues($value);
$type = $this->pSet->getLWLinkFieldType($this->field);
$numeric = true;
if (!$type) {
foreach ($values as $val) {
if (strlen($val) && !is_numeric($val)) {
$numeric = false;
break;
}
}
} else {
$numeric = !NeedQuotes($type);
}
$listValues = array();
foreach ($values as $val) {
if ($numeric && !strlen($val)) {
continue;
}
if ($numeric) {
$listValues[] = $val + 0;
} else {
$fName = $this->nLookupType == LT_QUERY ? $this->linkFieldName : $this->field;
$listValues[] = $this->lookupConnection->prepareString($this->cipherer->EncryptField($fName, $val));
}
}
return implode(",", $listValues);
}
function WRadd_db_quotes($field,$value,$table="")
{
$type = WRGetFieldType($table.".".$field);
if(IsBinaryType($type))
return db_addslashesbinary($value);
if(($value==="" || $value===FALSE) && !IsCharType($type))
return "null";
if(NeedQuotes($type))
{
if(!IsDateFieldType($type))
$value=db_prepare_string($value);
else
$value=db_datequotes($value);
}
else
{
$strvalue = (string)$value;
$strvalue = str_replace(",",".",$strvalue);
if(is_numeric($strvalue))
$value=$strvalue;
else
$value=0;
}
return $value;
}
/**
*
*/
function PrepareValue($value, $type)
{
if ($this->_connection->dbType == nDATABASE_Oracle || $this->_connection->dbType == nDATABASE_DB2 || $this->_connection->dbType == nDATABASE_Informix) {
if (IsBinaryType($type)) {
if ($this->_connection->dbType == nDATABASE_Oracle) {
return "EMPTY_BLOB()";
}
return "?";
}
if ($this->_connection->dbType == nDATABASE_Informix && IsTextType($type)) {
return "?";
}
}
if (IsDateFieldType($type)) {
if (!$value) {
return "null";
} else {
$this->_connection->addDateQuotes($value);
}
}
if (NeedQuotes($type)) {
return $this->_connection->prepareString($value);
}
return 0 + $value;
}
// security - end
// construct sql
$keys = DBGetTableKeys($table);
if(!count($keys))
exit();
$strkeywhere = "";
foreach($keys as $idx=>$k)
{
if(strlen($strkeywhere))
$strkeywhere.=" and ";
$strkeywhere.=AddTableWrappers($table).".".AddFieldWrappers($k)."=";
$type=WRGetFieldType($table.".".$k);
if(NeedQuotes($type))
$strkeywhere.=db_prepare_string(postvalue("key".($idx+1)));
else
{
$value=postvalue("key".($idx+1));
$strvalue = (string)$value;
$strvalue = str_replace(",",".",$strvalue);
if(is_numeric($strvalue))
$value=$strvalue;
else
$value=0;
$strkeywhere.=$value;
}
}
$strSQL = $rpt_array['sql'] . " WHERE ". $strkeywhere;
function WRadd_db_quotes($field, $value, $table = "")
{
$connection = getWebreportConnection();
$type = WRGetFieldType($table . "." . $field);
if (IsBinaryType($type)) {
return $connection->addSlashesBinary($value);
}
if (($value === "" || $value === FALSE) && !IsCharType($type)) {
return "null";
}
if (NeedQuotes($type)) {
if (!IsDateFieldType($type)) {
$value = $connection->prepareString($value);
} else {
$value = $connection->addDateQuotes($value);
}
} else {
$strvalue = (string) $value;
$strvalue = str_replace(",", ".", $strvalue);
if (is_numeric($strvalue)) {
$value = $strvalue;
} else {
$value = 0;
}
}
return $value;
}
/**
* Get filter's WHERE clause condition basing on the filter's type
*
* @param String filterType A string representing the filter's type
* @param String fName
* @param String fValue
* @param String dbType
* @return String
*/
function getFilterWhereByType($filterType, $fName, $fValue, $sValue, $parentValues, $connection)
{
$pSet = new ProjectSettings($this->tName, PAGE_SEARCH);
$fullFieldName = RunnerPage::_getFieldSQLDecrypt($fName, $connection, $pSet, $this->cipherer);
$fieldType = $pSet->getFieldType($fName);
$dateField = IsDateFieldType($fieldType);
$timeField = IsTimeType($fieldType);
if ($dateField || $timeField) {
include_once getabspath("classes/controls/FilterControl.php");
include_once getabspath("classes/controls/FilterIntervalSlider.php");
include_once getabspath("classes/controls/FilterIntervalDateSlider.php");
}
switch ($filterType) {
case 'interval':
$intervalData = $pSet->getFilterIntervalDatabyIndex($fName, $fValue);
if (!count($intervalData)) {
return "";
}
include_once getabspath("classes/controls/FilterControl.php");
include_once getabspath("classes/controls/FilterIntervalList.php");
return FilterIntervalList::getIntervalFilterWhere($fName, $intervalData, $pSet, $this->cipherer, $this->tName, $connection);
case 'equals':
if (!count($parentValues)) {
return $fullFieldName . "=" . $this->cipherer->MakeDBValue($fName, $fValue, "", true);
}
$wheres = array();
$wheres[] = $fullFieldName . "=" . $this->cipherer->MakeDBValue($fName, $fValue, "", true);
$parentFiltersNames = $pSet->getParentFiltersNames($fName);
foreach ($parentFiltersNames as $key => $parentName) {
$wheres[] = RunnerPage::_getFieldSQLDecrypt($parentName, $connection, $pSet, $this->cipherer) . "=" . $this->cipherer->MakeDBValue($parentName, $parentValues[$key], "", true);
}
return "(" . implode(" AND ", $wheres) . ")";
case 'checked':
if ($fValue != "on" && $fValue != "off") {
return "";
}
$bNeedQuotes = NeedQuotes($fieldType);
include_once getabspath("classes/controls/Control.php");
include_once getabspath("classes/controls/CheckboxField.php");
return CheckboxField::constructFieldWhere($fullFieldName, $bNeedQuotes, $fValue == "on", $pSet->getFieldType($fName), $connection->dbType);
case 'slider':
if ($dateField) {
return FilterIntervalDateSlider::getDateSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName);
}
if ($timeField) {
include_once getabspath("classes/controls/FilterIntervalTimeSlider.php");
return FilterIntervalTimeSlider::getTimeSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName);
}
return $this->cipherer->MakeDBValue($fName, $fValue, "", true) . "<=" . $fullFieldName . " AND " . $fullFieldName . "<=" . $this->cipherer->MakeDBValue($fName, $sValue, "", true);
case 'moreequal':
if ($dateField) {
return FilterIntervalDateSlider::getDateSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName);
}
if ($timeField) {
include_once getabspath("classes/controls/FilterIntervalTimeSlider.php");
return FilterIntervalTimeSlider::getTimeSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName);
}
return $this->cipherer->MakeDBValue($fName, $fValue, "", true) . "<=" . $fullFieldName;
case 'lessequal':
if ($dateField) {
return FilterIntervalDateSlider::getDateSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName);
}
if ($timeField) {
include_once getabspath("classes/controls/FilterIntervalTimeSlider.php");
return FilterIntervalTimeSlider::getTimeSliderWhere($fName, $pSet, $this->cipherer, $this->tName, $fValue, $sValue, $filterType, $fullFieldName);
}
return $fullFieldName . "<=" . $this->cipherer->MakeDBValue($fName, $fValue, "", true);
default:
return "";
}
}
function InsertRecord($arr, $recInd)
{
global $goodlines, $conn, $error_message, $keys_present, $keys, $strOriginalTableName, $strTableName, $eventObj, $locale_info, $auditObj;
$ret = 1;
$rawvalues = array();
foreach ($arr as $key => $val) {
$rawvalues[$key] = $val;
$type = GetFieldType($key);
if (!NeedQuotes($type)) {
$value = (string) $val;
$value = str_replace(",", ".", $value);
if (strlen($value) > 0) {
$value = str_replace($locale_info["LOCALE_SCURRENCY"], "", $value);
$arr[$key] = 0 + $value;
} else {
$arr[$key] = NULL;
}
}
}
$retval = true;
if ($eventObj->exists('BeforeInsert')) {
$retval = $eventObj->BeforeInsert($rawvalues, $arr);
}
if ($retval) {
$fields = array_keys($arr);
foreach ($fields as $key => $val) {
$fields_list[$key] = AddFieldWrappers(GetFullFieldName($val));
}
$values_list = "";
foreach ($arr as $key => $val) {
if (!is_null($arr[$key])) {
$values_list .= add_db_quotes($key, $val) . ", ";
} else {
$values_list .= "NULL, ";
}
}
if (strlen($values_list) > 0) {
$values_list = substr($values_list, 0, strlen($values_list) - 2);
}
$sql = "insert into " . AddTableWrappers($strOriginalTableName) . " (" . implode(",", $fields_list) . ") values (" . $values_list . ")";
if (db_exec_import($sql, $conn)) {
$goodlines++;
if ($auditObj) {
$aKeys = GetKeysArray($arr, true);
$auditObj->LogAdd($strTableName, $arr, $aKeys);
}
} else {
$temp_error_message = "<b>Error:</b> in the line: " . implode(",", $arr) . ' <a linkType="debugOpener" recId="' . $recInd . '" href="" onclick="importMore(' . $recInd . ');">More info</a><br>';
$temp_error_message .= '<div id="importDebugInfoTable' . $recInd . '" cellpadding="3" cellspacing="1" align="center" style="display: none;"><p class="error">SQL query: ' . $sql . '; </p><p class="error">DB error: ' . db_error($conn) . ';</p></div>';
$temp_error_message .= "<br><br>";
// we'll try to update the record
if ($keys_present) {
$sql = "update " . AddTableWrappers($strOriginalTableName) . " set ";
$sqlset = "";
$where = " where ";
foreach ($fields as $k => $val) {
if (!in_array(AddFieldWrappers($fields[$k]), $keys)) {
if (!is_null($arr[$val])) {
$sqlset .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . ", ";
} else {
$sqlset .= $fields_list[$k] . "=NULL, ";
}
} else {
$where .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . " and ";
}
}
if (strlen($sqlset) > 0) {
$sql .= substr($sqlset, 0, strlen($sqlset) - 2);
}
$where = substr($where, 0, strlen($where) - 5);
$sql .= " " . $where;
$rstmp = db_query("select * from " . AddTableWrappers($strOriginalTableName) . " " . $where, $conn);
$data = db_fetch_array($rstmp);
if ($data) {
if ($auditObj) {
foreach ($data as $key => $val) {
$auditOldValues[$key] = $val;
}
}
if (db_exec_import($sql, $conn)) {
// update successfull
$goodlines++;
if ($auditObj) {
$aKeys = GetKeysArray($arr);
$auditObj->LogEdit($strTableName, $arr, $auditOldValues, $aKeys);
}
} else {
echo 'not updated';
// update not successfull
$error_message .= $temp_error_message;
$ret = 0;
}
} else {
$error_message .= $temp_error_message;
$ret = 0;
}
} else {
$error_message .= $temp_error_message;
}
}
return $ret;
}
}
/**
* Login method
*
*/
function LogIn($pUsername,$pPassword){
// username and password are stored in the database
global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string)$pUsername;
$strPassword = (string)$pPassword;
$cipherer = new RunnerCipherer("webreport_users");
$sUsername = $strUsername;
$sPassword = $strPassword;
if($cipherer->isFieldEncrypted($cUserNameField))
$strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$strUsername = db_prepare_string($strUsername);
else
$strUsername = (0+$strUsername);
}
if($cipherer->isFieldEncrypted($cPasswordField))
$strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true);
else
{
if(NeedQuotes($cPasswordFieldType))
$strPassword = db_prepare_string($strPassword);
else
$strPassword = (0+$strPassword);
}
$fieldList = "";
$lSet = new ProjectSettings("webreport_users", PAGE_LIST);
if($lSet->GetTableData(".sqlquery"))
$fieldList = $lSet->GetTableData(".sqlquery")->toSql();
if($fieldList)
{
if(!$this->pSet->isCaseInsensitiveUsername()) {
$where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)).
"=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword;
} else {
$where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)).
"=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false).
"=".$strPassword;
}
$tempSQLQuery = $lSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$strSQL = $tempSQLQuery->toSql();
}
else
{
$strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword;
}
$rs = db_query($strSQL,$conn);
$data = $cipherer->DecryptFetchedArray($rs);
if($data){
if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){
$logged=true;
$pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername;
}
}
if($logged && $this->isCaptchaOk)
{
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword);
return true;
}
else {
if($this->auditObj)
{
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
}
