function isEnableUpper($val)
{
if($this->getNCSearch())
return db_upper($val);
else
return $val;
}
function GenericStrWhereAdv($strTable, $strField, $SearchFor, $strSearchOption, $SearchFor2, $etype)
{
global $dal;
$sfield=$strField;
$stable="";
if(is_wr_db())
{
WRSplitFieldName($strField,$stable,$sfield);
$type=WRGetFieldType($strField);
}
else
$type=WRCustomGetFieldType($strTable,$strField);
if(GetDatabaseType()!=2) //MSSQLServer
$ismssql=false;
else
$ismssql=true;
$btexttype=IsTextType($type);
if(GetDatabaseType()==0) //MySQL
$btexttype=false;
if(IsBinaryType($type))
return "";
if(GetDatabaseType()==2) //MSSQLServer
{
if($btexttype && $strSearchOption!="Contains" && $strSearchOption!="Starts with ..." )
return "";
}
if($strSearchOption=='Empty')
{
if(IsCharType($type) && (!$ismssql || !$btexttype))
return "(".WRAddFieldWrappers($strField)." is null or ".WRAddFieldWrappers($strField)."='')";
elseif ($ismssql && $btexttype)
return "(".WRAddFieldWrappers($strField)." is null or ".WRAddFieldWrappers($strField)." LIKE '')";
else
return WRAddFieldWrappers($strField)." is null";
}
if(GetDatabaseType()==4) //PostgreSQL
$like="ilike";
else
$like="like";
if(GetGenericEditFormat($strTable,$sfield)==EDIT_FORMAT_LOOKUP_WIZARD)
{
$pSet = new ProjectSettings($strTable);
if($pSet->multiSelect($sfield))
$SearchFor=splitvalues($SearchFor);
else
$SearchFor=array($SearchFor);
$ret="";
foreach($SearchFor as $searchItem)
{
$value = $searchItem;
if(!($value=="null" || $value=="Null" || $value==""))
{
if(strlen($ret))
$ret.=" or ";
if($strSearchOption=="Equals")
{
$value=WRmake_db_value($sfield,$value,$strTable);
if(!($value=="null" || $value=="Null"))
$ret.=WRAddFieldWrappers($strField).'='.$value;
}
else
{
if(strpos($value,",")!==false || strpos($value,'"')!==false)
$value = '"'.str_replace('"','""',$value).'"';
$ret.=WRAddFieldWrappers($strField)." = ".db_prepare_string($value);
$ret.=" or ".WRAddFieldWrappers($strField)." ".$like." ".db_prepare_string("%,".$value.",%");
$ret.=" or ".WRAddFieldWrappers($strField)." ".$like." ".db_prepare_string("%,".$value);
$ret.=" or ".WRAddFieldWrappers($strField)." ".$like." ".db_prepare_string($value.",%");
}
}
}
if(strlen($ret))
$ret="(".$ret.")";
return $ret;
}
if(GetGenericEditFormat($strTable,$sfield)==EDIT_FORMAT_CHECKBOX)
{
if($SearchFor=="none")
return "";
if(NeedQuotes($type))
{
if($SearchFor=="on")
return "(".WRAddFieldWrappers($strField)."<>'0' and ".WRAddFieldWrappers($strField)."<>'' and ".WRAddFieldWrappers($strField)." is not null)";
else
return "(".WRAddFieldWrappers($strField)."='0' or ".WRAddFieldWrappers($strField)."='' or ".WRAddFieldWrappers($strField)." is null)";
}
else
{
if($SearchFor=="on")
return "(".WRAddFieldWrappers($strField)."<>0 and ".WRAddFieldWrappers($strField)." is not null)";
else
return "(".WRAddFieldWrappers($strField)."=0 or ".WRAddFieldWrappers($strField)." is null)";
}
}
$value1=WRmake_db_value($sfield,$SearchFor,$strTable);
$value2=false;
if($strSearchOption=="Between")
$value2=WRmake_db_value($sfield,$SearchFor2,$strTable);
if($strSearchOption!="Contains" && $strSearchOption!="Starts with ..." && ($value1==="null" || $value2==="null" ))
return "";
if(IsCharType($type) && !$btexttype)
{
$value1=db_upper($value1);
$value2=db_upper($value2);
$strField=db_upper(WRAddFieldWrappers($strField));
}
elseif ($ismssql && !$btexttype && ($strSearchOption=="Contains" || $strSearchOption=="Starts with ..."))
$strField="convert(varchar,".WRAddFieldWrappers($strField).")";
elseif(GetDatabaseType()==4 && !$btexttype && ($strSearchOption=="Contains" || $strSearchOption=="Starts with ..."))
$strField = "CAST(".WRAddFieldWrappers($strField)." AS TEXT)";
else
$strField=WRAddFieldWrappers($strField);
$ret="";
if($strSearchOption=="Contains")
{
if(IsCharType($type) && !$btexttype)
return $strField." ".$like." ".db_upper(db_prepare_string("%".$SearchFor."%"));
else
return $strField." ".$like." ".db_prepare_string("%".$SearchFor."%");
}
else if($strSearchOption=="Equals")
{
return $strField."=".$value1;
}
else if($strSearchOption=="Starts with ...")
{
if(IsCharType($type) && !$btexttype)
return $strField." ".$like." ".db_upper(db_prepare_string($SearchFor."%"));
else
return $strField." ".$like." ".db_prepare_string($SearchFor."%");
}
else if($strSearchOption=="More than ...") return $strField.">".$value1;
else if($strSearchOption=="Less than ...") return $strField."<".$value1;
else if($strSearchOption=="Equal or more than ...") return $strField.">=".$value1;
else if($strSearchOption=="Equal or less than ...") return $strField."<=".$value1;
else if($strSearchOption=="Between")
{
$ret=$strField.">=".$value1;
$ret.=" and ".$strField."<=".$value2;
return $ret;
}
return "";
}
function isEnableUpper($val)
{
global $strTableName, $tables_data;
if ($tables_data[$strTableName][".NCSearch"]) {
return db_upper($val);
} else {
return $val;
}
}
/**
* Login method
*
*/
function LogIn($pUsername,$pPassword){
// username and password are stored in the database
global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string)$pUsername;
$strPassword = (string)$pPassword;
$cipherer = new RunnerCipherer("webreport_users");
$sUsername = $strUsername;
$sPassword = $strPassword;
if($cipherer->isFieldEncrypted($cUserNameField))
$strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$strUsername = db_prepare_string($strUsername);
else
$strUsername = (0+$strUsername);
}
if($cipherer->isFieldEncrypted($cPasswordField))
$strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true);
else
{
if(NeedQuotes($cPasswordFieldType))
$strPassword = db_prepare_string($strPassword);
else
$strPassword = (0+$strPassword);
}
$fieldList = "";
$lSet = new ProjectSettings("webreport_users", PAGE_LIST);
if($lSet->GetTableData(".sqlquery"))
$fieldList = $lSet->GetTableData(".sqlquery")->toSql();
if($fieldList)
{
if(!$this->pSet->isCaseInsensitiveUsername()) {
$where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)).
"=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword;
} else {
$where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)).
"=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false).
"=".$strPassword;
}
$tempSQLQuery = $lSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$strSQL = $tempSQLQuery->toSql();
}
else
{
$strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword;
}
$rs = db_query($strSQL,$conn);
$data = $cipherer->DecryptFetchedArray($rs);
if($data){
if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){
$logged=true;
$pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername;
}
}
if($logged && $this->isCaptchaOk)
{
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword);
return true;
}
else {
if($this->auditObj)
{
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
}
