function isEnableUpper($val) { if($this->getNCSearch()) return db_upper($val); else return $val; }
function GenericStrWhereAdv($strTable, $strField, $SearchFor, $strSearchOption, $SearchFor2, $etype) { global $dal; $sfield=$strField; $stable=""; if(is_wr_db()) { WRSplitFieldName($strField,$stable,$sfield); $type=WRGetFieldType($strField); } else $type=WRCustomGetFieldType($strTable,$strField); if(GetDatabaseType()!=2) //MSSQLServer $ismssql=false; else $ismssql=true; $btexttype=IsTextType($type); if(GetDatabaseType()==0) //MySQL $btexttype=false; if(IsBinaryType($type)) return ""; if(GetDatabaseType()==2) //MSSQLServer { if($btexttype && $strSearchOption!="Contains" && $strSearchOption!="Starts with ..." ) return ""; } if($strSearchOption=='Empty') { if(IsCharType($type) && (!$ismssql || !$btexttype)) return "(".WRAddFieldWrappers($strField)." is null or ".WRAddFieldWrappers($strField)."='')"; elseif ($ismssql && $btexttype) return "(".WRAddFieldWrappers($strField)." is null or ".WRAddFieldWrappers($strField)." LIKE '')"; else return WRAddFieldWrappers($strField)." is null"; } if(GetDatabaseType()==4) //PostgreSQL $like="ilike"; else $like="like"; if(GetGenericEditFormat($strTable,$sfield)==EDIT_FORMAT_LOOKUP_WIZARD) { $pSet = new ProjectSettings($strTable); if($pSet->multiSelect($sfield)) $SearchFor=splitvalues($SearchFor); else $SearchFor=array($SearchFor); $ret=""; foreach($SearchFor as $searchItem) { $value = $searchItem; if(!($value=="null" || $value=="Null" || $value=="")) { if(strlen($ret)) $ret.=" or "; if($strSearchOption=="Equals") { $value=WRmake_db_value($sfield,$value,$strTable); if(!($value=="null" || $value=="Null")) $ret.=WRAddFieldWrappers($strField).'='.$value; } else { if(strpos($value,",")!==false || strpos($value,'"')!==false) $value = '"'.str_replace('"','""',$value).'"'; $ret.=WRAddFieldWrappers($strField)." = ".db_prepare_string($value); $ret.=" or ".WRAddFieldWrappers($strField)." ".$like." ".db_prepare_string("%,".$value.",%"); $ret.=" or ".WRAddFieldWrappers($strField)." ".$like." ".db_prepare_string("%,".$value); $ret.=" or ".WRAddFieldWrappers($strField)." ".$like." ".db_prepare_string($value.",%"); } } } if(strlen($ret)) $ret="(".$ret.")"; return $ret; } if(GetGenericEditFormat($strTable,$sfield)==EDIT_FORMAT_CHECKBOX) { if($SearchFor=="none") return ""; if(NeedQuotes($type)) { if($SearchFor=="on") return "(".WRAddFieldWrappers($strField)."<>'0' and ".WRAddFieldWrappers($strField)."<>'' and ".WRAddFieldWrappers($strField)." is not null)"; else return "(".WRAddFieldWrappers($strField)."='0' or ".WRAddFieldWrappers($strField)."='' or ".WRAddFieldWrappers($strField)." is null)"; } else { if($SearchFor=="on") return "(".WRAddFieldWrappers($strField)."<>0 and ".WRAddFieldWrappers($strField)." is not null)"; else return "(".WRAddFieldWrappers($strField)."=0 or ".WRAddFieldWrappers($strField)." is null)"; } } $value1=WRmake_db_value($sfield,$SearchFor,$strTable); $value2=false; if($strSearchOption=="Between") $value2=WRmake_db_value($sfield,$SearchFor2,$strTable); if($strSearchOption!="Contains" && $strSearchOption!="Starts with ..." && ($value1==="null" || $value2==="null" )) return ""; if(IsCharType($type) && !$btexttype) { $value1=db_upper($value1); $value2=db_upper($value2); $strField=db_upper(WRAddFieldWrappers($strField)); } elseif ($ismssql && !$btexttype && ($strSearchOption=="Contains" || $strSearchOption=="Starts with ...")) $strField="convert(varchar,".WRAddFieldWrappers($strField).")"; elseif(GetDatabaseType()==4 && !$btexttype && ($strSearchOption=="Contains" || $strSearchOption=="Starts with ...")) $strField = "CAST(".WRAddFieldWrappers($strField)." AS TEXT)"; else $strField=WRAddFieldWrappers($strField); $ret=""; if($strSearchOption=="Contains") { if(IsCharType($type) && !$btexttype) return $strField." ".$like." ".db_upper(db_prepare_string("%".$SearchFor."%")); else return $strField." ".$like." ".db_prepare_string("%".$SearchFor."%"); } else if($strSearchOption=="Equals") { return $strField."=".$value1; } else if($strSearchOption=="Starts with ...") { if(IsCharType($type) && !$btexttype) return $strField." ".$like." ".db_upper(db_prepare_string($SearchFor."%")); else return $strField." ".$like." ".db_prepare_string($SearchFor."%"); } else if($strSearchOption=="More than ...") return $strField.">".$value1; else if($strSearchOption=="Less than ...") return $strField."<".$value1; else if($strSearchOption=="Equal or more than ...") return $strField.">=".$value1; else if($strSearchOption=="Equal or less than ...") return $strField."<=".$value1; else if($strSearchOption=="Between") { $ret=$strField.">=".$value1; $ret.=" and ".$strField."<=".$value2; return $ret; } return ""; }
function isEnableUpper($val) { global $strTableName, $tables_data; if ($tables_data[$strTableName][".NCSearch"]) { return db_upper($val); } else { return $val; } }
/** * Login method * */ function LogIn($pUsername,$pPassword){ // username and password are stored in the database global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField; $logged = false; $strUsername = (string)$pUsername; $strPassword = (string)$pPassword; $cipherer = new RunnerCipherer("webreport_users"); $sUsername = $strUsername; $sPassword = $strPassword; if($cipherer->isFieldEncrypted($cUserNameField)) $strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true); else { if(NeedQuotes($cUserNameFieldType)) $strUsername = db_prepare_string($strUsername); else $strUsername = (0+$strUsername); } if($cipherer->isFieldEncrypted($cPasswordField)) $strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true); else { if(NeedQuotes($cPasswordFieldType)) $strPassword = db_prepare_string($strPassword); else $strPassword = (0+$strPassword); } $fieldList = ""; $lSet = new ProjectSettings("webreport_users", PAGE_LIST); if($lSet->GetTableData(".sqlquery")) $fieldList = $lSet->GetTableData(".sqlquery")->toSql(); if($fieldList) { if(!$this->pSet->isCaseInsensitiveUsername()) { $where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)). "=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword; } else { $where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)). "=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false). "=".$strPassword; } $tempSQLQuery = $lSet->GetTableData(".sqlquery"); $tempSQLQuery->addWhere($where); $strSQL = $tempSQLQuery->toSql(); } else { $strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword; } $rs = db_query($strSQL,$conn); $data = $cipherer->DecryptFetchedArray($rs); if($data){ if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){ $logged=true; $pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername; } } if($logged && $this->isCaptchaOk) { DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword); SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword); return true; } else { if($this->auditObj) { $this->auditObj->LogLoginFailed($pUsername); $this->auditObj->LoginUnsuccessful($pUsername); } return false; } }