/** * This is the main communications engine of xajax. The engine handles all * incoming xajax requests, calls the apporiate PHP functions (or * class/object methods) and passes the XML responses back to the * Javascript response handler. If your RequestURI is the same as your Web * page then this function should be called before any headers or HTML has * been sent. */ public function processRequests() { $requestMode = -1; $sFunctionName = ""; $bFoundFunction = true; $bFunctionIsCatchAll = false; $sFunctionNameForSpecial = ""; $aArgs = array(); $sPreResponse = ""; $bEndRequest = false; $sResponse = ""; $requestMode = $this->getRequestMode(); if ($requestMode == -1) { return; } if ($requestMode == XAJAX_POST) { $sFunctionName = $_POST["xajax"]; if (!empty($_POST["xajaxargs"])) { $aArgs = $_POST["xajaxargs"]; } } else { header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); $sFunctionName = $_GET["xajax"]; if (!empty($_GET["xajaxargs"])) { $aArgs = $_GET["xajaxargs"]; } } // Use xajax error handler if necessary if ($this->bErrorHandler) { $GLOBALS['xajaxErrorHandlerText'] = ""; set_error_handler("xajaxErrorHandler"); } if ($this->sPreFunction) { if (!$this->_isFunctionCallable($this->sPreFunction)) { $bFoundFunction = false; $objResponse = new XajaxResponse(); $objResponse->addAlert("Unknown Pre-Function " . $this->sPreFunction); $sResponse = $objResponse->getXML(); } } //include any external dependencies associated with this function name if (array_key_exists($sFunctionName, $this->aFunctionIncludeFiles)) { ob_start(); include_once $this->aFunctionIncludeFiles[$sFunctionName]; ob_end_clean(); } if ($bFoundFunction) { $sFunctionNameForSpecial = $sFunctionName; if (!array_key_exists($sFunctionName, $this->aFunctions)) { if ($this->sCatchAllFunction) { $sFunctionName = $this->sCatchAllFunction; $bFunctionIsCatchAll = true; } else { $bFoundFunction = false; $objResponse = new XajaxResponse(); $objResponse->addAlert("Unknown Function {$sFunctionName}."); $sResponse = $objResponse->getXML(); } } elseif ($this->aFunctionRequestTypes[$sFunctionName] != $requestMode) { $bFoundFunction = false; $objResponse = new XajaxResponse(); $objResponse->addAlert("Incorrect Request Type."); $sResponse = $objResponse->getXML(); } } if ($bFoundFunction) { for ($i = 0; $i < sizeof($aArgs); $i++) { // If magic quotes is on, then we need to strip the slashes from the args if (get_magic_quotes_gpc() == 1 && is_string($aArgs[$i])) { $aArgs[$i] = stripslashes($aArgs[$i]); } if (stristr($aArgs[$i], "<xjxobj>") != false) { $aArgs[$i] = $this->_xmlToArray("xjxobj", $aArgs[$i]); } elseif (stristr($aArgs[$i], "<xjxquery>") != false) { $aArgs[$i] = $this->_xmlToArray("xjxquery", $aArgs[$i]); } elseif ($this->bDecodeUTF8Input) { $aArgs[$i] = $this->_decodeUTF8Data($aArgs[$i]); } } if ($this->sPreFunction) { $mPreResponse = $this->_callFunction($this->sPreFunction, array($sFunctionNameForSpecial, $aArgs)); if (is_array($mPreResponse) && $mPreResponse[0] === false) { $bEndRequest = true; $sPreResponse = $mPreResponse[1]; } else { $sPreResponse = $mPreResponse; } if (is_a($sPreResponse, "xajaxResponse")) { $sPreResponse = $sPreResponse->getXML(); } if ($bEndRequest) { $sResponse = $sPreResponse; } } if (!$bEndRequest) { if (!$this->_isFunctionCallable($sFunctionName)) { $objResponse = new XajaxResponse(); $objResponse->addAlert("The Registered Function {$sFunctionName} Could Not Be Found."); $sResponse = $objResponse->getXML(); } else { if ($bFunctionIsCatchAll) { $aArgs = array($sFunctionNameForSpecial, $aArgs); } $sResponse = $this->_callFunction($sFunctionName, $aArgs); } if (is_a($sResponse, "xajaxResponse")) { $sResponse = $sResponse->getXML(); } if (!is_string($sResponse) || strpos($sResponse, "<xjx>") === false) { $objResponse = new XajaxResponse(); $objResponse->addAlert("No XML Response Was Returned By Function {$sFunctionName}."); $sResponse = $objResponse->getXML(); } elseif ($sPreResponse != "") { $sNewResponse = new XajaxResponse($this->sEncoding, $this->bOutputEntities); $sNewResponse->loadXML($sPreResponse); $sNewResponse->loadXML($sResponse); $sResponse = $sNewResponse->getXML(); } } } $sContentHeader = "Content-type: text/xml;"; if ($this->sEncoding && strlen(trim($this->sEncoding)) > 0) { $sContentHeader .= " charset=" . $this->sEncoding; } header($sContentHeader); if ($this->bErrorHandler && !empty($GLOBALS['xajaxErrorHandlerText'])) { $sErrorResponse = new XajaxResponse(); $sErrorResponse->addAlert("** PHP Error Messages: **" . $GLOBALS['xajaxErrorHandlerText']); if ($this->sLogFile) { $fH = @fopen($this->sLogFile, "a"); if (!$fH) { $sErrorResponse->addAlert("** Logging Error **\n\nxajax was unable to write to the error log file:\n" . $this->sLogFile); } else { fwrite($fH, "** xajax Error Log - " . strftime("%b %e %Y %I:%M:%S %p") . " **" . $GLOBALS['xajaxErrorHandlerText'] . "\n\n\n"); fclose($fH); } } $sErrorResponse->loadXML($sResponse); $sResponse = $sErrorResponse->getXML(); } if ($this->bCleanBuffer) { while (@ob_end_clean()) { } } print $sResponse; if ($this->bErrorHandler) { restore_error_handler(); } if ($this->bExitAllowed) { \Innomatic\Core\InnomaticContainer::instance('\\Innomatic\\Core\\InnomaticContainer')->halt(); } }
function search_users($needle, $type, $relation_type) { global $tbl_user, $tbl_user_rel_access_url, $tbl_group_rel_user, $group_id, $_configuration; $xajax_response = new XajaxResponse(); $return = $return_origin = $return_destination = ''; $without_user_id = $without_user_id = $condition_relation = ''; if (!empty($group_id) && !empty($relation_type)) { $group_id = intval($group_id); $relation_type = intval($relation_type); // get user_id from relation type and group id $sql = "SELECT user_id FROM {$tbl_group_rel_user}\n\t\t\t\tWHERE group_id = '{$group_id}'\n\t\t\t\tAND relation_type IN (" . GROUP_USER_PERMISSION_ADMIN . "," . GROUP_USER_PERMISSION_READER . "," . GROUP_USER_PERMISSION_PENDING_INVITATION . "," . GROUP_USER_PERMISSION_MODERATOR . ", " . GROUP_USER_PERMISSION_HRM . ") "; $res = Database::query($sql); $user_ids = array(); if (Database::num_rows($res) > 0) { while ($row = Database::fetch_row($res)) { $user_ids[] = $row[0]; } $without_user_id = " AND user.user_id NOT IN(" . implode(',', $user_ids) . ") "; } if ($relation_type == GROUP_USER_PERMISSION_PENDING_INVITATION) { $condition_relation = " AND groups.relation_type IN (" . GROUP_USER_PERMISSION_PENDING_INVITATION . "," . GROUP_USER_PERMISSION_READER . ") "; } else { $condition_relation = " AND groups.relation_type = '{$relation_type}' "; } // data for destination user list $sql = "SELECT user.user_id, user.username, user.lastname, user.firstname\n\t\t\t\tFROM {$tbl_group_rel_user} groups\n\t\t\t\tINNER JOIN {$tbl_user} user ON user.user_id = groups.user_id\n\t\t\t\tWHERE groups.group_id = '{$group_id}' {$condition_relation} "; $rs_destination = Database::query($sql); if (Database::num_rows($rs_destination) > 0) { $return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;">'; while ($row = Database::fetch_array($rs_destination)) { $person_name = api_get_person_name($row['firstname'], $row['lastname']); $return_destination .= '<option value="' . $row['user_id'] . '">' . $person_name . ' (' . $row['username'] . ')</option>'; } $return_destination .= '</select>'; } else { $return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>'; } $xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination)); } else { $return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>'; $xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination)); if ($type == 'single') { $return .= ''; $xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return)); } else { $return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>'; $xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin)); } } if (!empty($needle) && !empty($type)) { // xajax send utf8 datas... datas in db can be non-utf8 datas $charset = api_get_system_encoding(); $needle = Database::escape_string($needle); $needle = api_convert_encoding($needle, $charset, 'utf-8'); $user_anonymous = api_get_anonymous_id(); $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username'; if ($type == 'single') { if (!empty($group_id) && !empty($relation_type)) { // search users where username or firstname or lastname begins likes $needle $sql = "SELECT user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\tWHERE (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n\t\t\t\t\t\tAND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11"; if ($_configuration['multiple_access_urls']) { $access_url_id = api_get_current_access_url_id(); if ($access_url_id != -1) { $sql = "SELECT user.user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\t\t\tINNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n\t\t\t\t\t\t\t\tWHERE access_url_id = '{$access_url_id}' AND (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n\t\t\t\t\t\t\t\tAND user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11 "; } } $rs_single = Database::query($sql); $i = 0; while ($user = Database::fetch_array($rs_single)) { $i++; if ($i <= 10) { $person_name = api_get_person_name($user['firstname'], $user['lastname']); $return .= '<a href="javascript: void(0);" onclick="javascript: add_user(\'' . $user['user_id'] . '\',\'' . $person_name . ' (' . $user['username'] . ')' . '\')">' . $person_name . ' (' . $user['username'] . ')</a><br />'; } else { $return .= '...<br />'; } } $xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return)); } else { $xajax_response->addAlert(get_lang('YouMustChooseARelationType')); $xajax_response->addClear('user_to_add', 'value'); } } else { // multiple if (!empty($group_id) && !empty($relation_type)) { $sql = "SELECT user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t WHERE " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%' AND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} "; if ($_configuration['multiple_access_urls']) { $access_url_id = api_get_current_access_url_id(); if ($access_url_id != -1) { $sql = "SELECT user.user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\t\t\tINNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n\t\t\t\t\t\t\t\tWHERE access_url_id = '{$access_url_id}'\n\t\t\t\t\t\t\t\tAND " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%'\n\t\t\t\t\t\t\t\tAND user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} "; } } $rs_multiple = Database::query($sql); $return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">'; while ($user = Database::fetch_array($rs_multiple)) { $person_name = api_get_person_name($user['firstname'], $user['lastname']); $return_origin .= '<option value="' . $user['user_id'] . '">' . $person_name . ' (' . $user['username'] . ')</option>'; } $return_origin .= '</select>'; $xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin)); } } } return $xajax_response; }