Пример #1
0
function app_auth($USER, $PASSWD)
{
    //echo "user='******' pass='******'<br>\n";
    $user = db_esc_sql($USER);
    $pass = db_esc_sql($PASSWD);
    $query = "select * from users u join profiles p using(profile_name) where user_name = {$user} and (user_password = password({$pass}) or ({$user} = 'root') and password({$pass}) in (select Password from mysql.user where User='******'))";
    //echo "$query<br>\n";
    $data = _db_do_query("", $query);
    //print_r($data); echo "<br>\n";
    return @$data[0];
}
Пример #2
0
function _mysql_make_update_tp(&$stack, $qstruct, &$cb_list)
{
    global $ERROR;
    $mode = $qstruct["MODE"];
    if ($mode == "DELETE") {
        // this need not depend on $qstruct["DATA"]
        return _mysql_make_delete_tp($stack, $qstruct, $cb_list);
    }
    $res = "";
    $table = $qstruct["TABLE"];
    $realtable = _db_realname($table);
    $realtable_tp = _db_2temporal($realtable);
    $autoinc = _db_autoinc($table);
    $version = _db_version($table);
    $deleted = _db_extfield($table, "deleted");
    $fields = implode(", ", _db_realname($table, $qstruct["ALL_FIELDS"]));
    $count = 0;
    foreach ($qstruct["DATA"] as $row) {
        $idcond = _mysql_make_idcond_base($qstruct, $row);
        if ($count++) {
            $res .= "; ";
        }
        //$res .= "replace into $realtable_tp($fields) ";
        $res .= "insert into {$realtable_tp}({$fields}) ";
        $where = _mysql_make_idwhere($qstruct, $row);
        if ($ERROR) {
            return null;
        }
        $newdata = "";
        $rowcount = 0;
        $oldcount = 0;
        foreach ($qstruct["ALL_FIELDS"] as $field) {
            $realfield = _db_realname($table, $field);
            if ($rowcount++) {
                $newdata .= ", ";
            }
            if ($field == $deleted) {
                $row[$field] = false;
            }
            if ($mode == "INSERT" && $field == $autoinc || $field == $version) {
                // give AUTO_INCREMENT / versioning a chance
                $newdata .= "null";
            } elseif (array_key_exists($field, $row) && in_array($field, $qstruct["UPDATE_FIELDS"])) {
                // take new value
                $value = @$row[$field];
                if ($field == $autoinc && $mode == "INSERT") {
                    $value = null;
                }
                if (!@$qstruct["RAW_MODE"] && !_mysql_check_allref($stack, $table, $field, $value, $mode, $idcond)) {
                    return null;
                }
                $newdata .= db_esc_sql($value);
            } elseif ($mode == "REPLACE") {
                // caution: we cannot be sure that the data already exists, handle that case
                $newdata .= "case when exists(select {$realfield} from {$realtable} where {$where}) then (select max({$realfield}) from {$realtable} where {$where}) else null end";
            } else {
                // fallback to old value from the db
                $oldcount++;
                $newdata .= $realfield;
            }
        }
        if ($mode == "REPLACE") {
            $res .= "select {$newdata}";
        } elseif (($oldcount || $mode == "UPDATE") && $mode != "INSERT") {
            $res .= "select {$newdata} from {$realtable} where {$where}";
        } else {
            $res .= "values ({$newdata})";
        }
        $cb_list[] = $qstruct["CB"];
    }
    return $res;
}