Пример #1
0
function do_cryptdb_sql($cdbh, $q)
{
    global $last_sth, $last_sql, $reccount, $out_message, $SQLq, $SHOW_T;
    $SQLq = $q;
    if (!do_multi_sql($q)) {
        $out_message = "Error: " . $cdbh->error;
    } else {
        if ($last_sth && $last_sql) {
            $SQLq = $last_sql;
            if (preg_match("/^select|show|explain|desc/i", $last_sql)) {
                if ($q != $last_sql) {
                    $out_message = "Results of the last select displayed:";
                }
                display_select($last_sth, $last_sql);
            } else {
                $reccount = mysql_affected_rows($cryptdbh);
                $out_message = "Done.";
                if (preg_match("/^insert|replace/i", $last_sql)) {
                    $out_message .= " Last inserted id=" . get_identity();
                }
                if (preg_match("/^drop|truncate/i", $last_sql)) {
                    do_sql($SHOW_T);
                }
            }
        }
    }
}
Пример #2
0
function weekly_planned_totals($athlete_id, $end_epoch)
{
    // Returns html output of weekly totals of training which is planned
    // but not yet done.
    // assuming date has been sent in epoch seconds format
    // need to calculate 7 days back so calc a week in seconds:
    // $end_epoch is probably Monday, we want Sunday so subtract 30mins to make sure
    $end_epoch = $end_epoch - 30 * 60;
    // and a week of seconds will take us back from 23:30 Sunday to 23:30 Sunday
    // previously so take off  an extra few hours hour
    $weeksecs = 60 * 60 * 24 * 7 - 360 * 60;
    $weekagoepoch = $end_epoch - $weeksecs;
    $weekstart = date("Y/n/j", $weekagoepoch);
    $weekend = date("Y/n/j", $end_epoch);
    $totals = array();
    $results = do_sql("SELECT sum(elapsed_time) FROM log \n    WHERE athlete_id={$athlete_id} AND exercise_type!='REST' \n    AND parent_session = 0 \n    AND start_date BETWEEN '{$weekstart}' AND '{$weekend}' \n    AND entry_type IN \n      ('plan', 'planned - not done', 'event - tentative', 'event - to enter', 'event - entered', 'event - enter by' ) \n    ");
    $row = pg_fetch_array($results, null, PGSQL_ASSOC);
    #$week_total = $row['sum'];
    $totals['Total To Do'] = $row['sum'];
    $results = do_sql("SELECT exercise_type, sum(elapsed_time) FROM log \n    WHERE athlete_id={$athlete_id} AND exercise_type!='REST' \n    AND parent_session = 0  \n    AND entry_type IN \n      ('plan', 'planned - not done', 'event - tentative', 'event - to enter', 'event - entered', 'event - enter by' ) \n    AND start_date BETWEEN '{$weekstart}' AND '{$weekend}' \n    GROUP BY exercise_type ");
    while ($row = pg_fetch_array($results, null, PGSQL_ASSOC)) {
        # $row now holds 1 exercise type
        $ex_type = $row['exercise_type'];
        $total_time = $row['sum'];
        #$totals = "$totals <nobr> &nbsp; &nbsp; <b>$ex_type:</b> $total_time</nobr>";
        $totals[$ex_type] = $total_time;
    }
    #$totals = "<b>Total To Do:</b>\n  $week_total <br>\n $totals \n";
    return $totals;
}
Пример #3
0
function get_column_names()
{
    # Get all log Column names
    $query = "SELECT * from log\n          WHERE session_id = 1 ";
    $result = do_sql($query);
    $details = pg_fetch_array($result, null, PGSQL_ASSOC);
    $columns = array_keys($details);
    return $columns;
}
Пример #4
0
function build_to_delete($id)
{
    $to_delete = array();
    $query = "SELECT session_id FROM log WHERE parent_session = {$id} ";
    $result = do_sql($query) or die('Query failed: ' . pg_last_error());
    #if ( pg_num_rows($result) == 0 ) { return $to_delete ; } ;
    while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) {
        array_push($to_delete, $row['session_id']);
        // call self to cascade until all splits of splits are found
        $returned_array = build_to_delete($row['session_id']);
        foreach ($returned_array as $id) {
            array_push($to_delete, $id);
        }
    }
    return $to_delete;
}
Пример #5
0
function log_logout($athlete_id)
{
    // writes logouts to a log file which can be viewed by users
    $logfile = "/var/log/tlog/logins.log";
    $results = do_sql("SELECT name,surname,country FROM athlete WHERE athlete_id={$athlete_id}");
    while ($row = pg_fetch_array($results)) {
        $name = $row['name'];
        if ($row['surname'] . "X" != "X") {
            $surname = $row['surname'];
        }
        if ($row['country'] . "X" != "X") {
            $country = " from " . $row['country'];
        }
    }
    $loghandle = fopen($logfile, "a") or die("cannot open {$logfile}");
    $date = date("Y/m/d H:i");
    $line = "LOGGED OUT {$date} - {$name} {$surname} ({$athlete_id}) {$country}\n";
    fwrite($loghandle, $line);
    fclose($loghandle);
}
Пример #6
0
<?php

session_start();
$_SESSION['athlete_id'];
$_SESSION['encpass'];
$_SESSION['login'];
$login = $_POST["login"];
$password = $_POST["password"];
include_once "logit.php";
include_once "sql_functions.php";
logit("Login {$login} start");
$query = "SELECT athlete_id, encpass FROM athlete WHERE login = '{$login}'";
#$result = pg_query($query) or die('Query failed: ' . pg_last_error());
$result = do_sql($query);
$row = pg_fetch_array($result, null, PGSQL_ASSOC);
$athlete_id = $row['athlete_id'];
$encpass = $row['encpass'];
# Check whether any rows were retrieved, ie. whether the login exists
$num_rows = pg_num_rows($result);
if ($num_rows == 0) {
    header("Location:index.php?message=Login Incorrect");
    logit("Login {$login} incorrect");
    exit("Incorrect Login");
} elseif ($num_rows > 1) {
    logit("Login {$login} : multiple occurences of login found ");
    header("Location:index.php?message=Login problem - multiple occurrences detected.");
    exit("Login problem - multiple occurrences detected.'");
}
# create sha1 encrypted version of entered password
$received_encpass = sha1($password);
# Compare this with the encrypted password in the db.
Пример #7
0
        if ($_POST['bid'] != "" && $_SESSION['id'] != '') {
            // deleting a blog
            $send = '';
            $res = check_vote_on_post($_POST['bid'], $mysqli);
            $where['votes_blog_id'] = $_POST['bid'];
            $where['votes_people_id'] = $_SESSION['id'];
            if ($res) {
                do_sql('votes', $send, 'delete', $mysqli, $where);
            } else {
                do_sql('votes', $where, 'insert', $mysqli, $where['votes_blog_id'] . ' AND ' . $where['votes_people_id']);
            }
        }
        break;
    case 'send_response':
        if ($_POST['bid'] != "" && $_SESSION['id'] != '' && $_POST['sendResponse'] != "") {
            // deleting a blog
            $send['response_blog_id'] = $_POST['bid'];
            $send['response_people_id'] = $_SESSION['id'];
            $send['response_text'] = htmlentities($_POST['sendResponse']);
            do_sql('response', $send, 'insert', $mysqli, $send);
        }
        break;
    case 'approvePeople':
        if ($_POST['pid'] != "") {
            $where['people_id'] = $_POST['pid'];
            $send['people_addedBy'] = '0';
            echo do_sql('people', $send, 'update', $mysqli, $where);
        }
        break;
}
echo 1;
Пример #8
0
                     */
                    if ($_POST['cryptdb_describe_table']) {
                        $q = "describe " . $DB['db'] . "." . $_POST['cryptdb_describe_table'];
                        do_sql($q);
                    }
                } else {
                    if (isset($_REQUEST['refresh'])) {
                        check_xss();
                        do_sql('show databases');
                    } elseif (preg_match('/^show\\s+(?:databases|status|variables|process)/i', $SQLq)) {
                        check_xss();
                        do_sql($SQLq);
                    } else {
                        $err_msg = "Select Database first";
                        if (!$SQLq) {
                            do_sql("show databases");
                        }
                    }
                }
            }
        }
        $time_all = ceil((microtime_float() - $time_start) * 10000) / 10000;
        print_screen();
    }
} else {
    $_SESSION['logoff'] = false;
    print_cfg();
}
function print_header()
{
    global $err_msg, $VERSION, $DB, $CRYPTDB, $dbh, $self, $is_sht, $xurl, $SHOW_T;
Пример #9
0
function get_session_owner($session_id)
{
    // Gets the id of the athlete who owns this session
    $query = "SELECT athlete_id FROM log WHERE session_id = {$session_id} ";
    $result = do_sql($query) or die('Query failed: ' . pg_last_error());
    $row = pg_fetch_array($result, null, PGSQL_ASSOC);
    return $row['athlete_id'];
    // END OF FUNCTION
}
Пример #10
0
function do_sht()
{
    global $SHOW_T;
    $cb = $_REQUEST['cb'];
    if (!is_array($cb)) {
        $cb = array();
    }
    $sql = '';
    switch ($_REQUEST['dosht']) {
        case 'exp':
            $_REQUEST['t'] = join(",", $cb);
            print_export();
            exit;
        case 'drop':
            $sq = 'DROP TABLE';
            break;
        case 'trunc':
            $sq = 'TRUNCATE TABLE';
            break;
        case 'opt':
            $sq = 'OPTIMIZE TABLE';
            break;
    }
    if ($sq) {
        foreach ($cb as $v) {
            $sql .= $sq . " {$v};\n";
        }
    }
    if ($sql) {
        do_sql($sql);
    }
    do_sql($SHOW_T);
}
Пример #11
0
function update_log_row($athlete_id, $details, $post_data)
{
    $columns = array();
    $columns = validate_form_data($details, $post_data);
    $session_id = $columns['session_id'];
    // Find out who owns this session and check that this user
    // has permission to edit the owner's log
    $session_owner = get_session_owner($session_id);
    if ($athlete_id == $session_owner) {
    } elseif ($athlete_id != $session_owner && check_share_permission($session_owner, "edit log {$athlete_id}")) {
        $athlete_id = $session_owner;
    } else {
        echo "You do not have permission to edit this athlete's log<br>";
        return false;
    }
    # Build insert query
    $query = "UPDATE log SET ";
    #foreach ($details as $column){
    foreach (array_keys($columns) as $column) {
        $entry = $columns[$column];
        $query = "{$query} {$column} = '{$entry}' ,";
    }
    # remove final comma from query
    $query = substr($query, 0, strlen($query) - 1);
    $query = "{$query} WHERE athlete_id = {$athlete_id} AND session_id = {$session_id} ";
    #echo "DEBUG Entry update query:<br>$query";
    # Update session using build UPDATE query
    $result = do_sql($query) or die('Query failed: ' . pg_last_error());
    ## END OF FUNCTION
}
Пример #12
0
function jump($action)
{
    switch ($action) {
        case "go":
            do_sql($_REQUEST['SQLfield']);
            // don't need stripslashes here?
            break;
    }
    return;
}
Пример #13
0
function display_menubar()
{
    if (!isset($_SESSION['athlete_id'])) {
        echo <<<ENDHTML
\t<H2>Your session has expired</H2>
\t<FONT size=1>Please <a href=index.php >return to the <u>login page</u> and log in again.<a></FONT><br>
ENDHTML;
        exit;
    }
    $login = $_SESSION['login'];
    $athlete_id = $_SESSION['athlete_id'];
    require_once "access_check.php";
    $filename = basename(__FILE__);
    #access_check( $filename ) ;
    // Connect to DB
    include_once "sql_functions.php";
    #$dbconn = pg_connect("host=localhost dbname=training_diary user=athlete password=ironman")
    # or die('Could not connect: ' . pg_last_error());
    $query = "SELECT name from athlete WHERE athlete_id = {$athlete_id}";
    #$result = pg_query($query) or die('Query failed: ' . pg_last_error());
    $result = do_sql($query);
    $row = pg_fetch_array($result, null, PGSQL_ASSOC);
    $firstname = $row['name'];
    $query = "SELECT function FROM user_access WHERE athlete_id = '{$athlete_id}'";
    $result = do_sql($query) or die('Query failed: ' . pg_last_error());
    $allowed = pg_fetch_all_columns($result, 0);
    echo <<<HTMLEND

<TABLE>
<TR><TD align=right class=fitnessmad  >
<b><font size=3 color=#885555 >
<i> FitnessMad.Net </i>
</FONT><br/>
<font color=#AA5555 >
Training Log
</FONT>
</b>
</TD><TD class=mainmenu align=right valign=bottom >
&nbsp;&nbsp;&nbsp; 
You are logged in {$firstname}<br>
</TD>
</TR>
</TABLE>

<HR>
HTMLEND;
    echo <<<ENDHTML

  <TABLE><TR><TD>
  <UL class="nav">

ENDHTML;
    // Assume we want to jump to today's date, won't do anything if
    // this is not in the date range selected.
    $jumpto = "anchorD" . date("Ymd");
    // View My Log
    if (in_array("view_log.php", $allowed)) {
        echo <<<HTMLEND

  <LI class=menuheader ><a href="view_log.php#{$jumpto}"> View My Log</a> 
  </LI>

HTMLEND;
    }
    // Add Log Entry
    $date = date("d/m/Y");
    if (in_array("add_log_entry.php", $allowed)) {
        echo <<<HTMLEND

  <LI class=menuheader >
    <!-- <a href="javascript:launchRemote('add_log_entry.php#{$jumpto}')" >  -->
    <a href="javascript:launchRemote('add_log_entry.php?start_date={$date}')" >
    Add Log entry</a>
  </LI>

HTMLEND;
    }
    // Start dropdown menu for Configuration options
    echo <<<CONFIGMENU

    <li class=menuheader ><a >Configuration</a>
    <ul>

CONFIGMENU;
    if (in_array("configure_view.php", $allowed)) {
        echo <<<CONFIGMENU

\t<li><a href="configure_view.php">
\t\tConfigure View</a></li>

CONFIGMENU;
    }
    if (in_array("configure_log_entry.php", $allowed)) {
        echo <<<CONFIGMENU

\t<li><a href="configure_log_entry.php">
\t\tConfigure Log Entry Fields</a></li>

CONFIGMENU;
    }
    if (in_array("configure_exercise_types.php", $allowed)) {
        echo <<<CONFIGMENU

    \t<li><a href="configure_exercise_types.php">
\t\tConfigure Exercise Types</a></li>
    \t</ul>
    \t</li>

CONFIGMENU;
    }
    //User admin Menu
    echo <<<USERMENU

   <li class=menuheader ><a>User</a>
   <ul>

USERMENU;
    if (in_array("change_password.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a  href="change_password.php" >Change Password</a>
\t</LI>

HTMLEND;
    }
    if (in_array("newuser.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a  href="newuser.php" > Add New User</a> 
\t</LI>

HTMLEND;
    }
    if (in_array("configure_share_permissions.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a  href="configure_share_permissions.php" >
  \tConfigure Shared Access</a>
\t</LI>

HTMLEND;
    }
    if (in_array("configure_security_access.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a  href="configure_security_access.php" >
  Configure User Access</a>
\t</LI>

HTMLEND;
    }
    if (in_array("access_other_user.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a   href="access_other_user.php">
  View Other Athlete's Log</a>
\t</LI>

HTMLEND;
    }
    if (in_array("see_who_is_online.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a   href="see_who_is_online.php">
  Currently Connected Users</a>
\t</LI>

HTMLEND;
    }
    if (in_array("view_login_log.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a   href="view_login_log.php">
  View log of recent logins</a>
\t</LI>

HTMLEND;
    }
    if (in_array("logout.php", $allowed)) {
        echo <<<HTMLEND

\t<LI><a   href="logout.php" >
  Logout</a>
\t</LI>

HTMLEND;
    }
    echo <<<ENDUSER

  </UL>
  </LI>

ENDUSER;
    if (in_array("logout.php", $allowed)) {
        echo <<<HTMLEND

\t<LI class=menuheader ><a href="logout.php">
  \tLogout</a>
\t</LI>

HTMLEND;
    }
    echo <<<HTMLEND

\t<LI class=menuheader ><a href="loggedin.php" >
\tHelp</a>
\t</LI>

HTMLEND;
    echo <<<HTMLEND

  </LI>
 </UL>
</TD></TR></TABLE>


HTMLEND;
    //END of function display_menubar
}
Пример #14
0
ENDHTML;
// Cannot directly read "/var/lib/php5" because the dir is not traversable by
// www-data.
// There is a perl script in /usr/local/bin run by the /etc/cron.d/www which
// writes a list of athlete ids which it finds in the session files every minute
// to /var/log/tlog/loggedin
$file = "/var/log/tlog/current_logins";
$handle = fopen($file, "r");
while ($line = fgets($handle)) {
    $ldata = explode(",", $line);
    // Athlete_id is the second field in the line:
    $athids[] = $ldata[1];
}
fclose($handle);
foreach ($athids as $id) {
    $results = do_sql("SELECT name,surname,country FROM athlete WHERE athlete_id={$id}");
    while ($row = pg_fetch_array($results)) {
        $name = $row['name'];
        if ($row['surname'] . "X" != "X") {
            $surname = $row['surname'];
        }
        if ($row['country'] . "X" != "X") {
            $country = " from " . $row['country'];
        }
        echo "<b>{$name} {$surname}</b>{$country} is logged in.<br>\n";
    }
}
echo <<<ENDHTML
</BODY>
</HTML>
ENDHTML
Пример #15
0
                $send['app_people_id'] = $_SESSION['id'];
                do_sql('approval', $send, 'insert', $mysqli);
                // add_score
                $sql = "UPDATE position SET position_approvalScore=position_approvalScore+" . $_SESSION['score'] . " WHERE position_id='" . $pos_id . "';";
                if ($mysqli->query($sql) === false) {
                    trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $mysqli->error, E_USER_ERROR);
                } else {
                    $affected_rows = $mysqli->affected_rows;
                }
                echo '<p>score added';
            }
            // update top role
            // fetching user id
            $getUID = $mysqli->prepare('SELECT position_people_id FROM position WHERE position_id=? ') or die('Couldn\'t check the userid');
            $getUID->bind_param('s', $pos_id);
            $getUID->execute();
            $getUID->store_result();
            $getUID->bind_result($user_id);
            while ($getUID->fetch()) {
                $top_role = get_top_role($user_id, $mysqli);
            }
            echo '<p>got top_role : ' . $top_role . " and user id : " . $user_id;
            // now updating table with top_role
            $upd['people_id'] = $user_id;
            $upd['people_topCode'] = $top_role;
            do_sql('people', $upd, 'update', $mysqli);
            echo '<p>update added';
        }
        break;
}
echo 1;
Пример #16
0
<?php

session_start();
include 'db.php';
include 'modules.php';
$id = $mysqli->real_escape_string($_GET['id']);
$getResponse = $mysqli->prepare('SELECT ppl.people_id,res.response_text, ppl.people_name, res.response_lastUpdated FROM response res
INNER JOIN people ppl ON res.response_people_id = ppl.people_id WHERE res.response_blog_id=?') or die('Couldn\'t check the responses');
$getResponse->bind_param('s', $id);
$getResponse->execute();
$getResponse->store_result();
$getResponse->bind_result($pid, $text, $pname, $time);
while ($getResponse->fetch()) {
    $res .= '
			
				<h4><a href="profile.php?id=' . $pid . '" title="Visit Profile">' . $pname . '</a></h4> <small> ' . $time . ' </small>
				<div class="well">
					' . $text . '
				</div>
			
		
 ';
}
// updating seen-state
$send = '';
$where = '';
$send['response_seen'] = 1;
$where['response_blog_id'] = $id;
do_sql('response', $send, 'update', $mysqli, $where);
echo $res;
Пример #17
0
function get_subsession($level, $parent_id, $details_to_view, $split, $extra)
{
    # get the subsession info for this parent_id
    $athlete_id = $GLOBALS['athlete_id'];
    $level++;
    $numcols = count($details_to_view);
    # put children rows into sub_rows array
    $sub_rows = do_sql("SELECT * from log WHERE athlete_id = '{$athlete_id}' and parent_session='{$parent_id}' ORDER BY start_date, start_time, stage ");
    #this session is a subsession so hide it
    $num = $numcols + 2;
    echo "<TR><TD class=firstcolumn > </TD>\n\t<TD class=subtable colspan={$num} align=right >\n\t<DIV ID='el{$parent_id}' CLASS='hiddentext' >\n";
    # Print Column headers and open sub-table
    $details_to_view = get_details_to_view($athlete_id);
    display_column_headers($details_to_view);
    # then print each subsession and check whether it has subsessions
    while ($sub_row = pg_fetch_array($sub_rows, null, PGSQL_ASSOC)) {
        # sub_row now holds 1 subsession
        # check whether this row has any subsessions
        $session_id = $sub_row['session_id'];
        $subtest = do_sql("SELECT * from log WHERE athlete_id = '{$athlete_id}' and parent_session='{$session_id}' ");
        $numsubs = pg_num_rows($subtest);
        #echo "NUMsubs: $numsubs <br> \n";
        // Start the row
        echo "\n<TR><TD class=firstcolumn></TD>\n";
        if ($numsubs > 0) {
            if ($split == $session_id) {
                print_row(1, $level, $sub_row, $details_to_view, $athlete_id, $split);
                #display_row_editor($session_id, $athlete_id, $extra );
            } else {
                print_row(1, $level, $sub_row, $details_to_view, $athlete_id, 0);
                #display_row_editor($session_id, $athlete_id, $extra );
            }
            # call self to get subs of this sub
            get_subsession($level, $sub_row['session_id'], $details_to_view, $split, $extra);
        } else {
            if ($split == $session_id) {
                print_row(0, $level, $sub_row, $details_to_view, $athlete_id, $split);
                #display_row_editor($session_id, $athlete_id, $extra );
            } else {
                print_row(0, $level, $sub_row, $details_to_view, $athlete_id, 0);
                #display_row_editor($session_id, $athlete_id, $extra );
            }
        }
    }
    echo "\n</TABLE>\n\t<font size=2  > <br> </font>\n\t</DIV>\n\n";
}
Пример #18
0
function session_edit_form($session_id, $athlete_id, $error_message)
{
    # Put columns we never want to show in this array:
    $do_not_show = array("athlete_id", "session_id", "parent_session");
    $columns = get_column_names();
    # Get an array of fields user does want to display
    $display_details = array();
    $query = "SELECT detail from athlete_log_preferences\n        where athlete_id={$athlete_id} ";
    #       ORDER BY display_sequence";
    $result = do_sql($query) or die('Query failed: ' . pg_last_error());
    // pg_fetch_array returns the next whole row as an array at each iteration
    while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) {
        foreach ($row as $prev_detail) {
            array_push($display_details, $prev_detail);
        }
    }
    echo "{$error_message} \n";
    # Start Form and Table
    echo "<DIV id=mainlogentry > <a name=log_entry_form></a>";
    echo "<FORM action=update_log_entry.php method=post >\n";
    echo "<input type=hidden name='session_id' value={$session_id}>\n";
    echo "\n\n<TABLE class=mainlogentry ><TR><TD>\n\n";
    // Get Current row data
    $query = "SELECT * from log\n        where session_id={$session_id} ";
    $result = do_sql($query) or die('Query failed: ' . pg_last_error());
    // pg_fetch_array returns the next whole row as an array at each iteration
    // there really should only be 1 row returned here.
    // Check for date fields because we need to convert them
    $date_fields = array();
    $num = pg_num_fields($result);
    for ($fieldnum = 0; $fieldnum < $num; $fieldnum++) {
        if (pg_field_type($result, $fieldnum) == 'date') {
            // put names of all date fields into $date_fields
            $fieldname = pg_field_name($result, $fieldnum);
            array_push($date_fields, $fieldname);
        }
    }
    // Now stick the info for the row the user wants to edit into an array
    $session_details = pg_fetch_array($result, null, PGSQL_ASSOC);
    // Check for date fields and convert them
    // Get the fields names
    foreach (array_keys($session_details) as $field_name) {
        // and see if they are in the date_fields array
        if (in_array($field_name, $date_fields)) {
            // If they are then convert the date from pg format to d/m/y
            $session_details[$field_name] = convert_date_from_pg($session_details[$field_name]);
        }
    }
    // Dates are converted //
    // Display Entry fields
    // Save text/notes fields (ie data_type text or var > 50 ) in a variable to
    // display last
    $notes_fields = "";
    echo "<TR>\n";
    $maxnumcols = 6;
    $colcount = $maxnumcols;
    foreach ($display_details as $colname) {
        if (!in_array($colname, $do_not_show) && in_array($colname, $display_details)) {
            if ($colcount-- == 0) {
                echo "\n</TR>\n";
                $colcount = $maxnumcols - 1;
            }
            $colinfo = get_column_info($colname);
            $input_type = "text";
            $value = $session_details[$colname];
            if (preg_match("/^var/", $colinfo['data_type'])) {
                // Get the var length
                $typearray = explode(" ", $colinfo['data_type']);
                $varlen = $typearray[1];
            }
            if (preg_match("/^select/", $colinfo['data_type'])) {
                // We have a select list type.  There should be a corresponding table
                // which lists the select info
                echo " <td align=center ><font size=1 > \n";
                echo $colinfo['log_col_long_name'] . " <BR>\n";
                generate_select_form($colname, $colinfo['data_type'], $value);
            } elseif (preg_match("/^pref/", $colinfo['data_type'])) {
                // We have a prefer select list type.  There should be a corresponding table
                // which lists the prefered select info
                echo " <td align=center ><font size=1 > \n";
                echo $colinfo['log_col_long_name'] . " <BR>\n";
                generate_prefer_select_form($colname, $colinfo['data_type'], $value, $athlete_id);
            } elseif ($colinfo['data_type'] == "text" || $varlen >= 30) {
                // Set maximum field size to 80
                if ($varlen <= 80) {
                    $size = $varlen;
                } else {
                    $size = 80;
                }
                $notes_fields = "{$notes_fields} <TR><TD> " . $colinfo['log_col_long_name'] . "</TD> <TD colspan=20 ><INPUT type=text name ={$colname} value='{$value}' size={$size} > </TD></TR>\n";
            } else {
                echo " <td align=center ><font size=1 > \n";
                echo $colinfo['log_col_long_name'] . " <BR>\n";
                echo "<INPUT type={$input_type} name={$colname} value='{$value}' size=10>\n";
            }
            echo "</font> </td>\n";
        }
    }
    echo "</TR>\n";
    echo "{$notes_fields}\n";
    echo "</TABLE>";
    echo "<input type=submit value='Submit entries'>";
    echo "</FORM>";
    echo "</DIV>";
    ## END of FUNCTION
}
Пример #19
0
    do_sql($query, $conn);
}
/* izlabota ielādes kļūda XML - <RevusedReason> nebija vērtības pie parastā brāķa*/
//--------------------------------------------------------------------------------
//--------------------------------------------------------------------------------
if ((double) $versija < '1.30') {
    $query = "UPDATE parametrs SET vertiba='1.30' WHERE nosaukums='versija'";
    do_sql($query, $conn);
}
/* pievienotd dinamiskā redukcija - atkarībā no baļķa diametra pirms redukcijas, tiek pielietots atbilstošs koeficents, var uzrādīt katrai sugai savas vērtības*/
//--------------------------------------------------------------------------------
//--------------------------------------------------------------------------------
if ((double) $versija < '1.31') {
    $query = "UPDATE parametrs SET vertiba='1.31' WHERE nosaukums='versija'";
    do_sql($query, $conn);
}
/* pievienotd dinamiskā redukcija - atkarībā no baļķa diametra pirms redukcijas, tiek pielietots atbilstošs koeficents, var uzrādīt katrai sugai savas vērtības*/
//--------------------------------------------------------------------------------
//--------------------------------------------------------------------------------
if ((double) $versija < '1.32') {
    $query = "UPDATE parametrs SET vertiba='1.32' WHERE nosaukums='versija'";
    do_sql($query, $conn);
}
/* Batch parsers pielabots - lai dzēš nevajadzīgās pavadzīmes un XML dod 0-79 MALKA*/
//--------------------------------------------------------------------------------
$query = "select vertiba from parametrs where nosaukums='versija'";
$res = mysql_query($query);
if ($res = mysql_fetch_array($res)) {
    $versija = $res['vertiba'];
}
echo "<hr>Versija: {$versija} ";
Пример #20
0
<H3>Select User Training Log to View</H3>
ENDHTML;
// Get users who have granted this athlete access
$query = " SELECT athlete_id, name, surname, login from athlete\n\twhere athlete_id IN \n\t(select athlete_id from share_permissions \n\tWHERE permission LIKE 'view % {$athlete_id}'\n \tOR \n\tpermission LIKE 'view % local' OR\n\tpermission LIKE 'view % global'\n\t)";
$result = do_sql($query) or die('Query failed: ' . pg_last_error());
$users = array();
while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) {
    $name = $row['name'];
    $surname = $row['surname'];
    $login = $row['login'];
    $id = $row['athlete_id'];
    $users[$id] = "{$name} {$surname} (login: {$login} )";
}
// Get permissions which are granted to this user
$query = "SELECT athlete_id, permission from share_permissions \n\twhere permission LIKE 'view % {$athlete_id}' OR \n\tpermission LIKE 'view % local' OR\n\tpermission LIKE 'view % global' ";
$result = do_sql($query) or die('Query failed: ' . pg_last_error());
$perms = array();
while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) {
    preg_match_all("/\\S+/", $row['permission'], $matches);
    $parts = $matches[0];
    $action = $parts[0];
    $object = $parts[1];
    $shareid = $row['athlete_id'];
    $shareuser = $users[$shareid];
    #$perms[$shareid] = "$action $shareuser's $object" ;
    $perms[$shareid] = "View {$object} for {$shareuser} ";
}
foreach (array_keys($perms) as $shareid) {
    // Skip if share is for self
    if ($shareid == $athlete_id) {
        continue;
Пример #21
0
function role_update($mysqli)
{
    include 'db-config.php';
    // get the person for whom this position as meant to be
    $getPosName = $mysqli->prepare('SELECT position_lastUpdate,position_id,position_code,position_people_id FROM position WHERE 1') or die('Couldn\'t check the vote.');
    $getPosName->execute();
    $getPosName->store_result();
    $getPosName->bind_result($pos_last_updates, $pos_id, $pos_code, $pos_ppl);
    $base = 0;
    while ($getPosName->fetch()) {
        $pos_deletion_score = get_deletion_on_position($pos_id, $mysqli);
        $then = strtotime($pos_last_updates);
        $now = time();
        $diff = $now - $then;
        $year_diff = date('Y', $diff);
        $mon_diff = date('n', $diff);
        $day_diff = date('j', $diff);
        // checking if 7 days have expired since last update
        if ($year_diff > 1970 || $mon_diff > 1) {
            $day_diff = 8;
        }
        if ($day_diff > $expiry_days && is_role_active($pos_id, $mysqli) || $pos_deletion_score > $position_deletion_ceil) {
            // check if he is active or his deletion status is high
            $sql = "DELETE FROM position WHERE position_id='" . $pos_id . "'";
            // delete from positions
            if ($mysqli->query($sql) === false) {
                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $mysqli->error, E_USER_ERROR);
            } else {
                $affected_rows = $mysqli->affected_rows;
            }
            $sql = "DELETE FROM approval WHERE app_position_id='" . $pos_id . "'";
            // delete from approvals
            if ($mysqli->query($sql) === false) {
                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $mysqli->error, E_USER_ERROR);
            } else {
                $affected_rows = $mysqli->affected_rows;
            }
        }
    }
    // Updating the topCode
    $getPplName = $mysqli->prepare('SELECT people_id FROM people WHERE people_archive=0') or die('Couldn\'t check the ppl.');
    $getPplName->execute();
    $getPplName->store_result();
    $getPplName->bind_result($ppl_id);
    while ($getPplName->fetch()) {
        $where['people_id'] = $ppl_id;
        $upd['people_topCode'] = get_top_role($ppl_id, $mysqli);
        do_sql('people', $upd, 'update', $mysqli, $where);
    }
}
Пример #22
0
function do_sht()
{
    $cb = $_REQUEST['cb'];
    switch ($_REQUEST['dosht']) {
        case 'exp':
            $_REQUEST['t'] = join(",", $cb);
            print_export();
            exit;
        case 'drop':
            $sq = 'DROP TABLE';
            break;
        case 'trunc':
            $sq = 'TRUNCATE TABLE';
            break;
        case 'opt':
            $sq = 'OPTIMIZE TABLE';
            break;
    }
    if ($sq && is_array($cb)) {
        foreach ($cb as $v) {
            $sql .= $sq . " {$v};\n";
        }
        do_sql($sql);
    }
    do_sql('show tables');
}
Пример #23
0
/**
 * The following functions were hijacked from PHPMiniAdmin,
 * found here: http://phpminiadmin.sourceforge.net
 */
function do_multi_sql($insql, $fname)
{
    $sql = '';
    $ochar = '';
    $is_cmt = '';
    $GLOBALS['insql_done'] = 0;
    while ($str = get_next_chunk($insql, $fname)) {
        $opos = -strlen($ochar);
        $cur_pos = 0;
        $i = strlen($str);
        while ($i--) {
            if ($ochar) {
                list($clchar, $clpos) = get_close_char($str, $opos + strlen($ochar), $ochar);
                if ($clchar) {
                    if ($ochar == '--' || $ochar == '#' || $is_cmt) {
                        $sql .= substr($str, $cur_pos, $opos - $cur_pos);
                    } else {
                        $sql .= substr($str, $cur_pos, $clpos + strlen($clchar) - $cur_pos);
                    }
                    $cur_pos = $clpos + strlen($clchar);
                    $ochar = '';
                    $opos = 0;
                } else {
                    $sql .= substr($str, $cur_pos);
                    break;
                }
            } else {
                list($ochar, $opos) = get_open_char($str, $cur_pos);
                if ($ochar == ';') {
                    $sql .= substr($str, $cur_pos, $opos - $cur_pos + 1);
                    if (!do_sql($sql)) {
                        return 0;
                    }
                    $sql = '';
                    $cur_pos = $opos + strlen($ochar);
                    $ochar = '';
                    $opos = 0;
                } else {
                    if (!$ochar) {
                        $sql .= substr($str, $cur_pos);
                        break;
                    } else {
                        $is_cmt = 0;
                        if ($ochar == '/*' && substr($str, $opos, 3) != '/*!') {
                            $is_cmt = 1;
                        }
                    }
                }
            }
        }
    }
    if ($sql) {
        if (!do_sql($sql)) {
            return 0;
        }
        $sql = '';
    }
    return 1;
}