/** Format and execute the Delete query */ public function PerformAction(&$form) { $dbg_elem = new DbgElem(); $dbhandle = $form->a2billing->DBHandle(); if ($form->FG_DEBUG > 0) { array_unshift($form->pre_elems, $dbg_elem); } $del_clauses = array(); try { foreach ($form->model as $fld) { $qc = $fld->delQueryClause($dbhandle, $form); if ($qc) { if (is_string($qc)) { $del_clauses[] = $qc; } elseif (is_array($qc)) { $del_clauses = array_merge($del_clauses, $qc); } else { throw new Exception("Why clause " . gettype($qc) . " ?"); } } } } catch (Exception $ex) { $form->setAction('ask-del'); $form->pre_elems[] = new ErrorElem($ex->getMessage()); $dbg_elem->content .= $ex->getMessage() . ' (' . $ex->getCode() . ")\n"; // throw new Exception( $err_str); } $query = "DELETE FROM " . $form->model_table; // Protect against a nasty update! if (count($del_clauses) < 1) { $form->pre_elems[] = new ErrorElem("Cannot delete, internal error"); $dbg_elem->content .= "Delete: no query clauses!\n"; } $query .= ' WHERE ' . implode(' AND ', $del_clauses) . ';'; $dbg_elem->content .= $query . "\n"; /* Note: up till now, no data has been quoted/sanitized. Thus, we feed it direcltly to the second part of the query. Pgsql, in particular, can handle a binary transfer of that data to the db, in a well protected manner */ if (session_readonly()) { $dbg_elem->content .= "Read-only: query not performed.\n"; $form->pre_elems[] = new StringElem(_("Read only. No data has been altered.")); $form->setAction('list'); return; } if ($form->FG_DEBUG > 4) { $form->setAction('ask-del'); $dbg_elem->content .= "Debug mode, won't delete!\n"; return; } $res = $dbhandle->Execute($query); if (!$res) { $form->setAction('ask-del'); $form->pre_elems[] = new ErrorElem(str_params(_("Cannot delete %1, database error."), array($form->model_name_s), 1)); $dbg_elem->content .= $dbhandle->ErrorMsg() . "\n"; // throw new Exception( $err_str); } elseif ($dbhandle->Affected_Rows() < 1) { // No result rows: update clause didn't match $dbg_elem->content .= ".. EOF, no rows!"; $dbg_elem->obj = $dbhandle->Affected_Rows(); $form->pre_elems[] = new ErrorElem(str_params(_("Cannot delete %1, record not found."), array($form->model_name_s), 1)); $form->setAction('list'); } else { $dbg_elem->content .= "Success: DELETE " . $dbhandle->Affected_Rows() . "\n"; $form->pre_elems[] = new StringElem(_("Record successfully removed from the database.")); $form->setAction('list'); } }
} if (!empty($_SERVER["HTTPS"])) { ini_set('session.cookie_secure', 1); } ini_set('session.cookie_httponly', 1); ini_set('session.cookie_path', '/'); ini_set('expose_php', 'off'); header('X-Frame-Options: SAMEORIGIN'); header('X-XSS-Protection: 1; mode=block'); header('X-Powered-By: WLOX'); /* Readonly Sessions */ if (empty($ajax)) { session_start(); session_regenerate(); } else { session_readonly(); } /* Current File Name */ $CFG->self = basename($_SERVER['SCRIPT_FILENAME']); /* Check for Email Auth */ if (!empty($_REQUEST['email_auth']) && !empty($_REQUEST['authcode'])) { $email_authcode = urlencode($_REQUEST['authcode']); $email_authcode_request = $CFG->self == 'withdraw.php'; User::logIn(false, false, $email_authcode, $email_authcode_request); } /* Common Info */ API::add('Lang', 'getTable'); API::add('Currencies', 'get'); API::add('User', 'verifyLogin'); API::add('Settings', 'get'); $query = API::send();
public function PerformAction(&$form) { $dbg_elem = new DbgElem(); $dbhandle = $form->a2billing->DBHandle(); if ($form->FG_DEBUG > 0) { array_unshift($form->pre_elems, $dbg_elem); } // just build the value list.. $ins_data = array(); try { foreach ($form->model as $fld) { $fld->buildInsert($ins_data, $form); } } catch (Exception $ex) { $form->setAction('ask-add2'); $form->pre_elems[] = new ErrorElem($ex->getMessage()); $dbg_elem->content .= $ex->message . ' (' . $ex->getCode() . ")\n"; // throw new Exception( $err_str); } $ins_keys = array(); $ins_values = array(); $ins_qm = array(); foreach ($ins_data as $ins) { $ins_keys[] = $ins[0]; if (count($ins) > 2) { $ins_qm[] = $ins[2]; } else { $ins_qm[] = '?'; } $ins_values[] = $ins[1]; } if (substr($form->model_table, 0, 5) == 'ONLY ') { $mtable = substr($form->model_table, 5); } else { $mtable = $form->model_table; } $dbg_elem->content .= "Query: INSERT INTO " . $mtable . "("; $dbg_elem->content .= implode(', ', $ins_keys); $dbg_elem->content .= ") VALUES(" . var_export($ins_values, true) . ");\n"; $query = "INSERT INTO " . $mtable . "(" . implode(', ', $ins_keys) . ") VALUES(" . implode(',', $ins_qm) . ");"; /* Note: up till now, no data has been quoted/sanitized. Thus, we feed it direcltly to the second part of the query. Pgsql, in particular, can handle a binary transfer of that data to the db, in a well protected manner */ if (session_readonly()) { $dbg_elem->content .= "Read-only: query not performed.\n"; $form->pre_elems[] = new StringElem(_("Read only. No data has been altered.")); $form->setAction('list'); return; } $res = $dbhandle->Execute($query, $ins_values); if (!$res) { $form->setAction('ask-add2'); $form->pre_elems[] = new ErrorElem(str_params(_("Cannot create new %1, database error."), array($form->model_name_s), 1)); $dbg_elem->content .= $dbhandle->ErrorMsg() . "\n"; // throw new Exception( $err_str); } else { $dbg_elem->content .= ".. success: " . gettype($res) . "\n"; $form->pre_elems[] = new StringElem(_("New data has successfully been inserted into the database.")); $form->setAction('list'); } }
$HD_Form->checkRights(ACX_CUSTOMER); $HD_Form->init(); $HD_Form->views['tooltip'] = new DetailsMcView(); $PAGE_ELEMS[] =& $HD_Form; $PAGE_ELEMS[] = new AddNewButton($HD_Form); $HD_Form->model[] = new PKeyFieldEH(_("ID"), 'id'); $HD_Form->model[] = new SqlBigRefField(_("Card"), 'card_id', 'cc_card', 'id', 'username', _("Corresponding card")); $HD_Form->model[] = new SqlBigRefField(_("Booth"), 'booth_id', 'cc_booth', 'id', 'peername', _("Booth (if no card)")); $HD_Form->model[] = new SqlRefField(_("Config"), "config", "cc_ast_users_config", "id", "cfg_name"); $HD_Form->model[] = new BoolField(_("SIP"), 'has_sip', _("If true, the peer will have a SIP entry")); $HD_Form->model[] = new BoolField(_("IAX"), 'has_iax', _("If true, the peer will have a IAX2 entry")); $HD_Form->model[] = DontList(new TextFieldN(_("Default IP"), 'defaultip', _("Default IP to ring user at."))); $HD_Form->model[] = new TextField(_("Host"), 'host', _("Statically bind user with some IP/DNS or 'dynamic' for users that will register.")); end($HD_Form->model)->def_value = 'dynamic'; $HD_Form->model[] = new TextFieldN(_("Name B"), 'peernameb', _("Override asterisk username, so that a second device can be registered")); if (!session_readonly()) { $HD_Form->model[] = dontList(new TextFieldN(_("Secret B"), 'secretb', _("Override asterisk secret from card/booth, so that a second device can be registered"))); } $HD_Form->model[] = dontList(new TextFieldN(_("Callerid B"), 'callerid', _("Override callerid."))); $HD_Form->model[] = DontList(new TextFieldN(_("From user"), 'fromuser', _("Override user string."))); $HD_Form->model[] = DontList(new TextFieldN(_("Call group"), 'callgroup', _("When this device is called, set the call group so that others can pick it up."))); $HD_Form->model[] = DontList(new TextFieldN(_("Pickup group"), 'pickupgroup', _("Allow this device to pick up calls made to those groups."))); $HD_Form->model[] = DontList(new TextFieldN(_("Device Model"), 'devmodel', _("Provision model of device."))); $HD_Form->model[] = DontList(new TextFieldN(_("MAC"), 'macaddr', _("MAC address of provisioned device."))); $HD_Form->model[] = DontList(new TextField(_("D Secret"), 'devsecret', _("Device secret, provision safety."))); $HD_Form->model[] = DontList(new IntFieldN(_("Provision Name"), 'provi_name', _("Provisioned name (display text)"))); $HD_Form->model[] = DontList(new IntFieldN(_("Provision Num"), 'provi_num', _("Provision configuration number"))); $HD_Form->model[] = DontList(new DateTimeFieldN(_("Last provisioned"), 'provi_date', _("Last provision timestamp"))); $HD_Form->model[] = new DelBtnField(); if ($HD_Form->getAction() == 'tooltip') { require "PP_bare_page.inc.php";
public function editQueryField(&$dbhandle) { if (session_readonly()) { return; } return parent::editQueryField($dbhandle); }
function init($sA2Billing = null, $stdActions = true) { if (!$this->rights_checked) { error_log("Attempt to use FormHandler w/o rights!"); die; } if ($sA2Billing) { $this->a2billing =& $sA2Billing; } else { $this->a2billing =& A2Billing::instance(); } if (isset($GLOBALS['FG_DEBUG'])) { $this->FG_DEBUG = $GLOBALS['FG_DEBUG']; } // Fill a local array with dirty versions of data.. if (!$this->prefix) { $this->_dirty_vars = array_merge($_GET, $_POST); } else { $tmp_arr = array_merge($_GET, $_POST); $tlen = strlen($this->prefix); $this->_dirty_vars = array(); // Find vars matching prefix and strip that! foreach ($tmp_arr as $key => $data) { if (strncmp($this->prefix, $key, $tlen) == 0) { $this->_dirty_vars[substr($key, $tlen)] = $data; } } } // set action, for a start: $this->action = $this->getpost_single('action'); if ($this->action == null) { $this->action = 'list'; } if ($this->order = $this->getpost_single('order')) { $this->addFollowParam('order', $this->order); } else { $this->order = $this->default_order; } if ($this->sens = $this->getpost_single('sens')) { $this->addFollowParam('sens', $this->sens); } else { $this->sens = $this->default_sens; } if ($this->cpage = $this->getpost_single('cpage')) { $this->addFollowParam('cpage', $this->cpage); } if ($this->ndisp = $this->getpost_single('ndisp')) { $this->addFollowParam('ndisp', $this->ndisp); } else { $this->ndisp = 30; } if ($stdActions) { $this->views['idle'] = new IdleView(); $this->views['list'] = new ListView(); if (!session_readonly()) { $this->views['edit'] = new EditView(); $this->views['add'] = new AddView(); $this->views['delete'] = new DeleteView(); $this->views['object-edit'] = new ObjEditView(); } $this->views['ask-add'] = new AskAddView(); $this->views['ask-add2'] = new AskAdd2View(); $this->views['ask-edit2'] = new AskEdit2View(); $this->views['ask-edit'] = new AskEditView(); $this->views['ask-del'] = new AskDelView(); $this->views['details'] = new DetailsView(); if ($this->FG_DEBUG) { $this->views['dump-form'] = new DbgDumpView(); } } }
/** Format and execute the Update query */ public function PerformAction(&$form) { $dbg_elem = new DbgElem(); $dbhandle = $form->a2billing->DBHandle(); if ($form->FG_DEBUG > 0) { array_unshift($form->pre_elems, $dbg_elem); } // just build the value list.. $upd_data = array(); $upd_clauses = array(); try { foreach ($form->model as $fld) { $fld->buildUpdate($upd_data, $form); $qc = $fld->editQueryClause($dbhandle, $form); if ($qc) { if (is_string($qc)) { $upd_clauses[] = $qc; } elseif (is_array($qc)) { $upd_clauses = array_merge($upd_clauses, $qc); } else { throw new Exception("Why clause " . gettype($qc) . " ?"); } } } } catch (Exception $ex) { $form->action = 'ask-edit2'; $form->pre_elems[] = new ErrorElem($ex->getMessage()); $dbg_elem->content .= $ex->getMessage() . ' (' . $ex->getCode() . ")\n"; // throw new Exception( $err_str); } $upd_values = array(); $query = "UPDATE " . $form->model_table . " SET "; $query_u = array(); foreach ($upd_data as $upd) { if (is_array($upd)) { $query_u[] = $upd[0] . " = ? "; $upd_values[] = $upd[1]; } elseif (is_string($upd)) { $query_u[] = $upd; } } $query .= implode(", ", $query_u); $query_dbg = $query; // format a string that contains the values, too $query_dbg .= "( " . var_export($upd_values, true) . ") "; // Protect against a nasty update! if (count($upd_clauses) < 1) { $form->pre_elems[] = new ErrorElem("Cannot update, internal error"); $dbg_elem->content .= "Update: no query clauses!\n"; } $query .= ' WHERE ' . implode(' AND ', $upd_clauses) . ';'; $query_dbg .= ' WHERE ' . implode(' AND ', $upd_clauses) . ';'; $dbg_elem->content .= $query_dbg . "\n"; /* Note: up till now, no data has been quoted/sanitized. Thus, we feed it direcltly to the second part of the query. Pgsql, in particular, can handle a binary transfer of that data to the db, in a well protected manner */ if (session_readonly()) { $dbg_elem->content .= "Read-only: query not performed.\n"; $form->pre_elems[] = new StringElem(_("Read only. No data has been altered.")); $form->setAction('list'); return; } $res = $dbhandle->Execute($query, $upd_values); if (!$res) { $form->setAction('ask-edit2'); $form->pre_elems[] = new ErrorElem(str_params(_("Cannot update %1, database error."), array($form->model_name_s), 1)); $dbg_elem->content .= $dbhandle->ErrorMsg() . "\n"; // throw new Exception( $err_str); } elseif ($dbhandle->Affected_Rows() < 1) { // No result rows: update clause didn't match $dbg_elem->content .= ".. EOF, no rows!"; $dbg_elem->obj = $dbhandle->Affected_Rows(); $form->pre_elems[] = new ErrorElem(str_params(_("Cannot update %1, record not found."), array($form->model_name_s), 1)); $form->setAction('ask-edit2'); } else { $dbg_elem->content .= "Success: UPDATE " . $dbhandle->Affected_Rows() . "\n"; $form->pre_elems[] = new StringElem(_("Data has successfully been updated in the database.")); $form->setAction('list'); } }