/** * @param Array keys * @param Boolean forLookup * @param String _table * @param String _field * @param String pageType * @return Array */ public function GetAddedDataLookupQuery($keys, $forLookup, $_table, $_field, $pageType) { $lookupMainSettings = getLookupMainTableSettings($this->tName, $_table, $_field, $pageType); if(!$lookupMainSettings) return array(); global $conn; $LookupSQL = ""; $mainField = $_field; $mainTable = $lookupMainSettings->getTableName(); $linkFieldName = $lookupMainSettings->getLinkField($mainField); $dispfield = $lookupMainSettings->getDisplayField($mainField); $nLookupType = $lookupMainSettings->getLookupType($mainField); if($nLookupType == LT_QUERY) { if($lookupMainSettings->getCustomDisplay($mainField)) $this->pSet->getSQLQuery()->AddCustomExpression($dispfield, $this->pSet, $mainTable, $mainField); $lookupQueryObj = $this->pSet->getSQLQuery()->CloneObject(); } else { $LookupSQL = "select "; $LookupSQL .= GetFullFieldName($linkFieldName, $this->tName, true); if($linkFieldName != $dispfield) $LookupSQL .= "," . $this->pSet->getLWDisplayField($mainField, true); $LookupSQL.=" from ".AddTableWrappers($this->strOriginalTableName); } $data = 0; $lookupIndexes = array("linkFieldIndex" => 0, "displayFieldIndex" => 0); if(count($keys)) { $where = KeyWhere($keys); if($nLookupType == LT_QUERY) $LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $where)); else $LookupSQL.=" where ".$where; $lookupIndexes = GetLookupFieldsIndexes($lookupMainSettings, $mainField); LogInfo($LookupSQL); if($forLookup) { $rs=db_query($LookupSQL,$conn); $data = $this->cipherer->DecryptFetchedArray($rs); } else if($LookupSQL) { $rs = db_query($LookupSQL,$conn); $data = db_fetch_numarray($rs); $data[$lookupIndexes["linkFieldIndex"]] = $this->cipherer->DecryptField($linkFieldName, $data[$lookupIndexes["linkFieldIndex"]]); if($nLookupType == LT_QUERY) $data[$lookupIndexes["displayFieldIndex"]] = $this->cipherer->DecryptField($dispfield, $data[$lookupIndexes["displayFieldIndex"]]); } } return array($data, array("linkField" => $linkFieldName, "displayField" => $dispfield , "linkFieldIndex" => $lookupIndexes["linkFieldIndex"], "displayFieldIndex" => $lookupIndexes["displayFieldIndex"])); }
public function ViewLookupWizardField($field, $container, $pageObject) { parent::ViewControl($field, $container, $pageObject); $this->nLookupType = null; $this->lookupTable = ""; $this->displayFieldName = ""; $this->linkFieldName = ""; $this->linkAndDisplaySame = false; $this->lookupPSet = null; $this->cipherer = null; $this->lookupQueryObj = null; $this->displayFieldIndex = 0; $this->LookupSQL = ""; if ($this->container->pSet->getEditFormat($field) != EDIT_FORMAT_LOOKUP_WIZARD) { $this->pSet = new ProjectSettings($this->container->pSet->_table, $this->container->pSet->getPageTypeByFieldEditFormat($field, EDIT_FORMAT_LOOKUP_WIZARD)); } else { $this->pSet = $this->container->pSet; } $this->nLookupType = $this->pSet->getLookupType($this->field); $this->lookupTable = $this->pSet->getLookupTable($this->field); $this->displayFieldName = $this->pSet->getDisplayField($this->field); $this->linkFieldName = $this->pSet->getLinkField($this->field); $this->linkAndDisplaySame = $this->displayFieldName == $this->linkFieldName; if ($this->nLookupType == LT_QUERY) { $this->lookupPSet = new ProjectSettings($this->lookupTable, $this->container->pageType); $this->cipherer = new RunnerCipherer($this->lookupTable); if ($this->pSet->getCustomDisplay($this->field)) { $this->lookupPSet->getSQLQuery()->AddCustomExpression($this->displayFieldName, $this->lookupPSet, $this->pSet->_table, $this->field); } $this->lookupQueryObj = $this->lookupPSet->getSQLQuery()->CloneObject(); $this->lookupQueryObj->ReplaceFieldsWithDummies($this->lookupPSet->getBinaryFieldsIndices()); $lookupIndexes = GetLookupFieldsIndexes($this->pSet, $this->field); $this->displayFieldIndex = $lookupIndexes["displayFieldIndex"]; } else { $this->cipherer = new RunnerCipherer($this->pSet->_table); $this->LookupSQL = "SELECT "; $this->LookupSQL .= $this->pSet->getLWDisplayField($this->field); $this->LookupSQL .= " FROM " . AddTableWrappers($this->pSet->getLookupTable($this->field)) . " WHERE "; } $this->localControlsContainer = new ViewControlsContainer($this->pSet, $this->container->pageType, $pageObject); $this->localControlsContainer->isLocal = true; }
function InsertRecord($arr, $recInd) { global $goodlines, $conn, $error_message, $keys_present, $keys, $strOriginalTableName, $strTableName, $eventObj, $locale_info, $auditObj; $ret = 1; $rawvalues = array(); foreach ($arr as $key => $val) { $rawvalues[$key] = $val; $type = GetFieldType($key); if (!NeedQuotes($type)) { $value = (string) $val; $value = str_replace(",", ".", $value); if (strlen($value) > 0) { $value = str_replace($locale_info["LOCALE_SCURRENCY"], "", $value); $arr[$key] = 0 + $value; } else { $arr[$key] = NULL; } } } $retval = true; if ($eventObj->exists('BeforeInsert')) { $retval = $eventObj->BeforeInsert($rawvalues, $arr); } if ($retval) { $fields = array_keys($arr); foreach ($fields as $key => $val) { $fields_list[$key] = AddFieldWrappers(GetFullFieldName($val)); } $values_list = ""; foreach ($arr as $key => $val) { if (!is_null($arr[$key])) { $values_list .= add_db_quotes($key, $val) . ", "; } else { $values_list .= "NULL, "; } } if (strlen($values_list) > 0) { $values_list = substr($values_list, 0, strlen($values_list) - 2); } $sql = "insert into " . AddTableWrappers($strOriginalTableName) . " (" . implode(",", $fields_list) . ") values (" . $values_list . ")"; if (db_exec_import($sql, $conn)) { $goodlines++; if ($auditObj) { $aKeys = GetKeysArray($arr, true); $auditObj->LogAdd($strTableName, $arr, $aKeys); } } else { $temp_error_message = "<b>Error:</b> in the line: " . implode(",", $arr) . ' <a linkType="debugOpener" recId="' . $recInd . '" href="" onclick="importMore(' . $recInd . ');">More info</a><br>'; $temp_error_message .= '<div id="importDebugInfoTable' . $recInd . '" cellpadding="3" cellspacing="1" align="center" style="display: none;"><p class="error">SQL query: ' . $sql . '; </p><p class="error">DB error: ' . db_error($conn) . ';</p></div>'; $temp_error_message .= "<br><br>"; // we'll try to update the record if ($keys_present) { $sql = "update " . AddTableWrappers($strOriginalTableName) . " set "; $sqlset = ""; $where = " where "; foreach ($fields as $k => $val) { if (!in_array(AddFieldWrappers($fields[$k]), $keys)) { if (!is_null($arr[$val])) { $sqlset .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . ", "; } else { $sqlset .= $fields_list[$k] . "=NULL, "; } } else { $where .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . " and "; } } if (strlen($sqlset) > 0) { $sql .= substr($sqlset, 0, strlen($sqlset) - 2); } $where = substr($where, 0, strlen($where) - 5); $sql .= " " . $where; $rstmp = db_query("select * from " . AddTableWrappers($strOriginalTableName) . " " . $where, $conn); $data = db_fetch_array($rstmp); if ($data) { if ($auditObj) { foreach ($data as $key => $val) { $auditOldValues[$key] = $val; } } if (db_exec_import($sql, $conn)) { // update successfull $goodlines++; if ($auditObj) { $aKeys = GetKeysArray($arr); $auditObj->LogEdit($strTableName, $arr, $auditOldValues, $aKeys); } } else { echo 'not updated'; // update not successfull $error_message .= $temp_error_message; $ret = 0; } } else { $error_message .= $temp_error_message; $ret = 0; } } else { $error_message .= $temp_error_message; } } return $ret; } }
$keyToModify[$screen][$key] = false; } } } foreach ($keyToModify as $screen => $data){ foreach ($data as $key => $val){ $rpt_array[$xml_field][$screen][$key] = $val; } } } } $rpt_array['miscellaneous']['print_friendly'] = ($rpt_array['miscellaneous']['print_friendly'] == "true") ? true : false; // Load and assign styles $sql_query = "SELECT " . AddFieldWrappers("report_style_id") . "," . AddFieldWrappers("type") . "," . AddFieldWrappers("field") . "," . AddFieldWrappers("group") . "," . AddFieldWrappers("style_str") . "," . AddFieldWrappers("uniq") . ", " . AddFieldWrappers("repname") . ", " . AddFieldWrappers("styletype") . " FROM " . AddTableWrappers("webreport_style") . " WHERE " . AddFieldWrappers("repname") . "=" . db_prepare_string(postvalue('rname')) . " ORDER BY " . AddFieldWrappers("report_style_id") . " ASC"; $rsReport = db_query($sql_query, $conn); $styleStr = ''; while ($data = db_fetch_numarray($rsReport)){ if ($data[1] == 'table') $styleStr .= "#legend td{" . $data[4] . "}\n"; else if (($data[2] == 0) && ($data[3] != 0)) $styleStr .= "#legend td.class" . $data[3] . "g" . "{" . $data[4] . "}\n"; else if (($data[2] != 0) && ($data[3] == 0)) $styleStr .= "#legend td.class" . $data[2] . "f" . "{" . $data[4] . "}\n"; else if ($data[5] == 0 && $data[2] != 0 && $data[3] != 0) $styleStr .= "#legend td.class" . $data[3] . "g" . $data[2] . "f0u{" . $data[4] . "}\n"; else $styleStr .= "#legend td.class" . $data[3] . "g" . $data[2] . "f" . $data[5] . "u" . "{" . $data[4] . "}\n";
/** * Adds sub query for counting details recs number * */ function addMasterDetailSubQuery() { // add count of child records to SQL if ($this->subQueriesSupp && $this->subQueriesSupAccess && !$this->theSameFieldsType) { for ($i = 0; $i < count($this->allDetailsTablesArr); $i++) { if ($this->allDetailsTablesArr[$i]['dispChildCount'] || $this->allDetailsTablesArr[$i]['hideChild']) { $origTName = $this->allDetailsTablesArr[$i]['dOriginalTable']; $dataSourceTName = $this->allDetailsTablesArr[$i]['dDataSourceTable']; $shortTName = $this->allDetailsTablesArr[$i]['dShortTable']; $detailsSettings = $this->pSet->getTable($dataSourceTName); $detailsQuery = $detailsSettings->getSQLQuery(); $detailsSqlWhere = $detailsQuery->WhereToSql(); $masterWhere = ""; foreach ($this->masterKeysByD[$i] as $idx => $val) { if ($masterWhere) { $masterWhere .= " and "; } $masterWhere .= $this->cipherer->GetFieldName(AddTableWrappers("subQuery_cnt") . "." . AddFieldWrappers($this->detailKeysByD[$i][$idx]), $this->masterKeysByD[$i][$idx]) . "=" . $this->cipherer->GetFieldName(AddTableWrappers($this->origTName) . "." . AddFieldWrappers($this->masterKeysByD[$i][$idx]), $this->masterKeysByD[$i][$idx]); } // add a key field to the select list $subQ = ""; foreach ($this->detailKeysByD[$i] as $k) { if (strlen($subQ)) { $subQ .= ","; } $subQ .= GetFullFieldNameForInsert($this->pSet, $k); } $subQ = "SELECT " . $subQ . " " . $detailsQuery->FromToSql(); // add security where clause for sub query $securityClause = SecuritySQL("Search", $dataSourceTName); if (strlen($securityClause)) { $subQ .= " WHERE " . whereAdd($detailsSqlWhere, $securityClause); } elseif (strlen($detailsSqlWhere)) { $subQ .= " WHERE " . whereAdd("", $detailsSqlWhere); } // add detail table query tail $subQ .= " " . $detailsQuery->TailToSql(); $countsql = "SELECT count(*) FROM (" . $subQ . ") " . AddTableWrappers("subQuery_cnt") . " WHERE " . $masterWhere; $this->gsqlHead .= ",(" . $countsql . ") as " . AddFieldWrappers($dataSourceTName . "_cnt") . " "; } } } }
function DoInsertRecordSQL($table, &$avalues, &$blobfields, $pageid, &$pageObject, &$cipherer) { global $error_happened, $conn, $inlineadd, $usermessage, $message, $failed_inline_add, $keys, $strTableName; // make SQL string $strSQL = "insert into " . AddTableWrappers($table) . " "; $strFields = "("; $strValues = "("; $blobs = PrepareBlobs($avalues, $blobfields); foreach ($avalues as $akey => $value) { $strFields .= $pageObject->pSet->getTableField($akey) . ", "; if (in_array($akey, $blobfields)) { $strValues .= $value . ", "; } else { if (is_null($cipherer)) { $strValues .= add_db_quotes($akey, $value) . ", "; } else { $strValues .= $cipherer->AddDBQuotes($akey, $value) . ", "; } } } if (substr($strFields, -2) == ", ") { $strFields = substr($strFields, 0, strlen($strFields) - 2); } if (substr($strValues, -2) == ", ") { $strValues = substr($strValues, 0, strlen($strValues) - 2); } $strSQL .= $strFields . ") values " . $strValues . ")"; if (!ExecuteUpdate($pageObject, $strSQL, $blobs, true)) { return false; } if ($error_happened) { return false; } $pageObject->ProcessFiles(); if ($inlineadd == ADD_INLINE) { $status = "ADDED"; $message = "" . "Record was added" . ""; $IsSaved = true; } else { $message = "<<< " . "Record was added" . " >>>"; } if ($usermessage != "") { $message = $usermessage; } $auditObj = GetAuditObject($table); if ($inlineadd == ADD_SIMPLE || $inlineadd == ADD_INLINE || $inlineadd == ADD_ONTHEFLY || $inlineadd == ADD_POPUP || $inlineadd == ADD_MASTER || tableEventExists("AfterAdd", $strTableName) || $auditObj) { $failed_inline_add = false; $keyfields = $pageObject->pSet->getTableKeys(); foreach ($keyfields as $k) { if (array_key_exists($k, $avalues)) { $keys[$k] = $avalues[$k]; } elseif ($pageObject->pSet->isAutoincField($k)) { $lastrs = @db_query("SELECT lastval()", $conn); if ($lastdata = db_fetch_numarray($lastrs)) { $keys[$k] = $lastdata[0]; } } else { $failed_inline_add = true; } } } return true; }
function toSql($query) { return AddTableWrappers($this->m_strName);//SmartAddTableWrappers(m_strName); }
function FetchByID() { global $conn, $dal_info; $tableinfo =& $dal_info[$this->m_TableName]; $dal_where = ""; foreach ($tableinfo as $fieldname => $fld) { $command = 'if(isset($this->' . $fld['varname'] . ')) { '; $command .= '$this->Value[\'' . escapesq($fieldname) . '\'] = $this->' . $fld['varname'] . ';'; $command .= ' }'; eval($command); foreach ($this->Param as $field => $value) { if (strtoupper($field) != strtoupper($fieldname)) { continue; } $dal_where .= AddFieldWrappers($fieldname) . "=" . $this->PrepareValue($value, $fld["type"]) . " and "; break; } } // cleanup $this->Reset(); // construct and run SQL if ($dal_where) { $dal_where = " where " . substr($dal_where, 0, -5); } $dalSQL = "select * from " . AddTableWrappers($this->m_TableName) . $dal_where; $rs = db_query($dalSQL, $conn); return $rs; }
/** * Check if the field's value duplicates with any of database field's values * * @param {String} $fieldName * @param {String | Number} $value * @retrun {Boolean} */ function hasDuplicateValue($fieldName, $value) { global $conn; if($this->cipherer->isFieldEncrypted($fieldName)) { $value = $this->cipherer->MakeDBValue($fieldName, $value, "", "", true); } else { $value = add_db_quotes($fieldName, $value); } $where = GetFullFieldName($fieldName, $this->tName, false).'='.$value; $sql = "SELECT count(*) from ".AddTableWrappers($this->pSet->getOriginalTableName())." where ".$where; $rs = db_query($sql, $conn); $data = db_fetch_numarray($rs); if(!$data[0]) { return false; } return true; }
$arr_UserGroups = array(); foreach(GetUserGroups() as $idx=>$value) if($value[0]!="Guest") $arr_UserGroups[]=$value; } $group_list=""; $groupSelected=""; $wr_user=postvalue("username"); if($wr_is_standalone) { if(postvalue("editid1")) { $rs=db_query("select ".AddFieldWrappers("username")." from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers("id")."=".postvalue("editid1"),$conn); $data=db_fetch_numarray($rs); if($data) $wr_user=$data[0]; } } if(count($arr_UserGroups)) { usort($arr_UserGroups,"sortUserGroup"); $groups=$arr_UserGroups; $i=0; if(!$wr_is_standalone) $xt->assign("group_header","User Groups"); else
// username and password are stored in the database $strUsername = (string) $pUsername; $strPassword = (string) $pPassword; $sUsername = $strUsername; $sPassword = $strPassword; if (NeedQuotes($cUserNameFieldType)) { $strUsername = db_prepare_string($strUsername); } else { $strUsername = 0 + $strUsername; } if (NeedQuotes($cPasswordFieldType)) { $strPassword = db_prepare_string($strPassword); } else { $strPassword = 0 + $strPassword; } $strSQL = "select * from " . AddTableWrappers("dbo.System Users") . " where " . AddFieldWrappers($cUserNameField) . "=" . $strUsername . " and " . AddFieldWrappers($cPasswordField) . "=" . $strPassword; $retval = true; $logged = false; $data = array(); if ($globalEvents->exists("BeforeLogin")) { $retval = $globalEvents->BeforeLogin($pUsername, $pPassword, $message); } if ($retval) { $rs = db_query($strSQL, $conn); $data = db_fetch_array($rs); if ($data) { if (@$data[$cUserNameField] == $sUsername && @$data[$cPasswordField] == $sPassword) { $logged = true; } } }
function make_from_clause($type) { $accessMode=(GetDatabaseType()==3); $root=&$_SESSION[$type]; $ret=AddTableWrappers($root['tables'][0]); $fullouter=""; $firstJoin=true; if(is_array($root["table_relations"]["relat"])) { foreach($root["table_relations"]["relat"] as $r) { if(trim($r["rel_type"])=="FULL OUTER JOIN") { $fullouter.="\n,".AddTableWrappers($r["right_table"]); continue; } if($accessMode && !$firstJoin) { $ret="(".$ret.")"; } $firstJoin=false; $ret.="\n".$r["rel_type"]." ".AddTableWrappers($r["right_table"])." ON "; $joinon=""; foreach($r["left_fields"] as $i=>$f) { if(strlen($joinon)) $joinon.=" AND "; $joinon.=AddTableWrappers($r["left_table"]).".".AddFieldWrappers($r["left_fields"][$i]); $joinon.="="; $joinon.=AddTableWrappers($r["right_table"]).".".AddFieldWrappers($r["right_fields"][$i]); } $ret.=$joinon; } } return "FROM ".$ret.$fullouter; }
function getCustomSQLbyName($sqlname) { global $conn; $rs=db_query("select * from ".AddTableWrappers("webreport_sql")." where ".AddFieldWrappers("sqlname")."='".$sqlname."'",$conn); if($data = db_fetch_array($rs)) return array($data["id"],$data["sqlname"],$data["sqlcontent"]); return ""; }
$rsReport = db_exec($strSQL,$conn); } if ($style_record['type'] == "group"){ if ($style_record['params']['groupName'] != 0){ $strSQL = "DELETE FROM ".AddTableWrappers("webreport_style")." WHERE (".AddFieldWrappers("group")." = ".(0+$style_record["params"]["groupName"])." AND ".AddFieldWrappers("repname")."=".db_prepare_string($repname)." AND ".AddFieldWrappers("styletype")."='".$style_record["params"]["styleType"]."' AND (".AddFieldWrappers("type")."='cell' OR ".AddFieldWrappers("type")."='group'))"; $rsReport = db_exec($strSQL,$conn); } } if ($style_record['type'] == "field"){ $strSQL = "DELETE FROM ".AddTableWrappers("webreport_style")." WHERE (".AddFieldWrappers("field")." = ".($style_record["params"]["fieldName"]+0)." AND ".AddFieldWrappers("repname")."=".db_prepare_string($repname)." AND ".AddFieldWrappers("styletype")."='".$style_record["params"]["styleType"]."' and ".AddFieldWrappers("type")."='field')"; $rsReport = db_exec($strSQL,$conn); } if ($style_record['type'] == "cell"){ $style_record['params']['uniq'] = (int)$style_record['params']['uniq']; $strSQL = "DELETE FROM ".AddTableWrappers("webreport_style")." WHERE (".AddFieldWrappers("type")." = '".$style_record["type"]."' AND ".AddFieldWrappers("field")." = ".($style_record["params"]["fieldName"]+0)." AND ".AddFieldWrappers("group")." = ".(0+$style_record["params"]["groupName"])." AND ".AddFieldWrappers("uniq")."=".(int)$style_record["params"]["uniq"]." AND ".AddFieldWrappers("repname")."=".db_prepare_string($repname)." AND ".AddFieldWrappers("styletype")."='".$style_record["params"]["styleType"]."')"; $rsReport = db_exec($strSQL,$conn); } $strSQL = "INSERT INTO ".AddTableWrappers("webreport_style")." (".AddFieldWrappers("type").",".AddFieldWrappers("field").",".AddFieldWrappers("group").",".AddFieldWrappers("style_str").",".AddFieldWrappers("uniq").",".AddFieldWrappers("repname").",".AddFieldWrappers("styletype").") VALUES ('".$style_record['type']."',".db_prepare_string($style_record["params"]["fieldName"]).",".$style_record['params']['groupName'].",".db_prepare_string($style_record['params']['styleStr']).",".$style_record['params']['uniq'].",".db_prepare_string($repname).",'".$style_record['params']['styleType']."')"; $rsReport = db_exec($strSQL,$conn); } echo 'OK'; ?>
$datacount = db_fetch_numarray($rs1); if (!$datacount[0]) { foreach ($fieldsArr as $f) { $fEditFormat = GetFieldData($strTableName, $f, 'EditFormat', ''); if ($fEditFormat != EDIT_FORMAT_LOOKUP_WIZARD || GoodFieldName($f) != $field) { continue; } $LookupType = GetFieldData($strTableName, $f, 'LookupType', ''); if ($LookupType == LT_LOOKUPTABLE) { $LookupSQL = "SELECT "; if (GetFieldData($strTableName, $f, 'LookupUnique', false)) { $LookupSQL .= "DISTINCT "; } $LookupSQL .= GetLWLinkField($f, $strTableName, true); $LookupSQL .= "," . GetLWDisplayField($f, $strTableName, true); $LookupSQL .= " FROM " . AddTableWrappers(GetFieldData($strTableName, $f, 'LookupTable', '')) . " "; $LookupSQL .= " WHERE " . GetLWLinkField($f, $strTableName, true) . "=" . $lookupValue . " AND "; $LookupSQL .= GetLWDisplayField($f, $strTableName, true) . " LIKE " . db_prepare_string($value . "%"); if (GetFieldData($strTableName, $f, 'UseCategory', false)) { $cvalue = make_db_value(GetFieldData($strTableName, $f, 'CategoryControl', ''), postvalue("category")); $LookupSQL .= " AND " . AddFieldWrappers(GetFieldData($strTableName, $f, 'CategoryFilter', '')) . "=" . $cvalue; } } } $rs2 = db_query($LookupSQL, $conn); if ($data = db_fetch_numarray($rs2)) { $response[] = $data[0]; $response[] = $data[1]; } } }
$retval = true; $message = ""; //run before login event if($globalEvents->exists("BeforeLogin")) $retval = $globalEvents->BeforeLogin($pUsername,$pPassword,$message, $pageObject); if ($retval) { $d = $pageObject->LogIn($pUsername,$pPassword); if ($d) { //login succeccful //run AfterSuccessfulLogin event // if login method is not AD then ASL event fires in SetAuthSessionData if($wr_is_standalone) { $rs=db_query("select count(".AddTableWrappers("id").") from ".AddTableWrappers("webreport_admin"),$conn); $data=db_fetch_numarray($rs); if($data[0]==0) { header("Location: webreport_admin.php"); return; } } if ($onFly == 2) { if($myurl) { $myurl .= strpos($myurl, '?') !== FALSE ? '&a=login' : '?a=login'; $ajaxmessage = $myurl; } else { $ajaxmessage = GetTableLink("menu"); } } else {
$arr=array(); $arr=array(0,"",postvalue("output")); $customSQL=$arr[2]; $_SESSION["customSQL"]=$customSQL; $_SESSION["idSQL"]=$arr[0]; $_SESSION["nameSQL"]=$arr[1]; $_SESSION["object_sql"]=$customSQL; echo $customSQL; exit(); } if(postvalue("name")=="getcustomsql") { $arr=array(); $arr=WRgetCurrentCustomSQL(postvalue("output")); $customSQL=$arr[2]; $_SESSION["customSQL"]=$customSQL; $_SESSION["idSQL"]=$arr[0]; $_SESSION["nameSQL"]=$arr[1]; $_SESSION["object_sql"]=$customSQL; echo $customSQL; exit(); } $arr = my_json_decode(DecodeUTF8(postvalue("output"))); db_exec("delete from ".AddTableWrappers("webreport_admin"),$conn); foreach($arr as $val) { db_exec("insert into ".AddTableWrappers("webreport_admin")." (".AddFieldWrappers("tablename").",".AddFieldWrappers("db_type").",".AddFieldWrappers("group_name").") values (".db_prepare_string($val["table"]).",'".$val["db_type"]."',".db_prepare_string($val["group"]).")",$conn); } echo "OK"; ?>
function ImportFromCSV($uploadfile, $strOriginalTableName, $ext, $keys, &$keys_present, &$total_records, &$error_message, &$goodlines, $pageObject, $cipherer) { global $conn, $gSettings; $ret = 1; $fields = array(); $fields = getImportCVSFields($uploadfile); // populate field names array for ($j=0;$j<count($fields);$j++) { $fields[$j] = $fields[$j]; if(substr($fields[$j],0,1)=="\"" && substr($fields[$j],-1)=="\"") $fields[$j]=substr($fields[$j],1,-1); } $fields = getFieldNamesByHeaders($fields, $strOriginalTableName, $ext); if($fields == null) // if error happened return; $keys_present=1; for($k=0; $k<count($keys); $k++) { if (!in_array(RemoveFieldWrappers($keys[$k]),$fields)) { $keys_present=0; break; } } $autoinc = false; if(in_array("id",$fields)) $autoinc=true; if(GetDatabaseType() == 2 && $autoinc) { $sql="SET IDENTITY_INSERT ".AddTableWrappers($strOriginalTableName)." ON"; db_exec($sql,$conn); } $total_records = 0; $line = ""; $row = 0; // parse records from file if (($handle = OpenCSVFile($uploadfile)) !== FALSE) { while (($data = GetCSVLine($handle, 1000000, ",")) !== FALSE) { // first rec contain only fields names if ($row === 0) { $row++; continue; } $arr = array(); foreach($data as $key=>$val) { $type = $gSettings->getFieldType($fields[$key]); if(IsDateFieldType($type)) { $value = localdatetime2db($val); if ( $value !== FALSE && strlen($value) && $value != 'null' ) $arr[$fields[$key]] = $value; else $arr[$fields[$key]] = NULL; } elseif(IsTimeType($type)) { $value = localtime2db($val); if ( $value !== FALSE && strlen($value) && !is_null($val) && strlen($val) ) $arr[$fields[$key]] = $value; else $arr[$fields[$key]] = NULL; } else $arr[$fields[$key]] = $val; } $ret = InsertRecord($arr, $row, $error_message, $goodlines, $keys, $keys_present, $strOriginalTableName, $pageObject, $cipherer, $autoinc); $row++; } CloseCSVFile($handle); } $total_records = $row-1; if(GetDatabaseType() == 2 && $autoinc) { $sql="SET IDENTITY_INSERT ".AddTableWrappers($strOriginalTableName)." OFF"; db_exec($sql,$conn); } return $ret; }
else { $_SESSION["webobject"]["table_type"]="custom"; $page = (postvalue('type') == "webcharts") ? GetTableLink("webchart0") : GetTableLink("webreport0"); $sql_query_display=$_SESSION["customSQL"]; $sql_query=$_SESSION["customSQL"]; if(postvalue("sql")=="add") { $sname="Query"; $prefix=0; while(true) { if($prefix>0) $sname="Query_".$prefix; $rs=db_query("select count(*) from ".AddTableWrappers("webreport_sql")." where ".AddFieldWrappers("sqlname")."=".db_prepare_string($sname),$conn); $data = db_fetch_numarray($rs); if($data[0]>0) $prefix++; else break; } $_SESSION["idSQL"]=""; $_SESSION["nameSQL"]=$sname; $_SESSION["customSQL"]=""; $sql_query_display=""; $sql_query=""; } elseif(postvalue("sql")=="makesql") { $sql_query_display=postvalue("output");
if( $denyChecking ) { $returnJSON = array("success" => false, "error" => "Duplicated values are allowed"); echo "<div>".printJSON($returnJSON)."</div>"; return; } $cipherer = new RunnerCipherer($tableName, $pSet); if( $cipherer->isFieldEncrypted($fieldName) ) $value = $cipherer->MakeDBValue($fieldName, $value, $fieldControlType, "", true); else $value = make_db_value($fieldName, $value, $fieldControlType, "", $tableName); $where = GetFullFieldName($fieldName, $tableName, false).( $value == "null" ? ' is ' : '=' ).$value; $sql = "SELECT count(*) from ".AddTableWrappers( $pSet->getOriginalTableName() )." where ".$where; $rs = db_query($sql, $conn); if( !$rs || !($data = db_fetch_numarray($rs)) ) { $returnJSON = array("success" => false, "error" => "Error: Wrong SQL query"); echo "<div>".printJSON($returnJSON)."</div>"; return; } $hasDuplicates = $data[0] ? true : false; $returnJSON = array("success" => true, "hasDuplicates" => $hasDuplicates, "error"=>""); echo "<div>".printJSON($returnJSON)."</div>"; return; ?>
<?php ini_set("display_errors", "1"); ini_set("display_startup_errors", "1"); include("include/dbcommon.php"); header("Expires: Thu, 01 Jan 1970 00:00:01 GMT"); $strTableName = ""; include("include/reportfunctions.php"); if (@$_REQUEST["cname"]) { $cname = @$_REQUEST["cname"]; $sql_query = "SELECT " . AddFieldWrappers("rpt_id") . " FROM " . AddTableWrappers("webreports") . " WHERE " . AddFieldWrappers("rpt_name") . "='" . $cname . "' and " . AddFieldWrappers("rpt_type") . "='chart'"; $rs = db_query($sql_query, $conn); if (!$data = db_fetch_numarray($rs)) header("location: " . GetTableLink("webreport")); else Reload_Chart(postvalue("cname")); } //$conn=db_connect(); $chrt_array = getChartArray(postvalue("cname")); if (is_wr_project()) include("include/" . $chrt_array['settings']['short_table_name'] . "_variables.php"); $sessPrefix = "webchart" . postvalue("cname"); /* /Trecho comentado por Helbert Samuel em 05/03/2015
if ($gSettings->getCustomDisplay($f)) { $lookupQueryObj->AddCustomExpression($displayFieldName, $lookupPSet, $strTableName, $f); } $lookupQueryObj->ReplaceFieldsWithDummies($lookupPSet->getBinaryFieldsIndices()); $cipherer->strTableName = $lookupTable; } else { $LookupSQLTable = "SELECT "; $lwLinkField = $gSettings->GetLWLinkField($f, true); if ($gSettings->isLookupUnique($f)) { $LookupSQLTable .= "DISTINCT "; } $LookupSQLTable .= $cipherer->GetLookupFieldName($lwLinkField, $strTableName, $f, null, true); if (!$linkAndDisplaySame) { $LookupSQLTable .= "," . ($lwDisplayField == $lwLinkField ? $cipherer->GetFieldName($lwDisplayField, $f, true) : $lwDisplayField); } $LookupSQLTable .= " FROM " . AddTableWrappers($lookupTable) . " "; } $strLookupWhere = GetLWWhere($f, $pageType, $strTableName); if ($strLookupWhere) { $strLookupWhere = " (" . $strLookupWhere . ") AND "; } if ($LookupType == LT_QUERY) { if ($gSettings->getCustomDisplay($f)) { $strLookupWhere .= $displayFieldName; } else { $strLookupWhere .= GetFullFieldName($displayFieldName, $lookupTable, false); } } else { $strLookupWhere .= $cipherer->GetFieldName($lwDisplayField, $f); } $strLookupWhere .= $cipherer->GetLikeClause($LookupType == LT_QUERY ? $displayFieldName : $f, $value);
function UnlockAdmin($strtable, $keys, $startEdit) { $skeys = ""; foreach ($keys as $ind => $val) { if (strlen($skeys)) { $skeys .= "&"; } $skeys .= rawurlencode($val); } $sdate = now(); if ($startEdit) { // add a record - lock $this->TableObj->startdatetime = $sdate; $this->TableObj->confirmdatetime = $sdate; $this->TableObj->sessionid = session_id(); $this->TableObj->table = $strtable; $this->TableObj->keys = $skeys; $this->TableObj->userid = $this->UserID; $this->TableObj->action = 1; $this->TableObj->Add(); } // delete all other locking records $rstmp = CustomQuery("delete from " . AddTableWrappers($this->lockTableName) . " where " . AddFieldWrappers("table") . "=" . db_prepare_string($strtable) . " and " . AddFieldWrappers("keys") . "=" . db_prepare_string($skeys) . " and " . AddFieldWrappers("action") . "=1 and " . AddFieldWrappers("sessionid") . "<>'" . session_id() . "' "); // inform other users that their locking were removed by locking $rstmp = CustomQuery("delete from " . AddTableWrappers($this->lockTableName) . " where " . AddFieldWrappers("startdatetime") . "<'" . format_datetime_custom(adddays(db2time(now()), -2), "yyyy-MM-dd HH:mm:ss") . "' and " . AddFieldWrappers("action") . "=2"); $this->TableObj->startdatetime = $sdate; $this->TableObj->confirmdatetime = $sdate; $this->TableObj->sessionid = session_id(); $this->TableObj->table = $strtable; $this->TableObj->keys = $skeys; $this->TableObj->userid = $this->UserID; $this->TableObj->action = 2; $this->TableObj->Add(); }
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { if ($this->lookupType == LT_LISTOFVALUES) { return parent::SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest); } $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } $displayFieldType = $this->type; if ($this->lookupType == LT_QUERY) { $displayFieldType = $this->lookupPSet->getFieldType($this->field); $this->btexttype = IsTextType($displayFieldType); } if ($this->multiselect) { $SearchFor = splitvalues($SearchFor); } else { $SearchFor = array($SearchFor); } $ret = ""; if ($this->linkAndDisplaySame) { $gstrField = GetFullFieldName($this->field, "", false); } else { $gstrField = GetFullFieldName($this->displayFieldName, $this->lookupTable, false); } if ($this->customDisplay) { $gstrField = $this->lwDisplayFieldWrapped; } else { if (!$this->linkAndDisplaySame && $this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype && !$this->ciphererDisplay->isFieldPHPEncrypted($this->displayFieldName)) { $gstrField = $this->lookupPSet->isEnableUpper(GetFullFieldName($this->displayFieldName, $this->lookupTable, false)); } } foreach ($SearchFor as $value) { if (!($value == "null" || $value == "Null" || $value == "")) { if (strlen(trim($ret))) { $ret .= " or "; } if (!$this->multiselect) { if ($strSearchOption == "Starts with") { $value .= '%'; } if ($isSuggest || $strSearchOption == "Contains") { $value = '%' . $value . '%'; } if ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between" || $strSearchOption == "Equals" && $this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) { $value = $this->escapeSearchValForMySQL($value); if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) { $value = $this->lookupPSet->isEnableUpper(db_prepare_string($value)); } else { $value = db_prepare_string($value); } } else { if ($strSearchOption == "Equals") { $value = make_db_value($this->field, $value); } } } if ($strSearchOption == "Equals") { if (!($value == "null" || $value == "Null")) { if ($this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) { $condition = $gstrField . '=' . $value; } else { $condition = GetFullFieldName($this->field, "", false) . '=' . $value; } } } else { if ($strSearchOption == "Starts with" || $strSearchOption == "Contains" && !$this->multiselect) { $condition = $gstrField . " " . $this->like . " " . $value; } else { if ($strSearchOption == "More than") { $condition = $gstrField . " > " . $value; } else { if ($strSearchOption == "Less than") { $condition = $gstrField . "<" . $value; } else { if ($strSearchOption == "Equal or more than") { $condition = $gstrField . ">=" . $value1; } else { if ($strSearchOption == "Equal or less than") { $condition = $gstrField . "<=" . $value1; } else { if ($strSearchOption == "Between") { if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) { $value2 = $this->lookupPSet->isEnableUpper(db_prepare_string($SearchFor2)); } else { $value2 = db_prepare_string($SearchFor2); } $condition = $gstrField . ">=" . $value . " and "; if (IsDateFieldType($this->type)) { $timeArr = db2time($SearchFor2); // for dates without time, add one day if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) { $timeArr = adddays($timeArr, 1); $SearchFor2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; $SearchFor2 = add_db_quotes($this->field, $SearchFor2, $this->pageObject->tName); $condition .= $gstrField . "<" . $SearchFor2; } else { $condition .= $gstrField . "<=" . $value2; } } else { $condition .= $gstrField . "<=" . $value2; } } else { if (strpos($value, ",") !== false || strpos($value, '"') !== false) { $value = '"' . str_replace('"', '""', $value) . '"'; } $value = $this->escapeSearchValForMySQL($value); //for search by multiply Lookup wizard field $ret .= GetFullFieldName($this->field, "", false) . " = " . db_prepare_string($value); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value . ",%"); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string($value . ",%"); } } } } } } } if ($condition != "" && ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Equals" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between")) { if ($this->linkAndDisplaySame || $strSearchOption == "Equals" && $this->LCType != LCT_AJAX) { $ret .= " " . $condition; } else { if ($this->lookupType == LT_QUERY) { $lookupQueryObj = $this->lookupPSet->getSQLQuery(); $ret .= " EXISTS (" . $lookupQueryObj->toSql($condition . " and " . GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field), '', null, false) . ")"; } else { $ret .= " EXISTS (SELECT 1 as fld from " . AddTableWrappers($this->lookupTable) . " where " . $condition . " and " . $this->lwLinkField . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field) . ")"; } } } } } if (strlen(trim($ret))) { $ret = "(" . $ret . ")"; } else { $ret = trim($ret); } return $ret; }
/* if($inlineadd == ADD_ONTHEFLY || $inlineadd == ADD_POPUP) { $xt->assign("message_block",true); } */ $readonlyfields = array(); // show readonly fields $linkdata = ""; if (@$_POST["a"] == "added" && $inlineadd == ADD_ONTHEFLY) { if (!$error_happened && $status != "DECLINED") { $LookupSQL = ""; $linkfield = ""; $dispfield = ""; if ($LookupSQL) { $LookupSQL .= " from " . AddTableWrappers($strOriginalTableName); } $data = 0; if (count($keys) && $LookupSQL) { $where = KeyWhere($keys); $LookupSQL .= " where " . $where; $rs = db_query($LookupSQL, $conn); $data = db_fetch_numarray($rs); } if ($data) { $respData = array($linkfield => @$data[0], $dispfield => @$data[1]); } else { $respData = array($linkfield => @$avalues[$linkfield], $dispfield => @$avalues[$dispfield]); } $returnJSON['success'] = true; $returnJSON['keys'] = $keys;
if(!$show) exit(); // security - end // construct sql $keys = DBGetTableKeys($table); if(!count($keys)) exit(); $strkeywhere = ""; foreach($keys as $idx=>$k) { if(strlen($strkeywhere)) $strkeywhere.=" and "; $strkeywhere.=AddTableWrappers($table).".".AddFieldWrappers($k)."="; $type=WRGetFieldType($table.".".$k); if(NeedQuotes($type)) $strkeywhere.=db_prepare_string(postvalue("key".($idx+1))); else { $value=postvalue("key".($idx+1)); $strvalue = (string)$value; $strvalue = str_replace(",",".",$strvalue); if(is_numeric($strvalue)) $value=$strvalue; else $value=0; $strkeywhere.=$value; } }
$sWhere.=" or ".GetFullFieldName($cEmailField,"webreport_users",false)."=".$value.")"; if($tosearch && $globalEvents->exists("BeforeRemindPassword")) $tosearch = $globalEvents->BeforeRemindPassword($strUsernameEmail,$strUsernameEmail, $pageObject); if($tosearch) { $selectClause = "select ".GetFullFieldName($cUserNameField,"webreport_users",false)." as ".AddFieldWrappers($cUserNameField) .",".GetFullFieldName($cPasswordField,"webreport_users",false)." as ".AddFieldWrappers($cPasswordField); // prevent aliases mixing if( $cUserNameField != $cEmailField ) $strSQL.= ",".GetFullFieldName($cEmailField,"webreport_users",false)." as ".AddFieldWrappers($cEmailField); $strSQL = $selectClause." from ".AddTableWrappers("webreport_users")." where ".$sWhere; $rs = db_query($strSQL, $conn); $data = $cipherer->DecryptFetchedArray($rs); if($data) { $password=$data[$cPasswordField]; $strUsername = $data[$cUserNameField]; $url = GetSiteUrl(); $url.= $_SERVER["SCRIPT_NAME"]; $url2 = str_replace("remind.","login.",$url)."?username="******"";
</form> </body> </html> "; } elseif($_REQUEST["step"]=="upgrade") { include("include/dbcommon.php"); $conn=db_connect(); $rs=db_query("select ".AddFieldWrappers("version")." from ".AddTableWrappers("webreport_settings"),$conn); if($data=db_fetch_numarray($rs)) $version=floatval($data[0]); else $version=1; Upgrade($version); db_exec("update ".AddTableWrappers("webreport_settings")." set ".AddFieldWrappers("version")."='".$wr_version."'",$conn); echo " <html lang=\"en\"> <head> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\"> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"> <link REL=\"stylesheet\" href=\"styles/default.css\" type=\"text/css\"> <link REL=\"stylesheet\" href=\"styles/".$wr_pagestylepath."/style.css\" type=\"text/css\"> <link REL=\"stylesheet\" href=\"pagestyles/login2.css\" type=\"text/css\"> </head> <body class=\"".$wr_pagestylepath." page-login2 function-login\" > <form name=frmAdmin method=post action=\"login.php\"> <input type=hidden name=btnSubmit value=\"Login\"> <input type=hidden name=username value=\"admin\"> <input type=hidden name=password value=\"".postvalue("admpass")."\">
function GetAddedDataLookupQuery($pageObject, $keys, $forLookup) { global $conn, $strTableName, $strOriginalTableName; $LookupSQL = ""; $linkfield = ""; $dispfield = ""; $noBlobReplace = false; $lookupFieldName = ""; if ($LookupSQL && $nLookupType != LT_QUERY) { $LookupSQL .= " from " . AddTableWrappers($strOriginalTableName); } $data = 0; $lookupIndexes = array("linkFieldIndex" => 0, "displayFieldIndex" => 0); if (count($keys)) { $where = KeyWhere($keys); if ($nLookupType == LT_QUERY) { $LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $where)); } else { $LookupSQL .= " where " . $where; } $lookupIndexes = GetLookupFieldsIndexes($lookupPSet, $lookupFieldName); LogInfo($LookupSQL); if ($forLookup) { $rs = db_query($LookupSQL, $conn); $data = $pageObject->cipherer->DecryptFetchedArray($rs); } else { if ($LookupSQL) { $rs = db_query($LookupSQL, $conn); $data = db_fetch_numarray($rs); $data[$lookupIndexes["linkFieldIndex"]] = $pageObject->cipherer->DecryptField($linkFieldName, $data[$lookupIndexes["linkFieldIndex"]]); if ($nLookupType == LT_QUERY) { $data[$lookupIndexes["displayFieldIndex"]] = $pageObject->cipherer->DecryptField($dispfield, $data[$lookupIndexes["displayFieldIndex"]]); } } } } return array($data, array("linkField" => $linkFieldName, "displayField" => $dispfield, "linkFieldIndex" => $lookupIndexes["linkFieldIndex"], "displayFieldIndex" => $lookupIndexes["displayFieldIndex"])); }
/** * Login method * */ function LogIn($pUsername,$pPassword){ // username and password are stored in the database global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField; $logged = false; $strUsername = (string)$pUsername; $strPassword = (string)$pPassword; $cipherer = new RunnerCipherer("webreport_users"); $sUsername = $strUsername; $sPassword = $strPassword; if($cipherer->isFieldEncrypted($cUserNameField)) $strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true); else { if(NeedQuotes($cUserNameFieldType)) $strUsername = db_prepare_string($strUsername); else $strUsername = (0+$strUsername); } if($cipherer->isFieldEncrypted($cPasswordField)) $strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true); else { if(NeedQuotes($cPasswordFieldType)) $strPassword = db_prepare_string($strPassword); else $strPassword = (0+$strPassword); } $fieldList = ""; $lSet = new ProjectSettings("webreport_users", PAGE_LIST); if($lSet->GetTableData(".sqlquery")) $fieldList = $lSet->GetTableData(".sqlquery")->toSql(); if($fieldList) { if(!$this->pSet->isCaseInsensitiveUsername()) { $where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)). "=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword; } else { $where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)). "=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false). "=".$strPassword; } $tempSQLQuery = $lSet->GetTableData(".sqlquery"); $tempSQLQuery->addWhere($where); $strSQL = $tempSQLQuery->toSql(); } else { $strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword; } $rs = db_query($strSQL,$conn); $data = $cipherer->DecryptFetchedArray($rs); if($data){ if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){ $logged=true; $pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername; } } if($logged && $this->isCaptchaOk) { DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword); SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword); return true; } else { if($this->auditObj) { $this->auditObj->LogLoginFailed($pUsername); $this->auditObj->LoginUnsuccessful($pUsername); } return false; } }