/**
* @param Array keys
* @param Boolean forLookup
* @param String _table
* @param String _field
* @param String pageType
* @return Array
*/
public function GetAddedDataLookupQuery($keys, $forLookup, $_table, $_field, $pageType)
{
$lookupMainSettings = getLookupMainTableSettings($this->tName, $_table, $_field, $pageType);
if(!$lookupMainSettings)
return array();
global $conn;
$LookupSQL = "";
$mainField = $_field;
$mainTable = $lookupMainSettings->getTableName();
$linkFieldName = $lookupMainSettings->getLinkField($mainField);
$dispfield = $lookupMainSettings->getDisplayField($mainField);
$nLookupType = $lookupMainSettings->getLookupType($mainField);
if($nLookupType == LT_QUERY)
{
if($lookupMainSettings->getCustomDisplay($mainField))
$this->pSet->getSQLQuery()->AddCustomExpression($dispfield, $this->pSet, $mainTable, $mainField);
$lookupQueryObj = $this->pSet->getSQLQuery()->CloneObject();
}
else
{
$LookupSQL = "select ";
$LookupSQL .= GetFullFieldName($linkFieldName, $this->tName, true);
if($linkFieldName != $dispfield)
$LookupSQL .= "," . $this->pSet->getLWDisplayField($mainField, true);
$LookupSQL.=" from ".AddTableWrappers($this->strOriginalTableName);
}
$data = 0;
$lookupIndexes = array("linkFieldIndex" => 0, "displayFieldIndex" => 0);
if(count($keys))
{
$where = KeyWhere($keys);
if($nLookupType == LT_QUERY)
$LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $where));
else
$LookupSQL.=" where ".$where;
$lookupIndexes = GetLookupFieldsIndexes($lookupMainSettings, $mainField);
LogInfo($LookupSQL);
if($forLookup)
{
$rs=db_query($LookupSQL,$conn);
$data = $this->cipherer->DecryptFetchedArray($rs);
}
else if($LookupSQL)
{
$rs = db_query($LookupSQL,$conn);
$data = db_fetch_numarray($rs);
$data[$lookupIndexes["linkFieldIndex"]] = $this->cipherer->DecryptField($linkFieldName, $data[$lookupIndexes["linkFieldIndex"]]);
if($nLookupType == LT_QUERY)
$data[$lookupIndexes["displayFieldIndex"]] = $this->cipherer->DecryptField($dispfield, $data[$lookupIndexes["displayFieldIndex"]]);
}
}
return array($data, array("linkField" => $linkFieldName, "displayField" => $dispfield
, "linkFieldIndex" => $lookupIndexes["linkFieldIndex"], "displayFieldIndex" => $lookupIndexes["displayFieldIndex"]));
}
public function ViewLookupWizardField($field, $container, $pageObject)
{
parent::ViewControl($field, $container, $pageObject);
$this->nLookupType = null;
$this->lookupTable = "";
$this->displayFieldName = "";
$this->linkFieldName = "";
$this->linkAndDisplaySame = false;
$this->lookupPSet = null;
$this->cipherer = null;
$this->lookupQueryObj = null;
$this->displayFieldIndex = 0;
$this->LookupSQL = "";
if ($this->container->pSet->getEditFormat($field) != EDIT_FORMAT_LOOKUP_WIZARD) {
$this->pSet = new ProjectSettings($this->container->pSet->_table, $this->container->pSet->getPageTypeByFieldEditFormat($field, EDIT_FORMAT_LOOKUP_WIZARD));
} else {
$this->pSet = $this->container->pSet;
}
$this->nLookupType = $this->pSet->getLookupType($this->field);
$this->lookupTable = $this->pSet->getLookupTable($this->field);
$this->displayFieldName = $this->pSet->getDisplayField($this->field);
$this->linkFieldName = $this->pSet->getLinkField($this->field);
$this->linkAndDisplaySame = $this->displayFieldName == $this->linkFieldName;
if ($this->nLookupType == LT_QUERY) {
$this->lookupPSet = new ProjectSettings($this->lookupTable, $this->container->pageType);
$this->cipherer = new RunnerCipherer($this->lookupTable);
if ($this->pSet->getCustomDisplay($this->field)) {
$this->lookupPSet->getSQLQuery()->AddCustomExpression($this->displayFieldName, $this->lookupPSet, $this->pSet->_table, $this->field);
}
$this->lookupQueryObj = $this->lookupPSet->getSQLQuery()->CloneObject();
$this->lookupQueryObj->ReplaceFieldsWithDummies($this->lookupPSet->getBinaryFieldsIndices());
$lookupIndexes = GetLookupFieldsIndexes($this->pSet, $this->field);
$this->displayFieldIndex = $lookupIndexes["displayFieldIndex"];
} else {
$this->cipherer = new RunnerCipherer($this->pSet->_table);
$this->LookupSQL = "SELECT ";
$this->LookupSQL .= $this->pSet->getLWDisplayField($this->field);
$this->LookupSQL .= " FROM " . AddTableWrappers($this->pSet->getLookupTable($this->field)) . " WHERE ";
}
$this->localControlsContainer = new ViewControlsContainer($this->pSet, $this->container->pageType, $pageObject);
$this->localControlsContainer->isLocal = true;
}
function InsertRecord($arr, $recInd)
{
global $goodlines, $conn, $error_message, $keys_present, $keys, $strOriginalTableName, $strTableName, $eventObj, $locale_info, $auditObj;
$ret = 1;
$rawvalues = array();
foreach ($arr as $key => $val) {
$rawvalues[$key] = $val;
$type = GetFieldType($key);
if (!NeedQuotes($type)) {
$value = (string) $val;
$value = str_replace(",", ".", $value);
if (strlen($value) > 0) {
$value = str_replace($locale_info["LOCALE_SCURRENCY"], "", $value);
$arr[$key] = 0 + $value;
} else {
$arr[$key] = NULL;
}
}
}
$retval = true;
if ($eventObj->exists('BeforeInsert')) {
$retval = $eventObj->BeforeInsert($rawvalues, $arr);
}
if ($retval) {
$fields = array_keys($arr);
foreach ($fields as $key => $val) {
$fields_list[$key] = AddFieldWrappers(GetFullFieldName($val));
}
$values_list = "";
foreach ($arr as $key => $val) {
if (!is_null($arr[$key])) {
$values_list .= add_db_quotes($key, $val) . ", ";
} else {
$values_list .= "NULL, ";
}
}
if (strlen($values_list) > 0) {
$values_list = substr($values_list, 0, strlen($values_list) - 2);
}
$sql = "insert into " . AddTableWrappers($strOriginalTableName) . " (" . implode(",", $fields_list) . ") values (" . $values_list . ")";
if (db_exec_import($sql, $conn)) {
$goodlines++;
if ($auditObj) {
$aKeys = GetKeysArray($arr, true);
$auditObj->LogAdd($strTableName, $arr, $aKeys);
}
} else {
$temp_error_message = "<b>Error:</b> in the line: " . implode(",", $arr) . ' <a linkType="debugOpener" recId="' . $recInd . '" href="" onclick="importMore(' . $recInd . ');">More info</a><br>';
$temp_error_message .= '<div id="importDebugInfoTable' . $recInd . '" cellpadding="3" cellspacing="1" align="center" style="display: none;"><p class="error">SQL query: ' . $sql . '; </p><p class="error">DB error: ' . db_error($conn) . ';</p></div>';
$temp_error_message .= "<br><br>";
// we'll try to update the record
if ($keys_present) {
$sql = "update " . AddTableWrappers($strOriginalTableName) . " set ";
$sqlset = "";
$where = " where ";
foreach ($fields as $k => $val) {
if (!in_array(AddFieldWrappers($fields[$k]), $keys)) {
if (!is_null($arr[$val])) {
$sqlset .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . ", ";
} else {
$sqlset .= $fields_list[$k] . "=NULL, ";
}
} else {
$where .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . " and ";
}
}
if (strlen($sqlset) > 0) {
$sql .= substr($sqlset, 0, strlen($sqlset) - 2);
}
$where = substr($where, 0, strlen($where) - 5);
$sql .= " " . $where;
$rstmp = db_query("select * from " . AddTableWrappers($strOriginalTableName) . " " . $where, $conn);
$data = db_fetch_array($rstmp);
if ($data) {
if ($auditObj) {
foreach ($data as $key => $val) {
$auditOldValues[$key] = $val;
}
}
if (db_exec_import($sql, $conn)) {
// update successfull
$goodlines++;
if ($auditObj) {
$aKeys = GetKeysArray($arr);
$auditObj->LogEdit($strTableName, $arr, $auditOldValues, $aKeys);
}
} else {
echo 'not updated';
// update not successfull
$error_message .= $temp_error_message;
$ret = 0;
}
} else {
$error_message .= $temp_error_message;
$ret = 0;
}
} else {
$error_message .= $temp_error_message;
}
}
return $ret;
}
}
$keyToModify[$screen][$key] = false;
}
}
}
foreach ($keyToModify as $screen => $data){
foreach ($data as $key => $val){
$rpt_array[$xml_field][$screen][$key] = $val;
}
}
}
}
$rpt_array['miscellaneous']['print_friendly'] = ($rpt_array['miscellaneous']['print_friendly'] == "true") ? true : false;
// Load and assign styles
$sql_query = "SELECT " . AddFieldWrappers("report_style_id") . "," . AddFieldWrappers("type") . "," . AddFieldWrappers("field") . "," . AddFieldWrappers("group") . "," . AddFieldWrappers("style_str") . "," . AddFieldWrappers("uniq") . ", " . AddFieldWrappers("repname") . ", " . AddFieldWrappers("styletype") . " FROM " . AddTableWrappers("webreport_style") . " WHERE " . AddFieldWrappers("repname") . "=" . db_prepare_string(postvalue('rname')) . " ORDER BY " . AddFieldWrappers("report_style_id") . " ASC";
$rsReport = db_query($sql_query, $conn);
$styleStr = '';
while ($data = db_fetch_numarray($rsReport)){
if ($data[1] == 'table')
$styleStr .= "#legend td{" . $data[4] . "}\n";
else if (($data[2] == 0) && ($data[3] != 0))
$styleStr .= "#legend td.class" . $data[3] . "g" . "{" . $data[4] . "}\n";
else if (($data[2] != 0) && ($data[3] == 0))
$styleStr .= "#legend td.class" . $data[2] . "f" . "{" . $data[4] . "}\n";
else if ($data[5] == 0 && $data[2] != 0 && $data[3] != 0)
$styleStr .= "#legend td.class" . $data[3] . "g" . $data[2] . "f0u{" . $data[4] . "}\n";
else
$styleStr .= "#legend td.class" . $data[3] . "g" . $data[2] . "f" . $data[5] . "u" . "{" . $data[4] . "}\n";
/**
* Adds sub query for counting details recs number
*
*/
function addMasterDetailSubQuery()
{
// add count of child records to SQL
if ($this->subQueriesSupp && $this->subQueriesSupAccess && !$this->theSameFieldsType) {
for ($i = 0; $i < count($this->allDetailsTablesArr); $i++) {
if ($this->allDetailsTablesArr[$i]['dispChildCount'] || $this->allDetailsTablesArr[$i]['hideChild']) {
$origTName = $this->allDetailsTablesArr[$i]['dOriginalTable'];
$dataSourceTName = $this->allDetailsTablesArr[$i]['dDataSourceTable'];
$shortTName = $this->allDetailsTablesArr[$i]['dShortTable'];
$detailsSettings = $this->pSet->getTable($dataSourceTName);
$detailsQuery = $detailsSettings->getSQLQuery();
$detailsSqlWhere = $detailsQuery->WhereToSql();
$masterWhere = "";
foreach ($this->masterKeysByD[$i] as $idx => $val) {
if ($masterWhere) {
$masterWhere .= " and ";
}
$masterWhere .= $this->cipherer->GetFieldName(AddTableWrappers("subQuery_cnt") . "." . AddFieldWrappers($this->detailKeysByD[$i][$idx]), $this->masterKeysByD[$i][$idx]) . "=" . $this->cipherer->GetFieldName(AddTableWrappers($this->origTName) . "." . AddFieldWrappers($this->masterKeysByD[$i][$idx]), $this->masterKeysByD[$i][$idx]);
}
// add a key field to the select list
$subQ = "";
foreach ($this->detailKeysByD[$i] as $k) {
if (strlen($subQ)) {
$subQ .= ",";
}
$subQ .= GetFullFieldNameForInsert($this->pSet, $k);
}
$subQ = "SELECT " . $subQ . " " . $detailsQuery->FromToSql();
// add security where clause for sub query
$securityClause = SecuritySQL("Search", $dataSourceTName);
if (strlen($securityClause)) {
$subQ .= " WHERE " . whereAdd($detailsSqlWhere, $securityClause);
} elseif (strlen($detailsSqlWhere)) {
$subQ .= " WHERE " . whereAdd("", $detailsSqlWhere);
}
// add detail table query tail
$subQ .= " " . $detailsQuery->TailToSql();
$countsql = "SELECT count(*) FROM (" . $subQ . ") " . AddTableWrappers("subQuery_cnt") . " WHERE " . $masterWhere;
$this->gsqlHead .= ",(" . $countsql . ") as " . AddFieldWrappers($dataSourceTName . "_cnt") . " ";
}
}
}
}
function DoInsertRecordSQL($table, &$avalues, &$blobfields, $pageid, &$pageObject, &$cipherer)
{
global $error_happened, $conn, $inlineadd, $usermessage, $message, $failed_inline_add, $keys, $strTableName;
// make SQL string
$strSQL = "insert into " . AddTableWrappers($table) . " ";
$strFields = "(";
$strValues = "(";
$blobs = PrepareBlobs($avalues, $blobfields);
foreach ($avalues as $akey => $value) {
$strFields .= $pageObject->pSet->getTableField($akey) . ", ";
if (in_array($akey, $blobfields)) {
$strValues .= $value . ", ";
} else {
if (is_null($cipherer)) {
$strValues .= add_db_quotes($akey, $value) . ", ";
} else {
$strValues .= $cipherer->AddDBQuotes($akey, $value) . ", ";
}
}
}
if (substr($strFields, -2) == ", ") {
$strFields = substr($strFields, 0, strlen($strFields) - 2);
}
if (substr($strValues, -2) == ", ") {
$strValues = substr($strValues, 0, strlen($strValues) - 2);
}
$strSQL .= $strFields . ") values " . $strValues . ")";
if (!ExecuteUpdate($pageObject, $strSQL, $blobs, true)) {
return false;
}
if ($error_happened) {
return false;
}
$pageObject->ProcessFiles();
if ($inlineadd == ADD_INLINE) {
$status = "ADDED";
$message = "" . "Record was added" . "";
$IsSaved = true;
} else {
$message = "<<< " . "Record was added" . " >>>";
}
if ($usermessage != "") {
$message = $usermessage;
}
$auditObj = GetAuditObject($table);
if ($inlineadd == ADD_SIMPLE || $inlineadd == ADD_INLINE || $inlineadd == ADD_ONTHEFLY || $inlineadd == ADD_POPUP || $inlineadd == ADD_MASTER || tableEventExists("AfterAdd", $strTableName) || $auditObj) {
$failed_inline_add = false;
$keyfields = $pageObject->pSet->getTableKeys();
foreach ($keyfields as $k) {
if (array_key_exists($k, $avalues)) {
$keys[$k] = $avalues[$k];
} elseif ($pageObject->pSet->isAutoincField($k)) {
$lastrs = @db_query("SELECT lastval()", $conn);
if ($lastdata = db_fetch_numarray($lastrs)) {
$keys[$k] = $lastdata[0];
}
} else {
$failed_inline_add = true;
}
}
}
return true;
}
function toSql($query)
{
return AddTableWrappers($this->m_strName);//SmartAddTableWrappers(m_strName);
}
function FetchByID()
{
global $conn, $dal_info;
$tableinfo =& $dal_info[$this->m_TableName];
$dal_where = "";
foreach ($tableinfo as $fieldname => $fld) {
$command = 'if(isset($this->' . $fld['varname'] . ')) { ';
$command .= '$this->Value[\'' . escapesq($fieldname) . '\'] = $this->' . $fld['varname'] . ';';
$command .= ' }';
eval($command);
foreach ($this->Param as $field => $value) {
if (strtoupper($field) != strtoupper($fieldname)) {
continue;
}
$dal_where .= AddFieldWrappers($fieldname) . "=" . $this->PrepareValue($value, $fld["type"]) . " and ";
break;
}
}
// cleanup
$this->Reset();
// construct and run SQL
if ($dal_where) {
$dal_where = " where " . substr($dal_where, 0, -5);
}
$dalSQL = "select * from " . AddTableWrappers($this->m_TableName) . $dal_where;
$rs = db_query($dalSQL, $conn);
return $rs;
}
/**
* Check if the field's value duplicates with any of database field's values
*
* @param {String} $fieldName
* @param {String | Number} $value
* @retrun {Boolean}
*/
function hasDuplicateValue($fieldName, $value)
{
global $conn;
if($this->cipherer->isFieldEncrypted($fieldName))
{
$value = $this->cipherer->MakeDBValue($fieldName, $value, "", "", true);
}
else
{
$value = add_db_quotes($fieldName, $value);
}
$where = GetFullFieldName($fieldName, $this->tName, false).'='.$value;
$sql = "SELECT count(*) from ".AddTableWrappers($this->pSet->getOriginalTableName())." where ".$where;
$rs = db_query($sql, $conn);
$data = db_fetch_numarray($rs);
if(!$data[0])
{
return false;
}
return true;
}
$arr_UserGroups = array();
foreach(GetUserGroups() as $idx=>$value)
if($value[0]!="Guest")
$arr_UserGroups[]=$value;
}
$group_list="";
$groupSelected="";
$wr_user=postvalue("username");
if($wr_is_standalone)
{
if(postvalue("editid1"))
{
$rs=db_query("select ".AddFieldWrappers("username")." from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers("id")."=".postvalue("editid1"),$conn);
$data=db_fetch_numarray($rs);
if($data)
$wr_user=$data[0];
}
}
if(count($arr_UserGroups))
{
usort($arr_UserGroups,"sortUserGroup");
$groups=$arr_UserGroups;
$i=0;
if(!$wr_is_standalone)
$xt->assign("group_header","User Groups");
else
// username and password are stored in the database
$strUsername = (string) $pUsername;
$strPassword = (string) $pPassword;
$sUsername = $strUsername;
$sPassword = $strPassword;
if (NeedQuotes($cUserNameFieldType)) {
$strUsername = db_prepare_string($strUsername);
} else {
$strUsername = 0 + $strUsername;
}
if (NeedQuotes($cPasswordFieldType)) {
$strPassword = db_prepare_string($strPassword);
} else {
$strPassword = 0 + $strPassword;
}
$strSQL = "select * from " . AddTableWrappers("dbo.System Users") . " where " . AddFieldWrappers($cUserNameField) . "=" . $strUsername . " and " . AddFieldWrappers($cPasswordField) . "=" . $strPassword;
$retval = true;
$logged = false;
$data = array();
if ($globalEvents->exists("BeforeLogin")) {
$retval = $globalEvents->BeforeLogin($pUsername, $pPassword, $message);
}
if ($retval) {
$rs = db_query($strSQL, $conn);
$data = db_fetch_array($rs);
if ($data) {
if (@$data[$cUserNameField] == $sUsername && @$data[$cPasswordField] == $sPassword) {
$logged = true;
}
}
}
function make_from_clause($type)
{
$accessMode=(GetDatabaseType()==3);
$root=&$_SESSION[$type];
$ret=AddTableWrappers($root['tables'][0]);
$fullouter="";
$firstJoin=true;
if(is_array($root["table_relations"]["relat"]))
{
foreach($root["table_relations"]["relat"] as $r)
{
if(trim($r["rel_type"])=="FULL OUTER JOIN")
{
$fullouter.="\n,".AddTableWrappers($r["right_table"]);
continue;
}
if($accessMode && !$firstJoin)
{
$ret="(".$ret.")";
}
$firstJoin=false;
$ret.="\n".$r["rel_type"]." ".AddTableWrappers($r["right_table"])." ON ";
$joinon="";
foreach($r["left_fields"] as $i=>$f)
{
if(strlen($joinon))
$joinon.=" AND ";
$joinon.=AddTableWrappers($r["left_table"]).".".AddFieldWrappers($r["left_fields"][$i]);
$joinon.="=";
$joinon.=AddTableWrappers($r["right_table"]).".".AddFieldWrappers($r["right_fields"][$i]);
}
$ret.=$joinon;
}
}
return "FROM ".$ret.$fullouter;
}
function getCustomSQLbyName($sqlname)
{
global $conn;
$rs=db_query("select * from ".AddTableWrappers("webreport_sql")." where ".AddFieldWrappers("sqlname")."='".$sqlname."'",$conn);
if($data = db_fetch_array($rs))
return array($data["id"],$data["sqlname"],$data["sqlcontent"]);
return "";
}
$rsReport = db_exec($strSQL,$conn);
}
if ($style_record['type'] == "group"){
if ($style_record['params']['groupName'] != 0){
$strSQL = "DELETE FROM ".AddTableWrappers("webreport_style")." WHERE (".AddFieldWrappers("group")." = ".(0+$style_record["params"]["groupName"])." AND ".AddFieldWrappers("repname")."=".db_prepare_string($repname)." AND ".AddFieldWrappers("styletype")."='".$style_record["params"]["styleType"]."' AND (".AddFieldWrappers("type")."='cell' OR ".AddFieldWrappers("type")."='group'))";
$rsReport = db_exec($strSQL,$conn);
}
}
if ($style_record['type'] == "field"){
$strSQL = "DELETE FROM ".AddTableWrappers("webreport_style")." WHERE (".AddFieldWrappers("field")." = ".($style_record["params"]["fieldName"]+0)." AND ".AddFieldWrappers("repname")."=".db_prepare_string($repname)." AND ".AddFieldWrappers("styletype")."='".$style_record["params"]["styleType"]."' and ".AddFieldWrappers("type")."='field')";
$rsReport = db_exec($strSQL,$conn);
}
if ($style_record['type'] == "cell"){
$style_record['params']['uniq'] = (int)$style_record['params']['uniq'];
$strSQL = "DELETE FROM ".AddTableWrappers("webreport_style")." WHERE (".AddFieldWrappers("type")." = '".$style_record["type"]."' AND ".AddFieldWrappers("field")." = ".($style_record["params"]["fieldName"]+0)." AND ".AddFieldWrappers("group")." = ".(0+$style_record["params"]["groupName"])." AND ".AddFieldWrappers("uniq")."=".(int)$style_record["params"]["uniq"]." AND ".AddFieldWrappers("repname")."=".db_prepare_string($repname)." AND ".AddFieldWrappers("styletype")."='".$style_record["params"]["styleType"]."')";
$rsReport = db_exec($strSQL,$conn);
}
$strSQL = "INSERT INTO ".AddTableWrappers("webreport_style")." (".AddFieldWrappers("type").",".AddFieldWrappers("field").",".AddFieldWrappers("group").",".AddFieldWrappers("style_str").",".AddFieldWrappers("uniq").",".AddFieldWrappers("repname").",".AddFieldWrappers("styletype").") VALUES ('".$style_record['type']."',".db_prepare_string($style_record["params"]["fieldName"]).",".$style_record['params']['groupName'].",".db_prepare_string($style_record['params']['styleStr']).",".$style_record['params']['uniq'].",".db_prepare_string($repname).",'".$style_record['params']['styleType']."')";
$rsReport = db_exec($strSQL,$conn);
}
echo 'OK';
?>
$datacount = db_fetch_numarray($rs1);
if (!$datacount[0]) {
foreach ($fieldsArr as $f) {
$fEditFormat = GetFieldData($strTableName, $f, 'EditFormat', '');
if ($fEditFormat != EDIT_FORMAT_LOOKUP_WIZARD || GoodFieldName($f) != $field) {
continue;
}
$LookupType = GetFieldData($strTableName, $f, 'LookupType', '');
if ($LookupType == LT_LOOKUPTABLE) {
$LookupSQL = "SELECT ";
if (GetFieldData($strTableName, $f, 'LookupUnique', false)) {
$LookupSQL .= "DISTINCT ";
}
$LookupSQL .= GetLWLinkField($f, $strTableName, true);
$LookupSQL .= "," . GetLWDisplayField($f, $strTableName, true);
$LookupSQL .= " FROM " . AddTableWrappers(GetFieldData($strTableName, $f, 'LookupTable', '')) . " ";
$LookupSQL .= " WHERE " . GetLWLinkField($f, $strTableName, true) . "=" . $lookupValue . " AND ";
$LookupSQL .= GetLWDisplayField($f, $strTableName, true) . " LIKE " . db_prepare_string($value . "%");
if (GetFieldData($strTableName, $f, 'UseCategory', false)) {
$cvalue = make_db_value(GetFieldData($strTableName, $f, 'CategoryControl', ''), postvalue("category"));
$LookupSQL .= " AND " . AddFieldWrappers(GetFieldData($strTableName, $f, 'CategoryFilter', '')) . "=" . $cvalue;
}
}
}
$rs2 = db_query($LookupSQL, $conn);
if ($data = db_fetch_numarray($rs2)) {
$response[] = $data[0];
$response[] = $data[1];
}
}
}
$retval = true;
$message = "";
//run before login event
if($globalEvents->exists("BeforeLogin"))
$retval = $globalEvents->BeforeLogin($pUsername,$pPassword,$message, $pageObject);
if ($retval)
{
$d = $pageObject->LogIn($pUsername,$pPassword);
if ($d) {
//login succeccful
//run AfterSuccessfulLogin event
// if login method is not AD then ASL event fires in SetAuthSessionData
if($wr_is_standalone)
{
$rs=db_query("select count(".AddTableWrappers("id").") from ".AddTableWrappers("webreport_admin"),$conn);
$data=db_fetch_numarray($rs);
if($data[0]==0)
{
header("Location: webreport_admin.php");
return;
}
}
if ($onFly == 2) {
if($myurl) {
$myurl .= strpos($myurl, '?') !== FALSE ? '&a=login' : '?a=login';
$ajaxmessage = $myurl;
} else {
$ajaxmessage = GetTableLink("menu");
}
} else {
$arr=array();
$arr=array(0,"",postvalue("output"));
$customSQL=$arr[2];
$_SESSION["customSQL"]=$customSQL;
$_SESSION["idSQL"]=$arr[0];
$_SESSION["nameSQL"]=$arr[1];
$_SESSION["object_sql"]=$customSQL;
echo $customSQL;
exit();
}
if(postvalue("name")=="getcustomsql")
{
$arr=array();
$arr=WRgetCurrentCustomSQL(postvalue("output"));
$customSQL=$arr[2];
$_SESSION["customSQL"]=$customSQL;
$_SESSION["idSQL"]=$arr[0];
$_SESSION["nameSQL"]=$arr[1];
$_SESSION["object_sql"]=$customSQL;
echo $customSQL;
exit();
}
$arr = my_json_decode(DecodeUTF8(postvalue("output")));
db_exec("delete from ".AddTableWrappers("webreport_admin"),$conn);
foreach($arr as $val)
{
db_exec("insert into ".AddTableWrappers("webreport_admin")." (".AddFieldWrappers("tablename").",".AddFieldWrappers("db_type").",".AddFieldWrappers("group_name").") values (".db_prepare_string($val["table"]).",'".$val["db_type"]."',".db_prepare_string($val["group"]).")",$conn);
}
echo "OK";
?>
function ImportFromCSV($uploadfile, $strOriginalTableName, $ext, $keys, &$keys_present, &$total_records, &$error_message, &$goodlines, $pageObject, $cipherer)
{
global $conn, $gSettings;
$ret = 1;
$fields = array();
$fields = getImportCVSFields($uploadfile);
// populate field names array
for ($j=0;$j<count($fields);$j++)
{
$fields[$j] = $fields[$j];
if(substr($fields[$j],0,1)=="\"" && substr($fields[$j],-1)=="\"")
$fields[$j]=substr($fields[$j],1,-1);
}
$fields = getFieldNamesByHeaders($fields, $strOriginalTableName, $ext);
if($fields == null) // if error happened
return;
$keys_present=1;
for($k=0; $k<count($keys); $k++)
{
if (!in_array(RemoveFieldWrappers($keys[$k]),$fields))
{
$keys_present=0;
break;
}
}
$autoinc = false;
if(in_array("id",$fields))
$autoinc=true;
if(GetDatabaseType() == 2 && $autoinc)
{
$sql="SET IDENTITY_INSERT ".AddTableWrappers($strOriginalTableName)." ON";
db_exec($sql,$conn);
}
$total_records = 0;
$line = "";
$row = 0;
// parse records from file
if (($handle = OpenCSVFile($uploadfile)) !== FALSE)
{
while (($data = GetCSVLine($handle, 1000000, ",")) !== FALSE)
{
// first rec contain only fields names
if ($row === 0)
{
$row++;
continue;
}
$arr = array();
foreach($data as $key=>$val)
{
$type = $gSettings->getFieldType($fields[$key]);
if(IsDateFieldType($type))
{
$value = localdatetime2db($val);
if ( $value !== FALSE && strlen($value) && $value != 'null' )
$arr[$fields[$key]] = $value;
else
$arr[$fields[$key]] = NULL;
}
elseif(IsTimeType($type))
{
$value = localtime2db($val);
if ( $value !== FALSE && strlen($value) && !is_null($val) && strlen($val) )
$arr[$fields[$key]] = $value;
else
$arr[$fields[$key]] = NULL;
}
else
$arr[$fields[$key]] = $val;
}
$ret = InsertRecord($arr, $row, $error_message, $goodlines, $keys, $keys_present,
$strOriginalTableName, $pageObject, $cipherer, $autoinc);
$row++;
}
CloseCSVFile($handle);
}
$total_records = $row-1;
if(GetDatabaseType() == 2 && $autoinc)
{
$sql="SET IDENTITY_INSERT ".AddTableWrappers($strOriginalTableName)." OFF";
db_exec($sql,$conn);
}
return $ret;
}
else
{
$_SESSION["webobject"]["table_type"]="custom";
$page = (postvalue('type') == "webcharts") ? GetTableLink("webchart0") : GetTableLink("webreport0");
$sql_query_display=$_SESSION["customSQL"];
$sql_query=$_SESSION["customSQL"];
if(postvalue("sql")=="add")
{
$sname="Query";
$prefix=0;
while(true)
{
if($prefix>0)
$sname="Query_".$prefix;
$rs=db_query("select count(*) from ".AddTableWrappers("webreport_sql")." where ".AddFieldWrappers("sqlname")."=".db_prepare_string($sname),$conn);
$data = db_fetch_numarray($rs);
if($data[0]>0)
$prefix++;
else
break;
}
$_SESSION["idSQL"]="";
$_SESSION["nameSQL"]=$sname;
$_SESSION["customSQL"]="";
$sql_query_display="";
$sql_query="";
}
elseif(postvalue("sql")=="makesql")
{
$sql_query_display=postvalue("output");
if( $denyChecking )
{
$returnJSON = array("success" => false, "error" => "Duplicated values are allowed");
echo "<div>".printJSON($returnJSON)."</div>";
return;
}
$cipherer = new RunnerCipherer($tableName, $pSet);
if( $cipherer->isFieldEncrypted($fieldName) )
$value = $cipherer->MakeDBValue($fieldName, $value, $fieldControlType, "", true);
else
$value = make_db_value($fieldName, $value, $fieldControlType, "", $tableName);
$where = GetFullFieldName($fieldName, $tableName, false).( $value == "null" ? ' is ' : '=' ).$value;
$sql = "SELECT count(*) from ".AddTableWrappers( $pSet->getOriginalTableName() )." where ".$where;
$rs = db_query($sql, $conn);
if( !$rs || !($data = db_fetch_numarray($rs)) )
{
$returnJSON = array("success" => false, "error" => "Error: Wrong SQL query");
echo "<div>".printJSON($returnJSON)."</div>";
return;
}
$hasDuplicates = $data[0] ? true : false;
$returnJSON = array("success" => true, "hasDuplicates" => $hasDuplicates, "error"=>"");
echo "<div>".printJSON($returnJSON)."</div>";
return;
?>
<?php
ini_set("display_errors", "1");
ini_set("display_startup_errors", "1");
include("include/dbcommon.php");
header("Expires: Thu, 01 Jan 1970 00:00:01 GMT");
$strTableName = "";
include("include/reportfunctions.php");
if (@$_REQUEST["cname"]) {
$cname = @$_REQUEST["cname"];
$sql_query = "SELECT " . AddFieldWrappers("rpt_id") . " FROM " . AddTableWrappers("webreports") . " WHERE " . AddFieldWrappers("rpt_name") . "='" . $cname . "' and " . AddFieldWrappers("rpt_type") . "='chart'";
$rs = db_query($sql_query, $conn);
if (!$data = db_fetch_numarray($rs))
header("location: " . GetTableLink("webreport"));
else
Reload_Chart(postvalue("cname"));
}
//$conn=db_connect();
$chrt_array = getChartArray(postvalue("cname"));
if (is_wr_project())
include("include/" . $chrt_array['settings']['short_table_name'] . "_variables.php");
$sessPrefix = "webchart" . postvalue("cname");
/*
/Trecho comentado por Helbert Samuel em 05/03/2015
if ($gSettings->getCustomDisplay($f)) {
$lookupQueryObj->AddCustomExpression($displayFieldName, $lookupPSet, $strTableName, $f);
}
$lookupQueryObj->ReplaceFieldsWithDummies($lookupPSet->getBinaryFieldsIndices());
$cipherer->strTableName = $lookupTable;
} else {
$LookupSQLTable = "SELECT ";
$lwLinkField = $gSettings->GetLWLinkField($f, true);
if ($gSettings->isLookupUnique($f)) {
$LookupSQLTable .= "DISTINCT ";
}
$LookupSQLTable .= $cipherer->GetLookupFieldName($lwLinkField, $strTableName, $f, null, true);
if (!$linkAndDisplaySame) {
$LookupSQLTable .= "," . ($lwDisplayField == $lwLinkField ? $cipherer->GetFieldName($lwDisplayField, $f, true) : $lwDisplayField);
}
$LookupSQLTable .= " FROM " . AddTableWrappers($lookupTable) . " ";
}
$strLookupWhere = GetLWWhere($f, $pageType, $strTableName);
if ($strLookupWhere) {
$strLookupWhere = " (" . $strLookupWhere . ") AND ";
}
if ($LookupType == LT_QUERY) {
if ($gSettings->getCustomDisplay($f)) {
$strLookupWhere .= $displayFieldName;
} else {
$strLookupWhere .= GetFullFieldName($displayFieldName, $lookupTable, false);
}
} else {
$strLookupWhere .= $cipherer->GetFieldName($lwDisplayField, $f);
}
$strLookupWhere .= $cipherer->GetLikeClause($LookupType == LT_QUERY ? $displayFieldName : $f, $value);
function UnlockAdmin($strtable, $keys, $startEdit)
{
$skeys = "";
foreach ($keys as $ind => $val) {
if (strlen($skeys)) {
$skeys .= "&";
}
$skeys .= rawurlencode($val);
}
$sdate = now();
if ($startEdit) {
// add a record - lock
$this->TableObj->startdatetime = $sdate;
$this->TableObj->confirmdatetime = $sdate;
$this->TableObj->sessionid = session_id();
$this->TableObj->table = $strtable;
$this->TableObj->keys = $skeys;
$this->TableObj->userid = $this->UserID;
$this->TableObj->action = 1;
$this->TableObj->Add();
}
// delete all other locking records
$rstmp = CustomQuery("delete from " . AddTableWrappers($this->lockTableName) . " where " . AddFieldWrappers("table") . "=" . db_prepare_string($strtable) . " and " . AddFieldWrappers("keys") . "=" . db_prepare_string($skeys) . " and " . AddFieldWrappers("action") . "=1 and " . AddFieldWrappers("sessionid") . "<>'" . session_id() . "' ");
// inform other users that their locking were removed by locking
$rstmp = CustomQuery("delete from " . AddTableWrappers($this->lockTableName) . " where " . AddFieldWrappers("startdatetime") . "<'" . format_datetime_custom(adddays(db2time(now()), -2), "yyyy-MM-dd HH:mm:ss") . "' and " . AddFieldWrappers("action") . "=2");
$this->TableObj->startdatetime = $sdate;
$this->TableObj->confirmdatetime = $sdate;
$this->TableObj->sessionid = session_id();
$this->TableObj->table = $strtable;
$this->TableObj->keys = $skeys;
$this->TableObj->userid = $this->UserID;
$this->TableObj->action = 2;
$this->TableObj->Add();
}
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest)
{
if ($this->lookupType == LT_LISTOFVALUES) {
return parent::SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest);
}
$baseResult = $this->baseSQLWhere($strSearchOption);
if ($baseResult === false) {
return "";
}
if ($baseResult != "") {
return $baseResult;
}
$displayFieldType = $this->type;
if ($this->lookupType == LT_QUERY) {
$displayFieldType = $this->lookupPSet->getFieldType($this->field);
$this->btexttype = IsTextType($displayFieldType);
}
if ($this->multiselect) {
$SearchFor = splitvalues($SearchFor);
} else {
$SearchFor = array($SearchFor);
}
$ret = "";
if ($this->linkAndDisplaySame) {
$gstrField = GetFullFieldName($this->field, "", false);
} else {
$gstrField = GetFullFieldName($this->displayFieldName, $this->lookupTable, false);
}
if ($this->customDisplay) {
$gstrField = $this->lwDisplayFieldWrapped;
} else {
if (!$this->linkAndDisplaySame && $this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype && !$this->ciphererDisplay->isFieldPHPEncrypted($this->displayFieldName)) {
$gstrField = $this->lookupPSet->isEnableUpper(GetFullFieldName($this->displayFieldName, $this->lookupTable, false));
}
}
foreach ($SearchFor as $value) {
if (!($value == "null" || $value == "Null" || $value == "")) {
if (strlen(trim($ret))) {
$ret .= " or ";
}
if (!$this->multiselect) {
if ($strSearchOption == "Starts with") {
$value .= '%';
}
if ($isSuggest || $strSearchOption == "Contains") {
$value = '%' . $value . '%';
}
if ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between" || $strSearchOption == "Equals" && $this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) {
$value = $this->escapeSearchValForMySQL($value);
if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) {
$value = $this->lookupPSet->isEnableUpper(db_prepare_string($value));
} else {
$value = db_prepare_string($value);
}
} else {
if ($strSearchOption == "Equals") {
$value = make_db_value($this->field, $value);
}
}
}
if ($strSearchOption == "Equals") {
if (!($value == "null" || $value == "Null")) {
if ($this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) {
$condition = $gstrField . '=' . $value;
} else {
$condition = GetFullFieldName($this->field, "", false) . '=' . $value;
}
}
} else {
if ($strSearchOption == "Starts with" || $strSearchOption == "Contains" && !$this->multiselect) {
$condition = $gstrField . " " . $this->like . " " . $value;
} else {
if ($strSearchOption == "More than") {
$condition = $gstrField . " > " . $value;
} else {
if ($strSearchOption == "Less than") {
$condition = $gstrField . "<" . $value;
} else {
if ($strSearchOption == "Equal or more than") {
$condition = $gstrField . ">=" . $value1;
} else {
if ($strSearchOption == "Equal or less than") {
$condition = $gstrField . "<=" . $value1;
} else {
if ($strSearchOption == "Between") {
if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) {
$value2 = $this->lookupPSet->isEnableUpper(db_prepare_string($SearchFor2));
} else {
$value2 = db_prepare_string($SearchFor2);
}
$condition = $gstrField . ">=" . $value . " and ";
if (IsDateFieldType($this->type)) {
$timeArr = db2time($SearchFor2);
// for dates without time, add one day
if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) {
$timeArr = adddays($timeArr, 1);
$SearchFor2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2];
$SearchFor2 = add_db_quotes($this->field, $SearchFor2, $this->pageObject->tName);
$condition .= $gstrField . "<" . $SearchFor2;
} else {
$condition .= $gstrField . "<=" . $value2;
}
} else {
$condition .= $gstrField . "<=" . $value2;
}
} else {
if (strpos($value, ",") !== false || strpos($value, '"') !== false) {
$value = '"' . str_replace('"', '""', $value) . '"';
}
$value = $this->escapeSearchValForMySQL($value);
//for search by multiply Lookup wizard field
$ret .= GetFullFieldName($this->field, "", false) . " = " . db_prepare_string($value);
$ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value . ",%");
$ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value);
$ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string($value . ",%");
}
}
}
}
}
}
}
if ($condition != "" && ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Equals" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between")) {
if ($this->linkAndDisplaySame || $strSearchOption == "Equals" && $this->LCType != LCT_AJAX) {
$ret .= " " . $condition;
} else {
if ($this->lookupType == LT_QUERY) {
$lookupQueryObj = $this->lookupPSet->getSQLQuery();
$ret .= " EXISTS (" . $lookupQueryObj->toSql($condition . " and " . GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field), '', null, false) . ")";
} else {
$ret .= " EXISTS (SELECT 1 as fld from " . AddTableWrappers($this->lookupTable) . " where " . $condition . " and " . $this->lwLinkField . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field) . ")";
}
}
}
}
}
if (strlen(trim($ret))) {
$ret = "(" . $ret . ")";
} else {
$ret = trim($ret);
}
return $ret;
}
/*
if($inlineadd == ADD_ONTHEFLY || $inlineadd == ADD_POPUP)
{
$xt->assign("message_block",true);
}
*/
$readonlyfields = array();
// show readonly fields
$linkdata = "";
if (@$_POST["a"] == "added" && $inlineadd == ADD_ONTHEFLY) {
if (!$error_happened && $status != "DECLINED") {
$LookupSQL = "";
$linkfield = "";
$dispfield = "";
if ($LookupSQL) {
$LookupSQL .= " from " . AddTableWrappers($strOriginalTableName);
}
$data = 0;
if (count($keys) && $LookupSQL) {
$where = KeyWhere($keys);
$LookupSQL .= " where " . $where;
$rs = db_query($LookupSQL, $conn);
$data = db_fetch_numarray($rs);
}
if ($data) {
$respData = array($linkfield => @$data[0], $dispfield => @$data[1]);
} else {
$respData = array($linkfield => @$avalues[$linkfield], $dispfield => @$avalues[$dispfield]);
}
$returnJSON['success'] = true;
$returnJSON['keys'] = $keys;
if(!$show)
exit();
// security - end
// construct sql
$keys = DBGetTableKeys($table);
if(!count($keys))
exit();
$strkeywhere = "";
foreach($keys as $idx=>$k)
{
if(strlen($strkeywhere))
$strkeywhere.=" and ";
$strkeywhere.=AddTableWrappers($table).".".AddFieldWrappers($k)."=";
$type=WRGetFieldType($table.".".$k);
if(NeedQuotes($type))
$strkeywhere.=db_prepare_string(postvalue("key".($idx+1)));
else
{
$value=postvalue("key".($idx+1));
$strvalue = (string)$value;
$strvalue = str_replace(",",".",$strvalue);
if(is_numeric($strvalue))
$value=$strvalue;
else
$value=0;
$strkeywhere.=$value;
}
}
$sWhere.=" or ".GetFullFieldName($cEmailField,"webreport_users",false)."=".$value.")";
if($tosearch && $globalEvents->exists("BeforeRemindPassword"))
$tosearch = $globalEvents->BeforeRemindPassword($strUsernameEmail,$strUsernameEmail, $pageObject);
if($tosearch)
{
$selectClause = "select ".GetFullFieldName($cUserNameField,"webreport_users",false)." as ".AddFieldWrappers($cUserNameField)
.",".GetFullFieldName($cPasswordField,"webreport_users",false)." as ".AddFieldWrappers($cPasswordField);
// prevent aliases mixing
if( $cUserNameField != $cEmailField )
$strSQL.= ",".GetFullFieldName($cEmailField,"webreport_users",false)." as ".AddFieldWrappers($cEmailField);
$strSQL = $selectClause." from ".AddTableWrappers("webreport_users")." where ".$sWhere;
$rs = db_query($strSQL, $conn);
$data = $cipherer->DecryptFetchedArray($rs);
if($data)
{
$password=$data[$cPasswordField];
$strUsername = $data[$cUserNameField];
$url = GetSiteUrl();
$url.= $_SERVER["SCRIPT_NAME"];
$url2 = str_replace("remind.","login.",$url)."?username="******"";
</form>
</body>
</html>
";
}
elseif($_REQUEST["step"]=="upgrade")
{
include("include/dbcommon.php");
$conn=db_connect();
$rs=db_query("select ".AddFieldWrappers("version")." from ".AddTableWrappers("webreport_settings"),$conn);
if($data=db_fetch_numarray($rs))
$version=floatval($data[0]);
else
$version=1;
Upgrade($version);
db_exec("update ".AddTableWrappers("webreport_settings")." set ".AddFieldWrappers("version")."='".$wr_version."'",$conn);
echo "
<html lang=\"en\">
<head>
<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\">
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
<link REL=\"stylesheet\" href=\"styles/default.css\" type=\"text/css\">
<link REL=\"stylesheet\" href=\"styles/".$wr_pagestylepath."/style.css\" type=\"text/css\">
<link REL=\"stylesheet\" href=\"pagestyles/login2.css\" type=\"text/css\">
</head>
<body class=\"".$wr_pagestylepath." page-login2 function-login\" >
<form name=frmAdmin method=post action=\"login.php\">
<input type=hidden name=btnSubmit value=\"Login\">
<input type=hidden name=username value=\"admin\">
<input type=hidden name=password value=\"".postvalue("admpass")."\">
function GetAddedDataLookupQuery($pageObject, $keys, $forLookup)
{
global $conn, $strTableName, $strOriginalTableName;
$LookupSQL = "";
$linkfield = "";
$dispfield = "";
$noBlobReplace = false;
$lookupFieldName = "";
if ($LookupSQL && $nLookupType != LT_QUERY) {
$LookupSQL .= " from " . AddTableWrappers($strOriginalTableName);
}
$data = 0;
$lookupIndexes = array("linkFieldIndex" => 0, "displayFieldIndex" => 0);
if (count($keys)) {
$where = KeyWhere($keys);
if ($nLookupType == LT_QUERY) {
$LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $where));
} else {
$LookupSQL .= " where " . $where;
}
$lookupIndexes = GetLookupFieldsIndexes($lookupPSet, $lookupFieldName);
LogInfo($LookupSQL);
if ($forLookup) {
$rs = db_query($LookupSQL, $conn);
$data = $pageObject->cipherer->DecryptFetchedArray($rs);
} else {
if ($LookupSQL) {
$rs = db_query($LookupSQL, $conn);
$data = db_fetch_numarray($rs);
$data[$lookupIndexes["linkFieldIndex"]] = $pageObject->cipherer->DecryptField($linkFieldName, $data[$lookupIndexes["linkFieldIndex"]]);
if ($nLookupType == LT_QUERY) {
$data[$lookupIndexes["displayFieldIndex"]] = $pageObject->cipherer->DecryptField($dispfield, $data[$lookupIndexes["displayFieldIndex"]]);
}
}
}
}
return array($data, array("linkField" => $linkFieldName, "displayField" => $dispfield, "linkFieldIndex" => $lookupIndexes["linkFieldIndex"], "displayFieldIndex" => $lookupIndexes["displayFieldIndex"]));
}
/**
* Login method
*
*/
function LogIn($pUsername,$pPassword){
// username and password are stored in the database
global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string)$pUsername;
$strPassword = (string)$pPassword;
$cipherer = new RunnerCipherer("webreport_users");
$sUsername = $strUsername;
$sPassword = $strPassword;
if($cipherer->isFieldEncrypted($cUserNameField))
$strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$strUsername = db_prepare_string($strUsername);
else
$strUsername = (0+$strUsername);
}
if($cipherer->isFieldEncrypted($cPasswordField))
$strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true);
else
{
if(NeedQuotes($cPasswordFieldType))
$strPassword = db_prepare_string($strPassword);
else
$strPassword = (0+$strPassword);
}
$fieldList = "";
$lSet = new ProjectSettings("webreport_users", PAGE_LIST);
if($lSet->GetTableData(".sqlquery"))
$fieldList = $lSet->GetTableData(".sqlquery")->toSql();
if($fieldList)
{
if(!$this->pSet->isCaseInsensitiveUsername()) {
$where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)).
"=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword;
} else {
$where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)).
"=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false).
"=".$strPassword;
}
$tempSQLQuery = $lSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$strSQL = $tempSQLQuery->toSql();
}
else
{
$strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword;
}
$rs = db_query($strSQL,$conn);
$data = $cipherer->DecryptFetchedArray($rs);
if($data){
if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){
$logged=true;
$pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername;
}
}
if($logged && $this->isCaptchaOk)
{
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword);
return true;
}
else {
if($this->auditObj)
{
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
}
