function GetImageFromDB($forPDF = false, $params = array()) { global $gQuery, $conn; if (!$forPDF) { $table = postvalue("table"); $strTableName = GetTableByShort($table); if (!checkTableName($table)) { return ''; } //include("include/".$table."_variables.php"); @ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); if (!@$_SESSION["UserID"] || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) { header("Location: login.php"); return; } $field = postvalue("field"); if (!CheckFieldPermissions($field)) { return DisplayNoImage(); } // construct sql $keysArr = GetTableData($strTableName, '.Keys', array()); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); } } else { $table = @$params["table"]; $strTableName = GetTableByShort($table); if (!checkTableName($table)) { exit(0); } //include("include/".$table."_variables.php"); $field = @$params["field"]; // construct sql $keysArr = GetTableData($strTableName, '.Keys', array()); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = @$params["key" . ($ind + 1)]; } } if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (image) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept(GetFieldIndex($field)); } $where = KeyWhere($keys); $secOpt = GetTableData($strTableName, '.nSecOptions', ADVSECURITY_NONE); if ($secOpt == ADVSECURITY_VIEW_OWN) { $where = whereAdd($where, SecuritySQL("Search")); } $sql = gSQLWhere($where); $rs = db_query($sql, $conn); if ($forPDF) { if ($rs && ($data = db_fetch_array($rs))) { return $data[$field]; } } else { if (!$rs || !($data = db_fetch_array($rs))) { return DisplayNoImage(); } $value = db_stripslashesbinary($data[$field]); if (!$value) { if (postvalue("alt")) { $value = db_stripslashesbinary($data[postvalue("alt")]); if (!$value) { return DisplayNoImage(); } } else { return DisplayNoImage(); } } $itype = SupposeImageType($value); if (!$itype) { return DisplayFile(); } if (!isset($pdf)) { header("Content-Type: " . $itype); header("Cache-Control: private"); SendContentLength(strlen_bin($value)); } echoBinary($value); return ''; } }
} $searchFor = postvalue('searchFor'); $searchField = GoodFieldName(postvalue('searchField')); $strSecuritySql = SecuritySQL("Search", $strTableName); if ($searchField == "") { $allSearchFields = GetTableData($strTableName, '.googleLikeFields', array()); } // proccess fields and create sql foreach ($allSearchFields as $f) { $fType = GetFieldType($f, $strTableName); // filter fields by type if (!IsCharType($fType) && !IsNumberType($fType) && !IsGuid($fType) || IsTextType($fType)) { continue; } // get suggest for field if (($searchField == '' || $searchField == GoodFieldName($f)) && CheckFieldPermissions($f)) { $where = ""; $having = ""; if (!$gQuery->IsAggrFuncField(GetFieldIndex($f) - 1)) { $where = $searchClauseObj->getSuggestWhere($f, $fType, $suggestAllContent, $searchFor); } elseif ($gQuery->IsAggrFuncField(GetFieldIndex($f) - 1)) { $having = $searchClauseObj->getSuggestWhere($f, $fType, $suggestAllContent, $searchFor); } // prepare common vals $sqlHead = "SELECT DISTINCT " . GetFullFieldName($f) . " "; $oHaving = $gQuery->Having(); $sqlHaving = $oHaving->toSql($gQuery); $sqlGroupBy = $gQuery->GroupByToSql(); $where = whereAdd($where, $strSecuritySql); $strSQL = gSQLWhere_having($sqlHead, $gsqlFrom, $gsqlWhereExpr, $sqlGroupBy, $sqlHaving, $where, $having); $strSQL .= " ORDER BY 1 ";
@ini_set("display_errors", "1"); @ini_set("display_startup_errors", "1"); include "include/dbcommon.php"; $table = postvalue("table"); if (!checkTableName($table)) { exit(0); } include "include/" . $table . "_variables.php"; if (!@$_SESSION["UserID"] || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) { $returnJSON = array("success" => false, "error" => ''); echo my_json_encode($returnJSON); return; } $id = postvalue("id"); $field = postvalue("field"); if (!CheckFieldPermissions($field)) { $returnJSON = array("success" => false, "error" => 'Error: You have not permission for read this text'); echo my_json_encode($returnJSON); return; } if (!$gQuery->HasGroupBy()) { // Do not select any fields except current (full text) field. // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off. // Just don't do anything in that case. $gQuery->RemoveAllFieldsExcept(GetFieldIndex($field)); } $keysArr = GetTableData($strTableName, '.Keys', array()); $keys = array(); foreach ($keysArr as $ind => $k) { $keys[$k] = postvalue("key" . ($ind + 1)); }