PHP CheckFieldPermissions示例

示例#1

文件： commonfunctions.php 项目： samsulpendis/Instant_Appointment

function GetImageFromDB($forPDF = false, $params = array())
{
    global $gQuery, $conn;
    if (!$forPDF) {
        $table = postvalue("table");
        $strTableName = GetTableByShort($table);
        if (!checkTableName($table)) {
            return '';
        }
        //include("include/".$table."_variables.php");
        @ini_set("display_errors", "1");
        @ini_set("display_startup_errors", "1");
        if (!@$_SESSION["UserID"] || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) {
            header("Location: login.php");
            return;
        }
        $field = postvalue("field");
        if (!CheckFieldPermissions($field)) {
            return DisplayNoImage();
        }
        //	construct sql
        $keysArr = GetTableData($strTableName, '.Keys', array());
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = postvalue("key" . ($ind + 1));
        }
    } else {
        $table = @$params["table"];
        $strTableName = GetTableByShort($table);
        if (!checkTableName($table)) {
            exit(0);
        }
        //include("include/".$table."_variables.php");
        $field = @$params["field"];
        //	construct sql
        $keysArr = GetTableData($strTableName, '.Keys', array());
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = @$params["key" . ($ind + 1)];
        }
    }
    if (!$gQuery->HasGroupBy()) {
        // Do not select any fields except current (image) field.
        // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
        // Just don't do anything in that case.
        $gQuery->RemoveAllFieldsExcept(GetFieldIndex($field));
    }
    $where = KeyWhere($keys);
    $secOpt = GetTableData($strTableName, '.nSecOptions', ADVSECURITY_NONE);
    if ($secOpt == ADVSECURITY_VIEW_OWN) {
        $where = whereAdd($where, SecuritySQL("Search"));
    }
    $sql = gSQLWhere($where);
    $rs = db_query($sql, $conn);
    if ($forPDF) {
        if ($rs && ($data = db_fetch_array($rs))) {
            return $data[$field];
        }
    } else {
        if (!$rs || !($data = db_fetch_array($rs))) {
            return DisplayNoImage();
        }
        $value = db_stripslashesbinary($data[$field]);
        if (!$value) {
            if (postvalue("alt")) {
                $value = db_stripslashesbinary($data[postvalue("alt")]);
                if (!$value) {
                    return DisplayNoImage();
                }
            } else {
                return DisplayNoImage();
            }
        }
        $itype = SupposeImageType($value);
        if (!$itype) {
            return DisplayFile();
        }
        if (!isset($pdf)) {
            header("Content-Type: " . $itype);
            header("Cache-Control: private");
            SendContentLength(strlen_bin($value));
        }
        echoBinary($value);
        return '';
    }
}

示例#2

文件： searchsuggest.php 项目： samsulpendis/Instant_Appointment

}
$searchFor = postvalue('searchFor');
$searchField = GoodFieldName(postvalue('searchField'));
$strSecuritySql = SecuritySQL("Search", $strTableName);
if ($searchField == "") {
    $allSearchFields = GetTableData($strTableName, '.googleLikeFields', array());
}
// proccess fields and create sql
foreach ($allSearchFields as $f) {
    $fType = GetFieldType($f, $strTableName);
    // filter fields by type
    if (!IsCharType($fType) && !IsNumberType($fType) && !IsGuid($fType) || IsTextType($fType)) {
        continue;
    }
    // get suggest for field
    if (($searchField == '' || $searchField == GoodFieldName($f)) && CheckFieldPermissions($f)) {
        $where = "";
        $having = "";
        if (!$gQuery->IsAggrFuncField(GetFieldIndex($f) - 1)) {
            $where = $searchClauseObj->getSuggestWhere($f, $fType, $suggestAllContent, $searchFor);
        } elseif ($gQuery->IsAggrFuncField(GetFieldIndex($f) - 1)) {
            $having = $searchClauseObj->getSuggestWhere($f, $fType, $suggestAllContent, $searchFor);
        }
        // prepare common vals
        $sqlHead = "SELECT DISTINCT " . GetFullFieldName($f) . " ";
        $oHaving = $gQuery->Having();
        $sqlHaving = $oHaving->toSql($gQuery);
        $sqlGroupBy = $gQuery->GroupByToSql();
        $where = whereAdd($where, $strSecuritySql);
        $strSQL = gSQLWhere_having($sqlHead, $gsqlFrom, $gsqlWhereExpr, $sqlGroupBy, $sqlHaving, $where, $having);
        $strSQL .= " ORDER BY 1 ";

示例#3

文件： fulltext.php 项目： samsulpendis/Instant_Appointment

@ini_set("display_errors", "1");
@ini_set("display_startup_errors", "1");
include "include/dbcommon.php";
$table = postvalue("table");
if (!checkTableName($table)) {
    exit(0);
}
include "include/" . $table . "_variables.php";
if (!@$_SESSION["UserID"] || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) {
    $returnJSON = array("success" => false, "error" => '');
    echo my_json_encode($returnJSON);
    return;
}
$id = postvalue("id");
$field = postvalue("field");
if (!CheckFieldPermissions($field)) {
    $returnJSON = array("success" => false, "error" => 'Error: You have not permission for read this text');
    echo my_json_encode($returnJSON);
    return;
}
if (!$gQuery->HasGroupBy()) {
    // Do not select any fields except current (full text) field.
    // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
    // Just don't do anything in that case.
    $gQuery->RemoveAllFieldsExcept(GetFieldIndex($field));
}
$keysArr = GetTableData($strTableName, '.Keys', array());
$keys = array();
foreach ($keysArr as $ind => $k) {
    $keys[$k] = postvalue("key" . ($ind + 1));
}