<?php require 'authorize.php'; require 'db_login.php'; $root = realpath($_SERVER["DOCUMENT_ROOT"]); require_once "{$root}/lib/inc.php"; //check table Authority $userAdminLevel = $_SESSION['adminLevel']; if (domesticSlave($userAdminLevel, 'Zz9')) { $cQuery = sqlinjection_free($_GET['query']); if ($_POST['query']) { $cQuery = $_POST['query']; } $filters = split("[?:@\$][?:@\$]", $cQuery); if (count($filters) > 4) { echo 'bad query. Duplicate Operators ~&|~'; die; } $dbTable = sqlinjection_free(trim($filters[0])); $dbTable = strtolower($dbTable); $cQuery = $dbTable . substr($cQuery, strlen($filters[0])); $cQuery = str_replace($filters[0], $dbTable, $cQuery); $rFilter = null; $cString = null; $sString = null; $filterCount = 0; $start = strlen($filters[0]); for ($i = 1; $i < count($filters); $i++) { if ($cQuery[strpos($cQuery, $filters[$i], $start) - 1] == '?' and $cQuery[strpos($cQuery, $filters[$i], $start) - 2] == '?' and !$rFilter) { $rFilter = $filters[$i]; } elseif ($cQuery[strpos($cQuery, $filters[$i], $start) - 1] == ':' and $cQuery[strpos($cQuery, $filters[$i], $start) - 2] == ':' and !$cString) {
} } } } } } foreach ($dbtUpdate['cells'] as $rid => &$row) { foreach ($row as $cid => &$cell) { foreach ($cell as $pid => $prop) { $liveDBTable['cells'][$rid][$cid][$pid] = $prop; } } } } echo '<?xml version="1.0" encoding="UTF-8"?><dbTableExecuter>'; if (domesticSlave($_SESSION['adminLevel'], 'Zz8')) { $dbTable = sqlinjection_free($_POST['dbTable']); $dbTable = strtolower($dbTable); $tableOps = explode("\$,\$", $_POST['tableOperation']); //Get update. foreach ($_SESSION['tables'] as $utn => $ut) { $liveDBTable = getLiveTable($utn); if ($liveDBTable) { foreach ($liveDBTable['dbtUpdates'] as $i => &$sdbtu) { if ($sdbtu and !$sdbtu['data']['swallowedBy'][$_SESSION['uid']]) { $dbtu = $sdbtu['data']; foreach ($dbtu as $key => &$value) { if ($key == 'cells') { foreach ($value as $rid => &$row) { foreach ($row as $cid => &$cell) { if ($liveDBTable['usersData'][$_SESSION['uid']]['authorization'] == "*" or $liveDBTable['usersData'][$_SESSION['uid']]['cells'][$rid][$cid]['sKey'] and $cell['sKey'] == $liveDBTable['usersData'][$_SESSION['uid']]['cells'][$rid][$cid]['sKey']) {
function tableAllowed($dbTable) { if (authorizeTransit($_SESSION['adminLevel'], 'Zz0')) { return true; } if (domesticSlave($_SESSION['adminLevel'], 'Zz9')) { if (strpos($dbTable, '_' . $_SESSION['username'])) { return TRUE; } require '../adminLevelDecoder.php'; if (strpos($dbTable, '_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][0]]['label'] . '_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][2]]['label'])) { return TRUE; } } if (anyDeptSlave($_SESSION['function'][$_POST['role']]['aL'], 'Zz0')) { require '../adminLevelDecoder.php'; if (strpos($dbTable, strtolower('_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][0]]['label'] . '_' . $adminLevelDecoder[$_SESSION['function'][$_POST['role']]['aL'][2]]['label']))) { return TRUE; } } return FALSE; }