function lcm_test_alter_table()
{
$log = "";
lcm_query("DROP TABLE lcm_test", true);
lcm_query("CREATE TABLE lcm_test (a INT)");
lcm_query("ALTER TABLE lcm_test ADD b INT");
lcm_query("INSERT INTO lcm_test (b) VALUES (1)");
$result = lcm_query("SELECT b FROM lcm_test");
lcm_query("ALTER TABLE lcm_test DROP b");
if (!$result) {
$log .= "User does not have the right to modify the database:";
if (lcm_sql_errno()) {
$log .= "<p>" . lcm_sql_error() . "</p>";
} else {
$log .= "<p>" . "No error message available." . "</p>";
}
}
lcm_query("DROP TABLE lcm_test", true);
return $log;
}
function auth()
{
global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW;
global $auth_can_disconnect;
global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email;
global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass;
global $connect_activer_imessage, $connect_activer_messagerie;
global $connect_status;
global $author_session, $prefs;
global $clean_link;
// This reloads $GLOBALS['db_ok'], just in case
include_config('inc_connect');
// If there is not SQL connection, quit.
if (!$GLOBALS['db_ok']) {
include_lcm('inc_presentation');
lcm_html_start("Technical problem", "install");
// annoy sql_errno()
echo "\n<!-- \n";
echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t";
lcm_query("SELECT count(*) from lcm_meta");
echo "\n-->\n\n";
echo "<div align='left' style='width: 600px;' class='box_error'>\n";
echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n";
echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n";
if (lcm_sql_errno()) {
echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n";
} else {
echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n";
}
echo "</div>\n";
lcm_html_end();
return false;
}
// Initialise variables (avoid URL hacks)
$auth_login = "";
$auth_pass = "";
$auth_pass_ok = false;
$auth_can_disconnect = false;
// Fetch identification data from authentication session
if (isset($_COOKIE['lcm_session'])) {
if (verifier_session($_COOKIE['lcm_session'])) {
if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') {
$auth_login = $author_session['username'];
$auth_pass_ok = true;
$auth_can_disconnect = true;
}
}
} else {
if ($_REQUEST['privet'] == 'yes') {
// Failed login attempt: cookie failed
$link = new Link("lcm_cookie.php?cookie_test_failed=yes");
$clean_link->delVar('privet');
$url = str_replace('/./', '/', $clean_link->getUrl());
$link->addVar('var_url', $url);
@header("Location: " . $link->getUrl());
exit;
}
}
// If not authenticated, ask for login / password
if (!$auth_login) {
$url = $clean_link->getUrl();
@header("Location: lcm_login.php?var_url=" . urlencode($url));
exit;
}
//
// Search for the login in the authors' table
//
$auth_login = addslashes($auth_login);
$query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'";
$result = @lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$connect_id_auteur = $row['id_author'];
$connect_nom = $row['name_first'];
$connect_login = $row['username'];
$connect_pass = $row['password'];
$connect_status = $row['status'];
$connect_activer_messagerie = "non";
//$row["messagerie"];
$connect_activer_imessage = "non ";
//$row["imessage"];
// Set the users' preferences
$prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']);
//
// Default values for some possibly unset preferences
//
if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) {
$prefs['page_rows'] = 15;
}
if (!isset($prefs['theme']) || !$prefs['theme']) {
$prefs['theme'] = 'green';
}
if (!isset($prefs['screen']) || !$prefs['screen']) {
$prefs['screen'] = 'wide';
}
if (!isset($prefs['font_size']) || !$prefs['font_size']) {
$prefs['font_size'] = 'medium_font';
}
if (!isset($prefs['case_owner']) || !$prefs['case_owner']) {
$prefs['case_owner'] = 'my';
}
if (!isset($prefs['case_period']) || !$prefs['case_period']) {
$prefs['case_period'] = '91';
}
if (!isset($prefs['mode']) || !$prefs['mode']) {
$prefs['mode'] = 'simple';
}
if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) {
$prefs['time_intervals'] = 'relative';
$prefs['time_intervals_notation'] = 'hours_only';
}
} else {
// This case is a strange possibility: the author is authentified
// OK, but he does not exist in the authors table. Possible cause:
// the database was restaured and the author does not exist (and
// the user was authentified by another source, such as LDAP).
// Note: we use to show a strange error message which would advice
// to logout, but since it occurs only after db upgrade, just logout
// brutally (with cookie_admin=no to forget the username).
lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login);
exit;
}
if (!$auth_pass_ok) {
@header("Location: lcm_login.php?var_erreur=pass");
exit;
}
// [ML] Again, not sure how this is used, but we can ignore it for now
// TODO (note: nouveau == new)
if ($connect_status == 'nouveau') {
$query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}";
$result = lcm_query($query);
$connect_status = 'normal';
}
// PHP sessions are started here, and stopped at logout
session_start();
return true;
}
function lcm_query_db($query, $accept_fail = false)
{
global $lcm_mysql_link;
static $tt = 0;
$my_debug = $GLOBALS['sql_debug'];
$my_profile = $GLOBALS['sql_profile'];
/* [ML] I have no idea whether this is overkill, but without it,
we get strange problems with Cyrillic and other non-latin charsets.
We need to check whether tables were installed correctly, or else
it will not show non-latin utf8 characters correctly. (i.e. for
people who upgraded LCM, but didn't import/export their data to
fix the tables.)
*/
if (read_meta('db_utf8') == 'yes') {
lcm_mysql_set_utf8();
} elseif (!read_meta('db_utf8') == 'no' && !read_meta('lcm_db_version')) {
// We are not yet installed, so check MySQL version on every request
// Note: checking is is_file('inc/data/inc_meta_cache.php') is not
// enough, because the keywords cache may have been generated, but not
// the meta.
if (!preg_match("/^(4\\.0|3\\.)/", mysql_get_server_info())) {
lcm_mysql_set_utf8();
}
}
$query = process_query($query);
if ($my_profile) {
$m1 = microtime();
}
if ($GLOBALS['mysql_recall_link'] and $lcm_mysql_link) {
$result = mysql_query($query, $lcm_mysql_link);
} else {
$result = mysql_query($query);
}
if ($my_debug and $my_profile) {
$m2 = microtime();
list($usec, $sec) = explode(" ", $m1);
list($usec2, $sec2) = explode(" ", $m2);
$dt = $sec2 + $usec2 - $sec - $usec;
$tt += $dt;
echo "<small>" . htmlentities($query);
echo " -> <font color='blue'>" . sprintf("%3f", $dt) . "</font> ({$tt})</small><p>\n";
}
if ($my_debug) {
lcm_debug("QUERY: {$query}\n", 1, 'sql');
}
if (lcm_sql_errno() && !$accept_fail) {
$s = lcm_sql_error();
$error = _T('warning_sql_query_failed') . "<br />\n" . htmlentities($query) . "<br />\n";
$error .= "« " . htmlentities($s) . " »<br />";
lcm_panic($error);
}
return $result;
}
function install_step_2()
{
$using_pgsql = false;
if (preg_match("/^PostgreSQL/", lcm_sql_server_info())) {
$using_pgsql = true;
}
$db_address = $_SESSION['form_data']['db_address'] = $_REQUEST['db_address'];
$db_login = $_SESSION['form_data']['db_login'] = $_REQUEST['db_login'];
$db_password = $_SESSION['form_data']['db_password'] = $_REQUEST['db_password'];
$db_choice = $_SESSION['form_data']['db_choice'] = _request('db_choice');
if (!$db_login) {
$_SESSION['errors']['login'] = _Ti('install_connection_login') . _T('warning_field_mandatory');
}
if (!$db_password) {
$_SESSION['errors']['password'] = _Ti('install_connection_password') . _T('warning_field_mandatory');
}
if ($using_pgsql && !$db_choice) {
$_SESSION['errors']['dbname'] = "Database name: " . _T('warning_field_mandatory');
}
// TRAD
if (count($_SESSION['errors'])) {
return install_step_1();
}
echo "\n<!--\n";
$link = lcm_connect_db_test($db_address, $db_login, $db_password, $db_choice);
$error = lcm_sql_errno() ? lcm_sql_error() : '';
echo "\n-->\n";
if ($error || !$link) {
$_SESSION['errors']['generic'] = _T('warning_sql_connection_failed') . ' ' . _T('install_info_sql_connection_failed') . ' (' . lcm_sql_errno() . ': ' . $error . ')';
return install_step_1();
}
// If PgSQL, go to next step, db already chosen
if ($using_pgsql) {
return install_step_3();
}
install_html_start('AUTO', '', 2);
echo "<h3><small>" . _T('install_step_two') . "</small> " . _T('install_title_select_database') . "</h3>\n";
echo "<form action='install.php' method='post'>\n";
echo "<input type='hidden' name='step' value='3' />\n";
echo "<input type='hidden' name='db_address' value=\"{$db_address}\" size='40' />\n";
echo "<input type='hidden' name='db_login' value=\"{$db_login}\" />\n";
echo "<input type='hidden' name='db_password' value=\"{$db_password}\" />\n\n";
$result = lcm_list_databases($db_address, $db_login, $db_password);
echo "<fieldset class='fs_box'>\n";
echo "<p><b><label>" . _T('install_select_database') . "</label></b> " . lcm_help('install_database', 'database') . "</p>";
echo "<!-- " . count($result) . " -->\n";
if (is_array($result) && ($num = count($result)) > 0) {
echo "<ul class=\"simple_list\">";
$listdbtxt = "";
for ($i = 0; $i < $num; $i++) {
// $table_nom = mysql_dbname($result, $i);
$table_name = array_pop($result);
$base = "<li><input name='db_choice' value='" . $table_name . "' type='radio' id='tab{$i}'";
$base_end = " /><label for='tab{$i}'>" . $table_name . "</label></li>\n";
if ($table_name == $db_login) {
$listdbtxt = "{$base} checked='checked'{$base_end}" . $listdbtxt;
$checked = true;
} else {
$listdbtxt .= "{$base}{$base_end}\n";
}
}
echo $listdbtxt;
echo "</ul>\n";
} else {
echo "<div class='box_warning'>\n";
echo "<p><b>" . _T('install_warning_no_databases_1') . "</b></p>\n";
echo "<p><small>" . _T('install_warning_no_databases_2') . "</small></p>\n";
echo "</div>\n";
if ($db_login) {
echo _T('install_warning_no_databases_3');
echo "<ul class=\"simple_list\">";
echo "<li><input name=\"db_choice\" value=\"" . $db_login . "\" type='radio' id='stand' checked='checked' />";
echo "<label for='stand'>" . $db_login . "</label><br />\n";
echo "</li></ul>";
echo "<p align='left'>" . _T('info_or') . " ... </p>\n";
$checked = true;
}
echo '<ul class="simple_list">';
echo '<li><input name="db_choice" value="__manual__" type="radio" id="manual_db_checkbox"';
if (!$checked) {
echo ' checked="checked"';
}
echo " />\n";
echo "<label for='manual_db_checkbox'>" . _T('install_enter_name_manually') . "</label><br />\n";
echo "<label for='manual_db'>" . _T('install_input_database_name') . "</label>\n";
echo "<input type='text' name='manual_db' id='manual_db' value='' size='20' class='txt_lmnt' /></li>\n";
echo "</ul>\n";
}
echo "</fieldset>\n";
echo "<br /><div align='" . $GLOBALS['lcm_lang_right'] . "'>" . "<button type='submit' name='Next'>" . _T('button_next') . " >></button> " . "</div>\n";
echo "</form>\n";
install_html_end();
}
function newusername($id_author, $old_username, $new_username, $author_session = 0)
{
$this->error = "";
if ($this->is_newusername_allowed($id_author, $old_username, $author_session) == false) {
return false;
}
// Check for username size
if (strlen(lcm_utf8_decode($new_username)) < 3) {
$this->error = _T('login_warning_too_short');
return false;
}
// Check if username is not already taken
$query = "SELECT username\n\t\t\t\t\tFROM lcm_author\n\t\t\t\t\tWHERE username = '******'";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$this->error = _T('login_warning_already_exists ');
return false;
}
$query = "UPDATE lcm_author\n\t\t\t\t\tSET username = '******'\n\t\t\t\t\tWHERE id_author = {$id_author}";
lcm_query($query);
// Check for errors (duplicates, format, etc.)
if (lcm_sql_errno()) {
$this->error = lcm_sql_error();
lcm_log("newusername: " . $this->error);
return false;
}
return true;
}
