public function check_permission() { $WebSiteID = $this->session->userdata('WebSiteID'); $GroupID = $this->session->userdata('GroupID'); $AccID = $this->session->userdata('AccID'); $PreWebSiteID = $this->session->userdata('WebSiteID'); $url = trim($this->uri->uri_string()); $routestring = explode('/', $url); $controller = @$routestring[0]; $method = @$routestring[1]; $WebID = $WebSiteID; $curr_class = @$controller; $curr_method = @$method; if (trim($curr_class) == '') { $curr_class = "redirect"; } if (trim($curr_method) == '') { $curr_method = "index"; } $controllerfile = 'application/controllers/' . $WebID . '/' . $curr_class . '.php'; if (!file_exists($controllerfile)) { if ($curr_class == 'ajax') { $controllerfile = 'application/controllers/ajax.php'; } else { $controllerfile = 'application/controllers/common/' . $curr_class . '.php'; if (!file_exists($controllerfile)) { $curr_class = "redirect"; $curr_method = "index"; } } } $sql = "SELECT WebSiteID, Suspend FROM tbl_websites WITH (NOLOCK) WHERE Domain='" . mssql_real_escape_string(getDomain()) . "' AND Activate=1 AND StartTime< GETDATE() AND GETDATE()< ExpireTime"; $query = $this->db->query($sql); $rowcount = $query->num_rows(); if ($rowcount > 0) { $row = $query->row(); if ($row->Suspend) { //show suspend page echo "suspend"; show_404(); } else { $WebSiteID = $row->WebSiteID; $this->session->set_userdata('WebSiteID', $row->WebSiteID); } } else { show_404(); } if ($GroupID == '' || $GroupID === false) { $GroupID = 'public'; $this->session->set_userdata('GroupID', $GroupID); } $sql = "SELECT count(*) total FROM tbl_websites_accounts_groups_models WITH (NOLOCK) WHERE Activate=1 AND GroupID='" . mssql_real_escape_string($GroupID) . "' AND ModelID='" . mssql_real_escape_string($curr_class) . "' AND (AccID='" . mssql_real_escape_string($AccID) . "' OR AccID='') AND (WebSiteID='" . mssql_real_escape_string($WebSiteID) . "' OR WebSiteID='')"; $query = $this->db->query($sql); $row = $query->row(); $total = $row->total; if ($total <= 0) { show_404(); } }
public function redirecturl($originalurl) { $WebSiteID = $this->session->userdata('WebSiteID'); if ($WebSiteID != '') { //retrieve the Redirect information $sql = "SELECT WebSiteID, OriginalURL, RedirectURL, RedirectType FROM tbl_redirectURL WITH (NOLOCK) WHERE StartTime< GETDATE() AND GETDATE()< ExpireTime AND Activate=1 AND WebSiteID='" . mssql_real_escape_string($WebSiteID) . "' AND OriginalURL='" . mssql_real_escape_string($originalurl) . "'"; $query = $this->db->query($sql); $rowcount = $query->num_rows(); if ($rowcount > 0) { $row = $query->row(); // internal redirect or extenal redirect if ($row->RedirectType == 'Internal') { // Re-format variables $routestring = explode('/', $row->RedirectURL); $controller = $routestring[1]; $method = $routestring[2]; $parm = array(); for ($i = 3; $i < count($routestring); $i++) { $parm[] = $routestring[$i]; } $controllerfile = 'application/controllers/' . $WebSiteID . '/' . $controller . '.php'; if (!file_exists($controllerfile)) { $controllerfile = 'application/controllers/common/' . $controller . '.php'; if (!file_exists($controllerfile)) { show_404(); /* $controllerfile='application/controllers/common/redirect.php'; $parm[]=$controller; $method="view"; */ } } /* if (!(file_exists($controllerfile))) { show_404(); } */ // Call the related controller and methods require_once $controllerfile; $tempcontroller = new $controller(); call_user_func_array(array($tempcontroller, $method), $parm); exit; } else { if ($row->RedirectType == 'External') { redirect($row->RedirectURL, 'location', 301); } } } } else { show_404(); } }
public function LoginRedirectURL() { $WebSiteID = $this->session->userdata('WebSiteID'); $RedirectURL = '/'; $sql = "SELECT LoginRedirectURL FROM tbl_websites WHERE WebSiteID='" . mssql_real_escape_string($WebSiteID) . "'"; $query = $this->db->query($sql); if ($query->num_rows() > 0) { $row = $query->row(); $RedirectURL = $row->LoginRedirectURL; } return $RedirectURL; }
public function delete() { $WebSiteID = $this->session->userdata('WebSiteID'); $parm = json_decode(rawurldecode($this->input->post('parm')), true); foreach ($parm as $key => $value) { $parm[$key] = mssql_real_escape_string($parm[$key]); } $sql = "SELECT DeleteSP FROM tbl_models_lists_master WHERE WebSiteID='" . $WebSiteID . "' AND ModelID='" . $parm['modelID'] . "' AND ActionID='" . $parm['actionID'] . "' AND Activate=1"; $query = $this->db->query($sql); $row = $query->row(); if (trim($row->DeleteSP) != '') { $sql = $row->DeleteSP . " " . $parm['id']; $query = $this->db->query($sql); $row = $query->row(); } else { return false; } }
public function get_fileinfo($modelID, $id, $FileType) { $WebSiteID = $this->session->userdata('WebSiteID'); $GroupID = $this->session->userdata('GroupID'); $AccID = $this->session->userdata('AccID'); if ($FileType == 'image') { $WhereFileType = " AND a.FileType='" . $FileType . "' "; } $sql = "SELECT a.FileName, a.LocalFileName, a.DispositionType FROM tbl_files a LEFT JOIN tbl_files_premissions b ON a.ID=b.FileNum WHERE a.ID='" . $id . "' " . @$WhereFileType . " AND (b.ModelID='' OR b.ModelID='" . mssql_real_escape_string($modelID) . "') AND (b.AccID='' OR b.AccID='" . mssql_real_escape_string($AccID) . "') AND (b.GroupID='' OR b.GroupID='" . mssql_real_escape_string($GroupID) . "') AND WebSiteID='" . mssql_real_escape_string($WebSiteID) . "' AND StartTime< GETDATE() AND GETDATE()< ExpireTime AND a.Activate=1 AND b.Activate=1"; //echo $sql; $query = $this->db->query($sql); if ($query->num_rows() > 0) { $row = $query->row(); return array('Status' => true, 'FileName' => $row->FileName, 'LocalFileName' => $row->LocalFileName, 'DispositionType' => $row->DispositionType); } else { return array('Status' => false); } }
public function escape_string($value) { if (is_string($value)) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = mssql_real_escape_string($value); } } return $value; }
public function escape($value) { return mssql_real_escape_string($value, $this->connection); }
function makeNewLine2($table, $A) { $fields = PMReflector::getAttributesArray($A); $values = ""; #"''"; $sets = ""; #"[".$table."ID]"; for ($i = 0; $i < count($fields); $i++) { if ($fields[$i] == $table . "ID") { continue; } $values .= ($values != "" ? ", " : "") . " '" . mssql_real_escape_string($A->{$fields}[$i]) . "'\n"; $sets .= ($sets != "" ? ", " : "") . "\n[" . $fields[$i] . "]"; } $sql = "INSERT INTO\n [{$table}]\n ({$sets}) VALUES ({$values})"; $_SESSION["messages"]->addMessage("executing MSSQL: {$sql}"); mssql_query($sql); if (mysql_error() and mysql_errno() == 1054) { preg_match("/[a-zA-Z0-9 ]*\\'([a-zA-Z0-9\\.]*)\\'[a-zA-Z ]*\\'([a-zA-Z ]*)\\'.*/", $this->c->error, $regs); throw new FieldDoesNotExistException($regs[1], $regs[2]); } if (mysql_error() and mysql_errno() == 1062) { throw new DuplicateEntryException($this->c->error); } if (mysql_error()) { throw new StorageException(); } return mssql_insert_id(); }
/** * {@inheritdoc} */ public function escape($str) { if ($str == '') { return ''; } if (function_exists('mssql_real_escape_string')) { $str = mssql_real_escape_string($str); } else { $str = addslashes($str); } return trim($str); }