public function check_permission()
{
$WebSiteID = $this->session->userdata('WebSiteID');
$GroupID = $this->session->userdata('GroupID');
$AccID = $this->session->userdata('AccID');
$PreWebSiteID = $this->session->userdata('WebSiteID');
$url = trim($this->uri->uri_string());
$routestring = explode('/', $url);
$controller = @$routestring[0];
$method = @$routestring[1];
$WebID = $WebSiteID;
$curr_class = @$controller;
$curr_method = @$method;
if (trim($curr_class) == '') {
$curr_class = "redirect";
}
if (trim($curr_method) == '') {
$curr_method = "index";
}
$controllerfile = 'application/controllers/' . $WebID . '/' . $curr_class . '.php';
if (!file_exists($controllerfile)) {
if ($curr_class == 'ajax') {
$controllerfile = 'application/controllers/ajax.php';
} else {
$controllerfile = 'application/controllers/common/' . $curr_class . '.php';
if (!file_exists($controllerfile)) {
$curr_class = "redirect";
$curr_method = "index";
}
}
}
$sql = "SELECT WebSiteID, Suspend FROM tbl_websites WITH (NOLOCK) WHERE Domain='" . mssql_real_escape_string(getDomain()) . "' AND Activate=1 AND StartTime< GETDATE() AND GETDATE()< ExpireTime";
$query = $this->db->query($sql);
$rowcount = $query->num_rows();
if ($rowcount > 0) {
$row = $query->row();
if ($row->Suspend) {
//show suspend page
echo "suspend";
show_404();
} else {
$WebSiteID = $row->WebSiteID;
$this->session->set_userdata('WebSiteID', $row->WebSiteID);
}
} else {
show_404();
}
if ($GroupID == '' || $GroupID === false) {
$GroupID = 'public';
$this->session->set_userdata('GroupID', $GroupID);
}
$sql = "SELECT count(*) total FROM tbl_websites_accounts_groups_models WITH (NOLOCK) WHERE Activate=1 AND GroupID='" . mssql_real_escape_string($GroupID) . "' AND ModelID='" . mssql_real_escape_string($curr_class) . "' AND (AccID='" . mssql_real_escape_string($AccID) . "' OR AccID='') AND (WebSiteID='" . mssql_real_escape_string($WebSiteID) . "' OR WebSiteID='')";
$query = $this->db->query($sql);
$row = $query->row();
$total = $row->total;
if ($total <= 0) {
show_404();
}
}
public function redirecturl($originalurl)
{
$WebSiteID = $this->session->userdata('WebSiteID');
if ($WebSiteID != '') {
//retrieve the Redirect information
$sql = "SELECT WebSiteID, OriginalURL, RedirectURL, RedirectType FROM tbl_redirectURL WITH (NOLOCK) WHERE StartTime< GETDATE() AND GETDATE()< ExpireTime AND Activate=1 AND WebSiteID='" . mssql_real_escape_string($WebSiteID) . "' AND OriginalURL='" . mssql_real_escape_string($originalurl) . "'";
$query = $this->db->query($sql);
$rowcount = $query->num_rows();
if ($rowcount > 0) {
$row = $query->row();
// internal redirect or extenal redirect
if ($row->RedirectType == 'Internal') {
// Re-format variables
$routestring = explode('/', $row->RedirectURL);
$controller = $routestring[1];
$method = $routestring[2];
$parm = array();
for ($i = 3; $i < count($routestring); $i++) {
$parm[] = $routestring[$i];
}
$controllerfile = 'application/controllers/' . $WebSiteID . '/' . $controller . '.php';
if (!file_exists($controllerfile)) {
$controllerfile = 'application/controllers/common/' . $controller . '.php';
if (!file_exists($controllerfile)) {
show_404();
/*
$controllerfile='application/controllers/common/redirect.php';
$parm[]=$controller;
$method="view";
*/
}
}
/*
if (!(file_exists($controllerfile)))
{
show_404();
}
*/
// Call the related controller and methods
require_once $controllerfile;
$tempcontroller = new $controller();
call_user_func_array(array($tempcontroller, $method), $parm);
exit;
} else {
if ($row->RedirectType == 'External') {
redirect($row->RedirectURL, 'location', 301);
}
}
}
} else {
show_404();
}
}
public function LoginRedirectURL()
{
$WebSiteID = $this->session->userdata('WebSiteID');
$RedirectURL = '/';
$sql = "SELECT LoginRedirectURL FROM tbl_websites WHERE WebSiteID='" . mssql_real_escape_string($WebSiteID) . "'";
$query = $this->db->query($sql);
if ($query->num_rows() > 0) {
$row = $query->row();
$RedirectURL = $row->LoginRedirectURL;
}
return $RedirectURL;
}
public function delete()
{
$WebSiteID = $this->session->userdata('WebSiteID');
$parm = json_decode(rawurldecode($this->input->post('parm')), true);
foreach ($parm as $key => $value) {
$parm[$key] = mssql_real_escape_string($parm[$key]);
}
$sql = "SELECT DeleteSP FROM tbl_models_lists_master WHERE WebSiteID='" . $WebSiteID . "' AND ModelID='" . $parm['modelID'] . "' AND ActionID='" . $parm['actionID'] . "' AND Activate=1";
$query = $this->db->query($sql);
$row = $query->row();
if (trim($row->DeleteSP) != '') {
$sql = $row->DeleteSP . " " . $parm['id'];
$query = $this->db->query($sql);
$row = $query->row();
} else {
return false;
}
}
public function get_fileinfo($modelID, $id, $FileType)
{
$WebSiteID = $this->session->userdata('WebSiteID');
$GroupID = $this->session->userdata('GroupID');
$AccID = $this->session->userdata('AccID');
if ($FileType == 'image') {
$WhereFileType = " AND a.FileType='" . $FileType . "' ";
}
$sql = "SELECT a.FileName, a.LocalFileName, a.DispositionType FROM tbl_files a LEFT JOIN tbl_files_premissions b ON a.ID=b.FileNum WHERE a.ID='" . $id . "' " . @$WhereFileType . " AND (b.ModelID='' OR b.ModelID='" . mssql_real_escape_string($modelID) . "') AND (b.AccID='' OR b.AccID='" . mssql_real_escape_string($AccID) . "') AND (b.GroupID='' OR b.GroupID='" . mssql_real_escape_string($GroupID) . "') AND WebSiteID='" . mssql_real_escape_string($WebSiteID) . "' AND StartTime< GETDATE() AND GETDATE()< ExpireTime AND a.Activate=1 AND b.Activate=1";
//echo $sql;
$query = $this->db->query($sql);
if ($query->num_rows() > 0) {
$row = $query->row();
return array('Status' => true, 'FileName' => $row->FileName, 'LocalFileName' => $row->LocalFileName, 'DispositionType' => $row->DispositionType);
} else {
return array('Status' => false);
}
}
public function escape_string($value)
{
if (is_string($value)) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = mssql_real_escape_string($value);
}
}
return $value;
}
public function escape($value)
{
return mssql_real_escape_string($value, $this->connection);
}
function makeNewLine2($table, $A)
{
$fields = PMReflector::getAttributesArray($A);
$values = "";
#"''";
$sets = "";
#"[".$table."ID]";
for ($i = 0; $i < count($fields); $i++) {
if ($fields[$i] == $table . "ID") {
continue;
}
$values .= ($values != "" ? ", " : "") . " '" . mssql_real_escape_string($A->{$fields}[$i]) . "'\n";
$sets .= ($sets != "" ? ", " : "") . "\n[" . $fields[$i] . "]";
}
$sql = "INSERT INTO\n [{$table}]\n ({$sets}) VALUES ({$values})";
$_SESSION["messages"]->addMessage("executing MSSQL: {$sql}");
mssql_query($sql);
if (mysql_error() and mysql_errno() == 1054) {
preg_match("/[a-zA-Z0-9 ]*\\'([a-zA-Z0-9\\.]*)\\'[a-zA-Z ]*\\'([a-zA-Z ]*)\\'.*/", $this->c->error, $regs);
throw new FieldDoesNotExistException($regs[1], $regs[2]);
}
if (mysql_error() and mysql_errno() == 1062) {
throw new DuplicateEntryException($this->c->error);
}
if (mysql_error()) {
throw new StorageException();
}
return mssql_insert_id();
}
/**
* {@inheritdoc}
*/
public function escape($str)
{
if ($str == '') {
return '';
}
if (function_exists('mssql_real_escape_string')) {
$str = mssql_real_escape_string($str);
} else {
$str = addslashes($str);
}
return trim($str);
}
