function buildControl($value, $mode, $fieldNum = 0, $validate, $additionalCtrlParams, $data) { if ($this->container->pageType == PAGE_LIST || $this->container->pageType == PAGE_SEARCH) { $value = prepare_for_db($this->field, $value, "time"); } parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data); echo '<input id="' . $this->ctype . '" ' . $this->inputStyle . ' type="hidden" name="' . $this->ctype . '" value="time">'; $arr_number = parsenumbers((string) $value); if (count($arr_number) == 6) { $value = mysprintf("%d:%02d:%02d", array($arr_number[3], $arr_number[4], $arr_number[5])); } $timeAttrs = $this->pageObject->pSetEdit->getFormatTimeAttrs($this->field); if (count($timeAttrs)) { $input = '<input type="text" ' . $this->inputStyle . ' name="' . $this->cfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508 == true ? 'alt="' . $this->strLabel . '" ' : '') . 'id="' . $this->cfield . '" ' . $this->pageObject->pSetEdit->getEditParams($this->field); if ($timeAttrs["useTimePicker"]) { $convention = $timeAttrs["hours"]; $loc = getLacaleAmPmForTimePicker($convention, true); $tpVal = getValForTimePicker($this->type, $value, $loc['locale']); echo $input . ' value="' . htmlspecialchars($tpVal['val']) . '">'; echo ' '; echo '<img class="runner-imgclock" src="images/clock.gif" alt="Time" border="0" style="margin:4px 0 0 6px; visibility: hidden;" id="trigger-test-' . $this->cfield . '" />'; } else { echo $input . ' value="' . htmlspecialchars($value) . '">'; } } $this->buildControlEnd($validate); }
function date2db($time) { return mysprintf("%04d-%02d-%02d", $time); }
function prepare_for_db($field, $value, $controltype = "", $postfilename = "", $table = "") { global $strTableName; if ($table == "") { $table = $strTableName; } $pSet = new ProjectSettings($table); $filename = ""; $type = $pSet->getFieldType($field); if (!$controltype || $controltype == "multiselect") { if (is_array($value)) { $value = combinevalues($value); } if (($value === "" || $value === FALSE) && !IsCharType($type)) { return ""; } if (IsGuid($type)) { if (!IsGuidString($value)) { return ""; } } return $value; } else { if ($controltype == "time") { if (!strlen($value)) { return ""; } $time = localtime2db($value); if (IsDateFieldType($pSet->getFieldType($field))) { $time = "2000-01-01 " . $time; } return $time; } else { if (substr($controltype, 0, 4) == "date") { $dformat = substr($controltype, 4); if ($dformat == EDIT_DATE_SIMPLE || $dformat == EDIT_DATE_SIMPLE_DP) { $time = localdatetime2db($value); if ($time == "null") { return ""; } return $time; } else { if ($dformat == EDIT_DATE_DD || $dformat == EDIT_DATE_DD_DP) { $a = explode("-", $value); if (count($a) < 3) { return ""; } else { $y = $a[0]; $m = $a[1]; $d = $a[2]; } if ($y < 100) { if ($y < 70) { $y += 2000; } else { $y += 1900; } } return mysprintf("%04d-%02d-%02d", array($y, $m, $d)); } else { return ""; } } } else { if (substr($controltype, 0, 8) == "checkbox") { if ($value == "on") { $ret = 1; } else { if ($value == "none") { return ""; } else { $ret = 0; } } return $ret; } else { return false; } } } } }
function localdatetime2db($strdatetime, $format = "") { global $locale_info; $locale_idate = $locale_info["LOCALE_IDATE"]; if ($format == "dmy") { $locale_idate = 1; } if ($format == "mdy") { $locale_idate = 0; } if ($format == "ymd") { $locale_idate = 2; } // check if we use 12hours clock $strtime = strtoupper($strdatetime); $use12 = 0; $pos = strpos($locale_info["LOCALE_STIMEFORMAT"], "h" . $locale_info["LOCALE_STIME"]); if (!($pos === false) or (strpos($strtime, "AM") !== false or strpos($strtime, "PM") !== false)) { $use12 = 1; // determine am/pm $pm = 0; $amstr = $locale_info["LOCALE_S1159"] == "" ? "AM" : $locale_info["LOCALE_S1159"]; $pmstr = $locale_info["LOCALE_S2359"] == "" ? "PM" : $locale_info["LOCALE_S2359"]; $posam = strpos($strdatetime, $amstr); $pospm = strpos($strdatetime, $pmstr); if ($posam === false && $pospm !== false) { $pm = 1; } elseif ($posam !== false && $pospm === false) { $pm = 0; } elseif ($posam === false && $pospm === false) { $use12 = 0; } else { if ($posam > $pospm) { $pm = 1; } } } $numbers = parsenumbers($strdatetime); if (!$numbers || count($numbers) < 2) { return "null"; } // add current year if not specified if (count($numbers) < 3) { if ($locale_idate != 1) { $month = $numbers[0]; $day = $numbers[1]; } else { $month = $numbers[1]; $day = $numbers[0]; } $tm = localtime(time(), true); $year = 1900 + $tm["tm_year"]; } else { if (!$locale_idate) { $month = $numbers[0]; $day = $numbers[1]; $year = $numbers[2]; // list($month,$day,$year)=$numbers; } else { if ($locale_idate == 1) { $day = $numbers[0]; $month = $numbers[1]; $year = $numbers[2]; // list($day,$month,$year)=$numbers; } else { if ($locale_idate == 2) { $year = $numbers[0]; $month = $numbers[1]; $day = $numbers[2]; // list($year,$month,$day)=$numbers; } } } } if (!$month || !$day) { return "null"; } while (count($numbers) < 6) { $numbers[] = 0; } $h = $numbers[3]; $m = $numbers[4]; $s = $numbers[5]; if ($use12 && $h) { if (!$pm && $h == 12) { $h = 0; } if ($pm && $h < 12) { $h += 12; } } if ($year < 100) { if ($year < 60) { $year += 2000; } else { $year += 1900; } } return mysprintf("%04d-%02d-%02d", array($year, $month, $day)) . " " . mysprintf("%02d:%02d:%02d", array($h, $m, $s)); }
function ProcessString($input,&$context, $include_notes=TRUE,$multiline=FALSE) { # debug("ProcessString: input is $input\n"); assert('is_scalar($input)'); $context_description = strtolower( $context->my_type() ); if($context_description != "map") $context_description .= ":" . $context->name; wm_debug("Trace: ProcessString($input, $context_description)\n"); if($multiline==TRUE) { $i = $input; $input = str_replace("\\n","\n",$i); # if($i != $input) warn("$i into $input\n"); } $output = $input; # while( preg_match("/(\{[^}]+\})/",$input,$matches) ) while( preg_match("/(\{(?:node|map|link)[^}]+\})/",$input,$matches) ) { $value = "[UNKNOWN]"; $format = ""; $key = $matches[1]; wm_debug("ProcessString: working on ".$key."\n"); if ( preg_match("/\{(node|map|link):([^}]+)\}/",$key,$matches) ) { $type = $matches[1]; $args = $matches[2]; # debug("ProcessString: type is ".$type.", arguments are ".$args."\n"); if($type == 'map') { $the_item = $this; if(preg_match("/map:([^:]+):*([^:]*)/",$args,$matches)) { $args = $matches[1]; $format = $matches[2]; } } if(($type == 'link') || ($type == 'node')) { if(preg_match("/([^:]+):([^:]+):*([^:]*)/",$args,$matches)) { $itemname = $matches[1]; $args = $matches[2]; $format = $matches[3]; # debug("ProcessString: item is $itemname, and args are now $args\n"); $the_item = NULL; if( ($itemname == "this") && ($type == strtolower($context->my_type())) ) { $the_item = $context; } elseif( strtolower($context->my_type()) == "link" && $type == 'node' && ($itemname == '_linkstart_' || $itemname == '_linkend_') ) { // this refers to the two nodes at either end of this link if($itemname == '_linkstart_') { $the_item = $context->a; } if($itemname == '_linkend_') { $the_item = $context->b; } } elseif( ($itemname == "parent") && ($type == strtolower($context->my_type())) && ($type=='node') && ($context->relative_to != '') ) { $the_item = $this->nodes[$context->relative_to]; } else { if( ($type == 'link') && isset($this->links[$itemname]) ) { $the_item = $this->links[$itemname]; } if( ($type == 'node') && isset($this->nodes[$itemname]) ) { $the_item = $this->nodes[$itemname]; } } } } if(is_null($the_item)) { wm_warn("ProcessString: $key refers to unknown item (context is $context_description) [WMWARN05]\n"); } else { # warn($the_item->name.": ".var_dump($the_item->hints)."\n"); wm_debug("ProcessString: Found appropriate item: ".get_class($the_item)." ".$the_item->name."\n"); # warn($the_item->name."/hints: ".var_dump($the_item->hints)."\n"); # warn($the_item->name."/notes: ".var_dump($the_item->notes)."\n"); // SET and notes have precedent over internal properties // this is my laziness - it saves me having a list of reserved words // which are currently used for internal props. You can just 'overwrite' any of them. if(isset($the_item->hints[$args])) { $value = $the_item->hints[$args]; wm_debug("ProcessString: used hint\n"); } // for some things, we don't want to allow notes to be considered. // mainly - TARGET (which can define command-lines), shouldn't be // able to get data from uncontrolled sources (i.e. data sources rather than SET in config files). elseif($include_notes && isset($the_item->notes[$args])) { $value = $the_item->notes[$args]; wm_debug("ProcessString: used note\n"); } elseif(isset($the_item->$args)) { $value = $the_item->$args; wm_debug("ProcessString: used internal property\n"); } } } // format, and sanitise the value string here, before returning it if($value===NULL) $value='NULL'; wm_debug("ProcessString: replacing ".$key." with $value\n"); # if($format != '') $value = sprintf($format,$value); if($format != '') { # debug("Formatting with mysprintf($format,$value)\n"); $value = mysprintf($format,$value); } # debug("ProcessString: formatted to $value\n"); $input = str_replace($key,'',$input); $output = str_replace($key,$value,$output); } #debug("ProcessString: output is $output\n"); return ($output); }
/** * Get report text * @param Number totalRecords * @param Number addedRecords * @param Number updatedRecords * @param Boolean isNotLogFile * @rturn String */ protected function getBasicReportText($totalRecords, $addedRecords, $updatedRecords, $isNotLogFile = true, $lineBreak = "<br>", $errorMessages = array(), $unprocessedData = array()) { $importedReords = $addedRecords + $updatedRecords; $notImportedRecords = $totalRecords - $importedReords; $boldBegin = ""; $boldEnd = ""; $reportText = ""; if ($isNotLogFile) { $boldBegin = "<b>"; $boldEnd = "</b>"; } else { $reportText .= "Import into" . " " . $this->strOriginalTableName . $lineBreak . str_format_datetime(db2time(now())) . $lineBreak . $lineBreak; } $reportText .= mysprintf("%s out of %s records processed successfully.", array($boldBegin . $importedReords . $boldEnd, $boldBegin . $totalRecords . $boldEnd)) . $lineBreak . mysprintf("%s records added.", array($boldBegin . $addedRecords . $boldEnd)) . $lineBreak . mysprintf("%s records updated.", array($boldBegin . $updatedRecords . $boldEnd)) . $lineBreak; if ($notImportedRecords) { $reportText .= mysprintf("%s records processed with errors", array($boldBegin . $notImportedRecords . $boldEnd)); } if ($notImportedRecords && count($errorMessages)) { $reportText .= ":"; for ($i = 0; $i < count($errorMessages); $i++) { if ($isNotLogFile) { $reportText .= $lineBreak . $errorMessages[$i]; } else { $reportText .= $lineBreak . $lineBreak . $errorMessages[$i] . $lineBreak . $unprocessedData[$i + 1]; } } } return $reportText; }
$myurl = @$_SESSION["MyURL"]; unset($_SESSION["MyURL"]); $message = ""; $pUsername = postvalue("username"); $pPassword = postvalue("password"); $is508 = isEnableSection508(); $rememberbox_checked = ""; $rememberbox_attrs = ($is508 == true ? "id=\"remember_password\" " : "") . "name=\"remember_password\" value=\"1\""; if (@$_COOKIE["username"] || @$_COOKIE["password"]) { $rememberbox_checked = " checked"; } $logacc = true; if ($auditObj) { if ($auditObj->LoginAccess()) { $logacc = false; $message = mysprintf(mlang_message("LOGIN_BLOCKED"), array($auditObj->LoginAccess())); } } if (@$_POST["btnSubmit"] == "Login" && $logacc) { if (@$_POST["remember_password"] == 1) { setcookie("username", $pUsername, time() + 365 * 1440 * 60); setcookie("password", $pPassword, time() + 365 * 1440 * 60); $rememberbox_checked = " checked"; } else { setcookie("username", "", time() - 365 * 1440 * 60); setcookie("password", "", time() - 365 * 1440 * 60); $rememberbox_checked = ""; } if ($pageObject->isCaptchaOk) { $_SESSION["login_count_captcha"] = $_SESSION["login_count_captcha"] + 1; }
if (!isset($pUsername)) { $pUsername = postvalue("username"); $pDisplayUsername = ''; $pPassword = postvalue("password"); } $is508 = isEnableSection508(); $rememberbox_checked = ""; $rememberbox_attrs = ($is508 == true ? "id=\"remember_password\" " : "") . "name=\"remember_password\" value=\"1\""; if (@$_COOKIE["username"] || @$_COOKIE["password"]) { $rememberbox_checked = " checked"; } $logacc = true; if ($pageObject->auditObj) { if ($pageObject->auditObj->LoginAccess()) { $logacc = false; $message = mysprintf("Access denied for %s minutes", array($pageObject->auditObj->LoginAccess())); } } if ((@$_POST["btnSubmit"] == "Login" || $adSubmit) && $logacc) { if (@$_POST["remember_password"] == 1) { setcookie("username", $pUsername, time() + 365 * 1440 * 60); setcookie("password", $pPassword, time() + 365 * 1440 * 60); $rememberbox_checked = " checked"; } else { setcookie("username", "", time() - 365 * 1440 * 60); setcookie("password", "", time() - 365 * 1440 * 60); $rememberbox_checked = ""; } if ($pageObject->isCaptchaOk) { $_SESSION["login_count_captcha"] = $_SESSION["login_count_captcha"] + 1; }
/** * EncryptValueByDB * Add to field name encryption function if field is encrypted by database * Please note, when changing this function you should make appropriate changes in wizard method (dynamic permissions --> add new user) #8923 * @param {string} field name * @param {mixed} value * @return {string} */ public function EncryptValueByDB($field, $value) { if (!$this->isFieldEncrypted($field) || isEncryptionByPHPEnabled()) { return $value; } $result = ""; if ($this->connection->dbType == nDATABASE_Oracle) { $result = "utl_raw.cast_to_varchar2(DBMS_CRYPTO.ENCRYPT(utl_raw.cast_to_raw(%s), 4353, utl_raw.cast_to_raw('%s')))"; } elseif ($this->connection->dbType == nDATABASE_MSSQLServer) { $result = "EncryptByPassPhrase(N'%s', %s)"; } elseif ($this->connection->dbType == nDATABASE_MySQL) { $result = "hex(DES_ENCRYPT(%s, '%s'))"; } elseif ($this->connection->dbType == nDATABASE_PostgreSQL) { $result = "pgp_sym_encrypt(%s, '%s')"; } if ($result != "") { if ($this->connection->dbType == nDATABASE_MSSQLServer) { $result = mysprintf($result, array($this->key, $value)); } else { $result = mysprintf($result, array($value, $this->key)); } } else { $result = $value; } return $result; }
function BuildEditControl($field, $value, $format, $edit, $fieldNum = 0, $id = "", $validate, $additionalCtrlParams, &$pageObj) { global $rs, $data, $strTableName, $filenamelist, $keys, $locale_info, $jscode; $inputStyle = 'style="'; $inputStyle .= $additionalCtrlParams['style'] ? $additionalCtrlParams['style'] : ''; //$inputStyle .= ($additionalCtrlParams['hidden'] ? 'display: none;' : ''); $inputStyle .= '"'; $cfieldname = GoodFieldName($field) . "_" . $id; $cfield = "value_" . GoodFieldName($field) . "_" . $id; $ctype = "type_" . GoodFieldName($field) . "_" . $id; $is508 = isEnableSection508(); $strLabel = Label($field); if ($fieldNum) { $cfield = "value" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id; $ctype = "type" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id; } $type = GetFieldType($field); $arr = ""; $iquery = "field=" . rawurlencode($field); $keylink = ""; $arrKeys = GetTableKeys($strTableName); for ($j = 0; $j < count($arrKeys); $j++) { $keylink .= "&key" . ($j + 1) . "=" . rawurlencode($data[$arrKeys[$j]]); } $iquery .= $keylink; $isHidden = isset($additionalCtrlParams['hidden']) && $additionalCtrlParams['hidden']; echo '<span id="edit' . $id . '_' . GoodFieldName($field) . '_' . $fieldNum . '" class="runner-nowrap"' . ($isHidden ? ' style="display:none"' : '') . '">'; if ($format == EDIT_FORMAT_FILE && $edit == MODE_SEARCH) { $format = ""; } if ($format == EDIT_FORMAT_TEXT_FIELD) { if (IsDateFieldType($type)) { echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="date' . EDIT_DATE_SIMPLE . '">' . GetDateEdit($field, $value, 0, $fieldNum, $edit, $id, $pageObj); } else { if ($edit == MODE_SEARCH) { echo '<input id="' . $cfield . '" ' . $inputStyle . ' type="text" autocomplete="off" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">'; } else { echo '<input id="' . $cfield . '" ' . $inputStyle . ' type="text" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">'; } } } else { if ($format == EDIT_FORMAT_TIME) { echo '<input id="' . $ctype . '" ' . $inputStyle . ' type="hidden" name="' . $ctype . '" value="time">'; $arr_number = parsenumbers((string) $value); if (count($arr_number) == 6) { $value = mysprintf("%d:%02d:%02d", array($arr_number[3], $arr_number[4], $arr_number[5])); } $timeAttrs = GetFieldData($strTableName, $field, "FormatTimeAttrs", array()); if (count($timeAttrs)) { if ($timeAttrs["useTimePicker"]) { $convention = $timeAttrs["hours"]; $loc = getLacaleAmPmForTimePicker($convention, true); $tpVal = getValForTimePicker($type, $value, $loc['locale']); echo '<input type="text" ' . $inputStyle . ' name="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'id="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($tpVal['val']) . '">'; echo ' '; echo '<img class="runner-imgclock" src="images/clock.gif" alt="Time" border="0" style="margin:4px 0 0 6px; visibility: hidden;" id="trigger-test-' . $cfield . '" />'; } else { echo '<input id="' . $cfield . '" ' . $inputStyle . ' type="text" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">'; } } } else { if ($format == EDIT_FORMAT_TEXT_AREA) { $nWidth = GetNCols($field); $nHeight = GetNRows($field); if (UseRTE($field)) { $value = RTESafe($value); } else { echo '<textarea id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" style="'; if (!isMobile()) { echo "width: " . $nWidth . "px;"; } echo 'height: ' . $nHeight . 'px;">' . htmlspecialchars($value) . '</textarea>'; } } else { if ($format == EDIT_FORMAT_PASSWORD) { echo '<input ' . $inputStyle . ' id="' . $cfield . '" type="Password" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">'; } else { if ($format == EDIT_FORMAT_DATE) { echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="date' . DateEditType($field) . '">' . GetDateEdit($field, $value, DateEditType($field), $fieldNum, $edit, $id, $pageObj); } else { if ($format == EDIT_FORMAT_RADIO) { BuildRadioControl($field, $value, $fieldNum, $id, $edit); } else { if ($format == EDIT_FORMAT_CHECKBOX) { if ($edit == MODE_ADD || $edit == MODE_INLINE_ADD || $edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) { $checked = ""; if ($value && $value != 0) { $checked = " checked"; } echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="checkbox">'; echo '<input id="' . $cfield . '" type="Checkbox" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . $checked . '>'; } else { echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="checkbox">'; echo '<select id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '">'; $val = array("", "on", "off"); $show = array("", "True", "False"); foreach ($val as $i => $v) { $sel = ""; if ($value === $v) { $sel = " selected"; } echo '<option value="' . $v . '"' . $sel . '>' . $show[$i] . '</option>'; } echo "</select>"; } } else { if ($format == EDIT_FORMAT_DATABASE_IMAGE || $format == EDIT_FORMAT_DATABASE_FILE) { $disp = ""; $strfilename = ""; //$onchangefile=""; if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) { $value = db_stripslashesbinary($value); $itype = SupposeImageType($value); $thumbnailed = false; $thumbfield = ""; if ($itype) { if ($thumbnailed) { $disp = "<a "; if (IsUseiBox($field, $strTableName)) { $disp .= " rel='ibox'"; } else { $disp .= " target=_blank"; } $disp .= " href=\"imager.php?table=" . GetTableURL($strTableName) . "&" . $iquery . "&rndVal=" . rand(0, 32768) . "\">"; $disp .= "<img id=\"image_" . GoodFieldName($field) . "_" . $id . "\" name=\"" . $cfield . "\" border=0"; if (isEnableSection508()) { $disp .= " alt=\"Image from DB\""; } $disp .= " src=\"imager.php?table=" . GetTableURL($strTableName) . "&field=" . rawurlencode($thumbfield) . "&alt=" . rawurlencode($field) . $keylink . "&rndVal=" . rand(0, 32768) . "\">"; $disp .= "</a>"; } else { $disp = '<img id="image_' . GoodFieldName($field) . '_' . $id . '" name="' . $cfield . '"'; if (isEnableSection508()) { $disp .= ' alt="Image from DB"'; } $disp .= ' border=0 src="imager.php?table=' . GetTableURL($strTableName) . '&' . $iquery . "&rndVal=" . rand(0, 32768) . '">'; } } else { if (strlen($value)) { $disp = '<img id="image_' . GoodFieldName($field) . '_' . $id . '" name="' . $cfield . '" border=0 '; if (isEnableSection508()) { $disp .= ' alt="file"'; } $disp .= ' src="images/file.gif">'; } else { $disp = '<img id="image_' . GoodFieldName($field) . '_' . $id . '" name="' . $cfield . '" border="0"'; if (isEnableSection508()) { $disp .= ' alt=" "'; } $disp .= ' src="images/no_image.gif">'; } } // filename if ($format == EDIT_FORMAT_DATABASE_FILE && !$itype && strlen($value)) { if (!($filename = @$data[GetFilenameField($field)])) { $filename = "file.bin"; } $disp = '<a href="getfile.php?table=' . GetTableURL($strTableName) . '&filename=' . htmlspecialchars($filename) . '&' . $iquery . '".>' . $disp . '</a>'; } // filename edit if ($format == EDIT_FORMAT_DATABASE_FILE && GetFilenameField($field)) { if (!($filename = @$data[GetFilenameField($field)])) { $filename = ""; } if ($edit == MODE_INLINE_EDIT) { $strfilename = '<br><label for="filename_' . $cfieldname . '">' . mlang_message("FILENAME") . '</label> <input type="text" ' . $inputStyle . ' id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="20" maxlength="50" value="' . htmlspecialchars($filename) . '">'; } else { $strfilename = '<br><label for="filename_' . $cfieldname . '">' . mlang_message("FILENAME") . '</label> <input type="text" ' . $inputStyle . ' id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="20" maxlength="50" value="' . htmlspecialchars($filename) . '">'; } } $strtype = '<br><input id="' . $ctype . '_keep" type="Radio" name="' . $ctype . '" value="file0" checked>' . mlang_message("KEEP"); if ((strlen($value) || $edit == MODE_INLINE_EDIT) && !IsRequired($field)) { $strtype .= '<input id="' . $ctype . '_delete" type="Radio" name="' . $ctype . '" value="file1">' . mlang_message("DELETE"); } $strtype .= '<input id="' . $ctype . '_update" type="Radio" name="' . $ctype . '" value="file2">' . mlang_message("UPDATE"); } else { // if Add mode $strtype = '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="file2">'; if ($format == EDIT_FORMAT_DATABASE_FILE && GetFilenameField($field)) { $strfilename = '<br><label for="filename_' . $cfieldname . '">' . mlang_message("FILENAME") . '</label> <input type="text" ' . $inputStyle . ' id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="20" maxlength="50">'; } } if ($edit == MODE_INLINE_EDIT && $format == EDIT_FORMAT_DATABASE_FILE) { $disp = ""; } echo $disp . $strtype; if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) { echo '<br>'; } echo '<input type="File" ' . $inputStyle . ' id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . ' name="' . $cfield . '" >' . $strfilename; echo '<input type="Hidden" id="notempty_' . $cfieldname . '" value="' . (strlen($value) ? 1 : 0) . '">'; } else { if ($format == EDIT_FORMAT_LOOKUP_WIZARD) { BuildSelectControl($field, $value, $fieldNum, $edit, $id, $additionalCtrlParams, $pageObj); } else { if ($format == EDIT_FORMAT_HIDDEN) { echo '<input id="' . $cfield . '" type="Hidden" name="' . $cfield . '" value="' . htmlspecialchars($value) . '">'; } else { if ($format == EDIT_FORMAT_READONLY) { echo '<input id="' . $cfield . '" type="Hidden" name="' . $cfield . '" value="' . htmlspecialchars($value) . '">'; } else { if ($format == EDIT_FORMAT_FILE) { $disp = ""; $strfilename = ""; $function = ""; if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) { // show current file if (ViewFormat($field) == FORMAT_FILE || ViewFormat($field) == FORMAT_FILE_IMAGE) { $disp = GetData($data, $field, ViewFormat($field)) . "<br>"; } $filename = $value; // filename edit $filename_size = 30; if (UseTimestamp($field)) { $filename_size = 50; } $strfilename = '<input type=hidden name="filenameHidden_' . $cfieldname . '" value="' . htmlspecialchars($filename) . '"><br>' . mlang_message("FILENAME") . ' <input type="text" style="background-color:gainsboro" disabled id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="' . $filename_size . '" maxlength="100" value="' . htmlspecialchars($filename) . '">'; if ($edit == MODE_INLINE_EDIT) { $strtype = '<br><input id="' . $ctype . '_keep" type="Radio" name="' . $ctype . '" value="upload0" checked class="runner-uploadtype">' . mlang_message("KEEP"); } else { $strtype = '<br><input id="' . $ctype . '_keep" type="Radio" name="' . $ctype . '" value="upload0" checked class="runner-uploadtype">' . mlang_message("KEEP"); } if ((strlen($value) || $edit == MODE_INLINE_EDIT) && !IsRequired($field)) { $strtype .= '<input id="' . $ctype . '_delete" type="Radio" name="' . $ctype . '" value="upload1" class="runner-uploadtype">' . mlang_message("DELETE"); } $strtype .= '<input id="' . $ctype . '_update" type="Radio" name="' . $ctype . '" value="upload2" class="runner-uploadtype">' . mlang_message("UPDATE"); } else { // if Adding record $filename_size = 30; if (UseTimestamp($field)) { $filename_size = 50; } $strtype = '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="upload2">'; $strfilename = '<br>' . mlang_message("FILENAME") . ' <input type="text" id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="' . $filename_size . '" maxlength="100">'; } echo $disp . $strtype . $function; if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) { echo '<br>'; } echo '<input type="File" id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . ' name="' . $cfield . '" >' . $strfilename; echo '<input type="Hidden" id="notempty_' . $cfieldname . '" value="' . (strlen($value) ? 1 : 0) . '">'; } } } } } } } } } } } } if (count($validate['basicValidate']) && array_search('IsRequired', $validate['basicValidate']) !== false) { echo ' <font color="red">*</font></span>'; } else { echo '</span>'; } }
/** * EncryptValueByDB * Add to field name encryption function if field is encrypted by database * Please note, when changing this function you should make appropriate changes in wizard method (dynamic permissions --> add new user) #8923 * @param {string} field name * @return {string} */ function EncryptValueByDB($field, $value, $table = ""){ if(!$this->isFieldEncrypted($field, $table) || isEncryptionByPHPEnabled()) return $value; $result = ""; $result = "hex(DES_ENCRYPT(%s, '%s'))"; if($result != "") { $result = mysprintf($result, array($value, $this->key)); } else $result = $value; return $result; }
/** * Get the WHERE clause conditions string for the search or suggest SQL query * @param String SearchFor * @param String strSearchOption * @param String SearchFor2 * @param String etype * @param Boolean isSuggest */ function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } if (!strlen($SearchFor)) { return ""; } $value1 = $this->pageObject->cipherer->MakeDBValue($this->field, $SearchFor, $etype, true); $value2 = false; $cleanvalue2 = false; if ($strSearchOption == "Between") { $cleanvalue2 = prepare_for_db($this->field, $SearchFor2, $etype); $value2 = make_db_value($this->field, $SearchFor2, $etype); } if ($strSearchOption != "Contains" && $strSearchOption != "Starts with" && ($value1 === "null" || $value2 === "null") && !$this->pageObject->cipherer->isFieldPHPEncrypted($this->field)) { return ""; } if (($strSearchOption == "Contains" || $strSearchOption == "Starts with") && !$this->isStringValidForLike($SearchFor)) { return ""; } $searchIsCaseInsensitive = $this->pageObject->pSetEdit->getNCSearch(); if (IsCharType($this->type) && !$this->btexttype) { $gstrField = $this->getFieldSQLDecrypt(); if (!$this->pageObject->cipherer->isFieldPHPEncrypted($this->field) && $searchIsCaseInsensitive) { $value1 = $this->connection->upper($value1); $value2 = $this->connection->upper($value2); $gstrField = $this->connection->upper($gstrField); } } elseif ($strSearchOption == "Contains" || $strSearchOption == "Starts with") { $gstrField = $this->connection->field2char($this->getFieldSQLDecrypt(), $this->type); } elseif ($this->pageObject->pSetEdit->getViewFormat($this->field) == FORMAT_TIME) { $gstrField = $this->connection->field2time($this->getFieldSQLDecrypt(), $this->type); } else { $gstrField = $this->getFieldSQLDecrypt(); } if ($strSearchOption == "Contains") { if ($this->pageObject->cipherer->isFieldPHPEncrypted($this->field)) { return $gstrField . "=" . $this->pageObject->cipherer->MakeDBValue($this->field, $SearchFor); } $SearchFor = $this->connection->escapeLIKEpattern($SearchFor); if (IsCharType($this->type) && !$this->btexttype && $searchIsCaseInsensitive) { return $gstrField . " " . $this->like . " " . $this->connection->upper($this->connection->prepareString("%" . $SearchFor . "%")); } return $gstrField . " " . $this->like . " " . $this->connection->prepareString("%" . $SearchFor . "%"); } if ($strSearchOption == "Equals") { return $gstrField . "=" . $value1; } if ($strSearchOption == "Starts with") { $SearchFor = $this->connection->escapeLIKEpattern($SearchFor); if (IsCharType($this->type) && !$this->btexttype && $searchIsCaseInsensitive) { return $gstrField . " " . $this->like . " " . $this->connection->upper($this->connection->prepareString($SearchFor . "%")); } return $gstrField . " " . $this->like . " " . $this->connection->prepareString($SearchFor . "%"); } if ($strSearchOption == "More than") { return $gstrField . ">" . $value1; } if ($strSearchOption == "Less than") { return $gstrField . "<" . $value1; } if ($strSearchOption == "Equal or more than") { return $gstrField . ">=" . $value1; } if ($strSearchOption == "Equal or less than") { return $gstrField . "<=" . $value1; } if ($strSearchOption == "Between") { $ret = $gstrField . ">=" . $value1 . " and "; if (IsDateFieldType($this->type)) { $timeArr = db2time($cleanvalue2); // for dates without time, add one day if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) { $timeArr = adddays($timeArr, 1); $value2 = mysprintf("%02d-%02d-%02d", $timeArr); $value2 = add_db_quotes($this->field, $value2, $this->pageObject->tName); $ret .= $gstrField . "<" . $value2; } else { $ret .= $gstrField . "<=" . $value2; } } else { $ret .= $gstrField . "<=" . $value2; } return $ret; } return ""; }
public function validate($uploadedFile, &$file, $error, $file_size, $index, $uploadDir) { if ($error) { $file["error"] = $error; return false; } if (!$file["name"]) { $file["error"] = "No se ha indicado el nombre de fichero"; return false; } if (!preg_match($this->options['accept_file_types'], $file["name"])) { $file["error"] = "El tipo de fichero es erróneo"; return false; } if ($this->options['max_file_size'] && ($file_size > $this->options['max_file_size'] * 1024 || $file["size"] > $this->options['max_file_size'] * 1024)) { $file["error"] = mysprintf("El tamaño del fichero supera el límite de %s KBytes", array($this->options['max_file_size'])); return false; } if ($this->options['min_file_size'] && $file_size < $this->options['min_file_size'] * 1024) { $file["error"] = mysprintf("El tamaño del fichero no puede ser menor de %s KBytes", array($this->options['min_file_size'])); return false; } if (is_int($this->options['max_totalFile_size']) && $this->getUploadFilesSize() + $file["size"] > $this->options['max_totalFile_size'] * 1024) { $file["error"] = mysprintf("El tamaño de los ficheros supera el límite de %s KBytes", array($this->options['max_totalFile_size'])); return false; } if (is_int($this->options['max_number_of_files']) && ($this->getUploadFilesCount() >= $this->options['max_number_of_files'] && $this->options['max_number_of_files'] > 0)) { if ($this->options['max_number_of_files'] > 1) { $file["error"] = mysprintf("No puede enviar más de %s ficheros", array($this->options['max_number_of_files'])); } else { $file["error"] = "Solo puede enviar un fichero"; } return false; } if (isImageType($uploadedFile["type"])) { $image_size = runner_getimagesize($uploadedFile["tmp_name"], $uploadedFile); $img_width = $image_size[0]; $img_height = $image_size[1]; if (is_int($img_width)) { if (($this->options['max_width'] && $img_width > $this->options['max_width'] || $this->options['max_height'] && $img_height > $this->options['max_height']) && !$this->options['resizeOnUpload']) { $file["error"] = 'maxResolution'; return false; } if ($this->options['min_width'] && $img_width < $this->options['min_width'] || $this->options['min_height'] && $img_height < $this->options['min_height']) { $file["error"] = 'minResolution'; return false; } } } return true; }
function GetLockInfo($strtable, $keys, $links, $pageid) { $page = GetTableLink(GetTableURL($strtable), "edit"); $skeys = ""; foreach ($keys as $ind => $val) { if (strlen($skeys)) { $skeys .= "&"; } $skeys .= rawurlencode($val); } $where = $this->connection->addFieldWrappers("table") . "=" . $this->connection->prepareString($strtable) . " AND " . $this->connection->addFieldWrappers("keys") . "=" . $this->connection->prepareString($skeys) . " AND " . $this->connection->addFieldWrappers("sessionid") . "<>'" . session_id() . "' AND " . $this->connection->addFieldWrappers("action") . "=1"; $qResult = $this->query($where, $this->connection->addFieldWrappers("id") . " asc"); if ($data = $qResult->fetchAssoc()) { $sdate = now(); $arrDateTime = db2time($data["startdatetime"]); $str = mysprintf($this->LockAdmin, array($data["userid"], round(secondsPassedFrom($data["startdatetime"]) / 60, 2))); if ($links) { $str .= '<a class="unlock" href="#" onclick="Runner.pages.PageManager.getAt(\'' . runner_htmlspecialchars(jsreplace($strtable)) . '\', ' . $pageid . ').locking.UnlockAdmin(\'' . runner_htmlspecialchars(jsreplace($skeys)) . '\',\'' . $data["sessionid"] . '\',\'no\');return false;">' . "Desbloquear registro" . '</a>'; $str .= '<a class="edit" href="#" onclick="Runner.pages.PageManager.getAt(\'' . runner_htmlspecialchars(jsreplace($strtable)) . '\', ' . $pageid . ').locking.UnlockAdmin(\'' . runner_htmlspecialchars(jsreplace($skeys)) . '\',\'' . $data["sessionid"] . '\',\'yes\');return false;">' . "Editar registro" . '</a>'; } return $str; } return ""; }
function GetLockInfo($strtable, $keys, $links, $pageid) { $page = GetTableURL($strtable) . "_edit.php"; $skeys = ""; foreach ($keys as $ind => $val) { if (strlen($skeys)) { $skeys .= "&"; } $skeys .= rawurlencode($val); } $rstmp = $this->TableObj->Query(AddFieldWrappers("table") . "=" . db_prepare_string($strtable) . " and " . AddFieldWrappers("keys") . "=" . db_prepare_string($skeys) . " and " . AddFieldWrappers("sessionid") . "<>'" . session_id() . "' and " . AddFieldWrappers("action") . "=1", AddFieldWrappers("id") . " asc"); if ($data = db_fetch_array($rstmp)) { $sdate = now(); $arrDateTime = db2time($data["startdatetime"]); $str = mysprintf($this->LockAdmin, array($data["userid"], round(secondsPassedFrom($data["startdatetime"]) / 60, 2))); if ($links) { $str .= '<a class="unlock" href="#" onclick="Runner.pages.PageManager.getAt(\'' . htmlspecialchars(jsreplace($strtable)) . '\', ' . $pageid . ').locking.UnlockAdmin(\'' . htmlspecialchars(jsreplace($skeys)) . '\',\'' . $data["sessionid"] . '\',\'no\');return false;">' . "Unlock record" . '</a>'; $str .= '<a class="edit" href="#" onclick="Runner.pages.PageManager.getAt(\'' . htmlspecialchars(jsreplace($strtable)) . '\', ' . $pageid . ').locking.UnlockAdmin(\'' . htmlspecialchars(jsreplace($skeys)) . '\',\'' . $data["sessionid"] . '\',\'yes\');return false;">' . "Edit record" . '</a>'; } return $str; } else { return ""; } }
/** * Fills info in array about grid. * * @param array $rowInfoArr array with total info, that assignes grid */ function fillGridShowInfo(&$rowInfoArr) { // fill $rowInfoArr array global $pageRights; $rowInfoArr = array(); $rowClass = false; $recno = 1; $editlink = ""; $copylink = ""; foreach ($this->nonAdminTablesArr as $tkey => $tbl) { $row = array(); //$row["begin"] = "<input type=hidden name=\"table[]\" value=\"".htmlspecialchars($tbl[0])."\">"; if ($tbl[0] == $tbl[1]) { $row["tablename"] = htmlspecialchars($tbl[0]); } else { $row["tablename"] = "<span dir='LTR'>" . htmlspecialchars($tbl[1]) . " (" . htmlspecialchars($tbl[0]) . ")</span>"; } $row["tablecheckbox_attrs"] = "name=\"table_" . $tkey . "\" id=\"" . $tkey . "\""; $row["rowclass"] = ""; if (!$rowClass) { $row["rowclass"] .= "interlaced"; $rowClass = true; } else { $rowClass = false; } $sgroups = array(); foreach ($this->groupsArr as $g) { $group = array(); $mask = $this->nonAdminTablesRightsArr[$tbl[0]][$g[0]]; // add display none style if group not Admin, because at page load, admin rights are shown $styleDispNone = $g[0] == -1 ? "" : ' style="display: none;" '; foreach ($this->cbxNames as $key => $val) { $group[$key . "_checkbox"] = $styleDispNone . mysprintf(' id="%s" %s name="%s"', array("cb" . $key . "_" . $tkey . "_" . $g[0], strpos($mask, $val['mask']) !== FALSE ? " checked" : "", "cb" . $key . "_" . $tkey . "_" . $g[0])); } $sgroups[] = $group; } $row["add_groupboxes"] = array("data" => $sgroups); foreach ($this->cbxNames as $key => $val) { if ($key != 'add') { $row[$key . "_groupboxes"] =& $row["add_groupboxes"]; } if ($key != 'adm') { $row[$key . "_group"] = $pageRights[$tbl[0]][$val['rightName']]; } } $rowInfoArr[] = $row; } }
/** * @param String field * @param Mixed value * @param String controltype * @param String postfilename * @param String table The datasource table name * @intellisense */ function prepare_for_db($field, $value, $controltype = "", $postfilename = "", $table = "") { global $strTableName, $cman; if ($table == "") { $table = $strTableName; } $pSet = new ProjectSettings($table); $connection = $cman->byTable($table); $filename = ""; $type = $pSet->getFieldType($field); if ((!$controltype || $controltype == "multiselect") && !IsTimeType($type)) { if (is_array($value)) { $value = combinevalues($value); } if (($value === "" || $value === FALSE) && !IsCharType($type)) { return ""; } if (IsGuid($type)) { if (!IsGuidString($value)) { return ""; } } if (IsFloatType($type)) { return makeFloat($value); } if (IsNumberType($type) && !is_int($value)) { $value = trim($value); if (!is_numeric(str_replace(",", ".", $value))) { $value = ""; } } return $value; } else { if ($controltype == "time" || IsTimeType($type)) { if (!strlen($value)) { return ""; } $time = localtime2db($value); if ($connection->dbType == nDATABASE_PostgreSQL) { $timeArr = explode(":", $time); if ($timeArr[0] > 24 || $timeArr[1] > 59 || $timeArr[2] > 59) { return ""; } } if (IsDateFieldType($type)) { $time = "2000-01-01 " . $time; } return $time; } else { if (substr($controltype, 0, 4) == "date") { $dformat = substr($controltype, 4); if ($dformat == EDIT_DATE_SIMPLE || $dformat == EDIT_DATE_SIMPLE_INLINE || $dformat == EDIT_DATE_SIMPLE_DP) { $time = localdatetime2db($value); if ($time == "null") { return ""; } return $time; } else { if ($dformat == EDIT_DATE_DD || $dformat == EDIT_DATE_DD_INLINE || $dformat == EDIT_DATE_DD_DP) { $a = explode("-", $value); if (count($a) < 3) { return ""; } else { $y = $a[0]; $m = $a[1]; $d = $a[2]; } if ($y < 100) { if ($y < 70) { $y += 2000; } else { $y += 1900; } } return mysprintf("%04d-%02d-%02d", array($y, $m, $d)); } else { return ""; } } } else { if (substr($controltype, 0, 8) == "checkbox") { if ($value == "on") { $ret = 1; } else { if ($value == "none") { return ""; } else { $ret = 0; } } return $ret; } else { return false; } } } } }
public function validate($uploadedFile, &$file, $error, $file_size, $index, $uploadDir) { if ($error) { $file["error"] = $error; return false; } if (!$file["name"]) { $file["error"] = "File name was not provided"; return false; } if (!preg_match($this->options['accept_file_types'], $file["name"])) { $file["error"] = "File type is not acceptable"; return false; } if ($this->options['max_file_size'] && ($file_size > $this->options['max_file_size'] * 1024 || $file["size"] > $this->options['max_file_size'] * 1024)) { $file["error"] = mysprintf("File size exceeds limit of %s kbytes", array($this->options['max_file_size'])); return false; } if ($this->options['min_file_size'] && $file_size < $this->options['min_file_size'] * 1024) { $file["error"] = mysprintf("File size must not be less than %s kbytes", array($this->options['min_file_size'])); return false; } if (is_int($this->options['max_totalFile_size']) && $this->getUploadFilesSize() + $file["size"] > $this->options['max_totalFile_size'] * 1024) { $file["error"] = mysprintf("Total files size exceeds limit of %s kbytes", array($this->options['max_totalFile_size'])); return false; } if (is_int($this->options['max_number_of_files']) && ($this->getUploadFilesCount() >= $this->options['max_number_of_files'] && $this->options['max_number_of_files'] > 0)) { if ($this->options['max_number_of_files'] > 1) { $file["error"] = mysprintf("You can upload no more than %s files", array($this->options['max_number_of_files'])); } else { $file["error"] = "You can upload only one file"; } return false; } if (isImageType($uploadedFile["type"])) { $image_size = runner_getimagesize($uploadedFile["tmp_name"], $uploadedFile); $img_width = $image_size[0]; $img_height = $image_size[1]; if (is_int($img_width)) { if (($this->options['max_width'] && $img_width > $this->options['max_width'] || $this->options['max_height'] && $img_height > $this->options['max_height']) && !$this->options['resizeOnUpload']) { $file["error"] = 'maxResolution'; return false; } if ($this->options['min_width'] && $img_width < $this->options['min_width'] || $this->options['min_height'] && $img_height < $this->options['min_height']) { $file["error"] = 'minResolution'; return false; } } } return true; }
/** * EncryptValueByDB * Add to field name encryption function if field is encrypted by database * @param {string} field name * @return {string} */ function EncryptValueByDB($field, $value, $table = "") { if (!$this->isFieldEncrypted($field, $table) || isEncryptionByPHPEnabled()) { return $value; } $result = ""; $result = "pgp_sym_encrypt(%s, '%s')"; if ($result != "") { $result = mysprintf($result, array($value, $this->key)); } else { $result = $value; } return $result; }