示例#1
0
function mystery_get_table_configuration($table_id)
{
    // this function gets the configuration information for a particular
    // table and places it in the $_MYSTERY['table_info'] array.  If the
    // info already exists, the function just returns.
    global $_MYSTERY;
    // put in an array like this $tables[$table_id]['key'] = $value;
    if (isset($_MYSTERY['table_info'][$table_id])) {
        return;
    }
    // Query to see if this user has access to this table.
    if ($_SESSION['is_administrator'] == 'yes') {
        $query = 'SELECT * FROM ' . $_MYSTERY['table_prefix'] . 'tables WHERE table_id = ?';
        $params = array($table_id);
    } else {
        $query = 'SELECT * FROM ' . $_MYSTERY['table_prefix'] . 'groups_tables AS gtt LEFT JOIN ' . $_MYSTERY['table_prefix'] . 'tables AS tt ON gtt.table_id=tt.table_id WHERE gtt.table_id = ? AND group_id IN ("' . implode('","', $_SESSION['user_groups']) . '") ORDER BY access_type DESC';
        $params = array($table_id);
    }
    $table_info = mystery_select_query($query, $params);
    if (count($table_info) == 0) {
        // user has selected a table that he doesn't have access to.  Bad user...
        mystery_log_violation('Purple', 'User entered a table_id they did not have access to');
    }
    // We only get the first row.  If a user is in more than one group that has access to
    // this table, results will be unpredictable.  The results are sorted by type, so if a
    // user has table access in one of the groups, it should show up above the row level access.
    $_MYSTERY['table_info'][$table_id]['database'] = $table_info[0]['table_database'];
    $_MYSTERY['table_info'][$table_id]['real_name'] = $table_info[0]['table_real_name'];
    $_MYSTERY['table_info'][$table_id]['display_name'] = $table_info[0]['table_display_name'];
    $_MYSTERY['table_info'][$table_id]['display_comment'] = $table_info[0]['table_display_comment'];
    $_MYSTERY['table_info'][$table_id]['display_data_word'] = $table_info[0]['table_display_data_word'];
    $_MYSTERY['table_info'][$table_id]['display_field_type'] = $table_info[0]['table_display_field_type'];
    $_MYSTERY['table_info'][$table_id]['display_functions'] = $table_info[0]['table_display_functions'];
    $_MYSTERY['table_info'][$table_id]['default_action'] = $table_info[0]['table_default_action'];
    $_MYSTERY['table_info'][$table_id]['default_query'] = $table_info[0]['table_default_query'];
    $_MYSTERY['table_info'][$table_id]['default_order_field'] = $table_info[0]['table_default_order_field'];
    $_MYSTERY['table_info'][$table_id]['default_reverse_sort'] = $table_info[0]['table_default_reverse_sort'];
    $_MYSTERY['table_info'][$table_id]['default_display'] = $table_info[0]['table_default_display'];
    $_MYSTERY['table_info'][$table_id]['default_display_fields'] = $table_info[0]['table_default_display_fields'];
    $_MYSTERY['table_info'][$table_id]['default_display_rows'] = $table_info[0]['table_default_display_rows'];
    $_MYSTERY['table_info'][$table_id]['default_display_width'] = $table_info[0]['table_default_display_width'];
    $_MYSTERY['table_info'][$table_id]['primary_key'] = $table_info[0]['table_primary_key'];
    $_MYSTERY['table_info'][$table_id]['owner_key'] = $table_info[0]['table_owner_key'];
    $_MYSTERY['table_info'][$table_id]['owner_type'] = $table_info[0]['table_owner_type'];
    $_MYSTERY['table_info'][$table_id]['is_many_to_many'] = $table_info[0]['table_is_many_to_many'];
    if ($_SESSION['is_administrator'] == 'yes') {
        // allow administrator all access
        $_MYSTERY['table_info'][$table_id]['access_type'] = 'table';
        $_MYSTERY['table_info'][$table_id]['select_access'] = 'yes';
        $_MYSTERY['table_info'][$table_id]['insert_access'] = 'yes';
        $_MYSTERY['table_info'][$table_id]['update_access'] = 'yes';
        $_MYSTERY['table_info'][$table_id]['delete_access'] = 'yes';
        $_MYSTERY['table_info'][$table_id]['effective_group_id'] = '1';
    } else {
        // set access depending on the user's group's permissions
        $_MYSTERY['table_info'][$table_id]['access_type'] = $table_info[0]['access_type'];
        $_MYSTERY['table_info'][$table_id]['select_access'] = $table_info[0]['select_access'];
        $_MYSTERY['table_info'][$table_id]['insert_access'] = $table_info[0]['insert_access'];
        $_MYSTERY['table_info'][$table_id]['update_access'] = $table_info[0]['update_access'];
        $_MYSTERY['table_info'][$table_id]['delete_access'] = $table_info[0]['delete_access'];
        $_MYSTERY['table_info'][$table_id]['effective_group_id'] = $table_info[0]['group_id'];
    }
    if ($_MYSTERY['table_info'][$table_id]['select_access'] != 'yes' && $_MYSTERY['table_info'][$table_id]['insert_access'] != 'yes' && $_MYSTERY['table_info'][$table_id]['update_access'] != 'yes' && $_MYSTERY['table_info'][$table_id]['delete_access'] != 'yes') {
        mystery_display_user_error('Cannot access ' . $_MYSTERY['word_that_means_table']);
        echo '
		<p>The groups that you are a member of do not have any access to 
		the ' . $_MYSTERY['word_that_means_table'] . ': 
		' . $_MYSTERY['table_info'][$table_id]['display_name'] . '</p>
		';
        mystery_display_admin_contact_info();
        mystery_footer();
    }
    // Get all of the related items for this table
    mystery_get_table_owners_list($table_id);
    mystery_get_table_custom_menu_items($table_id);
    mystery_get_table_custom_actions($table_id);
    mystery_get_table_foreign_keys($table_id);
    mystery_get_table_hidden_fields($table_id);
    mystery_get_table_view_only_fields($table_id);
    mystery_get_table_binary_fields($table_id);
    mystery_get_table_custom_triggers($table_id);
    mystery_get_table_related_tables($table_id);
    mystery_get_table_portal_relation_1($table_id);
    mystery_get_table_portal_relation_2($table_id);
}
// mystery_db_connect();
// use our custom session handlers instead of the PHP defaults
session_set_save_handler('mystery_session_open', 'mystery_session_close', 'mystery_session_read', 'mystery_session_write', 'mystery_session_destroy', 'mystery_session_gc');
// start the session
session_name($portal_config['session_name']);
session_start();
// allow the users to use the back button
header('Cache-control: private');
// use our custom error handler instead of the PHP default
set_error_handler('mystery_error_handler');
// catch all possible errors
ini_set('error_reporting', E_ALL);
// start the timer
mystery_time_results('start');
// configure the application
if (!mystery_configure()) {
    if (mystery_check_installation_status()) {
        mystery_header();
        mystery_display_user_error('Configuration Problem');
        echo '
		<p>Could not load the main system configuration.  The system
		Administrator should verify that the system is correctly
		installed and configured.</p>
		';
        mystery_footer();
    } else {
        mystery_header();
        mystery_display_installation_options();
        mystery_footer();
    }
}
示例#3
0
function mystery_process_user_info_form()
{
    // this function processes a user's info update form.
    global $_MYSTERY;
    // set elements in the data array and update the session
    $_SESSION['user_first_name'] = $data['user_first_name'] = $_REQUEST['user_first_name'];
    $_SESSION['user_last_name'] = $data['user_last_name'] = $_REQUEST['user_last_name'];
    $_SESSION['user_email'] = $data['user_email'] = $_REQUEST['user_email'];
    if ($_MYSTERY['allow_username_changes'] == 'yes') {
        $_SESSION['user_username'] = $data['user_username'] = $_REQUEST['user_username'];
    }
    // check to see if the passwords match and are set.  If not, display error and the form again
    if ($_REQUEST['password_one'] != '') {
        // user want's to change password
        if ($_REQUEST['password_one'] != $_REQUEST['password_two']) {
            mystery_display_user_error('Your passwords do not match. Please try again.');
            mystery_display_user_info_form();
            return;
        } else {
            // passwords match, add to the update data array
            $data['user_password'] = md5($_REQUEST['password_one']);
        }
    }
    // prepare the rest of the items for the update query
    $table = $_MYSTERY['table_prefix'] . 'users';
    $key = 'user_id';
    $key_value = $_SESSION['user_id'];
    // perform the update query
    if (mystery_update_query($table, $data, $key, $key_value)) {
        mystery_display_user_feedback('Update Successful!');
        echo '
		<p>Your personal information was updated successfully.  Any username/password change
		will take effect at your next login.</p>
		
		<p><a href="', $_SERVER['SCRIPT_NAME'], '">Return to the Main Menu</a></p>
		';
    } else {
        mystery_display_user_error('Could not update Personal Information.');
        mystery_display_admin_contact_info();
    }
}