/** * 在XxxxAction模块或方法调用之前,执行绑定的过滤器(如果有) * 参数:Action名称,如'Test';方法名,如'test'. * 该方法仅供ActionUtil::invokeAction()、XxxxAction__call()、ActionUtil::__call()调用,以实现调用前先过滤的功能。 */ public static function doFilterIfHasIt($action, $method) { //获取XxxxAction通过实现Filter而绑定的所有过滤器方法 $filters = get_class_methods($action . 'Action'); if (!$filters) { return; } //第一步、执行内置过滤器方法(绑定在XxxxAction模块的默认过滤器),如果有 if ($filters && in_array('doFilter', $filters)) { ActionUtil::action($action)->doFilter(); } //获取XxxxAction通过定义XxxxFilter而绑定的所有过滤器方法 $filters = get_class_methods($action . 'Filter'); if (!$filters) { return; } //第二步、再执行绑定在Action模块的后续过滤器链,如果有 $i = 0; while ($filters && ++$i <= count($filters) && in_array('doFilter_' . $i, $filters)) { eval('FilterUtil::filter($action)->doFilter_' . $i . '();'); } //第三步、执行Action方法绑定的单过滤器(与方法名同名),如果有 if (in_array($method, $filters)) { FilterUtil::filter($action)->{$method}(); } //第四步、再执行绑定在Action方法的后续过滤器链,如果有 $i = 0; while ($filters && ++$i <= count($filters) && in_array($method . '_' . $i, $filters)) { eval('FilterUtil::filter($action)->' . $method . '_' . $i . '();'); } }
public function getAllLogs() { $conn = self::$db->getConnection(); $query = FilterUtil::applyFilter(self::$SELECT_ALL); $stmt = $conn->prepare($query); $stmt->execute(); $error = $stmt->errorInfo(); $rows = $stmt->fetchAll(); $mainArray = array(); foreach ($rows as $row) { $array = array(); $array["timestamp"] = $row["timestamp"]; $array["message"] = $row["message"]; $array["level"] = $row["level"]; $array["file"] = $row["file"]; $array["line"] = $row["line"]; array_push($mainArray, $array); } return $mainArray; }
/** * A catch all page for roles. * * This action renders a page with forms for the creation, editing, and deletion * of roles. It also displays a grid with all user created roles (default * roles are not included and cannot be edited this way). */ public function actionManageRoles() { $dataProvider = new CActiveDataProvider('Roles'); $roles = Yii::app()->db->createCommand()->select('id, name')->from('x2_roles')->queryAll(); $model = new Roles(); $model->timeout = 60; $roleInput = FilterUtil::filterArrayInput($_POST, 'Roles'); if (!empty($roleInput)) { $model->attributes = $roleInput; $model->users = ''; $viewPermissions = FilterUtil::filterArrayInput($_POST, 'viewPermissions'); $editPermissions = FilterUtil::filterArrayInput($_POST, 'editPermissions'); $users = FilterUtil::filterArrayInput($roleInput, 'users'); $model->timeout *= 60; if ($model->timeout === 0) { $model->timeout = null; } $model->setUsers($users); $model->setViewPermissions($viewPermissions); $model->setEditPermissions($editPermissions); if ($model->save()) { } else { foreach ($model->getErrors() as $err) { $errors = $err; } $errors = implode(',', $errors); Yii::app()->user->setFlash('error', Yii::t('admin', "Unable to save role: {errors}", array('{errors}' => $errors))); } $this->redirect('manageRoles'); } $this->render('manageRoles', array('dataProvider' => $dataProvider, 'model' => $model, 'roles' => $roles)); }
*/ if (UrlUtil::URIInterceptor($_SERVER['REQUEST_URI'])) { echo $_SERVER['REQUEST_URI']; require_once APPROOT . PAGE_403; die; } /* * 分析URL参数 */ $urlInfo = UrlUtil::analyseUrlParam($_GET); // var_dump($urlInfo); $_SESSION['urlInfo'] = $urlInfo; /* * 选择性地执行全局过滤器 */ FilterUtil::globalFilter($urlInfo); /* * 根据URL信息调度 到 对应的[模块——操作]中 */ if (!ActionUtil::invokeAction($urlInfo)) { // echo ("<hr/>如果你看到这一行提示,则说明没有被调度到ActionUtil : : numOfShellArgs(){}所注册的Action方法。<hr/>"); // var_dump($urlInfo); /* 这里可再添加其它调度方式的代码【已被常规调度的有:0,1,3,4。剩余的参数状态有:2,5和 [没有注册shell或shell参数个数不符] 的状态3】。 * 一般人没必要利用这个地方,你要是读懂了源代码,就任你用! * 本框架的设计者对源码很熟悉,所以就把这个分支用作普通模板输出啦! * 如果你输入的链接[ http://server.com/ItemName/?xxx=abc ]中的abc不是URL指令, * 而且还执行到此处的时候,系统就认定这个abc是用来访问abc.php这个页面的。 * 本系统用于输出到客户端的页面默认存放于/PUBLIC_DIR_NAME/core/tpl/other/ 目录,要自定义存放位置,则需配置 [ 模板目录路径 OTHER_TEMPLATE_DIR @ /core/lib/base/env__.php ]。 * 以上输入的链接将默认访问到 /PUBLIC_DIR_NAME/core/tpl/other/abc.php 。 * 以上得到的参数'abc'的取法:$urlInfo['params'][0]。取出该参数之前,要确保$urlInfo['params']非null,并且也要确保count($urlInfo['params'])非0,以及$urlInfo['params'][0]非null. * 接下来的就是页面[模板]输出的代码:
public static function applyFilter($query, $isApplyLimit = true) { // filter data. if (isset($_GET['filterscount'])) { $filterscount = $_GET['filterscount']; if ($filterscount > 0) { if (strpos(strtolower($query), 'where') !== false) { $where = " AND ("; } else { $where = " WHERE ("; } $tmpdatafield = ""; $tmpfilteroperator = ""; for ($i = 0; $i < $filterscount; $i++) { // get the filter's value. $filtervalue = $_GET["filtervalue" . $i]; // get the filter's condition. $filtercondition = $_GET["filtercondition" . $i]; // get the filter's column. $filterdatafield = $_GET["filterdatafield" . $i]; // get the filter's operator. $filteroperator = $_GET["filteroperator" . $i]; if ($tmpdatafield == "") { $tmpdatafield = $filterdatafield; } else { if ($tmpdatafield != $filterdatafield) { $where .= ")AND("; } else { if ($tmpdatafield == $filterdatafield) { if ($tmpfilteroperator == 0) { $where .= " AND "; } else { $where .= " OR "; } } } } // build the "WHERE" clause depending on the filter's condition, value and datafield. switch ($filtercondition) { case "NOT_EMPTY": case "NOT_NULL": $where .= " " . $filterdatafield . " NOT LIKE '" . "" . "'"; break; case "EMPTY": case "NULL": $where .= " " . $filterdatafield . " LIKE '" . "" . "'"; break; case "CONTAINS_CASE_SENSITIVE": $where .= " BINARY " . $filterdatafield . " LIKE '%" . $filtervalue . "%'"; break; case "CONTAINS": $where .= " " . $filterdatafield . " LIKE '%" . $filtervalue . "%'"; break; case "DOES_NOT_CONTAIN_CASE_SENSITIVE": $where .= " BINARY " . $filterdatafield . " NOT LIKE '%" . $filtervalue . "%'"; break; case "DOES_NOT_CONTAIN": $where .= " " . $filterdatafield . " NOT LIKE '%" . $filtervalue . "%'"; break; case "EQUAL_CASE_SENSITIVE": $where .= " BINARY " . $filterdatafield . " = '" . $filtervalue . "'"; break; case "EQUAL": $where .= " " . $filterdatafield . " = '" . $filtervalue . "'"; break; case "NOT_EQUAL_CASE_SENSITIVE": $where .= " BINARY " . $filterdatafield . " <> '" . $filtervalue . "'"; break; case "NOT_EQUAL": $where .= " " . $filterdatafield . " <> '" . $filtervalue . "'"; break; case "GREATER_THAN": $where .= " " . $filterdatafield . " > '" . $filtervalue . "'"; break; case "LESS_THAN": $where .= " " . $filterdatafield . " < '" . $filtervalue . "'"; break; case "GREATER_THAN_OR_EQUAL": $where .= " " . $filterdatafield . " >= '" . $filtervalue . "'"; break; case "LESS_THAN_OR_EQUAL": $where .= " " . $filterdatafield . " <= '" . $filtervalue . "'"; break; case "STARTS_WITH_CASE_SENSITIVE": $where .= " BINARY " . $filterdatafield . " LIKE '" . $filtervalue . "%'"; break; case "STARTS_WITH": $where .= " " . $filterdatafield . " LIKE '" . $filtervalue . "%'"; break; case "ENDS_WITH_CASE_SENSITIVE": $where .= " BINARY " . $filterdatafield . " LIKE '%" . $filtervalue . "'"; break; case "ENDS_WITH": $where .= " " . $filterdatafield . " LIKE '%" . $filtervalue . "'"; break; } if ($i == $filterscount - 1) { $where .= ")"; } $tmpfilteroperator = $filteroperator; $tmpdatafield = $filterdatafield; } // build the query. $query = $query . $where; } } //apply Sorting $query = FilterUtil::appendSorting($query); //apply limit if ($isApplyLimit) { $query = FilterUtil::appendLimit($query); } return $query; }
public function FindArrByFolder($folderSeq) { $conn = self::$db->getConnection(); $query = FilterUtil::applyFilter(self::$FIND_BY_FOLDER); $stmt = $conn->prepare($query); $stmt->bindValue(':folderseq', $folderSeq); $stmt->execute(); $error = $stmt->errorInfo(); $objArr = array(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { array_push($objArr, $row); } $mainArr["Rows"] = $objArr; $mainArr["TotalRows"] = $this->getTotalCountByFolder($folderSeq); return $mainArr; }
public function FindAllUsersArr($locSeq) { $conn = self::$db_New->getConnection(); if ($locSeq != null && $locSeq > 0) { self::$SELECT_ALL_USERS_LOCATION_USERS .= " and lu.locationseq in (" . $locSeq . ")"; } $query = FilterUtil::applyFilter(self::$SELECT_ALL_USERS_LOCATION_USERS); $stmt = $conn->prepare($query); $stmt->execute(); $userArray = array(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $locationNames = $this->getLocationNamesByUser($row["seq"]); if (count(explode(",", $locSeq)) > 1) { $row["username"] .= " (" . implode(", ", $locationNames) . ")"; } array_push($userArray, $row); } $mainArr["Rows"] = $userArray; $mainArr["TotalRows"] = $this->getTotalCount(self::$SELECT_ALL_USERS_LOCATION_USERS); return $mainArr; }
/** * 监听对XxxxAction中不可见方法的调用 * 可以将需要附加过滤器的Action方法设置为protected, * 这样就可以在任何位置调用这些Action方法时先执行过滤器。 */ public function __call($method, $vars) { //先判断要执行的Action方法是否存在 if (!in_array($method, get_class_methods($this))) { return; } //执行Action绑定的过滤器,如果有。 FilterUtil::doFilterIfHasIt(substr(get_class($this), 0, -6), $method); //获取上级调用信息 $backtrace = debug_backtrace(); if (0 == strcasecmp($backtrace[1]['function'], 'eval')) { } else { if (!in_array($method, get_class_methods($backtrace[1]['class']))) { //echo "在".$backtrace[1]['class']."中,不存在$method()方法!<br>"; return; } } //构造参数表的字符串代码 $args = array(); $args_word = ''; $i = 0; foreach ($vars as $var) { $args[] = $var; $args_word .= '$args[' . $i . '],'; $i++; } $args_word = rtrim($args_word, ','); $execute = '$this->' . $method . '(' . $args_word . ');'; eval($execute); }
public function executeAttributeQuery($attributes, $colValuePair, $isApplyFilter = false) { foreach ($colValuePair as $key => $value) { if ($value != '') { $query_array[] = $key . ' = ' . "'" . $value . "'"; } } $columns = implode(", ", $attributes); $query = "SELECT " . $columns . " FROM " . $this->tableName . " WHERE " . implode(" AND ", $query_array); if ($isApplyFilter) { $query = FilterUtil::applyFilter($query, false); } $db = MainDB::getInstance(); $conn = $db->getConnection(); $sth = $conn->prepare($query); $sth->execute(); //$this->throwException($sth->errorInfo()); $objList = $sth->fetchAll(); return $objList; }
public function FindJsonByLocationSeqs($locationSeqs) { $conn = self::$db->getConnection(); $FIND_BY_LOCATION_SEQS = "select * from folder where locationseq in({$locationSeqs})"; $query = FilterUtil::applyFilter($FIND_BY_LOCATION_SEQS); $stmt = $conn->prepare($query); $stmt->execute(); $arr = array(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { array_push($arr, $this->getJsonArray($row)); } $mainArr["Rows"] = $arr; $mainArr["TotalRows"] = $this->getTotalCount($FIND_BY_LOCATION_SEQS); return json_encode($mainArr); }