Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
96224d0d1e | ||
|
|
9bae54af71 | ||
|
|
b12ded8ae3 | ||
|
|
1aa8f80409 | ||
|
|
c88f9236e9 | ||
|
|
a828af6a81 | ||
|
|
9e9770d3ef |
10
4dev/update/20140822_edit_update/edit_tables.sql
Normal file
10
4dev/update/20140822_edit_update/edit_tables.sql
Normal file
@@ -0,0 +1,10 @@
|
||||
-- update edit tables
|
||||
-- add login error count and last login error
|
||||
|
||||
-- count login errors
|
||||
ALTER TABLE edit_user ADD login_error_count INT DEFAULT 0;
|
||||
-- last login error date
|
||||
ALTER TABLE edit_user ADD login_error_date TIMESTAMP WITHOUT TIME ZONE;
|
||||
-- if this is set to true, this user gets locked after max login errors are reached
|
||||
ALTER TABLE edit_user ADD strict SMALLINT DEFAULT 0;
|
||||
ALTER TABLE edit_user ADD locked SMALLINT DEFAULT 0;
|
||||
@@ -222,12 +222,16 @@
|
||||
switch ($form->my_page_name)
|
||||
{
|
||||
case "edit_users":
|
||||
$elements[] = $form->form_create_element("login_error_count");
|
||||
$elements[] = $form->form_create_element("login_error_date");
|
||||
$elements[] = $form->form_create_element("enabled");
|
||||
$elements[] = $form->form_create_element("username");
|
||||
$elements[] = $form->form_create_element("password");
|
||||
$elements[] = $form->form_create_element("email");
|
||||
$elements[] = $form->form_create_element("edit_group_id");
|
||||
$elements[] = $form->form_create_element("edit_access_right_id");
|
||||
$elements[] = $form->form_create_element("strict");
|
||||
$elements[] = $form->form_create_element("locked");
|
||||
$elements[] = $form->form_create_element("admin");
|
||||
$elements[] = $form->form_create_element("debug");
|
||||
$elements[] = $form->form_create_element("db_debug");
|
||||
@@ -253,7 +257,7 @@
|
||||
for ($i = 0; $i < count($output); $i ++)
|
||||
{
|
||||
$t_q = "('".$form->db_escape_string($output[$i])."')";
|
||||
$form->db_exec($q.$t_q);
|
||||
$form->db_exec($q.$t_q, 'NULL');
|
||||
}
|
||||
$elements[] = $form->form_create_element("filename");
|
||||
}
|
||||
@@ -315,7 +319,6 @@
|
||||
|
||||
// debug data, if DEBUG flag is on, this data is print out
|
||||
$DEBUG_DATA['DEBUG'] = $DEBUG_TMPL;
|
||||
$DEBUG_DATA['Id'] = '$Id: edit_base.inc 4897 2014-02-06 08:16:56Z gullevek $';
|
||||
|
||||
// create main data array
|
||||
$CONTENT_DATA = array_merge($HEADER, $DATA, $DEBUG_DATA);
|
||||
|
||||
@@ -29,7 +29,6 @@
|
||||
// set session name
|
||||
define('SET_SESSION_NAME', EDIT_SESSION_NAME);
|
||||
require(LIBS."Class.Login.inc");
|
||||
require(LIBS."Class.DB.IO.inc");
|
||||
require(LIBS.'Class.Smarty.Extend.inc');
|
||||
|
||||
// default lang
|
||||
@@ -195,7 +194,6 @@
|
||||
|
||||
// debug data, if DEBUG flag is on, this data is print out
|
||||
$DEBUG_DATA['DEBUG'] = $DEBUG_TMPL;
|
||||
$DEBUG_DATA['Id'] = '$Id: edit_order.php 4897 2014-02-06 08:16:56Z gullevek $';
|
||||
|
||||
// create main data array
|
||||
$CONTENT_DATA = array_merge($HEADER, $DATA, $DEBUG_DATA);
|
||||
|
||||
@@ -475,10 +475,6 @@ $cms->debug('file_upload', "ERROR: $error | INI FSize: ".ini_get("upload_max_fil
|
||||
|
||||
//------------------------------ processing data end
|
||||
|
||||
//------------------------------ debug data
|
||||
$DEBUG_DATA['Id'] = '$Id: files.php 4897 2014-02-06 08:16:56Z gullevek $';
|
||||
//------------------------------ debug data
|
||||
|
||||
//------------------------------ smarty start
|
||||
require("smarty.inc");
|
||||
//------------------------------ smarty end
|
||||
|
||||
@@ -86,7 +86,6 @@
|
||||
// debug data, if DEBUG flag is on, this data is print out
|
||||
$cms->DEBUG_DATA['debug_error_msg'] = $cms->running_time();
|
||||
$cms->DEBUG_DATA['DEBUG'] = $DEBUG_TMPL;
|
||||
$cms->DEBUG_DATA['Id'] = '$Id: smarty.inc 4897 2014-02-06 08:16:56Z gullevek $';
|
||||
|
||||
// create main data array
|
||||
$cms->CONTENT_DATA = array_merge($cms->HEADER, $cms->DATA, $cms->DEBUG_DATA);
|
||||
|
||||
@@ -32,6 +32,26 @@
|
||||
"0" => "No"
|
||||
)
|
||||
),
|
||||
"strict" => array (
|
||||
"value" => $GLOBALS["strict"],
|
||||
"output_name" => "Strict (Lock after errors)",
|
||||
"type" => "binary",
|
||||
"int" => 1,
|
||||
"element_list" => array (
|
||||
"1" => "Yes",
|
||||
"0" => "No"
|
||||
)
|
||||
),
|
||||
"locked" => array (
|
||||
"value" => $GLOBALS["locked"],
|
||||
"output_name" => "Locked (auto set if strict with errors)",
|
||||
"type" => "binary",
|
||||
"int" => 1,
|
||||
"element_list" => array (
|
||||
"1" => "Yes",
|
||||
"0" => "No"
|
||||
)
|
||||
),
|
||||
"admin" => array (
|
||||
"value" => $GLOBALS["admin"],
|
||||
"output_name" => "Admin",
|
||||
@@ -98,12 +118,25 @@
|
||||
"type" => "drop_down_db",
|
||||
"query" => "SELECT edit_access_right_id, name FROM edit_access_right ORDER BY level"
|
||||
),
|
||||
"login_error_count" => array (
|
||||
"output_name" => "Login error count",
|
||||
"value" => $GLOBALS['login_error_count'],
|
||||
"type" => "view",
|
||||
"empty" => "0"
|
||||
),
|
||||
"login_error_date" => array (
|
||||
"output_name" => "Last login error",
|
||||
"value" => $GLOBALS['login_error_date'],
|
||||
"type" => "view",
|
||||
"empty" => "-"
|
||||
),
|
||||
// planned delete lock flag
|
||||
"protected" => array (
|
||||
"value" => $GLOBALS["protected"],
|
||||
"int" => 1
|
||||
)
|
||||
),
|
||||
"load_query" => "SELECT edit_user_id, username, enabled, debug, db_debug FROM edit_user ORDER BY username",
|
||||
"load_query" => "SELECT edit_user_id, username, enabled, debug, db_debug, strict, locked, login_error_count FROM edit_user ORDER BY username",
|
||||
"table_name" => "edit_user",
|
||||
"show_fields" => array (
|
||||
array (
|
||||
@@ -124,6 +157,20 @@
|
||||
"binary" => array("Yes", "No"),
|
||||
"before_value" => "DB Debug: "
|
||||
),
|
||||
array (
|
||||
"name" => "strict",
|
||||
"binary" => array("Yes", "No"),
|
||||
"before_value" => "Strict: "
|
||||
),
|
||||
array (
|
||||
"name" => "locked",
|
||||
"binary" => array("Yes", "No"),
|
||||
"before_value" => "Locked: "
|
||||
),
|
||||
array (
|
||||
"name" => "login_error_count",
|
||||
"before_value" => "Errors: "
|
||||
)
|
||||
),
|
||||
"element_list" => array (
|
||||
"edit_access_user" => array (
|
||||
|
||||
10308
www/layout/admin/default/javascript/jquery-1.11.1.js
vendored
Normal file
10308
www/layout/admin/default/javascript/jquery-1.11.1.js
vendored
Normal file
File diff suppressed because it is too large
Load Diff
4
www/layout/admin/default/javascript/jquery-1.11.1.min.js
vendored
Normal file
4
www/layout/admin/default/javascript/jquery-1.11.1.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
9190
www/layout/admin/default/javascript/jquery-2.1.1.js
vendored
Normal file
9190
www/layout/admin/default/javascript/jquery-2.1.1.js
vendored
Normal file
File diff suppressed because it is too large
Load Diff
4
www/layout/admin/default/javascript/jquery-2.1.1.min.js
vendored
Normal file
4
www/layout/admin/default/javascript/jquery-2.1.1.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
@@ -1 +1 @@
|
||||
jquery-1.8.2.min.js
|
||||
jquery-1.11.1.js
|
||||
@@ -1 +1 @@
|
||||
prototype-1.7.1.0.js
|
||||
scriptaculous/prototype.js
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
1
www/layout/admin/default/javascript/scriptaculous/prototype.js
vendored
Symbolic link
1
www/layout/admin/default/javascript/scriptaculous/prototype.js
vendored
Symbolic link
@@ -0,0 +1 @@
|
||||
prototype-1.7.2.0.js
|
||||
@@ -14,6 +14,9 @@
|
||||
</td>
|
||||
<td class="{$element.color}" class="normal">
|
||||
{* here is depending on type the content data *}
|
||||
{if $element.type == 'view'}
|
||||
{$element.data.value}
|
||||
{/if}
|
||||
{if $element.type == 'binary' || $element.type == 'radio_array'}
|
||||
{html_radios values=$element.data.value output=$element.data.output name=$element.data.name selected=$element.data.checked separator=$element.data.separator}
|
||||
{/if}
|
||||
|
||||
@@ -162,6 +162,8 @@
|
||||
|
||||
// get the session pages array
|
||||
$pages = $_SESSION["PAGES"];
|
||||
if (!is_array($pages))
|
||||
$pages = array ();
|
||||
|
||||
//$this->debug('pages', $this->print_ar($pages));
|
||||
|
||||
|
||||
@@ -133,9 +133,9 @@
|
||||
public function db_dump_array($write = 0)
|
||||
{
|
||||
reset($this->table_array);
|
||||
while(list($spalte, $werte_array) = each($this->table_array))
|
||||
while(list($column, $data_array) = each($this->table_array))
|
||||
{
|
||||
$string .= "<b>".$spalte."</b> -> ".$werte_array["value"]."<br>";
|
||||
$string .= "<b>".$column."</b> -> ".$data_array["value"]."<br>";
|
||||
}
|
||||
// add output to internal error_msg
|
||||
if ($write)
|
||||
@@ -184,12 +184,12 @@
|
||||
public function db_reset_array($reset_pk = 0)
|
||||
{
|
||||
reset($this->table_array);
|
||||
while(list($spalte, $werte_array) = each($this->table_array))
|
||||
while(list($column, $data_array) = each($this->table_array))
|
||||
{
|
||||
if (!$this->table_array[$spalte]["pk"])
|
||||
unset($this->table_array[$spalte]["value"]);
|
||||
if (!$this->table_array[$column]["pk"])
|
||||
unset($this->table_array[$column]["value"]);
|
||||
else if ($reset_pk)
|
||||
unset($this->table_array[$spalte]["value"]);
|
||||
unset($this->table_array[$column]["value"]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -208,27 +208,27 @@
|
||||
$q .= $this->pk_name." = ".$this->table_array[$this->pk_name]["value"]." ";
|
||||
// delete files and build FK query
|
||||
reset($this->table_array);
|
||||
while(list($spalte, $werte_array) = each($this->table_array))
|
||||
while(list($column, $data_array) = each($this->table_array))
|
||||
{
|
||||
// suchen nach bildern und löschen ...
|
||||
if ($this->table_array[$spalte]["file"] && file_exists($this->table_array[$spalte]["url"].$this->table_array[$spalte]["value"]))
|
||||
if ($this->table_array[$column]["file"] && file_exists($this->table_array[$column]["url"].$this->table_array[$column]["value"]))
|
||||
{
|
||||
if (file_exists($this->table_array[$spalte]["path"].$this->table_array[$spalte]["value"]))
|
||||
unlink($this->table_array[$spalte]["path"].$this->table_array[$spalte]["value"]);
|
||||
$dateiname = str_replace("_tn", "", $this->table_array[$spalte]["value"]);
|
||||
if (file_exists($this->table_array[$spalte]["path"].$dateiname))
|
||||
unlink($this->table_array[$spalte]["path"].$dateiname);
|
||||
if (file_exists($this->table_array[$column]["path"].$this->table_array[$column]["value"]))
|
||||
unlink($this->table_array[$column]["path"].$this->table_array[$column]["value"]);
|
||||
$dateiname = str_replace("_tn", "", $this->table_array[$column]["value"]);
|
||||
if (file_exists($this->table_array[$column]["path"].$dateiname))
|
||||
unlink($this->table_array[$column]["path"].$dateiname);
|
||||
}
|
||||
|
||||
if ($this->table_array[$spalte]["fk"])
|
||||
if ($this->table_array[$column]["fk"])
|
||||
{
|
||||
// zusammenstellen der FKs
|
||||
if ($q_where)
|
||||
$q_where .= " AND ";
|
||||
$q_where .= $spalte." = ".$this->table_array[$spalte]["value"];
|
||||
$q_where .= $column." = ".$this->table_array[$column]["value"];
|
||||
}
|
||||
// allgemeines zurücksetzen des arrays
|
||||
unset($this->table_array[$spalte]["value"]);
|
||||
unset($this->table_array[$column]["value"]);
|
||||
}
|
||||
|
||||
// attach fk row if there ...
|
||||
@@ -257,18 +257,18 @@
|
||||
return $this->table_array;
|
||||
reset($this->table_array);
|
||||
// create select part & addition FK part
|
||||
while (list($spalte, $werte_array)=each($this->table_array))
|
||||
while (list($column, $data_array)=each($this->table_array))
|
||||
{
|
||||
if ($q_select)
|
||||
$q_select .= ", ";
|
||||
$q_select .= $spalte;
|
||||
$q_select .= $column;
|
||||
|
||||
// check FK ...
|
||||
if ($this->table_array[$spalte]["fk"] && $this->table_array[$spalte]["value"])
|
||||
if ($this->table_array[$column]["fk"] && $this->table_array[$column]["value"])
|
||||
{
|
||||
if ($q_where)
|
||||
$q_where .= " AND ";
|
||||
$q_where .= $spalte .= " = ".$this->table_array[$spalte]["value"];
|
||||
$q_where .= $column .= " = ".$this->table_array[$column]["value"];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -285,23 +285,23 @@
|
||||
if ($res = $this->db_fetch_array())
|
||||
{
|
||||
reset($this->table_array);
|
||||
while (list($spalte, $werte_array) = each($this->table_array))
|
||||
while (list($column, $data_array) = each($this->table_array))
|
||||
{
|
||||
// wenn "edit" dann gib daten wie in DB zurück, ansonten aufbereiten für ausgabe
|
||||
// ?? sollte das nicht draußen ??? man weis ja net was da drin steht --> is noch zu überlegen
|
||||
// echo "EDIT: $edit | Spalte: $spalte | type: ".$this->table_array[$spalte]["type"]." | Res: ".$res[$spalte]."<br>";
|
||||
// echo "EDIT: $edit | Spalte: $column | type: ".$this->table_array[$column]["type"]." | Res: ".$res[$column]."<br>";
|
||||
if ($edit)
|
||||
{
|
||||
$this->table_array[$spalte]["value"] = $res[$spalte];
|
||||
$this->table_array[$column]["value"] = $res[$column];
|
||||
// if password, also write to hidden
|
||||
if ($this->table_array[$spalte]["type"] == "password")
|
||||
if ($this->table_array[$column]["type"] == "password")
|
||||
{
|
||||
$this->table_array[$spalte]["HIDDEN_value"] = $res[$spalte];
|
||||
$this->table_array[$column]["HIDDEN_value"] = $res[$column];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->table_array[$spalte]["value"] = $this->convert_data(nl2br($res[$spalte]));
|
||||
$this->table_array[$column]["value"] = $this->convert_data(nl2br($res[$column]));
|
||||
// had to put out the htmlentities from the line above as it breaks japanese characters
|
||||
}
|
||||
}
|
||||
@@ -335,58 +335,58 @@
|
||||
$insert = 0;
|
||||
|
||||
reset ($this->table_array);
|
||||
while (list($spalte, $werte_array) = each($this->table_array))
|
||||
while (list($column, $data_array) = each($this->table_array))
|
||||
{
|
||||
|
||||
/********************************* START FILE *************************************/
|
||||
// file upload
|
||||
if ($this->table_array[$spalte]["file"])
|
||||
if ($this->table_array[$column]["file"])
|
||||
{
|
||||
// falls was im tmp drinnen, sprich ein upload, datei kopieren, Dateinamen in db schreiben
|
||||
// falls datei schon am server (physischer pfad), dann einfach url in db schreiben (update)
|
||||
// falls in "delete" "ja" dann loeschen (und gibts eh nur beim update)
|
||||
if ($this->table_array[$spalte]["delete"])
|
||||
if ($this->table_array[$column]["delete"])
|
||||
{
|
||||
unset($this->table_array[$spalte]["delete"]);
|
||||
if (file_exists($this->table_array[$spalte]["path"].$this->table_array[$spalte]["value"]))
|
||||
unlink($this->table_array[$spalte]["path"].$this->table_array[$spalte]["value"]);
|
||||
$dateiname = str_replace("_tn", "", $this->table_array[$spalte]["value"]);
|
||||
if (file_exists($this->table_array[$spalte]["path"].$dateiname))
|
||||
unlink($this->table_array[$spalte]["path"].$dateiname);
|
||||
$this->table_array[$spalte]["value"] = "";
|
||||
unset($this->table_array[$column]["delete"]);
|
||||
if (file_exists($this->table_array[$column]["path"].$this->table_array[$column]["value"]))
|
||||
unlink($this->table_array[$column]["path"].$this->table_array[$column]["value"]);
|
||||
$dateiname = str_replace("_tn", "", $this->table_array[$column]["value"]);
|
||||
if (file_exists($this->table_array[$column]["path"].$dateiname))
|
||||
unlink($this->table_array[$column]["path"].$dateiname);
|
||||
$this->table_array[$column]["value"] = "";
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($this->table_array[$spalte]["tmp"] != "none" && $this->table_array[$spalte]["tmp"])
|
||||
if ($this->table_array[$column]["tmp"] != "none" && $this->table_array[$column]["tmp"])
|
||||
{
|
||||
// Dateiname zusammenbasteln: org-name + _pkid liste + .ext
|
||||
list($name, $ext) = explode(".",$this->table_array[$spalte]["dn"]);
|
||||
list($name, $ext) = explode(".",$this->table_array[$column]["dn"]);
|
||||
|
||||
// mozilla, patch
|
||||
$fn_name = explode("/", $this->table_array[$spalte]["dn"]);
|
||||
$this->table_array[$spalte]["dn"] = $fn_name[count($fn_name)-1];
|
||||
$filename_parts = explode(".", $this->table_array[$spalte]["dn"]);
|
||||
$fn_name = explode("/", $this->table_array[$column]["dn"]);
|
||||
$this->table_array[$column]["dn"] = $fn_name[count($fn_name)-1];
|
||||
$filename_parts = explode(".", $this->table_array[$column]["dn"]);
|
||||
$ext = end($filename_parts);
|
||||
array_splice($filename_parts, -1, 1);
|
||||
$name = str_replace(" ", "_", implode(".", $filename_parts));
|
||||
//echo "PK: $pk_ids_file<br>";
|
||||
$dateiname = $name.$pk_ids_file.".".$ext;
|
||||
//echo "Dn: $dateiname";
|
||||
copy($this->table_array[$spalte]["tmp"], $this->table_array[$spalte]["path"].$dateiname);
|
||||
copy($this->table_array[$column]["tmp"], $this->table_array[$column]["path"].$dateiname);
|
||||
// automatisch thumbnail generieren, geht nur mit convert (ImageMagic!!!), aber nur bei bild ..
|
||||
if (strtolower($ext) == "jpeg" || strtolower($ext) == "jpg" || strtolower($ext) == "gif" || strtolower($ext) == "png")
|
||||
{
|
||||
$dateiname_tn = $name.$pk_ids_file."_tn.".$ext;
|
||||
$eingang = $this->table_array[$spalte]["path"].$dateiname;
|
||||
$ausgang = $this->table_array[$spalte]["path"].$dateiname_tn;
|
||||
$eingang = $this->table_array[$column]["path"].$dateiname;
|
||||
$ausgang = $this->table_array[$column]["path"].$dateiname_tn;
|
||||
$com = "convert -geometry 115 $eingang $ausgang";
|
||||
exec($com);
|
||||
$this->table_array[$spalte]["value"] = $dateiname_tn;
|
||||
$this->table_array[$column]["value"] = $dateiname_tn;
|
||||
}
|
||||
else
|
||||
$this->table_array[$spalte]["value"] = $dateiname;
|
||||
$this->table_array[$column]["value"] = $dateiname;
|
||||
}
|
||||
else if (file_exists($this->table_array[$spalte]["path"].$this->table_array[$spalte]["value"]))
|
||||
else if (file_exists($this->table_array[$column]["path"].$this->table_array[$column]["value"]))
|
||||
{
|
||||
// mach gar nix, wenn bild schon da ???
|
||||
}
|
||||
@@ -394,16 +394,17 @@
|
||||
} // file IF
|
||||
/********************************* END FILE **************************************/
|
||||
|
||||
if (!$this->table_array[$spalte]["pk"] && strlen($spalte) > 0 )
|
||||
// do not write 'pk' (primary key) or 'view' values
|
||||
if (!$this->table_array[$column]["pk"] && $this->table_array[$column]['type'] != 'view' && strlen($column) > 0 )
|
||||
{
|
||||
// for password use hidden value if main is not set
|
||||
if ($this->table_array[$spalte]["type"] == "password" && !$this->table_array[$spalte]["value"])
|
||||
$this->table_array[$spalte]["value"] = $this->table_array[$spalte]["HIDDEN_value"];
|
||||
if ($this->table_array[$column]["type"] == "password" && !$this->table_array[$column]["value"])
|
||||
$this->table_array[$column]["value"] = $this->table_array[$column]["HIDDEN_value"];
|
||||
if (!$insert)
|
||||
{
|
||||
if (strlen($q_data))
|
||||
$q_data .= ", ";
|
||||
$q_data .= $spalte." = ";
|
||||
$q_data .= $column." = ";
|
||||
}
|
||||
else
|
||||
// this is insert
|
||||
@@ -412,19 +413,19 @@
|
||||
$q_data .= ", ";
|
||||
if ($q_vars)
|
||||
$q_vars .= ", ";
|
||||
$q_vars .= $spalte;
|
||||
$q_vars .= $column;
|
||||
|
||||
}
|
||||
// integer is different
|
||||
if ($this->table_array[$spalte]["int"] || $this->table_array[$spalte]["int_null"])
|
||||
if ($this->table_array[$column]["int"] || $this->table_array[$column]["int_null"])
|
||||
{
|
||||
$this->debug('write_check', "[$spalte][".$this->table_array[$spalte]["value"]."] Foo: ".isset($this->table_array[$spalte]["value"])." | ".$this->table_array[$spalte]["int_null"]);
|
||||
if (!$this->table_array[$spalte]["value"] && $this->table_array[$spalte]["int_null"])
|
||||
$this->debug('write_check', "[$column][".$this->table_array[$column]["value"]."] Foo: ".isset($this->table_array[$column]["value"])." | ".$this->table_array[$column]["int_null"]);
|
||||
if (!$this->table_array[$column]["value"] && $this->table_array[$column]["int_null"])
|
||||
$_value = 'NULL';
|
||||
elseif (!isset($this->table_array[$spalte]["value"]))
|
||||
elseif (!isset($this->table_array[$column]["value"]))
|
||||
$_value = 0;
|
||||
else
|
||||
$_value = $this->table_array[$spalte]["value"];
|
||||
$_value = $this->table_array[$column]["value"];
|
||||
$q_data .= $_value;
|
||||
}
|
||||
else
|
||||
@@ -433,9 +434,9 @@ $this->debug('write_check', "[$spalte][".$this->table_array[$spalte]["value"]."]
|
||||
$q_data .= "'";
|
||||
// if add slashes do convert & add slashes else write AS is
|
||||
if ($addslashes)
|
||||
$q_data .= $this->db_escape_string($this->convert_entities($this->table_array[$spalte]["value"]));
|
||||
$q_data .= $this->db_escape_string($this->convert_entities($this->table_array[$column]["value"]));
|
||||
else
|
||||
$q_data .= addslashes($this->table_array[$spalte]["value"]);
|
||||
$q_data .= addslashes($this->table_array[$column]["value"]);
|
||||
$q_data .= "'";
|
||||
}
|
||||
}
|
||||
@@ -445,14 +446,14 @@ $this->debug('write_check', "[$spalte][".$this->table_array[$spalte]["value"]."]
|
||||
// get it at the end, cause now we can be more sure of no double IDs, etc
|
||||
reset($this->table_array);
|
||||
// create select part & addition FK part
|
||||
while (list($spalte, $werte_array) = each($this->table_array))
|
||||
while (list($column, $data_array) = each($this->table_array))
|
||||
{
|
||||
// check FK ...
|
||||
if ($this->table_array[$spalte]["fk"] && $this->table_array[$spalte]["value"])
|
||||
if ($this->table_array[$column]["fk"] && $this->table_array[$column]["value"])
|
||||
{
|
||||
if ($q_where)
|
||||
$q_where .= " AND ";
|
||||
$q_where .= $spalte .= " = ".$this->table_array[$spalte]["value"];
|
||||
$q_where .= $column .= " = ".$this->table_array[$column]["value"];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -600,7 +600,7 @@
|
||||
}
|
||||
|
||||
// METHOD _db_prepare_exec
|
||||
// PARAMS query, primary key
|
||||
// PARAMS query, primary key [if set to NULL no returning will be added]
|
||||
// RETURN md5 OR boolean false on error
|
||||
// DESC sub function for db_exec and db_exec_async
|
||||
// * checks query is set
|
||||
@@ -643,29 +643,32 @@
|
||||
// if we do have an insert, check if there is no RETURNING pk_id, add it if I can get the PK id
|
||||
if ($this->_check_query_for_insert($this->query, true))
|
||||
{
|
||||
if (!$pk_name)
|
||||
{
|
||||
// TODO: get primary key from table name
|
||||
list($schema, $table) = $this->_db_return_table($this->query);
|
||||
if (!$this->pk_name_table[$table])
|
||||
{
|
||||
$this->pk_name_table[$table] = $this->db_functions->_db_primary_key($table, $schema);
|
||||
}
|
||||
$pk_name = $this->pk_name_table[$table];
|
||||
}
|
||||
$this->pk_name = $pk_name;
|
||||
if (!preg_match("/ returning /i", $this->query) && $this->pk_name)
|
||||
if ($pk_name != 'NULL')
|
||||
{
|
||||
$this->query .= " RETURNING ".$this->pk_name;
|
||||
$this->returning_id = true;
|
||||
}
|
||||
elseif (preg_match("/ returning (.*)/i", $this->query, $matches) && $this->pk_name)
|
||||
{
|
||||
if (!preg_match("/$this->pk_name/", $matches[1]))
|
||||
if (!$pk_name)
|
||||
{
|
||||
$this->query .= " , ".$this->pk_name;
|
||||
// TODO: get primary key from table name
|
||||
list($schema, $table) = $this->_db_return_table($this->query);
|
||||
if (!$this->pk_name_table[$table])
|
||||
{
|
||||
$this->pk_name_table[$table] = $this->db_functions->_db_primary_key($table, $schema);
|
||||
}
|
||||
$pk_name = $this->pk_name_table[$table];
|
||||
}
|
||||
if (!preg_match("/ returning /i", $this->query) && $this->pk_name)
|
||||
{
|
||||
$this->query .= " RETURNING ".$this->pk_name;
|
||||
$this->returning_id = true;
|
||||
}
|
||||
elseif (preg_match("/ returning (.*)/i", $this->query, $matches) && $this->pk_name)
|
||||
{
|
||||
if (!preg_match("/$this->pk_name/", $matches[1]))
|
||||
{
|
||||
$this->query .= " , ".$this->pk_name;
|
||||
$this->returning_id = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// for DEBUG, only on first time ;)
|
||||
@@ -731,7 +734,7 @@
|
||||
// if not select do here
|
||||
// count affected rows
|
||||
$this->num_rows = $this->db_functions->_db_affected_rows($this->cursor);
|
||||
if ($this->_check_query_for_insert($this->query, true))
|
||||
if ($this->_check_query_for_insert($this->query, true) && $this->pk_name != 'NULL')
|
||||
{
|
||||
// set insert_id
|
||||
if (!$this->returning_id)
|
||||
@@ -1047,6 +1050,7 @@
|
||||
// (if this was not set, method will quit with a 0 (failure)
|
||||
// pk_name -> optional primary key name, for insert id return if the pk name is very different
|
||||
// if pk name is table name and _id, pk_name is not needed to be set
|
||||
// if NULL is given here, no RETURNING will be auto added
|
||||
// RETURN cursor for this query
|
||||
// DESC executes the query and returns & sets the internal cursor
|
||||
// fruthermore this functions also sets varios other vars
|
||||
|
||||
@@ -25,7 +25,8 @@
|
||||
* "fk" => 1/0 - sets the foreign key (do not use at the moment ... buggy ;)
|
||||
* "mandatory" => 1/0 - triggers * in output, but nor error check
|
||||
* "output_name" => "text" - text put as label for the element
|
||||
* "type" => "text/textarea/date/drop_down_db/drop_down_array/drop_down_db_input/drop_down_db_same_db/radio_array/binary/hidden/file/password"
|
||||
* "type" => "view/text/textarea/date/drop_down_db/drop_down_array/drop_down_db_input/drop_down_db_same_db/radio_array/binary/hidden/file/password"
|
||||
* View is special, it just prints out the data as is, will not be saved
|
||||
* 1) more will come
|
||||
* 2) keep in mind that binary will not be checked, as it is always set to a value (default is "no")
|
||||
* ---- the next four fields are only NECESSARY (!!!) for drop_down_db_input
|
||||
@@ -44,6 +45,7 @@
|
||||
* "error_check" => "custom/email/date/number/unique" - 1) more will come
|
||||
* "error_regex" => "regex" - if error_check is custom regex here
|
||||
* "error_example" => "text" - example input text for error_check (only custom right now)
|
||||
* "empty" => "value/text" - ONLY for view. If no data found, set this value
|
||||
* --- file:
|
||||
* "save_dir" => "directory where it should be saved to
|
||||
* "accept_type" => "mime types accepted (mime/text,mime/jpeg ... etc)"
|
||||
@@ -689,6 +691,11 @@
|
||||
$output_name .= ' *';
|
||||
// create right side depending on "definiton" in table_array
|
||||
$type = $this->table_array[$element_name]["type"];
|
||||
// view only output
|
||||
if ($this->table_array[$element_name]["type"] == "view")
|
||||
{
|
||||
$data['value'] = !$this->table_array[$element_name]["value"] ? $this->table_array[$element_name]['empty'] : $this->table_array[$element_name]["value"];
|
||||
}
|
||||
// binary true/false element
|
||||
if ($this->table_array[$element_name]["type"] == "binary")
|
||||
{
|
||||
|
||||
@@ -68,7 +68,6 @@
|
||||
public $login; // pressed login
|
||||
private $username; // login name
|
||||
private $password; // login password
|
||||
private $current_page_name; // the page from which this login is called
|
||||
private $logout; // logout button
|
||||
private $login_error; // login error code, can be matched to the array login_error_msg, which holds the string
|
||||
private $password_change = false; // if this is set to true, the user can change passwords
|
||||
@@ -154,14 +153,15 @@
|
||||
$this->pw_new_password_confirm = $_POST['pw_new_password_confirm'];
|
||||
// logout target (from config)
|
||||
$this->logout_target = LOGOUT_TARGET;
|
||||
// get the page name
|
||||
// page_name aus PHP_SELF strippen
|
||||
$this->current_page_name = $this->get_page_name();
|
||||
// disallow user list for password change
|
||||
$this->pw_change_deny_users = array ('admin');
|
||||
// set flag if password change is okay
|
||||
if (defined('PASSWORD_CHANGE'))
|
||||
$this->password_change = PASSWORD_CHANGE;
|
||||
// max login counts before error reporting
|
||||
$this->max_login_error_count = 10;
|
||||
// users that never get locked, even if they are set strict
|
||||
$this->lock_deny_users = array ('admin');
|
||||
|
||||
// internal
|
||||
$this->class_info["login"] = array(
|
||||
@@ -243,7 +243,7 @@
|
||||
else
|
||||
{
|
||||
// we have to get the themes in here too
|
||||
$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, ";
|
||||
$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date, eu.strict, eu.locked, ";
|
||||
$q .= "debug, db_debug, ";
|
||||
$q .= "eareu.level AS user_level, eareu.type AS user_type, ";
|
||||
$q .= "eareg.level AS group_level, eareg.type AS group_type, ";
|
||||
@@ -273,7 +273,25 @@
|
||||
// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
|
||||
// if no $ => normal password
|
||||
// NOW, if we have a password encoded, but not the correct encoder available, throw special error
|
||||
if ((preg_match("/^\\$2(a|y)\\$/", $res['password']) && CRYPT_BLOWFISH != 1) || (preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) || (preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1))
|
||||
|
||||
// check flow
|
||||
// - user is enabled
|
||||
// - user is not locked
|
||||
// - password is readable
|
||||
// - encrypted password matches
|
||||
// - plain password matches
|
||||
|
||||
// user is enabled
|
||||
if (!$res["enabled"])
|
||||
{
|
||||
$this->login_error = 104;
|
||||
}
|
||||
// user is locked, either set or auto set
|
||||
elseif ($res['locked'])
|
||||
{
|
||||
$this->login_error = 105;
|
||||
}
|
||||
elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) && CRYPT_BLOWFISH != 1) || (preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) || (preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1))
|
||||
{
|
||||
$this->login_error = 9999; // this means password cannot be decrypted because of missing crypt methods
|
||||
}
|
||||
@@ -287,11 +305,6 @@
|
||||
{
|
||||
$this->login_error = 1012;
|
||||
}
|
||||
// user is enabled
|
||||
elseif (!$res["enabled"])
|
||||
{
|
||||
$this->login_error = 104;
|
||||
}
|
||||
// nromal user processing
|
||||
else
|
||||
{
|
||||
@@ -316,6 +329,12 @@
|
||||
$_SESSION["LANG"] = $res["lang_short"];
|
||||
$_SESSION["DEFAULT_CHARSET"] = $res["lang_iso"];
|
||||
$_SESSION["DEFAULT_LANG"] = $res["lang_short"].'_'.strtolower(str_replace('-', '', $res["lang_iso"]));
|
||||
// reset any login error count for this user
|
||||
if ($res['login_error_count'] > 0)
|
||||
{
|
||||
$q = "UPDATE edit_user SET login_error_count = 0, login_error_date = NULL WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
$this->db_exec($q);
|
||||
}
|
||||
$pages = array();
|
||||
$edit_page_ids = array();
|
||||
// set pages access
|
||||
@@ -407,9 +426,24 @@
|
||||
$_SESSION["UNIT"] = $unit_access;
|
||||
$_SESSION["UNIT_ACL_LEVEL"] = $unit_acl;
|
||||
$_SESSION['EAID'] = $eauid;
|
||||
// load edit access list for this user
|
||||
} // user has permission to THIS page
|
||||
} // user was not enabled
|
||||
if ($this->login_error)
|
||||
{
|
||||
// update login error count for this user
|
||||
$q = "UPDATE edit_user SET login_error_count = login_error_count + 1, login_error_date = NOW WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
$this->db_exec($q);
|
||||
if ($res['login_error_count'] + 1 > $this->max_login_error_count)
|
||||
{
|
||||
// do some alert reporting in case this error is too big
|
||||
// if strict is set, lock this user
|
||||
// this needs manual unlocking by an admin user
|
||||
if ($res['strict'] && !in_array($this->username, $this->lock_deny_users))
|
||||
{
|
||||
$q = "UPDATE edit_user SET locked = 1 WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
}
|
||||
}
|
||||
}
|
||||
} // user was not found
|
||||
} // if not username AND password where given
|
||||
// if there was an login error, show login screen
|
||||
@@ -425,19 +459,19 @@
|
||||
// PARAMS: none
|
||||
// RETUNR none
|
||||
// DESC : for every page the user access this script checks if he is allowed to do so
|
||||
private function login_check_permissions()
|
||||
public function login_check_permissions()
|
||||
{
|
||||
if ($this->euid && $this->login_error != 103)
|
||||
{
|
||||
$q = "SELECT filename ";
|
||||
$q .= "FROM edit_page ep, edit_page_access epa, edit_group eg, edit_user eu ";
|
||||
$q .= "WHERE ep.edit_page_id = epa.edit_page_id AND eg.edit_group_id = epa.edit_group_id AND eg.edit_group_id = eu.edit_group_id ";
|
||||
$q .= "AND eu.edit_user_id = ".$this->euid." AND filename = '".$this->current_page_name."' AND eg.enabled = 1 AND epa.enabled = 1";
|
||||
$q .= "AND eu.edit_user_id = ".$this->euid." AND filename = '".$this->page_name."' AND eg.enabled = 1 AND epa.enabled = 1";
|
||||
$res = $this->db_return_row($q);
|
||||
// unset mem limit if debug is set to 1
|
||||
// if (($GLOBALS["DEBUG_ALL"] || $GLOBALS["DB_DEBUG"] || $_SESSION["DEBUG_ALL"] || $_SESSION["DB_DEBUG"]) && ini_get('memory_limit') != -1)
|
||||
// ini_set('memory_limit', -1);
|
||||
if ($res["filename"] == $this->current_page_name)
|
||||
if ($res["filename"] == $this->page_name)
|
||||
{
|
||||
$this->permission_okay = 1;
|
||||
}
|
||||
@@ -447,13 +481,15 @@
|
||||
$this->permission_okay = 0;
|
||||
}
|
||||
}
|
||||
// if called from public, so we can check if the permissions are ok
|
||||
return $this->permission_okay;
|
||||
}
|
||||
|
||||
// METHOD: login_logout_user
|
||||
// PARAMS: none
|
||||
// RETURN: none
|
||||
// DESC : if a user pressed on logout, destroyes session and unsets all global vars
|
||||
private function login_logout_user()
|
||||
public function login_logout_user()
|
||||
{
|
||||
if ($this->logout || $this->login_error)
|
||||
{
|
||||
@@ -495,7 +531,7 @@
|
||||
// * if an account ACL is set, set this parallel, account ACL overrides user ACL if it applies
|
||||
// * if edit access ACL level is set, use this, else use page
|
||||
// set all base ACL levels as a list keyword -> ACL number
|
||||
private function login_set_acl()
|
||||
public function login_set_acl()
|
||||
{
|
||||
// set the mastser user id
|
||||
$this->acl['info']['euid'] = $_SESSION['EUID'];
|
||||
@@ -787,6 +823,7 @@
|
||||
"102" => $this->l->__("Fatal Error: <b>Login Failed - Please enter username and password</b>"),
|
||||
"103" => $this->l->__("Fatal Error: <b>You do not have the rights to access this Page</b>"),
|
||||
"104" => $this->l->__("Fatal Error: <b>Login Failed - User not enabled</b>"),
|
||||
"105" => $this->l->__("Fatal Error: <b>Login Failed - User is locked</b>"),
|
||||
"220" => $this->l->__("Fatal Error: <b>Password change - The user could not be found</b>"), // actually this is an illegal user, but I mask it
|
||||
'200' => $this->l->__("Fatal Error: <b>Password change - Please enter username and old password</b>"),
|
||||
"201" => $this->l->__("Fatal Error: <b>Password change - The user could not be found</b>"),
|
||||
@@ -943,7 +980,7 @@ EOM;
|
||||
$q .= "(username, password, euid, event_date, event, error, data, data_binary, page, ";
|
||||
$q .= "ip, user_agent, referer, script_name, query_string, server_name, http_host, http_accept, http_accept_charset, http_accept_encoding, session_id, ";
|
||||
$q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) ";
|
||||
$q .= "VALUES ('".$this->db_escape_string($username)."', '".$this->db_escape_string($password)."', ".(($this->euid) ? $this->euid : 'NULL').", NOW(), '".$this->db_escape_string($event)."', '".$this->db_escape_string($error)."', '".$this->db_escape_string($data)."', '".$data_binary."', '".$this->current_page_name."', ";
|
||||
$q .= "VALUES ('".$this->db_escape_string($username)."', '".$this->db_escape_string($password)."', ".(($this->euid) ? $this->euid : 'NULL').", NOW(), '".$this->db_escape_string($event)."', '".$this->db_escape_string($error)."', '".$this->db_escape_string($data)."', '".$data_binary."', '".$this->page_name."', ";
|
||||
foreach (array('REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING') as $server_code)
|
||||
{
|
||||
if (array_key_exists($server_code, $_SERVER))
|
||||
|
||||
Reference in New Issue
Block a user