3 require_once('db.php');
5 function passwd($login,$pass)
7 return md5(md5($pass).$login);
10 function format_ajax($data)
12 header('Content-type: application/json; charset=UTF-8');
13 echo json_encode($data);
17 function format_xml($errmsg)
19 header("Cache-Control: no-cache");
20 header("Pragma: no-cache");
21 header("Expires: ".gmdate("D, d M Y H:i:s",time()+(-1*60))." GMT");
22 header("Content-type: text/xml");
24 echo "<?xml version='1.0' encoding='UTF-8'?".">\n";
25 echo "\n<ajax-response><response type='object'>";
27 echo "\n".htmlspecialchars($errmsg);
29 echo "\n</response></ajax-response>";
33 function check_permissions($name)
37 $parts = explode('__', $name);
38 $form = $parts[0] . '|' . $parts[1];
40 $sql = sprintf("SELECT count(*) AS count FROM sys_mask "
41 . "JOIN sys_menu ON sys_mask.menu = sys_menu.id "
42 . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
43 . "WHERE sys_group_mask.gid = %d AND fname = %s",
44 $_SESSION['sys']['group'], $db->quote($form));
46 $sth = $db->query($sql);
49 error_log('Unauthorised access to ' . $form);
55 error_log('Unauthorised access to ' . $form);
59 if ($row['count'] == 0) {
60 error_log('Unauthorised access to ' . $form);
67 function check_session()
70 if (substr($_SERVER["SCRIPT_FILENAME"],-17) == '/ricoXMLquery.php' &&
71 !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') {
72 if (check_permissions(substr($_GET['id'],5)))
75 if (empty($_SESSION['sys']['login']))
76 format_xml("No permission to access data.\nNo active session found.\nYou may need to re-login.");
78 format_xml('No permission to access data');
82 /* table connections */
83 if (substr($_SERVER["SCRIPT_FILENAME"],-25) == '/ricoUpdateConnection.php' &&
84 !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') {
85 if (check_permissions(substr($_GET['id'],5)))
88 format_ajax(array('error' => 'No permission to access data'));
92 if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
93 !empty($_POST['source'])) {
94 if (check_permissions($_POST['source']))
97 if (empty($_SESSION['sys']['login']))
98 format_ajax(array('error' => "No permission to access data.\nNo active session found.\nYou need to re-login.",
101 format_ajax(array('error' => 'No permission to access data'));
105 if (!empty($_SESSION['sys']['login']) && !empty($_GET['logout'])) {
107 header('Location: ./?login=true');
111 if (substr($_SERVER["SCRIPT_FILENAME"],-10) == '/index.php' &&
112 !empty($_POST['login']) && !empty($_POST['passwd'])) {
113 require_once('lib/login.php');
114 if (check_passwd()) {
115 header('Location: ./');
120 if (empty($_SESSION['sys']['login']) && empty($_GET['login'])) {
121 header('Location: ./?login=true');
126 if (!empty($_GET['mask'])) {
127 if (check_permissions($_GET['mask']))
130 header('Location: ./');
138 function sanitise_filename($file)
140 return str_replace('./','x',$file);
143 function load_mask($name)
149 $name = sanitise_filename($name);
150 list($module,$fname) = explode('__', $name);
151 $_SESSION['module'] = $module;
153 $file = $_SESSION['sys']['basedir'] . 'masks/' . $module . '/' . $fname . '.php';
155 if (!file_exists($file))
163 function load_js($jsfiles, $jscode)
166 foreach ($jsfiles as $file)
167 $ret .= sprintf('<script type="text/javascript" src="%s"></script>'."\n", $file);
170 $ret .= sprintf('<script type="text/javascript">'."\n%s\n</script>\n", implode("\n",$jscode));
175 function load_style($style)
179 $ret .= sprintf('<style type="text/css">'."\n%s\n</style>\n", implode("\n",$style));
186 if (!empty($_GET['login'])) {
187 require_once('lib/login.php');
191 if (!empty($_GET['mask'])) {
192 require_once('lib/mask.php');
193 return mask($_GET['mask']);
197 $fname = $_SESSION['sys']['basedir'] . 'data/misc/start.html';
198 if (file_exists($fname))
199 return file_get_contents($fname);
204 function debug_log($text)
208 $debug_info .= '<br>' . $text;
211 function debug_info()
216 if (DEBUG !== true) return '';
218 $jsfiles[] = 'lib/debug_joey.js';
220 $html = '<div style="background: #DDD; margin: 5px; padding-left: 4px; border: 1px solid #AAA;clear:both;">';
221 $html .= "\n<pre>\n\$_SESSION = " . var_export($_SESSION,true) . "\n";
222 $html .= "\n\$_COOKIE = " . var_export($_COOKIE,true) . "\n</pre>\n";
223 $html .= $debug_info;
228 function grid_sql_join($mask)
231 if (array_key_exists('join', $mask)) {
232 foreach ($mask['join'] as $line) {
233 if (strtolower(substr($line,0,4)) == 'left')
234 $ret .= ' LEFT JOIN ' . substr($line,5);
236 $ret .= ' JOIN ' . $line;
242 function grid_lookup_sql($table,$id,$text)
246 if (empty($_GET['mask'])) return;
248 $sql = "SELECT $id,$text FROM $table ORDER BY $text";
249 $sth = $db->query($sql);
252 while ($row = $sth->fetch())
253 $result[] = sprintf("%d: '%s'", $row[$id], $row[$text]);
255 return '{' . implode(', ', $result) . '}';
258 function grid_sql($name, $mask)
262 foreach ($mask['list'] as $field => $data) {
263 if (array_key_exists('sql', $data))
264 $fields[] = $data['sql'] . ' AS ' . $field;
267 if (array_key_exists('distinct', $data))
268 $_SESSION['grid_' . $name.'_distinct_'.$i] = $data['distinct'];
272 $_SESSION['grid_' . $name] = sprintf("SELECT %s FROM %s",
273 implode(',', $fields), $mask['table']);
274 if (array_key_exists('join', $mask)) $_SESSION['grid_' . $name] .= grid_sql_join($mask);
275 if (array_key_exists('where', $mask)) $_SESSION['grid_' . $name] .= ' WHERE ' . $mask['where'];