3 function passwd($login,$pass)
5 return md5(md5($pass).$login);
8 function format_ajax($data)
10 header('Content-type: application/json; charset=UTF-8');
11 echo json_encode($data);
15 function check_permissions($name)
17 $sql = sprintf("SELECT count(*) AS count FROM sys_mask "
18 . "JOIN sys_menu ON sys_mask.menu = sys_menu.id "
19 . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
20 . "WHERE sys_group_mask.gid = %d AND fname = '%s'",
21 $_SESSION['sys']['group'], pg_escape_string($name));
23 $sth = pg_query($sql);
25 if ($sth === false) return false;
27 $row = pg_fetch_assoc($sth);
28 if ($row === false) return false;
30 if ($row['count'] == 0)
36 function check_session()
38 if (!empty($_SESSION['sys']['login']) && !empty($_GET['logout'])) {
40 header('Location: ./?login=true');
44 if (substr($_SERVER["SCRIPT_FILENAME"],-10) == '/index.php' &&
45 !empty($_POST['login']) && !empty($_POST['passwd'])) {
46 require_once('lib/login.php');
48 header('Location: ./');
53 if (empty($_SESSION['sys']['login']) && empty($_GET['login'])) {
54 header('Location: ./?login=true');
59 if (!empty($_GET['mask'])) {
60 if (check_permissions($_GET['mask']))
63 header('Location: ./');
69 if (substr($_SERVER["SCRIPT_FILENAME"],-17) == '/ricoXMLquery.php' &&
70 !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') {
71 if (check_permissions(substr($_GET['id'],5)))
74 format_ajax(array('error' => 'No permission to access data'));
77 /* table connections */
78 if (substr($_SERVER["SCRIPT_FILENAME"],-25) == '/ricoUpdateConnection.php' &&
79 !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') {
80 if (check_permissions(substr($_GET['id'],5)))
83 format_ajax(array('error' => 'No permission to access data'));
87 if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
88 !empty($_POST['source'])) {
89 if (check_permissions($_POST['source']))
92 format_ajax(array('error' => 'No permission to access data'));
98 function sanitise_filename($file)
100 return str_replace('./','x',$file);
103 function load_mask($name)
108 $name = sanitise_filename($name);
109 $file = $_SESSION['sys']['basedir'] . 'masks/' . $name . '.php';
111 if (!file_exists($file))
119 function connect_db()
121 $dsn = sprintf('host=%s dbname=%s user=%s password=%s',DBHOST,DBNAME,DBUSER,DBPASS);
125 function query_db($sql)
127 $sth = pg_query($sql);
129 if ($sth === false) return false;
132 while ($row = pg_fetch_assoc($sth))
138 function load_js($jsfiles, $jscode)
141 foreach ($jsfiles as $file)
142 $ret .= sprintf('<script type="text/javascript" src="%s"></script>'."\n", $file);
145 $ret .= sprintf('<script type="text/javascript">'."\n%s\n</script>\n", implode("\n",$jscode));
152 if (!empty($_GET['login'])) {
153 require_once('lib/login.php');
157 if (!empty($_GET['mask'])) {
158 require_once('lib/mask.php');
159 return mask($_GET['mask']);
162 $ret = '<div style="height: 600px; font-size: large; font-weight: bold;">Willkommen in der Kostenrechnung der Friesoyther Wasseracht!</div>';
167 function debug_log($text)
171 $debug_info .= '<br>' . $text;
174 function debug_info()
179 if (DEBUG !== true) return '';
181 $jsfiles[] = 'lib/debug_joey.js';
183 $html = '<div style="background: #DDD; margin: 5px; padding-left: 4px; border: 1px solid #AAA;clear:both;">';
184 $html .= "\n<pre>\n\$_SESSION = " . var_export($_SESSION,true) . "\n";
185 $html .= "\n\$_COOKIE = " . var_export($_COOKIE,true) . "\n</pre>\n";
186 $html .= $debug_info;
191 function grid_sql_join($mask)
194 if (array_key_exists('join', $mask)) {
195 foreach ($mask['join'] as $line) {
196 if (strtolower(substr($line,0,4)) == 'left')
197 $ret .= ' LEFT JOIN ' . substr($line,5);
199 $ret .= ' JOIN ' . $line;
205 function grid_sql($name, $mask)
208 foreach ($mask['list'] as $field => $data) {
209 if (array_key_exists('sql', $data))
210 $fields[] = $data['sql'] . ' AS ' . $field;
215 $_SESSION['grid_' . $name] = sprintf("SELECT %s FROM %s",
216 implode(',', $fields), $mask['table']);
217 if (array_key_exists('join', $mask)) $_SESSION['grid_' . $name] .= grid_sql_join($mask);
218 if (array_key_exists('where', $mask)) $_SESSION['grid_' . $name] .= ' WHERE ' . $mask['where'];