X-Git-Url: https://git.infodrom.org/?p=misc%2Fkostenrechnung;a=blobdiff_plain;f=lib%2Fgeneral.php;h=837a4b8a807222931fa55f7821d19d3a603d3990;hp=6216e34231baa9c3316c008c9f24c25d762bb26d;hb=deaf08b6e3fc5c35d139b83db7f4951f4685eb30;hpb=a8acfd92241470b30b5d73187ca42bf9e7ae586e
diff --git a/lib/general.php b/lib/general.php
index 6216e34..837a4b8 100644
--- a/lib/general.php
+++ b/lib/general.php
@@ -5,9 +5,44 @@ function passwd($login,$pass)
return md5(md5($pass).$login);
}
+function format_ajax($data)
+{
+ header('Content-type: application/json; charset=UTF-8');
+ echo json_encode($data);
+ exit;
+}
+
+function check_permissions($name)
+{
+ $sql = sprintf("SELECT count(*) AS count FROM sys_mask "
+ . "JOIN sys_menu ON sys_mask.menu = sys_menu.id "
+ . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
+ . "WHERE sys_group_mask.gid = %d AND fname = '%s'",
+ $_SESSION['sys']['group'], pg_escape_string($name));
+
+ $sth = pg_query($sql);
+
+ if ($sth === false) return false;
+
+ $row = pg_fetch_assoc($sth);
+ if ($row === false) return false;
+
+ if ($row['count'] == 0)
+ return false;
+
+ return true;
+}
+
function check_session()
{
- if (!empty($_POST['login']) && !empty($_POST['passwd'])) {
+ if (!empty($_SESSION['sys']['login']) && !empty($_GET['logout'])) {
+ session_destroy();
+ header('Location: ./?login=true');
+ exit();
+ }
+
+ if (substr($_SERVER["SCRIPT_FILENAME"],-10) == '/index.php' &&
+ !empty($_POST['login']) && !empty($_POST['passwd'])) {
require_once('lib/login.php');
if (check_passwd()) {
header('Location: ./');
@@ -19,6 +54,44 @@ function check_session()
header('Location: ./?login=true');
exit();
}
+
+ /* regular mask */
+ if (!empty($_GET['mask'])) {
+ if (check_permissions($_GET['mask']))
+ return true;
+ else {
+ header('Location: ./');
+ exit();
+ }
+ }
+
+ /* table data */
+ if (substr($_SERVER["SCRIPT_FILENAME"],-17) == '/ricoXMLquery.php' &&
+ !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') {
+ if (check_permissions(substr($_GET['id'],5)))
+ return true;
+ else
+ format_ajax(array('error' => 'No permission to access data'));
+ }
+
+ /* table connections */
+ if (substr($_SERVER["SCRIPT_FILENAME"],-25) == '/ricoUpdateConnection.php' &&
+ !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') {
+ if (check_permissions(substr($_GET['id'],5)))
+ return true;
+ else
+ format_ajax(array('error' => 'No permission to access data'));
+ }
+
+ /* ajax calls */
+ if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
+ !empty($_POST['source'])) {
+ if (check_permissions($_POST['source']))
+ return true;
+ else
+ format_ajax(array('error' => 'No permission to access data'));
+ }
+
}
function sanitise_filename($file)
@@ -29,6 +102,7 @@ function sanitise_filename($file)
function load_mask($name)
{
global $mask;
+ global $jscode;
$name = sanitise_filename($name);
$file = $_SESSION['sys']['basedir'] . 'masks/' . $name . '.php';
@@ -84,12 +158,7 @@ function process()
return mask($_GET['mask']);
}
- $masks = array('sys_user','sys_group','sys_mask',
- 'anbaugeraete','arbeitsarten','personal','materialien','gebiet','geraete',
- 'kostenstellen','materialverbrauch','einsatz');
- $ret = '';
- foreach ($masks as $m)
- $ret .= sprintf('%s
', $m, $m);
+ $ret = 'Willkommen in der Kostenrechnung der Friesoyther Wasseracht!
';
return $ret;
}
@@ -118,4 +187,20 @@ function debug_info()
return $html;
}
+function grid_sql($name, $mask)
+{
+ $fields = array();
+ foreach ($mask['list'] as $field => $data) {
+ if (array_key_exists('sql', $data))
+ $fields[] = $data['sql'] . ' AS ' . $field;
+ else
+ $fields[] = $field;
+ }
+
+ $_SESSION['grid_' . $name] = sprintf("SELECT %s FROM %s",
+ implode(',', $fields), $mask['table']);
+ if (array_key_exists('join', $mask)) $_SESSION['grid_' . $name] .= ' JOIN ' . join(' JOIN ', $mask['join']);
+ if (array_key_exists('where', $mask)) $_SESSION['grid_' . $name] .= ' WHERE ' . $mask['where'];
+}
+
?>