X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=8d59df8a9fb59edf9b3d77c04c8ecb59e49079b2;hb=789cf95597c589b22a0ee01b771b8986e2b0b451;hp=50b4e88d02489c41851c72c2c4c821c64336099c;hpb=b94eb8bef8cb5494be1b6daef77718dc0eb91f8b;p=mailer.git diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 50b4e88d02..8d59df8a9f 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -16,7 +16,7 @@ * $Author:: $ * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009 - 2011 by Mailer Developer Team * + * Copyright (c) 2009 - 2012 by Mailer Developer Team * * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -42,16 +42,19 @@ if (!defined('__SECURITY')) { // "Getter" for module description // @TODO Can we cache this? -function getTitleFromMenu ($mode, $what, $column = 'what', $ADD='') { +function getTitleFromMenu ($mode, $what, $column = 'what', $ADD = '') { + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'mode=' . $mode . ',what=' . $what . ',column=' . $column . ',add=' . $ADD); + // Fix empty 'what' if (empty($what)) { $what = getIndexHome(); } elseif ((isGetRequestElementSet('action')) && ($column == 'what')) { // Get it from action return getTitleFromMenu($mode, getAction(), 'action', $ADD); - } elseif ($what == 'overview') { + } elseif ($what == 'welcome') { // Overview page - return '{--WHAT_IS_OVERVIEW--}'; + return '{--WHAT_IS_WELCOME--}'; } // Default is not found @@ -79,12 +82,12 @@ function getTitleFromMenu ($mode, $what, $column = 'what', $ADD='') { } // Add link into output stream (or return it) for 'You Are Here' navigation -function addYouAreHereLink ($accessLevel, $FQFN, $return = false) { +function addYouAreHereLink ($accessLevel, $FQFN, $return = FALSE) { // Use only filename of the FQFN... $file = basename($FQFN); // Init variables - $LINK_ADD = ''; + $linkAdd = ''; $OUT = ''; $ADD = ''; $prefix = ''; @@ -108,7 +111,7 @@ function addYouAreHereLink ($accessLevel, $FQFN, $return = false) { // Get access level from it $modCheck = getModuleFromFileName($file, $accessLevel); - // Do we have admin? Then display all + // Is there admin? Then display all $ADD = " AND `visible`='Y' AND `locked`='N'"; if (isAdmin()) { // Display all! @@ -122,13 +125,11 @@ function addYouAreHereLink ($accessLevel, $FQFN, $return = false) { $type = 'what'; $search = $file; $modCheck = getModule(); - $ADD = ''; } else { // Other $type = 'menu'; $search = $file; $modCheck = getModule(); - $ADD = ''; } // Begin the navigation line @@ -137,18 +138,19 @@ function addYouAreHereLink ($accessLevel, $FQFN, $return = false) { $GLOBALS['nav_depth'] = '0'; // Run the pre-filter chain - $ret = runFilterChain('pre_youhere_line', array('access_level' => $accessLevel, 'type' => $type, 'search' => $search, 'prefix' => $prefix, 'link_add' => $LINK_ADD, 'content' => '', 'add' => $ADD)); + $ret = runFilterChain('pre_youhere_line', array('access_level' => $accessLevel, 'type' => $type, 'search' => $search, 'prefix' => $prefix, 'link_add' => $linkAdd, 'content' => '', 'add' => $ADD)); // Add pre-content $prefix = $ret['content']; // Add default content - $prefix .= '
'.print_r($args, TRUE).''); + // @TODO If we can rewrite the EL sub-system to support more than one parameter, this call_user_func_array() can be avoided + $content[$columnName] = call_user_func_array($callbackName, $args); + } // END - foreach + + // Load row template + $OUT .= loadTemplate(trim($rowTemplate[0]), TRUE, $content); + } // END - while + + // Load main template + loadTemplate(trim($tableTemplate[0]), FALSE, $OUT); + } else { + // No URLs in surfbar + displayMessage('{--' .$noEntryMessageId[0] . '--}'); + } + + // Free result + SQL_FREERESULT($result); +} + +// Adds a given entry to the database +function doGenericAddEntries ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $timeColumns = array(), $columnIndex = NULL) { + //* DEBUG: */ die(__FUNCTION__.':columns=
'.print_r($columns,TRUE).',filterFunctions=
'.print_r($filterFunctions,TRUE).',extraValues=
'.print_r($extraValues,TRUE).',timeColumns=
'.print_r($timeColumns,TRUE).',columnIndex=
'.print_r($columnIndex,TRUE).',POST=
'.print_r($_POST,TRUE).''); + // Verify that tableName and columns are not empty + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + reportBug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array: userIdColumn=' . $userIdColumn); + } elseif (count($columns) == 0) { + // No columns specified + reportBug(__FUNCTION__, __LINE__, 'columns is not given. Please fix your XML.'); + } + + // Init columns and value elements + $sqlColumns = array(); + $sqlValues = array(); + + // Default is that all went fine + $GLOBALS['__XML_PARSE_RESULT'] = TRUE; + + // Is there "time columns"? + if (count($timeColumns) > 0) { + // Then "walk" through all entries + foreach ($timeColumns as $column) { + // Convert all (possible) selections + convertSelectionsToEpocheTimeInPostData($column . '_ye'); + } // END - foreach + } // END - if + + // Add columns and values + foreach ($columns as $key => $columnName) { + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',columnName=' . $columnName); + // Is columnIndex set? + if (!is_null($columnIndex)) { + // Check conditions + //* DEBUG: */ die('columnIndex=
'.print_r($columnIndex,TRUE).''.debug_get_printable_backtrace()); + assert((is_array($columnName)) && (is_string($columnIndex)) && (isset($columnName[$columnIndex]))); + + // Then use that index "blindly" + $columnName = $columnName[$columnIndex]; + } // END - if + + // Debug message + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',columnName[' . gettype($columnName) . ']=' . $columnName . ',filterFunctions=' . $filterFunctions[$key] . ',extraValues=' . intval(isset($extraValues[$key])) . ',extraValuesName=' . intval(isset($extraValues[$columnName . '_list']))); + + // Copy entry securely to the final arrays + $sqlColumns[$key] = SQL_ESCAPE($columnName); + $sqlValues[$key] = SQL_ESCAPE(postRequestElement($columnName)); + + // Try to handle call-back functions and/or extra values on the list + $sqlValues[$key] = doHandleExtraValues($filterFunctions, $extraValues, $key . '_list', $sqlValues[$key], $userIdColumn, key(search_array($columns, 'column', $key))); + + // Is the value not a number? + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlValues[' . $key . '][' . gettype($sqlValues[$key]) . ']=' . $sqlValues[$key]); + if (($sqlValues[$key] != 'NULL') && (is_string($sqlValues[$key]))) { + // Add quotes around it + $sqlValues[$key] = chr(39) . $sqlValues[$key] . chr(39); + } // END - if + + // Is the value false? + if ($sqlValues[$key] === FALSE) { + // One "parser" didn't like it + $GLOBALS['__XML_PARSE_RESULT'] = FALSE; + break; + } // END - if + } // END - foreach + + // If all values are okay, continue + if ($sqlValues[$key] !== FALSE) { + // Build the SQL query + $sql = 'INSERT INTO `{?_MYSQL_PREFIX?}_' . $tableName[0] . '` (`' . implode('`, `', $sqlColumns) . "`) VALUES (" . implode(',', $sqlValues) . ')'; + + // Run the SQL query + SQL_QUERY($sql, __FUNCTION__, __LINE__); + + // Add id number + setPostRequestElement('id', SQL_INSERTID()); + + // Prepare filter data array + $filterData = array( + 'mode' => 'add', + 'table_name' => $tableName, + 'content' => postRequestArray(), + 'id' => SQL_INSERTID(), + 'subject' => '', + // @TODO Used generic 'userid' here + 'userid_column' => array('userid'), + 'raw_userid' => array('userid'), + 'affected' => SQL_AFFECTEDROWS(), + 'sql' => $sql, + ); + + // Send "build mail" out + runFilterChain('send_build_mail', $filterData); + } // END - if +} + +// Edit rows by given id numbers +function doGenericEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $timeColumns = array(), $editNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array(), $subject = '') { + // Is there "time columns"? + if (count($timeColumns) > 0) { + // Then "walk" through all entries + foreach ($timeColumns as $column) { + // Convert all (possible) selections + convertSelectionsToEpocheTimeInPostData($column . '_ye'); + } // END - foreach + } // END - if + + // Change them all + $affected = '0'; + foreach (postRequestElement($idColumn[0]) as $id => $sel) { + // Secure id number + $id = bigintval($id); + + // Prepare content array (new values) + $content = array(); + + // Prepare SQL for this row + $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", + SQL_ESCAPE($tableName[0]) + ); + + // "Walk" through all entries + foreach (postRequestArray() as $key => $entries) { + // Skip raw userid which is always invalid + if (($key == $rawUserId[0]) || ($key == 'do_edit')) { + // Continue with next field + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',idColumn[0]=' . $idColumn[0] . ',rawUserId=' . $rawUserId[0]); + continue; + } // END - if + + // Debug message + /* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',id=' . $id . ',idColumn[0]=' . $idColumn[0] . ',entries=
'.print_r($entries,TRUE).''); + + // Is entries an array? + if (($key != $idColumn[0]) && (is_array($entries)) && (isset($entries[$id]))) { + // Search for the right array index + $search = key(search_array($columns, 'column', $key)); + + // Add this entry to content + $content[$key] = $entries[$id]; + + // Debug message + //* BUG: */ die($key.'/'.$id.'/'.$search.'=
'.print_r($columns,TRUE).'
'.print_r($filterFunctions,TRUE).''); + + // Handle possible call-back functions and/or extra values + $entries[$id] = doHandleExtraValues($filterFunctions, $extraValues, $key, $entries[$id], $userIdColumn, $search); + + // Add key/value pair to SQL string + $sql .= addKeyValueSql($key, $entries[$id]); + } elseif (($key != $idColumn[0]) && (!is_array($entries))) { + // Search for it + $search = key(search_array($columns, 'column', $key)); + //* BUG: */ die($key.'/
'.print_r($search, TRUE).'=
'.print_r($columns, TRUE).''); + + // Debug message + /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',entries[' . gettype($entries) . ']=' . $entries . ',search=' . $search . ' - BEFORE!'); + + // Add normal entries as well + $content[$key] = $entries; + + // Handle possible call-back functions and/or extra values + $entries = doHandleExtraValues($filterFunctions, $extraValues, $key, $entries, $userIdColumn, $search); + + // Debug message + /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',entries[' . gettype($entries) . ']=' . $entries . ',search=' . $search . ' - AFTER!'); + + // Add key/value pair to SQL string + $sql .= addKeyValueSql($key, $entries); + } + } // END - foreach + + // Finish SQL command + $sql = substr($sql, 0, -1) . " WHERE `" . SQL_ESCAPE($idColumn[0]) . "`=" . bigintval($id); + if ((isset($rawUserId[0])) && (isPostRequestElementSet($rawUserId[0])) && (isset($userIdColumn[0]))) { + // Add user id as well + $sql .= ' AND `' . $userIdColumn[0] . '`=' . bigintval(postRequestElement($rawUserId[0])); + } // END - if + $sql .= " LIMIT 1"; + + // Run this query + //* BUG: */ die($sql.'
'.print_r(postRequestArray(), TRUE).''); + SQL_QUERY($sql, __FUNCTION__, __LINE__); + + // Add affected rows + $edited = SQL_AFFECTEDROWS(); + $affected += $edited; + + // Load all data from that id + $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); + + // Fetch the data and merge it into $content + $content = merge_array($content, SQL_FETCHARRAY($result)); + + // Prepare filter data array + $filterData = array( + 'mode' => 'edit', + 'table_name' => $tableName, + 'content' => $content, + 'id' => $id, + 'subject' => $subject, + 'userid_column' => $userIdColumn, + 'raw_userid' => $rawUserId, + 'affected' => $edited, + 'sql' => $sql, + ); + + // Send "build mail" out + runFilterChain('send_build_mail', $filterData); + + // Free the result + SQL_FREERESULT($result); + } // END - foreach + + // Delete cache? + if ((count($cacheFiles) > 0) && (!empty($cacheFiles[0]))) { + // Delete cache file(s) + foreach ($cacheFiles as $cache) { + // Skip any empty entries + if (empty($cache)) { + // This may cause trouble in loadCacheFile() + continue; + } // END - if + + // Is the cache file loadable? + if ($GLOBALS['cache_instance']->loadCacheFile($cache)) { + // Then remove it + $GLOBALS['cache_instance']->removeCacheFile(); + } // END - if + } // END - foreach + } // END - if + + // Return affected rows + return $affected; +} + +// Delete rows by given id numbers +function doGenericDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array()) { + // The base SQL command: + $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s` IN (%s)"; + + // Is a user id provided? + //* BUG: */ die('
'.print_r($rawUserId,TRUE).'
'.print_r($userIdColumn,TRUE).''); + if ((isset($rawUserId[0])) && (isPostRequestElementSet($rawUserId[0])) && (isset($userIdColumn[0]))) { + // Add user id as well + $sql .= ' AND `' . $userIdColumn[0] . '`=' . bigintval(postRequestElement($rawUserId[0])); + } // END - if + + // $idColumn[0] in POST must be an array again + if (!is_array(postRequestElement($idColumn[0]))) { + // This indicates that you have conflicting form field naming with XML names + reportBug(__FUNCTION__, __LINE__, 'You have a wrong form field element, idColumn[0]=' . $idColumn[0]); + } // END - if + + // Delete them all + //* BUG: */ die($sql.'
'.print_r($tableName,TRUE).'
'.print_r($columns,TRUE).'
'.print_r($filterFunctions,TRUE).'
'.print_r($extraValues,TRUE).'
'.print_r($deleteNow,TRUE).'
'.print_r($idColumn,TRUE).''); + $idList = ''; + foreach (postRequestElement($idColumn[0]) as $id => $sel) { + // Is id zero? + if ($id == '0') { + // Then skip this + continue; + } // END - if + + // Is there a userid? + if (isPostRequestElementSet($userIdColumn[0])) { + // Load all data from that id + $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); + + // Fetch the data + $content = SQL_FETCHARRAY($result); + + // Free the result + SQL_FREERESULT($result); + + // Send "build mails" out + sendGenericBuildMails('delete', $tableName, $content, $id, '', $userIdColumn); + } // END - if + + // Add id number + $idList .= $id . ','; + } // END - foreach + + // Run the query + SQL_QUERY_ESC($sql, + array( + $tableName[0], + $idColumn[0], + convertNullToZero(substr($idList, 0, -1)) + ), __FUNCTION__, __LINE__); + + // Return affected rows + return SQL_AFFECTEDROWS(); +} + +// Build a special template list +function doGenericListBuilder ($prefix, $listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId = array('userid')) { + // $tableName and $idColumn must bove be arrays! + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // $tableName is no array + reportBug(__FUNCTION__, __LINE__, 'tableName[]=' . gettype($tableName) . '!=array: userIdColumn=' . $userIdColumn); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + reportBug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array: userIdColumn=' . $userIdColumn); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + reportBug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array: userIdColumn=' . $userIdColumn); + } + + // Init row output + $OUT = ''; + + // "Walk"Â through all entries + //* DEBUG: */ reportBug(__FUNCTION__, __LINE__, 'listType=
'.print_r($listType,TRUE).',tableName
'.print_r($tableName,TRUE).',columns=
'.print_r($columns,TRUE).',filterFunctions=
'.print_r($filterFunctions,TRUE).',extraValues=
'.print_r($extraValues,TRUE).',idColumn=
'.print_r($idColumn,TRUE).',userIdColumn=
'.print_r($userIdColumn,TRUE).',rawUserId=
'.print_r($rawUserId,TRUE).''); + foreach (postRequestElement($idColumn[0]) as $id => $selected) { + // Secure id number + $id = bigintval($id); + + // Get result from a given column array and table name + $result = SQL_RESULT_FROM_ARRAY($tableName[0], $columns, $idColumn[0], $id, __FUNCTION__, __LINE__); + + // Is there one entry? + if (SQL_NUMROWS($result) == 1) { + // Load all data + $content = SQL_FETCHARRAY($result); + + // Filter all data + foreach ($content as $key => $value) { + // Search index + $idx = searchXmlArray($key, $columns, 'column'); + + // Skip any missing entries + if ($idx === FALSE) { + // Skip this one + //* DEBUG: */ reportBug(__FUNCTION__, __LINE__, 'key=' . $key . ' - SKIPPED!'); + continue; + } // END - if + + //Â Is there a userid? + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + if ($key == $userIdColumn[0]) { + // Add it again as raw id + //* DEBUG: */ reportBug(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + $content[$userIdColumn[0]] = convertZeroToNull($value); + $content[$userIdColumn[0] . '_raw'] = $content[$userIdColumn[0]]; + } // END - if + + // If the key matches the idColumn variable, we need to temporary remember it + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',idColumn=' . $idColumn[0] . ',value=' . $value); + if ($key == $idColumn[0]) { + /* + * Found, so remember it securely (to make sure only id + * numbers can pass, don't use alpha-numerical values!) + */ + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'value=' . $value . ' - set as ' . $prefix . '_list_builder_id_value!'); + $GLOBALS[$prefix . '_list_builder_id_value'] = bigintval($value); + } // END - if + + // Try to handle call-back functions and/or extra values + $content[$key] = doHandleExtraValues($filterFunctions, $extraValues, $idx, $content[$key], $userIdColumn, $idx); + } // END - foreach + + // Then list it + $OUT .= loadTemplate(sprintf("%s_%s_%s_row", + $prefix, + $listType, + $tableName[0] + ), TRUE, $content + ); + } // END - if + + // Free the result + SQL_FREERESULT($result); + } // END - foreach + + // Load master template + loadTemplate(sprintf("%s_%s_%s", + $prefix, + $listType, + $tableName[0] + ), FALSE, $OUT + ); +} + +// Checks whether given URL is blacklisted +function isUrlBlacklisted ($url) { + // Mark it as not listed by default + $listed = FALSE; + + // Is black-listing enbaled? + if (!isUrlBlacklistEnabled()) { + // No, then all URLs are not in this list + return FALSE; + } elseif (!isset($GLOBALS['blacklist_data'][$url])) { + // Check black-list for given URL + $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS `blist_timestamp` FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1", + array($url), __FILE__, __LINE__); + + // Is there an entry? + if (SQL_NUMROWS($result) == 1) { + // Jupp, we got one listed + $GLOBALS['blacklist_data'][$url] = SQL_FETCHARRAY($result); + + // Mark it as listed + $listed = TRUE; + } // END - if + + // Free result + SQL_FREERESULT($result); + } else { + // Is found in cache -> black-listed + $listed = TRUE; + } + + // Return result + return $listed; +} + +// Adds key/value pair to a working SQL string together +function addKeyValueSql ($key, $value) { + // Init SQL + $sql = ''; + + // Is it NULL? + if (($value == 'NULL') || (is_null($value))) { + // Add key with NULL + $sql .= sprintf(' `%s`=NULL,', + SQL_ESCAPE($key) + ); + } elseif ((is_double($value)) || (is_float($value)) || (is_int($value))) { + // Is a number, so addd it directly + $sql .= sprintf(" `%s`=%s,", + SQL_ESCAPE($key), + $value + ); + } else { + // Else add the value escape'd + $sql .= sprintf(" `%s`='%s',", + SQL_ESCAPE($key), + SQL_ESCAPE($value) + ); + } + + // Return SQL string + return $sql; +} + // [EOF] ?>