require_once('sklad.conf.php');
set_include_path(DIR_LIB.PATH_SEPARATOR.get_include_path());
-require_once('Sklad_LMS-fake.class.php');
+require_once('Sklad_Auth.class/common.php');
require_once('HTTP_Auth.class.php');
require_once('Locale.class.php');
require_once('Barcode.class.php');
return "<img src='$src' alt='$title' title='$title'$options; />";
}
+ function img_link($src, $link='#void', $title='img_link', $internal=true, $translate=true, $options='width=64') {
+ return $this->link($this->img($src,$title,$options),$link,$internal,$translate);
+ }
+
function input($name=false, $value=false, $type='text', $placeholder=false, $options=false, $prefix='') {
$html = T($prefix)."<input type='$type' ";
if($name) $html.= "name='$name' ";
* @author Tomas Mudrunka
*/
class Sklad_HTML extends HTML { //TODO: Split into few more methods
- function header($title='') {
+ function header($title='', $user=array()) {
$home = URL_HOME;
$script = $_SERVER['SCRIPT_NAME'];
$search = htmlspecialchars(@trim($_GET['q']));
- $message = strip_tags(@trim($_GET['message']),'<a><b><u><i>');
+ $message = strip_tags(@trim($_GET['message']),'<a><b><u><i><br>');
$instance = INSTANCE_ID != '' ? '/'.INSTANCE_ID : '';
+ $user_id = htmlspecialchars($user['id']);
+ $user_gid = htmlspecialchars($user['gid']);
+ $user_name = htmlspecialchars($user['name']);
+ $time = date('r');
//$title = T($title); //TODO
$html = $this->head("SōkoMan$title");
$html .= <<<EOF
-<h1><a href="$script/">SōkoMan</a><small>$instance$title</small></h1>
+<h1 style="display: inline;"><a href="$script/">SōkoMan</a><small>$instance$title</small></h1>
+<div style="float:right; text-align:right;">
+ Logged in as <b>$user_name</b> [UID: <b>$user_id</b>; GID: <b>$user_gid</b>]<br />
+ Page loaded at $time
+</div>
<style type="text/css">
* { font-family: arial; }
foreach($image as $column) if(isset($table[$id][$column])) {
$type = @array_shift(preg_split('/_/', $column));
$src=URL_IMAGES."/$type/".$table[$id][$column].'.jpg';
- $table[$id][$type.'_image']=$this->img($src, $table[$id][$column]);
+ $table[$id][$type.'_image']=$this->img_link($src, $src, $table[$id][$column], false, false);
}
}
}
function render_barcode($barcode,$opts=false) {
- return $this->link($this->img($this->internal_url("barcode/$barcode"),$barcode,$opts),"barcode/$barcode",true,false);
+ return $this->img_link($this->internal_url("barcode/$barcode"),$this->internal_url("barcode/$barcode"),$barcode,false,false,$opts);
}
function table_add_barcodes(&$table) {
}
}
+ function table_add_relations(&$table, $class, $suffix_relations='_relations') {
+ $where_url = '%d/?where[%c]==%v';
+ $relations = array( //TODO: Autodetect???
+ 'model' => array(
+ 'model_id' => array(array('item',$where_url)),
+ 'model_barcode' => array(array('store','assistant/%d?barcode=%v')),
+ 'model_name' => array(array('google','http://google.com/search?q=%v',true))
+ ),
+ 'item' => array(
+ 'item_serial' => array(array('dispose','assistant/%d?serial=%v'),array('sell','assistant/%d?serial=%v'))
+ ),
+ 'category' => array('category_id' => array(array('item',$where_url))),
+ 'producer' => array('producer_id' => array(array('item',$where_url))),
+ 'vendor' => array('vendor_id' => array(array('item',$where_url))),
+ 'room' => array('room_id' => array(array('item',$where_url))),
+ 'status' => array('status_id' => array(array('item',$where_url)))
+ );
+ foreach($table as $id => $row) {
+ foreach($row as $column => $value) {
+ if(isset($relations[$class][$column])) {
+ foreach($relations[$class][$column] as $destination) {
+ $destination_url = str_replace(
+ array('%d','%c','%v'),
+ array(urlencode($destination[0]),urlencode($column),urlencode($value)),
+ $destination[1]
+ );
+ @$table[$id][$class.$suffix_relations] .= $this->link($destination[0], $destination_url, !isset($destination[2])).',';
+ }
+ }
+ }
+ }
+ }
+
function table_collapse(&$table) {
$collapse = array(
'item_id' => 'item_id',
$table = $table_sorted;
}
- function render_item_table($table) {
+ function render_item_table($table,$class=false) {
$this->table_add_images($table);
+ if($class) $this->table_add_relations($table,$class);
$this->table_add_barcodes($table);
$this->table_collapse($table);
$this->table_sort($table);
}
if(!isset($array[$key+1])) {
$parts[]='foot';
- }
- $args[] = true;
+ $hr = '';
+ } else $hr = '<hr />';
+ //$args[] = false;
$args[] = $parts;
$html .= call_user_func_array(array($this, 'render_insert_form'), $args);
+ $html .= $hr;
}
return $html;
}
if(!is_array($parts) || in_array('head', $parts)) {
$action = $action ? " action='$action'" : false;
$html.="<form$action method='POST'>"; //TODO: use $this->form()
-
if($multi_insert) $html.='<span><div name="input_set" style="float:left; border:1px solid grey; padding: 1px; margin: 1px;">';
+ $html.='<span><div name="input_set" style="float:left; border:1px solid grey; padding: 1px; margin: 1px;">';
}
if(!is_array($parts) || in_array('inputs', $parts))
$html.=$this->render_insert_inputs($class,$columns,$selectbox,$current,$hidecols,$update);
if(!is_array($parts) || in_array('foot', $parts)) {
+ $html .= '</div></span><br style="clear:both" />';
if($multi_insert) { //TODO, move to separate JS file
$html.=<<<EOF
- </div></span>
- <br style="clear:both" />
<script>
function duplicate_element(what, where) {
var node = document.getElementsByName(what)[0];
*/
class Sklad_DB extends PDO {
function __construct() {
- $this->lms = new Sklad_LMS();
+ $this->auth = new Sklad_Auth();
parent::__construct(
DB_DSN, DB_USER, DB_PASS,
return preg_replace('(^.|.$)', '', $this->quote($str)); //TODO HACK
}
+ function quote_identifier($str) {
+ return '`'.$this->escape($str).'`'; //TODO HACK
+ }
+
function build_query_select($class, $id=false, $limit=false, $offset=0, $where=false, $search=false, $history=false, $order=false, $suffix_id='_id') {
//Configuration
$join = array(
'item' => array('item_id','item_serial','model_name','model_barcode','model_descript','producer_name','vendor_name')
); //TODO Autodetect
+ //Init
+ if(is_array($where)) foreach($where as $key => $value) $where[$key] = $key.' '.$value; //TODO: escape SQLi!!!
+
//Escaping
$class = $this->escape($class);
//SELECT
- $sql="SELECT * FROM $class\n";
+ $sql="SELECT * FROM `$class`\n";
//JOIN
- if(isset($join[$class])) foreach($join[$class] as $j) $sql .= "LEFT JOIN $j USING($j$suffix_id)\n";
+ if(isset($join[$class])) foreach($join[$class] as $j) $sql .= "LEFT JOIN `$j` USING($j$suffix_id)\n";
//WHERE/REGEXP
if($search) {
$search = $this->quote($search);
$sql .= " WHERE ${table}_valid_till=0 AND (";
$or = '';
foreach($values as $row) {
- $sql .= $or.' '.$table.'_id='.$row[$table.'_id'];
+ $sql .= $or.' '.$table.'_id='.$this->quote($row[$table.'_id']);
$or = ' OR';
}
$sql .= " );\n\n";
$row_quoted[$column] = '0';
break;
case $table.'_author':
- $row_quoted[$column] = $this->lms->get_authorized_user_id();
- //die($this->lms->get_authorized_user_id().'=USER');
+ $row_quoted[$column] = $this->auth->get_user_id();
+ //die($this->auth->get_user_id().'=USER');
break;
}
}
}
function render_items($class, $id=false, $limit=false, $offset=0, $where=false, $search=false, $history=false) {
- return $this->html->render_item_table($this->db->get_listing($class, $id, $limit, $offset, $where, $search, $history, false));
+ return $this->html->render_item_table($this->db->get_listing($class, $id, $limit, $offset, $where, $search, $history, false),$class);
}
function render_form_add($class) {
}
function check_auth() {
- new HTTP_Auth('SkladovejSystem', true, array($this->db->lms,'check_auth'));
+ new HTTP_Auth('SkladovejSystem', true, array($this->db->auth,'check_auth'));
}
- function post_redirect_get($location, $message='', $error=false) {
- $url_args = $message != '' ? '?message='.urlencode(T($message)) : '';
+ function post_redirect_get($location, $message='', $error=false, $translate=true) {
+ $messaget = $translate ? T($message) : $message;
+ $url_args = $messaget != '' ? '?message='.urlencode($messaget) : '';
$location = $this->html->internal_url($location).$url_args;
header('Location: '.$location);
if($error) trigger_error($message);
$location=htmlspecialchars($location);
die(
"<meta http-equiv='refresh' content='0; url=$location'>".
-
T($message)."<br />Location: <a href='$location'>$location</a>"
+
$messaget."<br />Location: <a href='$location'>$location</a>"
);
}
return $out;
}
+ function check_input_validity($field, $value='', $ruleset=0) {
+ $rules = array(0 => array(
+ 'model_barcode' => '/./',
+ 'item_serial' => '/./'
+ ));
+ if(isset($rules[$ruleset][$field]) && !preg_match($rules[$ruleset][$field], trim($value))) return false;
+ return true;
+ }
+
function process_http_request_post($action=false, $class=false, $id=false, $force_redirect=false) {
if($_SERVER['REQUEST_METHOD'] != 'POST') return;
//echo('<pre>'); //DEBUG (maybe todo remove), HEADERS ALREADY SENT!!!!
$values=array();
foreach($_POST['values'] as $table => $columns) {
foreach($columns as $column => $ids) {
- foreach($ids as $id => $val) $values[$table][$id][$column] = $val;
+ foreach($ids as $id => $val) {
+ $values[$table][$id][$column] = trim($val);
+ if(!$this->check_input_validity($column,$val)) {
+ $message = "Spatny vstup: $column [$id] = \"$val\"; ". //XSS
+ $this->html->link('GO BACK', 'javascript:history.back()', false, false);
+ $this->post_redirect_get('', $message, false, false);
+ }
+ }
}
}
//die(print_r($values));
$PATH_CHUNKS = preg_split('/\//', $PATH_INFO);
//Sephirot:
if(!isset($PATH_CHUNKS[1])) $PATH_CHUNKS[1]='';
- if($_SERVER['REQUEST_METHOD'] != 'POST' && $PATH_CHUNKS[1]!='barcode') echo $this->html->header($PATH_INFO); //TODO: tyhle podminky naznacujou, ze je v navrhu nejaka drobna nedomyslenost...
+ if($_SERVER['REQUEST_METHOD'] != 'POST' && $PATH_CHUNKS[1]!='barcode') //TODO: tyhle podminky naznacujou, ze je v navrhu nejaka drobna nedomyslenost...
+ echo $this->html->header($PATH_INFO,$this->db->auth->get_user());
switch($PATH_CHUNKS[1]) { //TODO: Move some branches to plugins if possible
case 'test': //test
die('Tell me why you cry');
$assistant_vars['SUBPATH'] = array_slice($PATH_CHUNKS, 3);
$assistant_vars['URL_INTERNAL'] = 'assistant/'.$PATH_CHUNKS[2];
$assistant_vars['URL'] = $_SERVER['SCRIPT_NAME'].'/'.$assistant_vars['URL_INTERNAL'];
+ $assistant_vars['ASSISTANT'] = $PATH_CHUNKS[2];
echo $this->safe_include(DIR_ASSISTANTS,$PATH_CHUNKS[2],$assistant_vars);
break;
case 'barcode': //barcode
$history = $PATH_CHUNKS[3] == 'history' ? true : false;
$limit = (int) (isset($PATH_CHUNKS[3]) ? $PATH_CHUNKS[3] : '0');
$offset = (int) (isset($PATH_CHUNKS[4]) ? $PATH_CHUNKS[4] : '0');
- $where = false; //TODO get from URL
+ $where = @is_array($_GET['where']) ? $_GET['where'] : false;
echo $this->render_items($class, $id, $limit, $offset, $where, $search, $history);
echo $this->render_listing_extensions($class, $id, $limit, $offset, $edit);
//print_r(array("<pre>",$_SERVER));
GIT.Harvie.CZ / mirrors / SokoMan.git / blobdiff