[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgwapi/inc class.accounts_sql.inc.php,1.80.2.8
From: |
Bettina Gille <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: phpgwapi/inc class.accounts_sql.inc.php,1.80.2.8.2.2,1.80.2.8.2.3 class.categories.inc.php,1.74.2.20.2.1,1.74.2.20.2.2 |
Date: |
Thu, 01 May 2003 19:24:11 -0400 |
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv15100
Modified Files:
Tag: Version-0_9_16-branch
class.accounts_sql.inc.php class.categories.inc.php
Log Message:
update cats
Index: class.accounts_sql.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.accounts_sql.inc.php,v
retrieving revision 1.80.2.8.2.2
retrieving revision 1.80.2.8.2.3
diff -C2 -r1.80.2.8.2.2 -r1.80.2.8.2.3
*** class.accounts_sql.inc.php 1 Apr 2003 01:37:33 -0000 1.80.2.8.2.2
--- class.accounts_sql.inc.php 1 May 2003 23:24:09 -0000 1.80.2.8.2.3
***************
*** 1,27 ****
<?php
! /**************************************************************************\
! * phpGroupWare API - Accounts manager for SQL *
! * This file written by Joseph Engo <address@hidden> *
! * and Dan Kuykendall <address@hidden> *
! * View and manipulate account records using SQL *
! * Copyright (C) 2000, 2001 Joseph Engo *
! * -------------------------------------------------------------------------*
! * This library is part of the phpGroupWare API *
! * http://www.phpgroupware.org/api
*
! * ------------------------------------------------------------------------ *
! * This library is free software; you can redistribute it and/or modify it *
! * under the terms of the GNU Lesser General Public License as published by *
! * the Free Software Foundation; either version 2.1 of the License, *
! * or any later version. *
! * This library is distributed in the hope that it will be useful, but *
! * WITHOUT ANY WARRANTY; without even the implied warranty of *
! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
! * See the GNU Lesser General Public License for more details. *
! * You should have received a copy of the GNU Lesser General Public License *
! * along with this library; if not, write to the Free Software Foundation, *
! * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
! \**************************************************************************/
!
! /* $Id$ */
/*!
--- 1,26 ----
<?php
!
/**************************************************************************\
! * phpGroupWare API - Accounts manager for SQL
*
! * This file written by Joseph Engo <address@hidden> *
! * and Dan Kuykendall <address@hidden> *
! * View and manipulate account records using SQL
*
! * Copyright (C) 2000 - 2003 Joseph Engo
*
! *
-------------------------------------------------------------------------*
! * This library is part of the phpGroupWare API
*
! * http://www.phpgroupware.org
*
! *
------------------------------------------------------------------------ *
! * This library is free software; you can redistribute it and/or modify
it *
! * under the terms of the GNU Lesser General Public License as published
by *
! * the Free Software Foundation; either version 2.1 of the License,
*
! * or any later version.
*
! * This library is distributed in the hope that it will be useful, but
*
! * WITHOUT ANY WARRANTY; without even the implied warranty of
*
! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
! * See the GNU Lesser General Public License for more details.
*
! * You should have received a copy of the GNU Lesser General Public
License *
! * along with this library; if not, write to the Free Software
Foundation, *
! * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
!
\**************************************************************************/
! /* $Id$ */
/*!
***************
*** 451,454 ****
--- 450,467 ----
$lname = $account_name[$account_id]['lname'];
return;
+ }
+
+ function get_account_data($account_id)
+ {
+ $this->account_id = $account_id;
+ $this->read_repository();
+
+ $data[$this->data['account_id']]['lid'] =
$this->data['account_lid'];
+ $data[$this->data['account_id']]['firstname'] =
$this->data['firstname'];
+ $data[$this->data['account_id']]['lastname'] =
$this->data['lastname'];
+ $data[$this->data['account_id']]['fullname'] =
$this->data['fullname'];
+ $data[$this->data['account_id']]['type'] =
$this->data['account_type'];
+
+ return $data;
}
}
Index: class.categories.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.categories.inc.php,v
retrieving revision 1.74.2.20.2.1
retrieving revision 1.74.2.20.2.2
diff -C2 -r1.74.2.20.2.1 -r1.74.2.20.2.2
*** class.categories.inc.php 30 Apr 2003 03:28:52 -0000 1.74.2.20.2.1
--- class.categories.inc.php 1 May 2003 23:24:09 -0000 1.74.2.20.2.2
***************
*** 5,9 ****
* and Bettina Gille address@hidden *
* Category manager
*
! * Copyright (C) 2000 - 2002 Joseph Engo
*
*
------------------------------------------------------------------------ *
* This library is part of the phpGroupWare API
*
--- 5,9 ----
* and Bettina Gille address@hidden *
* Category manager
*
! * Copyright (C) 2000 - 2003 Joseph Engo
*
*
------------------------------------------------------------------------ *
* This library is part of the phpGroupWare API
*
***************
*** 55,59 ****
$this->account_id = $account_id;
! $this->app_name = $app_name;
$this->db = $GLOBALS['phpgw']->db;
$this->db2 = $this->db;
--- 55,59 ----
$this->account_id = $account_id;
! $this->app_name =
$GLOBALS['phpgw']->db->db_addslashes($app_name);
$this->db = $GLOBALS['phpgw']->db;
$this->db2 = $this->db;
***************
*** 71,80 ****
switch ($type)
{
! case 'subs': $s = " AND cat_parent
!= '0'"; break;
! case 'mains': $s = " AND cat_parent =
'0'"; break;
! case 'appandmains': $s = " AND
cat_appname='" . $this->app_name . "' AND cat_parent ='0'"; break;
! case 'appandsubs': $s = " AND
cat_appname='" . $this->app_name . "' AND cat_parent !='0'"; break;
case 'noglobal': $s = " AND cat_appname
!= '" . $this->app_name . "'"; break;
! case 'noglobalapp': $s = " AND cat_appname
= '" . $this->app_name . "' AND cat_owner != '" . $this->account_id . "'";
break;
default: return False;
}
--- 71,80 ----
switch ($type)
{
! case 'subs': $s = ' AND cat_parent
!= 0'; break;
! case 'mains': $s = ' AND cat_parent =
0'; break;
! case 'appandmains': $s = " AND
cat_appname='" . $this->app_name . "' AND cat_parent =0"; break;
! case 'appandsubs': $s = " AND
cat_appname='" . $this->app_name . "' AND cat_parent !=0"; break;
case 'noglobal': $s = " AND cat_appname
!= '" . $this->app_name . "'"; break;
! case 'noglobalapp': $s = " AND cat_appname
= '" . $this->app_name . "' AND cat_owner != " . $this->account_id; break;
default: return False;
}
***************
*** 93,100 ****
{
case 'app': $w = " WHERE
cat_appname='" . $this->app_name . "'"; break;
! case 'appandmains': $w = " WHERE
cat_appname='" . $this->app_name . "' AND cat_parent ='0'"; break;
! case 'appandsubs': $w = " WHERE
cat_appname='" . $this->app_name . "' AND cat_parent !='0'"; break;
! case 'subs': $w = " WHERE cat_parent
!= '0'"; break;
! case 'mains': $w = " WHERE cat_parent
= '0'"; break;
default: return False;
}
--- 93,100 ----
{
case 'app': $w = " WHERE
cat_appname='" . $this->app_name . "'"; break;
! case 'appandmains': $w = " WHERE
cat_appname='" . $this->app_name . "' AND cat_parent =0"; break;
! case 'appandsubs': $w = " WHERE
cat_appname='" . $this->app_name . "' AND cat_parent !=0"; break;
! case 'subs': $w = ' WHERE cat_parent
!= 0'; break;
! case 'mains': $w = ' WHERE cat_parent
= 0'; break;
default: return False;
}
***************
*** 118,123 ****
@result $cats array
*/
! function return_array($type,$start,$limit = True,$query =
'',$sort = '',$order = '',$globals = False, $parent_id = '')
{
if ($globals)
{
--- 118,129 ----
@result $cats array
*/
! function return_array($type,$start,$limit = True,$query =
'',$sort = '',$order = '',$globals = False, $parent_id = '', $lastmod = -1)
{
+ //casting and addslashes for security - $parent_id is
done later on - so it doesn't break
+ $start = intval($start);
+ $query = $this->db->db_addslashes($query);
+ $sort = $this->db->db_addslashes($sort);
+ $order = $this->db->db_addslashes($order);
+
if ($globals)
{
***************
*** 143,147 ****
if ($this->account_id == '-1')
{
! $grant_cats = " cat_owner='-1' ";
}
else
--- 149,153 ----
if ($this->account_id == '-1')
{
! $grant_cats = ' cat_owner=-1 ';
}
else
***************
*** 165,169 ****
if (strlen($parent_id) != 0)
{
! $parent_filter = " AND cat_parent='$parent_id'";
}
--- 171,176 ----
if (strlen($parent_id) != 0)
{
! $parent_id = intval($parent_id);
! $parent_filter = ' AND cat_parent=' .
$parent_id;
}
***************
*** 172,175 ****
--- 179,186 ----
$querymethod = " AND (cat_name LIKE '%$query%'
OR cat_description LIKE '%$query%') ";
}
+ if($lastmod >= 0)
+ {
+ $querymethod .= ' AND lastmod > ' . $lastmod;
+ }
$sql = "SELECT * from phpgw_categories WHERE
(cat_appname='" . $this->app_name . "' AND" . $grant_cats . $global_cats . ")"
***************
*** 201,204 ****
--- 212,216 ----
$cats[$i]['description'] =
$this->db->f('cat_description');
$cats[$i]['data'] =
$this->db->f('cat_data');
+ $cats[$i]['last_mod'] =
$this->db->f('last_mod');
$i++;
}
***************
*** 208,211 ****
--- 220,230 ----
function return_sorted_array($start,$limit = True,$query =
'',$sort = '',$order = '',$globals = False, $parent_id = '')
{
+ //casting and slashes for security
+ $start = (int) $start;
+ $query = $this->db->db_addslashes($query);
+ $sort = $this->db->db_addslashes($sort);
+ $order = $this->db->db_addslashes($order);
+ $parent_id = (int) $parent_id;
+
if ($globals)
{
***************
*** 249,260 ****
}
! if ($parent_id)
! {
! $parent_select = " AND cat_parent='$parent_id'";
! }
! else
! {
! $parent_select = " AND cat_parent='0'";
! }
if ($query)
--- 268,272 ----
}
! $parent_select = ' AND cat_parent=' . $parent_id;
if ($query)
***************
*** 297,301 ****
for ($i=0;$i < $num_cats;$i++)
{
! $sub_select = " AND cat_parent='" .
$cats[$i]['id'] . "' AND cat_level='" . ($cats[$i]['level']+1) . "'";
$this->db2->query($sql .
$sub_select,__LINE__,__FILE__);
--- 309,313 ----
for ($i=0;$i < $num_cats;$i++)
{
! $sub_select = ' AND cat_parent=' .
$cats[$i]['id'] . ' AND cat_level=' . ($cats[$i]['level']+1);
$this->db2->query($sql .
$sub_select,__LINE__,__FILE__);
***************
*** 494,500 ****
function add($cat_values)
{
if ($cat_values['parent'] && $cat_values['parent'] != 0)
{
- $cat_values['main'] =
$this->id2name($cat_values['parent'],'main');
$cat_values['level'] =
$this->id2name($cat_values['parent'],'level')+1;
}
--- 506,516 ----
function add($cat_values)
{
+
+ $cat_values['parent'] = (int) $cat_values['parent'];
+ $cat_values['level'] = 0;
+ $cat_values['main'] = (int) $cat_values['parent'];
+
if ($cat_values['parent'] && $cat_values['parent'] != 0)
{
$cat_values['level'] =
$this->id2name($cat_values['parent'],'level')+1;
}
***************
*** 506,516 ****
{
$id_col = 'cat_id,';
! $id_val = $cat_values['id'].',';
}
$this->db->query("INSERT INTO phpgw_categories ($id_col
cat_parent,cat_owner,cat_access,cat_appname,cat_name,cat_description,cat_data,"
! . "cat_main,cat_level) VALUES ($id_val '" .
$cat_values['parent'] . "','" . $this->account_id . "','" .
$cat_values['access']
! . "','" . $this->app_name . "','" .
$cat_values['name'] . "','" . $cat_values['descr'] . "','" . $cat_values['data']
! . "','" . $cat_values['main'] . "','" .
$cat_values['level'] . "')",__LINE__,__FILE__);
if (isset($cat_values['id']))
--- 522,534 ----
{
$id_col = 'cat_id,';
! $id_val = (int) $cat_values['id'].',';
}
+ $cat_values['data'] = (int) $cat_values['data'];
+
$this->db->query("INSERT INTO phpgw_categories ($id_col
cat_parent,cat_owner,cat_access,cat_appname,cat_name,cat_description,cat_data,"
! . "cat_main,cat_level, last_mod) VALUES
($id_val " . $cat_values['parent'] . ", $this->account_id,'" .
$cat_values['access']
! . "','" . $this->app_name . "','" .
$cat_values['name'] . "','" . $cat_values['descr'] . "'," . $cat_values['data']
! . "," . $cat_values['main'] . "," .
$cat_values['level'] . "," . time() . ")",__LINE__,__FILE__);
if (isset($cat_values['id']))
***************
*** 525,530 ****
if (!$cat_values['parent'] || $cat_values['parent'] ==
0)
{
! $this->db->query("UPDATE phpgw_categories SET
cat_main='" . $max . "' WHERE cat_id='"
! . $max .
"'",__LINE__,__FILE__);
}
return $max;
--- 543,547 ----
if (!$cat_values['parent'] || $cat_values['parent'] ==
0)
{
! $this->db->query('UPDATE phpgw_categories SET
cat_main=' . $max . ' WHERE cat_id=' . $max,__LINE__,__FILE__);
}
return $max;
***************
*** 538,547 ****
/*function delete($cat_id,$subs = False)
{
if ($subs)
{
! $subdelete = " OR cat_parent='$cat_id' OR
cat_main='$cat_id' ";
}
! $this->db->query("DELETE FROM phpgw_categories WHERE
cat_id='$cat_id' $subdelete AND cat_appname='"
. $this->app_name .
"'",__LINE__,__FILE__);
} */
--- 555,565 ----
/*function delete($cat_id,$subs = False)
{
+ $cat_id = (int) $cat_id;
if ($subs)
{
! $subdelete = ' OR cat_parent=' . $cat_id . ' OR
cat_main=' . $cat_id . ' ';
}
! $this->db->query("DELETE FROM phpgw_categories WHERE
cat_id=$cat_id $subdelete AND cat_appname='"
. $this->app_name .
"'",__LINE__,__FILE__);
} */
***************
*** 549,552 ****
--- 567,571 ----
function delete($cat_id, $drop_subs = False, $modify_subs =
False)
{
+ $cat_id = (int) $cat_id;
if ($drop_subs)
{
***************
*** 564,569 ****
if ($cats[$i]['level'] == 1)
{
! $this->db->query("UPDATE
phpgw_categories set cat_level=0, cat_parent=0, cat_main='" .
intval($cats[$i]['id'])
!
. "' WHERE cat_id='" . intval($cats[$i]['id']) . "' AND cat_appname='" .
$this->app_name . "'",__LINE__,__FILE__);
$new_main = $cats[$i]['id'];
}
--- 583,588 ----
if ($cats[$i]['level'] == 1)
{
! $this->db->query('UPDATE
phpgw_categories set cat_level=0, cat_parent=0, cat_main=' .
intval($cats[$i]['id'])
!
. ' WHERE cat_id=' . intval($cats[$i]['id']) . " AND cat_appname='" .
$this->app_name . "'",__LINE__,__FILE__);
$new_main = $cats[$i]['id'];
}
***************
*** 580,590 ****
}
! $this->db->query("UPDATE
phpgw_categories set cat_level='" . ($cats[$i]['level']-1) . "'" . $update_main
. $update_parent
!
. " WHERE cat_id='" . intval($cats[$i]['id']) . "' AND cat_appname='" .
$this->app_name . "'",__LINE__,__FILE__);
}
}
}
! $this->db->query("DELETE FROM phpgw_categories WHERE
cat_id='" . $cat_id . $subdelete . "'AND cat_appname='"
. $this->app_name .
"'",__LINE__,__FILE__);
}
--- 599,609 ----
}
! $this->db->query('UPDATE
phpgw_categories set cat_level=' . ($cats[$i]['level']-1) . $update_main .
$update_parent
!
. ' WHERE cat_id=' . intval($cats[$i]['id']) . " AND cat_appname='" .
$this->app_name . "'",__LINE__,__FILE__);
}
}
}
! $this->db->query('DELETE FROM phpgw_categories WHERE
cat_id=' . $cat_id . $subdelete . "' AND cat_appname='"
. $this->app_name .
"'",__LINE__,__FILE__);
}
***************
*** 624,628 ****
$sql = "UPDATE phpgw_categories SET cat_name='" .
$cat_values['name'] . "', cat_description='" . $cat_values['descr']
. "', cat_data='" . $cat_values['data'] . "',
cat_parent='" . $cat_values['parent'] . "', cat_access='"
! . $cat_values['access'] . "', cat_main=" .
$cat_values['main'] . ", cat_level=" . $cat_values['level']
. " WHERE cat_appname='" . $this->app_name . "'
AND cat_id=" . intval($cat_values['id']);
--- 643,648 ----
$sql = "UPDATE phpgw_categories SET cat_name='" .
$cat_values['name'] . "', cat_description='" . $cat_values['descr']
. "', cat_data='" . $cat_values['data'] . "',
cat_parent='" . $cat_values['parent'] . "', cat_access='"
! . $cat_values['access'] . "', cat_main=" .
$cat_values['main'] . ", cat_level=" . $cat_values['level'] .', '
! . 'last_mod = ' . time()
. " WHERE cat_appname='" . $this->app_name . "'
AND cat_id=" . intval($cat_values['id']);
***************
*** 648,652 ****
function id2name($cat_id = '', $item = 'name')
{
! if ($cat_id == '')
{
return '--';
--- 668,673 ----
function id2name($cat_id = '', $item = 'name')
{
! $cat_id = (int) $cat_id;
! if ($cat_id == 0)
{
return '--';
***************
*** 661,665 ****
}
! $this->db->query("SELECT $value FROM phpgw_categories
WHERE cat_id='" . $cat_id . "'",__LINE__,__FILE__);
$this->db->next_record();
--- 682,686 ----
}
! $this->db->query("SELECT $value FROM phpgw_categories
WHERE cat_id=" . $cat_id,__LINE__,__FILE__);
$this->db->next_record();
***************
*** 698,701 ****
--- 719,723 ----
function exists($type,$cat_name = '',$cat_id = '')
{
+ $cat_id = (int) $cat_id;
$filter = $this->filter($type);
***************
*** 707,716 ****
if ($cat_id)
{
! $cat_exists = " cat_parent='$cat_id' ";
}
if ($cat_name && $cat_id)
{
! $cat_exists = " cat_name='" .
$this->db->db_addslashes($cat_name) . "' AND cat_id != '$cat_id' ";
}
--- 729,738 ----
if ($cat_id)
{
! $cat_exists = ' cat_parent=' . $cat_id;
}
if ($cat_name && $cat_id)
{
! $cat_exists = " cat_name='" .
$this->db->db_addslashes($cat_name) . "' AND cat_id != $cat_id ";
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgwapi/inc class.accounts_sql.inc.php,1.80.2.8.2.2,1.80.2.8.2.3 class.categories.inc.php,1.74.2.20.2.1,1.74.2.20.2.2,
Bettina Gille <address@hidden> <=
- Prev by Date:
[Phpgroupware-cvs] CVS: phpgwapi/setup setup.inc.php,1.37.2.6.2.5,1.37.2.6.2.6 tables_current.inc.php,1.32.2.6.2.4,1.32.2.6.2.5 tables_update.inc.php,1.53.2.9.2.7,1.53.2.9.2.8
- Next by Date:
[Phpgroupware-cvs] CVS: phpgwapi/inc class.accounts_ldap.inc.php,1.101.2.13.2.1,1.101.2.13.2.2
- Previous by thread:
[Phpgroupware-cvs] CVS: phpgwapi/setup setup.inc.php,1.37.2.6.2.5,1.37.2.6.2.6 tables_current.inc.php,1.32.2.6.2.4,1.32.2.6.2.5 tables_update.inc.php,1.53.2.9.2.7,1.53.2.9.2.8
- Next by thread:
[Phpgroupware-cvs] CVS: phpgwapi/inc class.accounts_ldap.inc.php,1.101.2.13.2.1,1.101.2.13.2.2
- Index(es):