"; // affichage du tableau des procédures $query = "SELECT idproc, name, requete, comment, autorisations, autorisations_all, libproc_classement, num_classement FROM procs left join procs_classements on idproc_classement=num_classement ORDER BY libproc_classement,name "; $result = pmb_mysql_query($query); $class_prec=$msg['proc_clas_aucun']; $buf_tit=""; $buf_contenu=""; $buf_class=0; $parity=1; while($row = pmb_mysql_fetch_object($result)) { $rqt_autorisation=explode(" ",$row->autorisations); if ((static::$module=='admin' && ($PMBuserid==1 || $row->autorisations_all || array_search ($PMBuserid, $rqt_autorisation)!==FALSE)) || (static::$module=='edit' && ($PMBuserid==1 || $row->autorisations_all || array_search ($PMBuserid, $rqt_autorisation)!==FALSE) && pmb_strtolower(pmb_substr(trim($row->requete),0,6))=='select')) { $classement=$row->libproc_classement; if ($class_prec!=$classement) { if (!$row->libproc_classement) $row->libproc_classement=$msg['proc_clas_aucun']; if ($buf_tit) { $buf_contenu="".$buf_contenu."

".$buf_tit."

"; $buf_contenu.="

"; $maximise = false; if ($form_classement == $buf_class) { $maximise = true; } $display .= gen_plus("procclass".$buf_class,$buf_tit,$buf_contenu,$maximise); $buf_contenu=""; } $buf_tit=$row->libproc_classement; $buf_class=$row->num_classement; $class_prec=$classement; } if ($parity % 2) { $pair_impair = "even"; } else { $pair_impair = "odd"; } $parity += 1; $tr_javascript=" onmouseover=\"this.className='surbrillance'\" onmouseout=\"this.className='$pair_impair'\" "; $buf_contenu.="\n"; if(static::$module=='edit') { $action = "onmousedown=\"document.location='./edit.php?categ=procs&sub=&action=execute&id_proc=".$row->idproc."';\""; $buf_contenu.=" ".$row->name."
".$row->comment." "; } else { $action = "onmousedown=\"document.location='".static::format_url("&action=modif&id=".$row->idproc)."';\""; $buf_contenu.=" idproc)."'\" /> ".$row->name."
".$row->comment." "; if (preg_match_all("|!!(.*)!!|U",$row->requete,$query_parameters)) { $buf_contenu.=" ".$msg["procs_options_config_param"].""; } else { $buf_contenu.=""; } $buf_contenu.=""; $buf_contenu.="idproc."'\" />"; } $buf_contenu.=""; } } $buf_contenu="".$buf_contenu."

".$buf_tit."

"; $buf_contenu.="

"; $maximise = false; if ($form_classement == $buf_class) { $maximise = true; } $display .= gen_plus("procclass".$buf_class,$buf_tit,$buf_contenu,$maximise); return $display; } public static function create() { global $msg; global $f_proc_name; global $f_proc_code; global $f_proc_comment; global $userautorisation; global $autorisations_all; global $form_classement; global $form_notice_tpl; global $form_notice_tpl_field; if($f_proc_name && $f_proc_code) { $query = "SELECT count(1) FROM ".static::$table." WHERE name='$f_proc_name' "; $result = pmb_mysql_query($query); $nbr_lignes = pmb_mysql_result($result, 0, 0); if(!$nbr_lignes) { if (is_array($userautorisation)) { $autorisations=implode(" ",$userautorisation); } else { $autorisations=''; } $autorisations_all += 0; $param_name=parameters::check_param($f_proc_code); if ($param_name!==true) { error_message_history($param_name, sprintf($msg["proc_param_check_field_name"],$param_name), 1); exit(); } $query = "INSERT INTO ".static::$table." (idproc,name,requete,comment,autorisations,autorisations_all,num_classement, proc_notice_tpl, proc_notice_tpl_field) VALUES ('', '$f_proc_name', '$f_proc_code', '$f_proc_comment', '$autorisations', '".$autorisations_all."', '$form_classement', '$form_notice_tpl', '$form_notice_tpl_field' ) "; pmb_mysql_query($query); } else { print ""; print ""; } } } public static function update($id) { global $msg; global $f_proc_name; global $f_proc_code; global $f_proc_comment; global $userautorisation; global $autorisations_all; global $form_classement; global $form_notice_tpl; global $form_notice_tpl_field; $id += 0; if($id) { if (is_array($userautorisation)) { $autorisations=implode(" ",$userautorisation); } else { $autorisations=""; } $autorisations_all += 0; $param_name=parameters::check_param($f_proc_code); if ($param_name!==true) { error_message_history($param_name, sprintf($msg["proc_param_check_field_name"],$param_name), 1); exit(); } $query = "UPDATE ".static::$table." SET name='$f_proc_name',requete='$f_proc_code',comment='$f_proc_comment' , autorisations='$autorisations', autorisations_all='".$autorisations_all."', num_classement='$form_classement', proc_notice_tpl='$form_notice_tpl', proc_notice_tpl_field='$form_notice_tpl_field' WHERE idproc=$id "; pmb_mysql_query($query); return true; } return false; } public static function get_proc_form($id=0) { global $msg; global $admin_proc_content_form; global $charset; global $PMBuserid; global $num_classement; $id = intval($id); $content_form = $admin_proc_content_form; $interface_form = new interface_admin_form('maj_proc'); if(!$id){ $interface_form->set_label($msg['704']); }else{ $interface_form->set_label($msg['procs_modification']); } $name = ''; $autorisations = array(); if($id) { $query = "SELECT idproc, name, requete, comment, autorisations, autorisations_all, num_classement, proc_notice_tpl, proc_notice_tpl_field FROM ".static::$table." WHERE idproc=".$id; $result = pmb_mysql_query($query); if(pmb_mysql_num_rows($result)) { $row = pmb_mysql_fetch_object($result); $name = $row->name; $autorisations_donnees=explode(" ",$row->autorisations); $query_users = "SELECT userid, username FROM users order by username "; $result_users = pmb_mysql_query($query_users); $all_users=array(); while (list($all_userid,$all_username)=pmb_mysql_fetch_row($result_users)) { $all_users[]=array($all_userid,$all_username); } for ($i=0 ; $iname,ENT_QUOTES, $charset), $content_form); $content_form = str_replace('!!code!!', htmlentities($row->requete,ENT_QUOTES, $charset), $content_form); $content_form = str_replace('!!comment!!', htmlentities($row->comment,ENT_QUOTES, $charset), $content_form); $sel_notice_tpl=""; $content_form = str_replace('!!notice_tpl!!',$sel_notice_tpl, $content_form); $num_classement = $row->num_classement; } } else { $query_users = "SELECT userid, username FROM users order by username "; $result_users = pmb_mysql_query($query_users); $all_users=array(); while (list($all_userid,$all_username)=pmb_mysql_fetch_row($result_users)) { if($all_userid == $PMBuserid) { //On autorise l'utilisateur courant par défaut $autorisations[]=array(1, $all_userid,$all_username); } else { $autorisations[]=array(0, $all_userid,$all_username); } } $content_form = str_replace('!!name!!', '', $content_form); $content_form = str_replace('!!code!!', '', $content_form); $content_form = str_replace('!!comment!!', '', $content_form); $sel_notice_tpl=""; $content_form = str_replace('!!notice_tpl!!',$sel_notice_tpl, $content_form); $num_classement = intval($num_classement); } $content_form = str_replace('!!id!!', $id, $content_form); $autorisations_users=""; $id_check_list=''; foreach ($autorisations as $row_number => $row_data) { $id_check="auto_".$row_data[1]; if($id_check_list)$id_check_list.='|'; $id_check_list.=$id_check; if ($row_data[0]) $autorisations_users.=" ".$row_data[2]." "; else $autorisations_users.=" ".$row_data[2]." "; } $autorisations_users.=""; $content_form = str_replace('!!autorisations_users!!', $autorisations_users, $content_form); $content_form = str_replace('!!autorisations_all!!', ($row->autorisations_all ? "checked='checked'" : ""), $content_form); $combo_clas= gen_liste ("SELECT idproc_classement,libproc_classement FROM procs_classements ORDER BY libproc_classement ", "idproc_classement", "libproc_classement", "form_classement", "", $num_classement, 0, $msg['proc_clas_aucun'],0, $msg['proc_clas_aucun']) ; $content_form = str_replace('!!classement!!', $combo_clas, $content_form); $interface_form->set_object_id($id) ->set_confirm_delete_msg($msg['confirm_suppr_de']." ".$name." ?") ->set_content_form($content_form) ->set_table_name(static::$table) ->set_field_focus('f_proc_name'); $interface_form->add_action_extension('execute_button', $msg['708'], './admin.php?categ=proc&sub=proc&action=execute&id='.$id); return $interface_form->get_display(); } public static function delete($id) { $id += 0; if($id) { $query = "DELETE FROM ".static::$table." WHERE idproc=".$id; pmb_mysql_query($query); return true; } return false; } public static function optimize() { $query = "OPTIMIZE TABLE ".static::$table; pmb_mysql_query($query); } public static function run_form($id) { global $msg; global $charset; global $force_exec; $hp=new parameters($id,static::$table); if (preg_match_all("|!!(.*)!!|U",$hp->proc->requete,$query_parameters)) $hp->gen_form(static::format_url("&action=final&id=".$id."&force_exec=".$force_exec)); else echo ""; } public static function get_form_after_execution($id, $name, $code, $commentaire, $is_external = false) { global $msg, $charset; $form = ''; if (!$is_external) { $form .= "

".htmlentities($msg["procs_execute"]." ".$name, ENT_QUOTES, $charset)."

$name : $commentaire

"; } else { $form .= "

".htmlentities($msg["remote_procedures_executing"]." ".$name, ENT_QUOTES, $charset)."

".htmlentities($commentaire, ENT_QUOTES, $charset)."

"; } return $form; } public static function run_query($query_code) { global $msg; global $pmb_procs_force_execution; global $force_exec, $PMBuserid; global $urlbase; global $erreur_explain_rqt; global $sortfield; $linetemp = explode(";", $query_code); for ($i=0;$i $valeur) { if($valeur) { // traitement tri des colonnes if ($sortfield != "") { // on cherche à trier sur le champ $trifield // compose la chaîne de tri $tri = $sortfield; if ($desc == 1) $tri .= " DESC"; else $tri .= " ASC"; // on enlève les doubles espaces dans la procédure $valeur = preg_replace("/\s+/", " ", $valeur); // supprime un éventuel ; à la fin de la requête $valeur = preg_replace("/;$/", "", $valeur); // on recherche la première occurence de ORDER BY $s = stristr($valeur, "order by"); if ($s) { // y'a déjà une clause order by... moins facile... // il faut qu'on sache si on aura besoin de mettre une virgule ou pas if ( preg_match("#,#", $s) ) { $virgule = true; } else if ( ! preg_match("${sortfield}", $s)) { $virgule = true; } else { $virgule = false; } if ($virgule) { $tri .= ", "; } // regarde si le champ est déjà dans la liste des champs à trier et le remplace si besoin $new_s = preg_replace("/$sortfield, /", "", $s); $new_s = preg_replace("/$sortfield/", "", $new_s); // ajoute la clause order by correcte $new_s = preg_replace("/order\s+by\s+/i", "order by $tri", $new_s); // replace l'ancienne chaîne par la nouvelle $valeur = str_replace($s, $new_s, $valeur); } else { $valeur .= " order by $tri"; } } print "".$msg['procs_ligne']." ".$cle." : ".$valeur."

"; if(static::$module != 'admin') { if ( (pmb_strtolower(pmb_substr($valeur,0,6))=="select") || (pmb_strtolower(pmb_substr($valeur,0,6))=="create") ) { } else { print "rqt=".$valeur."=
" ; error_message_history("Requête invalide","Vous ne pouvez tester que des requêtes de sélection",1); return array('state' => false, 'message' => 'invalid_query'); } } if (($pmb_procs_force_execution && $force_exec) || (($PMBuserid == 1) && $force_exec) || explain_requete($valeur)) { $res = @pmb_mysql_query($valeur); print pmb_mysql_error(); $nbr_lignes = @pmb_mysql_num_rows($res); $nbr_champs = @pmb_mysql_num_fields($res); if($nbr_lignes) { print ""; for($i=0; $i < $nbr_champs; $i++) { // ajout de liens pour trier les pages $fieldname = pmb_mysql_field_name($res, $i); $sortasc = "asc"; $sortdesc = "desc"; print(""); } for($i=0; $i < $nbr_lignes; $i++) { $row = pmb_mysql_fetch_row($res); print ""; foreach($row as $dummykey=>$col) { if(trim($col)=='') $col=" "; print ""; } print ""; } print "

${fieldname}
".$col."

"; } else { $ligne_affected=pmb_mysql_affected_rows(); print "
".$msg['admin_misc_lignes']." ".$ligne_affected; $err = pmb_mysql_error(); if ($err){ print "
$err"; }else{ if($ligne_affected){ $do_reindexation=true; } } print "

"; } } else { print "

".$valeur."

".$msg["proc_param_explain_failed"]."

".$erreur_explain_rqt; return array('state' => false, 'message' => 'explain_failed'); } } } // fin while if((static::$module == 'admin') && $do_reindexation){ print "

".$msg['admin_proc_reindex']."

"; } return array('state' => true, 'message' => ''); } public static function proceed() { global $msg; global $action; global $id_query; global $id; global $f_proc_name; global $f_proc_code; global $import_proc_tmpl; global $num_classement; print " "; switch($action) { case 'configure': $hp=new parameters($id_query,static::$table); $hp->show_config_screen(static::format_url("&action=update_config"),static::format_url()); break; case 'update_config': $hp=new parameters($id_query,static::$table); $hp->update_config(static::format_url()); break; case 'final': static::final_execute(); break; case 'execute': // form pour params et validation static::run_form($id); break; case 'modif': if($id) { if($f_proc_name && $f_proc_code) { // faire la modification static::update($id); show_procs(); } else { // afficher le form avec les bonnes valeurs print static::get_proc_form($id); } } else { show_procs(); } break; case 'add': if($f_proc_name && $f_proc_code) { static::create(); show_procs(); } else { print static::get_proc_form(); } break; case 'update': if($f_proc_name && $f_proc_code) { if($id) { // faire la modification static::update($id); } else { static::create(); } show_procs(); } break; case 'import': $import_proc_tmpl = str_replace("!!action!!", static::format_url("&action=importsuite".(!empty($num_classement) ? "&num_classement=".$num_classement : "")), $import_proc_tmpl); print $import_proc_tmpl ; break; case 'importsuite': static::importsuite(static::format_url("&action=modif&id=!!id!!"), static::format_url("&action=importsuite")) ; break; case 'del': if($id) { static::delete($id); static::optimize(); } show_procs(); break; default: show_procs(); break; } } public static function proceed_remote() { global $msg; global $action; global $do_import; global $id; global $pmb_procedure_server_address; switch($action) { case 'view_remote': if ($id) { $remote_procedure = new remote_procedure($id, static::$module, static::$table); $remote_procedure->display(); } break; case 'import_remote': if ($id) { if($do_import) { $remote_procedure = new remote_procedure($id, static::$module, static::$table); $remote_procedure->import(); if(static::class == 'procs') { show_procs(); } else { static::get_display_remote_lists(); } } else { $remote_procedure = new remote_procedure($id, static::$module, static::$table); print $remote_procedure->get_import_form(); } } break; case 'execute_remote': if ($id) { $remote_procedure = new remote_procedure($id, static::$module, static::$table); $remote_procedure->execute(); } break; case 'final_remote': if ($id) { $remote_procedure = new remote_procedure($id, static::$module, static::$table); $remote_procedure->final_execution(); //$execute_external <=> globale dans remote_procedure->final_execution //$execute_external_procedure <=> globale dans remote_procedure->final_execution //$param_proc_hidden <=> paramêtres en champ caché en cas de forçage static::final_execute(); } break; default: if (!$pmb_procedure_server_address) { echo $msg["remote_procedures_error_noaddress"]; break; } if(static::class == 'procs') { show_procs(); } else { static::get_display_remote_lists(); } break; } } public static function importsuite($retour, $retour_erreur) { global $msg, $current_module, $charset; global $PMBuserid, $num_classement; print "

".$msg['procs_title_form_import']."

"; $erreur=0; $userfile_name = $_FILES['f_fichier']['name']; $userfile_temp = $_FILES['f_fichier']['tmp_name']; $userfile_moved = basename($userfile_temp); $userfile_name = preg_replace("/ |'|\\|\"|\//m", "_", $userfile_name); // création if (move_uploaded_file($userfile_temp,'./temp/'.$userfile_moved)) { $fic=1; } if (!$fic) { $erreur=$erreur+10; } if ($fic) { $fp = fopen('./temp/'.$userfile_moved , "r" ); $contenu = fread ($fp, filesize('./temp/'.$userfile_moved)); if (!$fp || $contenu=="") $erreur=$erreur+100; ; fclose ($fp) ; } //import avec encodage taggé if(strpos($contenu,'#charset=iso-8859-1')!==false && $charset=='utf-8'){ //mise à jour de l'encodage du contenu $contenu = utf8_encode($contenu); //mise à jour de l'entête des paramètres $contenu = str_replace('', '', $contenu) ; }elseif(strpos($contenu,'#charset=utf-8')!==false && $charset=='iso-8859-1'){ //mise à jour de l'encodage du contenu $contenu = utf8_decode($contenu); //mise à jour de l'entête des paramètres $contenu = str_replace('', '', $contenu) ; } if ($userfile_name) { unlink('./temp/'.$userfile_moved); } $pos = strpos($contenu,'INSERT INTO '.static::$table.' set '); if (($pos === false) || ($pos>0)) { $erreur=$erreur+1000; ; } if (!$erreur) { // ajouter les droits pour celui qui importe if ($PMBuserid!=1) $contenu = str_replace("autorisations='1'", "autorisations='1 ".$PMBuserid."'", $contenu) ; pmb_mysql_query($contenu) ; if (pmb_mysql_error()) { echo pmb_mysql_error()."

".htmlentities($contenu,ENT_QUOTES, $charset)."

" ; die (); } $new_proc_id = pmb_mysql_insert_id(); //on importe au sein d'un classement $num_classement = intval($num_classement); if($num_classement) { pmb_mysql_query('UPDATE '.static::$table.' SET num_classement = "'.$num_classement.'" WHERE idproc = '.$new_proc_id); } $retour = str_replace("!!id!!",$new_proc_id,$retour); print ""; print ""; } else { print "

".$msg['procs_import_invalide']."

"; } print "

"; } public static function final_execute() { global $msg, $charset; global $id_query; global $query_parameters; global $execute_external; global $id; global $execute_external_procedure; global $force_exec; global $current_module; $is_external = isset($execute_external) && $execute_external; if ($is_external) { $nbr_lignes = 1; $idp = $id; $name = $execute_external_procedure->name; $code = $execute_external_procedure->sql; $commentaire = $execute_external_procedure->comment; } else { if(!$id_query) $id_query = 0; $hp=new parameters($id_query,static::$table); $param_proc_hidden=""; if (isset($hp->proc) && preg_match_all("|!!(.*)!!|U",$hp->proc->requete,$query_parameters)) { $hp->get_final_query(); $code=$hp->final_query; $id=$id_query; $param_proc_hidden=$hp->get_hidden_values();//Je mets les paramêtres en champ caché en cas de forçage $param_proc_hidden.=""; } else { $code = ''; } $requete = "SELECT * FROM ".static::$table." WHERE idproc=$id "; $res = pmb_mysql_query($requete); $nbr_lignes = pmb_mysql_num_rows($res); if($nbr_lignes) { $row = pmb_mysql_fetch_object($res); $idp = $row->idproc; $name = $row->name; if (!$code) $code = $row->requete; $commentaire = $row->comment; } $urlbase = static::format_url("&action=final&id=$id"); } if($nbr_lignes) { // récupération du résultat print ""; } else { print $msg["proc_param_query_failed"]; } } public static function final_explain_failed($id) { global $msg; global $execute_external; global $pmb_procs_force_execution; global $PMBuserid; if ($pmb_procs_force_execution || ($PMBuserid == 1)) { $is_external = isset($execute_external) && $execute_external; if(!$is_external){ $lien_force= static::format_url("&action=final&id=".$id."&force_exec=1"); }else{ $lien_force= static::format_url("&action=final_remote&id=".$id."&force_exec=1"); } print " "; } } public static function get_parameters_remote() { $allowed_proc_types = array("AP"); $types_selectaction = array( "AP" => ''); $testable_types = array( "AP" => true ); $type_titles = array( "AP" => "remote_procedures" ); return array( 'allowed_proc_types' => $allowed_proc_types, 'types_selectaction' => $types_selectaction, 'testable_types' => $testable_types, 'type_titles' => $type_titles ); } public static function get_display_remote_list($type="AP") { global $pmb_procedure_server_credentials, $pmb_procedure_server_address; global $msg; global $charset; $display = ''; $pmb_procedure_server_credentials_exploded = explode("\n", $pmb_procedure_server_credentials); if ($pmb_procedure_server_address && (count($pmb_procedure_server_credentials_exploded) == 2)) { $aremote_procedure_client = new remote_procedure_client($pmb_procedure_server_address, trim($pmb_procedure_server_credentials_exploded[0]), trim($pmb_procedure_server_credentials_exploded[1])); $procedures = $aremote_procedure_client->get_procs($type); if ($procedures) { $buf_contenu=""; if ($procedures->error_information->error_code) { $buf_contenu=$msg['remote_procedures_error_server'].":
".$procedures->error_information->error_string.""; $display .= gen_plus("procclass_remote",$msg["remote_procedures"],$buf_contenu); } else if (isset($procedures->elements)){ $current_set=""; foreach ($procedures->elements as $aprocedure) { if ($aprocedure->current_attached_set != $current_set) { $parity=0; $current_set = $aprocedure->current_attached_set; $buf_contenu .= ''.htmlentities($current_set, ENT_QUOTES, $charset).''; } if ($parity % 2) {$pair_impair = "even"; } else {$pair_impair = "odd";} $parity += 1; $tr_javascript=" onmouseover=\"this.className='surbrillance'\" onmouseout=\"this.className='$pair_impair'\" "; $buf_contenu.="\n id)."'\" /> id)."';\"> ".($aprocedure->untested ? "[".$msg["remote_procedures_procedure_non_validated"]."] " : '')."$aprocedure->name
$aprocedure->comment "; //if (preg_match_all("|!!(.*)!!|U",$row[2],$query_parameters)) $buf_contenu.="".$msg["procs_options_config_param"].""; $buf_contenu.=""; $buf_contenu.="id)."'\" /> "; } $buf_contenu="".$buf_contenu."

"; $display .= gen_plus("procclass_remote",$msg["remote_procedures"],$buf_contenu); } else { $buf_contenu="
".$msg["remote_procedures_no_procs"]."

"; $display .= gen_plus("procclass_remote",$msg["remote_procedures"],$buf_contenu); } } } print $display; } public static function get_display_remote_lists() { static::get_display_remote_list(); } public static function format_url($url='') { global $base_path; return $base_path."/".static::$module.".php?categ=proc&sub=proc".$url; } public static function get_name($id) { $query = "SELECT name FROM ".static::$table." WHERE idproc=".$id; $result = pmb_mysql_query($query); return pmb_mysql_result($result, 0, 0); } }