dateformat; if ($modDateFormat == "") {$modDateFormat="YYYY-MM-DD";} $requestObj = app_decodeJSON($txtRequest, false); $txt=app_getProperty($requestObj, "login"); if ($txt != "") { $userName=app_getProperty($txt, "f1"); if ($userName == "appmluser") { echo "{"; echo "\"appmluser\" : \"".app_getSession("appmluser")."\""; echo "}"; exit(); } $pwd=app_getProperty($txt, "f2"); $userAccess=app_getUserAccess($userName,$pwd,$modConfig); $loginmessage=""; if ($userAccess != "") {$nn=app_setSession($userName,$userAccess); $loginmessage="OK";} echo "{"; echo "\"loginmessage\" : \"".$loginmessage."\""; echo "}"; exit(); } //$txtAppModel=app_getProperty($requestObj, "appmodel"); $txtAppModel = $_GET["model"]; if ($txtAppModel == "") {app_error("APPML_ERR_MODEL_REQ");} $action=app_getProperty($requestObj,"action"); if ($action == "") {$action="GET";/*app_error("APPML_ERR_ACTION_REQ");*/} $keyValue=app_getProperty($requestObj,"appmlid"); $modelString = app_loadTextFromFile($txtAppModel); if ($modelString == "") {app_error("APPML_ERR_MODEL_REQ: ".$txtAppModel);} $txtModel = app_decodeJSON($modelString, false); if ($txtModel == "") {app_error("APPML_ERR_MODEL_ERR: ".$txtAppModel);} $txt=app_getProperty($txtModel, "dateformat"); if ($txt != "") {$modDateFormat=$txt;} $security=app_getProperty($txtModel, "security"); $cc=getUserAccess($security); if ($cc == "NOTLOGGEDIN") {app_error("APPML_ERR_NO_LOGIN");} if ($cc != "OK") {app_error("APPML_ERR_NOT_AUTHORIZED");} $modDatabase=app_getProperty($txtModel, "database"); if ($modDatabase != "") { $dataSource="database"; $dbConnection=app_getDbConnection(app_getProperty($modDatabase, "connection"),$modConfig->databases); $mainTable=app_getProperty($modDatabase, "maintable"); $sql=app_getProperty($modDatabase, "sql"); $keyField=app_getProperty($modDatabase, "keyfield"); if ($keyField!="") { $keyCounter=1; $keyType=app_getProperty($modDatabase, "keytype"); if ($keyType=="") {$keyType="number";} if ($keyValue == "") {$keyValue = "NULL";} } $items=app_getProperty($modDatabase, "execute"); $nn=app_executeSQL($dbConnection,$items); } else { $modData=app_getProperty($txtModel, "data"); if ($modData != "") { $keyField=""; $dataSource=app_getProperty($modData, "type"); } if ($dataSource != "") { $filePath=app_getProperty($modData, "filename"); $fPath=app_getProperty($modData, "record"); $arr=app_getProperty($modData, "items"); $fCount=app_arrayLength($arr); for ($i=0; $i<$fCount; $i++) { $fName[$i]=app_getProperty($arr[$i], "name"); $fType[$i]=app_getProperty($arr[$i], "type"); if ($fType[$i] == "") {$fType[$i]="text";} $fNodeName[$i]=app_getProperty($arr[$i], "nodename"); $fNo[$i]=app_getProperty($arr[$i], "index"); } } } if ($dataSource == "") {app_error("APPML_ERR_DATASOURCE_REQ");} if ($action == "GET") { $displayType=app_getProperty($requestObj,"displayType"); if ($displayType == "") {$displayType="list";} $txt=app_getProperty($requestObj,"totalRecCounter"); if ($txt == 0 || $txt != "") {$totalCounter=intval($txt);} $txt=app_getProperty($requestObj, "rowsperpage"); if ($txt != "") { $maxLines=intval($txt); } else { $txt=app_getProperty($txtModel, "rowsperpage"); if ($txt != "") { $maxLines=intval($txt); } } $txt=app_getProperty($requestObj, "fromrec"); if ($txt != "") {$recPos=intval($txt);} $requestQuery=app_getProperty($requestObj, "filters"); if ($displayType == "form") {$maxLines=1;} $dataOut=""; if ($dataSource == "database") { if ($sql != "") { $dataOut=app_getData($modDatabase,$modConfig,$txtModel,$modDateFormat,$sql,$keyField,$keyValue,$keyCounter,$requestQuery,$recPos,$maxLines,$totalCounter); } } if ($dataSource == "xmlfile" || $dataSource == "csvfile" || $dataSource == "jsonfile") { if ($dataSource == "jsonfile") { $i=0; try { $cc=json_decode(file_get_contents($filePath), true); } catch (Exception $e) { app_error("APPML_ERR_ERROR: ".$e); } $arr = $cc[$fPath]; $totalCounter = count($arr); } else if ($dataSource == "csvfile") { $i=0; try { $lines=file($filePath); foreach ($lines as $value) { $i++; $arr[$i] = $value; } } catch (Exception $e) { app_error("APPML_ERR_ERROR: ".$e); } $totalCounter=$i; } else { $xmldoc=app_loadTextFromFile($filePath); $arr=app_getElementArray($xmldoc, $fPath); $totalCounter=app_arrayLength($arr); } $fromRec=$recPos; $toRec=app_setToPosition($fromRec,$maxLines); if ($totalCounter<$toRec) {$toRec=$totalCounter;} if ($recPos=="-1") { $fromRec=$totalCounter-$maxLines+1; $toRec=$totalCounter; } if ($keyValue != "") { $i=intval($keyValue); $fromRec=$i; $toRec=$i; } for ($i=$fromRec; $i<=$toRec; $i++) { for ($j=0; $j<$fCount; $j++) { if ($dataSource == "csvfile") { $startpos=1; for ($k=1; $k<=$fNo[$j] + 1; $k++) { $pos[$k]=_instr($startpos,$arr[$i],",",0); $startpos=$pos[$k] + 1; } if ($fNo[$j] == 1) { $lastpos=0;} else { $lastpos=$pos[$fNo[$j]-1]; } $thispos=$pos[$fNo[$j]]; if ($thispos < 1) { $cc="";} else {$cc=substr($arr[$i],$lastpos,$thispos-$lastpos-1); } } else if ($dataSource == "jsonfile") { $cc=$arr[$i-1][$fNodeName[$j]]; } else { $cc=app_getElementValue($arr[$i], $fNodeName[$j]); } $fValue[$j]=$cc; } $dataOut.=app_getRecordAsJSON($fName, $fType, $fValue, $fCount); if ($i<$toRec) {$dataOut.=",";} } $cc=", \"recPos\" : ".$fromRec; $cc.=", \"fromRec\" : ".$fromRec; $cc.=", \"toRec\" : ".$toRec; $cc.=", \"totalRecCounter\" : ".$totalCounter; $cc.=", \"records\" : [".$dataOut."]"; $dataOut=$cc; } echo "{"; echo "\"user\" : 0"; echo $dataOut; echo ", \"dateFormat\" : \"".$modDateFormat."\""; if ($keyField!="") {echo ", \"keyField\" : \"".$keyField."\"";} $cc = strpos($modelString, "{"); if ($cc !== false) { $modelString = substr_replace($modelString, "", $cc, strlen("}")); } $modelString = strrev(implode(strrev(""), explode("}", strrev($modelString), 2))); echo ", ".$modelString; echo "}"; exit(); } if ($action != "UPDATE" and $action != "ADD" and $action != "DELETE") {app_error("APPML_ERR_ILLEGAL_ACTION: ".$action);} $updItem=app_getProperty($txtModel, "updateItems"); if ($updItem == "") {app_error("APPML_ERR_ILLEGAL_ACTION: ".$action);} if (getUserAccess($security) <> "OK") {app_error("APPML_ERR_NOT_AUTHORIZED");} if ($action == "DELETE") { if (strtoupper(app_getProperty($txtModel, "delete")) == "FALSE") {app_error("APPML_ERR_ILLEGAL_ACTION: "."DELETE");} $x=app_dbDelete($dbConnection,$mainTable,$keyField,$keyValue); echo "{"; echo "\"updatemessage\" : \"".$x." APPML_MESSAGE_RECORD_DELETED\""; echo "}"; // echo ($x." APPML_MESSAGE_RECORD_DELETED"); exit(); } if ($action == "ADD") { if (strtoupper(app_getProperty($txtModel, "addnew")) == "FALSE") {app_error("APPML_ERR_ILLEGAL_ACTION: "."INSERT");} } $fieldCounter=0; $txt=app_getProperty($requestObj, "record"); if ($txt != "") { $names=app_getProperty($txt, "items"); $values=app_getProperty($txt, "values"); //$types=app_getProperty($txt, "items"); $fieldCounter=app_arrayLength($updItem); } for ($j=0; $j<$fieldCounter; $j++) { if (strtolower($names[$j]) != strtolower(app_getProperty($updItem[$j], "item"))) {app_error("APPML_ERR_DATAMODEL");} if (trim($values[$j]) == "") { $values[$j]=""; // DBNULL } //else { //if ($types[$j]="number") { // $decsep=app_getSysDecSep(); // $values[$j]=str_replace(",",$decsep,$values[$j]); // $values[$j]=str_replace(".",$decsep,$values[$j]); //} //} } /*for ($i=1; $i<=$ctrlItemCounter; $i++) { for ($j=0; $j<$fieldCounter; $j++) { if ($names[$j] == $ctrlItemName[$i]) { if ($ctrlItemMin[$i] != "") { $x=$values[$j]; $y=$ctrlItemMin[$i]; if (is_numeric($x)) {$x=intval($x);} if (is_numeric($y)) {$y=intval($y);} if (app_isDate($x)) {$x=app_cDate($x);} if (app_isDate(app_reformatDate($y,$modDateFormat))) {$y=app_cDate(app_reformatDate($y,$modDateFormat));} if ($x < $y) {app_error("APPML_ERR_INPUT_MIN: ".$names[$j].",".$ctrlItemMin[$i]);} } if ($ctrlItemMax[$i] != "") { $x=$values[$j]; $y=$ctrlItemMax[$i]; if (is_numeric($x)) {$x=intval($x);} if (is_numeric($y)) {$y=intval($y);} if (app_isDate($x)) {$x=app_cDate($x);} if (app_isDate(app_reformatDate($y,$modDateFormat))) {$y=app_cDate(app_reformatDate($y,$modDateFormat));} if ($x > $y) {app_error("APPML_ERR_INPUT_MAX: ".$names[$j].",".$ctrlItemMax[$i]);} } if ($ctrlItemRequired[$i] == 1) { $x=$values[$j]; if ($x == "") {app_error("APPML_ERR_INPUT_REQUIRED: ".$names[$j]);} } } } }*/ if ($action == "ADD") { $nn=app_dbAddNew($dbConnection,$mainTable,$fieldCounter,$names,$values); echo "{"; echo "\"updatemessage\" : \"1 APPML_MESSAGE_RECORD_ADDED\", "; echo "\"updateID\" : ".$nn; echo "}"; // echo $nn; exit(); } $sql="SELECT "; for ($i=0; $i<$fieldCounter; $i++) { if ($i > 0) {$sql.=",";} $sql.=add_brackets($names[$i]); } $sql.=" from ".add_brackets($mainTable)." WHERE ".add_brackets($mainTable).".".add_brackets($keyField)."=@0;"; $paramCount=1; $params[1]=$keyValue; $dbRecordset=app_dbRead($dbConnection, $sql, $paramCount, $params); $fCount=0; $row=$dbRecordset->fetch_array(MYSQLI_BOTH); while ($x = $dbRecordset->fetch_field()) { for ($j=0;$j<$fieldCounter;$j++) { if (strtoupper($x->name)==strtoupper($names[$j])) { $fieldtype=app_getType($x->type); $fieldvalue=app_getDBfield($row, $names[$j], $fieldtype); if ($fieldvalue != $values[$j]) { $fCount++; $fieldlist[$fCount]=$names[$j]; $valuelist[$fCount]=$values[$j]; } } } } $dbRecordset->close(); $nn=app_dbUpdate($dbConnection,$mainTable,$fCount,$fieldlist,$valuelist,$keyField,$keyValue); echo "{"; echo "\"updatemessage\" : \"".$nn." APPML_MESSAGE_RECORD_UPDATED\""; echo "}"; //echo $nn." APPML_MESSAGE_RECORD_UPDATED"; exit(); //''''''''''''''''''''''''''''''''''''''''''''''''''''' function app_setToPosition($from,$lines) { $to=$from + $lines-1; if ($lines == 0) {$to=$lines;} return $to; } function app_getRecordAsJSON($fieldName, $fieldType, $fieldValue, $numb) { $x="{"; for ($i=0; $i<$numb; $i++) { $val=$fieldValue[$i]; $n=""; for ($j=0; $j") {$c="#1002;";} if ($c == "&") {$c="#1003;";} $n.=$c; } $x.="\"".$fieldName[$i]."\" : \"".$n."\""; if ($i<$numb-1) $x.=","; } $x.="}"; return $x; } function appml_GetQueryWhere($txtParam,$filter,$requestFilter,&$paramCount,&$params) { $legalQueryField=array(); $legalQueryFieldType=array(); $qvalue=array(); $qvaluecount=0; $where=$txtParam; $legalQueryFieldcount=0; $txt=$filter; if ($txt != "") { $l=app_arrayLength($txt); for ($i=0; $i<$l; $i++) { $legalQueryField[$i]=app_getProperty($txt [$i], "item"); $legalQueryFieldType[$i]=app_getProperty($txt [$i], "type"); } } $legalQueryFieldcount=app_arrayLength($legalQueryField); $arr=""; if ($requestFilter) {$arr=$requestFilter->queryFields; } $l=app_arrayLength($arr); for ($j=0; $j<$l; $j++) { $qOK=1; $qlabel=""; $qvaluecount=0; $qoper=""; $qname=$arr[$j]; $qlabel=""; $valuearr=$requestFilter->queryValues[$j]; $ll=app_arrayLength($valuearr); for ($i=0; $i<$ll; $i++) { $qvaluecount++; $qvalue[$i]=$valuearr[$i]; } $qoper=$requestFilter->queryOperators[$j]; $queryOK=0; for ($i=0; $i<$legalQueryFieldcount; $i++) { if (strtolower($qname) == strtolower($legalQueryField[$i])) { $qtype=$legalQueryFieldType[$i]; $queryOK=1; break; } } if ($queryOK == 0) {app_error("APPML_ERR_ILLEGAL_QUERY: ".$qname);} for ($i=0; $i<$qvaluecount; $i++) { if ($qvalue[$i] == " ") {$qvalue[$i]=" ";} if ($qlabel == "") {$qlabel=$qname;} if ($qoper == "") {$qoper="=";} if ($qoper == "0") {$qoper="=";} if ($qoper == "1") {$qoper="<>";} if ($qoper == "2") {$qoper="<";} if ($qoper == "3") {$qoper=">";} if ($qoper == "4") {$qoper="<=";} if ($qoper == "5") {$qoper=">=";} if ($qoper == "6") {$qoper="%";} if ($qoper == "10") {$qoper="==";} if ($qoper == "11") {$qoper="!=";} if ($qvalue[$i] != "") { $qvalue[$i]=remove_quotes($qvalue[$i]); if ($where == "") {$where=" (";} else { if ($i == 0) {$where.=" AND (";} else { if ($qoper == "=" || $qoper == "==" || $qoper == "%") { $where.=" OR "; } else {$where.=" AND ";} } } if ($qtype == "number" || $qtype == "date") { if ($qOK == 1) { $xqoper=$qoper; if ($xqoper == "==") {$xqoper="=";} if ($xqoper == "!=") {$xqoper="<>";} $where.="(".add_brackets($qname).$xqoper."@".(string)$paramCount.")"; $paramCount++; $params[$paramCount]=$qvalue[$i]; } else {$where.=" (".add_brackets($qname).">0 AND ".add_brackets($qname)."<0)";} } else { if ($qvalue[$i] == " ") { if ($qoper == "=" || $qoper == "==") {$where.="(".add_brackets($qname)."='')";} if ($qoper == "<>" || $qoper == "!=") {$where.="(".add_brackets($qname)."<>'')";} if ($qoper == "<" || $qoper == ">" || $qoper == "<=" || $qoper == ">=") { $where.="(".add_brackets($qname).$qoper."'')";} if ($qoper == "%") {$where.="(".add_brackets($qname)." LIKE '% %')";} } else { if ($qoper == "=") { $where.="(".add_brackets($qname)." LIKE @".(string)$paramCount.")"; $paramCount++; $params[$paramCount]=$qvalue[$i].'%'; } if ($qoper == "==") { $where.="(".add_brackets($qname)." = @".(string)$paramCount.")"; $paramCount++; $params[$paramCount]=$qvalue[$i]; } if ($qoper == "<" || $qoper == ">") { $where.="(".add_brackets($qname).$qoper." @".(string)$paramCount.")"; $paramCount++; $params[$paramCount]=$qvalue[$i]; } if ($qoper == "<>") { $where.="(".add_brackets($qname).$qoper."@".(string)$paramCount." AND ".add_brackets($qname)." NOT LIKE @".(string)($paramCount+1).")"; $paramCount++; $params[$paramCount]=$qvalue[$i]; $paramCount++; $params[$paramCount]=$qvalue[$i].'%'; } if ($qoper == "!=") { $where.="(".add_brackets($qname)."<> @".(string)$paramCount.")"; $paramCount++; $params[$paramCount]=$qvalue[$i]; } if ($qoper == "<=" || $qoper == ">=") { $where.="(".add_brackets($qname).$qoper." @".(string)$paramCount." OR ".add_brackets($qname)." LIKE @".(string)($paramCount+1).")"; $paramCount++; $params[$paramCount]=$qvalue[$i]; $paramCount++; $params[$paramCount]=$qvalue[$i].'%'; } if ($qoper == "%") { $where.="(".add_brackets($qname)." LIKE @".(string)$paramCount.")"; $paramCount++; $params[$paramCount]='%'.$qvalue[$i].'%'; } } } } if ($i == ($qvaluecount-1)) {$where.=")";} } } return $where; } function appml_GetOrderby($txtOrderby,$txtsortitems,$requestFilter) { $legalOrderbyField=array(); $legalOrderbyDir=array(); $osfield=array(); $osdir=array(); $legalOrderbyFieldcount=0; $orderby=""; $txt=$txtsortitems; if ($txt != "") { $l=app_arrayLength($txt); for ($i=0; $i<$l; $i++) { $legalOrderbyField[$i]=app_getProperty($txt[$i], "item"); $legalOrderbyDir[$i]="asc"; } } $legalOrderbyFieldcount=app_arrayLength($legalOrderbyField); $arr=""; if ($requestFilter) {$arr=$requestFilter->orderBys; } $l=app_arrayLength($arr); for ($i=0; $i<$l; $i++) { $osfield[$i]=$arr[$i]; $osdir[$i]=$requestFilter->orderByDirections[$i]; } $orderselect=""; $l=app_arrayLength($osfield); for ($i=0; $i<$l; $i++) { if ($osfield[$i] != "") { $orderbyOK=0; for ($j=0; $j<$legalOrderbyFieldcount; $j++) { if (trim($osfield[$i]) == trim($legalOrderbyField[$j])) { $orderbyOK=1; break; } } if ($orderbyOK == 1) { if ($orderselect != "") {$orderselect.=",";} $orderselect.=" ".$osfield[$i]." ".$osdir[$i]; } } } if ($orderselect != "" && $orderby != "") { $orderby=$orderselect.", ".$orderby; } else { if ($orderselect != "" && $orderby == "") { $orderby=$orderselect; } } if ($orderby == "") { $orderby=$txtOrderby; } if ($orderby != "") { $orderby=" ORDER BY ".$orderby; } return $orderby; } function add_brackets($txt) {return $txt;} function app_formatDate($txt, $appformat) { if (app_nullTest($txt)) { return ""; } if (trim($txt) == "") { return ""; } $date=date_create($txt); $y=date_format($date,"Y"); $m=date_format($date,"m"); $d=date_format($date,"d"); $h=date_format($date,"H"); $n=date_format($date,"i"); $s=date_format($date,"s"); $c=substr($y,2,2); if (strlen($m) < 2) {$m="0".$m;} if (strlen($d) < 2) {$d="0".$d;} if (strlen($h) < 2) {$h="0".$h;} if (strlen($n) < 2) {$n="0".$n;} if (strlen($s) < 2) {$s="0".$s;} $t=$appformat; $t=str_replace("yyyy",$y,$t); $t=str_replace("mm",$m,$t); $t=str_replace("dd",$d,$t); $t=str_replace("yy",$c,$t); $t=str_replace("hh",$h,$t); $t=str_replace("nn",$n,$t); $t=str_replace("ss",$s,$t); return $t; } function app_getSQLDateFormat() { return "yyyy-mm-dd"; } function getUserAccess($security) { $ret = ""; $userAccess = ""; if (app_nullTest($security)) { $sec = ""; } else { $sec = strtoupper($security); } if ($sec == "") { $ret = "OK"; } else { $sec = trim($sec); $userAccess = app_getSession("appmlaccess"); if ($userAccess == "") { return "NOTLOGGEDIN"; } else { $ARR = explode(",", $userAccess); foreach ($ARR as $x) { $z = trim(strtoupper($x)); if ($sec == $z) { return "OK"; } } } } return $ret; } function app_error($errtxt) { echo "{\"error\" : \"".$errtxt."\"}"; exit(); return; } function app_reformatDate($txt,$dtype) { $ret=""; if ($txt != "") { $d=substr($txt,_instr(0,$dtype,"dd",0)-1,2); $m=substr($txt,_instr(0,$dtype,"mm",0)-1,2); $y=substr($txt,_instr(0,$dtype,"yyyy",0)-1,4); $ret=$y."-".$m."-".$d; } return $ret; } function remove_quotes($ttt) { $out=""; if (app_nullTest($ttt)) {return "";} for ($i=1; $i<=strlen($ttt); $i++) { $c=substr($ttt,$i-1,1); if ($c == "'") {$c="''";} $out.=$c; } return $out; } function app_getElementValue($element, $id) { $res=""; $uelement=strtoupper($element); $uid=strtoupper($id); $ipos1=_instr(0,$uelement,"<".$uid,0); if ($ipos1 > 0) { $ipos2=_instr(0,substr($uelement,$ipos1-1),">",0); $ipos3=_instr(0,$uelement,"",0); if ($ipos2 > 0 && $ipos3 > $ipos1) { $res=trim(substr($element,$ipos1 + $ipos2-1,$ipos3-$ipos2-$ipos1)); } } return $res; } function app_getElement($element, $id) { $uelement=strtoupper($element); $uid=strtoupper($id); $ipos1=_instr(0,$uelement,"<".$uid,0); $ipos3=_instr(0,$uelement,"",0); $res=""; if ($ipos1 > 0) { if ($ipos3 > $ipos1) { $res=substr($element,$ipos1-1,$ipos3-$ipos1 + strlen($id) + 3); } else { $ipos3=_instr(0,substr($uelement,$ipos1-1),"/>",0); if ($ipos3 > 0) { $res=substr($element,$ipos1-1,$ipos3 + 1); } } } return $res; } function app_getAttribute($element, $attribute) { $txt=$element; $res=""; $tst=34; $ipos=_instr(0,$txt," ".$attribute."=".chr($tst),0); if ($ipos == 0) { $tst=39; $ipos=_instr(0,$txt," ".$attribute."=".chr($tst),0); } if ($ipos != 0) { $txt=substr($txt,$ipos + strlen($attribute) + 2); $ipos=_instr(0,$txt,chr($tst),0); if ($ipos > 1) { $res=substr($txt,0,$ipos-1); } } return $res; } function app_getElementArray($element, $id) { $x=array(); $uid=strtoupper($id); $xelement=$element; $l=0; for ($i=1; $i<=10000; $i++) { $uelement=strtoupper($xelement); $ipos1=_instr(0,$uelement,"<".$uid,0); $ipos3=_instr(0,$uelement,"",0); if ($ipos1 > 0 && $ipos3 > $ipos1) { $l++; $x[$l]=substr($xelement,$ipos1-1,$ipos3-$ipos1 + strlen($id) + 3); $xelement=substr($xelement,$ipos3 + strlen($id) + 2); } else { break; } } return $x; } function app_arrayLength($arr) { if (is_array($arr)) { return count($arr); } return 0; } function app_getSysDecSep() { $decsep=1 / 2; $decsep=($decsep); $decsep=substr($decsep,1,1); return $decsep; } function app_readRequest() { $tmp=""; $file=fopen("php://input","r") or exit("Unable to open file!"); while (!feof($file)) {$tmp=$tmp.fgetc($file);} fclose($file); return $tmp; } function app_loadTextFromFile($fname) { $tmp=""; $ext=".js"; if (_instr(0,$fname,".",0) > 0) {$ext="";} if (!file_exists($fname.$ext)) {app_error("No such file or directory: $fname.$ext"); } return file_get_contents($fname.$ext); /*$lines=file($fname.$ext); foreach ($lines as $value) { if (!$tmp) {$tmp = $value;} else {$tmp=$tmp.$value;} } return $tmp;*/ } function app_nullTest($x) { $cc=false; if (!isset($x)) {$cc=true;} else { if (empty($x)) {$cc=true;} } return $cc; } function app_setSession($nam, $acc) { $_SESSION["appmluser"]=$nam; $_SESSION["appmlaccess"]=$acc; return 0; } function app_getSession($nam) { if (isset($_SESSION[$nam])) { return $_SESSION[$nam]; } return ""; } function app_getUserAccess($userName,$pwd,$modConfig) { $nn=app_setSession("",""); $userAccess = ""; if ($userName == "" || $pwd == "") {return $userAccess;} if (isset($modConfig->users)) { $userArr = $modConfig->users; $ll = count($userArr); for ($ii = 0; $ii < $ll; $ii++) { if ($userArr[$ii]->username == $userName && $userArr[$ii]->password == $pwd) { $arr = $userArr[$ii]->roles; $lll = count($arr); $userAccess = ""; for ($iii = 0; $iii < $lll; $iii++) { if ($userAccess != "") {$userAccess.=",";} $userAccess .= $arr[$iii]; } } } } else { if (isset($modConfig->securitydb)) { $database = $modConfig->securitydb; if ($database != "") { //$sql="SELECT AppmlRoles.Name FROM ((AppmlUserRoles"; //$sql.= " LEFT JOIN AppmlUsers ON AppmlUserRoles.UserID=AppmlUsers.UserID)"; //$sql.=" LEFT JOIN AppmlRoles ON AppmlUserRoles.RoleID=AppmlRoles.RoleID)"; //$sql.=" WHERE AppmlUsers.Email=@0 AND AppmlUsers.Pass=@1;"; $sql = $database->sql; $dbConnection=app_getDbConnection("", $database); $paramCount=2; $params[1]=$userName; $params[2]=$pwd; $dbRecordset=app_dbRead($dbConnection,$sql,$paramCount,$params); $userAccess=""; $totalCounter=app_dbRowcount($dbRecordset); if ($totalCounter==0) {app_error("APPML_ERR_NOT_AUTHORIZED");} $row=$dbRecordset->fetch_array(MYSQLI_BOTH); $nn=0; while ($nn < $totalCounter) { $nn++; if ($userAccess != "") {$userAccess.=",";} $userAccess.=$row[0]; $row=$dbRecordset->fetch_array(MYSQLI_BOTH); } $dbRecordset->close(); } } } return $userAccess; } function app_dbRead($conn,$sql,$count,$p) { $xarr=array(); $xsql=app_prepSQL($sql,$count); $stmt=$conn->stmt_init(); $stmt->prepare($xsql); if ($count>0) { $xarr[0]=""; for ($j=1;$j<=$count;$j++) { $xarr[0].="s"; $xarr[$j]=&$p[$j]; } call_user_func_array(array($stmt,'bind_param'), $xarr); } if (!$stmt->execute()) {app_error($conn->error);} if (!$dbRecordset = $stmt->get_result()) {app_error($conn->error);} return $dbRecordset; } function app_executeSQL($conn,$sql) { $xcount=app_arrayLength($sql); for ($i=0; $i<$xcount; $i++) { //$sql[$i]=iconv("ISO-8859-1", "UTF-8//TRANSLIT", $sql[$i]); if (!$conn->query($sql[$i])) {app_error($conn->error." ".$sql[$i]);} } return; } function app_dbUpdate($conn,$table,$count,$fields,$values,$keyField,$keyValue) { $xarr=array(); if ($count==0) {return 0;} $sql="UPDATE ".$table." SET "; $xarr[0]=""; for ($i=1;$i<=$count;$i++) { $xarr[0].="s"; $xarr[$i]=&$values[$i]; $sql=$sql.$fields[$i]."=@".(string)($i-1)." "; if ($i!=$count) {$sql=$sql.",";} } $xarr[0].="s"; $xarr[$count+1]=&$keyValue; $sql=$sql." WHERE ".$keyField."=@".(string)($count)." "; $sql=app_prepSQL($sql,$count+1); $stmt=$conn->stmt_init(); $stmt->prepare($sql); call_user_func_array(array($stmt,'bind_param'), $xarr); if (!$stmt->execute()) {app_error($conn->error." ".$sql);} $num=$conn->affected_rows; $conn->close(); return $num; } function app_dbAddNew($conn,$table,$count,$fields,$values) { $xarr=array(); $sql="INSERT INTO ".$table."("; for ($i=0;$i<$count;$i++) { $sql=$sql.$fields[$i]; if ($i<$count-1) {$sql=$sql.",";} } $sql=$sql.") VALUES ("; $xarr[0]=""; for ($i=1;$i<=$count;$i++) { $xarr[0].="s"; $sql.="@".(string)($i-1); $xarr[$i]=&$values[$i-1]; if ($i!=$count) {$sql=$sql.",";} } $sql=$sql.");"; $sql=app_prepSQL($sql,$count); $stmt=$conn->stmt_init(); $stmt->prepare($sql); call_user_func_array(array($stmt,'bind_param'), $xarr); if (!$stmt->execute()) {app_error($conn->error." ".$sql);} $num=$stmt->insert_id; $conn->close(); return $num; } function app_dbDelete($conn,$mainTable,$keyField,$keyValue) { $sql="DELETE FROM ".add_brackets($mainTable)." WHERE ".$keyField."=@0;"; $sql=app_prepSQL($sql,1); $stmt=$conn->stmt_init(); $stmt->prepare($sql); $stmt->bind_param('s',$keyValue); if (!$stmt->execute()) {app_error($conn->error." ".$sql);} $num=$conn->affected_rows; $conn->close(); return $num; } function app_getDbConnection($dbcon,$model) { $arr = array(); $xdbcon = strtoupper($dbcon); $arr = $model; $txt = ""; if (is_array($arr)) { $l = app_arrayLength($arr); for ($i = 0; $i < $l; $i++) { $x = $arr[$i]->connection; if (strtoupper($x) == $xdbcon) { $txt = $arr[$i]; break; } } } else { $txt = $arr; } if ($txt=="") {app_error("APPML_ERR_UKNOWN_DB: ".$dbcon);} $dbHost=$txt->host; $dbName=$txt->dbname; $dbUser=$txt->username; $dbPass=$txt->password; $conn = new mysqli($dbHost,$dbUser,$dbPass,$dbName); if (mysqli_connect_errno()) { app_error("Failed to connect to MySQL: " . mysqli_connect_error()); } $conn->set_charset('utf8'); return $conn; } function app_getDBfield($row, $fnam, $typ) { $x=""; try { $x=$row[$fnam]; if (app_nullTest($x)) {$x="";} else { if ($typ == "date") { $x=app_formatDate($x, app_GetSQLDateFormat());} else {$x=(string)$x;} } } catch (Exception $e){$x="";} return $x; } function app_dbRowcount($recset) { return $recset->num_rows; } function app_prepSQL($sql,$count) { $mysql=$sql; for ($i=1;$i<=$count;$i++) { $mysql=str_replace("@".(string)($i-1),"?",$mysql); } return $mysql; } function app_getType($txt) { $ret="number"; if ($txt==252) {$ret="binary";} if ($txt==7 || $txt==10 || $txt==11 || $txt==12 || $txt==13) {$ret="date";} if ($txt==253 || $txt==254) {$ret="string";} return $ret; } function app_isDate($x) {$x=true;} function app_cDate($x) {return strtotime($x);} // Helper Function function _instr($start,$str1,$str2,$mode) { if ($mode) { $str1=strtolower($str1); $str2=strtolower($str2); } $retval=strpos($str1,$str2,$start); return ($retval===false) ? 0 : $retval+1; } function app_decodeJSON($txt, $bool) { try { $jsonObj = json_decode($txt, $bool); } catch (Exception $e) { $jsonObj = ""; } return $jsonObj; } function app_getProperty($obj, $prop) { if (isset($obj->$prop)) { return $obj->$prop; } return ""; } function app_getData($modDatabase,$modConfig,$txtModel,$modDateFormat,$sql,$keyField, $keyValue,$keyCounter,$requestQuery,$recPos,$maxLines,$totalCounter) { $params=array(); $fName=array(); $fValue=array(); $fType=array(); $mainTable=app_getProperty($modDatabase, "maintable"); $paramCount=0; $txtWhere=app_getProperty($modDatabase, "where"); $txtOrderby=app_getProperty($modDatabase, "orderby"); $fromRec=$recPos; $toRec=app_setToPosition($fromRec,$maxLines); $dbConnection=app_getDbConnection(app_getProperty($modDatabase, "connection"),$modConfig->databases); $dataOut=""; if ($keyValue!="") { if ($keyCounter==0) {app_error("APPML_ERR_KEYFIELD_REQ");} if ($mainTable=="") {app_error("APPML_ERR_MAINTABLE_REQ");} if ($keyValue=="NULL") {$keyValue="-1";} $sql=$sql . " WHERE " . add_brackets($mainTable) . "." . add_brackets($keyField) . "=@0;"; $paramCount=1; $params[1]=$keyValue; } else { $txtFilter=app_getProperty($txtModel, "filteritems"); $cc=appml_GetQueryWhere($txtWhere,$txtFilter,$requestQuery,$paramCount,$params); if ($cc!="") {$sql=$sql . " WHERE " . $cc;} if ($totalCounter==0) { //$dbRecordset=app_dbRead($dbConnection,$sql." LIMIT 500",$paramCount,$params); $dbRecordset=app_dbRead($dbConnection,$sql,$paramCount,$params); $totalCounter=app_dbRowcount($dbRecordset); $dbRecordset->close(); } if ($toRec==0) {$toRec=$totalCounter;} if ($recPos=="-1") { $fromRec=$totalCounter-$maxLines+1; $toRec=$totalCounter; } $txtsortitems=app_getProperty($txtModel, "sortitems"); $cc=appml_GetOrderby($txtOrderby,$txtsortitems,$requestQuery); if ($cc!="") {$sql=$sql . $cc;} //$sql=$sql." LIMIT ".$toRec; } $dbRecordset=app_dbRead($dbConnection,$sql,$paramCount,$params); if ($keyValue!="") { $totalCounter=app_dbRowcount($dbRecordset); } $fCount=$dbRecordset->field_count; $i=0; while ($x=$dbRecordset->fetch_field()) { $fType[$i]=app_getType($x->type); $fName[$i]=$x->name; $fValue[$i]=""; $i++; } $row=$dbRecordset->fetch_array(MYSQLI_BOTH); $nn=0; while ($nn<$totalCounter) { $nn=$nn+1; if ($nn>=$fromRec and $nn<=$toRec) { $cc=""; $i=count($row)/2; for ($j=0; $jfetch_array(MYSQLI_BOTH); } if ($keyValue!="") {$totalCounter=$nn;} if ($totalCounter<$toRec) {$toRec=$totalCounter;} if ($nn==0 or $recPos=="0") { $totalCounter=0; $dataOut=$dataOut . app_getRecordAsJSON($fName,$fType,$fValue,$fCount); } $dbRecordset->close(); $cc= <<