Go to the documentation of this file.00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00017 class sqlquery implements module {
00018 private $userId;
00019 private $moduleComponentId;
00020 private $action;
00021
00022 public function getHtml($userId, $moduleComponentId, $action) {
00023 $this->userId = $userId;
00024 $this->moduleComponentId = $moduleComponentId;
00025 $this->action = $action;
00026
00027 switch($action) {
00028 case 'view':
00029 return $this->actionView();
00030 case 'edit':
00031 return $this->actionEdit();
00032 }
00033 }
00034
00035 public function actionView() {
00036 $sqlQueryQuery = 'SELECT `sqlquery_title`, `sqlquery_query` FROM `sqlquery_desc` WHERE `page_modulecomponentid` = ' . $this->moduleComponentId;
00037 $sqlQueryResult = mysql_query($sqlQueryQuery);
00038 if(!$sqlQueryResult) {
00039 displayerror('Database error. An unknown error was encountered while trying to load page data.');
00040 return '';
00041 }
00042 $sqlQueryRow = mysql_fetch_row($sqlQueryResult);
00043 if(!$sqlQueryRow) {
00044 displayerror('Database error. Could not find data for the page requested.');
00045 return '';
00046 }
00047
00048 $pageTitle = $sqlQueryRow[0];
00049 $pageQuery = $sqlQueryRow[1];
00050
00051 $pageContent = "<h2>$pageTitle</h2><br />\n";
00052 return $pageContent . $this->generatePageData($pageQuery);
00053 }
00054
00055 public function actionEdit() {
00056 $editPageContent = '';
00057 $paramSqlQuery = '';
00058 $paramPageTitle = '';
00059 $useParams = false;
00060
00061 if(isset($_POST['btnSubmitQueryData'])) {
00062 if(!isset($_POST['pagetitle']) || !isset($_POST['sqlquery']))
00063 displayerror('Error. Incomplete form data.');
00064 $pageTitle = $_POST['pagetitle'];
00065 $sqlQuery = $_POST['sqlquery'];
00066 if($this->saveQueryEditForm($pageTitle, $sqlQuery))
00067 displayinfo('Changes saved successfully.');
00068 }
00069 elseif(isset($_POST['btnPreviewResults'])) {
00070 if(!isset($_POST['pagetitle']) || !isset($_POST['sqlquery']))
00071 displayerror('Error. Incomplete form data.');
00072 $pageTitle = $_POST['pagetitle'];
00073 $sqlQuery = $_POST['sqlquery'];
00074 $editPageContent = "<h2>$pageTitle (Preview)</h2><br />\n" . $this->generatePageData(stripslashes($sqlQuery)) . "<br />\n";
00075
00076 $useParams = true;
00077 $paramSqlQuery = stripslashes($sqlQuery);
00078 $paramPageTitle = $pageTitle;
00079 }
00080
00081 $editPageContent .= $this->getQueryEditForm($paramPageTitle, $paramSqlQuery, $useParams);
00082
00083 $helptext = "";
00084 if(isset($_POST['btnListTables'])||( isset($_GET['subaction']) && $_GET['subaction']=="listalltables") )
00085 {
00086
00087 $helptext.="<h2>Tables of Database ".MYSQL_DATABASE."</h2><br/><table id='sqlhelptable' name='sqlhelptable' class='display'><thead></tr><tr><th>Table Name</th><th>Columns Information</th><th>Rows Information</th></tr></thead><tbody>";
00088 $query="SHOW TABLES";
00089 $res=mysql_query($query);
00090 while($row=mysql_fetch_row($res))
00091 {
00092 $helptext .="<tr><td>{$row[0]}</td><td><a href='./+edit&subaction=tablecols&tablename={$row[0]}'>View Columns</a></td><td><a href='./+edit&subaction=tablerows&tablename={$row[0]}'>View Rows</a></td></tr>";
00093 }
00094 $helptext .="</tbody></table>";
00095 }
00096 if((isset($_POST['btnListRows']) && $_POST['tablename']!="") || ( isset($_GET['subaction']) && $_GET['subaction']=="tablerows") )
00097 {
00098 if(isset($_POST['tablename'])) $tablename=escape(safe_html($_POST['tablename']));
00099 else if(isset($_GET['tablename'])) $tablename=escape(safe_html($_GET['tablename']));
00100 else { displayerror("Table name missing"); return $editPageContent; }
00101
00102 $query="SELECT * FROM $tablename";
00103 $res=mysql_query($query);
00104 $numfields=mysql_num_fields($res);
00105 $helptext .="<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=".$numfields.">Rows of Table $tablename <br/><a href='./+edit&subaction=tablecols&tablename=$tablename'>View Columns</a> <a href='./+edit&subaction=listalltables'>View All Tables</a></th></tr>";
00106 $helptext .="<tr>";
00107
00108 for($i=0;$i<$numfields;$i++)
00109 {
00110 $name = mysql_field_name($res, $i);
00111 if (!$name) {
00112 displayerror("Field name could not be retrieved");
00113 break;
00114 }
00115 $helptext.="<th>$name</th>";
00116 }
00117 $helptext .="</tr></thead><tbody>";
00118
00119
00120 while($row=mysql_fetch_row($res))
00121 {
00122 $helptext .="<tr>";
00123 for($i=0;$i<$numfields;$i++)
00124 $helptext .="<td>{$row[$i]}</td>";
00125 $helptext .="</tr>";
00126 }
00127 $helptext .="</tbody></table>";
00128 }
00129 if((isset($_POST['btnListColumns']) && $_POST['tablename']!="") || ( isset($_GET['subaction']) && $_GET['subaction']=="tablecols"))
00130 {
00131 if(isset($_POST['tablename'])) $tablename=escape(safe_html($_POST['tablename']));
00132 else if(isset($_GET['tablename'])) $tablename=escape(safe_html($_GET['tablename']));
00133 else { displayerror("Table name missing"); return $editPageContent; }
00134
00135 $helptext .="<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=6>Column Information of Table $tablename <br/><a href='./+edit&subaction=tablerows&tablename=$tablename'>View Rows</a> <a href='./+edit&subaction=listalltables'>View All Tables</a> </th></tr>";
00136 $helptext .="<tr><th>Column Name</th><th>Column Type</th><th>Maximum Length</th><th>Default Value</th><th>Not Null</th><th>Primary Key</th></tr></thead><tbody>";
00137 $query="SELECT * FROM $tablename LIMIT 1";
00138 $res=mysql_query($query);
00139 for($i=0;$i<mysql_num_fields($res);$i++)
00140 {
00141 $meta = mysql_fetch_field($res, $i);
00142 if (!$meta) {
00143 displayerror("Field information could not be retrieved");
00144 break;
00145 }
00146 $helptext.="<tr><td>{$meta->name}</td><td>{$meta->type}</td><td>{$meta->max_length}</td><td>{$meta->def}</td><td>{$meta->not_null}</td><td>{$meta->primary_key}</td></tr>";
00147 }
00148 $helptext .="</tbody></table>";
00149 }
00150 global $urlRequestRoot,$cmsFolder,$STARTSCRIPTS;
00151 $smarttable = smarttable::render(array('sqlhelptable'),null);
00152 $STARTSCRIPTS .= "initSmartTable();";
00153
00154 global $ICONS;
00155 if($helptext!="") $helptext="<fieldset><legend>{$ICONS['Database Information']['small']}Database Information</legend>$smarttable $helptext</fieldset>";
00156 return $helptext.$editPageContent;
00157 }
00158
00159 private function getQueryEditForm($pageTitle = '', $sqlQuery = '', $useParams = false) {
00160 if(!$useParams) {
00161 $defaultValueQuery = 'SELECT `sqlquery_title`, `sqlquery_query` FROM `sqlquery_desc` WHERE `page_modulecomponentid` = ' . $this->moduleComponentId;
00162 $defaultValueResult = mysql_query($defaultValueQuery);
00163 if(!$defaultValueResult) {
00164 displayerror('Error. Could not retrieve data for the page requested.');
00165 return '';
00166 }
00167 $defaultValueRow = mysql_fetch_row($defaultValueResult);
00168 if(!$defaultValueRow) {
00169 displayerror('Error. Could not retrieve data for the page requested.');
00170 return '';
00171 }
00172 $pageTitle = $defaultValueRow[0];
00173 $sqlQuery = $defaultValueRow[1];
00174 }
00175 global $ICONS;
00176 $dbname=MYSQL_DATABASE;
00177 $dbprefix=MYSQL_DATABASE_PREFIX;
00178 $queryEditForm = <<<QUERYEDITFORM
00179 <fieldset><legend>{$ICONS['SQL Query']['small']}Custom SQL Query</legend>
00180 <form method="POST" action="./+edit">
00181 <table>
00182 <tr><td>Page Title:</td><td><input id="pagetitle" name="pagetitle" type="text" value="$pageTitle" /></td></tr>
00183 <tr><td>SQL Query:</td><td><textarea id="sqlquery" name="sqlquery" rows="8" cols="50">$sqlQuery</textarea></td></tr>
00184 </table>
00185 <input type="submit" name="btnSubmitQueryData" value="Save Changes" />
00186 <input type="submit" name="btnPreviewResults" value="Preview Result Page" />
00187 <br/>Need help ? Use the Database Information form below.
00188 </form>
00189 </fieldset>
00190 <fieldset>
00191 <legend>{$ICONS['Database Information']['small']} Database Information</legend>
00192 <table style="width:100%">
00193 <form method="POST" action="./+edit" >
00194 <tr><td>Database Name</td><td>$dbname</td></tr>
00195 <tr><td>Tables Prefix</td><td>$dbprefix</td></tr>
00196 <tr><td colspan="2"><input style="width:100%" type="submit" name="btnListTables" value="List All Tables"/></td></tr>
00197 <tr><td>Enter a Table Name </td><td><input type="text" name="tablename"/></td>
00198 <tr><td><input type="submit" name="btnListRows" value="View Rows Information"/></td><td><input type="submit" name="btnListColumns" value="View Columns Information"/></td></tr>
00199
00200 </table>
00201 </form>
00202 </fieldset>
00203 QUERYEDITFORM;
00204 return $queryEditForm;
00205 }
00206
00207 private function generatePageData($sqlQuery) {
00208 $sqlQuery = $sqlQuery;
00209 $result = mysql_query($sqlQuery);
00210
00211 if(!$result) {
00212 return 'Error. The query used to generate this page is invalid. <a href="./+edit">Click here</a> to change the default query.<br />';
00213 }
00214
00215 $pageContent = '<table>';
00216
00217 $pageContent .= "<tr>\n";
00218 $fieldCount = mysql_num_fields($result);
00219 for($i = 0; $i < $fieldCount; $i++) {
00220 $pageContent .= "<th>" . mysql_field_name($result, $i) . "</th>";
00221 }
00222 $pageContent .= "</tr>\n";
00223
00224 while($resultrow = mysql_fetch_row($result))
00225 $pageContent .= "<tr><td>" . implode('</td><td>', $resultrow) . "</td></tr>\n";
00226 $pageContent .= "</table>\n";
00227
00228 return $pageContent;
00229 }
00230
00231 private function saveQueryEditForm($pageTitle, $sqlQuery) {
00232 $updateQuery = "UPDATE `sqlquery_desc` SET `sqlquery_title` = '$pageTitle', `sqlquery_query` = '$sqlQuery' WHERE `page_modulecomponentid` = {$this->moduleComponentId}";
00233 $updateResult = mysql_query($updateQuery);
00234 if(!$updateResult) {
00235 displayerror('SQL Error. Could not update database settings.');
00236 return false;
00237 }
00238 return true;
00239 }
00240
00241 public function deleteModule($moduleComponentId) {
00242 $deleteQuery = "DELETE FROM `sqlquery_desc` WHERE `page_modulecomponentid` = $moduleComponentId";
00243 $deleteResult = mysql_query($deleteQuery);
00244 if(mysql_affected_rows() > 0)
00245 return true;
00246 displayerror('An unknown error was encountered while trying to delete the module.');
00247 return false;
00248 }
00249
00250 public function copyModule($moduleComponentId) {
00251 $newComponentId = 0;
00252 $attempts = 0;
00253
00254 while($attempts < 10 && $newComponentId == 0) {
00255 $newComponentId = $this->getNextModuleComponentId();
00256 if($newComponentId) {
00257 $insertQuery = "INSERT INTO `sqlquery_desc`(`page_modulecomponentid`, `sqlquery_title`, sqlquery_query) SELECT $newComponentId, `sqlquery_title`, `sqlquery_query` FROM `sqlquery_desc` WHERE `page_modulecomponentid` = $moduleComponentId";
00258 $insertResult = mysql_query($insertQuery);
00259 if(!$insertResult) {
00260 if(mysql_errno() != 1062) {
00261 displayerror('An unknown error was encountered while trying to copy the module.');
00262 return false;
00263 }
00264 $newComponentId = 0;
00265 }
00266 }
00267 else {
00268 displayerror('An unknown error was encountered while trying to copy the module.');
00269 return false;
00270 }
00271 $attempts++;
00272 }
00273
00274 if($newComponentId != 0)
00275 return $newComponentId;
00276 return false;
00277 }
00278
00279 private function getNextModuleComponentId() {
00280 $moduleComponentIdQuery = 'SELECT MAX(`page_modulecomponentid`) FROM `sqlquery_desc`';
00281 $moduleComponentIdResult = mysql_query($moduleComponentIdQuery);
00282 if(!$moduleComponentIdResult)
00283 return 0;
00284 $moduleComponentIdRow = mysql_fetch_row($moduleComponentIdResult);
00285 if(!is_null($moduleComponentIdRow[0]))
00286 return $moduleComponentIdRow[0] + 1;
00287 return 1;
00288 }
00289
00290 public function createModule(&$moduleComponentId) {
00291 $attemptNumber = 0;
00292 $newComponentId = 0;
00293
00294 while($attemptNumber < 10 && $newComponentId == 0) {
00295 $newComponentId = $this->getNextModuleComponentId();
00296 if($newComponentId) {
00297 $insertQuery = "INSERT INTO `sqlquery_desc`(`page_modulecomponentid`, `sqlquery_title`, `sqlquery_query`) VALUES($newComponentId, 'New Query', 'SELECT * FROM `mytable` WHERE 1')";
00298 $insertResult = mysql_query($insertQuery);
00299 if(!$insertResult) {
00300 if(mysql_errno() != 1062) {
00301 displayerror('An unknown error was encountered while trying to create a new page.');
00302 return false;
00303 }
00304 $newComponentId = 0;
00305 }
00306 }
00307 else if($attemptNumber == 0) {
00308 displayerror('Error while trying to fetch new module component id.');
00309 return false;
00310 }
00311 $attemptNumber++;
00312 }
00313
00314 if($newComponentId == 0) {
00315 displayerror('Could not create new page.');
00316 return false;
00317 }
00318
00319 $moduleComponentId = $newComponentId;
00320
00321 return true;
00322 }
00323 }
00324