| 1 |
rodolico |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
define(VERSION,'1.5.2');
|
|
|
4 |
define(BUILD_DATE,'20091010');
|
|
|
5 |
|
|
|
6 |
include_once("database.php");
|
|
|
7 |
|
|
|
8 |
include_once("library.php");
|
|
|
9 |
include_once('reports.php');
|
|
|
10 |
|
|
|
11 |
global $MODULE_REPORTS;
|
|
|
12 |
$MODULE_REPORTS = array('main device screen' => 1);
|
|
|
13 |
|
|
|
14 |
define (SQL_SHOW_SITES,
|
|
|
15 |
"select concat('<a href=\"index.html?site_id=',site.site_id,'\">', site.name,'</a>') 'Site',
|
|
|
16 |
count(*) 'Devices',
|
|
|
17 |
concat('<a href=\"edit.html?site_id=',site.site_id,'\">Edit</a>') Action
|
|
|
18 |
from client_site site left outer join current_systems device using (site_id)
|
|
|
19 |
where <whereClause>
|
|
|
20 |
group by site.site_id
|
|
|
21 |
order by site.name"
|
|
|
22 |
);
|
|
|
23 |
|
|
|
24 |
define (SQL_SHOW_DEVICES,
|
|
|
25 |
"select concat('<a href=\"show_device.html?device_id=',device.device_id,'\">',device.name,'</a>') 'Device',
|
|
|
26 |
device_type.name 'Type',
|
|
|
27 |
concat('<a href=\"edit.html?device_id=',device.device_id,'\">Edit</a>') Action
|
|
|
28 |
from device join device_type on device.device_type_id = device_type.device_type_id
|
|
|
29 |
join site on device.site_id = site.site_id
|
|
|
30 |
join client on site.client_id = client.client_id
|
|
|
31 |
where device_type.show_as_system = 'Y'
|
|
|
32 |
and device.removed_date is null
|
|
|
33 |
and <whereClause>
|
|
|
34 |
order by device_type.name,device.name"
|
|
|
35 |
);
|
|
|
36 |
|
|
|
37 |
define (SQL_SHOW_CLIENTS,
|
|
|
38 |
"select max(concat('<a href=\"index.html?client_id=',client.client_id,'\">',client.name,'</a>')) 'Client',
|
|
|
39 |
count(*) 'Sites',
|
|
|
40 |
concat('<a href=\"edit.html?client_id=',client.client_id,'\">Edit</a>') Action
|
|
|
41 |
from client left outer join site using (client_id)
|
|
|
42 |
where site.removed_date is null and
|
|
|
43 |
<whereClause>
|
|
|
44 |
group by client.client_id
|
|
|
45 |
order by client.name"
|
|
|
46 |
);
|
|
|
47 |
|
|
|
48 |
define (SQL_SHOW_DEVICE, '
|
|
|
49 |
select device.device_id "ID",
|
|
|
50 |
concat(client.name, \' - \', site.name) "Site",
|
|
|
51 |
device_type.name "Type",
|
|
|
52 |
device.name "Name",
|
|
|
53 |
device.notes "Notes",
|
| 37 |
rodolico |
54 |
device.restrictions "Restrictions",
|
| 1 |
rodolico |
55 |
partof.name "Part Of",
|
|
|
56 |
date(device.added_date) "Added",
|
|
|
57 |
date(device.removed_date) "Removed"
|
|
|
58 |
from device join site on device.site_id = site.site_id
|
|
|
59 |
join client on site.client_id = client.client_id
|
|
|
60 |
join device_type on device.device_type_id = device_type.device_type_id
|
|
|
61 |
left outer join device as partof on partof.device_id = device.part_of
|
|
|
62 |
where device.device_id = <device_id>
|
|
|
63 |
');
|
|
|
64 |
|
|
|
65 |
$LOGIN_PAGE = $_SESSION['html root'] . '/login.html';
|
|
|
66 |
|
|
|
67 |
function verifyLogin( $username, $password ) {
|
|
|
68 |
$sql = "select login_id login_id, email, where_clause
|
|
|
69 |
from login
|
|
|
70 |
where email = " . makeSafeSQLValue($username) . '
|
|
|
71 |
and pass = md5(' . makeSafeSQLValue($password) . ")
|
|
|
72 |
and removed_date is null";
|
|
|
73 |
$info = queryDatabaseExtended( $sql );
|
|
|
74 |
if ( $info['count'] == 1 ) {
|
|
|
75 |
$info = $info['data'][0];
|
|
|
76 |
$_SESSION['login_id'] = ($info['login_id'] ? $info['login_id'] : -1);
|
|
|
77 |
$_SESSION['email'] = $info['email'];
|
|
|
78 |
$_SESSION['where_clause'] = $info['where_clause'];
|
|
|
79 |
redirectPage('index.html');
|
|
|
80 |
} else {
|
|
|
81 |
return false;
|
|
|
82 |
}
|
|
|
83 |
}
|
|
|
84 |
|
|
|
85 |
function setAuth ( $whereClause = 'true' ) {
|
|
|
86 |
if ( iAmAdministrator() ) return $whereClause;
|
|
|
87 |
$whereClause = " ($whereClause)"; // ensure that the whereClause passed will not override our limits
|
|
|
88 |
switch ( $_SESSION['where_clause'] ) {
|
|
|
89 |
case '' : $whereClause .= ' and false'; // no login allowed if empty string
|
|
|
90 |
break;
|
|
|
91 |
default : $whereClause .= ' and ' . $_SESSION['where_clause'];
|
|
|
92 |
}
|
|
|
93 |
return $whereClause;
|
|
|
94 |
}
|
|
|
95 |
|
|
|
96 |
function iAmAdministrator () {
|
|
|
97 |
return ($_SESSION['where_clause'] == 'ADMINISTRATOR');
|
|
|
98 |
}
|
|
|
99 |
|
|
|
100 |
/*
|
|
|
101 |
function takes a screen name and looks it up in $MODULE_REPORTS to translate to a bit position.
|
|
|
102 |
It will then search the report table in the database to determine which reports need to be run, passing the values in the
|
|
|
103 |
$parameters array to the run command, can capturing the output.
|
|
|
104 |
function then returns the html output of the report(s) back to the calling program, which can then paste it into the current
|
|
|
105 |
screen.
|
|
|
106 |
The concept is that a particular screen may need some sub reports. For example, the display device screen in the Main module
|
|
|
107 |
will want to display the information about the device taken from the device_attrib table. To do this, a report is defined
|
|
|
108 |
using the query
|
|
|
109 |
select attrib.name,device_attrib.value
|
|
|
110 |
from device_attrib join attrib using (attrib_id)
|
|
|
111 |
where device_id = <device_id> and device_attrib.removed_date is null
|
|
|
112 |
where <device_id> is replaced by the report class.
|
|
|
113 |
The calling routine would pass 'device_id' => '1' in the parameters array (if the current device had a device_id of 1) and this
|
|
|
114 |
routine would run the report and return the results.
|
|
|
115 |
This allows newer modules to add reports to existing screens simply by creating a report and setting up parameters correctly.
|
|
|
116 |
BY CONVENTION, the following parameters are passed, if applicable:
|
|
|
117 |
device_id - numeric ID of the device in question
|
|
|
118 |
device_name - ascii name of the device in question
|
|
|
119 |
site_id - numeric ID of the site in question
|
|
|
120 |
client_id - numeric ID of the client in question
|
|
|
121 |
added_date - value for added_date
|
|
|
122 |
removed_date - value for removed_date
|
|
|
123 |
Not all reports will use the above values, but if they are passed in to the parameters array, they will not cause problems with
|
|
|
124 |
the report
|
|
|
125 |
|
|
|
126 |
NOTE: the reports will still run in interactive mode. In the above query, it will ask for the device.
|
|
|
127 |
*/
|
|
|
128 |
function screenReports ( $screenName, $parameters = array(), $showTitle = false ) {
|
|
|
129 |
global $MODULE_REPORTS;
|
|
|
130 |
$result = '';
|
|
|
131 |
if ($MODULE_REPORTS[$screenName]) {
|
|
|
132 |
$sql = 'select report_id from report where screen_report = ' . $MODULE_REPORTS[$screenName];
|
|
|
133 |
$reportIDs = sqlValuesToKeys ($sql);
|
|
|
134 |
// print "<pre>"; print_r( $parameters ); print "</pre>";
|
|
|
135 |
foreach ( $reportIDs as $thisReport => $data ) {
|
|
|
136 |
$report = new Report;
|
|
|
137 |
$report->loadFromDatabase ( $thisReport );
|
|
|
138 |
$result .= $report->run($parameters, '', $showTitle );
|
|
|
139 |
}
|
|
|
140 |
}
|
|
|
141 |
return $result;
|
|
|
142 |
}
|
|
|
143 |
|
|
|
144 |
if ($_SESSION['file system root']) { // this is only set if we have logged in
|
|
|
145 |
$InstalledModules = array();
|
|
|
146 |
// get module information
|
|
|
147 |
$data = queryDatabaseExtended( "select theValue from _system where removed_date is null and group_name = 'Modules'");
|
|
|
148 |
if ($data) {
|
|
|
149 |
foreach ($data['data'] as $row) {
|
|
|
150 |
$InstalledModules[] = $row['theValue'];
|
|
|
151 |
}
|
|
|
152 |
// note, we are only going to include the datagase.php. All other stuff is left to the individual modules
|
|
|
153 |
// $_SESSION['file system root'] is set in login.php, and is the path to the root of this application, so all else is relative
|
|
|
154 |
foreach ($InstalledModules as $directory) {
|
|
|
155 |
include_once( $_SESSION['file system root'] . "/$directory/database.php" );
|
|
|
156 |
}
|
|
|
157 |
}
|
|
|
158 |
}
|
|
|
159 |
|
| 37 |
rodolico |
160 |
?>
|