Subversion Repositories computer_asset_manager_v1

<?php

   include_once("library.php");

   include_once('reports.php');

   include_once( './database.php' );

   /*

    * function designed to handle input from a form. If the input is

    * unset, will retrun the $default value.

    * Otherwise, will filter the value based on $filter

    * Some common filters are:

    *    FILTER_SANITIZE_SPECIAL_CHARS - clean up text so no HTML

    *    FILTER_SANITIZE_EMAIL         - email addresses

    *    FILTER_SANITIZE_NUMBER_FLOAT  - floating point numbers

    *    FILTER_SANITIZE_NUMBER_INT    - integers

    *    FILTER_SANITIZE_URL           - A URL

    * http://php.net/manual/en/filter.filters.sanitize.php

    */

   function cleanInput ( $value, $default = '', $filter = FILTER_DEFAULT ) {

      // unset or empty values just get the default

      if ( ! isset( $value ) || strlen( trim( $value ) ) == 0 ) return $default;

      return filter_var( trim( $value ), $filter );

   }

   /*

    * function will attempt to make a constant ($value) safe for SQL depending on the type.

    * 

    * if $value is empty, $default is returned, as will happen if any of the

    * conversions (date, datetime, etc...) fail.

    * 

    * First, it will pass it through get_magic_quotes_gpc, 

    * then will run through mysql_real_escape_string

    * 

    * For strings, will encapsulate in quotes

    * Dates will attempt a conversion, then change to YYYY-MM-DD and encapsulate in quotes

    * DateTime will perform the same, but change to YYYY-MM-DD HH:MM:SS

    * Integer and Floats are passed through builtins intval and floatval

    * Boolean only checks the first character, a '0', 'f' and 'n' denoting false

    *    all else denoting true. The result is converted based on the variable

    *    $falsetrue, with the first char denoting false and the second denoting true

    */

   function makeSafeSQLConstant ( $value, $type='S', $default='null', $falsetrue='10' ) {

      // return $default on undefined or empty values

      if ( ! isset( $value ) ) return $default;

      if (strlen($value) == 0) return $default;

      // print "Processing $value as $type with default $default<br>\n";

      switch ( strtolower( $type ) ) {

         case 'string' :

         case 's' : 

                  if ( get_magic_quotes_gpc() ) 

                     $value = stripslashes($value);

                  $value = mysql_real_escape_string( $value );

                  $value = strlen( $value ) > 0 ? "'$value'" : $default;

                  break;

         case 'date' :

         case 'd' :

                  if ( $value != 'null' ) {

                     $result = strtotime( $value );

                     $value = ( $result === false ) ? $default : "'" . Date( 'Y-m-d', $result) . "'";

                  }

                  break;

         case 'datetime':

         case 'timestamp':

         case 'dt': 

                  if ( $value != 'null' ) {

                     $result = strtotime( $value );

                     $value = ( $result === false ) ? $default : "'" . Date( 'Y-m-d H:i:s', $result) . "'";

                  }

                  break;

         case 'integer':

         case 'i' :  

                  $value = intval( $value );

                  break;

         case 'float':

         case 'f' :  

                  $value = floatval( $value );

                  break;

         case 'bool':

         case 'boolean':

         case 'b' :  // note, because of the way strpos works, you can not

                     // simply set $value based on the output; you MUST do

                     // as below; specifically check for false, then set the result

                     $value =  strpos( '0fn', strtolower(substr( $value, 0, 1 )) ) === false ? 0 : 1;

                     $value = substr( $falsetrue, $value, 0, 1 );

                     break;

      } // switch

      return $value;

   }

   function lPad( $string, $count, $padChar = '0' ) {

      while ( strlen( $string) < $count ) {

         $string = '0' . $string;

      }

      return $string;

   }

   function makeFileName ( $name, $device_id, $client_id, $site_id ) {

      // we are getting an index. There is a small chance we could end up with duplicates, but since the file

      // name will not consist solely of the index, it should not cause a collision.

      $thisIndex = getOneDBValue( "select theValue from _system where group_name= 'Documents' and key_name = 'last index'" );

      $thisIndex++;

      doSQL( "update _system set theValue = '$thisIndex' where group_name= 'Documents' and key_name = 'last index'" );

      $thisIndex = lPad( $thisIndex, 6 );

      // start building the file name

      $nameOnDisk = $thisIndex . '-';

      if ( $device_id ) {

         $nameOnDisk .= 'd-';

         $nameOnDisk .= getOneDBValue( "select name from device where device_id = $device_id" );

      } elseif ( $site_id ) {

         $nameOnDisk .= 's-';

         $nameOnDisk .= getOneDBValue( "select name from site where site_id = $site_id" );

      } elseif ( $client_id ) {

         $nameOnDisk .= 'c-';

         $nameOnDisk .= getOneDBValue( "select name from client where client_id = $client_id" );

      } else {

         return array( 'valid' => false, 'message' => 'Error: not able to find client/site/device info' );

      }

      // add the extension

      $nameOnDisk .= '.' . pathinfo($name, PATHINFO_EXTENSION);

      // and calculate the relative path to be added to the Documents root path value

      $nameOnDisk = getRelativePath( $nameOnDisk ) . $nameOnDisk;

      return array( 'valid' => true, 'filename' => $nameOnDisk );

   } // function saveFile

   /*

    * take the first digits of a file name (which is the index) and turn

    * them into a path, by breaking them into two character directories.

    * Thus, 123456-someFileName.something becomes

    * 12/34/123456-someFileName.something

    * however, this only returns the path part, so it will return

    * 12/34/

    */

   function getRelativePath ( $filename ) {

      // the first part of the file name is the index, which is used to

      // calculate the path, so we'll throw away everything else.

      $filename = explode( '-', $filename )[0];

      while ( strlen( $filename ) > 2 ) {

         $path .= substr( $filename, 0, 2 ) . '/';

         $filename = substr( $filename, 2 );

      }

      return $path;

   }

   /*

    * prepends two directory entries stored in _system table to

    * $filename

    */

   function getAbsolutePath ( $filename ) {

      $path = $_SESSION['file system root']

                . '/' . getOneDBValue( "select theValue from _system where group_name = 'Documents' and key_name = 'root path'" )

                . '/' . $filename;

      return $path;

   }

   /*

    * returns the URL path to a file

    */

   function getURLPath ( $filename ) {

      $path = $_SESSION['html root']

                . '/' . getOneDBValue( "select theValue from _system where group_name = 'Documents' and key_name = 'root path'" )

                . '/' . $filename;

      return $path;

   }

   function makePath ( $filename ) {

      $path =  pathinfo( $filename, PATHINFO_DIRNAME );

      return is_dir( $path ) ? true : mkdir( $path, 0777, true );

   }

   /*

    * Tries to find $value as a mime type

    * if $value is non-zero numeric, looks it up in the table as mime_type_id

    * if a string, checks for mime_type

    * if still not found, looks for extension

    * returns index into document_mime_type, or 0 if not found

    */

   function check_mime_type ( $value ) {

      if ( is_string( $value ) ) {

         $value = makeSafeSQLConstant( $value );

         // check if they passed in a mime type

         $id = getOneDBValue( "select document_mime_type_id from document_mime_type where mime_type = $value" );

         if ( $id ) return $id;

         // well, no, so check if they passed in an extension

         return getOneDBValue( "select document_mime_type_id from document_mime_type where extension = $value" );

      }

      return null;

   }

   function addDocument ( $nameOnDisk, $device_id, $client_id, $site_id, $mime_type, $name, $description ) {

      if ( $device_id ) {

         $owner_type = 'd';

         $owner_id = $device_id;

      } elseif ( $site_id ) {

         $owner_type = 's';

         $owner_id = $site_id;

      } elseif ( $client_id ) {

         $owner_type = 'c';

         $owner_id = $client_id;

      }

      if ( ! isset( $mime_type ) ) {

         $extension = pathinfo( $nameOnDisk, PATHINFO_EXTENSION);

         $mime_type = getOneDBValue( "select mime_type from document_mime_type where extension = '$extension'" );

      } // if we need to find the mime_type

      $nameOnDisk = makeSafeSQLConstant( $nameOnDisk );

      $description = makeSafeSQLConstant( $description );

      $mime_type = makeSafeSQLConstant( $mime_type );

      $owner_type = makeSafeSQLConstant( $owner_type );

      $name = makeSafeSQLConstant( $name );

      $document_mime_type_id = getOneDBValue( "select document_mime_type_id from document_mime_type where mime_type = $mime_type" );

      if ( ! $document_mime_type_id ) $document_mime_type_id = 'null';

      $query = "insert into document ( name,owner_type,owner_id,description, document_mime_type_id, name_on_disk, added_date )

                              values ( $name, $owner_type, $owner_id, $description, $document_mime_type_id, $nameOnDisk, now() )";

      $result = queryDatabaseExtended( $query );

      return isset( $result['insert_id'] ) ? $result['insert_id'] : null;

   }

?>