| | |
|---|
| | | var $sys_default_group; |
|---|
| | | var $sys_groups; |
|---|
| | | var $client_id; |
|---|
| | | var $dataRecord; |
|---|
| | | |
|---|
| | | |
|---|
| | | //* Load the form definition from file. |
|---|
| | |
|---|
| | | |
|---|
| | | $this->action = $action; |
|---|
| | | $this->primary_id = $primary_id; |
|---|
| | | $this->dataRecord = $record; |
|---|
| | | |
|---|
| | | $record = $this->encode($record,true); |
|---|
| | | $sql_insert_key = ''; |
|---|
| | |
|---|
| | | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { |
|---|
| | | $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); |
|---|
| | | $record[$key] = $tmp['crypted']; |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | | } else { |
|---|
| | | $record[$key] = md5(stripslashes($record[$key])); |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | |
|---|
| | | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { |
|---|
| | | $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); |
|---|
| | | $record[$key] = $tmp['crypted']; |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | | } else { |
|---|
| | | $record[$key] = md5(stripslashes($record[$key])); |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; |
|---|
| | | return $app->db->queryOneRecord($sql); |
|---|
| | | } elseif (@is_array($primary_id)) { |
|---|
| | | $sql_where = ''; |
|---|
| | | $sql_offset = 0; |
|---|
| | | $sql_limit = 0; |
|---|
| | | $sql_where = ''; |
|---|
| | | foreach($primary_id as $key => $val) { |
|---|
| | | $key = $app->db->quote($key); |
|---|
| | | $val = $app->db->quote($val); |
|---|
| | | if(stristr($val,'%')) { |
|---|
| | | if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val); |
|---|
| | | elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val); |
|---|
| | | elseif(stristr($val,'%')) { |
|---|
| | | $sql_where .= "$key like '$val' AND "; |
|---|
| | | } else { |
|---|
| | | $sql_where .= "$key = '$val' AND "; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $sql_where = substr($sql_where,0,-5); |
|---|
| | | if($sql_where == '') $sql_where = '1'; |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where; |
|---|
| | | if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit; |
|---|
| | | return $app->db->queryAllRecords($sql); |
|---|
| | | } else { |
|---|
| | | $this->errorMessage = 'The ID must be either an integer or an array.'; |
|---|
