PageRenderTime 67ms CodeModel.GetById 9ms RepoModel.GetById 0ms app.codeStats 0ms

/cms/modules/sqlquery.lib.php

https://github.com/akash6190/pragyan
PHP | 256 lines | 231 code | 19 blank | 6 comment | 8 complexity | f32d742a6a9cf3d840f817bfc3daf528 MD5 | raw file
  1. <?php
  2. if(!defined('__PRAGYAN_CMS'))
  3. {
  4. header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
  5. echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
  6. echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
  7. exit(1);
  8. }
  9. /**
  10. * @package pragyan
  11. * @copyright (c) 2010 Pragyan Team
  12. * @license http://www.gnu.org/licenses/ GNU Public License
  13. * For more details, see README
  14. */
  15. class sqlquery implements module {
  16. private $userId;
  17. private $moduleComponentId;
  18. private $action;
  19. public function getHtml($userId, $moduleComponentId, $action) {
  20. $this->userId = $userId;
  21. $this->moduleComponentId = $moduleComponentId;
  22. $this->action = $action;
  23. switch($action) {
  24. case 'view':
  25. return $this->actionView();
  26. case 'edit':
  27. return $this->actionEdit();
  28. }
  29. }
  30. public function actionView() {
  31. $sqlQueryQuery = 'SELECT `sqlquery_title`, `sqlquery_query` FROM `sqlquery_desc` WHERE `page_modulecomponentid` = \'' . $this->moduleComponentId."'";
  32. $sqlQueryResult = mysql_query($sqlQueryQuery);
  33. if(!$sqlQueryResult) {
  34. displayerror('Database error. An unknown error was encountered while trying to load page data.');
  35. return '';
  36. }
  37. $sqlQueryRow = mysql_fetch_row($sqlQueryResult);
  38. if(!$sqlQueryRow) {
  39. displayerror('Database error. Could not find data for the page requested.');
  40. return '';
  41. }
  42. $pageTitle = $sqlQueryRow[0];
  43. $pageQuery = $sqlQueryRow[1];
  44. $pageContent = "<h2>$pageTitle</h2><br />\n";
  45. return $pageContent . $this->generatePageData($pageQuery);
  46. }
  47. public function actionEdit() {
  48. $editPageContent = '';
  49. $paramSqlQuery = '';
  50. $paramPageTitle = '';
  51. $useParams = false;
  52. if(isset($_POST['btnSubmitQueryData'])) {
  53. if(!isset($_POST['pagetitle']) || !isset($_POST['sqlquery']))
  54. displayerror('Error. Incomplete form data.');
  55. $pageTitle = $_POST['pagetitle'];
  56. $sqlQuery = $_POST['sqlquery'];
  57. if($this->saveQueryEditForm($pageTitle, $sqlQuery))
  58. displayinfo('Changes saved successfully.');
  59. }
  60. elseif(isset($_POST['btnPreviewResults'])) {
  61. if(!isset($_POST['pagetitle']) || !isset($_POST['sqlquery']))
  62. displayerror('Error. Incomplete form data.');
  63. $pageTitle = $_POST['pagetitle'];
  64. $sqlQuery = $_POST['sqlquery'];
  65. $editPageContent = "<h2>$pageTitle (Preview)</h2><br />\n" . $this->generatePageData(stripslashes($sqlQuery)) . "<br />\n";
  66. $useParams = true;
  67. $paramSqlQuery = stripslashes($sqlQuery);
  68. $paramPageTitle = $pageTitle;
  69. }
  70. $editPageContent .= $this->getQueryEditForm($paramPageTitle, $paramSqlQuery, $useParams);
  71. $helptext = "";
  72. if(isset($_POST['btnListTables'])||( isset($_GET['subaction']) && $_GET['subaction']=="listalltables") )
  73. {
  74. $helptext.="<h2>Tables of Database ".MYSQL_DATABASE."</h2><br/><table id='sqlhelptable' name='sqlhelptable' class='display'><thead></tr><tr><th>Table Name</th><th>Columns Information</th><th>Rows Information</th></tr></thead><tbody>";
  75. $query="SHOW TABLES";
  76. $res=mysql_query($query);
  77. while($row=mysql_fetch_row($res))
  78. {
  79. $helptext .="<tr><td>{$row[0]}</td><td><a href='./+edit&subaction=tablecols&tablename={$row[0]}'>View Columns</a></td><td><a href='./+edit&subaction=tablerows&tablename={$row[0]}'>View Rows</a></td></tr>";
  80. }
  81. $helptext .="</tbody></table>";
  82. }
  83. if((isset($_POST['btnListRows']) && $_POST['tablename']!="") || ( isset($_GET['subaction']) && $_GET['subaction']=="tablerows") )
  84. {
  85. if(isset($_POST['tablename'])) $tablename=escape(safe_html($_POST['tablename']));
  86. else if(isset($_GET['tablename'])) $tablename=escape(safe_html($_GET['tablename']));
  87. else { displayerror("Table name missing"); return $editPageContent; }
  88. $query="SELECT * FROM '$tablename'";
  89. $res=mysql_query($query);
  90. $numfields=mysql_num_fields($res);
  91. $helptext .="<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=".$numfields.">Rows of Table $tablename <br/><a href='./+edit&subaction=tablecols&tablename=$tablename'>View Columns</a> <a href='./+edit&subaction=listalltables'>View All Tables</a></th></tr>";
  92. $helptext .="<tr>";
  93. for($i=0;$i<$numfields;$i++)
  94. {
  95. $name = mysql_field_name($res, $i);
  96. if (!$name) {
  97. displayerror("Field name could not be retrieved");
  98. break;
  99. }
  100. $helptext.="<th>$name</th>";
  101. }
  102. $helptext .="</tr></thead><tbody>";
  103. while($row=mysql_fetch_row($res))
  104. {
  105. $helptext .="<tr>";
  106. for($i=0;$i<$numfields;$i++)
  107. $helptext .="<td>{$row[$i]}</td>";
  108. $helptext .="</tr>";
  109. }
  110. $helptext .="</tbody></table>";
  111. }
  112. if((isset($_POST['btnListColumns']) && $_POST['tablename']!="") || ( isset($_GET['subaction']) && $_GET['subaction']=="tablecols"))
  113. {
  114. if(isset($_POST['tablename'])) $tablename=escape(safe_html($_POST['tablename']));
  115. else if(isset($_GET['tablename'])) $tablename=escape(safe_html($_GET['tablename']));
  116. else { displayerror("Table name missing"); return $editPageContent; }
  117. $helptext .="<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=6>Column Information of Table $tablename <br/><a href='./+edit&subaction=tablerows&tablename=$tablename'>View Rows</a> <a href='./+edit&subaction=listalltables'>View All Tables</a> </th></tr>";
  118. $helptext .="<tr><th>Column Name</th><th>Column Type</th><th>Maximum Length</th><th>Default Value</th><th>Not Null</th><th>Primary Key</th></tr></thead><tbody>";
  119. $query="SELECT * FROM '$tablename' LIMIT 1";
  120. $res=mysql_query($query);
  121. for($i=0;$i<mysql_num_fields($res);$i++)
  122. {
  123. $meta = mysql_fetch_field($res, $i);
  124. if (!$meta) {
  125. displayerror("Field information could not be retrieved");
  126. break;
  127. }
  128. $helptext.="<tr><td>{$meta->name}</td><td>{$meta->type}</td><td>{$meta->max_length}</td><td>{$meta->def}</td><td>{$meta->not_null}</td><td>{$meta->primary_key}</td></tr>";
  129. }
  130. $helptext .="</tbody></table>";
  131. }
  132. global $urlRequestRoot,$cmsFolder,$STARTSCRIPTS;
  133. $smarttable = smarttable::render(array('sqlhelptable'),null);
  134. $STARTSCRIPTS .= "initSmartTable();";
  135. global $ICONS;
  136. if($helptext!="") $helptext="<fieldset><legend>{$ICONS['Database Information']['small']}Database Information</legend>$smarttable $helptext</fieldset>";
  137. return $helptext.$editPageContent;
  138. }
  139. private function getQueryEditForm($pageTitle = '', $sqlQuery = '', $useParams = false) {
  140. if(!$useParams) {
  141. $defaultValueQuery = 'SELECT `sqlquery_title`, `sqlquery_query` FROM `sqlquery_desc` WHERE `page_modulecomponentid` = \'' . $this->moduleComponentId."'";
  142. $defaultValueResult = mysql_query($defaultValueQuery);
  143. if(!$defaultValueResult) {
  144. displayerror('Error. Could not retrieve data for the page requested.');
  145. return '';
  146. }
  147. $defaultValueRow = mysql_fetch_row($defaultValueResult);
  148. if(!$defaultValueRow) {
  149. displayerror('Error. Could not retrieve data for the page requested.');
  150. return '';
  151. }
  152. $pageTitle = $defaultValueRow[0];
  153. $sqlQuery = $defaultValueRow[1];
  154. }
  155. global $ICONS;
  156. $dbname=MYSQL_DATABASE;
  157. $dbprefix=MYSQL_DATABASE_PREFIX;
  158. $queryEditForm = <<<QUERYEDITFORM
  159. <fieldset><legend>{$ICONS['SQL Query']['small']}Custom SQL Query</legend>
  160. <form method="POST" action="./+edit">
  161. <table>
  162. <tr><td>Page Title:</td><td><input id="pagetitle" name="pagetitle" type="text" value="$pageTitle" /></td></tr>
  163. <tr><td>SQL Query:</td><td><textarea id="sqlquery" name="sqlquery" rows="8" cols="50">$sqlQuery</textarea></td></tr>
  164. </table>
  165. <input type="submit" name="btnSubmitQueryData" value="Save Changes" />
  166. <input type="submit" name="btnPreviewResults" value="Preview Result Page" />
  167. <br/>Need help ? Use the Database Information form below.
  168. </form>
  169. </fieldset>
  170. <fieldset>
  171. <legend>{$ICONS['Database Information']['small']} Database Information</legend>
  172. <table style="width:100%">
  173. <form method="POST" action="./+edit" >
  174. <tr><td>Database Name</td><td>$dbname</td></tr>
  175. <tr><td>Tables Prefix</td><td>$dbprefix</td></tr>
  176. <tr><td colspan="2"><input style="width:100%" type="submit" name="btnListTables" value="List All Tables"/></td></tr>
  177. <tr><td>Enter a Table Name </td><td><input type="text" name="tablename"/></td>
  178. <tr><td><input type="submit" name="btnListRows" value="View Rows Information"/></td><td><input type="submit" name="btnListColumns" value="View Columns Information"/></td></tr>
  179. </table>
  180. </form>
  181. </fieldset>
  182. QUERYEDITFORM;
  183. return $queryEditForm;
  184. }
  185. private function generatePageData($sqlQuery) {
  186. $sqlQuery = $sqlQuery;
  187. $result = mysql_query($sqlQuery);
  188. if(!$result) {
  189. return 'Error. The query used to generate this page is invalid. <a href="./+edit">Click here</a> to change the default query.<br />';
  190. }
  191. $pageContent = '<table>';
  192. $pageContent .= "<tr>\n";
  193. $fieldCount = mysql_num_fields($result);
  194. for($i = 0; $i < $fieldCount; $i++) {
  195. $pageContent .= "<th>" . mysql_field_name($result, $i) . "</th>";
  196. }
  197. $pageContent .= "</tr>\n";
  198. while($resultrow = mysql_fetch_row($result))
  199. $pageContent .= "<tr><td>" . implode('</td><td>', $resultrow) . "</td></tr>\n";
  200. $pageContent .= "</table>\n";
  201. return $pageContent;
  202. }
  203. private function saveQueryEditForm($pageTitle, $sqlQuery) {
  204. $updateQuery = "UPDATE `sqlquery_desc` SET `sqlquery_title` = '$pageTitle', `sqlquery_query` = '$sqlQuery' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'";
  205. $updateResult = mysql_query($updateQuery);
  206. if(!$updateResult) {
  207. displayerror('SQL Error. Could not update database settings.');
  208. return false;
  209. }
  210. return true;
  211. }
  212. public function deleteModule($moduleComponentId) {
  213. return true;
  214. }
  215. public function copyModule($moduleComponentId,$newId) {
  216. return true;
  217. }
  218. public function createModule($compId) {
  219. $insertQuery = "INSERT INTO `sqlquery_desc`(`page_modulecomponentid`, `sqlquery_title`, `sqlquery_query`) VALUES('$compId', 'New Query', 'SELECT * FROM `mytable` WHERE 1')";
  220. $insertResult = mysql_query($insertQuery);
  221. }
  222. }