debug(DBG_TRACE, 'close'); if ($this->link && !mysql_ping($this->link)) { mysql_close($this->link); } $this->link = NULL; } function connect() { $this->debug(DBG_TRACE, 'connect()'); if (!$this->host || !$this->user || !$this->passwd) { $this->debug(DBG_ERR, 'DbConnection->link(): not initialized'); return; } $this->link = mysql_connect($this->host, $this->user, $this->passwd); if ($this->link) { mysql_select_db($this->db, $this->link); } else { $this->debug(DBG_ERR, 'Failed to connect to database'); } } function DbConnection($host, $user, $passwd, $db) { $this->Base(); $this->dbgcat = 'dbc'; $this->debug(DBG_TRACE, 'DbConnection('.(string)$host.', '.(string)$user.', ' .(string)$passwd.', '.(string)$db.')'); $this->host = $host; $this->user = $user; $this->passwd = $passwd; $this->db = $db; $this->connect(); register_shutdown_function(array($this, 'close')); } function link() { $this->debug(DBG_TRACE, 'link()'); if (!$this->link || !mysql_ping($this->link)) { $this->connect(); } if (!$this->link) { $this->debug(DBG_ERR, 'No mysql link'); } return ($this->link); } } ?>dbread = new DbConnection( sql_db_host, sql_db_read_user, sql_db_passwd, sql_db_name ); } function Session() { $salt = mt_rand(); $this->cookie = (string)sha1((string)$salt.(string)time().cookie_key); if (!setcookie('ylauth', $this->cookie, time()+86400, '/')) { echo('Failed to set cookie: '.$this->cookie); } $this->Base(); $this->dbgcat = 'ses'; $this->debug(DBG_TRACE, 'Session()'); $this->dbread = new DbConnection( sql_db_host, sql_db_read_user, sql_db_read_passwd, sql_db_name ); } function uri() { $this->debug(DBG_TRACE, 'uri()'); $uri = split('\?', $_SERVER['REQUEST_URI'], 2); return $uri[0]; } function uriarr() { $arr = split('\?', $_SERVER['REQUEST_URI'], 2); $ret = array($arr[0]); if (count($arr) > 1) { $argarr = split('&', $arr[1]); foreach($argarr as $arg) { $tmp = split('=', $arg, 2); if (count($tmp) == 2) { $ret[] = array('name'=>$tmp[0], 'value'=>$tmp[1]); } else { $ret[] = array('name'=>$tmp[0]); } } } return $ret; } function logout() { $this->debug(DBG_TRACE, 'logout()'); $this->kayttaja = NULL; if ($this->dbwrite) { $this->dbwrite->close(); $this->dbwrite = NULL; } $this->rights = NULL; $this->expiration = NULL; } function loggedin() { $this->debug(DBG_TRACE, 'loggedin()'); return ($this->kayttaja != NULL); } function uid() { if ($this->kayttaja) { return ($this->kayttaja['id']); } return (NULL); } function set_rights($rset) { $r = preg_split('/,/', $rset); $this->rights = array(); while (($val = array_pop($r))) { $this->rights[$val] = TRUE; } } function check_right($right) { if (isset($this->rights[$right])) { return ($this->rights[$right]); } return (FALSE); } function hash($tunnus, $salasana) { return ((string)sha1($tunnus.$salasana)); } function login($tunnus, $salasana) { $this->debug(DBG_TRACE, 'login('.(string)$tunnus.', '.(string)$salasana.')'); $q = new Query($this->dbread); $hash = $this->hash($tunnus, $salasana); $q->add_parm('@tunnus', $tunnus); $q->add_parm('@salasana', $hash); $res = $q->exec( "select * from kayttaja where tunnus = '@tunnus' and " ."salasana = '@salasana'" ); if ($res) { $this->kayttaja = $q->fetch_array(); $this->debug(DBG_DBG, 'oik: '.$this->kayttaja['oikeudet']); $q->free_result(); $this->set_rights($this->kayttaja['oikeudet']); if ($this->kayttaja) { if ($this->check_right('admusr') || $this->check_right('admclnt') || $this->check_right('admtoimiala') ) { $this->dbwrite = new DbConnection( sql_db_host, sql_db_write_user, sql_db_write_passwd, sql_db_name ); } $this->expiration = time() + session_life; } } } function lockfilepath() { global $path; return $path.(string)DIRECTORY_SEPARATOR.'test' .(string)DIRECTORY_SEPARATOR.'lock'; } /* A bit of rudimentary locking, which is not really safe, but should be sufficient for static page generation */ function lock($wait = FALSE) { $t = time(); $p = $this->lockfilepath(); while (file_exists($p)) { if (!$wait) { $this->debug(DBG_TRC, 'lock failed: already locked'); return (false); } sleep(1); } $lockfile = fopen($p, 'w+'); if (!$lockfile) { $this->debug(DBG_TRC, 'lock failed: could not create file'); return (false); } fwrite($lockfile, strftime('%Y-%m-%d %H:%M:%S', time())); fclose($lockfile); $this->debug(DBG_TRC, 'Acquired lock'); return (true); } function unlock() { $p = $this->lockfilepath(); if (!file_exists($p)) { $this->debug(DBG_WARN, 'Unlock, when lock file does not exist.'); return (false); } unlink($p); $this->debug(DBG_TRC, 'Unlocked'); return (true); } } session_name('yrityslinkki'); session_start(); //$session = NULL; if (isset($_SESSION[ses_var_name])) { $s = $_SESSION[ses_var_name]; $oldcookie=$s->cookie; } else { $oldcookie = ''; } if (isset($_SESSION[ses_var_name]) && isset($_COOKIE['ylauth']) && 0 == strcmp($_SESSION[ses_var_name]->cookie, $_COOKIE['ylauth']) ) { $session = $_SESSION[ses_var_name]; } else { $session = new Session(); dbg('ses', DBG_DBG, 'Allocated a session'); } if (isset($_SESSION[ses_var_name])) { dbg('ses', DBG_DBG, 'We have a session'); } if (isset($_COOKIE['ylauth'])) { dbg('ses', DBG_DBG, 'ylauth: '.$_COOKIE['ylauth']); } if ($session->loggedin()) { dbg('ses', DBG_DBG, 'We are logged in'); } if ($session->cookie) { dbg('ses', DBG_DBG, 'session->cookie: '.$session->cookie); } dbg('ses', DBG_DBG, 'old cookie: '.$oldcookie); if ($session->loggedin()) { if ($session->expiration > time()) { $session->expiration = time() + session_life; $_SESSION[ses_var_name] = $session; } else { $session->logout(); $_SESSION[ses_var_name] = $session; } } function strip_post($str) { $str = stripslashes($str); return ($str); } // Helper function getpost($name, $default) { global $_POST; if (isset($_POST[$name])) { // echo("getpost(\"$name\", \"$default\") = ".strip_post($_POST[$name])); return (strip_post($_POST[$name])); } else { // echo("getpost(\"$name\", \"$default\") = ".$default); return ($default); } } function getget($name, $default) { global $_GET; if (isset($_GET[$name])) { return(strip_post(rawurldecode($_GET[$name]))); } else { return ($default); } } $righttable = array( array('abr'=>'u', 'name'=>'admusr', 'desc'=>'Käyttäjätietojen hallinta'), array('abr'=>'y', 'name'=>'admclnt', 'desc'=>'Yritystietojen hallinta'), array('abr'=>'r', 'name'=>'report', 'desc'=>'Raportointi'), array('abr'=>'m', 'name'=>'admads', 'desc'=>'Mainosten hallinta'), array('abr'=>'t', 'name'=>'admtoimiala', 'desc'=>'Toimialojen hallinta'), ); $uri = $session->uri(); ?>'.$txt.''); } function cursive($txt) { return (''.$txt.''); } function pheader($txt) { echo(bold($txt)."\n"); } function table($attributes, $content) { return ''.$content."
\n"; } function tr($attributes, $content) { return (''.$content."\n"); } function td($attributes, $content) { return (''.$content."\n"); } function form($attributes, $content) { return ('
'.$content."
\n"); } function input($attributes) { return ('\n"); } function button($attributes, $content) { return ('\n"); } function textarea($attributes, $content) { return ('\n"); } function select($attributes, $content) { return ('\n"); } function option($attributes, $content) { return ('\n"); } function alink($href, $extra_attributes, $content) { return (''.$content.''); } function select_type($name, $title, $extra_attributes, $selected) { global $CALANGUAGE; if ($selected == 'admin') { $field_op1 = option('value=admin selected', $CALANGUAGE['admin.type.admin']); $field_op2 = option('value=user', $CALANGUAGE['admin.type.user']); } else { $field_op1 = option('value=admin', $CALANGUAGE['admin.type.admin']); $field_op2 = option('value=user selected', $CALANGUAGE['admin.type.user']); } return (select('name='.$name.' title=\"'.$title.'\"', $field_op1.$field_op2)); } // Return a string made sefe for displaying in a html page function userstring($string) { // $s = str_replace("&", "&:"); // $k = array("<", ">", "(", ")", "#"); // $v = array("<", ">", "(", ")", "#"); // return (str_replace($k, $v, $string)); return (htmlentities($string)); } function editstring($string) { $k = array("\""); $v = array("\\\""); return (str_replace($k, $v, userstring($string))); } // Return a string made safe for using as a link anchor function uristring($string) { $k = array("\""); $v = array("\\\""); return (str_replace($k, $v, $string)); } function exturistring($string) { $s = uristring($string); if (0 != strncasecmp($string, 'http://', 7)) { $s = 'http://'.$s; } return ($s); } function userstr_fromarr($name, $arr) { if (isset($arr[$name])) { return (userstring($arr[$name])); } else { return (''); } } function str_fromarr($name, $arr) { if (isset($arr[$name])) { return ($arr[$name]); } else { return (''); } } function yerror($str) { return ('
'.$str."
\n"); } function ywarn($str) { return ('
'.$str."
\n"); } function yresultmsg($str) { return ('
'.$str."
\n"); } function yecho($str) { echo($str); } function ybluebar($str) { return (table('class=result '.pg_width, tr('class=searchhdr', td('class=searchhdr', $str)))); } /* Make a string containing all values in array $arr, separated by $sep */ function array2string($arr, $sep) { $str = ''; foreach($arr as $i) { if (strlen($str) > 0) { $str = $str.$sep; } $str = $str.$i; } return ($str); } function metastring($string) { return (htmlspecialchars($string)); } function localurl($string) { return(site_root.'/'.$string); } function fulllocalurl($string) { return (site_url.localurl($string)); } ?>Base(); $this->dbgcat = 'sql'; $this->debug(DBG_TRACE, 'Query('.get_class($dbc).'['.$dbc->id.'])['.$this->id.']'); $this->dbc = $dbc; register_shutdown_function(array($this, 'free_result')); } function add_parm($key, $val, $type='string') { $this->debug(DBG_TRACE, 'add_parm('.(string)$key.', '.(string)$val.')'); $this->parms[$key] = $val; } function exec($query=NULL) { if (!$query && isset($this->query)) { $query = $this->qyery; } $this->debug(DBG_TRACE, 'exec('.(string)$query.')'); if (!$query) { return (NULL); } $link = $this->dbc->link(); if ($this->parms) { $src = array_keys($this->parms); $trgt = array_values($this->parms); array_walk($trgt, 'array_safe'); $q = str_replace($src, $trgt, $query); } else { $this->debug(DBG_TRACE, 'No parms'); $q = $query; } $result = mysql_query($q, $link); $res = is_resource($result); if ($res) { $rows = mysql_num_rows($result); } else { $rows = 0; } if (!$result) { $this->debug(DBG_DBG, 'QUERY: '.$q); $this->debug(DBG_ERR, 'Query Failed: (' .(string)mysql_errno($link).') '.mysql_error($link)); } else { $this->debug(DBG_DBG, "QUERY '".$q."'"); $this->debug(DBG_DBG, 'QUERY result: ' .(string)mysql_affected_rows($link).' rows affected ' .($res ? (string)$rows : 0) .' rows selected'); } if ($res) { $this->free_result(); $this->result = $result; } if ($result) { return (TRUE); } return (FALSE); } function fetch_assoc() { if ($this->result) { return (mysql_fetch_assoc($this->result)); } return (NULL); } function fetch_array() { if ($this->result) { return (mysql_fetch_array($this->result)); } return (NULL); } function free_result() { if ($this->result) { @mysql_free_result($this->result); $this->result = NULL; } } function get_insert_id() { $link = $this->dbc->link(); $res = mysql_query('select last_insert_id() as id', $link); if ($res) { $t = mysql_fetch_assoc($res); if ($t) { mysql_free_result($res); return ($t['id']); } mysql_free_result($res); } $this->debug(DBG_ERR, 'Failed to get insert id: (' .(string)mysql_errno($link).') '.mysql_error($link)); return (NULL); } function num_rows() { if ($this->result) { return (mysql_num_rows($this->result)); } return (0); } } ?>