-
-
Notifications
You must be signed in to change notification settings - Fork 531
/
datatable.item_edition.php
155 lines (132 loc) · 4.93 KB
/
datatable.item_edition.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
/**
* @file datatable.item_edition.php
* @author Nils Laumaillé
* @version 2.1.19
* @copyright (c) 2009-2014 Nils Laumaillé
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
require_once('../sessions.php');
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
die('Hacking attempt...');
}
require_once $_SESSION['settings']['cpassman_dir'].'/sources/SplClassLoader.php';
global $k, $settings;
include $_SESSION['settings']['cpassman_dir'].'/includes/settings.php';
header("Content-type: text/html; charset=utf-8");
//Connect to DB
$db = new SplClassLoader('Database\Core', '../../includes/libraries');
$db->register();
$db = new Database\Core\DbCore($server, $user, $pass, $database, $pre);
$db->connect();
//Columns name
$aColumns = array('e.timestamp', 'u.login', 'i.label', 'u.name', 'u.lastname');
$aSortTypes = array('ASC', 'DESC');
//init SQL variables
$sOrder = $sLimit = $sWhere = "";
/* BUILD QUERY */
//Paging
$sLimit = "";
if (isset($_GET['iDisplayStart']) && $_GET['iDisplayLength'] != '-1') {
$sLimit = "LIMIT ". filter_var($_GET['iDisplayStart'], FILTER_SANITIZE_NUMBER_INT) .", ". filter_var($_GET['iDisplayLength'], FILTER_SANITIZE_NUMBER_INT)."";
}
//Ordering
if (isset($_GET['iSortCol_0']) && in_array($_GET['iSortCol_0'], $aSortTypes)) {
$sOrder = "ORDER BY ";
/*
for ($i=0; $i<intval($_GET['iSortingCols']); $i++) {
if ($_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true") {
$sOrder .= $aColumns[ intval(mysql_real_escape_string($_GET['iSortCol_'.$i])) ]."
".mysql_real_escape_string($_GET['sSortDir_'.$i]) .", ";
}
}
*/
for ($i=0; $i<intval($_GET['iSortingCols']); $i++) {
if (
$_GET[ 'bSortable_'.filter_var($_GET['iSortCol_'.$i], FILTER_SANITIZE_NUMBER_INT)] == "true" &&
preg_match("#^(asc|desc)\$#i", $_GET['sSortDir_'.$i])
) {
$sOrder .= "".$aColumns[ filter_var($_GET['iSortCol_'.$i], FILTER_SANITIZE_NUMBER_INT) ]." "
.mysql_real_escape_string($_GET['sSortDir_'.$i]) .", ";
}
}
$sOrder = substr_replace($sOrder, "", -2);
if ($sOrder == "ORDER BY") {
$sOrder = "";
}
}
/*
* Filtering
* NOTE this does not match the built-in DataTables filtering which does it
* word by word on any field. It's possible to do here, but concerned about efficiency
* on very large tables, and MySQL's regex functionality is very limited
*/
if ($_GET['sSearch'] != "") {
$sWhere = " WHERE (";
for ($i=0; $i<count($aColumns); $i++) {
}
$sWhere = substr_replace($sWhere, "", -3).") ";
}
$sql = "SELECT e.timestamp,e.item_id, e.user_id, u.login, u.name, u.lastname, i.label
FROM ".$pre."items_edition AS e
INNER JOIN ".$pre."items as i ON (e.item_id=i.id)
INNER JOIN ".$pre."users as u ON (e.user_id=u.id)
$sWhere
$sOrder
$sLimit";
$rResult = mysql_query($sql) or die(mysql_error()." ; ".$sql);
/* Data set length after filtering */
$sql_f = "
SELECT FOUND_ROWS()
";
$rResultFilterTotal = mysql_query($sql_f) or die(mysql_error());
$aResultFilterTotal = mysql_fetch_array($rResultFilterTotal);
$iFilteredTotal = $aResultFilterTotal[0];
/* Total data set length */
$sql_c = "
SELECT COUNT(timestamp)
FROM ".$pre."items_edition
";
$rResultTotal = mysql_query($sql_c) or die(mysql_error());
$aResultTotal = mysql_fetch_array($rResultTotal);
$iTotal = $aResultTotal[0];
/*
* Output
*/
$sOutput = '{';
$sOutput .= '"sEcho": '.intval($_GET['sEcho']).', ';
$sOutput .= '"iTotalRecords": '.$iTotal.', ';
$sOutput .= '"iTotalDisplayRecords": '.$iFilteredTotal.', ';
$sOutput .= '"aaData": [ ';
$rows = $db->fetchAllArray($sql);
foreach ($rows as $reccord) {
$get_item_in_list = true;
$sOutput_item = "[";
//col1
$sOutput_item .= '"<img src=\"includes/images/delete.png\" onClick=\"killEntry(\'items_edited\', '.$reccord['item_id'].')\" style=\"cursor:pointer;\" />", ';
//col2
$time_diff = intval(time() - $reccord['timestamp']);
$hoursDiff = round($time_diff / 3600, 0, PHP_ROUND_HALF_DOWN);
$minutesDiffRemainder = floor($time_diff % 3600 / 60);
$sOutput_item .= '"'.$hoursDiff . "h " . $minutesDiffRemainder . "m".'", ';
//col3
$sOutput_item .= '"'.htmlspecialchars(stripslashes($reccord['name']), ENT_QUOTES).' '.htmlspecialchars(stripslashes($reccord['lastname']), ENT_QUOTES).' ['.htmlspecialchars(stripslashes($reccord['login']), ENT_QUOTES).']", ';
//col5 - TAGS
$sOutput_item .= '"'.htmlspecialchars(stripslashes($reccord['label']), ENT_QUOTES).'"';
//Finish the line
$sOutput_item .= '], ';
if ($get_item_in_list == true) {
$sOutput .= $sOutput_item;
}
}
if ($iFilteredTotal > 0) {
$sOutput = substr_replace($sOutput, "", -2);
}
$sOutput .= '] }';
echo $sOutput;