--- nfo/site/htdocs/inc/cms/cms.php.inc 2004/09/10 21:40:59 1.6 +++ nfo/site/htdocs/inc/cms/cms.php.inc 2004/09/18 19:20:29 1.7 @@ -4,7 +4,7 @@ --- Content management functions include file. -------------------------------------------------------------------------------- --- rabit, 01:04 27.08.2004 ---- $Id: cms.php.inc,v 1.6 2004/09/10 21:40:59 rabit Exp $ +--- $Id: cms.php.inc,v 1.7 2004/09/18 19:20:29 rabit Exp $ ------------------------------------------------------------------------------*/ //---------------------------------------------------------- @@ -129,13 +129,19 @@ cms_preparsenqlquery($nqlquery, $preparseresponse); - $subsegcount = $preparseresponse[0]['subsegmentcount']; + $subsegcount = count($preparseresponse[1]);//['subsegmentcount']; $querydata = array( - 'query' => $preparseresponse[0]['formattednql'], + 'count' => '', + 'fieldlist' => array(), + 'first' => '', + 'get_what' => '', + 'locked' => '', 'operation' => '', - 'getwhat' => '', - 'source' => '' + 'orderby' => '', + 'query' => $preparseresponse[0]['formattednql'], + 'source' => '', + 'with' => array(), ); if(!$querydata['query']) { @@ -146,7 +152,15 @@ } $subseg = 0; - $querydata['operation'] = $preparseresponse[1][$subseg++][0]; + $querydata['operation'] = $preparseresponse[1][$subseg][0]; + $pcount = count($preparseresponse[1][$subseg++]); + + if($pcount != 1) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } if(isset($operations[$querydata['operation']])) { @@ -171,6 +185,7 @@ case 0: // "GET" $fieldlist = $preparseresponse[1][$subseg++]; + $pcount = count($fieldlist); if($subseg == $subsegcount) { @@ -179,15 +194,22 @@ } - $querydata['getwhat'] = $fieldlist[0]; + $querydata['get_what'] = $fieldlist[0]; $querydata['fieldlist'] = array(); - switch($querydata['getwhat']) { + switch($querydata['get_what']) { case 'COUNT': case 'FIELDNAMES': case '*': + if($pcount != 1) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } + break; case 'FROM': @@ -197,14 +219,13 @@ default: - $querydata['fieldlist'] = $fieldlist;//$querydata['getwhat']; - $querydata['getwhat'] = 'FIELD'; -// $querydata['fieldlist'] = $preparseresponse[1][$subseg++]; + $querydata['fieldlist'] = $fieldlist; + $querydata['get_what'] = 'FIELD'; } -//else $querydata['getwhat'] = 'FIELD'; - $from = $preparseresponse[1][$subseg++][0]; + $from = $preparseresponse[1][$subseg][0]; + $pcount = count($preparseresponse[1][$subseg++]); if($from != 'FROM') { @@ -213,6 +234,13 @@ } + if($pcount != 1) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } + if($subseg == $subsegcount) { $response = cms_create_response('no_source', null, null, $querydata); @@ -220,12 +248,21 @@ } - $querydata['source'] = $preparseresponse[1][$subseg++][0]; + $querydata['source'] = $preparseresponse[1][$subseg][0]; + $pcount = count($preparseresponse[1][$subseg++]); + + if($pcount != 1) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } if(isset($cms_sources[$querydata['source']])) { $sourcedata = $cms_sources[$querydata['source']]; - $sourceindex = $sourcedata['index']; +// $sourceindex = $sourcedata['index']; + $sourcefields = $sourcedata['fields']; } else { @@ -234,12 +271,202 @@ } - if($querydata['getwhat'] == 'FIELDNAMES' || $querydata['getwhat'] == '*') { + if($querydata['get_what'] == 'FIELDNAMES' || $querydata['get_what'] == '*') { $querydata['fieldlist'] = array_keys($sourcedata['fields']); } +$getparamdata = array( + 'WITH' => '', + 'FIRST' => '', + 'COUNT' => '', + 'ORDERBY' => '', + 'LOCKED' => '', +); +//$getparams = array_keys($getparamdata); + + $currentparam = 0; + $paramdata = $getparamdata; + + while($subseg < $subsegcount) { + + $segment = $preparseresponse[1][$subseg++]; + $pcount = count($segment); + $param = $segment[0]; + + if($pcount != 1) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } + + if(!isset($paramdata[$param])) { + + $response = cms_create_response('illegal_param', null, null, $querydata); + return false; + + } else if($paramdata[$param]) { + + $response = cms_create_response('double_param', null, null, $querydata); + return false; + + } + + $paramdata[$param] = true; + + switch($param) { + + case 'COUNT': + + if($subseg == $subsegcount) { + + $response = cms_create_response('param_value', null, null, $querydata); + return false; + + } + + if($subseg == $subsegcount) { + + $response = cms_create_response('param_value', null, null, $querydata); + return false; + + } + + $segment = $preparseresponse[1][$subseg++]; + $pcount = count($segment); + $count = $segment[0]; + + if($pcount != 1 || !is_numeric($count)) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } + + $querydata['count'] = $count; + + break; + + case 'FIRST': + + if($subseg == $subsegcount) { + + $response = cms_create_response('param_value', null, null, $querydata); + return false; + + } + + if($subseg == $subsegcount) { + + $response = cms_create_response('param_value', null, null, $querydata); + return false; + + } + + $segment = $preparseresponse[1][$subseg++]; + $pcount = count($segment); + $first = $segment[0]; + + if($pcount != 1 || !is_numeric($first)) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } + + $querydata['first'] = $first; + + break; + + case 'LOCKED': + + $querydata['locked'] = true; + + if($querydata['get_what'] == 'COUNT' || $querydata['get_what'] == 'FIELDNAMES') { + + $response = cms_create_response('locked', null, null, $querydata); + return false; + + } + + break; + + case 'ORDERBY': + + if($subseg == $subsegcount) { + + $response = cms_create_response('param_value', null, null, $querydata); + return false; + + } + + $segment = $preparseresponse[1][$subseg++]; + $pcount = count($segment); + $fieldname = $segment[0]; + + if($pcount != 1) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } + + if(!isset($sourcefields[$fieldname])) { + + $response = cms_create_response('illegal_field', null, null, $querydata); + return false; + + } + + $querydata['orderby'] = $fieldname; + + break; + + case 'WITH': + + if($subseg == $subsegcount) { + + $response = cms_create_response('param_value', null, null, $querydata); + return false; + + } + + $segment = $preparseresponse[1][$subseg++]; + $pcount = count($segment); + $fieldname = $segment[0]; + + if($pcount != 1) { + + $response = cms_create_response('syntax', null, null, $querydata); + return false; + + } + + if(!isset($sourcefields[$fieldname])) { + + $response = cms_create_response('illegal_field', null, null, $querydata); + return false; + + } + + if($subseg == $subsegcount) { + + $response = cms_create_response('param_value', null, null, $querydata); + return false; + + } + + $fieldvalues = $preparseresponse[1][$subseg++]; + array_push($querydata['with'], array($fieldname, $fieldvalues)); + + break; + + } + + } + return cms_perform_get($querydata, $response); } @@ -271,13 +498,13 @@ $resultlist = array(); - if($querydata['getwhat'] == 'COUNT') { + if($querydata['get_what'] == 'COUNT') { $fieldnamelist = array('COUNT'); } - if($querydata['getwhat'] == 'FIELDNAMES') { + if($querydata['get_what'] == 'FIELDNAMES') { $resultlist = null; @@ -285,7 +512,7 @@ case 'SOURCES': - if($querydata['getwhat'] == 'COUNT') { + if($querydata['get_what'] == 'COUNT') { $resultlist[0][0] = count($cms_sources); break; @@ -315,13 +542,38 @@ // By default the db is used as data source: default: - if($querydata['getwhat'] == 'COUNT') { + if($querydata['get_what'] == 'COUNT') { $fieldnames = 'COUNT(id)'; } - $sql = 'SELECT ' . $fieldnames . ' FROM ' . $querydata['source'] . ';'; + $limit = ( + (($querydata['count'] > 0) || ($querydata['first'] != '')) ? + ' LIMIT ' . ($querydata['first'] > 0 ? $querydata['first'] - 1 : 0) . ',' . + ($querydata['count'] > 0 ? $querydata['count'] : -1) : ''); + + $order = ( + $querydata['orderby'] != '' ? ' ORDER BY ' . $querydata['orderby'] . ' DESC' : ''); + + $where = ''; + + while(list($i, $item) = each($querydata['with'])) { + + $values = $item[1]; + + while(list($j, $value) = each($values)) + $where .= ($j ? ' OR' : '') . ' ' . $item[0] . '=\'' . $value . '\''; + + } + + if($where) $where = ' WHERE' . $where; + + $sql = 'SELECT ' . $fieldnames . ' FROM ' . $querydata['source'] . + $where . $order . $limit . ';'; + + #echo $sql; + $res = common_dbc_query($sql); //if(!$res) ... @@ -399,7 +651,7 @@ array( 'formattednql' => $formattednql, - 'subsegmentcount' => $i, +// 'subsegmentcount' => $i, 'sublistcount' => $listcount ), @@ -411,7 +663,8 @@ //---------------------------------------------------------- -function cms_create_response($errorkey, $resultlist, $columnnames, $querydata) { +function cms_create_response( + $errorkey, $resultlist, $columnnames, $querydata) { //------------------ @@ -424,6 +677,9 @@ 'no_query' => array( $i++, 'Empty query', ), + 'syntax' => array( + $i++, 'Query syntax error', + ), 'illegal_op' => array( $i++, 'Illegal base operation', ), @@ -448,6 +704,18 @@ 'illegal_field' => array( $i++, 'Illegal field name for data source', ), + 'illegal_param' => array( + $i++, 'Illegal parameter name', + ), + 'double_param' => array( + $i++, 'Illegal double parameter', + ), + 'locked' => array( + $i++, 'Illegal use of LOCKED parameter', + ), + 'param_value' => array( + $i++, 'Parameter value missing', + ), ); //------------------ @@ -456,16 +724,16 @@ // Result information: 0 => array( + 'columncount' => count($columnnames), 'error' => $errors[$errorkey][0], 'errortext' => $errors[$errorkey][1], - 'columncount' => count($columnnames), -// 'firstrow' => $firstrow, - 'rowcount' => count($resultlist), - 'query' => $querydata['query'], + 'firstrow' => $querydata['first'], + 'get_what' => $querydata['get_what'], 'operation' => $querydata['operation'], - 'get_what' => $querydata['getwhat'], + 'query' => $querydata['query'], + 'rowcount' => count($resultlist), 'source' => $querydata['source'], -// 'all' => $querydata + 'all' => $querydata ), // Result list: