Restructure Reporter's Query Functionality. Mostly rewritten, much easier to use for other purposes (hint: coming soon). Still buggy, but we'll fix it as we go.

This commit is contained in:
robert%accettura.com 2005-10-26 03:27:17 +00:00
Родитель 886da04a8f
Коммит aa2b15431e
2 изменённых файлов: 27 добавлений и 296 удалений

Просмотреть файл

@ -38,9 +38,10 @@
require_once('../../config.inc.php'); require_once('../../config.inc.php');
require_once($config['base_path'].'/includes/iolib.inc.php'); require_once($config['base_path'].'/includes/iolib.inc.php');
require_once($config['base_path'].'/includes/contrib/adodb/adodb.inc.php'); require_once($config['base_path'].'/includes/db.inc.php');
require_once($config['base_path'].'/includes/contrib/smarty/libs/Smarty.class.php'); require_once($config['base_path'].'/includes/contrib/smarty/libs/Smarty.class.php');
require_once($config['base_path'].'/includes/security.inc.php'); require_once($config['base_path'].'/includes/security.inc.php');
require_once($config['base_path'].'/includes/query.inc.php');
// start the session // start the session
session_name('reportSessID'); session_name('reportSessID');
@ -51,309 +52,40 @@ printheaders();
$title = "Searching Results"; $title = "Searching Results";
$content = initializeTemplate(); $content = initializeTemplate();
// approved "selectable" fields
$approved_fields = array('count' /*special */, 'host_id', 'host_hostname', 'report_id', 'report_url', 'report_host_id', 'report_problem_type', 'report_description', 'report_behind_login', 'report_useragent', 'report_platform', 'report_oscpu', 'report_language', 'report_gecko', 'report_buildconfig', 'report_product', /* 'report_email', 'report_ip',*/ 'report_file_date');
// Ascending or Descending
if (strtolower($_GET['ascdesc']) == 'asc' || strtolower($_GET['ascdesc']) == 'asc'){
$ascdesc = $_GET['ascdesc'];
} else {
$ascdesc = 'desc';
}
// order by
if (!$_GET['orderby']){
$orderby = 'report_file_date';
} else {
$orderby = $_GET['orderby'];
}
if (!$_GET['show']){
$_GET['show'] = $config['show'];
}
// no more than 200 results per page
if (!$_GET['show'] > 200){
$_GET['show'] = 200;
}
if (!$_GET['page']){
$_GET['page'] = 1;
}
if (isset($_GET['count']) && $_GET['count'] == null){
$_GET['count'] = 'host_id';
}
// Open DB // Open DB
$db = NewADOConnection($config['db_dsn']); $db = NewADOConnection($config['db_dsn']);
if (!$db) die("Connection failed");
$db->SetFetchMode(ADODB_FETCH_ASSOC); $db->SetFetchMode(ADODB_FETCH_ASSOC);
// Initial selected array // DELETED
if ($_GET['selected'] && !isset($_GET['count'])){ $query = new query;
$selected = array(); $query_input = $query->getQueryInputs();
foreach($_GET['selected'] as $selectedChild){
$selected[$selectedChild] = $config['fields'][$selectedChild];
}
} else {
$selected = array('report_id' => 'Report ID', 'host_hostname' => 'Host');
}
if (isset($_GET['count'])){ $result = $query->doQuery($query_input['selected'],
$selected['count'] = 'Number'; $query_input['where'],
unset($selected['report_id']); $query_input['orderby'],
$query_input['ascdesc'],
$query_input['show'],
$query_input['page'],
$query_input['count']
);
$output = $query->outputHTML($result, $query_input);
// Hardcode host_id if (sizeof($output['data']) == 0){
$_GET['count'] = 'host_id'; // XXX we just hardcode this (just easier for now, and all people will be doing).
// XX NOTE: We don't escape count below because 'host_id' != `host_id`.
//Sort by
if ($orderby == 'report_file_date'){ //XXX this isn't ideal, but nobody will sort by date (pointless and not an option)
$orderby = 'count';
}
}
else {
$selected['report_file_date'] = "Date";
}
// Build SELECT clause of SQL
reset($selected);
while (list($key, $title) = each($selected)) {
if (in_array($key, $approved_fields)){
// we don't $db->quote here since unless it's in our approved array (exactly), we drop it anyway. i.e. report_id is on our list, 'report_id' is not.
// we sanitize on our own
if ($key == 'count'){
$sql_select .= 'COUNT( '.$_GET['count'].' ) AS count';
} else {
$sql_select .= $key;
}
$sql_select .= ',';
} else {
// silently drop those not in approved array
unset($selected[$key]);
}
}
$sql_select = substr($sql_select, 0, -1);
if (isset($_GET['count'])){
$group_by = 'GROUP BY '.$_GET['count'];
}
// Build the Where clause of the SQL
if (isset($_GET['submit_reportID'])){
$sql_where = 'report_id = '.$db->quote($_GET['report_id']).' ';
$sql_where .= 'AND host.host_id = report_host_id';
}
else if ($_GET['submit_query']){
reset($_GET);
while (list($param, $val) = each($_GET)) {
// To help prevent stupidity with params, we only add it to the WHERE statement if it's passes as a param we allow
if (
($param == 'report_description') ||
($param == 'host_hostname') ||
($param == 'report_problem_type') ||
($param == 'report_behind_login') ||
($param == 'report_useragent') ||
($param == 'report_gecko') ||
($param == 'report_language') ||
($param == 'report_platform') ||
($param == 'report_oscpu') ||
($param == 'report_product')){
// there sare our various ways of saying "no value"
if (($val != -1) && ($val != null) && ($val != '0')){
// if there's a wildcard (%,_) we should use 'LIKE', otherwise '='
// XX-> strpos returns 0 if the first char is % or _, so we just pad it with a 'x' to force it to do so... harmless hack
if ((strpos('x'.$val, "%") == false) && (strpos('x'.$val, "_") == false)){
$operator = "=";
} else {
$operator = "LIKE";
}
// Add to query
if (in_array($param, $approved_fields)){
$sql_where .= $param." ".$operator." ".$db->quote($val)." AND ";
}
}
}
}
// we do the datetime stuff outside the loop, so it doesn't get fubar
// if the user didn't delete the default YYYY-MM-DD mask, we do it for them
if ($_GET['report_file_date_start'] == 'YYYY-MM-DD'){
$_GET['report_file_date_start'] = null;
}
if ($_GET['report_file_date_end'] == 'YYYY-MM-DD'){
$_GET['report_file_date_end'] = null;
}
if (($_GET['report_file_date_start'] != null) || ($_GET['report_file_date_end'] != null)){
// if we have both, we do a BETWEEN
if ($_GET['report_file_date_start'] && $_GET['report_file_date_end']){
$sql_where .= "(report_file_date BETWEEN ".$db->quote($_GET['report_file_date_start'])." and ".$db->quote($_GET['report_file_date_end']).") AND ";
}
// if we have only a start, then we do a >
else if ($_GET['report_file_date_start']){
$sql_where .= "report_file_date > ".$db->quote($_GET['report_file_date_start'])." AND ";
}
// if we have only a end, we do a <
else if ($_GET['report_file_date_end']){
$sql_where .= "report_file_date < ".$db->quote($_GET['report_file_date_end'])." AND ";
}
}
$sql_where .= 'host.host_id = report_host_id AND ';
$sql_where = substr($sql_where, 0, -5);
if ($orderby != 'report_file_date'){
$subOrder = ', report.report_file_date DESC';
}
} else {
$content->assign('error', 'No Query');
displayPage($content, 'query.tpl');
exit;
}
// Security note: we quote() $select as we generate it above (escape each $key), so it would be redundant to do so here.
// Not to mention it would break things
/* SelectLimit isn't bad, but there's no documentation on getting it to use ASC rather than DESC... to investigate */
$start = ($_GET['page']-1)*$_GET['show'];
$sql = "SELECT $sql_select
FROM `report`, `host`
WHERE $sql_where
$group_by
ORDER BY ".$db->quote($orderby)." ".$ascdesc.$subOrder;
$query = $db->SelectLimit($sql,$_GET['show'],$start,$inputarr=false);
$numresults = $query->RecordCount();
// If we have a full page worth of results in our data set, count how many total
// so we can paginate. Only do this if $page >= 1 as well.
if ($numresults >= $_GET['show'] || $_GET['page'] >= 1){
if (isset($_GET['count'])){
// REASON WHY PAGINATION IS BROKE ON count queries
$trq = $db->Execute("SELECT COUNT(*), $sql_select
FROM `report`, `host`
WHERE $sql_where
$group_by");
$totalresults = $trq->RecordCount();
} else {
$trq = $db->Execute("SELECT COUNT(*)
FROM `report`, `host`
WHERE $sql_where");
$totalresults = $trq->fields['COUNT(*)'];
}
}
// Continuity params
reset($_GET);
while (list($param, $val) = each($_GET)) {
if($param != 'page' && $param != 'ascdesc'){
if (is_array($val)){
$param_name = $param.'[]';
foreach($val as $valChild){
if (!is_numeric($valChild)){
$valChild = rawurlencode($valChild);
}
$continuity_params .= $param_name.'='.$valChild.'&amp;';
}
} else {
if (!is_numeric($val)){
$val = rawurlencode($val);
}
$continuity_params .= $param.'='.$val.'&amp;';
}
}
}
$continuity_page = $_GET['page'];
$continuity_ascdesc = $_GET['ascdesc'];
$continuity_params .= 'submit_query=Search';
if(isset($_GET['count'])){
$continuity_params .= '&amp;count=on';
}
$column = array();
reset($selected);
$columnCount = 0;
/******************
* Columns
*****************/
while (list($key, $title) = each($selected)) {
$column[$columnCount]['title'] = $title;
if ($key != 'report_id'){
$column[$columnCount]['url'] = $config['self'].'?orderby='.$key.'&amp;ascdesc=';
if ($orderby == $key) {
if ($ascdesc == 'asc'){
$column[$columnCount]['url'] .= 'desc';
}
else if ($ascdesc == 'desc'){
$column[$columnCount]['url'] .= 'asc';
}
} else {
$column[$columnCount]['url'] .= $ascdesc;
}
$column[$columnCount]['url'] .= '&amp;'.substr($continuity_params, 0, -1).'&amp;page='.$continuity_page;
}
$columnCount++;
}
$content->assign('column', $column);
if ($numresults < 1){
$content->assign('error', 'No Results found'); $content->assign('error', 'No Results found');
displayPage($content, 'query.tpl'); displayPage($content, 'query.tpl');
exit; exit;
} else {
/******************
* Rows
*****************/
$row = array();
for ($i=0; !$query->EOF; $i++) {
reset($selected);
$col = 0;
while (list($key, $title) = each($selected)) {
// For report_id we create a url, for anything else: just dump it to screen
if ($key == 'report_id'){
$row[$i][$col]['url'] = '/report/?report_id='.$query->fields[$key];
$row[$i][$col]['text'] = 'Report';
}
else if (substr($key, 0, 5) == "COUNT"){
$row[$i][$col]['text'] = $query->fields['count'];
} else {
if(($key == $_GET['count']) || ($key == 'host_hostname' && $_GET['count'] == 'host_id')){
if ($key == 'host_hostname' && $_GET['count'] == 'host_id'){
$subquery = 'host_hostname='.$query->fields['host_hostname'];
} else {
$subquery = $_GET['count'].'='.$query->fields[$key];
}
$row[$i][$col]['url'] = '/query/?'.$subquery.'&amp;submit_query=true';
$row[$i][$col]['text'] = $query->fields[$key];
} else {
// report_problem_type and behind_login are special cases since we need to resolve them
if($key == 'report_problem_type'){
$row[$i][$col]['text'] = resolveProblemTypes($query->fields[$key]);
}
else if($key == 'report_behind_login'){
$row[$i][$col]['text'] = resolveBehindLogin($query->fields[$key]);
} else {
$row[$i][$col]['text'] = $query->fields[$key];
}
}
}
$col++;
}
$query->MoveNext();
}
} }
$content->assign('row', $row);
$content->assign('continuityParams', $query->continuityParams($query_input));
$content->assign('count', $result['totalResults']);
$content->assign('show', $query_input['show']);
$content->assign('page', $query_input['page']);
$content->assign('column', $output['columnHeaders']);
$content->assign('row', $output['data']);
displayPage($content, 'query.tpl');
// disconnect database // disconnect database
$db->Close(); $db->Close();
$content->assign('navigation', navigation('?page=', '&amp;'.$continuity_params.'&amp;ascdesc='.$continuity_ascdesc.'&amp;show='.$_GET['show'], $totalresults, $_GET['show'], $_GET['page']));
displayPage($content, 'query.tpl');
?> ?>

Просмотреть файл

@ -38,7 +38,7 @@
require_once('../../config.inc.php'); require_once('../../config.inc.php');
require_once($config['base_path'].'/includes/iolib.inc.php'); require_once($config['base_path'].'/includes/iolib.inc.php');
require_once($config['base_path'].'/includes/contrib/adodb/adodb.inc.php'); require_once($config['base_path'].'/includes/db.inc.php');
require_once($config['base_path'].'/includes/contrib/smarty/libs/Smarty.class.php'); require_once($config['base_path'].'/includes/contrib/smarty/libs/Smarty.class.php');
require_once($config['base_path'].'/includes/security.inc.php'); require_once($config['base_path'].'/includes/security.inc.php');
@ -50,7 +50,6 @@ printheaders();
// Open DB // Open DB
$db = NewADOConnection($config['db_dsn']); $db = NewADOConnection($config['db_dsn']);
if (!$db) die("Connection failed");
$db->SetFetchMode(ADODB_FETCH_ASSOC); $db->SetFetchMode(ADODB_FETCH_ASSOC);
$query =& $db->Execute("SELECT * $query =& $db->Execute("SELECT *