database.php cleanup. remove dbFetchMonitor and dbFetchGroup. Their usage has been replaced with the Object::find_one usage. Also more quoting of table and colume names to fix #2659

This commit is contained in:
Isaac Connor 2019-08-13 11:45:50 -04:00
parent 29fc63dd15
commit 4140d51e9f
4 changed files with 121 additions and 135 deletions

View File

@ -2,25 +2,25 @@
// //
// ZoneMinder web database interface file, $Date$, $Revision$ // ZoneMinder web database interface file, $Date$, $Revision$
// Copyright (C) 2001-2008 Philip Coombes // Copyright (C) 2001-2008 Philip Coombes
// //
// This program is free software; you can redistribute it and/or // This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License // modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2 // as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version. // of the License, or (at your option) any later version.
// //
// This program is distributed in the hope that it will be useful, // This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of // but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details. // GNU General Public License for more details.
// //
// You should have received a copy of the GNU General Public License // You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software // along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
// //
define( 'DB_LOG_OFF', 0 ); define('DB_LOG_OFF', 0);
define( 'DB_LOG_ONLY', 1 ); define('DB_LOG_ONLY', 1);
define( 'DB_LOG_DEBUG', 2 ); define('DB_LOG_DEBUG', 2);
$GLOBALS['dbLogLevel'] = DB_LOG_OFF; $GLOBALS['dbLogLevel'] = DB_LOG_OFF;
@ -29,10 +29,10 @@ $GLOBALS['dbConn'] = false;
function dbConnect() { function dbConnect() {
global $dbConn; global $dbConn;
if (strpos(ZM_DB_HOST, ':')) { if ( strpos(ZM_DB_HOST, ':') ) {
// Host variable may carry a port or socket. // Host variable may carry a port or socket.
list($host, $portOrSocket) = explode(':', ZM_DB_HOST, 2); list($host, $portOrSocket) = explode(':', ZM_DB_HOST, 2);
if (ctype_digit($portOrSocket)) { if ( ctype_digit($portOrSocket) ) {
$socket = ':host='.$host . ';port='.$portOrSocket; $socket = ':host='.$host . ';port='.$portOrSocket;
} else { } else {
$socket = ':unix_socket='.$portOrSocket; $socket = ':unix_socket='.$portOrSocket;
@ -43,22 +43,22 @@ function dbConnect() {
try { try {
$dbOptions = null; $dbOptions = null;
if ( defined( 'ZM_DB_SSL_CA_CERT' ) and ZM_DB_SSL_CA_CERT ) { if ( defined('ZM_DB_SSL_CA_CERT') and ZM_DB_SSL_CA_CERT ) {
$dbOptions = array( $dbOptions = array(
PDO::MYSQL_ATTR_SSL_CA => ZM_DB_SSL_CA_CERT, PDO::MYSQL_ATTR_SSL_CA => ZM_DB_SSL_CA_CERT,
PDO::MYSQL_ATTR_SSL_KEY => ZM_DB_SSL_CLIENT_KEY, PDO::MYSQL_ATTR_SSL_KEY => ZM_DB_SSL_CLIENT_KEY,
PDO::MYSQL_ATTR_SSL_CERT => ZM_DB_SSL_CLIENT_CERT, PDO::MYSQL_ATTR_SSL_CERT => ZM_DB_SSL_CLIENT_CERT,
); );
$dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS, $dbOptions ); $dbConn = new PDO(ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS, $dbOptions);
} else { } else {
$dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS ); $dbConn = new PDO(ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS);
} }
$dbConn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbConn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbConn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $dbConn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $ex ) { } catch(PDOException $ex ) {
echo 'Unable to connect to ZM db.' . $ex->getMessage(); echo 'Unable to connect to ZM db.' . $ex->getMessage();
error_log('Unable to connect to ZM DB ' . $ex->getMessage() ); error_log('Unable to connect to ZM DB ' . $ex->getMessage());
$dbConn = null; $dbConn = null;
} }
} }
@ -89,15 +89,15 @@ function dbDebug() {
dbLogDebug(); dbLogDebug();
} }
function dbLog( $sql, $update=false ) { function dbLog($sql, $update=false) {
global $dbLogLevel; global $dbLogLevel;
$noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG); $noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG);
if ( $dbLogLevel > DB_LOG_OFF ) if ( $dbLogLevel > DB_LOG_OFF )
ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?" (not executed)":"") ); ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?' (not executed)':'') );
return( $noExecute ); return( $noExecute );
} }
function dbError( $sql ) { function dbError($sql) {
global $dbConn; global $dbConn;
$error = $dbConn->errorInfo(); $error = $dbConn->errorInfo();
if ( ! $error[0] ) if ( ! $error[0] )
@ -110,37 +110,37 @@ function dbError( $sql ) {
function dbEscape( $string ) { function dbEscape( $string ) {
global $dbConn; global $dbConn;
if ( version_compare( phpversion(), '4.3.0', '<') ) if ( version_compare(phpversion(), '4.3.0', '<'))
if ( get_magic_quotes_gpc() ) if ( get_magic_quotes_gpc() )
return( $dbConn->quote( stripslashes( $string ) ) ); return $dbConn->quote(stripslashes($string));
else else
return( $dbConn->quote( $string ) ); return $dbConn->quote($string);
else else
if ( get_magic_quotes_gpc() ) if ( get_magic_quotes_gpc() )
return( $dbConn->quote( stripslashes( $string ) ) ); return $dbConn->quote(stripslashes($string));
else else
return( $dbConn->quote( $string ) ); return $dbConn->quote($string);
} }
function dbQuery( $sql, $params=NULL ) { function dbQuery($sql, $params=NULL) {
global $dbConn; global $dbConn;
if ( dbLog( $sql, true ) ) if ( dbLog($sql, true) )
return; return;
$result = NULL; $result = NULL;
try { try {
if ( isset($params) ) { if ( isset($params) ) {
if ( ! $result = $dbConn->prepare( $sql ) ) { if ( ! $result = $dbConn->prepare($sql) ) {
ZM\Error("SQL: Error preparing $sql: " . $pdo->errorInfo); ZM\Error("SQL: Error preparing $sql: " . $pdo->errorInfo);
return NULL; return NULL;
} }
if ( ! $result->execute( $params ) ) { if ( ! $result->execute($params) ) {
ZM\Error("SQL: Error executing $sql: " . implode(',', $result->errorInfo() ) ); ZM\Error("SQL: Error executing $sql: " . implode(',', $result->errorInfo()));
return NULL; return NULL;
} }
} else { } else {
if ( defined('ZM_DB_DEBUG') ) { if ( defined('ZM_DB_DEBUG') ) {
ZM\Logger::Debug("SQL: $sql values:" . ($params?implode(',',$params):'') ); ZM\Logger::Debug("SQL: $sql values:" . ($params?implode(',',$params):''));
} }
$result = $dbConn->query($sql); $result = $dbConn->query($sql);
if ( ! $result ) { if ( ! $result ) {
@ -150,24 +150,24 @@ function dbQuery( $sql, $params=NULL ) {
} }
if ( defined('ZM_DB_DEBUG') ) { if ( defined('ZM_DB_DEBUG') ) {
if ( $params ) if ( $params )
ZM\Logger::Debug("SQL: $sql" . implode(',',$params) . ' rows: '.$result->rowCount() ); ZM\Logger::Debug("SQL: $sql" . implode(',',$params) . ' rows: '.$result->rowCount());
else else
ZM\Logger::Debug("SQL: $sql: rows:" . $result->rowCount() ); ZM\Logger::Debug("SQL: $sql: rows:" . $result->rowCount());
} }
} catch(PDOException $e) { } catch(PDOException $e) {
ZM\Error( "SQL-ERR '".$e->getMessage()."', statement was '".$sql."' params:" . ($params?implode(',',$params):'') ); ZM\Error("SQL-ERR '".$e->getMessage()."', statement was '".$sql."' params:" . ($params?implode(',',$params):''));
return NULL; return NULL;
} }
return $result; return $result;
} }
function dbFetchOne( $sql, $col=false, $params=NULL ) { function dbFetchOne($sql, $col=false, $params=NULL) {
$result = dbQuery( $sql, $params ); $result = dbQuery($sql, $params);
if ( ! $result ) { if ( !$result ) {
ZM\Error( "SQL-ERR dbFetchOne no result, statement was '".$sql."'" . ( $params ? 'params: ' . join(',',$params) : '' ) ); ZM\Error("SQL-ERR dbFetchOne no result, statement was '".$sql."'".($params ? 'params: ' . join(',',$params) : ''));
return false; return false;
} }
if ( ! $result->rowCount() ) { if ( !$result->rowCount() ) {
# No rows is not an error # No rows is not an error
return false; return false;
} }
@ -179,109 +179,109 @@ function dbFetchOne( $sql, $col=false, $params=NULL ) {
return false; return false;
} }
return $dbRow[$col]; return $dbRow[$col];
} }
return $dbRow; return $dbRow;
} }
return false; return false;
} }
function dbFetchAll( $sql, $col=false, $params=NULL ) { function dbFetchAll($sql, $col=false, $params=NULL) {
$result = dbQuery( $sql, $params ); $result = dbQuery($sql, $params);
if ( ! $result ) { if ( ! $result ) {
ZM\Error( "SQL-ERR dbFetchAll no result, statement was '".$sql."'" . ( $params ? 'params: ' .join(',', $params) : '' ) ); ZM\Error("SQL-ERR dbFetchAll no result, statement was '".$sql."'".($params ? 'params: '.join(',', $params) : ''));
return false; return false;
} }
$dbRows = array(); $dbRows = array();
while( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) while ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) )
$dbRows[] = $col?$dbRow[$col]:$dbRow; $dbRows[] = $col ? $dbRow[$col] : $dbRow;
return $dbRows; return $dbRows;
} }
function dbFetchAssoc( $sql, $indexCol, $dataCol=false ) { function dbFetchAssoc($sql, $indexCol, $dataCol=false) {
$result = dbQuery( $sql ); $result = dbQuery($sql);
$dbRows = array(); $dbRows = array();
while( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) while( $dbRow = $result->fetch(PDO::FETCH_ASSOC) )
$dbRows[$dbRow[$indexCol]] = $dataCol?$dbRow[$dataCol]:$dbRow; $dbRows[$dbRow[$indexCol]] = $dataCol ? $dbRow[$dataCol] : $dbRow;
return( $dbRows ); return $dbRows;
} }
function dbFetch( $sql, $col=false ) { function dbFetch($sql, $col=false) {
return( dbFetchAll( $sql, $col ) ); return dbFetchAll($sql, $col);
} }
function dbFetchNext( $result, $col=false ) { function dbFetchNext($result, $col=false) {
if ( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) if ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) )
return( $col?$dbRow[$col]:$dbRow ); return $col ? $dbRow[$col] : $dbRow;
return( false ); return false;
} }
function dbNumRows( $sql ) { function dbNumRows( $sql ) {
$result = dbQuery( $sql ); $result = dbQuery($sql);
return( $result->rowCount() ); return $result->rowCount();
} }
function dbInsertId() { function dbInsertId() {
global $dbConn; global $dbConn;
return( $dbConn->lastInsertId() ); return $dbConn->lastInsertId();
} }
function getEnumValues( $table, $column ) { function getEnumValues($table, $column) {
$row = dbFetchOne( "describe $table $column" ); $row = dbFetchOne("DESCRIBE `$table` `$column`");
preg_match_all( "/'([^']+)'/", $row['Type'], $matches ); preg_match_all("/'([^']+)'/", $row['Type'], $matches);
return( $matches[1] ); return $matches[1];
} }
function getSetValues( $table, $column ) { function getSetValues($table, $column) {
return( getEnumValues( $table, $column ) ); return getEnumValues($table, $column);
} }
function getUniqueValues( $table, $column, $asString=1 ) { function getUniqueValues($table, $column, $asString=1) {
$values = array(); $values = array();
$sql = "select distinct $column from $table where (not isnull($column) and $column != '') order by $column"; $sql = "SELECT DISTINCT `$column` FROM `$table` WHERE (NOT isnull(`$column`) AND `$column` != '') ORDER BY `$column`";
foreach( dbFetchAll( $sql ) as $row ) { foreach ( dbFetchAll($sql) as $row ) {
if ( $asString ) if ( $asString )
$values[$row[$column]] = $row[$column]; $values[$row[$column]] = $row[$column];
else else
$values[] = $row[$column]; $values[] = $row[$column];
} }
return( $values ); return $values;
} }
function getTableColumns( $table, $asString=1 ) { function getTableColumns( $table, $asString=1 ) {
$columns = array(); $columns = array();
$sql = "describe $table"; $sql = "DESCRIBE `$table`";
foreach( dbFetchAll( $sql ) as $row ) { foreach ( dbFetchAll($sql) as $row ) {
if ( $asString ) if ( $asString )
$columns[$row['Field']] = $row['Type']; $columns[$row['Field']] = $row['Type'];
else else
$columns[] = $row['Type']; $columns[] = $row['Type'];
} }
return( $columns ); return $columns;
} }
function getTableAutoInc( $table ) { function getTableAutoInc( $table ) {
$row = dbFetchOne( 'show table status where Name=?', NULL, array($table) ); $row = dbFetchOne('SHOW TABLE status WHERE Name=?', NULL, array($table));
return( $row['Auto_increment'] ); return $row['Auto_increment'];
} }
function getTableDescription( $table, $asString=1 ) { function getTableDescription( $table, $asString=1 ) {
$columns = array(); $columns = array();
foreach( dbFetchAll( "describe $table" ) as $row ) { foreach( dbFetchAll("DESCRIBE `$table`") as $row ) {
$desc = array( $desc = array(
'name' => $row['Field'], 'name' => $row['Field'],
'required' => ($row['Null']=='NO')?true:false, 'required' => ($row['Null']=='NO')?true:false,
'default' => $row['Default'], 'default' => $row['Default'],
'db' => $row, 'db' => $row,
); );
if ( preg_match( "/^varchar\((\d+)\)$/", $row['Type'], $matches ) ) { if ( preg_match('/^varchar\((\d+)\)$/', $row['Type'], $matches) ) {
$desc['type'] = 'text'; $desc['type'] = 'text';
$desc['typeAttrib'] = 'varchar'; $desc['typeAttrib'] = 'varchar';
$desc['maxLength'] = $matches[1]; $desc['maxLength'] = $matches[1];
} elseif ( preg_match( "/^(\w+)?text$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(\w+)?text$/', $row['Type'], $matches) ) {
$desc['type'] = 'text'; $desc['type'] = 'text';
if (!empty($matches[1]) ) if ( !empty($matches[1]) )
$desc['typeAttrib'] = $matches[1]; $desc['typeAttrib'] = $matches[1];
switch ( $matches[1] ) { switch ( $matches[1] ) {
case 'tiny' : case 'tiny' :
@ -295,15 +295,15 @@ function getTableDescription( $table, $asString=1 ) {
//$desc['minLength'] = -128; //$desc['minLength'] = -128;
break; break;
default : default :
ZM\Error( "Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'" ); ZM\Error("Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'");
break; break;
} }
} elseif ( preg_match( "/^(enum|set)\((.*)\)$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(enum|set)\((.*)\)$/', $row['Type'], $matches) ) {
$desc['type'] = 'text'; $desc['type'] = 'text';
$desc['typeAttrib'] = $matches[1]; $desc['typeAttrib'] = $matches[1];
preg_match_all( "/'([^']+)'/", $matches[2], $matches ); preg_match_all("/'([^']+)'/", $matches[2], $matches);
$desc['values'] = $matches[1]; $desc['values'] = $matches[1];
} elseif ( preg_match( "/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) {
$desc['type'] = 'integer'; $desc['type'] = 'integer';
switch ( $matches[1] ) { switch ( $matches[1] ) {
case 'tiny' : case 'tiny' :
@ -327,7 +327,7 @@ function getTableDescription( $table, $asString=1 ) {
//$desc['maxValue'] = 127; //$desc['maxValue'] = 127;
break; break;
default : default :
ZM\Error( "Unexpected integer qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'" ); ZM\Error("Unexpected integer qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'");
break; break;
} }
if ( !empty($matches[1]) ) if ( !empty($matches[1]) )
@ -336,7 +336,7 @@ function getTableDescription( $table, $asString=1 ) {
$desc['maxValue'] += (-$desc['minValue']); $desc['maxValue'] += (-$desc['minValue']);
$desc['minValue'] = 0; $desc['minValue'] = 0;
} }
} elseif ( preg_match( "/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) {
$desc['type'] = 'fixed'; $desc['type'] = 'fixed';
$desc['range'] = $matches[1]; $desc['range'] = $matches[1];
if ( isset($matches[2]) ) if ( isset($matches[2]) )
@ -344,7 +344,7 @@ function getTableDescription( $table, $asString=1 ) {
else else
$desc['precision'] = 0; $desc['precision'] = 0;
$desc['unsigned'] = ( isset($matches[3]) && $matches[3] == 'unsigned' ); $desc['unsigned'] = ( isset($matches[3]) && $matches[3] == 'unsigned' );
} elseif ( preg_match( "/^(datetime|timestamp|date|time)$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(datetime|timestamp|date|time)$/', $row['Type'], $matches) ) {
$desc['type'] = 'datetime'; $desc['type'] = 'datetime';
switch ( $desc['typeAttrib'] = $matches[1] ) { switch ( $desc['typeAttrib'] = $matches[1] ) {
case 'datetime' : case 'datetime' :
@ -362,7 +362,7 @@ function getTableDescription( $table, $asString=1 ) {
break; break;
} }
} else { } else {
ZM\Error( "Can't parse database type '".$row['Type']."' found for field '".$row['Field']."' in table '".$table."'" ); ZM\Error("Can't parse database type '".$row['Type']."' found for field '".$row['Field']."' in table '".$table."'");
} }
if ( $asString ) if ( $asString )
@ -370,15 +370,6 @@ function getTableDescription( $table, $asString=1 ) {
else else
$columns[] = $desc; $columns[] = $desc;
} }
return( $columns ); return $columns;
}
function dbFetchMonitor( $mid ) {
return( dbFetchOne( 'select * from Monitors where Id = ?', NULL, array($mid) ) );
} }
function dbFetchGroup( $gid ) {
return( dbFetchOne( 'select * from Groups where Id = ?', NULL, array($gid) ) );
}
?> ?>

View File

@ -23,34 +23,34 @@ if ( !canEdit('Monitors') ) {
return; return;
} }
$monitor = dbFetchMonitor($_REQUEST['mid']); $monitor = ZM\Monitor::find_one(array('Id'=>$_REQUEST['mid']));
$focusWindow = true; $focusWindow = true;
xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor['Name'])); xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor->Name()));
?> ?>
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo translate('Function').' - '.validHtmlStr($monitor['Name']) ?></h2> <h2><?php echo translate('Function').' - '.validHtmlStr($monitor->Name()) ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="contentForm" id="contentForm" method="post" action="?"> <form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="function"/> <input type="hidden" name="view" value="function"/>
<input type="hidden" name="action" value="function"/> <input type="hidden" name="action" value="function"/>
<input type="hidden" name="mid" value="<?php echo $monitor['Id'] ?>"/> <input type="hidden" name="mid" value="<?php echo $monitor->Id() ?>"/>
<p> <p>
<select name="newFunction"> <select name="newFunction">
<?php <?php
foreach ( getEnumValues('Monitors', 'Function') as $optFunction ) { foreach ( getEnumValues('Monitors', 'Function') as $optFunction ) {
?> ?>
<option value="<?php echo $optFunction ?>"<?php if ( $optFunction == $monitor['Function'] ) { ?> selected="selected"<?php } ?>><?php echo translate('Fn'.$optFunction) ?></option> <option value="<?php echo $optFunction ?>"<?php if ( $optFunction == $monitor->Function() ) { ?> selected="selected"<?php } ?>><?php echo translate('Fn'.$optFunction) ?></option>
<?php <?php
} }
?> ?>
</select> </select>
<label for="newEnabled"><?php echo translate('Enabled') ?></label> <label for="newEnabled"><?php echo translate('Enabled') ?></label>
<input type="checkbox" name="newEnabled" id="newEnabled" value="1"<?php if ( !empty($monitor['Enabled']) ) { ?> checked="checked"<?php } ?>/> <input type="checkbox" name="newEnabled" id="newEnabled" value="1"<?php if ( !empty($monitor->Enabled()) ) { ?> checked="checked"<?php } ?>/>
</p> </p>
<div id="contentButtons"> <div id="contentButtons">
<button type="submit" value="Save"><?php echo translate('Save') ?></button> <button type="submit" value="Save"><?php echo translate('Save') ?></button>

View File

@ -19,23 +19,21 @@
// //
if ( !canView( 'Monitors' ) ) if ( !canView('Monitors') ) {
{ $view = 'error';
$view = "error"; return;
return;
} }
$mid = validInt($_REQUEST['mid']); $mid = validInt($_REQUEST['mid']);
$zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0; $zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0;
if ( $zid > 0 ) { if ( $zid > 0 ) {
$newZone = dbFetchOne( 'SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array( $mid, $zid) ); $newZone = dbFetchOne('SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array($mid, $zid));
} else { } else {
$view = "error"; $view = 'error';
return; return;
} }
$monitor = dbFetchMonitor ( $mid ); $monitor = ZM\Monitor::find_one($mid);
// Only allow certain filename characters (not including a period) to prevent directory traversal. // Only allow certain filename characters (not including a period) to prevent directory traversal.
$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']); $plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']);
@ -104,7 +102,7 @@ function pLang($name)
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2> <h2><?php echo translate('Monitor') ?> <?php echo $monitor->Name() ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="pluginForm" id="pluginForm" method="post" action="?"> <form name="pluginForm" id="pluginForm" method="post" action="?">
@ -115,16 +113,14 @@ function pLang($name)
<input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/> <input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/>
<div id="settingsPanel"> <div id="settingsPanel">
<table id="pluginSettings" cellspacing="0"> <table id="pluginSettings">
<tbody> <tbody>
<?php <?php
foreach($pluginOptions as $name => $popt) foreach($pluginOptions as $name => $popt) {
{ ?>
?>
<tr><th scope="row"><?php echo pLang($name) ?></th> <tr><th scope="row"><?php echo pLang($name) ?></th>
<?php <?php
switch($popt['Type']) switch($popt['Type']) {
{
case "checkbox": case "checkbox":
echo "CHECKBOX"; echo "CHECKBOX";
break; break;
@ -134,8 +130,7 @@ foreach($pluginOptions as $name => $popt)
<td colspan="2"> <td colspan="2">
<select name="pluginOpt[<?php echo $popt['Name'] ?>]" id="pluginOpt[<?php echo $popt['Name'] ?>]"> <select name="pluginOpt[<?php echo $popt['Name'] ?>]" id="pluginOpt[<?php echo $popt['Name'] ?>]">
<?php <?php
foreach($pchoices as $pchoice) foreach($pchoices as $pchoice) {
{
$psel=""; $psel="";
if($popt['Value']==$pchoice) if($popt['Value']==$pchoice)
$psel="selected"; $psel="selected";

View File

@ -18,30 +18,29 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
// //
if ( !canView( 'Control' ) ) if ( !canView('Control') ) {
{ $view = 'error';
$view = "error"; return;
return;
} }
$monitor = dbFetchMonitor( $_REQUEST['mid'] ); $monitor = ZM\Monitor::find_one(array('Id'=>$_REQUEST['mid']));
$zmuCommand = getZmuCommand( " -m ".escapeshellarg($_REQUEST['mid'])." -B -C -H -O" ); $zmuCommand = getZmuCommand(' -m '.escapeshellarg($_REQUEST['mid']).' -B -C -H -O');
$zmuOutput = exec( $zmuCommand ); $zmuOutput = exec( $zmuCommand );
list( $brightness, $contrast, $hue, $colour ) = explode( ' ', $zmuOutput ); list($brightness, $contrast, $hue, $colour) = explode(' ', $zmuOutput);
$monitor['Brightness'] = $brightness; $monitor->Brightness() = $brightness;
$monitor['Contrast'] = $contrast; $monitor->Contrast() = $contrast;
$monitor['Hue'] = $hue; $monitor->Hue() = $hue;
$monitor['Colour'] = $colour; $monitor->Colour() = $colour;
$focusWindow = true; $focusWindow = true;
xhtmlHeaders(__FILE__, validHtmlStr($monitor['Name'])." - ".translate('Settings') ); xhtmlHeaders(__FILE__, validHtmlStr($monitor->Name()).' - '.translate('Settings'));
?> ?>
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo validHtmlStr($monitor['Name']) ?> - <?php echo translate('Settings') ?></h2> <h2><?php echo validHtmlStr($monitor->Name()) ?> - <?php echo translate('Settings') ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="contentForm" id="contentForm" method="post" action="?"> <form name="contentForm" id="contentForm" method="post" action="?">
@ -52,24 +51,25 @@ xhtmlHeaders(__FILE__, validHtmlStr($monitor['Name'])." - ".translate('Settings'
<tbody> <tbody>
<tr> <tr>
<th scope="row"><?php echo translate('Brightness') ?></th> <th scope="row"><?php echo translate('Brightness') ?></th>
<td><input type="text" name="newBrightness" value="<?php echo $monitor['Brightness'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newBrightness" value="<?php echo $monitor->Brightness() ?>" <?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('Contrast') ?></th> <th scope="row"><?php echo translate('Contrast') ?></th>
<td><input type="text" name="newContrast" value="<?php echo $monitor['Contrast'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newContrast" value="<?php echo $monitor->Contrast() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('Hue') ?></th> <th scope="row"><?php echo translate('Hue') ?></th>
<td><input type="text" name="newHue" value="<?php echo $monitor['Hue'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newHue" value="<?php echo $monitor->Hue() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('Colour') ?></th> <th scope="row"><?php echo translate('Colour') ?></th>
<td><input type="text" name="newColour" value="<?php echo $monitor['Colour'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newColour" value="<?php echo $monitor->Colour() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<div id="contentButtons"> <div id="contentButtons">
<input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Close') ?>" data-on-click="closeWindow"/> <button type="submit" value="Save"<?php echo canView('Control') ? '' : ' disabled="disabled"' ?>><?php echo translate('Save') ?></button>
<button type="button" value="Close" data-on-click="closeWindow"/><?php echo translate('Close') ?></button>
</div> </div>
</form> </form>
</div> </div>