This commit is contained in:
Isaac Connor 2014-03-21 16:51:09 -04:00
parent ffa952419c
commit c7a8c0601b
16 changed files with 60 additions and 109 deletions

View File

@ -146,8 +146,7 @@ function exportEventFrames( $event, $exportDetail, $exportImages )
{
global $SLANG;
$sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '".dbEscape($event['Id'])."' order by FrameId";
$frames = dbFetchAll( $sql );
$frames = dbFetchAll( 'SELECT *, unix_timestamp(TimeStamp) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId', NULL, ARRAY(event['Id']) );
ob_start();
exportHeader( $SLANG['Frames']." ".$event['Id'] );
@ -438,21 +437,6 @@ function rewind() {
}
//---------------------------------+
// CARPE S l i d e r 1.3 |
// 2005 - 12 - 10 |
@ -590,15 +574,9 @@ function slideManual(val,length,from,to) {
if (yMax == 0) carpeLeft(sliderid, pos) // Snap horizontal slider to corresponding display position.
}
if (ie||dom) start_slider();
else if (document.layers) window.onload=start_slider;
</script>
</body>
@ -607,10 +585,6 @@ else if (document.layers) window.onload=start_slider;
return( ob_get_clean() );
}
function exportEventImagesMaster( $eids )
{
global $SLANG;
@ -622,8 +596,8 @@ function exportEventImagesMaster( $eids )
<?php
foreach ($eids as $eid) {
//get monitor id and event id
$sql = "select E.MonitorId from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where E.Id = '".dbEscape($eid)."'";
$event = dbFetchOne( $sql );
$sql = 'SELECT E.MonitorId FROM Monitors as M INNER JOIN Events AS E ON (M.Id = E.MonitorId) WHERE E.Id = ?';
$event = dbFetchOne( $sql, NULL, ARRAY( $eid ) );
$eventMonitorId[$eid] = $event['MonitorId'];
}
@ -783,8 +757,8 @@ function exportFileList( $eid, $exportDetail, $exportFrames, $exportImages, $exp
if ( canView( 'Events' ) && $eid )
{
$sql = "select E.Id,E.MonitorId,M.Name As MonitorName,M.Width,M.Height,E.Name,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where E.Id = '".dbEscape($eid)."'";
$event = dbFetchOne( $sql );
$sql = 'SELECT E.Id,E.MonitorId,M.Name AS MonitorName,M.Width,M.Height,E.Name,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived FROM Monitors AS M INNER JOIN Events AS E ON (M.Id = E.MonitorId) WHERE E.Id = ?';
$event = dbFetchOne( $sql, NULL, ARRAY($eid) );
$eventPath = mygetEventPath( $event );
$files = array();
if ( $dir = opendir( $eventPath ) )

View File

@ -232,7 +232,7 @@ function parseFilterToTree( $filter )
$value = "'$value'";
break;
case 'DateTime':
$value = "'".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."'";
$value = strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) );
break;
case 'Date':
$value = "to_days( '".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."' )";

View File

@ -1,5 +0,0 @@
--This line, and those below, will be ignored--
M views/plugin.php
M views/css/plugin.css

View File

@ -71,8 +71,10 @@ $eventCounts = array(
$running = daemonCheck();
$status = $running?$SLANG['Running']:$SLANG['Stopped'];
if ( $group = dbFetchOne( "select * from Groups where Id = '".(empty($_COOKIE['zmGroup'])?0:dbEscape($_COOKIE['zmGroup']))."'" ) )
if ( ! empty($_COOKIE['zmGroup']) ) {
if ( $group = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, ARRAY($_COOKIE['zmGroup']) ) )
$groupIds = array_flip(explode( ',', $group['MonitorIds'] ));
}
noCacheHeaders();
@ -82,7 +84,7 @@ $cycleCount = 0;
$minSequence = 0;
$maxSequence = 1;
$seqIdList = array();
$monitors = dbFetchAll( "select * from Monitors order by Sequence asc" );
$monitors = dbFetchAll( 'SELECT * FROM Monitors ORDER BY Sequence ASC' );
$displayMonitors = array();
for ( $i = 0; $i < count($monitors); $i++ )
{
@ -105,7 +107,7 @@ for ( $i = 0; $i < count($monitors); $i++ )
}
$monitors[$i]['zmc'] = zmcStatus( $monitors[$i] );
$monitors[$i]['zma'] = zmaStatus( $monitors[$i] );
$monitors[$i]['ZoneCount'] = dbFetchOne( "select count(Id) as ZoneCount from Zones where MonitorId = '".$monitors[$i]['Id']."'", "ZoneCount" );
$monitors[$i]['ZoneCount'] = dbFetchOne( 'SELECT count(Id) AS ZoneCount FROM Zones WHERE MonitorId = ?', 'ZoneCount', ARRAY( $monitors[$i]['Id'] ) );
$counts = array();
for ( $j = 0; $j < count($eventCounts); $j++ )
{
@ -114,8 +116,8 @@ for ( $i = 0; $i < count($monitors); $i++ )
$counts[] = "count(if(1".$filter['sql'].",1,NULL)) as EventCount$j";
$monitors[$i]['eventCounts'][$j]['filter'] = $filter;
}
$sql = "select ".join($counts,", ")." from Events as E where MonitorId = '".$monitors[$i]['Id']."'";
$counts = dbFetchOne( $sql );
$sql = 'SELECT '.join($counts,", ").' FROM Events AS E WHERE MonitorId = ?';
$counts = dbFetchOne( $sql, NULL, ARRAY( $monitors[$i]['Id'] ) );
if ( $monitors[$i]['Function'] != 'None' )
{
$cycleCount++;

View File

@ -25,16 +25,14 @@ if ( !canView( 'Control' ) )
}
$groupSql = "";
if ( !empty($_REQUEST['group']) )
{
$sql = "select * from Groups where Id = '".dbEscape($_REQUEST['group'])."'";
$row = dbFetchOne( $sql );
if ( !empty($_REQUEST['group']) ) {
$row = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, ARRAY($_REQUEST['group']) );
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
}
$mid = validInt($_REQUEST['mid']);
$sql = "select * from Monitors where Function != 'None' and Controllable = 1$groupSql order by Sequence";
$sql = "SELECT * FROM Monitors WHERE Function != 'None' AND Controllable = 1$groupSql ORDER BY Sequence";
$mids = array();
foreach( dbFetchAll( $sql ) as $row )
{
@ -50,8 +48,8 @@ foreach( dbFetchAll( $sql ) as $row )
foreach ( getSkinIncludes( 'includes/control_functions.php' ) as $includeFile )
require_once $includeFile;
$sql = "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id ) where M.Id = '".$mid."'";
$monitor = dbFetchOne( $sql );
$sql = 'SELECT C.*,M.* FROM Monitors AS M INNER JOIN Controls AS C ON (M.ControlId = C.Id ) WHERE M.Id = ?';
$monitor = dbFetchOne( $sql, NULL, ARRAY( $mid ) );
$focusWindow = true;

View File

@ -48,7 +48,7 @@ else
{
if ( !empty($_REQUEST['cid']) )
{
$control = dbFetchOne( "select * from Controls where Id = '".dbEscape($_REQUEST['cid'])."'" );
$control = dbFetchOne( 'SELECT * FROM Controls WHERE Id = ?', NULL, ARRAY($_REQUEST['cid']) );
}
else
{

View File

@ -24,8 +24,7 @@ if ( !canView( 'Control' ) )
return;
}
$sql = "select * from Controls order by Id";
$controls = dbFetchAll( $sql );
$controls = dbFetchAll( 'SELECT * FROM Controls ORDER BY Id' );
$focusWindow = true;

View File

@ -24,11 +24,10 @@ if ( !canEdit( 'Monitors' ) )
return;
}
$monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id ) where M.Id = '".dbEscape($_REQUEST['mid'])."'" );
$monitor = dbFetchOne( 'SELECT C.*,M.* FROM Monitors AS M INNER JOIN Controls AS C ON (M.ControlId = C.Id ) WHERE M.Id = ?', NULL, ARRAY($_REQUEST['mid']) );
$sql = "select * from ControlPresets where MonitorId = '".$monitor['Id']."'";
$labels = array();
foreach( dbFetchAll( $sql ) as $row )
foreach( dbFetchAll( 'SELECT * FROM ControlPresets WHERE MonitorId = ?', NULL, ARRAY($monitor['Id']) ) as $row )
{
$labels[$row['Preset']] = $row['Label'];
}

View File

@ -41,12 +41,11 @@ $groupSql = '';
if ( !empty($_REQUEST['group']) )
{
$group = validInt($_REQUEST['group']);
$sql = "select * from Groups where Id = '".dbEscape($group)."'";
$row = dbFetchOne( $sql );
$row = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, ARRAY($group) );
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
}
$sql = "select * from Monitors where Function != 'None'$groupSql order by Sequence";
$sql = "SELECT * FROM Monitors WHERE Function != 'None'$groupSql ORDER BY Sequence";
$monitors = array();
$monIdx = 0;
foreach( dbFetchAll( $sql ) as $row )

View File

@ -23,10 +23,8 @@ if ( !canEdit( 'Devices' ) )
$view = "error";
return;
}
if ( !empty($_REQUEST['did']) )
{
$sql = "select * from Devices where Id = '".dbEscape($_REQUEST['did'])."'";
$newDevice = dbFetchOne( $sql );
if ( !empty($_REQUEST['did']) ) {
$newDevice = dbFetchOne( 'SELECT * FROM Devices WHERE Id = ?', NULL, ARRAY($_REQUEST['did']) );
}
else
{

View File

@ -24,7 +24,7 @@ if ( !canView( 'Devices' ) )
return;
}
$sql = "select * from Devices where Type = 'X10' order by Name";
$sql = "SELECT * FROM Devices WHERE Type = 'X10' ORDER BY Name";
$devices = array();
foreach( dbFetchAll( $sql ) as $row )
{

View File

@ -32,8 +32,8 @@ if ( $user['MonitorIds'] )
else
$midSql = '';
$sql = "select E.*,M.Name as MonitorName,M.DefaultRate,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($eid)."'".$midSql;
$event = dbFetchOne( $sql );
$sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultRate,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'.$midSql;
$event = dbFetchOne( $sql, NULL, array($eid) );
if ( isset( $_REQUEST['rate'] ) )
$rate = validInt($_REQUEST['rate']);

View File

@ -23,25 +23,22 @@ if ( !canEdit( 'Events' ) )
$view = "error";
return;
}
if ( isset($_REQUEST['eid']) )
{
if ( isset($_REQUEST['eid']) ) {
$mode = 'single';
$eid = validInt($_REQUEST['eid']);
$sql = "select E.* from Events as E where E.Id = '".dbEscape($eid)."'";
$newEvent = dbFetchOne( $sql );
}
elseif ( isset($_REQUEST['eids']) )
{
$newEvent = dbFetchOne( 'SELECT E.* FROM Events AS E WHERE E.Id = ?', NULL, array($eid) );
} elseif ( isset($_REQUEST['eids']) ) {
$mode = 'multi';
$sql = "select E.* from Events as E where ";
$sql = 'SELECT E.* FROM Events AS E WHERE ';
$sqlWhere = array();
foreach ( $_REQUEST['eids'] as $eid )
{
$sqlWhere[] = "E.Id = '".dbEscape($eid)."'";
$sqlValues = array();
foreach ( $_REQUEST['eids'] as $eid ) {
$sqlWhere[] = 'E.Id = ?';
$sqlValues[] = $eid;
}
unset( $eid );
$sql .= join( " or ", $sqlWhere );
foreach( dbFetchAll( $sql ) as $row )
foreach( dbFetchAll( $sql, NULL, $sqlValues ) as $row )
{
if ( !isset($newEvent) )
{

View File

@ -29,15 +29,13 @@ if ( !empty($_REQUEST['execute']) )
executeFilter( $tempFilterName );
}
$countSql = "select count(E.Id) as EventCount from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where";
$eventsSql = "select E.Id,E.MonitorId,M.Name As MonitorName,M.DefaultScale,E.Name,E.Width,E.Height,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where";
$countSql = 'SELECT count(E.Id) AS EventCount FROM Monitors AS M INNER JOIN Events AS E ON (M.Id = E.MonitorId) WHERE';
$eventsSql = 'SELECT E.Id,E.MonitorId,M.Name AS MonitorName,M.DefaultScale,E.Name,E.Width,E.Height,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived FROM Monitors AS M INNER JOIN Events AS E on (M.Id = E.MonitorId) WHERE';
if ( $user['MonitorIds'] )
{
$countSql .= " M.Id in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) ).")";
$eventsSql .= " M.Id in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) ).")";
}
else
{
} else {
$countSql .= " 1";
$eventsSql .= " 1";
}
@ -51,7 +49,7 @@ if ( $_REQUEST['filter']['sql'] )
$countSql .= $_REQUEST['filter']['sql'];
$eventsSql .= $_REQUEST['filter']['sql'];
}
$eventsSql .= " order by $sortColumn $sortOrder";
$eventsSql .= " ORDER BY $sortColumn $sortOrder";
if ( isset($_REQUEST['page']) )
$page = validInt($_REQUEST['page']);
@ -68,18 +66,15 @@ if ( !empty($limit) && $nEvents > $limit )
$nEvents = $limit;
}
$pages = (int)ceil($nEvents/ZM_WEB_EVENTS_PER_PAGE);
if ( $pages > 1 )
{
if ( !empty($page) )
{
if ( $pages > 1 ) {
if ( !empty($page) ) {
if ( $page < 0 )
$page = 1;
if ( $page > $pages )
$page = $pages;
}
}
if ( !empty($page) )
{
if ( !empty($page) ) {
$limitStart = (($page-1)*ZM_WEB_EVENTS_PER_PAGE);
if ( empty( $limit ) )
{
@ -91,10 +86,8 @@ if ( !empty($page) )
$limitAmount = ($limitLeft>ZM_WEB_EVENTS_PER_PAGE)?ZM_WEB_EVENTS_PER_PAGE:$limitLeft;
}
$eventsSql .= " limit $limitStart, $limitAmount";
}
elseif ( !empty( $limit ) )
{
$eventsSql .= " limit 0, ".dbEscape($limit);
} elseif ( !empty( $limit ) ) {
$eventsSql .= " limit 0, ".$limit;
}
$maxWidth = 0;

View File

@ -28,18 +28,15 @@ $eid = validInt($_REQUEST['eid']);
if ( !empty($_REQUEST['fid']) )
$fid = validInt($_REQUEST['fid']);
$sql = "select E.*,M.Name as MonitorName,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($eid)."'";
$event = dbFetchOne( $sql );
$sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?';
$event = dbFetchOne( $sql, NULL, array($eid) );
if ( !empty($fid) )
{
$sql = "select * from Frames where EventId = '".dbEscape($eid)."' and FrameId = '".dbEscape($fid)."'";
if ( !($frame = dbFetchOne( $sql )) )
if ( !empty($fid) ) {
$sql = 'SELECT * FROM Frames WHERE EventId = ? AND FrameId = ?';
if ( !($frame = dbFetchOne( $sql, NULL, array($eid, $fid) )) )
$frame = array( 'FrameId'=>$fid, 'Type'=>'Normal', 'Score'=>0 );
}
else
{
$frame = dbFetchOne( "select * from Frames where EventId = '".dbEscape($eid)."' and Score = '".$event['MaxScore']."'" );
} else {
$frame = dbFetchOne( 'SELECT * FROM Frames WHERE EventId = ? AND Score = ?', NULL, array( $eid, $event['MaxScore'] ) );
}
$maxFid = $event['Frames'];

View File

@ -23,11 +23,11 @@ if ( !canView( 'Events' ) )
$view = "error";
return;
}
$sql = "select E.*,M.Name as MonitorName from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($_REQUEST['eid'])."'";
$event = dbFetchOne( $sql );
$sql = 'SELECT E.*,M.Name AS MonitorName FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?';
$event = dbFetchOne( $sql, NULL, array($_REQUEST['eid']) );
$sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '".dbEscape($_REQUEST['eid'])."' order by FrameId";
$frames = dbFetchAll( $sql );
$sql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId';
$frames = dbFetchAll( $sql, NULL, array($_REQUEST['eid']) );
$focusWindow = true;