Location: PHPKode > projects > ERPSOD > erpsod/erpsod_api.php
<?PHP
/* Function SAFE_FILENAME */
function safe_filename($filename) {
	//  Convert to lower case
	$filename = strtolower($filename);
	//  Replace spaces with underscores
	$filename = str_replace(' ', '_', $filename);
	//  Remove anything not a-z, 0-9, _ or .
	$filename = preg_replace('/[^[a-z0-9_\.]/', '', $filename);
	//  Send filename back
	return $filename;
}

/* Function CHECKSOD check user generic*/
function checksod($id){
/*
* Checks if there is a possible conflict for this user
* returns one of 3 possible values:
* 1 = Green     No conflict
* 2 = Orange    Conflict, mitigated
* 3 = Red       Conflict, no mitigation
*
*/
$checked='1' ;
$sql1= "select taskid from usertask where erpuserid=$id" ;
$result1= mysql_query($sql1);
$tasktel= mysql_num_rows($result1);
If ($tasktel>0){
	while ($row1 = mysql_fetch_array($result1, MYSQL_NUM)) {
		// first retrieve reftaskid
		$sql2="select reftaskid from erptask where taskid=$row1[0]";
		$result2 = mysql_query($sql2);
		$row2 = mysql_fetch_array($result2, MYSQL_NUM);
		$reftaskid=$row2[0];
		// now verify if sod conflicts exist
		// reftask ay not conflict witth any of the other reftasks connected to this user
		$sql3="select mitigated,sodform from tasksod,usertask,erptask where erpuserid=$id and tasksod.sodid=erptask.reftaskid and usertask.taskid=erptask.taskid and tasksod.taskid=$reftaskid and erptask.reftaskid != $reftaskid";
		$result3 = mysql_query($sql3);
		$sodtel3 = mysql_num_rows($result3);
		if ($sodtel3>0){
			$checked ='3';
			$row3 = mysql_fetch_array($result3, MYSQL_NUM);
			if ($form_needed<>"Y"){
				if ($row3[0]=="Y"){
					$checked='2';
				}
			} else {
				if ($row3[0]=="Y" and $row3[1]<>""){
					$checked='2';
				}
			}
		}
	}
}
return $checked;
}

/* Function CHECKSOD2 check user/task */
function checksod2($userid,$id){
/*
* Checks if there is a possible conflict for this user
* returns one of 3 possible values:
* 1 = Green     No conflict
* 2 = Orange    Conflict, mitigated
* 3 = Red       Conflict, no mitigation
*
*/
$checked='1' ;
$sodname='';
// first retrieve reftaskid
$sql2="select reftaskid from erptask where taskid=$id";
$result2 = mysql_query($sql2);
$row2 = mysql_fetch_array($result2, MYSQL_NUM);
$reftaskid=$row2[0];
$sql3="select mitigated,sodid,sodform from tasksod,usertask,erptask where erpuserid=$userid and tasksod.sodid=erptask.reftaskid and usertask.taskid=erptask.taskid and tasksod.taskid=$reftaskid and erptask.reftaskid != $reftaskid";
$result3 = mysql_query($sql3);
$sodtel3 = mysql_num_rows($result3);
if ($sodtel3>0){
	$checked ='3';
	$row3 = mysql_fetch_array($result3, MYSQL_NUM);
	if ($form_needed<>"Y"){
		if ($row3[0]=="Y"){
			$checked='2';
		}
	} else {
		if ($row3[0]=="Y" and $row3[2]<>""){
			$checked='2';
		}
	}
	$sql9="select taskname from erptask where taskid=$row3[1]";
	$result9 = mysql_query($sql9);
	$row9 = mysql_fetch_array($result9, MYSQL_NUM);
	$sodname=$row9[0];
}
$retval  =$checked ;
$retval .= '|';
$retval .= $sodname;
return $retval;
}

/* Function HTML_DROP_DOWN */
function html_drop_down ($size,$in_name,$in_tablename,$in_value_column_name,$in_display_column_name,$in_other_value = "",$in_other_display = "",$in_selected_value = "",$in_where_clause = "",$in_secondval="") {
	// build the SQL string
	if ($in_secondval) {
		$sql = "SELECT " . $in_value_column_name . " col_val," . $in_display_column_name . " col_disp,". $in_secondval . " col_disp2" ." FROM " . $in_tablename;
	}else{
		$sql = "SELECT " . $in_value_column_name . " col_val," . $in_display_column_name . " col_disp" ." FROM " . $in_tablename;
	}
	if ($in_where_clause) {
		$sql .= " " . $in_where_clause;
	}
	$sql .= " order by col_disp";
	$result = mysql_query($sql);

	// build the select list.
	if ($result) {
		$return_value = "<SELECT NAME=\"$in_name\" SIZE=$size>"; 

		if ($in_other_display) {
			$return_value .= "<OPTION VALUE=\"$in_other_value\"> $in_other_display </OPTION>";
		}

		while ($rec = mysql_fetch_array($result)) {
			$return_value .= "<OPTION ";
			if ($in_selected_value) {
				if ($rec["col_val"] == $in_selected_value) {
					$return_value .= " SELECTED ";
				}
			}
			if ($in_secondval) {
				$return_value .= " VALUE=\"" . $rec["col_val"] . "\"> " . $rec["col_disp"] ." => ". $rec["col_disp2"] . " </OPTION>";
			}else{
				$return_value .= " VALUE=\"" . $rec["col_val"] . "\"> " . $rec["col_disp"] . " </OPTION>";
			}
		}
		$return_value .= "</select>";
	} else {
		$return_value .= "No data.";
	}
	if ($result){
		mysql_free_result($result);
	}
	return $return_value;
}

/* Function HTML_DROP_DOWN  with colors*/
function html_drop_down2 ($size,$in_name,$in_tablename,$in_value_column_name,$in_display_column_name,$in_other_value = "",$in_other_display = "",$in_selected_value = "",$in_where_clause = "",$in_secondval="") {
	// build the SQL string
	if ($in_secondval) {
		$sql = "SELECT " . $in_value_column_name . " col_val," . $in_display_column_name . " col_disp,". $in_secondval . " col_disp2" ." FROM " . $in_tablename;
	}else{
		$sql = "SELECT " . $in_value_column_name . " col_val," . $in_display_column_name . " col_disp" ." FROM " . $in_tablename;
	}
	if ($in_where_clause) {
		$sql .= " " . $in_where_clause;
	}
	$sql .= " order by col_disp";
	$result = mysql_query($sql);
	// build the select list.
	if ($result) {
		$return_value = "<SELECT NAME=\"$in_name\" SIZE=$size>"; 

		if ($in_other_display) {
			$return_value .= "<OPTION VALUE=\"$in_other_value\"> $in_other_display </OPTION>";
		}

		while ($rec = mysql_fetch_array($result)) {
			$status=checksod($rec["col_val"]);
			if ($status == '1'){
				$return_value .= "<OPTION class='green'";
			}
			if ($status == '2'){
				$return_value .= "<OPTION class='orange'";
			}
			if ($status == '3'){
				$return_value .= "<OPTION class='red'";
			}
			if ($in_selected_value) {
				if ($rec["col_val"] == $in_selected_value) {
					$return_value .= " SELECTED ";
				}
			}
			if ($in_secondval) {
				$return_value .= " VALUE=\"" . $rec["col_val"] . "\"> " . $rec["col_disp"] ." => ". $rec["col_disp2"] . " </OPTION>";
			}else{
				$return_value .= " VALUE=\"" . $rec["col_val"] . "\"> " . $rec["col_disp"] . " </OPTION>";
			}
		}
		$return_value .= "</select>";
	} else {
		$return_value .= "No data.";
	}
	if ($result){
		mysql_free_result($result);
	}
	return $return_value;
}

/* function to check minimum level of authorisation */
function role_check ($role='Viewer'){
$roleok= true;
//checks cookies to make sure Admin is logged in 
if(isset($_COOKIE['ID_my_site'])) { 
	$username = $_COOKIE['ID_my_site']; 
	$pass = $_COOKIE['Key_my_site']; 
	$check = mysql_query("SELECT * FROM users WHERE upper(username) = '$username' and active='Y'")or die(mysql_error()); 
	while($info = mysql_fetch_array( $check )) { 
		//if the cookie has the wrong password, they are taken to the login page 
		if ($pass != $info['password']) { 
				$roleok= false; 
		} else {
			if ($role=='Admin'){
				if ($role != $info['sysrole']) { 
					$roleok= false; 
				}
			}
			if ($role=='Updater'){
				if ($info['sysrole'] == 'Viewer') { 
					$roleok= false; 
				}
			}
		}
	}
} else{
	$roleok= false;; 
}
return $roleok ;
}
Return current item: ERPSOD