Location: PHPKode > projects > phpMyOrdering > phpMyOrdering-0.1.7-alpha/ajaxSearch.php
<?PHP
/*
 * phpMyPurchasing
 * Jason Gerfen [hide@address.com]
 *
 * ajaxSearch.php - handle generic ajax searches
 */

if(file_exists('scripts/inc.config.php')) {
 require 'scripts/inc.config.php';

 // ensure we are being called from our configured host
 if( $defined['hostname'] === $_SERVER['SERVER_NAME'] ) {

  // obtain default options
  $defined = array_merge($defined,$handles['misc']->getDefaults());
  $defined = array_merge($defined,$handles['misc']->getAuthentication());
  $accessList = $handles['misc']->getAccessList();

  // copy and filter incoming data
  $get = @array_map( $handles['val']->ValidateXSS, $_GET );
  $post = @array_map( $handles['val']->ValidateXSS, $_POST );
  $sess = @array_map( $handles['val']->ValidateXSS, $_SESSION );
  $serv = @array_map( $handles['val']->ValidateXSS, $_SERVER );

  // initialize a db connection handle
  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );

  //define the template and cache directories
  $handles['tpl']->strTemplateDir = $defined['templates'];
  $handles['tpl']->strCacheDir    = '/tmp';
  if( !empty( $post ) ) { $flag = "TRUE"; } else { $flag = "FALSE"; }

		// gather up some information for the token
		if( ( !isset( $_SESSION['token'] ) ) || ( !is_resource( $handles['session'] ) ) ) {
		 $handles['session'] = new dbSession( $defined['timeout'] );
		}
  $_SESSION['referrer'] = $serv['HTTP_REFERER'];

  // perform authentication
  $authenticated = $handles['auth']->DecideAuth( $_SESSION['token'], $post['user'], $post['pass'], $serv );

  // process authentication and load appropriate template
  if($authenticated !== 0) {
   return;
  } else {
   if(!empty($post)) {
				if((!empty($post['order']))&&($post['order']==="true")) {
					$sql = "SELECT * FROM `purchases` WHERE `txtOrderDate` = \"" . $post['txtOrderDate'] . "\" AND `txtOrderNum` = \"" . $post['txtOrderNum'] . "\" AND `txtOrderGroup` = \"" . $post['txtOrderGroup'] . "\" AND `txtOrderAccountNumber` = \"" . $post['txtOrderAccountNumber'] . "\" AND `txtOrderETA` = \"" . $post['txtOrderETA'] . "\" AND `txtVendANDName` = \"" . $post['txtVendANDName'] . "\" AND `txtVendANDContact` = \"" . $post['txtVendANDAddress'] . "\" AND `txtVendANDPhone` = \"" . $post['txtVendANDPhone'] . "\" AND `txtVendANDPhone` = \"" . $post['txtVendANDPhone'] . "\" AND `txtVendANDEmail` = \"" . $post['txtVendANDEmail'] . "\" AND `txtDepartmentName` = \"" . $post['txtDepartmentName'] . "\" AND `txtDepartmentContact` = \"" . $post['txtDepartmentContact'] . "\" AND `txtDepartmentAddress` = \"" . $post['txtDepartmentAddress'] . "\" AND `txtDepartmentPhone` = \"" . $post['txtDepartmentPhone'] . "\" AND `txtDepartmentEmail` = \"" . $post['txtDepartmentEmail'] . "\"";
				}
    if((!empty($post['product']))&&($post['product']==="true")) {
					$sql = "SELECT * FROM 	`products` WHERE `description`  = \"\" OR `price`  = \"\" OR `number` = \"\" OR `source`  \"\"";
				}
				if((!empty($post['vendor']))&&($post['vendor']==="true")) {
					$sql = "SELECT * FROM 	`vendors` WHERE `vname`  = \"\" OR `vcontact`  = \"\" OR`vaddress`  = \"\" OR `vphone`  = \"\" OR `vemail`  = \"\"";
				}
				if((!empty($post['department']))&&($post['department']==="true")) {
					$sql = "SELECT * FROM 	`departments` WHERE `dname`  = \"\" OR `dcontact`  = \"\" OR `daddress`  = \"\" OR `dphone`  = \"\" OR `demail`  = \"\"";
				}
    if((!empty($post['groups']))&&($post['groups']==="true")) {
					$sql = "SELECT * FROM 	`groups` WHERE `txtGroupName` = \"" . $post['txtGroupName'] . "\" AND `txtGroupManager` = \"" . $post['txtGroupManager'] . "\" AND `txtGroupPhone` = \"" . $post['txtGroupPhone'] . "\" AND `txtGroupDescription` = \"" . $post['txtGroupDescription'] . "\"";
				}
    if((!empty($post['users']))&&($post['users']==="true")) {
					$sql = "SELECT `txtUserName`,`txtUserLevel`,`txtUserGroup`,`txtUserDepartment`,`txtUserFname`,`txtUserLname`,`txtUserPhone`,`txtUserEmail` FROM	`users` WHERE `txtUserName` = \"" . $post['txtUserName'] . "\" AND `txtUserLevel` = \"" . $post['txtUserLevel'] . "\" AND `txtUserGroup` = \"" . $post['txtUserGroup'] . "\" AND `txtUserFname` = \"" . $post['txtUserFname'] . "\" AND `txtUserLname` = \"" . $post['txtUserLname'] . "\" AND `txtUserDepartment` = \"" . $post['txtUserDepartment'] . "\" AND `txtUserPhone` = \"" . $post['txtUserPhone'] . "\" AND `txtUserEmail` = \"" . $post['txtUserEmail'] . "\"";
				}
    if((!empty($post['permissions']))&&($post['permissions']==="true")) {
					$sql['objects'] = "SELECT * FROM `resources` WHERE `txtObjectID` = \"" . md5($post['txtObjectName']) . "\" AND `txtObjectName` = \"" . $post['txtObjectName'] . "\" AND `txtObjectOwner` = \"" . $post['txtObjectOwner'] . "\"";
     $sql['groups'] = "SELECT * FROM `gresources` WHERE `txtObjectID` = \"" . md5($post['txtObjectName']) . "\"";
     $sql['users'] = "SELECT * FROM `uresources` WHERE `txtObjectID` = \"" . md5($post['txtObjectName']) . "\"";
				}

				if(!empty($sql)) {
     if(count($sql)>1){
      foreach($sql as $key => $value){
       if(($results = $handles['db']->dbQuery($handles['val']->ValidateSQL($value,$dbconn), $dbconn))!==-1) {
						  if($handles['db']->dbNumRowsAffected($dbconn)>0) {
							  $response[$key] = $handles['db']->dbArrayResultsAssoc($results);
						  }
					  }
      }
     } else {
 					if(($results = $handles['db']->dbQuery($handles['val']->ValidateSQL($sql,$dbconn), $dbconn))!==-1) {
 						if($handles['db']->dbNumRowsAffected($dbconn)>0) {
 							$response = $handles['db']->dbArrayResultsAssoc($results);
 						}
      }
					}
				}
   }
  }
		if($post['order']==="true") {
   $response[0] = array('txtOrderDate' => '04/21/2010',
                     'txtOrderNum' => '12343',
                     'txtOrderGroup' => 'mygroup',
                     'txtOrderAccountNumber' => 'myaccount',
                     'txtOrderETA' => '05/23/2010',
                     'txtVendorName' => 'wuka',
                     'txtVendorContact' => 'contact',
                     'txtVendorAddress' => '123 w. wtf',
                     'txtVendorPhone' => '123-123-1223',
                     'txtVendorEmail' => 'hide@address.com',
                     'txtDepartmentName' => 'mydept',
                     'txtDepartmentContact' => 'myname',
                     'txtDepartmentAddress' => '345 ',
                     'txtDepartmentPhone' => '123-123-1234',
                     'txtDepartmentEmail' => 'hide@address.com',
                     'txtOrderTrackingNumber' => '1234556',
                     'txtOrderNotes' => 'fuck this',
 																				'products' => array(
 																																								array('txtPartsID' => '001',
 																																								      'txtPartsQuantity' => '003',
 																																								      'txtPartsDescription' => 'a product',
 																																								      'txtPartsPrice' => '4.56',
 																																								      'txtPartsNumber' => '00345',
 																																								      'txtPartsSource' => 'wherever'
 																																							),
																				                    array('txtPartsID' => '025',
																																								      'txtPartsQuantity' => '023',
																																									     'txtPartsDescription' => 'a product 1',
																																									     'txtPartsPrice' => '8.56',
																																									     'txtPartsNumber' => '10345',
																																									     'txtPartsSource' => 'wtfs'
																																								)
																																							)
																			);
		}
  if(count($response[0])>0) {
   if(function_exists("json_encode")) {
    $response = json_encode(array_map($handles['val']->ValidateXSS, $response[0]));
   } else {
    $response = $handles['misc']->arr2json(array_map($handles['val']->ValidateXSS, $response[0]));
   }
  } else {
   if(function_exists("json_encode")) {
    $response = json_encode(array_map($handles['val']->ValidateXSS, $response));
   } else {
    $response = $handles['misc']->arr2json(array_map($handles['val']->ValidateXSS, $response));
   }
  }
  echo $response;

 } else {
  echo "Cannot be called from anywhere other then our defined host";
 }

} else {
 echo "Configuration file not found";
}

?>
Return current item: phpMyOrdering