caharkness/QueryRunnerBS5
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added authentication via UserAuth class (not supplied)

Browse Source
This commit is contained in:
Conner Harkness 2025-08-28 11:44:13 -06:00
parent 4ca7573dc5
commit 080277a0a8
2 changed files with 165 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
init.php
View File

@ -8,5 +8,9 @@
file_put_contents($strDBCSFile, $strDBCS); file_put_contents($strDBCSFile, $strDBCS);
$strDBCS = trim(file_get_contents($strDBCSFile)); $strDBCS = trim(file_get_contents($strDBCSFile));
$c = new DatabaseConnection($strDBCS); $varDBCSParts = explode("\n", $strDBCS);
$strUsername = $varDBCSParts[1];
$strPassword = $varDBCSParts[2];
$c = new DatabaseConnection($varDBCSParts[0], $strUsername, $strPassword);
?> ?>

141
pages/run.php
View File

@ -1,7 +1,9 @@
<?php <?php
global $c; global $c;
global $varPosted;
global $varRows;
$strQueryDir = "files/queries"; $strQueryDir = "files/sql";
$varFiles = scandir($strQueryDir); $varFiles = scandir($strQueryDir);
$varFiles = array_diff($varFiles, [".", ".."]); $varFiles = array_diff($varFiles, [".", ".."]);
@ -10,20 +12,65 @@
$varInputs = [[]]; $varInputs = [[]];
$varRows = null; $varRows = null;
$strError = null; $strError = null;
$varOptions = [];
$intAllowed = 1;
if ($strSelection !== null && strlen($strSelection) > 0) if ($strSelection !== null && strlen($strSelection) > 0)
{ {
$strFileData = file_get_contents("{$strQueryDir}/{$strSelection}"); $strFileData = file_get_contents("{$strQueryDir}/{$strSelection}");
preg_match_all("/declare\s+\@([A-Za-z0-9]{1,})\s+(.+)\s+=\s+\?/i", $strFileData, $varInputs); // Get the inputs:
preg_match_all(
"/declare\s+\@([A-Za-z0-9]{1,})\s+(.+)\s+=\s+\?/i",
$strFileData,
$varInputs);
//Respond::json($varMatces); // Get the options defined in comments:
preg_match_all(
"/--\s+([A-Za-z0-9]{1,})\:\s+(.+)/i",
$strFileData,
$varOptionMatches);
if (count($varOptionMatches[0]) > 0)
{
for ($i = 0; $i < count($varOptionMatches[0]); $i++)
{
$strKey = strtolower($varOptionMatches[1][$i]);
$strValue = $varOptionMatches[2][$i];
$varOptions[$strKey] = $strValue;
}
}
if (array_key_exists("allow", $varOptions))
{
$intAllowed = 0;
$strAllowedObjects = strtolower($varOptions["allow"]);
$varAllowedObjects = explode(",", $strAllowedObjects);
$varUserObjects = [];
if (class_exists("UserAuth"))
{
$varUser = UserAuth::getUser();
if ($varUser !== null)
{
foreach (UserAuth::getUserGroups() as $strGroup)
$varUserObjects[] = strtolower($strGroup);
$varUserObjects[] = strtolower($varUser["cn"]);
}
}
foreach ($varAllowedObjects as $strObject)
if (in_array($strObject, $varUserObjects))
$intAllowed = 1;
}
$intRun = Request::getParam("run"); $intRun = Request::getParam("run");
//if (Request::posts("run_query")) //if (Request::posts("run_query"))
if ($intRun !== null && $intRun == 1) if ($intRun !== null && $intRun == 1 && $intAllowed == 1)
{ {
$varPosted = Request::getParams(); $varPosted = Request::getParams();
unset($varPosted["run"]); unset($varPosted["run"]);
@ -31,6 +78,16 @@
try try
{ {
$varRows = $c->query("{$strQueryDir}/{$strSelection}", $varPosted); $varRows = $c->query("{$strQueryDir}/{$strSelection}", $varPosted);
$strView = "files/views/{$strSelection}.php";
// Load a custom view if there is one:
if (file_exists($strView))
{
ob_clean();
require $strView;
ob_end_flush();
exit;
}
} }
catch (Exception $x) catch (Exception $x)
{ {
@ -46,12 +103,21 @@
} }
} }
} }
// Fancier title processing:
$strTitle = null;
if (array_key_exists("title", $varOptions))
$strTitle = $varOptions["title"];
$strTitle = $strTitle ?? $strSelection ?? "Report";
?> ?>
<title><?= $strTitle; ?></title>
<div class="navbar navbar-expand bg-primary d-print-none"> <div class="navbar navbar-expand bg-primary d-print-none">
<div class="container-fluid justify-content-between"> <div class="container-fluid justify-content-between">
<div class="d-inline-flex align-items-center"> <div class="d-inline-flex align-items-center">
<a class="navbar-brand" href="/"><?= $strSelection ?? "Report"; ?></a> <a class="navbar-brand" href="/"><?= $strTitle; ?></a>
<a class="nav-item btn btn-outline-light me-2" onclick="fnShowPage('#page-input');"><i class="fa fa-fw fa-edit"></i> <span class="d-none d-lg-inline">Setup</span></a> <a class="nav-item btn btn-outline-light me-2" onclick="fnShowPage('#page-input');"><i class="fa fa-fw fa-edit"></i> <span class="d-none d-lg-inline">Setup</span></a>
@ -68,7 +134,7 @@
<?php if ($strError !== null): ?> <?php if ($strError !== null): ?>
<div class="row"> <div class="row">
<div class="col-sm-12"> <div class="col-md-12">
<div class="alert alert-danger"> <div class="alert alert-danger">
<pre class="mb-0"><?= $strError; ?></pre> <pre class="mb-0"><?= $strError; ?></pre>
</div> </div>
@ -78,7 +144,7 @@
<?php if ($varRows !== null && count($varRows) < 1): ?> <?php if ($varRows !== null && count($varRows) < 1): ?>
<div class="row"> <div class="row">
<div class="col-sm-12"> <div class="col-md-12">
<div class="alert alert-warning"> <div class="alert alert-warning">
No rows returned. No rows returned.
</div> </div>
@ -87,7 +153,7 @@
<?php endif; ?> <?php endif; ?>
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-md-4">
<div class="mb-3"> <div class="mb-3">
<label>Choose Query</label> <label>Choose Query</label>
<div class="input-group"> <div class="input-group">
@ -108,6 +174,31 @@
</div> </div>
</div> </div>
<?php if ($intAllowed == 1): ?>
<?php foreach (["danger", "warning", "info"] as $strClass): ?>
<?php if (array_key_exists($strClass, $varOptions)): ?>
<div class="row">
<div class="col-md-4">
<div class="alert alert-<?= $strClass; ?>">
<strong><?= ucfirst($strClass); ?>:</strong> <?= $varOptions[$strClass]; ?>
</div>
</div>
</div>
<?php endif; ?>
<?php endforeach; ?>
<?php foreach (["description"] as $strClass): ?>
<?php if (array_key_exists($strClass, $varOptions)): ?>
<div class="row">
<div class="col-md-4">
<div class="mb-3">
<?= $varOptions[$strClass]; ?>
</div>
</div>
</div>
<?php endif; ?>
<?php endforeach; ?>
<form method="get"> <form method="get">
<?php if (count($varInputs[0]) > 0): ?> <?php if (count($varInputs[0]) > 0): ?>
@ -115,16 +206,21 @@
<?php <?php
$strInputName = $varInputs[1][$i]; $strInputName = $varInputs[1][$i];
$strInputType = $varInputs[2][$i]; $strInputType = $varInputs[2][$i];
$strInputTypeHTML = "text";
if ($strInputType == "datetime")
$strInputTypeHTML = "date";
?> ?>
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-md-4">
<div class="mb-3"> <div class="mb-3">
<label><?= $strInputName; ?> <code><?= $strInputType; ?></code></label> <label><?= $strInputName; ?> <code><?= $strInputType; ?></code></label>
<div class="input-group"> <div class="input-group">
<span class="input-group-text"><i class="fa fa-fw fa-at"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-at"></i></span>
<input type="text" class="form-control" name="<?= $strInputName; ?>" value="<?= Request::getParam($strInputName); ?>" /> <input type="<?= $strInputTypeHTML; ?>" class="form-control" name="<?= $strInputName; ?>" value="<?= Request::getParam($strInputName); ?>" />
</div> </div>
</div> </div>
</div> </div>
@ -134,7 +230,7 @@
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-md-4">
<div class="mb-3"> <div class="mb-3">
<label>Actions</label> <label>Actions</label>
<div> <div>
@ -146,6 +242,18 @@
<input type="hidden" name="run" value="1" /> <input type="hidden" name="run" value="1" />
</form> </form>
<?php else: ?>
<div class="row">
<div class="col-md-4">
<div class="text-danger mb-3">
The selected report requires being logged in as a user with permission to run it.
</div>
</div>
</div>
<?php endif; ?>
</div> </div>
</div> </div>
@ -160,6 +268,17 @@
$varColumns[] = $k; $varColumns[] = $k;
?> ?>
<div class="d-none d-print-block">
<h1><?= $strTitle; ?></h1>
<ul>
<?php foreach ($varPosted as $k => $v): ?>
<li><?= $k; ?>: <?= $v; ?></li>
<?php endforeach; ?>
<li>Printed: <?= date("Y-m-d H:i:s"); ?></li>
</ul>
</div>
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-sm table-striped table-bordered w-100" id="table"> <table class="table table-sm table-striped table-bordered w-100" id="table">
<thead> <thead>