0) { $strSelection = urldecode($strSelection); $strFileDataSource = file_get_contents("{$strQueryDir}/{$strSelection}"); $strFileData = $strFileDataSource; $fncReplaceDate = function($strInput) { return date_create($strInput) ->format("Y-m-d"); }; $fncReplaceSQL = function($strSQL) { global $c; $varRows = $c->query($strSQL); if (count($varRows) > 0) foreach ($varRows[0] as $k => $v) return $varRows[0][$k]; }; $fncReplaceServer = function($strInput) { // Take no chances on possible SQL injection: $strValue = $_SERVER[$strInput]; $strValue = preg_replace("/\'/i", "", $strValue); return $strValue; }; $varReplaceMap = [ ["SQL", $fncReplaceSQL], ["Date", $fncReplaceDate], ["Server", $fncReplaceServer] ]; foreach ($varReplaceMap as $varReplace) { $strKey = $varReplace[0]; $fncReplace = $varReplace[1]; preg_match_all( "/\{\{\s+{$strKey}\:\s+(.+?)\s+\}\}/i", $strFileData, $varMatches); //if ($varReplace[0] == "Server") // Respond::json($varMatches); for ($i = 0; $i < count($varMatches[0]); $i++) { $strMatch = $varMatches[0][$i]; $strMatchSafe = preg_quote($strMatch); $strInput = $varMatches[1][$i]; $strOutput = $fncReplace($strInput); while (preg_match("/{$strMatchSafe}/i", $strFileData)) { $strFileData = preg_replace( "/{$strMatchSafe}/i", $strOutput, $strFileData); } } } //ob_clean(); //header("Content-Type: text/plain"); //echo $strFileData; //ob_end_flush(); //exit; // Get the inputs: preg_match_all( "/declare\s+\@([A-Za-z0-9]{1,})\s+(.+)\s+=\s+\?;(\s+-- ([A-Za-z0-9]{1,})\:\s(.*))?/i", $strFileData, $varInputs); // Get the options defined in comments: preg_match_all( "/--\s+([A-Za-z0-9]{1,})\:\s+(.+)/i", $strFileData, $varOptionMatches); if (count($varOptionMatches[0]) > 0) { for ($i = 0; $i < count($varOptionMatches[0]); $i++) { $strKey = strtolower($varOptionMatches[1][$i]); $strValue = $varOptionMatches[2][$i]; $varOptions[$strKey] = $strValue; } } if (array_key_exists("nosorting", $varOptions)) $intSortable = 0; if (array_key_exists("allow", $varOptions)) { $intAllowed = 0; $strAllowedObjects = strtolower($varOptions["allow"]); $varAllowedObjects = explode(",", $strAllowedObjects); $varUserObjects = []; if (class_exists("UserAuth")) { $varUser = UserAuth::getUser(); if ($varUser !== null) { foreach (UserAuth::getUserGroups() as $strGroup) $varUserObjects[] = strtolower($strGroup); $varUserObjects[] = strtolower($varUser["cn"]); } } foreach ($varAllowedObjects as $strObject) if (in_array($strObject, $varUserObjects)) $intAllowed = 1; } $varPosted = Request::getParams(); $intRun = 0; $intIsPOST = 0; // Merge POST with the GET params: // POSTing implies running the query, too. foreach (Request::getPosted() as $k => $v) { $varPosted[$k] = $v; $intRun = 1; $intIsPOST = 1; } $intRun = $varPosted["run"] ?? $intRun; $strFormat = $varPosted["format"] ?? null; // Auto-format the output to be JSON when the POSTed Content-Type is JSON: if (Request::getHeader("Content-Type") == "application/json") $strFormat = "json"; // Remove these keys from submitted fields: foreach (["run", "format"] as $k) if (array_key_exists($k, $varPosted)) unset($varPosted[$k]); if ($intRun !== null && $intRun == 1 && $intAllowed == 1) { try { $varRows = $c->query($strFileData, $varPosted); $strQueryView = "{$strQueryPath}.php"; if (count($varRows) > 0) { if (array_key_exists("__Section", $varRows[0])) { $intSectioned = 1; $intSortable = 0; } } // Allow returning the data as JSON for APIs, maybe: if (strtolower($strFormat) == "json") Respond::json($varRows); } catch (Exception $x) { $strMessage = $x->getMessage(); $strError = $strMessage; $strError .= "\n\n"; $strFile = $x->getFile(); $intLine = $x->getLine(); $strError .= "#-1 {$strFile}({$intLine}): {$strMessage}\n"; $strError .= $x->getTraceAsString(); } } } // Fancier title processing: $strTitle = "Select Report"; if ($strSelection !== null && strlen($strSelection) > 0) $strTitle = $strSelection; if (array_key_exists("title", $varOptions)) $strTitle = $varOptions["title"]; // Allow returning a message for POST/form-like inputs: $strOutputMessage = null; $strOutputMessageClass = null; $strRedirectURL = null; if ($intIsPOST) { if ($varRows !== null && count($varRows) == 1) { $varRow1 = $varRows[0]; $strOutputMessage = $varRow1["message"] ?? null; $strOutputMessageClass = $varRow1["message_class"] ?? ""; $strRedirectURL = $varRow1["redirect_url"] ?? null; $varRows = null; } if (array_key_exists("redirecturl", $varOptions)) $strRedirectURL = $varOptions["redirecturl"]; } // Render the visibility immediately to prevent flicker: $strPageInputClass = ""; $strPageOutputClass = "d-none"; if ($varRows !== null && count($varRows) > 0) { $strPageInputClass = "d-none"; $strPageOutputClass = ""; } ?> <?= $strTitle; ?>
Options 0): ?> Results .csv Print
No rows returned.
:
0): ?> 0) $strInputDefaultValue = $varInputs[5][$i]; $varInputOptions = []; if (strtolower($varInputs[4][$i]) == "options") { $strOptionsList = $varInputs[5][$i]; $varInputOptions = explode(",", $strOptionsList); } ?>
0): ?>
0): ?> Reset
"> */ ?>
The selected report requires being logged in as a user with permission to run it.
0) $varDirectories[$strDirectory] = 1; } ?>
Home
$a): ?>
0): ?>
0): ?> $v) $varColumns[] = $k; $strDisplayRowAs = null; if (array_key_exists("displayrowas", $varOptions)) if (preg_match("/^col\-/i", $varOptions["displayrowas"])) $strDisplayRowAs = $varOptions["displayrowas"]; ?>

    $v): ?>
  • :
  • Printed:
  • Filter:
0) $strCellClass = $strRowClass; if (strlen($strNextCellClass) > 0) $strCellClass = $strNextCellClass; // Allow SQL data to controll next cell class with __NextCellClass column: if (preg_match("/^__NextCellClass/i", $col)) $strNextCellClass = $r[$col]; // Hide columns that begin with underscore: if ($col[0] == "_") continue; ?>
0) $strCellClass = $strRowClass; if (strlen($strNextCellClass) > 0) $strCellClass = $strNextCellClass; // Allow SQL data to controll next cell class with __NextCellClass column: if (preg_match("/^__NextCellClass/i", $col)) $strNextCellClass = $r[$col]; // Hide columns that begin with underscore: if ($col[0] == "_") continue; ?>
0): ?> 0): ?> ">