PDA

View Full Version : PLEASE AD TURBOCASH PHP



Klusmakelaar
09-01-2005, 06:49 AM
hello,

the oscmax is create. I hope that oscmax final release 2.x is with an upgrade install. My sql is more then 7 Mb and uploading is not an option for me (max 2.x MB).

My bookkeeper always start crying :wink: when i bring my bookkeeping. I'm trying to connect turbocash www.turbocash.nl with my shop. It is in 12 languages!!!

The problem is i can connect with my database but is not work correctly. Like I Understand the php needs corrections.

who can halp me, and i think a great program to ad is as a MOD.

The php file:

<?php
/*
$Id: turbocash.php,v 1.02 2005/02/25 22:50:52 hpdl Exp $
######################################
upgraded from 1.01 to 1.02 by paulm:
$HTTP_GET_VARS (depricated) => $_GET
$HTTP_POST_VARS => $POST
added magic quotes fix (stripslashes())
######################################
B-Com Business Communication, The communication experts

Copyright (c) 2005 B-Com bv.

Released under the GNU General Public License
*/

require_once('./configure.php');

$hostname = DB_SERVER;
$databasename = DB_DATABASE;
$mysqlusername = DB_SERVER_USERNAME;
$mysqlpassword = DB_SERVER_PASSWORD;

$ipallowed = array();
//
// Only make changes between these lines
//
// ================================================== ==================
//
// If you want ip checking (just to be shure) uncomment one or more off
// the following line(s) and change the ip numbers to those you want to allow
// else checking is off.
//
// $ipallowed[] = '192.168.1.2';
// $ipallowed[] = '82.161.104.114';
// ================================================== ==================

if ((count($ipallowed)) && (!in_array($_SERVER['REMOTE_ADDR'],$ipallowed))) {
echo 'Not allowed !';
exit(0);
}

// Allowed actions. If you do not like an action comment it out.
// Leave array empty for ALL actions allowed

$actionallowed = array();
$actionallowed[] = 'SELECT';
$actionallowed[] = 'UPDATE';
$actionallowed[] = 'INSERT';
$actionallowed[] = 'DELETE';
$actionallowed[] = 'CREATE';
$actionallowed[] = 'ALTER';
$actionallowed[] = 'SHOW';
//$actionallowed[] = 'DROP';

// Array of php(mysql) datatypes to Delphi types ?

$todelphi = array(
'int' => 'i4',
'real' => 'r8',
'string'=> 'string',
'null' => 'string',
'blob'=> 'bin.hex" SUBTYPE="TEXT',
'text'=> 'bin.hex" SUBTYPE="TEXT',
'datetime' => 'dateTime',
'date' => 'date');

// Load the string-to-utf8 converter

require('utf8.class.php');

$utfConverter = new utf8(CP1250);

// See if there is a valid sql command either GET or POST method

if (isset($_GET['sql']) && $_GET['sql'] != '') {
$query = $_GET['sql'];
} elseif (isset($_POST['sql']) && $_POST['sql'] != '') {
$query = $_POST['sql'];
} else {
$utfConverter->utf8error('No valid mysql query');
exit(0);
}
$query = stripslashes($query); // prevent error with magic quotes :: paulm
// Get the command in uppercase

$sqlaction = strtoupper(substr($query,0,strpos($query," ")));

// To prevent sql injection due to multiple sql commands on one line separated
// by an ; chop the query.

if (strpos($query,";"))
$query = substr($query,0,strpos($query,";"));

// Again making shure that we PERMITT this action. See table $actionallowed

if ((count($actionallowed)) && (!in_array($sqlaction,$actionallowed))) {
$utfConverter->utf8error('Your action is not allowed !');
exit(0);
}
// End of remove or replace

// Connect to the databse server

$database = mysql_connect($hostname, $mysqlusername, $mysqlpassword);
if (mysql_errno()) {
$utfConverter->utf8error(mysql_error());
exit(0);
}

// Select the database

mysql_select_db($databasename, $database);
if (mysql_errno()) {
$utfConverter->utf8error(mysql_error());
exit(0);
}

// Just follow the sql command making a case: entry for every command allowed

switch ($sqlaction) {
case 'SELECT':

$result = mysql_query($query, $database);
if (mysql_errno()) {
$utfConverter->utf8error(mysql_error());
exit(0);
}
$fields = mysql_num_fields($result);
$rows = mysql_num_rows($result);

// Check if there are fields in this set

if ($fields < 1) {
$utfConverter->utf8error("Empty query");
exit(0);
}

// Pre output xml headers no errors after this part

$xmloutput = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
$xmloutput .= '<DATAPACKET Version="2.0">' . "\n";
$xmloutput .= '<METADATA><FIELDS>' . "\n";
echo $utfConverter->strToUtf8($xmloutput);

// All descriptions of the fields in the output

for ($i=0; $i < $fields; $i++) {
$xmloutput = '<FIELD attrname="' . mysql_field_name($result,$i);

switch ($todelphi[mysql_field_type($result,$i)]) {
case 'string':
$xmloutput .= '" fieldtype="'. $todelphi[mysql_field_type($result,$i)] . '" WIDTH="' . mysql_field_len($result,$i);
break;
default:
$xmloutput .= '" fieldtype="'. $todelphi[mysql_field_type($result,$i)];
break;
}
if (in_array('auto_increment',explode(" ",mysql_field_flags($result,$i)))) {
$xmloutput .= '" readonly="true" SUBTYPE="Autoinc';
}
$xmloutput .= '" />' . "\n";
echo $utfConverter->strToUtf8($xmloutput);
}

// Ending the field descriptions

echo $utfConverter->strToUtf8('</FIELDS>' . "\n");
echo $utfConverter->strToUtf8('</METADATA>' . "\n");

// Start outputing the actual data only if there is any

echo $utfConverter->strToUtf8('<ROWDATA>' . "\n");

if ($rows > 0) {

// For all the rows in the database

for ($j=0;$j < $rows; $j++) {
$xmloutput = '<ROW ';
$data = mysql_fetch_row($result);

// And for all the fields in this row

for ($i=0; $i<$fields; $i++) {
switch ($todelphi[mysql_field_type($result,$i)]) {
case 'dateTime':
$data[$i] = str_replace("-", "", $data[$i]);
$data[$i] = str_replace(" ", "T", $data[$i]);
if (substr($data[$i],0,1) != '0' && substr($data[$i],0,1) != ' ')
$xmloutput .= mysql_field_name($result,$i).'="'.substr($data[$i],0,8).substr($data[$i],8,8).'000" ';
else
$xmloutput .= mysql_field_name($result,$i).'="" ';
break;
case 'date':
$data[$i] = str_replace("-", "", $data[$i]);
if (substr($data[$i],0,1) != '0' && substr($data[$i],0,1) != ' ')
$xmloutput .= mysql_field_name($result,$i).'="'.substr($data[$i],0,8).'" ';
else
$xmloutput .= mysql_field_name($result,$i).'="" ';
break;
default:
$xmloutput .= mysql_field_name($result,$i).'="'.htmlspecialchars($data[$i]).'" ';
break;
}
}
$xmloutput .= '/>'. "\n";

// Before outputting a string convert it to utf8

echo $utfConverter->strToUtf8($xmloutput);
}

// Close off the output data

}
echo $utfConverter->strToUtf8('</ROWDATA>' . "\n");
echo $utfConverter->strToUtf8('</DATAPACKET>' . "\n");
break;
case 'UPDATE':
case 'INSERT':
case 'DELETE':
if (!mysql_query($query, $database)) {
$utfConverter->utf8error(mysql_error());
exit(0);
} else {
$xmloutput = '<RESULT>' . "\n";
$xmloutput .= 'OK' . "\n";
$xmloutput .= mysql_affected_rows() . "\n";
$xmloutput .= '</RESULT>' . "\n";
echo $utfConverter->strToUtf8($xmloutput);
}
break;
}

// Close the database connection

mysql_close($database);
?>

Klusmakelaar
09-09-2005, 03:36 AM
hello,

nobady can of doesnt wanne help?

jpf
09-09-2005, 11:39 AM
I would say to contact Pieter Valentijn from turbocash.nl that made this external program. There is no turbocash.php file in any files in the contribution section that I could find so I don't think you will get much help here.... Sorry....