From f5fb0d08adcc449104667fc102c9b216a1275259 Mon Sep 17 00:00:00 2001
From: igor <irigm@mail.ru>
Date: Thu, 24 Aug 2023 13:22:15 +0600
Subject: [PATCH] =?UTF-8?q?=D0=9C=D0=B5=D0=BB=D0=BE=D1=87=D1=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 metadata/dbms/records.php   | 34 ++++++++++++++++++++++++++++++----
 metadata/dbms/showrecord.js | 28 +++++++++++++++-------------
 metadata/dbms/tools.js      | 12 ++++++++++--
 metadata/include/tools.php  |  3 ++-
 4 files changed, 57 insertions(+), 20 deletions(-)

diff --git a/metadata/dbms/records.php b/metadata/dbms/records.php
index be726c4..d69291e 100644
--- a/metadata/dbms/records.php
+++ b/metadata/dbms/records.php
@@ -1,4 +1,5 @@
 <?php
+    use lfkeitel\phptotp\{Base32,Totp};
 //sleep(1);
 
 	//ini_set('display_errors','Off'); //Чтоб ошибки не отправлялись клиентам
@@ -718,7 +719,8 @@
 					{
 					    if(array_key_exists($nextnode->getAttribute("n"),$row))
 					    {
-					        $xmlstring.='<![CDATA['.$row[$nextnode->getAttribute("n")].']]>';
+					        $field = $nextnode->getAttribute("n");
+					        $xmlstring.='<![CDATA['.$row[$field].']]>';
 					    }else
 					    {
 					        sendError("Column \"".$nextnode->getAttribute("n")."\" not exists in \"$typename\" for select!");
@@ -934,6 +936,8 @@
 		$cmd=getCdataValue(findFirstNode($reqNode,"cmd"));
 		$login=getCdataValue(findFirstNode($reqNode,"login"));
 		$password=getCdataValue(findFirstNode($reqNode,"password"));
+        $key=getCdataValue(findFirstNode($reqNode,"key"));
+        $time=getCdataValue(findFirstNode($reqNode,"time"));
 		$guid=getCdataValue(findFirstNode($reqNode,"guid")); //Зачем коментил?
 
 		if($cmd==0) //Restore password by email
@@ -973,7 +977,7 @@
                     $html .= '<b>' . $password . '</b>';
                     $html .= '</body></html>';
                     //mail($login,'rigor.kz','Not implement',"Content-type: text/html; charset=utf-8\r\nFrom: rigor Site <info@rigor.kz>");
-                    if (!mail($login, 'Password for transit.istt.kz', $html, "Content-type: text/html; charset=utf-8\r\nFrom: Transit Site <no-reply@istt.kz>")) {
+                    if (!mail($login, 'Password for monitoring', $html, "Content-type: text/html; charset=utf-8\r\nFrom: Transit Site <no-reply@istt.kz>")) {
                         sendError("Failed to send mail to: " . $row["email"]);
                     }
                 }
@@ -1030,6 +1034,8 @@
 					$xs.='	<surname><![CDATA['.$row['surname'].']]></surname>'."\n";
 					$xs.='	<patronymic><![CDATA['.$row['patronymic'].']]></patronymic>'."\n";
 					$xs.='	<company_id><![CDATA['.$row['company_id'].']]></company_id>'."\n";
+                    $xs.='	<expiration><![CDATA['.$row['expiration'].']]></expiration>'."\n";
+                    $xs.='	<overdue><![CDATA['.$row['overdue'].']]></overdue>'."\n";
 				}
 			}
 			$xs.='</metadata>';
@@ -1046,16 +1052,34 @@
 			$name='';
 			$surname='';
 			$patronymic='';
+            $expiration=false;
+            $overdue=false;
 			$sql="select * from ".$Schema."p__Login(".getSQLValue($idType,$_SESSION['USER_ID']).",'$login','$password',null,null,null);";
+/*
+$ga=new GoogleAuthenticator;
+$code=$ga->getCode($user->ga_secret);
+if ($code!=$_POST['code']) return new AuthError('invalid code');
+*/
 			$res = $db->query($sql);
 			if($res->rowCount()>0)
-			{	$result = $res->fetch(PDO::FETCH_ASSOC);
+			{
+			    $result = $res->fetch(PDO::FETCH_ASSOC);
 				$ans='1';
 				$_SESSION['USER_ID']=$result['id'];
 				$name=$result['name'];
 				$surname=$result['surname'];
 				$patronymic=$result['patronymic'];
-				
+                $expiration=$result['expiration']; //Дата смены пароля
+                $overdue=$result['overdue']; //Просрочен ли пароль
+                //Проверяю на соответствие токену TOPT если секретный ключ задан
+                if($result['secret']){
+                    $secret = Base32::decode($result['secret']);
+                    $genkey = (new Totp('sha1',0,60))->GenerateToken($secret,$time);
+                    if($key != $genkey) {
+                        $ans = '0';
+                        $_SESSION['USER_ID'] = '';
+                    }
+                }
 			}
 			$xs='<?xml version="1.0" encoding="utf-8"?>'."\n";
 			$xs.='<metadata fn="7">'."\n";
@@ -1065,6 +1089,8 @@
 			$xs.='	<name><![CDATA['.$name.' '.$surname.' '.$patronymic.']]></name>'."\n";
 			$xs.='	<sesid><![CDATA['.session_id().']]></sesid>'."\n";
 			$xs.='	<sesname><![CDATA['.session_name().']]></sesname>'."\n";
+            $xs.='	<expiration><![CDATA['.$expiration.']]></expiration>'."\n";
+            $xs.='	<overdue><![CDATA['.$overdue.']]></overdue>'."\n";
 			$xs.='</metadata>';
             header('Content-type: text/xml');
             header("Cache-Control: no-cache, must-revalidate");
diff --git a/metadata/dbms/showrecord.js b/metadata/dbms/showrecord.js
index 2b25d64..22f8cd7 100644
--- a/metadata/dbms/showrecord.js
+++ b/metadata/dbms/showrecord.js
@@ -662,7 +662,6 @@ class SRec
 								  //singleClick: true,
 								  onSelect: function(){ this.hide(); }
 						  });
-
 					}else
 					if (columnNode.getAttribute("vt")==="date")
 					{
@@ -759,7 +758,7 @@ class SRec
 						input.classList.add('DBMS');
 						input.style.cssText="width: 100%;";
 						input.setAttribute("type","text");
-						input.onkeydown=function(event){if(event.which==13) event.which=9;};
+						input.onkeydown=(e)=>{ if(e==null) e=window.event; if(e.keyCode==13) { this.appendFilter(); this.sendFilter(-1,0); }};
 						input.setAttribute("name",columnNode.getAttribute("n"));
 						if(columnNode.getAttribute("size")!=null)
 							input.setAttribute("maxlength",columnNode.getAttribute("size"),0);
@@ -805,7 +804,7 @@ class SRec
 							input.classList.add('DBMS');
 							input.style.cssText="width: 100%;";
 							input.setAttribute("type","text");
-							input.onkeydown=function(){ if(event.keyCode==13) event.keyCode=9; };
+							input.onkeydown=(e)=>{ if(e==null) e=window.event; if(e.keyCode==13) { this.appendFilter(); this.sendFilter(-1,0); }};
 							input.setAttribute("name",columnNode.getAttribute("n"));
 							if(columnNode.getAttribute("size")!=null)
 								input.setAttribute("maxlength",columnNode.getAttribute("size"),0);
@@ -838,7 +837,7 @@ class SRec
 						input.setAttribute("type","text");
 						button.classList.add('DBMS');
 						input.style.cssText="width: 100%;";
-						input.onkeydown=function(){ if(event.keyCode==13) event.keyCode=9; };
+						input.onkeydown=(e)=>{ if(e==null) e=window.event; if(e.keyCode==13) { this.appendFilter(); this.sendFilter(-1,0); }};
 						input.setAttribute("name",columnNode.getAttribute("n"));
 						if(columnNode.getAttribute("size")!=null)
 							input.setAttribute("maxlength",columnNode.getAttribute("size"),0);
@@ -920,15 +919,15 @@ class SRec
 							let input = document.createElement('input');
 							input.classList.add('DBMS');
 							//After pressing Enter we pass the entered line to the server
-							input.onkeydown=function(obj,val1,val2,val3,val4){
+							input.onkeydown=function(obj,typeName,name,value,htmlid,filterName){
 								return function(e){
 									if(e==null) e=window.event;
 									if(e.keyCode==13){
-										obj.callFilterVal(val1,val2,-1,val3.value,val4);
+										obj.callFilterVal(typeName,name,-1,value.value,htmlid,filterName);
 										return false;
 									}
 								};
-							}(this,object,fc,input,columnNode.getAttribute("n"));
+							}(this,object,fc,input,columnNode.getAttribute("n"),columnNode.getAttribute("fn"));
 
 							input.style.cssText="width: 100%; height:22px; line-height:22px;";
 							input.setAttribute("type","text");
@@ -1084,18 +1083,21 @@ class SRec
 	//id - id of record if it is necessary to return only the description, if -1 then it is not considered
 	//value - filter value text field
 	//htmlid - field name in filter n
-	callFilterVal(typeName,name,id,value,htmlid)
+	callFilterVal(typeName,name,id,value,htmlid,filterName)
 	{
 		if(value!="")
 		{
-			if(this.request.callServer(ScriptName,'<?xml version="1.0" encoding="utf-8"?><metadata fn="6"><type n="'+typeName+'" c="'+name+'" pn="'+htmlid+'" id="'+id+'"><objects-list><filter><column n="'+name+'"><![CDATA['+value+']]></column></filter></objects-list></type></metadata>',true))
+			let xml='<?xml version="1.0" encoding="utf-8"?><metadata fn="6"><type n="'+typeName+'" c="'+name+'" pn="'+htmlid+'" id="'+id+'"><objects-list><filter>';
+			xml+='<column n="'+filterName+'"><![CDATA['+value+']]></column>';
+			xml+='</filter></objects-list></type></metadata>';
+			if(this.request.callServer(ScriptName,xml,true))
 			{
 				this.showProgressBar();
 			}
 		}else
 		{
-			document.getElementById("filter_"+htmlid).value=-1;
-			appendFilter();
+			document.getElementById("filter_"+this.uid+"_"+htmlid).value='';
+			this.appendFilter();
 			this.sendFilter(-1,0);
 		}
 	}
@@ -1412,8 +1414,8 @@ class SRec
 		let rec=new SRec();
 		rec.opener=this;
 		rec.create(null);
-		//rec.f_State=1; TODO then finish the job
-		//rec.f_PropName=nodeColu.getAttribute("n");
+		rec.f_State=1; //Зачем коментил?
+		rec.f_PropName=nodeColu.getAttribute("n"); //Зачем коментил?
 		rec.f_Settings=settings;
 		rec.f_TypeName=TypeName;
 		rec.win.setLeftTop(pageX-250,pageY-10);
diff --git a/metadata/dbms/tools.js b/metadata/dbms/tools.js
index c596aca..3a47915 100644
--- a/metadata/dbms/tools.js
+++ b/metadata/dbms/tools.js
@@ -9,14 +9,14 @@ function trt(key)
 	if(val==null || val===undefined)
 	{
 		for(let item in g_translations) {
-			if(item.toLowerCase()==key.toLowerCase())
+			if(item.toLowerCase()==(''+key).toLowerCase())
 			{
 				val=g_translations[item];
 				break;
 			}
 		}
 	}
-	if(val==null || val===undefined) return key.replace(/_/g, ' ');
+	if(val==null || val===undefined) return (''+key).replace(/_/g, ' ');
 	else return val;
 }
 
@@ -1055,6 +1055,14 @@ function applyNodeToNode(first, second, name)
 	}
 }
 
+/*function applyObjectToObject(first, second, name){
+	if(first===null || second===null || name ===null){
+		console.error("first="+first+" second="+second+" name="+name);
+		return;
+	}
+
+}*/
+
 function escapeRegExp(str) {
     return str.replace(/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1");
 }
diff --git a/metadata/include/tools.php b/metadata/include/tools.php
index 1762f81..ddbe917 100644
--- a/metadata/include/tools.php
+++ b/metadata/include/tools.php
@@ -48,7 +48,7 @@ function trts($text)
     $from = 0; // Позиция поиска для итерации
     while (true)
     {
-        $pos1 = strpos($text, 'trt(', $from);
+        $pos1 = strpos($text, 'trt(', $from); //')
         if($pos1 !== false)
         {
             $from = $pos1+$pLen+1;
@@ -72,6 +72,7 @@ function trts($text)
 //Выбираю из текста ${конкретные} слова для перевода
 function trs($text)
 {
+    if(!$text) return '';
     $pos1=0;
     while(true)
     {