-
-
- year
-
- 2008 -
-
--- a/lib/common.inc.php +++ b/lib/common.inc.php @@ -1,202 +1,271 @@ mode) { + $openid->required = array('contact/email'); + $openid->identity = 'https://www.google.com/accounts/o8/id'; + header('Location: ' . $openid->authUrl()); + } +} + +function auth() { + global $openid; + if ($_SESSION['authed'] == true) { + return true; + } + + if ($openid->mode) { + $attr = $openid->getAttributes(); + if ($attr['contact/email'] != 'maxious@gmail.com') { + die('Access Denied'); + } else { + $_SESSION['authed'] = true; + } + } else { + login(); + } +} + +// $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); +function databaseError($errMsg) { + if ($errMsg[2] != "") { + echo '
"; + } +} function ucsmart($str) { - return preg_replace("/(?<=(?$value) - $totale += array_sum_all($value); - return $totale; - } + $count1 = $num_amount / $num_total; + $count2 = $count1 * 100; + $count = number_format($count2, 2); + return $count; +} + +function array_sum_all($a) { + if (!is_array($a)) + return $a; + foreach ($a as $key => $value) + $totale += array_sum_all($value); + return $totale; +} + // magic query modifiers -$agency = mysql_real_escape_string(stripslashes($_REQUEST['agency'])); -if ($agency != "") $agencyQ = "agencyName = '" . $agency . "' AND "; -$supplier = mysql_real_escape_string(stripslashes($_REQUEST['supplier'])); +$agency = filter_var($_REQUEST['agency'], FILTER_SANITIZE_STRING); +if ($agency != "") + $agencyQ = "agencyName = '" . $agency . "' AND "; + +$supplier = filter_var($_REQUEST['supplier'], FILTER_SANITIZE_STRING); if ($supplier != "") { - $supplierParts = explode("-", $supplier); - if ($supplierParts[0] > 0) $supplierQ = "supplierABN = '" . $supplierParts[0] . "' AND "; - else $supplierQ = "supplierName LIKE '%" . $supplierParts[1] . "%' AND "; -} + $supplierParts = explode("-", $supplier); + $supplierName = "%" . $supplierParts[1] . "%"; + $supplierABN = $supplierParts[0]; + if ($supplierParts[0] > 0) + $supplierQ = ' "supplierABN" = :supplierABN AND '; + else + $supplierQ = ' "supplierName" LIKE :supplierName AND '; +} + $startYear = 2007; -$year = mysql_real_escape_string(stripslashes($_REQUEST['year'])); -if ($year != "") $yearQ = "YEAR(publishDate) = " . $year . " AND "; -$standardQ = "childCN = 0 AND YEAR(contractStart) >= 2007 AND YEAR(contractStart) <= 2010"; -$start =0.0; - +$year = filter_var($_REQUEST['year'], FILTER_SANITIZE_NUMBER_INT); +if ($year != "") + $yearQ = "YEAR(publishDate) = " . $year . " AND "; + +$standardQ = ' "childCN" is null '; // AND YEAR(contractStart) >= 2007 AND YEAR(contractStart) <= 2010'; +$start = 0.0; +function local_url() { + return "http://" . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/"; +} function include_header($title) { global $start; -?> - - - -'."Processing time: ". sprintf("%.4f", ($end-$start))." seconds".'