/**
* Override the default method to handle the specific things of the download module and
* update the database after file was successful uploaded.
* This method has the same parameters as the default.
* @param $uploaded_file
* @param $name
* @param $size
* @param $type
* @param $error
* @param $index
* @param $content_range
* @return stdClass
*/
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, $index = null, $content_range = null)
{
global $gPreferences, $gL10n, $gDb, $getId, $gCurrentOrganization, $gCurrentUser;
$file = parent::handle_file_upload($uploaded_file, $name, $size, $type, $error, $index, $content_range);
if (!isset($file->error)) {
try {
// check filesize against module settings
if ($file->size > $gPreferences['max_file_upload_size'] * 1024 * 1024) {
throw new AdmException('DOW_FILE_TO_LARGE', $gPreferences['max_file_upload_size']);
}
// check filename and throw exception if something is wrong
admStrIsValidFileName($file->name, true);
// get recordset of current folder from database and throw exception if necessary
$targetFolder = new TableFolder($gDb);
$targetFolder->getFolderForDownload($getId);
// now add new file to database
$newFile = new TableFile($gDb);
$newFile->setValue('fil_fol_id', $targetFolder->getValue('fol_id'));
$newFile->setValue('fil_name', $file->name);
$newFile->setValue('fil_locked', $targetFolder->getValue('fol_locked'));
$newFile->setValue('fil_counter', '0');
$newFile->save();
// Benachrichtigungs-Email für neue Einträge
$message = $gL10n->get('DOW_EMAIL_NOTIFICATION_MESSAGE', $gCurrentOrganization->getValue('org_longname'), $file->name, $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME'), date($gPreferences['system_date'], time()));
$notification = new Email();
$notification->adminNotfication($gL10n->get('DOW_EMAIL_NOTIFICATION_TITLE'), $message, $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME'), $gCurrentUser->getValue('EMAIL'));
} catch (AdmException $e) {
$file->error = $e->getText();
unlink($this->options['upload_dir'] . $file->name);
return $file;
}
}
return $file;
}
}
if (!isset($_POST['enable_auto_login']) && $gPreferences['enable_auto_login'] == 1) {
// if auto login was deactivated than delete all saved logins
$sql = 'DELETE FROM ' . TBL_AUTO_LOGIN;
$gDb->query($sql);
$gPreferences[$key] = $value;
}
break;
case 'organization':
$checkboxes = array('system_organization_select');
if ($_POST['org_longname'] === '') {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_NAME')));
}
break;
case 'regional_settings':
if (!admStrIsValidFileName($_POST['system_language']) || !file_exists(SERVER_PATH . '/adm_program/languages/' . $_POST['system_language'] . '.xml')) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_LANGUAGE')));
}
if ($_POST['system_date'] === '') {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_DATE_FORMAT')));
}
if ($_POST['system_time'] === '') {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_TIME_FORMAT')));
}
break;
case 'registration':
$checkboxes = array('enable_registration_captcha', 'enable_registration_admin_mail');
break;
case 'email_dispatch':
$checkboxes = array('mail_sender_into_to', 'mail_smtp_auth');
break;
/**
* Creates a html structure for a form field. This structure contains the label and the div for the form element.
* After the form element is added the method closeControlStructure must be called.
* @param string $id The id of this field structure.
* @param string $label The label of the field. This string should already be translated.
* @param int $property (optional) With this param you can set the following properties:
* - @b FIELD_DEFAULT : The field can accept an input.
* - @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value.
* - @b FIELD_DISABLED : The field will be disabled and could not accept an input.
* @param string $helpTextId (optional) A unique text id from the translation xml files that should be shown e.g. SYS_ENTRY_MULTI_ORGA.
* If set a help icon will be shown where the user can see the text if he hover over the icon.
* If you need an additional parameter for the text you can add an array. The first entry
* must be the unique text id and the second entry will be a parameter of the text id.
* @param string $icon (optional) An icon can be set. This will be placed in front of the label.
* @param string $class (optional) An additional css classname for the row. The class @b admFieldRow
* is set as default and need not set with this parameter.
*/
protected function openControlStructure($id, $label, $property = FIELD_DEFAULT, $helpTextId = '', $icon = '', $class = '')
{
$cssClassRow = '';
$htmlIcon = '';
$htmlHelpIcon = '';
$htmlIdFor = '';
// set specific css class for this row
if ($class !== '') {
$cssClassRow .= ' ' . $class;
}
// if necessary set css class for a mandatory element
if ($property === FIELD_REQUIRED && $this->showRequiredFields) {
$cssClassMandatory = ' admidio-form-group-required';
$cssClassRow .= $cssClassMandatory;
$this->flagRequiredFields = true;
}
if ($id !== '') {
$htmlIdFor = ' for="' . $id . '"';
$this->addHtml('<div id="' . $id . '_group" class="form-group' . $cssClassRow . '">');
} else {
$this->addHtml('<div class="form-group' . $cssClassRow . '">');
}
if (strlen($icon) > 0) {
// create html for icon
if (strpos(admStrToLower($icon), 'http') === 0 && strValidCharacters($icon, 'url')) {
$htmlIcon = '<img class="admidio-icon-info" src="' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
} elseif (admStrIsValidFileName($icon, true)) {
$htmlIcon = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
}
}
if ($helpTextId !== '') {
$htmlHelpIcon = $this->getHelpTextIcon($helpTextId);
}
// add label element
if ($this->type === 'vertical' || $this->type === 'navbar') {
if ($label !== '') {
$this->addHtml('<label' . $htmlIdFor . '>' . $htmlIcon . $label . $htmlHelpIcon . '</label>');
}
} else {
if ($label !== '') {
$this->addHtml('<label' . $htmlIdFor . ' class="col-sm-3 control-label">' . $htmlIcon . $label . $htmlHelpIcon . '</label>
<div class="col-sm-9">');
} else {
$this->addHtml('<div class="col-sm-offset-3 col-sm-9">');
}
}
}
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For column @c usf_value_list the following format is accepted: @n
* @b database returns database value of usf_value_list; @n
* @b text extract only text from usf_value_list, image infos will be ignored @n
* For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n
* For text columns the format can be @b database that would be the database value without any transformations
* @return Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
if ($columnName === 'inf_description') {
if (!isset($this->dbColumns['inf_description'])) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8');
} else {
$value = $this->dbColumns['inf_description'];
}
} elseif ($columnName === 'inf_name_intern') {
// internal name should be read with no conversion
$value = parent::getValue($columnName, 'database');
} else {
$value = parent::getValue($columnName, $format);
}
if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
} elseif ($columnName === 'inf_value_list' && $format !== 'database') {
if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
$arrListValues = explode("\r\n", $value);
$arrListValuesWithKeys = array();
// array with list values and keys that represents the internal value
foreach ($arrListValues as $key => &$listValue) {
if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
// if value is imagefile or imageurl then show image
if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
// if there is imagefile and text separated by | then explode them
if (strpos($listValue, '|') > 0) {
$listValueImage = substr($listValue, 0, strpos($listValue, '|'));
$listValueText = substr($listValue, strpos($listValue, '|') + 1);
} else {
$listValueImage = $listValue;
$listValueText = $this->getValue('inf_name');
}
// if text is a translation-id then translate it
if (strpos($listValueText, '_') === 3) {
$listValueText = $gL10n->get(admStrToUpper($listValueText));
}
if ($format === 'text') {
// if no image is wanted then return the text part or only the position of the entry
if (strpos($listValue, '|') > 0) {
$listValue = $listValueText;
} else {
$listValue = $key + 1;
}
} else {
try {
// create html for optionbox entry
if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
$listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
} elseif (admStrIsValidFileName($listValueImage, true)) {
$listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
}
} catch (AdmException $e) {
$e->showText();
}
}
}
}
// if text is a translation-id then translate it
if (strpos($listValue, '_') === 3) {
$listValue = $gL10n->get(admStrToUpper($listValue));
}
// save values in new array that starts with key = 1
$arrListValuesWithKeys[++$key] = $listValue;
}
$value = $arrListValuesWithKeys;
}
}
return $value;
}
/** Returns the value of the field in html format with consideration of all layout parameters
* @param $fieldNameIntern Internal profile field name of the field that should be html formated
* @param $value The value that should be formated must be commited so that layout is also possible for values that aren't stored in database
* @param $value2 An optional parameter that is necessary for some special fields like email to commit the user id
* @return Returns an html formated string that considered the profile field settings
*/
public function getHtmlValue($fieldNameIntern, $value, $value2 = '')
{
global $gPreferences, $g_root_path, $gL10n;
if ($value !== '' && array_key_exists($fieldNameIntern, $this->mProfileFields) == true) {
// create html for each field type
$htmlValue = $value;
if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
if ($value == 1) {
$htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox_checked.gif" alt="on" />';
} else {
$htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />';
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') {
// the value in db is only the position, now search for the text
if ($value !== '') {
if ($gPreferences['enable_mail_module'] != 1) {
$emailLink = 'mailto:' . $value;
} else {
// set value2 to user id because we need a second parameter in the link to mail module
if ($value2 === '') {
$value2 = $this->mUserId;
}
$emailLink = $g_root_path . '/adm_program/modules/messages/messages_write.php?usr_id=' . $value2;
}
if (strlen($value) > 30) {
$htmlValue = '<a href="' . $emailLink . '" title="' . $value . '">' . substr($value, 0, 30) . '...</a>';
} else {
$htmlValue = '<a href="' . $emailLink . '" style="overflow: visible; display: inline;" title="' . $value . '">' . $value . '</a>';
}
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DROPDOWN' || $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') {
$arrListValuesWithKeys = array();
// array with list values and keys that represents the internal value
// first replace windows new line with unix new line and then create an array
$valueFormated = str_replace("\r\n", "\n", $this->mProfileFields[$fieldNameIntern]->getValue('usf_value_list', 'database'));
$arrListValues = explode("\n", $valueFormated);
foreach ($arrListValues as $key => &$listValue) {
if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') {
// if value is imagefile or imageurl then show image
if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
// if there is imagefile and text separated by | then explode them
if (strpos($listValue, '|') > 0) {
$listValueImage = substr($listValue, 0, strpos($listValue, '|'));
$listValueText = substr($listValue, strpos($listValue, '|') + 1);
} else {
$listValueImage = $listValue;
$listValueText = $this->getValue('usf_name');
}
// if text is a translation-id then translate it
if (strpos($listValueText, '_') == 3) {
$listValueText = $gL10n->get(admStrToUpper($listValueText));
}
try {
// create html for optionbox entry
if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
$listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
} elseif (admStrIsValidFileName($listValueImage, true)) {
$listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
}
} catch (AdmException $e) {
$e->showText();
}
}
}
// if text is a translation-id then translate it
if (strpos($listValue, '_') == 3) {
$listValue = $gL10n->get(admStrToUpper($listValue));
}
// save values in new array that starts with key = 1
$arrListValuesWithKeys[++$key] = $listValue;
}
$htmlValue = $arrListValuesWithKeys[$value];
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') {
if ($value !== '') {
if (strlen($value) > 35) {
$htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2, 35) . '...</a>';
} else {
$htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2) . '</a>';
}
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'TEXT_BIG') {
$htmlValue = nl2br($value);
}
// if field has url then create a link
if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) {
if ($fieldNameIntern == 'FACEBOOK' && is_numeric($value)) {
// facebook has two different profile urls (id and facebook name),
// we could only store one way in database (facebook name) and the other (id) is defined here :)
$htmlValue = '<a href="http://www.facebook.com/profile.php?id=' . $value . '" target="_blank">' . $htmlValue . '</a>';
} else {
$htmlValue = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $htmlValue . '</a>';
}
// replace a variable in url with user value
if (strpos($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'), '%user_content%') !== false) {
$htmlValue = preg_replace('/%user_content%/', $value, $htmlValue);
}
}
$value = $htmlValue;
} else {
// special case for type CHECKBOX and no value is there, then show unchecked checkbox
if (array_key_exists($fieldNameIntern, $this->mProfileFields) == true && $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
$value = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />';
// if field has url then create a link
if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) {
$value = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $value . '</a>';
}
}
}
return $value;
}
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that
* is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options An array with the following possible entries:
* @b defaultValue: A value that will be set if the variable has no value
* @b requireValue: If set to @b true than a value is required otherwise the function
* returns an error
* @b validValues: An array with all values that the variable could have. If another
* value is found than the function returns an error
* @b directOutput: If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
// set default value for each datatype if no value is given and no value was required
if (!isset($array[$variableName]) || $array[$variableName] === '') {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$array[$variableName] = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'boolean' || $datatype === 'numeric') {
$array[$variableName] = 0;
} elseif ($datatype === 'string' || $datatype === 'html') {
$array[$variableName] = '';
} elseif ($datatype === 'date') {
$array[$variableName] = '';
}
return $array[$variableName];
}
}
if ($datatype === 'boolean') {
// boolean type must be 0 or 1 otherwise throw error
// do not check with in_array because this function don't work properly
if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
} elseif ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
admStrIsValidFileName($array[$variableName]);
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($array[$variableName])) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
break;
case 'string':
$array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $array[$variableName];
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
}
$headline = $gL10n->get('BAC_DATABASE_BACKUP');
// create html page object
$page = new HtmlPage($headline);
$page->enableModal();
$backupabsolutepath = $myFilesBackup->getFolder() . '/';
// make sure to include trailing slash
if ($getMode === 'show_list') {
$existingBackupFiles = array();
// start navigation of this module here
$gNavigation->addStartUrl(CURRENT_URL, $headline);
// create a list with all valid files in the backup folder
if ($handle = opendir($backupabsolutepath)) {
while (false !== ($file = readdir($handle))) {
try {
admStrIsValidFileName($file, true);
$existingBackupFiles[] = $file;
} catch (AdmException $e) {
$temp = 1;
}
}
closedir($handle);
}
// sort files (filename/date)
sort($existingBackupFiles);
// get module menu
$backupMenu = $page->getMenu();
// show link to create new backup
$backupMenu->addItem('admMenuItemNewBackup', $g_root_path . '/adm_program/modules/backup/backup.php?mode=create_backup', $gL10n->get('BAC_START_BACKUP'), 'database_save.png');
// Define table
$table = new HtmlTable('tableList', $page, true);
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html,
* @b date or @b file that is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options (optional) An array with the following possible entries:
* - @b defaultValue : A value that will be set if the variable has no value
* - @b requireValue : If set to @b true than a value is required otherwise the function
* returns an error
* - @b validValues : An array with all values that the variable could have. If another
* value is found than the function returns an error
* - @b directOutput : If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code
* // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old')));
* @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
$value = null;
// set default value for each datatype if no value is given and no value was required
if (array_key_exists($variableName, $array) && $array[$variableName] !== '') {
$value = $array[$variableName];
} else {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$value = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'bool' || $datatype === 'boolean') {
$value = false;
} elseif ($datatype === 'numeric' || $datatype === 'int') {
$value = 0;
} elseif ($datatype === 'float') {
$value = 0.0;
} else {
$value = '';
}
return $value;
}
}
if ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
if ($value !== '') {
admStrIsValidFileName($value);
}
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $value);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'bool':
case 'boolean':
$valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
// Bug workaround PHP <5.4.8
// https://bugs.php.net/bug.php?id=49510
if ($valid === null && ($value === null || $value === false || $value === '')) {
$valid = false;
}
if ($valid === null) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
$value = $valid;
break;
case 'int':
case 'float':
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($value)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} else {
if ($datatype === 'int') {
$value = filter_var($value, FILTER_VALIDATE_INT);
} elseif ($datatype === 'float') {
$value = filter_var($value, FILTER_VALIDATE_FLOAT);
} else {
// https://secure.php.net/manual/en/function.is-numeric.php#107326
$value = $value + 0;
}
}
break;
case 'string':
$value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$value = htmLawed(stripslashes($value), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $value;
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
/**
* open a folder in the current module folder
* if that folder doesn't exists than it will be created
* @param string $folder
* @return int
*/
public function setSubFolder($folder)
{
if (admStrIsValidFileName($folder)) {
$tempPath = $this->modulePath . '/' . $folder;
if (!is_writable($tempPath)) {
if (!file_exists($tempPath)) {
// create folder
if (!@mkdir($tempPath, 0777)) {
$this->errorText = 'SYS_FOLDER_NOT_CREATED';
$this->errorPath = $this->webPath . '/' . $folder;
return 0;
}
}
}
if (!is_writable($tempPath)) {
// set folder writable
if (!@chmod($tempPath, 0777)) {
$this->errorText = 'SYS_FOLDER_WRITE_ACCESS';
$this->errorPath = $this->webPath . '/' . $folder;
return 0;
}
}
$this->currentPath = $tempPath;
$this->webPath = $this->webPath . '/' . $folder;
return 1;
}
}
}
if (isset($_POST['enable_auto_login']) == false && $gPreferences['enable_auto_login'] == 1) {
// if auto login was deactivated than delete all saved logins
$sql = 'DELETE FROM ' . TBL_AUTO_LOGIN;
$gDb->query($sql);
$gPreferences[$key] = $value;
}
break;
case 'organization':
$checkboxes = array('system_organization_select');
if (strlen($_POST['org_longname']) == 0) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_NAME')));
}
break;
case 'regional_settings':
if (admStrIsValidFileName($_POST['system_language']) == false || file_exists(SERVER_PATH . '/adm_program/languages/' . $_POST['system_language'] . '.xml') == false) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_LANGUAGE')));
}
if (strlen($_POST['system_date']) == 0) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_DATE_FORMAT')));
}
if (strlen($_POST['system_time']) == 0) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_TIME_FORMAT')));
}
break;
case 'registration':
$checkboxes = array('enable_registration_captcha', 'enable_registration_admin_mail');
break;
case 'email_dispatch':
$checkboxes = array('mail_sender_into_to', 'mail_smtp_auth');
break;
$e->showText();
}
if ($folder->delete()) {
// Loeschen erfolgreich -> Rueckgabe fuer XMLHttpRequest
echo 'done';
}
}
unset($_SESSION['download_request']);
} elseif ($getMode == 6) {
if ($getFolderId == 0) {
//FolderId ist zum hinzufuegen erforderlich
$gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
}
try {
// check filename and throw exception if something is wrong
if (admStrIsValidFileName(urldecode($getName), true)) {
$getName = urldecode($getName);
// get recordset of current folder from databse
$targetFolder = new TableFolder($gDb);
$targetFolder->getFolderForDownload($getFolderId);
}
} catch (AdmException $e) {
$e->showHtml();
}
//Pruefen ob das neue Element eine Datei order ein Ordner ist.
if (is_file($targetFolder->getCompletePathOfFolder() . '/' . $getName)) {
//Datei hinzufuegen
$newFile = new TableFile($gDb);
$newFile->setValue('fil_fol_id', $targetFolder->getValue('fol_id'));
$newFile->setValue('fil_name', $getName);
$newFile->setValue('fil_locked', $targetFolder->getValue('fol_locked'));
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');
$gMessage->show($gL10n->get('DOW_FILE_RENAME', $oldName));
} else {
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');
$gMessage->show($gL10n->get('DOW_FILE_RENAME_ERROR', $oldName));
}
}
}
} elseif ($getFolderId > 0) {
// get recordset of current folder from database and throw exception if necessary
$folder = new TableFolder($gDb);
$folder->getFolderForDownload($getFolderId);
$oldFolder = $folder->getCompletePathOfFolder();
$newFolder = null;
// check foldername and throw exception if something is wrong
if (admStrIsValidFileName($_POST['new_name'])) {
$newFolder = $_POST['new_name'];
$newDescription = $_POST['new_description'];
// Test ob der Ordner schon existiert im Filesystem
if ($newFolder != $folder->getValue('fol_name') && file_exists(SERVER_PATH . $folder->getValue('fol_path') . '/' . $newFolder)) {
$gMessage->show($gL10n->get('DOW_FOLDER_EXISTS', $newFolder));
} else {
$oldName = $folder->getValue('fol_name');
// Ordner umbenennen im Filesystem und in der Datenbank
if (rename($oldFolder, SERVER_PATH . $folder->getValue('fol_path') . '/' . $newFolder)) {
$folder->setValue('fol_description', $newDescription);
$folder->rename($newFolder, $folder->getValue('fol_path'));
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');
$gMessage->show($gL10n->get('DOW_FOLDER_RENAME', $oldName));
} else {
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');
