Beispiel #1
0
    $buffer .= "</ul>";
    $buffer .= "\n<ul class=\"actionButtons\">";
    $buffer .= "\n<li><input type=\"button\" class=\"button\" value=\"" . get_opendb_lang_var('check_all') . "\" onClick=\"setCheckboxes(this.form, 'export_columns', true);\"></li>" . "\n<li><input type=\"button\" class=\"button\" value=\"" . get_opendb_lang_var('uncheck_all') . "\" onClick=\"setCheckboxes(this.form, 'export_columns', false);\"></li>" . "\n<li><input type=\"reset\" class=\"reset\" value=\"" . get_opendb_lang_var('reset') . "\"></li>" . "\n<li class=\"submitButton\"><input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('export_items') . "\"></li>" . "</ul>";
    $buffer .= '</form>';
    return $buffer;
}
if (is_site_enabled()) {
    if (is_opendb_valid_session()) {
        if (is_user_granted_permission(PERM_ADMIN_EXPORT) || is_user_granted_permission(PERM_USER_EXPORT)) {
            if (!is_numeric($HTTP_VARS['item_id']) && !is_user_granted_permission(PERM_ADMIN_EXPORT)) {
                $HTTP_VARS['owner_id'] = get_opendb_session_var('user_id');
            }
            if ($HTTP_VARS['op'] == 'export') {
                $exportPlugin =& get_export_plugin($HTTP_VARS['plugin']);
                if ($exportPlugin !== NULL) {
                    if (strlen($HTTP_VARS['s_item_type']) == 0 || is_valid_item_type_structure($HTTP_VARS['s_item_type'])) {
                        if ($exportPlugin->get_plugin_type() == 'row') {
                            // Work out page title.
                            if (strlen($HTTP_VARS['owner_id']) > 0) {
                                $page_title = get_opendb_lang_var('type_export_for_name_item_type', array('description' => $exportPlugin->get_display_name(), 'fullname' => fetch_user_name($HTTP_VARS['owner_id']), 'user_id' => $HTTP_VARS['owner_id'], 's_item_type' => $HTTP_VARS['s_item_type']));
                            } else {
                                if (strlen($HTTP_VARS['s_item_type']) > 0) {
                                    $page_title = get_opendb_lang_var('type_export_for_item_type', array('description' => $exportPlugin->get_display_name(), 's_item_type' => $HTTP_VARS['s_item_type']));
                                } else {
                                    $page_title = get_opendb_lang_var('type_export', array('description' => $exportPlugin->get_display_name()));
                                }
                            }
                            if (is_not_empty_array($HTTP_VARS['export_columns'])) {
                                @set_time_limit(600);
                                if (!export_row_items($exportPlugin, $page_title, $HTTP_VARS['include_header'], $HTTP_VARS['export_columns'], $HTTP_VARS['s_item_type'], $HTTP_VARS['owner_id'])) {
                                    echo _theme_header($page_title);
Beispiel #2
0
function handle_item_insert(&$item_r, $HTTP_VARS, &$errors)
{
    if (is_user_granted_permission(PERM_ITEM_OWNER) && $item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ITEM_ADMIN)) {
        // Before trying to insert items into this structure, first ensure it is valid.
        if (is_valid_item_type_structure($item_r['s_item_type'])) {
            // We need to get the title
            if (validate_item_attributes('insert', $item_r['s_item_type'], $HTTP_VARS, $errors)) {
                $fieldname = 'title';
                if (!is_array($HTTP_VARS[$fieldname])) {
                    if (preg_match("/new([0-9]+)/", $HTTP_VARS[$fieldname], $matches) && isset($HTTP_VARS[$fieldname . '_' . $matches[0]])) {
                        $fieldname = $fieldname . '_' . $matches[0];
                    }
                }
                $item_r['title'] = $HTTP_VARS[$fieldname];
                $is_exists_owner_title = FALSE;
                $is_exists_title = FALSE;
                // Check owner context
                if (get_opendb_config_var('item_input', 'duplicate_title_support') !== TRUE || $HTTP_VARS['confirmed'] != 'true' && get_opendb_config_var('item_input', 'confirm_duplicate_owner_insert') !== FALSE) {
                    $is_exists_owner_title = is_exists_title($item_r['title'], $item_r['s_item_type'], $item_r['owner_id']);
                }
                // Only check title/s_item_type context
                if (get_opendb_config_var('item_input', 'duplicate_title_support') !== TRUE || $HTTP_VARS['confirmed'] != 'true' && get_opendb_config_var('item_input', 'confirm_duplicate_insert') !== FALSE) {
                    $is_exists_title = is_exists_title($item_r['title'], $item_r['s_item_type']);
                }
                // Unless duplicate title support is allowed we cannot continue.
                if (!$is_exists_title && !$is_exists_owner_title || get_opendb_config_var('item_input', 'duplicate_title_support') !== FALSE) {
                    if (!$is_exists_title && !$is_exists_owner_title) {
                        if ($HTTP_VARS['trial_run'] != 'true') {
                            $new_item_id = insert_item($item_r['s_item_type'], $item_r['title']);
                            if ($new_item_id !== FALSE) {
                                $item_r['item_id'] = $new_item_id;
                                // insert any item level attributes
                                handle_item_attributes('insert', $item_r, $HTTP_VARS, $errors);
                                return TRUE;
                            } else {
                                $db_error = db_error();
                                $errors = array('error' => get_opendb_lang_var('item_not_added'), 'detail' => $db_error);
                                return FALSE;
                            }
                        } else {
                            //if($HTTP_VARS['trial_run'] != 'true')
                            return TRUE;
                        }
                    } else {
                        if ($HTTP_VARS['confirmed'] != 'false') {
                            // if explicitly false, then we are aborting insert.
                            if ($is_exists_owner_title) {
                                $errors = array('error' => get_opendb_lang_var('title_same_type_and_owner_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => '');
                                return "__CONFIRM_EXISTS_OWNER_TITLE__";
                            } else {
                                if ($is_exists_title) {
                                    $errors = array('error' => get_opendb_lang_var('title_same_type_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => '');
                                    return "__CONFIRM_EXISTS_TITLE__";
                                }
                            }
                        } else {
                            //insert aborted.
                            return "__ABORTED__";
                        }
                    }
                } else {
                    // cannot insert duplicate.
                    if ($is_exists_owner_title) {
                        $errors = array('error' => get_opendb_lang_var('title_same_type_and_owner_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => '');
                    } else {
                        if ($is_exists_title) {
                            $errors = array('error' => get_opendb_lang_var('title_same_type_exists', array('title' => $item_r['title'], 's_item_type' => $item_r['s_item_type'])), 'detail' => '');
                        }
                    }
                    return FALSE;
                }
            } else {
                //if(validate_item_attributes("insert", $item_r['s_item_type'], $errors))
                return "__INVALID_DATA__";
            }
        } else {
            // if(is_valid_item_type_structure($item_r['s_item_type']))
            $errors = array('error' => get_opendb_lang_var('invalid_item_type_structure', 's_item_type', $item_r['s_item_type']), 'detail' => '');
            // An error like this is a big problem, and should be dealt with quickly, but there is no sense in alarming the
            // user by sending back an error.
            return FALSE;
        }
    } else {
        // non-admin user attempting to insert item for someone else.
        $errors = array('error' => get_opendb_lang_var('operation_not_available'));
        opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User attemped to insert an item for another user', $item_r);
        return FALSE;
    }
}
Beispiel #3
0
function handle_new_or_site($op, $item_r, $status_type_r, $HTTP_VARS, &$errors)
{
    if (is_user_granted_permission(PERM_ITEM_OWNER) && $item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ITEM_ADMIN)) {
        if (is_valid_item_type_structure($item_r['s_item_type'])) {
            $formContents = get_edit_form($op, $item_r, $status_type_r, $HTTP_VARS);
            if ($formContents != FALSE) {
                return $formContents;
            } else {
                $errors = array('error' => get_opendb_lang_var('undefined_error'), detail => '');
                return FALSE;
            }
        } else {
            $errors = array('error' => get_opendb_lang_var('invalid_item_type_structure', 's_item_type', $item_r['s_item_type']), 'detail' => '');
            return FALSE;
        }
    } else {
        $errors = array('error' => get_opendb_lang_var('operation_not_available'));
        opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User attempted to insert an item for another user', $item_r);
        return FALSE;
    }
}