public static function isAdmin($formID, $username = NULL)
{
if (isnull($username)) {
$username = sessionGet("username");
}
return self::getCount($formID, $username, mfcs::AUTH_ADMIN) || trim(strtolower(users::user('status', 'user'))) == 'systems';
}
public static function insert($action, $objectID = 0, $formID = 0, $info = NULL)
{
$sql = sprintf("INSERT INTO `logs` (`username`,`IP`,`action`,`objectID`,`formID`,`info`,`date`) VALUES('%s','%s','%s','%s','%s','%s','%s')", mfcs::$engine->openDB->escape(users::user('username')), mfcs::$engine->openDB->escape($_SERVER['REMOTE_ADDR']), mfcs::$engine->openDB->escape($action), mfcs::$engine->openDB->escape($objectID), mfcs::$engine->openDB->escape($formID), mfcs::$engine->openDB->escape($info), time());
$sqlResult = mfcs::$engine->openDB->query($sql);
if (!$sqlResult['result']) {
errorHandle::newError(__METHOD__ . "() - : " . $sqlResult['error'], errorHandle::DEBUG);
return FALSE;
}
return TRUE;
}
public static function isUserAuthentic()
{
$authentic = Auth::instance();
if ($authentic->logged_in()) {
if ((self::$user = User::getAuthenticUser()) && ($account_id = self::getAuthenticAttr('account_id'))) {
self::$user['Account'] = Doctrine::getTable('Account')->find($account_id, Doctrine::HYDRATE_ARRAY);
if (self::getAttr('account_id') != $account_id) {
self::masqueradeAccount(self::getAttr('account_id'));
}
return TRUE;
}
$authentic->logout(TRUE);
}
self::$user = array();
self::restoreUser();
return FALSE;
}
public static function updateUserProjects()
{
$currentProjectsIDs = array_keys(sessionGet('currentProject'));
$submittedProjectsIDs = isset(mfcs::$engine->cleanPost['MYSQL']['selectedProjects']) ? mfcs::$engine->cleanPost['MYSQL']['selectedProjects'] : array();
try {
// Delete project IDs that disappeared
$deletedIDs = array_diff($currentProjectsIDs, $submittedProjectsIDs);
if (sizeof($deletedIDs)) {
$deleteSQL = sprintf("DELETE FROM users_projects WHERE userID='%s' AND projectID IN (%s)", users::user('ID'), implode(',', $deletedIDs));
$deleteSQLResult = mfcs::$engine->openDB->query($deleteSQL);
if (!$deleteSQLResult['result']) {
throw new Exception("MySQL Error - " . $deleteSQLResult['error']);
}
}
// Add project IDs that appeared
$addedIDs = array_diff($submittedProjectsIDs, $currentProjectsIDs);
if (sizeof($addedIDs)) {
$keyPairs = array();
foreach ($addedIDs as $addedID) {
$keyPairs[] = sprintf("('%s','%s')", users::user('ID'), $addedID);
}
$insertSQL = sprintf("INSERT INTO users_projects (userID,projectID) VALUES %s", implode(',', $keyPairs));
$insertSQLResult = mfcs::$engine->openDB->query($insertSQL);
if (!$insertSQLResult['result']) {
throw new Exception("MySQL Error - " . $insertSQLResult['error']);
}
}
// If we get here either nothing happened, or everything worked (no errors happened)
$result = array('success' => TRUE, 'deletedIDs' => $deletedIDs, 'addedIDs' => $addedIDs);
} catch (Exception $e) {
$result = array('success' => FALSE, 'errorMsg' => $e->getMessage());
}
return $result;
}
public static function applyFieldVariables($formatString)
{
// Process user variables
if (stripos($formatString, '%userid%') !== FALSE) {
$formatString = str_ireplace('%userid%', users::user('ID'), $formatString);
}
if (stripos($formatString, '%username%') !== FALSE) {
$formatString = str_ireplace('%username%', users::user('username'), $formatString);
}
if (stripos($formatString, '%firstname%') !== FALSE) {
$formatString = str_ireplace('%firstname%', users::user('firstname'), $formatString);
}
if (stripos($formatString, '%lastname%') !== FALSE) {
$formatString = str_ireplace('%lastname%', users::user('lastname'), $formatString);
}
// Process static (no custom format) date/time variables
if (stripos($formatString, '%date%') !== FALSE) {
$formatString = str_ireplace('%date%', date('Y-m-d'), $formatString);
}
if (stripos($formatString, '%time%') !== FALSE) {
$formatString = str_ireplace('%time%', date('H:i:s'), $formatString);
}
if (stripos($formatString, '%time12%') !== FALSE) {
$formatString = str_ireplace('%time12%', date('g:i:s A'), $formatString);
}
if (stripos($formatString, '%time24%') !== FALSE) {
$formatString = str_ireplace('%time24%', date('H:i:s'), $formatString);
}
if (stripos($formatString, '%timestamp%') !== FALSE) {
$formatString = str_ireplace('%timestamp%', time(), $formatString);
}
// Process custom date/time variables
$formatString = preg_replace_callback('/%date\\((.+?)\\)%/i', function ($matches) {
return date($matches[1]);
}, $formatString);
// And, return the result
return $formatString;
}
private static function createTable($data, $headers = NULL, $pagination = TRUE, $formID = NULL)
{
$table = new tableObject("array");
$table->summary = "Object Listing";
$table->sortable = FALSE;
$table->class = "table table-striped table-bordered";
$table->id = "objectListingTable";
$table->layout = TRUE;
if (isnull($headers)) {
$headers = array();
$headers[] = "System IDNO";
$headers[] = "Form IDNO";
$headers[] = "Title";
$headers[] = "View";
$headers[] = "Edit";
// $headers[] = "Revisions";
}
$table->headers($headers);
$userPaginationCount = users::user('pagination', 25);
if ($pagination && sizeof($data) > $userPaginationCount) {
$engine = mfcs::$engine;
$pagination = new pagination(sizeof($data));
$pagination->itemsPerPage = $userPaginationCount;
$pagination->currentPage = isset($engine->cleanGet['MYSQL'][$pagination->urlVar]) ? $engine->cleanGet['MYSQL'][$pagination->urlVar] : 1;
$startPos = $userPaginationCount * ($pagination->currentPage - 1);
$dataNodes = array_slice($data, $startPos, $userPaginationCount);
$tableHTML = $table->display($dataNodes);
$tableHTML .= $pagination->nav_bar();
$tableHTML .= sprintf('<p><span class="paginationJumpLabel">Jump to Page:</span> %s</p>', $pagination->dropdown());
$tableHTML .= sprintf('<p><span class="paginationJumpLabel">Records per page:</span> %s</p>', $pagination->recordsPerPageDropdown());
$tableHTML .= sprintf('<p><form id="jumpToIDNOForm"><span class="paginationJumpLabel">Jump to IDNO:</span> <input type="text" name="jumpToIDNO" id="jumpToIDNO" data-formid="%s" value="" /></form></p>', isnull($formID) ? "" : htmlSanitize($formID));
return $tableHTML;
} else {
return $table->display($data);
}
}
public static function update($objectID, $formID, $data, $metadata, $parentID = 0, $modifiedTime = NULL)
{
if (!is_array($data)) {
errorHandle::newError(__METHOD__ . "() - : data is not array", errorHandle::DEBUG);
return FALSE;
}
// Get the current Form
if (($form = forms::get($formID)) === FALSE) {
errorHandle::newError(__METHOD__ . "() - retrieving form by formID", errorHandle::DEBUG);
return FALSE;
}
// the form is an object form, make sure that it has an ID field defined.
if (($idnoInfo = forms::getFormIDInfo($formID)) === FALSE) {
errorHandle::newError(__METHOD__ . "() - no IDNO field for object form.", errorHandle::DEBUG);
return FALSE;
}
// begin transactions
$result = mfcs::$engine->openDB->transBegin("objects");
if ($result !== TRUE) {
errorHandle::newError(__METHOD__ . "() - unable to start database transactions", errorHandle::DEBUG);
return FALSE;
}
// place old version into revision control
// excluding metadata objects
if ($metadata == 0) {
$rcs = revisions::create();
$return = $rcs->insertRevision($objectID);
if ($return !== TRUE) {
mfcs::$engine->openDB->transRollback();
mfcs::$engine->openDB->transEnd();
errorHandle::newError(__METHOD__ . "() - unable to insert revisions", errorHandle::DEBUG);
return FALSE;
}
}
// insert new version
$sql = sprintf("UPDATE `objects` SET `parentID`='%s', `data`='%s', `formID`='%s', `metadata`='%s', `modifiedTime`='%s', `modifiedBy`='%s' WHERE `ID`='%s'", isset(mfcs::$engine->cleanPost['MYSQL']['parentID']) ? mfcs::$engine->cleanPost['MYSQL']['parentID'] : mfcs::$engine->openDB->escape($parentID), encodeFields($data), mfcs::$engine->openDB->escape($formID), mfcs::$engine->openDB->escape($metadata), isnull($modifiedTime) ? time() : $modifiedTime, mfcs::$engine->openDB->escape(users::user('ID')), mfcs::$engine->openDB->escape($objectID));
$sqlResult = mfcs::$engine->openDB->query($sql);
if (!$sqlResult['result']) {
mfcs::$engine->openDB->transRollback();
mfcs::$engine->openDB->transEnd();
errorHandle::newError(__METHOD__ . "() - " . $sql . " -- " . $sqlResult['error'], errorHandle::DEBUG);
return FALSE;
}
// Insert into the new data table
if (self::insertObjectData($objectID, $data, $formID) === FALSE) {
mfcs::$engine->openDB->transRollback();
mfcs::$engine->openDB->transEnd();
errorHandle::newError(__METHOD__ . "() - inserting objects", errorHandle::DEBUG);
return FALSE;
}
// Update duplicate matching table
if (duplicates::updateDupeTable($formID, $objectID, $data) === FALSE) {
mfcs::$engine->openDB->transRollback();
mfcs::$engine->openDB->transEnd();
errorHandle::newError(__METHOD__ . "() - updating dupe matching", errorHandle::DEBUG);
return FALSE;
}
// if it is an object form (not a metadata form)
// do the IDNO stuff
// We only have to do this if the IDNO is managed by the user
if ($form['metadata'] == "0" && $idnoInfo['managedBy'] != "system") {
// the form is an object form, make sure that it has an ID field defined.
if (($idnoInfo = forms::getFormIDInfo($formID)) === FALSE) {
errorHandle::newError(__METHOD__ . "() - no IDNO field for object form.", errorHandle::DEBUG);
return FALSE;
}
$idno = isset(mfcs::$engine->cleanPost['MYSQL']['idno']) && !isempty(mfcs::$engine->cleanPost['MYSQL']['idno']) ? mfcs::$engine->cleanPost['MYSQL']['idno'] : self::getIDNOForObjectID($objectID);
if ($idno === FALSE || isempty($idno)) {
mfcs::$engine->openDB->transRollback();
mfcs::$engine->openDB->transEnd();
return FALSE;
}
if (!self::updateIDNO($objectID, $idno)) {
mfcs::$engine->openDB->transRollback();
mfcs::$engine->openDB->transEnd();
errorHandle::newError(__METHOD__ . "() - updating the IDNO: " . $sqlResult['error'], errorHandle::DEBUG);
return FALSE;
}
}
// end transactions
mfcs::$engine->openDB->transCommit();
mfcs::$engine->openDB->transEnd();
return TRUE;
}
