/**
* Validate the form
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$this->frm->cleanupFields();
// redefine fields
/** @var $fileFile \SpoonFormFile */
$fileFile = $this->frm->getField('file');
$chkOverwrite = $this->frm->getField('overwrite');
// name checks
if ($fileFile->isFilled(BL::err('FieldIsRequired'))) {
// only xml files allowed
if ($fileFile->isAllowedExtension(array('xml'), sprintf(BL::getError('ExtensionNotAllowed'), 'xml'))) {
// load xml
$xml = @simplexml_load_file($fileFile->getTempFileName());
// invalid xml
if ($xml === false) {
$fileFile->addError(BL::getError('InvalidXML'));
}
}
}
if ($this->frm->isCorrect()) {
// import
$statistics = BackendLocaleModel::importXML($xml, $chkOverwrite->getValue());
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_import', array('statistics' => $statistics));
// everything is imported, so redirect to the overview
$this->redirect(BackendModel::createURLForAction('Index') . '&report=imported&var=' . ($statistics['imported'] . '/' . $statistics['total']) . $this->filterQuery);
}
}
}
/**
* Validate the form.
*/
private function validateForm()
{
// is the form submitted?
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// get field
/** @var $txtName \SpoonFormText */
$txtName = $this->frm->getField('name');
// name filled in?
if ($txtName->isFilled(BL::getError('NameIsRequired'))) {
// name exists?
if (BackendProfilesModel::existsGroupName($txtName->getValue())) {
// set error
$txtName->addError(BL::getError('GroupNameExists'));
}
}
// no errors?
if ($this->frm->isCorrect()) {
// build item
$values['name'] = $txtName->getValue();
// insert values
$id = BackendProfilesModel::insertGroup($values);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_add_group', array('item' => $values));
// everything is saved, so redirect to the overview
$this->redirect(BackendModel::createURLForAction('Groups') . '&report=group-added&var=' . rawurlencode($values['name']) . '&highlight=row-' . $id);
}
}
}
/**
* Validate the form
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$this->frm->cleanupFields();
// get fields
$ddmGroup = $this->frm->getField('group');
$fileFile = $this->frm->getField('file');
$csv = array();
// validate input
$ddmGroup->isFilled(BL::getError('FieldIsRequired'));
if ($fileFile->isFilled(BL::err('FieldIsRequired'))) {
if ($fileFile->isAllowedExtension(array('csv'), sprintf(BL::getError('ExtensionNotAllowed'), 'csv'))) {
$csv = Csv::fileToArray($fileFile->getTempFileName());
if ($csv === false) {
$fileFile->addError(BL::getError('InvalidCSV'));
}
}
}
if ($this->frm->isCorrect()) {
// import the profiles
$overwrite = $this->frm->getField('overwrite_existing')->isChecked();
$statistics = BackendProfilesModel::importCsv($csv, $ddmGroup->getValue(), $overwrite);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_import', array('statistics' => $statistics));
// build redirect url with the right message
$redirectUrl = BackendModel::createURLForAction('index') . '&report=';
$redirectUrl .= $overwrite ? 'profiles-imported-and-updated' : 'profiles-imported';
$redirectUrl .= '&var[]=' . $statistics['count']['inserted'];
$redirectUrl .= '&var[]=' . $statistics['count']['exists'];
// everything is saved, so redirect to the overview
$this->redirect($redirectUrl);
}
}
}
/**
* Validate the form.
*/
private function validateForm()
{
// is the form submitted?
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// get fields
$ddmGroup = $this->frm->getField('group');
$txtExpirationDate = $this->frm->getField('expiration_date');
$txtExpirationTime = $this->frm->getField('expiration_time');
// fields filled?
$ddmGroup->isFilled(BL::getError('FieldIsRequired'));
if ($txtExpirationDate->isFilled()) {
$txtExpirationDate->isValid(BL::getError('DateIsInvalid'));
}
if ($txtExpirationTime->isFilled()) {
$txtExpirationTime->isValid(BL::getError('TimeIsInvalid'));
}
// no errors?
if ($this->frm->isCorrect()) {
// build item
$values['profile_id'] = $this->id;
$values['group_id'] = $ddmGroup->getSelected();
$values['starts_on'] = BackendModel::getUTCDate();
// only format date if not empty
if ($txtExpirationDate->isFilled() && $txtExpirationTime->isFilled()) {
// format date
$values['expires_on'] = BackendModel::getUTCDate(null, BackendModel::getUTCTimestamp($txtExpirationDate, $txtExpirationTime));
}
// insert values
$id = BackendProfilesModel::insertProfileGroup($values);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_profile_add_to_group', array('item' => $values));
// everything is saved, so redirect to the overview
$this->redirect(BackendModel::createURLForAction('Edit') . '&id=' . $values['profile_id'] . '&report=membership-added&highlight=row-' . $id . '#tabGroups');
}
}
}
/**
* Validate the form
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$this->frm->cleanupFields();
// shorten the fields
$txtName = $this->frm->getField('name');
$txtEmail = $this->frm->getField('email');
$ddmMethod = $this->frm->getField('method');
$txtSuccessMessage = $this->frm->getField('success_message');
$txtIdentifier = $this->frm->getField('identifier');
$emailAddresses = (array) explode(',', $txtEmail->getValue());
// validate fields
$txtName->isFilled(BL::getError('NameIsRequired'));
$txtSuccessMessage->isFilled(BL::getError('SuccessMessageIsRequired'));
if ($ddmMethod->isFilled(BL::getError('NameIsRequired')) && $ddmMethod->getValue() == 'database_email') {
$error = false;
// check the addresses
foreach ($emailAddresses as $address) {
$address = trim($address);
if (!\SpoonFilter::isEmail($address)) {
$error = true;
break;
}
}
// add error
if ($error) {
$txtEmail->addError(BL::getError('EmailIsInvalid'));
}
}
// identifier
if ($txtIdentifier->isFilled()) {
// invalid characters
if (!\SpoonFilter::isValidAgainstRegexp('/^[a-zA-Z0-9\\.\\_\\-]+$/', $txtIdentifier->getValue())) {
$txtIdentifier->setError(BL::getError('InvalidIdentifier'));
} elseif (BackendFormBuilderModel::existsIdentifier($txtIdentifier->getValue())) {
// unique identifier
$txtIdentifier->setError(BL::getError('UniqueIdentifier'));
}
}
if ($this->frm->isCorrect()) {
// build array
$values['language'] = BL::getWorkingLanguage();
$values['user_id'] = BackendAuthentication::getUser()->getUserId();
$values['name'] = $txtName->getValue();
$values['method'] = $ddmMethod->getValue();
$values['email'] = $ddmMethod->getValue() == 'database_email' ? serialize($emailAddresses) : null;
$values['success_message'] = $txtSuccessMessage->getValue(true);
$values['identifier'] = $txtIdentifier->isFilled() ? $txtIdentifier->getValue() : BackendFormBuilderModel::createIdentifier();
$values['created_on'] = BackendModel::getUTCDate();
$values['edited_on'] = BackendModel::getUTCDate();
// insert the item
$id = BackendFormBuilderModel::insert($values);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_add', array('item' => $values));
// set frontend locale
FL::setLocale(BL::getWorkingLanguage(), true);
// create submit button
$field['form_id'] = $id;
$field['type'] = 'submit';
$field['settings'] = serialize(array('values' => \SpoonFilter::ucfirst(FL::getLabel('Send'))));
BackendFormBuilderModel::insertField($field);
// everything is saved, so redirect to the editform
$this->redirect(BackendModel::createURLForAction('Edit') . '&id=' . $id . '&report=added&var=' . rawurlencode($values['name']) . '#tabFields');
}
}
}
/**
* Get an error from the language-file
*
* @param string $key The key to get.
* @param string $module The module wherein we should search.
*
* @deprecated
*
* @return string
*/
public static function getError($key, $module = null)
{
trigger_error('Backend\\Core\\Engine\\Language is deprecated.
It has been moved to Backend\\Core\\Language\\Language', E_USER_DEPRECATED);
return parent::getError($key, $module);
}
/**
* Validate the form
*/
private function validateForm()
{
// is the form submitted?
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// get fields
$txtEmail = $this->frm->getField('email');
$txtDisplayName = $this->frm->getField('display_name');
$txtPassword = $this->frm->getField('password');
$txtFirstName = $this->frm->getField('first_name');
$txtLastName = $this->frm->getField('last_name');
$txtCity = $this->frm->getField('city');
$ddmGender = $this->frm->getField('gender');
$ddmDay = $this->frm->getField('day');
$ddmMonth = $this->frm->getField('month');
$ddmYear = $this->frm->getField('year');
$ddmCountry = $this->frm->getField('country');
// email filled in?
if ($txtEmail->isFilled(BL::getError('EmailIsRequired'))) {
// valid email?
if ($txtEmail->isEmail(BL::getError('EmailIsInvalid'))) {
// email already exists?
if (BackendProfilesModel::existsByEmail($txtEmail->getValue())) {
// set error
$txtEmail->addError(BL::getError('EmailExists'));
}
}
}
// display name filled in?
if ($txtDisplayName->isFilled(BL::getError('DisplayNameIsRequired'))) {
// display name already exists?
if (BackendProfilesModel::existsDisplayName($txtDisplayName->getValue())) {
// set error
$txtDisplayName->addError(BL::getError('DisplayNameExists'));
}
}
// profile must not be notified, password must not be empty
if (!$this->notifyProfile) {
$txtPassword->isFilled(BL::err('FieldIsRequired'));
}
// one of the birthday fields are filled in
if ($ddmDay->isFilled() || $ddmMonth->isFilled() || $ddmYear->isFilled()) {
// valid date?
if (!checkdate($ddmMonth->getValue(), $ddmDay->getValue(), $ddmYear->getValue())) {
// set error
$ddmYear->addError(BL::getError('DateIsInvalid'));
}
}
// no errors?
if ($this->frm->isCorrect()) {
$salt = BackendProfilesModel::getRandomString();
$password = $txtPassword->isFilled() ? $txtPassword->getValue() : BackendModel::generatePassword(8);
// build item
$values = array('email' => $txtEmail->getValue(), 'registered_on' => BackendModel::getUTCDate(), 'display_name' => $txtDisplayName->getValue(), 'url' => BackendProfilesModel::getUrl($txtDisplayName->getValue()), 'last_login' => BackendModel::getUTCDate(null, 0), 'password' => BackendProfilesModel::getEncryptedString($password, $salt));
$this->id = BackendProfilesModel::insert($values);
// update salt
BackendProfilesModel::setSetting($this->id, 'salt', $salt);
// bday is filled in
if ($ddmYear->isFilled()) {
// mysql format
$birthDate = $ddmYear->getValue() . '-';
$birthDate .= str_pad($ddmMonth->getValue(), 2, '0', STR_PAD_LEFT) . '-';
$birthDate .= str_pad($ddmDay->getValue(), 2, '0', STR_PAD_LEFT);
} else {
// not filled in
$birthDate = null;
}
// update settings
BackendProfilesModel::setSetting($this->id, 'first_name', $txtFirstName->getValue());
BackendProfilesModel::setSetting($this->id, 'last_name', $txtLastName->getValue());
BackendProfilesModel::setSetting($this->id, 'gender', $ddmGender->getValue());
BackendProfilesModel::setSetting($this->id, 'birth_date', $birthDate);
BackendProfilesModel::setSetting($this->id, 'city', $txtCity->getValue());
BackendProfilesModel::setSetting($this->id, 'country', $ddmCountry->getValue());
// notify values
$notifyValues = array_merge($values, array('id' => $this->id, 'first_name' => $txtFirstName->getValue(), 'last_name' => $txtLastName->getValue(), 'unencrypted_password' => $password));
$redirectUrl = BackendModel::createURLForAction('Edit') . '&id=' . $this->id . '&var=' . rawurlencode($values['display_name']) . '&report=';
// notify new profile user
if ($this->notifyProfile) {
BackendProfilesModel::notifyProfile($notifyValues);
$redirectUrl .= 'saved-and-notified';
} else {
$redirectUrl .= 'saved';
}
// notify admin
if ($this->notifyAdmin) {
BackendProfilesModel::notifyAdmin($notifyValues);
}
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_add', array('item' => $values));
// everything is saved, so redirect to the overview
$this->redirect($redirectUrl);
}
}
}
/**
* Validate the form
*/
private function validateForm()
{
// is the form submitted?
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// required fields
$this->frm->getField('file')->isFilled(BL::err('FieldIsRequired'));
$this->frm->getField('label')->isFilled(BL::err('FieldIsRequired'));
$this->frm->getField('format')->isFilled(BL::err('FieldIsRequired'));
// check if the template file exists
if ($this->frm->getField('theme')->getValue() == 'Core') {
$templateFile = PATH_WWW . '/src/Frontend/Core/Layout/Templates/' . $this->frm->getField('file')->getValue();
} else {
$templateFile = PATH_WWW . '/src/Frontend/Themes/' . $this->frm->getField('theme')->getValue() . '/Core/Layout/Templates/' . $this->frm->getField('file')->getValue();
}
if (!is_file($templateFile)) {
$this->frm->getField('file')->addError(BL::err('TemplateFileNotFound'));
}
// validate syntax
$syntax = trim(str_replace(array("\n", "\r", ' '), '', $this->frm->getField('format')->getValue()));
// init var
$table = BackendExtensionsModel::templateSyntaxToArray($syntax);
// validate the syntax
if ($table === false) {
$this->frm->getField('format')->addError(BL::err('InvalidTemplateSyntax'));
} else {
$html = BackendExtensionsModel::buildTemplateHTML($syntax);
$cellCount = 0;
$first = true;
$errors = array();
// loop rows
foreach ($table as $row) {
// first row defines the cellcount
if ($first) {
$cellCount = count($row);
}
// not same number of cells
if (count($row) != $cellCount) {
// add error
$errors[] = BL::err('InvalidTemplateSyntax');
// stop
break;
}
// doublecheck position names
foreach ($row as $cell) {
// ignore unavailable space
if ($cell != '/') {
// not alphanumeric -> error
if (!in_array($cell, $this->names)) {
$errors[] = sprintf(BL::getError('NonExistingPositionName'), $cell);
} elseif (mb_substr_count($html, '"#position-' . $cell . '"') != 1) {
// can't build proper html -> error
$errors[] = BL::err('InvalidTemplateSyntax');
}
}
}
// reset
$first = false;
}
// add errors
if ($errors) {
$this->frm->getField('format')->addError(implode('<br />', array_unique($errors)));
}
}
// no errors?
if ($this->frm->isCorrect()) {
// build array
$item['theme'] = $this->frm->getField('theme')->getValue();
$item['label'] = $this->frm->getField('label')->getValue();
$item['path'] = 'Core/Layout/Templates/' . $this->frm->getField('file')->getValue();
$item['active'] = $this->frm->getField('active')->getActualValue();
$item['data']['format'] = trim(str_replace(array("\n", "\r", ' '), '', $this->frm->getField('format')->getValue()));
$item['data']['names'] = $this->names;
$item['data']['default_extras'] = $this->extras;
$item['data']['default_extras_' . BL::getWorkingLanguage()] = $this->extras;
$item['data']['image'] = $this->frm->getField('image')->isChecked();
// serialize the data
$item['data'] = serialize($item['data']);
// insert the item
$item['id'] = BackendExtensionsModel::insertTemplate($item);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_add_template', array('item' => $item));
// set default template
if ($this->frm->getField('default')->getChecked() && $item['theme'] == $this->get('fork.settings')->get('Core', 'theme', 'core')) {
$this->get('fork.settings')->set($this->getModule(), 'default_template', $item['id']);
}
// everything is saved, so redirect to the overview
$this->redirect(BackendModel::createURLForAction('ThemeTemplates') . '&theme=' . $item['theme'] . '&report=added-template&var=' . rawurlencode($item['label']) . '&highlight=row-' . $item['id']);
}
}
}
/**
* Validate a submitted form and process it.
*/
private function validateForm()
{
// the form is submitted
if ($this->frm->isSubmitted()) {
// shorten field variables
$fileFile = $this->frm->getField('file');
// validate the file
if ($fileFile->isFilled(BL::err('FieldIsRequired')) && $fileFile->isAllowedExtension(array('zip'), sprintf(BL::getError('ExtensionNotAllowed'), 'zip'))) {
$moduleName = $this->installModule();
}
// passed all validation
if ($this->frm->isCorrect()) {
// by now, the module has already been installed in processZipFile()
// redirect with fireworks
$this->redirect(BackendModel::createURLForAction('Modules') . '&report=module-installed&var=' . $moduleName . '&highlight=row-module_' . $moduleName);
}
}
}
/**
* Fetch the module information from the info.xml file.
*
* @param string $module
*
* @return array
*/
public static function getModuleInformation($module)
{
$pathInfoXml = BACKEND_MODULES_PATH . '/' . $module . '/info.xml';
$information = array('data' => array(), 'warnings' => array());
if (is_file($pathInfoXml)) {
try {
$infoXml = @new \SimpleXMLElement($pathInfoXml, LIBXML_NOCDATA, true);
$information['data'] = self::processModuleXml($infoXml);
if (empty($information['data'])) {
$information['warnings'][] = array('message' => BL::getMessage('InformationFileIsEmpty'));
}
// check if cronjobs are installed already
if (isset($information['data']['cronjobs'])) {
foreach ($information['data']['cronjobs'] as $cronjob) {
if (!$cronjob['active']) {
$information['warnings'][] = array('message' => BL::getError('CronjobsNotSet'));
}
break;
}
}
} catch (Exception $e) {
$information['warnings'][] = array('message' => BL::getMessage('InformationFileCouldNotBeLoaded'));
}
} else {
$information['warnings'][] = array('message' => BL::getMessage('InformationFileIsMissing'));
}
return $information;
}
/**
* Validate the form
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$this->frm->cleanupFields();
// shorten the fields
$txtName = $this->frm->getField('name');
$txtEmail = $this->frm->getField('email');
$ddmMethod = $this->frm->getField('method');
$txtSuccessMessage = $this->frm->getField('success_message');
$txtIdentifier = $this->frm->getField('identifier');
$emailAddresses = (array) explode(',', $txtEmail->getValue());
// validate fields
$txtName->isFilled(BL::getError('NameIsRequired'));
$txtSuccessMessage->isFilled(BL::getError('SuccessMessageIsRequired'));
if ($ddmMethod->isFilled(BL::getError('NameIsRequired')) && $ddmMethod->getValue() == 'database_email') {
$error = false;
// check the addresses
foreach ($emailAddresses as $address) {
$address = trim($address);
if (!\SpoonFilter::isEmail($address)) {
$error = true;
break;
}
}
// add error
if ($error) {
$txtEmail->addError(BL::getError('EmailIsInvalid'));
}
}
// identifier
if ($txtIdentifier->isFilled()) {
// invalid characters
if (!\SpoonFilter::isValidAgainstRegexp('/^[a-zA-Z0-9\\.\\_\\-]+$/', $txtIdentifier->getValue())) {
$txtIdentifier->setError(BL::getError('InvalidIdentifier'));
} elseif (BackendFormBuilderModel::existsIdentifier($txtIdentifier->getValue(), $this->id)) {
$txtIdentifier->setError(BL::getError('UniqueIdentifier'));
}
}
if ($this->frm->isCorrect()) {
// build array
$values['name'] = $txtName->getValue();
$values['method'] = $ddmMethod->getValue();
$values['email'] = $ddmMethod->getValue() == 'database_email' ? serialize($emailAddresses) : null;
$values['success_message'] = $txtSuccessMessage->getValue(true);
$values['identifier'] = $txtIdentifier->isFilled() ? $txtIdentifier->getValue() : BackendFormBuilderModel::createIdentifier();
$values['edited_on'] = BackendModel::getUTCDate();
// insert the item
$id = (int) BackendFormBuilderModel::update($this->id, $values);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_edit', array('item' => $values));
// everything is saved, so redirect to the overview
$this->redirect(BackendModel::createURLForAction('Index') . '&report=edited&var=' . rawurlencode($values['name']) . '&highlight=row-' . $id);
}
}
}
/**
* Execute the action
*/
public function execute()
{
parent::execute();
// get parameters
$formId = \SpoonFilter::getPostValue('form_id', null, '', 'int');
$fieldId = \SpoonFilter::getPostValue('field_id', null, '', 'int');
$type = \SpoonFilter::getPostValue('type', array('checkbox', 'dropdown', 'datetime', 'heading', 'paragraph', 'radiobutton', 'submit', 'textarea', 'textbox'), '', 'string');
$label = trim(\SpoonFilter::getPostValue('label', null, '', 'string'));
$values = trim(\SpoonFilter::getPostValue('values', null, '', 'string'));
// this is somewhat a nasty hack, but it makes special chars work.
$values = \SpoonFilter::htmlspecialcharsDecode($values);
$defaultValues = trim(\SpoonFilter::getPostValue('default_values', null, '', 'string'));
$placeholder = trim(\SpoonFilter::getPostValue('placeholder', null, '', 'string'));
$classname = trim(\SpoonFilter::getPostValue('classname', null, '', 'string'));
$required = \SpoonFilter::getPostValue('required', array('Y', 'N'), 'N', 'string');
$requiredErrorMessage = trim(\SpoonFilter::getPostValue('required_error_message', null, '', 'string'));
$validation = \SpoonFilter::getPostValue('validation', array('email', 'numeric', 'time'), '', 'string');
$validationParameter = trim(\SpoonFilter::getPostValue('validation_parameter', null, '', 'string'));
$errorMessage = trim(\SpoonFilter::getPostValue('error_message', null, '', 'string'));
// special field for textbox: reply to
$replyTo = \SpoonFilter::getPostValue('reply_to', array('Y', 'N'), 'N', 'string');
// special fields for datetime
$inputType = \SpoonFilter::getPostValue('input_type', array('date', 'time'), 'date', 'string');
$valueAmount = trim(\SpoonFilter::getPostValue('value_amount', null, '', 'string'));
$valueType = trim(\SpoonFilter::getPostValue('value_type', null, '', 'string'));
// invalid form id
if (!BackendFormBuilderModel::exists($formId)) {
$this->output(self::BAD_REQUEST, null, 'form does not exist');
} else {
// invalid fieldId
if ($fieldId !== 0 && !BackendFormBuilderModel::existsField($fieldId, $formId)) {
$this->output(self::BAD_REQUEST, null, 'field does not exist');
} else {
// invalid type
if ($type == '') {
$this->output(self::BAD_REQUEST, null, 'invalid type provided');
} else {
// extra validation is only possible for textfields & datetime fields
if ($type != 'textbox' && $type != 'datetime') {
$validation = '';
$validationParameter = '';
$errorMessage = '';
}
// init
$errors = array();
// validate textbox
if ($type == 'textbox') {
if ($label == '') {
$errors['label'] = BL::getError('LabelIsRequired');
}
if ($required == 'Y' && $requiredErrorMessage == '') {
$errors['required_error_message'] = BL::getError('ErrorMessageIsRequired');
}
if ($validation != '' && $errorMessage == '') {
$errors['error_message'] = BL::getError('ErrorMessageIsRequired');
}
if ($replyTo == 'Y' && $validation != 'email') {
$errors['reply_to_error_message'] = BL::getError('EmailValidationIsRequired');
}
} elseif ($type == 'textarea') {
// validate textarea
if ($label == '') {
$errors['label'] = BL::getError('LabelIsRequired');
}
if ($required == 'Y' && $requiredErrorMessage == '') {
$errors['required_error_message'] = BL::getError('ErrorMessageIsRequired');
}
if ($validation != '' && $errorMessage == '') {
$errors['error_message'] = BL::getError('ErrorMessageIsRequired');
}
} elseif ($type == 'datetime') {
// validate datetime
if ($label == '') {
$errors['label'] = BL::getError('LabelIsRequired');
}
if (in_array($valueType, array('day', 'week', 'month', 'year')) && $valueAmount == '') {
$errors['default_value_error_message'] = BL::getError('ValueIsRequired');
}
if ($required == 'Y' && $requiredErrorMessage == '') {
$errors['required_error_message'] = BL::getError('ErrorMessageIsRequired');
}
if ($validation != '' && $errorMessage == '') {
$errors['error_message'] = BL::getError('ErrorMessageIsRequired');
}
} elseif ($type == 'heading' && $values == '') {
// validate heading
$errors['values'] = BL::getError('ValueIsRequired');
} elseif ($type == 'paragraph' && $values == '') {
// validate paragraphs
$errors['values'] = BL::getError('ValueIsRequired');
} elseif ($type == 'submit' && $values == '') {
// validate submitbuttons
$errors['values'] = BL::getError('ValueIsRequired');
} elseif ($type == 'dropdown') {
// validate dropdown
$values = trim($values, ',');
// validate
if ($label == '') {
$errors['label'] = BL::getError('LabelIsRequired');
}
if ($required == 'Y' && $requiredErrorMessage == '') {
$errors['required_error_message'] = BL::getError('ErrorMessageIsRequired');
}
if ($values == '') {
$errors['values'] = BL::getError('ValueIsRequired');
}
} elseif ($type == 'radiobutton') {
// validate radiobutton
if ($label == '') {
$errors['label'] = BL::getError('LabelIsRequired');
}
if ($required == 'Y' && $requiredErrorMessage == '') {
$errors['required_error_message'] = BL::getError('ErrorMessageIsRequired');
}
if ($values == '') {
$errors['values'] = BL::getError('ValueIsRequired');
}
} elseif ($type == 'checkbox') {
// validate checkbox
if ($label == '') {
$errors['label'] = BL::getError('LabelIsRequired');
}
if ($required == 'Y' && $requiredErrorMessage == '') {
$errors['required_error_message'] = BL::getError('ErrorMessageIsRequired');
}
}
// got errors
if (!empty($errors)) {
$this->output(self::OK, array('errors' => $errors), 'form contains errors');
} else {
// htmlspecialchars except for paragraphs
if ($type != 'paragraph') {
if ($values != '') {
$values = \SpoonFilter::htmlspecialchars($values);
}
if ($defaultValues != '') {
$defaultValues = \SpoonFilter::htmlspecialchars($defaultValues);
}
}
// split
if ($type == 'dropdown' || $type == 'checkbox') {
$values = (array) explode('|', $values);
} elseif ($type == 'radiobutton') {
$postedValues = (array) explode('|', $values);
$values = array();
foreach ($postedValues as $postedValue) {
$values[] = array('value' => CommonUri::getUrl($postedValue), 'label' => $postedValue);
}
if ($defaultValues != '') {
$defaultValues = CommonUri::getUrl($defaultValues);
}
}
/*
* Save!
*/
// settings
$settings = array();
if ($label != '') {
$settings['label'] = \SpoonFilter::htmlspecialchars($label);
}
if (isset($values)) {
$settings['values'] = $values;
}
if ($defaultValues != '') {
$settings['default_values'] = $defaultValues;
}
if ($placeholder != '') {
$settings['placeholder'] = \SpoonFilter::htmlspecialchars($placeholder);
}
if ($classname != '') {
$settings['classname'] = \SpoonFilter::htmlspecialchars($classname);
}
// reply-to, only for textboxes
if ($type == 'textbox') {
$settings['reply_to'] = $replyTo == 'Y';
}
// only for datetime input
if ($type == 'datetime') {
$settings['input_type'] = $inputType;
if ($inputType == 'date') {
$settings['value_amount'] = $valueAmount;
$settings['value_type'] = $valueType;
}
}
// build array
$field = array();
$field['form_id'] = $formId;
$field['type'] = $type;
$field['settings'] = !empty($settings) ? serialize($settings) : null;
// existing field
if ($fieldId !== 0) {
// update field
BackendFormBuilderModel::updateField($fieldId, $field);
// delete all validation (added again later)
BackendFormBuilderModel::deleteFieldValidation($fieldId);
} else {
// sequence
$field['sequence'] = BackendFormBuilderModel::getMaximumSequence($formId) + 1;
// insert
$fieldId = BackendFormBuilderModel::insertField($field);
}
// required
if ($required == 'Y') {
// build array
$validate['field_id'] = $fieldId;
$validate['type'] = 'required';
$validate['error_message'] = \SpoonFilter::htmlspecialchars($requiredErrorMessage);
// add validation
BackendFormBuilderModel::insertFieldValidation($validate);
// add to field (for parsing)
$field['validations']['required'] = $validate;
}
// other validation
if ($validation != '') {
// build array
$validate['field_id'] = $fieldId;
$validate['type'] = $validation;
$validate['error_message'] = \SpoonFilter::htmlspecialchars($errorMessage);
$validate['parameter'] = $validationParameter != '' ? \SpoonFilter::htmlspecialchars($validationParameter) : null;
// add validation
BackendFormBuilderModel::insertFieldValidation($validate);
// add to field (for parsing)
$field['validations'][$type] = $validate;
}
// get item from database (i do this call again to keep the pof as low as possible)
$field = BackendFormBuilderModel::getField($fieldId);
// submit button isnt parsed but handled directly via javascript
if ($type == 'submit') {
$fieldHTML = '';
} else {
// parse field to html
$fieldHTML = FormBuilderHelper::parseField($field);
}
// success output
$this->output(self::OK, array('field_id' => $fieldId, 'field_html' => $fieldHTML), 'field saved');
}
}
}
}
}
/**
* Validate the form
*/
private function validateForm()
{
// is the form submitted?
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// get fields
$chkNewEmail = $this->frm->getField('new_email');
$txtEmail = $this->frm->getField('email');
$txtDisplayName = $this->frm->getField('display_name');
$chkNewPassword = $this->frm->getField('new_password');
$txtPassword = $this->frm->getField('password');
$txtPasswordRepeat = $this->frm->getField('password_repeat');
$txtFirstName = $this->frm->getField('first_name');
$txtLastName = $this->frm->getField('last_name');
$txtCity = $this->frm->getField('city');
$ddmGender = $this->frm->getField('gender');
$ddmDay = $this->frm->getField('day');
$ddmMonth = $this->frm->getField('month');
$ddmYear = $this->frm->getField('year');
$ddmCountry = $this->frm->getField('country');
// email filled in?
if ($chkNewEmail->isChecked() && $txtEmail->isFilled(BL::getError('EmailIsRequired'))) {
// email must not be the same as previous one
if ($txtEmail->getValue() == $this->profile['email']) {
$txtEmail->addError(BL::getError('EmailMatchesPrevious'));
}
// valid email?
if ($txtEmail->isEmail(BL::getError('EmailIsInvalid'))) {
// email already exists?
if (BackendProfilesModel::existsByEmail($txtEmail->getValue(), $this->id)) {
// set error
$txtEmail->addError(BL::getError('EmailExists'));
}
}
}
// display name filled in?
if ($txtDisplayName->isFilled(BL::getError('DisplayNameIsRequired'))) {
// display name already exists?
if (BackendProfilesModel::existsDisplayName($txtDisplayName->getValue(), $this->id)) {
// set error
$txtDisplayName->addError(BL::getError('DisplayNameExists'));
}
}
// new_password is checked, so verify new password (only if profile should not be notified)
// because then if the password field is empty, it will generate a new password
if ($chkNewPassword->isChecked() && !$this->notifyProfile) {
$txtPassword->isFilled(BL::err('FieldIsRequired'));
$txtPasswordRepeat->isFilled(BL::err('FieldIsRequired'));
// both password fields are filled in and should match
if ($txtPassword->isFilled() && $txtPasswordRepeat->isFilled() && $txtPassword->getValue() != $txtPasswordRepeat->getValue()) {
$txtPasswordRepeat->addError(BL::err('PasswordRepeatIsRequired'));
}
}
// one of the bday fields are filled in
if ($ddmDay->isFilled() || $ddmMonth->isFilled() || $ddmYear->isFilled()) {
// valid date?
if (!checkdate($ddmMonth->getValue(), $ddmDay->getValue(), $ddmYear->getValue())) {
// set error
$ddmYear->addError(BL::getError('DateIsInvalid'));
}
}
// no errors?
if ($this->frm->isCorrect()) {
// build item
$values['email'] = $chkNewEmail->isChecked() ? $txtEmail->getValue() : $this->profile['email'];
// only update if display name changed
if ($txtDisplayName->getValue() != $this->profile['display_name']) {
$values['display_name'] = $txtDisplayName->getValue();
$values['url'] = BackendProfilesModel::getUrl($txtDisplayName->getValue(), $this->id);
}
// new password filled in?
if ($chkNewPassword->isChecked()) {
// get new salt
$salt = BackendProfilesModel::getRandomString();
// update salt
BackendProfilesModel::setSetting($this->id, 'salt', $salt);
// new password filled in? otherwise generate a password
$password = $txtPassword->isFilled() ? $txtPassword->getValue() : BackendModel::generatePassword(8);
// build password
$values['password'] = BackendProfilesModel::getEncryptedString($password, $salt);
}
// update values
BackendProfilesModel::update($this->id, $values);
// birthday is filled in
if ($ddmYear->isFilled()) {
// mysql format
$birthDate = $ddmYear->getValue() . '-';
$birthDate .= str_pad($ddmMonth->getValue(), 2, '0', STR_PAD_LEFT) . '-';
$birthDate .= str_pad($ddmDay->getValue(), 2, '0', STR_PAD_LEFT);
} else {
$birthDate = null;
}
// update settings
BackendProfilesModel::setSetting($this->id, 'first_name', $txtFirstName->getValue());
BackendProfilesModel::setSetting($this->id, 'last_name', $txtLastName->getValue());
BackendProfilesModel::setSetting($this->id, 'gender', $ddmGender->getValue());
BackendProfilesModel::setSetting($this->id, 'birth_date', $birthDate);
BackendProfilesModel::setSetting($this->id, 'city', $txtCity->getValue());
BackendProfilesModel::setSetting($this->id, 'country', $ddmCountry->getValue());
$displayName = isset($values['display_name']) ? $values['display_name'] : $this->profile['display_name'];
$redirectUrl = BackendModel::createURLForAction('Index') . '&var=' . rawurlencode($values['email']) . '&highlight=row-' . $this->id . '&var=' . rawurlencode($displayName) . '&report=';
if ($this->notifyProfile && ($chkNewEmail->isChecked() || $chkNewPassword->isChecked())) {
// no new password
if (!$chkNewPassword->isChecked()) {
$password = BL::lbl('YourExistingPassword');
}
// notify values
$notifyValues = array_merge($values, array('id' => $this->id, 'first_name' => $txtFirstName->getValue(), 'last_name' => $txtLastName->getValue(), 'unencrypted_password' => $password));
if (!isset($notifyValues['display_name'])) {
$notifyValues['display_name'] = $this->profile['display_name'];
}
BackendProfilesModel::notifyProfile($notifyValues, true);
$redirectUrl .= 'saved-and-notified';
} else {
$redirectUrl .= 'saved';
}
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_edit', array('item' => $values));
// everything is saved, so redirect to the overview
$this->redirect($redirectUrl);
}
}
}
/**
* Validate a submitted form and process it.
*/
private function validateForm()
{
// The form is submitted
if (!$this->frm->isSubmitted()) {
return;
}
/** @var $fileFile \SpoonFormFile */
$fileFile = $this->frm->getField('file');
$zip = null;
$zipFiles = null;
// Validate the file. Check if the file field is filled and if it's a zip.
if ($fileFile->isFilled(BL::err('FieldIsRequired')) && $fileFile->isAllowedExtension(array('zip'), sprintf(BL::getError('ExtensionNotAllowed'), 'zip'))) {
// Create ziparchive instance
$zip = new ZipArchive();
// Try and open it
if ($zip->open($fileFile->getTempFileName()) === true) {
// zip file needs to contain some files
if ($zip->numFiles > 0) {
$infoXml = $this->findInfoFileInZip($zip);
// Throw error if info.xml is not found
if ($infoXml === null) {
return $fileFile->addError(sprintf(BL::getError('NoInformationFile'), $fileFile->getFileName()));
}
// Parse xml
try {
// Load info.xml
$infoXml = @new \SimpleXMLElement($infoXml, LIBXML_NOCDATA, false);
// Convert xml to useful array
$this->info = BackendExtensionsModel::processThemeXml($infoXml);
// Empty data (nothing useful)
if (empty($this->info)) {
return $fileFile->addError(BL::getMessage('InformationFileIsEmpty'));
}
// Define the theme name, based on the info.xml file.
$this->themeName = $this->info['name'];
} catch (Exception $e) {
// Warning that the information file is corrupt
return $fileFile->addError(BL::getMessage('InformationFileCouldNotBeLoaded'));
}
// Wow wow, you are trying to upload an already existing theme
if (BackendExtensionsModel::existsTheme($this->themeName)) {
return $fileFile->addError(sprintf(BL::getError('ThemeAlreadyExists'), $this->themeName));
}
$zipFiles = $this->getValidatedFilesList($zip);
} else {
// Empty zip file
$fileFile->addError(BL::getError('FileIsEmpty'));
}
} else {
// Something went very wrong, probably corrupted
return $fileFile->addError(BL::getError('CorruptedFile'));
}
}
// Passed all validation
if ($this->frm->isCorrect() && $zip !== null) {
// Unpack the zip. If the files were not found inside a parent directory, we create the theme directory.
$themePath = FRONTEND_PATH . '/Themes';
if ($this->parentFolderName === null) {
$themePath .= "/{$this->themeName}";
}
$zip->extractTo($themePath, $zipFiles);
// Rename the original name of the parent folder from the zip to the correct theme foldername.
$fs = new Filesystem();
$parentZipFolderPath = $themePath . '/' . $this->parentFolderName;
if ($this->parentFolderName !== $this->themeName && $this->parentFolderName !== null && $fs->exists($parentZipFolderPath)) {
$fs->rename($parentZipFolderPath, "{$themePath}/{$this->themeName}");
}
// Run installer
BackendExtensionsModel::installTheme($this->themeName);
// Redirect with fireworks
$this->redirect(BackendModel::createURLForAction('Themes') . '&report=theme-installed&var=' . $this->themeName);
}
}
