/**
  * Override the default method to handle the specific things of the download module and
  * update the database after file was successful uploaded.
  * This method has the same parameters as the default.
  * @param  $uploaded_file
  * @param  $name
  * @param  $size
  * @param  $type
  * @param  $error
  * @param  $index
  * @param  $content_range
  * @return stdClass
  */
 protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, $index = null, $content_range = null)
 {
     global $gPreferences, $gL10n, $gDb, $getId, $gCurrentOrganization, $gCurrentUser;
     $file = parent::handle_file_upload($uploaded_file, $name, $size, $type, $error, $index, $content_range);
     if (!isset($file->error)) {
         try {
             // check filesize against module settings
             if ($file->size > $gPreferences['max_file_upload_size'] * 1024 * 1024) {
                 throw new AdmException('DOW_FILE_TO_LARGE', $gPreferences['max_file_upload_size']);
             }
             // check filename and throw exception if something is wrong
             admStrIsValidFileName($file->name, true);
             // get recordset of current folder from database and throw exception if necessary
             $targetFolder = new TableFolder($gDb);
             $targetFolder->getFolderForDownload($getId);
             // now add new file to database
             $newFile = new TableFile($gDb);
             $newFile->setValue('fil_fol_id', $targetFolder->getValue('fol_id'));
             $newFile->setValue('fil_name', $file->name);
             $newFile->setValue('fil_locked', $targetFolder->getValue('fol_locked'));
             $newFile->setValue('fil_counter', '0');
             $newFile->save();
             // Benachrichtigungs-Email für neue Einträge
             $message = $gL10n->get('DOW_EMAIL_NOTIFICATION_MESSAGE', $gCurrentOrganization->getValue('org_longname'), $file->name, $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME'), date($gPreferences['system_date'], time()));
             $notification = new Email();
             $notification->adminNotfication($gL10n->get('DOW_EMAIL_NOTIFICATION_TITLE'), $message, $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME'), $gCurrentUser->getValue('EMAIL'));
         } catch (AdmException $e) {
             $file->error = $e->getText();
             unlink($this->options['upload_dir'] . $file->name);
             return $file;
         }
     }
     return $file;
 }
Ejemplo n.º 2
0
     }
     if (!isset($_POST['enable_auto_login']) && $gPreferences['enable_auto_login'] == 1) {
         // if auto login was deactivated than delete all saved logins
         $sql = 'DELETE FROM ' . TBL_AUTO_LOGIN;
         $gDb->query($sql);
         $gPreferences[$key] = $value;
     }
     break;
 case 'organization':
     $checkboxes = array('system_organization_select');
     if ($_POST['org_longname'] === '') {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_NAME')));
     }
     break;
 case 'regional_settings':
     if (!admStrIsValidFileName($_POST['system_language']) || !file_exists(SERVER_PATH . '/adm_program/languages/' . $_POST['system_language'] . '.xml')) {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_LANGUAGE')));
     }
     if ($_POST['system_date'] === '') {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_DATE_FORMAT')));
     }
     if ($_POST['system_time'] === '') {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_TIME_FORMAT')));
     }
     break;
 case 'registration':
     $checkboxes = array('enable_registration_captcha', 'enable_registration_admin_mail');
     break;
 case 'email_dispatch':
     $checkboxes = array('mail_sender_into_to', 'mail_smtp_auth');
     break;
Ejemplo n.º 3
0
 /**
  * Creates a html structure for a form field. This structure contains the label and the div for the form element.
  * After the form element is added the method closeControlStructure must be called.
  * @param string $id         The id of this field structure.
  * @param string $label      The label of the field. This string should already be translated.
  * @param int    $property   (optional) With this param you can set the following properties:
  *                           - @b FIELD_DEFAULT  : The field can accept an input.
  *                           - @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value.
  *                           - @b FIELD_DISABLED : The field will be disabled and could not accept an input.
  * @param string $helpTextId (optional) A unique text id from the translation xml files that should be shown e.g. SYS_ENTRY_MULTI_ORGA.
  *                           If set a help icon will be shown where the user can see the text if he hover over the icon.
  *                           If you need an additional parameter for the text you can add an array. The first entry
  *                           must be the unique text id and the second entry will be a parameter of the text id.
  * @param string $icon       (optional) An icon can be set. This will be placed in front of the label.
  * @param string $class      (optional) An additional css classname for the row. The class @b admFieldRow
  *                           is set as default and need not set with this parameter.
  */
 protected function openControlStructure($id, $label, $property = FIELD_DEFAULT, $helpTextId = '', $icon = '', $class = '')
 {
     $cssClassRow = '';
     $htmlIcon = '';
     $htmlHelpIcon = '';
     $htmlIdFor = '';
     // set specific css class for this row
     if ($class !== '') {
         $cssClassRow .= ' ' . $class;
     }
     // if necessary set css class for a mandatory element
     if ($property === FIELD_REQUIRED && $this->showRequiredFields) {
         $cssClassMandatory = ' admidio-form-group-required';
         $cssClassRow .= $cssClassMandatory;
         $this->flagRequiredFields = true;
     }
     if ($id !== '') {
         $htmlIdFor = ' for="' . $id . '"';
         $this->addHtml('<div id="' . $id . '_group" class="form-group' . $cssClassRow . '">');
     } else {
         $this->addHtml('<div class="form-group' . $cssClassRow . '">');
     }
     if (strlen($icon) > 0) {
         // create html for icon
         if (strpos(admStrToLower($icon), 'http') === 0 && strValidCharacters($icon, 'url')) {
             $htmlIcon = '<img class="admidio-icon-info" src="' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
         } elseif (admStrIsValidFileName($icon, true)) {
             $htmlIcon = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
         }
     }
     if ($helpTextId !== '') {
         $htmlHelpIcon = $this->getHelpTextIcon($helpTextId);
     }
     // add label element
     if ($this->type === 'vertical' || $this->type === 'navbar') {
         if ($label !== '') {
             $this->addHtml('<label' . $htmlIdFor . '>' . $htmlIcon . $label . $htmlHelpIcon . '</label>');
         }
     } else {
         if ($label !== '') {
             $this->addHtml('<label' . $htmlIdFor . ' class="col-sm-3 control-label">' . $htmlIcon . $label . $htmlHelpIcon . '</label>
                 <div class="col-sm-9">');
         } else {
             $this->addHtml('<div class="col-sm-offset-3 col-sm-9">');
         }
     }
 }
Ejemplo n.º 4
0
 /**
  * Get the value of a column of the database table.
  * If the value was manipulated before with @b setValue than the manipulated value is returned.
  * @param string $columnName The name of the database column whose value should be read
  * @param string $format     For column @c usf_value_list the following format is accepted: @n
  *                           @b database returns database value of usf_value_list; @n
  *                           @b text extract only text from usf_value_list, image infos will be ignored @n
  *                           For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n
  *                           For text columns the format can be @b database that would be the database value without any transformations
  * @return Returns the value of the database column.
  *         If the value was manipulated before with @b setValue than the manipulated value is returned.
  */
 public function getValue($columnName, $format = '')
 {
     global $gL10n;
     if ($columnName === 'inf_description') {
         if (!isset($this->dbColumns['inf_description'])) {
             $value = '';
         } elseif ($format === 'database') {
             $value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8');
         } else {
             $value = $this->dbColumns['inf_description'];
         }
     } elseif ($columnName === 'inf_name_intern') {
         // internal name should be read with no conversion
         $value = parent::getValue($columnName, 'database');
     } else {
         $value = parent::getValue($columnName, $format);
     }
     if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') {
         // if text is a translation-id then translate it
         if (strpos($value, '_') === 3) {
             $value = $gL10n->get(admStrToUpper($value));
         }
     } elseif ($columnName === 'inf_value_list' && $format !== 'database') {
         if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
             $arrListValues = explode("\r\n", $value);
             $arrListValuesWithKeys = array();
             // array with list values and keys that represents the internal value
             foreach ($arrListValues as $key => &$listValue) {
                 if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
                     // if value is imagefile or imageurl then show image
                     if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
                         // if there is imagefile and text separated by | then explode them
                         if (strpos($listValue, '|') > 0) {
                             $listValueImage = substr($listValue, 0, strpos($listValue, '|'));
                             $listValueText = substr($listValue, strpos($listValue, '|') + 1);
                         } else {
                             $listValueImage = $listValue;
                             $listValueText = $this->getValue('inf_name');
                         }
                         // if text is a translation-id then translate it
                         if (strpos($listValueText, '_') === 3) {
                             $listValueText = $gL10n->get(admStrToUpper($listValueText));
                         }
                         if ($format === 'text') {
                             // if no image is wanted then return the text part or only the position of the entry
                             if (strpos($listValue, '|') > 0) {
                                 $listValue = $listValueText;
                             } else {
                                 $listValue = $key + 1;
                             }
                         } else {
                             try {
                                 // create html for optionbox entry
                                 if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
                                     $listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
                                 } elseif (admStrIsValidFileName($listValueImage, true)) {
                                     $listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
                                 }
                             } catch (AdmException $e) {
                                 $e->showText();
                             }
                         }
                     }
                 }
                 // if text is a translation-id then translate it
                 if (strpos($listValue, '_') === 3) {
                     $listValue = $gL10n->get(admStrToUpper($listValue));
                 }
                 // save values in new array that starts with key = 1
                 $arrListValuesWithKeys[++$key] = $listValue;
             }
             $value = $arrListValuesWithKeys;
         }
     }
     return $value;
 }
Ejemplo n.º 5
0
 /** Returns the value of the field in html format with consideration of all layout parameters
  *  @param $fieldNameIntern Internal profile field name of the field that should be html formated
  *  @param $value The value that should be formated must be commited so that layout is also possible for values that aren't stored in database
  *  @param $value2 An optional parameter that is necessary for some special fields like email to commit the user id
  *  @return Returns an html formated string that considered the profile field settings
  */
 public function getHtmlValue($fieldNameIntern, $value, $value2 = '')
 {
     global $gPreferences, $g_root_path, $gL10n;
     if ($value !== '' && array_key_exists($fieldNameIntern, $this->mProfileFields) == true) {
         // create html for each field type
         $htmlValue = $value;
         if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
             if ($value == 1) {
                 $htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox_checked.gif" alt="on" />';
             } else {
                 $htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />';
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') {
             // the value in db is only the position, now search for the text
             if ($value !== '') {
                 if ($gPreferences['enable_mail_module'] != 1) {
                     $emailLink = 'mailto:' . $value;
                 } else {
                     // set value2 to user id because we need a second parameter in the link to mail module
                     if ($value2 === '') {
                         $value2 = $this->mUserId;
                     }
                     $emailLink = $g_root_path . '/adm_program/modules/messages/messages_write.php?usr_id=' . $value2;
                 }
                 if (strlen($value) > 30) {
                     $htmlValue = '<a href="' . $emailLink . '" title="' . $value . '">' . substr($value, 0, 30) . '...</a>';
                 } else {
                     $htmlValue = '<a href="' . $emailLink . '" style="overflow: visible; display: inline;" title="' . $value . '">' . $value . '</a>';
                 }
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DROPDOWN' || $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') {
             $arrListValuesWithKeys = array();
             // array with list values and keys that represents the internal value
             // first replace windows new line with unix new line and then create an array
             $valueFormated = str_replace("\r\n", "\n", $this->mProfileFields[$fieldNameIntern]->getValue('usf_value_list', 'database'));
             $arrListValues = explode("\n", $valueFormated);
             foreach ($arrListValues as $key => &$listValue) {
                 if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') {
                     // if value is imagefile or imageurl then show image
                     if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
                         // if there is imagefile and text separated by | then explode them
                         if (strpos($listValue, '|') > 0) {
                             $listValueImage = substr($listValue, 0, strpos($listValue, '|'));
                             $listValueText = substr($listValue, strpos($listValue, '|') + 1);
                         } else {
                             $listValueImage = $listValue;
                             $listValueText = $this->getValue('usf_name');
                         }
                         // if text is a translation-id then translate it
                         if (strpos($listValueText, '_') == 3) {
                             $listValueText = $gL10n->get(admStrToUpper($listValueText));
                         }
                         try {
                             // create html for optionbox entry
                             if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
                                 $listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
                             } elseif (admStrIsValidFileName($listValueImage, true)) {
                                 $listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
                             }
                         } catch (AdmException $e) {
                             $e->showText();
                         }
                     }
                 }
                 // if text is a translation-id then translate it
                 if (strpos($listValue, '_') == 3) {
                     $listValue = $gL10n->get(admStrToUpper($listValue));
                 }
                 // save values in new array that starts with key = 1
                 $arrListValuesWithKeys[++$key] = $listValue;
             }
             $htmlValue = $arrListValuesWithKeys[$value];
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') {
             if ($value !== '') {
                 if (strlen($value) > 35) {
                     $htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2, 35) . '...</a>';
                 } else {
                     $htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2) . '</a>';
                 }
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'TEXT_BIG') {
             $htmlValue = nl2br($value);
         }
         // if field has url then create a link
         if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) {
             if ($fieldNameIntern == 'FACEBOOK' && is_numeric($value)) {
                 // facebook has two different profile urls (id and facebook name),
                 // we could only store one way in database (facebook name) and the other (id) is defined here :)
                 $htmlValue = '<a href="http://www.facebook.com/profile.php?id=' . $value . '" target="_blank">' . $htmlValue . '</a>';
             } else {
                 $htmlValue = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $htmlValue . '</a>';
             }
             // replace a variable in url with user value
             if (strpos($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'), '%user_content%') !== false) {
                 $htmlValue = preg_replace('/%user_content%/', $value, $htmlValue);
             }
         }
         $value = $htmlValue;
     } else {
         // special case for type CHECKBOX and no value is there, then show unchecked checkbox
         if (array_key_exists($fieldNameIntern, $this->mProfileFields) == true && $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
             $value = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />';
             // if field has url then create a link
             if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) {
                 $value = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $value . '</a>';
             }
         }
     }
     return $value;
 }
Ejemplo n.º 6
0
/**
 * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
 * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
 * value was set then the parameter will be initialized. The function can be used with every array and their elements.
 * You can set several flags (like required value, datatype …) that should be checked.
 *
 * @param array $array         The array with the element that should be checked
 * @param string $variableName Name of the array element that should be checked
 * @param string $datatype     The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that
 *                             is expected and which will be checked.
 *                             Datatype @b date expects a date that has the Admidio default format from the
 *                             preferences or the english date format @b Y-m-d
 * @param array $options       An array with the following possible entries:
 *                             @b defaultValue: A value that will be set if the variable has no value
 *                             @b requireValue: If set to @b true than a value is required otherwise the function
 *                                              returns an error
 *                             @b validValues:  An array with all values that the variable could have. If another
 *                                              value is found than the function returns an error
 *                             @b directOutput: If set to @b true the function returns only the error string, if set
 *                                              to false a html message with the error will be returned
 * @return mixed|null Returns the value of the element or the error message if a test failed
 *
 * @par Examples
 * @code   // numeric value that would get a default value 0 if not set
 * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
 *
 * // string that will be initialized with text of id DAT_DATES
 * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
 *
 * // string initialized with actual and the only allowed values are actual and old
 * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode
 */
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
    global $gL10n, $gMessage, $gPreferences;
    // create array with all options
    $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
    $optionsAll = array_replace($optionsDefault, $options);
    $errorMessage = '';
    $datatype = admStrToLower($datatype);
    // set default value for each datatype if no value is given and no value was required
    if (!isset($array[$variableName]) || $array[$variableName] === '') {
        if ($optionsAll['requireValue']) {
            // if value is required an no value is given then show error
            $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
        } elseif ($optionsAll['defaultValue'] !== null) {
            // if a default value was set then take this value
            $array[$variableName] = $optionsAll['defaultValue'];
        } else {
            // no value set then initialize the parameter
            if ($datatype === 'boolean' || $datatype === 'numeric') {
                $array[$variableName] = 0;
            } elseif ($datatype === 'string' || $datatype === 'html') {
                $array[$variableName] = '';
            } elseif ($datatype === 'date') {
                $array[$variableName] = '';
            }
            return $array[$variableName];
        }
    }
    if ($datatype === 'boolean') {
        // boolean type must be 0 or 1 otherwise throw error
        // do not check with in_array because this function don't work properly
        if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') {
            $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
        }
    } elseif ($optionsAll['validValues'] !== null) {
        // check if parameter has a valid value
        // do a strict check with in_array because the function don't work properly
        if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) {
            $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
        }
    }
    switch ($datatype) {
        case 'file':
            try {
                admStrIsValidFileName($array[$variableName]);
            } catch (AdmException $e) {
                $errorMessage = $e->getText();
            }
            break;
        case 'date':
            // check if date is a valid Admidio date format
            $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]);
            if (!$objAdmidioDate) {
                // check if date has english format
                $objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]);
                if (!$objEnglishDate) {
                    $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
                }
            }
            break;
        case 'numeric':
            // numeric datatype should only contain numbers
            if (!is_numeric($array[$variableName])) {
                $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
            }
            break;
        case 'string':
            $array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8'));
            break;
        case 'html':
            // check html string vor invalid tags and scripts
            $array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1));
            break;
    }
    // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
    if ($errorMessage === '') {
        return $array[$variableName];
    } else {
        if (isset($gMessage)) {
            if ($optionsAll['directOutput']) {
                $gMessage->showTextOnly(true);
            }
            $gMessage->show($errorMessage);
        } else {
            echo $errorMessage;
            exit;
        }
    }
    return null;
}
Ejemplo n.º 7
0
}
$headline = $gL10n->get('BAC_DATABASE_BACKUP');
// create html page object
$page = new HtmlPage($headline);
$page->enableModal();
$backupabsolutepath = $myFilesBackup->getFolder() . '/';
// make sure to include trailing slash
if ($getMode === 'show_list') {
    $existingBackupFiles = array();
    // start navigation of this module here
    $gNavigation->addStartUrl(CURRENT_URL, $headline);
    // create a list with all valid files in the backup folder
    if ($handle = opendir($backupabsolutepath)) {
        while (false !== ($file = readdir($handle))) {
            try {
                admStrIsValidFileName($file, true);
                $existingBackupFiles[] = $file;
            } catch (AdmException $e) {
                $temp = 1;
            }
        }
        closedir($handle);
    }
    // sort files (filename/date)
    sort($existingBackupFiles);
    // get module menu
    $backupMenu = $page->getMenu();
    // show link to create new backup
    $backupMenu->addItem('admMenuItemNewBackup', $g_root_path . '/adm_program/modules/backup/backup.php?mode=create_backup', $gL10n->get('BAC_START_BACKUP'), 'database_save.png');
    // Define table
    $table = new HtmlTable('tableList', $page, true);
Ejemplo n.º 8
0
/**
 * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
 * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
 * value was set then the parameter will be initialized. The function can be used with every array and their elements.
 * You can set several flags (like required value, datatype …) that should be checked.
 *
 * @param array  $array        The array with the element that should be checked
 * @param string $variableName Name of the array element that should be checked
 * @param string $datatype     The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html,
 *                             @b date or @b file that is expected and which will be checked.
 *                             Datatype @b date expects a date that has the Admidio default format from the
 *                             preferences or the english date format @b Y-m-d
 * @param array $options       (optional) An array with the following possible entries:
 *                             - @b defaultValue : A value that will be set if the variable has no value
 *                             - @b requireValue : If set to @b true than a value is required otherwise the function
 *                                                 returns an error
 *                             - @b validValues :  An array with all values that the variable could have. If another
 *                                                 value is found than the function returns an error
 *                             - @b directOutput : If set to @b true the function returns only the error string, if set
 *                                                 to false a html message with the error will be returned
 * @return mixed|null Returns the value of the element or the error message if a test failed
 *
 * @par Examples
 * @code
 * // numeric value that would get a default value 0 if not set
 * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
 *
 * // string that will be initialized with text of id DAT_DATES
 * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
 *
 * // string initialized with actual and the only allowed values are actual and old
 * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old')));
 * @endcode
 */
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
    global $gL10n, $gMessage, $gPreferences;
    // create array with all options
    $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
    $optionsAll = array_replace($optionsDefault, $options);
    $errorMessage = '';
    $datatype = admStrToLower($datatype);
    $value = null;
    // set default value for each datatype if no value is given and no value was required
    if (array_key_exists($variableName, $array) && $array[$variableName] !== '') {
        $value = $array[$variableName];
    } else {
        if ($optionsAll['requireValue']) {
            // if value is required an no value is given then show error
            $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
        } elseif ($optionsAll['defaultValue'] !== null) {
            // if a default value was set then take this value
            $value = $optionsAll['defaultValue'];
        } else {
            // no value set then initialize the parameter
            if ($datatype === 'bool' || $datatype === 'boolean') {
                $value = false;
            } elseif ($datatype === 'numeric' || $datatype === 'int') {
                $value = 0;
            } elseif ($datatype === 'float') {
                $value = 0.0;
            } else {
                $value = '';
            }
            return $value;
        }
    }
    if ($optionsAll['validValues'] !== null) {
        // check if parameter has a valid value
        // do a strict check with in_array because the function don't work properly
        if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) {
            $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
        }
    }
    switch ($datatype) {
        case 'file':
            try {
                if ($value !== '') {
                    admStrIsValidFileName($value);
                }
            } catch (AdmException $e) {
                $errorMessage = $e->getText();
            }
            break;
        case 'date':
            // check if date is a valid Admidio date format
            $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value);
            if (!$objAdmidioDate) {
                // check if date has english format
                $objEnglishDate = DateTime::createFromFormat('Y-m-d', $value);
                if (!$objEnglishDate) {
                    $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
                }
            }
            break;
        case 'bool':
        case 'boolean':
            $valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
            // Bug workaround PHP <5.4.8
            // https://bugs.php.net/bug.php?id=49510
            if ($valid === null && ($value === null || $value === false || $value === '')) {
                $valid = false;
            }
            if ($valid === null) {
                $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
            }
            $value = $valid;
            break;
        case 'int':
        case 'float':
        case 'numeric':
            // numeric datatype should only contain numbers
            if (!is_numeric($value)) {
                $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
            } else {
                if ($datatype === 'int') {
                    $value = filter_var($value, FILTER_VALIDATE_INT);
                } elseif ($datatype === 'float') {
                    $value = filter_var($value, FILTER_VALIDATE_FLOAT);
                } else {
                    // https://secure.php.net/manual/en/function.is-numeric.php#107326
                    $value = $value + 0;
                }
            }
            break;
        case 'string':
            $value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8'));
            break;
        case 'html':
            // check html string vor invalid tags and scripts
            $value = htmLawed(stripslashes($value), array('safe' => 1));
            break;
    }
    // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
    if ($errorMessage === '') {
        return $value;
    } else {
        if (isset($gMessage)) {
            if ($optionsAll['directOutput']) {
                $gMessage->showTextOnly(true);
            }
            $gMessage->show($errorMessage);
        } else {
            echo $errorMessage;
            exit;
        }
    }
    return null;
}
Ejemplo n.º 9
0
 /**
  * open a folder in the current module folder
  * if that folder doesn't exists than it will be created
  * @param string $folder
  * @return int
  */
 public function setSubFolder($folder)
 {
     if (admStrIsValidFileName($folder)) {
         $tempPath = $this->modulePath . '/' . $folder;
         if (!is_writable($tempPath)) {
             if (!file_exists($tempPath)) {
                 // create folder
                 if (!@mkdir($tempPath, 0777)) {
                     $this->errorText = 'SYS_FOLDER_NOT_CREATED';
                     $this->errorPath = $this->webPath . '/' . $folder;
                     return 0;
                 }
             }
         }
         if (!is_writable($tempPath)) {
             // set folder writable
             if (!@chmod($tempPath, 0777)) {
                 $this->errorText = 'SYS_FOLDER_WRITE_ACCESS';
                 $this->errorPath = $this->webPath . '/' . $folder;
                 return 0;
             }
         }
         $this->currentPath = $tempPath;
         $this->webPath = $this->webPath . '/' . $folder;
         return 1;
     }
 }
Ejemplo n.º 10
0
     }
     if (isset($_POST['enable_auto_login']) == false && $gPreferences['enable_auto_login'] == 1) {
         // if auto login was deactivated than delete all saved logins
         $sql = 'DELETE FROM ' . TBL_AUTO_LOGIN;
         $gDb->query($sql);
         $gPreferences[$key] = $value;
     }
     break;
 case 'organization':
     $checkboxes = array('system_organization_select');
     if (strlen($_POST['org_longname']) == 0) {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_NAME')));
     }
     break;
 case 'regional_settings':
     if (admStrIsValidFileName($_POST['system_language']) == false || file_exists(SERVER_PATH . '/adm_program/languages/' . $_POST['system_language'] . '.xml') == false) {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_LANGUAGE')));
     }
     if (strlen($_POST['system_date']) == 0) {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_DATE_FORMAT')));
     }
     if (strlen($_POST['system_time']) == 0) {
         $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_TIME_FORMAT')));
     }
     break;
 case 'registration':
     $checkboxes = array('enable_registration_captcha', 'enable_registration_admin_mail');
     break;
 case 'email_dispatch':
     $checkboxes = array('mail_sender_into_to', 'mail_smtp_auth');
     break;
Ejemplo n.º 11
0
            $e->showText();
        }
        if ($folder->delete()) {
            // Loeschen erfolgreich -> Rueckgabe fuer XMLHttpRequest
            echo 'done';
        }
    }
    unset($_SESSION['download_request']);
} elseif ($getMode == 6) {
    if ($getFolderId == 0) {
        //FolderId ist zum hinzufuegen erforderlich
        $gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
    }
    try {
        // check filename and throw exception if something is wrong
        if (admStrIsValidFileName(urldecode($getName), true)) {
            $getName = urldecode($getName);
            // get recordset of current folder from databse
            $targetFolder = new TableFolder($gDb);
            $targetFolder->getFolderForDownload($getFolderId);
        }
    } catch (AdmException $e) {
        $e->showHtml();
    }
    //Pruefen ob das neue Element eine Datei order ein Ordner ist.
    if (is_file($targetFolder->getCompletePathOfFolder() . '/' . $getName)) {
        //Datei hinzufuegen
        $newFile = new TableFile($gDb);
        $newFile->setValue('fil_fol_id', $targetFolder->getValue('fol_id'));
        $newFile->setValue('fil_name', $getName);
        $newFile->setValue('fil_locked', $targetFolder->getValue('fol_locked'));
Ejemplo n.º 12
0
                 $gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');
                 $gMessage->show($gL10n->get('DOW_FILE_RENAME', $oldName));
             } else {
                 $gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');
                 $gMessage->show($gL10n->get('DOW_FILE_RENAME_ERROR', $oldName));
             }
         }
     }
 } elseif ($getFolderId > 0) {
     // get recordset of current folder from database and throw exception if necessary
     $folder = new TableFolder($gDb);
     $folder->getFolderForDownload($getFolderId);
     $oldFolder = $folder->getCompletePathOfFolder();
     $newFolder = null;
     // check foldername and throw exception if something is wrong
     if (admStrIsValidFileName($_POST['new_name'])) {
         $newFolder = $_POST['new_name'];
         $newDescription = $_POST['new_description'];
         // Test ob der Ordner schon existiert im Filesystem
         if ($newFolder != $folder->getValue('fol_name') && file_exists(SERVER_PATH . $folder->getValue('fol_path') . '/' . $newFolder)) {
             $gMessage->show($gL10n->get('DOW_FOLDER_EXISTS', $newFolder));
         } else {
             $oldName = $folder->getValue('fol_name');
             // Ordner umbenennen im Filesystem und in der Datenbank
             if (rename($oldFolder, SERVER_PATH . $folder->getValue('fol_path') . '/' . $newFolder)) {
                 $folder->setValue('fol_description', $newDescription);
                 $folder->rename($newFolder, $folder->getValue('fol_path'));
                 $gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');
                 $gMessage->show($gL10n->get('DOW_FOLDER_RENAME', $oldName));
             } else {
                 $gMessage->setForwardUrl($g_root_path . '/adm_program/system/back.php');