function _getColumnDisplayValueAndAttributes($fieldname, &$record)
{
global $schema, $tableName;
$fieldValue = @$record[$fieldname];
$fieldSchema = @$schema[$fieldname];
if ($fieldSchema) {
$fieldSchema['name'] = $fieldname;
}
// default display value and attribute
if (!is_array($fieldValue)) {
$fieldValue = htmlencode($fieldValue);
}
$displayValue = $fieldValue;
$tdAttributes = "style='text-align:left'";
// date fields
$isSpecialDatefield = in_array($fieldname, array('createdDate', 'updatedDate'));
if (@$fieldSchema['type'] == 'date' || $isSpecialDatefield) {
$showSeconds = @$fieldSchema['showSeconds'];
$showTime = @$fieldSchema['showTime'];
$use24Hour = @$fieldSchema['use24HourFormat'];
// settings for createdDate and updatedDate
if ($isSpecialDatefield) {
$showSeconds = true;
$showTime = true;
$use24Hour = true;
}
$secondsFormat = '';
if ($showSeconds) {
$secondsFormat = ':s';
}
$timeFormat = '';
if ($showTime) {
if ($use24Hour) {
$timeFormat = " - H:i{$secondsFormat}";
} else {
$timeFormat = " - h:i{$secondsFormat} A";
}
}
$dateFormat = '';
$dayMonthOrder = @$GLOBALS['SETTINGS']['dateFormat'];
if ($dayMonthOrder == 'dmy') {
$dateFormat = "jS M, Y" . $timeFormat;
} elseif ($dayMonthOrder == 'mdy') {
$dateFormat = "M jS, Y" . $timeFormat;
} else {
$dateFormat = "Y-m-d" . $timeFormat;
}
$displayValue = date($dateFormat, strtotime($fieldValue));
if (!$fieldValue || $fieldValue == '0000-00-00 00:00:00') {
$displayValue = '';
}
}
// dragSortOrder fields
if ($fieldname == 'dragSortOrder') {
if (!userHasFieldAccess($schema[$fieldname])) {
return;
}
// skip fields that the user has no access to
$tdAttributes = "class='dragger'";
$displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />";
$displayValue .= "<img src='lib/images/drag.gif' height='6' width='19' class='dragger' title='" . t('Click and drag to change order.') . "' alt='' /><br/>";
}
// Category Section: name fields - pad category names to their depth
$isCategorySection = @$schema['menuType'] == 'category' && $fieldname == 'name';
if ($isCategorySection) {
$depth = @$record["depth"];
$parentNum = @$record["parentNum"];
//$displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />";
//$displayValue .= "<input type='hidden' value='$fieldValue' class='_categoryName' />";
//$displayValue .= "<input type='hidden' value='$depth' class='_categoryDepth' />";
$displayValue = "<input type='hidden' value='{$parentNum}' class='_categoryParent' />";
//$displayValue .= "<img style='float:left' src='lib/images/drag.gif' height='6' width='19' class='dragHandle' title='" .
// t('Click and drag to change order.').
// "' alt='' />";
if (@$record['depth']) {
$padding = str_repeat(" ", @$record['depth']);
$displayValue .= $padding . ' - ';
}
$displayValue .= $fieldValue;
}
// display first thumbnail for upload fields
if (@$fieldSchema['type'] == 'upload') {
$displayValue = '';
$upload = @$record[$fieldname][0];
if ($upload) {
ob_start();
showUploadPreview($upload, 50);
$displayValue = ob_get_clean();
}
}
// display labels for list fields
#if (@$fieldSchema['type'] == 'list' && $suffix == 'label') { // require ":label" field suffix in future to show labels, just do it automatic for now though.
if (@$fieldSchema['type'] == 'list') {
$displayValue = _getListOptionLabelByValue($fieldSchema, $record);
}
// display labels for checkboxes
if (@$fieldSchema['type'] == 'checkbox') {
if (@$fieldSchema['checkedValue'] || @$fieldSchema['uncheckedValue']) {
$displayValue = $fieldValue ? @$fieldSchema['checkedValue'] : @$fieldSchema['uncheckedValue'];
}
}
// v2.50 - display formatted textbox content
if (@$fieldSchema['type'] == 'textbox') {
if ($fieldSchema['autoFormat']) {
$displayValue = @$record[$fieldname];
// overwrite previous htmlencoded value
$displayValue = preg_replace("/<br\\s*\\/?>\r?\n/", "\n", $displayValue);
// remove autoformat break tags
$displayValue = htmlencode($displayValue);
// html encode content
}
$displayValue = nl2br($displayValue);
// re-add break tags after nextlines
}
// return display value
return array($displayValue, $tdAttributes);
}
function showViewFormRows($record)
{
global $schema, $escapedTableName, $CURRENT_USER, $tableName, $menu, $isMyAccountMenu;
$record =& $GLOBALS['RECORD'];
$fields = getFieldObjects_fromSchema($schema);
// load schema columns
$html = '';
foreach ($fields as $field) {
// special cases: skip fields if:
if (!userHasFieldAccess(get_object_vars($field))) {
continue;
}
// skip fields that the user has no access to
if ($tableName == 'accounts' && $field->name == 'isAdmin' && !$CURRENT_USER['isAdmin']) {
continue;
}
// only admin users can see/change "isAdmin" field
if ($isMyAccountMenu && @(!$field->myAccountField)) {
continue;
}
// only show fields set as 'myAccountField' on My Accounts page
// display field
$fieldValue = $field->getDisplayValue($record);
$html .= $field->getTableRow($record, $fieldValue, 'view');
}
print $html;
}
function _getInputValidationErrors($mySqlColsAndTypes, $newRecordValues)
{
global $schema, $tableName, $escapedTableName, $CURRENT_USER, $isMyAccountMenu;
$errors = '';
$recordNum = @$_REQUEST['num'];
// load schema columns
foreach ($schema as $fieldname => $fieldSchema) {
if (!is_array($fieldSchema)) {
continue;
}
// fields are stored as arrays, other entries are table metadata
if (!userHasFieldAccess($fieldSchema)) {
continue;
}
// skip fields that the user has no access to
if ($tableName == 'accounts' && $fieldname == 'isAdmin' && !$CURRENT_USER['isAdmin']) {
continue;
}
// skip admin only fields
if ($isMyAccountMenu && @(!$fieldSchema['myAccountField'])) {
continue;
}
// skip validation on fields that aren't displayed
$isMyAccountPasswordField = $isMyAccountMenu && $fieldname == 'password';
$value = @$newRecordValues[$fieldname];
$labelOrName = @$fieldSchema['label'] != '' ? $fieldSchema['label'] : $fieldname;
// date fields - check if required suffixes are missing
$missingDateSubfields = 0;
$partialDateEntered = false;
if (@$fieldSchema['type'] == 'date') {
$requiredDateSuffixes = array('mon', 'day', 'year');
if ($fieldSchema['showTime']) {
if ($fieldSchema['use24HourFormat']) {
array_push($requiredDateSuffixes, 'hour24', 'min');
} else {
array_push($requiredDateSuffixes, 'hour12', 'min', 'isPM');
}
if ($fieldSchema['showSeconds']) {
array_push($requiredDateSuffixes, 'sec');
}
}
$subFieldCount = 0;
foreach ($requiredDateSuffixes as $suffix) {
if (@$_REQUEST["{$fieldname}:{$suffix}"] == '') {
$missingDateSubfields++;
}
}
$partialDateEntered = $missingDateSubfields && count($requiredDateSuffixes) > $missingDateSubfields;
// if some but not all date subfields entered then require all of them
}
// check required fields
$checkRequired = @$fieldSchema['isRequired'] && !$isMyAccountPasswordField || $partialDateEntered;
if ($checkRequired) {
if ($fieldSchema['type'] == 'upload') {
if (!getUploadCount($tableName, $fieldname, @$_REQUEST['num'], @$_REQUEST['preSaveTempId'])) {
$errors .= sprintf(t("'%s' is required! You must upload a file!"), $labelOrName) . "\n";
}
} elseif ($fieldSchema['type'] == 'date') {
if ($partialDateEntered) {
$errors .= sprintf(t("Please fill out all '%s' fields!"), $labelOrName) . "\n";
} elseif ($missingDateSubfields) {
$errors .= sprintf(t("'%s' is required!"), $labelOrName) . "\n";
}
} elseif ($value == '') {
$errors .= sprintf(t("'%s' is required!"), $labelOrName) . "\n";
}
}
// check for unique fields
if (@$fieldSchema['isUnique'] && $value != '') {
// unique allows blank fields (use required to require value)
$errors .= __getUniqueFieldErrors($labelOrName, $fieldname, $value, $recordNum);
}
// get length of content
if (@$fieldSchema['type'] == 'wysiwyg') {
$textOnlyValue = strip_tags($value);
$textOnlyValue = preg_replace('/\\s+/', ' ', $textOnlyValue);
$textLength = mb_strlen($textOnlyValue);
} elseif (@$fieldSchema['type'] == 'textbox' && @$fieldSchema['autoFormat']) {
$textOnlyValue = str_replace("<br/>\n", "\n", $value);
$textLength = mb_strlen($textOnlyValue);
} else {
$textLength = mb_strlen($value);
}
// check min/max length of content
if ($value != '' && @$fieldSchema['minLength'] && $textLength < $fieldSchema['minLength']) {
$errors .= sprintf(t('\'%1$s\' must be at least %2$s characters! (currently %3$s characters)'), $labelOrName, $fieldSchema['minLength'], $textLength) . "\n";
}
if ($value != '' && @$fieldSchema['maxLength'] && $textLength > $fieldSchema['maxLength']) {
$errors .= sprintf(t('\'%1$s\' cannot be longer than %2$s characters! (currently %3$s characters)'), $labelOrName, $fieldSchema['maxLength'], $textLength) . "\n";
}
// check allowed/disallowed characters (skip if $fieldSchema['charset'] is blank to avoid: "Warning: preg_match(): Compilation failed: missing terminating ]")
if (strlen(@$fieldSchema['charset']) > 0) {
$allowRegexp = '/[^' . preg_quote(@$fieldSchema['charset'], '/') . ']/';
$disallowRegexp = '/[' . preg_quote(@$fieldSchema['charset'], '/') . ']/';
if (@$fieldSchema['charsetRule'] == 'allow' && preg_match($allowRegexp, $value)) {
$errors .= sprintf(t('\'%1$s\' only allows the following characters (%2$s)'), $labelOrName, $fieldSchema['charset']) . "\n";
}
if (@$fieldSchema['charsetRule'] == 'disallow' && preg_match($disallowRegexp, $value)) {
$errors .= sprintf(t('\'%1$s\' doesn\'t allow the following characters (%2$s)'), $labelOrName, $fieldSchema['charset']) . "\n";
}
}
// custom field error checking
if (@$schema['menuType'] == 'category' && $fieldname == 'parentNum') {
// load parent category
$escapedNum = mysql_escape($value);
$query = "SELECT num, name, lineage FROM `{$escapedTableName}` WHERE num = '{$escapedNum}' LIMIT 1";
$result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
$parentCategory = mysql_fetch_assoc($result);
if (is_resource($result)) {
mysql_free_result($result);
}
// error checking
if (preg_match("/:{$recordNum}:/", $parentCategory['lineage'])) {
$errors .= sprintf(t('\'%s\' can\'t select the current category or any categories under the current category!'), $labelOrName) . "\n";
}
}
// my account - password changing
$newPasswordEntered = @$_REQUEST['password:old'] || @$_REQUEST['password'] || @$_REQUEST['password:again'];
if ($isMyAccountPasswordField && $newPasswordEntered && !$errors) {
$_REQUEST['password:old'] = preg_replace("/^\\s+|\\s+\$/s", '', @$_REQUEST['password:old']);
// v2.52 remove leading and trailing whitespace
$oldPasswordHash = getPasswordDigest(@$_REQUEST['password:old']);
if (!@$_REQUEST['password:old']) {
$errors .= t("Please specify your current password!") . "\n";
} else {
if ($oldPasswordHash != getPasswordDigest($CURRENT_USER['password'])) {
$errors .= t("Current password is not correct!") . "\n";
}
}
// v2.51 works when comparing hashed and unhashed passwords the same
$errors .= getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $CURRENT_USER['username']);
// v2.52
}
// accounts - password changing (usually done by admin) v2.52
if (!$isMyAccountMenu && $tableName == 'accounts' && $fieldname == 'password' && !$errors) {
$errors .= getNewPasswordErrors(@$_REQUEST['password'], null, @$newRecordValues['username']);
// v2.52
}
// user accounts - don't allow disabling of own account
if ($tableName == 'accounts' && $fieldname == 'disabled') {
if ($recordNum == $CURRENT_USER['num'] && !empty($_REQUEST['disabled'])) {
$errors .= t("You cannot disable your own account!") . "\n";
}
}
}
//
return $errors;
}
function _getRecordValuesFromFormInput($fieldPrefix = '')
{
global $schema, $CURRENT_USER, $tableName, $isMyAccountMenu;
$recordValues = array();
$specialFields = array('num', 'createdDate', 'createdByUserNum', 'updatedDate', 'updatedByUserNum');
// load schema columns
foreach (getSchemaFields($schema) as $fieldname => $fieldSchema) {
if (!userHasFieldAccess($fieldSchema)) {
continue;
}
// skip fields that the user has no access to
if ($tableName == 'accounts' && $fieldname == 'isAdmin' && !$CURRENT_USER['isAdmin']) {
continue;
}
// skip admin only fields
// special cases: don't let user set values for:
if (in_array($fieldname, $specialFields)) {
continue;
}
if ($isMyAccountMenu) {
if (@(!$fieldSchema['myAccountField'])) {
continue;
}
// my account - skip fields not displayed or allowed to be edited in "my account"
if ($fieldname == 'password' && !@$_REQUEST[$fieldPrefix . 'password']) {
continue;
}
// my account - skip password field if no value submitted
}
//
switch (@$fieldSchema['type']) {
case 'textfield':
case 'wysiwyg':
case 'checkbox':
case 'parentCategory':
$recordValues[$fieldname] = $_REQUEST[$fieldPrefix . $fieldname];
break;
case 'textbox':
$fieldValue = $_REQUEST[$fieldPrefix . $fieldname];
if ($fieldSchema['autoFormat']) {
$fieldValue = preg_replace("/\r\n|\n/", "<br/>\n", $fieldValue);
// add break tags
}
$recordValues[$fieldname] = $fieldValue;
break;
case 'date':
$recordValues[$fieldname] = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $_REQUEST["{$fieldPrefix}{$fieldname}:year"], $_REQUEST["{$fieldPrefix}{$fieldname}:mon"], $_REQUEST["{$fieldPrefix}{$fieldname}:day"], _getHour24ValueFromDateInput($fieldPrefix . $fieldname), (int) @$_REQUEST["{$fieldPrefix}{$fieldname}:min"], (int) @$_REQUEST["{$fieldPrefix}{$fieldname}:sec"]);
break;
case 'list':
if (is_array(@$_REQUEST[$fieldPrefix . $fieldname]) && @$_REQUEST[$fieldPrefix . $fieldname]) {
// store multi-value fields as tab delimited with leading/trailing tabs
// for easy matching of single values - LIKE "%\tvalue\t%"
$recordValues[$fieldname] = "\t" . join("\t", $_REQUEST[$fieldPrefix . $fieldname]) . "\t";
} else {
$recordValues[$fieldname] = @$_REQUEST[$fieldPrefix . $fieldname];
}
break;
case 'upload':
// images need to be loaded with seperate function call.
break;
case 'dateCalendar':
_updateDateCalendar($fieldname);
break;
// ignored fields
// ignored fields
case '':
// ignore these fields when saving user input
// ignore these fields when saving user input
case 'none':
// ...
// ...
case 'separator':
// ...
// ...
case 'relatedRecords':
// ...
// ...
case 'accessList':
// ...
break;
default:
die(__FUNCTION__ . ": field '{$fieldname}' has unknown field type '" . @$fieldSchema['type'] . "'");
break;
}
}
return $recordValues;
}
function showFields($record)
{
global $schema, $escapedTableName, $CURRENT_USER, $tableName, $menu, $isMyAccountMenu;
$record =& $GLOBALS['RECORD'];
// copy global schema state, so that if changed (i.e. by _showrelatedRecords), we can restore it
$active_menu = $menu;
$active_tableName = $tableName;
$active_schema = $schema;
// load schema columns
_showCreatedUpdated($schema, $record);
foreach ($active_schema as $name => $fieldHash) {
if (!is_array($fieldHash)) {
continue;
}
// fields are stored as arrays, other entries are table metadata
$fieldSchema = array('name' => $name) + $fieldHash;
$fieldSchema = applyFilters('edit_fieldSchema', $fieldSchema, $tableName);
// special cases: skip fields if:
if (!userHasFieldAccess($fieldHash)) {
continue;
}
// skip fields that the user has no access to
if ($tableName == 'accounts' && $name == 'isAdmin' && !$CURRENT_USER['isAdmin']) {
continue;
}
// only admin users can set/change "isAdmin" field
if ($isMyAccountMenu && @(!$fieldSchema['myAccountField'])) {
continue;
}
// only show fields set as 'myAccountField' on My Accounts page
// allow hooks to override (return false to override)
if (!applyFilters('edit_show_field', true, $fieldSchema, $record)) {
continue;
}
//
switch (@$fieldHash['type']) {
case '':
case 'none':
break;
case 'textfield':
_showTextfield($fieldSchema, $record);
break;
case 'textbox':
_showTextbox($fieldSchema, $record);
break;
case 'wysiwyg':
_showWysiwyg($fieldSchema, $record);
break;
case 'date':
_showDateTime($fieldSchema, $record);
break;
case 'list':
_showList($fieldSchema, $record);
break;
case 'checkbox':
_showCheckbox($fieldSchema, $record);
break;
case 'upload':
_showUpload($fieldSchema, $record);
break;
case 'separator':
_showSeparator($fieldSchema, $record);
break;
// advanced fields
// advanced fields
case 'relatedRecords':
_showrelatedRecords($fieldSchema, $record);
break;
case 'parentCategory':
_showParentCategory($fieldSchema, $record, $schema);
break;
// custom fields
// custom fields
case 'accessList':
_showAccessList($fieldSchema, $record);
break;
case 'dateCalendar':
_showDateCalendar($fieldSchema, $record);
break;
default:
echo "<tr><td colspan='2' align='center'><b>field '{$name}' has unknown field type '" . @$fieldHash['type'] . "'</b></td></tr>";
break;
}
// restore global schema state in case any of the above functions (i.e. _showrelatedRecords) modified it
$menu = $active_menu;
$tableName = $active_tableName;
$schema = $active_schema;
}
}
