Ejemplo n.º 1
0
	function Show($WEB_FORM_VARNAME, $arrVALUES=false, $SHOW_TEMPLATE=false, $PREVIEW="N")
	{
		global $DB, $MESS, $APPLICATION, $USER, $_REQUEST, $HTTP_POST_VARS, $HTTP_GET_VARS, $arrFIELDS;
		$err_mess = (CAllForm::err_mess())."<br>Function: Show<br>Line: ";
		if ($arrVALUES===false) $arrVALUES = $_REQUEST;

		$z = CForm::GetBySID($WEB_FORM_VARNAME);
		$zr = $z->Fetch();
		$WEB_FORM_ID = $FORM_ID = intval($zr["ID"]);
		$WEB_FORM_ID = CForm::GetDataByID($WEB_FORM_ID, $arForm, $arQuestions, $arAnswers, $arDropDown, $arMultiSelect);
		if (intval($WEB_FORM_ID)>0)
		{
			$F_RIGHT = CForm::GetPermission($WEB_FORM_ID);
			if (intval($F_RIGHT)>=10)
			{
				if (strlen(trim($SHOW_TEMPLATE))>0) $template = $SHOW_TEMPLATE;
				else
				{
					if (strlen(trim($arForm["SHOW_TEMPLATE"]))<=0) $template = "default.php";
					else $template = $arForm["SHOW_TEMPLATE"];
				}
				$path = COption::GetOptionString("form","SHOW_TEMPLATE_PATH");
				IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"]."/freetrix/modules/form/include.php");
				include(GetLangFileName($_SERVER["DOCUMENT_ROOT"].$path."lang/", "/".$template));
				if ($APPLICATION->GetShowIncludeAreas())
				{
					$arIcons = Array();
					if (CModule::IncludeModule("fileman"))
					{
						$arIcons[] =
								Array(
									"URL" => "/freetrix/admin/fileman_file_edit.php?lang=".LANGUAGE_ID."&site=".SITE_ID."&full_src=Y&path=". urlencode($path.$template),
									"SRC" => "/freetrix/images/form/panel/edit_template.gif",
									"ALT" => GetMessage("FORM_PUBLIC_ICON_TEMPLATE")
								);
						$arrUrl = parse_url($_SERVER["REQUEST_URI"]);
						$arIcons[] =
								Array(
									"URL" => "/freetrix/admin/fileman_file_edit.php?lang=".LANGUAGE_ID."&site=".SITE_ID."&full_src=Y&path=". urlencode($arrUrl["path"]),
									"SRC" => "/freetrix/images/form/panel/edit_file.gif",
									"ALT" => GetMessage("FORM_PUBLIC_ICON_HANDLER")
								);
					}
					$arIcons[] =
							Array(
								"URL" => "/freetrix/admin/form_edit.php?lang=".LANGUAGE_ID."&ID=".$WEB_FORM_ID,
								"SRC" => "/freetrix/images/form/panel/edit_form.gif",
								"ALT" => GetMessage("FORM_PUBLIC_ICON_SETTINGS")
							);
					echo $APPLICATION->IncludeStringBefore($arIcons);
				}
				include($_SERVER["DOCUMENT_ROOT"].$path.$template);
				if ($APPLICATION->GetShowIncludeAreas())
				{
					echo $APPLICATION->IncludeStringAfter();
				}
			}
		}
	}
Ejemplo n.º 2
0
 /**
  * @inheritdoc executeProlog
  */
 protected function executeProlog()
 {
     if (!$this->needCache()) {
         $this->arParams['CACHE_TYPE'] = 'N';
     }
     if (!empty($this->arParams['WEB_FORM_CODE'])) {
         $this->formId = $this->getFormId($this->arParams['WEB_FORM_CODE']);
     }
     if (!$this->formId) {
         throw new \Exception(sprintf('Web form doesn\'t exists with code %s', $this->arParams['WEB_FORM_CODE']));
     }
     $this->permissions = \CForm::GetPermission($this->formId);
     $this->handlePost();
     $this->isSuccess = $this->isSuccess();
     $this->addCacheAdditionalId(json_encode($this->arParams));
     $this->addCacheAdditionalId($this->permissions);
 }
 /**
  * Form initializing and checking. If form's wrong, returns false
  * Use ShowErrorMsg() to output error code
  *
  * @param array $arParams
  * @return bool
  */
 function Init($arParams, $admin = false)
 {
     global $APPLICATION, $USER;
     $this->bSimple = COption::GetOptionString("form", "SIMPLE", "Y") == "Y" ? true : false;
     $this->comp2 = !empty($arParams["COMPONENT"]);
     $this->SHOW_INCLUDE_AREAS = $APPLICATION->GetShowIncludeAreas();
     if ($admin) {
         $FORM_RIGHT = $APPLICATION->GetGroupRight("form");
         if ($FORM_RIGHT <= "D") {
             $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
         }
         $this->__admin = true;
     }
     $this->arParams = $arParams;
     $this->RESULT_ID = intval($arParams["RESULT_ID"]);
     if (intval($this->RESULT_ID) <= 0) {
         $this->RESULT_ID = intval($_REQUEST["RESULT_ID"]);
     }
     // if there's result ID try to get form ID
     if (intval($this->RESULT_ID) > 0) {
         $DBRes = CFormResult::GetByID($this->RESULT_ID);
         if ($arrResult = $DBRes->Fetch()) {
             $this->WEB_FORM_ID = intval($arrResult["FORM_ID"]);
         }
     }
     if (intval($this->WEB_FORM_ID) <= 0) {
         $this->WEB_FORM_ID = intval($arParams["WEB_FORM_ID"]);
     }
     // if there's no WEB_FORM_ID, try to get it from $_REQUEST;
     if (intval($this->WEB_FORM_ID) <= 0) {
         $this->WEB_FORM_ID = intval($_REQUEST["WEB_FORM_ID"]);
     }
     // check WEB_FORM_ID and get web form data
     $this->WEB_FORM_ID = CForm::GetDataByID($this->WEB_FORM_ID, $this->arForm, $this->arQuestions, $this->arAnswers, $this->arDropDown, $this->arMultiSelect, $this->__admin || $this->arParams["SHOW_ADDITIONAL"] == "Y" || $this->arParams["EDIT_ADDITIONAL"] == "Y" ? "ALL" : "N", $this->__admin ? 'Y' : 'N');
     $this->WEB_FORM_NAME = $this->arForm["SID"];
     // if wrong WEB_FORM_ID return error;
     if ($this->WEB_FORM_ID > 0) {
         //  insert chain item
         if (strlen($this->arParams["CHAIN_ITEM_TEXT"]) > 0) {
             $APPLICATION->AddChainItem($this->arParams["CHAIN_ITEM_TEXT"], $this->arParams["CHAIN_ITEM_LINK"]);
         }
         // check web form rights;
         $this->F_RIGHT = intval(CForm::GetPermission($this->WEB_FORM_ID));
         // in no form access - return error
         if ($this->isAccessForm()) {
             if (!empty($_REQUEST["strFormNote"])) {
                 $this->strFormNote = $_REQUEST["strFormNote"];
             }
             if (!$this->comp2 || $this->arParams["COMPONENT"]["componentName"] != "bitrix:form.result.list" || $this->isAccessFormResultList()) {
                 if ($this->RESULT_ID) {
                     if ($this->isAccessFormResult($arrResult)) {
                         $this->arrRESULT_PERMISSION = CFormResult::GetPermissions($this->RESULT_ID, $v);
                         // check result rights
                         if (!$this->comp2 && !$this->isAccessFormResultEdit() || $this->comp2 && ($this->arParams["COMPONENT"]["componentName"] == "bitrix:form.result.edit" && !$this->isAccessFormResultEdit() || $this->arParams["COMPONENT"]["componentName"] == "bitrix:form.result.view" && !$this->isAccessFormResultView())) {
                             $this->__error_msg = "FORM_RESULT_ACCESS_DENIED";
                         } else {
                             if (!$arrResult) {
                                 $z = CFormResult::GetByID($this->RESULT_ID);
                                 $this->arResult = $z->Fetch();
                             } else {
                                 $this->arResult = $arrResult;
                             }
                             if ($this->arResult) {
                                 if ($this->comp2 && $this->arParams["COMPONENT"]["componentName"] == "bitrix:form.result.view") {
                                     CForm::GetResultAnswerArray($this->WEB_FORM_ID, $this->arrResultColumns, $this->arrVALUES, $this->arrResultAnswersSID, array("RESULT_ID" => $this->RESULT_ID));
                                     $this->arrVALUES = $this->arrVALUES[$this->RESULT_ID];
                                 } else {
                                     $this->arrVALUES = CFormResult::GetDataByIDForHTML($this->RESULT_ID, $this->arParams["EDIT_ADDITIONAL"]);
                                 }
                             } else {
                                 $this->__error_msg = "FORM_RECORD_NOT_FOUND";
                             }
                         }
                     } else {
                         $this->__error_msg = "FORM_ACCESS_DENIED";
                     }
                     $this->arForm["USE_CAPTCHA"] = "N";
                 } else {
                     // if form uses CAPCHA initialize it
                     if ($this->arForm["USE_CAPTCHA"] == "Y") {
                         $this->CaptchaInitialize();
                     }
                 }
             } else {
                 $this->__error_msg = "FORM_ACCESS_DENIED";
             }
         } else {
             $this->__error_msg = "FORM_ACCESS_DENIED";
         }
         // endif ($F_RIGHT>=10);
     } else {
         $this->__error_msg = "FORM_NOT_FOUND";
     }
     // endif ($WEB_FORM_ID>0);
     return empty($this->__error_msg);
 }
Ejemplo n.º 4
0
***************************************************************************/
$WEB_FORM_ID = intval($_REQUEST['WEB_FORM_ID']);
$ID = intval($_REQUEST['ID']);
$copy_id = intval($_REQUEST['copy_id']);
$arForm = CForm::GetByID_admin($WEB_FORM_ID);
if (false === $arForm) {
    require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_after.php";
    echo "<a href='form_list.php?lang=" . LANGUAGE_ID . "' >" . GetMessage("FORM_FORM_LIST") . "</a>";
    echo ShowError(GetMessage("FORM_NOT_FOUND"));
    require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/epilog_admin.php";
    die;
}
$txt = "(" . htmlspecialcharsbx($arForm['SID']) . ")&nbsp;" . htmlspecialcharsbx($arForm['NAME']);
$link = "form_edit.php?lang=" . LANGUAGE_ID . "&ID=" . $WEB_FORM_ID;
$adminChain->AddItem(array("TEXT" => $txt, "LINK" => $link));
$F_RIGHT = CForm::GetPermission($WEB_FORM_ID);
if ($F_RIGHT < 25) {
    $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
}
if ($copy_id > 0 && $F_RIGHT >= 30 && check_bitrix_sessid()) {
    $new_id = CFormField::Copy($copy_id);
    if (strlen($strError) <= 0 && intval($new_id) > 0) {
        LocalRedirect("form_field_edit.php?ID=" . $new_id . "&additional=" . $additional . "&WEB_FORM_ID=" . $WEB_FORM_ID . "&lang=" . LANGUAGE_ID . "&strError=" . urlencode($strError));
    }
}
if ((strlen($_REQUEST['save']) > 0 || strlen($_REQUEST['apply']) > 0) && $_SERVER['REQUEST_METHOD'] == "POST" && $F_RIGHT >= 30 && check_bitrix_sessid()) {
    $arIMAGE = $_FILES["IMAGE_ID"];
    $arIMAGE["MODULE_ID"] = "form";
    $arIMAGE["del"] = $_REQUEST['IMAGE_ID_del'];
    $ACTIVE = $_REQUEST['ACTIVE'];
    $TITLE = $_REQUEST['TITLE'];
Ejemplo n.º 5
0
                $DB->StartTransaction();
                if (!CForm::Delete($ID)) {
                    $DB->Rollback();
                    $lAdmin->AddGroupError(GetMessage("DELETE_ERROR"), $ID);
                }
                $DB->Commit();
                break;
        }
    }
}
//////////////////////////////////////////////////////////////////////
// list initialization - get data
$rsData = CForm::GetList($by, $order, $arFilter, $is_filtered);
$arData = array();
while ($arForm = $rsData->Fetch()) {
    $F_RIGHT = CForm::GetPermission($arForm["ID"]);
    if ($F_RIGHT >= 20) {
        $arForm["F_RIGHT"] = $F_RIGHT;
        $arData[] = $arForm;
    }
}
$rsData->InitFromArray($arData);
$rsData = new CAdminResult($rsData, $sTableID);
$rsData->NavStart();
// set navigation bar
$lAdmin->NavText($rsData->GetNavPrint(GetMessage("FORM_PAGES")));
$headers = array(array("id" => "ID", "content" => "ID", "sort" => "s_id", "default" => true), array("id" => "SITE", "content" => GetMessage("FORM_SITE"), "default" => true), array("id" => "C_SORT", "content" => GetMessage("FORM_C_SORT"), "sort" => "s_c_sort", "default" => true));
if (!$bSimple) {
    $headers[] = array("id" => "SID", "content" => GetMessage("FORM_SID"), "sort" => "s_sid", "default" => true);
}
$headers[] = array("id" => "NAME", "content" => GetMessage("FORM_NAME"), "sort" => "s_name", "default" => true);
Ejemplo n.º 6
0
 function Reset($ID, $CHECK_RIGHTS = "Y")
 {
     global $DB, $strError;
     $err_mess = CAllForm::err_mess() . "<br>Function: Reset<br>Line: ";
     $ID = intval($ID);
     $F_RIGHT = $CHECK_RIGHTS != "Y" ? 30 : CForm::GetPermission($ID);
     if ($F_RIGHT >= 30) {
         // обнул¤ем пол¤ формы
         $rsFields = CFormField::GetList($ID, "ALL", $by, $order, array(), $is_filtered);
         while ($arField = $rsFields->Fetch()) {
             CFormField::Reset($arField["ID"], "N");
         }
         // удал¤ем результаты данной формы
         $DB->Query("DELETE FROM b_form_result WHERE FORM_ID='{$ID}'", false, $err_mess . __LINE__);
         return true;
     } else {
         $strError .= GetMessage("FORM_ERROR_ACCESS_DENIED") . "<br>";
     }
     return false;
 }
Ejemplo n.º 7
0
 function Show($RESULT_ID, $TEMPLATE = "", $TEMPLATE_TYPE = "show", $SHOW_ADDITIONAL = "N", $SHOW_ANSWER_VALUE = "Y", $SHOW_STATUS = "N")
 {
     global $DB, $MESS, $APPLICATION, $USER, $HTTP_POST_VARS, $HTTP_GET_VARS, $arrRESULT_PERMISSION, $arrFIELDS;
     $err_mess = CAllFormResult::err_mess() . "<br>Function: Show<br>Line: ";
     $z = CFormResult::GetByID($RESULT_ID);
     if ($zr = $z->Fetch()) {
         $arrResult = $zr;
         InitBVar($SHOW_ADDITIONAL);
         $additional = $SHOW_ADDITIONAL == "Y" ? "ALL" : "N";
         $WEB_FORM_ID = $FORM_ID = CForm::GetDataByID($arrResult["FORM_ID"], $arForm, $arQuestions, $arAnswers, $arDropDown, $arMultiSelect, $additional);
         CForm::GetResultAnswerArray($WEB_FORM_ID, $arrResultColumns, $arrResultAnswers, $arrResultAnswersVarname, array("RESULT_ID" => $RESULT_ID));
         $arrResultAnswers = $arrResultAnswers[$RESULT_ID];
         // проверим общие права на результат
         $F_RIGHT = CForm::GetPermission($WEB_FORM_ID);
         if (intval($F_RIGHT) >= 20 || $F_RIGHT >= 15 && $zr["USER_ID"] == $USER->GetID()) {
             // проверим права в зависимости от статуса результата
             $arrRESULT_PERMISSION = CFormResult::GetPermissions($RESULT_ID, $v);
             if (in_array("VIEW", $arrRESULT_PERMISSION)) {
                 if (strlen(trim($TEMPLATE)) > 0) {
                     $template = $TEMPLATE;
                 } else {
                     if ($TEMPLATE_TYPE == "show") {
                         if (strlen($arrResult["SHOW_RESULT_TEMPLATE"]) <= 0) {
                             $template = "default.php";
                         } else {
                             $template = $arrResult["SHOW_RESULT_TEMPLATE"];
                         }
                     } elseif ($TEMPLATE_TYPE == "print") {
                         if (strlen($arrResult["PRINT_RESULT_TEMPLATE"]) <= 0) {
                             $template = "default.php";
                         } else {
                             $template = $arrResult["PRINT_RESULT_TEMPLATE"];
                         }
                     }
                 }
                 require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/form/include.php";
                 if ($TEMPLATE_TYPE == "show") {
                     $path = COption::GetOptionString("form", "SHOW_RESULT_TEMPLATE_PATH");
                 } elseif ($TEMPLATE_TYPE == "print") {
                     $path = COption::GetOptionString("form", "PRINT_RESULT_TEMPLATE_PATH");
                 }
                 IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/form/include.php");
                 include GetLangFileName($_SERVER["DOCUMENT_ROOT"] . $path . "lang/", "/" . $template);
                 if ($APPLICATION->GetShowIncludeAreas()) {
                     $arIcons = array();
                     if (CModule::IncludeModule("fileman")) {
                         $arIcons[] = array("URL" => "/bitrix/admin/fileman_file_edit.php?lang=" . LANGUAGE_ID . "&site=" . SITE_ID . "&full_src=Y&path=" . urlencode($path . $template), "SRC" => "/bitrix/images/form/panel/edit_template.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_TEMPLATE"));
                         $arrUrl = parse_url($_SERVER["REQUEST_URI"]);
                         $arIcons[] = array("URL" => "/bitrix/admin/fileman_file_edit.php?lang=" . LANGUAGE_ID . "&site=" . SITE_ID . "&full_src=Y&path=" . urlencode($arrUrl["path"]), "SRC" => "/bitrix/images/form/panel/edit_file.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_HANDLER"));
                     }
                     $arIcons[] = array("URL" => "/bitrix/admin/form_edit.php?lang=" . LANGUAGE_ID . "&ID=" . $WEB_FORM_ID, "SRC" => "/bitrix/images/form/panel/edit_form.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_SETTINGS"));
                     echo $APPLICATION->IncludeStringBefore($arIcons);
                 }
                 include $_SERVER["DOCUMENT_ROOT"] . $path . $template;
                 if ($APPLICATION->GetShowIncludeAreas()) {
                     echo $APPLICATION->IncludeStringAfter();
                 }
             }
         }
     }
 }
Ejemplo n.º 8
0
		// check WEB_FORM_ID and get web form data
		$arParams["WEB_FORM_ID"] = CForm::GetDataByID($arParams["WEB_FORM_ID"], $arResult["arForm"], $arResult["arQuestions"], $arResult["arAnswers"], $arResult["arDropDown"], $arResult["arMultiSelect"], $arResult["bAdmin"] == 'Y' || $arParams["SHOW_ADDITIONAL"] == "Y" || $arParams["EDIT_ADDITIONAL"] == "Y" ? "ALL" : "N");

		$arResult["WEB_FORM_NAME"] = $arResult["arForm"]["SID"];

		// if wrong WEB_FORM_ID return error;
		if ($arParams["WEB_FORM_ID"] > 0)
		{
			//  insert chain item
			if (strlen($arParams["CHAIN_ITEM_TEXT"]) > 0)
			{
				$APPLICATION->AddChainItem($arParams["CHAIN_ITEM_TEXT"], $arParams["CHAIN_ITEM_LINK"]);
			}

			// check web form rights;
			$arResult["F_RIGHT"] = intval(CForm::GetPermission($arParams["WEB_FORM_ID"]));

			// in no form access - return error
			if ($arResult["F_RIGHT"] >= 15)
			{
				//if (!empty($_REQUEST["strFormNote"])) $arResult["FORM_NOTE"] = $_REQUEST["strFormNote"];
				if (!empty($_REQUEST["formresult"]))
				{
					$formResult = strtoupper($_REQUEST['formresult']);
					switch ($formResult)
					{
						case 'ADDOK':
							$arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_ADDOK'));
						break;
						default:
							$arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_EDITOK'));
Ejemplo n.º 9
0
        $arrSelect['reference_id'][] = $arr['reference_id'][$num];
        $arrSelect['reference'][] = $arr['reference'][$num];
    }
} else {
    $arrSelect = $arr;
}
reset($arGroups);
while (list(, $group) = each($arGroups)) {
    ?>
	<tr>
		<td width="40%"><?php 
    echo $group["NAME"] . ":";
    ?>
</td>
		<td width="60%"><?php 
    $perm = CForm::GetPermission($ID, array($group["ID"]), "Y");
    // for simple method: change 20 (work with other results) access mode to 15
    /*
    if ($bSimple)
    	$perm = $perm==20 ? 15 : $perm;
    */
    echo SelectBoxFromArray("PERMISSION_" . $group["ID"], $arrSelect, $perm, "", 'style="width: 80%;"');
    ?>
</td>
	</tr>
	<?php 
}
$tabControl->EndTab();
$tabControl->Buttons(array("disabled" => !($ID > 0 && $F_RIGHT >= 30 || CForm::IsAdmin()), "back_url" => strlen($back_url) > 0 ? $back_url : "form_list.php?lang=" . LANGUAGE_ID));
$tabControl->End();
?>
Ejemplo n.º 10
0
	/**
	 * <p>Копирует <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статус</a>. Возвращает ID нового <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a> в случае положительного результата, в противном случае - "false".</p>
	 *
	 *
	 *
	 *
	 * @param int $status_id  ID <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a> который
	 * необходимо скопировать.
	 *
	 *
	 *
	 * @param string $check_rights = "Y" Флаг необходимости проверки <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#permissions">прав</a> текущего
	 * пользователя. Возможны следующие значения: <ul> <li> <b>Y</b> - права
	 * необходимо проверить; </li> <li> <b>N</b> - право не нужно проверять. </li>
	 * </ul> Для копирования <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a>
	 * необходимо обладать нижеследующими <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#permissions#module">правами</a>: <ol> <li> <b>[25]
	 * просмотр параметров веб-формы</b> на ту веб-форму, из которой идет
	 * копирование; </li> <li> <b>[30] полный доступ</b> на ту веб-форму, в которую
	 * копируется. </li> </ol> Параметр необязательный. По умолчанию - "Y"
	 * (права необходимо проверить).
	 *
	 *
	 *
	 * @param mixed $form_id = false ID <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#form">веб-формы</a> в который
	 * необходимо скопировать <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статус</a>.<br> Необязательный
	 * параметр. По умолчанию - "false" (текущая <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#form">веб-форма</a>).
	 *
	 *
	 *
	 * @return mixed 
	 *
	 *
	 * <h4>Example</h4> 
	 * <pre>
	 * &lt;?
	 * $status_id = 1; // ID статуса
	 * // скопируем статус
	 * if ($NEW_STATUS_ID = <b>CFormStatus::Copy</b>($status_id))
	 * {
	 *     echo "Статус #1 успешно скопирован в новый статус #".$NEW_STATUS_ID;
	 * }
	 * else
	 * {
	 *     // выведем текст ошибки
	 *     global $strError;
	 *     echo $strError;
	 * }
	 * ?&gt;
	 * </pre>
	 *
	 *
	 *
	 * <h4>See Also</h4> 
	 * <ul> <li> <a href="http://dev.1c-bitrix.ru/api_help/form/classes/cform/copy.php">CForm::Copy</a> </li> <li> <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/classes/cformfield/copy.php">CFormField::Copy</a> </li> <li> <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/classes/cformanswer/copy.php">CFormAnswer::Copy</a> </li> </ul><a
	 * name="examples"></a>
	 *
	 *
	 * @static
	 * @link http://dev.1c-bitrix.ru/api_help/form/classes/cformstatus/copy.php
	 * @author Bitrix
	 */
	public static function Copy($ID, $CHECK_RIGHTS="Y", $NEW_FORM_ID=false)
	{
		global $DB, $APPLICATION, $strError;
		$err_mess = (CAllFormStatus::err_mess())."<br>Function: Copy<br>Line: ";
		$ID = intval($ID);
		$NEW_FORM_ID = intval($NEW_FORM_ID);
		$rsStatus = CFormStatus::GetByID($ID);
		if ($arStatus = $rsStatus->Fetch())
		{
			$RIGHT_OK = "N";
			if ($CHECK_RIGHTS!="Y" || CForm::IsAdmin()) $RIGHT_OK="Y";
			else
			{
				$F_RIGHT = CForm::GetPermission($arStatus["FORM_ID"]);
				// если имеем право на просмотр параметров формы
				if ($F_RIGHT>=25)
				{
					// если задана новая форма
					if ($NEW_FORM_ID>0)
					{
						$NEW_F_RIGHT = CForm::GetPermission($NEW_FORM_ID);
						// если имеем полный доступ на новую форму
						if ($NEW_F_RIGHT>=30) $RIGHT_OK = "Y";
					}
					elseif ($F_RIGHT>=30) // если имеем полный доступ на исходную форму
					{
						$RIGHT_OK = "Y";
					}
				}
			}

			// если права проверили то
			if ($RIGHT_OK=="Y")
			{
				CFormStatus::GetPermissionList($ID, $arPERMISSION_VIEW, $arPERMISSION_MOVE, $arPERMISSION_EDIT, $arPERMISSION_DELETE);
				// копируем
				$arFields = array(
					"FORM_ID"				=> ($NEW_FORM_ID>0) ? $NEW_FORM_ID : $arStatus["FORM_ID"],
					"C_SORT"				=> $arStatus["C_SORT"],
					"ACTIVE"				=> $arStatus["ACTIVE"],
					"TITLE"					=> $arStatus["TITLE"],
					"DESCRIPTION"			=> $arStatus["DESCRIPTION"],
					"CSS"					=> $arStatus["CSS"],
					"HANDLER_OUT"			=> $arStatus["HANDLER_OUT"],
					"HANDLER_IN"			=> $arStatus["HANDLER_IN"],
					"DEFAULT_VALUE"			=> $arStatus["DEFAULT_VALUE"],
					"arPERMISSION_VIEW"		=> $arPERMISSION_VIEW,
					"arPERMISSION_MOVE"		=> $arPERMISSION_MOVE,
					"arPERMISSION_EDIT"		=> $arPERMISSION_EDIT,
					"arPERMISSION_DELETE"	=> $arPERMISSION_DELETE,
					);
				$NEW_ID = CFormStatus::Set($arFields);
				return $NEW_ID;
			}
			else $strError .= GetMessage("FORM_ERROR_ACCESS_DENIED")."<br>";
		}
		else $strError .= GetMessage("FORM_ERROR_STATUS_NOT_FOUND")."<br>";
		return false;
	}
Ejemplo n.º 11
0
 public static function CheckFields(&$arFields, $FIELD_ID, $CHECK_RIGHTS = "Y")
 {
     $err_mess = CAllFormField::err_mess() . "<br>Function: CheckFields<br>Line: ";
     global $DB, $strError;
     $str = "";
     $FIELD_ID = intval($FIELD_ID);
     $FORM_ID = intval($arFields["FORM_ID"]);
     if ($FORM_ID <= 0) {
         $str .= GetMessage("FORM_ERROR_FORM_ID_NOT_DEFINED") . "<br>";
     } else {
         $RIGHT_OK = "N";
         if ($CHECK_RIGHTS != "Y" || CForm::IsAdmin()) {
             $RIGHT_OK = "Y";
         } else {
             $F_RIGHT = CForm::GetPermission($FORM_ID);
             if ($F_RIGHT >= 30) {
                 $RIGHT_OK = "Y";
             }
         }
         if ($RIGHT_OK == "Y") {
             if (strlen(trim($arFields["SID"])) > 0) {
                 $arFields["VARNAME"] = $arFields["SID"];
             } elseif (strlen($arFields["VARNAME"]) > 0) {
                 $arFields["SID"] = $arFields["VARNAME"];
             }
             if ($FIELD_ID <= 0 && !is_set($arFields, 'ADDITIONAL')) {
                 $arFields['ADDITIONAL'] = 'N';
             }
             if ($FIELD_ID <= 0 || $FIELD_ID > 0 && is_set($arFields, "SID")) {
                 if (strlen(trim($arFields["SID"])) <= 0) {
                     $str .= GetMessage("FORM_ERROR_FORGOT_SID") . "<br>";
                 }
                 if (preg_match("/[^A-Za-z_01-9]/", $arFields["SID"])) {
                     $str .= GetMessage("FORM_ERROR_INCORRECT_SID") . "<br>";
                 } else {
                     $strSql = "SELECT ID, ADDITIONAL FROM b_form_field WHERE SID='" . $DB->ForSql(trim($arFields["SID"]), 50) . "' and ID<>'" . $FIELD_ID . "' AND FORM_ID='" . $DB->ForSql($arFields["FORM_ID"]) . "'";
                     $z = $DB->Query($strSql, false, $err_mess . __LINE__);
                     if ($zr = $z->Fetch()) {
                         $s = $zr["ADDITIONAL"] == "Y" ? str_replace("#TYPE#", GetMessage("FORM_TYPE_FIELD"), GetMessage("FORM_ERROR_WRONG_SID")) : str_replace("#TYPE#", GetMessage("FORM_TYPE_QUESTION"), GetMessage("FORM_ERROR_WRONG_SID"));
                         $s = str_replace("#ID#", $zr["ID"], $s);
                         $str .= $s . "<br>";
                     } else {
                         $strSql = "SELECT ID FROM b_form WHERE SID='" . $DB->ForSql(trim($arFields["SID"]), 50) . "'";
                         $z = $DB->Query($strSql, false, $err_mess . __LINE__);
                         if ($zr = $z->Fetch()) {
                             $s = str_replace("#TYPE#", GetMessage("FORM_TYPE_FORM"), GetMessage("FORM_ERROR_WRONG_SID"));
                             $s = str_replace("#ID#", $zr["ID"], $s);
                             $str .= $s . "<br>";
                         }
                     }
                 }
             }
             $str .= CFile::CheckImageFile($arFields["arIMAGE"]);
         } else {
             $str .= GetMessage("FORM_ERROR_ACCESS_DENIED");
         }
     }
     $strError .= $str;
     if (strlen($str) > 0) {
         return false;
     } else {
         return true;
     }
 }
Ejemplo n.º 12
0
	/**
	 * <p>Устанавливает новый <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статус</a> для <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#result">результата</a>. Возвращает "true" в случае успеха, в противном случае - "false".</p>
	 *
	 *
	 *
	 *
	 * @param int $result_id  ID <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#result">результата</a>.
	 *
	 *
	 *
	 * @param int $status_id  ID нового <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a>.
	 *
	 *
	 *
	 * @param string $check_rights = "Y" Флаг необходимости проверки прав текущего пользователя.
	 * Возможны следующие значения: <ul> <li> <b>Y</b> - права необходимо
	 * проверить; </li> <li> <b>N</b> - права не нужно проверять. </li> </ul> Для
	 * успешной установки нового <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a> для указанного <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#result">результата</a> необходимо
	 * обладать следующими <a
	 * href="http://dev.1c-bitrix.ru/api_help/form/permissions.php">правами</a>: <ol> <li>На веб-форму к
	 * которой принадлежит редактируемый результат: <br><br><b>[20] Работа со
	 * всеми результатами в соответствии с их статусами</b> <br><br>или, в
	 * случае, если вы являетесь создателем удаляемого результата,
	 * достаточно права: <br><br><b>[15] Работа со своим результатом в
	 * соответствии с его статусом</b> <br> </li> <li>На статус, в котором
	 * находится редактируемый результат, необходимо иметь право:
	 * <br><br><b>[EDIT] редактирование</b> <br> </li> <li>На новый статус <i>status_id</i>
	 * необходимо иметь право: <br><br><b>[MOVE] перевод результатов в данный
	 * статус</b> </li> </ol> Параметр необязательный. По умолчанию - "Y" (права
	 * необходимо проверить).
	 *
	 *
	 *
	 * @return bool 
	 *
	 *
	 * <h4>Example</h4> 
	 * <pre>
	 * &lt;?
	 * $RESULT_ID = 189; // ID результата
	 * $STATUS_ID = 1; // ID статуса "Опубликовано"
	 * 
	 * // установим новый статус для результата
	 * // с проверкой прав текущего пользователя
	 * if (<b>CFormResult::SetStatus</b>($RESULT_ID, $STATUS_ID))
	 * {
	 *     echo "Статус #".$STATUS_ID." для результата #".$RESULT_ID." успешно установлен.";
	 * }
	 * else // ошибка
	 * {
	 *     global $strError;
	 *     echo $strError;
	 * }
	 * ?&gt;
	 * </pre>
	 *
	 *
	 * @static
	 * @link http://dev.1c-bitrix.ru/api_help/form/classes/cformresult/setstatus.php
	 * @author Bitrix
	 */
	public static function SetStatus($RESULT_ID, $NEW_STATUS_ID, $CHECK_RIGHTS="Y")
	{
		$err_mess = (CAllFormResult::err_mess())."<br>Function: SetStatus<br>Line: ";
		global $DB, $USER, $strError, $APPLICATION;
		$NEW_STATUS_ID = intval($NEW_STATUS_ID);
		$RESULT_ID = intval($RESULT_ID);

		if ($RESULT_ID <= 0 || $NEW_STATUS_ID <= 0)
			return false;

		$strSql = "SELECT USER_ID, FORM_ID FROM b_form_result WHERE ID='".$RESULT_ID."'";
		$z = $DB->Query($strSql, false, $err_mess.__LINE__);
		if ($zr = $z->Fetch())
		{
			$WEB_FORM_ID = intval($zr["FORM_ID"]);

			// rights check
			$RIGHT_OK = "N";
			if ($CHECK_RIGHTS!="Y")
			{
				$dbRes = CFormStatus::GetByID($NEW_STATUS_ID);
				if ($dbRes->Fetch())
				{
					$RIGHT_OK="Y";
				}
			}
			else
			{
				// form rights
				$F_RIGHT = CForm::GetPermission($WEB_FORM_ID);
				if ($F_RIGHT>=20 || ($F_RIGHT>=15 && $USER->GetID()==$zr["USER_ID"]))
				{
					// result rights
					$arrRESULT_PERMISSION = CFormResult::GetPermissions($RESULT_ID, $v);

					// new status rights
					$arrNEW_STATUS_PERMISSION = CFormStatus::GetPermissions($NEW_STATUS_ID);

					if (in_array("EDIT", $arrRESULT_PERMISSION) && in_array("MOVE", $arrNEW_STATUS_PERMISSION))
					{
						$RIGHT_OK = "Y";
					}
				}
			}

			if ($RIGHT_OK=="Y")
			{
				$dbEvents = GetModuleEvents('form', 'onBeforeResultStatusChange');
				while ($arEvent = $dbEvents->Fetch())
				{
					ExecuteModuleEventEx($arEvent, array($WEB_FORM_ID, $RESULT_ID, &$NEW_STATUS_ID, $CHECK_RIGHTS));

					if ($ex = $APPLICATION->GetException())
						$strError .= $ex->GetString().'<br />';
				}

				if (strlen($strError) <= 0)
				{
					// call handler before change status
					CForm::ExecHandlerBeforeChangeStatus($RESULT_ID, "SET_STATUS", $NEW_STATUS_ID);
					$arFields = Array(
						"TIMESTAMP_X"	=> $DB->GetNowFunction(),
						"STATUS_ID"		=> "'".intval($NEW_STATUS_ID)."'"
						);
					$DB->Update("b_form_result",$arFields,"WHERE ID='".$RESULT_ID."'",$err_mess.__LINE__);

					$dbEvents = GetModuleEvents('form', 'onAfterResultStatusChange');
					while ($arEvent = $dbEvents->Fetch())
					{
						ExecuteModuleEventEx($arEvent, array($WEB_FORM_ID, $RESULT_ID, $NEW_STATUS_ID, $CHECK_RIGHTS));
					}

					// call handler after change status
					CForm::ExecHandlerAfterChangeStatus($RESULT_ID, "SET_STATUS");
					return true;
				}
			}
			else $strError .= GetMessage("FORM_ERROR_ACCESS_DENIED")."<br>";
		}
		else $strError .= GetMessage("FORM_ERROR_RESULT_NOT_FOUND")."<br>";
		return false;
	}
Ejemplo n.º 13
0
if ($RESULT_ID > 0) {
    $q = CFormResult::GetByID($RESULT_ID);
    if (!($arrResult = $q->Fetch())) {
        // result not found
        $title = str_replace("#FORM_ID#", "{$WEB_FORM_ID}", GetMessage("FORM_RESULT_LIST"));
        require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_after.php";
        echo "<p><a href='/bitrix/admin/form_result_list.php?lang=" . LANGUAGE_ID . "&WEB_FORM_ID=" . $WEB_FORM_ID . "'>" . $title . "</a></p>";
        echo ShowError(GetMessage("FORM_RESULT_NOT_FOUND"));
        require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/epilog_admin.php";
        die;
    }
    $WEB_FORM_ID = intval($arrResult["FORM_ID"]);
} else {
    $arrResult = array();
}
$F_RIGHT = intval(CForm::GetPermission($WEB_FORM_ID));
// form rights
if ($RESULT_ID > 0) {
    $arrRESULT_PERMISSION = CFormResult::GetPermissions($RESULT_ID, $v);
} else {
    $arrRESULT_PERMISSION = array();
    if ($F_RIGHT >= 20) {
        $arrRESULT_PERMISSION[] = 'EDIT';
    }
}
$EDIT_ADDITIONAL = "Y";
// whether to edit additional fields
$EDIT_STATUS = "Y";
// whether to edit status
if ($bSimple) {
    $EDIT_ADDITIONAL = "N";
Ejemplo n.º 14
0
	function GetList($WEB_FORM_ID, &$by, &$order, $arFilter=Array(), &$is_filtered, $CHECK_RIGHTS="Y", $records_limit=false)
	{
		$err_mess = (CFormResult::err_mess())."<br>Function: GetList<br>Line: ";
		global $DB, $USER, $strError;

		$CHECK_RIGHTS = ($CHECK_RIGHTS=="Y") ? "Y" : "N";
		$WEB_FORM_ID = intval($WEB_FORM_ID);

		$F_RIGHT = CForm::GetPermission($WEB_FORM_ID);

		$USER_ID = intval($USER->GetID());
		$arSqlSearch = array();
		$arr["FIELDS"] = array();
		$strSqlSearch = "";
		if (is_array($arFilter))
		{
			$arFilter = CFormResult::PrepareFilter($WEB_FORM_ID, $arFilter);

			$z = CForm::GetByID($WEB_FORM_ID);
			$form = $z->Fetch();

			/***********************/

			$z = CFormField::GetList($WEB_FORM_ID, "", $v1, $v2, array(), $v3);

			while ($zr=$z->Fetch())
			{
				$arPARAMETER_NAME = array("ANSWER_TEXT", "ANSWER_VALUE", "USER");
				CFormField::GetFilterTypeList($arrUSER, $arrANSWER_TEXT, $arrANSWER_VALUE, $arrFIELD);
				foreach ($arPARAMETER_NAME as $PARAMETER_NAME)
				{
					switch ($PARAMETER_NAME)
					{
						case "ANSWER_TEXT":
							$arFILTER_TYPE = $arrANSWER_TEXT["reference_id"];
							break;
						case "ANSWER_VALUE":
							$arFILTER_TYPE = $arrANSWER_VALUE["reference_id"];
							break;
						case "USER":
							$arFILTER_TYPE = $arrUSER["reference_id"];
							break;
					}
					foreach ($arFILTER_TYPE as $FILTER_TYPE)
					{
						$arrUF = array();
						$arrUF["ID"] = $zr["ID"];
						$arrUF["PARAMETER_NAME"] = $PARAMETER_NAME;
						$arrUF["FILTER_TYPE"] = $FILTER_TYPE;
						$FID = $form["SID"]."_".$zr["SID"]."_".$PARAMETER_NAME."_".$FILTER_TYPE;
						if ($FILTER_TYPE=="date" || $FILTER_TYPE=="integer")
						{
							$arrUF["SIDE"] = "1";
							$arrFORM_FILTER[$FID."_1"] = $arrUF;
							$arrUF["SIDE"] = "2";
							$arrFORM_FILTER[$FID."_2"] = $arrUF;
							$arrUF["SIDE"] = "0";
							$arrFORM_FILTER[$FID."_0"] = $arrUF;
						}
						else $arrFORM_FILTER[$FID] = $arrUF;
					}
				}
			}
			if (is_array($arrFORM_FILTER)) $arrFORM_FILTER_KEYS = array_keys($arrFORM_FILTER);

			//echo "arFilter:<pre>"; print_r($arFilter); echo "</pre>";
			//echo "arrFORM_FILTER:<pre>"; print_r($arrFORM_FILTER); echo "</pre>";
			//echo "arrFORM_FILTER_KEYS:<pre>"; print_r($arrFORM_FILTER_KEYS); echo "</pre>";

			$t = 0;
			$filter_keys = array_keys($arFilter);
			for ($i=0; $i<count($filter_keys); $i++)
			{
				$key = $filter_keys[$i];
				$val = $arFilter[$filter_keys[$i]];
				if(is_array($val))
				{
					if(count($val) <= 0)
						continue;
				}
				else
				{
				if( (strlen($val) <= 0) || ($val === "NOT_REF") )
					continue;
				}
				$match_value_set = (in_array($key."_EXACT_MATCH", $filter_keys)) ? true : false;
				$key = strtoupper($key);
				switch($key)
				{
					case "ID":
						$match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N";
						$arSqlSearch[] = GetFilterQuery("R.ID", $val, $match);
						break;
					case "STATUS":
						$arSqlSearch[] = "R.STATUS_ID='".intval($val)."'";
						break;
					case "STATUS_ID":
						$match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N";
						$arSqlSearch[] = GetFilterQuery("R.STATUS_ID", $val, $match);
						break;
					case "TIMESTAMP_1":
						$arSqlSearch[] = "R.TIMESTAMP_X>=".$DB->CharToDateFunction($val, "SHORT");
						break;
					case "TIMESTAMP_2":
						$arSqlSearch[] = "R.TIMESTAMP_X<".$DB->CharToDateFunction($val, "SHORT")." + INTERVAL 1 DAY";
						break;
					case "DATE_CREATE_1":
						$arSqlSearch[] = "R.DATE_CREATE>=".$DB->CharToDateFunction($val, "SHORT");
						break;
					case "DATE_CREATE_2":
						$arSqlSearch[] = "R.DATE_CREATE<".$DB->CharToDateFunction($val, "SHORT")." + INTERVAL 1 DAY";
						break;
					case "TIME_CREATE_1":
						$arSqlSearch[] = "R.DATE_CREATE>=".$DB->CharToDateFunction($val, "FULL");
						break;
					case "TIME_CREATE_2":
						$arSqlSearch[] = "R.DATE_CREATE<".$DB->CharToDateFunction($val, "FULL");
						break;
					case "REGISTERED":
						$arSqlSearch[] = ($val=="Y") ? "R.USER_ID>0" : "(R.USER_ID<=0 or R.USER_ID is null)";
						break;
					case "USER_AUTH":
						$arSqlSearch[] = ($val=="Y") ? "(R.USER_AUTH='Y' and R.USER_ID>0)" : "(R.USER_AUTH='N' and R.USER_ID>0)";
						break;
					case "USER_ID":
						$match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N";
						$arSqlSearch[] = GetFilterQuery("R.USER_ID", $val, $match);
						break;
					case "GUEST_ID":
						$match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N";
						$arSqlSearch[] = GetFilterQuery("R.STAT_GUEST_ID", $val, $match);
						break;
					case "SESSION_ID":
						$match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N";
						$arSqlSearch[] = GetFilterQuery("R.STAT_SESSION_ID", $val, $match);
						break;
					case "SENT_TO_CRM":
						$arSqlSearch[] = GetFilterQuery("R.SENT_TO_CRM", $val, "Y");
						break;
					default:
						if (is_array($arrFORM_FILTER))
						{
							$key = $filter_keys[$i];
							if (in_array($key, $arrFORM_FILTER_KEYS))
							{
								$arrF = $arrFORM_FILTER[$key];
								if (is_array($arr["FIELDS"]) && !in_array($arrF["ID"],$arr["FIELDS"]))
								{
									$t++;
									$A = "A".$t;
									$arr["TABLES"][] = "b_form_result_answer ".$A;
									$arr["WHERE"][] = "(".$A.".RESULT_ID=R.ID and ".$A.".FIELD_ID='".$arrF["ID"]."')";
									$arr["FIELDS"][] = $arrF["ID"];
								}
								switch(strtoupper($arrF["FILTER_TYPE"]))
								{
									case "EXIST":

										if ($arrF["PARAMETER_NAME"]=="ANSWER_TEXT")
											$arSqlSearch[] = "length(".$A.".ANSWER_TEXT)+0>0";

										elseif ($arrF["PARAMETER_NAME"]=="ANSWER_VALUE")
											$arSqlSearch[] = "length(".$A.".ANSWER_VALUE)+0>0";

										elseif ($arrF["PARAMETER_NAME"]=="USER")
											$arSqlSearch[] = "length(".$A.".USER_TEXT)+0>0";

										break;
									case "TEXT":
										$match = ($arFilter[$key."_exact_match"]=="Y") ? "N" : "Y";
										$sql = "";

										if ($arrF["PARAMETER_NAME"]=="ANSWER_TEXT")
											$sql = GetFilterQuery($A.".ANSWER_TEXT_SEARCH", ToUpper($val), $match);

										elseif ($arrF["PARAMETER_NAME"]=="ANSWER_VALUE")
											$sql = GetFilterQuery($A.".ANSWER_VALUE_SEARCH", ToUpper($val), $match);

										elseif ($arrF["PARAMETER_NAME"]=="USER")
											$sql = GetFilterQuery($A.".USER_TEXT_SEARCH", ToUpper($val), $match);

										if ($sql!=="0" && strlen(trim($sql))>0) $arSqlSearch[] = $sql;
										break;
									case "DROPDOWN":
									case "ANSWER_ID":
											$arSqlSearch[] = $A.".ANSWER_ID=".intval($val);
										break;
									case "DATE":
										if ($arrF["PARAMETER_NAME"]=="USER")
										{
											if (CheckDateTime($val))
											{
												if ($arrF["SIDE"]=="1")
													$arSqlSearch[] = $A.".USER_DATE>=".$DB->CharToDateFunction($val, "SHORT");
												elseif ($arrF["SIDE"]=="2")
													$arSqlSearch[] = $A.".USER_DATE<".$DB->CharToDateFunction($val, "SHORT")." + INTERVAL 1 DAY";
												elseif ($arrF["SIDE"]=="0")
													$arSqlSearch[] = $A.".USER_DATE=".$DB->CharToDateFunction($val);
											}
										}
										break;
									case "INTEGER":
										if ($arrF["PARAMETER_NAME"]=="USER")
										{
											if ($arrF["SIDE"]=="1")
												$arSqlSearch[] = $A.".USER_TEXT+0>=".intval($val);
											elseif ($arrF["SIDE"]=="2")
												$arSqlSearch[] = $A.".USER_TEXT+0<=".intval($val);
											elseif ($arrF["SIDE"]=="0")
												$arSqlSearch[] = $A.".USER_TEXT='".intval($val)."'";
										}
										elseif ($arrF["PARAMETER_NAME"]=="ANSWER_TEXT")
										{
											if ($arrF["SIDE"]=="1")
												$arSqlSearch[] = $A.".ANSWER_TEXT+0>=".intval($val);
											elseif ($arrF["SIDE"]=="2")
												$arSqlSearch[] = $A.".ANSWER_TEXT+0<=".intval($val);
											elseif ($arrF["SIDE"]=="0")
												$arSqlSearch[] = $A.".ANSWER_TEXT='".intval($val)."'";
										}
										elseif ($arrF["PARAMETER_NAME"]=="ANSWER_VALUE")
										{
											if ($arrF["SIDE"]=="1")
												$arSqlSearch[] = $A.".ANSWER_VALUE+0>=".intval($val);
											elseif ($arrF["SIDE"]=="2")
												$arSqlSearch[] = $A.".ANSWER_VALUE+0<=".intval($val);
											elseif ($arrF["SIDE"]=="0")
												$arSqlSearch[] = $A.".ANSWER_VALUE='".intval($val)."'";
										}
										break;
								}
							}
						}
				}
			}
		}
		if ($by == "s_id")				$strSqlOrder = "ORDER BY R.ID";
		elseif ($by == "s_date_create")	$strSqlOrder = "ORDER BY R.DATE_CREATE";
		elseif ($by == "s_timestamp")	$strSqlOrder = "ORDER BY R.TIMESTAMP_X";
		elseif ($by == "s_user_id")		$strSqlOrder = "ORDER BY R.USER_ID";
		elseif ($by == "s_guest_id")	$strSqlOrder = "ORDER BY R.STAT_GUEST_ID";
		elseif ($by == "s_session_id")	$strSqlOrder = "ORDER BY R.STAT_SESSION_ID";
		elseif ($by == "s_status")		$strSqlOrder = "ORDER BY R.STATUS_ID";
		elseif ($by == "s_sent_to_crm")	$strSqlOrder = "ORDER BY R.SENT_TO_CRM";
		else
		{
			$by = "s_timestamp";
			$strSqlOrder = "ORDER BY R.TIMESTAMP_X";
		}
		if ($order!="asc")
		{
			$strSqlOrder .= " desc ";
			$order="desc";
		}
		$strSqlSearch = GetFilterSqlSearch($arSqlSearch);
		if (is_array($arr["TABLES"]))
			$str1 = implode(",\n				",$arr["TABLES"]);
		if (is_array($arr["WHERE"]))
			$str2 = implode("\n			and ",$arr["WHERE"]);
		if (strlen($str1)>0) $str1 = ",\n				".$str1;
		if (strlen($str2)>0) $str2 = "\n			and ".$str2;

		if ($records_limit===false)
		{
			$records_limit = "LIMIT ".intval(COption::GetOptionString("form","RECORDS_LIMIT"));
		}
		else
		{
			$records_limit = intval($records_limit);
			if ($records_limit>0)
			{
				$records_limit = "LIMIT ".$records_limit;
			}
		}

		//this hack is for mysql <3.23. we no longer support that dino.
		//$DB->Query("SET SQL_BIG_TABLES=1", false, $err_mess.__LINE__);
		if ($CHECK_RIGHTS!="Y" || $F_RIGHT >= 30 || CForm::IsAdmin())
		{
			$strSql = "
				SELECT
					R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID, R.SENT_TO_CRM,
					".$DB->DateToCharFunction("R.DATE_CREATE")."	DATE_CREATE,
					".$DB->DateToCharFunction("R.TIMESTAMP_X")."	TIMESTAMP_X,
					S.TITLE				STATUS_TITLE,
					S.CSS				STATUS_CSS
				FROM
					b_form_result R,
					b_form_status S
					$str1
				WHERE
				$strSqlSearch
				$str2
				and R.FORM_ID = '$WEB_FORM_ID'
				and S.ID = R.STATUS_ID
				GROUP BY
					R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.DATE_CREATE, R.STATUS_ID, R.SENT_TO_CRM
				$strSqlOrder
				$records_limit
				";
			$res = $DB->Query($strSql, false, $err_mess.__LINE__);
			//echo '<pre>'.$strSql.'</pre>';
		}
		elseif ($F_RIGHT>=15)
		{
			$arGroups = $USER->GetUserGroupArray();
			if (!is_array($arGroups)) $arGroups[] = 2;
			if (is_array($arGroups) && count($arGroups)>0) $groups = implode(",",$arGroups);
			if ($F_RIGHT<20) $str3 = "and ifnull(R.USER_ID,0) = $USER_ID";

			$strSql = "
				SELECT
					R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID, R.SENT_TO_CRM,
					".$DB->DateToCharFunction("R.DATE_CREATE")."	DATE_CREATE,
					".$DB->DateToCharFunction("R.TIMESTAMP_X")."	TIMESTAMP_X,
					S.TITLE				STATUS_TITLE,
					S.CSS				STATUS_CSS
				FROM
					b_form_result R,
					b_form_status S,
					b_form_status_2_group G$str1
				WHERE
				$strSqlSearch
				$str2
				$str3
				and R.FORM_ID = '$WEB_FORM_ID'
				and S.ID = R.STATUS_ID
				and G.STATUS_ID = S.ID
				and (
					(G.GROUP_ID in ($groups)) or
					(G.GROUP_ID in ($groups,0) and ifnull(R.USER_ID,0) = $USER_ID and $USER_ID>0)
					)
				and G.PERMISSION in ('VIEW', 'EDIT', 'DELETE')
				GROUP BY
					R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID,
					R.STAT_SESSION_ID, R.SENT_TO_CRM, R.DATE_CREATE, R.STATUS_ID, R.SENT_TO_CRM
				$strSqlOrder
				$records_limit
				";
			$res = $DB->Query($strSql, false, $err_mess.__LINE__);
		}
		else
		{
			$res = new CDBResult();
			$res->InitFromArray(array());
		}
		//echo "<pre>".$strSql."</pre>";
		//echo "<pre>".$strSqlSearch."</pre>";
		$is_filtered = (IsFiltered($strSqlSearch));
		return $res;
	}
Ejemplo n.º 15
0
     $APPLICATION->AddChainItem($arParams["CHAIN_ITEM_TEXT"], $arParams["CHAIN_ITEM_LINK"]);
 }
 // preparing additional parameters
 $arResult["FORM_ERROR"] = $_REQUEST["strError"];
 //$arResult["FORM_NOTE"] = $_REQUEST["strFormNote"];
 if (!empty($_REQUEST["formresult"]) && $_SERVER['REQUEST_METHOD'] != 'POST') {
     $formResult = strtoupper($_REQUEST['formresult']);
     switch ($formResult) {
         case 'ADDOK':
             $arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_ADDOK'));
             break;
         default:
             $arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_EDITOK'));
     }
 }
 $arParams["F_RIGHT"] = CForm::GetPermission($arParams["WEB_FORM_ID"]);
 if ($arParams["F_RIGHT"] < 15) {
     $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
 }
 $arParams["isStatisticIncluded"] = CModule::IncludeModule("statistic");
 if (is_array($arParams["NOT_SHOW_FILTER"])) {
     $arParams["arrNOT_SHOW_FILTER"] = $arParams["NOT_SHOW_FILTER"];
 } else {
     $arParams["arrNOT_SHOW_FILTER"] = explode(",", $arParams["NOT_SHOW_FILTER"]);
 }
 if (is_array($arParams["arrNOT_SHOW_FILTER"])) {
     //array_walk($arParams["arrNOT_SHOW_FILTER"], create_function("&\$item", "\$item=trim(\$item);"));
     TrimArr($arParams["arrNOT_SHOW_FILTER"]);
 } else {
     $arParams["arrNOT_SHOW_FILTER"] = array();
 }
Ejemplo n.º 16
0
 function GetList($WEB_FORM_ID, &$by, &$order, $arFilter = array(), &$is_filtered, $CHECK_RIGHTS = "Y", $records_limit = false)
 {
     $err_mess = CFormResult::err_mess() . "<br>Function: GetList<br>Line: ";
     global $DB, $USER, $strError;
     $CHECK_RIGHTS = $CHECK_RIGHTS == "Y" ? "Y" : "N";
     $WEB_FORM_ID = intval($WEB_FORM_ID);
     $F_RIGHT = CForm::GetPermission($WEB_FORM_ID);
     $USER_ID = intval($USER->GetID());
     $arSqlSearch = array();
     $arrSEARCH = array();
     $arrFIELDS = array();
     $strSqlSearch = "";
     if (is_array($arFilter)) {
         $arFilter = CFormResult::PrepareFilter($WEB_FORM_ID, $arFilter);
         $z = CForm::GetByID($WEB_FORM_ID);
         $form = $z->Fetch();
         $z = CFormField::GetList($WEB_FORM_ID, "", $v1, $v2, array(), $v3);
         while ($zr = $z->Fetch()) {
             $arPARAMETER_NAME = array("ANSWER_TEXT", "ANSWER_VALUE", "USER");
             CFormField::GetFilterTypeList($arrUSER, $arrANSWER_TEXT, $arrANSWER_VALUE, $arrFIELD);
             foreach ($arPARAMETER_NAME as $PARAMETER_NAME) {
                 switch ($PARAMETER_NAME) {
                     case "ANSWER_TEXT":
                         $arFILTER_TYPE = $arrANSWER_TEXT["reference_id"];
                         break;
                     case "ANSWER_VALUE":
                         $arFILTER_TYPE = $arrANSWER_VALUE["reference_id"];
                         break;
                     case "USER":
                         $arFILTER_TYPE = $arrUSER["reference_id"];
                         break;
                 }
                 foreach ($arFILTER_TYPE as $FILTER_TYPE) {
                     $arrUF = array();
                     $arrUF["ID"] = $zr["ID"];
                     $arrUF["PARAMETER_NAME"] = $PARAMETER_NAME;
                     $arrUF["FILTER_TYPE"] = $FILTER_TYPE;
                     $FID = $form["SID"] . "_" . $zr["SID"] . "_" . $PARAMETER_NAME . "_" . $FILTER_TYPE;
                     if ($FILTER_TYPE == "date" || $FILTER_TYPE == "integer") {
                         $arrUF["SIDE"] = "1";
                         $arrFORM_FILTER[$FID . "_1"] = $arrUF;
                         $arrUF["SIDE"] = "2";
                         $arrFORM_FILTER[$FID . "_2"] = $arrUF;
                         $arrUF["SIDE"] = "0";
                         $arrFORM_FILTER[$FID . "_0"] = $arrUF;
                     } else {
                         $arrFORM_FILTER[$FID] = $arrUF;
                     }
                 }
             }
         }
         if (is_array($arrFORM_FILTER)) {
             $arrFORM_FILTER_KEYS = array_keys($arrFORM_FILTER);
         }
         //echo "arFilter:<pre>"; print_r($arFilter); echo "</pre>";
         //echo "arrFORM_FILTER:<pre>"; print_r($arrFORM_FILTER); echo "</pre>";
         //echo "arrFORM_FILTER_KEYS:<pre>"; print_r($arrFORM_FILTER_KEYS); echo "</pre>";
         $t = 0;
         $filter_keys = array_keys($arFilter);
         for ($i = 0; $i < count($filter_keys); $i++) {
             $key = $filter_keys[$i];
             $val = $arFilter[$filter_keys[$i]];
             if (strlen($val) <= 0 || "{$val}" == "NOT_REF") {
                 continue;
             }
             if (is_array($val) && count($val) <= 0) {
                 continue;
             }
             $match_value_set = in_array($key . "_EXACT_MATCH", $filter_keys) ? true : false;
             $key = strtoupper($key);
             switch ($key) {
                 case "ID":
                     $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N";
                     $arSqlSearch[] = GetFilterQuery("R.ID", $val, $match);
                     break;
                 case "STATUS":
                     $arSqlSearch[] = "R.STATUS_ID='" . intval($val) . "'";
                     break;
                 case "STATUS_ID":
                     $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N";
                     $arSqlSearch[] = GetFilterQuery("R.STATUS_ID", $val, $match);
                     break;
                 case "TIMESTAMP_1":
                     $arSqlSearch[] = "R.TIMESTAMP_X>=" . $DB->CharToDateFunction($val, "SHORT");
                     break;
                 case "TIMESTAMP_2":
                     $arSqlSearch[] = "R.TIMESTAMP_X<" . $DB->CharToDateFunction($val, "SHORT") . "+1";
                     break;
                 case "DATE_CREATE_1":
                     $arSqlSearch[] = "R.DATE_CREATE>=" . $DB->CharToDateFunction($val, "SHORT");
                     break;
                 case "DATE_CREATE_2":
                     $arSqlSearch[] = "R.DATE_CREATE<" . $DB->CharToDateFunction($val, "SHORT") . "+1";
                     break;
                 case "TIME_CREATE_1":
                     $arSqlSearch[] = "R.DATE_CREATE>=" . $DB->CharToDateFunction($val, "FULL");
                     break;
                 case "TIME_CREATE_2":
                     $arSqlSearch[] = "R.DATE_CREATE<" . $DB->CharToDateFunction($val, "FULL");
                     break;
                 case "REGISTERED":
                     $arSqlSearch[] = $val == "Y" ? "R.USER_ID>0" : "(R.USER_ID<=0 or R.USER_ID is null)";
                     break;
                 case "USER_AUTH":
                     $arSqlSearch[] = $val == "Y" ? "(R.USER_AUTH='Y' and R.USER_ID>0)" : "(R.USER_AUTH='N' and R.USER_ID>0)";
                     break;
                 case "USER_ID":
                     $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N";
                     $arSqlSearch[] = GetFilterQuery("R.USER_ID", $val, $match);
                     break;
                 case "GUEST_ID":
                     $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N";
                     $arSqlSearch[] = GetFilterQuery("R.STAT_GUEST_ID", $val, $match);
                     break;
                 case "SESSION_ID":
                     $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N";
                     $arSqlSearch[] = GetFilterQuery("R.STAT_SESSION_ID", $val, $match);
                     break;
                 default:
                     if (is_array($arrFORM_FILTER)) {
                         $key = $filter_keys[$i];
                         if (in_array($key, $arrFORM_FILTER_KEYS)) {
                             $arrF = $arrFORM_FILTER[$key];
                             if (!in_array($arrF["ID"], $arrFIELDS)) {
                                 $t++;
                                 $arSqlSearch_f = array();
                                 $A = "A" . $t;
                                 $arrFIELDS[$t] = $arrF["ID"];
                             }
                             switch (strtoupper($arrF["FILTER_TYPE"])) {
                                 case "EXIST":
                                     if ($arrF["PARAMETER_NAME"] == "ANSWER_TEXT") {
                                         $arSqlSearch_f[] = $A . ".ANSWER_TEXT is not null";
                                     } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_VALUE") {
                                         $arSqlSearch_f[] = $A . ".ANSWER_VALUE is not null";
                                     } elseif ($arrF["PARAMETER_NAME"] == "USER") {
                                         $arSqlSearch_f[] = $A . ".USER_TEXT is not null";
                                     }
                                     break;
                                 case "TEXT":
                                     $match = $arFilter[$key . "_exact_match"] == "Y" ? "N" : "Y";
                                     $sql = "";
                                     if ($arrF["PARAMETER_NAME"] == "ANSWER_TEXT") {
                                         $sql = GetFilterQuery($A . ".ANSWER_TEXT_SEARCH", ToUpper($val), $match, array(), "Y", "Y", "Y");
                                     } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_VALUE") {
                                         $sql = GetFilterQuery($A . ".ANSWER_VALUE_SEARCH", ToUpper($val), $match, array(), "Y", "Y", "Y");
                                     } elseif ($arrF["PARAMETER_NAME"] == "USER") {
                                         $sql = GetFilterQuery($A . ".USER_TEXT_SEARCH", ToUpper($val), $match, array(), "Y", "Y", "Y");
                                     }
                                     if ($sql !== "0" && strlen(trim($sql)) > 0) {
                                         $arSqlSearch_f[] = $sql;
                                     }
                                     break;
                                 case "DROPDOWN":
                                 case "ANSWER_ID":
                                     $arSqlSearch_f[] = $A . ".ANSWER_ID=" . intval($val);
                                     break;
                                 case "DATE":
                                     if ($arrF["PARAMETER_NAME"] == "USER") {
                                         if (CheckDateTime($val)) {
                                             if ($arrF["SIDE"] == "1") {
                                                 $arSqlSearch_f[] = $A . ".USER_DATE>=" . $DB->CharToDateFunction($val, "SHORT");
                                             } elseif ($arrF["SIDE"] == "2") {
                                                 $arSqlSearch_f[] = $A . ".USER_DATE<" . $DB->CharToDateFunction($val, "SHORT") . "+1";
                                             } elseif ($arrF["SIDE"] == "0") {
                                                 $arSqlSearch_f[] = $A . ".USER_DATE=" . $DB->CharToDateFunction($val);
                                             }
                                         }
                                     }
                                     break;
                                 case "INTEGER":
                                     if ($arrF["PARAMETER_NAME"] == "USER") {
                                         if ($arrF["SIDE"] == "1") {
                                             $arSqlSearch_f[] = "\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tCONVERT_TO_NUMBER(\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.SUBSTR(" . $A . ".USER_TEXT, \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.GETLENGTH(" . $A . ".USER_TEXT),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)>=" . intval($val);
                                         } elseif ($arrF["SIDE"] == "2") {
                                             $arSqlSearch_f[] = "\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tCONVERT_TO_NUMBER(\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.SUBSTR(" . $A . ".USER_TEXT,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.GETLENGTH(" . $A . ".USER_TEXT),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)<=" . intval($val);
                                         } elseif ($arrF["SIDE"] == "0") {
                                             $arSqlSearch_f[] = "\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tCONVERT_TO_NUMBER(\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.SUBSTR(" . $A . ".USER_TEXT,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.GETLENGTH(" . $A . ".USER_TEXT),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)=" . intval($val);
                                         }
                                     } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_TEXT") {
                                         if ($arrF["SIDE"] == "1") {
                                             $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_TEXT)>=" . intval($val);
                                         } elseif ($arrF["SIDE"] == "2") {
                                             $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_TEXT)<=" . intval($val);
                                         } elseif ($arrF["SIDE"] == "0") {
                                             $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_TEXT)=" . intval($val);
                                         }
                                     } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_VALUE") {
                                         if ($arrF["SIDE"] == "1") {
                                             $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_VALUE)>=" . intval($val);
                                         } elseif ($arrF["SIDE"] == "2") {
                                             $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_VALUE)<=" . intval($val);
                                         } elseif ($arrF["SIDE"] == "0") {
                                             $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_VALUE)=" . intval($val);
                                         }
                                     }
                                     break;
                             }
                             if (is_array($arSqlSearch_f) && count($arSqlSearch_f) > 0) {
                                 $arrSEARCH[$t] = $arSqlSearch_f;
                             }
                         }
                     }
             }
         }
     }
     if ($by == "s_id") {
         $strSqlOrder = "ORDER BY R.ID";
     } elseif ($by == "s_date_create") {
         $strSqlOrder = "ORDER BY R.DATE_CREATE";
     } elseif ($by == "s_timestamp") {
         $strSqlOrder = "ORDER BY R.TIMESTAMP_X";
     } elseif ($by == "s_user_id") {
         $strSqlOrder = "ORDER BY R.USER_ID";
     } elseif ($by == "s_guest_id") {
         $strSqlOrder = "ORDER BY R.STAT_GUEST_ID";
     } elseif ($by == "s_session_id") {
         $strSqlOrder = "ORDER BY R.STAT_SESSION_ID";
     } elseif ($by == "s_valid") {
         $strSqlOrder = "ORDER BY R.VALID";
     } else {
         $by = "s_timestamp";
         $strSqlOrder = "ORDER BY R.TIMESTAMP_X";
     }
     if ($order != "asc") {
         $strSqlOrder .= " desc ";
         $order = "desc";
     }
     $strSqlSearch = GetFilterSqlSearch($arSqlSearch);
     $strSqlSearch_F = "";
     if (is_array($arrSEARCH) && count($arrSEARCH) > 0) {
         reset($arrSEARCH);
         while (list($index, $arrS) = each($arrSEARCH)) {
             $field = intval($arrFIELDS[$index]);
             if ($field > 0) {
                 $str = implode(" and ", $arrS);
                 $strSqlSearch_F .= "\r\n\t\t\t\t\t\tand EXISTS (\r\n\t\t\t\t\t\t\tSELECT 'x' FROM b_form_result_answer A{$index} \r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tA{$index}.RESULT_ID=R.ID \r\n\t\t\t\t\t\t\tand A{$index}.FIELD_ID={$field}\r\n\t\t\t\t\t\t\tand {$str}\r\n\t\t\t\t\t\t)\r\n\t\t\t\t\t\t";
             }
         }
     }
     $records_limit = $records_limit === false ? intval(COption::GetOptionString("form", "RECORDS_LIMIT")) : intval($records_limit);
     if ($CHECK_RIGHTS != "Y" || CForm::IsAdmin()) {
         $strSql = "\r\n\t\t\t\tSELECT \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.DATE_CREATE") . "\tDATE_CREATE,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.TIMESTAMP_X") . "\tTIMESTAMP_X,\r\n\t\t\t\t\tS.TITLE\t\t\t\tSTATUS_TITLE,\r\n\t\t\t\t\tS.CSS\t\t\t\tSTATUS_CSS\r\n\t\t\t\tFROM \r\n\t\t\t\t\tb_form_result R, \r\n\t\t\t\t\tb_form_status S\r\n\t\t\t\tWHERE \r\n\t\t\t\t{$strSqlSearch}\r\n\t\t\t\t{$strSqlSearch_F}\r\n\t\t\t\tand R.FORM_ID='{$WEB_FORM_ID}'\r\n\t\t\t\tand S.ID = R.STATUS_ID\r\n\t\t\t\tGROUP BY \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.DATE_CREATE, R.TIMESTAMP_X, R.STATUS_ID, S.ID, S.TITLE, S.CSS\r\n\t\t\t\t{$strSqlOrder}\r\n\t\t\t\t";
         if ($records_limit > 0) {
             $strSql = "SELECT * FROM ({$strSql}) WHERE ROWNUM<=" . $records_limit;
         }
         $res = $DB->Query($strSql, false, $err_mess . __LINE__);
     } elseif ($F_RIGHT >= 15) {
         $arGroups = $USER->GetUserGroupArray();
         if (!is_array($arGroups)) {
             $arGroups[] = 2;
         }
         if (is_array($arGroups) && count($arGroups) > 0) {
             $groups = implode(",", $arGroups);
         }
         if ($F_RIGHT < 20) {
             $str3 = "and nvl(R.USER_ID,0) = {$USER_ID}";
         }
         $strSql = "\r\n\t\t\t\tSELECT \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.DATE_CREATE") . "\tDATE_CREATE,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.TIMESTAMP_X") . "\tTIMESTAMP_X,\r\n\t\t\t\t\tS.TITLE\t\t\t\tSTATUS_TITLE,\r\n\t\t\t\t\tS.CSS\t\t\t\tSTATUS_CSS\r\n\t\t\t\tFROM \r\n\t\t\t\t\tb_form_result R, \r\n\t\t\t\t\tb_form_status S, \r\n\t\t\t\t\tb_form_status_2_group G\r\n\t\t\t\tWHERE \r\n\t\t\t\t{$strSqlSearch}\r\n\t\t\t\t{$strSqlSearch_F}\r\n\t\t\t\tand R.FORM_ID='{$WEB_FORM_ID}'\r\n\t\t\t\tand S.ID = R.STATUS_ID\r\n\t\t\t\tand G.STATUS_ID = S.ID\r\n\t\t\t\tand (\r\n\t\t\t\t\t(G.GROUP_ID in ({$groups})) or\r\n\t\t\t\t\t(G.GROUP_ID in ({$groups},0) and nvl(R.USER_ID,0) = {$USER_ID} and {$USER_ID}>0)\r\n\t\t\t\t\t)\r\n\t\t\t\tand G.PERMISSION in ('VIEW', 'EDIT', 'DELETE')\r\n\t\t\t\tGROUP BY \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.DATE_CREATE, R.TIMESTAMP_X, R.STATUS_ID, S.ID, S.TITLE, S.CSS\r\n\t\t\t\t{$strSqlOrder}\r\n\t\t\t\t";
         if ($records_limit > 0) {
             $strSql = "SELECT * FROM ({$strSql}) WHERE ROWNUM<=" . $records_limit;
         }
         $res = $DB->Query($strSql, false, $err_mess . __LINE__);
     } else {
         $res = new CDBResult();
         $res->InitFromArray(array());
     }
     //echo "<pre>".$strSqlSearch."</pre>";
     //echo "<pre>".$strSql."</pre>";
     $is_filtered = IsFiltered($strSqlSearch) || strlen($strSqlSearch_F) > 0;
     return $res;
 }