Example #1
0
/**
* Function KT_DynamicData replace all the dynamic data with their values;
* @param string $expression The expression to be evaluated
* @param object or null $tNG The tNG context in which the expression is evaluated
* @param string $escapeMethod The string escape method for the evaluated values (rawurlencode and SQL)
* @param booolean $useSavedData Weather to use the current tNG data or the saved values
* @param array $extraParams Extra expression parameters passed when for evaluation (of form $key => $value; any encounter of key will be replaced with its value)
* @return string the string with the dynamic data replaced with their values;
*/
function KT_DynamicData($expression, $tNG, $escapeMethod = '', $useSavedData = false, $extraParams = array(), $errorIfNotFound = true)
{
    $PB = '{';
    $PE = '}';
    if (!is_string($expression)) {
        return $expression;
    }
    // DynamicData functions - use this to define more functions
    KT_getInternalTimeFormat();
    $date_now = KT_convertDate(date('Y-m-d'), "yyyy-mm-dd", $GLOBALS['KT_screen_date_format']);
    $date_dt_now = KT_convertDate(date('Y-m-d H:i:s'), "yyyy-mm-dd HH:ii:ss", $GLOBALS['KT_screen_date_format'] . ' ' . $GLOBALS['KT_screen_time_format_internal']);
    $date_t_now = KT_convertDate(date('H:i:s'), "HH:ii:ss", $GLOBALS['KT_screen_time_format_internal']);
    $dynamicDataFunctions = array('NOW()' => $date_now, 'now()' => $date_now, 'NOW' => $date_now, 'now' => $date_now, 'NOW_DT()' => $date_dt_now, 'now_dt()' => $date_dt_now, 'NOW_DT' => $date_dt_now, 'now_dt' => $date_dt_now, 'NOW_T()' => $date_t_now, 'now_t()' => $date_t_now, 'NOW_T' => $date_t_now, 'now_t' => $date_t_now, 'KT_REFERRER' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', 'kt_referrer' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', 'KT_CSV_LINE' => isset($GLOBALS['KT_CSV_LINE']) ? $GLOBALS['KT_CSV_LINE'] : '', 'KT_XML_LINE' => isset($GLOBALS['KT_XML_LINE']) ? $GLOBALS['KT_XML_LINE'] : '');
    $placeholdersArr = KT_getReplacementsFromMessage($expression);
    $replacementsArr = array();
    switch ($escapeMethod) {
        case 'rawurlencode':
            break;
        case 'expression':
            break;
        case 'SQL':
            if (!isset($tNG)) {
                $escapeMethod = false;
            }
            break;
        default:
            $escapeMethod = false;
            break;
    }
    if ($useSavedData !== true) {
        $useSavedData = false;
    }
    foreach ($placeholdersArr as $key => $placeholder) {
        if (array_key_exists($placeholder, $extraParams)) {
            // extra params have priority 1
            $placeholderType = 'tng_ddextra';
            $placeholderName = $placeholder;
        } else {
            // functions have priority 2
            if (array_key_exists($placeholder, $dynamicDataFunctions)) {
                $placeholderType = 'tNG_DDfunction';
                $placeholderName = $placeholder;
            } else {
                $ptpos = strpos($placeholder, '.');
                if (!$ptpos) {
                    // tng field
                    if (isset($tNG)) {
                        // attached to a tng, replace field with value
                        $placeholderType = 'tNG_tNGfield';
                        $placeholderName = $placeholder;
                    } else {
                        // no tng, leave as is
                        $placeholderType = 'tNG_tNGfieldLater';
                        $placeholderName = $placeholder;
                    }
                } else {
                    $placeholderType = substr($placeholder, 0, $ptpos);
                    $placeholderName = substr($placeholder, $ptpos + 1);
                }
            }
        }
        $placeholder = $PB . $placeholder . $PE;
        switch (strtolower($placeholderType)) {
            case 'tng_ddfunction':
                $replacementsArr[$placeholder] = $dynamicDataFunctions[$placeholderName];
                break;
            case 'tng_ddextra':
                $replacementsArr[$placeholder] = $extraParams[$placeholderName];
                break;
            case 'tng_tngfield':
                if ($useSavedData) {
                    $placeholderValue = $tNG->getSavedValue($placeholderName);
                } else {
                    if (isset($tNG->columns[$placeholderName]) || $placeholderName == $tNG->getPrimaryKey()) {
                        $placeholderValue = $tNG->getColumnValue($placeholderName);
                        $placeholderType = $tNG->getColumnType($placeholderName);
                    } else {
                        if ($errorIfNotFound == true) {
                            die('KT_DynamicData:<br />Column ' . $placeholderName . ' is not part of the current transaction.');
                        } else {
                            $placeholderValue = $placeholder;
                        }
                    }
                    if ($escapeMethod == 'SQL') {
                        $placeholderValue = KT_escapeForSql($placeholderValue, $placeholderType);
                    }
                }
                $replacementsArr[$placeholder] = $placeholderValue;
                break;
            case 'tng_tngfieldlater':
                break;
            case 'get':
                $myPlaceholderName = $placeholderName;
                if (isset($tNG)) {
                    if (isset($tNG->multipleIdx)) {
                        $myPlaceholderName .= "_" . $tNG->multipleIdx;
                    }
                }
                $replacementsArr[$placeholder] = KT_getRealValue("GET", $myPlaceholderName);
                if (!isset($replacementsArr[$placeholder])) {
                    $replacementsArr[$placeholder] = KT_getRealValue("GET", $placeholderName);
                }
                break;
            case 'post':
                $myPlaceholderName = $placeholderName;
                if (isset($tNG)) {
                    if (isset($tNG->multipleIdx)) {
                        $myPlaceholderName .= "_" . $tNG->multipleIdx;
                    }
                }
                $replacementsArr[$placeholder] = KT_getRealValue("POST", $myPlaceholderName);
                if (!isset($replacementsArr[$placeholder])) {
                    $replacementsArr[$placeholder] = KT_getRealValue("POST", $placeholderName);
                }
                break;
            case 'cookie':
                $replacementsArr[$placeholder] = KT_getRealValue("COOKIE", $placeholderName);
                break;
            case 'session':
                KT_session_start();
                $replacementsArr[$placeholder] = KT_getRealValue("SESSION", $placeholderName);
                break;
            case 'globals':
                $replacementsArr[$placeholder] = KT_getRealValue("GLOBALS", $placeholderName);
                break;
            case 'request':
                $replacementsArr[$placeholder] = KT_getRealValue("GLOBALS", $placeholderName);
                break;
            case 'server':
                $replacementsArr[$placeholder] = KT_getRealValue("SERVER", $placeholderName);
                break;
            case 'application':
                // CF only
                break;
            case 'csv':
                $replacementsArr[$placeholder] = KT_getRealValue("CSV", $placeholderName);
                break;
            default:
                // recordset
                if (isset($GLOBALS[$placeholderType])) {
                    $rs = $GLOBALS[$placeholderType];
                    if (is_resource($rs)) {
                        $placeholderValue = $GLOBALS["row_" . $placeholderType][$placeholderName];
                    } elseif (is_object($rs)) {
                        $placeholderValue = $rs->Fields($placeholderName);
                    } else {
                        break;
                    }
                } else {
                    $placeholderValue = $placeholder;
                }
                $replacementsArr[$placeholder] = $placeholderValue;
                break;
        }
    }
    reset($replacementsArr);
    if ($escapeMethod == 'rawurlencode') {
        if (!array_key_exists("{kt_login_redirect}", $replacementsArr) && !array_key_exists("{kt_referrer}", $replacementsArr) && !array_key_exists("{KT_REFERRER}", $replacementsArr)) {
            $replacementsArr = array_map($escapeMethod, $replacementsArr);
        }
    } elseif ($escapeMethod == 'expression') {
        $replacementsArr = array_map('KT_escapeExpression', $replacementsArr);
    }
    $newexpression = str_replace(array_keys($replacementsArr), array_values($replacementsArr), $expression);
    /*if ($escapeMethod == 'expression') {
    		echo $newexpression."\n<br/>\n";
    	}*/
    return $newexpression;
}
 /**
 	NAME:
 		Execute
 	DESCRIPTION:
 		validates the columnsValue based on regExp and required information
 	ARGUMENTS:
 		none - 
 		property used: 
 				$columns
 				$columnsValue
 	RETURN:
 		string - empty on succes , an error message if fails
 		property changed:
 			- none
 	**/
 function Execute()
 {
     $failed = false;
     $errObj = new tNG_error('', array(), array());
     if ($this->mustValidate && count($this->columns) > 0) {
         $columnKeys = array_keys($this->columns);
         $cols = count($columnKeys);
         for ($i = 0; $i < $cols; $i++) {
             $doRequiredVal = true;
             $colIdx = $columnKeys[$i];
             $column =& $this->columns[$colIdx];
             if (!in_array($column['name'], array_keys($this->tNG->columns))) {
                 continue;
             }
             // on update don't require FILE_TYPE and tNG password fields
             if ($this->tNG->getTransactionType() == '_update' || $this->tNG->getTransactionType() == '_multipleUpdate') {
                 if ($this->tNG->getColumnType($column['name']) == 'FILE_TYPE') {
                     $doRequiredVal = false;
                 }
                 if ($this->tNG->getTable() == $GLOBALS['tNG_login_config']["table"] && $column['name'] == $GLOBALS['tNG_login_config']["password_field"]) {
                     $doRequiredVal = false;
                 }
                 // if it is setted to CURRVAL is not required;
                 if ($this->tNG->columns[$column['name']]['method'] == 'CURRVAL') {
                     $doRequiredVal = false;
                 }
             }
             $hasRequiredError = false;
             $hasTypeError = false;
             $tmpFieldValue = $this->tNG->getColumnValue($column['name']);
             if ($column['type'] == 'date' && $column['format'] != '') {
                 if (!in_array($this->tNG->getColumnType($column['name']), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) {
                     $tmpFieldValue = KT_formatDate2DB($tmpFieldValue);
                 }
             }
             $column['failed'] = false;
             // required parameter validation
             $colCustomMsg = $column['message'];
             if ($doRequiredVal && $column['required']) {
                 if (strlen($colCustomMsg) == 0) {
                     $colCustomMsg = $this->genericValidationMessages['required'];
                 }
                 if ((string) $tmpFieldValue == '') {
                     $failed = true;
                     $hasRequiredError = true;
                     $column['failed'] = true;
                     if ($this->tNG->exportsRecordset() !== true) {
                         $colCustomMsg = KT_DynamicData($colCustomMsg, $this->tNG, '', $this->tNG->transactionType == '_delete');
                         $errObj->addDetails('%s', array($colCustomMsg), array($colCustomMsg));
                     } else {
                         $errObj->setFieldError($column['name'], '%s', array($colCustomMsg));
                     }
                 }
             }
             // type and format validation
             $colCustomMsg = $column['message'];
             if ($tmpFieldValue != '' && $column['type'] != '') {
                 if (strlen($colCustomMsg) == 0) {
                     $colCustomMsgBefore = $this->genericValidationMessages['format'];
                     $colCustomMsgAfter = $this->genericValidationMessages[$column['type'] . '_' . $column['format']];
                     $colCustomMsg = sprintf($colCustomMsgBefore, $colCustomMsgAfter);
                 }
                 $tmpFieldValue = substr($tmpFieldValue, 0, 400);
                 switch ($column['type']) {
                     case 'regexp':
                         $res = @preg_match($column['additional_params'], $tmpFieldValue);
                         if ($res === false) {
                             $hasTypeError = true;
                             $colCustomMsgBefore = $this->genericValidationMessages['format'];
                             $colCustomMsgAfter = $this->genericValidationMessages['regexp_failed'];
                             $colCustomMsg = sprintf($colCustomMsgBefore, $colCustomMsgAfter);
                         }
                         if ($res === 0) {
                             $hasTypeError = true;
                         }
                         break;
                     case 'mask':
                         $myRegexp = $this->mask2regexp($column['additional_params']);
                         if (!preg_match($myRegexp, $tmpFieldValue)) {
                             $hasTypeError = true;
                         }
                         break;
                     case 'text':
                     case 'numeric':
                     case 'double':
                         $type = $column['type'];
                         $format = $column['format'];
                         if (is_array($this->validationRules[$type][$format])) {
                             $myValidationRule =& $this->validationRules[$type][$format];
                             if (isset($myValidationRule['mask'])) {
                                 $myRegexp = $this->mask2regexp($myValidationRule['mask']);
                                 $myValidationRule['regexp'] = $myRegexp;
                             }
                             if (isset($myValidationRule['regexp'])) {
                                 if (!preg_match($myValidationRule['regexp'], $tmpFieldValue)) {
                                     $hasTypeError = true;
                                 }
                             }
                             if (isset($myValidationRule['callback'])) {
                                 $ret = call_user_func(array('tNG_FormValidation', $myValidationRule['callback']), $tmpFieldValue);
                                 if (!$ret) {
                                     $hasTypeError = true;
                                 }
                             }
                         }
                         break;
                     case 'date':
                         $format = $column['format'];
                         $checkFullDateTime = true;
                         switch ($format) {
                             case 'date':
                                 $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format']);
                                 $checkFullDateTime = true;
                                 break;
                             case 'time':
                                 $inFmtRule = KT_format2rule($GLOBALS['KT_db_time_format_internal']);
                                 $checkFullDateTime = false;
                                 break;
                             case 'datetime':
                                 $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']);
                                 $checkFullDateTime = true;
                                 break;
                             default:
                                 break 2;
                         }
                         $dateArr = KT_applyDate2rule($tmpFieldValue, $inFmtRule);
                         $ret = KT_isValidDate($dateArr, $checkFullDateTime);
                         if (!$ret) {
                             $hasTypeError = true;
                         }
                         break;
                 }
             }
             if (!$hasRequiredError && $hasTypeError) {
                 $column['failed'] = true;
                 $failed = true;
                 if ($this->tNG->exportsRecordset() !== true) {
                     $colCustomMsg = KT_DynamicData($colCustomMsg, $this->tNG, '', $this->tNG->transactionType == '_delete');
                     $errObj->addDetails('%s', array($colCustomMsg), array($colCustomMsg));
                 } else {
                     $errObj->setFieldError($column['name'], '%s', array($colCustomMsg));
                 }
             }
         }
         for ($i = 0; $i < $cols; $i++) {
             $colIdx = $columnKeys[$i];
             $column =& $this->columns[$colIdx];
             if (!in_array($column['name'], array_keys($this->tNG->columns))) {
                 continue;
             }
             $hasMinMaxError = false;
             $tmpFieldValue = $this->tNG->getColumnValue($column['name']);
             if ($column['type'] == 'date' && $column['format'] != '') {
                 if (!in_array($this->tNG->getColumnType($column['name']), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) {
                     $tmpFieldValue = KT_formatDate2DB($tmpFieldValue);
                 }
             }
             // MIN MAX parameter validation
             $tNG_tNGfield_min = array();
             $tNG_tNGfield_max = array();
             $min = $column['min'];
             $min_placeholders = KT_getReplacementsFromMessage($min);
             if (count($min_placeholders) > 0) {
                 foreach ($min_placeholders as $key => $placeholder) {
                     if (strpos($placeholder, '.') === false) {
                         $tNG_tNGfield_min[] = $placeholder;
                     }
                 }
             }
             $max = $column['max'];
             $max_placeholders = KT_getReplacementsFromMessage($max);
             if (count($max_placeholders) > 0) {
                 foreach ($max_placeholders as $key => $placeholder) {
                     if (strpos($placeholder, '.') === false) {
                         $tNG_tNGfield_max[] = $placeholder;
                     }
                 }
             }
             $min = KT_DynamicData($min, $this->tNG);
             $max = KT_DynamicData($max, $this->tNG);
             // MIN parameter validation
             if ($tmpFieldValue != '' && $min != '') {
                 if ($column['type'] == 'text') {
                     if (strlen($tmpFieldValue) < $min) {
                         $hasMinMaxError = true;
                     }
                 }
                 if (in_array($column['type'], array('numeric', 'double'))) {
                     $evaluateNumeric = true;
                     if (count($tNG_tNGfield_min) > 0) {
                         foreach ($tNG_tNGfield_min as $key => $tNG_tNGfield) {
                             if (!isset($this->columns[$tNG_tNGfield]) || !in_array($this->columns[$tNG_tNGfield]['type'], array('numeric', 'double')) || $this->columns[$tNG_tNGfield]['format'] == '' || $column['failed']) {
                                 $evaluateNumeric = false;
                                 break;
                             }
                         }
                     }
                     $tmpFieldValue = str_replace(',', '.', $tmpFieldValue);
                     $min = str_replace(',', '.', $min);
                     if ($evaluateNumeric) {
                         $min = $this->tNG->evaluateNumeric($min);
                     }
                     if (floatval($tmpFieldValue) < floatval($min)) {
                         $hasMinMaxError = true;
                     }
                 }
                 if ($column['type'] == 'date') {
                     if (count($tNG_tNGfield_min) > 0) {
                         foreach ($tNG_tNGfield_min as $key => $tNG_tNGfield) {
                             if (in_array($this->tNG->getColumnType($tNG_tNGfield), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) {
                                 $min = KT_formatDate($min);
                                 break;
                             }
                         }
                     }
                     $minDate = KT_formatDate2DB($min);
                     $format = $column['format'];
                     $checkFullDateTime = true;
                     switch ($format) {
                         case 'date':
                             $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format']);
                             $checkFullDateTime = true;
                             break;
                         case 'time':
                             $inFmtRule = KT_format2rule($GLOBALS['KT_db_time_format_internal']);
                             $checkFullDateTime = false;
                             break;
                         case 'datetime':
                             $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']);
                             $checkFullDateTime = true;
                             break;
                         default:
                             break 2;
                     }
                     $dateArr = KT_applyDate2rule($tmpFieldValue, $inFmtRule);
                     $minArr = KT_applyDate2rule($minDate, $inFmtRule);
                     if (KT_isValidDate($minArr, $checkFullDateTime)) {
                         if (KT_compareDates($dateArr, $minArr) === 1) {
                             $hasMinMaxError = true;
                         }
                     }
                 }
             }
             // MAX parameter validation
             if ($tmpFieldValue != '' && $max != '') {
                 if ($column['type'] == 'text') {
                     if (strlen($tmpFieldValue) > $max) {
                         $hasMinMaxError = true;
                     }
                 }
                 if (in_array($column['type'], array('numeric', 'double'))) {
                     $evaluateNumeric = true;
                     if (count($tNG_tNGfield_max) > 0) {
                         foreach ($tNG_tNGfield_max as $key => $tNG_tNGfield) {
                             if (!isset($this->columns[$tNG_tNGfield]) || !in_array($this->columns[$tNG_tNGfield]['type'], array('numeric', 'double')) || $this->columns[$tNG_tNGfield]['format'] == '' || $column['failed']) {
                                 $evaluateNumeric = false;
                                 break;
                             }
                         }
                     }
                     $tmpFieldValue = str_replace(',', '.', $tmpFieldValue);
                     $max = str_replace(',', '.', $max);
                     if ($evaluateNumeric) {
                         $max = $this->tNG->evaluateNumeric($max);
                     }
                     if (floatval($tmpFieldValue) > floatval($max)) {
                         $hasMinMaxError = true;
                     }
                 }
                 if ($column['type'] == 'date') {
                     if (count($tNG_tNGfield_max) > 0) {
                         foreach ($tNG_tNGfield_max as $key => $tNG_tNGfield) {
                             if (in_array($this->tNG->getColumnType($tNG_tNGfield), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) {
                                 $max = KT_formatDate($max);
                                 break;
                             }
                         }
                     }
                     $maxDate = KT_formatDate2DB($max);
                     $format = $column['format'];
                     $checkFullDateTime = true;
                     switch ($format) {
                         case 'date':
                             $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format']);
                             $checkFullDateTime = true;
                             break;
                         case 'time':
                             $inFmtRule = KT_format2rule($GLOBALS['KT_db_time_format_internal']);
                             $checkFullDateTime = false;
                             break;
                         case 'datetime':
                             $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']);
                             $checkFullDateTime = true;
                             break;
                         default:
                             break 2;
                     }
                     $dateArr = KT_applyDate2rule($tmpFieldValue, $inFmtRule);
                     $maxArr = KT_applyDate2rule($maxDate, $inFmtRule);
                     if (KT_isValidDate($maxArr, $checkFullDateTime)) {
                         if (KT_compareDates($dateArr, $maxArr) === -1) {
                             $hasMinMaxError = true;
                         }
                     }
                 }
             }
             $colCustomMsg = $column['message'];
             if (strlen($colCustomMsg) == 0) {
                 $colCustomMsgBefore = $column['type'] == 'text' ? 'text' : 'other';
                 if ($min != '' && $max != '') {
                     $colCustomMsgAfter = 'between';
                     $colCustomMsg = $this->genericValidationMessages[$colCustomMsgBefore . '_' . $colCustomMsgAfter];
                     $colCustomMsg = sprintf($colCustomMsg, $min, $max);
                 } elseif ($min != '') {
                     $colCustomMsgAfter = 'min';
                     $colCustomMsg = $this->genericValidationMessages[$colCustomMsgBefore . '_' . $colCustomMsgAfter];
                     $colCustomMsg = sprintf($colCustomMsg, $min);
                 } else {
                     $colCustomMsgAfter = 'max';
                     $colCustomMsg = $this->genericValidationMessages[$colCustomMsgBefore . '_' . $colCustomMsgAfter];
                     $colCustomMsg = sprintf($colCustomMsg, $max);
                 }
             }
             if ($hasMinMaxError && $column['failed'] == false) {
                 $column['failed'] = true;
                 $failed = true;
                 if ($this->tNG->exportsRecordset() !== true) {
                     $colCustomMsg = KT_DynamicData($colCustomMsg, $this->tNG, '', $this->tNG->transactionType == '_delete');
                     $errObj->addDetails('%s', array($colCustomMsg), array($colCustomMsg));
                 } else {
                     $errObj->setFieldError($column['name'], '%s', array($colCustomMsg));
                 }
             }
         }
     }
     if (!$failed) {
         $errObj = null;
     } else {
         if ($this->tNG->exportsRecordset() === true) {
             $errObj->addDetails('%s', array($this->genericValidationMessages['failed']), array(''));
         }
     }
     return $errObj;
 }