/**
* Adds options to the select box control
*
* <b>If the "multiple" attribute is not set, the first option will be always considered as the "nothing is selected"
* state of the control!</b>
*
* @param array $options An associative array of options where the key is the value of the option and the
* value is the actual text to be displayed for the option.
*
* <b>Option groups</b> can be set by giving an array of associative arrays as argument:
*
* <code>
* // add as groups:
* $obj->add_options(array(
* 'group' => array('option 1', 'option 2')
* ));
* </code>
*
* @param boolean $overwrite (Optional) By default, succesive calls of this method will appended the options
* given as arguments to the already existing options.
*
* Setting this argument to TRUE will instead overwrite the previously existing options.
*
* Default is FALSE
*
* @return void
*/
function add_options($options, $overwrite = false)
{
// continue only if parameter is an array
if (is_array($options)) {
// get some properties of the select control
$attributes = $this->get_attributes(array('options', 'multiple'));
// if there are no options so far AND
// we're not overwriting existing options AND
// the "multiple" attribute is not set
if (empty($attributes['options']) && $overwrite === false && !isset($attributes['multiple'])) {
// add the default value
// we'll replace the value with the appropriate language
$options = array('' => $this->form_properties['language']['select']) + $options;
}
// set the options attribute of the control
$this->set_attributes(array('options' => $overwrite ? $options : $attributes['options'] + $options));
// if options are not specified as an array
} else {
// trigger an error message
_myzebra_form_show_error('
Selectable values for the <strong>' . $this->attributes['id'] . '</strong> control must be specified as
an array
');
}
}
/**
* Generates a CSRF token, unique to the current form.
*
* Note that this will generate a new CSRF token only when the form is generated and not also when the form is
* submitted - unless the <b>$force</b> argument is set to TRUE.
*
* @param boolean $force (Optional) Instructs the method to forcefully generate a new CSRF token.
*
* This parameter will be TRUE when the method is called after an unsuccessful
* CSRF token validation or after a successful form validation.
*
* By default, this method will generate a new CSRF token *only* if the form
* is not being currently submitted (form information is not available in the $_POST
* superglobal).
*
* Default is FALSE.
*
* @return void
*
* @access private
*/
function _csrf_generate_token($force = false)
{
// if CSRF protection is enabled (is not boolean FALSE) and CSRF token was not already generated
if ($this->form_properties['csrf_storage_method'] !== false) {
// reference to the form submission method
global ${'_' . $this->form_properties['method']};
$method =& ${'_' . $this->form_properties['method']};
// if
if (isset($method[$this->form_properties['identifier']]) && $force === false && $this->form_properties['csrf_storage_method'] == 'session' && isset($_SESSION[$this->form_properties['csrf_cookie_name']]) && is_array($_SESSION[$this->form_properties['csrf_cookie_name']]) && count($_SESSION[$this->form_properties['csrf_cookie_name']]) == 2) {
$this->form_properties['csrf_token'] = $_SESSION[$this->form_properties['csrf_cookie_name']][0];
} elseif (isset($method[$this->form_properties['identifier']]) && $force === false && $this->form_properties['csrf_storage_method'] == 'cookie' && isset($_COOKIE[$this->form_properties['csrf_cookie_name']])) {
$this->form_properties['csrf_token'] = $_COOKIE[$this->form_properties['csrf_cookie_name']];
} elseif (!isset($method[$this->form_properties['identifier']]) || $force === true) {
// generate a random token
$this->form_properties['csrf_token'] = md5(uniqid(rand(), true));
// compute token expiry timestamp
$csrf_token_expiry = $this->form_properties['csrf_token_lifetime'] == 0 ? 0 : time() + $this->form_properties['csrf_token_lifetime'];
// if storage method is "session"
if ($this->form_properties['csrf_storage_method'] == 'session') {
// if no session is started, trigger an error message
if (!isset($_SESSION)) {
_myzebra_form_show_error('You have chosen to enable protection against cross-site request forgery (CSRF) attacks and to use sessions for storing the CSRF token, but a session is not started! Start a session prior to calling the "csrf()" method', E_USER_ERROR);
}
// if sessions are on, store the CSRF token and the expiration data in session
$_SESSION[$this->form_properties['csrf_cookie_name']] = array($this->form_properties['csrf_token'], $csrf_token_expiry);
// if storage method is "cookie"
} else {
// store the CSRF token in a cookie
setcookie($this->form_properties['csrf_cookie_name'], $this->form_properties['csrf_token'], $csrf_token_expiry, $this->form_properties['csrf_cookie_config']['path'], $this->form_properties['csrf_cookie_config']['domain'], $this->form_properties['csrf_cookie_config']['secure'], $this->form_properties['csrf_cookie_config']['httponly']);
}
}
}
}
function doActions()
{
// if there are any actions to be performed when the form is valid
// (file upload, resize, convert)
$form_is_valid = true;
if (isset($this->actions) && !empty($this->actions) && !$this->form->preview) {
// iterate through the actions
foreach ($this->actions as $actions) {
// if the respective action (method) exists
if (method_exists($this, $actions[0])) {
// if the method was erroneous
if (!call_user_func_array(array(&$this, $actions[0]), array_slice($actions, 1))) {
// add error message to indicated error block
//$this->form->add_error($actions['block'], $actions['message']);
$this->form->add_error($this->attributes['id'], $actions['message']);
// set the form as not being valid
$form_is_valid = false;
break;
}
// if the task (method) could not be found, trigger an error message
} else {
_myzebra_form_show_error('Method ' . $actions[0] . ' does not exist!', E_USER_ERROR);
}
}
}
return $form_is_valid;
}
/**
* Generates the control's HTML code.
*
* <i>This method is automatically called by the {@link MyZebra_Form::render() render()} method!</i>
*
* @return string The control's HTML code
*/
function _toHTML()
{
// all file upload controls must have the "upload" rule set or we trigger an error
if (!isset($this->rules['upload'])) {
_myzebra_form_show_error('The control named <strong>"' . $this->attributes['name'] . '"</strong> in form <strong>"' . $this->form_properties['name'] . '"</strong> must have the <em>"upload"</em> rule set', E_USER_ERROR);
}
// show the file upload control
$output = '<input ' . $this->_render_attributes() . ($this->form_properties['doctype'] == 'xhtml' ? '/' : '') . '>';
if (isset($this->attributes['display_featured_html']) && !empty($this->attributes['display_featured_html'])) {
$output .= '<div class="myzebra-featured-container">';
$output .= $this->attributes['display_featured_html'];
$output .= '</div>';
}
// return the generated output
return $output;
}
