/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n * For text columns the format can be @b database that would return the original database value without any transformations * @return mixed Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; if ($columnName === 'lnk_description') { if (isset($this->dbColumns['lnk_description']) === false) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['lnk_description'])); } else { $value = $this->dbColumns['lnk_description']; } } else { $value = parent::getValue($columnName, $format); } if ($columnName === 'cat_name' && $format !== 'database') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } return $value; }
/** * Change the internal sequence of this category. It can be moved one place up or down * @param string $mode This could be @b UP or @b DOWN. */ public function moveSequence($mode) { global $gCurrentOrganization; // count all categories that are organization independent because these categories should not // be mixed with the organization categories. Hidden categories are sidelined. $sql = 'SELECT COUNT(*) as count FROM ' . TBL_CATEGORIES . ' WHERE cat_type = \'' . $this->getValue('cat_type') . '\' AND cat_name_intern NOT LIKE \'CONFIRMATION_OF_PARTICIPATION\' AND cat_org_id IS NULL '; $countCategoriesStatement = $this->db->query($sql); $row = $countCategoriesStatement->fetch(); // die Kategorie wird um eine Nummer gesenkt und wird somit in der Liste weiter nach oben geschoben if (admStrToUpper($mode) === 'UP') { if ($this->getValue('cat_org_id') == 0 || $this->getValue('cat_sequence') > $row['count'] + 1) { $sql = 'UPDATE ' . TBL_CATEGORIES . ' SET cat_sequence = ' . $this->getValue('cat_sequence') . ' WHERE cat_type = \'' . $this->getValue('cat_type') . '\' AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . ' OR cat_org_id IS NULL ) AND cat_sequence = ' . $this->getValue('cat_sequence') . ' - 1 '; $this->db->query($sql); $this->setValue('cat_sequence', $this->getValue('cat_sequence') - 1); $this->save(); } } elseif (admStrToUpper($mode) === 'DOWN') { if ($this->getValue('cat_org_id') > 0 || $this->getValue('cat_sequence') < $row['count']) { $sql = 'UPDATE ' . TBL_CATEGORIES . ' SET cat_sequence = ' . $this->getValue('cat_sequence') . ' WHERE cat_type = \'' . $this->getValue('cat_type') . '\' AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . ' OR cat_org_id IS NULL ) AND cat_sequence = ' . $this->getValue('cat_sequence') . ' + 1 '; $this->db->query($sql); $this->setValue('cat_sequence', $this->getValue('cat_sequence') + 1); $this->save(); } } }
/** * Creates from a user defined condition a valid SQL condition * @param string $sourceCondition The user condition string * @param string $columnName The name of the database column for which the condition should be created * @param string $columnType The type of the column. Valid types are @b string, @b int, @b date and @b checkbox * @param string $fieldName The name of the profile field. This is used for error output to the end user * @return string Returns a valid SQL string with the condition for that column * @throws AdmException LST_NOT_VALID_DATE_FORMAT * LST_NOT_NUMERIC */ public function makeSqlStatement($sourceCondition, $columnName, $columnType, $fieldName) { $bStartCondition = true; // gibt an, dass eine neue Bedingung angefangen wurde $bNewCondition = true; // in Stringfeldern wird nach einem neuen Wort gesucht -> neue Bedingung $bStartOperand = false; // gibt an, ob bei num. oder Datumsfeldern schon <>= angegeben wurde $this->mOpenQuotes = false; // set to true if quotes for conditions are open $date = ''; // Variable speichert bei Datumsfeldern das gesamte Datum $operator = '='; // saves the actual operator, if no operator is set then = will be default $this->mDestCond = ''; if ($sourceCondition !== '' && $columnName !== '' && $columnType !== '') { $this->mSrcCond = $this->makeStandardCondition($sourceCondition); $this->mSrcCondArray = str_split($this->mSrcCond); // Bedingungen fuer das Feld immer mit UND starten if ($columnType === 'string') { $this->mDestCond = ' AND ( UPPER(' . $columnName . ') '; } elseif ($columnType === 'checkbox') { // Sonderfall !!! // bei einer Checkbox kann es nur 1 oder 0 geben und keine komplizierten Verknuepfungen if ($sourceCondition == 1) { $this->mDestCond = ' AND ' . $columnName . ' = 1 '; } else { $this->mDestCond = ' AND (' . $columnName . ' IS NULL OR ' . $columnName . ' = 0) '; } return $this->mDestCond; } else { $this->mDestCond = ' AND ( ' . $columnName . ' '; } // Zeichen fuer Zeichen aus dem Bedingungsstring wird hier verarbeitet for ($mCount = 0; $mCount < strlen($this->mSrcCond); $mCount++) { $character = $this->mSrcCondArray[$mCount]; if ($character === '&' || $character === '|') { if ($bNewCondition) { // neue Bedingung, also Verknuepfen if ($character === '&') { $this->mDestCond = $this->mDestCond . ' AND '; } elseif ($character === '|') { $this->mDestCond = $this->mDestCond . ' OR '; } // Feldname noch dahinter if ($columnType === 'string') { $this->mDestCond = $this->mDestCond . ' UPPER(' . $columnName . ') '; } else { $this->mDestCond = $this->mDestCond . ' ' . $columnName . ' '; } $bStartCondition = true; } } else { // Verleich der Werte wird hier verarbeitet if ($character === '=' || $character === '!' || $character === '_' || $character === '#' || $character === '{' || $character === '}' || $character === '[' || $character === ']') { // save actual operator for later use $operator = $character; if (!$bStartCondition) { $this->mDestCond = $this->mDestCond . ' AND ' . $columnName . ' '; $bStartCondition = true; } switch ($character) { case '=': if ($columnType === 'string') { $this->mDestCond = $this->mDestCond . ' LIKE '; } else { $this->mDestCond = $this->mDestCond . ' = '; } break; case '!': if ($columnType === 'string') { $this->mDestCond = $this->mDestCond . ' NOT LIKE '; } else { $this->mDestCond = $this->mDestCond . ' <> '; } break; case '_': $this->mDestCond = $this->mDestCond . ' IS NULL '; if ($this->mNotExistsSql !== '') { $this->mDestCond = $this->mDestCond . ' OR NOT EXISTS (' . $this->mNotExistsSql . ') '; } break; case '#': $this->mDestCond = $this->mDestCond . ' IS NOT NULL '; if ($this->mNotExistsSql !== '') { $this->mDestCond = $this->mDestCond . ' OR EXISTS (' . $this->mNotExistsSql . ') '; } break; case '{': // bastwe: invert condition on age search if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) { $this->mDestCond = $this->mDestCond . ' > '; } else { $this->mDestCond = $this->mDestCond . ' < '; } break; case '}': // bastwe: invert condition on age search if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) { $this->mDestCond = $this->mDestCond . ' < '; } else { $this->mDestCond = $this->mDestCond . ' > '; } break; case '[': // bastwe: invert condition on age search if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) { $this->mDestCond = $this->mDestCond . ' >= '; } else { $this->mDestCond = $this->mDestCond . ' <= '; } break; case ']': // bastwe: invert condition on age search if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) { $this->mDestCond = $this->mDestCond . ' <= '; } else { $this->mDestCond = $this->mDestCond . ' >= '; } break; default: $this->mDestCond = $this->mDestCond . $character; } if ($character !== '_' && $character !== '#') { // allways set quote marks for a value because some fields are a varchar in db // but should only filled with integer $this->mDestCond = $this->mDestCond . ' \''; $this->mOpenQuotes = true; $bStartOperand = true; } } else { // pruefen, ob ein neues Wort anfaengt if ($character === ' ' && !$bNewCondition) { // if date column than the date will be saved in $date. // This variable must then be parsed and changed in a valid database format if ($columnType === 'date' && $date !== '') { if ($this->getFormatDate($date, $operator) !== '') { $this->mDestCond = $this->mDestCond . $this->getFormatDate($date, $operator); } else { throw new AdmException('LST_NOT_VALID_DATE_FORMAT', $fieldName); } $date = ''; } if ($this->mOpenQuotes) { // allways set quote marks for a value because some fields are a varchar in db // but should only filled with integer $this->mDestCond = $this->mDestCond . '\' '; $this->mOpenQuotes = false; } $bNewCondition = true; } elseif ($character !== ' ') { // neues Suchwort, aber noch keine Bedingung if ($bNewCondition && !$bStartCondition) { if ($columnType === 'string') { $this->mDestCond = $this->mDestCond . ' AND UPPER(' . $columnName . ') '; } else { $this->mDestCond = $this->mDestCond . ' AND ' . $columnName . ' = '; } $this->mOpenQuotes = false; } elseif ($bNewCondition && !$bStartOperand) { // first condition of these column if ($columnType === 'string') { $this->mDestCond = $this->mDestCond . ' LIKE \''; } else { $this->mDestCond = $this->mDestCond . ' = \''; } $this->mOpenQuotes = true; } // Zeichen an Zielstring dranhaengen if ($columnType === 'date') { $date = $date . $character; } elseif ($columnType === 'int' && !is_numeric($character)) { // if numeric field than only numeric characters are allowed throw new AdmException('LST_NOT_NUMERIC', $fieldName); } else { $this->mDestCond = $this->mDestCond . $character; } $bNewCondition = false; $bStartCondition = false; } } } } // if date column than the date will be saved in $date. // This variable must then be parsed and changed in a valid database format if ($columnType === 'date' && $date !== '') { if ($this->getFormatDate($date, $operator) !== '') { $this->mDestCond = $this->mDestCond . $this->getFormatDate($date, $operator); } else { throw new AdmException('LST_NOT_VALID_DATE_FORMAT', $fieldName); } } if ($this->mOpenQuotes) { // allways set quote marks for a value because some fields are a varchar in db // but should only filled with integer $this->mDestCond = $this->mDestCond . '\' '; } $this->mDestCond = $this->mDestCond . ' ) '; } return $this->mDestCond; }
/** * Add a new selectbox with a label to the form. The selectbox get their data from table adm_categories. * You must define the category type (roles, dates, links ...). All categories of this type will be shown. * @param string $id Id of the selectbox. This will also be the name of the selectbox. * @param string $label The label of the selectbox. * @param object $database A Admidio database object that contains a valid connection to a database * @param string $categoryType Type of category ('DAT', 'LNK', 'ROL', 'USF') that should be shown * @param string $selectboxModus The selectbox could be shown in 2 different modus. * - @b EDIT_CATEGORIES : First entry will be "Please choose" and default category will be preselected. * - @b FILTER_CATEGORIES : First entry will be "All" and only categories with childs will be shown. * @param array $options (optional) An array with the following possible entries: * - @b property : With this param you can set the following properties: * + @b FIELD_DEFAULT : The field can accept an input. * + @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value. * + @b FIELD_DISABLED : The field will be disabled and could not accept an input. * - @b defaultValue : Id of category that should be selected per default. * - @b showSystemCategory : Show user defined and system categories * - @b helpTextIdLabel : A unique text id from the translation xml files that should be shown * e.g. SYS_ENTRY_MULTI_ORGA. If set a help icon will be shown after the control label where * the user can see the text if he hover over the icon. If you need an additional parameter * for the text you can add an array. The first entry must be the unique text id and the second * entry will be a parameter of the text id. * - @b helpTextIdInline : A unique text id from the translation xml files that should be shown * e.g. SYS_ENTRY_MULTI_ORGA. If set the complete text will be shown after the form element. * If you need an additional parameter for the text you can add an array. The first entry must * be the unique text id and the second entry will be a parameter of the text id. * - @b icon : An icon can be set. This will be placed in front of the label. * - @b class : An additional css classname. The class @b admSelectbox * is set as default and need not set with this parameter. */ public function addSelectBoxForCategories($id, $label, $database, $categoryType, $selectboxModus, $options = array()) { global $gCurrentOrganization, $gValidLogin, $gL10n; // create array with all options $optionsDefault = array('property' => FIELD_DEFAULT, 'defaultValue' => '', 'showContextDependentFirstEntry' => true, 'multiselect' => false, 'showSystemCategory' => true, 'helpTextIdLabel' => '', 'helpTextIdInline' => '', 'icon' => '', 'class' => ''); $optionsAll = array_replace($optionsDefault, $options); $sqlTables = TBL_CATEGORIES; $sqlCondidtions = ''; $categoriesArray = array(); // create sql conditions if category must have child elements if ($selectboxModus === 'FILTER_CATEGORIES') { $optionsAll['showContextDependentFirstEntry'] = false; switch ($categoryType) { case 'DAT': $sqlTables = TBL_CATEGORIES . ', ' . TBL_DATES; $sqlCondidtions = ' AND cat_id = dat_cat_id '; break; case 'LNK': $sqlTables = TBL_CATEGORIES . ', ' . TBL_LINKS; $sqlCondidtions = ' AND cat_id = lnk_cat_id '; break; case 'ROL': // don't show system categories $sqlTables = TBL_CATEGORIES . ', ' . TBL_ROLES; $sqlCondidtions = ' AND cat_id = rol_cat_id AND rol_visible = 1 '; break; case 'INF': $sqlTables = TBL_CATEGORIES . ', ' . TBL_INVENT_FIELDS; $sqlCondidtions = ' AND cat_id = inf_cat_id '; break; } } if ($optionsAll['showSystemCategory'] === false) { $sqlCondidtions .= ' AND cat_system = 0 '; } if (!$gValidLogin) { $sqlCondidtions .= ' AND cat_hidden = 0 '; } // the sql statement which returns all found categories $sql = 'SELECT DISTINCT cat_id, cat_name, cat_default, cat_sequence FROM ' . $sqlTables . ' WHERE ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . ' OR cat_org_id IS NULL ) AND cat_type = \'' . $categoryType . '\' ' . $sqlCondidtions . ' ORDER BY cat_sequence ASC '; $statement = $database->query($sql); $countCategories = $statement->rowCount(); // if only one category exists then select this if not in filter modus if ($countCategories === 1) { // in filter modus selectbox shouldn't be shown with one entry if ($selectboxModus === 'FILTER_CATEGORIES') { return null; } $row = $statement->fetch(); if ($optionsAll['defaultValue'] === null) { $optionsAll['defaultValue'] = $row['cat_id']; } // if text is a translation-id then translate it if (strpos($row['cat_name'], '_') === 3) { $categoriesArray[$row['cat_id']] = $gL10n->get(admStrToUpper($row['cat_name'])); } else { $categoriesArray[$row['cat_id']] = $row['cat_name']; } } elseif ($countCategories > 1) { if ($selectboxModus === 'FILTER_CATEGORIES') { $categoriesArray[0] = $gL10n->get('SYS_ALL'); } while ($row = $statement->fetch()) { // if text is a translation-id then translate it if (strpos($row['cat_name'], '_') === 3) { $categoriesArray[$row['cat_id']] = $gL10n->get(admStrToUpper($row['cat_name'])); } else { $categoriesArray[$row['cat_id']] = $row['cat_name']; } if ($row['cat_default'] === 1 && $optionsAll['defaultValue'] === null) { $optionsAll['defaultValue'] = $row['cat_id']; } } } // now call method to create selectbox from array $this->addSelectBox($id, $label, $categoriesArray, $optionsAll); }
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n * For text columns the format can be @b database that would return the original database value without any transformations * @return int|float|string|bool Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; $value = parent::getValue($columnName, $format); if ($columnName === 'cat_name' && $format !== 'database') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } return $value; }
/** * das Feld wird um eine Position in der Reihenfolge verschoben * @param string $mode */ public function moveSequence($mode) { // die Kategorie wird um eine Nummer gesenkt und wird somit in der Liste weiter nach oben geschoben if (admStrToUpper($mode) === 'UP') { $sql = 'UPDATE ' . TBL_INVENT_FIELDS . ' SET inf_sequence = ' . $this->getValue('inf_sequence') . ' WHERE inf_cat_id = ' . $this->getValue('inf_cat_id') . ' AND inf_sequence = ' . $this->getValue('inf_sequence') . ' - 1 '; $this->db->query($sql); $this->setValue('inf_sequence', $this->getValue('inf_sequence') - 1); $this->save(); } elseif (admStrToUpper($mode) === 'DOWN') { $sql = 'UPDATE ' . TBL_INVENT_FIELDS . ' SET inf_sequence = ' . $this->getValue('inf_sequence') . ' WHERE inf_cat_id = ' . $this->getValue('inf_cat_id') . ' AND inf_sequence = ' . $this->getValue('inf_sequence') . ' + 1 '; $this->db->query($sql); $this->setValue('inf_sequence', $this->getValue('inf_sequence') + 1); $this->save(); } }
/** Returns the value of the field in html format with consideration of all layout parameters * @param $fieldNameIntern Internal profile field name of the field that should be html formated * @param $value The value that should be formated must be commited so that layout is also possible for values that aren't stored in database * @param $value2 An optional parameter that is necessary for some special fields like email to commit the user id * @return Returns an html formated string that considered the profile field settings */ public function getHtmlValue($fieldNameIntern, $value, $value2 = '') { global $gPreferences, $g_root_path, $gL10n; if ($value !== '' && array_key_exists($fieldNameIntern, $this->mProfileFields) == true) { // create html for each field type $htmlValue = $value; if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') { if ($value == 1) { $htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox_checked.gif" alt="on" />'; } else { $htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />'; } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') { // the value in db is only the position, now search for the text if ($value !== '') { if ($gPreferences['enable_mail_module'] != 1) { $emailLink = 'mailto:' . $value; } else { // set value2 to user id because we need a second parameter in the link to mail module if ($value2 === '') { $value2 = $this->mUserId; } $emailLink = $g_root_path . '/adm_program/modules/messages/messages_write.php?usr_id=' . $value2; } if (strlen($value) > 30) { $htmlValue = '<a href="' . $emailLink . '" title="' . $value . '">' . substr($value, 0, 30) . '...</a>'; } else { $htmlValue = '<a href="' . $emailLink . '" style="overflow: visible; display: inline;" title="' . $value . '">' . $value . '</a>'; } } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DROPDOWN' || $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') { $arrListValuesWithKeys = array(); // array with list values and keys that represents the internal value // first replace windows new line with unix new line and then create an array $valueFormated = str_replace("\r\n", "\n", $this->mProfileFields[$fieldNameIntern]->getValue('usf_value_list', 'database')); $arrListValues = explode("\n", $valueFormated); foreach ($arrListValues as $key => &$listValue) { if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') { // if value is imagefile or imageurl then show image if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) { // if there is imagefile and text separated by | then explode them if (strpos($listValue, '|') > 0) { $listValueImage = substr($listValue, 0, strpos($listValue, '|')); $listValueText = substr($listValue, strpos($listValue, '|') + 1); } else { $listValueImage = $listValue; $listValueText = $this->getValue('usf_name'); } // if text is a translation-id then translate it if (strpos($listValueText, '_') == 3) { $listValueText = $gL10n->get(admStrToUpper($listValueText)); } try { // create html for optionbox entry if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) { $listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } elseif (admStrIsValidFileName($listValueImage, true)) { $listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } } catch (AdmException $e) { $e->showText(); } } } // if text is a translation-id then translate it if (strpos($listValue, '_') == 3) { $listValue = $gL10n->get(admStrToUpper($listValue)); } // save values in new array that starts with key = 1 $arrListValuesWithKeys[++$key] = $listValue; } $htmlValue = $arrListValuesWithKeys[$value]; } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') { if ($value !== '') { if (strlen($value) > 35) { $htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2, 35) . '...</a>'; } else { $htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2) . '</a>'; } } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'TEXT_BIG') { $htmlValue = nl2br($value); } // if field has url then create a link if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) { if ($fieldNameIntern == 'FACEBOOK' && is_numeric($value)) { // facebook has two different profile urls (id and facebook name), // we could only store one way in database (facebook name) and the other (id) is defined here :) $htmlValue = '<a href="http://www.facebook.com/profile.php?id=' . $value . '" target="_blank">' . $htmlValue . '</a>'; } else { $htmlValue = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $htmlValue . '</a>'; } // replace a variable in url with user value if (strpos($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'), '%user_content%') !== false) { $htmlValue = preg_replace('/%user_content%/', $value, $htmlValue); } } $value = $htmlValue; } else { // special case for type CHECKBOX and no value is there, then show unchecked checkbox if (array_key_exists($fieldNameIntern, $this->mProfileFields) == true && $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') { $value = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />'; // if field has url then create a link if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) { $value = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $value . '</a>'; } } } return $value; }
} elseif ($getMode === 10) { // den Gaestebucheintrag freischalten... $guestbook_comment->moderate(); // Freischalten erfolgreich -> Rueckgabe fuer XMLHttpRequest echo 'done'; } elseif ($getMode === 4 || $getMode === 8) { // Der Inhalt des Formulars wird nun in der Session gespeichert... $_SESSION['guestbook_comment_request'] = $_POST; // if login then fill name with login user if ($getMode === 4 && $gCurrentUser->getValue('usr_id') > 0) { $_POST['gbc_name'] = $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME'); } // Falls der User nicht eingeloggt ist, aber ein Captcha geschaltet ist, // muss natuerlich der Code ueberprueft werden if ($getMode === 4 && !$gValidLogin && $gPreferences['enable_guestbook_captcha'] == 1) { if (!isset($_SESSION['captchacode']) || admStrToUpper($_SESSION['captchacode']) != admStrToUpper($_POST['captcha'])) { if ($gPreferences['captcha_type'] === 'pic') { $gMessage->show($gL10n->get('SYS_CAPTCHA_CODE_INVALID')); } elseif ($gPreferences['captcha_type'] === 'calc') { $gMessage->show($gL10n->get('SYS_CAPTCHA_CALC_CODE_INVALID')); } } } // make html in description secure $_POST['gbc_text'] = admFuncVariableIsValid($_POST, 'gbc_text', 'html'); // POST Variablen in das Gaestebuchkommentarobjekt schreiben foreach ($_POST as $key => $value) { if (strpos($key, 'gbc_') === 0) { if (!$guestbook_comment->setValue($key, $value)) { // Daten wurden nicht uebernommen, Hinweis ausgeben if ($key === 'gbc_email') {
if ($gPreferences['enable_mail_module'] != 1) { $gMessage->show($gL10n->get('SYS_MODULE_DISABLED')); } // allow option to send a copy to your email address only for registered users because of spam abuse if ($gValidLogin) { $postCarbonCopy = admFuncVariableIsValid($_POST, 'carbon_copy', 'bool'); } else { $postCarbonCopy = 0; } // if Attachmentsize is higher than max_post_size from php.ini, then $_POST is empty. if (empty($_POST)) { $gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW')); } // Check Captcha if enabled and user logged out if (!$gValidLogin && $gPreferences['enable_mail_captcha'] == 1) { if (!isset($_SESSION['captchacode']) || admStrToUpper($_SESSION['captchacode']) !== admStrToUpper($postCaptcha)) { if ($gPreferences['captcha_type'] === 'pic') { $gMessage->show($gL10n->get('SYS_CAPTCHA_CODE_INVALID')); } elseif ($gPreferences['captcha_type'] === 'calc') { $gMessage->show($gL10n->get('SYS_CAPTCHA_CALC_CODE_INVALID')); } } } } // Stop if pm should be send pm module is disabled if ($gPreferences['enable_pm_module'] != 1 && $getMsgType === 'PM') { $gMessage->show($gL10n->get('SYS_MODULE_DISABLED')); } // if user is logged in then show sender name and email if ($gCurrentUser->getValue('usr_id') > 0) { $postName = $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME');
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For date or timestamp columns the format should be * the date/time format e.g. @b d.m.Y = '02.04.2011'. @n * For text columns the format can be @b database that would return * the original database value without any transformations * @return mixed Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; if ($columnName === 'dat_end' && $this->dbColumns['dat_all_day'] == 1) { if ($format === '') { $format = 'Y-m-d'; } // bei ganztaegigen Terminen wird das Enddatum immer 1 Tag zurueckgesetzt list($year, $month, $day, $hour, $minute, $second) = preg_split('/[- :]/', $this->dbColumns['dat_end']); $value = date($format, mktime($hour, $minute, $second, $month, $day, $year) - 86400); } elseif ($columnName === 'dat_description') { if (!isset($this->dbColumns['dat_description'])) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['dat_description']), ENT_QUOTES, 'UTF-8'); } else { $value = $this->dbColumns['dat_description']; } } else { $value = parent::getValue($columnName, $format); } if ($format !== 'database') { if ($columnName === 'dat_country' && $value !== '') { // beim Land die sprachabhaengige Bezeichnung auslesen $value = $gL10n->getCountryByCode($value); } elseif ($columnName === 'cat_name') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } } return $value; }
public static function generateRoleSelectBox($defaultRole = 0, $fieldId = '', $showMode = 0, $visitors = 0) { global $gCurrentUser, $gCurrentOrganization, $gDb, $gL10n; if ($fieldId === '') { $fieldId = 'rol_id'; } // SQL-Statement entsprechend dem Modus zusammensetzen $condition = ''; $active_roles = 1; if ($showMode === 1 && $gCurrentUser->manageRoles() === false) { // keine Rollen mit Rollenzuordnungsrecht anzeigen $condition .= ' AND rol_assign_roles = 0 '; } elseif ($showMode === 1 && $gCurrentUser->isWebmaster() === false) { // Webmasterrolle nicht anzeigen $condition .= ' AND rol_webmaster = 0 '; } elseif ($showMode === 2) { $active_roles = 0; } $sql = 'SELECT * FROM ' . TBL_ROLES . ', ' . TBL_CATEGORIES . ' WHERE rol_valid = ' . $active_roles . ' AND rol_visible = 1 AND rol_cat_id = cat_id AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . ' OR cat_org_id IS NULL ) ' . $condition . ' ORDER BY cat_sequence, rol_name'; $result_lst = $gDb->query($sql); // Selectbox mit allen selektierten Rollen zusammensetzen $act_category = ''; $selectBoxHtml = ' <select class="form-control" size="1" id="' . $fieldId . '" name="' . $fieldId . '"><option value="0" '; if ($defaultRole === 0) { $selectBoxHtml .= ' selected="selected" '; } $selectBoxHtml .= '>- ' . $gL10n->get('SYS_PLEASE_CHOOSE') . ' -</option>'; if ($visitors === 1) { $selectBoxHtml .= '<option value="-1" '; if ($defaultRole === -1) { $selectBoxHtml .= ' selected="selected" '; } $selectBoxHtml .= '>' . $gL10n->get('SYS_ALL') . ' (' . $gL10n->get('SYS_ALSO_VISITORS') . ')</option>'; } while ($row = $gDb->fetch_array($result_lst)) { if ($gCurrentUser->hasRightViewRole($row['rol_id'])) { // if text is a translation-id then translate it if (strpos($row['cat_name'], '_') === 3) { $row['cat_name'] = $gL10n->get(admStrToUpper($row['cat_name'])); } // if new category then show label with category name if ($act_category !== $row['cat_name']) { if ($act_category !== '') { $selectBoxHtml .= '</optgroup>'; } $selectBoxHtml .= '<optgroup label="' . $row['cat_name'] . '">'; $act_category = $row['cat_name']; } // wurde eine Rollen-Id uebergeben, dann Combobox mit dieser vorbelegen $selected = ''; if ($row['rol_id'] === $defaultRole) { $selected = ' selected="selected" '; } $selectBoxHtml .= '<option ' . $selected . ' value="' . $row['rol_id'] . '">' . $row['rol_name'] . '</option>'; } } $selectBoxHtml .= '</optgroup></select>'; return $selectBoxHtml; }
/** * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no * value was set then the parameter will be initialized. The function can be used with every array and their elements. * You can set several flags (like required value, datatype …) that should be checked. * * @param array $array The array with the element that should be checked * @param string $variableName Name of the array element that should be checked * @param string $datatype The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that * is expected and which will be checked. * Datatype @b date expects a date that has the Admidio default format from the * preferences or the english date format @b Y-m-d * @param array $options An array with the following possible entries: * @b defaultValue: A value that will be set if the variable has no value * @b requireValue: If set to @b true than a value is required otherwise the function * returns an error * @b validValues: An array with all values that the variable could have. If another * value is found than the function returns an error * @b directOutput: If set to @b true the function returns only the error string, if set * to false a html message with the error will be returned * @return mixed|null Returns the value of the element or the error message if a test failed * * @par Examples * @code // numeric value that would get a default value 0 if not set * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0)); * * // string that will be initialized with text of id DAT_DATES * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES'))); * * // string initialized with actual and the only allowed values are actual and old * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode */ function admFuncVariableIsValid($array, $variableName, $datatype, $options = array()) { global $gL10n, $gMessage, $gPreferences; // create array with all options $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null); $optionsAll = array_replace($optionsDefault, $options); $errorMessage = ''; $datatype = admStrToLower($datatype); // set default value for each datatype if no value is given and no value was required if (!isset($array[$variableName]) || $array[$variableName] === '') { if ($optionsAll['requireValue']) { // if value is required an no value is given then show error $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } elseif ($optionsAll['defaultValue'] !== null) { // if a default value was set then take this value $array[$variableName] = $optionsAll['defaultValue']; } else { // no value set then initialize the parameter if ($datatype === 'boolean' || $datatype === 'numeric') { $array[$variableName] = 0; } elseif ($datatype === 'string' || $datatype === 'html') { $array[$variableName] = ''; } elseif ($datatype === 'date') { $array[$variableName] = ''; } return $array[$variableName]; } } if ($datatype === 'boolean') { // boolean type must be 0 or 1 otherwise throw error // do not check with in_array because this function don't work properly if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } elseif ($optionsAll['validValues'] !== null) { // check if parameter has a valid value // do a strict check with in_array because the function don't work properly if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } switch ($datatype) { case 'file': try { admStrIsValidFileName($array[$variableName]); } catch (AdmException $e) { $errorMessage = $e->getText(); } break; case 'date': // check if date is a valid Admidio date format $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]); if (!$objAdmidioDate) { // check if date has english format $objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]); if (!$objEnglishDate) { $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName); } } break; case 'numeric': // numeric datatype should only contain numbers if (!is_numeric($array[$variableName])) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } break; case 'string': $array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8')); break; case 'html': // check html string vor invalid tags and scripts $array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1)); break; } // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben if ($errorMessage === '') { return $array[$variableName]; } else { if (isset($gMessage)) { if ($optionsAll['directOutput']) { $gMessage->showTextOnly(true); } $gMessage->show($errorMessage); } else { echo $errorMessage; exit; } } return null; }
/** * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no * value was set then the parameter will be initialized. The function can be used with every array and their elements. * You can set several flags (like required value, datatype …) that should be checked. * * @param array $array The array with the element that should be checked * @param string $variableName Name of the array element that should be checked * @param string $datatype The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html, * @b date or @b file that is expected and which will be checked. * Datatype @b date expects a date that has the Admidio default format from the * preferences or the english date format @b Y-m-d * @param array $options (optional) An array with the following possible entries: * - @b defaultValue : A value that will be set if the variable has no value * - @b requireValue : If set to @b true than a value is required otherwise the function * returns an error * - @b validValues : An array with all values that the variable could have. If another * value is found than the function returns an error * - @b directOutput : If set to @b true the function returns only the error string, if set * to false a html message with the error will be returned * @return mixed|null Returns the value of the element or the error message if a test failed * * @par Examples * @code * // numeric value that would get a default value 0 if not set * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0)); * * // string that will be initialized with text of id DAT_DATES * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES'))); * * // string initialized with actual and the only allowed values are actual and old * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); * @endcode */ function admFuncVariableIsValid($array, $variableName, $datatype, $options = array()) { global $gL10n, $gMessage, $gPreferences; // create array with all options $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null); $optionsAll = array_replace($optionsDefault, $options); $errorMessage = ''; $datatype = admStrToLower($datatype); $value = null; // set default value for each datatype if no value is given and no value was required if (array_key_exists($variableName, $array) && $array[$variableName] !== '') { $value = $array[$variableName]; } else { if ($optionsAll['requireValue']) { // if value is required an no value is given then show error $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } elseif ($optionsAll['defaultValue'] !== null) { // if a default value was set then take this value $value = $optionsAll['defaultValue']; } else { // no value set then initialize the parameter if ($datatype === 'bool' || $datatype === 'boolean') { $value = false; } elseif ($datatype === 'numeric' || $datatype === 'int') { $value = 0; } elseif ($datatype === 'float') { $value = 0.0; } else { $value = ''; } return $value; } } if ($optionsAll['validValues'] !== null) { // check if parameter has a valid value // do a strict check with in_array because the function don't work properly if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } switch ($datatype) { case 'file': try { if ($value !== '') { admStrIsValidFileName($value); } } catch (AdmException $e) { $errorMessage = $e->getText(); } break; case 'date': // check if date is a valid Admidio date format $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value); if (!$objAdmidioDate) { // check if date has english format $objEnglishDate = DateTime::createFromFormat('Y-m-d', $value); if (!$objEnglishDate) { $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName); } } break; case 'bool': case 'boolean': $valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE); // Bug workaround PHP <5.4.8 // https://bugs.php.net/bug.php?id=49510 if ($valid === null && ($value === null || $value === false || $value === '')) { $valid = false; } if ($valid === null) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } $value = $valid; break; case 'int': case 'float': case 'numeric': // numeric datatype should only contain numbers if (!is_numeric($value)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } else { if ($datatype === 'int') { $value = filter_var($value, FILTER_VALIDATE_INT); } elseif ($datatype === 'float') { $value = filter_var($value, FILTER_VALIDATE_FLOAT); } else { // https://secure.php.net/manual/en/function.is-numeric.php#107326 $value = $value + 0; } } break; case 'string': $value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8')); break; case 'html': // check html string vor invalid tags and scripts $value = htmLawed(stripslashes($value), array('safe' => 1)); break; } // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben if ($errorMessage === '') { return $value; } else { if (isset($gMessage)) { if ($optionsAll['directOutput']) { $gMessage->showTextOnly(true); } $gMessage->show($errorMessage); } else { echo $errorMessage; exit; } } return null; }