/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n
* For text columns the format can be @b database that would return the original database value without any transformations
* @return mixed Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
if ($columnName === 'lnk_description') {
if (isset($this->dbColumns['lnk_description']) === false) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['lnk_description']));
} else {
$value = $this->dbColumns['lnk_description'];
}
} else {
$value = parent::getValue($columnName, $format);
}
if ($columnName === 'cat_name' && $format !== 'database') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
}
return $value;
}
/**
* Change the internal sequence of this category. It can be moved one place up or down
* @param string $mode This could be @b UP or @b DOWN.
*/
public function moveSequence($mode)
{
global $gCurrentOrganization;
// count all categories that are organization independent because these categories should not
// be mixed with the organization categories. Hidden categories are sidelined.
$sql = 'SELECT COUNT(*) as count
FROM ' . TBL_CATEGORIES . '
WHERE cat_type = \'' . $this->getValue('cat_type') . '\'
AND cat_name_intern NOT LIKE \'CONFIRMATION_OF_PARTICIPATION\'
AND cat_org_id IS NULL ';
$countCategoriesStatement = $this->db->query($sql);
$row = $countCategoriesStatement->fetch();
// die Kategorie wird um eine Nummer gesenkt und wird somit in der Liste weiter nach oben geschoben
if (admStrToUpper($mode) === 'UP') {
if ($this->getValue('cat_org_id') == 0 || $this->getValue('cat_sequence') > $row['count'] + 1) {
$sql = 'UPDATE ' . TBL_CATEGORIES . ' SET cat_sequence = ' . $this->getValue('cat_sequence') . '
WHERE cat_type = \'' . $this->getValue('cat_type') . '\'
AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . '
OR cat_org_id IS NULL )
AND cat_sequence = ' . $this->getValue('cat_sequence') . ' - 1 ';
$this->db->query($sql);
$this->setValue('cat_sequence', $this->getValue('cat_sequence') - 1);
$this->save();
}
} elseif (admStrToUpper($mode) === 'DOWN') {
if ($this->getValue('cat_org_id') > 0 || $this->getValue('cat_sequence') < $row['count']) {
$sql = 'UPDATE ' . TBL_CATEGORIES . ' SET cat_sequence = ' . $this->getValue('cat_sequence') . '
WHERE cat_type = \'' . $this->getValue('cat_type') . '\'
AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . '
OR cat_org_id IS NULL )
AND cat_sequence = ' . $this->getValue('cat_sequence') . ' + 1 ';
$this->db->query($sql);
$this->setValue('cat_sequence', $this->getValue('cat_sequence') + 1);
$this->save();
}
}
}
/**
* Creates from a user defined condition a valid SQL condition
* @param string $sourceCondition The user condition string
* @param string $columnName The name of the database column for which the condition should be created
* @param string $columnType The type of the column. Valid types are @b string, @b int, @b date and @b checkbox
* @param string $fieldName The name of the profile field. This is used for error output to the end user
* @return string Returns a valid SQL string with the condition for that column
* @throws AdmException LST_NOT_VALID_DATE_FORMAT
* LST_NOT_NUMERIC
*/
public function makeSqlStatement($sourceCondition, $columnName, $columnType, $fieldName)
{
$bStartCondition = true;
// gibt an, dass eine neue Bedingung angefangen wurde
$bNewCondition = true;
// in Stringfeldern wird nach einem neuen Wort gesucht -> neue Bedingung
$bStartOperand = false;
// gibt an, ob bei num. oder Datumsfeldern schon <>= angegeben wurde
$this->mOpenQuotes = false;
// set to true if quotes for conditions are open
$date = '';
// Variable speichert bei Datumsfeldern das gesamte Datum
$operator = '=';
// saves the actual operator, if no operator is set then = will be default
$this->mDestCond = '';
if ($sourceCondition !== '' && $columnName !== '' && $columnType !== '') {
$this->mSrcCond = $this->makeStandardCondition($sourceCondition);
$this->mSrcCondArray = str_split($this->mSrcCond);
// Bedingungen fuer das Feld immer mit UND starten
if ($columnType === 'string') {
$this->mDestCond = ' AND ( UPPER(' . $columnName . ') ';
} elseif ($columnType === 'checkbox') {
// Sonderfall !!!
// bei einer Checkbox kann es nur 1 oder 0 geben und keine komplizierten Verknuepfungen
if ($sourceCondition == 1) {
$this->mDestCond = ' AND ' . $columnName . ' = 1 ';
} else {
$this->mDestCond = ' AND (' . $columnName . ' IS NULL OR ' . $columnName . ' = 0) ';
}
return $this->mDestCond;
} else {
$this->mDestCond = ' AND ( ' . $columnName . ' ';
}
// Zeichen fuer Zeichen aus dem Bedingungsstring wird hier verarbeitet
for ($mCount = 0; $mCount < strlen($this->mSrcCond); $mCount++) {
$character = $this->mSrcCondArray[$mCount];
if ($character === '&' || $character === '|') {
if ($bNewCondition) {
// neue Bedingung, also Verknuepfen
if ($character === '&') {
$this->mDestCond = $this->mDestCond . ' AND ';
} elseif ($character === '|') {
$this->mDestCond = $this->mDestCond . ' OR ';
}
// Feldname noch dahinter
if ($columnType === 'string') {
$this->mDestCond = $this->mDestCond . ' UPPER(' . $columnName . ') ';
} else {
$this->mDestCond = $this->mDestCond . ' ' . $columnName . ' ';
}
$bStartCondition = true;
}
} else {
// Verleich der Werte wird hier verarbeitet
if ($character === '=' || $character === '!' || $character === '_' || $character === '#' || $character === '{' || $character === '}' || $character === '[' || $character === ']') {
// save actual operator for later use
$operator = $character;
if (!$bStartCondition) {
$this->mDestCond = $this->mDestCond . ' AND ' . $columnName . ' ';
$bStartCondition = true;
}
switch ($character) {
case '=':
if ($columnType === 'string') {
$this->mDestCond = $this->mDestCond . ' LIKE ';
} else {
$this->mDestCond = $this->mDestCond . ' = ';
}
break;
case '!':
if ($columnType === 'string') {
$this->mDestCond = $this->mDestCond . ' NOT LIKE ';
} else {
$this->mDestCond = $this->mDestCond . ' <> ';
}
break;
case '_':
$this->mDestCond = $this->mDestCond . ' IS NULL ';
if ($this->mNotExistsSql !== '') {
$this->mDestCond = $this->mDestCond . ' OR NOT EXISTS (' . $this->mNotExistsSql . ') ';
}
break;
case '#':
$this->mDestCond = $this->mDestCond . ' IS NOT NULL ';
if ($this->mNotExistsSql !== '') {
$this->mDestCond = $this->mDestCond . ' OR EXISTS (' . $this->mNotExistsSql . ') ';
}
break;
case '{':
// bastwe: invert condition on age search
if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) {
$this->mDestCond = $this->mDestCond . ' > ';
} else {
$this->mDestCond = $this->mDestCond . ' < ';
}
break;
case '}':
// bastwe: invert condition on age search
if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) {
$this->mDestCond = $this->mDestCond . ' < ';
} else {
$this->mDestCond = $this->mDestCond . ' > ';
}
break;
case '[':
// bastwe: invert condition on age search
if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) {
$this->mDestCond = $this->mDestCond . ' >= ';
} else {
$this->mDestCond = $this->mDestCond . ' <= ';
}
break;
case ']':
// bastwe: invert condition on age search
if ($columnType === 'date' && (strstr(admStrToUpper($sourceCondition), 'J') !== false || strstr(admStrToUpper($sourceCondition), 'Y') !== false)) {
$this->mDestCond = $this->mDestCond . ' <= ';
} else {
$this->mDestCond = $this->mDestCond . ' >= ';
}
break;
default:
$this->mDestCond = $this->mDestCond . $character;
}
if ($character !== '_' && $character !== '#') {
// allways set quote marks for a value because some fields are a varchar in db
// but should only filled with integer
$this->mDestCond = $this->mDestCond . ' \'';
$this->mOpenQuotes = true;
$bStartOperand = true;
}
} else {
// pruefen, ob ein neues Wort anfaengt
if ($character === ' ' && !$bNewCondition) {
// if date column than the date will be saved in $date.
// This variable must then be parsed and changed in a valid database format
if ($columnType === 'date' && $date !== '') {
if ($this->getFormatDate($date, $operator) !== '') {
$this->mDestCond = $this->mDestCond . $this->getFormatDate($date, $operator);
} else {
throw new AdmException('LST_NOT_VALID_DATE_FORMAT', $fieldName);
}
$date = '';
}
if ($this->mOpenQuotes) {
// allways set quote marks for a value because some fields are a varchar in db
// but should only filled with integer
$this->mDestCond = $this->mDestCond . '\' ';
$this->mOpenQuotes = false;
}
$bNewCondition = true;
} elseif ($character !== ' ') {
// neues Suchwort, aber noch keine Bedingung
if ($bNewCondition && !$bStartCondition) {
if ($columnType === 'string') {
$this->mDestCond = $this->mDestCond . ' AND UPPER(' . $columnName . ') ';
} else {
$this->mDestCond = $this->mDestCond . ' AND ' . $columnName . ' = ';
}
$this->mOpenQuotes = false;
} elseif ($bNewCondition && !$bStartOperand) {
// first condition of these column
if ($columnType === 'string') {
$this->mDestCond = $this->mDestCond . ' LIKE \'';
} else {
$this->mDestCond = $this->mDestCond . ' = \'';
}
$this->mOpenQuotes = true;
}
// Zeichen an Zielstring dranhaengen
if ($columnType === 'date') {
$date = $date . $character;
} elseif ($columnType === 'int' && !is_numeric($character)) {
// if numeric field than only numeric characters are allowed
throw new AdmException('LST_NOT_NUMERIC', $fieldName);
} else {
$this->mDestCond = $this->mDestCond . $character;
}
$bNewCondition = false;
$bStartCondition = false;
}
}
}
}
// if date column than the date will be saved in $date.
// This variable must then be parsed and changed in a valid database format
if ($columnType === 'date' && $date !== '') {
if ($this->getFormatDate($date, $operator) !== '') {
$this->mDestCond = $this->mDestCond . $this->getFormatDate($date, $operator);
} else {
throw new AdmException('LST_NOT_VALID_DATE_FORMAT', $fieldName);
}
}
if ($this->mOpenQuotes) {
// allways set quote marks for a value because some fields are a varchar in db
// but should only filled with integer
$this->mDestCond = $this->mDestCond . '\' ';
}
$this->mDestCond = $this->mDestCond . ' ) ';
}
return $this->mDestCond;
}
/**
* Add a new selectbox with a label to the form. The selectbox get their data from table adm_categories.
* You must define the category type (roles, dates, links ...). All categories of this type will be shown.
* @param string $id Id of the selectbox. This will also be the name of the selectbox.
* @param string $label The label of the selectbox.
* @param object $database A Admidio database object that contains a valid connection to a database
* @param string $categoryType Type of category ('DAT', 'LNK', 'ROL', 'USF') that should be shown
* @param string $selectboxModus The selectbox could be shown in 2 different modus.
* - @b EDIT_CATEGORIES : First entry will be "Please choose" and default category will be preselected.
* - @b FILTER_CATEGORIES : First entry will be "All" and only categories with childs will be shown.
* @param array $options (optional) An array with the following possible entries:
* - @b property : With this param you can set the following properties:
* + @b FIELD_DEFAULT : The field can accept an input.
* + @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value.
* + @b FIELD_DISABLED : The field will be disabled and could not accept an input.
* - @b defaultValue : Id of category that should be selected per default.
* - @b showSystemCategory : Show user defined and system categories
* - @b helpTextIdLabel : A unique text id from the translation xml files that should be shown
* e.g. SYS_ENTRY_MULTI_ORGA. If set a help icon will be shown after the control label where
* the user can see the text if he hover over the icon. If you need an additional parameter
* for the text you can add an array. The first entry must be the unique text id and the second
* entry will be a parameter of the text id.
* - @b helpTextIdInline : A unique text id from the translation xml files that should be shown
* e.g. SYS_ENTRY_MULTI_ORGA. If set the complete text will be shown after the form element.
* If you need an additional parameter for the text you can add an array. The first entry must
* be the unique text id and the second entry will be a parameter of the text id.
* - @b icon : An icon can be set. This will be placed in front of the label.
* - @b class : An additional css classname. The class @b admSelectbox
* is set as default and need not set with this parameter.
*/
public function addSelectBoxForCategories($id, $label, $database, $categoryType, $selectboxModus, $options = array())
{
global $gCurrentOrganization, $gValidLogin, $gL10n;
// create array with all options
$optionsDefault = array('property' => FIELD_DEFAULT, 'defaultValue' => '', 'showContextDependentFirstEntry' => true, 'multiselect' => false, 'showSystemCategory' => true, 'helpTextIdLabel' => '', 'helpTextIdInline' => '', 'icon' => '', 'class' => '');
$optionsAll = array_replace($optionsDefault, $options);
$sqlTables = TBL_CATEGORIES;
$sqlCondidtions = '';
$categoriesArray = array();
// create sql conditions if category must have child elements
if ($selectboxModus === 'FILTER_CATEGORIES') {
$optionsAll['showContextDependentFirstEntry'] = false;
switch ($categoryType) {
case 'DAT':
$sqlTables = TBL_CATEGORIES . ', ' . TBL_DATES;
$sqlCondidtions = ' AND cat_id = dat_cat_id ';
break;
case 'LNK':
$sqlTables = TBL_CATEGORIES . ', ' . TBL_LINKS;
$sqlCondidtions = ' AND cat_id = lnk_cat_id ';
break;
case 'ROL':
// don't show system categories
$sqlTables = TBL_CATEGORIES . ', ' . TBL_ROLES;
$sqlCondidtions = ' AND cat_id = rol_cat_id
AND rol_visible = 1 ';
break;
case 'INF':
$sqlTables = TBL_CATEGORIES . ', ' . TBL_INVENT_FIELDS;
$sqlCondidtions = ' AND cat_id = inf_cat_id ';
break;
}
}
if ($optionsAll['showSystemCategory'] === false) {
$sqlCondidtions .= ' AND cat_system = 0 ';
}
if (!$gValidLogin) {
$sqlCondidtions .= ' AND cat_hidden = 0 ';
}
// the sql statement which returns all found categories
$sql = 'SELECT DISTINCT cat_id, cat_name, cat_default, cat_sequence
FROM ' . $sqlTables . '
WHERE ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . '
OR cat_org_id IS NULL )
AND cat_type = \'' . $categoryType . '\'
' . $sqlCondidtions . '
ORDER BY cat_sequence ASC ';
$statement = $database->query($sql);
$countCategories = $statement->rowCount();
// if only one category exists then select this if not in filter modus
if ($countCategories === 1) {
// in filter modus selectbox shouldn't be shown with one entry
if ($selectboxModus === 'FILTER_CATEGORIES') {
return null;
}
$row = $statement->fetch();
if ($optionsAll['defaultValue'] === null) {
$optionsAll['defaultValue'] = $row['cat_id'];
}
// if text is a translation-id then translate it
if (strpos($row['cat_name'], '_') === 3) {
$categoriesArray[$row['cat_id']] = $gL10n->get(admStrToUpper($row['cat_name']));
} else {
$categoriesArray[$row['cat_id']] = $row['cat_name'];
}
} elseif ($countCategories > 1) {
if ($selectboxModus === 'FILTER_CATEGORIES') {
$categoriesArray[0] = $gL10n->get('SYS_ALL');
}
while ($row = $statement->fetch()) {
// if text is a translation-id then translate it
if (strpos($row['cat_name'], '_') === 3) {
$categoriesArray[$row['cat_id']] = $gL10n->get(admStrToUpper($row['cat_name']));
} else {
$categoriesArray[$row['cat_id']] = $row['cat_name'];
}
if ($row['cat_default'] === 1 && $optionsAll['defaultValue'] === null) {
$optionsAll['defaultValue'] = $row['cat_id'];
}
}
}
// now call method to create selectbox from array
$this->addSelectBox($id, $label, $categoriesArray, $optionsAll);
}
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n
* For text columns the format can be @b database that would return the original database value without any transformations
* @return int|float|string|bool Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
$value = parent::getValue($columnName, $format);
if ($columnName === 'cat_name' && $format !== 'database') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
}
return $value;
}
/**
* das Feld wird um eine Position in der Reihenfolge verschoben
* @param string $mode
*/
public function moveSequence($mode)
{
// die Kategorie wird um eine Nummer gesenkt und wird somit in der Liste weiter nach oben geschoben
if (admStrToUpper($mode) === 'UP') {
$sql = 'UPDATE ' . TBL_INVENT_FIELDS . ' SET inf_sequence = ' . $this->getValue('inf_sequence') . '
WHERE inf_cat_id = ' . $this->getValue('inf_cat_id') . '
AND inf_sequence = ' . $this->getValue('inf_sequence') . ' - 1 ';
$this->db->query($sql);
$this->setValue('inf_sequence', $this->getValue('inf_sequence') - 1);
$this->save();
} elseif (admStrToUpper($mode) === 'DOWN') {
$sql = 'UPDATE ' . TBL_INVENT_FIELDS . ' SET inf_sequence = ' . $this->getValue('inf_sequence') . '
WHERE inf_cat_id = ' . $this->getValue('inf_cat_id') . '
AND inf_sequence = ' . $this->getValue('inf_sequence') . ' + 1 ';
$this->db->query($sql);
$this->setValue('inf_sequence', $this->getValue('inf_sequence') + 1);
$this->save();
}
}
/** Returns the value of the field in html format with consideration of all layout parameters
* @param $fieldNameIntern Internal profile field name of the field that should be html formated
* @param $value The value that should be formated must be commited so that layout is also possible for values that aren't stored in database
* @param $value2 An optional parameter that is necessary for some special fields like email to commit the user id
* @return Returns an html formated string that considered the profile field settings
*/
public function getHtmlValue($fieldNameIntern, $value, $value2 = '')
{
global $gPreferences, $g_root_path, $gL10n;
if ($value !== '' && array_key_exists($fieldNameIntern, $this->mProfileFields) == true) {
// create html for each field type
$htmlValue = $value;
if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
if ($value == 1) {
$htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox_checked.gif" alt="on" />';
} else {
$htmlValue = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />';
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') {
// the value in db is only the position, now search for the text
if ($value !== '') {
if ($gPreferences['enable_mail_module'] != 1) {
$emailLink = 'mailto:' . $value;
} else {
// set value2 to user id because we need a second parameter in the link to mail module
if ($value2 === '') {
$value2 = $this->mUserId;
}
$emailLink = $g_root_path . '/adm_program/modules/messages/messages_write.php?usr_id=' . $value2;
}
if (strlen($value) > 30) {
$htmlValue = '<a href="' . $emailLink . '" title="' . $value . '">' . substr($value, 0, 30) . '...</a>';
} else {
$htmlValue = '<a href="' . $emailLink . '" style="overflow: visible; display: inline;" title="' . $value . '">' . $value . '</a>';
}
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DROPDOWN' || $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') {
$arrListValuesWithKeys = array();
// array with list values and keys that represents the internal value
// first replace windows new line with unix new line and then create an array
$valueFormated = str_replace("\r\n", "\n", $this->mProfileFields[$fieldNameIntern]->getValue('usf_value_list', 'database'));
$arrListValues = explode("\n", $valueFormated);
foreach ($arrListValues as $key => &$listValue) {
if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'RADIO_BUTTON') {
// if value is imagefile or imageurl then show image
if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
// if there is imagefile and text separated by | then explode them
if (strpos($listValue, '|') > 0) {
$listValueImage = substr($listValue, 0, strpos($listValue, '|'));
$listValueText = substr($listValue, strpos($listValue, '|') + 1);
} else {
$listValueImage = $listValue;
$listValueText = $this->getValue('usf_name');
}
// if text is a translation-id then translate it
if (strpos($listValueText, '_') == 3) {
$listValueText = $gL10n->get(admStrToUpper($listValueText));
}
try {
// create html for optionbox entry
if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
$listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
} elseif (admStrIsValidFileName($listValueImage, true)) {
$listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
}
} catch (AdmException $e) {
$e->showText();
}
}
}
// if text is a translation-id then translate it
if (strpos($listValue, '_') == 3) {
$listValue = $gL10n->get(admStrToUpper($listValue));
}
// save values in new array that starts with key = 1
$arrListValuesWithKeys[++$key] = $listValue;
}
$htmlValue = $arrListValuesWithKeys[$value];
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') {
if ($value !== '') {
if (strlen($value) > 35) {
$htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2, 35) . '...</a>';
} else {
$htmlValue = '<a href="' . $value . '" target="_blank" title="' . $value . '">' . substr($value, strpos($value, '//') + 2) . '</a>';
}
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'TEXT_BIG') {
$htmlValue = nl2br($value);
}
// if field has url then create a link
if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) {
if ($fieldNameIntern == 'FACEBOOK' && is_numeric($value)) {
// facebook has two different profile urls (id and facebook name),
// we could only store one way in database (facebook name) and the other (id) is defined here :)
$htmlValue = '<a href="http://www.facebook.com/profile.php?id=' . $value . '" target="_blank">' . $htmlValue . '</a>';
} else {
$htmlValue = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $htmlValue . '</a>';
}
// replace a variable in url with user value
if (strpos($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'), '%user_content%') !== false) {
$htmlValue = preg_replace('/%user_content%/', $value, $htmlValue);
}
}
$value = $htmlValue;
} else {
// special case for type CHECKBOX and no value is there, then show unchecked checkbox
if (array_key_exists($fieldNameIntern, $this->mProfileFields) == true && $this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
$value = '<img src="' . THEME_PATH . '/icons/checkbox.gif" alt="off" />';
// if field has url then create a link
if (strlen($this->mProfileFields[$fieldNameIntern]->getValue('usf_url'))) {
$value = '<a href="' . $this->mProfileFields[$fieldNameIntern]->getValue('usf_url') . '" target="_blank">' . $value . '</a>';
}
}
}
return $value;
}
} elseif ($getMode === 10) {
// den Gaestebucheintrag freischalten...
$guestbook_comment->moderate();
// Freischalten erfolgreich -> Rueckgabe fuer XMLHttpRequest
echo 'done';
} elseif ($getMode === 4 || $getMode === 8) {
// Der Inhalt des Formulars wird nun in der Session gespeichert...
$_SESSION['guestbook_comment_request'] = $_POST;
// if login then fill name with login user
if ($getMode === 4 && $gCurrentUser->getValue('usr_id') > 0) {
$_POST['gbc_name'] = $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME');
}
// Falls der User nicht eingeloggt ist, aber ein Captcha geschaltet ist,
// muss natuerlich der Code ueberprueft werden
if ($getMode === 4 && !$gValidLogin && $gPreferences['enable_guestbook_captcha'] == 1) {
if (!isset($_SESSION['captchacode']) || admStrToUpper($_SESSION['captchacode']) != admStrToUpper($_POST['captcha'])) {
if ($gPreferences['captcha_type'] === 'pic') {
$gMessage->show($gL10n->get('SYS_CAPTCHA_CODE_INVALID'));
} elseif ($gPreferences['captcha_type'] === 'calc') {
$gMessage->show($gL10n->get('SYS_CAPTCHA_CALC_CODE_INVALID'));
}
}
}
// make html in description secure
$_POST['gbc_text'] = admFuncVariableIsValid($_POST, 'gbc_text', 'html');
// POST Variablen in das Gaestebuchkommentarobjekt schreiben
foreach ($_POST as $key => $value) {
if (strpos($key, 'gbc_') === 0) {
if (!$guestbook_comment->setValue($key, $value)) {
// Daten wurden nicht uebernommen, Hinweis ausgeben
if ($key === 'gbc_email') {
if ($gPreferences['enable_mail_module'] != 1) {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
// allow option to send a copy to your email address only for registered users because of spam abuse
if ($gValidLogin) {
$postCarbonCopy = admFuncVariableIsValid($_POST, 'carbon_copy', 'bool');
} else {
$postCarbonCopy = 0;
}
// if Attachmentsize is higher than max_post_size from php.ini, then $_POST is empty.
if (empty($_POST)) {
$gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
}
// Check Captcha if enabled and user logged out
if (!$gValidLogin && $gPreferences['enable_mail_captcha'] == 1) {
if (!isset($_SESSION['captchacode']) || admStrToUpper($_SESSION['captchacode']) !== admStrToUpper($postCaptcha)) {
if ($gPreferences['captcha_type'] === 'pic') {
$gMessage->show($gL10n->get('SYS_CAPTCHA_CODE_INVALID'));
} elseif ($gPreferences['captcha_type'] === 'calc') {
$gMessage->show($gL10n->get('SYS_CAPTCHA_CALC_CODE_INVALID'));
}
}
}
}
// Stop if pm should be send pm module is disabled
if ($gPreferences['enable_pm_module'] != 1 && $getMsgType === 'PM') {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
// if user is logged in then show sender name and email
if ($gCurrentUser->getValue('usr_id') > 0) {
$postName = $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME');
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For date or timestamp columns the format should be
* the date/time format e.g. @b d.m.Y = '02.04.2011'. @n
* For text columns the format can be @b database that would return
* the original database value without any transformations
* @return mixed Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
if ($columnName === 'dat_end' && $this->dbColumns['dat_all_day'] == 1) {
if ($format === '') {
$format = 'Y-m-d';
}
// bei ganztaegigen Terminen wird das Enddatum immer 1 Tag zurueckgesetzt
list($year, $month, $day, $hour, $minute, $second) = preg_split('/[- :]/', $this->dbColumns['dat_end']);
$value = date($format, mktime($hour, $minute, $second, $month, $day, $year) - 86400);
} elseif ($columnName === 'dat_description') {
if (!isset($this->dbColumns['dat_description'])) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['dat_description']), ENT_QUOTES, 'UTF-8');
} else {
$value = $this->dbColumns['dat_description'];
}
} else {
$value = parent::getValue($columnName, $format);
}
if ($format !== 'database') {
if ($columnName === 'dat_country' && $value !== '') {
// beim Land die sprachabhaengige Bezeichnung auslesen
$value = $gL10n->getCountryByCode($value);
} elseif ($columnName === 'cat_name') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
}
}
return $value;
}
public static function generateRoleSelectBox($defaultRole = 0, $fieldId = '', $showMode = 0, $visitors = 0)
{
global $gCurrentUser, $gCurrentOrganization, $gDb, $gL10n;
if ($fieldId === '') {
$fieldId = 'rol_id';
}
// SQL-Statement entsprechend dem Modus zusammensetzen
$condition = '';
$active_roles = 1;
if ($showMode === 1 && $gCurrentUser->manageRoles() === false) {
// keine Rollen mit Rollenzuordnungsrecht anzeigen
$condition .= ' AND rol_assign_roles = 0 ';
} elseif ($showMode === 1 && $gCurrentUser->isWebmaster() === false) {
// Webmasterrolle nicht anzeigen
$condition .= ' AND rol_webmaster = 0 ';
} elseif ($showMode === 2) {
$active_roles = 0;
}
$sql = 'SELECT * FROM ' . TBL_ROLES . ', ' . TBL_CATEGORIES . '
WHERE rol_valid = ' . $active_roles . '
AND rol_visible = 1
AND rol_cat_id = cat_id
AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . '
OR cat_org_id IS NULL )
' . $condition . '
ORDER BY cat_sequence, rol_name';
$result_lst = $gDb->query($sql);
// Selectbox mit allen selektierten Rollen zusammensetzen
$act_category = '';
$selectBoxHtml = '
<select class="form-control" size="1" id="' . $fieldId . '" name="' . $fieldId . '"><option value="0" ';
if ($defaultRole === 0) {
$selectBoxHtml .= ' selected="selected" ';
}
$selectBoxHtml .= '>- ' . $gL10n->get('SYS_PLEASE_CHOOSE') . ' -</option>';
if ($visitors === 1) {
$selectBoxHtml .= '<option value="-1" ';
if ($defaultRole === -1) {
$selectBoxHtml .= ' selected="selected" ';
}
$selectBoxHtml .= '>' . $gL10n->get('SYS_ALL') . ' (' . $gL10n->get('SYS_ALSO_VISITORS') . ')</option>';
}
while ($row = $gDb->fetch_array($result_lst)) {
if ($gCurrentUser->hasRightViewRole($row['rol_id'])) {
// if text is a translation-id then translate it
if (strpos($row['cat_name'], '_') === 3) {
$row['cat_name'] = $gL10n->get(admStrToUpper($row['cat_name']));
}
// if new category then show label with category name
if ($act_category !== $row['cat_name']) {
if ($act_category !== '') {
$selectBoxHtml .= '</optgroup>';
}
$selectBoxHtml .= '<optgroup label="' . $row['cat_name'] . '">';
$act_category = $row['cat_name'];
}
// wurde eine Rollen-Id uebergeben, dann Combobox mit dieser vorbelegen
$selected = '';
if ($row['rol_id'] === $defaultRole) {
$selected = ' selected="selected" ';
}
$selectBoxHtml .= '<option ' . $selected . ' value="' . $row['rol_id'] . '">' . $row['rol_name'] . '</option>';
}
}
$selectBoxHtml .= '</optgroup></select>';
return $selectBoxHtml;
}
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that
* is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options An array with the following possible entries:
* @b defaultValue: A value that will be set if the variable has no value
* @b requireValue: If set to @b true than a value is required otherwise the function
* returns an error
* @b validValues: An array with all values that the variable could have. If another
* value is found than the function returns an error
* @b directOutput: If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
// set default value for each datatype if no value is given and no value was required
if (!isset($array[$variableName]) || $array[$variableName] === '') {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$array[$variableName] = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'boolean' || $datatype === 'numeric') {
$array[$variableName] = 0;
} elseif ($datatype === 'string' || $datatype === 'html') {
$array[$variableName] = '';
} elseif ($datatype === 'date') {
$array[$variableName] = '';
}
return $array[$variableName];
}
}
if ($datatype === 'boolean') {
// boolean type must be 0 or 1 otherwise throw error
// do not check with in_array because this function don't work properly
if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
} elseif ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
admStrIsValidFileName($array[$variableName]);
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($array[$variableName])) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
break;
case 'string':
$array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $array[$variableName];
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html,
* @b date or @b file that is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options (optional) An array with the following possible entries:
* - @b defaultValue : A value that will be set if the variable has no value
* - @b requireValue : If set to @b true than a value is required otherwise the function
* returns an error
* - @b validValues : An array with all values that the variable could have. If another
* value is found than the function returns an error
* - @b directOutput : If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code
* // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old')));
* @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
$value = null;
// set default value for each datatype if no value is given and no value was required
if (array_key_exists($variableName, $array) && $array[$variableName] !== '') {
$value = $array[$variableName];
} else {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$value = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'bool' || $datatype === 'boolean') {
$value = false;
} elseif ($datatype === 'numeric' || $datatype === 'int') {
$value = 0;
} elseif ($datatype === 'float') {
$value = 0.0;
} else {
$value = '';
}
return $value;
}
}
if ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
if ($value !== '') {
admStrIsValidFileName($value);
}
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $value);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'bool':
case 'boolean':
$valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
// Bug workaround PHP <5.4.8
// https://bugs.php.net/bug.php?id=49510
if ($valid === null && ($value === null || $value === false || $value === '')) {
$valid = false;
}
if ($valid === null) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
$value = $valid;
break;
case 'int':
case 'float':
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($value)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} else {
if ($datatype === 'int') {
$value = filter_var($value, FILTER_VALIDATE_INT);
} elseif ($datatype === 'float') {
$value = filter_var($value, FILTER_VALIDATE_FLOAT);
} else {
// https://secure.php.net/manual/en/function.is-numeric.php#107326
$value = $value + 0;
}
}
break;
case 'string':
$value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$value = htmLawed(stripslashes($value), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $value;
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
