function displayForm($formframe, $entry = "", $mainform = "", $done_dest = "", $button_text = "", $settings = "", $titleOverride = "", $overrideValue = "", $overrideMulti = "", $overrideSubMulti = "", $viewallforms = 0, $profileForm = 0, $printall = 0, $screen = null)
{
include_once XOOPS_ROOT_PATH . '/modules/formulize/include/functions.php';
include_once XOOPS_ROOT_PATH . '/modules/formulize/include/extract.php';
formulize_benchmark("Start of formDisplay.");
if ($titleOverride == "formElementsOnly") {
$titleOverride = "all";
$formElementsOnly = true;
}
if (!is_numeric($titleOverride) and $titleOverride != "" and $titleOverride != "all") {
// we can pass in a text title for the form, and that will cause the $titleOverride "all" behaviour to be invoked, and meanwhile we will use this title for the top of the form
$passedInTitle = $titleOverride;
$titleOverride = "all";
}
//syntax:
//displayform($formframe, $entry, $mainform)
//$formframe is the id of the form OR title of the form OR name of the framework. Can also be an array. If it is an array, then flag 'formframe' is the $formframe variable, and flag 'elements' is an array of all the elements that are to be displayed.
//the array option is intended for displaying only part of a form at a time
//$entry is the numeric entry to display in the form -- if $entry is the word 'proxy' then it is meant to force a new form entry when the form is a single-entry form that the user already may have an entry in
//$mainform is the starting form to use, if this is a framework (can be specified by form id or by handle)
//$done_dest is the URL to go to after the form has been submitted
//Steps:
//1. identify form or framework
//2. if framework, check for unified display options
//3. if entry specified, then get data for that entry
//4. drawform with data if necessary
global $xoopsDB, $xoopsUser, $myts;
global $sfidsDrawn;
if (!is_array($sfidsDrawn)) {
$sfidsDrawn = array();
}
$groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS);
$original_entry = $entry;
// flag used to tell whether the function was called with an actual entry specified, ie: we're supposed to be editing this entry, versus the entry being set by coming back form a sub_form or other situation.
$mid = getFormulizeModId();
$currentURL = getCurrentURL();
/* Alter currentURL if necessary.
* Display list of entries screen on-click of form buttons "Save and Leave" and "Leave Page".
*/
if (isset($_GET['sid'])) {
$curr_screen = xoops_getmodulehandler('screen', 'formulize')->get($_GET['sid']);
if ($curr_screen->getVar('type') == 'form') {
$currentURL = $_SERVER['PHP_SELF'] . "?fid=" . $curr_screen->form_id();
}
} elseif (isset($_GET['ve']) && isset($_GET['fid'])) {
$currentURL = $_SERVER['PHP_SELF'] . "?fid=" . $_GET['fid'];
}
// identify form or framework
$elements_allowed = "";
// if a screen object is passed in, select the elements for display based on the screen's settings
if ($screen and is_a($screen, "formulizeFormScreen")) {
$elements_allowed = $screen->getVar("formelements");
}
if (is_array($formframe)) {
$elements_allowed = $formframe['elements'];
$printViewPages = isset($formframe['pages']) ? $formframe['pages'] : "";
$printViewPageTitles = isset($formframe['pagetitles']) ? $formframe['pagetitles'] : "";
$formframetemp = $formframe['formframe'];
unset($formframe);
$formframe = $formframetemp;
}
list($fid, $frid) = getFormFramework($formframe, $mainform);
if ($_POST['deletesubsflag']) {
// if deletion of sub entries requested
foreach ($_POST as $k => $v) {
if (strstr($k, "delbox")) {
$subs_to_del[] = $v;
}
}
if (count($subs_to_del) > 0) {
deleteFormEntries($subs_to_del, intval($_POST['deletesubsflag']));
// deletesubsflag will be the sub form id
sendNotifications($_POST['deletesubsflag'], "delete_entry", $subs_to_del, $mid, $groups);
}
}
if ($_POST['parent_form']) {
// if we're coming back from a subform
$entry = $_POST['parent_entry'];
$fid = $_POST['parent_form'];
}
if ($_POST['go_back_form']) {
// we just received a subform submission
$entry = $_POST['sub_submitted'];
$fid = $_POST['sub_fid'];
$go_back['form'] = $_POST['go_back_form'];
$go_back['entry'] = $_POST['go_back_entry'];
}
// set $entry in the case of a form_submission where we were editing an entry (just in case that entry is not what is used to call this function in the first place -- ie: we're on a subform and the mainform has no entry specified, or we're clicking submit over again on a single-entry form where we started with no entry)
$entrykey = "entry" . $fid;
if ((!$entry or $entry == "proxy") and $_POST[$entrykey]) {
// $entrykey will only be set when *editing* an entry, not on new saves
$entry = $_POST[$entrykey];
}
// this is probably not necessary any more, due to architecture changes in Formulize 3
// formulize_newEntryIds is set when saving data
if (!$entry and isset($GLOBALS['formulize_newEntryIds'][$fid])) {
$entry = $GLOBALS['formulize_newEntryIds'][$fid][0];
}
$member_handler =& xoops_gethandler('member');
$gperm_handler =& xoops_gethandler('groupperm');
if ($profileForm === "new") {
// spoof the $groups array based on the settings for the regcode that has been validated by register.php
$reggroupsq = q("SELECT reg_codes_groups FROM " . XOOPS_DB_PREFIX . "_reg_codes WHERE reg_codes_code=\"" . $GLOBALS['regcode'] . "\"");
$groups = explode("&8(%\$", $reggroupsq[0]['reg_codes_groups']);
if ($groups[0] === "") {
unset($groups);
}
// if a code has no groups associated with it, then kill the null value that will be in position 0 in the groups array.
$groups[] = XOOPS_GROUP_USERS;
$groups[] = XOOPS_GROUP_ANONYMOUS;
}
$uid = $xoopsUser ? $xoopsUser->getVar('uid') : '0';
$single_result = getSingle($fid, $uid, $groups, $member_handler, $gperm_handler, $mid);
$single = $single_result['flag'];
// if we're looking at a single entry form with no entry specified and where the user has no entry of their own, or it's an anonymous user, then set the entry based on a cookie if one is present
// want to do this check here and override $entry prior to the security check since we don't like trusting cookies!
$cookie_entry = (isset($_COOKIE['entryid_' . $fid]) and !$entry and $single and ($single_result['entry'] == "" or intval($uid) === 0)) ? $_COOKIE['entryid_' . $fid] : "";
include_once XOOPS_ROOT_PATH . "/modules/formulize/class/data.php";
$data_handler = new formulizeDataHandler($fid);
if ($cookie_entry) {
// check to make sure the cookie_entry exists...
//$check_cookie_entry = q("SELECT id_req FROM " . $xoopsDB->prefix("formulize_form") . " WHERE id_req=" . intval($cookie_entry));
//if($check_cookie_entry[0]['id_req'] > 0) {
if ($data_handler->entryExists(intval($cookie_entry))) {
$entry = $cookie_entry;
} else {
$cookie_entry = "";
}
}
$owner = ($cookie_entry and $uid) ? $uid : getEntryOwner($entry, $fid);
// if we're pulling a cookie value and there is a valid UID in effect, then assume this user owns the entry, otherwise, figure out who does own the entry
$owner_groups = $data_handler->getEntryOwnerGroups($entry);
if ($single and !$entry and !$overrideMulti and $profileForm !== "new") {
// only adjust the active entry if we're not already looking at an entry, and there is no overrideMulti which can be used to display a new blank form even on a single entry form -- useful for when multiple anonymous users need to be able to enter information in a form that is "one per user" for registered users. -- the pressence of a cookie on the hard drive of a user will override other settings
$entry = $single_result['entry'];
$owner = getEntryOwner($entry, $fid);
unset($owner_groups);
//$owner_groups =& $member_handler->getGroupsByUser($owner, FALSE);
$owner_groups = $data_handler->getEntryOwnerGroups($entry);
}
if ($entry == "proxy") {
$entry = "";
}
// convert the proxy flag to the actual null value expected for new entry situations (do this after the single check!)
$editing = is_numeric($entry);
// will be true if there is an entry we're looking at already
if (!($scheck = security_check($fid, $entry, $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms and !$profileForm) {
print "<p>" . _NO_PERM . "</p>";
return;
}
// main security check passed, so let's initialize flags
$go_back['url'] = substr($done_dest, 0, 1) == "/" ? XOOPS_URL . $done_dest : $done_dest;
// set these arrays for the one form, and they are added to by the framework if it is in effect
$fids[0] = $fid;
if ($entry) {
$entries[$fid][0] = $entry;
} else {
$entries[$fid][0] = "";
}
if ($frid) {
$linkResults = checkForLinks($frid, $fids, $fid, $entries, $gperm_handler, $owner_groups, $mid, $member_handler, $owner, true);
// final true means only include entries from unified display linkages
unset($entries);
unset($fids);
$fids = $linkResults['fids'];
$entries = $linkResults['entries'];
$sub_fids = $linkResults['sub_fids'];
$sub_entries = $linkResults['sub_entries'];
}
// need to handle submission of entries
$formulize_mgr =& xoops_getmodulehandler('elements', 'formulize');
$info_received_msg = 0;
$info_continue = 0;
if ($entries[$fid][0]) {
$info_continue = 1;
}
$add_own_entry = $gperm_handler->checkRight("add_own_entry", $fid, $groups, $mid);
$add_proxy_entries = $gperm_handler->checkRight("add_proxy_entries", $fid, $groups, $mid);
if ($_POST['form_submitted'] and $profileForm !== "new" and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$info_received_msg = "1";
// flag for display of info received message
if (!isset($GLOBALS['formulize_readElementsWasRun'])) {
include_once XOOPS_ROOT_PATH . "/modules/formulize/include/readelements.php";
}
$temp_entries = $GLOBALS['formulize_allWrittenEntryIds'];
// set in readelements.php
if (!$formElementsOnly and ($single or $_POST['target_sub'] or $entries[$fid][0] and ($original_entry or $_POST[$entrykey] and !$_POST['back_from_sub']) or $overrideMulti or $_POST['go_back_form'] and $overrideSubMulti)) {
// if we just did a submission on a single form, or we just edited a multi, then assume the identity of the new entry. Can be overridden by values passed to this function, to force multi forms to redisplay the just-saved entry. Back_from_sub is used to override the override, when we're saving after returning from a multi-which is like editing an entry since entries are saved prior to going to a sub. -- Sept 4 2006: adding an entry in a subform forces us to stay on the same page too! -- Dec 21 2011: added check for !$formElementsOnly so that when we're getting just the elements in the form, we ignore any possible overriding, since that is an API driven situation where the called entry is the only one we want to display, period.
$entry = $temp_entries[$fid][0];
unset($entries);
foreach ($fids as $thisWrittenFid) {
$entries[$thisWrittenFid] = $temp_entries[$thisWrittenFid];
}
// also remove any fids that aren't part of the $temp_entries...added Oct 26 2011...checkforlinks now can return the mainform when we're on a sub! It's smarter, but displayForm (and possibly other places) were not built to assume it was that smart.
$writtenFids = array_keys($temp_entries);
$fids = array_intersect($fids, $writtenFids);
$owner = getEntryOwner($entry, $fid);
unset($owner_groups);
$owner_groups = $data_handler->getEntryOwnerGroups($entry);
//$owner_groups =& $member_handler->getGroupsByUser($owner, FALSE);
$info_continue = 1;
} elseif (!$_POST['target_sub']) {
// as long as the form was submitted and we're not going to a sub form, then display the info received message and carry on with a blank form
if (!$original_entry) {
// if we're on a multi-form where the display form function was called without an entry, then clear the entries and behave as if we're doing a new add
unset($entries);
unset($sub_entries);
$entries[$fid][0] = "";
$sub_entries[$sub_fids[0]][0] = "";
}
$info_continue = 2;
}
}
$sub_entries_synched = synchSubformBlankDefaults($fid, $entry);
foreach ($sub_entries_synched as $synched_sfid => $synched_ids) {
foreach ($synched_ids as $synched_id) {
$sub_entries[$synched_sfid][] = $synched_id;
}
}
if (count($sub_entries_synched) > 0) {
formulize_updateDerivedValues($entry, $fid, $frid);
}
// special use of $settings added August 2 2006 -- jwe -- break out of form if $settings so indicates
// used to allow saving of information when you don't want the form itself to reappear
if ($settings == "{RETURNAFTERSAVE}" and $_POST['form_submitted']) {
return "returning_after_save";
}
// need to add code here to switch some things around if we're on a subform for the first time (add)
// note: double nested sub forms will not work currently, since on the way back to the intermediate level, the go_back values will not be set correctly
// target_sub is only set when adding a sub entry, and adding sub entries is now down by the subform ui
//if($_POST['target_sub'] OR $_POST['goto_sfid']) {
if ($_POST['goto_sfid']) {
$info_continue = 0;
if ($_POST['goto_sfid']) {
$new_fid = $_POST['goto_sfid'];
} else {
$new_fid = $_POST['target_sub'];
}
$go_back['form'] = $fid;
$go_back['entry'] = $temp_entries[$fid][0];
unset($entries);
unset($fids);
unset($sub_fids);
unset($sub_entries);
$fid = $new_fid;
$fids[0] = $new_fid;
if ($_POST['target_sub']) {
// if we're adding a new entry
$entries[$new_fid][0] = "";
} else {
// if we're going to an existing entry
$entries[$new_fid][0] = $_POST['goto_sub'];
}
$entry = $entries[$new_fid][0];
$single_result = getSingle($fid, $uid, $groups, $member_handler, $gperm_handler, $mid);
$single = $single_result['flag'];
if ($single and !$entry) {
$entry = $single_result['entry'];
unset($entries);
$entries[$fid][0] = $entry;
}
unset($owner);
$owner = getEntryOwner($entries[$new_fid][0], $new_fid);
$editing = is_numeric($entry);
unset($owner_groups);
//$owner_groups =& $member_handler->getGroupsByUser($owner, FALSE);
$newFidData_handler = new formulizeDataHandler($new_fid);
$owner_groups = $newFidData_handler->getEntryOwnerGroups($entries[$new_fid][0]);
$info_received_msg = 0;
// never display this message when a subform is displayed the first time.
if ($entry) {
$info_continue = 1;
}
if (!($scheck = security_check($fid, $entries[$fid][0], $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms) {
print "<p>" . _NO_PERM . "</p>";
return;
}
}
// there are several points above where $entry is set, and now that we have a final value, store in ventry
if ($entry > 0 and (!isset($settings['ventry']) or "addnew" != $settings['ventry'])) {
$settings['ventry'] = $entry;
}
// set the alldoneoverride if necessary -- August 22 2006
$config_handler =& xoops_gethandler('config');
$formulizeConfig = $config_handler->getConfigsByCat(0, $mid);
// remove the all done button if the config option says 'no', and we're on a single-entry form, or the function was called to look at an existing entry, or we're on an overridden Multi-entry form
$allDoneOverride = (!$formulizeConfig['all_done_singles'] and !$profileForm and (($single or $overrideMulti or $original_entry) and !$_POST['target_sub'] and !$_POST['goto_sfid'] and !$_POST['deletesubsflag'] and !$_POST['parent_form'])) ? true : false;
if (($allDoneOverride or isset($_POST['save_and_leave']) and $_POST['save_and_leave']) and $_POST['form_submitted']) {
drawGoBackForm($go_back, $currentURL, $settings, $entry);
print "<script type=\"text/javascript\">window.document.go_parent.submit();</script>\n";
return;
} else {
// only do all this stuff below, the normal form displaying stuff, if we are not leaving this page now due to the all done button being overridden
// we cannot have the back logic above invoked when dealing with a subform, but if the override is supposed to be in place, then we need to invoke it
if (!$allDoneOverride and !$formulizeConfig['all_done_singles'] and !$profileForm and ($_POST['target_sub'] or $_POST['goto_sfid'] or $_POST['deletesubsflag'] or $_POST['parent_form']) and ($single or $original_entry or $overrideMulti)) {
$allDoneOverride = true;
}
/*if($uid==1) {
print "Forms: ";
print_r($fids);
print "<br>Entries: ";
print_r($entries);
print "<br>Subforms: ";
print_r($sub_fids);
print "<br>Subentries: ";
print_r($sub_entries); // debug block - ONLY VISIBLE TO USER 1 RIGHT NOW
} */
formulize_benchmark("Ready to start building form.");
$title = "";
foreach ($fids as $this_fid) {
if (!($scheck = security_check($this_fid, $entries[$this_fid][0], $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms) {
continue;
}
// if there is more than one form, try to make the 1-1 links
// and if we made any, then include the newly linked up entries
// in the index of entries that we're keeping track of
if (count($fids) > 1) {
list($form1s, $form2s, $form1EntryIds, $form2EntryIds) = formulize_makeOneToOneLinks($frid, $this_fid);
foreach ($form1EntryIds as $i => $form1EntryId) {
// $form1EntryId set above, now set other values for this iteration based on the key
$form2EntryId = $form2EntryIds[$i];
$form1 = $form1s[$i];
$form2 = $form2s[$i];
if ($form1EntryId) {
$entries[$form1][0] = $form1EntryId;
}
if ($form2EntryId) {
$entries[$form2][0] = $form2EntryId;
}
}
}
unset($prevEntry);
// if there is an entry, then get the data for that entry
if ($entries[$this_fid]) {
$groupEntryWithUpdateRights = ($single == "group" and $gperm_handler->checkRight("update_own_entry", $fid, $groups, $mid) and $entry == $single_result['entry']);
$prevEntry = getEntryValues($entries[$this_fid][0], $formulize_mgr, $groups, $this_fid, $elements_allowed, $mid, $uid, $owner, $groupEntryWithUpdateRights);
}
// display the form
//get the form title: (do only once)
$firstform = 0;
if (!$form) {
$firstform = 1;
$title = isset($passedInTitle) ? $passedInTitle : trans(getFormTitle($this_fid));
if ($screen) {
$title = trans($screen->getVar('title'));
}
unset($form);
if ($formElementsOnly) {
$form = new formulize_elementsOnlyForm($title, 'formulize', "{$currentURL}", "post", true);
} else {
// extended class that puts formulize element names into the tr tags for the table, so we can show/hide them as required
$form = new formulize_themeForm($title, 'formulize', "{$currentURL}", "post", true);
// necessary to trigger the proper reloading of the form page, until Done is called and that form does not have this flag.
if (!isset($settings['ventry'])) {
$settings['ventry'] = 'new';
}
$form->addElement(new XoopsFormHidden('ventry', $settings['ventry']));
}
$form->setExtra("enctype='multipart/form-data'");
// impératif!
if (is_array($settings)) {
$form = writeHiddenSettings($settings, $form);
}
// include who the entry belongs to and the date
// include acknowledgement that information has been updated if we have just done a submit
// form_meta includes: last_update, created, last_update_by, created_by
$breakHTML = "";
if (!$profileForm and $titleOverride != "all") {
// build the break HTML and then add the break to the form
if (!strstr($currentURL, "printview.php")) {
$breakHTML .= "<center class=\"no-print\">";
$breakHTML .= "<p><b>";
if ($info_received_msg) {
$breakHTML .= _formulize_INFO_SAVED . " ";
}
if ($info_continue == 1 and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$breakHTML .= "<p class=\"no-print\">" . _formulize_INFO_CONTINUE1 . "</p>";
} elseif ($info_continue == 2) {
$breakHTML .= "<p class=\"no-print\">" . _formulize_INFO_CONTINUE2 . "</p>";
} elseif (!$entry and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$breakHTML .= "<p class=\"no-print\">" . _formulize_INFO_MAKENEW . "</p>";
}
$breakHTML .= "</b></p>";
$breakHTML .= "</center>";
}
$breakHTML .= "<table cellpadding=5 width=100%><tr><td width=50% style=\"vertical-align: bottom;\">";
$breakHTML .= "<p><b>" . _formulize_FD_ABOUT . "</b><br>";
if ($entries[$this_fid][0]) {
$form_meta = getMetaData($entries[$this_fid][0], $member_handler, $this_fid);
$breakHTML .= _formulize_FD_CREATED . $form_meta['created_by'] . " " . formulize_formatDateTime($form_meta['created']) . "<br>" . _formulize_FD_MODIFIED . $form_meta['last_update_by'] . " " . formulize_formatDateTime($form_meta['last_update']) . "</p>";
} else {
$breakHTML .= _formulize_FD_NEWENTRY . "</p>";
}
$breakHTML .= "</td><td width=50% style=\"vertical-align: bottom;\">";
if (strstr($currentURL, "printview.php") or !formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$breakHTML .= "<p>";
} else {
// get save and button button options
$save_button_text = "";
$done_button_text = "";
if (is_array($button_text)) {
$save_button_text = $button_text[1];
$done_button_text = $button_text[0];
} else {
$done_button_text = $button_text;
}
if (!$done_button_text and !$allDoneOverride) {
$done_button_text = _formulize_INFO_DONE1 . _formulize_DONE . _formulize_INFO_DONE2;
} elseif ($done_button_text != "{NOBUTTON}" and !$allDoneOverride) {
$done_button_text = _formulize_INFO_DONE1 . $done_button_text . _formulize_INFO_DONE2;
// check to see if the user is allowed to modify the existing entry, and if they're not, then we have to draw in the all done button so they have a way of getting back where they're going
} elseif ($entry and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry) or !$entry) {
$done_button_text = "";
} else {
$done_button_text = _formulize_INFO_DONE1 . _formulize_DONE . _formulize_INFO_DONE2;
}
$nosave = false;
if (!$save_button_text and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$save_button_text = _formulize_INFO_SAVEBUTTON;
} elseif ($save_button_text != "{NOBUTTON}" and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$save_button_text = _formulize_INFO_SAVE1 . $save_button_text . _formulize_INFO_SAVE2;
} else {
$save_button_text = _formulize_INFO_NOSAVE;
$nosave = true;
}
$breakHTML .= "<p class='no-print'>" . $save_button_text;
if ($done_button_text) {
$breakHTML .= "<br>" . $done_button_text;
}
}
$breakHTML .= "</p></td></tr></table>";
$form->insertBreak($breakHTML, "even");
} elseif ($profileForm) {
// if we have a profile form, put the profile fields at the top of the form, populated based on the DB values from the _users table
$form = addProfileFields($form, $profileForm);
}
}
if ($titleOverride == "1" and !$firstform) {
// set onetooneTitle flag to 1 when function invoked to force drawing of the form title over again
$title = trans(getFormTitle($this_fid));
$form->insertBreak("<table><th>{$title}</th></table>", "");
}
// if this form has a parent, then determine the $parentLinks
if ($go_back['form'] and !$parentLinks[$this_fid]) {
$parentLinks[$this_fid] = getParentLinks($this_fid, $frid);
}
formulize_benchmark("Before Compile Elements.");
$form = compileElements($this_fid, $form, $formulize_mgr, $prevEntry, $entries[$this_fid][0], $go_back, $parentLinks[$this_fid], $owner_groups, $groups, $overrideValue, $elements_allowed, $profileForm, $frid, $mid, $sub_entries, $sub_fids, $member_handler, $gperm_handler, $title, $screen, $printViewPages, $printViewPageTitles);
formulize_benchmark("After Compile Elements.");
}
// end of for each fids
if (!is_object($form)) {
exit("Error: the form cannot be displayed. Does the current group have permission to access the form?");
}
// DRAW IN THE SPECIAL UI FOR A SUBFORM LINK (ONE TO MANY)
if (count($sub_fids) > 0) {
// if there are subforms, then draw them in...only once we have a bonafide entry in place already
// draw in special params for this form, but only once per page
global $formulize_subformHiddenFieldsDrawn;
if ($formulize_subformHiddenFieldsDrawn != true) {
$formulize_subformHiddenFieldsDrawn = true;
$form->addElement(new XoopsFormHidden('target_sub', ''));
$form->addElement(new XoopsFormHidden('target_sub_instance', ''));
$form->addElement(new XoopsFormHidden('numsubents', 1));
$form->addElement(new XoopsFormHidden('del_subs', ''));
$form->addElement(new XoopsFormHidden('goto_sub', ''));
$form->addElement(new XoopsFormHidden('goto_sfid', ''));
}
foreach ($sub_fids as $subform_id) {
// only draw in the subform UI if the subform hasn't been drawn in previously, courtesy of a subform element in the form.
// Subform elements are recommended since they provide 1. specific placement, 2. custom captions, 3. direct choice of form elements to include
if (in_array($subform_id, $sfidsDrawn) or $elements_allowed or !($scheck = security_check($subform_id, "", $uid, $owner, $groups, $mid, $gperm_handler)) and !$viewallforms) {
// no entry passed so this will simply check whether they have permission for the form or not
continue;
}
$subUICols = drawSubLinks($subform_id, $sub_entries, $uid, $groups, $frid, $mid, $fid, $entry);
unset($subLinkUI);
if (isset($subUICols['single'])) {
$form->insertBreak($subUICols['single'], "even");
} else {
$subLinkUI = new XoopsFormLabel($subUICols['c1'], $subUICols['c2']);
$form->addElement($subLinkUI);
}
}
}
// draw in proxy box if necessary (only if they have permission and only on new entries, not on edits)
if (!strstr($_SERVER['PHP_SELF'], "formulize/printview.php")) {
if ($gperm_handler->checkRight("add_proxy_entries", $fid, $groups, $mid) and !$entries[$fid][0]) {
$form = addOwnershipList($form, $groups, $member_handler, $gperm_handler, $fid, $mid);
} elseif ($entries[$fid][0] and $gperm_handler->checkRight("update_entry_ownership", $fid, $groups, $mid)) {
$form = addOwnershipList($form, $groups, $member_handler, $gperm_handler, $fid, $mid, $entries[$fid][0]);
}
}
// draw in the submitbutton if necessary
if (!$formElementsOnly and formulizePermHandler::user_can_edit_entry($fid, $uid, $entry)) {
$form = addSubmitButton($form, _formulize_SAVE, $go_back, $currentURL, $button_text, $settings, $temp_entries[$this_fid][0], $fids, $formframe, $mainform, $entry, $profileForm, $elements_allowed, $allDoneOverride, $printall, $screen);
}
if (!$formElementsOnly) {
// add flag to indicate that the form has been submitted
$form->addElement(new XoopsFormHidden('form_submitted', "1"));
if ($go_back['form']) {
// if this is set, then we're doing a subform, so put in a flag to prevent the parent from being drawn again on submission
$form->addElement(new XoopsFormHidden('sub_fid', $fid));
$form->addElement(new XoopsFormHidden('sub_submitted', $entries[$fid][0]));
$form->addElement(new XoopsFormHidden('go_back_form', $go_back['form']));
$form->addElement(new XoopsFormHidden('go_back_entry', $go_back['entry']));
} else {
// drawing a main form...put in the scroll position flag
$form->addElement(new XoopsFormHidden('yposition', 0));
}
// saving message
print "<div id=savingmessage style=\"display: none; position: absolute; width: 100%; right: 0px; text-align: center; padding-top: 50px;\">\n";
global $xoopsConfig;
if (file_exists(XOOPS_ROOT_PATH . "/modules/formulize/images/saving-" . $xoopsConfig['language'] . ".gif")) {
print "<img src=\"" . XOOPS_URL . "/modules/formulize/images/saving-" . $xoopsConfig['language'] . ".gif\">\n";
} else {
print "<img src=\"" . XOOPS_URL . "/modules/formulize/images/saving-english.gif\">\n";
}
print "</div>\n";
drawJavascript($nosave);
if (count($GLOBALS['formulize_renderedElementHasConditions']) > 0) {
drawJavascriptForConditionalElements($GLOBALS['formulize_renderedElementHasConditions'], $entries, $sub_entries);
}
print $form->addElement(new xoopsFormHidden('save_and_leave', 0));
// lastly, put in a hidden element, that will tell us what the first, primary form was that we were working with on this form submission
$form->addElement(new XoopsFormHidden('primaryfid', $fids[0]));
}
global $formulize_governingElements;
global $formulize_oneToOneElements;
global $formulize_oneToOneMetaData;
if (!is_array($formulize_governingElements)) {
$formulize_governingElements = array();
}
if (!is_array($formulize_oneToOneElements)) {
$oneToOneElements = array();
}
if (!is_array($oneToOneMetaData)) {
$oneToOneMetaData = array();
}
if (count($GLOBALS['formulize_renderedElementHasConditions']) > 0) {
$governingElements1 = compileGoverningElementsForConditionalElements($GLOBALS['formulize_renderedElementHasConditions'], $entries, $sub_entries);
foreach ($governingElements1 as $key => $value) {
$oneToOneElements[$key] = false;
}
$formulize_governingElements = mergeGoverningElements($formulize_governingElements, $governingElements1);
}
// add in any onetoone elements that we need to deal with at the same time (in case their joining key value changes on the fly)
if (count($fids) > 1) {
$i = 1;
while ($i <= count($fids)) {
$relationship_handler = xoops_getmodulehandler('frameworks', 'formulize');
$relationship = $relationship_handler->get($frid);
foreach ($relationship->getVar('links') as $thisLink) {
if ($thisLink->getVar('form1') == $fids[$i]) {
$keyElement = $thisLink->getVar('key2');
break;
} elseif ($thisLink->getVar('form2') == $fids[$i]) {
$keyElement = $thisLink->getVar('key1');
break;
}
}
// prepare to loop through elements for the rendered entry, or 'new', if there is no rendered entry
$entryToLoop = isset($entries[$fids[$i]][0]) ? $entries[$fids[$i]][0] : null;
if (!$entryToLoop and isset($GLOBALS['formulize_renderedElementsForForm'][$fids[$i]]['new'])) {
$entryToLoop = 'new';
}
foreach ($GLOBALS['formulize_renderedElementsForForm'][$fids[$i]][$entryToLoop] as $renderedMarkupName => $thisElement) {
$GLOBALS['formulize_renderedElementHasConditions'][$renderedMarkupName] = $thisElement;
$governingElements2 = _compileGoverningElements($entries, _getElementObject($keyElement), $renderedMarkupName);
foreach ($governingElements2 as $key => $value) {
$formulize_oneToOneElements[$key] = true;
$formulize_oneToOneMetaData[$key] = array('onetoonefrid' => $frid, 'onetoonefid' => $fid, 'onetooneentries' => urlencode(serialize($entries)), 'onetoonefids' => urlencode(serialize($fids)));
}
$formulize_governingElements = mergeGoverningElements($formulize_governingElements, $governingElements2);
}
$i++;
}
}
if (count($formulize_governingElements) > 0 and !$formElementsOnly) {
// render this once at the end of rendering the main form!
drawJavascriptForConditionalElements($GLOBALS['formulize_renderedElementHasConditions'], $formulize_governingElements, $formulize_oneToOneElements, $formulize_oneToOneMetaData);
}
$idForForm = $formElementsOnly ? "" : "id=\"formulizeform\"";
// when rendering disembodied forms, don't use the master id!
print "<div {$idForForm}>" . $form->render() . "</div><!-- end of formulizeform -->";
// note, security token is included in the form by the xoops themeform render method, that's why there's no explicity references to the token in the compiling/generation of the main form object
// floating save button
if ($printall != 2 and $formulizeConfig['floatSave'] and !strstr($currentURL, "printview.php") and !$formElementsOnly) {
print "<div id=floattest></div>";
if ($done_text != "{NOBUTTON}" or $save_text != "{NOBUTTON}") {
print "<div id=floatingsave>";
if ($subButtonText == _formulize_SAVE) {
if ($save_text) {
$subButtonText = $save_text;
}
if ($subButtonText != "{NOBUTTON}") {
print "<input type='button' name='submitx' id='submitx' class=floatingsavebuttons onclick=javascript:validateAndSubmit(); value='" . _formulize_SAVE . "' >";
print "<input type='button' name='submit_save_and_leave' id='submit_save_and_leave' class=floatingsavebuttons onclick=javascript:validateAndSubmit('leave'); value='" . _formulize_SAVE_AND_LEAVE . "' >";
}
}
if (($button_text != "{NOBUTTON}" and !$done_text or isset($done_text) and $done_text != "{NOBUTTON}") and !$allDoneOverride) {
if ($done_text) {
$button_text = $done_text_temp;
}
print "<input type='button' class=floatingsavebuttons onclick=javascript:verifyDone(); value='" . _formulize_DONE . "' >";
}
print "</div>";
}
}
// end floating save button
// if we're in Drupal, include the main XOOPS js file, so the calendar will work if present...
// assumption is that the calendar javascript has already been included by the datebox due to no
// $xoopsTpl being in effect in Drupal -- this assumption will fail if Drupal is displaying a pageworks
// page that uses the $xoopsTpl, for instance. (Date select box file itself checks for $xoopsTpl)
global $user;
static $includedXoopsJs = false;
if (is_object($user) and !$includedXoopsJs) {
print "<script type=\"text/javascript\" src=\"" . XOOPS_URL . "/include/xoops.js\"></script>\n";
$includedXoopsJs = true;
}
}
// end of if we're not going back to the prev page because of an all done button override
}
function displayElement($formframe = "", $ele, $entry = "new", $noSave = false, $screen = null, $prevEntry = null, $renderElement = true, $profileForm = null, $groups = "")
{
static $cachedPrevEntries = array();
static $lockedEntries = array();
// keep track of the entries we have determined are locked
global $entriesThatHaveBeenLockedThisPageLoad;
if (!is_array($entriesThatHaveBeenLockedThisPageLoad)) {
// which entries we have locked as part of this page load, so we don't waste time setting locks again on entries we've already locked, and so we can ignore locks that were set by ourselves!
$entriesThatHaveBeenLockedThisPageLoad = array();
}
$subformCreateEntry = strstr($entry, "subformCreateEntry") ? true : false;
// check for this special flag, which is mostly like a "new" situation, except for the deh hidden flag that gets passed back, since we don't want the standard readelements logic to pickup these elements!
if ($subformCreateEntry) {
$subformMetaData = explode("_", $entry);
$subformEntryIndex = $subformMetaData[1];
$subformElementId = $subformMetaData[2];
}
if ($entry == "" or $subformCreateEntry) {
$entry = "new";
}
$element = _formulize_returnElement($ele, $formframe);
if (!is_object($element)) {
return "invalid_element";
}
$form_id = $element->getVar('id_form');
$deprefix = $noSave ? "denosave_" : "de_";
$deprefix = $subformCreateEntry ? "desubform" . $subformEntryIndex . "x" . $subformElementId . "_" : $deprefix;
// need to pass in an entry index so that all fields in the same element can be collected
if ($noSave and !is_bool($noSave)) {
$renderedElementName = $noSave;
// if we've passed a specific string with $noSave, then we want to use that to override the name of the element, because the developer wants to pick up that form value later after submission
$noSave = true;
} else {
$renderedElementName = $deprefix . $form_id . '_' . $entry . '_' . $element->getVar('ele_id');
}
global $xoopsUser;
if (!$groups) {
// groups might be passed in, which covers the case of the registration form and getting the groups from the registration code
$groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS);
}
$user_id = $xoopsUser ? $xoopsUser->getVar('uid') : 0;
$username = $xoopsUser ? $xoopsUser->getVar('uname') : "unknown user";
static $cachedEntryOwners = array();
if (!isset($cachedEntryOwners[$form_id][$entry])) {
$cachedEntryOwners[$form_id][$entry] = getEntryOwner($entry, $form_id);
}
$owner = $cachedEntryOwners[$form_id][$entry];
$mid = getFormulizeModId();
static $cachedViewPrivate = array();
static $cachedUpdateOwnEntry = array();
$gperm_handler = xoops_gethandler('groupperm');
if (!isset($cachedViewPrivate[$form_id])) {
$cachedViewPrivate[$form_id] = $gperm_handler->checkRight("view_private_elements", $form_id, $groups, $mid);
$cachedUpdateOwnEntry[$form_id] = $gperm_handler->checkRight("update_own_entry", $form_id, $groups, $mid);
}
$view_private_elements = $cachedViewPrivate[$form_id];
$update_own_entry = $cachedUpdateOwnEntry[$form_id];
// check if the user is normally able to view this element or not, by checking their groups against the display groups -- added Nov 7 2005
// messed up. Private should not override the display settings. And the $entry should be checked against the security check first to determine whether the user should even see this entry in the first place.
$display = $element->getVar('ele_display');
$private = $element->getVar('ele_private');
$member_handler = xoops_gethandler('member');
$single_result = getSingle($form_id, $user_id, $groups, $member_handler, $gperm_handler, $mid);
$groupEntryWithUpdateRights = ($single_result['flag'] == "group" and $update_own_entry and $entry == $single_result['entry']) ? true : false;
// need to test whether the display setting should be checked first?! Order of checks here looks wrong. JWE Nov 25 2010
if ($private and $user_id != $owner and !$groupEntryWithUpdateRights and $entry != "new") {
$allowed = $view_private_elements ? 1 : 0;
} elseif (strstr($display, ",")) {
$display_groups = explode(",", $display);
$allowed = array_intersect($groups, $display_groups) ? 1 : 0;
} elseif ($display == 1) {
$allowed = 1;
} else {
$allowed = 0;
}
if ($prevEntry == null) {
// preferable to pass in prevEntry!
$prevEntry = getEntryValues($entry, "", $groups, $form_id, "", $mid, $user_id, $owner, $groupEntryWithUpdateRights);
}
// record the list of elements that are allowed in principle for a form (regardless of conditional status)
if ($allowed) {
$GLOBALS['formulize_renderedElementsForForm'][$form_id][$entry][$renderedElementName] = $element->getVar('ele_handle');
}
$elementFilterSettings = $element->getVar('ele_filtersettings');
if ($allowed and count($elementFilterSettings[0]) > 0) {
// cache the filterElements for this element, so we can build the right stuff with them later in javascript, to make dynamically appearing elements
$GLOBALS['formulize_renderedElementHasConditions'][$renderedElementName] = $elementFilterSettings[0];
// need to check if there's a condition on this element that is met or not
static $cachedEntries = array();
if ($entry != "new") {
if (!isset($cachedEntries[$form_id][$entry])) {
$cachedEntries[$form_id][$entry] = getData("", $form_id, $entry);
}
$entryData = $cachedEntries[$form_id][$entry];
}
$filterElements = $elementFilterSettings[0];
$filterOps = $elementFilterSettings[1];
$filterTerms = $elementFilterSettings[2];
/* ALTERED - 20100316 - freeform - jeff/julian - start */
$filterTypes = $elementFilterSettings[3];
// find the filter indexes for 'match all' and 'match one or more'
$filterElementsAll = array();
$filterElementsOOM = array();
for ($i = 0; $i < count($filterTypes); $i++) {
if ($filterTypes[$i] == "all") {
$filterElementsAll[] = $i;
} else {
$filterElementsOOM[] = $i;
}
}
/* ALTERED - 20100316 - freeform - jeff/julian - stop */
// setup evaluation condition as PHP and then eval it so we know if we should include this element or not
$evaluationCondition = "\$passedCondition = false;\n";
$evaluationCondition .= "if(";
/* ALTERED - 20100316 - freeform - jeff/julian - start */
$evaluationConditionAND = buildEvaluationCondition("AND", $filterElementsAll, $filterElements, $filterOps, $filterTerms, $entry, $entryData);
$evaluationConditionOR = buildEvaluationCondition("OR", $filterElementsOOM, $filterElements, $filterOps, $filterTerms, $entry, $entryData);
$evaluationCondition .= $evaluationConditionAND;
if ($evaluationConditionOR) {
if ($evaluationConditionAND) {
$evaluationCondition .= " AND (" . $evaluationConditionOR . ")";
//$evaluationCondition .= " OR (" . $evaluationConditionOR . ")";
} else {
$evaluationCondition .= $evaluationConditionOR;
}
}
/* ALTERED - 20100316 - freeform - jeff/julian - stop */
$evaluationCondition .= ") {\n";
$evaluationCondition .= " \$passedCondition = true;\n";
$evaluationCondition .= "}\n";
//print( $evaluationCondition );
eval($evaluationCondition);
if (!$passedCondition) {
$allowed = 0;
}
}
if ($allowed) {
if ($element->getVar('ele_type') == "subform") {
return array("", $isDisabled);
}
if (isset($GLOBALS['formulize_forceElementsDisabled']) and $GLOBALS['formulize_forceElementsDisabled'] == true) {
$isDisabled = true;
} else {
$ele_disabled = $element->getVar('ele_disabled');
$isDisabled = false;
if ($ele_disabled == 1) {
$isDisabled = true;
} elseif (!is_numeric($ele_disabled)) {
$disabled_groups = explode(",", $ele_disabled);
if (array_intersect($groups, $disabled_groups) and !array_diff($groups, $disabled_groups)) {
$isDisabled = true;
}
}
}
// Another check to see if this element is disabled, for the case where the user can view the form, but not edit it.
if (!$isDisabled) {
// note that we're using the OPPOSITE of the permission because we want to know if the element should be disabled
$isDisabled = !formulizePermHandler::user_can_edit_entry($form_id, $user_id, $entry);
}
// check whether the entry is locked, and if so, then the element is not allowed. Set a message to say that elements were disabled due to entries being edited elsewhere (first time only).
// groups with ignore lock permission bypass this, and therefore can save entries even when locked, and saving an entry removes the lock, so that gets you out of a jam if the lock is in place when it shouldn't be.
// locks are only valid for the session time, so if a lock is older than that, it is ignored and cleared
// Do this last, since locking overrides other permissions!
$lockFileName = "entry_" . $entry . "_in_form_" . $form_id . "_is_locked_for_editing";
// if we haven't found a lock for this entry, check if there is one...(as long as it's not an entry that we locked ourselves on this page load)
if ($entry != "new" and !isset($lockedEntries[$form_id][$entry]) and !isset($entriesThatHaveBeenLockedThisPageLoad[$form_id][$entry]) and file_exists(XOOPS_ROOT_PATH . "/modules/formulize/temp/{$lockFileName}") and !$gperm_handler->checkRight("ignore_editing_lock", $form_id, $groups, $mid)) {
$maxSessionLifeTime = ini_get("session.gc_maxlifetime");
$fileCreationTime = filectime(XOOPS_ROOT_PATH . "/modules/formulize/temp/{$lockFileName}");
if ($fileCreationTime + $maxSessionLifeTime > time()) {
list($lockUid, $lockUsername) = explode(",", file_get_contents(XOOPS_ROOT_PATH . "/modules/formulize/temp/{$lockFileName}"));
if ($lockUid != $user_id) {
// lock is still valid, hasn't expired yet.
if (count($lockedEntries) == 0) {
$label = json_encode(sprintf(_formulize_ENTRY_IS_LOCKED, $lockUsername));
print <<<EOF
<script type='text/javascript'>
\$(document).ready(function() {
jQuery("<div id=\\"formulize-entry-lock-message\\"><i id=\\"formulize-entry-lock-icon\\" class=\\"icon-lock\\"></i><p>"+{$label}+"</p></div>").insertBefore("#formulize .xo-theme-form table");
});
</script>
EOF;
}
$lockedEntries[$form_id][$entry] = true;
}
} else {
// clean up expired locks
formulize_scandirAndClean(XOOPS_ROOT_PATH . "/modules/formulize/temp/", "_" . $entry . "_in_form_" . $form_id . "_", $maxSessionLifeTime);
}
}
// if we've ever found a lock for this entry as part of this pageload...
if (isset($lockedEntries[$form_id][$entry])) {
$isDisabled = true;
}
$renderer = new formulizeElementRenderer($element);
$ele_value = $element->getVar('ele_value');
$ele_type = $element->getVar('ele_type');
if (($prevEntry or $profileForm === "new") and $ele_type != 'subform' and $ele_type != 'grid') {
$data_handler = new formulizeDataHandler($form_id);
$ele_value = loadValue($prevEntry, $element, $ele_value, $data_handler->getEntryOwnerGroups($entry), $groups, $entry, $profileForm);
// get the value of this element for this entry as stored in the DB -- and unset any defaults if we are looking at an existing entry
}
formulize_benchmark("About to render element " . $element->getVar('ele_caption') . ".");
$form_ele =& $renderer->constructElement($renderedElementName, $ele_value, $entry, $isDisabled, $screen);
if (strstr($_SERVER['PHP_SELF'], "formulize/printview.php") and is_object($form_ele)) {
$form_ele->setDescription('');
}
formulize_benchmark("Done rendering element.");
// put a lock on this entry in this form, so we know that the element is being edited. Lock will be removed next time the entry is saved.
if ($entry > 0 and !isset($lockedEntries[$form_id][$entry]) and !isset($entriesThatHaveBeenLockedThisPageLoad[$form_id][$entry])) {
if (is_writable(XOOPS_ROOT_PATH . "/modules/formulize/temp/")) {
$lockFile = fopen(XOOPS_ROOT_PATH . "/modules/formulize/temp/{$lockFileName}", "w");
if (false !== $lockFile) {
fwrite($lockFile, "{$user_id},{$username}");
fclose($lockFile);
$entriesThatHaveBeenLockedThisPageLoad[$form_id][$entry] = true;
}
} else {
if (defined("ICMS_ERROR_LOG_SEVERITY") and ICMS_ERROR_LOG_SEVERITY >= E_WARNING) {
static $lock_file_warning_issued = false;
if (!$lock_file_warning_issued) {
// cannot write to Formulize temp folder to create lock entries
error_log("Notice: Formulize temp folder does not exist or is not writeable, so lock file cannot be created in " . XOOPS_ROOT_PATH . "/modules/formulize/temp/");
$lock_file_warning_issued = true;
}
}
}
}
if (!$renderElement) {
return array(0 => $form_ele, 1 => $isDisabled);
} else {
if ($element->getVar('ele_type') == "ib") {
print $form_ele[0];
return "rendered";
} elseif (is_object($form_ele)) {
print $form_ele->render();
if (!empty($form_ele->customValidationCode) and !$isDisabled) {
$GLOBALS['formulize_renderedElementsValidationJS'][$GLOBALS['formulize_thisRendering']][$form_ele->getName()] = $form_ele->renderValidationJS();
} elseif ($element->getVar('ele_req') and ($element->getVar('ele_type') == "text" or $element->getVar('ele_type') == "textarea") and !$isDisabled) {
$eltname = $form_ele->getName();
$eltcaption = $form_ele->getCaption();
$eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption);
$eltmsg = str_replace('"', '\\"', stripslashes($eltmsg));
$GLOBALS['formulize_renderedElementsValidationJS'][$GLOBALS['formulize_thisRendering']][$eltname] = "if ( myform." . $eltname . ".value == \"\" ) { window.alert(\"" . $eltmsg . "\"); myform." . $eltname . ".focus(); return false; }";
}
if ($isDisabled) {
return "rendered-disabled";
} else {
return "rendered";
}
}
}
// or, even if the user is not supposed to see the element, put in a hidden element with its default value (only on new entries for elements with the forcehidden flag on)
// NOTE: YOU CANNOT HAVE DEFAULT VALUES ON A LINKED FIELD CURRENTLY
// So, no handling of linked values is included here.
} elseif ($forcehidden = $element->getVar('ele_forcehidden') and $entry == "new" and !$noSave) {
// hiddenElements keys will be the element ids
$hiddenElements = generateHiddenElements(array($element), $entry);
$thisHiddenElement = isset($hiddenElements[$element->getVar('ele_id')]) ? $hiddenElements[$element->getVar('ele_id')] : "";
if (!$renderElement) {
return array("hidden", $isDisabled, $thisHiddenElement);
// if the element is hidden, then return an array, but with hidden as the first key, so that logic that was not expecting an element back, will still function as is. This is a backwards compatibility thing. For hidden elements, the element is in the third key, if in fact you need it/are looking for it in the user land code...note that in the case of checkboxes, the elements returned will be in an array
} else {
$cueElement = new xoopsFormHidden("decue_" . $fid . "_" . $entry . "_" . $element_id, 1);
print $cueElement->render();
if (is_array($thisHiddenElement)) {
// could happen for checkboxes
foreach ($thisHiddenElement as $thisIndividualHiddenElement) {
if (is_object($thisIndividualHiddenElement)) {
print $thisIndividualHiddenElement->render() . "\n";
}
}
} elseif (is_object($thisHiddenElement)) {
print $thisHiddenElement->render() . "\n";
}
return "hidden";
}
} else {
return "not_allowed";
}
}
