/**
@param $help_page - language/page.html
*/
function validate_opendb_lang_help_page_url($help_page)
{
$index = strpos($help_page, "/");
if ($index !== FALSE) {
$language = substr($help_page, 0, $index);
// ensure someone is not trying to download the /etc/passwd file or something by basename it back to a simple filename
$page = basename(substr($help_page, $index + 1));
}
// make sure it ends in html
if (is_exists_language($language) && ends_with($page, ".html") && @file_exists("./help/{$language}/{$page}")) {
return "./help/{$language}/{$page}";
}
// else
return NULL;
}
function validate_user_info($user_r, &$HTTP_VARS, &$address_provided_r, &$errors)
{
$address_attribs_provided = NULL;
$is_address_validated = TRUE;
// cannot change your role unless you have the permissions
if (is_array($user_r) && !is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
$HTTP_VARS['user_role'] = $user_r['user_role'];
} else {
if ($HTTP_VARS['op'] == 'signup' && !is_valid_signup_role($HTTP_VARS['user_role'])) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid Signup User Role specified', $HTTP_VARS);
return FALSE;
}
}
$role_r = fetch_role_r($HTTP_VARS['user_role']);
if (!is_array($role_r)) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid User Role specified', $HTTP_VARS);
return FALSE;
}
$HTTP_VARS['fullname'] = filter_input_field("text(30,100)", $HTTP_VARS['fullname']);
$HTTP_VARS['email_addr'] = filter_input_field("email(30,100)", $HTTP_VARS['email_addr']);
if (!validate_input_field(get_opendb_lang_var('fullname'), "text(30,100)", "Y", $HTTP_VARS['fullname'], $errors) || !validate_input_field(get_opendb_lang_var('email'), "email(30,100)", "Y", $HTTP_VARS['email_addr'], $errors)) {
return FALSE;
}
if (get_opendb_config_var('user_admin', 'user_themes_support') === FALSE || !is_exists_theme($HTTP_VARS['uid_theme'])) {
$HTTP_VARS['uid_theme'] = FALSE;
// Do not update theme!
}
// Do not allow update with illegal language.
if (get_opendb_config_var('user_admin', 'user_language_support') === FALSE || !is_exists_language($HTTP_VARS['uid_language'])) {
$HTTP_VARS['uid_language'] = NULL;
}
$addr_results = fetch_address_type_rs(TRUE);
if ($addr_results) {
while ($address_type_r = db_fetch_assoc($addr_results)) {
$v_address_type = strtolower($address_type_r['s_address_type']);
$address_provided_r[$v_address_type] = FALSE;
$attr_results = fetch_address_type_attribute_type_rs($address_type_r['s_address_type'], 'update', TRUE);
if ($attr_results) {
while ($addr_attribute_type_r = db_fetch_assoc($attr_results)) {
$fieldname = get_field_name($addr_attribute_type_r['s_attribute_type'], $addr_attribute_type_r['order_no']);
$HTTP_VARS[$v_address_type][$fieldname] = filter_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname]);
if (is_empty_attribute($addr_attribute_type_r['s_attribute_type'], $HTTP_VARS[$v_address_type][$fieldname]) !== FALSE) {
$address_provided_r[$v_address_type] = TRUE;
if (!validate_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname], $errors)) {
$is_address_validated = FALSE;
}
}
}
db_free_result($attr_results);
}
//if($addr_results)
}
db_free_result($addr_results);
}
//if($addr_results)
return $is_address_validated;
}
function validate_s_config_group_item($group_id, $id, $keyid, $value)
{
if (strlen($group_id) > 0 && strlen($id) > 0 && strlen($keyid) > 0) {
$query = "SELECT type, subtype FROM s_config_group_item WHERE group_id = '{$group_id}' AND id = '{$id}' ";
if (is_numeric($keyid)) {
$query .= " AND (type = 'array' OR keyid = '{$keyid}') ";
} else {
$query .= " AND keyid = '{$keyid}' ";
}
$query .= "LIMIT 0,1";
$result = db_query($query);
if ($result && db_num_rows($result) > 0) {
$found = db_fetch_assoc($result);
$value = trim($value);
// will not directly validate an array, but instead the subtype of the array.
if ($found['type'] == 'array') {
// by default its text
if (strlen($found['subtype']) == 0) {
$found['subtype'] = 'text';
}
if ($found['subtype'] == 'usertype') {
$found['type'] = 'usertype';
} else {
if ($found['subtype'] == 'number') {
$found['type'] = 'number';
} else {
$found['type'] = 'text';
}
}
}
switch ($found['type']) {
case 'boolean':
$value = strtoupper($value);
if ($value == 'TRUE' || $value == 'FALSE') {
return $value;
} else {
return 'FALSE';
}
case 'email':
if (is_valid_email_addr($value)) {
return $value;
} else {
return FALSE;
}
case 'number':
// filter out any non-numeric characters, but pass the rest in.
$value = remove_illegal_chars($value, expand_chars_exp('0-9'));
if (strlen($value) > 0) {
return $value;
} else {
return FALSE;
}
case 'datemask':
// TODO: Provide a date-mask filter
return $value;
case 'language':
if (is_exists_language($value)) {
return $value;
} else {
return FALSE;
}
case 'theme':
if (is_exists_theme($value)) {
return $value;
} else {
return FALSE;
}
case 'export':
if (strlen($value) == 0 || is_export_plugin($value)) {
return $value;
} else {
return FALSE;
}
case 'value_select':
if (strlen($found['subtype']) > 0) {
$options_r = explode(',', $found['subtype']);
}
if (!is_array($options_r) || in_array($value, $options_r) !== FALSE) {
return $value;
} else {
return FALSE;
}
//case 'readonly':
// return $value;
//case 'text':
//case 'password':
//case 'textarea':
// return addslashes(replace_newlines(trim($value)));
//case 'readonly':
// return $value;
//case 'text':
//case 'password':
//case 'textarea':
// return addslashes(replace_newlines(trim($value)));
default:
return addslashes(replace_newlines(trim($value)));
}
//switch
db_free_result($result);
} else {
return FALSE;
}
}
//else
return FALSE;
}
$_OPENDB_THEME = 'default';
}
}
}
if (is_exists_language($_OVRD_OPENDB_LANGUAGE)) {
$_OPENDB_LANGUAGE = $_OVRD_OPENDB_LANGUAGE;
} else {
unset($_OPENDB_LANGUAGE);
if (strlen(get_opendb_session_var('user_id')) > 0 && get_opendb_config_var('user_admin', 'user_language_support') !== FALSE) {
$user_language = fetch_user_language(get_opendb_session_var('user_id'));
if (is_exists_language($user_language)) {
$_OPENDB_LANGUAGE = $user_language;
}
}
if (strlen($_OPENDB_LANGUAGE) == 0) {
if (is_exists_language(get_opendb_config_var('site', 'language'))) {
$_OPENDB_LANGUAGE = strtoupper(get_opendb_config_var('site', 'language'));
} else {
$_OPENDB_LANGUAGE = fetch_default_language();
}
}
}
}
}
if ($HTTP_VARS['mode'] == 'job') {
$_OPENDB_THEME = '';
}
if (strlen($_OPENDB_THEME) > 0) {
include_once "./theme/{$_OPENDB_THEME}/theme.php";
}
} else {
function delete_s_language($language)
{
if (is_exists_language($language)) {
$query = "DELETE FROM s_language " . "WHERE language = '{$language}'";
$delete = db_query($query);
// We should not treat deletes that were not actually updated because value did not change as failures.
if ($delete && ($rows_affected = db_affected_rows()) !== -1) {
if ($rows_affected > 0) {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($language));
}
return TRUE;
} else {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($language));
return FALSE;
}
}
//else
return FALSE;
}
function is_not_exists_language($language)
{
return !is_exists_language($language);
}
