if ($get_result->numRows() > 0) {
$fetch_result = $get_result->fetchRow();
$file_extension_string = $fetch_result['value'];
}
$file_extensions = explode(",", $file_extension_string);
// get from settings and add to forbidden list
$forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD);
// Loop through the files
$good_uploads = 0;
$sum_dirs = 0;
$sum_files = 0;
for ($count = 1; $count <= 10; $count++) {
// If file was upload to tmp
if (isset($_FILES["file{$count}"]['name'])) {
// Remove bad characters
$filename = trim(media_filename($_FILES["file{$count}"]['name']), '.');
// Check if there is still a filename left
// if($filename != '') {
$info = pathinfo($filename);
$ext = isset($info['extension']) ? $info['extension'] : '';
if ($filename != '' && !preg_match("/" . $forbidden_file_types . "\$/i", $ext)) {
// Move to relative path (in media folder)
if (file_exists($relative . $filename) and $overwrite == true) {
if (move_uploaded_file($_FILES["file{$count}"]['tmp_name'], $relative . $filename)) {
$good_uploads++;
$sum_files++;
// Chmod the uploaded file
change_mode($relative . $filename);
}
} elseif (!file_exists($relative . $filename)) {
if (move_uploaded_file($_FILES["file{$count}"]['tmp_name'], $relative . $filename)) {
function build_page(&$admin, &$database)
{
global $HEADING, $TEXT, $MENU, $MESSAGE;
// Include the functions file
include_once get_include(LEPTON_PATH . '/framework/summary.functions.php');
include_once get_include(ADMIN_PATH . '/media/function.inc.php');
$memory_limit = ini_get('memory_limit');
$post_max_size = ini_get('post_max_size');
$upload_max_filesize = ini_get('upload_max_filesize');
$maxUploadFiles = 12;
$request = $_SERVER['REQUEST_METHOD'];
$allowed_img_types = 'jpg|png|gif|tif';
$actions = isset($_POST['action']) ? trim(stripslashes($admin->get_post('action'))) : 'show';
$actions = isset($_POST['media_reload']) && $_POST['media_reload'] == true ? 'media_reload' : $actions;
$actions = isset($_POST['cancel']) ? 'show' : $actions;
// Get home folder not to show
$home_folders = get_home_folders();
$currentHome = $admin->get_home_folder();
$pathsettings = get_media_settings();
// Get the user specified dir parent_path
if ($request == 'GET' && isset($_REQUEST)) {
$directory = rawurldecode(trim(stripslashes($admin->get_get('dir'))));
} elseif (isset($_POST['current_select'])) {
$directory = str_replace(MEDIA_DIRECTORY, '', rawurldecode(trim(stripslashes($admin->get_post('current_select')))));
} elseif (isset($_POST['current_dir'])) {
$directory = rawurldecode(trim(stripslashes($admin->get_post('current_dir'))));
}
//$directory = is_null($directory) ? $currentHome : $directory;
// $directory is not always null ... 8-/
$directory = is_null($directory) || empty($directory) ? $currentHome : $directory;
$directory = $directory == '/' || $directory == '\\' ? '' : $directory;
$target = $current_dir = $directory;
$backlink = 'index.php?dir=' . $directory;
$FILE = array();
$dirs = array();
$skip = LEPTON_PATH;
directory_list(LEPTON_PATH . MEDIA_DIRECTORY, false, 0, $dirs, $skip);
// dirs with readWrite access
$dirs_rw = media_dirs_rw($admin);
array_walk($dirs_rw, 'remove_path', LEPTON_PATH);
if ($admin->get_user_id() == 1) {
$id = array_unshift($dirs_rw, MEDIA_DIRECTORY);
}
// Define absolute path to WB media directory (using Unix path seperator)
$mediaPath = str_replace('\\', '/', LEPTON_PATH . MEDIA_DIRECTORY);
/* comment out to show only Home Folder till yet not build in overall
$acess_denied = (($currentHome != '') && (strpos($mediaPath.$directory, $currentHome))) ? false : true;
*/
// sytem_admin if not superadmin, no homefolder, groupmember 1
$system_admin = $admin->ami_group_member('1') == true || $admin->get_user_id() == 1;
$group_admin = empty($currentHome) == true && $admin->ami_group_member('1') == true;
//$full_home_folder_access = $directory == '' || in_array(MEDIA_DIRECTORY.$directory, $dirs_rw) || $group_admin ;
/*
* If HOME_FOLDERS are not active the user have access to all media files,
* otherwise check if the shown folders in list are within the personal folder
* and grant desired rights only for this folders (upload, create directory a.s.o.)
*/
$full_home_folder_access = !HOME_FOLDERS ? true : empty($_SESSION['HOME_FOLDER']) || in_array(MEDIA_DIRECTORY . $directory, $dirs_rw) || $group_admin;
if (strstr($current_dir, '..')) {
// target_path contains ../
$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH'], $backlink);
}
// Build canonicalized absolute path from user input and check if path exists (False if not)
$userPath = str_replace('\\', '/', realpath($mediaPath . $directory));
// Ensure that the user specified path is located inside WB media folder
if ($userPath == false || strpos($userPath, $mediaPath) !== 0) {
// User defined path is invalid or is located outside the WB media directory
$admin->print_error($MESSAGE['MEDIA_DIR_ACCESS_DENIED'], $backlink);
}
if (!is_writeable($mediaPath . $directory)) {
$admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS'], $backlink);
}
$tpl = new Template(THEME_PATH . '/templates', 'keep');
// false | true
$tpl->debug = false;
$file_array = array('page' => 'media.htt', 'browse' => 'media_browse.htt', 'rename' => 'media_rename.htt', 'settings' => 'setparameter.htt');
$tpl->set_file($file_array);
$tpl->set_block('page', 'main_block', 'main');
// BEGIN left side always with main_block and the dropdown list may later as dirtree
// First insert language text and messages
$tpl->set_var(array('TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_TARGET_FOLDER' => $TEXT['TARGET_FOLDER'], 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], 'TEXT_NAME' => $TEXT['TITLE'], 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], 'TEXT_UNZIP_FILE' => $TEXT['UNZIP_FILE'], 'TEXT_DELETE_ZIP' => $TEXT['DELETE_ZIP'], 'TEXT_OVERWRITE_EXISTING' => $TEXT['OVERWRITE_EXISTING'], 'TEXT_FILES' => $TEXT['FILES']));
$tpl->set_var(array('USER_ID' => $admin->is_authenticated() ? $admin->get_user_id() : '', 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL));
// && (($admin->ami_group_member('1') != true) || ($admin->get_user_id() != 1))
// set optionen media_settings_block
$tpl->set_block('main_block', 'media_settings_block', 'media_settings');
// Only show admin the settings link
if ($pathsettings['global']['admin_only'] == true) {
if ($system_admin != true) {
$tpl->set_var('DISPLAY_SETTINGS', 'hide');
$tpl->set_block('media_settings', '');
} else {
$tpl->parse('media_settings', 'media_settings_block', true);
}
} else {
$tpl->parse('media_settings', 'media_settings_block', true);
}
// set optionen media_upload_block
$tpl->set_var(array('CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'HEADING_BROWSE_MEDIA' => $HEADING['BROWSE_MEDIA'], 'HEADING_MEDIA' => $MENU['MEDIA'] . ' ' . $TEXT['FOLDERS'], 'HEADING_CREATE_FOLDER' => $HEADING['CREATE_FOLDER'], 'HEADING_UPLOAD_FILES' => $HEADING['UPLOAD_FILES'], 'OPTIONS' => $TEXT['OPTION'], 'SETTINGS_URL' => $_SERVER['SCRIPT_NAME']));
$tpl->set_var(array('HOME_DIRECTORY' => $currentHome, 'MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'CURRENT_DIR' => $directory));
// create dropdownlist dir_list_block
$tpl->set_block('main_block', 'dir_list_block', 'dir_list');
// select the correct directory list
$use_dirs = !HOME_FOLDERS ? $dirs : empty($_SESSION['HOME_FOLDER']) ? $dirs : $dirs_rw;
if (count($use_dirs) > 0) {
foreach ($use_dirs as $name) {
// prevent duplicate entries - default directory is also set by template!
if ($name == MEDIA_DIRECTORY . $currentHome) {
continue;
}
$tpl->set_var(array('MEDIA_NAME' => $name, 'SELECTED' => MEDIA_DIRECTORY . $directory == $name ? ' selected="selected"' : ''));
$tpl->parse('dir_list', 'dir_list_block', true);
}
} else {
$tpl->set_var('dir_list', '');
}
// Insert permissions values, hide for some actions
// workout action should show default blocks
switch ($actions) {
// all others remove from left side
case 'none':
case 'show':
case 'media_reload':
case 'media_create':
case 'media_upload':
case 'media_delete':
case 'save_media_rename':
$tpl->set_block('main_block', 'media_create_block', 'media_create');
if ($admin->get_permission('media_create') != true || $full_home_folder_access == false) {
$tpl->set_var('DISPLAY_CREATE', 'hide');
$tpl->set_block('media_create', '');
} else {
$tpl->set_var(array('DISPLAY_CREATE' => '', 'MAX_UPLOADS' => $maxUploadFiles, 'ALLOW_EXTS' => RENAME_FILES_ON_UPLOAD));
$tpl->parse('media_create', 'media_create_block', true);
}
$tpl->set_block('main_block', 'input_upload_block', 'input_upload');
for ($x = 0; $x <= $maxUploadFiles; $x++) {
$tpl->parse('input_upload', 'input_upload_block', true);
}
$tpl->set_block('main_block', 'media_upload_block', 'media_upload');
if ($admin->get_permission('media_upload') != true || $full_home_folder_access == false) {
$tpl->set_var('DISPLAY_UPLOAD', 'hide');
$tpl->set_block('media_upload', '');
} else {
$tpl->set_var(array('DISPLAY_UPLOAD' => ''));
$tpl->parse('media_upload', 'media_upload_block', true);
}
break;
default:
// all the other action has to hide the blocks
$tpl->set_block('main_block', 'media_create_block', 'media_create');
$tpl->set_var('DISPLAY_CREATE', 'hide');
$tpl->parse('media_create', '');
$tpl->set_block('main_block', 'media_upload_block', 'media_upload');
$tpl->set_var('DISPLAY_UPLOAD', 'hide');
$tpl->parse('media_upload', '');
break;
}
// END workout main_wrapper
// Now prepare and parse values for the wrapper template show modus
switch ($actions) {
case 'none':
case 'show':
case 'media_reload':
case 'media_create':
case 'media_upload':
case 'media_delete':
case 'save_media_rename':
$tpl->loadfile('browse');
$tpl->set_block('main_block', 'main_wrapper_block', 'browse');
// Workout the parent dir link PARENT_PATH
//$parent_path = !empty($directory) ? dirname($directory) : $directory;
if (!empty($directory)) {
if (HOME_FOLDERS && !empty($_SESSION['HOME_FOLDER'])) {
$parent_path = $_SESSION['HOME_FOLDER'];
} else {
$parent_path = dirname($directory);
}
} else {
$parent_path = $directory;
}
// $parent_dir_link = ADMIN_URL.'/media/index.php?dir='.$directory.'&up=1';
$parent_dir_link = 1;
// Workout if the up arrow should be shown
$display_up_arrow = '';
// $display_up_arrow = (($directory == '') || ($directory == $currentHome)) ? 'hide' : '';
// Insert header info values main_wrapper_block
$tpl->set_var(array('THEME_URL' => THEME_URL, 'ROOT_DIRECTORY' => MEDIA_DIRECTORY, 'MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'CURRENT_PATH' => $directory, 'PARENT_DIR_LINK' => $parent_dir_link, 'PARENT_PATH' => $parent_path));
$tpl->set_block('browse', 'up_link_block', 'up_link');
if (!empty($directory) && $directory != $parent_path) {
// show only if parent <> directory
$tpl->set_var(array('PARENT_DIR_LINK' => $parent_dir_link, 'TEXT_UP' => $TEXT['UP'], 'DISPLAY_UP_ARROW' => ''));
$tpl->parse('up_link', 'up_link_block', true);
} else {
$tpl->set_block('up_link', '');
$tpl->set_var(array('UP_LINK_COL' => ' display_up_arrow', 'TEXT_UP' => $TEXT['UP'], 'DISPLAY_UP_ARROW' => ' display_up_arrow'));
}
// now set the dirs and files file_list_block and permissions
$tpl->set_block('browse', 'file_list_block', 'file_list');
$tpl->set_block('file_list', 'media_rename_block', 'media_rename');
$tpl->set_block('file_list', 'media_delete_block', 'media_delete');
// get dirs and files in currentDir
$FILE = scan_current_dir(LEPTON_PATH . MEDIA_DIRECTORY . '/' . $directory);
$temp_id = 0;
$line = $row_id = 1;
if (count($FILE['path']) > 0) {
foreach ($FILE['path'] as $name) {
$temp_id++;
$link_name = str_replace(' ', '%20', $name);
$tpl->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $temp_id, 'LINK' => 'index.php?dir=' . $directory . '/' . $link_name, 'LINK_RELATION' => '', 'ROW_ID' => $line++ & 1, 'FT_ICON' => THEME_URL . '/images/folder_16.png', 'FILETYPE_ICON' => THEME_URL . '/images/folder_16.png', 'FILETYPE' => 'dir', 'FILENAME' => '/' . addslashes($name), 'LINK_TARGET' => '_self', 'ENABLE_OVERLIB' => '', 'EXTENSION' => '', 'MOUSEOVER' => '', 'CLASS_PREVIEW' => '', 'IMAGEDETAIL' => '', 'DISPLAY_ICON' => '', 'SIZE' => '', 'DATE' => '', 'PREVIEW' => '', 'LINK_PATH' => $directory . '/' . $link_name, 'MEDIA_PATH' => MEDIA_DIRECTORY));
$tpl->parse('file_list', 'file_list_block', true);
}
}
// now set the files file_list_block and permissions
if (count($FILE['filename']) > 0) {
// convert to correct searchpattern
$allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD);
foreach ($FILE['filename'] as $name) {
$preview = 'preview';
if (!preg_match("/\\." . $allowed_file_types . "\$/i", $name)) {
$preview = '';
continue;
}
$temp_id++;
$overlib = preg_match("/\\." . $allowed_img_types . "\$/i", $name) ? ' overlib' : '';
if ($preview) {
$filetype = get_filetype(LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name);
$size = filesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name);
$bytes = byte_convert($size);
$fdate = filemtime(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name);
$date = date(DATE_FORMAT . ' ' . TIME_FORMAT, $fdate);
$filetypeicon = get_filetype_icon(LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name);
$tooltip = '';
$imgdetail = $bytes;
$icon = THEME_URL . '/images/files/unknown.png';
if (!$pathsettings['global']['show_thumbs']) {
$info = @getimagesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name);
if ($info[0]) {
$imgdetail = fsize(filesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name)) . '<br /> ' . $info[0] . ' x ' . $info[1] . ' px';
$icon = 'thumb.php?t=1&img=' . $directory . '/' . $name;
$tooltip = ShowTip('thumb.php?t=2&img=' . $directory . '/' . $name, $allowed_img_types);
} else {
$icon = THEME_URL . '/images/files/' . $filetypeicon . '.png';
}
} else {
$filetypeicon = get_filetype_icon(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name);
$icon = THEME_URL . '/images/files/' . $filetypeicon . '.png';
}
$tpl->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $temp_id, 'LINK' => LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name, 'LINK_RELATION' => '', 'ROW_ID' => $line++ & 1, 'FT_ICON' => $icon, 'FILETYPE_ICON' => THEME_URL . '/images/files/' . $filetypeicon . '.png', 'FILENAME' => addslashes($name), 'LINK_TARGET' => '_top', 'ENABLE_OVERLIB' => $overlib, 'FILETYPE' => 'file', 'EXTENSION' => $filetype, 'MOUSEOVER' => $tooltip, 'CLASS_PREVIEW' => '', 'IMAGEDETAIL' => $imgdetail, 'DISPLAY_ICON' => '', 'SIZE' => $bytes, 'DATE' => $date, 'PREVIEW' => $preview));
$tpl->parse('file_list', 'file_list_block', true);
}
}
}
$tpl->set_var(array('TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_SIZE' => $TEXT['SIZE'], 'TEXT_DATE' => $TEXT['DATE'], 'TEXT_NAME' => $TEXT['NAME'], 'TEXT_TYPE' => $TEXT['TYPE'], 'MEDIA_BROWSE' => '', 'NONE_FOUND' => $MESSAGE['MEDIA_NONE_FOUND'], 'CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'CONFIRM_DELETE' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE']), 'CONFIRM_DELETE_FILE' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE_FILE']), 'CONFIRM_DELETE_DIR' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE_DIR'])));
// If no files are in the media folder say so
if ($temp_id == 0) {
$tpl->set_var('DISPLAY_LIST_TABLE', ' hide');
$tpl->set_var('DISPLAY_NONE_FOUND', ' center');
$tpl->set_var("file_list_block", "<tr><td></td></tr>");
$tpl->parse('file_list', 'file_list_block', true);
} else {
$tpl->set_var('DISPLAY_LIST_TABLE', '');
$tpl->set_var('DISPLAY_NONE_FOUND', ' hide');
}
$tpl->set_block('file_list', 'media_rename_block', 'media_rename');
$tpl->set_block('file_list', 'media_delete_block', 'media_delete');
// Insert permissions values
if ($admin->get_permission('media_rename') != true || $full_home_folder_access == false) {
$tpl->set_var('DISPLAY_RENAME', 'hide');
$tpl->set_var('RENHAME_CONTENT', '');
$tpl->parse('media_rename', '');
} else {
$tpl->set_var('RENHAME_CONTENT', '');
$tpl->parse('media_rename', 'media_rename_block', true);
}
if ($admin->get_permission('media_delete') != true || $full_home_folder_access == false) {
$tpl->set_var('DISPLAY_DELETE', 'hide');
$tpl->set_var('DELETE_CONTENT', '');
$tpl->parse('media_delete', '');
} else {
$tpl->set_var('DELETE_CONTENT', '');
$tpl->parse('media_delete', 'media_delete_block', true);
}
break;
}
// begin with save modus actions
switch ($actions) {
// save actions
case 'save_media_settings':
if (($x = save_media_settings($pathsettings)) == 0) {
$admin->print_error($MESSAGE['SETTINGS_UNABLE_WRITE_CONFIG'], $backlink);
} else {
$admin->print_success($MESSAGE['SETTINGS_SAVED'], $backlink);
}
break;
case 'save_media_rename':
$ext = trim(stripslashes($admin->get_post('extension')));
$ext = empty($ext) ? '' : '.' . $ext;
$old_file = media_filename(trim(stripslashes($admin->get_post('old_name')))) . $ext;
$rename_file = media_filename(trim(stripslashes($admin->get_post('name')))) . $ext;
$type = trim(stripslashes($admin->get_post('filetype')));
// perhaps change dots in underscore by tpye = directory
$rename_file = trim($rename_file, '.');
$old_file = LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $old_file;
$rename_file = LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $rename_file;
if ($type == 'dir') {
$rename_file = str_replace('.', '_', $rename_file);
} elseif (!preg_match("/\\." . $allowed_file_types . "\$/i", $rename_file)) {
$admin->print_error($TEXT['EXTENSION'] . ': ' . $MESSAGE['GENERIC_INVALID'], $backlink);
}
if (rename($old_file, $rename_file)) {
$admin->print_success($MESSAGE['MEDIA_RENAMED'], $backlink);
} else {
$admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], $backlink);
}
break;
}
// mask input modus
switch ($actions) {
case 'media_rename':
clearstatcache();
$rename_file = media_filename(trim(stripslashes($admin->get_post('filename'))));
$ext = trim(stripslashes($admin->get_post('fileext')));
$type = trim(stripslashes($admin->get_post('filetype')));
$rename_file = basename($rename_file);
$tpl->loadfile('rename');
$tpl->set_block('main_block', 'main_wrapper_block', 'rename');
// false | true
$tpl->debug = false;
$tpl->set_var(array('THEME_URL' => THEME_URL, 'TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'FILENAME' => $rename_file, 'BASENAME' => trim(str_replace($ext, '', basename($rename_file)), '.'), 'ROOT_DIRECTORY' => MEDIA_DIRECTORY, 'DISPLAY_UP_ARROW' => ' display_up_arrow', 'CURRENT_PATH' => $directory, 'DIR' => $directory, 'FILE_TYPE' => $type, 'EXTENSION' => '.' . ltrim($ext, '.'), 'FILE_EXT' => ltrim($ext, '.'), 'TEXT_OVERWRITE_EXIST' => $TEXT['OVERWRITE_EXISTING'], 'TEXT_TO' => '', 'MEDIA_BROWSE' => '', 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_CANCEL' => $TEXT['CANCEL']));
$tpl->parse('rename', 'main_wrapper_block', true);
break;
case 'media_settings':
// load template language file
$lang = THEME_PATH . '/languages/' . LANGUAGE . '.php';
include_once !file_exists($lang) ? THEME_PATH . '/languages/EN.php' : $lang;
$tpl->loadfile('settings');
$tpl->set_block('main_block', 'main_wrapper_block', 'settings');
// false | true
$tpl->debug = false;
$admin_only = isset($pathsettings['global']['admin_only']) && $pathsettings['global']['admin_only'] == true ? ' checked="checked"' : '';
$show_thumbs = isset($pathsettings['global']['show_thumbs']) && $pathsettings['global']['show_thumbs'] == true ? ' checked="checked"' : '';
$tpl->set_var(array('TEXT_HEADER' => $TEXT['TEXT_HEADER'], 'SAVE_TEXT' => $TEXT['SAVE'], 'CANCEL' => $TEXT['CANCEL'], 'RESET' => $TEXT['RESET'], 'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'], 'MEDIA_BROWSE' => '', 'ADMIN_ONLY' => $TEXT['ADMIN_ONLY'], 'SETTINGS' => $TEXT['SETTINGS'], 'CURRENT_PATH' => $directory, 'ADMIN_URL' => ADMIN_URL, 'WIDTH' => $TEXT['WIDTH'], 'HEIGHT' => $TEXT['HEIGHT'], 'ADMIN_ONLY_SELECTED' => $admin_only, 'NO_SHOW_THUMBS_SELECTED' => $show_thumbs, 'NONE_FOUND' => '', 'DISPLAY_NONE' => ''));
// Get dirs in currentDir
$dirs = array();
$skip = LEPTON_PATH;
directory_list(LEPTON_PATH . MEDIA_DIRECTORY, false, 0, $dirs, $skip);
$line = $row_id = 1;
$tpl->set_block('settings', 'dir_settings_block', 'dir_settings');
if (isset($dirs)) {
$good_dirs = 0;
$dir_filter = MEDIA_DIRECTORY . $directory;
$parent = substr_count($dir_filter, '/') + 1;
$dir_filter = str_replace(array('/', ' '), '_', $dir_filter);
foreach ($dirs as $name) {
$relative = $name;
// str_replace(LEPTON_PATH, '', $name);
$subparent = substr_count($relative, '/') + 1;
$safepath = str_replace(array('/', ' '), '_', $relative);
$continue = strlen(str_replace($safepath, '', $dir_filter));
// if( (substr_count($safepath,$dir_filter) == 0) || ( $dir_filter == $safepath ) )
if ($parent != $subparent - 1 || substr_count($safepath, $dir_filter) == 0 || $dir_filter == $safepath) {
continue;
}
$good_dirs++;
$cur_width = $cur_height = '';
if (isset($pathsettings[$safepath]['width'])) {
$cur_width = $pathsettings[$safepath]['width'];
}
if (isset($pathsettings[$safepath]['height'])) {
$cur_height = $pathsettings[$safepath]['height'];
}
$cur_width = $cur_width != 0 ? (int) $cur_width : '-';
$cur_height = $cur_height != 0 ? (int) $cur_height : '-';
$tpl->set_var(array('PATH_NAME' => basename($relative), 'FIELD_NAME' => $safepath, 'CUR_WIDTH' => $cur_width, 'CUR_HEIGHT' => $cur_height, 'ROW_ID' => $line++ & 1));
$tpl->parse('dir_settings', 'dir_settings_block', true);
}
if ($good_dirs == 0) {
$tpl->set_var(array('PATH_NAME' => '', 'FIELD_NAME' => '', 'CUR_WIDTH' => '', 'CUR_HEIGHT' => '', 'ROW_ID' => '', 'DISPLAY_NONE' => ' hide'));
$tpl->parse('dir_settings', 'dir_settings_block', true);
$tpl->set_var('NONE_FOUND', $MESSAGE['MEDIA_NONE_FOUND']);
$tpl->parse('settings', 'dir_settings_block', true);
}
} else {
$tpl->set_var('NONE_FOUND', $MESSAGE['MEDIA_NONE_FOUND']);
$tpl->parse('settings', 'dir_settings_block', true);
}
break;
}
// normal actions
switch ($actions) {
case 'media_upload':
$target_path = str_replace('\\', '/', LEPTON_PATH . MEDIA_DIRECTORY . $directory);
// Create relative path of the new dir name
$resizepath = MEDIA_DIRECTORY . $directory;
$resizepath = str_replace(array('/', ' '), '_', $resizepath);
// Find out whether we should replace files or give an error
$overwrite = $admin->get_post('overwrite') != '' ? true : false;
// convert to correct searchpattern
$allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD);
$good_uploads = 0;
// If the user chose to unzip the first file, unzip into the current folder
if (isset($_POST['unzip']) && $_POST['unzip'] == true) {
// include_once(get_include('thumb.php'));
if (isset($_FILES['upload']['error'][0]) && $_FILES['upload']['error'][0] == UPLOAD_ERR_OK) {
$src_file = isset($_FILES['upload']['name'][0]) ? $_FILES['upload']['name'][0] : null;
if ($src_file && preg_match('/\\.zip$/i', $src_file)) {
/*
* Callback function to skip files not in white-list
*/
function pclzipCheckValidFile($p_event, &$p_header)
{
// return 1;
$allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD);
$info = pathinfo($p_header['filename']);
$ext = isset($info['extension']) ? $info['extension'] : '';
$dots = substr($info['basename'], 0, 1) == '.' || substr($info['basename'], -1, 1) == '.';
if (preg_match('/' . $allowed_file_types . '$/i', $ext) && $dots != '.') {
// ----- allowed file types are extracted
return 1;
} else {
// ----- all other files are skiped
return 0;
}
}
/* ********************************* */
require_once get_include(LEPTON_PATH . '/modules/lib_lepton/pclzip/pclzip.lib.php');
$archive = new PclZip($_FILES['upload']['tmp_name'][0]);
$list = $archive->extract(PCLZIP_OPT_PATH, $target_path, PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile');
$good_uploads = sizeof($list);
if ($archive->error_code != 0) {
$admin->print_error('UNABLE TO UNZIP FILE' . ' :: ' . $archive->errorInfo(true), $backlink);
}
}
}
} else {
// proceed normal multi-upload
$file_count = sizeof($_FILES['upload']['error']);
for ($x = 0; $x < $file_count; $x++) {
// If file was upload to tmp
if (isset($_FILES['upload']['name'][$x])) {
// Remove bad characters
$filename = media_filename($_FILES['upload']['name'][$x]);
// Check if there is still a filename left and allowed filetyp
if ($filename != '' && preg_match("/\\." . $allowed_file_types . "\$/i", $filename)) {
// Move to relative path (in media folder)
if (file_exists($target_path . '/' . $filename) && $overwrite === true) {
if (move_uploaded_file($_FILES['upload']['tmp_name'][$x], $target_path . '/' . $filename)) {
$good_uploads++;
// Chmod the uploaded file
change_mode($target_path . '/' . $filename, 'file');
}
} elseif (!file_exists($target_path . '/' . $filename)) {
if (move_uploaded_file($_FILES['upload']['tmp_name'][$x], $target_path . '/' . $filename)) {
$good_uploads++;
// Chmod the uploaded file
change_mode($target_path . '/' . $filename);
}
}
if (file_exists($target_path . '/' . $filename) && preg_match("/\\." . $allowed_img_types . "\$/i", $filename)) {
if (isset($pathsettings[$resizepath])) {
include_once get_include(ADMIN_PATH . '/media/resize_img.php');
if ($pathsettings[$resizepath]['width'] || $pathsettings[$resizepath]['height']) {
$rimg = new RESIZEIMAGE($target_path . '/' . $filename);
$rimg->resize_limitwh($pathsettings[$resizepath]['width'], $pathsettings[$resizepath]['height'], $target_path . '/' . $filename);
$rimg->close();
}
}
}
// store file name of first file for possible unzip action
if ($x == 1) {
$filename1 = $target_path . '/' . $filename;
}
}
}
}
}
if (isset($_POST['delzip'])) {
if (file_exists($filename1)) {
unlink($filename1);
}
}
if ($good_uploads == 1) {
$admin->print_success($good_uploads . ' ' . $MESSAGE['MEDIA_SINGLE_UPLOADED'], $backlink);
} else {
$admin->print_success($good_uploads . ' ' . $MESSAGE['MEDIA_UPLOADED'], $backlink);
}
break;
case 'media_create':
// $directory = rawurldecode(trim(stripslashes($admin->get_post('current_dir'))));
// Remove bad characters from user folder name
$target = $admin->get_post('target') != null ? media_filename(trim(stripslashes($admin->get_post('target')))) : $current_dir;
$userPath = LEPTON_PATH . MEDIA_DIRECTORY;
$err_msg = array();
if ($target == null || $target == $current_dir) {
$err_msg[] = $MESSAGE['MEDIA_BLANK_NAME'];
} else {
// Try and make the dir
$target = trim($target, '.');
$dirname = $userPath . $current_dir . '/' . $target;
if (file_exists($dirname)) {
$err_msg[] = $MESSAGE['MEDIA_DIR_EXISTS'];
} else {
if (make_dir($dirname)) {
change_mode($dirname);
if (is_writable($dirname)) {
// Create default "index.php" file
$rel_pages_dir = str_replace(LEPTON_PATH . MEDIA_DIRECTORY, '', dirname($dirname));
$step_back = str_repeat('../', substr_count($rel_pages_dir, '/') + 1);
$content = '<?php' . "\n";
$content .= '// This file is generated by LEPTON Ver.' . VERSION . ';' . "\n";
$content .= "\t" . 'header(\'Location: ' . $step_back . 'index.php\');' . "\n";
$content .= '?>';
$filename = $dirname . '/index.php';
// write content into file
$handle = fopen($filename, 'w');
fwrite($handle, $content);
fclose($handle);
change_mode($filename, 'file');
} else {
$err_msg[] = $MESSAGE['GENERIC_BAD_PERMISSIONS'];
}
} else {
$err_msg[] = $MESSAGE['GENERIC_BAD_PERMISSIONS'];
}
}
}
if (sizeof($err_msg) > 0) {
$admin->print_error(implode('<br />', $err_msg));
} else {
$admin->print_success($MESSAGE['MEDIA_DIR_MADE'], $backlink);
}
break;
case 'media_delete':
$filetype = isset($_POST['filetype']) ? trim(stripslashes($admin->get_post('filetype'))) : '';
$filename = isset($_POST['filename']) ? trim(stripslashes($admin->get_post('filename'))) : '';
$relative_path = LEPTON_PATH . MEDIA_DIRECTORY . $directory;
// Find out whether its a file or folder
if ($filetype == 'dir') {
// Try and delete the directory
if (rm_full_dir($relative_path . '/' . $filename)) {
$admin->print_success($MESSAGE['MEDIA_DELETED_DIR'], $backlink);
} else {
$admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_DIR'], $backlink);
}
} elseif ($filetype == 'file') {
// Try and delete the file
if (unlink($relative_path . '/' . $filename)) {
$admin->print_success($MESSAGE['MEDIA_DELETED_FILE'], $backlink);
} else {
$admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_FILE'], $backlink);
}
} else {
$admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_FILE'], $backlink);
}
break;
}
// Parse template for preferences form
$tpl->parse('main', 'main_wrapper_block', false);
$tpl->parse('main', 'main_block', false);
$output = $tpl->finish($tpl->parse('output', 'page'));
return $output;
}
// Include the WB functions file
if (!defined('createFolderProtectFile')) {
require WB_PATH . '/framework/functions.php';
}
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Media', 'media_create', false);
// Get dir name and target location
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$name = isset(${$requestMethod}['name']) ? ${$requestMethod}['name'] : '';
// Check to see if name or target contains ../
if (strstr($name, '..')) {
$admin->print_header();
$admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH']);
}
// Remove bad characters
$name = trim(media_filename($name), '.');
// Target location
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$target = isset(${$requestMethod}['target']) ? ${$requestMethod}['target'] : '';
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
}
// After check print the header
$admin->print_header();
if (!check_media_path($target, false)) {
$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']);
}
// Create relative path of the new dir name
$directory = WB_PATH . $target . '/' . $name;
// Check to see if the folder already exists
/**
* Check the created or edited form and createor update the database records
* and return the dlgFormEdit() dialog.
*
* @return string dlgFormEdit() or false on error
*/
protected function checkFormEdit()
{
global $dbKITform;
global $dbKITformFields;
global $kitContactInterface;
global $dbKITformTableSort;
global $kitLibrary;
$checked = true;
$message = '';
$form_id = isset($_REQUEST[dbKITform::field_id]) ? $_REQUEST[dbKITform::field_id] : -1;
$form_data = $dbKITform->getFields();
unset($form_data[dbKITform::field_timestamp]);
foreach ($form_data as $field => $value) {
switch ($field) {
case dbKITform::field_id:
$form_data[$field] = $form_id;
break;
case dbKITform::field_name:
$form_data[$field] = isset($_REQUEST[$field]) ? $_REQUEST[$field] : '';
if (empty($form_data[$field])) {
$message .= $this->lang->translate('<p>The <b>form name</b> must contain 3 charactes at minimum!</p>');
$checked = false;
break;
}
$name = str_replace(' ', '_', strtolower(media_filename(trim($form_data[$field]))));
$SQL = sprintf("SELECT %s FROM %s WHERE %s='%s' AND %s!='%s'", dbKITform::field_id, $dbKITform->getTableName(), dbKITform::field_name, $name, dbKITform::field_status, dbKITform::status_deleted);
$result = array();
if (!$dbKITform->sqlExec($SQL, $result)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
if (count($result) > 0) {
if ($form_id > 0 && $result[0][dbKITform::field_id] !== $form_id) {
// Formular kann nicht umbenannt werden, der
// Bezeichner wird bereits verwendet
$message .= $this->lang->translate('<p>The form name can not changed to <b>{{ name }}</b>, this name is already in use by the form with the <b>ID {{ id }}</b>.</p>', array('name' => $name, 'id' => sprintf('%03d', $result[0][dbKITform::field_id])));
unset($_REQUEST[$field]);
$checked = false;
break;
} elseif ($form_id < 1) {
// Der Bezeichner wird bereits verwendet
$message .= $this->lang->translate('<p>The name <b>{{ name }}</b> is already in use by the form with the <b>ID {{ id }}</b>, please use another name!</p>', array('name' => $name, 'id' => sprintf('%03d', $result[0][dbKITform::field_id])));
unset($_REQUEST[$field]);
$checked = false;
break;
}
}
$form_data[$field] = $name;
break;
case dbKITform::field_title:
$form_data[$field] = isset($_REQUEST[$field]) ? $_REQUEST[$field] : '';
if (empty($form_data[$field]) || strlen($form_data[$field]) < 6) {
$message .= $this->lang->translate('<p>At minimum the form title must be 5 or more characters long!</p>');
$checked = false;
}
break;
case dbKITform::field_action:
case dbKITform::field_description:
case dbKITform::field_fields:
case dbKITform::field_must_fields:
$form_data[$field] = isset($_REQUEST[$field]) ? $_REQUEST[$field] : '';
break;
case dbKITform::field_status:
$form_data[$field] = isset($_REQUEST[$field]) ? $_REQUEST[$field] : dbKITform::status_locked;
if ($form_data[$field] == dbKITform::status_deleted) {
// Formular loeschen
$where = array(dbKITform::field_id => $form_id);
if (!$dbKITform->sqlDeleteRecord($where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
// Formular Items loeschen
$where = array(dbKITformFields::field_form_id => $form_id);
if (!$dbKITformFields->sqlDeleteRecord($where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
// es gibt nichts mehr zu tun, zurueck zur
// Uebersichtsliste
$this->lang->translate('<p>The form with the <b>ID {{ id }}</b> was successfully deleted.</p>', array('id' => sprintf('%03d', $form_id)));
return $this->dlgFormList();
}
break;
case dbKITform::field_provider_id:
$form_data[$field] = isset($_REQUEST[$field]) ? $_REQUEST[$field] : -1;
if ($form_data[$field] == -1) {
// kein Diensleister ausgewaehlt
$message .= $this->lang->translate('<p>Please select a service provider for this form!</p>');
$checked = false;
}
break;
case dbKITform::field_email_cc:
$cc = isset($_REQUEST[$field]) ? $_REQUEST[$field] : '';
if (!empty($cc)) {
// CC Adressen auslesen
$cc_arr = explode(',', $cc);
$new_arr = array();
foreach ($cc_arr as $email) {
if (!$kitLibrary->validateEMail(trim($email))) {
$message .= $this->lang->translate('<p>The email address <b>{{ email }}</b> is not valid, please check your input.</p>', array('email' => $email));
$checked = false;
}
$new_arr[] = trim($email);
}
$cc = implode(',', $new_arr);
}
$form_data[$field] = $cc;
break;
case dbKITform::field_email_html:
$form_data[$field] = isset($_REQUEST[$field]) ? $_REQUEST[$field] : dbKITform::html_off;
break;
case dbKITform::field_captcha:
$form_data[$field] = isset($_REQUEST[$field]) ? $_REQUEST[$field] : dbKITform::captcha_on;
break;
default:
// uebrige Felder ueberspringen
break;
}
}
// Action Links pruefen
$links = array();
foreach ($dbKITform->action_array as $key => $text) {
if (isset($_REQUEST[$key])) {
$links[$key] = $_REQUEST[$key];
}
}
// ... und uebernehmen
$form_data[dbKITform::field_links] = http_build_query($links);
// pruefen ob ein Feld entfernt werden soll oder ob Felder als
// Pflichtfelder gesetzt werden sollen
$fields = explode(',', $form_data[dbKITform::field_fields]);
$must_fields = explode(',', $form_data[dbKITform::field_must_fields]);
foreach ($fields as $key => $value) {
if ($value < 100) {
// KIT Felder
$field_name = array_search($value, $kitContactInterface->index_array);
if (!isset($_REQUEST[$field_name])) {
$message .= $this->lang->translate('<p>The datafield <b>{{ field }}</b> was removed.</p>', array('field' => $kitContactInterface->field_array[$field_name]));
unset($fields[$key]);
}
if (isset($_REQUEST['must_' . $field_name]) && !in_array($value, $must_fields)) {
$must_fields[] = $value;
}
} else {
// allgemeine Felder
$further_check = true;
$where = array(dbKITformFields::field_id => $value);
$data = array();
if (!$dbKITformFields->sqlSelectRecord($where, $data)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
if (count($data) < 1) {
continue;
/**
*
* @todo continue instead prompting error is only a workaround!
*/
// $this->setError(sprintf('[%s - %s] %s', __METHOD__,
// __LINE__, kit_error_invalid_id));
// return false;
}
$data = $data[0];
$field_name = $data[dbKITformFields::field_name];
$field_id = $data[dbKITformFields::field_id];
if (!isset($_REQUEST[$field_name])) {
// Feld entfernen
$message .= $this->lang->translate('<p>The datafield <b>{{ field }}</b> was removed.</p>', array('field' => $field_name));
unset($fields[$key]);
$further_check = false;
// Tabelle aktualisieren
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlDeleteRecord($where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
}
if (isset($_REQUEST["must_{$field_name}"]) && !in_array($value, $must_fields)) {
$must_fields[] = $value;
}
if ($further_check) {
// erweiterte Pruefung der Felder in Abhaenigkeit des Feld
// Typen
switch ($data[dbKITformFields::field_type]) {
case dbKITformFields::type_text:
// Einfache Text Eingabefelder pruefen
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => isset($_REQUEST['default_' . $field_name]) ? $_REQUEST['default_' . $field_name] : '', dbKITformFields::field_data_type => isset($_REQUEST['data_type_' . $field_name]) ? $_REQUEST['data_type_' . $field_name] : dbKITformFields::data_type_text, dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '');
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_text_area:
// textarea pruefen
// first we have to check the additional settings for count and limit characters
$additional = array();
if (isset($_REQUEST["limit_chars_{$field_name}"])) {
if (intval($_REQUEST["limit_chars_{$field_name}"]) > 65534) {
$additional['limit_chars'] = 65534;
} elseif (intval($_REQUEST["limit_chars_{$field_name}"]) < 1) {
$additional['limit_chars'] = -1;
} else {
$additional['limit_chars'] = intval($_REQUEST["limit_chars_{$field_name}"]);
}
} else {
$additional['limit_chars'] = -1;
}
if ($additional['limit_chars'] > -1 || isset($_REQUEST["count_chars_{$field_name}"])) {
$additional['count_chars'] = 1;
} else {
$additional['count_chars'] = 0;
}
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => isset($_REQUEST['default_' . $field_name]) ? $_REQUEST['default_' . $field_name] : '', dbKITformFields::field_data_type => dbKITformFields::data_type_text, dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '', dbKITformFields::field_type_add => http_build_query($additional));
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_file:
// FILE Type
$settings = array();
$parse = str_replace('&', '&', $data[dbKITformFields::field_type_add]);
parse_str($parse, $settings);
$upload_max_filesize = $this->convertBytes(ini_get('upload_max_filesize'));
$post_max_size = $this->convertBytes(ini_get('post_max_size'));
$max_filesize = $upload_max_filesize;
if ($upload_max_filesize > $post_max_size) {
$max_filesize = $post_max_size;
}
// check if the field NAME has changed ...
if ($settings['upload_method']['name'] != "upload_method_{$field_name}") {
$settings['upload_method']['name'] = "upload_method_{$field_name}";
$settings['file_types']['name'] = "file_types_{$field_name}";
$settings['max_file_size']['name'] = "max_file_size_{$field_name}";
}
// update settings ...
if (isset($_REQUEST["upload_method_{$field_name}"])) {
// check the upload method
$dummy = strtolower($_REQUEST["upload_method_{$field_name}"]);
switch ($dummy) {
case 'standard':
$settings['upload_method']['value'] = 'standard';
break;
case 'uploadify':
if (!file_exists(LEPTON_PATH . '/modules/kit_uploader/info.php')) {
// missing kitUploader
$message .= $this->lang->translate('<p>To use the upload method <b>uploadify</b> kitUploader must be installed!</p>');
$settings['upload_method']['value'] = 'standard';
break;
}
$settings['upload_method']['value'] = 'uploadify';
break;
default:
$checked = false;
$message .= $this->lang->translate('<p>Unknown upload method: <b>{{ method }}</b>, allowed methods are <i>standard</i> or <i>uploadify</i>.</p>', array('method' => $dummy));
$settings['upload_method']['value'] = 'standard';
break;
}
} else {
$settings['upload_method']['value'] = 'standard';
}
if (isset($_REQUEST["file_types_{$field_name}"])) {
// set allowed file extensions, grant lowercase
// and remove spaces
$dummy = strtolower($_REQUEST["file_types_{$field_name}"]);
$dummy = str_replace(' ', '', $dummy);
$settings['file_types']['value'] = $dummy;
} else {
$settings['file_types']['value'] = $this->file_allowed_filetypes;
}
if (isset($_REQUEST["max_file_size_{$field_name}"])) {
$max = (int) $_REQUEST["max_file_size_{$field_name}"];
if ($max * 1024 * 1024 > $max_filesize) {
$max = $max_filesize / 1024 / 1024;
$message .= $this->lang->translate('<p>System does not allow uploads greater than <b>{{ max_filesize }} MB</b>. Please contact your webmaster to increase this value.</p>', array('max_filesize' => $max_filesize / 1024 / 1024));
}
$settings['max_file_size']['value'] = $max;
} else {
$settings['max_file_size']['value'] = $max_filesize / 1024 / 1024;
}
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => '', dbKITformFields::field_data_type => dbKITformFields::data_type_undefined, dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '', dbKITformFields::field_type_add => http_build_query($settings));
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_checkbox:
// CHECKBOX pruefen
$cboxes = array();
$parse = str_replace('&', '&', $data[dbKITformFields::field_type_add]);
parse_str($parse, $cboxes);
$checkboxes = array();
foreach ($cboxes as $checkbox) {
$cb_name = $checkbox['name'];
if (!isset($_REQUEST['cb_active_' . $cb_name])) {
continue;
}
if (!empty($_REQUEST['cb_value_' . $cb_name])) {
$checkbox['value'] = $_REQUEST['cb_value_' . $cb_name];
}
if (!empty($_REQUEST['cb_text_' . $cb_name])) {
$checkbox['text'] = $_REQUEST['cb_text_' . $cb_name];
}
$checkbox['checked'] = isset($_REQUEST['cb_checked_' . $cb_name]) ? 1 : 0;
$checkboxes[] = $checkbox;
}
// neue Checkboxen dazunehmen
if (isset($_REQUEST['cb_active_' . $field_id])) {
// es soll eine neue Checkbox uebernommen werden
if (isset($_REQUEST['cb_value_' . $field_id]) && !empty($_REQUEST['cb_value_' . $field_id]) && isset($_REQUEST['cb_text_' . $field_id]) && !empty($_REQUEST['cb_text_' . $field_id])) {
// ok - checkbox uebernehmen
$value = str_replace(' ', '_', strtolower(media_filename($_REQUEST['cb_value_' . $field_id])));
$checkboxes[] = array('name' => $field_id . '_' . $value, 'value' => $value, 'text' => $_REQUEST['cb_text_' . $field_id], 'checked' => isset($_REQUEST['cb_checked_' . $field_id]) ? 1 : 0);
} else {
// Definition der Checkbox ist nicht
// vollstaendig
$message .= $this->lang->translate('<p>The definition of the new checkbox is not complete. Please specify a <b>value</b> and a <b>text</b> for it!</p>');
}
}
// allgemeine Daten der Checkbox pruefen
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => isset($_REQUEST['default_' . $field_name]) ? $_REQUEST['default_' . $field_name] : '', dbKITformFields::field_data_type => dbKITformFields::data_type_undefined, dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '', dbKITformFields::field_type_add => http_build_query($checkboxes));
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_radio:
// RADIOBUTTON pruefen
$rbuttons = array();
$parse = str_replace('&', '&', $data[dbKITformFields::field_type_add]);
parse_str($parse, $rbuttons);
$radios = array();
foreach ($rbuttons as $radio) {
$rb_name = $radio['name'];
if (!isset($_REQUEST['rb_active_' . $rb_name])) {
continue;
}
if (!empty($_REQUEST['rb_value_' . $rb_name])) {
$radio['value'] = $_REQUEST['rb_value_' . $rb_name];
}
if (!empty($_REQUEST['rb_text_' . $rb_name])) {
$radio['text'] = $_REQUEST['rb_text_' . $rb_name];
}
$radio['checked'] = isset($_REQUEST['rb_checked_' . $field_name]) && $_REQUEST['rb_checked_' . $field_name] == $radio['value'] ? 1 : 0;
$radios[] = $radio;
}
// neuen Radiobutton dazunehmen
if (isset($_REQUEST['rb_active_' . $field_id])) {
// es soll eine neuer Radio uebernommen werden
if (isset($_REQUEST['rb_value_' . $field_id]) && !empty($_REQUEST['rb_value_' . $field_id]) && isset($_REQUEST['rb_text_' . $field_id]) && !empty($_REQUEST['rb_text_' . $field_id])) {
// ok - radiobutton uebernehmen
$value = str_replace(' ', '_', strtolower(media_filename($_REQUEST['rb_value_' . $field_id])));
$radios[] = array('name' => $field_id . '_' . $value, 'value' => $value, 'text' => $_REQUEST['rb_text_' . $field_id], 'checked' => 0);
} else {
// Definition der Checkbox ist nicht
// vollstaendig
$message .= $this->lang->translate('<p>The definition of the new radiobutton is not complete. Please specify a <b>value</b> and a <b>text</b> for it!</p>');
}
}
// allgemeine Daten der Radiobuttons pruefen
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => isset($_REQUEST['default_' . $field_name]) ? $_REQUEST['default_' . $field_name] : '', dbKITformFields::field_data_type => dbKITformFields::data_type_undefined, dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '', dbKITformFields::field_type_add => http_build_query($radios));
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_select:
// SELECT Auswahlliste pruefen
$sOptions = array();
$parse = str_replace('&', '&', $data[dbKITformFields::field_type_add]);
parse_str($parse, $sOptions);
$options = array();
foreach ($sOptions as $option) {
$opt_name = $option['name'];
if (!isset($_REQUEST['opt_active_' . $opt_name])) {
continue;
}
if (!empty($_REQUEST['opt_value_' . $opt_name])) {
$option['value'] = $_REQUEST['opt_value_' . $opt_name];
}
if (!empty($_REQUEST['opt_text_' . $opt_name])) {
$option['text'] = $_REQUEST['opt_text_' . $opt_name];
}
$option['checked'] = isset($_REQUEST['opt_checked_' . $field_name]) && $_REQUEST['opt_checked_' . $field_name] == $option['value'] ? 1 : 0;
$options[] = $option;
}
// neues Auswahlfeld dazunehmen
if (isset($_REQUEST['opt_active_' . $field_id])) {
// es soll eine neuer OPTION Eintrag uebernommen
// werden
if (isset($_REQUEST['opt_value_' . $field_id]) && !empty($_REQUEST['opt_value_' . $field_id]) && isset($_REQUEST['opt_text_' . $field_id]) && !empty($_REQUEST['opt_text_' . $field_id])) {
// ok - OPTION uebernehmen
$value = str_replace(' ', '_', strtolower(media_filename($_REQUEST['opt_value_' . $field_id])));
$options[] = array('name' => $field_id . '_' . $value, 'value' => $value, 'text' => $_REQUEST['opt_text_' . $field_id], 'checked' => 0);
} else {
// Definition der Auswahlliste ist nicht
// vollstaendig
$message .= $this->lang->translate('<p>The definition of the new selection list is not complete. Please specify a <b>value</b> and a <b>text</b> for it!</p>');
}
}
// allgemeine Daten der Auswahlliste pruefen
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => isset($_REQUEST['size_' . $field_name]) ? $_REQUEST['size_' . $field_name] : '1', dbKITformFields::field_data_type => dbKITformFields::data_type_undefined, dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '', dbKITformFields::field_type_add => http_build_query($options));
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_html:
// Daten fuer das HTML Feld pruefen
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => isset($_REQUEST['html_' . $field_name]) ? $_REQUEST['html_' . $field_name] : '', dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '', dbKITformFields::field_data_type => dbKITformFields::data_type_text);
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_hidden:
// Daten fuer versteckte Felder pruefen
$field_data = array(dbKITformFields::field_name => isset($_REQUEST['name_' . $field_name]) ? $_REQUEST['name_' . $field_name] : 'free_' . $field_id, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => isset($_REQUEST['value_' . $field_name]) ? $_REQUEST['value_' . $field_name] : '', dbKITformFields::field_data_type => dbKITformFields::data_type_text);
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
case dbKITformFields::type_delayed:
// check the data for delayed transmissions
$type_add = array();
if (isset($_REQUEST['text_' . $field_name])) {
$type_add = array('text' => $_REQUEST['text_' . $field_name]);
}
$field_data = array(dbKITformFields::field_name => dbKITformFields::kit_delayed_transmission, dbKITformFields::field_title => isset($_REQUEST['title_' . $field_name]) ? $_REQUEST['title_' . $field_name] : 'title_' . $field_id, dbKITformFields::field_value => 1, dbKITformFields::field_data_type => dbKITformFields::data_type_integer, dbKITformFields::field_hint => isset($_REQUEST['hint_' . $field_name]) ? $_REQUEST['hint_' . $field_name] : '', dbKITformFields::field_type_add => http_build_query($type_add));
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($field_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
break;
default:
$message .= $this->lang->translate('<p>The datatype {{ datatype }} is not supported!</p>', array('datatype' => $data[dbKITformFields::field_type]));
}
}
}
}
$form_data[dbKITform::field_fields] = implode(',', $fields);
// pruefen ob Pflichtfelder zurueckgestuft werden sollen
foreach ($must_fields as $key => $value) {
if ($value < 100) {
// KIT Felder
$field_name = array_search($value, $kitContactInterface->index_array);
if (!isset($_REQUEST['must_' . $field_name])) {
unset($must_fields[$key]);
}
} else {
// allgemeine Felder
$where = array(dbKITformFields::field_id => $value);
$data = array();
if (!$dbKITformFields->sqlSelectRecord($where, $data)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
if (count($data) < 1) {
continue;
/**
*
* @todo continue is only a workaround, what is the reason for
* invalid ids?
*/
// $this->setError(sprintf('[%s - %s] %s', __METHOD__,
// __LINE__, kit_error_invalid_id));
// return false;
}
$field_name = $data[0][dbKITformFields::field_name];
if (!isset($_REQUEST["must_{$field_name}"])) {
unset($must_fields[$key]);
}
}
}
$form_data[dbKITform::field_must_fields] = implode(',', $must_fields);
if ($checked) {
// Datensatz fuer das Formular uebernehmen oder aktualisieren
if ($form_id > 0) {
// Datensatz aktualisieren
$where = array(dbKITform::field_id => $form_id);
if (!$dbKITform->sqlUpdateRecord($form_data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
$message .= $this->lang->translate('<p>The form with the <b>ID {{ id }}</b> was updated.</p>', array('id' => $form_id));
} else {
// Datensatz einfuegen
if (!$dbKITform->sqlInsertRecord($form_data, $form_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
$message .= $this->lang->translate('<p>The form with the <b>ID {{ id }}</b> was successfully created.</p>', array('id' => $form_id));
}
// $_REQUEST's zuruecksetzen
foreach ($form_data as $field => $value) {
if (isset($_REQUEST[$field])) {
unset($_REQUEST[$field]);
}
}
// FORM_ID setzen
$_REQUEST[dbKITform::field_id] = $form_id;
}
// KIT Datenfelder hinzufuegen
$kit_fields = $kitContactInterface->index_array;
if (isset($_REQUEST[self::request_add_kit_field]) && array_key_exists($_REQUEST[self::request_add_kit_field], $kit_fields)) {
$new_field = $_REQUEST[self::request_add_kit_field];
if ($form_id > 0) {
// Formular ist gueltig, neues Datenfeld einfuegen
$fields = explode(',', $form_data[dbKITform::field_fields]);
$fields[] = $kit_fields[$new_field];
$where = array(dbKITform::field_id => $form_id);
$form_data[dbKITform::field_fields] = implode(',', $fields);
// nur die Felder aktualisieren
$data = array(dbKITform::field_fields => $form_data[dbKITform::field_fields]);
if (!$dbKITform->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
$message .= $this->lang->translate('<p>The KIT datafield <b>{{ field }}</b> was added to the form.</p>', array('field' => $kitContactInterface->field_array[$new_field]));
} else {
// Formular ist noch nicht aktiv
$message .= $this->lang->translate('<p>Please save the new form before you insert the datafield <b>{{ field }}</b>!</p>', array('field' => $kitContactInterface->field_array[$new_field]));
}
}
// Allgemeine Felder hinzufuegen
if (isset($_REQUEST[self::request_add_free_field]) && $_REQUEST[self::request_add_free_field] != -1) {
if (isset($_REQUEST[self::request_free_field_title]) && $_REQUEST[self::request_free_field_title] !== $this->lang->translate('Enter title ...') && !empty($_REQUEST[self::request_free_field_title])) {
if ($form_id > 0) {
// Formular ist gueltig, neues Datenfeld hinzufuegen
$data = array(dbKITformFields::field_type => $_REQUEST[self::request_add_free_field], dbKITformFields::field_title => $_REQUEST[self::request_free_field_title], dbKITformFields::field_form_id => $form_id);
$field_id = -1;
if (!$dbKITformFields->sqlInsertRecord($data, $field_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
if ($data[dbKITformFields::field_type] == dbKITformFields::type_file) {
// create settings for file uploads
$upload_max_filesize = $this->convertBytes(ini_get('upload_max_filesize'));
$post_max_size = $this->convertBytes(ini_get('post_max_size'));
$max_filesize = $upload_max_filesize;
$settings = array('upload_method' => array('label' => 'Upload method', 'name' => "upload_method_free_{$field_id}", 'value' => 'standard'), 'file_types' => array('label' => 'Allowed filetypes', 'name' => "file_types_free_{$field_id}", 'value' => $this->file_allowed_filetypes), 'max_file_size' => array('label' => 'max. filesize (MB)', 'name' => "max_file_size_free_{$field_id}", 'value' => $max_filesize / 1024 / 1024));
$data = array(dbKITformFields::field_name => "free_{$field_id}", dbKITformFields::field_type_add => http_build_query($settings));
} elseif ($data[dbKITformFields::field_type] == dbKITformFields::type_delayed) {
// create settings for delayed transmissions
$data = array(dbKITformFields::field_name => dbKITformFields::kit_delayed_transmission, dbKITformFields::field_value => 1);
} else {
// create all other fields ...
$data = array(dbKITformFields::field_name => "free_{$field_id}");
}
$where = array(dbKITformFields::field_id => $field_id);
if (!$dbKITformFields->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
$fields = explode(',', $form_data[dbKITform::field_fields]);
$fields[] = $field_id;
$where = array(dbKITform::field_id => $form_id);
$form_data[dbKITform::field_fields] = implode(',', $fields);
$data[dbKITform::field_fields] = $form_data[dbKITform::field_fields];
if (!$dbKITform->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
$message .= $this->lang->translate('<p>The general datafield <b>{{ field }}</b> was added to the form.</p>', array('field' => $_REQUEST[self::request_free_field_title]));
} else {
// Formular ist noch nicht aktiv
$message .= $this->lang->translate('<p>Please save the new form before you insert the datafield <b>{{ field }}</b>!</p>', array('field' => $_REQUEST[self::request_free_field_title]));
}
} else {
// Titel fehlt oder ist unguelig
$message .= $this->lang->translate('<p>Please select a datafield <b>and</b> specify a title for the new field!</p>');
}
}
// Sortierung pruefen
$where = array(dbKITformTableSort::field_value => $form_id, dbKITformTableSort::field_table => 'mod_kit_form');
$sorter = array();
if (!$dbKITformTableSort->sqlSelectRecord($where, $sorter)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformTableSort->getError()));
return false;
}
if (count($sorter) > 0) {
$form_fields = explode(',', $form_data[dbKITform::field_fields]);
$sort_fields = explode(',', $sorter[0][dbKITformTableSort::field_order]);
// erster Schritt: Sortierfeld bereinigen
$unset = array_diff($sort_fields, $form_fields);
foreach ($unset as $id) {
$key = array_search($id, $sort_fields);
unset($sort_fields[$key]);
}
// zweiter Schritt: Sortierfeld ergaenzen
$add = array_diff($form_fields, $sort_fields);
foreach ($add as $id) {
$sort_fields[] = $id;
}
// letzter Schritt: Sortierfeld uebernehmen
$form_data[dbKITform::field_fields] = implode(',', $sort_fields);
$where = array(dbKITform::field_id => $form_id);
// nur die Sortierung aktualisieren
$data = array(dbKITform::field_fields => $form_data[dbKITform::field_fields]);
if (!$dbKITform->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
}
$this->setMessage($message);
return $this->dlgFormEdit();
}
/**
* Ueberprueft das Formular, zeigt das Formular bei Fehlern erneut an.
* Wenn alles in Ordnung ist, werden die Daten gesichert und
* Benachrichtigungs E-Mails versendet.
*
* @return string FORMULAR oder ERFOLGSMELDUNG
*/
protected function checkForm()
{
global $dbKITform;
global $dbKITformFields;
global $kitContactInterface;
global $kitLibrary;
global $dbKITformData;
global $dbContact;
global $dbKITdirList;
global $dbCfg;
global $dbMemos;
if (!isset($_REQUEST[dbKITform::field_id])) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('Missing the form ID!')));
return false;
}
$form_id = $_REQUEST[dbKITform::field_id];
$where = array(dbKITform::field_id => $form_id);
$form = array();
if (!$dbKITform->sqlSelectRecord($where, $form)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITform->getError()));
return false;
}
if (count($form) < 1) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('The ID {{ id }} is invalid!', array('id' => $form_id))));
return false;
}
$form = $form[0];
// pruefen, ob eine Aktion ausgefuehrt werden soll
switch ($form[dbKITform::field_action]) {
case dbKITform::action_login:
return $this->checkLogin($form);
case dbKITform::action_logout:
return $this->Logout($form);
case dbKITform::action_send_password:
return $this->sendNewPassword($form);
case dbKITform::action_change_password:
return $this->changePassword($form);
case dbKITform::action_newsletter:
// return $this->subscribeNewsletter ( $form );
// return $this->subscribeNewsletter ( $form );
case dbKITform::action_register:
case dbKITform::action_account:
/*
* Diese speziellen Aktionen werden erst durchgefuehrt, wenn die
* allgemeinen Daten bereits geprueft sind
*/
/*
* Diese speziellen Aktionen werden erst durchgefuehrt, wenn die
* allgemeinen Daten bereits geprueft sind
*/
default:
// nothing to do - go ahead...
}
$message = '';
$checked = true;
// CAPTCHA pruefen?
if ($form[dbKITform::field_captcha] == dbKITform::captcha_on) {
unset($_SESSION['kf_captcha']);
if (!isset($_REQUEST['captcha']) || $_REQUEST['captcha'] != $_SESSION['captcha']) {
$message .= $this->lang->translate('<p>The CAPTCHA code is not correct, please try again!</p>');
$checked = false;
}
}
// check wait for seconds
if (isset($_REQUEST['wait_seconds']) && (int) $_REQUEST['wait_seconds'] > 0 && isset($_REQUEST['wait_start'])) {
$start = (int) $_REQUEST['wait_start'];
$seconds = (int) ($_REQUEST['wait_seconds'] / 100);
$stop = mktime(date('H', $start), date('i', $start), date('s', $start) + $seconds, date('m', $start), date('d', $start), date('Y', $start));
if ($stop > time()) {
$message .= $this->lang->translate('<p>You have submitted the form to early, please wait for the specified seconds (SPAM protection).</p>');
$checked = false;
}
}
// zuerst die Pflichtfelder pruefen
$must_array = explode(',', $form[dbKITform::field_must_fields]);
if (in_array('20', $must_array)) {
// special: key must transformed!
$key = array_search('20', $must_array);
unset($must_array[$key]);
$must_array[] = 18;
$must_array[] = 19;
}
foreach ($must_array as $must_id) {
if ($must_id < 100) {
// IDs 1-99 sind fuer KIT reserviert
if (false === ($field_name = array_search($must_id, $kitContactInterface->index_array))) {
// $field_id nicht gefunden
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('The field with the <b>ID {{ id }}</b> is no KIT datafield!', array('id' => $must_id))));
return false;
}
if (!isset($_REQUEST[$field_name]) || empty($_REQUEST[$field_name])) {
// Feld muss gesetzt sein
$message .= $this->lang->translate('<p>The field <b>{{ field }}</b> must be filled out.</p>', array('field' => $kitContactInterface->field_array[$field_name]));
$checked = false;
} elseif ($field_name == kitContactInterface::kit_email) {
// check email address
if (isset($_REQUEST[kitContactInterface::kit_email_retype]) && $_REQUEST[kitContactInterface::kit_email] != $_REQUEST[kitContactInterface::kit_email_retype]) {
// comparing email and retyped email address failed ...
unset($_REQUEST[kitContactInterface::kit_email_retype]);
$message .= $this->lang->translate('<p>The email address and the retyped email address does not match!</p>');
$checked = false;
} elseif (!$kitLibrary->validateEMail($_REQUEST[kitContactInterface::kit_email])) {
// checking email address failed ...
unset($_REQUEST[kitContactInterface::kit_email_retype]);
$message .= $this->lang->translate('<p>The email address <b>{{ email }}</b> is not valid, please check your input.</p>', array('email' => $_REQUEST[kitContactInterface::kit_email]));
$checked = false;
}
}
} else {
// freie Datenfelder
$where = array(dbKITformFields::field_id => $must_id);
$field = array();
if (!$dbKITformFields->sqlSelectRecord($where, $field)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
if (count($field) < 1) {
continue;
/**
*
* @todo only a workaround ...
*/
// $this->setError (sprintf('[%s - %s] %s', __METHOD__,
// __LINE__, sprintf ( kit_error_invalid_id, $must_id ) ));
// return false;
}
$field = $field[0];
$field_name = $field[dbKITformFields::field_name];
if ($field[dbKITformFields::field_type] == dbKITformFields::type_file) {
// file upload?
continue;
} elseif (!isset($_REQUEST[$field_name]) || empty($_REQUEST[$field_name])) {
// Feld muss gesetzt sein
$message .= $this->lang->translate('<p>The field <b>{{ field }}</b> must be filled out.</p>', array('field' => $field[dbKITformFields::field_title]));
$checked = false;
} else {
// erweiterte Pruefung
switch ($field[dbKITformFields::field_data_type]) {
case dbKITformFields::data_type_date:
if (false === ($timestamp = strtotime($_REQUEST[$field_name]))) {
$message .= $this->lang->translate('<p><b>{{ value }}</b> is not a valid date, please check your input!</p>', array('value' => $_REQUEST[$field_name]));
$checked = false;
}
break;
default:
// alle anderen Datentypen ohne Pruefung...
}
}
}
}
// foreach
// special: check if kit_birthday is valid
$kit_birthday = '';
if (isset($_REQUEST[kitContactInterface::kit_birthday])) {
if (strpos($_REQUEST[kitContactInterface::kit_birthday], cfg_date_separator) == false && in_array($kitContactInterface->index_array[kitContactInterface::kit_birthday], $must_array)) {
$message .= $this->lang->translate('<p>Please type in the birthday like <b>{{ date_str }}</b>.</p>', array('date_str' => cfg_date_str));
$checked = false;
} elseif (!empty($_REQUEST[kitContactInterface::kit_birthday])) {
$barray = explode(cfg_date_separator, $_REQUEST[kitContactInterface::kit_birthday]);
$df = explode(cfg_date_separator, cfg_date_str);
if (count($barray) == 3) {
$da = array();
for ($i = 0; $i < 3; $i++) {
$da[$df[$i]] = $barray[$i];
}
if ($da['Y'] < 100) {
$da['Y'] = 1900 + $da['Y'];
}
if ($da['Y'] < 1900 || $da['Y'] > date('Y') || $da['m'] < 1 || $da['m'] > 12 || $da['d'] < 1 || $da['d'] > 31) {
$checked = false;
$message .= $this->lang->translate('<p>The date <b>{{ date }}</b> is invalid!</p>', array('date' => $_REQUEST[kitContactInterface::kit_birthday]));
}
if ($checked && false !== ($date = mktime(0, 0, 0, $da['m'], $da['d'], $da['Y']))) {
$kit_birthday = $date;
} elseif ($checked) {
$checked = false;
$message .= $this->lang->translate('<p>The date <b>{{ date }}</b> is invalid!</p>', array('date' => $_REQUEST[kitContactInterface::kit_birthday]));
}
} else {
// date is invalid
$message .= $this->lang->translate('<p>Please type in the birthday like <b>{{ date_str }}<b>.</p>', array('date_str' => cfg_date_str));
$checked = false;
}
}
}
// file upload?
$uploaded_files = array();
$uploaded_files['count'] = 0;
$file_array = array();
if ($checked) {
$where = array(dbKITformFields::field_form_id => $form_id, dbKITformFields::field_type => dbKITformFields::type_file);
if (!$dbKITformFields->sqlSelectRecord($where, $file_array)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
if (count($file_array) > 0) {
// check the protected upload directory
$upload_path = WB_PATH . MEDIA_DIRECTORY . DIRECTORY_SEPARATOR . self::PROTECTION_FOLDER;
if (!file_exists($upload_path)) {
if (!mkdir($upload_path, 0755, true)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('Error creating the directory <b>{{ directory }}</b>.', array('directory' => $upload_path))));
return false;
}
}
// check if .htaccess and .htpasswd exists...
if (!file_exists($upload_path . DIRECTORY_SEPARATOR . '.htaccess') || !file_exists($upload_path . DIRECTORY_SEPARATOR . '.htpasswd')) {
if (!$this->createProtection()) {
return false;
}
}
// get the email address
$email = $_REQUEST[kitContactInterface::kit_email];
// the user directory for this upload - the directory will be
// created when moving the uploaded file!
$upload_path .= DIRECTORY_SEPARATOR . self::CONTACTS_FOLDER . DIRECTORY_SEPARATOR . $email[0] . DIRECTORY_SEPARATOR . $email . DIRECTORY_SEPARATOR . self::USER_FOLDER . DIRECTORY_SEPARATOR . date('ymd-His') . DIRECTORY_SEPARATOR;
}
foreach ($file_array as $file) {
$parse = str_replace('&', '&', $file[dbKITformFields::field_type_add]);
parse_str($parse, $settings);
$method = $settings['upload_method']['value'];
if ($method == 'standard') {
// method: standard - check the file uploads
if (!isset($_FILES[$file[dbKITformFields::field_name]]) && in_array($file[dbKITformFields::field_id], $must_array)) {
// file upload is a MUST field
$message .= $this->lang->translate('<p>The field <b>{{ field }}</b> must be filled out.</p>', array('field' => $kitContactInterface->field_array[$field_name]));
$checked = false;
// go ahead...
continue;
}
if (isset($_FILES[$file[dbKITformFields::field_name]]) && is_uploaded_file($_FILES[$file[dbKITformFields::field_name]]['tmp_name'])) {
// file was uploaded with the standard method
if ($_FILES[$file[dbKITformFields::field_name]]['error'] == UPLOAD_ERR_OK) {
// upload without error
if ($checked) {
$fext = explode('.', $_FILES[$file[dbKITformFields::field_name]]['name']);
// file extension
$ext = strtolower(end($fext));
if (in_array($ext, $this->general_excluded_extensions)) {
// disallowed file or filetype - delete
// uploaded file
$message .= $this->lang->translate('<p>The file {{ file }} is member of a blacklist or use a disallowed file extension.</p>', array('file' => basename($_FILES[$file[dbKITformFields::field_name]]['name'])));
$checked = false;
}
// get the settings for this file
$parse = str_replace('&', '&', $file[dbKITformFields::field_type_add]);
parse_str($parse, $settings);
if (!empty($settings['file_types'])) {
$ext_array = explode(',', $settings['file_types']['value']);
if (!in_array($ext, $ext_array)) {
$message .= $this->lang->translate('<p>Please upload only files with the extension <b>{{ extensions }}</b>, the file {{ file }} is refused.</p>', array('extensions' => implode(', ', $ext_array), 'file' => basename($_FILES[$file[dbKITformFields::field_name]]['name'])));
$checked = false;
}
}
if ($_FILES[$file[dbKITformFields::field_name]]['size'] > $settings['max_file_size']['value'] * 1024 * 1024) {
$message .= $this->lang->translate('<p>The file size exceeds the limit of {{ size }} MB.</p>', array('size' => $settings['max_file_size']['value']));
$checked = false;
}
}
if (!$checked) {
// not checked - delete the file and continue
@unlink($_FILES[$file[dbKITformFields::field_name]]['tmp_name']);
continue;
}
// now create the directory
if (!file_exists($upload_path)) {
if (!mkdir($upload_path, 0755, true)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('Error creating the directory <b>{{ directory }}</b>.', array('directory' => $upload_path))));
return false;
}
}
$mf = media_filename($_FILES[$file[dbKITformFields::field_name]]['name']);
if (!move_uploaded_file($_FILES[$file[dbKITformFields::field_name]]['tmp_name'], $upload_path . $mf)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('Error moving the file <b>{{ file }}</b> to the target directory!', array('file' => $_FILES[$file[dbKITformFields::field_name]]['name']))));
return false;
}
// create dbKITdirList entry
$data = array(dbKITdirList::field_count => 0, dbKITdirList::field_date => date('Y-m-d H:i:s'), dbKITdirList::field_file => $mf, dbKITdirList::field_path => $upload_path . $mf, dbKITdirList::field_user => $email);
$file_id = -1;
if (!$dbKITdirList->sqlInsertRecord($data, $file_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITdirList->getError()));
return false;
}
// add $file_id to the uploaded files ...
$uploaded_files['count'] += 1;
$uploaded_files['items'][$file_id] = array('id' => $file_id, 'name' => $mf, 'name_origin' => $_FILES[$file[dbKITformFields::field_name]]['name'], 'size' => $_FILES[$file[dbKITformFields::field_name]]['size'], 'path' => substr($upload_path . $mf, strlen(WB_PATH)), 'download' => WB_URL . '/modules/kit/kdl.php?id=' . $file_id);
$contact_id = -1;
if (!$kitContactInterface->isEMailRegistered($email, $contact_id)) {
if ($kitContactInterface->isError()) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
// contact does not exists
$data = array(kitContactInterface::kit_email => $email);
if (!$kitContactInterface->addContact($data, $contact_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
}
/*
* see setting notice for uploads below! no longer needed!
// add notice to KIT
$kitContactInterface->addNotice($contact_id, $this->lang->translate('[kitForm] File <a href="{{ link }}">{{ file }}</a> uploaded.', array(
'link' => WB_URL.'/modules/kit/kdl.php?id='.$file_id,
'file' => $mf)));
*/
} else {
// handling upload errors
switch ($_FILES[$file[dbKITformFields::field_name]]['error']) {
case UPLOAD_ERR_INI_SIZE:
$message .= $this->lang->translate('<p>The file size exceeds the php.ini directive "upload_max_size" <b>{{ size }}</b>.</p>', array('size' => ini_get('upload_max_filesize')));
$checked = false;
break;
case UPLOAD_ERR_PARTIAL:
$message .= $this->lang->translate('<p>The file <b>{{ file }}</b> was uploaded partial.</p>', array('file' => $_FILES[dbKITformFields::field_name]['name']));
$checked = false;
break;
default:
$message .= $this->lang->translate('<p>Unspecified error, no description available.</p>');
$checked = false;
}
// delete temporary file
@unlink($_FILES[$file[dbKITformFields::field_name]]['tmp_name']);
}
}
} else {
// method: uploadify
if (isset($_REQUEST['upload_delete']) && !empty($_REQUEST['upload_delete']) && isset($_REQUEST['upload_id'])) {
// if 'upload_delete' isset and not empty the file was
// uploaded and then deleted
$where = array(dbKITdirList::field_reference => $_REQUEST['upload_id'], dbKITdirList::field_file_origin => $_REQUEST['upload_delete']);
if (!$dbKITdirList->sqlDeleteRecord($where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITdirList->getError()));
return false;
}
$message .= $this->lang->translate('<p>The file <b>{{ file }}</b> was deleted.<p>', array('file' => $_REQUEST['upload_delete']));
}
if (isset($_REQUEST['upload_id'])) {
$where = array(dbKITdirList::field_reference => $_REQUEST['upload_id']);
$uploads = array();
if (!$dbKITdirList->sqlSelectRecord($where, $uploads)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITdirList->getError()));
return false;
}
if (count($uploads) < 1 && in_array($file[dbKITformFields::field_id], $must_array)) {
// file upload is a MUST field
$message .= $this->lang->translate('<p>The field <b>{{ field }}</b> must be filled out.</p>', array('field' => $kitContactInterface->field_array[$field_name]));
$checked = false;
// go ahead...
continue;
}
foreach ($uploads as $upload) {
// now create the directory
if (!file_exists($upload_path)) {
if (!mkdir($upload_path, 0755, true)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('Error creating the directory <b>{{ directory }}</b>.', array('directory' => $upload_path))));
return false;
}
}
// move the uploads from temporary directory to the
// target directory
if (!rename($upload[dbKITdirList::field_path], $upload_path . $upload[dbKITdirList::field_file])) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('Error moving file <b>{{ file_origin }}</b> to <b>{{ file_target }}</b>.', array('file_origin' => $upload[dbKITdirList::field_path], 'file_target' => $upload_path . $upload[dbKITdirList::field_file]))));
return false;
}
// delete the temporary directory if empty
if ($this->isDirectoryEmpty($upload_path)) {
@unlink($upload_path);
}
$data = array(dbKITdirList::field_path => $upload_path . $upload[dbKITdirList::field_file], dbKITdirList::field_user => $email);
$where = array(dbKITdirList::field_id => $upload[dbKITdirList::field_id]);
if (!$dbKITdirList->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITdirList->getError()));
return false;
}
// add $file_id to the uploaded files ...
$uploaded_files['count'] += 1;
$uploaded_files['items'][$upload[dbKITdirList::field_id]] = array('id' => $upload[dbKITdirList::field_id], 'name' => $upload[dbKITdirList::field_file], 'name_origin' => $upload[dbKITdirList::field_file_origin], 'size' => filesize($upload_path . $upload[dbKITdirList::field_file]), 'path' => substr($upload_path . $upload[dbKITdirList::field_file], strlen(WB_PATH)), 'download' => WB_URL . '/modules/kit/kdl.php?id=' . $upload[dbKITdirList::field_id]);
$contact_id = -1;
if (!$kitContactInterface->isEMailRegistered($email, $contact_id)) {
if ($kitContactInterface->isError()) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
// contact does not exists
$data = array(kitContactInterface::kit_email => $email);
if (!$kitContactInterface->addContact($data, $contact_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
}
}
}
}
}
// foreach
}
// if checked
if ($checked) {
// Daten sind ok und koennen uebernommen werden
// Sonderfall: Newsletter Dialog
if ($form[dbKITform::field_action] == dbKITform::action_newsletter) {
return $this->subscribeNewsletter($form);
}
$password_changed = false;
$password = '';
$contact_array = array();
$field_array = $kitContactInterface->field_array;
// Feld fuer internen Verteiler hinzufuegen
$field_array[kitContactInterface::kit_intern] = '';
foreach ($field_array as $key => $value) {
switch ($key) {
case kitContactInterface::kit_free_field_1:
case kitContactInterface::kit_free_field_2:
case kitContactInterface::kit_free_field_3:
case kitContactInterface::kit_free_field_4:
case kitContactInterface::kit_free_field_5:
case kitContactInterface::kit_free_note_1:
case kitContactInterface::kit_free_note_2:
case kitContactInterface::kit_zip_city:
// nothing to do...
break;
case kitContactInterface::kit_newsletter:
if (isset($_REQUEST[$key])) {
if (is_array($_REQUEST[$key])) {
$contact_array[$key] = implode(',', $_REQUEST[$key]);
} else {
$contact_array[$key] = $_REQUEST[$key];
}
}
break;
case kitContactInterface::kit_password:
// kit_password wird ignoriert
break;
case kitContactInterface::kit_password_retype:
if (isset($_REQUEST[$key]) && !empty($_REQUEST[$key]) && (isset($_REQUEST[kitContactInterface::kit_password]) && !empty($_REQUEST[kitContactInterface::kit_password]))) {
// nur pruefen, wenn beide Passwortfelder gesetzt sind
if (!$kitContactInterface->changePassword($_SESSION[kitContactInterface::session_kit_register_id], $_SESSION[kitContactInterface::session_kit_contact_id], $_REQUEST[kitContactInterface::kit_password], $_REQUEST[kitContactInterface::kit_password_retype])) {
// Fehler beim Aendern des Passwortes
unset($_REQUEST[kitContactInterface::kit_password]);
unset($_REQUEST[kitContactInterface::kit_password_retype]);
if ($kitContactInterface->isError()) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
$message .= $kitContactInterface->getMessage();
break;
} else {
// Passwort wurde geaendert
$password_changed = true;
$password = $_REQUEST[kitContactInterface::kit_password];
unset($_REQUEST[kitContactInterface::kit_password]);
unset($_REQUEST[kitContactInterface::kit_password_retype]);
$message .= $kitContactInterface->getMessage();
break;
}
}
break;
case kitContactInterface::kit_birthday:
// check birthday
if (isset($_REQUEST[kitContactInterface::kit_birthday]) && !empty($kit_birthday)) {
$contact_array[$key] = date('Y-m-d H:i:s', $kit_birthday);
}
break;
case kitContactInterface::kit_contact_language:
// check contact language
if (isset($_REQUEST[kitContactInterface::kit_contact_language]) && $_REQUEST[kitContactInterface::kit_contact_language] !== strtolower(LANGUAGE)) {
$contact_array[$key] = strtolower(LANGUAGE);
}
default:
if (isset($_REQUEST[$key])) {
$contact_array[$key] = $_REQUEST[$key];
}
break;
}
}
if ($form[dbKITform::field_action] == dbKITform::action_register) {
// es handelt sich um einen Registrierdialog, die weitere Bearbeitung an $this->registerAccount() uebergeben
return $this->registerAccount($form, $contact_array);
} elseif ($form[dbKITform::field_action] == dbKITform::action_account) {
// Es wird das Benutzerkonto bearbeitet
if (!$kitContactInterface->updateContact($_SESSION[kitContactInterface::session_kit_contact_id], $contact_array)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
if ($password_changed) {
// Passwort wurde geaendert, E-Mail Bestaetigung versenden
$form['subject'] = $form[dbKITform::field_title];
$data = array('contact' => $contact_array, 'password' => $password, 'form' => $form);
$provider_data = array();
if (!$kitContactInterface->getServiceProviderByID($form[dbKITform::field_provider_id], $provider_data)) {
if ($kitContactInterface->isError()) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
} else {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getMessage()));
}
return false;
}
$provider_email = $provider_data['email'];
$provider_name = $provider_data['name'];
$client_mail = $this->getTemplate('mail.client.password.htt', $data);
if ($form[dbKITform::field_email_html] == dbKITform::html_off) {
$client_mail = strip_tags($client_mail);
}
$client_subject = strip_tags($this->getTemplate('mail.client.subject.htt', $data));
$mail = new kitMail($form[dbKITform::field_provider_id]);
if (!$mail->mail($client_subject, $client_mail, $provider_email, $provider_name, array($contact_array[kitContactInterface::kit_email] => $contact_array[kitContactInterface::kit_email]), false)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('Can\'t send the email to <b>{{ email }}</b>!', array('email' => $contact_array[kitContactInterface::kit_email]))));
return false;
}
}
// Mitteilung, dass das Benutzerkonto aktualisiert wurde
if (empty($message)) {
$message = $this->lang->translate('<p>The user account was updated.</p>');
}
$this->setMessage($message);
return $this->showForm();
}
$contact_id = -1;
$status = '';
if ($kitContactInterface->isEMailRegistered($_REQUEST[kitContactInterface::kit_email], $contact_id, $status)) {
// E-Mail Adresse existiert bereits, Datensatz ggf.
// aktualisieren
if (!$kitContactInterface->updateContact($contact_id, $contact_array)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
} elseif ($kitContactInterface->isError()) {
// Fehler bei der Datenbankabfrage
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
} else {
// E-Mail Adresse ist noch nicht registriert
if (!$kitContactInterface->addContact($contact_array, $contact_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
}
// special: check additional fields and notes
$check_array = array(kitContactInterface::kit_free_field_1 => dbKITcontact::field_free_1, kitContactInterface::kit_free_field_2 => dbKITcontact::field_free_2, kitContactInterface::kit_free_field_3 => dbKITcontact::field_free_3, kitContactInterface::kit_free_field_4 => dbKITcontact::field_free_4, kitContactInterface::kit_free_field_5 => dbKITcontact::field_free_5, kitContactInterface::kit_free_note_1 => dbKITcontact::field_free_note_1, kitContactInterface::kit_free_note_2 => dbKITcontact::field_free_note_2);
foreach ($check_array as $check_field => $replace_field) {
if (isset($_REQUEST[$check_field])) {
// get the old user defined fields for compare
$SQL = sprintf("SELECT %s,%s,%s,%s,%s,%s,%s FROM %s WHERE %s='%s'", dbKITcontact::field_free_1, dbKITcontact::field_free_2, dbKITcontact::field_free_3, dbKITcontact::field_free_4, dbKITcontact::field_free_5, dbKITcontact::field_free_note_1, dbKITcontact::field_free_note_2, $dbContact->getTableName(), dbKITcontact::field_id, $contact_id);
$field_array = array();
if (!$dbContact->sqlExec($SQL, $field_array)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbContact->getError()));
return false;
}
$field_array = $field_array[0];
$fid = $field_array[$kitContactInterface->field_assign[$check_field]];
if ($fid < 1 && !empty($_REQUEST[$check_field])) {
// field is not empty and does not exists in in dbKITmemo
$data = array(dbKITmemos::field_contact_id => $contact_id, dbKITmemos::field_memo => trim($_REQUEST[$check_field]), dbKITmemos::field_status => dbKITmemos::status_active, dbKITmemos::field_update_by => 'SYSTEM', dbKITmemos::field_update_when => date('Y-m-d H:i:s'));
$mid = -1;
if (!$dbMemos->sqlInsertRecord($data, $mid)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbMemos->getError()));
return false;
}
// update contact record!
$where = array(dbKITcontact::field_id => $contact_id);
$data = array($replace_field => $mid);
if (!$dbContact->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbContact->getError()));
return false;
}
} elseif ($fid > 0) {
// field already exists in dbKITmemo - get the data field
$where = array(dbKITmemos::field_id => $fid);
$memo = array();
if (!$dbMemos->sqlSelectRecord($where, $memo)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbMemos->getError()));
return false;
}
$memo = $memo[0];
if (trim($_REQUEST[$check_field] != $memo[dbKITmemos::field_memo])) {
// entries differ - update record
$data = array(dbKITmemos::field_memo => trim($_REQUEST[$check_field]), dbKITmemos::field_status => dbKITmemos::status_active, dbKITmemos::field_update_by => 'SYSTEM', dbKITmemos::field_update_when => date('Y-m-d H:i:s'));
if (!$dbMemos->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbMemos->getError()));
return false;
}
}
}
}
}
// Kontakt Datensatz ist erstellt oder aktualisiert, allgemeine
// Daten uebernehmen und E-Mails versenden
$fields = array();
$values = array();
$fields_array = explode(',', $form[dbKITform::field_fields]);
foreach ($fields_array as $fid) {
if ($fid > 99) {
$fields[] = $fid;
}
}
// DELAYED TRANSMISSION ?
$delayed_transmission = isset($_REQUEST[dbKITformFields::kit_delayed_transmission]) ? true : false;
foreach ($fields as $fid) {
$where = array(dbKITformFields::field_id => $fid);
$field = array();
if (!$dbKITformFields->sqlSelectRecord($where, $field)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
// if no valid record still continue to the next
if (count($field) < 1) {
continue;
}
$field = $field[0];
switch ($field[dbKITformFields::field_data_type]) {
case dbKITformFields::data_type_date:
$values[$fid] = isset($_REQUEST[$field[dbKITformFields::field_name]]) ? date('Y-m-d H:i:s', strtotime($_REQUEST[$field[dbKITformFields::field_name]])) : '0000-00-00 00:00:00';
break;
case dbKITformFields::data_type_float:
$values[$fid] = isset($_REQUEST[$field[dbKITformFields::field_name]]) ? $kitLibrary->str2float($_REQUEST[$field[dbKITformFields::field_name]], cfg_thousand_separator, cfg_decimal_separator) : 0;
break;
case dbKITformFields::data_type_integer:
$values[$fid] = isset($_REQUEST[$field[dbKITformFields::field_name]]) ? $kitLibrary->str2int($_REQUEST[$field[dbKITformFields::field_name]], cfg_thousand_separator, cfg_decimal_separator) : 0;
break;
default:
$values[$fid] = isset($_REQUEST[$field[dbKITformFields::field_name]]) ? $_REQUEST[$field[dbKITformFields::field_name]] : '';
break;
}
}
// foreach
$form_data = array(dbKITformData::field_form_id => $form_id, dbKITformData::field_kit_id => $contact_id, dbKITformData::field_date => date('Y-m-d H:i:s'), dbKITformData::field_fields => implode(',', $fields), dbKITformData::field_values => http_build_query($values), dbKITformData::field_status => $delayed_transmission ? dbKITformData::status_delayed : dbKITformData::status_active);
$data_id = -1;
if (!$dbKITformData->sqlInsertRecord($form_data, $data_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformData->getError()));
return false;
}
/*
* check for special actions by field names, i.e. Feedback Form...
*/
$is_feedback_form = false;
$SQL = sprintf("SELECT %s FROM %s WHERE %s='%s' AND %s='%s'", dbKITformFields::field_id, $dbKITformFields->getTableName(), dbKITformFields::field_form_id, $form_id, dbKITformFields::field_name, self::FIELD_FEEDBACK_TEXT);
$result = array();
if (!$dbKITformFields->sqlExec($SQL, $result)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
if (count($result) == 1) {
// exec special action: Feedback for the Website
$is_feedback_form = true;
}
// end: special actions
/**
* Leave here at delayed transmission
*/
if ($delayed_transmission) {
return $this->delayedTransmission($data_id, $contact_id);
}
// ok - Daten sind gesichert, vorab LOG schreiben
if ($is_feedback_form) {
$protocol = $this->lang->translate('[kitForm] The contact has <a href="{{ url }}">submitted a feedback</a>', array('url' => sprintf('%s&%s', ADMIN_URL . '/admintools/tool.php?tool=kit_form', http_build_query(array(formBackend::request_action => formBackend::action_protocol_id, formBackend::request_protocol_id => $data_id)))));
} else {
$protocol = $this->lang->translate('[kitForm] The contact has <a href="{{ url }}">submitted a form</a>.', array('url' => sprintf('%s&%s', ADMIN_URL . '/admintools/tool.php?tool=kit_form', http_build_query(array(formBackend::request_action => formBackend::action_protocol_id, formBackend::request_protocol_id => $data_id)))));
}
$dbContact->addSystemNotice($contact_id, $protocol);
if (isset($uploaded_files['items'])) {
foreach ($uploaded_files['items'] as $file) {
// add a system notice for each file
$kitContactInterface->addNotice($contact_id, $this->lang->translate('[kitForm] File <a href="{{ link }}">{{ file }}</a> uploaded.', array('link' => WB_URL . '/modules/kit/kdl.php?id=' . $file['id'], 'file' => $file['name'])));
// check for special links
if (isset($_SESSION[self::SESSION_SPECIAL_LINK])) {
$this->processSpecialLink($message);
}
}
}
$contact = array();
if (!$kitContactInterface->getContact($contact_id, $contact)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
return false;
}
if ($this->params[self::PARAM_RETURN] == true) {
// direkt zum aufrufenden Programm zurueckkehren
$result = array('contact' => $contact, 'result' => true);
return $result;
}
// Feedback Form? Leave here...
if ($is_feedback_form) {
return $this->checkFeedbackForm($form_data, $contact, $data_id);
}
$items = array();
foreach ($fields as $fid) {
$where = array(dbKITformFields::field_id => $fid);
$field = array();
if (!$dbKITformFields->sqlSelectRecord($where, $field)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbKITformFields->getError()));
return false;
}
if (count($field) < 1) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $this->lang->translate('The ID {{ id }} is invalid!', array('id' => $fid))));
return false;
}
$field = $field[0];
switch ($field[dbKITformFields::field_data_type]) {
case dbKITformFields::data_type_date:
$value = date(cfg_datetime_str, $values[$fid]);
break;
case dbKITformFields::data_type_float:
$value = number_format($values[$fid], 2, cfg_decimal_separator, cfg_thousand_separator);
break;
case dbKITformFields::data_type_integer:
case dbKITformFields::data_type_text:
default:
$value = is_array($values[$fid]) ? implode(', ', $values[$fid]) : $values[$fid];
}
$items[$field[dbKITformFields::field_name]] = array('name' => $field[dbKITformFields::field_name], 'label' => $field[dbKITformFields::field_title], 'value' => $value, 'type' => $field[dbKITformFields::field_type]);
}
// E-Mail Versand vorbereiten
$provider_data = array();
if (!$kitContactInterface->getServiceProviderByID($form[dbKITform::field_provider_id], $provider_data)) {
if ($kitContactInterface->isError()) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getError()));
} else {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $kitContactInterface->getMessage()));
}
return false;
}
$provider_email = $provider_data['email'];
$provider_name = $provider_data['name'];
$relaying = $provider_data['relaying'] == 1 ? true : false;
$form_d = $form_data;
$form_d['datetime'] = date(cfg_datetime_str, strtotime($form_d[dbKITformData::field_date]));
$form_d['subject'] = $form[dbKITform::field_title];
$data = array('form' => $form_d, 'contact' => $contact, 'items' => $items, 'files' => $uploaded_files);
$client_mail = $this->getTemplate('mail.client.htt', $data);
if ($form[dbKITform::field_email_html] == dbKITform::html_off) {
$client_mail = strip_tags($client_mail);
}
$client_subject = strip_tags($this->getTemplate('mail.client.subject.htt', $data));
// E-Mail an den Absender des Formulars
$mail = new kitMail($form[dbKITform::field_provider_id]);
if (!$mail->mail($client_subject, $client_mail, $provider_email, $provider_name, array($contact[kitContactInterface::kit_email] => $contact[kitContactInterface::kit_email]), $form[dbKITform::field_email_html] == dbKITform::html_on ? true : false)) {
$err = $mail->getMailError();
if (empty($err)) {
$err = $this->lang->translate('Can\'t send the email to <b>{{ email }}</b>!', array('email' => $contact[kitContactInterface::kit_email]));
}
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $err));
return false;
}
// E-Mail an den Betreiber der Website
$provider_mail = $this->getTemplate('mail.provider.htt', $data);
if ($form[dbKITform::field_email_html] == dbKITform::html_off) {
$provider_mail = strip_tags($provider_mail);
}
$provider_subject = stripslashes($this->getTemplate('mail.provider.subject.htt', $data));
$cc_array = array();
$ccs = explode(',', $form[dbKITform::field_email_cc]);
foreach ($ccs as $cc) {
if (!empty($cc)) {
$cc_array[$cc] = $cc;
}
}
$mail = new kitMail($form[dbKITform::field_provider_id]);
if (!$relaying) {
$mail->AddReplyTo($contact[kitContactInterface::kit_email], $contact[kitContactInterface::kit_email]);
$from_email = $provider_email;
$from_name = $contact[kitContactInterface::kit_email];
} else {
$from_email = $contact[kitContactInterface::kit_email];
$from_name = $contact[kitContactInterface::kit_email];
}
if (!$mail->mail($provider_subject, $provider_mail, $from_email, $from_name, array($provider_email => $provider_name), $form[dbKITform::field_email_html] == dbKITform::html_on ? true : false, $cc_array)) {
$err = $mail->getMailError();
if (empty($err)) {
$err = $this->lang->translate('Can\'t send the email to <b>{{ email }}</b>!', array('email' => $contact[kitContactInterface::kit_email]));
}
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $err));
return false;
}
return $this->getTemplate('confirm.htt', $data);
}
// checked
if ($checked == false) {
if (isset($_REQUEST[kitContactInterface::kit_password])) {
unset($_REQUEST[kitContactInterface::kit_password]);
}
if (isset($_REQUEST[kitContactInterface::kit_password_retype])) {
unset($_REQUEST[kitContactInterface::kit_password_retype]);
}
} else {
unset($_REQUEST['upload_id']);
}
$this->setMessage($message);
return $this->showForm();
}
if (!isset($rename_file)) {
$admin->print_error($MESSAGE['MEDIA_FILE_NOT_FOUND'], $dirlink, false);
}
// Check if they entered a new name
if (media_filename($admin->get_post('name')) == "") {
$admin->print_error($MESSAGE['MEDIA_BLANK_NAME'], "rename.php?dir={$directory}&id={$file_id}", false);
} else {
$old_name = $admin->get_post('old_name');
$new_name = media_filename($admin->get_post('name'));
}
// Check if they entered an extension
if ($type == 'file') {
if (media_filename($admin->get_post('extension')) == "") {
$admin->print_error($MESSAGE['MEDIA_BLANK_EXTENSION'], "rename.php?dir={$directory}&id={$file_id}", false);
} else {
$extension = media_filename($admin->get_post('extension'));
}
} else {
$extension = '';
}
// Join new name and extension
$name = $new_name . $extension;
$info = pathinfo(WB_PATH . MEDIA_DIRECTORY . $directory . '/' . $name);
$ext = isset($info['extension']) ? $info['extension'] : '';
$dots = substr($info['basename'], 0, 1) == '.' || substr($info['basename'], -1, 1) == '.';
if (preg_match('/' . $forbidden_file_types . '$/i', $ext) || $dots == '.') {
$admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir={$directory}&id={$file_id}", false);
}
// Check if the name contains ..
if (strstr($name, '..')) {
$admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH'], "rename.php?dir={$directory}&id={$file_id}", false);