function _loadActionsINIFile()
{
import('Dataface/ConfigTool.php');
$configTool =& Dataface_ConfigTool::getInstance();
$actions =& $configTool->loadConfig('actions', null);
foreach (array_keys($actions) as $key) {
$action =& $actions[$key];
$action['name'] = $key;
if (!isset($action['id'])) {
$action['id'] = $action['name'];
}
if (!isset($action['label'])) {
$action['label'] = str_replace('_', ' ', ucfirst($action['name']));
}
if (!isset($action['accessKey'])) {
$action['accessKey'] = substr($action['name'], 0, 1);
}
//if ( !isset($action['label_i18n']) ) $action['label_i18n'] = 'action:'.$action['name'].' label';
//if ( !isset($action['description_i18n'])) $action['description_i18n'] = 'action:'.$action['name'].' description';
if (isset($action['description'])) {
$action['description'] = df_translate('actions.' . $action['name'] . '.description', $action['description']);
}
if (isset($action['label'])) {
$action['label'] = df_translate('actions.' . $action['name'] . '.label', $action['label']);
}
$this->actions[$key] =& $action;
unset($action);
}
unset($temp);
$this->actions =& $actions;
}
/**
* A method to create the configuration table in the database. The configuration
* table is where configuration (e.g. fields.ini etc..) may be stored. This is
* a new feature in 0.6.14.
*
* @author Steve Hannah <*****@*****.**>
* @created Feb. 26, 2007
*/
function Dataface_ConfigTool_createConfigTable()
{
$self =& Dataface_ConfigTool::getInstance();
if (!Dataface_Table::tableExists($self->configTableName, false)) {
$sql = "CREATE TABLE `" . $self->configTableName . "` (\n\t\t\t\t\tconfig_id int(11) NOT NULL auto_increment primary key,\n\t\t\t\t\t`file` varchar(255) NOT NULL,\n\t\t\t\t\t`section` varchar(128),\n\t\t\t\t\t`key` varchar(128) NOT NULL,\n\t\t\t\t\t`value` text NOT NULL,\n\t\t\t\t\t`lang` varchar(2),\n\t\t\t\t\t`username` varchar(32),\n\t\t\t\t\t`priority` int(5) default 5\n\t\t\t\t\t)";
$res = xf_db_query($sql, df_db());
if (!$res) {
throw new Exception(xf_db_error(df_db()), E_USER_ERROR);
}
}
}
/**
* Sets a configuration parameter in the configuration table.
* This should not be called directly. It should be called through the
* Dataface_ConfigTool class as its setConfigParam method.
*
* @param string $file The name of the ini file in which the config value is being set.
* @param string $section The name of the section (could be null).
* @param string $key The name of the parameter's key (not null)
* @param string $value The value to set (not null)
* @param string $username The username for which the parameter is being set (null for all users)
* @param string $lang The 2-digit language code for which the parameter is being set (null for all languages).
* @param integer $priority The priority of this config variable (priority dictates which
* parameters take priority. Default vallue of 5.
* @returns true if success or PEAR_Error if failure.
*
* This will create the configuration table if it doesn't already exist.
*
* @author Steve Hannah <*****@*****.**>
* @created Feb. 26, 2007
*/
function Dataface_ConfigTool_setConfigParam($file, $section, $key, $value, $username = null, $lang = null, $priority = 5)
{
$self =& Dataface_ConfigTool::getInstance();
// See if this parameter has already been set:
$where = array();
$where[] = "`key`='" . addslashes($key) . "'";
$where[] = "`file`='" . addslashes($file) . "'";
$where[] = "`section`" . (isset($section) ? "='" . addslashes($section) . "'" : ' IS NULL');
$where[] = "`username`" . (isset($username) ? "='" . addslashes($username) . "'" : ' IS NULL');
$where[] = "`lang`" . (isset($lang) ? "='" . addslashes($lang) . "'" : ' IS NULL');
$where = implode(' and ', $where);
$sql = "select `config_id` from `" . $self->configTableName . "` where {$where} limit 1";
$res = mysql_query($sql, df_db());
if (!$res) {
$self->createConfigTable();
$res = mysql_query($sql, df_db());
}
if (!$res) {
return PEAR::raiseError("Failed to get config parameter: " . mysql_error(df_db()));
}
$vals = array("section" => isset($section) ? "'" . addslashes($section) . "'" : 'NULL', "key" => "'" . addslashes($key) . "'", "value" => "'" . addslashes($value) . "'", "username" => "'" . addslashes($username) . "'", "lang" => "'" . addslashes($lang) . "'", "priority" => $priority);
if (mysql_num_rows($res) > 0) {
$row = mysql_fetch_assoc($res);
// We need to perform an update
$updates = array();
foreach ($vals as $vkey => $vval) {
$updates[] = '`' . $vkey . '`=' . $vval;
}
$sets = implode(' and ', $updates);
$sql = "update `" . $self->configTableName . "` set " . $sets . " where `config_id`='" . $row['config_id'] . "' limit 1";
} else {
$values = array();
$cols = array();
foreach ($vals as $vkey => $vval) {
$cols[] = "`{$vkey}`";
$values[] = $vval;
}
$cols = implode(',', $cols);
$values = implode(',', $values);
$sql = "insert into `" . $self->configTableName . "` ({$cols}) VALUES ({$values})";
}
@mysql_free_result($res);
$res = mysql_query($sql, df_db());
if (!$res) {
return PEAR::raiseError("Could not write config value: " . mysql_error(df_db()));
}
return true;
}
/**
* Loads the field definitions for meta data for the given table. These
* are defined in the metadata.ini files at the table, application, and
* dataface levels.
*/
function loadMetadataFieldDefs($tablename = null)
{
if (!isset($tablename)) {
$tablename = $this->tablename;
}
if (!isset($this->fieldDefs)) {
import('Dataface/ConfigTool.php');
$configTool =& Dataface_ConfigTool::getInstance();
$this->fieldDefs = $configTool->loadConfig('metadata', $tablename);
foreach (array_keys($this->fieldDefs) as $key) {
$field =& $this->fieldDefs[$key];
$field['name'] = '__' . $key;
$field['Field'] = $field['name'];
if (!isset($field['Type'])) {
$field['Type'] = 'varchar(64)';
}
$this->fieldDefs['__' . $key] =& $field;
unset($this->fieldDefs[$key]);
unset($field);
}
}
return $this->fieldDefs;
}
function loadPermissions()
{
$this->_permissionsLoaded = true;
$configTool =& Dataface_ConfigTool::getInstance();
$conf =& $configTool->loadConfig('permissions', $this->tablename);
$permissionsTool =& Dataface_PermissionsTool::getInstance();
$permissionsTool->addPermissions($conf);
}
/**
* @brief Returns the valuelist as a relationship. This is handy for
* adding values to it and searching it.
*
* @param Dataface_Table &$table The table where the valuelist is defined.
* @param string $valuelistName The name of the valuelist.
* @return Dataface_Relationship A wrapper relationship for the valuelist.
* @return PEAR_Error If there is a problem generating the relationship.
*/
function &asRelationship(&$table, $valuelistName)
{
import('Dataface/ConfigTool.php');
$configTool =& Dataface_ConfigTool::getInstance();
$conf = $configTool->loadConfig('valuelists', $table->tablename);
if (!@$conf[$valuelistName]['__sql__']) {
$out = null;
return $out;
}
$relname = $valuelistName . '__valuelist';
//$conf = array($relname=>$conf);
$table->addRelationship($relname, $conf[$valuelistName]);
$rel =& $table->getRelationship($relname);
$rel->_schema['action']['visible'] = 0;
return $rel;
}
function __construct($conf = null)
{
if ($conf === null) {
import('Dataface/ConfigTool.php');
$configTool =& Dataface_ConfigTool::getInstance();
$conf = $configTool->loadConfig('permissions');
}
$this->addPermissions($conf);
//print_r($this->permissions);
}
/**
* @brief Returns the actions for this table.
* @param array $params An associative array of options. Possible keys include:
* @code
* record => reference to a Dataface_Record or Dataface_RelatedRecord object
* relationship => The name of a relationship.
* category => A name of a category for the actions to be returned.
* @endcode
* @return array An associative array of action data structures.
*
* @see Dataface_ActionTool
*
*/
function getActions(&$params, $noreturn = false)
{
import('Dataface/ActionTool.php');
$actionsTool =& Dataface_ActionTool::getInstance();
if (!$this->_actionsLoaded) {
$this->_actionsLoaded = true;
import('Dataface/ConfigTool.php');
$configTool =& Dataface_ConfigTool::getInstance();
$actions =& $configTool->loadConfig('actions', $this->tablename);
//print_r($actions);
//$singularLabel = $this->getSingularLabel();
//$pluralLabel = $this->getLabel();
foreach ($actions as $key => $action) {
$action['table'] = $this->tablename;
$action['name'] = $key;
if (!isset($action['id'])) {
$action['id'] = $action['name'];
}
if (!isset($action['label'])) {
$action['label'] = str_replace('_', ' ', ucfirst($action['name']));
}
if (!isset($action['accessKey'])) {
$action['accessKey'] = substr($action['name'], 0, 1);
}
if (!isset($action['label_i18n'])) {
$action['label_i18n'] = 'action:' . $action['name'] . ' label';
}
if (!isset($action['description_i18n'])) {
$action['description_i18n'] = 'action:' . $action['name'] . ' description';
}
if (isset($action['description'])) {
$action['description'] = df_translate('actions.' . $action['name'] . '.description', $action['description']);
}
if (isset($action['label'])) {
//$action['label'] = df_translate('actions.'.$action['name'].'.label',$action['label'], array('table_label_singular'=>$singularLabel, 'table_label_plural'=>$pluralLabel));
$action['label'] = df_translate('actions.' . $action['name'] . '.label', $action['label']);
}
$actionsTool->addAction($key, $action);
}
}
$params['table'] = $this->tablename;
if ($noreturn) {
return true;
}
return $actionsTool->getActions($params);
}
/**
* @brief Displays the Dataface application.
*
* @param boolean $main_content_only Whether to only show the main content or to show the full page with header and
* footer. This parameter is not respected by many of the current templates and may be removed in later releases.
*
* @param boolean $disableCache Whether to disable the output cache. It is enabled by default.
*
* @par Flow Chart
*
* <img src="http://media.weblite.ca/files/photos/Display_flow_control.png?max_width=640"/>
* <a href="http://media.weblite.ca/files/photos/Display_flow_control.png" target="_blank" title="Enlarge">Enlarge</a>.
*/
function _display($main_content_only = false, $disableCache = false)
{
// ---------------- Set the Default Character set for output -----------
foreach ($this->_tables as $key => $value) {
$this->_tables[$key] = $this->_conf['_tables'][$key] = df_translate('tables.' . $key . '.label', $value);
}
$this->main_content_only = $main_content_only;
if ($this->autoSession or $this->sessionEnabled()) {
$this->startSession();
}
if (isset($this->_conf['disable_session_ip_check']) and !@$this->_conf['disable_session_ip_check']) {
if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) {
$_SESSION['XATAFACE_REMOTE_ADDR'] = df_IPv4To6($_SERVER['REMOTE_ADDR']);
}
$ipAddressError = null;
if (df_IPv4To6($_SESSION['XATAFACE_REMOTE_ADDR']) != df_IPv4To6($_SERVER['REMOTE_ADDR'])) {
$msg = sprintf("Session address does not match the remote address. Possible hacking attempt. Session address was '%s', User address was '%s'", df_escape(df_IPv4To6($_SESSION['XATAFACE_REMOTE_ADDR'])), df_escape(df_IPv4To6($_SERVER['REMOTE_ADDR'])));
error_log($msg);
//die('Your IP address doesn\'t match the session address. To continue, please clear your cookies or restart your browser and try again.');
session_destroy();
$this->startSession();
if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) {
$_SESSION['XATAFACE_REMOTE_ADDR'] = df_IPv4To6($_SERVER['REMOTE_ADDR']);
}
}
}
// handle authentication
if (!(defined('XATAFACE_DISABLE_AUTH') and XATAFACE_DISABLE_AUTH) and isset($this->_conf['_auth'])) {
// The config file _auth section is there so we will be using authentication.
$loginPrompt = false;
// flag to indicate if we should show the login prompt
$permissionDenied = false;
// flag to indicate if we should show permission denied
$permissionError = '';
//Placeholder for permissions error messages
$loginError = '';
// Placeholder for login error messages.
$authTool = $this->getAuthenticationTool();
$auth_result = $authTool->authenticate();
if (PEAR::isError($auth_result) and $auth_result->getCode() == DATAFACE_E_LOGIN_FAILURE) {
// There was a login failure, show the login prompt
$loginPrompt = true;
$loginError = $auth_result->getMessage();
} else {
if ($authTool->isLoggedIn()) {
Dataface_ConfigTool::getInstance()->loadUserConfig();
// The user is logged in ok
// Handle the request
$result = $this->handleRequest();
if (Dataface_Error::isPermissionDenied($result)) {
// Permission was denied on the request. Since the user is already
// logged in, there is no use giving him the login prompt. Just give
// him the permission denied screen.
$permissionDenied = true;
$permissionError = $result->getMessage();
}
} else {
if (isset($this->_conf['_auth']['require_login']) and $this->_conf['_auth']['require_login']) {
// The user is not logged in and login is required for this application
// Show the login prompt
$loginPrompt = true;
} else {
// The user is not logged in, but login is not required for this application.
// Allow the user to perform the action.
$result = $this->handleRequest($disableCache);
if (Dataface_Error::isPermissionDenied($result)) {
// The user did not have permission to perform the action
// Give the user a login prompt.
$loginPrompt = true;
}
}
}
}
if ($loginPrompt) {
// The user is supposed to see a login prompt to log in.
// Show the login prompt.
$authTool->showLoginPrompt($loginError);
} else {
if ($permissionDenied) {
// The user is supposed to see the permissionm denied page.
$query =& $this->getQuery();
if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') {
$this->redirect($this->url('-action=view'));
}
$this->addError($result);
header("HTTP/1.1 403 Permission Denied");
df_display(array(), 'Dataface_Permission_Denied.html');
} else {
if (PEAR::isError($result)) {
// Some other error occurred in handling the request. Just show an
// ugly stack trace.
throw new Exception($result->toString() . $result->getDebugInfo(), E_USER_ERROR);
}
}
}
} else {
// Authentication is not enabled for this application.
// Just process the request.
$result = $this->handleRequest($disableCache);
if (Dataface_Error::isPermissionDenied($result)) {
$query =& $this->getQuery();
if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') {
$this->redirect($this->url('-action=view'));
}
$this->addError($result);
header("HTTP/1.1 403 Permission Denied");
df_display(array(), 'Dataface_Permission_Denied.html');
} else {
if (PEAR::isError($result)) {
throw new Exception($result->toString() . $result->getDebugInfo(), E_USER_ERROR);
}
}
}
}
function do_post()
{
if (!@$_POST['--data']) {
throw new Exception("No data received");
}
$data = json_decode($_POST['--data'], true);
$fields = $data['fields'];
$app = Dataface_Application::getInstance();
$query = $app->getQuery();
$table_name = $query['-table'];
$table = Dataface_Table::loadTable($table_name);
$table_perms = $table->getPermissions();
if (!@$table_perms['show hide columns']) {
throw new Exception("You don't have permission to alter column visibility.");
}
$config_tool = Dataface_ConfigTool::getInstance();
$user_config = $config_tool->loadUserConfig();
$errors = array();
$visibilities = array('visible', 'hidden');
$opt_types = array('list', 'find', 'browse', 'csv', 'rss', 'xml');
if (isset($data['fields'])) {
$fields = $data['fields'];
$config_path = 'tables/' . $table_name . '/fields.ini';
if (!@$user_config->{$config_path}) {
$user_config->{$config_path} = new StdClass();
}
$user_table_config = @$user_config->{$config_path};
foreach ($fields as $field_name => $field_opts) {
if (is_array($field_opts)) {
if (!isset($user_table_config->{$field_name})) {
$user_table_config->{$field_name} = new StdClass();
}
if (!isset($user_table_config->{$field_name}->visibility)) {
$user_table_config->{$field_name}->visibility = new StdClass();
}
$field_perms = $table->getPermissions(array('field' => $field_name));
if (!@$field_perms['show hide columns']) {
$errors[] = 'You don\'t have permission to alter column visibility for field ' . $field_name;
continue;
}
$visibility_config = $user_table_config->{$field_name}->visibility;
foreach ($field_opts as $opt_type => $opt_visibility) {
if (!in_array($opt_visibility, $visibilities)) {
$errors[] = 'Invalid visibility for field ' . $field_name . '. Expecting visible or hidden but received ' . $opt_visibility . '.';
continue;
}
if (!in_array($opt_type, $opt_types)) {
$errors[] = 'Invalid option type for field ' . $field_name . '. Expecting one of {' . implode(', ', $opt_types) . '} but received ' . $opt_type . '.';
continue;
}
$visibility_config->{$opt_type} = $opt_visibility;
}
}
}
}
// Now deal with the relationships
if (isset($data['relationships'])) {
foreach ($data['relationships'] as $relationship_data) {
$config_path = 'tables/' . $table_name . '/relationships.ini';
if (!@$user_config->{$config_path}) {
$user_config->{$config_path} = new StdClass();
}
$user_table_config = @$user_config->{$config_path};
if (isset($relationship_data['fields'])) {
$relationship_name = $relationship_data['name'];
if (!$relationship_name) {
throw new Exception("Expected name for relationship but did not receive one.");
continue;
}
$relationship = $table->getRelationship($relationship_name);
if (PEAR::isError($relationship) or !isset($relationship)) {
throw new Exception("Relationship " . $relationship_name . " does not exist.");
}
foreach ($relationship_data['fields'] as $field_name => $field_opts) {
list($r_name, $r_field_name) = explode('.', $field_name);
if ($r_name !== $relationship_name) {
throw new Exception("Relationship fields must have same root name as the relationship itself.");
continue;
}
if (!$relationship->hasField($r_field_name, true)) {
throw new Exception("Relationship " . $relationship_name . " has no such field " . $r_field_name);
}
if (!isset($user_table_config->{$field_name})) {
$user_table_config->{$field_name} = new StdClass();
}
if (!isset($user_table_config->{$field_name}->visibility)) {
$user_table_config->{$field_name}->visibility = new StdClass();
}
$field_perms = $relationship->getPermissions(array('field' => $r_field_name));
if (!@$field_perms['show hide columns']) {
$errors[] = 'You don\'t have permission to alter column visibility for field ' . $field_name;
continue;
}
$visibility_config = $user_table_config->{$field_name}->visibility;
foreach ($field_opts as $opt_type => $opt_visibility) {
if (!in_array($opt_visibility, $visibilities)) {
$errors[] = 'Invalid visibility for field ' . $field_name . '. Expecting visible or hidden but received ' . $opt_visibility . '.';
continue;
}
if (!in_array($opt_type, $opt_types)) {
$errors[] = 'Invalid option type for field ' . $field_name . '. Expecting one of {' . implode(', ', $opt_types) . '} but received ' . $opt_type . '.';
continue;
}
$visibility_config->{$opt_type} = $opt_visibility;
}
}
}
}
}
$res = $config_tool->writeUserConfig();
if (!$res) {
throw new Exception("Failed to save the user config for columns.");
}
if (count($errors) === 0) {
$this->json_out(array('code' => 200, 'message' => 'Successfully saved settings. Reload page to see effects.'));
} else {
$this->json_out(array('code' => 201, 'message' => 'Saved settings but with warnings.', 'errors' => $errors));
}
}
function _loadLangINIFile()
{
$app =& Dataface_Application::getInstance();
$oldLang = $app->_conf['lang'];
if (isset($this->lang)) {
$app->_conf['lang'] = $this->lang;
}
$query =& $app->getQuery();
import('Dataface/ConfigTool.php');
$configTool =& Dataface_ConfigTool::getInstance();
$dictionary = $configTool->loadConfig('lang', null);
if (isset($query['-table'])) {
$tableDictionary = $configTool->loadConfig('lang', $query['-table']);
if (is_array($tableDictionary)) {
$dictionary = array_merge($dictionary, $configTool->loadConfig('lang', $query['-table']));
}
}
$app->_conf['lang'] = $oldLang;
$this->dictionary =& $dictionary;
}
