public function referencing($from = null, $id = null, $model_context = array()) { if ($reference = self::resolve_model_reference('self', $model_context['where'], true)) { if (is_array($reference) && count($reference) == 1) { $this->reference = $reference[0]; } } elseif ($reference = self::resolve_model_reference('direct', $model_context['where'], true)) { if (is_array($reference) && count($reference) == 1) { $this->reference = $reference[0]; } } if (!is_null($from) && !is_null($id) && is_numeric($id)) { $SQL = 'SELECT `models`.`reference` FROM `{PREFIX}models` AS `models` WHERE `models`.`model_class` = :class' . PHP_EOL; $params = array(':class' => $this->class); if ($this->class != $from) { $SQL .= 'AND `models`.`table_from` = :from' . PHP_EOL; $params[':from'] = $from; } $SQL .= 'AND `models`.`table_id` = :id'; $params[':id'] = $id; if ($result = \Routerunner\Db::query($SQL, $params)) { $this->reference = $result[0]['reference']; } elseif (substr(get_class($this), 0, 8) != 'backend\\') { // create reference $SQL = 'INSERT INTO `{PREFIX}models` (`model_class`, `table_from`, `table_id`) VALUES (?, ?, ?)'; $params = array($this->class, $from, $id); $this->created = true; $this->reference = \Routerunner\Db::insert($SQL, $params); } } elseif ($this->reference) { $SQL = 'SELECT `models`.`table_from`, `models`.`table_id` FROM `{PREFIX}models` AS `models` WHERE ' . '`models`.`reference` = :reference' . PHP_EOL; $params = array(':reference' => $this->reference); if ($result = \Routerunner\Db::query($SQL, $params)) { $from = $result[0]["table_from"]; $id = $result[0]["table_id"]; } } $this->table_from = $from; $this->table_id = $id; $parents = \runner::stack("parents"); if (isset($parents[$this->reference])) { $this->parent = $parents[$this->reference]; } $prevs = \runner::stack("prevs"); if (isset($prevs[$this->reference])) { $this->prev = $prevs[$this->reference]; } if (!isset($model_context['skip_referencing']) || !$model_context['skip_referencing']) { $this->permissioning(); if (!$this->permission && !empty($_POST['parent']) && is_numeric($_POST['parent']) && (\runner::stack("model_create") && isset($this->route, \runner::stack("model_create")["route"]) && $this->route == \runner::stack("model_create")["route"])) { $this->permissioning($_POST['parent']); } $this->statement(); } }
public static function submit($forms, &$errors = array(), &$return_SQL = false, &$return_params = false, &$values = array()) { if (!is_array($forms)) { $forms = array($forms); } foreach ($forms as $frm_name => $form) { $flashed = \Routerunner\Routerunner::$slim->flash($form->path . DIRECTORY_SEPARATOR . $form->formname); $params = \Routerunner\Bootstrap::$params; $halt = false; if (isset($flashed, $flashed['fields'])) { // check form fields $fields = $flashed['fields']; $form_fields = array_keys($form->fields); if (($_routerunner_form_id_index = array_search($form->id_field, $form_fields)) && ($_routerunner_form_nonce_index = array_search('_routerunner_form_nonce', $form_fields))) { unset($form_fields[$_routerunner_form_id_index], $form_fields[$_routerunner_form_nonce_index]); } if (\Routerunner\Common::arrDiff($fields, $form_fields)) { // exception $halt = true; } unset($flashed['fields']); // check form params /* if (\Routerunner\Common::arrDiff($flashed, $form->params)) { // exception $halt = true; } */ $form->params = $flashed; } else { $errors[] = 'Form not exists or the page has been refreshed!'; } $fid = false; if (!empty($form->fields[$form->id_field]['value'])) { $fid = $form->fields[$form->id_field]['value']; } if ($fid && !empty($form->fields['_routerunner_form_nonce']['value'])) { if (!isset($_SESSION['nonce-' . $fid]) || !\Routerunner\Crypt::checker($form->fields['_routerunner_form_nonce']['value'], $_SESSION['nonce-' . $fid])) { $errors[] = 'Error in form submit or data has been sent already!'; $halt = true; } } if (!$halt) { unset($form->fields[$form->id_field]); unset($form->fields['_routerunner_form_nonce']); unset($_SESSION['nonce-' . $fid]); } $succeed = false; if (!$halt) { $error_row = isset($form->params['error_format']) ? $form->params['error_format'] : '<p class="err">%s</p>' . PHP_EOL; $succeed = true; $submit_params = array(); if (isset($form->unset) && is_array($form->unset)) { foreach ($form->unset as $field) { if (isset($form->fields[$field], $form->fields[$field]["value"])) { $values[$field] = $form->fields[$field]["value"]; } elseif (isset($form->fields[$field])) { $values[$field] = $form->fields[$field]["value"]; } unset($form->fields[$field]); } } if (isset($form->set) && is_array($form->set)) { foreach ($form->set as $field => $value) { $values[$field] = $value; $form->fields[$field] = array("field" => $field, "value" => $value); } } foreach ($form->fields as $field => $field_param) { $field_succeed = true; $values[$field] = null; if (!isset($params[$field]) && isset($field_param['value'])) { $params[$field] = $field_param['value']; } $regexps = isset($field_param['regexp']) ? $field_param['regexp'] : false; if ($regexps && !is_array($regexps)) { $regexps = array($regexps); } elseif (!$regexps) { $regexps = array(); } if (!isset($params[$field]) || !$params[$field]) { if (isset($field_param['default_on_fail'], $field_param['default']) && $field_param['default_on_fail']) { $params[$field] = $field_param['default']; } elseif (isset($field_param['errormsg'])) { $errors[$field] = sprintf($error_row, $field_param['errormsg']); if (isset($field_param['mandatory']) && $field_param['mandatory']["value"] === true) { if (isset($field_param['mandatory']['msg']) && !isset($errors[$field])) { $errors[$field] = sprintf($error_row, $field_param['mandatory']['msg']); } $field_succeed = false; $regexps = array(); } } elseif (isset($field_param['mandatory']) && $field_param['mandatory']["value"] === true) { if (isset($field_param['mandatory']['msg']) && !isset($errors[$field])) { $errors[$field] = sprintf($error_row, $field_param['mandatory']['msg']); } $field_succeed = false; $regexps = array(); } } foreach ($regexps as $regexp) { $isOk = false; if (is_array($regexp["value"])) { foreach ($regexp["value"] as $regexp_key => $regexp_value) { $pattern = "~" . trim($regexp_value, "/~ ") . "~"; if (isset($regexp['options'])) { $pattern .= is_array($regexp["options"]) && isset($regexp["options"][$regexp_key]) ? $regexp["options"][$regexp_key] : $regexp["options"]; } if (preg_match($pattern, $params[$field])) { $isOk = true; } } } else { $pattern = "~" . trim($regexp["value"], "~/ ") . "~"; if (isset($regexp['options'])) { $pattern .= $regexp['options']; } $isOk = preg_match($pattern, $params[$field]); } if (isset($params[$field]) && !$isOk) { if (isset($regexp['msg']) && !isset($errors[$field])) { $errors[$field] = sprintf($error_row, $regexp['msg']); } $field_succeed = false; } } if ($field_succeed) { if (isset($params[$field]) && isset($field_param["field"])) { if (isset($field_param['function']) && function_exists($field_param['function'])) { $fn = $field_param['function']; $submit_params[$field] = $fn($params[$field]); } else { $submit_params[$field] = $params[$field]; } $values[$field] = $submit_params[$field]; } } else { $succeed = false; } } } if ($succeed) { $method = isset($form->params['xmethod']) ? $form->params['xmethod'] : $form->params['method']; if (isset($form->params[$method . '_sql'])) { $sql = $form->params[$method . '_sql']; if (preg_match('/\\:[a-z0-9]+/im', $sql)) { // named parameters array_walk($sql_params, function ($value, &$key) { if (substr($key, 0, 1) != ':') { $key = ':' . $key; } }); } } else { $from = isset($form->params['from']) ? $form->params['from'] : $form->class; $from = \Routerunner\Common::dbField($from); $sql_params = array(); if ($method === 'post') { $sql = 'INSERT INTO ' . $from . ' ('; $fields = array(); foreach ($submit_params as $field => $submit_value) { $field_param = $form->fields[$field]; if (isset($params[$field]) && (!isset($field_param['fixed']) || $field_param['fixed'] !== true) && (!isset($field_param['field']) || $field_param['field'] !== false)) { $_field = isset($field_param['field']) ? $field_param['field'] : $field; $fields[] = \Routerunner\Common::dbField($_field); $param_key = \Routerunner\Common::dbField($_field, ':', '', '.', '` .', '.'); $sql_params[$param_key] = $submit_value; /* if (isset($submit_params[$field])) { $sql_params[$param_key] = $submit_params[$field]; } else { $sql_params[$param_key] = $params[$field]; } */ } } $sql .= implode(', ', $fields) . ') VALUES (' . implode(', ', array_keys($sql_params)) . ')'; } elseif ($method == 'put') { $sql = 'UPDATE ' . $from . ' SET '; $fields = array(); foreach ($submit_params as $field => $submit_value) { $field_param = $form->fields[$field]; if (isset($params[$field]) && (!isset($field_param['fixed']) || $field_param['fixed'] !== true) && (!isset($field_param['field']) || $field_param['field'] !== false)) { $_field = isset($field_param['field']) ? $field_param['field'] : $field; $row = \Routerunner\Common::dbField($_field) . ' = '; $param_key = \Routerunner\Common::dbField($_field, ':', '', '.', '` .', '.'); $row .= $param_key; $sql_params[$param_key] = $submit_value; /* if (isset($submit_params[$field])) { $sql_params[$param_key] = $submit_params[$field]; } else { $sql_params[$param_key] = $params[$field]; } */ $fields[] = $row; } } $sql .= implode(', ', $fields) . ' WHERE '; if (isset($form->params['condition'])) { $conditions = $form->params['condition']; while ($condition = array_shift($conditions)) { if (!is_array($condition)) { $condition = array($condition); } $add_condition = true; if (isset($condition[1]) && is_array($condition[1])) { foreach ($condition[1] as $condition_field => $condition_value) { if (isset($form->fields[$condition_value]['value'])) { $sql_params[$condition_field] = $form->fields[$condition_value]['value']; } else { $add_condition = false; } } } elseif (isset($condition[1])) { $sql_params[] = $condition[1]; } else { $add_condition = false; } if ($add_condition) { $sql .= $condition[0]; if (count($conditions) && isset($condition[2])) { $sql .= ' ' . $condition[2] . ' '; } } } } else { // exception } } elseif ($method == 'delete') { $sql = 'DELETE FROM ' . $from . ' WHERE '; if (isset($form->params['condition'])) { $conditions = $form->params['condition']; while ($condition = array_shift($conditions)) { if (!is_array($condition)) { $condition = array($condition); } $add_condition = true; if (isset($condition[1]) && is_array($condition[1])) { foreach ($condition[1] as $condition_field => $condition_value) { if (isset($form->fields[$condition_value]['value'])) { $sql_params[$condition_field] = $form->fields[$condition_value]['value']; } else { $add_condition = false; } } } elseif (isset($condition[1])) { $sql_params[] = $condition[1]; } else { $add_condition = false; } if ($add_condition) { $sql .= $condition[0]; if (count($conditions) && isset($condition[2])) { $sql .= ' ' . $condition[2] . ' '; } } } } elseif (isset($submit_params) && $submit_params) { $fields = array(); foreach ($submit_params as $field => $submit_value) { $field_param = $form->fields[$field]; if (isset($params[$field]) && (!isset($field_param['fixed']) || $field_param['fixed'] !== true) && (!isset($field_param['field']) || $field_param['field'] !== false)) { $_field = isset($field_param['field']) ? $field_param['field'] : $field; $row = \Routerunner\Common::dbField($_field) . ' = '; $param_key = \Routerunner\Common::dbField($_field, ':', '', '.', '` .', '.'); $row .= $param_key; $sql_params[$param_key] = $submit_value; /* if (isset($submit_params[$field])) { $sql_params[$param_key] = $submit_params[$field]; } else { $sql_params[$param_key] = $params[$field]; } */ $fields[] = $row; } } $sql .= implode(' AND ', $fields); } else { // exception } } } if ($return_SQL || $return_params) { $return_SQL = $sql; $return_params = $sql_params; } else { \Routerunner\Db::begin_transaction(); if ($method === 'post') { $succeed = \Routerunner\Db::insert($sql, $sql_params); } else { \Routerunner\Db::query($sql, $sql_params); } \Routerunner\Db::commit(); } } } return $succeed; }
public static function insert($SQL, $params = array()) { return \Routerunner\Db::insert($SQL, $params); }