/** * Function KT_DynamicData replace all the dynamic data with their values; * @param string $expression The expression to be evaluated * @param object or null $tNG The tNG context in which the expression is evaluated * @param string $escapeMethod The string escape method for the evaluated values (rawurlencode and SQL) * @param booolean $useSavedData Weather to use the current tNG data or the saved values * @param array $extraParams Extra expression parameters passed when for evaluation (of form $key => $value; any encounter of key will be replaced with its value) * @return string the string with the dynamic data replaced with their values; */ function KT_DynamicData($expression, $tNG, $escapeMethod = '', $useSavedData = false, $extraParams = array(), $errorIfNotFound = true) { $PB = '{'; $PE = '}'; if (!is_string($expression)) { return $expression; } // DynamicData functions - use this to define more functions KT_getInternalTimeFormat(); $date_now = KT_convertDate(date('Y-m-d'), "yyyy-mm-dd", $GLOBALS['KT_screen_date_format']); $date_dt_now = KT_convertDate(date('Y-m-d H:i:s'), "yyyy-mm-dd HH:ii:ss", $GLOBALS['KT_screen_date_format'] . ' ' . $GLOBALS['KT_screen_time_format_internal']); $date_t_now = KT_convertDate(date('H:i:s'), "HH:ii:ss", $GLOBALS['KT_screen_time_format_internal']); $dynamicDataFunctions = array('NOW()' => $date_now, 'now()' => $date_now, 'NOW' => $date_now, 'now' => $date_now, 'NOW_DT()' => $date_dt_now, 'now_dt()' => $date_dt_now, 'NOW_DT' => $date_dt_now, 'now_dt' => $date_dt_now, 'NOW_T()' => $date_t_now, 'now_t()' => $date_t_now, 'NOW_T' => $date_t_now, 'now_t' => $date_t_now, 'KT_REFERRER' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', 'kt_referrer' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', 'KT_CSV_LINE' => isset($GLOBALS['KT_CSV_LINE']) ? $GLOBALS['KT_CSV_LINE'] : '', 'KT_XML_LINE' => isset($GLOBALS['KT_XML_LINE']) ? $GLOBALS['KT_XML_LINE'] : ''); $placeholdersArr = KT_getReplacementsFromMessage($expression); $replacementsArr = array(); switch ($escapeMethod) { case 'rawurlencode': break; case 'expression': break; case 'SQL': if (!isset($tNG)) { $escapeMethod = false; } break; default: $escapeMethod = false; break; } if ($useSavedData !== true) { $useSavedData = false; } foreach ($placeholdersArr as $key => $placeholder) { if (array_key_exists($placeholder, $extraParams)) { // extra params have priority 1 $placeholderType = 'tng_ddextra'; $placeholderName = $placeholder; } else { // functions have priority 2 if (array_key_exists($placeholder, $dynamicDataFunctions)) { $placeholderType = 'tNG_DDfunction'; $placeholderName = $placeholder; } else { $ptpos = strpos($placeholder, '.'); if (!$ptpos) { // tng field if (isset($tNG)) { // attached to a tng, replace field with value $placeholderType = 'tNG_tNGfield'; $placeholderName = $placeholder; } else { // no tng, leave as is $placeholderType = 'tNG_tNGfieldLater'; $placeholderName = $placeholder; } } else { $placeholderType = substr($placeholder, 0, $ptpos); $placeholderName = substr($placeholder, $ptpos + 1); } } } $placeholder = $PB . $placeholder . $PE; switch (strtolower($placeholderType)) { case 'tng_ddfunction': $replacementsArr[$placeholder] = $dynamicDataFunctions[$placeholderName]; break; case 'tng_ddextra': $replacementsArr[$placeholder] = $extraParams[$placeholderName]; break; case 'tng_tngfield': if ($useSavedData) { $placeholderValue = $tNG->getSavedValue($placeholderName); } else { if (isset($tNG->columns[$placeholderName]) || $placeholderName == $tNG->getPrimaryKey()) { $placeholderValue = $tNG->getColumnValue($placeholderName); $placeholderType = $tNG->getColumnType($placeholderName); } else { if ($errorIfNotFound == true) { die('KT_DynamicData:<br />Column ' . $placeholderName . ' is not part of the current transaction.'); } else { $placeholderValue = $placeholder; } } if ($escapeMethod == 'SQL') { $placeholderValue = KT_escapeForSql($placeholderValue, $placeholderType); } } $replacementsArr[$placeholder] = $placeholderValue; break; case 'tng_tngfieldlater': break; case 'get': $myPlaceholderName = $placeholderName; if (isset($tNG)) { if (isset($tNG->multipleIdx)) { $myPlaceholderName .= "_" . $tNG->multipleIdx; } } $replacementsArr[$placeholder] = KT_getRealValue("GET", $myPlaceholderName); if (!isset($replacementsArr[$placeholder])) { $replacementsArr[$placeholder] = KT_getRealValue("GET", $placeholderName); } break; case 'post': $myPlaceholderName = $placeholderName; if (isset($tNG)) { if (isset($tNG->multipleIdx)) { $myPlaceholderName .= "_" . $tNG->multipleIdx; } } $replacementsArr[$placeholder] = KT_getRealValue("POST", $myPlaceholderName); if (!isset($replacementsArr[$placeholder])) { $replacementsArr[$placeholder] = KT_getRealValue("POST", $placeholderName); } break; case 'cookie': $replacementsArr[$placeholder] = KT_getRealValue("COOKIE", $placeholderName); break; case 'session': KT_session_start(); $replacementsArr[$placeholder] = KT_getRealValue("SESSION", $placeholderName); break; case 'globals': $replacementsArr[$placeholder] = KT_getRealValue("GLOBALS", $placeholderName); break; case 'request': $replacementsArr[$placeholder] = KT_getRealValue("GLOBALS", $placeholderName); break; case 'server': $replacementsArr[$placeholder] = KT_getRealValue("SERVER", $placeholderName); break; case 'application': // CF only break; case 'csv': $replacementsArr[$placeholder] = KT_getRealValue("CSV", $placeholderName); break; default: // recordset if (isset($GLOBALS[$placeholderType])) { $rs = $GLOBALS[$placeholderType]; if (is_resource($rs)) { $placeholderValue = $GLOBALS["row_" . $placeholderType][$placeholderName]; } elseif (is_object($rs)) { $placeholderValue = $rs->Fields($placeholderName); } else { break; } } else { $placeholderValue = $placeholder; } $replacementsArr[$placeholder] = $placeholderValue; break; } } reset($replacementsArr); if ($escapeMethod == 'rawurlencode') { if (!array_key_exists("{kt_login_redirect}", $replacementsArr) && !array_key_exists("{kt_referrer}", $replacementsArr) && !array_key_exists("{KT_REFERRER}", $replacementsArr)) { $replacementsArr = array_map($escapeMethod, $replacementsArr); } } elseif ($escapeMethod == 'expression') { $replacementsArr = array_map('KT_escapeExpression', $replacementsArr); } $newexpression = str_replace(array_keys($replacementsArr), array_values($replacementsArr), $expression); /*if ($escapeMethod == 'expression') { echo $newexpression."\n<br/>\n"; }*/ return $newexpression; }
/** NAME: Execute DESCRIPTION: validates the columnsValue based on regExp and required information ARGUMENTS: none - property used: $columns $columnsValue RETURN: string - empty on succes , an error message if fails property changed: - none **/ function Execute() { $failed = false; $errObj = new tNG_error('', array(), array()); if ($this->mustValidate && count($this->columns) > 0) { $columnKeys = array_keys($this->columns); $cols = count($columnKeys); for ($i = 0; $i < $cols; $i++) { $doRequiredVal = true; $colIdx = $columnKeys[$i]; $column =& $this->columns[$colIdx]; if (!in_array($column['name'], array_keys($this->tNG->columns))) { continue; } // on update don't require FILE_TYPE and tNG password fields if ($this->tNG->getTransactionType() == '_update' || $this->tNG->getTransactionType() == '_multipleUpdate') { if ($this->tNG->getColumnType($column['name']) == 'FILE_TYPE') { $doRequiredVal = false; } if ($this->tNG->getTable() == $GLOBALS['tNG_login_config']["table"] && $column['name'] == $GLOBALS['tNG_login_config']["password_field"]) { $doRequiredVal = false; } // if it is setted to CURRVAL is not required; if ($this->tNG->columns[$column['name']]['method'] == 'CURRVAL') { $doRequiredVal = false; } } $hasRequiredError = false; $hasTypeError = false; $tmpFieldValue = $this->tNG->getColumnValue($column['name']); if ($column['type'] == 'date' && $column['format'] != '') { if (!in_array($this->tNG->getColumnType($column['name']), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) { $tmpFieldValue = KT_formatDate2DB($tmpFieldValue); } } $column['failed'] = false; // required parameter validation $colCustomMsg = $column['message']; if ($doRequiredVal && $column['required']) { if (strlen($colCustomMsg) == 0) { $colCustomMsg = $this->genericValidationMessages['required']; } if ((string) $tmpFieldValue == '') { $failed = true; $hasRequiredError = true; $column['failed'] = true; if ($this->tNG->exportsRecordset() !== true) { $colCustomMsg = KT_DynamicData($colCustomMsg, $this->tNG, '', $this->tNG->transactionType == '_delete'); $errObj->addDetails('%s', array($colCustomMsg), array($colCustomMsg)); } else { $errObj->setFieldError($column['name'], '%s', array($colCustomMsg)); } } } // type and format validation $colCustomMsg = $column['message']; if ($tmpFieldValue != '' && $column['type'] != '') { if (strlen($colCustomMsg) == 0) { $colCustomMsgBefore = $this->genericValidationMessages['format']; $colCustomMsgAfter = $this->genericValidationMessages[$column['type'] . '_' . $column['format']]; $colCustomMsg = sprintf($colCustomMsgBefore, $colCustomMsgAfter); } $tmpFieldValue = substr($tmpFieldValue, 0, 400); switch ($column['type']) { case 'regexp': $res = @preg_match($column['additional_params'], $tmpFieldValue); if ($res === false) { $hasTypeError = true; $colCustomMsgBefore = $this->genericValidationMessages['format']; $colCustomMsgAfter = $this->genericValidationMessages['regexp_failed']; $colCustomMsg = sprintf($colCustomMsgBefore, $colCustomMsgAfter); } if ($res === 0) { $hasTypeError = true; } break; case 'mask': $myRegexp = $this->mask2regexp($column['additional_params']); if (!preg_match($myRegexp, $tmpFieldValue)) { $hasTypeError = true; } break; case 'text': case 'numeric': case 'double': $type = $column['type']; $format = $column['format']; if (is_array($this->validationRules[$type][$format])) { $myValidationRule =& $this->validationRules[$type][$format]; if (isset($myValidationRule['mask'])) { $myRegexp = $this->mask2regexp($myValidationRule['mask']); $myValidationRule['regexp'] = $myRegexp; } if (isset($myValidationRule['regexp'])) { if (!preg_match($myValidationRule['regexp'], $tmpFieldValue)) { $hasTypeError = true; } } if (isset($myValidationRule['callback'])) { $ret = call_user_func(array('tNG_FormValidation', $myValidationRule['callback']), $tmpFieldValue); if (!$ret) { $hasTypeError = true; } } } break; case 'date': $format = $column['format']; $checkFullDateTime = true; switch ($format) { case 'date': $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format']); $checkFullDateTime = true; break; case 'time': $inFmtRule = KT_format2rule($GLOBALS['KT_db_time_format_internal']); $checkFullDateTime = false; break; case 'datetime': $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $checkFullDateTime = true; break; default: break 2; } $dateArr = KT_applyDate2rule($tmpFieldValue, $inFmtRule); $ret = KT_isValidDate($dateArr, $checkFullDateTime); if (!$ret) { $hasTypeError = true; } break; } } if (!$hasRequiredError && $hasTypeError) { $column['failed'] = true; $failed = true; if ($this->tNG->exportsRecordset() !== true) { $colCustomMsg = KT_DynamicData($colCustomMsg, $this->tNG, '', $this->tNG->transactionType == '_delete'); $errObj->addDetails('%s', array($colCustomMsg), array($colCustomMsg)); } else { $errObj->setFieldError($column['name'], '%s', array($colCustomMsg)); } } } for ($i = 0; $i < $cols; $i++) { $colIdx = $columnKeys[$i]; $column =& $this->columns[$colIdx]; if (!in_array($column['name'], array_keys($this->tNG->columns))) { continue; } $hasMinMaxError = false; $tmpFieldValue = $this->tNG->getColumnValue($column['name']); if ($column['type'] == 'date' && $column['format'] != '') { if (!in_array($this->tNG->getColumnType($column['name']), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) { $tmpFieldValue = KT_formatDate2DB($tmpFieldValue); } } // MIN MAX parameter validation $tNG_tNGfield_min = array(); $tNG_tNGfield_max = array(); $min = $column['min']; $min_placeholders = KT_getReplacementsFromMessage($min); if (count($min_placeholders) > 0) { foreach ($min_placeholders as $key => $placeholder) { if (strpos($placeholder, '.') === false) { $tNG_tNGfield_min[] = $placeholder; } } } $max = $column['max']; $max_placeholders = KT_getReplacementsFromMessage($max); if (count($max_placeholders) > 0) { foreach ($max_placeholders as $key => $placeholder) { if (strpos($placeholder, '.') === false) { $tNG_tNGfield_max[] = $placeholder; } } } $min = KT_DynamicData($min, $this->tNG); $max = KT_DynamicData($max, $this->tNG); // MIN parameter validation if ($tmpFieldValue != '' && $min != '') { if ($column['type'] == 'text') { if (strlen($tmpFieldValue) < $min) { $hasMinMaxError = true; } } if (in_array($column['type'], array('numeric', 'double'))) { $evaluateNumeric = true; if (count($tNG_tNGfield_min) > 0) { foreach ($tNG_tNGfield_min as $key => $tNG_tNGfield) { if (!isset($this->columns[$tNG_tNGfield]) || !in_array($this->columns[$tNG_tNGfield]['type'], array('numeric', 'double')) || $this->columns[$tNG_tNGfield]['format'] == '' || $column['failed']) { $evaluateNumeric = false; break; } } } $tmpFieldValue = str_replace(',', '.', $tmpFieldValue); $min = str_replace(',', '.', $min); if ($evaluateNumeric) { $min = $this->tNG->evaluateNumeric($min); } if (floatval($tmpFieldValue) < floatval($min)) { $hasMinMaxError = true; } } if ($column['type'] == 'date') { if (count($tNG_tNGfield_min) > 0) { foreach ($tNG_tNGfield_min as $key => $tNG_tNGfield) { if (in_array($this->tNG->getColumnType($tNG_tNGfield), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) { $min = KT_formatDate($min); break; } } } $minDate = KT_formatDate2DB($min); $format = $column['format']; $checkFullDateTime = true; switch ($format) { case 'date': $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format']); $checkFullDateTime = true; break; case 'time': $inFmtRule = KT_format2rule($GLOBALS['KT_db_time_format_internal']); $checkFullDateTime = false; break; case 'datetime': $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $checkFullDateTime = true; break; default: break 2; } $dateArr = KT_applyDate2rule($tmpFieldValue, $inFmtRule); $minArr = KT_applyDate2rule($minDate, $inFmtRule); if (KT_isValidDate($minArr, $checkFullDateTime)) { if (KT_compareDates($dateArr, $minArr) === 1) { $hasMinMaxError = true; } } } } // MAX parameter validation if ($tmpFieldValue != '' && $max != '') { if ($column['type'] == 'text') { if (strlen($tmpFieldValue) > $max) { $hasMinMaxError = true; } } if (in_array($column['type'], array('numeric', 'double'))) { $evaluateNumeric = true; if (count($tNG_tNGfield_max) > 0) { foreach ($tNG_tNGfield_max as $key => $tNG_tNGfield) { if (!isset($this->columns[$tNG_tNGfield]) || !in_array($this->columns[$tNG_tNGfield]['type'], array('numeric', 'double')) || $this->columns[$tNG_tNGfield]['format'] == '' || $column['failed']) { $evaluateNumeric = false; break; } } } $tmpFieldValue = str_replace(',', '.', $tmpFieldValue); $max = str_replace(',', '.', $max); if ($evaluateNumeric) { $max = $this->tNG->evaluateNumeric($max); } if (floatval($tmpFieldValue) > floatval($max)) { $hasMinMaxError = true; } } if ($column['type'] == 'date') { if (count($tNG_tNGfield_max) > 0) { foreach ($tNG_tNGfield_max as $key => $tNG_tNGfield) { if (in_array($this->tNG->getColumnType($tNG_tNGfield), array('DATE_TYPE', 'DATE_ACCESS_TYPE'))) { $max = KT_formatDate($max); break; } } } $maxDate = KT_formatDate2DB($max); $format = $column['format']; $checkFullDateTime = true; switch ($format) { case 'date': $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format']); $checkFullDateTime = true; break; case 'time': $inFmtRule = KT_format2rule($GLOBALS['KT_db_time_format_internal']); $checkFullDateTime = false; break; case 'datetime': $inFmtRule = KT_format2rule($GLOBALS['KT_db_date_format'] . ' ' . $GLOBALS['KT_db_time_format_internal']); $checkFullDateTime = true; break; default: break 2; } $dateArr = KT_applyDate2rule($tmpFieldValue, $inFmtRule); $maxArr = KT_applyDate2rule($maxDate, $inFmtRule); if (KT_isValidDate($maxArr, $checkFullDateTime)) { if (KT_compareDates($dateArr, $maxArr) === -1) { $hasMinMaxError = true; } } } } $colCustomMsg = $column['message']; if (strlen($colCustomMsg) == 0) { $colCustomMsgBefore = $column['type'] == 'text' ? 'text' : 'other'; if ($min != '' && $max != '') { $colCustomMsgAfter = 'between'; $colCustomMsg = $this->genericValidationMessages[$colCustomMsgBefore . '_' . $colCustomMsgAfter]; $colCustomMsg = sprintf($colCustomMsg, $min, $max); } elseif ($min != '') { $colCustomMsgAfter = 'min'; $colCustomMsg = $this->genericValidationMessages[$colCustomMsgBefore . '_' . $colCustomMsgAfter]; $colCustomMsg = sprintf($colCustomMsg, $min); } else { $colCustomMsgAfter = 'max'; $colCustomMsg = $this->genericValidationMessages[$colCustomMsgBefore . '_' . $colCustomMsgAfter]; $colCustomMsg = sprintf($colCustomMsg, $max); } } if ($hasMinMaxError && $column['failed'] == false) { $column['failed'] = true; $failed = true; if ($this->tNG->exportsRecordset() !== true) { $colCustomMsg = KT_DynamicData($colCustomMsg, $this->tNG, '', $this->tNG->transactionType == '_delete'); $errObj->addDetails('%s', array($colCustomMsg), array($colCustomMsg)); } else { $errObj->setFieldError($column['name'], '%s', array($colCustomMsg)); } } } } if (!$failed) { $errObj = null; } else { if ($this->tNG->exportsRecordset() === true) { $errObj->addDetails('%s', array($this->genericValidationMessages['failed']), array('')); } } return $errObj; }