function redirectTo($sURL, $nTime = 1)
{
// Sends the JS necessary to redirect the viewer to another URL.
// When using this class, PHP's header() function does not work anymore because we have output already.
// Most likely, this function is available, but we can't be sure.
if (function_exists('lovd_matchURL') && !lovd_matchURL($sURL, true)) {
return false;
}
if (!is_numeric($nTime)) {
$nTime = 1;
}
$nTime *= 1000;
// JS works in miliseconds, not seconds.
print '<SCRIPT type="text/javascript">setTimeout("window.location.href=\'' . str_replace('\'', '\\\'', $sURL) . '\'", ' . $nTime . ');</SCRIPT>' . "\n";
flush();
return true;
}
function checkFields($aData, $zData = false)
{
// Checks fields before submission of data.
global $_SETT;
$this->aCheckMandatory = array('system_title', 'email_address', 'refseq_build');
parent::checkFields($aData);
// Database URL is mandatory, if the option "Include in the global LOVD listing" is selected.
if (!empty($aData['include_in_listing']) && empty($aData['location_url'])) {
lovd_errorAdd('location_url', 'Please fill in an URL in the \'Database URL\' field, if you want this LOVD installation to be included in the global LOVD listing; otherwise disable the \'Include in the global LOVD listing\' setting below.');
}
// Database URL should be an URL.
if (!empty($aData['location_url']) && !lovd_matchURL($aData['location_url'])) {
lovd_errorAdd('location_url', 'Please fill in a correct URL in the \'Database URL\' field.');
}
// Email address.
if (!empty($aData['email_address']) && !lovd_matchEmail($aData['email_address'])) {
lovd_errorAdd('email_address', 'Please fill in a correct email address.');
}
// Refseq build should match the available builds.
if (!empty($aData['refseq_build']) && !array_key_exists($aData['refseq_build'], $_SETT['human_builds'])) {
lovd_errorAdd('refseq_build', 'Please select one of the available Human Builds.');
}
// Proxy server checks (valid hostname, valid port number, try connecting.
if (!empty($aData['proxy_host'])) {
// Pattern taken from lovd_matchURL().
if (!preg_match('/^([0-9]{1,3}(\\.[0-9]{1,3}){3}|(([0-9a-z][-0-9a-z]*[0-9a-z]|[0-9a-z])\\.?)+[a-z]{2,6})$/i', $aData['proxy_host'])) {
lovd_errorAdd('proxy_host', 'Please fill in a correct host name of the proxy server, if you wish to use one.');
} elseif (empty($aData['proxy_port'])) {
lovd_errorAdd('proxy_port', 'Please fill in a correct, numeric, port number of the proxy server, if you wish to use a proxy server.');
} else {
// Alright, let's try and connect.
// First: normal connect, direct, no outside connection requested.
$f = @fsockopen($aData['proxy_host'], $aData['proxy_port'], $nError, $sError, 5);
if ($f === false) {
lovd_errorAdd('proxy_host', 'Could not connect to given proxy server. Please check if the fields are correctly filled in.');
lovd_errorAdd('proxy_port', '');
} else {
$sRequest = 'GET ' . $_SETT['check_location_URL'] . ' HTTP/1.0' . "\r\n" . 'User-Agent: LOVDv.' . $_SETT['system']['version'] . " Proxy Check\r\n" . (empty($_POST['proxy_username']) || empty($_POST['proxy_password']) ? '' : 'Proxy-Authorization: Basic ' . base64_encode($_POST['proxy_username'] . ':' . $_POST['proxy_password']) . "\r\n") . 'Connection: Close' . "\r\n\r\n";
fputs($f, $sRequest);
$s = rtrim(fgets($f));
if (!preg_match('/^HTTP\\/1\\.. [23]/', $s, $aRegs)) {
// Allowing HTTP 2XX and 3XX.
if (preg_match('/^HTTP\\/1\\.. 407/', $s, $aRegs)) {
// Proxy needs username and password.
if (!empty($_POST['proxy_username']) && !empty($_POST['proxy_password'])) {
lovd_errorAdd('proxy_username', 'Invalid username/password combination for this proxy server. Please try again.');
lovd_errorAdd('proxy_password', '');
} else {
lovd_errorAdd('proxy_username', 'This proxy server requires a valid username and password. Please make sure you provide them both.');
lovd_errorAdd('proxy_password', '');
}
} else {
lovd_errorAdd('proxy_host', 'Unexpected answer from proxy when trying to connect upstream: ' . $s);
}
}
}
}
} elseif (!empty($aData['proxy_port'])) {
// We have a port number, but no host name.
lovd_errorAdd('proxy_host', 'Please also fill in a correct host name of the proxy server, if you wish to use one.');
}
// Custom logo must exist.
if (!empty($aData['logo_uri'])) {
// Determine if file can be read and is an image or not.
if (!is_readable(ROOT_PATH . $aData['logo_uri'])) {
lovd_errorAdd('logo_uri', 'Cannot read the custom logo file. Please make sure the path is correct and that the file can be read.');
} else {
$a = @getimagesize(ROOT_PATH . $aData['logo_uri']);
if (!is_array($a)) {
lovd_errorAdd('logo_uri', 'The custom logo file that you selected does not seem to be a picture.');
}
}
} else {
// FIXME; this is probably not the best way of doing this...
$_POST['logo_uri'] = 'gfx/LOVD3_logo145x50.jpg';
}
// FIXME; Like above, not the best solution, but gets the job done for now.
if (empty($aData['mutalyzer_soap_url'])) {
$_POST['mutalyzer_soap_url'] = 'https://mutalyzer.nl/services';
}
// SSL check.
if (!empty($aData['use_ssl']) && !SSL) {
lovd_errorAdd('use_ssl', 'You\'ve selected to force the use of SSL, but SSL is not currently activated for this session. To force SSL, I must be sure it\'s possible to approach LOVD through an SSL connection (use <A href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . ($_SERVER['QUERY_STRING'] ? '?' . str_replace('&sent=true', '', $_SERVER['QUERY_STRING']) : '') . '" target="_blank">https://</A> instead of http://).');
}
$_POST['api_feed_history'] = 0;
$_POST['allow_count_hidden_entries'] = 0;
$_POST['use_versioning'] = 0;
// XSS attack prevention. Deny input of HTML.
lovd_checkXSS();
}
function checkFields($aData, $zData = false)
{
// Checks fields before submission of data.
global $_DB;
// No mandatory fields, since all the gene data is in $_SESSION.
if (isset($aData['workID'])) {
unset($aData['workID']);
}
parent::checkFields($aData);
if (ACTION == 'create') {
if ($_DB->query('SELECT COUNT(*) FROM ' . TABLE_GENES . ' WHERE id = ?', array($zData['id']))->fetchColumn()) {
lovd_errorAdd('', 'Unable to add gene. This gene symbol already exists in the database!');
} elseif ($_DB->query('SELECT COUNT(*) FROM ' . TABLE_GENES . ' WHERE id_hgnc = ?', array($zData['id_hgnc']))->fetchColumn()) {
lovd_errorAdd('', 'Unable to add gene. A gene with this HGNC ID already exists in the database!');
}
}
if (lovd_getProjectFile() != '/import.php' && !in_array($aData['refseq_genomic'], $zData['genomic_references'])) {
lovd_errorAdd('refseq_genomic', 'Please select a proper NG, NC, or LRG accession number in the \'NCBI accession number for the genomic reference sequence\' selection box.');
}
if (!empty($aData['refseq']) && empty($aData['refseq_url'])) {
lovd_errorAdd('refseq', 'You have selected that there is a human-readable reference sequence. Please fill in the "Human-readable reference sequence location" field. Otherwise, select \'No\' for the "This gene has a human-readable reference sequence" field.');
}
if ($aData['disclaimer'] == 2 && empty($aData['disclaimer_text'])) {
lovd_errorAdd('disclaimer_text', 'If you wish to use an own disclaimer, please fill in the "Text for own disclaimer" field. Otherwise, select \'No\' for the "Include disclaimer" field.');
}
// Numeric values
$aCheck = array('header_align' => 'Header aligned to', 'footer_align' => 'Footer aligned to');
foreach ($aCheck as $key => $val) {
if ($aData[$key] && !is_numeric($aData[$key])) {
lovd_errorAdd($key, 'The \'' . $val . '\' field has to contain a numeric value.');
}
}
// URL values
if ($aData['url_homepage'] && !lovd_matchURL($aData['url_homepage'])) {
lovd_errorAdd('url_homepage', 'The \'Homepage URL\' field does not seem to contain a correct URL.');
}
if ($aData['refseq_url'] && !lovd_matchURL($aData['refseq_url'], true)) {
lovd_errorAdd('refseq_url', 'The \'Human-readable reference sequence location\' field does not seem to contain a correct URL.');
}
// List of external links.
if ($aData['url_external']) {
$aExternalLinks = explode("\r\n", $aData['url_external']);
foreach ($aExternalLinks as $n => $sLink) {
if (!lovd_matchURL($sLink) && (!preg_match('/^[^<>]+ <([^< >]+)>$/', $sLink, $aRegs) || !lovd_matchURL($aRegs[1]))) {
lovd_errorAdd('url_external', 'External link #' . ($n + 1) . ' (' . htmlspecialchars($sLink) . ') not understood.');
}
}
}
// XSS attack prevention. Deny input of HTML.
// Ignore the 'External links' field.
unset($aData['url_external'], $aData['disclaimer_text'], $aData['header'], $aData['footer'], $aData['note_index'], $aData['note_listing']);
lovd_checkXSS($aData);
}
