Exemple #1
0
    /**
     * Load data from Request form fields.
     *
     * @return boolean true if loaded data seems valid.
     */
    function load_from_Request()
    {
        global $DB, $Settings, $UserSettings, $GroupCache, $Messages, $action;
        global $current_User, $Session, $localtimenow;
        $is_new_user = $this->ID == 0;
        // ---- Login checking / START ----
        $edited_user_login = param('edited_user_login', 'string');
        if (empty($edited_user_login)) {
            // Empty login
            param_error('edited_user_login', T_('Please enter your login.'));
        }
        param_check_valid_login('edited_user_login');
        $UserCache =& get_UserCache();
        $UserLogin = $UserCache->get_by_login($edited_user_login);
        if ($UserLogin && $UserLogin->ID != $this->ID) {
            // The login is already registered
            $login_error_message = T_('This login already exists.');
            if ($current_User->check_perm('users', 'edit')) {
                $login_error_message = sprintf(T_('This login &laquo;%s&raquo; already exists. Do you want to <a %s>edit the existing user</a>?'), $edited_user_login, 'href="' . get_user_settings_url('profile', $UserLogin->ID) . '"');
            }
            param_error('edited_user_login', $login_error_message);
        }
        if (!param_has_error('edited_user_login')) {
            // We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes:
            $this->set_from_Request('login', 'edited_user_login', true, 'utf8_strtolower');
        }
        // ---- Login checking / END ----
        $is_identity_form = param('identity_form', 'boolean', false);
        $is_admin_form = param('admin_form', 'boolean', false);
        $has_full_access = $current_User->check_perm('users', 'edit');
        $has_moderate_access = $current_User->check_perm('users', 'moderate');
        // ******* Admin form or new user create ******* //
        // In both cases current user must have users edit permission!
        if (($is_admin_form || $is_identity_form && $is_new_user) && $has_moderate_access) {
            // level/group and email options are displayed on identity form only when creating a new user.
            if ($this->ID != 1) {
                // the admin user group can't be changed
                param_integer_range('edited_user_level', 0, 10, T_('User level must be between %d and %d.'));
                $this->set_from_Request('level', 'edited_user_level', true);
                $edited_user_Group = $GroupCache->get_by_ID(param('edited_user_grp_ID', 'integer'));
                if ($has_full_access || $has_moderate_access && $edited_user_Group->get('level') < $current_User->get_Group()->get('level')) {
                    $this->set_Group($edited_user_Group);
                }
            }
            param('edited_user_source', 'string', true);
            $this->set_from_Request('source', 'edited_user_source', true);
            // set email, without changing the user status
            $edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true));
            param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.'));
            param_check_email('edited_user_email', true);
            $this->set_email($edited_user_email, false);
            if ($is_admin_form) {
                // Admin form
                $notification_sender_email = utf8_strtolower(param('notification_sender_email', 'string', true));
                param_check_email('notification_sender_email');
                if (!empty($notification_sender_email)) {
                    // Change a value of setting
                    $UserSettings->set('notification_sender_email', $notification_sender_email, $this->ID);
                } elseif ($UserSettings->get('notification_sender_email', $this->ID) != '') {
                    // Delete a setting record from DB
                    $UserSettings->delete('notification_sender_email', $this->ID);
                }
                $notification_sender_name = param('notification_sender_name', 'string', true);
                if (!empty($notification_sender_name)) {
                    // Change a value of setting
                    $UserSettings->set('notification_sender_name', $notification_sender_name, $this->ID);
                } elseif ($UserSettings->get('notification_sender_name', $this->ID) != '') {
                    // Delete a setting record from DB
                    $UserSettings->delete('notification_sender_name', $this->ID);
                }
                if ($has_full_access && !isset($this->dbchanges['user_email'])) {
                    // If email address is not changed
                    // Update status of email address in the T_email_address table
                    $edited_email_status = param('edited_email_status', 'string');
                    $EmailAddressCache =& get_EmailAddressCache();
                    $EmailAddress =& $EmailAddressCache->get_by_name($this->get('email'), false, false);
                    if (!$EmailAddress && $edited_email_status != 'unknown') {
                        // Create new record in the T_email_address table
                        $EmailAddress = new EmailAddress();
                        $EmailAddress->set('address', $this->get('email'));
                    }
                    if (!empty($EmailAddress)) {
                        // Save status of an email address
                        $EmailAddress->set('status', $edited_email_status);
                        $EmailAddress->dbsave();
                    }
                }
                if ($current_User->check_perm('spamblacklist', 'edit')) {
                    // User can edit IP ranges
                    // Update status of IP range in DB
                    $edited_iprange_status = param('edited_iprange_status', 'string');
                    $IPRangeCache =& get_IPRangeCache();
                    $IPRange =& $IPRangeCache->get_by_ip(int2ip($UserSettings->get('created_fromIPv4', $this->ID)));
                    if (!$IPRange && !empty($edited_iprange_status)) {
                        // IP range doesn't exist in DB, Create new record
                        $ip_24bit_start = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.0', int2ip($UserSettings->get('created_fromIPv4', $this->ID))));
                        $ip_24bit_end = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.255', int2ip($UserSettings->get('created_fromIPv4', $this->ID))));
                        $IPRange = new IPRange();
                        $IPRange->set('IPv4start', $ip_24bit_start);
                        $IPRange->set('IPv4end', $ip_24bit_end);
                        $IPRange->set('user_count', 1);
                    }
                    if ($IPRange) {
                        // Save status of IP range
                        if ($IPRange->get('status') != 'blocked' && $edited_iprange_status == 'blocked') {
                            // Status was changed to blocked, we should increase counter
                            $IPRange->set('block_count', $IPRange->block_count + 1);
                        } else {
                            if ($IPRange->get('status') == 'blocked' && $edited_iprange_status != 'blocked') {
                                // Status was changed from blocked to another, we should decrease counter
                                $IPRange->set('block_count', $IPRange->block_count - 1);
                            }
                        }
                        $IPRange->set('status', $edited_iprange_status, true);
                        $IPRange->dbsave();
                    }
                }
                if ($current_User->check_perm('stats', 'edit')) {
                    // User can edit Domains
                    $DomainCache =& get_DomainCache();
                    // Update status of Domain in DB
                    $edited_domain_status = param('edited_domain_status', 'string');
                    $user_domain = $UserSettings->get('user_domain', $this->ID);
                    $Domain =& $DomainCache->get_by_name($user_domain, false, false);
                    if (!$Domain && $edited_domain_status != 'unknown' && !empty($user_domain)) {
                        // Domain doesn't exist in DB, Create new record
                        $Domain = new Domain();
                        $Domain->set('name', $user_domain);
                    }
                    if ($Domain) {
                        // Save status of Domain
                        $Domain->set('status', $edited_domain_status, true);
                        $Domain->dbsave();
                    }
                    // Update status of Initial referer in DB
                    load_funcs('sessions/model/_hitlog.funcs.php');
                    $edited_initial_referer_status = param('edited_initial_referer_status', 'string');
                    $initial_referer = $UserSettings->get('initial_referer', $this->ID);
                    $initial_referer_domain = url_part($initial_referer, 'host');
                    $Domain =& get_Domain_by_url($initial_referer);
                    if (!$Domain && $edited_initial_referer_status != 'unknown' && !empty($initial_referer_domain)) {
                        // Domain doesn't exist in DB, Create new record
                        $Domain = new Domain();
                        $Domain->set('name', $initial_referer_domain);
                    }
                    if ($Domain) {
                        // Save status of Domain
                        $Domain->set('status', $edited_initial_referer_status, true);
                        $Domain->dbsave();
                    }
                }
            }
        }
        // ******* Identity form ******* //
        if ($is_identity_form) {
            $can_edit_users = $current_User->check_perm('users', 'edit');
            $edited_user_perms = array('edited-user', 'edited-user-required');
            global $edited_user_age_min, $edited_user_age_max;
            param('edited_user_age_min', 'string', true);
            param('edited_user_age_max', 'string', true);
            param_check_interval('edited_user_age_min', 'edited_user_age_max', T_('Age must be a number.'), T_('The first age must be lower than (or equal to) the second.'));
            if (!param_has_error('edited_user_age_min') && $Settings->get('minimum_age') > 0 && !empty($edited_user_age_min) && $edited_user_age_min < $Settings->get('minimum_age')) {
                // Limit user by minimum age
                param_error('edited_user_age_min', sprintf(T_('You must be at least %d years old to use this service.'), $Settings->get('minimum_age')));
            }
            $this->set_from_Request('age_min', 'edited_user_age_min', true);
            $this->set_from_Request('age_max', 'edited_user_age_max', true);
            $firstname_editing = $Settings->get('firstname_editing');
            if (in_array($firstname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $firstname_editing != 'hidden' && $can_edit_users) {
                // User has a permissions to save Firstname
                param('edited_user_firstname', 'string', true);
                if ($firstname_editing == 'edited-user-required') {
                    // First name is required
                    if ($can_edit_users) {
                        // Display a note message if user can edit all users
                        param_add_message_to_Log('edited_user_firstname', T_('Please enter your first name.'), 'note');
                    } else {
                        // Display an error message
                        param_check_not_empty('edited_user_firstname', T_('Please enter your first name.'));
                    }
                }
                $this->set_from_Request('firstname', 'edited_user_firstname', true);
            }
            $lastname_editing = $Settings->get('lastname_editing');
            if (in_array($lastname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $lastname_editing != 'hidden' && $can_edit_users) {
                // User has a permissions to save Lastname
                param('edited_user_lastname', 'string', true);
                if ($lastname_editing == 'edited-user-required') {
                    // Last name is required
                    if ($can_edit_users) {
                        // Display a note message if user can edit all users
                        param_add_message_to_Log('edited_user_lastname', T_('Please enter last name.'), 'note');
                    } else {
                        // Display an error message
                        param_check_not_empty('edited_user_lastname', T_('Please enter last name.'));
                    }
                }
                $this->set_from_Request('lastname', 'edited_user_lastname', true);
            }
            $nickname_editing = $Settings->get('nickname_editing');
            if (in_array($nickname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $nickname_editing != 'hidden' && $can_edit_users) {
                // User has a permissions to save Nickname
                param('edited_user_nickname', 'string', true);
                if ($nickname_editing == 'edited-user-required') {
                    // Nickname is required
                    if ($can_edit_users) {
                        // Display a note message if user can edit all users
                        param_add_message_to_Log('edited_user_nickname', T_('Please enter your nickname.'), 'note');
                    } else {
                        // Display an error message
                        param_check_not_empty('edited_user_nickname', T_('Please enter your nickname.'));
                    }
                }
                $this->set_from_Request('nickname', 'edited_user_nickname', true);
            }
            param('edited_user_gender', 'string', '');
            if (param_check_gender('edited_user_gender', $Settings->get('registration_require_gender') == 'required')) {
                $this->set_from_Request('gender', 'edited_user_gender', true);
            }
            // ---- Locations / START ----
            load_funcs('regional/model/_regional.funcs.php');
            if (user_country_visible()) {
                // Save country
                $country_ID = param('edited_user_ctry_ID', 'integer', true);
                $country_is_required = $Settings->get('location_country') == 'required' && countries_exist();
                if ($country_is_required && $can_edit_users && $country_ID == 0) {
                    // Display a note message if user can edit all users
                    param_add_message_to_Log('edited_user_ctry_ID', T_('Please select a country.'), 'note');
                } else {
                    // Display an error message
                    param_check_number('edited_user_ctry_ID', T_('Please select a country.'), $country_is_required);
                }
                $this->set_from_Request('ctry_ID', 'edited_user_ctry_ID', true);
            }
            if (user_region_visible()) {
                // Save region
                $region_ID = param('edited_user_rgn_ID', 'integer', true);
                $region_is_required = $Settings->get('location_region') == 'required' && regions_exist($country_ID);
                if ($region_is_required && $can_edit_users && $region_ID == 0) {
                    // Display a note message if user can edit all users
                    param_add_message_to_Log('edited_user_rgn_ID', T_('Please select a region.'), 'note');
                } else {
                    // Display an error message
                    param_check_number('edited_user_rgn_ID', T_('Please select a region'), $region_is_required);
                }
                $this->set_from_Request('rgn_ID', 'edited_user_rgn_ID', true);
            }
            if (user_subregion_visible()) {
                // Save subregion
                $subregion_ID = param('edited_user_subrg_ID', 'integer', true);
                $subregion_is_required = $Settings->get('location_subregion') == 'required' && subregions_exist($region_ID);
                if ($subregion_is_required && $can_edit_users && $subregion_ID == 0) {
                    // Display a note message if user can edit all users
                    param_add_message_to_Log('edited_user_subrg_ID', T_('Please select a sub-region.'), 'note');
                } else {
                    // Display an error message
                    param_check_number('edited_user_subrg_ID', T_('Please select a sub-region.'), $subregion_is_required);
                }
                $this->set_from_Request('subrg_ID', 'edited_user_subrg_ID', true);
            }
            if (user_city_visible()) {
                // Save city
                $city_ID = param('edited_user_city_ID', 'integer', true);
                $city_is_required = $Settings->get('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID);
                if ($city_is_required && $can_edit_users && $city_ID == 0) {
                    // Display a note message if user can edit all users
                    param_add_message_to_Log('edited_user_city_ID', T_('Please select a city.'), 'note');
                } else {
                    // Display an error message
                    param_check_number('edited_user_city_ID', T_('Please select a city.'), $city_is_required);
                }
                $this->set_from_Request('city_ID', 'edited_user_city_ID', true);
            }
            // ---- Locations / END ----
            // ---- Organizations / START ----
            $organizations = param('organizations', 'array:string');
            $org_roles = param('org_roles', 'array:string');
            $this->update_organizations($organizations, $org_roles);
            // ---- Organizations / END ----
            // ---- Additional Fields / START ----
            // Load all defined userfields for following checking of required fields
            $this->userfield_defs_load();
            // EXPERIMENTAL user fields & EXISTING fields:
            // Get indices of existing userfields:
            $userfield_IDs = $DB->get_results('
						SELECT uf_ID, uf_ufdf_ID
							FROM T_users__fields
						 WHERE uf_user_ID = ' . $this->ID);
            foreach ($userfield_IDs as $userfield) {
                if (!isset($this->userfield_defs[$userfield->uf_ufdf_ID])) {
                    // If user field definition doesn't exist in DB then delete field value of this user:
                    $this->userfield_update($userfield->uf_ID, NULL);
                    continue;
                }
                $field_type = $this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'text' ? 'text' : 'string';
                $uf_val = param('uf_' . $userfield->uf_ID, $field_type, '');
                if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'list' && $uf_val == '---') {
                    // Option list has a value '---' for empty value
                    $uf_val = '';
                }
                $uf_val = trim(strip_tags($uf_val));
                if (empty($uf_val) && $this->userfield_defs[$userfield->uf_ufdf_ID][2] == 'require') {
                    // Display error for empty required field
                    if ($current_User->check_perm('users', 'edit')) {
                        // Display a note message if user can edit all users
                        param_add_message_to_Log('uf_' . $userfield->uf_ID, sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$userfield->uf_ufdf_ID][1]), 'note');
                    } else {
                        // Display an error message
                        param_error('uf_' . $userfield->uf_ID, T_('Please enter a value.'));
                    }
                } else {
                    // Update field
                    if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'url') {
                        // Check url fields
                        param_check_url('uf_' . $userfield->uf_ID, 'commenting');
                    }
                    if ($this->userfield_defs[$userfield->uf_ufdf_ID][4] == 'list') {
                        // Option "Multiple values" == "List style"
                        // Split by comma and save each phrase as separate field
                        $uf_val = explode(',', $uf_val);
                        foreach ($uf_val as $v => $val) {
                            $val = trim($val);
                            if ($v == 0) {
                                // Update field with first value
                                $this->userfield_update($userfield->uf_ID, $val);
                            } else {
                                if (!empty($val)) {
                                    // Add a new field for new values
                                    $this->userfield_add($userfield->uf_ufdf_ID, $val);
                                }
                            }
                        }
                    } else {
                        // Forbidden & Allowed fields
                        $this->userfield_update($userfield->uf_ID, $uf_val);
                    }
                }
            }
            // Duplicate fields:
            if ($is_new_user) {
                $user_id = param('orig_user_ID', 'integer', 0);
                if ($user_id !== 0) {
                    $userfield_IDs = $DB->get_results('
								SELECT uf_ID, uf_ufdf_ID
									FROM T_users__fields
								 WHERE uf_user_ID = ' . $user_id);
                    foreach ($userfield_IDs as $userfield_ID) {
                        $uf_val = param('uf_' . $userfield_ID->uf_ID, 'string', '');
                        $uf_type = $userfield_ID->uf_ufdf_ID;
                        if (!empty($uf_val)) {
                            $this->userfield_add($uf_type, $uf_val);
                        }
                    }
                }
            }
            $uf_new_fields = param('uf_new', 'array:array:string');
            // Recommended & required fields (it still not saved in DB)
            $uf_add_fields = param('uf_add', 'array:array:string');
            // Added fields
            // Add a new field: (JS is not enabled)
            if ($action == 'add_field') {
                // Button 'Add' new field is pressed
                $new_field_type = param('new_field_type', 'integer', 0);
                if (empty($new_field_type)) {
                    // We cannot add a new field without type
                    param_error('new_field_type', T_('Please select a field type.'));
                } else {
                    // Save an adding field(in the array) to display it again if errors will be exist
                    $new_field_type_exists = false;
                    if ($this->userfield_defs[$new_field_type][4] == 'allowed' || $this->userfield_defs[$new_field_type][4] == 'list') {
                        // This field can be duplicated
                        global $add_field_types;
                        $add_field_types = array($new_field_type);
                    } else {
                        // We should to solve we can add this field or don't
                        if (!isset($uf_new_fields[$new_field_type]) && !isset($uf_add_fields[$new_field_type])) {
                            // User is adding this field first time
                            if (is_array($userfield_IDs) && count($userfield_IDs) > 0) {
                                // User has fields that saved in DB
                                foreach ($userfield_IDs as $userfield) {
                                    if ($userfield->uf_ufdf_ID == $new_field_type) {
                                        // New adding field already exists for current user in DB
                                        $new_field_type_exists = true;
                                        break;
                                    }
                                }
                            }
                            if (!$new_field_type_exists) {
                                // Field doesn't still exist for current user
                                global $add_field_types;
                                $add_field_types = array($new_field_type);
                            }
                        } else {
                            // Field exists, no duplicates available
                            $new_field_type_exists = true;
                        }
                        if ($new_field_type_exists) {
                            // Field already is added for current user, we should display error about this
                            param_error('new_field_type', T_('You already added this field, please select another.'));
                        }
                    }
                    if (!$new_field_type_exists) {
                        // Mark a new field to enter a value
                        param_error('uf_add[' . $new_field_type . '][]', T_('Please enter a value in this new field.'));
                    }
                }
            }
            // Save a New recommended & require fields AND Adding fields
            if (count($uf_new_fields) > 0 || count($uf_add_fields) > 0) {
                $uf_fields = array('new' => $uf_new_fields, 'add' => $uf_add_fields);
                foreach ($uf_fields as $uf_type => $uf_new_fields) {
                    if ($uf_type == 'add') {
                        // Save an adding fields to display it again if errors will be exist
                        global $add_field_types;
                        if (!isset($add_field_types)) {
                            // Don't rewrite already existing array
                            $add_field_types = array();
                        }
                    }
                    foreach ($uf_new_fields as $uf_new_id => $uf_new_vals) {
                        foreach ($uf_new_vals as $uf_new_val) {
                            if ($this->userfield_defs[$uf_new_id][0] == 'list' && $uf_new_val == '---') {
                                // Option list has a value '---' for empty value
                                $uf_new_val = '';
                            }
                            $uf_new_val = trim(strip_tags($uf_new_val));
                            if ($uf_new_val != '') {
                                // Insert a new field in DB if it is filled
                                if ($this->userfield_defs[$uf_new_id][0] == 'url') {
                                    // Check url fields
                                    param_check_url('uf_' . $uf_type . '[' . $uf_new_id . '][]', 'commenting');
                                }
                                if ($this->userfield_defs[$uf_new_id][4] == 'list') {
                                    // Option "Multiple values" == "List style"
                                    // Split by comma and save each phrase as separate field
                                    $uf_new_val = explode(',', $uf_new_val);
                                    foreach ($uf_new_val as $val) {
                                        $val = trim($val);
                                        if (!empty($val)) {
                                            // Exclude empty values(spaces)
                                            $this->userfield_add((int) $uf_new_id, $val);
                                        }
                                    }
                                } else {
                                    // Forbidden & Allowed fields
                                    $this->userfield_add((int) $uf_new_id, $uf_new_val);
                                }
                            } elseif (empty($uf_new_val) && $this->userfield_defs[$uf_new_id][2] == 'require') {
                                // Display error for empty required field & new adding field
                                if ($current_User->check_perm('users', 'edit')) {
                                    // Display a note message if user can edit all users
                                    param_add_message_to_Log('uf_' . $uf_type . '[' . $uf_new_id . '][]', sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$uf_new_id][1]), 'note');
                                } else {
                                    // Display an error message
                                    param_error('uf_' . $uf_type . '[' . $uf_new_id . '][]', T_('Please enter a value.'));
                                }
                            }
                            if ($uf_type == 'add') {
                                // Save new added field, it used on the _user_identity.form
                                $add_field_types[] = $uf_new_id;
                            }
                        }
                    }
                }
            }
            // ---- Additional Fields / END ----
            // update profileupdate_date, because a publicly visible user property was changed
            $this->set_profileupdate_date();
        }
        // ******* Password form ******* //
        $is_password_form = param('password_form', 'boolean', false);
        if ($is_password_form || $is_new_user) {
            $reqID = param('reqID', 'string', '');
            global $edited_user_pass1, $edited_user_pass2;
            $edited_user_pass1 = param('edited_user_pass1', 'string', true);
            $edited_user_pass2 = param('edited_user_pass2', 'string', true);
            // Remove the invalid chars from password vars
            $edited_user_pass1 = preg_replace('/[<>&]/', '', $edited_user_pass1);
            $edited_user_pass2 = preg_replace('/[<>&]/', '', $edited_user_pass2);
            if ($is_new_user || !empty($reqID) && $reqID == $Session->get('core.changepwd.request_id')) {
                // current password is not required:
                //   - new user creating process
                //   - password change requested by email
                if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'))) {
                    // We can set password
                    $this->set_password($edited_user_pass2);
                }
            } else {
                // ******* Password edit form ****** //
                $current_user_pass = param('current_user_pass', 'string', true);
                if ($this->ID != $current_User->ID) {
                    // Set the messages when admin changes a password of other user
                    $checkpwd_params = array('msg_pass_new' => T_('Please enter new password.'), 'msg_pass_twice' => T_('Please enter new password twice.'));
                } else {
                    // Use default messages
                    $checkpwd_params = array();
                }
                if (!strlen($current_user_pass)) {
                    param_error('current_user_pass', T_('Please enter your current password.'));
                    param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params);
                } else {
                    if ($has_full_access && $this->ID != $current_User->ID) {
                        // Admin is changing a password of other user, Check a password of current admin
                        $pass_to_check = $current_User->pass;
                        $current_user_salt = $current_User->salt;
                    } else {
                        // User is changing own pasword
                        $pass_to_check = $this->pass;
                        $current_user_salt = $this->salt;
                    }
                    if ($pass_to_check == md5($current_user_salt . $current_user_pass, true)) {
                        if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params)) {
                            // We can set password
                            $this->set_password($edited_user_pass2);
                        }
                    } else {
                        param_error('current_user_pass', T_('Your current password is incorrect.'));
                        param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params);
                    }
                }
            }
        }
        // Used in Preferences & Notifications forms
        $has_messaging_perm = $this->check_perm('perm_messaging', 'reply');
        // ******* Preferences form ******* //
        $is_preferences_form = param('preferences_form', 'boolean', false);
        if ($is_preferences_form) {
            // Other preferences
            param('edited_user_locale', 'string', true);
            $this->set_from_Request('locale', 'edited_user_locale', true);
            // Session timeout
            $edited_user_timeout_sessions = param('edited_user_timeout_sessions', 'string', NULL);
            if (isset($edited_user_timeout_sessions) && ($current_User->ID == $this->ID || $current_User->check_perm('users', 'edit'))) {
                switch ($edited_user_timeout_sessions) {
                    case 'default':
                        $UserSettings->set('timeout_sessions', NULL, $this->ID);
                        break;
                    case 'custom':
                        $UserSettings->set('timeout_sessions', param_duration('timeout_sessions'), $this->ID);
                        break;
                }
            }
            $UserSettings->set('show_online', param('edited_user_showonline', 'integer', 0), $this->ID);
        }
        // ******* Notifications form ******* //
        $is_subscriptions_form = param('subscriptions_form', 'boolean', false);
        if ($is_subscriptions_form) {
            if ($action == 'subscribe') {
                // Do only subscribe to new blog (Don't update the user's settings from the same form)
                // A selected blog to subscribe
                $subscribe_blog_ID = param('subscribe_blog', 'integer', 0);
                // Get checkbox values:
                $sub_items = param('sub_items_new', 'integer', 0);
                $sub_comments = param('sub_comments_new', 'integer', 0);
                // Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something
                if ($subscribe_blog_ID && ($sub_items || $sub_comments)) {
                    // We need to record values:
                    $DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments )
					  VALUES ( ' . $DB->quote($subscribe_blog_ID) . ', ' . $DB->quote($this->ID) . ', ' . $DB->quote($sub_items) . ', ' . $DB->quote($sub_comments) . ' )');
                    $Messages->add(T_('Subscriptions have been changed.'), 'success');
                } else {
                    // Display an error message to inform user about incorrect actions
                    $Messages->add(T_('Please select at least one setting to subscribe on the selected blog.'), 'error');
                }
            } else {
                // Update user's settings
                // Email communication
                $edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true));
                param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.'));
                param_check_email('edited_user_email', true);
                $this->set_email($edited_user_email);
                // set messaging options
                if ($has_messaging_perm) {
                    $UserSettings->set('enable_PM', param('PM', 'integer', 0), $this->ID);
                }
                $emails_msgform = $Settings->get('emails_msgform');
                if ($emails_msgform == 'userset' || $emails_msgform == 'adminset' && $current_User->check_perm('users', 'edit')) {
                    // enable email option is displayed only if user can set or if admin can set and current User is an administrator
                    $UserSettings->set('enable_email', param('email', 'integer', 0), $this->ID);
                }
                // Email format
                $UserSettings->set('email_format', param('edited_user_email_format', 'string', 'auto'), $this->ID);
                // set notification options
                if ($has_messaging_perm) {
                    // update 'notify messages' only if user has messaging rights and this option was displayed
                    $UserSettings->set('notify_messages', param('edited_user_notify_messages', 'integer', 0), $this->ID);
                    $UserSettings->set('notify_unread_messages', param('edited_user_notify_unread_messages', 'integer', 0), $this->ID);
                }
                if ($this->check_role('post_owner')) {
                    // update 'notify_published_comments' only if user has at least one post or user has right to create new post
                    $UserSettings->set('notify_published_comments', param('edited_user_notify_publ_comments', 'integer', 0), $this->ID);
                }
                $is_comment_moderator = $this->check_role('comment_moderator');
                if ($is_comment_moderator || $this->check_role('comment_editor')) {
                    // update 'notify_comment_moderation' only if user is comment moderator/editor at least in one blog
                    $UserSettings->set('notify_comment_moderation', param('edited_user_notify_cmt_moderation', 'integer', 0), $this->ID);
                }
                if ($this->check_perm('admin', 'restricted', false)) {
                    // update 'notify_meta_comments' only if edited user has a permission to back-office
                    $UserSettings->set('notify_meta_comments', param('edited_user_notify_meta_comments', 'integer', 0), $this->ID);
                }
                if ($is_comment_moderator) {
                    // update 'send_cmt_moderation_reminder' only if user is comment moderator at least in one blog
                    $UserSettings->set('send_cmt_moderation_reminder', param('edited_user_send_cmt_moderation_reminder', 'integer', 0), $this->ID);
                }
                if ($this->check_role('post_moderator')) {
                    // update 'notify_post_moderation' and 'send_cmt_moderation_reminder' only if user is post moderator at least in one blog
                    $UserSettings->set('notify_post_moderation', param('edited_user_notify_post_moderation', 'integer', 0), $this->ID);
                    $UserSettings->set('send_pst_moderation_reminder', param('edited_user_send_pst_moderation_reminder', 'integer', 0), $this->ID);
                }
                if ($this->grp_ID == 1) {
                    $UserSettings->set('send_activation_reminder', param('edited_user_send_activation_reminder', 'integer', 0), $this->ID);
                }
                if ($this->check_perm('users', 'edit')) {
                    // edited user has permission to edit all users, save notification preferences
                    $UserSettings->set('notify_new_user_registration', param('edited_user_notify_new_user_registration', 'integer', 0), $this->ID);
                    $UserSettings->set('notify_activated_account', param('edited_user_notify_activated_account', 'integer', 0), $this->ID);
                    $UserSettings->set('notify_closed_account', param('edited_user_notify_closed_account', 'integer', 0), $this->ID);
                    $UserSettings->set('notify_reported_account', param('edited_user_notify_reported_account', 'integer', 0), $this->ID);
                    $UserSettings->set('notify_changed_account', param('edited_user_notify_changed_account', 'integer', 0), $this->ID);
                }
                if ($this->check_perm('options', 'edit')) {
                    // edited user has permission to edit options, save notification preferences
                    $UserSettings->set('notify_cronjob_error', param('edited_user_notify_cronjob_error', 'integer', 0), $this->ID);
                }
                // Newsletter
                $UserSettings->set('newsletter_news', param('edited_user_newsletter_news', 'integer', 0), $this->ID);
                $UserSettings->set('newsletter_ads', param('edited_user_newsletter_ads', 'integer', 0), $this->ID);
                // Emails limit per day
                param_integer_range('edited_user_notification_email_limit', 0, 999, T_('Notificaiton email limit must be between %d and %d.'));
                $UserSettings->set('notification_email_limit', param('edited_user_notification_email_limit', 'integer', 0), $this->ID);
                param_integer_range('edited_user_newsletter_limit', 0, 999, T_('Newsletter limit must be between %d and %d.'));
                $UserSettings->set('newsletter_limit', param('edited_user_newsletter_limit', 'integer', 0), $this->ID);
                /**
                 * Update the subscriptions:
                 */
                $subs_blog_IDs = param('subs_blog_IDs', 'string', true);
                $subs_item_IDs = param('subs_item_IDs', 'string', true);
                // Work the blogs:
                $subscription_values = array();
                $unsubscribed = array();
                $subs_blog_IDs = explode(',', $subs_blog_IDs);
                foreach ($subs_blog_IDs as $loop_blog_ID) {
                    // Make sure no dirty hack is coming in here:
                    $loop_blog_ID = intval($loop_blog_ID);
                    // Get checkbox values:
                    $sub_items = param('sub_items_' . $loop_blog_ID, 'integer', 0);
                    $sub_comments = param('sub_comments_' . $loop_blog_ID, 'integer', 0);
                    if ($sub_items || $sub_comments) {
                        // We have a subscription for this blog
                        $subscription_values[] = "( {$loop_blog_ID}, {$this->ID}, {$sub_items}, {$sub_comments} )";
                    } else {
                        // No subscription here:
                        $unsubscribed[] = $loop_blog_ID;
                    }
                }
                // Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something
                if (count($subscription_values)) {
                    // We need to record values:
                    $DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments )
												VALUES ' . implode(', ', $subscription_values));
                }
                if (count($unsubscribed)) {
                    // We need to make sure some values are cleared:
                    $DB->query('DELETE FROM T_subscriptions
												 WHERE sub_user_ID = ' . $this->ID . '
													 AND sub_coll_ID IN (' . implode(', ', $unsubscribed) . ')');
                }
                // Individual post subscriptions
                if (!empty($subs_item_IDs)) {
                    // user was subscribed to at least one post update notification
                    $subs_item_IDs = explode(',', $subs_item_IDs);
                    $unsubscribed = array();
                    foreach ($subs_item_IDs as $loop_item_ID) {
                        if (!param('item_sub_' . $loop_item_ID, 'integer', 0)) {
                            // user wants to unsubscribe from this post notifications
                            $unsubscribed[] = $loop_item_ID;
                        }
                    }
                    if (!empty($unsubscribed)) {
                        // unsubscribe list is not empty, delete not wanted subscriptions
                        $DB->query('DELETE FROM T_items__subscriptions
												 WHERE isub_user_ID = ' . $this->ID . '
													 AND isub_item_ID IN (' . implode(', ', $unsubscribed) . ')');
                    }
                }
            }
        }
        // ******* Advanced form ******* //
        $is_advanced_form = param('advanced_form', 'boolean', false);
        if ($is_advanced_form) {
            $UserSettings->set('admin_skin', param('edited_user_admin_skin', 'string'), $this->ID);
            // Action icon params:
            param_integer_range('edited_user_action_icon_threshold', 1, 5, T_('The threshold must be between 1 and 5.'));
            $UserSettings->set('action_icon_threshold', param('edited_user_action_icon_threshold', 'integer', true), $this->ID);
            param_integer_range('edited_user_action_word_threshold', 1, 5, T_('The threshold must be between 1 and 5.'));
            $UserSettings->set('action_word_threshold', param('edited_user_action_word_threshold', 'integer'), $this->ID);
            $UserSettings->set('display_icon_legend', param('edited_user_legend', 'integer', 0), $this->ID);
            // Set bozo validador activation
            $UserSettings->set('control_form_abortions', param('edited_user_bozo', 'integer', 0), $this->ID);
            // Focus on first
            $UserSettings->set('focus_on_first_input', param('edited_user_focusonfirst', 'integer', 0), $this->ID);
            // Results per page
            $edited_user_results_page_size = param('edited_user_results_page_size', 'integer', NULL);
            if (isset($edited_user_results_page_size)) {
                $UserSettings->set('results_per_page', $edited_user_results_page_size, $this->ID);
            }
        }
        if ($is_preferences_form || $is_identity_form && $is_new_user) {
            // Multiple session
            $multiple_sessions = $Settings->get('multiple_sessions');
            if ($multiple_sessions != 'adminset_default_no' && $multiple_sessions != 'adminset_default_yes' || $current_User->check_perm('users', 'edit')) {
                $UserSettings->set('login_multiple_sessions', param('edited_user_set_login_multiple_sessions', 'integer', 0), $this->ID);
            }
        }
        return !param_errors_detected();
    }
Exemple #2
0
/**
 * Callback to add filters on top of the result set
 *
 * @param Form
 */
function callback_filter_userlist(&$Form)
{
    global $Settings, $current_User;
    $Form->hidden('filter', 'new');
    $Form->text('keywords', get_param('keywords'), 20, T_('Name'), '', 50);
    echo '<span class="nowrap">';
    $Form->checkbox('gender_men', get_param('gender_men'), T_('Men'));
    $Form->checkbox('gender_women', get_param('gender_women'), T_('Women'));
    echo '</span>';
    if (!is_admin_page()) {
        echo '<br />';
    }
    if (is_admin_page()) {
        // show this filters only on admin interface
        if ($current_User->check_perm('users', 'edit')) {
            // Show "Reported users" filter only for users with edit user permission
            $Form->checkbox('reported', get_param('reported'), T_('Reported users'));
            $Form->checkbox('custom_sender_email', get_param('custom_sender_email'), T_('Users with custom sender address'));
            $Form->checkbox('custom_sender_name', get_param('custom_sender_name'), T_('Users with custom sender name'));
        }
        $Form->select_input_array('account_status', get_param('account_status'), get_user_statuses(T_('All')), T_('Account status'));
        $GroupCache = new DataObjectCache('Group', true, 'T_groups', 'grp_', 'grp_ID', 'grp_name');
        $group_options_array = array('-1' => T_('All (Ungrouped)'), '0' => T_('All (Grouped)')) + $GroupCache->get_option_array();
        $Form->select_input_array('group', get_param('group'), $group_options_array, T_('User group'), '', array('force_keys_as_values' => true));
        echo '<br />';
    }
    if (user_country_visible()) {
        // Filter by country
        load_class('regional/model/_country.class.php', 'Country');
        load_funcs('regional/model/_regional.funcs.php');
        $CountryCache =& get_CountryCache(T_('All'));
        $Form->select_country('country', get_param('country'), $CountryCache, T_('Country'), array('allow_none' => true));
    }
    if (user_region_visible()) {
        // Filter by region
        echo '<span id="region_filter"' . (!regions_exist(get_param('country'), true) ? ' style="display:none"' : '') . '>';
        $Form->select_input_options('region', get_regions_option_list(get_param('country'), get_param('region')), T_('Region'));
        echo '</span>';
    }
    if (user_subregion_visible()) {
        // Filter by subregion
        echo '<span id="subregion_filter"' . (!subregions_exist(get_param('region'), true) ? ' style="display:none"' : '') . '>';
        $Form->select_input_options('subregion', get_subregions_option_list(get_param('region'), get_param('subregion')), T_('Sub-region'));
        echo '</span>';
    }
    if (user_city_visible()) {
        // Filter by city
        echo '<span id="city_filter"' . (!cities_exist(get_param('country'), get_param('region'), get_param('subregion'), true) ? ' style="display:none"' : '') . '>';
        $Form->select_input_options('city', get_cities_option_list(get_param('country'), get_param('region'), get_param('subregion'), get_param('city')), T_('City'));
        echo '</span>';
    }
    echo '<br />';
    $Form->interval('age_min', get_param('age_min'), 'age_max', get_param('age_max'), 3, T_('Age group'));
    echo '<br />';
    $criteria_types = param('criteria_type', 'array/integer');
    $criteria_values = param('criteria_value', 'array/string');
    if (count($criteria_types) == 0) {
        // Init one criteria fieldset for first time
        $criteria_types[] = '';
        $criteria_values[] = '';
    }
    foreach ($criteria_types as $c => $type) {
        $value = trim(strip_tags($criteria_values[$c]));
        if ($value == '' && count($criteria_types) > 1 && $c > 0) {
            // Don't display empty field again after filter request
            continue;
        }
        if ($c > 0) {
            // Separator between criterias
            echo '<br />';
        }
        $Form->output = false;
        $criteria_input = $Form->text('criteria_value[]', $value, 17, '', '', 50);
        $criteria_input .= get_icon('add', 'imgtag', array('rel' => 'add_criteria'));
        $Form->output = true;
        global $user_fields_empty_name;
        $user_fields_empty_name = T_('Select...');
        $Form->select('criteria_type[]', $type, 'callback_options_user_new_fields', T_('Specific criteria'), $criteria_input);
    }
    if (user_region_visible()) {
        // JS functions for AJAX loading of regions, subregions & cities
        ?>
<script type="text/javascript">
jQuery( '#country' ).change( function()
{
	var this_obj = jQuery( this );
	jQuery.ajax( {
	type: 'POST',
	url: '<?php 
        echo get_samedomain_htsrv_url();
        ?>
anon_async.php',
	data: 'action=get_regions_option_list&ctry_id=' + jQuery( this ).val(),
	success: function( result )
		{
			jQuery( '#region' ).html( ajax_debug_clear( result ) );
			if( jQuery( '#region option' ).length > 1 )
			{
				jQuery( '#region_filter' ).show();
			}
			else
			{
				jQuery( '#region_filter' ).hide();
			}
			load_subregions( 0 ); // Reset sub-regions
		}
	} );
} );

jQuery( '#region' ).change( function ()
{	// Change option list with sub-regions
	load_subregions( jQuery( this ).val() );
} );

jQuery( '#subregion' ).change( function ()
{	// Change option list with cities
	load_cities( jQuery( '#country' ).val(), jQuery( '#region' ).val(), jQuery( this ).val() );
} );

function load_subregions( region_ID )
{	// Load option list with sub-regions for seleted region
	jQuery.ajax( {
	type: 'POST',
	url: '<?php 
        echo get_samedomain_htsrv_url();
        ?>
anon_async.php',
	data: 'action=get_subregions_option_list&rgn_id=' + region_ID,
	success: function( result )
		{
			jQuery( '#subregion' ).html( ajax_debug_clear( result ) );
			if( jQuery( '#subregion option' ).length > 1 )
			{
				jQuery( '#subregion_filter' ).show();
			}
			else
			{
				jQuery( '#subregion_filter' ).hide();
			}
			load_cities( jQuery( '#country' ).val(), region_ID, 0 );
		}
	} );
}

function load_cities( country_ID, region_ID, subregion_ID )
{	// Load option list with cities for seleted region or sub-region
	jQuery.ajax( {
	type: 'POST',
	url: '<?php 
        echo get_samedomain_htsrv_url();
        ?>
anon_async.php',
	data: 'action=get_cities_option_list&ctry_id=' + country_ID + '&rgn_id=' + region_ID + '&subrg_id=' + subregion_ID,
	success: function( result )
		{
			jQuery( '#city' ).html( ajax_debug_clear( result ) );
			if( jQuery( '#city option' ).length > 1 )
			{
				jQuery( '#city_filter' ).show();
			}
			else
			{
				jQuery( '#city_filter' ).hide();
			}
		}
	} );
}
</script>
<?php 
    }
}
Exemple #3
0
 /**
  * Load data from Request form fields.
  *
  * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
  *
  * @param boolean true if we are returning to edit mode (new, switchtab...)
  * @return boolean true if loaded data seems valid.
  */
 function load_from_Request($editing = false, $creating = false)
 {
     global $default_locale, $current_User, $localtimenow;
     global $posttypes_reserved_IDs, $item_typ_ID;
     // LOCALE:
     if (param('post_locale', 'string', NULL) !== NULL) {
         $this->set_from_Request('locale');
     }
     // POST TYPE:
     $item_typ_ID = get_param('item_typ_ID');
     if (empty($item_typ_ID)) {
         // Try to get this from request if it has been not initialized by controller:
         $item_typ_ID = param('item_typ_ID', 'integer', NULL);
     }
     if (!empty($item_typ_ID)) {
         // Set new post type ID only if it is defined on request:
         $this->set('ityp_ID', $item_typ_ID);
     }
     // URL associated with Item:
     $post_url = param('post_url', 'string', NULL);
     if ($post_url !== NULL) {
         param_check_url('post_url', 'posting', '');
         $this->set_from_Request('url');
     }
     if (empty($post_url) && $this->get_type_setting('use_url') == 'required') {
         // URL must be entered
         param_check_not_empty('post_url', T_('Please provide a "Link To" URL.'), '');
     }
     // Item parent ID:
     $post_parent_ID = param('post_parent_ID', 'integer', NULL);
     if ($post_parent_ID !== NULL) {
         // If item parent ID is entered:
         $ItemCache =& get_ItemCache();
         if ($ItemCache->get_by_ID($post_parent_ID, false, false)) {
             // Save only ID of existing item:
             $this->set_from_Request('parent_ID');
         } else {
             // Display an error of the entered item parent ID is incorrect:
             param_error('post_parent_ID', T_('The parent ID is not a correct Item ID.'));
         }
     }
     if (empty($post_parent_ID)) {
         // If empty parent ID is entered:
         if ($this->get_type_setting('use_parent') == 'required') {
             // Item parent ID must be entered:
             param_check_not_empty('post_parent_ID', T_('Please provide a parent ID.'), '');
         } else {
             // Remove parent ID:
             $this->set_from_Request('parent_ID');
         }
     }
     if ($this->status == 'redirected' && empty($this->url)) {
         // Note: post_url is not part of the simple form, so this message can be a little bit awkward there
         param_error('post_url', T_('If you want to redirect this post, you must specify an URL!') . ' (' . T_('Advanced properties panel') . ')', T_('If you want to redirect this post, you must specify an URL!'));
     }
     // ISSUE DATE / TIMESTAMP:
     $this->load_Blog();
     if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) {
         // Allow to update timestamp fields only if user has a permission to edit such fields
         //    and also if user has an access to back-office
         $item_dateset = param('item_dateset', 'integer', NULL);
         if ($item_dateset !== NULL) {
             $this->set('dateset', $item_dateset);
             if ($editing || $this->dateset == 1) {
                 // We can use user date:
                 if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) {
                     // only set it, if a (valid) date and time was given:
                     $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
                     // TODO: cleanup...
                 }
             } elseif ($this->dateset == 0) {
                 // Set date to NOW:
                 $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow));
             }
         }
     }
     // DEADLINE:
     if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
         $this->set_from_Request('datedeadline', 'item_deadline', true);
     }
     // SLUG:
     if (param('post_urltitle', 'string', NULL) !== NULL) {
         $this->set_from_Request('urltitle');
     }
     // <title> TAG:
     $titletag = param('titletag', 'string', NULL);
     if ($titletag !== NULL) {
         $this->set_from_Request('titletag', 'titletag');
     }
     if (empty($titletag) && $this->get_type_setting('use_title_tag') == 'required') {
         // Title tag must be entered
         param_check_not_empty('titletag', T_('Please provide a title tag.'), '');
     }
     // <meta> DESC:
     $metadesc = param('metadesc', 'string', NULL);
     if ($metadesc !== NULL) {
         $this->set_setting('metadesc', get_param('metadesc'));
     }
     if (empty($metadesc) && $this->get_type_setting('use_meta_desc') == 'required') {
         // Meta description must be entered
         param_check_not_empty('metadesc', T_('Please provide a meta description.'), '');
     }
     // <meta> KEYWORDS:
     $metakeywords = param('metakeywords', 'string', NULL);
     if ($metakeywords !== NULL) {
         $this->set_setting('metakeywords', get_param('metakeywords'));
     }
     if (empty($metakeywords) && $this->get_type_setting('use_meta_keywds') == 'required') {
         // Meta keywords must be entered
         param_check_not_empty('metakeywords', T_('Please provide the meta keywords.'), '');
     }
     // TAGS:
     if ($current_User->check_perm('admin', 'restricted')) {
         // User should has an access to back-office to edit tags
         $item_tags = param('item_tags', 'string', NULL);
         if ($item_tags !== NULL) {
             $this->set_tags_from_string(get_param('item_tags'));
             // Update setting 'suggest_item_tags' of the current User
             global $UserSettings;
             $UserSettings->set('suggest_item_tags', param('suggest_item_tags', 'integer', 0));
             $UserSettings->dbupdate();
         }
         if (empty($item_tags) && $this->get_type_setting('use_tags') == 'required') {
             // Tags must be entered
             param_check_not_empty('item_tags', T_('Please provide at least one tag.'), '');
         }
     }
     // WORKFLOW stuff:
     param('item_st_ID', 'integer', NULL);
     $this->set_from_Request('pst_ID', 'item_st_ID', true);
     $item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL);
     $item_assigned_user_login = param('item_assigned_user_login', 'string', NULL);
     $this->assign_to($item_assigned_user_ID, $item_assigned_user_login);
     $item_priority = param('item_priority', 'integer', NULL);
     if ($item_priority !== NULL) {
         // Set task priority only if it is gone from form
         $this->set_from_Request('priority', 'item_priority', true);
     }
     // FEATURED checkbox:
     $this->set('featured', param('item_featured', 'integer', 0), false);
     // HIDE TEASER checkbox:
     $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
     $goal_ID = param('goal_ID', 'integer', NULL);
     if ($goal_ID !== NULL) {
         // Goal ID
         $this->set_setting('goal_ID', $goal_ID, true);
     }
     // ORDER:
     param('item_order', 'double', NULL);
     $this->set_from_Request('order', 'item_order', true);
     // OWNER:
     $this->creator_user_login = param('item_owner_login', 'string', NULL);
     if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) {
         // only admins can change the owner..
         if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) {
             $this->set_creator_by_login($this->creator_user_login);
         }
     }
     // LOCATION COORDINATES:
     if ($this->get_type_setting('use_coordinates') != 'never') {
         // location coordinates are enabled, save map settings
         param('item_latitude', 'double', NULL);
         // get par value
         $this->set_setting('latitude', get_param('item_latitude'), true);
         param('item_longitude', 'double', NULL);
         // get par value
         $this->set_setting('longitude', get_param('item_longitude'), true);
         param('google_map_zoom', 'integer', NULL);
         // get par value
         $this->set_setting('map_zoom', get_param('google_map_zoom'), true);
         param('google_map_type', 'string', NULL);
         // get par value
         $this->set_setting('map_type', get_param('google_map_type'), true);
         if ($this->get_type_setting('use_coordinates') == 'required') {
             // The location coordinates are required
             param_check_not_empty('item_latitude', T_('Please provide a latitude.'), '');
             param_check_not_empty('item_longitude', T_('Please provide a longitude.'), '');
         }
     }
     // CUSTOM FIELDS:
     $custom_fields = $this->get_type_custom_fields();
     foreach ($custom_fields as $custom_field) {
         // update each custom field
         $param_name = 'item_' . $custom_field['type'] . '_' . $custom_field['ID'];
         if (isset_param($param_name)) {
             // param is set
             $param_type = $custom_field['type'] == 'varchar' ? 'string' : $custom_field['type'];
             param($param_name, $param_type, NULL);
             // get par value
             $custom_field_make_null = $custom_field['type'] != 'double';
             // store '0' values in DB for numeric fields
             $this->set_setting('custom_' . $custom_field['type'] . '_' . $custom_field['ID'], get_param($param_name), $custom_field_make_null);
         }
     }
     // COMMENTS:
     if ($this->allow_comment_statuses()) {
         // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and by current post type
         $post_comment_status = param('post_comment_status', 'string', 'open');
         if (!empty($post_comment_status)) {
             // 'open' or 'closed' or ...
             $this->set_from_Request('comment_status');
         }
     }
     // EXPIRY DELAY:
     $expiry_delay = param_duration('expiry_delay');
     if (empty($expiry_delay)) {
         // Check if we have 'expiry_delay' param set as string from simple or mass form
         $expiry_delay = param('expiry_delay', 'string', NULL);
     }
     if (empty($expiry_delay) && $this->get_type_setting('use_comment_expiration') == 'required') {
         // Comment expiration must be entered
         param_check_not_empty('expiry_delay', T_('Please provide a comment expiration delay.'), '');
     }
     $this->set_setting('comment_expiry_delay', $expiry_delay, true);
     // EXTRA PARAMS FROM MODULES:
     modules_call_method('update_item_settings', array('edited_Item' => $this));
     // RENDERERS:
     if (param('renderers_displayed', 'integer', 0)) {
         // use "renderers" value only if it has been displayed (may be empty)
         global $Plugins;
         $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Item' => &$this));
         $this->set('renderers', $renderers);
     } else {
         $renderers = $this->get_renderers_validated();
     }
     // CONTENT + TITLE:
     if ($this->get_type_setting('allow_html')) {
         // HTML is allowed for this post, we'll accept HTML tags:
         $text_format = 'html';
     } else {
         // HTML is disallowed for this post, we'll encode all special chars:
         $text_format = 'htmlspecialchars';
     }
     $editor_code = param('editor_code', 'string', NULL);
     if ($editor_code) {
         // Update item editor code if it was explicitly set
         $this->set_setting('editor_code', $editor_code);
     }
     $content = param('content', $text_format, NULL);
     if ($content !== NULL) {
         // Never allow html content on post titles:  (fp> probably so as to not mess up backoffice and all sorts of tools)
         param('post_title', 'htmlspecialchars', NULL);
         // Do some optional filtering on the content
         // Typically stuff that will help the content to validate
         // Useful for code display.
         // Will probably be used for validation also.
         $Plugins_admin =& get_Plugins_admin();
         $params = array('object_type' => 'Item', 'object' => &$this, 'object_Blog' => &$this->Blog);
         $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params);
         // Title checking:
         $use_title = $this->get_type_setting('use_title');
         if ((!$editing || $creating) && $use_title == 'required') {
             param_check_not_empty('post_title', T_('Please provide a title.'), '');
         }
         // Format raw HTML input to cleaned up and validated HTML:
         param_check_html('content', T_('Invalid content.'));
         $content = prepare_item_content(get_param('content'));
         $this->set('content', $content);
         $this->set('title', get_param('post_title'));
     }
     if (empty($content) && $this->get_type_setting('use_text') == 'required') {
         // Content must be entered
         param_check_not_empty('content', T_('Please enter some text.'), '');
     }
     // EXCERPT: (must come after content (to handle excerpt_autogenerated))
     $post_excerpt = param('post_excerpt', 'text', NULL);
     if ($post_excerpt !== NULL && $post_excerpt != $this->excerpt) {
         $this->set('excerpt_autogenerated', 0);
         // Set this to the '0' for saving a field 'excerpt' from a request
         $this->set_from_Request('excerpt');
     }
     if (empty($post_excerpt) && $this->get_type_setting('use_excerpt') == 'required') {
         // Content must be entered
         param_check_not_empty('post_excerpt', T_('Please provide an excerpt.'), '');
     }
     // LOCATION (COUNTRY -> CITY):
     load_funcs('regional/model/_regional.funcs.php');
     // Check if this item has a special post type. Location is not required for special posts.
     $not_special_post = !$this->is_special();
     if ($this->country_visible()) {
         // Save country
         $country_ID = param('item_ctry_ID', 'integer', 0);
         $country_is_required = $this->get_type_setting('use_country') == 'required' && $not_special_post && countries_exist();
         param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required);
         $this->set_from_Request('ctry_ID', 'item_ctry_ID', true);
     }
     if ($this->region_visible()) {
         // Save region
         $region_ID = param('item_rgn_ID', 'integer', 0);
         $region_is_required = $this->get_type_setting('use_region') == 'required' && $not_special_post && regions_exist($country_ID);
         param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required);
         $this->set_from_Request('rgn_ID', 'item_rgn_ID', true);
     }
     if ($this->subregion_visible()) {
         // Save subregion
         $subregion_ID = param('item_subrg_ID', 'integer', 0);
         $subregion_is_required = $this->get_type_setting('use_sub_region') == 'required' && $not_special_post && subregions_exist($region_ID);
         param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required);
         $this->set_from_Request('subrg_ID', 'item_subrg_ID', true);
     }
     if ($this->city_visible()) {
         // Save city
         param('item_city_ID', 'integer', 0);
         $city_is_required = $this->get_type_setting('use_city') == 'required' && $not_special_post && cities_exist($country_ID, $region_ID, $subregion_ID);
         param_check_number('item_city_ID', T_('Please select a city'), $city_is_required);
         $this->set_from_Request('city_ID', 'item_city_ID', true);
     }
     return !param_errors_detected();
 }
Exemple #4
0
 /**
  * Load data from Request form fields.
  *
  * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
  *
  * @param boolean true if we are returning to edit mode (new, switchtab...)
  * @return boolean true if loaded data seems valid.
  */
 function load_from_Request($editing = false, $creating = false)
 {
     global $default_locale, $current_User, $localtimenow;
     global $posttypes_reserved_IDs, $item_typ_ID;
     // LOCALE:
     if (param('post_locale', 'string', NULL) !== NULL) {
         $this->set_from_Request('locale');
     }
     // TYPE:
     if (param('post_type', 'string', NULL) !== NULL) {
         // Set type ID from request type code, happens when e.g. we add an intro from manual skin by url: /blog6.php?disp=edit&cat=25&post_type=intro-cat
         $this->set('ptyp_ID', get_item_type_ID(get_param('post_type')));
     } elseif (param('item_typ_ID', 'integer', NULL) !== NULL) {
         // fp> when does this happen?
         // yura>fp: this happens on submit expert form
         $this->set_from_Request('ptyp_ID', 'item_typ_ID');
         if (in_array($item_typ_ID, $posttypes_reserved_IDs)) {
             param_error('item_typ_ID', T_('This post type is reserved and cannot be used. Please choose another one.'), '');
         }
     }
     // URL associated with Item:
     if (param('post_url', 'string', NULL) !== NULL) {
         param_check_url('post_url', 'posting', '');
         $this->set_from_Request('url');
     }
     if ($this->status == 'redirected' && empty($this->url)) {
         // Note: post_url is not part of the simple form, so this message can be a little bit awkward there
         param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)'));
     }
     // ISSUE DATE / TIMESTAMP:
     $this->load_Blog();
     if ($current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) {
         $this->set('dateset', param('item_dateset', 'integer', 0));
         if ($editing || $this->dateset == 1) {
             // We can use user date:
             if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) {
                 // only set it, if a (valid) date and time was given:
                 $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
                 // TODO: cleanup...
             }
         } elseif ($this->dateset == 0) {
             // Set date to NOW:
             $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow));
         }
     }
     // DEADLINE:
     if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
         $this->set_from_Request('datedeadline', 'item_deadline', true);
     }
     // SLUG:
     if (param('post_urltitle', 'string', NULL) !== NULL) {
         $this->set_from_Request('urltitle');
     }
     // <title> TAG:
     if (param('titletag', 'string', NULL) !== NULL) {
         $this->set_from_Request('titletag', 'titletag');
     }
     // <meta> DESC:
     if (param('metadesc', 'string', NULL) !== NULL) {
         $this->set_setting('post_metadesc', get_param('metadesc'));
     }
     // <meta> KEYWORDS:
     if (param('custom_headers', 'string', NULL) !== NULL) {
         $this->set_setting('post_custom_headers', get_param('custom_headers'));
     }
     // TAGS:
     if (param('item_tags', 'string', NULL) !== NULL) {
         $this->set_tags_from_string(get_param('item_tags'));
         // pre_dump( $this->tags );
     }
     // WORKFLOW stuff:
     param('item_st_ID', 'integer', NULL);
     $this->set_from_Request('pst_ID', 'item_st_ID', true);
     param('item_assigned_user_ID', 'integer', NULL);
     $this->assign_to(get_param('item_assigned_user_ID'));
     param('item_priority', 'integer', NULL);
     $this->set_from_Request('priority', 'item_priority', true);
     // FEATURED checkbox:
     $this->set('featured', param('item_featured', 'integer', 0), false);
     // HIDE TEASER checkbox:
     $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
     // ORDER:
     param('item_order', 'double', NULL);
     $this->set_from_Request('order', 'item_order', true);
     // OWNER:
     $this->creator_user_login = param('item_owner_login', 'string', NULL);
     if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) {
         // only admins can change the owner..
         if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) {
             $this->set_creator_by_login($this->creator_user_login);
         }
     }
     // LOCATION COORDINATES:
     if ($this->Blog->get_setting('show_location_coordinates')) {
         // location coordinates are enabled, save map settings
         param('item_latitude', 'double', NULL);
         // get par value
         $this->set_setting('latitude', get_param('item_latitude'), true);
         param('item_longitude', 'double', NULL);
         // get par value
         $this->set_setting('longitude', get_param('item_longitude'), true);
         param('google_map_zoom', 'integer', NULL);
         // get par value
         $this->set_setting('map_zoom', get_param('google_map_zoom'), true);
         param('google_map_type', 'string', NULL);
         // get par value
         $this->set_setting('map_type', get_param('google_map_type'), true);
     }
     // CUSTOM FIELDS:
     foreach (array('double', 'varchar') as $type) {
         $field_count = $this->Blog->get_setting('count_custom_' . $type);
         for ($i = 1; $i <= $field_count; $i++) {
             // update each custom field
             $field_guid = $this->Blog->get_setting('custom_' . $type . $i);
             $param_name = 'item_' . $type . '_' . $field_guid;
             if (isset_param($param_name)) {
                 // param is set
                 $param_type = $type == 'varchar' ? 'string' : $type;
                 param($param_name, $param_type, NULL);
                 // get par value
                 $custom_field_make_null = $type != 'double';
                 // store '0' values in DB for numeric fields
                 $this->set_setting('custom_' . $type . '_' . $field_guid, get_param($param_name), $custom_field_make_null);
             }
         }
     }
     // COMMENTS:
     if ($this->Blog->get_setting('allow_comments') != 'never' && $this->Blog->get_setting('disable_comments_bypost')) {
         // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and disable_comments_bypost is enabled):
         $post_comment_status = param('post_comment_status', 'string', 'open');
         if (!empty($post_comment_status)) {
             // 'open' or 'closed' or ...
             $this->set_from_Request('comment_status');
         }
     }
     // EXPIRY DELAY:
     $expiry_delay = param_duration('expiry_delay');
     if (empty($expiry_delay)) {
         // Check if we have 'expiry_delay' param set as string from simple or mass form
         $expiry_delay = param('expiry_delay', 'string', NULL);
     }
     $this->set_setting('post_expiry_delay', $expiry_delay, true);
     // EXTRA PARAMS FROM MODULES:
     modules_call_method('update_item_settings', array('edited_Item' => $this));
     // RENDERERS:
     if (param('renderers_displayed', 'integer', 0)) {
         // use "renderers" value only if it has been displayed (may be empty)
         global $Plugins;
         $renderers = $Plugins->validate_renderer_list(param('renderers', 'array/string', array()), array('Item' => &$this));
         $this->set('renderers', $renderers);
     } else {
         $renderers = $this->get_renderers_validated();
     }
     // CONTENT + TITLE:
     if ($this->Blog->get_setting('allow_html_post')) {
         // HTML is allowed for this post, we'll accept HTML tags:
         $text_format = 'html';
     } else {
         // HTML is disallowed for this post, we'll encode all special chars:
         $text_format = 'htmlspecialchars';
     }
     if (param('content', $text_format, NULL) !== NULL) {
         // Never allow html content on post titles:  (fp> probably so as to not mess up backoffice and all sorts of tools)
         param('post_title', 'htmlspecialchars', NULL);
         // Do some optional filtering on the content
         // Typically stuff that will help the content to validate
         // Useful for code display.
         // Will probably be used for validation also.
         $Plugins_admin =& get_Plugins_admin();
         $params = array('object_type' => 'Item', 'object_Blog' => &$this->Blog);
         $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params);
         // Title checking:
         $require_title = $this->Blog->get_setting('require_title');
         if ((!$editing || $creating) && $require_title == 'required') {
             param_check_not_empty('post_title', T_('Please provide a title.'), '');
         }
         // Format raw HTML input to cleaned up and validated HTML:
         param_check_html('content', T_('Invalid content.'));
         $this->set('content', get_param('content'));
         $this->set('title', get_param('post_title'));
     }
     // EXCERPT: (must come after content (to handle excerpt_autogenerated))
     if (param('post_excerpt', 'text', NULL) !== NULL) {
         $this->set('excerpt_autogenerated', 0);
         // Set this to the '0' for saving a field 'excerpt' from a request
         $this->set_from_Request('excerpt');
     }
     // LOCATION (COUNTRY -> CITY):
     load_funcs('regional/model/_regional.funcs.php');
     if ($this->Blog->country_visible()) {
         // Save country
         $country_ID = param('item_ctry_ID', 'integer', 0);
         $country_is_required = $this->Blog->get_setting('location_country') == 'required' && countries_exist() && !$this->is_special();
         param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required);
         $this->set_from_Request('ctry_ID', 'item_ctry_ID', true);
     }
     if ($this->Blog->region_visible()) {
         // Save region
         $region_ID = param('item_rgn_ID', 'integer', 0);
         $region_is_required = $this->Blog->get_setting('location_region') == 'required' && regions_exist($country_ID) && !$this->is_special();
         param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required);
         $this->set_from_Request('rgn_ID', 'item_rgn_ID', true);
     }
     if ($this->Blog->subregion_visible()) {
         // Save subregion
         $subregion_ID = param('item_subrg_ID', 'integer', 0);
         $subregion_is_required = $this->Blog->get_setting('location_subregion') == 'required' && subregions_exist($region_ID) && !$this->is_special();
         param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required);
         $this->set_from_Request('subrg_ID', 'item_subrg_ID', true);
     }
     if ($this->Blog->city_visible()) {
         // Save city
         param('item_city_ID', 'integer', 0);
         $city_is_required = $this->Blog->get_setting('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID) && !$this->is_special();
         param_check_number('item_city_ID', T_('Please select a city'), $city_is_required);
         $this->set_from_Request('city_ID', 'item_city_ID', true);
     }
     return !param_errors_detected();
 }