function SendForm($BaseURL, $table, $idname = '', $id = 0)
{
// $BaseURL is no longer needed!
global $dsp, $db, $config, $func, $sec, $lang, $framework, $mf_number, $__POST, $smarty, $cfg, $authentication;
// In freeze-mode there are no changes to the DB allowed
if ($cfg['sys_freeze']) {
$func->information(t('Diese Webseite ist Momentan im "Freeze-Mode".[br]D.h. es können keine neuen Daten in die Datenbank geschrieben werden.[br][br]Bitte versuche es zu einem Späteren Zeitpunkt nocheinmal.'));
return;
}
// Break, if in wrong form
$Step_Tmp = $_GET['mf_step'];
if ($_GET['mf_step'] == 2 and $_GET['mf_id'] != $mf_number) {
$Step_Tmp = 1;
}
// If more then one row in a table should be edited
if (strpos($id, ' ') > 0) {
$this->MultiLineID = $id;
$id = '';
}
$this->AddPage();
// Adds non-page-fields to fake page
if ($BaseURL) {
$StartURL = $BaseURL . '&' . $idname . '=' . $id;
} else {
$StartURL = $framework->get_clean_url_query('base');
$StartURL = str_replace('&mf_step=2', '', $StartURL);
$StartURL = preg_replace('#&mf_id=[0-9]*#si', '', $StartURL);
if (strpos($StartURL, '&' . $idname . '=' . $id) == 0) {
$StartURL .= '&' . $idname . '=' . $id;
}
}
$this->LinkBack = $StartURL . '#MF' . $mf_number;
if ($id or $this->MultiLineID) {
$this->isChange = true;
}
$AddKey = '';
if ($this->AdditionalKey != '') {
$AddKey = $this->AdditionalKey . ' AND ';
}
$InsContName = 'InsertControll' . $this->MFID;
// If the table entry should be created, or deleted wheter the control field is checked
if ($this->AddInsertControllField != '') {
if ($this->MultiLineID) {
$find_entry = $db->qry("SELECT * FROM %prefix%{$table} WHERE " . $this->MultiLineID);
} else {
$find_entry = $db->qry("SELECT * FROM %prefix%{$table} WHERE {$AddKey} {$idname} = %int%", $id);
}
$db->num_rows($find_entry) ? $this->isChange = 1 : ($this->isChange = 0);
$db->free_result($find_entry);
}
// Get SQL-Field Types
$res = $db->qry("DESCRIBE %prefix%%plain%", $table);
while ($row = $db->fetch_array($res)) {
$SQLFieldTypes[$row['Field']] = $row['Type'];
if ($row['Key'] == 'PRI' or $row['Key'] == 'UNI') {
$SQLFieldUnique[$row['Field']] = true;
} else {
$SQLFieldUnique[$row['Field']] = false;
}
}
$db->free_result($res);
// Split fields, which consist of more than one
if ($this->SQLFields) {
foreach ($this->SQLFields as $key => $val) {
if (strpos($this->SQLFields[$key], '|') > 0) {
$subfields = explode('|', $this->SQLFields[$key]);
if ($subfields) {
foreach ($subfields as $subfield) {
$this->SQLFields[] = $subfield;
}
}
}
}
}
// Delete non existing DB fields, from array
if ($this->SQLFields) {
foreach ($this->SQLFields as $key => $val) {
if (!$SQLFieldTypes[$val]) {
unset($this->SQLFields[$key]);
}
}
}
// Error-Switch
switch ($Step_Tmp) {
default:
$_SESSION['mf_referrer'][$mf_number] = $func->internal_referer;
// Read current values, if change
if ($this->isChange) {
$db_query = '';
if ($this->SQLFields) {
foreach ($this->SQLFields as $val) {
# if ($SQLFieldTypes[$val] == 'datetime' or $SQLFieldTypes[$val] == 'date') $db_query .= ", UNIX_TIMESTAMP($val) AS $val";
# else $db_query .= ", $val";
$db_query .= ", {$val}";
}
}
// Select current values for Multi-Line-Edit
if ($this->MultiLineID) {
$z = 0;
$res = $db->qry("SELECT %plain% %plain% FROM %prefix%%plain% WHERE %plain%", $idname, $db_query, $table, $this->MultiLineID);
while ($row = $db->fetch_array($res)) {
foreach ($this->SQLFields as $key => $val) {
$_POST[$val . '[' . $row[$idname] . ']'] = $row[$val];
}
$z++;
}
$db->free_result($res);
// Select current values for normal edit
} else {
$row = $db->qry_first("SELECT 1 AS found %plain% FROM %prefix%%plain% WHERE %plain% %plain% = %int%", $db_query, $table, $AddKey, $idname, $id);
if ($row['found']) {
foreach ($this->SQLFields as $key => $val) {
if (!in_array($key, $this->WYSIWYGFields)) {
$_POST[$val] = $row[$val];
} else {
$_POST[$val] = $row[$val];
}
}
} else {
$func->error(t('Diese ID existiert nicht.'));
return false;
}
}
}
if ($this->AdditionalDBAfterSelectFunction) {
$addUpdSuccess = call_user_func($this->AdditionalDBAfterSelectFunction, '');
}
break;
// Check for errors and convert data, if necessary (dates, passwords, ...)
// Check for errors and convert data, if necessary (dates, passwords, ...)
case 2:
$this->FCKeditorID = 0;
if ($this->Pages) {
foreach ($this->Pages as $page) {
if ($page['groups']) {
foreach ($page['groups'] as $GroupKey => $group) {
if ($group['fields']) {
foreach ($group['fields'] as $FieldKey => $field) {
if ($field['name']) {
$err = false;
// Copy WYSIWYG editor variable
if (($SQLFieldTypes[$field['name']] == 'text' or $SQLFieldTypes[$field['name']] == 'mediumtext' or $SQLFieldTypes[$field['name']] == 'longtext') and $field['selections'] == HTML_WYSIWYG) {
$this->FCKeditorID++;
$_POST[$field['name']] = $_POST['FCKeditor' . $this->FCKeditorID];
}
// If not in DependOn-Group, or DependOn-Group is active
if (!$this->DependOnStarted or $_POST[$this->DependOnField]) {
// -- Convertions --
// Convert Post-date to unix-timestap
if ($SQLFieldTypes[$field['name']] == 'datetime') {
//1997-12-31 23:59:59
$_POST[$field['name']] = $_POST[$field['name'] . '_value_year'] . '-' . $_POST[$field['name'] . '_value_month'] . '-' . $_POST[$field['name'] . '_value_day'] . ' ' . $_POST[$field['name'] . '_value_hours'] . ':' . $_POST[$field['name'] . '_value_minutes'] . ':00';
$__POST[$field['name']] = $_POST[$field['name']];
}
if ($SQLFieldTypes[$field['name']] == 'date') {
$_POST[$field['name']] = $_POST[$field['name'] . '_value_year'] . '-' . $_POST[$field['name'] . '_value_month'] . '-' . $_POST[$field['name'] . '_value_day'];
$__POST[$field['name']] = $_POST[$field['name']];
}
// Upload submitted file
if ($_POST[$field['name'] . '_keep']) {
foreach ($this->SQLFields as $key => $val) {
if ($val == $field['name']) {
unset($this->SQLFields[$key]);
}
}
} elseif ($field['type'] == IS_FILE_UPLOAD) {
if (substr($field['selections'], strlen($field['selections']) - 1, 1) == '_') {
$_POST[$field['name']] = $func->FileUpload($field['name'], substr($field['selections'], 0, strrpos($field['selections'], '/')), substr($field['selections'], strrpos($field['selections'], '/') + 1, strlen($field['selections'])));
} else {
$_POST[$field['name']] = $func->FileUpload($field['name'], $field['selections']);
}
}
// -- Checks --
// Exec callback
if ($field['type'] == IS_CALLBACK) {
$err = call_user_func($field['selections'], $field['name'], CHECK_ERROR_PROC);
}
if ($err) {
$this->error[$field['name']] = $err;
}
// Check for value
if (!$field['optional'] and $_POST[$field['name']] == '') {
$this->error[$field['name']] = t('Bitte fülle dieses Pflichtfeld aus.');
} elseif (strpos($SQLFieldTypes[$field['name']], 'int') !== false and $SQLFieldTypes[$field['name']] != 'tinyint(1)' and $SQLFieldTypes[$field['name']] != "enum('0','1')" and $_POST[$field['name']] and (int) $_POST[$field['name']] == 0) {
$this->error[$field['name']] = t('Bitte gib eine Zahl ein.');
} elseif (($SQLFieldTypes[$field['name']] == 'datetime' or $SQLFieldTypes[$field['name']] == 'date') and (!checkdate($_POST[$field['name'] . '_value_month'], $_POST[$field['name'] . '_value_day'], $_POST[$field['name'] . '_value_year']) and !($_POST[$field['name'] . '_value_month'] == "00" and $_POST[$field['name'] . '_value_day'] == "00" and $_POST[$field['name'] . '_value_year'] == "0000"))) {
$this->error[$field['name']] = t('Das eingegebene Datum ist nicht korrekt.');
// Check new passwords
} elseif ($field['type'] == IS_NEW_PASSWORD and $_POST[$field['name']] != $_POST[$field['name'] . '2']) {
$this->error[$field['name'] . '2'] = t('Die beiden Kennworte stimmen nicht überein.');
} elseif ($field['type'] == IS_CAPTCHA and ($_POST['captcha'] == '' or $_SESSION['captcha'] != strtoupper($_POST['captcha']))) {
$this->error['captcha'] = t('Captcha falsch wiedergegeben.');
} elseif ($field['type'] != 'text' and $field['type'] != 'mediumtext' and $field['type'] != 'longtext' and $SQLFieldTypes[$field['name']] != 'text' and $SQLFieldTypes[$field['name']] != 'mediumtext' and $SQLFieldTypes[$field['name']] != 'longtext' and !is_array($_POST[$field['name']]) and (strpos($_POST[$field['name']], "\r") !== false or strpos($_POST[$field['name']], "\n") !== false or strpos($_POST[$field['name']], "\t") !== false or strpos($_POST[$field['name']], "") !== false or strpos($_POST[$field['name']], "\v") !== false)) {
$this->error[$field['name']] = t('Dieses Feld enthält nicht erlaubte Steuerungszeichen (z.B. einen Tab, oder Zeilenumbruch)');
} elseif ($field['callback']) {
$err = call_user_func($field['callback'], $_POST[$field['name']]);
if ($err) {
$this->error[$field['name']] = $err;
}
}
// Check double uniques
# Neccessary in Multi Line Edit Mode? If so: Still to do
if ($SQLFieldUnique[$field['name']]) {
if ($this->isChange) {
$check_double_where = ' AND ' . $idname . ' != ' . (int) $id;
}
$row = $db->qry_first("SELECT 1 AS found FROM %prefix%%plain% WHERE %plain% = %string% %plain%", $table, $field['name'], $_POST[$field['name']], $check_double_where);
if ($row['found']) {
$this->error[$field['name']] = t('Dieser Eintrag existiert bereits in unserer Datenbank.');
}
}
}
// Manage Depend-On-Groups
if ($this->DependOnStarted >= 1) {
$this->DependOnStarted--;
}
if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
$this->DependOnStarted = $this->DependOn[$field['name']];
$this->DependOnField = $field['name'];
}
}
}
}
}
}
}
}
if (count($this->error) > 0) {
$_POST = $__POST;
$Step_Tmp--;
}
break;
}
$dsp->AddJumpToMark('MF' . $mf_number);
// Form-Switch
switch ($Step_Tmp) {
// Output form
default:
$sec->unlock($table);
$dsp->SetForm($StartURL . '&mf_step=2&mf_id=' . $mf_number . '#MF' . $mf_number, '', '', $this->FormEncType);
// InsertControll check box - the table entry will only be created, if this check box is checked, otherwise the existing entry will be deleted
if ($this->AddInsertControllField != '') {
$find_entry = $db->qry("SELECT * FROM %prefix%%plain% WHERE %plain% %plain% = %int%", $table, $AddKey, $idname, $id);
if ($db->num_rows($find_entry)) {
$_POST[$InsContName] = 1;
}
$this->DependOnStarted = $this->NumFields;
$additionalHTML = "onclick=\"CheckBoxBoxActivate('box_{$InsContName}', this.checked)\"";
list($text1, $text2) = explode('|', $this->AddInsertControllField);
$dsp->AddCheckBoxRow($InsContName, $text1, $text2, '', $field['optional'], $_POST[$InsContName], '', '', $additionalHTML);
$dsp->StartHiddenBox('box_' . $InsContName, $_POST[$InsContName]);
}
// Write pages links
if ($this->Pages and count($this->Pages) > 1) {
$dsp->StartTabs();
}
// Output fields
$z = 0;
$y = 0;
$this->FCKeditorID = 0;
// Pages loop
if ($this->Pages) {
foreach ($this->Pages as $PageKey => $page) {
if ($page['caption'] and count($this->Pages) > 1) {
$dsp->StartTab($page['caption']);
}
// Groups loop
if ($page['groups']) {
foreach ($page['groups'] as $GroupKey => $group) {
if ($group['caption']) {
$dsp->AddFieldsetStart($group['caption']);
}
// Fields loop
if ($group['fields']) {
foreach ($group['fields'] as $FieldKey => $field) {
if (!$field['type']) {
$field['type'] = $SQLFieldTypes[$field['name']];
}
// Rename fields to arrays, if in Multi-Line-Edit-Mode
if ($this->MultiLineID) {
$field['name'] = $field['name'] . '[' . $this->MultiLineIDs[$y] . ']';
}
$z++;
if ($z >= count($this->SQLFields)) {
$z = 0;
$y++;
}
$additionalHTML = '';
switch ($field['type']) {
case 'text':
// Textarea
$maxchar = 65535;
case 'mediumtext':
if (!$maxchar) {
$maxchar = 16777215;
}
case 'longtext':
if (!$maxchar) {
$maxchar = 4294967295;
}
if ($field['selections'] == HTML_ALLOWED or $field['selections'] == LSCODE_ALLOWED) {
$dsp->AddTextAreaPlusRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', '', $field['optional'], $maxchar);
} elseif ($field['selections'] == LSCODE_BIG) {
$dsp->AddTextAreaPlusRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], 70, 20, $field['optional'], $maxchar);
} elseif ($field['selections'] == HTML_WYSIWYG) {
$this->FCKeditorID++;
ob_start();
include_once "ext_scripts/FCKeditor/fckeditor.php";
$oFCKeditor = new FCKeditor('FCKeditor' . $this->FCKeditorID);
$oFCKeditor->BasePath = 'ext_scripts/FCKeditor/';
$oFCKeditor->Config["CustomConfigurationsPath"] = "../myconfig.js";
$oFCKeditor->Value = $func->AllowHTML($_POST[$field['name']]);
$oFCKeditor->Height = 460;
$oFCKeditor->Create();
$fcke_content = ob_get_contents();
ob_end_clean();
$dsp->AddSingleRow($fcke_content);
if ($this->error[$field['name']]) {
$dsp->AddDoubleRow($field['caption'], $dsp->errortext_prefix . $this->error[$field['name']] . $dsp->errortext_suffix);
}
} else {
$dsp->AddTextAreaRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', '', $field['optional']);
}
break;
case "enum('0','1')":
// Checkbox
// Checkbox
case 'tinyint(1)':
if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
$additionalHTML = "onclick=\"CheckBoxBoxActivate('box_{$field['name']}', this.checked)\"";
}
list($field['caption1'], $field['caption2']) = explode('|', $field['caption']);
if (!$_POST[$field['name']]) {
unset($_POST[$field['name']]);
}
$dsp->AddCheckBoxRow($field['name'], $field['caption1'], $field['caption2'], $this->error[$field['name']], $field['optional'], $_POST[$field['name']], '', '', $additionalHTML);
break;
case 'datetime':
// Date-Select
$values = array();
list($date, $time) = explode(' ', $_POST[$field['name']]);
list($values['year'], $values['month'], $values['day']) = explode('-', $date);
list($values['hour'], $values['min'], $values['sec']) = explode(':', $time);
if ($values['year'] == "") {
$values['year'] = "0000";
$startj = "0000";
}
if ($values['month'] == "") {
$values['month'] = "00";
}
if ($values['day'] == "") {
$values['day'] = "00";
}
if ($values['hour'] == "") {
$values['hour'] = "00";
}
if ($values['min'] == "") {
$values['min'] = "00";
}
if ($values['sec'] == "") {
$values['sec'] = "00";
}
$dsp->AddDateTimeRow($field['name'], $field['caption'], 0, $this->error[$field['name']], $values, '', $startj, '', '', $field['optional']);
break;
case 'date':
// Date-Select
$values = array();
list($date, $time) = explode(' ', $_POST[$field['name']]);
list($values['year'], $values['month'], $values['day']) = explode('-', $date);
list($values['hour'], $values['min'], $values['sec']) = explode(':', $time);
if ($values['year'] == "") {
$values['year'] = "0000";
}
if ($values['month'] == "") {
$values['month'] = "00";
}
if ($values['day'] == "") {
$values['day'] = "00";
}
if ($field['selections']) {
$area = explode('/', $field['selections']);
}
$start = $area[0];
$end = $area[1];
$dsp->AddDateTimeRow($field['name'], $field['caption'], 0, $this->error[$field['name']], $values, '', $start, $end, 1, $field['optional']);
break;
#case 'char(32)':
#case 'char(32)':
case IS_PASSWORD:
// Password-Row
if (strlen($_POST[$field['name']]) == 32) {
$_POST[$field['name']] = '';
}
// Dont show MD5-sum, read from DB on change
$dsp->AddPasswordRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', $field['optional']);
break;
#case 'char(32)':
#case 'char(32)':
case IS_NEW_PASSWORD:
// New-Password-Row
if (strlen($_POST[$field['name']]) == 32) {
$_POST[$field['name']] = '';
}
// Dont show MD5-sum, read from DB on change
$PWSecID++;
$dsp->AddPasswordRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', $field['optional'], "onkeyup=\"CheckPasswordSecurity(this.value, document.images.seclevel)\"");
$dsp->AddPasswordRow($field['name'] . '2', $field['caption'] . ' ' . t('Verfikation'), $_POST[$field['name'] . '2'], $this->error[$field['name'] . '2'], '', $field['optional']);
$smarty->assign('pw_security_id', $PWSecID);
$dsp->AddDoubleRow('', $smarty->fetch('design/templates/ls_row_pw_security.htm'));
break;
case IS_CAPTCHA:
// Captcha-Row
# $dsp->AddTextFieldRow('captcha', 'Captcha <img src="ext_scripts/captcha.php">', $_POST['captcha'], $this->error['captcha']);
include_once 'ext_scripts/ascii_captcha.class.php';
$captcha = new ASCII_Captcha();
$data = $captcha->create($text);
$_SESSION['captcha'] = $text;
$dsp->AddDoubleRow(t('Bitte gib diesen Text unterhalb ein'), "<pre style='font-size:8px;'>{$data}</pre>");
$dsp->AddTextFieldRow('captcha', '', $_POST['captcha'], $this->error['captcha']);
break;
case IS_SELECTION:
// Pre-Defined Dropdown
if ($field['DependOnCriteria']) {
$addCriteria = ", Array('" . implode("', '", $field['DependOnCriteria']) . "')";
} else {
$addCriteria = '';
}
if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
$additionalHTML = "onchange=\"DropDownBoxActivate('box_{$field['name']}', this.options[this.options.selectedIndex].value{$addCriteria})\"";
}
if (is_array($field['selections'])) {
$selections = array();
foreach ($field['selections'] as $key => $val) {
if (substr($key, 0, 10) == '-OptGroup-') {
if ($this->OptGroupOpen) {
$selections[] = '</optgroup>';
}
$selections[] = '<optgroup label="' . $val . '">';
$this->OptGroupOpen = 1;
} else {
$_POST[$field['name']] == $key ? $selected = " selected" : ($selected = "");
$selections[] = "<option{$selected} value=\"{$key}\">{$val}</option>";
}
}
if ($this->OptGroupOpen) {
$selections[] = '</optgroup>';
}
$this->OptGroupOpen = 0;
$dsp->AddDropDownFieldRow($field['name'], $field['caption'], $selections, $this->error[$field['name']], $field['optional'], $additionalHTML);
}
break;
case IS_MULTI_SELECTION:
// Pre-Defined Multiselection
if (is_array($field['selections'])) {
$selections = array();
foreach ($field['selections'] as $key => $val) {
$selected = '';
if ($_POST[$field['name']]) {
foreach ($_POST[$field['name']] as $PostedField) {
if ($PostedField == $key) {
$selected = ' selected';
break;
}
}
}
$selections[] = "<option value=\"{$key}\"{$selected}>{$val}</option>";
}
$dsp->AddSelectFieldRow($field['name'], $field['caption'], $selections, $this->error[$field['name']], $field['optional'], 7);
}
break;
case IS_FILE_UPLOAD:
// File Upload to path
#if (is_dir($field['selections'])) {
$dsp->AddFileSelectRow($field['name'], $field['caption'], $this->error[$field['name']], '', '', $field['optional']);
if ($_POST[$field['name']]) {
$FileEnding = strtolower(substr($_POST[$field['name']], strrpos($_POST[$field['name']], '.'), 5));
if ($FileEnding == '.png' or $FileEnding == '.gif' or $FileEnding == '.jpg' or $FileEnding == '.jpeg') {
$img = HTML_NEWLINE . '<img src="' . $_POST[$field['name']] . '" />';
} else {
$img = '';
}
$dsp->AddCheckBoxRow($field['name'] . '_keep', t('Aktuelle Datei beibehalten'), $_POST[$field['name']] . $img, '', $field['optional'], 1);
}
#}
break;
case IS_PICTURE_SELECT:
// Picture Dropdown from path
if (is_dir($field['selections'])) {
$dsp->AddPictureDropDownRow($field['name'], $field['caption'], $field['selections'], $this->error[$field['name']], $field['optional'], $_POST[$field['name']]);
}
break;
case IS_TEXT_MESSAGE:
if (!$field['selections']) {
$field['selections'] = $_POST[$field['name']];
}
if (is_array($field['selections'])) {
$field['selections'] = $field['selections'][$_POST[$field['name']]];
}
$dsp->AddDoubleRow($field['caption'], $field['selections']);
break;
case IS_CALLBACK:
$ret = call_user_func($field['selections'], $field['name'], OUTPUT_PROC, $this->error[$field['name']]);
if ($ret) {
$dsp->AddDoubleRow($field['caption'], $ret);
}
break;
default:
// Normal Textfield
$field['type'] == IS_NOT_CHANGEABLE ? $not_changeable = 1 : ($not_changeable = 0);
$maxlength = $this->get_fieldlenght($field['type']);
($maxlength > 0 and $maxlength < 70) ? $length = $maxlength + (5 - $maxlength % 5) : ($length = 70);
$dsp->AddTextFieldRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], $length, $field['optional'], $not_changeable, $maxlength);
break;
}
// Start HiddenBox
if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
$dsp->StartHiddenBox('box_' . $field['name'], $_POST[$field['name']]);
$this->DependOnStarted = $this->DependOn[$field['name']] + 1;
unset($this->DependOn[$field['name']]);
}
// Stop HiddenBox, when counter has reached the last box-field
if ($this->DependOnStarted == 1) {
$dsp->StopHiddenBox();
}
// Decrease counter
if ($this->DependOnStarted > 0) {
$this->DependOnStarted--;
}
}
}
if ($group['caption']) {
$dsp->AddFieldsetEnd();
}
}
}
// End: Groups loop
if ($page['caption'] and count($this->Pages) > 1) {
$dsp->EndTab();
}
}
}
// End: Pages loop
if ($this->Pages and count($this->Pages) > 1) {
$dsp->EndTabs();
}
if ($this->SendButtonText) {
$dsp->AddFormSubmitRow($this->SendButtonText);
} elseif ($id or $this->MultiLineID) {
$dsp->AddFormSubmitRow('Editieren');
} else {
$dsp->AddFormSubmitRow('Erstellen');
}
$dsp->AddContent();
break;
// Update DB
// Update DB
case 2:
# if (!$this->SQLFields) $func->error('No Fields!');
if (!$sec->locked($table, $this->LinkBack)) {
// Return for manual update, if set
if ($this->ManualUpdate) {
return true;
}
if ($this->Pages) {
foreach ($this->Pages as $page) {
if ($page['groups']) {
foreach ($page['groups'] as $group) {
if ($group['fields']) {
foreach ($group['fields'] as $field) {
// Convert Passwords
if ($field['type'] == IS_NEW_PASSWORD and $_POST[$field['name']] != '') {
$_POST[$field['name'] . '_original'] = $_POST[$field['name']];
$_POST[$field['name']] = md5($_POST[$field['name']]);
}
}
}
}
}
}
}
if ($this->CheckBeforeInserFunction) {
if (!call_user_func($this->CheckBeforeInserFunction, $id)) {
return false;
}
}
if ($this->AdditionalDBPreUpdateFunction) {
$addUpdSuccess = call_user_func($this->AdditionalDBPreUpdateFunction, $id);
}
$ChangeError = false;
if ($this->AddChangeCondition) {
$ChangeError = call_user_func($this->AddChangeCondition, $id);
}
if ($ChangeError) {
$func->information($ChangeError);
} else {
$addUpdSuccess = true;
// Generate INSERT/UPDATE query
$db_query = '';
if ($this->SQLFields) {
if ($this->MultiLineID) {
foreach ($this->MultiLineIDs as $key2 => $value2) {
$db_query = '';
foreach ($this->SQLFields as $key => $val) {
$db_query .= "{$val} = '" . $_POST[$val][$value2] . "', ";
}
$db_query = substr($db_query, 0, strlen($db_query) - 2);
$db->qry("UPDATE %prefix%%plain% SET %plain% WHERE %plain% = %int%", $table, $db_query, $idname, $value2);
$func->log_event(t('Eintrag #%1 in Tabelle "%2" geändert', array($value2, $config['database']['prefix'] . $table)), 1, '', $this->LogID);
}
} else {
foreach ($this->SQLFields as $key => $val) {
if (($SQLFieldTypes[$val] == 'datetime' or $SQLFieldTypes[$val] == 'date') and $_POST[$val] == 'NOW()') {
$db_query .= "{$val} = NOW(), ";
} elseif ($SQLFieldTypes[$val] == 'tinyint(1)') {
$db_query .= $val . ' = ' . (int) $_POST[$val] . ', ';
} elseif ($SQLFieldTypes[$val] == 'int(11) unsigned' and $val == 'ip') {
$db_query .= $val . ' = INET_ATON(\'' . $_POST[$val] . '\'), ';
} elseif ($_POST[$val] == '++' and strpos($SQLFieldTypes[$val], 'int') !== false) {
$db_query .= "{$val} = {$val} + 1, ";
} elseif ($_POST[$val] == '--' and strpos($SQLFieldTypes[$val], 'int') !== false) {
$db_query .= "{$val} = {$val} - 1, ";
} else {
$db_query .= "{$val} = '{$_POST[$val]}', ";
}
}
$db_query = substr($db_query, 0, strlen($db_query) - 2);
// If the table entry should be created, or deleted wheter the control field is checked
if ($this->AddInsertControllField != '' and !$_POST[$InsContName]) {
$db->qry("DELETE FROM %prefix%%plain% WHERE %plain% %plain% = %int%", $table, $AddKey, $idname, $id);
} else {
if ($this->isChange) {
$db->qry("UPDATE %prefix%%plain% SET %plain% WHERE %plain% %plain% = %int%", $table, $db_query, $AddKey, $idname, $id);
$func->log_event(t('Eintrag #%1 in Tabelle "%2" geändert', array($id, $config['database']['prefix'] . $table)), 1, '', $this->LogID);
$addUpdSuccess = $id;
} else {
$DBInsertQuery = $db_query;
if ($this->AdditionalKey != '') {
$DBInsertQuery .= ', ' . $this->AdditionalKey;
}
if ($this->AddInsertControllField) {
$DBInsertQuery .= ', ' . $idname . ' = ' . (int) $id;
}
$db->qry("INSERT INTO %prefix%%plain% SET %plain%", $table, $DBInsertQuery);
$id = $db->insert_id();
$this->insert_id = $id;
$func->log_event(t('Eintrag #%1 in Tabelle "%2" eingefügt', array($id, $config['database']['prefix'] . $table)), 1, '', $this->LogID);
$addUpdSuccess = $id;
}
}
}
}
if ($this->AdditionalDBUpdateFunction) {
$addUpdSuccess = call_user_func($this->AdditionalDBUpdateFunction, $id);
}
if ($addUpdSuccess) {
if ($this->isChange) {
$func->confirmation(t('Die Daten wurden erfolgreich geändert.'), $_SESSION['mf_referrer'][$mf_number]);
} else {
$func->confirmation(t('Die Daten wurden erfolgreich eingefügt.'), $this->LinkBack);
}
}
}
if (isset($_SESSION['mf_referrer'][$mf_number])) {
unset($_SESSION['mf_referrer'][$mf_number]);
}
$sec->lock($table);
return $addUpdSuccess;
/* Will be
1) return of AdditionalDBPreUpdateFunction if AddChangeCondition returns true
2) return of AdditionalDBUpdateFunction if set
3) Insert_id // Note, this will always return 0, if id field has no AUTO_INCREMENT option!
*/
}
break;
}
return false;
}
<?php
$framework->set_modus('ajax');
switch ($_GET['shout']) {
case 'add':
if ($_POST['captchaInputSend'] == $_SESSION['captcha'] and $_POST['captchaInputSend'] != "") {
$captchaCheck = true;
} else {
$captchaCheck = false;
}
if (!$auth['login'] or !$captchaCheck) {
// No Login -> Captcha
include_once 'ext_scripts/ascii_captcha.class.php';
$captcha = new ASCII_Captcha();
$cap = $captcha->create($text);
$_SESSION['captcha'] = $text;
$data['response'] = 'captcha';
$data['code'] = $text;
$data['captcha'] = $cap;
}
if ($_POST['message'] and $auth['login'] or $_POST['message'] and $captchaCheck) {
if ($auth['type'] >= 1) {
$_POST['nickname'] = $auth['username'];
}
$result = $db->qry("INSERT INTO %prefix%shoutbox (userid, ip, name, message) VALUES (%int%,%string%,%string%,%string%)", $auth['userid'], $auth['ip'], $_POST["nickname"], $_POST["message"]);
$resp = $db->qry_first("SELECT id, created FROM %prefix%shoutbox WHERE id = %int%", $db->insert_id());
$data['response'] = 'Good work';
$data['nickname'] = $_POST['nickname'];
$data['message'] = $_POST['message'];
$data['time'] = strtotime($resp['created']);
$data['id'] = $resp['id'];
