/** * Serializes a value that comes from the field '$fieldname'. The output from this is meant to be inserted * into a database. Note that this output is not escaped. You will still have to do that. * * @param $fieldname The name of the field from which this value supposedly comes. * @param $value The value to be serialized. * @param handleRepeat If true (default) this will recursively serialize the individual fields of a repeat field. */ function serialize($fieldname, $value, $handleRepeat = true) { // check to see if the input value is a placeholder. If it is, we should pass it // through untouched. if (is_string($value) and preg_match('/^__(.*)__$/', $value)) { // This fixes an issue with addRelatedRecord(); return $value; } if ($value === null) { return null; } if (strpos($fieldname, '.') !== false) { // This is a related field. $table =& $this->_table->getTableTableForField($fieldname); list($relname, $fieldname) = explode('.', $fieldname); $serializer = new Dataface_Serializer($table->tablename); $out = $serializer->serialize($fieldname, $value, $handleRepeat); return $out; } $table =& $this->_table; $field =& $table->getField($fieldname); if (PEAR::isError($field)) { throw new Exception($field->getMessage()); } $delegate =& $table->getDelegate(); if ($delegate !== null and method_exists($delegate, $fieldname . "__serialize")) { $val = call_user_func(array(&$delegate, $fieldname . "__serialize"), $value); return $val; } $widget = $field['widget']; $type = $widget['type']; if ($handleRepeat and $field['repeat'] and is_array($value)) { foreach ($value as $key => $val) { $value[$key] = $this->serialize($fieldname, $val, false); } $value = implode($field['separator'], $value); } if ($table->isDate($fieldname)) { if (!isset($value) || !$value) { return null; } $params = $value; //$field['value']; if (is_string($params) and strtotime($params)) { $timestamp = strtotime($params); switch ($table->getType($fieldname)) { case 'date': return date('Y-m-d', $timestamp); case 'datetime': case 'timestamp': return date('Y-m-d h:i:s', $timestamp); case 'time': return date('h:i:s', $timestamp); case 'year': return date('Y', $timestamp); } } if (!is_array($params)) { return null; } $datestr = str_pad($params['year'], 4, "0", STR_PAD_LEFT) . '-' . str_pad($params['month'], 2, "0", STR_PAD_LEFT) . '-' . str_pad($params['day'], 2, "0", STR_PAD_LEFT); $timestr = str_pad($params['hours'], 2, "0", STR_PAD_LEFT) . ':' . str_pad($params['minutes'], 2, "0", STR_PAD_LEFT) . ':' . str_pad($params['seconds'], 2, "0", STR_PAD_LEFT); switch ($table->getType($fieldname)) { case 'date': return $datestr; //return "FROM_UNIXTIME('$datestr')"; //return "FROM_UNIXTIME('$datestr')"; case 'datetime': return $datestr . ' ' . $timestr; //return "FROM_UNIXTIME('$datestr $timestr')"; //return "FROM_UNIXTIME('$datestr $timestr')"; case 'timestamp': return str_pad($params['year'], 4, "0", STR_PAD_LEFT) . str_pad($params['month'], 2, "0", STR_PAD_LEFT) . str_pad($params['day'], 2, "0", STR_PAD_LEFT) . str_pad($params['hours'], 2, "0", STR_PAD_LEFT) . str_pad($params['minutes'], 2, "0", STR_PAD_LEFT) . str_pad($params['seconds'], 2, "0", STR_PAD_LEFT); case 'time': return $timestr; case 'year': return str_pad($params['year'], 4, "0", STR_PAD_LEFT); } } //if ( $table->isInt( $fieldname ) ){ // if ( !$value ) return 0; // return $value; //} //if ( $table->isFloat( $fieldname) ){ // return self::number2db(doubleval($value)); //} if (is_array($value)) { if ($widget['type'] == 'table' or $widget['type'] == 'group') { import('XML/Serializer.php'); $serializer = new XML_Serializer(array('typeHints' => true)); $ser_res =& $serializer->serialize($value); if (!PEAR::isError($ser_res)) { return $serializer->getSerializedData(); } } trigger_error("Trying to serialize value for field '{$fieldname}' that we don't know what to do with. The value is an array and we don't know how to parse it.\n<br>" . Dataface_Error::printStackTrace(), E_USER_ERROR); } else { return $value; } }
/** * Saves the record. Ie: creates the necessary join table records to add the * desired record to the relationship. */ function save($values) { //print_r($values);exit; $colVals = array(); /* * In case some values were not submitted, we will use the defaults (as specified in the relationships.ini * file for this relationship to fill in the blanks. */ if (isset($this->_relationship->_schema['existing'])) { foreach ($this->_relationship->_schema['existing'] as $key => $value) { if (!isset($values[$key])) { $values[$key] = $value; } } } $io = new Dataface_IO($values['-table']); $record = new Dataface_Record($values['-table'], array()); $io->read($values['__keys__'], $record); $idstring = $values['select']; $pairs = explode('&', $idstring); foreach ($pairs as $pair) { list($attname, $attval) = explode('=', $pair); $attname = urldecode($attname); $attval = urldecode($attval); $colVals[$attname] = $attval; } foreach ($values as $key => $value) { if (strpos($key, '-') === 0) { continue; } if ($key == "Save") { continue; } if ($key == "select") { continue; } $fullPath = $values['-relationship'] . '.' . $key; if (!$this->_parentTable->exists($fullPath)) { //echo "Field $fullPath does not exist"; continue; } $metaValues = array(); $abs_fieldName = $this->_parentTable->absoluteFieldName($key, array_merge(array($this->_relationship->getDomainTable()), $this->_relationship->_schema['selected_tables'])); if (PEAR::isError($abs_fieldName)) { continue; } $serializer = new Dataface_Serializer($this->_parentTable->tablename); //echo "Serializing $fullPath\n"; $serializedValue = $serializer->serialize($fullPath, $this->_quickForm->pushValue($fullPath, $metaValues, $this->getElement($key))); $colVals[$abs_fieldName] = $serializedValue; } //print_r($colVals);exit; $relatedRecord = new Dataface_RelatedRecord($record, $values['-relationship'], $colVals); $res = $io->addExistingRelatedRecord($relatedRecord, true); return $res; }
function checkCredentials() { $app =& Dataface_Application::getInstance(); if (!$this->authEnabled) { return true; } if (isset($this->delegate) and method_exists($this->delegate, 'checkCredentials')) { return $this->delegate->checkCredentials(); } else { // The user is attempting to log in. $creds = $this->getCredentials(); if (!isset($creds['UserName']) || !isset($creds['Password'])) { // The user did not submit a username of password for login.. trigger error. //trigger_error("Username or Password Not specified", E_USER_ERROR); return false; } import('Dataface/Serializer.php'); $serializer = new Dataface_Serializer($this->usersTable); //$res = mysql_query( $sql = "SELECT `" . $this->usernameColumn . "` FROM `" . $this->usersTable . "`\n\t\t\t\t WHERE `" . $this->usernameColumn . "`='" . addslashes($serializer->serialize($this->usernameColumn, $creds['UserName'])) . "'\n\t\t\t\t AND `" . $this->passwordColumn . "`=" . $serializer->encrypt($this->passwordColumn, "'" . addslashes($serializer->serialize($this->passwordColumn, $creds['Password'])) . "'"); $res = mysql_query($sql, $app->db()); if (!$res) { trigger_error(mysql_error($app->db()), E_USER_ERROR); } if (mysql_num_rows($res) === 0) { return false; } $found = false; while ($row = mysql_fetch_row($res)) { if (strcmp($row[0], $creds['UserName']) === 0) { $found = true; break; } } @mysql_free_result($res); return $found; } }