function user_can_edit_check($entry, $form)
{
global $user_ID;
if (!$user_ID) {
return false;
}
if (is_numeric($form)) {
$form = FrmForm::getOne($form);
}
$form->options = maybe_unserialize($form->options);
//if editable and user can edit someone elses entry
if ($form->editable and isset($form->options['open_editable']) and $form->options['open_editable'] and isset($form->options['open_editable_role']) and FrmAppHelper::user_has_permission($form->options['open_editable_role'])) {
return true;
}
if (is_object($entry)) {
if ($entry->user_id == $user_ID) {
return true;
} else {
return false;
}
}
$where = "user_id='{$user_ID}' and fr.id='{$form->id}'";
if ($entry and !empty($entry)) {
if (is_numeric($entry)) {
$where .= ' and it.id=' . $entry;
} else {
$where .= " and item_key='" . $entry . "'";
}
}
return FrmEntry::getAll($where, '', ' LIMIT 1', true);
}
function show_form($id = '', $key = '', $title = false, $description = false)
{
global $frm_form, $user_ID, $frm_settings, $post;
if ($id) {
$form = $frm_form->getOne((int) $id);
} else {
if ($key) {
$form = $frm_form->getOne($key);
}
}
$form = apply_filters('frm_pre_display_form', $form);
if (!$form or ($form->is_template or $form->status == 'draft') and !isset($_GET) and !isset($_GET['form']) and (!isset($_GET['preview']) or $post and $post->ID != $frm_settings->preview_page_id)) {
return __('Please select a valid form', 'formidable');
} else {
if ($form->logged_in and !$user_ID) {
global $frm_settings;
return $frm_settings->login_msg;
}
}
$form->options = stripslashes_deep(maybe_unserialize($form->options));
if ($form->logged_in and $user_ID and isset($form->options['logged_in_role']) and $form->options['logged_in_role'] != '') {
if (FrmAppHelper::user_has_permission($form->options['logged_in_role'])) {
return FrmEntriesController::get_form(FRM_VIEWS_PATH . '/frm-entries/frm-entry.php', $form, $title, $description);
} else {
global $frm_settings;
return $frm_settings->login_msg;
}
} else {
return FrmEntriesController::get_form(FRM_VIEWS_PATH . '/frm-entries/frm-entry.php', $form, $title, $description);
}
}
function allow_form_edit($action, $form)
{
global $user_ID;
if (!$form or !$form->editable or !$user_ID) {
return $action;
}
$form_options = maybe_unserialize($form->options);
if (isset($form_options['single_entry']) and $form_options['single_entry'] and $form_options['single_entry_type'] == 'user' and $action != 'destroy') {
if ($action == 'update' and $form->id == FrmAppHelper::get_param('form_id')) {
//don't change the action is this is the wrong form
} else {
global $frmdb;
$meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'form_id' => $form->id));
if ($meta) {
$action = 'edit';
}
}
}
if ($action == 'edit' and isset($form_options['editable_role']) and !FrmAppHelper::user_has_permission($form_options['editable_role'])) {
$action = 'new';
}
return $action;
}
/**
* only allow editing of drafts
* @return boolean
*/
public static function user_can_only_edit_draft($form)
{
if (!$form->editable || empty($form->options['editable_role']) || FrmAppHelper::user_has_permission($form->options['editable_role'])) {
return false;
}
if (isset($form->options['open_editable_role']) && $form->options['open_editable_role'] != '-1') {
return false;
}
return !self::user_can_edit_others($form);
}
function edit_update_form($params, $fields, $form, $title, $description)
{
global $frmdb, $wpdb, $frm_entry, $frm_entry_meta, $user_ID, $frm_editing_entry, $frmpro_settings, $frm_saved_entries;
$message = '';
$continue = true;
$form->options = stripslashes_deep(maybe_unserialize($form->options));
if ($params['action'] == 'edit') {
$entry_key = FrmAppHelper::get_param('entry');
$entry_key = esc_sql($entry_key);
if ($entry_key) {
$in_form = $wpdb->get_var("SELECT id FROM {$frmdb->entries} WHERE form_id=" . (int) $form->id . " AND (id='{$entry_key}' OR item_key='{$entry_key}')");
if (!$in_form) {
$entry_key = false;
}
unset($in_form);
}
$entry = FrmProEntry::user_can_edit($entry_key, $form);
if ($entry and !is_array($entry)) {
$where = "fr.id='{$form->id}'";
if ($entry_key) {
$where .= ' AND (it.id="' . $entry_key . '" OR it.item_key="' . $entry_key . '")';
}
$entry = $frm_entry->getAll($where, '', 1, true);
}
if ($entry and !empty($entry)) {
$entry = reset($entry);
$frm_editing_entry = $entry->id;
$this->show_responses($entry, $fields, $form, $title, $description);
$continue = false;
}
} else {
if ($params['action'] == 'update' and $params['posted_form_id'] == $form->id) {
global $frm_created_entry;
$errors = $frm_created_entry[$form->id]['errors'];
if (empty($errors)) {
if (!isset($_POST['frm_page_order_' . $form->id])) {
//check confirmation method
$conf_method = apply_filters('frm_success_filter', 'message', $form);
if ($conf_method == 'message') {
global $frmpro_settings;
$message = '<div class="frm_message" id="message">' . do_shortcode(isset($form->options['edit_msg']) ? $form->options['edit_msg'] : $frmpro_settings->edit_msg) . '</div>';
} else {
do_action('frm_success_action', $conf_method, $form, $form->options, $params['id']);
add_filter('frm_continue_to_new', create_function('', "return false;"), 15);
return;
}
}
} else {
$fields = FrmFieldsHelper::get_form_fields($form->id, true);
}
$this->show_responses($params['id'], $fields, $form, $title, $description, $message, $errors);
$continue = false;
} else {
if ($params['action'] == 'destroy') {
//if the user who created the entry is deleting it
$message = $this->ajax_destroy($form->id, false);
} else {
if ($frm_editing_entry) {
if (is_numeric($frm_editing_entry)) {
$entry_id = $frm_editing_entry;
//get entry from shortcode
} else {
$entry_ids = $wpdb->get_col("SELECT id FROM {$frmdb->entries} WHERE user_id='{$user_ID}' and form_id='{$form->id}'");
if (isset($entry_ids) and !empty($entry_ids)) {
$where_options = $frm_editing_entry;
if (!empty($where_options)) {
$where_options .= ' and ';
}
$where_options .= "it.item_id in (" . implode(',', $entry_ids) . ")";
$get_meta = $frm_entry_meta->getAll($where_options, ' ORDER BY it.created_at DESC', ' LIMIT 1');
$entry_id = $get_meta ? $get_meta->item_id : false;
}
}
if (isset($entry_id) and $entry_id) {
if ($form->editable and isset($form->options['open_editable']) and $form->options['open_editable'] and isset($form->options['open_editable_role']) and FrmAppHelper::user_has_permission($form->options['open_editable_role'])) {
$meta = true;
} else {
$meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'id' => $entry_id, 'form_id' => $form->id));
}
if ($meta) {
$frm_editing_entry = $entry_id;
$this->show_responses($entry_id, $fields, $form, $title, $description);
$continue = false;
}
}
} else {
//check to see if use is allowed to create another entry
$can_submit = true;
if (isset($form->options['single_entry']) and $form->options['single_entry']) {
if ($form->options['single_entry_type'] == 'cookie' and isset($_COOKIE['frm_form' . $form->id . '_' . COOKIEHASH])) {
$can_submit = false;
} else {
if ($form->options['single_entry_type'] == 'ip') {
$prev_entry = $frm_entry->getAll(array('it.form_id' => $form->id, 'it.ip' => $_SERVER['REMOTE_ADDR']), '', 1);
if ($prev_entry) {
$can_submit = false;
}
} else {
if ($form->options['single_entry_type'] == 'user' and !$form->editable and $user_ID) {
$meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'form_id' => $form->id));
if ($meta) {
$can_submit = false;
}
}
}
}
if (!$can_submit) {
echo stripslashes($frmpro_settings->already_submitted);
//TODO: DO SOMETHING IF USER CANNOT RESUBMIT FORM
$continue = false;
}
}
}
}
}
}
add_filter('frm_continue_to_new', create_function('', "return {$continue};"), 15);
}
public static function show_form($id = '', $key = '', $title = false, $description = false, $atts = array())
{
global $frm_settings, $post;
$frm_form = new FrmForm();
if (empty($id)) {
$id = $key;
}
// no form id or key set
if (empty($id)) {
return __('Please select a valid form', 'formidable');
}
$form = $frm_form->getOne($id);
if (!$form) {
return __('Please select a valid form', 'formidable');
}
$form = apply_filters('frm_pre_display_form', $form);
// don't show a draft form on a page
if ($form->status == 'draft' && (!$post || $post->ID != $frm_settings->preview_page_id)) {
return __('Please select a valid form', 'formidable');
}
// don't show the form if user should be logged in
if ($form->logged_in && !is_user_logged_in()) {
return do_shortcode($frm_settings->login_msg);
}
// don't show the form if user doesn't have permission
if ($form->logged_in && get_current_user_id() && isset($form->options['logged_in_role']) && $form->options['logged_in_role'] != '' && !FrmAppHelper::user_has_permission($form->options['logged_in_role'])) {
return do_shortcode($frm_settings->login_msg);
}
$form = self::get_form($form, $title, $description, $atts);
// check for external shortcodes
$form = do_shortcode($form);
return $form;
}
private static function user_has_permission_to_view($form)
{
return $form->logged_in && get_current_user_id() && isset($form->options['logged_in_role']) && $form->options['logged_in_role'] != '' && !FrmAppHelper::user_has_permission($form->options['logged_in_role']);
}
public static function &is_field_visible_to_user($field)
{
$visible = true;
if (FrmField::is_option_empty($field, 'admin_only')) {
return $visible;
}
if ($field->field_options['admin_only'] == 1) {
$field->field_options['admin_only'] = 'administrator';
}
if ($field->field_options['admin_only'] == 'loggedout' && is_user_logged_in() || $field->field_options['admin_only'] == 'loggedin' && !is_user_logged_in() || !in_array($field->field_options['admin_only'], array('loggedout', 'loggedin', '')) && !FrmAppHelper::user_has_permission($field->field_options['admin_only'])) {
$visible = false;
}
return $visible;
}
public static function edit_update_form($params, $fields, $form, $title, $description)
{
global $frmdb, $wpdb, $frm_entry, $frm_entry_meta, $frmpro_settings, $frm_vars;
$message = '';
$continue = true;
$user_ID = get_current_user_id();
if ($params['action'] == 'edit') {
$entry_key = FrmAppHelper::get_param('entry');
$where = $wpdb->prepare("it.form_id=%d", $form->id);
if ($entry_key) {
$where .= $wpdb->prepare(' AND (it.id=%d OR it.item_key=%s)', $entry_key, $entry_key);
$in_form = $wpdb->get_var("SELECT id FROM {$frmdb->entries} it WHERE {$where}");
if (!$in_form) {
$entry_key = false;
$where = $wpdb->prepare("it.form_id=%d", $form->id);
}
unset($in_form);
}
$entry_key = esc_sql($entry_key);
$entry = FrmProEntriesHelper::user_can_edit($entry_key, $form);
unset($entry_key);
if ($entry and !is_array($entry)) {
$entry = $frm_entry->getAll($where, '', 1, true);
}
if ($entry and !empty($entry)) {
$entry = reset($entry);
$frm_vars['editing_entry'] = $entry->id;
self::show_responses($entry, $fields, $form, $title, $description);
$continue = false;
}
} else {
if ($params['action'] == 'update' and $params['posted_form_id'] == $form->id) {
$errors = isset($frm_vars['created_entries'][$form->id]) ? $frm_vars['created_entries'][$form->id]['errors'] : false;
if (empty($errors)) {
$saving_draft = FrmProFormsHelper::saving_draft($form->id);
if (!isset($_POST['frm_page_order_' . $form->id]) && !FrmProFormsHelper::going_to_prev($form->id) || $saving_draft) {
$success_args = array('action' => $params['action']);
if (FrmProEntriesHelper::is_new_entry($params['id'])) {
$success_args['action'] = 'create';
}
//check confirmation method
$conf_method = apply_filters('frm_success_filter', 'message', $form, $success_args['action']);
if ($conf_method == 'message') {
$message = self::confirmation($conf_method, $form, $form->options, $params['id'], $success_args);
} else {
do_action('frm_success_action', $conf_method, $form, $form->options, $params['id'], $success_args);
add_filter('frm_continue_to_new', '__return_false', 15);
return;
}
}
} else {
$fields = FrmFieldsHelper::get_form_fields($form->id, true);
}
self::show_responses($params['id'], $fields, $form, $title, $description, $message, $errors);
$continue = false;
} else {
if ($params['action'] == 'destroy') {
//if the user who created the entry is deleting it
$message = self::ajax_destroy($form->id, false);
} else {
if (isset($frm_vars['editing_entry']) && $frm_vars['editing_entry']) {
if (is_numeric($frm_vars['editing_entry'])) {
$entry_id = $frm_vars['editing_entry'];
//get entry from shortcode
} else {
$entry_ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM {$wpdb->prefix}frm_items WHERE user_id=%d and form_id=%d", $user_ID, $form->id));
if (isset($entry_ids) and !empty($entry_ids)) {
$where_options = $frm_vars['editing_entry'];
if (!empty($where_options)) {
$where_options .= ' and ';
}
$where_options .= "it.item_id in (" . implode(',', $entry_ids) . ")";
$get_meta = $frm_entry_meta->getAll($where_options, ' ORDER BY it.created_at DESC', ' LIMIT 1');
$entry_id = $get_meta ? $get_meta->item_id : false;
}
}
if (isset($entry_id) and $entry_id) {
if ($form->editable and (isset($form->options['open_editable']) and $form->options['open_editable'] or !isset($form->options['open_editable'])) and isset($form->options['open_editable_role']) and FrmAppHelper::user_has_permission($form->options['open_editable_role'])) {
$meta = true;
} else {
$meta = $wpdb->get_var($wpdb->prepare("SELECT id FROM {$wpdb->prefix}frm_items WHERE user_id=%d AND id=%d AND form_id=%d", $user_ID, $entry_id, $form->id));
}
if ($meta) {
$frm_vars['editing_entry'] = $entry_id;
self::show_responses($entry_id, $fields, $form, $title, $description);
$continue = false;
}
}
} else {
//check to see if use is allowed to create another entry
$can_submit = true;
if (isset($form->options['single_entry']) and $form->options['single_entry']) {
if ($form->options['single_entry_type'] == 'cookie' and isset($_COOKIE['frm_form' . $form->id . '_' . COOKIEHASH])) {
$can_submit = false;
} else {
if ($form->options['single_entry_type'] == 'ip') {
$prev_entry = $frm_entry->getAll(array('it.form_id' => $form->id, 'it.ip' => $_SERVER['REMOTE_ADDR']), '', 1);
if ($prev_entry) {
$can_submit = false;
}
} else {
if ($form->options['single_entry_type'] == 'user' and !$form->editable and $user_ID) {
$meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'form_id' => $form->id));
if ($meta) {
$can_submit = false;
}
} else {
if (isset($form->options['save_draft']) and $form->options['save_draft'] == 1 and $user_ID) {
$where = $wpdb->prepare('user_id=%d AND form_id=%d', $user_ID, $form->id);
if ($form->options['single_entry_type'] != 'user') {
$where .= $wpdb->prepare(' AND is_draft=%d', 1);
}
$meta = $wpdb->get_var("SELECT id FROM {$wpdb->prefix}frm_items WHERE {$where}");
if ($meta) {
$can_submit = false;
}
}
}
}
}
if (!$can_submit) {
echo $frmpro_settings->already_submitted;
//TODO: DO SOMETHING IF USER CANNOT RESUBMIT FORM
$continue = false;
}
}
}
}
}
}
add_filter('frm_continue_to_new', '__return_' . ($continue ? 'true' : 'false'), 15);
}
public static function user_can_edit_check($entry, $form)
{
global $frm_entry, $wpdb;
$user_ID = get_current_user_id();
if (!$user_ID || empty($form) || is_object($entry) && $entry->form_id != $form->id) {
return false;
}
if (is_object($entry)) {
if ($entry->is_draft && $entry->user_id == $user_ID) {
return true;
} else {
if ($form->editable && (isset($form->options['open_editable']) && $form->options['open_editable'] || !isset($form->options['open_editable'])) && isset($form->options['open_editable_role']) && FrmAppHelper::user_has_permission($form->options['open_editable_role'])) {
//if editable and user can edit someone elses entry
return true;
}
}
}
$where = $wpdb->prepare('fr.id=%d', $form->id);
if ($form->editable && !empty($form->options['editable_role']) && !FrmAppHelper::user_has_permission($form->options['editable_role']) && (!isset($form->options['open_editable_role']) || $form->options['open_editable_role'] == '-1' || (isset($form->options['open_editable']) && !$form->options['open_editable'] || isset($form->options['open_editable']) && $form->options['open_editable'] && !empty($form->options['open_editable_role']) && !FrmAppHelper::user_has_permission($form->options['open_editable_role'])))) {
//only allow editing of drafts
$where .= $wpdb->prepare(" and user_id=%d and is_draft=%d", $user_ID, 1);
}
// check if this user can edit entry from another user
if (!$form->editable || !isset($form->options['open_editable_role']) || $form->options['open_editable_role'] == '-1' || isset($form->options['open_editable']) && empty($form->options['open_editable']) || !FrmAppHelper::user_has_permission($form->options['open_editable_role'])) {
$where .= $wpdb->prepare(" and user_id=%d", $user_ID);
if (is_object($entry) && $entry->user_id != $user_ID) {
return false;
}
if ($form->editable && !FrmAppHelper::user_has_permission($form->options['open_editable_role']) && !FrmAppHelper::user_has_permission($form->options['editable_role'])) {
// make sure user cannot edit their own entry, even if a higher user role can unless it's a draft
if (is_object($entry) && !$entry->is_draft) {
return false;
} else {
if (!is_object($entry)) {
$where .= ' and is_draft=1';
}
}
}
} else {
if ($form->editable && $user_ID && empty($entry)) {
// make sure user is editing their own draft by default, even if they have permission to edit others' entries
$where .= $wpdb->prepare(" and user_id=%d", $user_ID);
}
}
if (!$form->editable) {
$where .= ' and is_draft=1';
if (is_object($entry) && !$entry->is_draft) {
return false;
}
}
// If entry object, and we made it this far, then don't do another db call
if (is_object($entry)) {
return true;
}
if (!empty($entry)) {
$where .= $wpdb->prepare(is_numeric($entry) ? " and it.id=%d" : " and item_key=%s", $entry);
}
return $frm_entry->getAll($where, ' ORDER BY created_at DESC', 1, true);
}
