/** * Gets the form inputs and validates it's format and dataype and if it's required or not * @param form_name The name of the form * @param exclude_columns array of columns names that you dont want to validate * @return boolean */ public static function ValidRequest($form_name, $exclude_columns = null) { $inputs = SystemQueries::form_input_structure($form_name); foreach ($inputs as $input) { if ($exclude_columns == null || !in_array($input->input_name, $exclude_columns)) { self::Set($input); self::Nullable($input); if ($input->input_type != "file") { if (self::VarcharBlobText($input)) { continue; } else { if (self::Integer($input)) { continue; } else { if (self::DoubleFloat($input)) { continue; } else { return false; } } } } } } return true; }
/** * Uploads all files in a specific form * @param string $form_name_id The id/name of the form * @param string $input_name The input name of the input file * @return array ["original_filename", "extension", "fullpath] File info of the uploaded file */ public static function UploadFormFiles($form_name_id, $input_name) { //Get the inputs of type=file $inputs = SystemQueries::GetFormInputsFileType($form_name_id, $input_name); //Set file info for return $files; // = array(); //Loop through input type=file foreach ($inputs as $input) { // No file has been selected for upload if ($_FILES[$input->input_name]['error'] == UPLOAD_ERR_NO_FILE || $_FILES[$input->input_name]['size'] == 0) { $files = array("original_filename" => null, "extension" => null, "fullpath" => null); //No file selected //Set the file link to the post object $_POST[$input->input_name] = null; } else { if ($_FILES[$input->input_name]['error'] != UPLOAD_ERR_OK || $_FILES[$input->input_name]["error"] > 0 || empty($_FILES[$input->input_name]["name"]) || empty($_FILES[$input->input_name]["tmp_name"])) { Logger::File(); RequestManager::RequestError(); //Error on upload } else { if (is_uploaded_file($_FILES[$input->input_name]["tmp_name"]) && $_FILES[$input->input_name]['error'] == UPLOAD_ERR_OK) { if (trim($input["input_attributes"]) != "" || self::IsFileWithExpectedExtension($input) || self::IsFileWithExpectedMimeType($input)) { // Default web root directory definition with the new folder defined in the argument $web_server_directory = $_SERVER['DOCUMENT_ROOT'] . "/uploads"; if (!self::CreatePath($web_server_directory)) { Logger::File(); RequestManager::RequestError(); //Error creating the file directory; } $full_path = self::file_directory($web_server_directory, $input->input_name); // Saves the uploaded file if (move_uploaded_file($_FILES[$input->input_name]["tmp_name"], $full_path)) { //Renames the current uploaded file for uniqueness $fullpath = self::file_name_generator($web_server_directory, $input); if (rename($full_path, $fullpath)) { $files = array("original_filename" => $_FILES[$input->input_name]["name"], "extension" => self::GetUploadedFileExtension($input), "fullpath" => $fullpath); //Set the file link to the post object $_POST[$input->input_name] = $fullpath; } else { Logger::File(); RequestManager::RequestError(); //Error on file directory or directory doesn't exist, upload failed } } else { Logger::File(); RequestManager::RequestError(); //Error moving file to the specified directory or directory doesn't exist } } else { Logger::File(); RequestManager::RequestError(); //File type not allowed upload failed } } } } } return $files; }
/** * Invokes the class method stored on database * @param $Request The request object * @return void */ private static function InvokeMethod($Request) { //Check if the class exist in a file inside the controllers folder //Note the class_name must be same has the file name to prevent security issues $FileDirectory = dirname(dirname(__FILE__)) . "/controllers/" . $Request->Get->class_name . ".php"; if (file_exists($FileDirectory)) { require_once $FileDirectory; if (method_exists($Request->Get->class_name, $Request->Get->function_name)) { call_user_func(array($Request->Get->class_name, $Request->Get->function_name)); } else { Logger::Error("Request error: The requested function doesn't exist. Requested class_name:" . $Request->Get->class_name . " - function_name:" . $Request->Get->function_name); Dialog::RequestClassOrMethodNotExist(); } } else { $class = json_decode(json_encode(SystemQueries::GetClass($Request->Get->class_name))); if (count($class) === 0) { Logger::Error("Request error: The requested class_name doesn't exist. Requested class_name:" . $Request->Get->class_name . " - function_name:" . $Request->Get->function_name); Dialog::RequestClassOrMethodNotExist(); } else { if (is_callable(array($class->class_name, $Request->Get->function_name), true)) { try { eval("?>" . $class->class_code); if (method_exists($class->class_name, $Request->Get->function_name)) { call_user_func(array($class->class_name, $Request->Get->function_name)); } else { Logger::Error("Request error: The requested function doesn't exist. Requested class_name:" . $Request->Get->class_name . " - function_name:" . $Request->Get->function_name); Dialog::RequestClassOrMethodNotExist(); } } catch (Exception $e) { Logger::Error("Request error: The class code could not be interpreted at runtime. Please check that your code is free of errors. Requested class_name:" . $Request->Get->class_name . " - function_name:" . $Request->Get->function_name); Dialog::RequestRuntimeErrorOnCompilingCode(); } } else { Logger::Error("Request error: The requested function name can't be used to call a method. Requested class_name:" . $Request->Get->class_name . " - function_name:" . $Request->Get->function_name); Dialog::RequestClassOrMethodNotExist(); } } } }
/** * Returns the result of the executing query. Enum String Version * @param string $query The query name or string to execute * @param array $array The params for the query * @param QueryType $QueryType The query type * @return array */ public static function QueryTypeExecuterString($query, $params = null, $QueryType = QueryTypeString::Text) { if ($QueryType == QueryType::Text) { return DBManager::ExecuteQuery($query, $params, $QueryType); } else { $query_str = SystemQueries::GetQuery($query); return DBManager::ExecuteQuery($query_str->query_text, $params, QueryType::Text); } }
/** * Executes query returns the db resultset in an array * @param string $query The query string to execute * @param array $params The values to be set for the query * @param integer $QueryType The type of query * @return array */ public static function ExecuteQueryArray($query, $params = null, $QueryType = QueryType::Text) { $PDODB = new PDODB(); if ($QueryType == QueryType::Text) { $PDODB->ExecuteQuery($query, $params); return $PDODB->GetDataArray(); } else { $query_str = SystemQueries::GetQuery($query); $PDODB->ExecuteQuery($query_str->query_text, $params); return $PDODB->GetDataArray(); } }
/** * This function creates the class in the database, * Also creates a .php file template with the class name in the controllers folder * @param $Request * @param $class * @return void */ private static function CreateAndExecuteClass($Request, $class) { $inserted = SystemQueries::InsertClass($Request, $class); if (is_dir("controllers")) { @mkdir('controllers', 0755, true); } $created = file_put_contents("controllers/" . $Request->Get->table_name . ".php", $class); if (!$inserted) { Dialog::Danger("Error", "There was an error creating the class on the database! The class may already exist. Check system logs for more details.", "Ok"); } else { if (!$created) { Dialog::Danger("Error", "There was an error creating the class on the controllers folder!", "Ok"); } else { Dialog::Success("Succesful", "The class and model for " . $Request->Get->table_name . " where created on the controllers and models folder and on the database succesfully", "Ok"); } } }
/** * This function display all tables of the administrator page * @return void */ public static function AdministratorItemList() { $menus = SystemQueries::GetAllDatabaseTables(); self::HasMenus($menus); require_once "framework/views/administrator/menus/menubuttonitemlist.php"; }