function _getLevelsCreateForm($iLevelId, $bActive = false) { $sSubmitUrl = BX_DOL_URL_ADMIN . 'memb_levels.php'; $aLevel = array(); if (($bEdit = $iLevelId != 0) === true) { $aLevel = $GLOBALS['MySQL']->getRow("SELECT `Name` AS `Name`, `Description` AS `Description`, `Order` AS `Order` FROM `sys_acl_levels` WHERE `ID`='" . $iLevelId . "' LIMIT 1"); } $aForm = array('form_attrs' => array('id' => 'adm-mlevels-create', 'action' => $sSubmitUrl . '?tab=levels_add', 'method' => 'post', 'enctype' => 'multipart/form-data'), 'params' => array('db' => array('table' => 'sys_acl_levels', 'key' => 'ID', 'uri' => '', 'uri_title' => '', 'submit_name' => 'Submit')), 'inputs' => array('Active' => array('type' => 'hidden', 'name' => 'Active', 'value' => 'no', 'db' => array('pass' => 'Xss')), 'Purchasable' => array('type' => 'hidden', 'name' => 'Purchasable', 'value' => 'yes', 'db' => array('pass' => 'Xss')), 'Removable' => array('type' => 'hidden', 'name' => 'Removable', 'value' => 'yes', 'db' => array('pass' => 'Xss')), 'Name' => array('type' => 'text', 'name' => 'Name', 'caption' => _t('_adm_txt_mlevels_name'), 'value' => isset($aLevel['Name']) ? $aLevel['Name'] : '', 'required' => true, 'db' => array('pass' => 'Xss'), 'checker' => array('func' => 'length', 'params' => array(3, 100), 'error' => _t('_adm_txt_mlevels_name_err'))), 'Icon' => array('type' => 'file', 'name' => 'Icon', 'caption' => _t('_adm_txt_mlevels_icon'), 'required' => true, 'checker' => array('func' => '', 'params' => '', 'error' => _t('_adm_txt_mlevels_icon_err'))), 'Description' => array('type' => 'textarea', 'name' => 'Description', 'caption' => _t('_adm_txt_mlevels_description'), 'value' => isset($aLevel['Description']) ? $aLevel['Description'] : '', 'db' => array('pass' => 'XssHtml')), 'Order' => array('type' => 'text', 'name' => 'Order', 'caption' => _t('_adm_txt_mlevels_order'), 'value' => isset($aLevel['Order']) ? $aLevel['Order'] : 0, 'required' => true, 'db' => array('pass' => 'Int'), 'checker' => array('func' => 'preg', 'params' => array('/^[1-9][0-9]*$/'), 'error' => _t('_adm_txt_mlevels_order_err'))), 'Submit' => array('type' => 'submit', 'name' => 'Submit', 'value' => _t('_adm_btn_mlevels_add')))); //--- Convert Add to Edit if ($bEdit) { unset($aForm['inputs']['Active']); unset($aForm['inputs']['Purchasable']); unset($aForm['inputs']['Removable']); unset($aForm['inputs']['Icon']); $aForm['form_attrs']['action'] = $sSubmitUrl . '?action=edit&level=' . $iLevelId; $aForm['inputs']['Submit']['value'] = _t('_adm_btn_mlevels_save'); $aForm['inputs']['ID'] = array('type' => 'hidden', 'name' => 'ID', 'value' => $iLevelId, 'db' => array('pass' => 'Int')); } $oForm = new BxTemplFormView($aForm); $oForm->initChecker(); if ($oForm->isSubmittedAndValid()) { //--- Add new level if (!$bEdit) { $sFilePath = BX_DIRECTORY_PATH_ROOT . 'media/images/membership/'; $sFileName = time(); $sFileExt = ''; if ($GLOBALS['MySQL']->getOne("SELECT `Name` FROM `sys_acl_levels` WHERE `Name`='" . $oForm->getCleanValue('Name') . "' LIMIT 1")) { $oForm->aInputs['Name']['error'] = _t('_adm_txt_mlevels_name_err_non_uniq'); } elseif (isImage($_FILES['Icon']['type'], $sFileExt) && !empty($_FILES['Icon']['tmp_name']) && move_uploaded_file($_FILES['Icon']['tmp_name'], $sFilePath . $sFileName . '.' . $sFileExt)) { $sPath = $sFilePath . $sFileName . '.' . $sFileExt; imageResize($sPath, $sPath, 110, 110); $iId = (int) $oForm->insert(array('Icon' => $sFileName . '.' . $sFileExt)); if ($iId != 0) { $sName = $oForm->getCleanValue('Name'); addStringToLanguage('_adm_txt_mp_' . strtolower($sName), $sName); } header('Location: ' . $sSubmitUrl); exit; } else { $oForm->aInputs['Icon']['error'] = $oForm->aInputs['Icon']['checker']['error']; } } else { $bResult = $oForm->update($iLevelId); if ($bResult !== false) { deleteStringFromLanguage('_adm_txt_mp_' . strtolower($aLevel['Name'])); $sName = $oForm->getCleanValue('Name'); addStringToLanguage('_adm_txt_mp_' . strtolower($sName), $sName); } header('Location: ' . $sSubmitUrl); exit; } } return $GLOBALS['oAdmTemplate']->parseHtmlByName('mlevels_create.html', array('display' => $bActive ? 'block' : 'none', 'form' => $oForm->getCode())); }
function PageCodeCreate() { $aForm = array('form_attrs' => array('id' => 'adm-mlevels-create', 'action' => $GLOBALS['site']['url_admin'] . 'memb_levels.php', 'method' => 'post', 'enctype' => 'multipart/form-data'), 'params' => array('db' => array('table' => 'sys_acl_levels', 'key' => 'ID', 'uri' => '', 'uri_title' => '', 'submit_name' => 'submit')), 'inputs' => array('Active' => array('type' => 'hidden', 'name' => 'Active', 'value' => 'no', 'db' => array('pass' => 'Xss')), 'Purchasable' => array('type' => 'hidden', 'name' => 'Purchasable', 'value' => 'yes', 'db' => array('pass' => 'Xss')), 'Removable' => array('type' => 'hidden', 'name' => 'Removable', 'value' => 'yes', 'db' => array('pass' => 'Xss')), 'Name' => array('type' => 'text', 'name' => 'name', 'caption' => _t('_adm_txt_mlevels_name'), 'value' => '', 'db' => array('pass' => 'Xss'), 'checker' => array('func' => 'length', 'params' => array(3, 100), 'error' => _t('_adm_txt_mlevels_name_err'))), 'Icon' => array('type' => 'file', 'name' => 'Icon', 'caption' => _t('_adm_txt_mlevels_icon'), 'value' => '', 'checker' => array('func' => '', 'params' => '', 'error' => _t('_adm_txt_mlevels_icon_err'))), 'Description' => array('type' => 'textarea', 'name' => 'description', 'caption' => _t('_adm_txt_mlevels_description'), 'value' => '', 'db' => array('pass' => 'XssHtml')), 'submit' => array('type' => 'submit', 'name' => 'submit', 'value' => _t('_adm_btn_mlevels_add')))); $oForm = new BxTemplFormView($aForm); $oForm->initChecker(); $bFile = true; $sFilePath = BX_DIRECTORY_PATH_ROOT . 'media/images/membership/'; $sFileName = time(); $sFileExt = ''; if ($oForm->isSubmittedAndValid() && ($bFile = isImage($_FILES['Icon']['type'], $sFileExt) && !empty($_FILES['Icon']['tmp_name']) && move_uploaded_file($_FILES['Icon']['tmp_name'], $sFilePath . $sFileName . '.' . $sFileExt))) { $sPath = $sFilePath . $sFileName . '.' . $sFileExt; imageResize($sPath, $sPath, 110, 110); $iId = (int) $oForm->insert(array('Icon' => $sFileName . '.' . $sFileExt)); if ($iId != 0) { addStringToLanguage("_adm_txt_mp_" . strtolower(bx_get('name')), bx_get('name')); } header('Location: ' . $oForm->aFormAttrs['action']); } else { if (!$bFile) { $oForm->aInputs['Icon']['error'] = $oForm->aInputs['Icon']['checker']['error']; } return DesignBoxAdmin(_t('_adm_box_cpt_mlevel_create'), $GLOBALS['oAdmTemplate']->parseHtmlByName('design_box_content.html', array('content' => $oForm->getCode()))); } }
/** * Perform edit ar add field database actions * @param */ function edit_or_add_field() { // Get field type. $field_type = $_POST['field_type']; // Select old field values if ('add' != $_GET['action']) { $q_str = "SELECT * FROM `ProfilesDesc` WHERE `ID` = {$_GET['ID']}"; $field = db_arr($q_str); } // Get new field order. if ('add' == $_GET['action']) { $order = get_field_order($_POST['insert_after']); } // Get field name. $name = process_pass_data($_POST['field_name']); $name = str_replace(' ', '_', $name); $name = str_replace("'", '_', $name); // Get caption and determ if it was changed if ('add' == $_GET['action']) { $namedisp = '_' . $name . '_caption'; $namedisp_changed = true; } else { if ($_POST['caption'] == _t($field['namedisp'])) { $namedisp = $field['namedisp']; $namedisp_changed = false; } else { $namedisp = '_' . $name . '_caption'; $namedisp_changed = true; } } // Get field description. if ('add' == $_GET['action']) { $namenote = $_POST['desc'] ? '_' . $name . '_desc' : ''; $namenote_changed = true; } else { if ($_POST['desc'] == _t($field['namenote'])) { $namenote = $field['namedisp']; $namenote_changed = false; } else { $namenote = $_POST['desc'] ? '_' . $name . '_desc' : ''; $namenote_changed = true; } } // Get user visibility. $visible = ''; if ('on' == $_POST['visible_to_visitor']) { $visible .= 'user'; } if ('on' == $_POST['visible_to_member']) { $visible = cat_string($visible, 'memb'); } if ('on' == $_POST['visible_to_admin']) { $visible = cat_string($visible, 'adm'); } // Get user edit possibility. $editable = ''; if ('on' == $_POST['editable_for_member']) { $editable .= 'memb'; } if ('on' == $_POST['editable_for_admin']) { $editable = cat_string($editable, 'adm'); } // Get page visibility. $show_on_page = ''; if ('on' == $_POST['show_on_all']) { $show_on_page = '0'; } if ('on' == $_POST['show_on_join']) { $show_on_page = cat_string($show_on_page, '3'); } if ('on' == $_POST['show_on_view_profile']) { $show_on_page = cat_string($show_on_page, '7'); } if ('on' == $_POST['show_on_edit_profile']) { $show_on_page = cat_string($show_on_page, '25'); } // Generate extra field content. $extra = ''; switch ($field_type) { case 'p': case 'c': $extra = (int) $_POST['edit_box_length']; break; case 'date': $extra = process_db_input($_POST['edit_box_length']); break; case 'e': case 'rb': case 'set': $temp = explode("\r\n", $_POST['choices']); $extra = ''; foreach ($temp as $value) { $value = process_pass_data($value); $value = str_replace("'", '`', $value); $replace_arr = array(' ', '.', ',', "\\"); $value = str_replace($replace_arr, '_', $value); $extra = cat_string($extra, "\\'{$value}\\'"); } $result = db_arr("SHOW COLUMNS FROM `Profiles` LIKE '{$name}'"); $extratmp = str_replace("\\", "", $extra); // Alter existing field if ($result['Default']) { $alter_field_type = $field_type == 'set' ? "SET({$extratmp})" : "ENUM({$extratmp})"; if (strstr($extratmp, "'" . $result['Default'] . "'")) { db_res("ALTER TABLE `Profiles` MODIFY `{$name}` {$alter_field_type} NOT NULL DEFAULT '{$result['Default']}'"); } else { $defval = substr($extratmp, 0, strpos($extratmp, ",")); db_res("ALTER TABLE `Profiles` MODIFY `{$name}` {$alter_field_type} NOT NULL DEFAULT {$defval}"); } } break; case 'a': $extra = (int) $_POST['memo_rows'] . "x" . (int) $_POST['memo_cols']; break; } // Generate check script. if ('Email' != $name && 'Email,Email1' != $name && 'NickName' != $name && 'Password,Password1' != $name) { if ($_POST['min_value'] && $_POST['max_value']) { $check = 'return (strlen($arg0) >= ' . $_POST['min_value'] . ' && strlen($arg0) <= ' . $_POST['max_value'] . ' ) ? true : false;'; } else { if ($_POST['min_value']) { $check = 'return (strlen($arg0) >= ' . $_POST['min_value'] . ') ? true : false;'; } else { if ($_POST['max_value']) { $check = 'return (strlen($arg0) <= ' . $_POST['max_value'] . ') ? true : false;'; } else { if ('on' == $_POST['mandatory']) { $check = 'return strlen($arg0) > 0 ? true : false;'; } } } } } else { $length_check = $_POST['min_value'] ? 'strlen($arg0) >= ' . $_POST['min_value'] . ' && ' : ""; $length_check .= $_POST['max_value'] ? ' strlen($arg0) <= ' . $_POST['max_value'] . ' && ' : ""; if ('Email' == $name) { $check = 'return (' . $length_check . 'strstr($arg0,"@") && strstr($arg0,".") && conf_email($arg0,$_COOKIE[memberID])) ? true : false;'; } else { if ('NickName' == $name) { $check = 'return (' . $length_check . 'conf_nick($arg0,$_COOKIE[memberID]) && preg_match("/^[0-9A-Za-z]+$/",$arg0)) ? true : false;'; } else { if ('Password,Password1' == $name) { $check = 'return (' . $length_check . '!strcmp($arg0,$_POST[Password2])) ? true : false;'; } else { if ('Email,Email1' == $name) { $check = 'return (eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,4}$", $arg0) && !strcmp($arg0,$_POST[Email2]) && conf_email($arg0,$_COOKIE[memberID])) ? true : false;'; } else { $check = ''; } } } } } // Generate error message. if ('add' == $_GET['action']) { $err_msg = '_' . $name . '_err_msg'; $err_msg_changed = true; } else { if ($_POST['err_msg'] == _t($field['because'])) { $err_msg = $field['because']; $err_msg_changed = false; } else { $err_msg = '_' . $name . '_err_msg'; $err_msg_changed = true; } } // Generate search type. $search_type = $_POST['search_t'] ? $_POST['search_t'] : 'none'; // Generate 'search_hide' value. $search_hide = 0; if ('on' == $_POST['search_hidden']) { $search_hide = 1; } // Generate 'search_cols' value. $search_cols = $_POST['search_cols'] ? (int) $_POST['search_cols'] : 0; // Generate 'search_order' value. $q_str = 'SELECT `search_order` FROM `ProfilesDesc` ORDER BY `search_order` DESC LIMIT 1'; $row = db_arr($q_str); $search_order = $row['search_order'] + 1; // Generate match type $match_type = $_POST['match_t'] ? $_POST['match_t'] : 'none'; // Generate match field $match_field = $_POST['match_f'] && $_POST['match_f'] != 'none' ? $_POST['match_f'] : ''; // Generate match extra $match_extra = $_POST['match_perc'] ? $_POST['match_perc'] : ''; $min_length = process_db_input($_POST['min_value']); $max_length = process_db_input($_POST['max_value']); if ('add' == $_GET['action']) { // Generate query to add record to ProfilesDesc. $q_str = "INSERT INTO `ProfilesDesc` (`name`, `namedisp`, `namenote`, `extra`, `type`, `order`, `visible`, `editable`, `show_on_page`, `check`, `because`, `min_length`, `max_length`, `search_type`, `search_hide`, `search_cols`, `search_order`, `match_type`, `match_field`, `match_extra`)"; $q_str .= "VALUES ('{$name}', '{$namedisp}', '{$namenote}', '{$extra}', '{$field_type}', '{$order}', '{$visible}', '{$editable}', '{$show_on_page}', '{$check}', '{$err_msg}', '{$min_length}', '{$max_length}', '{$search_type}', '{$search_hide}', '{$search_cols}', '{$search_order}', '{$match_type}', '{$match_field}', '{$match_extra}')"; } elseif ('edit' == $_GET['action']) { $namedisp_sql = $namedisp_changed ? "`namedisp` = '{$namedisp}'," : ""; $namenote_sql = $namenote_changed ? "`namenote` = '{$namenote}'," : ""; $err_msg_sql = $err_msg_changed ? "`because` = '{$err_msg}'," : ""; $q_str = "UPDATE `ProfilesDesc` SET {$namedisp_sql} {$namenote_sql} `extra` = '{$extra}', `visible` = '{$visible}', `editable` = '{$editable}', `show_on_page` = '{$show_on_page}', `check` = '{$check}', {$err_msg_sql} `min_length` = '{$min_length}', `max_length` = '{$max_length}', `search_type` = '{$search_type}', `search_hide` = '{$search_hide}', `search_cols` = '{$search_cols}', `match_type` = '{$match_type}', `match_field` = '{$match_field}', `match_extra` = '{$match_extra}' WHERE ID = {$_GET['ID']}"; } // Execute query. db_res($q_str); $type = ''; // Generate field type for Profiles table. switch ($field_type) { case 'c': $type = 'VARCHAR(255)'; break; case 'e': case 'rb': $arr = explode("\r\n", $_POST['choices']); $type = ''; foreach ($arr as $value) { $value = process_pass_data($value); $value = str_replace("'", '`', $value); $replace_arr = array(' ', '.', ',', "\\"); $value = str_replace($replace_arr, '_', $value); $type = cat_string($type, "'{$value}'"); } $type = "ENUM ({$type})"; break; case 'a': $type = 'MEDIUMTEXT'; break; case 'set': $arr = explode("\r\n", $_POST['choices']); $type = ''; foreach ($arr as $value) { $value = process_pass_data($value); $value = str_replace("'", '`', $value); $replace_arr = array(' ', '.', ',', "\\"); $value = str_replace($replace_arr, '_', $value); $type = cat_string($type, "'{$value}'"); } $type = "SET ({$type})"; break; } if ($field_type != '0' && 'add' == $_GET['action']) { // Generate query to add new field to Profiles. $vals = split(",", $name); $db_name = $vals[0]; $q_str = "ALTER TABLE `Profiles` ADD `{$db_name}` {$type} NOT NULL"; db_res($q_str); } // Generate language file content. $lang_file = ''; $langFailFields = ''; if ($namedisp_changed) { $lang_file .= "'{$_POST['caption']}';<br />"; if (!addStringToLanguage($namedisp, $_POST['caption']) && !updateStringInLanguage($namedisp, $_POST['caption'])) { $langFailFields .= "'{$namedisp}';<br />"; } } if ($namenote_changed && $namenote) { $lang_file .= "'{$_POST['desc']}';<br />"; if (!addStringToLanguage($namenote, $_POST['desc']) && !updateStringInLanguage($namenote, $_POST['desc'])) { $langFailFields .= "'{$namenote}';<br />"; } } // Error message. if ($err_msg_changed) { $lang_file .= "'{$_POST['err_msg']}';<br />"; if (!addStringToLanguage($err_msg, $_POST['err_msg']) && !updateStringInLanguage($err_msg, $_POST['err_msg'])) { $langFailFields .= "'{$err_msg}';<br />"; } } // Drop-down box options. if ($_POST['choices']) { $arr = explode("\r\n", $_POST['choices']); foreach ($arr as $value) { $value = process_pass_data($value); $entered_value = $value; $value = str_replace("'", '`', $value); $replace_arr = array(' ', '.', ',', "\\"); $value = str_replace($replace_arr, '_', $value); $lang_file .= "'{$entered_value}';<br />"; if (!addStringToLanguage("_{$value}", $entered_value) && !updateStringInLanguage("_{$value}", $entered_value)) { $langFailFields .= "'{$entered_value}';<br />"; } } } // Compile language files if needed if (strlen($lang_file)) { compileLanguage(); } if ('add' == $_GET['action']) { echo "<p><span style=\"color:#ff6666;font-weight:bold\">New field has been added.</span></p>"; } else { if ('edit' == $_GET['action']) { echo "<p><span style=\"color:#ff6666;font-weight:bold\">Field has been updated.</span></p>"; } } if (strlen($lang_file)) { echo "Following strings were added or updated in your language files:<br />"; echo "<pre>{$lang_file}</pre>"; if (strlen($langFailFields)) { echo "Fail to insert or update following strings:<br />"; echo "<pre>{$langFailFields}</pre>"; } } echo "<p><a href=\"profile_fields.php\">Continue</a></p>"; }
function install($aParams) { $oModuleDb = new BxDolModuleDb(); $sTitle = _t('_adm_txt_modules_operation_install', $this->_aConfig['title']); //--- Check whether the module was already installed ---// if ($oModuleDb->isModule($this->_aConfig['home_uri'])) { return array('operation_title' => $sTitle, 'message' => _t('_adm_txt_modules_already_installed'), 'result' => false); } //--- Check version compatibility ---// $bCompatible = false; if (isset($this->_aConfig['compatible_with']) && is_array($this->_aConfig['compatible_with'])) { foreach ($this->_aConfig['compatible_with'] as $iKey => $sVersion) { $sVersion = '/^' . str_replace(array('.', 'x'), array('\\.', '[0-9]+'), $sVersion) . '$/is'; $bCompatible = $bCompatible || preg_match($sVersion, $GLOBALS['site']['ver'] . '.' . $GLOBALS['site']['build']) > 0; } } if (!$bCompatible) { return array('operation_title' => $sTitle, 'message' => $this->_displayResult('check_script_version', false, '_adm_txt_modules_wrong_version_script'), 'result' => false); } //--- Check actions ---// $aResult = $this->_perform('install', 'Installation'); if ($aResult['result']) { $sDependencies = ""; if (isset($this->_aConfig['install']['check_dependencies']) && (int) $this->_aConfig['install']['check_dependencies'] == 1 && isset($this->_aConfig['dependencies']) && is_array($this->_aConfig['dependencies'])) { $sDependencies = implode(',', array_keys($this->_aConfig['dependencies'])); } db_res("INSERT IGNORE INTO `sys_modules`(`title`, `vendor`, `version`, `update_url`, `path`, `uri`, `class_prefix`, `db_prefix`, `dependencies`, `date`) VALUES ('" . $this->_aConfig['title'] . "', '" . $this->_aConfig['vendor'] . "', '" . $this->_aConfig['version'] . "', '" . $this->_aConfig['update_url'] . "', '" . $this->_aConfig['home_dir'] . "', '" . $this->_aConfig['home_uri'] . "', '" . $this->_aConfig['class_prefix'] . "', '" . $this->_aConfig['db_prefix'] . "', '" . $sDependencies . "', UNIX_TIMESTAMP())"); $iModuleId = (int) db_last_id(); addStringToLanguage(BxDolModule::getTitleKey($this->_aConfig['home_uri']), $this->_aConfig['title']); compileLanguage(); $aFiles = array(); $this->_hash($this->_sModulePath, $aFiles); foreach ($aFiles as $aFile) { db_res("INSERT IGNORE INTO `sys_modules_file_tracks`(`module_id`, `file`, `hash`) VALUES('" . $iModuleId . "', '" . $aFile['file'] . "', '" . $aFile['hash'] . "')"); } $GLOBALS['MySQL']->cleanMemory('sys_modules_' . $this->_aConfig['home_uri']); $GLOBALS['MySQL']->cleanMemory('sys_modules_' . $iModuleId); $GLOBALS['MySQL']->cleanMemory('sys_modules'); } $aResult['operation_title'] = $sTitle; return $aResult; }