function render($ele_value, $caption, $markupName, $isDisabled, $element, $entry_id) { global $xoopsDB, $xoopsUser, $myts; $renderer = new formulizeElementRenderer(); $form_handler = xoops_getmodulehandler('forms', 'formulize'); $id_form = $element->getVar('id_form'); if ($entry_id != "new") { $owner = getEntryOwner($entry_id, $id_form); } else { $owner = $xoopsUser ? $xoopsUser->getVar('uid') : 0; } $formObject = $form_handler->get($id_form); $isDisabled = false; if (strstr(getCurrentURL(), "printview.php")) { $isDisabled = true; // disabled all elements if we're on the printable view } $ele_desc = $element->getVar('ele_desc', "f"); if (strstr($ele_value[2], "#*=:*")) { // if we've got a link on our hands... -- jwe 7/29/04 // new process for handling links...May 10 2008...new datastructure for formulize 3.0 $boxproperties = explode("#*=:*", $ele_value[2]); $sourceFid = $boxproperties[0]; $sourceHandle = $boxproperties[1]; $sourceEntryIds = explode(",", trim($boxproperties[2], ",")); // grab the user's groups and the module id global $regcode; if ($regcode) { // if we're dealing with a registration code, determine group membership based on the code $reggroupsq = q("SELECT reg_codes_groups FROM " . XOOPS_DB_PREFIX . "_reg_codes WHERE reg_codes_code=\"{$regcode}\""); $groups = explode("&8(%\$", $reggroupsq[0]['reg_codes_groups']); if ($groups[0] === "") { unset($groups); } // if a code has no groups associated with it, then kill the null value that will be in position 0 in the groups array. $groups[] = XOOPS_GROUP_USERS; $groups[] = XOOPS_GROUP_ANONYMOUS; } else { $groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS); } $module_id = getFormulizeModId(); $pgroups = array(); // handle new linkscope option -- August 30 2006 $emptylist = false; if ($ele_value[3]) { $scopegroups = explode(",", $ele_value[3]); if (!in_array("all", $scopegroups)) { if ($ele_value[4]) { // limit by user's groups foreach ($groups as $gid) { // want to loop so we can get rid of reg users group simply if ($gid == XOOPS_GROUP_USERS) { continue; } if (in_array($gid, $scopegroups)) { $pgroups[] = $gid; } } } else { // just use scopegroups $pgroups = $scopegroups; } if (count($pgroups) == 0) { // specific scope was specified, and nothing found, so we should show nothing $emptylist = true; } } else { if ($ele_value[4]) { // all groups selected, but limiting by user's groups is turned on foreach ($groups as $gid) { // want to loop so we can get rid of reg users group simply if ($gid == XOOPS_GROUP_USERS) { continue; } $pgroups[] = $gid; } } else { // all groups should be used unset($pgroups); $allgroupsq = q("SELECT groupid FROM " . $xoopsDB->prefix("groups")); // . " WHERE groupid != " . XOOPS_GROUP_USERS); // use all groups now, if all groups are picked, with no restrictions on membership or anything, then use all groups foreach ($allgroupsq as $thisgid) { $pgroups[] = $thisgid['groupid']; } } } } // Note: OLD WAY: if no groups were found, then pguidq will be empty and so all entries will be shown, no restrictions // NEW WAY: if a specific group(s) was specified, and no match with the current user was found, then we return an empty list array_unique($pgroups); // remove duplicate groups from the list if ($ele_value[6] and count($pgroups) > 0) { $pgroupsfilter = " ("; $start = true; foreach ($pgroups as $thisPgroup) { if (!$start) { $pgroupsfilter .= " AND "; } $pgroupsfilter .= "EXISTS(SELECT 1 FROM " . $xoopsDB->prefix("formulize_entry_owner_groups") . " AS t2 WHERE t2.groupid={$thisPgroup} AND t2.fid={$sourceFid} AND t2.entry_id=t1.entry_id)"; $start = false; } $pgroupsfilter .= ")"; } elseif (count($pgroups) > 0) { $pgroupsfilter = " t2.groupid IN (" . formulize_db_escape(implode(",", $pgroups)) . ") AND t2.entry_id=t1.entry_id AND t2.fid={$sourceFid}"; } else { $pgroupsfilter = ""; } $sourceFormObject = $form_handler->get($sourceFid); list($conditionsfilter, $conditionsfilter_oom, $parentFormFrom) = buildConditionsFilterSQL($ele_value[5], $sourceFid, $entry_id, $owner, $formObject, "t1"); // if there is a restriction in effect, then add some SQL to reject options that have already been selected ?? $restrictSQL = ""; if ($ele_value[9]) { $restrictSQL = " AND (\n\t\t\t\tNOT EXISTS (\n\t\t\t\tSELECT 1 FROM " . $xoopsDB->prefix("formulize_" . $formObject->getVar('form_handle')) . " AS t4 WHERE t4.`" . $element->getVar('ele_handle') . "` LIKE CONCAT( '%,', t1.`entry_id` , ',%' ) AND t4.entry_id != " . intval($entry_id); $restrictSQL .= $renderer->addEntryRestrictionSQL($ele_value[9], $id_form, $groups); // pass in the flag about restriction scope, and the form id, and the groups $restrictSQL .= " ) OR EXISTS (\n\t\t\t\tSELECT 1 FROM " . $xoopsDB->prefix("formulize_" . $formObject->getVar('form_handle')) . " AS t4 WHERE t4.`" . $element->getVar('ele_handle') . "` LIKE CONCAT( '%,', t1.`entry_id` , ',%' ) AND t4.entry_id = " . intval($entry_id); $restrictSQL .= $renderer->addEntryRestrictionSQL($ele_value[9], $id_form, $groups); $restrictSQL .= ") )"; } static $cachedSourceValuesQ = array(); static $cachedSourceValuesAutocompleteFile = array(); static $cachedSourceValuesAutocompleteLength = array(); // setup the sort order based on ele_value[12], which is an element id number $sortOrder = $ele_value[15] == 2 ? " DESC" : "ASC"; if ($ele_value[12] == "none" or !$ele_value[12]) { $sortOrderClause = " ORDER BY t1.`{$sourceHandle}` {$sortOrder}"; } else { list($sortHandle) = convertElementIdsToElementHandles(array($ele_value[12]), $sourceFormObject->getVar('id_form')); $sortOrderClause = " ORDER BY t1.`{$sortHandle}` {$sortOrder}"; } if ($pgroupsfilter) { // if there is a groups filter, then join to the group ownership table $sourceValuesQ = "SELECT t1.entry_id, t1.`" . $sourceHandle . "` FROM " . $xoopsDB->prefix("formulize_" . $sourceFormObject->getVar('form_handle')) . " AS t1, " . $xoopsDB->prefix("formulize_entry_owner_groups") . " AS t2 {$parentFormFrom} WHERE {$pgroupsfilter} {$conditionsfilter} {$conditionsfilter_oom} {$restrictSQL} GROUP BY t1.entry_id {$sortOrderClause}"; } else { // otherwise just query the source table $sourceValuesQ = "SELECT t1.entry_id, t1.`" . $sourceHandle . "` FROM " . $xoopsDB->prefix("formulize_" . $sourceFormObject->getVar('form_handle')) . " AS t1 {$parentFormFrom} WHERE t1.entry_id>0 {$conditionsfilter} {$conditionsfilter_oom} {$restrictSQL} GROUP BY t1.entry_id {$sortOrderClause}"; } //print "$sourceValuesQ<br><br>"; if (!$isDisabled) { // set the default selections, based on the entry_ids that have been selected as the defaults, if applicable $hasNoValues = trim($boxproperties[2]) == "" ? true : false; $useDefaultsWhenEntryHasNoValue = $ele_value[14]; if (($entry_id == "new" or $useDefaultsWhenEntryHasNoValue and $hasNoValues) and (is_array($ele_value[13]) and count($ele_value[13]) > 0 or $ele_value[13])) { $defaultSelected = $ele_value[13]; } else { $defaultSelected = ""; } $form_ele = new XoopsFormSelect($caption, $markupName, $defaultSelected, $ele_value[0], $ele_value[1]); $form_ele->setExtra("onchange=\"javascript:formulizechanged=1;\" jquerytag='{$markupName}'"); if ($ele_value[0] == 1) { // add the initial default entry, singular or plural based on whether the box is one line or not. $form_ele->addOption("none", _AM_FORMLINK_PICK); } } else { $disabledHiddenValue = array(); $disabledOutputText = array(); } if (!isset($cachedSourceValuesQ[$sourceValuesQ])) { $element_handler = xoops_getmodulehandler('elements', 'formulize'); $sourceElementObject = $element_handler->get($boxproperties[1]); if ($sourceElementObject->isLinked) { // need to jump one more level back to get value that this value is pointing at $sourceEleValue = $sourceElementObject->getVar('ele_value'); $originalSource = explode("#*=:*", $sourceEleValue[2]); include_once XOOPS_ROOT_PATH . "/modules/formulize/class/data.php"; $data_handler = new formulizeDataHandler($originalSource[0]); } $reslinkedvaluesq = $xoopsDB->query($sourceValuesQ); if ($reslinkedvaluesq) { while ($rowlinkedvaluesq = $xoopsDB->fetchRow($reslinkedvaluesq)) { if ($rowlinkedvaluesq[1] === "") { continue; } if ($sourceElementObject->isLinked) { $rowlinkedvaluesq[1] = $data_handler->getElementValueInEntry(trim($rowlinkedvaluesq[1], ","), $originalSource[1]); } $linkedElementOptions[$rowlinkedvaluesq[0]] = strip_tags($rowlinkedvaluesq[1]); } } $cachedSourceValuesQ[$sourceValuesQ] = $linkedElementOptions; /* ALTERED - 20100318 - freeform - jeff/julian - start */ if (!$isDisabled and $ele_value[8] == 1) { // write the possible values to a cached file so we can look them up easily when we need them, don't want to actually send them to the browser, since it could be huge, but don't want to replicate all the logic that has already gathered the values for us, each time there's an ajax request $cachedLinkedOptionsFileName = "formulize_linkedOptions_" . str_replace(".", "", microtime(true)); formulize_scandirAndClean(XOOPS_ROOT_PATH . "/cache/", "formulize_linkedOptions_"); $cachedLinkedOptions = fopen(XOOPS_ROOT_PATH . "/cache/{$cachedLinkedOptionsFileName}", "w"); fwrite($cachedLinkedOptions, "<?php\n\r"); $maxLength = 0; foreach ($linkedElementOptions as $id => $text) { $thisTextLength = strlen($text); $maxLength = $thisTextLength > $maxLength ? $thisTextLength : $maxLength; $text = str_replace("\$", "\\\$", $text); $quotedText = "\"" . str_replace("\"", "\\\"", html_entity_decode($text, ENT_QUOTES)) . "\""; $singleQuotedText = str_replace("'", "\\'", "[{$quotedText},{$id}]"); fwrite($cachedLinkedOptions, "if(stristr({$quotedText}, \$term)){ \$found[]='" . $singleQuotedText . "'; }\n"); } fwrite($cachedLinkedOptions, "?>"); fclose($cachedLinkedOptions); $cachedSourceValuesAutocompleteFile[$sourceValuesQ] = $cachedLinkedOptionsFileName; $cachedSourceValuesAutocompleteLength[$sourceValuesQ] = $maxLength; } } // if we're rendering an autocomplete box if (!$isDisabled and $ele_value[8] == 1) { // do autocomplete rendering logic here if ($boxproperties[2]) { $default_value = trim($boxproperties[2], ","); $data_handler_autocomplete = new formulizeDataHandler($boxproperties[0]); $default_value_user = $data_handler_autocomplete->getElementValueInEntry(trim($boxproperties[2], ","), $boxproperties[1]); } $renderedComboBox = $renderer->formulize_renderQuickSelect($markupName, $cachedSourceValuesAutocompleteFile[$sourceValuesQ], $default_value, $default_value_user, $cachedSourceValuesAutocompleteLength[$sourceValuesQ]); $form_ele = new xoopsFormLabel($caption, $renderedComboBox); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } // only do this if we're rendering a normal element, that is not disabled if (!$isDisabled and $ele_value[8] == 0) { $form_ele->addOptionArray($cachedSourceValuesQ[$sourceValuesQ]); } // only do this if we're rendering a normal element (may be disabled) if ($ele_value[8] == 0) { foreach ($sourceEntryIds as $thisEntryId) { if (!$isDisabled) { $form_ele->setValue($thisEntryId); } else { $disabledName = $ele_value[1] ? $markupName . "[]" : $markupName; $disabledHiddenValue[] = "<input type=hidden name=\"{$disabledName}\" value=\"{$thisEntryId}\">"; $disabledOutputText[] = $cachedSourceValuesQ[$sourceValuesQ][$thisEntryId]; // the text value of the option(s) that are currently selected } } } if ($isDisabled) { $form_ele = new XoopsFormLabel($caption, implode(", ", $disabledOutputText) . implode("\n", $disabledHiddenValue)); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } elseif ($ele_value[8] == 0) { // this is a hack because the size attribute is private and only has a getSize and not a setSize, setting the size can only be done through the constructor $count = count($form_ele->getOptions()); $size = $ele_value[0]; $new_size = $count < $size ? $count : $size; $form_ele->_size = $new_size; } /* ALTERED - 20100318 - freeform - jeff/julian - stop */ } else { // or if we don't have a link... $selected = array(); $options = array(); $disabledOutputText = array(); $disabledHiddenValue = array(); $disabledHiddenValues = ""; // add the initial default entry, singular or plural based on whether the box is one line or not. if ($ele_value[0] == 1) { $options["none"] = _AM_FORMLINK_PICK; } // set opt_count to 1 if the box is NOT a multiple selection box. -- jwe 7/26/04 if ($ele_value[1]) { $opt_count = 0; } else { $opt_count = 1; } $hiddenOutOfRangeValuesToWrite = array(); while ($i = each($ele_value[2])) { // handle requests for full names or usernames -- will only kick in if there is no saved value (otherwise ele_value will have been rewritten by the loadValues function in the form display // note: if the user is about to make a proxy entry, then the list of users displayed will be from their own groups, but not from the groups of the user they are about to make a proxy entry for. ie: until the proxy user is known, the choice of users for this list can only be based on the current user. This could lead to confusing or buggy situations, such as users being selected who are outside the groups of the proxy user (who will become the owner) and so there will be an invalid value stored for this element in the db. if ($i['key'] === "{FULLNAMES}" or $i['key'] === "{USERNAMES}") { // ADDED June 18 2005 to handle pulling in usernames for the user's group(s) if ($i['key'] === "{FULLNAMES}") { $nametype = "name"; } if ($i['key'] === "{USERNAMES}") { $nametype = "uname"; } if (isset($ele_value[2]['{OWNERGROUPS}'])) { $groups = $ele_value[2]['{OWNERGROUPS}']; } else { global $regcode; if ($regcode) { // if we're dealing with a registration code, determine group membership based on the code $reggroupsq = q("SELECT reg_codes_groups FROM " . XOOPS_DB_PREFIX . "_reg_codes WHERE reg_codes_code=\"{$regcode}\""); $groups = explode("&8(%\$", $reggroupsq[0]['reg_codes_groups']); if ($groups[0] === "") { unset($groups); } // if a code has no groups associated with it, then kill the null value that will be in position 0 in the groups array. $groups[] = XOOPS_GROUP_USERS; $groups[] = XOOPS_GROUP_ANONYMOUS; } else { global $xoopsUser; $groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS); } } $pgroups = array(); if ($ele_value[3]) { $scopegroups = explode(",", $ele_value[3]); if (!in_array("all", $scopegroups)) { if ($ele_value[4]) { // limit by users's groups foreach ($groups as $gid) { // want to loop so we can get rid of reg users group simply if ($gid == XOOPS_GROUP_USERS) { continue; } if (in_array($gid, $scopegroups)) { $pgroups[] = $gid; } } if (count($pgroups) > 0) { unset($groups); $groups = $pgroups; } else { $groups = array(); } } else { // don't limit by user's groups $groups = $scopegroups; } } else { // use all if (!$ele_value[4]) { // really use all (otherwise, we're just going with all user's groups, so existing value of $groups will be okay unset($groups); global $xoopsDB; $allgroupsq = q("SELECT groupid FROM " . $xoopsDB->prefix("groups")); // . " WHERE groupid != " . XOOPS_GROUP_USERS); // removed exclusion of registered users group March 18 2009, since it doesn't make sense in this situation. All groups should mean everyone, period. foreach ($allgroupsq as $thisgid) { $groups[] = $thisgid['groupid']; } } } } $namelist = gatherNames($groups, $nametype, $ele_value[6], $ele_value[5]); foreach ($namelist as $auid => $aname) { $options[$auid] = $aname; } } elseif ($i['key'] === "{SELECTEDNAMES}") { // loadValue in formDisplay will create a second option with this key that contains an array of the selected values $selected = $i['value']; } elseif ($i['key'] === "{OWNERGROUPS}") { // do nothing with this piece of metadata that gets set in loadValue, since it's used above } else { // regular selection list.... $options[$opt_count] = $myts->stripSlashesGPC($i['key']); if (strstr($i['key'], _formulize_OUTOFRANGE_DATA)) { $hiddenOutOfRangeValuesToWrite[$opt_count] = str_replace(_formulize_OUTOFRANGE_DATA, "", $i['key']); // if this is an out of range value, grab the actual value so we can stick it in a hidden element later } if ($i['value'] > 0) { $selected[] = $opt_count; } $opt_count++; } } $count = count($options); $size = $ele_value[0]; $final_size = $count < $size ? $count : $size; $form_ele1 = new XoopsFormSelect($caption, $markupName, $selected, $final_size, $ele_value[1]); $form_ele1->setExtra("onchange=\"javascript:formulizechanged=1;\" jquerytag='{$markupName}'"); // must check the options for uitext before adding to the element -- aug 25, 2007 foreach ($options as $okey => $ovalue) { $options[$okey] = formulize_swapUIText($ovalue, $element->getVar('ele_uitext')); } $form_ele1->addOptionArray($options); if ($selected) { if (is_array($selected)) { $hiddenElementName = $ele_value[1] ? $form_ele1->getName() . "[]" : $form_ele1->getName(); foreach ($selected as $thisSelected) { $disabledOutputText[] = $options[$thisSelected]; $disabledHiddenValue[] = "<input type=hidden name=\"{$hiddenElementName}\" value=\"{$thisSelected}\">"; } } elseif ($ele_value[1]) { // need to keep [] in the hidden element name if multiple values are expected, even if only one is chosen $disabledOutputText[] = $options[$selected]; $disabledHiddenValue[] = "<input type=hidden name=\"" . $form_ele1->getName() . "[]\" value=\"{$selected}\">"; } else { $disabledOutputText[] = $options[$selected]; $disabledHiddenValue[] = "<input type=hidden name=\"" . $form_ele1->getName() . "\" value=\"{$selected}\">"; } } $renderedHoorvs = ""; if (count($hiddenOutOfRangeValuesToWrite) > 0) { foreach ($hiddenOutOfRangeValuesToWrite as $hoorKey => $hoorValue) { $thisHoorv = new xoopsFormHidden('formulize_hoorv_' . $true_ele_id . '_' . $hoorKey, $hoorValue); $renderedHoorvs .= $thisHoorv->render() . "\n"; unset($thisHoorv); } } if ($isDisabled) { $disabledHiddenValues = implode("\n", $disabledHiddenValue); // glue the individual value elements together into a set of values $renderedElement = implode(", ", $disabledOutputText); } elseif ($ele_value[8] == 1) { // autocomplete construction: make sure that $renderedElement is the final output of this chunk of code // write the possible values to a cached file so we can look them up easily when we need them, don't want to actually send them to the browser, since it could be huge, but don't want to replicate all the logic that has already gathered the values for us, each time there's an ajax request $cachedOptionsFileName = "formulize_Options_" . str_replace(".", "", microtime(true)); formulize_scandirAndClean(XOOPS_ROOT_PATH . "/cache/", "formulize_Options_"); $cachedOptions = fopen(XOOPS_ROOT_PATH . "/cache/{$cachedOptionsFileName}", "w"); fwrite($cachedOptions, "<?php\n\r"); $maxLength = 0; foreach ($options as $id => $text) { $thisTextLength = strlen($text); $maxLength = $thisTextLength > $maxLength ? $thisTextLength : $maxLength; //$quotedText = "\"".str_replace("\"", "\\\"", trim($text))."\""; $quotedText = "\"" . str_replace("\"", "\\\"", $text) . "\""; fwrite($cachedOptions, "if(stristr({$quotedText}, \$term)){ \$found[]='[{$quotedText},{$id}]'; }\n\r"); } fwrite($cachedOptions, "?>"); fclose($cachedOptions); //print_r($selected); print_r($options); $defaultSelected = is_array($selected) ? $selected[0] : $selected; $renderedComboBox = $renderer->formulize_renderQuickSelect($markupName, $cachedOptionsFileName, $defaultSelected, $options[$defaultSelected], $maxLength); $form_ele2 = new xoopsFormLabel($caption, $renderedComboBox); $renderedElement = $form_ele2->render(); } else { // normal element $renderedElement = $form_ele1->render(); } $form_ele = new XoopsFormLabel($caption, "<nobr>{$renderedElement}</nobr>\n{$renderedHoorvs}\n{$disabledHiddenValues}\n"); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } // end of if we have a link on our hands. -- jwe 7/29/04 return $form_ele; }
function formulize_parseFilter($filtertemp, $andor, $linkfids, $fid, $frid) { global $xoopsDB; if ($filtertemp == "") { return array(0 => array(), "", ""); } $formFieldFilterMap = array(); $whereClause = ""; $orderByClause = ""; $otherPerGroupFilterJoins = ""; $otherPerGroupFilterWhereClause = ""; $oneSideFilters = array(); // we need to capture each filter individually, just in case we need to apply them individually to each part of the query for calculations. Filters for calculations will not work right if the combination of filter terms is excessively complex, ie: includes OR'd terms across different forms in a framework, certain other complicated types of bracketing if (!is_array($filtertemp)) { $filter = array(0 => array(0 => $andor, 1 => $filtertemp)); } else { $filter = $filtertemp; } $form_handler = xoops_getmodulehandler('forms', 'formulize'); global $myts; $numSeachExps = 0; foreach ($filter as $filterParts) { // evaluate each search expression (collection of terms with a common boolean inbetween // Use the global andor setting between expressions if ($filterParts[1] == "") { continue; } // ignore filters that are empty...can happen if only OR filters are specified, and maybe at other times too if ($numSeachExps > 0) { $whereClause .= $andor; } $whereClause .= "("; $numIndivFilters = 0; foreach (explode("][", $filterParts[1]) as $indivFilter) { // evaluate each individual search term // Use the local andor setting ($filterParts[0]) between terms $ifParts = explode("/**/", $indivFilter); // FINAL NOTE ABOUT SLASHES...Oct 19 2006...patch 22 corrects this slash/magic quote mess. However, to ensure compatibility with existing Pageworks applications, we are continuing to strip out all slashes in the filterparts[1], the filter strings that are passed in, and then we apply HTML special chars to the filter so that it can match up with the contents of the DB. Only challenge is that extract.php is meant to be standalone, but we have to refer to the text sanitizer class in XOOPS in order to do the HTML special chars thing correctly. $ifParts[1] = str_replace("\\", "", $ifParts[1]); $ifParts[1] = $myts->htmlSpecialChars($ifParts[1]); // convert legacy metadata terms to new terms $ifParts[0] = $ifParts[0] == "uid" ? "creation_uid" : $ifParts[0]; $ifParts[0] = $ifParts[0] == "proxyid" ? "mod_uid" : $ifParts[0]; $ifParts[0] = $ifParts[0] == "creation_date" ? "creation_datetime" : $ifParts[0]; $ifParts[0] = $ifParts[0] == "mod_date" ? "mod_datetime" : $ifParts[0]; // set order by clause for newest operator -- assume only one newest operator per query! // does this need to be based on entry_id and not use $queryElement (which is based on ifParts[0]) ?? if (strstr($ifParts[2], "newest")) { if ($ifParts[0] == "creation_datetime" or $ifParts[0] == "mod_datetime") { $queryElement = $ifParts[0]; } else { list($ifParts[0], $formFieldFilterMap, $mappedForm, $element_id, $elementPrefix, $queryElement) = prepareElementMetaData($frid, $fid, $linkfids, $ifParts[0], $formFieldFilterMap); } $orderByClause = " ORDER BY {$queryElement} DESC LIMIT 0," . substr($ifParts[2], 6); continue; } if ($numIndivFilters > 0) { $whereClause .= $filterParts[0]; // apply local andor setting } $newWhereClause = ""; // tracks just the current iteration of this loop, so we can capture this filter and add it to the record of filters for this form lower down $whereClause .= "("; // bracket each individual component of the whereclause $operator = isset($ifParts[2]) ? $ifParts[2] : "LIKE"; if (trim($operator) == "LIKE" or trim($operator) == "NOT LIKE") { if (strlen($ifParts[1]) > 1 and (substr($ifParts[1], 0, 1) == "%" or substr($ifParts[1], -1) == "%")) { // if the query term includes % at the front or back (or both), then we let that work as the "likebits" and don't put in any ourselves $likebits = ""; } else { $likebits = "%"; } $operator = " " . $operator . " "; } else { $likebits = ""; } $quotes = (is_numeric($ifParts[1]) and !strstr(trim(strtoupper($operator)), "LIKE") or strstr(strtoupper($operator), "NULL")) ? "" : "'"; // don't put quotes around numeric queries, unless they're part of a LIKE query. Don't use quotes on the special IS NULL query either $formFieldFilterMap['creator_email'] = false; // can be set to true lower down, need to initalize it properly here if (is_numeric($ifParts[0]) and $ifParts[0] == $indivFilter) { // if this is a numeric value, then we must treat it specially $newWhereClause = "main.entry_id=" . $ifParts[0]; $mappedForm = $fid; } elseif ($ifParts[0] == "creation_uid" or $ifParts[0] == "mod_uid" or $ifParts[0] == "creation_datetime" or $ifParts[0] == "mod_datetime") { // if this is a user id field, then treat it specially if (($ifParts[0] == "creation_uid" or $ifParts[0] == "mod_uid") and !is_numeric($ifParts[1])) { // subquery the user table for the username or full name $ifParts[1] = "(SELECT uid FROM " . DBPRE . "users WHERE uname " . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes . " OR name " . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes . ")"; $quotes = ""; $operator = " = ANY "; $likebits = ""; } elseif (($ifParts[0] == "creation_uid" or $ifParts[0] == "mod_uid") and is_numeric($ifParts[1])) { // numeric uid query, so make operator = $operator = " = "; $quotes = ""; $likebits = ""; $ifParts[1] = formulize_db_escape($ifParts[1]); } else { // need to put mysql_real_escape_string around $ifParts[1] only when it's a date field, since that escaping requirement has been handled already in the subquery for uid filters $ifParts[1] = formulize_db_escape($ifParts[1]); } $newWhereClause = "main." . $ifParts[0] . $operator . $quotes . $likebits . $ifParts[1] . $likebits . $quotes; $mappedForm = $fid; } elseif ($ifParts[0] == "creator_email") { $formFieldFilterMap['creator_email'] = true; $newWhereClause = "usertable.email" . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes; $mappedForm = $fid; } elseif ($ifParts[0] == "entry_id") { $formFieldFilterMap['entry_id'] = true; $newWhereClause = "main.entry_id" . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes; $mappedForm = $fid; } else { // do non-metadata queries list($ifParts[0], $formFieldFilterMap, $mappedForm, $element_id, $elementPrefix, $queryElement) = prepareElementMetaData($frid, $fid, $linkfids, $ifParts[0], $formFieldFilterMap); // set query term for yes/no questions if ($formFieldFilterMap[$mappedForm][$element_id]['isyn']) { if (strstr(strtoupper(_formulize_TEMP_QYES), strtoupper($ifParts[1])) or strtoupper($ifParts[1]) == "YES") { // since we're matching based on even a single character match between the query and the yes/no language constants, if the current language has the same letters or letter combinations in yes and no, then sometimes only Yes may be searched for $ifParts[1] = 1; } elseif (strstr(strtoupper(_formulize_TEMP_QNO), strtoupper($ifParts[1])) or strtoupper($ifParts[1]) == "NO") { $ifParts[1] = 2; } else { $ifParts[1] = ""; } } // build the where clause.... // handle 'other' boxes // instead of doing a subquery, this could probably be redone similarly to creator_email and then we would have the "other" value in the raw query result, and then the process in prepValues would not need to requery the other table if ($formFieldFilterMap[$mappedForm][$element_id]['hasother']) { $subquery = "(SELECT id_req FROM " . DBPRE . "formulize_other WHERE ele_id=" . intval($element_id) . " AND other_text " . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes . ")"; $newWhereClause = "(({$elementPrefix}.entry_id = ANY {$subquery})OR({$queryElement} " . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes . "))"; // need to look in the other box and the main field, and return values that match in either case // handle linked selectboxes } elseif ($sourceMeta = $formFieldFilterMap[$mappedForm][$element_id]['islinked']) { // check if user is searching for blank values, and if so, then query this element directly, rather than looking in the source if ($ifParts[1] === '' or $operator == ' IS NULL ' or $operator == ' IS NOT NULL ') { $newWhereClause = "{$queryElement} " . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes; } else { // need to check if an alternative value field has been defined for use in lists or data sets and search on that field instead if (isset($formFieldFilterMap[$mappedForm][$element_id]['ele_value'][10]) and $formFieldFilterMap[$mappedForm][$element_id]['ele_value'][10][0] != "none") { list($sourceMeta[1]) = convertElementIdsToElementHandles(array($formFieldFilterMap[$mappedForm][$element_id]['ele_value'][10]), $sourceMeta[0]); // ele_value 10 is the alternate field to use for datasets and in lists } $sourceFormObject = $form_handler->get($sourceMeta[0]); if ($ifParts[1] == "PERGROUPFILTER") { // invoke the per group filter that applies to the form that we are pointing to...if XOOPS is in effect (ie: we're not included directly in other code as per Formulize 1) global $xoopsDB; if ($xoopsDB) { $form_handler = xoops_getmodulehandler('forms', 'formulize'); $otherpgfCount = count($otherPerGroupFilterJoins) + 1; $otherPerGroupFilterWhereClause[] = $form_handler->getPerGroupFilterWhereClause($sourceMeta[0], "otherpgf" . $otherpgfCount); $tempOtherPGFJoin = " LEFT JOIN " . DBPRE . "formulize_" . $sourceFormObject->getVar('form_handle') . " AS otherpgf" . $otherpgfCount . " ON "; $tempOtherPGFJoin .= " otherpgf" . $otherpgfCount . ".entry_id IN (TRIM(',' FROM {$queryElement})) "; $otherPerGroupFilterJoins[] = $tempOtherPGFJoin; } $newWhereClause = "1"; } else { // Neal's suggestion: use EXISTS...other forms of subquery using field IN subquery or subquery LIKE field, // and a CONCAT in the subquery, failed in various conditions. IN did not work with multiple selection boxes // and LIKE did not work with search terms too general to return only one match in the source form. // Exists works in all cases. :-) if (is_array($sourceMeta[1])) { // when searching a linked box which presents multiple columns, concat the columns to search if (1 == count($sourceMeta[1]) and "none" == $sourceMeta[1][0]) { // no columns were selected for display, so search all of them $search_column = convertElementIdsToElementHandles($sourceFormObject->getVar('elements'), $sourceMeta[0]); $search_column = "CONCAT_WS('', source.`" . implode("`, source.`", $search_column) . "`)"; } else { // search in the columns which were selected for display $search_column = convertElementIdsToElementHandles($sourceMeta[1], $sourceMeta[0]); $search_column = "CONCAT_WS('', source.`" . implode("`, source.`", $search_column) . "`)"; } } else { $search_column = "source.`" . $sourceMeta[1] . "`"; } $queryElementMetaData = formulize_getElementMetaData($ifParts[0], true); $ele_value = $queryElementMetaData['ele_value']; if ($ele_value[0] > 1 and $ele_value[1]) { // if the number of rows is greater than 1, and the element supports multiple selections $newWhereClause = " EXISTS (SELECT 1 FROM " . DBPRE . "formulize_" . $sourceFormObject->getVar('form_handle') . " AS source WHERE {$queryElement} LIKE CONCAT('%,',source.entry_id,',%') AND " . $search_column . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes . ")"; } else { $newWhereClause = " EXISTS (SELECT 1 FROM " . DBPRE . "formulize_" . $sourceFormObject->getVar('form_handle') . " AS source WHERE {$queryElement} = source.entry_id AND " . $search_column . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes . ")"; } } } // usernames/fullnames boxes } elseif ($listtype = $formFieldFilterMap[$mappedForm][$element_id]['isnamelist'] and $ifParts[1] !== "") { if (!is_numeric($ifParts[1])) { $preSearch = "SELECT uid FROM " . DBPRE . "users WHERE uname " . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes . " OR name " . $operator . $quotes . $likebits . formulize_db_escape($ifParts[1]) . $likebits . $quotes; // search name and uname, since often name might be empty these days } else { $preSearch = "SELECT uid FROM " . DBPRE . "users WHERE uid " . $operator . $quotes . $likebits . $ifParts[1] . $likebits . $quotes; } $preSearchResult = $xoopsDB->query($preSearch); if ($xoopsDB->getRowsNum($preSearchResult) > 0) { $nameSearchStart = true; while ($preSearchArray = $xoopsDB->fetchArray($preSearchResult)) { if (!$nameSearchStart) { $newWhereClause .= "OR"; } else { $newWhereClause = " ("; $nameSearchStart = false; } if (formulize_selectboxAllowsMultipleSelections($element_id)) { $newWhereClause .= " (({$queryElement} LIKE '%*=+*:" . $preSearchArray['uid'] . "*=+*:%' OR {$queryElement} LIKE '%*=+*:" . $preSearchArray['uid'] . "') OR {$queryElement} = " . $preSearchArray['uid'] . ") "; // could this be further optimized to remove the = condition, and only use the LIKEs? We need to check if a multiselection-capable box still uses the delimiter string when only one value is selected...I think it does. } else { $newWhereClause .= " {$queryElement} = " . $preSearchArray['uid'] . " "; } } if (!$nameSearchStart) { $newWhereClause .= ") "; } } else { $newWhereClause = "main.entry_id<0"; // no matches, so result set should be empty, so set a where clause that will return zero results } // regular whereclause } else { // check if there's any conversion necessary from what the user typed into a special value that will work in the database $searchTerm = $ifParts[1]; $searchTermToUse = ""; if (file_exists(XOOPS_ROOT_PATH . "/modules/formulize/class/" . $formFieldFilterMap[$mappedForm][$element_id]['ele_type'] . "Element.php")) { $customTypeHandler = xoops_getmodulehandler($formFieldFilterMap[$mappedForm][$element_id]['ele_type'] . "Element", 'formulize'); if (trim($operator) == "LIKE" or trim($operator) == "NOT LIKE") { $searchTerm = $customTypeHandler->prepareLiteralTextForDB($ifParts[1], $customTypeHandler->get($element_id), true); // true means partial matching is in effect if (is_array($searchTerm) and count($searchTerm) > 1) { // method has returned a list of complete values in the database that match the term, so we need to construct an OR series to match this value in the database $searchTermToUse = " ("; $start = true; foreach ($searchTerm as $thisTerm) { if (!$start) { $searchTermToUse .= " OR "; } $searchTermToUse .= "{$queryElement} " . $operator . $quotes . $likebits . $thisTerm . $likebits . $quotes; $start = false; } $searchTermToUse .= ") "; } elseif (is_array($searchTerm)) { $searchTerm = $searchTerm[0]; } } else { $searchTerm = $customTypeHandler->prepareLiteralTextForDB($ifParts[1], $customTypeHandler->get($element_id)); } } if ($searchTerm === $ifParts[1]) { // no change, so let's escape it, otherwise the prepareLiteralTextForDB method should have returned a safe value $searchTerm = formulize_db_escape($ifParts[1]); } if ($searchTerm !== false) { if ($searchTermToUse) { // set as an override value in certain cases above $newWhereClause = $searchTermToUse; } else { // could/should put better handling in here of multiple value boxes, so = operators actually only look for matches within the individual values?? Is that possible? $newWhereClause = "{$queryElement} " . $operator . $quotes . $likebits . $searchTerm . $likebits . $quotes; } } else { $newWhereClause = "({$queryElement} = 1 AND {$queryElement} = 2)"; // impossible condition, since no values were found that match the user's states search terms (false or nothing must have been passed back from the prepareLiteralTextForDB method) } } } $whereClause .= $newWhereClause; if (count($oneSideFilters[$mappedForm][strtolower(trim($filterParts[0]))]) == 0) { $oneSideFilters[$mappedForm][strtolower(trim($filterParts[0]))] = " {$newWhereClause} "; // don't add the local andor on the first term for a form } else { $oneSideFilters[$mappedForm][strtolower(trim($filterParts[0]))] .= " " . $filterParts[0] . " {$newWhereClause} "; } $whereClause .= ")"; $numIndivFilters++; } if ($whereClause == "(") { // if no contents for the whereclause where generated...make a fake contents (should only happen if the only filter term passed in is a newest operator) $whereClause .= "main.entry_id>0"; } $whereClause .= ")"; $numSeachExps++; } $otherPerGroupFilterJoins = is_array($otherPerGroupFilterJoins) ? implode(" ", $otherPerGroupFilterJoins) : ""; $otherPerGroupFilterWhereClause = is_array($otherPerGroupFilterWhereClause) ? implode(" ", $otherPerGroupFilterWhereClause) : ""; return array(0 => $formFieldFilterMap, 1 => $whereClause, 2 => $orderByClause, 3 => $oneSideFilters, 4 => $otherPerGroupFilterJoins, 5 => $otherPerGroupFilterWhereClause); }
function calcHandle($value, $fid) { $handle = convertElementIdsToElementHandles($value, $fid); return $handle[0]; }
function constructElement($form_ele_id, $ele_value, $entry, $isDisabled = false, $screen = null) { if (strstr(getCurrentURL(), "printview.php")) { $isDisabled = true; // disabled all elements if we're on the printable view } global $xoopsUser, $xoopsModuleConfig, $separ, $myts; $myts =& MyTextSanitizer::getInstance(); // $form_ele_id contains the ele_id of the current link select box, but we have to remove "ele_" from the front of it. //print "form_ele_id: $form_ele_id<br>"; // debug code if (strstr($form_ele_id, "de_")) { // display element uses a slightly different element name so it can be distinguished on subsequent page load from regular elements...THIS IS NOT TRUE/NECESSARY ANYMORE SINCE FORMULIZE 3, WHERE ALL ELEMENTS ARE DISPLAY ELEMENTS $true_ele_id = str_replace("de_" . $this->_ele->getVar('id_form') . "_" . $entry . "_", "", $form_ele_id); $displayElementInEffect = true; } else { $true_ele_id = str_replace("ele_", "", $form_ele_id); $displayElementInEffect = false; } // added July 6 2005. if (!$xoopsModuleConfig['delimeter']) { // assume that we're accessing a form from outside the Formulize module, therefore the Formulize delimiter setting is not available, so we have to query for it directly. global $xoopsDB; $delimq = q("SELECT conf_value FROM " . $xoopsDB->prefix("config") . ", " . $xoopsDB->prefix("modules") . " WHERE " . $xoopsDB->prefix("modules") . ".mid=" . $xoopsDB->prefix("config") . ".conf_modid AND " . $xoopsDB->prefix("modules") . ".dirname=\"formulize\" AND " . $xoopsDB->prefix("config") . ".conf_name=\"delimeter\""); $delimSetting = $delimq[0]['conf_value']; } else { $delimSetting = $xoopsModuleConfig['delimeter']; } $customElementHasData = false; $id_form = $this->_ele->getVar('id_form'); $ele_caption = $this->_ele->getVar('ele_caption', 'e'); $ele_caption = preg_replace('/\\{SEPAR\\}/', '', $ele_caption); // $ele_caption = stripslashes($ele_caption); // next line commented out to accomodate passing of ele_value from index.php // $ele_value = $this->_ele->getVar('ele_value'); $ele_type = $this->_ele->getVar('ele_type'); // call the text sanitizer, first try to convert HTML chars, and if there were no conversions, then do a textarea conversion to automatically make links clickable $ele_caption = trans($ele_caption); $htmlCaption = htmlspecialchars_decode($myts->undoHtmlSpecialChars($ele_caption)); // do twice, because we need to handle &lt; and other stupid stuff...do first time through XOOPS myts just because it might be doing a couple extra things that are useful...can probably just use PHP's own filter twice, not too big a deal if ($htmlCaption == $ele_caption) { $ele_caption = $myts->displayTarea($ele_caption); } else { $ele_caption = $htmlCaption; } $ele_caption = $this->formulize_replaceCurlyBracketVariables($ele_caption, $entry, $id_form); // ele_desc added June 6 2006 -- jwe $ele_desc = $this->_ele->getVar('ele_desc', "f"); // the f causes no stupid reformatting by the ICMS core to take place // determine the entry owner if ($entry != "new") { $owner = getEntryOwner($entry, $id_form); } else { $owner = $xoopsUser ? $xoopsUser->getVar('uid') : 0; } // setup the previous entry UI if necessary -- this is an option that can be specified for certain screens $previousEntryUI = ""; if ($screen and $ele_type != "derived") { if ($screen->getVar('paraentryform') > 0) { $previousEntryUI = $this->formulize_setupPreviousEntryUI($screen, $true_ele_id, $ele_type, $owner, $displayElementInEffect, $entry, $this->_ele->getVar('ele_handle'), $this->_ele->getVar('id_form')); } } $form_handler = xoops_getmodulehandler('forms', 'formulize'); $formObject = $form_handler->get($id_form); switch ($ele_type) { case 'derived': if ($entry != "new") { $form_ele = new xoopsFormLabel($this->_ele->getVar('ele_caption'), formulize_numberFormat($ele_value[5], $this->_ele->getVar('ele_handle'))); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } else { $form_ele = new xoopsFormLabel($this->_ele->getVar('ele_caption'), _formulize_VALUE_WILL_BE_CALCULATED_AFTER_SAVE); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } break; case 'ib': if (get_magic_quotes_gpc()) { $ele_value[0] = stripslashes($ele_value[0]); } if (trim($ele_value[0]) == "") { $ele_value[0] = $ele_caption; } if (strstr($ele_value[0], "\$value=") or strstr($ele_value[0], "\$value =")) { $form_id = $id_form; $entry_id = $entry; $entryData = $this->formulize_getCachedEntryData($id_form, $entry); $creation_datetime = display($entryData, "creation_datetime"); $evalResult = eval($ele_value[0]); if ($evalResult === false) { $ele_value[0] = _formulize_ERROR_IN_LEFTRIGHT; } else { $ele_value[0] = $value; // value is supposed to be the thing set in the eval'd code } } $ele_value[0] = $this->formulize_replaceCurlyBracketVariables($ele_value[0], $entry, $id_form); $form_ele = $ele_value; // an array, item 0 is the contents of the break, item 1 is the class of the table cell (for when the form is table rendered) break; case 'text': $ele_value[2] = stripslashes($ele_value[2]); // $ele_value[2] = $myts->displayTarea($ele_value[2]); // commented by jwe 12/14/04 so that info displayed for viewing in a form box does not contain HTML formatting $ele_value[2] = getTextboxDefault($ele_value[2], $id_form, $entry); //if placeholder value is set if ($ele_value[11]) { $placeholder = $ele_value[2]; $ele_value[2] = ""; } if (!strstr(getCurrentURL(), "printview.php")) { // nmc 2007.03.24 - added $form_ele = new XoopsFormText($ele_caption, $form_ele_id, $ele_value[0], $ele_value[1], $ele_value[2]); } else { // nmc 2007.03.24 - added $form_ele = new XoopsFormLabel($ele_caption, formulize_numberFormat($ele_value[2], $this->_ele->getVar('ele_handle'))); // nmc 2007.03.24 - added } //if placeholder value is set if ($ele_value[11]) { $form_ele->setExtra("placeholder='" . $placeholder . "'"); } //if numbers-only option is set if ($ele_value[3]) { $form_ele->setExtra("class='numbers-only-textbox'"); } // if required unique option is set, create validation javascript that will ask the database if the value is unique or not if ($ele_value[9]) { $eltname = $form_ele_id; $eltcaption = $ele_caption; $eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption); $eltmsg = str_replace('"', '\\"', stripslashes($eltmsg)); $eltmsgUnique = empty($eltcaption) ? sprintf(_formulize_REQUIRED_UNIQUE, $eltname) : sprintf(_formulize_REQUIRED_UNIQUE, $eltcaption); if ($this->_ele->getVar('ele_req')) { // need to manually handle required setting, since only one validation routine can run for an element, so we need to include required checking in this unique checking routine, if the user selected required too $form_ele->customValidationCode[] = "\nif ( myform.{$eltname}.value == '' ) {\n"; $form_ele->customValidationCode[] = "window.alert(\"{$eltmsg}\");\n myform.{$eltname}.focus();\n return false;\n"; $form_ele->customValidationCode[] = "}\n"; } $form_ele->customValidationCode[] = "if(formulize_xhr_returned_check_for_unique_value != 'notreturned') {\n"; // a value has already been returned from xhr, so let's check that out... $form_ele->customValidationCode[] = "if(formulize_xhr_returned_check_for_unique_value != 'valuenotfound') {\n"; // request has come back, form has been resubmitted, but the check turned up postive, ie: value is not unique, so we have to halt submission , and reset the check for unique flag so we can check again when the user has typed again and is ready to submit $form_ele->customValidationCode[] = "window.alert(\"{$eltmsgUnique}\");\n"; $form_ele->customValidationCode[] = "formulize_xhr_returned_check_for_unique_value = 'notreturned'\n"; $form_ele->customValidationCode[] = "myform.{$eltname}.focus();\n return false;\n"; $form_ele->customValidationCode[] = "}\n"; $form_ele->customValidationCode[] = "} else {\n"; // do not submit the form, just send off the request, which will trigger a resubmission after setting the returned flag above to true so that we won't send again on resubmission $form_ele->customValidationCode[] = "\nvar formulize_xhr_params = []\n"; $form_ele->customValidationCode[] = "formulize_xhr_params[0] = myform.{$eltname}.value;\n"; $form_ele->customValidationCode[] = "formulize_xhr_params[1] = " . $this->_ele->getVar('ele_id') . ";\n"; $xhr_entry_to_send = is_numeric($entry) ? $entry : 0; $form_ele->customValidationCode[] = "formulize_xhr_params[2] = " . $xhr_entry_to_send . ";\n"; $form_ele->customValidationCode[] = "formulize_xhr_send('check_for_unique_value', formulize_xhr_params);\n"; $form_ele->customValidationCode[] = "return false;\n"; $form_ele->customValidationCode[] = "}\n"; } elseif ($this->_ele->getVar('ele_req') and !$isDisabled) { $eltname = $form_ele_id; $eltcaption = $ele_caption; $eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption); $eltmsg = str_replace('"', '\\"', stripslashes($eltmsg)); $form_ele->customValidationCode[] = "if (myform.{$eltname}.value == \"\") { window.alert(\"{$eltmsg}\"); myform.{$eltname}.focus(); return false; }"; } break; case 'textarea': $ele_value[0] = stripslashes($ele_value[0]); // $ele_value[0] = $myts->displayTarea($ele_value[0]); // commented by jwe 12/14/04 so that info displayed for viewing in a form box does not contain HTML formatting $ele_value[0] = getTextboxDefault($ele_value[0], $id_form, $entry); if (!strstr(getCurrentURL(), "printview.php") and !$isDisabled) { // nmc 2007.03.24 - added if (isset($ele_value['use_rich_text']) and $ele_value['use_rich_text']) { include_once XOOPS_ROOT_PATH . "/class/xoopsform/formeditor.php"; $form_ele = new XoopsFormEditor($ele_caption, 'FCKeditor', $editor_configs = array("name" => $form_ele_id, "value" => $ele_value[0]), $noHtml = false, $OnFailure = ""); $eltname = $form_ele_id; $eltcaption = $ele_caption; $eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption); $eltmsg = str_replace('"', '\\"', stripslashes($eltmsg)); $form_ele->customValidationCode[] = "\n var FCKGetInstance = FCKeditorAPI.GetInstance('{$form_ele_id}');\n"; $form_ele->customValidationCode[] = "var getText = FCKGetInstance.EditorDocument.body.innerHTML; \n"; $form_ele->customValidationCode[] = "var StripTag = getText.replace(/(<([^>]+)>)/ig,''); \n"; $form_ele->customValidationCode[] = "if(StripTag=='' || StripTag==' ') {\n"; $form_ele->customValidationCode[] = "window.alert(\"{$eltmsg}\");\n FCKGetInstance.Focus();\n return false;\n"; $form_ele->customValidationCode[] = "}\n"; $GLOBALS['formulize_fckEditors'] = true; } else { $form_ele = new XoopsFormTextArea($ele_caption, $form_ele_id, $ele_value[0], $ele_value[1], $ele_value[2]); } } else { // nmc 2007.03.24 - added $form_ele = new XoopsFormLabel($ele_caption, str_replace("\n", "<br>", undoAllHTMLChars($ele_value[0], ENT_QUOTES))); // nmc 2007.03.24 - added } break; case 'areamodif': if (strstr($ele_value[0], "\$value=") or strstr($ele_value[0], "\$value =")) { $form_id = $id_form; $entry_id = $entry; $entryData = $this->formulize_getCachedEntryData($id_form, $entry); $creation_datetime = display($entryData, "creation_datetime"); $evalResult = eval($ele_value[0]); if ($evalResult === false) { $ele_value[0] = _formulize_ERROR_IN_LEFTRIGHT; } else { $ele_value[0] = $value; // value is supposed to be the thing set in the eval'd code } } $ele_value[0] = $this->formulize_replaceCurlyBracketVariables($ele_value[0], $entry, $id_form); $form_ele = new XoopsFormLabel($ele_caption, $ele_value[0]); break; case 'select': if (is_string($ele_value[2]) and strstr($ele_value[2], "#*=:*")) { // new process for handling links...May 10 2008...new datastructure for formulize 3.0 $boxproperties = explode("#*=:*", $ele_value[2]); $sourceFid = $boxproperties[0]; $sourceHandle = $boxproperties[1]; $sourceEntryIds = explode(",", trim($boxproperties[2], ",")); // grab the user's groups and the module id global $regcode; if ($regcode) { // if we're dealing with a registration code, determine group membership based on the code $reggroupsq = q("SELECT reg_codes_groups FROM " . XOOPS_DB_PREFIX . "_reg_codes WHERE reg_codes_code=\"{$regcode}\""); $groups = explode("&8(%\$", $reggroupsq[0]['reg_codes_groups']); if ($groups[0] === "") { unset($groups); } // if a code has no groups associated with it, then kill the null value that will be in position 0 in the groups array. $groups[] = XOOPS_GROUP_USERS; $groups[] = XOOPS_GROUP_ANONYMOUS; } else { $groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS); } $module_id = getFormulizeModId(); global $xoopsDB; $pgroups = array(); // handle new linkscope option -- August 30 2006 $emptylist = false; if ($ele_value[3]) { $scopegroups = explode(",", $ele_value[3]); if (!in_array("all", $scopegroups)) { if ($ele_value[4]) { // limit by user's groups foreach ($groups as $gid) { // want to loop so we can get rid of reg users group simply if ($gid == XOOPS_GROUP_USERS) { continue; } if (in_array($gid, $scopegroups)) { $pgroups[] = $gid; } } } else { // just use scopegroups $pgroups = $scopegroups; } if (count($pgroups) == 0) { // specific scope was specified, and nothing found, so we should show nothing $emptylist = true; } } else { if ($ele_value[4]) { // all groups selected, but limiting by user's groups is turned on foreach ($groups as $gid) { // want to loop so we can get rid of reg users group simply if ($gid == XOOPS_GROUP_USERS) { continue; } $pgroups[] = $gid; } } else { // all groups should be used unset($pgroups); $allgroupsq = q("SELECT groupid FROM " . $xoopsDB->prefix("groups")); // . " WHERE groupid != " . XOOPS_GROUP_USERS); // use all groups now, if all groups are picked, with no restrictions on membership or anything, then use all groups foreach ($allgroupsq as $thisgid) { $pgroups[] = $thisgid['groupid']; } } } } // Note: OLD WAY: if no groups were found, then pguidq will be empty and so all entries will be shown, no restrictions // NEW WAY: if a specific group(s) was specified, and no match with the current user was found, then we return an empty list array_unique($pgroups); // remove duplicate groups from the list if ($ele_value[6] and count($pgroups) > 0) { $pgroupsfilter = " ("; $start = true; foreach ($pgroups as $thisPgroup) { if (!$start) { $pgroupsfilter .= " AND "; } $pgroupsfilter .= "EXISTS(SELECT 1 FROM " . $xoopsDB->prefix("formulize_entry_owner_groups") . " AS t2 WHERE t2.groupid={$thisPgroup} AND t2.fid={$sourceFid} AND t2.entry_id=t1.entry_id)"; $start = false; } $pgroupsfilter .= ")"; } elseif (count($pgroups) > 0) { $pgroupsfilter = " t2.groupid IN (" . formulize_db_escape(implode(",", $pgroups)) . ") AND t2.entry_id=t1.entry_id AND t2.fid={$sourceFid}"; } else { $pgroupsfilter = ""; } $sourceFormObject = $form_handler->get($sourceFid); list($conditionsfilter, $conditionsfilter_oom, $parentFormFrom) = buildConditionsFilterSQL($ele_value[5], $sourceFid, $entry, $owner, $formObject, "t1"); // if there is a restriction in effect, then add some SQL to reject options that have already been selected ?? $restrictSQL = ""; if ($ele_value[9]) { $t4_ele_value = $this->_ele->getVar('ele_value'); if ($t4_ele_value[1]) { // allows multiple selections $restrictSQL = " AND (\n\t\t\t\t\t\tNOT EXISTS (\n\t\t\t\t\t\tSELECT 1 FROM " . $xoopsDB->prefix("formulize_" . $formObject->getVar('form_handle')) . " AS t4 WHERE t4.`" . $this->_ele->getVar('ele_handle') . "` LIKE CONCAT( '%,', t1.`entry_id` , ',%' ) AND t4.entry_id != " . intval($entry); } else { $restrictSQL = " AND (\n NOT EXISTS (\n SELECT 1 FROM " . $xoopsDB->prefix("formulize_" . $formObject->getVar('form_handle')) . " AS t4 WHERE t4.`" . $this->_ele->getVar('ele_handle') . "` = t1.`entry_id` AND t4.entry_id != " . intval($entry); $restrictSQL .= $this->addEntryRestrictionSQL($ele_value[9], $id_form, $groups); // pass in the flag about restriction scope, and the form id, and the groups $restrictSQL .= " ) OR EXISTS (\n SELECT 1 FROM " . $xoopsDB->prefix("formulize_" . $formObject->getVar('form_handle')) . " AS t4 WHERE t4.`" . $this->_ele->getVar('ele_handle') . "` = t1.`entry_id` AND t4.entry_id = " . intval($entry); } $restrictSQL .= $this->addEntryRestrictionSQL($ele_value[9], $id_form, $groups); // pass in the flag about restriction scope, and the form id, and the groups $restrictSQL .= " ) OR EXISTS (\n\t\t\t\t\t\tSELECT 1 FROM " . $xoopsDB->prefix("formulize_" . $formObject->getVar('form_handle')) . " AS t4 WHERE t4.`" . $this->_ele->getVar('ele_handle') . "` LIKE CONCAT( '%,', t1.`entry_id` , ',%' ) AND t4.entry_id = " . intval($entry); $restrictSQL .= $this->addEntryRestrictionSQL($ele_value[9], $id_form, $groups); $restrictSQL .= ") )"; } static $cachedSourceValuesQ = array(); static $cachedSourceValuesAutocompleteFile = array(); static $cachedSourceValuesAutocompleteLength = array(); // setup the sort order based on ele_value[12], which is an element id number $sortOrder = $ele_value[15] == 2 ? " DESC" : "ASC"; if ($ele_value[12] == "none" or !$ele_value[12]) { $sortOrderClause = " ORDER BY t1.`{$sourceHandle}` {$sortOrder}"; } else { list($sortHandle) = convertElementIdsToElementHandles(array($ele_value[12]), $sourceFormObject->getVar('id_form')); $sortOrderClause = " ORDER BY t1.`{$sortHandle}` {$sortOrder}"; } // if no extra elements are selected for display as a form element, then display the linked element if (0 == count($ele_value[EV_MULTIPLE_FORM_COLUMNS]) or $ele_value[EV_MULTIPLE_FORM_COLUMNS][0] == 'none') { $linked_columns = array($boxproperties[1]); } else { $linked_columns = convertElementIdsToElementHandles($ele_value[EV_MULTIPLE_FORM_COLUMNS], $sourceFormObject->getVar('id_form')); // remove empty entries, which can happen if the "use the linked field selected above" option is selected $linked_columns = array_filter($linked_columns); } if (is_array($linked_columns)) { $select_column = "t1.`" . implode("`, t1.`", $linked_columns) . "`"; } else { $select_column = "t1.`{$linked_columns}`"; // in this case, it's just one linked column } // if there is a groups filter, then join to the group ownership table $extra_clause = ""; if ($pgroupsfilter) { $extra_clause = ", " . $xoopsDB->prefix("formulize_entry_owner_groups") . " AS t2 {$parentFormFrom} WHERE {$pgroupsfilter}"; } else { $extra_clause = " {$parentFormFrom} WHERE t1.entry_id>0"; } $sourceValuesQ = "SELECT t1.entry_id, " . $select_column . " FROM " . $xoopsDB->prefix("formulize_" . $sourceFormObject->getVar('form_handle')) . " AS t1" . $extra_clause . "{$conditionsfilter} {$conditionsfilter_oom} {$restrictSQL}" . "GROUP BY t1.entry_id {$sortOrderClause}"; if (!$isDisabled) { // set the default selections, based on the entry_ids that have been selected as the defaults, if applicable $hasNoValues = trim($boxproperties[2]) == "" ? true : false; $useDefaultsWhenEntryHasNoValue = $ele_value[14]; if (($entry == "new" or $useDefaultsWhenEntryHasNoValue and $hasNoValues) and (is_array($ele_value[13]) and count($ele_value[13]) > 0 or $ele_value[13])) { $defaultSelected = $ele_value[13]; } else { $defaultSelected = ""; } $form_ele = new XoopsFormSelect($ele_caption, $form_ele_id, $defaultSelected, $ele_value[0], $ele_value[1]); $form_ele->setExtra("onchange=\"javascript:formulizechanged=1;\" jquerytag='{$form_ele_id}'"); if ($ele_value[0] == 1) { // add the initial default entry, singular or plural based on whether the box is one line or not. $form_ele->addOption("none", _AM_FORMLINK_PICK); } } else { $disabledHiddenValue = array(); $disabledOutputText = array(); } if (!isset($cachedSourceValuesQ[$sourceValuesQ])) { $element_handler = xoops_getmodulehandler('elements', 'formulize'); $sourceElementObject = $element_handler->get($boxproperties[1]); if ($sourceElementObject->isLinked) { // need to jump one more level back to get value that this value is pointing at $sourceEleValue = $sourceElementObject->getVar('ele_value'); $originalSource = explode("#*=:*", $sourceEleValue[2]); include_once XOOPS_ROOT_PATH . "/modules/formulize/class/data.php"; $data_handler = new formulizeDataHandler($originalSource[0]); } $reslinkedvaluesq = $xoopsDB->query($sourceValuesQ); if ($reslinkedvaluesq) { $linked_column_count = count($linked_columns); while ($rowlinkedvaluesq = $xoopsDB->fetchRow($reslinkedvaluesq)) { $linked_column_values = array(); foreach (range(1, $linked_column_count) as $linked_column_index) { if ($rowlinkedvaluesq[$linked_column_index] === "") { $linked_column_values[] = ""; } else { if ($sourceElementObject->isLinked) { $linked_value = prepvalues($rowlinkedvaluesq[$linked_column_index], $boxproperties[1], $rowlinkedvaluesq[0]); $linked_column_values[] = $linked_value[0]; } else { $linked_column_values[] = strip_tags(trim($rowlinkedvaluesq[$linked_column_index])); } } } $linkedElementOptions[$rowlinkedvaluesq[0]] = implode(" - ", $linked_column_values); } } $cachedSourceValuesQ[$sourceValuesQ] = $linkedElementOptions; /* ALTERED - 20100318 - freeform - jeff/julian - start */ if (!$isDisabled and $ele_value[8] == 1) { // write the possible values to a cached file so we can look them up easily when we need them, don't want to actually send them to the browser, since it could be huge, but don't want to replicate all the logic that has already gathered the values for us, each time there's an ajax request $cachedLinkedOptionsFileName = "formulize_linkedOptions_" . str_replace(".", "", microtime(true)); formulize_scandirAndClean(XOOPS_ROOT_PATH . "/cache/", "formulize_linkedOptions_"); $maxLength = 10; $the_values = array(); asort($linkedElementOptions); foreach ($linkedElementOptions as $id => $text) { $the_values[$id] = trans($text); $thisTextLength = strlen($text); $maxLength = $thisTextLength > $maxLength ? $thisTextLength : $maxLength; } file_put_contents(XOOPS_ROOT_PATH . "/cache/{$cachedLinkedOptionsFileName}", "<?php\n\${$cachedLinkedOptionsFileName} = " . var_export($the_values, true) . ";\n"); $cachedSourceValuesAutocompleteFile[$sourceValuesQ] = $cachedLinkedOptionsFileName; $cachedSourceValuesAutocompleteLength[$sourceValuesQ] = $maxLength; } } if ($boxproperties[2]) { $default_value = $boxproperties[2]; $default_value_user = $cachedSourceValuesQ[$sourceValuesQ][$boxproperties[2]]; } // if we're rendering an autocomplete box if (!$isDisabled and $ele_value[8] == 1) { $renderedComboBox = $this->formulize_renderQuickSelect($form_ele_id, $cachedSourceValuesAutocompleteFile[$sourceValuesQ], $default_value, $default_value_user, $cachedSourceValuesAutocompleteLength[$sourceValuesQ]); $form_ele = new xoopsFormLabel($ele_caption, $renderedComboBox); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } elseif ($isDisabled) { $disabledOutputText[] = $default_value_user; } // only do this if we're rendering a normal element, that is not disabled if (!$isDisabled and $ele_value[8] == 0) { $form_ele->addOptionArray($cachedSourceValuesQ[$sourceValuesQ]); } // only do this if we're rendering a normal element (may be disabled) if ($ele_value[8] == 0) { foreach ($sourceEntryIds as $thisEntryId) { if (!$isDisabled) { $form_ele->setValue($thisEntryId); } else { $disabledName = $ele_value[1] ? $form_ele_id . "[]" : $form_ele_id; $disabledHiddenValue[] = "<input type=hidden name=\"{$disabledName}\" value=\"{$thisEntryId}\">"; $disabledOutputText[] = $cachedSourceValuesQ[$sourceValuesQ][$thisEntryId]; // the text value of the option(s) that are currently selected } } } if ($isDisabled) { $form_ele = new XoopsFormLabel($ele_caption, implode(", ", $disabledOutputText) . implode("\n", $disabledHiddenValue)); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } elseif ($ele_value[8] == 0) { // this is a hack because the size attribute is private and only has a getSize and not a setSize, setting the size can only be done through the constructor $count = count($form_ele->getOptions()); $size = $ele_value[0]; $new_size = $count < $size ? $count : $size; $form_ele->_size = $new_size; } /* ALTERED - 20100318 - freeform - jeff/julian - stop */ } else { $selected = array(); $options = array(); $disabledOutputText = array(); $disabledHiddenValue = array(); $disabledHiddenValues = ""; // add the initial default entry, singular or plural based on whether the box is one line or not. if ($ele_value[0] == 1) { $options["none"] = _AM_FORMLINK_PICK; } // set opt_count to 1 if the box is NOT a multiple selection box. -- jwe 7/26/04 if ($ele_value[1]) { $opt_count = 0; } else { $opt_count = 1; } $hiddenOutOfRangeValuesToWrite = array(); while (is_array($ele_value[2]) and $i = each($ele_value[2])) { // handle requests for full names or usernames -- will only kick in if there is no saved value (otherwise ele_value will have been rewritten by the loadValues function in the form display // note: if the user is about to make a proxy entry, then the list of users displayed will be from their own groups, but not from the groups of the user they are about to make a proxy entry for. ie: until the proxy user is known, the choice of users for this list can only be based on the current user. This could lead to confusing or buggy situations, such as users being selected who are outside the groups of the proxy user (who will become the owner) and so there will be an invalid value stored for this element in the db. if ($i['key'] === "{FULLNAMES}" or $i['key'] === "{USERNAMES}") { // ADDED June 18 2005 to handle pulling in usernames for the user's group(s) if ($i['key'] === "{FULLNAMES}") { $nametype = "name"; } if ($i['key'] === "{USERNAMES}") { $nametype = "uname"; } if (isset($ele_value[2]['{OWNERGROUPS}'])) { $groups = $ele_value[2]['{OWNERGROUPS}']; } else { global $regcode; if ($regcode) { // if we're dealing with a registration code, determine group membership based on the code $reggroupsq = q("SELECT reg_codes_groups FROM " . XOOPS_DB_PREFIX . "_reg_codes WHERE reg_codes_code=\"{$regcode}\""); $groups = explode("&8(%\$", $reggroupsq[0]['reg_codes_groups']); if ($groups[0] === "") { unset($groups); } // if a code has no groups associated with it, then kill the null value that will be in position 0 in the groups array. $groups[] = XOOPS_GROUP_USERS; $groups[] = XOOPS_GROUP_ANONYMOUS; } else { global $xoopsUser; $groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS); } } $pgroups = array(); $declaredUsersGroups = $groups; if ($ele_value[3]) { $scopegroups = explode(",", $ele_value[3]); if (!in_array("all", $scopegroups)) { $groups = $scopegroups; } else { // use all if (!$ele_value[4]) { // really use all (otherwise, we're just going with all user's groups, so existing value of $groups will be okay unset($groups); global $xoopsDB; $allgroupsq = q("SELECT groupid FROM " . $xoopsDB->prefix("groups")); // . " WHERE groupid != " . XOOPS_GROUP_USERS); // removed exclusion of registered users group March 18 2009, since it doesn't make sense in this situation. All groups should mean everyone, period. foreach ($allgroupsq as $thisgid) { $groups[] = $thisgid['groupid']; } } } } $namelist = gatherNames($groups, $nametype, $ele_value[6], $ele_value[5], $ele_value[4], $declaredUsersGroups); foreach ($namelist as $auid => $aname) { $options[$auid] = $aname; } } elseif ($i['key'] === "{SELECTEDNAMES}") { // loadValue in formDisplay will create a second option with this key that contains an array of the selected values $selected = $i['value']; } elseif ($i['key'] === "{OWNERGROUPS}") { // do nothing with this piece of metadata that gets set in loadValue, since it's used above } else { // regular selection list.... $options[$opt_count] = $myts->stripSlashesGPC($i['key']); if (strstr($i['key'], _formulize_OUTOFRANGE_DATA)) { $hiddenOutOfRangeValuesToWrite[$opt_count] = str_replace(_formulize_OUTOFRANGE_DATA, "", $i['key']); // if this is an out of range value, grab the actual value so we can stick it in a hidden element later } if ($i['value'] > 0) { $selected[] = $opt_count; } $opt_count++; } } $count = count($options); $size = $ele_value[0]; $final_size = $count < $size ? $count : $size; $form_ele1 = new XoopsFormSelect($ele_caption, $form_ele_id, $selected, $final_size, $ele_value[1]); $form_ele1->setExtra("onchange=\"javascript:formulizechanged=1;\" jquerytag='{$form_ele_id}'"); // must check the options for uitext before adding to the element -- aug 25, 2007 foreach ($options as $okey => $ovalue) { $options[$okey] = formulize_swapUIText($ovalue, $this->_ele->getVar('ele_uitext')); } $form_ele1->addOptionArray($options); if ($selected) { if (is_array($selected)) { $hiddenElementName = $ele_value[1] ? $form_ele1->getName() . "[]" : $form_ele1->getName(); foreach ($selected as $thisSelected) { $disabledOutputText[] = $options[$thisSelected]; $disabledHiddenValue[] = "<input type=hidden name=\"{$hiddenElementName}\" value=\"{$thisSelected}\">"; } } elseif ($ele_value[1]) { // need to keep [] in the hidden element name if multiple values are expected, even if only one is chosen $disabledOutputText[] = $options[$selected]; $disabledHiddenValue[] = "<input type=hidden name=\"" . $form_ele1->getName() . "[]\" value=\"{$selected}\">"; } else { $disabledOutputText[] = $options[$selected]; $disabledHiddenValue[] = "<input type=hidden name=\"" . $form_ele1->getName() . "\" value=\"{$selected}\">"; } } $renderedHoorvs = ""; if (count($hiddenOutOfRangeValuesToWrite) > 0) { foreach ($hiddenOutOfRangeValuesToWrite as $hoorKey => $hoorValue) { $thisHoorv = new xoopsFormHidden('formulize_hoorv_' . $true_ele_id . '_' . $hoorKey, $hoorValue); $renderedHoorvs .= $thisHoorv->render() . "\n"; unset($thisHoorv); } } if ($isDisabled) { $disabledHiddenValues = implode("\n", $disabledHiddenValue); // glue the individual value elements together into a set of values $renderedElement = implode(", ", $disabledOutputText); } elseif ($ele_value[8] == 1) { // autocomplete construction: make sure that $renderedElement is the final output of this chunk of code // write the possible values to a cached file so we can look them up easily when we need them, //don't want to actually send them to the browser, since it could be huge, //but don't want to replicate all the logic that has already gathered the values for us, each time there's an ajax request $cachedLinkedOptionsFileName = "formulize_Options_" . str_replace(".", "", microtime(true)); formulize_scandirAndClean(XOOPS_ROOT_PATH . "/cache/", "formulize_Options_"); $maxLength = 10; $the_values = array(); foreach ($options as $id => $text) { $the_values[$id] = trans($text); $thisTextLength = strlen($the_values[$id]); $maxLength = $thisTextLength > $maxLength ? $thisTextLength : $maxLength; } file_put_contents(XOOPS_ROOT_PATH . "/cache/{$cachedLinkedOptionsFileName}", "<?php\n\${$cachedLinkedOptionsFileName} = " . var_export($the_values, true) . ";\n"); $defaultSelected = is_array($selected) ? $selected[0] : $selected; $renderedComboBox = $this->formulize_renderQuickSelect($form_ele_id, $cachedLinkedOptionsFileName, $defaultSelected, $options[$defaultSelected], $maxLength); $form_ele2 = new xoopsFormLabel($ele_caption, $renderedComboBox); $renderedElement = $form_ele2->render(); } else { // normal element $renderedElement = $form_ele1->render(); } $form_ele = new XoopsFormLabel($ele_caption, "<nobr>{$renderedElement}</nobr>\n{$renderedHoorvs}\n{$disabledHiddenValues}\n"); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); } // end of if we have a link on our hands. -- jwe 7/29/04 // set required validation code if ($this->_ele->getVar('ele_req') and !$isDisabled) { $eltname = $form_ele_id; $eltcaption = $ele_caption; $eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption); $eltmsg = str_replace('"', '\\"', stripslashes($eltmsg)); if ($ele_value[8] == 1) { // Has been edited in order to not allow the user to submit a form when "No match found" or "Choose an Option" is selected from the quickselect box. $form_ele->customValidationCode[] = "\nif ( myform.{$eltname}.value == '' || myform.{$eltname}.value == 'none' ) {\n window.alert(\"{$eltmsg}\");\n myform.{$eltname}_user.focus();\n return false;\n }\n"; } elseif ($ele_value[0] == 1) { $form_ele->customValidationCode[] = "\nif ( myform.{$eltname}.options[0].selected ) {\n window.alert(\"{$eltmsg}\");\n myform.{$eltname}.focus();\n return false;\n }\n"; } elseif ($ele_value[0] > 1) { $form_ele->customValidationCode[] = "selection = false;\n"; $form_ele->customValidationCode[] = "\nfor(i=0;i<myform.{$eltname}.options.length;i++) {\n"; $form_ele->customValidationCode[] = "if(myform.{$eltname}.options[i].selected) {\n"; $form_ele->customValidationCode[] = "selection = true;\n"; $form_ele->customValidationCode[] = "}\n"; $form_ele->customValidationCode[] = "}\n"; $form_ele->customValidationCode[] = "if(selection == false) { window.alert(\"{$eltmsg}\");\n myform.{$eltname}.focus();\n return false;\n }\n"; } } if ($isDisabled) { $isDisabled = false; // disabled stuff handled here in element, so don't invoke generic disabled handling below (which is only for textboxes and their variations) } break; case 'checkbox': $selected = array(); $options = array(); $disabledHiddenValue = array(); $disabledHiddenValues = ""; $disabledOutputText = array(); $opt_count = 1; while ($i = each($ele_value)) { $options[$opt_count] = $myts->stripSlashesGPC($i['key']); if ($i['value'] > 0) { $selected[] = $opt_count; $disabledHiddenValue[] = "<input type=hidden name=\"" . $form_ele_id . "[]\" value=\"{$opt_count}\">"; } $opt_count++; } if ($this->_ele->getVar('ele_delim') != "") { $delimSetting = $this->_ele->getVar('ele_delim'); } $delimSetting =& $myts->undoHtmlSpecialChars($delimSetting); if ($delimSetting == "br") { $delimSetting = "<br />"; } $hiddenOutOfRangeValuesToWrite = array(); switch ($delimSetting) { case 'space': $form_ele1 = new XoopsFormCheckBox($ele_caption, $form_ele_id, $selected); $counter = 0; // counter used for javascript that works with 'Other' box while ($o = each($options)) { $o = formulize_swapUIText($o, $this->_ele->getVar('ele_uitext')); $other = $this->optOther($o['value'], $form_ele_id, $entry, $counter, true); if ($other != false) { $form_ele1->addOption($o['key'], _formulize_OPT_OTHER . $other); if (in_array($o['key'], $selected)) { $disabledOutputText[] = _formulize_OPT_OTHER . $other; } } else { $form_ele1->addOption($o['key'], $o['value']); if (in_array($o['key'], $selected)) { $disabledOutputText[] = $o['value']; } if (strstr($o['value'], _formulize_OUTOFRANGE_DATA)) { $hiddenOutOfRangeValuesToWrite[$o['key']] = str_replace(_formulize_OUTOFRANGE_DATA, "", $o['value']); // if this is an out of range value, grab the actual value so we can stick it in a hidden element later } } $counter++; } $form_ele1->setExtra(" onchange=\"javascript:formulizechanged=1;\" jquerytag=\"{$form_ele_id}\" "); break; default: $form_ele1 = new XoopsFormElementTray($ele_caption, $delimSetting); $counter = 0; // counter used for javascript that works with 'Other' box while ($o = each($options)) { $o = formulize_swapUIText($o, $this->_ele->getVar('ele_uitext')); $other = $this->optOther($o['value'], $form_ele_id, $entry, $counter, true); $t = new XoopsFormCheckBox('', $form_ele_id . '[]', $selected, $delimSetting); if ($other != false) { $t->addOption($o['key'], _formulize_OPT_OTHER . $other); if (in_array($o['key'], $selected)) { $disabledOutputText[] = _formulize_OPT_OTHER . $other; } } else { $t->addOption($o['key'], $o['value']); if (in_array($o['key'], $selected)) { $disabledOutputText[] = $o['value']; } if (strstr($o['value'], _formulize_OUTOFRANGE_DATA)) { $hiddenOutOfRangeValuesToWrite[$o['key']] = str_replace(_formulize_OUTOFRANGE_DATA, "", $o['value']); // if this is an out of range value, grab the actual value so we can stick it in a hidden element later } } $t->setExtra(" onchange=\"javascript:formulizechanged=1;\" jquerytag=\"{$form_ele_id}\" "); $form_ele1->addElement($t); unset($t); $counter++; } break; } $renderedHoorvs = ""; if (count($hiddenOutOfRangeValuesToWrite) > 0) { foreach ($hiddenOutOfRangeValuesToWrite as $hoorKey => $hoorValue) { $thisHoorv = new xoopsFormHidden('formulize_hoorv_' . $true_ele_id . '_' . $hoorKey, $hoorValue); $renderedHoorvs .= $thisHoorv->render() . "\n"; unset($thisHoorv); } } if ($isDisabled) { $disabledHiddenValues = implode("\n", $disabledHiddenValue); // glue the individual value elements together into a set of values $renderedElement = implode(", ", $disabledOutputText); } else { $renderedElement = $form_ele1->render(); } $form_ele = new XoopsFormLabel($ele_caption, "{$renderedElement}\n{$renderedHoorvs}\n{$disabledHiddenValues}\n"); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); if ($this->_ele->getVar('ele_req') and !$isDisabled) { $eltname = $form_ele_id; $eltcaption = $ele_caption; $eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption); $eltmsg = str_replace('"', '\\"', stripslashes($eltmsg)); $form_ele->customValidationCode[] = "selection = true;\n"; $form_ele->customValidationCode[] = "checkboxes = \$('[jquerytag={$eltname}]:checked');\n"; // need to use this made up attribute here, because there is no good way to select the checkboxes using the name or anything else that XOOPS/Impress is giving us!! $form_ele->customValidationCode[] = "if(checkboxes.length == 0) { window.alert(\"{$eltmsg}\");\n \$('[jquerytag={$eltname}]').focus();\n return false;\n }\n"; } if ($isDisabled) { $isDisabled = false; // disabled stuff handled here in element, so don't invoke generic disabled handling below (which is only for textboxes and their variations) } break; case 'radio': case 'yn': $selected = ''; $disabledHiddenValue = ""; $options = array(); $opt_count = 1; while ($i = each($ele_value)) { switch ($ele_type) { case 'radio': $options[$opt_count] = $myts->stripSlashesGPC($i['key']); $options[$opt_count] = $myts->displayTarea($options[$opt_count]); break; case 'yn': $options[$opt_count] = constant($i['key']); $options[$opt_count] = $myts->stripSlashesGPC($options[$opt_count]); break; } if ($i['value'] > 0) { $selected = $opt_count; } $opt_count++; } if ($this->_ele->getVar('ele_delim') != "") { $delimSetting = $this->_ele->getVar('ele_delim'); } $delimSetting =& $myts->undoHtmlSpecialChars($delimSetting); if ($delimSetting == "br") { $delimSetting = "<br />"; } $hiddenOutOfRangeValuesToWrite = array(); switch ($delimSetting) { case 'space': $form_ele1 = new XoopsFormRadio('', $form_ele_id, $selected); $counter = 0; while ($o = each($options)) { $o = formulize_swapUIText($o, $this->_ele->getVar('ele_uitext')); $other = $this->optOther($o['value'], $form_ele_id, $entry, $counter); if ($other != false) { $form_ele1->addOption($o['key'], _formulize_OPT_OTHER . $other); if ($o['key'] == $selected) { $disabledOutputText = _formulize_OPT_OTHER . $other; } } else { $o['value'] = get_magic_quotes_gpc() ? stripslashes($o['value']) : $o['value']; $form_ele1->addOption($o['key'], $o['value']); if ($o['key'] == $selected) { $disabledOutputText = $o['value']; } if (strstr($o['value'], _formulize_OUTOFRANGE_DATA)) { $hiddenOutOfRangeValuesToWrite[$o['key']] = str_replace(_formulize_OUTOFRANGE_DATA, "", $o['value']); // if this is an out of range value, grab the actual value so we can stick it in a hidden element later } } $counter++; } $form_ele1->setExtra("onchange=\"javascript:formulizechanged=1;\""); break; default: $form_ele1 = new XoopsFormElementTray('', $delimSetting); $counter = 0; while ($o = each($options)) { $o = formulize_swapUIText($o, $this->_ele->getVar('ele_uitext')); $t = new XoopsFormRadio('', $form_ele_id, $selected); $other = $this->optOther($o['value'], $form_ele_id, $entry, $counter); if ($other != false) { $t->addOption($o['key'], _formulize_OPT_OTHER . "</label><label>{$other}"); // epic hack to terminate radio button's label so it doesn't include the clickable 'other' box!! if ($o['key'] == $selected) { $disabledOutputText = _formulize_OPT_OTHER . $other; } } else { $o['value'] = get_magic_quotes_gpc() ? stripslashes($o['value']) : $o['value']; $t->addOption($o['key'], $o['value']); if ($o['key'] == $selected) { $disabledOutputText = $o['value']; } if (strstr($o['value'], _formulize_OUTOFRANGE_DATA)) { $hiddenOutOfRangeValuesToWrite[$o['key']] = str_replace(_formulize_OUTOFRANGE_DATA, "", $o['value']); // if this is an out of range value, grab the actual value so we can stick it in a hidden element later } } $t->setExtra("onchange=\"javascript:formulizechanged=1;\""); $form_ele1->addElement($t); unset($t); $counter++; } break; } $renderedHoorvs = ""; if (count($hiddenOutOfRangeValuesToWrite) > 0) { foreach ($hiddenOutOfRangeValuesToWrite as $hoorKey => $hoorValue) { $thisHoorv = new xoopsFormHidden('formulize_hoorv_' . $true_ele_id . '_' . $hoorKey, $hoorValue); $renderedHoorvs .= $thisHoorv->render() . "\n"; unset($thisHoorv); } } if ($isDisabled) { $disabledHiddenValue = "<input type=hidden name=\"" . $form_ele_id . "\" value=\"{$selected}\">\n"; $renderedElement = $disabledOutputText; // just text for disabled elements } else { $renderedElement = $form_ele1->render(); } $form_ele = new XoopsFormLabel($ele_caption, "{$renderedElement}\n{$renderedHoorvs}\n{$disabledHiddenValue}\n"); $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); if ($this->_ele->getVar('ele_req') and !$isDisabled) { $eltname = $form_ele_id; $eltcaption = $ele_caption; $eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption); $eltmsg = str_replace('"', '\\"', stripslashes($eltmsg)); $form_ele->customValidationCode[] = "selection = false;\n"; $form_ele->customValidationCode[] = "if(myform.{$eltname}.length) {\n"; $form_ele->customValidationCode[] = "for(var i=0;i<myform.{$eltname}.length;i++){\n"; $form_ele->customValidationCode[] = "if(myform.{$eltname}[i].checked){\n"; $form_ele->customValidationCode[] = "selection = true;\n"; $form_ele->customValidationCode[] = "}\n"; $form_ele->customValidationCode[] = "}\n"; $form_ele->customValidationCode[] = "}\n"; $form_ele->customValidationCode[] = "if(selection == false) { window.alert(\"{$eltmsg}\");\n myform.{$eltname}.focus();\n return false;\n }\n"; } if ($isDisabled) { $isDisabled = false; // disabled stuff handled here in element, so don't invoke generic disabled handling below (which is only for textboxes and their variations) } break; case 'date': // if there's no value (ie: it's blank) ... OR it's the default value because someone submitted a date field without actually specifying a date, that last part added by jwe 10/23/04 if ($ele_value[0] == "" or $ele_value[0] == "YYYY-mm-dd") { $form_ele = new XoopsFormTextDateSelect($ele_caption, $form_ele_id, 15, ""); $form_ele->setExtra(" onchange=\"javascript:formulizechanged=1;\" jquerytag=\"{$form_ele_id}\" "); } else { $form_ele = new XoopsFormTextDateSelect($ele_caption, $form_ele_id, 15, getDateElementDefault($ele_value[0])); $form_ele->setExtra(" onchange=\"javascript:formulizechanged=1;\" jquerytag=\"{$form_ele_id}\" "); } // end of check to see if the default setting is for real // added validation code - sept 5 2007 - jwe if ($this->_ele->getVar('ele_req') and !$isDisabled) { $eltname = $form_ele_id; $eltcaption = $ele_caption; $eltmsg = empty($eltcaption) ? sprintf(_FORM_ENTER, $eltname) : sprintf(_FORM_ENTER, $eltcaption); $eltmsg = str_replace('"', '\\"', stripslashes($eltmsg)); // parseInt() is used to determine if the element value contains a number // Date.parse() would be better, except that it will fail for dd-mm-YYYY format, ie: 22-11-2013 $form_ele->customValidationCode[] = "\nif (isNaN(parseInt(myform.{$eltname}.value))) {\n window.alert(\"{$eltmsg}\");\n myform.{$eltname}.focus();\n return false;\n }\n"; } if (!$isDisabled) { $limit_past = (isset($ele_value["date_limit_past"]) and $ele_value["date_limit_past"] != ""); $limit_future = (isset($ele_value["date_limit_future"]) and $ele_value["date_limit_future"] != ""); if ($limit_past or $limit_future) { $reference_date = time(); if ("new" != $entry) { $entryData = $this->formulize_getCachedEntryData($id_form, $entry); $reference_date = strtotime(display($entryData, "creation_date")); } if ($limit_past) { $form_ele->setExtra(" min-date='" . date("Y-m-d", strtotime("-" . max(0, intval($ele_value["date_past_days"])) . " days", $reference_date)) . "' "); } if ($limit_future) { $form_ele->setExtra(" max-date='" . date("Y-m-d", strtotime("+" . max(0, intval($ele_value["date_future_days"])) . " days", $reference_date)) . "' "); } $form_ele->setExtra(" onchange=\"javascript:formulizechanged=1;check_date_limits('{$form_ele_id}');\" onclick=\"javascript:check_date_limits('{$form_ele_id}');\" onblur=\"javascript:check_date_limits('{$form_ele_id}');\" jquerytag=\"{$form_ele_id}\" "); } else { $form_ele->setExtra(" onchange=\"javascript:formulizechanged=1;\" jquerytag=\"{$form_ele_id}\" "); } } break; case 'sep': //$ele_value[0] = $myts->displayTarea($ele_value[0]); $ele_value[0] = $myts->xoopsCodeDecode($ele_value[0]); $form_ele = new XoopsFormLabel($ele_caption, $ele_value[0]); break; case 'upload': $form_ele = new XoopsFormFile($ele_caption, $form_ele_id, $ele_value[1]); break; /* * Hack by F�lix<INBOX International> * Adding colorpicker form element */ /* * Hack by F�lix<INBOX International> * Adding colorpicker form element */ case 'colorpick': if ($ele_value[0] == "") { //print "Bad date"; $form_ele = new XoopsFormColorPicker($ele_caption, $form_ele_id, ""); } else { //print "good date"; $form_ele = new XoopsFormColorPicker($ele_caption, $form_ele_id, $ele_value[0]); } // end of check to see if the default setting is for real break; /* * End of Hack by F�lix<INBOX International> * Adding colorpicker form element */ /* * End of Hack by F�lix<INBOX International> * Adding colorpicker form element */ default: if (file_exists(XOOPS_ROOT_PATH . "/modules/formulize/class/" . $ele_type . "Element.php")) { $elementTypeHandler = xoops_getmodulehandler($ele_type . "Element", "formulize"); $form_ele = $elementTypeHandler->render($ele_value, $ele_caption, $form_ele_id, $isDisabled, $this->_ele, $entry, $screen); // $ele_value as passed in here, $caption, name that we use for the element in the markup, flag for whether it's disabled or not, element object, entry id number that this element belongs to, $screen is the screen object that was passed in, if any // if form_ele is an array, then we want to treat it the same as an "insertbreak" element, ie: it's not a real form element object if (is_object($form_ele)) { if (!$isDisabled and ($this->_ele->getVar('ele_req') or $this->_ele->alwaysValidateInputs) and $this->_ele->hasData) { // if it's not disabled, and either a declared required element according to the webmaster, or the element type itself always forces validation... $form_ele->customValidationCode = $elementTypeHandler->generateValidationCode($ele_caption, $form_ele_id, $this->_ele, $entry); } $form_ele->setDescription(html_entity_decode($ele_desc, ENT_QUOTES)); $isDisabled = false; // the render method must handle providing a disabled output, so as far as the rest of the logic here goes, the element is not disabled but should be rendered as is $baseCustomElementObject = $elementTypeHandler->create(); if ($baseCustomElementObject->hasData) { $customElementHasData = true; } } } else { return false; } break; } // end element-type case if (is_object($form_ele) and !$isDisabled and $this->_ele->hasData) { if ($previousEntryUI) { $previousEntryUIRendered = " " . $previousEntryUI->render(); } else { $previousEntryUIRendered = ""; } // $ele_type is the type value...only put in a cue for certain kinds of elements, and definitely not for blank subforms if (substr($form_ele_id, 0, 9) != "desubform" and ($ele_type == "text" or $ele_type == "textarea" or $ele_type == "select" or $ele_type == "radio" or $ele_type == "checkbox" or $ele_type == "date" or $ele_type == "colorpick" or $ele_type == "yn" or $customElementHasData)) { $elementCue = "\n<input type=\"hidden\" id=\"decue_" . trim($form_ele_id, "de_") . "\" name=\"decue_" . trim($form_ele_id, "de_") . "\" value=1>\n"; } else { $elementCue = ""; } $form_ele->setExtra(" onchange=\"javascript:formulizechanged=1;\""); // reuse caption, put two spaces between element and previous entry UI $form_ele_new = new xoopsFormLabel($form_ele->getCaption(), $form_ele->render() . $previousEntryUIRendered . $elementCue); $form_ele_new->formulize_element = $this->_ele; if ($ele_desc != "") { $ele_desc = html_entity_decode($ele_desc, ENT_QUOTES); $ele_desc = $myts->makeClickable($ele_desc); $form_ele_new->setDescription($ele_desc); } $form_ele_new->setName($form_ele_id); // need to set this as the name, in case it is required and then the name will be picked up by any "required" checks that get done and used in the required validation javascript for textboxes if (!empty($form_ele->customValidationCode)) { $form_ele_new->customValidationCode = $form_ele->customValidationCode; } if ($form_ele->isRequired()) { $form_ele_new->setRequired(); } return $form_ele_new; } elseif (is_object($form_ele) and $isDisabled and $this->_ele->hasData) { // element is disabled $form_ele = $this->formulize_disableElement($form_ele, $ele_type, $ele_desc); return $form_ele; } else { // form ele is not an object...and/or has no data. Happens for IBs and for non-interactive elements, like grids. return $form_ele; } }
function buildConditionsFilterSQL($conditions, $targetFormId, $curlyBracketEntry, $userComparisonId, $curlyBracketForm, $targetAlias = "") { $conditionsfilter = ""; $conditionsfilter_oom = ""; $curlyBracketFormFrom = ""; if (is_array($conditions)) { $filterElementHandles = convertElementIdsToElementHandles($conditions[0], $targetFormId); $filterElementIds = $conditions[0]; $filterOps = $conditions[1]; $filterTerms = $conditions[2]; $filterTypes = $conditions[3]; $start = true; $start_oom = true; $form_handler = xoops_getmodulehandler('forms', 'formulize'); if (is_numeric($curlyBracketForm)) { $curlyBracketForm = $form_handler->get($curlyBracketForm); } $targetFormObject = $form_handler->get($targetFormId); $element_handler = xoops_getmodulehandler('elements', 'formulize'); $targetFormElementTypes = $targetFormObject->getVar('elementTypes'); $targetAlias .= $targetAlias ? "." : ""; // add a period to the end of the alias, if there is one, so it will work in the sql statement for ($filterId = 0; $filterId < count($filterElementHandles); $filterId++) { $filterOps[$filterId] = $filterOps[$filterId] == 'NOT' ? '!=' : $filterOps[$filterId]; // convert NOT to != to avoid syntax error // if this filter term is a { } term that matches a $_GET value, then let's use that instead if (substr($filterTerms[$filterId], 0, 1) == "{" and substr($filterTerms[$filterId], -1) == "}") { $bracketlessFilterTerm = substr($filterTerms[$filterId], 1, -1); if (isset($_GET[$bracketlessFilterTerm])) { $filterTerms[$filterId] = formulize_db_escape($_GET[$bracketlessFilterTerm]); } } // convert the $filterElementId to a real id, since it's possible it could find its way in here as a handle...a legacy issue sort of if (!is_numeric($filterElementIds[$filterId])) { $elementObject = $element_handler->get($filterElementIds[$filterId]); if (is_object($elementObject)) { $filterElementIds[$filterId] = $elementObject->getVar('ele_id'); } } list($conditionsFilterComparisonValue, $thisCurlyBracketFormFrom) = _buildConditionsFilterSQL($filterId, $filterOps, $filterTerms, $filterElementIds, $targetFormElementTypes, $curlyBracketEntry, $userComparisonId, $curlyBracketForm, $element_handler, $form_handler); if ($filterTypes[$filterId] != "oom") { if ($start) { $conditionsfilter = " AND ("; $start = false; } else { $conditionsfilter .= " AND "; } $conditionsfilter .= "{$targetAlias}`" . $filterElementHandles[$filterId] . "` " . $filterOps[$filterId] . " " . $conditionsFilterComparisonValue; } else { if ($start_oom) { $conditionsfilter_oom = " AND ("; $start_oom = false; } else { $conditionsfilter_oom .= " OR "; } $conditionsfilter_oom .= "{$targetAlias}`" . $filterElementHandles[$filterId] . "` " . $filterOps[$filterId] . " " . $conditionsFilterComparisonValue; } $curlyBracketFormFrom = $thisCurlyBracketFormFrom ? $thisCurlyBracketFormFrom : $curlyBracketFormFrom; // if something was returned, use it, otherwise, stick with what we've got } $conditionsfilter .= $conditionsfilter ? ")" : ""; $conditionsfilter_oom .= $conditionsfilter_oom ? ")" : ""; } return array($conditionsfilter, $conditionsfilter_oom, $curlyBracketFormFrom); }