function validate_user_info($user_r, &$HTTP_VARS, &$address_provided_r, &$errors) { $address_attribs_provided = NULL; $is_address_validated = TRUE; // cannot change your role unless you have the permissions if (is_array($user_r) && !is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) { $HTTP_VARS['user_role'] = $user_r['user_role']; } else { if ($HTTP_VARS['op'] == 'signup' && !is_valid_signup_role($HTTP_VARS['user_role'])) { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid Signup User Role specified', $HTTP_VARS); return FALSE; } } $role_r = fetch_role_r($HTTP_VARS['user_role']); if (!is_array($role_r)) { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid User Role specified', $HTTP_VARS); return FALSE; } $HTTP_VARS['fullname'] = filter_input_field("text(30,100)", $HTTP_VARS['fullname']); $HTTP_VARS['email_addr'] = filter_input_field("email(30,100)", $HTTP_VARS['email_addr']); if (!validate_input_field(get_opendb_lang_var('fullname'), "text(30,100)", "Y", $HTTP_VARS['fullname'], $errors) || !validate_input_field(get_opendb_lang_var('email'), "email(30,100)", "Y", $HTTP_VARS['email_addr'], $errors)) { return FALSE; } if (get_opendb_config_var('user_admin', 'user_themes_support') === FALSE || !is_exists_theme($HTTP_VARS['uid_theme'])) { $HTTP_VARS['uid_theme'] = FALSE; // Do not update theme! } // Do not allow update with illegal language. if (get_opendb_config_var('user_admin', 'user_language_support') === FALSE || !is_exists_language($HTTP_VARS['uid_language'])) { $HTTP_VARS['uid_language'] = NULL; } $addr_results = fetch_address_type_rs(TRUE); if ($addr_results) { while ($address_type_r = db_fetch_assoc($addr_results)) { $v_address_type = strtolower($address_type_r['s_address_type']); $address_provided_r[$v_address_type] = FALSE; $attr_results = fetch_address_type_attribute_type_rs($address_type_r['s_address_type'], 'update', TRUE); if ($attr_results) { while ($addr_attribute_type_r = db_fetch_assoc($attr_results)) { $fieldname = get_field_name($addr_attribute_type_r['s_attribute_type'], $addr_attribute_type_r['order_no']); $HTTP_VARS[$v_address_type][$fieldname] = filter_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname]); if (is_empty_attribute($addr_attribute_type_r['s_attribute_type'], $HTTP_VARS[$v_address_type][$fieldname]) !== FALSE) { $address_provided_r[$v_address_type] = TRUE; if (!validate_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname], $errors)) { $is_address_validated = FALSE; } } } db_free_result($attr_results); } //if($addr_results) } db_free_result($addr_results); } //if($addr_results) return $is_address_validated; }
function filter_input_field($input_type, $value) { $input_type_def = prc_function_spec($input_type); return filter_item_input_field(array('input_type' => $input_type_def['type'], 'input_type_arg1' => $input_type_def['args'][0], 'input_type_arg2' => $input_type_def['args'][1], 'input_type_arg3' => $input_type_def['args'][2], 'input_type_arg4' => $input_type_def['args'][3], 'input_type_arg5' => $input_type_def['args'][4]), $value); }
function validate_item_attributes($op, $s_item_type, &$HTTP_VARS, &$errors) { $errors = NULL; $all_fields_validated = TRUE; $attr_results = fetch_item_attribute_type_rs($s_item_type, 'not_instance_field_types'); if ($attr_results) { while ($item_attribute_type_r = db_fetch_assoc($attr_results)) { // Item_ID is purely a read-only attribute. if ($item_attribute_type_r['s_field_type'] != 'ITEM_ID') { // Force compulsory_ind for several s_field_type attributes, in case of bad data. if ($item_attribute_type_r['s_field_type'] == 'TITLE') { $item_attribute_type_r['compulsory_ind'] = 'Y'; $fieldname = 'title'; } else { $fieldname = get_field_name($item_attribute_type_r['s_attribute_type'], $item_attribute_type_r['order_no']); } // save it in case we are in refresh mode. $orig_fieldname = $fieldname; if (!is_array($HTTP_VARS[$fieldname])) { if (preg_match("/new([0-9]+)/", $HTTP_VARS[$fieldname], $matches) && isset($HTTP_VARS[$fieldname . '_' . $matches[0]])) { $fieldname = $fieldname . '_' . $matches[0]; } else { if ($HTTP_VARS[$fieldname] == 'old') { // make sure this is a refresh value and not just a field with the value 'old' if (isset($HTTP_VARS[$fieldname . '_new0'])) { $fieldname = $fieldname . '_old'; } } } } // Is it an upload operation if (is_array($_FILES) && is_array($_FILES[$fieldname . '_upload']) && is_uploaded_file($_FILES[$fieldname . '_upload']['tmp_name'])) { $HTTP_VARS[$fieldname] = $_FILES[$fieldname . '_upload']['name']; } else { // normal field $HTTP_VARS[$fieldname] = filter_item_input_field($item_attribute_type_r, $HTTP_VARS[$fieldname]); } // Indicate at least one field failed validation. if (!validate_item_input_field($item_attribute_type_r, $HTTP_VARS[$fieldname], $errors)) { $all_fields_validated = FALSE; } else { // So we have the filtered version for the handle_update / handle_insert functions. if (!is_array($HTTP_VARS[$orig_fieldname])) { if (preg_match("/new([0-9]+)/", $HTTP_VARS[$orig_fieldname], $matches) && isset($HTTP_VARS[$orig_fieldname . '_' . $matches[0]])) { $HTTP_VARS[$fieldname . '_' . $matches[0]] = $HTTP_VARS[$orig_fieldname]; } } } } } db_free_result($attr_results); if (!$all_fields_validated) { return FALSE; } else { return TRUE; } } else { //else - what else can I do here? $errors[] = array('error' => get_opendb_lang_var('undefined_error'), 'detail' => ''); return FALSE; } }
function get_edit_item_instance_form($op, $item_r, $status_type_r, $HTTP_VARS) { $formContents = "<div class=\"tabContentHidden\" id=\"instance_info\">"; $formContents .= get_related_item_search_script(); $results = fetch_item_attribute_type_rs($item_r['s_item_type'], 'instance_field_types'); if ($results) { $formContents .= "<h3>" . get_opendb_lang_var('instance_info') . "</h3>"; $formContents .= "\n<table>"; if (($op == 'edit' || $op == 'refresh') && $status_type_r['change_owner_ind'] == 'Y') { $formContents .= format_field(get_opendb_lang_var('owner'), "\n<select name=\"owner_id\">" . custom_select('owner_id', fetch_user_rs(PERM_ITEM_OWNER, INCLUDE_ROLE_PERMISSIONS, INCLUDE_CURRENT_USER, EXCLUDE_DEACTIVATED_USER, 'user_id', 'ASC'), '%fullname% (%user_id%)', 'NA', ifempty($HTTP_VARS['owner_id'], $item_r['owner_id']), 'user_id') . "\n</select>"); } if ($op == 'newinstance' || $op == 'clone_item') { $item_r['s_status_type'] = NULL; $item_r['status_comment'] = NULL; $item_r['borrow_duration'] = NULL; } while ($item_attribute_type_r = db_fetch_assoc($results)) { if ($item_attribute_type_r['s_field_type'] == 'STATUSTYPE') { $status_type = ifempty(filter_item_input_field($item_attribute_type_r, $HTTP_VARS['s_status_type']), $item_r['s_status_type']); if ($op == 'new' || $op == 'site' || $op == 'newinstance' || $op == 'clone_item') { $lookup_results = fetch_newitem_status_type_rs(); } else { // If item has borrowed records, then no s_status_type with borrow_ind == 'X' should be included. $lookup_results = fetch_update_status_type_rs($status_type); } if ($lookup_results && db_num_rows($lookup_results) > 0) { $formContents .= format_field($item_attribute_type_r['prompt'], radio_grid('s_status_type', $lookup_results, '%img%', 'VERTICAL', $status_type)); // value } } else { if ($item_attribute_type_r['s_field_type'] == 'STATUSCMNT') { $status_comment = ifempty(filter_item_input_field($item_attribute_type_r, $HTTP_VARS['status_comment']), $item_r['status_comment']); $formContents .= get_item_input_field('status_comment', $item_attribute_type_r, NULL, $status_comment); } else { if ($item_attribute_type_r['s_field_type'] == 'DURATION') { $borrow_duration = ifempty(filter_item_input_field($item_attribute_type_r, $HTTP_VARS['borrow_duration']), $item_r['borrow_duration']); // The S_DURATION lookup list will most likely include an 'Undefined' option, that equates // to an empty string. So for Updates, we want to allow for a match, by forcing any NULL // value to a empty string. The reason why we do this, is because the Borrow Duration was // probably set to 'Undefined', but because this equated to an empty string, the field was // never updated. if ($op != 'new' && $op != 'site') { if ($borrow_duration === NULL) { $borrow_duration = ''; } } $formContents .= get_item_input_field('borrow_duration', $item_attribute_type_r, NULL, $borrow_duration); } } } } //while db_free_result($results); $formContents .= "\n</table>"; } if (get_opendb_config_var('item_input', 'related_item_support') !== FALSE) { $formContents .= "<h3>" . get_opendb_lang_var('add_related_parent') . "</h3>"; $formContents .= "\n<table>"; $formContents .= format_field(get_opendb_lang_var('parent_item_filter'), '<input type="text" name="parent_item_filter" id="parent_item_filter">'); $formContents .= format_field(get_opendb_lang_var('parent_item'), format_item_parents_select($HTTP_VARS, $item_r, '%parent_only%')); $formContents .= "\n</table>"; $relatedItems = get_related_items_listing($item_r, $HTTP_VARS, RELATED_PARENTS_MODE); if ($relatedItems != NULL) { $formContents .= "<h3>" . get_opendb_lang_var('related_parent_item(s)') . "</h3>"; $formContents .= $relatedItems; } } $formContents .= "</div>"; return $formContents; }