function _getInputValidationErrors($mySqlColsAndTypes, $newRecordValues)
{
global $schema, $tableName, $escapedTableName, $CURRENT_USER, $isMyAccountMenu;
$errors = '';
$recordNum = @$_REQUEST['num'];
// load schema columns
foreach ($schema as $fieldname => $fieldSchema) {
if (!is_array($fieldSchema)) {
continue;
}
// fields are stored as arrays, other entries are table metadata
if (!userHasFieldAccess($fieldSchema)) {
continue;
}
// skip fields that the user has no access to
if ($tableName == 'accounts' && $fieldname == 'isAdmin' && !$CURRENT_USER['isAdmin']) {
continue;
}
// skip admin only fields
if ($isMyAccountMenu && @(!$fieldSchema['myAccountField'])) {
continue;
}
// skip validation on fields that aren't displayed
$isMyAccountPasswordField = $isMyAccountMenu && $fieldname == 'password';
$value = @$newRecordValues[$fieldname];
$labelOrName = @$fieldSchema['label'] != '' ? $fieldSchema['label'] : $fieldname;
// date fields - check if required suffixes are missing
$missingDateSubfields = 0;
$partialDateEntered = false;
if (@$fieldSchema['type'] == 'date') {
$requiredDateSuffixes = array('mon', 'day', 'year');
if ($fieldSchema['showTime']) {
if ($fieldSchema['use24HourFormat']) {
array_push($requiredDateSuffixes, 'hour24', 'min');
} else {
array_push($requiredDateSuffixes, 'hour12', 'min', 'isPM');
}
if ($fieldSchema['showSeconds']) {
array_push($requiredDateSuffixes, 'sec');
}
}
$subFieldCount = 0;
foreach ($requiredDateSuffixes as $suffix) {
if (@$_REQUEST["{$fieldname}:{$suffix}"] == '') {
$missingDateSubfields++;
}
}
$partialDateEntered = $missingDateSubfields && count($requiredDateSuffixes) > $missingDateSubfields;
// if some but not all date subfields entered then require all of them
}
// check required fields
$checkRequired = @$fieldSchema['isRequired'] && !$isMyAccountPasswordField || $partialDateEntered;
if ($checkRequired) {
if ($fieldSchema['type'] == 'upload') {
if (!getUploadCount($tableName, $fieldname, @$_REQUEST['num'], @$_REQUEST['preSaveTempId'])) {
$errors .= sprintf(t("'%s' is required! You must upload a file!"), $labelOrName) . "\n";
}
} elseif ($fieldSchema['type'] == 'date') {
if ($partialDateEntered) {
$errors .= sprintf(t("Please fill out all '%s' fields!"), $labelOrName) . "\n";
} elseif ($missingDateSubfields) {
$errors .= sprintf(t("'%s' is required!"), $labelOrName) . "\n";
}
} elseif ($value == '') {
$errors .= sprintf(t("'%s' is required!"), $labelOrName) . "\n";
}
}
// check for unique fields
if (@$fieldSchema['isUnique'] && $value != '') {
// unique allows blank fields (use required to require value)
$errors .= __getUniqueFieldErrors($labelOrName, $fieldname, $value, $recordNum);
}
// get length of content
if (@$fieldSchema['type'] == 'wysiwyg') {
$textOnlyValue = strip_tags($value);
$textOnlyValue = preg_replace('/\\s+/', ' ', $textOnlyValue);
$textLength = mb_strlen($textOnlyValue);
} elseif (@$fieldSchema['type'] == 'textbox' && @$fieldSchema['autoFormat']) {
$textOnlyValue = str_replace("<br/>\n", "\n", $value);
$textLength = mb_strlen($textOnlyValue);
} else {
$textLength = mb_strlen($value);
}
// check min/max length of content
if ($value != '' && @$fieldSchema['minLength'] && $textLength < $fieldSchema['minLength']) {
$errors .= sprintf(t('\'%1$s\' must be at least %2$s characters! (currently %3$s characters)'), $labelOrName, $fieldSchema['minLength'], $textLength) . "\n";
}
if ($value != '' && @$fieldSchema['maxLength'] && $textLength > $fieldSchema['maxLength']) {
$errors .= sprintf(t('\'%1$s\' cannot be longer than %2$s characters! (currently %3$s characters)'), $labelOrName, $fieldSchema['maxLength'], $textLength) . "\n";
}
// check allowed/disallowed characters (skip if $fieldSchema['charset'] is blank to avoid: "Warning: preg_match(): Compilation failed: missing terminating ]")
if (strlen(@$fieldSchema['charset']) > 0) {
$allowRegexp = '/[^' . preg_quote(@$fieldSchema['charset'], '/') . ']/';
$disallowRegexp = '/[' . preg_quote(@$fieldSchema['charset'], '/') . ']/';
if (@$fieldSchema['charsetRule'] == 'allow' && preg_match($allowRegexp, $value)) {
$errors .= sprintf(t('\'%1$s\' only allows the following characters (%2$s)'), $labelOrName, $fieldSchema['charset']) . "\n";
}
if (@$fieldSchema['charsetRule'] == 'disallow' && preg_match($disallowRegexp, $value)) {
$errors .= sprintf(t('\'%1$s\' doesn\'t allow the following characters (%2$s)'), $labelOrName, $fieldSchema['charset']) . "\n";
}
}
// custom field error checking
if (@$schema['menuType'] == 'category' && $fieldname == 'parentNum') {
// load parent category
$escapedNum = mysql_escape($value);
$query = "SELECT num, name, lineage FROM `{$escapedTableName}` WHERE num = '{$escapedNum}' LIMIT 1";
$result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
$parentCategory = mysql_fetch_assoc($result);
if (is_resource($result)) {
mysql_free_result($result);
}
// error checking
if (preg_match("/:{$recordNum}:/", $parentCategory['lineage'])) {
$errors .= sprintf(t('\'%s\' can\'t select the current category or any categories under the current category!'), $labelOrName) . "\n";
}
}
// my account - password changing
$newPasswordEntered = @$_REQUEST['password:old'] || @$_REQUEST['password'] || @$_REQUEST['password:again'];
if ($isMyAccountPasswordField && $newPasswordEntered && !$errors) {
$_REQUEST['password:old'] = preg_replace("/^\\s+|\\s+\$/s", '', @$_REQUEST['password:old']);
// v2.52 remove leading and trailing whitespace
$oldPasswordHash = getPasswordDigest(@$_REQUEST['password:old']);
if (!@$_REQUEST['password:old']) {
$errors .= t("Please specify your current password!") . "\n";
} else {
if ($oldPasswordHash != getPasswordDigest($CURRENT_USER['password'])) {
$errors .= t("Current password is not correct!") . "\n";
}
}
// v2.51 works when comparing hashed and unhashed passwords the same
$errors .= getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $CURRENT_USER['username']);
// v2.52
}
// accounts - password changing (usually done by admin) v2.52
if (!$isMyAccountMenu && $tableName == 'accounts' && $fieldname == 'password' && !$errors) {
$errors .= getNewPasswordErrors(@$_REQUEST['password'], null, @$newRecordValues['username']);
// v2.52
}
// user accounts - don't allow disabling of own account
if ($tableName == 'accounts' && $fieldname == 'disabled') {
if ($recordNum == $CURRENT_USER['num'] && !empty($_REQUEST['disabled'])) {
$errors .= t("You cannot disable your own account!") . "\n";
}
}
}
//
return $errors;
}
function getUploadLimits($tablename, $fieldname, $num, $preSaveTempId)
{
$schema = loadSchema($tablename);
$fieldSchema = $schema[$fieldname];
$isUploadLimit = @$fieldSchema['checkMaxUploads'];
$maxUploads = (int) $fieldSchema['maxUploads'];
$uploadCount = getUploadCount($tablename, $fieldname, $num, $preSaveTempId);
$remainingUploads = max($maxUploads - $uploadCount, 0);
return array($isUploadLimit, $maxUploads, $remainingUploads);
}
