function _getColumnDisplayValueAndAttributes($fieldname, &$record) { global $schema, $tableName; $fieldValue = @$record[$fieldname]; $fieldSchema = @$schema[$fieldname]; if ($fieldSchema) { $fieldSchema['name'] = $fieldname; } // default display value and attribute if (!is_array($fieldValue)) { $fieldValue = htmlencode($fieldValue); } $displayValue = $fieldValue; $tdAttributes = "style='text-align:left'"; // date fields $isSpecialDatefield = in_array($fieldname, array('createdDate', 'updatedDate')); if (@$fieldSchema['type'] == 'date' || $isSpecialDatefield) { $showSeconds = @$fieldSchema['showSeconds']; $showTime = @$fieldSchema['showTime']; $use24Hour = @$fieldSchema['use24HourFormat']; // settings for createdDate and updatedDate if ($isSpecialDatefield) { $showSeconds = true; $showTime = true; $use24Hour = true; } $secondsFormat = ''; if ($showSeconds) { $secondsFormat = ':s'; } $timeFormat = ''; if ($showTime) { if ($use24Hour) { $timeFormat = " - H:i{$secondsFormat}"; } else { $timeFormat = " - h:i{$secondsFormat} A"; } } $dateFormat = ''; $dayMonthOrder = @$GLOBALS['SETTINGS']['dateFormat']; if ($dayMonthOrder == 'dmy') { $dateFormat = "jS M, Y" . $timeFormat; } elseif ($dayMonthOrder == 'mdy') { $dateFormat = "M jS, Y" . $timeFormat; } else { $dateFormat = "Y-m-d" . $timeFormat; } $displayValue = date($dateFormat, strtotime($fieldValue)); if (!$fieldValue || $fieldValue == '0000-00-00 00:00:00') { $displayValue = ''; } } // dragSortOrder fields if ($fieldname == 'dragSortOrder') { if (!userHasFieldAccess($schema[$fieldname])) { return; } // skip fields that the user has no access to $tdAttributes = "class='dragger'"; $displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />"; $displayValue .= "<img src='lib/images/drag.gif' height='6' width='19' class='dragger' title='" . t('Click and drag to change order.') . "' alt='' /><br/>"; } // Category Section: name fields - pad category names to their depth $isCategorySection = @$schema['menuType'] == 'category' && $fieldname == 'name'; if ($isCategorySection) { $depth = @$record["depth"]; $parentNum = @$record["parentNum"]; //$displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />"; //$displayValue .= "<input type='hidden' value='$fieldValue' class='_categoryName' />"; //$displayValue .= "<input type='hidden' value='$depth' class='_categoryDepth' />"; $displayValue = "<input type='hidden' value='{$parentNum}' class='_categoryParent' />"; //$displayValue .= "<img style='float:left' src='lib/images/drag.gif' height='6' width='19' class='dragHandle' title='" . // t('Click and drag to change order.'). // "' alt='' />"; if (@$record['depth']) { $padding = str_repeat(" ", @$record['depth']); $displayValue .= $padding . ' - '; } $displayValue .= $fieldValue; } // display first thumbnail for upload fields if (@$fieldSchema['type'] == 'upload') { $displayValue = ''; $upload = @$record[$fieldname][0]; if ($upload) { ob_start(); showUploadPreview($upload, 50); $displayValue = ob_get_clean(); } } // display labels for list fields #if (@$fieldSchema['type'] == 'list' && $suffix == 'label') { // require ":label" field suffix in future to show labels, just do it automatic for now though. if (@$fieldSchema['type'] == 'list') { $displayValue = _getListOptionLabelByValue($fieldSchema, $record); } // display labels for checkboxes if (@$fieldSchema['type'] == 'checkbox') { if (@$fieldSchema['checkedValue'] || @$fieldSchema['uncheckedValue']) { $displayValue = $fieldValue ? @$fieldSchema['checkedValue'] : @$fieldSchema['uncheckedValue']; } } // v2.50 - display formatted textbox content if (@$fieldSchema['type'] == 'textbox') { if ($fieldSchema['autoFormat']) { $displayValue = @$record[$fieldname]; // overwrite previous htmlencoded value $displayValue = preg_replace("/<br\\s*\\/?>\r?\n/", "\n", $displayValue); // remove autoformat break tags $displayValue = htmlencode($displayValue); // html encode content } $displayValue = nl2br($displayValue); // re-add break tags after nextlines } // return display value return array($displayValue, $tdAttributes); }
function showViewFormRows($record) { global $schema, $escapedTableName, $CURRENT_USER, $tableName, $menu, $isMyAccountMenu; $record =& $GLOBALS['RECORD']; $fields = getFieldObjects_fromSchema($schema); // load schema columns $html = ''; foreach ($fields as $field) { // special cases: skip fields if: if (!userHasFieldAccess(get_object_vars($field))) { continue; } // skip fields that the user has no access to if ($tableName == 'accounts' && $field->name == 'isAdmin' && !$CURRENT_USER['isAdmin']) { continue; } // only admin users can see/change "isAdmin" field if ($isMyAccountMenu && @(!$field->myAccountField)) { continue; } // only show fields set as 'myAccountField' on My Accounts page // display field $fieldValue = $field->getDisplayValue($record); $html .= $field->getTableRow($record, $fieldValue, 'view'); } print $html; }
function _getInputValidationErrors($mySqlColsAndTypes, $newRecordValues) { global $schema, $tableName, $escapedTableName, $CURRENT_USER, $isMyAccountMenu; $errors = ''; $recordNum = @$_REQUEST['num']; // load schema columns foreach ($schema as $fieldname => $fieldSchema) { if (!is_array($fieldSchema)) { continue; } // fields are stored as arrays, other entries are table metadata if (!userHasFieldAccess($fieldSchema)) { continue; } // skip fields that the user has no access to if ($tableName == 'accounts' && $fieldname == 'isAdmin' && !$CURRENT_USER['isAdmin']) { continue; } // skip admin only fields if ($isMyAccountMenu && @(!$fieldSchema['myAccountField'])) { continue; } // skip validation on fields that aren't displayed $isMyAccountPasswordField = $isMyAccountMenu && $fieldname == 'password'; $value = @$newRecordValues[$fieldname]; $labelOrName = @$fieldSchema['label'] != '' ? $fieldSchema['label'] : $fieldname; // date fields - check if required suffixes are missing $missingDateSubfields = 0; $partialDateEntered = false; if (@$fieldSchema['type'] == 'date') { $requiredDateSuffixes = array('mon', 'day', 'year'); if ($fieldSchema['showTime']) { if ($fieldSchema['use24HourFormat']) { array_push($requiredDateSuffixes, 'hour24', 'min'); } else { array_push($requiredDateSuffixes, 'hour12', 'min', 'isPM'); } if ($fieldSchema['showSeconds']) { array_push($requiredDateSuffixes, 'sec'); } } $subFieldCount = 0; foreach ($requiredDateSuffixes as $suffix) { if (@$_REQUEST["{$fieldname}:{$suffix}"] == '') { $missingDateSubfields++; } } $partialDateEntered = $missingDateSubfields && count($requiredDateSuffixes) > $missingDateSubfields; // if some but not all date subfields entered then require all of them } // check required fields $checkRequired = @$fieldSchema['isRequired'] && !$isMyAccountPasswordField || $partialDateEntered; if ($checkRequired) { if ($fieldSchema['type'] == 'upload') { if (!getUploadCount($tableName, $fieldname, @$_REQUEST['num'], @$_REQUEST['preSaveTempId'])) { $errors .= sprintf(t("'%s' is required! You must upload a file!"), $labelOrName) . "\n"; } } elseif ($fieldSchema['type'] == 'date') { if ($partialDateEntered) { $errors .= sprintf(t("Please fill out all '%s' fields!"), $labelOrName) . "\n"; } elseif ($missingDateSubfields) { $errors .= sprintf(t("'%s' is required!"), $labelOrName) . "\n"; } } elseif ($value == '') { $errors .= sprintf(t("'%s' is required!"), $labelOrName) . "\n"; } } // check for unique fields if (@$fieldSchema['isUnique'] && $value != '') { // unique allows blank fields (use required to require value) $errors .= __getUniqueFieldErrors($labelOrName, $fieldname, $value, $recordNum); } // get length of content if (@$fieldSchema['type'] == 'wysiwyg') { $textOnlyValue = strip_tags($value); $textOnlyValue = preg_replace('/\\s+/', ' ', $textOnlyValue); $textLength = mb_strlen($textOnlyValue); } elseif (@$fieldSchema['type'] == 'textbox' && @$fieldSchema['autoFormat']) { $textOnlyValue = str_replace("<br/>\n", "\n", $value); $textLength = mb_strlen($textOnlyValue); } else { $textLength = mb_strlen($value); } // check min/max length of content if ($value != '' && @$fieldSchema['minLength'] && $textLength < $fieldSchema['minLength']) { $errors .= sprintf(t('\'%1$s\' must be at least %2$s characters! (currently %3$s characters)'), $labelOrName, $fieldSchema['minLength'], $textLength) . "\n"; } if ($value != '' && @$fieldSchema['maxLength'] && $textLength > $fieldSchema['maxLength']) { $errors .= sprintf(t('\'%1$s\' cannot be longer than %2$s characters! (currently %3$s characters)'), $labelOrName, $fieldSchema['maxLength'], $textLength) . "\n"; } // check allowed/disallowed characters (skip if $fieldSchema['charset'] is blank to avoid: "Warning: preg_match(): Compilation failed: missing terminating ]") if (strlen(@$fieldSchema['charset']) > 0) { $allowRegexp = '/[^' . preg_quote(@$fieldSchema['charset'], '/') . ']/'; $disallowRegexp = '/[' . preg_quote(@$fieldSchema['charset'], '/') . ']/'; if (@$fieldSchema['charsetRule'] == 'allow' && preg_match($allowRegexp, $value)) { $errors .= sprintf(t('\'%1$s\' only allows the following characters (%2$s)'), $labelOrName, $fieldSchema['charset']) . "\n"; } if (@$fieldSchema['charsetRule'] == 'disallow' && preg_match($disallowRegexp, $value)) { $errors .= sprintf(t('\'%1$s\' doesn\'t allow the following characters (%2$s)'), $labelOrName, $fieldSchema['charset']) . "\n"; } } // custom field error checking if (@$schema['menuType'] == 'category' && $fieldname == 'parentNum') { // load parent category $escapedNum = mysql_escape($value); $query = "SELECT num, name, lineage FROM `{$escapedTableName}` WHERE num = '{$escapedNum}' LIMIT 1"; $result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n"); $parentCategory = mysql_fetch_assoc($result); if (is_resource($result)) { mysql_free_result($result); } // error checking if (preg_match("/:{$recordNum}:/", $parentCategory['lineage'])) { $errors .= sprintf(t('\'%s\' can\'t select the current category or any categories under the current category!'), $labelOrName) . "\n"; } } // my account - password changing $newPasswordEntered = @$_REQUEST['password:old'] || @$_REQUEST['password'] || @$_REQUEST['password:again']; if ($isMyAccountPasswordField && $newPasswordEntered && !$errors) { $_REQUEST['password:old'] = preg_replace("/^\\s+|\\s+\$/s", '', @$_REQUEST['password:old']); // v2.52 remove leading and trailing whitespace $oldPasswordHash = getPasswordDigest(@$_REQUEST['password:old']); if (!@$_REQUEST['password:old']) { $errors .= t("Please specify your current password!") . "\n"; } else { if ($oldPasswordHash != getPasswordDigest($CURRENT_USER['password'])) { $errors .= t("Current password is not correct!") . "\n"; } } // v2.51 works when comparing hashed and unhashed passwords the same $errors .= getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $CURRENT_USER['username']); // v2.52 } // accounts - password changing (usually done by admin) v2.52 if (!$isMyAccountMenu && $tableName == 'accounts' && $fieldname == 'password' && !$errors) { $errors .= getNewPasswordErrors(@$_REQUEST['password'], null, @$newRecordValues['username']); // v2.52 } // user accounts - don't allow disabling of own account if ($tableName == 'accounts' && $fieldname == 'disabled') { if ($recordNum == $CURRENT_USER['num'] && !empty($_REQUEST['disabled'])) { $errors .= t("You cannot disable your own account!") . "\n"; } } } // return $errors; }
function _getRecordValuesFromFormInput($fieldPrefix = '') { global $schema, $CURRENT_USER, $tableName, $isMyAccountMenu; $recordValues = array(); $specialFields = array('num', 'createdDate', 'createdByUserNum', 'updatedDate', 'updatedByUserNum'); // load schema columns foreach (getSchemaFields($schema) as $fieldname => $fieldSchema) { if (!userHasFieldAccess($fieldSchema)) { continue; } // skip fields that the user has no access to if ($tableName == 'accounts' && $fieldname == 'isAdmin' && !$CURRENT_USER['isAdmin']) { continue; } // skip admin only fields // special cases: don't let user set values for: if (in_array($fieldname, $specialFields)) { continue; } if ($isMyAccountMenu) { if (@(!$fieldSchema['myAccountField'])) { continue; } // my account - skip fields not displayed or allowed to be edited in "my account" if ($fieldname == 'password' && !@$_REQUEST[$fieldPrefix . 'password']) { continue; } // my account - skip password field if no value submitted } // switch (@$fieldSchema['type']) { case 'textfield': case 'wysiwyg': case 'checkbox': case 'parentCategory': $recordValues[$fieldname] = $_REQUEST[$fieldPrefix . $fieldname]; break; case 'textbox': $fieldValue = $_REQUEST[$fieldPrefix . $fieldname]; if ($fieldSchema['autoFormat']) { $fieldValue = preg_replace("/\r\n|\n/", "<br/>\n", $fieldValue); // add break tags } $recordValues[$fieldname] = $fieldValue; break; case 'date': $recordValues[$fieldname] = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $_REQUEST["{$fieldPrefix}{$fieldname}:year"], $_REQUEST["{$fieldPrefix}{$fieldname}:mon"], $_REQUEST["{$fieldPrefix}{$fieldname}:day"], _getHour24ValueFromDateInput($fieldPrefix . $fieldname), (int) @$_REQUEST["{$fieldPrefix}{$fieldname}:min"], (int) @$_REQUEST["{$fieldPrefix}{$fieldname}:sec"]); break; case 'list': if (is_array(@$_REQUEST[$fieldPrefix . $fieldname]) && @$_REQUEST[$fieldPrefix . $fieldname]) { // store multi-value fields as tab delimited with leading/trailing tabs // for easy matching of single values - LIKE "%\tvalue\t%" $recordValues[$fieldname] = "\t" . join("\t", $_REQUEST[$fieldPrefix . $fieldname]) . "\t"; } else { $recordValues[$fieldname] = @$_REQUEST[$fieldPrefix . $fieldname]; } break; case 'upload': // images need to be loaded with seperate function call. break; case 'dateCalendar': _updateDateCalendar($fieldname); break; // ignored fields // ignored fields case '': // ignore these fields when saving user input // ignore these fields when saving user input case 'none': // ... // ... case 'separator': // ... // ... case 'relatedRecords': // ... // ... case 'accessList': // ... break; default: die(__FUNCTION__ . ": field '{$fieldname}' has unknown field type '" . @$fieldSchema['type'] . "'"); break; } } return $recordValues; }
function showFields($record) { global $schema, $escapedTableName, $CURRENT_USER, $tableName, $menu, $isMyAccountMenu; $record =& $GLOBALS['RECORD']; // copy global schema state, so that if changed (i.e. by _showrelatedRecords), we can restore it $active_menu = $menu; $active_tableName = $tableName; $active_schema = $schema; // load schema columns _showCreatedUpdated($schema, $record); foreach ($active_schema as $name => $fieldHash) { if (!is_array($fieldHash)) { continue; } // fields are stored as arrays, other entries are table metadata $fieldSchema = array('name' => $name) + $fieldHash; $fieldSchema = applyFilters('edit_fieldSchema', $fieldSchema, $tableName); // special cases: skip fields if: if (!userHasFieldAccess($fieldHash)) { continue; } // skip fields that the user has no access to if ($tableName == 'accounts' && $name == 'isAdmin' && !$CURRENT_USER['isAdmin']) { continue; } // only admin users can set/change "isAdmin" field if ($isMyAccountMenu && @(!$fieldSchema['myAccountField'])) { continue; } // only show fields set as 'myAccountField' on My Accounts page // allow hooks to override (return false to override) if (!applyFilters('edit_show_field', true, $fieldSchema, $record)) { continue; } // switch (@$fieldHash['type']) { case '': case 'none': break; case 'textfield': _showTextfield($fieldSchema, $record); break; case 'textbox': _showTextbox($fieldSchema, $record); break; case 'wysiwyg': _showWysiwyg($fieldSchema, $record); break; case 'date': _showDateTime($fieldSchema, $record); break; case 'list': _showList($fieldSchema, $record); break; case 'checkbox': _showCheckbox($fieldSchema, $record); break; case 'upload': _showUpload($fieldSchema, $record); break; case 'separator': _showSeparator($fieldSchema, $record); break; // advanced fields // advanced fields case 'relatedRecords': _showrelatedRecords($fieldSchema, $record); break; case 'parentCategory': _showParentCategory($fieldSchema, $record, $schema); break; // custom fields // custom fields case 'accessList': _showAccessList($fieldSchema, $record); break; case 'dateCalendar': _showDateCalendar($fieldSchema, $record); break; default: echo "<tr><td colspan='2' align='center'><b>field '{$name}' has unknown field type '" . @$fieldHash['type'] . "'</b></td></tr>"; break; } // restore global schema state in case any of the above functions (i.e. _showrelatedRecords) modified it $menu = $active_menu; $tableName = $active_tableName; $schema = $active_schema; } }