/**
* Saves the record. Ie: creates the necessary join table records to add the
* desired record to the relationship.
*/
function save($values)
{
//print_r($values);exit;
$colVals = array();
/*
* In case some values were not submitted, we will use the defaults (as specified in the relationships.ini
* file for this relationship to fill in the blanks.
*/
if (isset($this->_relationship->_schema['existing'])) {
foreach ($this->_relationship->_schema['existing'] as $key => $value) {
if (!isset($values[$key])) {
$values[$key] = $value;
}
}
}
$io = new Dataface_IO($values['-table']);
$record = new Dataface_Record($values['-table'], array());
$io->read($values['__keys__'], $record);
$idstring = $values['select'];
$pairs = explode('&', $idstring);
foreach ($pairs as $pair) {
list($attname, $attval) = explode('=', $pair);
$attname = urldecode($attname);
$attval = urldecode($attval);
$colVals[$attname] = $attval;
}
foreach ($values as $key => $value) {
if (strpos($key, '-') === 0) {
continue;
}
if ($key == "Save") {
continue;
}
if ($key == "select") {
continue;
}
$fullPath = $values['-relationship'] . '.' . $key;
if (!$this->_parentTable->exists($fullPath)) {
//echo "Field $fullPath does not exist";
continue;
}
$metaValues = array();
$abs_fieldName = $this->_parentTable->absoluteFieldName($key, array_merge(array($this->_relationship->getDomainTable()), $this->_relationship->_schema['selected_tables']));
if (PEAR::isError($abs_fieldName)) {
continue;
}
$serializer = new Dataface_Serializer($this->_parentTable->tablename);
//echo "Serializing $fullPath\n";
$serializedValue = $serializer->serialize($fullPath, $this->_quickForm->pushValue($fullPath, $metaValues, $this->getElement($key)));
$colVals[$abs_fieldName] = $serializedValue;
}
//print_r($colVals);exit;
$relatedRecord = new Dataface_RelatedRecord($record, $values['-relationship'], $colVals);
$res = $io->addExistingRelatedRecord($relatedRecord, true);
return $res;
}
function checkCredentials()
{
$app =& Dataface_Application::getInstance();
if (!$this->authEnabled) {
return true;
}
if (isset($this->delegate) and method_exists($this->delegate, 'checkCredentials')) {
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if (!isset($creds['UserName']) || !isset($creds['Password'])) {
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}
import('Dataface/Serializer.php');
$serializer = new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `" . $this->usernameColumn . "` FROM `" . $this->usersTable . "`\n\t\t\t\t WHERE `" . $this->usernameColumn . "`='" . addslashes($serializer->serialize($this->usernameColumn, $creds['UserName'])) . "'\n\t\t\t\t AND `" . $this->passwordColumn . "`=" . $serializer->encrypt($this->passwordColumn, "'" . addslashes($serializer->serialize($this->passwordColumn, $creds['Password'])) . "'");
$res = mysql_query($sql, $app->db());
if (!$res) {
trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
if (mysql_num_rows($res) === 0) {
return false;
}
$found = false;
while ($row = mysql_fetch_row($res)) {
if (strcmp($row[0], $creds['UserName']) === 0) {
$found = true;
break;
}
}
@mysql_free_result($res);
return $found;
}
}
/**
* Wraps the value inside a mysql function to encrypt the input (if the 'crypt')
* attribute is selected.
*/
function encrypt($fieldname, $value = null)
{
if (!isset($value)) {
echo Dataface_Error::printStackTrace();
}
if (strpos($fieldname, '.') !== false) {
// This is a related field.
$table =& $this->_table->getTableTableForField($fieldname);
list($relname, $fieldname) = explode('.', $fieldname);
$serializer = new Dataface_Serializer($table->tablename);
$out = $serializer->encrypt($fieldname, $value);
return $out;
}
$field = $this->_table->getField($fieldname);
if (PEAR::isError($field)) {
echo $field->getMessage();
echo Dataface_Error::printStackTrace();
exit;
}
if (isset($field['encryption'])) {
switch (strtolower($field['encryption'])) {
case 'md5':
return 'MD5(' . $value . ')';
case 'password':
return 'PASSWORD(' . $value . ')';
case 'sha1':
return 'SHA1(' . $value . ')';
case 'encrypt':
return 'ENCRYPT(' . $value . ')';
case 'aes_encrypt':
return 'AES_ENCRYPT(' . $value . ',\'' . addslashes($field['aes_key']) . '\')';
}
}
return $value;
}
/**
* Wraps the value inside a mysql function to encrypt the input (if the 'crypt')
* attribute is selected.
*/
function encrypt($fieldname, $value = null)
{
if (!isset($value)) {
$value = '';
}
if (strpos($fieldname, '.') !== false) {
// This is a related field.
$table =& $this->_table->getTableTableForField($fieldname);
list($relname, $fieldname) = explode('.', $fieldname);
$serializer = new Dataface_Serializer($table->tablename);
$out = $serializer->encrypt($fieldname, $value);
return $out;
}
$field = $this->_table->getField($fieldname);
if (PEAR::isError($field)) {
error_log($field->getMessage() . "\n" . implode("\n", $field->getBacktrace()));
throw new Exception("Failed to encrypt field {$fieldname}. See error log for details.", E_USER_ERROR);
}
if (isset($field['encryption'])) {
switch (strtolower($field['encryption'])) {
case 'md5':
return 'MD5(' . $value . ')';
case 'password':
return 'PASSWORD(' . $value . ')';
case 'sha1':
return 'SHA1(' . $value . ')';
case 'encrypt':
return 'ENCRYPT(' . $value . ')';
case 'aes_encrypt':
return 'AES_ENCRYPT(' . $value . ',\'' . addslashes($field['aes_key']) . '\')';
}
}
return $value;
}