Esempio n. 1
0
 /**
  * Validates the input.
  *
  * @param Zikula_Form_View $view Reference to Zikula_Form_View object.
  *
  * @return void
  */
 public function validate(Zikula_Form_View $view)
 {
     parent::validate($view);
     if (!$this->isValid) {
         return;
     }
     if (!empty($this->text)) {
         if (!System::varValidate($this->text, 'email')) {
             $this->setError(__('Error! Invalid e-mail address.'));
         }
     }
 }
Esempio n. 2
0
 /**
  * Validate a specific field using the supplied control parameters
  *
  * @param string   $objectType The string object type.
  * @param array    $object     The object to validate.
  * @param string   $field      The field to validate.
  * @param boolean  $required   Whether or not the field is required.
  * @param string   $cmp_op     The compare operation to perform.
  * @param string   $cmp_value  The value to compare the supplied field value to. If the value starts with a ':', the argument is used as an object access key.
  * @param string   $err_msg    The error message to use if the validation fails.
  * @param callable $callback   Callback, any PHP callable.
  *
  * @return boolean A true/false value indicating whether the field validation passed or failed.
  */
 public static function validateField($objectType, $object, $field, $required, $cmp_op, $cmp_value, $err_msg, $callback = null)
 {
     if (!is_array($object)) {
         return z_exit(__f('%1s: %2s is not an array.', array('ValidationUtil::validateField', 'object')));
     }
     if (!$field) {
         return z_exit(__f('%1s: empty %2s supplied.', array('ValidationUtil::validateField', 'field')));
     }
     if (!$err_msg) {
         return z_exit(__f('%1s: empty %2s supplied.', array('ValidationUtil::validateField', 'error message')));
     }
     $rc = true;
     // if this field already has an error, don't perform further checks
     if (isset($_SESSION['validationErrors'][$objectType][$field])) {
         return $rc;
     }
     if ($required) {
         if (!isset($object[$field]) || $object[$field] === '' || $object[$field] === '0') {
             $rc = false;
         }
     }
     if ($rc && $object[$field]) {
         $postval = $object[$field];
         $testval = $cmp_value;
         if (substr($testval, 0, 1) == ':') {
             // denotes an object access key
             $v2 = substr($testval, 1);
             $testval = $object[$v2];
         }
         if ($callback) {
             $postval = call_user_func($callback, $postval);
         }
         switch ($cmp_op) {
             case 'eq ':
                 $rc = $postval === $testval;
                 break;
             case 'neq':
                 $rc = $postval != $testval;
                 break;
             case 'gt':
                 $rc = $postval !== '' && is_numeric($postval) && $postval > $testval;
                 break;
             case 'gte':
                 $rc = $postval !== '' && is_numeric($postval) && $postval >= $testval;
                 break;
             case 'lt':
                 $rc = $postval !== '' && is_numeric($postval) && $postval < $testval;
                 break;
             case 'lte':
                 $rc = $postval !== '' && is_numeric($postval) && $postval <= $testval;
                 break;
             case 'in':
                 $rc = $postval !== '' && is_array($testval) && in_array($postval, $testval);
                 break;
             case 'notin':
                 $rc = $postval !== '' && is_array($testval) && !in_array($postval, $testval);
                 break;
             case 'regexp':
                 $rc = $postval !== '' && preg_match($testval, $postval);
                 break;
             case 'url':
                 $rc = System::varValidate($postval, 'url');
                 break;
             case 'email':
                 $rc = System::varValidate($postval, 'email');
                 break;
             case 'noop':
             case '':
                 if (!$required) {
                     return z_exit(__f('%1$s: invalid cmp_op [%2$s] supplied for non-required field [%3$s].', array('ValidationUtil::validateField', $cmp_op, $field)));
                 }
                 $rc = true;
                 break;
             default:
                 return z_exit(__f('%1$s: invalid cmp_op [%2$s] supplied for field [%3$s].', array('ValidationUtil::validateField', $cmp_op, $field)));
         }
     }
     if ($rc === false) {
         if (!isset($_SESSION['validationErrors'][$objectType][$field])) {
             $_SESSION['validationErrors'][$objectType][$field] = $err_msg;
         }
     }
     return $rc;
 }
Esempio n. 3
0
 /**
  * Determine if a module is hooked by another module.
  *
  * @param string $tmodule The target module.
  * @param string $smodule The source module - default the current top most module.
  *
  * @deprecated since 1.3.0
  *
  * @return boolean True if the current module is hooked by the target module, false otherwise.
  */
 public static function isHooked($tmodule, $smodule)
 {
     if (!isset(self::$cache['ishooked'])) {
         self::$cache['ishooked'] = array();
     }
     if (isset(self::$cache['ishooked'][$tmodule][$smodule])) {
         return self::$cache['ishooked'][$tmodule][$smodule];
     }
     // define input, all numbers and booleans to strings
     $tmodule = isset($tmodule) ? (string) $tmodule : '';
     $smodule = isset($smodule) ? (string) $smodule : '';
     // validate
     if (!System::varValidate($tmodule, 'mod') || !System::varValidate($smodule, 'mod')) {
         return false;
     }
     // Get database info
     $tables = DBUtil::getTables();
     $hookscolumn = $tables['hooks_column'];
     // Get applicable hooks
     $where = "WHERE {$hookscolumn['smodule']} = '" . DataUtil::formatForStore($smodule) . "'\n                    AND {$hookscolumn['tmodule']} = '" . DataUtil::formatForStore($tmodule) . "'";
     self::$cache['ishooked'][$tmodule][$smodule] = $numitems = DBUtil::selectObjectCount('hooks', $where);
     self::$cache['ishooked'][$tmodule][$smodule] = $numitems > 0;
     return self::$cache['ishooked'][$tmodule][$smodule];
 }
Esempio n. 4
0
 /**
  * Get themeID given its name.
  *
  * @param string $theme The name of the theme.
  *
  * @return integer Theme ID.
  */
 public static function getIDFromName($theme)
 {
     // define input, all numbers and booleans to strings
     $theme = preg_match('/\\w+Theme$/', $theme) || !$theme ? $theme : $theme . 'Theme';
     $theme = isset($theme) ? strtolower((string) $theme) : '';
     // validate
     if (!System::varValidate($theme, 'theme')) {
         return false;
     }
     static $themeid;
     if (!is_array($themeid) || !isset($themeid[$theme])) {
         $themes = self::getThemesTable();
         if (!$themes) {
             return;
         }
         foreach ($themes as $themeinfo) {
             $tName = strtolower($themeinfo['name']);
             $themeid[$tName] = $themeinfo['id'];
             if (isset($themeinfo['displayname']) && $themeinfo['displayname']) {
                 $tdName = strtolower($themeinfo['displayname']);
                 $themeid[$tdName] = $themeinfo['id'];
             }
         }
         if (!isset($themeid[$theme])) {
             $themeid[$theme] = false;
             return false;
         }
     }
     if (isset($themeid[$theme])) {
         return $themeid[$theme];
     }
     return false;
 }
Esempio n. 5
0
    /**
     * Import several users from a CSV file. Checks needed values and format.
     *
     * Parameters passed via GET:
     * --------------------------
     * None.
     *
     * Parameters passed via POST:
     * ---------------------------
     * None.
     *
     * Parameters passed via SESSION:
     * ------------------------------
     * None.
     *
     * @param array $importFile Information about the file to import. Used as the default
     *                            if $_FILES['importFile'] is not set. Allows this function to be called internally,
     *                            rather than as a result of a form post.
     * @param integer $delimiter A code indicating the delimiter used in the file. Used as the
     *                            default if $_POST['delimiter'] is not set. Allows this function to be called internally,
     *                            rather than as a result of a form post.
     *
     * @return a empty message if success or an error message otherwise
     */
    protected function uploadImport(array $importFile, $delimiter)
    {
        // get needed values
        $is_admin = (SecurityUtil::checkPermission('Users::', '::', ACCESS_ADMIN)) ? true : false;
        $minpass = $this->getVar('minpass');
        $defaultGroup = ModUtil::getVar('Groups', 'defaultgroup'); // Create output object;
        // calcs $pregcondition needed to verify illegal usernames
        $reg_illegalusername = $this->getVar('reg_Illegalusername');
        $pregcondition = '';
        if (!empty($reg_illegalusername)) {
            $usernames = explode(" ", $reg_illegalusername);
            $count = count($usernames);
            $pregcondition = "/((";
            for ($i = 0; $i < $count; $i++) {
                if ($i != $count-1) {
                    $pregcondition .= $usernames[$i] . ")|(";
                } else {
                    $pregcondition .= $usernames[$i] . "))/iAD";
                }
            }
        }

        // get available groups
        $allGroups = ModUtil::apiFunc('Groups', 'user', 'getall');

        // create an array with the groups identities where the user can add other users
        $allGroupsArray = array();
        foreach ($allGroups as $group) {
            if (SecurityUtil::checkPermission('Groups::', $group['gid'] . '::', ACCESS_EDIT)) {
                $allGroupsArray[] = $group['gid'];
            }
        }

        // check if the user's email must be unique
        $reg_uniemail = $this->getVar('reg_uniemail');

        // get the CSV delimiter
        switch ($delimiter) {
            case 1:
                $delimiterChar = ",";
                break;
            case 2:
                $delimiterChar = ";";
                break;
            case 3:
                $delimiterChar = ":";
                break;
        }

        // check that the user have selected a file
        $fileName = $importFile['name'];
        if ($fileName == '') {
            return $this->__("Error! You have not chosen any file.");
        }

        // check if user have selected a correct file
        if (FileUtil::getExtension($fileName) != 'csv') {
            return $this->__("Error! The file extension is incorrect. The only allowed extension is csv.");
        }

        // read the choosen file
        if (!$lines = file($importFile['tmp_name'])) {
            return $this->__("Error! It has not been possible to read the import file.");
        }
        $expectedFields = array('uname', 'pass', 'email', 'activated', 'sendmail', 'groups');
        $counter = 0;
        $importValues = array();
        // read the lines and create an array with the values. Check if the values passed are correct and set the default values if it is necessary
        foreach ($lines as $line_num => $line) {
            $line = str_replace('"', '', trim($line));
            if ($counter == 0) {
                // check the fields defined in the first row
                $firstLineArray = explode($delimiterChar, $line);
                foreach ($firstLineArray as $field) {
                    if (!in_array(trim(strtolower($field)), $expectedFields)) {
                        return $this->__f("Error! The import file does not have the expected field %s in the first row. Please check your import file.", array($field));
                    }
                }
                $counter++;
                continue;
            }
            // get and check the second and following lines
            $lineArray = array();
            $lineArray = DataUtil::formatForOS(explode($delimiterChar, $line));

            // check if the line have all the needed values
            if (count($lineArray) != count($firstLineArray)) {
                return $this->__f('Error! The number of parameters in line %s is not correct. Please check your import file.', $counter);
            }
            $importValues[] = array_combine($firstLineArray, $lineArray);

            // check all the obtained values
            // check user name
            $uname = trim($importValues[$counter - 1]['uname']);
            if ($uname == '' || strlen($uname) > 25) {
                return $this->__f('Sorry! The user name is not valid in line %s. The user name is mandatory and the maximum length is 25 characters. Please check your import file.',
                    $counter);
            }

            // check if it is a valid user name
            // admins are allowed to add any usernames, even those defined as being illegal
            if (!$is_admin && $pregcondition != '') {
                // check for illegal usernames
                if (preg_match($pregcondition, $uname)) {
                    return $this->__f('Sorry! The user name %1$s is reserved and cannot be registered in line %2$s. Please check your import file.', array($uname, $counter));
                }
            }

            // check if the user name is valid because spaces or invalid characters
            if (preg_match("/[[:space:]]/", $uname) || !System::varValidate($uname, 'uname')) {
                return $this->__f('Sorry! The user name %1$s cannot contain spaces in line %2$s. Please check your import file.', array($uname, $counter));
            }

            // check if the user name is repeated
            if (in_array($uname, $usersArray)) {
                return $this->__f('Sorry! The user name %1$s is repeated in line %2$s, and it cannot be used twice for creating accounts. Please check your import file.',
                    array($uname, $counter));
            }
            $usersArray[] = $uname;

            // check password
            $pass = (string)trim($importValues[$counter - 1]['pass']);
            if ($pass == '') {
                return $this->__f('Sorry! You did not provide a password in line %s. Please check your import file.', $counter);
            }

            // check password length
            if (strlen($pass) <  $minpass) {
                return $this->__f('Sorry! The password must be at least %1$s characters long in line %2$s. Please check your import file.', array($minpass, $counter));
            }

            // check email
            $email = trim($importValues[$counter - 1]['email']);
            if ($email == '') {
                return $this->__f('Sorry! You did not provide a email in line %s. Please check your import file.', $counter);
            }

            // check email format
            if (!System::varValidate($email, 'email')) {
                return $this->__f('Sorry! The e-mail address you entered was incorrectly formatted or is unacceptable for other reasons in line %s. Please check your import file.', $counter);
            }

            // check if email is unique only if it is necessary
            if ($reg_uniemail == 1) {
                if (in_array($email, $emailsArray)) {
                    return $this->__f('Sorry! The %1$s e-mail address is repeated in line %2$s, and it cannot be used twice for creating accounts. Please check your import file.',
                        array($email, $counter));
                }
                $emailsArray[] = $email;
            }

            // validate activation value
            $importValues[$counter - 1]['activated'] = isset($importValues[$counter - 1]['activated']) ? (int)$importValues[$counter - 1]['activated'] : Users_Constant::ACTIVATED_ACTIVE;
            $activated = $importValues[$counter - 1]['activated'];
            if (($activated != Users_Constant::ACTIVATED_INACTIVE) && ($activated != Users_Constant::ACTIVATED_ACTIVE)) {
                return $this->__f('Error! The CSV is not valid: the "activated" column must contain 0 or 1 only.');
            }

            // validate sendmail
            $importValues[$counter - 1]['sendmail'] = isset($importValues[$counter - 1]['sendmail']) ? (int)$importValues[$counter - 1]['sendmail'] : 0;
            if ($importValues[$counter - 1]['sendmail'] < 0 || $importValues[$counter - 1]['sendmail'] > 1) {
                return $this->__f('Error! The CSV is not valid: the "sendmail" column must contain 0 or 1 only.');
            }

            // check groups and set defaultGroup as default if there are not groups defined
            $importValues[$counter - 1]['groups'] = isset($importValues[$counter - 1]['groups']) ? (int)$importValues[$counter - 1]['groups'] : '';
            $groups = $importValues[$counter - 1]['groups'];
            if ($groups == '') {
                $importValues[$counter - 1]['groups'] = $defaultGroup;
            } else {
                $groupsArray = explode('|', $groups);
                foreach ($groupsArray as $group) {
                    if (!in_array($group, $allGroupsArray)) {
                        return $this->__f('Sorry! The identity of the group %1$s is not not valid in line %2$s. Perhaps it do not exist. Please check your import file.', array($group, $counter));
                    }
                }
            }
            $counter++;
        }

        // seams that the import file is formated correctly and its values are valid
        if (empty($importValues)) {
            return $this->__("Error! The import file does not have values.");
        }

        // check if users exists in database
        $usersInDB = ModUtil::apiFunc($this->name, 'admin', 'checkMultipleExistence',
                                      array('valuesarray' => $usersArray,
                                            'key' => 'uname'));
        if ($usersInDB === false) {
            return $this->__("Error! Trying to read the existing user names in database.");
        } else {
            if (count($usersInDB) > 0) {
                return $this->__("Sorry! One or more user names really exist in database. The user names must be uniques.");
            }
        }

        // check if emails exists in data base in case the email have to be unique
        if ($reg_uniemail == 1) {
            $emailsInDB = ModUtil::apiFunc($this->name, 'admin', 'checkMultipleExistence',
                                          array('valuesarray' => $emailsArray,
                                                'key' => 'email'));
            if ($emailsInDB === false) {
                return $this->__("Error! Trying to read the existing users' email addressess in database.");
            } else {
                if (count($emailsInDB) > 0) {
                    return $this->__("Sorry! One or more users' email addresses exist in the database. Each user's e-mail address must be unique.");
                }
            }
        }

        // seems that the values in import file are ready. Procceed creating users
        if (!ModUtil::apiFunc($this->name, 'admin', 'createImport', array('importvalues' => $importValues))) {
            return $this->__("Error! The creation of users has failed.");
        }

        return '';
    }
Esempio n. 6
0
 /**
  * Check if a module is available.
  *
  * @param string  $modname The name of the module.
  * @param boolean $force   Force.
  *
  * @return boolean True if the module is available, false if not.
  */
 public static function available($modname = null, $force = false)
 {
     // define input, all numbers and booleans to strings
     $modname = preg_match('/\\w+Module$/i', $modname) || !$modname ? $modname : $modname . 'Module';
     $modname = isset($modname) ? strtolower((string) $modname) : '';
     // validate
     if (!System::varValidate($modname, 'mod')) {
         return false;
     }
     if (!isset(self::$cache['modstate'])) {
         self::$cache['modstate'] = array();
     }
     if (!isset(self::$cache['modstate'][$modname]) || $force == true) {
         $modinfo = self::getInfo(self::getIDFromName($modname));
         if (isset($modinfo['state'])) {
             self::$cache['modstate'][$modname] = $modinfo['state'];
         }
     }
     if ($force == true) {
         self::$cache['modstate'][$modname] = self::STATE_ACTIVE;
     }
     if (isset(self::$cache['modstate'][$modname]) && self::$cache['modstate'][$modname] == self::STATE_ACTIVE || preg_match('/^(extensionsmodule|adminmodule|thememodule|blockmodule|groupsmodule|permissionsmodule|usersmodule)$/i', $modname) && (isset(self::$cache['modstate'][$modname]) && (self::$cache['modstate'][$modname] == self::STATE_UPGRADED || self::$cache['modstate'][$modname] == self::STATE_INACTIVE))) {
         self::$cache['modstate'][$modname] = self::STATE_ACTIVE;
         return true;
     }
     return false;
 }
Esempio n. 7
0
    /**
     * Validate new user information entered by the user.
     *
     * Parameters passed in the $args array:
     * -------------------------------------
     * array  $args['reginfo']        The core registration or user information collected from the user.
     * string $args['emailagain']     The e-mail address repeated for verification.
     * string $args['passagain']      The passsword repeated for verification.
     * string $args['antispamanswer'] The answer to the antispam question provided by the user.
     * string $args['checkmode']      The "mode" that should be used when checking errors. Either 'new' or 'modify'
     *                                      The checks that are performed depend on whether the record being checked is
     *                                      for a new record or a record being modified.
     * bool   $args['setpass']        A flag indicating whether the password is to be set on the new
     *                                      or modified record, affecting error checking.
     *
     * @param array $args All parameters passed to this function.
     *
     * @return array An array containing errors organized by field.
     *
     * @throws Zikula_Exception_Forbidden Thrown if the user does not have read access.
     *
     * @throws Zikula_Exception_Fatal If a required parameter is missing from $args.
     */
    public function getRegistrationErrors($args)
    {
        $registrationErrors = array();

        if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_READ)) {
            throw new Zikula_Exception_Forbidden();
        }

        $isAdmin = $this->currentUserIsAdmin();
        $isAdminOrSubAdmin = $this->currentUserIsAdminOrSubAdmin();

        if (!isset($args['reginfo']) || !is_array($args['reginfo'])) {
            throw new Zikula_Exception_Fatal($this->__('Internal Error! Missing required parameter.'));
        }
        $reginfo = $args['reginfo'];

        // Easier to to these here....
        if (isset($reginfo['uname'])) {
            $reginfo['uname'] = mb_strtolower($reginfo['uname']);
        }
        if (isset($reginfo['email'])) {
            $reginfo['email'] = mb_strtolower($reginfo['email']);
        }

        $setPassword = ($isAdminOrSubAdmin && isset($args['setpass'])) ? $args['setpass'] : true;

        $checkMode                  = isset($args['checkmode'])     ? $args['checkmode']        : 'new';
        $emailAgain                 = isset($args['emailagain'])    ? $args['emailagain']       : '';
        $passwordAgain              = isset($args['passagain'])     ? $args['passagain']        : '';
        $spamProtectionUserAnswer   = isset($args['antispamanswer'])? $args['antispamanswer']   : '';

        if (!isset($reginfo['uname']) || empty($reginfo['uname'])) {
            $registrationErrors['uname'] = $this->__('You must provide a user name.');
        } elseif (!System::varValidate($reginfo['uname'], 'uname')) {
            $registrationErrors['uname'] = $this->__('The user name you entered contains unacceptable characters. A valid user name consists of lowercase letters, numbers, underscores, periods, and/or dashes.');
        } elseif (mb_strlen($reginfo['uname']) > Users_Constant::UNAME_VALIDATION_MAX_LENGTH) {
            $registrationErrors['uname'] = $this->__f('The user name you entered is too long. The maximum length is %1$d characters.', array(Users_Constant::UNAME_VALIDATION_MAX_LENGTH));
        } else {
            $tempValid = true;
            if (!$isAdmin) {
                $illegalUserNames = $this->getVar(Users_Constant::MODVAR_REGISTRATION_ILLEGAL_UNAMES, '');
                if (!empty($illegalUserNames)) {
                    $pattern = array('/^(\s*,\s*|\s+)+/D', '/\b(\s*,\s*|\s+)+\b/D', '/(\s*,\s*|\s+)+$/D');
                    $replace = array('', '|', '');
                    $illegalUserNames = preg_replace($pattern, $replace, preg_quote($illegalUserNames, '/'));
                    if (preg_match("/^({$illegalUserNames})/iD", $reginfo['uname'])) {
                        $registrationErrors['uname'] = $this->__('The user name you entered is reserved. It cannot be used.');
                        $tempValid = false;
                    }
                }
            }

            if ($tempValid) {
                if ($checkMode == 'modify') {
                    $unameUsageCount = UserUtil::getUnameUsageCount($reginfo['uname'], $reginfo['uid']);
                } else {
                    $unameUsageCount = UserUtil::getUnameUsageCount($reginfo['uname']);
                }

                if ($unameUsageCount) {
                    $registrationErrors['uname'] = $this->__('The user name you entered has already been registered.');
                    $tempValid = false;
                }
            }
            unset($tempValid);
        }

        $emailErrors = ModUtil::apiFunc($this->name, 'registration', 'getEmailErrors', array(
            'uid'        => isset($reginfo['uid'])        ? $reginfo['uid']        : null,
            'email'      => isset($reginfo['email'])      ? $reginfo['email']      : null,
            'emailagain' => isset($emailAgain)            ? $emailAgain            : null,
            'checkmode'  => isset($checkMode)             ? $checkMode             : null,
        ));
        if (!empty($emailErrors)) {
            $registrationErrors = array_merge($registrationErrors, $emailErrors);
        }

        $verificationAndPassword = $this->getVar(Users_Constant::MODVAR_REGISTRATION_VERIFICATION_MODE, Users_Constant::VERIFY_NO);
        if ($verificationAndPassword == Users_Constant::VERIFY_SYSTEMPWD) {
            throw new Zikula_Exception_Fatal($this->__('Internal Error! System-generated passwords are no longer supported!'));
        }
        if (!$isAdminOrSubAdmin || $setPassword) {
            $passwordErrors = ModUtil::apiFunc($this->name, 'registration', 'getPasswordErrors', array(
                'reginfo'       => isset($reginfo)          ? $reginfo          : null,
                'passagain'     => isset($passwordAgain)    ? $passwordAgain    : null,
            ));

            if (!empty($passwordErrors)) {
                $registrationErrors = array_merge($registrationErrors, $passwordErrors);
            }
        }

        if (!$isAdminOrSubAdmin && ($checkMode != 'modify')) {
            $spamProtectionQuestion = $this->getVar(Users_Constant::MODVAR_REGISTRATION_ANTISPAM_QUESTION, '');
            $spamProtectionCorrectAnswer = $this->getVar(Users_Constant::MODVAR_REGISTRATION_ANTISPAM_ANSWER, '');
            if (!empty($spamProtectionQuestion) && !empty($spamProtectionCorrectAnswer)) {
                if ($spamProtectionUserAnswer != $spamProtectionCorrectAnswer) {
                    $registrationErrors['antispamanswer'] = $this->__('You gave the wrong answer to the anti-spam registration question.');
                }
            }
        }

        if (isset($reginfo['theme']) && !empty($reginfo['theme'])) {
            $themeId = ThemeUtil::getIDFromName($reginfo['theme']);
            if (!$themeId) {
                $registrationErrors['theme'] = $this->__f('\'%1$s\' is not a valid theme.', array($reginfo['theme']));
            }
        }

        return !empty($registrationErrors) ? $registrationErrors : false;
    }
Esempio n. 8
0
 function handleCommand(Zikula_Form_View $view, &$args)
 {
     // Security check
     $securityCheck = ModUtil::apiFunc('EZComments', 'user', 'checkPermission', array('module' => '', 'objectid' => '', 'commentid' => $this->id, 'level' => ACCESS_EDIT));
     if (!$securityCheck) {
         return LogUtil::registerPermissionError(ModUtil::url('EZComments', 'admin', 'main'));
     }
     $ok = $view->isValid();
     $data = $view->getValues();
     $comment = ModUtil::apiFunc('EZComments', 'user', 'get', array('id' => $this->id));
     switch ($args['commandName']) {
         case 'cancel':
             // nothing to do
             break;
         case 'delete':
             // delete the comment
             // The API function is called.
             // note: the api call is a little different here since we'll really calling a hook function that will
             // normally be executed when a module is deleted. The extra nesting of the modname inside an extrainfo
             // array reflects this
             if (ModUtil::apiFunc('EZComments', 'admin', 'delete', array('id' => $this->id))) {
                 // Success
                 LogUtil::registerStatus($this->__('Done! Comment deleted.'));
                 // clear respective cache
                 ModUtil::apiFunc('EZComments', 'user', 'clearItemCache', $comment);
             }
             break;
         case 'submit':
             if (!empty($comment['anonname'])) {
                 // poster is anonymous
                 // check anon fields
                 if (empty($data['ezcomments_anonname'])) {
                     $ifield = $view->getPluginById('ezcomments_anonname');
                     $ifield->setError(DataUtil::formatForDisplay($this->__('Name for anonymous user is missing.')));
                     $ok = false;
                 }
                 // anonmail must be valid - really necessary if an admin changes this?
                 if (empty($data['ezcomments_anonmail']) || !System::varValidate($data['ezcomments_anonmail'], 'email')) {
                     $ifield = $view->getPluginById('ezcomments_anonmail');
                     $ifield->setError(DataUtil::formatForDisplay($this->__('Email address of anonymous user is missing or invalid.')));
                     $ok = false;
                 }
                 // anonwebsite must be valid
                 if (!empty($data['ezcomments_anonwebsite']) && !System::varValidate($data['ezcomments_anonmail'], 'url')) {
                     $ifield = $view->getPluginById('ezcomments_anonwebsite');
                     $ifield->setError(DataUtil::formatForDisplay($this->__('Website of anonymous user is invalid.')));
                     $ok = false;
                 }
             } else {
                 // user has not posted as anonymous, continue normally
             }
             // no check on ezcomments_subject as this may be empty
             if (empty($data['ezcomments_comment'])) {
                 $ifield = $view->getPluginById('ezcomments_comment');
                 $ifield->setError(DataUtil::formatForDisplay($this->__('Error! The comment contains no text.')));
                 $ok = false;
             }
             if (!$ok) {
                 return false;
             }
             // Call the API to update the item.
             if (ModUtil::apiFunc('EZComments', 'admin', 'update', array('id' => $this->id, 'subject' => $data['ezcomments_subject'], 'comment' => $data['ezcomments_comment'], 'status' => (int) $data['ezcomments_status'], 'anonname' => $data['ezcomments_anonname'], 'anonmail' => $data['ezcomments_anonmail'], 'anonwebsite' => $data['ezcomments_anonwebsite']))) {
                 // Success
                 LogUtil::registerStatus($this->__('Done! Comment updated.'));
                 // clear respective cache
                 ModUtil::apiFunc('EZComments', 'user', 'clearItemCache', $comment);
             }
             break;
     }
     if ($data['ezcomments_sendmeback'] == true) {
         return System::redirect($comment['url'] . "#comments_{$comment['modname']}_{$comment['objectid']}");
     }
     return System::redirect(ModUtil::url('EZComments', 'admin', 'main'));
 }
Esempio n. 9
0
/**
 * validate a zikula variable
 *
 * @deprecated Deprecated since version 1.3.0.
 * @see System::varValidate()
 *
 * @param $var   the variable to validate
 * @param $type  the type of the validation to perform (email, url etc.)
 * @param $args  optional array with validation-specific settings (never used...)
 * @return bool true if the validation was successful, false otherwise
 */
function pnVarValidate($var, $type, $args = 0)
{
    LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'System::varValidate')), E_USER_DEPRECATED);
    return System::varValidate($var, $type, $args);
}