public function save_custom_fields($relation_id, $field_type, $customfield_data) { // Update custom fields for the object. if (isset($customfield_data)) { // Insert new custom profile fields. foreach ($customfield_data as $name => $val) { require_once PHORUM_PATH . '/include/api/custom_field.php'; $custom = phorum_api_custom_field_byname($name, $field_type); // Arrays and NULL values are left untouched. // Other values are truncated to their configured field length. if ($val !== NULL && !is_array($val)) { $val = substr($val, 0, $custom['length']); } if ($custom !== null) { $key = $custom['id']; // Arrays need to be serialized. The serialized data is prefixed // with "P_SER:" as a marker for serialization. if (is_array($val)) { $val = 'P_SER:' . serialize($val); } $val = $this->interact(DB_RETURN_QUOTED, $val); // Try to insert a new record. $res = $this->interact(DB_RETURN_RES, "INSERT INTO {$this->custom_fields_table}\n (relation_id, field_type, type, data)\n VALUES ({$relation_id}, {$field_type} , {$key}, '{$val}')", NULL, DB_DUPKEYOK | DB_MASTERQUERY); // If no result was returned, then the query failed. This probably // means that we already have a record in the database. // So instead of inserting a record, we need to update one here. if (!$res) { $this->interact(DB_RETURN_RES, "UPDATE {$this->custom_fields_table}\n SET data = '{$val}'\n WHERE relation_id = {$relation_id} AND\n field_type = {$field_type} AND\n type = {$key}", NULL, DB_MASTERQUERY); } } } } }
/** * Create or update the configuration for a custom field. * * @param array $field * This parameter holds the field configuration to save. This array * must contain the following fields: * * - id: If a new field has to be created, then use NULL for this field. * If a custom field has to be updated, then use the existing * custom field's id. * * - name: The name that has to be assigned to the custom field. * This name can only contain letters, numbers and underscores * (_) and it has to start with a letter. * * The following fields are optional. If they are missing, then a default * value will be used for them. * * - length: The maximum length for the field data. This will make sure * that the data that is stored in the custom field will * be truncated in case its length surpasses the configured * custom field length. If this field is missing or set to NULL, * then the default length 255 will be used. * * - html_disabled: If this field is set to a true value, then * special HTML characters are not usable in this field. When * displaying the custom field's data, Phorum will automatically * escape these characters. Only use a false value for this * field if the data that will be saved in the field is really safe * for direct use in a web page (to learn about the security risks * involved, search for "XSS" and "cross site scripting" on * the internet) or if it is used to store serialized data. * If this field is missing or set to NULL, then the default * setting TRUE will be used. * * - type: This field specifies the type of a custom field. * This can be one of * {@link PHORUM_CUSTOM_FIELD_USER}, * {@link PHORUM_CUSTOM_FIELD_FORUM} or * {@link PHORUM_CUSTOM_FIELD_MESSAGE}. * * - show_in_admin: If this field is set to a true value, then the field * will be displayed on the details page e.g. for a user in the * admin "Edit Users" section. If this field is missing or set * to NULL, then the default setting FALSE will be used. * * @return array * This function returns the custom field data in an array, containing * the same fields as the {@link $field} function parameter. If a new * field was created, then the "file_id" field will be set to the new * custom field id. The fields "length" and "html_disabled" will also * be updated to their defaults if they were set to NULL in * the $field argument. */ function phorum_api_custom_field_configure($field) { global $PHORUM; // The available fields and their defaults. NULL indicates a mandatory // field. The field "id" can be NULL though, when creating a new // custom field. $fields = array('id' => NULL, 'name' => NULL, 'field_type' => NULL, 'length' => 255, 'html_disabled' => TRUE, 'show_in_admin' => FALSE); // Check if all required fields are in the $field argument. // Assign default values for missing or NULL fields or trigger // or an error if the field is mandatory. foreach ($fields as $f => $default) { if (!array_key_exists($f, $field)) { if ($default === NULL) { trigger_error('phorum_api_custom_field_configure(): Missing field ' . "in \$field parameter: {$f}", E_USER_ERROR); } $field[$f] = $default; } elseif ($f != 'id' && $field[$f] === NULL) { trigger_error("phorum_api_custom_field_configure(): Field {$f} in " . '$field parameter cannot be NULL', E_USER_ERROR); } } $field['id'] = $field['id'] === NULL ? NULL : (int) $field['id']; $field['name'] = trim($field['name']); settype($field['field_type'], 'int'); settype($field['length'], 'int'); settype($field['html_disabled'], 'bool'); settype($field['show_in_admin'], 'bool'); if ($field['field_type'] !== PHORUM_CUSTOM_FIELD_USER && $field['field_type'] !== PHORUM_CUSTOM_FIELD_FORUM && $field['field_type'] !== PHORUM_CUSTOM_FIELD_MESSAGE) { trigger_error('phorum_api_custom_field_configure(): Illegal custom field type: ' . $field['field_type'], E_USER_ERROR); } // Check the custom field name. if (!preg_match('/^[a-z][\\w_]*$/i', $field['name'])) { return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, 'Field names can only contain letters, numbers and ' . 'underscores (_) and they must start with a letter.'); } // Check if the custom field name isn't an internally used name. // This is either one of the reserved names or a field that is // already used as a user data field. if (in_array($field['name'], $PHORUM['API']['cpf_reserved']) || isset($GLOBALS['PHORUM']['API']['user_fields'][$field['name']])) { return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "The name \"{$field['name']}\" is reserved for internal use " . 'by Phorum. Please choose a different name for your custom field.'); } // Check the bounds for the field length. if ($field['length'] > PHORUM_MAX_CUSTOM_FIELD_LENGTH) { return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "The length \"{$field['length']}\" for the custom " . 'field is too large. The maximum length that can be used ' . 'is ' . PHORUM_MAX_CUSTOM_FIELD_LENGTH . '.'); } if ($field['length'] <= 0) { return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "The length for the custom field must be above zero."); } // For new fields, check if the name isn't already in use. if ($field['id'] === NULL && phorum_api_custom_field_byname($field['name'], $field['field_type'])) { return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "A custom field with the name \"{$field['name']}\" " . 'already exists. Please choose a different name for your ' . 'custom field.'); } // Setup the field configuration in the database. $field['id'] = $PHORUM['DB']->custom_field_config_set($field); phorum_api_custom_field_rebuild_cache(); return $field; }
/** * @deprecated Replaced by {@link phorum_api_custom_field_byname()}. */ function phorum_api_custom_profile_field_byname($name) { require_once PHORUM_PATH . '/include/api/custom_field.php'; return phorum_api_custom_field_byname($name, PHORUM_CUSTOM_FIELD_USER); }
return; } require_once PHORUM_PATH . '/include/api/custom_field.php'; $TYPES_ARRAY = array(PHORUM_CUSTOM_FIELD_USER => 'User', PHORUM_CUSTOM_FIELD_FORUM => 'Forum', PHORUM_CUSTOM_FIELD_MESSAGE => 'Message'); // Create or update a custom profile field. if (count($_POST) && $_POST['name'] != '') { $_POST['curr'] = $_POST['curr'] == 'NEW' ? 'NEW' : (int) $_POST['curr']; $_POST['field_type'] = (int) $_POST['field_type']; $_POST['name'] = trim($_POST['name']); $_POST['length'] = (int) $_POST['length']; $_POST['html_disabled'] = !empty($_POST['html_disabled']) ? 1 : 0; $_POST['show_in_admin'] = !empty($_POST['show_in_admin']) ? 1 : 0; // Check if there is a deleted field with the same name. // If this is the case, then we want to give the admin a chance // to restore the deleted field. $check = phorum_api_custom_field_byname($_POST['name'], $_POST['field_type']); if ($check !== FALSE && !empty($check["deleted"])) { // Handle restoring a deleted field. if (isset($_POST["restore"])) { if (phorum_api_custom_field_restore($check["id"]) === FALSE) { phorum_admin_error(phorum_api_error_message()); } else { phorum_admin_okmsg("The custom field " . "\"{$check["name"]}\" has been restored."); } // Empty the POST array, so the code below won't try to // create or update a field. $_POST = array(); } elseif (isset($_POST["create"])) { phorum_api_custom_field_delete($check["id"], TRUE); } else { ?>