public function save_custom_fields($relation_id, $field_type, $customfield_data)
{
// Update custom fields for the object.
if (isset($customfield_data)) {
// Insert new custom profile fields.
foreach ($customfield_data as $name => $val) {
require_once PHORUM_PATH . '/include/api/custom_field.php';
$custom = phorum_api_custom_field_byname($name, $field_type);
// Arrays and NULL values are left untouched.
// Other values are truncated to their configured field length.
if ($val !== NULL && !is_array($val)) {
$val = substr($val, 0, $custom['length']);
}
if ($custom !== null) {
$key = $custom['id'];
// Arrays need to be serialized. The serialized data is prefixed
// with "P_SER:" as a marker for serialization.
if (is_array($val)) {
$val = 'P_SER:' . serialize($val);
}
$val = $this->interact(DB_RETURN_QUOTED, $val);
// Try to insert a new record.
$res = $this->interact(DB_RETURN_RES, "INSERT INTO {$this->custom_fields_table}\n (relation_id, field_type, type, data)\n VALUES ({$relation_id}, {$field_type} , {$key}, '{$val}')", NULL, DB_DUPKEYOK | DB_MASTERQUERY);
// If no result was returned, then the query failed. This probably
// means that we already have a record in the database.
// So instead of inserting a record, we need to update one here.
if (!$res) {
$this->interact(DB_RETURN_RES, "UPDATE {$this->custom_fields_table}\n SET data = '{$val}'\n WHERE relation_id = {$relation_id} AND\n field_type = {$field_type} AND\n type = {$key}", NULL, DB_MASTERQUERY);
}
}
}
}
}
/**
* Create or update the configuration for a custom field.
*
* @param array $field
* This parameter holds the field configuration to save. This array
* must contain the following fields:
*
* - id: If a new field has to be created, then use NULL for this field.
* If a custom field has to be updated, then use the existing
* custom field's id.
*
* - name: The name that has to be assigned to the custom field.
* This name can only contain letters, numbers and underscores
* (_) and it has to start with a letter.
*
* The following fields are optional. If they are missing, then a default
* value will be used for them.
*
* - length: The maximum length for the field data. This will make sure
* that the data that is stored in the custom field will
* be truncated in case its length surpasses the configured
* custom field length. If this field is missing or set to NULL,
* then the default length 255 will be used.
*
* - html_disabled: If this field is set to a true value, then
* special HTML characters are not usable in this field. When
* displaying the custom field's data, Phorum will automatically
* escape these characters. Only use a false value for this
* field if the data that will be saved in the field is really safe
* for direct use in a web page (to learn about the security risks
* involved, search for "XSS" and "cross site scripting" on
* the internet) or if it is used to store serialized data.
* If this field is missing or set to NULL, then the default
* setting TRUE will be used.
*
* - type: This field specifies the type of a custom field.
* This can be one of
* {@link PHORUM_CUSTOM_FIELD_USER},
* {@link PHORUM_CUSTOM_FIELD_FORUM} or
* {@link PHORUM_CUSTOM_FIELD_MESSAGE}.
*
* - show_in_admin: If this field is set to a true value, then the field
* will be displayed on the details page e.g. for a user in the
* admin "Edit Users" section. If this field is missing or set
* to NULL, then the default setting FALSE will be used.
*
* @return array
* This function returns the custom field data in an array, containing
* the same fields as the {@link $field} function parameter. If a new
* field was created, then the "file_id" field will be set to the new
* custom field id. The fields "length" and "html_disabled" will also
* be updated to their defaults if they were set to NULL in
* the $field argument.
*/
function phorum_api_custom_field_configure($field)
{
global $PHORUM;
// The available fields and their defaults. NULL indicates a mandatory
// field. The field "id" can be NULL though, when creating a new
// custom field.
$fields = array('id' => NULL, 'name' => NULL, 'field_type' => NULL, 'length' => 255, 'html_disabled' => TRUE, 'show_in_admin' => FALSE);
// Check if all required fields are in the $field argument.
// Assign default values for missing or NULL fields or trigger
// or an error if the field is mandatory.
foreach ($fields as $f => $default) {
if (!array_key_exists($f, $field)) {
if ($default === NULL) {
trigger_error('phorum_api_custom_field_configure(): Missing field ' . "in \$field parameter: {$f}", E_USER_ERROR);
}
$field[$f] = $default;
} elseif ($f != 'id' && $field[$f] === NULL) {
trigger_error("phorum_api_custom_field_configure(): Field {$f} in " . '$field parameter cannot be NULL', E_USER_ERROR);
}
}
$field['id'] = $field['id'] === NULL ? NULL : (int) $field['id'];
$field['name'] = trim($field['name']);
settype($field['field_type'], 'int');
settype($field['length'], 'int');
settype($field['html_disabled'], 'bool');
settype($field['show_in_admin'], 'bool');
if ($field['field_type'] !== PHORUM_CUSTOM_FIELD_USER && $field['field_type'] !== PHORUM_CUSTOM_FIELD_FORUM && $field['field_type'] !== PHORUM_CUSTOM_FIELD_MESSAGE) {
trigger_error('phorum_api_custom_field_configure(): Illegal custom field type: ' . $field['field_type'], E_USER_ERROR);
}
// Check the custom field name.
if (!preg_match('/^[a-z][\\w_]*$/i', $field['name'])) {
return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, 'Field names can only contain letters, numbers and ' . 'underscores (_) and they must start with a letter.');
}
// Check if the custom field name isn't an internally used name.
// This is either one of the reserved names or a field that is
// already used as a user data field.
if (in_array($field['name'], $PHORUM['API']['cpf_reserved']) || isset($GLOBALS['PHORUM']['API']['user_fields'][$field['name']])) {
return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "The name \"{$field['name']}\" is reserved for internal use " . 'by Phorum. Please choose a different name for your custom field.');
}
// Check the bounds for the field length.
if ($field['length'] > PHORUM_MAX_CUSTOM_FIELD_LENGTH) {
return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "The length \"{$field['length']}\" for the custom " . 'field is too large. The maximum length that can be used ' . 'is ' . PHORUM_MAX_CUSTOM_FIELD_LENGTH . '.');
}
if ($field['length'] <= 0) {
return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "The length for the custom field must be above zero.");
}
// For new fields, check if the name isn't already in use.
if ($field['id'] === NULL && phorum_api_custom_field_byname($field['name'], $field['field_type'])) {
return phorum_api_error(PHORUM_ERRNO_INVALIDINPUT, "A custom field with the name \"{$field['name']}\" " . 'already exists. Please choose a different name for your ' . 'custom field.');
}
// Setup the field configuration in the database.
$field['id'] = $PHORUM['DB']->custom_field_config_set($field);
phorum_api_custom_field_rebuild_cache();
return $field;
}
/**
* @deprecated Replaced by {@link phorum_api_custom_field_byname()}.
*/
function phorum_api_custom_profile_field_byname($name)
{
require_once PHORUM_PATH . '/include/api/custom_field.php';
return phorum_api_custom_field_byname($name, PHORUM_CUSTOM_FIELD_USER);
}
return;
}
require_once PHORUM_PATH . '/include/api/custom_field.php';
$TYPES_ARRAY = array(PHORUM_CUSTOM_FIELD_USER => 'User', PHORUM_CUSTOM_FIELD_FORUM => 'Forum', PHORUM_CUSTOM_FIELD_MESSAGE => 'Message');
// Create or update a custom profile field.
if (count($_POST) && $_POST['name'] != '') {
$_POST['curr'] = $_POST['curr'] == 'NEW' ? 'NEW' : (int) $_POST['curr'];
$_POST['field_type'] = (int) $_POST['field_type'];
$_POST['name'] = trim($_POST['name']);
$_POST['length'] = (int) $_POST['length'];
$_POST['html_disabled'] = !empty($_POST['html_disabled']) ? 1 : 0;
$_POST['show_in_admin'] = !empty($_POST['show_in_admin']) ? 1 : 0;
// Check if there is a deleted field with the same name.
// If this is the case, then we want to give the admin a chance
// to restore the deleted field.
$check = phorum_api_custom_field_byname($_POST['name'], $_POST['field_type']);
if ($check !== FALSE && !empty($check["deleted"])) {
// Handle restoring a deleted field.
if (isset($_POST["restore"])) {
if (phorum_api_custom_field_restore($check["id"]) === FALSE) {
phorum_admin_error(phorum_api_error_message());
} else {
phorum_admin_okmsg("The custom field " . "\"{$check["name"]}\" has been restored.");
}
// Empty the POST array, so the code below won't try to
// create or update a field.
$_POST = array();
} elseif (isset($_POST["create"])) {
phorum_api_custom_field_delete($check["id"], TRUE);
} else {
?>
