コード例 #1
ファイル: class_masterform.php プロジェクト: eistr2n/lansuite
 function SendForm($BaseURL, $table, $idname = '', $id = 0)
     // $BaseURL is no longer needed!
     global $dsp, $db, $config, $func, $sec, $lang, $framework, $mf_number, $__POST, $smarty, $cfg, $authentication;
     // In freeze-mode there are no changes to the DB allowed
     if ($cfg['sys_freeze']) {
         $func->information(t('Diese Webseite ist Momentan im "Freeze-Mode".[br]D.h. es können keine neuen Daten in die Datenbank geschrieben werden.[br][br]Bitte versuche es zu einem Späteren Zeitpunkt nocheinmal.'));
     // Break, if in wrong form
     $Step_Tmp = $_GET['mf_step'];
     if ($_GET['mf_step'] == 2 and $_GET['mf_id'] != $mf_number) {
         $Step_Tmp = 1;
     // If more then one row in a table should be edited
     if (strpos($id, ' ') > 0) {
         $this->MultiLineID = $id;
         $id = '';
     // Adds non-page-fields to fake page
     if ($BaseURL) {
         $StartURL = $BaseURL . '&' . $idname . '=' . $id;
     } else {
         $StartURL = $framework->get_clean_url_query('base');
         $StartURL = str_replace('&mf_step=2', '', $StartURL);
         $StartURL = preg_replace('#&mf_id=[0-9]*#si', '', $StartURL);
         if (strpos($StartURL, '&' . $idname . '=' . $id) == 0) {
             $StartURL .= '&' . $idname . '=' . $id;
     $this->LinkBack = $StartURL . '#MF' . $mf_number;
     if ($id or $this->MultiLineID) {
         $this->isChange = true;
     $AddKey = '';
     if ($this->AdditionalKey != '') {
         $AddKey = $this->AdditionalKey . ' AND ';
     $InsContName = 'InsertControll' . $this->MFID;
     // If the table entry should be created, or deleted wheter the control field is checked
     if ($this->AddInsertControllField != '') {
         if ($this->MultiLineID) {
             $find_entry = $db->qry("SELECT * FROM %prefix%{$table} WHERE " . $this->MultiLineID);
         } else {
             $find_entry = $db->qry("SELECT * FROM %prefix%{$table} WHERE {$AddKey} {$idname} = %int%", $id);
         $db->num_rows($find_entry) ? $this->isChange = 1 : ($this->isChange = 0);
     // Get SQL-Field Types
     $res = $db->qry("DESCRIBE %prefix%%plain%", $table);
     while ($row = $db->fetch_array($res)) {
         $SQLFieldTypes[$row['Field']] = $row['Type'];
         if ($row['Key'] == 'PRI' or $row['Key'] == 'UNI') {
             $SQLFieldUnique[$row['Field']] = true;
         } else {
             $SQLFieldUnique[$row['Field']] = false;
     // Split fields, which consist of more than one
     if ($this->SQLFields) {
         foreach ($this->SQLFields as $key => $val) {
             if (strpos($this->SQLFields[$key], '|') > 0) {
                 $subfields = explode('|', $this->SQLFields[$key]);
                 if ($subfields) {
                     foreach ($subfields as $subfield) {
                         $this->SQLFields[] = $subfield;
     // Delete non existing DB fields, from array
     if ($this->SQLFields) {
         foreach ($this->SQLFields as $key => $val) {
             if (!$SQLFieldTypes[$val]) {
     // Error-Switch
     switch ($Step_Tmp) {
             $_SESSION['mf_referrer'][$mf_number] = $func->internal_referer;
             // Read current values, if change
             if ($this->isChange) {
                 $db_query = '';
                 if ($this->SQLFields) {
                     foreach ($this->SQLFields as $val) {
                         #            if ($SQLFieldTypes[$val] == 'datetime' or $SQLFieldTypes[$val] == 'date') $db_query .= ", UNIX_TIMESTAMP($val) AS $val";
                         #            else $db_query .= ", $val";
                         $db_query .= ", {$val}";
                 // Select current values for Multi-Line-Edit
                 if ($this->MultiLineID) {
                     $z = 0;
                     $res = $db->qry("SELECT %plain% %plain% FROM %prefix%%plain% WHERE %plain%", $idname, $db_query, $table, $this->MultiLineID);
                     while ($row = $db->fetch_array($res)) {
                         foreach ($this->SQLFields as $key => $val) {
                             $_POST[$val . '[' . $row[$idname] . ']'] = $row[$val];
                     // Select current values for normal edit
                 } else {
                     $row = $db->qry_first("SELECT 1 AS found %plain% FROM %prefix%%plain% WHERE %plain% %plain% = %int%", $db_query, $table, $AddKey, $idname, $id);
                     if ($row['found']) {
                         foreach ($this->SQLFields as $key => $val) {
                             if (!in_array($key, $this->WYSIWYGFields)) {
                                 $_POST[$val] = $row[$val];
                             } else {
                                 $_POST[$val] = $row[$val];
                     } else {
                         $func->error(t('Diese ID existiert nicht.'));
                         return false;
             if ($this->AdditionalDBAfterSelectFunction) {
                 $addUpdSuccess = call_user_func($this->AdditionalDBAfterSelectFunction, '');
             // Check for errors and convert data, if necessary (dates, passwords, ...)
         // Check for errors and convert data, if necessary (dates, passwords, ...)
         case 2:
             $this->FCKeditorID = 0;
             if ($this->Pages) {
                 foreach ($this->Pages as $page) {
                     if ($page['groups']) {
                         foreach ($page['groups'] as $GroupKey => $group) {
                             if ($group['fields']) {
                                 foreach ($group['fields'] as $FieldKey => $field) {
                                     if ($field['name']) {
                                         $err = false;
                                         // Copy WYSIWYG editor variable
                                         if (($SQLFieldTypes[$field['name']] == 'text' or $SQLFieldTypes[$field['name']] == 'mediumtext' or $SQLFieldTypes[$field['name']] == 'longtext') and $field['selections'] == HTML_WYSIWYG) {
                                             $_POST[$field['name']] = $_POST['FCKeditor' . $this->FCKeditorID];
                                         // If not in DependOn-Group, or DependOn-Group is active
                                         if (!$this->DependOnStarted or $_POST[$this->DependOnField]) {
                                             // -- Convertions --
                                             // Convert Post-date to unix-timestap
                                             if ($SQLFieldTypes[$field['name']] == 'datetime') {
                                                 //1997-12-31 23:59:59
                                                 $_POST[$field['name']] = $_POST[$field['name'] . '_value_year'] . '-' . $_POST[$field['name'] . '_value_month'] . '-' . $_POST[$field['name'] . '_value_day'] . ' ' . $_POST[$field['name'] . '_value_hours'] . ':' . $_POST[$field['name'] . '_value_minutes'] . ':00';
                                                 $__POST[$field['name']] = $_POST[$field['name']];
                                             if ($SQLFieldTypes[$field['name']] == 'date') {
                                                 $_POST[$field['name']] = $_POST[$field['name'] . '_value_year'] . '-' . $_POST[$field['name'] . '_value_month'] . '-' . $_POST[$field['name'] . '_value_day'];
                                                 $__POST[$field['name']] = $_POST[$field['name']];
                                             // Upload submitted file
                                             if ($_POST[$field['name'] . '_keep']) {
                                                 foreach ($this->SQLFields as $key => $val) {
                                                     if ($val == $field['name']) {
                                             } elseif ($field['type'] == IS_FILE_UPLOAD) {
                                                 if (substr($field['selections'], strlen($field['selections']) - 1, 1) == '_') {
                                                     $_POST[$field['name']] = $func->FileUpload($field['name'], substr($field['selections'], 0, strrpos($field['selections'], '/')), substr($field['selections'], strrpos($field['selections'], '/') + 1, strlen($field['selections'])));
                                                 } else {
                                                     $_POST[$field['name']] = $func->FileUpload($field['name'], $field['selections']);
                                             // -- Checks --
                                             // Exec callback
                                             if ($field['type'] == IS_CALLBACK) {
                                                 $err = call_user_func($field['selections'], $field['name'], CHECK_ERROR_PROC);
                                             if ($err) {
                                                 $this->error[$field['name']] = $err;
                                             // Check for value
                                             if (!$field['optional'] and $_POST[$field['name']] == '') {
                                                 $this->error[$field['name']] = t('Bitte fülle dieses Pflichtfeld aus.');
                                             } elseif (strpos($SQLFieldTypes[$field['name']], 'int') !== false and $SQLFieldTypes[$field['name']] != 'tinyint(1)' and $SQLFieldTypes[$field['name']] != "enum('0','1')" and $_POST[$field['name']] and (int) $_POST[$field['name']] == 0) {
                                                 $this->error[$field['name']] = t('Bitte gib eine Zahl ein.');
                                             } elseif (($SQLFieldTypes[$field['name']] == 'datetime' or $SQLFieldTypes[$field['name']] == 'date') and (!checkdate($_POST[$field['name'] . '_value_month'], $_POST[$field['name'] . '_value_day'], $_POST[$field['name'] . '_value_year']) and !($_POST[$field['name'] . '_value_month'] == "00" and $_POST[$field['name'] . '_value_day'] == "00" and $_POST[$field['name'] . '_value_year'] == "0000"))) {
                                                 $this->error[$field['name']] = t('Das eingegebene Datum ist nicht korrekt.');
                                                 // Check new passwords
                                             } elseif ($field['type'] == IS_NEW_PASSWORD and $_POST[$field['name']] != $_POST[$field['name'] . '2']) {
                                                 $this->error[$field['name'] . '2'] = t('Die beiden Kennworte stimmen nicht überein.');
                                             } elseif ($field['type'] == IS_CAPTCHA and ($_POST['captcha'] == '' or $_SESSION['captcha'] != strtoupper($_POST['captcha']))) {
                                                 $this->error['captcha'] = t('Captcha falsch wiedergegeben.');
                                             } elseif ($field['type'] != 'text' and $field['type'] != 'mediumtext' and $field['type'] != 'longtext' and $SQLFieldTypes[$field['name']] != 'text' and $SQLFieldTypes[$field['name']] != 'mediumtext' and $SQLFieldTypes[$field['name']] != 'longtext' and !is_array($_POST[$field['name']]) and (strpos($_POST[$field['name']], "\r") !== false or strpos($_POST[$field['name']], "\n") !== false or strpos($_POST[$field['name']], "\t") !== false or strpos($_POST[$field['name']], "") !== false or strpos($_POST[$field['name']], "\v") !== false)) {
                                                 $this->error[$field['name']] = t('Dieses Feld enthält nicht erlaubte Steuerungszeichen (z.B. einen Tab, oder Zeilenumbruch)');
                                             } elseif ($field['callback']) {
                                                 $err = call_user_func($field['callback'], $_POST[$field['name']]);
                                                 if ($err) {
                                                     $this->error[$field['name']] = $err;
                                             // Check double uniques
                                             # Neccessary in Multi Line Edit Mode? If so: Still to do
                                             if ($SQLFieldUnique[$field['name']]) {
                                                 if ($this->isChange) {
                                                     $check_double_where = ' AND ' . $idname . ' != ' . (int) $id;
                                                 $row = $db->qry_first("SELECT 1 AS found FROM %prefix%%plain% WHERE %plain% = %string% %plain%", $table, $field['name'], $_POST[$field['name']], $check_double_where);
                                                 if ($row['found']) {
                                                     $this->error[$field['name']] = t('Dieser Eintrag existiert bereits in unserer Datenbank.');
                                         // Manage Depend-On-Groups
                                         if ($this->DependOnStarted >= 1) {
                                         if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
                                             $this->DependOnStarted = $this->DependOn[$field['name']];
                                             $this->DependOnField = $field['name'];
             if (count($this->error) > 0) {
                 $_POST = $__POST;
     $dsp->AddJumpToMark('MF' . $mf_number);
     // Form-Switch
     switch ($Step_Tmp) {
         // Output form
             $dsp->SetForm($StartURL . '&mf_step=2&mf_id=' . $mf_number . '#MF' . $mf_number, '', '', $this->FormEncType);
             // InsertControll check box - the table entry will only be created, if this check box is checked, otherwise the existing entry will be deleted
             if ($this->AddInsertControllField != '') {
                 $find_entry = $db->qry("SELECT * FROM %prefix%%plain% WHERE %plain% %plain% = %int%", $table, $AddKey, $idname, $id);
                 if ($db->num_rows($find_entry)) {
                     $_POST[$InsContName] = 1;
                 $this->DependOnStarted = $this->NumFields;
                 $additionalHTML = "onclick=\"CheckBoxBoxActivate('box_{$InsContName}', this.checked)\"";
                 list($text1, $text2) = explode('|', $this->AddInsertControllField);
                 $dsp->AddCheckBoxRow($InsContName, $text1, $text2, '', $field['optional'], $_POST[$InsContName], '', '', $additionalHTML);
                 $dsp->StartHiddenBox('box_' . $InsContName, $_POST[$InsContName]);
             // Write pages links
             if ($this->Pages and count($this->Pages) > 1) {
             // Output fields
             $z = 0;
             $y = 0;
             $this->FCKeditorID = 0;
             // Pages loop
             if ($this->Pages) {
                 foreach ($this->Pages as $PageKey => $page) {
                     if ($page['caption'] and count($this->Pages) > 1) {
                     // Groups loop
                     if ($page['groups']) {
                         foreach ($page['groups'] as $GroupKey => $group) {
                             if ($group['caption']) {
                             // Fields loop
                             if ($group['fields']) {
                                 foreach ($group['fields'] as $FieldKey => $field) {
                                     if (!$field['type']) {
                                         $field['type'] = $SQLFieldTypes[$field['name']];
                                     // Rename fields to arrays, if in Multi-Line-Edit-Mode
                                     if ($this->MultiLineID) {
                                         $field['name'] = $field['name'] . '[' . $this->MultiLineIDs[$y] . ']';
                                     if ($z >= count($this->SQLFields)) {
                                         $z = 0;
                                     $additionalHTML = '';
                                     switch ($field['type']) {
                                         case 'text':
                                             // Textarea
                                             $maxchar = 65535;
                                         case 'mediumtext':
                                             if (!$maxchar) {
                                                 $maxchar = 16777215;
                                         case 'longtext':
                                             if (!$maxchar) {
                                                 $maxchar = 4294967295;
                                             if ($field['selections'] == HTML_ALLOWED or $field['selections'] == LSCODE_ALLOWED) {
                                                 $dsp->AddTextAreaPlusRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', '', $field['optional'], $maxchar);
                                             } elseif ($field['selections'] == LSCODE_BIG) {
                                                 $dsp->AddTextAreaPlusRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], 70, 20, $field['optional'], $maxchar);
                                             } elseif ($field['selections'] == HTML_WYSIWYG) {
                                                 include_once "ext_scripts/FCKeditor/fckeditor.php";
                                                 $oFCKeditor = new FCKeditor('FCKeditor' . $this->FCKeditorID);
                                                 $oFCKeditor->BasePath = 'ext_scripts/FCKeditor/';
                                                 $oFCKeditor->Config["CustomConfigurationsPath"] = "../myconfig.js";
                                                 $oFCKeditor->Value = $func->AllowHTML($_POST[$field['name']]);
                                                 $oFCKeditor->Height = 460;
                                                 $fcke_content = ob_get_contents();
                                                 if ($this->error[$field['name']]) {
                                                     $dsp->AddDoubleRow($field['caption'], $dsp->errortext_prefix . $this->error[$field['name']] . $dsp->errortext_suffix);
                                             } else {
                                                 $dsp->AddTextAreaRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', '', $field['optional']);
                                         case "enum('0','1')":
                                             // Checkbox
                                         // Checkbox
                                         case 'tinyint(1)':
                                             if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
                                                 $additionalHTML = "onclick=\"CheckBoxBoxActivate('box_{$field['name']}', this.checked)\"";
                                             list($field['caption1'], $field['caption2']) = explode('|', $field['caption']);
                                             if (!$_POST[$field['name']]) {
                                             $dsp->AddCheckBoxRow($field['name'], $field['caption1'], $field['caption2'], $this->error[$field['name']], $field['optional'], $_POST[$field['name']], '', '', $additionalHTML);
                                         case 'datetime':
                                             // Date-Select
                                             $values = array();
                                             list($date, $time) = explode(' ', $_POST[$field['name']]);
                                             list($values['year'], $values['month'], $values['day']) = explode('-', $date);
                                             list($values['hour'], $values['min'], $values['sec']) = explode(':', $time);
                                             if ($values['year'] == "") {
                                                 $values['year'] = "0000";
                                                 $startj = "0000";
                                             if ($values['month'] == "") {
                                                 $values['month'] = "00";
                                             if ($values['day'] == "") {
                                                 $values['day'] = "00";
                                             if ($values['hour'] == "") {
                                                 $values['hour'] = "00";
                                             if ($values['min'] == "") {
                                                 $values['min'] = "00";
                                             if ($values['sec'] == "") {
                                                 $values['sec'] = "00";
                                             $dsp->AddDateTimeRow($field['name'], $field['caption'], 0, $this->error[$field['name']], $values, '', $startj, '', '', $field['optional']);
                                         case 'date':
                                             // Date-Select
                                             $values = array();
                                             list($date, $time) = explode(' ', $_POST[$field['name']]);
                                             list($values['year'], $values['month'], $values['day']) = explode('-', $date);
                                             list($values['hour'], $values['min'], $values['sec']) = explode(':', $time);
                                             if ($values['year'] == "") {
                                                 $values['year'] = "0000";
                                             if ($values['month'] == "") {
                                                 $values['month'] = "00";
                                             if ($values['day'] == "") {
                                                 $values['day'] = "00";
                                             if ($field['selections']) {
                                                 $area = explode('/', $field['selections']);
                                             $start = $area[0];
                                             $end = $area[1];
                                             $dsp->AddDateTimeRow($field['name'], $field['caption'], 0, $this->error[$field['name']], $values, '', $start, $end, 1, $field['optional']);
                                             #case 'char(32)':
                                         #case 'char(32)':
                                         case IS_PASSWORD:
                                             // Password-Row
                                             if (strlen($_POST[$field['name']]) == 32) {
                                                 $_POST[$field['name']] = '';
                                             // Dont show MD5-sum, read from DB on change
                                             $dsp->AddPasswordRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', $field['optional']);
                                             #case 'char(32)':
                                         #case 'char(32)':
                                         case IS_NEW_PASSWORD:
                                             // New-Password-Row
                                             if (strlen($_POST[$field['name']]) == 32) {
                                                 $_POST[$field['name']] = '';
                                             // Dont show MD5-sum, read from DB on change
                                             $dsp->AddPasswordRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], '', $field['optional'], "onkeyup=\"CheckPasswordSecurity(this.value, document.images.seclevel)\"");
                                             $dsp->AddPasswordRow($field['name'] . '2', $field['caption'] . ' ' . t('Verfikation'), $_POST[$field['name'] . '2'], $this->error[$field['name'] . '2'], '', $field['optional']);
                                             $smarty->assign('pw_security_id', $PWSecID);
                                             $dsp->AddDoubleRow('', $smarty->fetch('design/templates/ls_row_pw_security.htm'));
                                         case IS_CAPTCHA:
                                             // Captcha-Row
                                             #                $dsp->AddTextFieldRow('captcha', 'Captcha <img src="ext_scripts/captcha.php">', $_POST['captcha'], $this->error['captcha']);
                                             include_once 'ext_scripts/ascii_captcha.class.php';
                                             $captcha = new ASCII_Captcha();
                                             $data = $captcha->create($text);
                                             $_SESSION['captcha'] = $text;
                                             $dsp->AddDoubleRow(t('Bitte gib diesen Text unterhalb ein'), "<pre style='font-size:8px;'>{$data}</pre>");
                                             $dsp->AddTextFieldRow('captcha', '', $_POST['captcha'], $this->error['captcha']);
                                         case IS_SELECTION:
                                             // Pre-Defined Dropdown
                                             if ($field['DependOnCriteria']) {
                                                 $addCriteria = ", Array('" . implode("', '", $field['DependOnCriteria']) . "')";
                                             } else {
                                                 $addCriteria = '';
                                             if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
                                                 $additionalHTML = "onchange=\"DropDownBoxActivate('box_{$field['name']}', this.options[this.options.selectedIndex].value{$addCriteria})\"";
                                             if (is_array($field['selections'])) {
                                                 $selections = array();
                                                 foreach ($field['selections'] as $key => $val) {
                                                     if (substr($key, 0, 10) == '-OptGroup-') {
                                                         if ($this->OptGroupOpen) {
                                                             $selections[] = '</optgroup>';
                                                         $selections[] = '<optgroup label="' . $val . '">';
                                                         $this->OptGroupOpen = 1;
                                                     } else {
                                                         $_POST[$field['name']] == $key ? $selected = " selected" : ($selected = "");
                                                         $selections[] = "<option{$selected} value=\"{$key}\">{$val}</option>";
                                                 if ($this->OptGroupOpen) {
                                                     $selections[] = '</optgroup>';
                                                 $this->OptGroupOpen = 0;
                                                 $dsp->AddDropDownFieldRow($field['name'], $field['caption'], $selections, $this->error[$field['name']], $field['optional'], $additionalHTML);
                                         case IS_MULTI_SELECTION:
                                             // Pre-Defined Multiselection
                                             if (is_array($field['selections'])) {
                                                 $selections = array();
                                                 foreach ($field['selections'] as $key => $val) {
                                                     $selected = '';
                                                     if ($_POST[$field['name']]) {
                                                         foreach ($_POST[$field['name']] as $PostedField) {
                                                             if ($PostedField == $key) {
                                                                 $selected = ' selected';
                                                     $selections[] = "<option value=\"{$key}\"{$selected}>{$val}</option>";
                                                 $dsp->AddSelectFieldRow($field['name'], $field['caption'], $selections, $this->error[$field['name']], $field['optional'], 7);
                                         case IS_FILE_UPLOAD:
                                             // File Upload to path
                                             #if (is_dir($field['selections'])) {
                                             $dsp->AddFileSelectRow($field['name'], $field['caption'], $this->error[$field['name']], '', '', $field['optional']);
                                             if ($_POST[$field['name']]) {
                                                 $FileEnding = strtolower(substr($_POST[$field['name']], strrpos($_POST[$field['name']], '.'), 5));
                                                 if ($FileEnding == '.png' or $FileEnding == '.gif' or $FileEnding == '.jpg' or $FileEnding == '.jpeg') {
                                                     $img = HTML_NEWLINE . '<img src="' . $_POST[$field['name']] . '" />';
                                                 } else {
                                                     $img = '';
                                                 $dsp->AddCheckBoxRow($field['name'] . '_keep', t('Aktuelle Datei beibehalten'), $_POST[$field['name']] . $img, '', $field['optional'], 1);
                                         case IS_PICTURE_SELECT:
                                             // Picture Dropdown from path
                                             if (is_dir($field['selections'])) {
                                                 $dsp->AddPictureDropDownRow($field['name'], $field['caption'], $field['selections'], $this->error[$field['name']], $field['optional'], $_POST[$field['name']]);
                                         case IS_TEXT_MESSAGE:
                                             if (!$field['selections']) {
                                                 $field['selections'] = $_POST[$field['name']];
                                             if (is_array($field['selections'])) {
                                                 $field['selections'] = $field['selections'][$_POST[$field['name']]];
                                             $dsp->AddDoubleRow($field['caption'], $field['selections']);
                                         case IS_CALLBACK:
                                             $ret = call_user_func($field['selections'], $field['name'], OUTPUT_PROC, $this->error[$field['name']]);
                                             if ($ret) {
                                                 $dsp->AddDoubleRow($field['caption'], $ret);
                                             // Normal Textfield
                                             $field['type'] == IS_NOT_CHANGEABLE ? $not_changeable = 1 : ($not_changeable = 0);
                                             $maxlength = $this->get_fieldlenght($field['type']);
                                             ($maxlength > 0 and $maxlength < 70) ? $length = $maxlength + (5 - $maxlength % 5) : ($length = 70);
                                             $dsp->AddTextFieldRow($field['name'], $field['caption'], $_POST[$field['name']], $this->error[$field['name']], $length, $field['optional'], $not_changeable, $maxlength);
                                     // Start HiddenBox
                                     if ($this->DependOnStarted == 0 and array_key_exists($field['name'], $this->DependOn)) {
                                         $dsp->StartHiddenBox('box_' . $field['name'], $_POST[$field['name']]);
                                         $this->DependOnStarted = $this->DependOn[$field['name']] + 1;
                                     // Stop HiddenBox, when counter has reached the last box-field
                                     if ($this->DependOnStarted == 1) {
                                     // Decrease counter
                                     if ($this->DependOnStarted > 0) {
                             if ($group['caption']) {
                     // End: Groups loop
                     if ($page['caption'] and count($this->Pages) > 1) {
             // End: Pages loop
             if ($this->Pages and count($this->Pages) > 1) {
             if ($this->SendButtonText) {
             } elseif ($id or $this->MultiLineID) {
             } else {
             // Update DB
         // Update DB
         case 2:
             #       if (!$this->SQLFields) $func->error('No Fields!');
             if (!$sec->locked($table, $this->LinkBack)) {
                 // Return for manual update, if set
                 if ($this->ManualUpdate) {
                     return true;
                 if ($this->Pages) {
                     foreach ($this->Pages as $page) {
                         if ($page['groups']) {
                             foreach ($page['groups'] as $group) {
                                 if ($group['fields']) {
                                     foreach ($group['fields'] as $field) {
                                         // Convert Passwords
                                         if ($field['type'] == IS_NEW_PASSWORD and $_POST[$field['name']] != '') {
                                             $_POST[$field['name'] . '_original'] = $_POST[$field['name']];
                                             $_POST[$field['name']] = md5($_POST[$field['name']]);
                 if ($this->CheckBeforeInserFunction) {
                     if (!call_user_func($this->CheckBeforeInserFunction, $id)) {
                         return false;
                 if ($this->AdditionalDBPreUpdateFunction) {
                     $addUpdSuccess = call_user_func($this->AdditionalDBPreUpdateFunction, $id);
                 $ChangeError = false;
                 if ($this->AddChangeCondition) {
                     $ChangeError = call_user_func($this->AddChangeCondition, $id);
                 if ($ChangeError) {
                 } else {
                     $addUpdSuccess = true;
                     // Generate INSERT/UPDATE query
                     $db_query = '';
                     if ($this->SQLFields) {
                         if ($this->MultiLineID) {
                             foreach ($this->MultiLineIDs as $key2 => $value2) {
                                 $db_query = '';
                                 foreach ($this->SQLFields as $key => $val) {
                                     $db_query .= "{$val} = '" . $_POST[$val][$value2] . "', ";
                                 $db_query = substr($db_query, 0, strlen($db_query) - 2);
                                 $db->qry("UPDATE %prefix%%plain% SET %plain% WHERE %plain% = %int%", $table, $db_query, $idname, $value2);
                                 $func->log_event(t('Eintrag #%1 in Tabelle "%2" geändert', array($value2, $config['database']['prefix'] . $table)), 1, '', $this->LogID);
                         } else {
                             foreach ($this->SQLFields as $key => $val) {
                                 if (($SQLFieldTypes[$val] == 'datetime' or $SQLFieldTypes[$val] == 'date') and $_POST[$val] == 'NOW()') {
                                     $db_query .= "{$val} = NOW(), ";
                                 } elseif ($SQLFieldTypes[$val] == 'tinyint(1)') {
                                     $db_query .= $val . ' = ' . (int) $_POST[$val] . ', ';
                                 } elseif ($SQLFieldTypes[$val] == 'int(11) unsigned' and $val == 'ip') {
                                     $db_query .= $val . ' = INET_ATON(\'' . $_POST[$val] . '\'), ';
                                 } elseif ($_POST[$val] == '++' and strpos($SQLFieldTypes[$val], 'int') !== false) {
                                     $db_query .= "{$val} = {$val} + 1, ";
                                 } elseif ($_POST[$val] == '--' and strpos($SQLFieldTypes[$val], 'int') !== false) {
                                     $db_query .= "{$val} = {$val} - 1, ";
                                 } else {
                                     $db_query .= "{$val} = '{$_POST[$val]}', ";
                             $db_query = substr($db_query, 0, strlen($db_query) - 2);
                             // If the table entry should be created, or deleted wheter the control field is checked
                             if ($this->AddInsertControllField != '' and !$_POST[$InsContName]) {
                                 $db->qry("DELETE FROM %prefix%%plain% WHERE %plain% %plain% = %int%", $table, $AddKey, $idname, $id);
                             } else {
                                 if ($this->isChange) {
                                     $db->qry("UPDATE %prefix%%plain% SET %plain% WHERE %plain% %plain% = %int%", $table, $db_query, $AddKey, $idname, $id);
                                     $func->log_event(t('Eintrag #%1 in Tabelle "%2" geändert', array($id, $config['database']['prefix'] . $table)), 1, '', $this->LogID);
                                     $addUpdSuccess = $id;
                                 } else {
                                     $DBInsertQuery = $db_query;
                                     if ($this->AdditionalKey != '') {
                                         $DBInsertQuery .= ', ' . $this->AdditionalKey;
                                     if ($this->AddInsertControllField) {
                                         $DBInsertQuery .= ', ' . $idname . ' = ' . (int) $id;
                                     $db->qry("INSERT INTO %prefix%%plain% SET %plain%", $table, $DBInsertQuery);
                                     $id = $db->insert_id();
                                     $this->insert_id = $id;
                                     $func->log_event(t('Eintrag #%1 in Tabelle "%2" eingefügt', array($id, $config['database']['prefix'] . $table)), 1, '', $this->LogID);
                                     $addUpdSuccess = $id;
                     if ($this->AdditionalDBUpdateFunction) {
                         $addUpdSuccess = call_user_func($this->AdditionalDBUpdateFunction, $id);
                     if ($addUpdSuccess) {
                         if ($this->isChange) {
                             $func->confirmation(t('Die Daten wurden erfolgreich geändert.'), $_SESSION['mf_referrer'][$mf_number]);
                         } else {
                             $func->confirmation(t('Die Daten wurden erfolgreich eingefügt.'), $this->LinkBack);
                 if (isset($_SESSION['mf_referrer'][$mf_number])) {
                 return $addUpdSuccess;
                 /* Will be
                     1) return of AdditionalDBPreUpdateFunction if AddChangeCondition returns true
                     2) return of AdditionalDBUpdateFunction if set
                     3) Insert_id // Note, this will always return 0, if id field has no AUTO_INCREMENT option!
     return false;
コード例 #2
ファイル: shoutqueries.php プロジェクト: eistr2n/lansuite

switch ($_GET['shout']) {
    case 'add':
        if ($_POST['captchaInputSend'] == $_SESSION['captcha'] and $_POST['captchaInputSend'] != "") {
            $captchaCheck = true;
        } else {
            $captchaCheck = false;
        if (!$auth['login'] or !$captchaCheck) {
            // No Login -> Captcha
            include_once 'ext_scripts/ascii_captcha.class.php';
            $captcha = new ASCII_Captcha();
            $cap = $captcha->create($text);
            $_SESSION['captcha'] = $text;
            $data['response'] = 'captcha';
            $data['code'] = $text;
            $data['captcha'] = $cap;
        if ($_POST['message'] and $auth['login'] or $_POST['message'] and $captchaCheck) {
            if ($auth['type'] >= 1) {
                $_POST['nickname'] = $auth['username'];
            $result = $db->qry("INSERT INTO %prefix%shoutbox (userid, ip, name, message) VALUES (%int%,%string%,%string%,%string%)", $auth['userid'], $auth['ip'], $_POST["nickname"], $_POST["message"]);
            $resp = $db->qry_first("SELECT id, created FROM %prefix%shoutbox WHERE id = %int%", $db->insert_id());
            $data['response'] = 'Good work';
            $data['nickname'] = $_POST['nickname'];
            $data['message'] = $_POST['message'];
            $data['time'] = strtotime($resp['created']);
            $data['id'] = $resp['id'];