function test_string_values() { $record = new Dataface_Record('Profiles', array()); $record->setValue('id', 6); $this->assertEquals($record->strval('id'), "6"); $this->assertEquals($record->stringValue('id'), "6"); $this->assertEquals($record->getValueAsString('id'), "6"); $record2 = new Dataface_Record('Test', array('id' => 2)); $record2->setValue('timestampfield_date', "February 4 2005 12:36:15"); $this->assertEquals('20050204123615', $record2->strval('timestampfield_date')); }
/** * Builds an SQL query to copy the given record. This honours permissions * and will only copy columns for which 'view' access is available in the * source record and 'edit' access is available in the destination record. * * Individual column failures (due to permissions) are recorded in the * $warnings variable of this class. It will be an array of Dataface_Error * objects. * * @param Dataface_Record $record The record being copied. * @param array $valls Values that should be placed in the copied version. * @param boolean $force If true this will perform the copy despite individual * column warnings. * @returns string The SQL query to copy the record. */ function buildCopyQuery($record, $vals = array(), $force = true) { $dummy = new Dataface_Record($record->_table->tablename, $vals); if (!$record->checkPermission('view') || !$dummy->checkPermission('edit')) { return Dataface_Error::permissionDenied("Failed to copy record '" . $record->getTitle() . "' because of insufficient permissions."); } $copy_fields = array_keys($record->_table->fields()); // Go through each field and see if we have copy permission. // Copy permission is two-fold: 1- make sure the source is viewable // 2- make sure the destination is editable. $failed = false; foreach ($copy_fields as $key => $fieldname) { if (!$record->checkPermission('view', array('field' => $fieldname)) || !$dummy->checkPermission('edit', array('field' => $fieldname))) { $this->warnings[] = Dataface_Error::permissionDenied("The field '{$fieldname}' could not be copied for record '" . $record->getTitle() . "' because of insufficient permissions."); unset($copy_fields[$key]); $failed = true; } } // If we are not forcing completion, any failures will result in cancellation // of the copy. if (!$force and $failed) { return Dataface_Error::permissionDenied("Failed to copy the record '" . $record->getTitle() . "' due to insufficient permissions on one or more of the columns."); } // We don't copy auto increment fields. $auto_inc_field = $record->_table->getAutoIncrementField(); if ($auto_inc_field) { $key = array_search($auto_inc_field, $copy_fields); if ($key !== false) { unset($copy_fields[$key]); } } // Now we can build the query. $sql = array(); $sql[] = "insert into `" . $record->_table->tablename . "`"; $sql[] = "(`" . implode('`,`', $copy_fields) . "`)"; $copy_values = array(); foreach ($copy_fields as $key => $val) { if (isset($vals[$val])) { $copy_values[$key] = "'" . addslashes($dummy->getSerializedValue($val)) . "' as `{$val}`"; } else { $copy_values[$key] = "`" . $val . "`"; } } $sql[] = "select " . implode(', ', $copy_values) . " from `" . $record->_table->tablename . "`"; $qb = new Dataface_QueryBuilder($record->_table->tablename); $keys = array_keys($record->_table->keys()); $q = array(); foreach ($keys as $key_fieldname) { $q[$key_fieldname] = $record->strval($key_fieldname); } $where = $qb->_where($q); $where = $qb->_secure($where); $sql[] = $where; return implode(' ', $sql); }
function handle(&$params) { $app = Dataface_Application::getInstance(); if (!isset($_GET['code'])) { // We need this parameter or we can do nothing. return PEAR::raiseError(df_translate('actions.activate.MESSAGE_MISSING_CODE_PARAMETER', 'The code parameter is missing from your request. Validation cannot take place. Please check your url and try again.'), DATAFACE_E_ERROR); } // Step 0: Find out what the redirect URL will be // We accept --redirect markers to specify which page to redirect // to after we're done. This will usually be the page that the // user was on before they went to the login page. if (isset($_SESSION['--redirect'])) { $url = $_SESSION['--redirect']; } else { if (isset($_SESSION['-redirect'])) { $url = $_SESSION['-redirect']; } else { if (isset($_REQUEST['--redirect'])) { $url = $_REQUEST['--redirect']; } else { if (isset($_REQUEST['-redirect'])) { $url = $_REQUEST['-redirect']; } else { $url = $app->url('-action=' . $app->_conf['default_action']); } } } } if (strpos($url, '?') === false) { $url .= '?'; } // Step 1: Delete all registrations older than time limit $time_limit = 24 * 60 * 60; // 1 day if (isset($params['time_limit'])) { $time_limit = intval($params['time_limit']); } $res = xf_db_query("delete from dataface__registrations \n\t\t\t\twhere registration_date < '" . addslashes(date('Y-m-d H:i:s', time() - $time_limit)) . "'", df_db()); if (!$res) { error_log(xf_db_error(df_db())); throw new Exception("Failed to delete registrations due to an SQL error. See error log for details.", E_USER_ERROR); } // Step 2: Load the specified registration information $res = xf_db_query("select registration_data from dataface__registrations\n\t\t\t\twhere registration_code = '" . addslashes($_GET['code']) . "'", df_db()); if (!$res) { error_log(xf_db_error(df_db())); throw new Exception("Failed to load registration information due to an SQL error. See error log for details.", E_USER_ERROR); } if (xf_db_num_rows($res) == 0) { // We didn't find any records matching the prescribed code, so // we redirect the user to their desired page and inform them // that the registration didn't work. $msg = df_translate('actions.activate.MESSAGE_REGISTRATION_NOT_FOUND', 'No registration information could be found to match this code. Please try registering again.'); $app->redirect($url . '&--msg=' . urlencode($msg)); } // Step 3: Check to make sure that there are no other users with the // same name. list($raw_data) = xf_db_fetch_row($res); $values = unserialize($raw_data); $appdel = $app->getDelegate(); if (isset($appdel) and method_exists($appdel, 'validateRegistrationForm')) { $res = $appdel->validateRegistrationForm($values); if (PEAR::isError($res)) { $msg = $res->getMessage(); $app->redirect($url . '&--msg=' . urlencode($msg)); } } else { $res = xf_db_query("select count(*) from \n\t\t\t\t`" . str_replace('`', '', $app->_conf['_auth']['users_table']) . "` \n\t\t\t\twhere `" . str_replace('`', '', $app->_conf['_auth']['username_column']) . "` = '" . addslashes($values[$app->_conf['_auth']['username_column']]) . "'\n\t\t\t\t", df_db()); if (!$res) { error_log(xf_db_error(df_db())); throw new Exception("Failed to find user records due to an SQL error. See error log for details.", E_USER_ERROR); } list($num) = xf_db_fetch_row($res); if ($num > 0) { $msg = df_translate('actions.activate.MESSAGE_DUPLICATE_USER', 'Registration failed because a user already exists by that name. Try registering again with a different name.'); $app->redirect($url . '&--msg=' . urlencode($msg)); } } // Step 4: Save the registration data and log the user in. $record = new Dataface_Record($app->_conf['_auth']['users_table'], array()); $record->setValues($values); $res = $record->save(); if (PEAR::isError($res)) { $app->redirect($url . '&--msg=' . urlencode($res->getMessage())); } else { $res = xf_db_query("delete from dataface__registrations\n\t\t\t\t\twhere registration_code = '" . addslashes($_GET['code']) . "'", df_db()); if (!$res) { error_log(xf_db_error(df_db())); throw new Exception("Failed to clean up old registrations due to an SQL error. See error log for details.", E_USER_ERROR); } $msg = df_translate('actions.activate.MESSAGE_REGISTRATION_COMPLETE', 'Registration complete. You are now logged in.'); $_SESSION['UserName'] = $record->strval($app->_conf['_auth']['username_column']); import('Dataface/Utilities.php'); Dataface_Utilities::fireEvent('after_action_activate', array('record' => $record)); $app->redirect($url . '&--msg=' . urlencode($msg)); } }