function user_can_edit_check($entry, $form) { global $user_ID; if (!$user_ID) { return false; } if (is_numeric($form)) { $form = FrmForm::getOne($form); } $form->options = maybe_unserialize($form->options); //if editable and user can edit someone elses entry if ($form->editable and isset($form->options['open_editable']) and $form->options['open_editable'] and isset($form->options['open_editable_role']) and FrmAppHelper::user_has_permission($form->options['open_editable_role'])) { return true; } if (is_object($entry)) { if ($entry->user_id == $user_ID) { return true; } else { return false; } } $where = "user_id='{$user_ID}' and fr.id='{$form->id}'"; if ($entry and !empty($entry)) { if (is_numeric($entry)) { $where .= ' and it.id=' . $entry; } else { $where .= " and item_key='" . $entry . "'"; } } return FrmEntry::getAll($where, '', ' LIMIT 1', true); }
function show_form($id = '', $key = '', $title = false, $description = false) { global $frm_form, $user_ID, $frm_settings, $post; if ($id) { $form = $frm_form->getOne((int) $id); } else { if ($key) { $form = $frm_form->getOne($key); } } $form = apply_filters('frm_pre_display_form', $form); if (!$form or ($form->is_template or $form->status == 'draft') and !isset($_GET) and !isset($_GET['form']) and (!isset($_GET['preview']) or $post and $post->ID != $frm_settings->preview_page_id)) { return __('Please select a valid form', 'formidable'); } else { if ($form->logged_in and !$user_ID) { global $frm_settings; return $frm_settings->login_msg; } } $form->options = stripslashes_deep(maybe_unserialize($form->options)); if ($form->logged_in and $user_ID and isset($form->options['logged_in_role']) and $form->options['logged_in_role'] != '') { if (FrmAppHelper::user_has_permission($form->options['logged_in_role'])) { return FrmEntriesController::get_form(FRM_VIEWS_PATH . '/frm-entries/frm-entry.php', $form, $title, $description); } else { global $frm_settings; return $frm_settings->login_msg; } } else { return FrmEntriesController::get_form(FRM_VIEWS_PATH . '/frm-entries/frm-entry.php', $form, $title, $description); } }
function allow_form_edit($action, $form) { global $user_ID; if (!$form or !$form->editable or !$user_ID) { return $action; } $form_options = maybe_unserialize($form->options); if (isset($form_options['single_entry']) and $form_options['single_entry'] and $form_options['single_entry_type'] == 'user' and $action != 'destroy') { if ($action == 'update' and $form->id == FrmAppHelper::get_param('form_id')) { //don't change the action is this is the wrong form } else { global $frmdb; $meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'form_id' => $form->id)); if ($meta) { $action = 'edit'; } } } if ($action == 'edit' and isset($form_options['editable_role']) and !FrmAppHelper::user_has_permission($form_options['editable_role'])) { $action = 'new'; } return $action; }
/** * only allow editing of drafts * @return boolean */ public static function user_can_only_edit_draft($form) { if (!$form->editable || empty($form->options['editable_role']) || FrmAppHelper::user_has_permission($form->options['editable_role'])) { return false; } if (isset($form->options['open_editable_role']) && $form->options['open_editable_role'] != '-1') { return false; } return !self::user_can_edit_others($form); }
function edit_update_form($params, $fields, $form, $title, $description) { global $frmdb, $wpdb, $frm_entry, $frm_entry_meta, $user_ID, $frm_editing_entry, $frmpro_settings, $frm_saved_entries; $message = ''; $continue = true; $form->options = stripslashes_deep(maybe_unserialize($form->options)); if ($params['action'] == 'edit') { $entry_key = FrmAppHelper::get_param('entry'); $entry_key = esc_sql($entry_key); if ($entry_key) { $in_form = $wpdb->get_var("SELECT id FROM {$frmdb->entries} WHERE form_id=" . (int) $form->id . " AND (id='{$entry_key}' OR item_key='{$entry_key}')"); if (!$in_form) { $entry_key = false; } unset($in_form); } $entry = FrmProEntry::user_can_edit($entry_key, $form); if ($entry and !is_array($entry)) { $where = "fr.id='{$form->id}'"; if ($entry_key) { $where .= ' AND (it.id="' . $entry_key . '" OR it.item_key="' . $entry_key . '")'; } $entry = $frm_entry->getAll($where, '', 1, true); } if ($entry and !empty($entry)) { $entry = reset($entry); $frm_editing_entry = $entry->id; $this->show_responses($entry, $fields, $form, $title, $description); $continue = false; } } else { if ($params['action'] == 'update' and $params['posted_form_id'] == $form->id) { global $frm_created_entry; $errors = $frm_created_entry[$form->id]['errors']; if (empty($errors)) { if (!isset($_POST['frm_page_order_' . $form->id])) { //check confirmation method $conf_method = apply_filters('frm_success_filter', 'message', $form); if ($conf_method == 'message') { global $frmpro_settings; $message = '<div class="frm_message" id="message">' . do_shortcode(isset($form->options['edit_msg']) ? $form->options['edit_msg'] : $frmpro_settings->edit_msg) . '</div>'; } else { do_action('frm_success_action', $conf_method, $form, $form->options, $params['id']); add_filter('frm_continue_to_new', create_function('', "return false;"), 15); return; } } } else { $fields = FrmFieldsHelper::get_form_fields($form->id, true); } $this->show_responses($params['id'], $fields, $form, $title, $description, $message, $errors); $continue = false; } else { if ($params['action'] == 'destroy') { //if the user who created the entry is deleting it $message = $this->ajax_destroy($form->id, false); } else { if ($frm_editing_entry) { if (is_numeric($frm_editing_entry)) { $entry_id = $frm_editing_entry; //get entry from shortcode } else { $entry_ids = $wpdb->get_col("SELECT id FROM {$frmdb->entries} WHERE user_id='{$user_ID}' and form_id='{$form->id}'"); if (isset($entry_ids) and !empty($entry_ids)) { $where_options = $frm_editing_entry; if (!empty($where_options)) { $where_options .= ' and '; } $where_options .= "it.item_id in (" . implode(',', $entry_ids) . ")"; $get_meta = $frm_entry_meta->getAll($where_options, ' ORDER BY it.created_at DESC', ' LIMIT 1'); $entry_id = $get_meta ? $get_meta->item_id : false; } } if (isset($entry_id) and $entry_id) { if ($form->editable and isset($form->options['open_editable']) and $form->options['open_editable'] and isset($form->options['open_editable_role']) and FrmAppHelper::user_has_permission($form->options['open_editable_role'])) { $meta = true; } else { $meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'id' => $entry_id, 'form_id' => $form->id)); } if ($meta) { $frm_editing_entry = $entry_id; $this->show_responses($entry_id, $fields, $form, $title, $description); $continue = false; } } } else { //check to see if use is allowed to create another entry $can_submit = true; if (isset($form->options['single_entry']) and $form->options['single_entry']) { if ($form->options['single_entry_type'] == 'cookie' and isset($_COOKIE['frm_form' . $form->id . '_' . COOKIEHASH])) { $can_submit = false; } else { if ($form->options['single_entry_type'] == 'ip') { $prev_entry = $frm_entry->getAll(array('it.form_id' => $form->id, 'it.ip' => $_SERVER['REMOTE_ADDR']), '', 1); if ($prev_entry) { $can_submit = false; } } else { if ($form->options['single_entry_type'] == 'user' and !$form->editable and $user_ID) { $meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'form_id' => $form->id)); if ($meta) { $can_submit = false; } } } } if (!$can_submit) { echo stripslashes($frmpro_settings->already_submitted); //TODO: DO SOMETHING IF USER CANNOT RESUBMIT FORM $continue = false; } } } } } } add_filter('frm_continue_to_new', create_function('', "return {$continue};"), 15); }
public static function show_form($id = '', $key = '', $title = false, $description = false, $atts = array()) { global $frm_settings, $post; $frm_form = new FrmForm(); if (empty($id)) { $id = $key; } // no form id or key set if (empty($id)) { return __('Please select a valid form', 'formidable'); } $form = $frm_form->getOne($id); if (!$form) { return __('Please select a valid form', 'formidable'); } $form = apply_filters('frm_pre_display_form', $form); // don't show a draft form on a page if ($form->status == 'draft' && (!$post || $post->ID != $frm_settings->preview_page_id)) { return __('Please select a valid form', 'formidable'); } // don't show the form if user should be logged in if ($form->logged_in && !is_user_logged_in()) { return do_shortcode($frm_settings->login_msg); } // don't show the form if user doesn't have permission if ($form->logged_in && get_current_user_id() && isset($form->options['logged_in_role']) && $form->options['logged_in_role'] != '' && !FrmAppHelper::user_has_permission($form->options['logged_in_role'])) { return do_shortcode($frm_settings->login_msg); } $form = self::get_form($form, $title, $description, $atts); // check for external shortcodes $form = do_shortcode($form); return $form; }
private static function user_has_permission_to_view($form) { return $form->logged_in && get_current_user_id() && isset($form->options['logged_in_role']) && $form->options['logged_in_role'] != '' && !FrmAppHelper::user_has_permission($form->options['logged_in_role']); }
public static function &is_field_visible_to_user($field) { $visible = true; if (FrmField::is_option_empty($field, 'admin_only')) { return $visible; } if ($field->field_options['admin_only'] == 1) { $field->field_options['admin_only'] = 'administrator'; } if ($field->field_options['admin_only'] == 'loggedout' && is_user_logged_in() || $field->field_options['admin_only'] == 'loggedin' && !is_user_logged_in() || !in_array($field->field_options['admin_only'], array('loggedout', 'loggedin', '')) && !FrmAppHelper::user_has_permission($field->field_options['admin_only'])) { $visible = false; } return $visible; }
public static function edit_update_form($params, $fields, $form, $title, $description) { global $frmdb, $wpdb, $frm_entry, $frm_entry_meta, $frmpro_settings, $frm_vars; $message = ''; $continue = true; $user_ID = get_current_user_id(); if ($params['action'] == 'edit') { $entry_key = FrmAppHelper::get_param('entry'); $where = $wpdb->prepare("it.form_id=%d", $form->id); if ($entry_key) { $where .= $wpdb->prepare(' AND (it.id=%d OR it.item_key=%s)', $entry_key, $entry_key); $in_form = $wpdb->get_var("SELECT id FROM {$frmdb->entries} it WHERE {$where}"); if (!$in_form) { $entry_key = false; $where = $wpdb->prepare("it.form_id=%d", $form->id); } unset($in_form); } $entry_key = esc_sql($entry_key); $entry = FrmProEntriesHelper::user_can_edit($entry_key, $form); unset($entry_key); if ($entry and !is_array($entry)) { $entry = $frm_entry->getAll($where, '', 1, true); } if ($entry and !empty($entry)) { $entry = reset($entry); $frm_vars['editing_entry'] = $entry->id; self::show_responses($entry, $fields, $form, $title, $description); $continue = false; } } else { if ($params['action'] == 'update' and $params['posted_form_id'] == $form->id) { $errors = isset($frm_vars['created_entries'][$form->id]) ? $frm_vars['created_entries'][$form->id]['errors'] : false; if (empty($errors)) { $saving_draft = FrmProFormsHelper::saving_draft($form->id); if (!isset($_POST['frm_page_order_' . $form->id]) && !FrmProFormsHelper::going_to_prev($form->id) || $saving_draft) { $success_args = array('action' => $params['action']); if (FrmProEntriesHelper::is_new_entry($params['id'])) { $success_args['action'] = 'create'; } //check confirmation method $conf_method = apply_filters('frm_success_filter', 'message', $form, $success_args['action']); if ($conf_method == 'message') { $message = self::confirmation($conf_method, $form, $form->options, $params['id'], $success_args); } else { do_action('frm_success_action', $conf_method, $form, $form->options, $params['id'], $success_args); add_filter('frm_continue_to_new', '__return_false', 15); return; } } } else { $fields = FrmFieldsHelper::get_form_fields($form->id, true); } self::show_responses($params['id'], $fields, $form, $title, $description, $message, $errors); $continue = false; } else { if ($params['action'] == 'destroy') { //if the user who created the entry is deleting it $message = self::ajax_destroy($form->id, false); } else { if (isset($frm_vars['editing_entry']) && $frm_vars['editing_entry']) { if (is_numeric($frm_vars['editing_entry'])) { $entry_id = $frm_vars['editing_entry']; //get entry from shortcode } else { $entry_ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM {$wpdb->prefix}frm_items WHERE user_id=%d and form_id=%d", $user_ID, $form->id)); if (isset($entry_ids) and !empty($entry_ids)) { $where_options = $frm_vars['editing_entry']; if (!empty($where_options)) { $where_options .= ' and '; } $where_options .= "it.item_id in (" . implode(',', $entry_ids) . ")"; $get_meta = $frm_entry_meta->getAll($where_options, ' ORDER BY it.created_at DESC', ' LIMIT 1'); $entry_id = $get_meta ? $get_meta->item_id : false; } } if (isset($entry_id) and $entry_id) { if ($form->editable and (isset($form->options['open_editable']) and $form->options['open_editable'] or !isset($form->options['open_editable'])) and isset($form->options['open_editable_role']) and FrmAppHelper::user_has_permission($form->options['open_editable_role'])) { $meta = true; } else { $meta = $wpdb->get_var($wpdb->prepare("SELECT id FROM {$wpdb->prefix}frm_items WHERE user_id=%d AND id=%d AND form_id=%d", $user_ID, $entry_id, $form->id)); } if ($meta) { $frm_vars['editing_entry'] = $entry_id; self::show_responses($entry_id, $fields, $form, $title, $description); $continue = false; } } } else { //check to see if use is allowed to create another entry $can_submit = true; if (isset($form->options['single_entry']) and $form->options['single_entry']) { if ($form->options['single_entry_type'] == 'cookie' and isset($_COOKIE['frm_form' . $form->id . '_' . COOKIEHASH])) { $can_submit = false; } else { if ($form->options['single_entry_type'] == 'ip') { $prev_entry = $frm_entry->getAll(array('it.form_id' => $form->id, 'it.ip' => $_SERVER['REMOTE_ADDR']), '', 1); if ($prev_entry) { $can_submit = false; } } else { if ($form->options['single_entry_type'] == 'user' and !$form->editable and $user_ID) { $meta = $frmdb->get_var($frmdb->entries, array('user_id' => $user_ID, 'form_id' => $form->id)); if ($meta) { $can_submit = false; } } else { if (isset($form->options['save_draft']) and $form->options['save_draft'] == 1 and $user_ID) { $where = $wpdb->prepare('user_id=%d AND form_id=%d', $user_ID, $form->id); if ($form->options['single_entry_type'] != 'user') { $where .= $wpdb->prepare(' AND is_draft=%d', 1); } $meta = $wpdb->get_var("SELECT id FROM {$wpdb->prefix}frm_items WHERE {$where}"); if ($meta) { $can_submit = false; } } } } } if (!$can_submit) { echo $frmpro_settings->already_submitted; //TODO: DO SOMETHING IF USER CANNOT RESUBMIT FORM $continue = false; } } } } } } add_filter('frm_continue_to_new', '__return_' . ($continue ? 'true' : 'false'), 15); }
public static function user_can_edit_check($entry, $form) { global $frm_entry, $wpdb; $user_ID = get_current_user_id(); if (!$user_ID || empty($form) || is_object($entry) && $entry->form_id != $form->id) { return false; } if (is_object($entry)) { if ($entry->is_draft && $entry->user_id == $user_ID) { return true; } else { if ($form->editable && (isset($form->options['open_editable']) && $form->options['open_editable'] || !isset($form->options['open_editable'])) && isset($form->options['open_editable_role']) && FrmAppHelper::user_has_permission($form->options['open_editable_role'])) { //if editable and user can edit someone elses entry return true; } } } $where = $wpdb->prepare('fr.id=%d', $form->id); if ($form->editable && !empty($form->options['editable_role']) && !FrmAppHelper::user_has_permission($form->options['editable_role']) && (!isset($form->options['open_editable_role']) || $form->options['open_editable_role'] == '-1' || (isset($form->options['open_editable']) && !$form->options['open_editable'] || isset($form->options['open_editable']) && $form->options['open_editable'] && !empty($form->options['open_editable_role']) && !FrmAppHelper::user_has_permission($form->options['open_editable_role'])))) { //only allow editing of drafts $where .= $wpdb->prepare(" and user_id=%d and is_draft=%d", $user_ID, 1); } // check if this user can edit entry from another user if (!$form->editable || !isset($form->options['open_editable_role']) || $form->options['open_editable_role'] == '-1' || isset($form->options['open_editable']) && empty($form->options['open_editable']) || !FrmAppHelper::user_has_permission($form->options['open_editable_role'])) { $where .= $wpdb->prepare(" and user_id=%d", $user_ID); if (is_object($entry) && $entry->user_id != $user_ID) { return false; } if ($form->editable && !FrmAppHelper::user_has_permission($form->options['open_editable_role']) && !FrmAppHelper::user_has_permission($form->options['editable_role'])) { // make sure user cannot edit their own entry, even if a higher user role can unless it's a draft if (is_object($entry) && !$entry->is_draft) { return false; } else { if (!is_object($entry)) { $where .= ' and is_draft=1'; } } } } else { if ($form->editable && $user_ID && empty($entry)) { // make sure user is editing their own draft by default, even if they have permission to edit others' entries $where .= $wpdb->prepare(" and user_id=%d", $user_ID); } } if (!$form->editable) { $where .= ' and is_draft=1'; if (is_object($entry) && !$entry->is_draft) { return false; } } // If entry object, and we made it this far, then don't do another db call if (is_object($entry)) { return true; } if (!empty($entry)) { $where .= $wpdb->prepare(is_numeric($entry) ? " and it.id=%d" : " and item_key=%s", $entry); } return $frm_entry->getAll($where, ' ORDER BY created_at DESC', 1, true); }