public static function save()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$status = f::getParam("status");
$clientId = f::getParam("client_id");
$name = f::getParam("name");
if ($status != 1 && $status != 0) {
f::setError(400, "Invalid Client Status");
}
if (!$clientId && !$name) {
f::setError(400, "Invalid Client Name");
}
$clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}") == 1;
if ($clientId && !$clientExists) {
f::setError(400, "Invalid Client Id");
}
if (!f::hasErrors()) {
if ($clientId) {
f::dbQuery("update fm_clients set status = {p:status} where id = {p:client_id}");
} else {
f::dbQuery("insert into fm_clients set name = {p:name}, status = {p:status}");
}
f::setResponseJson(array("ok" => 1));
}
}
public static function post()
{
$form = f::dbFirstRow("select name, enabled_domains, detail \n\t\t\t\t\t\tfrom fm_forms \n\t\t\t\t\t\twhere id = {p:form_id} \n\t\t\t\t\t\tand client_id = {p:client_id} \n\t\t\t\t\t\tand (available_from = '' or available_from <= curdate()) \n\t\t\t\t\t\tand (available_to = '' or available_to >= curdate()) \n\t\t\t\t\t\tand status = 1");
self::validateForm($form);
if (f::hasErrors()) {
return;
}
// get form data
$formDetail = json_decode($form["detail"], true);
$fields = $formDetail["fields"];
// validate captcha
if (isset($formDetail["captcha"]) && $formDetail["captcha"]) {
f::validateParam("captcha", array("captcha"), "Wrong captcha");
}
$dataFields = self::validateFields($fields);
if (f::hasErrors()) {
return;
}
// validations are ok, then insert
$userData = json_encode($dataFields, JSON_UNESCAPED_UNICODE);
$siteTableId = "fm_userdata_" . substr("00" . f::getParam("client_id") * 1, -3);
$insertId = f::dbInsert("insert into {d:siteTableId} set \n\t\t\t\t\t\t\t\tcreated_date = now(),\n\t\t\t\t\t\t\t\tstatus = 0,\n\t\t\t\t\t\t\t\tform_id = {p:form_id}, \n\t\t\t\t\t\t\t\tclient_id = {p:client_id}, \n\t\t\t\t\t\t\t\tuser_data = {userData}", array("siteTableId" => $siteTableId, "userData" => $userData));
if (!$insertId) {
f::setError(500, "Unexpected Error");
} else {
f::setResponseJson(array("ok" => true));
}
}
public static function edit()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$name = f::getParam("name");
$availableFrom = f::date2sql(f::getParam("available_from"));
$availableTo = f::date2sql(f::getParam("available_to"));
$status = f::getParam("status");
if ($status != 1 && $status != 0 && $status != 2) {
f::setError(400, "Wrong Status");
}
if (!$name) {
f::setError(400, "Invalid form name");
}
$clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}");
if (!$clientExists) {
f::setError(400, "Client does not Exist");
}
if (!f::hasErrors()) {
if (f::getParam("form_id")) {
f::dbQuery("insert into fm_forms_log (created_date, form_id, client_id, name, enabled_domains, detail, available_from, available_to, status, description)\n\t\t\t\t\tselect now(), id, client_id, name, enabled_domains, detail, available_from, available_to, status, description from fm_forms where id = {p:form_id}");
f::dbQuery("update fm_forms set name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} where id = {p:form_id}", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
} else {
f::dbQuery("insert into fm_forms set client_id = {p:client_id}, name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} ", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
}
f::setResponseJson(array("ok" => 1));
}
}
public static function get()
{
$form = f::dbFirstRow("select enabled_domains, detail \n\t\t\t\t\t\tfrom fm_forms \n\t\t\t\t\t\twhere id = {p:form_id} \n\t\t\t\t\t\tand client_id = {p:client_id} \n\t\t\t\t\t\tand (available_from = '' or available_from <= curdate()) \n\t\t\t\t\t\tand (available_to = '' or available_to >= curdate()) \n\t\t\t\t\t\tand status = 1");
if (!$form) {
f::setError(400, "Form not found");
} else {
if (!self::checkDomain($form)) {
f::setError(400, "Hostname not allowed");
}
}
if (f::hasErrors()) {
return;
}
$formDetail = json_decode($form["detail"], true);
$uniqId = sha1(uniqid());
$captcha = f::getCaptcha();
f::setResponseJson(array("id" => $uniqId, "captcha" => $captcha, "form" => $formDetail));
}
public static function post()
{
$user = f::getParam("user");
$pass = f::getParam("pass");
$userId = f::dbRes("select id from fm_users where email='{$user}' and (password='******' or password='******') and status=1");
$userIp = $_SERVER["REMOTE_ADDR"];
if (!$userId) {
f::setError(400, "Invalid user");
} else {
// create token
$token = md5(uniqid($userId, true)) . md5(uniqid());
}
if (!f::hasErrors()) {
$userName = f::dbRes("select name from fm_users where id='{$userId}'");
$isAdmin = f::dbRes("select is_admin from fm_users where id='{$userId}'") == 1;
f::dbQuery("insert into fm_sessions set user_id='{$userId}', user_ip='{$userIp}', token='{$token}', status=1, created_date=now()");
f::setResponseJson(array("userName" => $userName, "_api_key" => $token, "isAdmin" => $isAdmin));
}
}
public static function get()
{
if (!security::isLogged()) {
return;
}
$formAllowed = f::dbRes("select 1\n\t\t\t\t\t\t from fm_forms f\n\t\t\t\t\t\t join fm_clients c on (c.id = f.client_id)\n\t\t\t\t\t\t join fm_users_clients uc on (uc.client_id = c.id)\n\t\t\t\t\t\t where f.id = {p:form_id} \n\t\t\t\t\t\t and c.status = 1\n\t\t\t\t\t\t and uc.user_id = {userId}", array("userId" => USER_ID));
if (!$formAllowed) {
f::setError(401, "Not authorized");
}
if (f::hasErrors()) {
return;
}
// set pagination
$rowsPerPage = 50;
$page = max(f::getParam("page"), 1);
$start = ($page - 1) * $rowsPerPage;
$previousPage = $page - 1;
$nextPage = $page + 1;
// END set pagination
$outData = array("start" => $start + 1, "previousPage" => $previousPage, "nextPage" => $nextPage, "page" => $page);
self::step2($page, $start, $rowsPerPage, $outData);
}
public static function add()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$status = f::getParam("status");
$name = f::getParam("name");
$email = f::getParam("email");
$password1 = trim(f::getParam("password1"));
$password2 = trim(f::getParam("password2"));
$exists = f::dbRes("select 1 from fm_users where name = {name}", array("name" => $name));
if (!$email) {
f::setError(400, "Email field is missing");
} else {
if (!$name) {
f::setError(400, "Name field is missing");
} else {
if ($exists) {
f::setError(400, "Failed, user already exists.");
}
}
}
if ($status != 1 && $status != 0) {
f::setError(400, "Incorrect Status");
}
if ($password1 && $password1 != $password2) {
f::setError(400, "Incorrect Password");
}
if (!f::hasErrors()) {
$userId = f::dbInsert("insert into fm_users set email = {email}, name = {name}, status = {status} ", array("email" => $email, "name" => $name, "status" => $status));
if ($password1 && $password1 == $password2) {
f::dbQuery("update fm_users set password = {pwd} where id = {userId}", array("pwd" => md5($password1), "userId" => $userId));
}
$userClients = f::getParam("userClients");
f::dbQuery("delete from fm_users_clients where user_id = {userId}");
foreach ($userClients as $clientId => $value) {
f::dbQuery("insert into fm_users_clients set user_id = {userId}, client_id = {clientId}", array("userId" => $userId, "clientId" => $clientId));
}
f::setResponseJson(array("userId" => $userId));
}
}