/** * Validate the form */ private function validateForm() { if ($this->frm->isSubmitted()) { $this->frm->cleanupFields(); // redefine fields /** @var $fileFile \SpoonFormFile */ $fileFile = $this->frm->getField('file'); $chkOverwrite = $this->frm->getField('overwrite'); // name checks if ($fileFile->isFilled(BL::err('FieldIsRequired'))) { // only xml files allowed if ($fileFile->isAllowedExtension(array('xml'), sprintf(BL::getError('ExtensionNotAllowed'), 'xml'))) { // load xml $xml = @simplexml_load_file($fileFile->getTempFileName()); // invalid xml if ($xml === false) { $fileFile->addError(BL::getError('InvalidXML')); } } } if ($this->frm->isCorrect()) { // import $statistics = BackendLocaleModel::importXML($xml, $chkOverwrite->getValue()); // trigger event BackendModel::triggerEvent($this->getModule(), 'after_import', array('statistics' => $statistics)); // everything is imported, so redirect to the overview $this->redirect(BackendModel::createURLForAction('Index') . '&report=imported&var=' . ($statistics['imported'] . '/' . $statistics['total']) . $this->filterQuery); } } }
/** * Validate the form. */ private function validateForm() { // is the form submitted? if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // get field /** @var $txtName \SpoonFormText */ $txtName = $this->frm->getField('name'); // name filled in? if ($txtName->isFilled(BL::getError('NameIsRequired'))) { // name exists? if (BackendProfilesModel::existsGroupName($txtName->getValue())) { // set error $txtName->addError(BL::getError('GroupNameExists')); } } // no errors? if ($this->frm->isCorrect()) { // build item $values['name'] = $txtName->getValue(); // insert values $id = BackendProfilesModel::insertGroup($values); // trigger event BackendModel::triggerEvent($this->getModule(), 'after_add_group', array('item' => $values)); // everything is saved, so redirect to the overview $this->redirect(BackendModel::createURLForAction('Groups') . '&report=group-added&var=' . rawurlencode($values['name']) . '&highlight=row-' . $id); } } }
/** * Validate the form */ private function validateForm() { if ($this->frm->isSubmitted()) { $this->frm->cleanupFields(); // get fields $ddmGroup = $this->frm->getField('group'); $fileFile = $this->frm->getField('file'); $csv = array(); // validate input $ddmGroup->isFilled(BL::getError('FieldIsRequired')); if ($fileFile->isFilled(BL::err('FieldIsRequired'))) { if ($fileFile->isAllowedExtension(array('csv'), sprintf(BL::getError('ExtensionNotAllowed'), 'csv'))) { $csv = Csv::fileToArray($fileFile->getTempFileName()); if ($csv === false) { $fileFile->addError(BL::getError('InvalidCSV')); } } } if ($this->frm->isCorrect()) { // import the profiles $overwrite = $this->frm->getField('overwrite_existing')->isChecked(); $statistics = BackendProfilesModel::importCsv($csv, $ddmGroup->getValue(), $overwrite); // trigger event BackendModel::triggerEvent($this->getModule(), 'after_import', array('statistics' => $statistics)); // build redirect url with the right message $redirectUrl = BackendModel::createURLForAction('index') . '&report='; $redirectUrl .= $overwrite ? 'profiles-imported-and-updated' : 'profiles-imported'; $redirectUrl .= '&var[]=' . $statistics['count']['inserted']; $redirectUrl .= '&var[]=' . $statistics['count']['exists']; // everything is saved, so redirect to the overview $this->redirect($redirectUrl); } } }
/** * Validate the form. */ private function validateForm() { // is the form submitted? if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // get fields $ddmGroup = $this->frm->getField('group'); $txtExpirationDate = $this->frm->getField('expiration_date'); $txtExpirationTime = $this->frm->getField('expiration_time'); // fields filled? $ddmGroup->isFilled(BL::getError('FieldIsRequired')); if ($txtExpirationDate->isFilled()) { $txtExpirationDate->isValid(BL::getError('DateIsInvalid')); } if ($txtExpirationTime->isFilled()) { $txtExpirationTime->isValid(BL::getError('TimeIsInvalid')); } // no errors? if ($this->frm->isCorrect()) { // build item $values['profile_id'] = $this->id; $values['group_id'] = $ddmGroup->getSelected(); $values['starts_on'] = BackendModel::getUTCDate(); // only format date if not empty if ($txtExpirationDate->isFilled() && $txtExpirationTime->isFilled()) { // format date $values['expires_on'] = BackendModel::getUTCDate(null, BackendModel::getUTCTimestamp($txtExpirationDate, $txtExpirationTime)); } // insert values $id = BackendProfilesModel::insertProfileGroup($values); // trigger event BackendModel::triggerEvent($this->getModule(), 'after_profile_add_to_group', array('item' => $values)); // everything is saved, so redirect to the overview $this->redirect(BackendModel::createURLForAction('Edit') . '&id=' . $values['profile_id'] . '&report=membership-added&highlight=row-' . $id . '#tabGroups'); } } }
/** * Validate the form */ private function validateForm() { if ($this->frm->isSubmitted()) { $this->frm->cleanupFields(); // shorten the fields $txtName = $this->frm->getField('name'); $txtEmail = $this->frm->getField('email'); $ddmMethod = $this->frm->getField('method'); $txtSuccessMessage = $this->frm->getField('success_message'); $txtIdentifier = $this->frm->getField('identifier'); $emailAddresses = (array) explode(',', $txtEmail->getValue()); // validate fields $txtName->isFilled(BL::getError('NameIsRequired')); $txtSuccessMessage->isFilled(BL::getError('SuccessMessageIsRequired')); if ($ddmMethod->isFilled(BL::getError('NameIsRequired')) && $ddmMethod->getValue() == 'database_email') { $error = false; // check the addresses foreach ($emailAddresses as $address) { $address = trim($address); if (!\SpoonFilter::isEmail($address)) { $error = true; break; } } // add error if ($error) { $txtEmail->addError(BL::getError('EmailIsInvalid')); } } // identifier if ($txtIdentifier->isFilled()) { // invalid characters if (!\SpoonFilter::isValidAgainstRegexp('/^[a-zA-Z0-9\\.\\_\\-]+$/', $txtIdentifier->getValue())) { $txtIdentifier->setError(BL::getError('InvalidIdentifier')); } elseif (BackendFormBuilderModel::existsIdentifier($txtIdentifier->getValue())) { // unique identifier $txtIdentifier->setError(BL::getError('UniqueIdentifier')); } } if ($this->frm->isCorrect()) { // build array $values['language'] = BL::getWorkingLanguage(); $values['user_id'] = BackendAuthentication::getUser()->getUserId(); $values['name'] = $txtName->getValue(); $values['method'] = $ddmMethod->getValue(); $values['email'] = $ddmMethod->getValue() == 'database_email' ? serialize($emailAddresses) : null; $values['success_message'] = $txtSuccessMessage->getValue(true); $values['identifier'] = $txtIdentifier->isFilled() ? $txtIdentifier->getValue() : BackendFormBuilderModel::createIdentifier(); $values['created_on'] = BackendModel::getUTCDate(); $values['edited_on'] = BackendModel::getUTCDate(); // insert the item $id = BackendFormBuilderModel::insert($values); // trigger event BackendModel::triggerEvent($this->getModule(), 'after_add', array('item' => $values)); // set frontend locale FL::setLocale(BL::getWorkingLanguage(), true); // create submit button $field['form_id'] = $id; $field['type'] = 'submit'; $field['settings'] = serialize(array('values' => \SpoonFilter::ucfirst(FL::getLabel('Send')))); BackendFormBuilderModel::insertField($field); // everything is saved, so redirect to the editform $this->redirect(BackendModel::createURLForAction('Edit') . '&id=' . $id . '&report=added&var=' . rawurlencode($values['name']) . '#tabFields'); } } }
/** * Get an error from the language-file * * @param string $key The key to get. * @param string $module The module wherein we should search. * * @deprecated * * @return string */ public static function getError($key, $module = null) { trigger_error('Backend\\Core\\Engine\\Language is deprecated. It has been moved to Backend\\Core\\Language\\Language', E_USER_DEPRECATED); return parent::getError($key, $module); }
/** * Validate the form */ private function validateForm() { // is the form submitted? if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // get fields $txtEmail = $this->frm->getField('email'); $txtDisplayName = $this->frm->getField('display_name'); $txtPassword = $this->frm->getField('password'); $txtFirstName = $this->frm->getField('first_name'); $txtLastName = $this->frm->getField('last_name'); $txtCity = $this->frm->getField('city'); $ddmGender = $this->frm->getField('gender'); $ddmDay = $this->frm->getField('day'); $ddmMonth = $this->frm->getField('month'); $ddmYear = $this->frm->getField('year'); $ddmCountry = $this->frm->getField('country'); // email filled in? if ($txtEmail->isFilled(BL::getError('EmailIsRequired'))) { // valid email? if ($txtEmail->isEmail(BL::getError('EmailIsInvalid'))) { // email already exists? if (BackendProfilesModel::existsByEmail($txtEmail->getValue())) { // set error $txtEmail->addError(BL::getError('EmailExists')); } } } // display name filled in? if ($txtDisplayName->isFilled(BL::getError('DisplayNameIsRequired'))) { // display name already exists? if (BackendProfilesModel::existsDisplayName($txtDisplayName->getValue())) { // set error $txtDisplayName->addError(BL::getError('DisplayNameExists')); } } // profile must not be notified, password must not be empty if (!$this->notifyProfile) { $txtPassword->isFilled(BL::err('FieldIsRequired')); } // one of the birthday fields are filled in if ($ddmDay->isFilled() || $ddmMonth->isFilled() || $ddmYear->isFilled()) { // valid date? if (!checkdate($ddmMonth->getValue(), $ddmDay->getValue(), $ddmYear->getValue())) { // set error $ddmYear->addError(BL::getError('DateIsInvalid')); } } // no errors? if ($this->frm->isCorrect()) { $salt = BackendProfilesModel::getRandomString(); $password = $txtPassword->isFilled() ? $txtPassword->getValue() : BackendModel::generatePassword(8); // build item $values = array('email' => $txtEmail->getValue(), 'registered_on' => BackendModel::getUTCDate(), 'display_name' => $txtDisplayName->getValue(), 'url' => BackendProfilesModel::getUrl($txtDisplayName->getValue()), 'last_login' => BackendModel::getUTCDate(null, 0), 'password' => BackendProfilesModel::getEncryptedString($password, $salt)); $this->id = BackendProfilesModel::insert($values); // update salt BackendProfilesModel::setSetting($this->id, 'salt', $salt); // bday is filled in if ($ddmYear->isFilled()) { // mysql format $birthDate = $ddmYear->getValue() . '-'; $birthDate .= str_pad($ddmMonth->getValue(), 2, '0', STR_PAD_LEFT) . '-'; $birthDate .= str_pad($ddmDay->getValue(), 2, '0', STR_PAD_LEFT); } else { // not filled in $birthDate = null; } // update settings BackendProfilesModel::setSetting($this->id, 'first_name', $txtFirstName->getValue()); BackendProfilesModel::setSetting($this->id, 'last_name', $txtLastName->getValue()); BackendProfilesModel::setSetting($this->id, 'gender', $ddmGender->getValue()); BackendProfilesModel::setSetting($this->id, 'birth_date', $birthDate); BackendProfilesModel::setSetting($this->id, 'city', $txtCity->getValue()); BackendProfilesModel::setSetting($this->id, 'country', $ddmCountry->getValue()); // notify values $notifyValues = array_merge($values, array('id' => $this->id, 'first_name' => $txtFirstName->getValue(), 'last_name' => $txtLastName->getValue(), 'unencrypted_password' => $password)); $redirectUrl = BackendModel::createURLForAction('Edit') . '&id=' . $this->id . '&var=' . rawurlencode($values['display_name']) . '&report='; // notify new profile user if ($this->notifyProfile) { BackendProfilesModel::notifyProfile($notifyValues); $redirectUrl .= 'saved-and-notified'; } else { $redirectUrl .= 'saved'; } // notify admin if ($this->notifyAdmin) { BackendProfilesModel::notifyAdmin($notifyValues); } // trigger event BackendModel::triggerEvent($this->getModule(), 'after_add', array('item' => $values)); // everything is saved, so redirect to the overview $this->redirect($redirectUrl); } } }
/** * Validate the form */ private function validateForm() { // is the form submitted? if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // required fields $this->frm->getField('file')->isFilled(BL::err('FieldIsRequired')); $this->frm->getField('label')->isFilled(BL::err('FieldIsRequired')); $this->frm->getField('format')->isFilled(BL::err('FieldIsRequired')); // check if the template file exists if ($this->frm->getField('theme')->getValue() == 'Core') { $templateFile = PATH_WWW . '/src/Frontend/Core/Layout/Templates/' . $this->frm->getField('file')->getValue(); } else { $templateFile = PATH_WWW . '/src/Frontend/Themes/' . $this->frm->getField('theme')->getValue() . '/Core/Layout/Templates/' . $this->frm->getField('file')->getValue(); } if (!is_file($templateFile)) { $this->frm->getField('file')->addError(BL::err('TemplateFileNotFound')); } // validate syntax $syntax = trim(str_replace(array("\n", "\r", ' '), '', $this->frm->getField('format')->getValue())); // init var $table = BackendExtensionsModel::templateSyntaxToArray($syntax); // validate the syntax if ($table === false) { $this->frm->getField('format')->addError(BL::err('InvalidTemplateSyntax')); } else { $html = BackendExtensionsModel::buildTemplateHTML($syntax); $cellCount = 0; $first = true; $errors = array(); // loop rows foreach ($table as $row) { // first row defines the cellcount if ($first) { $cellCount = count($row); } // not same number of cells if (count($row) != $cellCount) { // add error $errors[] = BL::err('InvalidTemplateSyntax'); // stop break; } // doublecheck position names foreach ($row as $cell) { // ignore unavailable space if ($cell != '/') { // not alphanumeric -> error if (!in_array($cell, $this->names)) { $errors[] = sprintf(BL::getError('NonExistingPositionName'), $cell); } elseif (mb_substr_count($html, '"#position-' . $cell . '"') != 1) { // can't build proper html -> error $errors[] = BL::err('InvalidTemplateSyntax'); } } } // reset $first = false; } // add errors if ($errors) { $this->frm->getField('format')->addError(implode('<br />', array_unique($errors))); } } // no errors? if ($this->frm->isCorrect()) { // build array $item['theme'] = $this->frm->getField('theme')->getValue(); $item['label'] = $this->frm->getField('label')->getValue(); $item['path'] = 'Core/Layout/Templates/' . $this->frm->getField('file')->getValue(); $item['active'] = $this->frm->getField('active')->getActualValue(); $item['data']['format'] = trim(str_replace(array("\n", "\r", ' '), '', $this->frm->getField('format')->getValue())); $item['data']['names'] = $this->names; $item['data']['default_extras'] = $this->extras; $item['data']['default_extras_' . BL::getWorkingLanguage()] = $this->extras; $item['data']['image'] = $this->frm->getField('image')->isChecked(); // serialize the data $item['data'] = serialize($item['data']); // insert the item $item['id'] = BackendExtensionsModel::insertTemplate($item); // trigger event BackendModel::triggerEvent($this->getModule(), 'after_add_template', array('item' => $item)); // set default template if ($this->frm->getField('default')->getChecked() && $item['theme'] == $this->get('fork.settings')->get('Core', 'theme', 'core')) { $this->get('fork.settings')->set($this->getModule(), 'default_template', $item['id']); } // everything is saved, so redirect to the overview $this->redirect(BackendModel::createURLForAction('ThemeTemplates') . '&theme=' . $item['theme'] . '&report=added-template&var=' . rawurlencode($item['label']) . '&highlight=row-' . $item['id']); } } }
/** * Validate a submitted form and process it. */ private function validateForm() { // the form is submitted if ($this->frm->isSubmitted()) { // shorten field variables $fileFile = $this->frm->getField('file'); // validate the file if ($fileFile->isFilled(BL::err('FieldIsRequired')) && $fileFile->isAllowedExtension(array('zip'), sprintf(BL::getError('ExtensionNotAllowed'), 'zip'))) { $moduleName = $this->installModule(); } // passed all validation if ($this->frm->isCorrect()) { // by now, the module has already been installed in processZipFile() // redirect with fireworks $this->redirect(BackendModel::createURLForAction('Modules') . '&report=module-installed&var=' . $moduleName . '&highlight=row-module_' . $moduleName); } } }
/** * Fetch the module information from the info.xml file. * * @param string $module * * @return array */ public static function getModuleInformation($module) { $pathInfoXml = BACKEND_MODULES_PATH . '/' . $module . '/info.xml'; $information = array('data' => array(), 'warnings' => array()); if (is_file($pathInfoXml)) { try { $infoXml = @new \SimpleXMLElement($pathInfoXml, LIBXML_NOCDATA, true); $information['data'] = self::processModuleXml($infoXml); if (empty($information['data'])) { $information['warnings'][] = array('message' => BL::getMessage('InformationFileIsEmpty')); } // check if cronjobs are installed already if (isset($information['data']['cronjobs'])) { foreach ($information['data']['cronjobs'] as $cronjob) { if (!$cronjob['active']) { $information['warnings'][] = array('message' => BL::getError('CronjobsNotSet')); } break; } } } catch (Exception $e) { $information['warnings'][] = array('message' => BL::getMessage('InformationFileCouldNotBeLoaded')); } } else { $information['warnings'][] = array('message' => BL::getMessage('InformationFileIsMissing')); } return $information; }
/** * Validate the form */ private function validateForm() { if ($this->frm->isSubmitted()) { $this->frm->cleanupFields(); // shorten the fields $txtName = $this->frm->getField('name'); $txtEmail = $this->frm->getField('email'); $ddmMethod = $this->frm->getField('method'); $txtSuccessMessage = $this->frm->getField('success_message'); $txtIdentifier = $this->frm->getField('identifier'); $emailAddresses = (array) explode(',', $txtEmail->getValue()); // validate fields $txtName->isFilled(BL::getError('NameIsRequired')); $txtSuccessMessage->isFilled(BL::getError('SuccessMessageIsRequired')); if ($ddmMethod->isFilled(BL::getError('NameIsRequired')) && $ddmMethod->getValue() == 'database_email') { $error = false; // check the addresses foreach ($emailAddresses as $address) { $address = trim($address); if (!\SpoonFilter::isEmail($address)) { $error = true; break; } } // add error if ($error) { $txtEmail->addError(BL::getError('EmailIsInvalid')); } } // identifier if ($txtIdentifier->isFilled()) { // invalid characters if (!\SpoonFilter::isValidAgainstRegexp('/^[a-zA-Z0-9\\.\\_\\-]+$/', $txtIdentifier->getValue())) { $txtIdentifier->setError(BL::getError('InvalidIdentifier')); } elseif (BackendFormBuilderModel::existsIdentifier($txtIdentifier->getValue(), $this->id)) { $txtIdentifier->setError(BL::getError('UniqueIdentifier')); } } if ($this->frm->isCorrect()) { // build array $values['name'] = $txtName->getValue(); $values['method'] = $ddmMethod->getValue(); $values['email'] = $ddmMethod->getValue() == 'database_email' ? serialize($emailAddresses) : null; $values['success_message'] = $txtSuccessMessage->getValue(true); $values['identifier'] = $txtIdentifier->isFilled() ? $txtIdentifier->getValue() : BackendFormBuilderModel::createIdentifier(); $values['edited_on'] = BackendModel::getUTCDate(); // insert the item $id = (int) BackendFormBuilderModel::update($this->id, $values); // trigger event BackendModel::triggerEvent($this->getModule(), 'after_edit', array('item' => $values)); // everything is saved, so redirect to the overview $this->redirect(BackendModel::createURLForAction('Index') . '&report=edited&var=' . rawurlencode($values['name']) . '&highlight=row-' . $id); } } }
/** * Execute the action */ public function execute() { parent::execute(); // get parameters $formId = \SpoonFilter::getPostValue('form_id', null, '', 'int'); $fieldId = \SpoonFilter::getPostValue('field_id', null, '', 'int'); $type = \SpoonFilter::getPostValue('type', array('checkbox', 'dropdown', 'datetime', 'heading', 'paragraph', 'radiobutton', 'submit', 'textarea', 'textbox'), '', 'string'); $label = trim(\SpoonFilter::getPostValue('label', null, '', 'string')); $values = trim(\SpoonFilter::getPostValue('values', null, '', 'string')); // this is somewhat a nasty hack, but it makes special chars work. $values = \SpoonFilter::htmlspecialcharsDecode($values); $defaultValues = trim(\SpoonFilter::getPostValue('default_values', null, '', 'string')); $placeholder = trim(\SpoonFilter::getPostValue('placeholder', null, '', 'string')); $classname = trim(\SpoonFilter::getPostValue('classname', null, '', 'string')); $required = \SpoonFilter::getPostValue('required', array('Y', 'N'), 'N', 'string'); $requiredErrorMessage = trim(\SpoonFilter::getPostValue('required_error_message', null, '', 'string')); $validation = \SpoonFilter::getPostValue('validation', array('email', 'numeric', 'time'), '', 'string'); $validationParameter = trim(\SpoonFilter::getPostValue('validation_parameter', null, '', 'string')); $errorMessage = trim(\SpoonFilter::getPostValue('error_message', null, '', 'string')); // special field for textbox: reply to $replyTo = \SpoonFilter::getPostValue('reply_to', array('Y', 'N'), 'N', 'string'); // special fields for datetime $inputType = \SpoonFilter::getPostValue('input_type', array('date', 'time'), 'date', 'string'); $valueAmount = trim(\SpoonFilter::getPostValue('value_amount', null, '', 'string')); $valueType = trim(\SpoonFilter::getPostValue('value_type', null, '', 'string')); // invalid form id if (!BackendFormBuilderModel::exists($formId)) { $this->output(self::BAD_REQUEST, null, 'form does not exist'); } else { // invalid fieldId if ($fieldId !== 0 && !BackendFormBuilderModel::existsField($fieldId, $formId)) { $this->output(self::BAD_REQUEST, null, 'field does not exist'); } else { // invalid type if ($type == '') { $this->output(self::BAD_REQUEST, null, 'invalid type provided'); } else { // extra validation is only possible for textfields & datetime fields if ($type != 'textbox' && $type != 'datetime') { $validation = ''; $validationParameter = ''; $errorMessage = ''; } // init $errors = array(); // validate textbox if ($type == 'textbox') { if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($replyTo == 'Y' && $validation != 'email') { $errors['reply_to_error_message'] = BL::getError('EmailValidationIsRequired'); } } elseif ($type == 'textarea') { // validate textarea if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } } elseif ($type == 'datetime') { // validate datetime if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if (in_array($valueType, array('day', 'week', 'month', 'year')) && $valueAmount == '') { $errors['default_value_error_message'] = BL::getError('ValueIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($validation != '' && $errorMessage == '') { $errors['error_message'] = BL::getError('ErrorMessageIsRequired'); } } elseif ($type == 'heading' && $values == '') { // validate heading $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'paragraph' && $values == '') { // validate paragraphs $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'submit' && $values == '') { // validate submitbuttons $errors['values'] = BL::getError('ValueIsRequired'); } elseif ($type == 'dropdown') { // validate dropdown $values = trim($values, ','); // validate if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } } elseif ($type == 'radiobutton') { // validate radiobutton if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } if ($values == '') { $errors['values'] = BL::getError('ValueIsRequired'); } } elseif ($type == 'checkbox') { // validate checkbox if ($label == '') { $errors['label'] = BL::getError('LabelIsRequired'); } if ($required == 'Y' && $requiredErrorMessage == '') { $errors['required_error_message'] = BL::getError('ErrorMessageIsRequired'); } } // got errors if (!empty($errors)) { $this->output(self::OK, array('errors' => $errors), 'form contains errors'); } else { // htmlspecialchars except for paragraphs if ($type != 'paragraph') { if ($values != '') { $values = \SpoonFilter::htmlspecialchars($values); } if ($defaultValues != '') { $defaultValues = \SpoonFilter::htmlspecialchars($defaultValues); } } // split if ($type == 'dropdown' || $type == 'checkbox') { $values = (array) explode('|', $values); } elseif ($type == 'radiobutton') { $postedValues = (array) explode('|', $values); $values = array(); foreach ($postedValues as $postedValue) { $values[] = array('value' => CommonUri::getUrl($postedValue), 'label' => $postedValue); } if ($defaultValues != '') { $defaultValues = CommonUri::getUrl($defaultValues); } } /* * Save! */ // settings $settings = array(); if ($label != '') { $settings['label'] = \SpoonFilter::htmlspecialchars($label); } if (isset($values)) { $settings['values'] = $values; } if ($defaultValues != '') { $settings['default_values'] = $defaultValues; } if ($placeholder != '') { $settings['placeholder'] = \SpoonFilter::htmlspecialchars($placeholder); } if ($classname != '') { $settings['classname'] = \SpoonFilter::htmlspecialchars($classname); } // reply-to, only for textboxes if ($type == 'textbox') { $settings['reply_to'] = $replyTo == 'Y'; } // only for datetime input if ($type == 'datetime') { $settings['input_type'] = $inputType; if ($inputType == 'date') { $settings['value_amount'] = $valueAmount; $settings['value_type'] = $valueType; } } // build array $field = array(); $field['form_id'] = $formId; $field['type'] = $type; $field['settings'] = !empty($settings) ? serialize($settings) : null; // existing field if ($fieldId !== 0) { // update field BackendFormBuilderModel::updateField($fieldId, $field); // delete all validation (added again later) BackendFormBuilderModel::deleteFieldValidation($fieldId); } else { // sequence $field['sequence'] = BackendFormBuilderModel::getMaximumSequence($formId) + 1; // insert $fieldId = BackendFormBuilderModel::insertField($field); } // required if ($required == 'Y') { // build array $validate['field_id'] = $fieldId; $validate['type'] = 'required'; $validate['error_message'] = \SpoonFilter::htmlspecialchars($requiredErrorMessage); // add validation BackendFormBuilderModel::insertFieldValidation($validate); // add to field (for parsing) $field['validations']['required'] = $validate; } // other validation if ($validation != '') { // build array $validate['field_id'] = $fieldId; $validate['type'] = $validation; $validate['error_message'] = \SpoonFilter::htmlspecialchars($errorMessage); $validate['parameter'] = $validationParameter != '' ? \SpoonFilter::htmlspecialchars($validationParameter) : null; // add validation BackendFormBuilderModel::insertFieldValidation($validate); // add to field (for parsing) $field['validations'][$type] = $validate; } // get item from database (i do this call again to keep the pof as low as possible) $field = BackendFormBuilderModel::getField($fieldId); // submit button isnt parsed but handled directly via javascript if ($type == 'submit') { $fieldHTML = ''; } else { // parse field to html $fieldHTML = FormBuilderHelper::parseField($field); } // success output $this->output(self::OK, array('field_id' => $fieldId, 'field_html' => $fieldHTML), 'field saved'); } } } } }
/** * Validate the form */ private function validateForm() { // is the form submitted? if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // get fields $chkNewEmail = $this->frm->getField('new_email'); $txtEmail = $this->frm->getField('email'); $txtDisplayName = $this->frm->getField('display_name'); $chkNewPassword = $this->frm->getField('new_password'); $txtPassword = $this->frm->getField('password'); $txtPasswordRepeat = $this->frm->getField('password_repeat'); $txtFirstName = $this->frm->getField('first_name'); $txtLastName = $this->frm->getField('last_name'); $txtCity = $this->frm->getField('city'); $ddmGender = $this->frm->getField('gender'); $ddmDay = $this->frm->getField('day'); $ddmMonth = $this->frm->getField('month'); $ddmYear = $this->frm->getField('year'); $ddmCountry = $this->frm->getField('country'); // email filled in? if ($chkNewEmail->isChecked() && $txtEmail->isFilled(BL::getError('EmailIsRequired'))) { // email must not be the same as previous one if ($txtEmail->getValue() == $this->profile['email']) { $txtEmail->addError(BL::getError('EmailMatchesPrevious')); } // valid email? if ($txtEmail->isEmail(BL::getError('EmailIsInvalid'))) { // email already exists? if (BackendProfilesModel::existsByEmail($txtEmail->getValue(), $this->id)) { // set error $txtEmail->addError(BL::getError('EmailExists')); } } } // display name filled in? if ($txtDisplayName->isFilled(BL::getError('DisplayNameIsRequired'))) { // display name already exists? if (BackendProfilesModel::existsDisplayName($txtDisplayName->getValue(), $this->id)) { // set error $txtDisplayName->addError(BL::getError('DisplayNameExists')); } } // new_password is checked, so verify new password (only if profile should not be notified) // because then if the password field is empty, it will generate a new password if ($chkNewPassword->isChecked() && !$this->notifyProfile) { $txtPassword->isFilled(BL::err('FieldIsRequired')); $txtPasswordRepeat->isFilled(BL::err('FieldIsRequired')); // both password fields are filled in and should match if ($txtPassword->isFilled() && $txtPasswordRepeat->isFilled() && $txtPassword->getValue() != $txtPasswordRepeat->getValue()) { $txtPasswordRepeat->addError(BL::err('PasswordRepeatIsRequired')); } } // one of the bday fields are filled in if ($ddmDay->isFilled() || $ddmMonth->isFilled() || $ddmYear->isFilled()) { // valid date? if (!checkdate($ddmMonth->getValue(), $ddmDay->getValue(), $ddmYear->getValue())) { // set error $ddmYear->addError(BL::getError('DateIsInvalid')); } } // no errors? if ($this->frm->isCorrect()) { // build item $values['email'] = $chkNewEmail->isChecked() ? $txtEmail->getValue() : $this->profile['email']; // only update if display name changed if ($txtDisplayName->getValue() != $this->profile['display_name']) { $values['display_name'] = $txtDisplayName->getValue(); $values['url'] = BackendProfilesModel::getUrl($txtDisplayName->getValue(), $this->id); } // new password filled in? if ($chkNewPassword->isChecked()) { // get new salt $salt = BackendProfilesModel::getRandomString(); // update salt BackendProfilesModel::setSetting($this->id, 'salt', $salt); // new password filled in? otherwise generate a password $password = $txtPassword->isFilled() ? $txtPassword->getValue() : BackendModel::generatePassword(8); // build password $values['password'] = BackendProfilesModel::getEncryptedString($password, $salt); } // update values BackendProfilesModel::update($this->id, $values); // birthday is filled in if ($ddmYear->isFilled()) { // mysql format $birthDate = $ddmYear->getValue() . '-'; $birthDate .= str_pad($ddmMonth->getValue(), 2, '0', STR_PAD_LEFT) . '-'; $birthDate .= str_pad($ddmDay->getValue(), 2, '0', STR_PAD_LEFT); } else { $birthDate = null; } // update settings BackendProfilesModel::setSetting($this->id, 'first_name', $txtFirstName->getValue()); BackendProfilesModel::setSetting($this->id, 'last_name', $txtLastName->getValue()); BackendProfilesModel::setSetting($this->id, 'gender', $ddmGender->getValue()); BackendProfilesModel::setSetting($this->id, 'birth_date', $birthDate); BackendProfilesModel::setSetting($this->id, 'city', $txtCity->getValue()); BackendProfilesModel::setSetting($this->id, 'country', $ddmCountry->getValue()); $displayName = isset($values['display_name']) ? $values['display_name'] : $this->profile['display_name']; $redirectUrl = BackendModel::createURLForAction('Index') . '&var=' . rawurlencode($values['email']) . '&highlight=row-' . $this->id . '&var=' . rawurlencode($displayName) . '&report='; if ($this->notifyProfile && ($chkNewEmail->isChecked() || $chkNewPassword->isChecked())) { // no new password if (!$chkNewPassword->isChecked()) { $password = BL::lbl('YourExistingPassword'); } // notify values $notifyValues = array_merge($values, array('id' => $this->id, 'first_name' => $txtFirstName->getValue(), 'last_name' => $txtLastName->getValue(), 'unencrypted_password' => $password)); if (!isset($notifyValues['display_name'])) { $notifyValues['display_name'] = $this->profile['display_name']; } BackendProfilesModel::notifyProfile($notifyValues, true); $redirectUrl .= 'saved-and-notified'; } else { $redirectUrl .= 'saved'; } // trigger event BackendModel::triggerEvent($this->getModule(), 'after_edit', array('item' => $values)); // everything is saved, so redirect to the overview $this->redirect($redirectUrl); } } }
/** * Validate a submitted form and process it. */ private function validateForm() { // The form is submitted if (!$this->frm->isSubmitted()) { return; } /** @var $fileFile \SpoonFormFile */ $fileFile = $this->frm->getField('file'); $zip = null; $zipFiles = null; // Validate the file. Check if the file field is filled and if it's a zip. if ($fileFile->isFilled(BL::err('FieldIsRequired')) && $fileFile->isAllowedExtension(array('zip'), sprintf(BL::getError('ExtensionNotAllowed'), 'zip'))) { // Create ziparchive instance $zip = new ZipArchive(); // Try and open it if ($zip->open($fileFile->getTempFileName()) === true) { // zip file needs to contain some files if ($zip->numFiles > 0) { $infoXml = $this->findInfoFileInZip($zip); // Throw error if info.xml is not found if ($infoXml === null) { return $fileFile->addError(sprintf(BL::getError('NoInformationFile'), $fileFile->getFileName())); } // Parse xml try { // Load info.xml $infoXml = @new \SimpleXMLElement($infoXml, LIBXML_NOCDATA, false); // Convert xml to useful array $this->info = BackendExtensionsModel::processThemeXml($infoXml); // Empty data (nothing useful) if (empty($this->info)) { return $fileFile->addError(BL::getMessage('InformationFileIsEmpty')); } // Define the theme name, based on the info.xml file. $this->themeName = $this->info['name']; } catch (Exception $e) { // Warning that the information file is corrupt return $fileFile->addError(BL::getMessage('InformationFileCouldNotBeLoaded')); } // Wow wow, you are trying to upload an already existing theme if (BackendExtensionsModel::existsTheme($this->themeName)) { return $fileFile->addError(sprintf(BL::getError('ThemeAlreadyExists'), $this->themeName)); } $zipFiles = $this->getValidatedFilesList($zip); } else { // Empty zip file $fileFile->addError(BL::getError('FileIsEmpty')); } } else { // Something went very wrong, probably corrupted return $fileFile->addError(BL::getError('CorruptedFile')); } } // Passed all validation if ($this->frm->isCorrect() && $zip !== null) { // Unpack the zip. If the files were not found inside a parent directory, we create the theme directory. $themePath = FRONTEND_PATH . '/Themes'; if ($this->parentFolderName === null) { $themePath .= "/{$this->themeName}"; } $zip->extractTo($themePath, $zipFiles); // Rename the original name of the parent folder from the zip to the correct theme foldername. $fs = new Filesystem(); $parentZipFolderPath = $themePath . '/' . $this->parentFolderName; if ($this->parentFolderName !== $this->themeName && $this->parentFolderName !== null && $fs->exists($parentZipFolderPath)) { $fs->rename($parentZipFolderPath, "{$themePath}/{$this->themeName}"); } // Run installer BackendExtensionsModel::installTheme($this->themeName); // Redirect with fireworks $this->redirect(BackendModel::createURLForAction('Themes') . '&report=theme-installed&var=' . $this->themeName); } }