/**
* Set a new value for a column of the database table.
* The value is only saved in the object. You must call the method @b save to store the new value to the database
* @param string $columnName The name of the database column whose value should get a new value
* @param mixed $newValue The new value that should be stored in the database field
* @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
* @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
*/
public function setValue($columnName, $newValue, $checkValue = true)
{
if ($columnName === 'lnk_url' && $newValue !== '') {
// Homepage darf nur gueltige Zeichen enthalten
if (!strValidCharacters($newValue, 'url')) {
return false;
}
// Homepage noch mit http vorbelegen
if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
$newValue = 'http://' . $newValue;
}
} elseif ($columnName === 'lnk_description') {
return parent::setValue($columnName, $newValue, false);
}
return parent::setValue($columnName, $newValue, $checkValue);
}
public function setValue($fieldNameIntern, $fieldValue)
{
global $gPreferences;
$returnCode = false;
if ($fieldValue !== '') {
if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
// Checkbox darf nur 1 oder 0 haben
if ($fieldValue != 0 && $fieldValue != 1 && $this->noValueCheck != true) {
return false;
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DATE') {
// Datum muss gueltig sein und formatiert werden
$date = DateTime::createFromFormat($gPreferences['system_date'], $fieldValue);
if ($date == false) {
if ($this->noValueCheck != true) {
return false;
}
} else {
$fieldValue = $date->format('Y-m-d');
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') {
// Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen
$fieldValue = admStrToLower($fieldValue);
if (!strValidCharacters($fieldValue, 'email') && $this->noValueCheck != true) {
return false;
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'NUMBER') {
// A number must be numeric
if (is_numeric($fieldValue) == false && $this->noValueCheck != true) {
return false;
} else {
// numbers don't have leading zero
$fieldValue = ltrim($fieldValue, '0');
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DECIMAL_NUMBER') {
// A number must be numeric
if (is_numeric(strtr($fieldValue, ',.', '00')) == false && $this->noValueCheck != true) {
return false;
} else {
// numbers don't have leading zero
$fieldValue = ltrim($fieldValue, '0');
}
} elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') {
// Homepage darf nur gueltige Zeichen enthalten
if (!strValidCharacters($fieldValue, 'url') && $this->noValueCheck != true) {
return false;
}
// Homepage noch mit http vorbelegen
if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) {
$fieldValue = 'http://' . $fieldValue;
}
}
}
// first check if user has a data object for this field and then set value of this user field
if (array_key_exists($this->mProfileFields[$fieldNameIntern]->getValue('usf_id'), $this->mUserData)) {
$returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue);
} elseif (isset($this->mProfileFields[$fieldNameIntern]) == true && $fieldValue !== '') {
$this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')] = new TableAccess($this->mDb, TBL_USER_DATA, 'usd');
$this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usf_id', $this->mProfileFields[$fieldNameIntern]->getValue('usf_id'));
$this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usr_id', $this->mUserId);
$returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue);
}
if ($returnCode && $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->hasColumnsValueChanged()) {
$this->columnsValueChanged = true;
}
return $returnCode;
}
$adminTable->addRowHeadingByArray($columnHeading);
// Get folders
if (isset($folderContent['additionalFolders'])) {
for ($i = 0; $i < count($folderContent['additionalFolders']); $i++) {
$nextFolder = $folderContent['additionalFolders'][$i];
$columnValues = array('<img src="' . THEME_PATH . '/icons/download.png" alt="' . $gL10n->get('SYS_FOLDER') . '" title="' . $gL10n->get('SYS_FOLDER') . '" />', $nextFolder['fol_name'], '<a class="admidio-icon-link" href="' . $g_root_path . '/adm_program/modules/downloads/download_function.php?mode=6&folder_id=' . $getFolderId . '&name=' . urlencode($nextFolder['fol_name']) . '">
<img src="' . THEME_PATH . '/icons/database_in.png" alt="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" title="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" /></a>');
$adminTable->addRowByArray($columnValues);
}
}
// Get files
if (isset($folderContent['additionalFiles'])) {
for ($i = 0; $i < count($folderContent['additionalFiles']); $i++) {
$nextFile = $folderContent['additionalFiles'][$i];
// Get filetyp
$fileExtension = admStrToLower(substr($nextFile['fil_name'], strrpos($nextFile['fil_name'], '.') + 1));
// Choose icon for the file
$iconFile = 'page_white_question.png';
if (array_key_exists($fileExtension, $icon_file_extension)) {
$iconFile = $icon_file_extension[$fileExtension];
}
$columnValues = array('<img src="' . THEME_PATH . '/icons/' . $iconFile . '" alt="' . $gL10n->get('SYS_FILE') . '" title="' . $gL10n->get('SYS_FILE') . '" /></a>', $nextFile['fil_name'], '<a class="admidio-icon-link" href="' . $g_root_path . '/adm_program/modules/downloads/download_function.php?mode=6&folder_id=' . $getFolderId . '&name=' . urlencode($nextFile['fil_name']) . '">
<img src="' . THEME_PATH . '/icons/database_in.png" alt="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" title="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" /></a>');
$adminTable->addRowByArray($columnValues);
}
}
$htmlAdminTable = $adminTable->show(false);
}
}
// Output module html to client
$page->addHtml($navigationBar);
/**
* Set a new value for a column of the database table.
* The value is only saved in the object. You must call the method @b save to store the new value to the database
* @param string $columnName The name of the database column whose value should get a new value
* @param $newValue The new value that should be stored in the database field
* @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
* @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
*/
public function setValue($columnName, $newValue, $checkValue = true)
{
// org_shortname shouldn't be edited
if ($columnName == 'org_shortname' && $this->new_record == false) {
return false;
} elseif ($columnName == 'org_homepage' && $newValue !== '') {
// Homepage darf nur gueltige Zeichen enthalten
if (!strValidCharacters($newValue, 'url')) {
return false;
}
// Homepage noch mit http vorbelegen
if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
$newValue = 'http://' . $newValue;
}
}
return parent::setValue($columnName, $newValue, $checkValue);
}
/**
* Check if a string contains only valid characters. Therefore the string is
* compared with a hard coded list of valid characters for each datatype.
* @param string $string The string that should be checked.
* @param string $checkType The type @b email, @b file, @b noSpecialChar or @b url that will be checked.
* Each type has a different valid character list.
* @return bool Returns @b true if all characters of @b string match the internal character list.
*/
function strValidCharacters($string, $checkType)
{
if (trim($string) !== '') {
switch ($checkType) {
case 'email':
$validChars = 'abcdefghijklmnopqrstuvwxyz0123456789áàâåäæcccçéèeênnñóòôöõøœúùûüß.-_@';
break;
case 'file':
$validChars = 'abcdefghijklmnopqrstuvwxyz0123456789áàâåäæcccçéèeênnñóòôöõøœúùûüß$&!?.-_+ ';
break;
case 'noSpecialChar':
// eine einfache E-Mail-Adresse sollte dennoch moeglich sein (Benutzername)
$validChars = 'abcdefghijklmnopqrstuvwxyz0123456789.-_+@';
break;
case 'url':
$validChars = 'abcdefghijklmnopqrstuvwxyz0123456789áàâåäæcccçéèeênnñóòôöõøœúùûüß.-_:/#?=%&!';
break;
default:
return false;
}
// check if string contains only valid characters
if (strspn(admStrToLower($string), $validChars) === strlen($string)) {
switch ($checkType) {
case 'email':
return filter_var(trim($string), FILTER_VALIDATE_EMAIL) !== false && preg_match('/^[^@]+@[^@]+\\.[^@]{2,}$/', trim($string));
case 'url':
return filter_var(trim($string), FILTER_VALIDATE_URL) !== false;
default:
return true;
}
}
}
return false;
}
/**
* prepare SQL to list configuration
* @param $roleIds Array with all roles, which members are shown
* @param int $memberStatus 0 - Only active mebers of a role
* 1 - Only former members
* 2 - Active and former members of a role
* @param string|null $startDate
* @param string|null $endDate
* @throws AdmException
* @return string
*/
public function getSQL($roleIds, $memberStatus = 0, $startDate = null, $endDate = null)
{
global $gL10n, $gProfileFields, $gCurrentOrganization, $gDbType;
$sql = '';
$sqlSelect = '';
$sqlJoin = '';
$sqlWhere = '';
$sqlOrderBy = '';
$sqlRoleIds = '';
$sqlMemberStatus = '';
foreach ($this->columns as $number => $listColumn) {
// add column
if ($sqlSelect !== '') {
$sqlSelect = $sqlSelect . ', ';
}
if ($listColumn->getValue('lsc_usf_id') > 0) {
// dynamic profile field
$tableAlias = 'row' . $listColumn->getValue('lsc_number') . 'id' . $listColumn->getValue('lsc_usf_id');
// define JOIN - Syntax
$sqlJoin = $sqlJoin . ' LEFT JOIN ' . TBL_USER_DATA . ' ' . $tableAlias . '
ON ' . $tableAlias . '.usd_usr_id = usr_id
AND ' . $tableAlias . '.usd_usf_id = ' . $listColumn->getValue('lsc_usf_id');
// usf_id is prefix for the table
$dbColumnName = $tableAlias . '.usd_value';
} else {
// Special fields like usr_photo, mem_begin ...
$dbColumnName = $listColumn->getValue('lsc_special_field');
}
$sqlSelect = $sqlSelect . $dbColumnName;
$userFieldType = $gProfileFields->getPropertyById($listColumn->getValue('lsc_usf_id'), 'usf_type');
// create a valid sort
if (strlen($listColumn->getValue('lsc_sort')) > 0) {
if ($sqlOrderBy !== '') {
$sqlOrderBy = $sqlOrderBy . ', ';
}
if ($userFieldType === 'NUMBER' || $userFieldType === 'DECIMAL') {
// if a field has numeric values then there must be a cast because database
// column is varchar. A varchar sort of 1,10,2 will be with cast 1,2,10
if ($gDbType === 'postgresql') {
$columnType = 'numeric';
} else {
// mysql
$columnType = 'unsigned';
}
$sqlOrderBy = $sqlOrderBy . ' CAST(' . $dbColumnName . ' AS ' . $columnType . ') ' . $listColumn->getValue('lsc_sort');
} else {
$sqlOrderBy = $sqlOrderBy . $dbColumnName . ' ' . $listColumn->getValue('lsc_sort');
}
}
// Handle the conditions for the columns
if (strlen($listColumn->getValue('lsc_filter')) > 0) {
$value = $listColumn->getValue('lsc_filter');
// custom profile field
if ($listColumn->getValue('lsc_usf_id') > 0) {
switch ($userFieldType) {
case 'CHECKBOX':
$type = 'checkbox';
// 'yes' or 'no' will be replaced with 1 or 0, so that you can compare it with the database value
$arrCheckboxValues = array($gL10n->get('SYS_YES'), $gL10n->get('SYS_NO'), 'true', 'false');
$arrCheckboxKeys = array(1, 0, 1, 0);
$value = str_replace(array_map('admStrToLower', $arrCheckboxValues), $arrCheckboxKeys, admStrToLower($value));
break;
case 'DROPDOWN':
case 'RADIO_BUTTON':
$type = 'int';
// replace all field values with their internal numbers
$arrListValues = $gProfileFields->getPropertyById($listColumn->getValue('lsc_usf_id'), 'usf_value_list', 'text');
$value = array_search(admStrToLower($value), array_map('admStrToLower', $arrListValues), true);
break;
case 'NUMBER':
case 'DECIMAL':
$type = 'int';
break;
case 'DATE':
$type = 'date';
break;
default:
$type = 'string';
}
} else {
switch ($listColumn->getValue('lsc_special_field')) {
case 'mem_begin':
case 'mem_end':
$type = 'date';
break;
case 'usr_login_name':
$type = 'string';
break;
case 'usr_photo':
$type = '';
break;
}
}
$parser = new ConditionParser();
// if profile field then add not exists condition
if ($listColumn->getValue('lsc_usf_id') > 0) {
$parser->setNotExistsStatement('SELECT 1 FROM ' . TBL_USER_DATA . ' ' . $tableAlias . 's
WHERE ' . $tableAlias . 's.usd_usr_id = usr_id
AND ' . $tableAlias . 's.usd_usf_id = ' . $listColumn->getValue('lsc_usf_id'));
}
// now transform condition into SQL
$condition = $parser->makeSqlStatement($value, $dbColumnName, $type, $gProfileFields->getPropertyById($listColumn->getValue('lsc_usf_id'), 'usf_name'));
$sqlWhere = $sqlWhere . $condition;
}
}
// Create role-IDs
foreach ($roleIds as $key => $value) {
if (is_numeric($key)) {
if ($sqlRoleIds !== '') {
$sqlRoleIds = $sqlRoleIds . ', ';
}
$sqlRoleIds = $sqlRoleIds . $value;
}
}
// Set state of membership
if ($memberStatus === 0) {
if ($startDate === null) {
$sqlMemberStatus = 'AND mem_begin <= \'' . DATE_NOW . '\'';
} else {
$sqlMemberStatus = 'AND mem_begin <= \'' . $endDate . ' 23:59:59\'';
}
if ($endDate === null) {
$sqlMemberStatus .= 'AND mem_end >= \'' . DATE_NOW . '\'';
} else {
$sqlMemberStatus .= 'AND mem_end >= \'' . $startDate . ' 00:00:00\'';
}
} elseif ($memberStatus === 1) {
$sqlMemberStatus = 'AND mem_end < \'' . DATE_NOW . '\'';
}
// Set SQL-Statement
$sql = 'SELECT mem_leader, usr_id, ' . $sqlSelect . '
FROM ' . TBL_ROLES . ', ' . TBL_CATEGORIES . ', ' . TBL_MEMBERS . ', ' . TBL_USERS . '
' . $sqlJoin . '
WHERE rol_id IN (' . $sqlRoleIds . ')
AND rol_cat_id = cat_id
AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . '
OR cat_org_id IS NULL )
AND mem_rol_id = rol_id
' . $sqlMemberStatus . '
AND mem_usr_id = usr_id
AND usr_valid = 1
' . $sqlWhere . '
ORDER BY mem_leader DESC ';
if ($sqlOrderBy !== '') {
$sql = $sql . ', ' . $sqlOrderBy;
}
return $sql;
}
/**
* Set a new value for a column of the database table.
* The value is only saved in the object. You must call the method @b save to store the new value to the database
* @param string $columnName The name of the database column whose value should get a new value
* @param $newValue The new value that should be stored in the database field
* @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
* @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
*/
public function setValue($columnName, $newValue, $checkValue = true)
{
if ($newValue !== '') {
if ($columnName === 'gbc_email') {
$newValue = admStrToLower($newValue);
if (!strValidCharacters($newValue, 'email')) {
// falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt
return false;
}
}
}
if ($columnName === 'gbc_text') {
return parent::setValue($columnName, $newValue, false);
}
return parent::setValue($columnName, $newValue, $checkValue);
}
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that
* is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options An array with the following possible entries:
* @b defaultValue: A value that will be set if the variable has no value
* @b requireValue: If set to @b true than a value is required otherwise the function
* returns an error
* @b validValues: An array with all values that the variable could have. If another
* value is found than the function returns an error
* @b directOutput: If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
// set default value for each datatype if no value is given and no value was required
if (!isset($array[$variableName]) || $array[$variableName] === '') {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$array[$variableName] = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'boolean' || $datatype === 'numeric') {
$array[$variableName] = 0;
} elseif ($datatype === 'string' || $datatype === 'html') {
$array[$variableName] = '';
} elseif ($datatype === 'date') {
$array[$variableName] = '';
}
return $array[$variableName];
}
}
if ($datatype === 'boolean') {
// boolean type must be 0 or 1 otherwise throw error
// do not check with in_array because this function don't work properly
if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
} elseif ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
admStrIsValidFileName($array[$variableName]);
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($array[$variableName])) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
break;
case 'string':
$array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $array[$variableName];
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
/**
* Set a new value for a column of the database table.
* The value is only saved in the object. You must call the method @b save to store the new value to the database
* @param string $columnName The name of the database column whose value should get a new value
* @param mixed $newValue The new value that should be stored in the database field
* @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
* @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
*/
public function setValue($columnName, $newValue, $checkValue = true)
{
// name, category and type couldn't be edited if it's a system field
if (($columnName === 'usf_cat_id' || $columnName === 'usf_type' || $columnName === 'usf_name') && $this->getValue('usf_system') == 1) {
return false;
} elseif ($columnName === 'usf_cat_id' && $this->getValue($columnName) !== $newValue) {
// erst einmal die hoechste Reihenfolgennummer der Kategorie ermitteln
$sql = 'SELECT COUNT(*) as count FROM ' . TBL_USER_FIELDS . '
WHERE usf_cat_id = ' . $newValue;
$countUserFieldsStatement = $this->db->query($sql);
$row = $countUserFieldsStatement->fetch();
$this->setValue('usf_sequence', $row['count'] + 1);
} elseif ($columnName === 'usf_description') {
return parent::setValue($columnName, $newValue, false);
} elseif ($columnName === 'usf_url' && $newValue !== '') {
// Homepage darf nur gueltige Zeichen enthalten
if (!strValidCharacters($newValue, 'url')) {
return false;
}
// Homepage noch mit http vorbelegen
if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
$newValue = 'http://' . $newValue;
}
}
return parent::setValue($columnName, $newValue, $checkValue);
}
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html,
* @b date or @b file that is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options (optional) An array with the following possible entries:
* - @b defaultValue : A value that will be set if the variable has no value
* - @b requireValue : If set to @b true than a value is required otherwise the function
* returns an error
* - @b validValues : An array with all values that the variable could have. If another
* value is found than the function returns an error
* - @b directOutput : If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code
* // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old')));
* @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
$value = null;
// set default value for each datatype if no value is given and no value was required
if (array_key_exists($variableName, $array) && $array[$variableName] !== '') {
$value = $array[$variableName];
} else {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$value = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'bool' || $datatype === 'boolean') {
$value = false;
} elseif ($datatype === 'numeric' || $datatype === 'int') {
$value = 0;
} elseif ($datatype === 'float') {
$value = 0.0;
} else {
$value = '';
}
return $value;
}
}
if ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
if ($value !== '') {
admStrIsValidFileName($value);
}
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $value);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'bool':
case 'boolean':
$valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
// Bug workaround PHP <5.4.8
// https://bugs.php.net/bug.php?id=49510
if ($valid === null && ($value === null || $value === false || $value === '')) {
$valid = false;
}
if ($valid === null) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
$value = $valid;
break;
case 'int':
case 'float':
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($value)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} else {
if ($datatype === 'int') {
$value = filter_var($value, FILTER_VALIDATE_INT);
} elseif ($datatype === 'float') {
$value = filter_var($value, FILTER_VALIDATE_FLOAT);
} else {
// https://secure.php.net/manual/en/function.is-numeric.php#107326
$value = $value + 0;
}
}
break;
case 'string':
$value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$value = htmLawed(stripslashes($value), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $value;
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
/**
* method adds main recipients to mail
* @param string $address
* @param string $name
* @return true|string
*/
public function addRecipient($address, $name = '')
{
$address = admStrToLower($address);
try {
$this->AddAddress($address, $name);
} catch (phpmailerException $e) {
return $e->errorMessage();
}
$this->emAddresses = $this->emAddresses . $name . "\r\n";
return true;
}
/**
* Check if a string contains only valid characters. Therefore the string is
* compared with a hard coded list of valid characters for each datatype.
* @param string $string The string that should be checked.
* @param string $checkType The type @b email, @b file, @b noSpecialChar, @b phone or @b url that will be checked.
* Each type has a different valid character list.
* @param bool $onlyCheckValidChars If set to true than syntax of email or url will not be checked. Only if the
* characters are valid for email or url
* @return bool Returns @b true if all characters of @b string match the internal character list.
*/
function strValidCharacters($string, $checkType, $onlyCheckValidChars = false)
{
if (trim($string) !== '') {
switch ($checkType) {
case 'email':
$validRegex = '/^[áàâåäæcccçéèeênnñóòôöõøœúùûüß\\w\\.@+-]+$/';
break;
case 'file':
$validRegex = '/^[áàâåäæcccçéèeênnñóòôöõøœúùûüß\\w\\.@$&!?() +-]+$/';
break;
case 'noSpecialChar':
// eine einfache E-Mail-Adresse sollte dennoch moeglich sein (Benutzername)
$validRegex = '/^[\\w\\.@+-]+$/';
break;
case 'phone':
$validRegex = '/^[\\d\\/() +-]+$/';
break;
case 'url':
$validRegex = '/^[áàâåäæcccçéèeênnñóòôöõøœúùûüß\\w\\.\\/@$&!?%=#:() +-]+$/';
break;
default:
return false;
}
// check if string contains only valid characters
if (preg_match($validRegex, admStrToLower($string))) {
switch ($checkType) {
case 'email':
return filter_var(trim($string), FILTER_VALIDATE_EMAIL) !== false;
case 'url':
return filter_var(trim($string), FILTER_VALIDATE_URL) !== false;
default:
return true;
}
}
}
return false;
}
// Daten des Administrators in Sessionvariablen gefiltert speichern
$_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']);
$_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']);
$_SESSION['user_email'] = strStripTags($_POST['user_email']);
$_SESSION['user_login'] = strStripTags($_POST['user_login']);
$_SESSION['user_password'] = $_POST['user_password'];
$_SESSION['user_password_confirm'] = $_POST['user_password_confirm'];
if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') {
showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
// username should only have valid chars
if (!strValidCharacters($_SESSION['user_login'], 'noSpecialChar')) {
showNotice($gL10n->get('SYS_FIELD_INVALID_CHAR', $gL10n->get('SYS_USERNAME')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
// email should only have valid chars
$_SESSION['user_email'] = admStrToLower($_SESSION['user_email']);
if (!strValidCharacters($_SESSION['user_email'], 'email')) {
showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
// password must be the same with password confirm
if ($_SESSION['user_password'] !== $_SESSION['user_password_confirm']) {
showNotice($gL10n->get('INS_PASSWORDS_NOT_EQUAL'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
if (strlen($_SESSION['user_password']) < 8 || strlen($_SESSION['user_password_confirm']) < 8) {
showNotice($gL10n->get('PRO_PASSWORD_LENGTH'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
}
// if config file exists than don't create a new one
if ($_SESSION['create_config_file'] === false) {
header('Location: installation.php?mode=8');
exit;
} elseif ($field->getValue('usf_type') == 'DROPDOWN' || $field->getValue('usf_type') == 'RADIO_BUTTON') {
// save position of combobox
$arrListValues = $field->getValue('usf_value_list', 'text');
$position = 1;
foreach ($arrListValues as $key => $value) {
if (strcmp(admStrToLower($columnValue), admStrToLower(trim($arrListValues[$position]))) == 0) {
// if col_value is text than save position if text is equal to text of position
$user->setValue($field->getValue('usf_name_intern'), $position);
} elseif (is_numeric($columnValue) && !is_numeric($arrListValues[$position]) && $columnValue > 0 && $columnValue < 1000) {
// if col_value is numeric than save position if col_value is equal to position
$user->setValue($field->getValue('usf_name_intern'), $columnValue);
}
$position++;
}
} elseif ($field->getValue('usf_type') == 'EMAIL') {
$columnValue = admStrToLower($columnValue);
if (strValidCharacters($columnValue, 'email')) {
$user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255));
}
} elseif ($field->getValue('usf_type') == 'INTEGER') {
// number could contain dot and comma
if (is_numeric(strtr($columnValue, ',.', '00')) == true) {
$user->setValue($field->getValue('usf_name_intern'), $columnValue);
}
} elseif ($field->getValue('usf_type') == 'TEXT') {
$user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 50));
} else {
$user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255));
}
}
}
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For column @c usf_value_list the following format is accepted: @n
* @b database returns database value of usf_value_list; @n
* @b text extract only text from usf_value_list, image infos will be ignored @n
* For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n
* For text columns the format can be @b database that would be the database value without any transformations
* @return Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
if ($columnName === 'inf_description') {
if (!isset($this->dbColumns['inf_description'])) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8');
} else {
$value = $this->dbColumns['inf_description'];
}
} elseif ($columnName === 'inf_name_intern') {
// internal name should be read with no conversion
$value = parent::getValue($columnName, 'database');
} else {
$value = parent::getValue($columnName, $format);
}
if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
} elseif ($columnName === 'inf_value_list' && $format !== 'database') {
if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
$arrListValues = explode("\r\n", $value);
$arrListValuesWithKeys = array();
// array with list values and keys that represents the internal value
foreach ($arrListValues as $key => &$listValue) {
if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
// if value is imagefile or imageurl then show image
if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
// if there is imagefile and text separated by | then explode them
if (strpos($listValue, '|') > 0) {
$listValueImage = substr($listValue, 0, strpos($listValue, '|'));
$listValueText = substr($listValue, strpos($listValue, '|') + 1);
} else {
$listValueImage = $listValue;
$listValueText = $this->getValue('inf_name');
}
// if text is a translation-id then translate it
if (strpos($listValueText, '_') === 3) {
$listValueText = $gL10n->get(admStrToUpper($listValueText));
}
if ($format === 'text') {
// if no image is wanted then return the text part or only the position of the entry
if (strpos($listValue, '|') > 0) {
$listValue = $listValueText;
} else {
$listValue = $key + 1;
}
} else {
try {
// create html for optionbox entry
if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
$listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
} elseif (admStrIsValidFileName($listValueImage, true)) {
$listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
}
} catch (AdmException $e) {
$e->showText();
}
}
}
}
// if text is a translation-id then translate it
if (strpos($listValue, '_') === 3) {
$listValue = $gL10n->get(admStrToUpper($listValue));
}
// save values in new array that starts with key = 1
$arrListValuesWithKeys[++$key] = $listValue;
}
$value = $arrListValuesWithKeys;
}
}
return $value;
}
/**
* Set a new value for a column of the database table.
* The value is only saved in the object. You must call the method @b save to store the new value to the database
* @param string $columnName The name of the database column whose value should get a new value
* @param $newValue The new value that should be stored in the database field
* @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
* @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
*/
public function setValue($columnName, $newValue, $checkValue = true)
{
if ($newValue !== '') {
if ($columnName === 'gbo_email') {
$newValue = admStrToLower($newValue);
if (!strValidCharacters($newValue, 'email')) {
// falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt
return false;
}
} elseif ($columnName === 'gbo_homepage') {
// Homepage darf nur gueltige Zeichen enthalten
if (!strValidCharacters($newValue, 'url')) {
return false;
}
// Homepage noch mit http vorbelegen
if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
$newValue = 'http://' . $newValue;
}
}
}
if ($columnName === 'gbo_text') {
return parent::setValue($columnName, $newValue, false);
}
return parent::setValue($columnName, $newValue, $checkValue);
}
/**
* Creates a html structure for a form field. This structure contains the label and the div for the form element.
* After the form element is added the method closeControlStructure must be called.
* @param string $id The id of this field structure.
* @param string $label The label of the field. This string should already be translated.
* @param int $property (optional) With this param you can set the following properties:
* - @b FIELD_DEFAULT : The field can accept an input.
* - @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value.
* - @b FIELD_DISABLED : The field will be disabled and could not accept an input.
* @param string $helpTextId (optional) A unique text id from the translation xml files that should be shown e.g. SYS_ENTRY_MULTI_ORGA.
* If set a help icon will be shown where the user can see the text if he hover over the icon.
* If you need an additional parameter for the text you can add an array. The first entry
* must be the unique text id and the second entry will be a parameter of the text id.
* @param string $icon (optional) An icon can be set. This will be placed in front of the label.
* @param string $class (optional) An additional css classname for the row. The class @b admFieldRow
* is set as default and need not set with this parameter.
*/
protected function openControlStructure($id, $label, $property = FIELD_DEFAULT, $helpTextId = '', $icon = '', $class = '')
{
$cssClassRow = '';
$htmlIcon = '';
$htmlHelpIcon = '';
$htmlIdFor = '';
// set specific css class for this row
if ($class !== '') {
$cssClassRow .= ' ' . $class;
}
// if necessary set css class for a mandatory element
if ($property === FIELD_REQUIRED && $this->showRequiredFields) {
$cssClassMandatory = ' admidio-form-group-required';
$cssClassRow .= $cssClassMandatory;
$this->flagRequiredFields = true;
}
if ($id !== '') {
$htmlIdFor = ' for="' . $id . '"';
$this->addHtml('<div id="' . $id . '_group" class="form-group' . $cssClassRow . '">');
} else {
$this->addHtml('<div class="form-group' . $cssClassRow . '">');
}
if (strlen($icon) > 0) {
// create html for icon
if (strpos(admStrToLower($icon), 'http') === 0 && strValidCharacters($icon, 'url')) {
$htmlIcon = '<img class="admidio-icon-info" src="' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
} elseif (admStrIsValidFileName($icon, true)) {
$htmlIcon = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
}
}
if ($helpTextId !== '') {
$htmlHelpIcon = $this->getHelpTextIcon($helpTextId);
}
// add label element
if ($this->type === 'vertical' || $this->type === 'navbar') {
if ($label !== '') {
$this->addHtml('<label' . $htmlIdFor . '>' . $htmlIcon . $label . $htmlHelpIcon . '</label>');
}
} else {
if ($label !== '') {
$this->addHtml('<label' . $htmlIdFor . ' class="col-sm-3 control-label">' . $htmlIcon . $label . $htmlHelpIcon . '</label>
<div class="col-sm-9">');
} else {
$this->addHtml('<div class="col-sm-offset-3 col-sm-9">');
}
}
}
/**
* method adds main recipients to mail
* @param string $address
* @param string $name
* @return true|string
*/
public function addRecipient($address, $name = '')
{
$address = admStrToLower($address);
// Recipient must be Ascii-US formated, so encode in MimeHeader
$asciiName = stripslashes($name);
try {
$this->AddAddress($address, $name);
} catch (phpmailerException $e) {
return $e->errorMessage();
}
$this->emAddresses = $this->emAddresses . $name . "\r\n";
return true;
}
case 'downloads':
$checkboxes = array('enable_download_module');
break;
case 'guestbook':
$checkboxes = array('enable_guestbook_captcha', 'enable_gbook_comments4all', 'enable_intial_comments_loading');
break;
case 'ecards':
$checkboxes = array('enable_ecard_module');
break;
case 'lists':
$checkboxes = array('lists_hide_overview_details');
break;
case 'messages':
$checkboxes = array('enable_mail_module', 'enable_pm_module', 'enable_chat_module', 'enable_mail_captcha', 'mail_html_registered_users', 'mail_into_to', 'mail_show_former');
if ($_POST['mail_sendmail_address'] !== '') {
$_POST['mail_sendmail_address'] = admStrToLower($_POST['mail_sendmail_address']);
if (!strValidCharacters($_POST['mail_sendmail_address'], 'email')) {
$gMessage->show($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('MAI_SENDER_EMAIL')));
}
}
break;
case 'photos':
$checkboxes = array('photo_download_enabled', 'photo_keep_original');
break;
case 'profile':
$checkboxes = array('profile_log_edit_fields', 'profile_show_map_link', 'profile_show_roles', 'profile_show_former_roles', 'profile_show_extern_roles');
break;
case 'events':
$checkboxes = array('enable_dates_ical', 'dates_show_map_link', 'dates_show_rooms');
break;
case 'links':
/**
* set value for column usd_value of field
* @param $fieldNameIntern
* @param $fieldValue
* @return bool
*/
public function setValue($fieldNameIntern, $fieldValue)
{
global $gPreferences;
$returnCode = false;
if ($fieldValue !== '') {
switch ($this->mInventoryFields[$fieldNameIntern]->getValue('inf_type')) {
case 'CHECKBOX':
// Checkbox darf nur 1 oder 0 haben
if ($fieldValue != 0 && $fieldValue != 1 && !$this->noValueCheck) {
return false;
}
break;
case 'DATE':
// Datum muss gueltig sein und formatiert werden
$date = new DateTimeExtended($fieldValue, $gPreferences['system_date']);
if (!$date->isValid()) {
if (!$this->noValueCheck) {
return false;
}
} else {
$fieldValue = $date->format('Y-m-d');
}
break;
case 'EMAIL':
// Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen
$fieldValue = admStrToLower($fieldValue);
if (!strValidCharacters($fieldValue, 'email') && !$this->noValueCheck) {
return false;
}
break;
case 'NUMBER':
// A number must be numeric
if (!is_numeric($fieldValue) && !$this->noValueCheck) {
return false;
} else {
// numbers don't have leading zero
$fieldValue = ltrim($fieldValue, '0');
}
break;
case 'DECIMAL':
// A number must be numeric
if (!is_numeric(strtr($fieldValue, ',.', '00')) && !$this->noValueCheck) {
return false;
} else {
// numbers don't have leading zero
$fieldValue = ltrim($fieldValue, '0');
}
break;
case 'URL':
// Homepage darf nur gueltige Zeichen enthalten
if (!strValidCharacters($fieldValue, 'url') && !$this->noValueCheck) {
return false;
}
// Homepage noch mit http vorbelegen
if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) {
$fieldValue = 'http://' . $fieldValue;
}
break;
}
}
$infId = $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id');
// first check if user has a data object for this field and then set value of this user field
if (array_key_exists($infId, $this->mInventoryData)) {
$returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue);
} elseif (isset($this->mInventoryFields[$fieldNameIntern]) && $fieldValue !== '') {
$this->mInventoryData[$infId] = new TableAccess($this->mDb, TBL_INVENT_DATA, 'ind');
$this->mInventoryData[$infId]->setValue('ind_inf_id', $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id'));
$this->mInventoryData[$infId]->setValue('ind_itm_id', $this->mItemId);
$returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue);
}
if ($returnCode && $this->mInventoryData[$infId]->hasColumnsValueChanged()) {
$this->columnsValueChanged = true;
}
return $returnCode;
}
