/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($columnName === 'lnk_url' && $newValue !== '') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } elseif ($columnName === 'lnk_description') { return parent::setValue($columnName, $newValue, false); } return parent::setValue($columnName, $newValue, $checkValue); }
public function setValue($fieldNameIntern, $fieldValue) { global $gPreferences; $returnCode = false; if ($fieldValue !== '') { if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') { // Checkbox darf nur 1 oder 0 haben if ($fieldValue != 0 && $fieldValue != 1 && $this->noValueCheck != true) { return false; } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DATE') { // Datum muss gueltig sein und formatiert werden $date = DateTime::createFromFormat($gPreferences['system_date'], $fieldValue); if ($date == false) { if ($this->noValueCheck != true) { return false; } } else { $fieldValue = $date->format('Y-m-d'); } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') { // Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen $fieldValue = admStrToLower($fieldValue); if (!strValidCharacters($fieldValue, 'email') && $this->noValueCheck != true) { return false; } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'NUMBER') { // A number must be numeric if (is_numeric($fieldValue) == false && $this->noValueCheck != true) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DECIMAL_NUMBER') { // A number must be numeric if (is_numeric(strtr($fieldValue, ',.', '00')) == false && $this->noValueCheck != true) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($fieldValue, 'url') && $this->noValueCheck != true) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) { $fieldValue = 'http://' . $fieldValue; } } } // first check if user has a data object for this field and then set value of this user field if (array_key_exists($this->mProfileFields[$fieldNameIntern]->getValue('usf_id'), $this->mUserData)) { $returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue); } elseif (isset($this->mProfileFields[$fieldNameIntern]) == true && $fieldValue !== '') { $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')] = new TableAccess($this->mDb, TBL_USER_DATA, 'usd'); $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usf_id', $this->mProfileFields[$fieldNameIntern]->getValue('usf_id')); $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usr_id', $this->mUserId); $returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue); } if ($returnCode && $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->hasColumnsValueChanged()) { $this->columnsValueChanged = true; } return $returnCode; }
$adminTable->addRowHeadingByArray($columnHeading); // Get folders if (isset($folderContent['additionalFolders'])) { for ($i = 0; $i < count($folderContent['additionalFolders']); $i++) { $nextFolder = $folderContent['additionalFolders'][$i]; $columnValues = array('<img src="' . THEME_PATH . '/icons/download.png" alt="' . $gL10n->get('SYS_FOLDER') . '" title="' . $gL10n->get('SYS_FOLDER') . '" />', $nextFolder['fol_name'], '<a class="admidio-icon-link" href="' . $g_root_path . '/adm_program/modules/downloads/download_function.php?mode=6&folder_id=' . $getFolderId . '&name=' . urlencode($nextFolder['fol_name']) . '"> <img src="' . THEME_PATH . '/icons/database_in.png" alt="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" title="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" /></a>'); $adminTable->addRowByArray($columnValues); } } // Get files if (isset($folderContent['additionalFiles'])) { for ($i = 0; $i < count($folderContent['additionalFiles']); $i++) { $nextFile = $folderContent['additionalFiles'][$i]; // Get filetyp $fileExtension = admStrToLower(substr($nextFile['fil_name'], strrpos($nextFile['fil_name'], '.') + 1)); // Choose icon for the file $iconFile = 'page_white_question.png'; if (array_key_exists($fileExtension, $icon_file_extension)) { $iconFile = $icon_file_extension[$fileExtension]; } $columnValues = array('<img src="' . THEME_PATH . '/icons/' . $iconFile . '" alt="' . $gL10n->get('SYS_FILE') . '" title="' . $gL10n->get('SYS_FILE') . '" /></a>', $nextFile['fil_name'], '<a class="admidio-icon-link" href="' . $g_root_path . '/adm_program/modules/downloads/download_function.php?mode=6&folder_id=' . $getFolderId . '&name=' . urlencode($nextFile['fil_name']) . '"> <img src="' . THEME_PATH . '/icons/database_in.png" alt="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" title="' . $gL10n->get('DOW_ADD_TO_DATABASE') . '" /></a>'); $adminTable->addRowByArray($columnValues); } } $htmlAdminTable = $adminTable->show(false); } } // Output module html to client $page->addHtml($navigationBar);
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { // org_shortname shouldn't be edited if ($columnName == 'org_shortname' && $this->new_record == false) { return false; } elseif ($columnName == 'org_homepage' && $newValue !== '') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } return parent::setValue($columnName, $newValue, $checkValue); }
/** * Check if a string contains only valid characters. Therefore the string is * compared with a hard coded list of valid characters for each datatype. * @param string $string The string that should be checked. * @param string $checkType The type @b email, @b file, @b noSpecialChar or @b url that will be checked. * Each type has a different valid character list. * @return bool Returns @b true if all characters of @b string match the internal character list. */ function strValidCharacters($string, $checkType) { if (trim($string) !== '') { switch ($checkType) { case 'email': $validChars = 'abcdefghijklmnopqrstuvwxyz0123456789áàâåäæcccçéèeênnñóòôöõøœúùûüß.-_@'; break; case 'file': $validChars = 'abcdefghijklmnopqrstuvwxyz0123456789áàâåäæcccçéèeênnñóòôöõøœúùûüß$&!?.-_+ '; break; case 'noSpecialChar': // eine einfache E-Mail-Adresse sollte dennoch moeglich sein (Benutzername) $validChars = 'abcdefghijklmnopqrstuvwxyz0123456789.-_+@'; break; case 'url': $validChars = 'abcdefghijklmnopqrstuvwxyz0123456789áàâåäæcccçéèeênnñóòôöõøœúùûüß.-_:/#?=%&!'; break; default: return false; } // check if string contains only valid characters if (strspn(admStrToLower($string), $validChars) === strlen($string)) { switch ($checkType) { case 'email': return filter_var(trim($string), FILTER_VALIDATE_EMAIL) !== false && preg_match('/^[^@]+@[^@]+\\.[^@]{2,}$/', trim($string)); case 'url': return filter_var(trim($string), FILTER_VALIDATE_URL) !== false; default: return true; } } } return false; }
/** * prepare SQL to list configuration * @param $roleIds Array with all roles, which members are shown * @param int $memberStatus 0 - Only active mebers of a role * 1 - Only former members * 2 - Active and former members of a role * @param string|null $startDate * @param string|null $endDate * @throws AdmException * @return string */ public function getSQL($roleIds, $memberStatus = 0, $startDate = null, $endDate = null) { global $gL10n, $gProfileFields, $gCurrentOrganization, $gDbType; $sql = ''; $sqlSelect = ''; $sqlJoin = ''; $sqlWhere = ''; $sqlOrderBy = ''; $sqlRoleIds = ''; $sqlMemberStatus = ''; foreach ($this->columns as $number => $listColumn) { // add column if ($sqlSelect !== '') { $sqlSelect = $sqlSelect . ', '; } if ($listColumn->getValue('lsc_usf_id') > 0) { // dynamic profile field $tableAlias = 'row' . $listColumn->getValue('lsc_number') . 'id' . $listColumn->getValue('lsc_usf_id'); // define JOIN - Syntax $sqlJoin = $sqlJoin . ' LEFT JOIN ' . TBL_USER_DATA . ' ' . $tableAlias . ' ON ' . $tableAlias . '.usd_usr_id = usr_id AND ' . $tableAlias . '.usd_usf_id = ' . $listColumn->getValue('lsc_usf_id'); // usf_id is prefix for the table $dbColumnName = $tableAlias . '.usd_value'; } else { // Special fields like usr_photo, mem_begin ... $dbColumnName = $listColumn->getValue('lsc_special_field'); } $sqlSelect = $sqlSelect . $dbColumnName; $userFieldType = $gProfileFields->getPropertyById($listColumn->getValue('lsc_usf_id'), 'usf_type'); // create a valid sort if (strlen($listColumn->getValue('lsc_sort')) > 0) { if ($sqlOrderBy !== '') { $sqlOrderBy = $sqlOrderBy . ', '; } if ($userFieldType === 'NUMBER' || $userFieldType === 'DECIMAL') { // if a field has numeric values then there must be a cast because database // column is varchar. A varchar sort of 1,10,2 will be with cast 1,2,10 if ($gDbType === 'postgresql') { $columnType = 'numeric'; } else { // mysql $columnType = 'unsigned'; } $sqlOrderBy = $sqlOrderBy . ' CAST(' . $dbColumnName . ' AS ' . $columnType . ') ' . $listColumn->getValue('lsc_sort'); } else { $sqlOrderBy = $sqlOrderBy . $dbColumnName . ' ' . $listColumn->getValue('lsc_sort'); } } // Handle the conditions for the columns if (strlen($listColumn->getValue('lsc_filter')) > 0) { $value = $listColumn->getValue('lsc_filter'); // custom profile field if ($listColumn->getValue('lsc_usf_id') > 0) { switch ($userFieldType) { case 'CHECKBOX': $type = 'checkbox'; // 'yes' or 'no' will be replaced with 1 or 0, so that you can compare it with the database value $arrCheckboxValues = array($gL10n->get('SYS_YES'), $gL10n->get('SYS_NO'), 'true', 'false'); $arrCheckboxKeys = array(1, 0, 1, 0); $value = str_replace(array_map('admStrToLower', $arrCheckboxValues), $arrCheckboxKeys, admStrToLower($value)); break; case 'DROPDOWN': case 'RADIO_BUTTON': $type = 'int'; // replace all field values with their internal numbers $arrListValues = $gProfileFields->getPropertyById($listColumn->getValue('lsc_usf_id'), 'usf_value_list', 'text'); $value = array_search(admStrToLower($value), array_map('admStrToLower', $arrListValues), true); break; case 'NUMBER': case 'DECIMAL': $type = 'int'; break; case 'DATE': $type = 'date'; break; default: $type = 'string'; } } else { switch ($listColumn->getValue('lsc_special_field')) { case 'mem_begin': case 'mem_end': $type = 'date'; break; case 'usr_login_name': $type = 'string'; break; case 'usr_photo': $type = ''; break; } } $parser = new ConditionParser(); // if profile field then add not exists condition if ($listColumn->getValue('lsc_usf_id') > 0) { $parser->setNotExistsStatement('SELECT 1 FROM ' . TBL_USER_DATA . ' ' . $tableAlias . 's WHERE ' . $tableAlias . 's.usd_usr_id = usr_id AND ' . $tableAlias . 's.usd_usf_id = ' . $listColumn->getValue('lsc_usf_id')); } // now transform condition into SQL $condition = $parser->makeSqlStatement($value, $dbColumnName, $type, $gProfileFields->getPropertyById($listColumn->getValue('lsc_usf_id'), 'usf_name')); $sqlWhere = $sqlWhere . $condition; } } // Create role-IDs foreach ($roleIds as $key => $value) { if (is_numeric($key)) { if ($sqlRoleIds !== '') { $sqlRoleIds = $sqlRoleIds . ', '; } $sqlRoleIds = $sqlRoleIds . $value; } } // Set state of membership if ($memberStatus === 0) { if ($startDate === null) { $sqlMemberStatus = 'AND mem_begin <= \'' . DATE_NOW . '\''; } else { $sqlMemberStatus = 'AND mem_begin <= \'' . $endDate . ' 23:59:59\''; } if ($endDate === null) { $sqlMemberStatus .= 'AND mem_end >= \'' . DATE_NOW . '\''; } else { $sqlMemberStatus .= 'AND mem_end >= \'' . $startDate . ' 00:00:00\''; } } elseif ($memberStatus === 1) { $sqlMemberStatus = 'AND mem_end < \'' . DATE_NOW . '\''; } // Set SQL-Statement $sql = 'SELECT mem_leader, usr_id, ' . $sqlSelect . ' FROM ' . TBL_ROLES . ', ' . TBL_CATEGORIES . ', ' . TBL_MEMBERS . ', ' . TBL_USERS . ' ' . $sqlJoin . ' WHERE rol_id IN (' . $sqlRoleIds . ') AND rol_cat_id = cat_id AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . ' OR cat_org_id IS NULL ) AND mem_rol_id = rol_id ' . $sqlMemberStatus . ' AND mem_usr_id = usr_id AND usr_valid = 1 ' . $sqlWhere . ' ORDER BY mem_leader DESC '; if ($sqlOrderBy !== '') { $sql = $sql . ', ' . $sqlOrderBy; } return $sql; }
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($newValue !== '') { if ($columnName === 'gbc_email') { $newValue = admStrToLower($newValue); if (!strValidCharacters($newValue, 'email')) { // falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt return false; } } } if ($columnName === 'gbc_text') { return parent::setValue($columnName, $newValue, false); } return parent::setValue($columnName, $newValue, $checkValue); }
/** * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no * value was set then the parameter will be initialized. The function can be used with every array and their elements. * You can set several flags (like required value, datatype …) that should be checked. * * @param array $array The array with the element that should be checked * @param string $variableName Name of the array element that should be checked * @param string $datatype The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that * is expected and which will be checked. * Datatype @b date expects a date that has the Admidio default format from the * preferences or the english date format @b Y-m-d * @param array $options An array with the following possible entries: * @b defaultValue: A value that will be set if the variable has no value * @b requireValue: If set to @b true than a value is required otherwise the function * returns an error * @b validValues: An array with all values that the variable could have. If another * value is found than the function returns an error * @b directOutput: If set to @b true the function returns only the error string, if set * to false a html message with the error will be returned * @return mixed|null Returns the value of the element or the error message if a test failed * * @par Examples * @code // numeric value that would get a default value 0 if not set * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0)); * * // string that will be initialized with text of id DAT_DATES * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES'))); * * // string initialized with actual and the only allowed values are actual and old * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode */ function admFuncVariableIsValid($array, $variableName, $datatype, $options = array()) { global $gL10n, $gMessage, $gPreferences; // create array with all options $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null); $optionsAll = array_replace($optionsDefault, $options); $errorMessage = ''; $datatype = admStrToLower($datatype); // set default value for each datatype if no value is given and no value was required if (!isset($array[$variableName]) || $array[$variableName] === '') { if ($optionsAll['requireValue']) { // if value is required an no value is given then show error $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } elseif ($optionsAll['defaultValue'] !== null) { // if a default value was set then take this value $array[$variableName] = $optionsAll['defaultValue']; } else { // no value set then initialize the parameter if ($datatype === 'boolean' || $datatype === 'numeric') { $array[$variableName] = 0; } elseif ($datatype === 'string' || $datatype === 'html') { $array[$variableName] = ''; } elseif ($datatype === 'date') { $array[$variableName] = ''; } return $array[$variableName]; } } if ($datatype === 'boolean') { // boolean type must be 0 or 1 otherwise throw error // do not check with in_array because this function don't work properly if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } elseif ($optionsAll['validValues'] !== null) { // check if parameter has a valid value // do a strict check with in_array because the function don't work properly if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } switch ($datatype) { case 'file': try { admStrIsValidFileName($array[$variableName]); } catch (AdmException $e) { $errorMessage = $e->getText(); } break; case 'date': // check if date is a valid Admidio date format $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]); if (!$objAdmidioDate) { // check if date has english format $objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]); if (!$objEnglishDate) { $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName); } } break; case 'numeric': // numeric datatype should only contain numbers if (!is_numeric($array[$variableName])) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } break; case 'string': $array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8')); break; case 'html': // check html string vor invalid tags and scripts $array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1)); break; } // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben if ($errorMessage === '') { return $array[$variableName]; } else { if (isset($gMessage)) { if ($optionsAll['directOutput']) { $gMessage->showTextOnly(true); } $gMessage->show($errorMessage); } else { echo $errorMessage; exit; } } return null; }
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { // name, category and type couldn't be edited if it's a system field if (($columnName === 'usf_cat_id' || $columnName === 'usf_type' || $columnName === 'usf_name') && $this->getValue('usf_system') == 1) { return false; } elseif ($columnName === 'usf_cat_id' && $this->getValue($columnName) !== $newValue) { // erst einmal die hoechste Reihenfolgennummer der Kategorie ermitteln $sql = 'SELECT COUNT(*) as count FROM ' . TBL_USER_FIELDS . ' WHERE usf_cat_id = ' . $newValue; $countUserFieldsStatement = $this->db->query($sql); $row = $countUserFieldsStatement->fetch(); $this->setValue('usf_sequence', $row['count'] + 1); } elseif ($columnName === 'usf_description') { return parent::setValue($columnName, $newValue, false); } elseif ($columnName === 'usf_url' && $newValue !== '') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } return parent::setValue($columnName, $newValue, $checkValue); }
/** * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no * value was set then the parameter will be initialized. The function can be used with every array and their elements. * You can set several flags (like required value, datatype …) that should be checked. * * @param array $array The array with the element that should be checked * @param string $variableName Name of the array element that should be checked * @param string $datatype The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html, * @b date or @b file that is expected and which will be checked. * Datatype @b date expects a date that has the Admidio default format from the * preferences or the english date format @b Y-m-d * @param array $options (optional) An array with the following possible entries: * - @b defaultValue : A value that will be set if the variable has no value * - @b requireValue : If set to @b true than a value is required otherwise the function * returns an error * - @b validValues : An array with all values that the variable could have. If another * value is found than the function returns an error * - @b directOutput : If set to @b true the function returns only the error string, if set * to false a html message with the error will be returned * @return mixed|null Returns the value of the element or the error message if a test failed * * @par Examples * @code * // numeric value that would get a default value 0 if not set * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0)); * * // string that will be initialized with text of id DAT_DATES * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES'))); * * // string initialized with actual and the only allowed values are actual and old * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); * @endcode */ function admFuncVariableIsValid($array, $variableName, $datatype, $options = array()) { global $gL10n, $gMessage, $gPreferences; // create array with all options $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null); $optionsAll = array_replace($optionsDefault, $options); $errorMessage = ''; $datatype = admStrToLower($datatype); $value = null; // set default value for each datatype if no value is given and no value was required if (array_key_exists($variableName, $array) && $array[$variableName] !== '') { $value = $array[$variableName]; } else { if ($optionsAll['requireValue']) { // if value is required an no value is given then show error $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } elseif ($optionsAll['defaultValue'] !== null) { // if a default value was set then take this value $value = $optionsAll['defaultValue']; } else { // no value set then initialize the parameter if ($datatype === 'bool' || $datatype === 'boolean') { $value = false; } elseif ($datatype === 'numeric' || $datatype === 'int') { $value = 0; } elseif ($datatype === 'float') { $value = 0.0; } else { $value = ''; } return $value; } } if ($optionsAll['validValues'] !== null) { // check if parameter has a valid value // do a strict check with in_array because the function don't work properly if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } switch ($datatype) { case 'file': try { if ($value !== '') { admStrIsValidFileName($value); } } catch (AdmException $e) { $errorMessage = $e->getText(); } break; case 'date': // check if date is a valid Admidio date format $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value); if (!$objAdmidioDate) { // check if date has english format $objEnglishDate = DateTime::createFromFormat('Y-m-d', $value); if (!$objEnglishDate) { $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName); } } break; case 'bool': case 'boolean': $valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE); // Bug workaround PHP <5.4.8 // https://bugs.php.net/bug.php?id=49510 if ($valid === null && ($value === null || $value === false || $value === '')) { $valid = false; } if ($valid === null) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } $value = $valid; break; case 'int': case 'float': case 'numeric': // numeric datatype should only contain numbers if (!is_numeric($value)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } else { if ($datatype === 'int') { $value = filter_var($value, FILTER_VALIDATE_INT); } elseif ($datatype === 'float') { $value = filter_var($value, FILTER_VALIDATE_FLOAT); } else { // https://secure.php.net/manual/en/function.is-numeric.php#107326 $value = $value + 0; } } break; case 'string': $value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8')); break; case 'html': // check html string vor invalid tags and scripts $value = htmLawed(stripslashes($value), array('safe' => 1)); break; } // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben if ($errorMessage === '') { return $value; } else { if (isset($gMessage)) { if ($optionsAll['directOutput']) { $gMessage->showTextOnly(true); } $gMessage->show($errorMessage); } else { echo $errorMessage; exit; } } return null; }
/** * method adds main recipients to mail * @param string $address * @param string $name * @return true|string */ public function addRecipient($address, $name = '') { $address = admStrToLower($address); try { $this->AddAddress($address, $name); } catch (phpmailerException $e) { return $e->errorMessage(); } $this->emAddresses = $this->emAddresses . $name . "\r\n"; return true; }
/** * Check if a string contains only valid characters. Therefore the string is * compared with a hard coded list of valid characters for each datatype. * @param string $string The string that should be checked. * @param string $checkType The type @b email, @b file, @b noSpecialChar, @b phone or @b url that will be checked. * Each type has a different valid character list. * @param bool $onlyCheckValidChars If set to true than syntax of email or url will not be checked. Only if the * characters are valid for email or url * @return bool Returns @b true if all characters of @b string match the internal character list. */ function strValidCharacters($string, $checkType, $onlyCheckValidChars = false) { if (trim($string) !== '') { switch ($checkType) { case 'email': $validRegex = '/^[áàâåäæcccçéèeênnñóòôöõøœúùûüß\\w\\.@+-]+$/'; break; case 'file': $validRegex = '/^[áàâåäæcccçéèeênnñóòôöõøœúùûüß\\w\\.@$&!?() +-]+$/'; break; case 'noSpecialChar': // eine einfache E-Mail-Adresse sollte dennoch moeglich sein (Benutzername) $validRegex = '/^[\\w\\.@+-]+$/'; break; case 'phone': $validRegex = '/^[\\d\\/() +-]+$/'; break; case 'url': $validRegex = '/^[áàâåäæcccçéèeênnñóòôöõøœúùûüß\\w\\.\\/@$&!?%=#:() +-]+$/'; break; default: return false; } // check if string contains only valid characters if (preg_match($validRegex, admStrToLower($string))) { switch ($checkType) { case 'email': return filter_var(trim($string), FILTER_VALIDATE_EMAIL) !== false; case 'url': return filter_var(trim($string), FILTER_VALIDATE_URL) !== false; default: return true; } } } return false; }
// Daten des Administrators in Sessionvariablen gefiltert speichern $_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']); $_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']); $_SESSION['user_email'] = strStripTags($_POST['user_email']); $_SESSION['user_login'] = strStripTags($_POST['user_login']); $_SESSION['user_password'] = $_POST['user_password']; $_SESSION['user_password_confirm'] = $_POST['user_password_confirm']; if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') { showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // username should only have valid chars if (!strValidCharacters($_SESSION['user_login'], 'noSpecialChar')) { showNotice($gL10n->get('SYS_FIELD_INVALID_CHAR', $gL10n->get('SYS_USERNAME')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // email should only have valid chars $_SESSION['user_email'] = admStrToLower($_SESSION['user_email']); if (!strValidCharacters($_SESSION['user_email'], 'email')) { showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // password must be the same with password confirm if ($_SESSION['user_password'] !== $_SESSION['user_password_confirm']) { showNotice($gL10n->get('INS_PASSWORDS_NOT_EQUAL'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } if (strlen($_SESSION['user_password']) < 8 || strlen($_SESSION['user_password_confirm']) < 8) { showNotice($gL10n->get('PRO_PASSWORD_LENGTH'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } } // if config file exists than don't create a new one if ($_SESSION['create_config_file'] === false) { header('Location: installation.php?mode=8'); exit;
} elseif ($field->getValue('usf_type') == 'DROPDOWN' || $field->getValue('usf_type') == 'RADIO_BUTTON') { // save position of combobox $arrListValues = $field->getValue('usf_value_list', 'text'); $position = 1; foreach ($arrListValues as $key => $value) { if (strcmp(admStrToLower($columnValue), admStrToLower(trim($arrListValues[$position]))) == 0) { // if col_value is text than save position if text is equal to text of position $user->setValue($field->getValue('usf_name_intern'), $position); } elseif (is_numeric($columnValue) && !is_numeric($arrListValues[$position]) && $columnValue > 0 && $columnValue < 1000) { // if col_value is numeric than save position if col_value is equal to position $user->setValue($field->getValue('usf_name_intern'), $columnValue); } $position++; } } elseif ($field->getValue('usf_type') == 'EMAIL') { $columnValue = admStrToLower($columnValue); if (strValidCharacters($columnValue, 'email')) { $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255)); } } elseif ($field->getValue('usf_type') == 'INTEGER') { // number could contain dot and comma if (is_numeric(strtr($columnValue, ',.', '00')) == true) { $user->setValue($field->getValue('usf_name_intern'), $columnValue); } } elseif ($field->getValue('usf_type') == 'TEXT') { $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 50)); } else { $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255)); } } }
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For column @c usf_value_list the following format is accepted: @n * @b database returns database value of usf_value_list; @n * @b text extract only text from usf_value_list, image infos will be ignored @n * For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n * For text columns the format can be @b database that would be the database value without any transformations * @return Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; if ($columnName === 'inf_description') { if (!isset($this->dbColumns['inf_description'])) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8'); } else { $value = $this->dbColumns['inf_description']; } } elseif ($columnName === 'inf_name_intern') { // internal name should be read with no conversion $value = parent::getValue($columnName, 'database'); } else { $value = parent::getValue($columnName, $format); } if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } elseif ($columnName === 'inf_value_list' && $format !== 'database') { if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') { $arrListValues = explode("\r\n", $value); $arrListValuesWithKeys = array(); // array with list values and keys that represents the internal value foreach ($arrListValues as $key => &$listValue) { if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') { // if value is imagefile or imageurl then show image if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) { // if there is imagefile and text separated by | then explode them if (strpos($listValue, '|') > 0) { $listValueImage = substr($listValue, 0, strpos($listValue, '|')); $listValueText = substr($listValue, strpos($listValue, '|') + 1); } else { $listValueImage = $listValue; $listValueText = $this->getValue('inf_name'); } // if text is a translation-id then translate it if (strpos($listValueText, '_') === 3) { $listValueText = $gL10n->get(admStrToUpper($listValueText)); } if ($format === 'text') { // if no image is wanted then return the text part or only the position of the entry if (strpos($listValue, '|') > 0) { $listValue = $listValueText; } else { $listValue = $key + 1; } } else { try { // create html for optionbox entry if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) { $listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } elseif (admStrIsValidFileName($listValueImage, true)) { $listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } } catch (AdmException $e) { $e->showText(); } } } } // if text is a translation-id then translate it if (strpos($listValue, '_') === 3) { $listValue = $gL10n->get(admStrToUpper($listValue)); } // save values in new array that starts with key = 1 $arrListValuesWithKeys[++$key] = $listValue; } $value = $arrListValuesWithKeys; } } return $value; }
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($newValue !== '') { if ($columnName === 'gbo_email') { $newValue = admStrToLower($newValue); if (!strValidCharacters($newValue, 'email')) { // falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt return false; } } elseif ($columnName === 'gbo_homepage') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } } if ($columnName === 'gbo_text') { return parent::setValue($columnName, $newValue, false); } return parent::setValue($columnName, $newValue, $checkValue); }
/** * Creates a html structure for a form field. This structure contains the label and the div for the form element. * After the form element is added the method closeControlStructure must be called. * @param string $id The id of this field structure. * @param string $label The label of the field. This string should already be translated. * @param int $property (optional) With this param you can set the following properties: * - @b FIELD_DEFAULT : The field can accept an input. * - @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value. * - @b FIELD_DISABLED : The field will be disabled and could not accept an input. * @param string $helpTextId (optional) A unique text id from the translation xml files that should be shown e.g. SYS_ENTRY_MULTI_ORGA. * If set a help icon will be shown where the user can see the text if he hover over the icon. * If you need an additional parameter for the text you can add an array. The first entry * must be the unique text id and the second entry will be a parameter of the text id. * @param string $icon (optional) An icon can be set. This will be placed in front of the label. * @param string $class (optional) An additional css classname for the row. The class @b admFieldRow * is set as default and need not set with this parameter. */ protected function openControlStructure($id, $label, $property = FIELD_DEFAULT, $helpTextId = '', $icon = '', $class = '') { $cssClassRow = ''; $htmlIcon = ''; $htmlHelpIcon = ''; $htmlIdFor = ''; // set specific css class for this row if ($class !== '') { $cssClassRow .= ' ' . $class; } // if necessary set css class for a mandatory element if ($property === FIELD_REQUIRED && $this->showRequiredFields) { $cssClassMandatory = ' admidio-form-group-required'; $cssClassRow .= $cssClassMandatory; $this->flagRequiredFields = true; } if ($id !== '') { $htmlIdFor = ' for="' . $id . '"'; $this->addHtml('<div id="' . $id . '_group" class="form-group' . $cssClassRow . '">'); } else { $this->addHtml('<div class="form-group' . $cssClassRow . '">'); } if (strlen($icon) > 0) { // create html for icon if (strpos(admStrToLower($icon), 'http') === 0 && strValidCharacters($icon, 'url')) { $htmlIcon = '<img class="admidio-icon-info" src="' . $icon . '" title="' . $label . '" alt="' . $label . '" />'; } elseif (admStrIsValidFileName($icon, true)) { $htmlIcon = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $icon . '" title="' . $label . '" alt="' . $label . '" />'; } } if ($helpTextId !== '') { $htmlHelpIcon = $this->getHelpTextIcon($helpTextId); } // add label element if ($this->type === 'vertical' || $this->type === 'navbar') { if ($label !== '') { $this->addHtml('<label' . $htmlIdFor . '>' . $htmlIcon . $label . $htmlHelpIcon . '</label>'); } } else { if ($label !== '') { $this->addHtml('<label' . $htmlIdFor . ' class="col-sm-3 control-label">' . $htmlIcon . $label . $htmlHelpIcon . '</label> <div class="col-sm-9">'); } else { $this->addHtml('<div class="col-sm-offset-3 col-sm-9">'); } } }
/** * method adds main recipients to mail * @param string $address * @param string $name * @return true|string */ public function addRecipient($address, $name = '') { $address = admStrToLower($address); // Recipient must be Ascii-US formated, so encode in MimeHeader $asciiName = stripslashes($name); try { $this->AddAddress($address, $name); } catch (phpmailerException $e) { return $e->errorMessage(); } $this->emAddresses = $this->emAddresses . $name . "\r\n"; return true; }
case 'downloads': $checkboxes = array('enable_download_module'); break; case 'guestbook': $checkboxes = array('enable_guestbook_captcha', 'enable_gbook_comments4all', 'enable_intial_comments_loading'); break; case 'ecards': $checkboxes = array('enable_ecard_module'); break; case 'lists': $checkboxes = array('lists_hide_overview_details'); break; case 'messages': $checkboxes = array('enable_mail_module', 'enable_pm_module', 'enable_chat_module', 'enable_mail_captcha', 'mail_html_registered_users', 'mail_into_to', 'mail_show_former'); if ($_POST['mail_sendmail_address'] !== '') { $_POST['mail_sendmail_address'] = admStrToLower($_POST['mail_sendmail_address']); if (!strValidCharacters($_POST['mail_sendmail_address'], 'email')) { $gMessage->show($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('MAI_SENDER_EMAIL'))); } } break; case 'photos': $checkboxes = array('photo_download_enabled', 'photo_keep_original'); break; case 'profile': $checkboxes = array('profile_log_edit_fields', 'profile_show_map_link', 'profile_show_roles', 'profile_show_former_roles', 'profile_show_extern_roles'); break; case 'events': $checkboxes = array('enable_dates_ical', 'dates_show_map_link', 'dates_show_rooms'); break; case 'links':
/** * set value for column usd_value of field * @param $fieldNameIntern * @param $fieldValue * @return bool */ public function setValue($fieldNameIntern, $fieldValue) { global $gPreferences; $returnCode = false; if ($fieldValue !== '') { switch ($this->mInventoryFields[$fieldNameIntern]->getValue('inf_type')) { case 'CHECKBOX': // Checkbox darf nur 1 oder 0 haben if ($fieldValue != 0 && $fieldValue != 1 && !$this->noValueCheck) { return false; } break; case 'DATE': // Datum muss gueltig sein und formatiert werden $date = new DateTimeExtended($fieldValue, $gPreferences['system_date']); if (!$date->isValid()) { if (!$this->noValueCheck) { return false; } } else { $fieldValue = $date->format('Y-m-d'); } break; case 'EMAIL': // Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen $fieldValue = admStrToLower($fieldValue); if (!strValidCharacters($fieldValue, 'email') && !$this->noValueCheck) { return false; } break; case 'NUMBER': // A number must be numeric if (!is_numeric($fieldValue) && !$this->noValueCheck) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } break; case 'DECIMAL': // A number must be numeric if (!is_numeric(strtr($fieldValue, ',.', '00')) && !$this->noValueCheck) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } break; case 'URL': // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($fieldValue, 'url') && !$this->noValueCheck) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) { $fieldValue = 'http://' . $fieldValue; } break; } } $infId = $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id'); // first check if user has a data object for this field and then set value of this user field if (array_key_exists($infId, $this->mInventoryData)) { $returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue); } elseif (isset($this->mInventoryFields[$fieldNameIntern]) && $fieldValue !== '') { $this->mInventoryData[$infId] = new TableAccess($this->mDb, TBL_INVENT_DATA, 'ind'); $this->mInventoryData[$infId]->setValue('ind_inf_id', $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id')); $this->mInventoryData[$infId]->setValue('ind_itm_id', $this->mItemId); $returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue); } if ($returnCode && $this->mInventoryData[$infId]->hasColumnsValueChanged()) { $this->columnsValueChanged = true; } return $returnCode; }