/**
* removes html, php code and blancs at beginning and end
* of string or all elements of array without ckeditor variables !!!
* @param string[] $srcArray
* @return string[]
*/
function admStrStripTagsSpecial($srcArray)
{
foreach ($srcArray as $key => $value) {
if ($key !== 'ecard_message' && $key !== 'ann_description' && $key !== 'dat_description' && $key !== 'gbc_text' && $key !== 'gbo_text' && $key !== 'lnk_description' && $key !== 'msg_body' && $key !== 'plugin_CKEditor' && $key !== 'room_description' && $key !== 'usf_description' && $key !== 'mail_smtp_password') {
$srcArray[$key] = strStripTags($value);
}
}
return $srcArray;
}
/** Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param $columnName The name of the database column whose value should be read
* @param $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n
* For text columns the format can be @b database that would return the original database value without any transformations
* @return Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
if ($columnName == 'ann_description') {
if (isset($this->dbColumns['ann_description']) == false) {
$value = '';
} elseif ($format == 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['ann_description']), ENT_QUOTES, 'UTF-8');
} else {
$value = $this->dbColumns['ann_description'];
}
} else {
$value = parent::getValue($columnName, $format);
}
return $value;
}
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n
* For text columns the format can be @b database that would return the original database value without any transformations
* @return Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
if ($columnName === 'gbc_text') {
if (!isset($this->dbColumns['gbc_text'])) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['gbc_text']));
} else {
$value = $this->dbColumns['gbc_text'];
}
} else {
$value = parent::getValue($columnName, $format);
}
return $value;
}
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n
* For text columns the format can be @b database that would return the original database value without any transformations
* @return mixed Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
if ($columnName === 'lnk_description') {
if (isset($this->dbColumns['lnk_description']) === false) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['lnk_description']));
} else {
$value = $this->dbColumns['lnk_description'];
}
} else {
$value = parent::getValue($columnName, $format);
}
if ($columnName === 'cat_name' && $format !== 'database') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
}
return $value;
}
/**
* Set a new value for a column of the database table. The value is only saved in the object.
* You must call the method @b save to store the new value to the database. If the unique key
* column is set to 0 than this record will be a new record and all other columns are marked as changed.
* @param string $columnName The name of the database column whose value should get a new value
* @param mixed $newValue The new value that should be stored in the database field
* @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
* @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
* @see TableAccess#getValue
*/
public function setValue($columnName, $newValue, $checkValue = true)
{
if (array_key_exists($columnName, $this->dbColumns)) {
// Allgemeine Plausibilitaets-Checks anhand des Feldtyps
if ($newValue !== '' && $checkValue) {
// Numerische Felder
if ($this->columnsInfos[$columnName]['type'] === 'integer' || $this->columnsInfos[$columnName]['type'] === 'smallint') {
if (!is_numeric($newValue)) {
$newValue = '';
}
// Schluesselfelder duerfen keine 0 enthalten
if (($this->columnsInfos[$columnName]['key'] == 1 || $this->columnsInfos[$columnName]['null'] == 1) && $newValue == 0) {
$newValue = '';
}
} elseif (strpos($this->columnsInfos[$columnName]['type'], 'char') !== false || strpos($this->columnsInfos[$columnName]['type'], 'text') !== false) {
$newValue = strStripTags($newValue);
} elseif ($this->columnsInfos[$columnName]['type'] === 'blob' || $this->columnsInfos[$columnName]['type'] === 'bytea') {
// PostgreSQL can only store hex values in bytea, so we must decode binary in hex
if ($this->columnsInfos[$columnName]['type'] === 'bytea') {
$newValue = bin2hex($newValue);
}
// we must add slashes to binary data of blob fields so that the default stripslashes don't remove necessary slashes
$newValue = addslashes($newValue);
}
}
// wurde das Schluesselfeld auf 0 gesetzt, dann soll ein neuer Datensatz angelegt werden
if ($columnName == $this->keyColumnName && $newValue == 0) {
$this->new_record = true;
// now mark all other columns with values of this object as changed
foreach ($this->dbColumns as $column => $value) {
if (strlen($value) > 0) {
$this->columnsInfos[$column]['changed'] = true;
}
}
}
if (array_key_exists($columnName, $this->dbColumns)) {
// only mark as "changed" if the value is different (use binary safe function!)
if (strcmp($newValue, $this->dbColumns[$columnName]) !== 0) {
$this->dbColumns[$columnName] = $newValue;
$this->columnsValueChanged = true;
$this->columnsInfos[$columnName]['changed'] = true;
}
return true;
}
}
return false;
}
$folderName = 'sts';
break;
}
// set path to module folder in adm_my_files
$myFilesProfilePhotos = new MyFiles($folderName);
if ($myFilesProfilePhotos->checkSettings()) {
// upload photo to images folder of module folder
if ($myFilesProfilePhotos->setSubFolder('images')) {
// create a filename with the unix timestamp,
// so we have a scheme for the filenames and the risk of duplicates is low
$localFile = time() . substr($_FILES['upload']['name'], strrpos($_FILES['upload']['name'], '.'));
$serverUrl = $myFilesProfilePhotos->getServerPath() . '/' . $localFile;
if (file_exists($serverUrl)) {
// if file exists than create a random number and append it to the filename
$serverUrl = $myFilesProfilePhotos->getServerPath() . '/' . substr($localFile, 0, strrpos($localFile, '.')) . '_' . rand() . substr($localFile, strrpos($localFile, '.'));
}
$htmlUrl = $g_root_path . '/adm_program/system/show_image.php?module=' . $folderName . '&file=' . $localFile;
move_uploaded_file($_FILES['upload']['tmp_name'], $serverUrl);
} else {
$message = strStripTags($gL10n->get($myFilesProfilePhotos->errorText, $myFilesProfilePhotos->errorPath, '<a href="mailto:' . $gPreferences['email_administrator'] . '">', '</a>'));
}
} else {
$message = strStripTags($gL10n->get($myFilesProfilePhotos->errorText, $myFilesProfilePhotos->errorPath, '<a href="mailto:' . $gPreferences['email_administrator'] . '">', '</a>'));
}
// now call CKEditor function and send photo data
echo '<html><body><script type="text/javascript">
window.parent.CKEDITOR.tools.callFunction(' . $getCKEditorFuncNum . ', "' . $htmlUrl . '","' . $message . '");
</script></body></html>';
} catch (AdmException $e) {
$e->showHtml();
}
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For column @c usf_value_list the following format is accepted: @n
* @b database returns database value of usf_value_list; @n
* @b text extract only text from usf_value_list, image infos will be ignored @n
* For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n
* For text columns the format can be @b database that would be the database value without any transformations
* @return Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
if ($columnName === 'inf_description') {
if (!isset($this->dbColumns['inf_description'])) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8');
} else {
$value = $this->dbColumns['inf_description'];
}
} elseif ($columnName === 'inf_name_intern') {
// internal name should be read with no conversion
$value = parent::getValue($columnName, 'database');
} else {
$value = parent::getValue($columnName, $format);
}
if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
} elseif ($columnName === 'inf_value_list' && $format !== 'database') {
if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
$arrListValues = explode("\r\n", $value);
$arrListValuesWithKeys = array();
// array with list values and keys that represents the internal value
foreach ($arrListValues as $key => &$listValue) {
if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
// if value is imagefile or imageurl then show image
if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
// if there is imagefile and text separated by | then explode them
if (strpos($listValue, '|') > 0) {
$listValueImage = substr($listValue, 0, strpos($listValue, '|'));
$listValueText = substr($listValue, strpos($listValue, '|') + 1);
} else {
$listValueImage = $listValue;
$listValueText = $this->getValue('inf_name');
}
// if text is a translation-id then translate it
if (strpos($listValueText, '_') === 3) {
$listValueText = $gL10n->get(admStrToUpper($listValueText));
}
if ($format === 'text') {
// if no image is wanted then return the text part or only the position of the entry
if (strpos($listValue, '|') > 0) {
$listValue = $listValueText;
} else {
$listValue = $key + 1;
}
} else {
try {
// create html for optionbox entry
if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
$listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
} elseif (admStrIsValidFileName($listValueImage, true)) {
$listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
}
} catch (AdmException $e) {
$e->showText();
}
}
}
}
// if text is a translation-id then translate it
if (strpos($listValue, '_') === 3) {
$listValue = $gL10n->get(admStrToUpper($listValue));
}
// save values in new array that starts with key = 1
$arrListValuesWithKeys[++$key] = $listValue;
}
$value = $arrListValuesWithKeys;
}
}
return $value;
}
/**
* Get the value of a column of the database table.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
* @param string $columnName The name of the database column whose value should be read
* @param string $format For date or timestamp columns the format should be
* the date/time format e.g. @b d.m.Y = '02.04.2011'. @n
* For text columns the format can be @b database that would return
* the original database value without any transformations
* @return mixed Returns the value of the database column.
* If the value was manipulated before with @b setValue than the manipulated value is returned.
*/
public function getValue($columnName, $format = '')
{
global $gL10n;
if ($columnName === 'dat_end' && $this->dbColumns['dat_all_day'] == 1) {
if ($format === '') {
$format = 'Y-m-d';
}
// bei ganztaegigen Terminen wird das Enddatum immer 1 Tag zurueckgesetzt
list($year, $month, $day, $hour, $minute, $second) = preg_split('/[- :]/', $this->dbColumns['dat_end']);
$value = date($format, mktime($hour, $minute, $second, $month, $day, $year) - 86400);
} elseif ($columnName === 'dat_description') {
if (!isset($this->dbColumns['dat_description'])) {
$value = '';
} elseif ($format === 'database') {
$value = html_entity_decode(strStripTags($this->dbColumns['dat_description']), ENT_QUOTES, 'UTF-8');
} else {
$value = $this->dbColumns['dat_description'];
}
} else {
$value = parent::getValue($columnName, $format);
}
if ($format !== 'database') {
if ($columnName === 'dat_country' && $value !== '') {
// beim Land die sprachabhaengige Bezeichnung auslesen
$value = $gL10n->getCountryByCode($value);
} elseif ($columnName === 'cat_name') {
// if text is a translation-id then translate it
if (strpos($value, '_') === 3) {
$value = $gL10n->get(admStrToUpper($value));
}
}
}
return $value;
}
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that
* is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options An array with the following possible entries:
* @b defaultValue: A value that will be set if the variable has no value
* @b requireValue: If set to @b true than a value is required otherwise the function
* returns an error
* @b validValues: An array with all values that the variable could have. If another
* value is found than the function returns an error
* @b directOutput: If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
// set default value for each datatype if no value is given and no value was required
if (!isset($array[$variableName]) || $array[$variableName] === '') {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$array[$variableName] = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'boolean' || $datatype === 'numeric') {
$array[$variableName] = 0;
} elseif ($datatype === 'string' || $datatype === 'html') {
$array[$variableName] = '';
} elseif ($datatype === 'date') {
$array[$variableName] = '';
}
return $array[$variableName];
}
}
if ($datatype === 'boolean') {
// boolean type must be 0 or 1 otherwise throw error
// do not check with in_array because this function don't work properly
if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
} elseif ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
admStrIsValidFileName($array[$variableName]);
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($array[$variableName])) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
break;
case 'string':
$array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $array[$variableName];
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
/**
* The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the
* beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no
* value was set then the parameter will be initialized. The function can be used with every array and their elements.
* You can set several flags (like required value, datatype …) that should be checked.
*
* @param array $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html,
* @b date or @b file that is expected and which will be checked.
* Datatype @b date expects a date that has the Admidio default format from the
* preferences or the english date format @b Y-m-d
* @param array $options (optional) An array with the following possible entries:
* - @b defaultValue : A value that will be set if the variable has no value
* - @b requireValue : If set to @b true than a value is required otherwise the function
* returns an error
* - @b validValues : An array with all values that the variable could have. If another
* value is found than the function returns an error
* - @b directOutput : If set to @b true the function returns only the error string, if set
* to false a html message with the error will be returned
* @return mixed|null Returns the value of the element or the error message if a test failed
*
* @par Examples
* @code
* // numeric value that would get a default value 0 if not set
* $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0));
*
* // string that will be initialized with text of id DAT_DATES
* $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES')));
*
* // string initialized with actual and the only allowed values are actual and old
* $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old')));
* @endcode
*/
function admFuncVariableIsValid($array, $variableName, $datatype, $options = array())
{
global $gL10n, $gMessage, $gPreferences;
// create array with all options
$optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null);
$optionsAll = array_replace($optionsDefault, $options);
$errorMessage = '';
$datatype = admStrToLower($datatype);
$value = null;
// set default value for each datatype if no value is given and no value was required
if (array_key_exists($variableName, $array) && $array[$variableName] !== '') {
$value = $array[$variableName];
} else {
if ($optionsAll['requireValue']) {
// if value is required an no value is given then show error
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} elseif ($optionsAll['defaultValue'] !== null) {
// if a default value was set then take this value
$value = $optionsAll['defaultValue'];
} else {
// no value set then initialize the parameter
if ($datatype === 'bool' || $datatype === 'boolean') {
$value = false;
} elseif ($datatype === 'numeric' || $datatype === 'int') {
$value = 0;
} elseif ($datatype === 'float') {
$value = 0.0;
} else {
$value = '';
}
return $value;
}
}
if ($optionsAll['validValues'] !== null) {
// check if parameter has a valid value
// do a strict check with in_array because the function don't work properly
if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
}
switch ($datatype) {
case 'file':
try {
if ($value !== '') {
admStrIsValidFileName($value);
}
} catch (AdmException $e) {
$errorMessage = $e->getText();
}
break;
case 'date':
// check if date is a valid Admidio date format
$objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value);
if (!$objAdmidioDate) {
// check if date has english format
$objEnglishDate = DateTime::createFromFormat('Y-m-d', $value);
if (!$objEnglishDate) {
$errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName);
}
}
break;
case 'bool':
case 'boolean':
$valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
// Bug workaround PHP <5.4.8
// https://bugs.php.net/bug.php?id=49510
if ($valid === null && ($value === null || $value === false || $value === '')) {
$valid = false;
}
if ($valid === null) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
$value = $valid;
break;
case 'int':
case 'float':
case 'numeric':
// numeric datatype should only contain numbers
if (!is_numeric($value)) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
} else {
if ($datatype === 'int') {
$value = filter_var($value, FILTER_VALIDATE_INT);
} elseif ($datatype === 'float') {
$value = filter_var($value, FILTER_VALIDATE_FLOAT);
} else {
// https://secure.php.net/manual/en/function.is-numeric.php#107326
$value = $value + 0;
}
}
break;
case 'string':
$value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8'));
break;
case 'html':
// check html string vor invalid tags and scripts
$value = htmLawed(stripslashes($value), array('safe' => 1));
break;
}
// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
if ($errorMessage === '') {
return $value;
} else {
if (isset($gMessage)) {
if ($optionsAll['directOutput']) {
$gMessage->showTextOnly(true);
}
$gMessage->show($errorMessage);
} else {
echo $errorMessage;
exit;
}
}
return null;
}
$form->addInput('user_first_name', $gL10n->get('SYS_FIRSTNAME'), $userFirstName, array('maxLength' => 50, 'property' => FIELD_REQUIRED));
$form->addInput('user_email', $gL10n->get('SYS_EMAIL'), $userEmail, array('maxLength' => 255, 'property' => FIELD_REQUIRED));
$form->addInput('user_login', $gL10n->get('SYS_USERNAME'), $userLogin, array('maxLength' => 35, 'property' => FIELD_REQUIRED));
$form->addInput('user_password', $gL10n->get('SYS_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED, 'minLength' => 8));
$form->addInput('user_password_confirm', $gL10n->get('SYS_CONFIRM_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED, 'minLength' => 8));
$form->closeGroupBox();
$form->addButton('previous_page', $gL10n->get('SYS_BACK'), array('icon' => 'layout/back.png', 'link' => 'installation.php?mode=4'));
$form->addSubmitButton('next_page', $gL10n->get('INS_CONTINUE_INSTALLATION'), array('icon' => 'layout/forward.png'));
$form->show();
} elseif ($getMode === 6) {
if (isset($_POST['user_last_name'])) {
// Daten des Administrators in Sessionvariablen gefiltert speichern
$_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']);
$_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']);
$_SESSION['user_email'] = strStripTags($_POST['user_email']);
$_SESSION['user_login'] = strStripTags($_POST['user_login']);
$_SESSION['user_password'] = $_POST['user_password'];
$_SESSION['user_password_confirm'] = $_POST['user_password_confirm'];
if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') {
showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
// username should only have valid chars
if (!strValidCharacters($_SESSION['user_login'], 'noSpecialChar')) {
showNotice($gL10n->get('SYS_FIELD_INVALID_CHAR', $gL10n->get('SYS_USERNAME')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
// email should only have valid chars
$_SESSION['user_email'] = admStrToLower($_SESSION['user_email']);
if (!strValidCharacters($_SESSION['user_email'], 'email')) {
showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
// password must be the same with password confirm
$form->addInput('user_login', $gL10n->get('SYS_USERNAME'), $userLogin, array('maxLength' => 35, 'property' => FIELD_REQUIRED));
$form->addInput('user_password', $gL10n->get('SYS_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED));
$form->addInput('user_password_confirm', $gL10n->get('SYS_CONFIRM_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED));
$form->closeGroupBox();
$form->addButton('previous_page', $gL10n->get('SYS_BACK'), array('icon' => 'layout/back.png', 'link' => 'installation.php?mode=4'));
$form->addSubmitButton('next_page', $gL10n->get('INS_CONTINUE_INSTALLATION'), array('icon' => 'layout/forward.png'));
$form->show();
} elseif ($getMode == 6) {
if (isset($_POST['user_last_name'])) {
// Daten des Administrators in Sessionvariablen gefiltert speichern
$_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']);
$_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']);
$_SESSION['user_email'] = strStripTags($_POST['user_email']);
$_SESSION['user_login'] = strStripTags($_POST['user_login']);
$_SESSION['user_password'] = strStripTags($_POST['user_password']);
$_SESSION['user_password_confirm'] = strStripTags($_POST['user_password_confirm']);
if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') {
showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
$_SESSION['user_email'] = admStrToLower($_SESSION['user_email']);
if (!strValidCharacters($_SESSION['user_email'], 'email')) {
showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
if ($_SESSION['user_password'] !== $_SESSION['user_password_confirm']) {
showNotice($gL10n->get('INS_PASSWORDS_NOT_EQUAL'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
}
}
// read configuration file structure
$filename = 'config.php';
$configFileHandle = fopen($filename, 'r');
$configFileContent = fread($configFileHandle, filesize($filename));
if ($gPreferences['enable_weblinks_module'] == 0) {
// module is disabled
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
// erst pruefen, ob der User auch die entsprechenden Rechte hat
if (!$gCurrentUser->editWeblinksRight()) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
// Linkobjekt anlegen
$link = new TableWeblink($gDb, $getLinkId);
$_SESSION['links_request'] = $_POST;
if ($getMode == 1 || $getMode == 3 && $getLinkId > 0) {
if (strlen(strStripTags($_POST['lnk_name'])) == 0) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('LNK_LINK_NAME')));
}
if (strlen(strStripTags($_POST['lnk_url'])) == 0) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('LNK_LINK_ADDRESS')));
}
if (strlen($_POST['lnk_cat_id']) == 0) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_CATEGORY')));
}
// make html in description secure
$_POST['lnk_description'] = admFuncVariableIsValid($_POST, 'lnk_description', 'html');
// POST Variablen in das Ankuendigungs-Objekt schreiben
foreach ($_POST as $key => $value) {
if (strpos($key, 'lnk_') === 0) {
if ($link->setValue($key, $value) == false) {
// Daten wurden nicht uebernommen, Hinweis ausgeben
if ($key == 'lnk_url') {
$gMessage->show($gL10n->get('SYS_URL_INVALID_CHAR', $gL10n->get('SYS_WEBSITE')));
}
