/** * removes html, php code and blancs at beginning and end * of string or all elements of array without ckeditor variables !!! * @param string[] $srcArray * @return string[] */ function admStrStripTagsSpecial($srcArray) { foreach ($srcArray as $key => $value) { if ($key !== 'ecard_message' && $key !== 'ann_description' && $key !== 'dat_description' && $key !== 'gbc_text' && $key !== 'gbo_text' && $key !== 'lnk_description' && $key !== 'msg_body' && $key !== 'plugin_CKEditor' && $key !== 'room_description' && $key !== 'usf_description' && $key !== 'mail_smtp_password') { $srcArray[$key] = strStripTags($value); } } return $srcArray; }
/** Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param $columnName The name of the database column whose value should be read * @param $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n * For text columns the format can be @b database that would return the original database value without any transformations * @return Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { if ($columnName == 'ann_description') { if (isset($this->dbColumns['ann_description']) == false) { $value = ''; } elseif ($format == 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['ann_description']), ENT_QUOTES, 'UTF-8'); } else { $value = $this->dbColumns['ann_description']; } } else { $value = parent::getValue($columnName, $format); } return $value; }
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n * For text columns the format can be @b database that would return the original database value without any transformations * @return Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { if ($columnName === 'gbc_text') { if (!isset($this->dbColumns['gbc_text'])) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['gbc_text'])); } else { $value = $this->dbColumns['gbc_text']; } } else { $value = parent::getValue($columnName, $format); } return $value; }
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011'. @n * For text columns the format can be @b database that would return the original database value without any transformations * @return mixed Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; if ($columnName === 'lnk_description') { if (isset($this->dbColumns['lnk_description']) === false) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['lnk_description'])); } else { $value = $this->dbColumns['lnk_description']; } } else { $value = parent::getValue($columnName, $format); } if ($columnName === 'cat_name' && $format !== 'database') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } return $value; }
/** * Set a new value for a column of the database table. The value is only saved in the object. * You must call the method @b save to store the new value to the database. If the unique key * column is set to 0 than this record will be a new record and all other columns are marked as changed. * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed * @see TableAccess#getValue */ public function setValue($columnName, $newValue, $checkValue = true) { if (array_key_exists($columnName, $this->dbColumns)) { // Allgemeine Plausibilitaets-Checks anhand des Feldtyps if ($newValue !== '' && $checkValue) { // Numerische Felder if ($this->columnsInfos[$columnName]['type'] === 'integer' || $this->columnsInfos[$columnName]['type'] === 'smallint') { if (!is_numeric($newValue)) { $newValue = ''; } // Schluesselfelder duerfen keine 0 enthalten if (($this->columnsInfos[$columnName]['key'] == 1 || $this->columnsInfos[$columnName]['null'] == 1) && $newValue == 0) { $newValue = ''; } } elseif (strpos($this->columnsInfos[$columnName]['type'], 'char') !== false || strpos($this->columnsInfos[$columnName]['type'], 'text') !== false) { $newValue = strStripTags($newValue); } elseif ($this->columnsInfos[$columnName]['type'] === 'blob' || $this->columnsInfos[$columnName]['type'] === 'bytea') { // PostgreSQL can only store hex values in bytea, so we must decode binary in hex if ($this->columnsInfos[$columnName]['type'] === 'bytea') { $newValue = bin2hex($newValue); } // we must add slashes to binary data of blob fields so that the default stripslashes don't remove necessary slashes $newValue = addslashes($newValue); } } // wurde das Schluesselfeld auf 0 gesetzt, dann soll ein neuer Datensatz angelegt werden if ($columnName == $this->keyColumnName && $newValue == 0) { $this->new_record = true; // now mark all other columns with values of this object as changed foreach ($this->dbColumns as $column => $value) { if (strlen($value) > 0) { $this->columnsInfos[$column]['changed'] = true; } } } if (array_key_exists($columnName, $this->dbColumns)) { // only mark as "changed" if the value is different (use binary safe function!) if (strcmp($newValue, $this->dbColumns[$columnName]) !== 0) { $this->dbColumns[$columnName] = $newValue; $this->columnsValueChanged = true; $this->columnsInfos[$columnName]['changed'] = true; } return true; } } return false; }
$folderName = 'sts'; break; } // set path to module folder in adm_my_files $myFilesProfilePhotos = new MyFiles($folderName); if ($myFilesProfilePhotos->checkSettings()) { // upload photo to images folder of module folder if ($myFilesProfilePhotos->setSubFolder('images')) { // create a filename with the unix timestamp, // so we have a scheme for the filenames and the risk of duplicates is low $localFile = time() . substr($_FILES['upload']['name'], strrpos($_FILES['upload']['name'], '.')); $serverUrl = $myFilesProfilePhotos->getServerPath() . '/' . $localFile; if (file_exists($serverUrl)) { // if file exists than create a random number and append it to the filename $serverUrl = $myFilesProfilePhotos->getServerPath() . '/' . substr($localFile, 0, strrpos($localFile, '.')) . '_' . rand() . substr($localFile, strrpos($localFile, '.')); } $htmlUrl = $g_root_path . '/adm_program/system/show_image.php?module=' . $folderName . '&file=' . $localFile; move_uploaded_file($_FILES['upload']['tmp_name'], $serverUrl); } else { $message = strStripTags($gL10n->get($myFilesProfilePhotos->errorText, $myFilesProfilePhotos->errorPath, '<a href="mailto:' . $gPreferences['email_administrator'] . '">', '</a>')); } } else { $message = strStripTags($gL10n->get($myFilesProfilePhotos->errorText, $myFilesProfilePhotos->errorPath, '<a href="mailto:' . $gPreferences['email_administrator'] . '">', '</a>')); } // now call CKEditor function and send photo data echo '<html><body><script type="text/javascript"> window.parent.CKEDITOR.tools.callFunction(' . $getCKEditorFuncNum . ', "' . $htmlUrl . '","' . $message . '"); </script></body></html>'; } catch (AdmException $e) { $e->showHtml(); }
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For column @c usf_value_list the following format is accepted: @n * @b database returns database value of usf_value_list; @n * @b text extract only text from usf_value_list, image infos will be ignored @n * For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n * For text columns the format can be @b database that would be the database value without any transformations * @return Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; if ($columnName === 'inf_description') { if (!isset($this->dbColumns['inf_description'])) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8'); } else { $value = $this->dbColumns['inf_description']; } } elseif ($columnName === 'inf_name_intern') { // internal name should be read with no conversion $value = parent::getValue($columnName, 'database'); } else { $value = parent::getValue($columnName, $format); } if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } elseif ($columnName === 'inf_value_list' && $format !== 'database') { if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') { $arrListValues = explode("\r\n", $value); $arrListValuesWithKeys = array(); // array with list values and keys that represents the internal value foreach ($arrListValues as $key => &$listValue) { if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') { // if value is imagefile or imageurl then show image if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) { // if there is imagefile and text separated by | then explode them if (strpos($listValue, '|') > 0) { $listValueImage = substr($listValue, 0, strpos($listValue, '|')); $listValueText = substr($listValue, strpos($listValue, '|') + 1); } else { $listValueImage = $listValue; $listValueText = $this->getValue('inf_name'); } // if text is a translation-id then translate it if (strpos($listValueText, '_') === 3) { $listValueText = $gL10n->get(admStrToUpper($listValueText)); } if ($format === 'text') { // if no image is wanted then return the text part or only the position of the entry if (strpos($listValue, '|') > 0) { $listValue = $listValueText; } else { $listValue = $key + 1; } } else { try { // create html for optionbox entry if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) { $listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } elseif (admStrIsValidFileName($listValueImage, true)) { $listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } } catch (AdmException $e) { $e->showText(); } } } } // if text is a translation-id then translate it if (strpos($listValue, '_') === 3) { $listValue = $gL10n->get(admStrToUpper($listValue)); } // save values in new array that starts with key = 1 $arrListValuesWithKeys[++$key] = $listValue; } $value = $arrListValuesWithKeys; } } return $value; }
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For date or timestamp columns the format should be * the date/time format e.g. @b d.m.Y = '02.04.2011'. @n * For text columns the format can be @b database that would return * the original database value without any transformations * @return mixed Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; if ($columnName === 'dat_end' && $this->dbColumns['dat_all_day'] == 1) { if ($format === '') { $format = 'Y-m-d'; } // bei ganztaegigen Terminen wird das Enddatum immer 1 Tag zurueckgesetzt list($year, $month, $day, $hour, $minute, $second) = preg_split('/[- :]/', $this->dbColumns['dat_end']); $value = date($format, mktime($hour, $minute, $second, $month, $day, $year) - 86400); } elseif ($columnName === 'dat_description') { if (!isset($this->dbColumns['dat_description'])) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['dat_description']), ENT_QUOTES, 'UTF-8'); } else { $value = $this->dbColumns['dat_description']; } } else { $value = parent::getValue($columnName, $format); } if ($format !== 'database') { if ($columnName === 'dat_country' && $value !== '') { // beim Land die sprachabhaengige Bezeichnung auslesen $value = $gL10n->getCountryByCode($value); } elseif ($columnName === 'cat_name') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } } return $value; }
/** * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no * value was set then the parameter will be initialized. The function can be used with every array and their elements. * You can set several flags (like required value, datatype …) that should be checked. * * @param array $array The array with the element that should be checked * @param string $variableName Name of the array element that should be checked * @param string $datatype The datatype like @b string, @b numeric, @b boolean, @b html, @b date or @b file that * is expected and which will be checked. * Datatype @b date expects a date that has the Admidio default format from the * preferences or the english date format @b Y-m-d * @param array $options An array with the following possible entries: * @b defaultValue: A value that will be set if the variable has no value * @b requireValue: If set to @b true than a value is required otherwise the function * returns an error * @b validValues: An array with all values that the variable could have. If another * value is found than the function returns an error * @b directOutput: If set to @b true the function returns only the error string, if set * to false a html message with the error will be returned * @return mixed|null Returns the value of the element or the error message if a test failed * * @par Examples * @code // numeric value that would get a default value 0 if not set * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0)); * * // string that will be initialized with text of id DAT_DATES * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES'))); * * // string initialized with actual and the only allowed values are actual and old * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); @endcode */ function admFuncVariableIsValid($array, $variableName, $datatype, $options = array()) { global $gL10n, $gMessage, $gPreferences; // create array with all options $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null); $optionsAll = array_replace($optionsDefault, $options); $errorMessage = ''; $datatype = admStrToLower($datatype); // set default value for each datatype if no value is given and no value was required if (!isset($array[$variableName]) || $array[$variableName] === '') { if ($optionsAll['requireValue']) { // if value is required an no value is given then show error $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } elseif ($optionsAll['defaultValue'] !== null) { // if a default value was set then take this value $array[$variableName] = $optionsAll['defaultValue']; } else { // no value set then initialize the parameter if ($datatype === 'boolean' || $datatype === 'numeric') { $array[$variableName] = 0; } elseif ($datatype === 'string' || $datatype === 'html') { $array[$variableName] = ''; } elseif ($datatype === 'date') { $array[$variableName] = ''; } return $array[$variableName]; } } if ($datatype === 'boolean') { // boolean type must be 0 or 1 otherwise throw error // do not check with in_array because this function don't work properly if ($array[$variableName] != '0' && $array[$variableName] != '1' && $array[$variableName] != 'false' && $array[$variableName] != 'true') { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } elseif ($optionsAll['validValues'] !== null) { // check if parameter has a valid value // do a strict check with in_array because the function don't work properly if (!in_array(admStrToUpper($array[$variableName]), $optionsAll['validValues'], true) && !in_array(admStrToLower($array[$variableName]), $optionsAll['validValues'], true)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } switch ($datatype) { case 'file': try { admStrIsValidFileName($array[$variableName]); } catch (AdmException $e) { $errorMessage = $e->getText(); } break; case 'date': // check if date is a valid Admidio date format $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $array[$variableName]); if (!$objAdmidioDate) { // check if date has english format $objEnglishDate = DateTime::createFromFormat('Y-m-d', $array[$variableName]); if (!$objEnglishDate) { $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName); } } break; case 'numeric': // numeric datatype should only contain numbers if (!is_numeric($array[$variableName])) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } break; case 'string': $array[$variableName] = strStripTags(htmlspecialchars($array[$variableName], ENT_COMPAT, 'UTF-8')); break; case 'html': // check html string vor invalid tags and scripts $array[$variableName] = htmLawed(stripslashes($array[$variableName]), array('safe' => 1)); break; } // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben if ($errorMessage === '') { return $array[$variableName]; } else { if (isset($gMessage)) { if ($optionsAll['directOutput']) { $gMessage->showTextOnly(true); } $gMessage->show($errorMessage); } else { echo $errorMessage; exit; } } return null; }
/** * The function is designed to check the content of @b $_GET and @b $_POST elements and should be used at the * beginning of a script. If the value of the defined datatype is not valid then an error will be shown. If no * value was set then the parameter will be initialized. The function can be used with every array and their elements. * You can set several flags (like required value, datatype …) that should be checked. * * @param array $array The array with the element that should be checked * @param string $variableName Name of the array element that should be checked * @param string $datatype The datatype like @b string, @b numeric, @b int, @b float, @b bool, @b boolean, @b html, * @b date or @b file that is expected and which will be checked. * Datatype @b date expects a date that has the Admidio default format from the * preferences or the english date format @b Y-m-d * @param array $options (optional) An array with the following possible entries: * - @b defaultValue : A value that will be set if the variable has no value * - @b requireValue : If set to @b true than a value is required otherwise the function * returns an error * - @b validValues : An array with all values that the variable could have. If another * value is found than the function returns an error * - @b directOutput : If set to @b true the function returns only the error string, if set * to false a html message with the error will be returned * @return mixed|null Returns the value of the element or the error message if a test failed * * @par Examples * @code * // numeric value that would get a default value 0 if not set * $getDateId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', array('defaultValue' => 0)); * * // string that will be initialized with text of id DAT_DATES * $getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', array('defaultValue' => $g_l10n->get('DAT_DATES'))); * * // string initialized with actual and the only allowed values are actual and old * $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'actual', 'validValues' => array('actual', 'old'))); * @endcode */ function admFuncVariableIsValid($array, $variableName, $datatype, $options = array()) { global $gL10n, $gMessage, $gPreferences; // create array with all options $optionsDefault = array('defaultValue' => null, 'requireValue' => false, 'validValues' => null, 'directOutput' => null); $optionsAll = array_replace($optionsDefault, $options); $errorMessage = ''; $datatype = admStrToLower($datatype); $value = null; // set default value for each datatype if no value is given and no value was required if (array_key_exists($variableName, $array) && $array[$variableName] !== '') { $value = $array[$variableName]; } else { if ($optionsAll['requireValue']) { // if value is required an no value is given then show error $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } elseif ($optionsAll['defaultValue'] !== null) { // if a default value was set then take this value $value = $optionsAll['defaultValue']; } else { // no value set then initialize the parameter if ($datatype === 'bool' || $datatype === 'boolean') { $value = false; } elseif ($datatype === 'numeric' || $datatype === 'int') { $value = 0; } elseif ($datatype === 'float') { $value = 0.0; } else { $value = ''; } return $value; } } if ($optionsAll['validValues'] !== null) { // check if parameter has a valid value // do a strict check with in_array because the function don't work properly if (!in_array(admStrToUpper($value), $optionsAll['validValues'], true) && !in_array(admStrToLower($value), $optionsAll['validValues'], true)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } } switch ($datatype) { case 'file': try { if ($value !== '') { admStrIsValidFileName($value); } } catch (AdmException $e) { $errorMessage = $e->getText(); } break; case 'date': // check if date is a valid Admidio date format $objAdmidioDate = DateTime::createFromFormat($gPreferences['system_date'], $value); if (!$objAdmidioDate) { // check if date has english format $objEnglishDate = DateTime::createFromFormat('Y-m-d', $value); if (!$objEnglishDate) { $errorMessage = $gL10n->get('LST_NOT_VALID_DATE_FORMAT', $variableName); } } break; case 'bool': case 'boolean': $valid = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE); // Bug workaround PHP <5.4.8 // https://bugs.php.net/bug.php?id=49510 if ($valid === null && ($value === null || $value === false || $value === '')) { $valid = false; } if ($valid === null) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } $value = $valid; break; case 'int': case 'float': case 'numeric': // numeric datatype should only contain numbers if (!is_numeric($value)) { $errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW'); } else { if ($datatype === 'int') { $value = filter_var($value, FILTER_VALIDATE_INT); } elseif ($datatype === 'float') { $value = filter_var($value, FILTER_VALIDATE_FLOAT); } else { // https://secure.php.net/manual/en/function.is-numeric.php#107326 $value = $value + 0; } } break; case 'string': $value = strStripTags(htmlspecialchars($value, ENT_COMPAT, 'UTF-8')); break; case 'html': // check html string vor invalid tags and scripts $value = htmLawed(stripslashes($value), array('safe' => 1)); break; } // wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben if ($errorMessage === '') { return $value; } else { if (isset($gMessage)) { if ($optionsAll['directOutput']) { $gMessage->showTextOnly(true); } $gMessage->show($errorMessage); } else { echo $errorMessage; exit; } } return null; }
$form->addInput('user_first_name', $gL10n->get('SYS_FIRSTNAME'), $userFirstName, array('maxLength' => 50, 'property' => FIELD_REQUIRED)); $form->addInput('user_email', $gL10n->get('SYS_EMAIL'), $userEmail, array('maxLength' => 255, 'property' => FIELD_REQUIRED)); $form->addInput('user_login', $gL10n->get('SYS_USERNAME'), $userLogin, array('maxLength' => 35, 'property' => FIELD_REQUIRED)); $form->addInput('user_password', $gL10n->get('SYS_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED, 'minLength' => 8)); $form->addInput('user_password_confirm', $gL10n->get('SYS_CONFIRM_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED, 'minLength' => 8)); $form->closeGroupBox(); $form->addButton('previous_page', $gL10n->get('SYS_BACK'), array('icon' => 'layout/back.png', 'link' => 'installation.php?mode=4')); $form->addSubmitButton('next_page', $gL10n->get('INS_CONTINUE_INSTALLATION'), array('icon' => 'layout/forward.png')); $form->show(); } elseif ($getMode === 6) { if (isset($_POST['user_last_name'])) { // Daten des Administrators in Sessionvariablen gefiltert speichern $_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']); $_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']); $_SESSION['user_email'] = strStripTags($_POST['user_email']); $_SESSION['user_login'] = strStripTags($_POST['user_login']); $_SESSION['user_password'] = $_POST['user_password']; $_SESSION['user_password_confirm'] = $_POST['user_password_confirm']; if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') { showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // username should only have valid chars if (!strValidCharacters($_SESSION['user_login'], 'noSpecialChar')) { showNotice($gL10n->get('SYS_FIELD_INVALID_CHAR', $gL10n->get('SYS_USERNAME')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // email should only have valid chars $_SESSION['user_email'] = admStrToLower($_SESSION['user_email']); if (!strValidCharacters($_SESSION['user_email'], 'email')) { showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // password must be the same with password confirm
$form->addInput('user_login', $gL10n->get('SYS_USERNAME'), $userLogin, array('maxLength' => 35, 'property' => FIELD_REQUIRED)); $form->addInput('user_password', $gL10n->get('SYS_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED)); $form->addInput('user_password_confirm', $gL10n->get('SYS_CONFIRM_PASSWORD'), null, array('type' => 'password', 'property' => FIELD_REQUIRED)); $form->closeGroupBox(); $form->addButton('previous_page', $gL10n->get('SYS_BACK'), array('icon' => 'layout/back.png', 'link' => 'installation.php?mode=4')); $form->addSubmitButton('next_page', $gL10n->get('INS_CONTINUE_INSTALLATION'), array('icon' => 'layout/forward.png')); $form->show(); } elseif ($getMode == 6) { if (isset($_POST['user_last_name'])) { // Daten des Administrators in Sessionvariablen gefiltert speichern $_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']); $_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']); $_SESSION['user_email'] = strStripTags($_POST['user_email']); $_SESSION['user_login'] = strStripTags($_POST['user_login']); $_SESSION['user_password'] = strStripTags($_POST['user_password']); $_SESSION['user_password_confirm'] = strStripTags($_POST['user_password_confirm']); if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') { showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } $_SESSION['user_email'] = admStrToLower($_SESSION['user_email']); if (!strValidCharacters($_SESSION['user_email'], 'email')) { showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } if ($_SESSION['user_password'] !== $_SESSION['user_password_confirm']) { showNotice($gL10n->get('INS_PASSWORDS_NOT_EQUAL'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } } // read configuration file structure $filename = 'config.php'; $configFileHandle = fopen($filename, 'r'); $configFileContent = fread($configFileHandle, filesize($filename));
if ($gPreferences['enable_weblinks_module'] == 0) { // module is disabled $gMessage->show($gL10n->get('SYS_MODULE_DISABLED')); } // erst pruefen, ob der User auch die entsprechenden Rechte hat if (!$gCurrentUser->editWeblinksRight()) { $gMessage->show($gL10n->get('SYS_NO_RIGHTS')); } // Linkobjekt anlegen $link = new TableWeblink($gDb, $getLinkId); $_SESSION['links_request'] = $_POST; if ($getMode == 1 || $getMode == 3 && $getLinkId > 0) { if (strlen(strStripTags($_POST['lnk_name'])) == 0) { $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('LNK_LINK_NAME'))); } if (strlen(strStripTags($_POST['lnk_url'])) == 0) { $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('LNK_LINK_ADDRESS'))); } if (strlen($_POST['lnk_cat_id']) == 0) { $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_CATEGORY'))); } // make html in description secure $_POST['lnk_description'] = admFuncVariableIsValid($_POST, 'lnk_description', 'html'); // POST Variablen in das Ankuendigungs-Objekt schreiben foreach ($_POST as $key => $value) { if (strpos($key, 'lnk_') === 0) { if ($link->setValue($key, $value) == false) { // Daten wurden nicht uebernommen, Hinweis ausgeben if ($key == 'lnk_url') { $gMessage->show($gL10n->get('SYS_URL_INVALID_CHAR', $gL10n->get('SYS_WEBSITE'))); }