$formok = false;
}
if ($paramType == 'limit' && $value['search'][$searchName][$paramType] && !sensitiveIO::IspositiveInteger($value['search'][$searchName][$paramType])) {
$cms_message .= $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_LIMIT, false, MOD_POLYMOD_CODENAME))) . "\n";
}
break;
case 'publication date after':
case 'publication date before':
if ($paramValue && !$value['search'][$searchName][$paramType]) {
//mandatory ?
$formok = false;
} elseif ($value['search'][$searchName][$paramType]) {
//replace localised date value by db format corresponding value
$date = new CMS_date();
$date->setFormat($cms_language->getDateFormat());
if ($date->setLocalizedDate($value['search'][$searchName][$paramType])) {
$value['search'][$searchName][$paramType] = $date->getDBValue();
} else {
$label = $paramType == 'publication date after' ? MESSAGE_PAGE_FIELD_PUBLISHED_FROM : MESSAGE_PAGE_FIELD_PUBLISHED_TO;
$cms_message .= $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage($label, false, MOD_POLYMOD_CODENAME))) . "\n";
}
}
break;
case 'order':
if (sizeof($paramValue)) {
foreach ($paramValue as $orderName => $orderValue) {
// Order direction
$orderName = trim($orderName, '()');
if ($paramValue && !$value['search'][$searchName][$paramType][$orderName]) {
//mandatory ?
$formok = false;
/**
* add a search condition to a given CMS_object_search object
*
* @param CMS_object_search $search : the reference search object which need the condition
* @param array &tagAttributes : represent atm-search-param attributes
* @return boolean true on success, false on failure
* @access private
* @static
*/
static function addSearchCondition(&$search, $tagAttributes)
{
global $cms_language;
if (!isset($tagAttributes['type'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'type' attribute");
return false;
}
if (!isset($tagAttributes['value'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'value' attribute");
return false;
}
if (!isset($tagAttributes['mandatory'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'mandatory' attribute");
return false;
}
if (isset($tagAttributes['value'])) {
$searchConditionValue = $tagAttributes['value'];
} else {
CMS_grandFather::raiseError("Unknown value type : " . $tagAttributes['value']);
return false;
}
//if no value for condition and condition is mandatory : return false
if (!$searchConditionValue && (!isset($tagAttributes['operator']) || !$tagAttributes['operator'])) {
return $tagAttributes['mandatory'] == 'true' ? false : true;
}
if (is_scalar($tagAttributes['type']) && in_array($tagAttributes['type'], CMS_object_search::getStaticSearchConditionTypes()) || $tagAttributes['type'] == 'category') {
if ($tagAttributes['type'] == 'publication date after' || $tagAttributes['type'] == 'publication date before') {
//replace search condition value by corresponding cms_date object
$date = new CMS_date();
$date->setFormat($cms_language->getDateFormat());
$date->setLocalizedDate($searchConditionValue);
$searchConditionValue = $date;
}
$search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false);
} else {
if (!sensitiveIO::isPositiveInteger($tagAttributes['type'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : attribute 'type' does not represent a valid object " . $tagAttributes['type']);
return false;
} else {
$search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false);
}
}
return true;
}
$search->setAttribute('orderBy', 'publicationDateStart_rs desc,publicationDateEnd_rs desc, id_moo desc');
// Param : Around publication date
$dt_today = new CMS_date();
$dt_today->setDebug(false);
$dt_today->setNow();
$dt_today->setFormat($dateFormat);
$dt_from = new CMS_date();
$dt_from->setDebug(false);
$dt_from->setFormat($dateFormat);
if ($dt_from->setLocalizedDate(CMS_session::getSessionVar("items_dtfrm"), true)) {
$search->addWhereCondition("publication date after", $dt_from);
}
$dt_end = new CMS_date();
$dt_end->setDebug(false);
$dt_end->setFormat($dateFormat);
if ($dt_end->setLocalizedDate(CMS_session::getSessionVar("items_dtnd"), true)) {
// Check this date isn't greater than start date given
if (!CMS_date::compare($dt_from, $dt_end, ">=")) {
$search->addWhereCondition("publication date before", $dt_end);
}
}
if ($status) {
$search->addWhereCondition("status", $status);
}
}
// Do not apply sessions filters if limitToOrderedItems or limitToItems otherwise it could hide objects that should be displayed
if (empty($limitToOrderedItems) && empty($limitToItems)) {
//Add all subobjects to search if any
foreach ($objectFields as $fieldID => $field) {
//if field is a poly object
if (CMS_session::getSessionVar('items_' . $object->getID() . '_' . $fieldID) != '') {
define('MESSAGE_PAGE_NO_LOGS', 1608);
define("MESSAGE_PAGE_NO_SERVER_RIGHTS", 748);
//CHECKS user has admin clearance
if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
CMS_grandFather::raiseError('User has no administration rights');
echo $cms_language->getMessage(MESSAGE_PAGE_NO_SERVER_RIGHTS);
exit;
}
$date = sensitiveIO::request('date');
$errorFile = '';
$gzip = false;
$now = new CMS_date();
$now->setNow(true);
$requestedDate = new CMS_date();
$requestedDate->setFormat($cms_language->getDateFormat());
$requestedDate->setLocalizedDate($date);
if (!$requestedDate->hasError()) {
if (CMS_date::compare($requestedDate, $now, '==')) {
$errorFile = PATH_MAIN_FS . '/' . CMS_grandFather::ERROR_LOG;
} else {
$gzip = true;
$requestedDate->moveDate('+1 day');
$errorFile = PATH_LOGS_FS . '/' . CMS_grandFather::ERROR_LOG . '-' . $requestedDate->getLocalizedDate('Y-m-d') . '.gz';
}
}
if ($errorFile && file_exists($errorFile)) {
if (connection_status() == 0) {
//close session then clean buffer
session_write_close();
ob_end_clean();
//to prevent long file from getting cut off from max_execution_time
$edited = RESOURCE_EDITION_BASEDATA;
$logAction = CMS_log::LOG_ACTION_RESOURCE_EDIT_BASEDATA;
$cms_message = $cms_language->getMessage(MESSAGE_ACTION_OPERATION_DONE);
} else {
$cms_message = $cms_language->getMessage(MESSAGE_FORM_ERROR_WRITING);
$cms_page->raiseError('Error during writing of page ' . $cms_page->getID() . '. Action : update pageMetas');
}
$dt_beg = new CMS_date();
$dt_beg->setDebug(false);
$dt_beg->setFormat($cms_language->getDateFormat());
$dateStart = $cms_page->getPublicationDateStart(false);
$dt_end = new CMS_date();
$dt_end->setDebug(false);
$dt_end->setFormat($cms_language->getDateFormat());
$dateEnd = $cms_page->getPublicationDateEnd(false);
if ($dt_beg->setLocalizedDate($pubdatestart, false) && $dt_end->setLocalizedDate($pubdateend, true)) {
//check if dates has changed
if (!CMS_date::compare($dateStart, $dt_beg, '==') || !CMS_date::compare($dateEnd, $dt_end, '==')) {
if (!$dt_end->isNull() && CMS_date::compare($dt_beg, $dt_end, '>')) {
$cms_message = $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_DATES);
$cms_page->raiseError('Error during set pubdatestart : date start is higher than date end. Values set for date start : ' . $pubdatestart . ', for date end : ' . $pubdateend);
} else {
$cms_page->setPublicationDates($dt_beg, $dt_end);
if ($cms_page->writeToPersistence()) {
$edited = RESOURCE_EDITION_BASEDATA;
$logAction = CMS_log::LOG_ACTION_RESOURCE_EDIT_BASEDATA;
$cms_message = $cms_language->getMessage(MESSAGE_ACTION_OPERATION_DONE);
} else {
$cms_message = $cms_language->getMessage(MESSAGE_FORM_ERROR_WRITING);
$cms_page->raiseError('Error during writing of page ' . $cms_page->getID() . '. Action : update pubdatestart, value : ' . $pubdatestart);
}
define("MESSAGE_PAGE_FIELD_ELEMENT", 1579);
//get search vars
$codename = sensitiveIO::request('module', CMS_modulesCatalog::getAllCodenames());
$pageId = sensitiveIO::request('page', 'sensitiveIO::isPositiveInteger', 0);
$type = sensitiveIO::request('type', array('all', 'login', 'resource', 'admin', 'email', 'modules'), 'all');
$datestart = false;
if (sensitiveIO::request('datestart')) {
$datestart = new CMS_date();
$datestart->setFormat($cms_language->getDateFormat());
$datestart->setLocalizedDate(sensitiveIO::request('datestart'), true);
}
$dateend = false;
if (sensitiveIO::request('dateend')) {
$dateend = new CMS_date();
$dateend->setFormat($cms_language->getDateFormat());
$dateend->setLocalizedDate(sensitiveIO::request('dateend'), true);
}
$sort = sensitiveIO::request('sort', array('datetime', 'user', 'action'), 'datetime');
$dir = sensitiveIO::request('dir', array('ASC', 'DESC'), 'DESC');
$userId = sensitiveIO::request('userId', 'sensitiveIO::isPositiveInteger');
$start = sensitiveIO::request('start', 'sensitiveIO::isPositiveInteger', 0);
$limit = sensitiveIO::request('limit', 'sensitiveIO::isPositiveInteger', CMS_session::getRecordsPerPage());
$delete = sensitiveIO::request('del') ? true : false;
if ($delete && !$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
$delete = false;
}
$logsDatas = array();
$logsDatas['logs'] = array();
if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_VIEWLOG)) {
CMS_grandFather::raiseError('User has no logs management rights ...');
$view->show();
/**
* This function is called to catch and launch all FE forms actions
*
* @param array $formIDs : the forms ids to check for actions
* @param integer $pageID : the current page id
* @param boolean $public : the data status
* @param string $languageCode : the language code used
* @param reference array $polymodFormsError : the forms error status to return
* @param reference array $polymodFormsItem : reference to the forms item
* @return boolean : true on success, false on failure
* @access public
* @static
*/
static function formActions($formIDs, $pageID, $languageCode, $public, &$polymodFormsError, &$polymodFormsItems)
{
global $cms_language, $cms_user;
if (!is_array($formIDs)) {
return false;
}
foreach ($formIDs as $formID) {
if (io::request('formID') && io::request('formID') == $formID) {
if (!isset($cms_language) || $cms_language->getCode() != $languageCode) {
$cms_language = new CMS_language($languageCode);
}
//instanciate item
$item = '';
if (io::request('object', 'io::isPositiveInteger', '')) {
//check user rights on module
$module = CMS_poly_object_catalog::getModuleCodenameForObjectType(io::request('object'));
//Check user rights
//here assume than user should only need the view right on module, because admin right allow Automne administration access
if (!is_object($cms_user) || !$cms_user->hasModuleClearance($module, CLEARANCE_MODULE_VIEW)) {
CMS_grandFather::raiseError('No user found or user has no administration rights on module ' . $module);
return false;
}
//instanciate object
$object = CMS_poly_object_catalog::getObjectDefinition(io::request('object'));
if ($object && io::request('item', 'io::isPositiveInteger', '')) {
$search = new CMS_object_search($object, false);
$search->addWhereCondition('item', io::request('item'));
$items = $search->search();
if (isset($items[io::request('item')])) {
$item = $items[io::request('item')];
} else {
$item = new CMS_poly_object($object->getID());
}
} else {
$item = new CMS_poly_object($object->getID());
}
}
if (is_object($item) && !$item->hasError()) {
//get item fieldsObjects
$fieldsObjects =& $item->getFieldsObjects();
//checks and assignments
$item->setDebug(false);
//first, check mandatory values
foreach ($fieldsObjects as $fieldID => $aFieldObject) {
//if field is part of formular
if (isset($_REQUEST['polymodFields'][$fieldID])) {
if (!$item->checkMandatory($fieldID, $_REQUEST, '')) {
$polymodFormsError[$formID]['required'][$fieldID] = $fieldID;
}
}
}
//second, set values for all fields
foreach ($fieldsObjects as $fieldID => $aFieldObject) {
//if field is part of formular
if (isset($_REQUEST['polymodFields'][$fieldID])) {
//if form use a callback, call it
//do not use call_user_function here
$funcName = 'form_' . $formID . '_' . $fieldID;
if (!$item->setValues($fieldID, $_REQUEST, '')) {
$polymodFormsError[$formID]['malformed'][] = $fieldID;
} elseif (!isset($polymodFormsError[$formID]['required'][$fieldID]) && function_exists('form_' . $formID . '_' . $fieldID) && !$funcName($formID, $fieldID, $item)) {
$polymodFormsError[$formID]['malformed'][] = $fieldID;
}
}
}
//set publication dates if needed
if (isset($_REQUEST['polymodFields']) && $_REQUEST['polymodFields']) {
if ($object->isPrimaryResource()) {
// Dates management
$dt_beg = new CMS_date();
$dt_beg->setDebug(false);
$dt_beg->setFormat($cms_language->getDateFormat());
$dt_end = new CMS_date();
$dt_end->setDebug(false);
$dt_end->setFormat($cms_language->getDateFormat());
if (!($dt_set_1 = $dt_beg->setLocalizedDate(@$_REQUEST["pub_start"], true))) {
$polymodFormsError[$formID]['malformed'][] = 'pub_start';
}
if (!($dt_set_2 = $dt_end->setLocalizedDate(@$_REQUEST["pub_end"], true))) {
$polymodFormsError[$formID]['malformed'][] = 'pub_end';
}
//if $dt_beg && $dt_end, $dt_beg must be lower than $dt_end
if (!$dt_beg->isNull() && !$dt_end->isNull()) {
if (CMS_date::compare($dt_beg, $dt_end, '>')) {
$polymodFormsError[$formID]['malformed'][] = 'pub_start';
$polymodFormsError[$formID]['malformed'][] = 'pub_end';
$dt_set_1 = $dt_set_2 = false;
}
}
if ($dt_set_1 && $dt_set_2) {
$item->setPublicationDates($dt_beg, $dt_end);
}
}
}
//Check form token
if (!isset($_POST["atm-token"]) || !CMS_session::checkToken(MOD_POLYMOD_CODENAME . '-' . $formID, $_POST["atm-token"])) {
$polymodFormsError[$formID]['error'][] = 'form-token';
return false;
} else {
//Token is used so expire it
CMS_session::expireToken(MOD_POLYMOD_CODENAME . '-' . $formID);
}
if (!$polymodFormsError[$formID]) {
//save the data
if (!$item->writeToPersistence()) {
$polymodFormsError[$formID]['error'][] = 'write';
$polymodFormsError[$formID]['filled'] = 0;
} else {
$polymodFormsError[$formID]['filled'] = 1;
//if form use a callback, call it
//do not use call_user_function here
$funcName = 'form_' . $formID;
if (function_exists('form_' . $formID) && !$funcName($formID, $item)) {
$polymodFormsError[$formID]['filled'] = 0;
$polymodFormsError[$formID]['error'][] = 'callback';
}
}
//if item is a primary resource, unlock it
if ($object->isPrimaryResource()) {
$item->unlock();
}
} else {
$polymodFormsError[$formID]['filled'] = 0;
}
//save item for later use
$polymodFormsItems[$formID] = $item;
} else {
$polymodFormsError[$formID]['filled'] = 0;
$polymodFormsError[$formID]['error'][] = 'right';
CMS_grandFather::raiseError('No item found or user has no administration rights on item... ');
return false;
}
}
}
return true;
}
/**
* Return options tag list (for a select tag) of all float values for this field
*
* @param array $values : parameters values array(parameterName => parameterValue) in :
* selected : the float value which is selected (optional)
* @param multidimentionnal array $tags : xml2Array content of atm-function tag (nothing for this one)
* @return string : options tag list
* @access public
*/
function selectOptions($values, $tags)
{
global $cms_language;
$return = "";
$fieldID = $this->_field->getID();
$allValues = array();
$status = $this->_public ? 'public' : 'edited';
$supportedOperator = array('>=', '<=', '>', '<', '>= or null', '<= or null', '> or null', '< or null', '>= and not null', '<= and not null', '> and not null', '< and not null');
$sqlOperator = '';
if (isset($values['operator']) && isset($values['boundary']) && $values['operator'] && $values['boundary'] && in_array(htmlspecialchars_decode($values['operator']), $supportedOperator)) {
$operator = htmlspecialchars_decode($values['operator']);
$boundary = $values['boundary'];
// canBeNull
$operators = explode('or', $operator);
$operator = trim($operators[0]);
$canBeNull = isset($operators[1]) ? ' or value is NULL' : '';
// cantBeNull
$operators = explode('and', $operator);
$operator = trim($operators[0]);
$cantBeNull = isset($operators[1]) ? ' and value is not NULL and value != \'0000-00-00\' and value != \'0000-00-00 00:00:00\'' : '';
//boundary
$date = new CMS_date();
$date->setFormat($cms_language->getDateFormat());
$date->setLocalizedDate($boundary);
$sqlOperator = " and (value " . $operator . " '" . SensitiveIO::sanitizeSQLString($date->getDBValue()) . "'" . $canBeNull . $cantBeNull . ")";
}
// Search all values for this field
$sql = "select\n distinct value\n from\n mod_subobject_date_" . $status . "\n where\n objectFieldID='" . $fieldID . "'\n " . $sqlOperator . "\n\t\t";
$q = new CMS_query($sql);
$date = new CMS_date();
while (($value = $q->getValue('value')) !== false) {
if ($value) {
$date->setFromDBValue($value);
if (isset($values['format']) && $values['format']) {
$dateValue = date($values['format'], $date->getTimeStamp());
} else {
$dateValue = $date->getLocalizedDate($cms_language->GetDateFormat());
}
$allValues[$date->getTimeStamp()] = $dateValue;
}
}
if (is_array($allValues) && $allValues) {
ksort($allValues);
foreach ($allValues as $id => $label) {
$selected = $id == $values['selected'] ? ' selected="selected"' : '';
$return .= '<option title="' . io::htmlspecialchars($label) . '" value="' . $id . '"' . $selected . '>' . $label . '</option>';
}
}
return $return;
}
