function _loadActionsINIFile() { import('Dataface/ConfigTool.php'); $configTool =& Dataface_ConfigTool::getInstance(); $actions =& $configTool->loadConfig('actions', null); foreach (array_keys($actions) as $key) { $action =& $actions[$key]; $action['name'] = $key; if (!isset($action['id'])) { $action['id'] = $action['name']; } if (!isset($action['label'])) { $action['label'] = str_replace('_', ' ', ucfirst($action['name'])); } if (!isset($action['accessKey'])) { $action['accessKey'] = substr($action['name'], 0, 1); } //if ( !isset($action['label_i18n']) ) $action['label_i18n'] = 'action:'.$action['name'].' label'; //if ( !isset($action['description_i18n'])) $action['description_i18n'] = 'action:'.$action['name'].' description'; if (isset($action['description'])) { $action['description'] = df_translate('actions.' . $action['name'] . '.description', $action['description']); } if (isset($action['label'])) { $action['label'] = df_translate('actions.' . $action['name'] . '.label', $action['label']); } $this->actions[$key] =& $action; unset($action); } unset($temp); $this->actions =& $actions; }
/** * A method to create the configuration table in the database. The configuration * table is where configuration (e.g. fields.ini etc..) may be stored. This is * a new feature in 0.6.14. * * @author Steve Hannah <*****@*****.**> * @created Feb. 26, 2007 */ function Dataface_ConfigTool_createConfigTable() { $self =& Dataface_ConfigTool::getInstance(); if (!Dataface_Table::tableExists($self->configTableName, false)) { $sql = "CREATE TABLE `" . $self->configTableName . "` (\n\t\t\t\t\tconfig_id int(11) NOT NULL auto_increment primary key,\n\t\t\t\t\t`file` varchar(255) NOT NULL,\n\t\t\t\t\t`section` varchar(128),\n\t\t\t\t\t`key` varchar(128) NOT NULL,\n\t\t\t\t\t`value` text NOT NULL,\n\t\t\t\t\t`lang` varchar(2),\n\t\t\t\t\t`username` varchar(32),\n\t\t\t\t\t`priority` int(5) default 5\n\t\t\t\t\t)"; $res = xf_db_query($sql, df_db()); if (!$res) { throw new Exception(xf_db_error(df_db()), E_USER_ERROR); } } }
/** * Sets a configuration parameter in the configuration table. * This should not be called directly. It should be called through the * Dataface_ConfigTool class as its setConfigParam method. * * @param string $file The name of the ini file in which the config value is being set. * @param string $section The name of the section (could be null). * @param string $key The name of the parameter's key (not null) * @param string $value The value to set (not null) * @param string $username The username for which the parameter is being set (null for all users) * @param string $lang The 2-digit language code for which the parameter is being set (null for all languages). * @param integer $priority The priority of this config variable (priority dictates which * parameters take priority. Default vallue of 5. * @returns true if success or PEAR_Error if failure. * * This will create the configuration table if it doesn't already exist. * * @author Steve Hannah <*****@*****.**> * @created Feb. 26, 2007 */ function Dataface_ConfigTool_setConfigParam($file, $section, $key, $value, $username = null, $lang = null, $priority = 5) { $self =& Dataface_ConfigTool::getInstance(); // See if this parameter has already been set: $where = array(); $where[] = "`key`='" . addslashes($key) . "'"; $where[] = "`file`='" . addslashes($file) . "'"; $where[] = "`section`" . (isset($section) ? "='" . addslashes($section) . "'" : ' IS NULL'); $where[] = "`username`" . (isset($username) ? "='" . addslashes($username) . "'" : ' IS NULL'); $where[] = "`lang`" . (isset($lang) ? "='" . addslashes($lang) . "'" : ' IS NULL'); $where = implode(' and ', $where); $sql = "select `config_id` from `" . $self->configTableName . "` where {$where} limit 1"; $res = mysql_query($sql, df_db()); if (!$res) { $self->createConfigTable(); $res = mysql_query($sql, df_db()); } if (!$res) { return PEAR::raiseError("Failed to get config parameter: " . mysql_error(df_db())); } $vals = array("section" => isset($section) ? "'" . addslashes($section) . "'" : 'NULL', "key" => "'" . addslashes($key) . "'", "value" => "'" . addslashes($value) . "'", "username" => "'" . addslashes($username) . "'", "lang" => "'" . addslashes($lang) . "'", "priority" => $priority); if (mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); // We need to perform an update $updates = array(); foreach ($vals as $vkey => $vval) { $updates[] = '`' . $vkey . '`=' . $vval; } $sets = implode(' and ', $updates); $sql = "update `" . $self->configTableName . "` set " . $sets . " where `config_id`='" . $row['config_id'] . "' limit 1"; } else { $values = array(); $cols = array(); foreach ($vals as $vkey => $vval) { $cols[] = "`{$vkey}`"; $values[] = $vval; } $cols = implode(',', $cols); $values = implode(',', $values); $sql = "insert into `" . $self->configTableName . "` ({$cols}) VALUES ({$values})"; } @mysql_free_result($res); $res = mysql_query($sql, df_db()); if (!$res) { return PEAR::raiseError("Could not write config value: " . mysql_error(df_db())); } return true; }
/** * Loads the field definitions for meta data for the given table. These * are defined in the metadata.ini files at the table, application, and * dataface levels. */ function loadMetadataFieldDefs($tablename = null) { if (!isset($tablename)) { $tablename = $this->tablename; } if (!isset($this->fieldDefs)) { import('Dataface/ConfigTool.php'); $configTool =& Dataface_ConfigTool::getInstance(); $this->fieldDefs = $configTool->loadConfig('metadata', $tablename); foreach (array_keys($this->fieldDefs) as $key) { $field =& $this->fieldDefs[$key]; $field['name'] = '__' . $key; $field['Field'] = $field['name']; if (!isset($field['Type'])) { $field['Type'] = 'varchar(64)'; } $this->fieldDefs['__' . $key] =& $field; unset($this->fieldDefs[$key]); unset($field); } } return $this->fieldDefs; }
function loadPermissions() { $this->_permissionsLoaded = true; $configTool =& Dataface_ConfigTool::getInstance(); $conf =& $configTool->loadConfig('permissions', $this->tablename); $permissionsTool =& Dataface_PermissionsTool::getInstance(); $permissionsTool->addPermissions($conf); }
/** * @brief Returns the valuelist as a relationship. This is handy for * adding values to it and searching it. * * @param Dataface_Table &$table The table where the valuelist is defined. * @param string $valuelistName The name of the valuelist. * @return Dataface_Relationship A wrapper relationship for the valuelist. * @return PEAR_Error If there is a problem generating the relationship. */ function &asRelationship(&$table, $valuelistName) { import('Dataface/ConfigTool.php'); $configTool =& Dataface_ConfigTool::getInstance(); $conf = $configTool->loadConfig('valuelists', $table->tablename); if (!@$conf[$valuelistName]['__sql__']) { $out = null; return $out; } $relname = $valuelistName . '__valuelist'; //$conf = array($relname=>$conf); $table->addRelationship($relname, $conf[$valuelistName]); $rel =& $table->getRelationship($relname); $rel->_schema['action']['visible'] = 0; return $rel; }
function __construct($conf = null) { if ($conf === null) { import('Dataface/ConfigTool.php'); $configTool =& Dataface_ConfigTool::getInstance(); $conf = $configTool->loadConfig('permissions'); } $this->addPermissions($conf); //print_r($this->permissions); }
/** * @brief Returns the actions for this table. * @param array $params An associative array of options. Possible keys include: * @code * record => reference to a Dataface_Record or Dataface_RelatedRecord object * relationship => The name of a relationship. * category => A name of a category for the actions to be returned. * @endcode * @return array An associative array of action data structures. * * @see Dataface_ActionTool * */ function getActions(&$params, $noreturn = false) { import('Dataface/ActionTool.php'); $actionsTool =& Dataface_ActionTool::getInstance(); if (!$this->_actionsLoaded) { $this->_actionsLoaded = true; import('Dataface/ConfigTool.php'); $configTool =& Dataface_ConfigTool::getInstance(); $actions =& $configTool->loadConfig('actions', $this->tablename); //print_r($actions); //$singularLabel = $this->getSingularLabel(); //$pluralLabel = $this->getLabel(); foreach ($actions as $key => $action) { $action['table'] = $this->tablename; $action['name'] = $key; if (!isset($action['id'])) { $action['id'] = $action['name']; } if (!isset($action['label'])) { $action['label'] = str_replace('_', ' ', ucfirst($action['name'])); } if (!isset($action['accessKey'])) { $action['accessKey'] = substr($action['name'], 0, 1); } if (!isset($action['label_i18n'])) { $action['label_i18n'] = 'action:' . $action['name'] . ' label'; } if (!isset($action['description_i18n'])) { $action['description_i18n'] = 'action:' . $action['name'] . ' description'; } if (isset($action['description'])) { $action['description'] = df_translate('actions.' . $action['name'] . '.description', $action['description']); } if (isset($action['label'])) { //$action['label'] = df_translate('actions.'.$action['name'].'.label',$action['label'], array('table_label_singular'=>$singularLabel, 'table_label_plural'=>$pluralLabel)); $action['label'] = df_translate('actions.' . $action['name'] . '.label', $action['label']); } $actionsTool->addAction($key, $action); } } $params['table'] = $this->tablename; if ($noreturn) { return true; } return $actionsTool->getActions($params); }
/** * @brief Displays the Dataface application. * * @param boolean $main_content_only Whether to only show the main content or to show the full page with header and * footer. This parameter is not respected by many of the current templates and may be removed in later releases. * * @param boolean $disableCache Whether to disable the output cache. It is enabled by default. * * @par Flow Chart * * <img src="http://media.weblite.ca/files/photos/Display_flow_control.png?max_width=640"/> * <a href="http://media.weblite.ca/files/photos/Display_flow_control.png" target="_blank" title="Enlarge">Enlarge</a>. */ function _display($main_content_only = false, $disableCache = false) { // ---------------- Set the Default Character set for output ----------- foreach ($this->_tables as $key => $value) { $this->_tables[$key] = $this->_conf['_tables'][$key] = df_translate('tables.' . $key . '.label', $value); } $this->main_content_only = $main_content_only; if ($this->autoSession or $this->sessionEnabled()) { $this->startSession(); } if (isset($this->_conf['disable_session_ip_check']) and !@$this->_conf['disable_session_ip_check']) { if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) { $_SESSION['XATAFACE_REMOTE_ADDR'] = df_IPv4To6($_SERVER['REMOTE_ADDR']); } $ipAddressError = null; if (df_IPv4To6($_SESSION['XATAFACE_REMOTE_ADDR']) != df_IPv4To6($_SERVER['REMOTE_ADDR'])) { $msg = sprintf("Session address does not match the remote address. Possible hacking attempt. Session address was '%s', User address was '%s'", df_escape(df_IPv4To6($_SESSION['XATAFACE_REMOTE_ADDR'])), df_escape(df_IPv4To6($_SERVER['REMOTE_ADDR']))); error_log($msg); //die('Your IP address doesn\'t match the session address. To continue, please clear your cookies or restart your browser and try again.'); session_destroy(); $this->startSession(); if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) { $_SESSION['XATAFACE_REMOTE_ADDR'] = df_IPv4To6($_SERVER['REMOTE_ADDR']); } } } // handle authentication if (!(defined('XATAFACE_DISABLE_AUTH') and XATAFACE_DISABLE_AUTH) and isset($this->_conf['_auth'])) { // The config file _auth section is there so we will be using authentication. $loginPrompt = false; // flag to indicate if we should show the login prompt $permissionDenied = false; // flag to indicate if we should show permission denied $permissionError = ''; //Placeholder for permissions error messages $loginError = ''; // Placeholder for login error messages. $authTool = $this->getAuthenticationTool(); $auth_result = $authTool->authenticate(); if (PEAR::isError($auth_result) and $auth_result->getCode() == DATAFACE_E_LOGIN_FAILURE) { // There was a login failure, show the login prompt $loginPrompt = true; $loginError = $auth_result->getMessage(); } else { if ($authTool->isLoggedIn()) { Dataface_ConfigTool::getInstance()->loadUserConfig(); // The user is logged in ok // Handle the request $result = $this->handleRequest(); if (Dataface_Error::isPermissionDenied($result)) { // Permission was denied on the request. Since the user is already // logged in, there is no use giving him the login prompt. Just give // him the permission denied screen. $permissionDenied = true; $permissionError = $result->getMessage(); } } else { if (isset($this->_conf['_auth']['require_login']) and $this->_conf['_auth']['require_login']) { // The user is not logged in and login is required for this application // Show the login prompt $loginPrompt = true; } else { // The user is not logged in, but login is not required for this application. // Allow the user to perform the action. $result = $this->handleRequest($disableCache); if (Dataface_Error::isPermissionDenied($result)) { // The user did not have permission to perform the action // Give the user a login prompt. $loginPrompt = true; } } } } if ($loginPrompt) { // The user is supposed to see a login prompt to log in. // Show the login prompt. $authTool->showLoginPrompt($loginError); } else { if ($permissionDenied) { // The user is supposed to see the permissionm denied page. $query =& $this->getQuery(); if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') { $this->redirect($this->url('-action=view')); } $this->addError($result); header("HTTP/1.1 403 Permission Denied"); df_display(array(), 'Dataface_Permission_Denied.html'); } else { if (PEAR::isError($result)) { // Some other error occurred in handling the request. Just show an // ugly stack trace. throw new Exception($result->toString() . $result->getDebugInfo(), E_USER_ERROR); } } } } else { // Authentication is not enabled for this application. // Just process the request. $result = $this->handleRequest($disableCache); if (Dataface_Error::isPermissionDenied($result)) { $query =& $this->getQuery(); if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') { $this->redirect($this->url('-action=view')); } $this->addError($result); header("HTTP/1.1 403 Permission Denied"); df_display(array(), 'Dataface_Permission_Denied.html'); } else { if (PEAR::isError($result)) { throw new Exception($result->toString() . $result->getDebugInfo(), E_USER_ERROR); } } } }
function do_post() { if (!@$_POST['--data']) { throw new Exception("No data received"); } $data = json_decode($_POST['--data'], true); $fields = $data['fields']; $app = Dataface_Application::getInstance(); $query = $app->getQuery(); $table_name = $query['-table']; $table = Dataface_Table::loadTable($table_name); $table_perms = $table->getPermissions(); if (!@$table_perms['show hide columns']) { throw new Exception("You don't have permission to alter column visibility."); } $config_tool = Dataface_ConfigTool::getInstance(); $user_config = $config_tool->loadUserConfig(); $errors = array(); $visibilities = array('visible', 'hidden'); $opt_types = array('list', 'find', 'browse', 'csv', 'rss', 'xml'); if (isset($data['fields'])) { $fields = $data['fields']; $config_path = 'tables/' . $table_name . '/fields.ini'; if (!@$user_config->{$config_path}) { $user_config->{$config_path} = new StdClass(); } $user_table_config = @$user_config->{$config_path}; foreach ($fields as $field_name => $field_opts) { if (is_array($field_opts)) { if (!isset($user_table_config->{$field_name})) { $user_table_config->{$field_name} = new StdClass(); } if (!isset($user_table_config->{$field_name}->visibility)) { $user_table_config->{$field_name}->visibility = new StdClass(); } $field_perms = $table->getPermissions(array('field' => $field_name)); if (!@$field_perms['show hide columns']) { $errors[] = 'You don\'t have permission to alter column visibility for field ' . $field_name; continue; } $visibility_config = $user_table_config->{$field_name}->visibility; foreach ($field_opts as $opt_type => $opt_visibility) { if (!in_array($opt_visibility, $visibilities)) { $errors[] = 'Invalid visibility for field ' . $field_name . '. Expecting visible or hidden but received ' . $opt_visibility . '.'; continue; } if (!in_array($opt_type, $opt_types)) { $errors[] = 'Invalid option type for field ' . $field_name . '. Expecting one of {' . implode(', ', $opt_types) . '} but received ' . $opt_type . '.'; continue; } $visibility_config->{$opt_type} = $opt_visibility; } } } } // Now deal with the relationships if (isset($data['relationships'])) { foreach ($data['relationships'] as $relationship_data) { $config_path = 'tables/' . $table_name . '/relationships.ini'; if (!@$user_config->{$config_path}) { $user_config->{$config_path} = new StdClass(); } $user_table_config = @$user_config->{$config_path}; if (isset($relationship_data['fields'])) { $relationship_name = $relationship_data['name']; if (!$relationship_name) { throw new Exception("Expected name for relationship but did not receive one."); continue; } $relationship = $table->getRelationship($relationship_name); if (PEAR::isError($relationship) or !isset($relationship)) { throw new Exception("Relationship " . $relationship_name . " does not exist."); } foreach ($relationship_data['fields'] as $field_name => $field_opts) { list($r_name, $r_field_name) = explode('.', $field_name); if ($r_name !== $relationship_name) { throw new Exception("Relationship fields must have same root name as the relationship itself."); continue; } if (!$relationship->hasField($r_field_name, true)) { throw new Exception("Relationship " . $relationship_name . " has no such field " . $r_field_name); } if (!isset($user_table_config->{$field_name})) { $user_table_config->{$field_name} = new StdClass(); } if (!isset($user_table_config->{$field_name}->visibility)) { $user_table_config->{$field_name}->visibility = new StdClass(); } $field_perms = $relationship->getPermissions(array('field' => $r_field_name)); if (!@$field_perms['show hide columns']) { $errors[] = 'You don\'t have permission to alter column visibility for field ' . $field_name; continue; } $visibility_config = $user_table_config->{$field_name}->visibility; foreach ($field_opts as $opt_type => $opt_visibility) { if (!in_array($opt_visibility, $visibilities)) { $errors[] = 'Invalid visibility for field ' . $field_name . '. Expecting visible or hidden but received ' . $opt_visibility . '.'; continue; } if (!in_array($opt_type, $opt_types)) { $errors[] = 'Invalid option type for field ' . $field_name . '. Expecting one of {' . implode(', ', $opt_types) . '} but received ' . $opt_type . '.'; continue; } $visibility_config->{$opt_type} = $opt_visibility; } } } } } $res = $config_tool->writeUserConfig(); if (!$res) { throw new Exception("Failed to save the user config for columns."); } if (count($errors) === 0) { $this->json_out(array('code' => 200, 'message' => 'Successfully saved settings. Reload page to see effects.')); } else { $this->json_out(array('code' => 201, 'message' => 'Saved settings but with warnings.', 'errors' => $errors)); } }
function _loadLangINIFile() { $app =& Dataface_Application::getInstance(); $oldLang = $app->_conf['lang']; if (isset($this->lang)) { $app->_conf['lang'] = $this->lang; } $query =& $app->getQuery(); import('Dataface/ConfigTool.php'); $configTool =& Dataface_ConfigTool::getInstance(); $dictionary = $configTool->loadConfig('lang', null); if (isset($query['-table'])) { $tableDictionary = $configTool->loadConfig('lang', $query['-table']); if (is_array($tableDictionary)) { $dictionary = array_merge($dictionary, $configTool->loadConfig('lang', $query['-table'])); } } $app->_conf['lang'] = $oldLang; $this->dictionary =& $dictionary; }