private static function validateFields($fields)
{
// validate fields
$dataFields = array();
foreach ($fields as $field) {
if ($field["name"]) {
if (!isset($field["type"])) {
$field["type"] = "string";
}
$validations = array();
$validations[0] = $field["type"];
if (isset($field["minlength"]) && $field["minlength"]) {
$validations[] = "minlength:{$field["minlength"]}";
}
if (isset($field["maxlength"]) && $field["maxlength"]) {
$validations[] = "maxlength:{$field["maxlength"]}";
}
if (isset($field["minvalue"]) && $field["minvalue"]) {
$validations[] = "minvalue:{$field["minvalue"]}";
}
if (isset($field["maxvalue"]) && $field["maxvalue"]) {
$validations[] = "maxvalue:{$field["maxvalue"]}";
}
if (!isset($field["errorMessage"])) {
$field["errorMessage"] = "Invalid {$field["name"]}";
}
f::validateParam($field["name"], $validations, $field["errorMessage"]);
$dataFields[$field["name"]] = f::getParam($field["name"]);
}
}
return $dataFields;
}
public static function save()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$status = f::getParam("status");
$clientId = f::getParam("client_id");
$name = f::getParam("name");
if ($status != 1 && $status != 0) {
f::setError(400, "Invalid Client Status");
}
if (!$clientId && !$name) {
f::setError(400, "Invalid Client Name");
}
$clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}") == 1;
if ($clientId && !$clientExists) {
f::setError(400, "Invalid Client Id");
}
if (!f::hasErrors()) {
if ($clientId) {
f::dbQuery("update fm_clients set status = {p:status} where id = {p:client_id}");
} else {
f::dbQuery("insert into fm_clients set name = {p:name}, status = {p:status}");
}
f::setResponseJson(array("ok" => 1));
}
}
public static function edit()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$name = f::getParam("name");
$availableFrom = f::date2sql(f::getParam("available_from"));
$availableTo = f::date2sql(f::getParam("available_to"));
$status = f::getParam("status");
if ($status != 1 && $status != 0 && $status != 2) {
f::setError(400, "Wrong Status");
}
if (!$name) {
f::setError(400, "Invalid form name");
}
$clientExists = f::dbRes("select 1 from fm_clients where id = {p:client_id}");
if (!$clientExists) {
f::setError(400, "Client does not Exist");
}
if (!f::hasErrors()) {
if (f::getParam("form_id")) {
f::dbQuery("insert into fm_forms_log (created_date, form_id, client_id, name, enabled_domains, detail, available_from, available_to, status, description)\n\t\t\t\t\tselect now(), id, client_id, name, enabled_domains, detail, available_from, available_to, status, description from fm_forms where id = {p:form_id}");
f::dbQuery("update fm_forms set name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} where id = {p:form_id}", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
} else {
f::dbQuery("insert into fm_forms set client_id = {p:client_id}, name = {p:name}, detail = {p:detail}, available_from = {availableFrom}, available_to = {availableTo}, status = {p:status} ", array("availableFrom" => $availableFrom, "availableTo" => $availableTo));
}
f::setResponseJson(array("ok" => 1));
}
}
public static function getUrl()
{
$url = f::getParam("_url");
if (substr($url, 0, 6) == "/form/") {
f::setParam("client_id", f::strtoken($url, 3, "/"));
f::setParam("form_id", f::strtoken($url, 4, "/"));
$url = "/forms/post";
} else {
if ($url == "/" || $url == "/index") {
header("Location:/admin/index");
$url = "";
}
}
return $url;
}
public static function post()
{
$token = f::getParam("_api_key");
$userIp = $_SERVER["REMOTE_ADDR"];
$sessionId = f::dbRes("select id from ge_sessions where user_ip='{$userIp}' and token='{$token}' and status=1");
if ($sessionId) {
if (defined("DELETE_SESSIONS")) {
f::dbQuery("delete from ge_sessions where id='{$sessionId}'");
} else {
f::dbQuery("update ge_sessions set status=0 where id='{$sessionId}'");
}
f::setResponseJson(array("ok" => 1));
} else {
f::setError(400, "Sesion invalida");
}
}
public static function post()
{
$user = f::getParam("user");
$pass = f::getParam("pass");
$userId = f::dbRes("select id from fm_users where email='{$user}' and (password='******' or password='******') and status=1");
$userIp = $_SERVER["REMOTE_ADDR"];
if (!$userId) {
f::setError(400, "Invalid user");
} else {
// create token
$token = md5(uniqid($userId, true)) . md5(uniqid());
}
if (!f::hasErrors()) {
$userName = f::dbRes("select name from fm_users where id='{$userId}'");
$isAdmin = f::dbRes("select is_admin from fm_users where id='{$userId}'") == 1;
f::dbQuery("insert into fm_sessions set user_id='{$userId}', user_ip='{$userIp}', token='{$token}', status=1, created_date=now()");
f::setResponseJson(array("userName" => $userName, "_api_key" => $token, "isAdmin" => $isAdmin));
}
}
private static function step2($page, $start, $rowsPerPage, $outData)
{
$excel = f::getParam("excel") == 1;
$order = f::getParam("order") * 1;
$orderDesc = f::getParam("orderDesc") * 1;
$orderBy = $order == "" ? "" : " ORDER BY {$order}";
$clientId = f::dbRes("select client_id from fm_forms where id = {p:form_id}");
$siteTableId = "fm_userdata_" . substr("00" . $clientId, -3);
$limit = $excel ? "" : " limit {$start}, {$rowsPerPage}";
$textFilter = "";
if (f::getParam("textFilter")) {
$textFilter = " and user_data like '%" . f::dbEscape(f::getParam("textFilter")) . "%'";
}
$sql = "select SQL_CALC_FOUND_ROWS id, date_format(created_date,'%d/%m/%Y %H:%i') as created_date, user_data \n\t\t\t\t\t\tfrom {d:siteTableId}\n\t\t\t\t\t\twhere form_id = {p:form_id} \n\t\t\t\t\t\t{n:textFilter}\n\t\t\t\t\t\torder by id desc {d:orderBy} {d:limit}";
$formData = f::dbFullRes($sql, array("siteTableId" => $siteTableId, "textFilter" => $textFilter, "orderBy" => $orderBy, "limit" => $limit));
foreach ($formData as $k => $v) {
$formData[$k]["user_data"] = json_decode($formData[$k]["user_data"], true);
}
$totalRows = f::dbRes("SELECT FOUND_ROWS()");
if ($totalRows <= $page * $rowsPerPage) {
$outData["nextPage"] = 0;
}
$form = f::dbFirstRow("select id, name, enabled_domains, detail \n\t\t\t\tfrom fm_forms \n\t\t\t\twhere id = {p:form_id}");
$form["detail"] = json_decode($form["detail"], true);
$outData["form"] = $form;
$outData["data"] = $formData;
$outData["totalRows"] = $totalRows;
$outData["order"] = $order;
$outData["orderDesc"] = $orderDesc;
$outData["end"] = min($outData["start"] + $rowsPerPage, $totalRows);
if (!$excel) {
f::setResponseJson($outData);
} else {
$out = self::prepareExcel($form, $formData);
$formName = preg_replace("/[^A-Za-z0-9 ]/", '', $form["name"]);
f::setExcelOutput($form["id"] . "_{$formName}_" . date("Ymd_His") . ".xls", $out);
}
}
public static function isLogged()
{
$token = f::getParam("_api_key");
$userIp = $_SERVER["REMOTE_ADDR"];
$session = f::dbFirstRow("select user_id from fm_sessions where user_ip = {userIp} and token = {token} and status=1 ", array("userIp" => $userIp, "token" => $token));
$userId = isset($session["user_id"]) ? $session["user_id"] : 0;
if ($userId) {
$userName = f::dbRes("select name from fm_users where id='{$userId}'");
$isAdmin = f::dbRes("select is_admin from fm_users where id='{$userId}'") == 1;
if (!defined("USER_ID")) {
define("USER_ID", $userId);
define("USER_NAME", $userName);
define("USER_IS_ADMIN", $isAdmin);
}
return true;
} else {
define("USER_ID", "");
define("USER_NAME", "");
define("USER_IS_ADMIN", "");
f::setError(401, "Unauthenticated");
return false;
}
}
public static function add()
{
if (!security::isLogged() || !USER_IS_ADMIN) {
return;
}
$status = f::getParam("status");
$name = f::getParam("name");
$email = f::getParam("email");
$password1 = trim(f::getParam("password1"));
$password2 = trim(f::getParam("password2"));
$exists = f::dbRes("select 1 from fm_users where name = {name}", array("name" => $name));
if (!$email) {
f::setError(400, "Email field is missing");
} else {
if (!$name) {
f::setError(400, "Name field is missing");
} else {
if ($exists) {
f::setError(400, "Failed, user already exists.");
}
}
}
if ($status != 1 && $status != 0) {
f::setError(400, "Incorrect Status");
}
if ($password1 && $password1 != $password2) {
f::setError(400, "Incorrect Password");
}
if (!f::hasErrors()) {
$userId = f::dbInsert("insert into fm_users set email = {email}, name = {name}, status = {status} ", array("email" => $email, "name" => $name, "status" => $status));
if ($password1 && $password1 == $password2) {
f::dbQuery("update fm_users set password = {pwd} where id = {userId}", array("pwd" => md5($password1), "userId" => $userId));
}
$userClients = f::getParam("userClients");
f::dbQuery("delete from fm_users_clients where user_id = {userId}");
foreach ($userClients as $clientId => $value) {
f::dbQuery("insert into fm_users_clients set user_id = {userId}, client_id = {clientId}", array("userId" => $userId, "clientId" => $clientId));
}
f::setResponseJson(array("userId" => $userId));
}
}
