/** * Generate temporary path * * @param string $id Random id, defautls to null * * @return void */ private function _generateTmpPath($id = null) { if ($id === null) { $pass = new Password(); $id = $pass->makeRandomPassword(30); } $this->_tmp_path = GALETTE_ATTACHMENTS_PATH . '/' . $id; }
/** * Check posted values validity * * @param array $values All values to check, basically the $_POST array * after sending the form * @param array $required Array of required fields * @param array $disabled Array of disabled fields * * @return true|array */ public function check($values, $required, $disabled) { global $zdb, $preferences; $errors = array(); $fields = self::getDbFields(); //reset company name if needeed if (!isset($values['is_company']) || $values['is_company'] != 1) { unset($values['is_company']); unset($values['societe_adh']); } foreach ($fields as $key) { //first of all, let's sanitize values $key = strtolower($key); $prop = '_' . $this->_fields[$key]['propname']; if (isset($values[$key])) { $value = trim($values[$key]); } else { switch ($key) { case 'bool_admin_adh': case 'bool_exempt_adh': case 'bool_display_info': $value = 0; break; case 'activite_adh': //values that are setted at object instanciation $value = true; break; case 'date_crea_adh': case 'sexe_adh': case 'titre_adh': case 'id_statut': case 'pref_lang': case 'parent_id': //values that are setted at object instanciation $value = $this->{$prop}; break; default: $value = ''; } } // if the field is enabled, check it if (!isset($disabled[$key])) { // fill up the adherent structure if ($value !== null) { $this->{$prop} = stripslashes($value); } // now, check validity if ($value !== null && $value != '') { switch ($key) { // dates case 'date_crea_adh': case 'ddn_adh': try { $d = \DateTime::createFromFormat(_T("Y-m-d"), $value); if ($d === false) { //try with non localized date $d = \DateTime::createFromFormat("Y-m-d", $value); if ($d === false) { throw new \Exception('Incorrect format'); } } $this->{$prop} = $d->format('Y-m-d'); } catch (\Exception $e) { Analog::log('Wrong date format. field: ' . $key . ', value: ' . $value . ', expected fmt: ' . _T("Y-m-d") . ' | ' . $e->getMessage(), Analog::INFO); $errors[] = str_replace(array('%date_format', '%field'), array(_T("Y-m-d"), $this->_fields[$key]['label']), _T("- Wrong date format (%date_format) for %field!")); } break; case 'titre_adh': if ($value !== null && $value !== '') { if ($value == '-1') { $this->{$prop} = null; } else { $this->{$prop} = new Title((int) $value); } } else { $this->{$prop} = null; } break; case 'email_adh': case 'msn_adh': if (!GaletteMail::isValidEmail($value)) { $errors[] = _T("- Non-valid E-Mail address!") . ' (' . $this->getFieldName($key) . ')'; } if ($key == 'email_adh') { try { $select = $zdb->select(self::TABLE); $select->columns(array(self::PK))->where(array('email_adh' => $value)); if ($this->_id != '' && $this->_id != null) { $select->where(self::PK . ' != ' . $this->_id); } $results = $zdb->execute($select); if ($results->count() !== 0) { $errors[] = _T("- This E-Mail address is already used by another member!"); } } catch (\Exception $e) { Analog::log('An error occured checking member email unicity.', Analog::ERROR); $errors[] = _T("An error has occured while looking if login already exists."); } } break; case 'url_adh': if ($value == 'http://') { $this->{$prop} = ''; } elseif (!isValidWebUrl($value)) { $errors[] = _T("- Non-valid Website address! Maybe you've skipped the http:// ?"); } break; case 'login_adh': /** FIXME: add a preference for login lenght */ if (strlen($value) < 2) { $errors[] = str_replace('%i', 2, _T("- The username must be composed of at least %i characters!")); } else { //check if login does not contain the @ character if (strpos($value, '@') != false) { $errors[] = _T("- The username cannot contain the @ character"); } else { //check if login is already taken try { $select = $zdb->select(self::TABLE); $select->columns(array(self::PK))->where(array('login_adh' => $value)); if ($this->_id != '' && $this->_id != null) { $select->where(self::PK . ' != ' . $this->_id); } $results = $zdb->execute($select); if ($results->count() !== 0 || $value == $preferences->pref_admin_login) { $errors[] = _T("- This username is already in use, please choose another one!"); } } catch (\Exception $e) { Analog::log('An error occured checking member login unicity.', Analog::ERROR); $errors[] = _T("An error has occured while looking if login already exists."); } } } break; case 'mdp_adh': /** TODO: check password complexity, set by a preference */ /** FIXME: add a preference for password lenght */ if (strlen($value) < 6) { $errors[] = str_replace('%i', 6, _T("- The password must be of at least %i characters!")); } else { if ($this->_self_adh !== true && (!isset($values['mdp_adh2']) || $values['mdp_adh2'] != $value)) { $errors[] = _T("- The passwords don't match!"); } else { if ($this->_self_adh === true && !crypt($value, $values['mdp_crypt']) == $values['mdp_crypt']) { $errors[] = _T("Password misrepeated: "); } else { $this->{$prop} = password_hash($value, PASSWORD_BCRYPT); } } } break; case 'id_statut': try { //check if status exists $select = $zdb->select(Status::TABLE); $select->where(Status::PK . '= ' . $value); $results = $zdb->execute($select); $result = $results->current(); if ($result === false) { $errors[] = str_replace('%id', $value, _T("Status #%id does not exists in database.")); break; } //check for status unicity $select = $zdb->select(self::TABLE, 'a'); $select->limit(1)->join(array('b' => PREFIX_DB . Status::TABLE), 'a.' . Status::PK . '=b.' . Status::PK, array('libelle_statut'))->where('b.' . Status::PK . '=' . $value); $select->where->lessThan('b.priorite_statut', Members::NON_STAFF_MEMBERS); if ($this->_id != '' && $this->_id != null) { $select->where('a.' . self::PK . ' != ' . $this->_id); } $results = $zdb->execute($select); $result = $results->current(); if ($result !== false) { $errors[] = str_replace(array('%s', '%i', '%n', '%m'), array($result->libelle_statut, $result->id_adh, $result->nom_adh, $result->prenom_adh), _T("Selected status (%s) is already in use in <a href='voir_adherent.php?id_adh=%i'>%n %m's profile</a>.")); } } catch (\Exception $e) { Analog::log('An error occured checking status unicity: ' . $e->getMessage(), Analog::ERROR); $errors[] = _T("An error has occured while looking if status is already in use."); } break; } } else { if ($key == 'login_adh' && !isset($required['login_adh']) || $key == 'mdp_adh' && !isset($required['mdp_adh']) && !isset($this->_id)) { $p = new Password(); $this->{$prop} = $p->makeRandomPassword(15); } } } } // missing required fields? while (list($key, $val) = each($required)) { $prop = '_' . $this->_fields[$key]['propname']; if (isset($disabled[$key])) { $mandatory_missing = false; if (!isset($this->{$prop})) { $mandatory_missing = true; } else { if ($key === 'titre_adh' && $this->{$prop} == '-1') { $mandatory_missing = true; } } if ($mandatory_missing === true) { $errors[] = _T("- Mandatory field empty: ") . ' <a href="#' . $key . '">' . $this->getFieldName($key) . '</a>'; } } } //attach to/detach from parent if (isset($values['detach_parent'])) { $this->_parent = null; } if (count($errors) > 0) { Analog::log('Some errors has been throwed attempting to edit/store a member' . print_r($errors, true), Analog::DEBUG); return $errors; } else { Analog::log('Member checked successfully.', Analog::DEBUG); return true; } }