function validate_user_info($user_r, &$HTTP_VARS, &$address_provided_r, &$errors)
{
$address_attribs_provided = NULL;
$is_address_validated = TRUE;
// cannot change your role unless you have the permissions
if (is_array($user_r) && !is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
$HTTP_VARS['user_role'] = $user_r['user_role'];
} else {
if ($HTTP_VARS['op'] == 'signup' && !is_valid_signup_role($HTTP_VARS['user_role'])) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid Signup User Role specified', $HTTP_VARS);
return FALSE;
}
}
$role_r = fetch_role_r($HTTP_VARS['user_role']);
if (!is_array($role_r)) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid User Role specified', $HTTP_VARS);
return FALSE;
}
$HTTP_VARS['fullname'] = filter_input_field("text(30,100)", $HTTP_VARS['fullname']);
$HTTP_VARS['email_addr'] = filter_input_field("email(30,100)", $HTTP_VARS['email_addr']);
if (!validate_input_field(get_opendb_lang_var('fullname'), "text(30,100)", "Y", $HTTP_VARS['fullname'], $errors) || !validate_input_field(get_opendb_lang_var('email'), "email(30,100)", "Y", $HTTP_VARS['email_addr'], $errors)) {
return FALSE;
}
if (get_opendb_config_var('user_admin', 'user_themes_support') === FALSE || !is_exists_theme($HTTP_VARS['uid_theme'])) {
$HTTP_VARS['uid_theme'] = FALSE;
// Do not update theme!
}
// Do not allow update with illegal language.
if (get_opendb_config_var('user_admin', 'user_language_support') === FALSE || !is_exists_language($HTTP_VARS['uid_language'])) {
$HTTP_VARS['uid_language'] = NULL;
}
$addr_results = fetch_address_type_rs(TRUE);
if ($addr_results) {
while ($address_type_r = db_fetch_assoc($addr_results)) {
$v_address_type = strtolower($address_type_r['s_address_type']);
$address_provided_r[$v_address_type] = FALSE;
$attr_results = fetch_address_type_attribute_type_rs($address_type_r['s_address_type'], 'update', TRUE);
if ($attr_results) {
while ($addr_attribute_type_r = db_fetch_assoc($attr_results)) {
$fieldname = get_field_name($addr_attribute_type_r['s_attribute_type'], $addr_attribute_type_r['order_no']);
$HTTP_VARS[$v_address_type][$fieldname] = filter_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname]);
if (is_empty_attribute($addr_attribute_type_r['s_attribute_type'], $HTTP_VARS[$v_address_type][$fieldname]) !== FALSE) {
$address_provided_r[$v_address_type] = TRUE;
if (!validate_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname], $errors)) {
$is_address_validated = FALSE;
}
}
}
db_free_result($attr_results);
}
//if($addr_results)
}
db_free_result($addr_results);
}
//if($addr_results)
return $is_address_validated;
}
function filter_input_field($input_type, $value)
{
$input_type_def = prc_function_spec($input_type);
return filter_item_input_field(array('input_type' => $input_type_def['type'], 'input_type_arg1' => $input_type_def['args'][0], 'input_type_arg2' => $input_type_def['args'][1], 'input_type_arg3' => $input_type_def['args'][2], 'input_type_arg4' => $input_type_def['args'][3], 'input_type_arg5' => $input_type_def['args'][4]), $value);
}
function validate_item_attributes($op, $s_item_type, &$HTTP_VARS, &$errors)
{
$errors = NULL;
$all_fields_validated = TRUE;
$attr_results = fetch_item_attribute_type_rs($s_item_type, 'not_instance_field_types');
if ($attr_results) {
while ($item_attribute_type_r = db_fetch_assoc($attr_results)) {
// Item_ID is purely a read-only attribute.
if ($item_attribute_type_r['s_field_type'] != 'ITEM_ID') {
// Force compulsory_ind for several s_field_type attributes, in case of bad data.
if ($item_attribute_type_r['s_field_type'] == 'TITLE') {
$item_attribute_type_r['compulsory_ind'] = 'Y';
$fieldname = 'title';
} else {
$fieldname = get_field_name($item_attribute_type_r['s_attribute_type'], $item_attribute_type_r['order_no']);
}
// save it in case we are in refresh mode.
$orig_fieldname = $fieldname;
if (!is_array($HTTP_VARS[$fieldname])) {
if (preg_match("/new([0-9]+)/", $HTTP_VARS[$fieldname], $matches) && isset($HTTP_VARS[$fieldname . '_' . $matches[0]])) {
$fieldname = $fieldname . '_' . $matches[0];
} else {
if ($HTTP_VARS[$fieldname] == 'old') {
// make sure this is a refresh value and not just a field with the value 'old'
if (isset($HTTP_VARS[$fieldname . '_new0'])) {
$fieldname = $fieldname . '_old';
}
}
}
}
// Is it an upload operation
if (is_array($_FILES) && is_array($_FILES[$fieldname . '_upload']) && is_uploaded_file($_FILES[$fieldname . '_upload']['tmp_name'])) {
$HTTP_VARS[$fieldname] = $_FILES[$fieldname . '_upload']['name'];
} else {
// normal field
$HTTP_VARS[$fieldname] = filter_item_input_field($item_attribute_type_r, $HTTP_VARS[$fieldname]);
}
// Indicate at least one field failed validation.
if (!validate_item_input_field($item_attribute_type_r, $HTTP_VARS[$fieldname], $errors)) {
$all_fields_validated = FALSE;
} else {
// So we have the filtered version for the handle_update / handle_insert functions.
if (!is_array($HTTP_VARS[$orig_fieldname])) {
if (preg_match("/new([0-9]+)/", $HTTP_VARS[$orig_fieldname], $matches) && isset($HTTP_VARS[$orig_fieldname . '_' . $matches[0]])) {
$HTTP_VARS[$fieldname . '_' . $matches[0]] = $HTTP_VARS[$orig_fieldname];
}
}
}
}
}
db_free_result($attr_results);
if (!$all_fields_validated) {
return FALSE;
} else {
return TRUE;
}
} else {
//else - what else can I do here?
$errors[] = array('error' => get_opendb_lang_var('undefined_error'), 'detail' => '');
return FALSE;
}
}
function get_edit_item_instance_form($op, $item_r, $status_type_r, $HTTP_VARS)
{
$formContents = "<div class=\"tabContentHidden\" id=\"instance_info\">";
$formContents .= get_related_item_search_script();
$results = fetch_item_attribute_type_rs($item_r['s_item_type'], 'instance_field_types');
if ($results) {
$formContents .= "<h3>" . get_opendb_lang_var('instance_info') . "</h3>";
$formContents .= "\n<table>";
if (($op == 'edit' || $op == 'refresh') && $status_type_r['change_owner_ind'] == 'Y') {
$formContents .= format_field(get_opendb_lang_var('owner'), "\n<select name=\"owner_id\">" . custom_select('owner_id', fetch_user_rs(PERM_ITEM_OWNER, INCLUDE_ROLE_PERMISSIONS, INCLUDE_CURRENT_USER, EXCLUDE_DEACTIVATED_USER, 'user_id', 'ASC'), '%fullname% (%user_id%)', 'NA', ifempty($HTTP_VARS['owner_id'], $item_r['owner_id']), 'user_id') . "\n</select>");
}
if ($op == 'newinstance' || $op == 'clone_item') {
$item_r['s_status_type'] = NULL;
$item_r['status_comment'] = NULL;
$item_r['borrow_duration'] = NULL;
}
while ($item_attribute_type_r = db_fetch_assoc($results)) {
if ($item_attribute_type_r['s_field_type'] == 'STATUSTYPE') {
$status_type = ifempty(filter_item_input_field($item_attribute_type_r, $HTTP_VARS['s_status_type']), $item_r['s_status_type']);
if ($op == 'new' || $op == 'site' || $op == 'newinstance' || $op == 'clone_item') {
$lookup_results = fetch_newitem_status_type_rs();
} else {
// If item has borrowed records, then no s_status_type with borrow_ind == 'X' should be included.
$lookup_results = fetch_update_status_type_rs($status_type);
}
if ($lookup_results && db_num_rows($lookup_results) > 0) {
$formContents .= format_field($item_attribute_type_r['prompt'], radio_grid('s_status_type', $lookup_results, '%img%', 'VERTICAL', $status_type));
// value
}
} else {
if ($item_attribute_type_r['s_field_type'] == 'STATUSCMNT') {
$status_comment = ifempty(filter_item_input_field($item_attribute_type_r, $HTTP_VARS['status_comment']), $item_r['status_comment']);
$formContents .= get_item_input_field('status_comment', $item_attribute_type_r, NULL, $status_comment);
} else {
if ($item_attribute_type_r['s_field_type'] == 'DURATION') {
$borrow_duration = ifempty(filter_item_input_field($item_attribute_type_r, $HTTP_VARS['borrow_duration']), $item_r['borrow_duration']);
// The S_DURATION lookup list will most likely include an 'Undefined' option, that equates
// to an empty string. So for Updates, we want to allow for a match, by forcing any NULL
// value to a empty string. The reason why we do this, is because the Borrow Duration was
// probably set to 'Undefined', but because this equated to an empty string, the field was
// never updated.
if ($op != 'new' && $op != 'site') {
if ($borrow_duration === NULL) {
$borrow_duration = '';
}
}
$formContents .= get_item_input_field('borrow_duration', $item_attribute_type_r, NULL, $borrow_duration);
}
}
}
}
//while
db_free_result($results);
$formContents .= "\n</table>";
}
if (get_opendb_config_var('item_input', 'related_item_support') !== FALSE) {
$formContents .= "<h3>" . get_opendb_lang_var('add_related_parent') . "</h3>";
$formContents .= "\n<table>";
$formContents .= format_field(get_opendb_lang_var('parent_item_filter'), '<input type="text" name="parent_item_filter" id="parent_item_filter">');
$formContents .= format_field(get_opendb_lang_var('parent_item'), format_item_parents_select($HTTP_VARS, $item_r, '%parent_only%'));
$formContents .= "\n</table>";
$relatedItems = get_related_items_listing($item_r, $HTTP_VARS, RELATED_PARENTS_MODE);
if ($relatedItems != NULL) {
$formContents .= "<h3>" . get_opendb_lang_var('related_parent_item(s)') . "</h3>";
$formContents .= $relatedItems;
}
}
$formContents .= "</div>";
return $formContents;
}
