Exemplo n.º 1
0
 protected function defaultEvent($aEvent)
 {
     // Create our pastebin set object. See the file pastebinSet.class.php.
     $oSet = new pastebinSet();
     // Always send the last 10 inserted pastebins to the template.
     $this->set('last_pastebins', $oSet->orderBy(array('pastebin_timestamp' => 'DESC'))->fetchSubset(0, 10));
     // Always make sure the input data is what you expect before using it.
     // Here ctype_digit ensures $aEvent['get']['id'] is a number.
     if (!empty($aEvent['get']['id']) && ctype_digit($aEvent['get']['id'])) {
         // Send the requested pastebin to the template.
         // Also no need to show the form, so return here.
         return $this->set('pastebin', $oSet->fetch($aEvent['get']['id']));
     }
     // Create the pastebin form and send it to the template.
     // It's OK to send it here because objects are always references,
     // so the template will have all the subsequent modifications we make to the object.
     $oForm = new weeForm('pastebin');
     $this->set('form', $oForm);
     // Validate the data sent by the form, if any.
     // The form_validate function is a shorthand from wee/weexlib.php.
     if (!empty($aEvent['post']) && form_validate($oForm, $aEvent['post'])) {
         // form_validate checks and filter everything in $aEvent['post'].
         // This means everything in it is safe to use,
         // as long as the form definition file is thorough.
         $oPastebin = $oSet->insert($aEvent['post']);
         // Send the inserted pastebin to the template.
         $this->set(array('success' => true, 'pastebin' => $oPastebin));
     }
 }
Exemplo n.º 2
0
$feedlink = get_config('wwwroot') . 'interaction/forum/atom.php?type=f&id=' . $forum->id;
$moderators = get_column_sql('SELECT gm.user FROM {interaction_forum_moderator} gm
    INNER JOIN {usr} u ON (u.id = gm.user AND u.deleted = 0)
    WHERE gm.forum = ?', array($forumid));
// updates the selected topics as subscribed/closed/sticky
if ($membership && isset($_POST['checked'])) {
    $checked = array_map('intval', array_keys($_POST['checked']));
    // get type based on which button was pressed
    if (isset($_POST['updatetopics'])) {
        $type = $_POST['type'];
    }
    // check that user is only messing with topics from this forum
    $alltopics = get_column('interaction_forum_topic', 'id', 'forum', $forumid, 'deleted', 0);
    if ($checked == array_intersect($checked, $alltopics)) {
        // $checked is a subset of the topics in this forum
        form_validate(param_variable('sesskey', null));
        if ($moderator && $type == 'sticky') {
            set_field_select('interaction_forum_topic', 'sticky', 1, 'id IN (' . implode(',', $checked) . ')', array());
            $SESSION->add_ok_msg(get_string('topicstickysuccess', 'interaction.forum'));
        } else {
            if ($moderator && $type == 'unsticky') {
                set_field_select('interaction_forum_topic', 'sticky', 0, 'id IN (' . implode(',', $checked) . ')', array());
                $SESSION->add_ok_msg(get_string('topicunstickysuccess', 'interaction.forum'));
            } else {
                if ($moderator && $type == 'closed') {
                    set_field_select('interaction_forum_topic', 'closed', 1, 'id IN (' . implode(',', $checked) . ')', array());
                    $SESSION->add_ok_msg(get_string('topicclosedsuccess', 'interaction.forum'));
                } else {
                    if ($moderator && $type == 'open') {
                        set_field_select('interaction_forum_topic', 'closed', 0, 'id IN (' . implode(',', $checked) . ')', array());
                        $SESSION->add_ok_msg(get_string('topicopenedsuccess', 'interaction.forum'));
Exemplo n.º 3
0
 /**
  * Process view changes. This function is used both by the json stuff and
  * by normal posts
  */
 public function process_changes($category = '', $new = 0)
 {
     global $SESSION, $USER;
     // Security
     // TODO this might need to be moved below the requestdata check below, to prevent non owners of the view being
     // rejected
     if (!$USER->can_edit_view($this)) {
         throw new AccessDeniedException(get_string('canteditdontown', 'view'));
     }
     if (!count($_POST) && count($_GET) < 3) {
         return;
     }
     $action = '';
     foreach ($_POST as $key => $value) {
         if (substr($key, 0, 7) == 'action_') {
             $action = substr($key, 7);
             break;
         } else {
             if (substr($key, 0, 37) == 'cancel_action_configureblockinstance_' && param_integer('removeoncancel', 0)) {
                 $action = 'removeblockinstance_' . substr($key, 37);
                 break;
             }
         }
     }
     // TODO Scan GET for an action. The only action that is GETted is
     // confirming deletion of a blockinstance. It _should_ be a POST, but
     // that can be fixed later.
     if (!$action) {
         foreach ($_GET as $key => $value) {
             if (substr($key, 0, 7) == 'action_') {
                 $action = substr($key, 7);
             }
         }
     }
     $viewtheme = param_variable('viewtheme', '');
     if ($viewtheme && $viewtheme != $this->get('theme')) {
         $action = 'changetheme';
         $values = array('theme' => $viewtheme);
     }
     if (empty($action)) {
         return;
     }
     form_validate(param_alphanum('sesskey', null));
     if (!isset($values)) {
         $actionstring = $action;
         $action = substr($action, 0, strpos($action, '_'));
         $actionstring = substr($actionstring, strlen($action) + 1);
         // Actions from <input type="image"> buttons send an _x and _y
         if (substr($actionstring, -2) == '_x' || substr($actionstring, -2) == '_y') {
             $actionstring = substr($actionstring, 0, -2);
         }
         $values = self::get_values_for_action($actionstring);
     }
     $result = null;
     switch ($action) {
         // the view class method is the same as the action,
         // but I've left these here in case any additional
         // parameter handling has to be done.
         case 'addblocktype':
             // requires action_addblocktype  (blocktype in separate parameter)
             $values['blocktype'] = param_alpha('blocktype', null);
             break;
         case 'removeblockinstance':
             // requires action_removeblockinstance_id_\d
             if (!defined('JSON')) {
                 if (!($sure = param_boolean('sure'))) {
                     $yesform = '<form action="' . get_config('wwwroot') . '/view/blocks.php" class="text-inline">' . '<input type="hidden" name="id" value="' . $this->get('id') . '">' . '<input type="hidden" name="c" value="file">' . '<input type="hidden" name="action_' . $action . '_' . $actionstring . '" value="1">' . '<input type="hidden" name="sure" value="1">' . '<input type="hidden" name="sesskey" value="' . $USER->get('sesskey') . '">' . '<input class="submit btn btn-primary" type="submit" name="removeblock_submit" value="' . get_string('yes') . '">' . '</form>';
                     $baselink = get_config('wwwroot') . 'view/blocks.php?id=' . $this->get('id') . '&c=' . $category . '&new=' . $new;
                     $SESSION->add_info_msg(get_string('confirmdeleteblockinstance', 'view') . '&nbsp;' . $yesform . ' <a href="' . $baselink . '">' . get_string('no') . '</a>', false);
                     redirect($baselink);
                     exit;
                 }
             }
             break;
         case 'configureblockinstance':
             // requires action_configureblockinstance_id_\d_column_\d_order_\d
         // requires action_configureblockinstance_id_\d_column_\d_order_\d
         case 'acsearch':
             // requires action_acsearch_id_\d
             if (!defined('JSON')) {
                 $this->blockinstance_currently_being_configured = $values['id'];
                 // And we're done here for now
                 return;
             }
         case 'moveblockinstance':
             // requires action_moveblockinstance_id_\d_row_\d_column_\d_order_\d
         // requires action_moveblockinstance_id_\d_row_\d_column_\d_order_\d
         case 'addcolumn':
             // requires action_addcolumn_\d_row_\d_before_\d
         // requires action_addcolumn_\d_row_\d_before_\d
         case 'removecolumn':
             // requires action_removecolumn_\d_row_\d_column_\d
         // requires action_removecolumn_\d_row_\d_column_\d
         case 'changetheme':
         case 'updatecustomlayoutpreview':
         case 'addcustomlayout':
             break;
         default:
             throw new InvalidArgumentException(get_string('noviewcontrolaction', 'error', $action));
     }
     $message = '';
     $success = false;
     try {
         $values['returndata'] = defined('JSON');
         $returndata = $this->{$action}($values);
         // Tell the watchlist that the view changed
         $data = (object) array('view' => $this->get('id'));
         if (!defined('JSON')) {
             $message = $this->get_viewcontrol_ok_string($action);
         }
         $success = true;
     } catch (Exception $e) {
         // if we're in ajax land, just throw it
         // the handler will deal with the message.
         if (defined('JSON')) {
             throw $e;
         }
         $message = $this->get_viewcontrol_err_string($action) . ': ' . $e->getMessage();
     }
     if (!defined('JSON')) {
         // set stuff in the session and redirect
         $fun = 'add_ok_msg';
         if (!$success) {
             $fun = 'add_error_msg';
         }
         $SESSION->{$fun}($message);
         redirect('/view/blocks.php?id=' . $this->get('id') . '&c=' . $category . '&new=' . $new);
     }
     return array('message' => $message, 'data' => $returndata);
 }
Exemplo n.º 4
0
    $feedback_experience = htmlentities($_POST['feedback_experience']);
} else {
    $feedback_experience = "";
}
if (isset($_POST['feedbackType'])) {
    $feedbackType = htmlentities($_POST['feedbackType']);
} else {
    $feedbackType = "";
}
if (isset($_POST['commentBox'])) {
    $commentBox = htmlentities($_POST['commentBox']);
} else {
    $commentBox = "";
}
if ($act == 'add') {
    form_validate($name, $email, $gender, $feedback_experience, $feedbackType, $commentBox);
    echo "<script type='text/javascript'>alert('Thanks for your feedback! We value every piece of feedback we receive. We cannot respond individually to every one, but we will use your comments as we strive to improve your shopping experience.');</script>";
    //echo "<script>window.top.location ='PHPMailer-master/send_mail_feedback.php?name=$name&email=$email&gender=$gender&feedback_experience=$feedback_experience&feedbackType=$feedbackType&commentBox=$commentBox';</script>";
    ?>
	<FORM method="post" id="feedbackForm" name="feedbackForm" action="PHPMailer-master/send_mail_feedback.php">
		<INPUT type="hidden" name="name" value="<?php 
    echo $name;
    ?>
">
		<INPUT type="hidden" name="email" value="<?php 
    echo $email;
    ?>
">
		<INPUT type="hidden" name="gender" value="<?php 
    echo $gender;
    ?>
Exemplo n.º 5
0
function pieform_validate(Pieform $form, $values)
{
    if (!isset($values['sesskey'])) {
        throw new UserException('No session key');
    }
    form_validate($values['sesskey']);
}
Exemplo n.º 6
0
/**
 * Validate form data according to a set of rules. This function can also be
 * used to validate arbitrary data, not just form data. Nested data and rules
 * are also supported, as well as array data. Rules can either be a regular
 * expression pattern, an integer filter for `filter_var()`, or a `Closure`
 * object. If the data is not found, then the value to be tested is null.
 *
 * Example:
 *
 * $data = array(
 *     'name' => 'John Doe',
 *     'age'  => 30,
 * );
 *
 * $rule = array(
 *     'name' => 'required',
 *     'age'  => 'digits',
 * );
 *
 * $valid = form_validate($data, $rule, $errors);
 *
 * if ($valid) {
 *     // data is valid, do what you must do.
 * }
 *
 * The variable $valid will evaluates to `true` while $errors will have the
 * following structure:
 *
 * array(
 *     'name' => false,
 *     'age'  => false
 * )
 *
 * The $errors variable contains error flags. `true` means the input does not
 * conform to the rule while `false` means the input *does* conform to the rule.
 *
 * Although it may seem backwards (i.e., false means OK), this structure gives
 * us the convenience of outputting error messages in our templates, using plain
 * PHP, as follows:
 *
 * <?php if $errors['name'] ?>
 * <p>The name field is required.</p>
 * <?php endif ?>
 *
 * The above rules 'required' and 'integer' are builtin shortcuts to the string
 * '/^.+$/' and '/^\d+$/' respectively.
 *
 * @param array $data   Set of key-value data to be validated
 * @param array $rules  Set of key-value rules
 * @param array $errors Set of returned error flags (optional)
 *
 * @return bool Boolean true if the data is valid, false otherwise
 */
function form_validate(array $data, array $rules, &$errors = array())
{
    if (!isset($errors)) {
        $errors = array();
    }
    $pattern = '/^([a-zA-Z0-9-_ ]+)\\[(?:(\\d+)?(?:(,)(\\d+)?)?)?\\]$/';
    foreach ($rules as $key => $rule) {
        $array = false;
        $min = $max = false;
        if (preg_match($pattern, $key, $match)) {
            $key = $match[1];
            if (isset($match[2])) {
                $min = $match[2] == '' ? 0 : $match[2];
            }
            if (isset($match[3])) {
                $max = false;
            } else {
                $max = $min;
            }
            if (isset($match[4])) {
                $max = $match[4];
            }
            $array = true;
        }
        if (!isset($data[$key])) {
            $data[$key] = null;
        }
        if ($array) {
            if (!isset($errors[$key]) || !is_array($errors[$key])) {
                $errors[$key] = array();
            }
            $errors[$key]['count'] = false;
            if (is_array($data[$key])) {
                if ($min !== false && count($data[$key]) < $min) {
                    $errors[$key]['count'] = true;
                }
                if ($max !== false && count($data[$key]) > $max) {
                    $errors[$key]['count'] = true;
                }
                foreach ($data[$key] as $value) {
                    if (is_array($value)) {
                        if (is_array($rule)) {
                            form_validate($value, $rule, $errors[$key][]);
                        } else {
                            $errors[$key][] = true;
                        }
                    } else {
                        if (is_array($rule)) {
                            $errors[$key][] = true;
                        } else {
                            $errors[$key][] = !form_test($value, $rule);
                        }
                    }
                }
            } else {
                $errors[$key]['count'] = true;
            }
        } else {
            if (is_array($data[$key])) {
                if (is_array($rule)) {
                    form_validate($data[$key], $rule, $errors[$key]);
                } else {
                    $errors[$key] = true;
                }
            } else {
                if (is_array($rule)) {
                    $errors[$key] = true;
                } else {
                    $errors[$key] = !form_test($data[$key], $rule);
                }
            }
        }
    }
    return !form_any($errors);
}
$edit = param_boolean('edit');
$json = param_boolean('j');
$instanceid = param_variable('id', 0);
// IF WE'RE EDITING OR CREATING AN AUTHORITY:
if ($institution && $plugin) {
    $classname = 'PluginAuth' . ucfirst(strtolower($plugin));
    safe_require('auth', strtolower($plugin));
    $has_instance_config = call_static_method($classname, 'has_instance_config');
    if (false == $has_instance_config && $add) {
        // We've been asked to add an instance of an auth plugin that has no
        // config options. We've been called by an AJAX request, so we just
        // add the instance and generate an acknowledgement.
        // The session key has not been checked yet, because this page doesn't
        // define JSON
        try {
            form_validate(param_alphanum('sesskey', null));
        } catch (UserException $e) {
            json_reply(true, $e->getMessage());
        }
        $authinstance = new stdClass();
        // Get the auth instance with the highest priority number (which is
        // the instance with the lowest priority).
        // TODO: rethink 'priority' as a fieldname... it's backwards!!
        $lastinstance = get_records_array('auth_instance', 'institution', $institution, 'priority DESC', '*', '0', '1');
        if ($lastinstance == false) {
            $authinstance->priority = 0;
        } else {
            $authinstance->priority = $lastinstance[0]->priority + 1;
        }
        $authinstance->instancename = $plugin;
        $authinstance->institution = $institution;
Exemplo n.º 8
0
<?php

/**
 * The action.php (optional) handles form submission.
 * It should perform form validation, create, update, delete of data manipulation to database.
 * By default, a form is initiated for AJAX and action.php is automatically invoked if the action attribute is not given in the <form> tag.
 */
$success = false;
if (sizeof($_POST)) {
    $post = _post($_POST);
    $validations = array('photo' => array('caption' => _t('Image'), 'value' => $post['photo'], 'rules' => array('mandatory')), 'doc' => array('caption' => _t('Doc'), 'value' => $post['doc'], 'rules' => array('mandatory')), 'file' => array('caption' => _t('File'), 'value' => $post['file']), 'sheet' => array('caption' => _t('Sheet'), 'value' => $post['sheet']));
    if (form_validate($validations)) {
        /**
        For "photo",
            $post['photo']             = The uploaded file name saved in disk
            $post['photo-id']          = The ID in database related to the previously uploaded file
            $post['photo-dimensions']  = (Optional) Array of dimensions used to resize the images uploaded
            $post['photo-dir']         = The directory where the file(s) are saved, encoded by base64_encode()
            $post['photo-fileName']    = The same value of $post['photo']
        
        For "doc",
            $post['doc']               = The uploaded file name saved in disk
            $post['doc-id']            = The ID in database related to the previously uploaded file
            $post['doc-dir']           = The directory where the file(s) are saved, encoded by base64_encode()
            $post['doc-fileName']      = The same value of $post['doc']
        
        For "file",
            $post['file']              = The uploaded file name saved in disk
            $post['file-id']           = The ID in database related to the previously uploaded file
            $post['file-dir']          = The directory where the file(s) are saved, encoded by base64_encode()
            $post['file-fileName']     = The same value of $post['file']
Exemplo n.º 9
0
function form_process()
{
    global $forms;
    if (!isset($_REQUEST['form_id'])) {
        return;
    }
    $f = $forms[$_REQUEST['form_id']];
    $valid = true;
    foreach ($f['params'] as $k => $v) {
        $t = explode(';', $v['type']);
        $value = $t[0] == 'file' ? $_FILES[$k] : $_REQUEST[$k];
        $result = validate($value, $v['type'], $k);
        if ($result === true) {
            $GLOBALS[$k] = $value;
        } else {
            form_add_error($_REQUEST['form_id'], $result);
            $valid = false;
        }
    }
    if ($f['method'] == 'post') {
        form_validate();
    }
    if ($valid && $f['action']) {
        $f['action']();
    }
}
Exemplo n.º 10
0
function form_validate($input, $definition, &$errors = null)
{
    foreach ($definition as $key => $rules) {
        if (is_array($rules)) {
            form_validate(isset($input[$key]) ? $input[$key] : null, $rules, $_errors);
            $errors[$key] = $_errors;
            unset($_errors);
        } else {
            $_errors = form_validate_input(isset($input[$key]) ? $input[$key] : null, $rules);
            if (is_array($_errors)) {
                array_walk($_errors, function (&$item, $key) {
                    $item = !$item;
                });
            } else {
                $_errors = !$_errors;
            }
            $errors[$key] = $_errors;
            unset($_errors);
        }
    }
    $valid = true;
    array_walk_recursive($errors, function (&$item, $key) use(&$valid) {
        $valid = $valid && !$item;
    });
    return $valid;
}
Exemplo n.º 11
0
<?php

/**
 * The action.php (optional) handles form submission.
 * It should perform form validation, create, update, delete of data manipulation to database.
 * By default, a form is initiated for AJAX and action.php is automatically invoked if the action attribute is not given in the <form> tag.
 */
$success = false;
if (sizeof($_POST)) {
    $post = _post($_POST);
    $image = isset($_FILES['filImage']) ? $_FILES['filImage'] : null;
    $validations = array('filImage' => array('caption' => _t('Image'), 'value' => $image, 'rules' => array('mandatory', 'fileExtension', 'fileMaxSize'), 'extensions' => array('jpg', 'jpeg', 'png', 'gif'), 'maxSize' => MAX_FILE_UPLOAD_SIZE, 'messages' => array('mandatory' => _t('Please select an image file.'))));
    /* form token check && input validation check */
    if (form_validate($validations) === true) {
        $file = _fileHelper();
        // set file upload directory; default to `/files/tmp/`
        // this should be defined in site.config.php such as `define('POST_IMAGE_DIR', FILE . 'posts/');`
        // and use here `$file->set('uploadDir', POST_IMAGE_DIR . 'tmp/');`
        $file->set('uploadDir', FILE . 'tmp/');
        // optional
        // set image dimension to resize
        // this should be defined in site.config.php such as `$lc_imageDimensions = array('400x300', '200x150');`
        // and use here `$file->set('dimensions', _cfg('imageDimensions'));`
        // optional; if this is omitted, only primary image will be uploaded to the uploadDir set above
        // by resizing according to `$lc_imageFilterSet['maxDimension']`
        $file->set('dimensions', array('400x300', '200x150'));
        // image resize mode:
        // FILE_RESIZE_BOTH (by default) - resize to the fitted dimension to the given dimension
        // FILE_RESIZE_WIDTH - resize to the given width, but height is aspect ratio of the width
        // FILE_RESIZE_HEIGHT - resize to the given height, but width is aspect ratio of the height
        $file->set('resizeMode', FILE_RESIZE_BOTH);