Exemplo n.º 1
0
 function _loadActionsINIFile()
 {
     import('Dataface/ConfigTool.php');
     $configTool =& Dataface_ConfigTool::getInstance();
     $actions =& $configTool->loadConfig('actions', null);
     foreach (array_keys($actions) as $key) {
         $action =& $actions[$key];
         $action['name'] = $key;
         if (!isset($action['id'])) {
             $action['id'] = $action['name'];
         }
         if (!isset($action['label'])) {
             $action['label'] = str_replace('_', ' ', ucfirst($action['name']));
         }
         if (!isset($action['accessKey'])) {
             $action['accessKey'] = substr($action['name'], 0, 1);
         }
         //if ( !isset($action['label_i18n']) ) $action['label_i18n'] = 'action:'.$action['name'].' label';
         //if ( !isset($action['description_i18n'])) $action['description_i18n'] = 'action:'.$action['name'].' description';
         if (isset($action['description'])) {
             $action['description'] = df_translate('actions.' . $action['name'] . '.description', $action['description']);
         }
         if (isset($action['label'])) {
             $action['label'] = df_translate('actions.' . $action['name'] . '.label', $action['label']);
         }
         $this->actions[$key] =& $action;
         unset($action);
     }
     unset($temp);
     $this->actions =& $actions;
 }
/**
 * A method to create the configuration table in the database.  The configuration
 * table is where configuration (e.g. fields.ini etc..) may be stored.  This is
 * a new feature in 0.6.14.
 *
 * @author Steve Hannah <*****@*****.**>
 * @created Feb. 26, 2007
 */
function Dataface_ConfigTool_createConfigTable()
{
    $self =& Dataface_ConfigTool::getInstance();
    if (!Dataface_Table::tableExists($self->configTableName, false)) {
        $sql = "CREATE TABLE `" . $self->configTableName . "` (\n\t\t\t\t\tconfig_id int(11) NOT NULL auto_increment primary key,\n\t\t\t\t\t`file` varchar(255) NOT NULL,\n\t\t\t\t\t`section` varchar(128),\n\t\t\t\t\t`key` varchar(128) NOT NULL,\n\t\t\t\t\t`value` text NOT NULL,\n\t\t\t\t\t`lang` varchar(2),\n\t\t\t\t\t`username` varchar(32),\n\t\t\t\t\t`priority` int(5) default 5\n\t\t\t\t\t)";
        $res = xf_db_query($sql, df_db());
        if (!$res) {
            throw new Exception(xf_db_error(df_db()), E_USER_ERROR);
        }
    }
}
Exemplo n.º 3
0
/**
 * Sets a configuration parameter in the configuration table.
 * This should not be called directly.  It should be called through the 
 * Dataface_ConfigTool class as its setConfigParam method.
 *
 * @param string $file The name of the ini file in which the config value is being set.
 * @param string $section The name of the section (could be null).
 * @param string $key The name of the parameter's key (not null)
 * @param string $value The value to set (not null)
 * @param string $username The username for which the parameter is being set (null for all users)
 * @param string $lang The 2-digit language code for which the parameter is being set (null for all languages).
 * @param integer $priority The priority of this config variable (priority dictates which 
 *					parameters take priority. Default vallue of 5.
 * @returns true if success or PEAR_Error if failure.
 *
 * This will create the configuration table if it doesn't already exist.
 *
 *	@author Steve Hannah <*****@*****.**>
 * @created Feb. 26, 2007
 */
function Dataface_ConfigTool_setConfigParam($file, $section, $key, $value, $username = null, $lang = null, $priority = 5)
{
    $self =& Dataface_ConfigTool::getInstance();
    // See if this parameter has already been set:
    $where = array();
    $where[] = "`key`='" . addslashes($key) . "'";
    $where[] = "`file`='" . addslashes($file) . "'";
    $where[] = "`section`" . (isset($section) ? "='" . addslashes($section) . "'" : ' IS NULL');
    $where[] = "`username`" . (isset($username) ? "='" . addslashes($username) . "'" : ' IS NULL');
    $where[] = "`lang`" . (isset($lang) ? "='" . addslashes($lang) . "'" : ' IS NULL');
    $where = implode(' and ', $where);
    $sql = "select `config_id` from `" . $self->configTableName . "` where {$where} limit 1";
    $res = mysql_query($sql, df_db());
    if (!$res) {
        $self->createConfigTable();
        $res = mysql_query($sql, df_db());
    }
    if (!$res) {
        return PEAR::raiseError("Failed to get config parameter: " . mysql_error(df_db()));
    }
    $vals = array("section" => isset($section) ? "'" . addslashes($section) . "'" : 'NULL', "key" => "'" . addslashes($key) . "'", "value" => "'" . addslashes($value) . "'", "username" => "'" . addslashes($username) . "'", "lang" => "'" . addslashes($lang) . "'", "priority" => $priority);
    if (mysql_num_rows($res) > 0) {
        $row = mysql_fetch_assoc($res);
        // We need to perform an update
        $updates = array();
        foreach ($vals as $vkey => $vval) {
            $updates[] = '`' . $vkey . '`=' . $vval;
        }
        $sets = implode(' and ', $updates);
        $sql = "update `" . $self->configTableName . "` set " . $sets . " where `config_id`='" . $row['config_id'] . "' limit 1";
    } else {
        $values = array();
        $cols = array();
        foreach ($vals as $vkey => $vval) {
            $cols[] = "`{$vkey}`";
            $values[] = $vval;
        }
        $cols = implode(',', $cols);
        $values = implode(',', $values);
        $sql = "insert into `" . $self->configTableName . "` ({$cols}) VALUES ({$values})";
    }
    @mysql_free_result($res);
    $res = mysql_query($sql, df_db());
    if (!$res) {
        return PEAR::raiseError("Could not write config value: " . mysql_error(df_db()));
    }
    return true;
}
Exemplo n.º 4
0
 /**
  * Loads the field definitions for meta data for the given table.  These
  * are defined in the metadata.ini files at the table, application, and 
  * dataface levels.
  */
 function loadMetadataFieldDefs($tablename = null)
 {
     if (!isset($tablename)) {
         $tablename = $this->tablename;
     }
     if (!isset($this->fieldDefs)) {
         import('Dataface/ConfigTool.php');
         $configTool =& Dataface_ConfigTool::getInstance();
         $this->fieldDefs = $configTool->loadConfig('metadata', $tablename);
         foreach (array_keys($this->fieldDefs) as $key) {
             $field =& $this->fieldDefs[$key];
             $field['name'] = '__' . $key;
             $field['Field'] = $field['name'];
             if (!isset($field['Type'])) {
                 $field['Type'] = 'varchar(64)';
             }
             $this->fieldDefs['__' . $key] =& $field;
             unset($this->fieldDefs[$key]);
             unset($field);
         }
     }
     return $this->fieldDefs;
 }
Exemplo n.º 5
0
 function loadPermissions()
 {
     $this->_permissionsLoaded = true;
     $configTool =& Dataface_ConfigTool::getInstance();
     $conf =& $configTool->loadConfig('permissions', $this->tablename);
     $permissionsTool =& Dataface_PermissionsTool::getInstance();
     $permissionsTool->addPermissions($conf);
 }
Exemplo n.º 6
0
 /**
  * @brief Returns the valuelist as a relationship.  This is handy for
  * adding values to it and searching it.
  *
  * @param Dataface_Table &$table The table where the valuelist is defined.
  * @param string $valuelistName The name of the valuelist.
  * @return Dataface_Relationship A wrapper relationship for the valuelist.
  * @return PEAR_Error If there is a problem generating the relationship.
  */
 function &asRelationship(&$table, $valuelistName)
 {
     import('Dataface/ConfigTool.php');
     $configTool =& Dataface_ConfigTool::getInstance();
     $conf = $configTool->loadConfig('valuelists', $table->tablename);
     if (!@$conf[$valuelistName]['__sql__']) {
         $out = null;
         return $out;
     }
     $relname = $valuelistName . '__valuelist';
     //$conf = array($relname=>$conf);
     $table->addRelationship($relname, $conf[$valuelistName]);
     $rel =& $table->getRelationship($relname);
     $rel->_schema['action']['visible'] = 0;
     return $rel;
 }
Exemplo n.º 7
0
 function __construct($conf = null)
 {
     if ($conf === null) {
         import('Dataface/ConfigTool.php');
         $configTool =& Dataface_ConfigTool::getInstance();
         $conf = $configTool->loadConfig('permissions');
     }
     $this->addPermissions($conf);
     //print_r($this->permissions);
 }
Exemplo n.º 8
0
 /**
  * @brief Returns the actions for this table.
  * @param array $params An associative array of options.  Possible keys include:
  * @code
  *		record => reference to a Dataface_Record or Dataface_RelatedRecord object
  *		relationship => The name of a relationship.
  *		category => A name of a category for the actions to be returned.
  * @endcode
  * @return array An associative array of action data structures.
  *
  * @see Dataface_ActionTool
  *
  */
 function getActions(&$params, $noreturn = false)
 {
     import('Dataface/ActionTool.php');
     $actionsTool =& Dataface_ActionTool::getInstance();
     if (!$this->_actionsLoaded) {
         $this->_actionsLoaded = true;
         import('Dataface/ConfigTool.php');
         $configTool =& Dataface_ConfigTool::getInstance();
         $actions =& $configTool->loadConfig('actions', $this->tablename);
         //print_r($actions);
         //$singularLabel = $this->getSingularLabel();
         //$pluralLabel = $this->getLabel();
         foreach ($actions as $key => $action) {
             $action['table'] = $this->tablename;
             $action['name'] = $key;
             if (!isset($action['id'])) {
                 $action['id'] = $action['name'];
             }
             if (!isset($action['label'])) {
                 $action['label'] = str_replace('_', ' ', ucfirst($action['name']));
             }
             if (!isset($action['accessKey'])) {
                 $action['accessKey'] = substr($action['name'], 0, 1);
             }
             if (!isset($action['label_i18n'])) {
                 $action['label_i18n'] = 'action:' . $action['name'] . ' label';
             }
             if (!isset($action['description_i18n'])) {
                 $action['description_i18n'] = 'action:' . $action['name'] . ' description';
             }
             if (isset($action['description'])) {
                 $action['description'] = df_translate('actions.' . $action['name'] . '.description', $action['description']);
             }
             if (isset($action['label'])) {
                 //$action['label'] = df_translate('actions.'.$action['name'].'.label',$action['label'], array('table_label_singular'=>$singularLabel, 'table_label_plural'=>$pluralLabel));
                 $action['label'] = df_translate('actions.' . $action['name'] . '.label', $action['label']);
             }
             $actionsTool->addAction($key, $action);
         }
     }
     $params['table'] = $this->tablename;
     if ($noreturn) {
         return true;
     }
     return $actionsTool->getActions($params);
 }
Exemplo n.º 9
0
 /**
  * @brief Displays the Dataface application.
  *
  * @param boolean $main_content_only Whether to only show the main content or to show the full page with header and 
  *		footer.  This parameter is not respected by many of the current templates and may be removed in later releases.
  *
  * @param boolean $disableCache Whether to disable the output cache.  It is enabled by default.
  *
  * @par Flow Chart
  *
  * <img src="http://media.weblite.ca/files/photos/Display_flow_control.png?max_width=640"/>
  * <a href="http://media.weblite.ca/files/photos/Display_flow_control.png" target="_blank" title="Enlarge">Enlarge</a>.
  */
 function _display($main_content_only = false, $disableCache = false)
 {
     // ---------------- Set the Default Character set for output -----------
     foreach ($this->_tables as $key => $value) {
         $this->_tables[$key] = $this->_conf['_tables'][$key] = df_translate('tables.' . $key . '.label', $value);
     }
     $this->main_content_only = $main_content_only;
     if ($this->autoSession or $this->sessionEnabled()) {
         $this->startSession();
     }
     if (isset($this->_conf['disable_session_ip_check']) and !@$this->_conf['disable_session_ip_check']) {
         if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) {
             $_SESSION['XATAFACE_REMOTE_ADDR'] = df_IPv4To6($_SERVER['REMOTE_ADDR']);
         }
         $ipAddressError = null;
         if (df_IPv4To6($_SESSION['XATAFACE_REMOTE_ADDR']) != df_IPv4To6($_SERVER['REMOTE_ADDR'])) {
             $msg = sprintf("Session address does not match the remote address.  Possible hacking attempt.  Session address was '%s', User address was '%s'", df_escape(df_IPv4To6($_SESSION['XATAFACE_REMOTE_ADDR'])), df_escape(df_IPv4To6($_SERVER['REMOTE_ADDR'])));
             error_log($msg);
             //die('Your IP address doesn\'t match the session address.  To continue, please clear your cookies or restart your browser and try again.');
             session_destroy();
             $this->startSession();
             if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) {
                 $_SESSION['XATAFACE_REMOTE_ADDR'] = df_IPv4To6($_SERVER['REMOTE_ADDR']);
             }
         }
     }
     // handle authentication
     if (!(defined('XATAFACE_DISABLE_AUTH') and XATAFACE_DISABLE_AUTH) and isset($this->_conf['_auth'])) {
         // The config file _auth section is there so we will be using authentication.
         $loginPrompt = false;
         // flag to indicate if we should show the login prompt
         $permissionDenied = false;
         // flag to indicate if we should show permission denied
         $permissionError = '';
         //Placeholder for permissions error messages
         $loginError = '';
         // Placeholder for login error messages.
         $authTool = $this->getAuthenticationTool();
         $auth_result = $authTool->authenticate();
         if (PEAR::isError($auth_result) and $auth_result->getCode() == DATAFACE_E_LOGIN_FAILURE) {
             // There was a login failure, show the login prompt
             $loginPrompt = true;
             $loginError = $auth_result->getMessage();
         } else {
             if ($authTool->isLoggedIn()) {
                 Dataface_ConfigTool::getInstance()->loadUserConfig();
                 // The user is logged in ok
                 // Handle the request
                 $result = $this->handleRequest();
                 if (Dataface_Error::isPermissionDenied($result)) {
                     // Permission was denied on the request.  Since the user is already
                     // logged in, there is no use giving him the login prompt.  Just give
                     // him the permission denied screen.
                     $permissionDenied = true;
                     $permissionError = $result->getMessage();
                 }
             } else {
                 if (isset($this->_conf['_auth']['require_login']) and $this->_conf['_auth']['require_login']) {
                     // The user is not logged in and login is required for this application
                     // Show the login prompt
                     $loginPrompt = true;
                 } else {
                     // The user is not logged in, but login is not required for this application.
                     // Allow the user to perform the action.
                     $result = $this->handleRequest($disableCache);
                     if (Dataface_Error::isPermissionDenied($result)) {
                         // The user did not have permission to perform the action
                         // Give the user a login prompt.
                         $loginPrompt = true;
                     }
                 }
             }
         }
         if ($loginPrompt) {
             // The user is supposed to see a login prompt to log in.
             // Show the login prompt.
             $authTool->showLoginPrompt($loginError);
         } else {
             if ($permissionDenied) {
                 // The user is supposed to see the permissionm denied page.
                 $query =& $this->getQuery();
                 if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') {
                     $this->redirect($this->url('-action=view'));
                 }
                 $this->addError($result);
                 header("HTTP/1.1 403 Permission Denied");
                 df_display(array(), 'Dataface_Permission_Denied.html');
             } else {
                 if (PEAR::isError($result)) {
                     // Some other error occurred in handling the request.  Just show an
                     // ugly stack trace.
                     throw new Exception($result->toString() . $result->getDebugInfo(), E_USER_ERROR);
                 }
             }
         }
     } else {
         // Authentication is not enabled for this application.
         // Just process the request.
         $result = $this->handleRequest($disableCache);
         if (Dataface_Error::isPermissionDenied($result)) {
             $query =& $this->getQuery();
             if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') {
                 $this->redirect($this->url('-action=view'));
             }
             $this->addError($result);
             header("HTTP/1.1 403 Permission Denied");
             df_display(array(), 'Dataface_Permission_Denied.html');
         } else {
             if (PEAR::isError($result)) {
                 throw new Exception($result->toString() . $result->getDebugInfo(), E_USER_ERROR);
             }
         }
     }
 }
Exemplo n.º 10
0
 function do_post()
 {
     if (!@$_POST['--data']) {
         throw new Exception("No data received");
     }
     $data = json_decode($_POST['--data'], true);
     $fields = $data['fields'];
     $app = Dataface_Application::getInstance();
     $query = $app->getQuery();
     $table_name = $query['-table'];
     $table = Dataface_Table::loadTable($table_name);
     $table_perms = $table->getPermissions();
     if (!@$table_perms['show hide columns']) {
         throw new Exception("You don't have permission to alter column visibility.");
     }
     $config_tool = Dataface_ConfigTool::getInstance();
     $user_config = $config_tool->loadUserConfig();
     $errors = array();
     $visibilities = array('visible', 'hidden');
     $opt_types = array('list', 'find', 'browse', 'csv', 'rss', 'xml');
     if (isset($data['fields'])) {
         $fields = $data['fields'];
         $config_path = 'tables/' . $table_name . '/fields.ini';
         if (!@$user_config->{$config_path}) {
             $user_config->{$config_path} = new StdClass();
         }
         $user_table_config = @$user_config->{$config_path};
         foreach ($fields as $field_name => $field_opts) {
             if (is_array($field_opts)) {
                 if (!isset($user_table_config->{$field_name})) {
                     $user_table_config->{$field_name} = new StdClass();
                 }
                 if (!isset($user_table_config->{$field_name}->visibility)) {
                     $user_table_config->{$field_name}->visibility = new StdClass();
                 }
                 $field_perms = $table->getPermissions(array('field' => $field_name));
                 if (!@$field_perms['show hide columns']) {
                     $errors[] = 'You don\'t have permission to alter column visibility for field ' . $field_name;
                     continue;
                 }
                 $visibility_config = $user_table_config->{$field_name}->visibility;
                 foreach ($field_opts as $opt_type => $opt_visibility) {
                     if (!in_array($opt_visibility, $visibilities)) {
                         $errors[] = 'Invalid visibility for field ' . $field_name . '.  Expecting visible or hidden but received ' . $opt_visibility . '.';
                         continue;
                     }
                     if (!in_array($opt_type, $opt_types)) {
                         $errors[] = 'Invalid option type for field ' . $field_name . '.  Expecting one of {' . implode(', ', $opt_types) . '} but received ' . $opt_type . '.';
                         continue;
                     }
                     $visibility_config->{$opt_type} = $opt_visibility;
                 }
             }
         }
     }
     // Now deal with the relationships
     if (isset($data['relationships'])) {
         foreach ($data['relationships'] as $relationship_data) {
             $config_path = 'tables/' . $table_name . '/relationships.ini';
             if (!@$user_config->{$config_path}) {
                 $user_config->{$config_path} = new StdClass();
             }
             $user_table_config = @$user_config->{$config_path};
             if (isset($relationship_data['fields'])) {
                 $relationship_name = $relationship_data['name'];
                 if (!$relationship_name) {
                     throw new Exception("Expected name for relationship but did not receive one.");
                     continue;
                 }
                 $relationship = $table->getRelationship($relationship_name);
                 if (PEAR::isError($relationship) or !isset($relationship)) {
                     throw new Exception("Relationship " . $relationship_name . " does not exist.");
                 }
                 foreach ($relationship_data['fields'] as $field_name => $field_opts) {
                     list($r_name, $r_field_name) = explode('.', $field_name);
                     if ($r_name !== $relationship_name) {
                         throw new Exception("Relationship fields must have same root name as the relationship itself.");
                         continue;
                     }
                     if (!$relationship->hasField($r_field_name, true)) {
                         throw new Exception("Relationship " . $relationship_name . " has no such field " . $r_field_name);
                     }
                     if (!isset($user_table_config->{$field_name})) {
                         $user_table_config->{$field_name} = new StdClass();
                     }
                     if (!isset($user_table_config->{$field_name}->visibility)) {
                         $user_table_config->{$field_name}->visibility = new StdClass();
                     }
                     $field_perms = $relationship->getPermissions(array('field' => $r_field_name));
                     if (!@$field_perms['show hide columns']) {
                         $errors[] = 'You don\'t have permission to alter column visibility for field ' . $field_name;
                         continue;
                     }
                     $visibility_config = $user_table_config->{$field_name}->visibility;
                     foreach ($field_opts as $opt_type => $opt_visibility) {
                         if (!in_array($opt_visibility, $visibilities)) {
                             $errors[] = 'Invalid visibility for field ' . $field_name . '.  Expecting visible or hidden but received ' . $opt_visibility . '.';
                             continue;
                         }
                         if (!in_array($opt_type, $opt_types)) {
                             $errors[] = 'Invalid option type for field ' . $field_name . '.  Expecting one of {' . implode(', ', $opt_types) . '} but received ' . $opt_type . '.';
                             continue;
                         }
                         $visibility_config->{$opt_type} = $opt_visibility;
                     }
                 }
             }
         }
     }
     $res = $config_tool->writeUserConfig();
     if (!$res) {
         throw new Exception("Failed to save the user config for columns.");
     }
     if (count($errors) === 0) {
         $this->json_out(array('code' => 200, 'message' => 'Successfully saved settings.  Reload page to see effects.'));
     } else {
         $this->json_out(array('code' => 201, 'message' => 'Saved settings but with warnings.', 'errors' => $errors));
     }
 }
Exemplo n.º 11
0
 function _loadLangINIFile()
 {
     $app =& Dataface_Application::getInstance();
     $oldLang = $app->_conf['lang'];
     if (isset($this->lang)) {
         $app->_conf['lang'] = $this->lang;
     }
     $query =& $app->getQuery();
     import('Dataface/ConfigTool.php');
     $configTool =& Dataface_ConfigTool::getInstance();
     $dictionary = $configTool->loadConfig('lang', null);
     if (isset($query['-table'])) {
         $tableDictionary = $configTool->loadConfig('lang', $query['-table']);
         if (is_array($tableDictionary)) {
             $dictionary = array_merge($dictionary, $configTool->loadConfig('lang', $query['-table']));
         }
     }
     $app->_conf['lang'] = $oldLang;
     $this->dictionary =& $dictionary;
 }