function __construct()
{
// find active entity
$user = Authentication::require_user();
$this->entity = Entity::get(@$_SERVER['PATH_INFO'], !$user->is_admin);
// Redjudge all
if (isset($_REQUEST['rejudge_all']) and Authentication::is_admin()) {
Log::info("Requested redjudgement for all submissions in this entity", $this->entity->path());
foreach ($this->entity->all_submissions() as $subm) {
$subm->rejudge();
}
Util::redirect(str_replace('rejudge_all=1', '', $_SERVER['REQUEST_URI']));
}
}
protected function getDuplicateWhereClause(Entity $entity)
{
return array('name' => $entity->get('name'));
}
public static function validateField(Entity $entity, $key)
{
$tag = "EntityValidator::validateField({$key})";
Log::debug("{$tag}");
try {
$value = $entity->get($key);
$blueprint = $entity->blueprint();
$field = $blueprint->get($key);
$displayName = $field->getDisplayName();
$dataType = $field->getDataType();
if ($field->isRequired()) {
if (empty($value) && $value != "0") {
return "Missing required value '{$displayName}'";
}
}
if (!empty($value) || $value == "0") {
switch ($dataType) {
case "string":
$max = $field->getMax();
if (!empty($max) && strlen($value) > $max) {
return "'{$displayName}' exceeds maximum character limit ({$max})";
}
$regexp = $field->getRegexp();
if (!empty($regexp)) {
if (!ereg($regexp, $value)) {
$example = $field->getExample();
return "'{$displayName}' does not match the required pattern '{$example}'";
}
}
break;
case "int":
if (!is_numeric($value) || strpos($value, ".")) {
return "'{$displayName}' must be an integer";
}
$min = $field->getMin();
if ((!empty($min) || $min == "0") && $value < $min) {
return "'{$displayName}' less than minimum required ({$min})";
}
$max = $field->getMax();
if ((!empty($max) || $max == "0") && $value > $max) {
return "'{$displayName}' greater than maximum allowed ({$max})";
}
break;
case "decimal":
if (!is_numeric($value)) {
return "'{$displayName}' must be a number";
}
$min = $field->getMin();
if ((!empty($min) || $min == "0") && $value < $min) {
return "'{$displayName}' less than minimum required ({$min})";
}
$max = $field->getMax();
if ((!empty($max) || $max == "0") && $value > $max) {
return "'{$displayName}' greater than maximum allowed ({$max})";
}
$precision = $field->getPrecision();
if ($decimalPosition = strpos($value, ".")) {
$decimals = substr($value, $decimalPosition + 1);
if (!empty($precision) && strlen($decimals) > $precision) {
return "'{$displayName}' has more than {$precision} allowed digits after decimal point";
}
}
break;
case "date":
$regexp = "^([0-9]{4})\\-([0-9]{2})\\-([0-9]{2})\$";
$example = $field->getExample();
if (!ereg($regexp, $value, $regs)) {
return "'{$displayName}' does not match required pattern '{$example}'";
}
$year = $regs[1];
$month = $regs[2];
$day = $regs[3];
if (!checkdate($month, $day, $year)) {
return "'{$displayName}' is not a valid date";
}
break;
case "datetime":
$regexp = "^([0-9]{4})\\-([0-9]{2})\\-([0-9]{2}) ([0-9]{2})\\:([0-9]{2})\\:([0-9]{2})\$";
$example = $field->getExample();
if (!ereg($regexp, $value, $regs)) {
return "'{$displayName}' does not match required pattern '{$example}'";
}
$year = $regs[1];
$month = $regs[2];
$day = $regs[3];
$hour = $regs[4];
$minute = $regs[5];
$seconds = $regs[6];
if (!checkdate($month, $day, $year)) {
return "'{$displayName}' contains an valid date";
}
if ($hour > 23 || $minute > 59 || $seconds > 59) {
return "'{$displayName}' contains an invalid time";
}
break;
case "time":
$regexp = "^([0-9]{2})\\:([0-9]{2})(\\:([0-9]{2}))?\$";
$example = $field->getExample();
if (!ereg($regexp, $value, $regs)) {
return "'{$displayName}' does not match required pattern '{$example}'";
}
$hour = $regs[1];
$minute = $regs[2];
$seconds = $regs[4];
if ($hour > 23 || $minute > 59 || $seconds > 59) {
return "'{$displayName}' contains an invalid time";
}
break;
case "enum":
$enumOptions = $field->getEnumOptions();
if (!in_array($value, $enumOptions)) {
return "'{$value}' is not a valid selection for '{$displayName}'";
}
break;
case "text":
$min = $field->getMin();
$max = $field->getMax();
$mimeType = $field->getMimeType();
break;
case "binary":
$min = $field->getMin();
$max = $field->getMax();
$mimeType = $field->getMimeType();
break;
}
// END: switch($dataType)
if ($field->isUnique()) {
if ($dataType == "int") {
$query = "SELECT id FROM " . $blueprint->getKey() . " WHERE " . $field->getKey() . "={$value}";
} else {
$query = "SELECT id FROM " . $blueprint->getKey() . " WHERE " . $field->getKey() . "='{$value}'";
}
try {
$sql = new DatabaseQuery($query);
$sql->doQuery();
if ($sql->get_num_rows() > 0) {
$row = $sql->get_next_row();
$id = $row->id;
if ($id == $entity->getId()) {
// this entity is simply using its own pre-existing unique value for key
} else {
// unique value is already in use for this key
return "'{$value}' is already in use for '{$displayName}'";
}
}
} catch (Exception $e) {
// query failed
Log::error("{$tag}: " . $e->getMessage());
return "Unable to validate uniqueness of '{$displayName}'";
}
}
}
// END: if((!empty($value)) || ($value==0))
} catch (Exception $e) {
// blueprint does not contain a field for $key
Log::warning("{$tag}: No field defined for '{$key}'");
// do not report an error
return false;
}
return false;
}
public function insert(Entity $entity)
{
$tag = "EntityDAO: insert()";
Log::notice("{$tag}");
$blueprint = $this->blueprint;
$timezone_offset = $this->timezone_offset_modify;
$query = "INSERT INTO " . $this->tableName() . " SET ";
if ($entity->getId() != 0) {
$query .= "id=" . $entity->getId() . ", ";
}
foreach ($blueprint->fields() as $field) {
$key = $field->getKey();
$value = $entity->get($key);
$encType = $field->getEncType();
if (!empty($value) || $value == "0") {
if (!empty($encType) && $encType != "plain") {
$value = hash($encType, $value);
Log::debug("{$tag}: Encrypted value for {$key}: {$value}");
}
switch ($field->getDataType()) {
case "int":
$query .= "{$key}={$value}";
break;
case "decimal":
case "date":
$query .= "{$key}='{$value}'";
break;
case "datetime":
case "time":
$query .= "{$key}=CONVERT_TZ('{$value}', '{$timezone_offset}', '" . BPTimezone::UTC . "')";
break;
case "enum":
$query .= "{$key}='{$value}'";
break;
case "string":
case "text":
case "binary":
$value = DatabaseSanitizer::sanitize($value);
$query .= "{$key}='{$value}'";
break;
}
} else {
$query .= "{$key}=NULL";
}
$query .= ", ";
}
$query = substr($query, 0, strlen($query) - 2);
// remove trailing comma and space (", ")
$sql = new DatabaseUpdate($query, "insert");
try {
$sql->doUpdate();
return $sql->last_insert_id();
} catch (Exception $e) {
Log::error("{$tag}: [" . $sql->err_code . "] " . $sql->err_message);
throw $e;
}
}
protected function getDuplicateWhereClause(Entity $entity)
{
return array('OR' => array(array('firstName' => $entity->get('firstName'), 'lastName' => $entity->get('lastName')), array('emailAddress' => $entity->get('emailAddress'))));
}
function entity()
{
// it is not a fetal error if the entity does not exist
return Entity::get($this->entity_path, false, false);
}
<?php
require_once '../lib/bootstrap.inc';
// -----------------------------------------------------------------------------
// Ajax utility: return newest submissions
// -----------------------------------------------------------------------------
if (Authentication::current_user() == false) {
echo '{"logout":"true"}';
} else {
if (Authentication::is_admin() and isset($_GET['entity']) and isset($_GET['submissionid'])) {
try {
// get entity
$entity = Entity::get($_GET['entity'], false, true);
$submissions = $entity->submissions_after($_GET['submissionid']);
$arr = array();
foreach ($submissions as $s) {
$arr[] = $s->submissionid;
}
echo '{"new_ids":' . json_encode($arr) . '}';
} catch (NotFoundException $e) {
exit;
}
} else {
die("You have no rights to view this submission");
}
}
/**
* Checks if a given entity or its children entities have errors.
* If so, sets _hasErrors and returns true, if not, returns false.
*
* @param Entity $entity entity which has possibly errors in it
* @return bool has errors => true | has no errors => false
*/
public function checkForErrors($entity)
{
if (is_callable([$entity, 'errors']) && !empty($entity->errors())) {
return $this->hasErrors(true);
}
foreach ($entity->visibleProperties() as $propertyName) {
$property = $entity->get($propertyName);
if (is_callable([$property, 'errors']) && !empty($property->errors())) {
return $this->hasErrors(true);
}
}
return false;
}
/**
* Tests that only accessible properties can be set
*
* @return void
*/
public function testSetWithAccessibleWithArray()
{
$entity = new Entity(['foo' => 1, 'bar' => 2]);
$options = ['guard' => true];
$entity->accessible('foo', true);
$entity->set(['bar' => 3, 'foo' => 4], $options);
$this->assertEquals(2, $entity->get('bar'));
$this->assertEquals(4, $entity->get('foo'));
$entity->accessible('bar', true);
$entity->set(['bar' => 3, 'foo' => 5], $options);
$this->assertEquals(3, $entity->get('bar'));
$this->assertEquals(5, $entity->get('foo'));
}
<?php
require_once '../lib/bootstrap.inc';
// -----------------------------------------------------------------------------
// Allow a user do download 'extra' files for an entity
// -----------------------------------------------------------------------------
$user = Authentication::require_user();
$entity = Entity::get(@$_SERVER['PATH_INFO'], !$user->is_admin);
// Which file are we downloading?
if (isset($_REQUEST['all'])) {
// download all files as a zip archive
$filepath = tempnam('', 'zip');
$delete_temp_file = $filepath;
$zip = new ZipArchive();
$result = $zip->open($filepath, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE);
if ($result !== true) {
die("Failed to open zip file '{$filepath}', error code {$result}");
}
$files = $entity->downloadable_files();
foreach ($files as $filename) {
$zip->addFile($entity->data_path() . $filename, $filename);
}
$zip->close();
$filename = $entity->dir_name() . '.zip';
$filetype = 'application/zip';
} else {
$filename = @$_REQUEST['f'];
$files = $entity->downloadable_files();
if (!in_array($filename, $files)) {
die("You have no rights to view this file.");
}
