/**
* Encrypt view only elements
*
* @param array &$aHiddenFields Hidden fields
*
* @return void
*/
protected function _cryptViewOnlyElements(&$aHiddenFields)
{
/** @var FabrikFEModelForm $model */
$model = $this->getModel();
$crypt = FabrikWorker::getCrypt();
$fields = array();
$ro = $model->getReadOnlyVals();
foreach ($ro as $key => $pair) {
$repeatGroup = $pair['repeatgroup'];
$isJoin = $pair['join'];
$input = $pair['data'];
// $$$ rob not sure this is correct now as I modified the readOnlyVals structure to contain info about if its in a group
// and it now contains the repeated group data
$input = is_array($input) && array_key_exists('value', $input) ? $input['value'] : $input;
if ($repeatGroup) {
$ar = array();
$input = (array) $input;
foreach ($input as $i) {
if (is_array($i)) {
// Elements with sub options in repeat group
$i = json_encode($i);
}
$ar[] = $i;
}
$input = $isJoin ? $ar : json_encode($ar);
} else {
if (is_array($input)) {
// Elements with sub options not in repeat group
$input = json_encode($input);
}
}
if (is_array($input)) {
for ($x = 0; $x < count($input); $x++) {
if (trim($input[$x]) !== '') {
$input[$x] = $crypt->encrypt($input[$x]);
}
}
} else {
if (trim($input) !== '') {
$input = $crypt->encrypt($input);
}
}
$safeKey = FabrikString::rtrimword($key, '[]');
// $$$ rob - no don't do below as it will strip out join names join[x][fullname] => join
// $key = preg_replace("/\[(.*)\]/", '', $key);
if (!array_key_exists($safeKey, $fields)) {
$fields[$safeKey] = $input;
} else {
$fields[$safeKey] = (array) $fields[$safeKey];
$fields[$safeKey][] = $input;
}
}
foreach ($fields as $key => $input) {
if (is_array($input)) {
for ($c = 0; $c < count($input); $c++) {
$i = $input[$c];
$fields[] = '<input type="hidden" name="fabrik_vars[querystring][' . $key . '][' . $c . ']" value="' . $i . '" />';
}
unset($fields[$key]);
} else {
$fields[$key] = '<input type="hidden" name="fabrik_vars[querystring][' . $key . ']" value="' . $input . '" />';
}
}
$aHiddenFields = array_merge($aHiddenFields, array_values($fields));
}
/**
* If an element is set to readonly, and has a default value selected then insert this
* data into the array that is to be bound to the table record
*
* @param array &$data List data
* @param object &$oRecord To bind to table row
* @param int $isJoin Is record join record
* @param int $rowId Row id
* @param JTable $joinGroupTable Join group table
*
* @since 1.0.6
*
* @deprecated since 3.0.7 - we should be using formmodel addEncrytedVarsToArray() only
*
* @return void
*/
protected function addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowId, $joinGroupTable)
{
// $$$ rob since 1.0.6 : 10 June 08
// Get the current record - not that which was posted
$formModel = $this->getFormModel();
$input = $this->app->input;
if (is_null($this->origData)) {
/* $$$ hugh FIXME - doesn't work for rowid=-1 / usekey submissions,
* ends up querying "WHERE foo.userid = '<rowid>'" instead of <userid>
* OK for now, as we should catch RO data from the encrypted vars check
* later in this method.
*/
if (empty($rowId)) {
$this->origData = $origData = array();
} else {
$sql = $formModel->buildQuery();
$db = $this->getDb();
$db->setQuery($sql);
$origData = $db->loadObject();
$origData = ArrayHelper::fromObject($origData);
$origData = is_array($origData) ? $origData : array();
$this->origData = $origData;
}
} else {
$origData = $this->origData;
}
$groups = $formModel->getGroupsHiarachy();
/* $$$ hugh - seems like there's no point in doing this chunk if there is no
$origData to work with? Not sure if there's ever a valid reason for doing so,
but it certainly breaks things like onCopyRow(), where (for instance) user
elements will get reset to 0 by this code.
*/
$repeatGroupCounts = $input->get('fabrik_repeat_group', array(), 'array');
if (!empty($origData)) {
$gCounter = 0;
foreach ($groups as $groupModel) {
if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) {
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
// if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
$element = $elementModel->getElement();
$fullkey = $elementModel->getFullName(true, false);
// $$$ rob 24/01/2012 if a previous joined data set had a ro element then if we werent checkign that group is the
// same as the join group then the insert failed as data from other joins added into the current join
if ($isJoin && $groupModel->getId() != $joinGroupTable->id) {
continue;
}
$key = $element->name;
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($fullkey)) {
continue;
}
// Force a reload of the default value with $origData
unset($elementModel->defaults);
$default = array();
$repeatGroupCount = FArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id);
for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) {
$def = $elementModel->getValue($origData, $repeatCount);
if (is_array($def)) {
// Radio buttons getValue() returns an array already so don't array the array.
$default = $def;
} else {
$default[] = $def;
}
}
$default = count($default) == 1 ? $default[0] : json_encode($default);
$data[$key] = $default;
$oRecord->{$key} = $default;
}
}
}
$gCounter++;
}
}
$copy = $input->getBool('Copy');
// Check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$crypt = FabrikWorker::getCrypt();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($key)) {
continue;
}
$key = FabrikString::shortColName($key);
/* $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to
* a joined group's field list for the update/insert on the joined row(s).
*/
/*
* $$$ rob - commenting it out as this was stopping data that was not viewable or editable from being included
* in $data. New test added inside foreach loop below
**/
/* if (!array_key_exists($key, $data))
{
continue;
} */
foreach ($groups as $groupModel) {
// New test to replace if (!array_key_exists($key, $data))
// $$$ hugh - this stops elements from joined groups being added to main row, but see 'else'
if ($isJoin) {
if ($groupModel->getGroup()->id != $joinGroupTable->id) {
continue;
}
} else {
// $$$ hugh - need test here if not $isJoin, to stop keys from joined groups being added to main row!
if ($groupModel->isJoin()) {
continue;
}
}
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element = $elementModel->getElement();
/*
* $$$ hugh - I have a feeling this test is a Bad Thing <tm> as it is using short keys,
* so if two joined groups share the same element name(s) ...
*/
if ($element->name == $key) {
// Don't overwrite if something has been entered
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
// if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
// Repeat groups
$default = array();
$repeatGroupCount = FArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id);
for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) {
$enc = FArrayHelper::getValue($encrypted, $repeatCount);
if (is_array($enc)) {
$v = array();
foreach ($enc as $e) {
$e = urldecode($e);
$v[] = empty($e) ? '' : $crypt->decrypt($e);
}
$v = json_encode($v);
} else {
$enc = urldecode($enc);
$v = !empty($enc) ? $crypt->decrypt($enc) : '';
}
}
/* $$$ hugh - also gets called in storeRow(), not sure if we really need to
* call it here? And if we do, then we should probably be calling onStoreRow
* as well, if $data['fabrik_copy_from_table'] is set? Can't remember why,
* but we differentiate between the two, with onCopyRow being when a row is copied
* using the list plugin, and onSaveAsCopy when the form plugin is used.
*/
if ($copy) {
$v = $elementModel->onSaveAsCopy($v);
}
$data[$key] = $v;
$oRecord->{$key} = $v;
}
break 2;
}
}
}
}
}
}
/**
* Add in any encrypted stuff, in case we fail validation ...
* otherwise it won't be in $data when we rebuild the page.
* Need to do it here, so _raw fields get added in the next chunk 'o' code.
*
* @param array &$post posted form data passed by reference
*
* @return null
*/
public function addEncrytedVarsToArray(&$post)
{
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$groups = $this->getGroupsHiarachy();
$crypt = FabrikWorker::getCrypt();
$w = new FabrikWorker();
foreach ($groups as $g => $groupModel) {
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$elementModel->getElement();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
if ($elementModel->getFullName(true, false) == $key) {
/* $$$ rob - don't test for !canUse() as confirmation plugin dynamically sets this
* if ($elementModel->canView())
* $$$ hugh - testing adding non-viewable, non-editable elements to encrypted vars
*/
if (is_array($encrypted)) {
// Repeat groups
$v = array();
foreach ($encrypted as $e) {
// $$$ rob urldecode when posting from ajax form
$e = urldecode($e);
$e = empty($e) ? '' : $crypt->decrypt($e);
$e = FabrikWorker::JSONtoData($e);
$v[] = $w->parseMessageForPlaceHolder($e, $post);
}
} else {
// $$$ rob urldecode when posting from ajax form
$encrypted = urldecode($encrypted);
$v = empty($encrypted) ? '' : $crypt->decrypt($encrypted);
/*
* $$$ hugh - things like element list elements (radios, etc) seem to use
* their JSON data for encrypted read only values, need to decode.
*/
if (is_subclass_of($elementModel, 'PlgFabrik_ElementList')) {
$v = FabrikWorker::JSONtoData($v, true);
}
$v = $w->parseMessageForPlaceHolder($v, $post);
}
$elementModel->setGroupModel($groupModel);
$elementModel->setValuesFromEncryt($post, $key, $v);
/* $$ rob set both normal and rawvalues to encrypted - otherwise validate method doesn't
* pick up decrypted value
*/
$elementModel->setValuesFromEncryt($post, $key . '_raw', $v);
}
}
}
}
}
}
/**
* Save the connection- test first if its valid
* if it is remove the session instance of the connection then call parent save
*
* @param array $data connection data
*
* @return boolean True on success, False on error.
*/
public function save($data)
{
$model = JModelLegacy::getInstance('Connection', 'FabrikFEModel');
$model->setId($data['id']);
$crypt = FabrikWorker::getCrypt();
$params = new stdClass();
$params->encryptedPw = true;
$data['params'] = json_encode($params);
$data['password'] = $crypt->encrypt($data['password']);
// $$$ hugh TESTING REMOVE!!!!
// $$$ Felikat - Not sure what you were testing but it broke stuff!
// unset($data['password']);
$options = $model->getConnectionOptions(JArrayHelper::toObject($data));
$db = $model->getDriverInstance($options);
$key = 'fabrik.connection.' . $data['id'];
/**
* erm yeah will remove the session connection for the admin user, but not any other user whose already using the site
* would need to clear out the session table i think - but that would then log out all users.
*/
$this->session->clear($key);
return parent::save($data);
}
/**
* Decrypt once a connection password - if its params->encryptedPw option is true
*
* @param JTable &$cnn Connection
*
* @since 3.1rc1
*
* @return void
*/
protected function decryptPw(&$cnn)
{
if (isset($cnn->decrypted) && $cnn->decrypted) {
return;
}
$crypt = FabrikWorker::getCrypt();
$params = json_decode($cnn->params);
if (is_object($params) && $params->encryptedPw == true) {
$cnn->password = $crypt->decrypt($cnn->password);
$cnn->decrypted = true;
}
}
