/** * * @param string[] $columnsToFill * @return false|string // new id */ public function handleInsertFromPost($columnsToFill) { $imagesRelativePath = WOOOF::$instance->getConfigurationFor('imagesRelativePath'); $siteBasePath = WOOOF::$instance->getConfigurationFor('siteBasePath'); global $__isAdminPage; $insertId = $this->dataBase->getNewId($this->tableName); if ($insertId === FALSE) { return FALSE; } $defferedQueries = array(); $query = 'insert into ' . $this->tableName . ' set'; if (is_array($columnsToFill)) { foreach ($columnsToFill as $column) { if ($column != 'id') { $metaData = $this->columns[$column]->getColumnMetaData(); $trimmedOrderingColumn = trim(str_replace(' desc', '', $this->getOrderingColumnForListings())); if ($trimmedOrderingColumn == $column && (!isset($_POST[$column]) || trim($_POST[$column]) == '0' || trim($_POST[$column]) == '') && $metaData['type'] == WOOOF_dataBaseColumnTypes::int) { $oR = $this->dataBase->query('select max(' . $trimmedOrderingColumn . ') as maxOrd from ' . $this->tableName); if ($oR === FALSE) { return FALSE; } $o = $this->dataBase->fetchAssoc($oR); $_POST[$column] = $o['maxOrd'] + 10; } else { if (!isset($_POST[$column]) && !isset($_POST[$column . '1']) && !isset($_POST[$column . '4']) && !isset($_FILES[$column])) { WOOOF::$instance->debug("Warning in handleInsertFromPost: Column to fill [{$column}] does not appear in POST or FILES."); continue; } } if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::file) { if (is_uploaded_file($_FILES[$column]['tmp_name'])) { $externalFileId = $this->handleFileUpload($column); if ($externalFileId === FALSE) { die('File Upload Failure!'); // TODO: backfix that and remove the die! return FALSE; } else { $query .= ' ' . $column . '=\'' . $externalFileId . '\','; } } } else { if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::picture) { if (isset($_FILES[$column])) { if (trim($metaData['presentationParameters']) != '') { $outputPath = $siteBasePath . $metaData['presentationParameters']; } else { $outputPath = $siteBasePath . $imagesRelativePath; } $fromFile = $outputPath . WOOOF::randomString(10) . '_' . $_FILES[$column]['name']; //echo $fromFile .' <- is the new filename <br>'; $mvResult = move_uploaded_file($_FILES[$column]['tmp_name'], $fromFile); if ($mvResult) { if ($metaData['resizeWidth'] != '') { $choppedFile = ''; $filePieces = explode('.', $_FILES[$column]['name']); for ($b = 0; $b < count($filePieces) - 1; $b++) { $choppedFile .= $filePieces[$b] . '.'; } $choppedFile .= 'jpg'; $targetFilename = $this->tableId . '_' . $metaData['columnId'] . '_' . $insertId . '_' . $choppedFile; WOOOF::resizePicture($fromFile, $outputPath . $targetFilename, $metaData['resizeWidth'], $metaData['resizeHeight']); $query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($targetFilename) . '\', '; if ($metaData['thumbnailWidth'] != '') { WOOOF::resizePicture($fromFile, $outputPath . 'thumb_' . $targetFilename, $metaData['thumbnailWidth'], $metaData['thumbnailHeight']); if ($metaData['thumbnailColumn'] != '') { $defferedQueries[] = 'update ' . $this->tableName . ' set ' . $metaData['thumbnailColumn'] . '=\'' . 'thumb_' . $targetFilename . '\' where id=\'' . $insertId . '\''; } } if ($metaData['midSizeWidth'] != '') { WOOOF::resizePicture($fromFile, $outputPath . 'mid_' . $targetFilename, $metaData['midSizeWidth'], $metaData['midSizeHeight']); if ($metaData['thumbnailColumn'] != '') { $defferedQueries[] = 'update ' . $this->tableName . ' set ' . $metaData['midSizeColumn'] . '=\'' . 'mid_' . $targetFilename . '\' where id=\'' . $insertId . '\''; } } unlink($fromFile); } else { //echo basename(WOOOF::$instance->cleanUserInput($fromFile)) .'<br>'; $query .= ' ' . $column . '=\'' . basename(WOOOF::$instance->cleanUserInput($fromFile)) . '\','; //exit; } } else { $query .= ' ' . $column . '=' . $column . ', '; } } } else { if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::htmlText) { if (!$__isAdminPage) { require_once 'HTMLPurifier.standalone.php'; $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $query .= ' ' . $column . '=\'' . $this->dataBase->escape($purifier->purify($_POST[$column])) . '\','; } else { $query .= ' ' . $column . '=\'' . $this->dataBase->escape($_POST[$column]) . '\','; } } else { if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::date || $metaData['presentationType'] == WOOOF_columnPresentationTypes::time || $metaData['presentationType'] == WOOOF_columnPresentationTypes::dateAndTime && isset($_POST[$column . '1'])) { if ($metaData['notNull'] == '1' && ($metaData['isReadOnly'] || (!isset($_POST[$column . '1']) || trim($_POST[$column . '1']) == '') && (!isset($_POST[$column . '4']) || $_POST[$column . '4'] == ''))) { //WOOOF::$instance->debug("$column in isReadOnly or empty"); $tempDate = WOOOF::getCurrentDateTime(); } else { $tempDate = WOOOF::buildDateTimeFromAdminPost($column, $metaData['presentationType']); } if ($this->columns[$column]->checkValue($tempDate) === FALSE) { return FALSE; } $query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($tempDate) . '\','; } else { if (!$this->columns[$column]->checkValue($_POST[$column])) { return FALSE; } if (!isset($_POST[$column])) { $_POST[$column] = ''; } $query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($_POST[$column]) . '\','; } } } } } } } $query .= ' id=\'' . $insertId . '\''; $res = $this->dataBase->query($query); if ($res === FALSE) { return FALSE; } for ($dC = 0; $dC < count($defferedQueries); $dC++) { $res = $this->dataBase->query($defferedQueries[$dC]); if ($res === FALSE) { return FALSE; } } return $insertId; }