/** * @param \UserModel|null $user * * @return \Form */ public static function GetForm($user = null){ $form = new \Form(); if($user === null) $user = new \UserModel(); $type = ($user->exists()) ? 'edit' : 'registration'; $usermanager = \Core\user()->checkAccess('p:/user/users/manage'); $groupmanager = \Core\user()->checkAccess('p:/user/groups/manage'); $allowemailchanging = \ConfigHandler::Get('/user/email/allowchanging'); if($type == 'registration'){ $form->set('callsmethod', 'Core\\User\\Helper::RegisterHandler'); } else{ $form->set('callsmethod', 'Core\\User\\Helper::UpdateHandler'); } $form->addElement('system', ['name' => 'user', 'value' => $user]); // Because the user system may not use a traditional Model for the backend, (think LDAP), // I cannot simply do a setModel() call here. // Only enable email changes if the current user is an admin or it's new. // (Unless the admin allows it via the site config) if($type != 'registration' && ( $usermanager || $allowemailchanging)){ $form->addElement('text', array('name' => 'email', 'title' => 'Email', 'required' => true, 'value' => $user->get('email'))); } // Tack on the active option if the current user is an admin. if($usermanager){ $form->addElement( 'checkbox', array( 'name' => 'active', 'title' => 'Active', 'checked' => ($user->get('active') == 1), ) ); $form->addElement( 'checkbox', array( 'name' => 'admin', 'title' => 'System Admin', 'checked' => $user->get('admin'), 'description' => 'The system admin, (or root user), has complete control over the site and all systems.', ) ); } if($usermanager){ $elements = array_keys($user->getKeySchemas()); } elseif($type == 'registration'){ $elements = explode('|', \ConfigHandler::Get('/user/register/form_elements')); } else{ $elements = explode('|', \ConfigHandler::Get('/user/edit/form_elements')); } // If avatars are disabled globally, remove that from the list if it's set. if(!\ConfigHandler::Get('/user/enableavatar') && in_array('avatar', $elements)){ array_splice($elements, array_search('avatar', $elements), 1); } foreach($elements as $k){ if($k){ // Skip blank elements that can be caused by string|param|foo| or empty strings. $el = $user->getColumn($k)->getAsFormElement(); if($el){ $form->addElement($el); } } } // Tack on the group registration if the current user is an admin. if($groupmanager){ // Find all the groups currently on the site. $where = new DatasetWhereClause(); $where->addWhere('context = '); if(\Core::IsComponentAvailable('multisite') && \MultiSiteHelper::IsEnabled()){ $where->addWhereSub('OR', ['site = ' . \MultiSiteHelper::GetCurrentSiteID(), 'site = -1']); } $groups = \UserGroupModel::Find($where, null, 'name'); if(sizeof($groups)){ $groupopts = array(); foreach($groups as $g){ $groupopts[$g->get('id')] = $g->get('name'); } $form->addElement( 'checkboxes', array( 'name' => 'groups[]', 'title' => 'Group Membership', 'options' => $groupopts, 'value' => $user->getGroups() ) ); } $where = new DatasetWhereClause(); $where->addWhere('context != '); if(\Core::IsComponentAvailable('multisite') && \MultiSiteHelper::IsEnabled()){ $w = new DatasetWhereClause(); $w->setSeparator('or'); $w->addWhere('site = ' . \MultiSiteHelper::GetCurrentSiteID()); $w->addWhere('site = -1'); $where->addWhere($w); } $contextgroups = \UserGroupModel::Count($where); if($contextgroups > 0){ // If this is a non-global context. // Good enough to stop here! $form->addElement( new \FormGroup( [ 'name' => 'context-groups', 'id' => 'context-groups', 'title' => 'Context Group Membership', ] ) ); // So that these elements will be registered on the form object... $form->addElement('hidden', ['name' => 'contextgroup[]', 'persistent' => false]); $form->addElement('hidden', ['name' => 'contextgroupcontext[]', 'persistent' => false]); } } // If the config is enabled and the current user is guest... if($type == 'registration' && \ConfigHandler::Get('/user/register/requirecaptcha') && !\Core\user()->exists()){ $form->addElement('captcha'); } $form->addElement( 'submit', [ 'value' => (($type == 'registration') ? 'Register' : 'Update'), 'name' => 'submit', ] ); return $form; }
/** * The recursive function that will return the actual SQL string from a group. * * @param DatasetWhereClause $group * @return string */ private function _parseWhereClause(DatasetWhereClause $group){ $statements = $group->getStatements(); $ws = []; foreach($statements as $w){ if($w instanceof DatasetWhereClause){ // Recursively recurring recursion, RECURSE! $str = $this->_parseWhereClause($w); if($str){ $ws[] = '( ' . $str . ' )'; } } elseif($w instanceof DatasetWhere){ // No field, what can I do? if(!$w->field) continue; $op = $w->op; // Null values should be IS NULL or IS NOT NULL, no sanitizing needed. if($w->value === null){ $v = 'NULL'; // NULL also has a fun trick with mysql.... = and != doesn't work :/ if($op == '=') $op = 'IS'; elseif($op == '!=') $op = 'IS NOT'; } elseif($w->value === 1){ // (int)1 is used sometimes to describe enum(1). $v = "'1'"; } elseif($w->value === 0){ // (int)0 is used sometimes to describe enum(0). $v = "'0'"; } // Numbers are allowed with no sanitizing, they're just numbers. elseif(is_int($w->value)){ $v = $w->value; } // IN statements allow an array to be passed in. Check the values in the array and wrap them with parentheses. elseif(is_array($w->value) && $op == 'IN'){ $vs = []; foreach($w->value as $bit){ $vs[] = "'" . $this->_conn->real_escape_string($bit) . "'"; } $v = '( ' . implode(',', $vs) . ' )'; } else{ $v = "'" . $this->_conn->real_escape_string($w->value) . "'"; } $ws[] = '`' . $w->field . '` ' . $op . ' ' . $v; } } return implode(' ' . $group->getSeparator() . ' ', $ws); }
/** * Translate a query string to a populated where clause based on the search index criteria. * * @param string $query * * @return DatasetWhereClause */ public static function GetWhereClause($query){ $subwhere = new DatasetWhereClause('search'); $subwhere->setSeparator('or'); // Lowercase it. $query = strtolower($query); // Convert this string to latin. $query = \Core\str_to_latin($query); // Skip punctuation. $query = preg_replace('/[^a-z0-9 ]/', '', $query); // Split out words. $parts = explode(' ', $query); $skips = self::GetSkipWords(); $indexes = []; $primaries = []; $secondaries = []; foreach($parts as $word){ if(in_array($word, $skips)) continue; if(!$word) continue; $it = new DoubleMetaPhone($word); $indexes[] = $word; $primaries[] = $it->primary; $secondaries[] = $it->secondary; } // Remove duplicates $indexes = array_unique($indexes); $primaries = array_unique($primaries); $secondaries = array_unique($secondaries); // And add a where clause for each one. foreach($indexes as $word){ if($word) { // Required to skip spaces. $subwhere->addWhere('search_index_str LIKE %' . $word . '%'); } } foreach($primaries as $word){ if($word){ // Required to skip spaces. $subwhere->addWhere('search_index_pri LIKE %' . $word . '%'); } } foreach($secondaries as $word){ if($word){ // Required to skip spaces. $subwhere->addWhere('search_index_sec LIKE %' . $word . '%'); } } return $subwhere; }