function validate_item_attributes($op, $s_item_type, &$HTTP_VARS, &$errors)
{
$errors = NULL;
$all_fields_validated = TRUE;
$attr_results = fetch_item_attribute_type_rs($s_item_type, 'not_instance_field_types');
if ($attr_results) {
while ($item_attribute_type_r = db_fetch_assoc($attr_results)) {
// Item_ID is purely a read-only attribute.
if ($item_attribute_type_r['s_field_type'] != 'ITEM_ID') {
// Force compulsory_ind for several s_field_type attributes, in case of bad data.
if ($item_attribute_type_r['s_field_type'] == 'TITLE') {
$item_attribute_type_r['compulsory_ind'] = 'Y';
$fieldname = 'title';
} else {
$fieldname = get_field_name($item_attribute_type_r['s_attribute_type'], $item_attribute_type_r['order_no']);
}
// save it in case we are in refresh mode.
$orig_fieldname = $fieldname;
if (!is_array($HTTP_VARS[$fieldname])) {
if (preg_match("/new([0-9]+)/", $HTTP_VARS[$fieldname], $matches) && isset($HTTP_VARS[$fieldname . '_' . $matches[0]])) {
$fieldname = $fieldname . '_' . $matches[0];
} else {
if ($HTTP_VARS[$fieldname] == 'old') {
// make sure this is a refresh value and not just a field with the value 'old'
if (isset($HTTP_VARS[$fieldname . '_new0'])) {
$fieldname = $fieldname . '_old';
}
}
}
}
// Is it an upload operation
if (is_array($_FILES) && is_array($_FILES[$fieldname . '_upload']) && is_uploaded_file($_FILES[$fieldname . '_upload']['tmp_name'])) {
$HTTP_VARS[$fieldname] = $_FILES[$fieldname . '_upload']['name'];
} else {
// normal field
$HTTP_VARS[$fieldname] = filter_item_input_field($item_attribute_type_r, $HTTP_VARS[$fieldname]);
}
// Indicate at least one field failed validation.
if (!validate_item_input_field($item_attribute_type_r, $HTTP_VARS[$fieldname], $errors)) {
$all_fields_validated = FALSE;
} else {
// So we have the filtered version for the handle_update / handle_insert functions.
if (!is_array($HTTP_VARS[$orig_fieldname])) {
if (preg_match("/new([0-9]+)/", $HTTP_VARS[$orig_fieldname], $matches) && isset($HTTP_VARS[$orig_fieldname . '_' . $matches[0]])) {
$HTTP_VARS[$fieldname . '_' . $matches[0]] = $HTTP_VARS[$orig_fieldname];
}
}
}
}
}
db_free_result($attr_results);
if (!$all_fields_validated) {
return FALSE;
} else {
return TRUE;
}
} else {
//else - what else can I do here?
$errors[] = array('error' => get_opendb_lang_var('undefined_error'), 'detail' => '');
return FALSE;
}
}
function validate_user_info($user_r, &$HTTP_VARS, &$address_provided_r, &$errors)
{
$address_attribs_provided = NULL;
$is_address_validated = TRUE;
// cannot change your role unless you have the permissions
if (is_array($user_r) && !is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
$HTTP_VARS['user_role'] = $user_r['user_role'];
} else {
if ($HTTP_VARS['op'] == 'signup' && !is_valid_signup_role($HTTP_VARS['user_role'])) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid Signup User Role specified', $HTTP_VARS);
return FALSE;
}
}
$role_r = fetch_role_r($HTTP_VARS['user_role']);
if (!is_array($role_r)) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid User Role specified', $HTTP_VARS);
return FALSE;
}
$HTTP_VARS['fullname'] = filter_input_field("text(30,100)", $HTTP_VARS['fullname']);
$HTTP_VARS['email_addr'] = filter_input_field("email(30,100)", $HTTP_VARS['email_addr']);
if (!validate_input_field(get_opendb_lang_var('fullname'), "text(30,100)", "Y", $HTTP_VARS['fullname'], $errors) || !validate_input_field(get_opendb_lang_var('email'), "email(30,100)", "Y", $HTTP_VARS['email_addr'], $errors)) {
return FALSE;
}
if (get_opendb_config_var('user_admin', 'user_themes_support') === FALSE || !is_exists_theme($HTTP_VARS['uid_theme'])) {
$HTTP_VARS['uid_theme'] = FALSE;
// Do not update theme!
}
// Do not allow update with illegal language.
if (get_opendb_config_var('user_admin', 'user_language_support') === FALSE || !is_exists_language($HTTP_VARS['uid_language'])) {
$HTTP_VARS['uid_language'] = NULL;
}
$addr_results = fetch_address_type_rs(TRUE);
if ($addr_results) {
while ($address_type_r = db_fetch_assoc($addr_results)) {
$v_address_type = strtolower($address_type_r['s_address_type']);
$address_provided_r[$v_address_type] = FALSE;
$attr_results = fetch_address_type_attribute_type_rs($address_type_r['s_address_type'], 'update', TRUE);
if ($attr_results) {
while ($addr_attribute_type_r = db_fetch_assoc($attr_results)) {
$fieldname = get_field_name($addr_attribute_type_r['s_attribute_type'], $addr_attribute_type_r['order_no']);
$HTTP_VARS[$v_address_type][$fieldname] = filter_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname]);
if (is_empty_attribute($addr_attribute_type_r['s_attribute_type'], $HTTP_VARS[$v_address_type][$fieldname]) !== FALSE) {
$address_provided_r[$v_address_type] = TRUE;
if (!validate_item_input_field($addr_attribute_type_r, $HTTP_VARS[$v_address_type][$fieldname], $errors)) {
$is_address_validated = FALSE;
}
}
}
db_free_result($attr_results);
}
//if($addr_results)
}
db_free_result($addr_results);
}
//if($addr_results)
return $is_address_validated;
}
function validate_input_field($prompt, $input_type, $compulsory_ind = 'N', $value, &$errors)
{
$input_type_def = prc_function_spec($input_type);
return validate_item_input_field(array('prompt' => $prompt, 'input_type' => $input_type_def['type'], 'input_type_arg1' => $input_type_def['args'][0], 'input_type_arg2' => $input_type_def['args'][1], 'input_type_arg3' => $input_type_def['args'][2], 'input_type_arg4' => $input_type_def['args'][3], 'input_type_arg5' => $input_type_def['args'][4], 'compulsory_ind' => $compulsory_ind), $value, $errors);
}