/** * Get content for this formular means a PHP/XHTML source code executable * representing full working form * * @param constant $actionParams : add some params to form execution (default : false, return form just as it is in db) * - self::REMOVE_FORM_SUBMIT : form can't be submitted, throw js alert message * - self::ALLOW_FORM_SUBMIT : form can be submitted, add form action, hidden fields, selected values, etc. (used in public mode) * @param array $fieldsError : add an array of error fields' id * @access public * @return XHTML string */ function getContent($actionParams = false, $fieldsError = array()) { global $cms_language; if ($actionParams === false) { return $this->_source; } $source = $this->_source; switch ($actionParams) { case self::REMOVE_FORM_SUBMIT: //disable submit with javascript $source = str_replace('<form ', '<form onsubmit="alert(\'' . addslashes($cms_language->getMessage(self::MESSAGE_CMS_FORMS_SUBMIT_NOT_ALLOWED, false, MOD_CMS_FORMS_CODENAME)) . '\');return false;" ', $source); break; case self::ALLOW_FORM_SUBMIT: //get fields $fields = $this->getFields(true); $referer = isset($_REQUEST['referer']) ? sensitiveIO::sanitizeHTMLString($_REQUEST['referer']) : null; //and add already selected values (from $_POST global values) //$xml2Array = new CMS_xml2Array(str_replace('&', '&',io::decodeEntities($source))); $xml2Array = new CMS_xml2Array($source, CMS_xml2Array::XML_ENCLOSE | CMS_xml2Array::XML_PROTECT_ENTITIES); //parse XHTML form content $xmlArray = $xml2Array->getParsedArray(); //add already selected values $this->_fillSelectedFormValues($xmlArray, $fields, $fieldsError); //then convert back into XHTML $source = $xml2Array->toXML($xmlArray); //add target and hidden fields $source = preg_replace('#<form([^>]+)>#U', '<form action="' . $_SERVER["SCRIPT_NAME"] . (isset($_SERVER['QUERY_STRING']) ? '?' . sensitiveIO::sanitizeHTMLString($_SERVER['QUERY_STRING']) : '') . '#formAnchor' . $this->getID() . '" method="post" enctype="multipart/form-data"\\1>' . "\n" . '<input type="hidden" name="cms_action" value="validate" />' . "\n" . '<input type="hidden" name="atm-token" value="' . CMS_session::getToken(MOD_CMS_FORMS_CODENAME) . '" />' . "\n" . '<input type="hidden" name="formID" value="' . $this->getID() . '" />' . "\n" . '<input type="hidden" name="referer" value="' . $referer . '" />' . "\n", $source); //pr(io::htmlspecialchars($source)); break; } return $source; }
/** * Get current session infos * * @return array : the user session infos * @access public * @static */ public static function getSessionInfos() { $sessionInfos = array(); $user = CMS_session::getUser(); if (!$user) { return array(); } $sessionInfos['fullname'] = $user->getFullName(); $sessionInfos['userId'] = $user->getUserId(); $sessionInfos['language'] = $user->getLanguage()->getCode(); $sessionInfos['scriptsInProgress'] = CMS_scriptsManager::getScriptsNumberLeft(); $sessionInfos['hasValidations'] = $user->hasValidationClearance(); $sessionInfos['awaitingValidation'] = CMS_modulesCatalog::getValidationsCount($user); $sessionInfos['applicationLabel'] = APPLICATION_LABEL; $sessionInfos['applicationVersion'] = AUTOMNE_VERSION; $sessionInfos['systemLabel'] = CMS_grandFather::SYSTEM_LABEL; $sessionInfos['token'] = CMS_session::getToken('admin'); $sessionInfos['sessionDuration'] = APPLICATION_SESSION_TIMEOUT; $sessionInfos['permanent'] = CMS_session::getPermanent(); $sessionInfos['path'] = PATH_REALROOT_WR; $sessionInfos['debug'] = ''; $sessionInfos['debug'] += SYSTEM_DEBUG ? 1 : 0; $sessionInfos['debug'] += STATS_DEBUG ? 2 : 0; $sessionInfos['debug'] += POLYMOD_DEBUG ? 4 : 0; $sessionInfos['debug'] += VIEW_SQL ? 8 : 0; return $sessionInfos; }
/** * Get a unique session token value for given token name * * @param string $name, token name to get value * @return string : Token value * @access public */ static function getToken($name) { return CMS_session::getToken($name); }
$view->addJavascript($jscontent); //set form HTML $content = '<div class="x-panel x-form-label-left" style="width: 374px;"> <div class="x-panel-tl"> <div class="x-panel-tr"> <div class="x-panel-tc"></div> </div> </div> <div class="x-panel-bwrap"> <div class="x-panel-ml"> <div class="x-panel-mr"> <div class="x-panel-mc"> <div style="width: 362px; height: 126px;" class="x-panel-body"> <form id="loginForm" class="x-form" method="post" action="' . $_SERVER['SCRIPT_NAME'] . '"> <input name="cms_action" value="login" type="hidden" /> <input name="atm-token" value="' . CMS_session::getToken('login') . '" type="hidden" /> <div class="x-form-item" tabindex="-1"> <label for="loginField" style="width: 90px;" class="x-form-item-label">' . $cms_language->getMessage(MESSAGE_PAGE_LOGIN) . ':</label> <div class="x-form-element" style="padding-left: 95px;"> <input style="width: 240px;" class="x-form-text x-form-field" autocomplete="on" id="loginField" name="login" type="text" value="' . (isset($_POST['login']) ? io::htmlspecialchars($_POST['login']) : '') . '" /> </div> <div class="x-form-clear-left"></div> </div> <div class="x-form-item" tabindex="-1"> <label for="passField" style="width: 90px;" class="x-form-item-label">' . $cms_language->getMessage(MESSAGE_PAGE_PASSWORD) . ':</label> <div class="x-form-element" style="padding-left: 95px;"> <input style="width: 240px;" class="x-form-text x-form-field" autocomplete="on" id="passField" name="pass" type="password" value="' . (isset($_POST['pass']) ? io::htmlspecialchars($_POST['pass']) : '') . '" /> </div> <div class="x-form-clear-left"></div> </div> <div class="x-form-item" tabindex="-1">
/** * Writes html header * * @return void * @access private */ private function _showHead($returnValue = false) { switch ($this->_displayMode) { case self::SHOW_JSON: case self::SHOW_RAW: case self::SHOW_XML: $return = ''; if ($this->hasErrors()) { $return .= ' <error>1</error>' . "\n" . ' <errormessage><![CDATA[' . $this->_espaceCdata($this->getErrors(true)) . ']]></errormessage>' . "\n"; } else { $return .= ' <error>0</error>' . "\n"; } if ($this->_secure && CMS_session::tokenIsExpired('admin')) { $token = CMS_session::getToken('admin'); //pr('new token : '.$token); $return .= ' <token><![CDATA[' . $token . ']]></token>' . "\n"; } if ($this->hasRawDatas()) { $return .= ' <rawdatas><![CDATA[' . $this->_espaceCdata($this->getRawDatas(true)) . ']]></rawdatas>' . "\n"; } if ($this->_actionmessage) { $return .= ' <message><![CDATA[' . $this->_espaceCdata($this->_actionmessage) . ']]></message>' . "\n"; } if ($this->_title) { $return .= ' <title><![CDATA[' . $this->_espaceCdata($this->_title) . ']]></title>' . "\n"; } if ($this->_disconnected) { $return .= ' <disconnected>1</disconnected>' . "\n"; } $scripts = CMS_scriptsManager::getScriptsNumberLeft(); if ($scripts) { $return .= ' <scripts>' . $scripts . '</scripts>' . "\n"; } if (SYSTEM_DEBUG && STATS_DEBUG) { $return .= ' <stats><![CDATA[' . $this->_espaceCdata(CMS_stats::view(true)) . ']]></stats>' . "\n"; } $jsfiles = CMS_view::getJavascript(array(), 'screen', true); if ($jsfiles) { $files = array('files' => $jsfiles, 'manager' => CMS_view::getJSManagerURL()); $return .= ' <jsfiles><![CDATA[' . $this->_espaceCdata(sensitiveIO::jsonEncode($files)) . ']]></jsfiles>' . "\n"; } $cssfiles = CMS_view::getCSS(array(), 'screen', true); if ($cssfiles) { $files = array('files' => $cssfiles, 'manager' => CMS_view::getCSSManagerURL()); $return .= ' <cssfiles><![CDATA[' . $this->_espaceCdata(sensitiveIO::jsonEncode($files)) . ']]></cssfiles>' . "\n"; } if (!$returnValue) { echo $return; } else { return $return; } break; case self::SHOW_HTML: default: $title = $this->_title ? '<title>' . APPLICATION_LABEL . ' :: ' . $this->_title . '</title>' : ''; echo '<head> <meta http-equiv="Content-Type" content="text/html; charset=' . APPLICATION_DEFAULT_ENCODING . '" /> ' . $title . ' ' . $this->_copyright() . ' <meta name="generator" content="' . CMS_grandFather::SYSTEM_LABEL . '" /> ' . CMS_view::getCSS() . ' ' . CMS_view::getJavascript(); if (APPLICATION_GCF_SUPPORT) { echo '<meta http-equiv="X-UA-Compatible" content="chrome=1">'; } echo '</head>'; break; } }