/** * * Pushes the values in all form elements into their corresponding field in * the record. * * @throws Dataface_Error::PermissionDenied error if the user doesn't have permission. You should always * try to catch this error if calling this function - otherwise the push will fail, and you won't know * . * */ function push() { //$fields = array_keys($this->_fields); $fields =& $this->_fieldnames; //$ctr = 0; foreach ($fields as $field) { //echo 'Field'.$field; //if ( $ctr++ == 4){echo 'here'; exit;} $res = $this->pushField($field); if (Dataface_Error::isPermissionDenied($res)) { /* * * The user does not have permission to set this value for this field. * We return an error, that should result in a "PERMISSION DENIED" page if * if is propogated up properly. * */ return $res; } if (PEAR::isError($res)) { continue; $res->addUserInfo(df_translate('scripts.Dataface.QuickForm.push.ERROR_PUSHING_DATA', "Error pushing data onto field {$field} in QuickForm::push() on line " . __LINE__ . " of file " . __FILE__, array('field' => $field, 'line' => __LINE__, 'file' => __FILE__))); trigger_error($res->toString(), E_USER_ERROR); return $res; } } return true; }
/** * * Pushes the values in all form elements into their corresponding field in * the record. * * @throws Dataface_Error::PermissionDenied error if the user doesn't have permission. You should always * try to catch this error if calling this function - otherwise the push will fail, and you won't know * . * */ function push() { //$fields = array_keys($this->_fields); $fields =& $this->_fieldnames; //$ctr = 0; foreach ($fields as $field) { $res = $this->pushField($field); if (Dataface_Error::isPermissionDenied($res)) { /* * * The user does not have permission to set this value for this field. * We return an error, that should result in a "PERMISSION DENIED" page if * if is propogated up properly. * */ return $res; } if (PEAR::isError($res)) { continue; $res->addUserInfo(df_translate('scripts.Dataface.QuickForm.push.ERROR_PUSHING_DATA', "Error pushing data onto field {$field} in QuickForm::push()", array('field' => $field, 'line' => 0, 'file' => '_'))); throw new Exception($res->toString(), E_USER_ERROR); } } return true; }
/** * Displays the Dataface application. */ function display($main_content_only = false, $disableCache = false) { // ---------------- Set the Default Character set for output ----------- foreach ($this->_tables as $key => $value) { $this->_tables[$key] = $this->_conf['_tables'][$key] = df_translate('tables.' . $key . '.label', $value); } $this->main_content_only = $main_content_only; $this->startSession(); if (!@$this->_conf['disable_session_ip_check']) { if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) { $_SESSION['XATAFACE_REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR']; } $ipAddressError = null; if ($_SESSION['XATAFACE_REMOTE_ADDR'] != $_SERVER['REMOTE_ADDR']) { $msg = sprintf("Session address does not match the remote address. Possible hacking attempt. Session address was '%s', User address was '%s'", htmlspecialchars($_SESSION['XATAFACE_REMOTE_ADDR']), htmlspecialchars($_SERVER['REMOTE_ADDR'])); error_log($msg); //die('Your IP address doesn\'t match the session address. To continue, please clear your cookies or restart your browser and try again.'); session_destroy(); $this->startSession(); if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) { $_SESSION['XATAFACE_REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR']; } } } // handle authentication if (isset($this->_conf['_auth'])) { // The config file _auth section is there so we will be using authentication. $loginPrompt = false; // flag to indicate if we should show the login prompt $permissionDenied = false; // flag to indicate if we should show permission denied $permissionError = ''; //Placeholder for permissions error messages $loginError = ''; // Placeholder for login error messages. $authTool = $this->getAuthenticationTool(); $auth_result = $authTool->authenticate(); if (PEAR::isError($auth_result) and $auth_result->getCode() == DATAFACE_E_LOGIN_FAILURE) { // There was a login failure, show the login prompt $loginPrompt = true; $loginError = $auth_result->getMessage(); } else { if ($authTool->isLoggedIn()) { // The user is logged in ok // Handle the request $result = $this->handleRequest(); if (Dataface_Error::isPermissionDenied($result)) { // Permission was denied on the request. Since the user is already // logged in, there is no use giving him the login prompt. Just give // him the permission denied screen. $permissionDenied = true; $permissionError = $result->getMessage(); } } else { if (isset($this->_conf['_auth']['require_login']) and $this->_conf['_auth']['require_login']) { // The user is not logged in and login is required for this application // Show the login prompt $loginPrompt = true; } else { // The user is not logged in, but login is not required for this application. // Allow the user to perform the action. $result = $this->handleRequest($disableCache); if (Dataface_Error::isPermissionDenied($result)) { // The user did not have permission to perform the action // Give the user a login prompt. $loginPrompt = true; } } } } if ($loginPrompt) { // The user is supposed to see a login prompt to log in. // Show the login prompt. $authTool->showLoginPrompt($loginError); } else { if ($permissionDenied) { // The user is supposed to see the permissionm denied page. $query =& $this->getQuery(); if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') { header('Location: ' . $this->url('-action=view')); exit; } $this->addError($result); header("HTTP/1.1 403 Permission Denied"); df_display(array(), 'Dataface_Permission_Denied.html'); } else { if (PEAR::isError($result)) { // Some other error occurred in handling the request. Just show an // ugly stack trace. trigger_error($result->toString() . $result->getDebugInfo(), E_USER_ERROR); } } } } else { // Authentication is not enabled for this application. // Just process the request. $result = $this->handleRequest($disableCache); if (Dataface_Error::isPermissionDenied($result)) { $query =& $this->getQuery(); if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') { header('Location: ' . $this->url('-action=view')); exit; } $this->addError($result); header("HTTP/1.1 403 Permission Denied"); df_display(array(), 'Dataface_Permission_Denied.html'); } else { if (PEAR::isError($result)) { trigger_error($result->toString() . $result->getDebugInfo(), E_USER_ERROR); } } } }