/**
*
* Pushes the values in all form elements into their corresponding field in
* the record.
*
* @throws Dataface_Error::PermissionDenied error if the user doesn't have permission. You should always
* try to catch this error if calling this function - otherwise the push will fail, and you won't know
* .
*
*/
function push()
{
//$fields = array_keys($this->_fields);
$fields =& $this->_fieldnames;
//$ctr = 0;
foreach ($fields as $field) {
//echo 'Field'.$field;
//if ( $ctr++ == 4){echo 'here'; exit;}
$res = $this->pushField($field);
if (Dataface_Error::isPermissionDenied($res)) {
/*
*
* The user does not have permission to set this value for this field.
* We return an error, that should result in a "PERMISSION DENIED" page if
* if is propogated up properly.
*
*/
return $res;
}
if (PEAR::isError($res)) {
continue;
$res->addUserInfo(df_translate('scripts.Dataface.QuickForm.push.ERROR_PUSHING_DATA', "Error pushing data onto field {$field} in QuickForm::push() on line " . __LINE__ . " of file " . __FILE__, array('field' => $field, 'line' => __LINE__, 'file' => __FILE__)));
trigger_error($res->toString(), E_USER_ERROR);
return $res;
}
}
return true;
}
/**
*
* Pushes the values in all form elements into their corresponding field in
* the record.
*
* @throws Dataface_Error::PermissionDenied error if the user doesn't have permission. You should always
* try to catch this error if calling this function - otherwise the push will fail, and you won't know
* .
*
*/
function push()
{
//$fields = array_keys($this->_fields);
$fields =& $this->_fieldnames;
//$ctr = 0;
foreach ($fields as $field) {
$res = $this->pushField($field);
if (Dataface_Error::isPermissionDenied($res)) {
/*
*
* The user does not have permission to set this value for this field.
* We return an error, that should result in a "PERMISSION DENIED" page if
* if is propogated up properly.
*
*/
return $res;
}
if (PEAR::isError($res)) {
continue;
$res->addUserInfo(df_translate('scripts.Dataface.QuickForm.push.ERROR_PUSHING_DATA', "Error pushing data onto field {$field} in QuickForm::push()", array('field' => $field, 'line' => 0, 'file' => '_')));
throw new Exception($res->toString(), E_USER_ERROR);
}
}
return true;
}
/**
* Displays the Dataface application.
*/
function display($main_content_only = false, $disableCache = false)
{
// ---------------- Set the Default Character set for output -----------
foreach ($this->_tables as $key => $value) {
$this->_tables[$key] = $this->_conf['_tables'][$key] = df_translate('tables.' . $key . '.label', $value);
}
$this->main_content_only = $main_content_only;
$this->startSession();
if (!@$this->_conf['disable_session_ip_check']) {
if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) {
$_SESSION['XATAFACE_REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
}
$ipAddressError = null;
if ($_SESSION['XATAFACE_REMOTE_ADDR'] != $_SERVER['REMOTE_ADDR']) {
$msg = sprintf("Session address does not match the remote address. Possible hacking attempt. Session address was '%s', User address was '%s'", htmlspecialchars($_SESSION['XATAFACE_REMOTE_ADDR']), htmlspecialchars($_SERVER['REMOTE_ADDR']));
error_log($msg);
//die('Your IP address doesn\'t match the session address. To continue, please clear your cookies or restart your browser and try again.');
session_destroy();
$this->startSession();
if (!@$_SESSION['XATAFACE_REMOTE_ADDR']) {
$_SESSION['XATAFACE_REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
}
}
}
// handle authentication
if (isset($this->_conf['_auth'])) {
// The config file _auth section is there so we will be using authentication.
$loginPrompt = false;
// flag to indicate if we should show the login prompt
$permissionDenied = false;
// flag to indicate if we should show permission denied
$permissionError = '';
//Placeholder for permissions error messages
$loginError = '';
// Placeholder for login error messages.
$authTool = $this->getAuthenticationTool();
$auth_result = $authTool->authenticate();
if (PEAR::isError($auth_result) and $auth_result->getCode() == DATAFACE_E_LOGIN_FAILURE) {
// There was a login failure, show the login prompt
$loginPrompt = true;
$loginError = $auth_result->getMessage();
} else {
if ($authTool->isLoggedIn()) {
// The user is logged in ok
// Handle the request
$result = $this->handleRequest();
if (Dataface_Error::isPermissionDenied($result)) {
// Permission was denied on the request. Since the user is already
// logged in, there is no use giving him the login prompt. Just give
// him the permission denied screen.
$permissionDenied = true;
$permissionError = $result->getMessage();
}
} else {
if (isset($this->_conf['_auth']['require_login']) and $this->_conf['_auth']['require_login']) {
// The user is not logged in and login is required for this application
// Show the login prompt
$loginPrompt = true;
} else {
// The user is not logged in, but login is not required for this application.
// Allow the user to perform the action.
$result = $this->handleRequest($disableCache);
if (Dataface_Error::isPermissionDenied($result)) {
// The user did not have permission to perform the action
// Give the user a login prompt.
$loginPrompt = true;
}
}
}
}
if ($loginPrompt) {
// The user is supposed to see a login prompt to log in.
// Show the login prompt.
$authTool->showLoginPrompt($loginError);
} else {
if ($permissionDenied) {
// The user is supposed to see the permissionm denied page.
$query =& $this->getQuery();
if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') {
header('Location: ' . $this->url('-action=view'));
exit;
}
$this->addError($result);
header("HTTP/1.1 403 Permission Denied");
df_display(array(), 'Dataface_Permission_Denied.html');
} else {
if (PEAR::isError($result)) {
// Some other error occurred in handling the request. Just show an
// ugly stack trace.
trigger_error($result->toString() . $result->getDebugInfo(), E_USER_ERROR);
}
}
}
} else {
// Authentication is not enabled for this application.
// Just process the request.
$result = $this->handleRequest($disableCache);
if (Dataface_Error::isPermissionDenied($result)) {
$query =& $this->getQuery();
if ($query['--original_action'] == 'browse' and $query['-action'] != 'view') {
header('Location: ' . $this->url('-action=view'));
exit;
}
$this->addError($result);
header("HTTP/1.1 403 Permission Denied");
df_display(array(), 'Dataface_Permission_Denied.html');
} else {
if (PEAR::isError($result)) {
trigger_error($result->toString() . $result->getDebugInfo(), E_USER_ERROR);
}
}
}
}
