Newer
Older
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
case 'V6PREFIXEND':
$explode_field_value = explode(':',$field_value);
if (!$explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]!='' ) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
case 'V6PREFIXLENGTH':
// find shortes ipv6 subnet can`t be longer
$sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1;");
$sql_v6_explode=explode(':',$sql_v6['ip_address']);
$explode_field_value = explode(':',$field_value);
if (count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address'])) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg].$sql_v6[ip_address]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
$v6_prefix_ok=0;
$explode_field_value = explode(':',$field_value);
if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
if ( count($explode_field_value) <= 9 ) {
if (filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
if($v6_prefix_ok <> 1) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
break;
case 'ISIPV6':
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'ISIP':
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
//* Check if its a IPv4 or IPv6 address
if(isset($validator['separator']) && $validator['separator'] != '') {
//* When the field may contain several IP addresses, split them by the char defined as separator
$field_value_array = explode($validator['separator'], $field_value);
} else {
$field_value_array[] = $field_value;
}
foreach($field_value_array as $field_value) {
$field_value = trim($field_value);
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
$this->errorMessage .= $errmsg."<br />\r\n";
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
}
}
break;
case 'RANGE':
//* Checks if the value is within the given range or above / below a value
//* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
$range_parts = explode(':', trim($validator['range']));
$ok = true;
if($range_parts[0] != '' && $field_value < $range_parts[0]) {
$ok = false;
}
if($range_parts[1] != '' && $field_value > $range_parts[1]) {
$ok = false;
}
if($ok != true) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
unset($range_parts);
break;
case 'CUSTOM':
// Calls a custom class to validate this record
if($validator['class'] != '' and $validator['function'] != '') {
$validator_class = $validator['class'];
$validator_function = $validator['function'];
$app->uses($validator_class);
$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
$this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
break;
default:
$this->errorMessage .= "Unknown Validator: ".$validator['type'];
break;
}
}
return true;
}
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
Marius Cramer
committed
/* TODO: check for double quoting */
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {
global $app;
$this->action = $action;
$this->primary_id = $primary_id;
$record = $this->encode($record, $tab, true);
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
if($api == true) $fields = &$this->formDef['fields'];
else $fields = &$this->formDef['tabs'][$tab]['fields'];
// go trough all fields of the tab
if(is_array($record)) {
foreach($fields as $key => $field) {
// Wenn es kein leeres Passwortfeld ist
if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
// Erzeuge Insert oder Update Quelltext
if($action == "INSERT") {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_insert_val .= "'".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_insert_val .= "'".$record[$key]."', ";
}
$sql_insert_key .= "`$key`, ";
$sql_insert_val .= "'".$record[$key]."', ";
if($field['formtype'] == 'PASSWORD') {
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_update .= "`$key` = '".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_update .= "`$key` = '".$record[$key]."', ";
}
$sql_update .= "`$key` = '".$record[$key]."', ";
} else {
// we unset the password filed, if empty to tell the datalog function
// that the password has not been changed
unset($record[$key]);
// Add backticks for incomplete table names
if(stristr($this->formDef['db_table'], '.')) {
$escape = '';
} else {
$escape = '`';
}
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
if($action == "INSERT") {
if($this->formDef['auth'] == 'yes') {
// Set user and group
$sql_insert_key .= "`sys_userid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', ";
$sql_insert_key .= "`sys_groupid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', ";
$sql_insert_key .= "`sys_perm_user`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', ";
$sql_insert_key .= "`sys_perm_group`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', ";
$sql_insert_key .= "`sys_perm_other`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', ";
}
$sql_insert_key = substr($sql_insert_key, 0, -2);
$sql_insert_val = substr($sql_insert_val, 0, -2);
$sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
} else {
if($this->formDef['auth'] == 'yes') {
if($primary_id != 0) {
if($api == true && $_SESSION["s"]["user"]["client_id"] > 0 && $_SESSION["s"]["user"]["iserid"] > 0 && $_SESSION["s"]["user"]["default_group"] > 0) {
$sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
$sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
}
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
} else {
if($primary_id != 0) {
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
}
//* return a empty string if there is nothing to update
if(trim($sql_update) == '') $sql = '';
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {
global $app;
// If there are no data records on the tab, return empty sql string
if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';
// checking permissions
if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
if($action == "INSERT") {
if(!$this->checkPerm($primary_id, 'i')) $this->errorMessage .= "Insert denied.<br />\r\n";
} else {
if(!$this->checkPerm($primary_id, 'u')) $this->errorMessage .= "Update denied.<br />\r\n";
}
if(!is_array($this->formDef)) $app->error("Form definition not found.");
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false);
}
/**
* Debugging arrays.
*
* @param array_data
*/
function dbg($array_data) {
echo "<pre>";
print_r($array_data);
echo "</pre>";
}
if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen.");
$active_tab = $this->getNextTab();
// go trough the tabs
foreach( $this->formDef["tabs"] as $key => $tab) {
$tab['name'] = $key;
// Translate the title of the tab
$tab['title'] = $this->lng($tab['title']);
if($tab['name'] == $active_tab) {
// If module is set, then set the template path relative to the module..
if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"];
// Generate the template if it does not exist yet.
if(!is_file($tab["template"])) {
$app->uses('tform_tpl_generator');
$app->tform_tpl_generator->buildHTML($this->formDef, $tab['name']);
}
$app->tpl->setVar('readonly_tab', (isset($tab['readonly']) && $tab['readonly'] == true));
$app->tpl->setInclude('content_tpl', $tab["template"]);
$tab["active"] = 1;
$_SESSION["s"]["form"]["tab"] = $tab['name'];
} else {
// Unset unused variables.
unset($tab["fields"]);
unset($tab["plugins"]);
$frmTab[] = $tab;
}
// setting form tabs
$app->tpl->setLoop("formTab", $frmTab);
// Set form action
$app->tpl->setVar('form_action', $this->formDef["action"]);
$app->tpl->setVar('form_active_tab', $active_tab);
// Set form title
$form_hint = $this->lng($this->formDef["title"]);
if($this->formDef["description"] != '') $form_hint .= '<div class="pageForm_description">'.$this->lng($this->formDef["description"]).'</div>';
$app->tpl->setVar('form_hint', $form_hint);
// Set Wordbook for this form
$app->tpl->setVar($this->wordbook);
}
function getDataRecord($primary_id) {
global $app;
$escape = '`';
$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
function datalogSave($action, $primary_id, $record_old, $record_new) {
global $app, $conf;
$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
return true;
}
function getAuthSQL($perm, $table = '') {
if($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0) {
return '1';
} else {
if ($table != ''){
$table = ' ' . $table . '.';
}
$groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0;
$sql = '(';
$sql .= "(" . $table . "sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND " . $table . "sys_perm_user like '%$perm%') OR ";
$sql .= "(" . $table . "sys_groupid IN (".$groups.") AND " . $table ."sys_perm_group like '%$perm%') OR ";
$sql .= $table . "sys_perm_other like '%$perm%'";
$sql .= ')';
return $sql;