Newer
Older
if(function_exists('filter_var')) {
if(filter_var('check@'.$field_value, FILTER_VALIDATE_EMAIL) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
}
unset($error);
break;
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
if(function_exists('filter_var')) {
if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
$error = true;
} else {
if (!preg_match("/^[^\\+]+$/", $field_value)) { // * disallow + in local-part
$error = true;
}
}
if ($error) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
}
if(function_exists('filter_var') && $field_value < PHP_INT_MAX) {
Till Brehm
committed
//if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>0))) === false) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
break;
case 'ISPOSITIVE':
if(function_exists('filter_var')) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>1))) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'V6PREFIXEND':
$explode_field_value = explode(':',$field_value);
if (!$explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]!='' ) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
case 'V6PREFIXLENGTH':
// find shortes ipv6 subnet can`t be longer
$sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1");
$sql_v6_explode=explode(':',$sql_v6['ip_address']);
$explode_field_value = explode(':',$field_value);
if (count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address'])) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg].$sql_v6[ip_address]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
$v6_prefix_ok=0;
$explode_field_value = explode(':',$field_value);
if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
if ( count($explode_field_value) <= 9 ) {
if (filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
if($v6_prefix_ok <> 1) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
break;
case 'ISIPV6':
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'ISIP':
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
//* Check if its a IPv4 or IPv6 address
if(isset($validator['separator']) && $validator['separator'] != '') {
//* When the field may contain several IP addresses, split them by the char defined as separator
$field_value_array = explode($validator['separator'], $field_value);
} else {
$field_value_array[] = $field_value;
}
foreach($field_value_array as $field_value) {
$field_value = trim($field_value);
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
$this->errorMessage .= $errmsg."<br />\r\n";
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'ISDATETIME':
/* Checks a datetime value against the date format of the current language */
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
$parsed_date = date_parse_from_format($this->datetimeformat,$field_value);
if($parsed_date['error_count'] > 0 || ($parsed_date['year'] == 1899 && $parsed_date['month'] == 12 && $parsed_date['day'] == 31)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
}
break;
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
case 'RANGE':
//* Checks if the value is within the given range or above / below a value
//* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
$range_parts = explode(':', trim($validator['range']));
$ok = true;
if($range_parts[0] != '' && $field_value < $range_parts[0]) {
$ok = false;
}
if($range_parts[1] != '' && $field_value > $range_parts[1]) {
$ok = false;
}
if($ok != true) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
unset($range_parts);
break;
case 'CUSTOM':
// Calls a custom class to validate this record
if($validator['class'] != '' and $validator['function'] != '') {
$validator_class = $validator['class'];
$validator_function = $validator['function'];
$app->uses($validator_class);
$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
$this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
break;
default:
$this->errorMessage .= "Unknown Validator: ".$validator['type'];
break;
}
}
return true;
}
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
Marius Cramer
committed
/* TODO: check for double quoting */
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {
global $app;
$this->action = $action;
$this->primary_id = $primary_id;
$record = $this->encode($record, $tab, true);
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
if($api == true) $fields = &$this->formDef['fields'];
else $fields = &$this->formDef['tabs'][$tab]['fields'];
// go trough all fields of the tab
if(is_array($record)) {
foreach($fields as $key => $field) {
// Wenn es kein leeres Passwortfeld ist
if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
// Erzeuge Insert oder Update Quelltext
if($action == "INSERT") {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_insert_val .= "'".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_insert_val .= "'".$record[$key]."', ";
}
$sql_insert_key .= "`$key`, ";
$sql_insert_val .= (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
if($field['formtype'] == 'PASSWORD') {
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_update .= "`$key` = '".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_update .= "`$key` = '".$record[$key]."', ";
}
$sql_update .= "`$key` = " . (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
} else {
// we unset the password filed, if empty to tell the datalog function
// that the password has not been changed
unset($record[$key]);
// Add backticks for incomplete table names
if(stristr($this->formDef['db_table'], '.')) {
$escape = '';
} else {
$escape = '`';
}
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
if($action == "INSERT") {
if($this->formDef['auth'] == 'yes') {
// Set user and group
$sql_insert_key .= "`sys_userid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', ";
$sql_insert_key .= "`sys_groupid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', ";
$sql_insert_key .= "`sys_perm_user`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', ";
$sql_insert_key .= "`sys_perm_group`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', ";
$sql_insert_key .= "`sys_perm_other`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', ";
}
$sql_insert_key = substr($sql_insert_key, 0, -2);
$sql_insert_val = substr($sql_insert_val, 0, -2);
$sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
} else {
if($this->formDef['auth'] == 'yes') {
if($primary_id != 0) {
if($api == true && $_SESSION["s"]["user"]["client_id"] > 0 && $_SESSION["s"]["user"]["iserid"] > 0 && $_SESSION["s"]["user"]["default_group"] > 0) {
$sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
$sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
}
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
} else {
if($primary_id != 0) {
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
}
//* return a empty string if there is nothing to update
if(trim($sql_update) == '') $sql = '';
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {
global $app;
// If there are no data records on the tab, return empty sql string
if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';
// checking permissions
if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
if($action == "INSERT") {
if(!$this->checkPerm($primary_id, 'i')) $this->errorMessage .= "Insert denied.<br />\r\n";
} else {
if(!$this->checkPerm($primary_id, 'u')) $this->errorMessage .= "Update denied.<br />\r\n";
}
if(!is_array($this->formDef)) $app->error("Form definition not found.");
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false);
}
/**
* Debugging arrays.
*
* @param array_data
*/
function dbg($array_data) {
echo "<pre>";
print_r($array_data);
echo "</pre>";
}
if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen.");
$active_tab = $this->getNextTab();
// go trough the tabs
foreach( $this->formDef["tabs"] as $key => $tab) {
$tab['name'] = $key;
// Translate the title of the tab
$tab['title'] = $this->lng($tab['title']);
if($tab['name'] == $active_tab) {
// If module is set, then set the template path relative to the module..
if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"];
// Generate the template if it does not exist yet.
if(!is_file($tab["template"])) {
$app->uses('tform_tpl_generator');
$app->tform_tpl_generator->buildHTML($this->formDef, $tab['name']);
}
$app->tpl->setVar('readonly_tab', (isset($tab['readonly']) && $tab['readonly'] == true));
$app->tpl->setInclude('content_tpl', $tab["template"]);
$tab["active"] = 1;
$_SESSION["s"]["form"]["tab"] = $tab['name'];
} else {
// Unset unused variables.
unset($tab["fields"]);
unset($tab["plugins"]);
$frmTab[] = $tab;
}
// setting form tabs
$app->tpl->setLoop("formTab", $frmTab);
// Set form action
$app->tpl->setVar('form_action', $this->formDef["action"]);
$app->tpl->setVar('form_active_tab', $active_tab);
// Set form title
$form_hint = $this->lng($this->formDef["title"]);
if($this->formDef["description"] != '') $form_hint .= '<div class="pageForm_description">'.$this->lng($this->formDef["description"]).'</div>';
$app->tpl->setVar('form_hint', $form_hint);
// Set Wordbook for this form
$app->tpl->setVar($this->wordbook);
}
function getDataRecord($primary_id) {
global $app;
$escape = '`';
$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
function datalogSave($action, $primary_id, $record_old, $record_new) {
global $app, $conf;
$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
return true;
}
function getAuthSQL($perm, $table = '') {
if($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0) {
return '1';
} else {
if ($table != ''){
$table = ' ' . $table . '.';
}
$groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0;
$sql = '(';
$sql .= "(" . $table . "sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND " . $table . "sys_perm_user like '%$perm%') OR ";
$sql .= "(" . $table . "sys_groupid IN (".$groups.") AND " . $table ."sys_perm_group like '%$perm%') OR ";
$sql .= $table . "sys_perm_other like '%$perm%'";
$sql .= ')';
return $sql;