Newer
Older
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
if(function_exists('filter_var')) {
if(filter_var('check@'.$field_value, FILTER_VALIDATE_EMAIL) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
}
unset($error);
break;
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
if(function_exists('filter_var')) {
if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
$error = true;
} else {
if (!preg_match("/^[^\\+]+$/", $field_value)) { // * disallow + in local-part
$error = true;
}
}
if ($error) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
}
if(function_exists('filter_var') && $field_value < PHP_INT_MAX) {
Till Brehm
committed
//if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>0))) === false) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else {
$tmpval = $app->functions->intval($field_value);
if($tmpval === 0 and !empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
}
break;
case 'ISPOSITIVE':
if(function_exists('filter_var')) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>1))) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'V6PREFIXEND':
$explode_field_value = explode(':',$field_value);
if (!$explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]!='' ) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
case 'V6PREFIXLENGTH':
// find shortes ipv6 subnet can`t be longer
$sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1");
$sql_v6_explode=explode(':',$sql_v6['ip_address']);
$explode_field_value = explode(':',$field_value);
if (count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address'])) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg].$sql_v6[ip_address]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
$v6_prefix_ok=0;
$explode_field_value = explode(':',$field_value);
if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
if ( count($explode_field_value) <= 9 ) {
if (filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
if($v6_prefix_ok <> 1) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
break;
case 'ISIPV6':
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'ISIP':
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
//* Check if its a IPv4 or IPv6 address
if(isset($validator['separator']) && $validator['separator'] != '') {
//* When the field may contain several IP addresses, split them by the char defined as separator
$field_value_array = explode($validator['separator'], $field_value);
} else {
$field_value_array[] = $field_value;
}
foreach($field_value_array as $field_value) {
$field_value = trim($field_value);
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
$this->errorMessage .= $errmsg."<br />\r\n";
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'ISDATETIME':
/* Checks a datetime value against the date format of the current language */
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
$parsed_date = date_parse_from_format($this->datetimeformat,$field_value);
if($parsed_date['error_count'] > 0 || ($parsed_date['year'] == 1899 && $parsed_date['month'] == 12 && $parsed_date['day'] == 31)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
}
break;
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
case 'RANGE':
//* Checks if the value is within the given range or above / below a value
//* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
$range_parts = explode(':', trim($validator['range']));
$ok = true;
if($range_parts[0] != '' && $field_value < $range_parts[0]) {
$ok = false;
}
if($range_parts[1] != '' && $field_value > $range_parts[1]) {
$ok = false;
}
if($ok != true) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
unset($range_parts);
break;
case 'CUSTOM':
// Calls a custom class to validate this record
if($validator['class'] != '' and $validator['function'] != '') {
$validator_class = $validator['class'];
$validator_function = $validator['function'];
$app->uses($validator_class);
$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
$this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
break;
default:
$this->errorMessage .= "Unknown Validator: ".$validator['type'];
break;
}
}
return true;
}
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
Marius Cramer
committed
/* TODO: check for double quoting */
protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {
global $app;
$this->action = $action;
$this->primary_id = $primary_id;
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
$record = $this->encode($record, $tab, true);
if(($this->primary_id_override > 0)) {
$sql_insert_key .= '`'.$this->formDef["db_table_idx"].'`, ';
$sql_insert_val .= $this->primary_id_override.", ";
$record['_primary_id'] = $this->primary_id_override;
}
if($api == true) $fields = &$this->formDef['fields'];
else $fields = &$this->formDef['tabs'][$tab]['fields'];
// go trough all fields of the tab
if(is_array($record)) {
foreach($fields as $key => $field) {
// Wenn es kein leeres Passwortfeld ist
if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
// Erzeuge Insert oder Update Quelltext
if($action == "INSERT") {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
// The password for the mail system needs to be converted to latin1 before it is hashed.
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_insert_val .= "'".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_insert_val .= "'".$record[$key]."', ";
}
$sql_insert_key .= "`$key`, ";
$sql_insert_val .= (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
if($field['formtype'] == 'PASSWORD') {
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
// The password for the mail system needs to be converted to latin1 before it is hashed.
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_update .= "`$key` = '".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_update .= "`$key` = '".$record[$key]."', ";
}
$sql_update .= "`$key` = " . (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
} else {
// we unset the password filed, if empty to tell the datalog function
// that the password has not been changed
unset($record[$key]);
// Add backticks for incomplete table names
if(stristr($this->formDef['db_table'], '.')) {
$escape = '';
} else {
$escape = '`';
}
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
if($action == "INSERT") {
if($this->formDef['auth'] == 'yes') {
// Set user and group
$sql_insert_key .= "`sys_userid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', ";
$sql_insert_key .= "`sys_groupid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', ";
$sql_insert_key .= "`sys_perm_user`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', ";
$sql_insert_key .= "`sys_perm_group`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', ";
$sql_insert_key .= "`sys_perm_other`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', ";
}
$sql_insert_key = substr($sql_insert_key, 0, -2);
$sql_insert_val = substr($sql_insert_val, 0, -2);
$sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
} else {
if($this->formDef['auth'] == 'yes') {
if($primary_id != 0) {
if($api == true && $_SESSION["s"]["user"]["client_id"] > 0 && $_SESSION["s"]["user"]["iserid"] > 0 && $_SESSION["s"]["user"]["default_group"] > 0) {
$sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
$sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
}
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
} else {
if($primary_id != 0) {
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
}
//* return a empty string if there is nothing to update
if(trim($sql_update) == '') $sql = '';
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {
global $app;
// If there are no data records on the tab, return empty sql string
if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';
// checking permissions
if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
if($action == "INSERT") {
if(!$this->checkPerm($primary_id, 'i')) $this->errorMessage .= "Insert denied.<br />\r\n";
} else {
if(!$this->checkPerm($primary_id, 'u')) $this->errorMessage .= "Update denied.<br />\r\n";
}
if(!is_array($this->formDef)) $app->error("Form definition not found.");
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false);
}
/**
* Debugging arrays.
*
* @param array_data
*/
function dbg($array_data) {
echo "<pre>";
print_r($array_data);
echo "</pre>";
}
if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen.");
$active_tab = $this->getNextTab();
// go trough the tabs
foreach( $this->formDef["tabs"] as $key => $tab) {
$tab['name'] = $key;
// Translate the title of the tab
$tab['title'] = $this->lng($tab['title']);
if($tab['name'] == $active_tab) {
// If module is set, then set the template path relative to the module..
if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"];
// Generate the template if it does not exist yet.
if(!is_file($tab["template"])) {
$app->uses('tform_tpl_generator');
$app->tform_tpl_generator->buildHTML($this->formDef, $tab['name']);
}
$app->tpl->setVar('readonly_tab', (isset($tab['readonly']) && $tab['readonly'] == true));
$app->tpl->setInclude('content_tpl', $tab["template"]);
$tab["active"] = 1;
$_SESSION["s"]["form"]["tab"] = $tab['name'];
} else {
// Unset unused variables.
unset($tab["fields"]);
unset($tab["plugins"]);
$frmTab[] = $tab;
}
// setting form tabs
$app->tpl->setLoop("formTab", $frmTab);
// Set form action
$app->tpl->setVar('form_action', $this->formDef["action"]);
$app->tpl->setVar('form_active_tab', $active_tab);
// Set form title
$form_hint = $this->lng($this->formDef["title"]);
if($this->formDef["description"] != '') $form_hint .= '<div class="pageForm_description">'.$this->lng($this->formDef["description"]).'</div>';
$app->tpl->setVar('form_hint', $form_hint);
// Set Wordbook for this form
foreach($this->wordbook as $key => $val) {
if(strstr($val,'\'')) $val = stripslashes($val);
$app->tpl->setVar($key,$val);
}
function getDataRecord($primary_id) {
global $app;
$escape = '`';
$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
function datalogSave($action, $primary_id, $record_old, $record_new) {
global $app, $conf;
$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
return true;
}
function getAuthSQL($perm, $table = '') {
if($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0) {
return '1';
} else {
if ($table != ''){
$table = ' ' . $table . '.';
}
$groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0;
$sql = '(';
$sql .= "(" . $table . "sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND " . $table . "sys_perm_user like '%$perm%') OR ";
$sql .= "(" . $table . "sys_groupid IN (".$groups.") AND " . $table ."sys_perm_group like '%$perm%') OR ";
$sql .= $table . "sys_perm_other like '%$perm%'";
$sql .= ')';
return $sql;