Newer
Older
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
if(function_exists('filter_var')) {
if(filter_var('check@'.$field_value, FILTER_VALIDATE_EMAIL) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
}
unset($error);
break;
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
if(function_exists('filter_var')) {
if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
$error = true;
} else {
if (!preg_match("/^[^\\+]+$/", $field_value)) { // * disallow + in local-part
$error = true;
}
}
if ($error) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
}
if(function_exists('filter_var') && $field_value < PHP_INT_MAX) {
Till Brehm
committed
//if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>0))) === false) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
break;
case 'ISPOSITIVE':
if(function_exists('filter_var')) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>1))) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'V6PREFIXEND':
$explode_field_value = explode(':',$field_value);
if (!$explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]!='' ) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
case 'V6PREFIXLENGTH':
// find shortes ipv6 subnet can`t be longer
$sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1");
$sql_v6_explode=explode(':',$sql_v6['ip_address']);
$explode_field_value = explode(':',$field_value);
if (count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address'])) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg].$sql_v6[ip_address]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
$v6_prefix_ok=0;
$explode_field_value = explode(':',$field_value);
if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
if ( count($explode_field_value) <= 9 ) {
if (filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
if($v6_prefix_ok <> 1) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
break;
case 'ISIPV6':
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'ISIP':
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
//* Check if its a IPv4 or IPv6 address
if(isset($validator['separator']) && $validator['separator'] != '') {
//* When the field may contain several IP addresses, split them by the char defined as separator
$field_value_array = explode($validator['separator'], $field_value);
} else {
$field_value_array[] = $field_value;
}
foreach($field_value_array as $field_value) {
$field_value = trim($field_value);
if(function_exists('filter_var')) {
if(!filter_var($field_value, FILTER_VALIDATE_IP)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
$this->errorMessage .= $errmsg."<br />\r\n";
} else $this->errorMessage .= "function filter_var missing <br />\r\n";
case 'ISDATETIME':
/* Checks a datetime value against the date format of the current language */
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
//* Do nothing
} else {
$parsed_date = date_parse_from_format($this->datetimeformat,$field_value);
if($parsed_date['error_count'] > 0 || ($parsed_date['year'] == 1899 && $parsed_date['month'] == 12 && $parsed_date['day'] == 31)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
}
break;
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
case 'RANGE':
//* Checks if the value is within the given range or above / below a value
//* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
$range_parts = explode(':', trim($validator['range']));
$ok = true;
if($range_parts[0] != '' && $field_value < $range_parts[0]) {
$ok = false;
}
if($range_parts[1] != '' && $field_value > $range_parts[1]) {
$ok = false;
}
if($ok != true) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
unset($range_parts);
break;
case 'CUSTOM':
// Calls a custom class to validate this record
if($validator['class'] != '' and $validator['function'] != '') {
$validator_class = $validator['class'];
$validator_function = $validator['function'];
$app->uses($validator_class);
$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
$this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
break;
default:
$this->errorMessage .= "Unknown Validator: ".$validator['type'];
break;
}
}
return true;
}
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
Marius Cramer
committed
/* TODO: check for double quoting */
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {
global $app;
$this->action = $action;
$this->primary_id = $primary_id;
$record = $this->encode($record, $tab, true);
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
if($api == true) $fields = &$this->formDef['fields'];
else $fields = &$this->formDef['tabs'][$tab]['fields'];
// go trough all fields of the tab
if(is_array($record)) {
foreach($fields as $key => $field) {
// Wenn es kein leeres Passwortfeld ist
if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
// Erzeuge Insert oder Update Quelltext
if($action == "INSERT") {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
// The password for the mail system needs to be converted to latin1 before it is hashed.
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_insert_val .= "'".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_insert_val .= "'".$record[$key]."', ";
}
$sql_insert_key .= "`$key`, ";
$sql_insert_val .= (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
if($field['formtype'] == 'PASSWORD') {
if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
// The password for the mail system needs to be converted to latin1 before it is hashed.
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
} elseif ($field['formtype'] == 'CHECKBOX') {
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
$sql_update .= "`$key` = '".$field['value'][0]."', ";
$record[$key] = $field['value'][0];
} else {
$sql_update .= "`$key` = '".$record[$key]."', ";
}
$sql_update .= "`$key` = " . (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
} else {
// we unset the password filed, if empty to tell the datalog function
// that the password has not been changed
unset($record[$key]);
// Add backticks for incomplete table names
if(stristr($this->formDef['db_table'], '.')) {
$escape = '';
} else {
$escape = '`';
}
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
if($action == "INSERT") {
if($this->formDef['auth'] == 'yes') {
// Set user and group
$sql_insert_key .= "`sys_userid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', ";
$sql_insert_key .= "`sys_groupid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', ";
$sql_insert_key .= "`sys_perm_user`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', ";
$sql_insert_key .= "`sys_perm_group`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', ";
$sql_insert_key .= "`sys_perm_other`, ";
$sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', ";
}
$sql_insert_key = substr($sql_insert_key, 0, -2);
$sql_insert_val = substr($sql_insert_val, 0, -2);
$sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
} else {
if($this->formDef['auth'] == 'yes') {
if($primary_id != 0) {
if($api == true && $_SESSION["s"]["user"]["client_id"] > 0 && $_SESSION["s"]["user"]["iserid"] > 0 && $_SESSION["s"]["user"]["default_group"] > 0) {
$sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
$sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
}
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
} else {
if($primary_id != 0) {
$sql_update = substr($sql_update, 0, -2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
$app->error("Primary ID fehlt!");
}
}
//* return a empty string if there is nothing to update
if(trim($sql_update) == '') $sql = '';
/**
* Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
* @param primary_id
* @return record
*/
function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {
global $app;
// If there are no data records on the tab, return empty sql string
if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';
// checking permissions
if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
if($action == "INSERT") {
if(!$this->checkPerm($primary_id, 'i')) $this->errorMessage .= "Insert denied.<br />\r\n";
} else {
if(!$this->checkPerm($primary_id, 'u')) $this->errorMessage .= "Update denied.<br />\r\n";
}
if(!is_array($this->formDef)) $app->error("Form definition not found.");
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false);
}
/**
* Debugging arrays.
*
* @param array_data
*/
function dbg($array_data) {
echo "<pre>";
print_r($array_data);
echo "</pre>";
}
if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen.");
$active_tab = $this->getNextTab();
// go trough the tabs
foreach( $this->formDef["tabs"] as $key => $tab) {
$tab['name'] = $key;
// Translate the title of the tab
$tab['title'] = $this->lng($tab['title']);
if($tab['name'] == $active_tab) {
// If module is set, then set the template path relative to the module..
if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"];
// Generate the template if it does not exist yet.
if(!is_file($tab["template"])) {
$app->uses('tform_tpl_generator');
$app->tform_tpl_generator->buildHTML($this->formDef, $tab['name']);
}
$app->tpl->setVar('readonly_tab', (isset($tab['readonly']) && $tab['readonly'] == true));
$app->tpl->setInclude('content_tpl', $tab["template"]);
$tab["active"] = 1;
$_SESSION["s"]["form"]["tab"] = $tab['name'];
} else {
// Unset unused variables.
unset($tab["fields"]);
unset($tab["plugins"]);
$frmTab[] = $tab;
}
// setting form tabs
$app->tpl->setLoop("formTab", $frmTab);
// Set form action
$app->tpl->setVar('form_action', $this->formDef["action"]);
$app->tpl->setVar('form_active_tab', $active_tab);
// Set form title
$form_hint = $this->lng($this->formDef["title"]);
if($this->formDef["description"] != '') $form_hint .= '<div class="pageForm_description">'.$this->lng($this->formDef["description"]).'</div>';
$app->tpl->setVar('form_hint', $form_hint);
// Set Wordbook for this form
$app->tpl->setVar($this->wordbook);
}
function getDataRecord($primary_id) {
global $app;
$escape = '`';
$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
function datalogSave($action, $primary_id, $record_old, $record_new) {
global $app, $conf;
$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
return true;
}
function getAuthSQL($perm, $table = '') {
if($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0) {
return '1';
} else {
if ($table != ''){
$table = ' ' . $table . '.';
}
$groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0;
$sql = '(';
$sql .= "(" . $table . "sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND " . $table . "sys_perm_user like '%$perm%') OR ";
$sql .= "(" . $table . "sys_groupid IN (".$groups.") AND " . $table ."sys_perm_group like '%$perm%') OR ";
$sql .= $table . "sys_perm_other like '%$perm%'";
$sql .= ')';
return $sql;