commit | author | age
|
2dadd2
|
1 |
<?php |
T |
2 |
|
|
3 |
/* |
|
4 |
Copyright (c) 2007, Till Brehm, projektfarm Gmbh |
|
5 |
All rights reserved. |
|
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
bd68aa
|
10 |
* Redistributions of source code must retain the above copyright notice, |
MC |
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
2dadd2
|
18 |
|
T |
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
*/ |
|
30 |
|
|
31 |
/** |
b1a6a5
|
32 |
* Formularbehandlung |
MC |
33 |
* |
|
34 |
* Functions to validate, display and save form values |
|
35 |
* |
|
36 |
* Database table field definitions |
|
37 |
* |
|
38 |
* Datatypes: |
|
39 |
* - INTEGER (Converts data to int automatically) |
|
40 |
* - DOUBLE |
|
41 |
* - CURRENCY (Formats digits in currency notation) |
|
42 |
* - VARCHAR (No format check) |
|
43 |
* - DATE (Date format, converts from and to UNIX timestamps automatically) |
|
44 |
* |
|
45 |
* Formtype: |
|
46 |
* - TEXT (Normal text field) |
|
47 |
* - PASSWORD (password field, the content will not be displayed again to the user) |
|
48 |
* - SELECT (Option fiield) |
|
49 |
* - MULTIPLE (Allows selection of multiple values) |
|
50 |
* |
|
51 |
* VALUE: |
|
52 |
* - Value or array |
|
53 |
* |
|
54 |
* SEPARATOR |
|
55 |
* - separator char used for fileds with multiple values |
|
56 |
* |
|
57 |
* Hint: The auto increment (ID) filed of the table has not be be definied separately. |
|
58 |
* |
|
59 |
*/ |
|
60 |
|
|
61 |
|
a0b289
|
62 |
global $app; |
5bff39
|
63 |
$app->load('tform_base'); |
M |
64 |
class tform extends tform_base { |
b1a6a5
|
65 |
/* |
2332b2
|
66 |
This function checks if a user has the parmissions $perm for the data record with the ID $record_id |
T |
67 |
If record_id = 0, the the permissions are tested against the defaults of the form file. |
|
68 |
*/ |
7fe908
|
69 |
|
b1a6a5
|
70 |
function checkPerm($record_id, $perm) { |
MC |
71 |
global $app; |
2dadd2
|
72 |
|
35509d
|
73 |
$record_id = $app->functions->intval($record_id); |
b1a6a5
|
74 |
if($record_id > 0) { |
2dadd2
|
75 |
// Add backticks for incomplete table names. |
b1a6a5
|
76 |
if(stristr($this->formDef['db_table'], '.')) { |
05beae
|
77 |
$escape = ''; |
MC |
78 |
} else { |
|
79 |
$escape = '`'; |
|
80 |
} |
|
81 |
|
2af58c
|
82 |
$sql = "SELECT ?? FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL($perm); |
MC |
83 |
if($record = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], $this->formDef['db_table_idx'], $record_id)) { |
2dadd2
|
84 |
return true; |
T |
85 |
} else { |
|
86 |
return false; |
|
87 |
} |
b1a6a5
|
88 |
} else { |
MC |
89 |
$result = false; |
|
90 |
if(@$this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm, $this->formDef["auth_preset"]["perm_user"])) $result = true; |
|
91 |
if(@$this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm, $this->formDef["auth_preset"]["perm_group"])) $result = true; |
|
92 |
if(@stristr($this->formDef["auth_preset"]["perm_other"], $perm)) $result = true; |
|
93 |
|
|
94 |
// if preset == 0, everyone can insert a record of this type |
|
95 |
if($this->formDef["auth_preset"]["userid"] == 0 and $this->formDef["auth_preset"]["groupid"] == 0 and (@stristr($this->formDef["auth_preset"]["perm_user"], $perm) or @stristr($this->formDef["auth_preset"]["perm_group"], $perm))) $result = true; |
|
96 |
|
|
97 |
return $result; |
|
98 |
|
05beae
|
99 |
} |
MC |
100 |
|
b1a6a5
|
101 |
} |
05beae
|
102 |
|
b1a6a5
|
103 |
function getNextTab() { |
MC |
104 |
// Which tab is shown |
|
105 |
if($this->errorMessage == '') { |
|
106 |
// If there is no error |
|
107 |
if(isset($_REQUEST["next_tab"]) && $_REQUEST["next_tab"] != '') { |
|
108 |
// If the next tab is known |
|
109 |
$active_tab = $_REQUEST["next_tab"]; |
2dadd2
|
110 |
} else { |
b1a6a5
|
111 |
// else use the default tab |
MC |
112 |
$active_tab = $this->formDef['tab_default']; |
2dadd2
|
113 |
} |
b1a6a5
|
114 |
} else { |
MC |
115 |
// Show the same tab again in case of an error |
|
116 |
$active_tab = $_SESSION["s"]["form"]["tab"]; |
2dadd2
|
117 |
} |
05beae
|
118 |
|
b1a6a5
|
119 |
return $active_tab; |
MC |
120 |
} |
05beae
|
121 |
|
b1a6a5
|
122 |
function getCurrentTab() { |
MC |
123 |
return $_SESSION["s"]["form"]["tab"]; |
|
124 |
} |
05beae
|
125 |
|
b1a6a5
|
126 |
function isReadonlyTab($tab, $primary_id) { |
MC |
127 |
global $app, $conf; |
|
128 |
|
|
129 |
// Add backticks for incomplete table names. |
|
130 |
if(stristr($this->formDef['db_table'], '.')) { |
|
131 |
$escape = ''; |
|
132 |
} else { |
|
133 |
$escape = '`'; |
|
134 |
} |
|
135 |
|
2af58c
|
136 |
$sql = "SELECT sys_userid FROM ?? WHERE ?? = ?"; |
MC |
137 |
$record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id); |
b1a6a5
|
138 |
|
MC |
139 |
// return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record. |
|
140 |
if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) { |
|
141 |
return true; |
|
142 |
} else { |
|
143 |
return false; |
|
144 |
} |
|
145 |
} |
|
146 |
|
|
147 |
|
|
148 |
// translation function for forms, tries the form wordbook first and if this fails, it tries the global wordbook |
|
149 |
function lng($msg) { |
|
150 |
global $app, $conf; |
|
151 |
|
|
152 |
if(isset($this->wordbook[$msg])) { |
|
153 |
return $this->wordbook[$msg]; |
|
154 |
} else { |
|
155 |
return $app->lng($msg); |
|
156 |
} |
|
157 |
|
|
158 |
} |
|
159 |
|
|
160 |
function checkClientLimit($limit_name, $sql_where = '') { |
|
161 |
global $app; |
|
162 |
|
|
163 |
$check_passed = true; |
|
164 |
if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); |
|
165 |
|
|
166 |
// Get the limits of the client that is currently logged in |
35509d
|
167 |
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
2af58c
|
168 |
$client = $app->db->queryOneRecord("SELECT ?? as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $limit_name, $client_group_id); |
b1a6a5
|
169 |
|
MC |
170 |
// Check if the user may add another item |
|
171 |
if($client["number"] >= 0) { |
2af58c
|
172 |
$sql = "SELECT count(??) as number FROM ?? WHERE ".$this->getAuthSQL('u'); |
b1a6a5
|
173 |
if($sql_where != '') $sql .= ' and '.$sql_where; |
2af58c
|
174 |
$tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table']); |
b1a6a5
|
175 |
if($tmp["number"] >= $client["number"]) $check_passed = false; |
MC |
176 |
} |
|
177 |
|
|
178 |
return $check_passed; |
|
179 |
} |
|
180 |
|
|
181 |
function checkResellerLimit($limit_name, $sql_where = '') { |
|
182 |
global $app; |
|
183 |
|
|
184 |
$check_passed = true; |
|
185 |
if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); |
|
186 |
|
|
187 |
// Get the limits of the client that is currently logged in |
35509d
|
188 |
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
cc7a82
|
189 |
$client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); |
b1a6a5
|
190 |
|
MC |
191 |
//* If the client belongs to a reseller, we will check against the reseller Limit too |
|
192 |
if($client['parent_client_id'] != 0) { |
|
193 |
|
|
194 |
//* first we need to know the groups of this reseller |
2af58c
|
195 |
$tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']); |
b1a6a5
|
196 |
$reseller_groups = $tmp["groups"]; |
MC |
197 |
$reseller_userid = $tmp["userid"]; |
|
198 |
|
|
199 |
// Get the limits of the reseller of the logged in client |
3cebc3
|
200 |
$client_group_id = $_SESSION["s"]["user"]["default_group"]; |
2af58c
|
201 |
$reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ?", $client['parent_client_id']); |
05beae
|
202 |
|
3cebc3
|
203 |
// Check if the user may add another item |
b1a6a5
|
204 |
if($reseller["number"] >= 0) { |
2af58c
|
205 |
$sql = "SELECT count(??) as number FROM ?? WHERE (sys_groupid IN ? or sys_userid = ?)"; |
3cebc3
|
206 |
if($sql_where != '') $sql .= ' and '.$sql_where; |
2af58c
|
207 |
$tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], explode(',', $reseller_groups), $reseller_userid); |
b1a6a5
|
208 |
if($tmp["number"] >= $reseller["number"]) $check_passed = false; |
3cebc3
|
209 |
} |
T |
210 |
} |
05beae
|
211 |
|
b1a6a5
|
212 |
return $check_passed; |
MC |
213 |
} |
05beae
|
214 |
|
b1a6a5
|
215 |
//* get the difference record of two arrays |
MC |
216 |
function getDiffRecord($record_old, $record_new) { |
05beae
|
217 |
|
b1a6a5
|
218 |
if(is_array($record_new) && count($record_new) > 0) { |
11b3da
|
219 |
foreach($record_new as $key => $val) { |
T |
220 |
if(@$record_old[$key] != $val) { |
|
221 |
// Record has changed |
b1a6a5
|
222 |
$diffrec[$key] = array( 'old' => @$record_old[$key], |
MC |
223 |
'new' => $val); |
11b3da
|
224 |
} |
b1a6a5
|
225 |
} |
MC |
226 |
} elseif(is_array($record_old)) { |
|
227 |
foreach($record_old as $key => $val) { |
|
228 |
if($record_new[$key] != $val) { |
|
229 |
// Record has changed |
|
230 |
$diffrec[$key] = array( 'new' => $record_new[$key], |
|
231 |
'old' => $val); |
11b3da
|
232 |
} |
b1a6a5
|
233 |
} |
MC |
234 |
} |
|
235 |
return $diffrec; |
05beae
|
236 |
|
b1a6a5
|
237 |
} |
566c28
|
238 |
|
TB |
239 |
/** |
|
240 |
* Generate HTML for DATE fields. |
|
241 |
* |
|
242 |
* @access private |
|
243 |
* @param string $form_element Name of the form element. |
|
244 |
* @param string $default_value Selected value for fields. |
|
245 |
* @return string HTML |
|
246 |
*/ |
|
247 |
function _getDateHTML($form_element, $default_value) |
|
248 |
{ |
|
249 |
$_date = ($default_value && $default_value != '0000-00-00' ? strtotime($default_value) : false); |
|
250 |
$_showdate = ($_date === false) ? false : true; |
|
251 |
|
|
252 |
$tmp_dt = strtr($this->dateformat,array('d' => 'dd', 'm' => 'mm', 'Y' => 'yyyy', 'y' => 'yy')); |
|
253 |
|
|
254 |
return '<input type="text" class="form-control" name="' . $form_element . '" value="' . ($_showdate ? date($this->dateformat, $_date) : '') . '" data-input-element="date" data-date-format="' . $tmp_dt . '" />'; |
|
255 |
} |
b1a6a5
|
256 |
|
MC |
257 |
|
|
258 |
/** |
|
259 |
* Generate HTML for DATETIME fields. |
|
260 |
* |
|
261 |
* @access private |
|
262 |
* @param string $form_element Name of the form element. |
|
263 |
* @param string $default_value Selected value for fields. |
|
264 |
* @param bool $display_secons Include seconds selection. |
|
265 |
* @return string HTML |
|
266 |
*/ |
|
267 |
function _getDateTimeHTML($form_element, $default_value, $display_seconds=false) |
|
268 |
{ |
eebe76
|
269 |
$_datetime = ($default_value && $default_value != '0000-00-00 00:00:00' ? strtotime($default_value) : false); |
b1a6a5
|
270 |
$_showdate = ($_datetime === false) ? false : true; |
MC |
271 |
|
|
272 |
$dselect = array('day', 'month', 'year', 'hour', 'minute'); |
|
273 |
if ($display_seconds === true) { |
|
274 |
$dselect[] = 'second'; |
11b3da
|
275 |
} |
43e5b6
|
276 |
|
MC |
277 |
$tmp_dt = strtr($this->datetimeformat,array('d' => 'dd', 'm' => 'mm', 'Y' => 'yyyy', 'y' => 'yy', 'H' => 'hh', 'h' => 'HH', 'i' => 'ii')) . ($display_seconds ? ':ss' : ''); |
05beae
|
278 |
|
b1a6a5
|
279 |
$out = ''; |
43e5b6
|
280 |
|
MC |
281 |
return '<input type="text" class="form-control" name="' . $form_element . '" value="' . ($_showdate ? date($this->datetimeformat . ($display_seconds ? ':s' : ''), $_datetime) : '') . '" data-input-element="datetime" data-date-format="' . $tmp_dt . '" />'; |
|
282 |
/* |
b1a6a5
|
283 |
foreach ($dselect as $dt_element) |
75ae20
|
284 |
{ |
b1a6a5
|
285 |
$dt_options = array(); |
MC |
286 |
$dt_space = 1; |
2dadd2
|
287 |
|
b1a6a5
|
288 |
switch ($dt_element) { |
MC |
289 |
case 'day': |
|
290 |
for ($i = 1; $i <= 31; $i++) { |
|
291 |
$dt_options[] = array('name' => sprintf('%02d', $i), |
|
292 |
'value' => sprintf('%d', $i)); |
75ae20
|
293 |
} |
b1a6a5
|
294 |
$selected_value = date('d', $_datetime); |
MC |
295 |
break; |
05beae
|
296 |
|
b1a6a5
|
297 |
case 'month': |
MC |
298 |
for ($i = 1; $i <= 12; $i++) { |
|
299 |
$dt_options[] = array('name' => strftime('%b', mktime(0, 0, 0, $i, 1, 2000)), |
|
300 |
'value' => strftime('%m', mktime(0, 0, 0, $i, 1, 2000))); |
|
301 |
} |
|
302 |
$selected_value = date('n', $_datetime); |
|
303 |
break; |
|
304 |
|
|
305 |
case 'year': |
|
306 |
$start_year = strftime("%Y"); |
|
307 |
$years = range((int)$start_year, (int)($start_year+3)); |
|
308 |
|
|
309 |
foreach ($years as $year) { |
|
310 |
$dt_options[] = array('name' => $year, |
|
311 |
'value' => $year); |
|
312 |
} |
|
313 |
$selected_value = date('Y', $_datetime); |
|
314 |
$dt_space = 2; |
|
315 |
break; |
|
316 |
|
|
317 |
case 'hour': |
|
318 |
foreach(range(0, 23) as $hour) { |
|
319 |
$dt_options[] = array('name' => sprintf('%02d', $hour), |
|
320 |
'value' => sprintf('%d', $hour)); |
|
321 |
} |
|
322 |
$selected_value = date('G', $_datetime); |
|
323 |
break; |
|
324 |
|
|
325 |
case 'minute': |
|
326 |
foreach(range(0, 59) as $minute) { |
|
327 |
if (($minute % 5) == 0) { |
|
328 |
$dt_options[] = array('name' => sprintf('%02d', $minute), |
|
329 |
'value' => sprintf('%d', $minute)); |
75ae20
|
330 |
} |
W |
331 |
} |
b1a6a5
|
332 |
$selected_value = (int)floor(date('i', $_datetime)); |
MC |
333 |
break; |
05beae
|
334 |
|
b1a6a5
|
335 |
case 'second': |
MC |
336 |
foreach(range(0, 59) as $second) { |
|
337 |
$dt_options[] = array('name' => sprintf('%02d', $second), |
|
338 |
'value' => sprintf('%d', $second)); |
|
339 |
} |
|
340 |
$selected_value = (int)floor(date('s', $_datetime)); |
|
341 |
break; |
75ae20
|
342 |
} |
43e5b6
|
343 |
|
b1a6a5
|
344 |
$out .= "<select name=\"".$form_element."[$dt_element]\" id=\"".$form_element."_$dt_element\" class=\"selectInput\" style=\"width: auto; float: none;\">"; |
MC |
345 |
if (!$_showdate) { |
|
346 |
$out .= "<option value=\"-\" selected=\"selected\">--</option>" . PHP_EOL; |
|
347 |
} else { |
|
348 |
$out .= "<option value=\"-\">--</option>" . PHP_EOL; |
|
349 |
} |
|
350 |
|
|
351 |
foreach ($dt_options as $dt_opt) { |
|
352 |
if ( $_showdate && ($selected_value == $dt_opt['value']) ) { |
|
353 |
$out .= "<option value=\"{$dt_opt['value']}\" selected=\"selected\">{$dt_opt['name']}</option>" . PHP_EOL; |
|
354 |
} else { |
|
355 |
$out .= "<option value=\"{$dt_opt['value']}\">{$dt_opt['name']}</option>" . PHP_EOL; |
|
356 |
} |
|
357 |
} |
|
358 |
|
|
359 |
$out .= '</select>' . str_repeat(' ', $dt_space); |
75ae20
|
360 |
} |
b1a6a5
|
361 |
|
43e5b6
|
362 |
return $out;*/ |
b1a6a5
|
363 |
} |
MC |
364 |
|
2dadd2
|
365 |
} |
T |
366 |
|
d7ef36
|
367 |
?> |