ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
NBonline
2005-11-27 040f8cf58a0e20edb77a6fe4cfb4df1b35dc45d7 
 interface/lib/classes/tform.inc.php


@@ -101,12 +101,13 @@


   * der Variablen mit Regex



   * @var errorMessage



   */



   var $errorMessage;



   var $errorMessage = '';



   



   var $dateformat = "d.m.Y";



    var $formDef;



   var $wordbook;



   var $module;



   var $primary_id;



   



   /**



   * Laden der Tabellendefinition



@@ -215,9 +216,11 @@


         $querystring = str_replace("{GROUPS}",$_SESSION["s"]["user"]["groups"],$querystring);



         $table_idx = $this->formDef['db_table_idx'];



         $querystring = str_replace("{RECORDID}",$record[$table_idx],$querystring);



         $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring);



         



         // Getting the records



         $tmp_records = $app->db->queryAllRecords($querystring);



         if($app->db->errorMessage != '') die($app->db->errorMessage);



         if(is_array($tmp_records)) {



            $key_field = $field["datasource"]["keyfield"];



            $value_field = $field["datasource"]["valuefield"];



@@ -239,6 +242,8 @@


            $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n";



         }



      }



		


      return $values;



      



   }



   



@@ -354,6 +359,12 @@


      } else {



         // Action: NEW



         foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {



				


            // If Datasource is set, get the data from there



            if(is_array($field['datasource'])) {



               $field["value"] = $this->getDatasourceData($field, $record);



            }



				


            switch ($field['formtype']) {



            case 'SELECT':



               if(is_array($field['value'])) {



@@ -425,7 +436,7 @@


            break;



            



            default:



               $new_record[$key] = htmlspecialchars($field['value']);



               $new_record[$key] = htmlspecialchars($field['default']);



            }



         }



      



@@ -446,7 +457,7 @@


   function encode($record,$tab) {



      



      if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab).");



      $this->errorMessage = '';



      //$this->errorMessage = '';



      



      if(is_array($record)) {



         foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {



@@ -526,14 +537,15 @@


               }



            break;



            case 'UNIQUE':



               $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");



               if($this->action == 'NEW') {



                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");



                  if($num_rec["number"] > 0) {



                     $errmsg = $validator['errmsg'];



                     $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



                  }



               } else {



                  if($num_rec["number"] > 1) {



                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); 


                  if($num_rec["number"] > 0) {



                     $errmsg = $validator['errmsg'];



                     $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



                  }



@@ -545,14 +557,12 @@


                  $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



               }



            break;



            /*



            case 'ISEMAIL':



               if(!preg_match("", $field_value)) {



               if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,4}$/i", $field_value)) {



                  $errmsg = $validator['errmsg'];



                  $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



               }



            break;



            */



            case 'ISINT':



               $tmpval = intval($field_value);



               if($tmpval === 0 and !empty($field_value)) {



@@ -591,6 +601,9 @@


      



      global $app;



      



      // If there are no data records on the tab, return empty sql string



      if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';



		


      // checking permissions



      if($this->formDef['auth'] == 'yes') {



         if($action == "INSERT") {



@@ -601,6 +614,7 @@


      }



      



      $this->action = $action;



      $this->primary_id = $primary_id;



      



      $record = $this->encode($record,$tab);



      $sql_insert_key = '';



@@ -619,14 +633,22 @@


               if($action == "INSERT") {



                  if($field['formtype'] == 'PASSWORD') {



                     $sql_insert_key .= "`$key`, ";



                     $sql_insert_val .= "md5('".$record[$key]."'), ";



                     if($field['encryption'] == 'CRYPT') {



                        $sql_insert_val .= "'".crypt($record[$key])."', ";



                     } else {



                        $sql_insert_val .= "md5('".$record[$key]."'), ";



                     }



                  } else {



                     $sql_insert_key .= "`$key`, ";



                     $sql_insert_val .= "'".$record[$key]."', ";



                  }



               } else {



                  if($field['formtype'] == 'PASSWORD') {



                     $sql_update .= "`$key` = md5('".$record[$key]."'), ";



                     if($field['encryption'] == 'CRYPT') {



                        $sql_update .= "`$key` = '".crypt($record[$key])."', ";



                     } else {



                        $sql_update .= "`$key` = md5('".$record[$key]."'), ";



                     }



                  } else {



                     $sql_update .= "`$key` = '".$record[$key]."', ";



                  }



@@ -634,6 +656,7 @@


            }



         }



        }



		


      



      // Füge Backticks nur bei unvollständigen Tabellennamen ein



      if(stristr($this->formDef['db_table'],'.')) {



@@ -823,9 +846,12 @@


      } else {



         $result = false;



         if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true;



         if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;



         if($this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;



         if(@stristr($perm,$this->formDef["auth_preset"]["perm_other"])) $result = true;



         



         // if preset == 0, everyone can insert a record of this type



         if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0) $result = true;



			


         return $result;



         



      }