Added "DATE" form type that works like the "DATETIME" type incl. date picke...

Till Brehm

2016-06-29 566c28a952bf361ba9a22d7c39d5c335f6956ab2

 interface/lib/classes/tform_base.inc.php

@@ -98,6 +98,7 @@
   var $errorMessage = '';

   var $dateformat = "d.m.Y";
   var $datetimeformat = 'd.m.Y H:i'; // is set to the correct value in loadFormDef
   var $formDef = array();
   var $wordbook;
   var $module;
@@ -126,6 +127,7 @@
      global $app, $conf;

      include $file;
      $app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$form['name'] . ':on_before_formdef', $this);
      $this->formDef = $form;

      $this->module = $module;
@@ -149,10 +151,13 @@
         $wb = $app->functions->array_merge($wb_global, $wb);
      }
      if(isset($wb_global)) unset($wb_global);

		
      $this->wordbook = $wb;
		
      $app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'] . ':on_after_formdef', $this);

      $this->dateformat = $app->lng('conf_format_dateshort');
      $this->datetimeformat = $app->lng('conf_format_datetime');

      return true;
   }
@@ -201,7 +206,7 @@
               break;

            case 'DATE':
               if($record[$key] != '' && $record[$key] != '0000-00-00') {
               if($record[$key] != '' && !is_null($record[$key]) && $record[$key] != '0000-00-00') {
                  $tmp = explode('-', $record[$key]);
                  $new_record[$key] = date($this->dateformat, mktime(0, 0, 0, $tmp[1]  , $tmp[2], $tmp[0]));
               }
@@ -270,7 +275,7 @@
         unset($tmp_recordid);

         $querystring = str_replace("{AUTHSQL}", $this->getAuthSQL('r'), $querystring);
         $querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', array($this, 'table_auth_sql'), $querystring);
         $querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', create_function('$matches','global $app; $tmp = $app->tform->getAuthSQL("r", $matches[1]); return $tmp;'), $querystring);

         // Getting the records
         $tmp_records = $app->db->queryAllRecords($querystring);
@@ -312,10 +317,12 @@

   }

   /*
   function table_auth_sql($matches){
      return $this->getAuthSQL('r', $matches[1]);
   }

   */
	
   /**
    * Get the key => value array of a form filled from a datasource definitiom
    *
@@ -345,7 +352,7 @@
            return $values;
         } else {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
            $allowed = explode(',', $client['lm']);
         }
      }
@@ -357,19 +364,19 @@
         } else {
            //* Get the limits of the client that is currently logged in
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
            //echo "SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
            //* If the client belongs to a reseller, we will check against the reseller Limit too
            if($client['parent_client_id'] != 0) {

               //* first we need to know the groups of this reseller
               $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);
               $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
               $reseller_groups = $tmp["groups"];
               $reseller_userid = $tmp["userid"];

               // Get the limits of the reseller of the logged in client
               $client_group_id = $_SESSION["s"]["user"]["default_group"];
               $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ".$client['parent_client_id']);
               $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ?", $client['parent_client_id']);
               $allowed = explode(',', $reseller['lm']);
            } else {
               return $values;
@@ -410,6 +417,28 @@
      if(!is_array($this->formDef)) $app->error("No form definition found.");
      if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");

      /* CSRF PROTECTION */
      // generate csrf protection id and key
      $csrf_token = $app->auth->csrf_token_get($this->formDef['name']);
      $_csrf_id = $csrf_token['csrf_id'];
      $_csrf_value = $csrf_token['csrf_key'];
		
      $this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array(
         'datatype' => 'VARCHAR',
         'formtype' => 'TEXT',
         'default' => $_csrf_id,
         'value' => $_csrf_id
      );
      $this->formDef['tabs'][$tab]['fields']['_csrf_key'] = array(
         'datatype' => 'VARCHAR',
         'formtype' => 'TEXT',
         'default' => $_csrf_value,
         'value' => $_csrf_value
      );
      $record['_csrf_id'] = $_csrf_id;
      $record['_csrf_key'] = $_csrf_value;
      /* CSRF PROTECTION */
		
      $new_record = array();
      if($action == 'EDIT') {
         $record = $this->decode($record, $tab);
@@ -443,7 +472,7 @@
                  if(is_array($field['value'])) {
                     foreach($field['value'] as $k => $v) {
                        $selected = ($k == $val)?' SELECTED':'';
                        if(!empty($this->wordbook[$v]))
                        if(isset($this->wordbook[$v]))
                           $v = $this->wordbook[$v];
                        $out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
                     }
@@ -533,6 +562,18 @@
                  $new_record[$key] = $this->_getDateTimeHTML($key, $dt_value, $display_seconds);
                  break;

               case 'DATE':
                  if (strtotime($val) !== false) {
                     $dt_value = $val;
                  } elseif ( isset($field['default']) && (strtotime($field['default']) !== false) ) {
                     $dt_value = $field['default'];
                  } else {
                     $dt_value = 0;
                  }

                  $new_record[$key] = $this->_getDateHTML($key, $dt_value);
                  break;
					
               default:
                  if(isset($record[$key])) {
                     $new_record[$key] = htmlspecialchars($record[$key]);
@@ -643,6 +684,12 @@

               $new_record[$key] = $this->_getDateTimeHTML($key, $dt_value, $display_seconds);
               break;
				
            case 'DATE':
               $dt_value = (isset($field['default'])) ? $field['default'] : 0;

               $new_record[$key] = $this->_getDateHTML($key, $dt_value);
               break;

            default:
               $new_record[$key] = htmlspecialchars($field['default']);
@@ -665,8 +712,46 @@
    */
   protected function _encode($record, $tab, $dbencode = true, $api = false) {
      global $app;
      if($api == true) $fields = &$this->formDef['fields'];
      else $fields = &$this->formDef['tabs'][$tab]['fields'];
      if($api == true) {
         $fields = &$this->formDef['fields'];
      } else {
         $fields = &$this->formDef['tabs'][$tab]['fields'];
         /* CSRF PROTECTION */
         if(isset($_POST) && is_array($_POST)) {
            $_csrf_valid = false;
            if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
               $_csrf_id = trim($_POST['_csrf_id']);
               $_csrf_key = trim($_POST['_csrf_key']);
               if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
                  if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
               }
            }
            if($_csrf_valid !== true) {
               $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
               $errmsg = 'err_csrf_attempt_blocked';
               $this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";
               unset($_POST);
               unset($record);
            }
				
            if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
               $to_unset = array();
               foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
                  if($timeout < time()) $to_unset[] = $_csrf_id;
               }
               foreach($to_unset as $_csrf_id) {
                  $_SESSION['_csrf'][$_csrf_id] = null;
                  $_SESSION['_csrf_timeout'][$_csrf_id] = null;
                  unset($_SESSION['_csrf'][$_csrf_id]);
                  unset($_SESSION['_csrf_timeout'][$_csrf_id]);
               }
               unset($to_unset);
            }
         }
         /* CSRF PROTECTION */
      }
		
      $new_record = array();
      if(is_array($record)) {
         foreach($fields as $key => $field) {

@@ -703,27 +788,20 @@
               }
               break;
            case 'DATE':
               if($record[$key] != '' && $record[$key] != '0000-00-00') {
               if($record[$key] != '' && !is_null($record[$key]) && $record[$key] != '0000-00-00') {
                  if(function_exists('date_parse_from_format')) {
                     $date_parts = date_parse_from_format($this->dateformat, $record[$key]);
                     //list($tag,$monat,$jahr) = explode('.',$record[$key]);
                     $new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day'];
                     //$tmp = strptime($record[$key],$this->dateformat);
                     //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
                     $new_record[$key] = $date_parts['year'].'-'.str_pad($date_parts['month'], 2, "0", STR_PAD_LEFT).'-'.str_pad($date_parts['day'], 2, "0", STR_PAD_LEFT);
                  } else {
                     //$tmp = strptime($record[$key],$this->dateformat);
                     //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
                     $tmp = strtotime($record[$key]);
                     $new_record[$key] = date('Y-m-d', $tmp);
                  }
               } else {
                  $new_record[$key] = '0000-00-00';
                  $new_record[$key] = null;
               }
               break;
            case 'INTEGER':
               $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
               //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default'];
               //if($key == 'refresh') die($record[$key]);
               break;
            case 'DOUBLE':
               $new_record[$key] = $record[$key];
@@ -733,7 +811,7 @@
               break;

            case 'DATETIME':
               if (is_array($record[$key]))
               /*if (is_array($record[$key]))
               {
                  $filtered_values = array_map(create_function('$item', 'return (int)$item;'), $record[$key]);
                  extract($filtered_values, EXTR_PREFIX_ALL, '_dt');
@@ -741,7 +819,22 @@
                  if ($_dt_day != 0 && $_dt_month != 0 && $_dt_year != 0) {
                     $new_record[$key] = date( 'Y-m-d H:i:s', mktime($_dt_hour, $_dt_minute, $_dt_second, $_dt_month, $_dt_day, $_dt_year) );
                  }
               }
               } else {*/
                  if($record[$key] != '' && !is_null($record[$key]) && $record[$key] != '0000-00-00 00:00:00') {
                     //$tmp = strtotime($record[$key]);
                     //$new_record[$key] = date($this->datetimeformat, $tmp);
                     $parsed_date = date_parse_from_format($this->datetimeformat,$record[$key]);
                     if($parsed_date['error_count'] > 0 || ($parsed_date['year'] == 1899 && $parsed_date['month'] == 12 && $parsed_date['day'] == 31)) {
                        // There was an error, set the date to 0
                        $new_record[$key] = null;
                     } else {
                        // Date parsed successfully. Convert it to database format
                        $new_record[$key] = date( 'Y-m-d H:i:s', mktime($parsed_date['hour'], $parsed_date['minute'], $parsed_date['second'], $parsed_date['month'], $parsed_date['day'], $parsed_date['year']) );
                     }
                  } else {
                     $new_record[$key] = null;
                  }
               /*}*/
               break;
            }

@@ -756,7 +849,7 @@
            }

            //* Add slashes to all records, when we encode data which shall be inserted into mysql.
            if($dbencode == true) $new_record[$key] = $app->db->quote($new_record[$key]);
            if($dbencode == true && !is_null($new_record[$key])) $new_record[$key] = $app->db->quote($new_record[$key]);
         }
      }
      return $new_record;
@@ -808,6 +901,12 @@
            case 'IDNTOUTF8':
               $returnval = $app->functions->idn_decode($returnval);
               break;
            case 'TRIM':
               $returnval = trim($returnval);
               break;
            case 'NOWHITESPACE':
               $returnval = preg_replace('/\s+/', '', $returnval);
               break;
            default:
               $this->errorMessage .= "Unknown Filter: ".$filter['type'];
               break;
@@ -851,7 +950,7 @@
            if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
            if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
               if($this->action == 'NEW') {
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ?", $this->formDef['db_table'], $field_name, $field_value);
                  if($num_rec["number"] > 0) {
                     $errmsg = $validator['errmsg'];
                     if(isset($this->wordbook[$errmsg])) {
@@ -861,7 +960,7 @@
                     }
                  }
               } else {
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ? AND ?? != ?", $this->formDef['db_table'], $field_name, $field_value, $this->formDef['db_table_idx'], $this->primary_id);
                  if($num_rec["number"] > 0) {
                     $errmsg = $validator['errmsg'];
                     if(isset($this->wordbook[$errmsg])) {
@@ -874,7 +973,7 @@
            }
            break;
         case 'NOTEMPTY':
            if(empty($field_value)) {
            if(!isset($field_value) || $field_value === '') {
               $errmsg = $validator['errmsg'];
               if(isset($this->wordbook[$errmsg])) {
                  $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -892,29 +991,37 @@
                  $this->errorMessage .= $errmsg."<br />\r\n";
               }
            }
            break;
         case 'ISEMAIL':
            if(function_exists('filter_var')) {
               if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
                  $errmsg = $validator['errmsg'];
                  if(isset($this->wordbook[$errmsg])) {
                     $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                  } else {
                     $this->errorMessage .= $errmsg."<br />\r\n";
                  }
               }
            $error = false;
            if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
            if($validator['allowempty'] == 'y' && $field_value == '') {
               //* Do nothing
            } else {
               if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
                  $errmsg = $validator['errmsg'];
                  if(isset($this->wordbook[$errmsg])) {
                     $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
               if(function_exists('filter_var')) {
                  if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
                     $error = true;
                  } else {
                     $this->errorMessage .= $errmsg."<br />\r\n";
                     if (!preg_match("/^[^\\+]+$/", $field_value)) { // * disallow + in local-part
                        $error = true;
                     }
                  }
               }
                  if ($error) {
                     $errmsg = $validator['errmsg'];
                     if(isset($this->wordbook[$errmsg])) {
                        $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                     } else {
                        $this->errorMessage .= $errmsg."<br />\r\n";
                     }
                  }

               } else $this->errorMessage .= "function filter_var missing <br />\r\n";
            }
            unset($error);
            break;
         case 'ISINT':
            if(function_exists('filter_var') && $field_value < 2147483647) {
            if(function_exists('filter_var') && $field_value < PHP_INT_MAX) {
               //if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>0))) === false) {
               if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
                  $errmsg = $validator['errmsg'];
                  if(isset($this->wordbook[$errmsg])) {
@@ -923,9 +1030,11 @@
                     $this->errorMessage .= $errmsg."<br />\r\n";
                  }
               }
            } else {
               $tmpval = $app->functions->intval($field_value);
               if($tmpval === 0 and !empty($field_value)) {
            } else $this->errorMessage .= "function filter_var missing <br />\r\n";
            break;
         case 'ISPOSITIVE':
            if(function_exists('filter_var')) {
               if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT, array("options" => array('min_range'=>1))) === false) {
                  $errmsg = $validator['errmsg'];
                  if(isset($this->wordbook[$errmsg])) {
                     $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -933,21 +1042,10 @@
                     $this->errorMessage .= $errmsg."<br />\r\n";
                  }
               }
            }
            break;
         case 'ISPOSITIVE':
            if(!is_numeric($field_value) || $field_value <= 0){
               $errmsg = $validator['errmsg'];
               if(isset($this->wordbook[$errmsg])) {
                  $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
               } else {
                  $this->errorMessage .= $errmsg."<br />\r\n";
               }
            }
            } else $this->errorMessage .= "function filter_var missing <br />\r\n";
            break;
         case 'V6PREFIXEND':
            $explode_field_value = explode(':',$field_value);
//            if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){ }
            if (!$explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]!='' ) {
               $errmsg = $validator['errmsg'];
               if(isset($this->wordbook[$errmsg])) {
@@ -959,7 +1057,7 @@
            break;
         case 'V6PREFIXLENGTH':
            // find shortes ipv6 subnet can`t be longer
            $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1;");
            $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1");
            $sql_v6_explode=explode(':',$sql_v6['ip_address']);
            $explode_field_value = explode(':',$field_value);
            if (count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address'])) {
@@ -991,26 +1089,32 @@
            }
            break;



         case 'ISIPV4':
            $vip=1;
            if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
               $groups=explode(".", $field_value);
               foreach($groups as $group){
                  if($group<0 or $group>255)
                     $vip=0;
            if(function_exists('filter_var')) {
               if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
                  $errmsg = $validator['errmsg'];
                  if(isset($this->wordbook[$errmsg])) {
                     $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                  } else {
                     $this->errorMessage .= $errmsg."<br />\r\n";
                  }
               }
            }else{$vip=0;}
            if($vip==0) {
               $errmsg = $validator['errmsg'];
               if(isset($this->wordbook[$errmsg])) {
                  $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
               } else {
                  $this->errorMessage .= $errmsg."<br />\r\n";
               }
            }
            } else $this->errorMessage .= "function filter_var missing <br />\r\n";
            break;

         case 'ISIPV6':
            if(function_exists('filter_var')) {
               if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
                  $errmsg = $validator['errmsg'];
                  if(isset($this->wordbook[$errmsg])) {
                     $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                  } else {
                     $this->errorMessage .= $errmsg."<br />\r\n";
                  }
               }
            } else $this->errorMessage .= "function filter_var missing <br />\r\n";
            break;

         case 'ISIP':
            if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
            if($validator['allowempty'] == 'y' && $field_value == '') {
@@ -1034,27 +1138,29 @@
                           $this->errorMessage .= $errmsg."<br />\r\n";
                        }
                     }
                  } else $this->errorMessage .= "function filter_var missing <br />\r\n";
               }
            }
            break;
			
         case 'ISDATETIME':
            /* Checks a datetime value against the date format of the current language */
            if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
            if($validator['allowempty'] == 'y' && $field_value == '') {
               //* Do nothing
            } else {
               $parsed_date = date_parse_from_format($this->datetimeformat,$field_value);
               if($parsed_date['error_count'] > 0 || ($parsed_date['year'] == 1899 && $parsed_date['month'] == 12 && $parsed_date['day'] == 31)) {
                  $errmsg = $validator['errmsg'];
                  if(isset($this->wordbook[$errmsg])) {
                     $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                  } else {
                     //* Check content with regex, if we use php < 5.2
                     $ip_ok = 0;
                     if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
                        $ip_ok = 1;
                     }
                     if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
                        $ip_ok = 1;
                     }
                     if($ip_ok == 0) {
                        $errmsg = $validator['errmsg'];
                        if(isset($this->wordbook[$errmsg])) {
                           $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                        } else {
                           $this->errorMessage .= $errmsg."<br />\r\n";
                        }
                     }
                     $this->errorMessage .= $errmsg."<br />\r\n";
                  }
               }
            }
            break;
			
         case 'RANGE':
            //* Checks if the value is within the given range or above / below a value
            //* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
@@ -1106,6 +1212,7 @@
    * @param primary_id
    * @return record
    */
    /* TODO: check for double quoting */
   protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {

      global $app;
@@ -1137,7 +1244,7 @@
                        $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                        $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                     } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
                        $record[$key] = $tmp['crypted'];
                        $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                     } else {
@@ -1155,7 +1262,7 @@
                     }
                  } else {
                     $sql_insert_key .= "`$key`, ";
                     $sql_insert_val .= "'".$record[$key]."', ";
                     $sql_insert_val .= (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
                  }
               } else {
                  if($field['formtype'] == 'PASSWORD') {
@@ -1165,7 +1272,7 @@
                        $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                        $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                     } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
                        $record[$key] = $tmp['crypted'];
                        $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                     } else {
@@ -1182,7 +1289,7 @@
                        $sql_update .= "`$key` = '".$record[$key]."', ";
                     }
                  } else {
                     $sql_update .= "`$key` = '".$record[$key]."', ";
                     $sql_update .= "`$key` = " . (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
                  }
               }
            } else {
@@ -1357,8 +1464,8 @@
   function getDataRecord($primary_id) {
      global $app;
      $escape = '`';
      $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
      return $app->db->queryOneRecord($sql);
      $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
      return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
   }