ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2005-11-26 b4e90c97c397a0436a2033f6e171cc4ea92fe276 
 interface/lib/classes/tform.inc.php


@@ -101,12 +101,13 @@


   * der Variablen mit Regex



   * @var errorMessage



   */



   var $errorMessage;



   var $errorMessage = '';



   



   var $dateformat = "d.m.Y";



    var $formDef;



   var $wordbook;



   var $module;



   var $primary_id;



   



   /**



   * Laden der Tabellendefinition



@@ -215,6 +216,7 @@


         $querystring = str_replace("{GROUPS}",$_SESSION["s"]["user"]["groups"],$querystring);



         $table_idx = $this->formDef['db_table_idx'];



         $querystring = str_replace("{RECORDID}",$record[$table_idx],$querystring);



         $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring);



         



         // Getting the records



         $tmp_records = $app->db->queryAllRecords($querystring);



@@ -434,7 +436,7 @@


            break;



            



            default:



               $new_record[$key] = htmlspecialchars($field['value']);



               $new_record[$key] = htmlspecialchars($field['default']);



            }



         }



      



@@ -455,7 +457,7 @@


   function encode($record,$tab) {



      



      if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab).");



      $this->errorMessage = '';



      //$this->errorMessage = '';



      



      if(is_array($record)) {



         foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {



@@ -535,14 +537,15 @@


               }



            break;



            case 'UNIQUE':



               $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");



               if($this->action == 'NEW') {



                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");



                  if($num_rec["number"] > 0) {



                     $errmsg = $validator['errmsg'];



                     $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



                  }



               } else {



                  if($num_rec["number"] > 1) {



                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); 


                  if($num_rec["number"] > 0) {



                     $errmsg = $validator['errmsg'];



                     $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



                  }



@@ -554,14 +557,12 @@


                  $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



               }



            break;



            /*



            case 'ISEMAIL':



               if(!preg_match("", $field_value)) {



               if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,4}$/i", $field_value)) {



                  $errmsg = $validator['errmsg'];



                  $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";



               }



            break;



            */



            case 'ISINT':



               $tmpval = intval($field_value);



               if($tmpval === 0 and !empty($field_value)) {



@@ -600,6 +601,9 @@


      



      global $app;



      



      // If there are no data records on the tab, return empty sql string



      if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';



		


      // checking permissions



      if($this->formDef['auth'] == 'yes') {



         if($action == "INSERT") {



@@ -610,6 +614,7 @@


      }



      



      $this->action = $action;



      $this->primary_id = $primary_id;



      



      $record = $this->encode($record,$tab);



      $sql_insert_key = '';



@@ -628,14 +633,22 @@


               if($action == "INSERT") {



                  if($field['formtype'] == 'PASSWORD') {



                     $sql_insert_key .= "`$key`, ";



                     $sql_insert_val .= "md5('".$record[$key]."'), ";



                     if($field['encryption'] == 'CRYPT') {



                        $sql_insert_val .= "'".crypt($record[$key])."', ";



                     } else {



                        $sql_insert_val .= "md5('".$record[$key]."'), ";



                     }



                  } else {



                     $sql_insert_key .= "`$key`, ";



                     $sql_insert_val .= "'".$record[$key]."', ";



                  }



               } else {



                  if($field['formtype'] == 'PASSWORD') {



                     $sql_update .= "`$key` = md5('".$record[$key]."'), ";



                     if($field['encryption'] == 'CRYPT') {



                        $sql_update .= "`$key` = '".crypt($record[$key])."', ";



                     } else {



                        $sql_update .= "`$key` = md5('".$record[$key]."'), ";



                     }



                  } else {



                     $sql_update .= "`$key` = '".$record[$key]."', ";



                  }



@@ -643,6 +656,7 @@


            }



         }



        }



		


      



      // Füge Backticks nur bei unvollständigen Tabellennamen ein



      if(stristr($this->formDef['db_table'],'.')) {



@@ -832,9 +846,12 @@


      } else {



         $result = false;



         if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true;



         if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;



         if($this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;



         if(@stristr($perm,$this->formDef["auth_preset"]["perm_other"])) $result = true;



         



         // if preset == 0, everyone can insert a record of this type



         if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0) $result = true;



			


         return $result;



         



      }