XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
write.php
Go to the documentation of this file.
1 <?php
20 defined('XOOPS_ROOT_PATH') or die('Restricted access');
21 
31 class XoopsModelWrite extends XoopsModelAbstract
32 {
43  function cleanVars(&$object)
44  {
45  $ts =& MyTextSanitizer::getInstance();
46  $errors = array();
47 
48  $vars = $object->getVars();
49  $object->cleanVars = array();
50  foreach ($vars as $k => $v) {
51  if (!$v["changed"]) {
52  continue;
53  }
54  $cleanv = $v['value'];
55  switch ($v["data_type"]) {
56  case XOBJ_DTYPE_TIMESTAMP:
57  $cleanv = !is_string($cleanv)&&is_numeric($cleanv) ? date(_DBTIMESTAMPSTRING, $cleanv) : date(_DBTIMESTAMPSTRING, strtotime($cleanv));
58  break;
59  case XOBJ_DTYPE_TIME:
60  $cleanv = !is_string($cleanv)&&is_numeric($cleanv) ? date(_DBTIMESTRING, $cleanv) : date(_DBTIMESTRING, strtotime($cleanv));
61  break;
62  case XOBJ_DTYPE_DATE:
63  $cleanv = !is_string($cleanv)&&is_numeric($cleanv) ? date(_DBDATESTRING, $cleanv) : date(_DBDATESTRING, strtotime($cleanv));
64  break;
65  case XOBJ_DTYPE_UNICODE_TXTBOX:
66  if ($v['required'] && $cleanv != '0' && $cleanv == '') {
67  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
68  continue;
69  }
70  $cleanv = xoops_convert_encode($cleanv);
71  if (isset($v['maxlength']) && strlen($cleanv) > intval($v['maxlength'])) {
72  $errors[] = sprintf(_XOBJ_ERR_SHORTERTHAN, $k, intval($v['maxlength']));
73  continue;
74  }
75  if (!$v['not_gpc']) {
76  $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
77  } else {
78  $cleanv = $ts->censorString($cleanv);
79  }
80  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
81  break;
82 
83  case XOBJ_DTYPE_UNICODE_TXTAREA:
84  if ($v['required'] && $cleanv != '0' && $cleanv == '') {
85  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
86  continue;
87  }
88  $cleanv = xoops_convert_encode($cleanv);
89  if (!$v['not_gpc']) {
90  if (!empty($vars['dohtml']['value'])) {
91  $cleanv = $ts->textFilter($cleanv);
92  }
93  $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
94  } else {
95  $cleanv = $ts->censorString($cleanv);
96  }
97  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
98  break;
99 
100  case XOBJ_DTYPE_TXTBOX:
101  if ($v['required'] && $cleanv != '0' && $cleanv == '') {
102  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
103  continue;
104  }
105  if (isset($v['maxlength']) && strlen($cleanv) > intval($v['maxlength'])) {
106  $errors[] = sprintf(_XOBJ_ERR_SHORTERTHAN, $k, intval($v['maxlength']));
107  continue;
108  }
109  if (!$v['not_gpc']) {
110  $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
111  } else {
112  $cleanv = $ts->censorString($cleanv);
113  }
114  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
115  break;
116 
117  case XOBJ_DTYPE_TXTAREA:
118  if ($v['required'] && $cleanv != '0' && $cleanv == '') {
119  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
120  continue;
121  }
122  if (!$v['not_gpc']) {
123  if (!empty($vars['dohtml']['value'])) {
124  $cleanv = $ts->textFilter($cleanv);
125  }
126  $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
127  } else {
128  $cleanv = $ts->censorString($cleanv);
129  }
130  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
131  break;
132 
133  case XOBJ_DTYPE_SOURCE:
134  $cleanv = trim($cleanv);
135  if (!$v['not_gpc']) {
136  $cleanv = $ts->stripSlashesGPC($cleanv);
137  } else {
138  $cleanv = $cleanv;
139  }
140  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
141  break;
142  // Should not be used!
143  case XOBJ_DTYPE_UNICODE_EMAIL:
144  $cleanv = trim($cleanv);
145  if ($v['required'] && $cleanv == '') {
146  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
147  continue;
148  }
149  if (!$v['not_gpc']) {
150  $cleanv = $ts->stripSlashesGPC($cleanv);
151  }
152  $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv)));
153  break;
154 
155  case XOBJ_DTYPE_EMAIL:
156  $cleanv = trim($cleanv);
157  if ($v['required'] && $cleanv == '') {
158  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
159  continue;
160  }
161  if ($cleanv != '' && !preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$/i", $cleanv)) {
162  $errors[] = "Invalid Email";
163  continue;
164  }
165  if (!$v['not_gpc']) {
166  $cleanv = $ts->stripSlashesGPC($cleanv);
167  }
168  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
169  break;
170 
171  // Should not be used!
172  case XOBJ_DTYPE_UNICODE_URL:
173  $cleanv = trim($cleanv);
174  if ($v['required'] && $cleanv == '') {
175  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
176  continue;
177  }
178  if ($cleanv != '' && !preg_match("/^http[s]*:\/\//i", $cleanv)) {
179  $cleanv = 'http://' . $cleanv;
180  }
181  if (!$v['not_gpc']) {
182  $cleanv = $ts->stripSlashesGPC($cleanv);
183  }
184  $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv)));
185  break;
186  case XOBJ_DTYPE_URL:
187  $cleanv = trim($cleanv);
188  if ($v['required'] && $cleanv == '') {
189  $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
190  continue;
191  }
192  if ($cleanv != '' && !preg_match("/^http[s]*:\/\//i", $cleanv)) {
193  $cleanv = 'http://' . $cleanv;
194  }
195  if (!$v['not_gpc']) {
196  $cleanv = $ts->stripSlashesGPC($cleanv);
197  }
198  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
199  break;
200 
201  // Should not be used!
202  case XOBJ_DTYPE_UNICODE_OTHER:
203  $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv)));
204  break;
205 
206  case XOBJ_DTYPE_OTHER:
207  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
208  break;
209 
210  case XOBJ_DTYPE_INT:
211  $cleanv = intval($cleanv);
212  break;
213 
214  case XOBJ_DTYPE_FLOAT:
215  $cleanv = floatval($cleanv);
216  break;
217 
218  case XOBJ_DTYPE_DECIMAL:
219  $cleanv = doubleval($cleanv);
220  break;
221 
222  // Should not be used!
223  case XOBJ_DTYPE_UNICODE_ARRAY:
224  if (!$v['not_gpc']) {
225  $cleanv = array_map(array(&$ts , "stripSlashesGPC"), $cleanv);
226  }
227  foreach (array_keys($cleanv) as $key) {
228  $cleanv[$key] = str_replace('\\"', '"', addslashes($cleanv[$key]));
229  }
230  // TODO: Not encoding safe, should try base64_encode -- phppp
231  $cleanv = "'" . serialize(array_walk($cleanv, 'xoops_aw_encode')) . "'";
232  break;
233 
234  case XOBJ_DTYPE_ARRAY:
235  $cleanv = (array) $cleanv;
236  if (!$v['not_gpc']) {
237  $cleanv = array_map(array(&$ts , "stripSlashesGPC"), $cleanv);
238  }
239  foreach (array_keys($cleanv) as $key) {
240  $cleanv[$key] = str_replace('\\"', '"', addslashes($cleanv[$key]));
241  }
242  // TODO: Not encoding safe, should try base64_encode -- phppp
243  $cleanv = "'" . serialize($cleanv) . "'";
244  break;
245 
246  case XOBJ_DTYPE_STIME:
247  case XOBJ_DTYPE_MTIME:
248  case XOBJ_DTYPE_LTIME:
249  $cleanv = !is_string($cleanv) ? intval($cleanv) : strtotime($cleanv);
250  break;
251 
252  default:
253  $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
254  break;
255  }
256  $object->cleanVars[$k] = $cleanv;
257  }
258  if (!empty($errors)) {
259  $object->setErrors($errors);
260  }
261  $object->unsetDirty();
262  return empty($errors) ? true : false;
263  }
264 
272  function insert(&$object, $force = true)
273  {
274  if (!$object->isDirty()) {
275  trigger_error("Data entry is not inserted - the object '" . get_class($object) . "' is not dirty", E_USER_NOTICE);
276  return $object->getVar($this->handler->keyName);
277  }
278  if (!$this->cleanVars($object)) {
279  trigger_error("Insert failed in method 'cleanVars' of object '" . get_class($object) . "'", E_USER_WARNING);
280  return $object->getVar($this->handler->keyName);
281  }
282  $queryFunc = empty($force) ? "query" : "queryF";
283 
284  if ($object->isNew()) {
285  $sql = "INSERT INTO `" . $this->handler->table . "`";
286  if (!empty($object->cleanVars)) {
287  $keys = array_keys($object->cleanVars);
288  $vals = array_values($object->cleanVars);
289  $sql .= " (`" . implode("`, `", $keys) . "`) VALUES (" . implode(",", $vals) . ")";
290  } else {
291  trigger_error("Data entry is not inserted - no variable is changed in object of '" . get_class($object) . "'", E_USER_NOTICE);
292  return $object->getVar($this->handler->keyName);
293  }
294  if (!$result = $this->handler->db->{$queryFunc}($sql)) {
295  return false;
296  }
297  if (!$object->getVar($this->handler->keyName) && $object_id = $this->handler->db->getInsertId()) {
298  $object->assignVar($this->handler->keyName, $object_id);
299  }
300  } else if (!empty($object->cleanVars)) {
301  $keys = array();
302  foreach ($object->cleanVars as $k => $v) {
303  $keys[] = " `{$k}` = {$v}";
304  }
305  $sql = "UPDATE `" . $this->handler->table . "` SET " . implode(",", $keys) . " WHERE `" . $this->handler->keyName . "` = " . $this->handler->db->quote($object->getVar($this->handler->keyName));
306  if (!$result = $this->handler->db->{$queryFunc}($sql)) {
307  return false;
308  }
309  }
310  return $object->getVar($this->handler->keyName);
311  }
312 
320  function delete(&$object, $force = false)
321  {
322  if (is_array($this->handler->keyName)) {
323  $clause = array();
324  for ($i = 0; $i < count($this->handler->keyName); $i++) {
325  $clause[] = "`" . $this->handler->keyName[$i] . "` = " . $this->handler->db->quote($object->getVar($this->handler->keyName[$i]));
326  }
327  $whereclause = implode(" AND ", $clause);
328  } else {
329  $whereclause = "`" . $this->handler->keyName . "` = " . $this->handler->db->quote($object->getVar($this->handler->keyName));
330  }
331  $sql = "DELETE FROM `" . $this->handler->table . "` WHERE " . $whereclause;
332  $queryFunc = empty($force) ? "query" : "queryF";
333  $result = $this->handler->db->{$queryFunc}($sql);
334  return empty($result) ? false : true;
335  }
336 
345  function deleteAll($criteria = null, $force = true, $asObject = false)
346  {
347  if ($asObject) {
348  $objects = $this->handler->getAll($criteria);
349  $num = 0;
350  foreach (array_keys($objects) as $key) {
351  $num += $this->delete($objects[$key], $force) ? 1 : 0;
352  }
353  unset($objects);
354  return $num;
355  }
356  $queryFunc = empty($force) ? 'query' : 'queryF';
357  $sql = 'DELETE FROM ' . $this->handler->table;
358  if (!empty($criteria)) {
359  if (is_subclass_of($criteria, 'criteriaelement')) {
360  $sql .= ' ' . $criteria->renderWhere();
361  } else {
362  return false;
363  }
364  }
365  if (!$this->handler->db->{$queryFunc}($sql)) {
366  return false;
367  }
368  return $this->handler->db->getAffectedRows();
369  }
370 
380  function updateAll($fieldname, $fieldvalue, $criteria = null, $force = false)
381  {
382  $set_clause = "`{$fieldname}` = ";
383  if (is_numeric($fieldvalue)) {
384  $set_clause .= $fieldvalue;
385  } else if (is_array($fieldvalue)) {
386  $set_clause .= $this->handler->db->quote(implode(',', $fieldvalue));
387  } else {
388  $set_clause .= $this->handler->db->quote($fieldvalue);
389  }
390  $sql = 'UPDATE `' . $this->handler->table . '` SET ' . $set_clause;
391  if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
392  $sql .= ' ' . $criteria->renderWhere();
393  }
394  $queryFunc = empty($force) ? 'query' : 'queryF';
395  $result = $this->handler->db->{$queryFunc}($sql);
396  return empty($result) ? false : true;
397  }
398 }
399 
400 ?>