1: | <?php
|
2: | |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | |
16: | |
17: | |
18: |
|
19: | defined('XOOPS_ROOT_PATH') || exit('Restricted access');
|
20: |
|
21: | |
22: | |
23: | |
24: | |
25: | |
26: | |
27: | |
28: |
|
29: | class XoopsModelWrite extends XoopsModelAbstract
|
30: | {
|
31: | |
32: | |
33: | |
34: | |
35: | |
36: | |
37: | |
38: | |
39: | |
40: | |
41: | |
42: |
|
43: | public function cleanVars(&$object)
|
44: | {
|
45: | $myts = \MyTextSanitizer::getInstance();
|
46: | $errors = array();
|
47: |
|
48: | $vars = $object->getVars();
|
49: | $object->cleanVars = array();
|
50: | foreach ($vars as $k => $v) {
|
51: | if (!$v['changed']) {
|
52: | continue;
|
53: | }
|
54: | $cleanv = $v['value'];
|
55: | switch ($v['data_type']) {
|
56: | case XOBJ_DTYPE_TIMESTAMP:
|
57: | $cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBTIMESTAMPSTRING, $cleanv) : date(_DBTIMESTAMPSTRING, strtotime($cleanv));
|
58: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
59: | break;
|
60: | case XOBJ_DTYPE_TIME:
|
61: | $cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBTIMESTRING, $cleanv) : date(_DBTIMESTRING, strtotime($cleanv));
|
62: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
63: | break;
|
64: | case XOBJ_DTYPE_DATE:
|
65: | $cleanv = !is_string($cleanv) && is_numeric($cleanv) ? date(_DBDATESTRING, $cleanv) : date(_DBDATESTRING, strtotime($cleanv));
|
66: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
67: | break;
|
68: | case XOBJ_DTYPE_UNICODE_TXTBOX:
|
69: | if ($v['required'] && $cleanv != '0' && $cleanv == '') {
|
70: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
71: | continue 2;
|
72: | }
|
73: | $cleanv = xoops_convert_encode($cleanv);
|
74: | if (isset($v['maxlength']) && strlen($cleanv) > (int)$v['maxlength']) {
|
75: | $errors[] = sprintf(_XOBJ_ERR_SHORTERTHAN, $k, (int)$v['maxlength']);
|
76: | continue 2;
|
77: | }
|
78: | if (!$v['not_gpc']) {
|
79: | $cleanv = $myts->stripSlashesGPC($myts->censorString($cleanv));
|
80: | } else {
|
81: | $cleanv = $myts->censorString($cleanv);
|
82: | }
|
83: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
84: | break;
|
85: |
|
86: | case XOBJ_DTYPE_UNICODE_TXTAREA:
|
87: | if ($v['required'] && $cleanv != '0' && $cleanv == '') {
|
88: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
89: | continue 2;
|
90: | }
|
91: | $cleanv = xoops_convert_encode($cleanv);
|
92: | if (!$v['not_gpc']) {
|
93: | if (!empty($vars['dohtml']['value'])) {
|
94: | $cleanv = $myts->textFilter($cleanv);
|
95: | }
|
96: | $cleanv = $myts->stripSlashesGPC($myts->censorString($cleanv));
|
97: | } else {
|
98: | $cleanv = $myts->censorString($cleanv);
|
99: | }
|
100: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
101: | break;
|
102: |
|
103: | case XOBJ_DTYPE_TXTBOX:
|
104: | if ($v['required'] && $cleanv != '0' && $cleanv == '') {
|
105: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
106: | continue 2;
|
107: | }
|
108: | if (isset($v['maxlength']) && strlen($cleanv) > (int)$v['maxlength']) {
|
109: | $errors[] = sprintf(_XOBJ_ERR_SHORTERTHAN, $k, (int)$v['maxlength']);
|
110: | continue 2;
|
111: | }
|
112: | if (!$v['not_gpc']) {
|
113: | $cleanv = $myts->stripSlashesGPC($myts->censorString($cleanv));
|
114: | } else {
|
115: | $cleanv = $myts->censorString($cleanv);
|
116: | }
|
117: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
118: | break;
|
119: |
|
120: | case XOBJ_DTYPE_TXTAREA:
|
121: | if ($v['required'] && $cleanv != '0' && $cleanv == '') {
|
122: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
123: | continue 2;
|
124: | }
|
125: | if (!$v['not_gpc']) {
|
126: | if (!empty($vars['dohtml']['value'])) {
|
127: | $cleanv = $myts->textFilter($cleanv);
|
128: | }
|
129: | $cleanv = $myts->stripSlashesGPC($myts->censorString($cleanv));
|
130: | } else {
|
131: | $cleanv = $myts->censorString($cleanv);
|
132: | }
|
133: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
134: | break;
|
135: |
|
136: | case XOBJ_DTYPE_SOURCE:
|
137: | $cleanv = trim($cleanv);
|
138: | if (!$v['not_gpc']) {
|
139: | $cleanv = $myts->stripSlashesGPC($cleanv);
|
140: | } else {
|
141: | $cleanv = $cleanv;
|
142: | }
|
143: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
144: | break;
|
145: |
|
146: | case XOBJ_DTYPE_UNICODE_EMAIL:
|
147: | $cleanv = trim($cleanv);
|
148: | if ($v['required'] && $cleanv == '') {
|
149: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
150: | continue 2;
|
151: | }
|
152: | if (!$v['not_gpc']) {
|
153: | $cleanv = $myts->stripSlashesGPC($cleanv);
|
154: | }
|
155: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv)));
|
156: | break;
|
157: |
|
158: | case XOBJ_DTYPE_EMAIL:
|
159: | $cleanv = trim($cleanv);
|
160: | if ($v['required'] && $cleanv == '') {
|
161: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
162: | continue 2;
|
163: | }
|
164: | if ($cleanv != '' && !preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$/i", $cleanv)) {
|
165: | $errors[] = 'Invalid Email';
|
166: | continue 2;
|
167: | }
|
168: | if (!$v['not_gpc']) {
|
169: | $cleanv = $myts->stripSlashesGPC($cleanv);
|
170: | }
|
171: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
172: | break;
|
173: |
|
174: |
|
175: | case XOBJ_DTYPE_UNICODE_URL:
|
176: | $cleanv = trim($cleanv);
|
177: | if ($v['required'] && $cleanv == '') {
|
178: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
179: | continue 2;
|
180: | }
|
181: | if ($cleanv != '' && !preg_match("/^http[s]*:\/\//i", $cleanv)) {
|
182: | $cleanv = XOOPS_PROT . $cleanv;
|
183: | }
|
184: | if (!$v['not_gpc']) {
|
185: | $cleanv = $myts->stripSlashesGPC($cleanv);
|
186: | }
|
187: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv)));
|
188: | break;
|
189: | case XOBJ_DTYPE_URL:
|
190: | $cleanv = trim($cleanv);
|
191: | if ($v['required'] && $cleanv == '') {
|
192: | $errors[] = sprintf(_XOBJ_ERR_REQUIRED, $k);
|
193: | continue 2;
|
194: | }
|
195: | if ($cleanv != '' && !preg_match("/^http[s]*:\/\//i", $cleanv)) {
|
196: | $cleanv = XOOPS_PROT . $cleanv;
|
197: | }
|
198: | if (!$v['not_gpc']) {
|
199: | $cleanv = $myts->stripSlashesGPC($cleanv);
|
200: | }
|
201: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
202: | break;
|
203: |
|
204: |
|
205: | case XOBJ_DTYPE_UNICODE_OTHER:
|
206: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote(xoops_convert_encode($cleanv)));
|
207: | break;
|
208: |
|
209: | case XOBJ_DTYPE_OTHER:
|
210: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
211: | break;
|
212: |
|
213: | case XOBJ_DTYPE_INT:
|
214: | $cleanv = (int)$cleanv;
|
215: | break;
|
216: |
|
217: | case XOBJ_DTYPE_FLOAT:
|
218: | $cleanv = (float)$cleanv;
|
219: | break;
|
220: |
|
221: | case XOBJ_DTYPE_DECIMAL:
|
222: | $cleanv = (float)$cleanv;
|
223: | break;
|
224: |
|
225: |
|
226: | case XOBJ_DTYPE_UNICODE_ARRAY:
|
227: | if (!$v['not_gpc']) {
|
228: | $cleanv = array_map(array(&$myts, 'stripSlashesGPC'), $cleanv);
|
229: | }
|
230: | foreach (array_keys($cleanv) as $key) {
|
231: | $cleanv[$key] = str_replace('\\"', '"', addslashes($cleanv[$key]));
|
232: | }
|
233: |
|
234: | $cleanv = "'" . serialize(array_walk($cleanv, 'xoops_aw_encode')) . "'";
|
235: | break;
|
236: |
|
237: | case XOBJ_DTYPE_ARRAY:
|
238: | $cleanv = (array)$cleanv;
|
239: | if (!$v['not_gpc']) {
|
240: | $cleanv = array_map(array(&$myts, 'stripSlashesGPC'), $cleanv);
|
241: | }
|
242: |
|
243: | $cleanv = $this->handler->db->quote(serialize($cleanv));
|
244: | break;
|
245: |
|
246: | case XOBJ_DTYPE_STIME:
|
247: | case XOBJ_DTYPE_MTIME:
|
248: | case XOBJ_DTYPE_LTIME:
|
249: | $cleanv = !is_string($cleanv) ? (int)$cleanv : strtotime($cleanv);
|
250: | break;
|
251: |
|
252: | default:
|
253: | $cleanv = str_replace('\\"', '"', $this->handler->db->quote($cleanv));
|
254: | break;
|
255: | }
|
256: | $object->cleanVars[$k] = $cleanv;
|
257: | }
|
258: | if (!empty($errors)) {
|
259: | $object->setErrors($errors);
|
260: | }
|
261: | $object->unsetDirty();
|
262: |
|
263: | return empty($errors) ? true : false;
|
264: | }
|
265: |
|
266: | |
267: | |
268: | |
269: | |
270: | |
271: | |
272: |
|
273: | public function insert(&$object, $force = true)
|
274: | {
|
275: | if (!$object->isDirty()) {
|
276: | trigger_error("Data entry is not inserted - the object '" . get_class($object) . "' is not dirty", E_USER_NOTICE);
|
277: |
|
278: | return $object->getVar($this->handler->keyName);
|
279: | }
|
280: | if (!$this->cleanVars($object)) {
|
281: | trigger_error("Insert failed in method 'cleanVars' of object '" . get_class($object) . "'", E_USER_WARNING);
|
282: |
|
283: | return $object->getVar($this->handler->keyName);
|
284: | }
|
285: | $queryFunc = empty($force) ? 'query' : 'queryF';
|
286: |
|
287: | if ($object->isNew()) {
|
288: | $sql = 'INSERT INTO `' . $this->handler->table . '`';
|
289: | if (!empty($object->cleanVars)) {
|
290: | $keys = array_keys($object->cleanVars);
|
291: | $vals = array_values($object->cleanVars);
|
292: | $sql .= ' (`' . implode('`, `', $keys) . '`) VALUES (' . implode(',', $vals) . ')';
|
293: | } else {
|
294: | trigger_error("Data entry is not inserted - no variable is changed in object of '" . get_class($object) . "'", E_USER_NOTICE);
|
295: |
|
296: | return $object->getVar($this->handler->keyName);
|
297: | }
|
298: | if (!$result = $this->handler->db->{$queryFunc}($sql)) {
|
299: | return false;
|
300: | }
|
301: | if (!$object->getVar($this->handler->keyName) && $object_id = $this->handler->db->getInsertId()) {
|
302: | $object->assignVar($this->handler->keyName, $object_id);
|
303: | }
|
304: | } elseif (!empty($object->cleanVars)) {
|
305: | $keys = array();
|
306: | foreach ($object->cleanVars as $k => $v) {
|
307: | $keys[] = " `{$k}` = {$v}";
|
308: | }
|
309: | $sql = 'UPDATE `' . $this->handler->table . '` SET ' . implode(',', $keys) . ' WHERE `' . $this->handler->keyName . '` = ' . $this->handler->db->quote($object->getVar($this->handler->keyName));
|
310: | if (!$result = $this->handler->db->{$queryFunc}($sql)) {
|
311: | return false;
|
312: | }
|
313: | }
|
314: |
|
315: | return $object->getVar($this->handler->keyName);
|
316: | }
|
317: |
|
318: | |
319: | |
320: | |
321: | |
322: | |
323: | |
324: |
|
325: | public function delete(&$object, $force = false)
|
326: | {
|
327: | if (is_array($this->handler->keyName)) {
|
328: | $clause = array();
|
329: | $thishandlerkeyNameCount = count($this->handler->keyName);
|
330: | for ($i = 0; $i < $thishandlerkeyNameCount; ++$i) {
|
331: | $clause[] = '`' . $this->handler->keyName[$i] . '` = ' . $this->handler->db->quote($object->getVar($this->handler->keyName[$i]));
|
332: | }
|
333: | $whereclause = implode(' AND ', $clause);
|
334: | } else {
|
335: | $whereclause = '`' . $this->handler->keyName . '` = ' . $this->handler->db->quote($object->getVar($this->handler->keyName));
|
336: | }
|
337: | $sql = 'DELETE FROM `' . $this->handler->table . '` WHERE ' . $whereclause;
|
338: | $queryFunc = empty($force) ? 'query' : 'queryF';
|
339: | $result = $this->handler->db->{$queryFunc}($sql);
|
340: |
|
341: | return empty($result) ? false : true;
|
342: | }
|
343: |
|
344: | |
345: | |
346: | |
347: | |
348: | |
349: | |
350: | |
351: |
|
352: | public function deleteAll(CriteriaElement $criteria = null, $force = true, $asObject = false)
|
353: | {
|
354: | if ($asObject) {
|
355: | $objects = $this->handler->getAll($criteria);
|
356: | $num = 0;
|
357: | foreach (array_keys($objects) as $key) {
|
358: | $num += $this->delete($objects[$key], $force) ? 1 : 0;
|
359: | }
|
360: | unset($objects);
|
361: |
|
362: | return $num;
|
363: | }
|
364: | $queryFunc = empty($force) ? 'query' : 'queryF';
|
365: | $sql = 'DELETE FROM ' . $this->handler->table;
|
366: | if (!empty($criteria)) {
|
367: | if (is_subclass_of($criteria, 'CriteriaElement')) {
|
368: | $sql .= ' ' . $criteria->renderWhere();
|
369: | } else {
|
370: | return false;
|
371: | }
|
372: | }
|
373: | if (!$this->handler->db->{$queryFunc}($sql)) {
|
374: | return false;
|
375: | }
|
376: |
|
377: | return $this->handler->db->getAffectedRows();
|
378: | }
|
379: |
|
380: | |
381: | |
382: | |
383: | |
384: | |
385: | |
386: | |
387: | |
388: |
|
389: | public function updateAll($fieldname, $fieldvalue, CriteriaElement $criteria = null, $force = false)
|
390: | {
|
391: | $set_clause = "`{$fieldname}` = ";
|
392: | if (is_numeric($fieldvalue)) {
|
393: | $set_clause .= $fieldvalue;
|
394: | } elseif (is_array($fieldvalue)) {
|
395: | $set_clause .= $this->handler->db->quote(implode(',', $fieldvalue));
|
396: | } else {
|
397: | $set_clause .= $this->handler->db->quote($fieldvalue);
|
398: | }
|
399: | $sql = 'UPDATE `' . $this->handler->table . '` SET ' . $set_clause;
|
400: | if (isset($criteria) && \method_exists($criteria, 'renderWhere')) {
|
401: | $sql .= ' ' . $criteria->renderWhere();
|
402: | }
|
403: | $queryFunc = empty($force) ? 'query' : 'queryF';
|
404: | $result = $this->handler->db->{$queryFunc}($sql);
|
405: |
|
406: | return empty($result) ? false : true;
|
407: | }
|
408: | }
|
409: | |