b2evolution PHP Cross Reference Blogging Systems

Source: /inc/users/userfields.ctrl.php - 337 lines - 10468 bytes - Text - Print

Description: This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This file is part of the evoCore framework - {@link http://evocore.net/}
   4   * See also {@link http://sourceforge.net/projects/evocms/}.
   5   *
   6   * @copyright (c)2009-2014 by Francois PLANQUE - {@link http://fplanque.net/}
   7   * Parts of this file are copyright (c)2009 by The Evo Factory - {@link http://www.evofactory.com/}.
   8   *
   9   * {@internal License choice
  10   * - If you have received this file as part of a package, please find the license.txt file in
  11   *   the same folder or the closest folder above for complete license terms.
  12   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  13   *   then you must choose one of the following licenses before using the file:
  14   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  15   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  16   * }}
  17   *
  18   * {@internal Open Source relicensing agreement:
  19   * The Evo Factory grants Francois PLANQUE the right to license
  20   * The Evo Factory's contributions to this file and the b2evolution project
  21   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  22   * }}
  23   *
  24   * @package evocore
  25   *
  26   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  27   * @author evofactory-test
  28   * @author fplanque: Francois Planque.
  29   *
  30   * @version $Id: userfields.ctrl.php 6136 2014-03-08 07:59:48Z manuel $
  31   */
  32  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
  33  
  34  // Load Userfield class:
  35  load_class( 'users/model/_userfield.class.php', 'Userfield' );
  36  
  37  /**
  38   * @var User
  39   */
  40  global $current_User;
  41  
  42  // Check minimum permission:
  43  $current_User->check_perm( 'users', 'view', true );
  44  
  45  // Set options path:
  46  $AdminUI->set_path( 'users', 'usersettings', 'userfields' );
  47  
  48  // Get action parameter from request:
  49  param_action();
  50  
  51  if( param( 'ufdf_ID', 'integer', '', true) )
  52  {// Load userfield from cache:
  53      $UserfieldCache = & get_UserFieldCache();
  54      if( ($edited_Userfield = & $UserfieldCache->get_by_ID( $ufdf_ID, false )) === false )
  55      {    // We could not find the user field to edit:
  56          unset( $edited_Userfield );
  57          forget_param( 'ufdf_ID' );
  58          $Messages->add( sprintf( T_('Requested &laquo;%s&raquo; object does not exist any longer.'), T_('User field') ), 'error' );
  59          $action = 'nil';
  60      }
  61  }
  62  
  63  
  64  switch( $action )
  65  {
  66  
  67      case 'new':
  68          // Check permission:
  69          $current_User->check_perm( 'users', 'edit', true );
  70  
  71          if( ! isset($edited_Userfield) )
  72          {    // We don't have a model to use, start with blank object:
  73              $edited_Userfield = new Userfield();
  74          }
  75          else
  76          {    // Duplicate object in order no to mess with the cache:
  77              $edited_Userfield = duplicate( $edited_Userfield ); // PHP4/5 abstraction
  78              $edited_Userfield->ID = 0;
  79          }
  80          break;
  81  
  82      case 'edit':
  83          // Check permission:
  84          $current_User->check_perm( 'users', 'edit', true );
  85  
  86          // Make sure we got an ufdf_ID:
  87          param( 'ufdf_ID', 'integer', true );
  88          break;
  89  
  90      case 'create': // Record new Userfield
  91      case 'create_new': // Record Userfield and create new
  92      case 'create_copy': // Record Userfield and create similar
  93          // Insert new user field...:
  94          $edited_Userfield = new Userfield();
  95  
  96          // Check that this action request is not a CSRF hacked request:
  97          $Session->assert_received_crumb( 'userfield' );
  98  
  99          // Check permission:
 100          $current_User->check_perm( 'users', 'edit', true );
 101  
 102          // load data from request
 103          if( $edited_Userfield->load_from_Request() )
 104          {    // We could load data from form without errors:
 105  
 106              // While inserting into DB, ID property of Userfield object will be set to autogenerated ID
 107              // So far as we set ID manualy, we need to preserve this value
 108              // When assignment of wrong value will be fixed, we can skip this
 109              $entered_userfield_id = $edited_Userfield->ID;
 110  
 111              // Insert in DB:
 112              $DB->begin();
 113              // because of manual assigning ID,
 114              // member function Userfield::dbexists() is overloaded for proper functionality
 115              $q = $edited_Userfield->dbexists();
 116              if($q)
 117              {    // We have a duplicate entry:
 118  
 119                  param_error( 'ufdf_ID',
 120                      sprintf( T_('This user field already exists. Do you want to <a %s>edit the existing user field</a>?'),
 121                          'href="?ctrl=userfields&amp;action=edit&amp;ufdf_ID='.$q.'"' ) );
 122              }
 123              else
 124              {
 125                  $edited_Userfield->dbinsert();
 126                  $Messages->add( T_('New User field created.'), 'success' );
 127              }
 128              $DB->commit();
 129  
 130              if( empty($q) )
 131              {    // What next?
 132              switch( $action )
 133                  {
 134                      case 'create_copy':
 135                          // Redirect so that a reload doesn't write to the DB twice:
 136                          header_redirect( '?ctrl=userfields&action=new&ufdf_ID='.$edited_Userfield->ID, 303 ); // Will EXIT
 137                          // We have EXITed already at this point!!
 138                          break;
 139                      case 'create_new':
 140                          // Redirect so that a reload doesn't write to the DB twice:
 141                          header_redirect( '?ctrl=userfields&action=new', 303 ); // Will EXIT
 142                          // We have EXITed already at this point!!
 143                          break;
 144                      case 'create':
 145                          // Redirect so that a reload doesn't write to the DB twice:
 146                          header_redirect( '?ctrl=userfields', 303 ); // Will EXIT
 147                          // We have EXITed already at this point!!
 148                          break;
 149                  }
 150              }
 151          }
 152          break;
 153  
 154      case 'update':
 155          // Edit user field form...:
 156  
 157          // Check that this action request is not a CSRF hacked request:
 158          $Session->assert_received_crumb( 'userfield' );
 159  
 160          // Check permission:
 161          $current_User->check_perm( 'users', 'edit', true );
 162  
 163          // Make sure we got an ufdf_ID:
 164          param( 'ufdf_ID', 'integer', true );
 165  
 166          // load data from request
 167          if( $edited_Userfield->load_from_Request() )
 168          {    // We could load data from form without errors:
 169  
 170              // Update in DB:
 171              $DB->begin();
 172  
 173              $edited_Userfield->dbupdate();
 174              $Messages->add( T_('User field updated.'), 'success' );
 175  
 176              $DB->commit();
 177  
 178              header_redirect( '?ctrl=userfields', 303 ); // Will EXIT
 179              // We have EXITed already at this point!!
 180          }
 181          break;
 182  
 183      case 'delete':
 184          // Delete user field:
 185  
 186          // Check that this action request is not a CSRF hacked request:
 187          $Session->assert_received_crumb( 'userfield' );
 188  
 189          // Check permission:
 190          $current_User->check_perm( 'users', 'edit', true );
 191  
 192          // Make sure we got an ufdf_ID:
 193          param( 'ufdf_ID', 'integer', true );
 194  
 195          if( param( 'confirm', 'integer', 0 ) )
 196          { // confirmed, Delete from DB:
 197              $msg = sprintf( T_('User field &laquo;%s&raquo; deleted.'), $edited_Userfield->dget('name') );
 198              $edited_Userfield->dbdelete( true );
 199              unset( $edited_Userfield );
 200              forget_param( 'ufdf_ID' );
 201              $Messages->add( $msg, 'success' );
 202              // Redirect so that a reload doesn't write to the DB twice:
 203              header_redirect( '?ctrl=userfields', 303 ); // Will EXIT
 204              // We have EXITed already at this point!!
 205  
 206          }
 207          else
 208          {    // not confirmed, Check for restrictions:
 209              if( ! $edited_Userfield->check_delete( sprintf( T_('Cannot delete user field &laquo;%s&raquo;'), $edited_Userfield->dget('name') ) ) )
 210              {    // There are restrictions:
 211                  $action = 'view';
 212              }
 213          }
 214          break;
 215  
 216      case 'move_up':
 217      case 'move_down':
 218          // Move up/down user field...:
 219  
 220          // Check that this action request is not a CSRF hacked request:
 221          $Session->assert_received_crumb( 'userfield' );
 222  
 223          // Check permission:
 224          $current_User->check_perm( 'users', 'edit', true );
 225  
 226          // Make sure we got an ufdf_ID:
 227          param( 'ufdf_ID', 'integer', true );
 228  
 229          if( $action == 'move_up' )
 230          {    // Set variables for "move up" action
 231              $order_condition = '<';
 232              $order_direction = 'DESC';
 233          }
 234          else
 235          {    // move down
 236              $order_condition = '>';
 237              $order_direction = 'ASC';
 238          }
 239  
 240          $DB->begin( 'SERIALIZABLE' );
 241  
 242          // Get near field, We should exchange the order with this field
 243          $switched_Userfield = $DB->get_row( 'SELECT ufdf_ID, ufdf_order
 244              FROM T_users__fielddefs
 245              WHERE ufdf_ufgp_ID = '.$edited_Userfield->group_ID.'
 246                  AND ufdf_order '.$order_condition.' '.$edited_Userfield->order.'
 247              ORDER BY ufdf_order '.$order_direction.'
 248              LIMIT 1' );
 249  
 250          if( is_null( $switched_Userfield ) )
 251          {    // Current field is first or last in group, no change ordering
 252              $DB->commit(); // This is required only to not leave open transaction
 253              break;
 254          }
 255  
 256          // Updare order of editing field
 257          $result = $DB->query( 'UPDATE T_users__fielddefs
 258              SET ufdf_order = '.$switched_Userfield->ufdf_order.'
 259              WHERE ufdf_ID = '.$edited_Userfield->ID );
 260  
 261          // Update order of near field
 262          $result = ( $result !== false ) && $DB->query( 'UPDATE T_users__fielddefs
 263              SET ufdf_order = '.$edited_Userfield->order.'
 264              WHERE ufdf_ID = '.$switched_Userfield->ufdf_ID );
 265  
 266          if( $result !== false )
 267          { // Update was successful
 268              $DB->commit();
 269              $Messages->add( T_('Order has been changed.'), 'success' );
 270          }
 271          else
 272          { // Couldn't update successfully, probably because of concurrent modification
 273              // Note: In this case we may try again to execute the same queries.
 274              $DB->rollback();
 275              // The message is not localized because it may appear very rarely
 276              $Messages->add( 'Order could not be changed. Please try again.', 'error' );
 277          }
 278  
 279          break;
 280  
 281  }
 282  
 283  $AdminUI->breadcrumbpath_init( false );  // fp> I'm playing with the idea of keeping the current blog in the path here...
 284  $AdminUI->breadcrumbpath_add( T_('Users'), '?ctrl=users' );
 285  $AdminUI->breadcrumbpath_add( T_('Settings'), '?ctrl=usersettings' );
 286  $AdminUI->breadcrumbpath_add( T_('User fields configuration'), '?ctrl=userfields' );
 287  
 288  // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
 289  $AdminUI->disp_html_head();
 290  
 291  // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
 292  $AdminUI->disp_body_top();
 293  
 294  $AdminUI->disp_payload_begin();
 295  
 296  /**
 297   * Display payload:
 298   */
 299  switch( $action )
 300  {
 301      case 'nil':
 302          // Do nothing
 303          break;
 304  
 305  
 306      case 'delete':
 307          // We need to ask for confirmation:
 308          $edited_Userfield->confirm_delete(
 309                  sprintf( T_('Delete user field &laquo;%s&raquo;?'), $edited_Userfield->dget('name') ),
 310                  'userfield', $action, get_memorized( 'action' ) );
 311          /* no break */
 312      case 'new':
 313      case 'create':
 314      case 'create_new':
 315      case 'create_copy':
 316      case 'edit':
 317      case 'update':    // we return in this state after a validation error
 318          $AdminUI->disp_view( 'users/views/_userfield.form.php' );
 319          break;
 320  
 321  
 322      default:
 323          // No specific request, list all user fields:
 324          // Cleanup context:
 325          forget_param( 'ufdf_ID' );
 326          // Display user fields list:
 327          $AdminUI->disp_view( 'users/views/_userfields.view.php' );
 328          break;
 329  
 330  }
 331  
 332  $AdminUI->disp_payload_end();
 333  
 334  // Display body bottom, debug info and close </html>:
 335  $AdminUI->disp_global_footer();
 336  
 337  ?>

title

Description

title

Description

title

Description

title

title

Body