PageRenderTime 61ms CodeModel.GetById 31ms RepoModel.GetById 0ms app.codeStats 0ms

/common/lib/Form/Class.FormHandler.inc.php

https://github.com/xrg/a2billing
PHP | 383 lines | 278 code | 43 blank | 62 comment | 55 complexity | 13bd8b5bc271ab98b81ce5907187654d MD5 | raw file
Possible License(s): AGPL-1.0 
    

  1. <?php
    2. 

  2. 	// Please, include ../Form.inc.php instead!
    3. 

  3. 	/** Generic form
    4. 

  4. 	    The form is the main handler of data->html interaction.
    5. 

  5. 	*/
    6. 

  6. 

  7. abstract class FormElemBase extends ElemBase{
    8. 

  8. 	abstract function InFormRender(&$form);
    9. 

  9. };
    10. 

  10. 

  11. class FormHandler extends ElemBase{
    12. 

  12. 	public $FG_DEBUG = 0;
    13. 

  13. 	protected $action = null;
    14. 

  14. 	private $rights_checked = false;
    15. 

  15. 		/** prefix all url vars with this, so that multiple forms can co-exist
    16. 

  16. 		in the same html page! */
    17. 

  17. 	public $prefix = ''; 
    18. 

  18. 	
    19. 

  19. 	public $a2billing; ///< Reference to an a2billing instance
    20. 

  20. 	
    21. 

  21. 		/** Custom elements before the form. These can be search options or anything. 
    22. 

  22. 		    If they are instances of FormElemBase, they will be called with the form
    23. 

  23. 		    as a parameter, which helps a lot.
    24. 

  24. 		*/
    25. 

  25. 	public $pre_elems = array();
    26. 

  26. 	public $meta_elems = array(); ///< Same as pre_elems, but rendered after the form.
    27. 

  27. 	
    28. 

  28. 	// model-related vars
    29. 

  29. 		/** The most important var: hold one object per field to be viewed/edited */
    30. 

  30. 	public $model = array();
    31. 

  31. 	public $model_name = 'Records'; ///< plural form for table
    32. 

  32. 	public $model_name_s = 'Record'; ///< Singular form
    33. 

  33. 	
    34. 

  34. 	public $model_table = null; ///< the \b main table related to the model
    35. 

  35. 	private $s_modelPK = null; ///< Cached reference to the primary key column
    36. 

  36. 	
    37. 

  37. 	public $views = array(); ///< Each view implements actions/views.
    38. 

  38. 	
    39. 

  39. 	// appearance vars
    40. 

  40. 	public $list_class = 'cclist'; ///< class of the table used in list view
    41. 

  41. 	public $sens; ///< sort direction, null should default to ascending
    42. 

  42. 	public $order; ///< sort field, should match some model[]->fieldname
    43. 

  43. 	public $cpage; ///< Current page
    44. 

  44. 	public $ndisp; ///< Number of records to display
    45. 

  45. 	public $default_order;
    46. 

  46. 	public $default_sens;
    47. 

  47. 	
    48. 

  48. 	public $follow_params = array(); ///< Parameters to be followed accross pages
    49. 

  49. 	public $always_follow_params = array(); ///< Parameters to follow even when crossing action
    50. 

  50. 	
    51. 

  51. 	//running vars
    52. 

  52. 	protected $_dirty_vars=null; ///< all variables starting with 'prefix'. Set on init.
    53. 

  53. 	
    54. 

  54. 	function FormHandler($tablename=null, $inames=null, $iname=null){
    55. 

  55. 		$this->model_table = $tablename;
    56. 

  56. 		if ($inames) $this->model_name=$inames;
    57. 

  57. 		if ($iname) $this->model_name_s = $iname;
    58. 

  58. 			
    59. 

  59. 	}
    60. 

  60. 	
    61. 

  61. 	/** Before this class can be initted, its rights should be
    62. 

  62. 	   proven. Any attempt to use the class w/o them will fail. */
    63. 

  63. 	public function checkRights($rights){
    64. 

  64. 		if (!has_rights($rights)){
    65. 

  65. 			Header ("HTTP/1.0 401 Unauthorized");
    66. 

  66. 			Header ("Location: PP_error.php?c=accessdenied");
    67. 

  67. 			die();
    68. 

  68. 		}
    69. 

  69. 		$this->rights_checked = true;
    70. 

  70. 	}
    71. 

  71. 

  72. 	function init($sA2Billing= null, $stdActions=true){
    73. 

  73. 		if (!$this->rights_checked){
    74. 

  74. 			error_log("Attempt to use FormHandler w/o rights!");
    75. 

  75. 			die();
    76. 

  76. 		}
    77. 

  77. 		if ($sA2Billing)
    78. 

  78. 			$this->a2billing= &$sA2Billing;
    79. 

  79. 		else
    80. 

  80. 			$this->a2billing= &A2Billing::instance();
    81. 

  81. 			
    82. 

  82. 		if (isset($GLOBALS['FG_DEBUG']))
    83. 

  83. 			$this->FG_DEBUG = $GLOBALS['FG_DEBUG'];
    84. 

  84. 

  85. 			// Fill a local array with dirty versions of data..
    86. 

  86. 		if (!$this->prefix)
    87. 

  87. 			$this->_dirty_vars=array_merge($_GET, $_POST);
    88. 

  88. 		else {
    89. 

  89. 			$tmp_arr = array_merge($_GET, $_POST);
    90. 

  90. 			$tlen=strlen($this->prefix);
    91. 

  91. 			$this->_dirty_vars=array();
    92. 

  92. 			// Find vars matching prefix and strip that!
    93. 

  93. 			foreach($tmp_arr as $key => $data)
    94. 

  94. 				if (strncmp($this->prefix,$key,$tlen)==0)
    95. 

  95. 				$this->_dirty_vars[substr($key,$tlen)]=$data;
    96. 

  96. 		}
    97. 

  97. 			
    98. 

  98. 		// set action, for a start:
    99. 

  99. 		$this->action = $this->getpost_single('action');
    100. 

  100. 		if ($this->action == null)
    101. 

  101. 			$this->action = 'list';
    102. 

  102. 		
    103. 

  103. 		if ($this->order= $this->getpost_single('order'))
    104. 

  104. 			$this->addFollowParam('order',$this->order);
    105. 

  105. 		else $this->order = $this->default_order;
    106. 

  106. 		if ($this->sens = $this->getpost_single('sens'))
    107. 

  107. 			$this->addFollowParam('sens',$this->sens);
    108. 

  108. 		else $this->sens = $this->default_sens;
    109. 

  109. 		
    110. 

  110. 		if ($this->cpage= $this->getpost_single('cpage'))
    111. 

  111. 			$this->addFollowParam('cpage',$this->cpage);
    112. 

  112. 		if ($this->ndisp = $this->getpost_single('ndisp'))
    113. 

  113. 			$this->addFollowParam('ndisp',$this->ndisp);
    114. 

  114. 		else
    115. 

  115. 			$this->ndisp = 30;
    116. 

  116. 			
    117. 

  117. 		if ($stdActions){
    118. 

  118. 			$this->views['idle'] = new IdleView();
    119. 

  119. 			$this->views['list'] = new ListView();
    120. 

  120. 			if (!session_readonly()){
    121. 

  121. 				$this->views['edit'] = new EditView();
    122. 

  122. 				$this->views['add'] = new AddView();
    123. 

  123. 				$this->views['delete'] = new DeleteView();
    124. 

  124. 				$this->views['object-edit'] = new ObjEditView();
    125. 

  125. 			}
    126. 

  126. 			$this->views['ask-add'] = new AskAddView();
    127. 

  127. 			$this->views['ask-add2'] = new AskAdd2View();
    128. 

  128. 			$this->views['ask-edit2'] = new AskEdit2View();
    129. 

  129. 			$this->views['ask-edit'] = new AskEditView();
    130. 

  130. 			$this->views['ask-del'] = new AskDelView();
    131. 

  131. 			$this->views['details'] = new DetailsView();
    132. 

  132. 			if ($this->FG_DEBUG)
    133. 

  133. 				$this->views['dump-form'] = new DbgDumpView();
    134. 

  134. 		}
    135. 

  135. 	}
    136. 

  136. 	
    137. 

  137. 	/** Perform add, edit etc.
    138. 

  138. 	    If the action fails (eg. db error), this will throw an \b exception
    139. 

  139. 	    The exception message shall be human readable, that is, will be output
    140. 

  140. 	    to the reader.
    141. 

  141. 	    
    142. 

  142. 	    \return If it returns a string, that will be the url to go after here.
    143. 

  143. 	    
    144. 

  144. 	*/
    145. 

  145. 	public function PerformAction(){
    146. 

  146. 		if (!$this->rights_checked){
    147. 

  147. 			error_log("Attempt to use FormHandler w/o rights!");
    148. 

  148. 			die();
    149. 

  149. 		}
    150. 

  150. 		
    151. 

  151. 		if (isset($this->views[$this->action]))
    152. 

  152. 			$this->views[$this->action]->PerformAction($this);
    153. 

  153. 	}
    154. 

  154. 

  155. 

  156. 	/** Render the view/edit form for the HTML body */
    157. 

  157. 	public function Render(){
    158. 

  158. 		if (!$this->rights_checked){
    159. 

  159. 			error_log("Attempt to use FormHandler w/o rights!");
    160. 

  160. 			die();
    161. 

  161. 		}
    162. 

  162. 		
    163. 

  163. 		foreach($this->pre_elems as $el)
    164. 

  164. 			if ($el instanceof FormElemBase)
    165. 

  165. 				$el->InFormRender($this);
    166. 

  166. 			elseif ($el instanceof ElemBase)
    167. 

  167. 				$el->Render();
    168. 

  168. 			else if ($this->FG_DEBUG)
    169. 

  169. 				print_r($el);
    170. 

  170. 				
    171. 

  171. 		if (isset($this->views[$this->action]))
    172. 

  172. 			$this->views[$this->action]->Render($this);
    173. 

  173. 		else{
    174. 

  174. 			if ($this->FG_DEBUG) echo "Cannot handle action: $this->action";
    175. 

  175. 			if ($this->FG_DEBUG>2){
    176. 

  176. 				echo "<pre>\n";
    177. 

  177. 				print_r($this->_dirty_vars);
    178. 

  178. 				echo "\n</pre>\n";
    179. 

  179. 			}
    180. 

  180. 		}
    181. 

  181. 		
    182. 

  182. 		foreach($this->meta_elems as $el)
    183. 

  183. 			if ($el instanceof FormElemBase)
    184. 

  184. 				$el->InFormRender($this);
    185. 

  185. 			elseif ($el instanceof ElemBase)
    186. 

  186. 				$el->Render();
    187. 

  187. 			else if ($this->FG_DEBUG)
    188. 

  188. 				print_r($el);
    189. 

  189. 	}
    190. 

  190. 	
    191. 

  191. 	/** Render the view/edit form for the HTML body */
    192. 

  192. 	public function RenderSpecial($rmode,&$robj){
    193. 

  193. 		if (!$this->rights_checked){
    194. 

  194. 			error_log("Attempt to use FormHandler w/o rights!");
    195. 

  195. 			die();
    196. 

  196. 		}
    197. 

  197. 		
    198. 

  198. /*		foreach($this->pre_elems as $el)
    199. 

  199. 			if ($el instanceof FormElemBase)
    200. 

  200. 				$el->InFormRender($this);
    201. 

  201. 			elseif ($el instanceof ElemBase)
    202. 

  202. 				$el->Render();
    203. 

  203. 			else if ($this->FG_DEBUG)
    204. 

  204. 				print_r($el);*/
    205. 

  205. 				
    206. 

  206. 		if (isset($this->views[$this->action]))
    207. 

  207. 			$this->views[$this->action]->RenderSpecial($rmode,$this,$robj);
    208. 

  208. 		else{
    209. 

  209. 			if ($this->FG_DEBUG) echo "Cannot handle action: $this->action";
    210. 

  210. 			if ($this->FG_DEBUG>2){
    211. 

  211. 				print_r($this->_dirty_vars);
    212. 

  212. 			}
    213. 

  213. 		}
    214. 

  214. 		
    215. 

  215. /*		foreach($this->meta_elems as $el)
    216. 

  216. 			if ($el instanceof FormElemBase)
    217. 

  217. 				$el->InFormRender($this);
    218. 

  218. 			elseif ($el instanceof ElemBase)
    219. 

  219. 				$el->Render();
    220. 

  220. 			else if ($this->FG_DEBUG)
    221. 

  221. 				print_r($el);*/
    222. 

  222. 	}
    223. 

  223. 	public function RenderHeadSpecial($rmode,&$robj){
    224. 

  224. 		if (!$this->rights_checked){
    225. 

  225. 			error_log("Attempt to use FormHandler w/o rights!");
    226. 

  226. 			die();
    227. 

  227. 		}
    228. 

  228. 		if (isset($this->views[$this->action]))
    229. 

  229. 			$this->views[$this->action]->RenderHeadSpecial($rmode,$this,$robj);		
    230. 

  230. 	}
    231. 

  231. 

  232. 	// helper functions
    233. 

  233. 	/** Return an array with primary key field/values, used eg. by edit urls.
    234. 

  234. 	    \param $qrow an array with fields/values for the corresponding db row
    235. 

  235. 	*/
    236. 

  236. 	public function getPKparams(array $qrow,$use_prefix= true){
    237. 

  237. 		$ret = array();
    238. 

  238. 		foreach($this->model as &$fld)
    239. 

  239. 			if($fld && ($fld instanceof PKeyField)){
    240. 

  240. 				$arr2=$fld->listHidden($qrow,$this);
    241. 

  241. 				if (isset($arr2) && is_array($arr2)){
    242. 

  242. 					if ($use_prefix){
    243. 

  243. 						foreach($arr2 as $key =>$val)
    244. 

  244. 						$ret[$this->prefix.$key]=$val;
    245. 

  245. 					}else
    246. 

  246. 						$ret= array_merge($ret,$arr2);
    247. 

  247. 				}
    248. 

  248. 			}
    249. 

  249. 		if (count($ret)==0)
    250. 

  250. 			throw new Exception('Model doesn\'t have a primary key!');	
    251. 

  251. 		return $ret;
    252. 

  252. 	}
    253. 

  253. 	
    254. 

  254. 	/** Get pkparams from those of the url */
    255. 

  255. 	public function getPKparamsU($use_prefix= true){
    256. 

  256. 		return $this->getPKparams($this->_dirty_vars,$use_prefix);
    257. 

  257. 	}
    258. 

  258. 

  259. 	/** Construct an url out of the follow parameters + some custom ones
    260. 

  260. 	   @param $arr_more  An array to be added in the form ( key => data ...)
    261. 

  261. 	   @return A string like "?key1=data&key2=data..."
    262. 

  262. 	*/
    263. 

  263. 	function gen_GetParams($arr_more = NULL,$do_amper=false){
    264. 

  264. 		$arr = array_merge($this->always_follow_params,$this->follow_params);
    265. 

  265. 		if (is_array($arr_more))
    266. 

  266. 		$arr = array_merge($arr, $arr_more);
    267. 

  267. 		$str = arr2url($arr);
    268. 

  268. 		
    269. 

  269. 		if (strlen($str)){
    270. 

  270. 			if ($do_amper)
    271. 

  271. 			$str = '&' . $str;
    272. 

  272. 			else
    273. 

  273. 			$str = '?' . $str;
    274. 

  274. 		}
    275. 

  275. 		return $str;
    276. 

  276. 	}
    277. 

  277. 	
    278. 

  278. 	function gen_AllGetParams($arr_more = NULL,$do_amper=false){
    279. 

  279. 		$arr = $this->always_follow_params;
    280. 

  280. 		if (is_array($arr_more))
    281. 

  281. 		$arr = array_merge($arr, $arr_more);
    282. 

  282. 		$str = arr2url($arr);
    283. 

  283. 		
    284. 

  284. 		if (strlen($str)){
    285. 

  285. 			if ($do_amper)
    286. 

  286. 			$str = '&' . $str;
    287. 

  287. 			else
    288. 

  288. 			$str = '?' . $str;
    289. 

  289. 		}
    290. 

  290. 		return $str;
    291. 

  291. 	}
    292. 

  292. 	
    293. 

  293. 	function gen_PostParams($arr_more = NULL, $do_nulls=false){
    294. 

  294. 		$arr = array_merge($this->always_follow_params,$this->follow_params);
    295. 

  295. 		if (is_array($arr_more))
    296. 

  296. 		$arr = array_merge($arr, $arr_more);
    297. 

  297. 		// unfortunately, it is hard to use CV_FOLLOWPARAMETERS here!
    298. 

  298. 		
    299. 

  299. 		foreach($arr as $key => $value)
    300. 

  300. 			if ($do_nulls || $value !=NULL){
    301. 

  301. 		?><input type="hidden" name="<?= $key ?>" value="<?= htmlspecialchars($value) ?>" >
    302. 

  302. 		<?php
    303. 

  303. 		}
    304. 

  304. 	}
    305. 

  305. 	
    306. 

  306. 	/** Return an URL to this page, with some extra params */
    307. 

  307. 	function selfUrl(array $arr){
    308. 

  308. 		return $_SERVER['PHP_SELF']. $this->gen_GetParams($arr);
    309. 

  309. 	}
    310. 

  310. 	
    311. 

  311. 	/** Return a URL to the ask-edit page
    312. 

  312. 	    \param $arr The row of the query
    313. 

  313. 	*/
    314. 

  314. 	function askeditURL(array $arr){
    315. 

  315. 		$pkparams = $this->getPKparams($arr,true);
    316. 

  316. 		$pkparams[$this->prefix.'action']='ask-edit';
    317. 

  317. 		return $_SERVER['PHP_SELF'].$this->gen_AllGetParams($pkparams);
    318. 

  318. 	}
    319. 

  319. 	
    320. 

  320. 	/** Generate a page element calling the graph for one of the sums
    321. 

  321. 	  \param $ind a key referencing sums[$ind]
    322. 

  322. 	  \param $type The type of the graph
    323. 

  323. 	  */
    324. 

  324. 	function GraphUrl($grph, $alt = null){
    325. 

  325. 		$img_url=$this->selfUrl(array('graph' =>'t','action' => $grph));
    326. 

  326. 		if ($title)
    327. 

  327. 			$tmp_title = $alt;
    328. 

  328. 		else
    329. 

  329. 			$tmp_title = _("Graph");
    330. 

  330. 		return new StringElem("<div class=\"graph_img\"><img src=\"$img_url\" alt=\"$tmp_title\"></div>");
    331. 

  331. 	}
    332. 

  332. 

  333. 	/// Throw away anything that could make data weird.. Sometimes too much.
    334. 

  334. 	function sanitize_data($data){
    335. 

  335. 		if(is_array($data)){
    336. 

  336. 			return $data; //Need to sanatize this later
    337. 

  337. 		}
    338. 

  338. 		$lowerdata = strtolower ($data);
    339. 

  339. 		$data = str_replace('--', '', $data);
    340. 

  340. 		$data = str_replace("'", '', $data);
    341. 

  341. 		$data = str_replace('=', '', $data);
    342. 

  342. 		$data = str_replace(';', '', $data);
    343. 

  343. 		//$lowerdata = str_replace('table', '', $lowerdata);
    344. 

  344. 		//$lowerdata = str_replace(' or ', '', $data);
    345. 

  345. 		if (!(strpos($lowerdata, ' or 1')===FALSE)){ return false;}
    346. 

  346. 		if (!(strpos($lowerdata, ' or true')===FALSE)){ return false;}
    347. 

  347. 		if (!(strpos($lowerdata, 'table')===FALSE)){ return false;}
    348. 

  348. 		return $data;
    349. 

  349. 	}
    350. 

  350. 	
    351. 

  351. 	function getpost_single($vname){
    352. 

  352. 		return sanitize_data($this->_dirty_vars[$vname]);
    353. 

  353. 	}
    354. 

  354. 	
    355. 

  355. 	function getpost_dirty($vname){
    356. 

  356. 		return $this->_dirty_vars[$vname];
    357. 

  357. 	}
    358. 

  358. 	
    359. 

  359. 	function getAction(){
    360. 

  360. 		return $this->action;
    361. 

  361. 	}
    362. 

  362. 	
    363. 

  363. 	function setAction($act){
    364. 

  364. 		$this->action = $act;
    365. 

  365. 		if ($this->FG_DEBUG && !isset($this->views[$this->action]))
    366. 

  366. 			error_log("Action ".$this->action ." not defined!");
    367. 

  367. 	}
    368. 

  368. 

  369. 	function addFollowParam($key,$var){
    370. 

  370. 		$this->follow_params[$this->prefix . $key] = $var;
    371. 

  371. 	}
    372. 

  372. 

  373. 	function addAllFollowParam($key,$var,$append_prefix=true){
    374. 

  374. 		if ($append_prefix)
    375. 

  375. 			$key = $this->prefix . $key;
    376. 

  376. 		$this->always_follow_params[$key] = $var;
    377. 

  377. 	}
    378. 

  378. 

  379. 	
    380. 

  380. 

  381. };
    382. 

  382. 

  383. ?>
    384.