/framework/core/form/Form.php
PHP | 99 lines | 77 code | 16 blank | 6 comment | 8 complexity | 7969c786f4abcff170152a36fec751fc MD5 | raw file
1<?php 2class Form 3{ 4 private $id; 5 private $bindings; 6 private $sessionId; 7 8 function __construct() 9 { 10 $this->bindings = array(); 11 $this->sessionId = session_id(); 12 } 13 14 public function addBinding($class, $id, $field) 15 { 16 $newBinding = new FormBinding($class, $id, $field); 17 $this->bindings[] = $newBinding; 18 return $newBinding->getName(); 19 } 20 21 public function saveBindings() 22 { 23 if(empty($this->bindings)) 24 return; 25 $parts = array(); 26 foreach($this->bindings as $thisBinding) 27 $parts[] = $thisBinding->getString(); 28 $listString = implode(',', $parts); 29 30 $this->id = SqlInsertArray('session_form', array('session_id' => $this->sessionId, 'fields' => $listString)); 31 } 32 33 static public function appendBindings($newBindings) 34 { 35 $formId = getPostInt('_zoop_form_id'); 36 $sessionId = session_id(); 37 // IMPORTANT SECURITY NOTE: 38 // even though session.id is going to be a unique identifier we still need to check to make sure that it 39 // has the correct session_id to prevent spoofing 40 $fieldString = SqlFetchCell("select fields from session_form where session_id = :sessionId and id = :formId", 41 array('sessionId' => $sessionId, 'formId' => $formId)); 42 43 if(!$fieldString) 44 trigger_error("session_form row $formId not found. Possible attempt to spoof session data."); 45 46 $parts = array(); 47 foreach($newBindings as $thisBinding) 48 { 49 if(is_array($thisBinding)) 50 $bindingObject = new FormBinding($thisBinding['class'], $thisBinding['id'], $thisBinding['field']); 51 else 52 $bindingObject = $thisBinding; 53 $parts[] = $bindingObject->getString(); 54 } 55 56 $appendString = implode(',', $parts); 57 58 SqlUpdateRow("update session_form set fields = :newFieldString where session_id = :sessionId and id = :formId", 59 array('sessionId' => $sessionId, 'formId' => $formId, 'newFieldString' => $fieldString . ',' . $appendString)); 60 } 61 62 public function getTagInfo() 63 { 64 return array('_zoop_form_id', $this->id); 65 } 66 67 static public function save() 68 { 69 if(!isset($_POST['_zoop_form_id']) || !$_POST['_zoop_form_id']) 70 return; 71 72 $formId = $_POST['_zoop_form_id']; 73 $sessionId = session_id(); 74 // IMPORTANT SECURITY NOTE: 75 // even though session.id is going to be a unique identifier we still need to check to make sure that it 76 // has the correct session_id to prevent spoofing 77 $fieldString = SqlFetchCell("select fields from session_form where session_id = :sessionId and id = :formId", 78 array('sessionId' => $sessionId, 'formId' => $formId)); 79 80 if(!$fieldString) 81 trigger_error("session_form row $formId not found. Possible attempt to spoof session data."); 82 83 $objects = array(); 84 foreach(explode(',', $fieldString) as $thisFieldString) 85 { 86 list($class, $id, $field) = explode(':', $thisFieldString); 87 if(!isset($_POST['_zoop_form_element'][$class][$id][$field])) 88 continue; 89 $objectId = "$class:$id"; 90 if(!isset($objects[$objectId])) 91 $objects[$objectId] = new $class($id); 92 93 $objects[$objectId]->$field = $_POST['_zoop_form_element'][$class][$id][$field]; 94 } 95 96 foreach($objects as $thisObject) 97 $thisObject->save(); 98 } 99}