PageRenderTime 60ms CodeModel.GetById 50ms app.highlight 6ms RepoModel.GetById 1ms app.codeStats 1ms

/framework/core/form/Form.php

http://zoop.googlecode.com/
PHP | 99 lines | 77 code | 16 blank | 6 comment | 8 complexity | 7969c786f4abcff170152a36fec751fc MD5 | raw file
 1<?php
 2class Form
 3{
 4	private $id;
 5	private $bindings;
 6	private $sessionId;
 7	
 8	function __construct()
 9	{
10		$this->bindings = array();
11		$this->sessionId = session_id();
12	}
13	
14	public function addBinding($class, $id, $field)
15	{
16		$newBinding = new FormBinding($class, $id, $field);
17		$this->bindings[] = $newBinding;
18		return $newBinding->getName();
19	}
20	
21	public function saveBindings()
22	{
23		if(empty($this->bindings))
24			return;
25		$parts = array();
26		foreach($this->bindings as $thisBinding)
27			$parts[] = $thisBinding->getString();
28		$listString = implode(',', $parts);
29		
30		$this->id = SqlInsertArray('session_form', array('session_id' => $this->sessionId, 'fields' => $listString));
31	}
32	
33	static public function appendBindings($newBindings)
34	{
35		$formId = getPostInt('_zoop_form_id');
36		$sessionId = session_id();
37		//	IMPORTANT SECURITY NOTE:
38		//		even though session.id is going to be a unique identifier we still need to check to make sure that it 
39		//		has the correct session_id to prevent spoofing
40		$fieldString = SqlFetchCell("select fields from session_form where session_id = :sessionId and id = :formId",
41							array('sessionId' => $sessionId, 'formId' => $formId));
42		
43		if(!$fieldString)
44			trigger_error("session_form row $formId not found.  Possible attempt to spoof session data.");
45		
46		$parts = array();
47		foreach($newBindings as $thisBinding)
48		{
49			if(is_array($thisBinding))
50				$bindingObject = new FormBinding($thisBinding['class'], $thisBinding['id'], $thisBinding['field']);
51			else
52				$bindingObject = $thisBinding;
53			$parts[] = $bindingObject->getString();
54		}
55			
56		$appendString = implode(',', $parts);
57		
58		SqlUpdateRow("update session_form set fields = :newFieldString where session_id = :sessionId and id = :formId",
59							array('sessionId' => $sessionId, 'formId' => $formId, 'newFieldString' => $fieldString . ',' . $appendString));		
60	}
61	
62	public function getTagInfo()
63	{
64		return array('_zoop_form_id', $this->id);
65	}
66	
67	static public function save()
68	{
69		if(!isset($_POST['_zoop_form_id']) || !$_POST['_zoop_form_id'])
70			return;
71		
72		$formId = $_POST['_zoop_form_id'];
73		$sessionId = session_id();
74		//	IMPORTANT SECURITY NOTE:
75		//		even though session.id is going to be a unique identifier we still need to check to make sure that it 
76		//		has the correct session_id to prevent spoofing
77		$fieldString = SqlFetchCell("select fields from session_form where session_id = :sessionId and id = :formId",
78							array('sessionId' => $sessionId, 'formId' => $formId));
79		
80		if(!$fieldString)
81			trigger_error("session_form row $formId not found.  Possible attempt to spoof session data.");
82		
83		$objects = array();
84		foreach(explode(',', $fieldString) as $thisFieldString)
85		{
86			list($class, $id, $field) = explode(':', $thisFieldString);
87			if(!isset($_POST['_zoop_form_element'][$class][$id][$field]))
88				continue;
89			$objectId = "$class:$id";
90			if(!isset($objects[$objectId]))
91				$objects[$objectId] = new $class($id);
92			
93			$objects[$objectId]->$field = $_POST['_zoop_form_element'][$class][$id][$field];
94		}
95		
96		foreach($objects as $thisObject)
97			$thisObject->save();
98	}
99}