/framework/core/form/Form.php

http://zoop.googlecode.com/ · PHP · 99 lines · 77 code · 16 blank · 6 comment · 8 complexity · 7969c786f4abcff170152a36fec751fc MD5 · raw file

  1. <?php
  2. class Form
  3. {
  4. private $id;
  5. private $bindings;
  6. private $sessionId;
  7. function __construct()
  8. {
  9. $this->bindings = array();
  10. $this->sessionId = session_id();
  11. }
  12. public function addBinding($class, $id, $field)
  13. {
  14. $newBinding = new FormBinding($class, $id, $field);
  15. $this->bindings[] = $newBinding;
  16. return $newBinding->getName();
  17. }
  18. public function saveBindings()
  19. {
  20. if(empty($this->bindings))
  21. return;
  22. $parts = array();
  23. foreach($this->bindings as $thisBinding)
  24. $parts[] = $thisBinding->getString();
  25. $listString = implode(',', $parts);
  26. $this->id = SqlInsertArray('session_form', array('session_id' => $this->sessionId, 'fields' => $listString));
  27. }
  28. static public function appendBindings($newBindings)
  29. {
  30. $formId = getPostInt('_zoop_form_id');
  31. $sessionId = session_id();
  32. // IMPORTANT SECURITY NOTE:
  33. // even though session.id is going to be a unique identifier we still need to check to make sure that it
  34. // has the correct session_id to prevent spoofing
  35. $fieldString = SqlFetchCell("select fields from session_form where session_id = :sessionId and id = :formId",
  36. array('sessionId' => $sessionId, 'formId' => $formId));
  37. if(!$fieldString)
  38. trigger_error("session_form row $formId not found. Possible attempt to spoof session data.");
  39. $parts = array();
  40. foreach($newBindings as $thisBinding)
  41. {
  42. if(is_array($thisBinding))
  43. $bindingObject = new FormBinding($thisBinding['class'], $thisBinding['id'], $thisBinding['field']);
  44. else
  45. $bindingObject = $thisBinding;
  46. $parts[] = $bindingObject->getString();
  47. }
  48. $appendString = implode(',', $parts);
  49. SqlUpdateRow("update session_form set fields = :newFieldString where session_id = :sessionId and id = :formId",
  50. array('sessionId' => $sessionId, 'formId' => $formId, 'newFieldString' => $fieldString . ',' . $appendString));
  51. }
  52. public function getTagInfo()
  53. {
  54. return array('_zoop_form_id', $this->id);
  55. }
  56. static public function save()
  57. {
  58. if(!isset($_POST['_zoop_form_id']) || !$_POST['_zoop_form_id'])
  59. return;
  60. $formId = $_POST['_zoop_form_id'];
  61. $sessionId = session_id();
  62. // IMPORTANT SECURITY NOTE:
  63. // even though session.id is going to be a unique identifier we still need to check to make sure that it
  64. // has the correct session_id to prevent spoofing
  65. $fieldString = SqlFetchCell("select fields from session_form where session_id = :sessionId and id = :formId",
  66. array('sessionId' => $sessionId, 'formId' => $formId));
  67. if(!$fieldString)
  68. trigger_error("session_form row $formId not found. Possible attempt to spoof session data.");
  69. $objects = array();
  70. foreach(explode(',', $fieldString) as $thisFieldString)
  71. {
  72. list($class, $id, $field) = explode(':', $thisFieldString);
  73. if(!isset($_POST['_zoop_form_element'][$class][$id][$field]))
  74. continue;
  75. $objectId = "$class:$id";
  76. if(!isset($objects[$objectId]))
  77. $objects[$objectId] = new $class($id);
  78. $objects[$objectId]->$field = $_POST['_zoop_form_element'][$class][$id][$field];
  79. }
  80. foreach($objects as $thisObject)
  81. $thisObject->save();
  82. }
  83. }