PageRenderTime 37ms CodeModel.GetById 11ms RepoModel.GetById 0ms app.codeStats 0ms

/inc/bors/form_save.php

https://bitbucket.org/Balancer/bors-core
PHP | 442 lines | 357 code | 71 blank | 14 comment | 96 complexity | 248217a26bd2958d0ed089b365633133 MD5 | raw file
Possible License(s): LGPL-2.1, GPL-3.0 
    

  1. <?php
    2. 

  2. 

  3. //передать также: 'subaction'
    4. 

  4. 

  5. function bors_form_save($obj)
    6. 

  6. {
    7. 

  7. 	if(($post_js = @$_GET['javascript_post_append']))
    8. 

  8. 		session_array_append('javascript_post_append', $post_js);
    9. 

  9. 

  10. 	if(!empty($_GET['act']))
    11. 

  11. 	{
    12. 

  12. 		if($_GET['act'] == 'skip_all')
    13. 

  13. 			return false;
    14. 

  14. 

  15. 		if(!empty($_GET['object']))
    16. 

  16. 			$obj = bors_load_uri($_GET['object']);
    17. 

  17. 

  18. 		if(method_exists($obj, 'action_target'))
    19. 

  19. 			$obj = $obj->action_target();
    20. 

  20. 

  21. 		if(!$obj->access())
    22. 

  22. 			return bors_message(ec("Не заданы режимы доступа класса ").get_class($obj)."; access_engine=".$obj->access_engine());
    23. 

  23. 

  24. 		if(!$obj->access()->can_action($_GET['act'], $_GET))
    25. 

  25. 		{
    26. 

  26. //			jquery::load();
    27. 

  27. 

  28. 			$sorry = _("Извините, у Вас недостаточный уровень доступа для операций с этим ресурсом");
    29. 

  29. 			$info  = _("Служебная информация");
    30. 

  30. 

  31. 			$message = "<div class=\"alert alert-error\">{$sorry} ({$obj->titled_link()} -> {$obj->access()} -> can_action())</div>
    32. 

  32. <div class=\"accordion\" id=\"sysinfoacc\">
    33. 

  33. 	<div class=\"accordion-group\">
    34. 

  34. 		<div class=\"accordion-heading\">
    35. 

  35. 			<a class=\"accordion-toggle\" data-toggle=\"collapse\" data-parent=\"#sysinfoacc\" href=\"#sysinfodata\">
    36. 

  36. 				$info
    37. 

  37. 			</a>
    38. 

  38. 		</div>
    39. 

  39. 		<div id=\"sysinfodata\" class=\"accordion-body collapse\">
    40. 

  40. 			<div class=\"accordion-inner\">
    41. 

  41. 				object class = ".get_class($obj).",<br/>
    42. 

  42. 				access class = ".get_class($obj->access()).",<br/>
    43. 

  43. 				access method = can_action(".$_GET['act'].");<br/>
    44. 

  44. <pre>".bors_debug::trace(0, false)."
    45. 

  45. 			</pre></div>
    46. 

  46. 		</div>
    47. 

  47. 	</div>
    48. 

  48. </div>
    49. 

  49. ";
    50. 

    51. 

  51. 			echo twitter_bootstrap::raw_message(array(
    52. 

  52. 				'this' => bors_load('bors_pages_fake', array(
    53. 

  53. 					'title' => ec('Ошибка прав доступа'),
    54. 

  54. 					'body' => $message,
    55. 

  55. 				)),
    56. 

  56. 			));
    57. 

  57. 

  58. 			return true;
    59. 

  59. 		}
    60. 

  60. 

  61. 		if(method_exists($obj, $method = "on_action_{$_GET['act']}"))
    62. 

  62. 		{
    63. 

  63. 			$result = $obj->$method($_GET);
    64. 

  64. 			if($result === true)
    65. 

  65. 				return true;
    66. 

  66. 		}
    67. 

  67. 	}
    68. 

  68. 

  69. 	if(method_exists($obj, 'on_action'))
    70. 

  70. 	{
    71. 

  71. 		//TODO: придумать, как унифицировать с классом-сейвером
    72. 

  72. 		$form = bors_load(@$_GET['form_class_name'], @$_GET['form_object_id']);
    73. 

  73. 		if(!empty($_GET['saver_prepare_classes']))
    74. 

  74. 		{
    75. 

  75. 			foreach(explode(',', $_GET['saver_prepare_classes']) as $cn)
    76. 

  76. 				if(true === call_user_func(array($cn, 'saver_prepare'), $_GET))
    77. 

  77. 					return true;
    78. 

  78. 		}
    79. 

  79. 

  80. 		if(method_exists($obj, 'action_target'))
    81. 

  81. 			$obj = $obj->action_target();
    82. 

  82. 

  83. 		if(!$obj->access())
    84. 

  84. 			return bors_message(ec("Не заданы режимы доступа класса ").get_class($obj)."; access_engine=".$obj->access_engine());
    85. 

  85. 

  86. 		if(!$obj->access()->can_action(NULL, $_GET))
    87. 

  87. 			return bors_message(ec("[0] Извините, Вы не можете производить операции с этим ресурсом (class=".get_class($obj).", access=".get_class($obj->access()).", method=can_action)"));
    88. 

  88. 

  89. 		$result = $obj->on_action($_GET);
    90. 

  90. 		if($result === true)
    91. 

  91. 			return true;
    92. 

  92. 	}
    93. 

  93. 

  94. 	$class_name = @$_GET['class_name'];
    95. 

  95. 	$form_class_name = @$_GET['form_class_name'];
    96. 

  96. 	if(
    97. 

  97. 			($class_name && $class_name != 'NULL')
    98. 

  98. 		||	($form_class_name && $form_class_name != 'NULL'))
    99. 

  99. 	{
    100. 

  100. 		if($class_name)
    101. 

  101. 			$tmp = new $class_name(NULL);
    102. 

  102. 		elseif($form_class_name)
    103. 

  103. 			$tmp = new $form_class_name(NULL);
    104. 

  104. 		else
    105. 

  105. 			$tmp = NULL;
    106. 

  106. 

  107. 		if($form_saver_class = object_property($tmp, 'form_saver_class'))
    108. 

  108. 			return object_load($form_saver_class)->save($obj, $_GET, $_FILES);
    109. 

  109. 		elseif($form_saver_class = config('form_saver.class_name'))
    110. 

  110. 			return object_load($form_saver_class)->save($obj, $_GET, $_FILES);
    111. 

  111. 

  112. 		$objects_common_data = array();
    113. 

  113. 		$objects_data = array();
    114. 

  114. 

  115. 		$files_as_array = true;
    116. 

  116. 		foreach($_FILES as $name => $params)
    117. 

  117. 		{
    118. 

  118. 			foreach($params as $key => $value)
    119. 

  119. 			{
    120. 

  120. 				if(is_array($value))
    121. 

  121. 				{
    122. 

  122. 					foreach($value as $idx => $val2)
    123. 

  123. 					{
    124. 

  124. 						$objects_data[$idx]['uploaded_file'][$key] = $val2;
    125. 

  125. 						$objects_data[$idx]['uploaded_file']['upload_name'] = $name;
    126. 

  126. 					}
    127. 

  127. 				}
    128. 

  128. 				else
    129. 

  129. 				{
    130. 

  130. 					$files_as_array = false;
    131. 

  131. 					$objects_common_data['uploaded_file'][$key] = $value;
    132. 

  132. 					$objects_common_data['uploaded_file']['upload_name'] = $name;
    133. 

  133. 				}
    134. 

  134. 			}
    135. 

  135. 

  136. 			if(!$files_as_array)
    137. 

  137. 				$objects_data[]['uploaded_file'] = $objects_common_data['uploaded_file'];
    138. 

  138. 		}
    139. 

  139. 

  140. 		if(empty($_GET['checkboxes_list']))
    141. 

  141. 			$checkboxes_list = array();
    142. 

  142. 		else
    143. 

  143. 			$checkboxes_list = explode(',', $_GET['checkboxes_list']);
    144. 

  144. 

  145. 		if(!empty($_GET['checkboxes']))
    146. 

  146. 		{
    147. 

  147. 			foreach(explode(',', $_GET['checkboxes']) as $cbn)
    148. 

  148. 			{
    149. 

  149. 				$cbn = str_replace('[]', '', $cbn);
    150. 

  150. 				if(empty($_GET[$cbn]))
    151. 

  151. 					$_GET[$cbn] = 0;
    152. 

  152. 			}
    153. 

  153. 

  154. 			unset($_GET['checkboxes']);
    155. 

  155. 		}
    156. 

  156. 

  157. 		foreach($_GET as $key => $value)
    158. 

  158. 		{
    159. 

  159. 			if(is_array($value) && !in_array($key, $checkboxes_list))
    160. 

  160. 			{
    161. 

  161. 				foreach($value as $idx => $val2)
    162. 

  162. 					$objects_data[$idx][$key] = $val2;
    163. 

  163. 			}
    164. 

  164. 			else
    165. 

  165. 				$objects_common_data[$key] = $value;
    166. 

  166. 		}
    167. 

  167. 

  168. 		$form = $obj;
    169. 

  169. 		if($objects_data)
    170. 

  170. 		{
    171. 

  171. 			$first = true;
    172. 

  172. 			$total = count($objects_data);
    173. 

  173. 			$count = 0;
    174. 

  174. 			foreach($objects_data as $idx => $data)
    175. 

  175. 			{
    176. 

  176. 				$last = (++$count == $total);
    177. 

  177. 				$data = array_merge($objects_common_data, $data);
    178. 

  178. 				$result = bors_form_save_object($data['class_name'], @$data['object_id'], $data, $first, $last);
    179. 

  179. 				if($result === true || is_object($result))
    180. 

  180. 					$form = $result;
    181. 

  181. 				if(true === $result)
    182. 

  182. 					break;
    183. 

  183. 				$first = false;
    184. 

  184. 			}
    185. 

  185. 		}
    186. 

  186. 		else
    187. 

  187. 			$form = bors_form_save_object($_GET['class_name'], @$_GET['object_id'], $objects_common_data, true, true);
    188. 

  188. 

  189. 		if($form === true)
    190. 

  190. 			return true;
    191. 

  191. 

  192. 		if($form->has_changed())
    193. 

  193. 		{
    194. 

  194. 			if($post_message = pop_session_var('post_message'))
    195. 

  195. 			{
    196. 

  196. 				$link_url = bors_form_parse_vars(pop_session_var('post_message_link_url'), $form);
    197. 

  197. 				$post_message = bors_form_parse_vars($post_message, $form);
    198. 

  198. 				return bors_message($post_message, array(
    199. 

  199. 					'title' => ec('Данные сохранены'),
    200. 

  200. 					'link_text' => pop_session_var('post_message_link_text'),
    201. 

  201. 					'link_url' => $link_url,
    202. 

  202. 					'data' => array(
    203. 

  203. 						'target_admin_url' => $form->admin_url(1),
    204. 

  204. 					)
    205. 

  205. 				));
    206. 

  206. 			}
    207. 

  207. 

  208. 			if(!empty($_GET['go_on_update']))
    209. 

  209. 				$_GET['go'] = $_GET['go_on_update'];
    210. 

  210. 		}
    211. 

  211. 

  212. 		if(!empty($_GET['go']))
    213. 

  213. 		{
    214. 

  214. 			if($_GET['go'] == "newpage")
    215. 

  215. 				return go($form->url());
    216. 

  216. 

  217. 			if($_GET['go'] == "newpage_admin")
    218. 

  218. 				return go($form->admin_url());
    219. 

  219. 

  220. 			if($_GET['go'] == "newpage_edit_parent" || $_GET['go'] == "admin_parent")
    221. 

  221. 			{
    222. 

  222. 				$p = object_load($form->admin_url());
    223. 

  223. 				if($p)
    224. 

  224. 				{
    225. 

  225. 					$p = $p->parents();
    226. 

  226. 					return go($p[0]);
    227. 

  227. 				}
    228. 

  228. 

  229. 				return go($form->url());
    230. 

  230. 			}
    231. 

  231. 

  232. 			if($form)
    233. 

  233. 			{
    234. 

  234. 				$_GET['go'] = str_replace('%OBJECT_ID%', $form->id(), $_GET['go']);
    235. 

  235. 				$_GET['go'] = str_replace('%OBJECT_URL%', $form->url(), $_GET['go']);
    236. 

  236. 			}
    237. 

  237. 			require_once('inc/navigation.php');
    238. 

  238. 			return go($_GET['go']);
    239. 

  239. 		}
    240. 

  240. 	}
    241. 

  241. 

  242. 	return false;
    243. 

  243. }
    244. 

  244. 

  245. function bors_form_save_object($class_name, $id, &$data, $first, $last)
    246. 

  246. {
    247. 

  247. 	if($field = @$data['multiple_check_field'])
    248. 

  248. 		if(empty($data[$field]))
    249. 

  249. 			return;
    250. 

  250. 

  251. 	if($id)
    252. 

  252. 	{
    253. 

  253. 		$object = object_load($class_name, $id);
    254. 

  254. 

  255. 		if(!$object)
    256. 

  256. 			$object = object_new($class_name, $id);
    257. 

  257. 	}
    258. 

  258. 	else
    259. 

  259. 		$object = object_new($class_name);
    260. 

  260. 

  261. 	if(!$object)
    262. 

  262. 		return bors_message(ec("Не могу сохранить объект ")."{$class_name}({$id})");
    263. 

  263. 

  264. 	if($first)
    265. 

  265. 	{
    266. 

  266. 		$processed = $object->pre_action($data);
    267. 

  267. 		if($processed === true)
    268. 

  268. 			return true;
    269. 

  269. 

  270. 		if(!$object->access())
    271. 

  271. 			return bors_message(ec("Не заданы режимы доступа класса ").get_class($object)."; access_engine=".$object->access_engine());
    272. 

  272. 

  273. 		if(!$object->access()->can_action(@$data['act'], $data))
    274. 

  274. 			return bors_message(ec("[2fs] Извините, Вы не можете производить операции с этим ресурсом<br/><small>(class=".get_class($object).", access=".($object->access_engine())."/".get_class($object->access()).", method=can_action)</small>"));
    275. 

  275. 

  276. 		if(empty($data['subaction']))
    277. 

  277. 			$method = '';
    278. 

  278. 		else
    279. 

  279. 			$method = '_'.addslashes($data['subaction']);
    280. 

  280. 

  281. //		echo "? - $object->$method()";
    282. 

  282. 		if(method_exists($object, $method = 'on_action'.$method))
    283. 

  283. 			if($object->$method($data))
    284. 

  284. 				return true;
    285. 

  285. 	}
    286. 

  286. 

  287. 	if(($ret = $object->check_data($data)))
    288. 

  288. 		return $ret;
    289. 

  289. 

  290. 	foreach($data as $key => $val)
    291. 

  291. 	{
    292. 

  292. 		if(!$val || !preg_match("!^file_(\w+)_delete_do$!", $key, $m))
    293. 

  293. 			continue;
    294. 

  294. 

  295. 		$method = "remove_{$m[1]}_file";
    296. 

  296. 		$object->$method($data);
    297. 

  297. 	}
    298. 

  298. 

  299. 	if($file_data = @$data['uploaded_file'])
    300. 

  300. 	{
    301. 

  301. 		if($file_data['tmp_name'])
    302. 

  302. 			$object->{'upload_'.$file_data['upload_name'].'_file'}($file_data, $data);
    303. 

  303. 		elseif(@$file_data['name'])
    304. 

  304. 			bors_exit(ec("Ошибка загрузки изображения ").$file_data['name']);
    305. 

  305. 	}
    306. 

  306. 

  307. //	echo "Set fields for $object: ".print_d($data, true).", last=$last{}<br/>"; exit();
    308. 

  308. 	if($first)
    309. 

  309. 		$object->pre_set($data);
    310. 

  310. 

  311. 	//TODO: костыль для bors_admin_image_append
    312. 

  312. 	// Для исправной работы старых кривых ссылоки вида http://balancer.ru/tools/search/result/?q=%D1%82%D1%8D%D0%BC2%D1%83&w=a&s=r&class_name=bors_tools_search
    313. 

  313. 	// Проверка: bors_tools_search
    314. 

  314. 	if(method_exists($object, 'skip_save') && $object->skip_save())
    315. 

  315. 	{
    316. 

  316. 		if(!$object->set_fields($data, true))
    317. 

  317. 			return true;
    318. 

  318. 	}
    319. 

  319. 	else
    320. 

  320. 	{
    321. 

  321. 		if(!$object->set_fields($data, true))//array_intersect_key($data, bors_lib_orm::all_field_names($object, false)), true))
    322. 

  322. 			return true;
    323. 

  323. 	}
    324. 

  324. 

  325. 	if($last && $object->has_changed())
    326. 

  326. 	{
    327. 

  327. 		$object->set_modify_time(time());
    328. 

  328. 		$object->set_last_editor_id(bors()->user_id());
    329. 

  329. 		$object->set_last_editor_ip(bors()->client()->ip());
    330. 

  330. 		$object->set_last_editor_ua(bors()->client()->agent());
    331. 

  331. 

  332. 		if($object->id()) // post_set() вызывается только для уже существующих объектов.
    333. 

  333. 			$object->post_set($data);
    334. 

  334. 	}
    335. 

  335. 

  336. 	if(!$object->id() && method_exists($object, 'new_instance'))
    337. 

  337. 	{
    338. 

  338. 		$object->new_instance($data);
    339. 

  339. 		$object->on_new_instance($data);
    340. 

  340. 		$was_new = true;
    341. 

  341. 	}
    342. 

  342. 	else
    343. 

  343. 		$was_new = false;
    344. 

  344. 

  345. 	if(method_exists($object, 'post_save'))
    346. 

  346. 		$object->post_save($data);
    347. 

  347. 

  348. 	$_GET['go'] = defval($data, 'go', @$_GET['go']);
    349. 

  349. 	$_GET['go_on_update'] = defval($data, 'go_on_update', @$_GET['go_on_update']);
    350. 

  350. 

  351. 	if(!empty($data['bind_to']) && preg_match('!^(\w+)://(\d+)!', $data['bind_to'], $m))
    352. 

  352. 		$object->add_cross($m[1], $m[2], intval(@$data['bind_order']));
    353. 

  353. 

  354. 	if($data['form_class_name'] != $data['class_name'])
    355. 

  355. 	{
    356. 

  356. 		if(!$object->id() && !(method_exists($object, 'skip_save') && $object->skip_save())) //TODO: костыль для bors_admin_image_append
    357. 

  357. 		{
    358. 

  358. 			if($x = $object->empty_id_handler())
    359. 

  359. 				return $x;
    360. 

  360. 			else
    361. 

  361. 				return bors_throw(ec('Пустой id нового объекта ').$object->class_name().ec('. Возможно нужно использовать function replace_on_new_instance() { return true; }'));
    362. 

  362. 		}
    363. 

  363. 	}
    364. 

  364. 

  365. //	echo "Final id: {$object->id()}<br />";
    366. 

  366. 

  367. //	bors()->changed_save();
    368. 

  368. 

  369. 	if($object->has_changed())
    370. 

  370. 		add_session_message(ec('Данные успешно сохранены')/*.print_r(bors()->changed_objects(), true)*/, array('type' => 'success'));
    371. 

  371. 

  372. //	echo session_message(array('type' => 'success'));
    373. 

  373. //	exit( '?');
    374. 

  374. 

  375. 	if($was_new)
    376. 

  376. 		$object->b2_post_new($data);
    377. 

  377. 	else
    378. 

  378. 		$object->b2_post_update($data);
    379. 

  379. 

  380. 	return $object;
    381. 

  381. }
    382. 

  382. 

  383. function bors_form_errors($data, $conditions = array())
    384. 

  384. {
    385. 

  385. 	set_session_form_data($data);
    386. 

  386. 

  387. 	foreach($conditions as $error_condition => $fail_message)
    388. 

  388. 	{
    389. 

  389. 		if(is_numeric($error_condition) && !is_array($fail_message))
    390. 

  390. 		{
    391. 

  391. 			$error_condition = $fail_message;
    392. 

  392. 			$fail_message = NULL;
    393. 

  393. 		}
    394. 

  394. 

  395. 		$error_cond = @trim($error_condition);
    396. 

  396. 

  397. 		if(is_callable($error_condition))
    398. 

  398. 		{
    399. 

  399. 			$error_cond = call_user_func($callback, $data);
    400. 

  400. 		}
    401. 

  401. 		elseif(is_array($fail_message))
    402. 

  402. 		{
    403. 

  403. 			$fields = array($fail_message[0]);
    404. 

  404. 			$error_cond = $fail_message[1];
    405. 

  405. 			$fail_message = $fail_message[2];
    406. 

  406. 		}
    407. 

  407. 		elseif(preg_match('/^!(\w+)$/', $error_cond, $m))
    408. 

  408. 		{
    409. 

  409. 			$fields     = array($m[1]);
    410. 

  410. 			$error_cond = empty($data[$m[1]]);
    411. 

  411. 			if(!$fail_message && !empty($data['class_name']))
    412. 

  412. 			{
    413. 

  413. //				var_dump($data);
    414. 

  414. 				$f = bors_lib_orm::parse_property($data['class_name'], $m[1]);
    415. 

  415. //				var_dump($f); exit();
    416. 

  416. 				$fail_message = ec('Не заполнено поле «').defval($f, 'title', $m[1]).ec('»');
    417. 

  417. 			}
    418. 

  418. 		}
    419. 

  419. 		elseif(preg_match('/^(\w+)\s*!=\s*(\w+)$/', $error_cond, $m))
    420. 

  420. 		{
    421. 

  421. 			$fields     = array($m[1], $m[2]);
    422. 

  422. 			$error_cond = @$data[$m[1]] != @$data[$m[2]];
    423. 

  423. 		}
    424. 

  424. 		else
    425. 

  425. 			throw new Exception("Unknown check_form_data condition string: '$error_condition' => '$fail_message'");
    426. 

  426. 

  427. 		if($error_cond)
    428. 

  428. 		{
    429. 

  429. 			set_session_var('error_fields', join(',', $fields));
    430. 

  430. 			return $fail_message;
    431. 

  431. 		}
    432. 

  432. 	}
    433. 

  433. 

  434. 	return NULL;
    435. 

  435. }
    436. 

  436. 

  437. function bors_form_parse_vars($text, $object)
    438. 

  438. {
    439. 

  439. 	$text = str_replace('{$target_admin_url}', $object->admin()->url(), $text);
    440. 

  440. 	$text = str_replace('$target_admin_url', $object->admin()->url(), $text);
    441. 

  441. 	return $text;
    442. 

  442. }
    443. 

  443.