summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authormsquare <msquare@notrademark.de>2016-09-27 17:24:18 +0200
committermsquare <msquare@notrademark.de>2016-09-27 17:49:39 +0200
commit45bbf95972777e9499996d56a873c2a304815b3f (patch)
treee4acec80f969e1d220f7ec1a1e975c8ce3d4b541 /includes
parentf82a3fb1d81c4800bbe343231479ee29f935b190 (diff)
fix settings validation
Diffstat (limited to 'includes')
-rw-r--r--includes/model/Settings_model.php63
-rw-r--r--includes/mysqli_provider.php40
-rw-r--r--includes/pages/admin_settings.php155
-rw-r--r--includes/sys_page.php74
4 files changed, 208 insertions, 124 deletions
diff --git a/includes/model/Settings_model.php b/includes/model/Settings_model.php
index 2351e8c7..07e3b677 100644
--- a/includes/model/Settings_model.php
+++ b/includes/model/Settings_model.php
@@ -1,40 +1,43 @@
<?php
+
/**
- * Update Setting.
- *
- * @param string $event_name
- * @param int $buildup_start_date
- * @param int $event_start_date
- * @param int $event_end_date
- * @param int $teardown_end_date
- * @param string $event_welcome_msg
+ * Get settings.
*/
-function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
- return sql_query("UPDATE `Settings` SET
- `event_name`='" . sql_escape($event_name) . "',
- `buildup_start_date`='" . sql_escape($buildup_start_date) . "',
- `event_start_date`='" . sql_escape($event_start_date) . "',
- `event_end_date`='" . sql_escape($event_end_date) . "',
- `teardown_end_date`='" . sql_escape($teardown_end_date) . "',
- `event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
+function Settings() {
+ $settings = sql_select("SELECT * FROM `Settings` LIMIT 1");
+ if ($settings === false)
+ return false;
+ if (count($settings) > 0)
+ return $settings[0];
+ return null;
}
+
/**
- * Create Settings.
+ * Update Settings.
*
* @param string $event_name
- * @param int $buildup_start_date
- * @param int $event_start_date
- * @param int $event_end_date
- * @param int $teardown_end_date
- * @param string $event_welcome_msg
+ * @param int $buildup_start_date
+ * @param int $event_start_date
+ * @param int $event_end_date
+ * @param int $teardown_end_date
+ * @param string $event_welcome_msg
*/
-function Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
- return sql_query("INSERT INTO `Settings` SET
- `event_name`='" . sql_escape($event_name) . "',
- `buildup_start_date`='" . sql_escape($buildup_start_date) . "',
- `event_start_date`='" . sql_escape($event_start_date) . "',
- `event_end_date`='" . sql_escape($event_end_date) . "',
- `teardown_end_date`='" . sql_escape($teardown_end_date) . "',
- `event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
+function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
+ if (Settings() == null) {
+ return sql_query("INSERT INTO `Settings` SET
+ `event_name`=" . sql_null($event_name) . ",
+ `buildup_start_date`=" . sql_null($buildup_start_date) . ",
+ `event_start_date`=" . sql_null($event_start_date) . ",
+ `event_end_date`=" . sql_null($event_end_date) . ",
+ `teardown_end_date`=" . sql_null($teardown_end_date) . ",
+ `event_welcome_msg`=" . sql_null($event_welcome_msg));
+ }
+ return sql_query("UPDATE `Settings` SET
+ `event_name`=" . sql_null($event_name) . ",
+ `buildup_start_date`=" . sql_null($buildup_start_date) . ",
+ `event_start_date`=" . sql_null($event_start_date) . ",
+ `event_end_date`=" . sql_null($event_end_date) . ",
+ `teardown_end_date`=" . sql_null($teardown_end_date) . ",
+ `event_welcome_msg`=" . sql_null($event_welcome_msg));
}
?>
diff --git a/includes/mysqli_provider.php b/includes/mysqli_provider.php
index 4a3f2a45..7197b95a 100644
--- a/includes/mysqli_provider.php
+++ b/includes/mysqli_provider.php
@@ -5,7 +5,7 @@
*/
function sql_close() {
global $sql_connection;
-
+
return $sql_connection->close();
}
@@ -21,7 +21,7 @@ function sql_null($value = null) {
*/
function sql_transaction_start() {
global $sql_nested_transaction_level;
-
+
if ($sql_nested_transaction_level ++ == 0)
return sql_query("BEGIN");
else
@@ -33,7 +33,7 @@ function sql_transaction_start() {
*/
function sql_transaction_commit() {
global $sql_nested_transaction_level;
-
+
if (-- $sql_nested_transaction_level == 0)
return sql_query("COMMIT");
else
@@ -45,7 +45,7 @@ function sql_transaction_commit() {
*/
function sql_transaction_rollback() {
global $sql_nested_transaction_level;
-
+
if (-- $sql_nested_transaction_level == 0)
return sql_query("ROLLBACK");
else
@@ -55,17 +55,17 @@ function sql_transaction_rollback() {
/**
* Logs an sql error.
*
- * @param string $message
+ * @param string $message
* @return false
*/
function sql_error($message) {
sql_close();
-
+
$message = trim($message) . "\n";
$message .= debug_string_backtrace() . "\n";
-
+
error_log('mysql_provider error: ' . $message);
-
+
return false;
}
@@ -84,21 +84,21 @@ function sql_error($message) {
*/
function sql_connect($host, $user, $pass, $db) {
global $sql_connection;
-
+
$sql_connection = new mysqli($host, $user, $pass, $db);
if ($sql_connection->connect_errno) {
- error("Unable to connect to MySQL: " . $sql_connection->connect_error);
+ error("Unable to connect to MySQL: " . $sql_connection->connect_error);
return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error);
}
-
+
$result = $sql_connection->query("SET CHARACTER SET utf8;");
if (! $result)
return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error);
-
+
$result = $sql_connection->set_charset('utf8');
if (! $result)
return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error);
-
+
return $sql_connection;
}
@@ -119,12 +119,12 @@ function sql_select_db($db_name) {
/**
* MySQL SELECT query
*
- * @param string $query
+ * @param string $query
* @return Result array or false on error
*/
function sql_select($query) {
global $sql_connection;
-
+
$result = $sql_connection->query($query);
if ($result) {
$data = array();
@@ -138,12 +138,12 @@ function sql_select($query) {
/**
* MySQL execute a query
*
- * @param string $query
+ * @param string $query
* @return mysqli_result boolean resource or false on error
*/
function sql_query($query) {
global $sql_connection;
-
+
$result = $sql_connection->query($query);
if ($result) {
return $result;
@@ -164,7 +164,7 @@ function sql_id() {
/**
* Escape a string for a sql query.
*
- * @param string $query
+ * @param string $query
* @return string
*/
function sql_escape($query) {
@@ -175,7 +175,7 @@ function sql_escape($query) {
/**
* Convert a boolean for mysql-queries.
*
- * @param boolean $boolean
+ * @param boolean $boolean
* @return string
*/
function sql_bool($boolean) {
@@ -185,7 +185,7 @@ function sql_bool($boolean) {
/**
* Count query result lines.
*
- * @param string $query
+ * @param string $query
* @return int Count of result lines
*/
function sql_num_query($query) {
diff --git a/includes/pages/admin_settings.php b/includes/pages/admin_settings.php
index 6a78f97b..ebee1305 100644
--- a/includes/pages/admin_settings.php
+++ b/includes/pages/admin_settings.php
@@ -1,87 +1,94 @@
<?php
+
function admin_settings_title() {
return _("Settings");
}
+
function admin_settings() {
- $settings_source = sql_select("SELECT * FROM `Settings`");
- if (count($settings_source) == 1) {
- $event_name = $settings_source[0]['event_name'];
- $buildup_start_date = $settings_source[0]['buildup_start_date'];
- $event_start_date = $settings_source[0]['event_start_date'];
- $event_end_date = $settings_source[0]['event_end_date'];
- $teardown_end_date = $settings_source[0]['teardown_end_date'];
- $event_welcome_msg = $settings_source[0]['event_welcome_msg'];
+ $event_name = null;
+ $event_welcome_msg = null;
+ $buildup_start_date = null;
+ $event_start_date = null;
+ $event_end_date = null;
+ $teardown_end_date = null;
+
+ $settings_source = Settings();
+ if ($settings_source === false)
+ engelsystem_error('Unable to load settings.');
+ if ($settings_source != null) {
+ $event_name = $settings_source['event_name'];
+ $buildup_start_date = $settings_source['buildup_start_date'];
+ $event_start_date = $settings_source['event_start_date'];
+ $event_end_date = $settings_source['event_end_date'];
+ $teardown_end_date = $settings_source['teardown_end_date'];
+ $event_welcome_msg = $settings_source['event_welcome_msg'];
}
+
if (isset($_REQUEST['submit'])) {
$ok = true;
- if (isset($_REQUEST['event_name']))
- $event_name = strip_request_item('event_name');
- if (isset($_REQUEST['buildup_start_date']) && $_REQUEST['buildup_start_date'] != '') {
- if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))) {
- $buildup_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))->getTimestamp();
- } else {
- $ok = false;
- $msg .= error(_("Please enter buildup start date."), true);
- }
- } else
- $buildup_start_date = null;
- if (isset($_REQUEST['event_start_date']) && $_REQUEST['event_start_date'] != '') {
- if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))) {
- $event_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))->getTimestamp();
- } else {
- $ok = false;
- $msg .= error(_("Please enter event start date."), true);
- }
- } else
- $event_start_date = null;
- if (isset($_REQUEST['event_end_date']) && $_REQUEST['event_end_date'] != '') {
- if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))) {
- $event_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))->getTimestamp();
- } else {
- $ok = false;
- $msg .= error(_("Please enter event end date."), true);
- }
- } else
- $event_end_date = null;
- if (isset($_REQUEST['teardown_end_date']) && $_REQUEST['teardown_end_date'] != '') {
- if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))) {
- $teardown_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))->getTimestamp();
- } else {
- $ok = false;
- $msg .= error(_("Please enter teardown end date."), true);
+
+ if (isset($_REQUEST['event_name']))
+ $event_name = strip_request_item('event_name');
+ if ($event_name == '')
+ $event_name = null;
+
+ if (isset($_REQUEST['event_welcome_msg']))
+ $event_welcome_msg = strip_request_item_nl('event_welcome_msg');
+ if ($event_welcome_msg == '')
+ $event_welcome_msg = null;
+
+ $result = check_request_date('buildup_start_date', _("Please enter buildup start date."), true);
+ $buildup_start_date = $result->getValue();
+ $ok &= $result->isOk();
+
+ $result = check_request_date('event_start_date', _("Please enter event start date."), true);
+ $event_start_date = $result->getValue();
+ $ok &= $result->isOk();
+
+ $result = check_request_date('event_end_date', _("Please enter event end date."), true);
+ $event_end_date = $result->getValue();
+ $ok &= $result->isOk();
+
+ $result = check_request_date('teardown_end_date', _("Please enter teardown end date."), true);
+ $teardown_end_date = $result->getValue();
+ $ok &= $result->isOk();
+
+ if ($ok) {
+ $result = Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
+
+ if ($result === false)
+ engelsystem_error("Unable to update settings.");
+
+ success(_("Settings saved."));
+ redirect(page_link_to('admin_settings'));
}
- } else
- $teardown_end_date = null;
- if (isset($_REQUEST['event_welcome_msg']))
- $event_welcome_msg = strip_request_item('event_welcome_msg');
-}
-if ($ok) {
- if (count($settings_source) == 1)
- Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
- else
- Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
+ }
- success(_("Settings saved."));
- redirect(page_link_to('admin_settings'));
-}
- return page_with_title(admin_settings_title(), array(
- $msg,
+ return page_with_title(admin_settings_title(), [
msg(),
- div('row', array(
- div('col-md-12', array(
- form(array(
- form_info('', _("Here you can change event information.")),
- form_text('event_name', _("Event Name"), $event_name),
- form_date('buildup_start_date', _("Buildup date"), $buildup_start_date, time()),
- form_date('event_start_date', _("Event start date"), $event_start_date, time()),
- form_date('event_end_date', _("Event end date"), $event_end_date, time()),
- form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date, time()),
- form_info('', _("Here you can write your display message for registration:")),
- form_text('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg),
- form_submit('submit', _("Save"))
- ))
- ))
- ))
- ));
+ form([
+ div('row', [
+ div('col-md-6', [
+ form_text('event_name', _("Event Name"), $event_name),
+ form_info('', _("Event Name is shown on the start page.")),
+ form_textarea('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg),
+ form_info('', _("Welcome message is shown after successful registration. You can use markdown."))
+ ]),
+ div('col-md-3', [
+ form_date('buildup_start_date', _("Buildup date"), $buildup_start_date),
+ form_date('event_start_date', _("Event start date"), $event_start_date)
+ ]),
+ div('col-md-3', [
+ form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date),
+ form_date('event_end_date', _("Event end date"), $event_end_date)
+ ])
+ ]),
+ div('row', [
+ div('col-md-6', [
+ form_submit('submit', _("Save"))
+ ])
+ ])
+ ])
+ ]);
}
?>
diff --git a/includes/sys_page.php b/includes/sys_page.php
index 6863c517..67da83c7 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -19,6 +19,46 @@ function raw_output($output) {
}
/**
+ * Checks if given request item (name) can be parsed to a date.
+ * If not parsable, given error message is put into msg() and null is returned.
+ *
+ * @param string $input
+ * String to be parsed into a date.
+ * @param string $error_message
+ * the error message displayed if $input is not parsable
+ * @param boolean $null_allowed
+ * is a null value allowed?
+ * @return ValidationResult containing the parsed date
+ */
+function check_request_date($name, $error_message = null, $null_allowed = false) {
+ if (! isset($_REQUEST[$name]))
+ return new ValidationResult($null_allowed, null);
+ return check_date($_REQUEST[$name], $error_message, $null_allowed);
+}
+
+/**
+ * Checks if given string can be parsed to a date.
+ * If not parsable, given error message is put into msg() and null is returned.
+ *
+ * @param string $input
+ * String to be parsed into a date.
+ * @param string $error_message
+ * the error message displayed if $input is not parsable
+ * @param boolean $null_allowed
+ * is a null value allowed?
+ * @return ValidationResult containing the parsed date
+ */
+function check_date($input, $error_message = null, $null_allowed = false) {
+ if (DateTime::createFromFormat("Y-m-d", trim($input)))
+ return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input)));
+ if ($null_allowed)
+ return new ValidationResult(true, null);
+
+ error($error_message);
+ return new ValidationResult(false, null);
+}
+
+/**
* Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
*/
function strip_request_item($name) {
@@ -57,4 +97,38 @@ function check_email($email) {
return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
}
+class ValidationResult {
+
+ private $ok;
+
+ private $value;
+
+ /**
+ * Constructor.
+ *
+ * @param boolean $ok
+ * Is the value valid?
+ * @param * $value
+ * The validated value
+ */
+ public function ValidationResult($ok, $value) {
+ $this->ok = $ok;
+ $this->value = $value;
+ }
+
+ /**
+ * Is the value valid?
+ */
+ public function isOk() {
+ return $this->ok;
+ }
+
+ /**
+ * The parsed/validated value.
+ */
+ public function getValue() {
+ return $this->value;
+ }
+}
+
?>