From 45bbf95972777e9499996d56a873c2a304815b3f Mon Sep 17 00:00:00 2001 From: msquare Date: Tue, 27 Sep 2016 17:24:18 +0200 Subject: fix settings validation --- includes/model/Settings_model.php | 63 ++++++++-------- includes/mysqli_provider.php | 40 +++++----- includes/pages/admin_settings.php | 155 ++++++++++++++++++++------------------ includes/sys_page.php | 74 ++++++++++++++++++ 4 files changed, 208 insertions(+), 124 deletions(-) (limited to 'includes') diff --git a/includes/model/Settings_model.php b/includes/model/Settings_model.php index 2351e8c7..07e3b677 100644 --- a/includes/model/Settings_model.php +++ b/includes/model/Settings_model.php @@ -1,40 +1,43 @@ 0) + return $settings[0]; + return null; } + /** - * Create Settings. + * Update Settings. * * @param string $event_name - * @param int $buildup_start_date - * @param int $event_start_date - * @param int $event_end_date - * @param int $teardown_end_date - * @param string $event_welcome_msg + * @param int $buildup_start_date + * @param int $event_start_date + * @param int $event_end_date + * @param int $teardown_end_date + * @param string $event_welcome_msg */ -function Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) { - return sql_query("INSERT INTO `Settings` SET - `event_name`='" . sql_escape($event_name) . "', - `buildup_start_date`='" . sql_escape($buildup_start_date) . "', - `event_start_date`='" . sql_escape($event_start_date) . "', - `event_end_date`='" . sql_escape($event_end_date) . "', - `teardown_end_date`='" . sql_escape($teardown_end_date) . "', - `event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'"); +function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) { + if (Settings() == null) { + return sql_query("INSERT INTO `Settings` SET + `event_name`=" . sql_null($event_name) . ", + `buildup_start_date`=" . sql_null($buildup_start_date) . ", + `event_start_date`=" . sql_null($event_start_date) . ", + `event_end_date`=" . sql_null($event_end_date) . ", + `teardown_end_date`=" . sql_null($teardown_end_date) . ", + `event_welcome_msg`=" . sql_null($event_welcome_msg)); + } + return sql_query("UPDATE `Settings` SET + `event_name`=" . sql_null($event_name) . ", + `buildup_start_date`=" . sql_null($buildup_start_date) . ", + `event_start_date`=" . sql_null($event_start_date) . ", + `event_end_date`=" . sql_null($event_end_date) . ", + `teardown_end_date`=" . sql_null($teardown_end_date) . ", + `event_welcome_msg`=" . sql_null($event_welcome_msg)); } ?> diff --git a/includes/mysqli_provider.php b/includes/mysqli_provider.php index 4a3f2a45..7197b95a 100644 --- a/includes/mysqli_provider.php +++ b/includes/mysqli_provider.php @@ -5,7 +5,7 @@ */ function sql_close() { global $sql_connection; - + return $sql_connection->close(); } @@ -21,7 +21,7 @@ function sql_null($value = null) { */ function sql_transaction_start() { global $sql_nested_transaction_level; - + if ($sql_nested_transaction_level ++ == 0) return sql_query("BEGIN"); else @@ -33,7 +33,7 @@ function sql_transaction_start() { */ function sql_transaction_commit() { global $sql_nested_transaction_level; - + if (-- $sql_nested_transaction_level == 0) return sql_query("COMMIT"); else @@ -45,7 +45,7 @@ function sql_transaction_commit() { */ function sql_transaction_rollback() { global $sql_nested_transaction_level; - + if (-- $sql_nested_transaction_level == 0) return sql_query("ROLLBACK"); else @@ -55,17 +55,17 @@ function sql_transaction_rollback() { /** * Logs an sql error. * - * @param string $message + * @param string $message * @return false */ function sql_error($message) { sql_close(); - + $message = trim($message) . "\n"; $message .= debug_string_backtrace() . "\n"; - + error_log('mysql_provider error: ' . $message); - + return false; } @@ -84,21 +84,21 @@ function sql_error($message) { */ function sql_connect($host, $user, $pass, $db) { global $sql_connection; - + $sql_connection = new mysqli($host, $user, $pass, $db); if ($sql_connection->connect_errno) { - error("Unable to connect to MySQL: " . $sql_connection->connect_error); + error("Unable to connect to MySQL: " . $sql_connection->connect_error); return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error); } - + $result = $sql_connection->query("SET CHARACTER SET utf8;"); if (! $result) return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error); - + $result = $sql_connection->set_charset('utf8'); if (! $result) return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error); - + return $sql_connection; } @@ -119,12 +119,12 @@ function sql_select_db($db_name) { /** * MySQL SELECT query * - * @param string $query + * @param string $query * @return Result array or false on error */ function sql_select($query) { global $sql_connection; - + $result = $sql_connection->query($query); if ($result) { $data = array(); @@ -138,12 +138,12 @@ function sql_select($query) { /** * MySQL execute a query * - * @param string $query + * @param string $query * @return mysqli_result boolean resource or false on error */ function sql_query($query) { global $sql_connection; - + $result = $sql_connection->query($query); if ($result) { return $result; @@ -164,7 +164,7 @@ function sql_id() { /** * Escape a string for a sql query. * - * @param string $query + * @param string $query * @return string */ function sql_escape($query) { @@ -175,7 +175,7 @@ function sql_escape($query) { /** * Convert a boolean for mysql-queries. * - * @param boolean $boolean + * @param boolean $boolean * @return string */ function sql_bool($boolean) { @@ -185,7 +185,7 @@ function sql_bool($boolean) { /** * Count query result lines. * - * @param string $query + * @param string $query * @return int Count of result lines */ function sql_num_query($query) { diff --git a/includes/pages/admin_settings.php b/includes/pages/admin_settings.php index 6a78f97b..ebee1305 100644 --- a/includes/pages/admin_settings.php +++ b/includes/pages/admin_settings.php @@ -1,87 +1,94 @@ getTimestamp(); - } else { - $ok = false; - $msg .= error(_("Please enter buildup start date."), true); - } - } else - $buildup_start_date = null; - if (isset($_REQUEST['event_start_date']) && $_REQUEST['event_start_date'] != '') { - if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))) { - $event_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))->getTimestamp(); - } else { - $ok = false; - $msg .= error(_("Please enter event start date."), true); - } - } else - $event_start_date = null; - if (isset($_REQUEST['event_end_date']) && $_REQUEST['event_end_date'] != '') { - if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))) { - $event_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))->getTimestamp(); - } else { - $ok = false; - $msg .= error(_("Please enter event end date."), true); - } - } else - $event_end_date = null; - if (isset($_REQUEST['teardown_end_date']) && $_REQUEST['teardown_end_date'] != '') { - if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))) { - $teardown_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))->getTimestamp(); - } else { - $ok = false; - $msg .= error(_("Please enter teardown end date."), true); + + if (isset($_REQUEST['event_name'])) + $event_name = strip_request_item('event_name'); + if ($event_name == '') + $event_name = null; + + if (isset($_REQUEST['event_welcome_msg'])) + $event_welcome_msg = strip_request_item_nl('event_welcome_msg'); + if ($event_welcome_msg == '') + $event_welcome_msg = null; + + $result = check_request_date('buildup_start_date', _("Please enter buildup start date."), true); + $buildup_start_date = $result->getValue(); + $ok &= $result->isOk(); + + $result = check_request_date('event_start_date', _("Please enter event start date."), true); + $event_start_date = $result->getValue(); + $ok &= $result->isOk(); + + $result = check_request_date('event_end_date', _("Please enter event end date."), true); + $event_end_date = $result->getValue(); + $ok &= $result->isOk(); + + $result = check_request_date('teardown_end_date', _("Please enter teardown end date."), true); + $teardown_end_date = $result->getValue(); + $ok &= $result->isOk(); + + if ($ok) { + $result = Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg); + + if ($result === false) + engelsystem_error("Unable to update settings."); + + success(_("Settings saved.")); + redirect(page_link_to('admin_settings')); } - } else - $teardown_end_date = null; - if (isset($_REQUEST['event_welcome_msg'])) - $event_welcome_msg = strip_request_item('event_welcome_msg'); -} -if ($ok) { - if (count($settings_source) == 1) - Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg); - else - Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg); + } - success(_("Settings saved.")); - redirect(page_link_to('admin_settings')); -} - return page_with_title(admin_settings_title(), array( - $msg, + return page_with_title(admin_settings_title(), [ msg(), - div('row', array( - div('col-md-12', array( - form(array( - form_info('', _("Here you can change event information.")), - form_text('event_name', _("Event Name"), $event_name), - form_date('buildup_start_date', _("Buildup date"), $buildup_start_date, time()), - form_date('event_start_date', _("Event start date"), $event_start_date, time()), - form_date('event_end_date', _("Event end date"), $event_end_date, time()), - form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date, time()), - form_info('', _("Here you can write your display message for registration:")), - form_text('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg), - form_submit('submit', _("Save")) - )) - )) - )) - )); + form([ + div('row', [ + div('col-md-6', [ + form_text('event_name', _("Event Name"), $event_name), + form_info('', _("Event Name is shown on the start page.")), + form_textarea('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg), + form_info('', _("Welcome message is shown after successful registration. You can use markdown.")) + ]), + div('col-md-3', [ + form_date('buildup_start_date', _("Buildup date"), $buildup_start_date), + form_date('event_start_date', _("Event start date"), $event_start_date) + ]), + div('col-md-3', [ + form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date), + form_date('event_end_date', _("Event end date"), $event_end_date) + ]) + ]), + div('row', [ + div('col-md-6', [ + form_submit('submit', _("Save")) + ]) + ]) + ]) + ]); } ?> diff --git a/includes/sys_page.php b/includes/sys_page.php index 6863c517..67da83c7 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -18,6 +18,46 @@ function raw_output($output) { die(); } +/** + * Checks if given request item (name) can be parsed to a date. + * If not parsable, given error message is put into msg() and null is returned. + * + * @param string $input + * String to be parsed into a date. + * @param string $error_message + * the error message displayed if $input is not parsable + * @param boolean $null_allowed + * is a null value allowed? + * @return ValidationResult containing the parsed date + */ +function check_request_date($name, $error_message = null, $null_allowed = false) { + if (! isset($_REQUEST[$name])) + return new ValidationResult($null_allowed, null); + return check_date($_REQUEST[$name], $error_message, $null_allowed); +} + +/** + * Checks if given string can be parsed to a date. + * If not parsable, given error message is put into msg() and null is returned. + * + * @param string $input + * String to be parsed into a date. + * @param string $error_message + * the error message displayed if $input is not parsable + * @param boolean $null_allowed + * is a null value allowed? + * @return ValidationResult containing the parsed date + */ +function check_date($input, $error_message = null, $null_allowed = false) { + if (DateTime::createFromFormat("Y-m-d", trim($input))) + return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input))); + if ($null_allowed) + return new ValidationResult(true, null); + + error($error_message); + return new ValidationResult(false, null); +} + /** * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück */ @@ -57,4 +97,38 @@ function check_email($email) { return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); } +class ValidationResult { + + private $ok; + + private $value; + + /** + * Constructor. + * + * @param boolean $ok + * Is the value valid? + * @param * $value + * The validated value + */ + public function ValidationResult($ok, $value) { + $this->ok = $ok; + $this->value = $value; + } + + /** + * Is the value valid? + */ + public function isOk() { + return $this->ok; + } + + /** + * The parsed/validated value. + */ + public function getValue() { + return $this->value; + } +} + ?> -- cgit v1.2.3-70-g09d2