Context Navigation

fields.php

Revision 704, 37.2 KB (checked in by brieb, 2 years ago)
Fixed several SQL injection vulnerabilities Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI Fixed severa path disclosure errors
Property svn:keywords set to `LastChangedBy LastChangedDate LastChangedRevision`

Line
1	<?php
2	/*
3	$Rev$ \| $LastChangedBy$
4	$LastChangedDate$
5	+-------------------------------------------------------------------------+
6	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
7	\| All rights reserved. \|
8	+-------------------------------------------------------------------------+
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions are \|
12	\| met: \|
13	\| \|
14	\| - Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| \|
17	\| - Redistributions in binary form must reproduce the above copyright \|
18	\| notice, this list of conditions and the following disclaimer in the \|
19	\| documentation and/or other materials provided with the distribution. \|
20	\| \|
21	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
22	\| be used to endorse or promote products derived from this software \|
23	\| without specific prior written permission. \|
24	\| \|
25	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
26	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
27	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
28	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
29	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
30	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
31	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
32	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
33	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
34	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
35	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
36	\| \|
37	+-------------------------------------------------------------------------+
38	*/
39
40
41	// phpBMS form handles the creation and display of most forms n phpBMS
42	// it is a necessity in order to correctly implement any of the special
43	// input fields ad verification
44	class phpbmsForm{
45
46	var $jsIncludes = array("common/javascript/fields.js");
47	var $topJS = array(
48	"requiredArray= new Array();",
49	"integerArray= new Array();",
50	"phoneArray= new Array();",
51	"emailArray= new Array();",
52	"wwwArray= new Array();",
53	"realArray= new Array();",
54	"dateArray= new Array();",
55	"timeArray= new Array();",
56	"onchangeArray = new Array();"
57	);
58
59	var $bottomJS = array();
60
61	var $fields = array();
62
63	var $onload = array();
64
65	function phpbmsForm($action = NULL, $method="post", $name="record", $onsubmit="return validateForm(this);", $dontSubmit = true){
66
67	if ($action == NULL)
68	$action = $_SERVER["REQUEST_URI"];
69
70	$this->action= $action;
71	$this->method = $method;
72	$this->name = $name;
73	$this->onsubmit = $onsubmit;
74
75	$this->dontSubmit = $dontSubmit;
76
77	}//end function init (phpbmsForm)
78
79
80	//creates the form tag, displays the top save and cancel buttons
81	// and include the page title
82	function startForm($pageTitle){
83
84	?><form action="<?php echo htmlentities($this->action) ?>" method="<?php echo $this->method?>" name="<?php echo $this->name?>" <?php
85	if($this->onsubmit !== NULL) { ?>onsubmit="<?php echo $this->onsubmit?>" <?php }
86	if(isset($this->enctype)) echo ' enctype="'.$this->enctype.'" ';
87	if(isset($this->id)) echo ' id="'.$this->id.'" ';
88	?>><?php
89	if($this->dontSubmit){
90	?><div id="dontSubmit"><input type="submit" value=" " onclick="return false;" /></div><?php
91	} ?>
92	<div id="topButtons"><?php showSaveCancel(1); ?></div>
93	<h1 id="h1Title"><span><?php echo $pageTitle ?></span></h1><?php
94
95	}//end function startFrom
96
97
98	// Displays the bottom record details that are present on almost all phpBMS
99	// records. These are non-modifiable
100	function showGeneralInfo($phpbms, $therecord){
101	?>
102	<div id="createmodifiedby" >
103	<table>
104	<tbody>
105	<tr class="topRows">
106	<td class="cmTitles">
107	<input name="createdby" type="hidden" value="<?php $therecord["createdby"] ?>" />
108	<input name="creationdate" type="hidden" value="<?php echo formatFromSQLDatetime($therecord["creationdate"]) ?>"/>
109	created
110	</td>
111	<td><?php echo htmlQuotes($phpbms->getUserName($therecord["createdby"]))?></td>
112	<td><?php echo formatFromSQLDatetime($therecord["creationdate"]) ?></td>
113	<td id="cmButtonContainer" rowspan="3">
114	<?php showSaveCancel(2)?>
115	</td>
116	</tr>
117	<tr class="topRows">
118	<td class="cmTitles">
119	<input name="modifiedby" type="hidden" value="<?php $therecord["modifiedby"] ?>" />
120	<input id="cancelclick" name="cancelclick" type="hidden" value="0" />
121	<input name="modifieddate" type="hidden" value="<?php echo formatFromSQLDatetime($therecord["modifieddate"]) ?>"/>
122	modified
123	</td>
124	<td><?php echo htmlQuotes($phpbms->getUserName($therecord["modifiedby"]))?></td>
125	<td><?php echo formatFromSQLDatetime($therecord["modifieddate"]) ?></td>
126	</tr>
127	<tr>
128	<td class="cmTitles">
129	uuid / id
130	<input name="uuid" id="uuid" type="hidden" value="<?php if(isset($therecord["uuid"])) echo $therecord["uuid"] ?>" />
131	<input id="id" name="id" type="hidden" value="<?php echo $therecord["id"]?>" />
132	</td>
133	<td colspan="2" id="cmIds"><span><?php echo isset($therecord["uuid"])?$therecord["uuid"]:' ' ?></span><span id="cmId"><?php echo $therecord["id"] ?></span></td>
134	</tr>
135	</tbody>
136	</table>
137	</div>
138	<?php
139	}//end function showGeneralInfo
140
141
142	//placeholder end form function for consistency (helps editors with HTML
143	// validation)
144	function endForm(){
145
146	?></form><?php
147
148	}//end function endForm
149
150
151	//adds a phpBMS input field to the form
152	function addField($inputObject){
153
154	if(is_object($inputObject))
155	$this->fields[$inputObject->id] = $inputObject;
156
157	}//end function addField
158
159
160	//given a field's unique name (to the form object)
161	//output the HTML used to display the field
162	function showField($fieldname){
163
164	//check to see if the form element even exists
165	if(isset($this->fields[$fieldname])){
166
167	//check to see if the field is a valid boject
168	if(is_object($this->fields[$fieldname])){
169
170	//check to see if it has a display method
171	if(method_exists($this->fields[$fieldname],"display"))
172	$this->fields[$fieldname]->display();
173	else
174	echo "Error in form construction (wrong object): ".$fieldname;
175
176	} else
177	echo "Error in form construction: ".$fieldname;
178
179	}else
180	echo "Field Not Defined: ".$fieldname;
181
182	}//end function showField
183
184
185	// merges includes, top, bottom and onload javascripts that may have been
186	// generateed for individual fiels, with the corresponding main phpbms
187	// javascript sections.
188	//
189	// top and bottom are depreciated. Everything should eventually go through
190	// either an include javascript file, or an onload (document) event
191	function jsMerge(){
192
193	global $phpbms;
194
195	$phpbms->jsIncludes = array_merge($phpbms->jsIncludes,$this->jsIncludes);
196	$phpbms->topJS = array_merge($this->topJS,$phpbms->topJS);
197	$phpbms->bottomJS = array_merge($this->bottomJS,$phpbms->bottomJS);
198	$phpbms->onload = array_merge($this->onload,$phpbms->onload);
199
200	//next we go through the list of fields
201	foreach($this->fields as $field){
202
203	$toAdd = $field->getJSMods();
204
205	// only add an include if it is not already in the list
206	// of includes. Don't want to redefine stuff in Javascript
207	foreach($toAdd["jsIncludes"] as $jsinclude)
208	if(!in_array($jsinclude,$phpbms->jsIncludes))
209	$phpbms->jsIncludes[] = $jsinclude;
210
211	$phpbms->topJS = array_merge($phpbms->topJS,$toAdd["topJS"]);
212	$phpbms->bottomJS = array_merge($phpbms->bottomJS,$toAdd["bottomJS"]);
213	$phpbms->onload = array_merge($phpbms->onload,$toAdd["onload"]);
214
215	}//endforeach
216
217	}//end method - jsMerge
218
219	// defines and adds fields specified by administratively set custom fields
220	// the table's object should provide the queryresult that has all defined
221	// custom field information. Make sure not to forget the record information
222	function prepCustomFields($db, $queryresult, $therecord){
223
224	while ($fieldInfo = $db->fetchArray($queryresult)){
225
226	$id = $fieldInfo["field"];
227	$name = $fieldInfo["name"];
228	$required = ((bool) $fieldInfo["required"]);
229	$format = ($fieldInfo["format"]) ? $fieldInfo["format"] : null;
230	$size = "40";
231	$value = (isset($therecord[$id])) ? $therecord[$id] : "";
232
233	//need to handle roleid
234	$disabled = !(hasRights($fieldInfo["roleid"]));
235
236	//different custom fields (based on number) have different types
237	switch(substr($id, 6)){
238
239	case 1:
240	case 2:
241	if($value === "")
242	$value = 0;
243
244	if($format == "currency")
245	$theinput = new inputCurrency($id, $value, $name, $required);
246	else
247	$theinput = new inputField($id, $value, $name, $required, $format, 8, 128);
248
249	$generator = true;
250
251	if($disabled) {
252
253	$theinput->setAttribute("readonly","readonly");
254	$theinput->setAttribute("class","uneditable");
255	$generator = false;
256
257	}//endif
258	break;
259
260	case 3:
261	case 4:
262	if($disabled){
263
264	$theinput = new inputField($id, $value, $name, $required, null, 10, 15);
265	$theinput->setAttribute("readonly","readonly");
266	$theinput->setAttribute("class","uneditable");
267	$generator = false;
268
269	} else {
270
271	if($format == "date")
272	$theinput = new inputDatePicker($id, $value, $name, $required);
273	else{
274
275	$value = explode(" ", $value);
276	$value = (count($value) > 1) ? $value[1] : "";
277	$theinput = new inputTimePicker($id, $value, $name, $required);
278
279	}//endif
280
281	$generator = true;
282
283	}//endif
284
285	break;
286
287	case 5:
288	case 6:
289	if($format == "list" && !$disabled){
290
291	$theinput = new inputChoiceList($db, $id, $value, $id."-".$fieldInfo["tabledefid"], $name);
292	$generator = false;
293
294	} else {
295
296	$theinput = new inputField($id, $value, $name, $required, $format, 40, 254);
297	$generator = true;
298
299	}//endif
300
301	if($disabled){
302
303	$theinput->setAttribute("readonly","readonly");
304	$theinput->setAttribute("class","uneditable");
305	$generator = false;
306
307	}//endif
308	break;
309
310	case 7:
311	case 8:
312	$generator = false;
313	$theinput = new inputCheckbox($id, $value, $name, $disabled);
314	break;
315
316	}//endswitch
317
318	//need to handle creation of onload js for generator, but only if type
319	// not = checkbox or list.
320	if($generator && $fieldInfo["generator"])
321	$this->onload[] = "var ".$id."Button = getObjectFromID('".$id."Button'); connect(".$id."Button, 'onclick', function(){var ".$id." = getObjectFromID('".$id."');".$id.".value = ".$fieldInfo["generator"]."})";
322
323	$this->addField($theinput);
324
325	}//endwile
326
327	//rewind the queryresult pointer (if not false)
328	if($queryresult)
329	$db->seek($queryresult, 0);
330
331	}//end function prepCustomFields
332
333
334	//show (HTML) the custom fields
335	//in their own fieldset
336	function showCustomFields($db, $queryresult){
337
338	if(!$queryresult)
339	return false;
340
341	if($db->numRows($queryresult)){
342
343	?><fieldset id="customFields">
344	<legend>Additional Information</legend>
345	<?php
346
347	while ($fieldInfo = $db->fetchArray($queryresult)){
348
349	?><p><?php $this->showField($fieldInfo["field"]) ?>
350	<?php
351	//if the field has a gnerator javascript, let's add the button
352	if($fieldInfo["generator"] && hasRights($fieldInfo["roleid"]) && $fieldInfo["format"] != "list"){
353
354	?><button class="Buttons" type="button" id="<?php echo $fieldInfo["field"]?>Button">generate</button><?php
355
356	}//endif
357	?>
358	</p><?php
359
360	}//endwhile
361
362	?>
363	</fieldset>
364	<?php
365
366	}//endif
367
368	return true;
369
370	}//end function showCustomFields
371
372	}//end class phpbmsForm
373
374
375
376	class inputField{
377	/*
378	id = id/name of input
379
380	value = Value of input
381	displayName = Name to displayed in label, and on default messages when not overriden
382	required = true/false wether the field is validated by javascript before submitting for blank values
383	type = Type of field (integer, phone, email, wwww, real, date) to validate against
384
385	size = size of the input
386	maxlength max length of the input
387
388	displayLabel (boolean default = true) use this if you want the object to display a label tag above the input
389	when displaying
390
391	==overridable variables==
392
393	message = message displayed if not validated
394	name = if your input needs a name different from the id
395
396	== variable setting methods ==
397
398	setAttribute($name,$values)
399
400	Use this method to set an additional HTML property for the input
401	e.g. setAttribute("onclick","someJavascriptFunction()")
402
403	== methods ==
404	getJSMods()
405
406	Typically this get called from the form container object, but
407	you can use it to get an array of all the Javascript this input affects (include, top JS, and bottom JS)
408
409	display()
410
411	Use this method to display the input in your page.
412	*/
413
414	var $id;
415	var $name;
416	var $value;
417
418	var $displayName ="";
419	var $message = "";
420	var $displayLabel = true;
421
422	var $_attributes = array();
423
424	var $required = false;
425	var $type = NULL;
426
427	var $jsIncludes = array();
428
429	function inputField($id, $value, $displayName = NULL ,$required = false, $type = NULL, $size = 32, $maxlength = 128, $displayLabel = true){
430	$this->id = $id;
431	$this->name = $id;
432	if($displayName == "")
433	$this->displayName = $id;
434	else
435	$this->displayName = $displayName;
436
437	if($size)
438	$this->_attributes["size"] = $size;
439	if($maxlength)
440	$this->_attributes["maxlength"] = $maxlength;
441
442	$this->displayLabel = $displayLabel;
443
444	$this->value = $value;
445
446	$this->required = $required;
447	$this->type = $type;
448	}
449
450
451	function setAttribute($name,$value){
452	$this->_attributes[strtolower($name)] = $value;
453	}
454
455
456	function getJSMods(){
457	$thereturn = array("jsIncludes" => array(), "topJS" => array(), "bottomJS" => array(), "onload" => array());
458
459	foreach($this->jsIncludes as $theinclude)
460	$thereturn["jsIncludes"][] = $theinclude;
461
462	if($this->required){
463	$message = $this->message;
464	if($message == "")
465	$message = $this->displayName." cannot be blank.";
466	$thereturn["topJS"][] = "requiredArray[requiredArray.length]=new Array(\"".$this->name."\",\"".$message."\");";
467	}
468
469	if($this->type){
470	$message = $this->message;
471	if($message == ""){
472	switch($this->type){
473	case "integer":
474	$message = $this->displayName." must be a valid whole number.";
475	break;
476	case "real":
477	$message = $this->displayName." must be a valid number.";
478	break;
479	case "phone":
480	$message = $this->displayName." must be a valid phone number.";
481	break;
482	case "www":
483	$message = $this->displayName." must be a valid web address.";
484	break;
485	case "email":
486	$message = $this->displayName." must be a valid email address.";
487	break;
488	case "date":
489	$message = $this->displayName." must be a valid date.";
490	break;
491	case "time":
492	$message = $this->displayName." must be a valid time.";
493	break;
494	}
495	}//end if
496	$thereturn["topJS"][] = $this->type."Array[".$this->type."Array.length]=new Array(\"".$this->name."\",\"".$message."\");";
497	}
498
499	return $thereturn;
500	}//end if
501
502
503	function displayAttributes(){
504	foreach($this->_attributes as $key => $value)
505	echo " ".$key."=\"".$value."\"";
506	}
507
508
509	function showLabel(){
510	?><label for="<?php echo $this->id?>" <?php
511	if(isset($this->_attributes["class"]))
512	if(strpos($this->_attributes["class"],"important") !== false)
513	echo 'class="important"';
514	?>><?php echo $this->displayName?></label><br /><?php
515	}
516
517
518	function display(){
519
520	if($this->displayLabel)
521	$this->showLabel();
522
523	?><input type="text" id="<?php echo $this->id?>" name="<?php echo $this->name?>" <?php
524	if($this->value !== "")
525	echo " value=\"".htmlQuotes($this->value)."\"";
526	$this->displayAttributes();
527	?> /><?php
528
529	switch($this->type){
530	case "email":
531	?><button id="<?php echo $this->id?>Button" type="button" class="graphicButtons buttonEmail" onclick="openEmail('<?php echo $this->id?>')" title="Send E-Mail"><span>send e-mail</span></button><?php
532	break;
533
534	case "www":
535	?><button id="<?php echo $this->id?>Button" type="button" class="graphicButtons buttonWWW" onclick="openWebpage('<?php echo $this->id?>')" title="Visit site in new window"><span>visit site</span></button><?php
536	break;
537	}
538
539	}//end method
540	}//end class
541
542
543
544	//============================================================================================
545	class inputCheckbox extends inputField{
546	/*
547	value = Whether the check box is checked
548	disabled = Whether the check box is checkable
549	*/
550	function inputCheckbox($id,$value = false, $displayName = NULL, $disabled = false, $displayLabel = true){
551
552	parent::inputField($id, $value, $displayName, false, NULL, NULL, NULL, $displayLabel);
553
554	if($disabled)
555	$this->_attributes["disabled"] = "disabled";
556	}//end method
557
558	function showLabel(){
559	$classText="";
560	if(isset($this->_attributes["class"]))
561	if(strpos($this->_attributes["class"],"important") !== false)
562	$classText="important";
563	if(isset($this->_attributes["disabled"])){
564	if($classText!="")
565	$classText.=" ";
566	$classText.="disabledtext";
567	}
568	if($classText!="")
569	$classText = ' class="'.$classText.'"';
570
571	?><label id="<?php echo $this->id?>Label" for="<?php echo $this->id?>" <?php echo $classText?>><?php echo $this->displayName?></label><?php
572	}
573
574
575	function display(){
576	?><input type="checkbox" id="<?php echo $this->id?>" name="<?php echo $this->name?>" value="1" class="radiochecks" <?php
577	if($this->value) echo "checked=\"checked\" ";
578	$this->displayAttributes();
579	?> /> <?php
580
581	if($this->displayLabel)
582	$this->showLabel();
583	}
584	}//end class
585
586
587	//============================================================================================
588	class inputBasicList extends inputField{
589	/*
590	list = associative array of key (display), => value (value) for the option tags
591	*/
592	function inputBasicList ($id,$value = "",$list = array(), $displayName = NULL, $displayLabel = true){
593	parent::inputField($id, $value, $displayName, false, NULL, NULL, NULL, $displayLabel);
594
595	$this->thelist = $list;
596	}
597
598	function display(){
599
600	if($this->displayLabel)
601	$this->showLabel();
602
603	?><select name="<?php echo $this->name?>" id="<?php echo $this->id?>" <?php
604	$this->displayAttributes();
605	?> > <?php
606	foreach($this->thelist as $key => $value){
607
608	?><option value="<?php echo htmlQuotes($value)?>" <?php if ($value == $this->value) echo " selected=\"selected\" "?> ><?php echo $key?></option><?php echo "\n";
609
610	}//end for
611	?></select>
612	<?php
613	}
614	}
615
616
617	//============================================================================================
618	class inputDataTableList extends inputField{
619	/*
620	table = SQL table clause to pull from
621	valuefield = SQL column clasue to use for the value
622	displayfield SQL column clause to use for display
623
624	whereclause = SQL WHERE clause (minus the WHERE)
625	orderclasue = SQL ORDER BY clause (minus the ORDER BY)
626	hasblank = boolean, whether <none> (0) can be an option
627	*/
628
629	function inputDataTableList($db, $id, $value, $table, $valuefield, $displayfield,
630	$whereclause = "", $orderclause = "", $hasblank = true, $displayName=NULL, $displayLabel = true, $blankValue = 0){
631
632	parent::inputField($id, $value, $displayName, false, NULL, NULL, NULL, $displayLabel);
633
634	$this->hasblank = $hasblank;
635	$this->db = $db;
636	$this->blankValue = $blankValue;
637
638	$querystatement = "SELECT (".$valuefield.") AS thevalue, (".$displayfield.") as thedisplay FROM (".$table.")";
639	if($whereclause)
640	$querystatement.=" WHERE ".$whereclause;
641	if($orderclause)
642	$querystatement.=" ORDER BY ".$orderclause;
643
644	$this->queryresult=$this->db->query($querystatement);
645
646	}//end method
647
648	function display(){
649
650	if($this->displayLabel)
651	$this->showLabel();
652
653	?><select name="<?php echo $this->name?>" id="<?php echo $this->id?>" <?php
654	$this->displayAttributes();
655	?> ><?php
656	if($this->hasblank){
657	?><option value="<?php echo($this->blankValue); ?>" <?php
658	if ($this->value==0 \|\| $this->value==""){
659	echo " selected=\"selected\" ";
660	}//end if --value--
661	?>><none></option><?php
662	}//end if --hasblank--
663
664	while($therecord=$this->db->fetchArray($this->queryresult)){
665	?><option value="<?php echo htmlQuotes($therecord["thevalue"])?>" <?php if ($therecord["thevalue"]==$this->value) echo " selected=\"selected\" "?> ><?php echo htmlQuotes($therecord["thedisplay"])?></option>
666	<?php
667	}
668	?></select>
669	<?php
670
671	}
672	}//end class
673
674
675	//============================================================================================
676	class inputChoiceList extends inputField{
677	/*
678	listname = name of database list to retrieve
679	blankvalue = What to display for a blank value.
680	*/
681	function inputChoiceList($db, $id, $value, $listname, $displayName="", $blankvalue="none", $displayLabel = true){
682	parent::inputField($id, $value, $displayName, false, NULL, NULL, NULL, $displayLabel);
683
684	$this->db = $db;
685	$this->listname = $listname;
686	$this->blankvalue = $blankvalue;
687
688	$querystatement="SELECT thevalue FROM choices WHERE listname=\"".$this->listname."\" ORDER BY thevalue;";
689	$this->queryresult = $this->db->query($querystatement);
690
691	$this->jsIncludes[] = "common/javascript/choicelist.js";
692
693	}//end method
694
695	function display(){
696
697	if($this->displayLabel)
698	$this->showLabel();
699	?><select name="<?php echo $this->name?>" id="<?php echo $this->id?>" <?php
700	$this->displayAttributes();
701	?> onchange="changeChoiceList(this,'<?php echo APP_PATH?>','<?php echo $this->listname?>','<?php echo $this->blankvalue?>');" onfocus="setInitialML(this)">
702	<?php
703	$inlist=false;
704	while($therecord = $this->db->fetchArray($this->queryresult)){
705
706	$display=$therecord["thevalue"];
707	$theclass="";
708	$selected="";
709	if($therecord["thevalue"]==""){
710	$display="<".$this->blankvalue.">";
711	$theclass=" class=\"choiceListBlank\" ";
712	}
713	if($therecord["thevalue"]==$this->value){
714	$selected=" selected=\"selected\"";
715	$inlist=true;
716	}
717	if($this->value=="" and $therecord["thevalue"])
718	?><option value="<?php echo $therecord["thevalue"]?>" <?php echo $theclass?> <?php echo $selected?>><?php echo $display?></option><?php
719	}//end while
720	if(!$inlist){
721	if ($this->value==""){
722	$display="<".$this->blankvalue.">";
723	$theclass=" class=\"choiceListBlank\" ";
724	}
725	else{
726	$display=$this->value;
727	$theclass="";
728	}
729	?><option value="<?php echo $this->value?>" <?php echo $theclass?> selected="selected"><?php echo $display?></option><?php
730	}//end if
731	?>
732	<option value="mL" class="choiceListModify">modify list...</option></select><?php
733
734	}
735
736	}//end class
737
738
739	//============================================================================================
740	class inputCurrency extends inputField{
741
742	function inputCurrency($id, $value, $displayName = NULL ,$required = false, $size = 10, $maxlength = 12, $displayLabel = true){
743
744	$type = NULL;
745	parent::inputField($id, $value, $displayName,$required, $type, $size, $maxlength, $displayLabel);
746	}
747
748
749	function display(){
750
751	if($this->displayLabel)
752	$this->showLabel();
753
754	if(!is_numeric($this->value)) $this->value = 0;
755	$this->value = htmlQuotes(numberToCurrency($this->value));
756
757	if(!isset($this->_attributes["onchange"])) $this->_attributes["onchange"] = "";
758	$this->_attributes["onchange"] = "validateCurrency(this);".$this->_attributes["onchange"];
759
760	if(!isset($this->_attributes["class"]))
761	$this->_attributes["class"] = "";
762	else
763	$this->_attributes["class"] = " ".$this->_attributes["class"];
764
765	$this->_attributes["class"] = "currency".$this->_attributes["class"];
766
767
768	?><input name="<?php echo $this->name?>" id="<?php echo $this->id?>" type="text" value="<?php echo $this->value?>" <?php
769	$this->displayAttributes();
770	?>/><?php
771
772	}//end method
773
774	}//end class
775
776
777	//============================================================================================
778	class inputTextarea extends inputField{
779
780	function inputTextarea($id, $value, $displayName = NULL ,$required = false, $rows = 5, $cols= 48, $displayLabel = true){
781	parent::inputField($id, $value, $displayName, $required, NULL, NULL, NULL, $displayLabel);
782
783	unset($this->_attributes["size"]);
784	unset($this->_attributes["maxlength"]);
785
786	$this->_attributes["rows"] = $rows;
787	$this->_attributes["cols"] = $cols;
788
789	}
790
791
792	function display(){
793
794	if($this->displayLabel)
795	$this->showLabel();
796
797	?><textarea id="<?php echo $this->id?>" name="<?php echo $this->name?>" <?php
798	$this->displayAttributes();
799	?>><?php echo htmlQuotes($this->value)?></textarea><?php
800
801	}//end method
802
803	}//end class
804
805
806	//============================================================================================
807	class inputPercentage extends inputField{
808	/*
809	precision = decimal points of accuracy to display
810	*/
811	function inputPercentage($id, $value, $displayName = NULL , $precision = 1, $required = false, $size = 9, $maxlength = 10, $displayLabel = true){
812
813	$this->precision = (int) $precision;
814
815	$type = NULL;
816	parent::inputField($id, $value, $displayName,$required, $type, $size, $maxlength, $displayLabel);
817	}
818
819
820
821	function display() {
822
823	if($this->displayLabel)
824	$this->showLabel();
825
826	if(is_numeric($this->value)) $this->value = $this->value."%";
827
828	if(!isset($this->_attributes["onchange"])) $this->_attributes["onchange"] = "";
829	$this->_attributes["onchange"] = "validatePercentage(this,".$this->precision.");".$this->_attributes["onchange"];
830
831	?><input name="<?php echo $this->name?>" id="<?php echo $this->id?>" type="text" value="<?php echo $this->value?>" <?php
832	$this->displayAttributes();
833	?> style="text-align:right;"/><?php
834
835	}//end methdo
836
837	}//end class
838
839
840	//============================================================================================
841	class inputDatePicker extends inputField{
842
843	function inputDatePicker($id, $value, $displayName = NULL ,$required = false, $size = 10, $maxlength = 15, $displayLabel = true){
844	$type = "date";
845
846	parent::inputField($id, $value, $displayName,$required, $type, $size, $maxlength, $displayLabel);
847
848	$this->jsIncludes[] = "common/javascript/datepicker.js";
849	}
850
851	function display(){
852
853	if($this->displayLabel)
854	$this->showLabel();
855
856	$value = formatFromSQLDate($this->value);
857
858	if(!isset($this->_attributes["onchange"])) $this->_attributes["onchange"] = "";
859	$this->_attributes["onchange"] = "formatDateField(this);".$this->_attributes["onchange"];
860
861	?><input name="<?php echo $this->name?>" id="<?php echo $this->id?>" type="text" value="<?php echo $value?>" <?php
862	$this->displayAttributes();
863	?>/><button id="<?php echo $this->id?>Button" type="button" class="graphicButtons buttonDate" onclick="showDP('<?php echo APP_PATH?>','<?php echo $this->id?>');"><span>pick date</span></button><?php
864
865	}//end method
866
867	}//end class
868
869
870	//============================================================================================
871	class inputTimePicker extends inputField{
872
873	function inputTimePicker($id, $value, $displayName = NULL ,$required = false, $size = 10, $maxlength = 15, $displayLabel = true){
874	$type = "time";
875
876	parent::inputField($id, $value, $displayName,$required, $type, $size, $maxlength, $displayLabel);
877
878	$this->jsIncludes[] = "common/javascript/timepicker.js";
879	}
880
881	function display(){
882
883	if($this->displayLabel)
884	$this->showLabel();
885
886	$value = formatFromSQLTime($this->value);
887
888	?><input name="<?php echo $this->name?>" id="<?php echo $this->id?>" type="text" value="<?php echo $value?>" <?php
889	$this->displayAttributes();
890	?>/><button id="<?php echo $this->id?>Button" type="button" class="graphicButtons buttonTime" onclick="showTP('<?php echo APP_PATH?>','<?php echo $this->id?>');"><span>pick time</span></button><?php
891
892	}//end method
893
894	}//end class
895
896
897	//============================================================================================
898	class inputRolesList extends inputField{
899
900	function inputRolesList($db,$id,$selected,$displayName = NULL, $required = false, $displayLabel = true){
901
902	parent::inputField($id, $selected, $displayName, $required, NULL, NULL, NULL, $displayLabel);
903
904	$this->db = $db;
905
906	$querystatement = "
907	SELECT
908	name,
909	uuid
910	FROM
911	roles
912	WHERE
913	inactive = 0";
914
915	$this->queryresult = $this->db->query($querystatement);
916
917	}//end function init
918
919
920	function display(){
921
922	if($this->displayLabel)
923	$this->showLabel();
924
925	?>
926	<select id="<?php echo $this->id?>" name="<?php echo $this->name?>" <?php $this->displayAttributes();?>>
927	<option value="" <?php if($this->value == "") echo 'selected="selected"' ?>>EVERYONE</option>
928	<?php
929	while($therecord = $this->db->fetchArray($this->queryresult)){ ?>
930	<option value="<?php echo $therecord["uuid"]?>" <?php if($this->value == $therecord["uuid"]) echo 'selected="selected"'?>><?php echo formatVariable($therecord["name"])?></option>
931	<?php }//endwhile ?>
932	<option value="Admin" <?php if($this->value == "Admin") echo 'selected="selected"'?>>Administrators</option>
933	</select>
934	<?php
935
936	}//end function display
937
938	}//end class inputRolesList
939
940
941	class inputSmartSearch extends inputField{
942
943	/*
944	*db = (dbObj) Database Object
945	*id = (string) name of hidden field to be created
946	*searchName = (string) unique name of a stored search
947	initialvalue = (var) initial value for field (blank)
948	displayName = (string) Name to display (uses id by default)
949	displayName = (string) Name to display (uses id by default)
950	size = (int) size attribute for displayed input tag (32)
951	maxlength = (int) max length attribute for displayed input tag (255)
952	displayLabel (boolean) Show label tag with displayName (true)
953
954	The JS used by this field type requires that the field NOT be implemented inside a p tag,
955	inline element, or any tag that should not contain a div tag. In IE, if the field placed
956	inside an element that should not be able to handle a DIV tag inside it (standards-wise),
957	IE will report a Javascript error.
958	*/
959	function inputSmartSearch($db, $id, $searchName, $initialvalue = "", $displayName = NULL, $required=false,
960	$size = 32, $maxlength = 255, $displayLabel = true, $allowFreeForm = false) {
961	$this->db = $db;
962
963	parent::inputField($id, $initialvalue, $displayName,$required, NULL, $size, $maxlength, $displayLabel);
964
965	$this->searchName = $searchName;
966	$this->allowFreeForm = $allowFreeForm;
967
968
969	//next I need to initialize and do the correct search
970	$this->searchInfo = $this->getSearchInfo($searchName);
971
972	$this->displayValue = $this->getInitialDisplay();
973
974	}//end method - init
975
976
977	function getSearchInfo($searchInfo){
978
979	$querystatement = "
980	SELECT
981	*
982	FROM
983	smartsearches
984	WHERE
985	name = '".mysql_real_escape_string($searchInfo)."'
986	";
987
988	return $this->db->fetchArray($this->db->query($querystatement));
989
990	}//end method getInfo
991
992	function getInitialDisplay(){
993
994	$querystatement = "
995	SELECT
996	".$this->searchInfo["displayfield"]." AS display
997	FROM
998	".$this->searchInfo["fromclause"]."
999	WHERE
1000	".$this->searchInfo["valuefield"]." = '".mysql_real_escape_string($this->value)."'
1001	";
1002
1003	$queryresult = $this->db->query($querystatement);
1004
1005	if($this->db->numRows($queryresult)){
1006
1007	$therecord = $this->db->fetchArray($queryresult);
1008	return $therecord["display"];
1009
1010	} else
1011	return '';
1012
1013	}//end method getInitialDisplay
1014
1015
1016	// CLASS OVERIDES ================================================
1017	function getJSMods(){
1018
1019	$thereturn = array("jsIncludes" => array(), "topJS" => array(), "bottomJS" => array(), "onload" => array());
1020
1021	$thereturn["jsIncludes"][] = "common/javascript/smartsearch.js";
1022
1023	if($this->required){
1024
1025	$message = $this->message;
1026
1027	if($message == "")
1028	$message = $this->displayName." cannot be blank.";
1029	$thereturn["topJS"][] = "requiredArray[requiredArray.length]= [ '".$this->name."','".$message."' ];";
1030
1031	}//endif - required
1032
1033	return $thereturn;
1034
1035	}//end method - getJSMods
1036
1037
1038	function showLabel(){
1039	?><label for="ds-<?php echo $this->id?>"><?php echo $this->displayName?></label><br /><?php
1040	}//end method
1041
1042
1043	function display(){
1044
1045	if($this->displayLabel)
1046	$this->showLabel();
1047
1048	if(!isset($this->_attributes["class"]))
1049	$this->_attributes["class"] = "";
1050	else
1051	$this->_attributes["class"] = " ".$this->_attributes["class"];
1052
1053	$this->_attributes["class"] = "inputSmartSearch".$this->_attributes["class"];
1054
1055	?><input type="hidden" name="<?php echo $this->id?>" id="<?php echo $this->id?>" value="<?php echo $this->value?>" />
1056	<input type="hidden" id="sff-<?php echo $this->id?>" value="<?php echo ((int) $this->allowFreeForm); ?>"/>
1057	<input type="hidden" id="sdbid-<?php echo $this->id?>" value="<?php echo $this->searchInfo["id"]?>"/>
1058	<input type="text" name="ds-<?php echo $this->id?>" id="ds-<?php echo $this->id?>" title="Use % for wildcard searches." <?php
1059
1060	$this->displayAttributes();
1061
1062	?> value="<?php echo htmlQuotes($this->displayValue) ?>"/><?php
1063
1064	}//end method -display
1065
1066	}//end class - inputSmartSearch
1067	//=====================================================================================
1068	class inputOnChangeField extends inputField{
1069
1070	function inputOnChangeField($id, $value, $displayName = NULL ,$required = false, $type = NULL, $size = 32, $maxlength = 128, $displayLabel = true){
1071
1072	parent::inputField($id, $value, $displayName,$required, $type, $size, $maxlength, $displayLabel);
1073
1074	}
1075
1076	function getJSMods(){
1077
1078	$thereturn = parent::getJSMods();
1079
1080	$thereturn["jsIncludes"][] = "common/javascript/onchange.js";
1081	$thereturn["topJS"][] = "onchangeArray[onchangeArray.length]=new Array(\"".$this->name."\");";
1082
1083	return $thereturn;
1084
1085	}//end method --getJSMods--
1086
1087	function display(){
1088
1089	if($this->displayLabel)
1090	$this->showLabel();
1091
1092
1093	?>
1094	<input type="hidden" name="<?php echo $this->name.'_changed';?>" id="<?php echo $this->id.'_changed';?>" value="0" />
1095	<input name="<?php echo $this->name?>" id="<?php echo $this->id?>" type="text" value="<?php echo $this->value?>" <?php
1096	$this->displayAttributes();
1097	?>/><?php
1098
1099	}//end method
1100
1101	}//end class
1102	//=====================================================================================
1103	class inputComparisonField extends inputField{
1104
1105	function display(){
1106
1107	if($this->displayLabel)
1108	$this->showLabel();
1109
1110	?>
1111	<input type="hidden" name="<?php echo $this->name.'_old';?>" id="<?php echo $this->id.'_old';?>" value="<?php echo $this->value?>" />
1112	<input name="<?php echo $this->name?>" id="<?php echo $this->id?>" type="text" value="<?php echo $this->value?>" <?php
1113	$this->displayAttributes();
1114	?>/><?php
1115
1116	}//end method
1117
1118	}//end class
1119	?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/include/fields.php

Download in other formats: