fix settings validation

main
msquare 8 years ago
parent f82a3fb1d8
commit 45bbf95972

@ -1,25 +1,19 @@
<?php <?php
/** /**
* Update Setting. * Get settings.
*
* @param string $event_name
* @param int $buildup_start_date
* @param int $event_start_date
* @param int $event_end_date
* @param int $teardown_end_date
* @param string $event_welcome_msg
*/ */
function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) { function Settings() {
return sql_query("UPDATE `Settings` SET $settings = sql_select("SELECT * FROM `Settings` LIMIT 1");
`event_name`='" . sql_escape($event_name) . "', if ($settings === false)
`buildup_start_date`='" . sql_escape($buildup_start_date) . "', return false;
`event_start_date`='" . sql_escape($event_start_date) . "', if (count($settings) > 0)
`event_end_date`='" . sql_escape($event_end_date) . "', return $settings[0];
`teardown_end_date`='" . sql_escape($teardown_end_date) . "', return null;
`event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
} }
/** /**
* Create Settings. * Update Settings.
* *
* @param string $event_name * @param string $event_name
* @param int $buildup_start_date * @param int $buildup_start_date
@ -28,13 +22,22 @@ function Settings_update($event_name, $buildup_start_date, $event_start_date, $e
* @param int $teardown_end_date * @param int $teardown_end_date
* @param string $event_welcome_msg * @param string $event_welcome_msg
*/ */
function Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) { function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
return sql_query("INSERT INTO `Settings` SET if (Settings() == null) {
`event_name`='" . sql_escape($event_name) . "', return sql_query("INSERT INTO `Settings` SET
`buildup_start_date`='" . sql_escape($buildup_start_date) . "', `event_name`=" . sql_null($event_name) . ",
`event_start_date`='" . sql_escape($event_start_date) . "', `buildup_start_date`=" . sql_null($buildup_start_date) . ",
`event_end_date`='" . sql_escape($event_end_date) . "', `event_start_date`=" . sql_null($event_start_date) . ",
`teardown_end_date`='" . sql_escape($teardown_end_date) . "', `event_end_date`=" . sql_null($event_end_date) . ",
`event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'"); `teardown_end_date`=" . sql_null($teardown_end_date) . ",
`event_welcome_msg`=" . sql_null($event_welcome_msg));
}
return sql_query("UPDATE `Settings` SET
`event_name`=" . sql_null($event_name) . ",
`buildup_start_date`=" . sql_null($buildup_start_date) . ",
`event_start_date`=" . sql_null($event_start_date) . ",
`event_end_date`=" . sql_null($event_end_date) . ",
`teardown_end_date`=" . sql_null($teardown_end_date) . ",
`event_welcome_msg`=" . sql_null($event_welcome_msg));
} }
?> ?>

@ -87,7 +87,7 @@ function sql_connect($host, $user, $pass, $db) {
$sql_connection = new mysqli($host, $user, $pass, $db); $sql_connection = new mysqli($host, $user, $pass, $db);
if ($sql_connection->connect_errno) { if ($sql_connection->connect_errno) {
error("Unable to connect to MySQL: " . $sql_connection->connect_error); error("Unable to connect to MySQL: " . $sql_connection->connect_error);
return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error); return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error);
} }

@ -1,87 +1,94 @@
<?php <?php
function admin_settings_title() { function admin_settings_title() {
return _("Settings"); return _("Settings");
} }
function admin_settings() { function admin_settings() {
$settings_source = sql_select("SELECT * FROM `Settings`"); $event_name = null;
if (count($settings_source) == 1) { $event_welcome_msg = null;
$event_name = $settings_source[0]['event_name']; $buildup_start_date = null;
$buildup_start_date = $settings_source[0]['buildup_start_date']; $event_start_date = null;
$event_start_date = $settings_source[0]['event_start_date']; $event_end_date = null;
$event_end_date = $settings_source[0]['event_end_date']; $teardown_end_date = null;
$teardown_end_date = $settings_source[0]['teardown_end_date'];
$event_welcome_msg = $settings_source[0]['event_welcome_msg']; $settings_source = Settings();
if ($settings_source === false)
engelsystem_error('Unable to load settings.');
if ($settings_source != null) {
$event_name = $settings_source['event_name'];
$buildup_start_date = $settings_source['buildup_start_date'];
$event_start_date = $settings_source['event_start_date'];
$event_end_date = $settings_source['event_end_date'];
$teardown_end_date = $settings_source['teardown_end_date'];
$event_welcome_msg = $settings_source['event_welcome_msg'];
} }
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset($_REQUEST['event_name']))
$event_name = strip_request_item('event_name'); if (isset($_REQUEST['event_name']))
if (isset($_REQUEST['buildup_start_date']) && $_REQUEST['buildup_start_date'] != '') { $event_name = strip_request_item('event_name');
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))) { if ($event_name == '')
$buildup_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))->getTimestamp(); $event_name = null;
} else {
$ok = false; if (isset($_REQUEST['event_welcome_msg']))
$msg .= error(_("Please enter buildup start date."), true); $event_welcome_msg = strip_request_item_nl('event_welcome_msg');
} if ($event_welcome_msg == '')
} else $event_welcome_msg = null;
$buildup_start_date = null;
if (isset($_REQUEST['event_start_date']) && $_REQUEST['event_start_date'] != '') { $result = check_request_date('buildup_start_date', _("Please enter buildup start date."), true);
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))) { $buildup_start_date = $result->getValue();
$event_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))->getTimestamp(); $ok &= $result->isOk();
} else {
$ok = false; $result = check_request_date('event_start_date', _("Please enter event start date."), true);
$msg .= error(_("Please enter event start date."), true); $event_start_date = $result->getValue();
} $ok &= $result->isOk();
} else
$event_start_date = null; $result = check_request_date('event_end_date', _("Please enter event end date."), true);
if (isset($_REQUEST['event_end_date']) && $_REQUEST['event_end_date'] != '') { $event_end_date = $result->getValue();
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))) { $ok &= $result->isOk();
$event_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))->getTimestamp();
} else { $result = check_request_date('teardown_end_date', _("Please enter teardown end date."), true);
$ok = false; $teardown_end_date = $result->getValue();
$msg .= error(_("Please enter event end date."), true); $ok &= $result->isOk();
}
} else if ($ok) {
$event_end_date = null; $result = Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
if (isset($_REQUEST['teardown_end_date']) && $_REQUEST['teardown_end_date'] != '') {
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))) { if ($result === false)
$teardown_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))->getTimestamp(); engelsystem_error("Unable to update settings.");
} else {
$ok = false; success(_("Settings saved."));
$msg .= error(_("Please enter teardown end date."), true); redirect(page_link_to('admin_settings'));
} }
} else }
$teardown_end_date = null;
if (isset($_REQUEST['event_welcome_msg']))
$event_welcome_msg = strip_request_item('event_welcome_msg');
}
if ($ok) {
if (count($settings_source) == 1)
Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
else
Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
success(_("Settings saved.")); return page_with_title(admin_settings_title(), [
redirect(page_link_to('admin_settings'));
}
return page_with_title(admin_settings_title(), array(
$msg,
msg(), msg(),
div('row', array( form([
div('col-md-12', array( div('row', [
form(array( div('col-md-6', [
form_info('', _("Here you can change event information.")), form_text('event_name', _("Event Name"), $event_name),
form_text('event_name', _("Event Name"), $event_name), form_info('', _("Event Name is shown on the start page.")),
form_date('buildup_start_date', _("Buildup date"), $buildup_start_date, time()), form_textarea('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg),
form_date('event_start_date', _("Event start date"), $event_start_date, time()), form_info('', _("Welcome message is shown after successful registration. You can use markdown."))
form_date('event_end_date', _("Event end date"), $event_end_date, time()), ]),
form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date, time()), div('col-md-3', [
form_info('', _("Here you can write your display message for registration:")), form_date('buildup_start_date', _("Buildup date"), $buildup_start_date),
form_text('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg), form_date('event_start_date', _("Event start date"), $event_start_date)
form_submit('submit', _("Save")) ]),
)) div('col-md-3', [
)) form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date),
)) form_date('event_end_date', _("Event end date"), $event_end_date)
)); ])
]),
div('row', [
div('col-md-6', [
form_submit('submit', _("Save"))
])
])
])
]);
} }
?> ?>

@ -18,6 +18,46 @@ function raw_output($output) {
die(); die();
} }
/**
* Checks if given request item (name) can be parsed to a date.
* If not parsable, given error message is put into msg() and null is returned.
*
* @param string $input
* String to be parsed into a date.
* @param string $error_message
* the error message displayed if $input is not parsable
* @param boolean $null_allowed
* is a null value allowed?
* @return ValidationResult containing the parsed date
*/
function check_request_date($name, $error_message = null, $null_allowed = false) {
if (! isset($_REQUEST[$name]))
return new ValidationResult($null_allowed, null);
return check_date($_REQUEST[$name], $error_message, $null_allowed);
}
/**
* Checks if given string can be parsed to a date.
* If not parsable, given error message is put into msg() and null is returned.
*
* @param string $input
* String to be parsed into a date.
* @param string $error_message
* the error message displayed if $input is not parsable
* @param boolean $null_allowed
* is a null value allowed?
* @return ValidationResult containing the parsed date
*/
function check_date($input, $error_message = null, $null_allowed = false) {
if (DateTime::createFromFormat("Y-m-d", trim($input)))
return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input)));
if ($null_allowed)
return new ValidationResult(true, null);
error($error_message);
return new ValidationResult(false, null);
}
/** /**
* Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
*/ */
@ -57,4 +97,38 @@ function check_email($email) {
return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
} }
class ValidationResult {
private $ok;
private $value;
/**
* Constructor.
*
* @param boolean $ok
* Is the value valid?
* @param * $value
* The validated value
*/
public function ValidationResult($ok, $value) {
$this->ok = $ok;
$this->value = $value;
}
/**
* Is the value valid?
*/
public function isOk() {
return $this->ok;
}
/**
* The parsed/validated value.
*/
public function getValue() {
return $this->value;
}
}
?> ?>

@ -1,11 +1,11 @@
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.0/phpunit.xsd" xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.5/phpunit.xsd"
bootstrap="../includes/engelsystem_provider.php" colors="true" bootstrap="../includes/engelsystem_provider.php" colors="true"
convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true"
convertWarningsToExceptions="true" forceCoversAnnotation="false"> convertWarningsToExceptions="true" forceCoversAnnotation="false">
<testsuites> <testsuites>
<testsuite name="Models"> <testsuite name="Models">
<directory>model</directory> <directory>model/*</directory>
</testsuite> </testsuite>
</testsuites> </testsuites>
<php> <php>

Loading…
Cancel
Save