fix settings validation

8 years ago · 45bbf95972
parent f82a3fb1d8
commit 45bbf95972
5 changed files with 210 additions and 126 deletions
--- a/includes/model/Settings_model.php
+++ b/includes/model/Settings_model.php
@ -1,25 +1,19 @@
 <?php
+
 /**
- * Update Setting.
- *
- * @param string $event_name          
- * @param int $buildup_start_date
- * @param int $event_start_date
- * @param int $event_end_date
- * @param int $teardown_end_date                   
- * @param string $event_welcome_msg 
+ * Get settings.
 */
-function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
-  return sql_query("UPDATE `Settings` SET
-      `event_name`='" . sql_escape($event_name) . "', 
-      `buildup_start_date`='" . sql_escape($buildup_start_date) . "',
-      `event_start_date`='" . sql_escape($event_start_date) . "',
-      `event_end_date`='" . sql_escape($event_end_date) . "',
-      `teardown_end_date`='" . sql_escape($teardown_end_date) . "',        
-      `event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
+function Settings() {
+  $settings = sql_select("SELECT * FROM `Settings` LIMIT 1");
+  if ($settings === false)
+    return false;
+  if (count($settings) > 0)
+    return $settings[0];
+  return null;
 }
+
 /**
- * Create Settings.
+ * Update Settings.
 *
 * @param string $event_name          
 * @param int $buildup_start_date          
@ -28,13 +22,22 @@ function Settings_update($event_name, $buildup_start_date, $event_start_date, $e
 * @param int $teardown_end_date          
 * @param string $event_welcome_msg          
 */
-function Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
-  return sql_query("INSERT INTO `Settings` SET
-      `event_name`='" . sql_escape($event_name) . "', 
-      `buildup_start_date`='" . sql_escape($buildup_start_date) . "',
-      `event_start_date`='" . sql_escape($event_start_date) . "',
-      `event_end_date`='" . sql_escape($event_end_date) . "',
-      `teardown_end_date`='" . sql_escape($teardown_end_date) . "',        
-      `event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
+function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
+  if (Settings() == null) {
+    return sql_query("INSERT INTO `Settings` SET
+      `event_name`=" . sql_null($event_name) . ",
+      `buildup_start_date`=" . sql_null($buildup_start_date) . ",
+      `event_start_date`=" . sql_null($event_start_date) . ",
+      `event_end_date`=" . sql_null($event_end_date) . ",
+      `teardown_end_date`=" . sql_null($teardown_end_date) . ",
+      `event_welcome_msg`=" . sql_null($event_welcome_msg));
+  }
+  return sql_query("UPDATE `Settings` SET
+      `event_name`=" . sql_null($event_name) . ", 
+      `buildup_start_date`=" . sql_null($buildup_start_date) . ",
+      `event_start_date`=" . sql_null($event_start_date) . ",
+      `event_end_date`=" . sql_null($event_end_date) . ",
+      `teardown_end_date`=" . sql_null($teardown_end_date) . ",        
+      `event_welcome_msg`=" . sql_null($event_welcome_msg));
 }
 ?>
--- a/includes/mysqli_provider.php
+++ b/includes/mysqli_provider.php
@ -87,7 +87,7 @@ function sql_connect($host, $user, $pass, $db) {
  
  $sql_connection = new mysqli($host, $user, $pass, $db);
  if ($sql_connection->connect_errno) {
-      error("Unable to connect to MySQL: " . $sql_connection->connect_error);
+    error("Unable to connect to MySQL: " . $sql_connection->connect_error);
    return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error);
  }
  
--- a/includes/pages/admin_settings.php
+++ b/includes/pages/admin_settings.php
@ -1,87 +1,94 @@
 <?php
+
 function admin_settings_title() {
  return _("Settings");
 }
+
 function admin_settings() {
-  $settings_source = sql_select("SELECT * FROM `Settings`");
-  if (count($settings_source) == 1) {
-    $event_name = $settings_source[0]['event_name'];
-    $buildup_start_date = $settings_source[0]['buildup_start_date']; 
-    $event_start_date = $settings_source[0]['event_start_date'];
-    $event_end_date = $settings_source[0]['event_end_date'];
-    $teardown_end_date = $settings_source[0]['teardown_end_date']; 
-    $event_welcome_msg = $settings_source[0]['event_welcome_msg'];
+  $event_name = null;
+  $event_welcome_msg = null;
+  $buildup_start_date = null;
+  $event_start_date = null;
+  $event_end_date = null;
+  $teardown_end_date = null;
+  
+  $settings_source = Settings();
+  if ($settings_source === false)
+    engelsystem_error('Unable to load settings.');
+  if ($settings_source != null) {
+    $event_name = $settings_source['event_name'];
+    $buildup_start_date = $settings_source['buildup_start_date'];
+    $event_start_date = $settings_source['event_start_date'];
+    $event_end_date = $settings_source['event_end_date'];
+    $teardown_end_date = $settings_source['teardown_end_date'];
+    $event_welcome_msg = $settings_source['event_welcome_msg'];
  }
+  
  if (isset($_REQUEST['submit'])) {
    $ok = true;
-  if (isset($_REQUEST['event_name']))
-    $event_name = strip_request_item('event_name');  
-  if (isset($_REQUEST['buildup_start_date']) && $_REQUEST['buildup_start_date'] != '') {
-    if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))) {
-      $buildup_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))->getTimestamp();
-    } else {
-        $ok = false;
-        $msg .= error(_("Please enter buildup start date."), true);
-      }
-  } else
-    $buildup_start_date = null;
-  if (isset($_REQUEST['event_start_date']) && $_REQUEST['event_start_date'] != '') {
-    if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))) {
-      $event_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))->getTimestamp();
-    } else {
-      $ok = false;
-      $msg .= error(_("Please enter event start date."), true);
-      }
-  } else
-    $event_start_date = null;
-  if (isset($_REQUEST['event_end_date']) && $_REQUEST['event_end_date'] != '') {
-    if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))) {
-      $event_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))->getTimestamp();
-    } else {
-        $ok = false;
-        $msg .= error(_("Please enter event end date."), true);
-      }
-  } else
-    $event_end_date = null;
-  if (isset($_REQUEST['teardown_end_date']) && $_REQUEST['teardown_end_date'] != '') {
-    if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))) {
-      $teardown_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))->getTimestamp();
-    } else {
-      $ok = false;
-      $msg .= error(_("Please enter teardown end date."), true);
+    
+    if (isset($_REQUEST['event_name']))
+      $event_name = strip_request_item('event_name');
+    if ($event_name == '')
+      $event_name = null;
+    
+    if (isset($_REQUEST['event_welcome_msg']))
+      $event_welcome_msg = strip_request_item_nl('event_welcome_msg');
+    if ($event_welcome_msg == '')
+      $event_welcome_msg = null;
+    
+    $result = check_request_date('buildup_start_date', _("Please enter buildup start date."), true);
+    $buildup_start_date = $result->getValue();
+    $ok &= $result->isOk();
+    
+    $result = check_request_date('event_start_date', _("Please enter event start date."), true);
+    $event_start_date = $result->getValue();
+    $ok &= $result->isOk();
+    
+    $result = check_request_date('event_end_date', _("Please enter event end date."), true);
+    $event_end_date = $result->getValue();
+    $ok &= $result->isOk();
+    
+    $result = check_request_date('teardown_end_date', _("Please enter teardown end date."), true);
+    $teardown_end_date = $result->getValue();
+    $ok &= $result->isOk();
+    
+    if ($ok) {
+      $result = Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
+      
+      if ($result === false)
+        engelsystem_error("Unable to update settings.");
+      
+      success(_("Settings saved."));
+      redirect(page_link_to('admin_settings'));
    }
-  } else
-      $teardown_end_date = null;
-  if (isset($_REQUEST['event_welcome_msg']))
-    $event_welcome_msg = strip_request_item('event_welcome_msg');
-}
-if ($ok) {
-  if (count($settings_source) == 1)
-    Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
-  else
-    Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
+  }
  
-  success(_("Settings saved."));
-  redirect(page_link_to('admin_settings'));
-}
-  return page_with_title(admin_settings_title(), array(
-      $msg,
+  return page_with_title(admin_settings_title(), [
      msg(),
-      div('row', array(
-          div('col-md-12', array(
-              form(array(
-                form_info('', _("Here you can change event information.")),
-                form_text('event_name', _("Event Name"), $event_name),
-                form_date('buildup_start_date', _("Buildup date"), $buildup_start_date, time()),
-                form_date('event_start_date', _("Event start date"), $event_start_date, time()),
-                form_date('event_end_date', _("Event end date"), $event_end_date, time()),
-                form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date, time()),
-                form_info('', _("Here you can write your display message for registration:")),
-                form_text('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg),
-                form_submit('submit', _("Save")) 
-              )) 
-          ))
-      )) 
-  ));
+      form([
+          div('row', [
+              div('col-md-6', [
+                  form_text('event_name', _("Event Name"), $event_name),
+                  form_info('', _("Event Name is shown on the start page.")),
+                  form_textarea('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg),
+                  form_info('', _("Welcome message is shown after successful registration. You can use markdown.")) 
+              ]),
+              div('col-md-3', [
+                  form_date('buildup_start_date', _("Buildup date"), $buildup_start_date),
+                  form_date('event_start_date', _("Event start date"), $event_start_date) 
+              ]),
+              div('col-md-3', [
+                  form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date),
+                  form_date('event_end_date', _("Event end date"), $event_end_date) 
+              ]) 
+          ]),
+          div('row', [
+              div('col-md-6', [
+                  form_submit('submit', _("Save")) 
+              ]) 
+          ]) 
+      ]) 
+  ]);
 }
 ?>
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@ -18,6 +18,46 @@ function raw_output($output) {
  die();
 }

+/**
+ * Checks if given request item (name) can be parsed to a date.
+ * If not parsable, given error message is put into msg() and null is returned.
+ *
+ * @param string $input
+ *          String to be parsed into a date.
+ * @param string $error_message
+ *          the error message displayed if $input is not parsable
+ * @param boolean $null_allowed
+ *          is a null value allowed?
+ * @return ValidationResult containing the parsed date
+ */
+function check_request_date($name, $error_message = null, $null_allowed = false) {
+  if (! isset($_REQUEST[$name]))
+    return new ValidationResult($null_allowed, null);
+  return check_date($_REQUEST[$name], $error_message, $null_allowed);
+}
+
+/**
+ * Checks if given string can be parsed to a date.
+ * If not parsable, given error message is put into msg() and null is returned.
+ *
+ * @param string $input
+ *          String to be parsed into a date.
+ * @param string $error_message
+ *          the error message displayed if $input is not parsable
+ * @param boolean $null_allowed
+ *          is a null value allowed?
+ * @return ValidationResult containing the parsed date
+ */
+function check_date($input, $error_message = null, $null_allowed = false) {
+  if (DateTime::createFromFormat("Y-m-d", trim($input)))
+    return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input)));
+  if ($null_allowed)
+    return new ValidationResult(true, null);
+  
+  error($error_message);
+  return new ValidationResult(false, null);
+}
+
 /**
 * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
 */
@ -57,4 +97,38 @@ function check_email($email) {
  return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
 }

+class ValidationResult {
+
+  private $ok;
+
+  private $value;
+
+  /**
+   * Constructor.
+   *
+   * @param boolean $ok
+   *          Is the value valid?
+   * @param * $value
+   *          The validated value
+   */
+  public function ValidationResult($ok, $value) {
+    $this->ok = $ok;
+    $this->value = $value;
+  }
+
+  /**
+   * Is the value valid?
+   */
+  public function isOk() {
+    return $this->ok;
+  }
+
+  /**
+   * The parsed/validated value.
+   */
+  public function getValue() {
+    return $this->value;
+  }
+}
+
 ?>
--- a/test/phpunit.xml
+++ b/test/phpunit.xml
@ -1,11 +1,11 @@
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.0/phpunit.xsd"
+	xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.5/phpunit.xsd"
 	bootstrap="../includes/engelsystem_provider.php" colors="true"
 	convertErrorsToExceptions="true" convertNoticesToExceptions="true"
 	convertWarningsToExceptions="true" forceCoversAnnotation="false">
 	<testsuites>
 		<testsuite name="Models">
-			<directory>model</directory>
+			<directory>model/*</directory>
 		</testsuite>
 	</testsuites>
 	<php>