fe_adminlib.inc

Typo3, 开源里边最强大的

<?php
/***************************************************************
*  Copyright notice
*
*  (c) 1999-2005 Kasper Skaarhoj (kasperYYYY@typo3.com)
*  All rights reserved
*
*  This script is part of the TYPO3 project. The TYPO3 project is
*  free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 2 of the License, or
*  (at your option) any later version.
*
*  The GNU General Public License can be found at
*  http://www.gnu.org/copyleft/gpl.html.
*  A copy is found in the textfile GPL.txt and important notices to the license
*  from the author is found in LICENSE.txt distributed with these scripts.
*
*
*  This script is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
/**
 * FE admin lib
 *
 * $Id: fe_adminLib.inc 1783 2006-11-03 13:51:54Z mundaun $
 * Revised for TYPO3 3.6 June/2003 by Kasper Skaarhoj
 *
 * @author	Kasper Skaarhoj <kasperYYYY@typo3.com>
 */
/**
 * [CLASS/FUNCTION INDEX of SCRIPT]
 *
 *
 *
 *  132: class user_feAdmin
 *  179:     function init($content,$conf)
 *
 *              SECTION: Data processing
 *  423:     function parseValues()
 *  518:     function processFiles($cmdParts,$theField)
 *  624:     function overrideValues()
 *  640:     function defaultValues()
 *  659:     function evalValues()
 *  781:     function userProcess($mConfKey,$passVar)
 *  799:     function userProcess_alt($confVal,$confArr,$passVar)
 *
 *              SECTION: Database manipulation functions
 *  841:     function save()
 *  899:     function deleteRecord()
 *  929:     function deleteFilesFromRecord($uid)
 *
 *              SECTION: Command "display" functions
 *  986:     function displayDeleteScreen()
 * 1014:     function displayCreateScreen()
 * 1037:     function displayEditScreen()
 * 1088:     function displayEditForm($origArr)
 * 1116:     function procesSetFixed()
 *
 *              SECTION: Template processing functions
 * 1205:     function removeRequired($templateCode,$failure)
 * 1223:     function getPlainTemplate($key,$r='')
 * 1240:     function modifyDataArrForFormUpdate($inputArr)
 * 1309:     function setCObjects($templateCode,$currentArr=array(),$markerArray='',$specialPrefix='')
 *
 *              SECTION: Emailing
 * 1371:     function sendInfoMail()
 * 1419:     function compileMail($key, $DBrows, $recipient, $setFixedConfig=array())
 * 1465:     function sendMail($recipient, $admin, $content='', $adminContent='')
 * 1510:     function isHTMLContent($c)
 * 1531:     function sendHTMLMail($content,$recipient,$dummy,$fromEmail,$fromName,$replyTo='')
 *
 *              SECTION: Various helper functions
 * 1615:     function aCAuth($r)
 * 1629:     function authCode($r,$extra='')
 * 1655:     function setfixed($markerArray, $setfixed, $r)
 * 1693:     function setfixedHash($recCopy,$fields='')
 * 1714:     function isPreview()
 * 1723:     function createFileFuncObj()
 * 1734:     function clearCacheIfSet()
 * 1749:     function getFailure($theField, $theCmd, $label)
 *
 * TOTAL FUNCTIONS: 33
 * (This index is automatically created/updated by the extension "extdeveval")
 *
 */

require_once (PATH_t3lib.'class.t3lib_basicfilefunc.php');		// For use with images.



























/**
 * This library provides a HTML-template file based framework for Front End creating/editing/deleting records authenticated by email or fe_user login.
 * It is used in the extensions "direct_mail_subscription" and "feuser_admin" (and the deprecated(!) static template "plugin.feadmin.dmailsubscription" and "plugin.feadmin.fe_users" which are the old versions of these two extensions)
 * Further the extensions "t3consultancies" and "t3references" also uses this library but contrary to the "direct_mail_subscription" and "feuser_admin" extensions which relies on external HTML templates which must be adapted these two extensions delivers the HTML template code from inside.
 * Generally the fe_adminLib appears to be hard to use. Personally I feel turned off by all the template-file work involved and since it is very feature rich (and for that sake pretty stable!) there are lots of things that can go wrong - you feel. Therefore I like the concept used by "t3consultancies"/"t3references" since those extensions uses the library by supplying the HTML-template code automatically.
 * Suggestions for improvement and streamlining is welcome so this powerful class could be used more and effectively.
 *
 * @author	Kasper Skaarhoj <kasperYYYY@typo3.com>
 * @package TYPO3
 * @subpackage tslib
 * @link http://typo3.org/doc.0.html?&tx_extrepmgm_pi1[extUid]=270&tx_extrepmgm_pi1[tocEl]=396&cHash=d267c36546
 */
class user_feAdmin	{

		// External, static:
	var $recInMarkersHSC = TRUE;		// If true, values from the record put into markers going out into HTML will be passed through htmlspecialchars()!

	var $dataArr = array();
	var $failureMsg = array();
	var $theTable = '';
	var $thePid = 0;
	var $markerArray = array();
	var $templateCode='';
	var $cObj;

	var $cmd;
	var $preview;
	var $backURL;
	var $recUid;
	var $failure=0;		// is set if data did not have the required fields set.
	var $error='';
	var $saved=0;		// is set if data is saved
	var $requiredArr;
	var $currentArr = array();
	var $previewLabel='';
	var $nc = '';		// '&no_cache=1' if you want that parameter sent.
	var $additionalUpdateFields='';
	var $emailMarkPrefix = 'EMAIL_TEMPLATE_';
	var $codeLength;
	var $cmdKey;
	var $fileFunc='';	// Set to a basic_filefunc object
	var $filesStoredInUploadFolders=array();		// This array will hold the names of files transferred to the uploads/* folder if any. If the records are NOT saved, these files should be deleted!! Currently this is not working!

		// Internal vars, dynamic:
	var $unlinkTempFiles = array();			// Is loaded with all temporary filenames used for upload which should be deleted before exit...

	/**
	 * Main function. Called from TypoScript.
	 * This
	 * - initializes internal variables,
	 * - fills in the markerArray with default substitution string
	 * - saves/emails if such commands are sent
	 * - calls functions for display of the screen for editing/creation/deletion etc.
	 *
	 * @param	string		Empty string, ignore.
	 * @param	array		TypoScript properties following the USER_INT object which uses this library
	 * @return	string		HTML content
	 * @link http://typo3.org/doc.0.html?&tx_extrepmgm_pi1[extUid]=270&tx_extrepmgm_pi1[tocEl]=396&cHash=d267c36546
	 */
	function init($content,$conf)	{
		$this->conf = $conf;

			// template file is fetched.
		$this->templateCode = $this->conf['templateContent'] ? $this->conf['templateContent'] : $this->cObj->fileResource($this->conf['templateFile']);

			// Getting the cmd var
		$this->cmd = (string)t3lib_div::_GP('cmd');
			// Getting the preview var
		$this->preview = (string)t3lib_div::_GP('preview');
			// backURL is a given URL to return to when login is performed
		$this->backURL = t3lib_div::_GP('backURL');
		if (strstr($this->backURL, '"') || strstr($this->backURL, "'") || preg_match('/(javascript|vbscript):/i', $this->backURL)  || stristr($this->backURL, "fromcharcode") || strstr($this->backURL, "<") || strstr($this->backURL, ">"))	{
			$this->backURL = '';	// Clear backURL if it seems to contain XSS code - only URLs are allowed
		}
			// Remove host from URL: Make sure that $this->backURL maps to the current site
		$this->backURL = preg_replace('|[A-Za-z]+://[^/]+|', '', $this->backURL);
			// Uid to edit:
		$this->recUid = t3lib_div::_GP('rU');
			// Authentication code:
		$this->authCode = t3lib_div::_GP('aC');
			// get table
		$this->theTable = $this->conf['table'];
			// link configuration
		$linkConf = is_array($this->conf['formurl.']) ? $this->conf['formurl.'] : array();
			// pid
		$this->thePid = intval($this->conf['pid']) ? intval($this->conf['pid']) : $GLOBALS['TSFE']->id;
			//
		$this->codeLength = intval($this->conf['authcodeFields.']['codeLength']) ? intval($this->conf['authcodeFields.']['codeLength']) : 8;

			// Setting the hardcoded lists of fields allowed for editing and creation.
		$this->fieldList=implode(',',t3lib_div::trimExplode(',',$GLOBALS['TCA'][$this->theTable]['feInterface']['fe_admin_fieldList'],1));

			// globally substituted markers, fonts and colors.
		$splitMark = md5(microtime());
		list($this->markerArray['###GW1B###'],$this->markerArray['###GW1E###']) = explode($splitMark,$this->cObj->stdWrap($splitMark,$this->conf['wrap1.']));
		list($this->markerArray['###GW2B###'],$this->markerArray['###GW2E###']) = explode($splitMark,$this->cObj->stdWrap($splitMark,$this->conf['wrap2.']));
		$this->markerArray['###GC1###'] = $this->cObj->stdWrap($this->conf['color1'],$this->conf['color1.']);
		$this->markerArray['###GC2###'] = $this->cObj->stdWrap($this->conf['color2'],$this->conf['color2.']);
		$this->markerArray['###GC3###'] = $this->cObj->stdWrap($this->conf['color3'],$this->conf['color3.']);

		if (intval($this->conf['no_cache']) && !isset($linkConf['no_cache']))	{	// needed for backwards compatibility
			$linkConf['no_cache'] = 1;
		}
		if(!$linkConf['parameter'])	{
			$linkConf['parameter'] = $GLOBALS['TSFE']->id;
		}
		if(!$linkConf['additionalParams'])	{	// needed for backwards compatibility
			$linkConf['additionalParams'] = $this->conf['addParams'];
		}

		$formURL = $this->cObj->typoLink_URL($linkConf);
		if(!strstr($formURL,'?')) {
			$formURL .= '?';
		}

			// Initialize markerArray, setting FORM_URL and HIDDENFIELDS
		$this->markerArray['###FORM_URL###'] = $formURL;
		$this->markerArray['###FORM_URL_ENC###'] = rawurlencode($this->markerArray['###FORM_URL###']);
		$this->markerArray['###FORM_URL_HSC###'] = htmlspecialchars($this->markerArray['###FORM_URL###']);

		$this->markerArray['###BACK_URL###'] = $this->backURL;
		$this->markerArray['###BACK_URL_ENC###'] = rawurlencode($this->markerArray['###BACK_URL###']);
		$this->markerArray['###BACK_URL_HSC###'] = htmlspecialchars($this->markerArray['###BACK_URL###']);

		$this->markerArray['###THE_PID###'] = $this->thePid;
		$this->markerArray['###REC_UID###'] = $this->recUid;
		$this->markerArray['###AUTH_CODE###'] = $this->authCode;
		$this->markerArray['###THIS_ID###'] = $GLOBALS['TSFE']->id;
		$this->markerArray['###THIS_URL###'] = htmlspecialchars(t3lib_div::getIndpEnv('TYPO3_REQUEST_DIR'));
		$this->markerArray['###HIDDENFIELDS###'] =
			($this->cmd?'<input type="hidden" name="cmd" value="'.htmlspecialchars($this->cmd).'" />':'').
			($this->authCode?'<input type="hidden" name="aC" value="'.htmlspecialchars($this->authCode).'" />':'').
			($this->backURL?'<input type="hidden" name="backURL" value="'.htmlspecialchars($this->backURL).'" />':'');


			// Setting cmdKey which is either 'edit' or 'create'
		switch($this->cmd)	{
			case 'edit':
				$this->cmdKey='edit';
			break;
			default:
				$this->cmdKey='create';
			break;
		}
			// Setting requiredArr to the fields in 'required' intersected field the total field list in order to remove invalid fields.
		$this->requiredArr = array_intersect(
			t3lib_div::trimExplode(',',$this->conf[$this->cmdKey.'.']['required'],1),
			t3lib_div::trimExplode(',',$this->conf[$this->cmdKey.'.']['fields'],1)
		);

			// Setting incoming data. Non-stripped
		$fe=t3lib_div::_GP('FE');
		$this->dataArr = $fe[$this->theTable];	// Incoming data.

			// Checking template file and table value
		if (!$this->templateCode)	{
			$content = 'No template file found: '.$this->conf['templateFile'];
			return $content;
		}

		if (!$this->theTable || !$this->fieldList)	{
			$content = 'Wrong table: '.$this->theTable;
			return $content;		// Not listed or editable table!
		}

		// *****************
		// If data is submitted, we take care of it here.
		// *******************
		if ($this->cmd=='delete' && !$this->preview && !t3lib_div::_GP('doNotSave'))	{	// Delete record if delete command is sent + the preview flag is NOT set.
			$this->deleteRecord();
		}
			// If incoming data is seen...
		if (is_array($this->dataArr))	{
				// Evaluation of data:
			$this->parseValues();
			$this->overrideValues();
			$this->evalValues();
			if ($this->conf['evalFunc'])	{
				$this->dataArr = $this->userProcess('evalFunc',$this->dataArr);
			}

		/*
		debug($this->dataArr);
		debug($this->failure);
		debug($this->preview);
		*/
				// if not preview and no failures, then set data...
			if (!$this->failure && !$this->preview && !t3lib_div::_GP('doNotSave'))	{	// doNotSave is a global var (eg a 'Cancel' submit button) that prevents the data from being processed
				$this->save();
			} else {
				if ($this->conf['debug'])		debug($this->failure);
			}
		} else {
			$this->defaultValues();	// If no incoming data, this will set the default values.
			$this->preview = 0;	// No preview if data is not received
		}
		if ($this->failure)	{$this->preview=0;}	// No preview flag if a evaluation failure has occured
		$this->previewLabel = $this->preview ? '_PREVIEW' : '';	// Setting preview label prefix.


			// *********************
			// DISPLAY FORMS:
			// ***********************
		if ($this->saved) {
				// Clear page cache
			$this->clearCacheIfSet();

				// Displaying the page here that says, the record has been saved. You're able to include the saved values by markers.
			switch($this->cmd)	{
				case 'delete':
					$key='DELETE';
				break;
				case 'edit':
					$key='EDIT';
				break;