fix settings validation

This commit is contained in:
msquare 2016-09-27 17:24:18 +02:00
parent f82a3fb1d8
commit 45bbf95972
5 changed files with 211 additions and 127 deletions

View File

@ -1,6 +1,19 @@
<?php <?php
/** /**
* Update Setting. * Get settings.
*/
function Settings() {
$settings = sql_select("SELECT * FROM `Settings` LIMIT 1");
if ($settings === false)
return false;
if (count($settings) > 0)
return $settings[0];
return null;
}
/**
* Update Settings.
* *
* @param string $event_name * @param string $event_name
* @param int $buildup_start_date * @param int $buildup_start_date
@ -10,31 +23,21 @@
* @param string $event_welcome_msg * @param string $event_welcome_msg
*/ */
function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) { function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
return sql_query("UPDATE `Settings` SET if (Settings() == null) {
`event_name`='" . sql_escape($event_name) . "',
`buildup_start_date`='" . sql_escape($buildup_start_date) . "',
`event_start_date`='" . sql_escape($event_start_date) . "',
`event_end_date`='" . sql_escape($event_end_date) . "',
`teardown_end_date`='" . sql_escape($teardown_end_date) . "',
`event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
}
/**
* Create Settings.
*
* @param string $event_name
* @param int $buildup_start_date
* @param int $event_start_date
* @param int $event_end_date
* @param int $teardown_end_date
* @param string $event_welcome_msg
*/
function Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
return sql_query("INSERT INTO `Settings` SET return sql_query("INSERT INTO `Settings` SET
`event_name`='" . sql_escape($event_name) . "', `event_name`=" . sql_null($event_name) . ",
`buildup_start_date`='" . sql_escape($buildup_start_date) . "', `buildup_start_date`=" . sql_null($buildup_start_date) . ",
`event_start_date`='" . sql_escape($event_start_date) . "', `event_start_date`=" . sql_null($event_start_date) . ",
`event_end_date`='" . sql_escape($event_end_date) . "', `event_end_date`=" . sql_null($event_end_date) . ",
`teardown_end_date`='" . sql_escape($teardown_end_date) . "', `teardown_end_date`=" . sql_null($teardown_end_date) . ",
`event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'"); `event_welcome_msg`=" . sql_null($event_welcome_msg));
}
return sql_query("UPDATE `Settings` SET
`event_name`=" . sql_null($event_name) . ",
`buildup_start_date`=" . sql_null($buildup_start_date) . ",
`event_start_date`=" . sql_null($event_start_date) . ",
`event_end_date`=" . sql_null($event_end_date) . ",
`teardown_end_date`=" . sql_null($teardown_end_date) . ",
`event_welcome_msg`=" . sql_null($event_welcome_msg));
} }
?> ?>

View File

@ -1,87 +1,94 @@
<?php <?php
function admin_settings_title() { function admin_settings_title() {
return _("Settings"); return _("Settings");
} }
function admin_settings() { function admin_settings() {
$settings_source = sql_select("SELECT * FROM `Settings`"); $event_name = null;
if (count($settings_source) == 1) { $event_welcome_msg = null;
$event_name = $settings_source[0]['event_name']; $buildup_start_date = null;
$buildup_start_date = $settings_source[0]['buildup_start_date']; $event_start_date = null;
$event_start_date = $settings_source[0]['event_start_date']; $event_end_date = null;
$event_end_date = $settings_source[0]['event_end_date']; $teardown_end_date = null;
$teardown_end_date = $settings_source[0]['teardown_end_date'];
$event_welcome_msg = $settings_source[0]['event_welcome_msg']; $settings_source = Settings();
if ($settings_source === false)
engelsystem_error('Unable to load settings.');
if ($settings_source != null) {
$event_name = $settings_source['event_name'];
$buildup_start_date = $settings_source['buildup_start_date'];
$event_start_date = $settings_source['event_start_date'];
$event_end_date = $settings_source['event_end_date'];
$teardown_end_date = $settings_source['teardown_end_date'];
$event_welcome_msg = $settings_source['event_welcome_msg'];
} }
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset($_REQUEST['event_name'])) if (isset($_REQUEST['event_name']))
$event_name = strip_request_item('event_name'); $event_name = strip_request_item('event_name');
if (isset($_REQUEST['buildup_start_date']) && $_REQUEST['buildup_start_date'] != '') { if ($event_name == '')
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))) { $event_name = null;
$buildup_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter buildup start date."), true);
}
} else
$buildup_start_date = null;
if (isset($_REQUEST['event_start_date']) && $_REQUEST['event_start_date'] != '') {
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))) {
$event_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter event start date."), true);
}
} else
$event_start_date = null;
if (isset($_REQUEST['event_end_date']) && $_REQUEST['event_end_date'] != '') {
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))) {
$event_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter event end date."), true);
}
} else
$event_end_date = null;
if (isset($_REQUEST['teardown_end_date']) && $_REQUEST['teardown_end_date'] != '') {
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))) {
$teardown_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter teardown end date."), true);
}
} else
$teardown_end_date = null;
if (isset($_REQUEST['event_welcome_msg'])) if (isset($_REQUEST['event_welcome_msg']))
$event_welcome_msg = strip_request_item('event_welcome_msg'); $event_welcome_msg = strip_request_item_nl('event_welcome_msg');
} if ($event_welcome_msg == '')
$event_welcome_msg = null;
$result = check_request_date('buildup_start_date', _("Please enter buildup start date."), true);
$buildup_start_date = $result->getValue();
$ok &= $result->isOk();
$result = check_request_date('event_start_date', _("Please enter event start date."), true);
$event_start_date = $result->getValue();
$ok &= $result->isOk();
$result = check_request_date('event_end_date', _("Please enter event end date."), true);
$event_end_date = $result->getValue();
$ok &= $result->isOk();
$result = check_request_date('teardown_end_date', _("Please enter teardown end date."), true);
$teardown_end_date = $result->getValue();
$ok &= $result->isOk();
if ($ok) { if ($ok) {
if (count($settings_source) == 1) $result = Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
else if ($result === false)
Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg); engelsystem_error("Unable to update settings.");
success(_("Settings saved.")); success(_("Settings saved."));
redirect(page_link_to('admin_settings')); redirect(page_link_to('admin_settings'));
} }
return page_with_title(admin_settings_title(), array( }
$msg,
return page_with_title(admin_settings_title(), [
msg(), msg(),
div('row', array( form([
div('col-md-12', array( div('row', [
form(array( div('col-md-6', [
form_info('', _("Here you can change event information.")),
form_text('event_name', _("Event Name"), $event_name), form_text('event_name', _("Event Name"), $event_name),
form_date('buildup_start_date', _("Buildup date"), $buildup_start_date, time()), form_info('', _("Event Name is shown on the start page.")),
form_date('event_start_date', _("Event start date"), $event_start_date, time()), form_textarea('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg),
form_date('event_end_date', _("Event end date"), $event_end_date, time()), form_info('', _("Welcome message is shown after successful registration. You can use markdown."))
form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date, time()), ]),
form_info('', _("Here you can write your display message for registration:")), div('col-md-3', [
form_text('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg), form_date('buildup_start_date', _("Buildup date"), $buildup_start_date),
form_date('event_start_date', _("Event start date"), $event_start_date)
]),
div('col-md-3', [
form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date),
form_date('event_end_date', _("Event end date"), $event_end_date)
])
]),
div('row', [
div('col-md-6', [
form_submit('submit', _("Save")) form_submit('submit', _("Save"))
)) ])
)) ])
)) ])
)); ]);
} }
?> ?>

View File

@ -18,6 +18,46 @@ function raw_output($output) {
die(); die();
} }
/**
* Checks if given request item (name) can be parsed to a date.
* If not parsable, given error message is put into msg() and null is returned.
*
* @param string $input
* String to be parsed into a date.
* @param string $error_message
* the error message displayed if $input is not parsable
* @param boolean $null_allowed
* is a null value allowed?
* @return ValidationResult containing the parsed date
*/
function check_request_date($name, $error_message = null, $null_allowed = false) {
if (! isset($_REQUEST[$name]))
return new ValidationResult($null_allowed, null);
return check_date($_REQUEST[$name], $error_message, $null_allowed);
}
/**
* Checks if given string can be parsed to a date.
* If not parsable, given error message is put into msg() and null is returned.
*
* @param string $input
* String to be parsed into a date.
* @param string $error_message
* the error message displayed if $input is not parsable
* @param boolean $null_allowed
* is a null value allowed?
* @return ValidationResult containing the parsed date
*/
function check_date($input, $error_message = null, $null_allowed = false) {
if (DateTime::createFromFormat("Y-m-d", trim($input)))
return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input)));
if ($null_allowed)
return new ValidationResult(true, null);
error($error_message);
return new ValidationResult(false, null);
}
/** /**
* Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
*/ */
@ -57,4 +97,38 @@ function check_email($email) {
return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
} }
class ValidationResult {
private $ok;
private $value;
/**
* Constructor.
*
* @param boolean $ok
* Is the value valid?
* @param * $value
* The validated value
*/
public function ValidationResult($ok, $value) {
$this->ok = $ok;
$this->value = $value;
}
/**
* Is the value valid?
*/
public function isOk() {
return $this->ok;
}
/**
* The parsed/validated value.
*/
public function getValue() {
return $this->value;
}
}
?> ?>

View File

@ -1,11 +1,11 @@
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.0/phpunit.xsd" xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.5/phpunit.xsd"
bootstrap="../includes/engelsystem_provider.php" colors="true" bootstrap="../includes/engelsystem_provider.php" colors="true"
convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true"
convertWarningsToExceptions="true" forceCoversAnnotation="false"> convertWarningsToExceptions="true" forceCoversAnnotation="false">
<testsuites> <testsuites>
<testsuite name="Models"> <testsuite name="Models">
<directory>model</directory> <directory>model/*</directory>
</testsuite> </testsuite>
</testsuites> </testsuites>
<php> <php>