* @license BSD
*/
namespace Domframework;
/** This class permit to create easily some forms to HTML (or text mode in
* future).
* Each field can be checked in AJAX or HTML.
*/
class Form
{
/** All the fields
*/
private $fields = NULL;
/** The name of the form
*/
private $formName;
/** Allow to debug the PHP
*/
public $debug=0;
/** CSRF protection
* By default, the CSRF protection is active if a SESSION is active too.
* It can be disabled if needed. An Exception is raised if the form is send
* back without the token
*/
public $csrf=TRUE;
/** Name of the CSRF hidden field in HTML page
*/
public $csrfField = "CSRF_TOKEN";
/** The CSRF token value
*/
private $csrfToken = "";
/** The method used to send the values
*/
private $method = "post";
/** The Bootstrap width of the column of titles
*/
public $titlewidth = 2;
/** The Bootstrap width of the column of fields
*/
public $fieldwidth = 10;
/** Define a class for form object
*/
public $formClass = "form-horizontal";
/** The logging callable method
*/
private $loggingCallable = null;
/** The logging basemsg
*/
private $loggingBasemsg = "";
/** Form template (Bootstrap3 by default)
*/
private $formTemplate = "Bootstrap3";
/** Create a form
* @param string|null $formName The form name
*/
public function __construct ($formName = "form")
// {{{
{
$this->formName = $formName;
}
// }}}
// The setters of the properties
// {{{
/** Set the debug level
* @param integer $val The debug value
*/
public function debug ($val)
{
$this->debug = $val;
return $this;
}
/** Set the csrf enable
* @param integer $val The csrf check
*/
public function csrf ($val)
{
$this->csrf = !! $val;
return $this;
}
/** Set the method
* @param string $val The method to use
*/
public function method ($val)
{
$this->method = strtolower ($val);
return $this;
}
/** Set the csrf token name
* @param integer $val The csrf token name
*/
public function csrfField ($val)
{
$this->csrfField = $val;
return $this;
}
/** Set the titlewidth
* @param integer $val The titlewidth
*/
public function titlewidth ($val)
{
$this->titlewidth = $val;
return $this;
}
/** Set the fieldwidth
* @param integer $val The fieldwidth
*/
public function fieldwidth ($val)
{
$this->fieldwidth = $val;
return $this;
}
/** Set the formClass
* @param integer $val The formClass
*/
public function formClass ($val)
{
$this->formClass = $val;
return $this;
}
/** Set logging class an method
* @param callable $loggingCallable The callable function. This method will
* receive two params : the LOG level (LOG_ERROR...) and the message
* @param string|null $loggingBasemsg The basemsg added at the beginning of
* the log
*/
public function logging ($loggingCallable, $loggingBasemsg = "")
{
$this->loggingCallable = $loggingCallable;
$this->loggingBasemsg = $loggingBasemsg;
}
/** Set the Form Templating to use.
* Can be : Bootstrap3, Bootstrap4 (later Bulma)
* @param string $formTemplate The template to use
*/
public function formTemplate ($formTemplate)
{
if (! in_array ($formTemplate,
array ("Bootstrap3", "Bootstrap4")))
throw new \Exception ("Unknown formTemplate provided", 500);
$this->formTemplate = $formTemplate;
return $this;
}
// }}}
/** The private method to log if the $this->loggingCallable is defined
* @param integer $prio The priority of the message
* @param string $msg The message to store
*/
private function loggingCallable ($prio, $msg)
// {{{
{
if (! is_callable ($this->loggingCallable))
return;
$base = "";
if ($this->loggingBasemsg !== "")
$base = $this->loggingBasemsg. " ";
call_user_func ($this->loggingCallable, $prio, $base.$msg);
}
// }}}
/** Save the array of fields into the structure.
* Available :
* - name : name of the field in the HTML page
* - label : label written to the describe the field
* - [titles] : text written in radio/checkboxes
* - [defaults] : default values. Must be array for checkbox/select, and
* string for others
* - [type] : text, password, hidden, checkbox, select, radio, submit,
* textarea
* text by default
* - [help] : The Help message (written below the field). Overwrited in
* case of error
* - [multiple] : Multiple selection are possible (if the type supports it)
* - [group] : define a fieldset and define the title with groupe name
* Warning : all the elements of the same group must be
* consecutive !
* - [readonly] : put a read-only flag on the field (the user see it but
* can't interract on it. The value will be sent to next
* page
* - [mandatory] : boolean to add a red star at end of label
* - [hidden] : hide the field (add a style='display:hidden' to the field)
* - [maxlength] : the maximum length of the content of the field in chars
* - [rows] : Number of rows
* - [cols] : Number of columns
* - [placeholder] : The text to be displayed in the placeholder
*
* @param array $fields The fields to be displayed
*/
public function fields ($fields)
// {{{
{
$this->fields = $fields;
}
// }}}
/** Add a field to the form. For the details of a field, see the description
* in fields method
* @param object $field The field to add
*/
public function addfield ($field)
// {{{
{
$this->fields[] = $field;
}
// }}}
/** Return the values provided by the user. Test the CSRF before continue
* NEVER read the values from $_POST in your codes or CSRF will not be
* checked
*/
public function values ()
// {{{
{
$values = array ();
if ($this->method === "post")
{
if (isset ($_POST[$this->formName]))
$values = $_POST[$this->formName];
}
elseif ($this->method === "get")
{
if (isset ($_GET[$this->formName]))
$values = $_GET[$this->formName];
}
else
{
$this->loggingCallable (LOG_ERR,
"Unknown FORM method (GET or POST allowed)");
throw new \Exception (dgettext ("domframework",
"Unknown FORM method (GET or POST allowed)"));
}
if (count ($values) !== 0 && $this->csrf === true)
{
// CSRF protection
try
{
$this->checkToken ($values[$this->csrfField]);
}
catch (\Exception $e)
{
$this->loggingCallable (LOG_ERR, $e->getMessage ());
throw new \Exception (dgettext ("domframework",
"Can not read the data from the form : ".
"Expired or missing CSRF Token"), 500);
}
// Remove the field CSRF : can not be used outside the form
unset ($values[$this->csrfField]);
}
if (isset ($_SESSION["domframework"]["form"][$this->formName]["fields"]))
{
foreach ($_SESSION["domframework"]["form"][$this->formName]["fields"] as
$field)
{
if ($field->type === "hidden" ||
($field->readonly !== null && $field->readonly !== false))
{
if (isset ($field->values))
$values[$field->name] = $field->values;
elseif (isset ($field->defaults))
$values[$field->name] = $field->defaults;
}
}
}
return $values;
}
// }}}
/** Return the fields in HTML code. If $values is provided, use it in place
* of default values. In case of select boxes, $values are the selected
* elements
* $method is the method written in method field of \n";
return $res;
}
// }}}
/** Check the token from the user
* @param string $tokenFromUser The value form the user's token
*/
public function checkToken ($tokenFromUser)
// {{{
{
$csrf = new Csrf ();
$csrf->field = $this->csrfField;
// The checkThenDeleteToken method check the token and except if there is a
// problem. If there is no problem, it delete the token
$csrf->checkThenDeleteToken ($tokenFromUser);
}
// }}}
/** Return the token generated in form
*/
public function getToken ()
// {{{
{
if ($this->csrfToken === "")
$this->createToken ();
return $this->csrfToken;
}
// }}}
/** Check if the parameters are correct with the defined fields
* Need the session !
* @param array $values The values to check
* @param array|null $fields The fields definition (or use the session
* stored one if the value is null)
* @return array containing the errors
*/
public function verify ($values, $fields=array ())
// {{{
{
if (count ($fields) === 0)
{
if (! isset ($_SESSION["domframework"]["form"]["fields"]))
return array ();
$fields = $_SESSION["domframework"]["form"]["fields"];
}
$errors = array ();
foreach ($fields as $field)
{
if ($field->mandatory !== null &&
(! array_key_exists ($field->name, $values) ||
trim ($values[$field->name]) === ""))
$errors[$field->name] = dgettext ("domframework",
"Field mandatory and not provided");
}
return $errors;
}
// }}}
/** If there is at least one error reported in $errors, save the old values
* and the errors in the session, and redirect to the provided url.
* If there is no error, do nothing
* @param array $values The values of the fields filled by the user
* @param array $errors The errors detected by a verify
* @param object $route the route object
* @param string|null $url The URL to redirect. If not provided, use the
* $route->requestURL () method to found the calling page
*
* Example :
$form = new \Domframework\form ();
$form->logging (array ('\apps\general\controllers\logging', 'log'),
$authHTML["email"]);
$values = $form->values ();
$errors = $spaceObj->verify ($values);
$form->redirectIfError ($values, $errors, $route, "/admin/space/");
$spaceuuid = $spaceObj->spaceCreateConceal ($values["spacename"]);
$route->redirect ("/admin/space/");
*/
public function redirectIfError ($values, $errors, $route, $url = "")
// {{{
{
$this->saveValuesErrors ($values, $errors);
if ($url === "")
$url = "/".$route->requestURL ();
if (count ($errors)) $route->redirect ($url);
$this->saveValuesErrorsReset ();
}
// }}}
/** Save the values and errors to be displayed in the next page if the session
* is available
* Need the session to work
* @param array $values The values of the fields filled by the user
* @param array|null $errors The errors detected by a verify
*/
public function saveValuesErrors ($values, $errors=array ())
// {{{
{
if (isset ($_SESSION))
{
$_SESSION["domframework"]["form"][$this->formName]["values"] = $values;
$_SESSION["domframework"]["form"][$this->formName]["errors"] = $errors;
}
}
// }}}
/** Reset the saved values to provide a clean form next page
* Need the session to work
*/
public function saveValuesErrorsReset ()
// {{{
{
unset ($_SESSION["domframework"]["form"][$this->formName]["values"]);
unset ($_SESSION["domframework"]["form"][$this->formName]["errors"]);
}
// }}}
/** Get the stored values if there is one. If there is no stored values,
* return the values provided as parameter
* @param array $values The values returned if there is no stored values
* @return array The values to use
*/
public function getOldValues ($values)
// {{{
{
if (isset ($_SESSION["domframework"]["form"][$this->formName]["values"]))
{
$values = $_SESSION["domframework"]["form"][$this->formName]["values"];
unset ($_SESSION["domframework"]["form"][$this->formName]["values"]);
}
return $values;
}
// }}}
/** Get the stored errors if there is one. If there is no sorted errors,
* return the errors provided as parameter
* @param array $errors The values returned if there is no stored values
* @return array The errors to use
*/
public function getOldErrors ($errors)
// {{{
{
if (isset ($_SESSION["domframework"]["form"][$this->formName]["errors"]))
{
$errors = $_SESSION["domframework"]["form"][$this->formName]["errors"];
unset ($_SESSION["domframework"]["form"][$this->formName]["errors"]);
}
return $errors;
}
// }}}
/** Convert Date received in one format to another.
* If the provided string is not corresponding to the format, don't change
* anything.
* Format used http://php.net/manual/en/datetime.createfromformat.php
* @param string $inputDate The date to modify
* @param string $inputFormat The input format of the date
* @param string $outputFormat The output format of the date
* @return string
*/
public function convertDate ($inputDate, $inputFormat, $outputFormat)
// {{{
{
$date = \DateTime::CreateFromFormat ($inputFormat, $inputDate);
if ($date === false)
return $inputDate;
$errors = $date->getLastErrors();
if ($errors["warning_count"] > 0 || $errors["error_count"] > 0)
return $inputDate;
return $date->format ($outputFormat);
}
// }}}
}