From 78d15b084d7297a01c44d449921f571c3214e34d Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Sun, 16 Oct 2011 23:37:11 +0000
Subject: [PATCH] DomainHandler.php: - split add() function to   - set()
 (validate values) and   - store() (write to database) - set():   - replace
 $checked with $this->values   - store validation summary in
 $this->values_valid

PFAHandler.php:
- change _inp_* functions to return true/false if value is (in)valid
  instead if the sanitized value. They now also set $this->errormsg[]
  (not the final solution, but works for now)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1210 a1433add-5e2c-0410-b055-b7f2511e0802
---
 model/DomainHandler.php | 31 +++++++++++++++++++++++--------
 model/PFAHandler.php    | 20 ++++++++++++++------
 2 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/model/DomainHandler.php b/model/DomainHandler.php
index c25975c5..5794b6ea 100644
--- a/model/DomainHandler.php
+++ b/model/DomainHandler.php
@@ -11,6 +11,8 @@ class DomainHandler extends PFAHandler {
     protected $id_field = null;
     protected $struct = array();
     protected $new = 0; # 1 on create, otherwise 0
+    protected $values = array();
+    protected $values_valid = false;
 
     public $errormsg = array();
 
@@ -99,7 +101,7 @@ class DomainHandler extends PFAHandler {
         return $transports[$id-1];
     }
 
-    public function add($values) {
+    public function set($values) {
         # TODO: make this a generic function for add and edit
         # TODO: move DB writes etc. to separate save() function (to allow on-the-fly validation before saving to DB)
 
@@ -110,11 +112,12 @@ class DomainHandler extends PFAHandler {
         }
 
         # base validation
-        $checked = array();
+        $this->values = array();
+        $this->values_valid = false;
         foreach($this->struct as $key=>$row) {
             if ($row['editable'] == 0) { # not editable
                 if ($this->new == 1) {
-                    $checked[$key] = $row['default'];
+                    $this->values[$key] = $row['default'];
                 }
             } else {
                 $func="_inp_".$row['type'];
@@ -122,10 +125,12 @@ class DomainHandler extends PFAHandler {
                 $val=$values[$key];
                 if ($row['type'] != "password" || strlen($values[$key]) > 0 || $this->new == 1) { # skip on empty (aka unchanged) password on edit
                     if (method_exists($this, $func) ) {
-                        $checked[$key] = $this->{$func}($values[$key]);
+                        if ($this->{$func}($key, $values[$key])) {
+                            $this->values[$key] = $values[$key];
+                        }
                     } else {
                         # TODO: warning if no validation function exists?
-                        $checked[$key] = $values[$key];
+                        $this->values[$key] = $values[$key];
                     }
                 }
             }
@@ -133,9 +138,19 @@ class DomainHandler extends PFAHandler {
 
         # TODO: more validation
 
-#        $checked[$this->id_field] = $this->username; # should already be set (if $this->new) via values[$this->id_field] and the base check
+        if (count($this->errormsg) == 0) {
+            $this->values_valid = true;
+        }
+        return $this->values_valid;
+    }
+
+    function store() {
+        if ($this->values_valid == false) {
+            $this->errormsg[] = "one or more values are invalid!";
+            return false;
+        }
 
-        $db_values = $checked;
+        $db_values = $this->values;
         unset ($db_values['default_aliases']); # TODO: automate based on $this->struct
 
         $result = db_insert($this->db_table, $db_values);
@@ -143,7 +158,7 @@ class DomainHandler extends PFAHandler {
             $this->errormsg[] = Lang::read('pAdminCreate_domain_result_error') . "\n(" . $this->username . ")\n";
             return false;
         } else {
-            if ($this->new && $values['default_aliases']) {
+            if ($this->new && $this->values['default_aliases']) {
                 foreach (Config::read('default_aliases') as $address=>$goto) {
                     $address = $address . "@" . $this->username;
                     # TODO: use AliasHandler->add instead of writing directly to the alias table
diff --git a/model/PFAHandler.php b/model/PFAHandler.php
index 5ab90ff8..5a197af1 100644
--- a/model/PFAHandler.php
+++ b/model/PFAHandler.php
@@ -12,17 +12,25 @@ class PFAHandler {
     /**
       * functions for basic input validation
       */
-    function _inp_num($val) {
-        return (int)($val);
+    function _inp_num($field, $val) {
+        $valid = is_numeric($val);
+        if ($val < -1) $valid = false;
+        if (!$valid) $this->errormsg[] = "$field must be numeric";
+        return $valid;
+        # return (int)($val);
     }
 
-    function _inp_bool($val) {
-        return $val ? db_get_boolean(true): db_get_boolean(false);
+    function _inp_bool($field, $val) {
+        if ($val == "0" || $val == "1") return true;
+        $this->errormsg[] = "$field must be boolean";
+        return false;
+        # return $val ? db_get_boolean(true): db_get_boolean(false);
     }
 
-    function _inp_password($val){
+    function _inp_password($field, $val){
         # TODO: fetchmail specific. Not suited for mailbox/admin passwords.
-        return base64_encode($val);
+        return false;
+        # return base64_encode($val);
     }
 
 }