Added user input validation for custom fields on user_add.php.

[timetracker.git] / user_add.php

diff --git a/user_add.php b/user_add.php
index afe0a84..d6a24e3 100644 (file)
--- a/user_add.php
+++ b/user_add.php
@@ -50,6 +50,13 @@ $show_quota = $user->isPluginEnabled('mq');
 if ($user->isPluginEnabled('cl'))
   $clients = ttGroupHelper::getActiveClients();
 
+// Use custom fields plugin if it is enabled.
+if ($user->isPluginEnabled('cf')) {
+  require_once('plugins/CustomFields.class.php');
+  $custom_fields = new CustomFields();
+  $smarty->assign('custom_fields', $custom_fields);
+}
+
 $assigned_projects = array();
 if ($request->isPost()) {
   $cl_name = trim($request->getParameter('name'));
@@ -91,6 +98,21 @@ $form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','na
 if ($user->isPluginEnabled('cl'))
   $form->addInput(array('type'=>'combobox','name'=>'client','value'=>$cl_client_id,'data'=>$clients,'datakeys'=>array('id', 'name'),'empty'=>array(''=>$i18n->get('dropdown.select'))));
 
+// If we have custom fields - add controls for them.
+if ($custom_fields && $custom_fields->userFields) {
+  foreach ($custom_fields->userFields as $userField) {
+    $field_name = 'user_field_'.$userField['id'];
+    if ($userField['type'] == CustomFields::TYPE_TEXT) {
+      $form->addInput(array('type'=>'text','name'=>$field_name));
+    } elseif ($userField['type'] == CustomFields::TYPE_DROPDOWN) {
+      $form->addInput(array('type'=>'combobox','name'=>$field_name,
+      'style'=>'width: 250px;',
+      'data'=>CustomFields::getOptions($userField['id']),
+      'empty'=>array(''=>$i18n->get('dropdown.select'))));
+    }
+  }
+}
+
 $form->addInput(array('type'=>'floatfield','maxlength'=>'10','name'=>'rate','format'=>'.2','value'=>$cl_rate));
 if ($show_quota)
   $form->addInput(array('type'=>'floatfield','maxlength'=>'10','name'=>'quota_percent','format'=>'.2','value'=>$cl_quota_percent));
@@ -126,7 +148,7 @@ class RateCellRenderer extends DefaultCellRenderer {
 // Create projects table.
 $table = new Table('projects');
 $table->setIAScript('setDefaultRate');
-$table->setTableOptions(array('width'=>'100%','cellspacing'=>'1','cellpadding'=>'3','border'=>'0'));
+$table->setTableOptions(array('width'=>'300','cellspacing'=>'1','cellpadding'=>'3','border'=>'0'));
 $table->setRowOptions(array('valign'=>'top','class'=>'tableHeader'));
 $table->setData($projects);
 $table->setKeyField('id');
@@ -150,8 +172,21 @@ if ($request->isPost()) {
   if (!ttValidEmail($cl_email, true)) $err->add($i18n->get('error.field'), $i18n->get('label.email'));
   // Require selection of a client for a client role.
   if ($user->isPluginEnabled('cl') && ttRoleHelper::isClientRole($cl_role_id) && !$cl_client_id) $err->add($i18n->get('error.client'));
+  if (!ttValidFloat($cl_quota_percent, true)) $err->add($i18n->get('error.field'), $i18n->get('label.quota'));
+  // Validate input in user custom fields.
+  if ($custom_fields && $custom_fields->userFields) {
+    foreach ($custom_fields->userFields as $userField) {
+      $control_name = 'user_field_'.$userField['id'];
+      $field_label = htmlspecialchars($userField['label']);
+      $field_type = $userField['type'];
+      $required = $userField['required'];
+      $field_value = trim($request->getParameter($control_name));
+      // Validation is the same for text and dropdown fields.
+      if (!ttValidString($field_value, !$required)) $err->add($i18n->get('error.field'), $field_label);
+    }
+  }
   if (!ttValidFloat($cl_rate, true)) $err->add($i18n->get('error.field'), $i18n->get('form.users.default_rate'));
-  if (!ttValidFloat($cl_quota_percent, true)) $err->add($i18n->get('error.field'), $i18n->get('form.quota.quota'));
+  if (!ttUserHelper::canAdd()) $err->add($i18n->get('error.user_count'));
 
   if ($err->no()) {
     if (!ttUserHelper::getUserByLogin($cl_login)) {