Allow EDIT only for limited period of time

[khofm]

Hi Eugenio,

I was wondering if it's possible to limit the EDIT function to a limited time period only.

What I'd like to achieve: After entry of a new row, users should see the EDIT button for n days, then it should disappear and the entry should become uneditable.

Can you please point me in the right direction? In which file/function would I have to add conditions to achieve the above?

Thanks,
Kai


--------------------------------------------------------------------
You are using DaDaBIK version 7.1 ENTERPRISE
PHP Version: 5.6.22
mysql version: 5.0.92
Web server: Apache
Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36

 

[eugenio]

It's not something you can do easily without modifying the core code.

Using a "before update hook" (you need dadabik 8) you could do the following, which is not exactly what you need but maybe it's close enough: your do the check before executing the update and in case the record is too old, you print out a message and exit() the script.

Best,

 

[khofm]

Understood - due to customization I cannot easily upgrade.

I am happy to taking a shot at the core code. Can you please point me to the right section? Where would it be wise for me to start?

 

[eugenio]

If it's ok to just print out an error message you could do your check in index.php before the execution of the function update_record

Best,

 

[khofm]

Great.

And I guess to prevent the edit icon from showing I'd have to change this section in business_logic.php, correct?





[pre]
if ($enable_edit == "1" && $master_table_function !== 'details'){ // display the edit icon

$edit_link = $dadabik_main_file."?table_name=".urlencode($table_name)."&function=edit&where_field=".urlencode($where_field)."&where_value=".urlencode($where_value);

$results_table .= "<a class=\"onlyscreen\" target=\"_".$edit_target_window."\" href=\"".$dadabik_main_file."?table_name=".urlencode($table_name)."&function=edit&where_field=".urlencode($where_field)."&where_value=".urlencode($where_value);

if ($is_items_table === 1) {
$results_table .= "&master_table_name=".urlencode($master_table_name)."&master_table_function=".$master_table_function."&master_table_where_field=".urlencode($master_table_where_field)."&master_table_where_value=".urlencode(unescape($master_table_where_value))."&is_items_table=1";

$edit_link .= "&master_table_name=".urlencode($master_table_name)."&master_table_function=".$master_table_function."&master_table_where_field=".urlencode($master_table_where_field)."&master_table_where_value=".urlencode(unescape($master_table_where_value))."&is_items_table=1";
} // end if

$results_table .= "\"><img border=\"0\" src=\"".$edit_icon."\" alt=\"".$submit_buttons_ar["edit"]."\" title=\"".$submit_buttons_ar["edit"]."\"></a>";
} // end if
[/pre]

 

[eugenio]

Yes, it's probably all you need but I am sorry I can't guarantee 100% how this hack will work without spending a decent amount of time looking into the code (especially considering you are using an old version of dadabik).

Best,

 

[khofm]

Hi Eugenio,

I managed to conditionally display the edit icon within X days after an entry was submitted.

Now I have to prevent users from manually manipulating the URL with the GET parameters. Meaning, even if the edit icon isn't shown, they could build the URL with the edit function themselves.

I think I can prevent this is index.php. To do so I need to retrieve a timestamp from the mysql db.

Now my question: Is there a build-in function that I can use in index.php that allows me to retrieve a field value based on the '$where_value'?

Regards
Kai

 

[eugenio]

Hi,
no, you have to build the query manually, but there are standard db access functions in db_functions.php
Pay attention to security if you are going to execute a custom query according to the URL and consider that your version of DaDaBIK had security issues (see https://dadabik.com/index.php?function=show_changelog).

Best,

 

[khofm]

Thanks, got it to work. Wasn't that hard actually.

I am aware of the security issues in 7.1 and have applied the fix manually (http://dadabik.org/patch_sql_2016.txt)

 

[eugenio]

Ok, good.
That patch was released for v. 7.3 but there is - at least - another security fix released with 7.3.3

 

[khofm]

Yep, fixed that one as well Thanks!

One last question not relating to the above:

When editing a existing entry and changing the unique_id column to a value that already exists, I do get this 'ugly' error message. When I have a unique_id conflict when adding a new entry I do get a much nicer and formatted error message.

Any ideas how that can be fixed?



[pre]
[08] Error: during query execution. UPDATE `castbl_meldungen` SET `Kartennummer` = 'cas55555', `Laufzeit` = '24', `Ausgabedatum` = '2018-02-21', `Vorname` = 'kjhbhkj', `Nachname` = 'hkjfghdfgh5674567', `Strasse` = 'h', `Postleitzahl` = '56745', `Ort` = 'hkj', `Kennzeichen` = 'hkj' where `Kartennummer` = 'cas88888'
The DBMS server said: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'cas55555' for key 1
[/pre]

 

[darren]

khofm If you use the setting 'Check for duplicated entries during INSERT?' in the forms tab you will get a message saying that there is a possible duplicate entry

otherwise I wrote a little code for my system because I had some fields where the entries were similar only differing by 1 number or so and it would always give me a possible duplicate problem. The code I used is a little long and could easily be 'beutified' but it works regardless

[pre]
elseif(stripos($e->getMessage(), 'Integrity constraint violation') !== false){
echo 'There is a duplicate entry in the Table in the field where you put ' . substr($e->getMessage(), (stripos($e->getMessage(), 'Duplicate Entry') + '15'), (stripos($e->getMessage(), 'for key') - ((stripos($e->getMessage(), 'Duplicate Entry') + '15'))));
}
[/pre]

I put this under the if statement
[pre]
if ($debug_mode === 1){
//echo ' '.htmlentities($sql).'<br/>The DBMS server said: '.$e->getMessage();
echo ' '.htmlspecialchars($sql).'<br/>The DBMS server said: '.$e->getMessage();
}
[/pre]

in include/db_functions_pdo.php

to get the actual field where the user input the duplicate entry would require MySQL queries that test for the key name and which field is associated with that key, etc... and a bit more PHP code, more than necessary for my needs, but it is quite possible.

 

[eugenio]

Actually there isn't any separate patch available to get the fix released in 7.3.3.
About your question Darren already replied you about the "Check for duplicated" feature, which is available only during INSERT (not update). You can, however, write your logic in a custom validation function.

Best,

 

[khofm]

Thanks both!