CRM/Contact/Form/Search/Custom/Base.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 4.4                                                |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2013                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26 */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2013
  32  * $Id$
  33  *
  34  */
  35 class CRM_Contact_Form_Search_Custom_Base {
  36
  37   protected $_formValues;
  38
  39   protected $_columns;
  40
  41   protected $_stateID;
  42
  43   function __construct(&$formValues) {
  44     $this->_formValues = &$formValues;
  45   }
  46
  47   function count() {
  48     return CRM_Core_DAO::singleValueQuery($this->sql('count(distinct contact_a.id) as total'));
  49   }
  50
  51   function summary() {
  52     return NULL;
  53   }
  54
  55   function contactIDs($offset = 0, $rowcount = 0, $sort = NULL, $returnSQL = FALSE) {
  56     $sql = $this->sql(
  57       'contact_a.id as contact_id',
  58       $offset,
  59       $rowcount,
  60       $sort
  61     );
  62     $this->validateUserSQL($sql);
  63
  64     if ($returnSQL) {
  65       return $sql;
  66     }
  67
  68     return CRM_Core_DAO::composeQuery($sql, CRM_Core_DAO::$_nullArray);
  69   }
  70
  71   function sql(
  72     $selectClause,
  73     $offset   = 0,
  74     $rowcount = 0,
  75     $sort = NULL,
  76     $includeContactIDs = FALSE,
  77     $groupBy           = NULL
  78   ) {
  79
  80     $sql = "SELECT $selectClause " . $this->from();
  81     $where = $this->where();
  82     if (!empty($where)) {
  83       $sql .= " WHERE " . $where;
  84     }
  85
  86     if ($includeContactIDs) {
  87       $this->includeContactIDs($sql,
  88         $this->_formValues
  89       );
  90     }
  91
  92     if ($groupBy) {
  93       $sql .= " $groupBy ";
  94     }
  95
  96     $this->addSortOffset($sql, $offset, $rowcount, $sort);
  97     return $sql;
  98   }
  99
 100   function templateFile() {
 101     return NULL;
 102   }
 103
 104   function &columns() {
 105     return $this->_columns;
 106   }
 107
 108   static function includeContactIDs(&$sql, &$formValues) {
 109     $contactIDs = array();
 110     foreach ($formValues as $id => $value) {
 111       if ($value &&
 112         substr($id, 0, CRM_Core_Form::CB_PREFIX_LEN) == CRM_Core_Form::CB_PREFIX
 113       ) {
 114         $contactIDs[] = substr($id, CRM_Core_Form::CB_PREFIX_LEN);
 115       }
 116     }
 117
 118     if (!empty($contactIDs)) {
 119       $contactIDs = implode(', ', $contactIDs);
 120       $sql .= " AND contact_a.id IN ( $contactIDs )";
 121     }
 122   }
 123
 124   function addSortOffset(&$sql, $offset, $rowcount, $sort) {
 125     if (!empty($sort)) {
 126       if (is_string($sort)) {
 127         $sort = CRM_Utils_Type::escape($sort, 'String');
 128         $sql .= " ORDER BY $sort ";
 129       }
 130       else {
 131         $sql .= " ORDER BY " . trim($sort->orderBy());
 132       }
 133     }
 134
 135     if ($rowcount > 0 && $offset >= 0) {
 136       $offset = CRM_Utils_Type::escape($offset, 'Int');
 137       $rowcount = CRM_Utils_Type::escape($rowcount, 'Int');
 138
 139       $sql .= " LIMIT $offset, $rowcount ";
 140     }
 141   }
 142
 143   function validateUserSQL(&$sql, $onlyWhere = FALSE) {
 144     $includeStrings = array('contact_a');
 145     $excludeStrings = array('insert', 'delete', 'update');
 146
 147     if (!$onlyWhere) {
 148       $includeStrings += array('select', 'from', 'where', 'civicrm_contact');
 149     }
 150
 151     foreach ($includeStrings as $string) {
 152       if (stripos($sql, $string) === FALSE) {
 153         CRM_Core_Error::fatal(ts('Could not find \'%1\' string in SQL clause.',
 154             array(1 => $string)
 155           ));
 156       }
 157     }
 158
 159     foreach ($excludeStrings as $string) {
 160       if (preg_match('/(\s' . $string . ')|(' . $string . '\s)/i', $sql)) {
 161         CRM_Core_Error::fatal(ts('Found illegal \'%1\' string in SQL clause.',
 162             array(1 => $string)
 163           ));
 164       }
 165     }
 166   }
 167
 168   function whereClause(&$where, &$params) {
 169     return CRM_Core_DAO::composeQuery($where, $params, TRUE);
 170   }
 171
 172   // override this method to define the contact query object
 173   // used for creating $sql
 174   function getQueryObj() {
 175     return NULL;
 176   }
 177 }