/**
* Model Security
*
* filter to check permissions in $model->access_list,
* which can be set in the data model via:
* $model->let_read/let_write/let_access( 'group:callback' )
*
* @author Brian Hendrickson <*****@*****.**>
* @access public
* @param Mapper $req
* @param Database $db
* @return boolean
* @todo modify to handle a partial set of fields
*/
function model_security(&$request, &$db)
{
$action = $request->action;
if (isset($request->resource)) {
$model =& $db->get_table($request->resource);
} else {
return true;
}
// request is not for a resource
if (public_resource()) {
return true;
}
if (virtual_resource()) {
return true;
}
if (!in_array($action, $model->allowed_methods, true)) {
$action = 'get';
}
$failed = false;
authenticate_with_openid();
// this switch is now repeated in $model->can($action)
switch ($action) {
case 'get':
if (!($model && $model->can_read_fields($model->field_array))) {
$failed = true;
}
break;
case 'put':
$submitted = $model->fields_from_request($request);
foreach ($submitted as $table => $fieldlist) {
$model =& $db->get_table($table);
if (!($model && $model->can_write_fields($fieldlist))) {
$failed = true;
}
}
break;
case 'post':
$submitted = $model->fields_from_request($request);
foreach ($submitted as $table => $fieldlist) {
$model =& $db->get_table($table);
if (!($model && $model->can_create($table))) {
$failed = true;
}
}
break;
case 'delete':
if (!($model && $model->can_delete($request->resource))) {
$failed = true;
}
break;
default:
$failed = true;
}
if (!$failed) {
return true;
}
authenticate_with_openid();
trigger_error("Sorry, you do not have permission to {$action} " . $request->resource, E_USER_ERROR);
}
public function get_content ($query, $perpage, $page, $start) {
$names = Database::set_counter()->get_vector(
'user',
array('id', 'username'),
"last_draw != '0000-00-00 00:00:00' order by last_draw desc limit $start, $perpage"
);
$authors = Database::get_full_table(
'meta',
Database::array_in('name', $names),
$names
);
$items = array();
$names = array_values($names);
foreach ($authors as $author) {
$order_id = array_search($author['name'], $names);
$items[$order_id] = $author;
}
ksort($items);
$return = array();
$aliases = array();
foreach ($items as $id => $item) {
$return[$id] = new Item_Author($item);
$aliases[] = $item['alias'];
}
unset ($items);
$condition = Database::make_search_condition('meta', array(array('+', $aliases, 'author')));
$arts = Database::get_table('art',
array('id', 'user_id', 'meta', 'name', 'comments'),
$condition.' and area="main" order by date desc'
);
foreach ($return as $id => $gallery) {
foreach ($arts as $art_id => $art) {
if (strpos($art['meta'], 'author__'.$gallery['alias'])) {
$gallery->add_to('images', $art);
unset($arts[$art_id]);
}
if (count($gallery['images']) > 4) {
break;
}
}
}
return $return;
}
protected function link($data)
{
$link_ids = Database::get_table('post_update_link', 'id', 'update_id = ?', $this->model->get_id());
Database::delete('post_update_link_url', Database::array_in('link_id', $link_ids), $link_ids);
Database::delete('post_update_link', 'update_id = ?', $this->model->get_id());
$links = Check::link_array($data['link']);
$links = Transform_Link::parse($links);
foreach ($links as $link) {
$link = new Model_Post_Update_Link($link);
$this->model->add_link($link);
}
}
public static function activate()
{
global $wpdb;
$db = new Database($wpdb);
if (!$db->get_table(self::reports_table_name())) {
$sql = "CREATE TABLE IF NOT EXISTS `" . self::reports_table_name() . "` (\r\n\t\t\t\t`id` INT(4) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,\r\n\t\t\t\t`title` varchar(200) NOT NULL UNIQUE,\r\n\t\t\t\t`description` text NOT NULL,\r\n\t\t\t\t`mime_type` varchar(50) NOT NULL DEFAULT 'text/html',\r\n\t\t\t\t`file_extension` varchar(10) DEFAULT NULL COMMENT 'If defined, this report will be downloaded.',\r\n\t\t\t\t`template` text NOT NULL COMMENT 'The Twig template used to display this report.'\r\n\t\t\t\t) ENGINE=InnoDB;";
$wpdb->query($sql);
}
if (!$db->get_table(self::report_sources_table_name())) {
$sql = "CREATE TABLE IF NOT EXISTS `" . self::report_sources_table_name() . "` (\r\n\t\t\t\t`id` INT(5) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,\r\n\t\t\t\t`report` INT(4) unsigned NOT NULL,\r\n\t\t\t\t\t\tFOREIGN KEY (`report`) REFERENCES `" . self::reports_table_name() . "` (`id`),\r\n\t\t\t\t`name` varchar(50) NOT NULL,\r\n\t\t\t\t`query` text NOT NULL\r\n\t\t\t\t) ENGINE=InnoDB;";
$wpdb->query($sql);
}
if (0 == $wpdb->get_var("SELECT COUNT(*) FROM `" . self::reports_table_name() . "`")) {
// Create the default report, to list all reports.
$template_string = "<dl>\n" . "{% for report in reports %}\n" . " <dt><a href='{{ admin_url('admin.php?page=tabulate&controller=reports&id='~report.id) }}'>{{report.title}}</a></dt>\n" . " <dd>{{report.description}}</dd>\n" . "{% endfor %}\n" . "</dl>";
$sql1 = "INSERT INTO `" . self::reports_table_name() . "` SET" . " id = " . self::DEFAULT_REPORT_ID . ", " . " title = 'Reports', " . " description = 'List of all Reports.'," . " template = %s;";
$wpdb->query($wpdb->prepare($sql1, array($template_string)));
// And the query for the above report.
$query = "SELECT * FROM " . self::reports_table_name();
$sql2 = "INSERT INTO `" . self::report_sources_table_name() . "` SET " . " report = " . self::DEFAULT_REPORT_ID . "," . " name = 'reports'," . " query = %s;";
$wpdb->query($wpdb->prepare($sql2, array($query)));
}
}
protected function get_latest_art () {
$latest_art_count = Config::settings('latest_art', 'count');
$latest = Database::get_table(
'art',
array('id', 'user_id', 'name'),
'area != "deleted" order by date desc limit '.$latest_art_count
);
$galleries = array();
$image_limit = Config::settings('latest_art', 'image_limit');
$galleries_limit =Config::settings('latest_art', 'galleries_limit');
foreach ($latest as $art) {
if (
!empty($galleries[$art['user_id']]['images']) &&
count($galleries[$art['user_id']]['images']) >= $image_limit
) {
continue;
}
$galleries[$art['user_id']]['images'][] = array(
'id' => $art['id'],
'name' => $art['name'],
);
}
$galleries = array_slice($galleries, 0, $galleries_limit, true);
$users = Database::get_vector(
'user',
array('id', 'username'),
Database::array_in('id', $galleries),
array_keys($galleries)
);
foreach ($users as $id => $user) {
$alias = Meta_Author::get_alias_by_name($user);
$galleries[$id]['link'] = empty($alias) ? $user : $alias;
$galleries[$id]['username'] = $user;
}
$this->items['new'] = $galleries;
}
protected function parse_data($id)
{
$raw = Database::get_table('setting', array('section', 'key', 'value'),
'id_cookie = ?', $id);
$data = array();
foreach ($raw as $item) {
if (!isset($data[$item['section']])) {
$data[$item['section']] = array();
}
$data[$item['section']][$item['key']] = $item['value'];
}
if (empty($data['user'])) {
$data['user'] = [];
}
$this->data = $data;
return $id;
}
public function get_duel_data($user)
{
$deck = Database::join('game_booster', 'gb.id_game_set = gs.id')->join('game_booster_card', 'gbc.id_game_booster = gb.id')->get_table('game_set', array('gbc.id_card', 'gbc.deck', 'gbc.sided'), 'gs.id_game = ? and gbc.id_user = ?', array($this->get_id(), $user));
$users = Database::get_table('game_user', 'id_user', 'id_game = ? and id_user != ? and created_deck = 1', array($this->get_id(), $user));
return array('deck' => $deck, 'users' => $users, 'ready' => true);
}
function parse_meta ($meta, $table) {
$fields = array('alias', 'name');
if ($table == 'tag') {
$fields[] = 'variants';
}
if (preg_match('/[^a-z_\d]/iu', $table)) {
return array();
}
$meta = array_filter(explode('|', $meta));
$data = (array) Database::get_table($table,
$fields,
Database::array_in('alias', $meta),
$meta
);
$text = '';
foreach ($data as $one) {
$text .= ' '.$one['alias'].' '.$one['name'].' '.$one['variants'];
}
return $this->parse_text($text);
}
<?
include '../inc.common.php';
$translations = Database::get_table('art_translation', array('data'));
foreach ($translations as $item) {
$data = (array) unserialize(base64_decode($item['data']));
foreach ($data as $one) {
if (strpos($one['text'], '&') !== false) {
echo $one['text'] . '<br /><br />';
}
}
}
