/** * Model Security * * filter to check permissions in $model->access_list, * which can be set in the data model via: * $model->let_read/let_write/let_access( 'group:callback' ) * * @author Brian Hendrickson <*****@*****.**> * @access public * @param Mapper $req * @param Database $db * @return boolean * @todo modify to handle a partial set of fields */ function model_security(&$request, &$db) { $action = $request->action; if (isset($request->resource)) { $model =& $db->get_table($request->resource); } else { return true; } // request is not for a resource if (public_resource()) { return true; } if (virtual_resource()) { return true; } if (!in_array($action, $model->allowed_methods, true)) { $action = 'get'; } $failed = false; authenticate_with_openid(); // this switch is now repeated in $model->can($action) switch ($action) { case 'get': if (!($model && $model->can_read_fields($model->field_array))) { $failed = true; } break; case 'put': $submitted = $model->fields_from_request($request); foreach ($submitted as $table => $fieldlist) { $model =& $db->get_table($table); if (!($model && $model->can_write_fields($fieldlist))) { $failed = true; } } break; case 'post': $submitted = $model->fields_from_request($request); foreach ($submitted as $table => $fieldlist) { $model =& $db->get_table($table); if (!($model && $model->can_create($table))) { $failed = true; } } break; case 'delete': if (!($model && $model->can_delete($request->resource))) { $failed = true; } break; default: $failed = true; } if (!$failed) { return true; } authenticate_with_openid(); trigger_error("Sorry, you do not have permission to {$action} " . $request->resource, E_USER_ERROR); }
public function get_content ($query, $perpage, $page, $start) { $names = Database::set_counter()->get_vector( 'user', array('id', 'username'), "last_draw != '0000-00-00 00:00:00' order by last_draw desc limit $start, $perpage" ); $authors = Database::get_full_table( 'meta', Database::array_in('name', $names), $names ); $items = array(); $names = array_values($names); foreach ($authors as $author) { $order_id = array_search($author['name'], $names); $items[$order_id] = $author; } ksort($items); $return = array(); $aliases = array(); foreach ($items as $id => $item) { $return[$id] = new Item_Author($item); $aliases[] = $item['alias']; } unset ($items); $condition = Database::make_search_condition('meta', array(array('+', $aliases, 'author'))); $arts = Database::get_table('art', array('id', 'user_id', 'meta', 'name', 'comments'), $condition.' and area="main" order by date desc' ); foreach ($return as $id => $gallery) { foreach ($arts as $art_id => $art) { if (strpos($art['meta'], 'author__'.$gallery['alias'])) { $gallery->add_to('images', $art); unset($arts[$art_id]); } if (count($gallery['images']) > 4) { break; } } } return $return; }
protected function link($data) { $link_ids = Database::get_table('post_update_link', 'id', 'update_id = ?', $this->model->get_id()); Database::delete('post_update_link_url', Database::array_in('link_id', $link_ids), $link_ids); Database::delete('post_update_link', 'update_id = ?', $this->model->get_id()); $links = Check::link_array($data['link']); $links = Transform_Link::parse($links); foreach ($links as $link) { $link = new Model_Post_Update_Link($link); $this->model->add_link($link); } }
public static function activate() { global $wpdb; $db = new Database($wpdb); if (!$db->get_table(self::reports_table_name())) { $sql = "CREATE TABLE IF NOT EXISTS `" . self::reports_table_name() . "` (\r\n\t\t\t\t`id` INT(4) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,\r\n\t\t\t\t`title` varchar(200) NOT NULL UNIQUE,\r\n\t\t\t\t`description` text NOT NULL,\r\n\t\t\t\t`mime_type` varchar(50) NOT NULL DEFAULT 'text/html',\r\n\t\t\t\t`file_extension` varchar(10) DEFAULT NULL COMMENT 'If defined, this report will be downloaded.',\r\n\t\t\t\t`template` text NOT NULL COMMENT 'The Twig template used to display this report.'\r\n\t\t\t\t) ENGINE=InnoDB;"; $wpdb->query($sql); } if (!$db->get_table(self::report_sources_table_name())) { $sql = "CREATE TABLE IF NOT EXISTS `" . self::report_sources_table_name() . "` (\r\n\t\t\t\t`id` INT(5) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,\r\n\t\t\t\t`report` INT(4) unsigned NOT NULL,\r\n\t\t\t\t\t\tFOREIGN KEY (`report`) REFERENCES `" . self::reports_table_name() . "` (`id`),\r\n\t\t\t\t`name` varchar(50) NOT NULL,\r\n\t\t\t\t`query` text NOT NULL\r\n\t\t\t\t) ENGINE=InnoDB;"; $wpdb->query($sql); } if (0 == $wpdb->get_var("SELECT COUNT(*) FROM `" . self::reports_table_name() . "`")) { // Create the default report, to list all reports. $template_string = "<dl>\n" . "{% for report in reports %}\n" . " <dt><a href='{{ admin_url('admin.php?page=tabulate&controller=reports&id='~report.id) }}'>{{report.title}}</a></dt>\n" . " <dd>{{report.description}}</dd>\n" . "{% endfor %}\n" . "</dl>"; $sql1 = "INSERT INTO `" . self::reports_table_name() . "` SET" . " id = " . self::DEFAULT_REPORT_ID . ", " . " title = 'Reports', " . " description = 'List of all Reports.'," . " template = %s;"; $wpdb->query($wpdb->prepare($sql1, array($template_string))); // And the query for the above report. $query = "SELECT * FROM " . self::reports_table_name(); $sql2 = "INSERT INTO `" . self::report_sources_table_name() . "` SET " . " report = " . self::DEFAULT_REPORT_ID . "," . " name = 'reports'," . " query = %s;"; $wpdb->query($wpdb->prepare($sql2, array($query))); } }
protected function get_latest_art () { $latest_art_count = Config::settings('latest_art', 'count'); $latest = Database::get_table( 'art', array('id', 'user_id', 'name'), 'area != "deleted" order by date desc limit '.$latest_art_count ); $galleries = array(); $image_limit = Config::settings('latest_art', 'image_limit'); $galleries_limit =Config::settings('latest_art', 'galleries_limit'); foreach ($latest as $art) { if ( !empty($galleries[$art['user_id']]['images']) && count($galleries[$art['user_id']]['images']) >= $image_limit ) { continue; } $galleries[$art['user_id']]['images'][] = array( 'id' => $art['id'], 'name' => $art['name'], ); } $galleries = array_slice($galleries, 0, $galleries_limit, true); $users = Database::get_vector( 'user', array('id', 'username'), Database::array_in('id', $galleries), array_keys($galleries) ); foreach ($users as $id => $user) { $alias = Meta_Author::get_alias_by_name($user); $galleries[$id]['link'] = empty($alias) ? $user : $alias; $galleries[$id]['username'] = $user; } $this->items['new'] = $galleries; }
protected function parse_data($id) { $raw = Database::get_table('setting', array('section', 'key', 'value'), 'id_cookie = ?', $id); $data = array(); foreach ($raw as $item) { if (!isset($data[$item['section']])) { $data[$item['section']] = array(); } $data[$item['section']][$item['key']] = $item['value']; } if (empty($data['user'])) { $data['user'] = []; } $this->data = $data; return $id; }
public function get_duel_data($user) { $deck = Database::join('game_booster', 'gb.id_game_set = gs.id')->join('game_booster_card', 'gbc.id_game_booster = gb.id')->get_table('game_set', array('gbc.id_card', 'gbc.deck', 'gbc.sided'), 'gs.id_game = ? and gbc.id_user = ?', array($this->get_id(), $user)); $users = Database::get_table('game_user', 'id_user', 'id_game = ? and id_user != ? and created_deck = 1', array($this->get_id(), $user)); return array('deck' => $deck, 'users' => $users, 'ready' => true); }
function parse_meta ($meta, $table) { $fields = array('alias', 'name'); if ($table == 'tag') { $fields[] = 'variants'; } if (preg_match('/[^a-z_\d]/iu', $table)) { return array(); } $meta = array_filter(explode('|', $meta)); $data = (array) Database::get_table($table, $fields, Database::array_in('alias', $meta), $meta ); $text = ''; foreach ($data as $one) { $text .= ' '.$one['alias'].' '.$one['name'].' '.$one['variants']; } return $this->parse_text($text); }
<? include '../inc.common.php'; $translations = Database::get_table('art_translation', array('data')); foreach ($translations as $item) { $data = (array) unserialize(base64_decode($item['data'])); foreach ($data as $one) { if (strpos($one['text'], '&') !== false) { echo $one['text'] . '<br /><br />'; } } }