public function ilist($parent_id = NULL) { $where = ''; if (!is_null($parent_id)) { $where .= 'and parent_id=' . dbq($parent_id); } return db_array("select * from " . $this->table_name . " where status=0 {$where} order by parent_id, prio desc, iname"); }
function add_thread($itemid, $onlyshadow = false) { $items = q("SELECT `uid`, `created`, `edited`, `commented`, `received`, `changed`, `wall`, `private`, `pubmail`, `moderated`, `visible`, `spam`, `starred`, `bookmark`, `contact-id`,\n\t\t\t`deleted`, `origin`, `forum_mode`, `mention`, `network` FROM `item` WHERE `id` = %d AND (`parent` = %d OR `parent` = 0) LIMIT 1", intval($itemid), intval($itemid)); if (!$items) { return; } $item = $items[0]; $item['iid'] = $itemid; if (!$onlyshadow) { $result = dbq("INSERT INTO `thread` (`" . implode("`, `", array_keys($item)) . "`) VALUES ('" . implode("', '", array_values($item)) . "')"); logger("add_thread: Add thread for item " . $itemid . " - " . print_r($result, true), LOGGER_DEBUG); } // is it already a copy? if ($itemid == 0 or $item['uid'] == 0) { return; } // Is it a visible public post? if (!$item["visible"] or $item["deleted"] or $item["moderated"] or $item["private"]) { return; } // is it an entry from a connector? Only add an entry for natively connected networks if (!in_array($item["network"], array(NETWORK_DFRN, NETWORK_DIASPORA, NETWORK_OSTATUS, ""))) { return; } // Only do these checks if the post isn't a wall post if (!$item["wall"]) { // Check, if hide-friends is activated - then don't do a shadow entry $r = q("SELECT `hide-friends` FROM `profile` WHERE `is-default` AND `uid` = %d AND NOT `hide-friends`", $item['uid']); if (!count($r)) { return; } // Check if the contact is hidden or blocked $r = q("SELECT `id` FROM `contact` WHERE NOT `hidden` AND NOT `blocked` AND `id` = %d", $item['contact-id']); if (!count($r)) { return; } } // Only add a shadow, if the profile isn't hidden $r = q("SELECT `uid` FROM `user` where `uid` = %d AND NOT `hidewall`", $item['uid']); if (!count($r)) { return; } $item = q("SELECT * FROM `item` WHERE `id` = %d", intval($itemid)); if (count($item) and $item[0]["allow_cid"] == '' and $item[0]["allow_gid"] == '' and $item[0]["deny_cid"] == '' and $item[0]["deny_gid"] == '') { $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = 0 LIMIT 1", dbesc($item['uri'])); if (!$r) { // Preparing public shadow (removing user specific data) require_once "include/items.php"; require_once "include/Contact.php"; unset($item[0]['id']); $item[0]['uid'] = 0; $item[0]['contact-id'] = get_contact($item[0]['author-link'], 0); $public_shadow = item_store($item[0], false, false, true); logger("add_thread: Stored public shadow for post " . $itemid . " under id " . $public_shadow, LOGGER_DEBUG); } } }
function makeStructure($parent, $prefix, $sort) { global $user, $id, $path, $cfg, $lang; $db = dbq("SELECT id, title, type, online, sort FROM {$cfg['db']['prefix']}_structure WHERE parent = {$parent} AND viewRights LIKE '%({$user['parent']})%' ORDER BY {$sort}"); if (is_array($db)) { for ($i = 0; $i < count($db); $i++) { echo '<tr><td><table><tr>'; echo $prefix; if (isset($db[$i + 1])) { echo '<td class="thread trb"> </td>'; } else { echo '<td class="thread tr"> </td>'; } if (in_array(array($db[$i]['id'], $db[$i]['title']), $path) && dbq("SELECT * FROM {$cfg['db']['prefix']}_structure WHERE parent = {$db[$i]['id']}")) { echo '<td class="thread bl">'; } else { echo '<td class="thread l">'; } if (file_exists('img/ico-rec/' . $db[$i]['type'] . '.gif')) { echo '<img src="img/ico-rec/' . $db[$i]['type'] . '.gif" alt="' . ucfirst($db[$i]['type']) . '" /></td><td>'; } else { echo '<img src="img/ico-rec/folder.gif" alt="' . ucfirst($db[$i]['type']) . '" /></td><td>'; } if ($db[$i]['id'] == $id) { echo '<strong>'; } if ($db[$i]['online'] == 0) { echo '<em>'; } if ($user['parent'] == '970') { $sql = "SELECT * FROM user WHERE email = '" . $_SESSION['epUser']['title'] . "'"; $test = dbq($sql); echo '<a href=".?id=' . $db[$i]['id'] . '&aid=' . $test[0]['id'] . '">' . htmlspecialchars($db[$i]['title']) . '</a>'; } else { if ($db[$i]['title'] != '') { echo '<a href=".?id=' . $db[$i]['id'] . '">' . htmlspecialchars($db[$i]['title']) . '</a>'; } else { echo '<a href=".?id=' . $db[$i]['id'] . '">' . $lang[5] . '</a>'; } } if ($db[$i]['online'] == 0) { echo '</em>'; } if ($db[$i]['id'] == $id) { echo '</strong>'; } echo '</td></tr></table></td></tr>'; if (in_array(array($db[$i]['id'], $db[$i]['title']), $path) && dbq("SELECT * FROM {$cfg['db']['prefix']}_structure WHERE parent = {$db[$i]['id']}")) { if (isset($db[$i + 1])) { makeStructure($db[$i]['id'], $prefix . '<td class="thread tb"> </td>', $db[$i]['sort']); } else { makeStructure($db[$i]['id'], $prefix . '<td class="thread"> </td>', $db[$i]['sort']); } } } } }
function add_thread($itemid) { $items = q("SELECT `uid`, `created`, `edited`, `commented`, `received`, `changed`, `wall`, `private`, `pubmail`, `moderated`, `visible`, `spam`, `starred`, `bookmark`, `contact-id`,\n\t\t\t`deleted`, `origin`, `forum_mode`, `mention`, `network` FROM `item` WHERE `id` = %d AND (`parent` = %d OR `parent` = 0) LIMIT 1", intval($itemid), intval($itemid)); if (!$items) { return; } $item = $items[0]; $item['iid'] = $itemid; $result = dbq("INSERT INTO `thread` (`" . implode("`, `", array_keys($item)) . "`) VALUES ('" . implode("', '", array_values($item)) . "')"); logger("add_thread: Add thread for item " . $itemid . " - " . print_r($result, true), LOGGER_DEBUG); }
public function IndexAction() { #get filters from the search form $f = $this->get_filter(); $this->set_list_sorting(); $this->list_where = ' 1=1 '; $this->set_list_search(); //other filters add to $this->list_where here //if search - no category if ($f['s'] == '') { $this->list_where .= ' and icat=' . dbq($f['icat']); } $this->get_list_rows(); //add/modify rows from db /* foreach ($this->list_rows as $k => $row) { $this->list_rows[$k]['field'] = 'value'; } */ $ps = array('list_rows' => $this->list_rows, 'count' => $this->list_count, 'pager' => $this->list_pager, 'f' => $this->list_filter); return $ps; }
function save_np_categories($userid = 0, $subscribe = 0, $categories = array()) { if ($subscribe == false) { $sql = 'DELETE FROM np_customer_category WHERE custid_fk = ' . $userid; dbq($sql); $return['success'] = true; $return['message'] = 'User removed from Newsletter Pro'; } else { if (count($categories) <= 0) { $return['success'] = false; $return['message'] = 'Unable to save user. At least one category is required.'; } else { $sql = 'DELETE FROM np_customer_category WHERE custid_fk = ' . $userid; dbq($sql); foreach ($categories as $cat) { $sql = 'INSERT INTO np_customer_category (custid_fk, categoryid_fk) VALUES (' . $userid . ', ' . $cat . ');'; dbq($sql); } $return['success'] = true; $return['message'] = 'Newsletter Pro categories have been saved.'; } } return $return; }
function local_delivery($importer, $data) { $a = get_app(); logger(__FUNCTION__, LOGGER_TRACE); if ($importer['readonly']) { // We aren't receiving stuff from this person. But we will quietly ignore them // rather than a blatant "go away" message. logger('local_delivery: ignoring'); return 0; //NOTREACHED } // Consume notification feed. This may differ from consuming a public feed in several ways // - might contain email or friend suggestions // - might contain remote followup to our message // - in which case we need to accept it and then notify other conversants // - we may need to send various email notifications $feed = new SimplePie(); $feed->set_raw_data($data); $feed->enable_order_by_date(false); $feed->init(); if ($feed->error()) { logger('local_delivery: Error parsing XML: ' . $feed->error()); } // Check at the feed level for updated contact name and/or photo $name_updated = ''; $new_name = ''; $photo_timestamp = ''; $photo_url = ''; $contact_updated = ''; $rawtags = $feed->get_feed_tags(NAMESPACE_DFRN, 'owner'); // Fallback should not be needed here. If it isn't DFRN it won't have DFRN updated tags // if(! $rawtags) // $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author'); if ($rawtags) { $elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]; if ($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) { $name_updated = $elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']; $new_name = $elems['name'][0]['data']; // Manually checking for changed contact names if ($new_name != $importer['name'] and $new_name != "" and $name_updated <= $importer['name-date']) { $name_updated = date("c"); $photo_timestamp = date("c"); } } if (x($elems, 'link') && $elems['link'][0]['attribs']['']['rel'] === 'photo' && $elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']) { if ($photo_timestamp == "") { $photo_timestamp = datetime_convert('UTC', 'UTC', $elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']); } $photo_url = $elems['link'][0]['attribs']['']['href']; } } if ($photo_timestamp && strlen($photo_url) && $photo_timestamp > $importer['avatar-date']) { $contact_updated = $photo_timestamp; logger('local_delivery: Updating photo for ' . $importer['name']); require_once "include/Photo.php"; $photos = import_profile_photo($photo_url, $importer['importer_uid'], $importer['id']); q("UPDATE `contact` SET `avatar-date` = '%s', `photo` = '%s', `thumb` = '%s', `micro` = '%s'\n\t\t\tWHERE `uid` = %d AND `id` = %d AND NOT `self`", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), intval($importer['importer_uid']), intval($importer['id'])); } if ($name_updated && strlen($new_name) && $name_updated > $importer['name-date']) { if ($name_updated > $contact_updated) { $contact_updated = $name_updated; } $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($importer['importer_uid']), intval($importer['id'])); $x = q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `id` = %d AND `name` != '%s' AND NOT `self`", dbesc(notags(trim($new_name))), dbesc(datetime_convert()), intval($importer['importer_uid']), intval($importer['id']), dbesc(notags(trim($new_name)))); // do our best to update the name on content items if (count($r) and notags(trim($new_name)) != $r[0]['name']) { q("UPDATE `item` SET `author-name` = '%s' WHERE `author-name` = '%s' AND `author-link` = '%s' AND `uid` = %d AND `author-name` != '%s'", dbesc(notags(trim($new_name))), dbesc($r[0]['name']), dbesc($r[0]['url']), intval($importer['importer_uid']), dbesc(notags(trim($new_name)))); } } if ($contact_updated and $new_name and $photo_url) { poco_check($importer['url'], $new_name, NETWORK_DFRN, $photo_url, "", "", "", "", "", $contact_updated, 2, $importer['id'], $importer['importer_uid']); } // Currently unsupported - needs a lot of work $reloc = $feed->get_feed_tags(NAMESPACE_DFRN, 'relocate'); if (isset($reloc[0]['child'][NAMESPACE_DFRN])) { $base = $reloc[0]['child'][NAMESPACE_DFRN]; $newloc = array(); $newloc['uid'] = $importer['importer_uid']; $newloc['cid'] = $importer['id']; $newloc['name'] = notags(unxmlify($base['name'][0]['data'])); $newloc['photo'] = notags(unxmlify($base['photo'][0]['data'])); $newloc['thumb'] = notags(unxmlify($base['thumb'][0]['data'])); $newloc['micro'] = notags(unxmlify($base['micro'][0]['data'])); $newloc['url'] = notags(unxmlify($base['url'][0]['data'])); $newloc['request'] = notags(unxmlify($base['request'][0]['data'])); $newloc['confirm'] = notags(unxmlify($base['confirm'][0]['data'])); $newloc['notify'] = notags(unxmlify($base['notify'][0]['data'])); $newloc['poll'] = notags(unxmlify($base['poll'][0]['data'])); $newloc['sitepubkey'] = notags(unxmlify($base['sitepubkey'][0]['data'])); /** relocated user must have original key pair */ /*$newloc['pubkey'] = notags(unxmlify($base['pubkey'][0]['data'])); $newloc['prvkey'] = notags(unxmlify($base['prvkey'][0]['data']));*/ logger("items:relocate contact " . print_r($newloc, true) . print_r($importer, true), LOGGER_DEBUG); // update contact $r = q("SELECT photo, url FROM contact WHERE id=%d AND uid=%d;", intval($importer['id']), intval($importer['importer_uid'])); if ($r === false) { return 1; } $old = $r[0]; $x = q("UPDATE contact SET\n\t\t\t\t\tname = '%s',\n\t\t\t\t\tphoto = '%s',\n\t\t\t\t\tthumb = '%s',\n\t\t\t\t\tmicro = '%s',\n\t\t\t\t\turl = '%s',\n\t\t\t\t\tnurl = '%s',\n\t\t\t\t\trequest = '%s',\n\t\t\t\t\tconfirm = '%s',\n\t\t\t\t\tnotify = '%s',\n\t\t\t\t\tpoll = '%s',\n\t\t\t\t\t`site-pubkey` = '%s'\n\t\t\tWHERE id=%d AND uid=%d;", dbesc($newloc['name']), dbesc($newloc['photo']), dbesc($newloc['thumb']), dbesc($newloc['micro']), dbesc($newloc['url']), dbesc(normalise_link($newloc['url'])), dbesc($newloc['request']), dbesc($newloc['confirm']), dbesc($newloc['notify']), dbesc($newloc['poll']), dbesc($newloc['sitepubkey']), intval($importer['id']), intval($importer['importer_uid'])); if ($x === false) { return 1; } // update items $fields = array('owner-link' => array($old['url'], $newloc['url']), 'author-link' => array($old['url'], $newloc['url']), 'owner-avatar' => array($old['photo'], $newloc['photo']), 'author-avatar' => array($old['photo'], $newloc['photo'])); foreach ($fields as $n => $f) { $x = q("UPDATE `item` SET `%s`='%s' WHERE `%s`='%s' AND uid=%d", $n, dbesc($f[1]), $n, dbesc($f[0]), intval($importer['importer_uid'])); if ($x === false) { return 1; } } // TODO // merge with current record, current contents have priority // update record, set url-updated // update profile photos // schedule a scan? return 0; } // handle friend suggestion notification $sugg = $feed->get_feed_tags(NAMESPACE_DFRN, 'suggest'); if (isset($sugg[0]['child'][NAMESPACE_DFRN])) { $base = $sugg[0]['child'][NAMESPACE_DFRN]; $fsugg = array(); $fsugg['uid'] = $importer['importer_uid']; $fsugg['cid'] = $importer['id']; $fsugg['name'] = notags(unxmlify($base['name'][0]['data'])); $fsugg['photo'] = notags(unxmlify($base['photo'][0]['data'])); $fsugg['url'] = notags(unxmlify($base['url'][0]['data'])); $fsugg['request'] = notags(unxmlify($base['request'][0]['data'])); $fsugg['body'] = escape_tags(unxmlify($base['note'][0]['data'])); // Does our member already have a friend matching this description? $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `nurl` = '%s' AND `uid` = %d LIMIT 1", dbesc($fsugg['name']), dbesc(normalise_link($fsugg['url'])), intval($fsugg['uid'])); if (count($r)) { return 0; } // Do we already have an fcontact record for this person? $fid = 0; $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", dbesc($fsugg['url']), dbesc($fsugg['name']), dbesc($fsugg['request'])); if (count($r)) { $fid = $r[0]['id']; // OK, we do. Do we already have an introduction for this person ? $r = q("select id from intro where uid = %d and fid = %d limit 1", intval($fsugg['uid']), intval($fid)); if (count($r)) { return 0; } } if (!$fid) { $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ", dbesc($fsugg['name']), dbesc($fsugg['url']), dbesc($fsugg['photo']), dbesc($fsugg['request'])); } $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", dbesc($fsugg['url']), dbesc($fsugg['name']), dbesc($fsugg['request'])); if (count($r)) { $fid = $r[0]['id']; } else { return 0; } $hash = random_string(); $r = q("INSERT INTO `intro` ( `uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked` )\n\t\t\tVALUES( %d, %d, %d, '%s', '%s', '%s', %d )", intval($fsugg['uid']), intval($fid), intval($fsugg['cid']), dbesc($fsugg['body']), dbesc($hash), dbesc(datetime_convert()), intval(0)); notification(array('type' => NOTIFY_SUGGEST, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $fsugg, 'link' => $a->get_baseurl() . '/notifications/intros', 'source_name' => $importer['name'], 'source_link' => $importer['url'], 'source_photo' => $importer['photo'], 'verb' => ACTIVITY_REQ_FRIEND, 'otype' => 'intro')); return 0; } $ismail = false; $rawmail = $feed->get_feed_tags(NAMESPACE_DFRN, 'mail'); if (isset($rawmail[0]['child'][NAMESPACE_DFRN])) { logger('local_delivery: private message received'); $ismail = true; $base = $rawmail[0]['child'][NAMESPACE_DFRN]; $msg = array(); $msg['uid'] = $importer['importer_uid']; $msg['from-name'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['name'][0]['data'])); $msg['from-photo'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['avatar'][0]['data'])); $msg['from-url'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['uri'][0]['data'])); $msg['contact-id'] = $importer['id']; $msg['title'] = notags(unxmlify($base['subject'][0]['data'])); $msg['body'] = escape_tags(unxmlify($base['content'][0]['data'])); $msg['seen'] = 0; $msg['replied'] = 0; $msg['uri'] = notags(unxmlify($base['id'][0]['data'])); $msg['parent-uri'] = notags(unxmlify($base['in-reply-to'][0]['data'])); $msg['created'] = datetime_convert(notags(unxmlify('UTC', 'UTC', $base['sentdate'][0]['data']))); dbesc_array($msg); $r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) . "`) VALUES ('" . implode("', '", array_values($msg)) . "')"); // send notifications. require_once 'include/enotify.php'; $notif_params = array('type' => NOTIFY_MAIL, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $msg, 'source_name' => $msg['from-name'], 'source_link' => $importer['url'], 'source_photo' => $importer['thumb'], 'verb' => ACTIVITY_POST, 'otype' => 'mail'); notification($notif_params); return 0; // NOTREACHED } $community_page = 0; $rawtags = $feed->get_feed_tags(NAMESPACE_DFRN, 'community'); if ($rawtags) { $community_page = intval($rawtags[0]['data']); } if (intval($importer['forum']) != $community_page) { q("update contact set forum = %d where id = %d", intval($community_page), intval($importer['id'])); $importer['forum'] = (string) $community_page; } logger('local_delivery: feed item count = ' . $feed->get_item_quantity()); // process any deleted entries $del_entries = $feed->get_feed_tags(NAMESPACE_TOMB, 'deleted-entry'); if (is_array($del_entries) && count($del_entries)) { foreach ($del_entries as $dentry) { $deleted = false; if (isset($dentry['attribs']['']['ref'])) { $uri = $dentry['attribs']['']['ref']; $deleted = true; if (isset($dentry['attribs']['']['when'])) { $when = $dentry['attribs']['']['when']; $when = datetime_convert('UTC', 'UTC', $when, 'Y-m-d H:i:s'); } else { $when = datetime_convert('UTC', 'UTC', 'now', 'Y-m-d H:i:s'); } } if ($deleted) { // check for relayed deletes to our conversation $is_reply = false; $r = q("select * from item where uri = '%s' and uid = %d limit 1", dbesc($uri), intval($importer['importer_uid'])); if (count($r)) { $parent_uri = $r[0]['parent-uri']; if ($r[0]['id'] != $r[0]['parent']) { $is_reply = true; } } if ($is_reply) { $community = false; if ($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP) { $sql_extra = ''; $community = true; logger('local_delivery: possible community delete'); } else { $sql_extra = " and contact.self = 1 and item.wall = 1 "; } // was the top-level post for this reply written by somebody on this site? // Specifically, the recipient? $is_a_remote_delete = false; // POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used? $r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`,\n\t\t\t\t\t\t`contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item`\n\t\t\t\t\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\t\t\tWHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s')\n\t\t\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t\t\t{$sql_extra}\n\t\t\t\t\t\tLIMIT 1", dbesc($parent_uri), dbesc($parent_uri), dbesc($parent_uri), intval($importer['importer_uid'])); if ($r && count($r)) { $is_a_remote_delete = true; } // Does this have the characteristics of a community or private group comment? // If it's a reply to a wall post on a community/prvgroup page it's a // valid community comment. Also forum_mode makes it valid for sure. // If neither, it's not. if ($is_a_remote_delete && $community) { if (!$r[0]['forum_mode'] && !$r[0]['wall']) { $is_a_remote_delete = false; logger('local_delivery: not a community delete'); } } if ($is_a_remote_delete) { logger('local_delivery: received remote delete'); } } $r = q("SELECT `item`.*, `contact`.`self` FROM `item` INNER JOIN contact on `item`.`contact-id` = `contact`.`id`\n\t\t\t\t\tWHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1", dbesc($uri), intval($importer['importer_uid']), intval($importer['id'])); if (count($r)) { $item = $r[0]; if ($item['deleted']) { continue; } logger('local_delivery: deleting item ' . $item['id'] . ' uri=' . $item['uri'], LOGGER_DEBUG); if ($item['object-type'] === ACTIVITY_OBJ_EVENT) { logger("Deleting event " . $item['event-id'], LOGGER_DEBUG); event_delete($item['event-id']); } if ($item['verb'] === ACTIVITY_TAG && $item['object-type'] === ACTIVITY_OBJ_TAGTERM) { $xo = parse_xml_string($item['object'], false); $xt = parse_xml_string($item['target'], false); if ($xt->type === ACTIVITY_OBJ_NOTE) { $i = q("select * from `item` where uri = '%s' and uid = %d limit 1", dbesc($xt->id), intval($importer['importer_uid'])); if (count($i)) { // For tags, the owner cannot remove the tag on the author's copy of the post. $owner_remove = $item['contact-id'] == $i[0]['contact-id'] ? true : false; $author_remove = $item['origin'] && $item['self'] ? true : false; $author_copy = $item['origin'] ? true : false; if ($owner_remove && $author_copy) { continue; } if ($author_remove || $owner_remove) { $tags = explode(',', $i[0]['tag']); $newtags = array(); if (count($tags)) { foreach ($tags as $tag) { if (trim($tag) !== trim($xo->body)) { $newtags[] = trim($tag); } } } q("update item set tag = '%s' where id = %d", dbesc(implode(',', $newtags)), intval($i[0]['id'])); create_tags_from_item($i[0]['id']); } } } } if ($item['uri'] == $item['parent-uri']) { $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',\n\t\t\t\t\t\t\t`body` = '', `title` = ''\n\t\t\t\t\t\t\tWHERE `parent-uri` = '%s' AND `uid` = %d", dbesc($when), dbesc(datetime_convert()), dbesc($item['uri']), intval($importer['importer_uid'])); create_tags_from_itemuri($item['uri'], $importer['importer_uid']); create_files_from_itemuri($item['uri'], $importer['importer_uid']); update_thread_uri($item['uri'], $importer['importer_uid']); } else { $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',\n\t\t\t\t\t\t\t`body` = '', `title` = ''\n\t\t\t\t\t\t\tWHERE `uri` = '%s' AND `uid` = %d", dbesc($when), dbesc(datetime_convert()), dbesc($uri), intval($importer['importer_uid'])); create_tags_from_itemuri($uri, $importer['importer_uid']); create_files_from_itemuri($uri, $importer['importer_uid']); update_thread_uri($uri, $importer['importer_uid']); if ($item['last-child']) { // ensure that last-child is set in case the comment that had it just got wiped. q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ", dbesc(datetime_convert()), dbesc($item['parent-uri']), intval($item['uid'])); // who is the last child now? $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d\n\t\t\t\t\t\t\t\tORDER BY `created` DESC LIMIT 1", dbesc($item['parent-uri']), intval($importer['importer_uid'])); if (count($r)) { q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d", intval($r[0]['id'])); } } // if this is a relayed delete, propagate it to other recipients if ($is_a_remote_delete) { proc_run('php', "include/notifier.php", "drop", $item['id']); } } } } } } foreach ($feed->get_items() as $item) { $is_reply = false; $item_id = $item->get_id(); $rawthread = $item->get_item_tags(NAMESPACE_THREAD, 'in-reply-to'); if (isset($rawthread[0]['attribs']['']['ref'])) { $is_reply = true; $parent_uri = $rawthread[0]['attribs']['']['ref']; } if ($is_reply) { $community = false; if ($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP) { $sql_extra = ''; $community = true; logger('local_delivery: possible community reply'); } else { $sql_extra = " and contact.self = 1 and item.wall = 1 "; } // was the top-level post for this reply written by somebody on this site? // Specifically, the recipient? $is_a_remote_comment = false; $top_uri = $parent_uri; $r = q("select `item`.`parent-uri` from `item`\n\t\t\t\tWHERE `item`.`uri` = '%s'\n\t\t\t\tLIMIT 1", dbesc($parent_uri)); if ($r && count($r)) { $top_uri = $r[0]['parent-uri']; // POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used? $r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`,\n\t\t\t\t\t`contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item`\n\t\t\t\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\t\tWHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s')\n\t\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t\t{$sql_extra}\n\t\t\t\t\tLIMIT 1", dbesc($top_uri), dbesc($top_uri), dbesc($top_uri), intval($importer['importer_uid'])); if ($r && count($r)) { $is_a_remote_comment = true; } } // Does this have the characteristics of a community or private group comment? // If it's a reply to a wall post on a community/prvgroup page it's a // valid community comment. Also forum_mode makes it valid for sure. // If neither, it's not. if ($is_a_remote_comment && $community) { if (!$r[0]['forum_mode'] && !$r[0]['wall']) { $is_a_remote_comment = false; logger('local_delivery: not a community reply'); } } if ($is_a_remote_comment) { logger('local_delivery: received remote comment'); $is_like = false; // remote reply to our post. Import and then notify everybody else. $datarray = get_atom_elements($feed, $item); $r = q("SELECT `id`, `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid'])); // Update content if 'updated' changes if (count($r)) { $iid = $r[0]['id']; if (edited_timestamp_is_newer($r[0], $datarray)) { // do not accept (ignore) an earlier edit than one we currently have. if (datetime_convert('UTC', 'UTC', $datarray['edited']) < $r[0]['edited']) { continue; } logger('received updated comment', LOGGER_DEBUG); $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc(datetime_convert('UTC', 'UTC', $datarray['edited'])), dbesc(datetime_convert()), dbesc($item_id), intval($importer['importer_uid'])); create_tags_from_itemuri($item_id, $importer['importer_uid']); proc_run('php', "include/notifier.php", "comment-import", $iid); } continue; } $own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1", intval($importer['importer_uid'])); $datarray['type'] = 'remote-comment'; $datarray['wall'] = 1; $datarray['parent-uri'] = $parent_uri; $datarray['uid'] = $importer['importer_uid']; $datarray['owner-name'] = $own[0]['name']; $datarray['owner-link'] = $own[0]['url']; $datarray['owner-avatar'] = $own[0]['thumb']; $datarray['contact-id'] = $importer['id']; if ($datarray['verb'] === ACTIVITY_LIKE || $datarray['verb'] === ACTIVITY_DISLIKE || $datarray['verb'] === ACTIVITY_ATTEND || $datarray['verb'] === ACTIVITY_ATTENDNO || $datarray['verb'] === ACTIVITY_ATTENDMAYBE) { $is_like = true; $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; $datarray['last-child'] = 0; // only one like or dislike per person // splitted into two queries for performance issues $r = q("select id from item where uid = %d and `contact-id` = %d and verb = '%s' and (`parent-uri` = '%s') and deleted = 0 limit 1", intval($datarray['uid']), intval($datarray['contact-id']), dbesc($datarray['verb']), dbesc($datarray['parent-uri'])); if ($r && count($r)) { continue; } $r = q("select id from item where uid = %d and `contact-id` = %d and verb = '%s' and (`thr-parent` = '%s') and deleted = 0 limit 1", intval($datarray['uid']), intval($datarray['contact-id']), dbesc($datarray['verb']), dbesc($datarray['parent-uri'])); if ($r && count($r)) { continue; } } if ($datarray['verb'] === ACTIVITY_TAG && $datarray['object-type'] === ACTIVITY_OBJ_TAGTERM) { $xo = parse_xml_string($datarray['object'], false); $xt = parse_xml_string($datarray['target'], false); if ($xt->type == ACTIVITY_OBJ_NOTE && $xt->id) { // fetch the parent item $tagp = q("select * from item where uri = '%s' and uid = %d limit 1", dbesc($xt->id), intval($importer['importer_uid'])); if (!count($tagp)) { continue; } // extract tag, if not duplicate, and this user allows tags, add to parent item if ($xo->id && $xo->content) { $newtag = '#[url=' . $xo->id . ']' . $xo->content . '[/url]'; if (!stristr($tagp[0]['tag'], $newtag)) { $i = q("SELECT `blocktags` FROM `user` where `uid` = %d LIMIT 1", intval($importer['importer_uid'])); if (count($i) && !intval($i[0]['blocktags'])) { q("UPDATE item SET tag = '%s', `edited` = '%s', `changed` = '%s' WHERE id = %d", dbesc($tagp[0]['tag'] . (strlen($tagp[0]['tag']) ? ',' : '') . $newtag), intval($tagp[0]['id']), dbesc(datetime_convert()), dbesc(datetime_convert())); create_tags_from_item($tagp[0]['id']); } } } } } $posted_id = item_store($datarray); $parent = 0; if ($posted_id) { $datarray["id"] = $posted_id; $r = q("SELECT `parent`, `parent-uri` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($posted_id), intval($importer['importer_uid'])); if (count($r)) { $parent = $r[0]['parent']; $parent_uri = $r[0]['parent-uri']; } if (!$is_like) { $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($r[0]['parent'])); $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($posted_id)); } if ($posted_id && $parent) { proc_run('php', "include/notifier.php", "comment-import", "{$posted_id}"); if (!$is_like && !$importer['self']) { require_once 'include/enotify.php'; notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode(get_item_guid($posted_id)), 'source_name' => stripslashes($datarray['author-name']), 'source_link' => $datarray['author-link'], 'source_photo' => link_compare($datarray['author-link'], $importer['url']) ? $importer['thumb'] : $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_uri' => $parent_uri)); } } return 0; // NOTREACHED } } else { // regular comment that is part of this total conversation. Have we seen it? If not, import it. $item_id = $item->get_id(); $datarray = get_atom_elements($feed, $item); if ($importer['rel'] == CONTACT_IS_FOLLOWER) { continue; } $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid'])); // Update content if 'updated' changes if (count($r)) { if (edited_timestamp_is_newer($r[0], $datarray)) { // do not accept (ignore) an earlier edit than one we currently have. if (datetime_convert('UTC', 'UTC', $datarray['edited']) < $r[0]['edited']) { continue; } $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc(datetime_convert('UTC', 'UTC', $datarray['edited'])), dbesc(datetime_convert()), dbesc($item_id), intval($importer['importer_uid'])); create_tags_from_itemuri($item_id, $importer['importer_uid']); } // update last-child if it changes $allow = $item->get_item_tags(NAMESPACE_DFRN, 'comment-allow'); if ($allow && $allow[0]['data'] != $r[0]['last-child']) { $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($parent_uri), intval($importer['importer_uid'])); $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d", intval($allow[0]['data']), dbesc(datetime_convert()), dbesc($item_id), intval($importer['importer_uid'])); } continue; } $datarray['parent-uri'] = $parent_uri; $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; if ($datarray['verb'] === ACTIVITY_LIKE || $datarray['verb'] === ACTIVITY_DISLIKE || $datarray['verb'] === ACTIVITY_ATTEND || $datarray['verb'] === ACTIVITY_ATTENDNO || $datarray['verb'] === ACTIVITY_ATTENDMAYBE) { $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; // only one like or dislike per person // splitted into two queries for performance issues $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 and (`parent-uri` = '%s') limit 1", intval($datarray['uid']), intval($datarray['contact-id']), dbesc($datarray['verb']), dbesc($parent_uri)); if ($r && count($r)) { continue; } $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 and (`thr-parent` = '%s') limit 1", intval($datarray['uid']), intval($datarray['contact-id']), dbesc($datarray['verb']), dbesc($parent_uri)); if ($r && count($r)) { continue; } } if ($datarray['verb'] === ACTIVITY_TAG && $datarray['object-type'] === ACTIVITY_OBJ_TAGTERM) { $xo = parse_xml_string($datarray['object'], false); $xt = parse_xml_string($datarray['target'], false); if ($xt->type == ACTIVITY_OBJ_NOTE) { $r = q("select * from item where `uri` = '%s' AND `uid` = %d limit 1", dbesc($xt->id), intval($importer['importer_uid'])); if (!count($r)) { continue; } // extract tag, if not duplicate, add to parent item if ($xo->content) { if (!stristr($r[0]['tag'], trim($xo->content))) { q("UPDATE item SET tag = '%s' WHERE id = %d", dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . '#[url=' . $xo->id . ']' . $xo->content . '[/url]'), intval($r[0]['id'])); create_tags_from_item($r[0]['id']); } } } } $posted_id = item_store($datarray); // find out if our user is involved in this conversation and wants to be notified. if (!x($datarray['type']) || $datarray['type'] != 'activity') { $myconv = q("SELECT `author-link`, `author-avatar`, `parent` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d AND `parent` != 0 AND `deleted` = 0", dbesc($top_uri), intval($importer['importer_uid'])); if (count($myconv)) { $importer_url = $a->get_baseurl() . '/profile/' . $importer['nickname']; // first make sure this isn't our own post coming back to us from a wall-to-wall event if (!link_compare($datarray['author-link'], $importer_url)) { foreach ($myconv as $conv) { // now if we find a match, it means we're in this conversation if (!link_compare($conv['author-link'], $importer_url)) { continue; } require_once 'include/enotify.php'; $conv_parent = $conv['parent']; notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode(get_item_guid($posted_id)), 'source_name' => stripslashes($datarray['author-name']), 'source_link' => $datarray['author-link'], 'source_photo' => link_compare($datarray['author-link'], $importer['url']) ? $importer['thumb'] : $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $conv_parent, 'parent_uri' => $parent_uri)); // only send one notification break; } } } } continue; } } else { // Head post of a conversation. Have we seen it? If not, import it. $item_id = $item->get_id(); $datarray = get_atom_elements($feed, $item); if (x($datarray, 'object-type') && $datarray['object-type'] === ACTIVITY_OBJ_EVENT) { $ev = bbtoevent($datarray['body']); if ((x($ev, 'desc') || x($ev, 'summary')) && x($ev, 'start')) { $ev['cid'] = $importer['id']; $ev['uid'] = $importer['uid']; $ev['uri'] = $item_id; $ev['edited'] = $datarray['edited']; $ev['private'] = $datarray['private']; $ev['guid'] = $datarray['guid']; $r = q("SELECT * FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['uid'])); if (count($r)) { $ev['id'] = $r[0]['id']; } $xyz = event_store($ev); continue; } } $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid'])); // Update content if 'updated' changes if (count($r)) { if (edited_timestamp_is_newer($r[0], $datarray)) { // do not accept (ignore) an earlier edit than one we currently have. if (datetime_convert('UTC', 'UTC', $datarray['edited']) < $r[0]['edited']) { continue; } $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc(datetime_convert('UTC', 'UTC', $datarray['edited'])), dbesc(datetime_convert()), dbesc($item_id), intval($importer['importer_uid'])); create_tags_from_itemuri($item_id, $importer['importer_uid']); update_thread_uri($item_id, $importer['importer_uid']); } // update last-child if it changes $allow = $item->get_item_tags(NAMESPACE_DFRN, 'comment-allow'); if ($allow && $allow[0]['data'] != $r[0]['last-child']) { $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d", intval($allow[0]['data']), dbesc(datetime_convert()), dbesc($item_id), intval($importer['importer_uid'])); } continue; } $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; if (!link_compare($datarray['owner-link'], $importer['url'])) { // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, // but otherwise there's a possible data mixup on the sender's system. // the tgroup delivery code called from item_store will correct it if it's a forum, // but we're going to unconditionally correct it here so that the post will always be owned by our contact. logger('local_delivery: Correcting item owner.', LOGGER_DEBUG); $datarray['owner-name'] = $importer['senderName']; $datarray['owner-link'] = $importer['url']; $datarray['owner-avatar'] = $importer['thumb']; } if ($importer['rel'] == CONTACT_IS_FOLLOWER && !tgroup_check($importer['importer_uid'], $datarray)) { continue; } // This is my contact on another system, but it's really me. // Turn this into a wall post. $notify = item_is_remote_self($importer, $datarray); $posted_id = item_store($datarray, false, $notify); if (stristr($datarray['verb'], ACTIVITY_POKE)) { $verb = urldecode(substr($datarray['verb'], strpos($datarray['verb'], '#') + 1)); if (!$verb) { continue; } $xo = parse_xml_string($datarray['object'], false); if ($xo->type == ACTIVITY_OBJ_PERSON && $xo->id) { // somebody was poked/prodded. Was it me? $links = parse_xml_string("<links>" . unxmlify($xo->link) . "</links>", false); foreach ($links->link as $l) { $atts = $l->attributes(); switch ($atts['rel']) { case "alternate": $Blink = $atts['href']; break; default: break; } } if ($Blink && link_compare($Blink, $a->get_baseurl() . '/profile/' . $importer['nickname'])) { // send a notification require_once 'include/enotify.php'; notification(array('type' => NOTIFY_POKE, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode(get_item_guid($posted_id)), 'source_name' => stripslashes($datarray['author-name']), 'source_link' => $datarray['author-link'], 'source_photo' => link_compare($datarray['author-link'], $importer['url']) ? $importer['thumb'] : $datarray['author-avatar'], 'verb' => $datarray['verb'], 'otype' => 'person', 'activity' => $verb, 'parent' => $datarray['parent'])); } } } continue; } } return 0; // NOTREACHED }
<?php $pricebook_cats = dbq('SELECT * FROM nec_dealer'); ?> <style type="text/css"> table#users { margin-top: 20px; font-size: 11px; } #users th { text-align: left; background: #E1E7EA; } #users th.over { background: #ccc; } #users td, #users th { border: 1px solid #CCCCCC; border-collapse: collapse; padding: 4px 4px; } .approvebox { text-align: center; } .approvebox input { margin: 0; width: 13px; height: 13px; overflow: hidden; }
function do_export_table($t = '', $isvar = 0, $MAXI = 838860) { global $D; @set_time_limit(600); if ($_REQUEST['s']) { $sth = db_query("show create table `{$t}`"); $row = mysql_fetch_row($sth); $ct = preg_replace("/\n\r|\r\n|\n|\r/", $D, $row[1]); ex_w("DROP TABLE IF EXISTS `{$t}`;{$D}{$ct};{$D}{$D}"); } if ($_REQUEST['d']) { $exsql = ''; ex_w("/*!40000 ALTER TABLE `{$t}` DISABLE KEYS */;{$D}"); $sth = db_query("select * from `{$t}`"); while ($row = mysql_fetch_row($sth)) { $values = ''; foreach ($row as $v) { $values .= ($values ? ',' : '') . dbq($v); } $exsql .= ($exsql ? ',' : '') . "(" . $values . ")"; if (strlen($exsql) > $MAXI) { ex_w("INSERT INTO `{$t}` VALUES {$exsql};{$D}"); $exsql = ''; } } if ($exsql) { ex_w("INSERT INTO `{$t}` VALUES {$exsql};{$D}"); } ex_w("/*!40000 ALTER TABLE `{$t}` ENABLE KEYS */;{$D}{$D}"); } flush(); }
$_POST = array_map('strip_slashes_deep', $_POST); $_GET = array_map('strip_slashes_deep', $_GET); } if (isset($_GET['type']) && isset($_GET['id']) && preg_match('/^[0-9]+$/', $_GET['id'])) { if ($_GET['type'] == 'image') { $record = dbq("SELECT parent FROM wp_image_gallery WHERE id = {$_GET['id']}"); if (!dbq("DELETE FROM `wp_image_gallery` WHERE `id` = '{$_GET['id']}' LIMIT 1")) { echo "ERROR"; } else { @unlink($cfg['data'] . "images/" . $_GET['id'] . "-s.jpg"); @unlink($cfg['data'] . "images/" . $_GET['id'] . "-m.jpg"); @unlink($cfg['data'] . "images/" . $_GET['id'] . "-l.jpg"); echo "DELETE SUCCESS"; } } else { if ($_GET['type'] == 'file') { $record = dbq("SELECT parent FROM wp_file_gallery WHERE id = {$_GET['id']}"); if (!dbq("DELETE FROM `wp_file_gallery` WHERE `id` = '{$_GET['id']}' LIMIT 1")) { echo "ERROR"; } else { $file = glob($cfg['data'] . "files/" . $_GET['id'] . ".*"); @unlink($file[0]); echo "DELETE SUCCESS"; } } } $parentID = $record[0]['parent']; dbq("UPDATE wp_structure SET modified = NOW() WHERE id = {$parentID}"); dbq("UPDATE wp_file_gallery SET modified = NOW() WHERE parent = {$parentID}"); dbq("UPDATE wp_image_gallery SET modified = NOW() WHERE parent = {$parentID}"); }
function do_export_table($t = '', $isvar = 0, $MAXI = 838860) { set_time_limit(600); if ($_REQUEST['s']) { $sth = db_query("show create table `{$t}`"); $row = mysql_fetch_row($sth); echo "DROP TABLE IF EXISTS `{$t}`;\n{$row['1']};\n\n"; } if ($_REQUEST['d']) { $exsql = ''; echo "/*!40000 ALTER TABLE `{$t}` DISABLE KEYS */;\n"; $sth = db_query("select * from `{$t}`"); while ($row = mysql_fetch_row($sth)) { $values = ''; foreach ($row as $value) { $values .= ($values ? ',' : '') . "'" . dbq($value) . "'"; } $exsql .= ($exsql ? ',' : '') . "(" . $values . ")"; if (strlen($exsql) > $MAXI) { echo "INSERT INTO `{$t}` VALUES {$exsql};\n"; $exsql = ''; } } if ($exsql) { echo "INSERT INTO `{$t}` VALUES {$exsql};\n"; } echo "/*!40000 ALTER TABLE `{$t}` ENABLE KEYS */;\n"; echo "\n"; } flush(); }
/** * @brief * * @param array $sender * @param array $arr * @param array $deliveries * @return array */ function process_channel_sync_delivery($sender, $arr, $deliveries) { require_once 'include/import.php'; /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */ $result = array(); foreach ($deliveries as $d) { $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash'])); if (!$r) { $result[] = array($d['hash'], 'not found'); continue; } $channel = $r[0]; $max_friends = service_class_fetch($channel['channel_id'], 'total_channels'); $max_feeds = account_service_class_fetch($channel['channel_account_id'], 'total_feeds'); if ($channel['channel_hash'] != $sender['hash']) { logger('process_channel_sync_delivery: possible forgery. Sender ' . $sender['hash'] . ' is not ' . $channel['channel_hash']); $result[] = array($d['hash'], 'channel mismatch', $channel['channel_name'], ''); continue; } if (array_key_exists('config', $arr) && is_array($arr['config']) && count($arr['config'])) { foreach ($arr['config'] as $cat => $k) { foreach ($arr['config'][$cat] as $k => $v) { set_pconfig($channel['channel_id'], $cat, $k, $v); } } } if (array_key_exists('obj', $arr) && $arr['obj']) { sync_objs($channel, $arr['obj']); } if (array_key_exists('likes', $arr) && $arr['likes']) { import_likes($channel, $arr['likes']); } if (array_key_exists('app', $arr) && $arr['app']) { sync_apps($channel, $arr['app']); } if (array_key_exists('chatroom', $arr) && $arr['chatroom']) { sync_chatrooms($channel, $arr['chatroom']); } if (array_key_exists('conv', $arr) && $arr['conv']) { import_conv($channel, $arr['conv']); } if (array_key_exists('mail', $arr) && $arr['mail']) { import_mail($channel, $arr['mail']); } if (array_key_exists('event', $arr) && $arr['event']) { sync_events($channel, $arr['event']); } if (array_key_exists('event_item', $arr) && $arr['event_item']) { sync_items($channel, $arr['event_item']); } if (array_key_exists('item', $arr) && $arr['item']) { sync_items($channel, $arr['item']); } if (array_key_exists('item_id', $arr) && $arr['item_id']) { sync_items($channel, $arr['item_id']); } if (array_key_exists('menu', $arr) && $arr['menu']) { sync_menus($channel, $arr['menu']); } if (array_key_exists('channel', $arr) && is_array($arr['channel']) && count($arr['channel'])) { if (array_key_exists('channel_pageflags', $arr['channel']) && intval($arr['channel']['channel_pageflags'])) { // These flags cannot be sync'd. // remove the bits from the incoming flags. // These correspond to PAGE_REMOVED and PAGE_SYSTEM on redmatrix if ($arr['channel']['channel_pageflags'] & 0x8000) { $arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x8000; } if ($arr['channel']['channel_pageflags'] & 0x1000) { $arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x1000; } } $disallowed = array('channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system'); $clean = array(); foreach ($arr['channel'] as $k => $v) { if (in_array($k, $disallowed)) { continue; } $clean[$k] = $v; } if (count($clean)) { foreach ($clean as $k => $v) { $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id'])); } } } if (array_key_exists('abook', $arr) && is_array($arr['abook']) && count($arr['abook'])) { $total_friends = 0; $total_feeds = 0; $r = q("select abook_id, abook_feed from abook where abook_channel = %d", intval($channel['channel_id'])); if ($r) { // don't count yourself $total_friends = count($r) > 0 ? count($r) - 1 : 0; foreach ($r as $rr) { if (intval($rr['abook_feed'])) { $total_feeds++; } } } $disallowed = array('abook_id', 'abook_account', 'abook_channel', 'abook_rating', 'abook_rating_text'); foreach ($arr['abook'] as $abook) { if (!array_key_exists('abook_blocked', $abook)) { // convert from redmatrix $abook['abook_blocked'] = $abook['abook_flags'] & 0x1 ? 1 : 0; $abook['abook_ignored'] = $abook['abook_flags'] & 0x2 ? 1 : 0; $abook['abook_hidden'] = $abook['abook_flags'] & 0x4 ? 1 : 0; $abook['abook_archived'] = $abook['abook_flags'] & 0x8 ? 1 : 0; $abook['abook_pending'] = $abook['abook_flags'] & 0x10 ? 1 : 0; $abook['abook_unconnected'] = $abook['abook_flags'] & 0x20 ? 1 : 0; $abook['abook_self'] = $abook['abook_flags'] & 0x80 ? 1 : 0; $abook['abook_feed'] = $abook['abook_flags'] & 0x100 ? 1 : 0; } $clean = array(); if ($abook['abook_xchan'] && $abook['entry_deleted']) { logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']); require_once 'include/Contact.php'; $r = q("select abook_id, abook_feed from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id'])); if ($r) { contact_remove($channel['channel_id'], $r[0]['abook_id']); if ($total_friends) { $total_friends--; } if (intval($r[0]['abook_feed'])) { $total_feeds--; } } continue; } // Perform discovery if the referenced xchan hasn't ever been seen on this hub. // This relies on the undocumented behaviour that red sites send xchan info with the abook // and import_author_xchan will look them up on all federated networks if ($abook['abook_xchan'] && $abook['xchan_addr']) { $h = zot_get_hublocs($abook['abook_xchan']); if (!$h) { $xhash = import_author_xchan(encode_item_xchan($abook)); if (!$xhash) { logger('process_channel_sync_delivery: import of ' . $abook['xchan_addr'] . ' failed.'); continue; } } } foreach ($abook as $k => $v) { if (in_array($k, $disallowed) || strpos($k, 'abook') !== 0) { continue; } $clean[$k] = $v; } if (!array_key_exists('abook_xchan', $clean)) { continue; } $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($clean['abook_xchan']), intval($channel['channel_id'])); // make sure we have an abook entry for this xchan on this system if (!$r) { if ($max_friends !== false && $total_friends > $max_friends) { logger('process_channel_sync_delivery: total_channels service class limit exceeded'); continue; } if ($max_feeds !== false && intval($clean['abook_feed']) && $total_feeds > $max_feeds) { logger('process_channel_sync_delivery: total_feeds service class limit exceeded'); continue; } q("insert into abook ( abook_xchan, abook_channel ) values ('%s', %d ) ", dbesc($clean['abook_xchan']), intval($channel['channel_id'])); $total_friends++; if (intval($clean['abook_feed'])) { $total_feeds++; } } if (count($clean)) { foreach ($clean as $k => $v) { if ($k == 'abook_dob') { $v = dbescdate($v); } $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id'])); } } } } // sync collections (privacy groups) oh joy... if (array_key_exists('collections', $arr) && is_array($arr['collections']) && count($arr['collections'])) { $x = q("select * from groups where uid = %d", intval($channel['channel_id'])); foreach ($arr['collections'] as $cl) { $found = false; if ($x) { foreach ($x as $y) { if ($cl['collection'] == $y['hash']) { $found = true; break; } } if ($found) { if ($y['name'] != $cl['name'] || $y['visible'] != $cl['visible'] || $y['deleted'] != $cl['deleted']) { q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['hash']), intval($channel['channel_id'])); } if (intval($cl['deleted']) && !intval($y['deleted'])) { q("delete from group_member where gid = %d", intval($y['id'])); } } } if (!$found) { $r = q("INSERT INTO `groups` ( hash, uid, visible, deleted, name )\n\t\t\t\t\t\tVALUES( '%s', %d, %d, %d, '%s' ) ", dbesc($cl['collection']), intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['name'])); } // now look for any collections locally which weren't in the list we just received. // They need to be removed by marking deleted and removing the members. // This shouldn't happen except for clones created before this function was written. if ($x) { $found_local = false; foreach ($x as $y) { foreach ($arr['collections'] as $cl) { if ($cl['collection'] == $y['hash']) { $found_local = true; break; } } if (!$found_local) { q("delete from group_member where gid = %d", intval($y['id'])); q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id'])); } } } } // reload the group list with any updates $x = q("select * from groups where uid = %d", intval($channel['channel_id'])); // now sync the members if (array_key_exists('collection_members', $arr) && is_array($arr['collection_members']) && count($arr['collection_members'])) { // first sort into groups keyed by the group hash $members = array(); foreach ($arr['collection_members'] as $cm) { if (!array_key_exists($cm['collection'], $members)) { $members[$cm['collection']] = array(); } $members[$cm['collection']][] = $cm['member']; } // our group list is already synchronised if ($x) { foreach ($x as $y) { // for each group, loop on members list we just received foreach ($members[$y['hash']] as $member) { $found = false; $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), intval($channel['channel_id']), dbesc($member)); if ($z) { $found = true; } // if somebody is in the group that wasn't before - add them if (!$found) { q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\t\t\t\t\t\t\tVALUES( %d, %d, '%s' ) ", intval($channel['channel_id']), intval($y['id']), dbesc($member)); } } // now retrieve a list of members we have on this site $m = q("select xchan from group_member where gid = %d and uid = %d", intval($y['id']), intval($channel['channel_id'])); if ($m) { foreach ($m as $mm) { // if the local existing member isn't in the list we just received - remove them if (!in_array($mm['xchan'], $members[$y['hash']])) { q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id'])); } } } } } } } if (array_key_exists('profile', $arr) && is_array($arr['profile']) && count($arr['profile'])) { $disallowed = array('id', 'aid', 'uid'); foreach ($arr['profile'] as $profile) { $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id'])); if (!$x) { q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", dbesc($profile['profile_guid']), intval($channel['channel_account_id']), intval($channel['channel_id'])); $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id'])); if (!$x) { continue; } } $clean = array(); foreach ($profile as $k => $v) { if (in_array($k, $disallowed)) { continue; } $clean[$k] = $v; /** * @TODO check if these are allowed, otherwise we'll error * We also need to import local photos if a custom photo is selected */ } if (count($clean)) { foreach ($clean as $k => $v) { $r = dbq("UPDATE profile set `" . dbesc($k) . "` = '" . dbesc($v) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id'])); } } } } if (array_key_exists('item', $arr) && $arr['item']) { sync_items($channel, $arr['item']); } if (array_key_exists('item_id', $arr) && $arr['item_id']) { sync_items($channel, $arr['item_id']); } $addon = array('channel' => $channel, 'data' => $arr); call_hooks('process_channel_sync_delivery', $addon); // we should probably do this for all items, but usually we only send one. require_once 'include/DReport.php'; if (array_key_exists('item', $arr) && is_array($arr['item'][0])) { $DR = new DReport(z_root(), $d['hash'], $d['hash'], $arr['item'][0]['message_id'], 'channel sync processed'); $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); } else { $DR = new DReport(z_root(), $d['hash'], $d['hash'], 'sync packet', 'channel sync delivered'); } $result[] = $DR->get(); } return $result; }
} else { ?> <?php echo $lang[68]; ?> <?php } ?> </td> </tr> <tr> <td colspan="4"> <label>File Can Be Accessed By:</label><br /> <?php $webUsers = dbq("SELECT `id`, `title` FROM {$cfg['db']['prefix']}_folder, {$cfg['db']['prefix']}_structure WHERE link = id AND online = 1 AND parent = 44 ORDER BY position"); $webAccess = dbq("SELECT * FROM {$cfg['db']['prefix']}_access WHERE link = {$id}"); $wac[$id] = array(); if (isset($webAccess) && is_array($webAccess) && count($webAccess) > 0) { foreach ($webAccess as $wa) { $wac[$id][] = $wa['access']; } } ?> <div id="webUsersCategories"> <?php /*if(isset($wuc)) { print_r($wuc); }*/ if (isset($webUsers) && is_array($webUsers) && count($webUsers) > 0) { foreach ($webUsers as $wuc) {
<?php require "cfg.php"; require "fn.php"; if (!@mysql_connect($cfg['db']['address'], $cfg['db']['username'], $cfg['db']['password'])) { $errors[] = $lang[78]; } if (!@mysql_select_db($cfg['db']['name'])) { $errors[] = $lang[79]; } $id = $_POST['id']; if (!is_numeric($id)) { exit('no id passed to script'); } $sql = 'DELETE FROM wp_form_element WHERE id = ' . $id; dbq($sql); $json['outcome'] = 'success'; echo json_encode($json);
function mail_store($arr) { if (!$arr['channel_id']) { logger('mail_store: no uid'); return 0; } if (strpos($arr['body'], '<') !== false || strpos($arr['body'], '>') !== false) { $arr['body'] = escape_tags($arr['body']); } if (array_key_exists('attach', $arr) && is_array($arr['attach'])) { $arr['attach'] = json_encode($arr['attach']); } $arr['account_id'] = x($arr, 'account_id') ? intval($arr['account_id']) : 0; $arr['mid'] = x($arr, 'mid') ? notags(trim($arr['mid'])) : random_string(); $arr['from_xchan'] = x($arr, 'from_xchan') ? notags(trim($arr['from_xchan'])) : ''; $arr['to_xchan'] = x($arr, 'to_xchan') ? notags(trim($arr['to_xchan'])) : ''; $arr['created'] = x($arr, 'created') !== false ? datetime_convert('UTC', 'UTC', $arr['created']) : datetime_convert(); $arr['expires'] = x($arr, 'expires') !== false ? datetime_convert('UTC', 'UTC', $arr['expires']) : NULL_DATE; $arr['title'] = x($arr, 'title') ? notags(trim($arr['title'])) : ''; $arr['parent_mid'] = x($arr, 'parent_mid') ? notags(trim($arr['parent_mid'])) : ''; $arr['body'] = x($arr, 'body') ? trim($arr['body']) : ''; $arr['mail_flags'] = x($arr, 'mail_flags') ? intval($arr['mail_flags']) : 0; if (!$arr['parent_mid']) { logger('mail_store: missing parent'); $arr['parent_mid'] = $arr['mid']; } $r = q("SELECT `id` FROM mail WHERE `mid` = '%s' AND channel_id = %d LIMIT 1", dbesc($arr['mid']), intval($arr['channel_id'])); if ($r) { logger('mail_store: duplicate item ignored. ' . print_r($arr, true)); return 0; } call_hooks('post_mail', $arr); if (x($arr, 'cancel')) { logger('mail_store: post cancelled by plugin.'); return 0; } dbesc_array($arr); logger('mail_store: ' . print_r($arr, true), LOGGER_DATA); $r = dbq("INSERT INTO mail (`" . implode("`, `", array_keys($arr)) . "`) VALUES ('" . implode("', '", array_values($arr)) . "')"); // find the item we just created $r = q("SELECT `id` FROM mail WHERE `mid` = '%s' AND `channel_id` = %d ORDER BY `id` ASC ", $arr['mid'], intval($arr['channel_id'])); if ($r) { $current_post = $r[0]['id']; logger('mail_store: created item ' . $current_post, LOGGER_DEBUG); $arr['id'] = $current_post; // for notification } else { logger('mail_store: could not locate created item'); return 0; } if (count($r) > 1) { logger('mail_store: duplicated post occurred. Removing duplicates.'); q("DELETE FROM mail WHERE `mid` = '%s' AND `channel_id` = %d AND `id` != %d ", $arr['mid'], intval($arr['channel_id']), intval($current_post)); } else { require_once 'include/enotify.php'; $notif_params = array('from_xchan' => $arr['from_xchan'], 'to_xchan' => $arr['to_xchan'], 'type' => NOTIFY_MAIL, 'item' => $arr, 'verb' => ACTIVITY_POST, 'otype' => 'mail'); notification($notif_params); } call_hooks('post_mail_end', $arr); return $current_post; }
<?php require 'db_conn.php'; require 'fn.php'; $row = mysql_real_escape_string($_GET['row']) - 1; $col = mysql_real_escape_string($_GET['col']) - 1; $parent = mysql_real_escape_string($_GET['parent']); $programs = array(); $event = dbq('SELECT * FROM wp_timetable_event WHERE parent = ' . $parent . ' AND row = ' . $row . ' AND col = ' . $col); if (isset($event) && !empty($event)) { $event = array_shift($event); $programs = explode('|', $event['programs']); } else { dbq('INSERT INTO wp_timetable_event (row, col, parent) VALUES (' . $row . ', ' . $col . ', ' . $parent . ')'); } $db_programs = dbq('SELECT * FROM wp_structure WHERE type="submenu" AND parent IN (1524, 1535)'); ?> <div> <form onsubmit="return saveData($(this));" class="timetable-event-details"> <p> <label for="title">Title</label> <input type="text" class="textfield width-100pct" name="title" value="<?php echo isset($event['title']) ? stripslashes(htmlentities($event['title'])) : ''; ?> " /> </p> <p>
?> .gif" class="onoff" alt="online/offline" /> </span> </li> <?php } } ?> </ul> <input type="button" id="file-sort-save" value="save order" onClick="return saveSort('file-sort');" /> <img src="js/loading.gif" alt="loading" id="file-sort-no-show" /> </div> <hr /> <?php $sql = 'SELECT * FROM floorplan_dimensions WHERE wp_id = ' . $id . ' ORDER BY `position`'; $fpd = dbq($sql); ?> <label>Floorplan Dimensions</label><br /> <label>Name - Value (sqm)</label><br /> <div id="fpd-parent"> <ul class="fpd-list"> <?php if (is_array($fpd) && count($fpd) > 0) { foreach ($fpd as $r) { ?> <li id="<?php echo $r['id']; ?> " class="sort-li"> <img src="js/handle.gif" alt="move" class="move" /> <input type="hidden" name="fpd_id[]" value="<?php
function update_1036() { $r = dbq("SELECT * FROM `contact` WHERE `network` = 'dfrn' && `photo` LIKE '%include/photo%' "); if (count($r)) { foreach ($r as $rr) { q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `id` = %d LIMIT 1", dbesc(str_replace('include/photo', 'photo', $rr['photo'])), dbesc(str_replace('include/photo', 'photo', $rr['thumb'])), dbesc(str_replace('include/photo', 'photo', $rr['micro'])), intval($rr['id'])); } } }
" method="post"> <?php require "tpl/inc/buttons.php"; ?> <div class="right-col-padding1"> <div class="width-99pct"> <table class="rec-table"> <?php require "tpl/inc/record.php"; ?> <?php $images = dbq('SELECT id, title FROM wp_structure WHERE parent = 3470 ORDER BY position'); $hl_packages = dbq('SELECT id, title FROM wp_structure WHERE parent = 3467 ORDER BY position'); $articles = dbq('SELECT id, title FROM wp_structure WHERE parent = 3465 ORDER BY position'); ?> <tr> <td colspan="2"> <label>Select an item to preview</label><br /> <select id="item-selection" class="width-100pct textfield"> <option></option> <optgroup label="Images"> <?php foreach ($images as $item) { ?> <option value="<?php echo $item['id'];
" id="email_<?php echo $jj; ?> " value="Send" onclick="sendMail('<?php echo $dir . $file; ?> ','email_addrs_<?php echo $jj; ?> ');" /></td> <!-- get category --> <?php $index = strrpos($file, "id-"); //$dotpos = strrpos($file, "."); $cate_id = substr($file, $index + 3, 1); $query = dbq("SELECT * FROM nec_dealer WHERE id=" . $cate_id); $group_name = $query[0]['dealer_type']; ?> <td><label>OR email to <?php echo $group_name; ?> group</label><br /> <!--<select id="dealers"><option value="">Select one group</option></select>--> <input type="button" name="email_group" id="email_group_<?php echo $jj; ?> " value="Send" onclick="insertEmail('<?php echo $dir . $file; ?>
function import_account($account_id) { if (!$account_id) { logger("import_account: No account ID supplied"); return; } $max_identities = account_service_class_fetch($account_id, 'total_identities'); $max_friends = account_service_class_fetch($account_id, 'total_channels'); $max_feeds = account_service_class_fetch($account_id, 'total_feeds'); if ($max_identities !== false) { $r = q("select channel_id from channel where channel_account_id = %d", intval($account_id)); if ($r && count($r) > $max_identities) { notice(sprintf(t('Your service plan only allows %d channels.'), $max_identities) . EOL); return; } } $data = null; $seize = x($_REQUEST, 'make_primary') ? intval($_REQUEST['make_primary']) : 0; $import_posts = x($_REQUEST, 'import_posts') ? intval($_REQUEST['import_posts']) : 0; $src = $_FILES['filename']['tmp_name']; $filename = basename($_FILES['filename']['name']); $filesize = intval($_FILES['filename']['size']); $filetype = $_FILES['filename']['type']; $completed = array_key_exists('import_step', $_SESSION) ? intval($_SESSION['import_step']) : 0; if ($completed) { logger('saved import step: ' . $_SESSION['import_step']); } if ($src) { // This is OS specific and could also fail if your tmpdir isn't very large // mostly used for Diaspora which exports gzipped files. if (strpos($filename, '.gz')) { @rename($src, $src . '.gz'); @system('gunzip ' . escapeshellarg($src . '.gz')); } if ($filesize) { $data = @file_get_contents($src); } unlink($src); } if (!$src) { $old_address = x($_REQUEST, 'old_address') ? $_REQUEST['old_address'] : ''; if (!$old_address) { logger('mod_import: nothing to import.'); notice(t('Nothing to import.') . EOL); return; } $email = x($_REQUEST, 'email') ? $_REQUEST['email'] : ''; $password = x($_REQUEST, 'password') ? $_REQUEST['password'] : ''; $channelname = substr($old_address, 0, strpos($old_address, '@')); $servername = substr($old_address, strpos($old_address, '@') + 1); $scheme = 'https://'; $api_path = '/api/red/channel/export/basic?f=&channel=' . $channelname; if ($import_posts) { $api_path .= '&posts=1'; } $binary = false; $redirects = 0; $opts = array('http_auth' => $email . ':' . $password); $url = $scheme . $servername . $api_path; $ret = z_fetch_url($url, $binary, $redirects, $opts); if (!$ret['success']) { $ret = z_fetch_url('http://' . $servername . $api_path, $binary, $redirects, $opts); } if ($ret['success']) { $data = $ret['body']; } else { notice(t('Unable to download data from old server') . EOL); } } if (!$data) { logger('mod_import: empty file.'); notice(t('Imported file is empty.') . EOL); return; } $data = json_decode($data, true); // logger('import: data: ' . print_r($data,true)); // print_r($data); if (array_key_exists('user', $data) && array_key_exists('version', $data)) { require_once 'include/Import/import_diaspora.php'; import_diaspora($data); return; } $moving = false; if (array_key_exists('compatibility', $data) && array_key_exists('database', $data['compatibility'])) { $v1 = substr($data['compatibility']['database'], -4); $v2 = substr(DB_UPDATE_VERSION, -4); if ($v2 > $v1) { $t = sprintf(t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1); notice($t); } if (array_key_exists('server_role', $data['compatibility']) && $data['compatibility']['server_role'] == 'basic') { $moving = true; } } if ($moving) { $seize = 1; } // import channel $relocate = array_key_exists('relocate', $data) ? $data['relocate'] : null; if (array_key_exists('channel', $data)) { if ($completed < 1) { $channel = import_channel($data['channel'], $account_id, $seize); } else { $r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1", intval($account_id), dbesc($channel['channel_guid'])); if ($r) { $channel = $r[0]; } } if (!$channel) { logger('mod_import: channel not found. ', print_r($channel, true)); notice(t('Cloned channel not found. Import failed.') . EOL); return; } } if (!$channel) { $channel = \App::get_channel(); } if (!$channel) { logger('mod_import: channel not found. ', print_r($channel, true)); notice(t('No channel. Import failed.') . EOL); return; } if ($completed < 2) { if (is_array($data['config'])) { import_config($channel, $data['config']); } logger('import step 2'); $_SESSION['import_step'] = 2; } if ($completed < 3) { if ($data['photo']) { require_once 'include/photo/photo_driver.php'; import_channel_photo(base64url_decode($data['photo']['data']), $data['photo']['type'], $account_id, $channel['channel_id']); } if (is_array($data['profile'])) { import_profiles($channel, $data['profile']); } logger('import step 3'); $_SESSION['import_step'] = 3; } if ($completed < 4) { if (is_array($data['hubloc']) && !$moving) { import_hublocs($channel, $data['hubloc'], $seize); } logger('import step 4'); $_SESSION['import_step'] = 4; } if ($completed < 5) { // create new hubloc for the new channel at this site $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_network, hubloc_primary, \n\t\t\t\thubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey )\n\t\t\t\tvalues ( '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )", dbesc($channel['channel_guid']), dbesc($channel['channel_guid_sig']), dbesc($channel['channel_hash']), dbesc(channel_reddress($channel)), dbesc('zot'), intval($seize ? 1 : 0), dbesc(z_root()), dbesc(base64url_encode(rsa_sign(z_root(), $channel['channel_prvkey']))), dbesc(\App::get_hostname()), dbesc(z_root() . '/post'), dbesc(get_config('system', 'pubkey'))); // reset the original primary hubloc if it is being seized if ($seize) { $r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' and hubloc_url != '%s' ", dbesc($channel['channel_hash']), dbesc(z_root())); } logger('import step 5'); $_SESSION['import_step'] = 5; } if ($completed < 6) { // import xchans and contact photos if ($seize) { // replace any existing xchan we may have on this site if we're seizing control $r = q("delete from xchan where xchan_hash = '%s'", dbesc($channel['channel_hash'])); $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date, xchan_hidden, xchan_orphan, xchan_censored, xchan_selfcensored, xchan_system, xchan_pubforum, xchan_deleted ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d )", dbesc($channel['channel_hash']), dbesc($channel['channel_guid']), dbesc($channel['channel_guid_sig']), dbesc($channel['channel_pubkey']), dbesc(z_root() . "/photo/profile/l/" . $channel['channel_id']), dbesc(z_root() . "/photo/profile/m/" . $channel['channel_id']), dbesc(z_root() . "/photo/profile/s/" . $channel['channel_id']), dbesc(channel_reddress($channel)), dbesc(z_root() . '/channel/' . $channel['channel_address']), dbesc(z_root() . '/follow?f=&url=%s'), dbesc(z_root() . '/poco/' . $channel['channel_address']), dbesc($channel['channel_name']), dbesc('zot'), dbesc(datetime_convert()), dbesc(datetime_convert()), 0, 0, 0, 0, 0, 0, 0); } logger('import step 6'); $_SESSION['import_step'] = 6; } if ($completed < 7) { $xchans = $data['xchan']; if ($xchans) { foreach ($xchans as $xchan) { $hash = make_xchan_hash($xchan['xchan_guid'], $xchan['xchan_guid_sig']); if ($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) { logger('forged xchan: ' . print_r($xchan, true)); continue; } if (!array_key_exists('xchan_hidden', $xchan)) { $xchan['xchan_hidden'] = $xchan['xchan_flags'] & 0x1 ? 1 : 0; $xchan['xchan_orphan'] = $xchan['xchan_flags'] & 0x2 ? 1 : 0; $xchan['xchan_censored'] = $xchan['xchan_flags'] & 0x4 ? 1 : 0; $xchan['xchan_selfcensored'] = $xchan['xchan_flags'] & 0x8 ? 1 : 0; $xchan['xchan_system'] = $xchan['xchan_flags'] & 0x10 ? 1 : 0; $xchan['xchan_pubforum'] = $xchan['xchan_flags'] & 0x20 ? 1 : 0; $xchan['xchan_deleted'] = $xchan['xchan_flags'] & 0x1000 ? 1 : 0; } $r = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1", dbesc($xchan['xchan_hash'])); if ($r) { continue; } dbesc_array($xchan); $r = dbq("INSERT INTO xchan (`" . implode("`, `", array_keys($xchan)) . "`) VALUES ('" . implode("', '", array_values($xchan)) . "')"); require_once 'include/photo/photo_driver.php'; $photos = import_xchan_photo($xchan['xchan_photo_l'], $xchan['xchan_hash']); if ($photos[4]) { $photodate = NULL_DATE; } else { $photodate = $xchan['xchan_photo_date']; } $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s'\n\t\t\t\t\t\twhere xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($photodate), dbesc($xchan['xchan_hash'])); } } logger('import step 7'); $_SESSION['import_step'] = 7; } // FIXME - ensure we have an xchan if somebody is trying to pull a fast one if ($completed < 8) { $friends = 0; $feeds = 0; // import contacts $abooks = $data['abook']; if ($abooks) { foreach ($abooks as $abook) { $abook_copy = $abook; $abconfig = null; if (array_key_exists('abconfig', $abook) && is_array($abook['abconfig']) && count($abook['abconfig'])) { $abconfig = $abook['abconfig']; } unset($abook['abook_id']); unset($abook['abook_rating']); unset($abook['abook_rating_text']); unset($abook['abconfig']); unset($abook['abook_their_perms']); unset($abook['abook_my_perms']); $abook['abook_account'] = $account_id; $abook['abook_channel'] = $channel['channel_id']; if (!array_key_exists('abook_blocked', $abook)) { $abook['abook_blocked'] = $abook['abook_flags'] & 0x1 ? 1 : 0; $abook['abook_ignored'] = $abook['abook_flags'] & 0x2 ? 1 : 0; $abook['abook_hidden'] = $abook['abook_flags'] & 0x4 ? 1 : 0; $abook['abook_archived'] = $abook['abook_flags'] & 0x8 ? 1 : 0; $abook['abook_pending'] = $abook['abook_flags'] & 0x10 ? 1 : 0; $abook['abook_unconnected'] = $abook['abook_flags'] & 0x20 ? 1 : 0; $abook['abook_self'] = $abook['abook_flags'] & 0x80 ? 1 : 0; $abook['abook_feed'] = $abook['abook_flags'] & 0x100 ? 1 : 0; } if ($abook['abook_self']) { $role = get_pconfig($channel['channel_id'], 'system', 'permissions_role'); if ($role === 'forum' || $abook['abook_my_perms'] & PERMS_W_TAGWALL) { q("update xchan set xchan_pubforum = 1 where xchan_hash = '%s' ", dbesc($abook['abook_xchan'])); } } else { if ($max_friends !== false && $friends > $max_friends) { continue; } if ($max_feeds !== false && intval($abook['abook_feed']) && $feeds > $max_feeds) { continue; } } dbesc_array($abook); $r = dbq("INSERT INTO abook (`" . implode("`, `", array_keys($abook)) . "`) VALUES ('" . implode("', '", array_values($abook)) . "')"); $friends++; if (intval($abook['abook_feed'])) { $feeds++; } translate_abook_perms_inbound($channel, $abook_copy); if ($abconfig) { // @fixme does not handle sync of del_abconfig foreach ($abconfig as $abc) { set_abconfig($channel['channel_id'], $abc['xchan'], $abc['cat'], $abc['k'], $abc['v']); } } } } logger('import step 8'); $_SESSION['import_step'] = 8; } if ($completed < 9) { $groups = $data['group']; if ($groups) { $saved = array(); foreach ($groups as $group) { $saved[$group['hash']] = array('old' => $group['id']); if (array_key_exists('name', $group)) { $group['gname'] = $group['name']; unset($group['name']); } unset($group['id']); $group['uid'] = $channel['channel_id']; dbesc_array($group); $r = dbq("INSERT INTO groups (`" . implode("`, `", array_keys($group)) . "`) VALUES ('" . implode("', '", array_values($group)) . "')"); } $r = q("select * from `groups` where uid = %d", intval($channel['channel_id'])); if ($r) { foreach ($r as $rr) { $saved[$rr['hash']]['new'] = $rr['id']; } } } $group_members = $data['group_member']; if ($group_members) { foreach ($group_members as $group_member) { unset($group_member['id']); $group_member['uid'] = $channel['channel_id']; foreach ($saved as $x) { if ($x['old'] == $group_member['gid']) { $group_member['gid'] = $x['new']; } } dbesc_array($group_member); $r = dbq("INSERT INTO group_member (`" . implode("`, `", array_keys($group_member)) . "`) VALUES ('" . implode("', '", array_values($group_member)) . "')"); } } logger('import step 9'); $_SESSION['import_step'] = 9; } if (is_array($data['obj'])) { import_objs($channel, $data['obj']); } if (is_array($data['likes'])) { import_likes($channel, $data['likes']); } if (is_array($data['app'])) { import_apps($channel, $data['app']); } if (is_array($data['chatroom'])) { import_chatrooms($channel, $data['chatroom']); } if (is_array($data['conv'])) { import_conv($channel, $data['conv']); } if (is_array($data['mail'])) { import_mail($channel, $data['mail']); } if (is_array($data['event'])) { import_events($channel, $data['event']); } if (is_array($data['event_item'])) { import_items($channel, $data['event_item'], false, $relocate); } if (is_array($data['menu'])) { import_menus($channel, $data['menu']); } $addon = array('channel' => $channel, 'data' => $data); call_hooks('import_channel', $addon); $saved_notification_flags = notifications_off($channel['channel_id']); if ($import_posts && array_key_exists('item', $data) && $data['item']) { import_items($channel, $data['item'], false, $relocate); } notifications_on($channel['channel_id'], $saved_notification_flags); if (array_key_exists('item_id', $data) && $data['item_id']) { import_item_ids($channel, $data['item_id']); } // FIXME - ensure we have a self entry if somebody is trying to pull a fast one // send out refresh requests // notify old server that it may no longer be primary. \Zotlabs\Daemon\Master::Summon(array('Notifier', 'location', $channel['channel_id'])); // This will indirectly perform a refresh_all *and* update the directory \Zotlabs\Daemon\Master::Summon(array('Directory', $channel['channel_id'])); notice(t('Import completed.') . EOL); change_channel($channel['channel_id']); unset($_SESSION['import_step']); goaway(z_root() . '/network'); }
public function SaveFacebook() { $item = FormUtils::form2dbhash($_REQUEST, 'access_token id email first_name last_name name username gender link locale timezone verified'); #TODO better validate if (!$item['access_token'] || !$item['id']) { throw new ApplicationException("Wrong facebook data", 1); } /* $fb = new Facebook(array( 'appId' => $GLOBALS['FACEBOOK_APP_ID'], 'secret' => $GLOBALS['FACEBOOK_APP_SECRET'], )); $fb_user_id = $facebook->getUser(); $user_profile = $facebook->api('/me'); */ #check if such user exists $users_id = 0; #first - check by email $hU = $this->model->one_by_email($item['email']); if ($hU['id']) { $users_id = $hU['id']; } if (!$users_id) { #now check by facebook email $hU = db_row("select * from users where fb_email=" . dbq($item['email'])); if ($hU['id']) { $users_id = $hU['id']; } } if (!$users_id) { #now check by facebook id $hU = db_row("select * from users where fb_id=" . dbq($item['id'])); if ($hU['id']) { $users_id = $hU['id']; } } if ($users_id) { #update user's missing data from facebook $vars = array('fb_access_token' => $item['access_token']); if ($hU['sex'] != ($item['gender'] == 'male' ? 1 : 0)) { $vars['sex'] = $item['gender'] == 'male' ? 1 : 0; } if (!$hU['fname']) { $vars['fname'] = $item['first_name']; } if (!$hU['lname']) { $vars['lname'] = $item['last_name']; } if ($hU['fb_email'] != $item['email'] && $item['email']) { $vars['fb_email'] = $item['email']; } if (!$hU['fb_id']) { $vars['fb_id'] = $item['id']; } if (!$hU['fb_link']) { $vars['fb_link'] = $item['link']; } if (!$hU['fb_locale']) { $vars['fb_locale'] = $item['locale']; } if (!$hU['fb_name']) { $vars['fb_name'] = $item['name']; } if (!$hU['fb_timezone']) { $vars['fb_timezone'] = $item['timezone']; } if (!$hU['fb_username']) { $vars['fb_username'] = $item['username']; } if (!$hU['fb_verified']) { $vars['fb_verified'] = $item['verified'] == 'true' ? 1 : 0; } if (!$hU['fb_picture_url']) { $vars['fb_picture_url'] = 'http://graph.facebook.com/' . $item['username'] . '/picture'; } db_update('users', $vars, $users_id); } else { #register user first if new $users_id = $this->model->add(array('email' => $item['email'], 'nick' => $item['name'], 'sex' => $item['gender'] == 'male' ? 1 : 0, 'fname' => $item['first_name'], 'lname' => $item['last_name'], 'fb_id' => $item['id'], 'fb_link' => $item['link'], 'fb_locale' => $item['locale'], 'fb_name' => $item['name'], 'fb_timezone' => $item['timezone'], 'fb_username' => $item['username'], 'fb_verified' => $item['verified'] == 'true' ? 1 : 0, 'fb_picture_url' => 'http://graph.facebook.com/' . $item['username'] . '/picture', 'fb_access_token' => $item['access_token'])); } #automatically login the user $_SESSION['is_just_registered'] = 1; $this->model->do_login($users_id); $ps = array('status' => 0, 'err_msg' => ''); parse_json($ps); }
$args['photo_usage'] = PHOTO_PROFILE; } if (array_key_exists('photo_usage', $args)) { $args['photo_usage'] = $j['photo']['photo_usage']; } $args['type'] = $j['photo']['type']; $args['item'] = $j['item'] ? $j['item'] : false; // logger('redphotohelper: ' . print_r($j,true)); $r = q("select id from photo where resource_id = '%s' and uid = %d limit 1", dbesc($args['hash']), intval($channel['channel_id'])); if ($r) { killme(); } $ret = attach_store($channel, $channel['channel_hash'], 'import', $args); $r = q("select * from item where resource_id = '%s' and resource_type = 'photo' and uid = %d limit 1", dbesc($args['hash']), intval($channel['channel_id'])); if ($r) { $item = $r[0]; item_url_replace($channel, $item, $fr_server, z_root(), $fr_username); dbesc_array($item); $item_id = $item['id']; unset($item['id']); $str = ''; foreach ($item as $k => $v) { if ($str) { $str .= ","; } $str .= " `" . $k . "` = '" . $v . "' "; } $r = dbq("update `item` set " . $str . " where id = " . $item_id); } // logger('photo_import: ' . print_r($ret,true)); killme();
<?php $dc_details = dbq("SELECT wp_display_centre.state_id FROM wp_display_centre WHERE link = '" . $record['parent'] . "'"); ?> <?php require "tpl/inc/head.php"; ?> <body> <div id="page"> <?php require "tpl/inc/header.php"; ?> <?php require "tpl/inc/path.php"; ?> <div id="content"> <div id="left-col"> <div id="left-col-border"> <?php if (isset($errors)) { require "tpl/inc/error.php"; } ?> <?php if (isset($messages)) { require "tpl/inc/message.php"; }
$errorsChecked = true; } else { if (is_uploaded_file($_FILES['fileId']['tmp_name'])) { if ($record['extension'] != '') { unlink($cfg['data'] . "{$id}" . "." . $record['extension']); } $extension = strtolower(ereg_replace('.*\\.([A-Za-z0-9_-]+)$', '\\1', $_FILES['fileId']['name'])); move_uploaded_file($_FILES['fileId']['tmp_name'], $cfg['data'] . "{$id}.{$extension}"); $image_info = @getimagesize($cfg['data'] . "{$id}.{$extension}"); if (!is_file($cfg['data'] . $id) && is_array($image_info) && in_array($image_info[2], array(1, 2, 3))) { @copy($cfg['data'] . "{$id}.{$extension}", $cfg['data'] . $id); } } else { $extension = $record['extension']; } if (is_file($cfg['data'] . $id)) { if (is_file($cfg['data'] . "{$id}-s.jpg")) { unlink($cfg['data'] . "{$id}-s.jpg"); unlink($cfg['data'] . "{$id}-m.jpg"); unlink($cfg['data'] . "{$id}-l.jpg"); } resize_img($cfg['data'] . $id, $cfg['data'] . "{$id}-s.jpg", $cfg['img']['small'][0], $cfg['img']['small'][1], $cfg['img']['small'][2], $cfg['img']['small'][3], $cfg['img']['small'][4], $cfg['img']['small'][5], $cfg['img']['small'][6], $cfg['img']['small'][7]); resize_img($cfg['data'] . $id, $cfg['data'] . "{$id}-m.jpg", $cfg['img']['medium'][0], $cfg['img']['medium'][1], $cfg['img']['medium'][2], $cfg['img']['medium'][3], $cfg['img']['medium'][4], $cfg['img']['medium'][5], $cfg['img']['medium'][6], $cfg['img']['medium'][7]); resize_img($cfg['data'] . $id, $cfg['data'] . "{$id}-l.jpg", $cfg['img']['large'][0], $cfg['img']['large'][1], $cfg['img']['large'][2], $cfg['img']['large'][3], $cfg['img']['large'][4], $cfg['img']['large'][5], $cfg['img']['large'][6], $cfg['img']['large'][7]); unlink($cfg['data'] . $id); } if ($record['position'] != $_POST['position']) { dbq("UPDATE {$cfg['db']['prefix']}_structure SET position = position + 1 WHERE position >= {$_POST['position']} ORDER BY position DESC"); } dbq("UPDATE\r\n {$cfg['db']['prefix']}_structure,\r\n {$cfg['db']['prefix']}_hi_res\r\n SET\r\n title = '" . addslashes($_POST['title']) . "',\r\n uri = '{$uri}',\r\n online = {$online},\r\n sort = '{$_POST['sort']}',\r\n position = {$_POST['position']},\r\n modified = '{$time}',\r\n viewRights = '{$viewRights}',\r\n createRights = '{$createRights}',\r\n editRights = '{$editRights}',\r\n deleteRights = '{$deleteRights}',\r\n extension = '{$extension}'\r\n WHERE\r\n link = id AND\r\n id = {$id}"); }
<?php if (!isset($errorsChecked)) { if (!ereg('.+', $_POST['title'])) { $errors[] = $lang[103]; } if (dbq("SELECT * FROM {$cfg['db']['prefix']}_structure WHERE parent = {$record['parent']} AND id <> {$id} AND title = '" . addslashes($_POST['title']) . "' AND title <> ''")) { $errors[] = $lang[104]; } $uri = strtolower(ereg_replace('[^A-Za-z0-9]+', '-', strip_accents($_POST['title']))); if (substr($uri, -1) == '-') { $uri = substr_replace($uri, "", -1); } if (!preg_match('/^[0-9]+$/', $_POST['points'])) { $errors[] = "Point value must be numeric."; } if (!isset($errors) && dbq("SELECT * FROM {$cfg['db']['prefix']}_structure WHERE parent = {$record['parent']} AND id <> {$id} AND uri = '{$uri}' AND uri <> ''")) { $errors[] = $lang[105]; } $errorsChecked = true; } else { if ($record['position'] != $_POST['position']) { dbq("UPDATE {$cfg['db']['prefix']}_structure SET position = position + 1 WHERE position >= {$_POST['position']} ORDER BY position DESC"); } dbq("UPDATE\r\n {$cfg['db']['prefix']}_structure,\r\n {$cfg['db']['prefix']}_prize\r\n SET\r\n title = '" . addslashes($_POST['title']) . "',\r\n uri = '{$uri}',\r\n online = {$online},\r\n sort = '{$_POST['sort']}',\r\n position = {$_POST['position']},\r\n modified = '{$time}',\r\n viewRights = '{$viewRights}',\r\n createRights = '{$createRights}',\r\n editRights = '{$editRights}',\r\n deleteRights = '{$deleteRights}',\r\n content = '" . addslashes(preg_replace('/src="..\\//', 'src="', $_POST['content'])) . "',\r\n points = '" . mysql_real_escape_string($_POST['points']) . "',\r\n synopsis = '" . mysql_real_escape_string($_POST['synopsis']) . "'\r\n WHERE\r\n link = id AND\r\n id = {$id}"); }
$price = mysql_real_escape_string($_GET['price']); $id = $_GET['id']; $parent = $_GET['parent']; $type_id = $_GET['type_id']; if (isset($_GET['price']) && isset($_GET['id']) && preg_match('/^[0-9]+$/', $_GET['id'])) { if ($type == 'fabric' || $type == 'nail' || $type == "legs" || $type == "leather") { if (!dbq("UPDATE `wp_model_element` SET `price` = '{$price}' WHERE `id` = '{$id}' LIMIT 1")) { $msg = 'ERROR'; $title = 'Database Error'; } else { $msg = 'SUCCESS'; $title = $price; } } } else { if (isset($_GET['price']) && isset($_GET['parent']) && preg_match('/^[0-9]+$/', $_GET['parent'])) { if ($type == 'fabric' || $type == 'nail' || $type == "legs" || $type == "leather") { if (!dbq("INSERT INTO `wp_model_element` (parent, type, type_id, price, position, online) VALUES ( '{$parent}' , '{$type}' , '{$type_id}' , '{$price}' , '1', '0' )")) { $msg = 'ERROR'; $title = 'Database Error'; } else { $msg = 'SUCCESS'; $title = $price; } } } else { $msg = 'ERROR'; $title = 'Input Error'; } } echo "titleDetails = {msg: '{$msg}', title: '{$title}'};";
<?php } } ?> </ul> <input type="button" id="image-sort-save" value="save order" onClick="return saveSort('image-sort');" /> <img src="js/loading.gif" alt="loading" id="image-sort-no-show" /> </div> </td> <td colspan="2"> <label>Upload Files</label><br /> <input type="file" id="jq-files" name="jq-files" onChange="return ajaxFileUpload('jq-files', 'file-parent');" /> <div id="file-parent"> <ul id="file-sort"> <?php $linked_files = dbq("SELECT * FROM `wp_file_gallery` WHERE `parent` = '{$id}' ORDER BY `position`"); if (is_array($linked_files)) { foreach ($linked_files as $lf) { ?> <li class="sort-li" id="<?php echo $lf['id']; ?> "> <img src="js/handle.gif" alt="move" class="move" /> <img src="js/edit.gif" alt="edit" class="edit" onClick="$(this).siblings('.editor').css('display', 'inline'); $(this).siblings('.preview').css('display', 'none'); trapEnter('#edit-<?php echo $lf['id']; ?> ', <?php echo $lf['id']; ?> , 'file');" />
<?php if (!isset($errorsChecked)) { if (!ereg('.+', $_POST['title'])) { $errors[] = $lang[103]; } if (dbq("SELECT * FROM {$cfg['db']['prefix']}_structure WHERE parent = {$record['parent']} AND id <> {$id} AND title = '" . addslashes($_POST['title']) . "' AND title <> ''")) { $errors[] = $lang[104]; } $uri = strtolower(ereg_replace('[^A-Za-z0-9]+', '-', strip_accents($_POST['title']))); if (!isset($errors) && dbq("SELECT * FROM {$cfg['db']['prefix']}_structure WHERE parent = {$record['parent']} AND id <> {$id} AND uri = '{$uri}' AND uri <> ''")) { $errors[] = $lang[105]; } $errorsChecked = true; } else { if ($record['position'] != $_POST['position']) { dbq("UPDATE {$cfg['db']['prefix']}_structure SET position = position + 1 WHERE position >= {$_POST['position']} ORDER BY position DESC"); } dbq("UPDATE\r\n {$cfg['db']['prefix']}_structure,\r\n {$cfg['db']['prefix']}_type\r\n SET\r\n title = '" . addslashes($_POST['title']) . "',\r\n uri = '{$uri}',\r\n online = {$online},\r\n sort = '{$_POST['sort']}',\r\n position = {$_POST['position']},\r\n type_id = '{$_POST['type_id']}',\r\n modified = '{$time}',\r\n viewRights = '{$viewRights}',\r\n createRights = '{$createRights}',\r\n editRights = '{$editRights}',\r\n deleteRights = '{$deleteRights}',\r\n description = '" . addslashes(preg_replace('/src="..\\//', 'src="', $_POST['description'])) . "'\r\n WHERE\r\n link = id AND\r\n id = {$id}"); }
$portal_rea_upload = 0; if (isset($_POST['portal_rea']) && $_POST['portal_rea'] == 1) { $portal_rea = 1; $portal_rea_upload = 1; } $portal_domain = 0; $portal_domain_upload = 0; if (isset($_POST['portal_domain']) && $_POST['portal_domain'] == 1) { $portal_domain = 1; $portal_domain_upload = 1; } $agent = 0; if (isset($_POST['agent']) && $_POST['agent'] == 1) { $agent = 1; } $under_contract = 0; if (isset($_POST['under_contract']) && $_POST['under_contract'] == 1) { $under_contract = 1; } $date = 'null'; if (($_POST['sold_date'] != '' || $_POST['sold_date'] != 0) && strtotime($_POST['sold_date'])) { #echo $_POST['sold_date']; $date = '\'' . date('Y-m-d', strtotime($_POST['sold_date'])) . '\''; } if (isset($_POST['portal_id']) && !empty($_POST['portal_id'])) { $portal_id = $_POST['portal_id']; } else { $portal_id = $id + 106601363; } dbq("UPDATE\r\n\t{$cfg['db']['prefix']}_structure,\r\n\t{$cfg['db']['prefix']}_hl_package\r\n\tSET\r\n\ttitle = '" . addslashes($_POST['title']) . "',\r\n\t\turi = '{$uri}',\r\n\t\tonline = {$online},\r\n\t\tsort = '{$_POST['sort']}',\r\n\t\tposition = {$_POST['position']},\r\n\t\tmodified = '{$time}',\r\n\t\tviewRights = '{$viewRights}',\r\n\t\tcreateRights = '{$createRights}',\r\n\t\teditRights = '{$editRights}',\r\n\t\tdeleteRights = '{$deleteRights}',\r\n\t\tinclusions = '" . addslashes(preg_replace('/src="..\\//', 'src="', $_POST['inclusions'])) . "',\r\n\t\tfine_print = '" . addslashes(preg_replace('/src="..\\//', 'src="', $_POST['fine_print'])) . "',\r\n\t\tinclusion_id = '" . addslashes($inclusions) . "',\r\n\t\tfine_print_id = '" . addslashes($_POST['fine_print_id']) . "',\r\n\t\tstate_id = '" . addslashes($_POST['state_id']) . "',\r\n\t\tsuburb_id = '" . addslashes($_POST['suburb_id']) . "',\r\n\t\thome_id = '" . addslashes($_POST['home_id']) . "',\r\n\t\tfacade_id = '" . addslashes($_POST['facade_id']) . "',\r\n\t\t{$custom_home}\r\n\t\t{$custom_facade}\r\n\t\taddress = '" . addslashes($_POST['address']) . "',\r\n\t\tsquares = '" . addslashes($_POST['squares']) . "',\r\n\t\tdisplay_address = '{$display_address}', \r\n\t\tstreet_number = '" . addslashes($_POST['street_number']) . "',\r\n\t\tstreet_name = '" . addslashes($_POST['street_name']) . "',\r\n\t\tsuburb = '" . addslashes($_POST['suburb']) . "',\r\n\t\tpostcode = '" . addslashes($_POST['postcode']) . "',\r\n\t\tpackage_bed = '" . addslashes($_POST['package_bed']) . "',\r\n\t\tpackage_bath = '" . addslashes($_POST['package_bath']) . "',\r\n\t\tpackage_cars = '" . addslashes($_POST['package_cars']) . "',\r\n\t\tpackage_garages = '" . addslashes($_POST['package_garages']) . "',\r\n\t\testate = '" . addslashes($_POST['estate']) . "',\r\n\t\tcategory = '" . addslashes($_POST['category']) . "',\r\n\t\tstatus = '" . addslashes($_POST['status']) . "',\r\n\t\tunder_contract = '{$under_contract}',\r\n\t\tsold_date = " . $date . ",\r\n\t\tprice = {$price},\r\n\t\tdisplay_price = '" . addslashes($_POST['display_price']) . "',\r\n\t\tlot_size = '" . addslashes($_POST['lot_size']) . "',\r\n\t\thouse_size = '" . addslashes($_POST['house_size']) . "',\r\n\t\tbuilder_id = '" . addslashes($_POST['builder_id']) . "',\r\n\t\tcond = '" . addslashes($_POST['cond']) . "',\r\n\t\tfixed_site_cost = '" . addslashes($fixed_site_cost) . "',\r\n\t\tportal = '" . addslashes($portal) . "',\r\n\t\tportal_id = '" . addslashes($portal_id) . "',\r\n\t\tportal_title = '" . addslashes($_POST['portal_title']) . "',\r\n\t\tmeasurement_unit = '" . addslashes($_POST['measurement_unit']) . "',\r\n\t\tportal_upload = '" . $portal_upload . "',\r\n\t\tportal_rea_upload = '" . $portal_rea_upload . "',\r\n\t\tportal_domain_upload = '" . $portal_domain_upload . "',\r\n\t\tagent = '" . addslashes($_POST['agent']) . "',\r\n\t\tagent_name = '" . addslashes($_POST['agent_name']) . "',\r\n\t\tagent_phone = '" . addslashes($_POST['agent_phone']) . "',\r\n\t\tagent_mobile = '" . addslashes($_POST['agent_mobile']) . "',\r\n\t\tagent_email = '" . addslashes($_POST['agent_email']) . "',\r\n\t\tportal_rea = '" . addslashes($_POST['portal_rea']) . "',\r\n\t\tportal_domain = '" . addslashes($_POST['portal_domain']) . "'\r\n\t\tWHERE\r\n\t\tlink = id AND\r\n\t\tid = {$id}"); }