/** * Supprimer les révisions des objets disparus */ function optimiser_base_revisions() { /** * On commence par récupérer la liste des types d'objet ayant au moins une révision */ $objets_revises = sql_select('objet', 'spip_versions', 'id_version=1', 'objet'); /** * Pour chaque objet, on va contruire un tableau des identifiants disparus * On supprimera ensuite les occurences dans spip_versions et spip_versions_fragments */ while ($objet = sql_fetch($objets_revises)) { $in = array(); $table = table_objet_sql($objet['objet']); $id_table_objet = id_table_objet($objet['objet']); $res = sql_select("A.id_objet AS id_objet, A.objet AS objet", "spip_versions AS A LEFT JOIN {$table} AS R\n\t\t\t\t\t\t\tON R.{$id_table_objet}=A.id_objet AND A.objet=" . sql_quote($objet['objet']), "R.{$id_table_objet} IS NULL AND A.objet=" . sql_quote($objet['objet']) . " AND A.id_objet > 0", "A.id_objet", "A.id_objet"); while ($row = sql_fetch($res)) { $in[$row['id_objet']] = true; } sql_free($res); /** * Si on a un array * On supprime toute occurence des objets disparus dans : * -* spip_versions * -* spip_versions_fragments */ if ($in) { foreach (array('spip_versions', 'spip_versions_fragments') as $table) { sql_delete($table, sql_in('id_objet', array_keys($in)) . " AND objet=" . sql_quote($objet['objet'])); } } } }
function admin_repair_tables() { $repair = sql_repair('repair', NULL, 'continue'); // recreer les tables manquantes eventuelles include_spip('base/create'); creer_base(); $connexion = $GLOBALS['connexions'][0]; $prefixe = $connexion['prefixe']; $rows = array(); if ($res1 = sql_showbase()) { while ($r = sql_fetch($res1)) { $rows[] = $r; } sql_free($res1); } $res = ""; if (count($rows)) { while ($r = array_shift($rows)) { $tab = array_shift($r); $class = ""; $m = "<strong>{$tab}</strong> "; spip_log("Repare {$tab}", _LOG_INFO_IMPORTANTE); // supprimer la meta avant de lancer la reparation // car le repair peut etre long ; on ne veut pas boucler effacer_meta('admin_repair'); if ($repair) { $result_repair = sql_repair($tab); if (!$result_repair) { return false; } } // essayer de maj la table (creation de champs manquants) maj_tables($tab); $count = sql_countsel($tab); if ($count > 1) { $m .= "(" . _T('texte_compte_elements', array('count' => $count)) . ")\n"; } else { if ($count == 1) { $m .= "(" . _T('texte_compte_element', array('count' => $count)) . ")\n"; } else { $m .= "(" . _T('texte_vide') . ")\n"; } } if ($result_repair and $msg = join(" ", is_resource($result_repair) ? sql_fetch($result_repair) : $result_repair) . ' ' and strpos($msg, ' OK ') === FALSE) { $class = " class='notice'"; $m .= "<br /><tt>" . htmlentities($msg) . "</tt>\n"; } else { $m .= " " . _T('texte_table_ok'); } $res .= "<div{$class}>{$m}</div>"; } } return $res; }
function optimiser_sansref($table, $id, $sel, $and = "") { $in = array(); while ($row = sql_fetch($sel)) { $in[$row['id']] = true; } sql_free($sel); if ($in) { sql_delete($table, sql_in($id, array_keys($in)) . ($and ? " AND {$and}" : "")); spip_log("Numeros des entrees {$id} supprimees dans la table {$table}: {$in}"); } return count($in); }
function urls_migre_urls_segments() { sql_updateq('spip_urls', array('segments' => 1), "segments<1 OR NOT(url REGEXP '\\/')"); $res = sql_select('DISTINCT url', 'spip_urls', "url REGEXP '\\/' AND segments=1"); while ($row = sql_fetch($res)) { $segments = count(explode('/', $row['url'])); sql_updateq('spip_urls', array('segments' => $segments), "url=" . sql_quote($row['url'])); if (time() >= _TIME_OUT) { sql_free($res); return; } } }
/** * Inscrire un nouvel auteur sur la base de son nom et son email * L'email est utilise pour reperer si il existe deja ou non * => identifiant par defaut * * @param string $statut * @param string $mail_complet * @param string $nom * @param array $options * login : login precalcule * id : id_rubrique fournit en second arg de #FORMULAIRE_INSCRIPTION * from : email de l'envoyeur pour l'envoi du mail d'inscription * force_nouveau : forcer le statut nouveau sur l'auteur inscrit, meme si il existait deja en base * @return array|string */ function action_inscrire_auteur_dist($statut, $mail_complet, $nom, $options = array()) { if (!is_array($options)) { $options = array('id' => $options); } if (function_exists('test_inscription')) { $f = 'test_inscription'; } else { $f = 'test_inscription_dist'; } $desc = $f($statut, $mail_complet, $nom, $options); // erreur ? if (!is_array($desc)) { return _T($desc); } include_spip('base/abstract_sql'); $res = sql_select("statut, id_auteur, login, email", "spip_auteurs", "email=" . sql_quote($desc['email'])); // erreur ? if (!$res) { return _T('titre_probleme_technique'); } $row = sql_fetch($res); sql_free($res); if ($row) { if (isset($options['force_nouveau']) and $options['force_nouveau'] == true) { $desc['id_auteur'] = $row['id_auteur']; $desc = inscription_nouveau($desc); } else { $desc = $row; } } else { // s'il n'existe pas deja, creer les identifiants $desc = inscription_nouveau($desc); } // erreur ? if (!is_array($desc)) { return $desc; } // generer le mot de passe (ou le refaire si compte inutilise) $desc['pass'] = creer_pass_pour_auteur($desc['id_auteur']); // attribuer un jeton pour confirmation par clic sur un lien $desc['jeton'] = auteur_attribuer_jeton($desc['id_auteur']); // charger de suite cette fonction, pour ses utilitaires $envoyer_inscription = charger_fonction("envoyer_inscription", ""); list($sujet, $msg, $from, $head) = $envoyer_inscription($desc, $nom, $statut, $options); $notifications = charger_fonction('notifications', 'inc'); notifications_envoyer_mails($mail_complet, $msg, $sujet, $from, $head); // Notifications $notifications('inscription', $desc['id_auteur'], array('nom' => $desc['nom'], 'email' => $desc['email'])); return $desc; }
function get_fields() { global $tbl_users; global $fields, $field_props; array_splice($fields, 0); // clear out any existing field names array_splice($field_props, 0); // and properties $result = sql_query("select * from {$tbl_users} limit 1"); $nfields = sql_num_fields($result); for ($i = 0; $i < $nfields; $i++) { $field_name = sql_field_name($result, $i); $fields[] = $field_name; $field_props[$field_name]['type'] = sql_field_type($result, $i); $field_props[$field_name]['istext'] = $field_props[$field_name]['type'] == 'string' ? true : false; $field_props[$field_name]['isnum'] = preg_match('/(int|real)/', $field_props[$field_name]['type']) ? true : false; $field_props[$field_name]['isbool'] = $field_props[$field_name]['type'] == 'boolean' ? true : false; } sql_free($result); }
<?php // This script should be ran once an hour as a cronjob. // ----------------------------------------------------------------------------- // Update the search cache where needed. $seaResult = sql_query("SELECT `seaObject` FROM `searchcache` " . "WHERE `seaNeedsUpdate` = '1'"); while ($seaData = mysql_fetch_row($seaResult)) { updateSearchCache($seaData[0], true); } sql_free($seaResult); // ----------------------------------------------------------------------------- // Clean up old searches. sql_query("TRUNCATE `search`"); sql_query("TRUNCATE `searchItems`"); /* sql_where( array( "srcSubmitDate<!" => "DATE_SUB( NOW(), INTERVAL 1 HOUR )" )); $srcResult = sql_rowset( "search", "srcid" ); while( $srcData = sql_next( $srcResult )) { sql_where( array( "sriSearch" => $srcData[ "srcid" ])); sql_delete( "searchItems" ); } sql_free( $srcResult ); sql_where( array( "srcSubmitDate<!" => "DATE_SUB( NOW(), INTERVAL 1 HOUR )" )); sql_delete( "search" ); */ // -----------------------------------------------------------------------------
/** * Function used to create collection preview */ function update_collection($array = NULL) { global $db; if ($array == NULL) { $array = $_POST; } if (is_array($_FILES)) { $array = array_merge($array, $_FILES); } $this->validate_form_fields($array); $cid = $array['collection_id']; if (!error()) { $reqFields = $this->load_required_fields($array); $otherFields = $this->load_other_fields($array); $collection_fields = array_merge($reqFields, $otherFields); if ($this->custom_collection_fields > 0) { $collection_fields = array_merge($collection_fields, $this->custom_collection_fields); } foreach ($collection_fields as $field) { $name = formObj::rmBrackets($field['name']); $val = $array[$name]; if ($field['use_func_val']) { $val = $field['validate_function']($val); } if (!empty($field['db_field'])) { $query_field[] = $field['db_field']; } if (is_array($val)) { $new_val = ''; foreach ($val as $v) { $new_val .= "#" . $v . "# "; } $val = $new_val; } if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) { $val = $val; } else { $val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val)); } if (!empty($field['db_field'])) { $query_val[] = $val; } } if (has_access('admin_access', TRUE)) { if (!empty($array['total_comments'])) { $total_comments = $array['total_comments']; if (!is_numeric($total_comments) || $total_comments < 0) { $total_comments = 0; } $query_field[] = "total_comments"; $query_val[] = $total_comments; } if (!empty($array['total_objects'])) { $tobj = $array['total_objects']; if (!is_numeric($tobj) || $tobj < 0) { $tobj = 0; } $query_field[] = "total_objects"; $query_val[] = $tobj; } } } if (!error()) { if (!userid()) { e(lang("you_not_logged_in")); } elseif (!$this->collection_exists($cid)) { e(lang("collect_not_exist")); } elseif (!$this->is_collection_owner($cid, userid()) && !has_access('admin_access', TRUE)) { e(lang("cant_edit_collection")); } else { $db->update(tbl($this->section_tbl), $query_field, $query_val, " collection_id = {$cid}"); e(lang("collection_updated"), "m"); if (!empty($array['collection_thumb']['tmp_name'])) { $this->upload_thumb($cid, $array['collection_thumb']); } } } }
if (isset($_POST["summary"])) { sql_values(array("hlpSummary" => $_POST["summary"], "hlpCategory" => $_POST["category"], "hlpSubmitDate!" => "NOW()", "hlpSubmitter" => $_auth["useid"], "hlpReferenceType" => $_POST["referenceType"], "hlpReferenceId" => $_POST["referenceID"], "hlpOwner" => getRequestRefOwner($_POST["referenceType"], $_POST["referenceID"]))); $helpdeskItem = sql_insert("helpdesk"); addRequestDetail($helpdeskItem, "publicDetail", "publicFile", "all"); addRequestDetail($helpdeskItem, "privateDetail", "privateFile", "submitter"); redirect(url("helpdesk")); } $requestCat = strtolower($_cmd[2]); $requestRef = strtolower($_cmd[3]); $requestRefId = intval($_cmd[4]); $cats = array(); $catsResult = sql_rowset("helpdeskCats"); while ($catsData = sql_next($catsResult)) { $cats[$catsData["hdcid"]] = array("name" => $catsData["hdcName"], "type" => $catsData["hdcType"]); } sql_free($catsResult); ?> <div class="header"> Add a Request </div> <form action="<?php echo url("."); ?> " enctype="multipart/form-data" method="post"> <div class="container2 mar_bottom"> <table cellspacing="15" cellpadding="0" border="0"> <tr> <td valign="bottom" width="50%"> <div class="mar_bottom"> <?php echo getIMG(url() . "images/emoticons/a-left.png");
echo "</fieldset>\n"; echo "</form>\n"; echo "</div>\n"; } // PHASE 2: Output the results, if called with parameters: if ($phase == 2) { if ($nmatch == 0 && !$cli_mode && $output_format == OUTPUT_HTML) { if ($ajax) { echo json_encode($json_data); } else { echo "<p class=\"report_entries\">" . get_vocab("nothing_found") . "</p>\n"; } sql_free($res); } elseif ($combination_not_supported) { echo "<p>" . get_vocab("combination_not_supported") . "</p>\n"; sql_free($res); } else { if ($output_format == OUTPUT_ICAL) { // We set $keep_private to FALSE here because we excluded all private // events in the SQL query export_icalendar($res, FALSE, $report_end); exit; } if ($output_format == OUTPUT_HTML && !$ajax) { echo "<p class=\"report_entries\"><span id=\"n_entries\">" . $nmatch . "</span> " . ($nmatch == 1 ? get_vocab("entry_found") : get_vocab("entries_found")) . "</p>\n"; } // Report if ($output == REPORT) { open_report(); report_header(); $body_rows = array();
function inscrire_visiteur_candidatures_fraap($statut, $mail_complet, $nom, $prenom, $activite, $pass, $options = array()) { if (!is_array($options)) { $options = array('id' => $options); } include_spip('action/inscrire_auteur'); if (function_exists('test_inscription')) { $f = 'test_inscription'; } else { $f = 'test_inscription_dist'; } $desc = $f($statut, $mail_complet, $nom, $options); if (!is_array($desc)) { return _T($desc); } // ajouter les arguments restants $desc['prenom'] = $prenom; $desc['activite'] = $activite; $desc['pass'] = $pass; include_spip('base/abstract_sql'); $res = sql_select("statut, id_auteur, login, email", "spip_auteurs", "email=" . sql_quote($desc['email'])); // erreur ? if (!$res) { return _T('titre_probleme_technique'); } $row = sql_fetch($res); sql_free($res); if ($row) { if (isset($options['force_nouveau']) and $options['force_nouveau'] == true) { $desc['id_auteur'] = $row['id_auteur']; $desc = inscription_nouveau($desc); } else { $desc = $row; } } else { // s'il n'existe pas deja, creer les identifiants $desc = inscription_nouveau($desc); } if (!is_array($desc)) { return $desc; } // le mot de passe a été saisi par le visiteur, // donc on ne fait rien ici // generer le mot de passe (ou le refaire si compte inutilise) // $desc['pass'] = creer_pass_pour_auteur($desc['id_auteur']); // attribuer un jeton pour confirmation par clic sur un lien $desc['jeton'] = auteur_attribuer_jeton($desc['id_auteur']); // ajouter la zone restreinte stages sql_insertq("spip_zones_liens", array('id_zone' => '1', "id_objet" => $desc['id_auteur'], "objet" => "auteur")); // charger de suite cette fonction, pour ses utilitaires $envoyer_inscription = charger_fonction("envoyer_inscription_fraap_candidatures", "action"); list($sujet, $msg, $from, $head) = $envoyer_inscription($desc, $nom, $prenom, $statut, $options); $notifications = charger_fonction('notifications', 'inc'); notifications_envoyer_mails($mail_complet, $msg, $sujet, $from, $head); // Notifications $notifications('inscription', $desc['id_auteur'], array('nom' => $desc['nom'], 'email' => $desc['email'])); return $desc; }
function putTagList($title, $order) { ?> <div style="margin-left : 2em;"> <?php echo $title; ?> : </div> <ul style="margin : 0.3em 1.2em; padding : 0; padding-left : 2em;"> <?php sql_order($order); sql_where(array("hftCount>" => 0)); $tagResult = sql_rowset("helpdeskFAQTags"); while ($tagData = sql_next($tagResult)) { $url = url("helpdesk/faq/tag", array("tag" => $tagData["hftName"])); ?> <li><a href="<?php echo $url; ?> "><?php echo $tagData["hftName"]; ?> </a> (<?php echo $tagData["hftCount"]; ?> )</li><?php } sql_free($tagResult); ?> </ul> <?php }
function sql_version() { $r = sql_query("select version()"); $v = sql_row($r, 0); sql_free($r); return "MySQL {$v['0']}"; }
/** * Pour eviter le recours a un verrou (qui bloque l'acces a la base), * on commence par inserer systematiquement la signature * puis on demande toutes celles ayant la propriete devant etre unique * (mail ou site). S'il y en a plus qu'une on les retire sauf la premiere * En cas d'acces concurrents il y aura des requetes de retraits d'elements * deja detruits. Bizarre ? C'est mieux que de bloquer! * * http://doc.spip.org/@signature_entrop * * @param string $where * @return array */ function signature_entrop($where) { $entrop = array(); $where .= " AND statut='publie'"; $res = sql_select('id_signature', 'spip_signatures', $where, '', "date_time desc"); $n = sql_count($res); if ($n > 1) { while ($r = sql_fetch($res)) { $entrop[] = $r['id_signature']; } // garder la premiere signature array_shift($entrop); } sql_free($res); if (count($entrop)) { sql_delete('spip_signatures', sql_in('id_signature', $entrop)); } return $entrop; }
function convert_table_utf8($f, $table, $champ) { echo "<br /><b>$table</b> "; $s = spip_query("SELECT * FROM $table WHERE $champ LIKE '<CONVERT %'"); // recuperer 'id_article' (encore un truc a faire dans table_objet) preg_match(',^spip_(.*?)s?$,', $table, $r); $id_champ = 'id_'.$r[1]; if ($table == 'spip_petitions') $id_champ = 'id_article'; if ($table == 'spip_groupes_mots') $id_champ = 'id_groupe'; // lire les donnees dans un array while ($t = sql_fetch($s)) { $query = array(); $query_no_convert = ''; $query_extra = ''; $charset_source='AUTO'; foreach ($t as $c => $v) { if ($c == $champ) { preg_match(',^<CONVERT (.*?)>,', $v, $reg); $v = substr($v, strlen($reg[0])); $charset_source = $reg[1]; $query[] = "$c=" . sql_quote($v); } else { if (!is_numeric($v) AND !is_ascii($v)) { // traitement special car donnees serializees if ($c == 'extra') { $query_no_convert .= ", $c=".sql_quote($v); $query_extra = convert_extra($v, $charset_source); } else $query[] = "$c=" . sql_quote($v); } else # pour le backup $query_no_convert .= ", $c=".sql_quote($v); } } $set = join(', ', $query); $where = "$id_champ = ".$t[$id_champ]; // On l'enregistre telle quelle sur le fichier de sauvegarde if ($f) fwrite($f, "UPDATE $table SET $set$query_no_convert" ." WHERE $where;\n" ); // Mais on la transcode // en evitant une double conversion if ($charset_source != 'utf-8') { $query = "UPDATE $table SET " . unicode_to_utf_8(charset2unicode($set, $charset_source)) . $query_extra . " WHERE $where AND $champ LIKE '<CONVERT %'"; #echo $query; spip_query($query); echo '. '; flush(); } } sql_free($s); }
/** * Function used to validate signup form */ function signup_user($array = NULL, $send_signup_email = true) { global $LANG, $db, $userquery; if ($array == NULL) { $array = $_POST; } if (is_array($_FILES)) { $array = array_merge($array, $_FILES); } $this->validate_form_fields($array); //checking terms and policy agreement if ($array['agree'] != 'yes' && !has_access('admin_access', true)) { e(lang('usr_ament_err')); } if (!verify_captcha()) { e(lang('usr_ccode_err')); } if (!error()) { $signup_fields = $this->load_signup_fields($array); //Adding Custom Signup Fields if (count($this->custom_signup_fields) > 0) { $signup_fields = array_merge($signup_fields, $this->custom_signup_fields); } foreach ($signup_fields as $field) { $name = formObj::rmBrackets($field['name']); $val = $array[$name]; if ($field['use_func_val']) { $val = $field['validate_function']($val); } //Overrides use_func_val if ($field['value_function'] && function_exists($field['value_function'])) { $val = $field['value_function']($val); } if (!empty($field['db_field'])) { $query_field[] = $field['db_field']; } if (is_array($val)) { $new_val = ''; foreach ($val as $v) { $new_val .= "#" . $v . "# "; } $val = $new_val; } if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) { $val = mysql_clean($val); } else { $val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val)); } if (!empty($field['db_field'])) { $query_val[] = $val; } } // Setting Verification type if (EMAIL_VERIFICATION == '1') { $status = 'unverified'; $welcome_email = 'no'; } else { $status = 'verified'; $welcome_email = 'yes'; } if (config('user_moderation') == 'yes') { $active = 'no'; } else { $active = 'yes'; } if (has_access('admin_access', true)) { if ($array['status'] == 'verified') { $status = 'verified'; $welcome_email = 'yes'; } else { $status = 'unverified'; $welcome_email = 'no'; } if ($array['active'] == 'yes') { $active = 'yes'; } else { $active = 'yes'; } $query_field[] = "level"; $query_val[] = $array['level']; } $query_field[] = "status"; $query_val[] = $status; $query_field[] = "active"; $query_val[] = $active; $query_field[] = "\twelcome_email_sent"; $query_val[] = $welcome_email; //Creating AV Code $avcode = RandomString(10); $query_field[] = "avcode"; $query_val[] = $avcode; //Signup IP $signup_ip = $_SERVER['REMOTE_ADDR']; $query_field[] = "signup_ip"; $query_val[] = $signup_ip; //Date Joined $now = NOW(); $query_field[] = "doj"; $query_val[] = $now; /** * A VERY IMPORTANT PART OF * OUR SIGNUP SYSTEM IS * SESSION KEY AND CODE * WHEN A USER IS LOGGED IN * IT IS ONLY VALIDATED BY * ITS SIGNUP KEY AND CODE * */ $sess_key = $this->create_session_key($_COOKIE['PHPSESSID'], $array['password']); $sess_code = $this->create_session_code(); $query_field[] = "user_session_key"; $query_val[] = $sess_key; $query_field[] = "user_session_code"; $query_val[] = $sess_code; $query = "INSERT INTO " . tbl("users") . " ("; $total_fields = count($query_field); //Adding Fields to query $i = 0; foreach ($query_field as $qfield) { $i++; $query .= $qfield; if ($i < $total_fields) { $query .= ','; } } $query .= ") VALUES ("; $i = 0; //Adding Fields Values to query foreach ($query_val as $qval) { $i++; $query .= "'{$qval}'"; if ($i < $total_fields) { $query .= ','; } } //Finalzing Query $query .= ")"; $db->Execute($query); $insert_id = $db->insert_id(); $db->insert(tbl($userquery->dbtbl['user_profile']), array("userid"), array($insert_id)); if (!has_access('admin_access', true) && EMAIL_VERIFICATION && $send_signup_email) { global $cbemail; $tpl = $cbemail->get_template('email_verify_template'); $more_var = array('{username}' => post('username'), '{password}' => post('password'), '{email}' => post('email'), '{avcode}' => $avcode); if (!is_array($var)) { $var = array(); } $var = array_merge($more_var, $var); $subj = $cbemail->replace($tpl['email_template_subject'], $var); $msg = nl2br($cbemail->replace($tpl['email_template'], $var)); //Now Finally Sending Email //cbmail(array('to'=>post('email'),'from'=>WEBSITE_EMAIL,'subject'=>$subj,'content'=>$msg)); } elseif (!has_access('admin_access', true) && $send_signup_email) { //$this->send_welcome_email($insert_id); } $log_array = array('username' => $array['username'], 'userid' => $insert_id, 'userlevel' => $array['level'], 'useremail' => $array['email'], 'success' => 'yes', 'details' => sprintf("%s signed up", $array['username'])); //Login Signup insert_log('signup', $log_array); //Adding User has Signup Feed addFeed(array('action' => 'signup', 'object_id' => $insert_id, 'object' => 'signup', 'uid' => $insert_id)); return $insert_id; } return false; }
function sql_version() { $r = sql_query("select version()"); $v = sql_row($r, 0); sql_free($r); return $v[0]; }
/** * Update Photo */ function update_photo($array = NULL) { global $db; if ($array == NULL) { $array = $_POST; } $this->validate_form_fields($array); $pid = $array['photo_id']; $cid = $this->get_photo_field($pid, 'collection_id'); if (!error()) { $reqFields = $this->load_required_forms($array); $otherFields = $this->load_other_forms($array); $fields = array_merge($reqFields, $otherFields); foreach ($fields as $field) { $name = formObj::rmBrackets($field['name']); $val = $array[$name]; if ($field['use_func_val']) { $val = $field['validate_function']($val); } if (!empty($field['db_field'])) { $query_field[] = $field['db_field']; } if (is_array($val)) { $new_val = ''; foreach ($val as $v) { $new_val .= "#" . $v . "# "; } $val = $new_val; } if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) { $val = $val; } else { $val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val)); } if (!empty($field['db_field'])) { $query_val[] = $val; } } if (has_access('admin_access', TRUE)) { if (isset($array['views'])) { $query_field[] = 'views'; $query_val[] = $array['views']; } if (isset($array['total_comments'])) { $query_field[] = "total_comments"; $query_val[] = $array['total_comments']; } if (isset($array['total_favorites'])) { $query_field[] = "total_favorites"; $query_val[] = $array['total_favorites']; } if (isset($array['downloaded'])) { $query_field[] = "downloaded"; $query_val[] = $array['downloaded']; } if (isset($array['voters'])) { $query_field[] = "voters"; $query_val[] = $array['voters']; } } if (!error()) { if (!userid()) { e(lang("you_not_logged_in")); } elseif (!$this->photo_exists($pid)) { e(lang("photo_not_exists")); } elseif ($this->get_photo_owner($pid) != userid() && !has_access('admin_access', TRUE)) { e(lang("cant_edit_photo")); } else { if ($cid != $array['collection_id']) { $this->collection->change_collection($array['collection_id'], $pid, $cid); } $db->update(tbl('photos'), $query_field, $query_val, " photo_id='{$pid}'"); e(lang("photo_updated_successfully"), "m"); } } } }
/** * Function used add new topic in group * @param ARRAY details */ function add_topic($array, $redirect_to_topic = false) { global $db; if ($array == NULL) { $array = $_POST; } if (is_array($_FILES)) { $array = array_merge($array, $_FILES); } $fields = $this->load_add_topic_form_fields($array); validate_cb_form($fields, $array); $user = userid(); if (!error()) { foreach ($fields as $field) { $name = formObj::rmBrackets($field['name']); $val = $array[$name]; if ($field['use_func_val']) { $val = $field['validate_function']($val); } if (!empty($field['db_field'])) { $query_field[] = $field['db_field']; } if (is_array($val)) { $new_val = ''; foreach ($val as $v) { $new_val .= "#" . $v . "# "; } $val = $new_val; } if (!$field['clean_func'] || !apply_func($field['clean_func'], $val) && !is_array($field['clean_func'])) { $val = $val; } else { $val = apply_func($field['clean_func'], sql_free($val)); } if (empty($val) && !empty($field['default_value'])) { $val = $field['default_value']; } if (!empty($field['db_field'])) { $query_val[] = $val; } } } $gp_details = $this->get_group_details($array['group_id']); //Checking for weather user is allowed to post topics or not $this->validate_posting_previlige($gp_details); if (!error()) { //Adding Topic icon $query_field[] = "topic_icon"; $query_val[] = $array['topic_icon']; //UID $query_field[] = "userid"; $query_val[] = $user; //DATE ADDED $query_field[] = "date_added"; $query_val[] = now(); $query_field[] = "last_post_time"; $query_val[] = now(); //GID $query_field[] = "group_id"; $query_val[] = $array['group_id']; //Checking If posting requires approval or not $query_field[] = "approved"; if ($gp_details['post_type'] == 1) { $query_val[] = "no"; } else { $query_val[] = "yes"; } //Inserting IN Database now $db->insert(tbl($this->gp_topic_tbl), $query_field, $query_val); $insert_id = $db->insert_id(); //Increasing Group Topic Counts $count_topics = $this->count_group_topics($array['group_id']); $db->update(tbl($this->gp_tbl), array("total_topics"), array($count_topics), " group_id='" . $array['group_id'] . "'"); //leaving msg e(lang("grp_tpc_msg"), "m"); //Redirecting to topic if ($redirect_to_topic) { $grp_details = $this->get_details($insert_id); redirect_to(group_link($grp_details)); } return $insert_id; } }
/** * Function used to update playlist details */ function edit_playlist($array = null) { global $db; if (is_null($array)) { $array = $_POST; } $name = mysql_clean($array['name']); $pdetails = $this->get_playlist($array['pid'] ? $array['pid'] : $array['list_id']); if (!$pdetails) { e(lang("playlist_not_exist")); } elseif (!userid()) { e(lang("you_not_logged_in")); } elseif ($this->playlist_exists($name, userid(), $this->type)) { e(sprintf(lang("play_list_with_this_name_arlready_exists"), $name)); } else { $upload_fields = $this->load_playlist_fields($array); $fields = array(); foreach ($upload_fields as $group) { $fields = array_merge($fields, $group['fields']); } validate_cb_form($fields, $array); if (!error()) { foreach ($fields as $field) { $name = formObj::rmBrackets($field['name']); $val = $array[$name]; if ($field['use_func_val']) { $val = $field['validate_function']($val); } if (is_array($val)) { $new_val = ''; foreach ($val as $v) { $new_val .= "#" . $v . "# "; } $val = $new_val; } if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) { $val = $val; } else { $val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val)); } if (!empty($field['db_field'])) { $query_values[$name] = $val; } } if (has_access('admin_access')) { if (isset($array['played']) and !empty($array['played'])) { $query_values['played'] = $array['played']; } } $query_values['last_update'] = NOW(); $db->update(tbl('playlists'), array_keys($query_values), array_values($query_values), " playlist_id = '" . $pdetails['playlist_id'] . "' "); $array['playlist_id'] = $array['pid'] ? $array['pid'] : $array['list_id']; cb_do_action('update_playlist', array('object_id' => $array['pid'] ? $array['pid'] : $array['list_id'], 'results' => $array)); } /*$db->update(tbl($this->playlist_tbl),array("playlist_name"), array($name)," playlist_id='".$params['pid']."'");*/ e(lang("play_list_updated"), "m"); } }
/** * Synchroniser les fichiers htpasswd * * @param int $id_auteur * @param array $champs * @param array $options * all=>true permet de demander la regeneration complete des acces apres operation en base (import, upgrade) * @param string $serveur * @return void */ function auth_spip_synchroniser_distant($id_auteur, $champs, $options = array(), $serveur = '') { // ne rien faire pour une base distante : on ne sait pas regenerer les htaccess if (strlen($serveur)) { return; } // si un login, pass ou statut a ete modifie // regenerer les fichier htpass if (isset($champs['login']) or isset($champs['pass']) or isset($champs['statut']) or isset($options['all']) and $options['all']) { $htaccess = _DIR_RESTREINT . _ACCESS_FILE_NAME; $htpasswd = _DIR_TMP . _AUTH_USER_FILE; // Cette variable de configuration peut etre posee par un plugin // par exemple acces_restreint ; // si .htaccess existe, outrepasser spip_meta if ($GLOBALS['meta']['creer_htpasswd'] != 'oui' and !@file_exists($htaccess)) { spip_unlink($htpasswd); spip_unlink($htpasswd . "-admin"); return; } # remarque : ici on laisse passer les "nouveau" de maniere a leur permettre # de devenir redacteur le cas echeant (auth http)... a nettoyer // attention, il faut au prealable se connecter a la base (necessaire car utilise par install) $p1 = ''; // login:htpass pour tous $p2 = ''; // login:htpass pour les admins $s = sql_select("login, htpass, statut", "spip_auteurs", sql_in("statut", array('1comite', '0minirezo', 'nouveau'))); while ($t = sql_fetch($s)) { if (strlen($t['login']) and strlen($t['htpass'])) { $p1 .= $t['login'] . ':' . $t['htpass'] . "\n"; if ($t['statut'] == '0minirezo') { $p2 .= $t['login'] . ':' . $t['htpass'] . "\n"; } } } sql_free($s); if ($p1) { ecrire_fichier($htpasswd, $p1); ecrire_fichier($htpasswd . '-admin', $p2); spip_log("Ecriture de {$htpasswd} et {$htpasswd}-admin"); } } }
function submit_upload($array = NULL) { global $eh, $Cbucket, $db, $userquery; if (!$array) { $array = $_POST; } $this->validate_video_upload_form($array, TRUE); if (empty($eh->error_list)) { $required_fields = $this->loadRequiredFields($array); $location_fields = $this->loadLocationFields($array); $option_fields = $this->loadOptionFields($array); $upload_fields = array_merge($required_fields, $location_fields, $option_fields); //Adding Custom Upload Fields if (count($this->custom_upload_fields) > 0) { $upload_fields = array_merge($upload_fields, $this->custom_upload_fields); } //Adding Custom Form Fields if (count($this->custom_form_fields) > 0) { $upload_fields = array_merge($upload_fields, $this->custom_form_fields); } $userid = userid(); if (!userid() && has_access('allow_video_upload', true, false)) { $userid = $userquery->get_anonymous_user(); //$userid = $user['userid']; } elseif (userid() && !has_access('allow_video_upload', true, true)) { return false; } if (is_array($_FILES)) { $array = array_merge($array, $_FILES); } foreach ($upload_fields as $field) { $name = formObj::rmBrackets($field['name']); $val = $array[$name]; if ($field['use_func_val']) { $val = $field['validate_function']($val); } if (!empty($field['db_field'])) { $query_field[] = $field['db_field']; } if (is_array($val)) { $new_val = ''; foreach ($val as $v) { $new_val .= "#" . $v . "# "; } $val = $new_val; } if (!$field['clean_func'] || !apply_func($field['clean_func'], $val) && !is_array($field['clean_func'])) { $val = mysql_clean($val); } else { $val = apply_func($field['clean_func'], sql_free($val)); } if (empty($val) && !empty($field['default_value'])) { $val = $field['default_value']; } if (!empty($field['db_field'])) { $query_val[] = $val; } } //Adding Video Code $query_field[] = "file_name"; $file_name = mysql_clean($array['file_name']); $query_val[] = $file_name; //ADding Video Key $query_field[] = "videokey"; $query_val[] = $this->video_keygen(); //Userid $query_field[] = "userid"; if (!$array['userid']) { $query_val[] = $userid; } else { $query_val[] = $array['userid']; } //Upload Ip $query_field[] = "uploader_ip"; $query_val[] = $_SERVER['REMOTE_ADDR']; $activation = ACTIVATION; //Setting Activation Option if ($activation == 0) { $active = 'yes'; } else { $active = 'no'; } $query_field[] = "active"; $query_val[] = $active; $query_field[] = "date_added"; $query_val[] = now(); $query_field[] = 'file_directory'; $query_val[] = $array['file_directory']; /*$query = "INSERT INTO " . tbl("video") . " ("; $total_fields = count($query_field); //Adding Fields to query $i = 0; foreach ($query_field as $qfield) { $i++; $query .= $qfield; if ($i < $total_fields) $query .= ','; } $query .= ") VALUES ("; $i = 0; //Adding Fields Values to query foreach ($query_val as $qval) { $i++; $query .= "'$qval'"; if ($i < $total_fields) $query .= ','; } //Finalzing Query $query .= ")"; */ $the_fields = array(); $total_fields = count($query_field); for ($i = 0; $i < $total_fields; $i++) { $the_fields[$query_field[$i]] = $query_val[$i]; } //exit($query); if (!userid() && !has_access('allow_video_upload', false, false)) { e(lang("you_not_logged_in")); //exit(); } else { $insert_id = file_name_exists($file_name); if (!$insert_id) { //$db->Execute($query); $insert_id = db_insert(tbl('video'), $the_fields); //loggin Upload $log_array = array('success' => 'yes', 'action_obj_id' => $insert_id, 'userid' => $userid, 'details' => "uploaded a video"); insert_log('upload_video', $log_array); $db->update(tbl("users"), array("total_videos"), array("|f|total_videos+1"), " userid='" . $userid . "'"); } } } //Adding Video Feed //addFeed(array('action' => 'upload_video', 'object_id' => $insert_id, 'object' => 'video')); return $insert_id; }
echo $objData["objid"]; ?> " /> <a target="_blank" href="<?php echo url("view/" . $objData["objid"]); ?> "> <?php echo $objData["objTitle"]; ?> </a> </div> <?php } } sql_free($result); ?> <div class="sep"> <u>Note</u>: you can only purge trash that has been in the trashcan for <b>at least 30 days</b>. </div> <div class="sep"> Purging removes all related files from the server and all the comments attached to submissions. </div> <?php if ($showForm) { ?> <div class="sep"> <b>This cannot be undone!</b> </div> <div class="sep"> <input type="submit" class="submit" name="submit" value="Purge" />
function ecrire_meta($nom, $valeur, $importable = NULL, $table = 'meta') { static $touch = array(); if (!$nom) { return; } include_spip('base/abstract_sql'); $res = sql_select("*", 'spip_' . $table, "nom=" . sql_quote($nom), '', '', '', '', '', 'continue'); // table pas encore installee, travailler en php seulement if (!$res) { $GLOBALS[$table][$nom] = $valeur; return; } $row = sql_fetch($res); sql_free($res); // ne pas invalider le cache si affectation a l'identique // (tant pis si impt aurait du changer) if ($row and $valeur == $row['valeur'] and $GLOBALS[$table][$nom] == $valeur) { return; } $GLOBALS[$table][$nom] = $valeur; // cf effacer pour comprendre le double touch $antidate = time() - (_META_CACHE_TIME << 1); if (!isset($touch[$table])) { touch_meta($antidate, $table); } $r = array('nom' => $nom, 'valeur' => $valeur); // Gaffe aux tables sans impt (vieilles versions de SPIP notamment) if ($importable and isset($row['impt'])) { $r['impt'] = $importable; } if ($row) { sql_updateq('spip_' . $table, $r, "nom=" . sql_quote($nom)); } else { sql_insertq('spip_' . $table, $r); } if (!isset($touch[$table])) { touch_meta($antidate, $table); $touch[$table] = false; } }
/** * Implementation securisee du saut en avant * pour la balise #SAUTER * * @param resource $res * @param int $pos * @param int $nb * @param int $total */ function spip_bonux_sauter(&$res, &$pos, $nb, $total){ // pas de saut en arriere qu'on ne sait pas faire sans sql_seek if (($nb=intval($nb))<=0) return; $saut = $pos + $nb; // si le saut fait depasser le maxi, on libere et on sort if ($saut>=$total) {sql_free($res); return;} if (sql_seek($res, $saut)) $pos += $nb; else while ($pos<$saut AND sql_fetch($res)) $pos++; return; }
/** * Function used to update video */ function update_video($array = NULL) { global $eh, $Cbucket, $db, $Upload; $Upload->validate_video_upload_form(NULL, TRUE); if (empty($eh->error_list)) { $required_fields = $Upload->loadRequiredFields($array); $location_fields = $Upload->loadLocationFields($array); $option_fields = $Upload->loadOptionFields($array); $upload_fields = array_merge($required_fields, $location_fields, $option_fields); //Adding Custom Upload Fields if (count($Upload->custom_upload_fields) > 0) { $upload_fields = array_merge($upload_fields, $Upload->custom_upload_fields); } //Adding Custom Form Fields if (count($Upload->custom_form_fields) > 0) { $upload_fields = array_merge($upload_fields, $Upload->custom_form_fields); } //Adding custom fields from group if (count($Upload->custom_form_fields_groups) > 0) { $custom_fields_from_group_fields = array(); $custom_fields_from_group = $Upload->custom_form_fields_groups; foreach ($custom_fields_from_group as $cffg) { $custom_fields_from_group_fields = array_merge($custom_fields_from_group_fields, $cffg['fields']); } $upload_fields = array_merge($upload_fields, $custom_fields_from_group_fields); } if (!$array) { $array = $_POST; } $vid = $array['videoid']; $the_video = get_video_details($vid); if (is_array($_FILES)) { $array = array_merge($array, $_FILES); } foreach ($upload_fields as $field) { $name = formObj::rmBrackets($field['name']); $val = $array[$name]; if (empty($val) && $field['use_if_value']) { } else { if ($field['use_func_val']) { $val = $field['validate_function']($val); } if (!empty($field['db_field'])) { $query_field[] = $field['db_field']; } if (is_array($val)) { $new_val = ''; foreach ($val as $v) { $new_val .= "#" . $v . "# "; } $val = $new_val; } if (!$field['clean_func'] || !apply_func($field['clean_func'], $val) && !is_array($field['clean_func'])) { $val = $val; } else { $val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val)); } if (!empty($field['db_field'])) { $query_val[] = $val; } } } #$query = "INSERT INTO video ("; $total_fields = count($query_field); /* for($key=0;$key<$total_fields;$key++) { $query .= query_field[$key]." = '".$query_val[$key]."'" ; if($key<$total_fields-1) $query .= ','; } */ if (has_access('admin_access', TRUE)) { if (!empty($array['status'])) { $query_field[] = 'status'; $query_val[] = $array['status']; } if (!empty($array['duration']) && is_numeric($array['duration']) && $array['duration'] > 0) { $query_field[] = 'duration'; $query_val[] = $array['duration']; } if (!empty($array['views'])) { $query_field[] = 'views'; $query_val[] = $array['views']; } if (!empty($array['rating'])) { $query_field[] = 'rating'; $rating = $array['rating']; if (!is_numeric($rating) || $rating < 0 || $rating > 10) { $rating = 1; } $query_val[] = $rating; } if (!empty($array['rated_by'])) { $query_field[] = 'rated_by'; $query_val[] = $array['rated_by']; } } if (!userid()) { e(lang("you_dont_have_permission_to_update_this_video")); } elseif (!$this->video_exists($vid)) { e(lang("class_vdo_del_err")); } elseif (!$this->is_video_owner($vid, userid()) && !has_access('admin_access', TRUE)) { e(lang("no_edit_video")); } else { //pr($upload_fields); //Updating Slug if (config('auto_update_slug') != 'no' || !$the_video['slug']) { if ($the_video['title'] != $array['title']) { $slug = slug($array['title']); if ($the_video['slug'] != $slug) { $db->update(tbl('slugs'), array('in_use'), array('no'), "object_id='{$vid}' AND object_type='v' "); $slug_arr = add_slug($slug, $vid, 'v'); $query_field[] = 'slug_id'; $query_val[] = $slug_arr['id']; } } } $db->update(tbl('video'), $query_field, $query_val, " videoid='{$vid}'"); call_actions('update_video', array('videoid' => $vid, 'data' => $array)); //echo $db->db_query; e(lang("class_vdo_update_msg"), 'm'); } } }
/** * Implémentation sécurisée du saut en avant. * * Ne dépend pas de la disponibilité de la fonction `sql_seek()`. * Ne fait rien pour une valeur négative ou nulle de `$saut`. * Retourne la position après le saut * * @see sql_seek() * * @param resource $res * Ressource issue d'une selection sql_select * @param int $pos * position courante * @param int $saut * saut demande * @param int $count * position maximale * (nombre de resultat de la requete OU position qu'on ne veut pas depasser) * @param string $serveur * Nom du connecteur * @param bool|string $option * Peut avoir 2 valeurs : * - true -> executer la requete * - continue -> ne pas echouer en cas de serveur sql indisponible * * @return int * Position apres le saut. */ function sql_skip($res, $pos, $saut, $count, $serveur = '', $option = true) { // pas de saut en arriere qu'on ne sait pas faire sans sql_seek if (($saut = intval($saut)) <= 0) { return $pos; } $seek = $pos + $saut; // si le saut fait depasser le maxi, on libere la resource // et on sort if ($seek >= $count) { sql_free($res, $serveur, $option); return $count; } if (sql_seek($res, $seek)) { $pos = $seek; } else { while ($pos < $seek and sql_fetch($res, $serveur, $option)) { $pos++; } } return $pos; }
/** * liberer les ressources * * @return bool */ public function free() { if (!$this->sqlresult) { return true; } $a = sql_free($this->sqlresult, $this->command['connect']); $this->sqlresult = null; return $a; }
<? // print htmlspecialchars("SELECT a.id_pool, a.assessment, a.inconsistant, count(*) n, sum(if(in_pool='Y' and assessment='U',1,0)) pt, sum(if(in_pool='Y' and assessment<>'U',1,0)) pd FROM $db_assessments a, $db_pools p where p.state='$view_state' AND p.id_pool = a.id_pool GROUP BY id_pool, assessment, inconsistant"); $qh_pools = sql_query("SELECT id_pool FROM $db_pools WHERE state='$view_state' "); while ($pool = sql_fetch_array($qh_pools)) { $qh = sql_query("SELECT id_pool, assessment, inconsistant, count(*) n, sum(if(in_pool='Y' and assessment='U',1,0)) pt, sum(if(in_pool='Y' and assessment<>'U',1,0)) pd FROM $db_assessments where id_pool = $pool[id_pool] GROUP BY id_pool, assessment, inconsistant"); while ($row = sql_fetch_array($qh)) { $a = ($row["inconsistant"] == 'Y' ? 'I' : $row["assessment"]); $pools[$pool["id_pool"]][$a] += $row["n"]; $pools[$pool["id_pool"]]["total"] += $row["n"]; $pools[$pool["id_pool"]]["pd"] += $row["pd"]; $pools[$pool["id_pool"]]["pt"] += $row["pt"]; } sql_free($qh); } sql_free($qh_pools); $qh = sql_query("SELECT * FROM $db_pools where state='$view_state' order by id_pool"); ?> <script language="javascript"> function get_element(id) { var e = document.getElementById(id); if (!e) { alert("Element with id " + id + " can't be found"); return; } return e; } function hidepanel(id) { get_element(id).style.visibility = "hidden"; } function show(id) {
include_once "include/xrai.inc"; make_header("Home"); print "<h1>Choose a pool</h1>"; $qh = do_query("select * from {$db_pools} " . ($is_root ? "" : " where login='******' ") . " order by id_pool"); print "<ul>"; while ($row = mysql_fetch_array($qh)) { $name = "Pool for topic {$row['id_topic']}" . ($is_root ? " ({$row['login']})" : ""); print "<li><a href='pool.php?id_pool={$row['id_pool']}'>{$name}</a></li>"; } print "</ul>"; mysql_free_result($qh); ?> <h1>Browse the collections</h1> <?php $ch = sql_query("SELECT id, title from collections order by id"); while ($row = sql_fetch_array($ch)) { print "<div>"; print " <a id='{$row['id']}' href=\"collections/{$row['id']}\">" . htmlspecialchars($row["title"]) . "</a>"; print "</div>"; } sql_free($ch); ?> </body> </html>