static function deleteQuery($id)
{
$id = sqlescape($id);
// Find all the stream content related to this query
$q = sqlquery("SELECT item FROM btx_social_feed_stream_queries WHERE `query` = '{$id}'");
while ($f = sqlfetch($q)) {
// See if the item is related to more than one query
$r = sqlrows(sqlquery("SELECT `query` FROM btx_social_feed_stream_queries WHERE `item` = '" . $f["item"] . "'"));
// If this is the only query related to the content, delete it.
if ($r == 1) {
BigTreeAutoModule::deleteItem("btx_social_feed_stream", $f["item"]);
}
}
// Delete the query itself -- foreign key constraints will delete the reference table
BigTreeAutoModule::deleteItem("btx_social_feed_queries", $id);
}
function getPageCount($perpage = 15, $where = false)
{
// Backwards compatibility with old argument order
if (!is_numeric($perpage)) {
$saved = $perpage;
$perpage = is_numeric($where) ? $where : 15;
$where = $saved;
}
if ($where) {
$query = "SELECT id FROM `" . $this->Table . "` WHERE {$where}";
} else {
$query = "SELECT id FROM `" . $this->Table . "`";
}
$pages = ceil(sqlrows(sqlquery($query)) / $perpage);
if ($pages == 0) {
$pages = 1;
}
return $pages;
}
foreach ($json["components"]["module_groups"] as &$group) {
if ($group) {
$bigtree["group_match"][$group["id"]] = $admin->createModuleGroup($group["name"]);
// Update the group ID since we're going to save this manifest locally for uninstalling
$group["id"] = $bigtree["group_match"][$group["id"]];
}
}
// Import modules
foreach ($json["components"]["modules"] as &$module) {
if ($module) {
$group = $module["group"] && isset($bigtree["group_match"][$module["group"]]) ? $bigtree["group_match"][$module["group"]] : "NULL";
$gbp = sqlescape(is_array($module["gbp"]) ? json_encode($module["gbp"]) : $module["gbp"]);
// Find a unique route
$oroute = $route = $module["route"];
$x = 2;
while (sqlrows(sqlquery("SELECT * FROM bigtree_modules WHERE route = '" . sqlescape($route) . "'"))) {
$route = $oroute . "-{$x}";
$x++;
}
// Create the module
sqlquery("INSERT INTO bigtree_modules (`name`,`route`,`class`,`icon`,`group`,`gbp`) VALUES ('" . sqlescape($module["name"]) . "','" . sqlescape($route) . "','" . sqlescape($module["class"]) . "','" . sqlescape($module["icon"]) . "',{$group},'{$gbp}')");
$module_id = sqlid();
$bigtree["module_match"][$module["id"]] = $module_id;
$bigtree["route_match"][$module["route"]] = $route;
// Update the module ID since we're going to save this manifest locally for uninstalling
$module["id"] = $module_id;
// Create the embed forms
foreach ($module["embed_forms"] as $form) {
$admin->createModuleEmbedForm($module_id, $form["title"], $form["table"], is_array($form["fields"]) ? $form["fields"] : json_decode($form["fields"], true), $form["preprocess"], $form["callback"], $form["default_position"], $form["default_pending"], $form["css"], $form["redirect_url"], $form["thank_you_message"]);
}
// Create views
static function getSearchResults($view, $page = 1, $query = "", $sort = "id DESC", $group = false)
{
// Check to see if we've cached this table before.
self::cacheViewData($view);
$search_parts = explode(" ", strtolower($query));
$view_columns = count($view["fields"]);
if ($group !== false) {
$query = "SELECT * FROM bigtree_module_view_cache WHERE view = '" . $view["id"] . "' AND group_field = '" . sqlescape($group) . "'" . self::getFilterQuery($view);
} else {
$query = "SELECT * FROM bigtree_module_view_cache WHERE view = '" . $view["id"] . "'" . self::getFilterQuery($view);
}
foreach ($search_parts as $part) {
$x = 0;
$qp = array();
$part = sqlescape(strtolower($part));
while ($x < $view_columns) {
$x++;
$qp[] = "column{$x} LIKE '%{$part}%'";
}
if (count($qp)) {
$query .= " AND (" . implode(" OR ", $qp) . ")";
}
}
$per_page = $view["options"]["per_page"] ? $view["options"]["per_page"] : BigTreeAdmin::$PerPage;
$pages = ceil(sqlrows(sqlquery($query)) / $per_page);
$pages = $pages > 0 ? $pages : 1;
$results = array();
// Get the correct column name for sorting
if (strpos($sort, "`") !== false) {
// New formatting
$sort_field = BigTree::nextSQLColumnDefinition(substr($sort, 1));
$sort_pieces = explode(" ", $sort);
$sort_direction = end($sort_pieces);
} else {
// Old formatting
list($sort_field, $sort_direction) = explode(" ", $sort);
}
if ($sort_field != "id") {
$x = 0;
if (isset($view["fields"][$sort_field]["numeric"]) && $view["fields"][$sort_field]["numeric"]) {
$convert_numeric = true;
} else {
$convert_numeric = false;
}
foreach ($view["fields"] as $field => $options) {
$x++;
if ($field == $sort_field) {
$sort_field = "column{$x}";
}
}
// If we didn't find a column, let's assume it's the default sort field.
if (substr($sort_field, 0, 6) != "column") {
$sort_field = "sort_field";
}
if ($convert_numeric) {
$sort_field = "CONVERT(" . $sort_field . ",SIGNED)";
}
} else {
$sort_field = "CONVERT(id,UNSIGNED)";
}
if (strtolower($sort) == "position desc, id asc") {
$sort_field = "position DESC, id ASC";
$sort_direction = "";
} else {
$sort_direction = strtolower($sort_direction) == "asc" ? "ASC" : "DESC";
}
if ($page === "all") {
$q = sqlquery($query . " ORDER BY {$sort_field} {$sort_direction}");
} else {
$q = sqlquery($query . " ORDER BY {$sort_field} {$sort_direction} LIMIT " . ($page - 1) * $per_page . ",{$per_page}");
}
while ($f = sqlfetch($q)) {
unset($f["hash"]);
$results[] = $f;
}
return array("pages" => $pages, "results" => $results);
}
function updateUser($id, $data)
{
global $bigtree;
$id = sqlescape($id);
// See if there's an email collission
$r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '" . sqlescape($data["email"]) . "' AND id != '{$id}'"));
if ($r) {
return false;
}
// If this person has higher access levels than the person trying to update them, fail.
$current = static::getUser($id);
if ($current["level"] > $this->Level) {
return false;
}
$level = intval($data["level"]);
$email = sqlescape($data["email"]);
$name = sqlescape(htmlspecialchars($data["name"]));
$company = sqlescape(htmlspecialchars($data["company"]));
$daily_digest = $data["daily_digest"] ? "on" : "";
$permissions = BigTree::json($data["permissions"], true);
$alerts = BigTree::json($data["alerts"], true);
// If the user is editing themselves, they can't change the level.
if ($this->ID == $current["id"]) {
$level = $current["level"];
}
// Don't allow the level to be set higher than the logged in user's level
if ($level > $this->Level) {
$level = $this->Level;
}
if ($data["password"]) {
$phpass = new PasswordHash($bigtree["config"]["password_depth"], TRUE);
$password = sqlescape($phpass->HashPassword(trim($data["password"])));
sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `password` = '{$password}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'");
} else {
sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'");
}
$this->track("bigtree_users", $id, "updated");
return true;
}
}
}
// Sanitize the form data so it fits properly in the database (convert dates to MySQL-friendly format and such)
$bigtree["entry"] = BigTreeAutoModule::sanitizeData($bigtree["form"]["table"], $bigtree["entry"]);
// Make some easier to write out vars for below.
$tags = $_POST["_tags"];
$edit_id = $_POST["id"] ? $_POST["id"] : false;
$new_id = false;
$table = $bigtree["form"]["table"];
$item = $bigtree["entry"];
$many_to_many = $bigtree["many-to-many"];
// Check to see if this is a positioned element
// If it is and the form is setup to create new items at the top and this is a new record, update the position column.
$table_description = BigTree::describeTable($table);
if (isset($table_description["columns"]["position"]) && $bigtree["form"]["default_position"] == "Top" && !$_POST["id"]) {
$max = sqlrows(sqlquery("SELECT id FROM `{$table}`")) + sqlrows(sqlquery("SELECT id FROM `bigtree_pending_changes` WHERE `table` = '" . sqlescape($table) . "'"));
$item["position"] = $max;
}
// Let's stick it in the database or whatever!
$data_action = $_POST["save_and_publish"] || $_POST["save_and_publish_x"] || $_POST["save_and_publish_y"] ? "publish" : "save";
$did_publish = false;
// We're an editor or "Save" was chosen
if ($bigtree["access_level"] == "e" || $data_action == "save") {
// We have an existing module entry we're saving a change to.
if ($edit_id) {
BigTreeAutoModule::submitChange($bigtree["module"]["id"], $table, $edit_id, $item, $many_to_many, $tags);
$admin->growl($bigtree["module"]["name"], "Saved " . $bigtree["form"]["title"] . " Draft");
// It's a new entry, so we create a pending item.
} else {
$edit_id = "p" . BigTreeAutoModule::createPendingItem($bigtree["module"]["id"], $table, $item, $many_to_many, $tags);
$admin->growl($bigtree["module"]["name"], "Created " . $bigtree["form"]["title"] . " Draft");
$json = version_compare(PHP_VERSION, "5.4.0") >= 0 ? json_encode($package, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) : json_encode($package);
file_put_contents(SERVER_ROOT . "cache/package/manifest.json", $json);
// Create the zip
@unlink(SERVER_ROOT . "cache/package.zip");
include BigTree::path("inc/lib/pclzip.php");
$zip = new PclZip(SERVER_ROOT . "cache/package.zip");
$zip->create(BigTree::directoryContents(SERVER_ROOT . "cache/package/"), PCLZIP_OPT_REMOVE_PATH, SERVER_ROOT . "cache/package/");
// Remove the package directory, we do it backwards because the "deepest" files are last
$contents = array_reverse(BigTree::directoryContents(SERVER_ROOT . "cache/package/"));
foreach ($contents as $file) {
@unlink($file);
@rmdir($file);
}
@rmdir(SERVER_ROOT . "cache/package/");
// Store it in the database for future updates
if (sqlrows(sqlquery("SELECT * FROM bigtree_extensions WHERE id = '" . sqlescape($id) . "'"))) {
sqlquery("UPDATE bigtree_extensions SET name = '" . sqlescape($title) . "', version = '" . sqlescape($version) . "', last_updated = NOW(), manifest = '" . sqlescape($json) . "' WHERE id = '" . sqlescape($id) . "'");
} else {
sqlquery("INSERT INTO bigtree_extensions (`id`,`type`,`name`,`version`,`last_updated`,`manifest`) VALUES ('" . sqlescape($id) . "','package','" . sqlescape($title) . "','" . sqlescape($version) . "',NOW(),'" . sqlescape($json) . "')");
}
?>
<div class="container">
<section>
<p>Package created successfully.</p>
</section>
<footer>
<a href="<?php
echo DEVELOPER_ROOT;
?>
packages/build/download/" class="button blue">Download</a>
</footer>
function updateUser($id, $data)
{
global $bigtree;
$id = sqlescape($id);
// See if there's an email collission
$r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '" . sqlescape($data["email"]) . "' AND id != '{$id}'"));
if ($r) {
return false;
}
// If this person has higher access levels than the person trying to update them, fail.
$current = $this->getUser($id);
if ($current["level"] > $this->Level) {
return false;
}
// If we didn't pass in a level because we're editing ourselves, use the current one.
if (!$level || $this->ID == $current["id"]) {
$level = $current["level"];
}
foreach ($data as $key => $val) {
if (substr($key, 0, 1) != "_" && !is_array($val)) {
${$key} = sqlescape($val);
}
}
$permissions = sqlescape(json_encode($data["permissions"]));
$alerts = sqlescape(json_encode($data["alerts"]));
if ($data["password"]) {
$phpass = new PasswordHash($bigtree["config"]["password_depth"], TRUE);
$password = sqlescape($phpass->HashPassword($data["password"]));
sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `password` = '{$password}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'");
} else {
sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'");
}
$this->track("bigtree_users", $id, "updated");
return true;
}
<?php
// If we always genereate a new route, don't have a route, or we're updating a pending entry.
if (!$field["options"]["keep_original"] || !$bigtree["existing_data"][$field["key"]] || isset($bigtree["edit_id"]) && !is_numeric($bigtree["edit_id"])) {
if ($field["options"]["not_unique"]) {
$field["output"] = $cms->urlify(strip_tags($bigtree["post_data"][$field["options"]["source"]]));
} else {
$oroute = $cms->urlify(strip_tags($bigtree["post_data"][$field["options"]["source"]]));
$field["output"] = $oroute;
$x = 2;
// We're going to try 1000 times at most so we don't time out
while ($x < 1000 && sqlrows(sqlquery("SELECT * FROM `" . $bigtree["form"]["table"] . "` WHERE `" . $field["key"] . "` = '" . sqlescape($field["output"]) . "' AND id != '" . sqlescape($bigtree["edit_id"]) . "'"))) {
$field["output"] = $oroute . "-" . $x;
$x++;
}
if ($x == 1000) {
$field["output"] = "";
}
}
} else {
$field["ignore"] = true;
}
if (sqlrows(sqlquery("SELECT * FROM bigtree_feeds WHERE route = '" . sqlescape($feed["route"]) . "'"))) {
$warnings[] = "A feed already exists with the route “" . $feed["route"] . "” — the feed will be overwritten.";
}
}
// Check for field type collisions
foreach ((array) $json["components"]["field_types"] as $type) {
if (sqlrows(sqlquery("SELECT * FROM bigtree_field_types WHERE id = '" . sqlescape($type["id"]) . "'"))) {
$warnings[] = "A field type already exists with the id “" . $type["id"] . "” — the field type will be overwritten.";
}
}
// Check for table collisions
foreach ((array) $json["sql"] as $command) {
if (substr($command, 0, 14) == "CREATE TABLE `") {
$table = substr($command, 14);
$table = substr($table, 0, strpos($table, "`"));
if (sqlrows(sqlquery("SHOW TABLES LIKE '{$table}'"))) {
$warnings[] = "A table named “{$table}” already exists — the table will be overwritten.";
}
}
}
// Check file permissions and collisions
foreach ((array) $json["files"] as $file) {
if (!BigTree::isDirectoryWritable(SERVER_ROOT . $file)) {
$errors[] = "Cannot write to {$file} — please make the root directory or file writable.";
} elseif (file_exists(SERVER_ROOT . $file)) {
if (!is_writable(SERVER_ROOT . $file)) {
$errors[] = "Cannot overwrite existing file: {$file} — please make the file writable or delete it.";
} else {
$warnings[] = "A file already exists at {$file} — the file will be overwritten.";
}
}
static function tableExists($table)
{
$r = sqlrows(sqlquery("SHOW TABLES LIKE '" . sqlescape($table) . "'"));
if ($r) {
return true;
}
return false;
}
function store($local_file, $file_name, $relative_path, $remove_original = true, $prefixes = array())
{
// If the file name ends in a disabled extension, fail.
if (preg_match($this->DisabledExtensionRegEx, $file_name)) {
$this->DisabledFileError = true;
return false;
}
// If we're auto converting images to JPG from PNG
$file_name = $this->convertJPEG($local_file, $file_name);
// Enforce trailing slashe on relative_path
$relative_path = $relative_path ? rtrim($relative_path, "/") . "/" : "files/";
if ($this->Cloud) {
// Clean up the file name
global $cms;
$parts = BigTree::pathInfo($file_name);
$clean_name = $cms->urlify($parts["filename"]);
if (strlen($clean_name) > 50) {
$clean_name = substr($clean_name, 0, 50);
}
// Best case name
$file_name = $clean_name . "." . strtolower($parts["extension"]);
$x = 2;
// Make sure we have a unique name
while (!$file_name || sqlrows(sqlquery("SELECT `timestamp` FROM bigtree_caches WHERE `identifier` = 'org.bigtreecms.cloudfiles' AND `key` = '" . sqlescape($relative_path . $file_name) . "'"))) {
$file_name = $clean_name . "-{$x}." . strtolower($parts["extension"]);
$x++;
// Check all the prefixes, make sure they don't exist either
if (is_array($prefixes) && count($prefixes)) {
$prefix_query = array();
foreach ($prefixes as $prefix) {
$prefix_query[] = "`key` = '" . sqlescape($relative_path . $prefix . $file_name) . "'";
}
if (sqlrows(sqlquery("SELECT `timestamp` FROM bigtree_caches WHERE identifier = 'org.bigtreecms.cloudfiles' AND (" . implode(" OR ", $prefix_query) . ")"))) {
$file_name = false;
}
}
}
// Upload it
$success = $this->Cloud->uploadFile($local_file, $this->Settings->Container, $relative_path . $file_name, true);
if ($success) {
sqlquery("INSERT INTO bigtree_caches (`identifier`,`key`,`value`) VALUES ('org.bigtreecms.cloudfiles','" . sqlescape($relative_path . $file_name) . "','" . sqlescape(json_encode(array("name" => $file_name, "path" => $relative_path . $file_name, "size" => filesize($local_file)))) . "')");
}
if ($remove_original) {
unlink($local_file);
}
return $success;
} else {
$safe_name = BigTree::getAvailableFileName(SITE_ROOT . $relative_path, $file_name, $prefixes);
if ($remove_original) {
$success = BigTree::moveFile($local_file, SITE_ROOT . $relative_path . $safe_name);
} else {
$success = BigTree::copyFile($local_file, SITE_ROOT . $relative_path . $safe_name);
}
if ($success) {
return "{staticroot}" . $relative_path . $safe_name;
} else {
return false;
}
}
}
