static function deleteQuery($id) { $id = sqlescape($id); // Find all the stream content related to this query $q = sqlquery("SELECT item FROM btx_social_feed_stream_queries WHERE `query` = '{$id}'"); while ($f = sqlfetch($q)) { // See if the item is related to more than one query $r = sqlrows(sqlquery("SELECT `query` FROM btx_social_feed_stream_queries WHERE `item` = '" . $f["item"] . "'")); // If this is the only query related to the content, delete it. if ($r == 1) { BigTreeAutoModule::deleteItem("btx_social_feed_stream", $f["item"]); } } // Delete the query itself -- foreign key constraints will delete the reference table BigTreeAutoModule::deleteItem("btx_social_feed_queries", $id); }
function getPageCount($perpage = 15, $where = false) { // Backwards compatibility with old argument order if (!is_numeric($perpage)) { $saved = $perpage; $perpage = is_numeric($where) ? $where : 15; $where = $saved; } if ($where) { $query = "SELECT id FROM `" . $this->Table . "` WHERE {$where}"; } else { $query = "SELECT id FROM `" . $this->Table . "`"; } $pages = ceil(sqlrows(sqlquery($query)) / $perpage); if ($pages == 0) { $pages = 1; } return $pages; }
foreach ($json["components"]["module_groups"] as &$group) { if ($group) { $bigtree["group_match"][$group["id"]] = $admin->createModuleGroup($group["name"]); // Update the group ID since we're going to save this manifest locally for uninstalling $group["id"] = $bigtree["group_match"][$group["id"]]; } } // Import modules foreach ($json["components"]["modules"] as &$module) { if ($module) { $group = $module["group"] && isset($bigtree["group_match"][$module["group"]]) ? $bigtree["group_match"][$module["group"]] : "NULL"; $gbp = sqlescape(is_array($module["gbp"]) ? json_encode($module["gbp"]) : $module["gbp"]); // Find a unique route $oroute = $route = $module["route"]; $x = 2; while (sqlrows(sqlquery("SELECT * FROM bigtree_modules WHERE route = '" . sqlescape($route) . "'"))) { $route = $oroute . "-{$x}"; $x++; } // Create the module sqlquery("INSERT INTO bigtree_modules (`name`,`route`,`class`,`icon`,`group`,`gbp`) VALUES ('" . sqlescape($module["name"]) . "','" . sqlescape($route) . "','" . sqlescape($module["class"]) . "','" . sqlescape($module["icon"]) . "',{$group},'{$gbp}')"); $module_id = sqlid(); $bigtree["module_match"][$module["id"]] = $module_id; $bigtree["route_match"][$module["route"]] = $route; // Update the module ID since we're going to save this manifest locally for uninstalling $module["id"] = $module_id; // Create the embed forms foreach ($module["embed_forms"] as $form) { $admin->createModuleEmbedForm($module_id, $form["title"], $form["table"], is_array($form["fields"]) ? $form["fields"] : json_decode($form["fields"], true), $form["preprocess"], $form["callback"], $form["default_position"], $form["default_pending"], $form["css"], $form["redirect_url"], $form["thank_you_message"]); } // Create views
static function getSearchResults($view, $page = 1, $query = "", $sort = "id DESC", $group = false) { // Check to see if we've cached this table before. self::cacheViewData($view); $search_parts = explode(" ", strtolower($query)); $view_columns = count($view["fields"]); if ($group !== false) { $query = "SELECT * FROM bigtree_module_view_cache WHERE view = '" . $view["id"] . "' AND group_field = '" . sqlescape($group) . "'" . self::getFilterQuery($view); } else { $query = "SELECT * FROM bigtree_module_view_cache WHERE view = '" . $view["id"] . "'" . self::getFilterQuery($view); } foreach ($search_parts as $part) { $x = 0; $qp = array(); $part = sqlescape(strtolower($part)); while ($x < $view_columns) { $x++; $qp[] = "column{$x} LIKE '%{$part}%'"; } if (count($qp)) { $query .= " AND (" . implode(" OR ", $qp) . ")"; } } $per_page = $view["options"]["per_page"] ? $view["options"]["per_page"] : BigTreeAdmin::$PerPage; $pages = ceil(sqlrows(sqlquery($query)) / $per_page); $pages = $pages > 0 ? $pages : 1; $results = array(); // Get the correct column name for sorting if (strpos($sort, "`") !== false) { // New formatting $sort_field = BigTree::nextSQLColumnDefinition(substr($sort, 1)); $sort_pieces = explode(" ", $sort); $sort_direction = end($sort_pieces); } else { // Old formatting list($sort_field, $sort_direction) = explode(" ", $sort); } if ($sort_field != "id") { $x = 0; if (isset($view["fields"][$sort_field]["numeric"]) && $view["fields"][$sort_field]["numeric"]) { $convert_numeric = true; } else { $convert_numeric = false; } foreach ($view["fields"] as $field => $options) { $x++; if ($field == $sort_field) { $sort_field = "column{$x}"; } } // If we didn't find a column, let's assume it's the default sort field. if (substr($sort_field, 0, 6) != "column") { $sort_field = "sort_field"; } if ($convert_numeric) { $sort_field = "CONVERT(" . $sort_field . ",SIGNED)"; } } else { $sort_field = "CONVERT(id,UNSIGNED)"; } if (strtolower($sort) == "position desc, id asc") { $sort_field = "position DESC, id ASC"; $sort_direction = ""; } else { $sort_direction = strtolower($sort_direction) == "asc" ? "ASC" : "DESC"; } if ($page === "all") { $q = sqlquery($query . " ORDER BY {$sort_field} {$sort_direction}"); } else { $q = sqlquery($query . " ORDER BY {$sort_field} {$sort_direction} LIMIT " . ($page - 1) * $per_page . ",{$per_page}"); } while ($f = sqlfetch($q)) { unset($f["hash"]); $results[] = $f; } return array("pages" => $pages, "results" => $results); }
function updateUser($id, $data) { global $bigtree; $id = sqlescape($id); // See if there's an email collission $r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '" . sqlescape($data["email"]) . "' AND id != '{$id}'")); if ($r) { return false; } // If this person has higher access levels than the person trying to update them, fail. $current = static::getUser($id); if ($current["level"] > $this->Level) { return false; } $level = intval($data["level"]); $email = sqlescape($data["email"]); $name = sqlescape(htmlspecialchars($data["name"])); $company = sqlescape(htmlspecialchars($data["company"])); $daily_digest = $data["daily_digest"] ? "on" : ""; $permissions = BigTree::json($data["permissions"], true); $alerts = BigTree::json($data["alerts"], true); // If the user is editing themselves, they can't change the level. if ($this->ID == $current["id"]) { $level = $current["level"]; } // Don't allow the level to be set higher than the logged in user's level if ($level > $this->Level) { $level = $this->Level; } if ($data["password"]) { $phpass = new PasswordHash($bigtree["config"]["password_depth"], TRUE); $password = sqlescape($phpass->HashPassword(trim($data["password"]))); sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `password` = '{$password}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'"); } else { sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'"); } $this->track("bigtree_users", $id, "updated"); return true; }
} } // Sanitize the form data so it fits properly in the database (convert dates to MySQL-friendly format and such) $bigtree["entry"] = BigTreeAutoModule::sanitizeData($bigtree["form"]["table"], $bigtree["entry"]); // Make some easier to write out vars for below. $tags = $_POST["_tags"]; $edit_id = $_POST["id"] ? $_POST["id"] : false; $new_id = false; $table = $bigtree["form"]["table"]; $item = $bigtree["entry"]; $many_to_many = $bigtree["many-to-many"]; // Check to see if this is a positioned element // If it is and the form is setup to create new items at the top and this is a new record, update the position column. $table_description = BigTree::describeTable($table); if (isset($table_description["columns"]["position"]) && $bigtree["form"]["default_position"] == "Top" && !$_POST["id"]) { $max = sqlrows(sqlquery("SELECT id FROM `{$table}`")) + sqlrows(sqlquery("SELECT id FROM `bigtree_pending_changes` WHERE `table` = '" . sqlescape($table) . "'")); $item["position"] = $max; } // Let's stick it in the database or whatever! $data_action = $_POST["save_and_publish"] || $_POST["save_and_publish_x"] || $_POST["save_and_publish_y"] ? "publish" : "save"; $did_publish = false; // We're an editor or "Save" was chosen if ($bigtree["access_level"] == "e" || $data_action == "save") { // We have an existing module entry we're saving a change to. if ($edit_id) { BigTreeAutoModule::submitChange($bigtree["module"]["id"], $table, $edit_id, $item, $many_to_many, $tags); $admin->growl($bigtree["module"]["name"], "Saved " . $bigtree["form"]["title"] . " Draft"); // It's a new entry, so we create a pending item. } else { $edit_id = "p" . BigTreeAutoModule::createPendingItem($bigtree["module"]["id"], $table, $item, $many_to_many, $tags); $admin->growl($bigtree["module"]["name"], "Created " . $bigtree["form"]["title"] . " Draft");
$json = version_compare(PHP_VERSION, "5.4.0") >= 0 ? json_encode($package, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) : json_encode($package); file_put_contents(SERVER_ROOT . "cache/package/manifest.json", $json); // Create the zip @unlink(SERVER_ROOT . "cache/package.zip"); include BigTree::path("inc/lib/pclzip.php"); $zip = new PclZip(SERVER_ROOT . "cache/package.zip"); $zip->create(BigTree::directoryContents(SERVER_ROOT . "cache/package/"), PCLZIP_OPT_REMOVE_PATH, SERVER_ROOT . "cache/package/"); // Remove the package directory, we do it backwards because the "deepest" files are last $contents = array_reverse(BigTree::directoryContents(SERVER_ROOT . "cache/package/")); foreach ($contents as $file) { @unlink($file); @rmdir($file); } @rmdir(SERVER_ROOT . "cache/package/"); // Store it in the database for future updates if (sqlrows(sqlquery("SELECT * FROM bigtree_extensions WHERE id = '" . sqlescape($id) . "'"))) { sqlquery("UPDATE bigtree_extensions SET name = '" . sqlescape($title) . "', version = '" . sqlescape($version) . "', last_updated = NOW(), manifest = '" . sqlescape($json) . "' WHERE id = '" . sqlescape($id) . "'"); } else { sqlquery("INSERT INTO bigtree_extensions (`id`,`type`,`name`,`version`,`last_updated`,`manifest`) VALUES ('" . sqlescape($id) . "','package','" . sqlescape($title) . "','" . sqlescape($version) . "',NOW(),'" . sqlescape($json) . "')"); } ?> <div class="container"> <section> <p>Package created successfully.</p> </section> <footer> <a href="<?php echo DEVELOPER_ROOT; ?> packages/build/download/" class="button blue">Download</a> </footer>
function updateUser($id, $data) { global $bigtree; $id = sqlescape($id); // See if there's an email collission $r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '" . sqlescape($data["email"]) . "' AND id != '{$id}'")); if ($r) { return false; } // If this person has higher access levels than the person trying to update them, fail. $current = $this->getUser($id); if ($current["level"] > $this->Level) { return false; } // If we didn't pass in a level because we're editing ourselves, use the current one. if (!$level || $this->ID == $current["id"]) { $level = $current["level"]; } foreach ($data as $key => $val) { if (substr($key, 0, 1) != "_" && !is_array($val)) { ${$key} = sqlescape($val); } } $permissions = sqlescape(json_encode($data["permissions"])); $alerts = sqlescape(json_encode($data["alerts"])); if ($data["password"]) { $phpass = new PasswordHash($bigtree["config"]["password_depth"], TRUE); $password = sqlescape($phpass->HashPassword($data["password"])); sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `password` = '{$password}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'"); } else { sqlquery("UPDATE bigtree_users SET `email` = '{$email}', `name` = '{$name}', `company` = '{$company}', `level` = '{$level}', `permissions` = '{$permissions}', `alerts` = '{$alerts}', `daily_digest` = '{$daily_digest}' WHERE id = '{$id}'"); } $this->track("bigtree_users", $id, "updated"); return true; }
<?php // If we always genereate a new route, don't have a route, or we're updating a pending entry. if (!$field["options"]["keep_original"] || !$bigtree["existing_data"][$field["key"]] || isset($bigtree["edit_id"]) && !is_numeric($bigtree["edit_id"])) { if ($field["options"]["not_unique"]) { $field["output"] = $cms->urlify(strip_tags($bigtree["post_data"][$field["options"]["source"]])); } else { $oroute = $cms->urlify(strip_tags($bigtree["post_data"][$field["options"]["source"]])); $field["output"] = $oroute; $x = 2; // We're going to try 1000 times at most so we don't time out while ($x < 1000 && sqlrows(sqlquery("SELECT * FROM `" . $bigtree["form"]["table"] . "` WHERE `" . $field["key"] . "` = '" . sqlescape($field["output"]) . "' AND id != '" . sqlescape($bigtree["edit_id"]) . "'"))) { $field["output"] = $oroute . "-" . $x; $x++; } if ($x == 1000) { $field["output"] = ""; } } } else { $field["ignore"] = true; }
if (sqlrows(sqlquery("SELECT * FROM bigtree_feeds WHERE route = '" . sqlescape($feed["route"]) . "'"))) { $warnings[] = "A feed already exists with the route “" . $feed["route"] . "” — the feed will be overwritten."; } } // Check for field type collisions foreach ((array) $json["components"]["field_types"] as $type) { if (sqlrows(sqlquery("SELECT * FROM bigtree_field_types WHERE id = '" . sqlescape($type["id"]) . "'"))) { $warnings[] = "A field type already exists with the id “" . $type["id"] . "” — the field type will be overwritten."; } } // Check for table collisions foreach ((array) $json["sql"] as $command) { if (substr($command, 0, 14) == "CREATE TABLE `") { $table = substr($command, 14); $table = substr($table, 0, strpos($table, "`")); if (sqlrows(sqlquery("SHOW TABLES LIKE '{$table}'"))) { $warnings[] = "A table named “{$table}” already exists — the table will be overwritten."; } } } // Check file permissions and collisions foreach ((array) $json["files"] as $file) { if (!BigTree::isDirectoryWritable(SERVER_ROOT . $file)) { $errors[] = "Cannot write to {$file} — please make the root directory or file writable."; } elseif (file_exists(SERVER_ROOT . $file)) { if (!is_writable(SERVER_ROOT . $file)) { $errors[] = "Cannot overwrite existing file: {$file} — please make the file writable or delete it."; } else { $warnings[] = "A file already exists at {$file} — the file will be overwritten."; } }
static function tableExists($table) { $r = sqlrows(sqlquery("SHOW TABLES LIKE '" . sqlescape($table) . "'")); if ($r) { return true; } return false; }
function store($local_file, $file_name, $relative_path, $remove_original = true, $prefixes = array()) { // If the file name ends in a disabled extension, fail. if (preg_match($this->DisabledExtensionRegEx, $file_name)) { $this->DisabledFileError = true; return false; } // If we're auto converting images to JPG from PNG $file_name = $this->convertJPEG($local_file, $file_name); // Enforce trailing slashe on relative_path $relative_path = $relative_path ? rtrim($relative_path, "/") . "/" : "files/"; if ($this->Cloud) { // Clean up the file name global $cms; $parts = BigTree::pathInfo($file_name); $clean_name = $cms->urlify($parts["filename"]); if (strlen($clean_name) > 50) { $clean_name = substr($clean_name, 0, 50); } // Best case name $file_name = $clean_name . "." . strtolower($parts["extension"]); $x = 2; // Make sure we have a unique name while (!$file_name || sqlrows(sqlquery("SELECT `timestamp` FROM bigtree_caches WHERE `identifier` = 'org.bigtreecms.cloudfiles' AND `key` = '" . sqlescape($relative_path . $file_name) . "'"))) { $file_name = $clean_name . "-{$x}." . strtolower($parts["extension"]); $x++; // Check all the prefixes, make sure they don't exist either if (is_array($prefixes) && count($prefixes)) { $prefix_query = array(); foreach ($prefixes as $prefix) { $prefix_query[] = "`key` = '" . sqlescape($relative_path . $prefix . $file_name) . "'"; } if (sqlrows(sqlquery("SELECT `timestamp` FROM bigtree_caches WHERE identifier = 'org.bigtreecms.cloudfiles' AND (" . implode(" OR ", $prefix_query) . ")"))) { $file_name = false; } } } // Upload it $success = $this->Cloud->uploadFile($local_file, $this->Settings->Container, $relative_path . $file_name, true); if ($success) { sqlquery("INSERT INTO bigtree_caches (`identifier`,`key`,`value`) VALUES ('org.bigtreecms.cloudfiles','" . sqlescape($relative_path . $file_name) . "','" . sqlescape(json_encode(array("name" => $file_name, "path" => $relative_path . $file_name, "size" => filesize($local_file)))) . "')"); } if ($remove_original) { unlink($local_file); } return $success; } else { $safe_name = BigTree::getAvailableFileName(SITE_ROOT . $relative_path, $file_name, $prefixes); if ($remove_original) { $success = BigTree::moveFile($local_file, SITE_ROOT . $relative_path . $safe_name); } else { $success = BigTree::copyFile($local_file, SITE_ROOT . $relative_path . $safe_name); } if ($success) { return "{staticroot}" . $relative_path . $safe_name; } else { return false; } } }