Beispiel #1
0
 /**
  * this function set custom operator for each custom module in cp
  * @param  [type] $_id [description]
  * @return [type]      [description]
  */
 function cp_create_query($_id = null)
 {
     if (!$_id) {
         $_id = $this->childparam('edit');
     }
     $cpModule = $this->cpModule();
     $mymodule = $this->cpModule('raw');
     $qry = $this->sql();
     $datarow = array();
     $datarow['slug'] = utility::post('slug', 'filter');
     $datarow['parent'] = utility::post('parent');
     if (!$datarow['slug']) {
         $datarow['slug'] = utility\Filter::slug(utility::post('title'));
     }
     if ($datarow['parent']) {
         $datarow['url'] = $this->sql()->table('terms')->where('id', $datarow['parent'])->select()->assoc('term_url') . '/' . $datarow['slug'];
     } else {
         $datarow['parent'] = '#NULL';
         $datarow['url'] = $datarow['slug'];
     }
     if ($cpModule['raw'] === 'bookcategories') {
         $datarow['url'] = 'book-index/' . preg_replace("#^(book-index\\/)+#", "", $datarow['url']);
     }
     // var_dump($datarow['slug']);exit();
     if (utility::post('title')) {
         $qry = $qry->table('terms')->set('term_type', $cpModule['type'])->set('term_language', utility::post('language'))->set('term_title', utility::post('title'))->set('term_slug', $datarow['slug'])->set('term_desc', utility::post('desc'))->set('term_parent', $datarow['parent'])->set('term_url', $datarow['url']);
     } else {
         debug::error(T_("Please enter title!"));
         return false;
     }
     $post_new_id = null;
     if ($_id) {
         // on edit
         $qry = $qry->where('id', $_id)->update();
         $post_new_id = $_id;
     } else {
         // on add
         $qry = $qry->insert();
         $post_new_id = $qry->LAST_INSERT_ID();
     }
     // ======================================================
     // you can manage next event with one of these variables,
     // commit for successfull and rollback for failed
     // if query run without error means commit
     $this->commit(function ($_module, $_postId, $_edit = null) {
         if ($_edit) {
             debug::true(T_("Update Successfully"));
             // $this->redirector()->set_url($_module.'/edit='.$_postId);
         } else {
             debug::true(T_("Insert Successfully"));
             $this->redirector()->set_url($_module . '/add');
             // $this->redirector()->set_url($_module.'/edit='.$_postId);
         }
     }, $mymodule, $post_new_id, $_id);
     // if a query has error or any error occour in any part of codes, run roolback
     $this->rollback(function () {
         debug::title(T_("Transaction error") . ': ');
     });
 }
Beispiel #2
0
 /**
  * Check for invalid upload process
  * @param  string self::$fieldName [description]
  * @return [type]        [description]
  */
 public static function invalid($_name = 'upfile', $_maxSize = null)
 {
     self::$fieldName = $_name;
     try {
         // Undefined | Multiple Files | $_FILES Corruption Attack
         // If this request falls under any of them, treat it invalid.
         if (!isset($_FILES[self::$fieldName]['error']) || is_array($_FILES[self::$fieldName]['error'])) {
             throw new \RuntimeException(T_('Invalid parameters'));
         }
         // Check $_FILES[self::$fieldName]['error'] value.
         switch ($_FILES[self::$fieldName]['error']) {
             case UPLOAD_ERR_OK:
                 break;
             case UPLOAD_ERR_NO_FILE:
                 throw new \RuntimeException(T_('No file sent'));
             case UPLOAD_ERR_INI_SIZE:
             case UPLOAD_ERR_FORM_SIZE:
                 throw new \RuntimeException(T_('Exceeded filesize limit'));
             default:
                 throw new \RuntimeException(T_('Unknown errors'));
         }
         $fileInfo = pathinfo($_FILES[self::$fieldName]['name']);
         self::$fileName = $fileInfo['filename'];
         self::$fileExt = strtolower($fileInfo['extension']);
         $extCheck = self::extCheck(self::$fileExt);
         self::$fileType = $extCheck['type'];
         self::$fileMime = $extCheck['mime'];
         self::$fileDisallow = $extCheck['disallow'];
         if (!$_maxSize) {
             $_maxSize = self::max_file_upload_in_bytes(true);
         }
         // Check filesize here.
         self::$fileSize = $_FILES[self::$fieldName]['size'];
         if (self::$fileSize > $_maxSize) {
             throw new \RuntimeException(T_('Exceeded filesize limit'));
         }
         //check file extention with allowed extention list
         // set file data like name, ext, mime
         // file with long name does not allowed in our system
         if (strlen(self::$fileName) > 200 || strpos(self::$fileName, 'htaccess') !== false) {
             throw new \RuntimeException(T_('Exceeded file name limit'));
         }
         // file with long extension does not allowed in our system
         if (strlen(self::$fileExt) > 10 || self::$fileDisallow) {
             throw new \RuntimeException(T_('Exceeded file extension limit'));
         }
         self::$fileFullName = \lib\utility\Filter::slug(self::$fileName) . '.' . self::$fileExt;
         self::$fileMd5 = md5_file($_FILES[self::$fieldName]['tmp_name']);
         if (is_array(self::$extentions) && !in_array(self::$fileExt, self::$extentions)) {
             throw new \RuntimeException(T_("We don't support this type of file"));
         }
         // DO NOT TRUST $_FILES[self::$fieldName]['mime'] VALUE !!
         // Check MIME Type by yourself.
         // Alternative check
         if (function_exists('finfo')) {
             $finfo = new finfo(FILEINFO_MIME_TYPE);
             // var_dump($finfo);
             // if (false === $ext = array_search( $finfo->file($_FILES[self::$fieldName]['tmp_name']), self::$extentions ), true ))
             // {
             // 	throw new \RuntimeException(T_('Invalid file format.'));
             // }
             self::$fileMime = mime_content_type($fileInfo['basename']);
         }
         // it is not invalid, that's mean it's a valid upload
         return false;
     } catch (\RuntimeException $e) {
         return $e->getMessage();
     }
 }
Beispiel #3
0
 /**
  * this function set custom operator for each custom module in cp
  * @param  [type] $_id [description]
  * @return [type]      [description]
  */
 function cp_create_query($_id = null)
 {
     if (!$_id) {
         $_id = $this->childparam('edit');
     }
     // if don't set title return error
     if (!utility::post('title')) {
         debug::error(T_("Please enter title!"));
         return false;
     }
     // remove this line!
     $mymodule = $this->cpModule('raw');
     // set useful variables
     $datarow = array();
     $cpModule = $this->cpModule();
     $qry = $this->sql()->table('posts');
     // set all variable get form all type of forms
     $datarow['language'] = utility::post('language');
     $datarow['title'] = utility::post('title');
     $datarow['slug'] = utility::post('slug', 'filter');
     $datarow['content'] = utility::post('desc');
     $datarow['type'] = $cpModule['type'];
     $datarow['url'] = null;
     $datarow['status'] = utility::post('status');
     $datarow['parent'] = utility::post('parent');
     $datarow['user_id'] = $this->login('id');
     $datarow['publishdate'] = date('Y-m-d H:i:s');
     // read post meta and rewrite it
     $datarow['meta'] = $this->sql()->table('posts')->where('id', $_id)->select()->assoc('post_meta');
     $datarow['meta'] = json_decode($datarow['meta'], true);
     // meta fields
     $datarow['meta']['thumbid'] = utility::post('thumbid');
     $datarow['meta']['slug'] = $datarow['slug'];
     $datarow['meta'] = json_encode($datarow['meta']);
     // set slug if is not set
     if (!$datarow['slug']) {
         $datarow['slug'] = utility\Filter::slug($datarow['title']);
     }
     switch ($cpModule['raw']) {
         case 'pages':
         case 'books':
             // calc and set url
             if ($datarow['parent']) {
                 $datarow['url'] = $this->sql()->table('posts')->where('post_type', $cpModule['type'])->and('id', $datarow['parent'])->select()->assoc('post_url') . '/' . $datarow['slug'];
             } else {
                 $datarow['parent'] = '#NULL';
                 $datarow['url'] = $datarow['slug'];
             }
             if ($cpModule['raw'] === 'books') {
                 $datarow['url'] = 'book/' . preg_replace("#^(book\\/)+#", "", $datarow['url']);
             }
             break;
             // only on edit
         // only on edit
         case 'attachments':
             // remove unuse fields like slug, url, data, status, ...
             // commented row not deleted and check
             unset($datarow['language']);
             // unset($datarow['title']);
             // unset($datarow['slug']);
             // unset($datarow['content']);
             unset($datarow['type']);
             unset($datarow['url']);
             // unset($datarow['status']);
             unset($datarow['parent']);
             // unset($datarow['user_id']);
             unset($datarow['publishdate']);
             if (utility::post('cat')) {
                 $cat = utility::post('cat');
             } else {
                 $cat = 'file';
             }
             $datarow['url'] = $cat . '/' . $datarow['slug'];
             $datarow['url'] = trim($datarow['url'], '/');
             // // read post meta and rewrite it
             // $datarow['meta'] = $this->sql()->table('posts')
             // 		->where('post_type', 'attachment')->and('id', $_id)
             // 		->select()->assoc('post_meta');
             // $datarow['meta'] = json_decode($datarow['meta'], true);
             // $datarow['meta']['slug'] = $datarow['slug'];
             // $datarow['meta'] = json_encode($datarow['meta']);
             unset($datarow['slug']);
             // var_dump(utility::post('cat'));
             // var_dump($datarow['meta']);
             // exit();
             break;
         case 'socialnetwork':
             $datarow['slug'] = 'social' . md5(time());
             $datarow['url'] = 'social/' . $datarow['slug'];
             $datarow['status'] = 'draft';
             // print_r($datarow);
             // exit();
             break;
             // all other type of post
         // all other type of post
         default:
             unset($datarow['parent']);
             $datarow['url'] = utility::post('cat');
             // create url with selected cat
             if ($cpModule['raw'] === 'books') {
                 $datarow['url'] = 'books';
             } elseif (!$datarow['url']) {
                 // calc and set url
                 $datarow['url'] = $this->sql()->table('terms')->where('id', 1)->select()->assoc('term_url');
             }
             if ($datarow['url']) {
                 $datarow['url'] = $datarow['url'] . '/';
             }
             $datarow['url'] = $datarow['url'] . $datarow['slug'];
             break;
     }
     // if in edit get this record data
     if ($_id) {
         $record = $this->sql()->table('posts')->where('id', $_id)->select()->assoc();
         $record_meta = $this->sql()->table('options')->where('post_id', $_id)->order('id', 'asc')->select()->allassoc();
         // fill options value like posts field
         foreach ($record_meta as $key => $value) {
             $record[$record_meta[$key]['option_key']] = $record_meta[$key]['option_value'];
         }
     }
     $changed = false;
     // set values if exist
     foreach ($datarow as $key => $value) {
         $key = $key === 'user_id' ? 'user_id' : 'post_' . $key;
         if ($_id) {
             // check with old data and if change then set it
             if ($record[$key] !== $value) {
                 $qry = $qry->set($key, $value);
                 $changed = true;
             }
         } elseif ($value) {
             $qry = $qry->set($key, $value);
         }
     }
     $post_new_id = $_id;
     if ($_id) {
         // on edit
         if ($changed) {
             $qry = $qry->where('id', $_id)->update();
         }
     } else {
         // on add
         $qry = $qry->insert();
         $post_new_id = $qry->LAST_INSERT_ID();
     }
     if ($post_new_id === 0 || !$post_new_id) {
         return;
     }
     // if publish post share it on twitter and save in options
     // before share check db for share before
     // if on add or in edit and staus exist and status !== 400
     // then if status == publish and changed from old position
     $post_status = isset($record['post_status']) ? $record['post_status'] : null;
     $post_type = isset($record['post_type']) ? $record['post_type'] : null;
     $post_type = $post_type ? $post_type : $cpModule['type'];
     if ($datarow['status'] === 'publish' && $datarow['status'] !== $post_status && $post_type === 'post') {
         $url_main = $this->url('MainProtocol') . '://' . $this->url('MainSite');
         if (!(isset($record['twitter']['status']) && $record['twitter']['status'] === 400)) {
             $mytwitte = $datarow['title'] . ' ' . $url_main . '/' . $datarow['url'];
             $twitte_result = \lib\utility\SocialNetwork::twitter($mytwitte);
             if (isset($twitte_result) && isset($twitte_result['status'])) {
                 $twitte_result = json_encode($twitte_result);
                 $qry_twitter = $this->sql()->table('options')->set('post_id', $post_new_id)->set('option_cat', 'post' . $post_new_id . '_SocialNetwork')->set('option_key', 'twitter')->set('option_value', $twitte_result);
                 // $qry_twitter = $qry_twitter->insertString();
                 // var_dump($qry_twitter);
                 $qry_twitter = $qry_twitter->insert();
             }
         }
         $telegram = \lib\utility\SocialNetwork::telegram($datarow['title'] . "\n" . $url_main . '/' . $datarow['url']);
         $facebook_content = html_entity_decode($datarow['content']);
         $facebook_content = preg_replace("/<\\/p>/", "\n", $facebook_content);
         $facebook_content = preg_replace("/<[^>]+>/", "", $facebook_content);
         $facebook_content = preg_replace("/^[\\s\n\r\t]+/", "", $facebook_content);
         $facebook_url = $url_main . '/' . $datarow['url'];
         $result_fb = \lib\utility\SocialNetwork::facebook($facebook_url, $facebook_content);
         if (isset($result_fb)) {
             // $result_fb = json_encode($result_fb);
             $qry_facebook = $this->sql()->table('options')->set('post_id', $post_new_id)->set('option_cat', 'post' . $post_new_id . '_SocialNetwork')->set('option_key', 'facebook')->set('option_value', $result_fb);
             // $qry_facebook = $qry_facebook->insertString();
             $qry_facebook = $qry_facebook->insert();
         }
     }
     // add tags to terms table
     $mycats = utility::post('categories');
     // if(!$mycats)
     // 	$mycats = [1];
     $mytags = utility::post('tags');
     $mytags = explode(',', $mytags);
     foreach ($mytags as $key => $value) {
         $value = trim($value, " ");
         $value = trim($value, "'");
         if ($value) {
             $mytags[$key] = $value;
         } else {
             unset($mytags[$key]);
         }
     }
     // --------------------------------------------------- check new tag and cats with old one on edit
     if ($_id) {
         $myterms_del = null;
         // get old tags and diff of it with new one by title of tags
         $old_tags = $this->sp_term_list('tag', false);
         $tags_diff = array_diff($old_tags, $mytags);
         if (count($tags_diff) > 0) {
             // get the list of tags id
             $tags_id = $this->cp_tag_id($tags_diff);
             $myterms_del = $tags_id;
         }
         // get old cats and diff of it with new one by id
         if ($cpModule['raw'] === 'attachments') {
             $old_cats = $this->sp_term_list('filecat', false);
             if (!is_array($mycats)) {
                 $mycats = null;
             }
         } elseif ($cpModule['raw'] === 'books') {
             $old_cats = $this->sp_term_list('bookcat', false);
             if (!is_array($mycats)) {
                 $mycats = null;
             }
         } else {
             $old_cats = $this->sp_term_list('cat', false);
             if (!is_array($mycats)) {
                 $mycats = [1];
             }
         }
         if (is_array($old_cats) && count($old_cats) && is_array($mycats) && count($mycats)) {
             $cats_diff = array_diff($old_cats, $mycats);
         } elseif (is_array($mycats) && count($mycats)) {
             $cats_diff = $mycats;
         } else {
             $cats_diff = $old_cats;
         }
         if (is_array($cats_diff) && count($cats_diff) > 0) {
             $cats_diff = implode(",", $cats_diff);
             if ($myterms_del) {
                 $myterms_del .= ',';
             }
             $myterms_del .= $cats_diff;
         }
         // var_dump($myterms_del);
         // exit();
         // delete deleted tags and cats together in one query
         if ($myterms_del) {
             $qry_term_del = $this->sql()->table('termusages')->where('termusage_id', $post_new_id);
             if (count(explode(',', $myterms_del)) === 1) {
                 $qry_term_del = $qry_term_del->and('term_id', '=', $myterms_del)->delete();
             } else {
                 $qry_term_del = $qry_term_del->and('term_id', 'in', "(" . $myterms_del . ")")->delete();
             }
         }
     }
     // ------------------------------------------------- if user enter new tag
     $tags_id = array();
     if (count($mytags) > 0) {
         $qry_tag = $this->sql()->table('terms');
         // add each tag to sql syntax
         foreach ($mytags as $value) {
             if ($value) {
                 $qry_tag = $qry_tag->set('term_type', 'tag')->set('term_title', $value)->set('term_slug', $value)->set('term_url', $value);
             }
         }
         // var_dump($qry_tag->insertString('IGNORE'));exit();
         $qry_tag->insert('IGNORE');
         // get the list of tags id
         $tags_id = $this->cp_tag_id($mytags, false);
         // var_dump($tags_id);
         if (!is_array($tags_id)) {
             $tags_id = array();
         }
     }
     // add selected tag to term usages table
     // on pages dont need cats and only add tags
     if ($mymodule === 'pages') {
         $myterms = $tags_id;
     } elseif (is_array($mycats) && count($mycats)) {
         $myterms = array_merge($tags_id, $mycats);
     } else {
         $myterms = $tags_id;
     }
     // ---------------------------------------------- set termusage table
     // if terms exist go to foreach
     if (isset($myterms) && count($myterms) > 0) {
         $qry_tagusages = $this->sql()->table('termusages');
         foreach ($myterms as $value) {
             $qry_tagusages = $qry_tagusages->set('term_id', $value)->set('termusage_id', $post_new_id)->set('termusage_foreign', 'posts');
         }
         // var_dump($qry_tagusages->insertString());exit();
         $qry_tagusages->insert('IGNORE');
     }
     // update post url
     // $post_url = utility::post('slug', 'filter');
     // $this->sql()->table('posts')->set('post_url', $post_url)
     // ->where('id', $post_new_id)->update();
     // ======================================================
     // you can manage next event with one of these variables,
     // commit for successfull and rollback for failed
     // if query run without error means commit
     if ($cpModule['raw'] == 'socialnetwork') {
         $twitte_result = \lib\utility\SocialNetwork::telegram($datarow['content']);
     }
     $this->commit(function ($_module, $_postId, $_edit = null) {
         if ($_edit) {
             debug::true(T_("Update Successfully"));
             $this->redirector()->set_url($_module . '/edit=' . $_postId);
         } else {
             debug::true(T_("Insert Successfully"));
             $this->redirector()->set_url($_module . '/edit=' . $_postId);
         }
     }, $mymodule, $post_new_id, $_id);
     // if a query has error or any error occour in any part of codes, run roolback
     $this->rollback(function () {
         debug::title(T_("Transaction error") . ': ');
     });
 }