foreach ($logger->queries as $query) { // Skip "PRAGMA .." queries by SQLITE. if (strpos($query['sql'], "PRAGMA ") === 0) { continue; } $queries[] = array('query' => $query['sql'], 'params' => $query['params'], 'types' => $query['types'], 'duration' => sprintf("%0.2f", $query['executionMS'])); $querycount++; $querytime += $query['executionMS']; } $twig = $app['twig.loader']; $templates = hackislyParseRegexTemplates($twig); $route = $request->get('_route'); $route_params = $request->get('_route_params'); $log = $app['log']->getMemorylog(); // echo "<pre>\n" . util::var_dump($log, true) . "</pre>\n"; $servervars = array('cookies <small>($_COOKIES)</small>' => $request->cookies->all(), 'headers' => makeValuepairs($request->headers->all(), '', '0'), 'query <small>($_GET)</small>' => $request->query->all(), 'request <small>($_POST)</small>' => $request->request->all(), 'session <small>($_SESSION)</small>' => $request->getSession()->all(), 'server <small>($_SERVER)</small>' => $request->server->all(), 'response' => makeValuepairs($response->headers->all(), '', '0'), 'statuscode' => $response->getStatusCode()); echo $app['twig']->render('debugbar.twig', array('timetaken' => timeTaken(), 'memtaken' => getMem(), 'memtaken' => getMaxMem(), 'querycount' => $querycount, 'querytime' => sprintf("%0.2f", $querytime), 'queries' => $queries, 'servervars' => $servervars, 'templates' => $templates, 'log' => $log, 'route' => "/" . $route, 'route_params' => $route_params, 'editlink' => $app['editlink'], 'paths' => getPaths($app['config']))); }); } $app->after(function (Request $request, Response $response) use($app) { $end = !empty($app['end']) ? $app['end'] : false; if ($end == "frontend") { $html = $response->getContent(); // Insert our 'generator' after the last <meta ..> tag. $app['extensions']->insertSnippet('aftermeta', '<meta name="generator" content="Bolt">'); $html = $app['extensions']->processSnippetQueue($html); $response->setContent($html); } }); /** * Error page.
public function useredit($id, \Bolt\Application $app, Request $request) { // Get the user we want to edit (if any) if (!empty($id)) { $user = $app['users']->getUser($id); $title = "<strong>" . __('Edit user') . "</strong> » " . htmlencode($user['displayname']); } else { $user = $app['users']->getEmptyUser(); $title = "<strong>" . __('Create a new user') . "</strong>"; } $enabledoptions = array(1 => __('yes'), 0 => __('no')); $contenttypes = makeValuepairs($app['config']->get('contenttypes'), 'slug', 'name'); $allRoles = $app['permissions']->getDefinedRoles($app); $roles = array(); $userRoles = isset($user['roles']) ? $user['roles'] : array(); foreach ($allRoles as $roleName => $role) { $roles[$roleName] = $role['label']; } // If we're creating the first user, we should make sure that we can only create // a user that's allowed to log on. if (!$app['users']->getUsers()) { $firstuser = true; $title = __('Create the first user'); // If we get here, chances are we don't have the tables set up, yet. $app['integritychecker']->repairTables(); // Grant 'root' to first user by default $user['roles'] = array(Permissions::ROLE_ROOT); } else { $firstuser = false; } // Start building the form.. $form = $app['form.factory']->createBuilder('form', $user)->add('id', 'hidden')->add('username', 'text', array('constraints' => array(new Assert\NotBlank(), new Assert\Length(array('min' => 2, 'max' => 32))), 'label' => __('Username')))->add('password', 'password', array('required' => false, 'label' => __('Password')))->add('password_confirmation', 'password', array('required' => false, 'label' => __("Password (confirmation)")))->add('email', 'text', array('constraints' => new Assert\Email(), 'label' => __('Email')))->add('displayname', 'text', array('constraints' => array(new Assert\NotBlank(), new Assert\Length(array('min' => 2, 'max' => 32))), 'label' => __('Display name'))); // If we're adding the first user, add them as 'developer' by default, so don't // show them here.. if (!$firstuser) { $form->add('enabled', 'choice', array('choices' => $enabledoptions, 'expanded' => false, 'constraints' => new Assert\Choice(array_keys($enabledoptions)), 'label' => __("User is enabled")))->add('roles', 'choice', array('choices' => $roles, 'expanded' => true, 'multiple' => true, 'label' => __("Assigned roles"))); } // If we're adding a new user, these fields will be hidden. if (!empty($id)) { $form->add('lastseen', 'text', array('disabled' => true, 'label' => __('Last seen')))->add('lastip', 'text', array('disabled' => true, 'label' => __('Last IP'))); } // Make sure the passwords are identical and some other check, with a custom validator.. $form->addEventListener(FormEvents::POST_SUBMIT, function (FormEvent $event) use($app) { $form = $event->getForm(); $id = $form['id']->getData(); $pass1 = $form['password']->getData(); $pass2 = $form['password_confirmation']->getData(); // If adding a new user (empty $id) or if the password is not empty (indicating we want to change it), // then make sure it's at least 6 characters long. if ((empty($id) || !empty($pass1)) && strlen($pass1) < 6) { // screw it. Let's just not translate this message for now. Damn you, stupid non-cooperative translation thingy. //$error = new FormError("This value is too short. It should have {{ limit }} characters or more.", array('{{ limit }}' => 6), 2); $error = new FormError(__("This value is too short. It should have 6 characters or more.")); $form['password']->addError($error); } // Passwords must be identical.. if ($pass1 != $pass2) { $form['password_confirmation']->addError(new FormError(__('Passwords must match.'))); } // Usernames must be unique.. if (!$app['users']->checkAvailability('username', $form['username']->getData(), $id)) { $form['username']->addError(new FormError(__('This username is already in use. Choose another username.'))); } // Email addresses must be unique.. if (!$app['users']->checkAvailability('email', $form['email']->getData(), $id)) { $form['email']->addError(new FormError(__('This email address is already in use. Choose another email address.'))); } // Displaynames must be unique.. if (!$app['users']->checkAvailability('displayname', $form['displayname']->getData(), $id)) { $form['displayname']->addError(new FormError(__('This displayname is already in use. Choose another displayname.'))); } }); /** * @var \Symfony\Component\Form\Form $form */ $form = $form->getForm(); // Check if the form was POST-ed, and valid. If so, store the user. if ($request->getMethod() == "POST") { //$form->bindRequest($request); $form->submit($app['request']->get($form->getName())); if ($form->isValid()) { $user = $form->getData(); if ($firstuser) { $user['roles'] = array(Permissions::ROLE_ROOT); } $res = $app['users']->saveUser($user); if ($user['id']) { $app['log']->add(__("Updated user '%s'.", array('%s' => $user['displayname'])), 3, '', 'user'); } else { $app['log']->add(__("Added user '%s'.", array('%s' => $user['displayname'])), 3, '', 'user'); } if ($res) { $app['session']->getFlashBag()->set('success', __('User %s has been saved.', array('%s' => $user['displayname']))); } else { $app['session']->getFlashBag()->set('error', __('User %s could not be saved, or nothing was changed.', array('%s' => $user['displayname']))); } if ($firstuser) { // To the dashboard, where 'login' will be triggered.. return redirect('dashboard'); } else { return redirect('users'); } } } return $app['render']->render('edituser.twig', array('form' => $form->createView(), 'title' => $title)); }
/** * Creates a feed of entries. * * @param string $feed_template * @param array $entries * @return string */ function _renderFeedEntries($feed_template, $entries) { global $PIVOTX; // Getting category display names $categories = $PIVOTX['categories']->getCategories(); $categories = makeValuepairs($categories, 'name', 'display'); // Loop through the entries.. foreach ($entries as $entry) { // Get the full entry.. $entry = $PIVOTX['db']->read_entry($entry['code']); $link = makeFileURL($entry['uid'], "", ""); $title = trim(unentify($entry['title'])); $subtitle = trim(unentify($entry['subtitle'])); // parse fields and remove scripting from the feed. Script in feed is bad.. $introduction = parse_intro_or_body($entry['introduction'], false, $entry['convert_lb']); $introduction = $this->_cleanFeedText($introduction); $body = parse_intro_or_body($entry['body'], false, $entry['convert_lb']); $body = $this->_cleanFeedText($body); $year = formatDate($entry['date'], "%year%"); $tag = safeString($PIVOTX['config']->get('sitename'), TRUE) . "," . $year . ":" . safeString($PIVOTX['weblogs']->get('', 'name'), TRUE) . "." . $entry['uid']; $tag = str_replace("_", "", strtolower($tag)); $date = formatDate($entry['date'], "%year%-%month%-%day%T%hour24%:%minute%:00") . $this->_rssOffset(); $date_rfc = formatDate($entry['date'], "%english_dname%, %day% %english_monname% %year% %hour24%:%minute%:00 ") . $this->_rssOffset("rfc822"); if ($PIVOTX['db']->entry['edit_date'] != "") { $edit_date = formatDate($entry['edit_date'], "%year%-%month%-%day%T%hour24%:%minute%:00") . $this->_rssOffset(); } else { // if the entry was never edited, use the entrydate $edit_date = $date; } $summary = unentify(strip_tags($introduction)); $summary = trim(str_replace("&", "&", str_replace(" ", " ", $summary))); // Set content (Atom 1.0) and description (RSS 2.0) according to completeness settings if ($PIVOTX['weblogs']->get('', 'rss_full') == 0) { // don't put anything in the content. $content = ""; $description = trim($introduction); if (strlen($body) > 5) { $description .= makeMoreLink($entry, '', array('html' => true)); $summary .= ' ...'; } } else { // put the introduction and body in the content.. $content = trim(str_replace(" ", " ", $introduction . $body)); $description = trim($introduction . $body); } // Handling viatitle special to avoid validation errors if (!empty($entry['viatitle'])) { $viatitle = 'title="' . addslashes($entry['viatitle']) . '"'; } else { $viatitle = ""; } // Getting user information.. $user = $PIVOTX['users']->getUser($entry['user']); if (!$user) { $user = array('username' => $entry['user'], 'email' => '', 'nickname' => $entry['user']); } // Setting the category display names $cat_display = array(); foreach ($entry['category'] as $cat) { if (!empty($categories[$cat])) { $cat_display[] = $categories[$cat]; } } $replace = array("%title%" => htmlspecialchars(strip_tags($title)), "%subtitle%" => htmlspecialchars(strip_tags($subtitle)), "%link%" => $link, "%description%" => relativeToAbsoluteURLS($description), "%summary%" => relativeToAbsoluteURLS($summary), "%author%" => $user['username'], "%author-email%" => $user['email'], "%author-nick%" => $user['nickname'], "%guid%" => $entry['uid'] . "@" . str_replace('http://', '', $PIVOTX['paths']['canonical_host']) . $PIVOTX['paths']['site_url'], "%date%" => $date, "%edit_date%" => $edit_date, "%date_rfc%" => $date_rfc, "%category%" => htmlspecialchars(implode(", ", $cat_display)), "%categorynames%" => htmlspecialchars(implode(", ", $entry['category'])), "%content%" => relativeToAbsoluteURLS($content), "%tag%" => $tag, "%lang%" => $PIVOTX['languages']->getCode(), "%vialink%" => $PIVOTX['db']->entry['vialink'], "%viatitle%" => $viatitle); // Execute the 'feed_entry' hook, if present. $PIVOTX['extensions']->executeHook('feed_entry', $replace); // Replace all items in $replace, unless it's an empty array. This way the feed_entry // hook can set $replace to an empty array, in order to skip it entirely. if (!empty($replace)) { $feed .= str_replace(array_keys($replace), array_values($replace), $feed_template); } } return $feed; }
/** * Get Tags that are related to a certain Tag * * @param string $tag * @return unknown */ function getRelatedTags($tag) { global $PIVOTX, $paths; if ($PIVOTX['config']->get('db_model') == "flat") { // Getting related tags for flat files.. $filename = urlencode($tag) . '.rel'; if (file_exists($PIVOTX['paths']['db_path'] . "tagdata/{$filename}")) { $sTagString = file_get_contents($PIVOTX['paths']['db_path'] . "tagdata/{$filename}", "r"); $taglist = explode(",", $sTagString); } } else { // Getting tags for SQL $tagtable = safeString($PIVOTX['config']->get('db_prefix') . "tags", true); // [JAN] // Set up DB factory $sqlFactory = new sqlFactory($PIVOTX['config']->get('db_model'), $PIVOTX['config']->get('db_databasename'), $PIVOTX['config']->get('db_hostname'), $PIVOTX['config']->get('db_username'), $PIVOTX['config']->get('db_password')); // Get a DB connection.. $sql = $sqlFactory->getSqlInstance(); // $sql = new sql('mysql', //$PIVOTX['config']->get('db_databasename'), // $PIVOTX['config']->get('db_hostname'), // $PIVOTX['config']->get('db_username'), // $PIVOTX['config']->get('db_password') // ); // [/JAN] // Getting related tags for MySQL db.. $sql->query("SELECT DISTINCT(t2.tag)\n FROM {$tagtable} AS t1, {$tagtable} AS t2\n WHERE (t1.tag=" . $sql->quote($tag) . " AND t1.target_uid=t2.target_uid AND t2.tag!=" . $sql->quote($tag) . ")\n ORDER BY t2.tag ASC"); $rows = $sql->fetch_all_rows(); $taglist = makeValuepairs($rows, '', 'tag'); } if (is_array($taglist)) { $output = array(); foreach ($taglist as $thistag) { $output[] = "<a href=\"" . tagLink(str_replace(" ", "+", $thistag)) . "\" class=\"taglinkext\">{$thistag}</a>"; } $output = implode(", \n", $output); } else { $output .= "\n<p>" . __('No related tags') . "</p>\n"; } return $output; }
/** * Read a bunch of entries * * @param array $params * @return array */ function read_entries($params) { global $PIVOTX; $qry = array(); $qry['select'] = "e.*, e.uid AS code, e.comment_count AS commcount, e.comment_names AS commnames, e.trackback_count AS trackcount, e.trackback_names AS tracknames"; $qry['from'] = $this->entriestable . " AS e"; if (!empty($params['offset'])) { $params['date'] = ""; $qry['limit'] = intval($params['offset']) . ", " . $params['show']; } else { $qry['limit'] = $params['show']; } if (substr($params['orderby'], 0, 12) == "extrafields_") { if (empty($params['extrafields'])) { $qry['select'] .= ", ef.target_uid, ef.value"; $qry['leftjoin'][$this->extrafieldstable . " AS ef"] = "e.uid = ef.target_uid"; } $qry['where'][] = "ef.contenttype = 'entry'"; $qry['where'][] = "ef.fieldkey = '" . safeString(substr($params['orderby'], 12)) . "'"; if ($params['ordertype'] == "int") { $orderby = "CAST(ef.value as SIGNED)"; } else { $orderby = "ef.value"; } } elseif (!empty($params['orderby'])) { if ($params['ordertype'] == "int") { $orderby = "CAST(e." . safeString($params['orderby'], true) . " as SIGNED)"; } else { $orderby = "e." . safeString($params['orderby'], true); } } else { $orderby = "e.date"; } if ($params['order'] == "random") { $qry['order'] = "RAND()"; } elseif ($params['order'] == "desc") { $qry['order'] = $orderby . " DESC"; } else { $qry['order'] = $orderby . " ASC"; } if (!empty($params['uid'])) { if (is_array($params['uid'])) { $aUids = $params['uid']; } else { $aUids = explode(",", $params['uid']); } foreach ($aUids as $k => $uid) { if (!is_numeric($uid)) { unset($aUids[$k]); } } if (!empty($aUids)) { $uids = implode(', ', $aUids); $qry['where'][] = "e.uid in (" . $uids . ")"; } } else { if (!empty($params['start'])) { $params['date'] = ""; $params['start'] = explode("-", $params['start']); $start = sprintf("%s-%02s-%02s %02s:%02s:00", $params['start'][0], $params['start'][1], $params['start'][2], $params['start'][3], $params['start'][4]); $qry['where'][] = $orderby . " > " . $this->sql->quote($start); } if (!empty($params['end'])) { $params['date'] = ""; $params['end'] = explode("-", $params['end']); $end = sprintf("%s-%02s-%02s %02s:%02s:00", $params['end'][0], $params['end'][1], $params['end'][2], $params['end'][3], $params['end'][4]); $qry['where'][] = $orderby . " < " . $this->sql->quote($end); } if (!empty($params['date'])) { $params['date'] = explode("-", $params['date']); $year = (int) $params['date'][0]; if (count($params['date']) == 1) { $start = sprintf("%s-%02s-%02s 00:00:00", $year, 1, 1); $year++; $end = sprintf("%s-%02s-%02s 00:00:00", $year, 1, 1); } elseif (count($params['date']) == 2) { $month = (int) $params['date'][1]; $start = sprintf("%s-%02s-%02s 00:00:00", $year, $month, 1); $month++; if ($month > 12) { $month = 1; $year++; } $end = sprintf("%s-%02s-%02s 00:00:00", $year, $month, 1); } else { $month = (int) $params['date'][1]; $day = (int) $params['date'][2]; $start = sprintf("%s-%02s-%02s 00:00:00", $year, $month, $day); $end = sprintf("%s-%02s-%02s 23:59:00", $year, $month, $day); } $qry['where'][] = "{$orderby} > " . $this->sql->quote($start); $qry['where'][] = "{$orderby} < " . $this->sql->quote($end); } // Do not use a limit if a date range is given if (!empty($params['start']) && !empty($params['end']) || !empty($params['date'])) { unset($qry['limit']); } if (!empty($params['status'])) { $qry['where'][] = "e.status = " . $this->sql->quote($params['status']); } if (!empty($params['user'])) { $qry['where'][] = "e.user = "******"e.date DESC, e.uid DESC"; $qry['group'] = "e.date, e.uid"; //[/JAN] if (!empty($params['cats'])) { $qry['select'] .= ", c.category"; $qry['leftjoin'][$this->categoriestable . " AS c"] = "e.uid = c.target_uid"; if (is_array($params['cats'])) { $qry['where'][] = "c.category IN('" . implode("', '", $params['cats']) . "')"; } else { $qry['where'][] = "c.category= " . $this->sql->quote($params['cats']); } $qry['where'][] = "c.contenttype= 'entry'"; } if (!empty($params['tags'])) { $qry['select'] .= ", t.tag"; $qry['leftjoin'][$this->tagstable . " AS t"] = "e.uid = t.target_uid"; if (strpos($params['tags'], ",") !== false) { $aTags = explode(",", str_replace(" ", "", $params['tags'])); $tags = implode("', '", $aTags); $qry['where'][] = "t.tag IN ('" . $tags . "')"; } else { $qry['where'][] = "t.tag= " . $this->sql->quote($params['tags']); } $qry['where'][] = "t.contenttype= 'entry'"; } if (!empty($params['extrafields'])) { $qry['select'] .= ", ef.target_uid"; $qry['leftjoin'][$this->extrafieldstable . " AS ef"] = "e.uid = ef.target_uid"; foreach ($params['extrafields'] as $k => $v) { $qry['where_or'][] = "(ef.contenttype='entry' AND ef.fieldkey = '" . $k . "' AND ef.value = '" . $v . "')"; } } } if ($params['count_only'] === true) { // if we only want to count - override the select, group and order $qry['select'] = 'count(e.uid) as number'; unset($qry['order']); unset($qry['group']); //debug_printr($qry); $query = $this->sql->build_select($qry); //debug(nl2br($query)); $this->sql->query(); $result = $this->sql->fetch_row(); // return the result and skip the recht if read_entries return $result; } $query = $this->sql->build_select($qry); $this->sql->query(); // echo nl2br(htmlentities($query)); $rows = $this->sql->fetch_all_rows(); $entries = array(); if (!is_array($rows)) { $rows = array(); } foreach ($rows as $entry) { $entries[$entry['uid']] = $entry; // Make the 'excerpts'.. $entries[$entry['uid']]['excerpt'] = makeExcerpt($entry['introduction']); // Set the link.. $entries[$entry['uid']]['link'] = makeFileLink($entry, '', ''); } if (is_array($entries)) { $ids = makeValuepairs($entries, '', 'uid'); $ids = "'" . implode("', '", $ids) . "'"; // Ok, now we need to do a second query to get the correct arrays with all of the categories. $this->sql->query("SELECT * FROM " . $this->categoriestable . " AS c WHERE contenttype = 'entry' AND target_uid IN ({$ids})"); $tempcats = $this->sql->fetch_all_rows(); if ($tempcats) { // group them together by entry. foreach ($tempcats as $cat) { $cats[$cat['target_uid']][] = $cat['category']; } // Add them to our simple cache, for later retrieval.. $PIVOTX['cache']->setMultiple("categories", $cats); // Now, attach the categories to the entries.. foreach ($cats as $uid => $cat) { foreach ($entries as $key => $entry) { if ($entries[$key]['uid'] == $uid) { $entries[$key]['category'] = $cat; continue; } } } } // And a third query to get the correct records with all of the extra fields. $this->sql->query("SELECT * FROM " . $this->extrafieldstable . " AS e WHERE contenttype='entry' AND target_uid IN ({$ids})"); $tempfields = $this->sql->fetch_all_rows(); // Now, attach the tempfields to the entries.. if (!empty($tempfields)) { foreach ($tempfields as $tempfield) { foreach ($entries as $key => $entry) { if ($entries[$key]['uid'] == $tempfield['target_uid']) { if (!is_array($entries[$key]['extrafields'])) { $entries[$key]['extrafields'] = array(); } // Check if it's a serialised value.. if (is_array(unserialize($temp_field['value']))) { $temp_field['value'] = unserialize($temp_field['value']); } $entries[$key]['extrafields'][$tempfield['fieldkey']] = $tempfield['value']; } } } } } // Add them to our simple cache, for later retrieval.. $PIVOTX['cache']->setMultiple("entries", $entries); return $entries; }