/**
* Find an API User's details based on the provided public api key.
* These users are not users in the traditional sense.
*
* @param string $api_key The API Key
*
* @return mixed stdClass representing the database row or false.
*/
function get_api_user($api_key)
{
$dbprefix = elgg_get_config('dbprefix');
$api_key = sanitise_string($api_key);
$query = "SELECT * from {$dbprefix}api_users" . " where api_key='{$api_key}' and active=1";
return get_data_row($query);
}
/**
* Encode a location into a latitude and longitude, caching the result.
*
* Works by triggering the 'geocode' 'location' plugin
* hook, and requires a geocoding plugin to be installed.
*
* @param string $location The location, e.g. "London", or "24 Foobar Street, Gotham City"
* @return string|false
*/
function elgg_geocode_location($location)
{
global $CONFIG;
if (is_array($location)) {
return false;
}
$location = sanitise_string($location);
// Look for cached version
$query = "SELECT * from {$CONFIG->dbprefix}geocode_cache WHERE location='{$location}'";
$cached_location = get_data_row($query);
if ($cached_location) {
return array('lat' => $cached_location->lat, 'long' => $cached_location->long);
}
// Trigger geocode event if not cached
$return = false;
$return = elgg_trigger_plugin_hook('geocode', 'location', array('location' => $location), $return);
// If returned, cache and return value
if ($return && is_array($return)) {
$lat = (double) $return['lat'];
$long = (double) $return['long'];
// Put into cache at the end of the page since we don't really care that much
$query = "INSERT DELAYED INTO {$CONFIG->dbprefix}geocode_cache " . " (location, lat, `long`) VALUES ('{$location}', '{$lat}', '{$long}')" . " ON DUPLICATE KEY UPDATE lat='{$lat}', `long`='{$long}'";
execute_delayed_write_query($query);
}
return $return;
}
/**
* Get security token, forward to action.
*
* @param unknown_type $page
* @return unknown_type
*/
function uservalidationbyemail_page_handler($page)
{
global $CONFIG;
if (isset($page[0]) && $page[0] == 'confirm') {
$code = sanitise_string(get_input('c', FALSE));
$user_guid = get_input('u', FALSE);
// new users are not enabled by default.
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$user = get_entity($user_guid);
if ($code && $user) {
if (uservalidationbyemail_validate_email($user_guid, $code)) {
system_message(elgg_echo('email:confirm:success'));
$user = get_entity($user_guid);
$user->enable();
notify_user($user_guid, $CONFIG->site->guid, sprintf(elgg_echo('email:validate:success:subject'), $user->username), sprintf(elgg_echo('email:validate:success:body'), $user->name), NULL, 'email');
} else {
register_error(elgg_echo('email:confirm:fail'));
}
} else {
register_error(elgg_echo('email:confirm:fail'));
}
access_show_hidden_entities($access_status);
} else {
register_error(elgg_echo('email:confirm:fail'));
}
forward();
}
/**
* Custom clauses for forum keyword search
*/
function hj_forum_filter_forum_list($hook, $type, $options, $params)
{
if (!is_array($options['subtypes'])) {
if (isset($options['subtype'])) {
$options['subtypes'] = array($options['subtype']);
unset($options['subtype']);
} elseif (isset($options['subtypes'])) {
$options['subtypes'] = array($options['subtypes']);
} else {
return $options;
}
}
if (!in_array('hjforum', $options['subtypes']) && !in_array('hjforumtopic', $options['subtypes'])) {
return $options;
}
$query = get_input("__q", false);
if (!$query || empty($query)) {
return $options;
}
$query = sanitise_string(urldecode($query));
$dbprefix = elgg_get_config('dbprefix');
$options['joins'][] = "JOIN {$dbprefix}objects_entity oe_q ON e.guid = oe_q.guid";
$options['wheres'][] = "MATCH(oe_q.title, oe_q.description) AGAINST ('{$query}')";
return $options;
}
/**
* Create or update the extras table for a given object.
* Call create_entity first.
*
* @param int $guid The guid of the entity you're creating (as obtained by create_entity)
* @param string $title The title of the object
* @param string $description The object's description
*
* @return bool
*/
function create_object_entity($guid, $title, $description)
{
global $CONFIG;
$guid = (int) $guid;
$title = sanitise_string($title);
$description = sanitise_string($description);
$row = get_entity_as_row($guid);
if ($row) {
// Core entities row exists and we have access to it
$query = "SELECT guid from {$CONFIG->dbprefix}objects_entity where guid = {$guid}";
if ($exists = get_data_row($query)) {
$query = "UPDATE {$CONFIG->dbprefix}objects_entity\n\t\t\t\tset title='{$title}', description='{$description}' where guid={$guid}";
$result = update_data($query);
if ($result != false) {
// Update succeeded, continue
$entity = get_entity($guid);
elgg_trigger_event('update', $entity->type, $entity);
return $guid;
}
} else {
// Update failed, attempt an insert.
$query = "INSERT into {$CONFIG->dbprefix}objects_entity\n\t\t\t\t(guid, title, description) values ({$guid}, '{$title}','{$description}')";
$result = insert_data($query);
if ($result !== false) {
$entity = get_entity($guid);
if (elgg_trigger_event('create', $entity->type, $entity)) {
return $guid;
} else {
$entity->delete();
}
}
}
}
return false;
}
function bulk_user_admin_get_users_by_email_domain($domain, $options = array())
{
$domain = sanitise_string($domain);
$db_prefix = elgg_get_config('dbprefix');
$where = "ue.email LIKE '%@{$domain}'";
if (!isset($options['wheres'])) {
$options['wheres'] = array($where);
} else {
if (!is_array($options['wheres'])) {
$options['wheres'] = array($options['wheres']);
}
$options['wheres'][] = $where;
}
$join = "JOIN {$db_prefix}users_entity ue on e.guid = ue.guid";
if (!isset($options['joins'])) {
$options['joins'] = array($join);
} else {
if (!is_array($options['joins'])) {
$options['joins'] = array($options['joins']);
}
$options['joins'][] = $join;
}
$options['type'] = 'user';
return elgg_get_entities($options);
}
/**
* Find an API User's details based on the provided public api key.
* These users are not users in the traditional sense.
*
* @param int $site_guid The GUID of the site.
* @param string $api_key The API Key
*
* @return mixed stdClass representing the database row or false.
*/
function get_api_user($site_guid, $api_key)
{
global $CONFIG;
$api_key = sanitise_string($api_key);
$site_guid = (int) $site_guid;
$query = "SELECT * from {$CONFIG->dbprefix}api_users" . " where api_key='{$api_key}' and site_guid={$site_guid} and active=1";
return get_data_row($query);
}
/**
* Find an API User's details based on the provided public api key.
* These users are not users in the traditional sense.
*
* @param string $api_key Pulic API key
* @return \hypeJunction\Graph\ApiUser|false
*/
public function get($api_key)
{
$api_key = sanitise_string($api_key);
$row = get_data_row("SELECT * FROM {$this->dbprefix}api_users\n\t\t\t\t\t\t\t\tWHERE api_key='{$api_key}' AND site_guid={$this->site_guid} AND active=1");
if (!$row) {
return false;
}
return new ApiUser($row);
}
/**
* Get an array of tags with weights for use with the output/tagcloud view.
*
* @param int $threshold Get the threshold of minimum number of each tags to bother with (ie only show tags where there are more than $threshold occurances)
* @param int $limit Number of tags to return
* @param string $metadata_name Optionally, the name of the field you want to grab for
* @param string $entity_type Optionally, the entity type ('object' etc)
* @param string $entity_subtype The entity subtype, optionally
* @param int $owner_guid The GUID of the tags owner, optionally
* @param int $site_guid Optionally, the site to restrict to (default is the current site)
* @return array|false Array of objects with ->tag and ->total values, or false on failure
*/
function get_tags($threshold = 1, $limit = 10, $metadata_name = "", $entity_type = "object", $entity_subtype = "", $owner_guid = "", $site_guid = -1)
{
global $CONFIG;
$threshold = (int) $threshold;
$limit = (int) $limit;
if (!empty($metadata_name)) {
$metadata_name = (int) get_metastring_id($metadata_name);
} else {
$metadata_name = 0;
}
$entity_subtype = get_subtype_id($entity_type, $entity_subtype);
$entity_type = sanitise_string($entity_type);
if ($owner_guid != "") {
if (is_array($owner_guid)) {
foreach ($owner_guid as $key => $val) {
$owner_guid[$key] = (int) $val;
}
} else {
$owner_guid = (int) $owner_guid;
}
}
if ($site_guid < 0) {
$site_guid = $CONFIG->site_id;
}
//$access = get_access_list();
$query = "SELECT msvalue.string as tag, count(msvalue.id) as total ";
$query .= "FROM {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}metadata md on md.entity_guid = e.guid ";
$query .= " join {$CONFIG->dbprefix}entity_subtypes subtype on subtype.id = e.subtype ";
$query .= " join {$CONFIG->dbprefix}metastrings msvalue on msvalue.id = md.value_id ";
$query .= " where msvalue.string != '' ";
if ($metadata_name > 0) {
$query .= " and md.name_id = {$metadata_name} ";
}
if ($site_guid > 0) {
$query .= " and e.site_guid = {$site_guid} ";
}
if ($entity_subtype > 0) {
$query .= " and e.subtype = {$entity_subtype} ";
}
if ($entity_type != "") {
$query .= " and e.type = '{$entity_type}' ";
}
if (is_array($owner_guid)) {
$query .= " and e.container_guid in (" . implode(",", $owner_guid) . ")";
} else {
if (is_int($owner_guid)) {
$query .= " and e.container_guid = {$owner_guid} ";
}
}
//$userid = get_loggedin_userid();
//$query .= " and (e.access_id in {$access} or (e.access_id = " . ACCESS_PRIVATE . " and e.owner_guid = {$userid}))";
$query .= ' and ' . get_access_sql_suffix("e");
// Add access controls
$query .= " group by msvalue.string having total > {$threshold} order by total desc limit {$limit} ";
return get_data($query);
}
/**
* Return the site via a url.
*
* @param string $url The URL of a site
*
* @return mixed
*/
function get_site_by_url($url)
{
global $CONFIG;
$url = sanitise_string($url);
$row = get_data_row("SELECT * from {$CONFIG->dbprefix}sites_entity where url='{$url}'");
if ($row) {
return get_entity($row->guid);
}
return false;
}
/**
* listen to the livesearch in order to provide the objects picker
*
* @param string $hook the name of the hook
* @param string $type the type of the hook
* @param array $return_value current return value
* @param array $params supplied params
*
* @return void
*/
public static function livesearch($hook, $type, $return_value, $params)
{
// only return results to logged in users.
$user = elgg_get_logged_in_user_entity();
if (empty($user)) {
return;
}
$q = get_input('term', get_input('q'));
if (empty($q)) {
return;
}
$input_name = get_input('name', 'objects');
$q = sanitise_string($q);
// replace mysql vars with escaped strings
$q = str_replace(['_', '%'], ['\\_', '\\%'], $q);
$match_on = get_input('match_on', 'all');
if (!is_array($match_on)) {
$match_on = [$match_on];
}
// only take over groups search
if (count($match_on) > 1 || !in_array('objects', $match_on)) {
return;
}
$owner_guid = ELGG_ENTITIES_ANY_VALUE;
if (get_input('match_owner', false)) {
$owner_guid = $user->getGUID();
}
$subtype = get_input('subtype', ELGG_ENTITIES_ANY_VALUE);
$limit = sanitise_int(get_input('limit', 10), false);
$container_guid = sanitise_int(get_input('container_guid'), false);
if (empty($container_guid)) {
$container_guid = ELGG_ENTITIES_ANY_VALUE;
}
if ($subtype === 'static' && $container_guid) {
$owner_guid = $container_guid;
$container_guid = ELGG_ENTITIES_ANY_VALUE;
}
// grab a list of entities and send them in json.
$results = [];
$options = ['type' => 'object', 'subtype' => $subtype, 'limit' => $limit, 'owner_guid' => $owner_guid, 'container_guid' => $container_guid, 'joins' => ['JOIN ' . elgg_get_config('dbprefix') . 'objects_entity oe ON e.guid = oe.guid'], 'wheres' => ["(oe.title LIKE '%{$q}%' OR oe.description LIKE '%{$q}%')"]];
$entities = elgg_get_entities($options);
if (!empty($entities)) {
foreach ($entities as $entity) {
$output = elgg_view('input/objectpicker/item', ['entity' => $entity, 'input_name' => $input_name, 'owner_guid' => $owner_guid, 'container_guid' => $container_guid]);
$result = ['type' => 'object', 'name' => $entity->title, 'desc' => $entity->description, 'guid' => $entity->getGUID(), 'label' => $output, 'value' => $entity->getGUID(), 'url' => $entity->getURL(), 'html' => $output];
$results[] = $result;
}
}
header('Content-Type: application/json');
echo json_encode($results);
exit;
}
/**
* Sets a configuration value
*
* @param string $name The name of the configuration value
* @param string $value Its value
* @param int $site_guid Optionally, the GUID of the site (current site is assumed by default)
* @return 0
* @todo The config table doens't have numeric primary keys so insert_data returns 0.
*/
function set_config($name, $value, $site_guid = 0)
{
global $CONFIG;
// Unset existing
unset_config($name, $site_guid);
$site_guid = (int) $site_guid;
if ($site_guid == 0) {
$site_guid = (int) $CONFIG->site_id;
}
$CONFIG->{$name} = $value;
$value = sanitise_string(serialize($value));
return insert_data("insert into {$CONFIG->dbprefix}config set name = '{$name}', value = '{$value}', site_guid = {$site_guid}");
}
function widget_favorites_is_linked($url = "")
{
$result = false;
if (empty($url)) {
$url = current_page_url();
}
if (!empty($url)) {
$options = array("type" => "object", "subtype" => "widget_favorite", "joins" => array("JOIN " . elgg_get_config("dbprefix") . "objects_entity oe ON e.guid = oe.guid"), "wheres" => array("oe.description = '" . sanitise_string($url) . "'"), "limit" => 1);
if ($entities = elgg_get_entities($options)) {
$result = $entities[0];
}
}
return $result;
}
/**
*function to update the metadata
*same as the update_metadata, only made metadata editable
*/
function izap_update_metadata($id, $name, $value, $value_type, $owner_guid, $access_id)
{
$id = (int) $id;
if (!($md = elgg_get_metadata_from_id($id))) {
return false;
}
// If memcached then we invalidate the cache for this entry
static $metabyname_memcache;
if (!$metabyname_memcache && is_memcache_available()) {
$metabyname_memcache = new ElggMemcache('metabyname_memcache');
}
if ($metabyname_memcache) {
$metabyname_memcache->delete("{$md->entity_guid}:{$md->name_id}");
}
$value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
$owner_guid = (int) $owner_guid;
if ($owner_guid == 0) {
$owner_guid = elgg_get_logged_in_user_guid();
}
$access_id = (int) $access_id;
// Support boolean types (as integers)
if (is_bool($value)) {
if ($value) {
$value = 1;
} else {
$value = 0;
}
}
// Add the metastring
$value = elgg_get_metastring_id($value);
if (!$value) {
return false;
}
$name = elgg_get_metastring_id($name);
if (!$name) {
return false;
}
// If ok then add it
$db_prefix = elgg_get_config('dbprefix');
$result = update_data("UPDATE {$db_prefix}metadata set value_id='{$value}', value_type='{$value_type}', access_id={$access_id}, owner_guid={$owner_guid} where id={$id} and name_id='{$name}'");
if ($result !== false) {
$obj = elgg_get_metadata_from_id($id);
if (elgg_trigger_event('update', 'metadata', $obj)) {
return true;
} else {
elgg_delete_metadata(array('metadata_id' => $id));
}
}
return $result;
}
function entity_view_counter_add_view(ElggEntity $entity)
{
if (entity_view_counter_is_counted($entity)) {
return;
}
if (is_memcache_available()) {
$cache = new ElggMemcache('entity_view_counter');
$key = "view_" . session_id() . "_" . $entity->guid;
$cache->save($key, 1);
}
$guid = (int) $entity->guid;
$type = sanitise_string($entity->type);
$subtype = (int) $entity->subtype;
insert_data("\r\n \tINSERT INTO elgg_entity_views (guid, type, subtype, container_guid, site_guid, views)\r\n \tVALUES ({$guid}, '{$type}', {$subtype}, {$entity->container_guid}, {$entity->site_guid}, 1)\r\n \tON DUPLICATE KEY UPDATE views = views + 1;\r\n ");
}
/**
* Plugin project search hook
*
* @param string $hook
* @param string $type
* @param <type> $value
* @param <type> $params
* @return array
*/
function plugins_search_hook($hook, $type, $value, $params)
{
global $CONFIG;
$query = sanitise_string($params['query']);
$join = "JOIN {$CONFIG->dbprefix}objects_entity oe ON e.guid = oe.guid";
$params['joins'] = array($join);
$params['joins'][] = "JOIN {$CONFIG->dbprefix}metadata summary_md on e.guid = summary_md.entity_guid";
$params['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings summary_msn on summary_md.name_id = summary_msn.id";
$params['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings summary_msv on summary_md.value_id = summary_msv.id";
$fields = array('title', 'description');
$where = search_get_where_sql('oe', $fields, $params);
// cheat and use LIKE for the summary field
// this is kinda dirty.
$likes = array();
$query_arr = explode(' ', $query);
foreach ($query_arr as $word) {
$likes[] = "summary_msv.string LIKE \"%{$word}%\"";
}
$like_str = implode(' OR ', $likes);
//$params['wheres'] = array("($where OR ($like_str))");
$params['wheres'] = array($where);
// If metastrings were fulltext'd we could do this :(
// $select = "summary_msv.string summary_string";
// $params['selects'] = array($select);
//
// $fields = array('string');
// $summary_where = search_get_where_sql('summary_msv', $fields, $params);
// $params['wheres'][] = $summary_where;
if (($category = get_input('category')) && $category != 'all') {
$params['metadata_name_value_pair'] = array('name' => 'plugincat', 'value' => $category, 'case_sensitive' => FALSE);
}
$params['order_by'] = search_get_order_by_sql('e', 'oe', $params['sort'], $params['order']);
$entities = elgg_get_entities_from_metadata($params);
$params['count'] = TRUE;
$count = elgg_get_entities_from_metadata($params);
// no need to continue if nothing here.
if (!$count) {
return array('entities' => array(), 'count' => $count);
}
// add the volatile data for why these entities have been returned.
foreach ($entities as $entity) {
$title = search_get_highlighted_relevant_substrings($entity->title, $params['query']);
$entity->setVolatileData('search_matched_title', $title);
$desc = search_get_highlighted_relevant_substrings($entity->summary, $params['query']);
$entity->setVolatileData('search_matched_description', $desc);
}
return array('entities' => $entities, 'count' => $count);
}
/**
* Create or update the entities table for a given group.
* Call create_entity first.
*
* @param int $guid GUID
* @param string $name Name
* @param string $description Description
*
* @return bool
*/
function create_group_entity($guid, $name, $description)
{
global $CONFIG;
$guid = (int) $guid;
$name = sanitise_string($name);
$description = sanitise_string($description);
$row = get_entity_as_row($guid);
if ($row) {
// Exists and you have access to it
$exists = get_data_row("SELECT guid from {$CONFIG->dbprefix}groups_entity WHERE guid = {$guid}");
if ($exists) {
} else {
}
}
return false;
}
function add_user_to_local_group($user, $groupname, $localtype)
{
$options["type"] = 'group';
$options["limit"] = NULL;
$options["metadata_name_value_pairs"][] = array("name" => 'grouptype', "value" => 'local');
$options["metadata_name_value_pairs"][] = array("name" => 'localtype', "value" => $localtype);
$options["joins"] = array("JOIN " . elgg_get_config("dbprefix") . "groups_entity ge ON e.guid = ge.guid");
$options["wheres"] = array("ge.name = '" . sanitise_string($groupname) . "'");
$groups = elgg_get_entities_from_metadata($options);
if ($groups && count($groups) == 1) {
if ($groups[0]->join($user)) {
system_message(elgg_echo("gvgroups:localgroups:subscribe", array($groups[0]->name)));
} else {
register_error(elgg_echo("gvgroups:localgroups:error_subscribe", array($groups[0]->name)));
}
}
}
function setUrl($url = '')
{
if (preg_match('/(https?:\\/\\/)?((youtu\\.be\\/)|((www\\.)?(youtube\\.com\\/)))(.*)/', $url, $matches)) {
$this->type = 'youtube';
} elseif (preg_match('/(https?:\\/\\/)?(www\\.)?(vimeo\\.com\\/)(.*)/', $url, $matches)) {
$this->type = 'vimeo';
} elseif (preg_match('/(https?:\\/\\/)?(www\\.)?(dailymotion\\.com\\/)(.*)/', $url, $matches)) {
$this->type = 'dailymotion';
}
switch ($this->type) {
case 'youtube':
$youtube_api_key = elgg_get_plugin_setting('youtube_api_key', 'izap_videos');
if (preg_match('/(https?:\\/\\/)?(youtu\\.be\\/)(.*)/', $url, $matches)) {
$explode_char = '/';
$url_pram = explode($explode_char, $url);
$this->video_id = sanitise_string(end($url_pram));
} else {
$url_pram = explode("?", $url);
$url_pram = explode("&", $url_pram[1]);
$url_pram = explode("=", $url_pram[0]);
$this->video_id = $url_pram[1];
}
$this->feed = array('url' => $this->youtube_api_capture['api_location'] . $this->video_id . '&key=' . $youtube_api_key, 'type' => 'youtube');
break;
case 'vimeo':
$explode_char = '/';
if (preg_match('/staffpicks#/', $url)) {
$explode_char = '#';
}
$url_pram = explode($explode_char, $url);
$this->video_id = sanitise_int(end($url_pram));
$this->feed = array('url' => $this->vimeo_api_capture['api_location'] . $this->video_id . '.php', 'type' => 'vimeo');
break;
case 'dailymotion':
$explode_char = '/';
$url_pram = explode($explode_char, $url);
$this->video_id = sanitise_string(end($url_pram));
$this->feed = array('url' => $this->dailymotion_api_capture['api_location'] . $this->video_id . '?fields=title,description,thumbnail_url,id,tags', 'type' => 'dailymotion');
break;
default:
return 103;
break;
}
return $this->capture();
}
public function insert($user)
{
try {
$query = 'Insert into spammer(guid,username,mail_id,ip,
post_type,post_title,post_content) values(
"' . $user['guid'] . '",
"' . $user['username'] . '",
"' . $user['email'] . '",
"' . $user['ip'] . '",
"' . $user['type'] . '",
"' . sanitise_string(str_replace('"', '"', $user['title'])) . '",
"' . sanitise_string(str_replace('"', '"', $user['content'])) . '")';
$return = $this->execute($query);
return true;
} catch (PDOException $e) {
register_error($this->message);
}
}
/**
* Returns a where clause for a search query.
*
* Search Advanced: added the ability to use a wildcard in full text search
*
* @param string $table Prefix for table to search on
* @param array $fields Fields to match against
* @param array $params Original search params
* @param boolean $use_fulltext Toggle the use of full text search
*
* @return string
*/
function search_advanced_get_where_sql($table, $fields, $params, $use_fulltext = TRUE)
{
$query = elgg_extract("query", $params, "");
if (empty($query)) {
return "";
}
$query_array = explode(" ", $query);
if (count($query_array) > 1) {
$multi_query = array();
foreach ($query_array as $value) {
$temp_field = trim($value);
if (!empty($temp_field)) {
$multi_query[] = $temp_field;
}
}
if (count($multi_query) > 1) {
$query = $multi_query;
}
}
// add the table prefix to the fields
if ($table) {
foreach ($fields as $i => $field) {
$fields[$i] = "{$table}.{$field}";
}
}
if (!is_array($query)) {
$query = array($query);
}
$likes = array();
foreach ($fields as $field) {
$field_likes = array();
foreach ($query as $query_part) {
$query_part = sanitise_string($query_part);
$field_likes[] = "{$field} LIKE '%{$query_part}%'";
}
$likes[] = "(" . implode(' AND ', $field_likes) . ")";
}
$likes_str = implode(' OR ', $likes);
$where = "({$likes_str})";
return $where;
}
function members_extended_search($options = array())
{
$db_prefix = elgg_get_config('dbprefix');
$query = sanitise_string($options['query']);
$options['joins'] = array("JOIN {$db_prefix}users_entity ue ON e.guid = ue.guid", "JOIN {$db_prefix}metadata md on e.guid = md.entity_guid", "JOIN {$db_prefix}metastrings msv ON n_table.value_id = msv.id");
$r_where = "";
$group_guid = $options['group_guid'];
if ($group_guid) {
$group = get_entity($group_guid);
if (elgg_instanceof($group, 'group')) {
elgg_set_page_owner_guid($group_guid);
$options['joins'][] = "JOIN {$db_prefix}entity_relationships r ON e.guid = r.guid_one";
$r_where = "AND (r.relationship = 'member' AND r.guid_two = '{$group_guid}')";
}
}
// username and display name
$fields = array('username', 'name');
$where = search_get_where_sql('ue', $fields, $options, FALSE);
// get the where clauses for the md names
// can't use egef_metadata() because the n_table join comes too late.
$clauses = _elgg_entities_get_metastrings_options('metadata', array('metadata_names' => $options['metadata_names']));
$options['joins'] = array_merge($clauses['joins'], $options['joins']);
// no fulltext index, can't disable fulltext search in this function.
// $md_where .= " AND " . search_get_where_sql('msv', array('string'), $options, FALSE);
$md_where = "(({$clauses['wheres'][0]}) AND msv.string LIKE '%{$query}%')";
$options['wheres'] = array("(({$where}) OR ({$md_where}) {$r_where})");
// override subtype -- All users should be returned regardless of subtype.
$options['subtype'] = ELGG_ENTITIES_ANY_VALUE;
$options['count'] = true;
$count = elgg_get_entities($options);
// no need to continue if nothing here.
if (!$count) {
return array('entities' => array(), 'count' => $count);
}
$options['count'] = FALSE;
$options['order_by'] = search_get_order_by_sql('e', 'ue', $options['sort'], $options['order']);
$entities = elgg_get_entities($options);
return array('entities' => $entities, 'count' => $count);
}
/**
* Create or update the entities table for a given group.
* Call create_entity first.
*
* @param int $guid GUID
* @param string $name Name
* @param string $description Description
*
* @return bool
* @access private
*/
function create_group_entity($guid, $name, $description)
{
global $CONFIG;
$guid = (int) $guid;
$name = sanitise_string($name);
$description = sanitise_string($description);
$row = get_entity_as_row($guid);
if ($row) {
// Exists and you have access to it
$exists = get_data_row("SELECT guid from {$CONFIG->dbprefix}groups_entity WHERE guid = {$guid}");
if ($exists) {
$query = "UPDATE {$CONFIG->dbprefix}groups_entity set" . " name='{$name}', description='{$description}' where guid={$guid}";
$result = update_data($query);
if ($result != false) {
// Update succeeded, continue
$entity = get_entity($guid);
if (elgg_trigger_event('update', $entity->type, $entity)) {
return $guid;
} else {
$entity->delete();
}
}
} else {
// Update failed, attempt an insert.
$query = "INSERT into {$CONFIG->dbprefix}groups_entity" . " (guid, name, description) values ({$guid}, '{$name}', '{$description}')";
$result = insert_data($query);
if ($result !== false) {
$entity = get_entity($guid);
if (elgg_trigger_event('create', $entity->type, $entity)) {
return $guid;
} else {
$entity->delete();
}
}
}
}
return false;
}
/**
* Returns a where clause for a search query.
*
* Search Advanced: added the ability to use a wildcard in full text search
*
* @param string $table Prefix for table to search on
* @param array $fields Fields to match against
* @param array $params Original search params
* @param boolean $use_fulltext Toggle the use of full text search
*
* @return string
*/
function search_advanced_get_where_sql($table, $fields, $params, $use_fulltext = TRUE)
{
$query = (array) search_advanced_query_to_array(elgg_extract('query', $params, ''));
if (empty($query) || empty($fields)) {
return '';
}
$likes = [];
foreach ($fields as $field) {
if ($table) {
// add the table prefix to the fields
$field = "{$table}.{$field}";
}
$field_likes = [];
foreach ($query as $query_part) {
$query_part = sanitise_string($query_part);
$field_likes[] = "{$field} LIKE '%{$query_part}%'";
}
$likes[] = "(" . implode(' AND ', $field_likes) . ")";
}
$likes_str = implode(' OR ', $likes);
$where = "({$likes_str})";
return $where;
}
$content_type = "thewire";
} elseif (elgg_is_active_plugin("videolist")) {
$content_type = "videolist_item";
} elseif (elgg_is_active_plugin("event_manager")) {
$content_type = "event";
} elseif (elgg_is_active_plugin("tasks")) {
$content_type = "task_top";
} elseif (elgg_is_active_plugin("groups")) {
$content_type = "groupforumtopic";
}
}
if (!is_array($content_type)) {
$content_type = array($content_type);
}
foreach ($content_type as $key => $type) {
$content_type[$key] = sanitise_string($type);
if ($type == "page") {
// merge top and bottom pages
$content_type[] = "page_top";
}
}
$tags_option = $widget->tags_option;
if (!in_array($tags_option, array("and", "or"))) {
$tags_option = "and";
}
$wheres = array();
$joins = array();
// will always want to join these tables if pulling metastrings.
$joins[] = "JOIN {$dbprefix}metadata n_table on e.guid = n_table.entity_guid";
// get names wheres and joins
$names_where = '';
/**
* Page handler for autocomplete endpoint.
*
* @todo split this into functions/objects, this is way too big
*
* /livesearch?q=<query>
*
* Other options include:
* match_on string all or array(groups|users|friends)
* match_owner int 0/1
* limit int default is 10
*
* @param array $page
* @return string JSON string is returned and then exit
* @access private
*/
function input_livesearch_page_handler($page)
{
global $CONFIG;
// only return results to logged in users.
if (!($user = elgg_get_logged_in_user_entity())) {
exit;
}
if (!($q = get_input('term', get_input('q')))) {
exit;
}
$q = sanitise_string($q);
// replace mysql vars with escaped strings
$q = str_replace(array('_', '%'), array('\\_', '\\%'), $q);
$match_on = get_input('match_on', 'all');
if (!is_array($match_on)) {
$match_on = array($match_on);
}
// all = users and groups
if (in_array('all', $match_on)) {
$match_on = array('users', 'groups');
}
if (get_input('match_owner', false)) {
$owner_where = 'AND e.owner_guid = ' . $user->getGUID();
} else {
$owner_where = '';
}
$limit = sanitise_int(get_input('limit', 10));
// grab a list of entities and send them in json.
$results = array();
foreach ($match_on as $match_type) {
switch ($match_type) {
case 'users':
$query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e\n\t\t\t\t\tWHERE e.guid = ue.guid\n\t\t\t\t\t\tAND e.enabled = 'yes'\n\t\t\t\t\t\tAND ue.banned = 'no'\n\t\t\t\t\t\tAND (ue.name LIKE '{$q}%' OR ue.name LIKE '% {$q}%' OR ue.username LIKE '{$q}%')\n\t\t\t\t\tLIMIT {$limit}\n\t\t\t\t";
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
// @todo use elgg_get_entities (don't query in a loop!)
$entity = get_entity($entity->guid);
/* @var ElggUser $entity */
if (!$entity) {
continue;
}
if (in_array('groups', $match_on)) {
$value = $entity->guid;
} else {
$value = $entity->username;
}
$output = elgg_view_list_item($entity, array('use_hover' => false, 'class' => 'elgg-autocomplete-item'));
$icon = elgg_view_entity_icon($entity, 'tiny', array('use_hover' => false));
$result = array('type' => 'user', 'name' => $entity->name, 'desc' => $entity->username, 'guid' => $entity->guid, 'label' => $output, 'value' => $value, 'icon' => $icon, 'url' => $entity->getURL());
$results[$entity->name . rand(1, 100)] = $result;
}
}
break;
case 'groups':
// don't return results if groups aren't enabled.
if (!elgg_is_active_plugin('groups')) {
continue;
}
$query = "SELECT * FROM {$CONFIG->dbprefix}groups_entity as ge, {$CONFIG->dbprefix}entities as e\n\t\t\t\t\tWHERE e.guid = ge.guid\n\t\t\t\t\t\tAND e.enabled = 'yes'\n\t\t\t\t\t\t{$owner_where}\n\t\t\t\t\t\tAND (ge.name LIKE '{$q}%' OR ge.name LIKE '% {$q}%' OR ge.description LIKE '% {$q}%')\n\t\t\t\t\tLIMIT {$limit}\n\t\t\t\t";
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
// @todo use elgg_get_entities (don't query in a loop!)
$entity = get_entity($entity->guid);
/* @var ElggGroup $entity */
if (!$entity) {
continue;
}
$output = elgg_view_list_item($entity, array('use_hover' => false, 'class' => 'elgg-autocomplete-item'));
$icon = elgg_view_entity_icon($entity, 'tiny', array('use_hover' => false));
$result = array('type' => 'group', 'name' => $entity->name, 'desc' => strip_tags($entity->description), 'guid' => $entity->guid, 'label' => $output, 'value' => $entity->guid, 'icon' => $icon, 'url' => $entity->getURL());
$results[$entity->name . rand(1, 100)] = $result;
}
}
break;
case 'friends':
$query = "SELECT * FROM\n\t\t\t\t\t\t{$CONFIG->dbprefix}users_entity as ue,\n\t\t\t\t\t\t{$CONFIG->dbprefix}entity_relationships as er,\n\t\t\t\t\t\t{$CONFIG->dbprefix}entities as e\n\t\t\t\t\tWHERE er.relationship = 'friend'\n\t\t\t\t\t\tAND er.guid_one = {$user->getGUID()}\n\t\t\t\t\t\tAND er.guid_two = ue.guid\n\t\t\t\t\t\tAND e.guid = ue.guid\n\t\t\t\t\t\tAND e.enabled = 'yes'\n\t\t\t\t\t\tAND ue.banned = 'no'\n\t\t\t\t\t\tAND (ue.name LIKE '{$q}%' OR ue.name LIKE '% {$q}%' OR ue.username LIKE '{$q}%')\n\t\t\t\t\tLIMIT {$limit}\n\t\t\t\t";
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
// @todo use elgg_get_entities (don't query in a loop!)
$entity = get_entity($entity->guid);
/* @var ElggUser $entity */
if (!$entity) {
continue;
}
$output = elgg_view_list_item($entity, array('use_hover' => false, 'class' => 'elgg-autocomplete-item'));
$icon = elgg_view_entity_icon($entity, 'tiny', array('use_hover' => false));
$result = array('type' => 'user', 'name' => $entity->name, 'desc' => $entity->username, 'guid' => $entity->guid, 'label' => $output, 'value' => $entity->username, 'icon' => $icon, 'url' => $entity->getURL());
$results[$entity->name . rand(1, 100)] = $result;
}
}
break;
default:
header("HTTP/1.0 400 Bad Request", true);
echo "livesearch: unknown match_on of {$match_type}";
exit;
break;
}
}
ksort($results);
header("Content-Type: application/json");
echo json_encode(array_values($results));
exit;
}
/**
* DB Based session handling code.
*/
function __elgg_session_destroy($id)
{
global $DB_PREFIX;
$id = sanitise_string($id);
try {
return (bool) delete_data("DELETE from {$DB_PREFIX}users_sessions where session='{$id}'");
} catch (DatabaseException $e) {
// Fall back to file store in this case, since this likely means that the database hasn't been upgraded
global $sess_save_path;
$sess_file = "{$sess_save_path}/sess_{$id}";
return @unlink($sess_file);
}
return false;
}
<?php
/**
* Accept an email invitation
*/
$invitecode = get_input("invitecode");
$user = elgg_get_logged_in_user_entity();
$forward_url = REFERER;
if (!empty($invitecode)) {
$forward_url = elgg_get_site_url() . "groups/invitations/" . $user->username;
$group = group_tools_check_group_email_invitation($invitecode);
if (!empty($group)) {
if (groups_join_group($group, $user)) {
$invitecode = sanitise_string($invitecode);
$options = array("guid" => $group->getGUID(), "annotation_name" => "email_invitation", "wheres" => array("(v.string = '" . $invitecode . "' OR v.string LIKE '" . $invitecode . "|%')"), "annotation_owner_guid" => $group->getGUID(), "limit" => 1);
$annotations = elgg_get_annotations($options);
if (!empty($annotations)) {
// ignore access in order to cleanup the invitation
$ia = elgg_set_ignore_access(true);
$annotations[0]->delete();
// restore access
elgg_set_ignore_access($ia);
}
$forward_url = $group->getURL();
system_message(elgg_echo("group_tools:action:groups:email_invitation:success"));
} else {
register_error(elgg_echo("group_tools:action:groups:email_invitation:error:join", array($group->name)));
}
} else {
register_error(elgg_echo("group_tools:action:groups:email_invitation:error:code"));
}
function get_entities_from_metadata_by_value($meta_array, $entity_type = "", $entity_subtype = "", $count = false, $owner_guid = 0, $container_guid = 0, $limit = 10, $offset = 0, $order_by = "", $site_guid = 0)
{
global $CONFIG;
// ORDER BY
if ($order_by == "") {
$order_by = "e.time_created desc";
}
$order_by = sanitise_string($order_by);
$where = array();
// Filetr by metadata
$mindex = 1;
// Starting index of joined metadata/metastring tables
$join_meta = "";
$query_access = "";
foreach ($meta_array as $meta) {
$join_meta .= "JOIN {$CONFIG->dbprefix}metadata m{$mindex} on e.guid = m{$mindex}.entity_guid ";
$join_meta .= "JOIN {$CONFIG->dbprefix}metastrings v{$mindex} on v{$mindex}.id = m{$mindex}.value_id ";
$meta_n = get_metastring_id($meta['name']);
$where[] = "m{$mindex}.name_id='{$meta_n}'";
if (strtolower($meta['operand']) == "like") {
// "LIKE" search
$where[] = "v{$mindex}.string LIKE ('" . $meta['value'] . "') ";
} elseif (strtolower($meta['operand']) == "in") {
// TO DO - "IN" search
} elseif ($meta['operand'] != '') {
// Simple operand search
$where[] = "v{$mindex}.string" . $meta['operand'] . "'" . $meta['value'] . "'";
}
$query_access .= ' and ' . get_access_sql_suffix("m{$mindex}");
// Add access controls
$mindex++;
}
$limit = (int) $limit;
$offset = (int) $offset;
if (is_array($owner_guid) && count($owner_guid)) {
foreach ($owner_guid as $key => $guid) {
$owner_guid[$key] = (int) $guid;
}
} else {
$owner_guid = (int) $owner_guid;
}
if (is_array($container_guid) && count($container_guid)) {
foreach ($container_guid as $key => $guid) {
$container_guid[$key] = (int) $guid;
}
} else {
$container_guid = (int) $container_guid;
}
$site_guid = (int) $site_guid;
if ($site_guid == 0) {
$site_guid = $CONFIG->site_guid;
}
$entity_type = sanitise_string($entity_type);
if ($entity_type != "") {
$where[] = "e.type='{$entity_type}'";
}
$entity_subtype = get_subtype_id($entity_type, $entity_subtype);
if ($entity_subtype) {
$where[] = "e.subtype={$entity_subtype}";
}
if ($site_guid > 0) {
$where[] = "e.site_guid = {$site_guid}";
}
if (is_array($owner_guid)) {
$where[] = "e.owner_guid in (" . implode(",", $owner_guid) . ")";
} else {
if ($owner_guid > 0) {
$where[] = "e.owner_guid = {$owner_guid}";
}
}
if (is_array($container_guid)) {
$where[] = "e.container_guid in (" . implode(",", $container_guid) . ")";
} else {
if ($container_guid > 0) {
$where[] = "e.container_guid = {$container_guid}";
}
}
if (!$count) {
$query = "SELECT distinct e.* ";
} else {
$query = "SELECT count(distinct e.guid) as total ";
}
$query .= "FROM {$CONFIG->dbprefix}entities e ";
$query .= $join_meta;
$query .= " WHERE ";
foreach ($where as $w) {
$query .= " {$w} and ";
}
$query .= get_access_sql_suffix("e");
// Add access controls
$query .= $query_access;
if (!$count) {
$query .= " order by {$order_by} limit {$offset}, {$limit}";
// Add order and limit
return get_data($query, "entity_row_to_elggstar");
} else {
$row = get_data_row($query);
//echo $query.mysql_error().__FILE__.__LINE__;
if ($row) {
return $row->total;
}
}
return false;
}
/**
* Return the icon URL for an entity.
*
* @tip Can be overridden by registering a plugin hook for entity:icon:url, $entity_type.
*
* @internal This is passed an entity rather than a guid to handle non-created entities.
*
* @param ElggEntity $entity The entity
* @param string $size Icon size
*
* @return string URL to the entity icon.
* @deprecated 1.8 Use $entity->getIconURL()
*/
function get_entity_icon_url(ElggEntity $entity, $size = 'medium')
{
elgg_deprecated_notice("get_entity_icon_url() deprecated for getIconURL()", 1.8);
global $CONFIG;
$size = sanitise_string($size);
switch (strtolower($size)) {
case 'master':
$size = 'master';
break;
case 'large':
$size = 'large';
break;
case 'topbar':
$size = 'topbar';
break;
case 'tiny':
$size = 'tiny';
break;
case 'small':
$size = 'small';
break;
case 'medium':
default:
$size = 'medium';
}
$url = false;
$viewtype = elgg_get_viewtype();
// Step one, see if anyone knows how to render this in the current view
$params = array('entity' => $entity, 'viewtype' => $viewtype, 'size' => $size);
$url = elgg_trigger_plugin_hook('entity:icon:url', $entity->getType(), $params, $url);
// Fail, so use default
if (!$url) {
$type = $entity->getType();
$subtype = $entity->getSubtype();
if (!empty($subtype)) {
$overrideurl = elgg_view("icon/{$type}/{$subtype}/{$size}", array('entity' => $entity));
if (!empty($overrideurl)) {
return $overrideurl;
}
}
$overrideurl = elgg_view("icon/{$type}/default/{$size}", array('entity' => $entity));
if (!empty($overrideurl)) {
return $overrideurl;
}
$url = "_graphics/icons/default/{$size}.png";
}
return elgg_normalize_url($url);
}