function metacomplete(folksoQuery $q, folksoWsseCreds $cred, folksoDBconnect $dbc) { $i = new folksoDBinteract($dbc); if ($i->db_error()) { header('HTTP/1.1 501 Database error'); die($i->error_info()); } $sql = "select tagdisplay " . " from metatag " . " where " . " tagnorm like '" . $i->dbescape(strtolower($q->get_param('q'))) . "%'"; $i->query($sql); switch ($i->result_status) { case 'DBERR': header('HTTP/1.1 501 Database query error'); die($i->error_info()); break; case 'NOROWS': header('HTTP/1.1 204 No matching tags'); return; break; case 'OK': header('HTTP/1.1 200 OK I guess'); while ($row = $i->result->fetch_object()) { /** For entirely numeric tags, we enclose them in quotes so that they can be treated as text instead of as ids. **/ if (is_numeric($row->tagdisplay)) { print '"' . $row->tagdisplay . '"' . "\n"; } else { print $row->tagdisplay . "\n"; } } break; } }
function autocomplete(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $i = new folksoDBinteract($dbc); $r = new folksoResponse(); if ($i->db_error()) { $r->dbConnectionError($i->error_info()); return $r; } $sql = "SELECT tagdisplay " . "FROM tag " . "WHERE tagnorm like '" . $i->dbescape(strtolower($q->get_param('q'))) . "%'"; $i->query($sql); switch ($i->result_status) { case 'DBERR': $r->dbQueryError($i->error_info()); return $r; break; case 'NOROWS': $r->setOk(204, 'No matching tags'); return $r; break; case 'OK': $r->setOk(200, 'OK I guess'); while ($row = $i->result->fetch_object()) { /** For entirely numeric tags, we enclose them in quotes so that they can be treated as text instead of as ids. **/ if (is_numeric($row->tagdisplay)) { $r->t('"' . $row->tagdisplay . '"' . "\n"); } else { $r->t($row->tagdisplay . "\n"); } } return $r; break; } }
/** * writes new user to DB. Should only be used for new users. Do not * use for existing users, which will throw exceptions. */ public function writeNewUser() { if (!$this->Writeable()) { throw new Exception('User object is not writeable, cannot write to DB'); } if ($this->exists($this->loginId)) { throw new Exception('User already exists, cannot be created'); } $i = new folksoDBinteract($this->dbc); if ($i->db_error()) { throw new Exception('DB connect error: ' . $i->error_info()); } $i->sp_query(sprintf("call create_user(" . "'%s', '%s', '%s', '%s', '', %d, '%s', '%s', '%s')", $i->dbescape($this->nick), $i->dbescape($this->firstName), $i->dbescape($this->lastName), $i->dbescape($this->email), $i->dbescape($this->loginId), $i->dbescape($this->institution), $i->dbescape($this->pays), $i->dbescape($this->fonction))); if ($i->result_status == 'DBERR') { throw new Exception('DB query error on create FB user: ' . $i->error_info()); } }
/** * Just a list of tags */ function getMyTags(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); $u = $fks->userSession(); if (!$u instanceof folksoUser) { if (!$q->is_param('uid')) { return $r->unAuthorized($u); // add message about logging in? } else { $userid = $q->get_param('uid'); } } $userid = $userid ? $userid : $u->userid; try { $i = new folksoDBinteract($dbc); $sql = sprintf(' select t.tagnorm, t.id, t.tagdisplay, count(te.tag_id) as cnt, tagtime' . ' from tag t ' . ' join tagevent te on t.id = te.tag_id ' . " where te.userid = '%s' " . ' group by t.tagnorm ' . ' order by tagtime ' . ' limit 50', $i->dbescape($userid)); $i->query($sql); } catch (dbException $e) { return $r->handleDBexception($e); } if ($i->rowCount == 0) { return $r->setOk(204, 'No tags found'); } $r->setOk(200, 'Tags found'); $df = new folksoDisplayFactory(); if ($q->content_type() == 'json') { $disp = $df->json(array('resid', 'tagnorm', 'link', 'tagdisplay', 'count')); } else { $disp = $df->simpleTagList('xml'); } $r->t($disp->startform()); while ($row = $i->result->fetch_object()) { $link = new folksoTagLink($row->tagnorm); $r->t($disp->line(htmlspecialchars($row->id), htmlspecialchars($row->tagnorm), htmlspecialchars($link->getLink()), htmlspecialchars($row->tagdisplay), htmlspecialchars($row->cnt))); } $r->t($disp->endform()); return $r; }
/** * Load user data from session id (cookie). Retuns folksoUser * obj. Caches the fkUser object. We might consider a "force reload" * option if there were a reason for it. This also means that if the * arguments (sid) change, the data returned will not. This should * not be a problem though. * * @param $sid Session ID. * @return folksoUser obj or false if user not found */ public function userSession($sid = null, $service = null, $right = null) { if ($this->user instanceof folksoUser) { return $this->user; } $sid = $sid ? $sid : $this->sessionId; if ($this->validateSid($sid) === false) { return false; // exception? } $i = new folksoDBinteract($this->dbc); $sql = ''; if (is_null($service) || is_null($right)) { $sql = 'select u.nick as nick, u.firstname as firstname, ' . ' u.lastname as lastname, u.email as email, u.userid as userid' . ' from sessions s ' . ' join users u on u.userid = s.userid ' . " where s.token = '" . $sid . "'" . " and s.started > now() - 1209600 "; } else { $sql = 'select u.nick as nick, u.firstname as firstname, ' . ' u.lastname as lastname, u.email as email, u.userid as userid, ' . ' dr.rightid, dr.service ' . ' from sessions s ' . ' join users u on u.userid = s.userid ' . ' left join users_rights ur on ur.userid = s.userid ' . ' left join rights dr on dr.rightid = ur.rightid ' . " where s.token = '" . $i->dbescape($sid) . "' " . " and dr.rightid = '" . $i->dbescape($right) . "' " . " and s.started > now() - 1209600 "; } $this->debug = $sql; $i->query($sql); if ($i->result_status == 'OK') { $u = new folksoUser($this->dbc); $res = $i->result->fetch_object(); $u->loadUser(array('nick' => $res->nick, 'firstname' => $res->firstname, 'lastname' => $res->lastname, 'email' => $res->email, 'userid' => $res->userid)); if ($right && $service && $res->rightid == $right && $res->service == $service) { $this->debug2 = 'we r here'; $u->rights->addRight(new folksoRight($res->service, $res->rightid)); } return $u; } else { return false; } }
/** * rename tag * * rename, newname * */ function renameTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); $u = $fks->userSession(null, 'folkso', 'admin'); if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'admin')) { return $r->unAuthorized($u); } try { $i = new folksoDBinteract($dbc); if (!$i->tagp($q->tag)) { $r->setError(404, 'Tag not found', 'Nothing to rename. No such tag: ' . $q->tag); return $r; } $query = "UPDATE tag\n SET tagdisplay = '" . $i->dbescape($q->get_param('newname')) . "', " . "tagnorm = normalize_tag('" . $i->dbescape($q->get_param('newname')) . "') " . "where "; if (is_numeric($q->tag)) { $query .= " id = " . $q->tag; } else { $query .= " tagnorm = normalize_tag('" . $i->dbescape($q->tag) . "')"; } $i->query($query); } catch (dbException $e) { return $r->handleDBexception($e); } $r->setOk(204, 'Tag renamed'); return $r; }
function buildWhere($first, $inside, $tagp, folksoDBinteract $i) { $where = ''; if (strlen($first) > 0) { $where = " (uri_normal LIKE 'fabula.org/" . $i->dbescape($first) . "%') \n"; if (strlen($inside) > 0) { $where .= " AND \n"; } } if (strlen($inside) > 0) { $where .= " (uri_normal LIKE '%" . $i->dbescape($inside) . "%') "; } // when there are no arguments, we list everything. if (strlen($inside) == 0 && strlen($first) == 0) { $where = " (1 = 1) "; } switch ($tagp) { case 'all': return $where; // we are done break; case 'notags': $where .= " AND " . " ((SELECT COUNT(*) FROM tagevent teee " . " WHERE teee.resource_id = r.id) = 0) \n"; break; case 'tags': $where .= " AND " . " ((SELECT COUNT(*) FROM tagevent teee " . " WHERE teee.resource_id = r.id) > 0) \n"; break; default: return $where; } return $where; }
/** * Returns an xml list of resources associated with the same ean-13 as * the selected resource * * Web params: GET, folksores, folksoean13list */ function resEans(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); try { $i = new folksoDBinteract($dbc); if ($i->db_error()) { $r->dbConnectionError($i->error_info()); return $r; } $rq = new folksoResQuery(); $sql = $rq->resEans($i->dbescape($q->res)); $i->query($sql); } catch (dbConnectionException $e) { $r->dbConnectionError($e->getMessage()); return $r; } catch (dbQueryException $e) { $r->dbQueryError($e->getMessage() . $e->sqlquery); return $r; } switch ($i->result_status) { case 'NOROWS': $r->setError(404, 'Resource not found', "The requested resource is not present in the database.\n" . " Maybe it has not been indexed yet, or an erroneous identifier " . " was used. "); return $r; break; case 'OK': if ($i->result->num_rows == 1) { $r->setError(404, 'No EAN-13 data associated with this resource', "There is no EAN-13 data yet for the resource " . $q->res . "."); return $r; } else { $r->setOk(200, 'EAN-13 data found'); } } $title_line = $i->result->fetch_object(); /**popping the title that we are not using, but we could if we needed too (see note in ResQuery) **/ $df = new folksoDisplayFactory(); $dd = $df->associatedEan13resources(); $dd->activate_style('xml'); $r->t($dd->startform()); while ($row = $i->result->fetch_object()) { $r->t($dd->line($row->id, $row->url, $row->title)); } $r->t($dd->endform()); return $r; }
/** * @param */ public function loadAllRights() { $i = new folksoDBinteract($this->dbc); $i->query('select ur.rightid, r.service ' . ' from users_rights ur ' . ' join rights r on r.rightid = ur.rightid ' . " where userid = '" . $i->dbescape($this->userid) . "' "); while ($row = $i->result->fetch_object()) { if (!$this->rights->checkRight($row->service, $row->rightid)) { $this->rights->addRight(new folksoRight($row->service, $row->rightid)); } } }