Ejemplo n.º 1
0
function publications_userapi_pageintrees($args)
{
    extract($args);
    if (!isset($pid) || !is_numeric($pid) || !isset($tree_roots) || !is_array($tree_roots)) {
        return false;
    }
    $xartable = xarDB::getTables();
    $dbconn = xarDB::getConn();
    // For the page to be somewhere in a tree, identified by the root of that tree,
    // it's xar_left column must be between the xar_left and xar_right columns
    // of the tree root.
    $query = 'SELECT COUNT(*)' . ' FROM ' . $xartable['publications'] . ' AS testpage' . ' INNER JOIN ' . $xartable['publications'] . ' AS testtrees' . ' ON testpage.leftpage_id BETWEEN testtrees.leftpage_id AND testtrees.rightpage_id' . ' AND testtrees.id IN (?' . str_repeat(',?', count($tree_roots) - 1) . ')' . ' WHERE testpage.id = ?';
    // Add the pid onto the tree roots to form the full bind variable set.
    $tree_roots[] = $pid;
    $result = $dbconn->execute($query, $tree_roots);
    if (!$result || $result->EOF) {
        return false;
    }
    list($count) = $result->fields;
    if ($count > 0) {
        return true;
    } else {
        return false;
    }
}
Ejemplo n.º 2
0
/**
 * get next article
 * Note : the following parameters are all optional (except id and ptid)
 *
 * @param $args['id'] the article ID we want to have the next article of
 * @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
 * @param $args['sort'] sort order ('date','title','hits','rating',...)
 * @param $args['owner'] the ID of the author
 * @param $args['state'] array of requested status(es) for the publications
 * @param $args['enddate'] publications published before enddate
 *                         (unix timestamp format)
 * @return array of article fields, or false on failure
 */
function publications_userapi_getnext($args)
{
    // Get arguments from argument array
    extract($args);
    // Optional argument
    if (empty($sort)) {
        $sort = 'date';
    }
    if (!isset($state)) {
        // frontpage or approved
        $state = array(PUBLICATIONS_STATE_FRONTPAGE, PUBLICATIONS_STATE_APPROVED);
    }
    // Default fields in publications (for now)
    $fields = array('id', 'title');
    // Security check
    if (!xarSecurityCheck('ViewPublications')) {
        return;
    }
    // Database information
    $dbconn = xarDB::getConn();
    // Get the field names and LEFT JOIN ... ON ... parts from publications
    // By passing on the $args, we can let leftjoin() create the WHERE for
    // the publications-specific columns too now
    $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
    // Create the query
    $query = "SELECT {$publicationsdef['id']}, {$publicationsdef['title']}, {$publicationsdef['pubtype_id']}, {$publicationsdef['owner']}\n                FROM {$publicationsdef['table']} WHERE ";
    // we rely on leftjoin() to create the necessary publications clauses now
    if (!empty($publicationsdef['where'])) {
        $query .= " {$publicationsdef['where']} AND ";
    }
    // Get current article
    $current = xarModAPIFunc('publications', 'user', 'get', array('id' => $id));
    // Create the ORDER BY part
    switch ($sort) {
        case 'title':
            $query .= $publicationsdef['title'] . ' > ' . $dbconn->qstr($current['title']) . ' ORDER BY ' . $publicationsdef['title'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
            break;
        case 'id':
            $query .= $publicationsdef['id'] . ' > ' . $current['id'] . ' ORDER BY ' . $publicationsdef['id'] . ' ASC';
            break;
        case 'data':
        default:
            $query .= $publicationsdef['pubdate'] . ' > ' . $dbconn->qstr($current['pubdate']) . ' ORDER BY ' . $publicationsdef['pubdate'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
    }
    // Run the query - finally :-)
    $result =& $dbconn->SelectLimit($query, 1, 0);
    if (!$result) {
        return;
    }
    $item = array();
    list($item['id'], $item['title'], $item['pubtype_id'], $item['owner']) = $result->fields;
    $result->Close();
    // TODO: grab categories & check against them too
    // check security - don't generate an exception here
    if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) {
        return array();
    }
    return $item;
}
Ejemplo n.º 3
0
/**
 * @returns int (calendar id on success, false on failure)
 */
function calendar_adminapi_create_calendars($args)
{
    extract($args);
    // argument check
    if (!isset($calname)) {
        $msg = xarML('Calendar name not specified', 'admin', 'create', 'calendar');
        throw new Exception($msg);
    }
    // TODO: should I move these two issets to the admin function
    // admin/create_calendars.php? --amoro
    if (!isset($mod_id)) {
        $module = xarController::$request->getInfo();
        $mod_id = xarMod::getRegID($module[0]);
    }
    if (!isset($role_id)) {
        $role_id = xarSession::getVar('role_id');
    }
    // Load up database details.
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    $caltable = $xartable['calendars'];
    // Insert instance details.
    $nextId = $dbconn->GenId($caltable);
    $query = 'INSERT INTO ' . $caltable . ' (
              xar_id,
              xar_role_id,
              xar_mod_id,
              xar_name
            ) VALUES (?, ?, ?, ?)';
    $result =& $dbconn->Execute($query, array($nextId, $role_id, $mod_id, $calname));
    if (!$result) {
        return;
    }
    // Get ID of row inserted.
    $calendid = $dbconn->PO_Insert_ID($caltable, 'xar_id');
    // If not database type also add file info
    // Allow duplicate files here, to make it easier to delete them
    // WARNING: if somebody changes this you should also change the
    // delete function to avoid major dataloss!!! --amoro
    if ($addtype != 'db') {
        $filestable = $xartable['calfiles'];
        $cal_filestable = $xartable['calendars_files'];
        $nextID = $dbconn->GenId($filestable);
        $query = 'INSERT INTO ' . $filestable . ' (
                  xar_id,
                  xar_path
                ) VALUES (?, ?)';
        $result =& $dbconn->Execute($query, array($nextID, $fileuri));
        // Get ID of row inserted.
        $fileid = $dbconn->PO_Insert_ID($filestable, 'xar_id');
        $query = 'INSERT INTO ' . $cal_filestable . ' (
                      xar_calendars_id,
                      xar_files_id
                    ) VALUES (?, ?)';
        $result =& $dbconn->Execute($query, array($calendid, $fileid));
    }
    return $calendid;
}
Ejemplo n.º 4
0
/**
 * Create a new publication type
 *
 * @param $args['name'] name of the publication type
 * @param $args['descr'] description of the publication type
 * @param $args['config'] configuration of the publication type
 * @return int publication type ID on success, false on failure
 */
function publications_adminapi_createpubtype($args)
{
    // Get arguments from argument array
    extract($args);
    // Argument check - make sure that all required arguments are present
    // and in the right format, if not then set an appropriate error
    // message and return
    // Note : since we have several arguments we want to check here, we'll
    // report all those that are invalid at the same time...
    $invalid = array();
    if (!isset($name) || !is_string($name) || empty($name)) {
        $invalid[] = 'name';
    }
    if (!isset($config) || !is_array($config) || count($config) == 0) {
        $invalid[] = 'configuration';
    }
    if (count($invalid) > 0) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'createpubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    if (empty($descr)) {
        $descr = $name;
    }
    // Publication type names *must* be lower-case for now
    $name = strtolower($name);
    // Security check - we require ADMIN rights here
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    if (!xarModAPILoad('publications', 'user')) {
        return;
    }
    // Make sure we have all the configuration fields we need
    $pubfields = xarModAPIFunc('publications', 'user', 'getpubfields');
    foreach ($pubfields as $field => $value) {
        if (!isset($config[$field])) {
            $config[$field] = '';
        }
    }
    // Get database setup
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    $pubtypestable = $xartable['publication_types'];
    // Get next ID in table
    $nextId = $dbconn->GenId($pubtypestable);
    // Insert the publication type
    $query = "INSERT INTO {$pubtypestable} (pubtype_id, pubtypename,\n            pubtypedescr, pubtypeconfig)\n            VALUES (?,?,?,?)";
    $bindvars = array($nextId, $name, $descr, serialize($config));
    $result =& $dbconn->Execute($query, $bindvars);
    if (!$result) {
        return;
    }
    // Get ptid to return
    $ptid = $dbconn->PO_Insert_ID($pubtypestable, 'pubtype_id');
    // Don't call creation hooks here...
    //xarModCallHooks('item', 'create', $ptid, 'ptid');
    return $ptid;
}
Ejemplo n.º 5
0
/**
 * count the number of items per month
 * @param $args['cids'] not supported here (yet ?)
 * @param $args['ptid'] publication type ID we're interested in
 * @param $args['state'] array of requested status(es) for the publications
 * @return array array(month => count), or false on failure
 */
function publications_userapi_getmonthcount($args)
{
    // Get database setup
    $dbconn = xarDB::getConn();
    // Get the field names and LEFT JOIN ... ON ... parts from publications
    // By passing on the $args, we can let leftjoin() create the WHERE for
    // the publications-specific columns too now
    $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
    // Bug 1590 - Create custom query supported by each database.
    $dbtype = xarDB::getType();
    switch ($dbtype) {
        case 'mysql':
            $query = "SELECT LEFT(FROM_UNIXTIME(start_date),7) AS mymonth, COUNT(*) FROM " . $publicationsdef['table'];
            //            echo $query;exit;
            break;
        case 'postgres':
            $query = "SELECT TO_CHAR(ABSTIME(pubdate),'YYYY-MM') AS mymonth, COUNT(*) FROM " . $publicationsdef['table'];
            break;
        case 'mssql':
            $query = "SELECT LEFT(CONVERT(VARCHAR,DATEADD(ss,pubdate,'1/1/1970'),120),7) as mymonth, COUNT(*) FROM " . $publicationsdef['table'];
            break;
            // TODO:  Add SQL queries for Oracle, etc.
        // TODO:  Add SQL queries for Oracle, etc.
        default:
            return;
    }
    if (!empty($publicationsdef['where'])) {
        $query .= ' WHERE ' . $publicationsdef['where'];
    }
    switch ($dbtype) {
        case 'mssql':
            $query .= " GROUP BY LEFT(CONVERT(VARCHAR,DATEADD(ss,pubdate,'1/1/1970'),120),7)";
            break;
        default:
            $query .= ' GROUP BY mymonth';
            break;
    }
    $result =& $dbconn->Execute($query);
    if (!$result) {
        return;
    }
    $months = array();
    while (!$result->EOF) {
        list($month, $count) = $result->fields;
        $months[$month] = $count;
        $result->MoveNext();
    }
    return $months;
}
Ejemplo n.º 6
0
/**
 * Delete a publication type
 *
 * @param $args['ptid'] ID of the publication type
 * @return bool true on success, false on failure
 */
function publications_adminapi_deletepubtype($args)
{
    // Get arguments from argument array
    extract($args);
    // Argument check - make sure that all required arguments are present
    // and in the right format, if not then set an appropriate error
    // message and return
    if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    // Security check - we require ADMIN rights here
    if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
        return;
    }
    // Load user API to obtain item information function
    if (!xarModAPILoad('publications', 'user')) {
        return;
    }
    // Get current publication types
    $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
    if (!isset($pubtypes[$ptid])) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    // Get database setup
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    $pubtypestable = $xartable['publication_types'];
    // Delete the publication type
    $query = "DELETE FROM {$pubtypestable}\n            WHERE pubtype_id = ?";
    $result =& $dbconn->Execute($query, array($ptid));
    if (!$result) {
        return;
    }
    $publicationstable = $xartable['publications'];
    // Delete all publications for this publication type
    $query = "DELETE FROM {$publicationstable}\n            WHERE pubtype_id = ?";
    $result =& $dbconn->Execute($query, array($ptid));
    if (!$result) {
        return;
    }
    // TODO: call some kind of itemtype delete hooks here, once we have those
    //xarModCallHooks('itemtype', 'delete', $ptid,
    //                array('module' => 'publications',
    //                      'itemtype' =>'ptid'));
    return true;
}
Ejemplo n.º 7
0
/**
 * get the number of publications per publication type
 * @param $args['state'] array of requested status(es) for the publications
 * @return array array(id => count), or false on failure
 */
function publications_userapi_getpubcount($args)
{
    if (!empty($args['state'])) {
        $statestring = 'all';
    } else {
        if (is_array($args['state'])) {
            sort($args['state']);
            $statestring = join('+', $args['state']);
        } else {
            $statestring = $args['state'];
        }
    }
    if (xarVarIsCached('Publications.PubCount', $statestring)) {
        return xarVarGetCached('Publications.PubCount', $statestring);
    }
    $pubcount = array();
    $dbconn = xarDB::getConn();
    $tables = xarDB::getTables();
    sys::import('xaraya.structures.query');
    $q = new Query('SELECT', $tables['publications']);
    $q->addfield('pubtype_id');
    $q->addfield('COUNT(state) AS count');
    $q->addgroup('pubtype_id');
    if (!empty($args['state'])) {
    } else {
        if (is_array($args['state'])) {
            $q->in('state', $args['state']);
        } else {
            $q->eq('state', $args['state']);
        }
    }
    //    $q->qecho();
    if (!$q->run()) {
        return;
    }
    $pubcount = array();
    foreach ($q->output() as $key => $value) {
        $pubcount[$value['pubtype_id']] = $value['count'];
    }
    xarVarSetCached('Publications.PubCount', $statestring, $pubcount);
    return $pubcount;
}
Ejemplo n.º 8
0
function publications_treeapi_getleftright($args)
{
    // Expand the arguments.
    extract($args);
    // Database.
    $dbconn = xarDB::getConn();
    if ($id != 0) {
        // Insert point is a real item.
        $query = 'SELECT xar_parent, xar_left, xar_right' . ' FROM ' . $tablename . ' WHERE ' . $idname . ' = ?';
        $result = $dbconn->execute($query, array((int) $id));
        if (!$result->EOF) {
            list($parent, $left, $right) = $result->fields;
            $return = array('parent' => (int) $parent, 'left' => (int) $left, 'right' => (int) $right);
        } else {
            // Item not found.
            // TODO: raise error.
            return;
        }
    } else {
        // Insert point is the virtual root.
        // This query should return EOF when the table is empty,
        // but it doesn't (on MySQL, at least - I'm sure a MAX() of
        // no rows returns no rows in Oracle).
        $query = 'SELECT 0, MIN(xar_left)-1 as xar_left, MAX(xar_right)+1 as xar_right' . ' FROM ' . $tablename;
        $result = $dbconn->execute($query);
        $parent = 0;
        if (!$result->EOF) {
            list($parent, $left, $right) = $result->fields;
            $return = array('parent' => (int) $parent, 'left' => (int) $left, 'right' => (int) $right);
            // Hack for MySQL where EOF does not work on MIN/MAX group functions.
            if (!isset($left)) {
                $return = array('parent' => 0, 'left' => 1, 'right' => 2);
            }
        } else {
            $return = array('parent' => 0, 'left' => 1, 'right' => 2);
        }
    }
    return $return;
}
Ejemplo n.º 9
0
/**
 * return the field names and correct values for querying (or joining on)
 * the publications table
 * example 1 : SELECT ..., $title, $body1,...
 *             FROM $table
 *             WHERE $title LIKE 'Hello world%'
 *                 AND $where
 *
 * example 2 : SELECT ..., $title, $body1,...
 *             FROM ...
 *             LEFT JOIN $table
 *                 ON $field = <name of articleid field in your module>
 *             WHERE ...
 *                 AND $title LIKE 'Hello world%'
 *                 AND $where
 *
 * Note : the following arguments are all optional :
 *
 * @param $args['ids'] optional array of ids that we are selecting on
 * @param $args['owner'] the ID of the author
 * @param $args['ptid'] publication type ID (for news, sections, reviews, ...) or array of pubtype IDs
 * @param $args['state'] array of requested status(es) for the publications
 * @param $args['search'] search text parameter(s)
 * @param $args['searchfields'] array of fields to search in
 * @param $args['searchtype'] start, end, like, eq, gt, ... (TODO)
 * @param $args['pubdate'] publications published in a certain year (YYYY), month (YYYY-MM) or day (YYYY-MM-DD)
 * @param $args['startdate'] publications published at startdate or later
 *                           (unix timestamp format)
 * @param $args['enddate'] publications published before enddate
 *                         (unix timestamp format)
 * @param $args['where'] additional where clauses (myfield gt 1234)
 * @param $args['locale'] language/locale (if not using multi-sites, categories etc.)
 * @return array('table' => 'nuke_publications',
 *               'field' => 'nuke_publications.id',
 *               'where' => 'nuke_publications.id IN (...)',
 *               'title'  => 'nuke_publications.title',
 *               ...
 *               'body1'  => 'nuke_publications.body1')
 */
function publications_userapi_leftjoin($args)
{
    // Get arguments from argument array
    extract($args);
    // Optional argument
    if (empty($ids) || !is_array($ids)) {
        $ids = array();
    }
    // Note : no security checks here
    // Table definition
    $xartable = xarDB::getTables();
    $dbconn = xarDB::getConn();
    $publicationstable = $xartable['publications'];
    $leftjoin = array();
    // Add available columns in the publications table (for now)
    $columns = array('id', 'name', 'title', 'description', 'summary', 'owner', 'pubtype_id', 'notes', 'state', 'body1', 'locale', 'create_date', 'start_date');
    foreach ($columns as $column) {
        $leftjoin[$column] = $publicationstable . '.' . $column;
    }
    // Specify LEFT JOIN ... ON ... [WHERE ...] parts
    $leftjoin['table'] = $publicationstable;
    $leftjoin['field'] = $leftjoin['id'];
    // Specify the WHERE part
    // FIXME: <mrb> someone better informed about this should replace
    // the xar-varprepforstore with qstr() method where appropriate
    $whereclauses = array();
    if (!empty($owner) && is_numeric($owner)) {
        $whereclauses[] = $leftjoin['owner'] . ' = ' . $owner;
    }
    if (!empty($ptid)) {
        if (is_numeric($ptid)) {
            $whereclauses[] = $leftjoin['pubtype_id'] . ' = ' . $ptid;
        } elseif (is_array($ptid) && count($ptid) > 0) {
            $seenptid = array();
            foreach ($ptid as $id) {
                if (empty($id) || !is_numeric($id)) {
                    continue;
                }
                $seenptid[$id] = 1;
            }
            if (count($seenptid) == 1) {
                $ptids = array_keys($seenptid);
                $whereclauses[] = $leftjoin['pubtypeid'] . ' = ' . $ptids[0];
            } elseif (count($seenptid) > 1) {
                $ptids = join(', ', array_keys($seenptid));
                $whereclauses[] = $leftjoin['pubtypeid'] . ' IN (' . $ptids . ')';
            }
        }
    }
    if (!empty($state) && is_array($state)) {
        if (count($state) == 1 && is_numeric($state[0])) {
            $whereclauses[] = $leftjoin['state'] . ' = ' . $state[0];
        } elseif (count($state) > 1) {
            $allstate = join(', ', $state);
            $whereclauses[] = $leftjoin['state'] . ' IN (' . $allstate . ')';
        }
    }
    if (!empty($pubdate)) {
        // published in a certain year
        if (preg_match('/^(\\d{4})$/', $pubdate, $matches)) {
            $startdate = gmmktime(0, 0, 0, 1, 1, $matches[1]);
            $enddate = gmmktime(0, 0, 0, 1, 1, $matches[1] + 1);
            if ($enddate > time()) {
                $enddate = time();
            }
            // published in a certain month
        } elseif (preg_match('/^(\\d{4})-(\\d+)$/', $pubdate, $matches)) {
            $startdate = gmmktime(0, 0, 0, $matches[2], 1, $matches[1]);
            // PHP allows month > 12 :-)
            $enddate = gmmktime(0, 0, 0, $matches[2] + 1, 1, $matches[1]);
            if ($enddate > time()) {
                $enddate = time();
            }
            // published in a certain day
        } elseif (preg_match('/^(\\d{4})-(\\d+)-(\\d+)$/', $pubdate, $matches)) {
            $startdate = gmmktime(0, 0, 0, $matches[2], $matches[3], $matches[1]);
            // PHP allows day > 3x :-)
            $enddate = gmmktime(0, 0, 0, $matches[2], $matches[3] + 1, $matches[1]);
            if ($enddate > time()) {
                $enddate = time();
            }
            // published at a certain timestamp
        } elseif (preg_match('/^(\\d+)$/', $pubdate, $matches)) {
            if ($pubdate <= time()) {
                $whereclauses[] = $leftjoin['create_date'] . ' = ' . $pubdate;
            }
        }
    }
    if (!empty($startdate) && is_numeric($startdate)) {
        $whereclauses[] = $leftjoin['create_date'] . ' >= ' . $startdate;
    }
    /*
    if (!empty($enddate) && is_numeric($enddate)) {
        $whereclauses[] = $leftjoin['create_date'] . ' < ' . $enddate;
    }
    */
    /* Example: automatically filter by the current locale - cfr. bug 3454
        if (empty($locale)) {
            $locale = xarMLSGetCurrentLocale();
        }
    */
    if (!empty($locale) && is_string($locale)) {
        $whereclauses[] = $leftjoin['locale'] . " = " . $dbconn->qstr($locale);
    }
    if (count($ids) > 0) {
        $allids = join(', ', $ids);
        $whereclauses[] = $publicationstable . '.id IN (' . $allids . ')';
    }
    if (!empty($where)) {
        // find all single-quoted pieces of text and replace them first, to allow where clauses
        // like : title eq 'this and that' and body1 eq 'here or there'
        $idx = 0;
        $found = array();
        if (preg_match_all("/'(.*?)'/", $where, $matches)) {
            foreach ($matches[1] as $match) {
                $found[$idx] = $match;
                $match = preg_quote($match);
                $match = str_replace("#", "\\#", $match);
                $where = trim(preg_replace("#'{$match}'#", "'~{$idx}~'", $where));
                $idx++;
            }
        }
        // cfr. BL compiler - adapt as needed (I don't think == and === are accepted in SQL)
        $findLogic = array(' eq ', ' ne ', ' lt ', ' gt ', ' id ', ' nd ', ' le ', ' ge ');
        $replaceLogic = array(' = ', ' != ', ' < ', ' > ', ' = ', ' != ', ' <= ', ' >= ');
        $where = str_replace($findLogic, $replaceLogic, $where);
        $parts = preg_split('/\\s+(and|or)\\s+/', $where, -1, PREG_SPLIT_DELIM_CAPTURE);
        $join = '';
        $mywhere = '';
        foreach ($parts as $part) {
            if ($part == 'and' || $part == 'or') {
                $join = $part;
                continue;
            }
            $pieces = preg_split('/\\s+/', $part);
            $name = array_shift($pieces);
            // sanity check on SQL
            if (count($pieces) < 2) {
                continue;
            }
            if (isset($leftjoin[$name])) {
                // Note: this is a potential security hole, so don't allow end-users to
                // fill in the where clause without filtering quotes etc. !
                if (empty($idx)) {
                    $mywhere .= $join . ' ' . $leftjoin[$name] . ' ' . join(' ', $pieces) . ' ';
                } else {
                    $mywhere .= $join . ' ' . $leftjoin[$name] . ' ';
                    foreach ($pieces as $piece) {
                        // replace the pieces again if necessary
                        if (preg_match("#'~(\\d+)~'#", $piece, $matches) && isset($found[$matches[1]])) {
                            $original = $found[$matches[1]];
                            $piece = preg_replace("#'~(\\d+)~'#", "'{$original}'", $piece);
                        }
                        $mywhere .= $piece . ' ';
                    }
                }
            }
        }
        if (!empty($mywhere)) {
            $whereclauses[] = '(' . $mywhere . ')';
        }
    }
    if (empty($searchfields)) {
        $searchfields = array('title', 'description', 'summary', 'body1');
    }
    if (!empty($search)) {
        // TODO : improve + make use of full-text indexing for recent MySQL versions ?
        $normal = array();
        $find = array();
        // 0. Check for "'equal whole string' searchType"
        if (!empty($searchtype) && $searchtype == 'equal whole string') {
            $normal[] = $search;
            $search = "";
            $searchtype = 'eq';
        }
        // 0. Check for fulltext or fulltext boolean searchtypes (MySQL only)
        // CHECKME: switch to other search type if $search is less than min. length ?
        if (!empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') {
            $fulltext = xarModVars::get('publications', 'fulltextsearch');
            if (!empty($fulltext)) {
                $fulltextfields = explode(',', $fulltext);
            } else {
                $fulltextfields = array();
            }
            $matchfields = array();
            foreach ($fulltextfields as $field) {
                if (empty($leftjoin[$field])) {
                    continue;
                }
                $matchfields[] = $leftjoin[$field];
            }
            // TODO: switch mode automatically if + - etc. are detected ?
            $matchmode = '';
            if ($searchtype == 'fulltext boolean') {
                $matchmode = ' IN BOOLEAN MODE';
            }
            $find[] = 'MATCH (' . join(', ', $matchfields) . ') AGAINST (' . $dbconn->qstr($search) . $matchmode . ')';
            // Add this to field list too when sorting by relevance in boolean mode (cfr. getall() sort)
            $leftjoin['relevance'] = 'MATCH (' . join(', ', $matchfields) . ') AGAINST (' . $dbconn->qstr($search) . $matchmode . ') AS relevance';
            // check if we have any other fields to search in
            $morefields = array_diff($searchfields, $fulltextfields);
            if (!empty($morefields)) {
                // FIXME: sort order may not be by relevance if we mix fulltext with other searches
                $searchfields = $morefields;
                $searchtype = '';
            } else {
                // we're done here
                $searchfields = array();
                $search = '';
            }
        }
        // 1. find quoted text
        if (preg_match_all('#"(.*?)"#', $search, $matches)) {
            foreach ($matches[1] as $match) {
                $normal[] = $match;
                $match = preg_quote($match);
                $search = trim(preg_replace("#\"{$match}\"#", '', $search));
            }
        }
        if (preg_match_all("/'(.*?)'/", $search, $matches)) {
            foreach ($matches[1] as $match) {
                $normal[] = $match;
                $match = preg_quote($match);
                $search = trim(preg_replace("#'{$match}'#", '', $search));
            }
        }
        // 2. find mandatory +text to include
        // 3. find mandatory -text to exclude
        // 4. find normal text
        $more = preg_split('/\\s+/', $search, -1, PREG_SPLIT_NO_EMPTY);
        $normal = array_merge($normal, $more);
        foreach ($normal as $text) {
            // TODO: use XARADODB to escape wildcards (and use portable ones) ??
            $text = str_replace('%', '\\%', $text);
            $text = str_replace('_', '\\_', $text);
            foreach ($searchfields as $field) {
                if (empty($leftjoin[$field])) {
                    continue;
                }
                if (empty($searchtype) || $searchtype == 'like') {
                    $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text . '%');
                } elseif ($searchtype == 'start') {
                    $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr($text . '%');
                } elseif ($searchtype == 'end') {
                    $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text);
                } elseif ($searchtype == 'eq') {
                    $find[] = $leftjoin[$field] . " = " . $dbconn->qstr($text);
                } else {
                    // TODO: other search types ?
                    $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text . '%');
                }
            }
        }
        $whereclauses[] = '(' . join(' OR ', $find) . ')';
    }
    if (count($whereclauses) > 0) {
        $leftjoin['where'] = join(' AND ', $whereclauses);
    } else {
        $leftjoin['where'] = '';
    }
    return $leftjoin;
}
Ejemplo n.º 10
0
function publications_treeapi_insertprep($args)
{
    // An insertion point (an ID in the table) is required.
    // Special insertion point ID is 0, which refers to the
    // virtual root of all trees. An item can not be
    // inserted on the same level as the virtual root.
    extract($args);
    // TODO: validate params: insertpoint, offset, tablename, idname
    // Default operation is 'before' - i.e. put the new item in the place
    // of the insertpoint and move everything to the right one place.
    if (!xarVarValidate('enum:before:after:firstchild:lastchild', $offset, true)) {
        $offset = 'firstchild';
    }
    if (!isset($insertpoint)) {
        $insertpoint = 0;
    }
    if (!isset($idname)) {
        $idname = 'xar_id';
    }
    // Cannot insert on the same level as the virtual root.
    if ($insertpoint == 0) {
        if ($offset == 'before') {
            $offset = 'firstchild';
        }
        if ($offset == 'after') {
            $offset = 'lastchild';
        }
    }
    $dbconn = xarDB::getConn();
    $result = xarMod::apiFunc('publications', 'tree', 'getleftright', array('tablename' => $tablename, 'idname' => $idname, 'id' => $insertpoint));
    if (!$result) {
        return;
    }
    extract($result);
    // Locate the new insert point.
    if ($offset == 'before') {
        $shift = $left;
    }
    if ($offset == 'after') {
        $shift = $right + 1;
    }
    if ($offset == 'firstchild') {
        $shift = $left + 1;
        $parent = $insertpoint;
    }
    if ($offset == 'lastchild') {
        $shift = $right;
        $parent = $insertpoint;
    }
    // Create a space of two traversal points.
    // The new item will not have children, so the traversal
    // points will be sequential.
    $query = 'UPDATE ' . $tablename . ' SET xar_left = xar_left + 2 ' . ' WHERE xar_left >= ?';
    $result = $dbconn->execute($query, array($shift));
    if (!$result) {
        return;
    }
    $query = 'UPDATE ' . $tablename . ' SET xar_right = xar_right + 2 ' . ' WHERE xar_right >= ?';
    $result = $dbconn->execute($query, array($shift));
    if (!$result) {
        return;
    }
    // Return the new parent/left/right values
    return array('parent' => $parent, 'left' => $shift, 'right' => $shift + 1);
}
Ejemplo n.º 11
0
/**
 * count number of items depending on additional module criteria
 *
 * @param $args['catid'] string of category id(s) that we're counting in, or
 * @param $args['cids'] array of cids that we are counting in (OR/AND)
 * @param $args['andcids'] true means AND-ing categories listed in cids
 *
 * @param $args['owner'] the ID of the author
 * @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
 * @param $args['state'] array of requested status(es) for the publications
 * @param $args['startdate'] publications published at startdate or later
 *                           (unix timestamp format)
 * @param $args['enddate'] publications published before enddate
 *                         (unix timestamp format)
 * @return int number of items
 */
function publications_userapi_countitems($args)
{
    // Database information
    $dbconn = xarDB::getConn();
    // Get the field names and LEFT JOIN ... ON ... parts from publications
    // By passing on the $args, we can let leftjoin() create the WHERE for
    // the publications-specific columns too now
    $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
    // TODO: make sure this is SQL standard
    // Start building the query
    if ($dbconn->databaseType == 'sqlite') {
        $query = 'SELECT COUNT(*)
                  FROM ( SELECT DISTINCT ' . $publicationsdef['field'] . '
                         FROM ' . $publicationsdef['table'];
        // WATCH OUT, UNBALANCED
    } else {
        $query = 'SELECT COUNT(DISTINCT ' . $publicationsdef['field'] . ')';
        $query .= ' FROM ' . $publicationsdef['table'];
    }
    if (!isset($args['cids'])) {
        $args['cids'] = array();
    }
    if (!isset($args['andcids'])) {
        $args['andcids'] = false;
    }
    if (count($args['cids']) > 0 || !empty($args['catid'])) {
        // Load API
        if (!xarModAPILoad('categories', 'user')) {
            return;
        }
        // Get the LEFT JOIN ... ON ...  and WHERE (!) parts from categories
        $args['modid'] = xarModGetIDFromName('publications');
        if (isset($args['ptid']) && !isset($args['itemtype'])) {
            $args['itemtype'] = $args['ptid'];
        }
        $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args);
        $query .= ' LEFT JOIN ' . $categoriesdef['table'];
        $query .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id'];
        $query .= $categoriesdef['more'];
        $docid = 1;
    }
    // Create the WHERE part
    $where = array();
    // we rely on leftjoin() to create the necessary publications clauses now
    if (!empty($publicationsdef['where'])) {
        $where[] = $publicationsdef['where'];
    }
    if (!empty($docid)) {
        // we rely on leftjoin() to create the necessary categories clauses
        $where[] = $categoriesdef['where'];
    }
    if (count($where) > 0) {
        $query .= ' WHERE ' . join(' AND ', $where);
    }
    // Balance parentheses
    if ($dbconn->databaseType == 'sqlite') {
        $query .= ')';
    }
    // Run the query - finally :-)
    $result =& $dbconn->Execute($query);
    if (!$result) {
        return;
    }
    if ($result->EOF) {
        return;
    }
    $num = $result->fields[0];
    $result->Close();
    return $num;
}
Ejemplo n.º 12
0
/**
 * get the number of publications per publication type and category
 *
 * @param $args['state'] array of requested status(es) for the publications
 * @param $args['ptid'] publication type ID
 * @param $args['cids'] array of category IDs (OR/AND)
 * @param $args['andcids'] true means AND-ing categories listed in cids
 * @param $args['groupcids'] the number of categories you want items grouped by
 * @param $args['reverse'] default is ptid => cid, reverse (1) is cid => ptid
 * @return array array( $ptid => array( $cid => $count) ),
 *         or false on failure
 */
function publications_userapi_getpubcatcount($args)
{
    /*
        static $pubcatcount = array();
    
        if (count($pubcatcount) > 0) {
            return $pubcatcount;
        }
    */
    $pubcatcount = array();
    // Get database setup
    $dbconn = xarDB::getConn();
    // Get the LEFT JOIN ... ON ...  and WHERE parts from publications
    $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
    // Load API
    if (!xarModAPILoad('categories', 'user')) {
        return;
    }
    $args['modid'] = xarMod::getRegID('publications');
    if (isset($args['ptid']) && !isset($args['itemtype'])) {
        $args['itemtype'] = $args['ptid'];
    }
    // Get the LEFT JOIN ... ON ...  and WHERE parts from categories
    $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args);
    // Get count
    $query = 'SELECT ' . $publicationsdef['pubtype_id'] . ', ' . $categoriesdef['category_id'] . ', COUNT(*)
            FROM ' . $publicationsdef['table'] . '
            LEFT JOIN ' . $categoriesdef['table'] . '
            ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['field'] . $categoriesdef['more'] . '
            WHERE ' . $categoriesdef['where'] . ' AND ' . $publicationsdef['where'] . '
            GROUP BY ' . $publicationsdef['pubtype_id'] . ', ' . $categoriesdef['category_id'];
    $result =& $dbconn->Execute($query);
    if (!$result) {
        return;
    }
    if ($result->EOF) {
        if (!empty($args['ptid']) && empty($args['reverse'])) {
            $pubcatcount[$args['ptid']] = array();
        }
        return $pubcatcount;
    }
    while (!$result->EOF) {
        // we may have 1 or more cid fields here, depending on what we're
        // counting (cfr. AND in categories)
        $fields = $result->fields;
        $ptid = array_shift($fields);
        $count = array_pop($fields);
        // TODO: use multi-level array for multi-category grouping ?
        $cid = join('+', $fields);
        if (empty($args['reverse'])) {
            $pubcatcount[$ptid][$cid] = $count;
        } else {
            $pubcatcount[$cid][$ptid] = $count;
        }
        $result->MoveNext();
    }
    foreach ($pubcatcount as $id1 => $val) {
        $total = 0;
        foreach ($val as $id2 => $count) {
            $total += $count;
        }
        $pubcatcount[$id1]['total'] = $total;
    }
    return $pubcatcount;
}
Ejemplo n.º 13
0
/**
 * count number of items depending on additional module criteria
 *
 * @param array group
 * @return array number of items with descriptors
 */
function publications_adminapi_getstats($args)
{
    extract($args);
    $allowedfields = array('pubtype_id', 'state', 'owner', 'locale', 'pubdate_year', 'pubdate_month', 'pubdate_day');
    if (empty($group)) {
        $group = array();
    }
    $newfields = array();
    $newgroups = array();
    foreach ($group as $field) {
        if (empty($field) || !in_array($field, $allowedfields)) {
            continue;
        }
        if ($field == 'pubdate_year') {
            $dbtype = xarDB::getType();
            switch ($dbtype) {
                case 'mysql':
                    $newfields[] = "LEFT(FROM_UNIXTIME(start_date),4) AS myyear";
                    $newgroups[] = "myyear";
                    break;
                case 'postgres':
                    $newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY') AS myyear";
                    // CHECKME: do we need to use TO_CHAR(...) for the group field too ?
                    $newgroups[] = "myyear";
                    break;
                case 'mssql':
                    $newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),4) as myyear";
                    $newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),4)";
                    break;
                    // TODO:  Add SQL queries for Oracle, etc.
                // TODO:  Add SQL queries for Oracle, etc.
                default:
                    continue;
            }
        } elseif ($field == 'pubdate_month') {
            $dbtype = xarDB::getType();
            switch ($dbtype) {
                case 'mysql':
                    $newfields[] = "LEFT(FROM_UNIXTIME(start_date),7) AS mymonth";
                    $newgroups[] = "mymonth";
                    break;
                case 'postgres':
                    $newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY-MM') AS mymonth";
                    // CHECKME: do we need to use TO_CHAR(...) for the group field too ?
                    $newgroups[] = "mymonth";
                    break;
                case 'mssql':
                    $newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),7) as mymonth";
                    $newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),7)";
                    break;
                    // TODO:  Add SQL queries for Oracle, etc.
                // TODO:  Add SQL queries for Oracle, etc.
                default:
                    continue;
            }
        } elseif ($field == 'pubdate_day') {
            $dbtype = xarDB::getType();
            switch ($dbtype) {
                case 'mysql':
                    $newfields[] = "LEFT(FROM_UNIXTIME(start_date),10) AS myday";
                    $newgroups[] = "myday";
                    break;
                case 'postgres':
                    $newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY-MM-DD') AS myday";
                    // CHECKME: do we need to use TO_CHAR(...) for the group field too ?
                    $newgroups[] = "myday";
                    break;
                case 'mssql':
                    $newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),10) as myday";
                    $newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),10)";
                    break;
                    // TODO:  Add SQL queries for Oracle, etc.
                // TODO:  Add SQL queries for Oracle, etc.
                default:
                    continue;
            }
        } else {
            $newfields[] = $field;
            $newgroups[] = $field;
        }
    }
    if (empty($newfields) || count($newfields) < 1) {
        $newfields = array('pubtype_id', 'state', 'owner');
        $newgroups = array('pubtype_id', 'state', 'owner');
    }
    // Database information
    $dbconn = xarDB::getConn();
    $xartables = xarDB::getTables();
    $query = 'SELECT ' . join(', ', $newfields) . ', COUNT(*)
              FROM ' . $xartables['publications'] . '
              GROUP BY ' . join(', ', $newgroups) . '
              ORDER BY ' . join(', ', $newgroups);
    $result =& $dbconn->Execute($query);
    if (!$result) {
        return;
    }
    $stats = array();
    while (!$result->EOF) {
        if (count($newfields) > 3) {
            list($field1, $field2, $field3, $field4, $count) = $result->fields;
            $stats[$field1][$field2][$field3][$field4] = $count;
        } elseif (count($newfields) == 3) {
            list($field1, $field2, $field3, $count) = $result->fields;
            $stats[$field1][$field2][$field3] = $count;
        } elseif (count($newfields) == 2) {
            list($field1, $field2, $count) = $result->fields;
            $stats[$field1][$field2] = $count;
        } elseif (count($newfields) == 1) {
            list($field1, $count) = $result->fields;
            $stats[$field1] = $count;
        }
        $result->MoveNext();
    }
    $result->Close();
    return $stats;
}
Ejemplo n.º 14
0
function publications_admin_updateconfig()
{
    // Confirm authorisation code
    if (!xarSecConfirmAuthKey()) {
        return;
    }
    // Get parameters
    //A lot of these probably are bools, still might there be a need to change the template to return
    //'true' and 'false' to use those...
    if (!xarVarFetch('settings', 'array', $settings, array(), XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('usetitleforurl', 'int', $usetitleforurl, xarModVars::get('publications', 'usetitleforurl'), XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('defaultstate', 'isset', $defaultstate, 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('defaultsort', 'isset', $defaultsort, 'date', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('usealias', 'int', $usealias, 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('ptid', 'isset', $ptid, xarModVars::get('publications', 'defaultpubtype'), XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('multilanguage', 'int', $multilanguage, 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('tab', 'str:1:10', $data['tab'], 'global', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
        return;
    }
    if ($data['tab'] == 'global') {
        if (!xarVarFetch('defaultpubtype', 'isset', $defaultpubtype, 1, XARVAR_NOT_REQUIRED)) {
            return;
        }
        if (!xarVarFetch('sortpubtypes', 'isset', $sortpubtypes, 'id', XARVAR_NOT_REQUIRED)) {
            return;
        }
        if (!xarVarFetch('defaultlanguage', 'str:1:100', $defaultlanguage, xarModVars::get('publications', 'defaultlanguage'), XARVAR_NOT_REQUIRED)) {
            return;
        }
        if (!xarVarFetch('debugmode', 'checkbox', $debugmode, xarModVars::get('publications', 'debugmode'), XARVAR_NOT_REQUIRED)) {
            return;
        }
        if (!xarVarFetch('defaultfrontpage', 'str', $defaultfrontpage, xarModVars::get('publications', 'defaultfrontpage'), XARVAR_NOT_REQUIRED)) {
            return;
        }
        if (!xarVarFetch('defaultbackpage', 'str', $defaultbackpage, xarModVars::get('publications', 'defaultbackpage'), XARVAR_NOT_REQUIRED)) {
            return;
        }
        xarModVars::set('publications', 'defaultpubtype', $defaultpubtype);
        xarModVars::set('publications', 'sortpubtypes', $sortpubtypes);
        xarModVars::set('publications', 'defaultlanguage', $defaultlanguage);
        xarModVars::set('publications', 'debugmode', $debugmode);
        xarModVars::set('publications', 'usealias', $usealias);
        xarModVars::set('publications', 'usetitleforurl', $usetitleforurl);
        xarModVars::set('publications', 'defaultfrontpage', $defaultfrontpage);
        xarModVars::set('publications', 'defaultbackpage', $defaultbackpage);
        // Allow multilanguage only if the languages property is present
        sys::import('modules.dynamicdata.class.properties.registration');
        $types = PropertyRegistration::Retrieve();
        if (isset($types[30039])) {
            xarModVars::set('publications', 'multilanguage', $multilanguage);
        } else {
            xarModVars::set('publications', 'multilanguage', 0);
        }
        // Get the special pages.
        foreach (array('defaultpage', 'errorpage', 'notfoundpage', 'noprivspage') as $special_name) {
            unset($special_id);
            if (!xarVarFetch($special_name, 'id', $special_id, 0, XARVAR_NOT_REQUIRED)) {
                return;
            }
            xarModVars::set('publications', $special_name, $special_id);
        }
        if (xarDB::getType() == 'mysql') {
            if (!xarVarFetch('fulltext', 'isset', $fulltext, '', XARVAR_NOT_REQUIRED)) {
                return;
            }
            $oldval = xarModVars::get('publications', 'fulltextsearch');
            $index = 'i_' . xarDB::getPrefix() . '_publications_fulltext';
            if (empty($fulltext) && !empty($oldval)) {
                // Get database setup
                $dbconn = xarDB::getConn();
                $xartable = xarDB::getTables();
                $publicationstable = $xartable['publications'];
                // Drop fulltext index on publications table
                $query = "ALTER TABLE {$publicationstable} DROP INDEX {$index}";
                $result =& $dbconn->Execute($query);
                if (!$result) {
                    return;
                }
                xarModVars::set('publications', 'fulltextsearch', '');
            } elseif (!empty($fulltext) && empty($oldval)) {
                $searchfields = array('title', 'description', 'summary', 'body1', 'notes');
                //                $searchfields = explode(',',$fulltext);
                // Get database setup
                $dbconn = xarDB::getConn();
                $xartable = xarDB::getTables();
                $publicationstable = $xartable['publications'];
                // Add fulltext index on publications table
                $query = "ALTER TABLE {$publicationstable} ADD FULLTEXT {$index} (" . join(', ', $searchfields) . ")";
                $result =& $dbconn->Execute($query);
                if (!$result) {
                    return;
                }
                xarModVars::set('publications', 'fulltextsearch', join(',', $searchfields));
            }
        }
        // Module settings
        $data['module_settings'] = xarMod::apiFunc('base', 'admin', 'getmodulesettings', array('module' => 'publications'));
        $data['module_settings']->setFieldList('items_per_page, use_module_alias, module_alias_name, enable_short_urls, user_menu_link', 'use_module_icons');
        $isvalid = $data['module_settings']->checkInput();
        if (!$isvalid) {
            return xarTplModule('base', 'admin', 'modifyconfig', $data);
        } else {
            $itemid = $data['module_settings']->updateItem();
        }
        // Pull the base category ids from the template and save them
        $picker = DataPropertyMaster::getProperty(array('name' => 'categorypicker'));
        $picker->checkInput('basecid');
    } elseif ($data['tab'] == 'pubtypes') {
        // Get the publication type for this display and save the settings to it
        $pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
        $pubtypeobject->getItem(array('itemid' => $ptid));
        $configsettings = $pubtypeobject->properties['configuration']->getValue();
        $checkbox = DataPropertyMaster::getProperty(array('name' => 'checkbox'));
        $boxes = array('show_hitount', 'show_ratings', 'show_keywords', 'show_comments', 'show_prevnext', 'show_archives', 'show_publinks', 'show_pubcount', 'show_map', 'prevnextart', 'dot_transform', 'title_transform', 'show_categories', 'show_catcount', 'show_prevnext', 'allow_translations');
        foreach ($boxes as $box) {
            $isvalid = $checkbox->checkInput($box);
            if ($isvalid) {
                $settings[$box] = $checkbox->value;
            }
        }
        //        foreach ($configsettings as $key => $value)
        //            if (!isset($settings[$key])) $settings[$key] = 0;
        $isvalid = true;
        // Get the default access rules
        $access = DataPropertyMaster::getProperty(array('name' => 'access'));
        $validprop = $access->checkInput("access_add");
        $addaccess = $access->value;
        $isvalid = $isvalid && $validprop;
        $validprop = $access->checkInput("access_display");
        $displayaccess = $access->value;
        $isvalid = $isvalid && $validprop;
        $validprop = $access->checkInput("access_modify");
        $modifyaccess = $access->value;
        $isvalid = $isvalid && $validprop;
        $validprop = $access->checkInput("access_delete");
        $deleteaccess = $access->value;
        $isvalid = $isvalid && $validprop;
        $allaccess = array('add' => $addaccess, 'display' => $displayaccess, 'modify' => $modifyaccess, 'delete' => $deleteaccess);
        $pubtypeobject->properties['access']->setValue(serialize($allaccess));
        $pubtypeobject->properties['configuration']->setValue(serialize($settings));
        $pubtypeobject->updateItem(array('itemid' => $ptid));
        $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
        if ($usealias) {
            xarModSetAlias($pubtypes[$ptid]['name'], 'publications');
        } else {
            xarModDelAlias($pubtypes[$ptid]['name'], 'publications');
        }
    } elseif ($data['tab'] == 'redirects') {
        $redirects = DataPropertyMaster::getProperty(array('name' => 'array'));
        $redirects->display_column_definition['value'] = array(array("From", "To"), array(2, 2), array("", ""), array("", ""));
        $isvalid = $redirects->checkInput("redirects");
        xarModVars::set('publications', 'redirects', $redirects->value);
    }
    xarController::redirect(xarModURL('publications', 'admin', 'modifyconfig', array('ptid' => $ptid, 'tab' => $data['tab'])));
    return true;
}
Ejemplo n.º 15
0
function publications_treeapi_moveitem($args)
{
    extract($args);
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    // Obtain current information on the reference item
    $refitem = xarMod::apiFunc('publications', 'user', 'getpage', array('pid' => $refid));
    $query = 'SELECT xar_left, xar_right, xar_parent' . ' FROM ' . $tablename . ' WHERE ' . $idname . ' = ?';
    // Run the query (reference item).
    $result = $dbconn->execute($query, array($refid));
    if (!$result) {
        return;
    }
    if ($result->EOF) {
        $msg = xarML('Reference item "#(1)" does not exist', $refid);
        throw new BadParameterException(null, $msg);
    }
    list($ref_left, $ref_right, $ref_parent) = $result->fields;
    // Run the query (item to be moved).
    $result = $dbconn->execute($query, array((int) $itemid));
    if (!$result) {
        return;
    }
    if ($result->EOF) {
        $msg = xarML('Moving item "#(1)" does not exist', $itemid);
        throw new BadParameterException(null, $msg);
    }
    list($item_left, $item_right, $item_parent) = $result->fields;
    // Checking if the reference ID is of a child or itself
    if ($ref_left >= $item_left && $ref_left <= $item_right) {
        $msg = xarML('Group references siblings');
        throw new BadParameterException(null, $msg);
    }
    // Find the point of insertion.
    switch (strtolower($offset)) {
        case 'lastchild':
            // last child of reference item
            $insertion_point = $ref_right;
            break;
        case 'after':
            // after reference item, same level
            $insertion_point = $ref_right + 1;
            break;
        case 'firstchild':
            // first child reference item
            $insertion_point = $ref_left + 1;
            break;
        case 'before':
            // before reference item, same level
            $insertion_point = $ref_left;
            break;
        default:
            $msg = xarML('Offset not "#(1)" valid', $offset);
            throw new BadParameterException(null, $msg);
    }
    $size = $item_right - $item_left + 1;
    $distance = $insertion_point - $item_left;
    // If necessary to move then evaluate
    if ($distance != 0) {
        if ($distance > 0) {
            // moving forward
            $distance = $insertion_point - $item_right - 1;
            $deslocation_outside = -$size;
            $between_string = $item_right + 1 . ' AND ' . ($insertion_point - 1);
        } else {
            // $distance < 0 (moving backward)
            $deslocation_outside = $size;
            $between_string = $insertion_point . ' AND ' . ($item_left - 1);
        }
        // This seems SQL-92 standard... Its a good test to see if
        // the databases we are supporting are complying with it. This can be
        // broken down in 3 simple UPDATES which shouldnt be a problem with any database.
        $query = 'UPDATE ' . $tablename . ' SET xar_left = CASE' . '    WHEN xar_left BETWEEN ' . $item_left . ' AND ' . $item_right . '    THEN xar_left + (' . $distance . ')' . '    WHEN xar_left BETWEEN ' . $between_string . '    THEN xar_left + (' . $deslocation_outside . ')' . '    ELSE xar_left' . ' END,' . ' xar_right = CASE' . '    WHEN xar_right BETWEEN ' . $item_left . ' AND ' . $item_right . '    THEN xar_right + (' . $distance . ')' . '    WHEN xar_right BETWEEN ' . $between_string . '    THEN xar_right + (' . $deslocation_outside . ')' . '    ELSE xar_right' . ' END';
        $result = $dbconn->execute($query);
        if (!$result) {
            return;
        }
        // Find the right parent for this item.
        if (strtolower($offset) == 'lastchild' || strtolower($offset) == 'firstchild') {
            $parent_id = $refid;
        } else {
            $parent_id = $ref_parent;
        }
        // Update parent id
        $query = 'UPDATE ' . $tablename . ' SET xar_parent = ?' . ' WHERE ' . $idname . ' = ?';
        $result = $dbconn->execute($query, array((int) $parent_id, (int) $itemid));
        if (!$result) {
            return;
        }
    }
    return true;
}
Ejemplo n.º 16
0
/**
 * Delete a calendar from database
 * Usage : if (xarMod::apiFunc('calendar', 'admin', 'delete', $calendar)) {...}
 *
 * @param $args['calid'] ID of the calendar
 * @returns bool
 * @return true on success, false on failure
 */
function calendar_adminapi_delete_calendar($args)
{
    // Get arguments from argument array
    extract($args);
    // Argument check
    if (!isset($calid)) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'calendar ID', 'admin', 'delete', 'Calendar');
        throw new Exception($msg);
    }
    // TODO: Security check
    /*
        if (!xarMod::apiLoad('calendar', 'user')) return;
    
        $args['mask'] = 'DeleteCalendars';
        if (!xarMod::apiFunc('calendar','user','checksecurity',$args)) {
            $msg = xarML('Not authorized to delete #(1) items',
                        'Calendar');
            throw new Exception($msg);
        }
    */
    // Call delete hooks for categories, hitcount etc.
    $args['module'] = 'calendar';
    $args['itemid'] = $calid;
    xarModCallHooks('item', 'delete', $calid, $args);
    // Get database setup
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    $calendarstable = $xartable['calendars'];
    $cal_filestable = $xartable['calendars_files'];
    $calfiles = $xartable['calfiles'];
    // Get files associated with that calendar
    $query = "SELECT xar_files_id FROM {$cal_filestable}\n             WHERE xar_calendars_id = ? LIMIT 1 ";
    $result =& $dbconn->Execute($query, array($calid));
    if (!$result) {
        return;
    }
    for (; !$result->EOF; $result->MoveNext()) {
        // there should be only one result
        list($file_id) = $result->fields;
    }
    if (isset($file_id) || !empty($file_id)) {
        $query = "DELETE FROM {$calfiles}\n                  WHERE xar_id = ?";
        $result =& $dbconn->Execute($query, array($file_id));
        if (!$result) {
            return;
        }
    }
    // Delete item
    $query = "DELETE FROM {$calendarstable}\n              WHERE xar_id = ?";
    $result =& $dbconn->Execute($query, array($calid));
    if (!$result) {
        return;
    }
    $query = "DELETE FROM {$cal_filestable}\n              WHERE xar_calendars_id = ?";
    $result =& $dbconn->Execute($query, array($calid));
    if (!$result) {
        return;
    }
    $result->Close();
    return true;
}
Ejemplo n.º 17
0
/**
 * get a list of article authors depending on additional module criteria
 *
 * @param $args['cids'] array of cids that we are counting for (OR/AND)
 * @param $args['andcids'] true means AND-ing categories listed in cids
 *
 * @param $args['owner'] the ID of the author
 * @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
 * @param $args['state'] array of requested status(es) for the publications
 * @param $args['startdate'] publications published at startdate or later
 *                           (unix timestamp format)
 * @param $args['enddate'] publications published before enddate
 *                         (unix timestamp format)
 * @return array of author id => author name
 */
function publications_userapi_getauthors($args)
{
    // Database information
    $dbconn = xarDB::getConn();
    // Get the field names and LEFT JOIN ... ON ... parts from publications
    // By passing on the $args, we can let leftjoin() create the WHERE for
    // the publications-specific columns too now
    $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
    // Load API
    if (!xarModAPILoad('roles', 'user')) {
        return;
    }
    // Get the field names and LEFT JOIN ... ON ... parts from users
    $usersdef = xarModAPIFunc('roles', 'user', 'leftjoin');
    // TODO: make sure this is SQL standard
    // Start building the query
    $query = 'SELECT DISTINCT ' . $publicationsdef['owner'] . ', ' . $usersdef['name'];
    $query .= ' FROM ' . $publicationsdef['table'];
    // Add the LEFT JOIN ... ON ... parts from users
    $query .= ' LEFT JOIN ' . $usersdef['table'];
    $query .= ' ON ' . $usersdef['field'] . ' = ' . $publicationsdef['owner'];
    if (!isset($args['cids'])) {
        $args['cids'] = array();
    }
    if (!isset($args['andcids'])) {
        $args['andcids'] = false;
    }
    if (count($args['cids']) > 0) {
        // Load API
        if (!xarModAPILoad('categories', 'user')) {
            return;
        }
        // Get the LEFT JOIN ... ON ...  and WHERE (!) parts from categories
        $args['modid'] = xarModGetIDFromName('publications');
        if (isset($args['ptid']) && !isset($args['itemtype'])) {
            $args['itemtype'] = $args['ptid'];
        }
        $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args);
        $query .= ' LEFT JOIN ' . $categoriesdef['table'];
        $query .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id'];
        $query .= $categoriesdef['more'];
        $docid = 1;
    }
    // Create the WHERE part
    $where = array();
    // we rely on leftjoin() to create the necessary publications clauses now
    if (!empty($publicationsdef['where'])) {
        $where[] = $publicationsdef['where'];
    }
    if (!empty($docid)) {
        // we rely on leftjoin() to create the necessary categories clauses
        $where[] = $categoriesdef['where'];
    }
    if (count($where) > 0) {
        $query .= ' WHERE ' . join(' AND ', $where);
    }
    // Order by author name
    $query .= ' ORDER BY ' . $usersdef['name'] . ' ASC';
    // Run the query - finally :-)
    $result =& $dbconn->Execute($query);
    if (!$result) {
        return;
    }
    $authors = array();
    while (!$result->EOF) {
        list($uid, $name) = $result->fields;
        $authors[$uid] = array('id' => $uid, 'name' => $name);
        $result->MoveNext();
    }
    $result->Close();
    return $authors;
}
Ejemplo n.º 18
0
/**
 * Update a publication type
 *
 * @param id $args['ptid'] ID of the publication type
 * @param string $args['name'] name of the publication type (not allowed here)
 * @param string $args['description'] description of the publication type
 * @param array $args['config'] configuration of the publication type
 * @return bool true on success, false on failure
 */
function publications_adminapi_updatepubtype($args)
{
    // Get arguments from argument array
    extract($args);
    // Argument check - make sure that all required arguments are present
    // and in the right format, if not then set an appropriate error
    // message and return
    // Note : since we have several arguments we want to check here, we'll
    // report all those that are invalid at the same time...
    $invalid = array();
    if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) {
        $invalid[] = 'publication type ID';
    }
    /*
        if (!isset($name) || !is_string($name) || empty($name)) {
            $invalid[] = 'name';
        }
    */
    if (!isset($descr) || !is_string($descr) || empty($descr)) {
        $invalid[] = 'description';
    }
    if (!isset($config) || !is_array($config) || count($config) == 0) {
        $invalid[] = 'configuration';
    }
    if (count($invalid) > 0) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'updatepubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    // Security check - we require ADMIN rights here
    if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
        return;
    }
    // Load user API to obtain item information function
    if (!xarModAPILoad('publications', 'user')) {
        return;
    }
    // Get current publication types
    $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
    if (!isset($pubtypes[$ptid])) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'updatepubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    // Make sure we have all the configuration fields we need
    $pubfields = xarModAPIFunc('publications', 'user', 'getpubfields');
    foreach ($pubfields as $field => $value) {
        if (!isset($config[$field])) {
            $config[$field] = '';
        }
    }
    // Get database setup
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    $pubtypestable = $xartable['publication_types'];
    // Update the publication type (don't allow updates on name)
    $query = "UPDATE {$pubtypestable}\n            SET pubtypedescr = ?,\n                pubtypeconfig = ?\n            WHERE pubtype_id = ?";
    $bindvars = array($descr, serialize($config), $ptid);
    $result =& $dbconn->Execute($query, $bindvars);
    if (!$result) {
        return;
    }
    return true;
}
Ejemplo n.º 19
0
/**
 * get overview of all publications
 * Note : the following parameters are all optional
 *
 * @param $args['numitems'] number of publications to get
 * @param $args['sort'] sort order ('create_date','title','hits','rating','author','id','summary','notes',...)
 * @param $args['startnum'] starting article number
 * @param $args['ids'] array of article ids to get
 * @param $args['owner'] the ID of the author
 * @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
 * @param $args['state'] array of requested status(es) for the publications
 * @param $args['search'] search parameter(s)
 * @param $args['searchfields'] array of fields to search in
 * @param $args['searchtype'] start, end, like, eq, gt, ... (TODO)
 * @param $args['cids'] array of category IDs for which to get publications (OR/AND)
 *                      (for all categories don?t set it)
 * @param $args['andcids'] true means AND-ing categories listed in cids
 * @param $args['create_date'] publications published in a certain year (YYYY), month (YYYY-MM) or day (YYYY-MM-DD)
 * @param $args['startdate'] publications published at startdate or later
 *                           (unix timestamp format)
 * @param $args['enddate'] publications published before enddate
 *                         (unix timestamp format)
 * @param $args['fields'] array with all the fields to return per publication
 *                        Default list is : 'id','title','summary','owner',
 *                        'create_date','pubtype_id','notes','state','body1'
 *                        Optional fields : 'cids','author','counter','rating','dynamicdata'
 * @param $args['extra'] array with extra fields to return per article (in addition
 *                       to the default list). So you can EITHER specify *all* the
 *                       fields you want with 'fields', OR take all the default
 *                       ones and add some optional fields with 'extra'
 * @param $args['where'] additional where clauses (e.g. myfield gt 1234)
 * @param $args['locale'] language/locale (if not using multi-sites, categories etc.)
 * @return array Array of publications, or false on failure
 */
function publications_userapi_getall($args)
{
    // Get arguments from argument array
    extract($args);
    // Optional argument
    if (!isset($startnum)) {
        $startnum = 1;
    }
    if (empty($cids)) {
        $cids = array();
    }
    if (!isset($andcids)) {
        $andcids = false;
    }
    if (empty($ptid)) {
        $ptid = null;
    }
    // Default fields in publications (for now)
    $columns = array('id', 'name', 'title', 'description', 'summary', 'body1', 'owner', 'pubtype_id', 'notes', 'state', 'start_date');
    // Optional fields in publications (for now)
    // + 'cids' = list of categories an article belongs to
    // + 'author' = user name of owner
    // + 'counter' = number of times this article was displayed (hitcount)
    // + 'rating' = rating for this article (ratings)
    // + 'dynamicdata' = dynamic data fields for this article (dynamicdata)
    // + 'relevance' = relevance for this article (MySQL full-text search only)
    // $optional = array('cids','author','counter','rating','dynamicdata','relevance');
    if (!isset($fields)) {
        $fields = $columns;
    }
    if (isset($extra) && is_array($extra) && count($extra) > 0) {
        $fields = array_merge($fields, $extra);
    }
    if (empty($sort)) {
        if (!empty($search) && !empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') {
            if ($searchtype == 'fulltext boolean' && !in_array('relevance', $fields)) {
                // add the relevance to the field list for sorting
                $fields[] = 'relevance';
            }
            // let the database sort by relevance (= default for fulltext)
            $sortlist = array();
        } else {
            // default sort by create_date
            $sortlist = array('create_date');
        }
    } elseif (is_array($sort)) {
        $sortlist = $sort;
    } else {
        $sortlist = explode(',', $sort);
    }
    $publications = array();
    // Security check
    if (!xarSecurityCheck('ViewPublications')) {
        return;
    }
    // Fields requested by the calling function
    $required = array();
    foreach ($fields as $field) {
        $required[$field] = 1;
    }
    // mandatory fields for security
    $required['id'] = 1;
    $required['title'] = 1;
    $required['pubtype_id'] = 1;
    $required['create_date'] = 1;
    $required['owner'] = 1;
    // not to be confused with author (name) :-)
    // force cids as required when categories are given
    if (count($cids) > 0) {
        $required['cids'] = 1;
    }
    // TODO: put all this in dynamic data and retrieve everything via there (including hooked stuff)
    // Database information
    $dbconn = xarDB::getConn();
    // Get the field names and LEFT JOIN ... ON ... parts from publications
    // By passing on the $args, we can let leftjoin() create the WHERE for
    // the publications-specific columns too now
    $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
    // TODO : how to handle the case where name is empty, but uname isn't
    if (!empty($required['owner'])) {
        // Load API
        if (!xarModAPILoad('roles', 'user')) {
            return;
        }
        // Get the field names and LEFT JOIN ... ON ... parts from users
        $usersdef = xarModAPIFunc('roles', 'user', 'leftjoin');
        if (empty($usersdef)) {
            return;
        }
    }
    $regid = xarMod::getRegID('publications');
    if (!empty($required['cids'])) {
        // Load API
        if (!xarModAPILoad('categories', 'user')) {
            return;
        }
        // Get the LEFT JOIN ... ON ...  and WHERE (!) parts from categories
        $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', array('cids' => $cids, 'andcids' => $andcids, 'itemtype' => isset($ptid) ? $ptid : null, 'modid' => $regid));
        if (empty($categoriesdef)) {
            return;
        }
    }
    if (!empty($required['counter']) && xarModIsHooked('hitcount', 'publications', $ptid)) {
        // Load API
        if (!xarModAPILoad('hitcount', 'user')) {
            return;
        }
        // Get the LEFT JOIN ... ON ...  and WHERE (!) parts from hitcount
        $hitcountdef = xarModAPIFunc('hitcount', 'user', 'leftjoin', array('modid' => $regid, 'itemtype' => isset($ptid) ? $ptid : null));
    }
    if (!empty($required['rating']) && xarModIsHooked('ratings', 'publications', $ptid)) {
        // Load API
        if (!xarModAPILoad('ratings', 'user')) {
            return;
        }
        // Get the LEFT JOIN ... ON ...  and WHERE (!) parts from ratings
        $ratingsdef = xarModAPIFunc('ratings', 'user', 'leftjoin', array('modid' => $regid, 'itemtype' => isset($ptid) ? $ptid : null));
    }
    // Create the SELECT part
    $select = array();
    foreach ($required as $field => $val) {
        // we'll handle this later
        if ($field == 'cids') {
            continue;
        } elseif ($field == 'dynamicdata') {
            continue;
        } elseif ($field == 'owner') {
            $select[] = $usersdef['name'];
        } elseif ($field == 'counter') {
            if (!empty($hitcountdef['hits'])) {
                $select[] = $hitcountdef['hits'];
            }
        } elseif ($field == 'rating') {
            if (!empty($ratingsdef['rating'])) {
                $select[] = $ratingsdef['rating'];
            }
        } else {
            $select[] = $publicationsdef[$field];
        }
    }
    // FIXME: <rabbitt> PostgreSQL requires that all fields in an 'Order By' be in the SELECT
    //        this has been added to remove the error that not having it creates
    // FIXME: <mikespub> Oracle doesn't allow having the same field in a query twice if you
    //        don't specify an alias (at least in sub-queries, which is what SelectLimit uses)
    //    if (!in_array($publicationsdef['create_date'], $select)) {
    //        $select[] = $publicationsdef['create_date'];
    //    }
    // we need distinct for multi-category OR selects where publications fit in more than 1 category
    if (count($cids) > 0) {
        $query = 'SELECT DISTINCT ' . join(', ', $select);
    } else {
        $query = 'SELECT ' . join(', ', $select);
    }
    // Create the FROM ... [LEFT JOIN ... ON ...] part
    $from = $publicationsdef['table'];
    $addme = 0;
    if (!empty($required['owner'])) {
        // Add the LEFT JOIN ... ON ... parts from users
        $from .= ' LEFT JOIN ' . $usersdef['table'];
        $from .= ' ON ' . $usersdef['field'] . ' = ' . $publicationsdef['owner'];
        $addme = 1;
    }
    if (!empty($required['counter']) && isset($hitcountdef)) {
        // add this for SQL compliance when there are multiple JOINs
        // bug 4429: sqlite doesnt like the parentheses
        if ($addme && $dbconn->databaseType != 'sqlite') {
            $from = '(' . $from . ')';
        }
        // Add the LEFT JOIN ... ON ... parts from hitcount
        $from .= ' LEFT JOIN ' . $hitcountdef['table'];
        $from .= ' ON ' . $hitcountdef['field'] . ' = ' . $publicationsdef['id'];
        $addme = 1;
    }
    if (!empty($required['rating']) && isset($ratingsdef)) {
        // add this for SQL compliance when there are multiple JOINs
        // bug 4429: sqlite doesnt like the parentheses
        if ($addme && $dbconn->databaseType != 'sqlite') {
            $from = '(' . $from . ')';
        }
        // Add the LEFT JOIN ... ON ... parts from ratings
        $from .= ' LEFT JOIN ' . $ratingsdef['table'];
        $from .= ' ON ' . $ratingsdef['field'] . ' = ' . $publicationsdef['id'];
        $addme = 1;
    }
    if (count($cids) > 0) {
        // add this for SQL compliance when there are multiple JOINs
        // bug 4429: sqlite doesnt like the parentheses
        if ($addme && $dbconn->databaseType != 'sqlite') {
            $from = '(' . $from . ')';
        }
        // Add the LEFT JOIN ... ON ... parts from categories
        $from .= ' LEFT JOIN ' . $categoriesdef['table'];
        $from .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id'];
        if (!empty($categoriesdef['more']) && $dbconn->databaseType != 'sqlite') {
            $from = '(' . $from . ')';
            $from .= $categoriesdef['more'];
        }
    }
    $query .= ' FROM ' . $from;
    // TODO: check the order of the conditions for brain-dead databases ?
    // Create the WHERE part
    $where = array();
    // we rely on leftjoin() to create the necessary publications clauses now
    if (!empty($publicationsdef['where'])) {
        $where[] = $publicationsdef['where'];
    }
    if (!empty($required['counter']) && !empty($hitcountdef['where'])) {
        $where[] = $hitcountdef['where'];
    }
    if (!empty($required['rating']) && !empty($ratingsdef['where'])) {
        $where[] = $ratingsdef['where'];
    }
    if (count($cids) > 0) {
        // we rely on leftjoin() to create the necessary categories clauses
        $where[] = $categoriesdef['where'];
    }
    if (count($where) > 0) {
        $query .= ' WHERE ' . join(' AND ', $where);
    }
    // TODO: support other non-publications fields too someday ?
    // Create the ORDER BY part
    if (count($sortlist) > 0) {
        $sortparts = array();
        $seenid = 0;
        foreach ($sortlist as $criteria) {
            // ignore empty sort criteria
            if (empty($criteria)) {
                continue;
            }
            // split off trailing ASC or DESC
            if (preg_match('/^(.+)\\s+(ASC|DESC)\\s*$/i', $criteria, $matches)) {
                $criteria = trim($matches[1]);
                $sortorder = strtoupper($matches[2]);
            } else {
                $sortorder = '';
            }
            if ($criteria == 'title') {
                $sortparts[] = $publicationsdef['title'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
                //            } elseif ($criteria == 'create_date' || $criteria == 'date') {
                //                $sortparts[] = $publicationsdef['create_date'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
            } elseif ($criteria == 'hits' && !empty($hitcountdef['hits'])) {
                $sortparts[] = $hitcountdef['hits'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
            } elseif ($criteria == 'rating' && !empty($ratingsdef['rating'])) {
                $sortparts[] = $ratingsdef['rating'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
            } elseif ($criteria == 'owner' && !empty($usersdef['name'])) {
                $sortparts[] = $usersdef['name'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
            } elseif ($criteria == 'relevance' && !empty($publicationsdef['relevance'])) {
                $sortparts[] = 'relevance' . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
            } elseif ($criteria == 'id') {
                $sortparts[] = $publicationsdef['id'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
                $seenid = 1;
                // other publications fields, e.g. summary, notes, ...
            } elseif (!empty($publicationsdef[$criteria])) {
                $sortparts[] = $publicationsdef[$criteria] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
            } else {
                // ignore unknown sort fields
            }
        }
        // add sorting by id for unique sort order
        if (count($sortparts) < 2 && empty($seenid)) {
            $sortparts[] = $publicationsdef['id'] . ' DESC';
        }
        $query .= ' ORDER BY ' . join(', ', $sortparts);
    } elseif (!empty($search) && !empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') {
        // For fulltext, let the database return the publications by relevance here (= default)
        // For fulltext in boolean mode, add MATCH () ... AS relevance ... ORDER BY relevance DESC (cfr. leftjoin)
        if (!empty($required['relevance']) && $searchtype == 'fulltext boolean') {
            $query .= ' ORDER BY relevance DESC, ' . $publicationsdef['create_date'] . ' DESC, ' . $publicationsdef['id'] . ' DESC';
        }
    } else {
        // default is 'create_date'
        $query .= ' ORDER BY ' . $publicationsdef['create_date'] . ' DESC, ' . $publicationsdef['id'] . ' DESC';
    }
    //echo $query;
    // Run the query - finally :-)
    if (isset($numitems) && is_numeric($numitems)) {
        $result =& $dbconn->SelectLimit($query, $numitems, $startnum - 1);
    } else {
        $result =& $dbconn->Execute($query);
    }
    if (!$result) {
        return;
    }
    $itemids_per_type = array();
    // Put publications into result array
    for (; !$result->EOF; $result->MoveNext()) {
        $data = $result->fields;
        $item = array();
        // loop over all required fields again
        foreach ($required as $field => $val) {
            if ($field == 'cids' || $field == 'dynamicdata' || $val != 1) {
                continue;
            }
            $value = array_shift($data);
            if ($field == 'rating') {
                $value = intval($value);
            }
            $item[$field] = $value;
        }
        // check security - don't generate an exception here
        if (empty($required['cids']) && !xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) {
            continue;
        }
        $publications[] = $item;
        if (!empty($required['dynamicdata'])) {
            $pubtype = $item['pubtype_id'];
            if (!isset($itemids_per_type[$pubtype])) {
                $itemids_per_type[$pubtype] = array();
            }
            $itemids_per_type[$pubtype][] = $item['id'];
        }
    }
    $result->Close();
    if (!empty($required['cids']) && count($publications) > 0) {
        // Get all the categories at once
        $ids = array();
        foreach ($publications as $article) {
            $ids[] = $article['id'];
        }
        // Load API
        if (!xarModAPILoad('categories', 'user')) {
            return;
        }
        // Get the links for the Array of iids we have
        $cids = xarModAPIFunc('categories', 'user', 'getlinks', array('iids' => $ids, 'reverse' => 1, 'modid' => $regid));
        // Inserting the corresponding Category ID in the Publication Description
        $delete = array();
        $cachesec = array();
        foreach ($publications as $key => $article) {
            if (isset($cids[$article['id']]) && count($cids[$article['id']]) > 0) {
                $publications[$key]['cids'] = $cids[$article['id']];
                foreach ($cids[$article['id']] as $cid) {
                    if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$article['pubtype_id']}:{$cid}:{$article['owner']}:{$article['id']}")) {
                        $delete[$key] = 1;
                        break;
                    }
                    if (!isset($cachesec[$cid])) {
                        // TODO: combine with ViewCategoryLink check when we can combine module-specific
                        // security checks with "parent" security checks transparently ?
                        $cachesec[$cid] = xarSecurityCheck('ReadCategories', 0, 'Category', "All:{$cid}");
                    }
                    if (!$cachesec[$cid]) {
                        $delete[$key] = 1;
                        break;
                    }
                }
            } else {
                if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$article['pubtype_id']}:All:{$article['owner']}:{$article['id']}")) {
                    $delete[$key] = 1;
                    continue;
                }
            }
        }
        if (count($delete) > 0) {
            foreach ($delete as $key => $val) {
                unset($publications[$key]);
            }
        }
    }
    if (!empty($required['dynamicdata']) && count($publications) > 0) {
        foreach ($itemids_per_type as $pubtype => $itemids) {
            if (!xarModIsHooked('dynamicdata', 'publications', $pubtype)) {
                continue;
            }
            list($properties, $items) = xarModAPIFunc('dynamicdata', 'user', 'getitemsforview', array('module' => 'publications', 'itemtype' => $pubtype, 'itemids' => $itemids, 'state' => 1));
            if (empty($properties) || count($properties) == 0) {
                continue;
            }
            foreach ($publications as $key => $article) {
                // otherwise publications (of different pub types) with dd properties having the same
                // names reset previously set values to empty string for each iteration based on the pubtype
                if ($article['pubtype_id'] != $pubtype) {
                    continue;
                }
                foreach (array_keys($properties) as $name) {
                    if (isset($items[$article['id']]) && isset($items[$article['id']][$name])) {
                        $value = $items[$article['id']][$name];
                    } else {
                        $value = $properties[$name]->default;
                    }
                    $publications[$key][$name] = $value;
                    // TODO: clean up this temporary fix
                    if (!empty($value)) {
                        $publications[$key][$name . '_output'] = $properties[$name]->showOutput(array('value' => $value));
                    }
                }
            }
        }
    }
    return $publications;
}