/**
* Reverse IP filter
*/
function fn_settings_actions_addons_access_restrictions_admin_reverse_ip_access(&$new_value, $old_value)
{
$ip = fn_get_ip(true);
if ($new_value == 'Y') {
$ip_data = db_get_row("SELECT item_id, status FROM ?:access_restriction WHERE ip_from = ?i AND ip_to = ?i AND type IN ('aas', 'aab', 'aar')", $ip['host'], $ip['host']);
if (empty($ip_data) || empty($ip_data['item_id'])) {
// Add IP
$restrict_ip = array('ip_from' => $ip['host'], 'ip_to' => $ip['host'], 'type' => 'aas', 'timestamp' => TIME, 'expires' => '0', 'status' => 'A');
$__data = array();
$__data['item_id'] = db_query("REPLACE INTO ?:access_restriction ?e", $restrict_ip);
$__data['type'] = 'aas';
foreach (fn_get_translation_languages() as $__data['lang_code'] => $_v) {
$__data['reason'] = __('store_admin', '', $__data['lang_code']);
db_query("REPLACE INTO ?:access_restriction_reason_descriptions ?e", $__data);
}
fn_set_notification('W', __('warning'), __('your_ip_added', array('[ip]' => long2ip($ip['host']))));
} elseif (empty($ip_data['status']) || $ip_data['status'] != 'A') {
// Change IP status to available
db_query("UPDATE ?:access_restriction SET ?u WHERE item_id = ?i", array('status' => 'A'), $ip_data['item_id']);
fn_set_notification('W', __('warning'), __('your_ip_enabled', array('[ip]' => long2ip($ip['host']))));
}
} else {
// Delete IP
$ips_data = db_get_array("SELECT item_id, type FROM ?:access_restriction WHERE ip_from <= ?i AND ip_to >= ?i AND type IN ('aas', 'aab', 'aar')", $ip['host'], $ip['host']);
if (!empty($ips_data)) {
foreach ($ips_data as $ip_data) {
db_query("DELETE FROM ?:access_restriction WHERE item_id = ?i", $ip_data['item_id']);
db_query("DELETE FROM ?:access_restriction_reason_descriptions WHERE item_id = ?i AND type = ?s", $ip_data['item_id'], $ip_data['type']);
}
fn_set_notification('W', __('warning'), __('your_ip_removed', array('[ip]' => long2ip($ip['host']))));
}
}
return true;
}
function session_require($req)
{
global $Language;
/*
Codendi admins always return true
*/
if (user_is_super_user()) {
return true;
}
if (isset($req['group']) && $req['group']) {
$query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']);
if (isset($req['admin_flags']) && $req['admin_flags']) {
$query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'";
}
if (db_numrows(db_query($query)) < 1 || !$req['group']) {
exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['user']) && $req['user']) {
if (user_getid() != $req['user']) {
exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['isloggedin']) && $req['isloggedin']) {
if (!user_isloggedin()) {
exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login'));
}
} else {
exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access'));
}
}
/**
* Overrides \RestfulEntityBase::getQueryForList().
*/
public function getQueryForList() {
$query = parent::getQueryForList();
// Get the configured roles.
if (!$options = $this->getPluginKey('options')) {
return $query;
}
// Get a list of role ids for the configured roles.
$roles_list = user_roles();
$selected_rids = array();
foreach ($roles_list as $rid => $role) {
if (in_array($role, $options['roles'])) {
$selected_rids[] = $rid;
}
}
if (empty($selected_rids)) {
return $query;
}
// Get the list of user ids belonging to the selected roles.
$uids = db_query('SELECT uid FROM {users_roles} WHERE rid IN (:rids)', array(
':rids' => $selected_rids,
))->fetchAllAssoc('uid');
// Restrict the list of entities to the nodes authored by any user on the
// list of users with the administrator role.
if (!empty($uids)) {
$query->propertyCondition('uid', array_keys($uids), 'IN');
}
return $query;
}
public function load($node)
{
$sql = "SELECT author_name, media_source, url, pubdate FROM {newsarticle} WHERE vid = %d";
$na = db_fetch_object(db_query($sql, $node->vid));
$na->datestr = scf_date_string($na->pubdate);
return $na;
}
function db_insert($table, $hash)
{
$fields = array_keys($hash);
$sql = "INSERT INTO `{$table}` (`" . implode('`,`', $fields) . "`) VALUES ('" . implode("','", $hash) . "')";
$result = db_query($sql);
return mysql_insert_id();
}
function get_associations()
{
$d = new DBSelector();
$d->add_table('ar', 'allowable_relationship');
$d->add_table('allowable_relationship');
$d->add_table('relationship');
$d->add_table('entity');
$d->add_relation('allowable_relationship.name = "site_to_type"');
$d->add_relation('allowable_relationship.id = relationship.type');
$d->add_relation('relationship.entity_a = ' . $this->admin_page->site_id);
$d->add_relation('relationship.entity_b = ar.relationship_b');
$d->add_relation('entity.id = ar.relationship_b');
$d->add_field('entity', 'id', 'e_id');
$d->add_field('entity', 'name', 'e_name');
$d->add_field('ar', '*');
$d->add_relation('ar.relationship_a = ' . $this->admin_page->type_id);
if (reason_relationship_names_are_unique()) {
$d->add_relation('ar.type = "association"');
} else {
$d->add_relation('ar.name != "owns"');
}
$d->add_relation('(ar.custom_associator IS NULL OR ar.custom_associator = "")');
$r = db_query($d->get_query(), 'Error selecting relationships');
$return_me = array();
while ($row = mysql_fetch_array($r, MYSQL_ASSOC)) {
$return_me[$row['id']] = $row;
}
$this->associations = $return_me;
if (empty($this->admin_page->rel_id)) {
reset($this->associations);
list($key, ) = each($this->associations);
$this->admin_page->rel_id = $key;
}
}
function viewcommentaryargs_dohook($hook, $args)
{
global $currentCommentaryArea;
switch ($hook) {
case 'blockcommentarea':
$currentCommentaryArea = $args['section'];
break;
case 'viewcommentary':
$accounts = db_prefix('accounts');
$commentary = db_prefix('commentary');
preg_match("/bio.php\\?char=(.*)&ret/", $args['commentline'], $matches);
$acctid = filter_var($matches[1], FILTER_SANITIZE_NUMBER_INT);
$sql = db_query_cached("SELECT login, name FROM {$accounts} WHERE acctid = {$acctid}", "commentary-author_name-{$acctid}", 86400);
$row = db_fetch_assoc($sql);
$name = $row['name'];
$login = $row['login'];
$temp = explode($row['name'], $args['commentline']);
$temp = str_replace('`3 says, "`#', '', $temp[1]);
$temp = str_replace('`3"', '', $temp);
$temp = str_replace('/me', '', $temp);
$temp = str_replace(':', '', $temp);
$temp = str_replace('</a>', '', $temp);
$temp = full_sanitize($temp);
$temp = addslashes(implode('%', str_split(trim($temp))));
$sql = db_query("SELECT commentid, comment, postdate FROM {$commentary}\n WHERE comment LIKE '%{$temp}%'\n AND section = '{$currentCommentaryArea}'");
$row = db_fetch_assoc($sql);
$args = ['commentline' => $args['commentline'], 'section' => $currentCommentaryArea, 'commentid' => $row['commentid'], 'comment' => $row['comment'], 'author_acctid' => $acctid, 'author_login' => $login, 'author_name' => $name, 'date' => $row['postdate']];
unset($row);
unset($temp);
break;
}
return $args;
}
/**
* Retrieves what Twitter accounts the given user can post to.
*/
function hook_twitter_accounts($drupal_user, $full_access = FALSE) {
$accounts = array();
if (user_access('use global twitter account') &&
($name = variable_get('twitter_global_name', NULL)) &&
($pass = variable_get('twitter_global_password', NULL))) {
$accounts[$name] = array(
'screen_name' => $name,
'password' => $pass,
);
}
$sql = " SELECT ta.*, tu.uid, tu.password, tu.import FROM {twitter_user} tu ";
$sql .= "LEFT JOIN {twitter_account} ta ON (tu.screen_name = ta.screen_name) ";
$sql .= "WHERE tu.uid = %d";
if ($full_access) {
$sql .= " AND tu.password IS NOT NULL";
}
$args = array($drupal_user->uid);
$results = db_query($sql, $args);
while ($account = db_fetch_array($results)) {
$accounts[$account['screen_name']] = $account;
}
return $accounts;
}
/**
* Act on user objects when loaded from the database.
*
* Due to the static cache in user_load_multiple() you should not use this
* hook to modify the user properties returned by the {users} table itself
* since this may result in unreliable results when loading from cache.
*
* @param $users
* An array of user objects, indexed by uid.
*
* @see user_load_multiple()
* @see profile_user_load()
*/
function hook_user_load($users)
{
$result = db_query('SELECT uid, foo FROM {my_table} WHERE uid IN (:uids)', array(':uids' => array_keys($users)));
foreach ($result as $record) {
$users[$record->uid]->foo = $record->foo;
}
}
/**
* Function update_access_time
* This function updates the time a template was last edited
* @param array $row_edit = an array returned from a mysql query
* @return bool True or False if two params match
* @version 1.0
* @author Patrick Lockley
*/
function update_access_time($row_edit)
{
global $xerte_toolkits_site;
/* This function is called even if the template is new - in which case it fails as a record doesn't exist */
db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET date_accessed=? WHERE template_id = ?", array(date('Y-m-d'), $row_edit['template_id']));
return true;
}
/**
* Cleans up variables by template.
*/
public static function doVariablesCleanupByTemplate($template)
{
$result = db_query("\n SELECT name FROM {variable}\n WHERE name LIKE '" . $template . "'");
foreach ($result as $row) {
variable_del($row->name);
}
}
function cw_ps_bundle_update($product_id)
{
global $tables, $config;
$product_id = (int) $product_id;
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
cw_ps_bundle_redirect($product_id);
}
$offer_id = cw_call('cw_ps_offer_bundle_update', array($product_id, $_POST));
// Delete selected products
if (is_array($_POST['del_cond'])) {
foreach ($_POST['del_cond'] as $k => $v) {
$k = intval($k);
db_query("DELETE FROM {$tables['ps_cond_details']} WHERE offer_id='{$offer_id}' AND object_id='{$k}' AND object_type='" . PS_OBJ_TYPE_PRODS . "'");
db_query("DELETE FROM {$tables['ps_bonus_details']} WHERE offer_id='{$offer_id}' AND object_id='{$k}' AND object_type='" . PS_OBJ_TYPE_PRODS . "'");
}
}
$cond_products = cw_query_column("SELECT object_id FROM {$tables['ps_cond_details']} WHERE offer_id='{$offer_id}' AND object_type='" . PS_OBJ_TYPE_PRODS . "'");
if (count($cond_products) <= 1) {
//delete offer
cw_call('cw_ps_offer_delete', array($offer_id));
}
cw_array2update('ps_offers', array('auto' => 0), "offer_id='{$offer_id}'");
// TODO: Domain assignation
cw_ps_bundle_redirect($product_id);
}
function teacher_login($login, $password)
{
$sql = "SELECT teacher_id FROM teachers WHERE login='******' AND passwd='%s'";
$res = db_query($sql, $login, md5($password));
$row = mysql_fetch_assoc($res);
return $row;
}
/**
* Displays links to all products that have not been categorized.
*
* @return
* Renderable form array.
*/
public function orphans()
{
$build = array();
if ($this->config('taxonomy.settings')->get('maintain_index_table')) {
$vid = $this->config('uc_catalog.settings')->get('vocabulary');
$product_types = uc_product_types();
$field = FieldStorageConfig::loadByName('node', 'taxonomy_catalog');
//@todo - figure this out
// $field is a config object, not an array, so this doesn't work.
//$types = array_intersect($product_types, $field['bundles']['node']);
$types = $product_types;
//temporary to get this to work at all
$result = db_query('SELECT DISTINCT n.nid, n.title FROM {node_field_data} n LEFT JOIN (SELECT ti.nid, td.vid FROM {taxonomy_index} ti LEFT JOIN {taxonomy_term_data} td ON ti.tid = td.tid WHERE td.vid = :vid) txnome ON n.nid = txnome.nid WHERE n.type IN (:types[]) AND txnome.vid IS NULL', [':vid' => $vid, ':types[]' => $types]);
$rows = array();
while ($node = $result->fetchObject()) {
$rows[] = $this->l($node->title, Url::fromRoute('entity.node.edit_form', ['node' => $node->nid], ['query' => ['destination' => 'admin/store/products/orphans']]));
}
if (count($rows) > 0) {
$build['orphans'] = array('#theme' => 'item_list', '#items' => $rows);
} else {
$build['orphans'] = array('#markup' => $this->t('All products are currently listed in the catalog.'), '#prefix' => '<p>', '#suffix' => '</p>');
}
} else {
$build['orphans'] = array('#markup' => $this->t('The node terms index is not being maintained, so Ubercart can not determine which products are not entered into the catalog.'), '#prefix' => '<p>', '#suffix' => '</p>');
}
return $build;
}
function getPeriods($yr, $mo, $account, $dimension, $dimension2, $balance = false)
{
//$begin = date2sql(begin_fiscalyear());
$date13 = date('Y-m-d', mktime(0, 0, 0, $mo + 12, 1, $yr));
$date12 = date('Y-m-d', mktime(0, 0, 0, $mo + 11, 1, $yr));
$date11 = date('Y-m-d', mktime(0, 0, 0, $mo + 10, 1, $yr));
$date10 = date('Y-m-d', mktime(0, 0, 0, $mo + 9, 1, $yr));
$date09 = date('Y-m-d', mktime(0, 0, 0, $mo + 8, 1, $yr));
$date08 = date('Y-m-d', mktime(0, 0, 0, $mo + 7, 1, $yr));
$date07 = date('Y-m-d', mktime(0, 0, 0, $mo + 6, 1, $yr));
$date06 = date('Y-m-d', mktime(0, 0, 0, $mo + 5, 1, $yr));
$date05 = date('Y-m-d', mktime(0, 0, 0, $mo + 4, 1, $yr));
$date04 = date('Y-m-d', mktime(0, 0, 0, $mo + 3, 1, $yr));
$date03 = date('Y-m-d', mktime(0, 0, 0, $mo + 2, 1, $yr));
$date02 = date('Y-m-d', mktime(0, 0, 0, $mo + 1, 1, $yr));
$date01 = date('Y-m-d', mktime(0, 0, 0, $mo, 1, $yr));
if (!$balance) {
$sql = "SELECT SUM(CASE WHEN tran_date >= '{$date01}' AND tran_date < '{$date02}' THEN amount ELSE 0 END) AS per01,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date02}' AND tran_date < '{$date03}' THEN amount ELSE 0 END) AS per02,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date03}' AND tran_date < '{$date04}' THEN amount ELSE 0 END) AS per03,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date04}' AND tran_date < '{$date05}' THEN amount ELSE 0 END) AS per04,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date05}' AND tran_date < '{$date06}' THEN amount ELSE 0 END) AS per05,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date06}' AND tran_date < '{$date07}' THEN amount ELSE 0 END) AS per06,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date07}' AND tran_date < '{$date08}' THEN amount ELSE 0 END) AS per07,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date08}' AND tran_date < '{$date09}' THEN amount ELSE 0 END) AS per08,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date09}' AND tran_date < '{$date10}' THEN amount ELSE 0 END) AS per09,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date10}' AND tran_date < '{$date11}' THEN amount ELSE 0 END) AS per10,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date11}' AND tran_date < '{$date12}' THEN amount ELSE 0 END) AS per11,\n\t\t \t\tSUM(CASE WHEN tran_date >= '{$date12}' AND tran_date < '{$date13}' THEN amount ELSE 0 END) AS per12\n \t\t\tFROM " . TB_PREF . "gl_trans\n\t\t\t\tWHERE account='{$account}'";
} else {
$sql = "SELECT SUM(CASE WHEN tran_date < '{$date02}' THEN amount ELSE 0 END) AS per01,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date03}' THEN amount ELSE 0 END) AS per02,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date04}' THEN amount ELSE 0 END) AS per03,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date05}' THEN amount ELSE 0 END) AS per04,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date06}' THEN amount ELSE 0 END) AS per05,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date07}' THEN amount ELSE 0 END) AS per06,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date08}' THEN amount ELSE 0 END) AS per07,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date09}' THEN amount ELSE 0 END) AS per08,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date10}' THEN amount ELSE 0 END) AS per09,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date11}' THEN amount ELSE 0 END) AS per10,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date12}' THEN amount ELSE 0 END) AS per11,\n\t\t \t\tSUM(CASE WHEN tran_date < '{$date13}' THEN amount ELSE 0 END) AS per12\n \t\t\tFROM " . TB_PREF . "gl_trans\n\t\t\t\tWHERE account='{$account}'";
}
if ($dimension != 0) {
$sql .= " AND dimension_id = " . ($dimension < 0 ? 0 : db_escape($dimension));
}
if ($dimension2 != 0) {
$sql .= " AND dimension2_id = " . ($dimension2 < 0 ? 0 : db_escape($dimension2));
}
$result = db_query($sql, "Transactions for account {$account} could not be calculated");
return db_fetch($result);
}
function svn_data_get_revision_detail($group_id, $commit_id, $rev_id = 0, $order = '')
{
$order_str = "";
if ($order) {
if ($order != 'filename') {
// SQLi Warning: no real possibility to escape $order here.
// We rely on a proper filtering of user input by calling methods.
$order_str = " ORDER BY " . $order;
} else {
$order_str = " ORDER BY dir, file";
}
}
//check user access rights
$pm = ProjectManager::instance();
$project = $pm->getProject($group_id);
$forbidden = svn_utils_get_forbidden_paths(user_getname(), $project->getSVNRootPath());
$where_forbidden = "";
if (!empty($forbidden)) {
while (list($no_access, ) = each($forbidden)) {
$where_forbidden .= " AND svn_dirs.dir not like '%" . db_es(substr($no_access, 1)) . "%' ";
}
}
// if the subversion revision id is given then it akes precedence on
// the internal commit_id (this is to make it easy for users to build
// URL to access a revision
if ($rev_id) {
// To be done -> get the commit ID from the svn-commit table
$sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.revision=" . db_ei($rev_id) . " " . "AND svn_commits.group_id=" . db_ei($group_id) . " " . $where_forbidden . $order_str;
} else {
$sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.id=" . db_ei($commit_id) . " " . $where_forbidden . $order_str;
}
$result = db_query($sql);
return $result;
}
function fn_product_price_calculator_clone_product_post($product_id, $pid, $orig_name, $new_name)
{
if (fn_check_price_calc($product_id) == 'Y') {
$fields = fn_get_fields($product_id);
if (!empty($fields)) {
foreach ($fields as $v) {
$v['product_id'] = $pid;
db_query('INSERT INTO ?:ppc ?e', $v);
}
}
$formula = db_get_field('SELECT formula FROM ?:ppc_formula WHERE product_id = ?i', $product_id);
$for_des = fn_get_formula_description($product_id);
$product_options = fn_get_product_options($product_id, CART_LANGUAGE);
$new_product_options = fn_get_product_options($pid, CART_LANGUAGE);
foreach ($product_options as $k => $v) {
foreach ($new_product_options as $k1 => $v1) {
if ($v['option_name'] == $v1['option_name']) {
$formula = str_replace("[opt_{$k}]", "[opt_{$k1}]", $formula);
$formula = str_replace("[optw_{$k}]", "[optw_{$k1}]", $formula);
break;
}
}
}
db_query('INSERT INTO ?:ppc_formula VALUES (?i, ?s, ?s)', $pid, $formula, $for_des);
}
}
public function getMails()
{
// Note: The mail system may be hardcoded in settings.php.
$mail_array = array();
if ($this->maillog) {
$results = db_query("SELECT idmaillog, header_from, header_to, header_reply_to, header_all, subject, body FROM {maillog}");
foreach ($results as $result) {
$mail = array();
// Reformat the results to match what TestMailSystem creates.
$mail['to'] = $result->header_to;
$mail['from'] = $result->header_from;
$mail['subject'] = $result->subject;
$mail['body'] = $result->body;
$mail_array[] = $mail;
}
return $mail_array;
}
// We can't use variable_get() because $conf is only fetched once per
// scenario... (TODO IS THIS TRUE? seems like it should work fine because of variable_set()
// setting the database and $conf (settings cache) --Frank)
$variables = array_map('unserialize', db_query("SELECT name, value FROM {variable} WHERE name = 'drupal_test_email_collector'")->fetchAllKeyed());
if (isset($variables['drupal_test_email_collector'])) {
return $variables['drupal_test_email_collector'];
}
return $mail_array;
}
public static function login($name, $email, $user)
{
if (!$name || !$user) {
throw new Exception('Wypełnij wszystkie pola.');
}
$user = new ChatUser(array('name' => $name, 'gravatar' => $user));
include_once "../db_connect.php";
include_once "../include/ust.php";
$Querys = 'SELECT * FROM ' . $pre . 'user WHERE user_id=' . $_SESSION['user_id'] . '';
$results = db_query($Querys) or die(db_error());
while ($rows = db_fetch($results)) {
$ile_pkt = $rows['user_money'];
if ($rows['user_vip'] >= time()) {
$czy_vp = 1;
}
$user_chat = $rows['user_chat'];
}
if ($user_chat == 1) {
throw new Exception('Masz zablokowany dostęp do czatu.');
}
if ($czy_vp != 1) {
if ($ile_pkt > $ust['chatp']) {
$up = "UPDATE " . $pre . "user SET user_money=user_money-" . $ust['chatp'] . " WHERE user_id='" . db_real_escape_string($_SESSION['user_id']) . "'";
db_query($up);
} else {
throw new Exception('Masz zamało punktów by dołączyć do czatu.');
}
}
// The save method returns a MySQLi object
if ($user->save()->affected_rows != 1) {
throw new Exception('Nick jest zajęty.');
}
$_SESSION['user'] = array('name' => $name, 'gravatar' => $user);
return array('status' => 1, 'name' => $name, 'gravatar' => $user);
}
/**
* Fill the arrays $this->source_refs_datas and $this->target_refs_datas
* for the current CrossReferenceFactory
*/
function fetchDatas()
{
$sql = "SELECT * \n FROM cross_references \n WHERE (target_gid=" . $this->entity_gid . " AND target_id='" . $this->entity_id . "' AND target_type='" . $this->entity_type . "' ) \n OR (source_gid=" . $this->entity_gid . " AND source_id='" . $this->entity_id . "' AND source_type='" . $this->entity_type . "' )";
$res = db_query($sql);
if ($res && db_numrows($res) > 0) {
$this->source_refs_datas = array();
$this->target_refs_datas = array();
while ($field_array = db_fetch_array($res)) {
$target_id = $field_array['target_id'];
$target_gid = $field_array['target_gid'];
$target_type = $field_array['target_type'];
$target_key = $field_array['target_keyword'];
$source_id = $field_array['source_id'];
$source_gid = $field_array['source_gid'];
$source_type = $field_array['source_type'];
$source_key = $field_array['source_keyword'];
$user_id = $field_array['user_id'];
$created_at = $field_array['created_at'];
if ($target_id == $this->entity_id && $target_gid == $this->entity_gid && $target_type == $this->entity_type) {
$this->source_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
}
if ($source_id == $this->entity_id && $source_gid == $this->entity_gid && $source_type == $this->entity_type) {
$this->target_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
}
}
}
}
function query($sql, $params = array(), $security_override = false)
{
global $db_prefix, $user_info, $user_info;
if (empty($sql)) {
return false;
}
// Set this in global space
$this->params = $params;
// Figure out the file and line
if (function_exists('debug_backtrace')) {
$trace = debug_backtrace();
$file = $trace[0]['file'];
$line = $trace[0]['line'];
} else {
$file = __FILE__;
$line = __LINE__;
}
// Perform the replace
if (!$security_override) {
$this->sql = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', array(&$this, '_replace_callback'), $sql);
} else {
$this->sql = $sql;
}
// Perform the query
$this->result = db_query($this->sql, $file, $line);
}
/**
* Confirms that we can update two blob columns in the same table.
*/
function testUpdateMultipleBlob()
{
$id = db_insert('test_two_blobs')->fields(array('blob1' => 'This is', 'blob2' => 'a test'))->execute();
db_update('test_two_blobs')->condition('id', $id)->fields(array('blob1' => 'and so', 'blob2' => 'is this'))->execute();
$r = db_query('SELECT * FROM {test_two_blobs} WHERE id = :id', array(':id' => $id))->fetchAssoc();
$this->assertTrue($r['blob1'] === 'and so' && $r['blob2'] === 'is this', 'Can update multiple blobs per row.');
}
function register_valid()
{
if (!$GLOBALS["Update"]) {
return 0;
}
// check against old pw
$res = db_query("SELECT user_pw, status FROM users WHERE user_id=" . user_getid());
$row_pw = db_fetch_array($res);
if ($row_pw[user_pw] != md5($GLOBALS[form_oldpw])) {
$GLOBALS[register_error] = "Old password is incorrect.";
return 0;
}
if ($row_pw[status] != 'A') {
$GLOBALS[register_error] = "Account must be active to change password.";
return 0;
}
if (!$GLOBALS[form_pw]) {
$GLOBALS[register_error] = "You must supply a password.";
return 0;
}
if ($GLOBALS[form_pw] != $GLOBALS[form_pw2]) {
$GLOBALS[register_error] = "Passwords do not match.";
return 0;
}
if (!account_pwvalid($GLOBALS[form_pw])) {
return 0;
}
// if we got this far, it must be good
$user =& user_get_object(user_getid());
if (!$user->setPasswd($GLOBALS['form_pw'])) {
$GLOBALS['register_error'] = $user->getErrorMessage();
return 0;
}
return 1;
}
/**
* build pie chart properties
*
* @param Pie_Engine $engine object
*/
function buildProperties($engine)
{
parent::buildProperties($engine);
$engine->data = array();
$engine->legend = null;
$result = array();
$ff = Tracker_FormElementFactory::instance();
$af = $ff->getFormElementById($this->chart->getField_base());
if ($af && $af->userCanRead()) {
$select = " SELECT count(a.id) AS nb, " . $af->getQuerySelect();
$from = " FROM tracker_artifact AS a INNER JOIN tracker_changeset AS c ON (c.artifact_id = a.id) " . $af->getQueryFrom();
$where = " WHERE a.id IN (" . $this->artifacts['id'] . ") \n AND c.id IN (" . $this->artifacts['last_changeset_id'] . ") ";
$sql = $select . $from . $where . ' GROUP BY ' . $af->getQueryGroupBy();
$res = db_query($sql);
while ($data = db_fetch_array($res)) {
if ($data[$af->name] !== null) {
$engine->data[] = $data['nb'];
$engine->legend[] = $af->fetchRawValue($data[$af->name]);
} else {
$engine->data[] = $data['nb'];
$engine->legend[] = $GLOBALS['Language']->getText('global', 'none');
}
}
}
return $result;
}
/**
* Perform a single batch operation.
*
* Callback for batch_set().
*
* @param $MULTIPLE_PARAMS
* Additional parameters specific to the batch. These are specified in the
* array passed to batch_set().
* @param $context
* The batch context array, passed by reference. This contains the following
* properties:
* - 'finished': A float number between 0 and 1 informing the processing
* engine of the completion level for the operation. 1 (or no value
* explicitly set) means the operation is finished: the operation will not
* be called again, and execution passes to the next operation or the
* callback_batch_finished() implementation. Any other value causes this
* operation to be called again; however it should be noted that the value
* set here does not persist between executions of this callback: each time
* it is set to 1 by default by the batch system.
* - 'sandbox': This may be used by operations to persist data between
* successive calls to the current operation. Any values set in
* $context['sandbox'] will be there the next time this function is called
* for the current operation. For example, an operation may wish to store a
* pointer in a file or an offset for a large query. The 'sandbox' array key
* is not initially set when this callback is first called, which makes it
* useful for determining whether it is the first call of the callback or
* not:
* @code
* if (empty($context['sandbox'])) {
* // Perform set-up steps here.
* }
* @endcode
* The values in the sandbox are stored and updated in the database between
* http requests until the batch finishes processing. This avoids problems
* if the user navigates away from the page before the batch finishes.
* - 'message': A text message displayed in the progress page.
* - 'results': The array of results gathered so far by the batch processing.
* This array is highly useful for passing data between operations. After
* all operations have finished, this is passed to callback_batch_finished()
* where results may be referenced to display information to the end-user,
* such as how many total items were processed.
*/
function callback_batch_operation($MULTIPLE_PARAMS, &$context)
{
if (!isset($context['sandbox']['progress'])) {
$context['sandbox']['progress'] = 0;
$context['sandbox']['current_node'] = 0;
$context['sandbox']['max'] = db_query('SELECT COUNT(DISTINCT nid) FROM {node}')->fetchField();
}
// For this example, we decide that we can safely process
// 5 nodes at a time without a timeout.
$limit = 5;
// With each pass through the callback, retrieve the next group of nids.
$result = db_query_range("SELECT nid FROM {node} WHERE nid > %d ORDER BY nid ASC", $context['sandbox']['current_node'], 0, $limit);
while ($row = db_fetch_array($result)) {
// Here we actually perform our processing on the current node.
$node = node_load($row['nid'], NULL, TRUE);
$node->value1 = $options1;
$node->value2 = $options2;
node_save($node);
// Store some result for post-processing in the finished callback.
$context['results'][] = check_plain($node->title);
// Update our progress information.
$context['sandbox']['progress']++;
$context['sandbox']['current_node'] = $node->nid;
$context['message'] = t('Now processing %node', array('%node' => $node->title));
}
// Inform the batch engine that we are not finished,
// and provide an estimation of the completion level we reached.
if ($context['sandbox']['progress'] != $context['sandbox']['max']) {
$context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
}
}
function ArtifactFromID($id, $data = false)
{
if ($data) {
$art_arr =& $data;
} else {
$res = db_query("SELECT * FROM artifact_vw WHERE artifact_id='{$id}'");
if (!$res || db_numrows($res) < 1) {
$this->setError("Invalid Artifact ID");
return false;
} else {
$art_arr =& db_fetch_array($res);
}
}
$at = artifactType_get_object($art_arr['group_artifact_id']);
if (!$at || !is_object($at)) {
$this->setError("Could Not Create ArtifactType");
return false;
} elseif ($at->isError()) {
$this->setError($at->getErrorMessage());
return false;
}
$this->ArtifactType =& $at;
$a = artifact_get_object($id, $art_arr);
if (!$a || !is_object($a)) {
$this->setError("Could Not Create Artifact");
return false;
} elseif ($a->isError()) {
$this->setError($a->getErrorMessage());
return false;
}
$this->Artifact =& $a;
return true;
}
/**
* Act on profiles being loaded from the database.
*
* This hook is invoked during profile loading, which is handled by
* entity_load(), via the EntityCRUDController.
*
* @param $entities
* An array of profile2 entities being loaded, keyed by id.
*
* @see hook_entity_load()
*/
function hook_profile2_load($entities)
{
$result = db_query('SELECT pid, foo FROM {mytable} WHERE pid IN(:ids)', array(':ids' => array_keys($entities)));
foreach ($result as $record) {
$entities[$record->pid]->foo = $record->foo;
}
}
public static function apiUpdateOrder($order, $response)
{
if (!defined('ORDER_MANAGEMENT')) {
define('ORDER_MANAGEMENT', true);
}
if (!empty($order['status'])) {
$statuses = fn_get_statuses(STATUSES_ORDER, false, true);
if (!isset($statuses[$order['status']])) {
$response->addError('ERROR_OBJECT_UPDATE', str_replace('[object]', 'orders', __('twgadmin_wrong_api_object_data')));
} else {
fn_change_order_status($order['order_id'], $order['status']);
}
}
$cart = array();
fn_clear_cart($cart, true);
$customer_auth = fn_fill_auth(array(), array(), false, 'C');
fn_form_cart($order['order_id'], $cart, $customer_auth);
$cart['order_id'] = $order['order_id'];
// update only profile data
$profile_data = fn_check_table_fields($order, 'user_profiles');
$cart['user_data'] = fn_array_merge($cart['user_data'], $profile_data);
fn_calculate_cart_content($cart, $customer_auth, 'A', true, 'I');
if (!empty($order['details'])) {
db_query('UPDATE ?:orders SET details = ?s WHERE order_id = ?i', $order['details'], $order['order_id']);
}
if (!empty($order['notes'])) {
$cart['notes'] = $order['notes'];
}
list($order_id, $process_payment) = fn_place_order($cart, $customer_auth, 'save');
return array($order_id, $process_payment);
}
function dwellings_run()
{
checkday();
page_header("Dwellings");
global $session;
$op = httpget("op");
$dwid = httpget('dwid');
$type = httpget('type');
debug(get_module_pref("location_saver"));
if ($type == "" && $dwid > 0) {
$sql = "SELECT type FROM " . db_prefix("dwellings") . " WHERE dwid={$dwid}";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$type = $row['type'];
}
$cityid = httpget('cityid');
require_once "modules/dwellings/run/case_{$op}.php";
if ($op != "list" && $op != "") {
addnav("Leave");
addnav("Return to Hamlet", "runmodule.php?module=dwellings");
} else {
addnav("Navigation");
villagenav();
}
page_footer();
}
function del_same_editor_rights()
{
/*Проверка прав на выполнение действия*/
if (!check_rights('add_same_editor_rights')) {
return "У вас нет соответствующих прав";
}
/*Получаем и проверяем данные от пользователя*/
$editor_id = (int) $_GET['editor'];
/*Получаем и проверяем данные от пользователя*/
$user_id = (int) $_GET['user'];
/*Проверка входных данных*/
if (db_easy_count("SELECT * FROM `phpbb_users` WHERE `user_id`={$editor_id} AND `timetable_editor`=1") == 0) {
return "Ошибка в формате входных данных (editor)";
}
/*Проверка входных данных*/
if (db_easy_count("SELECT * FROM `phpbb_users` WHERE `user_id`={$user_id}") == 0) {
return "Ошибка в формате входных данных (user)";
}
//Запрос к базе
if (db_easy_count("SELECT * FROM `phpbb_timetable_editors_rights` WHERE `user_id`={$user_id} AND `editor_id`={$editor_id}") > 0) {
$insertRES = db_query("DELETE FROM `phpbb_timetable_editors_rights` WHERE `user_id`={$user_id} AND `editor_id`={$editor_id}");
}
/*Проверка правильности выполнения запроса к БД*/
if (!db_result($insertRES)) {
return "Ошибка при выполнении (DELETE)";
}
//Выполняем HTTP запрос
header("location: /manager.php?action=show_timetable_rights");
}
