/** * Return the number of users registered in the system. * * @param bool $show_deactivated * @return int */ function get_number_users($show_deactivated = false) { global $CONFIG; $access = ""; if (!$show_deactivated) { $access = "and " . get_access_sql_suffix(); } $result = get_data_row("SELECT count(*) as count from {$CONFIG->dbprefix}entities where type='user' {$access}"); if ($result) { return $result->count; } return false; }
/** * Add sql clauses to order entities by descendants count * * @param array $subtypes Array of descendant subtypes * @param str $direction Order by direction * @param array $options Original options array */ function hj_framework_get_order_by_descendant_count_clauses($subtypes, $direction, $options) { foreach ($subtypes as $st) { if ($id = get_subtype_id('object', $st)) { $subtype_ids[] = $id; } } $subtype_ids_str = implode(',', $subtype_ids); if (empty($subtype_ids_str)) { return $options; } $dbprefix = elgg_get_config('dbprefix'); $options['selects'][] = "COUNT(r_descendant.guid_one)"; $options['joins'][] = "JOIN {$dbprefix}entities e_descendant ON (e_descendant.subtype IN ({$subtype_ids_str}))"; $options['joins'][] = "LEFT JOIN {$dbprefix}entity_relationships r_descendant ON (e.guid = r_descendant.guid_two AND r_descendant.relationship = 'descendant' AND r_descendant.guid_one = e_descendant.guid)"; $options['wheres'][] = get_access_sql_suffix('e_descendant'); $options['group_by'] = 'e.guid'; $options['order_by'] = "count(r_descendant.guid_one) {$direction}, e.time_created DESC"; return $options; }
function get_entities_from_metadata_by_value($meta_array, $entity_type = "", $entity_subtype = "", $count = false, $owner_guid = 0, $container_guid = 0, $limit = 10, $offset = 0, $order_by = "", $site_guid = 0) { global $CONFIG; // ORDER BY if ($order_by == "") { $order_by = "e.time_created desc"; } $order_by = sanitise_string($order_by); $where = array(); // Filetr by metadata $mindex = 1; // Starting index of joined metadata/metastring tables $join_meta = ""; $query_access = ""; foreach ($meta_array as $meta) { $join_meta .= "JOIN {$CONFIG->dbprefix}metadata m{$mindex} on e.guid = m{$mindex}.entity_guid "; $join_meta .= "JOIN {$CONFIG->dbprefix}metastrings v{$mindex} on v{$mindex}.id = m{$mindex}.value_id "; $meta_n = get_metastring_id($meta['name']); $where[] = "m{$mindex}.name_id='{$meta_n}'"; if (strtolower($meta['operand']) == "like") { // "LIKE" search $where[] = "v{$mindex}.string LIKE ('" . $meta['value'] . "') "; } elseif (strtolower($meta['operand']) == "in") { // TO DO - "IN" search } elseif ($meta['operand'] != '') { // Simple operand search $where[] = "v{$mindex}.string" . $meta['operand'] . "'" . $meta['value'] . "'"; } $query_access .= ' and ' . get_access_sql_suffix("m{$mindex}"); // Add access controls $mindex++; } $limit = (int) $limit; $offset = (int) $offset; if (is_array($owner_guid) && count($owner_guid)) { foreach ($owner_guid as $key => $guid) { $owner_guid[$key] = (int) $guid; } } else { $owner_guid = (int) $owner_guid; } if (is_array($container_guid) && count($container_guid)) { foreach ($container_guid as $key => $guid) { $container_guid[$key] = (int) $guid; } } else { $container_guid = (int) $container_guid; } $site_guid = (int) $site_guid; if ($site_guid == 0) { $site_guid = $CONFIG->site_guid; } $entity_type = sanitise_string($entity_type); if ($entity_type != "") { $where[] = "e.type='{$entity_type}'"; } $entity_subtype = get_subtype_id($entity_type, $entity_subtype); if ($entity_subtype) { $where[] = "e.subtype={$entity_subtype}"; } if ($site_guid > 0) { $where[] = "e.site_guid = {$site_guid}"; } if (is_array($owner_guid)) { $where[] = "e.owner_guid in (" . implode(",", $owner_guid) . ")"; } else { if ($owner_guid > 0) { $where[] = "e.owner_guid = {$owner_guid}"; } } if (is_array($container_guid)) { $where[] = "e.container_guid in (" . implode(",", $container_guid) . ")"; } else { if ($container_guid > 0) { $where[] = "e.container_guid = {$container_guid}"; } } if (!$count) { $query = "SELECT distinct e.* "; } else { $query = "SELECT count(distinct e.guid) as total "; } $query .= "FROM {$CONFIG->dbprefix}entities e "; $query .= $join_meta; $query .= " WHERE "; foreach ($where as $w) { $query .= " {$w} and "; } $query .= get_access_sql_suffix("e"); // Add access controls $query .= $query_access; if (!$count) { $query .= " order by {$order_by} limit {$offset}, {$limit}"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); } else { $row = get_data_row($query); //echo $query.mysql_error().__FILE__.__LINE__; if ($row) { return $row->total; } } return false; }
} // limit to current site $join .= " JOIN {$CONFIG->dbprefix}entity_relationships site_relation ON e.guid = site_relation.guid_one"; $where[] = "site_relation.relationship='member_of_site'"; $where[] = "site_relation.guid_two = " . $CONFIG->site_guid; // build where clauses if (count($where) > 0) { foreach ($where as $w) { $where_clause .= " {$w} and "; } } // add access $access_suffix .= get_access_sql_suffix("e"); // Add access controls for ($mindex = 1; $mindex <= count($meta_array); $mindex++) { $access_suffix .= ' and ' . get_access_sql_suffix("m{$mindex}"); // Add access controls } if (empty($select)) { $select = "distinct e.*"; } // extend with hooks $join = trigger_plugin_hook("extend_join", "profile_manager_member_search", null, $join); $order = trigger_plugin_hook("extend_order", "profile_manager_member_search", null, $order); $select = trigger_plugin_hook("extend_select", "profile_manager_member_search", null, $select); $where_clause = trigger_plugin_hook("extend_where", "profile_manager_member_search", null, $where_clause); // build query $query = "from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid = u.guid {$join} where " . $where_clause . $access_suffix; // execute query and retrieve entities $count = get_data_row("SELECT count(distinct e.guid) as total " . $query); $count = $count->total;
/** * Get comments that match the search parameters. * * @param string $hook Hook name * @param string $type Hook type * @param array $value Empty array * @param array $params Search parameters * @return array */ function search_comments_hook($hook, $type, $value, $params) { $db_prefix = elgg_get_config('dbprefix'); $query = sanitise_string($params['query']); $limit = sanitise_int($params['limit']); $offset = sanitise_int($params['offset']); $params['annotation_names'] = array('generic_comment', 'group_topic_post'); $params['joins'] = array("JOIN {$db_prefix}annotations a on e.guid = a.entity_guid", "JOIN {$db_prefix}metastrings msn on a.name_id = msn.id", "JOIN {$db_prefix}metastrings msv on a.value_id = msv.id"); $fields = array('string'); // force IN BOOLEAN MODE since fulltext isn't // available on metastrings (and boolean mode doesn't need it) $search_where = search_get_where_sql('msv', $fields, $params, FALSE); $container_and = ''; if ($params['container_guid'] && $params['container_guid'] !== ELGG_ENTITIES_ANY_VALUE) { $container_and = 'AND e.container_guid = ' . sanitise_int($params['container_guid']); } $e_access = get_access_sql_suffix('e'); $a_access = get_access_sql_suffix('a'); // @todo this can probably be done through the api.. $q = "SELECT count(DISTINCT a.id) as total FROM {$db_prefix}annotations a\n\t\tJOIN {$db_prefix}metastrings msn ON a.name_id = msn.id\n\t\tJOIN {$db_prefix}metastrings msv ON a.value_id = msv.id\n\t\tJOIN {$db_prefix}entities e ON a.entity_guid = e.guid\n\t\tWHERE msn.string IN ('generic_comment', 'group_topic_post')\n\t\t\tAND ({$search_where})\n\t\t\tAND {$e_access}\n\t\t\tAND {$a_access}\n\t\t\t{$container_and}\n\t\t"; if (!($result = get_data($q))) { return FALSE; } $count = $result[0]->total; // don't continue if nothing there... if (!$count) { return array('entities' => array(), 'count' => 0); } // no full text index on metastrings table if ($params['sort'] == 'relevance') { $params['sort'] = 'created'; } $order_by = search_get_order_by_sql('a', null, $params['sort'], $params['order']); if ($order_by) { $order_by = "ORDER BY {$order_by}"; } $q = "SELECT DISTINCT a.*, msv.string as comment FROM {$db_prefix}annotations a\n\t\tJOIN {$db_prefix}metastrings msn ON a.name_id = msn.id\n\t\tJOIN {$db_prefix}metastrings msv ON a.value_id = msv.id\n\t\tJOIN {$db_prefix}entities e ON a.entity_guid = e.guid\n\t\tWHERE msn.string IN ('generic_comment', 'group_topic_post')\n\t\t\tAND ({$search_where})\n\t\t\tAND {$e_access}\n\t\t\tAND {$a_access}\n\t\t\t{$container_and}\n\t\t\n\t\t{$order_by}\n\t\tLIMIT {$offset}, {$limit}\n\t\t"; $comments = get_data($q); // @todo if plugins are disabled causing subtypes // to be invalid and there are comments on entities of those subtypes, // the counts will be wrong here and results might not show up correctly, // especially on the search landing page, which only pulls out two results. // probably better to check against valid subtypes than to do what I'm doing. // need to return actual entities // add the volatile data for why these entities have been returned. $entities = array(); foreach ($comments as $comment) { $entity = get_entity($comment->entity_guid); // hic sunt dracones if (!$entity) { //continue; $entity = new ElggObject(); $entity->setVolatileData('search_unavailable_entity', TRUE); } $comment_str = search_get_highlighted_relevant_substrings($comment->comment, $query); $comments_data = $entity->getVolatileData('search_comments_data'); if (!$comments_data) { $comments_data = array(); } $comments_data[] = array('annotation_id' => $comment->id, 'text' => $comment_str, 'owner_guid' => $comment->owner_guid, 'time_created' => $comment->time_created); $entity->setVolatileData('search_comments_data', $comments_data); $entities[] = $entity; } return array('entities' => $entities, 'count' => $count); }
/** * Get the river's access where clause * * @return string * @since 1.8.0 * @access private */ function elgg_river_get_access_sql() { // rewrite default access where clause to work with river table return str_replace("and enabled='yes'", '', str_replace('owner_guid', 'rv.subject_guid', str_replace('access_id', 'rv.access_id', get_access_sql_suffix()))); }
/** * Delete a given annotation. * * @param $id int The id */ function delete_annotation($id) { global $CONFIG; $id = (int) $id; $access = get_access_sql_suffix(); $annotation = get_annotation($id); if (trigger_elgg_event('delete', 'annotation', $annotation)) { return delete_data("DELETE from {$CONFIG->dbprefix}annotations where id={$id} and {$access}"); } return false; }
} } elseif (substr($q, 0, 1) == "#") { $tag = substr($q, 1); $tags_id = elgg_get_metastring_id("tags"); $thewire_id = get_subtype_id("object", "thewire"); $query = "SELECT DISTINCT *"; $query .= " FROM (SELECT ms1.string as value"; $query .= " FROM " . elgg_get_config("dbprefix") . "entities e"; $query .= " JOIN " . elgg_get_config("dbprefix") . "metadata m ON e.guid = m.entity_guid"; $query .= " JOIN " . elgg_get_config("dbprefix") . "metastrings ms1 ON m.value_id = ms1.id"; $query .= " WHERE (e.type = 'object' AND e.subtype = " . $thewire_id . ")"; $query .= " AND (e.owner_guid = " . elgg_get_logged_in_user_guid() . ")"; $query .= " AND (m.name_id = " . $tags_id . ")"; $query .= " AND (ms1.string LIKE '%" . sanitise_string($tag) . "%')"; $query .= " AND " . get_access_sql_suffix("e"); $query .= " AND " . get_access_sql_suffix("m"); $query .= " ORDER BY m.time_created DESC) a"; $query .= " LIMIT 0, " . $limit; $rows = get_data($query); if (!empty($rows)) { $metadata = array(); foreach ($rows as $row) { if (!empty($row->value) || $row->value == 0) { $metadata[] = $row->value; } } natcasesort($metadata); foreach ($metadata as $md) { $result[] = array("type" => "hashtag", "value" => $md); } }
$site_options = array("type" => "site", "relationship" => "member_of_site", "relationship_guid" => $user->getGUID(), "limit" => false, "site_guids" => false); if ($sites = elgg_get_entities_from_relationship($site_options)) { $site_guids = array(); foreach ($sites as $row) { $site_guids[] = $row->guid; } $count_query .= "e.site_guid IN (" . implode(", ", $site_guids) . ") "; } else { $count_query .= "e.site_guid = " . elgg_get_site_entity()->getGUID() . " "; } } else { $count_query .= "e.site_guid = " . elgg_get_site_entity()->getGUID() . " "; } $count_query .= " AND "; // Add access controls $count_query .= get_access_sql_suffix('e'); $count_query .= " GROUP BY e.subtype"; $totals = get_data($count_query); if ($totals) { foreach ($totals as $row) { $search_result_counters["item:object:" . $row->subtype] = $row->total; } } } } } // call custom searches if ($search_type != 'entities' || $search_type == 'all') { if (is_array($custom_types)) { foreach ($custom_types as $type) { if ($search_type != 'all' && $search_type != $type) {
/** * Get popular tags and their frequencies * * Supports similar arguments as elgg_get_entities() * * @param array $options Array in format: * * threshold => INT minimum tag count * * tag_names => array() metadata tag names - must be registered tags * * limit => INT number of tags to return * * types => NULL|STR entity type (SQL: type = '$type') * * subtypes => NULL|STR entity subtype (SQL: subtype = '$subtype') * * type_subtype_pairs => NULL|ARR (array('type' => 'subtype')) * (SQL: type = '$type' AND subtype = '$subtype') pairs * * owner_guids => NULL|INT entity guid * * container_guids => NULL|INT container_guid * * site_guids => NULL (current_site)|INT site_guid * * created_time_lower => NULL|INT Created time lower boundary in epoch time * * created_time_upper => NULL|INT Created time upper boundary in epoch time * * modified_time_lower => NULL|INT Modified time lower boundary in epoch time * * modified_time_upper => NULL|INT Modified time upper boundary in epoch time * * wheres => array() Additional where clauses to AND together * * joins => array() Additional joins * * @return false/array - if no tags or error, false * otherwise, array of objects with ->tag and ->total values * @since 1.7.1 */ function elgg_get_tags(array $options = array()) { global $CONFIG; $defaults = array('threshold' => 1, 'tag_names' => array(), 'limit' => 10, 'types' => ELGG_ENTITIES_ANY_VALUE, 'subtypes' => ELGG_ENTITIES_ANY_VALUE, 'type_subtype_pairs' => ELGG_ENTITIES_ANY_VALUE, 'owner_guids' => ELGG_ENTITIES_ANY_VALUE, 'container_guids' => ELGG_ENTITIES_ANY_VALUE, 'site_guids' => $CONFIG->site_guid, 'modified_time_lower' => ELGG_ENTITIES_ANY_VALUE, 'modified_time_upper' => ELGG_ENTITIES_ANY_VALUE, 'created_time_lower' => ELGG_ENTITIES_ANY_VALUE, 'created_time_upper' => ELGG_ENTITIES_ANY_VALUE, 'joins' => array(), 'wheres' => array()); $options = array_merge($defaults, $options); $singulars = array('type', 'subtype', 'owner_guid', 'container_guid', 'site_guid', 'tag_name'); $options = elgg_normalise_plural_options_array($options, $singulars); $registered_tags = elgg_get_registered_tag_metadata_names(); if (!is_array($options['tag_names'])) { return false; } // empty array so use all registered tag names if (count($options['tag_names']) == 0) { $options['tag_names'] = $registered_tags; } $diff = array_diff($options['tag_names'], $registered_tags); if (count($diff) > 0) { elgg_deprecated_notice('Tag metadata names must be registered by elgg_register_tag_metadata_name()', 1.7); // return false; } $wheres = $options['wheres']; // catch for tags that were spaces $wheres[] = "msv.string != ''"; foreach ($options['tag_names'] as $tag) { $sanitised_tags[] = '"' . sanitise_string($tag) . '"'; } $tags_in = implode(',', $sanitised_tags); $wheres[] = "(msn.string IN ({$tags_in}))"; $wheres[] = elgg_get_entity_type_subtype_where_sql('e', $options['types'], $options['subtypes'], $options['type_subtype_pairs']); $wheres[] = elgg_get_guid_based_where_sql('e.site_guid', $options['site_guids']); $wheres[] = elgg_get_guid_based_where_sql('e.owner_guid', $options['owner_guids']); $wheres[] = elgg_get_guid_based_where_sql('e.container_guid', $options['container_guids']); $wheres[] = elgg_get_entity_time_where_sql('e', $options['created_time_upper'], $options['created_time_lower'], $options['modified_time_upper'], $options['modified_time_lower']); // remove identical where clauses $wheres = array_unique($wheres); // see if any functions failed // remove empty strings on successful functions foreach ($wheres as $i => $where) { if ($where === FALSE) { return FALSE; } elseif (empty($where)) { unset($wheres[$i]); } } $joins = $options['joins']; $joins[] = "JOIN {$CONFIG->dbprefix}metadata md on md.entity_guid = e.guid"; $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msv on msv.id = md.value_id"; $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msn on md.name_id = msn.id"; // remove identical join clauses $joins = array_unique($joins); foreach ($joins as $i => $join) { if ($join === FALSE) { return FALSE; } elseif (empty($join)) { unset($joins[$i]); } } $query = "SELECT msv.string as tag, count(msv.id) as total "; $query .= "FROM {$CONFIG->dbprefix}entities e "; // add joins foreach ($joins as $j) { $query .= " {$j} "; } // add wheres $query .= ' WHERE '; foreach ($wheres as $w) { $query .= " {$w} AND "; } // Add access controls $query .= get_access_sql_suffix('e'); $threshold = sanitise_int($options['threshold']); $query .= " GROUP BY msv.string HAVING total >= {$threshold} "; $query .= " ORDER BY total DESC "; $limit = sanitise_int($options['limit']); $query .= " LIMIT {$limit} "; return get_data($query); }
/** * Page handler for autocomplete endpoint. * * @param $page * @return unknown_type */ function input_livesearch_page_handler($page) { global $CONFIG; // only return results to logged in users. if (!($user = get_loggedin_user())) { exit; } if (!($q = get_input('q'))) { exit; } $q = mysql_real_escape_string($q); // replace mysql vars with escaped strings $q = str_replace(array('_', '%'), array('\\_', '\\%'), $q); $match_on = get_input('match_on', 'all'); if ($match_on == 'all' || $match_on[0] == 'all') { $match_on = array('users', 'groups'); } if (!is_array($match_on)) { $match_on = array($match_on); } if (get_input('match_owner', false)) { $owner_guid = $user->getGUID(); $owner_where = 'AND e.owner_guid = ' . $user->getGUID(); } else { $owner_guid = null; $owner_where = ''; } $limit = get_input('limit', 10); // grab a list of entities and send them in json. $results = array(); foreach ($match_on as $type) { switch ($type) { case 'all': // only need to pull up title from objects. if (!($entities = elgg_get_entities(array('owner_guid' => $owner_guid, 'limit' => $limit))) and is_array($entities)) { $results = array_merge($results, $entities); } break; case 'users': $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e\n\t\t\t\t\tWHERE e.guid = ue.guid\n\t\t\t\t\t\tAND e.enabled = 'yes'\n\t\t\t\t\t\tAND ue.banned = 'no'\n\t\t\t\t\t\tAND (ue.name LIKE '{$q}%' OR ue.username LIKE '{$q}%')\n\t\t\t\t\tLIMIT {$limit}\n\t\t\t\t"; if ($entities = get_data($query)) { foreach ($entities as $entity) { $json = json_encode(array('type' => 'user', 'name' => $entity->name, 'desc' => $entity->username, 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />', 'guid' => $entity->guid)); $results[$entity->name . rand(1, 100)] = $json; } } break; case 'groups': // don't return results if groups aren't enabled. if (!is_plugin_enabled('groups')) { continue; } $query = "SELECT * FROM {$CONFIG->dbprefix}groups_entity as ge, {$CONFIG->dbprefix}entities as e\n\t\t\t\t\tWHERE e.guid = ge.guid\n\t\t\t\t\t\tAND e.enabled = 'yes'\n\t\t\t\t\t\t{$owner_where}\n\t\t\t\t\t\tAND (ge.name LIKE '{$q}%' OR ge.description LIKE '%{$q}%')\n\t\t\t\t\tLIMIT {$limit}\n\t\t\t\t"; if ($entities = get_data($query)) { foreach ($entities as $entity) { $json = json_encode(array('type' => 'group', 'name' => $entity->name, 'desc' => strip_tags($entity->description), 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />', 'guid' => $entity->guid)); //$results[$entity->name . rand(1,100)] = "$json|{$entity->guid}"; $results[$entity->name . rand(1, 100)] = $json; } } break; case 'friends': $access = get_access_sql_suffix(); $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entity_relationships as er, {$CONFIG->dbprefix}entities as e\n\t\t\t\t\tWHERE er.relationship = 'friend'\n\t\t\t\t\t\tAND er.guid_one = {$user->getGUID()}\n\t\t\t\t\t\tAND er.guid_two = ue.guid\n\t\t\t\t\t\tAND e.guid = ue.guid\n\t\t\t\t\t\tAND e.enabled = 'yes'\n\t\t\t\t\t\tAND ue.banned = 'no'\n\t\t\t\t\t\tAND (ue.name LIKE '{$q}%' OR ue.username LIKE '{$q}%')\n\t\t\t\t\tLIMIT {$limit}\n\t\t\t\t"; if ($entities = get_data($query)) { foreach ($entities as $entity) { $json = json_encode(array('type' => 'user', 'name' => $entity->name, 'desc' => $entity->username, 'icon' => '<img class="livesearch_icon" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />', 'guid' => $entity->guid)); $results[$entity->name . rand(1, 100)] = $json; } } break; default: // arbitrary subtype. //@todo you cannot specify a subtype without a type. // did this ever work? elgg_get_entities(array('subtype' => $type, 'owner_guid' => $owner_guid)); break; } } ksort($results); echo implode($results, "\n"); exit; }
function get_entities_replies($username = "", $type = "", $subtype = "", $owner_guid = 0, $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0, $container_guid = null, $timelower = 0, $timeupper = 0) { global $CONFIG; if ($subtype === false || $subtype === null || $subtype === 0) { return false; } if ($order_by == "") { $order_by = "e.time_created desc"; } $order_by = sanitise_string($order_by); $username = sanitise_string($username); $limit = (int) $limit; $offset = (int) $offset; $site_guid = (int) $site_guid; $timelower = (int) $timelower; $timeupper = (int) $timeupper; if ($site_guid == 0) { $site_guid = $CONFIG->site_guid; } if (!empty($username)) { $username = "******"; } $where = array(); if (is_array($subtype)) { $tempwhere = ""; if (sizeof($subtype)) { foreach ($subtype as $typekey => $subtypearray) { foreach ($subtypearray as $subtypeval) { $typekey = sanitise_string($typekey); if (!empty($subtypeval)) { $subtypeval = (int) get_subtype_id($typekey, $subtypeval); } else { $subtypeval = 0; } if (!empty($tempwhere)) { $tempwhere .= " or "; } $tempwhere .= "(e.type = '{$typekey}' and e.subtype = {$subtypeval})"; } } } if (!empty($tempwhere)) { $where[] = "({$tempwhere})"; } } else { $type = sanitise_string($type); if ($subtype !== "") { $subtype = get_subtype_id($type, $subtype); } if ($type != "") { $where[] = "e.type='{$type}'"; } if ($subtype !== "") { $where[] = "e.subtype={$subtype}"; } } if ($owner_guid != "") { if (!is_array($owner_guid)) { $owner_array = array($owner_guid); $owner_guid = (int) $owner_guid; // $where[] = "owner_guid = '$owner_guid'"; } else { if (sizeof($owner_guid) > 0) { $owner_array = array_map('sanitise_int', $owner_guid); // Cast every element to the owner_guid array to int // $owner_guid = array_map("sanitise_int", $owner_guid); // $owner_guid = implode(",",$owner_guid); // $where[] = "owner_guid in ({$owner_guid})"; } } if (is_null($container_guid)) { $container_guid = $owner_array; } } if ($site_guid > 0) { $where[] = "e.site_guid = {$site_guid}"; } if (!is_null($container_guid)) { if (is_array($container_guid)) { foreach ($container_guid as $key => $val) { $container_guid[$key] = (int) $val; } $where[] = "e.container_guid in (" . implode(",", $container_guid) . ")"; } else { $container_guid = (int) $container_guid; $where[] = "e.container_guid = {$container_guid}"; } } if ($timelower) { $where[] = "e.time_created >= {$timelower}"; } if ($timeupper) { $where[] = "e.time_created <= {$timeupper}"; } if (!$count) { $query = "SELECT e.*,o.* from {$CONFIG->dbprefix}entities e, {$CONFIG->dbprefix}objects_entity o where "; } else { $query = "SELECT count(e.guid) as total from {$CONFIG->dbprefix}entities e, {$CONFIG->dbprefix}objects_entity o where "; } foreach ($where as $w) { $query .= " {$w} and "; } $query .= get_access_sql_suffix(); // Add access controls $query .= " and e.guid=o.guid AND o.description LIKE '%{$username}%' "; if (!$count) { $query .= " order by {$order_by}"; if ($limit) { $query .= " limit {$offset}, {$limit}"; } // Add order and limit $dt = get_data($query, "entity_row_to_elggstar"); return $dt; } else { $total = get_data_row($query); return $total->total; } /* SELECT e.*,o.* from elggentities e, elggobjects_entity o where e.type='object' and e.subtype=8 and e.site_guid = 1 and ( (1 = 1) and e.enabled='yes') AND e.guid=o.guid AND o.description LIKE '%admin%' order by time_created desc limit 0, 10 * */ }
if ($tags_option == "and") { // AND $joins[] = "JOIN {$CONFIG->dbprefix}metadata n_table{$i} on e.guid = n_table{$i}.entity_guid"; $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i} on n_table{$i}.name_id = msn{$i}.id"; $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i} on n_table{$i}.value_id = msv{$i}.id"; $values_where .= " AND (msn{$i}.string IN ({$names_str}) AND msv{$i}.string = {$value})"; } else { $values_where .= " OR (msv.string = {$value})"; } } else { $values_where .= "(msv.string = {$value})"; } } $values_where .= ")"; } $access = get_access_sql_suffix('n_table'); if ($names_where && $values_where) { $wheres[] = "({$names_where} AND {$values_where} AND {$access})"; } elseif ($names_where) { $wheres[] = "({$names_where} AND {$access})"; } elseif ($values_where) { $wheres[] = "({$values_where} AND {$access})"; } // owner_guids if (!empty($widget->owner_guids)) { $owner_guids = string_to_tag_array($widget->owner_guids); if (!empty($owner_guids)) { foreach ($owner_guids as $key => $guid) { $owner_guids[$key] = sanitise_int($guid); } }
/** * Get entities based on their private data by multiple keys, in a similar way to metadata. * * @param string $name The name of the setting * @param string $value The value of the setting * @param string|array $type The type of entity (eg "user", "object" etc) or array(type1 => array('subtype1', ...'subtypeN'), ...) * @param string $subtype The arbitrary subtype of the entity * @param int $owner_guid The GUID of the owning user * @param string $order_by The field to order by; by default, time_created desc * @param int $limit The number of entities to return; 10 by default * @param int $offset The indexing offset, 0 by default * @param boolean $count Set to true to get a count rather than the entities themselves (limits and offsets don't apply in this context). Defaults to false. * @param int $site_guid The site to get entities for. Leave as 0 (default) for the current site; -1 for all sites. * @param int|array $container_guid The container or containers to get entities from (default: all containers). * @return array A list of entities. */ function get_entities_from_private_setting_multi(array $name, $type = "", $subtype = "", $owner_guid = 0, $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0, $container_guid = null) { global $CONFIG; if ($subtype === false || $subtype === null || $subtype === 0) { return false; } if ($order_by == "") { $order_by = "e.time_created desc"; } $order_by = sanitise_string($order_by); $limit = (int) $limit; $offset = (int) $offset; $site_guid = (int) $site_guid; if ($site_guid == 0) { $site_guid = $CONFIG->site_guid; } $where = array(); if (is_array($type)) { $tempwhere = ""; if (sizeof($type)) { foreach ($type as $typekey => $subtypearray) { foreach ($subtypearray as $subtypeval) { $typekey = sanitise_string($typekey); if (!empty($subtypeval)) { if (!($subtypeval = (int) get_subtype_id($typekey, $subtypeval))) { return false; } } else { $subtypeval = 0; } if (!empty($tempwhere)) { $tempwhere .= " or "; } $tempwhere .= "(e.type = '{$typekey}' and e.subtype = {$subtypeval})"; } } } if (!empty($tempwhere)) { $where[] = "({$tempwhere})"; } } else { $type = sanitise_string($type); if ($subtype and !($subtype = get_subtype_id($type, $subtype))) { return false; } if ($type != "") { $where[] = "e.type='{$type}'"; } if ($subtype !== "") { $where[] = "e.subtype={$subtype}"; } } if ($owner_guid != "") { if (!is_array($owner_guid)) { $owner_array = array($owner_guid); $owner_guid = (int) $owner_guid; // $where[] = "owner_guid = '$owner_guid'"; } else { if (sizeof($owner_guid) > 0) { $owner_array = array_map('sanitise_int', $owner_guid); // Cast every element to the owner_guid array to int // $owner_guid = array_map("sanitise_int", $owner_guid); // $owner_guid = implode(",",$owner_guid); // $where[] = "owner_guid in ({$owner_guid})"; } } if (is_null($container_guid)) { $container_guid = $owner_array; } } if ($site_guid > 0) { $where[] = "e.site_guid = {$site_guid}"; } if (!is_null($container_guid)) { if (is_array($container_guid)) { foreach ($container_guid as $key => $val) { $container_guid[$key] = (int) $val; } $where[] = "e.container_guid in (" . implode(",", $container_guid) . ")"; } else { $container_guid = (int) $container_guid; $where[] = "e.container_guid = {$container_guid}"; } } if ($name) { $s_join = ""; $i = 1; foreach ($name as $k => $n) { $k = sanitise_string($k); $s_join .= " JOIN {$CONFIG->dbprefix}private_settings s{$i} ON e.guid=s{$i}.entity_guid"; $where[] = "s{$i}.name = '{$k}'"; $where[] = "s{$i}.value = '{$n}'"; $i++; } } if (!$count) { $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e {$s_join} where "; } else { $query = "SELECT count(distinct e.guid) as total from {$CONFIG->dbprefix}entities e {$s_join} where "; } foreach ($where as $w) { $query .= " {$w} and "; } $query .= get_access_sql_suffix('e'); // Add access controls if (!$count) { $query .= " order by {$order_by}"; if ($limit) { $query .= " limit {$offset}, {$limit}"; } // Add order and limit $dt = get_data($query, "entity_row_to_elggstar"); return $dt; } else { $total = get_data_row($query); return $total->total; } }
function tp_get_entities_from_annotations_calculate_x($sum = "sum", $entity_type = "", $entity_subtype = "", $name = "", $mdname = '', $mdvalue = '', $owner_guid = 0, $limit = 10, $offset = 0, $orderdir = 'desc', $count = false) { global $CONFIG; $sum = sanitise_string($sum); $entity_type = sanitise_string($entity_type); $entity_subtype = get_subtype_id($entity_type, $entity_subtype); $name = get_metastring_id($name); $limit = (int) $limit; $offset = (int) $offset; $owner_guid = (int) $owner_guid; if (!empty($mdname) && !empty($mdvalue)) { $meta_n = get_metastring_id($mdname); $meta_v = get_metastring_id($mdvalue); } if (empty($name)) { return 0; } $where = array(); if ($entity_type != "") { $where[] = "e.type='{$entity_type}'"; } if ($owner_guid > 0) { $where[] = "e.owner_guid = {$owner_guid}"; } if ($entity_subtype) { $where[] = "e.subtype={$entity_subtype}"; } if ($name != "") { $where[] = "a.name_id='{$name}'"; } if (!empty($mdname) && !empty($mdvalue)) { if ($mdname != "") { $where[] = "m.name_id='{$meta_n}'"; } if ($mdvalue != "") { $where[] = "m.value_id='{$meta_v}'"; } } if ($sum != "count") { $where[] = "a.value_type='integer'"; } // Limit on integer types if (!$count) { $query = "SELECT distinct e.*, {$sum}(ms.string) as sum "; } else { $query = "SELECT count(distinct e.guid) as num, {$sum}(ms.string) as sum "; } $query .= " from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}annotations a on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings ms on a.value_id=ms.id "; if (!empty($mdname) && !empty($mdvalue)) { $query .= " JOIN {$CONFIG->dbprefix}metadata m on m.entity_guid = e.guid "; } $query .= " WHERE "; foreach ($where as $w) { $query .= " {$w} and "; } $query .= get_access_sql_suffix("a"); // now add access $query .= ' and ' . get_access_sql_suffix("e"); // now add access if (!$count) { $query .= ' group by e.guid'; } if (!$count) { $query .= ' order by sum ' . $orderdir; $query .= ' limit ' . $offset . ' , ' . $limit; return get_data($query, "entity_row_to_elggstar"); } else { if ($row = get_data_row($query)) { return $row->num; } } return false; }
/** * Update an annotation. * * @param int $annotation_id Annotation ID * @param string $name Name of annotation * @param string $value Value of annotation * @param string $value_type Type of value * @param int $owner_guid Owner of annotation * @param int $access_id Access level of annotation * * @return bool */ function update_annotation($annotation_id, $name, $value, $value_type, $owner_guid, $access_id) { global $CONFIG; $annotation_id = (int) $annotation_id; $name = trim($name); $value = trim($value); $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type))); $owner_guid = (int) $owner_guid; if ($owner_guid == 0) { $owner_guid = elgg_get_logged_in_user_guid(); } $access_id = (int) $access_id; $access = get_access_sql_suffix(); // Add the metastring $value = add_metastring($value); if (!$value) { return false; } $name = add_metastring($name); if (!$name) { return false; } // If ok then add it $result = update_data("UPDATE {$CONFIG->dbprefix}annotations\n\t\tset name_id='{$name}', value_id='{$value}', value_type='{$value_type}', access_id={$access_id}, owner_guid={$owner_guid}\n\t\twhere id={$annotation_id} and {$access}"); if ($result !== false) { $obj = elgg_get_annotation_from_id($annotation_id); if (elgg_trigger_event('update', 'annotation', $obj)) { return true; } else { // @todo add plugin hook that sends old and new annotation information before db access elgg_delete_annotation_by_id($annotation_id); } } return $result; }
/** * Can a user access an entity. * * @warning If a logged in user doesn't have access to an entity, the * core engine will not load that entity. * * @tip This is mostly useful for checking if a user other than the logged in * user has access to an entity that is currently loaded. * * @todo This function would be much more useful if we could pass the guid of the * entity to test access for. We need to be able to tell whether the entity exists * and whether the user has access to the entity. * * @param ElggEntity $entity The entity to check access for. * @param ElggUser $user Optionally user to check access for. Defaults to * logged in user (which is a useless default). * * @return bool * @link http://docs.elgg.org/Access */ function has_access_to_entity($entity, $user = null) { global $CONFIG; if (!isset($user)) { $access_bit = get_access_sql_suffix("e"); } else { $access_bit = get_access_sql_suffix("e", $user->getGUID()); } $query = "SELECT guid from {$CONFIG->dbprefix}entities e WHERE e.guid = " . $entity->getGUID(); // Add access controls $query .= " AND " . $access_bit; if (get_data($query)) { return true; } else { return false; } }
/** * Populate the cache from a set of entities * * @param int|array $guids Array of or single GUIDs * @return void */ public function populateFromEntities($guids) { if (empty($guids)) { return; } if (!is_array($guids)) { $guids = array($guids); } $guids = array_unique($guids); // could be useful at some point in future //$guids = $this->filterMetadataHeavyEntities($guids); $db_prefix = elgg_get_config('dbprefix'); $options = array('guids' => $guids, 'limit' => 0, 'callback' => false, 'joins' => array("JOIN {$db_prefix}metastrings v ON n_table.value_id = v.id", "JOIN {$db_prefix}metastrings n ON n_table.name_id = n.id"), 'selects' => array('n.string AS name', 'v.string AS value'), 'order_by' => 'n_table.entity_guid, n_table.time_created ASC', 'wheres' => array(get_access_sql_suffix('n_table'))); $data = elgg_get_metadata($options); // build up metadata for each entity, save when GUID changes (or data ends) $last_guid = null; $metadata = array(); $last_row_idx = count($data) - 1; foreach ($data as $i => $row) { $name = $row->name; $value = $row->value_type === 'text' ? $row->value : (int) $row->value; $guid = $row->entity_guid; if ($guid !== $last_guid) { if ($last_guid) { $this->saveAll($last_guid, $metadata); } $metadata = array(); } if (isset($metadata[$name])) { $metadata[$name] = (array) $metadata[$name]; $metadata[$name][] = $value; } else { $metadata[$name] = $value; } if ($i == $last_row_idx) { $this->saveAll($guid, $metadata); } $last_guid = $guid; } }
/** * A function that returns a maximum of $limit users who have done something within the last * $seconds seconds. * * @param int $seconds Number of seconds (default 600 = 10min) * @param int $limit Limit, default 10. * @param int $offset Offset, defualt 0. */ function find_active_users($seconds = 600, $limit = 10, $offset = 0) { global $CONFIG; $seconds = (int) $seconds; $limit = (int) $limit; $offset = (int) $offset; $time = time() - $seconds; $access = get_access_sql_suffix("e"); $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid = u.guid where u.last_action >= {$time} and {$access} order by u.last_action desc limit {$offset},{$limit}"; return get_data($query, "entity_row_to_elggstar"); }
/** * Get an array of users from an email address * * @param string $email Email address. * * @return array */ function get_user_by_email($email) { global $CONFIG; $email = sanitise_string($email); $access = get_access_sql_suffix('e'); $query = "SELECT e.* from {$CONFIG->dbprefix}entities e\n\t\tjoin {$CONFIG->dbprefix}users_entity u on e.guid=u.guid\n\t\twhere email='{$email}' and {$access}"; return get_data($query, 'entity_row_to_elggstar'); }
/** * Returns a list of months in which entities were updated or created. * * @tip Use this to generate a list of archives by month for when entities were added or updated. * * @warning Months are returned in the form YYYYMM. * * @param string $type The type of entity * @param string $subtype The subtype of entity * @param int $container_guid The container GUID that the entinties belong to * @param int $site_guid The site GUID * @param str $order_by Order_by SQL order by clause * * @return array|false Either an array months as YYYYMM, or false on failure */ function get_entity_dates($type = '', $subtype = '', $container_guid = 0, $site_guid = 0, $order_by = 'time_created') { global $CONFIG; $site_guid = (int) $site_guid; if ($site_guid == 0) { $site_guid = $CONFIG->site_guid; } $where = array(); if ($type != "") { $type = sanitise_string($type); $where[] = "type='{$type}'"; } if (is_array($subtype)) { $tempwhere = ""; if (sizeof($subtype)) { foreach ($subtype as $typekey => $subtypearray) { foreach ($subtypearray as $subtypeval) { $typekey = sanitise_string($typekey); if (!empty($subtypeval)) { if (!($subtypeval = (int) get_subtype_id($typekey, $subtypeval))) { return false; } } else { $subtypeval = 0; } if (!empty($tempwhere)) { $tempwhere .= " or "; } $tempwhere .= "(type = '{$typekey}' and subtype = {$subtypeval})"; } } } if (!empty($tempwhere)) { $where[] = "({$tempwhere})"; } } else { if ($subtype) { if (!($subtype_id = get_subtype_id($type, $subtype))) { return FALSE; } else { $where[] = "subtype={$subtype_id}"; } } } if ($container_guid !== 0) { if (is_array($container_guid)) { foreach ($container_guid as $key => $val) { $container_guid[$key] = (int) $val; } $where[] = "container_guid in (" . implode(",", $container_guid) . ")"; } else { $container_guid = (int) $container_guid; $where[] = "container_guid = {$container_guid}"; } } if ($site_guid > 0) { $where[] = "site_guid = {$site_guid}"; } $where[] = get_access_sql_suffix(); $sql = "SELECT DISTINCT EXTRACT(YEAR_MONTH FROM FROM_UNIXTIME(time_created)) AS yearmonth\n\t\tFROM {$CONFIG->dbprefix}entities where "; foreach ($where as $w) { $sql .= " {$w} and "; } $sql .= "1=1 ORDER BY {$order_by}"; if ($result = get_data($sql)) { $endresult = array(); foreach ($result as $res) { $endresult[] = $res->yearmonth; } return $endresult; } return false; }
/** * Returns an array of joins and wheres for use in metastrings. * * @note The $pairs is reserved for name/value pairs if we want to implement those. * * @param string $table The annotation or metadata table name or alias * @param array $names An array of names * @param array $values An array of values * @param array $pairs Name / value pairs. Not currently used. * @param array $ids Metastring IDs * @param bool $case_sensitive Should name and values be case sensitive? * * @return array * @access private */ function elgg_get_metastring_sql($table, $names = null, $values = null, $pairs = null, $ids = null, $case_sensitive = false) { if (!$names && $names !== 0 && (!$values && $values !== 0) && !$ids && (!$pairs && $pairs !== 0)) { return ''; } $db_prefix = elgg_get_config('dbprefix'); // join counter for incremental joins. $i = 1; // binary forces byte-to-byte comparision of strings, making // it case- and diacritical-mark- sensitive. // only supported on values. $binary = $case_sensitive ? ' BINARY ' : ''; $access = get_access_sql_suffix($table); $return = array('joins' => array(), 'wheres' => array()); $wheres = array(); // get names wheres and joins $names_where = ''; if ($names !== NULL) { if (!is_array($names)) { $names = array($names); } $sanitised_names = array(); foreach ($names as $name) { // normalise to 0. if (!$name) { $name = '0'; } $sanitised_names[] = '\'' . sanitise_string($name) . '\''; } if ($names_str = implode(',', $sanitised_names)) { $return['joins'][] = "JOIN {$db_prefix}metastrings msn on {$table}.name_id = msn.id"; $names_where = "(msn.string IN ({$names_str}))"; } } // get values wheres and joins $values_where = ''; if ($values !== NULL) { if (!is_array($values)) { $values = array($values); } $sanitised_values = array(); foreach ($values as $value) { // normalize to 0 if (!$value) { $value = 0; } $sanitised_values[] = '\'' . sanitise_string($value) . '\''; } if ($values_str = implode(',', $sanitised_values)) { $return['joins'][] = "JOIN {$db_prefix}metastrings msv on {$table}.value_id = msv.id"; $values_where = "({$binary}msv.string IN ({$values_str}))"; } } if ($ids !== NULL) { if (!is_array($ids)) { $ids = array($ids); } $ids_str = implode(',', $ids); if ($ids_str) { $wheres[] = "n_table.id IN ({$ids_str})"; } } if ($names_where && $values_where) { $wheres[] = "({$names_where} AND {$values_where} AND {$access})"; } elseif ($names_where) { $wheres[] = "({$names_where} AND {$access})"; } elseif ($values_where) { $wheres[] = "({$values_where} AND {$access})"; } if ($where = implode(' AND ', $wheres)) { $return['wheres'][] = "({$where})"; } return $return; }
/** * Returns metadata name and value SQL where for entities. * NB: $names and $values are not paired. Use $pairs for this. * Pairs default to '=' operand. * * This function is reused for annotations because the tables are * exactly the same. * * @param string $e_table Entities table name * @param string $n_table Normalized metastrings table name (Where entities, * values, and names are joined. annotations / metadata) * @param arr|null $names Array of names * @param arr|null $values Array of values * @param arr|null $pairs Array of names / values / operands * @param and|or $pair_operator Operator to use to join the where clauses for pairs * @param bool $case_sensitive Case sensitive metadata names? * @param arr|null $order_by_metadata Array of names / direction * @param arr|null $owner_guids Array of owner GUIDs * * @return FALSE|array False on fail, array('joins', 'wheres') * @since 1.7.0 * @access private */ function elgg_get_entity_metadata_where_sql($e_table, $n_table, $names = NULL, $values = NULL, $pairs = NULL, $pair_operator = 'AND', $case_sensitive = TRUE, $order_by_metadata = NULL, $owner_guids = NULL) { global $CONFIG; // short circuit if nothing requested // 0 is a valid (if not ill-conceived) metadata name. // 0 is also a valid metadata value for FALSE, NULL, or 0 // 0 is also a valid(ish) owner_guid if (!$names && $names !== 0 && (!$values && $values !== 0) && (!$pairs && $pairs !== 0) && (!$owner_guids && $owner_guids !== 0) && !$order_by_metadata) { return ''; } // join counter for incremental joins. $i = 1; // binary forces byte-to-byte comparision of strings, making // it case- and diacritical-mark- sensitive. // only supported on values. $binary = $case_sensitive ? ' BINARY ' : ''; $access = get_access_sql_suffix('n_table'); $return = array('joins' => array(), 'wheres' => array(), 'orders' => array()); // will always want to join these tables if pulling metastrings. $return['joins'][] = "JOIN {$CONFIG->dbprefix}{$n_table} n_table on\n\t\t{$e_table}.guid = n_table.entity_guid"; $wheres = array(); // get names wheres and joins $names_where = ''; if ($names !== NULL) { if (!is_array($names)) { $names = array($names); } $sanitised_names = array(); foreach ($names as $name) { // normalise to 0. if (!$name) { $name = '0'; } $sanitised_names[] = '\'' . sanitise_string($name) . '\''; } if ($names_str = implode(',', $sanitised_names)) { $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn on n_table.name_id = msn.id"; $names_where = "(msn.string IN ({$names_str}))"; } } // get values wheres and joins $values_where = ''; if ($values !== NULL) { if (!is_array($values)) { $values = array($values); } $sanitised_values = array(); foreach ($values as $value) { // normalize to 0 if (!$value) { $value = 0; } $sanitised_values[] = '\'' . sanitise_string($value) . '\''; } if ($values_str = implode(',', $sanitised_values)) { $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv on n_table.value_id = msv.id"; $values_where = "({$binary}msv.string IN ({$values_str}))"; } } if ($names_where && $values_where) { $wheres[] = "({$names_where} AND {$values_where} AND {$access})"; } elseif ($names_where) { $wheres[] = "({$names_where} AND {$access})"; } elseif ($values_where) { $wheres[] = "({$values_where} AND {$access})"; } // add pairs // pairs must be in arrays. if (is_array($pairs)) { // check if this is an array of pairs or just a single pair. if (isset($pairs['name']) || isset($pairs['value'])) { $pairs = array($pairs); } $pair_wheres = array(); // @todo when the pairs are > 3 should probably split the query up to // denormalize the strings table. foreach ($pairs as $index => $pair) { // @todo move this elsewhere? // support shortcut 'n' => 'v' method. if (!is_array($pair)) { $pair = array('name' => $index, 'value' => $pair); } // must have at least a name and value if (!isset($pair['name']) || !isset($pair['value'])) { // @todo should probably return false. continue; } // case sensitivity can be specified per pair. // default to higher level setting. if (isset($pair['case_sensitive'])) { $pair_binary = $pair['case_sensitive'] ? ' BINARY ' : ''; } else { $pair_binary = $binary; } if (isset($pair['operand'])) { $operand = sanitise_string($pair['operand']); } else { $operand = ' = '; } // for comparing $trimmed_operand = trim(strtolower($operand)); $access = get_access_sql_suffix("n_table{$i}"); // if the value is an int, don't quote it because str '15' < str '5' // if the operand is IN don't quote it because quoting should be done already. if (is_numeric($pair['value'])) { $value = sanitise_string($pair['value']); } else { if (is_array($pair['value'])) { $values_array = array(); foreach ($pair['value'] as $pair_value) { if (is_numeric($pair_value)) { $values_array[] = sanitise_string($pair_value); } else { $values_array[] = "'" . sanitise_string($pair_value) . "'"; } } if ($values_array) { $value = '(' . implode(', ', $values_array) . ')'; } // @todo allow support for non IN operands with array of values. // will have to do more silly joins. $operand = 'IN'; } else { if ($trimmed_operand == 'in') { $value = "({$pair['value']})"; } else { $value = "'" . sanitise_string($pair['value']) . "'"; } } } $name = sanitise_string($pair['name']); // @todo The multiple joins are only needed when the operator is AND $return['joins'][] = "JOIN {$CONFIG->dbprefix}{$n_table} n_table{$i}\n\t\t\t\ton {$e_table}.guid = n_table{$i}.entity_guid"; $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i}\n\t\t\t\ton n_table{$i}.name_id = msn{$i}.id"; $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i}\n\t\t\t\ton n_table{$i}.value_id = msv{$i}.id"; $pair_wheres[] = "(msn{$i}.string = '{$name}' AND {$pair_binary}msv{$i}.string\n\t\t\t\t{$operand} {$value} AND {$access})"; $i++; } if ($where = implode(" {$pair_operator} ", $pair_wheres)) { $wheres[] = "({$where})"; } } // add owner_guids if ($owner_guids) { if (is_array($owner_guids)) { $sanitised = array_map('sanitise_int', $owner_guids); $owner_str = implode(',', $sanitised); } else { $owner_str = sanitise_int($owner_guids); } $wheres[] = "(n_table.owner_guid IN ({$owner_str}))"; } if ($where = implode(' AND ', $wheres)) { $return['wheres'][] = "({$where})"; } if (is_array($order_by_metadata)) { if (count($order_by_metadata) > 0 && !isset($order_by_metadata[0])) { // singleton, so fix $order_by_metadata = array($order_by_metadata); } foreach ($order_by_metadata as $order_by) { if (is_array($order_by) && isset($order_by['name'])) { $name = sanitise_string($order_by['name']); if (isset($order_by['direction'])) { $direction = sanitise_string($order_by['direction']); } else { $direction = 'ASC'; } $return['joins'][] = "JOIN {$CONFIG->dbprefix}{$n_table} n_table{$i}\n\t\t\t\t\ton {$e_table}.guid = n_table{$i}.entity_guid"; $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i}\n\t\t\t\t\ton n_table{$i}.name_id = msn{$i}.id"; $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i}\n\t\t\t\t\ton n_table{$i}.value_id = msv{$i}.id"; $access = get_access_sql_suffix("n_table{$i}"); $return['wheres'][] = "(msn{$i}.string = '{$name}' AND {$access})"; if (isset($order_by['as']) && $order_by['as'] == 'integer') { $return['orders'][] = "CAST(msv{$i}.string AS SIGNED) {$direction}"; } else { $return['orders'][] = "msv{$i}.string {$direction}"; } $i++; } } } return $return; }
/** * Gets the number of entities by a the number of entities related to them in a particular way. * This is a good way to get out the users with the most friends, or the groups with the most members. * * @param string $relationship The relationship eg "friends_of" * @param bool $inverse_relationship Reverse the normal function of the query to instead say "give me all entities for whome $relationship_guid is a $relationship of" (default: true) * @param string $type The type of entity (default: all) * @param string $subtype The entity subtype (default: all) * @param int $owner_guid The owner of the entities (default: none) * @param int $limit * @param int $offset * @param boolean $count Set to true if you want to count the number of entities instead (default false) * @param int $site_guid The site to get entities for. Leave as 0 (default) for the current site; -1 for all sites. * @return array|int|false An array of entities, or the number of entities, or false on failure */ function get_entities_by_relationship_count($relationship, $inverse_relationship = true, $type = "", $subtype = "", $owner_guid = 0, $limit = 10, $offset = 0, $count = false, $site_guid = 0) { global $CONFIG; $relationship = sanitise_string($relationship); $inverse_relationship = (bool) $inverse_relationship; $type = sanitise_string($type); if ($subtype and !($subtype = get_subtype_id($type, $subtype))) { return false; } $owner_guid = (int) $owner_guid; $order_by = sanitise_string($order_by); $limit = (int) $limit; $offset = (int) $offset; $site_guid = (int) $site_guid; if ($site_guid == 0) { $site_guid = $CONFIG->site_guid; } //$access = get_access_list(); $where = array(); if ($relationship != "") { $where[] = "r.relationship='{$relationship}'"; } if ($inverse_relationship) { $on = 'e.guid = r.guid_two'; } else { $on = 'e.guid = r.guid_one'; } if ($type != "") { $where[] = "e.type='{$type}'"; } if ($subtype) { $where[] = "e.subtype={$subtype}"; } if ($owner_guid != "") { $where[] = "e.container_guid='{$owner_guid}'"; } if ($site_guid > 0) { $where[] = "e.site_guid = {$site_guid}"; } if ($count) { $query = "SELECT count(distinct e.guid) as total "; } else { $query = "SELECT e.*, count(e.guid) as total "; } $query .= " from {$CONFIG->dbprefix}entity_relationships r JOIN {$CONFIG->dbprefix}entities e on {$on} where "; if (!empty($where)) { foreach ($where as $w) { $query .= " {$w} and "; } } $query .= get_access_sql_suffix("e"); // Add access controls if (!$count) { $query .= " group by e.guid "; $query .= " order by total desc limit {$offset}, {$limit}"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); } else { if ($count = get_data_row($query)) { return $count->total; } } return false; }
/** * Return the notable entities for a given time period based on their relationship. * * @param int $start_time The start time as a unix timestamp. * @param int $end_time The end time as a unix timestamp. * @param string $relationship The relationship eg "friends_of" * @param int $relationship_guid The guid of the entity to use query * @param bool $inverse_relationship Reverse the normal function of the query to say * "give me all entities for whom $relationship_guid is a * $relationship of" * @param string $type Entity type * @param string $subtype Entity subtype * @param int $owner_guid Owner GUID * @param string $order_by Optional Order by * @param int $limit Limit * @param int $offset Offset * @param boolean $count If true returns a count of entities (default false) * @param int $site_guid Site to get entities for. Default 0 = current site. -1 = any * * @return array|int|false An array of entities, or the number of entities, or false on failure * @access private * @deprecated 1.9 */ function get_noteable_entities_from_relationship($start_time, $end_time, $relationship, $relationship_guid, $inverse_relationship = false, $type = "", $subtype = "", $owner_guid = 0, $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0) { elgg_deprecated_notice('get_noteable_entities_from_relationship() has been deprecated', 1.9); global $CONFIG; $start_time = (int) $start_time; $end_time = (int) $end_time; $relationship = sanitise_string($relationship); $relationship_guid = (int) $relationship_guid; $inverse_relationship = (bool) $inverse_relationship; $type = sanitise_string($type); $subtype = get_subtype_id($type, $subtype); $owner_guid = (int) $owner_guid; if ($order_by == "") { $order_by = "time_created desc"; } $order_by = sanitise_string($order_by); $limit = (int) $limit; $offset = (int) $offset; $site_guid = (int) $site_guid; if ($site_guid == 0) { $site_guid = $CONFIG->site_guid; } //$access = get_access_list(); $where = array(); if ($relationship != "") { $where[] = "r.relationship='{$relationship}'"; } if ($relationship_guid) { $where[] = $inverse_relationship ? "r.guid_two='{$relationship_guid}'" : "r.guid_one='{$relationship_guid}'"; } if ($type != "") { $where[] = "e.type='{$type}'"; } if ($subtype) { $where[] = "e.subtype={$subtype}"; } if ($owner_guid != "") { $where[] = "e.container_guid='{$owner_guid}'"; } if ($site_guid > 0) { $where[] = "e.site_guid = {$site_guid}"; } // Add the calendar stuff $cal_join = "\n\t\tJOIN {$CONFIG->dbprefix}metadata cal_start on e.guid=cal_start.entity_guid\n\t\tJOIN {$CONFIG->dbprefix}metastrings cal_start_name on cal_start.name_id=cal_start_name.id\n\t\tJOIN {$CONFIG->dbprefix}metastrings cal_start_value on cal_start.value_id=cal_start_value.id\n\n\t\tJOIN {$CONFIG->dbprefix}metadata cal_end on e.guid=cal_end.entity_guid\n\t\tJOIN {$CONFIG->dbprefix}metastrings cal_end_name on cal_end.name_id=cal_end_name.id\n\t\tJOIN {$CONFIG->dbprefix}metastrings cal_end_value on cal_end.value_id=cal_end_value.id\n\t"; $where[] = "cal_start_name.string='calendar_start'"; $where[] = "cal_start_value.string>={$start_time}"; $where[] = "cal_end_name.string='calendar_end'"; $where[] = "cal_end_value.string <= {$end_time}"; // Select what we're joining based on the options $joinon = "e.guid = r.guid_one"; if (!$inverse_relationship) { $joinon = "e.guid = r.guid_two"; } if ($count) { $query = "SELECT count(distinct e.guid) as total "; } else { $query = "SELECT distinct e.* "; } $query .= " from {$CONFIG->dbprefix}entity_relationships r" . " JOIN {$CONFIG->dbprefix}entities e on {$joinon} {$cal_join} where "; foreach ($where as $w) { $query .= " {$w} and "; } // Add access controls $query .= get_access_sql_suffix("e"); if (!$count) { $query .= " order by {$order_by} limit {$offset}, {$limit}"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); } else { if ($count = get_data_row($query)) { return $count->total; } } return false; }
/** * Get entities with the specified access collection id. * * @param $collection_id * @param $entity_type * @param $entity_subtype * @param $owner_guid * @param $limit * @param $offset * @param $order_by * @param $site_guid * @param $count * @return unknown_type */ function get_entities_from_access_collection($collection_id, $entity_type = "", $entity_subtype = "", $owner_guid = 0, $limit = 10, $offset = 0, $order_by = "", $site_guid = 0, $count = false) { global $CONFIG; if (!$collection_id) { return false; } $entity_type = sanitise_string($entity_type); $entity_subtype = get_subtype_id($entity_type, $entity_subtype); $limit = (int) $limit; $offset = (int) $offset; if ($order_by == "") { $order_by = "e.time_created desc"; } else { $order_by = "e.time_created, {$order_by}"; } $order_by = sanitise_string($order_by); $site_guid = (int) $site_guid; if (is_array($owner_guid) && count($owner_guid)) { foreach ($owner_guid as $key => $guid) { $owner_guid[$key] = (int) $guid; } } else { $owner_guid = (int) $owner_guid; } if ($site_guid == 0) { $site_guid = $CONFIG->site_guid; } //$access = get_access_list(); $where = array("e.access_id = {$collection_id}"); if ($entity_type !== "") { $where[] = "e.type='{$entity_type}'"; } if ($entity_subtype) { $where[] = "e.subtype={$entity_subtype}"; } if ($site_guid > 0) { $where[] = "e.site_guid = {$site_guid}"; } if (is_array($owner_guid)) { $where[] = "e.container_guid in (" . implode(",", $owner_guid) . ")"; } else { if ($owner_guid > 0) { $where[] = "e.container_guid = {$owner_guid}"; } } if (!$count) { $query = "SELECT distinct e.* "; } else { $query = "SELECT count(distinct e.guid) as total "; } $query .= "from {$CONFIG->dbprefix}entities e where"; foreach ($where as $w) { $query .= " {$w} and "; } $query .= get_access_sql_suffix("e"); // Add access controls //$query .= ' and ' . get_access_sql_suffix("m"); // Add access controls if (!$count) { $query .= " order by {$order_by} limit {$offset}, {$limit}"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); } else { if ($row = get_data_row($query)) { return $row->total; } } return false; }
/** * Construct and execute the query required for the activity stream. * * @deprecated 1.8 This is outdated and uses the systemlog table instead of the river table. * Don't use it. */ function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") { elgg_deprecated_notice("get_activity_stream_data was deprecated", 1.8); global $CONFIG; $limit = (int) $limit; $offset = (int) $offset; if ($type) { if (!is_array($type)) { $type = array(sanitise_string($type)); } else { foreach ($type as $k => $v) { $type[$k] = sanitise_string($v); } } } if ($subtype) { if (!is_array($subtype)) { $subtype = array(sanitise_string($subtype)); } else { foreach ($subtype as $k => $v) { $subtype[$k] = sanitise_string($v); } } } if ($owner_guid) { if (is_array($owner_guid)) { foreach ($owner_guid as $k => $v) { $owner_guid[$k] = (int) $v; } } else { $owner_guid = array((int) $owner_guid); } } $owner_relationship = sanitise_string($owner_relationship); // Get a list of possible views $activity_events = array(); $activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); $done = array(); foreach ($activity_views as $view) { $fragments = explode('/', $view); $tmp = explode('/', $view, 2); $tmp = $tmp[1]; if (isset($fragments[0]) && ($fragments[0] == 'river' || $fragments[0] == 'activity') && !in_array($tmp, $done)) { if (isset($fragments[1])) { $f = array(); for ($n = 1; $n < count($fragments); $n++) { $val = sanitise_string($fragments[$n]); switch ($n) { case 1: $key = 'type'; break; case 2: $key = 'subtype'; break; case 3: $key = 'event'; break; } $f[$key] = $val; } // Filter result based on parameters $add = true; if ($type) { if (!in_array($f['type'], $type)) { $add = false; } } if ($add && $subtype) { if (!in_array($f['subtype'], $subtype)) { $add = false; } } if ($add) { $activity_events[] = $f; } } $done[] = $tmp; } } $n = 0; foreach ($activity_events as $details) { // Get what we're talking about if ($details['subtype'] == 'default') { $details['subtype'] = ''; } if ($details['type'] && $details['event']) { if ($n > 0) { $obj_query .= " or "; } $access = ""; if ($details['type'] != 'relationship') { $access = " and " . get_access_sql_suffix('sl'); } $obj_query .= "( sl.object_type='{$details['type']}'\n\t\t\t\tAND sl.object_subtype='{$details['subtype']}'\n\t\t\t\tAND sl.event='{$details['event']}' {$access} )"; $n++; } } // User if (count($owner_guid) && $owner_guid[0] != 0) { $user = "******" . implode(',', $owner_guid) . ")"; if ($owner_relationship) { $friendsarray = ""; if ($friends = elgg_get_entities_from_relationship(array('relationship' => $owner_relationship, 'relationship_guid' => $owner_guid[0], 'inverse_relationship' => FALSE, 'type' => 'user', 'subtype' => $subtype, 'limit' => false))) { $friendsarray = array(); foreach ($friends as $friend) { $friendsarray[] = $friend->getGUID(); } $user = "******" . implode(',', $friendsarray) . ")"; } } } $query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl\n\t\tWHERE 1 {$user} AND ({$obj_query})\n\t\tORDER BY sl.time_created desc limit {$offset}, {$limit}"; return get_data($query); }
function __toString() { //$access = get_access_list(); // KJ - changed to use get_access_sql_suffix // Note: currently get_access_sql_suffix is hardwired to use // $acl_field = "access_id", $object_owner_table = $acl_table, and // $object_owner_id_field = "owner_guid" // TODO: recode get_access_sql_suffix to make it possible to specify alternate field names return "and " . get_access_sql_suffix($this->acl_table); // Add access controls //return "and ({$this->acl_table}.{$this->acl_field} in {$access} or ({$this->acl_table}.{$this->acl_field} = 0 and {$this->object_owner_table}.{$this->object_owner_id_field} = {$_SESSION['id']}))"; }
function elgg_solr_get_entity_guids_18($options) { global $CONFIG; $defaults = array('types' => ELGG_ENTITIES_ANY_VALUE, 'subtypes' => ELGG_ENTITIES_ANY_VALUE, 'type_subtype_pairs' => ELGG_ENTITIES_ANY_VALUE, 'guids' => ELGG_ENTITIES_ANY_VALUE, 'owner_guids' => ELGG_ENTITIES_ANY_VALUE, 'container_guids' => ELGG_ENTITIES_ANY_VALUE, 'site_guids' => $CONFIG->site_guid, 'modified_time_lower' => ELGG_ENTITIES_ANY_VALUE, 'modified_time_upper' => ELGG_ENTITIES_ANY_VALUE, 'created_time_lower' => ELGG_ENTITIES_ANY_VALUE, 'created_time_upper' => ELGG_ENTITIES_ANY_VALUE, 'reverse_order_by' => false, 'order_by' => 'e.guid desc', 'group_by' => ELGG_ENTITIES_ANY_VALUE, 'limit' => 10, 'offset' => 0, 'count' => FALSE, 'selects' => array(), 'wheres' => array(), 'joins' => array(), 'callback' => false, '__ElggBatch' => null); $options = array_merge($defaults, $options); // can't use helper function with type_subtype_pair because // it's already an array...just need to merge it if (isset($options['type_subtype_pair'])) { if (isset($options['type_subtype_pairs'])) { $options['type_subtype_pairs'] = array_merge($options['type_subtype_pairs'], $options['type_subtype_pair']); } else { $options['type_subtype_pairs'] = $options['type_subtype_pair']; } } $singulars = array('type', 'subtype', 'guid', 'owner_guid', 'container_guid', 'site_guid'); $options = elgg_normalise_plural_options_array($options, $singulars); // evaluate where clauses if (!is_array($options['wheres'])) { $options['wheres'] = array($options['wheres']); } $wheres = $options['wheres']; $wheres[] = elgg_get_entity_type_subtype_where_sql('e', $options['types'], $options['subtypes'], $options['type_subtype_pairs']); $wheres[] = elgg_get_guid_based_where_sql('e.guid', $options['guids']); $wheres[] = elgg_get_guid_based_where_sql('e.owner_guid', $options['owner_guids']); $wheres[] = elgg_get_guid_based_where_sql('e.container_guid', $options['container_guids']); $wheres[] = elgg_get_guid_based_where_sql('e.site_guid', $options['site_guids']); $wheres[] = elgg_get_entity_time_where_sql('e', $options['created_time_upper'], $options['created_time_lower'], $options['modified_time_upper'], $options['modified_time_lower']); // see if any functions failed // remove empty strings on successful functions foreach ($wheres as $i => $where) { if ($where === FALSE) { return FALSE; } elseif (empty($where)) { unset($wheres[$i]); } } // remove identical where clauses $wheres = array_unique($wheres); // evaluate join clauses if (!is_array($options['joins'])) { $options['joins'] = array($options['joins']); } // remove identical join clauses $joins = array_unique($options['joins']); foreach ($joins as $i => $join) { if ($join === FALSE) { return FALSE; } elseif (empty($join)) { unset($joins[$i]); } } // evalutate selects if ($options['selects']) { $selects = ''; foreach ($options['selects'] as $select) { $selects .= ", {$select}"; } } else { $selects = ''; } if (!$options['count']) { $distinct = ''; if ($options['require_distinct']) { $distinct = ' DISTINCT'; } $query = "SELECT{$distinct} e.guid FROM {$CONFIG->dbprefix}entities e "; } else { $query = "SELECT count(DISTINCT e.guid) as total FROM {$CONFIG->dbprefix}entities e "; } // add joins foreach ($joins as $j) { $query .= " {$j} "; } // add wheres $query .= ' WHERE '; foreach ($wheres as $w) { $query .= " {$w} AND "; } // Add access controls $query .= get_access_sql_suffix('e'); // reverse order by if ($options['reverse_order_by']) { $options['order_by'] = elgg_sql_reverse_order_by_clause($options['order_by']); } if (!$options['count']) { if ($options['group_by']) { $query .= " GROUP BY {$options['group_by']}"; } if ($options['order_by']) { $query .= " ORDER BY {$options['order_by']}"; } if ($options['limit']) { $limit = sanitise_int($options['limit'], false); $offset = sanitise_int($options['offset'], false); $query .= " LIMIT {$offset}, {$limit}"; } $dt = get_data($query); return $dt; } else { $total = get_data_row($query); return (int) $total->total; } }
/** * Get an array of tags with weights for use with the output/tagcloud view. * * @param int $threshold Get the threshold of minimum number of each tags to bother with (ie only show tags where there are more than $threshold occurances) * @param int $limit Number of tags to return * @param string $metadata_name Optionally, the name of the field you want to grab for * @param string $entity_type Optionally, the entity type ('object' etc) * @param string $entity_subtype The entity subtype, optionally * @param int $owner_guid The GUID of the tags owner, optionally * @param int $site_guid Optionally, the site to restrict to (default is the current site) * @param int $start_ts Optionally specify a start timestamp for tags used to generate cloud. * @param int $ent_ts Optionally specify an end timestamp for tags used to generate cloud. * @return array|false Array of objects with ->tag and ->total values, or false on failure */ function get_tags($threshold = 1, $limit = 10, $metadata_name = "", $entity_type = "object", $entity_subtype = "", $owner_guid = "", $site_guid = -1, $start_ts = "", $end_ts = "") { global $CONFIG; $threshold = (int) $threshold; $limit = (int) $limit; if (!empty($metadata_name)) { $metadata_name = (int) get_metastring_id($metadata_name); } else { $metadata_name = 0; } $entity_subtype = get_subtype_id($entity_type, $entity_subtype); $entity_type = sanitise_string($entity_type); if ($owner_guid != "") { if (is_array($owner_guid)) { foreach ($owner_guid as $key => $val) { $owner_guid[$key] = (int) $val; } } else { $owner_guid = (int) $owner_guid; } } if ($site_guid < 0) { $site_guid = $CONFIG->site_id; } //$access = get_access_list(); $query = "SELECT msvalue.string as tag, count(msvalue.id) as total "; $query .= "FROM {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}metadata md on md.entity_guid = e.guid "; if ($entity_subtype > 0) { $query .= " join {$CONFIG->dbprefix}entity_subtypes subtype on subtype.id = e.subtype "; } $query .= " join {$CONFIG->dbprefix}metastrings msvalue on msvalue.id = md.value_id "; $query .= " where msvalue.string != '' "; if ($metadata_name > 0) { $query .= " and md.name_id = {$metadata_name} "; } if ($site_guid > 0) { $query .= " and e.site_guid = {$site_guid} "; } if ($entity_subtype > 0) { $query .= " and e.subtype = {$entity_subtype} "; } if ($entity_type != "") { $query .= " and e.type = '{$entity_type}' "; } if (is_array($owner_guid)) { $query .= " and e.container_guid in (" . implode(",", $owner_guid) . ")"; } else { if (is_int($owner_guid)) { $query .= " and e.container_guid = {$owner_guid} "; } } if ($start_ts) { $start_ts = (int) $start_ts; $query .= " and e.time_created>={$start_ts}"; } if ($end_ts) { $end_ts = (int) $end_ts; $query .= " and e.time_created<={$end_ts}"; } //$userid = get_loggedin_userid(); //$query .= " and (e.access_id in {$access} or (e.access_id = " . ACCESS_PRIVATE . " and e.owner_guid = {$userid}))"; $query .= ' and ' . get_access_sql_suffix("e"); // Add access controls $query .= " group by msvalue.string having total > {$threshold} order by total desc limit {$limit} "; return get_data($query); }