function upload($database, $userlogin, $file, $maxsize, $extensions)
{
if (isset($_FILES[$file]) && $_FILES[$file]['error'] == 0) {
$upload = false;
$upload_dest = '../Users/Images/' . $_SESSION['login'] . '.jpg';
if ($_FILES[$file]['size'] <= $maxsize) {
$infosfichier = pathinfo($_FILES[$file]['name']);
$extension_upload = $infosfichier['extension'];
if (in_array($extension_upload, $extensions)) {
$upload = move_uploaded_file($_FILES[$file]['tmp_name'], $upload_dest);
}
} else {
$msg = "<span class=\"red\">Photo volumineuse</span>";
}
if ($upload == true) {
$photo = pg_escape_string($upload_dest);
$query_photo = pg_query($database, "UPDATE users SET photo='{$photo}' WHERE login='******'") or die('Échec requête : ' . pg_last_error());
if ($query_photo != false) {
$msg = "Envoi du fichier \"" . $_FILES[$file]['name'] . "\" réussi";
} else {
$msg = "Photo envoyée mais non ajouté à la base";
}
pg_free_result($query_photo);
} else {
$msg = "<span class=\"red\">Envoi du fichier \"" . $_FILES[$file]['name'] . "\" échoué</span>";
}
} else {
$msg = "Photo de profil supprimée";
}
return $msg;
}
function Q($sql, $str = false)
{
if ($str == false && !is_integer($sql)) {
$value = -1;
}
return pg_escape_string($sql);
}
function check_str($string, $trim = true)
{
global $db_type, $db;
//when code in db is urlencoded the ' does not need to be modified
if ($db_type == "sqlite") {
if (function_exists('sqlite_escape_string')) {
$string = sqlite_escape_string($string);
} else {
$string = str_replace("'", "''", $string);
}
}
if ($db_type == "pgsql") {
$string = pg_escape_string($string);
}
if ($db_type == "mysql") {
if (function_exists('mysql_real_escape_string')) {
$tmp_str = mysql_real_escape_string($string);
} else {
$tmp_str = mysqli_real_escape_string($db, $string);
}
if (strlen($tmp_str)) {
$string = $tmp_str;
} else {
$search = array("", "\n", "\r", "\\", "'", "\"", "");
$replace = array("\\x00", "\\n", "\\r", "\\\\", "\\'", "\\\"", "\\");
$string = str_replace($search, $replace, $string);
}
}
$string = $trim ? trim($string) : $string;
return $string;
}
function fnSanitizePost($data, $sdb = "PG")
{
//escapes,strips and trims all members of the post array
if (is_array($data)) {
$areturn = array();
foreach ($data as $skey => $svalue) {
$areturn[$skey] = fnSanitizePost($svalue);
}
return $areturn;
} else {
if (!is_numeric($data)) {
//with magic quotes on, the input gets escaped twice, we want to avoid this.
if (get_magic_quotes_gpc()) {
$data = stripslashes($data);
}
//escapes a string for insertion into the database
switch ($sdb) {
case "MySQL":
$data = mysql_real_escape_string($data);
break;
case "PG":
$data = pg_escape_string($data);
break;
}
$data = strip_tags($data);
//strips HTML and PHP tags from a string
}
$data = trim($data);
//trims whitespace from beginning and end of a string
return $data;
}
}
function escape_string($s, $strip_tags = true)
{
if ($strip_tags) {
$s = strip_tags($s);
}
return pg_escape_string($s);
}
protected function processValid()
{
global $cfg;
$db = Database::getInstance($cfg['DPS']['dsn']);
if (is_numeric($this->fieldData['resultCount'])) {
if ($this->fieldData['submit'] == 'Clear List') {
for ($i = 0; $i < $this->fieldData['resultCount']; $i++) {
$cb = 'checkbox_' . $i;
$id = 'trackID_' . $i;
if (is_numeric(pg_escape_string($this->fieldData[$id])) && pg_escape_string($this->fieldData[$id] != "")) {
$trUpdate['censor'] = 'f';
$trUpdate['flagged'] = 'f';
$trWhere = "id = " . pg_escape_string($this->fieldData[$id]);
$db->update('audio', $trUpdate, $trWhere, true);
}
}
} else {
for ($i = 0; $i < $this->fieldData['resultCount']; $i++) {
$cb = 'checkbox_' . $i;
$id = 'trackID_' . $i;
if ($this->fieldData[$cb] == "on" && is_numeric(pg_escape_string($this->fieldData[$id])) && pg_escape_string($this->fieldData[$id] != "")) {
$trUpdate['censor'] = 't';
$trUpdate['flagged'] = 'f';
$trWhere = "id = " . pg_escape_string($this->fieldData[$id]);
$db->update('audio', $trUpdate, $trWhere, true);
}
}
}
}
}
protected function processValid()
{
global $cfg;
$db = Database::getInstance($cfg['DPS']['dsn']);
$audio = $this->fieldData['audioID'];
$style = $this->fieldData['style'];
$AwWall = $this->fieldData['awwallID'];
$AwItemPos = $this->fieldData['awitemPos'];
$text = "";
$subStr = explode("\n", $_POST["text"]);
foreach ($subStr as $value) {
$text = $text . pg_escape_string($value) . "\n";
}
$text = rtrim($text, "\n");
if ($text != '' && $audio != '' && is_numeric($audio)) {
$sql = "SELECT COUNT(*) FROM aw_items, aw_walls \n\t\t\t\tWHERE aw_walls.id = aw_items.wall_id\n\t\t\t\tAND aw_walls.id = " . pg_escape_string($AwWall) . " \n\t\t\t\tAND aw_items.item = " . pg_escape_string($AwItemPos);
$count = $db->getOne($sql);
if ($count == 0) {
$AwItem = array();
$AwItem['text'] = $text;
$AwItem['audio_id'] = $audio;
$AwItem['style_id'] = $style;
$AwItem['wall_id'] = $AwWall;
$AwItem['item'] = $AwItemPos;
$db->insert('aw_items', $AwItem, true);
} else {
//do error stuff
}
}
}
function FetchLogs($channel)
{
$html = "";
$c = 0;
$logs = array();
$display_joins = isset($_GET['data']);
if ($display_joins) {
$sql = "SELECT * FROM logs WHERE channel = '" . pg_escape_string($channel) . "' and time > to_timestamp( '" . pg_escape_string($_GET["start"] . " 00:00:00") . "', 'MM/DD/YYYY HH24:MI:SS' ) and time < to_timestamp( '" . pg_escape_string($_GET["end"] . " 23:59:59") . "', 'MM/DD/YYYY HH24:MI:SS' ) order by time asc;";
} else {
$sql = "SELECT * FROM logs WHERE channel = '" . pg_escape_string($channel) . "' and time > to_timestamp( '" . pg_escape_string($_GET["start"] . " 00:00:00") . "', 'MM/DD/YYYY HH24:MI:SS' ) and time < to_timestamp( '" . pg_escape_string($_GET["end"] . " 23:59:59") . "', 'MM/DD/YYYY HH24:MI:SS' ) and type = 0 order by time asc;";
}
$query = pg_query($sql);
if (!$query) {
die('SQL failure: ' . pg_last_error());
}
while ($item = pg_fetch_assoc($query)) {
$logs[] = $item;
$c++;
}
if ($c == 0) {
return "No logs found, try a different filter";
}
$html .= "<p>Displaying {$c} items:</p>\n";
if (isset($_GET["wiki"])) {
$html .= LogsWiki::Render2($logs);
} else {
$html .= LogsHtml::RenderLogs($logs);
}
return $html;
}
function DDLB_Choices($Name = 'page_size', $selected = '', $ChoiceSuffix = '')
{
# return the HTML which forms a dropdown list box.
# optionally, select the item identified by $selected.
$Debug = 0;
$HTML = '<select name="' . htmlentities($Name);
$HTML .= '" title="select a page size"';
$HTML .= ">\n";
if ($Debug) {
echo "{$NumRows} rows found!<br>";
echo "selected = '{$selected}'<br>";
}
foreach ($this->Choices as $choice => $value) {
$HTML .= '<option value="' . htmlspecialchars(pg_escape_string($value)) . '"';
if ($value == $selected) {
$HTML .= ' selected';
}
$HTML .= '>' . htmlspecialchars(pg_escape_string($choice));
if ($ChoiceSuffix) {
$HTML .= ' ' . htmlspecialchars(pg_escape_string($ChoiceSuffix));
}
$HTML .= "</option>\n";
}
$HTML .= '</select>';
return $HTML;
}
function CreateHTML()
{
global $freshports_CommitMsgMaxNumOfLinesToShow;
if (isset($this->Filter)) {
$sql = "select * from LatestCommitsFiltered({$this->MaxNumberOfPorts}, {$this->UserID}, '" . pg_escape_string($this->Filter) . "')";
} else {
# $sql = "select * from LatestCommits($this->MaxNumberOfPorts, $this->UserID)";
$sql = "\n SELECT LC.*, STF.message AS stf_message\n FROM LatestCommits({$this->MaxNumberOfPorts}, 0, '" . pg_escape_string($this->BranchName) . "') LC LEFT OUTER JOIN sanity_test_failures STF\n ON LC.commit_log_id = STF.commit_log_id\nORDER BY LC.commit_date_raw DESC, LC.category, LC.port, element_pathname";
}
if ($this->Debug) {
echo "\n<p>sql={$sql}</p>\n";
}
$result = pg_exec($this->dbh, $sql);
if (!$result) {
die("read from database failed");
exit;
}
$DisplayCommit = new DisplayCommit($this->dbh, $result);
$DisplayCommit->Debug = $this->Debug;
$DisplayCommit->SetDaysMarkedAsNew($this->DaysMarkedAsNew);
$DisplayCommit->SetUserID($this->UserID);
$DisplayCommit->SetWatchListAsk($this->WatchListAsk);
$RetVal = $DisplayCommit->CreateHTML();
$this->HTML = $DisplayCommit->HTML;
return $RetVal;
}
public function quote($string, $withQuotes = true)
{
if (!is_scalar($string) && !is_null($string) && (!is_object($string) || !method_exists($string, '__toString'))) {
throw new Exception('Trying to quote "' . gettype($string) . '". Value: "' . var_export($string, true) . '"');
}
return $withQuotes ? "'" . pg_escape_string($string) . "'" : pg_escape_string($string);
}
function Add($UserID, $CommitLogID)
{
#
# Add an item to the list
#
#
# make sure we don't report the duplicate entry error when adding...
#
$PreviousReportingLevel = error_reporting(E_ALL ^ E_WARNING);
#
# The subselect ensures the user can only add things to their
# own watch list
#
$sql = "\nINSERT INTO {$this->_TableName}\nSELECT {$UserID} as user_id, \n\t (SELECT id from commit_log where message_id = '" . pg_escape_string($CommitLogID) . "') as commit_log_id\n WHERE not exists (\n SELECT T.user_id, T.commit_log_id\n FROM {$this->_TableName} T\n WHERE T.user_id = {$UserID}\n AND T.commit_log_id = (SELECT id from commit_log where message_id = '" . pg_escape_string($CommitLogID) . "'))";
if ($this->_Debug) {
echo "<pre>{$sql}</pre>";
}
$result = pg_exec($this->dbh, $sql);
if ($result) {
$return = 1;
} else {
# If this isn't a duplicate key error, then break
if (stristr(pg_last_error(), "Cannot insert a duplicate key") == '') {
$return = -1;
} else {
$return = 1;
}
}
error_reporting($PreviousReportingLevel);
return $return;
}
public static function _run($xml, $conn_pg)
{
global $user_maclabel;
$table = array();
$data = array();
foreach ($xml->children() as $k => $v) {
if (!isset($table[$k])) {
$table[$k] = array();
}
if (!isset($data[$k])) {
$data[$k] = array();
}
$assoc = array();
foreach ($v->children() as $r => $c) {
$d = (string) $c;
if ($d !== '') {
if (is_numeric($d)) {
$d = floatval($d);
if (!isset($table[$k][$r])) {
$table[$k][$r] = 'float';
}
} else {
$table[$k][$r] = 'varchar(255)';
}
}
if ($d !== '') {
$assoc[$r] = "'" . pg_escape_string($d) . "'";
}
}
$data[$k][] = $assoc;
}
//ooo, how much memory is used here...
foreach ($table as $k => $v) {
$mod = "";
if ($user_maclabel) {
$mod .= "ALTER TABLE {$k} SET MAC TO NULL; ALTER TABLE {$k} DISABLE COLUMN MACS;";
}
$mod .= "DROP TABLE IF EXISTS {$k}; CREATE TABLE {$k} ( ";
foreach ($v as $col => $typ) {
if ($col != 'maclabel') {
$mod .= "\"{$col}\" {$typ},";
}
}
$mod .= "CHECK(TRUE))";
$mod .= ($_POST['mac_records'] ? " WITH (MACS = true)" : "") . ";";
if ($_POST['mac_columns']) {
$mod .= "ALTER TABLE {$k} ENABLE COLUMN MACS;";
}
pg_query($conn_pg, $mod) or die("error on query " . pg_last_error($conn_pg));
}
foreach ($data as $k => $t) {
pg_query($conn_pg, "BEGIN;");
foreach ($t as $v) {
$ins = "INSERT INTO {$k} ( " . implode(",", array_keys($v)) . ") VALUES (" . implode(",", array_values($v)) . ");";
pg_query($conn_pg, $ins) or die("error on query " . pg_last_error($conn_pg));
}
pg_query($conn_pg, "ANALYZE {$k};");
pg_query($conn_pg, "COMMIT;");
}
}
function Fetch()
{
$sql = "\n\t\tSELECT DISTINCT\n\t\t\tcommit_log.commit_date - SystemTimeAdjust() AS commit_date_raw,\n\t\t\tcommit_log.id AS commit_log_id,\n\t\t\tcommit_log.encoding_losses AS encoding_losses,\n\t\t\tcommit_log.message_id AS message_id,\n\t\t\tcommit_log.committer AS committer,\n\t\t\tcommit_log.description AS commit_description,\n\t\t\tto_char(commit_log.commit_date - SystemTimeAdjust(), 'DD Mon YYYY') AS commit_date,\n\t\t\tto_char(commit_log.commit_date - SystemTimeAdjust(), 'HH24:MI') AS commit_time,\n\t\t\tNULL AS port_id,\n\t\t\tNULL AS category,\n\t\t\tNULL AS category_id,\n\t\t\tNULL AS port,\n\t\t\telement_pathname(element.id) AS pathname,\n\t\t\tNULL AS version,\n\t\t\tcommit_log_elements.revision_name AS revision,\n\t\t\tNULL AS epoch,\n\t\t\telement.status AS status,\n\t\t\tNULL AS needs_refresh,\n\t\t\tNULL AS forbidden,\n\t\t\tNULL AS broken,\n\t\t\tNULL AS deprecated,\n\t\t\tNULL AS ignore,\n\t\t\tNULL AS expiration_date,\n\t\t\tNULL AS date_added,\n\t\t\tNULL AS element_id,\n\t\t\tNULL AS short_description,\n\t\t\tNULL AS stf_message";
if ($this->UserID) {
$sql .= ",\n\t onwatchlist ";
}
$sql .= "\n FROM commit_log, commit_log_elements, element ";
if ($this->UserID) {
$sql .= "\n\t LEFT OUTER JOIN\n\t (SELECT element_id as wle_element_id, COUNT(watch_list_id) as onwatchlist\n\t FROM watch_list JOIN watch_list_element \n\t ON watch_list.id = watch_list_element.watch_list_id\n\t AND watch_list.user_id = " . $this->UserID . "\n\t AND watch_list.in_service\t\t\n\t GROUP BY wle_element_id) AS TEMP\n\t ON TEMP.wle_element_id = element.id";
}
$sql .= "\n\t WHERE commit_log.id IN (SELECT tmp.id FROM (SELECT DISTINCT CL.id, CL.commit_date\n FROM commit_log CL\n WHERE CL.committer = '" . pg_escape_string($this->Committer) . "'\nORDER BY CL.commit_date DESC ";
if ($this->Limit) {
$sql .= " LIMIT " . $this->Limit;
}
if ($this->Offset) {
$sql .= " OFFSET " . $this->Offset;
}
$sql .= ")as tmp)\n\t AND commit_log_elements.commit_log_id = commit_log.id\n\t AND commit_log_elements.element_id = element.id\n ORDER BY 1 desc,\n\t\t\tcommit_log_id";
if ($this->Debug) {
echo '<pre>' . $sql . '</pre>';
}
$this->LocalResult = pg_exec($this->dbh, $sql);
if ($this->LocalResult) {
$numrows = pg_numrows($this->LocalResult);
if ($this->Debug) {
echo "That would give us {$numrows} rows";
}
} else {
$numrows = -1;
echo 'pg_exec failed: ' . "<pre>{$sql}</pre>";
}
return $numrows;
}
function search_db($netid)
{
global $dbfields;
if (!preg_match("/\\A[a-z]{3}([0-9]*)\\Z/i", $netid)) {
return array();
}
init_db();
$query = "select * from users where netid='" . pg_escape_string($netid) . "'";
$result = pg_query($query);
$present = pg_fetch_array($result, null, PGSQL_ASSOC);
if ($present == null) {
return array();
}
$person = new Person($netid);
pg_free_result($result);
foreach ($dbfields as $f) {
$query = "select * from " . $f . " where netid='" . pg_escape_string($netid) . "'";
$result = pg_query($query);
while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) {
$value = $line[$f];
if ($line["ldap"] === "f") {
$person->db_fields[$f][] = $value;
} else {
$person->ldap_fields[$f][] = $value;
}
}
pg_free_result($result);
}
$person->refresh_db();
return array($person);
}
protected function setupTemplate()
{
global $cfg;
parent::setupTemplate();
$db = Database::getInstance($cfg['DPS']['dsn']);
$scriptID = pg_escape_string($this->fieldData['scriptID']);
$auth = Auth::getInstance();
$userID = $auth->getUserID();
$date = time();
if (is_numeric($scriptID)) {
$script_query = "SELECT bit_or(permissions) \n\t\t\t\tFROM v_tree_script\n\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\tAND userid = {$userID}";
$checkScripts = $db->getOne($script_query);
if (substr($checkScripts, 0, 1) == "1") {
if (substr($checkScripts, 1, 1) == "1") {
$this->assign('write', 't');
} else {
$this->assign('write', 'f');
}
$script_sql = "SELECT * FROM scripts WHERE id = " . $scriptID;
$script = $db->getRow($script_sql);
$script['m'] = (int) ($script['length'] / 60);
$script['s'] = $script['length'] - $script['m'] * 60;
$script['niceProducer'] = AuthUtil::getUsername($script['creator']);
$this->assign('script', $script);
} else {
$this->assign('error', 'You do not have permission to edit that script.');
}
} else {
$this->assign('error', 'Invalid Show ID supplied');
}
$this->assign('Admin', AuthUtil::getDetailedUserrealmAccess(array(1), $userID));
}
/**
* Construtor.
*/
function clsEnderecoExterno($idpes = FALSE, $tipo = FALSE, $idtlog = FALSE, $logradouro = FALSE, $numero = FALSE, $letra = FALSE, $complemento = FALSE, $bairro = FALSE, $cep = FALSE, $cidade = FALSE, $sigla_uf = FALSE, $reside_desde = FALSE, $bloco = FALSE, $apartamento = FALSE, $andar = FALSE, $idpes_cad = FALSE, $idpes_rev = FALSE, $zona_localizacao = 1)
{
$idtlog = urldecode($idtlog);
$objPessoa = new clsPessoa_($idpes);
if ($objPessoa->detalhe()) {
$this->idpes = $idpes;
}
$this->tipo = $tipo;
$objTipoLog = new clsTipoLogradouro($idtlog);
if ($objTipoLog->detalhe()) {
$this->idtlog = $idtlog;
}
$this->logradouro = pg_escape_string($logradouro);
$this->numero = $numero;
$this->letra = $letra;
$this->complemento = pg_escape_string($complemento);
$this->bairro = pg_escape_string($bairro);
$this->cep = $cep;
$this->cidade = pg_escape_string($cidade);
$objSiglaUf = new clsUf($sigla_uf);
if ($objPessoa->detalhe()) {
$this->sigla_uf = $sigla_uf;
}
$this->idpes_cad = $idpes_cad ? $idpes_cad : $_SESSION['id_pessoa'];
$this->idpes_rev = $idpes_rev ? $idpes_rev : $_SESSION['id_pessoa'];
$this->reside_desde = $reside_desde;
$this->bloco = $bloco;
$this->apartamento = $apartamento;
$this->andar = $andar;
$this->zona_localizacao = $zona_localizacao;
$this->tabela = 'endereco_externo';
}
function helper_userdata($data)
{
$user_data = array();
$user_data['accion'] = pg_escape_string($data->accion);
$user_data["municipio"] = $data->municipio;
return $user_data;
}
function transform($x, $y, $oldEPSG, $newEPSG)
{
if (is_null($x) || !is_numeric($x) || is_null($y) || !is_numeric($y) || is_null($oldEPSG) || !is_numeric($oldEPSG) || is_null($newEPSG) || !is_numeric($newEPSG)) {
return null;
}
if (SYS_DBTYPE == 'pgsql') {
$con = db_connect(DBSERVER, OWNER, PW);
$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as minx";
$resMinx = db_query($sqlMinx);
$minx = floatval(db_result($resMinx, 0, "minx"));
$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as miny";
$resMiny = db_query($sqlMiny);
$miny = floatval(db_result($resMiny, 0, "miny"));
} else {
$con_string = "host=" . GEOS_DBSERVER . " port=" . GEOS_PORT . " dbname=" . GEOS_DB . "user="******"password="******"Error while connecting database");
/*
* @security_patch sqli done
*/
$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as minx";
$resMinx = pg_query($con, $sqlMinx);
$minx = floatval(pg_fetch_result($resMinx, 0, "minx"));
$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as miny";
$resMiny = pg_query($con, $sqlMiny);
$miny = floatval(pg_fetch_result($resMiny, 0, "miny"));
}
return array("x" => $minx, "y" => $miny);
}
function bindParameters($binds)
{
krsort($binds);
$safe = '$1G#$2T#$3E$#';
$this->sql = str_replace(':', ':' . $safe, $this->sql);
$this->sql = str_replace(':-', ':-' . $safe, $this->sql);
$this->sql = str_replace('->', '->' . $safe, $this->sql);
foreach ($binds as $key => $value) {
if (is_array($value)) {
if (is_null($value[0])) {
$this->sql = str_replace(':' . $safe . $key, "NULL", $this->sql);
$this->sql = str_replace(':-' . $safe . $key, "NULL", $this->sql);
} else {
$this->sql = str_replace(':' . $safe . $key, pg_escape_string($value[0]), $this->sql);
$this->sql = str_replace(':-' . $safe . $key, "'" . pg_escape_string($value[0]) . "'", $this->sql);
}
} else {
if (is_null($value)) {
$this->sql = str_replace(':' . $safe . $key, "NULL", $this->sql);
} else {
if (gettype($value) == "string") {
$this->sql = str_replace(':' . $safe . $key, "'" . pg_escape_string($value) . "'", $this->sql);
} else {
$this->sql = str_replace(':' . $safe . $key, $value, $this->sql);
}
}
$this->sql = str_replace('->' . $safe . $key, $value, $this->sql);
}
}
//return $this->sql;
}
function getNotices()
{
// @fixme there should be a common func for this
if (common_config('db', 'type') == 'pgsql') {
if (!empty($this->out->tag)) {
$tag = pg_escape_string($this->out->tag);
}
} else {
if (!empty($this->out->tag)) {
$tag = mysql_escape_string($this->out->tag);
}
}
$weightexpr = common_sql_weight('fave.modified', common_config('popular', 'dropoff'));
$cutoff = sprintf("fave.modified > '%s'", common_sql_date(time() - common_config('popular', 'cutoff')));
$qry = "SELECT notice.*, {$weightexpr} as weight ";
if (isset($tag)) {
$qry .= 'FROM notice_tag, notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff} and notice.id = notice_tag.notice_id and '{$tag}' = notice_tag.tag";
} else {
$qry .= 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff}";
}
$qry .= ' GROUP BY notice.id,notice.profile_id,notice.content,notice.uri,' . 'notice.rendered,notice.url,notice.created,notice.modified,' . 'notice.reply_to,notice.is_local,notice.source,notice.conversation, ' . 'notice.lat,notice.lon,location_id,location_ns,notice.repeat_of' . ' ORDER BY weight DESC';
$offset = 0;
$limit = NOTICES_PER_SECTION + 1;
$qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset;
$notice = Memcached_DataObject::cachedQuery('Notice', $qry, 1200);
return $notice;
}
protected function processValid()
{
global $cfg;
$db = Database::getInstance($cfg['DPS']['dsn']);
$itemID = pg_escape_string($this->fieldData['itemID']);
$sql = "SELECT showplanid FROM showitems WHERE id = {$itemID}";
$showID = $db->getOne($sql);
$sql = "SELECT * FROM showitems\n\t\t\tWHERE showplanid = {$showID} ORDER BY position ASC";
$showItems = $db->getAll($sql);
$lastItem = false;
foreach ($showItems as $item) {
if ($item['id'] == $itemID) {
if ($lastItem !== false) {
$upUpdate = array();
$downUpdate = array();
$upWhere = "showplanid = {$showID} and id = " . $item['id'];
$downWhere = "showplanid = {$showID} and id = " . $lastItem['id'];
$upUpdate['position'] = $lastItem['position'];
$downUpdate['position'] = $item['position'];
$db->update('showitems', $upUpdate, $upWhere, true);
$db->update('showitems', $downUpdate, $downWhere, true);
}
}
$lastItem = $item;
}
}
protected function setupTemplate()
{
global $cfg;
parent::setupTemplate();
$db = Database::getInstance($cfg['DPS']['dsn']);
$auth = Auth::getInstance();
$userID = $auth->getUserID();
$audioID = pg_escape_string($this->fieldData['audioID']);
$sql = "SELECT jinglepkgid FROM audiojinglepkgs WHERE audioid = {$audioID}";
$jinglepkgID = $db->getOne($sql);
$sql = "SELECT name FROM jinglepkgs WHERE id = {$jinglepkgID}";
$currentpkg = $db->getOne($sql);
if ($currentpkg == '') {
$currentpkg = 'Default';
}
$sql = "SELECT title FROM audio WHERE id = {$audioID}";
$jinglename = $db->getOne($sql);
$sql = "SELECT name, id FROM jinglepkgs";
$jinglepkgs = $db->getAll($sql);
$this->assign('access_playlist', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 33), $userID));
$this->assign('access_sue', AuthUtil::getDetailedUserrealmAccess(array(24, 20, 3), $userID));
$this->assign('Admin', AuthUtil::getDetailedUserrealmAccess(array(1), $userID));
$this->assign('jinglepkgs', $jinglepkgs);
$this->assign('currentpkg', $currentpkg);
$this->assign('currentpkgid', $jinglepkgID);
$this->assign('jinglename', $jinglename);
$this->assign('jingleID', $audioID);
}
public function process($data)
{
$search = $_GET['q'];
$siteId = $_GET['s'];
if (isset($_GET['parent'])) {
$parent = WDStringUtils::toUnixName($_GET['parent']);
} else {
$parent = null;
}
$title = isset($_GET['title']) && $_GET['title'] == 'yes';
if (!is_numeric($siteId) || $search == null || strlen($search) == 0) {
return;
}
$search = pg_escape_string(preg_quote(str_replace(' ', '-', $search)));
$siteId = pg_escape_string($siteId);
$orTitle = $title ? "OR title ~* '^{$search}'" : "";
$query = "SELECT unix_name, COALESCE(title,unix_name) AS title FROM page ";
$query .= "WHERE site_id ='{$siteId}' AND (unix_name ~* '^{$search}' {$orTitle})";
if ($parent) {
$parent = pg_escape_string($parent);
$query .= " AND parent_page_id IN (SELECT page_id FROM page WHERE unix_name = '{$parent}') ";
}
$query .= "ORDER BY unix_name";
Database::init();
return array('pages' => Database::connection()->query($query)->fetchAll());
}
protected function setupTemplate()
{
global $cfg;
parent::setupTemplate();
$db = Database::getInstance($cfg['DPS']['dsn']);
$auth = Auth::getInstance();
$userID = $auth->getUserID();
$scriptID = pg_escape_string($this->fieldData['scriptID']);
if (!is_numeric($scriptID)) {
$this->assign('permError', 't');
} else {
$sql = "SELECT count(*) FROM v_tree_script\n\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileW'] . "' = '" . $cfg['DPS']['fileW'] . "'";
if ($db->getOne($sql) > 0) {
$sql = "SELECT dirid FROM scriptsdir\n\t\t\t\t\tWHERE scriptid = {$scriptID}";
$dirID = $db->getOne($sql);
"SELECT count(*) FROM v_tree_dir\n\t\t\t\t\tWHERE id = {$dirID}\n\t\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileW'] . "' = '" . $cfg['DPS']['fileW'] . "'";
if ($db->getOne($sql) > 0) {
$flag = true;
}
}
if ($flag) {
$sql = "SELECT * FROM scripts WHERE id = {$scriptID}";
$script = $db->getRow($sql);
$sql = "SELECT count(*) FROM v_tree_script\n\t\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileO'] . "' = '" . $cfg['DPS']['fileO'] . "'";
$check = $db->getOne($sql);
if ($check > 0) {
$this->assign('own', 't');
}
$this->assign('script', $script);
$this->assign('treeType', '');
} else {
$this->assign('permError', 't');
}
}
}
protected function setupTemplate()
{
global $cfg;
parent::setupTemplate();
$db = Database::getInstance($cfg['DPS']['dsn']);
$trackIDs = explode(";", $this->fieldData['trackID']);
$tracksDetails = array();
foreach ($trackIDs as $trackID) {
$sql = "SELECT audio.*, albums.name AS album \n\t\t\tFROM audio, albums \n\t\t\tWHERE audio.music_album = albums.id \n\t\t\t\tAND audio.id = " . pg_escape_string($trackID);
$trackDetails = $db->getRow($sql);
$sql = "SELECT DISTINCT artists.name AS name \n\t\t\tFROM artists, audioartists \n\t\t\tWHERE audioartists.audioid = " . pg_escape_string($trackID) . " \n\t\t\t\tAND audioartists.artistid = artists.id";
$trackDetails['artist'] = $db->getColumn($sql);
$sql = "SELECT DISTINCT keywords.name AS name \n\t\t\tFROM keywords, audiokeywords \n\t\t\tWHERE audiokeywords.audioid = " . pg_escape_string($trackID) . " \n\t\t\t\tAND audiokeywords.keywordid = keywords.id";
$trackDetails['keywords'] = $db->getColumn($sql);
$samples = $trackDetails['length_smpl'];
$trackDetails['length'] = $tracksLen = round($samples / 44100 / 60) . "mins " . $samples / 44100 % 60 . "secs.";
$sql = "SELECT * FROM audiocomments \n\t\t\tWHERE audioid = " . pg_escape_string($trackID) . " \n\t\t\tORDER BY creationdate ASC";
$trackDetails['comments'] = $db->getAll($sql);
foreach ($trackDetails['comments'] as &$comment) {
$comment['username'] = AuthUtil::getUsername($comment['userid']);
$comment['comment'] = str_replace("\n", "<br>", $comment['comment']);
$comment['ctime'] = substr($comment['creationdate'], 0, 10);
}
$tracksDetails[] = $trackDetails;
}
$auth = Auth::getInstance();
$userID = $auth->getUserID();
$this->assign('RequestTrack', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 29), $userID));
$this->assign('Access_CommentTrack', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 34), $userID));
$this->assign('Access_EditTrack', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 27), $userID));
$this->assign('Admin', AuthUtil::getDetailedUserrealmAccess(array(1), $userID));
$this->assign('tracksDetails', $tracksDetails);
}
public function quote($val)
{
if (is_null($val)) {
return $val;
}
return "'" . pg_escape_string($val) . "'";
}
function escape($str)
{
if ($this->db && $this->connected) {
$x = @pg_escape_string($this->db, $str);
return $x;
}
}
protected function createEvent ($evname,$evid,$evmgr,$evcontact,$evmin,$evmax,$evfee,$evprize1,$evprize2,$evprize3) {
$this->ename = pg_escape_string($evname);
$this->eid = pg_escape_string($evid);
$this->emgr = pg_escape_string($evmgr);
$this->econtact = pg_escape_string($evcontact);
$this->emin = pg_escape_string($evmin);
$this->emax = pg_escape_string($evmax);
$this->efee = pg_escape_string($evfee);
$this->eprize1 = pg_escape_string($evprize1);
$this->eprize2 = pg_escape_string($evprize2);
$this->eprize3 = pg_escape_string($evprize3);
$qry = "Insert into event(ev_name,ev_id,ev_mgr,ev_contact,ev_min,ev_max,ev_fee,ev_prize1,ev_prize2,ev_prize3)
values ('".$this->ename."',
'".$this->eid."',
'".$this->emgr."',
'".$this->econtact."',
".$this->emin.",
".$this->emax.",
".$this->efee.",
'".$this->eprize1."',
'".$this->eprize2."',
'".$this->eprize3."') RETURNING ev_no";
$eventNo=pg_fetch_assoc(dbquery($qry));
$this->eno=$eventNo['ev_no'];
}
static function find($h)
{
$db = Zend_Registry::get('db');
$h = pg_escape_string($h);
$sql = "select * from auth_hash where hash='{$h}'";
return $db->fetchRow($sql);
}
