function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'userid':
$condition = secure_sql_in($condition);
$this->_query->add_where('(u.userid IN (' . $condition . '))');
break;
case 'first_name':
$this->_query->add_where('(u.first_name = \'' . $condition . '\')');
break;
case 'last_name':
$this->_query->add_where('(u.last_name = \'' . $condition . '\')');
break;
case 'name':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_where('(u.last_name LIKE \'%' . $condition . '%\') OR (u.first_name LIKE \'%' . $condition . '%\') OR (u.username LIKE \'%' . $condition . '%\')');
break;
case 'email_address':
$this->_query->add_where('(u.email_address = \'' . $condition . '\')');
break;
case 'username':
$this->_query->add_where('(u.username = \'' . $condition . '\')');
break;
case 'password':
$this->_query->add_where('(u.password = \'' . $condition . '\')');
break;
case 'session_id':
$this->_query->add_where("u.session_id = '{$condition}'");
break;
case 'user_hash':
$this->_query->add_where("MD5(u.session_id) = '{$condition}'");
break;
case 'activated':
$this->_query->add_where('(u.activated = \'' . $condition . '\')');
break;
case 'group':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = u.userid ', 'gu');
$this->_query->add_where('(gu.group_id IN (' . $condition . '))');
$this->_query->add_group_by('u.userid');
break;
case 'concat_first_last':
$this->_query->add_where('CONCAT(u.first_name, "-", u.last_name ) = \'' . $condition . '\'');
break;
case 'created_before':
$this->_query->add_where('(u.created < (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))');
break;
case 'created_after':
$this->_query->add_where('(u.created > (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))');
break;
case 'md5':
$this->_query->add_where("md5(concat( u.`email_address` , u.`username` , u.`created` ) ) = '{$condition}'");
break;
case 'forgot':
$this->_query->add_where("md5( concat( u.`username` , u.`email_address`, u.`password` ) ) = '{$condition}'");
break;
}
}
function _autocomplete_tags()
{
$sm = vivvo_lite_site::get_instance();
$um = $sm->get_url_manager();
$output = '';
if ($um->isset_param('name')) {
$name = escape_sql_like(secure_sql($um->get_param('name')));
$res = $sm->get_db()->query('SELECT name FROM ' . VIVVO_DB_PREFIX . "tags WHERE name LIKE '{$name}%'");
if (!PEAR::isError($res)) {
$attributes[] = ENT_QUOTES;
$attributes[] = 'UTF-8';
$tags = array_map('html_entity_decode', $res->fetchCol(), $attributes);
$res->free();
$output = '<ul><li>' . implode('</li><li>', $tags) . '</li></ul>';
}
}
echo $output;
exit;
}
/**
* Autocomplete box feed
*/
public function _autocomplete_links()
{
$sm = vivvo_lite_site::get_instance();
$template = $sm->get_template();
$um = $sm->get_url_manager();
$pm = $sm->get_plugin_manager();
$content_template = new template(null, $template);
$content_template->set_template_file($this->_template_root . 'autocomplete_links.xml');
$hrefs = array();
$db = $sm->get_db();
$name = secure_sql($um->get_param('name'));
$sql = "(SELECT id, category_name AS title, sefriendly, '' AS category_id, 'Categories' AS type FROM " . VIVVO_DB_PREFIX . "categories WHERE category_name LIKE '{$name}%')\n\t\t\t\t\t UNION\n\t\t\t\t (SELECT id, title, sefriendly, category_id, 'Articles' AS type FROM " . VIVVO_DB_PREFIX . "articles WHERE title LIKE '{$name}%')";
if ($pm->is_installed('pages')) {
$sql .= "UNION (SELECT id, title, sefriendly, '' AS category_id, 'Pages' AS type FROM " . VIVVO_DB_PREFIX . "pages WHERE title LIKE '{$name}%')";
}
$sql .= "UNION (SELECT t.id, CONCAT(tg.name,': ',t.name) AS title, t.sefriendly AS sefriendly, tg.url AS category_id, 'Tags' AS type FROM " . VIVVO_DB_PREFIX . "tags AS t INNER JOIN " . VIVVO_DB_PREFIX . "tags_to_tags_groups AS ttg ON ttg.tag_id = t.id INNER JOIN " . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id WHERE t.name LIKE '{$name}%' GROUP BY t.id, tg.id) " . "UNION (SELECT id, name AS title, url AS sefriendly, '' AS category_id, 'Topics' AS type FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE name LIKE '{$name}%')";
$res = $db->query($sql);
if (!PEAR::isError($res)) {
$i = 0;
while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
$hrefs[$i] = array();
$hrefs[$i]['title'] = $row['title'];
$hrefs[$i]['id'] = $row['id'];
$hrefs[$i]['type'] = $row['type'];
switch ($row['type']) {
case 'Articles':
if (!$article) {
require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Articles.class.php';
$article = new Articles();
}
$article->id = $row['id'];
$article->title = $row['title'];
$article->sefriendly = $row['sefriendly'];
$article->category_id = $row['category_id'];
$hrefs[$i]['href'] = $article->get_href();
break;
case 'Categories':
if (!$cat) {
$cat = $sm->get_categories();
}
$hrefs[$i]['href'] = $cat->list[$row['id']]->get_href();
break;
case 'Pages':
if (!$page) {
require_once VIVVO_FS_PLUGIN_ROOT . 'plugins/pages/Pages.class.php';
$page = new Pages();
}
$page->id = $row['id'];
$page->title = $row['title'];
$page->sefriendly = $row['sefriendly'];
$hrefs[$i]['href'] = $page->get_href();
break;
case 'Tags':
if (!$tag) {
require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Tags.class.php';
$tag = new Tags();
}
$tag->id = $row['id'];
$tag->name = $row['title'];
$tag->sefriendly = $row['sefriendly'];
$tag->group_url = $row['category_id'] . '/';
$hrefs[$i]['href'] = $tag->get_href();
break;
case 'Topics':
if (!$topic) {
require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/TagsGroups.class.php';
$topic = new TagsGroups();
}
$topic->id = $row['id'];
$topic->name = $row['title'];
$topic->url = $row['sefriendly'];
$hrefs[$i]['href'] = rtrim($topic->get_href(), '/');
break;
}
$i++;
}
}
$content_template->assign('link_list', $hrefs);
return $content_template;
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
case 'name':
case 'sefriendly':
$this->_query->add_where("t.{$type} = '{$condition}'");
break;
case 'name_like':
$condition = str_replace(array('%', '_'), array('\\%', '\\_'), $condition);
$this->_query->add_where("t.name LIKE '%{$condition}%'");
break;
case 'article_id':
$condition = secure_sql_in($condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("at.article_id IN ({$condition})");
break;
case 'tags_group_id':
case 'topic_id':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg');
$this->_query->add_where("ttg.tags_group_id IN ({$condition})");
break;
case 'not_tags_group_id':
case 'not_topic_id':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg');
$this->_query->add_where("ttg.tags_group_id NOT IN ({$condition})");
break;
case 'user_tag_id':
$condition = secure_sql_in($condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("at.tags_group_id IN ({$condition})");
break;
case 'not_user_tag_id':
$condition = secure_sql_in($condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("at.tags_group_id NOT IN ({$condition})");
break;
case 'id_in':
$condition = secure_sql_in($condition);
$this->_query->add_where("t.id IN ({$condition})");
break;
case 'name_array':
case 'sefriendly_array':
foreach ($condition as &$item) {
$item = "'{$item}'";
}
unset($item);
$condition = implode(',', $condition);
$type = str_replace('_array', '', $type);
$this->_query->add_where("t.{$type} IN ({$condition})");
break;
case 'search_starting_with':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("t.name LIKE '%{$condition}%'");
break;
case 'search_label_starting_with':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS tg ON tg.tag_id = t.id ', 'tg');
$this->_query->add_where("t.name LIKE '%{$condition}%'");
break;
case 'user_group_id':
$condition = secure_sql_in(explode(',', $condition));
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu');
$this->_query->add_where("gu.group_id IN ({$condition})");
break;
case 'not_user_group_id':
$condition = secure_sql_in(explode(',', $condition));
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu');
$this->_query->add_where("gu.group_id NOT IN ({$condition})");
break;
case 'article_status':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles AS a ON at.article_id = a.id ', 'a');
$this->_query->add_where("a.status IN ({$condition})");
break;
default:
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case '!id':
$this->_query->add_where('(id != \'' . $condition . '\')');
break;
case 'category_name':
$this->_query->add_where('(category_name = \'' . $condition . '\')');
break;
case 'parent_cat':
$this->_query->add_where('(parent_cat = \'' . $condition . '\')');
break;
case 'order_num':
$this->_query->add_where('(order_num = \'' . $condition . '\')');
break;
case 'article_num':
$this->_query->add_where('(article_num = \'' . $condition . '\')');
break;
case 'template':
$this->_query->add_where('(template = \'' . $condition . '\')');
break;
case 'css':
$this->_query->add_where('(css = \'' . $condition . '\')');
break;
case 'view_subcat':
$this->_query->add_where('(view_subcat = \'' . $condition . '\')');
break;
case 'image':
$this->_query->add_where('(image = \'' . $condition . '\')');
break;
case 'sefriendly':
$this->_query->add_where('(sefriendly = \'' . $condition . '\')');
break;
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case 'user_id':
$this->_query->add_where('(user_id = \'' . $condition . '\')');
break;
case 'query':
$this->_query->add_where('(query = \'' . $condition . '\')');
break;
case 'section':
$this->_query->add_where('(section = \'' . $condition . '\')');
break;
case 'name':
$this->_query->add_where('(name = \'' . $condition . '\')');
break;
case 'html_tag_id':
$this->_query->add_where('(html_tag_id = \'' . $condition . '\')');
break;
}
}
function display_search()
{
$md5 = "";
$signature = "";
$score_k = "";
$score_u = "";
$time_start = "";
$time_end = "";
$meta_field = "";
$meta_value = "";
$metadata = "";
$source = "";
$score_op_k = "";
$score_op_u = "";
$score_op_k_msg = "";
$score_op_u_msg = "";
$results = "";
if (isset($_POST["SEARCH"])) {
$sql_request_select = "SELECT t.task_id,t.md5";
$sql_request_from = " FROM task t";
$sql_request_where = "";
$analysis_table = False;
$signature_table = False;
$submition_table = False;
$metadata_table = False;
if (isset($_POST["md5"]) && !empty($_POST["md5"])) {
$md5 = secure_display($_POST["md5"]);
$sql_request_where .= "AND t.md5 LIKE '" . secure_sql($_POST['md5']) . "' ";
}
if (isset($_POST["score_op_u"]) && !empty($_POST["score_op_u"]) && isset($_POST["score_u"]) && !empty($_POST["score_u"])) {
$score_op_u = secure_display($_POST["score_op_u"]);
if ($score_op_u == "less_or_equal") {
$op = "<=";
} elseif ($score_op_u == "higher_or_equal") {
$op = ">=";
} else {
$op = "=";
}
$analysis_table = True;
$signature_table = True;
$sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' ";
}
if (isset($_POST["score_op_k"]) && !empty($_POST["score_op_k"]) && isset($_POST["score_k"]) && !empty($_POST["score_k"])) {
$score_op_k = secure_display($_POST["score_op_k"]);
if ($score_op_k == "less_or_equal") {
$op = "<=";
} elseif ($score_op_k == "higher_or_equal") {
$op = ">=";
} else {
$op = "=";
}
$analysis_table = True;
$signature_table = True;
$sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_k"]) . "' AND a.kernel_analysis = '1' ";
}
if (isset($_POST["score_op_u"]) && !empty($_POST["source_op_u"])) {
$score_op_u = secure_display($_POST["score_op_u"]);
}
if (isset($_POST["signature"]) && !empty($_POST["signature"])) {
$analysis_table = True;
$signature_table = True;
$signature = secure_display($_POST["signature"]);
$sql_request_where .= "AND s.title LIKE '" . secure_sql($_POST["signature"]) . "' ";
}
if (isset($_POST["score_k"]) && !empty($_POST["score_k"])) {
$score_k = secure_display($_POST["score_k"]);
}
if (isset($_POST["score_u"]) && !empty($_POST["score_u"])) {
$analysis_table = True;
$score_u = secure_display($_POST["score_u"]);
$sql_request_where .= "AND s.score = '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' ";
}
if (isset($_POST["time_start"]) && !empty($_POST["time_start"])) {
$time_start = secure_display($_POST["time_start"]);
}
if (isset($_POST["time_end"]) && !empty($_POST["time_end"])) {
$time_end = secure_display($_POST["time_end"]);
}
if (isset($_POST["meta_field"]) && !empty($_POST["meta_field"]) && isset($_POST["meta_value"]) && !empty($_POST["meta_value"])) {
$metadata_table = True;
$meta_field = secure_display($_POST["meta_field"]);
$meta_value = secure_display($_POST["meta_value"]);
$sql_request_where .= "AND m.name = '" . secure_sql($_POST["meta_field"]) . "' AND m.value LIKE '" . secure_sql($_POST["meta_value"]) . "' ";
}
if (isset($_POST["source"]) && !empty($_POST["source"])) {
$submition_table = True;
$source = secure_display($_POST["source"]);
$sql_request_where .= "AND z.source_type LIKE '" . secure_sql($_POST["source"]) . "' ";
}
if (substr($sql_request_where, 0, 4) == "AND ") {
$sql_request_where = substr($sql_request_where, 3, -1);
}
if ($metadata_table == True) {
$submition_table = True;
$sql_request_where = "z.submition_id = m.submition_id AND " . $sql_request_where;
$sql_request_from .= ",metadata m";
}
if ($submition_table == True) {
$sql_request_where = "z.task_id = z.task_id AND " . $sql_request_where;
$sql_request_from .= ",submition z";
}
if ($analysis_table == True) {
$sql_request_where = "t.task_id = a.task_id AND " . $sql_request_where;
$sql_request_from .= ",analysis a";
}
if ($signature_table == True) {
$sql_request_where = "s.analysis_id = a.analysis_id AND " . $sql_request_where;
$sql_request_from .= ",signature s";
}
$sql_request_end = " GROUP BY t.task_id ORDER BY t.task_id ASC LIMIT 0,10";
if (trim($sql_request_where) != "") {
$sql_request_where = ' WHERE ' . $sql_request_where;
}
$sql_request_full = $sql_request_select . $sql_request_from . $sql_request_where . $sql_request_end;
$data = query_db($sql_request_full);
$results .= '<h2>RESULTS</h2>
<table class="std">
<tr><th class="std">ID</th><th class="std">MD5</th></tr>';
while ($res = $data->fetchArray()) {
$results .= '
<tr><td>' . secure_display($res['task_id']) . '</td><td>' . secure_display($res["md5"]) . '</td></tr>';
}
$results .= '
</table>';
}
$meta_fields_list = '';
$meta_fields = get_metadata_names();
if ($meta_field != '') {
$meta_fields_list = '<option value="' . $meta_field . '">' . $meta_field . '</option>"';
}
while ($field = $meta_fields->fetchArray()) {
$meta_fields_list .= '<option value="' . $field['name'] . '">' . secure_display($field['name']) . '</option>';
}
echo '<h1>SEARCH FOR TASKS</h1>
NB: input data is in LIKE SQL statements, use "%" as wildcards.<br />
<form action="' . $_SERVER['PHP_SELF'] . '?search" method="POST">' . gen_csrf() . '
<table>
<tr><td colspan="2"><input type="submit" name="SEARCH" value="SEARCH" /></td></tr>
<tr><th class="std">MD5</td><td class="std"><input type="TEXT" name="md5" value="' . $md5 . '" /></td></tr>
<tr><th class="std">SIGNATURE</td><td class="std"><input type="TEXT" name="signature" value="' . $signature . '" /></td></tr>
<tr><th class="std">KERNELMODE SIGN SCORE</td><td class="std">
<select name="score_op_k">' . $score_op_k_msg . '
<option value="higher_or_equal">>=</option>
<option value="less_or_equal"><=</option>
<option value="equal">=</option>
</select>
<input type="TEXT" name="score_k" value="' . $score_k . '" /></td></tr>
<tr><th class="std">USERMODE SIGN SCORE</td><td class="std">' . $score_op_u_msg . '
<select name="score_op_u">
<option value="higher_or_equal">>=</option>
<option value="less_or_equal"><=</option>
<option value="equal">=</option>
</select>
<input type="TEXT" name="score_u" value="' . $score_u . '" /></td></tr>
<tr><th class="std">TIME</td><td class="std">From <input type="TEXT" name="time_start" value="' . $time_start . '" /> to <input type="TEXT" name="time_end" value="' . $time_end . '" /> (dd/mm/yyyy)</td></tr>
<tr><th class="std">CUSTOM METADATA</td><td class="std"><select name="meta_field">' . $meta_fields_list . '</select> equals <input type="TEXT" name="meta_value" value="' . $meta_value . '" /></td></tr>
<tr><th class="std">SOURCE</td><td class="std"><input type="TEXT" name="source" value="' . $source . '" /></td></tr>
<tr><th colspan="2"><input type="submit" name="SEARCH" value="SEARCH" /></th></tr>
</table>
</form>' . $results;
}
/**
* Makes $value secure for usage in SQL expressions
*
* @param mixed $value
* @return string
*/
function secure_sql($value)
{
if (is_array($value)) {
foreach ($value as $key => $val) {
$value[$k] = secure_sql($val);
}
} else {
$value = str_replace(array('&', '"', ''', '<', '>'), array('&', '"', "'", '<', '>'), $value);
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (function_exists('mysql_real_escape_string')) {
$value = mysql_real_escape_string($value);
} else {
$value = addslashes($value);
}
}
return $value;
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case 'lastrun':
$this->_query->add_where('(lastrun = \'' . $condition . '\')');
break;
case 'nextrun':
$this->_query->add_where('(nextrun = \'' . $condition . '\')');
break;
case 'scheduled':
$this->_query->add_where('(nextrun < ' . intval($condition) . ' OR nextrun IS NULL)');
break;
case 'time_mask':
$this->_query->add_where('(time_mask = \'' . $condition . '\')');
break;
case 'file':
$this->_query->add_where('(file = \'' . $condition . '\')');
break;
case 'method':
$this->_query->add_where('(method = \'' . $condition . '\')');
break;
case 'arguments':
$this->_query->add_where('(arguments = \'' . $condition . '\')');
break;
case 'hash':
$this->_query->add_where('(hash = \'' . $condition . '\')');
break;
}
}
/**
* Tags feed view (autocomplete items)
*/
public function _tags_feed()
{
$results = array('total' => 0, 'items' => array());
$sm = vivvo_lite_site::get_instance();
$um = $sm->get_url_manager();
if ($um->isset_param('q')) {
$name = strtr(secure_sql($um->get_param('q')), array('%' => '\\%', '_' => '\\_'));
if ($um->isset_param('restrict')) {
$topic_id = ' AND topic_id = ' . (int) $um->get_param('restrict');
} else {
$topic_id = '';
}
if ($um->isset_param('offset')) {
$offset = (int) $um->get_param('offset');
} else {
$offset = 0;
}
if ($um->isset_param('limit')) {
$limit = (int) $um->get_param('limit');
} else {
$limit = 30;
}
$res = $sm->get_db()->query("SELECT CONCAT_WS(':', ttg.tags_group_id, ttg.tag_id) AS value, t.name AS caption, tg.name AS category\n\t\t\t\t\t FROM " . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg
LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags AS t ON ttg.tag_id = t.id
LEFT JOIN ' . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id\n\t\t\t\t\t WHERE t.name LIKE '%{$name}%'{$topic_id}\n\t\t\t\t\t LIMIT {$offset},{$limit}");
if (!PEAR::isError($res)) {
$results['items'] = $res->fetchAll(MDB2_FETCHMODE_ASSOC);
$res->free();
$results['total'] = count($results['items']);
}
}
header('Content-Type: application/json');
echo json_encode($results);
exit;
}
function add_filter($type, $cond = '')
{
$condition = secure_sql($cond);
switch ($type) {
case 'id':
$condition = secure_sql_in($condition);
$this->_query->add_where('(t.id IN (' . $condition . '))');
break;
case 'notid':
$condition = secure_sql_in($condition);
$this->_query->add_where('(t.id NOT IN (' . $condition . '))');
break;
case 'type':
$this->_query->add_where("(t.type='{$condition}')");
break;
case 'ext':
$this->_query->add_where("(t.extensions LIKE '%{$condition}%')");
break;
}
}
function generic_add_filter($params, $prefix = '')
{
if (is_array($params) && !empty($params)) {
$keys = array_keys($params);
foreach ($keys as $k) {
if (preg_match('/^search_field_(.*)_(lt|gt|eq|neq|in|notin|between|notnull|isnull)$/', $k, $arr)) {
$condition = secure_sql($params[$k]);
switch ($arr[2]) {
case 'lt':
$this->_query->add_where('(' . $prefix . $arr[1] . ' < \'' . $condition . '\')');
break;
case 'gt':
$this->_query->add_where('(' . $prefix . $arr[1] . ' > \'' . $condition . '\')');
break;
case 'eq':
$this->_query->add_where('(' . $prefix . $arr[1] . ' = \'' . $condition . '\')');
break;
case 'neq':
$this->_query->add_where('(' . $prefix . $arr[1] . ' != \'' . $condition . '\')');
break;
case 'in':
$condition = secure_sql_in($condition);
$this->_query->add_where('(' . $prefix . $arr[1] . ' IN ' . $condition . ')');
break;
case 'notin':
$condition = secure_sql_in($condition);
$this->_query->add_where('(' . $prefix . $arr[1] . ' NOT IN ' . $condition . ')');
break;
case 'notnull':
$this->_query->add_where('(' . $prefix . $arr[1] . ' IS NOT NULL )');
break;
case 'isnull':
$this->_query->add_where('(' . $prefix . $arr[1] . ' IS NULL )');
break;
case 'between':
$between = explode(',', $condition);
if (is_array($between) && count($between) == 2) {
$this->_query->add_where('(' . $prefix . $arr[1] . ' BETWEEN \'' . $between[0] . '\' AND \'' . $between[1] . '\')');
}
break;
}
}
}
}
}
/**
* Edit category
*
* @param integer $category_id
* @param array $data
* @return boolean true on success or false on fail
*/
function edit_category($category_id, $data)
{
if (!$this->check_token()) {
return false;
}
if (!vivvo_hooks_manager::call('category_edit', array(&$category_id, &$data))) {
return vivvo_hooks_manager::get_status();
}
$sm = vivvo_lite_site::get_instance();
if ($sm->user) {
if ($sm->user->is_admin()) {
$category_id = (int) $category_id;
if (isset($data['category_name'])) {
$data['category_name'] = trim($data['category_name']);
}
if (empty($data['sefriendly'])) {
if (isset($data['category_name']) && !empty($data['category_name'])) {
$data['sefriendly'] = make_sefriendly($data['category_name']);
}
} else {
$data['sefriendly'] = make_sefriendly($data['sefriendly']);
}
if (isset($data['sefriendly'])) {
$sefriendly = secure_sql($data['sefriendly']);
$sql = 'SELECT id FROM ' . VIVVO_DB_PREFIX . "categories WHERE sefriendly = '{$sefriendly}' AND id <> {$category_id} LIMIT 1 UNION\n\t\t\t\t\t\t\t\tSELECT id FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE url = '{$sefriendly}' LIMIT 1";
if (($res = $sm->get_db()->query($sql)) && $res->numRows() > 0) {
$this->set_error_code(2101);
return false;
}
}
$category_list = $sm->get_categories();
$category = $category_list->list[$category_id];
$redirect = $in_category['redirect'];
array_walk($in_category, 'array_htmlspecialchars');
$in_category['redirect'] = $redirect;
if (!empty($data['form']) and $data['form'] == 'link' and empty($data['redirect'])) {
$this->set_error_code(12, vivvo_lang::get_instance()->get_value('LNG_DB_categories_redirect'));
return false;
}
if (isset($category)) {
if (!$category->populate($data, true)) {
$this->set_error_info($category->get_error_info());
return false;
}
$this->_post_master->set_data_object($category);
if ($this->_post_master->sql_update()) {
$fm = $sm->get_file_manager();
if ($fm->is_uploaded('CATEGORY_abstact_image')) {
$abstract_image = $fm->upload('CATEGORY_abstact_image');
if ($abstract_image != false) {
$category->set_image($abstract_image);
$this->_post_master->set_data_object($category);
$this->_post_master->sql_update();
}
}
admin_log($sm->user->get_username(), 'Edited category #' . $category_id);
return true;
} else {
$this->set_error_code(2110);
return false;
}
} else {
$this->set_error_code(2111);
return false;
}
} else {
$this->set_error_code(2112);
return false;
}
} else {
$this->set_error_code(2113);
return false;
}
}
/**
* Adds filter to the WHERE clause of the query
*
* @param string $type
* @param mixed $condition
*/
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
$flag = false;
switch ($type) {
case 'not_id':
case 'not_article_id':
case 'not_version':
case 'not_creator_id':
case 'not_type':
$flag = true;
$type = substr($type, 4);
case 'id':
case 'article_id':
case 'version':
case 'creator_id':
case 'type':
$condition = secure_sql_in($condition);
$operator = ($flag ? 'NOT ' : '') . 'IN';
$this->_query->add_where("ar.{$type} {$operator} ({$condition})");
break;
case 'title_matches':
$this->_query->add_where("ar.title LIKE '%{$condition}%'");
break;
case 'title':
$this->_query->add_where("ar.title = '{$condition}'");
break;
case 'not_created_time':
$flag = true;
case 'created_time':
$condition = (int) $condition;
$operator = $flag ? '!=' : '=';
$this->_query->add_where("ar.created_time {$operator} {$condition}");
break;
case 'created_time_lte':
case 'created_time_gte':
$flag = true;
case 'created_time_lt':
case 'created_time_gt':
$condition = (int) $condition;
$operator = ($type[13] == 'g' ? '>' : '<') . ($flag ? '=' : '');
$this->_query->add_where("ar.created_time {$operator} {$condition}");
break;
default:
// ignore
}
}
function get_assets_quick_search($keyword)
{
$keyword = secure_sql($keyword);
$dir = VIVVO_ASSETS_DIRTYPE_ID;
$sql = "(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files WHERE name LIKE '{$keyword}%' AND filetype_id != {$dir})\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT f.* FROM " . VIVVO_DB_PREFIX . "asset_files as f, " . VIVVO_DB_PREFIX . "asset_keywords as k\n\t\t\t\t\t\tWHERE f.id=k.asset_id AND k.keyword LIKE '{$keyword}%')\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files\n\t\t\t\t\t\tWHERE MATCH (info) AGAINST ('\"{$keyword}\"' IN BOOLEAN MODE) AND filetype_id != {$dir})\n\t\t\t\t\tORDER BY path ASC\n\t\t\t\t\t";
$sm = vivvo_lite_site::get_instance();
$res = $sm->get_db()->query($sql);
$this->list = array();
if (!is_a($res, 'mdb2_error')) {
$class = $this->post_object_type;
while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
if ($sm->_object_cache_manager->is_cached($class, $row[$this->id_key])) {
$this->list[$row[$this->id_key]] = $sm->_object_cache_manager->retrive($class, $row[$this->id_key]);
$this->list[$row[$this->id_key]]->populate($row);
} else {
$object = new $class(null, $row);
$sm->_object_cache_manager->add($class, $row[$this->id_key], $object);
$this->list[$row[$this->id_key]] = $object;
}
}
$res->free();
} else {
$sm->debug_push("sql:", $query, 1);
$sm->debug_push("sql:", $res->getMessage(), 1);
}
return empty($this->list) ? false : $this->list;
}
/**
* Enter description here...
*
* @param unknown_type $value
* @return unknown
*/
function secure_sql($value)
{
return secure_sql($value);
}
function &get_by_not_in_tag_article_user($not_in_tags, $article_id, $user_id)
{
$not_in_tags = secure_sql($not_in_tags);
$article_id = (int) $article_id;
$user_id = (int) $user_id;
$this->_default_query();
$this->add_filter('not_in_tags', $not_in_tags);
$this->add_filter('article_id', $article_id);
$this->add_filter('user_id', $user_id);
$this->set_list();
if (!empty($this->list)) {
return $this->list;
} else {
return false;
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case 'article_id':
$this->_query->add_where('(article_id = \'' . $condition . '\')');
break;
case 'real_path':
$this->_query->add_where('(real_path = \'' . $condition . '\')');
break;
case 'title':
$this->_query->add_where('(title = \'' . $condition . '\')');
break;
case 'order_number':
$this->_query->add_where('(order_number = \'' . $condition . '\')');
break;
}
}
function &get_preference_by_all_variable($variable_name, $variable_property, $variable_value, $module, $domain_id = '', $all = 0)
{
$this->_default_query();
if ($variable_name != '') {
$variable_name = secure_sql($variable_name);
$this->_query->add_where("(variable_name = '" . $variable_name . "')");
}
if ($variable_property != '') {
$this->_query->add_where("(variable_property = '" . $variable_property . "')");
}
if ($variable_value != '') {
$this->_query->add_where("(variable_value = '" . $variable_value . "')");
}
if ($module != '') {
$this->_query->add_where("(module = '" . $module . "')");
} else {
$this->_query->add_where("(module = '' OR ISNULL(module))");
}
if ($domain_id != '') {
$this->_query->add_where("(domain_id = '" . $domain_id . "')");
}
$this->set_list();
if (!empty($this->list)) {
if ($all) {
return $this->list;
} else {
return current($this->list);
}
} else {
return false;
}
}
function rm_dir($dir)
{
if (!$this->check_token()) {
return false;
}
if (!vivvo_hooks_manager::call('asset_delete_dir', array(&$dir))) {
return vivvo_hooks_manager::get_status();
}
$sm = vivvo_lite_site::get_instance();
if ($sm->user) {
if ($sm->user->is('ASSET_MANAGER') or $sm->user->can('MANAGE_FILES')) {
$fulldir = VIVVO_FS_ROOT . $dir;
if (substr($fulldir, -1) != '/') {
$fulldir .= '/';
}
if (file_exists($fulldir) and is_dir($fulldir) and $files = @scandir($fulldir)) {
//quick check if not empty
if (count($files) > 3) {
$this->set_error_code(2832);
return false;
}
foreach ($files as $f) {
//check if any files inthere
if ($f != '.' and $f != '..' and $f != '.htstampdir') {
$this->set_error_code(2832);
return false;
}
}
//remove flagfile, if any
@unlink($fulldir . '.htstampdir');
// try to delete
if (@rmdir($fulldir)) {
admin_log($sm->user->get_username(), 'Removed directory ' . $fulldir);
$parts = explode('/', $dir);
$name = secure_sql(end($parts));
array_pop($parts);
$path = md5(implode('/', $parts) . '/');
$sm->get_db()->exec('DELETE FROM ' . VIVVO_DB_PREFIX . "asset_files WHERE path_md5 = '{$path}' AND name = '{$name}'");
return true;
} else {
$this->set_error_code(2831);
return false;
}
} else {
$this->set_error_code(2836);
return false;
}
} else {
$this->set_error_code(2826);
return false;
}
} else {
$this->set_error_code(2827);
return false;
}
}
/**
* Edit tag group
*
* @param int $id
* @param string $name
* @param string $url
* @param string $template
* @param array $metadata
*/
public function edit_tag_group($id, $name, $url, $template, $tag_template, $metadata, $new_tags = '')
{
if (!vivvo_hooks_manager::call('tag_editGroup', array(&$id, &$name, &$url, &$template, &$tag_template, &$metadata))) {
return vivvo_hooks_manager::get_status();
}
$sm = vivvo_lite_site::get_instance();
$user = $sm->user;
if ($user && $user->can('MANAGE_TAGS')) {
if (empty($url)) {
$url = make_sefriendly($name);
} else {
$url = make_sefriendly($url);
}
$tag_group_list = new TagsGroups_list();
$existing_group = $tag_group_list->get_group_by_name($name);
$tag_group = $tag_group_list->get_group_by_id($id = (int) $id);
if (is_object($existing_group) && $tag_group->id != $existing_group->id) {
$this->set_error_code(2422);
return false;
}
if ($tag_group) {
$sefriendly = secure_sql($url);
$sql = 'SELECT id FROM ' . VIVVO_DB_PREFIX . "categories WHERE sefriendly = '{$sefriendly}' LIMIT 1 UNION\n\t\t\t\t\t\t\tSELECT id FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE url = '{$sefriendly}' AND id <> {$id} LIMIT 1";
if (($res = $sm->get_db()->query($sql)) && $res->numRows() > 0) {
$this->set_error_code(2418);
return false;
}
$old_url = $tag_group->get_url();
$tag_group->set_name(htmlspecialchars($name, ENT_QUOTES, 'UTF-8'));
$tag_group->set_url($url);
$tag_group->set_template($template);
$tag_group->set_tag_template($tag_template);
$tag_group->set_metadata(array_merge($tag_group->get_meta(), $metadata));
$this->_post_master->set_data_object($tag_group);
if (!$this->_post_master->sql_update()) {
$this->set_error_code(2413);
return false;
}
if ($old_url != $url) {
$um = $sm->get_url_manager();
$um->unregister_url(urlencode($old_url));
$um->register_url(urlencode($url), 'lib/vivvo/url_handlers/topic.php', 'topic_url_handler', 'topic_content_handler');
}
if ($new_tags) {
$this->add_tag_names_to_topic($new_tags, $id);
}
admin_log($user->get_username(), 'Edited topic #' . $tag_group->id);
return true;
}
}
$this->set_error_code(2410);
return false;
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$condition = secure_sql_in($condition);
$this->_query->add_where('(id IN (' . $condition . '))');
break;
case 'notid':
$condition = secure_sql_in($condition);
$this->_query->add_where('(id NOT IN (' . $condition . '))');
break;
case 'title':
$this->_query->add_where('(title = \'' . $condition . '\')');
break;
case 'body':
$this->_query->add_where('(body = \'' . $condition . '\')');
break;
case 'hide':
$this->_query->add_where('(hide = \'' . $condition . '\')');
break;
case 'sefriendly':
$this->_query->add_where('(sefriendly = \'' . $condition . '\')');
break;
case 'template':
$this->_query->add_where('(template = \'' . $condition . '\')');
break;
case 'order_number':
$this->_query->add_where('(order_number = \'' . $condition . '\')');
break;
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'name':
case 'url':
case 'template':
case 'tag_template':
$this->_query->add_where("(tg.{$type} = '{$condition}')");
break;
case 'not_id':
$condition = secure_sql_in($condition);
$this->_query->add_where("(tg.id NOT IN ({$condition}))");
break;
case 'starting_with':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_where("(tg.name LIKE '{$condition}%')");
break;
case 'tag_id':
$condition = secure_sql_in($condition);
$this->_query->set_from(VIVVO_DB_PREFIX . $this->_sql_table . ' AS tg, ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg');
$this->_query->add_where("ttg.tag_id IN ({$condition}) AND ttg.tags_group_id = tg.id");
break;
case 'category_id':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tags_group_id = tg.id ', 'at');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles AS a ON a.id = at.article_id ', 'a');
$this->_query->add_where("a.category_id IN ({$condition})");
break;
case 'article_id':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tags_group_id = tg.id ', 'at');
$this->_query->add_where("at.article_id IN ({$condition})");
break;
case 'id':
default:
$condition = secure_sql_in($condition);
$this->_query->add_where("tg.id IN ({$condition})");
break;
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case 'subject':
$this->_query->add_where('(subject = \'' . $condition . '\')');
break;
case 'body':
$this->_query->add_where('(body = \'' . $condition . '\')');
break;
case 'groups':
$this->_query->add_where('(groups = \'' . $condition . '\')');
break;
case 'vte_template':
$this->_query->add_where('(vte_template = \'' . $condition . '\')');
break;
case 'test':
$this->_query->add_where('(test = \'' . $condition . '\')');
break;
case 'test_email':
$this->_query->add_where('(test_email = \'' . $condition . '\')');
break;
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'cm.id':
$condition = secure_sql_in($condition);
$this->_query->add_where('(cm.id IN (' . $condition . '))');
break;
case 'cm.article_id':
$this->_query->add_where('(cm.article_id = \'' . $condition . '\')');
break;
case 'cm.user_id':
$condition = secure_sql_in($condition);
$this->_query->add_where('cm.user_id IN (' . $condition . ')');
break;
case 'cm.description':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_where('(cm.description LIKE \'%' . $condition . '%\')');
break;
case 'cm.create_dt':
$this->_query->add_where('(cm.create_dt = \'' . $condition . '\')');
break;
case 'cm.author':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_where('(cm.author LIKE \'%' . $condition . '%\')');
break;
case 'cm.author_name':
$this->_query->add_where("cm.author = '{$condition}'");
break;
case 'cm.email':
$condition = str_replace('%', '\\%', $condition);
$condition = str_replace('*', '%', $condition);
$condition = str_replace('?', '_', $condition);
$this->_query->add_where('(cm.email LIKE \'' . $condition . '\')');
break;
case 'cm.email_exact':
$this->_query->add_where('(cm.email = \'' . $condition . '\')');
break;
case 'cm.ip':
$condition = str_replace('%', '\\%', $condition);
$condition = str_replace('*', '%', $condition);
$condition = str_replace('?', '_', $condition);
$this->_query->add_where('(cm.ip LIKE \'' . $condition . '\')');
break;
case 'cm.status':
$this->_query->add_where('(cm.status = \'' . $condition . '\')');
break;
case 'cm.created_before':
$this->_query->add_where('(cm.create_dt < (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))');
break;
case 'cm.created_after':
$this->_query->add_where('(cm.create_dt > (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))');
break;
case 'cm.vote':
$this->_query->add_where('(cm.vote = \'' . $condition . '\')');
break;
case 'cm.reply_to':
if ($condition == 0) {
$this->_query->add_where('cm.reply_to IS NULL');
} else {
$condition = secure_sql_in($condition);
$this->_query->add_where("cm.reply_to IN ({$condition})");
}
break;
case 'cm.not_reply_to':
$condition = secure_sql_in($condition);
$this->_query->add_where("cm.reply_to NOT IN ({$condition})");
break;
case 'cm.root_comment':
$condition = secure_sql_in($condition);
$this->_query->add_where("cm.root_comment IN ({$condition})");
break;
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'userid':
break;
case 'first_name':
break;
case 'last_name':
break;
case 'name':
break;
case 'email_address':
break;
case 'username':
break;
case 'activated':
break;
case 'group':
break;
case 'concat_first_last':
break;
case 'created_before':
break;
case 'created_after':
break;
case 'md5':
break;
case 'forgot':
break;
}
}
/**
* Advaced search list generator
*
* @param array $params Search parameters
* @param string $order Order parameters
* @param integer $limit Limit
* @param integer $offset Offset
* @return array Array of articles
*/
function search($params, $order = '', $direction = 'ascending', $limit = 0, $offset = 0, $set_list = true)
{
//search_created_filter
if (!empty($params['search_created_filter']) and intval($params['search_created_filter']) !== 0) {
$this->add_filter('a.created_filter', 1);
}
//search_query
if (isset($params['search_id'])) {
if (is_array($params['search_id'])) {
if (!in_array(0, $params['search_id'])) {
$params['search_id'] = implode(',', $params['search_id']);
$this->add_filter('a.id', $params['search_id']);
}
} else {
if ($params['search_id'] != 0) {
$this->add_filter('a.id', $params['search_id']);
}
}
}
if (isset($params['search_exclude_id'])) {
if (is_array($params['search_exclude_id'])) {
if (!empty($params['search_exclude_id'])) {
$params['search_exclude_id'] = implode(',', $params['search_exclude_id']);
$this->add_filter('!a.id', $params['search_exclude_id']);
}
} else {
if ($params['search_exclude_id'] != 0) {
$this->add_filter('!a.id', $params['search_exclude_id']);
}
}
}
if (isset($params['search_user_id'])) {
if (is_array($params['search_user_id'])) {
if (!in_array(0, $params['search_user_id'])) {
$params['search_user_id'] = implode(',', $params['search_user_id']);
$this->add_filter('a.user_id', $params['search_user_id']);
}
} else {
if ($params['search_user_id'] != 0) {
$this->add_filter('a.user_id', $params['search_user_id']);
}
}
}
if (isset($params['search_cid'])) {
if (is_array($params['search_cid'])) {
if (!in_array(0, $params['search_cid'])) {
$params['search_cid'] = implode(',', $params['search_cid']);
$this->add_filter('a.category_id', $params['search_cid']);
}
} else {
if ($params['search_cid'] != 0) {
$this->add_filter('a.category_id', $params['search_cid']);
}
}
}
if (isset($params['search_exclude_cid'])) {
$this->add_filter('!a.category_id', $params['search_exclude_cid']);
}
if (isset($params['search_author'])) {
if (isset($params['search_author_exact_name']) && $params['search_author_exact_name']) {
$this->add_filter('a.author_exact_name', $params['search_author']);
} else {
$this->add_filter('a.author', $params['search_author']);
}
}
if (isset($params['search_query'])) {
if ($params['search_title_only']) {
$this->add_filter('a.title', $params['search_query']);
} else {
$this->add_filter('a.body', $params['search_query']);
$this->_query->add_fields("(MATCH (body,title,abstract) AGAINST ('" . secure_sql($params['search_query']) . "' IN BOOLEAN MODE)) as relevance");
}
}
//search_search_date
if (isset($params['search_search_date']) && intval($params['search_search_date']) !== 0) {
$this->add_filter($params['search_before_after'] === '1' ? 'a.created_after' : 'a.created_before', $params['search_search_date']);
}
if (isset($params['search_by_date']) && intval($params['search_by_date']) !== 0) {
$date = strtotime($params['search_date']);
$this->add_filter('a.created_year', date('Y', $date));
$this->add_filter('a.created_month', date('m', $date));
$this->add_filter('a.created_day', date('d', $date));
}
if (isset($params['search_by_year']) && intval($params['search_by_year']) !== 0) {
$this->add_filter('a.created_year', $params['search_by_year']);
}
if (isset($params['search_by_month']) && intval($params['search_by_month']) !== 0) {
$this->add_filter('a.created_month', $params['search_by_month']);
}
if (isset($params['search_by_day']) && intval($params['search_by_day']) !== 0) {
$this->add_filter('a.created_day', $params['search_by_day']);
}
if (isset($params['search_image'])) {
$this->add_filter('a.image', $params['search_image']);
}
if (isset($params['search_body'])) {
$this->add_filter('a.body', $params['search_body']);
}
if (isset($params['search_last_read'])) {
$this->add_filter('a.last_read', $params['search_last_read']);
}
if (isset($params['search_times_read'])) {
$this->add_filter('a.times_read', $params['search_times_read']);
}
if (isset($params['search_today_read'])) {
$this->add_filter('a.today_read', $params['search_today_read']);
}
if (isset($params['search_status']) && $params['search_status'] !== '') {
$this->add_filter('a.status', $params['search_status']);
} elseif (!isset($params['search_id']) and !isset($params['search_status_limit'])) {
$this->add_filter('a.not_status', -2);
// exclude soft-deleted
}
if (isset($params['search_status_limit']) && $params['search_status_limit'] == 1) {
$this->add_filter('a.status_limit', $params['search_status_limit']);
}
if (isset($params['search_sefriendly'])) {
$this->add_filter('a.sefriendly', $params['search_sefriendly']);
}
if (isset($params['search_type'])) {
$this->add_filter('a.type', $params['search_type']);
}
if (isset($params['search_order_num'])) {
$this->add_filter('a.order_num', $params['search_order_num']);
}
if (isset($params['search_show_poll'])) {
$this->add_filter('a.show_poll', $params['search_show_poll']);
}
if (isset($params['search_show_comment'])) {
$this->add_filter('a.show_comment', $params['search_show_comment']);
}
if (isset($params['search_rss_feed'])) {
$this->add_filter('a.rss_feed', $params['search_rss_feed']);
}
if (isset($params['search_keywords'])) {
$this->add_filter('a.keywords', $params['search_keywords']);
}
if (isset($params['search_description'])) {
$this->add_filter('a.description', $params['search_description']);
}
if (isset($params['search_emailed'])) {
$this->add_filter('a.emailed', $params['search_emailed']);
}
if (isset($params['search_vote_num'])) {
$this->add_filter('a.vote_num', $params['search_vote_num']);
}
if (isset($params['search_vote_sum'])) {
$this->add_filter('a.vote_sum', $params['search_vote_sum']);
}
if (isset($params['search_abstract'])) {
$this->add_filter('a.abstract', $params['search_abstract']);
}
if (isset($params['search_tag'])) {
$this->add_filter('tag', $params['search_tag']);
}
if (isset($params['search_tag_name']) and defined('VIVVO_ADMIN_MODE')) {
$this->add_filter('tag_matches', $params['search_tag_name']);
}
if (isset($params['search_tag_id'])) {
$this->add_filter('tag_id', $params['search_tag_id']);
}
if (isset($params['search_all_tag_ids'])) {
$this->add_filter('all_tag_ids', $params['search_all_tag_ids']);
}
if (isset($params['search_tags_group_id'])) {
$this->add_filter('tags_group_id', $params['search_tags_group_id']);
}
if (isset($params['search_topic_id'])) {
$this->add_filter('tags_group_id', $params['search_topic_id']);
}
if (isset($params['search_related'])) {
$this->add_filter('related', $params['search_related']);
}
if (isset($params['search_topic'])) {
$this->add_filter('tags_group_name', $params['search_topic']);
}
if (isset($params['search_user_group_id'])) {
$this->add_filter('user_group_id', $params['search_user_group_id']);
}
if (isset($params['search_not_user_group_id'])) {
$this->add_filter('not_user_group_id', $params['search_not_user_group_id']);
}
if (defined('VIVVO_FORCE_CATEGORY_RESTRICTION') && VIVVO_FORCE_CATEGORY_RESTRICTION != '') {
$this->add_filter('a.category_id', VIVVO_FORCE_CATEGORY_RESTRICTION);
}
if (isset($params['search_schedule_id'])) {
$this->add_filter('sc.id', $params['search_schedule_id']);
}
if (isset($params['search_schedule_duration'])) {
$this->add_filter('sc.duration', $params['search_schedule_duration']);
}
if (isset($params['search_schedule_year'])) {
$this->add_filter('sc.year', $params['search_schedule_year']);
}
if (isset($params['search_schedule_id_in'])) {
$this->add_filter('sc.id_in', $params['search_schedule_id_in']);
}
if (isset($params['search_schedule_duration_in'])) {
$this->add_filter('sc.duration_in', $params['search_schedule_duration_in']);
}
if (isset($params['search_schedule_year_in'])) {
$this->add_filter('sc.year_in', $params['search_schedule_year_in']);
}
if (isset($params['search_schedule_id_not_in'])) {
$this->add_filter('sc.id_not_in', $params['search_schedule_id_not_in']);
}
if (isset($params['search_schedule_duration_not_in'])) {
$this->add_filter('sc.duration_not_in', $params['search_schedule_duration_not_in']);
}
if (isset($params['search_schedule_year_not_in'])) {
$this->add_filter('sc.year_not_in', $params['search_schedule_year_not_in']);
}
if (isset($params['search_schedule_duration_lt'])) {
$this->add_filter('sc.duration_lt', $params['search_schedule_duration_lt']);
}
if (isset($params['search_schedule_year_lt'])) {
$this->add_filter('sc.year_lt', $params['search_schedule_year_lt']);
}
if (isset($params['search_schedule_duration_lte'])) {
$this->add_filter('sc.duration_lte', $params['search_schedule_duration_lte']);
}
if (isset($params['search_schedule_year_lte'])) {
$this->add_filter('sc.year_lte', $params['search_schedule_year_lte']);
}
if (isset($params['search_schedule_duration_gt'])) {
$this->add_filter('sc.duration_gt', $params['search_schedule_duration_gt']);
}
if (isset($params['search_schedule_year_gt'])) {
$this->add_filter('sc.year_gt', $params['search_schedule_year_gt']);
}
if (isset($params['search_schedule_duration_gte'])) {
$this->add_filter('sc.duration_gte', $params['search_schedule_duration_gte']);
}
if (isset($params['search_schedule_year_gte'])) {
$this->add_filter('sc.year_gte', $params['search_schedule_year_gte']);
}
if (isset($params['search_schedule_minute'])) {
$this->add_filter('sc.minute', $params['search_schedule_minute']);
}
if (isset($params['search_schedule_hour'])) {
$this->add_filter('sc.hour', $params['search_schedule_hour']);
}
if (isset($params['search_schedule_dom'])) {
$this->add_filter('sc.dom', $params['search_schedule_dom']);
}
if (isset($params['search_schedule_month'])) {
$this->add_filter('sc.month', $params['search_schedule_month']);
}
if (isset($params['search_schedule_dow'])) {
$this->add_filter('sc.dow', $params['search_schedule_dow']);
}
if (isset($params['search_schedule_date'])) {
$this->add_filter('sc.date', $params['search_schedule_date']);
}
if (defined('VIVVO_CUSTOM_FIELD_SEARCH') && VIVVO_CUSTOM_FIELD_SEARCH == 1) {
if (isset($params['generic_search']) && $params['generic_search'] !== false) {
$this->generic_add_filter($params['generic_search'], 'a.');
}
}
// search order //
$search_direction = $direction === 'descending' ? ' DESC' : ' ASC';
switch ($order) {
case 'most_popular':
if (VIVVO_MODULES_MOST_POPULAR_COUNTER == 0) {
$this->_query->add_order('a.today_read' . $search_direction);
} else {
$this->_query->add_order('a.times_read' . $search_direction);
}
break;
case 'most_commented':
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'comments as c ON c.article_id = a.id ', 'c');
$this->_query->add_fields(' COUNT(DISTINCT c.id) AS number_of_comments');
defined('VIVVO_ADMIN_MODE') or $this->_query->add_where("c.status = '1'");
$this->_query->add_order('number_of_comments' . $search_direction);
$this->_query->add_group_by('a.id');
break;
case 'most_emailed':
$this->_query->add_order('a.emailed' . $search_direction);
break;
case 'id':
$this->_query->add_order('a.id' . $search_direction);
break;
case 'category_id':
$this->_query->add_order('a.category_id' . $search_direction);
break;
case 'user_id':
$this->_query->add_order('a.user_id' . $search_direction);
break;
case 'author':
if (VIVVO_USE_COLLATE) {
$this->_query->add_order('a.author COLLATE ' . VIVVO_DB_COLLATION . ' ' . $search_direction);
} else {
$this->_query->add_order('a.author ' . $search_direction);
}
break;
case 'title':
if (VIVVO_USE_COLLATE) {
$this->_query->add_order('a.title COLLATE ' . VIVVO_DB_COLLATION . ' ' . $search_direction);
} else {
$this->_query->add_order('a.title ' . $search_direction);
}
break;
case 'image':
$this->_query->add_order('a.image' . $search_direction);
break;
case 'created':
$this->_query->add_order('a.created' . $search_direction);
break;
case 'last_edited':
$this->_query->add_order('a.last_edited' . $search_direction);
break;
case 'body':
$this->_query->add_order('a.body' . $search_direction);
break;
case 'last_read':
$this->_query->add_order('a.last_read' . $search_direction);
break;
case 'times_read':
$this->_query->add_order('a.times_read' . $search_direction);
break;
case 'today_read':
$this->_query->add_order('a.today_read' . $search_direction);
break;
case 'status':
$this->_query->add_order('a.status' . $search_direction);
break;
case 'sefriendly':
$this->_query->add_order('a.sefriendly' . $search_direction);
break;
case 'link':
$this->_query->add_order('a.link' . $search_direction);
break;
case 'order_num':
$this->_query->add_order('a.order_num' . $search_direction);
break;
case 'document':
$this->_query->add_order('a.document' . $search_direction);
break;
case 'show_poll':
$this->_query->add_order('a.show_poll' . $search_direction);
break;
case 'show_comment':
$this->_query->add_order('a.show_comment' . $search_direction);
break;
case 'rss_feed':
$this->_query->add_order('a.rss_feed' . $search_direction);
break;
case 'keywords':
$this->_query->add_order('a.keywords' . $search_direction);
break;
case 'description':
$this->_query->add_order('a.description' . $search_direction);
break;
case 'emailed':
$this->_query->add_order('a.emailed' . $search_direction);
break;
case 'vote_num':
$this->_query->add_order('a.vote_num' . $search_direction);
break;
case 'vote_sum':
$this->_query->add_order('a.vote_sum' . $search_direction);
break;
case 'vote_avg':
$this->_query->add_order('(a.vote_sum / a.vote_num) DESC');
break;
case 'random':
$this->_query->add_order('rand( )' . $search_direction);
break;
case 'abstract':
$this->_query->add_order('a.abstract' . $search_direction);
break;
case 'relevance':
if (isset($params['search_query']) && $params['search_title_only'] == 1) {
$this->_query->add_order('relevance' . $search_direction);
} else {
$this->_query->add_order('a.order_num' . $search_direction);
}
break;
case 'schedule_duration':
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_schedule AS sc ON sc.article_id = a.id ', 'sc');
$this->_query->add_order("sc.duration {$search_direction}");
break;
break;
default:
if ($order != '' && defined('VIVVO_CUSTOM_FIELD_SORT') && VIVVO_CUSTOM_FIELD_SORT == 1) {
if (!$this->generic_sort('a.', $order, $search_direction)) {
$order = 'a.id';
$this->_query->add_order('a.id' . ' DESC');
}
} else {
$order = 'a.id';
$this->_query->add_order('a.id' . ' DESC');
}
break;
}
$limit = (int) $limit;
$this->_query->set_limit($limit);
$offset = (int) $offset;
$this->_query->set_offset($offset);
$this->_default_query(true);
if ($set_list) {
$this->set_list();
return $this->list;
}
}
function get_task_analyses($task_id)
{
global $db_handler;
$task_id_s = secure_sql($task_id);
if (!is_numeric($task_id)) {
error("[get_task_analyses] Task ID not int: " . $task_id_s, "SECURITY");
return NULL;
}
$results = query_db("SELECT a.analysis_id,kernel_analysis,SUM(s.score) AS 'total_score',state FROM analysis a,(SELECT signature_id,analysis_id,score FROM signature UNION SELECT 0,analysis_id,0 FROM analysis) s WHERE task_id = '" . $task_id_s . "' AND s.analysis_id = a.analysis_id GROUP BY a.analysis_id ORDER BY a.analysis_id ASC");
return $results;
}
/**
* Secure filter for SELECT query
*
* @param string $type
* @param string $condition
*/
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where("id = {$condition}");
break;
case 'poll_id':
$this->_query->add_where("poll_id = {$condition}");
break;
}
}
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
case 'tag_id':
case 'tags_group_id':
$condition = secure_sql_in($condition);
$this->_query->add_where("({$type} IN ({$condition}))");
break;
case 'not_id':
$this->_query->add_where("(id<>'{$condition}')");
break;
default:
$condition = secure_sql_in($condition);
$this->_query->add_where("(id IN ({$condition}))");
break;
}
}
