function draw()
{
$this->beginForm();
if (Url::get('cmd') == 'edit' && ($row = DB::select('bad_words', 'id=' . intval(AZLib::getParam('id'))))) {
$contents = $row['contents'];
$reason = $row['reason'];
$exact = $row['exact'];
if ($row['is_phone'] == 1) {
$contents = BadWord::filter_badword_show($contents);
}
$is_phone = $row['is_phone'];
} else {
$contents = '';
$exact = '';
$is_phone = '';
$reason = '';
}
global $display;
$display->add('msg', $this->showFormErrorMessages());
$display->add('contents', $contents);
$display->add('reason', $reason);
$display->add('exact', $exact);
$display->add('is_phone', $is_phone);
$display->add('cmd', Url::get('cmd'));
$display->output('edit');
$this->endForm();
}
function draw()
{
$this->beginForm();
global $display;
$str_badword = stripslashes(Url::get("bad_word"));
$show_bw = array();
if (Url::get("submit") == "Kiểm tra" && $str_badword) {
$show_bw = array();
$show_bw = AZLib::checkBadWord($str_badword, true, false, true);
$display->add('show_bw', $show_bw);
}
$display->add('bad_word', $str_badword);
$search_value = ' contents <>"" ';
if (Url::get('contents')) {
$search_value .= ' AND contents like "%' . Url::get('contents') . '%" OR reason like "%' . Url::get('contents') . '%" ';
}
$item_per_page = 100;
$sql_count = 'SELECT COUNT(*) AS total_item FROM bad_words WHERE ' . $search_value;
$total = DB::fetch($sql_count, 'total_item', 0);
$items = array();
if ($total) {
$limit = '';
$paging = AZPagging::pagingSE($limit, $total, $item_per_page, 10, 'page_no', true, 'Tin', 'Trang');
$sql = 'SELECT * FROM bad_words WHERE ' . $search_value . ' ORDER BY exact DESC, id DESC ' . $limit;
$result = DB::query($sql);
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
$row['del_link'] = Url::build_all(array('chk_id', 'del_all', 'cmd', 'id', 'contents'), 'cmd=delete&id=' . $row['id']);
if ($row['is_phone'] == 1) {
$row['contents'] = BadWord::filter_badword_show($row['contents']);
}
$items[$row['id']] = $row;
}
}
} else {
$paging = '';
}
$display->add('items', $items);
$display->add('url_add', WEB_DIR . AZRewrite::formatUrl('?page=manage_badword&cmd=add'));
$display->add('contents', Url::get('contents'));
$display->add('paging', $paging);
$display->output('list');
$this->endForm();
}
function updatePatronInfo($canUpdateContactInfo)
{
$updateErrors = array();
if ($canUpdateContactInfo) {
global $configArray;
global $user;
//Check to make sure the patron alias is valid if provided
if (isset($_REQUEST['displayName']) && $_REQUEST['displayName'] != $user->displayName && strlen($_REQUEST['displayName']) > 0) {
//make sure the display name is less than 15 characters
if (strlen($_REQUEST['displayName']) > 15) {
$updateErrors[] = 'Sorry your display name must be 15 characters or less.';
return $updateErrors;
} else {
//Make sure that we are not using bad words
require_once ROOT_DIR . '/Drivers/marmot_inc/BadWord.php';
$badWords = new BadWord();
$badWordsList = $badWords->getBadWordExpressions();
$okToAdd = true;
foreach ($badWordsList as $badWord) {
if (preg_match($badWord, $_REQUEST['displayName'])) {
$okToAdd = false;
break;
}
}
if (!$okToAdd) {
$updateErrors[] = 'Sorry, that name is in use or invalid.';
return $updateErrors;
}
//Make sure no one else is using that
$userValidation = new User();
$userValidation->query("SELECT * from {$userValidation->__table} WHERE id <> {$user->id} and displayName = '{$_REQUEST['displayName']}'");
if ($userValidation->N > 0) {
$updateErrors[] = 'Sorry, that name is in use or is invalid.';
return $updateErrors;
}
}
}
//Setup Curl
$header = array();
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$cookie = tempnam("/tmp", "CURLCOOKIE");
//Start at My Account Page
$curl_url = $this->hipUrl . "/ipac20/ipac.jsp?profile={$configArray['Catalog']['hipProfile']}&menu=account";
$curl_connection = curl_init($curl_url);
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl_connection, CURLOPT_UNRESTRICTED_AUTH, true);
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($curl_connection, CURLOPT_COOKIESESSION, true);
curl_setopt($curl_connection, CURLOPT_REFERER, $curl_url);
curl_setopt($curl_connection, CURLOPT_FORBID_REUSE, false);
curl_setopt($curl_connection, CURLOPT_HEADER, false);
curl_setopt($curl_connection, CURLOPT_HTTPGET, true);
$sresult = curl_exec($curl_connection);
global $logger;
$logger->log("Loading Full Record {$curl_url}", PEAR_LOG_INFO);
//Extract the session id from the requestcopy javascript on the page
if (preg_match('/\\?session=(.*?)&/s', $sresult, $matches)) {
$sessionId = $matches[1];
} else {
PEAR_Singleton::raiseError('Could not load session information from page.');
}
//Login by posting username and password
curl_setopt($curl_connection, CURLOPT_POST, true);
$post_data = array('aspect' => 'overview', 'button' => 'Login to Your Account', 'login_prompt' => 'true', 'menu' => 'account', 'profile' => $configArray['Catalog']['hipProfile'], 'ri' => '', 'sec1' => $user->cat_username, 'sec2' => $user->cat_password, 'session' => $sessionId);
$post_string = http_build_query($post_data);
$curl_url = $this->hipUrl . "/ipac20/ipac.jsp";
curl_setopt($curl_connection, CURLOPT_URL, $curl_url);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$sresult = curl_exec($curl_connection);
/** @var Memcache $memCache */
global $memCache;
// needed here?
//update patron information. Use HIP to update the e-mail to make sure that all business rules are followed.
if (isset($_REQUEST['email'])) {
$post_data = array('menu' => 'account', 'newemailtext' => $_REQUEST['email'], 'newpin' => '', 'oldpin' => '', 'profile' => $configArray['Catalog']['hipProfile'], 'renewpin' => '', 'session' => $sessionId, 'submenu' => 'info', 'updateemail' => 'Update');
$post_string = http_build_query($post_data);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$sresult = curl_exec($curl_connection);
//check for errors in boldRedFont1
if (preg_match('/<td.*?class="boldRedFont1".*?>(.*?)(?:<br>)*<\\/td>/si', $sresult, $matches)) {
$updateErrors[] = $matches[1];
} else {
// Update the users cat_password in the Pika database
$user->email = $_REQUEST['email'];
}
}
if (isset($_REQUEST['oldPin']) && strlen($_REQUEST['oldPin']) > 0 && isset($_REQUEST['newPin']) && strlen($_REQUEST['newPin']) > 0) {
$post_data = array('menu' => 'account', 'newemailtext' => $_REQUEST['email'], 'newpin' => $_REQUEST['newPin'], 'oldpin' => $_REQUEST['oldPin'], 'profile' => $configArray['Catalog']['hipProfile'], 'renewpin' => $_REQUEST['verifyPin'], 'session' => $sessionId, 'submenu' => 'info', 'updatepin' => 'Update');
$post_string = http_build_query($post_data);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$sresult = curl_exec($curl_connection);
//check for errors in boldRedFont1
if (preg_match('/<td.*?class="boldRedFont1".*?>(.*?)(?:<br>)*<\\/td>/', $sresult, $matches)) {
$updateErrors[] = $matches[1];
} else {
//Update the users cat_password in the Pika database
$user->cat_password = $_REQUEST['newPin'];
}
}
if (isset($_REQUEST['phone'])) {
//TODO: Implement Setting Notification Methods
$updateErrors[] = 'Phone number can not be updated.';
}
if (isset($_REQUEST['address1']) || isset($_REQUEST['city']) || isset($_REQUEST['state']) || isset($_REQUEST['zip'])) {
//TODO: Implement Setting Notification Methods
$updateErrors[] = 'Address Information can not be updated.';
}
if (isset($_REQUEST['notices'])) {
//TODO: Implement Setting Notification Methods
$updateErrors[] = 'Notice Method can not be updated.';
}
if (isset($_REQUEST['pickuplocation'])) {
//TODO: Implement Setting Pick-up Locations
$updateErrors[] = 'Pickup Locations can not be updated.';
}
//check to see if the user has provided an alias
if (isset($_REQUEST['displayName']) && $_REQUEST['displayName'] != $user->displayName || isset($_REQUEST['disableRecommendations']) && $_REQUEST['disableRecommendations'] != $user->disableRecommendations || isset($_REQUEST['disableCoverArt']) && $_REQUEST['disableCoverArt'] != $user->disableCoverArt || isset($_REQUEST['bypassAutoLogout']) && $_REQUEST['bypassAutoLogout'] != $user->bypassAutoLogout) {
$user->displayName = $_REQUEST['displayName'];
$user->disableRecommendations = $_REQUEST['disableRecommendations'];
$user->disableCoverArt = $_REQUEST['disableCoverArt'];
if (isset($_REQUEST['bypassAutoLogout'])) {
$user->bypassAutoLogout = $_REQUEST['bypassAutoLogout'] == 'yes' ? 1 : 0;
}
}
// update Pika user data & clear cache of patron profile
$user->update();
UserAccount::updateSession($user);
$this->clearPatronProfile();
// Make sure to clear any cached data
unlink($cookie);
} else {
$updateErrors[] = 'You do not have permission to update profile information.';
}
return $updateErrors;
}
/**
* @param string $source
* @return array
*/
function getComments($source = 'VuFind')
{
require_once ROOT_DIR . '/services/MyResearch/lib/Comments.php';
$sql = "SELECT comments.*, CONCAT(LEFT(user.firstname,1), '. ', user.lastname) as fullname, user.displayName as displayName " . "FROM comments RIGHT OUTER JOIN user on comments.user_id = user.id " . "WHERE comments.resource_id = '{$this->id}' ORDER BY comments.created";
//Get a reference to the scope we are in so we can determine how to process the comments.
global $library;
global $user;
//Load all bad words.
require_once ROOT_DIR . '/Drivers/marmot_inc/BadWord.php';
$badWords = new BadWord();
$badWordsList = $badWords->getBadWordExpressions();
$commentList = array();
$commentList['user'] = array();
$commentList['staff'] = array();
$comment = new Comments();
$comment->query($sql);
if ($comment->N) {
while ($comment->fetch()) {
$okToAdd = true;
if (isset($user) && $user != false && $user->id == $comment->user_id) {
//It's always ok to show the user what they wrote
} else {
//Determine if we should censor bad words or hide the comment completely.
$censorWords = true;
if (isset($library)) {
$censorWords = $library->hideCommentsWithBadWords == 0 ? true : false;
}
if ($censorWords) {
$commentText = $comment->comment;
foreach ($badWordsList as $badWord) {
$commentText = preg_replace($badWord, '***', $commentText);
}
$comment->comment = $commentText;
} else {
//Remove comments with bad words
$commentText = trim($comment->comment);
foreach ($badWordsList as $badWord) {
if (preg_match($badWord, $commentText)) {
$okToAdd = false;
break;
}
}
}
}
if ($okToAdd) {
//Remove any hashtags that were added to the review.
if (preg_match('/#.*/', $comment->comment)) {
$comment->comment = preg_replace('/#.*/', '', $comment->comment);
$commentList['staff'][] = clone $comment;
} else {
$commentList['user'][] = clone $comment;
}
}
}
}
return $commentList;
}
/**
* @param UserListEntry $listEntry - The resource to be cleaned
* @return UserListEntry|bool
*/
function cleanListEntry($listEntry)
{
global $configArray;
global $user;
// Connect to Database
$this->catalog = CatalogFactory::getCatalogConnectionInstance();
//Filter list information for bad words as needed.
if ($user == false || $this->user_id != $user->id) {
//Load all bad words.
global $library;
require_once ROOT_DIR . '/Drivers/marmot_inc/BadWord.php';
$badWords = new BadWord();
$badWordsList = $badWords->getBadWordExpressions();
//Determine if we should censor bad words or hide the comment completely.
$censorWords = true;
if (isset($library)) {
$censorWords = $library->hideCommentsWithBadWords == 0 ? true : false;
}
if ($censorWords) {
//Filter Title
$titleText = $this->title;
foreach ($badWordsList as $badWord) {
$titleText = preg_replace($badWord, '***', $titleText);
}
$this->title = $titleText;
//Filter description
$descriptionText = $this->description;
foreach ($badWordsList as $badWord) {
$descriptionText = preg_replace($badWord, '***', $descriptionText);
}
$this->description = $descriptionText;
//Filter notes
$notesText = $listEntry->notes;
foreach ($badWordsList as $badWord) {
$notesText = preg_replace($badWord, '***', $notesText);
}
$this->description = $notesText;
} else {
//Check for bad words in the title or description
$titleText = $this->title;
if (isset($listEntry->description)) {
$titleText .= ' ' . $listEntry->description;
}
//Filter notes
$titleText .= ' ' . $listEntry->notes;
foreach ($badWordsList as $badWord) {
if (preg_match($badWord, $titleText)) {
return false;
}
}
}
}
return $listEntry;
}
/**
* @param $resource - The resource to be cleaned
* @return Resource|bool
*/
function cleanResource($resource)
{
global $configArray;
global $user;
// Connect to Database
$this->catalog = new CatalogConnection($configArray['Catalog']['driver']);
//Filter list information for bad words as needed.
if ($user == false || $this->user_id != $user->id) {
//Load all bad words.
global $library;
require_once ROOT_DIR . '/Drivers/marmot_inc/BadWord.php';
$badWords = new BadWord();
$badWordsList = $badWords->getBadWordExpressions();
//Determine if we should censor bad words or hide the comment completely.
$censorWords = true;
if (isset($library)) {
$censorWords = $library->hideCommentsWithBadWords == 0 ? true : false;
}
if ($censorWords) {
//Filter Title
$titleText = $resource->title;
foreach ($badWordsList as $badWord) {
$titleText = preg_replace($badWord, '***', $titleText);
}
$resource->title = $titleText;
//Filter description
$descriptionText = $this->description;
foreach ($badWordsList as $badWord) {
$descriptionText = preg_replace($badWord, '***', $descriptionText);
}
$this->description = $descriptionText;
} else {
//Check for bad words in the title or description
$titleText = $resource->title;
if (isset($resource->description)) {
$titleText .= ' ' . $resource->description;
}
foreach ($badWordsList as $badWord) {
if (preg_match($badWord, $titleText)) {
return false;
//PEAR_Singleton::raiseError(new PEAR_Error('You do not have permission to view this list'));
//break;
}
}
}
}
return $resource;
}
