function getWebpages($project, $tag = '', $page = 1, $webpages_per_page = 10, $orderBy = 'title', $orderDir = 'ASC', $archived = false)
 {
     $orderDir = strtoupper($orderDir);
     if ($orderDir != "ASC" && $orderDir != "DESC") {
         $orderDir = "ASC";
     }
     if ($page < 0) {
         $page = 1;
     }
     //$conditions = logged_user()->isMemberOfOwnerCompany() ? '' : ' `is_private` = 0';
     if ($tag == '' || $tag == null) {
         $tagstr = "1=1";
     } else {
         $tagstr = "(SELECT count(*) FROM `" . TABLE_PREFIX . "tags` WHERE `" . TABLE_PREFIX . "project_webpages`.`id` = `" . TABLE_PREFIX . "tags`.`rel_object_id` AND `" . TABLE_PREFIX . "tags`.`tag` = " . DB::escape($tag) . " AND `" . TABLE_PREFIX . "tags`.`rel_object_manager` = 'ProjectWebpages' ) > 0 ";
     }
     $permission_str = ' AND (' . permissions_sql_for_listings(ProjectWebpages::instance(), ACCESS_LEVEL_READ, logged_user()) . ')';
     if ($project instanceof Project) {
         $pids = $project->getAllSubWorkspacesCSV(true);
         $project_str = " AND " . self::getWorkspaceString($pids);
     } else {
         $project_str = "";
     }
     if ($archived) {
         $archived_cond = " AND `archived_by_id` <> 0";
     } else {
         $archived_cond = " AND `archived_by_id` = 0";
     }
     $conditions = $tagstr . $permission_str . $project_str . $archived_cond;
     return ProjectWebpages::paginate(array("conditions" => $conditions, 'order' => DB::escapeField($orderBy) . " {$orderDir}"), config_option('files_per_page', 10), $page);
     // paginate
 }
 /**
  * Return number of rows in this table
  *
  * @access public
  * @param string $conditions Query conditions
  * @return integer
  */
 function count($conditions = null)
 {
     // Don't do COUNT(*) if we have one PK column
     $escaped_pk = is_array($pk_columns = $this->getPkColumns()) ? '*' : DB::escapeField($pk_columns);
     $conditions = $this->prepareConditions($conditions);
     $where_string = trim($conditions) == '' ? '' : "WHERE {$conditions}";
     $row = DB::executeOne("\r\n      \tSELECT COUNT({$escaped_pk}) AS 'row_count' \r\n      \tFROM " . $this->getTableName(true) . " e\r\n      \tINNER JOIN " . TABLE_PREFIX . "objects o ON o.id = e.object_id \r\n        {$where_string} ");
     return (int) array_var($row, 'row_count', 0);
 }
Example #3
0
function db_escape_field($field)
{
    return DB::escapeField($field);
}
Example #4
0
 /**
 * Return table name. Options include adding table prefix in front of table name (true by 
 * default) and escaping resulting name, usefull for using in queries (false by default)
 *
 * @access public
 * @param boolean $escape Return escaped table name
 * @param boolean $with_prefix Include table prefix. This functionality is added when
 *   installer was built so user can set custom table prefix, not default 'pm_'
 * @return string
 */
 function getTableName($escape = false, $with_prefix = true) {
   $table_prefix = $with_prefix ? TABLE_PREFIX : "";
   if (defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX) $table_prefix = FORCED_TABLE_PREFIX;
   $table_name = $table_prefix . $this->table_name;
   return $escape ? DB::escapeField($table_name) : $table_name;
 } // end func getTableName
Example #5
0
 /**
  * Return number of company users
  *
  * @access public
  * @param void
  * @return integer
  */
 function countUsers()
 {
     $users_table = Users::instance()->getTableName(true);
     $contacts_table = Contacts::instance()->getTableName(true);
     $escaped_pk = is_array($pk_columns = Companies::getPkColumns()) ? '*' : DB::escapeField($pk_columns);
     $users = array();
     $sql = "SELECT COUNT({$users_table}.{$escaped_pk}) AS 'row_count' FROM {$users_table}, {$contacts_table} WHERE ({$users_table}.`id` = {$contacts_table}.`user_id` AND {$contacts_table}.`company_id` = " . DB::escape($this->getId()) . " )";
     $row = DB::executeOne($sql);
     return (int) array_var($row, 'row_count', 0);
 }
Example #6
0
 /**
  * This validator will return true if $value is unique (there is no row with such value in that field)
  *
  * @access public
  * @param string $field Filed name
  * @param mixed $value Value that need to be checked
  * @return boolean
  */
 function validateUniquenessOf()
 {
     // Don't do COUNT(*) if we have one PK column
     $escaped_pk = is_array($pk_columns = $this->getPkColumns()) ? '*' : DB::escapeField($pk_columns);
     // Get columns
     $columns = func_get_args();
     if (!is_array($columns) || count($columns) < 1) {
         return true;
     }
     // Check if we have existsing columns
     foreach ($columns as $column) {
         if (!$this->columnExists($column)) {
             return false;
         }
     }
     // foreach
     // Get where parets
     $where_parts = array();
     foreach ($columns as $column) {
         $where_parts[] = DB::escapeField($column) . ' = ' . DB::escape($this->getColumnValue($column));
     }
     // if
     // If we have new object we need to test if there is any other object
     // with this value. Else we need to check if there is any other EXCEPT
     // this one with that value
     if ($this->isNew()) {
         $sql = sprintf("SELECT COUNT({$escaped_pk}) AS 'row_count' FROM %s WHERE %s", $this->getTableName(true), implode(' AND ', $where_parts));
     } else {
         // Prepare PKs part...
         $pks = $this->getPkColumns();
         $pk_values = array();
         if (is_array($pks)) {
             foreach ($pks as $pk) {
                 $pk_values[] = sprintf('%s <> %s', DB::escapeField($pk), DB::escape($this->getColumnValue($pk)));
             }
             // foreach
         } else {
             $pk_values[] = sprintf('%s <> %s', DB::escapeField($pks), DB::escape($this->getColumnValue($pks)));
         }
         // if
         // Prepare SQL
         $sql = sprintf("SELECT COUNT({$escaped_pk}) AS 'row_count' FROM %s WHERE (%s) AND (%s)", $this->getTableName(true), implode(' AND ', $where_parts), implode(' AND ', $pk_values));
     }
     // if
     $row = DB::executeOne($sql);
     return array_var($row, 'row_count', 0) < 1;
 }
 /**
  * Drop all tasks that are in this list
  *
  * @access public
  * @param void
  * @return boolean
  */
 function deleteTasks()
 {
     return ProjectTasks::delete(DB::escapeField('task_list_id') . ' = ' . DB::escape($this->getId()));
 }
 /**
  * Return table name. Options include adding table prefix in front of table name (true by 
  * default) and escaping resulting name, usefull for using in queries (false by default)
  *
  * @access public
  * @param boolean $escape Return escaped table name
  * @param boolean $with_prefix Include table prefix. This functionality is added when
  *   installer was built so user can set custom table prefix, not default 'pm_'
  * @return string
  */
 function getTableName($escape = false, $with_prefix = true)
 {
     $table_name = $with_prefix ? TABLE_PREFIX . $this->table_name : $this->table_name;
     return $escape ? DB::escapeField($table_name) : $table_name;
 }
 /**
  * Drop all tasks that are in this list
  *
  * @access public
  * @param void
  * @return boolean
  */
 function deleteSubTasks()
 {
     return TemplateTasks::delete(DB::escapeField('parent_id') . ' = ' . DB::escape($this->getId()));
 }
 function get_contacts_for_selector()
 {
     ajx_current("empty");
     $name_condition = "";
     $name_filter = trim(array_var($_REQUEST, 'query'));
     if ($name_filter != "") {
         $name_condition = " AND o.name LIKE '%{$name_filter}%'";
     }
     // by default list only contacts
     $type_condition = " AND is_company=0";
     $extra_conditions = "";
     if ($filters = array_var($_REQUEST, 'filters')) {
         $filters = json_decode($filters, true);
         foreach ($filters as $col => $val) {
             if (Contacts::instance()->columnExists($col)) {
                 $extra_conditions .= " AND " . DB::escapeField($col) . " = " . DB::escape($val);
             } else {
                 if ($col == 'is_user') {
                     $extra_conditions .= " AND `user_type`" . ($val == 1 ? " > 0" : " = 0");
                 } else {
                     if ($col == 'has_permissions') {
                         $extra_conditions .= " AND `user_type`>0 AND EXISTS(\r\n\t\t\t\t\t\t\tSELECT * FROM " . TABLE_PREFIX . "contact_member_permissions cmp\r\n\t\t\t\t\t\t\tWHERE cmp.permission_group_id IN (SELECT x.permission_group_id FROM " . TABLE_PREFIX . "contact_permission_groups x WHERE x.contact_id=o.id)\r\n\t\t\t\t\t\t\t\tAND cmp.member_id='{$val}'\r\n\t\t\t\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT tp.object_type_id FROM " . TABLE_PREFIX . "tab_panels tp WHERE tp.enabled=0)\r\n\t\t\t\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT oott.id FROM " . TABLE_PREFIX . "object_types oott WHERE oott.name IN ('comment','template'))\r\n\t\t\t\t\t\t\t\tAND cmp.object_type_id IN (SELECT oott2.id FROM " . TABLE_PREFIX . "object_types oott2 WHERE oott2.type IN ('content_object','dimension_object'))\r\n\t\t\t\t\t\t)";
                     } else {
                         if ($col == 'only_companies') {
                             if ($val == 1) {
                                 $type_condition = " AND is_company=1";
                             }
                         } else {
                             if ($col == 'include_companies') {
                                 if ($val == 1) {
                                     $type_condition = "";
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
     if ($plugin_filters = array_var($_REQUEST, 'plugin_filters')) {
         $plugin_filters = json_decode($plugin_filters, true);
         $plugin_conditions = "";
         Hook::fire('contact_selector_plugin_filters', $plugin_filters, $plugin_conditions);
         $extra_conditions .= $plugin_conditions;
     }
     $info = array();
     $pg_ids = logged_user()->getPermissionGroupIds();
     if (count($pg_ids) > 0) {
         $permissions_condition = " AND (o.id=" . logged_user()->getId() . " OR EXISTS (SELECT sh.object_id FROM " . TABLE_PREFIX . "sharing_table sh WHERE sh.object_id=o.id AND group_id IN (" . implode(',', $pg_ids) . ")))";
         $conditions = "o.trashed_by_id=0 AND o.archived_by_id=0 {$name_condition} {$permissions_condition} {$type_condition} {$extra_conditions}";
         $query_params = array('condition' => $conditions, 'order' => 'o.name ASC');
         $count = Contacts::count($conditions);
         $limit = 30;
         $query_params['limit'] = $limit;
         $contacts = Contacts::findAll($query_params);
         foreach ($contacts as $c) {
             $info[] = array("id" => $c->getId(), "name" => $c->getObjectName());
         }
         if ($name_filter == "" && $count >= $limit) {
             //$info[] = array('id' => -1, 'name' => lang('write the first letters of the name or surname of the person to select'));
             $info[] = array('id' => -2, 'name' => '<a href="#" class="db-ico ico-expand" style="color:blue;text-decoration:underline;padding-left:20px;">' . lang('show more') . '</a>');
         }
     }
     ajx_extra_data(array('contacts' => $info));
 }
 /**
  * Drop all tasks that are in this list
  *
  * @access public
  * @param void
  * @return boolean
  */
 function deleteHandins()
 {
     $q = DB::escapeField('rel_object_id') . ' = ' . DB::escape($this->getId()) . ' AND ' . DB::escapeField('rel_object_manager') . ' = ' . DB::escape(get_class($this->manager()));
     return ObjectHandins::delete($q);
 }