function metaWeblog_editPost($args)
{
global $DB;
global $session;
$out = array();
list($post_id, $username, $password, $post, $publish) = $args;
// check auth
if (metaWeblog_userAllowed($username, $password)) {
if (!isset($post['mt_text_more'])) {
$post['mt_text_more'] = "";
}
$item = new item();
$item->load($post_id);
$item->dictionary[$session['lang']]['title'] = $post['title'];
$item->dictionary[$session['lang']]['section-main'] = $post['description'] . $post['mt_text_more'];
if (isset($post['mt_keywords'])) {
$item->dictionary[$session['lang']]['tags'] = $post['mt_keywords'];
}
if (!is_null($publish)) {
$item->permission = $publish ? '0' : '1';
}
$out = $item->save();
} else {
$out = new IXR_Error(401, "User not allowed.");
}
return $out;
}
$item->set_value('itemType', $_POST["itemType"]);
$item->set_value('personID', $current_user);
$item->save();
}
} else {
alloc_error("Uploaded document error. Please try again.");
}
}
if ($_POST["update_item"]) {
$item = new item();
$item->set_id($_POST["update_itemID"]);
$item->select();
$item->set_value("itemName", $_POST["update_itemName"]);
$item->set_value("itemNotes", $_POST["update_itemNotes"]);
$item->set_value("itemType", $_POST["update_itemType"]);
$item->save();
}
if ($_POST["remove_items"]) {
for ($i = 0; $i < count($_POST["itemID"]); $i++) {
$item = new item();
$item->set_id($_POST["itemID"][$i]);
$item->select();
$item->delete();
}
}
//so that the user can edit the item later
$TPL["personID"] = $current_user->get_id();
// item types
$itemType = new meta("itemType");
$TPL["itemTypes"] = page::select_options($itemType->get_assoc_array("itemTypeID", "itemTypeID"), $item->get_value("itemType"));
// setup item list (for removals)
function run()
{
global $layout;
global $DB;
global $website;
global $theme;
global $user;
$out = '';
$item = new item();
switch ($_REQUEST['act']) {
case 'json':
case 1:
// json data retrieval & operations
switch ($_REQUEST['oper']) {
case 'del':
// remove rows
$ids = $_REQUEST['ids'];
foreach ($ids as $id) {
$item->load($id);
$item->delete();
}
echo json_encode(true);
break;
default:
// list or search
// translation of request search & order fields
switch ($_REQUEST['searchField']) {
case 'id':
$_REQUEST['searchField'] = 'i.id';
break;
case 'title':
$_REQUEST['searchField'] = 'd.text';
break;
case 'language':
$_REQUEST['searchField'] = 'd.lang';
break;
case 'category':
$_REQUEST['searchField'] = 'i.category';
break;
case 'dates':
$_REQUEST['searchField'] = 'i.date_published';
break;
case 'permission':
$_REQUEST['searchField'] = 'i.permission';
break;
default:
}
if ($_REQUEST['sidx'] == 'dates') {
$_REQUEST['sidx'] = 'i.date_published';
}
$page = intval($_REQUEST['page']);
$max = intval($_REQUEST['rows']);
$offset = ($page - 1) * $max;
$orderby = $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'];
$where = ' i.website = ' . $website->id;
if ($_REQUEST['_search'] == 'true' || isset($_REQUEST['quicksearch'])) {
if (isset($_REQUEST['quicksearch'])) {
$where .= $item->quicksearch($_REQUEST['quicksearch']);
} else {
if (isset($_REQUEST['filters'])) {
if (is_array($_REQUEST['filters'])) {
$filters = json_decode(json_encode($_REQUEST['filters']), FALSE);
} else {
$filters = json_decode($_REQUEST['filters']);
}
for ($r = 0; $r < count($filters->rules); $r++) {
switch ($filters->rules[$r]->field) {
case 'id':
$filters->rules[$r]->field = 'i.id';
break;
case 'title':
$filters->rules[$r]->field = 'd.text';
break;
case 'language':
$filters->rules[$r]->field = 'd.lang';
break;
case 'category':
$filters->rules[$r]->field = 'i.category';
break;
case 'dates':
$filters->rules[$r]->field = 'i.date_published';
break;
case 'permission':
$filters->rules[$r]->field = 'i.permission';
break;
default:
}
}
$where .= navitable::jqgridsearch(json_encode($filters));
} else {
// single search
$where .= ' AND ' . navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']);
}
}
}
$sql = ' SELECT SQL_CALC_FOUND_ROWS
i.*, d.text as title, d.lang as language,
u.username as author_username,
( SELECT COUNT(*)
FROM nv_comments cm
WHERE cm.item = i.id
AND cm.website = ' . $website->id . '
) as comments
FROM nv_items i
LEFT JOIN nv_webdictionary d
ON i.id = d.node_id
AND d.node_type = "item"
AND d.subtype = "title"
AND d.lang = "' . $website->languages_list[0] . '"
AND d.website = ' . $website->id . '
LEFT JOIN nv_users u
ON u.id = i.author
WHERE ' . $where . '
GROUP BY i.id, d.text, d.lang, u.username
ORDER BY ' . $orderby . '
LIMIT ' . $max . '
OFFSET ' . $offset;
if (!$DB->query($sql, 'array')) {
throw new Exception($DB->get_last_error());
}
$dataset = $DB->result();
$total = $DB->foundRows();
$dataset = grid_notes::summary($dataset, 'item', 'id');
$access = array(0 => '<img src="img/icons/silk/page_white_go.png" align="absmiddle" title="' . t(254, 'Everybody') . '" />', 1 => '<img src="img/icons/silk/lock.png" align="absmiddle" title="' . t(361, 'Web users only') . '" />', 2 => '<img src="img/icons/silk/user_gray.png" align="absmiddle" title="' . t(363, 'Users who have not yet signed up or signed in') . '" />', 3 => '<img src="img/icons/silk/group_key.png" align="absmiddle" title="' . t(512, "Selected web user groups") . '" />');
$permissions = array(0 => '<img src="img/icons/silk/world.png" align="absmiddle" /> ' . t(69, 'Published'), 1 => '<img src="img/icons/silk/world_dawn.png" align="absmiddle" /> ' . t(70, 'Private'), 2 => '<img src="img/icons/silk/world_night.png" align="absmiddle" /> ' . t(81, 'Hidden'));
$hierarchy = structure::hierarchy(0);
// we need to format the values and retrieve the needed strings from the dictionary
$out = array();
for ($i = 0; $i < count($dataset); $i++) {
if (empty($dataset[$i])) {
continue;
}
if (empty($dataset[$i]['date_published'])) {
$dataset[$i]['date_published'] = '∞';
} else {
$dataset[$i]['date_published'] = core_ts2date($dataset[$i]['date_published'], false);
}
if (empty($dataset[$i]['date_unpublish'])) {
$dataset[$i]['date_unpublish'] = '∞';
} else {
$dataset[$i]['date_unpublish'] = core_ts2date($dataset[$i]['date_unpublish'], false);
}
if (empty($dataset[$i]['date_to_display'])) {
$dataset[$i]['date_to_display'] = '';
} else {
$dataset[$i]['date_to_display'] = core_ts2date($dataset[$i]['date_to_display'], false);
}
if ($dataset[$i]['category'] > 0) {
$category_path = structure::hierarchyPath($hierarchy, $dataset[$i]['category']);
if (is_array($category_path)) {
$dataset[$i]['category_path'] = implode(' › ', $category_path);
} else {
$dataset[$i]['category_path'] = $category_path;
}
}
$category_text = '';
if ($dataset[$i]['association'] == 'free') {
$category_text = '[ ' . strtolower(t(100, 'Free')) . ' ]';
} else {
$category_text = $dataset[$i]['category_path'];
}
$item_views = $dataset[$i]['views'];
if ($item_views > 1000) {
$item_views = round($item_views / 1000) . "K";
}
$item_comments = $dataset[$i]['comments'];
if ($item_comments > 1000) {
$item_comments = round($item_comments / 1000) . "K";
}
//$social_rating = '<img src="img/icons/silk/star.png" align="absmiddle" width="12px" height="12px" /> '.
// '<span style="font-size: 90%;">'.$dataset[$i]['score'].' ('.$dataset[$i]['votes'].')</span>';
//$social_rating = '<i class="fa fa-fw fa-eye" /> <span style="font-size: 90%;">'.$dataset[$i]['views'].'</span>';
$social_rating = '<img src="img/icons/silk/eye.png" align="absmiddle" width="12px" height="12px" /> ' . '<span style="font-size: 90%;">' . $item_views . '</span>';
//$social_comments = '<i class="fa fa-fw fa-comments-o" /> <span style="font-size: 90%;">'.$dataset[$i]['comments'].'</span>';
$social_comments = '<img src="img/icons/silk/comments.png" align="absmiddle" width="12px" height="12px" /> ' . '<span style="font-size: 90%;">' . $item_comments . '</span>';
if (empty($dataset[$i]['title'])) {
// if title is empty for the default language,
// try to load the title in another language
$DB->query('
SELECT lang, text
FROM nv_webdictionary
WHERE website = ' . $website->id . ' AND
node_type = "item" AND
subtype="title" AND
node_id = ' . $dataset[$i]['id'] . ' AND
text != ""
ORDER BY id ASC');
$titles = $DB->result();
if (!empty($titles)) {
$dataset[$i]['title'] = '<img src="img/icons/silk/comment.png" align="absmiddle" />';
$dataset[$i]['title'] .= '<small>' . $titles[0]->lang . '</small> ';
$dataset[$i]['title'] .= $titles[0]->text;
}
}
$out[$i] = array(0 => $dataset[$i]['id'], 1 => '<div class="list-row" data-permission="' . $dataset[$i]['permission'] . '">' . $dataset[$i]['title'] . '</div>', 2 => $social_rating . ' ' . $social_comments, 3 => $category_text, 4 => $dataset[$i]['date_to_display'], 5 => $dataset[$i]['date_published'] . ' - ' . $dataset[$i]['date_unpublish'], 6 => $access[$dataset[$i]['access']] . ' ' . $permissions[$dataset[$i]['permission']], 7 => $dataset[$i]['_grid_notes_html']);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
break;
}
core_terminate();
break;
case 'load':
case 'create':
case 'edit':
case 2:
// edit/new form
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($user->permission("items.edit") == "false" && $item->author != $user->id) {
$layout->navigate_notification(t(610, "Sorry, you are not allowed to execute the requested function"), true);
$_REQUEST['act'] = 'list';
return run();
}
// check if the current user can edit this item
if ($item->association == 'category' && !empty($item->category)) {
if (!structure::category_allowed($item->category)) {
$layout->navigate_notification(t(610, "Sorry, you are not allowed to execute the requested function"), true);
$_REQUEST['act'] = 'list';
return run();
}
}
}
if (isset($_REQUEST['form-sent'])) {
$item->load_from_post();
try {
$item->save();
property::save_properties_from_post('item', $item->id);
if (!empty($_REQUEST['items-order'])) {
item::reorder($_REQUEST['items-order']);
}
$layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check');
$item->load($item->id);
users_log::action($_REQUEST['fid'], $item->id, 'save', $item->dictionary[$website->languages_list[0]]['title'], json_encode($_REQUEST));
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true, true);
}
} else {
users_log::action($_REQUEST['fid'], $item->id, 'load', $item->dictionary[$website->languages_list[0]]['title']);
}
$out = items_form($item);
break;
case 'delete':
case 4:
// remove
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
try {
if (!empty($item->id)) {
$deleted = $item->delete() > 0;
if ($deleted) {
$layout->navigate_notification(t(55, 'Item removed successfully.'), false);
$out = items_list();
users_log::action($_REQUEST['fid'], $item->id, 'remove', $item->dictionary[$website->languages_list[0]]['title'], json_encode($_REQUEST));
}
}
if (!$deleted) {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
if (!empty($item->id)) {
$out = items_form($item);
} else {
$out = items_list();
}
}
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true);
if (!empty($item->id)) {
$out = items_form($item);
}
}
}
break;
case 'duplicate':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($item->association == 'category' && $item->embedding == 1) {
// get structure template
$category = new structure();
$category->load($item->category);
$properties = property::load_properties_associative('structure', $category->template, 'item', $item->id);
} else {
$properties = property::load_properties_associative('item', $item->template, 'item', $item->id);
}
// try to duplicate
$item->id = 0;
$ok = $item->insert();
if ($ok) {
// duplicate item properties too (but don't duplicate comments)
if ($item->association == 'category' && $item->embedding == 1) {
$ok = property::save_properties_from_array('item', $item->id, $category->template, $properties);
} else {
$ok = property::save_properties_from_array('item', $item->id, $item->template, $properties);
}
}
if ($ok) {
$layout->navigate_notification(t(478, 'Item duplicated successfully.'), false, false, 'fa fa-check');
$out = items_form($item);
} else {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
$item = new item();
$item->load(intval($_REQUEST['id']));
$out = items_form($item);
}
users_log::action($_REQUEST['fid'], $item->id, 'duplicate', $item->dictionary[$website->languages_list[0]]['title'], json_encode($_REQUEST));
}
break;
case 89:
if (!empty($_REQUEST['id'])) {
$DB->execute('DELETE FROM nv_webdictionary_history WHERE id = ' . intval($_REQUEST['id']) . ' LIMIT 1');
echo 'true';
} else {
echo 'false';
}
core_terminate();
break;
case 90:
$DB->query('SELECT id, date_created, autosave
FROM nv_webdictionary_history
WHERE node_type = "item"
AND subtype = ' . protect('section-' . $_REQUEST['section']) . '
AND lang = ' . protect($_GET['lang']) . '
AND node_id = ' . protect($_REQUEST['id']) . '
AND website = ' . $website->id . '
ORDER BY date_created DESC', 'array');
$result = $DB->result();
if (!is_array($result)) {
$result = array();
}
for ($i = 0; $i < count($result); $i++) {
$result[$i]['date'] = core_ts2date($result[$i]['date_created'], true);
if ($result[$i]['autosave'] == 1) {
$result[$i]['date'] .= ' (' . t(273, 'Autosave') . ')';
}
}
echo json_encode($result);
core_terminate();
break;
case "search_by_title":
case 91:
// json search title request (for "copy from" dialog)
$DB->query('
SELECT node_id as id, text as label, text as value
FROM nv_webdictionary
WHERE node_type = "item"
AND subtype = "title"
AND lang = ' . protect($_REQUEST['lang']) . '
AND website = ' . $website->id . '
AND text LIKE ' . protect('%' . $_REQUEST['title'] . '%') . '
ORDER BY text ASC
LIMIT 20', 'array');
echo json_encode($DB->result());
core_terminate();
break;
case "raw_zone_content":
// return raw item contents
if (empty($_REQUEST['section'])) {
$_REQUEST['section'] = 'main';
}
if ($_REQUEST['history'] == 'true') {
$DB->query('SELECT text
FROM nv_webdictionary_history
WHERE node_type = "item"
AND website = ' . $website->id . '
AND id = ' . protect($_REQUEST['id']), 'array');
$data = $DB->first();
echo $data['text'];
} else {
if ($_REQUEST['zone'] == 'section') {
$DB->query('SELECT text
FROM nv_webdictionary
WHERE node_type = "item"
AND subtype = ' . protect('section-' . $_REQUEST['section']) . '
AND lang = ' . protect($_REQUEST['lang']) . '
AND website = ' . $website->id . '
AND node_id = ' . protect($_REQUEST['node_id']), 'array');
$data = $DB->first();
echo $data['text'];
} else {
if ($_REQUEST['zone'] == 'property') {
$DB->query('SELECT text
FROM nv_webdictionary
WHERE node_type = "property-item"
AND subtype = ' . protect('property-' . $_REQUEST['section'] . '-' . $_REQUEST['lang']) . '
AND lang = ' . protect($_REQUEST['lang']) . '
AND website = ' . $website->id . '
AND node_id = ' . protect($_REQUEST['node_id']), 'array');
$data = $DB->first();
echo $data['text'];
}
}
}
core_terminate();
break;
// return raw template content
// return raw template content
case 93:
$DB->query('SELECT file
FROM nv_templates
WHERE enabled = 1
AND id = ' . protect($_REQUEST['id']) . '
AND website = ' . $website->id, 'array');
$data = $DB->first();
echo @file_get_contents(NAVIGATE_PRIVATE . '/' . $website->id . '/templates/' . $data['file']);
core_terminate();
break;
case "copy_from_template_zones":
// return template sections and (textarea) properties for a content id
$item = new item();
$item->load(intval($_REQUEST['id']));
$template = $item->load_template();
$zones = array();
for ($ts = 0; $ts < count($template->sections); $ts++) {
$title = $template->sections[$ts]['name'];
if (!empty($theme)) {
$title = $theme->t($title);
}
if ($title == '#main#') {
$title = t(238, 'Main content');
}
$zones[] = array('type' => 'section', 'id' => $template->sections[$ts]['id'], 'title' => $title);
}
for ($ps = 0; $ps < count($template->properties); $ps++) {
// ignore structure properties
if (isset($template->properties[$ps]->element) && $template->properties[$ps]->element != 'item') {
continue;
}
// ignore non-textual properties
if (!in_array($template->properties[$ps]->type, array("text", "textarea", "rich_textarea"))) {
continue;
}
$title = $template->properties[$ps]->name;
if (!empty($theme)) {
$title = $theme->t($title);
}
$zones[] = array('type' => 'property', 'id' => $template->properties[$ps]->id, 'title' => $title);
}
echo json_encode($zones);
core_terminate();
break;
case 95:
// free path checking
$path = $_REQUEST['path'];
$id = $_REQUEST['id'];
$DB->query('SELECT type, object_id, lang
FROM nv_paths
WHERE path = ' . protect($path) . '
AND website = ' . $website->id);
$rs = $DB->result();
echo json_encode($rs);
core_terminate();
break;
case 96:
// return category paths
echo json_encode(path::loadElementPaths('structure', intval($_REQUEST['id'])));
core_terminate();
break;
case 'json_find_user':
// json find user by name request (for "moderator" autocomplete)
$DB->query('
SELECT id, username as text
FROM nv_users
WHERE username LIKE ' . protect('%' . $_REQUEST['username'] . '%') . '
ORDER BY username ASC
LIMIT 30', 'array
');
$rows = $DB->result();
$total = $DB->foundRows();
echo json_encode(array('items' => $rows, 'total_count' => $total));
core_terminate();
break;
case 'json_find_item':
// find items by its title
// any language
$template_filter = '';
if (!empty($_REQUEST['template'])) {
$template_filter = ' AND nvi.template = ' . protect($_REQUEST['template']) . ' ';
}
if (!empty($_REQUEST['association'])) {
$template_filter = ' AND nvi.association = ' . protect($_REQUEST['association']) . ' ';
}
if (isset($_REQUEST['embedding'])) {
$template_filter = ' AND nvi.embedding = ' . protect($_REQUEST['embedding']) . ' ';
}
$text = $_REQUEST['title'];
if (!empty($_REQUEST['term'])) {
// tagit request
$text = $_REQUEST['term'];
}
$DB->query('
SELECT SQL_CALC_FOUND_ROWS DISTINCT nvw.node_id as id, nvw.text as text
FROM nv_webdictionary nvw, nv_items nvi
WHERE nvw.node_type = "item"
AND nvw.node_id = nvi.id
' . $template_filter . '
AND nvw.subtype = "title"
AND nvw.website = ' . $website->id . '
AND nvw.website = nvi.website
AND nvw.text LIKE ' . protect('%' . $text . '%') . '
GROUP BY nvw.node_id, nvw.text
ORDER BY nvw.text ASC
LIMIT ' . intval($_REQUEST['page_limit']) . '
OFFSET ' . max(0, intval($_REQUEST['page_limit']) * (intval($_REQUEST['page']) - 1)), 'array');
$rows = $DB->result();
$total = $DB->foundRows();
if ($_REQUEST['association'] == 'free') {
for ($i = 0; $i < count($rows); $i++) {
$rows[$i]['path'] = $DB->query_single('path', 'nv_paths', ' website = ' . protect($website->id) . ' AND
type="item" AND
object_id="' . $rows[$i]['id'] . '" AND
lang="' . $website->languages_list[0] . '"
');
if (empty($rows[$i]['path'])) {
$rows[$i]['path'] = '/node/' . $rows[$i]['id'];
}
}
}
if (empty($_REQUEST['format']) || $_REQUEST['format'] == 'select2') {
echo json_encode(array('items' => $rows, 'totalCount' => $total));
} else {
if ($_REQUEST['format'] == 'tagit') {
$tags_json = array();
foreach ($rows as $row) {
$tags_json[] = json_decode('{ "id": "' . $row['id'] . '", "label": "' . $row['text'] . '", "value": "' . $row['text'] . '" }');
}
echo json_encode($tags_json);
}
}
core_terminate();
break;
case 98:
// change comment status
if (empty($_REQUEST['id'])) {
echo "false";
core_terminate();
}
switch ($_REQUEST['opt']) {
case 'publish':
$DB->execute('
UPDATE nv_comments
SET status = 0
WHERE website = ' . $website->id . ' AND
id = ' . $_REQUEST['id']);
break;
case 'unpublish':
$DB->execute('
UPDATE nv_comments
SET status = 1
WHERE website = ' . $website->id . ' AND
id = ' . $_REQUEST['id']);
break;
case 'delete':
$DB->execute('
DELETE FROM nv_comments
WHERE website = ' . $website->id . ' AND
id = ' . $_REQUEST['id']);
break;
}
$error = $DB->get_last_error();
if (empty($error)) {
echo 'true';
} else {
echo 'false';
}
core_terminate();
break;
case 'autosave':
if (!empty($_REQUEST['id'])) {
$iDictionary = array();
foreach ($_REQUEST as $key => $value) {
if (strpos($key, 'section-') === 0) {
$lang = substr($key, -2, 2);
$kname = substr($key, 0, strlen($key) - 3);
$iDictionary[$lang][$kname] = $value;
}
}
$changed = webdictionary_history::save_element_strings('item', intval($_REQUEST['id']), $iDictionary, true);
if ($changed) {
echo 'changes_saved';
} else {
echo 'no_changes';
}
core_terminate();
}
echo 'false';
core_terminate();
break;
case 'votes_reset':
webuser_vote::remove_object_votes('item', intval($_REQUEST['id']));
echo 'true';
core_terminate();
break;
case 'votes_by_webuser':
if ($_POST['oper'] == 'del') {
$ids = explode(',', $_POST['id']);
for ($i = 0; $i < count($ids); $i++) {
if ($ids[$i] > 0) {
$vote = new webuser_vote();
$vote->load($ids[$i]);
$vote->delete();
}
}
webuser_vote::update_object_score('item', $vote->object_id);
echo 'true';
core_terminate();
}
$max = intval($_GET['rows']);
$page = intval($_GET['page']);
$offset = ($page - 1) * $max;
if ($_REQUEST['_search'] == 'false') {
list($dataset, $total) = webuser_vote::object_votes_by_webuser('item', intval($_REQUEST['id']), $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'], $offset, $max);
}
$out = array();
for ($i = 0; $i < count($dataset); $i++) {
if (empty($dataset[$i])) {
continue;
}
$out[$i] = array(0 => $dataset[$i]['id'], 1 => core_ts2date($dataset[$i]['date'], true), 2 => $dataset[$i]['username']);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
core_terminate();
break;
case 'items_order':
if (!empty($_POST['items-order'])) {
// save new order
$response = item::reorder($_POST['items-order']);
if ($response !== true) {
echo $response['error'];
} else {
echo 'true';
}
} else {
// show ordered list
echo items_order($_REQUEST['category']);
}
core_terminate();
break;
case 'json_tags_search':
$tags = nvweb_tags_retrieve(null, null, 'top', $_REQUEST['term'], $_REQUEST['lang']);
$tags_json = array();
foreach (array_keys($tags) as $tag) {
$tags_json[] = json_decode('{ "id": "' . $tag . '", "label": "' . $tag . '", "value": "' . $tag . '" }');
}
echo json_encode($tags_json);
core_terminate();
break;
case 'json_tags_ranking':
$tags = nvweb_tags_retrieve(100, null, 'top', null, $_REQUEST['lang']);
$tags = array_keys($tags);
echo json_encode($tags);
core_terminate();
break;
case 'list':
case 0:
// list / search result
// list / search result
default:
$out = items_list();
break;
}
return $out;
}
function run()
{
global $user;
global $layout;
global $DB;
global $website;
$out = '';
$item = new comment();
switch ($_REQUEST['act']) {
case 'json':
case 1:
// json data retrieval & operations
switch ($_REQUEST['oper']) {
case 'del':
// remove rows
$ids = $_REQUEST['ids'];
foreach ($ids as $id) {
$item->load($id);
$item->delete();
}
echo json_encode(true);
break;
default:
// list or search
$page = intval($_REQUEST['page']);
$max = intval($_REQUEST['rows']);
$offset = ($page - 1) * $max;
$orderby = $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'];
$where = ' website = ' . $website->id;
if ($_REQUEST['_search'] == 'true' || isset($_REQUEST['quicksearch'])) {
if (isset($_REQUEST['quicksearch'])) {
$where .= $item->quicksearch($_REQUEST['quicksearch']);
} else {
if (isset($_REQUEST['filters'])) {
$where .= navitable::jqgridsearch($_REQUEST['filters']);
} else {
// single search
$where .= ' AND ' . navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']);
}
}
}
$DB->queryLimit('id,item,user,email,date_created,status,message', 'nv_comments', $where, $orderby, $offset, $max);
$dataset = $DB->result();
$total = $DB->foundRows();
//echo $DB->get_last_error();
$out = array();
$permissions = array(-1 => '<img src="img/icons/silk/new.png" align="absmiddle" /> ' . t(257, 'To review'), 0 => '<img src="img/icons/silk/world.png" align="absmiddle" /> ' . t(64, 'Published'), 1 => '<img src="img/icons/silk/world_dawn.png" align="absmiddle" /> ' . t(251, 'Private'), 2 => '<img src="img/icons/silk/world_night.png" align="absmiddle" /> ' . t(181, 'Hidden'), 3 => '<img src="img/icons/silk/error.png" align="absmiddle" /> ' . t(466, 'Spam'));
for ($i = 0; $i < count($dataset); $i++) {
if (empty($dataset[$i])) {
continue;
}
// retrieve webuser name
$webuser = $DB->query_single('username', 'nv_webusers', ' id = ' . $dataset[$i]['user']);
// retrieve item title
$item = new item();
$item->load($dataset[$i]['item']);
$title = $item->dictionary[$website->languages_list[0]]['title'];
$message = core_string_clean($dataset[$i]['message']);
$message = core_string_cut($message, 60, '…');
$out[$i] = array(0 => $dataset[$i]['id'], 1 => $title, 2 => core_ts2date($dataset[$i]['date_created'], true), 3 => empty($dataset[$i]['user']) ? $dataset[$i]['email'] : $webuser, 4 => strip_tags($message), 5 => $permissions[$dataset[$i]['status']]);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
break;
}
session_write_close();
exit;
break;
case 2:
// edit/new form
// edit/new form
case 'edit':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
}
if (isset($_REQUEST['form-sent'])) {
$item->load_from_post();
try {
$item->save();
property::save_properties_from_post('comment', $item->id);
$layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check');
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true, true);
}
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'save', $item->name, json_encode($_REQUEST));
}
} else {
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'load', $item->name);
}
}
$out = comments_form($item);
break;
case 4:
// remove
// remove
case 'remove':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($item->delete() > 0) {
$layout->navigate_notification(t(55, 'Item removed successfully.'), false);
$out = comments_list();
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'remove', $item->name, json_encode($_REQUEST));
}
} else {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
$out = comments_form($item);
}
}
break;
case 'remove_spam':
$count = comment::remove_spam();
$layout->navigate_notification(t(524, 'Items removed successfully') . ': <strong>' . $count . '</strong>', false);
$out = comments_list();
users_log::action($_REQUEST['fid'], $website->id, 'remove_spam', "", json_encode($_REQUEST));
break;
case 'json_find_webuser':
// json find webuser by name (for "user" autocomplete)
$DB->query('SELECT id, username as text
FROM nv_webusers
WHERE username LIKE ' . protect('%' . $_REQUEST['username'] . '%') . '
ORDER BY username ASC
LIMIT 30', 'array');
$rows = $DB->result();
$total = $DB->foundRows();
echo json_encode(array('items' => $rows, 'totalCount' => $total));
core_terminate();
break;
case 'json_find_comment':
// json find comment by text search (for "in reply to" autocomplete)
$DB->query('SELECT c.id, c.date_created, c.name, u.username, c.message
FROM nv_comments c
LEFT JOIN nv_webusers u ON c.user = u.id
WHERE
c.website = ' . $website->id . ' AND
c.item = ' . $_REQUEST['node_id'] . ' AND
c.date_created <= ' . $_REQUEST['maxdate'] . ' AND
c.id <> ' . $_REQUEST['exclude'] . ' AND
( c.name LIKE ' . protect('%' . $_REQUEST['search'] . '%') . ' OR
c.message LIKE ' . protect('%' . $_REQUEST['search'] . '%') . ' OR
u.username LIKE ' . protect('%' . $_REQUEST['search'] . '%') . '
)
ORDER BY c.date_created DESC
LIMIT 30', 'array');
$rows = $DB->result();
$total = $DB->foundRows();
for ($r = 0; $r < count($rows); $r++) {
$rows[$r]['text'] = '<span title="' . core_string_cut($rows[$r]['message'], 100) . '"><i class="fa fa-user"></i> ' . $rows[$r]['name'] . $rows[$r]['username'] . ' <i class="fa fa-clock-o"></i> ' . core_ts2date($rows[$r]['date_created'], true) . '</span>';
}
echo json_encode(array('items' => $rows, 'totalCount' => $total));
core_terminate();
break;
case 91:
// json search title request (for "item" autocomplete)
$DB->query('SELECT DISTINCT node_id as id, text as label, text as value
FROM nv_webdictionary
WHERE node_type = "item"
AND subtype = "title"
AND website = ' . $website->id . '
AND text LIKE ' . protect('%' . $_REQUEST['title'] . '%') . '
ORDER BY text ASC
LIMIT 30', 'array');
// AND lang = '.protect($_REQUEST['lang']).'
echo json_encode($DB->result());
session_write_close();
exit;
break;
case 0:
// list / search result
// list / search result
default:
$out = comments_list();
break;
}
return $out;
}
