/**
* Method to check user validity
*
* @param object $obj_db
* @return void
*/
public function valid($obj_db)
{
$_sql_member_login = sprintf("SELECT m.member_id, m.member_name, m.inst_name,\n m.member_email, m.expire_date, m.register_date, m.is_pending,\n m.member_type_id, mt.member_type_name\n FROM member AS m LEFT JOIN mst_member_type AS mt ON m.member_type_id=mt.member_type_id\n WHERE m.member_id='%s'\n AND m.mpasswd=MD5('%s')", $obj_db->escape_string(trim($this->username)), $obj_db->escape_string(trim($this->password)));
$_member_q = $obj_db->query($_sql_member_login);
// error check
if ($obj_db->error) {
echo '<div style="border: 1px dotted #FF0000; color: #FF0000; padding: 5px; margin: 3px;">' . __('Error authenticating user and password to database') . '</div>';
return false;
}
// check if the user exist in database
if ($_member_q->num_rows < 1) {
return false;
} else {
// fetch data
$_member_d = $_member_q->fetch_assoc();
// fill all sessions var
$_SESSION['mid'] = $_member_d['member_id'];
$_SESSION['m_name'] = $_member_d['member_name'];
$_SESSION['m_email'] = $_member_d['member_email'];
$_SESSION['m_institution'] = $_member_d['inst_name'];
$_SESSION['m_logintime'] = time();
$_SESSION['m_expire_date'] = $_member_d['expire_date'];
$_SESSION['m_member_type_id'] = $_member_d['member_type_id'];
$_SESSION['m_member_type'] = $_member_d['member_type_name'];
$_SESSION['m_register_date'] = $_member_d['register_date'];
$_SESSION['m_membership_pending'] = intval($_member_d['is_pending']) ? true : false;
$_SESSION['m_is_expired'] = false;
// check member expiry date
require_once SIMBIO_BASE_DIR . 'simbio_UTILS/simbio_date.inc.php';
$_curr_date = date('Y-m-d');
if (simbio_date::compareDates($_member_d['expire_date'], $_curr_date) == $_curr_date) {
$_SESSION['m_is_expired'] = true;
}
// save md5sum of current application path
// $_SESSION['checksum'] = md5($_SERVER['SERVER_ADDR'].SENAYAN_BASE_DIR);
// update the last login time
$obj_db->query("UPDATE member SET last_login='******',\n last_login_ip='" . $_SERVER['REMOTE_ADDR'] . "'\n WHERE member_id='" . $_member_d['member_id'] . "'");
return true;
}
return false;
}
/**
* Makes a copy of a style
*
* @param int Source styleid
*
* @return int New styleid
*/
protected function duplicate_style($styleid)
{
global $vbphrase;
// copy style record
$this->db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "style\n\t\t\t(title, parentid, parentlist, templatelist, csscolors, css, stylevars, newstylevars,\n\t\t\t replacements, editorstyles, userselect, displayorder, dateline, type)\n\t\t\t\tSELECT CONCAT(title, '" . $this->db->escape_string($vbphrase['copy_parens']) . "'), parentid, parentlist, templatelist, csscolors, css, stylevars, newstylevars,\n\t\t\t\t replacements, editorstyles, 0, displayorder, UNIX_TIMESTAMP(), type\n\t\t\t\tFROM " . TABLE_PREFIX . "style\n\t\t\t\tWHERE styleid = " . intval($styleid) . "\n\t\t");
$newstyleid = $this->db->insert_id();
// copy template records - this takes care of old stylevars, template replacements, etc
$this->db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "template\n\t\t\t(styleid, title, template, template_un, templatetype, dateline, username, version, product)\n\t\t\t\tSELECT " . intval($newstyleid) . ", title, template, template_un, templatetype, dateline, username, version, product\n\t\t\t\tFROM " . TABLE_PREFIX . "template\n\t\t\t\tWHERE styleid = " . intval($styleid) . "\n\t\t");
// copy new stylevar records
$this->db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "stylevar\n\t\t\t(stylevarid, styleid, value, dateline, username)\n\t\t\t\tSELECT stylevarid, " . intval($newstyleid) . ", value, dateline, username\n\t\t\t\tFROM " . TABLE_PREFIX . "stylevar\n\t\t\t\tWHERE styleid = " . intval($styleid) . "\n\t\t");
// skip template merge and template history. Copying a style is not expected to preserve these.
return $newstyleid;
}
/**
* Static Method to get an ID of database table record
*
* @param object $obj_db
* @param string $str_table_name
* @param string $str_id_field
* @param string $str_value_field
* @param string $str_value
* @param array $arr_cache
* @return mixed
*/
public static function getID($obj_db, $str_table_name, $str_id_field, $str_value_field, $str_value, &$arr_cache = false)
{
$str_value = trim($str_value);
if ($arr_cache) {
if (isset($arr_cache[$str_value])) {
return $arr_cache[$str_value];
}
}
if (!$obj_db->error) {
$id_q = $obj_db->query('SELECT ' . $str_id_field . ' FROM ' . $str_table_name . ' WHERE ' . $str_value_field . '=\'' . $obj_db->escape_string($str_value) . '\'');
if ($id_q->num_rows > 0) {
$id_d = $id_q->fetch_row();
unset($id_q);
// cache
if ($arr_cache) {
$arr_cache[$str_value] = $id_d[0];
}
return $id_d[0];
} else {
$_curr_date = date('Y-m-d');
// if not found then we insert it as new value
$obj_db->query('INSERT IGNORE INTO ' . $str_table_name . ' (' . $str_value_field . ', input_date, last_update)
VALUES (\'' . $obj_db->escape_string($str_value) . '\', \'' . $_curr_date . '\', \'' . $_curr_date . '\')');
if (!$obj_db->error) {
// cache
if ($arr_cache) {
$arr_cache[$str_value] = $obj_db->insert_id;
}
return $obj_db->insert_id;
}
}
}
}
/**
* Method to check user validity
*
* @param object $obj_db
* @return void
*/
public function adminValid($obj_db)
{
$_user_q = $obj_db->query("SELECT\n u.user_id,\n u.username,\n u.realname,\n u.groups\n FROM user AS u\n WHERE u.username='******'\n AND u.passwd=MD5('" . $obj_db->escape_string(trim($this->password)) . "')");
// error check
if ($obj_db->error) {
echo '<div style="border: 1px dotted #FF0000; color: #FF0000; padding: 5px; margin: 3px;">' . __('Error authenticating user and password to database') . '</div>';
return false;
}
// check if the user exist in database
if ($_user_q->num_rows < 1) {
return false;
} else {
// if the ip checking is enabled
if ($this->ip_check) {
if ($this->ip_check != $_SERVER['REMOTE_ADDR']) {
return false;
}
}
$_user_d = $_user_q->fetch_assoc();
$this->real_name = $_user_d['realname'];
// fill all sessions var
$_SESSION['uid'] = $_user_d['user_id'];
$_SESSION['uname'] = $_user_d['username'];
$_SESSION['realname'] = $_user_d['realname'];
if (!empty($_user_d['groups'])) {
$_SESSION['groups'] = @unserialize($_user_d['groups']);
// fetch group privileges
foreach ($_SESSION['groups'] as $group_id) {
$_priv_q = $obj_db->query('SELECT ga.*,mdl.module_path FROM group_access AS ga
LEFT JOIN mst_module AS mdl ON ga.module_id=mdl.module_id WHERE ga.group_id=' . $group_id);
while ($_priv_d = $_priv_q->fetch_assoc()) {
// init privileges
// $_SESSION['priv'][$_priv_d['module_path']]['r'] = false;
// $_SESSION['priv'][$_priv_d['module_path']]['w'] = false;
if ($_priv_d['r']) {
$_SESSION['priv'][$_priv_d['module_path']]['r'] = true;
}
if ($_priv_d['w']) {
$_SESSION['priv'][$_priv_d['module_path']]['w'] = true;
}
}
}
} else {
$_SESSION['groups'] = null;
}
$_SESSION['logintime'] = time();
// session vars needed by some application modules
$_SESSION['temp_loan'] = array();
$_SESSION['biblioAuthor'] = array();
$_SESSION['biblioTopic'] = array();
$_SESSION['biblioAttach'] = array();
// load holiday data from database
$_holiday_dayname_q = $obj_db->query('SELECT holiday_dayname FROM holiday WHERE holiday_date IS NULL');
$_SESSION['holiday_dayname'] = array();
while ($_holiday_dayname_d = $_holiday_dayname_q->fetch_row()) {
$_SESSION['holiday_dayname'][] = $_holiday_dayname_d[0];
}
$_holiday_date_q = $obj_db->query('SELECT holiday_date FROM holiday WHERE holiday_date IS NOT NULL
ORDER BY holiday_date DESC LIMIT 365');
$_SESSION['holiday_date'] = array();
while ($_holiday_date_d = $_holiday_date_q->fetch_row()) {
$_SESSION['holiday_date'][$_holiday_date_d[0]] = $_holiday_date_d[0];
}
// save md5sum of current application path
$_SESSION['checksum'] = md5($_SERVER['SERVER_ADDR'] . SENAYAN_BASE_DIR . 'admin');
// update the last login time
$obj_db->query("UPDATE user SET last_login='******',\n last_login_ip='" . $_SERVER['REMOTE_ADDR'] . "'\n WHERE user_id=" . $_user_d['user_id']);
return true;
}
return false;
}
/**
* Add new entry into faqlinkverifyrules table
*
* @param string $type
* @param string $url
* @param string $reason
* @return void
* @access public
* @author Thorsten Rinne <*****@*****.**>
*/
function addVerifyRule($type = '', $url = '', $reason = '')
{
if ($type != '' && $url != '') {
$query = sprintf("INSERT INTO\n %sfaqlinkverifyrules\n (id, type, url, reason, enabled, locked, owner, dtInsertDate, dtUpdateDate)\n VALUES\n (%d, '%s', '%s', '%s', 'y', 'n', '%s', '%s', '%s')", SQLPREFIX, $this->db->nextID(SQLPREFIX . "faqlinkverifyrules", "id"), $this->db->escape_string($type), $this->db->escape_string($url), $this->db->escape_string($reason), $this->db->escape_string($this->user->getLogin()), $this->db->escape_string(date('YmdHis')), $this->db->escape_string(date('YmdHis')));
$this->db->query($query);
}
}
/**
* Perform a vote in a poll
*
* @param integer $poll_id ID of Poll
* @param integer $user_id ID of User
* @param integer|array Vote option (basically what you vote!) - if multiple, you can define more options in an array
*/
function vote($poll_id, $user_id = 0, $option = NULL)
{
// Load the Language Phrases
$this->lang->load('polls');
// A bit sanitizing...
$poll_id = (int) $poll_id;
$user_id = (int) $user_id;
// Let's fetch infos of the poll
$query = $this->db->simple_select("polls", "*", "pid='" . intval($poll_id) . "'");
$poll = $this->db->fetch_array($query);
$poll['timeout'] = $poll['timeout'] * 60 * 60 * 24;
$this->plugins->run_hooks("polls_vote_start");
// Does the poll exist?
if (!$poll['pid']) {
return $this->lang->error_invalidpoll;
}
// Does the poll exist in a valid thread?
$query = $this->db->simple_select("threads", "*", "poll='" . $poll['pid'] . "'");
$thread = $this->db->fetch_array($query);
if (!$thread['tid']) {
return $this->lang->error_invalidthread;
}
// Do we have the permissino to vote?
$fid = $thread['fid'];
$forumpermissions = forum_permissions($fid);
if ($forumpermissions['canvotepolls'] == 0) {
return false;
}
// Has the poll expired?
$expiretime = $poll['dateline'] + $poll['timeout'];
if ($poll['closed'] == 1 || $thread['closed'] == 1 || $expiretime < TIME_NOW && $poll['timeout']) {
return $this->lang->error_pollclosed;
}
// Did we pass an option to vote for?
if (empty($option)) {
return $this->lang->error_nopolloptions;
}
// Check if the user has voted before...
if ($user_id > 0) {
$query = $this->db->simple_select("pollvotes", "*", "uid='" . $user_id . "' AND pid='" . $poll['pid'] . "'");
$votecheck = $this->db->fetch_array($query);
}
if ($votecheck['vid'] || $this->mybb->cookies['pollvotes'][$poll['pid']]) {
return $this->lang->error_alreadyvoted;
} elseif ($user_id == 0) {
// Give a cookie to guests to inhibit revotes
my_setcookie("pollvotes[{$poll['pid']}]", '1');
}
$votesql = '';
$votesarray = explode("||~|~||", $poll['votes']);
$numvotes = $poll['numvotes'];
if ($poll['multiple'] == 1) {
foreach ($option as $voteoption => $vote) {
if ($vote == 1 && isset($votesarray[$voteoption - 1])) {
if ($votesql) {
$votesql .= ",";
}
$votesql .= "('" . $poll['pid'] . "','" . $user_id . "','" . $this->db->escape_string($voteoption) . "', " . TIME_NOW . ")";
$votesarray[$voteoption - 1]++;
$numvotes = $numvotes + 1;
}
}
} else {
if (!isset($votesarray[$option - 1])) {
return $this->lang->error_nopolloptions;
}
$votesql = "('" . $poll['pid'] . "','" . $user_id . "','" . $this->db->escape_string($option) . "', " . TIME_NOW . ")";
$votesarray[$option - 1]++;
$numvotes = $numvotes + 1;
}
// Save the fact that we voted
$this->db->write_query("\n\t\t\tINSERT INTO \n\t\t\t" . TABLE_PREFIX . "pollvotes (pid,uid,voteoption,dateline) \n\t\t\tVALUES {$votesql}\n\t\t");
$voteslist = '';
for ($i = 1; $i <= $poll['numoptions']; ++$i) {
if ($i > 1) {
$voteslist .= "||~|~||";
}
$voteslist .= $votesarray[$i - 1];
}
$updatedpoll = array("votes" => $this->db->escape_string($voteslist), "numvotes" => intval($numvotes));
$this->plugins->run_hooks("polls_vote_process");
$this->db->update_query("polls", $updatedpoll, "pid='" . $poll['pid'] . "'");
$this->plugins->run_hooks("polls_vote_end");
return true;
}
/**
* Static Method to write biblio activities logs
*
* @param object $obj_db
* @param integer $biblio_id
* @param integer $user_id
* @param string $username
* @param string $realname
* @param string $title
* @param string $action
* @param string $affectedrow
* @param array $rawdata
* @return void
*/
public static function bibliolog_write($obj_db, $biblio_id, $user_id, $realname, $title, $action, $affectedrow, $rawdata, $additional_information = NULL)
{
if (!$obj_db->error) {
// log table
$_log_table = 'biblio_log';
// filter input
$_biblio_id = (int) $obj_db->escape_string(trim($biblio_id));
$_user_id = (int) $obj_db->escape_string(trim($user_id));
$_realname = $obj_db->escape_string(trim($realname));
$_title = $obj_db->escape_string(trim($title));
$_ip = $_SERVER['REMOTE_ADDR'];
if ($action === 'create') {
$_action = 'create';
} elseif ($action === 'update') {
$_action = 'update';
} elseif ($action === 'delete') {
$_action = 'delete';
} else {
$_action = 'create';
}
if ($affectedrow === 'description') {
$_affectedrow = 'description';
} elseif ($affectedrow === 'classification') {
$_affectedrow = 'classification';
} elseif ($affectedrow === 'author') {
$_affectedrow = 'author';
} elseif ($affectedrow === 'subject') {
$_affectedrow = 'subject';
} elseif ($affectedrow === 'abstract') {
$_affectedrow = 'abstract';
} elseif ($affectedrow === 'cover') {
$_affectedrow = 'cover';
} else {
$_affectedrow = 'description';
}
$_rawdata = urlencode(serialize($rawdata));
$_additional_information = $obj_db->escape_string(trim($additional_information));
$_date = date('Y-m-d H:i:s');
// insert log data to database
@$obj_db->query('INSERT INTO ' . $_log_table . '
VALUES (NULL, \'' . $_biblio_id . '\', \'' . $_user_id . '\', \'' . $_realname . '\', \'' . $_title . '\', \'' . $_ip . '\', \'' . $_action . '\', \'' . $_affectedrow . '\', \'' . $_rawdata . '\', \'' . $_additional_information . '\', \'' . $_date . '\')');
}
}
/**
* Escapes a value for DB usage
*
* @param mixed $value Any value to use with the database
* @return string
*/
public function dbEscape($value)
{
return $this->db->escape_string($value);
}
/**
*
* Clears form inputs.
*
* @param string $str some string
* @param object $db mysqli object
* @return clean string
*/
function clnStr($str, $db)
{
return $db->escape_string(strip_tags(trim($str)));
}
