function image_zap($image_id) { $filename = db_getOne("SELECT filename FROM image WHERE id=?", $image_id); db_do("DELETE FROM image WHERE id=?", $image_id); db_commit(); unlink(image_path($filename)); }
function execute($value) { $journo_id = db_getOne("SELECT id FROM journo WHERE ref=?", $value); if (is_null($journo_id)) { $params = array(); throw new ValidationError(vsprintf($this->msg, $params), $this->code, $params); } }
function FetchArticle($article_id) { $q = db_query('SELECT * FROM article WHERE id=?', $article_id); $art = db_fetch_array($q); $art['images'] = db_getAll("SELECT * FROM article_image WHERE article_id=?", $article_id); $art['content'] = db_getOne("SELECT content FROM article_content WHERE article_id=?", $article_id); return $art; }
function page_header($title, $params = array()) { header('Content-Type: text/html; charset=utf-8'); if (arr_get('pingbacks', $params, FALSE)) { $pingback_url = OPTION_BASE_URL . "/pingback"; header("X-Pingback: {$pingback_url}"); } if ($title) { $title .= ' - ' . OPTION_WEB_DOMAIN; } else { $title = OPTION_WEB_DOMAIN; } $P = person_if_signed_on(true); /* Don't renew any login cookie. */ $datestring = date('l d.m.Y'); $mnpage = array_key_exists('menupage', $params) ? $params['menupage'] : ''; $rss_feeds = array(); if (array_key_exists('rss', $params)) { $rss_feeds = $params['rss']; } $canonical_url = null; if (array_key_exists('canonical_url', $params)) { $canonical_url = $params['canonical_url']; } $js_files = array("/jl.js"); if (array_key_exists('js_extra', $params)) { $js_files = array_merge($js_files, $params['js_extra']); } $head_extra = ''; if (array_key_exists('head_extra', $params)) { $head_extra .= $params['head_extra']; } if (array_key_exists('head_extra_fn', $params)) { ob_start(); call_user_func($params['head_extra_fn']); $head_extra .= ob_get_contents(); ob_end_clean(); } $logged_in_user = null; $can_edit_profile = FALSE; if ($P) { if ($P->name_or_blank()) { $logged_in_user = $P->name; } else { $logged_in_user = $P->email; } if (db_getOne("SELECT * FROM person_permission WHERE person_id=? AND permission='edit'", $P->id())) { $can_edit_profile = TRUE; } } $search = array('q' => '', 'type' => 'journo'); if (array_key_exists('search_params', $params)) { $search = $params['search_params']; } include "../templates/header.tpl.php"; }
function admCheckAccess() { $P = person_if_signed_on(); if (!is_null($P)) { // check for admin permission $perm = db_getOne("SELECT id FROM person_permission WHERE permission='admin' AND person_id=?", $P->id()); if (!is_null($perm)) { return TRUE; } } return FALSE; }
function view() { $P = person_if_signed_on(); if (is_null($P)) { // only for logged-in users header("Location: /"); return; } /* they might have multiple profiles, thus option to specify one here */ $ref = strtolower(get_http_var('ref')); $journo = NULL; if ($ref) { $journo = db_getRow("SELECT * FROM journo WHERE ref=?", $ref); if (!$journo) { header("HTTP/1.0 404 Not Found"); return; } } if (is_null($journo)) { // no journo given - if person is logged on, see if they are associated with a journo (or journos) $editables = db_getAll("SELECT j.* FROM ( journo j INNER JOIN person_permission p ON p.journo_id=j.id) WHERE p.person_id=? AND p.permission='edit'", $P->id()); if (sizeof($editables) == 0) { header("Location: /"); return; } elseif (sizeof($editables) > 1) { /* let user pick which one... */ tmpl_pickjourno($editables); return; } else { // sizeof($editables) == 1 $journo = $editables[0]; // just one journo. } } // is this person allowed to edit this journo? if (!db_getOne("SELECT id FROM person_permission WHERE person_id=? AND journo_id=? AND permission='edit'", $P->id(), $journo['id'])) { // nope $journo = null; } if (!is_null($journo)) { header("Location: /{$journo['ref']}"); } else { header("Location: /f**k"); } }
function auth_token_retrieve($scope, $token) { $data = db_getOne(' select data from token where scope = ? and token = ?', array($scope, $token)); /* Madness. We have to unescape this, because the PEAR DB library isn't * smart enough to spot BYTEA columns and do it for us. */ $data = pg_unescape_bytea($data); $pos = 0; $res = rabx_wire_rd(&$data, &$pos); if (rabx_is_error($res)) { $res = unserialize($data); if (is_null($res)) { err("Data for scope '{$scope}', token '{$token}' are not valid"); } } return $res; }
function validate($params) { $err = array(); if ($params['prettyname'] == '') { $err['prettyname'] = 'blank Pretty Name'; } if (!preg_match('/^[a-z]+(-[a-z0-9]+){1,}$/', $params['ref'])) { $err['ref'] = 'bad ref (needs to be lowercase and contain at least one hyphen)'; } else { if (db_getOne("SELECT id FROM journo WHERE ref=?", $params['ref'])) { $err['ref'] = "Already a journo with that ref! <a href=\"/adm/{$params['ref']}\">{$params['ref']}</a>"; } } if (!preg_match('/^[a-z]+$/', $params['firstname'])) { $err['firstname'] = 'bad first name'; } if (!preg_match('/^[a-z]+$/', $params['lastname'])) { $err['lastname'] = 'bad last name'; } return $err; }
function publication_collect($pub_id) { $p = db_getRow("SELECT * FROM organisation WHERE id=?", $pub_id); if (0) { /* recent articles */ $arts = db_getAll("SELECT id,title,pubdate,permalink FROM article WHERE srcorg=? ORDER BY pubdate DESC LIMIT 10", $pub_id); foreach ($arts as &$a) { article_augment($a); } unset($a); $p['recent_articles'] = $arts; } /* principles */ if ($p['sop_url']) { $p['principles'] = array('name' => $p['sop_name'], 'url' => $p['sop_url']); } else { $p['principles'] = null; } unset($p['sop_url']); unset($p['sop_name']); /* recent journos */ $sql = <<<EOT SELECT DISTINCT j.ref, j.prettyname, j.lastname FROM ( ( journo j INNER JOIN journo_attr attr ON j.id=attr.journo_id ) INNER JOIN article a ON a.id=attr.article_id) WHERE a.srcorg=? AND a.status='a' AND a.pubdate > NOW() - INTERVAL '1 week' ORDER BY j.lastname; EOT; $journos = db_getAll($sql, $pub_id); $p['recent_journos'] = $journos; /* address (vcard adr fields) */ $foo = db_getOne("SELECT adr FROM pub_adr WHERE pub_id=?", $pub_id); $p['adr'] = $foo ? vcard_parse_adr($foo) : NULL; /* telephone (assume type='voice' for now) */ $p['tel'] = db_getOne("SELECT phone FROM pub_phone WHERE pub_id=?", $pub_id); return $p; }
function random_bytes($num) { if (!file_exists('/dev/random')) { // probably Windows. Use database. $res = ''; while (strlen($res) < $num) { $res .= db_getOne('select chr((256*random())::int4)'); } return $res; } global $random_bytes_filehandle; if ($num < 0) { err("NUM must be nonnegative in random_bytes"); } if (!isset($random_bytes_filehandle) && !($random_bytes_filehandle = fopen("/dev/random", "r"))) { err("Unable to open /dev/random"); } $res = ''; while (strlen($res) < $num) { $res .= fread($random_bytes_filehandle, $num - strlen($res)); } return $res; }
function view() { if (!admCheckAccess()) { exit; } // should return error code? $j = get_http_var('j'); $j = strtolower($j); $journo = db_getRow("SELECT id,ref,prettyname,oneliner,status FROM journo WHERE ref=?", $j); if (is_null($journo)) { // TODO: 404 return; } $sql = <<<EOT SELECT p.id,p.email,p.name,perm.permission FROM person p INNER JOIN person_permission perm ON perm.person_id=p.id WHERE perm.permission='edit' AND perm.journo_id=? EOT; $users = db_getAll($sql, $journo['id']); $journo['arts'] = journo_collectArticles($journo, 5); $journo['num_arts'] = db_getOne("SELECT COUNT(*) FROM journo_attr WHERE journo_id=?", $journo['id']); $journo['linked_users'] = $users; template($journo); }
function LookupToken($email) { $sql = <<<EOT SELECT token,created,data FROM token WHERE scope='login' AND encode( data, 'escape' ) ilike ? ORDER BY created DESC EOT; $q = db_query($sql, '%' . $email . '%'); $cnt = db_num_rows($q); if ($cnt == 0) { print "<p>No tokens found for <code>{$email}</code> (maybe they used a different email address?)</p>\n"; } else { print "<p>Found {$cnt} tokens for <code>{$email}</code> (most recent first)</p>\n"; print "<table border=1>\n"; print "<tr><th>when issued</th><th>email</th><th>confirmation link</th><th>stashed url</th></tr>\n"; while ($r = db_fetch_array($q)) { $t = strtotime($r['created']); $issued = strftime('%R %a %e %B %Y', $t); $token = $r['token']; $confirmation_url = OPTION_BASE_URL . "/login?t={$token}"; $stashed_url = '????'; $email = '????'; $pos = 0; $res = rabx_wire_rd(&$r['data'], &$pos); if (!rabx_is_error($res)) { $email = $res['email']; $stashed_url = db_getOne("SELECT url FROM requeststash WHERE key=?", $res['stash']); if (!$stashed_url) { $stashed_url = '-none- (which probably means they clicked the link)'; } } ?> <tr> <td><?php echo $issued; ?> </td> <td><code><?php echo $email; ?> </code></td> <td><code><?php echo $confirmation_url; ?> </code></td> <td><code><?php echo $stashed_url; ?> </code></td> </tr> <?php } print "</table>\n"; } }
function handleSubmit() { // rewrite the whole lot... (but only the types the user can edit!) db_do("DELETE FROM journo_weblink WHERE kind NOT IN ('pingback','twitter') AND journo_id=?", $this->journo['id']); $rankstep = 10; $rank = 100 + $rankstep * sizeof($this->submitted); foreach ($this->submitted as &$w) { db_do("INSERT INTO journo_weblink (journo_id,kind,url,description,approved,rank) VALUES (?,?,?,?,true,?)", $this->journo['id'], $w['kind'], $w['url'], $w['description'], $rank); $w['id'] = db_getOne("SELECT lastval()"); $rank = $rank - $rankstep; } db_commit(); eventlog_Add('modify-weblinks', $this->journo['id']); }
function stash_get_extra($key) { return db_getOne('select extra from requeststash where key = ?', $key); }
function DoAddAlert($P, $journo_ref) { $journo = db_getRow("SELECT id,prettyname FROM journo WHERE ref=? AND status='a'", $journo_ref); if (!$journo) { err("bad journalist ref"); } $url = "/{$journo_ref}"; $journo_id = $journo['id']; if (!db_getOne("SELECT id FROM alert WHERE journo_id=? AND person_id=?", $journo_id, $P->id)) { db_query("INSERT INTO alert (person_id,journo_id) VALUES (?,?)", $P->id, $journo_id); db_commit(); print "<p class=\"infomessage\"><a href=\"{$url}\">{$journo['prettyname']}</a> was added to your list.</p>\n"; } else { print "<p class=\"infomessage\"><a href=\"{$url}\">{$journo['prettyname']}</a> is already on your list.</p>\n"; } }
function check_password($p) { $c = db_getOne('select password from person where id = ?', $this->id); if (is_null($c)) { return false; } elseif (crypt($p, $c) != $c) { return false; } else { return true; } }
function handle_pingback($method, $params, $extra) { list($sourceURI, $targetURI) = $params; // fetch the source URI to verify that the source does indeed link to the target $html = file_get_contents($sourceURI); if ($html === FALSE) { CRAPLOG("0x10\n"); return 0x10; // "The source URI does not exist." } // cheesy conversion to utf-8 $html = mb_convert_encoding($html, 'UTF-8', mb_detect_encoding($html, 'UTF-8, ISO-8859-1, windows-1252', true)); $html = html_entity_decode($html, ENT_COMPAT, 'UTF-8'); if (strpos($html, $targetURI) === FALSE) { CRAPLOG("0x11\n"); return 0x11; // "The source URI does not contain a link to the target URI, and so cannot be used as a source." } // check URL, try and extract journo ref $bits = crack_url($targetURI); $path = $bits['path']; $m = array(); $ref = null; if (preg_match("%([a-zA-Z0-9]+-[-a-zA-Z0-9]+)/?%", $path, $m)) { $ref = $m[1]; } if ($ref === null) { CRAPLOG("0x21\n"); return 0x21; // "The specified target URI cannot be used as a target." } // valid journo? $journo = db_getRow("SELECT * FROM journo WHERE ref=? AND status='a'", $ref); if ($journo === null) { CRAPLOG("0x21 (invalid journo)\n"); return 0x21; // "The specified target URI cannot be used as a target." } // try and extract title to use as description $desc = $sourceURI; $m = array(); if (preg_match('!<title>(.*?)</title>!i', $html, $m)) { $desc = $m[1]; $desc = preg_replace('/\\s+/', ' ', $desc); } // already got this pingback? if (db_getOne("SELECT id FROM journo_weblink WHERE journo_id=? AND url=? AND approved=true", $journo['id'], $sourceURI)) { CRAPLOG("0x30\n"); return 0x30; // "The pingback has already been registered." } // OK. time to add it! $sql = <<<EOT INSERT INTO journo_weblink (journo_id, url, description, approved, kind, rank) VALUES ( ?,?,?,true,'pingback',500) EOT; db_do($sql, $journo['id'], $sourceURI, $desc); db_commit(); CRAPLOG("added.\n"); return "Ping registered - thanks"; }
function replacePhoto($p, $is_thumbnail = FALSE) { $new_photo = null; if ($p) { if (is_resource($p) && get_resource_type($p) == 'gd') { $new_photo = image_storeGD($p); } else { // assume it's an uploaded file $new_photo = image_storeUploaded($p); } if ($new_photo) { $new_photo['image_id'] = $new_photo['id']; $new_photo['is_thumbnail'] = $is_thumbnail; unset($new_photo['id']); } } if ($this->photo) { // remove existing one from db db_do("DELETE FROM journo_photo WHERE id=?", $this->photo['id']); db_do("DELETE FROM image WHERE id=?", $this->photo['image_id']); } if ($new_photo) { // put new one in db $new_photo['id'] = db_getOne("select nextval('journo_photo_id_seq' )"); db_do("INSERT INTO journo_photo (journo_id,image_id,is_thumbnail) VALUES (?,?,?)", $this->journo['id'], $new_photo['image_id'], $new_photo['is_thumbnail']); } db_commit(); if ($this->photo) { // db synced - can now zap the old file unlink(image_path($this->photo['filename'])); } // done. $this->photo = $new_photo; }
function perform($params) { // profiles created in last 7 days $sql = <<<EOT SELECT count(*) FROM journo j INNER JOIN person_permission perm ON perm.journo_id=j.id WHERE date(j.created) = date(perm.created) AND perm.permission='edit' AND j.created > NOW()-interval '7 days' EOT; $profiles_created_last_7_days = intval(db_getOne($sql)); // profiles created overall $sql = <<<EOT SELECT count(*) FROM journo j INNER JOIN person_permission perm ON perm.journo_id=j.id WHERE date(j.created) = date(perm.created) AND perm.permission='edit' EOT; $profiles_created_all_time = intval(db_getOne($sql)); // profiles claimed in last 7 days $sql = "SELECT COUNT(*) from person_permission WHERE permission IN ('claimed','edit') AND created>NOW()-interval '7 days'"; $profiles_claimed_last_7_days = intval(db_getOne($sql)); // total profiles edited overall $sql = "SELECT COUNT( DISTINCT journo_id) FROM event_log"; $profiles_edited_all_time = intval(db_getOne($sql)); // total alert subscribers $sql = "SELECT COUNT( DISTINCT person_id) FROM alert"; $num_alert_subscribers = intval(db_getOne($sql)); ?> <table border=0> <tr><th>Profiles created over last 7 days<th><td><?php echo $profiles_created_last_7_days; ?> </td><tr> <tr><th>Profiles created ever<th><td><?php echo $profiles_created_all_time; ?> </td><tr> <tr><th>Profiles claimed over last 7 days<th><td><?php echo $profiles_claimed_last_7_days; ?> </td><tr> <tr><th>Profiles edited ever<th><td><?php echo $profiles_edited_all_time; ?> </td><tr> <tr><th>Number of alert subscribers<th><td><?php echo $num_alert_subscribers; ?> </td><tr> </table> <?php }
function journo_countArticles($journo_id) { $sql = <<<EOT SELECT COUNT(*) FROM journo_other_articles WHERE status='a' AND journo_id=? EOT; $cnt = db_getOne($sql, $journo_id); $sql = <<<EOT SELECT COUNT(*) FROM article a INNER JOIN journo_attr attr ON a.id=attr.article_id WHERE a.status='a' AND attr.journo_id=? EOT; $cnt += db_getOne($sql, $journo_id); return $cnt; }
function canEditJourno($journo_id) { $P = person_if_signed_on(); if (is_null($P)) { return FALSE; } if (db_getOne("SELECT id FROM person_permission WHERE person_id=? AND ((journo_id=? AND permission='edit') OR permission='admin')", $P->id(), $journo_id)) { return TRUE; } else { return FALSE; } }
require_once 'weblink_widget.php'; //require_once "HTML/QuickForm.php"; function ExtraHead() { WeblinkWidget::emit_head_js(); } $statusnames = array('i' => 'i - Inactive', 'a' => 'a - Active', 'h' => 'h - Hidden'); $ref = strtolower(get_http_var('ref', '')); $journo_id = get_http_var('journo_id'); if ($ref) { $journo_id = db_getOne("SELECT id FROM journo WHERE ref=?", $ref); } $action = get_http_var('action'); $journo_name = 'Journos'; if ($journo_id) { $journo_name = db_getOne("SELECT prettyname FROM journo WHERE id=?", $journo_id); } admPageHeader($journo_name, "ExtraHead"); switch ($action) { case 'list': /* List journos */ print "<h2>Journalists</h2>\n"; EmitJournoFilterForm(); EmitJournoList(); break; case 'change_status': ChangeJournoStatus($journo_id, get_http_var('status')); EmitJourno($journo_id); break; case "add_link": AddWeblink($journo_id, get_http_var('url'), get_http_var('desc'));
db_commit(); } // just use journo id to index cache... other pages won't clash. $cacheid = 'json_' . $journo['id']; $data = null; if (strtolower(get_http_var('full') == 'yes')) { /* force a full page rebuild (slow) */ $data = journo_collectData($journo); $json = json_encode($data); db_do("DELETE FROM htmlcache WHERE name=?", $cacheid); db_do("INSERT INTO htmlcache (name,content) VALUES(?,?)", $cacheid, $json); db_do("UPDATE journo SET modified=false WHERE id=?", $journo['id']); db_commit(); } else { /* look for cached data to build the page with */ $cached_json = db_getOne("SELECT content FROM htmlcache WHERE name=?", $cacheid); if (is_null($cached_json)) { /* uh-oh... page is missing from the cache... generate a quick n nasty version right now! */ $data = journo_collectData($journo, true); $json_quick = json_encode($data); /* mark journo as needing their page sorted out! */ db_do("UPDATE journo SET modified=true WHERE id=?", $journo['id']); /* save the quick-n-nasty data */ db_do("INSERT INTO htmlcache (name,content) VALUES(?,?)", $cacheid, $json_quick); db_commit(); } else { /* there is cached data - yay! */ $data = json_decode($cached_json, true); if ($can_edit_page && $journo['modified'] == 't') { /* journo is logged in and the page is out of date... * update the cached data with some fresh quick-n-nasty data
function find_or_create_publication($domain) { $foo = preg_replace("/^www[.]/", "", $domain); $pub_id = db_getOne("SELECT pub_id FROM pub_domain WHERE domain in (?,?) LIMIT 1", $foo, "www.{$foo}"); if (!is_null($pub_id)) { return $pub_id; } // not found, so create a new publication: $shortname = $foo; $prettyname = $foo; $shortname = $foo; $sortname = $foo; $home_url = "http://{$domain}"; $pub_id = db_getOne("INSERT INTO organisation (id,shortname,prettyname,sortname,home_url) VALUES (DEFAULT, ?,?,?,?) RETURNING id", $shortname, $prettyname, $sortname, $home_url); db_do("INSERT INTO pub_domain (pub_id,domain) VALUES (?,?)", $pub_id, $domain); db_do("INSERT INTO pub_alias (pub_id,alias) VALUES (?,?)", $pub_id, $prettyname); return $pub_id; }
function account_page() { $r = array('reason_web' => "Log in", 'reason_email' => "Log in to Journalisted", 'reason_email_subject' => 'Log in to Journalisted'); $P = person_signon($r); $passwordbox = new PasswordBox(); // linked to a journo for editing (or claim pending)? $sql = <<<EOT SELECT j.*, perm.permission FROM journo j INNER JOIN person_permission perm ON perm.journo_id=j.id WHERE perm.permission in ('edit','claimed') AND perm.person_id=? LIMIT 1 EOT; $journo = db_getRow($sql, $P->id()); // signed up for newsletters? $newsletter = db_getOne("SELECT person_id FROM person_receives_newsletter WHERE person_id=?", $P->id()) ? TRUE : FALSE; // how many alerts set up? $alert_cnt = db_getOne("SELECT count(*) FROM alert WHERE person_id=?", $P->id()); // what bits of profile have been filled in? $photo_cnt = 0; $edu_cnt = 0; $emp_cnt = 0; $book_cnt = 0; $award_cnt = 0; $admired_cnt = 0; if (!is_null($journo)) { $photo_cnt = db_getOne("SELECT count(*) FROM journo_photo WHERE journo_id=?", $journo['id']); $edu_cnt = db_getOne("SELECT count(*) FROM journo_education WHERE journo_id=?", $journo['id']); $emp_cnt = db_getOne("SELECT count(*) FROM journo_employment WHERE journo_id=?", $journo['id']); $book_cnt = db_getOne("SELECT count(*) FROM journo_books WHERE journo_id=?", $journo['id']); $award_cnt = db_getOne("SELECT count(*) FROM journo_awards WHERE journo_id=?", $journo['id']); $admired_cnt = db_getOne("SELECT count(*) FROM journo_admired WHERE journo_id=?", $journo['id']); $weblink_cnt = db_getOne("SELECT count(*) FROM journo_weblink WHERE kind<>'pingback' AND journo_id=?", $journo['id']); // collect contact details from all around $sql = <<<EOT SELECT ( SELECT count(*) FROM journo_address WHERE journo_id=? ) + ( SELECT count(*) FROM journo_phone WHERE journo_id=? ) + ( SELECT count(*) FROM journo_email WHERE approved=true AND journo_id=? ) + ( SELECT count(*) FROM journo_weblink WHERE kind='twitter' AND journo_id=? ) + ( SELECT count(*) FROM journo_address WHERE journo_id=? ); EOT; $contact_cnt = db_getOne($sql, $journo['id'], $journo['id'], $journo['id'], $journo['id'], $journo['id']); // combined article count (ugh) $sql = <<<EOT SELECT ( SELECT COUNT(*) FROM (article a INNER JOIN journo_attr attr ON attr.journo_id=a.id) WHERE a.status='a' AND attr.journo_id=? ) + ( SELECT COUNT(*) FROM journo_other_articles WHERE status='a' AND journo_id=? ) EOT; $article_cnt = db_getOne($sql, $journo['id'], $journo['id']); } $name_or_email = $P->name_or_blank() ? $P->name : $P->email; $title = "Your account"; page_header($title); if (!is_null($journo) && $journo['permission'] == 'edit' && $journo['status'] == 'i') { emit_inactive_note($journo); } ?> <div class="main account"> <h2>Welcome to journa<i>listed</i>, <?php echo $name_or_email; ?> </h2> <?php /* show a bunch of things user could/should do now... */ if (!is_null($journo) && $journo['permission'] == 'claimed') { emit_claim_pending($journo); } if (!is_null($journo) && $journo['permission'] == 'edit') { ?> Your public profile is at:<br/> <a class="public-profile-location" href="/<?php echo $journo['ref']; ?> "><?php echo OPTION_BASE_URL . '/' . $journo['ref']; ?> </a> <br/> <?php } ?> Things you can do now... <br/> <?php $n = 0; // track the number of items we're displaying if (!is_null($journo) && $journo['permission'] == 'edit') { if ($article_cnt < OPTION_JL_JOURNO_ACTIVATION_THRESHOLD) { emit_add_articles($journo); ++$n; } if ($photo_cnt == 0) { emit_add_photo($journo); ++$n; } if ($emp_cnt == 0) { emit_add_experience($journo); ++$n; } if ($edu_cnt == 0) { emit_add_education($journo); ++$n; } if ($weblink_cnt == 0) { emit_add_links($journo); ++$n; } if ($admired_cnt == 0) { emit_add_admired($journo); ++$n; } if ($contact_cnt == 0) { emit_add_contact_details($journo); ++$n; } } if ($alert_cnt == 0 && $n < 6 || $n < 2) { emit_add_alerts($alert_cnt); ++$n; } if (!$newsletter && $n < 6 || $n < 2) { emit_subscribe_to_newsletter($newsletter); ++$n; } ?> </div> <!-- end main --> <div class="sidebar"> <div class="box"> <div class="head"> <h3><?php echo $passwordbox->title(); ?> </h3> </div> <div class="body"> <?php $passwordbox->emit(); ?> <p>If you need to change your email address, please <?php echo SafeMailto(OPTION_TEAM_EMAIL, "let us know"); ?> </p> </div> <div class="foot"></div> </div> </div> <!-- end sidebar --> <?php page_footer(); }
function grab_articles($f, $o, $ot, $offset, $limit) { global $_time_intervals; global $_sortable_fields; list($conds, $params) = build_query($f); // make sure ordering params are sensible $o = strtolower($o); assert(in_array($o, $_sortable_fields)); $ot = strtolower($ot); assert($ot == 'asc' || $ot == 'desc'); $from_clause = " FROM (article a INNER JOIN organisation o ON o.id=a.srcorg)\n"; $where_clause = ''; if ($conds) { $where_clause = ' WHERE ' . implode(' AND ', $conds) . "\n"; } if ($o == 'publication') { $o = 'lower(o.prettyname)'; } if ($o == 'byline') { $o = 'lower(byline)'; } if ($o == 'title') { $o = 'lower(title)'; } $order_clause = sprintf(" ORDER BY %s %s\n", $o, $ot); $limit_clause = sprintf(" OFFSET %d LIMIT %d\n", $offset, $limit); $sql = "SELECT a.id,a.title,a.byline,a.description,a.permalink, a.pubdate, a.lastscraped, " . "o.id as pub_id, o.shortname as pub_shortname, o.prettyname as pub_name, o.home_url as pub_home_url\n" . $from_clause . $where_clause . $order_clause . $limit_clause; $arts = db_getAll($sql, $params); $sql = "SELECT COUNT(*)\n" . $from_clause . $where_clause; $total = intval(db_getOne($sql, $params)); return array(&$arts, $total); }
<?php // sigh... stupid php include-path trainwreck... chdir(dirname(dirname(__FILE__))); require_once '../conf/general'; require_once '../../phplib/db.php'; require_once '../phplib/adm.php'; require_once '../phplib/admmodels.php'; $id = get_http_var("id", null); $journo_id = get_http_var("journo_id", null); if (is_null($journo_id)) { $journo_id = db_getOne("SELECT journo_id FROM journo_awards WHERE id=?", $id); } $journo = db_getRow("SELECT * FROM journo WHERE id=?", $journo_id); admPageHeader($journo['ref'] . " Award Info"); $action = get_http_var('_action'); if ($action == 'update' || $action == 'create') { // form has been submitted $obj = new Award(); $obj->fromHTTPVars($_POST); /* print"<hr/><pre><code>\n"; print_r( $_POST ); print "--------\n"; print_r( $obj ); print"</code></pre><hr/>\n"; */ $obj->save(); ?> <div class="info">Saved.</div> <?php
$action = get_http_var('action'); page_header("Weekly digest"); $info_msg = null; if ($action == 'subscribe') { db_do("DELETE FROM person_receives_newsletter WHERE person_id=?", $P->id); db_do("INSERT INTO person_receives_newsletter (person_id) VALUES (?)", $P->id); db_commit(); $info_msg = "You have been subscribed to the weekly digest."; } if ($action == 'unsubscribe') { db_do("DELETE FROM person_receives_newsletter WHERE person_id=?", $P->id); db_commit(); $info_msg = "You have been unsubscribed from the weekly digest."; } $subscribed = FALSE; if (!is_null(db_getOne("SELECT person_id FROM person_receives_newsletter WHERE person_id=?", $P->id))) { $subscribed = TRUE; } ?> <div class="main"> <?php if ($info_msg) { ?> <div class="infomessage"> <?php echo $info_msg; ?> </div> <?php
function newsSave(&$post) { if (array_key_exists('id', $post)) { // update existing post db_do("UPDATE news SET status=?, title=?, author=?, slug=?, content=?, kind=?, date_from=?, date_to=? WHERE id=?", $post['status'], $post['title'], $post['author'], $post['slug'], $post['content'], $post['kind'], $post['date_from'], $post['date_to'], $post['id']); } else { db_do("INSERT INTO news (status, title, author, posted, slug, content,kind,date_from,date_to) VALUES (?,?,?,NOW(),?,?,?,?,?)", $post['status'], $post['title'], $post['author'], $post['slug'], $post['content'], $post['kind'], $post['date_from'], $post['date_to']); $post['id'] = db_getOne("SELECT lastval()"); } db_commit(); ?> <div class="action_summary"> Saved <a href="/news/<?php echo $post['slug']; ?> "><?php echo $post['title']; ?> </a> </div> <?php }
function article_find($url) { return db_getOne("SELECT article_id FROM article_url WHERE url=?", $url); }