function __construct()
{
global $_zp_authority, $_userAddressFields;
$firstTime = false;
$tablecols = db_list_fields('administrators');
foreach ($tablecols as $key => $datum) {
if ($datum['Field'] == 'custom_data') {
$firstTime = true;
enableExtension('userAddressFields', true);
break;
}
}
parent::constructor('userAddressFields', self::fields());
if ($firstTime) {
// migrate the custom data user data
$result = query('SELECT * FROM ' . prefix('administrators') . ' WHERE `valid`!=0');
if ($result) {
while ($row = db_fetch_assoc($result)) {
$custom = getSerializedArray($row['custom_data']);
if (!empty($custom)) {
$sql = 'UPDATE ' . prefix('administrators') . ' SET ';
foreach ($custom as $field => $val) {
$sql .= '`' . $field . '`=' . db_quote($val) . ',';
}
setupQuery($sql);
}
}
db_free_result($result);
}
setupQuery('ALTER TABLE ' . prefix('administrators') . ' DROP `custom_data`');
}
$cloneid = bin2hex(FULLWEBPATH);
if (OFFSET_PATH == 2 && isset($_SESSION['admin'][$cloneid])) {
$user = unserialize($_SESSION['admin'][$cloneid]);
$user2 = $_zp_authority->getAnAdmin(array('`user`=' => $user->getUser(), '`pass`=' => $user->getPass(), '`valid`=' => 1));
if ($user2) {
foreach (userAddressFields::fields() as $field) {
$user2->set($field['name'], $user->get($field['name']));
}
$user2->save();
}
}
}
$check = -1;
}
if (empty($tableslist)) {
$msg = gettext('<em>SHOW TABLES</em> [found no tables]');
$msg2 = '';
} else {
$msg = sprintf(gettext("<em>SHOW TABLES</em> found: %s"), substr($tableslist, 0, -2));
$msg2 = '';
}
checkMark($check, $msg, gettext("<em>SHOW TABLES</em> [Failed]"), sprintf(gettext("The database did not return a list of the database tables for <code>%s</code>."), $_zp_conf_vars['mysql_database']) . "<br />" . gettext("<strong>Setup</strong> will attempt to create all tables. This will not over write any existing tables."));
if (isset($_zp_conf_vars['UTF-8']) && $_zp_conf_vars['UTF-8']) {
$fields = 0;
$fieldlist = array();
foreach (array('images' => 1, 'albums' => 2) as $lookat => $add) {
if (in_array($_zp_conf_vars['mysql_prefix'] . $lookat, $tables)) {
$columns = db_list_fields('images');
if ($columns) {
foreach ($columns as $col => $utf8) {
if (!is_null($row['Collation']) && $row['Collation'] != 'utf8_unicode_ci') {
$fields = $fields | $add;
$fieldlist[] = '<code>' . $lookat . '->' . $col . '</code>';
}
}
} else {
$fields = 4;
}
}
}
$err = -1;
switch ($fields) {
case 0:
/**
* Searches the table for tags
* Returns an array of database records.
*
* @param string $searchstring
* @param string $tbl set to 'albums' or 'images'
* @param string $sorttype what to sort on
* @param string $sortdirection what direction
* @return array
*/
function searchFieldsAndTags($searchstring, $tbl, $sorttype, $sortdirection)
{
$allIDs = null;
$idlist = array();
$exact = EXACT_TAG_MATCH;
// create an array of [tag, objectid] pairs for tags
$tag_objects = array();
$fields = $this->fieldList;
if (count($fields) == 0) {
// then use the default ones
$fields = $this->allowedSearchFields();
}
foreach ($fields as $key => $field) {
if (strtolower($field) == 'tags') {
unset($fields[$key]);
$tagsql = 'SELECT t.`name`, o.`objectid` FROM ' . prefix('tags') . ' AS t, ' . prefix('obj_to_tag') . ' AS o WHERE t.`id`=o.`tagid` AND o.`type`="' . $tbl . '" AND (';
foreach ($searchstring as $singlesearchstring) {
switch ($singlesearchstring) {
case '&':
case '!':
case '|':
case '(':
case ')':
break;
default:
$targetfound = true;
if ($exact) {
$tagsql .= '`name` = ' . db_quote($singlesearchstring) . ' OR ';
} else {
$tagsql .= '`name` LIKE ' . db_quote('%' . $singlesearchstring . '%') . ' OR ';
}
}
}
$tagsql = substr($tagsql, 0, strlen($tagsql) - 4) . ') ORDER BY t.`id`';
$objects = query_full_array($tagsql, false);
if (is_array($objects)) {
$tag_objects = $objects;
}
break;
}
}
// create an array of [name, objectid] pairs for the search fields.
$field_objects = array();
if (count($fields) > 0) {
$columns = array();
$dbfields = db_list_fields($tbl);
if (is_array($dbfields)) {
foreach ($dbfields as $row) {
$columns[] = strtolower($row['Field']);
}
}
foreach ($searchstring as $singlesearchstring) {
switch ($singlesearchstring) {
case '&':
case '!':
case '|':
case '(':
case ')':
break;
default:
$targetfound = true;
query('SET @serachtarget=' . db_quote($singlesearchstring));
$fieldsql = '';
foreach ($fields as $fieldname) {
if ($tbl == 'albums' && $fieldname == 'filename') {
$fieldname = 'folder';
} else {
$fieldname = strtolower($fieldname);
}
if ($fieldname && in_array($fieldname, $columns)) {
$fieldsql .= ' `' . $fieldname . '` LIKE ' . db_quote('%' . $singlesearchstring . '%') . ' OR ';
}
}
if (!empty($fieldsql)) {
$fieldsql = substr($fieldsql, 0, strlen($fieldsql) - 4) . ') ORDER BY `id`';
$sql = 'SELECT @serachtarget AS name, `id` AS `objectid` FROM ' . prefix($tbl) . ' WHERE (' . $fieldsql;
$objects = query_full_array($sql, false);
if (is_array($objects)) {
$field_objects = array_merge($field_objects, $objects);
}
}
}
}
}
$objects = array_merge($tag_objects, $field_objects);
if (count($objects) != 0) {
$tagid = '';
$taglist = array();
foreach ($objects as $object) {
$tagid = strtolower($object['name']);
if (!isset($taglist[$tagid]) || !is_array($taglist[$tagid])) {
$taglist[$tagid] = array();
}
$taglist[$tagid][] = $object['objectid'];
}
$op = '';
$idstack = array();
$opstack = array();
while (count($searchstring) > 0) {
$singlesearchstring = array_shift($searchstring);
switch ($singlesearchstring) {
case '&':
case '!':
case '|':
$op = $op . $singlesearchstring;
break;
case '(':
array_push($idstack, $idlist);
array_push($opstack, $op);
$idlist = array();
$op = '';
break;
case ')':
$objectid = $idlist;
$idlist = array_pop($idstack);
$op = array_pop($opstack);
switch ($op) {
case '&':
if (is_array($objectid)) {
$idlist = array_intersect($idlist, $objectid);
} else {
$idlist = array();
}
break;
case '!':
break;
// Paren followed by NOT is nonsensical?
// Paren followed by NOT is nonsensical?
case '&!':
if (is_array($objectid)) {
$idlist = array_diff($idlist, $objectid);
}
break;
case '':
case '|':
if (is_array($objectid)) {
$idlist = array_merge($idlist, $objectid);
}
break;
}
$op = '';
break;
default:
$lookfor = strtolower($singlesearchstring);
$objectid = NULL;
foreach ($taglist as $key => $objlist) {
if ($exact && $lookfor == $key || !$exact && preg_match('%' . $lookfor . '%', $key)) {
if (is_array($objectid)) {
$objectid = array_merge($objectid, $objlist);
} else {
$objectid = $objlist;
}
}
}
switch ($op) {
case '&':
if (is_array($objectid)) {
$idlist = array_intersect($idlist, $objectid);
} else {
$idlist = array();
}
break;
case '!':
if (is_null($allIDs)) {
$allIDs = array();
$result = query_full_array("SELECT `id` FROM " . prefix($tbl));
if (is_array($result)) {
foreach ($result as $row) {
$allIDs[] = $row['id'];
}
}
}
if (is_array($objectid)) {
$idlist = array_merge($idlist, array_diff($allIDs, $objectid));
}
break;
case '&!':
if (is_array($objectid)) {
$idlist = array_diff($idlist, $objectid);
}
break;
case '':
case '|':
if (is_array($objectid)) {
$idlist = array_merge($idlist, $objectid);
}
break;
}
$idlist = array_unique($idlist);
$op = '';
break;
}
$idlist = array_unique($idlist);
}
}
if (count($idlist) == 0) {
return NULL;
}
$sql = 'SELECT DISTINCT `id`,`show`,`title`,';
switch ($tbl) {
case 'pages':
case 'news':
$sql .= '`titlelink` ';
break;
case 'albums':
$sql .= "`desc`,`folder` ";
break;
default:
$sql .= "`desc`,`albumid`,`filename`,`location`,`city`,`state`,`country` ";
break;
}
if (zp_loggedin()) {
$show = '';
} else {
$show = "`show` = 1 AND ";
}
switch ($tbl) {
case 'news':
if (is_array($this->category_list)) {
$news_list = $this->subsetNewsCategories();
$idlist = array_intersect($news_list, $idlist);
if (count($idlist) == 0) {
return NULL;
}
}
if (empty($sorttype)) {
$key = '`date` DESC';
} else {
$key = trim('`' . $sorttype . '` ' . $sortdirection);
}
if ($show) {
$show .= '`date`<=' . db_quote(date('Y-m-d H:i:s')) . ' AND ';
}
break;
case 'pages':
if ($show) {
$show .= '`date`<=' . db_quote(date('Y-m-d H:i:s')) . ' AND ';
}
$key = '`sort_order`';
break;
case 'albums':
if (is_null($sorttype)) {
if (empty($this->dynalbumname)) {
$key = lookupSortKey($this->gallery->getSortType(), 'sort_order', 'folder');
if ($this->gallery->getSortDirection()) {
$key .= " DESC";
}
} else {
$gallery = new Gallery();
$album = new Album($gallery, $this->dynalbumname);
$key = $album->getAlbumSortKey();
if ($key != '`sort_order`' && $key != 'RAND()') {
if ($album->getSortDirection('album')) {
$key .= " DESC";
}
}
}
} else {
$sorttype = lookupSortKey($sorttype, 'sort_order', 'folder');
$key = trim($sorttype . ' ' . $sortdirection);
}
break;
default:
if (is_null($sorttype)) {
if (empty($this->dynalbumname)) {
$key = lookupSortKey(IMAGE_SORT_TYPE, 'filename', 'filename');
if (IMAGE_SORT_DIRECTION) {
$key .= " DESC";
}
} else {
$gallery = new Gallery();
$album = new Album($gallery, $this->dynalbumname);
$key = $album->getImageSortKey();
if ($key != '`sort_order`') {
if ($album->getSortDirection('image')) {
$key .= " DESC";
}
}
}
} else {
$sorttype = lookupSortKey($sorttype, 'filename', 'filename');
$key = trim($sorttype . ' ' . $sortdirection);
}
break;
}
$sql .= "FROM " . prefix($tbl) . " WHERE " . $show;
$sql .= '(' . $this->compressedIDList($idlist) . ')';
$sql .= " ORDER BY " . $key;
$result = query_full_array($sql);
return $result;
}
datepickerJS();
codeblocktabsJS();
if (!isset($_GET['massedit']) && !isset($_GET['album']) || $subtab == 'subalbuminfo') {
printSortableHead();
}
if (isset($_GET['album']) && (empty($subtab) || $subtab == 'albuminfo') || isset($_GET['massedit'])) {
$result = db_list_fields('albums');
$dbfields = array();
if ($result) {
foreach ($result as $row) {
$dbfields[] = "'" . $row['Field'] . "'";
}
}
sort($dbfields);
$albumdbfields = implode(',', $dbfields);
$result = db_list_fields('images');
$dbfields = array();
if ($result) {
foreach ($result as $row) {
$dbfields[] = "'" . $row['Field'] . "'";
}
}
sort($dbfields);
$imagedbfields = implode(',', $dbfields);
?>
<script type="text/javascript" src="js/encoder.js"></script>
<script type="text/javascript" src="js/tag.js"></script>
<script type="text/javascript">
//<!-- <![CDATA[
var albumdbfields = [<?php
echo $albumdbfields;
while ($row = db_fetch_assoc($resource)) {
$result[] = $row;
}
db_free_result($resource);
} else {
$result = false;
}
$unique = $tables = array();
$table_cleared = array();
if (is_array($result)) {
foreach ($result as $row) {
extendExecution();
$table = array_shift($row);
$tables[$table] = array();
$table_cleared[$table] = false;
$result2 = db_list_fields(substr($table, $prefixLen));
if (is_array($result2)) {
foreach ($result2 as $row) {
$tables[$table][] = $row['Field'];
}
}
$result2 = db_show('index', $table);
if (is_array($result2)) {
foreach ($result2 as $row) {
if (is_array($row)) {
if (array_key_exists('Non_unique', $row) && !$row['Non_unique']) {
$unique[$table][] = $row['Column_name'];
}
}
}
}
/**
* Returns a sort field part for querying
* Note: $sorttype may be a comma separated list of field names. If so,
* these are peckmarked and returned otherwise unchanged.
*
* @param string $sorttype the 'Display" name of the sort
* @param string $default the default if $sorttype is empty
* @param string $table the database table being used.
* @return string
*/
function lookupSortKey($sorttype, $default, $table)
{
global $_zp_fieldLists;
switch (strtolower($sorttype)) {
case 'random':
return 'RAND()';
case "manual":
return 'sort_order';
default:
if (empty($sorttype)) {
if (empty($default)) {
return 'id';
}
return $default;
}
if (substr($sorttype, 0) == '(') {
return $sorttype;
}
if ($table == 'albums') {
// filename is synonomon for folder with albums
$sorttype = str_replace('filename', 'folder', $sorttype);
}
if (is_array($_zp_fieldLists) && isset($_zp_fieldLists[$table])) {
$dbfields = $_zp_fieldLists[$table];
} else {
$result = db_list_fields($table);
$dbfields = array();
if ($result) {
foreach ($result as $row) {
$dbfields[strtolower($row['Field'])] = $row['Field'];
}
}
$_zp_fieldLists[$table] = $dbfields;
}
$sorttype = strtolower($sorttype);
$list = explode(',', $sorttype);
$rslt = array();
foreach ($list as $key => $field) {
if (array_key_exists($field = trim($field, '`'), $dbfields)) {
$rslt[] = '`' . trim($dbfields[$field]) . '`';
}
}
if (empty($rslt)) {
return 'id';
}
return implode(',', $rslt);
}
}
/**
*
* This method establishes the current set of database fields. It will add the
* fields to the database if they are not already present. Fields from previous
* constructor calls that are no longer in the list will be removed from the
* database (along with any data associated with them.)
*
* @param array $newfields
*/
function constructor($me, $newfields)
{
$database = array();
foreach (getDBTables() as $table) {
$tablecols = db_list_fields($table);
foreach ($tablecols as $key => $datum) {
$database[$table][$datum['Field']] = $datum;
}
}
$current = $fields = $searchDefault = array();
if (extensionEnabled($me)) {
//need to update the database tables.
foreach ($newfields as $newfield) {
$table = $newfield['table'];
$name = $newfield['name'];
if (!($existng = isset($database[$table][$name]))) {
if (isset($newfield['searchDefault']) && $newfield['searchDefault']) {
$searchDefault[] = $name;
}
}
if (is_null($newfield['type'])) {
if ($name == 'tags') {
setOption('adminTagsTab', 1);
}
} else {
switch (strtolower($newfield['type'])) {
default:
$dbType = strtoupper($newfield['type']);
break;
case 'int':
$dbType = strtoupper($newfield['type']) . '(' . min(255, $newfield['size']) . ')';
if (isset($newfield['attribute'])) {
$dbType .= ' ' . $newfield['attribute'];
unset($newfield['attribute']);
}
break;
case 'varchar':
$dbType = strtoupper($newfield['type']) . '(' . min(255, $newfield['size']) . ')';
break;
}
if ($existng) {
if (strtoupper($database[$table][$name]['Type']) != $dbType || empty($database[$table][$name]['Comment'])) {
$cmd = ' CHANGE `' . $name . '`';
} else {
$cmd = NULL;
}
unset($database[$table][$name]);
} else {
$cmd = ' ADD COLUMN';
}
$sql = 'ALTER TABLE ' . prefix($newfield['table']) . $cmd . ' `' . $name . '` ' . $dbType;
if (isset($newfield['attribute'])) {
$sql .= ' ' . $newfield['attribute'];
}
if (isset($newfield['default'])) {
$sql .= ' DEFAULT ' . $newfield['default'];
}
$sql .= " COMMENT 'optional_{$me}'";
if ((!$cmd || setupQuery($sql)) && in_array($newfield['table'], array('albums', 'images', 'news', 'news_categories', 'pages'))) {
$fields[] = strtolower($newfield['name']);
}
$current[$newfield['table']][$newfield['name']] = $dbType;
}
}
setOption(get_class($this) . '_addedFields', serialize($current));
if (!empty($searchDefault)) {
$fieldExtenderMutex = new zpMutex('fE');
$fieldExtenderMutex->lock();
$engine = new SearchEngine();
$set_fields = $engine->allowedSearchFields();
$set_fields = array_unique(array_merge($set_fields, $searchDefault));
setOption('search_fields', implode(',', $set_fields));
$fieldExtenderMutex->unlock();
}
} else {
purgeOption(get_class($this) . '_addedFields');
}
foreach ($database as $table => $fields) {
//drop fields no longer defined
foreach ($fields as $field => $orphaned) {
if ($orphaned['Comment'] == "optional_{$me}") {
$sql = 'ALTER TABLE ' . prefix($table) . ' DROP `' . $field . '`';
setupQuery($sql);
}
}
}
}
}
}
printAdminHeader($_current_tab);
?>
<script type="text/javascript" src="js/farbtastic.js"></script>
<link rel="stylesheet" href="js/farbtastic.css" type="text/css" />
<?php
if ($_zp_admin_subtab == 'gallery' || $_zp_admin_subtab == 'image') {
if ($_zp_admin_subtab == 'image') {
$table = 'images';
$targetid = 'customimagesort';
} else {
$table = 'albums';
$targetid = 'customalbumsort';
}
$result = db_list_fields($table);
$dbfields = array();
if ($result) {
foreach ($result as $row) {
$dbfields[] = "'" . $row['Field'] . "'";
}
sort($dbfields);
}
?>
<script type="text/javascript" src="js/encoder.js"></script>
<script type="text/javascript" src="js/tag.js"></script>
<script type="text/javascript">
// <!-- <![CDATA[
$(function () {
$('#<?php
echo $targetid;
/**
* Searches the table for tags
* Returns an array of database records.
*
* @param array $searchstring
* @param string $tbl set DB table name to be searched
* @param string $sorttype what to sort on
* @param string $sortdirection what direction
* @return array
*/
protected function searchFieldsAndTags($searchstring, $tbl, $sorttype, $sortdirection)
{
global $_zp_gallery;
$weights = $idlist = array();
$sql = $allIDs = NULL;
$tagPattern = $this->tagPattern;
// create an array of [tag, objectid] pairs for tags
$tag_objects = array();
$fields = $this->fieldList;
if (count($fields) == 0) {
// then use the default ones
$fields = $this->allowedSearchFields();
}
foreach ($fields as $key => $field) {
switch ($field) {
case 'news_categories':
if ($tbl != 'news') {
break;
}
unset($fields[$key]);
query('SET @serachfield="news_categories"');
$tagsql = 'SELECT @serachfield AS field, t.`title` AS name, o.`news_id` AS `objectid` FROM ' . prefix('news_categories') . ' AS t, ' . prefix('news2cat') . ' AS o WHERE t.`id`=o.`cat_id` AND (';
foreach ($searchstring as $singlesearchstring) {
switch ($singlesearchstring) {
case '&':
case '!':
case '|':
case '(':
case ')':
break;
case '*':
$targetfound = true;
$tagsql .= "COALESCE(title, '') != '' OR ";
break;
default:
$targetfound = true;
$tagsql .= '`title` = ' . db_quote($singlesearchstring) . ' OR ';
}
}
$tagsql = substr($tagsql, 0, strlen($tagsql) - 4) . ') ORDER BY t.`id`';
$objects = query_full_array($tagsql, false);
if (is_array($objects)) {
$tag_objects = $objects;
}
break;
case 'tags_exact':
$tagPattern = array('type' => '=', 'open' => '', 'close' => '');
case 'tags':
unset($fields[$key]);
query('SET @serachfield="tags"');
$tagsql = 'SELECT @serachfield AS field, t.`name`, o.`objectid` FROM ' . prefix('tags') . ' AS t, ' . prefix('obj_to_tag') . ' AS o WHERE t.`id`=o.`tagid` AND o.`type`="' . $tbl . '" AND (';
foreach ($searchstring as $singlesearchstring) {
switch ($singlesearchstring) {
case '&':
case '!':
case '|':
case '(':
case ')':
break;
case '*':
query('SET @emptyfield="*"');
$tagsql = str_replace('t.`name`', '@emptyfield as name', $tagsql);
$tagsql .= "t.`name` IS NOT NULL OR ";
break;
default:
$targetfound = true;
if ($tagPattern['type'] == 'like') {
$target = db_LIKE_escape($singlesearchstring);
} else {
$target = $singlesearchstring;
}
$tagsql .= 't.`name` ' . strtoupper($tagPattern['type']) . ' ' . db_quote($tagPattern['open'] . $target . $tagPattern['close']) . ' OR ';
}
}
$tagsql = substr($tagsql, 0, strlen($tagsql) - 4) . ') ORDER BY t.`id`';
$objects = query_full_array($tagsql, false);
if (is_array($objects)) {
$tag_objects = array_merge($tag_objects, $objects);
}
break;
default:
break;
}
}
// create an array of [name, objectid] pairs for the search fields.
$field_objects = array();
if (count($fields) > 0) {
$columns = array();
$dbfields = db_list_fields($tbl);
if (is_array($dbfields)) {
foreach ($dbfields as $row) {
$columns[] = strtolower($row['Field']);
}
}
foreach ($searchstring as $singlesearchstring) {
switch ($singlesearchstring) {
case '!':
case '&':
case '|':
case '(':
case ')':
break;
default:
$targetfound = true;
query('SET @serachtarget=' . db_quote($singlesearchstring));
foreach ($fields as $fieldname) {
if ($tbl == 'albums' && strtolower($fieldname) == 'filename') {
$fieldname = 'folder';
} else {
$fieldname = strtolower($fieldname);
}
if ($fieldname && in_array($fieldname, $columns)) {
query('SET @serachfield=' . db_quote($fieldname));
switch ($singlesearchstring) {
case '*':
$sql = 'SELECT @serachtarget AS name, @serachfield AS field, `id` AS `objectid` FROM ' . prefix($tbl) . ' WHERE (' . "COALESCE(`{$fieldname}`, '') != ''" . ') ORDER BY `id`';
break;
default:
if ($this->pattern['type'] == 'like') {
$target = db_LIKE_escape($singlesearchstring);
} else {
$target = $singlesearchstring;
}
$fieldsql = ' `' . $fieldname . '` ' . strtoupper($this->pattern['type']) . ' ' . db_quote($this->pattern['open'] . $target . $this->pattern['close']);
$sql = 'SELECT @serachtarget AS name, @serachfield AS field, `id` AS `objectid` FROM ' . prefix($tbl) . ' WHERE (' . $fieldsql . ') ORDER BY `id`';
}
$objects = query_full_array($sql, false);
if (is_array($objects)) {
$field_objects = array_merge($field_objects, $objects);
}
}
}
}
}
}
// now do the boolean logic of the search string
$exact = $tagPattern['type'] == '=';
$objects = array_merge($tag_objects, $field_objects);
if (count($objects) != 0) {
$tagid = '';
$taglist = array();
foreach ($objects as $object) {
$tagid = strtolower($object['name']);
if (!isset($taglist[$tagid]) || !is_array($taglist[$tagid])) {
$taglist[$tagid] = array();
}
$taglist[$tagid][] = $object['objectid'];
}
$op = '';
$idstack = array();
$opstack = array();
while (count($searchstring) > 0) {
$singlesearchstring = array_shift($searchstring);
switch ($singlesearchstring) {
case '&':
case '!':
case '|':
$op = $op . $singlesearchstring;
break;
case '(':
array_push($idstack, $idlist);
array_push($opstack, $op);
$idlist = array();
$op = '';
break;
case ')':
$objectid = $idlist;
$idlist = array_pop($idstack);
$op = array_pop($opstack);
switch ($op) {
case '&':
if (is_array($objectid)) {
$idlist = array_intersect($idlist, $objectid);
} else {
$idlist = array();
}
break;
case '!':
break;
// Paren followed by NOT is nonsensical?
// Paren followed by NOT is nonsensical?
case '&!':
if (is_array($objectid)) {
$idlist = array_diff($idlist, $objectid);
}
break;
case '':
case '|':
if (is_array($objectid)) {
$idlist = array_merge($idlist, $objectid);
}
break;
}
$op = '';
break;
default:
$lookfor = strtolower($singlesearchstring);
$objectid = NULL;
foreach ($taglist as $key => $objlist) {
if ($exact && $lookfor == $key || !$exact && preg_match('|' . preg_quote($lookfor) . '|', $key)) {
if (is_array($objectid)) {
$objectid = array_merge($objectid, $objlist);
} else {
$objectid = $objlist;
}
}
}
switch ($op) {
case '&':
if (is_array($objectid)) {
$idlist = array_intersect($idlist, $objectid);
} else {
$idlist = array();
}
break;
case '!':
if (is_null($allIDs)) {
$allIDs = array();
$result = query("SELECT `id` FROM " . prefix($tbl));
if ($result) {
while ($row = db_fetch_assoc($result)) {
$allIDs[] = $row['id'];
}
db_free_result($result);
}
}
if (is_array($objectid)) {
$idlist = array_merge($idlist, array_diff($allIDs, $objectid));
}
break;
case '&!':
if (is_array($objectid)) {
$idlist = array_diff($idlist, $objectid);
}
break;
case '':
case '|':
if (is_array($objectid)) {
$idlist = array_merge($idlist, $objectid);
}
break;
}
$op = '';
break;
}
}
}
// we now have an id list of the items that were found and will create the SQL Search to retrieve their records
if (count($idlist) > 0) {
$weights = array_count_values($idlist);
arsort($weights, SORT_NUMERIC);
$sql = 'SELECT DISTINCT `id`,`show`,';
switch ($tbl) {
case 'news':
if ($this->search_unpublished || zp_loggedin(MANAGE_ALL_NEWS_RIGHTS)) {
$show = '';
} else {
$show = "`show` = 1 AND ";
}
$sql .= '`titlelink` ';
if (is_array($this->category_list)) {
$news_list = $this->subsetNewsCategories();
$idlist = array_intersect($news_list, $idlist);
if (count($idlist) == 0) {
return array(false, array());
}
}
if (empty($sorttype)) {
$key = '`date` DESC';
} else {
$key = trim($sorttype . $sortdirection);
}
if ($show) {
$show .= '`date`<=' . db_quote(date('Y-m-d H:i:s')) . ' AND ';
}
break;
case 'pages':
if (zp_loggedin(MANAGE_ALL_PAGES_RIGHTS)) {
$show = '';
} else {
$show = "`show` = 1 AND ";
}
$sql .= '`titlelink` ';
if ($show) {
$show .= '`date`<=' . db_quote(date('Y-m-d H:i:s')) . ' AND ';
}
$key = '`sort_order`';
break;
case 'albums':
if ($this->search_unpublished || zp_loggedin()) {
$show = '';
} else {
$show = "`show` = 1 AND ";
}
$sql .= "`folder`, `title` ";
if (is_null($sorttype)) {
if (empty($this->album)) {
list($key, $sortdirection) = $this->sortKey($_zp_gallery->getSortType(), $sortdirection, 'title', 'albums');
if ($_zp_gallery->getSortDirection()) {
$key .= " DESC";
}
} else {
$key = $this->album->getAlbumSortKey();
if ($key != '`sort_order`' && $key != 'RAND()') {
if ($this->album->getSortDirection('album')) {
$key .= " DESC";
}
}
}
} else {
list($key, $sortdirection) = $this->sortKey($sorttype, $sortdirection, 'title', 'albums');
$key = trim($key . ' ' . $sortdirection);
}
break;
default:
// images
if ($this->search_unpublished || zp_loggedin()) {
$show = '';
} else {
$show = "`show` = 1 AND ";
}
$sql .= "`albumid`, `filename`, `title` ";
if (is_null($sorttype)) {
if (empty($this->album)) {
list($key, $sortdirection) = $this->sortKey($sorttype, $sortdirection, 'title', 'images');
if ($sortdirection) {
$key .= " DESC";
}
} else {
$key = $this->album->getImageSortKey();
if ($key != '`sort_order`') {
if ($this->album->getSortDirection('image')) {
$key .= " DESC";
}
}
}
} else {
list($key, $sortdirection) = $this->sortKey($sorttype, $sortdirection, 'title', 'images');
$key = trim($key . ' ' . $sortdirection);
}
break;
}
$sql .= "FROM " . prefix($tbl) . " WHERE " . $show;
$sql .= '(' . self::compressedIDList($idlist) . ')';
$sql .= " ORDER BY " . $key;
return array($sql, $weights);
}
return array(false, array());
}
if ($resource) {
$result = array();
while ($row = db_fetch_assoc($resource)) {
$result[] = $row;
}
} else {
$result = false;
}
$tables = array();
$table_cleared = array();
if (is_array($result)) {
foreach ($result as $row) {
$table = array_shift($row);
$tables[$table] = array();
$table_cleared[$table] = false;
$result2 = db_list_fields(str_replace($prefix, '', $table));
if (is_array($result2)) {
foreach ($result2 as $row) {
$tables[$table][] = $row['Field'];
}
}
}
}
$success = 0;
$string = getrow($handle);
while (substr($string, 0, strlen(HEADER)) == HEADER) {
$string = substr($string, strlen(HEADER));
$i = strpos($string, '=');
$type = substr($string, 0, $i);
$what = substr($string, $i + 1);
switch ($type) {
echo str_replace($prefix, '', $table);
?>
</a></h3>
<table id = "t_<?php
echo $i;
?>
" class="bordered" <?php
if ($i > 1) {
?>
style="display: none;" <?php
}
?>
>
<tr>
<?php
$cols = $tablecols = db_list_fields(str_replace($prefix, '', $table), true);
$cols = array_shift($cols);
foreach ($cols as $col => $value) {
?>
<th><?php
echo $col;
?>
</th>
<?php
}
?>
</tr>
<?php
//echo "<pre>"; print_r($tablecols); echo "</pre>";
$rowcount = 0;
foreach ($tablecols as $col) {
$fieldlist = array();
if (strpos($tableslist, $_zp_conf_vars['mysql_prefix'] . 'images') !== false) {
$columns = db_list_fields('images');
if ($columns) {
foreach ($columns as $col => $utf8) {
if (!is_null($row['Collation']) && $row['Collation'] != 'utf8_unicode_ci') {
$fields = $fields | 1;
$fieldlist[] = '<code>images->' . $col . '</code>';
}
}
} else {
$fields = 4;
}
}
if (strpos($tableslist, $_zp_conf_vars['mysql_prefix'] . 'albums') !== false) {
$columns = db_list_fields('albums');
if ($columns) {
foreach ($columns as $col => $utf8) {
if (!is_null($row['Collation']) && $row['Collation'] != 'utf8_unicode_ci') {
$fields = $fields | 2;
$fieldlist[] = '<code>albums->' . $col . '</code>';
}
}
} else {
$fields = 4;
}
}
$err = -1;
switch ($fields) {
case 0:
// all is well
/**
* Returns a sort field part for querying
* Note: $sorttype may be a comma separated list of field names. If so,
* these are peckmarked and returned otherwise unchanged.
*
* @param string $sorttype the 'Display" name of the sort
* @param string $default the default if $sorttype is empty
* @param string $table the database table being used.
* @return string
*/
function lookupSortKey($sorttype, $default, $table)
{
global $_zp_fieldLists;
switch (strtolower($sorttype)) {
case 'random':
return 'RAND()';
case "manual":
return 'sort_order';
case "filename":
switch ($table) {
case 'images':
return 'filename';
case 'albums':
return 'folder';
}
default:
if (empty($sorttype)) {
return $default;
}
if (substr($sorttype, 0) == '(') {
return $sorttype;
}
if (is_array($_zp_fieldLists) && isset($_zp_fieldLists[$table])) {
$dbfields = $_zp_fieldLists[$table];
} else {
$result = db_list_fields($table);
$dbfields = array();
if ($result) {
foreach ($result as $row) {
$dbfields[strtolower($row['Field'])] = $row['Field'];
}
}
$_zp_fieldLists[$table] = $dbfields;
}
$sorttype = strtolower($sorttype);
$list = explode(',', $sorttype);
$fields = array();
// Critical for preventing SQL injection: only return parts of
// the custom sort that are exactly equal to database fields.
foreach ($list as $key => $field) {
$field = trim($field);
if (array_key_exists($field, $dbfields)) {
$fields[$key] = trim($dbfields[$field]);
}
}
return implode(',', $fields);
}
}
function __construct()
{
if (OFFSET_PATH == 2) {
$present = array('albums' => 0, 'images' => 0, 'news' => 0, 'pages' => 0, 'news_categories' => 0);
foreach ($present as $table => $v) {
$tablecols = db_list_fields($table);
foreach ($tablecols as $key => $datum) {
if ($datum['Field'] == 'custom_data') {
$present[$table] = 1 + (int) (!empty($datum['Comment']));
}
}
}
if (extensionEnabled('customdata')) {
setOptionDefault('customDataAlbums', $present['albums']);
setOptionDefault('customDataImages', $present['images']);
setOptionDefault('customDataNews', $present['news']);
setOptionDefault('customDataPages', $present['pages']);
setOptionDefault('customDataCategories', $present['news_categories']);
} else {
purgeOption('customDataAlbums');
purgeOption('customDataImages');
purgeOption('customDataNews');
purgeOption('customDataPages');
purgeOption('customDataCategories');
}
if (getOption('customDataAlbums')) {
if (!$present['albums']) {
setupQuery('ALTER TABLE ' . prefix('albums') . " ADD COLUMN `custom_data` TEXT COMMENT 'optional_customData'");
}
} else {
if ($present['albums']) {
setupQuery('ALTER TABLE ' . prefix('albums') . ' DROP `custom_data`');
}
}
if (getOption('customDataImages')) {
if (!$present['images']) {
setupQuery('ALTER TABLE ' . prefix('images') . " ADD COLUMN `custom_data` TEXT COMMENT 'optional_customData'");
}
} else {
if ($present['images']) {
setupQuery('ALTER TABLE ' . prefix('images') . ' DROP `custom_data`');
}
}
if (getOption('customDataNews')) {
if (!$present['news']) {
setupQuery('ALTER TABLE ' . prefix('news') . " ADD COLUMN `custom_data` TEXT COMMENT 'optional_customData'");
}
} else {
if ($present['news']) {
setupQuery('ALTER TABLE ' . prefix('news') . ' DROP `custom_data`');
}
}
if (getOption('customDataPages')) {
if (!$present['pages']) {
setupQuery('ALTER TABLE ' . prefix('pages') . " ADD COLUMN `custom_data` TEXT COMMENT 'optional_customData'");
}
} else {
if ($present['pages']) {
setupQuery('ALTER TABLE ' . prefix('pages') . ' DROP `custom_data`');
}
}
if (getOption('customDataCategories')) {
if (!$present['news_categories']) {
setupQuery('ALTER TABLE ' . prefix('news_categories') . " ADD COLUMN `custom_data` TEXT COMMENT 'optional_customData'");
}
} else {
if ($present['news_categories']) {
setupQuery('ALTER TABLE ' . prefix('news_categories') . ' DROP `custom_data`');
}
}
}
}
/**
* Returns a sort field part for querying
* Note: $sorttype may be a comma separated list of field names. If so,
* these are peckmarked and returned otherwise unchanged.
*
* @param string $sorttype the 'Display" name of the sort
* @param string $default the default if $sorttype is empty
* @param string $table the database table being used.
* @return string
*/
function lookupSortKey($sorttype, $default, $table)
{
global $_zp_fieldLists;
switch (strtolower($sorttype)) {
case 'random':
return 'RAND()';
case "manual":
return '`sort_order`';
case "filename":
switch ($table) {
case 'images':
return '`filename`';
case 'albums':
return '`folder`';
}
default:
if (empty($sorttype)) {
return '`' . $default . '`';
}
if (substr($sorttype, 0) == '(') {
return $sorttype;
}
if (is_array($_zp_fieldLists) && isset($_zp_fieldLists[$table])) {
$dbfields = $_zp_fieldLists[$table];
} else {
$result = db_list_fields($table);
$dbfields = array();
if ($result) {
foreach ($result as $row) {
$dbfields[strtolower($row['Field'])] = $row['Field'];
}
}
$_zp_fieldLists[$table] = $dbfields;
}
$sorttype = strtolower($sorttype);
$list = explode(',', $sorttype);
foreach ($list as $key => $field) {
if (array_key_exists($field, $dbfields)) {
$list[$key] = '`' . trim($dbfields[$field]) . '`';
}
}
return implode(',', $list);
}
}
function db_fetch_one($sql, $bind = null)
{
$query = is_string($sql) ? db_query($sql, $bind) : $sql;
$data = null;
if ($query) {
if ($query instanceof mysqli_stmt) {
$vars = db_list_fields($query);
$size = count($vars);
$args = $vars;
for ($i = 0; $i < $size; $i++) {
$args[$i] =& $args[$i];
}
call_user_func_array('mysqli_stmt_bind_result', array_merge(array($query), $args));
if (mysqli_stmt_fetch($query)) {
$data = array();
for ($i = 0; $i < $size; $i++) {
$data[$vars[$i]] = $args[$i];
}
}
} else {
$data = mysqli_fetch_array($query, MYSQLI_ASSOC);
}
db_free_result($query);
}
return $data;
}
echo $table;
?>
</a></h3>
<table id = "t_<?php
echo $i;
?>
" class="bordered" <?php
if ($i > 1) {
?>
style="display: none;" <?php
}
?>
>
<tr>
<?php
$cols = $tablecols = db_list_fields($table);
$cols = array_shift($cols);
foreach ($cols as $col => $value) {
?>
<th><?php
echo $col;
?>
</th>
<?php
}
?>
</tr>
<?php
$rowcount = 0;
foreach ($tablecols as $col) {
$rowcount++;
function setBackup()
{
global $dbname, $dbh;
global $PARAM, $SUBS, $MSG, $MONTHS;
if (!is_dir(getAdmSetting('BACKUP_DIR'))) {
MkDir(getAdmSetting('BACKUP_DIR'), 0777);
}
if ($PARAM['upload'] == 1) {
global $bckFile, $bckFile_name;
if ($bckFile_name == '') {
$SUBS['ERROR'] = $MSG[20108];
$SUBS['BACKUP_ERROR'] = fileParse('_admin_error.htmlt');
} else {
if (!($UPLOAD = @file($bckFile))) {
setLogAndStatus("Reading", $bckFile, 0, "setBackup()", 'READ_UPLOAD');
}
$file = date('d F Y H_i_s');
$filename = getAdmSetting('BACKUP_DIR') . "/{$file}.sql";
$upload = '## ' . $MSG[20109] . date(' d F Y H:i:s') . "\n";
$upload .= "## {$MSG['20110']} {$bckFile_name}\n";
$upload .= join('', $UPLOAD);
if (!($fp = fopen($filename, 'w'))) {
setLogAndStatus("Opening", $filename, 0, "setBackup()", 'OPEN_FILE');
}
fwrite($fp, $upload);
fclose($fp);
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20050";
printPage('_admin_done.htmlt');
return;
}
}
//export database backup
if ($PARAM['export'] == 1) {
$file = date('d F Y H_i_s');
$filename = getAdmSetting('BACKUP_DIR') . "/{$file}.sql";
if (!($fp = fopen($filename, 'w'))) {
setLogAndStatus("Opening", 0, $filename, "setBackup()", 'OPEN_FILE');
}
//write comments if any
if ($PARAM['bckComments'] != '') {
$comments = '##' . ereg_replace("\n", "\n##", $PARAM['bckComments']) . "\n";
fwrite($fp, $comments);
}
if (!($res = db_list_tables($dbname, $dbh))) {
setLogAndStatus("db_list_tables()", 0, $dbname, "setBackup()", 'LIST_TABLES');
}
$num_tables = db_num_rows($res);
$i = 0;
while ($i < $num_tables) {
$table = db_tablename($res, $i);
$fields = db_list_fields($dbname, $table, $dbh);
$columns = db_num_fields($fields);
$tablelist = '';
for ($j = 0; $j < $columns; $j++) {
if ($columns - $j == 1) {
$tablelist .= db_field_name($fields, $j);
} else {
$tablelist .= db_field_name($fields, $j) . ',';
}
}
$schema = "REPLACE INTO {$table} ({$tablelist}) VALUES (";
$query = "SELECT * FROM {$dbname}.{$table}";
$result = runQuery($query, 'setBackup()', 'SELECT_TABLES');
while ($row = db_fetch_row($result)) {
$schema_insert = '';
for ($j = 0; $j < $columns; $j++) {
if (!isset($row[$j])) {
$schema_insert .= ' NULL,';
} else {
$schema_insert .= ' ' . dbQuote($row[$j]) . ',';
}
}
$schema_insert = $schema . ereg_replace(',$', '', $schema_insert);
$schema_insert .= ");\r\n";
fwrite($fp, $schema_insert);
}
$i++;
}
fclose($fp);
// the ZIP thing --------------------
$fp = fopen($filename, "rb");
$data = fread($fp, filesize($filename));
fclose($fp);
$name = array(baseName($filename));
$data = array($data);
$content = makezip($name, $data);
$fp = fopen('./zip/' . basename($filename) . '.ZIP', "wb");
fputs($fp, $content);
fclose($fp);
// the ZIP thing --------------------
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20052";
printPage('_admin_done.htmlt');
return;
}
//prepare for import or delete
$backups = opendir(getAdmSetting('BACKUP_DIR'));
while (($file = readdir($backups)) != false) {
if (!is_dir($file)) {
$BCKUPS[eregi_replace('[^a-z0-9]', '_', $file)] = getAdmSetting('BACKUP_DIR') . "/{$file}";
}
}
closedir($backups);
reset($PARAM);
while (list($k, $v) = each($PARAM)) {
if (ereg('^bck_(.*)$', $k, $R)) {
$BACKUPS[] = $R[1];
}
}
reset($PARAM);
//delete backups
if ($PARAM['delete'] == 1) {
if (count($BACKUPS) == 0) {
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20008";
printPage('_admin_done.htmlt');
return;
}
for ($i = 0; $i < count($BACKUPS); $i++) {
if (!@unlink($BCKUPS[$BACKUPS[$i]])) {
setLogAndStatus("Deleting", $BCKUPS[$BACKUPS[$i]], "setBackup()", 'DEL_BACKUP');
}
}
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20054";
printPage('_admin_done.htmlt');
return;
}
//import database backup
if ($PARAM['import'] == 1) {
if (count($BACKUPS) > 1) {
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20053";
printPage('_admin_done.htmlt');
return;
}
if (count($BACKUPS) == 0) {
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20008";
printPage('_admin_done.htmlt');
return;
}
//get backup file
$file = fread(fopen($BCKUPS[$BACKUPS[0]], 'r'), filesize($BCKUPS[$BACKUPS[0]]));
////---- [Mrasnika's] Edition 21.03.2002
split_sql_file($BACKUP, $file);
//reset tables
if (!($res = db_list_tables($dbname, $dbh))) {
setLogAndStatus("db_list_tables()", 1, $dbname, "databaseBackup()", 'LIST_TABLES_2');
}
$num_tables = db_num_rows($res);
$i = 0;
while ($i < $num_tables) {
$table = db_tablename($res, $i);
$query = "DELETE FROM {$dbname}.{$table}";
$result = runQuery($query, 'setBackup()', 'RESET_TABLES');
$i++;
}
//fill tables
while (list($k, $query) = each($BACKUP)) {
if (!ereg('^#', $query)) {
if (!($result = db_query($query, $dbh))) {
setLogAndStatus($query, db_errno($dbh), db_error($dbh), "databaseBackup()", 'RESTORE_DB');
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20055";
printPage('_admin_done.htmlt');
return;
}
}
}
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20056";
printPage('_admin_done.htmlt');
return;
}
$backups = opendir(getAdmSetting('BACKUP_DIR'));
$last = 0;
while (($file = readdir($backups)) != false) {
if (!is_dir($file)) {
$date = stat(getAdmSetting('BACKUP_DIR') . "/{$file}");
if ($last < $date[9]) {
$month = intval(date('m'));
$SUBS['LAST'] = $MSG[20051] . date(' d ', $date[9]) . $MONTHS[$month] . date(' Y H.i.s', $date[9]);
}
$SUBS['SIZE'] = sprintf('%0.2f KB', $date[7] / 1024);
$SUBS['NAME'] = eregi_replace('_', ':', $file);
$SUBS['CHECK'] = eregi_replace('[^a-z0-9]', '_', $file);
//checkbox name
$SUBS['WHERE'] = getAdmSetting('BACKUP_DIR') . "/{$file}";
if (!($BACKUP = @file(getAdmSetting('BACKUP_DIR') . "/{$file}"))) {
setLogAndStatus("Reading", 0, getAdmSetting('BACKUP_DIR') . "/{$file}", "setBackup()", 'READ_FILE');
}
$comments = '';
//get comments from the beginning of the file
for ($i = 0; $i < count($BACKUP); $i++) {
if (eregi('^##(.*)$', $BACKUP[$i], $R)) {
$comments .= $R[1];
}
}
if ($comments != '') {
$SUBS['COMMENTS'] = ' ' . ereg_replace("\n", '<BR> ', htmlEncode($comments));
$SUBS['COMMENTS'] = ereg_replace('<BR> $', '', $SUBS['COMMENTS']);
} else {
$SUBS['COMMENTS'] = '';
}
$SUBS['BACKUPS'] .= fileParse('_admin_backup_row.htmlt');
}
}
closedir($backups);
if ($PARAM['err'] != '') {
$SUBS['ERROR'] = $MSG[$PARAM['err']];
$SUBS['BACKUP_ERROR'] = fileParse('_admin_error.htmlt');
}
printPage('_admin_backup.htmlt');
}
/**
* Load the data array from the database, using the unique id set to get the unique record.
*
* @param bool $allowCreate set to true to enable new object creation.
* @return false if the record already exists, true if a new record was created.
*/
private function load($allowCreate)
{
$new = $entry = null;
// First, try the cache.
if ($this->use_cache) {
$entry = $this->getFromCache();
}
// Check the database if: 1) not using cache, or 2) didn't get a hit.
if (empty($entry) && !$this->transient) {
$sql = 'SELECT * FROM ' . prefix($this->table) . getWhereClause($this->unique_set) . ' LIMIT 1;';
$entry = query_single_row($sql, false);
// Save this entry into the cache so we get a hit next time.
if ($entry) {
$this->addToCache($entry);
}
}
// If we don't have an entry yet, this is a new record. Create it.
if (empty($entry)) {
if ($this->transient || !$allowCreate) {
// no don't save it in the DB!
// populate $this->data so that the set method will work correctly
$result = db_list_fields($this->table);
if ($result) {
foreach ($result as $row) {
$this->data[$row['Field']] = NULL;
}
}
if ($allowCreate) {
$entry = array_merge($this->data, $this->unique_set);
$entry['id'] = 0;
$this->addToCache($entry);
} else {
return NULL;
// does not exist and we are not allowed to create it
}
} else {
$new = true;
$this->save();
$entry = query_single_row($sql);
// If we still don't have an entry, something went wrong...
if (!$entry) {
return null;
}
// Save this new entry into the cache so we get a hit next time.
$this->addToCache($entry);
}
}
$this->data = $entry;
$this->id = (int) $entry['id'];
$this->loaded = true;
return $new;
}