/** * display block */ function template_firstblock_display($blockinfo) { // Security check if (!pnSecAuthAction(0, 'Template:Firstblock:', "{$blockinfo['title']}::", ACCESS_READ)) { return; } // Get variables from content block $vars = pnBlockVarsFromContent($blockinfo['content']); // Defaults if (empty($vars['numitems'])) { $vars['numitems'] = 5; } // Database information pnModDBInfoLoad('Template'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $templatetable = $pntable['template']; $templatecolumn =& $pntable['template_column']; // Query $sql = "SELECT {$templatecolumn['tid']},\n {$templatecolumn['name']}\n FROM {$templatetable}\n ORDER by {$templatecolumn['name']}"; $result = $dbconn->SelectLimit($sql, $vars['numitems']); if ($dbconn->ErrorNo() != 0) { return; } if ($result->EOF) { return; } // Create output object $output = new pnHTML(); // Display each item, permissions permitting for (; !$result->EOF; $result->MoveNext()) { list($tid, $name) = $result->fields; if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_OVERVIEW)) { if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) { $output->URL(pnModURL('Template', 'user', 'viewdetail', array('tid' => $tid)), $name); } else { $output->Text($name); } $output->Linebreak(); } } // Populate block info and pass to theme $blockinfo['content'] = $output->GetOutput(); return themesideblock($blockinfo); }
function mediashare_searchapi_search($args) { $dom = ZLanguage::getModuleDomain('mediashare'); pnModDBInfoLoad('mediashare'); pnModDBInfoLoad('Search'); $pntable = pnDBGetTables(); $mediaTable = $pntable['mediashare_media']; $mediaColumn = $pntable['mediashare_media_column']; $albumsTable = $pntable['mediashare_albums']; $albumsColumn = $pntable['mediashare_albums_column']; $searchTable = $pntable['search_result']; $searchColumn = $pntable['search_result_column']; $sessionId = session_id(); // Find accessible albums $accessibleAlbumSql = pnModAPIFunc('mediashare', 'user', 'getAccessibleAlbumsSql', array('access' => mediashareAccessRequirementViewSomething, 'field' => "media.{$mediaColumn['parentAlbumId']}")); $albumText = __('Multimedia file in album: ', $dom); $sql = "\nINSERT INTO {$searchTable}\n ({$searchColumn['title']},\n {$searchColumn['text']},\n {$searchColumn['module']},\n {$searchColumn['extra']},\n {$searchColumn['created']},\n {$searchColumn['session']})\nSELECT CONCAT(media.{$mediaColumn['title']}, ' [{$albumText}', album.{$albumsColumn['title']}, ']'),\n media.{$mediaColumn['description']},\n 'mediashare',\n CONCAT(album.{$albumsColumn['id']}, ':', media.{$mediaColumn['id']}),\n media.{$mediaColumn['createdDate']},\n '{$sessionId}'\nFROM {$mediaTable} media\nINNER JOIN {$albumsTable} album\n ON album.{$albumsColumn['id']} = media.{$mediaColumn['parentAlbumId']}\nWHERE ({$accessibleAlbumSql}) AND "; $sql .= search_construct_where($args, array("media.{$mediaColumn['title']}", "media.{$mediaColumn['description']}", "media.{$mediaColumn['keywords']}")); $dbresult = DBUtil::executeSQL($sql); if (!$dbresult) { return LogUtil::registerError(__('Error! Could not load items.', $dom)); } return true; }
/** * get a list of user information * * @public * @return array array of user arrays */ function pnUserGetAll() { $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); pnModDBInfoLoad('Users'); $userstable = $pntable['users']; $userscolumn =& $pntable['users_column']; $sql = "SELECT {$userscolumn['uname']},\n {$userscolumn['uid']},\n {$userscolumn['name']},\n {$userscolumn['email']},\n {$userscolumn['url']},\n {$userscolumn['user_avatar']}\n FROM {$userstable}"; $result =& $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return; } if ($result->EOF) { return false; } $resarray = array(); while (!$result->EOF) { list($uname, $uid, $name, $email, $url, $user_avatar) = $result->fields; $result->MoveNext(); $resarray[$uid] = array('uname' => $uname, 'uid' => $uid, 'name' => $name, 'email' => $email, 'url' => $url, 'avatar' => $user_avatar); } $result->Close(); return $resarray; }
/** * get authorisation information for this user * * @public * @return array two element array of user and group permissions */ function pnSecGetAuthInfo() { // Load the groups db info pnModDBInfoLoad('Groups'); pnModDBInfoLoad('Permissions'); $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // Tables we use $userpermtable = $pntable['user_perms']; $userpermcolumn =& $pntable['user_perms_column']; $groupmembershiptable = $pntable['group_membership']; $groupmembershipcolumn =& $pntable['group_membership_column']; $grouppermtable = $pntable['group_perms']; $grouppermcolumn =& $pntable['group_perms_column']; $realmtable = $pntable['realms']; $realmcolumn =& $pntable['realms_column']; // Empty arrays $userperms = array(); $groupperms = array(); $uids[] = -1; // Get user ID if (!pnUserLoggedIn()) { // Unregistered UID $uids[] = 0; $vars['Active User'] = '******'; } else { $uids[] = pnUserGetVar('uid'); $vars['Active User'] = pnUserGetVar('uid'); } $uids = implode(",", $uids); // Get user permissions $query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); //itevo $component = fixsecuritystring($component); $instance = fixsecuritystring($instance); $userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level); } // Get all groups that user is in $query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } $usergroups[] = -1; if (!pnUserLoggedIn()) { // Unregistered GID $usergroups[] = 0; } while (list($gid) = $result->fields) { $result->MoveNext(); $usergroups[] = $gid; } $usergroups = implode(",", $usergroups); // Get all group permissions $query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); //itevo $component = fixsecuritystring($component); $instance = fixsecuritystring($instance); // Search/replace of special names preg_match_all("/<([^>]+)>/", $instance, $res); for ($i = 0; $i < count($res[1]); $i++) { $instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1); } $groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level); } // we've now got the permissions info $GLOBALS['authinfogathered'] = 1; return array($userperms, $groupperms); }
/** * load a module * @param name - name of module to load * @param type - type of functions to load * @returns string * @return name of module loaded, or false on failure */ function pnModLoad($modname, $type = 'user') { static $loaded = array(); if (empty($modname)) { return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $modulestable = $pntable['modules']; $modulescolumn =& $pntable['modules_column']; if (!empty($loaded["{$modname}{$type}"])) { // Already loaded from somewhere else return $modname; } $query = "SELECT {$modulescolumn['directory']},\n {$modulescolumn['state']}\n FROM {$modulestable}\n WHERE {$modulescolumn['name']} = '" . pnVarPrepForStore($modname) . "'"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return; } if ($result->EOF) { return false; } list($directory, $state) = $result->fields; $result->Close(); // Load the module and module language files list($osdirectory, $ostype) = pnVarPrepForOS($directory, $type); $osfile = "modules/{$osdirectory}/pn{$ostype}.php"; if (!file_exists($osfile)) { // File does not exist return false; } // Load file include $osfile; $loaded["{$modname}{$type}"] = 1; $defaultlang = pnConfigGetVar('language'); if (empty($defaultlang)) { $defaultlang = 'eng'; } $currentlang = pnUserGetLang(); if (file_exists("modules/{$osdirectory}/pnlang/{$currentlang}/{$ostype}.php")) { include "modules/{$osdirectory}/pnlang/" . pnVarPrepForOS($currentlang) . "/{$ostype}.php"; } elseif (file_exists("modules/{$directory}/pnlang/{$defaultlang}/{$ostype}.php")) { include "modules/{$osdirectory}/pnlang/" . pnVarPrepForOS($defaultlang) . "/{$ostype}.php"; } // Load datbase info pnModDBInfoLoad($modname, $directory); // Return the module name return $modname; }
/** * get block information * @param title the block title * @return array array of block information */ function pnBlockGetInfoByTitle($title = null) { if (empty($title)) { return; } static $blocks; // load the db info if required pnModDBInfoLoad('Blocks'); if (empty($blocks[$title])) { $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $blockstable = $pntable['blocks']; $blockscolumn =& $pntable['blocks_column']; $sql = "SELECT {$blockscolumn['title']},\n\t\t\t\t\t {$blockscolumn['bkey']},\n\t\t\t\t\t {$blockscolumn['title']},\n\t\t\t\t\t {$blockscolumn['content']},\n\t\t\t\t\t {$blockscolumn['url']},\n\t\t\t\t\t {$blockscolumn['position']},\n\t\t\t\t\t {$blockscolumn['weight']},\n\t\t\t\t\t {$blockscolumn['active']},\n \t {$blockscolumn['collapsable']},\n \t {$blockscolumn['defaultstate']},\n\t\t\t\t\t {$blockscolumn['refresh']},\n\t\t\t\t\t {$blockscolumn['last_update']},\n\t\t\t\t\t {$blockscolumn['blanguage']},\n\t\t\t\t\t {$blockscolumn['mid']},\n\t\t\t\t\t {$blockscolumn['bid']}\n\t\t\t\tFROM {$blockstable}"; // WHERE $blockscolumn[title] = '" .pnVarPrepForStore($title)."' "; $result =& $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return; } while (!$result->EOF) { list($restitle, $resarray['bkey'], $resarray['title'], $resarray['content'], $resarray['url'], $resarray['position'], $resarray['weight'], $resarray['active'], $resarray['collapsable'], $resarray['defaultstate'], $resarray['refresh'], $resarray['last_update'], $resarray['language'], $resarray['mid'], $resarray['bid']) = $result->fields; $resarray['unix_update'] = $result->UnixTimeStamp($resarray['last_update']); // Move that ADOdb pointer ! $result->MoveNext(); $blocks[$restitle] = $resarray; } $result->Close(); } if (isset($blocks[$title])) { return $blocks[$title]; } else { return; } }
/** * upgrade a module */ function modules_adminapi_upgrade($args) { // 20021216 fixed the fix : larsneo (thx to cmgrote and jojodee) // Get arguments from argument array extract($args); // Argument check if (!isset($mid) || !is_numeric($mid)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Get module information $modinfo = pnModGetInfo($mid); if (empty($modinfo)) { pnSessionSetVar('errormsg', _MODNOSUCHMOD); return false; } // Get module database info pnModDBInfoLoad($modinfo['name'], $modinfo['directory']); // Module upgrade function $osdir = pnVarPrepForOS($modinfo['directory']); @(include "modules/{$osdir}/pninit.php"); $func = $modinfo['name'] . '_upgrade'; if (function_exists($func)) { if ($func($modinfo['version']) != true) { return false; } } // Update state of module if (!modules_adminapi_setstate(array('mid' => $mid, 'state' => _PNMODULE_STATE_INACTIVE))) { return false; } // BEGIN bugfix (561802) - cmgrote // Get the new version information... $modversion['version'] = '0'; @(include "modules/{$modinfo['directory']}/Version.php"); @(include "modules/{$modinfo['directory']}/pnversion.php"); $version = $modversion['version']; // Note the changes in the database... list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $modulestable = $pntable['modules']; $modulescolumn =& $pntable['modules_column']; $sql = "UPDATE {$modulestable}\n\t\t\tSET {$modulescolumn['version']} = '" . pnVarPrepForStore($modversion['version']) . "',\n\t\t\t\t{$modulescolumn['admin_capable']} = '" . pnVarPrepForStore($modversion['admin']) . "',\n\t\t\t\t{$modulescolumn['description']} = '" . pnVarPrepForStore($modversion['description']) . "'\n\t\t\tWHERE {$modulescolumn['id']} = " . pnVarPrepForStore($mid); $dbconn->Execute($sql); // END bugfix (561802) - cmgrote // Message pnSessionSetVar('errormsg', _MODULESAPIUPGRADED); // Success return true; }
function mediashare_userapi_getListCount($args) { $dom = ZLanguage::getModuleDomain('mediashare'); $keyword = isset($args['keyword']) ? $args['keyword'] : null; $uname = isset($args['uname']) ? $args['uname'] : null; $albumId = $args['albumId']; pnModDBInfoLoad('User'); // Ensure DB table info is available $pntable = pnDBGetTables(); $mediaTable = $pntable['mediashare_media']; $mediaColumn = $pntable['mediashare_media_column']; $albumsTable = $pntable['mediashare_albums']; $albumsColumn = $pntable['mediashare_albums_column']; $usersTable = $pntable['users']; $usersColumn = $pntable['users_column']; $keywordsTable = $pntable['mediashare_keywords']; $keywordsColumn = $pntable['mediashare_keywords_column']; // Find accessible albums $accessibleAlbumSql = pnModAPIFunc('mediashare', 'user', 'getAccessibleAlbumsSql', array('access' => mediashareAccessRequirementViewSomething, 'field' => "media.{$mediaColumn['parentAlbumId']}")); if (!$accessibleAlbumSql) { return false; } // Build simple restriction $restriction = array(); $join = array(); if ($uname != null) { $restriction[] = "users.{$usersColumn['uname']} = '" . DataUtil::formatForStore($uname) . "'"; $join[] = "INNER JOIN {$usersTable} users\r\n ON users.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}"; } if ($albumId != null) { $restriction[] = "album.{$albumsColumn['id']} = " . (int) $albumId; } $restrictionSql = count($restriction) > 0 ? ' AND ' . implode(' AND ', $restriction) : ''; $joinSql = count($join) > 0 ? implode(' ', $join) : ''; if ($keyword != null) { $sql = "SELECT COUNT(*)\r\n FROM {$keywordsTable} keyword\r\n INNER JOIN {$mediaTable} media\r\n ON media.{$mediaColumn['id']} = keyword.{$keywordsColumn['itemId']}\r\n AND keyword.{$keywordsColumn['type']} = 'media'\r\n INNER JOIN {$usersTable} usersx\r\n ON usersx.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}\r\n INNER JOIN {$albumsTable} album\r\n ON album.{$albumsColumn['id']} = media.{$mediaColumn['parentAlbumId']}\r\n {$joinSql}\r\n WHERE ({$accessibleAlbumSql})\r\n AND keyword.{$keywordsColumn['keyword']} = '" . DataUtil::formatForStore($keyword) . "'\r\n {$restrictionSql}"; $sql2 = "SELECT COUNT(*)\r\n FROM {$keywordsTable} keyword\r\n INNER JOIN {$albumsTable} album\r\n ON album.{$albumsColumn['id']} = keyword.{$keywordsColumn['itemId']}\r\n AND keyword.{$keywordsColumn['type']} = 'album'\r\n INNER JOIN {$mediaTable} media\r\n ON media.{$mediaColumn['id']} = album.{$albumsColumn['mainMediaId']}\r\n INNER JOIN {$usersTable} usersx\r\n ON usersx.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}\r\n {$joinSql}\r\n WHERE ({$accessibleAlbumSql})\r\n AND keyword.{$keywordsColumn['keyword']} = '" . DataUtil::formatForStore($keyword) . "'\r\n {$restrictionSql}"; } else { $sql = "SELECT COUNT(*)\r\n FROM {$mediaTable} media\r\n INNER JOIN {$usersTable} usersx\r\n ON usersx.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}\r\n INNER JOIN {$albumsTable} album\r\n ON album.{$albumsColumn['id']} = media.{$mediaColumn['parentAlbumId']}\r\n {$joinSql}\r\n WHERE ({$accessibleAlbumSql})\r\n {$restrictionSql}"; $sql2 = null; } $result = DBUtil::executeSQL($sql); if ($result === false) { return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('userapi.getListCount', 'Could not retrieve the list count.'), $dom)); } $result = DBUtil::marshallObjects($result, array('count')); $count = (int) $result[0]['count']; if ($sql2 != null) { $result = DBUtil::executeSQL($sql2); if ($result === false) { return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('userapi.getListCount', 'Could not retrieve the second list count.'), $dom)); } $result = DBUtil::marshallObjects($result, array('count')); $count += (int) $result[0]['count']; } return $count; }
function getAccessibleAlbumsSql($albumId, $access, $field) { // Admin can do everything if (SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) { return '1=1'; } // Forbidden read can do nothing if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_READ)) { return '1=0'; } $userId = (int) pnUserGetVar('uid'); // Make sure groups database info is available pnModDBInfoLoad('Groups'); $pntable = pnDBGetTables(); $albumsTable = $pntable['mediashare_albums']; $albumsColumn = $pntable['mediashare_albums_column']; $accessTable = $pntable['mediashare_access']; $accessColumn = $pntable['mediashare_access_column']; $membershipTable = $pntable['group_membership']; $membershipColumn = $pntable['group_membership_column']; $parentAlbumSql = ''; if ($albumId != null) { $parentAlbumSql = "{$albumsColumn['parentAlbumId']} = {$albumId} AND"; } $sql = "SELECT DISTINCT {$albumsColumn['id']}\n FROM {$albumsTable}\n LEFT JOIN {$accessTable}\n ON {$accessColumn['albumId']} = {$albumsColumn['id']}\n LEFT JOIN {$membershipTable}\n ON {$membershipColumn['gid']} = {$accessColumn['groupId']}\n AND {$membershipColumn['uid']} = {$userId}\n WHERE {$parentAlbumSql}\n (\n ({$accessColumn['access']} & {$access}) != 0 AND ({$membershipColumn['gid']} IS NOT NULL OR {$accessColumn['groupId']} = -1)\n OR {$albumsColumn['ownerId']} = {$userId}\n )"; $result = DBUtil::executeSQL($sql); if ($result === false) { return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('accessapi.getAccessibleAlbumsSql', 'Could not retrieve the accessible albums.'), $dom)); } $ids = DBUtil::marshallObjects($result, array('id')); $invitedAlbums = pnModAPIFunc('mediashare', 'invitation', 'getInvitedAlbums'); // collect all the accessible album IDs $albumids = array(); foreach ($ids as $id) { $albumids[] = (int) $id['id']; } if (is_array($invitedAlbums) && $access & mediashareAccessRequirementView) { foreach ($invitedAlbums as $invAlbumId => $ok) { if ($ok) { $albumids[] = (int) $invAlbumId; } } } // sintetize the query if (!empty($albumids)) { $albumids = "'" . implode("', '", $albumids) . "'"; } else { $albumids = ''; } return $albumids == '' ? '1=0' : "{$field} IN ({$albumids})"; }
/** * load a module * @author Jim McDonald <*****@*****.**> * @link http://www.mcdee.net * @param 'name' the name of the module * @param 'type' the type of functions to load * @param 'force' determines to load Module even if module isn't active * @return string name of module loaded, or false on failure */ function pnModLoad($modname, $type = 'user', $force = false) { // define input, all numbers and booleans to strings $modname = isset($modname) ? (string) $modname : ''; // validate if (!pnVarValidate($modname, 'mod')) { return false; } if (strtolower(substr($type, -3)) == 'api') { return false; } static $loaded = array(); if (!empty($loaded[strtolower("{$modname}{$type}")])) { // Already loaded from somewhere else return $modname; } // get the module info $modinfo = pnModGetInfo(pnModGetIDFromName($modname)); // check the modules state if (!$force && !pnModAvailable($modname) && pnModGetName() != 'Modules') { return false; } // Load the module and module language files list($osdirectory, $ostype) = pnVarPrepForOS($modinfo['directory'], $type); $mosfile = "modules/{$osdirectory}/pn{$ostype}.php"; $mosdir = "modules/{$osdirectory}/pn{$ostype}"; if (file_exists($mosfile)) { // Load the file from modules include $mosfile; } elseif (is_dir($mosdir)) { } else { // File does not exist return false; } $loaded[strtolower("{$modname}{$type}")] = 1; // load the module language file pnModLangLoad($modname, $type); // Load datbase info pnModDBInfoLoad($modname, $modinfo['directory']); // Return the module name return $modname; }