/**
* display block
*/
function template_firstblock_display($blockinfo)
{
// Security check
if (!pnSecAuthAction(0, 'Template:Firstblock:', "{$blockinfo['title']}::", ACCESS_READ)) {
return;
}
// Get variables from content block
$vars = pnBlockVarsFromContent($blockinfo['content']);
// Defaults
if (empty($vars['numitems'])) {
$vars['numitems'] = 5;
}
// Database information
pnModDBInfoLoad('Template');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Query
$sql = "SELECT {$templatecolumn['tid']},\n {$templatecolumn['name']}\n FROM {$templatetable}\n ORDER by {$templatecolumn['name']}";
$result = $dbconn->SelectLimit($sql, $vars['numitems']);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
return;
}
// Create output object
$output = new pnHTML();
// Display each item, permissions permitting
for (; !$result->EOF; $result->MoveNext()) {
list($tid, $name) = $result->fields;
if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_OVERVIEW)) {
if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) {
$output->URL(pnModURL('Template', 'user', 'viewdetail', array('tid' => $tid)), $name);
} else {
$output->Text($name);
}
$output->Linebreak();
}
}
// Populate block info and pass to theme
$blockinfo['content'] = $output->GetOutput();
return themesideblock($blockinfo);
}
function mediashare_searchapi_search($args)
{
$dom = ZLanguage::getModuleDomain('mediashare');
pnModDBInfoLoad('mediashare');
pnModDBInfoLoad('Search');
$pntable = pnDBGetTables();
$mediaTable = $pntable['mediashare_media'];
$mediaColumn = $pntable['mediashare_media_column'];
$albumsTable = $pntable['mediashare_albums'];
$albumsColumn = $pntable['mediashare_albums_column'];
$searchTable = $pntable['search_result'];
$searchColumn = $pntable['search_result_column'];
$sessionId = session_id();
// Find accessible albums
$accessibleAlbumSql = pnModAPIFunc('mediashare', 'user', 'getAccessibleAlbumsSql', array('access' => mediashareAccessRequirementViewSomething, 'field' => "media.{$mediaColumn['parentAlbumId']}"));
$albumText = __('Multimedia file in album: ', $dom);
$sql = "\nINSERT INTO {$searchTable}\n ({$searchColumn['title']},\n {$searchColumn['text']},\n {$searchColumn['module']},\n {$searchColumn['extra']},\n {$searchColumn['created']},\n {$searchColumn['session']})\nSELECT CONCAT(media.{$mediaColumn['title']}, ' [{$albumText}', album.{$albumsColumn['title']}, ']'),\n media.{$mediaColumn['description']},\n 'mediashare',\n CONCAT(album.{$albumsColumn['id']}, ':', media.{$mediaColumn['id']}),\n media.{$mediaColumn['createdDate']},\n '{$sessionId}'\nFROM {$mediaTable} media\nINNER JOIN {$albumsTable} album\n ON album.{$albumsColumn['id']} = media.{$mediaColumn['parentAlbumId']}\nWHERE ({$accessibleAlbumSql}) AND ";
$sql .= search_construct_where($args, array("media.{$mediaColumn['title']}", "media.{$mediaColumn['description']}", "media.{$mediaColumn['keywords']}"));
$dbresult = DBUtil::executeSQL($sql);
if (!$dbresult) {
return LogUtil::registerError(__('Error! Could not load items.', $dom));
}
return true;
}
/**
* get a list of user information
*
* @public
* @return array array of user arrays
*/
function pnUserGetAll()
{
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
pnModDBInfoLoad('Users');
$userstable = $pntable['users'];
$userscolumn =& $pntable['users_column'];
$sql = "SELECT {$userscolumn['uname']},\n {$userscolumn['uid']},\n {$userscolumn['name']},\n {$userscolumn['email']},\n {$userscolumn['url']},\n {$userscolumn['user_avatar']}\n FROM {$userstable}";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
return false;
}
$resarray = array();
while (!$result->EOF) {
list($uname, $uid, $name, $email, $url, $user_avatar) = $result->fields;
$result->MoveNext();
$resarray[$uid] = array('uname' => $uname, 'uid' => $uid, 'name' => $name, 'email' => $email, 'url' => $url, 'avatar' => $user_avatar);
}
$result->Close();
return $resarray;
}
/**
* get authorisation information for this user
*
* @public
* @return array two element array of user and group permissions
*/
function pnSecGetAuthInfo()
{
// Load the groups db info
pnModDBInfoLoad('Groups');
pnModDBInfoLoad('Permissions');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Tables we use
$userpermtable = $pntable['user_perms'];
$userpermcolumn =& $pntable['user_perms_column'];
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn =& $pntable['group_membership_column'];
$grouppermtable = $pntable['group_perms'];
$grouppermcolumn =& $pntable['group_perms_column'];
$realmtable = $pntable['realms'];
$realmcolumn =& $pntable['realms_column'];
// Empty arrays
$userperms = array();
$groupperms = array();
$uids[] = -1;
// Get user ID
if (!pnUserLoggedIn()) {
// Unregistered UID
$uids[] = 0;
$vars['Active User'] = '******';
} else {
$uids[] = pnUserGetVar('uid');
$vars['Active User'] = pnUserGetVar('uid');
}
$uids = implode(",", $uids);
// Get user permissions
$query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
$userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// Get all groups that user is in
$query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
$usergroups[] = -1;
if (!pnUserLoggedIn()) {
// Unregistered GID
$usergroups[] = 0;
}
while (list($gid) = $result->fields) {
$result->MoveNext();
$usergroups[] = $gid;
}
$usergroups = implode(",", $usergroups);
// Get all group permissions
$query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
// Search/replace of special names
preg_match_all("/<([^>]+)>/", $instance, $res);
for ($i = 0; $i < count($res[1]); $i++) {
$instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1);
}
$groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// we've now got the permissions info
$GLOBALS['authinfogathered'] = 1;
return array($userperms, $groupperms);
}
/**
* load a module
* @param name - name of module to load
* @param type - type of functions to load
* @returns string
* @return name of module loaded, or false on failure
*/
function pnModLoad($modname, $type = 'user')
{
static $loaded = array();
if (empty($modname)) {
return false;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$modulestable = $pntable['modules'];
$modulescolumn =& $pntable['modules_column'];
if (!empty($loaded["{$modname}{$type}"])) {
// Already loaded from somewhere else
return $modname;
}
$query = "SELECT {$modulescolumn['directory']},\n {$modulescolumn['state']}\n FROM {$modulestable}\n WHERE {$modulescolumn['name']} = '" . pnVarPrepForStore($modname) . "'";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
return false;
}
list($directory, $state) = $result->fields;
$result->Close();
// Load the module and module language files
list($osdirectory, $ostype) = pnVarPrepForOS($directory, $type);
$osfile = "modules/{$osdirectory}/pn{$ostype}.php";
if (!file_exists($osfile)) {
// File does not exist
return false;
}
// Load file
include $osfile;
$loaded["{$modname}{$type}"] = 1;
$defaultlang = pnConfigGetVar('language');
if (empty($defaultlang)) {
$defaultlang = 'eng';
}
$currentlang = pnUserGetLang();
if (file_exists("modules/{$osdirectory}/pnlang/{$currentlang}/{$ostype}.php")) {
include "modules/{$osdirectory}/pnlang/" . pnVarPrepForOS($currentlang) . "/{$ostype}.php";
} elseif (file_exists("modules/{$directory}/pnlang/{$defaultlang}/{$ostype}.php")) {
include "modules/{$osdirectory}/pnlang/" . pnVarPrepForOS($defaultlang) . "/{$ostype}.php";
}
// Load datbase info
pnModDBInfoLoad($modname, $directory);
// Return the module name
return $modname;
}
/**
* get block information
* @param title the block title
* @return array array of block information
*/
function pnBlockGetInfoByTitle($title = null)
{
if (empty($title)) {
return;
}
static $blocks;
// load the db info if required
pnModDBInfoLoad('Blocks');
if (empty($blocks[$title])) {
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$blockstable = $pntable['blocks'];
$blockscolumn =& $pntable['blocks_column'];
$sql = "SELECT {$blockscolumn['title']},\n\t\t\t\t\t {$blockscolumn['bkey']},\n\t\t\t\t\t {$blockscolumn['title']},\n\t\t\t\t\t {$blockscolumn['content']},\n\t\t\t\t\t {$blockscolumn['url']},\n\t\t\t\t\t {$blockscolumn['position']},\n\t\t\t\t\t {$blockscolumn['weight']},\n\t\t\t\t\t {$blockscolumn['active']},\n \t {$blockscolumn['collapsable']},\n \t {$blockscolumn['defaultstate']},\n\t\t\t\t\t {$blockscolumn['refresh']},\n\t\t\t\t\t {$blockscolumn['last_update']},\n\t\t\t\t\t {$blockscolumn['blanguage']},\n\t\t\t\t\t {$blockscolumn['mid']},\n\t\t\t\t\t {$blockscolumn['bid']}\n\t\t\t\tFROM {$blockstable}";
// WHERE $blockscolumn[title] = '" .pnVarPrepForStore($title)."' ";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$result->EOF) {
list($restitle, $resarray['bkey'], $resarray['title'], $resarray['content'], $resarray['url'], $resarray['position'], $resarray['weight'], $resarray['active'], $resarray['collapsable'], $resarray['defaultstate'], $resarray['refresh'], $resarray['last_update'], $resarray['language'], $resarray['mid'], $resarray['bid']) = $result->fields;
$resarray['unix_update'] = $result->UnixTimeStamp($resarray['last_update']);
// Move that ADOdb pointer !
$result->MoveNext();
$blocks[$restitle] = $resarray;
}
$result->Close();
}
if (isset($blocks[$title])) {
return $blocks[$title];
} else {
return;
}
}
/**
* upgrade a module
*/
function modules_adminapi_upgrade($args)
{
// 20021216 fixed the fix : larsneo (thx to cmgrote and jojodee)
// Get arguments from argument array
extract($args);
// Argument check
if (!isset($mid) || !is_numeric($mid)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Get module information
$modinfo = pnModGetInfo($mid);
if (empty($modinfo)) {
pnSessionSetVar('errormsg', _MODNOSUCHMOD);
return false;
}
// Get module database info
pnModDBInfoLoad($modinfo['name'], $modinfo['directory']);
// Module upgrade function
$osdir = pnVarPrepForOS($modinfo['directory']);
@(include "modules/{$osdir}/pninit.php");
$func = $modinfo['name'] . '_upgrade';
if (function_exists($func)) {
if ($func($modinfo['version']) != true) {
return false;
}
}
// Update state of module
if (!modules_adminapi_setstate(array('mid' => $mid, 'state' => _PNMODULE_STATE_INACTIVE))) {
return false;
}
// BEGIN bugfix (561802) - cmgrote
// Get the new version information...
$modversion['version'] = '0';
@(include "modules/{$modinfo['directory']}/Version.php");
@(include "modules/{$modinfo['directory']}/pnversion.php");
$version = $modversion['version'];
// Note the changes in the database...
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$modulestable = $pntable['modules'];
$modulescolumn =& $pntable['modules_column'];
$sql = "UPDATE {$modulestable}\n\t\t\tSET {$modulescolumn['version']} = '" . pnVarPrepForStore($modversion['version']) . "',\n\t\t\t\t{$modulescolumn['admin_capable']} = '" . pnVarPrepForStore($modversion['admin']) . "',\n\t\t\t\t{$modulescolumn['description']} = '" . pnVarPrepForStore($modversion['description']) . "'\n\t\t\tWHERE {$modulescolumn['id']} = " . pnVarPrepForStore($mid);
$dbconn->Execute($sql);
// END bugfix (561802) - cmgrote
// Message
pnSessionSetVar('errormsg', _MODULESAPIUPGRADED);
// Success
return true;
}
function mediashare_userapi_getListCount($args)
{
$dom = ZLanguage::getModuleDomain('mediashare');
$keyword = isset($args['keyword']) ? $args['keyword'] : null;
$uname = isset($args['uname']) ? $args['uname'] : null;
$albumId = $args['albumId'];
pnModDBInfoLoad('User');
// Ensure DB table info is available
$pntable = pnDBGetTables();
$mediaTable = $pntable['mediashare_media'];
$mediaColumn = $pntable['mediashare_media_column'];
$albumsTable = $pntable['mediashare_albums'];
$albumsColumn = $pntable['mediashare_albums_column'];
$usersTable = $pntable['users'];
$usersColumn = $pntable['users_column'];
$keywordsTable = $pntable['mediashare_keywords'];
$keywordsColumn = $pntable['mediashare_keywords_column'];
// Find accessible albums
$accessibleAlbumSql = pnModAPIFunc('mediashare', 'user', 'getAccessibleAlbumsSql', array('access' => mediashareAccessRequirementViewSomething, 'field' => "media.{$mediaColumn['parentAlbumId']}"));
if (!$accessibleAlbumSql) {
return false;
}
// Build simple restriction
$restriction = array();
$join = array();
if ($uname != null) {
$restriction[] = "users.{$usersColumn['uname']} = '" . DataUtil::formatForStore($uname) . "'";
$join[] = "INNER JOIN {$usersTable} users\r\n ON users.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}";
}
if ($albumId != null) {
$restriction[] = "album.{$albumsColumn['id']} = " . (int) $albumId;
}
$restrictionSql = count($restriction) > 0 ? ' AND ' . implode(' AND ', $restriction) : '';
$joinSql = count($join) > 0 ? implode(' ', $join) : '';
if ($keyword != null) {
$sql = "SELECT COUNT(*)\r\n FROM {$keywordsTable} keyword\r\n INNER JOIN {$mediaTable} media\r\n ON media.{$mediaColumn['id']} = keyword.{$keywordsColumn['itemId']}\r\n AND keyword.{$keywordsColumn['type']} = 'media'\r\n INNER JOIN {$usersTable} usersx\r\n ON usersx.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}\r\n INNER JOIN {$albumsTable} album\r\n ON album.{$albumsColumn['id']} = media.{$mediaColumn['parentAlbumId']}\r\n {$joinSql}\r\n WHERE ({$accessibleAlbumSql})\r\n AND keyword.{$keywordsColumn['keyword']} = '" . DataUtil::formatForStore($keyword) . "'\r\n {$restrictionSql}";
$sql2 = "SELECT COUNT(*)\r\n FROM {$keywordsTable} keyword\r\n INNER JOIN {$albumsTable} album\r\n ON album.{$albumsColumn['id']} = keyword.{$keywordsColumn['itemId']}\r\n AND keyword.{$keywordsColumn['type']} = 'album'\r\n INNER JOIN {$mediaTable} media\r\n ON media.{$mediaColumn['id']} = album.{$albumsColumn['mainMediaId']}\r\n INNER JOIN {$usersTable} usersx\r\n ON usersx.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}\r\n {$joinSql}\r\n WHERE ({$accessibleAlbumSql})\r\n AND keyword.{$keywordsColumn['keyword']} = '" . DataUtil::formatForStore($keyword) . "'\r\n {$restrictionSql}";
} else {
$sql = "SELECT COUNT(*)\r\n FROM {$mediaTable} media\r\n INNER JOIN {$usersTable} usersx\r\n ON usersx.{$usersColumn['uid']} = media.{$mediaColumn['ownerId']}\r\n INNER JOIN {$albumsTable} album\r\n ON album.{$albumsColumn['id']} = media.{$mediaColumn['parentAlbumId']}\r\n {$joinSql}\r\n WHERE ({$accessibleAlbumSql})\r\n {$restrictionSql}";
$sql2 = null;
}
$result = DBUtil::executeSQL($sql);
if ($result === false) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('userapi.getListCount', 'Could not retrieve the list count.'), $dom));
}
$result = DBUtil::marshallObjects($result, array('count'));
$count = (int) $result[0]['count'];
if ($sql2 != null) {
$result = DBUtil::executeSQL($sql2);
if ($result === false) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('userapi.getListCount', 'Could not retrieve the second list count.'), $dom));
}
$result = DBUtil::marshallObjects($result, array('count'));
$count += (int) $result[0]['count'];
}
return $count;
}
function getAccessibleAlbumsSql($albumId, $access, $field)
{
// Admin can do everything
if (SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) {
return '1=1';
}
// Forbidden read can do nothing
if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_READ)) {
return '1=0';
}
$userId = (int) pnUserGetVar('uid');
// Make sure groups database info is available
pnModDBInfoLoad('Groups');
$pntable = pnDBGetTables();
$albumsTable = $pntable['mediashare_albums'];
$albumsColumn = $pntable['mediashare_albums_column'];
$accessTable = $pntable['mediashare_access'];
$accessColumn = $pntable['mediashare_access_column'];
$membershipTable = $pntable['group_membership'];
$membershipColumn = $pntable['group_membership_column'];
$parentAlbumSql = '';
if ($albumId != null) {
$parentAlbumSql = "{$albumsColumn['parentAlbumId']} = {$albumId} AND";
}
$sql = "SELECT DISTINCT {$albumsColumn['id']}\n FROM {$albumsTable}\n LEFT JOIN {$accessTable}\n ON {$accessColumn['albumId']} = {$albumsColumn['id']}\n LEFT JOIN {$membershipTable}\n ON {$membershipColumn['gid']} = {$accessColumn['groupId']}\n AND {$membershipColumn['uid']} = {$userId}\n WHERE {$parentAlbumSql}\n (\n ({$accessColumn['access']} & {$access}) != 0 AND ({$membershipColumn['gid']} IS NOT NULL OR {$accessColumn['groupId']} = -1)\n OR {$albumsColumn['ownerId']} = {$userId}\n )";
$result = DBUtil::executeSQL($sql);
if ($result === false) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('accessapi.getAccessibleAlbumsSql', 'Could not retrieve the accessible albums.'), $dom));
}
$ids = DBUtil::marshallObjects($result, array('id'));
$invitedAlbums = pnModAPIFunc('mediashare', 'invitation', 'getInvitedAlbums');
// collect all the accessible album IDs
$albumids = array();
foreach ($ids as $id) {
$albumids[] = (int) $id['id'];
}
if (is_array($invitedAlbums) && $access & mediashareAccessRequirementView) {
foreach ($invitedAlbums as $invAlbumId => $ok) {
if ($ok) {
$albumids[] = (int) $invAlbumId;
}
}
}
// sintetize the query
if (!empty($albumids)) {
$albumids = "'" . implode("', '", $albumids) . "'";
} else {
$albumids = '';
}
return $albumids == '' ? '1=0' : "{$field} IN ({$albumids})";
}
/**
* load a module
* @author Jim McDonald <*****@*****.**>
* @link http://www.mcdee.net
* @param 'name' the name of the module
* @param 'type' the type of functions to load
* @param 'force' determines to load Module even if module isn't active
* @return string name of module loaded, or false on failure
*/
function pnModLoad($modname, $type = 'user', $force = false)
{
// define input, all numbers and booleans to strings
$modname = isset($modname) ? (string) $modname : '';
// validate
if (!pnVarValidate($modname, 'mod')) {
return false;
}
if (strtolower(substr($type, -3)) == 'api') {
return false;
}
static $loaded = array();
if (!empty($loaded[strtolower("{$modname}{$type}")])) {
// Already loaded from somewhere else
return $modname;
}
// get the module info
$modinfo = pnModGetInfo(pnModGetIDFromName($modname));
// check the modules state
if (!$force && !pnModAvailable($modname) && pnModGetName() != 'Modules') {
return false;
}
// Load the module and module language files
list($osdirectory, $ostype) = pnVarPrepForOS($modinfo['directory'], $type);
$mosfile = "modules/{$osdirectory}/pn{$ostype}.php";
$mosdir = "modules/{$osdirectory}/pn{$ostype}";
if (file_exists($mosfile)) {
// Load the file from modules
include $mosfile;
} elseif (is_dir($mosdir)) {
} else {
// File does not exist
return false;
}
$loaded[strtolower("{$modname}{$type}")] = 1;
// load the module language file
pnModLangLoad($modname, $type);
// Load datbase info
pnModDBInfoLoad($modname, $modinfo['directory']);
// Return the module name
return $modname;
}
