function bb2_db_escape($string)
{
include_once PLOG_CLASS_PATH . "class/database/db.class.php";
return Db::qstr($string);
}
function update($blockedHost)
{
$query = "UPDATE " . $this->getPrefix() . "host_blocking_rules\n SET host = '" . $blockedHost->getHost() . "',\n mask = " . $blockedHost->getMask() . ",\n blog_id = " . $blockedHost->getBlogId() . ",\n block_type = " . $blockedHost->getType() . ",\n reason = '" . Db::qstr($blockedHost->getReason()) . "'\n WHERE id = " . $blockedHost->getId();
$result = $this->Execute($query);
return $result;
}
/**
* Deletes a sent message
*
* @param messageId The id of the message that we'd like to delete
* @return true if successful or false otherwise
*/
function deleteMessage($messageId)
{
$prefix = $this->getPrefix();
$query = "DELETE FROM {$prefix}mailcentre_sent\n WHERE id = '" . Db::qstr($messageId) . "'";
$result = $this->Execute($query);
// if there was an error with the query or no rows were affected,
// then something went definitely wrong...
if (!$result) {
return false;
}
if ($this->_db->Affected_Rows() == 0) {
return false;
}
return true;
}
function verifyRequest($userNameHash, $requestHash)
{
// make sure that the request is correct
$users = new Users();
// it's not a good idea to do this but it makes things a bit easier...
$prefix = $users->getPrefix();
$query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email, \n\t\t\t u.about AS about, u.full_name AS full_name, u.properties AS properties, \n\t\t\t\t\t IF(p.permission_id = 1, 1, 0 ) AS site_admin, u.resource_picture_id AS resource_picture_id,\n\t\t\t\t\t u.status AS status\n\t\t\t\t\t FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id \n\t\t\t\t\t WHERE MD5(u.user) = '" . Db::qstr($userNameHash) . "'";
$userInfo = $users->_getUserInfoFromQuery($query);
// try to see if we can load the user...
if (!$userInfo) {
return false;
}
// and if so, validate the hash
$originalRequestHash = SummaryTools::calculatePasswordResetHash($userInfo);
if ($requestHash != $originalRequestHash) {
return false;
}
return $userInfo;
}
/**
* updates a rule
*
* @param rule a FilteredContent object containing the data
* we'd like to update.
* @return True upon success or false otherwise.
*/
function updateFilteredContent($rule)
{
$query = "UPDATE " . $this->getPrefix() . "filtered_content SET " . "blog_id = " . $rule->getBlogId() . ", " . "reg_exp = '" . Db::qstr($rule->getRegExp(true)) . "', " . "reason = '" . Db::qstr($rule->getReason()) . "' " . " WHERE blog_id = " . $rule->getBlogId() . " AND id = " . $rule->getId() . ";";
$result = $this->Execute($query);
if (!$result) {
return false;
}
return true;
}
/**
* Updates a link in the database.
*
* @param myLink A MyLink object with the information we'd like to update.
* @return True if successful or false otherwise.
*/
function updateMyLink($myLink)
{
$query = "UPDATE " . $this->getPrefix() . "mylinks SET\n name = '" . Db::qstr($myLink->getName()) . "',\n description = '" . Db::qstr($myLink->getDescription()) . "',\n url = '" . Db::qstr($myLink->getUrl()) . "',\n category_id = " . $myLink->getCategoryId() . ",\n date = date,\n\t\t\t\t\t properties = '" . Db::qstr(serialize($myLink->getProperties())) . "',\n\t\t\t\t\t rss_feed = '" . Db::qstr($myLink->getRssFeed()) . "'\n WHERE id = " . $myLink->getId() . " AND blog_id = " . $myLink->getBlogId() . ";";
$result = $this->Execute($query);
if (!$result) {
return false;
} else {
if ($result) {
// mark the corresponding link categories as modified now
$linkCategories = new MyLinksCategories();
$linkCategories->updateCategoryModificationDate($myLink->getCategoryId());
}
return true;
}
}
/**
* Returns an array of SearchResult objects containing information about the search, such as the
* relevance (not very relevant, though :)), and the ArticleObject
*
* @param blogId The id of the blog whose articles we would like to search
* @param query The query string we'd like to use.
* @param minRelevance Minimum value of the relevance field, to get rid of less meaningful
* results
* @param maxResults Maximum number of results that will be returned.
* @return An array of SearchResult objects
*/
function searchComments($blogId, $query, $minRelevance = 0, $maxResults = 0, $status = POST_STATUS_PUBLISHED, $userId = -1, $date = 0)
{
$prefix = $this->getPrefix();
$query = $this->_adaptSearchString($query);
// MARKWU: I also need to take care when there are multiplu search term
// Split the search term by space
$query_array = explode(' ', $query);
// For each search terms, I should make a like query for it
$where_string = "(";
$where_string .= "((c.normalized_topic LIKE '%{$query_array[0]}%') OR (c.normalized_text LIKE '%{$query_array[0]}%'))";
for ($i = 1; $i < count($query_array); $i = $i + 1) {
$where_string .= " AND ((c.normalized_topic LIKE '%{$query_array[$i]}%') OR (c.normalized_text LIKE '%{$query_array[$i]}%'))";
}
$where_string .= " OR ((c.normalized_topic LIKE '%{$query}%') OR (c.normalized_text LIKE '%{$query}%'))";
$where_string .= ")";
// Make the whole sql query string
$searchQuery = "SELECT a.id AS id, t.topic AS topic, t.text AS text, a.date AS date,\n\t\t\t a.user_id AS user_id, a.blog_id AS blog_id, a.num_reads AS num_reads, \n\t\t\t\t\t\t\t a.properties AS properties, t.normalized_text AS normalized_text,\n\t\t\t\t\t\t\t t.normalized_topic AS normalized_topic, a.status AS status, a.slug AS slug, \n\t\t\t\t\t\t\t 1 AS relevance \n\t\t\t\t\t\t\t FROM {$prefix}articles_comments c, {$prefix}articles a, {$prefix}articles_text t\n\t\t\t\t\t\t\t WHERE {$where_string} AND c.article_id = a.id AND a.status = {$status} AND c.status = 0\n\t\t\t\t\t\t\t AND t.article_id = a.id";
if ($blogId > 0) {
$searchQuery .= " AND a.blog_id = '" . Db::qstr($blogId) . "' ";
}
if ($userId > 0) {
$searchQuery .= " AND a.user_id = '" . Db::qstr($userId) . "' ";
}
if ($date > 0) {
$searchQuery .= " AND a.date+0 LIKE '{$date}%' ";
}
$searchQuery .= " ORDER BY relevance";
// print $searchQuery;
// print "<hr />";
return $this->_getQueryResults($searchQuery, SEARCH_RESULT_COMMENT);
}
/**
* removes a trackback from the database
*
* @param trackbackId
* @param articleId
* @return True if successful or false otherwise
*/
function deletePostTrackback($trackbackId, $articleId = -1)
{
$prefix = $this->getPrefix();
$query = "DELETE FROM {$prefix}trackbacks WHERE id = '" . Db::qstr($trackbackId) . "'";
if ($articleId > 0) {
$query .= " AND article_id = '" . Db::qstr($articleId) . "'";
}
return $this->Execute($query);
}
/**
* update last modification field
*/
function updateLastModification($categoryId, $lastModification)
{
$query = "UPDATE " . $this->getPrefix() . "mylinks_categories\n\t\t\t\t\t SET last_modification = '" . Db::qstr($lastModification) . "' \n\t\t\t\t\t WHERE id = '" . Db::qstr($categoryId) . "'";
$this->_db->debug = false;
$result = $this->_db->Execute($query);
return $result;
}
/**
* adds a custom field value to the given article
*
* @param fieldId
* @param fieldValue
* @param articleId
* @param blogId
* @return True if successful or false otherwise
*/
function addCustomFieldValue($fieldId, $fieldValue, $articleId, $blogId)
{
$filter = new Textfilter();
$query = "INSERT INTO " . $this->getPrefix() . "custom_fields_values\n\t\t\t (field_id, field_value, normalized_value, blog_id, article_id)\n\t\t\t\t\t VALUES (\n\t\t\t\t\t {$fieldId}, '" . Db::qstr($fieldValue) . "','" . $filter->normalizeText(Db::qstr($fieldValue)) . "',\n\t\t\t\t\t {$blogId}, {$articleId}\n\t\t\t\t\t )";
$result = $this->Execute($query);
return $result;
}
function updatePoll(&$poll)
{
$prefix = $this->getPrefix();
$q = "update {$prefix}plogpoll_polls " . "set subject='" . Db::qstr($poll->getSubject()) . "'," . "responses='" . Db::qstr(serialize($poll->getResponses())) . "'," . "responsedata='" . Db::qstr(serialize($poll->getResponseData())) . "'" . " where id=" . $poll->getId();
return $this->Execute($q);
}
/**
* disables a blog
*
* @param blogId
*/
function disableBlog($blogId)
{
$query = "UPDATE " . $this->getPrefix() . "blogs\n SET status = '" . BLOG_STATUS_DISABLED . "'\n WHERE id = '" . Db::qstr($blogId) . "'";
$result = $this->Execute($query);
if (!$result) {
return false;
}
if ($this->_db->Affected_Rows() == 0) {
return false;
}
return true;
}
/**
* updates a resource in the database.
*
* @param resource A GalleryResource object with the information of the
* resource we'd like to update.
* @return Returns true if successful or false otherwise
*/
function updateResource($resource)
{
$tf = new TextFilter();
$query = "UPDATE " . $this->getPrefix() . "gallery_resources\n SET album_id = " . $resource->getAlbumId() . ",\n description = '" . Db::qstr($resource->getDescription()) . "',\n flags = " . $resource->getFlags() . ",\n resource_type = " . $resource->getResourceType() . ",\n file_path = '" . $resource->getFilePath() . "',\n file_name = '" . $resource->getFileName() . "',\n metadata = '" . Db::qstr(serialize($resource->getMetadata())) . "',\n\t\t\t\t\t thumbnail_format ='" . $resource->getThumbnailFormat() . "',\n date = '" . $resource->getDate() . "',\n normalized_description = '" . Db::qstr($tf->normalizeText($resource->getDescription())) . "'\n WHERE id = " . $resource->getId();
$result = $this->Execute($query);
if (!$result) {
return false;
} else {
return true;
}
}
/**
* returns the lastest $maxItems comments received in the blog
*
* @param blogId
* @param maxItems
* @return An array of ArticleComment objects
*/
function getBlogComments($blogId, $maxItems = 0, $articleStatus = POST_STATUS_PUBLISHED)
{
$prefix = $this->getPrefix();
$query = "SELECT c.id AS id, c.article_id AS article_id, c.topic AS topic, \n\t\t\t c.text AS text, c.date AS date, c.user_email AS user_email,\n\t\t\t\t\t\t\t c.user_url AS user_url, c.user_name AS user_name, c.parent_id AS parent_id,\n\t\t\t\t\t\t\t c.client_ip AS client_ip, c.send_notification AS send_notification,\n\t\t\t\t\t\t\t c.status AS status \n\t\t\t\t\t FROM {$prefix}articles_comments c, {$prefix}articles a\n\t\t\t WHERE a.blog_id = '" . Db::qstr($blogId) . "' AND a.id = c.article_id\n\t\t\t\t\t AND a.status = {$articleStatus} \n\t\t\t\t\t ORDER BY date DESC";
if ($maxItems > 0) {
$query .= " LIMIT 0, {$maxItems}";
}
$result = $this->Execute($query);
if (!$result) {
return false;
}
if ($result->RowCount() == 0) {
return array();
}
$comments = array();
$articles = new Articles();
while ($row = $result->FetchRow()) {
// load the article to which this comment belongs
$comment = $this->_fillCommentInformation($row);
$article = $articles->getBlogArticle($comment->getArticleId(), $blogId);
$comment->setArticle($article);
// and store everything in the array
$comments[] = $comment;
}
$result->Close();
return $comments;
}
/**
* returns how many categories a blog has
*
* @param blogId
* @param includeHidden
* @return an integer
*/
function getBlogNumCategories($blogId, $includeHidden = false)
{
// table name
$prefix = $this->getPrefix();
$table = "{$prefix}articles_categories";
// conditions
$cond = "blog_id = '" . Db::qstr($blogId) . "'";
if (!$includeHidden) {
$cond .= " AND in_main_page = 1";
}
// return the total number
$total = $this->getNumItems($table, $cond);
return $total;
}
/**
* update a field in the database
*
* @param field
* @return True if successful or false otherwise
*/
function updateCustomField($field)
{
$query = "UPDATE " . $this->getPrefix() . "custom_fields_definition\n\t\t\t SET field_name = '" . Db::qstr($field->getName()) . "',\n\t\t\t\t\t field_description = '" . Db::qstr($field->getDescription()) . "',\n\t\t\t\t\t field_type = " . Db::qstr($field->getType()) . ",\n\t\t\t\t\t date = date,\n\t\t\t\t\t hidden = " . $field->isHidden() . "\n\t\t\t\t\t WHERE id = " . $field->getId();
$result = $this->Execute($query);
return $result;
}
/**
* @private
*/
function _insertValue($key, $value)
{
$type = $this->_getType($value);
switch ($type) {
case TYPE_INTEGER:
case TYPE_BOOLEAN:
case TYPE_FLOAT:
$query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n VALUES( '{$key}', '{$value}', {$type} )";
break;
case TYPE_STRING:
// need to add quotes here
$query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n VALUES( '{$key}', '" . Db::qstr($value) . "', {$type} )";
break;
case TYPE_ARRAY:
case TYPE_OBJECT:
// need to serialize here
$serValue = addslashes(serialize($value));
$query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n VALUES( '{$key}', '{$serValue}', {$type} )";
break;
default:
throw new Exception("_insertValue: _getType produced an unexpected value of {$type}");
die;
}
$result = $this->_db->Execute($query);
if ($result) {
return true;
} else {
return false;
}
}
/**
* returns the usernames of the users who have permissions in a blog
*
* @param blogId
* @retur An array of UserInfo objects
*/
function getBlogUsers($blogId)
{
$query = "SELECT * FROM " . $this->getPrefix() . "users_permissions WHERE blog_id = '" . Db::qstr($blogId) . "'";
$result = $this->Execute($query);
if (!$result) {
return false;
}
$blogUsers = array();
$users = new Users();
while ($row = $result->FetchRow()) {
$blogUsers[] = $users->getUserInfoFromId($row["user_id"]);
}
return $blogUsers;
}
/**
* removes the text of an article
*
* @param articleId
* @private
* @return true if successful or false otherwise
* @see Articles::deleteArticle
*/
function deleteArticleText($articleId)
{
$query = "DELETE FROM " . $this->getPrefix() . "articles_text WHERE article_id = '" . Db::qstr($articleId) . "'";
return $this->Execute($query);
}
function updateResources()
{
$dbPrefix = $this->dbPrefix;
$query = "SELECT * FROM {$dbPrefix}gallery_resources";
$result = $this->db->Execute($query);
while ($row = $result->FetchRow()) {
$resId = $row["id"];
//$normName = $this->t->normalizeText( $row["name"] );
$normDescription = Db::qstr($this->t->normalizeText($row["description"]));
$query = "UPDATE {$dbPrefix}gallery_resources\n SET normalized_description = '{$normDescription}', date = date\n WHERE id = {$resId}";
$res = $this->db->Execute($query);
if (!$res) {
$this->message .= "There was an error updating the resources table.<br/>";
return false;
}
}
$this->message .= "Resources table updated successfully!<br/>";
return true;
}
/**
* returns all the albums of the blog in an array. The key of the array is the
* parent id of all the albums in the position, and each position is either an
* array with all the albums that share the same parent id or empty if none
*
* @param userId
* @param albumId
* @return An associative array
*/
function getUserAlbumsGroupedByParentId($userId, $albumId = 0)
{
$prefix = $this->getPrefix();
$query = "SELECT id, owner_id, description,\n \t name, flags, parent_id,\n \t date, properties, show_album \n \t FROM {$prefix}gallery_albums \n\t\t\t WHERE owner_id = '" . Db::qstr($userId) . "'\n\t\t\t\t\t ORDER BY name ASC";
$result = $this->Execute($query);
if (!$result) {
return array();
}
$albums = array();
$ids = array();
$ids[] = 0;
while ($row = $result->FetchRow()) {
$album = new GalleryAlbum($row["owner_id"], $row["name"], $row["description"], $row["flags"], $row["parent_id"], $row["date"], unserialize($row["properties"]), $row["show_album"], $row["id"]);
$key = $album->getParentId();
if (!array_key_exists($key, $albums) || $albums["{$key}"] == "") {
$albums["{$key}"] = array();
}
$albums["{$key}"][] = $album;
$ids[] = $album->getId();
}
return $albums;
}
/**
* check if the email account has been registered
* @return true if the email account has been registered
*/
function emailExists($email)
{
$query = "SELECT email \n FROM " . $this->getPrefix() . "users \n WHERE email = '" . Db::qstr($email) . "'";
$result = $this->_db->Execute($query);
if ($result && $result->RecordCount() >= 1) {
return true;
} else {
return false;
}
}
/**
* returns how many referrers the blog has
*
*Ê@param blogId
* @param articleId
* @return a number
*/
function getBlogTotalReferers($blogId, $articleId = -1)
{
$prefix = $this->getPrefix();
$table = "{$prefix}referers";
$cond = "blog_id = '" . Db::qstr($blogId) . "'";
if ($articleId > -1) {
$cond .= " AND article_id = '" . Db::qstr($articleId) . "'";
}
return $this->getNumItems($table, $cond);
}
