Exemple #1
0
 /**
  * post a new table or an updated table
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the new table, or FALSE on error
  *
  * @see tables/edit.php
  * @see tables/populate.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // no query
     if (!isset($fields['query']) || !trim($fields['query'])) {
         Logger::error(i18n::s('Please add some SQL query.'));
         return FALSE;
     }
     // no anchor reference
     if (!isset($fields['anchor']) || !trim($fields['anchor'])) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // get the anchor
     if (!isset($fields['anchor']) || !($anchor = Anchors::get($fields['anchor']))) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // set default values
     if (!isset($fields['with_zoom'])) {
         $fields['with_zoom'] = 'N';
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // maybe we have to modify an existing table
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         // update the existing record
         $query = "UPDATE " . SQL::table_name('tables') . " SET " . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape($fields['query']) . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'" . " WHERE id = " . SQL::escape($fields['id']);
         // insert a new record
     } else {
         $query = "INSERT INTO " . SQL::table_name('tables') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "'," . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape(isset($fields['query']) ? $fields['query'] : '') . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . $fields['edit_name'] . "'," . "edit_id=" . $fields['edit_id'] . "," . "edit_address='" . $fields['edit_address'] . "'," . "edit_date='" . $fields['edit_date'] . "'";
     }
     // actual insert
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     if (!isset($fields['id'])) {
         $fields['id'] = SQL::get_last_id($context['connection']);
     }
     // clear the cache for tables
     if (isset($fields['id'])) {
         $topics = array('tables', 'table:' . $fields['id']);
     } else {
         $topics = 'tables';
     }
     Cache::clear($topics);
     // return the id of the new item
     return $fields['id'];
 }
Exemple #2
0
 /**
  * post a new link
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the new link, or FALSE on error
  *
  * @see feeds/feeds.php
  * @see links/edit.php
  * @see links/trackback.php
  * @see services/ping.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // suppress invalid chars, if any
     $fields['link_url'] = trim(preg_replace(FORBIDDEN_IN_URLS, '_', $fields['link_url']), '_');
     // no link
     if (!$fields['link_url']) {
         Logger::error(i18n::s('No link URL has been provided.'));
         return FALSE;
     }
     // no anchor reference
     if (!$fields['anchor']) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // always remember the date
     $query = "INSERT INTO " . SQL::table_name('links') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "link_url='" . SQL::escape($fields['link_url']) . "', " . "link_target='" . SQL::escape(isset($fields['link_target']) ? $fields['link_target'] : '') . "', " . "link_title='" . SQL::escape(isset($fields['link_title']) ? $fields['link_title'] : '') . "', " . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'link:create') . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "', " . "hits=" . SQL::escape(isset($fields['hits']) ? $fields['hits'] : 0);
     // actual update query
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     $fields['id'] = SQL::get_last_id($context['connection']);
     // clear the cache for links
     Links::clear($fields);
     // end of job
     return $fields['id'];
 }
Exemple #3
0
 /**
  * post a new location or an updated location
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the new location, or FALSE on error
  *
  * @see locations/edit.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // no geo_place_name
     if (!$fields['geo_place_name']) {
         Logger::error(i18n::s('Please add a geo_place_name for this location'));
         return FALSE;
     }
     // no anchor reference
     if (!$fields['anchor']) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // extract latitude and longitude
     if (isset($fields['geo_position']) && $fields['geo_position']) {
         list($latitude, $longitude) = preg_split('/[\\s,;]+/', $fields['geo_position']);
     }
     // update the existing record
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         // update the existing record
         $query = "UPDATE " . SQL::table_name('locations') . " SET " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '0') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '0') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
         // maybe a silent update
         if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
             $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         }
         $query .= " WHERE id = " . SQL::escape($fields['id']);
         // insert a new record
     } else {
         // always remember the date
         $query = "INSERT INTO " . SQL::table_name('locations') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
     }
     // actual update query
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     if (!isset($fields['id'])) {
         $fields['id'] = SQL::get_last_id($context['connection']);
     }
     // clear the cache for locations
     Locations::clear($fields);
     // end of job
     return $fields['id'];
 }
Exemple #4
0
 /**
  * post a new section
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @param boolean TRUE to update the watch list of the poster
  * @return the id of the new article, or FALSE on error
  *
  * @see sections/edit.php
  * @see sections/populate.php
  * @see letters/new.php
  * @see links/links.php
  * @see query.php
  **/
 public static function post(&$fields, $watch = TRUE)
 {
     global $context;
     // title cannot be empty
     if (!isset($fields['title']) || !trim($fields['title'])) {
         Logger::error(i18n::s('No title has been provided.'));
         return FALSE;
     }
     // sanity filter
     $fields['title'] = strip_tags($fields['title'], '<br>');
     // protect from hackers
     if (isset($fields['icon_url'])) {
         $fields['icon_url'] = encode_link($fields['icon_url']);
     }
     if (isset($fields['thumbnail_url'])) {
         $fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // reinforce date formats
     if (!isset($fields['activation_date']) || $fields['activation_date'] <= NULL_DATE) {
         $fields['activation_date'] = NULL_DATE;
     }
     if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
         $fields['create_date'] = $fields['edit_date'];
     }
     if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
         $fields['expiry_date'] = NULL_DATE;
     }
     if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
         $fields['publish_date'] = NULL_DATE;
     }
     // set conservative default values
     if (!isset($fields['active_set'])) {
         $fields['active_set'] = 'Y';
     }
     if (isset($fields['edit_action'])) {
         $fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
     }
     if (!isset($fields['home_panel']) || !$fields['home_panel']) {
         $fields['home_panel'] = 'main';
     }
     if (!isset($fields['index_map']) || !$fields['index_map']) {
         $fields['index_map'] = 'Y';
     }
     if (!isset($fields['index_news']) || !$fields['index_news']) {
         $fields['index_news'] = 'none';
     }
     // save on requests
     if (!isset($fields['rank']) || !$fields['rank']) {
         $fields['rank'] = 10000;
     }
     // set layout for sections
     if (!isset($fields['sections_layout']) || !$fields['sections_layout'] || !preg_match('/^(accordion|carrousel|compact|custom|decorated|directory|folded|inline|jive|map|slashdot|tabs|titles|yabb|none)$/', $fields['sections_layout'])) {
         $fields['sections_layout'] = 'none';
     } elseif ($fields['sections_layout'] == 'custom') {
         if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
             $fields['sections_layout'] = $fields['sections_custom_layout'];
         } else {
             $fields['sections_layout'] = 'none';
         }
     }
     // set layout for articles
     if (!isset($fields['articles_layout']) || !$fields['articles_layout'] || !preg_match('/^(accordion|alistapart|carrousel|custom|compact|daily|decorated|digg|directory|hardboiled|jive|map|newspaper|none|simile|slashdot|table|tabs|tagged|threads|titles|yabb)$/', $fields['articles_layout'])) {
         $fields['articles_layout'] = 'decorated';
     } elseif ($fields['articles_layout'] == 'custom') {
         if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
             $fields['articles_layout'] = $fields['articles_custom_layout'];
         } else {
             $fields['articles_layout'] = 'decorated';
         }
     }
     // set canvas for articles
     if (!isset($fields['articles_canvas']) || !$fields['articles_canvas']) {
         $fields['articles_canvas'] = 'standard';
     }
     // clean provided tags
     if (isset($fields['tags'])) {
         $fields['tags'] = trim($fields['tags'], " \t.:,!?");
     }
     // cascade anchor access rights
     if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
         $fields['active'] = $anchor->ceil_rights($fields['active_set']);
     } else {
         $fields['active'] = $fields['active_set'];
     }
     // always create a random handle for this section
     if (!isset($fields['handle']) || strlen($fields['handle']) < 32) {
         $fields['handle'] = md5(mt_rand());
     }
     $handle = "handle='" . SQL::escape($fields['handle']) . "',";
     // allow anonymous surfer to access this section during his session
     if (!Surfer::get_id()) {
         Surfer::add_handle($fields['handle']);
     }
     // insert a new record
     $query = "INSERT INTO " . SQL::table_name('sections') . " SET ";
     // on import
     if (isset($fields['id'])) {
         $query .= "id='" . SQL::escape($fields['id']) . "',";
     }
     // all fields should be visible
     $query .= "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "'," . "activation_date='" . SQL::escape($fields['activation_date']) . "'," . "active='" . SQL::escape($fields['active']) . "'," . "active_set='" . SQL::escape($fields['active_set']) . "'," . "articles_canvas='" . SQL::escape(isset($fields['articles_canvas']) ? $fields['articles_canvas'] : 'null') . "'," . "articles_layout='" . SQL::escape(isset($fields['articles_layout']) ? $fields['articles_layout'] : 'decorated') . "'," . "articles_templates='" . SQL::escape(isset($fields['articles_templates']) ? $fields['articles_templates'] : '') . "'," . "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'," . "content_options='" . SQL::escape(isset($fields['content_options']) ? $fields['content_options'] : '') . "'," . "content_overlay='" . SQL::escape(isset($fields['content_overlay']) ? $fields['content_overlay'] : '') . "'," . "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "'," . "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'section:create') . "', " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "expiry_date='" . SQL::escape($fields['expiry_date']) . "'," . "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'," . "family='" . SQL::escape(isset($fields['family']) ? $fields['family'] : '') . "'," . "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'," . $handle . "hits=" . SQL::escape(isset($fields['hits']) ? $fields['hits'] : 0) . "," . "home_panel='" . SQL::escape(isset($fields['home_panel']) ? $fields['home_panel'] : 'main') . "'," . "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'," . "index_map='" . SQL::escape(isset($fields['index_map']) ? $fields['index_map'] : 'Y') . "'," . "index_news='" . SQL::escape(isset($fields['index_news']) ? $fields['index_news'] : 'static') . "'," . "index_news_count=" . SQL::escape(isset($fields['index_news_count']) ? $fields['index_news_count'] : 5) . "," . "index_title='" . SQL::escape(isset($fields['index_title']) ? $fields['index_title'] : '') . "'," . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'," . "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'," . "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'," . "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'," . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'," . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'," . "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : 10000) . "'," . "section_overlay='" . SQL::escape(isset($fields['section_overlay']) ? $fields['section_overlay'] : '') . "'," . "sections_layout='" . SQL::escape(isset($fields['sections_layout']) ? $fields['sections_layout'] : 'map') . "'," . "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'," . "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'," . "template='" . SQL::escape(isset($fields['template']) ? $fields['template'] : '') . "'," . "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
     // actual insert
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     $fields['id'] = SQL::get_last_id($context['connection']);
     // assign the page to related categories
     Categories::remember('section:' . $fields['id'], NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
     // turn author to page editor and update author's watch list
     if ($watch && isset($fields['edit_id']) && $fields['edit_id']) {
         Members::assign('user:'******'edit_id'], 'section:' . $fields['id']);
         Members::assign('section:' . $fields['id'], 'user:'******'edit_id']);
     }
     // clear the cache
     Sections::clear($fields);
     // return the id of the new item
     return $fields['id'];
 }
Exemple #5
0
 /**
  * post a new comment or an updated comment
  *
  * The surfer signature is also appended to the comment, if any.
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the new comment, or FALSE on error
  *
  * @see agents/messages.php
  * @see comments/edit.php
  * @see comments/post.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // ensure this item has a type
     if (!isset($fields['type'])) {
         $fields['type'] = 'attention';
     }
     // comment is mandatory, except for approvals
     if (!$fields['description'] && $fields['type'] != 'approval') {
         Logger::error(i18n::s('No comment has been transmitted.'));
         return FALSE;
     }
     // no anchor reference
     if (!$fields['anchor']) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // get the anchor
     if (!($anchor = Anchors::get($fields['anchor']))) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     if (!isset($fields['edit_date']) || $fields['edit_date'] <= NULL_DATE) {
         $fields['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S');
     }
     // reinforce date formats
     if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
         $fields['create_date'] = $fields['edit_date'];
     }
     // update the existing record
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         // update the existing record
         $query = "UPDATE " . SQL::table_name('comments') . " SET " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "'";
         // maybe another anchor
         if ($fields['anchor']) {
             $query .= ", anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
         }
         // maybe a silent update
         if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
             $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         }
         $query .= " WHERE id = " . SQL::escape($fields['id']);
         // insert a new record
     } else {
         $query = "INSERT INTO " . SQL::table_name('comments') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1), " . "previous_id='" . SQL::escape(isset($fields['previous_id']) ? $fields['previous_id'] : 0) . "', " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "create_name='" . SQL::escape($fields['edit_name']) . "', " . "create_id=" . SQL::escape($fields['edit_id']) . ", " . "create_address='" . SQL::escape($fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:create', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
     }
     // actual update query
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     if (!isset($fields['id'])) {
         $fields['id'] = SQL::get_last_id($context['connection']);
     }
     // clear the cache for comments
     Comments::clear($fields);
     // end of job
     return $fields['id'];
 }
Exemple #6
0
 /**
  * remember a version
  *
  * Save previous version of some object in the database.
  * It is recommended to call Versions::are_different() before calling Versions::save(), to
  * ensure that some change has taken place.
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @param string the anchor attached to this version
  * @return the id of the new version, or FALSE on error
  *
  * @see versions/edit.php
  **/
 public static function save($fields, $anchor)
 {
     global $context;
     // anchor cannot be empty
     if (!isset($anchor) || !$anchor) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // pack arrays, etc.
     $content = serialize($fields);
     // save database space
     if (strlen($content) > 128 && is_callable('gzcompress')) {
         $content = base64_encode(gzcompress($content, 6));
     }
     // versioning date
     $versioning_date = isset($fields['edit_date']) ? $fields['edit_date'] : gmstrftime('%Y-%m-%d %H:%M:%S');
     // insert a new record
     $query = "INSERT INTO " . SQL::table_name('versions') . " SET " . "anchor='" . SQL::escape($anchor) . "'," . "content='" . SQL::escape($content) . "'," . "edit_name='" . SQL::escape(isset($fields['edit_name']) ? $fields['edit_name'] : Surfer::get_name()) . "', " . "edit_id=" . SQL::escape(isset($fields['edit_id']) ? $fields['edit_id'] : Surfer::get_id()) . ", " . "edit_address='" . SQL::escape(isset($fields['edit_address']) ? $fields['edit_address'] : Surfer::get_email_address()) . "', " . "edit_date='" . SQL::escape($versioning_date) . "'";
     // actual insert
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     $id = SQL::get_last_id($context['connection']);
     // clear the cache for versions; update section index as well
     Cache::clear(array('articles', 'versions'));
     // return the id of the new item
     return $id;
 }
Exemple #7
0
 /**
  * post a new article
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the new article, or FALSE on error
  *
  * @see articles/edit.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // title cannot be empty
     if (!isset($fields['title']) || !$fields['title']) {
         Logger::error(i18n::s('No title has been provided.'));
         return FALSE;
     }
     // sanity filter
     $fields['title'] = strip_tags($fields['title'], '<br>');
     // anchor cannot be empty
     if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // protect from hackers
     if (isset($fields['icon_url'])) {
         $fields['icon_url'] = encode_link($fields['icon_url']);
     }
     if (isset($fields['thumbnail_url'])) {
         $fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // reinforce date formats
     if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
         $fields['create_date'] = $fields['edit_date'];
     }
     if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
         $fields['publish_date'] = NULL_DATE;
     }
     // set conservative default values
     if (!isset($fields['active_set'])) {
         $fields['active_set'] = 'Y';
     }
     if (isset($fields['edit_action']) && $fields['edit_action']) {
         $fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
     }
     if (!isset($fields['rank'])) {
         $fields['rank'] = 10000;
     }
     if (!isset($fields['nick_name'])) {
         $fields['nick_name'] = '';
     }
     // set canvas default value
     if (!isset($fields['canvas']) || !$fields['canvas']) {
         $fields['canvas'] = 'standard';
     }
     // clean provided tags
     if (isset($fields['tags'])) {
         $fields['tags'] = trim($fields['tags'], " \t.:,!?");
     }
     // cascade anchor access rights
     $fields['active'] = $anchor->ceil_rights($fields['active_set']);
     // fields to update
     $query = array();
     // on import
     if (isset($fields['id'])) {
         $query[] = "id=" . SQL::escape($fields['id']);
     }
     // fields that are visible only to associates -- see articles/edit.php
     if (Surfer::is_associate()) {
         $query[] = "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'";
         $query[] = "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'";
         $query[] = "canvas='" . SQL::escape(isset($fields['canvas']) ? $fields['canvas'] : '') . "'";
     }
     $query[] = "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'";
     $query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
     $query[] = "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'";
     $query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
     $query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
     $query[] = "rank='" . SQL::escape($fields['rank']) . "'";
     $query[] = "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'";
     $query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
     $query[] = "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
     // controlled fields
     $query[] = "active='" . SQL::escape($fields['active']) . "'";
     $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
     // fields visible to authorized member
     $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
     $query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
     $query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
     $query[] = "title='" . SQL::escape($fields['title']) . "'";
     $query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
     $query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
     $query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
     $query[] = "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'";
     $query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'";
     $query[] = "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'";
     $query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
     $query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
     $query[] = "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
     $query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
     $query[] = "hits=0";
     $query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
     $query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : (isset($fields['edit_id']) ? $fields['edit_id'] : '0'));
     $query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
     $query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
     $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
     $query[] = "edit_id=" . SQL::escape(isset($fields['edit_id']) ? $fields['edit_id'] : '0');
     $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
     $query[] = "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'article:submit') . "'";
     $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
     // reset user assignment, if any
     $query[] = "assign_name=''";
     $query[] = "assign_id=0";
     $query[] = "assign_address=''";
     $query[] = "assign_date='" . SQL::escape(NULL_DATE) . "'";
     // set or change the publication date
     if (isset($fields['publish_date']) && $fields['publish_date'] > NULL_DATE) {
         $query[] = "publish_name='" . SQL::escape(isset($fields['publish_name']) ? $fields['publish_name'] : $fields['edit_name']) . "'";
         if (isset($fields['publish_id']) || isset($fields['edit_id'])) {
             $query[] = "publish_id=" . SQL::escape(isset($fields['publish_id']) ? $fields['publish_id'] : $fields['edit_id']);
         }
         $query[] = "publish_address='" . SQL::escape(isset($fields['publish_address']) ? $fields['publish_address'] : $fields['edit_address']) . "'";
         $query[] = "publish_date='" . SQL::escape($fields['publish_date']) . "'";
     }
     // always create a random handle for this article
     if (!isset($fields['handle']) || strlen($fields['handle']) < 32) {
         $fields['handle'] = md5(mt_rand());
     }
     $query[] = "handle='" . SQL::escape($fields['handle']) . "'";
     $query[] = "rating_count='" . SQL::escape(isset($fields['rating_count']) ? $fields['rating_count'] : '0') . "'";
     // allow anonymous surfer to access this page during his session
     if (!Surfer::get_id()) {
         Surfer::add_handle($fields['handle']);
     }
     // insert a new record
     $query = "INSERT INTO " . SQL::table_name('articles') . " SET " . implode(', ', $query);
     // actual insert
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     $fields['id'] = SQL::get_last_id($context['connection']);
     // assign the page to related categories
     Categories::remember('article:' . $fields['id'], isset($fields['publish_date']) ? $fields['publish_date'] : NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
     // turn author to page editor and update author's watch list
     if (isset($fields['edit_id']) && $fields['edit_id']) {
         Members::assign('user:'******'edit_id'], 'article:' . $fields['id']);
         Members::assign('article:' . $fields['id'], 'user:'******'edit_id']);
     }
     // clear the cache
     Articles::clear($fields);
     // return the id of the new item
     return $fields['id'];
 }
Exemple #8
0
 /**
  * post a new file or an updated file
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @param string to support editors -- see files/edit.php
  * @return the id of the new file, or FALSE on error
  *
  * @see agents/messages.php
  * @see files/author.php
  * @see files/edit.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // no anchor reference
     if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // protect from hackers
     if (isset($fields['icon_url'])) {
         $fields['icon_url'] = encode_link($fields['icon_url']);
     }
     if (isset($fields['thumbnail_url'])) {
         $fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
     }
     // protect access from anonymous users
     if (!isset($fields['active_set'])) {
         $fields['active_set'] = 'Y';
     }
     // cascade anchor access rights
     $fields['active'] = $anchor->ceil_rights($fields['active_set']);
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // reinforce date formats
     if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
         $fields['create_date'] = $fields['edit_date'];
     }
     // make the file name searchable on initial post
     if (!isset($fields['id']) && !isset($fields['keywords']) && isset($fields['file_name']) && $fields['file_name'] != 'none') {
         $fields['keywords'] = ' ' . str_replace(array('%20', '_', '.', '-'), ' ', $fields['file_name']);
     }
     // columns updated
     $query = array();
     // update an existing record
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         // an actual upload has taken place --change modification date and reset detach data
         if (isset($fields['file_name']) && $fields['file_name'] != 'none') {
             $query[] = "assign_address=''";
             $query[] = "assign_date=''";
             $query[] = "assign_id=''";
             $query[] = "assign_name=''";
             $query[] = "create_address='" . SQL::escape($fields['edit_address']) . "'";
             $query[] = "create_date='" . SQL::escape($fields['edit_date']) . "'";
             $query[] = "create_id=" . SQL::escape($fields['edit_id']);
             $query[] = "create_name='" . SQL::escape($fields['edit_name']) . "'";
             $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
             $query[] = "edit_action='file:update'";
             $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
             $query[] = "edit_id=" . SQL::escape($fields['edit_id']);
             $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
             $query[] = "file_name='" . SQL::escape($fields['file_name']) . "'";
             $query[] = "file_size='" . SQL::escape($fields['file_size']) . "'";
         }
         // fields that are visible only to people allowed to update a file
         if (Surfer::is_member()) {
             $query[] = "active='" . SQL::escape($fields['active']) . "'";
             $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
             $query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
             $query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
         }
         // regular fields
         $query[] = "alternate_href='" . SQL::escape(isset($fields['alternate_href']) ? $fields['alternate_href'] : '') . "'";
         $query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
         if (isset($fields['description'])) {
             $query[] = "description='" . SQL::escape($fields['description']) . "'";
         }
         $query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
         $query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
         $query[] = "file_href='" . SQL::escape(isset($fields['file_href']) ? $fields['file_href'] : '') . "'";
         $query[] = "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'";
         $query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : '10000') . "'";
         $query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
         $query[] = "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'";
         // build the full query
         $query = "UPDATE " . SQL::table_name('files') . " SET " . join(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
         // actual insert
         if (SQL::query($query) === FALSE) {
             return FALSE;
         }
         // insert a new record
     } elseif (isset($fields['file_name']) && $fields['file_name'] && isset($fields['file_size']) && $fields['file_size']) {
         $query[] = "active='" . SQL::escape($fields['active']) . "'";
         $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
         $query[] = "alternate_href='" . SQL::escape(isset($fields['alternate_href']) ? $fields['alternate_href'] : '') . "'";
         $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
         $query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
         $query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
         $query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
         $query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
         $query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
         $query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
         $query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
         $query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
         $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
         $query[] = "edit_id=" . SQL::escape($fields['edit_id']);
         $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
         $query[] = "edit_action='file:create'";
         $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         $query[] = "file_name='" . SQL::escape($fields['file_name']) . "'";
         $query[] = "file_href='" . SQL::escape(isset($fields['file_href']) ? $fields['file_href'] : '') . "'";
         $query[] = "file_size='" . SQL::escape($fields['file_size']) . "'";
         $query[] = "hits=0";
         $query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
         $query[] = "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'";
         $query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
         $query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
         $query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : '10000') . "'";
         $query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
         $query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
         $query[] = "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'";
         // build the full query
         $query = "INSERT INTO " . SQL::table_name('files') . " SET " . join(', ', $query);
         // actual insert
         if (SQL::query($query) === FALSE) {
             return FALSE;
         }
         // remember the id of the new item
         $fields['id'] = SQL::get_last_id($context['connection']);
         // nothing done
     } else {
         Logger::error(i18n::s('Nothing has been received. Ensure you are below size limits set for this server.'));
         return FALSE;
     }
     // clear the cache for files
     Files::clear($fields);
     // end of job
     return $fields['id'];
 }
Exemple #9
0
 /**
  * post a new date or an updated date
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return integer the id of the new or updated record, else 0 on error
  *
  * @see dates/edit.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // no date
     if (!$fields['date_stamp']) {
         Logger::error(i18n::s('Please provide a date.'));
         return 0;
     }
     // no anchor reference
     if (!$fields['anchor']) {
         Logger::error(i18n::s('No anchor has been found.'));
         return 0;
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // update the existing record
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         // update the existing record
         $query = "UPDATE " . SQL::table_name('dates') . " SET " . "date_stamp='" . SQL::escape($fields['date_stamp']) . "'";
         // maybe a silent update
         if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
             $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         }
         $query .= " WHERE id = " . SQL::escape($fields['id']);
         if (SQL::query($query) === FALSE) {
             return 0;
         }
         // insert a new record
     } else {
         // always remember the date
         $query = "INSERT INTO " . SQL::table_name('dates') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "date_stamp='" . SQL::escape($fields['date_stamp']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         if (SQL::query($query) === FALSE) {
             return 0;
         }
         // id of the new record
         $fields['id'] = SQL::get_last_id($context['connection']);
     }
     // clear the cache for dates
     Dates::clear($fields);
     // end of job
     return $fields['id'];
 }
Exemple #10
0
 /**
  * post a new image or an updated image
  *
  * Accept following situations:
  * - id+image: update an existing entry in the database
  * - id+no image: only update the database
  * - no id+image: create a new entry in the database
  * - no id+no image: create a new entry in the database
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the image, or FALSE on error
  **/
 public static function post(&$fields)
 {
     global $context;
     // no anchor reference
     if (!isset($fields['anchor']) || !$fields['anchor']) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // get the anchor
     if (!($anchor = Anchors::get($fields['anchor']))) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // set default values
     if (!isset($fields['use_thumbnail']) || !Surfer::get_id()) {
         $fields['use_thumbnail'] = 'Y';
     }
     // only authenticated users can select to not moderate image sizes
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // update the existing record
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         $query = "UPDATE " . SQL::table_name('images') . " SET ";
         if (isset($fields['image_name']) && $fields['image_name'] != 'none') {
             $query .= "image_name='" . SQL::escape($fields['image_name']) . "'," . "thumbnail_name='" . SQL::escape($fields['thumbnail_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "',";
         }
         $query .= "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'" . " WHERE id = " . SQL::escape($fields['id']);
         // actual update
         if (SQL::query($query) === FALSE) {
             return FALSE;
         }
         // insert a new record
     } elseif (isset($fields['image_name']) && $fields['image_name'] && isset($fields['image_size']) && $fields['image_size']) {
         $query = "INSERT INTO " . SQL::table_name('images') . " SET ";
         $query .= "anchor='" . SQL::escape($fields['anchor']) . "'," . "image_name='" . SQL::escape($fields['image_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "thumbnail_name='" . SQL::escape(isset($fields['thumbnail_name']) ? $fields['thumbnail_name'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         // actual update
         if (SQL::query($query) === FALSE) {
             return FALSE;
         }
         // remember the id of the new item
         $fields['id'] = SQL::get_last_id($context['connection']);
         // nothing done
     } else {
         Logger::error(i18n::s('No image has been added.'));
         return FALSE;
     }
     // clear the cache
     Images::clear($fields);
     // end of job
     return $fields['id'];
 }
Exemple #11
0
 /**
  * post a new category
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the new category, or FALSE on error
  *
  * @see categories/edit.php
  * @see categories/populate.php
  * @see categories/set_keyword.php
  **/
 public static function post(&$fields)
 {
     global $context;
     $anchor = $overlay = NULL;
     // title cannot be empty
     if (!isset($fields['title']) || !$fields['title']) {
         Logger::error(i18n::s('No title has been provided.'));
         return FALSE;
     }
     // sanity filter
     $fields['title'] = strip_tags($fields['title'], '<br>');
     // protect from hackers
     if (isset($fields['icon_url'])) {
         $fields['icon_url'] = encode_link($fields['icon_url']);
     }
     if (isset($fields['thumbnail_url'])) {
         $fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
     }
     // set default values
     if (!isset($fields['active_set'])) {
         $fields['active_set'] = 'Y';
     }
     if (!isset($fields['rank'])) {
         $fields['rank'] = 10000;
     }
     if (isset($fields['edit_action'])) {
         $fields['edit_action'] = preg_replace('/feed$/i', 'create', $fields['edit_action']);
         $fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
     }
     // cascade anchor access rights
     if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
         $fields['active'] = $anchor->ceil_rights($fields['active_set']);
     } else {
         $fields['active'] = $fields['active_set'];
     }
     // create overlay from anchor if not done previously
     if (!isset($fields['overlay']) && is_object($anchor)) {
         $overlay = $anchor->get_overlay('categories_overlay');
         if (is_object($overlay)) {
             // allow for change detection
             $overlay->snapshot();
             // update the overlay from form content
             $overlay->parse_fields($fields);
             // save content of the overlay in the category itself
             $fields['overlay'] = $overlay->save();
             $fields['overlay_id'] = $overlay->get_id();
         }
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // reinforce date formats
     if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
         $fields['create_date'] = $fields['edit_date'];
     }
     if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
         $fields['expiry_date'] = NULL_DATE;
     }
     // build path information
     $path = '';
     if (isset($fields['anchor']) && $fields['anchor']) {
         $path .= Categories::build_path($fields['anchor']) . '|';
     }
     $path .= $fields['title'];
     // set layout for categories
     if (!isset($fields['categories_layout']) || !$fields['categories_layout']) {
         $fields['categories_layout'] = $anchor ? $anchor->item['categories_layout'] : 'decorated';
     } elseif ($fields['categories_layout'] == 'custom') {
         if (isset($fields['categories_custom_layout']) && $fields['categories_custom_layout']) {
             $fields['categories_layout'] = $fields['categories_custom_layout'];
         } else {
             $fields['categories_layout'] = 'decorated';
         }
     }
     // set layout for sections
     if (!isset($fields['sections_layout']) || !$fields['sections_layout']) {
         $fields['sections_layout'] = $anchor ? $anchor->item['sections_layout'] : 'decorated';
     } elseif ($fields['sections_layout'] == 'custom') {
         if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
             $fields['sections_layout'] = $fields['sections_custom_layout'];
         } else {
             $fields['sections_layout'] = 'decorated';
         }
     }
     // set layout for articles
     if (!isset($fields['articles_layout']) || !$fields['articles_layout']) {
         $fields['articles_layout'] = $anchor ? $anchor->item['articles_layout'] : 'decorated';
     } elseif ($fields['articles_layout'] == 'custom') {
         if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
             $fields['articles_layout'] = $fields['articles_custom_layout'];
         } else {
             $fields['articles_layout'] = 'decorated';
         }
     }
     // set layout for users
     if (!isset($fields['users_layout']) || !$fields['users_layout']) {
         $fields['users_layout'] = $anchor ? $anchor->item['users_layout'] : 'decorated';
     } elseif ($fields['users_layout'] == 'custom') {
         if (isset($fields['users_custom_layout']) && $fields['users_custom_layout']) {
             $fields['users_layout'] = $fields['users_custom_layout'];
         } else {
             $fields['users_layout'] = 'decorated';
         }
     }
     // set overlay for sub-categories
     if (!isset($fields['categories_overlay'])) {
         $fields['categories_overlay'] = $anchor ? $anchor->item['categories_overlay'] : '';
     }
     // insert a new record
     $query = "INSERT INTO " . SQL::table_name('categories') . " SET ";
     if (isset($fields['id']) && $fields['id']) {
         $query .= "id='" . SQL::escape($fields['id']) . "', ";
     }
     if (isset($fields['nick_name']) && $fields['nick_name']) {
         $query .= "nick_name='" . SQL::escape($fields['nick_name']) . "',";
     }
     $query .= "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "'," . "active='" . SQL::escape($fields['active']) . "'," . "active_set='" . SQL::escape($fields['active_set']) . "'," . "articles_layout='" . SQL::escape($fields['articles_layout']) . "'," . "background_color='" . SQL::escape(isset($fields['background_color']) ? $fields['background_color'] : '') . "'," . "categories_count=" . SQL::escape(isset($fields['categories_count']) ? $fields['categories_count'] : 5) . "," . "categories_layout='" . SQL::escape($fields['categories_layout']) . "'," . "categories_overlay='" . SQL::escape(isset($fields['categories_overlay']) ? $fields['categories_overlay'] : '') . "'," . "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'," . "create_date='" . SQL::escape($fields['create_date']) . "'," . "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . "," . "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "display='" . SQL::escape(isset($fields['display']) ? $fields['display'] : '') . "'," . "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'category:create') . "'," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "expiry_date='" . SQL::escape($fields['expiry_date']) . "'," . "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'," . "hits=" . SQL::escape(isset($fields['hits']) ? $fields['hits'] : 0) . "," . "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'," . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'," . "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'," . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'," . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "path='" . SQL::escape($path) . "'," . "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'," . "rank='" . SQL::escape($fields['rank']) . "'," . "sections_layout='" . SQL::escape($fields['sections_layout']) . "'," . "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'," . "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'," . "title='" . SQL::escape($fields['title']) . "'," . "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'," . "users_layout='" . SQL::escape($fields['users_layout']) . "'";
     // actual insert
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     $fields['id'] = SQL::get_last_id($context['connection']);
     // call remember for the overlay if any intancied here
     if (is_object($overlay)) {
         $overlay->remember('insert', $fields, 'category:' . $fields['id']);
     }
     // clear the whole cache, because a rendering option for things anchored to this category could being changed
     Categories::clear($fields);
     // return the id of the new item
     return $fields['id'];
 }
Exemple #12
0
 /**
  * post a new user profile
  *
  * @param array an array of fields
  * @return the id of the new user profile, or FALSE on error
  *
  * @see control/populate.php
  * @see users/edit.php
  * @see users/populate.php
  * @see query.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // nick_name is required
     if (!isset($fields['nick_name']) || !trim($fields['nick_name'])) {
         Logger::error(i18n::s('Please indicate a nick name.'));
         return FALSE;
     }
     // some weird users put spaces around
     $fields['nick_name'] = trim($fields['nick_name']);
     // names used on shadow records are quite long (eg, tom@foo.bar.com)
     if (preg_match('/^(.+)@(.+)$/', $fields['nick_name'], $matches)) {
         // if short name is free
         if (!Users::get($matches[1])) {
             // use it instead (eg, tom)
             $fields['nick_name'] = $matches[1];
         }
     }
     // nickname may be already used
     if (Users::get($fields['nick_name'])) {
         Logger::error(i18n::s('Another member already has this nick name. Please select a different one.'));
         return FALSE;
     }
     // ensure we have a full name
     if (!isset($fields['full_name']) || !trim($fields['full_name'])) {
         $fields['full_name'] = $fields['nick_name'];
     }
     // password is required
     if (!isset($fields['password']) || !trim($fields['password'])) {
         Logger::error(i18n::s('Please indicate a password.'));
         return FALSE;
     }
     // hash password if coming from a human facing a form
     if (isset($fields['confirm']) && $fields['confirm'] == $fields['password']) {
         $fields['password'] = md5($fields['password']);
     }
     // open community, accept subscribers and members
     if (!isset($fields['capability']) || !in_array($fields['capability'], array('A', 'M', 'S', '?'))) {
         $fields['capability'] = 'M';
     }
     // control user capability
     if (!Surfer::is_associate()) {
         // closed community, accept only subscribers
         if (isset($context['users_with_approved_members']) && $context['users_with_approved_members'] == 'Y') {
             $fields['capability'] = 'S';
         } elseif (isset($context['users_with_email_validation']) && $context['users_with_email_validation'] == 'Y') {
             $fields['capability'] = 'S';
         }
     }
     // remember who is changing this record
     Surfer::check_default_editor($fields);
     // save new settings in session and in cookie
     if (isset($fields['id']) && Surfer::is($fields['id'])) {
         // change preferred editor
         $_SESSION['surfer_editor'] = $fields['editor'];
         Safe::setcookie('surfer_editor', $fields['editor'], NULL, '/');
         // change preferred language
         if (isset($fields['language']) && $_SESSION['surfer_language'] != $fields['language']) {
             $_SESSION['surfer_language'] = $fields['language'];
             $_SESSION['l10n_modules'] = array();
         }
     }
     // fields to update
     $query = array();
     // on import
     if (isset($fields['id'])) {
         $query[] = "id=" . SQL::escape($fields['id']);
     }
     if (!isset($fields['active']) || !trim($fields['active'])) {
         $fields['active'] = 'Y';
     }
     $query[] = "active='" . SQL::escape($fields['active']) . "'";
     $query[] = "aim_address='" . SQL::escape(isset($fields['aim_address']) ? $fields['aim_address'] : '') . "'";
     $query[] = "alternate_number='" . SQL::escape(isset($fields['alternate_number']) ? $fields['alternate_number'] : '') . "'";
     // protect from hackers
     if (isset($fields['avatar_url'])) {
         $fields['avatar_url'] = encode_link($fields['avatar_url']);
     }
     $query[] = "avatar_url='" . SQL::escape(isset($fields['avatar_url']) ? $fields['avatar_url'] : '') . "'";
     if (!isset($fields['birth_date']) || !$fields['birth_date']) {
         $fields['birth_date'] = NULL_DATE;
     }
     $query[] = "birth_date='" . SQL::escape($fields['birth_date']) . "'";
     $query[] = "capability='" . SQL::escape($fields['capability']) . "'";
     $query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
     if (isset($fields['create_id']) || $fields['edit_id']) {
         $query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
     }
     $query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
     if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
         $fields['create_date'] = $fields['edit_date'];
     }
     $query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
     $query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
     $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
     $query[] = "edit_id=" . SQL::escape($fields['edit_id']);
     $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
     $query[] = "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'new') . "'";
     $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
     if (isset($fields['selected_editor'])) {
         $fields['editor'] = $fields['selected_editor'];
     } elseif (isset($context['users_default_editor'])) {
         $fields['editor'] = $context['users_default_editor'];
     } else {
         $fields['editor'] = 'yacs';
     }
     $query[] = "editor='" . SQL::escape($fields['editor']) . "'";
     $query[] = "email='" . SQL::escape(isset($fields['email']) ? $fields['email'] : '') . "'";
     $query[] = "from_where='" . SQL::escape(isset($fields['from_where']) ? $fields['from_where'] : '') . "'";
     $query[] = "full_name='" . SQL::escape(isset($fields['full_name']) ? $fields['full_name'] : '') . "'";
     // always create a handle for this user
     $fields['handle'] = md5(rand());
     $query[] = "handle='" . SQL::escape($fields['handle']) . "'";
     $query[] = "icq_address='" . SQL::escape(isset($fields['icq_address']) ? $fields['icq_address'] : '') . "'";
     if (!isset($fields['interface']) || $fields['interface'] != 'C') {
         $fields['interface'] = 'I';
     }
     $query[] = "interface='" . SQL::escape($fields['interface']) . "'";
     $query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
     $query[] = "irc_address='" . SQL::escape(isset($fields['irc_address']) ? $fields['irc_address'] : '') . "'";
     $query[] = "jabber_address='" . SQL::escape(isset($fields['jabber_address']) ? $fields['jabber_address'] : '') . "'";
     $query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : 'none') . "'";
     $query[] = "msn_address='" . SQL::escape(isset($fields['msn_address']) ? $fields['msn_address'] : '') . "'";
     $query[] = "nick_name='" . SQL::escape($fields['nick_name']) . "'";
     $query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
     $query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
     $query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
     $query[] = "password='******'password']) ? $fields['password'] : '') . "'";
     $query[] = "pgp_key='" . SQL::escape(isset($fields['pgp_key']) ? $fields['pgp_key'] : '') . "'";
     $query[] = "phone_number='" . SQL::escape(isset($fields['phone_number']) ? $fields['phone_number'] : '') . "'";
     if (!isset($fields['post_date']) || $fields['post_date'] <= NULL_DATE) {
         $fields['post_date'] = $fields['edit_date'];
     }
     $query[] = "post_date='" . SQL::escape($fields['post_date']) . "'";
     $query[] = "posts=" . SQL::escape(isset($fields['posts']) ? $fields['posts'] : '0');
     $query[] = "signature='" . SQL::escape(isset($fields['signature']) ? $fields['signature'] : '') . "'";
     $query[] = "skype_address='" . SQL::escape(isset($fields['skype_address']) ? $fields['skype_address'] : '') . "'";
     // clean provided tags
     if (isset($fields['tags'])) {
         $fields['tags'] = trim($fields['tags'], " \t.:,!?");
     }
     $query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
     $query[] = "twitter_address='" . SQL::escape(isset($fields['twitter_address']) ? $fields['twitter_address'] : '') . "'";
     $query[] = "vcard_agent='" . SQL::escape(isset($fields['vcard_agent']) ? $fields['vcard_agent'] : '') . "'";
     $query[] = "vcard_label='" . SQL::escape(isset($fields['vcard_label']) ? $fields['vcard_label'] : '') . "'";
     $query[] = "vcard_organization='" . SQL::escape(isset($fields['vcard_organization']) ? $fields['vcard_organization'] : '') . "'";
     $query[] = "vcard_title='" . SQL::escape(isset($fields['vcard_title']) ? $fields['vcard_title'] : '') . "'";
     $query[] = "web_address='" . SQL::escape(isset($fields['web_address']) ? $fields['web_address'] : '') . "'";
     if (!isset($fields['with_newsletters']) || $fields['with_newsletters'] != 'N') {
         $fields['with_newsletters'] = 'Y';
     }
     $query[] = "with_newsletters='" . $fields['with_newsletters'] . "'";
     if (!isset($fields['without_alerts']) || $fields['without_alerts'] != 'Y') {
         $fields['without_alerts'] = 'N';
     }
     $query[] = "without_alerts='" . $fields['without_alerts'] . "'";
     if (!isset($fields['without_confirmations']) || $fields['without_confirmations'] != 'Y') {
         $fields['without_confirmations'] = 'N';
     }
     $query[] = "without_confirmations='" . $fields['without_confirmations'] . "'";
     if (!isset($fields['without_messages']) || $fields['without_messages'] != 'Y') {
         $fields['without_messages'] = 'N';
     }
     $query[] = "without_messages='" . $fields['without_messages'] . "'";
     $query[] = "yahoo_address='" . SQL::escape(isset($fields['yahoo_address']) ? $fields['yahoo_address'] : '') . "'";
     // insert statement
     $query = "INSERT INTO " . SQL::table_name('users') . " SET " . implode(', ', $query);
     // actual insert
     if (SQL::query($query, FALSE, $context['users_connection']) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     if (!($fields['id'] = SQL::get_last_id($context['users_connection']))) {
         logger::remember('users/users.php: unable to retrieve id of new record');
         return FALSE;
     }
     // list the user in categories
     Categories::remember('user:'******'id'], NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
     // clear the cache for users
     Users::clear($fields);
     // send a confirmation message
     if (isset($fields['email']) && trim($fields['email']) && isset($context['with_email']) && $context['with_email'] == 'Y') {
         // message title
         $subject = sprintf(i18n::s('Your account at %s'), strip_tags($context['site_name']));
         // top of the message
         $message = '<p>' . i18n::s('Welcome!') . '</p>' . '<p>' . sprintf(i18n::s('This message relates to your account at %s.'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>';
         // mention nick name
         $message .= '<p>' . sprintf(i18n::s('Your nick name is %s'), $fields['nick_name']) . '</p>';
         // direct link to login page --see users/login.php
         $link = $context['url_to_home'] . $context['url_to_root'] . Users::get_login_url('login', $fields['id'], rand(1000, 9999), $fields['handle']);
         $message .= '<p>' . i18n::s('Record this message and use the following link to authenticate to the site at any time:') . '</p>' . '<p><a href="' . $link . '">' . $link . '</a></p>';
         // caution note
         $message .= '<p>' . i18n::s('Caution: This hyperlink contains your login credentials encrypted. Please be aware anyone who uses this link will have full access to your account.') . '</p>';
         // confirmation link
         if (isset($context['users_with_email_validation']) && $context['users_with_email_validation'] == 'Y') {
             $message .= '<p>' . i18n::s('Click on the link below to activate your new account.') . '</p>';
             // use the secret handle
             $link = $context['url_to_home'] . $context['url_to_root'] . Users::get_url($fields['handle'], 'validate');
             $message .= '<p><a href="' . $link . '">' . $link . '</a></p>';
         }
         // bottom of the message
         $message .= '<p>' . sprintf(i18n::s('On-line help is available at %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '">' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Thank you for your interest into %s.'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>';
         // enable threading
         $headers = Mailer::set_thread('user:'******'id']);
         // post the confirmation message
         Mailer::notify(NULL, $fields['email'], $subject, $message, $headers);
     }
     // automatic login
     if (!Surfer::get_id() && is_callable(array('Surfer', 'set'))) {
         Surfer::set($fields, TRUE);
     }
     // return the id of the new item
     return $fields['id'];
 }
Exemple #13
0
    Logger::error(i18n::s('You are not allowed to perform this operation.'));
    // an error occured
} elseif (count($context['error'])) {
    $item = $_REQUEST;
    $with_form = TRUE;
    // process uploaded data
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
    // display the form on error
    if ($error = Servers::post($_REQUEST)) {
        Logger::error($error);
        $item = $_REQUEST;
        $with_form = TRUE;
        // reward the poster for new posts
    } elseif (!$item['id']) {
        // the follow-up page
        $next = $context['url_to_home'] . $context['url_to_root'] . Servers::get_url(SQL::get_last_id($context['connection']));
        // the action
        $action = 'server:create';
        // increment the post counter of the surfer
        Users::increment_posts(Surfer::get_id());
        // forward to the updated page
        Safe::redirect($next);
        // update of an existing server
    } else {
        // the follow-up page
        $next = $context['url_to_home'] . $context['url_to_root'] . Servers::get_url($_REQUEST['id']);
        // forward to the updated page
        Safe::redirect($next);
    }
    // display the form on GET
} else {