public static function import_sample_properties($ws, $el_properties, $el, $files, $structure, $items, $real, $el_id, $item_uid)
{
global $DB;
$el_properties_associative = array();
foreach ($el_properties as $foo => $property) {
if (!empty($property) && is_array($property)) {
$property = $property[0];
}
if (empty($property->value)) {
continue;
}
// get the original ID for files and categories
// "translate" those IDs for the ones assigned on the new website
// for example:
// (old website) file id: 35 => (new website) file id: 3
// ...and also translate nv:// urls in (text) properties values
switch ($property->type) {
case 'file':
case 'image':
if (in_array($property->multilanguage, array('true', '1'))) {
foreach ($property->value as $plang => $pval) {
if (isset($files[$pval]->id)) {
$property->value[$plang] = $files[$pval]->id;
}
}
} else {
if (isset($files[$property->value]->id)) {
$property->value = $files[$property->value]->id;
}
}
break;
case 'category':
if (in_array($property->multilanguage, array('true', '1'))) {
foreach ($property->value as $plang => $pval) {
if (isset($structure[$pval]->id)) {
$property->value[$plang] = $structure[$pval]->id;
}
}
} else {
if (isset($structure[$property->value]->id)) {
$property->value = $structure[$property->value]->id;
}
}
break;
case 'categories':
if (in_array($property->multilanguage, array('true', '1'))) {
foreach ($property->value as $plang => $pval) {
$property_categories_old = explode(',', $pval);
$property_categories_new = array();
foreach ($property_categories_old as $oc) {
$property_categories_new[] = $structure[$oc]->id;
}
$property->value[$plang] = implode(',', $property_categories_new);
}
} else {
$property_categories_old = explode(',', $property->value);
$property_categories_new = array();
foreach ($property_categories_old as $oc) {
$property_categories_new[] = $structure[$oc]->id;
}
$property->value = implode(',', $property_categories_new);
}
break;
case 'element':
// is multi-language forced for this property?
if (in_array($property->multilanguage, array('true', '1'))) {
foreach ($property->value as $olang => $oval) {
if (isset($items[$oval]->id)) {
$property->value[$olang] = $items[$oval]->id;
}
}
} else {
if (isset($items[$property->value]->id)) {
$property->value = $items[$property->value]->id;
}
}
break;
default:
if (is_array($property->value)) {
// multilanguage property
foreach ($property->value as $lang => $pvalue) {
$property->value[$lang] = theme::import_sample_translate_nv_urls($pvalue, $structure, $items);
}
} else {
if (!is_string($property->value)) {
$property->value = theme::import_sample_translate_nv_urls($property->value, $structure, $items);
}
}
}
$el_properties_associative[$property->id] = $property->value;
}
if (!empty($el_properties_associative)) {
if ($el == 'block_group_block') {
$template = $real[$el_id]->code;
} else {
if ($el == 'block') {
$template = $real[$el_id]->type;
} else {
$template = $real[$el_id]->template;
if (empty($template) && $el == 'item' && $real[$el_id]->embedding == 1) {
// we have to get the template set in the category of the item
$template = $DB->query_single('template', 'nv_structure', ' id = ' . protect($real[$el_id]->category) . ' AND
website = ' . $ws->id);
}
}
}
property::save_properties_from_array($el, $real[$el_id]->id, $template, $el_properties_associative, $ws, $item_uid);
}
}
function run()
{
global $layout;
global $DB;
global $website;
global $theme;
global $user;
$out = '';
$item = new item();
switch ($_REQUEST['act']) {
case 'json':
case 1:
// json data retrieval & operations
switch ($_REQUEST['oper']) {
case 'del':
// remove rows
$ids = $_REQUEST['ids'];
foreach ($ids as $id) {
$item->load($id);
$item->delete();
}
echo json_encode(true);
break;
default:
// list or search
// translation of request search & order fields
switch ($_REQUEST['searchField']) {
case 'id':
$_REQUEST['searchField'] = 'i.id';
break;
case 'title':
$_REQUEST['searchField'] = 'd.text';
break;
case 'language':
$_REQUEST['searchField'] = 'd.lang';
break;
case 'category':
$_REQUEST['searchField'] = 'i.category';
break;
case 'dates':
$_REQUEST['searchField'] = 'i.date_published';
break;
case 'permission':
$_REQUEST['searchField'] = 'i.permission';
break;
default:
}
if ($_REQUEST['sidx'] == 'dates') {
$_REQUEST['sidx'] = 'i.date_published';
}
$page = intval($_REQUEST['page']);
$max = intval($_REQUEST['rows']);
$offset = ($page - 1) * $max;
$orderby = $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'];
$where = ' i.website = ' . $website->id;
if ($_REQUEST['_search'] == 'true' || isset($_REQUEST['quicksearch'])) {
if (isset($_REQUEST['quicksearch'])) {
$where .= $item->quicksearch($_REQUEST['quicksearch']);
} else {
if (isset($_REQUEST['filters'])) {
if (is_array($_REQUEST['filters'])) {
$filters = json_decode(json_encode($_REQUEST['filters']), FALSE);
} else {
$filters = json_decode($_REQUEST['filters']);
}
for ($r = 0; $r < count($filters->rules); $r++) {
switch ($filters->rules[$r]->field) {
case 'id':
$filters->rules[$r]->field = 'i.id';
break;
case 'title':
$filters->rules[$r]->field = 'd.text';
break;
case 'language':
$filters->rules[$r]->field = 'd.lang';
break;
case 'category':
$filters->rules[$r]->field = 'i.category';
break;
case 'dates':
$filters->rules[$r]->field = 'i.date_published';
break;
case 'permission':
$filters->rules[$r]->field = 'i.permission';
break;
default:
}
}
$where .= navitable::jqgridsearch(json_encode($filters));
} else {
// single search
$where .= ' AND ' . navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']);
}
}
}
$sql = ' SELECT SQL_CALC_FOUND_ROWS
i.*, d.text as title, d.lang as language,
u.username as author_username,
( SELECT COUNT(*)
FROM nv_comments cm
WHERE cm.item = i.id
AND cm.website = ' . $website->id . '
) as comments
FROM nv_items i
LEFT JOIN nv_webdictionary d
ON i.id = d.node_id
AND d.node_type = "item"
AND d.subtype = "title"
AND d.lang = "' . $website->languages_list[0] . '"
AND d.website = ' . $website->id . '
LEFT JOIN nv_users u
ON u.id = i.author
WHERE ' . $where . '
GROUP BY i.id, d.text, d.lang, u.username
ORDER BY ' . $orderby . '
LIMIT ' . $max . '
OFFSET ' . $offset;
if (!$DB->query($sql, 'array')) {
throw new Exception($DB->get_last_error());
}
$dataset = $DB->result();
$total = $DB->foundRows();
$dataset = grid_notes::summary($dataset, 'item', 'id');
$access = array(0 => '<img src="img/icons/silk/page_white_go.png" align="absmiddle" title="' . t(254, 'Everybody') . '" />', 1 => '<img src="img/icons/silk/lock.png" align="absmiddle" title="' . t(361, 'Web users only') . '" />', 2 => '<img src="img/icons/silk/user_gray.png" align="absmiddle" title="' . t(363, 'Users who have not yet signed up or signed in') . '" />', 3 => '<img src="img/icons/silk/group_key.png" align="absmiddle" title="' . t(512, "Selected web user groups") . '" />');
$permissions = array(0 => '<img src="img/icons/silk/world.png" align="absmiddle" /> ' . t(69, 'Published'), 1 => '<img src="img/icons/silk/world_dawn.png" align="absmiddle" /> ' . t(70, 'Private'), 2 => '<img src="img/icons/silk/world_night.png" align="absmiddle" /> ' . t(81, 'Hidden'));
$hierarchy = structure::hierarchy(0);
// we need to format the values and retrieve the needed strings from the dictionary
$out = array();
for ($i = 0; $i < count($dataset); $i++) {
if (empty($dataset[$i])) {
continue;
}
if (empty($dataset[$i]['date_published'])) {
$dataset[$i]['date_published'] = '∞';
} else {
$dataset[$i]['date_published'] = core_ts2date($dataset[$i]['date_published'], false);
}
if (empty($dataset[$i]['date_unpublish'])) {
$dataset[$i]['date_unpublish'] = '∞';
} else {
$dataset[$i]['date_unpublish'] = core_ts2date($dataset[$i]['date_unpublish'], false);
}
if (empty($dataset[$i]['date_to_display'])) {
$dataset[$i]['date_to_display'] = '';
} else {
$dataset[$i]['date_to_display'] = core_ts2date($dataset[$i]['date_to_display'], false);
}
if ($dataset[$i]['category'] > 0) {
$category_path = structure::hierarchyPath($hierarchy, $dataset[$i]['category']);
if (is_array($category_path)) {
$dataset[$i]['category_path'] = implode(' › ', $category_path);
} else {
$dataset[$i]['category_path'] = $category_path;
}
}
$category_text = '';
if ($dataset[$i]['association'] == 'free') {
$category_text = '[ ' . strtolower(t(100, 'Free')) . ' ]';
} else {
$category_text = $dataset[$i]['category_path'];
}
$item_views = $dataset[$i]['views'];
if ($item_views > 1000) {
$item_views = round($item_views / 1000) . "K";
}
$item_comments = $dataset[$i]['comments'];
if ($item_comments > 1000) {
$item_comments = round($item_comments / 1000) . "K";
}
//$social_rating = '<img src="img/icons/silk/star.png" align="absmiddle" width="12px" height="12px" /> '.
// '<span style="font-size: 90%;">'.$dataset[$i]['score'].' ('.$dataset[$i]['votes'].')</span>';
//$social_rating = '<i class="fa fa-fw fa-eye" /> <span style="font-size: 90%;">'.$dataset[$i]['views'].'</span>';
$social_rating = '<img src="img/icons/silk/eye.png" align="absmiddle" width="12px" height="12px" /> ' . '<span style="font-size: 90%;">' . $item_views . '</span>';
//$social_comments = '<i class="fa fa-fw fa-comments-o" /> <span style="font-size: 90%;">'.$dataset[$i]['comments'].'</span>';
$social_comments = '<img src="img/icons/silk/comments.png" align="absmiddle" width="12px" height="12px" /> ' . '<span style="font-size: 90%;">' . $item_comments . '</span>';
if (empty($dataset[$i]['title'])) {
// if title is empty for the default language,
// try to load the title in another language
$DB->query('
SELECT lang, text
FROM nv_webdictionary
WHERE website = ' . $website->id . ' AND
node_type = "item" AND
subtype="title" AND
node_id = ' . $dataset[$i]['id'] . ' AND
text != ""
ORDER BY id ASC');
$titles = $DB->result();
if (!empty($titles)) {
$dataset[$i]['title'] = '<img src="img/icons/silk/comment.png" align="absmiddle" />';
$dataset[$i]['title'] .= '<small>' . $titles[0]->lang . '</small> ';
$dataset[$i]['title'] .= $titles[0]->text;
}
}
$out[$i] = array(0 => $dataset[$i]['id'], 1 => '<div class="list-row" data-permission="' . $dataset[$i]['permission'] . '">' . $dataset[$i]['title'] . '</div>', 2 => $social_rating . ' ' . $social_comments, 3 => $category_text, 4 => $dataset[$i]['date_to_display'], 5 => $dataset[$i]['date_published'] . ' - ' . $dataset[$i]['date_unpublish'], 6 => $access[$dataset[$i]['access']] . ' ' . $permissions[$dataset[$i]['permission']], 7 => $dataset[$i]['_grid_notes_html']);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
break;
}
core_terminate();
break;
case 'load':
case 'create':
case 'edit':
case 2:
// edit/new form
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($user->permission("items.edit") == "false" && $item->author != $user->id) {
$layout->navigate_notification(t(610, "Sorry, you are not allowed to execute the requested function"), true);
$_REQUEST['act'] = 'list';
return run();
}
// check if the current user can edit this item
if ($item->association == 'category' && !empty($item->category)) {
if (!structure::category_allowed($item->category)) {
$layout->navigate_notification(t(610, "Sorry, you are not allowed to execute the requested function"), true);
$_REQUEST['act'] = 'list';
return run();
}
}
}
if (isset($_REQUEST['form-sent'])) {
$item->load_from_post();
try {
$item->save();
property::save_properties_from_post('item', $item->id);
if (!empty($_REQUEST['items-order'])) {
item::reorder($_REQUEST['items-order']);
}
$layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check');
$item->load($item->id);
users_log::action($_REQUEST['fid'], $item->id, 'save', $item->dictionary[$website->languages_list[0]]['title'], json_encode($_REQUEST));
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true, true);
}
} else {
users_log::action($_REQUEST['fid'], $item->id, 'load', $item->dictionary[$website->languages_list[0]]['title']);
}
$out = items_form($item);
break;
case 'delete':
case 4:
// remove
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
try {
if (!empty($item->id)) {
$deleted = $item->delete() > 0;
if ($deleted) {
$layout->navigate_notification(t(55, 'Item removed successfully.'), false);
$out = items_list();
users_log::action($_REQUEST['fid'], $item->id, 'remove', $item->dictionary[$website->languages_list[0]]['title'], json_encode($_REQUEST));
}
}
if (!$deleted) {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
if (!empty($item->id)) {
$out = items_form($item);
} else {
$out = items_list();
}
}
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true);
if (!empty($item->id)) {
$out = items_form($item);
}
}
}
break;
case 'duplicate':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($item->association == 'category' && $item->embedding == 1) {
// get structure template
$category = new structure();
$category->load($item->category);
$properties = property::load_properties_associative('structure', $category->template, 'item', $item->id);
} else {
$properties = property::load_properties_associative('item', $item->template, 'item', $item->id);
}
// try to duplicate
$item->id = 0;
$ok = $item->insert();
if ($ok) {
// duplicate item properties too (but don't duplicate comments)
if ($item->association == 'category' && $item->embedding == 1) {
$ok = property::save_properties_from_array('item', $item->id, $category->template, $properties);
} else {
$ok = property::save_properties_from_array('item', $item->id, $item->template, $properties);
}
}
if ($ok) {
$layout->navigate_notification(t(478, 'Item duplicated successfully.'), false, false, 'fa fa-check');
$out = items_form($item);
} else {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
$item = new item();
$item->load(intval($_REQUEST['id']));
$out = items_form($item);
}
users_log::action($_REQUEST['fid'], $item->id, 'duplicate', $item->dictionary[$website->languages_list[0]]['title'], json_encode($_REQUEST));
}
break;
case 89:
if (!empty($_REQUEST['id'])) {
$DB->execute('DELETE FROM nv_webdictionary_history WHERE id = ' . intval($_REQUEST['id']) . ' LIMIT 1');
echo 'true';
} else {
echo 'false';
}
core_terminate();
break;
case 90:
$DB->query('SELECT id, date_created, autosave
FROM nv_webdictionary_history
WHERE node_type = "item"
AND subtype = ' . protect('section-' . $_REQUEST['section']) . '
AND lang = ' . protect($_GET['lang']) . '
AND node_id = ' . protect($_REQUEST['id']) . '
AND website = ' . $website->id . '
ORDER BY date_created DESC', 'array');
$result = $DB->result();
if (!is_array($result)) {
$result = array();
}
for ($i = 0; $i < count($result); $i++) {
$result[$i]['date'] = core_ts2date($result[$i]['date_created'], true);
if ($result[$i]['autosave'] == 1) {
$result[$i]['date'] .= ' (' . t(273, 'Autosave') . ')';
}
}
echo json_encode($result);
core_terminate();
break;
case "search_by_title":
case 91:
// json search title request (for "copy from" dialog)
$DB->query('
SELECT node_id as id, text as label, text as value
FROM nv_webdictionary
WHERE node_type = "item"
AND subtype = "title"
AND lang = ' . protect($_REQUEST['lang']) . '
AND website = ' . $website->id . '
AND text LIKE ' . protect('%' . $_REQUEST['title'] . '%') . '
ORDER BY text ASC
LIMIT 20', 'array');
echo json_encode($DB->result());
core_terminate();
break;
case "raw_zone_content":
// return raw item contents
if (empty($_REQUEST['section'])) {
$_REQUEST['section'] = 'main';
}
if ($_REQUEST['history'] == 'true') {
$DB->query('SELECT text
FROM nv_webdictionary_history
WHERE node_type = "item"
AND website = ' . $website->id . '
AND id = ' . protect($_REQUEST['id']), 'array');
$data = $DB->first();
echo $data['text'];
} else {
if ($_REQUEST['zone'] == 'section') {
$DB->query('SELECT text
FROM nv_webdictionary
WHERE node_type = "item"
AND subtype = ' . protect('section-' . $_REQUEST['section']) . '
AND lang = ' . protect($_REQUEST['lang']) . '
AND website = ' . $website->id . '
AND node_id = ' . protect($_REQUEST['node_id']), 'array');
$data = $DB->first();
echo $data['text'];
} else {
if ($_REQUEST['zone'] == 'property') {
$DB->query('SELECT text
FROM nv_webdictionary
WHERE node_type = "property-item"
AND subtype = ' . protect('property-' . $_REQUEST['section'] . '-' . $_REQUEST['lang']) . '
AND lang = ' . protect($_REQUEST['lang']) . '
AND website = ' . $website->id . '
AND node_id = ' . protect($_REQUEST['node_id']), 'array');
$data = $DB->first();
echo $data['text'];
}
}
}
core_terminate();
break;
// return raw template content
// return raw template content
case 93:
$DB->query('SELECT file
FROM nv_templates
WHERE enabled = 1
AND id = ' . protect($_REQUEST['id']) . '
AND website = ' . $website->id, 'array');
$data = $DB->first();
echo @file_get_contents(NAVIGATE_PRIVATE . '/' . $website->id . '/templates/' . $data['file']);
core_terminate();
break;
case "copy_from_template_zones":
// return template sections and (textarea) properties for a content id
$item = new item();
$item->load(intval($_REQUEST['id']));
$template = $item->load_template();
$zones = array();
for ($ts = 0; $ts < count($template->sections); $ts++) {
$title = $template->sections[$ts]['name'];
if (!empty($theme)) {
$title = $theme->t($title);
}
if ($title == '#main#') {
$title = t(238, 'Main content');
}
$zones[] = array('type' => 'section', 'id' => $template->sections[$ts]['id'], 'title' => $title);
}
for ($ps = 0; $ps < count($template->properties); $ps++) {
// ignore structure properties
if (isset($template->properties[$ps]->element) && $template->properties[$ps]->element != 'item') {
continue;
}
// ignore non-textual properties
if (!in_array($template->properties[$ps]->type, array("text", "textarea", "rich_textarea"))) {
continue;
}
$title = $template->properties[$ps]->name;
if (!empty($theme)) {
$title = $theme->t($title);
}
$zones[] = array('type' => 'property', 'id' => $template->properties[$ps]->id, 'title' => $title);
}
echo json_encode($zones);
core_terminate();
break;
case 95:
// free path checking
$path = $_REQUEST['path'];
$id = $_REQUEST['id'];
$DB->query('SELECT type, object_id, lang
FROM nv_paths
WHERE path = ' . protect($path) . '
AND website = ' . $website->id);
$rs = $DB->result();
echo json_encode($rs);
core_terminate();
break;
case 96:
// return category paths
echo json_encode(path::loadElementPaths('structure', intval($_REQUEST['id'])));
core_terminate();
break;
case 'json_find_user':
// json find user by name request (for "moderator" autocomplete)
$DB->query('
SELECT id, username as text
FROM nv_users
WHERE username LIKE ' . protect('%' . $_REQUEST['username'] . '%') . '
ORDER BY username ASC
LIMIT 30', 'array
');
$rows = $DB->result();
$total = $DB->foundRows();
echo json_encode(array('items' => $rows, 'total_count' => $total));
core_terminate();
break;
case 'json_find_item':
// find items by its title
// any language
$template_filter = '';
if (!empty($_REQUEST['template'])) {
$template_filter = ' AND nvi.template = ' . protect($_REQUEST['template']) . ' ';
}
if (!empty($_REQUEST['association'])) {
$template_filter = ' AND nvi.association = ' . protect($_REQUEST['association']) . ' ';
}
if (isset($_REQUEST['embedding'])) {
$template_filter = ' AND nvi.embedding = ' . protect($_REQUEST['embedding']) . ' ';
}
$text = $_REQUEST['title'];
if (!empty($_REQUEST['term'])) {
// tagit request
$text = $_REQUEST['term'];
}
$DB->query('
SELECT SQL_CALC_FOUND_ROWS DISTINCT nvw.node_id as id, nvw.text as text
FROM nv_webdictionary nvw, nv_items nvi
WHERE nvw.node_type = "item"
AND nvw.node_id = nvi.id
' . $template_filter . '
AND nvw.subtype = "title"
AND nvw.website = ' . $website->id . '
AND nvw.website = nvi.website
AND nvw.text LIKE ' . protect('%' . $text . '%') . '
GROUP BY nvw.node_id, nvw.text
ORDER BY nvw.text ASC
LIMIT ' . intval($_REQUEST['page_limit']) . '
OFFSET ' . max(0, intval($_REQUEST['page_limit']) * (intval($_REQUEST['page']) - 1)), 'array');
$rows = $DB->result();
$total = $DB->foundRows();
if ($_REQUEST['association'] == 'free') {
for ($i = 0; $i < count($rows); $i++) {
$rows[$i]['path'] = $DB->query_single('path', 'nv_paths', ' website = ' . protect($website->id) . ' AND
type="item" AND
object_id="' . $rows[$i]['id'] . '" AND
lang="' . $website->languages_list[0] . '"
');
if (empty($rows[$i]['path'])) {
$rows[$i]['path'] = '/node/' . $rows[$i]['id'];
}
}
}
if (empty($_REQUEST['format']) || $_REQUEST['format'] == 'select2') {
echo json_encode(array('items' => $rows, 'totalCount' => $total));
} else {
if ($_REQUEST['format'] == 'tagit') {
$tags_json = array();
foreach ($rows as $row) {
$tags_json[] = json_decode('{ "id": "' . $row['id'] . '", "label": "' . $row['text'] . '", "value": "' . $row['text'] . '" }');
}
echo json_encode($tags_json);
}
}
core_terminate();
break;
case 98:
// change comment status
if (empty($_REQUEST['id'])) {
echo "false";
core_terminate();
}
switch ($_REQUEST['opt']) {
case 'publish':
$DB->execute('
UPDATE nv_comments
SET status = 0
WHERE website = ' . $website->id . ' AND
id = ' . $_REQUEST['id']);
break;
case 'unpublish':
$DB->execute('
UPDATE nv_comments
SET status = 1
WHERE website = ' . $website->id . ' AND
id = ' . $_REQUEST['id']);
break;
case 'delete':
$DB->execute('
DELETE FROM nv_comments
WHERE website = ' . $website->id . ' AND
id = ' . $_REQUEST['id']);
break;
}
$error = $DB->get_last_error();
if (empty($error)) {
echo 'true';
} else {
echo 'false';
}
core_terminate();
break;
case 'autosave':
if (!empty($_REQUEST['id'])) {
$iDictionary = array();
foreach ($_REQUEST as $key => $value) {
if (strpos($key, 'section-') === 0) {
$lang = substr($key, -2, 2);
$kname = substr($key, 0, strlen($key) - 3);
$iDictionary[$lang][$kname] = $value;
}
}
$changed = webdictionary_history::save_element_strings('item', intval($_REQUEST['id']), $iDictionary, true);
if ($changed) {
echo 'changes_saved';
} else {
echo 'no_changes';
}
core_terminate();
}
echo 'false';
core_terminate();
break;
case 'votes_reset':
webuser_vote::remove_object_votes('item', intval($_REQUEST['id']));
echo 'true';
core_terminate();
break;
case 'votes_by_webuser':
if ($_POST['oper'] == 'del') {
$ids = explode(',', $_POST['id']);
for ($i = 0; $i < count($ids); $i++) {
if ($ids[$i] > 0) {
$vote = new webuser_vote();
$vote->load($ids[$i]);
$vote->delete();
}
}
webuser_vote::update_object_score('item', $vote->object_id);
echo 'true';
core_terminate();
}
$max = intval($_GET['rows']);
$page = intval($_GET['page']);
$offset = ($page - 1) * $max;
if ($_REQUEST['_search'] == 'false') {
list($dataset, $total) = webuser_vote::object_votes_by_webuser('item', intval($_REQUEST['id']), $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'], $offset, $max);
}
$out = array();
for ($i = 0; $i < count($dataset); $i++) {
if (empty($dataset[$i])) {
continue;
}
$out[$i] = array(0 => $dataset[$i]['id'], 1 => core_ts2date($dataset[$i]['date'], true), 2 => $dataset[$i]['username']);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
core_terminate();
break;
case 'items_order':
if (!empty($_POST['items-order'])) {
// save new order
$response = item::reorder($_POST['items-order']);
if ($response !== true) {
echo $response['error'];
} else {
echo 'true';
}
} else {
// show ordered list
echo items_order($_REQUEST['category']);
}
core_terminate();
break;
case 'json_tags_search':
$tags = nvweb_tags_retrieve(null, null, 'top', $_REQUEST['term'], $_REQUEST['lang']);
$tags_json = array();
foreach (array_keys($tags) as $tag) {
$tags_json[] = json_decode('{ "id": "' . $tag . '", "label": "' . $tag . '", "value": "' . $tag . '" }');
}
echo json_encode($tags_json);
core_terminate();
break;
case 'json_tags_ranking':
$tags = nvweb_tags_retrieve(100, null, 'top', null, $_REQUEST['lang']);
$tags = array_keys($tags);
echo json_encode($tags);
core_terminate();
break;
case 'list':
case 0:
// list / search result
// list / search result
default:
$out = items_list();
break;
}
return $out;
}
function nvweb_comments($vars = array())
{
global $website;
global $DB;
global $current;
global $webgets;
global $dictionary;
global $webuser;
global $theme;
global $events;
global $session;
$webget = 'comments';
if (!isset($webgets[$webget])) {
$webgets[$webget] = array();
global $lang;
if (empty($lang)) {
$lang = new language();
$lang->load($current['lang']);
}
// default translations
$webgets[$webget]['translations'] = array('post_a_comment' => t(379, 'Post a comment'), 'name' => t(159, 'Name'), 'email' => t(44, 'E-Mail'), 'website' => t(177, 'Website'), 'message' => t(380, 'Message'), 'email_will_not_be_published' => t(381, 'E-Mail will not be published'), 'submit' => t(382, 'Submit'), 'sign_in_or_sign_up_to_post_a_comment' => t(383, 'Sign in or Sign up to post a comment'), 'comments_on_this_entry_are_closed' => t(384, 'Comments on this entry are closed'), 'please_dont_leave_any_field_blank' => t(385, 'Please don\'t leave any field blank'), 'your_comment_has_been_received_and_will_be_published_shortly' => t(386, 'Your comment has been received and will be published shortly'), 'new_comment' => t(387, 'New comment'), 'review_comments' => t(388, 'Review comments'));
// theme translations
// if the web theme has custom translations for this string subtypes, use it (for the user selected language)
/* just add the following translations to your json theme dictionary:
"post_a_comment": "Post a comment",
"name": "Name",
"email": "E-Mail",
"website": "Website",
"message": "Message",
"email_will_not_be_published": "E-Mail will not be published",
"submit": "Submit",
"sign_in_or_sign_up_to_post_a_comment": "Sign in or Sign up to post a comment",
"comments_on_this_entry_are_closed": "Comments on this entry are closed",
"please_dont_leave_any_field_blank": "Please don't leave any field blank",
"your_comment_has_been_received_and_will_be_published_shortly": "Your comment has been received and will be published shortly",
"new_comment": "New comment",
"review_comments": "Review comments"
*/
if (!empty($website->theme) && method_exists($theme, 't')) {
foreach ($webgets[$webget]['translations'] as $code => $text) {
$theme_translation = $theme->t($code);
if (!empty($theme_translation) && $theme_translation != $code) {
$webgets[$webget]['translations'][$code] = $theme_translation;
}
}
}
}
// set default callback
if (empty($vars['callback'])) {
$vars['callback'] = 'alert';
}
// check callback attributes
$callback = $vars['callback'];
if (!empty($vars['alert_callback'])) {
$callback = $vars['alert_callback'];
} else {
if (!empty($vars['callback_alert'])) {
$callback = $vars['callback_alert'];
}
}
$callback_error = $callback;
if (!empty($vars['error_callback'])) {
$callback_error = $vars['error_callback'];
} else {
if (!empty($vars['callback_error'])) {
$callback_error = $vars['callback_error'];
}
}
$out = '';
// if the current page belongs to a structure entry
// we need to get the associated elements to retrieve and post its comments
// (because structure entry pages can't have associated comments)
// so, ONLY the FIRST element associated to a category can have comments in a structure entry page
// (of course if the element has its own page, it can have its own comments)
$element = $current['object'];
if ($current['type'] == 'structure') {
if (empty($current['structure_elements'])) {
$current['structure_elements'] = $element->elements();
}
$element = $current['structure_elements'][0];
}
switch (@$vars['mode']) {
case 'process':
if (isset($_GET['nv_approve_comment'])) {
// process 1-click comment approval
$comment = new comment();
$comment->load($_GET['id']);
if (!empty($comment->id) && $comment->status == -1) {
$hash = $_GET['hash'];
if ($hash == sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails))) {
// hash check passed
$comment->status = 0;
$comment->save();
$response = t(555, "Item has been successfully published.");
if ($vars['notify'] == 'inline' || $callback == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
} else {
$response = t(344, "Security error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
} else {
$response = t(56, "Unexpected error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
}
if (isset($_GET['nv_remove_comment'])) {
// process 1-click comment removal
$comment = new comment();
$comment->load($_GET['id']);
if (!empty($comment->id) && $comment->status == -1) {
$hash = $_GET['hash'];
if ($hash == sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails))) {
// hash check passed
$comment->delete();
$response = t(55, "Item successfully deleted");
if ($vars['notify'] == 'inline' || $callback == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
} else {
$response = t(344, "Security error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
} else {
$response = t(56, "Unexpected error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
}
if ($_REQUEST['form-type'] == 'comment-reply' || isset($_POST[$vars['field-message']])) {
// add comment
if (empty($vars['field-name'])) {
$vars['field-name'] = 'reply-name';
}
if (empty($vars['field-email'])) {
$vars['field-email'] = 'reply-email';
}
if (empty($vars['field-url'])) {
$vars['field-url'] = 'reply-url';
}
if (empty($vars['field-message'])) {
$vars['field-message'] = 'reply-message';
}
if (!empty($vars['element'])) {
$element = $vars['element'];
}
$comment_name = @$_REQUEST[$vars['field-name']];
$comment_email = @$_REQUEST[$vars['field-email']];
$comment_url = @$_REQUEST[$vars['field-url']];
$comment_message = @$_REQUEST[$vars['field-message']];
if ((empty($comment_name) || empty($comment_email)) && empty($webuser->id) || empty($comment_message)) {
$response = $webgets[$webget]['translations']['please_dont_leave_any_field_blank'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
return $out;
}
$status = -1;
// new comment, not approved
if (empty($element->comments_moderator)) {
$status = 0;
}
// all comments auto-approved
// remove any <nv /> or {{nv}} tag
$comment_name = core_remove_nvtags($comment_name);
$comment_name = strip_tags($comment_name);
$comment_message = core_remove_nvtags($comment_message);
$comment = new comment();
$comment->id = 0;
$comment->website = $website->id;
$comment->item = $element->id;
$comment->user = empty($webuser->id) ? 0 : $webuser->id;
$comment->name = $comment_name;
$comment->email = filter_var($comment_email, FILTER_SANITIZE_EMAIL);
$comment->url = filter_var($comment_url, FILTER_SANITIZE_URL);
$comment->ip = core_ip();
$comment->date_created = core_time();
$comment->date_modified = 0;
$comment->status = $status;
$comment->message = $comment_message;
$properties = array();
// check if there are comment properties values
if (isset($vars['field-properties-prefix'])) {
// check every possible property
$e_properties = property::elements($element->template, 'comment');
for ($ep = 0; $ep < count($e_properties); $ep++) {
if (isset($_POST[$vars['field-properties-prefix'] . $e_properties[$ep]->id])) {
$properties[$e_properties[$ep]->id] = $_POST[$vars['field-properties-prefix'] . $e_properties[$ep]->id];
}
}
}
// trigger the "new_comment" event through the extensions system before inserting it!
$extensions_messages = $events->trigger('comment', 'before_insert', array('comment' => $comment, 'properties' => $properties));
foreach ($extensions_messages as $ext_name => $ext_result) {
if (isset($ext_result['error'])) {
$response = $ext_result['error'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
return $out;
}
}
$comment->insert();
if (!empty($properties)) {
property::save_properties_from_array('comment', $comment->id, $element->template, $properties);
}
// reload the element to retrieve the new comments
$element = new item();
$element->load($comment->item);
if ($current['type'] == 'item' && !isset($vars['element'])) {
$current['object'] = $element;
}
// trigger the "new_comment" event through the extensions system
$events->trigger('comment', 'after_insert', array('comment' => &$comment, 'properties' => $properties));
if (!empty($comment->id)) {
if ($status == -1) {
$response = $webgets[$webget]['translations']['your_comment_has_been_received_and_will_be_published_shortly'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
} else {
$response = $webgets[$webget]['translations']['your_comment_has_been_received_and_will_be_published_shortly'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
}
}
$notify_addresses = $website->contact_emails;
if (!empty($element->comments_moderator)) {
$notify_addresses[] = user::email_of($element->comments_moderator);
}
$hash = sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails));
$base_url = nvweb_source_url('element', $element->id);
// default colors
$background_color = '#E5F1FF';
$text_color = '#595959';
$title_color = '#595959';
$background_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.background_color") . ' AND website = ' . protect($website->id), 'id DESC');
$text_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.text_color") . ' AND website = ' . protect($website->id), 'id DESC');
$title_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.titles_color") . ' AND website = ' . protect($website->id), 'id DESC');
if (!empty($background_color_db)) {
$background_color = str_replace('"', '', $background_color_db);
}
if (!empty($text_color_db)) {
$text_color = str_replace('"', '', $text_color_db);
}
if (!empty($title_color_db)) {
$title_color = str_replace('"', '', $title_color_db);
}
$message = navigate_compose_email(array(array('title' => t(9, 'Content'), 'content' => $element->dictionary[$current['lang']]['title']), array('title' => $webgets[$webget]['translations']['name'], 'content' => $comment_name . @$webuser->username), array('title' => $webgets[$webget]['translations']['email'], 'content' => $comment_email . @$webuser->email), array('title' => $webgets[$webget]['translations']['website'], 'content' => $comment_url . @$webuser->social_website), array('title' => $webgets[$webget]['translations']['message'], 'content' => nl2br($comment_message)), array('footer' => '<a href="' . NAVIGATE_URL . '/' . NAVIGATE_MAIN . '?wid=' . $website->id . '&fid=10&act=2&tab=5&id=' . $element->id . '"><strong>' . $webgets[$webget]['translations']['review_comments'] . '</strong></a>' . ' | ' . '<a style=" color: #008830" href="' . $base_url . '?nv_approve_comment&id=' . $comment->id . '&hash=' . $hash . '">' . t(258, "Publish") . '</a>' . ' | ' . '<a style=" color: #FF0090" href="' . $base_url . '?nv_remove_comment&id=' . $comment->id . '&hash=' . $hash . '">' . t(525, "Remove comment (without confirmation)") . '</a>')), array('background' => $background_color, 'title-color' => $title_color, 'content-color' => $text_color));
// trying to implement One-Click actions (used in Google GMail)
// You need to be registered with Google first: https://developers.google.com/gmail/markup/registering-with-google
$one_click_actions = '
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction":
{
"@type": "ViewAction",
"name": "' . $webgets[$webget]['translations']['review_comments'] . '",
"url": "' . NAVIGATE_URL . '/' . NAVIGATE_MAIN . '?wid=' . $website->id . '&fid=10&act=2&tab=5&id=' . $element->id . '"
}
}
</script>
';
$message = '<html><head>' . $one_click_actions . '</head><body>' . $message . '</body></html>';
foreach ($website->contact_emails as $contact_address) {
@nvweb_send_email($website->name . ' | ' . $webgets[$webget]['translations']['new_comment'], $message, $contact_address, null, true);
}
}
break;
case 'reply':
if ($element->comments_enabled_to == 2 && empty($webuser->id)) {
// Post a comment form (unsigned users)
$out = '
<div class="comments-reply">
<div><div class="comments-reply-info">' . $webgets[$webget]['translations']['post_a_comment'] . '</div></div>
<br />
<form action="' . NVWEB_ABSOLUTE . '/' . $current['route'] . '" method="post">
<input type="hidden" name="form-type" value="comment-reply" />
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['name'] . '</label> <input type="text" name="reply-name" value="" /></div>
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['email'] . ' *</label> <input type="text" name="reply-email" value="" /></div>
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['message'] . '</label> <textarea name="reply-message"></textarea></div>
<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->
<div class="comments-reply-field comments-reply-field-info-email"><label> </label> * ' . $webgets[$webget]['translations']['email_will_not_be_published'] . '</div>
<div class="comments-reply-field comments-reply-field-submit"><input class="comments-reply-submit" type="submit" value="' . $webgets[$webget]['translations']['submit'] . '" /></div>
</form>
</div>
';
$extensions_messages = $events->trigger('comment', 'reply_extra_fields', array('html' => &$out));
// add any extra field generated
if (!empty($extensions_messages)) {
$extra_fields = array_map(function ($v) {
return $v;
}, array_values($extensions_messages));
$out = str_replace('<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->', implode("\n", $extra_fields), $out);
}
} else {
if ($element->comments_enabled_to > 0 && !empty($webuser->id)) {
// Post a comment form (signed in users)
if (empty($vars['avatar_size'])) {
$vars['avatar_size'] = 32;
}
$avatar_url = NVWEB_OBJECT . '?type=blank';
if (!empty($webuser->avatar)) {
$avatar_url = NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $webuser->avatar . '&disposition=inline&width=' . $vars['avatar_size'] . '&height=' . $vars['avatar_size'];
}
$out = '
<div class="comments-reply">
<div><div class="comments-reply-info">' . $webgets[$webget]['translations']['post_a_comment'] . '</div></div>
<br />
<form action="' . NVWEB_ABSOLUTE . '/' . $current['route'] . '" method="post">
<input type="hidden" name="form-type" value="comment-reply" />
<div class="comments-reply-field"><label style="display: none;"> </label> <img src="' . $avatar_url . '" width="' . $vars['avatar_size'] . '" height="' . $vars['avatar_size'] . '" align="absmiddle" /> <span class="comments-reply-username">' . $webuser->username . '</span><a class="comments-reply-signout" href="?webuser_signout">(x)</a></div>
<br />
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['message'] . '</label> <textarea name="reply-message"></textarea></div>
<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->
<div class="comments-reply-field-submit"><input class="comments-reply-submit" type="submit" value="' . $webgets[$webget]['translations']['submit'] . '" /></div>
</form>
</div>
';
$extensions_messages = $events->trigger('comment', 'reply_extra_fields', array('html' => $out));
// add any extra field generated
if (!empty($extensions_messages)) {
$extra_fields = array_map(function ($v) {
return $v;
}, array_values($extensions_messages));
$out = str_replace('<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->', implode("\n", $extra_fields), $out);
}
} else {
if ($element->comments_enabled_to == 1) {
$out = '<div class="comments-reply">
<div class="comments-reply-info">' . $webgets[$webget]['translations']['sign_in_or_sign_up_to_post_a_comment'] . '</div>
</div>';
} else {
$out = '<div class="comments-reply">
<div class="comments-reply-info">' . $webgets[$webget]['translations']['comments_on_this_entry_are_closed'] . '</div>
</div>';
}
}
}
break;
case 'comments':
setlocale(LC_ALL, $website->languages[$session['lang']]['system_locale']);
list($comments, $comments_total) = nvweb_comments_list(0, NULL, NULL, $vars['order']);
// get all comments of the current entry
if (empty($vars['avatar_size'])) {
$vars['avatar_size'] = '48';
}
if (empty($vars['date_format'])) {
$vars['date_format'] = '%d %B %Y %H:%M';
}
for ($c = 0; $c < $comments_total; $c++) {
$avatar = $comments[$c]->avatar;
if (!empty($avatar)) {
$avatar = '<img src="' . NVWEB_OBJECT . '?type=image&id=' . $avatar . '" width="' . $vars['avatar_size'] . 'px" height="' . $vars['avatar_size'] . 'px"/>';
} else {
$avatar = '<img src="data:image/gif;base64,R0lGODlhAQABAPAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" width="' . $vars['avatar_size'] . 'px" height="' . $vars['avatar_size'] . 'px"/>';
}
$comment = new comment();
$comment->load_from_resultset(array($comments[$c]));
$depth = 'data-depth="' . $comment->depth() . '"';
$out .= '
<div class="comment"' . $depth . '>
<div class="comment-avatar">' . $avatar . '</div>
<div class="comment-username">' . (!empty($comments[$c]->username) ? $comments[$c]->username : $comments[$c]->name) . '</div>
<div class="comment-date">' . Encoding::toUTF8(strftime($vars['date_format'], $comments[$c]->date_created)) . '</div>
<div class="comment-message">' . nl2br($comments[$c]->message) . '</div>
<div style="clear:both"></div>
</div>
';
}
break;
}
return $out;
}
