public function insertRecord() { $db = new Querier(); // Make sure there isn't a guide with this title or shortform already $is_dupe = self::dupeCheck(); if ($is_dupe == TRUE) { $this->_message = _("There is already a guide with this SHORTFORM. The shortform must be unique."); return; } ////////////////// // Encode our extra as json ///////////////// $json_extra = json_encode($this->_extra); ///////////////////// // update subject table ///////////////////// $qInsertSubject = "INSERT INTO subject (subject, shortform, description, keywords, redirect_url, active, type, header, extra) VALUES (\n " . $db->quote(scrubData($this->_subject, "text")) . ",\n " . $db->quote(scrubData($this->_shortform, "text")) . ",\n " . $db->quote(scrubData($this->_description, "text")) . ",\n " . $db->quote(scrubData($this->_keywords, "text")) . ",\n " . $db->quote(scrubData($this->_redirect_url, "text")) . ",\n " . $db->quote(scrubData($this->_active, "integer")) . ",\n " . $db->quote(scrubData($this->_type, "text")) . ",\n " . $db->quote(scrubData($this->_header, "text")) . ",\n " . $db->quote($json_extra) . "\n )"; $db = new Querier(); $rInsertSubject = $db->exec($qInsertSubject); $this->_subject_id = $db->last_id(); $this->_debug = "<p>1. insert subject: {$qInsertSubject}</p>"; if (!$rInsertSubject) { echo blunDer("We have a problem with the title query: {$qInsertSubject}"); } ///////////////////// // insert into staff_subject //////////////////// self::modifySS(); ///////////////////// // insert into subject_discipline //////////////////// self::modifySD(); /////////////////// // create inital tab /////////////////// self::modifyTabs(); // ///////////////////// // Alter chchchanges table // table, flag, item_id, title, staff_id //////////////////// $updateChangeTable = changeMe("guide", "insert", $this->_subject_id, $this->_subject, $_SESSION['staff_id']); ///////////////////// // insert into subject_subject for parent-child //////////////////// self::modifySubSub(); // message $this->_message = _("Thy Will Be Done.") . " <a class=\"master-feedback-link\" href=\"guide.php?subject_id=" . $this->_subject_id . "\">" . _("Add Content To Your New Guide") . "</a>"; }
public function save() { $db = new Querier(); $lobjTabs = json_decode($this->_input['tabs'], true); // Remove all existing entries for that guide from intervening table $subject_id = $this->_input["this_subject_id"]; $qs = "SELECT tab_id FROM tab WHERE subject_id = '{$subject_id}'"; $drs = $db->query($qs); // list all pluslets associated with guide before save that aren't special $qp = "SELECT p.pluslet_id\nFROM pluslet p\nINNER JOIN pluslet_section ps\nON p.pluslet_id = ps.pluslet_id\nINNER JOIN section sec\nON ps.section_id = sec.section_id\nINNER JOIN tab t\nON sec.tab_id = t.tab_id\nINNER JOIN subject s\nON t.subject_id = s.subject_id\nWHERE s.subject_id = {$subject_id}\nAND p.type != 'Special'"; $lobjBeforePluslets = $db->query($qp); $lobjAfterPluslets = array(); // initiate list currently saving pluslets foreach ($drs as $row) { $qd = "DELETE ps, sec FROM pluslet_section ps\n\tINNER JOIN section sec\n\tON ps.section_id = sec.section_id\n\tWHERE sec.tab_id = '{$row[0]}'"; $db->exec($qd); $qd = "DELETE FROM tab WHERE tab_id = '{$row[0]}'"; $db->exec($qd); } $lintTabIndex = 0; foreach ($lobjTabs as $lobjTab) { if (isset($lobjTab['external'])) { } else { $lobjTab['external'] = NULL; } $qi = "INSERT INTO tab (subject_id, label, tab_index, external_url, visibility) VALUES ('{$subject_id}', '{$lobjTab['name']}', {$lintTabIndex}, '{$lobjTab['external']}', {$lobjTab['visibility']})"; // print $qi . "<br />"; $db->exec($qi); $lintTabId = $db->last_id(); $lintSectionIndex = 0; // insert sections foreach ($lobjTab['sections'] as $lobjSection) { // insert section, as of now only one per tab $qi = "INSERT INTO section (section_index, layout, tab_id) VALUES ('{$lintSectionIndex}', '{$lobjSection['layout']}', '{$lintTabId}')"; // print $qi . "<br />"; $db->exec($qi); $lintSecId = $db->last_id(); $left_col = $lobjSection["left_data"]; $center_col = $lobjSection["center_data"]; $sidebar = $lobjSection["sidebar_data"]; // added by dgonzalez in order to separate by '&pluslet[]=' even if dropspot-left doesn't exist $left_col = "&" . $left_col; $center_col = "&" . $center_col; $sidebar = "&" . $sidebar; // remove the "drop here" non-content & get all our "real" contents into array $left_col = str_replace("dropspot-left[]=1", "", $left_col); $leftconts = explode("&pluslet[]=", $left_col); $center_col = str_replace("dropspot-center[]=1", "", $center_col); $centerconts = explode("&pluslet[]=", $center_col); $sidebar = str_replace("dropspot-sidebar[]=1", "", $sidebar); $sidebarconts = explode("&pluslet[]=", $sidebar); // CHECK IF THERE IS CONTENT // Now insert the appropriate entries foreach ($leftconts as $key => $value) { if ($key != 0) { $qi = "INSERT INTO pluslet_section (pluslet_id, section_id, pcolumn, prow) VALUES ('{$value}', '{$lintSecId}', 0, '{$key}')"; // print $qi . "<br />"; $db->exec($qi); array_push($lobjAfterPluslets, $value); } } foreach ($centerconts as $key => $value) { if ($key != 0) { $qi = "INSERT INTO pluslet_section (pluslet_id, section_id, pcolumn, prow) VALUES ('{$value}', '{$lintSecId}', 1, '{$key}')"; // print $qi . "<br />"; $db->exec($qi); array_push($lobjAfterPluslets, $value); } } foreach ($sidebarconts as $key => $value) { if ($key != 0) { $qi = "INSERT INTO pluslet_section (pluslet_id, section_id, pcolumn, prow) VALUES ('{$value}', '{$lintSecId}', 2, '{$key}')"; // print $qi . "<br />"; $db->exec($qi); array_push($lobjAfterPluslets, $value); } } $lintSectionIndex++; } $lintTabIndex++; } // delete all pluslets that are not being used anymore to avoid orphans foreach ($lobjBeforePluslets as $lobjPluslet) { if (!in_array($lobjPluslet['pluslet_id'], $lobjAfterPluslets)) { $q = "DELETE FROM pluslet WHERE pluslet_id = {$lobjPluslet['pluslet_id']}"; if ($db->exec($q) === FALSE) { print "Error could not remove pluslet orphans!"; exit; } } } // /////////////////// // Alter chchchanges table // table, flag, item_id, title, staff_id // ////////////////// // $updateChangeTable = changeMe("guide", "update", $_COOKIE["our_guide_id"], $_COOKIE["our_guide"], $_SESSION['staff_id']); print _("Thy Will Be Done: Guide Updated."); }
include "../includes/header.php"; // Connect to database //print_r($_POST); switch ($_REQUEST["type"]) { case "ingest": $db = new Querier(); // check if we already have a record like this $our_id = scrubData($_REQUEST["foreign_id"]); $qcheck = "SELECT video_id FROM video WHERE foreign_id = '" . $our_id . "'"; //print $qcheck; $rcheck = $db->query($qcheck); if (count($rcheck) == 0) { $qinsert = "INSERT INTO video (title, description, source, foreign_id, duration, date, display)\n values(\"" . $_POST["title"] . "\", \"" . $_POST["description"] . "\", \"" . $_POST["source"] . "\", \"" . $_POST["foreign_id"] . "\", \"" . $_POST["duration"] . "\", \"" . $_POST["upload_date"] . "\",\n 1 \n )"; // print_r ($qinsert); $rinsert = $db->exec($qinsert); $video_id = $db->last_id(); } else { // Do an update $db = new Querier(); $qupdate = "UPDATE video \n SET title = " . $db->quote(scrubData($_POST['title'])) . ",\n description = " . $db->quote(scrubData($_POST['description'], 'richtext')) . ",\n source = " . $db->quote(scrubData($_POST['source'])) . " ,\n foreign_id = " . $db->quote(scrubData($_POST['foreign_id'])) . ",\n duration = " . $db->quote(scrubData($_POST['duration'])) . " ,\n date = " . $db->quote(scrubData($_POST['upload_date'])) . " ,\n WHERE foreign_id = " . $our_id; //print_r ($qupdate); $rupdate = $db->exec($qupdate); $video_id = $rupdate[0]; } // insert/update image // get small thumbnail $image = curl_get($_POST["thumbnail_small"]); //$image = file_get_contents($_POST["thumbnail_small"]); $new_image = "../../assets/images/video_thumbs/" . $video_id . "_small.jpg"; file_put_contents($new_image, $image); // get medium thumbnail (actually the youtube one is pretty large)
function modifyLocation() { $db = new Querier(); foreach ($this->_location_id as $key => $value) { // wipe entry in location_title if ($value == "") { // Blank location, do an insert $qInsertLoc = "INSERT INTO location (format, call_number, location, access_restrictions, eres_display, display_note, ctags, helpguide) VALUES (\n\t\t\t\t'" . scrubData($this->_format[$key], "integer") . "',\n\t\t\t\t" . $db->quote(scrubData($this->_call_number[$key])) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_location[$key])) . ",\n\t\t\t\t'" . scrubData($this->_access_restrictions[$key], "integer") . "',\n\t\t\t\t'" . scrubData($this->_eres_display[$key]) . "',\n\t\t\t\t" . $db->quote(scrubData($this->_display_note[$key], "richtext")) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_ctags[$key])) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_helpguide[$key])) . "\n\t\t\t\t)"; $rInsertLoc = $db->exec($qInsertLoc); $this->_debug .= "<p>5a. insert location loop: {$qInsertLoc}</p>"; if (!$rInsertLoc) { echo blunDer("We have a problem with the insert locations query: {$qInsertLoc}"); } $current_location_id = $db->last_id(); } else { // Existing location, do an update $qUpLoc = "UPDATE location SET format = '" . scrubData($this->_format[$key], "integer") . "', call_number = '" . scrubData($this->_call_number[$key]) . "', location = '" . scrubData($this->_location[$key]) . "', access_restrictions = '" . scrubData($this->_access_restrictions[$key], "integer") . "', eres_display = '" . scrubData($this->_eres_display[$key]) . "', display_note = '" . scrubData($this->_display_note[$key], "richtext") . "', ctags = " . $db->quote(scrubData($this->_ctags[$key])) . ", helpguide = " . $db->quote(scrubData($this->_helpguide[$key])) . " WHERE location_id = " . scrubData($this->_location_id[$key], "integer"); $rUpLoc = $db->exec($qUpLoc); $this->_debug .= "<p>5b. update location loop: {$qUpLoc}</p>"; if ($rUpLoc === FALSE) { echo blunDer("We have a problem with the update locations query: {$qUpLoc}"); } $current_location_id = scrubData($this->_location_id[$key]); $this->_debug .= "<p>current loc id = {$current_location_id}"; } // If/else over, now do an insert to location_title $qInsertLocTitle = "INSERT INTO location_title (title_id, location_id) VALUES (\n\t" . scrubData($this->_title_id, "integer") . ",\n\t{$current_location_id}\n\t)"; $this->_debug .= "<p>6. insert into location_title: {$qInsertLocTitle}</p>"; $rInsertLocTitle = $db->exec($qInsertLocTitle); if (!$rInsertLocTitle) { echo blunDer("We have a problem with the insert location_title query: {$qInsertLocTitle}"); } } }
/** * tokenizeText() is used to convert tokens created via FCKeditor wysiwyg * into something prettily output * * The original is in the Pluslet class, and these two should probably be made one * * @return string */ function tokenizeText($our_text, $our_subject_id = "") { global $proxyURL; global $PublicPath; global $FAQPath; global $UserPath; global $IconPath; global $open_string; global $close_string; global $open_string_kw; global $close_string_kw; global $open_string_cn; global $close_string_cn; global $open_string_bib; $db = new Querier(); $icons = ""; //$target = "target=\"_" . $target . "\""; $target = ""; $tokenized = ""; $parts = preg_split('/<span[^>]*>{{|}}<\\/span>/', $our_text); if (count($parts) == 1) { $parts = preg_split('/{{|}}/', $our_text); } if (count($parts) > 1) { // there are tokens in $body foreach ($parts as $part) { if (preg_match('/^dab},\\s?{\\d+},\\s?{.+},\\s?{[01]{2}$/', $part) || preg_match('/^faq},\\s?{(\\d+,)*\\d+$/', $part) || preg_match('/^cat},\\s?{.+},\\s?{.*},\\s?{\\w+$/', $part) || preg_match('/^fil},\\s?{.+},\\s?{.+$/', $part) || preg_match('/^sss},\\s?{[^}]*/', $part) || preg_match('/^toc},\\s?{[^}]*/', $part)) { // $part is a properly formed token $fields = preg_split('/},\\s?{/', $part); $prefix = substr($part, 0, 3); switch ($prefix) { case "faq": $query = "SELECT faq_id, question FROM `faq` WHERE faq_id IN(" . $fields[1] . ") ORDER BY question"; $result = $db->query($query); $tokenized .= "<ul>"; foreach ($result as $myrow) { $tokenized .= "<li><a href=\"{$FAQPath}" . "?faq_id={$myrow['0']}\" {$target}>" . stripslashes(htmlspecialchars_decode($myrow[1])) . "</a></li>"; } $tokenized .= "</ul>"; break; case "fil": $ext = explode(".", $fields[1]); $i = count($ext) - 1; $our_icon = showDocIcon($ext[$i]); $file = "{$UserPath}/{$fields['1']}"; $tokenized .= "<a href=\"{$file}\" {$target}>{$fields['2']}</a> <img style=\"position:relative; top:.3em;\" src=\"{$IconPath}/{$our_icon}\" alt=\"{$ext[$i]}\" />"; break; case "cat": $pretext = ""; switch ($fields[3]) { case "subject": $cat_url = $open_string . $fields[1] . $close_string; $pretext = $fields[2] . " "; $linktext = $fields[1]; break; case "keywords": $cat_url = $open_string_kw . $fields[1] . $close_string_kw; $linktext = $fields[2]; break; case "call_num": $cat_url = $open_string_cn . $fields[1] . $close_string_cn; $linktext = $fields[2]; break; case "bib": $cat_url = $open_string_bib . $fields[1]; $linktext = $fields[2]; break; } $tokenized .= "{$pretext}<a href=\"{$cat_url}\" {$target}>{$linktext}</a>"; break; case "dab": //print_r($fields); $description = ""; /////////////////// // Check for icons or descriptions in fields[3] // 00 = neither; 10 = icons no desc; 01 = desc no icons; 11 = both /////////////////// if (isset($fields["3"])) { switch ($fields["3"]) { case "00": $show_icons = ""; $show_desc = ""; $show_rank = 0; break; case "10": $show_icons = "yes"; $show_desc = ""; $show_rank = 0; break; case "01": $show_icons = ""; $show_desc = 1; $icons = ""; break; case "11": $show_icons = "yes"; $show_desc = 1; break; } } $query = "SELECT location, access_restrictions, format, ctags, helpguide, citation_guide, description, call_number, t.title\n FROM location l, location_title lt, title t\n WHERE l.location_id = lt.location_id\n AND lt.title_id = t.title_id\n AND t.title_id = {$fields['1']}"; //print $query . "<br /><br />"; $result = $db->query($query); foreach ($result as $myrow) { // eliminate final line breaks -- offset fixed 11/15/2011 agd $myrow[6] = preg_replace('/(<br \\/>)+/', '', $myrow[6]); // See if it's a web format if ($myrow[2] == 1) { if ($myrow[1] == 1) { $url = $myrow[0]; $rest_icons = "unrestricted"; } else { $url = $proxyURL . $myrow[0]; $rest_icons = "restricted"; } $current_ctags = explode("|", $myrow[3]); // add our $rest_icons info to this array at the beginning array_unshift($current_ctags, $rest_icons); if ($show_icons == "yes") { $icons = showIcons($current_ctags); } if ($show_desc == 1) { // if we know the subject_id, good; for public, must look up $subject_id = ''; if (isset($_GET["subject_id"])) { $subject_id = $_GET["subject_id"]; } elseif (isset($_GET["subject"])) { $q1 = "SELECT subject_id FROM subject WHERE shortform = '" . $_GET["subject"] . "'"; $r1 = $db->query($q1); $subject_id = $db->last_id($r1); $subject_id = $subject_id[0]; } $override = findDescOverride($subject_id, $fields[1]); // if they do want to display the description: if ($override != "") { // show the subject-specific "description_override" if it exists $description = "<br />" . scrubData($override); } else { $description = "<br />" . scrubData($myrow[6]); } //$description = "<br />$myrow[9]"; } $tokenized .= "<a href=\"{$url}\" {$target}>{$myrow['8']}</a> {$icons} {$description}"; } else { // It's print $format = "other"; if ($show_icons == "yes") { $icons = showIcons($current_ctags); } if ($show_desc != "") { $description = "<br />{$myrow['6']}"; } // Simple Print (2), or Print with URL (3) if ($myrow[2] == 3) { $tokenized .= "<em>{$myrow['8']}</em><br />" . _("") . "\n <a href=\"{$myrow['0']}\" {$target}>{$myrow['7']}</a>\n {$icons} {$description}"; } else { // check if it's a url if (preg_match('/^(https?|www)/', $myrow[0])) { $tokenized .= "<a href=\"{$myrow['0']}\" {$target}>{$myrow['8']}</a> {$icons} {$description}"; } else { $tokenized .= "{$myrow['8']} <em>{$myrow['0']}</em> {$icons} {$description}"; } } } } break; case 'sss': global $tel_prefix; $querier = new Querier(); $qs = "SELECT lname, fname, email, tel, title from staff WHERE email IN ('" . str_replace(',', "','", $fields[1]) . "') ORDER BY lname, fname"; //print $qs; $staffArray = $querier->query($qs); foreach ($staffArray as $value) { // get username from email $truncated_email = explode("@", $value[2]); $staff_picture = $relative_asset_path . "users/_" . $truncated_email[0] . "/headshot.jpg"; // Output Picture and Contact Info $tokenized .= "\n <div class=\"clearboth\"><img src=\"{$staff_picture}\" alt=\"Picture: {$value['1']} {$value['0']}\" class=\"staff_photo2\" align=\"left\" style=\"margin-bottom: 5px;\" />\n <p><a href=\"mailto:{$value['2']}\">{$value['1']} {$value['0']}</a><br />{$value['4']}<br />\n Tel: {$tel_prefix} {$value['3']}</p>\n</div>\n"; } break; case 'toc': $lobjTocPluslet = new Pluslet_TOC('', '', $our_subject_id); $lobjTocPluslet->setTickedItems(explode(',', $fields[1])); $lobjTocPluslet->setHideTitleBar(1); $tokenized .= $lobjTocPluslet->output(); break; } } elseif (preg_match('/{|}/', $part) && preg_match('/\\bdab\\b|\\bfaq\\b|\\bcat\\b|\\bfil\\b/', $part)) { // looks kinda like a token $tokenized .= "<span style='background-color:yellow'>BROKEN TOKEN: " . $part . "</span>"; } else { $tokenized .= $part; } } // end foreach } else { $our_text = $our_text; return $our_text; } $our_text = $tokenized; return $our_text; }
function modifyDB($id, $type) { $db = new Querier(); /* print "<pre>"; print_r($_POST); print "</pre>"; */ // Uses the data from the POST vars to update $pluslet_title = isset($_POST["pluslet_title"]) ? $_POST["pluslet_title"] : ''; $pluslet_body = isset($_POST["pluslet_body"]) ? $_POST["pluslet_body"] : ''; $pluslet_type = isset($_POST["item_type"]) ? $_POST["item_type"] : ''; $pluslet_extra = isset($_POST["special"]) ? $_POST["special"] : ''; $pluslet_hide_titlebar = $_POST["boxsetting_hide_titlebar"]; $pluslet_collapse_body = $_POST["boxsetting_collapse_titlebar"]; $pluslet_favorite_box = $_POST["favorite_box"]; $pluslet_target_blank_links = $_POST['boxsetting_target_blank_links']; if (isset($_POST["boxsetting_titlebar_styling"])) { $pluslet_titlebar_styling = $_POST["boxsetting_titlebar_styling"]; } else { $pluslet_titlebar_styling = null; } // If clone isn't set, set to 0 if (isset($_POST["clone"])) { $pluslet_clone = $_POST["clone"]; } else { $pluslet_clone = 0; } // let's not have those errant slashes if (get_magic_quotes_gpc()) { $pluslet_title = stripcslashes(stripcslashes($pluslet_title)); $pluslet_body = stripslashes(stripslashes($pluslet_body)); $pluslet_extra = stripslashes(stripslashes($pluslet_extra)); } else { $pluslet_title = stripcslashes($pluslet_title); $pluslet_body = stripslashes($pluslet_body); $pluslet_extra = stripslashes($pluslet_extra); } switch ($type) { case "insert": $q = sprintf("INSERT INTO pluslet (title, body, type, clone, extra, hide_titlebar, collapse_body, titlebar_styling, favorite_box, target_blank_links) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", $db->quote($pluslet_title), $db->quote($pluslet_body), $db->quote($pluslet_type), $db->quote($pluslet_clone), $db->quote($pluslet_extra), $db->quote($pluslet_hide_titlebar), $db->quote($pluslet_collapse_body), $db->quote($pluslet_titlebar_styling), $db->quote($pluslet_favorite_box), $db->quote($pluslet_target_blank_links)); $db = new Querier(); $r = $db->exec($q); if ($r) { $id = $db->last_id(); } else { print "<p>There was a problem with your insert:</p>"; print "<p>{$q}</p>"; $id = false; } break; case "update": // update pluslet table //print "$pluslet_extra"; //$q = sprintf("UPDATE pluslet set title = '%s', body = '%s', type = '%s', extra = '%s' WHERE pluslet_id = '$id'", $db->quote($pluslet_title), $db->quote($pluslet_body), $db->quote($pluslet_type), $db->quote($pluslet_clone), $pluslet_extra); $q = "UPDATE pluslet SET\n title=" . $db->quote($pluslet_title) . ",\n body=" . $db->quote($pluslet_body) . ",\n type=" . $db->quote($pluslet_type) . ",\n extra=" . $db->quote($pluslet_extra) . ",\n hide_titlebar = '{$pluslet_hide_titlebar}',\n collapse_body = '{$pluslet_collapse_body}',\n titlebar_styling = '{$pluslet_titlebar_styling}',\n favorite_box = '{$pluslet_favorite_box}',\n target_blank_links = '{$pluslet_target_blank_links}'\n WHERE pluslet_id ='{$id}'"; $r = $db->exec($q); //print $q; if ($r === FALSE) { print "<p>There was a problem with your insert:</p>"; print "<p>{$q}</p>"; $id = false; } break; case "settings": // update pluslet table for only settings $q = "UPDATE pluslet SET\n hide_titlebar = '{$pluslet_hide_titlebar}',\n collapse_body = '{$pluslet_collapse_body}',\n titlebar_styling = '{$pluslet_titlebar_styling}',\n favorite_box = '{$pluslet_favorite_box}',\n target_blank_links = '{$pluslet_target_blank_links}'\n WHERE pluslet_id ='{$id}'"; $r = $db->exec($q); //print $q; if ($r === FALSE) { print "<p>There was a problem with your insert:</p>"; print "<p>{$q}</p>"; $id = false; } break; case "delete": $q = "DELETE FROM pluslets WHERE pluslet_id = '{$id}'"; $r = $db->query($q); break; } return $id; }