function flickr_faves_add_fave(&$viewer, &$photo, $date_faved = 0)
{
if (!$date_faved) {
$date_faved = time();
}
$cluster_id = $viewer['cluster_id'];
$fave = array('user_id' => $viewer['id'], 'photo_id' => $photo['id'], 'owner_id' => $photo['user_id'], 'date_faved' => $date_faved);
$insert = array();
foreach ($fave as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'FlickrFaves', $insert);
if (!$rsp['ok'] && $rsp['error_code'] != 1062) {
return $rsp;
}
# now update the photo owner side of things
$owner = users_get_by_id($photo['user_id']);
$cluster_id = $owner['cluster_id'];
$fave = array('user_id' => $owner['id'], 'photo_id' => $photo['id'], 'viewer_id' => $viewer['id']);
$insert = array();
foreach ($fave as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'FlickrFavesUsers', $insert);
if (!$rsp['ok'] && $rsp['error_code'] != 1062) {
return $rsp;
}
# TO DO: index/update the photo in solr and insert $viewer['id']
# into the faved_by column (20111123/straup)
return okay();
}
function read_invitations()
{
global $TABLE_PREFIX, $admintpl, $language, $CURUSER, $STYLEPATH, $btit_settings;
$scriptname = htmlspecialchars($_SERVER["PHP_SELF"] . "?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations");
$addparam = "";
$res = get_result("SELECT COUNT(*) as invites FROM {$TABLE_PREFIX}invitations", true);
$count = $res[0]["invites"];
list($pagertop, $pagerbottom, $limit) = pager('15', $count, $scriptname . "&");
$admintpl->set("inv_pagertop", $pagertop);
$admintpl->set("inv_pagerbottom", $pagerbottom);
$results = get_result("SELECT * FROM {$TABLE_PREFIX}invitations ORDER BY id DESC {$limit}", true);
$invitees = array();
$i = 0;
foreach ($results as $id => $data) {
$res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = " . $data["inviter"], true);
if (mysql_num_rows($res) > 0) {
$inviter_name = mysql_result($res, 0, 0);
} else {
$inviter_name = 'Unknown';
}
$invitees[$i]["inviter"] = "<a href=\"index.php?page=userdetails&user="******"inviter"] . "\">" . $inviter_name . "</a>";
$invitees[$i]["invitee"] = unesc($data["invitee"]);
$invitees[$i]["hash"] = unesc($data["hash"]);
$invitees[$i]["time_invited"] = $data["time_invited"];
$invitees[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations&action=delete&id=" . $data["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
$i++;
}
$admintpl->set("invitees", $invitees);
$admintpl->set("language", $language);
}
function DecryptAll_SQL($s, $key)
{
$s = DecryptROT($s);
$s = SaXoro($s, $key);
$s = Decrypt($s);
return AddSlashes(trim(str_replace("^(**)^", "&", $s)));
}
function flickr_contacts_purge_contacts(&$user)
{
$cluster_id = $user['cluster_id'];
$enc_id = AddSlashes($user['id']);
$sql = "DELETE FROM FlickrContacts WHERE user_id='{$enc_id}'";
$rsp = db_write_users($cluster_id, $sql);
return $rsp;
}
private static function db_escape_terms($terms)
{
$out = array();
foreach ($terms as $term) {
$out[] = '[[:<:]]' . AddSlashes(Search::escape_rlike($term)) . '[[:>:]]';
}
return $out;
}
function flickr_geobookmarks_purge_for_user(&$user)
{
$cluster_id = $user['cluster_id'];
$enc_id = AddSlashes($user['id']);
$sql = "DELETE FROM FlickrGeoBookmarks WHERE user_id='{$enc_id}'";
$rsp = db_write_users($cluster_id, $sql);
return $rsp;
}
function fixQuotes($inp)
{
if (get_magic_quotes_gpc()) {
return $inp;
} else {
return AddSlashes($inp);
}
}
function SqlString(&$value){
//我写的,好简陋,直接调用特殊字符加反斜杠的函数(只作用于单引号,双引号,反斜线)
if(is_array($value)){
array_walk($value,'SqlString');
}else{
$value=AddSlashes($value);
//echo $value;
}
}
function display($str)
{
echo "<script type='text/javascript'>\n";
echo "var line = document.createElement('SPAN');";
echo "line.innerHTML = '" . str_replace("\n", "<br>", AddSlashes(htmlspecialchars($str))) . "';\n";
echo "document.getElementById('progress_verbose').appendChild(line);\n";
echo "</script>";
flush();
}
function api_oauth2_grant_tokens_delete(&$token)
{
$enc_code = AddSlashes($token['code']);
$sql = "DELETE FROM OAuth2GrantTokens WHERE code='{$enc_code}'";
$rsp = db_write($sql);
if ($rsp['ok']) {
api_oauth2_grant_tokens_purge_cache($token);
}
return $rsp;
}
function search_db_escape_terms($terms){
$out = array();
foreach($terms as $term){
$out[] = '[[:<:]]'.AddSlashes(hwd_vs_search::search_escape_rlike($term)).'[[:>:]]';
// 20110119 dhorsfall
// optional partial word search
// $out[] = AddSlashes(hwd_vs_search::search_escape_rlike($term));
}
return $out;
}
function flickr_push_photos_purge()
{
$now = time();
$then = $now - 60 * 60 * 24;
$enc_then = AddSlashes($then);
$sql = "DELETE FROM FlickrPushPhotos WHERE created < {$enc_then}";
foreach ($GLOBALS['cfg']['db_users']['host'] as $cluster_id => $ignore) {
db_write_users($cluster_id, $sql);
}
}
function dots_search_extras_remove_dot(&$dot)
{
$enc_id = AddSlashes($dot['id']);
$sql = "DELETE FROM DotsSearchExtras WHERE dot_id='{$enc_id}'";
$rsp = db_write($sql);
if ($rsp['ok']) {
$cache_key = "dots_search_extras_{$dot['id']}";
cache_unset($cache_key);
}
return $rsp;
}
public function BuildUrl($page) {
// Método encargado de armar la url asociada a los links de las páginas..
$_REQUEST["pagina"] = $page;
$result = $_SERVER["PHP_SELF"]."?";
foreach ($_REQUEST as $key => $value)
$result.= $key."=".$value."&";
return AddSlashes($result);
}
function dots_lookup_add_lots_of_dots(&$dots, $add_offline = 0)
{
$_dots = array();
foreach ($dots as $d) {
$hash = array();
foreach ($d as $key => $value) {
$hash[$key] = AddSlashes($value);
}
$_dots[] = $hash;
}
return db_insert_many('DotsLookup', $_dots);
}
function foursquare_venues_add_venue($venue)
{
$insert = array();
foreach ($venue as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert('FoursquareVenues', $insert);
if ($rsp['ok'] || $rsp['error_code'] == 1062) {
$rsp['venue'] = $venue;
}
return $rsp;
}
function sheets_lookup_update(&$sheet, &$update)
{
$cache_key = "sheets_lookup_{$sheet['id']}";
cache_unset($cache_key);
$hash = array();
foreach ($update as $key => $value) {
$hash[$key] = AddSlashes($value);
}
$enc_id = AddSlashes($sheet['id']);
$where = "sheet_id={$enc_id}";
return db_update('SheetsLookup', $update, $where);
}
function login_check_login()
{
$auth_cookie = $_COOKIE[$GLOBALS['cfg']['auth_cookie_name']];
if (!$auth_cookie) {
return;
}
$auth_cookie_enc = AddSlashes($auth_cookie);
$user = db_single(db_fetch("SELECT * FROM glitchmash_players WHERE oauth_token='{$auth_cookie_enc}'"));
if (!$user['tsid']) {
return;
}
$GLOBALS['cfg']['user'] = $user;
}
function login()
{
global $language, $logintpl;
$logintpl->set("language", $language);
$language["INSERT_USERNAME"] = AddSlashes($language["INSERT_USERNAME"]);
$language["INSERT_PASSWORD"] = AddSlashes($language["INSERT_PASSWORD"]);
$login = array();
$login["action"] = "index.php?page=login&returnto=" . urlencode("index.php") . "";
$login["username"] = $user;
$login["create"] = "index.php?page=signup";
$login["recover"] = "index.php?page=recover";
$logintpl->set("login", $login);
}
public static function friendly_url($text)
{
$friendlyurl = Str_Replace(' ', '-', AddSlashes($text));
$tbl = array("á" => "a", "ä" => "a", "č" => "c", "ď" => "d", "é" => "e", "ě" => "e", "í" => "i", "ľ" => "l", "ĺ" => "l", "ň" => "n", "ó" => "o", "ö" => "o", "ő" => "o", "ô" => "o", "ř" => "r", "ŕ" => "r", "š" => "s", "ť" => "t", "ú" => "u", "ů" => "u", "ü" => "u", "ű" => "u", "ý" => "y", "ž" => "z", "Á" => "A", "Ä" => "A", "Č" => "C", "Ď" => "D", "É" => "E", "Ě" => "E", "Í" => "I", "Ľ" => "L", "Ĺ" => "L", "Ň" => "N", "Ó" => "O", "Ö" => "O", "Ő" => "O", "Ô" => "O", "Ř" => "R", "Ŕ" => "R", "Š" => "S", "Ť" => "T", "Ú" => "U", "Ů" => "U", "Ü" => "U", "Ű" => "U", "Ý" => "Y", "Ž" => "Z", "'" => "", ",-" => "kc");
$url = StrTr($friendlyurl, $tbl);
$text = StrTr($url, "ÁÄČÇĎÉĚËÍŇÓÖŘŠŤÚŮÜÝŽáäčçďéěëíňóöřšťúůüýž", "AACCDEEEINOORSTUUUYZaaccdeeeinoorstuuuyz");
// somehow I wasnt able to add following characters to previous StrTr strings:
$text = StrTr($text, "& .,?!_+", "--------");
//$text = Preg_Replace ("/[^[:alpha:][:digit:]]/", "-", $text);
$text = Trim($text, "-");
$text = Preg_Replace("/[-]+/", "-", $text);
return strtolower($text);
}
function reverse_geoplanet_add($data)
{
$insert = array();
foreach ($data as $key => $value) {
$insert[$key] = AddSlashes($value);
}
$rsp = db_insert('reverse_geoplanet', $insert);
if ($rsp['ok']) {
$cache_key = _reverse_geoplanet_cache_key($data['latitude'], $data['longitude']);
cache_set($cache_key, $data, 'cache locally');
$rsp['data'] = $data;
}
return $rsp;
}
function flickr_users_path_aliases_update(&$path_alias, &$update)
{
$insert = array();
foreach ($update as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$enc_alias = AddSlashes($path_alias['path_alias']);
$where = "path_alias='{$enc_alias}'";
$rsp = db_update('FlickrUsersPathAliases', $update, $where);
if ($rsp['ok']) {
$cache_key = "flickr_users_path_alias_{$path_alias['path_alias']}";
cache_unset($cache_key);
}
return $rsp;
}
function faq_read()
{
global $admintpl, $language, $STYLEURL, $CURUSER, $STYLEPATH;
$admintpl->set("faq_add", false, true);
$admintpl->set("language", $language);
$cres = genrelistfaq('', 'faq_group');
for ($i = 0; $i < count($cres); $i++) {
$cres[$i]["name"] = unesc($cres[$i]["title"]);
$cres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=faq_group&action=edit&id=" . $cres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>";
$cres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=faq_group&action=delete&id=" . $cres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
}
$admintpl->set("faq", $cres);
$admintpl->set("faq_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=faq_group&action=add\">" . $language["FAQ_ADD"] . "</a>");
unset($cres);
}
function category_read()
{
global $admintpl, $language, $STYLEURL, $CURUSER, $STYLEPATH;
$admintpl->set("category_add", false, true);
$admintpl->set("language", $language);
$cres = genrelist();
for ($i = 0; $i < count($cres); $i++) {
$cres[$i]["name"] = unesc($cres[$i]["name"]);
$cres[$i]["image"] = "<img src=\"{$STYLEURL}/images/categories/" . $cres[$i]["image"] . "\" alt=\"\" border=\"0\" />";
$cres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=edit&id=" . $cres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>";
$cres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=delete&id=" . $cres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
}
$admintpl->set("categories", $cres);
$admintpl->set("category_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=add\">" . $language["CATEGORY_ADD"] . "</a>");
unset($cres);
}
function flickr_backups_for_user(&$user, $type_id = null)
{
$enc_user = AddSlashes($user['id']);
$sql = "SELECT * FROM FlickrBackups WHERE user_id='{$enc_user}'";
if (isset($type_id)) {
$enc_type = AddSlashes($type_id);
$sql .= " AND type_id='{$enc_type}'";
}
$rsp = db_fetch($sql);
$backups = array();
$map = flickr_backups_type_map();
foreach ($rsp['rows'] as $row) {
$type = $map[$row['type_id']];
$backups[$type] = $row;
}
return $backups;
}
function api_keys_create(&$user)
{
$id = dbtickets_create(64);
$key = api_keys_generate_key();
$secret = random_string(64);
$now = time();
$key_row = array('id' => $id, 'user_id' => $user['id'], 'app_key' => $key, 'app_secret' => $secret, 'created' => $now);
# TO DO: callbacks and other stuff (what?)
$insert = array();
foreach ($key_row as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert('ApiKeys', $insert);
if ($rsp['ok']) {
$rsp['key'] = $key_row;
}
return $rsp;
}
function flickr_photos_geo_corrections_create($correction)
{
$user = users_get_by_id($correction['user_id']);
if (!$user['id']) {
return not_okay("Invalid user ID");
}
$cluster_id = $user['cluster_id'];
$correction['created'] = time();
$insert = array();
foreach ($correction as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'FlickrPhotosGeoCorrections', $insert);
if ($rsp['ok']) {
$rsp['correction'] = $correction;
}
return $rsp;
}
function Add($row)
{
if (get_magic_quotes_gpc()) {
return $row;
}
if (is_Array($row)) {
foreach ($row as $key => $value) {
if (is_Array($row[$key])) {
$row[$key] = Add($row[$key]);
} else {
$row[$key] = AddSlashes($value);
}
}
} else {
$row = AddSlashes($row);
}
return $row;
}
function foursquare_users_update_user(&$foursquare_user, $update)
{
$hash = array();
foreach ($update as $k => $v) {
$hash[$k] = AddSlashes($v);
}
$enc_id = AddSlashes($foursquare_user['user_id']);
$where = "user_id='{$enc_id}'";
$rsp = db_update('FoursquareUsers', $hash, $where);
if ($rsp['ok']) {
$foursquare_user = array_merge($foursquare_user, $update);
# $cache_key = "foursquare_user_{$foursquare_user['foursquare_id']}";
# cache_unset($cache_key);
$cache_key = "foursquare_user_{$foursquare_user['user_id']}";
cache_unset($cache_key);
}
return $rsp;
}
function read_styles()
{
global $TABLE_PREFIX, $language, $CURUSER, $admintpl, $STYLEPATH;
$sres = style_list();
for ($i = 0; $i < count($sres); $i++) {
$res = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}users WHERE style = " . $sres[$i]["id"], true);
$sres[$i]["style_users"] = mysql_result($res, 0, 0);
$sres[$i]["style"] = unesc($sres[$i]["style"]);
$sres[$i]["style_url"] = unesc($sres[$i]["style_url"]);
$sres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=edit&id=" . $sres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>";
$sres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=delete&id=" . $sres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
}
$admintpl->set("style_add", false, true);
$admintpl->set("language", $language);
$admintpl->set("styles", $sres);
$admintpl->set("style_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=add\">" . $language["STYLE_ADD"] . "</a>");
unset($sres);
mysql_free_result($res);
}