function comment_add()
{
if (isset($_SESSION["user_id"])) {
$post_id = isset($_POST["post_id"]) ? $_POST["post_id"] : "";
$body = isset($_POST["body"]) ? $_POST["body"] : "";
if ($post_id != "" && $body != "") {
$mysqli = db_connect();
$sql = "SELECT Posts.Id,Posts.Title,Users.NotifyComments,Users.Username,Users.Email,Posts.UserId FROM Posts" . " INNER JOIN Users ON Users.Id=Posts.UserId" . " WHERE Posts.Id=" . $mysqli->real_escape_string($post_id);
$post_result = $mysqli->query($sql);
if ($post_result->num_rows > 0) {
$post_row = $post_result->fetch_assoc();
$link_title = $post_row["Title"] != "" ? $post_row["Title"] : "Untitled";
// Add the comment to the comments table
$sql = "INSERT INTO Comments (" . "PostId,UserId,Body,Created,IPCreated" . ") VALUES (" . $mysqli->real_escape_string($post_id) . "," . $mysqli->real_escape_string($_SESSION["user_id"]) . ",'" . $mysqli->real_escape_string($body) . "'" . ",Now()" . ",'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "'" . ")";
$mysqli->query($sql);
$new_comment_id = $mysqli->insert_id;
// Update the number of comments on the post
$count_sql = "SELECT COUNT(*) AS NumComments FROM Comments WHERE PostId=" . $mysqli->real_escape_string($post_id);
$count_result = $mysqli->query($count_sql);
$count_row = $count_result->fetch_assoc();
$update_sql = "UPDATE Posts SET Comments=" . $mysqli->real_escape_string($count_row["NumComments"]) . " WHERE Id=" . $mysqli->real_escape_string($post_id);
$update_result = $mysqli->query($update_sql);
// do an email notification if required
if ($post_row["UserId"] != $_SESSION["user_id"]) {
if ($post_row["NotifyComments"] == 1) {
$mail_to = $post_row["Email"];
$mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " commented on '" . $post_row["Title"] . "'";
$mail_message = "You have received a new comment on your post '" . $link_title . "' by " . $_SESSION["user_name"] . "...\n---\n" . $body . "\n - " . $_SESSION["user_name"] . " (http://wetheusers.net/" . $_SESSION["user_name"] . ")\n---\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
SendSystemMessage($mysqli, $post_row["UserId"], $_SESSION["user_name"] . " commented on your post '" . $link_title . "'", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") commented on your post [" . $link_title . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . ")\n\n" . $body, 1);
}
// find out people who have commented previously that have NotifyOtherComments switched on
$sql = "SELECT DISTINCT Users.Id AS UserId, Users.Email AS Email,Users.NotifyOtherComments" . " FROM Users" . " INNER JOIN Comments ON Comments.UserId=Users.Id AND Comments.PostId=" . $post_row["Id"] . " INNER JOIN Posts ON Posts.Id=" . $post_row["Id"] . " WHERE Comments.UserId<>" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.UserId<>Comments.UserId";
// not if you wrote the comment
// not if you wrote the post
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
while ($comment_row = @$result->fetch_assoc()) {
if ($comment_row["NotifyOtherComments"] == 1 && $post_row["UserId"] != $_SESSION["user_id"]) {
$mail_to = $comment_row["Email"];
$mail_subject = $_SESSION["user_name"] . " commented on '" . $post_row["Title"] . "' too";
$mail_message = "A new comment has been posted by " . $_SESSION["user_name"] . " on '" . $link_title . "' by " . $post_row["Username"] . ".\n---\n" . $body . "\n - " . $_SESSION["user_name"] . " (http://wetheusers.net/" . $_SESSION["user_name"] . ")\n---\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
SendSystemMessage($mysqli, $comment_row["UserId"], "'" . $_SESSION["user_name"] . "' posted a new comment on '" . $link_title . "' by " . $post_row["Username"], "A new comment has been posted by [" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") on [" . $link_title . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . ") by [" . $post_row["Username"] . "](http://wetheusers.net/" . $post_row["Username"] . ") (you have also commented on this post)\n\n" . $body, 2);
}
}
return "success";
} else {
header("Location: /404");
}
} else {
header("Location: " . $_SERVER["HTTP_REFERER"] . "/failure");
}
} else {
header("Location: /401");
}
}
public function save($title, $album)
{
$album->title = sanitizeText($title);
$slug = toAscii($title);
$album->slug = $album->id . (!empty($slug) ? '-' . $slug : '');
$album->save();
return $album;
}
function generateFileName($name)
{
$i = 0;
$fname = toAscii($name . $i) . ".rdf";
while (file_exists("rdf/" . $fname)) {
$i++;
$fname = toAscii($name . $i) . ".rdf";
}
return $fname;
}
function getUniqueFilename($path, $name, $extension = 'csv')
{
// Deleting "." from extension
$extension = str_replace('.', '', $extension);
// Setting initial name
$init_name = $name = toAscii($name);
// Setting counter
$i = 1;
// Checking for existed name
while (file_exists($path . $init_name . '.' . $extension)) {
$init_name = $name . '_' . $i++;
}
// Returning unique filename (without path)
return $init_name . '.' . $extension;
}
function render_tag_rss($tag)
{
$mysqli = db_connect();
$xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" . "<rss version=\"2.0\" xmlns:atom=\"http://www.w3.org/2005/Atom\">\n" . "<channel>\n" . "<title>" . $tag . " - " . SITE_NAME . "</title>\n" . "<atom:link href=\"http://wetheusers.net/tag/" . $tag . "/rss\" rel=\"self\" type=\"application/rss+xml\" />\n" . "<link>http://wetheusers.net/tag/" . $tag . "</link>\n" . "<description>The public posts tagged '" . $tag . "' at wetheusers.net</description>\n" . "<lastBuildDate>" . date("r") . "</lastBuildDate>\n" . "<language>en-gb</language>\n";
$sql = "SELECT DISTINCT Posts.*,DATE_FORMAT(Posts.Created, '%a, %d %b %Y %T') AS RssPubDate, Users.Username,Users.Avatar,null AS LikeId FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " INNER JOIN PostTags ON Posts.Id=PostTags.PostId" . " INNER JOIN Tags ON PostTags.TagId=Tags.Id" . " WHERE Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Tags.Name='" . $mysqli->real_escape_string($tag) . "'" . " ORDER BY Created DESC LIMIT 20";
$posts_result = $mysqli->query($sql);
while ($post_row = @$posts_result->fetch_assoc()) {
$rss_pub_date = $post_row["RssPubDate"] . " GMT";
$img_html = $post_row["Photo"] != "" ? "<p><img src=\"http://wetheusers.net/" . $post_row["Photo"] . "\" /></p>\n" : "";
$xml .= "<item>\n" . "<title>" . strip_tags($post_row["Title"]) . "</title>\n" . "<link>http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "</link>\n" . "<guid>http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "</guid>\n" . "<pubDate>" . $rss_pub_date . "</pubDate>\n" . "<description><![CDATA[" . $img_html . Markdown($post_row["Body"]) . "]]></description>\n" . "</item>\n";
}
// end the feed
$xml .= "</channel>\n" . "</rss>\n";
return $xml;
}
/**
* Method to add games
*
* @param array $val
* @param boolean $isAdmin
* @return bool
*/
public function add($val, $isAdmin = false)
{
$expected = ['title', 'description', 'category', 'content' => '', 'approved' => \Config::get('game-need-confirm') ? 0 : 1, 'verified' => 0, 'width' => '100%', 'height' => '450'];
/**
* @var $title
* @var $description
* @var $category
* @var $approved
* @var $verified
* @var $content
* @var $width
* @var $height
*/
extract(array_merge($expected, $val));
if ($isAdmin) {
$approved = 1;
}
$gameFile = '';
if (\Input::hasFile('file')) {
$maxSize = \Config::get('game-max-upload', 10000000);
$file = \Input::file('file');
$ext = $file->getClientOriginalExtension();
if ($file->getSize() > $maxSize or strtolower($ext) != 'swf') {
return false;
}
$userid = \Auth::user()->id;
$filePath = "uploads/games/" . $userid . '/';
//ensure the folder exists
$this->file->makeDirectory(public_path() . '/' . $filePath, 0777, true, true);
$fileName = md5($file->getClientOriginalName() . time()) . '.swf';
$gameFile = $filePath . $fileName;
$file->move(public_path() . '/' . $filePath, $fileName);
}
$gameIcon = '';
if (\Input::hasFile('icon')) {
if (!$this->photoRepository->imagesMetSizes(\Input::file('icon'))) {
return false;
}
$user = \Auth::user();
$gameIcon = $this->photoRepository->upload(\Input::file('icon'), ['path' => 'users/' . $user->id, 'slug' => 'games-', 'userid' => $user->id]);
}
//one of game file and content must not be empty
if (empty($gameFile) and empty($content)) {
return false;
}
$category = sanitizeText($category);
if (!$this->category->get($category)) {
return false;
}
$slug = toAscii($title);
if (!empty($title)) {
$game = $this->model->newInstance();
$game->title = sanitizeText($title, 130);
$game->description = sanitizeText($description);
$game->category = $category;
$game->user_id = \Auth::user()->id;
$game->verified = $verified;
$game->slug = hash('crc32', $title . time());
$game->approved = $approved;
if (isset($content)) {
$game->iframe_content = $content;
}
$game->game_path = $gameFile;
$game->logo = $gameIcon;
if ($width) {
$game->width = sanitizeText($width);
}
if ($height) {
$game->height = sanitizeText($height);
}
$game->save();
$this->event->fire('game.add', [$game]);
return $game;
}
return false;
}
/**
* Returns array('success'=>true) or array('error'=>'error message')
*/
function handleUpload($uploadDirectory, $replaceOldFile = FALSE)
{
if (!is_writable($uploadDirectory)) {
return array('error' => "Server error. Upload directory isn't writable.");
}
if (!$this->file) {
return array('error' => 'No files were uploaded.');
}
$size = $this->file->getSize();
if ($size == 0) {
return array('error' => 'File is empty');
}
if ($size > $this->sizeLimit) {
return array('error' => 'File is too large');
}
$pathinfo = pathinfo($this->file->getName());
$filename = $pathinfo['filename'];
$filename = toAscii($filename) . "_" . date("Y_m_d_H_i_s");
//$filename = md5(uniqid());
$ext = $pathinfo['extension'];
if ($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)) {
$these = implode(', ', $this->allowedExtensions);
return array('error' => 'File has an invalid extension, it should be one of ' . $these . '.');
}
if (!$replaceOldFile) {
/// don't overwrite previous files that were uploaded
while (file_exists($uploadDirectory . $filename . '.' . $ext)) {
$filename .= rand(10, 99);
}
}
if ($this->file->save($uploadDirectory . $filename . '.' . $ext)) {
return array('success' => true, 'filename' => $filename . '.' . $ext);
} else {
return array('error' => 'Could not save uploaded file.' . 'The upload was cancelled, or server error encountered');
}
}
echo "Modultyp: " . toAscii(array($sline[9], $sline[10], $sline[11], $sline[12], $sline[13], $sline[14], $sline[15], $sline[16], $sline[17], $sline[18], $sline[19], $sline[20])) . "; ";
break;
case "04":
echo " -> ";
$mode = "";
if ($sline[9] == "01") {
$mode = "Automatik";
}
if ($sline[9] == "02") {
$mode = "Manuell";
}
if ($sline[9] == "04") {
$mode = "Adaption";
}
echo "Betriebsart: " . $sline[9] . ": {$mode}";
break;
case "05":
case "06":
echo " -> ";
echo "Messwert: " . hexdec($sline[9] . $sline[10]) * 0.01 . "; ";
echo "Bereich Anfang: " . hexdec($sline[11] . $sline[12]) * 0.01 . "; ";
echo "Bereich Ende: " . hexdec($sline[13] . $sline[14]) * 0.01 . "; ";
echo "Einheit: " . toAscii(array($sline[15], $sline[16], $sline[17], $sline[18], $sline[19])) . "; ";
echo "Teiler: " . toAscii(array($sline[20]));
break;
}
echo "\n";
}
echo "\n";
}
echo "</pre>";
</form>
<?php
$notfound = array();
$files = array();
if ($os) {
$path = "./os/" . toAscii(basename($os)) . ".html";
if (file_exists($path)) {
$files[] = $path;
}
} else {
$families = explode(",", $families);
$families = array_reverse($families);
$files[] = "./defaults/default.html";
foreach ($families as $family) {
$path = "./results/" . toAscii(basename($family)) . ".html";
if (file_exists($path)) {
$files[] = $path;
} else {
if (!empty($family)) {
$notfound[] = $family;
}
}
}
}
if (count($notfound) > 0) {
?>
<p class="legend unsupported"><span class="icon-unsupported" aria-hidden="true"></span>
<?php
$notfound = array_reverse($notfound);
$notfoundLength = count($notfound);
$db = array('server' => 'localhost', 'user' => 'root', 'password' => 'monkey00', 'database' => 'swapi');
// $nodes = [];
// $links = [];
// $people = [];
$link = mysqli_connect($db['server'], $db['user'], $db['password'], $db['database']);
// $q = "SELECT * FROM craft_entryversions WHERE id NOT IN (SELECT id FROM (SELECT max(id) AS id, entryId FROM craft_entryversions GROUP BY entryId) X) AND locale = '".$locale."'";
$q = "SELECT * FROM data WHERE name <> ''";
$r = $link->query($q);
foreach ($r as $row) {
$people[$row['id']] = toAscii($row['name']);
// if ($row['killer'] > 0 AND $row['film'] != NULL) {
// $node['match'] =
$death['match'] = 1;
$death['name'] = htmlspecialchars($row['name']);
$death['artist'] = $row['film'];
$death['id'] = toAscii($row['name']);
$count = "SELECT * FROM `deaths` WHERE `killer` = '" . $row['id'] . "'";
$countR = $link->query($count);
// print_r($countR);
// exit;
$death['playcount'] = $countR->num_rows;
$death['affinity'] = (int) $row['affinity'];
$death['group'] = (int) $row['film'];
$death['value'] = $row['episodes'];
// $node['id'] =
$deaths[] = $death;
// }
// match": 1.0,
// "name": "Diamonds On The Soles Of Her Shoes",
// "artist": "Paul Simon",
// "id": "diamonds_on_the_soles_of_her_shoes_paul_simon",
static function format($data, $highlight = false)
{
$timer = new timer();
$single = false;
// test_array($items);
if (isset($data['ID'])) {
$single = true;
$data = array($data);
}
//test_array($items);
$i = 1;
$n = array();
//test_array($items);
foreach ($data as $item) {
if ($highlight) {
$item = parent::highlight($item, $highlight);
}
$item['url'] = toAscii($item['name']);
$n[] = $item;
}
if ($single) {
$n = $n[0];
}
$timer->_stop(__NAMESPACE__, __CLASS__, __FUNCTION__, func_get_args());
return $n;
}
public function render_template()
{
$this->default_vars();
if (is_array($this->vars['folder'])) {
$folder = $this->vars['folder'];
} else {
$folder = array($this->vars['folder']);
}
if (isset($this->vars['page'])) {
if (isset($this->vars['page']['js']) && $this->vars['page']['js'] != '') {
if (!is_array($this->vars['page']['js'])) {
$this->vars['page']['js'] = explode(",", $this->vars['page']['js']);
}
}
if (isset($this->vars['page']['template'])) {
$folders = $folder;
$tfile = $this->vars['page']['template'];
$tfile = explode(".", $tfile);
$tfile = $tfile[0];
$version = $this->f3->get('_v');
foreach ($folders as $f) {
if (file_exists('' . $f . '' . $tfile . '.twig')) {
if (file_exists('' . $f . '_js/' . $tfile . '.js')) {
$this->vars['page']['template_js'] = '/' . $f . '_js/' . $tfile . '.' . $version . '.js';
}
if (file_exists('' . $f . '_css/' . $tfile . '.css')) {
$this->vars['page']['template_css'] = '/' . $f . '_css/' . $tfile . '.' . $version . '.css';
}
if (file_exists('' . $f . 'template/' . $tfile . '.jtmpl')) {
$this->vars['page']['template_jtmpl'] = '/' . 'template/' . $tfile . '.jtmpl';
}
break;
}
}
$this->vars['page']['template'] = $this->vars['page']['template'] . ".twig";
}
//test_array($this->vars['page']);
}
//test_array($this->vars['page']);
if ($this->config['strictfolder']) {
$folder = $this->vars['folder'];
}
$loader = new Twig_Loader_Filesystem($folder);
$options = array();
if (!isLocal() && $this->f3->get("CACHE")) {
// $options['cache'] = $this->config['cache_dir'];
}
$options['debug'] = true;
//$options['cache'] = false;
//test_array($this->vars);
$twig = new Twig_Environment($loader, $options);
$twig->addExtension(new Twig_Extension_Debug());
$twig->addFilter(new Twig_SimpleFilter('toAscii', function ($string) {
$string = toAscii($string);
return $string;
}));
$twig->addFilter(new Twig_SimpleFilter('scrub', function ($string) {
$f3 = \Base::instance();
$string = $f3->scrub($string);
return $string;
}));
//test_array(array("template"=>$this->template,"vars"=>$this->vars));
return $twig->render($this->template, $this->vars);
}
}
// must be valid deadline or empty
$formattedDeadline = strtotime($deadline);
if ($formattedDeadline === false && $deadline != '') {
$json = array('error' => 'Deadline must be a valid date or empty.');
exit(json_encode($json));
}
// format deadline for MYSQL
$formattedDeadline = $formattedDeadline != '' ? date("Y-m-d H:i:s", $formattedDeadline) : null;
// format private
$private = empty($private) ? 0 : 1;
// create the project
$project = new Project(array('creator_id' => Session::getUserID(), 'title' => $title, 'slug' => '', 'pitch' => $pitch, 'specs' => $specs, 'rules' => $rules, 'status' => Project::STATUS_PRE_PRODUCTION, 'deadline' => $formattedDeadline, 'private' => $private));
$project->save();
// generate slug from project title/ID
$slug = toAscii($title);
$slug = $project->getID() . '-' . $slug;
// save new slug
$project->setSlug($slug);
$project->save();
// add creator as ProjectUser
$pu = new ProjectUser(array('project_id' => $project->getID(), 'user_id' => Session::getUserID(), 'relationship' => ProjectUser::CREATOR));
$pu->save();
// log it
$logEvent = new Event(array('event_type_id' => 'create_project', 'project_id' => $project->getID(), 'user_1_id' => Session::getUserID()));
$logEvent->save();
// send us back
//$successURL = Url::project($project->getID());
$successURL = Url::peopleInvite($project->getID());
Session::setMessage('Project created! Now you need some members.');
$json = array('success' => '1', 'successUrl' => $successURL);
/**
* Converts to lowercase url friendly string.
*
* @param string $string_
*
* @return string
*/
function toLowercaseUrlIdentifier($string_, $preserveUnicode_ = false)
{
if ($preserveUnicode_) {
$string_ = mb_convert_encoding($string_, 'HTML-ENTITIES', libstd_get('charset', 'env'));
} else {
$string_ = toAscii($string_);
}
$string_ = preg_replace('/[^a-z0-9]/i', '-', $string_);
$string_ = preg_replace('/-+/', '-', strtolower($string_));
if ('-' === $string_) {
return null;
}
return $string_;
}
function sendNewItemNotification($itemid, $title, $body)
{
global $CONF, $member;
// create text version of html post
$ascii = toAscii($body);
$mailto_msg = _NOTIFY_NI_MSG . " \n";
// $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
$temp = parse_url($CONF['Self']);
if ($temp['scheme']) {
$mailto_msg .= createItemLink($itemid) . "\n\n";
} else {
$tempurl = $this->getURL();
if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
$mailto_msg .= $tempurl . '?itemid=' . $itemid . "\n\n";
} else {
$mailto_msg .= $tempurl . '/?itemid=' . $itemid . "\n\n";
}
}
$mailto_msg .= _NOTIFY_TITLE . ' ' . strip_tags($title) . "\n";
$mailto_msg .= _NOTIFY_CONTENTS . "\n " . $ascii . "\n";
$mailto_msg .= getMailFooter();
$mailto_title = $this->getName() . ': ' . _NOTIFY_NI_TITLE;
$frommail = $member->getNotifyFromMailAddress();
$notify =& new NOTIFICATION($this->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg, $frommail);
}
static function format($data, $childrenGrouping = false, $highlight = false)
{
$timer = new timer();
$single = false;
// test_array($items);
if (isset($data['ID'])) {
$single = true;
$data = array($data);
}
//test_array($items);
$i = 1;
$n = array();
//test_array($items);
foreach ($data as $item) {
if ($highlight) {
$item = parent::highlight($item, $highlight);
}
$item['url'] = toAscii($item['category']);
$n[] = $item;
}
if ($single) {
$n = $n[0];
}
$records = $n;
if (count($records) && !isset($n['ID']) && $childrenGrouping) {
$rows = array();
foreach ($records as $row) {
$row['children'] = array();
$rows[$row['ID']] = $row;
}
foreach ($rows as $k => &$v) {
if ($v['parentID'] == $v['ID']) {
continue;
}
if (isset($rows[$v['parentID']])) {
$rows[$v['parentID']]['children'][] =& $v;
}
}
foreach ($rows as $item) {
if ($item['parentID']) {
unset($rows[$item['ID']]);
}
}
// array_splice($rows, 2);
//test_array($rows);
$n = $rows;
$nn = array();
foreach ($n as $key => $item) {
$nn[] = $item;
}
$n = $nn;
}
//test_array($n);
$timer->_stop(__NAMESPACE__, __CLASS__, __FUNCTION__, func_get_args());
return $n;
}
function post_add()
{
if (isset($_SESSION["user_id"])) {
$post_title = isset($_POST["title"]) ? $_POST["title"] : "";
$post_body = isset($_POST["body"]) ? $_POST["body"] : "";
$post_tags = isset($_POST["tags"]) ? $_POST["tags"] : "";
$post_privacy = isset($_POST["privacy"]) ? $_POST["privacy"] : "";
$post_status = isset($_POST["status"]) ? $_POST["status"] : "";
$link_title = $post_title != "" ? $post_title : "Untitled";
if ($post_privacy != "" && $post_status != "") {
$new_post_id = 0;
$mysqli = db_connect();
$mysqli->query("INSERT INTO Posts (UserId,Title,Body,Privacy,Status,Created,IPCreated) VALUES (" . "'" . $mysqli->real_escape_string($_SESSION["user_id"]) . "'," . "'" . $mysqli->real_escape_string($post_title) . "'," . "'" . $mysqli->real_escape_string($post_body) . "'," . "'" . $mysqli->real_escape_string($post_privacy) . "'," . "'" . $mysqli->real_escape_string($post_status) . "'," . "NOW()," . "'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "'" . ")");
$new_post_id = $mysqli->insert_id;
// do we have a photo ?
upload_photo($new_post_id, $mysqli);
// break the tags up into individual terms
$tags = explode(",", $post_tags);
if (count($tags) > 0) {
// trim all tags
$tags = array_map("trim", $tags);
foreach ($tags as $tag) {
if ($tag != "") {
$tag = strtolower($tag);
$tag_id = 0;
// find out if the tag exists
$sql = "SELECT * FROM Tags WHERE Name='" . $mysqli->real_escape_string($tag) . "'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
// if it does exist, get it's ID
$row = @$result->fetch_assoc();
$tag_id = $row["Id"];
} else {
// if it does not exist, add it, and get the ID
$sql = "INSERT INTO Tags (Name) VALUES ('" . $mysqli->real_escape_string($tag) . "')";
$mysqli->query($sql);
$tag_id = $mysqli->insert_id;
}
// add the tag to the PostTags list
$mysqli->query("INSERT INTO PostTags (PostId,TagId,Created) VALUES (" . $mysqli->real_escape_string($new_post_id) . "," . $mysqli->real_escape_string($tag_id) . ",Now())");
}
}
}
if ($post_status == POST_STATUS_PUBLISHED) {
// check if we have any users to notify
if ($post_privacy == POST_PRIVACY_FRIENDS_ONLY) {
// fetch people that the writer calls a friend AND where the people call the writer a friend
$sql = "SELECT DISTINCT Users.Id,Users.Email,Users.NotifyFriendsPosts FROM Users" . " LEFT OUTER JOIN Friends FriendsOfMe ON FriendsOfMe.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendsOfMe.FriendId=Users.Id" . " LEFT OUTER JOIN Friends FriendsOfAuthor ON Users.Id=FriendsOfAuthor.UserId AND FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE (FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendsOfMe.FriendId=Users.Id)";
} else {
if ($post_privacy != POST_PRIVACY_PRIVATE) {
// fetch everybody that calls the author a friend
$sql = "SELECT Users.Id,Users.Email,Users.NotifyFriendsPosts FROM Users" . " INNER JOIN Friends ON Friends.UserId=Users.Id" . " WHERE Friends.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]);
} else {
$sql = "SELECT * FROM Friends WHERE 1=2";
}
}
$user_result = $mysqli->query($sql);
if ($user_result->num_rows > 0) {
while ($user_row = @$user_result->fetch_assoc()) {
if ($user_row["NotifyFriendsPosts"] == 1) {
$mail_to = $user_row["Email"];
$mail_subject = SITE_NAME . " - '" . $_SESSION["user_name"] . "' has a new post!";
$mail_message = "Your friend '" . $_SESSION["user_name"] . "' has just posted the following...\n\n" . $post_title . "\n" . "http://wetheusers.net/post/" . $new_post_id . "/" . toAscii($link_title) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
// send the system message
SendSystemMessage($mysqli, $user_row["Id"], $_SESSION["user_name"] . " has written a new post - " . $post_title, "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") has written a new post - [" . $link_title . "](http://wetheusers.net/post/" . $new_post_id . "/" . toAscii($link_title) . ")", 3);
}
}
}
return $new_post_id;
} else {
return -1;
}
} else {
header("Location: /401");
}
}
function company()
{
$result = array();
$user = $this->user;
$ID = isset($_GET['ID']) ? $_GET['ID'] : "";
$ID_orig = $ID;
$values = array("company" => $this->post("company", true), "invitecode" => $this->post("invitecode"), "admin_email" => $this->post("admin_email", "A valid email is Required"));
$errors = $this->errors;
if ($values['invitecode'] == "") {
$values['invitecode'] = $values['company'] . "-" . md5($values['company'] . "meetpad" . date("dmyhis"));
}
$companyO = models\company::getInstance();
$exists = $companyO->getAll("company='{$values['company']}'");
$exists = isset($exists[0]) ? $exists[0] : false;
if ($exists && $exists['ID'] != $ID) {
$errors['company'] = "A company with that name already exists<br> Admin Contact: {$exists['admin_email']}";
}
//test_array($errors);
$groups = array();
$categories = array();
$groups_id = array();
$categories_id = array();
$groupCount = 0;
$catCount = 0;
foreach ($_POST as $key => $val) {
if (strpos($key, "group-edit-") > -1) {
$itemID = str_replace("group-edit-", '', $key);
$groups_id[] = $itemID;
$groups[] = array("ID" => $itemID, "group" => $val, "orderby" => count($groups));
if ($val != "") {
$groupCount = $groupCount + 1;
}
}
if (strpos($key, "group-add-") > -1) {
$groups[] = array("ID" => "", "group" => $val, "orderby" => count($groups));
if ($val != "") {
$groupCount = $groupCount + 1;
}
}
if (strpos($key, "category-add-") > -1) {
$categories[] = array("ID" => "", "category" => $val, "orderby" => count($categories));
if ($val != "") {
$catCount = $catCount + 1;
}
}
if (strpos($key, "category-edit-") > -1) {
$itemID = str_replace("category-edit-", '', $key);
$categories_id[] = $itemID;
$categories[] = array("ID" => str_replace("category-edit-", '', $key), "category" => $val, "orderby" => count($categories));
if ($val != "") {
$catCount = $catCount + 1;
}
}
}
if ($groupCount <= 0) {
$errors['company-groups'] = "No Groups Added, Please add at least 1 group to the company";
}
if ($catCount <= 0) {
$errors['company-categories'] = "No Categories Added, Please add at least 1 category to the company";
}
//test_array($categories);
if (count($errors) == 0) {
$ID = models\company::save($ID, $values);
models\company::saveGroups($ID, $groups);
models\company::saveCategories($ID, $categories);
// ->saveGroups($groups)->removeGroups($group_remove_list)->saveCategories($categories)->removeCategories($category_remove_list)->show();
if ($ID_orig != $ID) {
models\company::addUser($this->user["ID"], $ID, true);
}
}
$return = array("ID" => $ID, "errors" => $errors);
if ($ID_orig != $ID) {
$return['new'] = toAscii($values['company']);
}
return $GLOBALS["output"]['data'] = $return;
}
function comment_like($post_id, $comment_id)
{
if (isset($_SESSION["user_id"])) {
// open database connection
$mysqli = db_connect();
// get the post
$sql = "SELECT Posts.*,Users.Username,Users.Avatar,Users.NotifyLikes AS NotifyLikes,Users.Email AS Email FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " LEFT OUTER JOIN Friends FriendsA ON Posts.UserId=FriendsA.UserId AND FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE" . " ((FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Posts.Id='" . $mysqli->real_escape_string($post_id) . "'";
$post_result = $mysqli->query($sql);
$sql = "SELECT * FROM Comments" . " INNER JOIN Users ON Comments.UserId=Users.Id" . " WHERE Comments.Id='" . $mysqli->real_escape_string($comment_id) . "'";
$comment_result = $mysqli->query($sql);
if ($post_result->num_rows > 0 && $comment_result->num_rows > 0) {
$post_row = $post_result->fetch_assoc();
$comment_row = $comment_result->fetch_assoc();
// remove previous likes (to prevent repeated calls)
$sql = "DELETE FROM CommentLikes WHERE UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND PostId=" . $mysqli->real_escape_string($post_id) . " AND CommentId=" . $mysqli->real_escape_string($comment_id);
$mysqli->query($sql);
// add a new like
$sql = "INSERT INTO CommentLikes (UserId,PostId,CommentId,Created,IPCreated) VALUES (" . $mysqli->real_escape_string($_SESSION["user_id"]) . "," . $mysqli->real_escape_string($post_id) . "," . $mysqli->real_escape_string($comment_id) . ",NOW(),'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "')";
$mysqli->query($sql);
// find out how many likes the comment now has
$sql = "SELECT COUNT(Id) AS NumLikes FROM CommentLikes WHERE PostId=" . $mysqli->real_escape_string($post_id) . " AND CommentId=" . $mysqli->real_escape_string($comment_id);
$likes_result = $mysqli->query($sql);
$likes_row = $likes_result->fetch_assoc();
// update the like count on the post
$sql = "UPDATE Comments SET Likes=" . $mysqli->real_escape_string($likes_row["NumLikes"]) . " WHERE Id=" . $mysqli->real_escape_string($comment_id);
$mysqli->query($sql);
// find out if the User wants a notification
if ($comment_row["NotifyLikes"] == 1) {
$mail_to = $comment_row["Email"];
$mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'";
$mail_message = $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'. The comment now has " . $likes_row["NumLikes"] . " likes.\n\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
SendSystemMessage($mysqli, $comment_row["UserId"], $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") liked your comment to the post [" . $post_row["Title"] . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "). The comment now has " . $likes_row["NumLikes"] . " likes.", 6);
return $likes_row["NumLikes"];
} else {
return -1;
}
} else {
return -1;
}
}
function render_tile($mysqli, $post_row, $display_comments)
{
$privacy_class = $post_row["Privacy"] == POST_PRIVACY_FRIENDS_ONLY ? "friends_only" : "";
$html = "<div class=\"tile " . $privacy_class . "\">\n";
if ($post_row["Photo"] != "") {
$target_width = 320;
//determine dimensions
$width = intval($post_row["PhotoWidth"]);
$height = intval($post_row["PhotoHeight"]);
// make it smaller
$ratio = $target_width / $width;
// we want to end up at 280 width
$width = round($width * $ratio);
$height = round($height * $ratio);
$html .= "<div class='photo'><a href=\"/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\" title=\"" . $post_row["Title"] . "\"><img src=\"/" . $post_row["Photo"] . "\" width=\"" . $width . "\" height=\"" . $height . "\" alt=\"" . $post_row["Title"] . "\" /></a></div>\n";
}
$html .= "<div class=\"post\">\n";
// render the post content
$html .= "<h2><a href=\"/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\" title=\"" . htmlspecialchars($post_row["Title"]) . "\">" . $post_row["Title"] . "</a></h2>\n";
// look for twitter style name references in the body
$pattern = "/@([a-zA-Z0-9_]+)/";
$replace = "[@\$1](http://wetheusers.net/\$1)";
$body = preg_replace($pattern, $replace, $post_row["Body"]);
// look for hashtags
$pattern = "/#([a-zA-Z0-9_]+)/";
$replace = "[#\$1](http://wetheusers.net/explore/tag/\$1)";
$body = preg_replace($pattern, $replace, $body);
$html .= Markdown($body);
// if we have no avatar, substitute with a generic image
$avatar_image = $post_row["Avatar"] != "" ? $post_row["Avatar"] : "avatars/generic_64.jpg";
$like_button = "";
if (isset($_SESSION["user_id"])) {
if ($post_row["UserId"] != $_SESSION["user_id"]) {
$liked = $post_row["LikeId"] != null ? "liked" : "";
$like_button = "<div title=\"Click to like or unlike\" class=\"like_button " . $liked . "\" post_id=\"" . $post_row["Id"] . "\" like_count_id=\"like_count_" . $post_row["Id"] . "\"> </div>\n";
}
}
// render the meta data
$html .= "</div> <!-- .post -->\n" . "<div class=\"meta\">\n" . "<div class=\"avatar\"><a href=\"/" . $post_row["Username"] . "\" title=\"" . $post_row["Username"] . "\"><img src=\"/" . $avatar_image . "\" width=\"32\" height=\"32\" alt=\"" . $post_row["Username"] . "\" /></a></div>\n" . "<div class=\"info\"><a href=\"/" . $post_row["Username"] . "\" title=\"" . $post_row["Username"] . "\">" . $post_row["Username"] . "</a>\n" . " <ul class='controls'>\n" . " <li><a href=\"/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\">" . time_ago($post_row["Created"]) . "</a></li>\n" . " <li><a href=\"/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "/#comments\">" . $post_row["Comments"] . " comments</a></li>\n" . " <li><a href=\"/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "/#likes\"><span id=\"like_count_" . $post_row["Id"] . "\">" . $post_row["Likes"] . "</span> likes</a></li>\n" . " </ul>\n" . "</div> <!-- .info -->\n" . $like_button . "<div class=\"clear\"></div>\n" . "</div> <!-- .meta -->\n" . "</div> <!-- .tile -->\n";
return $html;
}
SELECT mp_id, mp_mid, readed, deleted FROM ' . $source . '.mp_participants') or die(print_r($dbDestination->errorInfo()));
$r = $dbSource->query('SELECT * FROM mp_msg');
$dbDestination->beginTransaction();
$q = $dbDestination->prepare('INSERT INTO msg_messages (id, module, pmid, author, content, created_at, updated_at)
VALUES (null, "pm", :k, :a, :c, :cr, :up)');
while ($d = $r->fetch()) {
$q->execute(array("k" => $d['mp_id'], "a" => $d['mp_auteur'], "c" => bbcode_decode($d['mp_txt']), "cr" => $d['mp_date'], "up" => $d['mp_date']));
}
$dbDestination->commit();
echo "Updating PM timings (last message date)...\n";
$q = $dbDestination->query('UPDATE pm_topics f SET
created_at = (SELECT MIN(created_at) FROM msg_messages WHERE module = "pm" AND pmid = f.id),
updated_at = (SELECT MAX(created_at) FROM msg_messages WHERE module = "pm" AND pmid = f.id)');
echo "Migrating news...\n";
$r = $dbSource->query('SELECT * FROM news');
$dbDestination->beginTransaction();
$q = $dbDestination->prepare('INSERT INTO news (id, title, description, author, created_at, updated_at, slug)
VALUES (null, :t, :d, :a, :c, :u, :s)');
while ($d = $r->fetch()) {
$q->execute(array("t" => $d['titre'], "a" => $d['auteur'], "d" => bbcode_decode($d['contenu']), "c" => $d['creation'], "u" => $d['creation'], "s" => toAscii($d['titre'])));
}
$dbDestination->commit();
echo "Migrating IP...\n";
$r = $dbSource->query('SELECT * FROM ip');
$dbDestination->beginTransaction();
$q = $dbDestination->prepare('INSERT INTO ips (ip, uid, created_at, updated_at)
VALUES (:i, :u, :c, :u)');
while ($d = $r->fetch()) {
$q->execute(array("i" => inet_ntop($d['ip']), "u" => $d['uid'], "c" => $d['creation'], "u" => $d['creation']));
}
$dbDestination->commit();