Esempio n. 1
  * put an updated section in the database
  * @param array an array of fields
  * @return TRUE on success, or FALSE on error
  * @see sections/edit.php
 public static function put(&$fields)
     global $context;
     // id cannot be empty
     if (!isset($fields['id']) || !is_numeric($fields['id'])) {
         Logger::error(i18n::s('No item has the provided id.'));
         return FALSE;
     // title cannot be empty
     if (!isset($fields['title']) || !trim($fields['title'])) {
         Logger::error(i18n::s('No title has been provided.'));
         return FALSE;
     // sanity filter
     $fields['title'] = strip_tags($fields['title'], '<br>');
     // protect from hackers
     if (isset($fields['icon_url'])) {
         $fields['icon_url'] = encode_link($fields['icon_url']);
     if (isset($fields['thumbnail_url'])) {
         $fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
     // set default values for this editor
     // reinforce date formats
     if (!isset($fields['activation_date']) || $fields['activation_date'] <= NULL_DATE) {
         $fields['activation_date'] = NULL_DATE;
     if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
         $fields['expiry_date'] = NULL_DATE;
     if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
         $fields['publish_date'] = NULL_DATE;
     // set conservative default values
     if (!isset($fields['active_set'])) {
         $fields['active_set'] = 'Y';
     if (isset($fields['edit_action'])) {
         $fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
     if (!isset($fields['home_panel']) || !$fields['home_panel']) {
         $fields['home_panel'] = 'main';
     if (!isset($fields['index_map']) || !$fields['index_map']) {
         $fields['index_map'] = 'Y';
     if (!isset($fields['index_news']) || !$fields['index_news']) {
         $fields['index_news'] = 'static';
     if (!isset($fields['rank']) || !$fields['rank']) {
         $fields['rank'] = 10000;
     // set layout for sections
     if (!isset($fields['sections_layout']) || !$fields['sections_layout'] || !preg_match('/^(accordion|carrousel|compact|custom|decorated|directory|folded|inline|jive|map|slashdot|tabs|titles|yabb|none)$/', $fields['sections_layout'])) {
         $fields['sections_layout'] = 'map';
     } elseif ($fields['sections_layout'] == 'custom') {
         if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
             $fields['sections_layout'] = $fields['sections_custom_layout'];
         } else {
             $fields['sections_layout'] = 'map';
     // set layout for articles
     if (!isset($fields['articles_layout']) || !$fields['articles_layout'] || !preg_match('/^(accordion|alistapart|carrousel|compact|custom|daily|decorated|digg|directory|hardboiled|jive|map|newspaper|none|simile|slashdot|table|tabs|tagged|threads|titles|yabb)$/', $fields['articles_layout'])) {
         $fields['articles_layout'] = 'decorated';
     } elseif ($fields['articles_layout'] == 'custom') {
         if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
             $fields['articles_layout'] = $fields['articles_custom_layout'];
         } else {
             $fields['articles_layout'] = 'decorated';
     // set canvas for articles
     if (!isset($fields['articles_canvas']) || !$fields['articles_canvas']) {
         $fields['articles_canvas'] = 'standard';
     // clean provided tags
     if (isset($fields['tags'])) {
         $fields['tags'] = trim($fields['tags'], " \t.:,!?");
     // cascade anchor access rights
     if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
         $fields['active'] = $anchor->ceil_rights($fields['active_set']);
     } else {
         $fields['active'] = $fields['active_set'];
     // fields to update
     $query = array();
     // regular fields
     if (isset($fields['anchor'])) {
         $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
     $query[] = "title='" . SQL::escape($fields['title']) . "'";
     $query[] = "activation_date='" . SQL::escape($fields['activation_date']) . "'";
     $query[] = "active='" . SQL::escape($fields['active']) . "'";
     $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
     $query[] = "articles_layout='" . SQL::escape(isset($fields['articles_layout']) ? $fields['articles_layout'] : 'decorated') . "'";
     $query[] = "content_options='" . SQL::escape(isset($fields['content_options']) ? $fields['content_options'] : '') . "'";
     $query[] = "expiry_date='" . SQL::escape($fields['expiry_date']) . "'";
     $query[] = "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'";
     $query[] = "family='" . SQL::escape(isset($fields['family']) ? $fields['family'] : '') . "'";
     $query[] = "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'";
     $query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
     $query[] = "index_map='" . SQL::escape(isset($fields['index_map']) ? $fields['index_map'] : 'Y') . "'";
     $query[] = "index_news='" . SQL::escape(isset($fields['index_news']) ? $fields['index_news'] : 'static') . "'";
     $query[] = "index_news_count=" . SQL::escape(isset($fields['index_news_count']) ? $fields['index_news_count'] : 5);
     $query[] = "index_title='" . SQL::escape(isset($fields['index_title']) ? $fields['index_title'] : '') . "'";
     $query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
     $query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
     $query[] = "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'";
     $query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'";
     $query[] = "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'";
     $query[] = "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'";
     $query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
     $query[] = "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'";
     $query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : 10000) . "'";
     $query[] = "section_overlay='" . SQL::escape(isset($fields['section_overlay']) ? $fields['section_overlay'] : '') . "'";
     $query[] = "sections_layout='" . SQL::escape(isset($fields['sections_layout']) ? $fields['sections_layout'] : 'map') . "'";
     $query[] = "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'";
     $query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
     $query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
     $query[] = "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
     // fields visible only to associates
     if (Surfer::is_associate()) {
         $query[] = "articles_canvas='" . SQL::escape(isset($fields['articles_canvas']) ? $fields['articles_canvas'] : '') . "'";
         $query[] = "articles_templates='" . SQL::escape(isset($fields['articles_templates']) ? $fields['articles_templates'] : '') . "'";
         $query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
         $query[] = "content_overlay='" . SQL::escape(isset($fields['content_overlay']) ? $fields['content_overlay'] : '') . "'";
         $query[] = "home_panel='" . SQL::escape(isset($fields['home_panel']) ? $fields['home_panel'] : 'main') . "'";
         $query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
         $query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
     // don't stamp silent updates
     if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
         $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
         $query[] = "edit_id=" . SQL::escape($fields['edit_id']) . "";
         $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
         $query[] = "edit_action='section:update'";
         $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
     // update an existing record
     $query = "UPDATE " . SQL::table_name('sections') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
     if (SQL::query($query) === FALSE) {
         return FALSE;
     // assign the page to related categories
     Categories::remember('section:' . $fields['id'], NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
     // clear the cache
     // end of job
     return TRUE;
Esempio n. 2
File: check.php Progetto: rair/yacs
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'remember') {
    // scan categories
    $context['text'] .= Skin::build_block(sprintf(i18n::s('Analyzing table %s...'), SQL::table_name('articles')), 'title');
    // scan only published articles
    $where = 'NOT ((articles.publish_date is NULL) OR (articles.publish_date <= \'0000-00-00\'))';
    // only consider live articles
    $where = '(' . $where . ')' . ' AND ((articles.expiry_date is NULL)' . "\tOR (articles.expiry_date <= '" . NULL_DATE . "') OR (articles.expiry_date > '" . $context['now'] . "'))";
    // list up to 10000 most recent articles from active sections
    $query = "SELECT, articles.publish_date FROM " . SQL::table_name('articles') . " AS articles" . " WHERE " . $where . " ORDER BY articles.rank, articles.edit_date DESC LIMIT 0, 10000";
    if ($result = SQL::query($query)) {
        // scan the list
        $count = 0;
        $errors_count = 0;
        while ($row = SQL::fetch($result)) {
            if ($error = Categories::remember('article:' . $row['id'], $row['publish_date'])) {
                $context['text'] .= $error . BR . "\n";
                if (++$errors_count >= 5) {
                    $context['text'] .= i18n::s('Too many successive errors. Aborted') . BR . "\n";
            } else {
                $errors_count = 0;
            // animate user screen and take care of time
            if (!($count % 100)) {
                $context['text'] .= sprintf(i18n::s('%d records have been processed'), $count) . BR . "\n";
                // ensure enough execution time
Esempio n. 3
  * stamp an article
  * This function is used to change various dates for one article.
  * [*] If a publication date is provided, it is saved along the article.
  * An optional expiry date will be saved as well.
  * [*] If only an expiry date is provided, it is saved along the article.
  * [*] If no date is provided, the review field is updated to the current date and time.
  * Dates are supposed to be in UTC time zone.
  * The name of the surfer is registered as the official publisher.
  * As an alternative, publisher attributes ('name', 'id' and 'address') can be provided
  * in parameters.
  * @param int the id of the item to publish
  * @param string the target publication date, if any
  * @param string the target expiration date, if any
  * @param array attributes of the publisher, if any
  * @return string either a null string, or some text describing an error to be inserted into the html response
  * @see articles/publish.php
  * @see sections/manage.php
 public static function stamp($id, $publication = NULL, $expiry = NULL, $publisher = NULL)
     global $context;
     // id cannot be empty
     if (!$id || !is_numeric($id)) {
         return i18n::s('No item has the provided id.');
     // server offset
     $server_offset = 0;
     if (isset($context['gmt_offset'])) {
         $server_offset = intval($context['gmt_offset']);
     // surfer offset
     $surfer_offset = Surfer::get_gmt_offset();
     // no publication time is provided
     if (!isset($publication) || !$publication) {
         $publication_stamp = 0;
     } elseif (preg_match('/GMT$/', $publication) && strlen($publication) == 19) {
         // YYMMDD-HH:MM:SS GMT -> HH, MM, SS, MM, DD, YY
         $publication_stamp = gmmktime(intval(substr($publication, 7, 2)), intval(substr($publication, 10, 2)), intval(substr($publication, 13, 2)), intval(substr($publication, 2, 2)), intval(substr($publication, 4, 2)), intval(substr($publication, 0, 2)));
         // time()-like stamp
     } elseif (intval($publication) > 1000000000) {
         // adjust to UTC time zone
         $publication_stamp = intval($publication) + $context['gmt_offset'] * 3600;
         // YYYY-MM-DD HH:MM:SS, or a string that can be readed
     } elseif (($publication_stamp = SQL::strtotime($publication)) != -1) {
     } else {
         return sprintf(i18n::s('"%s" is not a valid date'), $publication);
     // no expiry date
     if (!isset($expiry) || !$expiry) {
         $expiry_stamp = 0;
     } elseif (preg_match('/GMT$/', $expiry) && strlen($expiry) == 19) {
         // YYMMDD-HH:MM:SS GMT -> HH, MM, SS, MM, DD, YY
         $expiry_stamp = gmmktime(substr($expiry, 7, 2), substr($expiry, 10, 2), substr($expiry, 13, 2), substr($expiry, 2, 2), substr($expiry, 4, 2), substr($expiry, 0, 2));
         // time()-like stamp
     } elseif (intval($expiry) > 1000000000) {
         // adjust to server time zone
         $expiry_stamp = intval($expiry) + $context['gmt_offset'] * 3600;
         // YYYY-MM-DD HH:MM:SS, or a string that can be readed
     } elseif (($expiry_stamp = SQL::strtotime($expiry)) != -1) {
     } else {
         return sprintf(i18n::s('"%s" is not a valid date'), $expiry);
     // review date
     $review_stamp = 0;
     if (!$publication_stamp && !$expiry_stamp) {
         $review_stamp = time();
     // shape the query
     $query = array();
     if ($publication_stamp > 0) {
         $query[] = "publish_name='" . SQL::escape(isset($publisher['name']) ? $publisher['name'] : Surfer::get_name()) . "'," . "publish_id=" . SQL::escape(isset($publisher['id']) ? $publisher['id'] : Surfer::get_id()) . "," . "publish_address='" . SQL::escape(isset($publisher['address']) ? $publisher['address'] : Surfer::get_email_address()) . "'," . "publish_date='" . gmstrftime('%Y-%m-%d %H:%M:%S', $publication_stamp) . "'," . "edit_name='" . SQL::escape(isset($publisher['name']) ? $publisher['name'] : Surfer::get_name()) . "'," . "edit_id=" . SQL::escape(isset($publisher['id']) ? $publisher['id'] : Surfer::get_id()) . "," . "edit_address='" . SQL::escape(isset($publisher['address']) ? $publisher['address'] : Surfer::get_email_address()) . "'," . "edit_action='article:publish'," . "edit_date='" . gmstrftime('%Y-%m-%d %H:%M:%S') . "'";
     if ($expiry_stamp > 0) {
         $query[] = "expiry_date='" . gmstrftime('%Y-%m-%d %H:%M:%S', $expiry_stamp) . "'";
     if ($review_stamp > 0) {
         $query[] = "review_date='" . gmstrftime('%Y-%m-%d %H:%M:%S', $review_stamp) . "'";
     // update an existing record
     $query = "UPDATE " . SQL::table_name('articles') . " SET " . implode(',', $query) . " WHERE id = " . SQL::escape($id);
     if (SQL::query($query) === FALSE) {
         return NULL;
     // remember the publication in weekly and monthly categories
     if ($publication_stamp > 0) {
         Categories::remember('article:' . $id, gmstrftime('%Y-%m-%d %H:%M:%S', $publication_stamp));
     // end of job
     return NULL;
Esempio n. 4
File: users.php Progetto: rair/yacs
  * change only some (minor) attributes
 public static function put_attributes(&$fields)
     global $context;
     // id cannot be empty
     if (!isset($fields['id']) || !is_numeric($fields['id'])) {
         Logger::error(i18n::s('No item has the provided id.'));
         return FALSE;
     // following fields are forbidden with this function
     if (isset($fields['password']) || isset($fields['nickname']) || isset($field['editor'])) {
         Logger::error(i18n::s('This action is forbidden with users::put_attributes function.'));
         return FALSE;
     // remember who is changing this record
     // query components
     $query = array();
     // clean provided tags
     if (isset($fields['tags'])) {
         $fields['tags'] = trim($fields['tags'], " \t.:,!?");
     // protect from hackers
     if (isset($fields['avatar_url'])) {
         $fields['avatar_url'] = encode_link($fields['avatar_url']);
     // build SET part of the query
     foreach ($fields as $key => $field) {
         if ($key == 'id') {
         $query[] = $key . "='" . SQL::escape($field) . "'";
     // nothing to update
     if (!count($query)) {
         return TRUE;
     // actual update query
     $query = "UPDATE " . SQL::table_name('users') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
     if (!SQL::query($query)) {
         return FALSE;
     // list the user in categories
     if (isset($fields['tags']) && $fields['tags']) {
         Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']);
     // clear the cache
     // end of job
     return TRUE;