function getWebpages($project, $tag = '', $page = 1, $webpages_per_page = 10, $orderBy = 'title', $orderDir = 'ASC', $archived = false) { $orderDir = strtoupper($orderDir); if ($orderDir != "ASC" && $orderDir != "DESC") { $orderDir = "ASC"; } if ($page < 0) { $page = 1; } //$conditions = logged_user()->isMemberOfOwnerCompany() ? '' : ' `is_private` = 0'; if ($tag == '' || $tag == null) { $tagstr = "1=1"; } else { $tagstr = "(SELECT count(*) FROM `" . TABLE_PREFIX . "tags` WHERE `" . TABLE_PREFIX . "project_webpages`.`id` = `" . TABLE_PREFIX . "tags`.`rel_object_id` AND `" . TABLE_PREFIX . "tags`.`tag` = " . DB::escape($tag) . " AND `" . TABLE_PREFIX . "tags`.`rel_object_manager` = 'ProjectWebpages' ) > 0 "; } $permission_str = ' AND (' . permissions_sql_for_listings(ProjectWebpages::instance(), ACCESS_LEVEL_READ, logged_user()) . ')'; if ($project instanceof Project) { $pids = $project->getAllSubWorkspacesCSV(true); $project_str = " AND " . self::getWorkspaceString($pids); } else { $project_str = ""; } if ($archived) { $archived_cond = " AND `archived_by_id` <> 0"; } else { $archived_cond = " AND `archived_by_id` = 0"; } $conditions = $tagstr . $permission_str . $project_str . $archived_cond; return ProjectWebpages::paginate(array("conditions" => $conditions, 'order' => DB::escapeField($orderBy) . " {$orderDir}"), config_option('files_per_page', 10), $page); // paginate }
/** * Return number of rows in this table * * @access public * @param string $conditions Query conditions * @return integer */ function count($conditions = null) { // Don't do COUNT(*) if we have one PK column $escaped_pk = is_array($pk_columns = $this->getPkColumns()) ? '*' : DB::escapeField($pk_columns); $conditions = $this->prepareConditions($conditions); $where_string = trim($conditions) == '' ? '' : "WHERE {$conditions}"; $row = DB::executeOne("\r\n \tSELECT COUNT({$escaped_pk}) AS 'row_count' \r\n \tFROM " . $this->getTableName(true) . " e\r\n \tINNER JOIN " . TABLE_PREFIX . "objects o ON o.id = e.object_id \r\n {$where_string} "); return (int) array_var($row, 'row_count', 0); }
function db_escape_field($field) { return DB::escapeField($field); }
/** * Return table name. Options include adding table prefix in front of table name (true by * default) and escaping resulting name, usefull for using in queries (false by default) * * @access public * @param boolean $escape Return escaped table name * @param boolean $with_prefix Include table prefix. This functionality is added when * installer was built so user can set custom table prefix, not default 'pm_' * @return string */ function getTableName($escape = false, $with_prefix = true) { $table_prefix = $with_prefix ? TABLE_PREFIX : ""; if (defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX) $table_prefix = FORCED_TABLE_PREFIX; $table_name = $table_prefix . $this->table_name; return $escape ? DB::escapeField($table_name) : $table_name; } // end func getTableName
/** * Return number of company users * * @access public * @param void * @return integer */ function countUsers() { $users_table = Users::instance()->getTableName(true); $contacts_table = Contacts::instance()->getTableName(true); $escaped_pk = is_array($pk_columns = Companies::getPkColumns()) ? '*' : DB::escapeField($pk_columns); $users = array(); $sql = "SELECT COUNT({$users_table}.{$escaped_pk}) AS 'row_count' FROM {$users_table}, {$contacts_table} WHERE ({$users_table}.`id` = {$contacts_table}.`user_id` AND {$contacts_table}.`company_id` = " . DB::escape($this->getId()) . " )"; $row = DB::executeOne($sql); return (int) array_var($row, 'row_count', 0); }
/** * This validator will return true if $value is unique (there is no row with such value in that field) * * @access public * @param string $field Filed name * @param mixed $value Value that need to be checked * @return boolean */ function validateUniquenessOf() { // Don't do COUNT(*) if we have one PK column $escaped_pk = is_array($pk_columns = $this->getPkColumns()) ? '*' : DB::escapeField($pk_columns); // Get columns $columns = func_get_args(); if (!is_array($columns) || count($columns) < 1) { return true; } // Check if we have existsing columns foreach ($columns as $column) { if (!$this->columnExists($column)) { return false; } } // foreach // Get where parets $where_parts = array(); foreach ($columns as $column) { $where_parts[] = DB::escapeField($column) . ' = ' . DB::escape($this->getColumnValue($column)); } // if // If we have new object we need to test if there is any other object // with this value. Else we need to check if there is any other EXCEPT // this one with that value if ($this->isNew()) { $sql = sprintf("SELECT COUNT({$escaped_pk}) AS 'row_count' FROM %s WHERE %s", $this->getTableName(true), implode(' AND ', $where_parts)); } else { // Prepare PKs part... $pks = $this->getPkColumns(); $pk_values = array(); if (is_array($pks)) { foreach ($pks as $pk) { $pk_values[] = sprintf('%s <> %s', DB::escapeField($pk), DB::escape($this->getColumnValue($pk))); } // foreach } else { $pk_values[] = sprintf('%s <> %s', DB::escapeField($pks), DB::escape($this->getColumnValue($pks))); } // if // Prepare SQL $sql = sprintf("SELECT COUNT({$escaped_pk}) AS 'row_count' FROM %s WHERE (%s) AND (%s)", $this->getTableName(true), implode(' AND ', $where_parts), implode(' AND ', $pk_values)); } // if $row = DB::executeOne($sql); return array_var($row, 'row_count', 0) < 1; }
/** * Drop all tasks that are in this list * * @access public * @param void * @return boolean */ function deleteTasks() { return ProjectTasks::delete(DB::escapeField('task_list_id') . ' = ' . DB::escape($this->getId())); }
/** * Return table name. Options include adding table prefix in front of table name (true by * default) and escaping resulting name, usefull for using in queries (false by default) * * @access public * @param boolean $escape Return escaped table name * @param boolean $with_prefix Include table prefix. This functionality is added when * installer was built so user can set custom table prefix, not default 'pm_' * @return string */ function getTableName($escape = false, $with_prefix = true) { $table_name = $with_prefix ? TABLE_PREFIX . $this->table_name : $this->table_name; return $escape ? DB::escapeField($table_name) : $table_name; }
/** * Drop all tasks that are in this list * * @access public * @param void * @return boolean */ function deleteSubTasks() { return TemplateTasks::delete(DB::escapeField('parent_id') . ' = ' . DB::escape($this->getId())); }
function get_contacts_for_selector() { ajx_current("empty"); $name_condition = ""; $name_filter = trim(array_var($_REQUEST, 'query')); if ($name_filter != "") { $name_condition = " AND o.name LIKE '%{$name_filter}%'"; } // by default list only contacts $type_condition = " AND is_company=0"; $extra_conditions = ""; if ($filters = array_var($_REQUEST, 'filters')) { $filters = json_decode($filters, true); foreach ($filters as $col => $val) { if (Contacts::instance()->columnExists($col)) { $extra_conditions .= " AND " . DB::escapeField($col) . " = " . DB::escape($val); } else { if ($col == 'is_user') { $extra_conditions .= " AND `user_type`" . ($val == 1 ? " > 0" : " = 0"); } else { if ($col == 'has_permissions') { $extra_conditions .= " AND `user_type`>0 AND EXISTS(\r\n\t\t\t\t\t\t\tSELECT * FROM " . TABLE_PREFIX . "contact_member_permissions cmp\r\n\t\t\t\t\t\t\tWHERE cmp.permission_group_id IN (SELECT x.permission_group_id FROM " . TABLE_PREFIX . "contact_permission_groups x WHERE x.contact_id=o.id)\r\n\t\t\t\t\t\t\t\tAND cmp.member_id='{$val}'\r\n\t\t\t\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT tp.object_type_id FROM " . TABLE_PREFIX . "tab_panels tp WHERE tp.enabled=0)\r\n\t\t\t\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT oott.id FROM " . TABLE_PREFIX . "object_types oott WHERE oott.name IN ('comment','template'))\r\n\t\t\t\t\t\t\t\tAND cmp.object_type_id IN (SELECT oott2.id FROM " . TABLE_PREFIX . "object_types oott2 WHERE oott2.type IN ('content_object','dimension_object'))\r\n\t\t\t\t\t\t)"; } else { if ($col == 'only_companies') { if ($val == 1) { $type_condition = " AND is_company=1"; } } else { if ($col == 'include_companies') { if ($val == 1) { $type_condition = ""; } } } } } } } } if ($plugin_filters = array_var($_REQUEST, 'plugin_filters')) { $plugin_filters = json_decode($plugin_filters, true); $plugin_conditions = ""; Hook::fire('contact_selector_plugin_filters', $plugin_filters, $plugin_conditions); $extra_conditions .= $plugin_conditions; } $info = array(); $pg_ids = logged_user()->getPermissionGroupIds(); if (count($pg_ids) > 0) { $permissions_condition = " AND (o.id=" . logged_user()->getId() . " OR EXISTS (SELECT sh.object_id FROM " . TABLE_PREFIX . "sharing_table sh WHERE sh.object_id=o.id AND group_id IN (" . implode(',', $pg_ids) . ")))"; $conditions = "o.trashed_by_id=0 AND o.archived_by_id=0 {$name_condition} {$permissions_condition} {$type_condition} {$extra_conditions}"; $query_params = array('condition' => $conditions, 'order' => 'o.name ASC'); $count = Contacts::count($conditions); $limit = 30; $query_params['limit'] = $limit; $contacts = Contacts::findAll($query_params); foreach ($contacts as $c) { $info[] = array("id" => $c->getId(), "name" => $c->getObjectName()); } if ($name_filter == "" && $count >= $limit) { //$info[] = array('id' => -1, 'name' => lang('write the first letters of the name or surname of the person to select')); $info[] = array('id' => -2, 'name' => '<a href="#" class="db-ico ico-expand" style="color:blue;text-decoration:underline;padding-left:20px;">' . lang('show more') . '</a>'); } } ajx_extra_data(array('contacts' => $info)); }
/** * Drop all tasks that are in this list * * @access public * @param void * @return boolean */ function deleteHandins() { $q = DB::escapeField('rel_object_id') . ' = ' . DB::escape($this->getId()) . ' AND ' . DB::escapeField('rel_object_manager') . ' = ' . DB::escape(get_class($this->manager())); return ObjectHandins::delete($q); }