public function source($slug, $page) { $slug = Fari_Escape::text($slug); $paginator = new Fari_Paginator(5, 3); $this->view->paginator = $paginator->select($page, 'kb', '*', array('sourceSlug' => $slug), 'date DESC'); $this->view->title = Fari_Db::selectRow('hierarchy', 'value, slug', array('slug' => $slug, 'type' => 'source')); $this->view->browse = 'source'; $this->view->display('browse'); }
public function create() { if (!Fari_User::isAuthenticated('realname')) { Fari_Message::fail('You need to authenticate first'); $this->redirect('/blog/login/'); } else { // are we saving updates? if (!empty($_POST['name'])) { $name = Fari_Escape::text($_POST['name']); $text = Fari_Escape::quotes($_POST['text']); $slug = Fari_Escape::slug($_POST['name']); // check article title uniqueness $result = Fari_Db::selectRow('articles', 'id', array('slug' => $slug)); if (empty($result)) { Fari_Db::insert('articles', array('text' => $text, 'slug' => $slug, 'name' => $name, 'status' => $_POST['status'], 'published' => time())); Fari_Message::success('Article \'' . $name . '\' saved.'); $this->redirect('/blog/edit/' . $slug); } else { Fari_Message::fail('Article name \'' . $name . '\' is not unique'); } } // pickup messages for us $this->view->messages = Fari_Message::get(); // fill back on fail $this->view->article = array('name' => $_POST['name'], 'text' => $_POST['text']); $this->view->display('/themes/' . BLOG_THEME . '/new'); } }
/** * Check if user is in a specified role. * Method is_authenticated() should have been called at this point. * @uses 'role' in 'users' table * * @param string $userRole (e.g., admin) * @param string $credentials Optionally specify which column to use for credentials * @return boolean TRUE if user is in a role */ public static function isInRole($userRole, $credentialsColumn = 'username') { @($unsafe = self::getCredentials()); // get credentials string if (isset($unsafe)) { //escape input $credentials = Fari_Escape::text($unsafe); // select a matching row from a table $whereClause = array($credentialsColumn => $credentials); $user = Fari_Db::selectRow('users', 'role', $whereClause); // check that user satisfies a role if ($user['role'] === $userRole) { unset($user); return TRUE; } } return FALSE; }
public function index($param) { // are we saving? if ($_POST) { $success = TRUE; // save categories, sources & types $category = Fari_Escape::text($_POST['category']); $categorySlug = Fari_Escape::slug($category); $source = Fari_Escape::text($_POST['source']); $sourceSlug = Fari_Escape::slug($source); $type = Fari_Escape::text($_POST['type']); $typeSlug = Fari_Escape::slug($type); if (empty($category)) { Fari_Message::fail('The category can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $category, 'type' => 'category')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $category, 'slug' => $categorySlug, 'type' => 'category')); } } if (empty($source)) { Fari_Message::fail('The source can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $source, 'type' => 'source')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $source, 'slug' => $sourceSlug, 'type' => 'source')); } } if (empty($type)) { Fari_Message::fail('The category can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $type, 'type' => 'type')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $type, 'type' => 'type')); } } if ($success) { $title = Fari_Escape::text($_POST['title']); if (empty($title)) { Fari_Message::fail('The title can\'t be empty.'); } else { $slug = Fari_Escape::slug($_POST['title']); // unique slug/title $result = Fari_Db::selectRow('kb', 'id', array('slug' => $slug)); if (!empty($result)) { Fari_Message::fail('The title is not unique.'); } else { $text = Fari_Escape::quotes($_POST['textarea']); // convert title & main text to its stems and add lowercase originals better matches) $titleStems = Knowledge::stems($title) . ' ' . strtolower($title); $stems = Knowledge::stems($text) . ' ' . strtolower($text); $tags = Fari_Escape::text($_POST['tags']); $category = Fari_Escape::text($_POST['category']); $source = Fari_Escape::text($_POST['source']); $type = Fari_Escape::text($_POST['type']); $comments = Fari_Escape::text($_POST['comments']); $date = Fari_Escape::text($_POST['date']); // date if (!Fari_Filter::isDate($date)) { Fari_Message::fail('The date is not in the correct format.'); } else { // INSERT Fari_Db::insert('kb', array('title' => $title, 'slug' => $slug, 'text' => $text, 'tags' => $tags, 'category' => $category, 'categorySlug' => $categorySlug, 'source' => $source, 'sourceSlug' => $sourceSlug, 'type' => $type, 'stems' => $stems, 'comments' => $comments, 'date' => $date, 'titleStems' => $titleStems, 'starred' => 'empty')); Fari_Message::success('Saved successfully.'); $this->redirect('/text/edit/' . $slug); die; } } } } } // fetch categories, sources & types $this->view->categories = $categories = Fari_Db::select('hierarchy', 'key, value', array('type' => 'category'), 'slug ASC'); $this->view->sources = $sources = Fari_Db::select('hierarchy', 'key, value', array('type' => 'source'), 'slug ASC'); $this->view->types = $types = Fari_Db::select('hierarchy', 'key, value', array('type' => 'type'), 'value ASC'); // form if save failed... $this->view->saved = $_POST; // get all messages $this->view->messages = Fari_Message::get(); $this->view->display('new'); }
public function star($slug) { $result = Fari_Db::selectRow('kb', '*', array('slug' => $slug)); if (empty($result)) { // text not found $this->redirect('/error404'); die; } // switch the star for the text we have already fetched & update in the db if ($result['starred'] == 'full') { $result['starred'] = 'empty'; // switch in the current set Fari_Db::update('kb', array('starred' => 'empty'), array('id' => $result['id'])); } else { $result['starred'] = 'full'; // switch in the current set Fari_Db::update('kb', array('starred' => 'full'), array('id' => $result['id'])); } // return back header('Location: ' . $_SERVER['HTTP_REFERER']); }