function dumpChildren($listhidden = 1, $parent_title = '', $root = 1, $slug = '') { $tablename = TABLE_PREFIX . 'page'; if ($slug != '') { $slug = $slug . '/'; } if ($parent_title != '') { $parent_title = $parent_title . '/'; } $sql = "SELECT title,slug FROM {$tablename} WHERE id='{$root}' AND " . ($listhidden ? "(status_id='100' OR (status_id='101' AND is_protected='0'))" : "status_id='100'") . ' ORDER BY title ASC'; $PDO = Record::getConnection(); $PDO->exec("set names 'utf8'"); $settings = array(); $stmt = $PDO->prepare($sql); $stmt->execute(); while ($result = $stmt->fetchObject()) { if ($root > 1) { echo ','; } echo '["' . ($result->title == '' ? '' : $parent_title . $result->title) . '", "' . URL_PUBLIC . ($result->slug == '' ? '' : $slug . $result->slug . URL_SUFFIX) . '"]'; $slug = $slug . $result->slug; $parent_title = $parent_title . $result->title; } $query = "SELECT id FROM {$tablename} WHERE parent_id='{$root}' AND " . ($listhidden ? "(status_id='100' OR (status_id='101' AND is_protected='0'))" : "status_id='100'") . ' ORDER BY title ASC'; $stmt = $PDO->prepare($query); $stmt->execute(); while ($result = $stmt->fetchObject()) { dumpChildren($listhidden, $parent_title, $result->id, $slug); } }
/** * Tagger Utilities */ function executioner($file_path, $params = array()) { $PDO = Record::getConnection(); // Temporary variable, used to store current query $sql = ''; // Read in entire file $lines = $file_path; // Loop through each line foreach ($lines as $line) { // Skip it if it's a comment if (substr($line, 0, 2) == '--' || $line == '') { continue; } // Add this line to the current segment $sql .= $line; // If it has a semicolon at the end, it's the end of the query if (substr(trim($line), -1, 1) == ';') { // Perform the query if (!empty($params)) { $sql = str_replace(array_keys($params), $params, $sql); } $PDO->exec($sql) or die('Error performing query \'<strong>' . $sql . '\': ' . mysql_error() . '<br /><br />'); // Reset temp variable to empty $sql = ''; } } }
public function pagesByTag($params = false) { $pdoConn = Record::getConnection(); if (!$params) { $params = $this->params; } $pages = array(); $tag_unslugified = unslugify(isset($params[0]) ? $params[0] : NULL); $tag = isset($params[0]) ? $params[0] : NULL; $where = " WHERE page.id = page_tag.page_id AND page_tag.tag_id = tag.id AND ((tag.name = '{$tag}') OR (tag.name = '{$tag_unslugified}'))" . " AND page.status_id != " . Page::STATUS_HIDDEN . " AND page.status_id != " . Page::STATUS_DRAFT . " ORDER BY page.created_on DESC"; // Count rows in table $sql_count = "SELECT count(*) FROM " . TABLE_PREFIX . "page AS page, " . TABLE_PREFIX . "page_tag AS page_tag, " . TABLE_PREFIX . "tag AS tag" . $where; $query = $pdoConn->query($sql_count); if ($query->fetchColumn() > 0) { $sql = "SELECT page.* FROM " . TABLE_PREFIX . "page AS page, " . TABLE_PREFIX . "page_tag AS page_tag, " . TABLE_PREFIX . "tag AS tag" . $where; $stmt = $pdoConn->prepare($sql); $stmt->execute(); while ($object = $stmt->fetchObject()) { $page = new PageTagger($object); // assignParts $page->part = Page::get_parts($page->id); $pages[] = $page; } } else { return false; } return $pages; }
function select_album() { $sql = "SELECT * FROM ssp_albums"; $query = Record::getConnection()->query($sql); $albums = $query->fetchAll(); foreach ($albums as $album) { echo '<option value="' . $album['id'] . '">' . $album['name'] . '</option>'; } }
function dashboard_events_widget_uninstall() { $conn = Record::getConnection(); if ($conn->exec("DROP TABLE IF EXISTS " . TABLE_PREFIX . "dashboard_log") === false) { Flash::set("error", __("Unable to drop table dashboard_log")); redirect(get_url("setting")); die; } }
public function albums() { $sql = "SELECT * FROM ssp_images WHERE did = " . $this->id; $query = Record::getConnection()->query($sql); $results = $query->fetchAll(); $albums = array(); foreach ($results as $album) { $albums[] = new SSP_Album($album['id']); } return $albums; }
public function images() { $sql = "SELECT * FROM ssp_images WHERE aid = " . $this->id . " ORDER BY seq ASC"; $query = Record::getConnection()->query($sql); $results = $query->fetchAll(); $images = array(); foreach ($results as $img) { $images[] = new SSP_Image($img['id']); } return $images; }
function index() { $pdo = Record::getConnection(); if ('mysql' == $pdo->getAttribute(PDO::ATTR_DRIVER_NAME)) { /* Queries for MySQL */ $this->display('dashboard/views/index', array('log_entry_today' => Record::findAllFrom('DashboardLogEntry', 'created_on > CURRENT_DATE() ORDER BY created_on DESC'), 'log_entry_yesterday' => Record::findAllFrom('DashboardLogEntry', 'created_on > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY) AND created_on < CURRENT_DATE() ORDER BY created_on DESC'), 'log_entry_older' => Record::findAllFrom('DashboardLogEntry', 'created_on < DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY) AND created_on > DATE_SUB(CURRENT_DATE(), INTERVAL 3 MONTH) ORDER BY created_on DESC'))); } else { /* Otherwise assume SQLite */ $this->display('dashboard/views/index', array('log_entry_today' => Record::findAllFrom('DashboardLogEntry', "created_on > DATE('now') ORDER BY created_on DESC"), 'log_entry_yesterday' => Record::findAllFrom('DashboardLogEntry', "created_on > DATE('now', 'start of day', '-1 day') AND created_on < DATE('now', 'start of day') ORDER BY created_on DESC"), 'log_entry_older' => Record::findAllFrom('DashboardLogEntry', "created_on < DATE('now', 'start of day', '-1 day') ORDER BY created_on DESC"))); } }
function checkOld() { $tablename = TABLE_PREFIX . 'ckeditor'; $PDO = Record::getConnection(); $sql = "SELECT COUNT(*) FROM {$tablename}"; $result = $PDO->query($sql); if ($result != null) { $result->closeCursor(); return true; } else { return false; } }
function clear() { // TODO: replace this in future by Record's deleteAll routine. $pdo = Record::getConnection(); $driver = $pdo->getAttribute(PDO::ATTR_DRIVER_NAME); if ($driver == 'mysql' || $driver == 'pgsql') { $sql = 'TRUNCATE ' . Record::tableNameFromClassName('DashboardLogEntry'); } if ($driver == 'sqlite') { $sql = 'DELETE FROM ' . Record::tableNameFromClassName('DashboardLogEntry'); } $pdo->exec($sql); redirect(get_url('plugin/dashboard/')); }
public function __construct($id = null) { if ($id !== null) { $sql = "SELECT * FROM wolf_ssp WHERE id=" . $id; $query = Record::getConnection()->query($sql); $bool = array('show_thumbnails', 'show_indicators', 'random', 'pause_on_hover', 'include_style'); if ($ss = $query->fetch()) { foreach ($ss as $k => $v) { if (in_array($k, $bool)) { $v = $v == 1 ? true : false; } $this->{$k} = $v; } } if ($this->show_thumbnails) { $this->show_indicators = false; } $this->elid = 'ssp_slideshow_' . $this->id; if ($this->transition === null) { $this->transition = 'none'; } } $album = new SSP_Album($this->aid); $i = 0; $this->slides = ''; foreach ($album->images() as $img) { $this->slides .= $img->slide('slide' . $i); $i++; } $thumbnails = ''; $i = 0; foreach ($album->images() as $img) { $this->thumbnails .= '<button id="btn' . $i . '" class="thumbnail'; if ($i == 0) { $this->thumbnails .= ' active'; } $this->thumbnails .= '" data-img="' . $img->src . '" onclick="goToSlide(' . $i . ', false);return false;">' . $i . '</button>'; $i++; } $indicators = ''; $i = 0; foreach ($album->images() as $img) { $this->indicators .= '<button id="btn' . $i . '" class="indicator'; if ($i == 0) { $this->indicators .= ' active'; } $this->indicators .= '" onclick="goToSlide(' . $i . ', false);return false;">' . $i . '</button>'; $i++; } }
public function __construct($id) { $settings = Plugin::getAllSettings('ssp'); $this->id = $id; $sql = "SELECT * FROM ssp_images WHERE id=" . $id; $query = Record::getConnection()->query($sql); $image = $query->fetch(); foreach ($image as $k => $v) { $this->{$k} = $v; } $this->src = URL_PUBLIC . $settings['path'] . DS . "albums" . DS . "album-" . $this->aid . DS . "lg" . DS . $this->src; if (!(strpos('http://', $this->link) > -1) && $this->link[0] !== '/' && isset($this->link)) { $this->link = 'http://' . $this->link; } }
/** * Presents browser with a custom 404 page. */ function behavior_page_not_found() { $sql = 'SELECT * FROM ' . TABLE_PREFIX . "page WHERE behavior_id='page_not_found'"; $stmt = Record::getConnection()->prepare($sql); $stmt->execute(); $page = $stmt->fetchObject(); if ($page) { $page = Page::find_page_by_uri($page->slug); if (is_object($page)) { header("HTTP/1.0 404 Not Found"); header("Status: 404 Not Found"); $page->_executeLayout(); exit; // need to exit otherwise true error page will be sent } } }
public function __construct($id = null) { if ($id !== null) { $sql = "SELECT * FROM wolf_ssp WHERE id=" . $id; $query = Record::getConnection()->query($sql); $bool = array('show_indicators', 'random', 'pause_on_hover', 'include_style'); if ($ss = $query->fetch()) { foreach ($ss as $k => $v) { if (in_array($k, $bool)) { $v = $v == 1 ? true : false; } $this->{$k} = $v; } } $this->elid = 'ssp_slideshow_' . $this->id; } }
public function add_category() { $this->_checkPermission(); $category_name = $_POST['category_name']; if (empty($_POST['category_name'])) { Flash::set('error', __('You have to specify a category title!')); redirect(get_url('news')); } $sql = "Insert into " . TABLE_PREFIX . "newscategory VALUES(0,'" . addslashes($category_name) . "','0','1','" . date("Y-m-d") . "', '', " . AuthUser::getId() . ", '')"; Record::query($sql); $PDO = Record::getConnection(); $last_id = $PDO->lastInsertId(); //Create album folder $album_dir = FILES_DIR . '/news/images/' . $last_id; if (mkdir($album_dir)) { chmod($album_dir, 0777); } Flash::set('success', __('News category has been created.')); redirect(get_url('news')); }
function CKEditorGetConfigs($key = null) { $tablename = TABLE_PREFIX . 'plugin_settings'; try { $PDO = new PDO(DB_DSN, DB_USER, DB_PASS); if ($PDO->getAttribute(PDO::ATTR_DRIVER_NAME) == 'mysql') { $PDO->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true); } } catch (PDOException $error) { try { require_once substrtruncate($_SERVER['SCRIPT_FILENAME'], '/plugins') . '/libraries/DoLite.php'; $PDO = new DoLite(DB_DSN, DB_USER, DB_PASS); } catch (PDOException $error) { die('DB Connection failed: ' . $error->getMessage()); } } Record::connection($PDO); $PDO = Record::getConnection(); $PDO->exec("set names 'utf8'"); $sql = "SELECT name,value FROM {$tablename} WHERE plugin_id='ckeditor'"; $settings = array(); $stmt = $PDO->prepare($sql); $stmt->execute(); while ($obj = $stmt->fetchObject()) { $settings[$obj->name] = $obj->value; } // language setting /**/ AuthUser::load(); $settings['editorLanguage'] = AuthUser::getRecord()->language; /**/ if ($settings) { if ($key && in_array($key, $settings)) { return $settings[$key]; } else { // return all return $settings; } } return false; }
function checkfordb() { global $__FROG_CONN__; $PDO = Record::getConnection(); return $PDO->exec("SELECT version FROM " . TABLE_PREFIX . "registered_users_temp") !== false; }
/* Security measure */ if (!defined('IN_CMS')) { exit; } /** * The Comment plugin provides an interface to enable adding and moderating page comments. * * @package Plugins * @subpackage comment * * @author Philippe Archambault <*****@*****.**> * @author Martijn van der Kleijn <*****@*****.**> * @copyright Philippe Archambault & Martijn van der Kleijn, 2008 * @license http://www.gnu.org/licenses/gpl.html GPLv3 license */ $PDO = Record::getConnection(); $driver = strtolower($PDO->getAttribute(Record::ATTR_DRIVER_NAME)); // Setup table structure if ($driver == 'mysql') { $PDO->exec("CREATE TABLE " . TABLE_PREFIX . "comment (\n\t id int(11) unsigned NOT NULL auto_increment,\n\t page_id int(11) unsigned NOT NULL default '0',\n\t body text,\n\t author_name varchar(50) default NULL,\n\t author_email varchar(100) default NULL,\n\t author_link varchar(100) default NULL,\n ip char(100) NOT NULL default '0',\n\t is_approved tinyint(1) unsigned NOT NULL default '1',\n\t created_on datetime default NULL,\n\t PRIMARY KEY (id),\n\t KEY page_id (page_id),\n\t KEY created_on (created_on)\n\t) ENGINE=MyISAM DEFAULT CHARSET=utf8"); $PDO->exec("ALTER TABLE " . TABLE_PREFIX . "page ADD comment_status tinyint(1) NOT NULL default '0' AFTER status_id"); } else { if ($driver == 'sqlite') { $PDO->exec("CREATE TABLE comment (\n id INTEGER NOT NULL PRIMARY KEY,\n page_id int(11) NOT NULL default '0',\n body text ,\n author_name varchar(50) default NULL ,\n author_email varchar(100) default NULL ,\n author_link varchar(100) default NULL ,\n ip char(100) NOT NULL default '0' ,\n is_approved tinyint(1) NOT NULL default '1' ,\n created_on datetime default NULL\n )"); $PDO->exec("CREATE INDEX comment_page_id ON comment (page_id)"); $PDO->exec("CREATE INDEX comment_created_on ON comment (created_on)"); $PDO->exec("ALTER TABLE page ADD comment_status tinyint(1) NOT NULL default '0'"); } else { if ($driver == 'pgsql') { $PDO->exec("CREATE TABLE " . TABLE_PREFIX . "comment (\n id serial,\n page_id integer NOT NULL DEFAULT 0,\n body text,\n author_name character varying(50) DEFAULT NULL,\n author_email character varying(100) DEFAULT NULL,\n author_link character varying(100) DEFAULT NULL,\n ip char(100) NOT NULL default '0',\n is_approved integer NOT NULL default 1,\n created_on timestamp DEFAULT NULL,\n PRIMARY KEY (id)\n )"); $PDO->exec("CREATE INDEX comment_page_id ON comment (page_id)");
public function createalbum() { $this->_checkPermission(); $album_name = $_POST['album_name']; $sequence = $_POST['sequence']; $page_id = $_POST['page_id']; if ($album_name != "") { Record::query("Insert into " . TABLE_PREFIX . "album VALUES(0,'" . (int) $page_id . "','" . addslashes($album_name) . "','1','" . $sequence . "','" . date("Y-m-d") . "')"); if (isset($_FILES)) { $PDO = Record::getConnection(); $last_id = $PDO->lastInsertId(); //Create album folder $album_dir = FILES_DIR . '/gallery/images/' . $last_id; if (mkdir($album_dir)) { chmod($album_dir, 0777); } } Flash::set('success', __('Album has been created.')); } else { Flash::set('error', __('Album name is empty.')); } redirect(get_url('gallery')); }
private function executeFrontendLayout() { $sql = 'SELECT content_type, content FROM ' . TABLE_PREFIX . 'layout WHERE name = ' . "'{$this->frontend_layout}'"; Record::logQuery($sql); $stmt = Record::getConnection()->prepare($sql); $stmt->execute(); $layout = $stmt->fetchObject(); if ($layout) { // If content-type is not set, we set text/html by default. if ($layout->content_type == '') { $layout->content_type = 'text/html'; } // Set content-type and charset of the page. header('Content-Type: ' . $layout->content_type . '; charset=UTF-8'); // Provides compatibility with the Page class. // @todo Find cleaner way of doing multiple inheritance $this->url = CURRENT_PATH; // Execute the layout code. eval('?>' . $layout->content); } }
/* * Dashboard - Wolf CMS dashboard plugin * * Copyright (c) 2011 Martijn van der Kleijn <*****@*****.**> * Copyright (c) 2008-2011 Mika Tuupola * * Licensed under the MIT license: * http://www.opensource.org/licenses/mit-license.php * */ /* Prevent direct access. */ if (!defined('IN_CMS')) { exit; } $pdo = Record::getConnection(); $driver = $pdo->getAttribute(PDO::ATTR_DRIVER_NAME); $table = TABLE_PREFIX . "dashboard_log"; /* MySQL schema */ if ($driver == 'mysql') { $pdo->exec("CREATE TABLE {$table} (\n id INT(11) NOT NULL AUTO_INCREMENT,\n ident CHAR(16) NOT NULL,\n priority INT NOT NULL,\n message VARCHAR(255),\n username VARCHAR(64),\n created_on DATETIME DEFAULT NULL,\n PRIMARY KEY (id)\n ) DEFAULT CHARSET=utf8"); } /* SQLite schema */ if ($driver == 'sqlite') { $pdo->exec("CREATE TABLE {$table} (\n id INTEGER PRIMARY KEY AUTOINCREMENT,\n ident CHAR(16) NOT NULL,\n priority INT NOT NULL,\n message VARCHAR(255),\n username VARCHAR(64),\n created_on DATETIME DEFAULT NULL\n )"); } /* PostgreSQL schema */ if ($driver == 'pgsql') { $pdo->exec("CREATE TABLE {$table} (\n id serial,\n ident character varying(16) NOT NULL,\n priority integer NOT NULL,\n message character varying(255),\n username character varying(64),\n created_on timestamp DEFAULT NULL,\n PRIMARY KEY (id)\n )"); $pdo->exec("ALTER SEQUENCE {$table} id_seq RESTART WITH 1"); }
* @package frog * @subpackage plugin.sqlite3 * * @author Philippe Archambault <*****@*****.**> * @version 1.0 * @since Frog version 0.9.1 * @license http://www.gnu.org/licenses/gpl.html GPL License * @copyright Philippe Archambault, 2008 */ /** * */ if (class_exists('PDO', false)) { Plugin::setInfos(array('id' => 'sqlite3', 'title' => 'SQLite 3', 'description' => 'Provides function to run Frog CMS with SQLite 3 database.', 'version' => '1.0.0', 'website' => 'http://www.madebyfrog.com/', 'update_url' => 'http://www.madebyfrog.com/plugin-versions.xml')); // adding function date_format to sqlite 3 'mysql date_format function' if (!function_exists('mysql_date_format_function')) { function mysql_function_date_format($date, $format) { return strftime($format, strtotime($date)); } } if (isset($GLOBALS['__FROG_CONN__'])) { if ($GLOBALS['__FROG_CONN__']->getAttribute(PDO::ATTR_DRIVER_NAME) == 'sqlite') { $GLOBALS['__FROG_CONN__']->sqliteCreateFunction('date_format', 'mysql_function_date_format', 2); } else { if (Record::getConnection()->getAttribute(Record::ATTR_DRIVER_NAME) == 'sqlite') { Record::getConnection()->sqliteCreateFunction('date_format', 'mysql_function_date_format', 2); } } } }
} ?> <h1>SlideShow Pro Settings</h1> <?php if (isset($_POST['ssp_path'])) { $sql = ''; foreach ($_POST as $k => $v) { $sql .= "UPDATE " . TABLE_PREFIX . "plugin_settings SET "; if ($v == null) { $v = 'NULL'; } else { $v = is_numeric($v) ? intval($v) : "'" . $v . "'"; } $sql .= "value = " . $v . " WHERE name='" . $k . "' AND plugin_id='ssp'; "; } if (Record::getConnection()->query($sql)) { echo 'Settings saved'; } else { echo '<p>Settings could not be saved</p><p>' . $sql . '</p>'; } unset($_POST); } ?> <form name="ssp_settings" action="" method="post" id="ssp_settings"> <label for="ssp_path">Slideshow Pro install path:</label> <input type="text" placeholder="'/ssp_director'" name="ssp_path" value="<?php if (isset($ssp_path)) { echo $ssp_path; } ?>
/** * Display tags on a page * * @since 1.4.0 * @param string booleon booleon */ public static function render($option = array()) { // Tag settings from database $tag_setting_type = Plugin::getSetting('tag_type', 'tagger'); $tag_setting_case = Plugin::getSetting('case', 'tagger'); // Tag display $tag_type = array_key_exists('type', $option) ? $option['type'] : $tag_setting_type; $tag_case = array_key_exists('case', $option) ? $option['case'] : $tag_setting_case; // Setting Sort order, Limit, Parent and Tagger page if selected $limit_set = array_key_exists('limit', $option) ? " LIMIT 0, {$option['limit']}" : NULL; $parent = array_key_exists('parent', $option) ? " AND page.parent_id = {$option['parent']}" : NULL; $tagger_page = array_key_exists('tagger_page', $option) ? $option['tagger_page'] : NULL; $tpl = array_key_exists('tagger_tpl', $option) ? $option['tagger_tpl'] : NULL; $order_by = array_key_exists('order_by', $option) && $option['order_by'] == 'count' ? ' ORDER BY count DESC' : NULL; $sql = 'SELECT name, count FROM ' . TABLE_PREFIX . 'tag AS tag, ' . TABLE_PREFIX . 'page AS page, ' . TABLE_PREFIX . 'page_tag AS page_tag' . ' WHERE tag.id = page_tag.tag_id AND page_tag.page_id = page.id AND page.status_id != ' . Page::STATUS_HIDDEN . ' AND' . ' page.status_id != ' . Page::STATUS_DRAFT . $parent . ' GROUP BY tag.id' . $order_by . $limit_set; $stmt = Record::getConnection()->prepare($sql); $stmt->execute(); // Putting Tags into a array while ($tag = $stmt->fetchObject()) { $tags[$tag->name] = $tag->count; } if (isset($tags)) { // Sort array uksort($tags, 'cmpVals'); switch ($tag_type) { case "cloud": $max_size = 28; // max font size in pixels $min_size = 10; // min font size in pixels // largest and smallest array values $max_qty = max(array_values($tags)); $min_qty = min(array_values($tags)); // find the range of values $spread = $max_qty - $min_qty; if ($spread == 0) { $spread = 1; } // set the font-size increment $step = ($max_size - $min_size) / $spread; if ($tpl) { eval('?>' . self::tpl($tpl)); } else { echo '<ul class="tagger">'; foreach ($tags as $key => $value) { // calculate font-size, find the $value in excess of $min_qty, multiply by the font-size increment ($size) and add the $min_size set above $size = round($min_size + ($value - $min_qty) * $step); $key_case = $tag_case == "1" ? ucfirst($key) : strtolower($key); $url = self::tag_url($tagger_page) . slugify($key) . URL_SUFFIX; echo sprintf('<li style="display: inline; border: none;"><a href="%s" style="display: inline; border: none; font-size: %spx; padding: 2px" title="%s things tagged with %s">%s</a></li>' . "\r\n", $url, $size, $value, $key, htmlspecialchars_decode($key_case)); } echo '</ul>'; } break; case "count": if ($tpl) { eval('?>' . self::tpl($tpl)); } else { echo '<ul class="tagger">'; foreach ($tags as $key => $value) { $key_case = $tag_case == "1" ? ucfirst($key) : strtolower($key); $url = self::tag_url($tagger_page) . slugify($key) . URL_SUFFIX; echo sprintf('<li><a href="%s" title="%s things tagged with %s">%s (%s)</a></li>', $url, $value, $key, htmlspecialchars_decode($key_case), $value); } echo '</ul>'; } break; default: if ($tpl) { eval('?>' . self::tpl($tpl)); } else { echo '<ul class="tagger">'; foreach ($tags as $key => $value) { $key_case = $tag_case == 1 ? ucfirst($key) : strtolower($key); $url = self::tag_url($tagger_page) . slugify($key) . URL_SUFFIX; echo sprintf('<li><a href="%s" title="%s things tagged with %s">%s</a></li>', $url, $value, $key, htmlspecialchars_decode($key_case)); } echo '</ul>'; } break; } } }
<?php /* * Wolf CMS - Content Management Simplified. <http://www.wolfcms.org> * Copyright (C) 2008-2010 Martijn van der Kleijn <*****@*****.**> * * This file is part of Wolf CMS. Wolf CMS is licensed under the GNU GPLv3 license. * Please see license.txt for the full license text. */ /* Security measure */ if (!defined('IN_CMS')) { exit; } // Grab the connection from Wolf. $conn = Record::getConnection(); // Create the member's form table (if non-existant). This creates the fields and form structure $conn->exec("CREATE TABLE IF NOT EXISTS `member_data` (\n `MemberID` int(11) NOT NULL AUTO_INCREMENT,\n `UserID` int(11) NOT NULL,\n `FirstName` varchar(50) NOT NULL,\n `LastName` varchar(50) NOT NULL,\n `Designation` varchar(50) NULL,\n `Institution` varchar(100) NOT NULL,\n `StreetAddress` varchar(100) NOT NULL,\n `City` varchar(50) NOT NULL,\n `State` char(2) NOT NULL,\n `Zip` varchar(10) NOT NULL,\n `Country` varchar(50) NOT NULL,\n `Phone` varchar(20) NOT NULL,\n `Website` varchar(100) NULL,\n `Updated` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1;"); exit;
WHERE employee_id = "' . $employee_id . '" group by g.id ) ) same_group ON find_in_set(same_group.id, c.groups) ) same_group_company ON same_group_company.company_id=j.company_id WHERE 1=1 ' . $wherelist . ' ORDER BY job_date, job_id '; $jobs = Record::query($full_query); $stmt = Record::getConnection()->prepare($full_query); $stmt->execute(); $rowspage = 20; //number of data per page $start = $CurPage * $rowspage; $jobs_count = $stmt->rowCount(); $totalrecords = $jobs_count; $lastpage = ceil($totalrecords / $rowspage); if ($jobs_count <= $rowspage) { $lastpage = 0; } else { $lastpage = abs($lastpage - 1); } $jobs = Record::query($full_query . ' LIMIT ' . $start . ',' . $rowspage); // $jobs= Record::query($full_query); if ($jobs_count > 0) {
function validateaccount($email, $rand_key_confirm) { $rand_key = $rand_key_confirm; $PDO = Record::getConnection(); $check_validated = "SELECT * FROM " . TABLE_PREFIX . "user WHERE email='{$email}'"; $result = $PDO->prepare($check_validated); $result->execute(); $count = $result->rowCount(); if ($count > 0) { $settings = Plugin::getAllSettings("registered_users"); $met = $settings["message_error_technical"]; $message_empty_name = $settings["message_empty_name"]; $message_empty_email = $settings["message_empty_email"]; $message_empty_username = $settings["message_empty_username"]; $message_empty_password = $settings["message_empty_password"]; $message_empty_password_confirm = $settings["message_empty_password_confirm"]; $message_notvalid_password = $settings["message_notvalid_password"]; $message_notvalid_username = $settings["message_notvalid_username"]; $message_notvalid_email = $settings["message_notvalid_email"]; $message_error_already_validated = $settings["message_error_already_validated"]; echo $message_error_already_validated; } else { $today = date('Y-m-d G:i:s'); $registration_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE email='{$email}'"; foreach ($PDO->query($registration_temp) as $row) { $name = $row['name']; $email = $row['email']; $username = $row['username']; $password = $row['password']; $rand_key = $row['rand_key']; $reg_date = $row['reg_date']; $welcome_message = $row['welcome_message']; $message_notvalid_password = $row['message_notvalid_password']; } if ($rand_key_confirm == $rand_key) { // Let's transfer the user from the temp table to the user table //$update_user_table = "INSERT INTO ".TABLE_PREFIX."user (`id`,`name`,`email`,`username`,`password`,`created_on`,`updated_on`,`created_by_id`,`updated_by_id`) VALUES ('','$name','$email','$username','$password','$reg_date','$today','','');"; //$stmt = $__CMS_CONN__->prepare($update_user_table); //$stmt->execute(); $user = new User(); $user->name = $name; $user->email = $email; $user->username = $username; $user->salt = AuthUser::generateSalt(); $user->password = AuthUser::generateHashedPassword($password, $user->salt); $user->created_on = $reg_date; $user->updated_on = $today; $user->save(); // We don't need them in the temp table anymore $delete_temp_user = "******" . TABLE_PREFIX . "registered_users_temp WHERE email='{$email}'"; $stmt = $PDO->prepare($delete_temp_user); $stmt->execute(); // And let's make sure we have some permissions set so that user can then do something! // First we need the default permssion ID $def_permission = Plugin::getSetting("default_permissions", "registered_users"); // Then we need the correct user ID /*$user = "******".TABLE_PREFIX."user WHERE email='$email'"; foreach ($__CMS_CONN__->query($user) as $row) { $id = $row['id']; }*/ $id = $user->id; $set_permissions = "INSERT INTO " . TABLE_PREFIX . "user_role (`user_id`,`role_id`) VALUES ('{$id}','{$permission_id}');"; $stmt = $PDO->prepare($set_permissions); $stmt->execute(); // We also need to add the profile settings into DB $addprofile = "INSERT INTO " . TABLE_PREFIX . "user_profile (`id`,`firstlogin`,`subscribe`,`sysnotifications`,`haspic`,`profile_blurb`) VALUES ({$id},'1','1','1','0','your public profile...');"; $addprofile = $PDO->prepare($addprofile); $addprofile->execute(); echo $welcome_message; $loadloginclass = new RegisteredUser(); $loadloginclass->login_page(); } else { echo $message_notvalid_password; } } }
/** * Creates a new comment */ private function _insertComment($data) { error_reporting(E_ALL); $sql = "INSERT INTO " . TABLE_PREFIX . "comment (page_id, author_name, author_email, author_link, body, ip, created_on, is_approved) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"; $pdo = Record::getConnection(); $stm = $pdo->prepare($sql); $stm->execute($data); }
$__CMS_CONN__->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true); } if ($driver === 'sqlite') { // Adding date_format function to SQLite 3 'mysql date_format function' if (!function_exists('mysql_date_format_function')) { function mysql_function_date_format($date, $format) { return strftime($format, strtotime($date)); } } $__CMS_CONN__->sqliteCreateFunction('date_format', 'mysql_function_date_format', 2); } // DEFINED ONLY FOR BACKWARDS SUPPORT - to be taken out before 0.9.0 $__FROG_CONN__ = $__CMS_CONN__; Record::connection($__CMS_CONN__); Record::getConnection()->exec("set names 'utf8'"); Setting::init(); use_helper('I18n'); AuthUser::load(); if (AuthUser::isLoggedIn()) { I18n::setLocale(AuthUser::getRecord()->language); } else { I18n::setLocale(Setting::get('language')); } // Only add the cron web bug when necessary if (defined('USE_POORMANSCRON') && USE_POORMANSCRON && defined('POORMANSCRON_INTERVAL')) { Observer::observe('page_before_execute_layout', 'run_cron'); function run_cron() { $cron = Cron::findByIdFrom('Cron', '1'); $now = time();
function save() { error_reporting(E_ALL); /* Setting::saveFromData() does not handle any errors so lets save manually. */ $pdo = Record::getConnection(); $table = TABLE_PREFIX . 'setting'; $assets_folder_list = serialize($_POST['assets_folder_list']); $query = "UPDATE {$table} \n SET value ='{$assets_folder_list}' \n WHERE name = 'assets_folder_list'"; $folder_created = false; foreach ($_POST['assets_folder_list'] as $folder) { $check_folder = FROG_ROOT . '/' . $folder; if (!file_exists($check_folder)) { if (@mkdir($check_folder)) { $folder_created = true; } else { Flash::set('error', __('NOTE! You must create folder :folder manually.', array(':folder' => $check_folder))); } } } if (false === $pdo->exec($query)) { Flash::set('error', __('An error has occured.')); $message = sprintf('Updating asset manager settings by :username failed.'); Observer::notify('log_event', $message, 'assets', DASHBOARD_LOG_CRIT); } else { if ($folder_created) { Flash::set('success', __('Folder has been created and settings have been updated')); } else { Flash::set('success', __('The settings have been updated.')); } $message = sprintf('Asset manager settings were updated by :username.'); Observer::notify('log_event', $message, 'assets'); } redirect(get_url('plugin/assets/settings')); }