/** * Constructor. * @param {array} $files Uploaded file(s). */ public function __construct($files) { $numItems = count($files['tmp_name']); for ($i = 0; $i < $numItems; $i++) { $error = $files['error'][$i]; // File input in form for which no file has been selected if ($error == UPLOAD_ERR_NO_FILE) { continue; } // Something actually went wrong with an upload if ($error != UPLOAD_ERR_OK) { $msg = sprintf('[%s] Upload error for file <code>%s</code>: %s', get_class(), htmlspecialchars($files['name'][$i]), self::getUploadErrorString($error)); ae_Log::error($msg); $json = str_replace('\\/', '/', json_encode($files)); ae_Log::debug('File ' . $i . ': ' . $json); continue; } $type = self::getMIMEType($files['tmp_name'][$i], $files['type'][$i]); $m = new ae_MediaModel(); $m->setName($files['name'][$i]); $m->setTmpName($files['tmp_name'][$i]); $m->setDatetime(date('Y-m-d H:i:s')); $m->setType($type); $m->setUserId(ae_Security::getCurrentUserId()); $m->setStatus(ae_MediaModel::STATUS_AVAILABLE); $m->setMetaInfo(self::getMetaInfo($m)); $this->items[] = $m; } }
/** * Save the page to DB. If an ID is set, it will update * the page, otherwise it will create a new one. * @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved * as new entry instead of updating. (Optional, default is FALSE.) * @return {boolean} TRUE, if saving is successful, FALSE otherwise. * @throws {Exception} If $forceInsert is TRUE, but no valid ID is set. */ public function save($forceInsert = FALSE) { if ($this->datetime == '0000-00-00 00:00:00') { $this->setDatetime(date('Y-m-d H:i:s')); } if (!ae_Validate::id($this->userId)) { $this->setUserId(ae_Security::getCurrentUserId()); } if ($this->permalink == '') { $this->setPermalink($this->title); } $params = array(':title' => $this->title, ':permalink' => $this->permalink, ':content' => $this->content, ':datetime' => $this->datetime, ':user' => $this->userId, ':comments' => $this->commentsStatus, ':status' => $this->status); // Create new page if ($this->id === FALSE && !$forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_PAGES . '` ( pa_title, pa_permalink, pa_content, pa_datetime, pa_user, pa_comments, pa_status ) VALUES ( :title, :permalink, :content, :datetime, :user, :comments, :status ) '; } else { if ($this->id !== FALSE && $forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_PAGES . '` ( pa_id, pa_title, pa_permalink, pa_content, pa_datetime, pa_user, pa_comments, pa_status ) VALUES ( :id, :title, :permalink, :content, :datetime, :user, :comments, :status ) '; $params[':id'] = $this->id; } else { if ($this->id !== FALSE) { $stmt = ' UPDATE `' . AE_TABLE_PAGES . '` SET pa_title = :title, pa_permalink = :permalink, pa_content = :content, pa_datetime = :datetime, pa_edit = :editDatetime, pa_user = :user, pa_comments = :comments, pa_status = :status WHERE pa_id = :id '; $params[':id'] = $this->id; $params[':editDatetime'] = date('Y-m-d H:i:s'); } else { $msg = sprintf('[%s] Supposed to insert new page with set ID, but no ID has been set.', get_class()); throw new Exception($msg); } } } if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } // If a new page was created, get the new ID if ($this->id === FALSE) { $this->setId($this->getLastInsertedId()); } return TRUE; }
public function testMisc() { $this->assertFalse(ae_Security::getCurrentUserId()); $this->assertNotEquals(trim(ae_Security::getSessionVerify()), ''); $this->assertFalse(ae_Security::isLoggedIn()); }
/** * Create the post. * @return {int} ID of the new post. */ function createPost() { if (!isset($_POST['post-title'], $_POST['post-permalink'], $_POST['post-content'], $_POST['post-tags'], $_POST['post-publish-month'], $_POST['post-publish-day'], $_POST['post-publish-year'], $_POST['post-publish-hour'], $_POST['post-publish-minute'], $_POST['submit'])) { header('Location: ../admin.php?error=missing_data_for_post'); exit; } $datetime = sprintf('%04d-%02d-%02d %02d:%02d:00', $_POST['post-publish-year'], $_POST['post-publish-month'], $_POST['post-publish-day'], $_POST['post-publish-hour'], $_POST['post-publish-minute']); $permalink = trim($_POST['post-permalink']); $status = $_POST['submit'] == 'draft' ? ae_PostModel::STATUS_DRAFT : ae_PostModel::STATUS_PUBLISHED; $post = new ae_PostModel(); if (isset($_POST['edit-id'])) { $post->setId($_POST['edit-id']); } $post->setTitle($_POST['post-title']); if ($permalink != '') { $post->setPermalink($permalink); } $post->setContent($_POST['post-content']); $post->setDatetime(isset($_POST['post-schedule']) ? $datetime : date('Y-m-d H:i:s')); $post->setCommentsStatus($_POST['post-comments-status']); $post->setStatus($status); $post->setTags($_POST['post-tags']); $post->setUserId(ae_Security::getCurrentUserId()); $post->save(); return $post->getId(); }
try { $co->setPostId($_POST['comment-post']); } catch (Exception $exc) { header('Location: ../?p=' . $_POST['comment-post'] . '&error=invalid_data#comment-form'); exit; } // Forgivable errors with default values for fallback try { $co->setAuthorName($_POST['comment-author-name']); $co->setAuthorEmail($_POST['comment-author-email']); $co->setAuthorUrl($url); $co->setAuthorIp($_SERVER['REMOTE_ADDR']); $co->setContent($content); $co->setStatus(COMMENT_DEFAULT_STATUS); if (ae_Security::isLoggedIn()) { $co->setUserId(ae_Security::getCurrentUserId()); } $filter = array('LIMIT' => FALSE, 'WHERE' => 'cf_status = :status'); $params = array(':status' => ae_CommentfilterModel::STATUS_ACTIVE); $cfList = new ae_CommentfilterList($filter, $params, FALSE); $keep = $cfList->applyFilters($co); if (!$keep) { header('Location: ../?p=' . $_POST['comment-post'] . '&error=comment_deleted_by_filter'); exit; } $co->save(); } catch (Exception $exc) { header('Location: ../?p=' . $_POST['comment-post'] . '&error=failed_to_save#comment-form'); exit; } header('Location: ../?p=' . $_POST['comment-post'] . '&saved#comment-' . $co->getId());