case "poll": echo "<script type='text/javascript'>document.location.href='" . e_HTTP . "comment.php?comment.{$table}.{$redirectFlag}'</script>\n"; exit; case "download": echo "<script type='text/javascript'>document.location.href='" . e_HTTP . "download.php?view.{$redirectFlag}'</script>\n"; exit; case "page": echo "<script type='text/javascript'>document.location.href='" . e_HTTP . "page.php?{$redirectFlag}'</script>\n"; exit; case 'user': echo "<script type='text/javascript'>document.location.href='" . e107::getUrl()->create('user/profile/view', 'id=' . $redirectFlag) . "'</script>\n"; exit; } // Check plugin e_comment.php files $plugin_redir = false; $e_comment = $cobj->get_e_comment(); if ($table == $e_comment[$table]['eplug_comment_ids']) { $plugin_redir = TRUE; $reply_location = str_replace('{NID}', $redirectFlag, $e_comment[$table]['reply_location']); } if ($plugin_redir) { echo "<script type='text/javascript'>document.location.href='{$reply_location}'</script>\n"; exit; } // No redirect found if we get here. } $comment_ob_start = FALSE; if ($action == "reply") { if (!$pref['nested_comments']) { header('Location: ' . e_BASE . 'comment.php?comment.{$table}.{$nid}'); exit;
function verify_sql_record() { global $emessage, $sql, $sql2, $sql3, $frm, $e107, $tp; $sql = e107::getDb(); $sql2 = e107::getDb('sql2'); $sql3 = e107::getDb('sql3'); $tables = array(); $tables[] = 'rate'; $tables[] = 'comments'; if (isset($_POST['delete_verify_sql_record'])) { if (!varset($_POST['del_dbrec'])) { $emessage->add('Nothing to delete', E_MESSAGE_DEBUG); } else { $msg = "ok, so you want to delete some records? not a problem at all!<br />"; $msg .= "but, since this is still an experimental procedure, i won't actually delete anything<br />"; $msg .= "instead, i will show you the queries that would be performed<br />"; $text .= "<br />"; $emessage->add($msg, E_MESSAGE_DEBUG); foreach ($_POST['del_dbrec'] as $k => $v) { if ($k == 'rate') { $keys = implode(", ", array_keys($v)); $qry .= "DELETE * FROM rate WHERE rate_id IN (" . $keys . ")<br />"; } elseif ($k == 'comments') { $keys = implode(", ", array_keys($v)); $qry .= "DELETE * FROM comments WHERE comment_id IN (" . $keys . ")<br />"; } } $emessage->add($qry, E_MESSAGE_DEBUG); $emessage->add("<a href='" . e_SELF . "'>" . LAN_BACK . "</a>", E_MESSAGE_DEBUG); } } //Nothing selected if (isset($_POST['check_verify_sql_record']) && (!isset($_POST['table_rate']) && !isset($_POST['table_comments']))) { $_POST['check_verify_sql_record'] = ''; unset($_POST['check_verify_sql_record']); $emessage->add(DBLAN_53, E_MESSAGE_WARNING); } if (!isset($_POST['check_verify_sql_record'])) { //select table to verify $text = "\n\t\t\t<form method='post' action='" . e_SELF . "'>\n\t\t\t\t<fieldset id='core-db-verify-sql-tables'>\n\t\t\t\t\t<legend class='e-hideme'>" . DBLAN_39 . "</legend>\n\t\t\t\t\t<table class='table adminlist'>\n\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t<col style='width: 100%' />\n\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t<thead>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<th class='last'>" . DBLAN_37 . "</th>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</thead>\n\t\t\t\t\t\t<tbody>\n\t\t"; foreach ($tables as $t) { $text .= "\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t" . $frm->checkbox('table_' . $t, $t) . $frm->label($t, 'table_' . $t, $t) . "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t"; } $text .= "\n\t\t\t\t\t\t</tbody>\n\t\t\t\t\t</table>\n\t\t\t\t\t<div class='buttons-bar center'>\n\t\t\t\t\t\t" . $frm->admin_button('check_verify_sql_record', DBLAN_38) . "\n\t\t\t\t\t\t" . $frm->admin_button('back', LAN_BACK, 'back') . "\n\t\t\t\t\t</div>\n\t\t\t\t</fieldset>\n\t\t\t</form>\n\t\t"; $e107->ns->tablerender(DBLAN_10 . ' - ' . DBLAN_39, $emessage->render() . $text); } else { //function to sort the results function verify_sql_record_cmp($a, $b) { $orderby = array('type' => 'asc', 'itemid' => 'asc'); $result = 0; foreach ($orderby as $key => $value) { if ($a[$key] == $b[$key]) { continue; } $result = $a[$key] < $b[$key] ? -1 : 1; if ($value == 'desc') { $result = -$result; } break; } return $result; } //function to display the results //$err holds the error data //$ctype holds the tablename function verify_sql_record_displayresult($err, $ctype) { global $frm; usort($err, 'verify_sql_record_cmp'); $text = "\n\n\t\t\t\t\t<fieldset id='core-core-db-verify-sql-records-{$ctype}'>\n\t\t\t\t\t\t<legend>" . DBLAN_40 . " " . $ctype . "</legend>\n\t\t\t\t\t\t<table class='table adminlist'>\n\t\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t\t<col style='width: 20%' />\n\t\t\t\t\t\t\t\t<col style='width: 10%' />\n\t\t\t\t\t\t\t\t<col style='width: 50%' />\n\t\t\t\t\t\t\t\t<col style='width: 20%' />\n\t\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t\t<thead>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<th>" . DBLAN_41 . "</th>\n\t\t\t\t\t\t\t\t\t<th>" . DBLAN_42 . "</th>\n\t\t\t\t\t\t\t\t\t<th>" . DBLAN_43 . "</th>\n\t\t\t\t\t\t\t\t\t<th class='center last'>" . LAN_OPTIONS . "</th>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</thead>\n\t\t\t\t\t\t\t<tbody>\n\t\t\t"; if (is_array($err) && !empty($err)) { foreach ($err as $k => $v) { $delkey = $v['sqlid']; $text .= "\n\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t<td>{$v['type']}</td>\n\t\t\t\t\t\t\t\t\t\t<td>{$v['itemid']}</td>\n\t\t\t\t\t\t\t\t\t\t<td>" . ($v['table_exist'] ? DBLAN_45 : DBLAN_46) . "</td>\n\t\t\t\t\t\t\t\t\t\t<td class='center'>\n\t\t\t\t\t\t\t\t\t\t\t" . $frm->checkbox('del_dbrec[' . $ctype . '][' . $delkey . '][]', '1') . $frm->label(LAN_DELETE, 'del_dbrec[' . $ctype . '][' . $delkey . '][]', '1') . "\n\t\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t"; } } else { $text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td colspan='4'>{$err}</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t"; } $text .= "\n\t\t\t\t\t\t\t</tbody>\n\t\t\t\t\t\t</table>\n\t\t\t\t\t</fieldset>\n\t\t\t"; return $text; } function verify_sql_record_gettables() { global $sql2; //array which will hold all db tables $dbtables = array(); //get all tables in the db $sql2->db_Select_gen("SHOW TABLES"); while ($row2 = $sql2->db_Fetch()) { $dbtables[] = $row2[0]; } return $dbtables; } $text = "<form method='post' action='" . e_SELF . (e_QUERY ? '?' . e_QUERY : '') . "'>"; //validate rate table records if (isset($_POST['table_rate'])) { $query = "\n\t\t\tSELECT r.*\n\t\t\tFROM #rate AS r\n\t\t\tWHERE r.rate_id!=''\n\t\t\tORDER BY r.rate_table, r.rate_itemid"; $data = array('type' => 'rate', 'table' => 'rate_table', 'itemid' => 'rate_itemid', 'id' => 'rate_id'); if (!$sql->db_Select_gen($query)) { $text .= verify_sql_record_displayresult(DBLAN_49, $data['type']); } else { //the master error array $err = array(); //array which will hold all db tables $dbtables = verify_sql_record_gettables(); while ($row = $sql->db_Fetch()) { $ctype = $data['type']; $cid = $row[$data['id']]; $citemid = $row[$data['itemid']]; $ctable = $row[$data['table']]; //if the rate_table is an existing table, we need to do more validation //else if the rate_table is not an existing table, this is an invalid reference //FIXME Steve: table is never found without MPREFIX; Multi-language tables? if (in_array(MPREFIX . $ctable, $dbtables)) { $sql3->db_Select_gen("SHOW COLUMNS FROM " . MPREFIX . $ctable); while ($row3 = $sql3->db_Fetch()) { //find the auto_increment field, since that's the most likely key used if ($row3['Extra'] == 'auto_increment') { $aif = $row3['Field']; break; } } //we need to check if the itemid (still) exists in this table //if the record is not found, this could well be an obsolete record //if the record is found, we need to keep this record since it's a valid reference if (!$sql2->db_Select("{$ctable}", "*", "{$aif}='{$citemid}' ORDER BY {$aif} ")) { $err[] = array('type' => $ctable, 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => TRUE); } } else { $err[] = array('type' => $ctable, 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => FALSE); } } $text .= verify_sql_record_displayresult($err ? $err : DBLAN_54, $ctype); } } //validate comments table records if (isset($_POST['table_comments'])) { $query = "\n\t\t\tSELECT c.*\n\t\t\tFROM #comments AS c\n\t\t\tWHERE c.comment_id!=''\n\t\t\tORDER BY c.comment_type, c.comment_item_id"; $data = array('type' => 'comments', 'table' => 'comment_type', 'itemid' => 'comment_item_id', 'id' => 'comment_id'); if (!$sql->db_Select_gen($query)) { $text .= verify_sql_record_displayresult(DBLAN_49, $data['type']); } else { //the master error array $err = array(); //array which will hold all db tables $dbtables = verify_sql_record_gettables(); //get all e_comment files and variables require_once e_HANDLER . "comment_class.php"; $cobj = new comment(); $e_comment = $cobj->get_e_comment(); while ($row = $sql->db_Fetch()) { $ctype = $data['type']; $cid = $row[$data['id']]; $citemid = $row[$data['itemid']]; $ctable = $row[$data['table']]; //for each comment we need to validate the referencing record exists //we need to check if the itemid (still) exists in this table //if the record is not found, this could well be an obsolete record //if the record is found, we need to keep this record since it's a valid reference // news if ($ctable == "0") { if (!$sql2->db_Select("news", "*", "news_id='{$citemid}' ")) { $err[] = array('type' => 'news', 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => TRUE); } // article, review or content page } elseif ($ctable == "1") { // downloads } elseif ($ctable == "2") { if (!$sql2->db_Select("download", "*", "download_id='{$citemid}' ")) { $err[] = array('type' => 'download', 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => TRUE); } // poll } elseif ($ctable == "4") { if (!$sql2->db_Select("polls", "*", "poll_id='{$citemid}' ")) { $err[] = array('type' => 'polls', 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => TRUE); } // userprofile } elseif ($ctable == "profile") { if (!$sql2->db_Select("user", "*", "user_id='{$citemid}' ")) { $err[] = array('type' => 'user', 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => TRUE); } //else if this is a plugin comment } elseif (isset($e_comment[$ctable]) && is_array($e_comment[$ctable])) { $var = $e_comment[$ctable]; $qryp = ''; //new method must use the 'qry' variable if (isset($var) && $var['qry'] != '') { if ($installed = $sql2->db_Select("plugin", "*", "plugin_path = '" . $var['plugin_path'] . "' AND plugin_installflag = '1' ")) { $qryp = str_replace("{NID}", $citemid, $var['qry']); if (!$sql2->db_Select_gen($qryp)) { $err[] = array('type' => $ctable, 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => TRUE); } } //old method } else { if (!$sql2->db_Select($var['db_table'], $var['db_title'], $var['db_id'] . " = '{$citemid}' ")) { $err[] = array('type' => $ctable, 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => TRUE); } } //in all other cases } else { $err[] = array('type' => $ctable, 'sqlid' => $cid, 'table' => $ctable, 'itemid' => $citemid, 'table_exist' => FALSE); } } $text .= verify_sql_record_displayresult($err ? $err : DBLAN_54, $ctype); } } $text .= "\n\t\t\t\t<div class='buttons-bar center'>\n\t\t\t\t\t" . $frm->admin_button('delete_verify_sql_record', LAN_DELCHECKED, 'delete') . "\n\t\t\t\t\t" . $frm->admin_button('verify_sql_record', LAN_BACK, 'back') . "\n\n\t\t\t\t</div>\n\t\t\t</form>\n\t\t"; $e107->ns->tablerender(DBLAN_10 . ' - ' . DBLAN_50, $emessage->render() . $text); } }