function do_insert_resource($inserts, $name, $vars) { global $OWNER_FIELD, $MODDATE_FIELD, $MAINTABLES, $PKEY; global $MYSQL_ERRORS; if (@$inserts['-file']) { $file = $inserts['-file']; unset($inserts['-file']); } $is_ver_field = get_lvalues('RESOURCE_VERSION'); $res_fields = array(); $ver_fields = array(); // separate out the stuff that goes in the RESOURCE table from the stuff that goes in RESOURCE_VERSION foreach ($inserts as $field => $val) { if (@$is_ver_field[$field]) { $ver_fields[$field] = $val; } else { $res_fields[$field] = $val; } } if (count($res_fields) == 0) { // this is necessary: there could be resources that are entirely in their versions $res_fields[RESOURCE_KEY] = NULL; } if (mysql__insert($MAINTABLES['RESOURCE'], $res_fields)) { $pkey = mysql_insert_id(); } else { array_push($MYSQL_ERRORS, mysql_error()); } $ver_fields[RESOURCE_VERSION_RESOURCEKEY] = $pkey; if (@$INIDATE_FIELD['RESOURCE_VERSION']) { $ver_fields[$INIDATE_FIELD['RESOURCE_VERSION']] = date('Y-m-d H:i:s'); } if (@$MODDATE_FIELD['RESOURCE_VERSION']) { $ver_fields[$MODDATE_FIELD['RESOURCE_VERSION']] = date('Y-m-d H:i:s'); } if (@$OWNER_FIELD['RESOURCE_VERSION']) { $ver_fields[$OWNER_FIELD['RESOURCE_VERSION']] = get_user_id(); } if (mysql__insert($MAINTABLES['RESOURCE_VERSION'], $ver_fields)) { $ver = mysql_insert_id(); } else { array_push($MYSQL_ERRORS, mysql_error()); } if ($file && $pkey && $ver) { do_file_update($file, 'RESOURCE_VERSION', RESOURCE_VERSION_RESOURCEKEY . '="' . $pkey . '" and ' . RESOURCE_VERSION_VERSIONKEY . '="' . $ver . '"', 'RESOURCE_VERSION/' . $pkey . '_' . $ver); } return $pkey; }
} } /* go for the regular update/insert on all records */ $out = array("record" => array()); foreach ($_REQUEST["records"] as $nonce => $record) { if (!$record["id"]) { $wg = defined(HEURIST_NEWREC_OWNER_ID) ? HEURIST_NEWREC_OWNER_ID : get_user_id(); if (@$record["group"]) { // check membership as non-member saves are not allowed $res = mysql_query("select * from " . USERS_DATABASE . ".sysUsrGrpLinks where ugl_UserID=" . get_user_id() . " and ugl_GroupID=" . $record["group"]); $wg = mysql_num_rows($res) > 0 ? $record["group"] : get_user_id(); // if not a member we save the record with user as owner } $type = @$record['type']; if ($type) { mysql__insert("Records", array("rec_AddedByUGrpID" => get_user_id(), "rec_RecTypeID" => $type, "rec_OwnerUGrpID" => $wg, "rec_FlagTemporary" => 1, "rec_Added" => date('Y-m-d H:i:s'))); if (mysql_error()) { array_push($out["record"], array("error" => " creating temporary record nonce = {$nonce} rectype = " . @$record["type"] . " error : " . mysql_error(), "record" => $record, "nonce" => $nonce)); $_REQUEST["records"][$nonce]["id"] = -1; } else { $id = mysql_insert_id(); $_REQUEST["records"][$nonce]["id"] = $id; } } else { array_push($out["record"], array("error" => " creating temporary record nonce = {$nonce} no rectype given", "record" => $record, "nonce" => $nonce)); $_REQUEST["records"][$nonce]["id"] = -1; } } $nonces[$nonce] = $_REQUEST["records"][$nonce]["id"]; } foreach ($_REQUEST["records"] as $nonce => $record) {
function handleComments($recordID, $removals, $modifications, $additions) { // removals are encoded as just the comments ID# ... easy. if ($removals) { $removals = array_map("intval", $removals); mysql_query("update recThreadedComments set cmt_Deleted=1\n where cmt_OwnerUGrpID=" . get_user_id() . " and cmt_RecID={$recordID} and cmt_ID in (" . join(",", $removals) . ")"); } // modifications have the values // .id, .parentComment, .text foreach ($modifications as $modification) { // note that parentComment (of course) cannot be modified mysql__update("recThreadedComments", "cmt_ID=" . intval($modification["id"]) . " and cmt_OwnerUGrpID=" . get_user_id(), array("cmt_Text" => $modification["text"], "cmt_Modified" => date('Y-m-d H:i:s'))); } // additions are the same as modifications, except that the COMMENT-ID is blank (of course!) $newIDs = array(); foreach ($additions as $addition) { $parentID = intval($addition["parentComment"]); // do a sanity check first: does this reply make sense? $parentTest = $parentID ? "cmt_ID={$parentID}" : "cmt_ID is null"; if (!mysql__select_array("Records left join recThreadedComments on rec_ID=cmt_RecID and {$parentTest}", "rec_ID", "rec_ID={$recordID} and {$parentTest}")) { array_push($newIDs, array("error" => "invalid parent comments")); continue; } if (!$parentID || intval($parentID) === 0) { $parentID = null; } mysql__insert("recThreadedComments", array("cmt_Text" => $addition["text"], "cmt_Added" => date('Y-m-d H:i:s'), "cmt_OwnerUGrpID" => get_user_id(), "cmt_ParentCmtID" => $parentID, "cmt_RecID" => $recordID)); array_push($newIDs, array("id" => mysql_insert_id())); } return $newIDs; }
$res = mysql_query("select usr.ugr_ID from " . USERS_DATABASE . ".sysUGrps usr where concat(usr.ugr_FirstName, ' ', usr.ugr_LastName) = '" . addslashes($_POST["reminder-user"]) . "'"); $user = mysql_fetch_row($res); if ($user) { $_POST["reminder-user"] = intval($user[0]); } else { print "({ error: \"User '" . addslashes($_POST["reminder-user"]) . "' not found\" })"; return; } } $rem = array("rem_RecID" => $rec_id, "rem_OwnerUGrpID" => get_user_id(), "rem_ToUserID" => $_POST["reminder-user"] > 0 ? $_POST["reminder-user"] : null, "rem_ToWorkgroupID" => $_POST["reminder-group"] > 0 ? $_POST["reminder-group"] : null, "rem_ToEmail" => $_POST["reminder-email"], "rem_StartDate" => $_POST["reminder-when"], "rem_Freq" => $_POST["reminder-frequency"], "rem_Message" => $_POST["reminder-message"], "rem_Nonce" => dechex(rand())); if ($_POST["mail-now"]) { /* user clicked "notify immediately" */ require_once "sendReminder.php"; print sendReminderEmail($rem); } else { mysql__insert("usrReminders", $rem); if (mysql_error()) { print "({ error: \"Internal database error - " . mysql_error() . "\" })"; return; } $rem_id = mysql_insert_id(); $res = mysql_query("select * from usrReminders where rem_ID = {$rem_id}"); $rem = mysql_fetch_assoc($res); ?> ({ reminder: { id: <?php echo $rem["rem_ID"]; ?> , user: <?php echo intval($rem["rem_ToUserID"]);
if (!is_logged_in()) { header('Location: ' . HEURIST_BASE_URL . 'common/connect/login.php?db=' . HEURIST_DBNAME); return; } if (@$_REQUEST['submitted']) { mysql_connection_overwrite(USERS_DATABASE); mysql_query('update sysUGrps usr set ugr_MinHyperlinkWords = ' . intval(@$_REQUEST['word_limit']) . ' where usr.ugr_ID=' . get_user_id()); mysql_connection_overwrite(USERS_DATABASE); mysql_query('update sysUGrps usr set ugr_MinHyperlinkWords = ' . intval(@$_REQUEST['word_limit']) . ' where usr.ugr_ID=' . get_user_id()); mysql_connection_overwrite(DATABASE); if (@$_REQUEST['new_hyp_text']) { $res = mysql_query('select * from usrHyperlinkFilter where (hyf_UGrpID is null or hyf_UGrpID=' . get_user_id() . ') and hyf_String="' . mysql_real_escape_string(@$_REQUEST['new_hyp_text']) . '"'); if (mysql_num_rows($res) == 0) { mysql__insert('usrHyperlinkFilter', array('hyf_String' => @$_REQUEST['new_hyp_text'], 'hyf_UGrpID' => get_user_id())); } } } $tag_message = ''; if (@$_REQUEST['delete_kwd_id']) { mysql_connection_overwrite(DATABASE); $kwd_id = intval(@$_REQUEST['delete_kwd_id']); mysql_query('delete from usrTags where tag_ID = ' . $kwd_id . ' and tag_UGrpID= ' . get_user_id()); if (mysql_affected_rows()) { mysql_query('delete from usrRecTagLinks where rtl_TagID = ' . $kwd_id); $tag_message .= '<div class="success">Tag was deleted</div>'; } else { $tag_message .= '<div class="failure">Tag was not deleted</div>'; } }
function insertRecord($rtyID = null) { // check if there is preference for OwnerGroup and visibility $addRecDefaults = @$_SESSION[HEURIST_SESSION_DB_PREFIX . 'heurist']["display-preferences"]['addRecDefaults']; if ($addRecDefaults) { if ($addRecDefaults[1]) { $userDefaultOwnerGroupID = intval($addRecDefaults[1]); } if ($addRecDefaults[2]) { $userDefaultVisibility = $addRecDefaults[2]; } } $usrID = get_user_id(); //set owner to passed value else to NEWREC default if defined else to user //ART $owner = @$_POST["owner"]?$_POST["owner"]:( defined("HEURIST_NEWREC_OWNER_ID") ? HEURIST_NEWREC_OWNER_ID : get_user_id()); //ART $owner = ((@$_POST["owner"] || @$_POST["owner"] === '0') ? intval($_POST["owner"]) :(defined('HEURIST_NEWREC_OWNER_ID') ? HEURIST_NEWREC_OWNER_ID : get_user_id())); $owner = is_numeric(@$_POST['rec_owner']) ? intval($_POST['rec_owner']) : (is_numeric(@$userDefaultOwnerGroupID) ? $userDefaultOwnerGroupID : (defined('HEURIST_NEWREC_OWNER_ID') ? HEURIST_NEWREC_OWNER_ID : intval($usrID))); $nonownervisibility = @$_POST['rec_visibility'] ? strtolower($_POST['rec_visibility']) : (@$userDefaultVisibility ? $userDefaultVisibility : (defined('HEURIST_NEWREC_ACCESS') ? HEURIST_NEWREC_ACCESS : 'viewable')); //error_log(" in insertRecord"); // if non zero (everybody group, test if user is member, if not then set owner to user if (intval($owner) != 0 && !in_array($owner, get_group_ids())) { $owner = get_user_id(); } // Try to insert anything in POST as details of a new Record. // We do this by creating a stub record, and then updating it. mysql__insert("Records", array("rec_Added" => date('Y-m-d H:i:s'), "rec_AddedByUGrpID" => get_user_id(), "rec_RecTypeID" => intval($rtyID), "rec_ScratchPad" => @$_POST["notes"] ? $_POST["notes"] : null, "rec_OwnerUGrpID" => $owner, "rec_NonOwnerVisibility" => $nonownervisibility, "rec_URL" => @$_POST["rec_url"] ? $_POST["rec_url"] : "")); $_REQUEST["recID"] = $recID = mysql_insert_id(); if ($recID) { //error_log(" in insertRecord recID = $recID"); if ($usrID) { mysql__insert('usrBookmarks', array('bkm_recID' => $recID, 'bkm_Added' => date('Y-m-d H:i:s'), 'bkm_Modified' => date('Y-m-d H:i:s'), 'bkm_UGrpID' => $usrID)); } updateRecord($recID, $rtyID); return true; } else { return false; } }
} } // handle request for relationship records if (@$_REQUEST["related"]) { $other_bib_id = $_REQUEST["related"]; $reln_type = "IsRelatedTo"; if (@$_REQUEST["reltype"]) { mysql_query("select trm_ID,trm_Label from defTerms where trm_Label like '" . mysql_real_escape_string($_REQUEST["reltype"]) . "' limit 1;"); if (mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $reln_type = $row["trm_ID"]; // saw TODO: check that this is aligned with the enum value change // saw TODO check if CONSTRAINTS are fine else give constraint error } } mysql__insert("Records", array("rec_Title" => "Relationship ({$rec_id} {$reln_type} {$other_bib_id})", "rec_Added" => date('Y-m-d H:i:s'), "rec_Modified" => date('Y-m-d H:i:s'), "rec_RecTypeID" => RT_RELATION, "rec_AddedByUGrpID" => $usrID)); $relnBibID = mysql_insert_id(); if ($relnBibID > 0) { $query = "insert into recDetails (dtl_RecID, dtl_DetailTypeID, dtl_Value) values "; $query .= "({$relnBibID}, {$titleDT}, 'Relationship')"; $query .= ", ({$relnBibID}, {$relSrcDT}, {$rec_id})"; $query .= ", ({$relnBibID}, {$relTrgDT}, {$other_bib_id})"; $query .= ", ({$relnBibID}, {$relTypDT}, '" . mysql_real_escape_string($reln_type) . "')"; //saw BUG!!! places in label not ID mysql_query($query); } } if ($bkm_ID) { if ($isNewRecID) { $url = HEURIST_BASE_URL . 'records/edit/editRecord.html?db=' . HEURIST_DBNAME . '&bkmk_id=' . $bkm_ID . '&fromadd=new_bib' . $outdate . $wg; header('Location: ' . $url);
function do_fix_dupe() { $master_rec_id = $_SESSION['master_rec_id']; $master_details = $_SESSION['master_details']; unset($_SESSION['master_details']); //clear master_details so we don't re-enter this code unset($_SESSION['master_rec_id']); $_SESSION['finished_merge'] = 1; // set state variable for next loop $dup_rec_ids = array(); if (in_array($master_rec_id, explode(',', $_REQUEST['bib_ids']))) { $dup_rec_ids = array_diff(explode(',', $_REQUEST['bib_ids']), array($master_rec_id)); } $dup_rec_list = '(' . join(',', $dup_rec_ids) . ')'; $add_dt_ids = array(); // array of detail ids to insert for the master record grouped by detail type is $update_dt_ids = array(); // array of detail ids to get value for updating the master record $keep_dt_ids = array(); // array of master record repeatable detail ids to keep grouped by detail type id- used to find master details to remove //parse form data foreach ($_REQUEST as $key => $value) { preg_match('/(add|update|keep)(\\d+)/', $key, $matches); if (!$matches) { continue; } switch (strtolower($matches[1])) { case 'add': $add_dt_ids[$matches[2]] = $value; break; case 'update': if ($value != "master") { $update_dt_ids[$matches[2]] = $value; } break; case 'keep': $keep_dt_ids[$matches[2]] = $value; break; } } // mysql_connection_overwrite("`heuristdb-nyirti`"); //for debug mysql_connection_overwrite(DATABASE); // mysql_query('set @suppress_update_trigger:=1'); // shut off update triggers to let us munge the records with out worrying about the archive. // set modified on master so the changes will stick aslo update url if there is one. $now = date('Y-m-d H:i:s'); $pairs = @$_REQUEST['URL'] ? array("rec_URL" => $_REQUEST['URL'], "rec_Modified" => $now) : array("rec_Modified" => $now); mysql__update("Records", "rec_ID={$master_rec_id}", $pairs); //process keeps - which means find repeatables in master record to delete all_details - keeps = deletes //get array of repeatable detail ids for master $master_rep_dt_ids = array(); $res = mysql_query('select rst_DetailTypeID from defRecStructure where rst_MaxValues != 1 and rst_RecTypeID = ' . $_SESSION['rty_ID']); while ($row = mysql_fetch_array($res)) { array_push($master_rep_dt_ids, $row[0]); } $master_rep_detail_ids = array(); foreach ($master_rep_dt_ids as $rep_dt_id) { if (array_key_exists($rep_dt_id, $master_details)) { foreach ($master_details[$rep_dt_id] as $detail) { array_push($master_rep_detail_ids, $detail['dtl_ID']); } } } //get flat array of keep detail ids if ($keep_dt_ids && count($keep_dt_ids)) { $master_keep_ids = array(); foreach ($keep_dt_ids as $dt_id => $details) { foreach ($details as $detail) { array_push($master_keep_ids, $detail); } } } //diff the arrays don't delet yet as the user might be adding an existing value $master_delete_dt_ids = array(); if ($master_rep_detail_ids) { $master_delete_dt_ids = array_diff($master_rep_detail_ids, $master_keep_ids); } //ART HERE $master_keep_ids //FIXME add code to remove any none repeatable extra details //for each update if ($update_dt_ids) { $update_detail = array(); foreach ($update_dt_ids as $rdt_id => $rd_id) { //look up data for detail and $update_detail = mysql_fetch_assoc(mysql_query('select * from recDetails where dtl_ID=' . $rd_id)); // if exist in master details update val if (in_array($rdt_id, array_keys($master_details))) { mysql__update("recDetails", "dtl_ID=" . $master_details[$rdt_id][0]['dtl_ID'], array("dtl_Value" => $update_detail['dtl_Value'])); // else insert the data as detail for master record } else { unset($update_detail['dtl_ID']); //get rid of the detail id the insert will create a new one. $update_detail['dtl_RecID'] = $master_rec_id; // set this as a detail of the master record mysql__insert('recDetails', $update_detail); } } } //process adds if ($add_dt_ids) { $add_details = array(); // for each add detail foreach ($add_dt_ids as $key => $detail_ids) { foreach ($detail_ids as $detail_id) { // since adds are only for repeatables check if it exist in delete array ?yes - remove from delete list if there if ($key_remove = array_search($detail_id, $master_delete_dt_ids) !== FALSE) { //FIXME need to compare teh value not the dtl_ID (they will always be diff) //remove from array unset($master_delete_dt_ids[$key_remove]); } else { //no then lookup data for detail and insert the data as detail under the master rec id $add_detail = mysql_fetch_assoc(mysql_query('select * from recDetails where dtl_ID=' . $detail_id)); unset($add_detail['dtl_ID']); //the id is auto set during insert $add_detail['dtl_RecID'] = $master_rec_id; mysql__insert('recDetails', $add_detail); } } } } foreach ($dup_rec_ids as $dup_rec_id) { //saw FIXME we should be updating the chain of links mysql_query('insert into recForwarding (rfw_OldRecID, rfw_NewRecID) values (' . $dup_rec_id . ', ' . $master_rec_id . ')'); //saw FIXME we should update the relationship table on both rr_rec_idxxx fields } // move dup bookmarks and tags to master unless they are already there //get bookmarkid =>userid for bookmarks of master record $master_bkm_UGrpIDs = mysql__select_assoc('usrBookmarks', 'bkm_ID', 'bkm_UGrpID', 'bkm_recID = ' . $master_rec_id); //get kwd_ids for all bookmarks of master record $master_tag_ids = mysql__select_array('usrRecTagLinks', 'rtl_TagID', 'rtl_RecID = ' . $master_rec_id); //get bookmarkid => userid of bookmarks for dup records $dup_bkm_UGrpIDs = mysql__select_assoc('usrBookmarks', 'bkm_ID', 'bkm_UGrpID', 'bkm_recID in' . $dup_rec_list); // if dup userid already has a bookmark on master record then add dup bkm_ID to delete_bkm_IDs_list else add to update_bkm_IDs $update_bkm_IDs = array(); $delete_bkm_IDs = array(); $dup_delete_bkm_ID_to_master_bkm_id = array(); //for every user or group that bookmarks a dup record if it already bookmarks the master then mark it for deletion // otherwise mark it for update to point to the master record foreach ($dup_bkm_UGrpIDs as $dup_bkm_ID => $dup_bkm_UGrpID) { if (count(@$master_bkm_UGrpIDs) && ($matching_master_bkm_ID = array_search($dup_bkm_UGrpID, $master_bkm_UGrpIDs))) { array_push($delete_bkm_IDs, $dup_bkm_ID); $dup_delete_bkm_ID_to_master_bkm_id[$dup_bkm_ID] = $matching_master_bkm_ID; } else { array_push($update_bkm_IDs, $dup_bkm_ID); $master_bkm_UGrpIDs[$dup_bkm_ID] = $dup_bkm_UGrpID; } } //move duplicate record bookmarks for users without bookmarks on the master record $update_bkm_IDs_list = '(' . join(',', $update_bkm_IDs) . ")"; $delete_bkm_IDs_list = '(' . join(',', $delete_bkm_IDs) . ")"; if (strlen($update_bkm_IDs_list) > 2) { // update the bookmarks and tags that are not in the master mysql_query('update usrBookmarks set bkm_recID=' . $master_rec_id . ' where bkm_ID in ' . $update_bkm_IDs_list); // mysql_query('update usrRecTagLinks set rtl_RecID='.$master_rec_id.' where kwl_pers_id in '.$update_bkm_IDs_list); } // process to be deleted dup bookmarks foreach ($delete_bkm_IDs as $delete_dup_bkm_ID) { //copy soon to be deleted dup bookmark data to master record bookmark by concat notes and pwd_reminder, max of ratings and copy zotero if non existant $master_bkm_ID = @$dup_delete_bkm_ID_to_master_bkm_id[$delete_dup_bkm_ID]; $res1 = mysql_query('select * from usrBookmarks where bkm_ID=' . $master_bkm_ID); $res2 = mysql_query('select * from usrBookmarks where bkm_ID=' . $delete_dup_bkm_ID); if (!($res1 && $res2)) { continue; } $master_pers_record = mysql_fetch_assoc($res1); $delete_dup_pers_record = mysql_fetch_assoc($res2); // $master_pers_record['pers_notes'] .= $delete_dup_pers_record['pers_notes']; $master_pers_record['bkm_PwdReminder'] .= "; " . $delete_dup_pers_record['bkm_PwdReminder']; $master_pers_record['bkm_Rating'] = max($master_pers_record['bkm_Rating'], $delete_dup_pers_record['bkm_Rating']); if (!$master_pers_record['bkm_ZoteroID']) { $master_pers_record['bkm_ZoteroID'] = $delete_dup_pers_record['bkm_ZoteroID']; } unset($master_pers_record['bkm_ID']); mysql__update('usrBookmarks', 'bkm_ID=' . $master_bkm_ID, $master_pers_record); } //for every delete dup tag link whoses tag id is not already linked to the master record change the record id to master //get tag links for the soon to be deleted dup records $delete_dup_rtl_ids = mysql__select_assoc('usrRecTagLinks', 'rtl_ID', 'rtl_TagID', 'rtl_RecID in' . $dup_rec_list); foreach ($delete_dup_rtl_ids as $rtl_ID => $tag_id) { if (count($master_tag_ids) && array_search($tag_id, $master_tag_ids)) { //if it's already linked to the master delete it mysql_query('delete from usrRecTagLinks where rtl_ID = ' . $rtl_ID); //FIXME add error code } else { // otherwise point it to the master record mysql_query('update usrRecTagLinks set rtl_RecID=' . $master_rec_id . ', where rtl_ID = ' . $rtl_ID); array_push($master_tag_ids, $tag_id); // add to the array of tagids already on the master record } } // move reminders to master mysql_query('update usrReminders set rem_RecID=' . $master_rec_id . ' where rem_RecID in ' . $dup_rec_list); //?FIXME do we need to check reminders like we checked usrBookmarks //delete master details if ($master_delete_dt_ids && count($master_delete_dt_ids)) { $master_detail_delete_list = '(' . join(',', $master_delete_dt_ids) . ')'; mysql_query('delete from recDetails where dtl_ID in ' . $master_detail_delete_list); //FIXME add error code } //delete dup details mysql_query('delete from recDetails where dtl_RecID in ' . $dup_rec_list); //delete dup usrBookmarks if (strlen($delete_bkm_IDs_list) > 2) { mysql_query('delete from usrBookmarks where bkm_ID in ' . $delete_bkm_IDs_list); } // move dup record pointers to master record mysql_query('update recDetails left join defDetailTypes on dty_ID=dtl_DetailTypeID set dtl_Value=' . $master_rec_id . ' where dtl_Value in ' . $dup_rec_list . ' and dty_Type="resource"'); //delete dups mysql_query('delete from Records where rec_ID in ' . $dup_rec_list); //delete unwanted details in master //if ($master_delete_dt_ids && $master_delete_dt_ids[0]){ // $master_delete_dt_ids_list = '('.join(',',$master_delete_dt_ids). ')' ; // mysql_query('delete from recDetails where dtl_ID in '.$master_delete_dt_ids_list); // } //try to get the record to update title and hash // calculate title, do an update $type = $_SESSION['rty_ID']; $mask = mysql__select_array("defRecTypes", "rty_TitleMask", "rty_ID=" . $type); if ($mask && count($mask) > 0) { $mask = $mask[0]; $title = fill_title_mask($mask, $master_rec_id, $type); if ($title) { mysql_query("update Records set rec_Title = '" . mysql_real_escape_string($title) . "' where rec_ID = {$master_rec_id}"); } } mysql_query('update Records set rec_Hash = hhash(rec_ID) where rec_ID=' . $master_rec_id); header('Location: combineDuplicateRecords.php?db=' . HEURIST_DBNAME . '&bib_ids=' . $_REQUEST['bib_ids']); }
function insertRecord($rtyID = null) { // check if there is preference for OwnerGroup and visibility $addRecDefaults = getDefaultOwnerAndibility($_REQUEST); $usrID = get_user_id(); // Try to insert anything in POST as details of a new Record. // We do this by creating a stub record, and then updating it. mysql__insert("Records", array("rec_Added" => date('Y-m-d H:i:s'), "rec_AddedByUGrpID" => get_user_id(), "rec_RecTypeID" => intval($rtyID), "rec_ScratchPad" => @$_REQUEST["notes"] ? $_REQUEST["notes"] : null, "rec_OwnerUGrpID" => $addRecDefaults[1], "rec_NonOwnerVisibility" => $addRecDefaults[2], "rec_URL" => @$_REQUEST["rec_url"] ? $_REQUEST["rec_url"] : "")); $_REQUEST["recID"] = $recID = mysql_insert_id(); if ($recID) { if ($usrID) { mysql__insert('usrBookmarks', array('bkm_recID' => $recID, 'bkm_Added' => date('Y-m-d H:i:s'), 'bkm_Modified' => date('Y-m-d H:i:s'), 'bkm_UGrpID' => $usrID)); } updateRecord($recID, $rtyID); return true; } else { return false; } }
function insert_bookmark(&$entry) { // Make sure that there is a bookmark for this entry (which has Biblio ID set) // and insert tags as necessary. // Returns true if a bookmark was added. global $zoteroItems; if (!$entry->getBiblioID()) { return false; } // First: check if the user already has a bookmark for this records $res = mysql_query('select bkm_ID from usrBookmarks where bkm_recID = ' . $entry->getBiblioID() . ' and bkm_UGrpID = ' . get_user_id()); if (mysql_num_rows($res) > 0) { $bkm_ID = mysql_fetch_row($res); $bkm_ID = $bkm_ID[0]; if (is_a($entry->getForeignPrototype(), 'HeuristZoteroEntry')) { mysql_query('update usrBookmarks set bkm_ZoteroID = ' . $entry->getForeignPrototype()->getZoteroID() . ' where bkm_ID=' . $bkm_ID); $zoteroItems[$entry->getForeignPrototype()->getZoteroID()] = $entry->getBiblioID(); } $entry->setBookmarkID($bkm_ID); return false; } else { // Otherwise insert a new bookmark. $bkmk = array('bkm_recID' => $entry->getBiblioID(), 'bkm_Added' => date('Y-m-d H:i:s'), 'bkm_Modified' => date('Y-m-d H:i:s'), 'bkm_UGrpID' => get_user_id(), 'bkm_AddedByImport' => 1); if (is_a($entry->getForeignPrototype(), 'HeuristZoteroEntry')) { $bkmk['bkm_ZoteroID'] = $entry->getForeignPrototype()->getZoteroID(); $zoteroItems[$entry->getForeignPrototype()->getZoteroID()] = $entry->getBiblioID(); } /* dead code if ($entry->getBkmkNotes()) { // pers_notes aren't visible in heurist any more // stick this stuff in the scratchpad instead //$bkmk['pers_notes'] = $entry->getBkmkNotes(); } */ mysql__insert('usrBookmarks', $bkmk); $bkm_ID = mysql_insert_id(); $entry->setBookmarkID($bkm_ID); return true; } }
$updates["cmt_Deleted"] = true; } mysql__update("recThreadedComments", "cmt_ID={$cmt_id} and cmt_OwnerUgrpID=" . get_user_id(), $updates); if (mysql_error()) { $error = mysql_error(); } $res = mysql_query("select * from recThreadedComments left join " . USERS_DATABASE . ".sysUGrps usr on cmt_OwnerUgrpID=usr.ugr_ID where cmt_ID={$cmt_id} and ! cmt_Deleted"); $cmt = mysql_fetch_assoc($res); } else { if ($rec_id) { // ADD NEW COMMENT TO RECORD $inserts = array("cmt_Text" => $_POST["text"], "cmt_Added" => array("now()"), "cmt_OwnerUgrpID" => get_user_id(), "cmt_RecID" => $rec_id); if ($owner) { $inserts["cmt_ParentCmtID"] = $owner; } mysql__insert("recThreadedComments", $inserts); if (mysql_error()) { $error = mysql_error(); } $query = "select * from recThreadedComments left join " . USERS_DATABASE . ".sysUGrps usr on cmt_OwnerUgrpID=usr.ugr_ID where cmt_ID=" . mysql_insert_id(); $res = mysql_query($query); $cmt = mysql_fetch_assoc($res); } } if (@$error) { print "({ error: \"" . slash($error) . "\" })"; } else { if (@$cmt) { print "({ comment: " . json_format(array("id" => $cmt["cmt_ID"], "text" => $cmt["cmt_Text"], "owner" => $cmt["cmt_ParentCmtID"], "user" => $cmt["ugr_FirstName"] . ' ' . $cmt["ugr_LastName"], "userID" => $cmt["cmt_OwnerUgrpID"], "deleted" => false)) . " })"; } }
function records_check($url, $title, $notes, $user_rec_id) { /* * Look for a Records record corresponding to the given record; * user_rec_id is the user's preference if there isn't an exact match. * Insert one if it doesn't already exist; * return the rec_ID, or 0 on failure. * If there are a number of similar URLs, return a list of their rec_ids. */ // saw FIXME this should be $res = mysql_query('select rec_ID from Records where rec_URL = "' . mysql_real_escape_string($url) . '" and (rec_OwnerUGrpID=0 or not rec_NonOwnerVisibility="hidden")'); if (mysql_num_rows($res) > 0) { $bib = mysql_fetch_assoc($res); return $bib['rec_ID']; } if ($user_rec_id > 0) { $res = mysql_query('select rec_ID from Records where rec_ID = "' . mysql_real_escape_string($user_rec_id) . '" and (rec_OwnerUGrpID=0 or not rec_NonOwnerVisibility="hidden")'); if (mysql_num_rows($res) > 0) { $bib = mysql_fetch_assoc($res); return $bib['rec_ID']; } } else { if (!$user_rec_id) { $rec_ids = similar_urls($url); if ($rec_ids) { return $rec_ids; } /* $par_url = preg_replace('/[?].*'.'/', '', $url); if (substr($par_url, strlen($par_url)-1) == '/') // ends in a slash; remove it $par_url = substr($par_url, 0, strlen($par_url)-1); $res = mysql_query('select rec_ID from Records where rec_URL like "'.mysql_real_escape_string($par_url).'%" and (rec_OwnerUGrpID=0 or not rec_NonOwnerVisibility="hidden")'); if (mysql_num_rows($res) > 0) { $rec_ids = array(); while ($row = mysql_fetch_row($res)) array_push($rec_ids, $row[0]); return $rec_ids; } */ } } // no similar URLs, no exactly matching URL, or user has explicitly selected "add new URL" //insert the main record if (mysql__insert('Records', array('rec_RecTypeID' => RT_INTERNET_BOOKMARK, 'rec_URL' => $url, 'rec_Added' => date('Y-m-d H:i:s'), 'rec_Modified' => date('Y-m-d H:i:s'), 'rec_Title' => $title, 'rec_ScratchPad' => $notes, 'rec_AddedByUGrpID' => get_user_id()))) { $rec_id = mysql_insert_id(); //add title input-cell mysql__insert('recDetails', array('dtl_RecID' => $rec_id, 'dtl_DetailTypeID' => DT_NAME, 'dtl_Value' => $title)); //add notes input-cell if ($notes) { mysql__insert('recDetails', array('dtl_RecID' => $rec_id, 'dtl_DetailTypeID' => DT_EXTENDED_DESCRIPTION, 'dtl_Value' => $notes)); } return $rec_id; } return 0; }
/** * save_search : save the current search criteria as a saved search in the saved searches table * * @param mixed $data */ function save_search($data) { $result = array(); $wg = intval(@$data['svs_UGrpID']); $sID = @$data['svs_ID']; //$publish = $data['publish']; $label = @$data['svs_Name']; $now = date('Y-m-d'); $cmb = array('svs_Name' => $label, 'svs_Query' => @$data['svs_Query'], 'svs_UGrpID' => $wg > 0 ? $wg : get_user_id(), 'svs_Added' => $now, 'svs_Modified' => $now); /* overwrites saved search with same name $res = mysql_query('select svs_ID, svs_UGrpID from usrSavedSearches where svs_Name="'.slash($_REQUEST['svs_Name']).'"'. ' and svs_UGrpID='.$cmb['svs_UGrpID']); $row = mysql_fetch_row($res);*/ mysql_connection_overwrite(DATABASE); if ($sID) { /*$row || if ($row ) { $ss = intval($row[0]); }*/ mysql__update('usrSavedSearches', 'svs_ID=' . $sID, $cmb); } else { mysql__insert('usrSavedSearches', $cmb); $sID = mysql_insert_id(); } if (mysql_error()) { $result['problem'] = 'MySQL error: ' . addslashes(mysql_error()) . ' : search not saved'; } else { // execute function in calling context insertSavedSearch(ssName, ssQuery, wg, ssID) $result['execute'] = array('insertSavedSearch', $data['svs_Name'], $data['svs_Query'], $wg, $sID); //$onload = "location.replace('actionHandler.php?db=".HEURIST_DBNAME."'); top.HEURIST.search.insertSavedSearch('".slash($data['svs_Name'])."', '".slash($data['svs_Query'])."', ".$wg.", ".$sID.");"; /*if ($publish) { $onload .= " top.location.href = top.location.href + (top.location.href.match(/\?/) ? '&' : '?') + 'pub=1&label=".$label."&sid=".$ss."'+(top.location.href.match(/db=/) ? '' : '&db=".HEURIST_DBNAME."');"; }else{ $onload .= ' top.location.href = top.location.href + (top.location.href.match(/\?/) ? \'&\' : \'?\') + \'label='.$label.'&sid='.$ss.'\'+(top.location.href.match(/db=/) ? \'\' : \'&db='.HEURIST_DBNAME.'\');'; }*/ } return $result; }
function insertWootPermissions($wootId, &$woot) { $myGroups = array(-1 => true); foreach (get_group_ids() as $groupId) { $myGroups[$groupId] = true; } $userHasReadWriteAccess = false; $insertValues = array(); foreach ($woot["permissions"] as $permission) { $permission["type"] = strtoupper($permission["type"]); if (!preg_match('/^(RW|RO)$/', $permission["type"]) || !(@$permission["userId"] || @$permission["groupId"])) { return array("success" => false, "errorType" => "invalid woot permissions"); } if (@$permission["userId"] == -1) { // automagic reference to userId -1 is converted to the owner's id $permission["userId"] = $woot["woot_CreatorID"]; } if (@$permission["groupId"]) { if (!@$myGroups[$permission["groupId"]]) { // trying to set a permission for a group we're not in ... ignore it continue; } if ($permission["type"] == "RW") { $userHasReadWriteAccess = true; } } if (@$permission["userId"] == get_user_id() && $permission["type"] == "RW") { $userHasReadWriteAccess = true; } $insertValues[@$permission["userId"] . "," . @$permission["groupId"]] = array("wrprm_WootID" => $wootId, "wrprm_UGrpID" => @$permission["userId"] ? $permission["userId"] : 0, "wrprm_GroupID" => @$permission["groupId"] ? $permission["groupId"] : 0, "wrprm_Type" => $permission["type"], "wrprm_CreatorID" => get_user_id(), "wrprm_Created" => array("now()")); } foreach ($insertValues as $values) { mysql__insert(WOOT_PERMISSION_TABLE, $values); } if (!$userHasReadWriteAccess && !is_admin()) { // Woah, hang on ... is the user REALLY trying to lock themselves out of this woot? Don't let them do THAT. mysql__insert(WOOT_PERMISSION_TABLE, array("wrprm_WootID" => $wootId, "wrprm_UGrpID" => get_user_id(), "wrprm_Type" => "RW", "wrprm_CreatorID" => get_user_id(), "wrprm_Created" => array("now()"))); } return array("success" => true); }
function saveRelationship($recID, $relTermID, $trgRecID, $interpRecID, $title, $notes, $start_date, $end_date) { $relval = mysql_fetch_assoc(mysql_query("select trm_Label from defTerms where trm_ID = {$relTermID}")); $relval = $relval['trm_Label']; $srcTitle = mysql_fetch_assoc(mysql_query("select rec_Title from Records where rec_ID = {$recID}")); $srcTitle = $srcTitle['rec_Title']; $trgTitle = mysql_fetch_assoc(mysql_query("select rec_Title from Records where rec_ID = {$trgRecID}")); $trgTitle = $trgTitle['rec_Title']; mysql__insert("Records", array("rec_Title" => "{$title} ({$srcTitle} {$relval} {$trgTitle})", "rec_Added" => date('Y-m-d H:i:s'), "rec_Modified" => date('Y-m-d H:i:s'), "rec_RecTypeID" => RT_RELATION, 'rec_OwnerUGrpID' => intval(@$_REQUEST['rec_owner']) ? intval($_REQUEST['rec_owner']) : (@$userDefaultOwnerGroupID ? $userDefaultOwnerGroupID : (defined('HEURIST_NEWREC_OWNER_ID') ? HEURIST_NEWREC_OWNER_ID : get_user_id())), "rec_AddedByUGrpID" => get_user_id())); if (mysql_error()) { return array("error" => slash(mysql_error())); } $relnRecID = mysql_insert_id(); $res = null; if ($relnRecID > 0 && defined('DT_NAME') && defined('DT_RELATION_TYPE') && defined('DT_TARGET_RESOURCE') && defined('DT_PRIMARY_RESOURCE')) { $query = "insert into recDetails (dtl_RecID, dtl_DetailTypeID, dtl_Value) values "; $query .= "({$relnRecID}, " . DT_NAME . ", '" . mysql_real_escape_string($title) . "')"; $query .= ", ({$relnRecID}, " . DT_PRIMARY_RESOURCE . ", {$recID})"; $query .= ", ({$relnRecID}, " . DT_TARGET_RESOURCE . ", {$trgRecID})"; $query .= ", ({$relnRecID}, " . DT_RELATION_TYPE . ", {$relTermID})"; if ($interpRecID && defined('DT_INTERPRETATION_REFERENCE')) { $query .= ", ({$relnRecID}, " . DT_INTERPRETATION_REFERENCE . ", {$interpRecID})"; } if ($notes && defined('DT_SHORT_SUMMARY')) { $query .= ", ({$relnRecID}, " . DT_SHORT_SUMMARY . ", '" . mysql_real_escape_string($notes) . "')"; } if ($start_date && defined('DT_START_DATE')) { $query .= ", ({$relnRecID}, " . DT_START_DATE . ", '" . mysql_real_escape_string($start_date) . "')"; } if ($end_date && defined('DT_END_DATE')) { $query .= ", ({$relnRecID}, " . DT_END_DATE . ", '" . mysql_real_escape_string($end_date) . "')"; } $res = mysql_query($query); } if (mysql_error()) { return array("error" => slash(mysql_error())); } else { // $related = getAllRelatedRecords($recID, $relnRecID); $related = getAllRelatedRecords($recID); return array("relationship" => $related, "relnRecID" => $relnRecID); } }
/** * register external URL (see saveRecordDetails.php) * $filejson - either url or json string with file data array * * returns ulf_ID */ function register_external($filejson) { $filedata = json_decode($filejson, true); //DEBUG /*****DEBUG****/ //error_log("1.>>>>>".$filedata); /*****DEBUG****/ //error_log("2.>>>>>".print_r($filedata, true)); if (!is_array($filedata)) { //can't parse - assume this is URL - old way $filedata = array(); $url = $filejson; //1. get url, source and type $acfg = explode('|', $url); $filedata['remoteURL'] = $acfg[0]; $filedata['ext'] = NULL; if (count($acfg) < 3) { $oType = detectSourceAndType($url); $filedata['remoteSource'] = $oType[0]; $filedata['mediaType'] = $oType[1]; $filedata['ext'] = $oType[2]; } else { $filedata['remoteSource'] = $acfg[1]; $filedata['mediaType'] = $acfg[2]; if (count($acfg) == 4) { $filedata['ext'] = $acfg[3]; } } } if (@$filedata['ext'] == null && $filedata['mediaType'] == "xml") { $filedata['ext'] = "xml"; } //*****DEBUG****/// error_log("reg remote file data ".print_r($filedata,true)); $fileparameters = @$filedata['params'] ? $filedata['params'] : "mediatype=" . $filedata['mediaType']; if (@$filedata['remoteSource'] && $filedata['remoteSource'] != 'heurist') { // && $filedata['remoteSource']!='generic'){ $fileparameters = $fileparameters . "|source=" . $filedata['remoteSource']; } //if id is defined if (array_key_exists('id', $filedata) && intval($filedata['id']) > 0) { //update $file_id = $filedata['id']; //ignore registration for already uploaded file if (array_key_exists('remoteSource', $filedata) && $filedata['remoteSource'] != 'heurist') { mysql__update('recUploadedFiles', 'ulf_ID=' . $file_id, array('ulf_Modified' => date('Y-m-d H:i:s'), 'ulf_MimeExt ' => $filedata['ext'], 'ulf_ExternalFileReference' => $filedata['remoteURL'], 'ulf_Parameters' => $fileparameters)); } } else { if (!array_key_exists('remoteURL', $filedata) || $filedata['remoteURL'] == null || $filedata['remoteURL'] == "") { return null; } //2. find duplication (the same url) if (array_key_exists('remoteSource', $filedata) && $filedata['remoteSource'] != 'heurist') { $res = mysql_query('select ulf_ID from recUploadedFiles ' . 'where ulf_ExternalFileReference = "' . addslashes($filedata['remoteURL']) . '"'); if (mysql_num_rows($res) == 1) { $row = mysql_fetch_assoc($res); $file_id = $row['ulf_ID']; mysql__update('recUploadedFiles', 'ulf_ID=' . $file_id, array('ulf_Modified' => date('Y-m-d H:i:s'), 'ulf_MimeExt ' => $filedata['ext'], 'ulf_Parameters' => $fileparameters)); return $file_id; } } //3. save into recUploadedFiles $res = mysql__insert('recUploadedFiles', array('ulf_OrigFileName' => '_remote', 'ulf_UploaderUGrpID' => get_user_id(), 'ulf_Added' => date('Y-m-d H:i:s'), 'ulf_MimeExt ' => array_key_exists('ext', $filedata) ? $filedata['ext'] : NULL, 'ulf_FileSizeKB' => 0, 'ulf_Description' => NULL, 'ulf_ExternalFileReference' => array_key_exists('remoteURL', $filedata) ? $filedata['remoteURL'] : NULL, 'ulf_Parameters' => $fileparameters)); if (!$res) { /*****DEBUG****/ //error_log("ERROR Insert record: ".mysql_error()); return null; //"Error registration remote source $url into database"; } $file_id = mysql_insert_id(); mysql_query('update recUploadedFiles set ulf_ObfuscatedFileID = "' . addslashes(sha1($file_id . '.' . rand())) . '" where ulf_ID = ' . $file_id); } //4. returns ulf_ID return $file_id; }
function update_my_settings() { $updated = 0; $keys = array_map('intval', array_keys($_REQUEST['tag'])); $bkmks = array_map('intval', array_keys($_REQUEST['bkmk'])); $ssearches = array_map('intval', array_keys($_REQUEST['ssearch'])); $keys = mysql__select_array('usrTags', 'tag_ID', 'tag_UGrpID= ' . MODEL_USER_ID . ' and tag_ID in (0, ' . join(', ', $keys) . ')'); //saw CHECK: is 0 ok for all of these $bkmks = mysql__select_array('usrBookmarks', 'bkm_ID', 'bkm_UGrpID = ' . MODEL_USER_ID . ' and bkm_ID in (0, ' . join(', ', $bkmks) . ')'); $ssearches = mysql__select_array('usrSavedSearches', 'svs_ID', 'svs_UGrpID = ' . MODEL_USER_ID . ' and svs_ID in (0, ' . join(', ', $ssearches) . ')'); if ($keys) { $res = mysql_query('select tag_Text from usrTags where tag_ID in (' . join(',', $keys) . ')'); $values = ''; while ($row = mysql_fetch_row($res)) { if ($values) { $values .= ', '; } $values .= '("' . addslashes($row[0]) . '",' . get_user_id() . ')'; } if ($values) { mysql_query("insert into usrTags (tag_Text, tag_UGrpID) values {$values}"); $updated = 1; } } if ($bkmks) { $res = mysql_query('select * from usrBookmarks where bkm_ID in (' . join(',', $bkmks) . ')'); while ($row = mysql_fetch_assoc($res)) { // add a new bookmark for each of the selected usrBookmarks // (all fields the same except for user id) unset($row['bkm_ID']); $row['bkm_UGrpID'] = get_user_id(); $row['bkm_Added'] = date('Y-m-d H:i:s'); $row['bkm_Modified'] = date('Y-m-d H:i:s'); mysql__insert('usrBookmarks', $row); //saw CHECK: for case where user already has bookmarks. $updated = 1; } /* for each of the model user's usrRecTagLinks entries, make a corresponding entry for the new user */ /* hold onto your hats, folks: this is a five-table join across three tables! */ $res = mysql_query('select NEWUSER_KWD.tag_ID, MODUSER_KWDL.rtl_Order, MODUSER_KWDL.rtl_RecID from usrBookmarks NEWUSER_BKMK left join usrBookmarks MODUSER_BKMK on NEWUSER_BKMK.bkm_recID=MODUSER_BKMK.bkm_recID and MODUSER_BKMK.bkm_ID in (' . join(',', $bkmks) . ') left join usrRecTagLinks MODUSER_KWDL on MODUSER_KWDL.rtl_RecID=MODUSER_BKMK.bkm_RecID left join usrTags MODUSER_KWD on MODUSER_KWD.tag_ID=MODUSER_KWDL.rtl_TagID left join usrTags NEWUSER_KWD on NEWUSER_KWD.tag_Text=MODUSER_KWD.tag_Text and NEWUSER_KWD.tag_UGrpID=' . get_user_id() . ' where NEWUSER_BKMK.bkm_UGrpID=' . get_user_id() . ' and NEWUSER_KWD.tag_ID is not null'); $insert_pairs = array(); while ($row = mysql_fetch_row($res)) { array_push($insert_pairs, '(' . intval($row[0]) . ',' . intval($row[1]) . ',' . intval($row[2]) . ')'); } if ($insert_pairs) { mysql_query('insert into usrRecTagLinks ( rtl_TagID, rtl_Order, rtl_RecID) values ' . join(',', $insert_pairs)); } } if ($ssearches) { $res = mysql_query('select * from usrSavedSearches where svs_ID in (' . join(',', $ssearches) . ')'); while ($row = mysql_fetch_assoc($res)) { // add a new custombookmark for each of the selected saved-searches // (all fields the same except for user id) unset($row['svs_ID']); $row['svs_UGrpID'] = get_user_id(); $row['svs_Added'] = date('Y-m-d H:i:s'); $row['svs_Modified'] = date('Y-m-d H:i:s'); mysql__insert('usrSavedSearches', $row); $updated = 1; } } return $updated; }