function update_announcement($announcement_id, $title, $content, $display_days, $closed_ind) { $title = addslashes(replace_newlines(trim($title))); $content = addslashes(replace_newlines(trim($content))); if (strlen($title) > 0 && strlen($content) > 0 && is_numeric($display_days)) { if ($closed_ind != NULL && $closed_ind == 'Y' || $closed_ind == 'y') { $closed_ind = 'Y'; } else { $closed_ind = 'N'; } $query = "UPDATE announcement SET " . "title='" . $title . "', " . "content='" . $content . "', " . "submit_on=submit_on, " . "display_days=" . $display_days . ", " . "closed_ind='" . $closed_ind . "' " . " WHERE sequence_number = " . $announcement_id; $update = db_query($query); $rows_affected = db_affected_rows(); if ($update && $rows_affected !== -1) { if ($rows_affected > 0) { opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($announcement_id, $title, $content, $display_days, $closed_ind)); } return TRUE; } else { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($announcement_id, $title, $content, $display_days, $closed_ind)); return FALSE; } } else { return FALSE; } }
/** Get the content of $table as a series of INSERT statements. */ function get_table_content($table, $crlf) { $result = db_query("SELECT * FROM {$table}"); //prefix if required to table name before exporting. if (strlen(get_opendb_config_var('db_server', 'table_prefix')) > 0) { $table = get_opendb_config_var('db_server', 'table_prefix') . $table; } $i = 0; while ($row = db_fetch_row($result)) { $table_list = ""; for ($j = 0; $j < db_num_fields($result); $j++) { if (strlen($table_list) > 0) { $table_list .= ", "; } $table_list .= db_field_name($result, $j); } $table_list = "(" . $table_list . ")"; $schema_insert = ""; for ($j = 0; $j < db_num_fields($result); $j++) { if (strlen($schema_insert) > 0) { $schema_insert .= ", "; } if (!isset($row[$j])) { $schema_insert .= "NULL"; } else { if ($row[$j] != "") { $row[$j] = replace_newlines($row[$j]); // Escape normal addslashes: \', \", \\, \0 add to that \n $row[$j] = addcslashes($row[$j], "\\'\"\\\n"); $schema_insert .= "'" . $row[$j] . "'"; } else { $schema_insert .= "''"; } } } $schema_insert = "INSERT INTO {$table} {$table_list} VALUES (" . $schema_insert . ")"; // Get rid of newlines. $schema_insert = str_replace("\n", "", $schema_insert); $schema_insert = str_replace("\r", "", $schema_insert); echo trim($schema_insert) . ";" . $crlf; $i++; } return TRUE; }
function validate_s_config_group_item($group_id, $id, $keyid, $value) { if (strlen($group_id) > 0 && strlen($id) > 0 && strlen($keyid) > 0) { $query = "SELECT type, subtype FROM s_config_group_item WHERE group_id = '{$group_id}' AND id = '{$id}' "; if (is_numeric($keyid)) { $query .= " AND (type = 'array' OR keyid = '{$keyid}') "; } else { $query .= " AND keyid = '{$keyid}' "; } $query .= "LIMIT 0,1"; $result = db_query($query); if ($result && db_num_rows($result) > 0) { $found = db_fetch_assoc($result); $value = trim($value); // will not directly validate an array, but instead the subtype of the array. if ($found['type'] == 'array') { // by default its text if (strlen($found['subtype']) == 0) { $found['subtype'] = 'text'; } if ($found['subtype'] == 'usertype') { $found['type'] = 'usertype'; } else { if ($found['subtype'] == 'number') { $found['type'] = 'number'; } else { $found['type'] = 'text'; } } } switch ($found['type']) { case 'boolean': $value = strtoupper($value); if ($value == 'TRUE' || $value == 'FALSE') { return $value; } else { return 'FALSE'; } case 'email': if (is_valid_email_addr($value)) { return $value; } else { return FALSE; } case 'number': // filter out any non-numeric characters, but pass the rest in. $value = remove_illegal_chars($value, expand_chars_exp('0-9')); if (strlen($value) > 0) { return $value; } else { return FALSE; } case 'datemask': // TODO: Provide a date-mask filter return $value; case 'language': if (is_exists_language($value)) { return $value; } else { return FALSE; } case 'theme': if (is_exists_theme($value)) { return $value; } else { return FALSE; } case 'export': if (strlen($value) == 0 || is_export_plugin($value)) { return $value; } else { return FALSE; } case 'value_select': if (strlen($found['subtype']) > 0) { $options_r = explode(',', $found['subtype']); } if (!is_array($options_r) || in_array($value, $options_r) !== FALSE) { return $value; } else { return FALSE; } //case 'readonly': // return $value; //case 'text': //case 'password': //case 'textarea': // return addslashes(replace_newlines(trim($value))); //case 'readonly': // return $value; //case 'text': //case 'password': //case 'textarea': // return addslashes(replace_newlines(trim($value))); default: return addslashes(replace_newlines(trim($value))); } //switch db_free_result($result); } else { return FALSE; } } //else return FALSE; }
/** * The table structure could be more sophisticated where a message is sent to multiple * addresses, but since the email function does not provide this, I see no reason to * do anything more complicated. * * @param unknown_type $item_id * @param unknown_type $author_id * @param unknown_type $comment * @param unknown_type $rating * @return unknown */ function insert_email($to_user_id, $from_user_id, $from_email_addr, $subject, $message) { $to_user_id = trim($to_user_id); $from_user_id = trim($from_user_id); $from_email_addr = trim($from_email_addr); if (!is_user_valid($to_user_id)) { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid To User', array($to_user_id, $from_user_id, $from_email_addr, $subject)); return FALSE; } else { if (strlen($from_user_id) > 0 && !is_user_valid($from_user_id)) { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From User', array($to_user_id, $from_user_id, $from_email_addr, $subject)); return FALSE; } else { if (strlen($from_user_id) == 0 && (strlen($from_email_addr) == 0 || !is_valid_email_addr($from_email_addr))) { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From Email', array($to_user_id, $from_user_id, $from_email_addr, $subject)); return FALSE; } } } if (strlen($from_user_id) > 0) { $from_email_addr = NULL; } else { $from_email_addr = addslashes($from_email_addr); } $subject = addslashes(trim($subject)); $message = addslashes(replace_newlines(trim($message))); $query = "INSERT INTO mailbox (to_user_id,from_user_id,from_email_addr,subject,message)" . "VALUES ('{$to_user_id}'," . (strlen($from_user_id) > 0 ? "'{$from_user_id}'" : "NULL") . "," . (strlen($from_email_addr) > 0 ? "'{$from_email_addr}'" : "NULL") . ", '{$subject}','{$message}')"; $insert = db_query($query); if ($insert && db_affected_rows() > 0) { opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($to_user_id, $from_user_id, $from_email_addr, $subject)); return TRUE; } else { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($to_user_id, $from_user_id, $from_email_addr, $subject)); return FALSE; } }
function update_review($sequence_number, $comment, $rating) { // Ensure no html can be used! $comment = addslashes(replace_newlines(trim($comment))); $query = "UPDATE review " . "SET comment = '{$comment}'," . " rating = '{$rating}' " . "WHERE sequence_number = {$sequence_number}"; $update = db_query($query); // We should not treat updates that were not actually updated because value did not change as failures. $rows_affected = db_affected_rows(); if ($rows_affected !== -1) { if ($rows_affected > 0) { opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($sequence_number, $comment, $rating)); } return TRUE; } else { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($sequence_number, $comment, $rating)); return FALSE; } }
/** * Used by all insert/update item_instance functions to make sure the data is valid. Will * also update $status_comment / $borrow_duration and set them to a legal value for the * specified $s_status_type */ function validate_item_instance_fields($s_status_type, &$status_comment, &$borrow_duration) { // At this point, a specific $s_status_type MUST be supplied. if (strlen($s_status_type) > 0) { $status_type_r = fetch_status_type_r($s_status_type); } if (is_not_empty_array($status_type_r)) { // A $borrow_duration explicitly set to FALSE, is // an indication that nothing should be done with it. if ($borrow_duration !== FALSE && $borrow_duration !== NULL) { //if already null, no need to check again. // Ensure we have a valid $borrow_duration if (is_numeric($borrow_duration)) { //column cannot handle more than 999 if ($borrow_duration > 999) { $borrow_duration = '999'; } } else { $borrow_duration = NULL; } } $status_comment = addslashes(substr(replace_newlines(trim(strip_tags($status_comment))), 0, 255)); return TRUE; } else { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid Status Type', array($s_status_type)); return FALSE; } }
function filter_item_input_field($item_attribute_type_r, $value) { // FALSE is not understood as a value, but it means it is not found, so // set to NULL which is pretty much the same thing. if ($value === FALSE) { return NULL; } if (!is_array($value)) { $tmpval = trim($value); unset($value); if (strlen($tmpval) > 0) { // only support text type for now if ($item_attribute_type_r['input_type'] == 'text' && $item_attribute_type_r['multi_attribute_ind'] == 'Y') { $value = explode("\n", replace_newlines($tmpval)); } else { $value[] = $tmpval; } } else { return NULL; } } for ($i = 0; $i < count($value); $i++) { $value[$i] = trim(replace_newlines($value[$i])); if ($item_attribute_type_r['lookup_attribute_ind'] != 'Y' && strlen($value[$i]) > 0) { // Now we have to work out how to parse the input_type switch ($item_attribute_type_r['input_type']) { case 'hidden': case 'readonly': case 'text': case 'password': case 'textarea': $value[$i] = strip_tags($value[$i]); break; case 'htmlarea': $value[$i] = strip_tags($value[$i], '<' . implode('><', get_opendb_config_var('widgets', 'legal_html_tags')) . '>'); break; case 'check_boxes': // deprecated // deprecated case 'vertical_check_boxes': // deprecated // deprecated case 'horizontal_check_boxes': // deprecated // deprecated case 'radio_group': // deprecated // deprecated case 'vertical_radio_group': // deprecated // deprecated case 'horizontal_radio_group': // deprecated // deprecated case 'simple_checkbox': case 'checkbox': case 'radio_grid': case 'checkbox_grid': case 'single_select': case 'multi_select': case 'value_radio_grid': case 'value_select': // do nothing break; case 'url': // do nothing break; case 'email': // do nothing break; case 'datetime': $components = get_timestamp_components_for_datetime($value[$i], $item_attribute_type_r['input_type_arg1']); if ($components !== FALSE) { // This is the 'YYYYMMDDHH24MISS' mask. $value[$i] = str_pad($components['year'], 4, '0', STR_PAD_LEFT) . str_pad($components['month'], 2, '0', STR_PAD_LEFT) . str_pad($components['day'], 2, '0', STR_PAD_LEFT) . str_pad($components['hour'], 2, '0', STR_PAD_LEFT) . str_pad($components['minute'], 2, '0', STR_PAD_LEFT) . str_pad($components['second'], 2, '0', STR_PAD_LEFT); } break; case 'number': $value[$i] = remove_illegal_chars($value[$i], expand_chars_exp('0-9')); break; case 'filtered': $value[$i] = remove_illegal_chars($value[$i], expand_chars_exp($item_attribute_type_r['input_type_arg3'])); break; default: // do nothing break; } } } if ($item_attribute_type_r['lookup_attribute_ind'] == 'Y' || $item_attribute_type_r['multi_attribute_ind'] == 'Y') { return $value; } else { return $value[0]; } }
function queryItem($search_attributes_r, $s_item_type) { $pageBuffer = $this->fetchURI("http://www.dvdfr.com/dvd/dvd.php?id=" . $search_attributes_r['dvdfr_id']); // no sense going any further here. if (strlen($pageBuffer) == 0) { return FALSE; } // YEAR VID_FORMAT SUBTITLES(x) RUN_TIME RATIO NO_DISCS MOVIE_PLOT IMDB_ID IMAGEURL DVD_REGION DIRECTOR AUDIO_LANG(x) AGE_RATING ACTORS $startblock = "<!-- END:AdSolution-Tag 4.1 -->"; $startblockPos = strpos($pageBuffer, $startblock); $parseblock = substr($pageBuffer, $startblockPos); //<div class="dvd_title">RAMBO</div> //<div class="dvd_titlevo">First Blood</div> // We look for the title if (preg_match("/class=\"dvd_title\">(.*)</i", $parseblock, $regs)) { // $regs[1] could contain some extra info than plain title. // we want it added to the blurb if (preg_match("/(.*) \\((.*)\\)/i", $regs[1], $blurb)) { $title = $blurb[1]; $tblurb = $blurb[2]; } else { $title = $regs[1]; } if (strlen($tblurb) > 0) { $this->addItemAttribute('dvd_extras', $tblurb); } $title = str_replace("\"", "", $title); $this->addItemAttribute('title', $title); } if (preg_match("/class=\"dvd_titlevo\">(.*)</i", $parseblock, $regs)) { $this->addItemAttribute('alt_title', $regs[1]); } // Cover URL - OK if (preg_match(":src=\"../(images/dvd/cover.*\\.jpg)\":i", $parseblock, $regs)) { $this->addItemAttribute('imageurl', "http://www.dvdfr.com/" . $regs[1]); } // Age rating if (preg_match("@<img src=\"../images/ratings/(\\d).gif@i", $parseblock, $regs)) { $this->addItemAttribute('age_rating', parse_dvdfr_age_rating($regs[1])); } // Video encoding format // Should be PAL or SECAM if (preg_match("@title=\"Standard vid.o du DVD\" vspace=\"\\d\">\n[\\s\t]+<div align=\"center\"><center>\n[\\s\\d]+([A-Z]+)@i", $parseblock, $regs)) { $this->addItemAttribute('vid_format', trim($regs[1])); } // Year or production for the movie - OK if (preg_match("/class=\"dvd_titleinfo\">(\\w*) ?, ?(\\d*)</i", $parseblock, $regs)) { $this->addItemAttribute('year', $regs[2]); } // Release date for the dvd => dvd_text if (preg_match(":<div class=\"dvd_subtitle\">Annonc. pour le</div>\\s*<div class=\"dvd_text\">([\\d]*) ([\\w]*) ([\\d]*)</div>:mi", $parseblock, $regs)) { $date = parse_dvdfr_release_date($regs[1], $regs[2], $regs[3]); if ($date !== FALSE) { $this->addItemAttribute('rel_dvd_dt', $date); } } // Length of the movie - OK if (preg_match(":<td>(\\d+) min</td>:i", $parseblock, $regs)) { $this->addItemAttribute('run_time', $regs[1]); } // Ratio of the picture - OK if (preg_match(":alt=\"Image ratio ([\\.\\d]*)\" title=\"Image ratio ([\\d\\.]*)\":i", $parseblock, $regs)) { $this->addItemAttribute('ratio', $regs[1]); } // DVD Region - OK if (preg_match(":alt=\"Zone (\\d)\" title=\"Zone (\\d)\":i", $parseblock, $regs)) { $this->addItemAttribute('dvd_region', $regs[1]); } // Movie plot if (preg_match(":Synopsis</div>[\\s\t\n]*<div class=\"dvd_text\">([^<>]+)</div>:sim", $parseblock, $regs)) { $str = preg_replace(":\n:im", " ", replace_newlines($regs[1])); $this->addItemAttribute('blurb', $str); } // Director - OK if (preg_match("@R.?alisation</div>\n[\t\\s]*<div class=\"dvd_text\"><a class=\"dvd_text\" href=\".*\">(.*)</a>@im", $parseblock, $regs)) { $this->addItemAttribute('director', trim($regs[1])); } // Number of disc - OK if (preg_match("@title=\"Nombre de disques\" src=\".*\" width=\"\\d*\" height=\"\\d*\" vspace=\"\\d*\"></td>\n[\\s\t]*<td>(\\d+)</td>@im", $parseblock, $regs)) { $this->addItemAttribute('no_discs', $regs[1]); } // Subtitles available if (preg_match(":title=\"Sous-titres disponibles\"(.*?)</td>:sim", $parseblock, $regs)) { if (preg_match_all(":<small>[\\s]*(.*?)[\\s]*</small>:sim", $regs[1], $result)) { while (list(, $subtitle) = each($result[1])) { if (substr($subtitle, -1) == '.') { $subtitle = substr($subtitle, 0, -1); } if (strpos($subtitle, ",") !== FALSE) { $this->addItemAttribute('subtitles', explode(",", $subtitle)); } else { $this->addItemAttribute('subtitles', $subtitle); } } } } // Lists of actors and actresses - OK if (preg_match(":<div class=\"dvd_subtitle\">Avec...</div>[\\s\t\n]*<div class.*>(.*)</div>:im", $parseblock, $regs)) { $listing = preg_replace(":(<\\/[^<>]*>|Avec...|[\\s\t]{2,}):i", "", rtrim($regs[0])); $listing = preg_replace(":<[\\!]?[^<>]*>:i", ",", $listing); $listing = preg_replace(":, ?,+:i", ", ", $listing); $listing = preg_replace(":^,+:i", "", $listing); $this->addItemAttribute('actors', explode(",", $listing)); } // Lists of audio languages if (preg_match(":title=\"Sp.?cifications audio\"(.*?)</table>:sim", $parseblock, $regs)) { if (preg_match_all(":<small>(.*)</small>:im", $regs[1], $result)) { $this->addItemAttribute('audio_lang', $result[1]); } } return TRUE; }
/** * Remove | as a legal character so can use as delimeter * @param unknown_type $value */ function clean_more_info_value($value) { return addslashes(htmlspecialchars(replace_newlines($value))); }
/** Appends the given text to the logfile This function does some checking to make sure the entry does not go over 4000 characters, so as not to confuse the logfile.php script. */ function opendb_logger($msgtype, $file, $function, $message = NULL, $params_r = NULL) { if (get_opendb_config_var('logging', 'enable') !== FALSE) { $entry['datetime'] = date("d/m/y H:i:s"); // get time and date $entry['ip'] = ifempty(get_http_env("REMOTE_ADDR"), "0.0.0.0"); $entry['user_id'] = get_opendb_session_var('user_id'); $entry['admin_user_id'] = get_opendb_session_var('admin_user_id'); if (strlen($entry['admin_user_id']) == 0) { $entry['admin_user_id'] = '-'; } $msgtype = strtoupper($msgtype); if (!in_array($msgtype, array('E', 'I', 'W'))) { $msgtype = 'E'; } // temp bit here! switch ($msgtype) { case 'E': $entry['type'] = 'ERROR'; break; case 'W': $entry['type'] = 'WARN'; break; case 'I': $entry['type'] = 'INFO'; break; } $entry['parameters'] = expand_opendb_logger_params($params_r); if (strlen($entry['parameters']) == 0) { $entry['parameters'] = '-'; } if (strlen($file) > 0) { $entry['file'] = str_replace('\\', '/', $file); } else { $entry['file'] = '-'; } if (strlen($function) > 0 && $function != 'unknown') { $entry['function'] = $function; } else { $entry['function'] = '-'; } if (strlen($message) > 0) { $entry['message'] = $message; } else { $entry['message'] = '-'; } $fileptr = @fopen(get_opendb_config_var('logging', 'file'), 'a'); if ($fileptr) { $entry['datetime'] = '[' . $entry['datetime'] . ']'; if ($entry['parameters'] != '-') { $entry['parameters'] = '"' . addslashes(replace_newlines($entry['parameters'])) . '"'; } if ($entry['message'] != '-') { $entry['message'] = '"' . addslashes(replace_newlines($entry['message'])) . '"'; } $line = $entry['datetime'] . ' ' . $entry['type'] . ' ' . $entry['ip'] . ' ' . $entry['user_id'] . ' ' . $entry['admin_user_id'] . ' ' . $entry['file'] . ' ' . $entry['function'] . ' ' . $entry['parameters'] . ' ' . $entry['message']; fwrite($fileptr, $line . "\n"); fclose($fileptr); } } }
/** * @param unknown_type $attribute_val_r * @return unknown */ function validate_attribute_val_r($attribute_val_r, $remove_duplicates = FALSE) { $value_r = array(); if (!is_array($attribute_val_r) && strlen(trim($attribute_val_r)) > 0) { $value_r[] = addslashes(trim(replace_newlines($attribute_val_r))); } else { for ($i = 0; $i < count($attribute_val_r); $i++) { $value = addslashes(trim(replace_newlines($attribute_val_r[$i]))); // lets make sure this $value does not already exist if (strlen($value) > 0 && (!$remove_duplicates || !is_array($value_r) || array_search($value, $value_r) === FALSE)) { $value_r[] = $value; } } } return $value_r; }
function insert_opendb_release($release_version, $description, $step = '0') { $description = addslashes(replace_newlines(trim($description))); $query = "INSERT INTO s_opendb_release (release_version, description, upgrade_step)" . "VALUES ('{$release_version}','{$description}', " . (is_numeric($step) ? "'{$step}'" : "NULL") . ")"; $insert = db_query($query); if ($insert && db_affected_rows() > 0) { $new_item_id = db_insert_id(); opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($release_version, $description)); return $new_item_id; } else { opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($release_version, $description)); return FALSE; } }