/**
* Create a new blog.
*
* @param integer $blog New category's blog.
* @param string $title New category's title.
* @return integer
*/
public static function &create($title)
{
global $papyrine;
$sql = sprintf("INSERT INTO %s " . " (title) " . "VALUES " . " ('%s') ", self::TABLE, sqlite_escape_string($title));
$result = $papyrine->database->connection->unbufferedQuery($sql);
return new SQliteCategory($papyrine->database->connection->lastInsertRowid());
}
function clearData($data)
{
$data = strip_tags($data);
$data = trim($data);
$data = sqlite_escape_string($data);
return $data;
}
/**
* Create a new blog.
*
* @return integer
*/
public static function &create($email, $name, $password)
{
global $papyrine;
$sql = sprintf("INSERT INTO %s " . " (email, name, password) " . "VALUES " . " ('%s', '%s', '%s') ", self::TABLE, sqlite_escape_string($email), sqlite_escape_string($name), sqlite_escape_string(md5($password)));
$result = $papyrine->database->connection->unbufferedQuery($sql);
return new SQliteUser($papyrine->database->connection->lastInsertRowid());
}
$expire = $this->options['expire'];
}
$expire = $expire == 0 ? 0 : time() + $expire;
//缓存有效期为0表示永久缓存
if (C('DATA_CACHE_COMPRESS') && function_exists('gzcompress')) {
//数据压缩
$value = gzcompress($value, 3);
}
public function delete($key)
{
if ($this->_connection->query(sprintf("DELETE FROM cache WHERE key = '%s'", sqlite_escape_string($key))) === FALSE) {
return FALSE;
}
return TRUE;
}
/**
* récupère la liste des champs pour une base donnée.
* @return array $tab[NomDuChamp] = obj avec prop (tye, length, lengthVar, notnull)
*/
protected function _getFieldList($tableName)
{
$results = array();
$query = "PRAGMA table_info(" . sqlite_escape_string($tableName) . ")";
$rs = $this->_connector->query($query);
while ($line = $rs->fetch()) {
$field = new jDbFieldProperties();
$field->name = $line->name;
$field->primary = $line->pk == 1;
$field->notNull = $line->notnull == '99' || $line->pk == 1;
if (preg_match('/^(\\w+)\\s*(\\((\\d+)\\))?.*$/', $line->type, $m)) {
$field->type = strtolower($m[1]);
if (isset($m[3])) {
$field->length = intval($m[3]);
}
} else {
$field->type = $line->type;
}
if ($field->type == 'integer' && $field->primary) {
$field->autoIncrement = true;
}
if (!$field->primary) {
if ($line->dflt_value !== null || $line->dflt_value === null && !$field->notNull) {
$field->hasDefault = true;
$field->default = $line->dflt_value;
}
}
$results[$line->name] = $field;
}
return $results;
}
public function quote($s)
{
if (_hx_index_of($s, "", null) >= 0) {
return "x'" . $this->base16_encode($s) . "'";
}
return "'" . (sqlite_escape_string($s) . "'");
}
/**
* Create a new comment.
*/
public static function &create($entry, $body, $owner_name, $owner_email)
{
global $papyrine;
$sql = sprintf("INSERT INTO %s " . " (entry, body, owner_name, owner_email, status, created) " . "VALUES " . " (%s, '%s', '%s', '%s', %s, NOW()) ", self::TABLE, $entry, sqlite_escape_string($body), sqlite_escape_string($owner_name), sqlite_escape_string($owner_email), 0);
$result = $papyrine->database->connection->unbufferedQuery($sql);
return new SQliteComment($papyrine->database->connection->lastInsertRowid());
}
public function check_input($value)
{
if (get_magic_quotes_gpc()) {
$value = sqlite_escape_string($value);
}
return $value;
}
function sqlite_error_hadler($errno, $errstr, $errfile, $errline, $args)
{
// Open bugs database
$err_db = new sqlite_db("php_errors");
$error_hash = md5($errstr, $errfile, $errline, $errno);
// check if previous errors of the same nature, had already occured,
// if they did update the error counter.
$res = $err_db->query("UPDATE bugs_db SET \n\t\t\terror_counter=error_counter+1 \n\t\t\tWHERE b_hash='{error_hash}'");
// we got a hit, nothing more to do
if ($res->changes()) {
// close bug db
unset($err_db);
return;
}
// prepare data for sql insertion
$errstr = sqlite_escape_string($errstr);
$errfile = sqlite_escape_string($errfile);
$errline = (int) $errline;
$errno = (int) $errno;
$args = sqlite_escape_string(implode(', ', $args));
// Uh Oh, new error, let's log it.
$err_db->query("INSERT INTO bugs_db\n\t\t(b_hash, error_counter, b_errstr, \n\t\tb_errfile, b_errline, b_errno, b_args)\n\t\tVALUES(\n\t\t\t'{$error_hash}',\n\t\t\t1,\n\t\t\t'{$errstr}',\n\t\t\t'{$errfile}',\n\t\t\t{$errline},\n\t\t\t{$errno},\n\t\t\t'{$args}'\n\t\t)");
// close bug db
unset($err_db);
}
public function query()
{
$params = func_get_args();
$sql = array_shift($params);
if ($this->getConfig('replaceTableName')) {
$sql = preg_replace_callback('/{{(\\w+)}}/', array($this, 'getTable'), $sql);
}
Database::$debug && (Database::$sql[] = $sql);
$this->initialization();
if (isset($params[0])) {
if (is_array($params[0])) {
$params = $params[0];
}
foreach ($params as $key => $val) {
$params[$key] = sqlite_escape_string($val);
}
if (preg_match_all('/:(\\w+)/i', $sql, $tmp)) {
$p = array();
foreach ($tmp[1] as $key => $val) {
$p[] = $params[$val];
}
$params = $p;
$sql = str_replace($tmp[0], '?', $sql);
}
$sql = str_replace('?', "'%s'", $sql);
array_unshift($params, $sql);
$sql = call_user_func_array('sprintf', $params);
}
$query = $this->link->query($sql);
if ($query === false) {
throw new DatabaseException("Error sql query:{$sql}");
}
return $query;
}
function set($key, $value)
{
$time = time();
$sql = sprintf("REPLACE INTO \n %s (key, value, created) \n VALUES ('%s', '%s', '%d');", $this->tableName, sqlite_escape_string($key), sqlite_escape_string($value), $time);
//allow exceptions to bubble up
$this->db->queryExec($sql);
}
public static function insertData($data)
{
self::$db->beginTransaction();
$stmt_log = self::$db->prepare("INSERT INTO log (timestamp, nbr_of_files_examined)\n VALUES(:timestamp, :nbr)");
$stmt_log->execute(array(':timestamp' => strftime('%Y-%m-%d %H:%M:%S'), ':nbr' => count($data['files'])));
$units = $data['units'];
foreach ($units as $unit) {
$col = '';
$val = '';
$val_arr = array();
foreach ($unit as $k => $v) {
if ($k === 'src_strip') {
continue;
}
$k = sqlite_escape_string($k);
$col .= "{$k}, ";
$val .= ":{$k}, ";
$val_arr[":{$k}"] = $v;
}
$col = trim($col, ', ');
$val = trim($val, ', ');
$stmt_units = self::$db->prepare("INSERT INTO units ({$col}) VALUES({$val})");
$stmt_units->execute($val_arr);
$stmt_status = self::$db->prepare("INSERT INTO status (fnc, file)\n VALUES(:fnc, :file)");
$stmt_status->execute(array(":fnc" => $unit['fnc'], ":file" => $unit['file']));
}
return self::$db->commit();
}
/**
* Escapes a string for SQL queries.
*
* \param $str
* The string to escape.
*
* \return
* The escaped string.
*/
function escape_string($str)
{
if (is_null($str)) {
return 'NULL';
}
return "'" . sqlite_escape_string($str) . "'";
}
function execute()
{
if (LoginManager::isLogged() && LoginManager::isAdministrator()) {
if (isset($_POST['exercise_name']) && $_SESSION['form_enabled']) {
LoginManager::register();
LoginManager::register();
$group = sqlite_escape_string($_POST['exercise_group']);
$code = sqlite_escape_string($_POST['exercise_code']);
$name = sqlite_escape_string($_POST['exercise_name']);
$description = sqlite_escape_string($_POST['propose_description']);
$proposer = sqlite_escape_string($_POST['exercise_proposer']);
$state = 'draft';
$word_count = sqlite_escape_string($_POST['exercise_word_count']);
$licence = sqlite_escape_string($_POST['exercise_licence']);
$language = sqlite_escape_string($_POST['exercise_language']);
$media_type = sqlite_escape_string($_POST['exercise_media_type']);
$exercise_version = sqlite_escape_string($_POST['exercise_exercise_version']);
$author = sqlite_escape_string($_POST['exercise_author']);
$author_website = sqlite_escape_string($_POST['exercise_author_website']);
$author_contact = sqlite_escape_string($_POST['exercise_author_contact']);
$packager = sqlite_escape_string($_POST['exercise_packager']);
$packager_website = sqlite_escape_string($_POST['exercise_packager_website']);
$packager_contact = sqlite_escape_string($_POST['exercise_packager_contact']);
$translations = sqlite_escape_string($_POST['exercise_translations']);
$file = sqlite_escape_string($_POST['exercise_file']);
$state = 'waiting';
DatabaseManager::setQuery("INSERT INTO exercises VALUES(\n NULL,\n {$group},\n '{$proposer}',\n '{$state}',\n '{$code}',\n '{$name}',\n '{$description}',\n {$word_count},\n '{$licence}',\n '{$language}',\n '{$media_type}',\n '{$exercise_version}',\n '{$author}',\n '{$author_website}',\n '{$author_contact}',\n '{$packager}',\n '{$packager_website}',\n '{$packager_contact}',\n '{$translations}',\n '{$file}'\n );");
$this->message = "Exercise add.";
$_SESSION['form_enabled'] = false;
} else {
$_SESSION['form_enabled'] = true;
}
}
}
function check_str($string, $trim = true)
{
global $db_type, $db;
//when code in db is urlencoded the ' does not need to be modified
if ($db_type == "sqlite") {
if (function_exists('sqlite_escape_string')) {
$string = sqlite_escape_string($string);
} else {
$string = str_replace("'", "''", $string);
}
}
if ($db_type == "pgsql") {
$string = pg_escape_string($string);
}
if ($db_type == "mysql") {
if (function_exists('mysql_real_escape_string')) {
$tmp_str = mysql_real_escape_string($string);
} else {
$tmp_str = mysqli_real_escape_string($db, $string);
}
if (strlen($tmp_str)) {
$string = $tmp_str;
} else {
$search = array("", "\n", "\r", "\\", "'", "\"", "");
$replace = array("\\x00", "\\n", "\\r", "\\\\", "\\'", "\\\"", "\\");
$string = str_replace($search, $replace, $string);
}
}
$string = $trim ? trim($string) : $string;
return $string;
}
public function escape($sql)
{
if (function_exists('sqlite_escape_string')) {
return sqlite_escape_string($sql);
} else {
return addslashes($sql);
}
}
/**
* Escape the string for RDBMS.
* @param string $text
* @return string
*/
public function disconnectedEscapeText($text)
{
if (function_exists('sqlite_escape_string')) {
return sqlite_escape_string($text);
} else {
return parent::disconnectedEscapeText($text);
}
}
function save_settings($settings)
{
foreach ($settings as $key => $value) {
$value = sqlite_escape_string($value);
$stm = $this->db->prepare('UPDATE settings SET s_value = :value WHERE s_name = :key');
$stm->execute(array(':value' => $value, ':key' => $key));
}
}
function post_save($fromu, $tou, $msg, $files = array())
{
if (db_query("INSERT INTO msgs VALUES (NULL,'" . sqlite_escape_string($fromu) . "','" . sqlite_escape_string($tou) . "','" . sqlite_escape_string($msg) . "','" . sqlite_escape_string(implode(';', $files)) . "')")) {
return TRUE;
} else {
return FALSE;
}
}
function sqlite_addslashes_deep($value)
{
if (empty($value)) {
return $value;
} else {
return is_array($value) ? array_map('sqlite_addslashes_deep', $value) : sqlite_escape_string($value);
}
}
static function register()
{
if (!LoginManager::isRegistered()) {
$login = sqlite_escape_string(LoginManager::getLogin());
$email = sqlite_escape_string(LoginManager::getEmail());
DatabaseManager::setQuery("INSERT INTO users VALUES(\n '{$login}',\n '',\n '{$email}',\n 0\n );");
}
}
protected function _performEscape($s, $isIdent = false)
{
if (!$isIdent) {
return '\'' . sqlite_escape_string($s) . '\'';
} else {
return "`" . str_replace('`', '``', $s) . "`";
}
}
public static function &create($title, $body, $owner, $status = true)
{
global $papyrine;
// Generate the query and insert into the database.
$sql = sprintf("INSERT INTO %s " . " (title, linktitle, body, owner, " . " status, created) " . " VALUES " . " ('%s', '%s', '%s', %s, %s, '%s') ", self::TABLE, sqlite_escape_string($title), sqlite_escape_string($title), sqlite_escape_string($body), $owner, $status ? 1 : 0, time());
$result = $papyrine->database->connection->unbufferedQuery($sql);
return new SQliteEntry($papyrine->database->connection->lastInsertRowid());
}
function C_photo($file, $number)
{
global $root, $gallery_dir, $galerie, $db;
$this->file = $file;
$this->number = $number;
$this->album = $galerie;
//init from filesystem
//preview
$this->preview = "{$gallery_dir}/{$galerie}/lq/img-" . $this->number . ".jpg";
$this->previewsize = getimagesize($this->preview);
//MQ
if (file_exists("{$root}/{$gallery_dir}/{$galerie}/mq/img-" . $this->number . ".jpg")) {
$this->mq = "{$gallery_dir}/{$galerie}/mq/img-" . $this->number . ".jpg";
}
//HQ
if (file_exists("{$root}/{$gallery_dir}/{$galerie}/hq/img-" . $this->number . ".jpg")) {
$this->hq = "{$gallery_dir}/{$galerie}/hq/img-" . $this->number . ".jpg";
}
if ($GLOBALS['have_sqlite']) {
//query just once
require_once "{$root}/inc/db.class.inc.php";
$sql = "select * from photo where ";
$sql .= "number=" . $this->number . " and ";
$sql .= "album='" . $this->album . "'";
$db->query($sql);
}
$this->readCaption();
$this->readCounter();
//reads access log number
if ($GLOBALS['have_sqlite']) {
//need to get photo id first
if (!$db->count()) {
//no record for this photo, let's update the record
//FIXME - if no photo data in db, create a unique index for it
//and add number, album, caption and views.
$sql = "insert into photo (name, caption, counter, number, album)";
$sql .= " values (";
$sql .= "\"" . sqlite_escape_string($this->name) . "\", ";
$sql .= "\"" . sqlite_escape_string(strtr($this->caption, "\"", "'")) . "\", ";
$sql .= $this->counter . ", ";
$sql .= $this->number . ", ";
$sql .= "\"" . $this->album . "\"";
$sql .= ")";
$db->query($sql);
print "\n\n<!-- We've moved the data to the database.-->";
//now we still need to query for the id
$sql = "select id from photo where ";
$sql .= "number=" . $this->number . " and ";
$sql .= "album='" . $this->album . "'";
$db->query($sql);
}
$db->rewind();
$resultarray = sqlite_fetch_array($db->result);
$this->id = $resultarray["id"];
print "\n\n<!-- image id: " . $this->id . " -->\n";
}
$this->readComments();
}
function escape($string)
{
if (function_exists('sqlite_escape_string')) {
$res = sqlite_escape_string($string);
} else {
$res = str_replace("'", "''", $string);
}
return $res;
}
function user2id($uname)
{
$res = db_fetch_array(db_query("SELECT uid FROM users WHERE user='******' LIMIT 1"), SQLITE_NUM);
if (!$res) {
return -1;
} else {
return $res['0']['0'];
}
}
public function Labyrinth($ip, $useragent)
{
global $config;
mt_srand($this->MakeSeed());
$this->dbhandle = new SQLiteDatabase($config['tracking_db']);
$this->crawler_ip = sqlite_escape_string($ip);
$this->crawler_useragent = sqlite_escape_string($useragent);
$this->crawler_info = $this->dbhandle->query("SELECT crawler_ip FROM crawlers WHERE crawler_ip='" . $this->crawler_ip . "' AND crawler_useragent='" . $this->crawler_useragent . "'");
}
function escape($param)
{
if (is_array($param)) {
$this->error("can't escape:");
var_dump($param);
}
$param = sqlite_escape_string($param);
$param = str_replace('"', "'", $param);
return $param;
}
function to_db($p)
{
$query = sprintf("INSERT INTO %s (uuid, title, authors, journal, year, pmid, mendeley_url) " . "VALUES ('%s', '%s', '%s', '%s', %d, %d, '%s'); ", TBL_PAPERS, sqlite_escape_string($p->uuid), sqlite_escape_string($p->title), json_encode($p->authors), sqlite_escape_string($p->journal), sqlite_escape_string($p->year), sqlite_escape_string($p->pmid), is_mendeley_url($p->mendeley_url) ? $p->mendeley_url : "");
if (!$this->db->queryExec($query, $error)) {
echo $query . "<br>";
die($error);
} else {
#echo "<br>".$query;
}
}
