function translate()
{
$translate = array();
if (!$this->saved_content['Text']) {
$translate[] = 'Text';
}
$trFrom = $trSect = $trText = array();
if (!empty($translate)) {
$newest = $DB->asArray("SELECT t1.section, t1.* FROM content AS t1\n LEFT JOIN content t2 ON t1.section = t2.section\n AND t1.language = t2.language\n AND t1.revision < t2.revision\n WHERE t2.section IS NULL\n AND t1.id='" . Database::escape($id) . "'\n AND (t1.section='" . implode("' OR t1.section='", Database::escape($translate, true)) . "')\n ORDER BY t1.revision DESC", true);
foreach ($newest as $s => $translation) {
$trFrom[] = $translation['language'];
$trText[] = $translation['content'];
$trSect[] = $s;
}
}
if (!$obj->Name && !$_POST['etitle']) {
if ($info = $DB->metadata->getRow(array('id' => $obj->ID, 'field' => 'Name'), 'value, metameta')) {
$trFrom[] = $info['metameta'];
$trText[] = $info['value'];
$trSect[] = 'Name';
}
}
$translation = array();
if (!empty($trText)) {
$translation = @array_combine($trSect, google::translate($trText, $trFrom, $language));
}
return $translation;
}
/**
* View contents of folders to which the user has access
* @param $url URL to send the rendered links to. "$" in the URL will be replaced with the ID of the link
* @return HTML
*/
function fullStructure($url = false)
{
global $DB, $USER, $Controller;
$r = '';
if ($Controller->{ADMIN_GROUP}(OVERRIDE)->isMember($USER)) {
$objs = array($Controller->fileRoot);
} else {
$privilegeIDS = array_merge((array) $USER->ID, $USER->groupIds);
$objs = $Controller->get($DB->asList("SELECT spine.id FROM spine RIGHT JOIN privileges ON spine.id = privileges.id WHERE spine.class = 'Folder' AND privileges.beneficiary IN ('" . join("','", Database::escape($privilegeIDS, true)) . "') AND privileges.privileges > 0"), ANYTHING, false, false);
}
$folders = array();
foreach ($objs as $obj) {
$p = $obj;
while ($p = $p->Dir) {
if (!$p->may($USER, READ)) {
break;
} elseif (isset($objs[$p->ID])) {
continue 2;
}
}
if (is_a($obj, 'Folder')) {
if (!in_array($obj->filename, $this->ignore)) {
$folders[$obj->filename] = $obj;
}
}
}
ksort($folders);
return listify(array_map(array($this, 'displayLink'), $folders, array_fill(0, count($folders), $url)));
}
function process()
{
global $current_user;
/* @var $current_user CurrentUser */
$current_user->can_throw('add_comments');
/*
[writemodule] => CommentsWriteModule
[reply_to] => 1
[doc_id] => 440
[comment] => ghjkhjk
*/
$document_id = max(0, (int) Request::post('doc_id'));
$table = Request::post('table');
$comment = Request::post('comment');
$reply_to = max(0, (int) Request::post('reply_to'));
Database::query('START TRANSACTION');
$query = 'SELECT max(`id`) as `id` FROM `comments` WHERE `doc_id` = ' . $document_id . ' AND `table`=' . Database::escape($table) . '';
$maxid = 1 + max(0, Database::sql2single($query));
$query = 'INSERT INTO `comments` SET
`id`=' . $maxid . ',
`table`=' . Database::escape($table) . ',
`comment`=' . Database::escape($comment) . ',
`parent`=' . $reply_to . ',
`doc_id`=' . $document_id . ',
`id_author`=' . $current_user->id . ',
`time`=' . time();
Database::query($query);
Database::query('COMMIT');
}
function write()
{
global $current_user;
/*@var $current_user CurrentUser*/
$current_user->can_throw('books_edit');
$id = isset(Request::$post['id']) ? Request::$post['id'] : 0;
$id = max(0, (int) $id);
$row = Database::sql2row('SELECT * FROM genre WHERE `id`=' . $id);
if (!$row) {
return;
}
if (!$id) {
throw new Exception('Illegal id');
}
$description = prepare_review(isset(Request::$post['description']) ? Request::$post['description'] : '');
if (!$description) {
throw new Exception('Empty description');
}
$description = prepare_review($description);
$query = 'UPDATE `genre` SET `description`=' . Database::escape($description) . ' WHERE `id`=' . $id;
Database::query($query);
ob_end_clean();
header('Location:' . Config::need('www_path') . '/genres/' . $row['name']);
$current_user->gainActionPoints('genres_edit', $id, BiberLog::TargetType_genre);
exit;
}
function sendMessage($id_author, $to_users, $subject, $body, $time, $thread_id = false) {
if (!is_array($to_users))
throw new Exception('$to_users must be an array');
Database::query('START TRANSACTION');
$query = 'INSERT INTO `users_messages` SET
`id_author`=' . $id_author . ',
`time`=' . $time . ',
`subject`=' . Database::escape($subject) . ',
`html`=' . Database::escape($body);
Database::query($query);
// если есть тред - пишем в тот же тред
$lastId = Database::lastInsertId();
$thread_id = $thread_id ? $thread_id : $lastId;
if ($thread_id) {
$q = array();
foreach ($to_users as $receiver_id) {
$is_new = ($receiver_id == $id_author) ? 0 : 1;
$q[] = '(' . $lastId . ',' . $thread_id . ',' . $receiver_id . ',' . $is_new . ',0)';
}
if (count($q)) {
$query = 'INSERT INTO `users_messages_index`(message_id,thread_id,id_recipient,is_new,is_deleted) VALUES ' . implode(',', $q);
Database::query($query);
}
}
Database::query('COMMIT');
}
function edit_event()
{
$id = $_POST['id'] ? $_POST['id'] : 'NULL';
$_POST['template_id'] = max(1, (int) $_POST['template_id']);
Database::query('INSERT INTO `lib_events` SET
`id` = ' . $id . ',
`title`=' . Database::escape($_POST['title']) . ',
`male`=' . Database::escape($_POST['male']) . ',
`age_start_days`=' . Database::escape($_POST['age_start_days']) . ',
`age_end_days`=' . Database::escape($_POST['age_end_days']) . ',
`description`=' . Database::escape($_POST['description']) . ',
`template_id`=' . Database::escape($_POST['template_id']) . '
ON DUPLICATE KEY UPDATE
`title`=' . Database::escape($_POST['title']) . ',
`male`=' . Database::escape($_POST['male']) . ',
`age_start_days`=' . Database::escape($_POST['age_start_days']) . ',
`age_end_days`=' . Database::escape($_POST['age_end_days']) . ',
`description`=' . Database::escape($_POST['description']) . ',
`template_id`=' . Database::escape($_POST['template_id']) . '
');
$id = $id == 'NULL' ? Database::lastInsertId() : $id;
header('Location: /admin/event/' . $id . '/edit');
}
function write() {
global $current_user;
/* @var $current_user CurrentUser */
if (!$current_user->authorized)
throw new Exception('Access denied');
$id = isset(Request::$post['id']) ? Request::$post['id'] : 0;
$id = max(0, (int) $id);
$parent_id = isset(Request::$post['parent_id']) ? Request::$post['parent_id'] : false;
$parent_id = max(0, (int) $parent_id);
if (!$id)
throw new Exception('Illegal id');
$title = isset(Request::$post['title']) ? Request::$post['title'] : false;
$description = isset(Request::$post['description']) ? Request::$post['description'] : false;
if ($parent_id == $id)
throw new Exception('Illegal parent');
if ($parent_id) {
$query = 'SELECT `id` FROM `series` WHERE `id`=' . $parent_id;
if (!Database::sql2single($query))
throw new Exception('No such parent');
}
if (!$title)
throw new Exception('Empty title');
$description = prepare_review($description);
$title = prepare_review($title, '');
$query = 'UPDATE `series` SET `id_parent`=' . $parent_id . ',`title`=' . Database::escape($title) . ', `description`=' . Database::escape($description) . ' WHERE `id`=' . $id;
Database::query($query);
}
function getOne() {
$query = 'SELECT * FROM `genre` WHERE `name`=' . Database::escape($this->genre_name);
$data = Database::sql2row($query);
if (!isset($data['name']))
return;
$this->data['genres'][$data['id']] = array(
'name' => $data['name'],
'id' => $data['id'],
'id_parent' => $data['id_parent'],
'title' => $data['title'],
'books_count' => $data['books_count']
);
if (!$data['id_parent']) {
$this->data['genres'][$data['id']]['subgenres'] = $this->getAll($data['id']);
return;
}
$query = 'SELECT `id_book` FROM `book_genre` BG JOIN `book` B ON B.id = BG.id_book WHERE BG.id_genre = ' . $data['id'] . ' ORDER BY B.mark DESC LIMIT 20';
$bids = Database::sql2array($query, 'id_book');
$books = Books::getByIdsLoaded(array_keys($bids));
Books::LoadBookPersons(array_keys($bids));
foreach ($books as $book) {
$book = Books::getById($book->id);
list($aid, $aname) = $book->getAuthor(1, 1, 1); // именно наш автор, если их там много
$this->data['genres'][$data['id']]['books'][] = array('id' => $book->id,
'cover' => $book->getCover(),
'title' => $book->getTitle(true),
'author' => $aname,
'author_id' => $aid,
'lastSave' => $book->data['modify_time']);
}
}
function getLikes() {
if (!$this->genre_id)
return;
$query = 'SELECT * FROM `genre` WHERE `name`=' . Database::escape($this->genre_id);
$data = Database::sql2row($query);
if($data['id']){
}
}
function setStatus($status_code, $message) {
$query = 'UPDATE `features` SET
`status`=' . (int) $status_code . ',
`last_run`=' . time() . ',
`last_message`=' . Database::escape($message) . '
WHERE
`id`=' . $this->id;
Database::query($query);
}
public function getPostByUrl($url)
{
$where = "Blog ='" . Database::escape($this->getId()) . "' AND Url = '" . Database::escape($url) . "'";
$lista = BlogPost::SELECT($where);
if (count($lista)) {
return $lista[0];
}
return null;
}
public static function getByName($name)
{
$name = Database::escape($name);
$items = self::SELECT("`Name` = '{$name}'");
if (1 != count($items)) {
return null;
}
return $items[0];
}
private final function set_filter($array)
{
if (isset($array['comparison'])) {
$clause = "`{$array['column']}` {$array['comparison']} '" . Database::escape($array['value']) . "'";
} else {
$clause = "`{$array['column']}` = '" . Database::escape($array['value']) . "'";
}
$this->where_clause[] = $clause;
}
function write() {
global $current_user;
/* @var $current_user CurrentUser */
if (!$current_user->authorized)
throw new Exception('Access denied');
$data = array(
'target_id' => max(0, (int) Request::$post['target_id']),
'target_type' => max(0, (int) Request::$post['target_type']),
'comment' => prepare_review(Request::$post['annotation']),
'rate' => min(6, max(0, (int) Request::$post['rate'])) + 1,
);
$event = new Event();
if (!$data['comment']) {
// inserting rate
if ($data['rate'] && ($data['target_type'] == 0)) {
$time = time();
if ($data['rate'] > 1) {
$query = 'INSERT INTO `book_rate` SET `id_book`=' . $data['target_id'] . ',`id_user`=' . $current_user->id . ',`rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ' ON DUPLICATE KEY UPDATE
`rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . '';
Database::query($query);
}
//recalculating rate
$query = 'SELECT COUNT(1) as cnt, SUM(`rate`) as rate FROM `book_rate` WHERE `id_book`=' . $data['target_id'];
$res = Database::sql2row($query);
$book_mark = round($res['rate'] / $res['cnt'] * 10);
$query = 'UPDATE `book` SET `mark`=' . $book_mark . ' WHERE `id`=' . $data['target_id'];
Database::query($query);
$event->event_BookRateAdd($current_user->id, $data['target_id'], $data['rate'] - 1);
}
} else {
if (!$data['target_id'])
return;
$query = 'INSERT INTO `reviews` SET
`id_target`=' . $data['target_id'] . ',
`target_type`=' . $data['target_type'] . ',
`id_user`=' . $current_user->id . ',
`time`=' . time() . ',
`comment`=' . Database::escape($data['comment']) . ',
`rate`=' . ($data['rate'] - 1) . '
ON DUPLICATE KEY UPDATE
`time`=' . time() . ',
`comment`=' . Database::escape($data['comment']) . ',
`rate`=' . ($data['rate'] - 1) . '';
Database::query($query);
//event
$event->event_BookReviewAdd($current_user->id, $data['target_id'],$data['target_type'], $data['rate'] - 1 , $data['comment']);
}
$event->push();
}
/**
* Para insertar un nuevo registro, debo pasar la ruta de
* una imagen válida (puede ser de un archivo local o uno remoto con http://...)
*/
public static function INSERT($image_path)
{
// Compruebo si el archivo es en realidad una imagen:
//$finfo = finfo_open(FILEINFO_MIME_TYPE);
//$mime = finfo_file($finfo, $image_path);
$temp_hash = md5(microtime());
Rack::Write('temp', $temp_hash, $image_path);
$temp_path = Rack::Path('temp', $temp_hash);
$is = getimagesize($temp_path);
$mime = $is['mime'];
switch ($mime) {
case 'image/jpeg':
$gd = @imagecreatefromjpeg($temp_path);
break;
case 'image/png':
$gd = @imagecreatefrompng($temp_path);
break;
case 'image/gif':
$gd = @imagecreatefromgif($temp_path);
break;
case 'image/bmp':
$gd = @imagecreatefrombmp($temp_path);
break;
default:
return null;
}
if (is_resource($gd)) {
$width = imagesx($gd);
$height = imagesy($gd);
$hash = md5_file($temp_path);
$list = Image::SELECT("Hash='" . Database::escape($hash) . "'");
if (count($list)) {
// La imagen ya existe :S
$image = $list[0];
$image->_setCounter($image->getCounter() + 1);
} else {
// Creo un nuevo registro de imagen :)
$image = parent::INSERT();
$image->_setWidth($width);
$image->_setHeight($height);
$image->_setMime($mime);
$image->_setHash($hash);
$image->_setSize(@filesize($temp_path));
$image->_setCounter(1);
// Copiar imagen a la carpeta de imágenes con el id de $image->getId(); (o con el hash)
Rack::Write('img', md5($image->ID()), $temp_path);
}
Rack::Remove('temp', $temp_hash);
return $image;
} else {
// Error al abrir la imagen
Rack::Remove('temp', $temp_hash);
return null;
}
}
function _new()
{
$name = Request::$post['name'][0];
$value = Request::$post['value'][0];
$comment = Request::$post['comment'][$key];
$query = 'INSERT INTO `settings` SET
`name`=' . Database::escape($name) . ',
`comment`=' . Database::escape($comment) . ',
`value`=' . Database::escape($value);
Database::query($query);
}
function getNew() {
$uid = Request::get(0);
if ($uid != 'me') {
if ($uid)
$uid = Database::sql2single('SELECT `id` FROM `users` WHERE `nickname`=' . Database::escape($uid));
}
if($uid)
XMLClass::$varNode->setAttribute('to', $uid);
$this->data['message'] = array();
$this->data['message']['thread_id'] = $this->thread_id;
}
function _new()
{
$title = trim(Request::post('title'));
if (!$title) {
throw new Exception('title missed');
}
$query = 'INSERT INTO `rightholders` SET `title`=' . Database::escape($title);
Database::query($query);
@ob_end_clean();
header('Location: /admin/rightholders/' . Database::lastInsertId());
exit;
}
function __construct($id = false, $data = false) {
$this->loaded = false;
if ($id && !is_numeric($id)) {
$query = 'SELECT `id` FROM `users` WHERE `nickname`=' . Database::escape($id);
$id = (int) Database::sql2single($query);
}
if ($id) {
$this->id = max(0, $id);
}
if ($data)
$this->load($data);
}
function _upsert($data)
{
$q = array();
foreach ($data as $field => $value) {
$q[] = '`' . $field . '`=' . Database::escape($value);
}
if (count($q)) {
Database::query('INSERT INTO `feature_groups` SET ' . implode(',', $q) . ' ON DUPLICATE KEY UPDATE ' . implode(',', $q));
}
@ob_end_clean();
header('Location: ' . Config::need('www_path') . '/features');
exit(0);
}
public function del_two_way($accountId)
{
/* Update query, om de secret te verwijderen. */
$update = Database::query("UPDATE customer SET secret = null WHERE id = " . Database::escape($accountId));
/* Kijken of de query is gelukt. */
if ($update) {
/* Gelukt, verwijder nu de two-way verificatie van de huidige sessie. */
unset($_SESSION['login']['secret']);
} else {
/* Query mislukt, gooi foutmelding terug. */
throw new Exception($update);
}
}
public static function add(&$data)
{
// Fields
$SessionId = md5(microtime());
$Ip = Database::escape($_SERVER['REMOTE_ADDR']);
$UserAgent = Database::escape($_SERVER['HTTP_USER_AGENT']);
$Created = time();
$Data = Database::escape(serialize($data));
$sql = "INSERT INTO `SystemSession` (`id`, `__timestamp__`, `__operation__`, `SessionId`, `Ip`, `UserAgent`, `Created`, `Data`) VALUES (NULL, " . time() . ", 'INSERT', '{$SessionId}', '{$Ip}', '{$UserAgent}', '{$Created}', '{$Data}')";
// Run query
$result = Database::sql($sql);
$id = Database::getInsertId();
return self::ROW($id);
}
public static function ROW($id)
{
$id = intval($id);
if (array_key_exists($id, self::$data)) {
return self::$data[$id];
} else {
$rows = self::SELECT("id='" . Database::escape($id) . "'");
if (count($rows)) {
return $rows[0];
} else {
return null;
}
}
}
function _update($data, $tableName) {
$q = array();
$this->dropCache();
foreach ($data as $field => $value) {
if (isset($this->fieldsMap[$field])) {
$q[] = '`' . $field . '`=' . Database::escape($value);
}else
throw new Exception('_create failed: illegal field #' . $field);
}
if (count($q)) {
Database::query('UPDATE `' . $tableName . '` SET ' . implode(',', $q) . ' WHERE `id`=' . $this->id);
return $lid = Database::lastInsertId();
}
}
function add_album_relation()
{
$album_id = $_POST['album_id'];
$nick = $_POST['nick'];
$role = $_POST['role'];
$user_id = Database::sql2single('SELECT `id` FROM `user` WHERE `nickname`=' . Database::escape($nick));
Database::query('INSERT INTO `album_family` SET
`album_id`=' . $album_id . ',
`user_id`=' . $user_id . ',
`family_role`=' . $role . ',
`add_time`=' . time() . '
ON DUPLICATE KEY UPDATE
`family_role`=' . $role . '');
}
function write()
{
$id = Request::post('entry_id');
$title = Request::post('title');
$body = Request::post('body');
$id_parent = Request::post('answer_to');
global $current_user;
$query = 'SELECT * FROM `blog_entries` WHERE `id`=' . $id;
$data = Database::sql2row($query);
$entry = new Entrie($data);
if (!$current_user->authorized) {
throw new Exception('must be autorized');
}
if (!$body) {
throw new Exception('body missed');
}
if (!$title) {
throw new Exception('title missed');
}
if ($id_parent) {
// answer
$query = 'SELECT * FROM `blog_entries_comments` WHERE `id`=' . $id_parent;
$parent_comment = Database::sql2row($query);
if ($parent_comment['id_parent'] > 0) {
$answer_to = $id_parent;
$id_parent = $parent_comment['id_parent'];
} else {
$answer_to = $id_parent;
$id_parent = $parent_comment['id'];
}
} else {
$answer_to = 0;
$id_parent = 0;
}
$query = 'INSERT INTO `blog_entries_comments` SET
`id_entry`=' . $id . ',
`id_user`=' . $current_user->id . ',
`id_parent`=' . $id_parent . ',
`time`=' . time() . ',
`title`=' . Database::escape($title) . ',
`comment`=' . Database::escape($body) . ',
`answer_to`=' . $answer_to;
Database::query($query);
$comment_id = Database::lastInsertId();
$entry->updateCommentsCount();
header('Location: ' . '/blog/' . $entry->user->getNickName() . '/' . $entry->id . '#comment-' . $comment_id);
exit(0);
}
function addComment()
{
global $current_user;
$subscribe = false;
if (isset(Request::$post['subscribe'])) {
if (Request::$post['subscribe']) {
$subscribe = true;
}
}
if (!$current_user->id) {
return;
}
$comment = isset(Request::$post['comment']) ? Request::$post['comment'] : false;
$comment = trim(prepare_review($comment, '<em><i><strong><b><u><s>'));
if (!$comment) {
throw new Exception('comment body expected');
}
$post_id = Request::$post['id'];
$data = array();
if ($post_id) {
if (isset(Request::$post['comment_id']) && ($comment_id = Request::$post['comment_id'])) {
$data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment, $comment_id);
if ($data) {
Notify::notifyEventCommentAnswer($data['commenter_id'], $post_id, $data['comment_id']);
}
} else {
$data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment);
if ($data) {
Notify::notifyEventComment($data['user_id'], $post_id, $data['comment_id']);
}
}
}
if ($data) {
if ($subscribe) {
// на своё и так и так подписаны
if ($data['post']['user_id'] != $current_user->id) {
$query = 'SELECT `id` FROM `events` WHERE `mongoid`=' . Database::escape($post_id);
$intid = Database::sql2single($query);
if ($intid) {
/* @var $current_user User */
$current_user->setNotifyRule(UserNotify::UN_COMMENT_ANSWER, UserNotify::UNT_NOTIFY);
$current_user->save();
Notify::notifySubscribe($current_user->id, $intid);
}
}
}
}
}
/**
* Permission-test overload to allow display if there are any files or folders that allow so
* @see solidbase/lib/Base#may()
*/
function may($beneficiary, $accessLevel)
{
$p = parent::may($beneficiary, $accessLevel);
if (is_bool($p)) {
return $p;
}
if ($accessLevel & READ) {
if (!isset($this->READ[$beneficiary->ID])) {
global $DB;
$privilegeIDS = array_merge((array) $beneficiary->ID, $beneficiary->groupIds);
$this->READ[$beneficiary->ID] = $DB->exists("SELECT `spine`.`id` as id FROM `spine` RIGHT JOIN `privileges` ON `spine`.`id` = `privileges`.`id` WHERE `spine`.`class` IN ('File','Folder') AND `privileges`.`beneficiary` IN ('" . join("','", Database::escape($privilegeIDS, true)) . "') AND (`privileges`.`privileges` & " . READ . ") > 0");
}
return $this->READ[$beneficiary->ID] ? true : 0;
}
return 0;
}
public static function setPartnerCookie($id_partner)
{
global $current_user;
/* @var $current_user CurrentUser */
if ($id_partner) {
$query = 'SELECT `id` FROM `partners` WHERE `pid`=' . Database::escape($id_partner);
$pid = Database::sql2single($query);
if ($pid) {
if ($current_user) {
$time = Config::need('cookie_lifetime_partner', 5 * 60 * 60 * 24);
$current_user->setCookie('partner_id', $pid, time() + $time);
}
header('Location: ' . Request::$url, true, 302);
}
}
}
public static function set_cookie($user_id)
{
$cookie_key = Config::need('COOKIE_KEY', 'u');
$hash_coookie_key = $cookie_key . '_sh';
$uid_coookie_key = $cookie_key . '_id';
$hash = md5(time() . $user_id);
Database::query('UPDATE `user` SET `lastAccessTime`=' . time() . ',`session`=' . Database::escape($hash) . ' WHERE `id`=' . $user_id);
$expire = time() + 7 * 24 * 60 * 60;
$path = '/';
$domain = '.' . Config::need('www_domain');
$secure = false;
$httponly = false;
setcookie($uid_coookie_key, $user_id, $expire, $path, $domain, $secure, $httponly);
setcookie($hash_coookie_key, $hash, $expire, $path, $domain, $secure, $httponly);
$_COOKIE[$uid_coookie_key] = $user_id;
$_COOKIE[$hash_coookie_key] = $hash;
self::authorize_cookie();
}
