function bb2_db_escape($string) { include_once PLOG_CLASS_PATH . "class/database/db.class.php"; return Db::qstr($string); }
function update($blockedHost) { $query = "UPDATE " . $this->getPrefix() . "host_blocking_rules\n SET host = '" . $blockedHost->getHost() . "',\n mask = " . $blockedHost->getMask() . ",\n blog_id = " . $blockedHost->getBlogId() . ",\n block_type = " . $blockedHost->getType() . ",\n reason = '" . Db::qstr($blockedHost->getReason()) . "'\n WHERE id = " . $blockedHost->getId(); $result = $this->Execute($query); return $result; }
/** * Deletes a sent message * * @param messageId The id of the message that we'd like to delete * @return true if successful or false otherwise */ function deleteMessage($messageId) { $prefix = $this->getPrefix(); $query = "DELETE FROM {$prefix}mailcentre_sent\n WHERE id = '" . Db::qstr($messageId) . "'"; $result = $this->Execute($query); // if there was an error with the query or no rows were affected, // then something went definitely wrong... if (!$result) { return false; } if ($this->_db->Affected_Rows() == 0) { return false; } return true; }
function verifyRequest($userNameHash, $requestHash) { // make sure that the request is correct $users = new Users(); // it's not a good idea to do this but it makes things a bit easier... $prefix = $users->getPrefix(); $query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email, \n\t\t\t u.about AS about, u.full_name AS full_name, u.properties AS properties, \n\t\t\t\t\t IF(p.permission_id = 1, 1, 0 ) AS site_admin, u.resource_picture_id AS resource_picture_id,\n\t\t\t\t\t u.status AS status\n\t\t\t\t\t FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id \n\t\t\t\t\t WHERE MD5(u.user) = '" . Db::qstr($userNameHash) . "'"; $userInfo = $users->_getUserInfoFromQuery($query); // try to see if we can load the user... if (!$userInfo) { return false; } // and if so, validate the hash $originalRequestHash = SummaryTools::calculatePasswordResetHash($userInfo); if ($requestHash != $originalRequestHash) { return false; } return $userInfo; }
/** * updates a rule * * @param rule a FilteredContent object containing the data * we'd like to update. * @return True upon success or false otherwise. */ function updateFilteredContent($rule) { $query = "UPDATE " . $this->getPrefix() . "filtered_content SET " . "blog_id = " . $rule->getBlogId() . ", " . "reg_exp = '" . Db::qstr($rule->getRegExp(true)) . "', " . "reason = '" . Db::qstr($rule->getReason()) . "' " . " WHERE blog_id = " . $rule->getBlogId() . " AND id = " . $rule->getId() . ";"; $result = $this->Execute($query); if (!$result) { return false; } return true; }
/** * Updates a link in the database. * * @param myLink A MyLink object with the information we'd like to update. * @return True if successful or false otherwise. */ function updateMyLink($myLink) { $query = "UPDATE " . $this->getPrefix() . "mylinks SET\n name = '" . Db::qstr($myLink->getName()) . "',\n description = '" . Db::qstr($myLink->getDescription()) . "',\n url = '" . Db::qstr($myLink->getUrl()) . "',\n category_id = " . $myLink->getCategoryId() . ",\n date = date,\n\t\t\t\t\t properties = '" . Db::qstr(serialize($myLink->getProperties())) . "',\n\t\t\t\t\t rss_feed = '" . Db::qstr($myLink->getRssFeed()) . "'\n WHERE id = " . $myLink->getId() . " AND blog_id = " . $myLink->getBlogId() . ";"; $result = $this->Execute($query); if (!$result) { return false; } else { if ($result) { // mark the corresponding link categories as modified now $linkCategories = new MyLinksCategories(); $linkCategories->updateCategoryModificationDate($myLink->getCategoryId()); } return true; } }
/** * Returns an array of SearchResult objects containing information about the search, such as the * relevance (not very relevant, though :)), and the ArticleObject * * @param blogId The id of the blog whose articles we would like to search * @param query The query string we'd like to use. * @param minRelevance Minimum value of the relevance field, to get rid of less meaningful * results * @param maxResults Maximum number of results that will be returned. * @return An array of SearchResult objects */ function searchComments($blogId, $query, $minRelevance = 0, $maxResults = 0, $status = POST_STATUS_PUBLISHED, $userId = -1, $date = 0) { $prefix = $this->getPrefix(); $query = $this->_adaptSearchString($query); // MARKWU: I also need to take care when there are multiplu search term // Split the search term by space $query_array = explode(' ', $query); // For each search terms, I should make a like query for it $where_string = "("; $where_string .= "((c.normalized_topic LIKE '%{$query_array[0]}%') OR (c.normalized_text LIKE '%{$query_array[0]}%'))"; for ($i = 1; $i < count($query_array); $i = $i + 1) { $where_string .= " AND ((c.normalized_topic LIKE '%{$query_array[$i]}%') OR (c.normalized_text LIKE '%{$query_array[$i]}%'))"; } $where_string .= " OR ((c.normalized_topic LIKE '%{$query}%') OR (c.normalized_text LIKE '%{$query}%'))"; $where_string .= ")"; // Make the whole sql query string $searchQuery = "SELECT a.id AS id, t.topic AS topic, t.text AS text, a.date AS date,\n\t\t\t a.user_id AS user_id, a.blog_id AS blog_id, a.num_reads AS num_reads, \n\t\t\t\t\t\t\t a.properties AS properties, t.normalized_text AS normalized_text,\n\t\t\t\t\t\t\t t.normalized_topic AS normalized_topic, a.status AS status, a.slug AS slug, \n\t\t\t\t\t\t\t 1 AS relevance \n\t\t\t\t\t\t\t FROM {$prefix}articles_comments c, {$prefix}articles a, {$prefix}articles_text t\n\t\t\t\t\t\t\t WHERE {$where_string} AND c.article_id = a.id AND a.status = {$status} AND c.status = 0\n\t\t\t\t\t\t\t AND t.article_id = a.id"; if ($blogId > 0) { $searchQuery .= " AND a.blog_id = '" . Db::qstr($blogId) . "' "; } if ($userId > 0) { $searchQuery .= " AND a.user_id = '" . Db::qstr($userId) . "' "; } if ($date > 0) { $searchQuery .= " AND a.date+0 LIKE '{$date}%' "; } $searchQuery .= " ORDER BY relevance"; // print $searchQuery; // print "<hr />"; return $this->_getQueryResults($searchQuery, SEARCH_RESULT_COMMENT); }
/** * removes a trackback from the database * * @param trackbackId * @param articleId * @return True if successful or false otherwise */ function deletePostTrackback($trackbackId, $articleId = -1) { $prefix = $this->getPrefix(); $query = "DELETE FROM {$prefix}trackbacks WHERE id = '" . Db::qstr($trackbackId) . "'"; if ($articleId > 0) { $query .= " AND article_id = '" . Db::qstr($articleId) . "'"; } return $this->Execute($query); }
/** * update last modification field */ function updateLastModification($categoryId, $lastModification) { $query = "UPDATE " . $this->getPrefix() . "mylinks_categories\n\t\t\t\t\t SET last_modification = '" . Db::qstr($lastModification) . "' \n\t\t\t\t\t WHERE id = '" . Db::qstr($categoryId) . "'"; $this->_db->debug = false; $result = $this->_db->Execute($query); return $result; }
/** * adds a custom field value to the given article * * @param fieldId * @param fieldValue * @param articleId * @param blogId * @return True if successful or false otherwise */ function addCustomFieldValue($fieldId, $fieldValue, $articleId, $blogId) { $filter = new Textfilter(); $query = "INSERT INTO " . $this->getPrefix() . "custom_fields_values\n\t\t\t (field_id, field_value, normalized_value, blog_id, article_id)\n\t\t\t\t\t VALUES (\n\t\t\t\t\t {$fieldId}, '" . Db::qstr($fieldValue) . "','" . $filter->normalizeText(Db::qstr($fieldValue)) . "',\n\t\t\t\t\t {$blogId}, {$articleId}\n\t\t\t\t\t )"; $result = $this->Execute($query); return $result; }
function updatePoll(&$poll) { $prefix = $this->getPrefix(); $q = "update {$prefix}plogpoll_polls " . "set subject='" . Db::qstr($poll->getSubject()) . "'," . "responses='" . Db::qstr(serialize($poll->getResponses())) . "'," . "responsedata='" . Db::qstr(serialize($poll->getResponseData())) . "'" . " where id=" . $poll->getId(); return $this->Execute($q); }
/** * disables a blog * * @param blogId */ function disableBlog($blogId) { $query = "UPDATE " . $this->getPrefix() . "blogs\n SET status = '" . BLOG_STATUS_DISABLED . "'\n WHERE id = '" . Db::qstr($blogId) . "'"; $result = $this->Execute($query); if (!$result) { return false; } if ($this->_db->Affected_Rows() == 0) { return false; } return true; }
/** * updates a resource in the database. * * @param resource A GalleryResource object with the information of the * resource we'd like to update. * @return Returns true if successful or false otherwise */ function updateResource($resource) { $tf = new TextFilter(); $query = "UPDATE " . $this->getPrefix() . "gallery_resources\n SET album_id = " . $resource->getAlbumId() . ",\n description = '" . Db::qstr($resource->getDescription()) . "',\n flags = " . $resource->getFlags() . ",\n resource_type = " . $resource->getResourceType() . ",\n file_path = '" . $resource->getFilePath() . "',\n file_name = '" . $resource->getFileName() . "',\n metadata = '" . Db::qstr(serialize($resource->getMetadata())) . "',\n\t\t\t\t\t thumbnail_format ='" . $resource->getThumbnailFormat() . "',\n date = '" . $resource->getDate() . "',\n normalized_description = '" . Db::qstr($tf->normalizeText($resource->getDescription())) . "'\n WHERE id = " . $resource->getId(); $result = $this->Execute($query); if (!$result) { return false; } else { return true; } }
/** * returns the lastest $maxItems comments received in the blog * * @param blogId * @param maxItems * @return An array of ArticleComment objects */ function getBlogComments($blogId, $maxItems = 0, $articleStatus = POST_STATUS_PUBLISHED) { $prefix = $this->getPrefix(); $query = "SELECT c.id AS id, c.article_id AS article_id, c.topic AS topic, \n\t\t\t c.text AS text, c.date AS date, c.user_email AS user_email,\n\t\t\t\t\t\t\t c.user_url AS user_url, c.user_name AS user_name, c.parent_id AS parent_id,\n\t\t\t\t\t\t\t c.client_ip AS client_ip, c.send_notification AS send_notification,\n\t\t\t\t\t\t\t c.status AS status \n\t\t\t\t\t FROM {$prefix}articles_comments c, {$prefix}articles a\n\t\t\t WHERE a.blog_id = '" . Db::qstr($blogId) . "' AND a.id = c.article_id\n\t\t\t\t\t AND a.status = {$articleStatus} \n\t\t\t\t\t ORDER BY date DESC"; if ($maxItems > 0) { $query .= " LIMIT 0, {$maxItems}"; } $result = $this->Execute($query); if (!$result) { return false; } if ($result->RowCount() == 0) { return array(); } $comments = array(); $articles = new Articles(); while ($row = $result->FetchRow()) { // load the article to which this comment belongs $comment = $this->_fillCommentInformation($row); $article = $articles->getBlogArticle($comment->getArticleId(), $blogId); $comment->setArticle($article); // and store everything in the array $comments[] = $comment; } $result->Close(); return $comments; }
/** * returns how many categories a blog has * * @param blogId * @param includeHidden * @return an integer */ function getBlogNumCategories($blogId, $includeHidden = false) { // table name $prefix = $this->getPrefix(); $table = "{$prefix}articles_categories"; // conditions $cond = "blog_id = '" . Db::qstr($blogId) . "'"; if (!$includeHidden) { $cond .= " AND in_main_page = 1"; } // return the total number $total = $this->getNumItems($table, $cond); return $total; }
/** * update a field in the database * * @param field * @return True if successful or false otherwise */ function updateCustomField($field) { $query = "UPDATE " . $this->getPrefix() . "custom_fields_definition\n\t\t\t SET field_name = '" . Db::qstr($field->getName()) . "',\n\t\t\t\t\t field_description = '" . Db::qstr($field->getDescription()) . "',\n\t\t\t\t\t field_type = " . Db::qstr($field->getType()) . ",\n\t\t\t\t\t date = date,\n\t\t\t\t\t hidden = " . $field->isHidden() . "\n\t\t\t\t\t WHERE id = " . $field->getId(); $result = $this->Execute($query); return $result; }
/** * @private */ function _insertValue($key, $value) { $type = $this->_getType($value); switch ($type) { case TYPE_INTEGER: case TYPE_BOOLEAN: case TYPE_FLOAT: $query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n VALUES( '{$key}', '{$value}', {$type} )"; break; case TYPE_STRING: // need to add quotes here $query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n VALUES( '{$key}', '" . Db::qstr($value) . "', {$type} )"; break; case TYPE_ARRAY: case TYPE_OBJECT: // need to serialize here $serValue = addslashes(serialize($value)); $query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n VALUES( '{$key}', '{$serValue}', {$type} )"; break; default: throw new Exception("_insertValue: _getType produced an unexpected value of {$type}"); die; } $result = $this->_db->Execute($query); if ($result) { return true; } else { return false; } }
/** * returns the usernames of the users who have permissions in a blog * * @param blogId * @retur An array of UserInfo objects */ function getBlogUsers($blogId) { $query = "SELECT * FROM " . $this->getPrefix() . "users_permissions WHERE blog_id = '" . Db::qstr($blogId) . "'"; $result = $this->Execute($query); if (!$result) { return false; } $blogUsers = array(); $users = new Users(); while ($row = $result->FetchRow()) { $blogUsers[] = $users->getUserInfoFromId($row["user_id"]); } return $blogUsers; }
/** * removes the text of an article * * @param articleId * @private * @return true if successful or false otherwise * @see Articles::deleteArticle */ function deleteArticleText($articleId) { $query = "DELETE FROM " . $this->getPrefix() . "articles_text WHERE article_id = '" . Db::qstr($articleId) . "'"; return $this->Execute($query); }
function updateResources() { $dbPrefix = $this->dbPrefix; $query = "SELECT * FROM {$dbPrefix}gallery_resources"; $result = $this->db->Execute($query); while ($row = $result->FetchRow()) { $resId = $row["id"]; //$normName = $this->t->normalizeText( $row["name"] ); $normDescription = Db::qstr($this->t->normalizeText($row["description"])); $query = "UPDATE {$dbPrefix}gallery_resources\n SET normalized_description = '{$normDescription}', date = date\n WHERE id = {$resId}"; $res = $this->db->Execute($query); if (!$res) { $this->message .= "There was an error updating the resources table.<br/>"; return false; } } $this->message .= "Resources table updated successfully!<br/>"; return true; }
/** * returns all the albums of the blog in an array. The key of the array is the * parent id of all the albums in the position, and each position is either an * array with all the albums that share the same parent id or empty if none * * @param userId * @param albumId * @return An associative array */ function getUserAlbumsGroupedByParentId($userId, $albumId = 0) { $prefix = $this->getPrefix(); $query = "SELECT id, owner_id, description,\n \t name, flags, parent_id,\n \t date, properties, show_album \n \t FROM {$prefix}gallery_albums \n\t\t\t WHERE owner_id = '" . Db::qstr($userId) . "'\n\t\t\t\t\t ORDER BY name ASC"; $result = $this->Execute($query); if (!$result) { return array(); } $albums = array(); $ids = array(); $ids[] = 0; while ($row = $result->FetchRow()) { $album = new GalleryAlbum($row["owner_id"], $row["name"], $row["description"], $row["flags"], $row["parent_id"], $row["date"], unserialize($row["properties"]), $row["show_album"], $row["id"]); $key = $album->getParentId(); if (!array_key_exists($key, $albums) || $albums["{$key}"] == "") { $albums["{$key}"] = array(); } $albums["{$key}"][] = $album; $ids[] = $album->getId(); } return $albums; }
/** * check if the email account has been registered * @return true if the email account has been registered */ function emailExists($email) { $query = "SELECT email \n FROM " . $this->getPrefix() . "users \n WHERE email = '" . Db::qstr($email) . "'"; $result = $this->_db->Execute($query); if ($result && $result->RecordCount() >= 1) { return true; } else { return false; } }
/** * returns how many referrers the blog has * *Ê@param blogId * @param articleId * @return a number */ function getBlogTotalReferers($blogId, $articleId = -1) { $prefix = $this->getPrefix(); $table = "{$prefix}referers"; $cond = "blog_id = '" . Db::qstr($blogId) . "'"; if ($articleId > -1) { $cond .= " AND article_id = '" . Db::qstr($articleId) . "'"; } return $this->getNumItems($table, $cond); }