/**
* post a new table or an updated table
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new table, or FALSE on error
*
* @see tables/edit.php
* @see tables/populate.php
**/
public static function post(&$fields)
{
global $context;
// no query
if (!isset($fields['query']) || !trim($fields['query'])) {
Logger::error(i18n::s('Please add some SQL query.'));
return FALSE;
}
// no anchor reference
if (!isset($fields['anchor']) || !trim($fields['anchor'])) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!isset($fields['anchor']) || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values
if (!isset($fields['with_zoom'])) {
$fields['with_zoom'] = 'N';
}
// set default values for this editor
Surfer::check_default_editor($fields);
// maybe we have to modify an existing table
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('tables') . " SET " . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape($fields['query']) . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'" . " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
$query = "INSERT INTO " . SQL::table_name('tables') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "'," . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape(isset($fields['query']) ? $fields['query'] : '') . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . $fields['edit_name'] . "'," . "edit_id=" . $fields['edit_id'] . "," . "edit_address='" . $fields['edit_address'] . "'," . "edit_date='" . $fields['edit_date'] . "'";
}
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for tables
if (isset($fields['id'])) {
$topics = array('tables', 'table:' . $fields['id']);
} else {
$topics = 'tables';
}
Cache::clear($topics);
// return the id of the new item
return $fields['id'];
}
/**
* post a new link
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new link, or FALSE on error
*
* @see feeds/feeds.php
* @see links/edit.php
* @see links/trackback.php
* @see services/ping.php
**/
public static function post(&$fields)
{
global $context;
// suppress invalid chars, if any
$fields['link_url'] = trim(preg_replace(FORBIDDEN_IN_URLS, '_', $fields['link_url']), '_');
// no link
if (!$fields['link_url']) {
Logger::error(i18n::s('No link URL has been provided.'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// always remember the date
$query = "INSERT INTO " . SQL::table_name('links') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "link_url='" . SQL::escape($fields['link_url']) . "', " . "link_target='" . SQL::escape(isset($fields['link_target']) ? $fields['link_target'] : '') . "', " . "link_title='" . SQL::escape(isset($fields['link_title']) ? $fields['link_title'] : '') . "', " . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'link:create') . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "', " . "hits=" . SQL::escape(isset($fields['hits']) ? $fields['hits'] : 0);
// actual update query
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// clear the cache for links
Links::clear($fields);
// end of job
return $fields['id'];
}
/**
* post a new location or an updated location
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new location, or FALSE on error
*
* @see locations/edit.php
**/
public static function post(&$fields)
{
global $context;
// no geo_place_name
if (!$fields['geo_place_name']) {
Logger::error(i18n::s('Please add a geo_place_name for this location'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// extract latitude and longitude
if (isset($fields['geo_position']) && $fields['geo_position']) {
list($latitude, $longitude) = preg_split('/[\\s,;]+/', $fields['geo_position']);
}
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('locations') . " SET " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '0') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '0') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
// always remember the date
$query = "INSERT INTO " . SQL::table_name('locations') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for locations
Locations::clear($fields);
// end of job
return $fields['id'];
}
/**
* post a new section
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @param boolean TRUE to update the watch list of the poster
* @return the id of the new article, or FALSE on error
*
* @see sections/edit.php
* @see sections/populate.php
* @see letters/new.php
* @see links/links.php
* @see query.php
**/
public static function post(&$fields, $watch = TRUE)
{
global $context;
// title cannot be empty
if (!isset($fields['title']) || !trim($fields['title'])) {
Logger::error(i18n::s('No title has been provided.'));
return FALSE;
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['activation_date']) || $fields['activation_date'] <= NULL_DATE) {
$fields['activation_date'] = NULL_DATE;
}
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
$fields['expiry_date'] = NULL_DATE;
}
if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
$fields['publish_date'] = NULL_DATE;
}
// set conservative default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
if (isset($fields['edit_action'])) {
$fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
}
if (!isset($fields['home_panel']) || !$fields['home_panel']) {
$fields['home_panel'] = 'main';
}
if (!isset($fields['index_map']) || !$fields['index_map']) {
$fields['index_map'] = 'Y';
}
if (!isset($fields['index_news']) || !$fields['index_news']) {
$fields['index_news'] = 'none';
}
// save on requests
if (!isset($fields['rank']) || !$fields['rank']) {
$fields['rank'] = 10000;
}
// set layout for sections
if (!isset($fields['sections_layout']) || !$fields['sections_layout'] || !preg_match('/^(accordion|carrousel|compact|custom|decorated|directory|folded|inline|jive|map|slashdot|tabs|titles|yabb|none)$/', $fields['sections_layout'])) {
$fields['sections_layout'] = 'none';
} elseif ($fields['sections_layout'] == 'custom') {
if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
$fields['sections_layout'] = $fields['sections_custom_layout'];
} else {
$fields['sections_layout'] = 'none';
}
}
// set layout for articles
if (!isset($fields['articles_layout']) || !$fields['articles_layout'] || !preg_match('/^(accordion|alistapart|carrousel|custom|compact|daily|decorated|digg|directory|hardboiled|jive|map|newspaper|none|simile|slashdot|table|tabs|tagged|threads|titles|yabb)$/', $fields['articles_layout'])) {
$fields['articles_layout'] = 'decorated';
} elseif ($fields['articles_layout'] == 'custom') {
if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
$fields['articles_layout'] = $fields['articles_custom_layout'];
} else {
$fields['articles_layout'] = 'decorated';
}
}
// set canvas for articles
if (!isset($fields['articles_canvas']) || !$fields['articles_canvas']) {
$fields['articles_canvas'] = 'standard';
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// cascade anchor access rights
if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
} else {
$fields['active'] = $fields['active_set'];
}
// always create a random handle for this section
if (!isset($fields['handle']) || strlen($fields['handle']) < 32) {
$fields['handle'] = md5(mt_rand());
}
$handle = "handle='" . SQL::escape($fields['handle']) . "',";
// allow anonymous surfer to access this section during his session
if (!Surfer::get_id()) {
Surfer::add_handle($fields['handle']);
}
// insert a new record
$query = "INSERT INTO " . SQL::table_name('sections') . " SET ";
// on import
if (isset($fields['id'])) {
$query .= "id='" . SQL::escape($fields['id']) . "',";
}
// all fields should be visible
$query .= "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "'," . "activation_date='" . SQL::escape($fields['activation_date']) . "'," . "active='" . SQL::escape($fields['active']) . "'," . "active_set='" . SQL::escape($fields['active_set']) . "'," . "articles_canvas='" . SQL::escape(isset($fields['articles_canvas']) ? $fields['articles_canvas'] : 'null') . "'," . "articles_layout='" . SQL::escape(isset($fields['articles_layout']) ? $fields['articles_layout'] : 'decorated') . "'," . "articles_templates='" . SQL::escape(isset($fields['articles_templates']) ? $fields['articles_templates'] : '') . "'," . "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'," . "content_options='" . SQL::escape(isset($fields['content_options']) ? $fields['content_options'] : '') . "'," . "content_overlay='" . SQL::escape(isset($fields['content_overlay']) ? $fields['content_overlay'] : '') . "'," . "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "'," . "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'section:create') . "', " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "expiry_date='" . SQL::escape($fields['expiry_date']) . "'," . "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'," . "family='" . SQL::escape(isset($fields['family']) ? $fields['family'] : '') . "'," . "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'," . $handle . "hits=" . SQL::escape(isset($fields['hits']) ? $fields['hits'] : 0) . "," . "home_panel='" . SQL::escape(isset($fields['home_panel']) ? $fields['home_panel'] : 'main') . "'," . "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'," . "index_map='" . SQL::escape(isset($fields['index_map']) ? $fields['index_map'] : 'Y') . "'," . "index_news='" . SQL::escape(isset($fields['index_news']) ? $fields['index_news'] : 'static') . "'," . "index_news_count=" . SQL::escape(isset($fields['index_news_count']) ? $fields['index_news_count'] : 5) . "," . "index_title='" . SQL::escape(isset($fields['index_title']) ? $fields['index_title'] : '') . "'," . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'," . "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'," . "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'," . "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'," . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'," . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'," . "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : 10000) . "'," . "section_overlay='" . SQL::escape(isset($fields['section_overlay']) ? $fields['section_overlay'] : '') . "'," . "sections_layout='" . SQL::escape(isset($fields['sections_layout']) ? $fields['sections_layout'] : 'map') . "'," . "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'," . "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'," . "template='" . SQL::escape(isset($fields['template']) ? $fields['template'] : '') . "'," . "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// assign the page to related categories
Categories::remember('section:' . $fields['id'], NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// turn author to page editor and update author's watch list
if ($watch && isset($fields['edit_id']) && $fields['edit_id']) {
Members::assign('user:'******'edit_id'], 'section:' . $fields['id']);
Members::assign('section:' . $fields['id'], 'user:'******'edit_id']);
}
// clear the cache
Sections::clear($fields);
// return the id of the new item
return $fields['id'];
}
/**
* post a new comment or an updated comment
*
* The surfer signature is also appended to the comment, if any.
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new comment, or FALSE on error
*
* @see agents/messages.php
* @see comments/edit.php
* @see comments/post.php
**/
public static function post(&$fields)
{
global $context;
// ensure this item has a type
if (!isset($fields['type'])) {
$fields['type'] = 'attention';
}
// comment is mandatory, except for approvals
if (!$fields['description'] && $fields['type'] != 'approval') {
Logger::error(i18n::s('No comment has been transmitted.'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
if (!isset($fields['edit_date']) || $fields['edit_date'] <= NULL_DATE) {
$fields['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S');
}
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('comments') . " SET " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "'";
// maybe another anchor
if ($fields['anchor']) {
$query .= ", anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
$query = "INSERT INTO " . SQL::table_name('comments') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1), " . "previous_id='" . SQL::escape(isset($fields['previous_id']) ? $fields['previous_id'] : 0) . "', " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "create_name='" . SQL::escape($fields['edit_name']) . "', " . "create_id=" . SQL::escape($fields['edit_id']) . ", " . "create_address='" . SQL::escape($fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:create', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for comments
Comments::clear($fields);
// end of job
return $fields['id'];
}
/**
* remember a version
*
* Save previous version of some object in the database.
* It is recommended to call Versions::are_different() before calling Versions::save(), to
* ensure that some change has taken place.
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @param string the anchor attached to this version
* @return the id of the new version, or FALSE on error
*
* @see versions/edit.php
**/
public static function save($fields, $anchor)
{
global $context;
// anchor cannot be empty
if (!isset($anchor) || !$anchor) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// pack arrays, etc.
$content = serialize($fields);
// save database space
if (strlen($content) > 128 && is_callable('gzcompress')) {
$content = base64_encode(gzcompress($content, 6));
}
// versioning date
$versioning_date = isset($fields['edit_date']) ? $fields['edit_date'] : gmstrftime('%Y-%m-%d %H:%M:%S');
// insert a new record
$query = "INSERT INTO " . SQL::table_name('versions') . " SET " . "anchor='" . SQL::escape($anchor) . "'," . "content='" . SQL::escape($content) . "'," . "edit_name='" . SQL::escape(isset($fields['edit_name']) ? $fields['edit_name'] : Surfer::get_name()) . "', " . "edit_id=" . SQL::escape(isset($fields['edit_id']) ? $fields['edit_id'] : Surfer::get_id()) . ", " . "edit_address='" . SQL::escape(isset($fields['edit_address']) ? $fields['edit_address'] : Surfer::get_email_address()) . "', " . "edit_date='" . SQL::escape($versioning_date) . "'";
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$id = SQL::get_last_id($context['connection']);
// clear the cache for versions; update section index as well
Cache::clear(array('articles', 'versions'));
// return the id of the new item
return $id;
}
/**
* post a new article
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new article, or FALSE on error
*
* @see articles/edit.php
**/
public static function post(&$fields)
{
global $context;
// title cannot be empty
if (!isset($fields['title']) || !$fields['title']) {
Logger::error(i18n::s('No title has been provided.'));
return FALSE;
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// anchor cannot be empty
if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
$fields['publish_date'] = NULL_DATE;
}
// set conservative default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
if (isset($fields['edit_action']) && $fields['edit_action']) {
$fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
}
if (!isset($fields['rank'])) {
$fields['rank'] = 10000;
}
if (!isset($fields['nick_name'])) {
$fields['nick_name'] = '';
}
// set canvas default value
if (!isset($fields['canvas']) || !$fields['canvas']) {
$fields['canvas'] = 'standard';
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// cascade anchor access rights
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
// fields to update
$query = array();
// on import
if (isset($fields['id'])) {
$query[] = "id=" . SQL::escape($fields['id']);
}
// fields that are visible only to associates -- see articles/edit.php
if (Surfer::is_associate()) {
$query[] = "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'";
$query[] = "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'";
$query[] = "canvas='" . SQL::escape(isset($fields['canvas']) ? $fields['canvas'] : '') . "'";
}
$query[] = "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
$query[] = "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
$query[] = "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'";
$query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
$query[] = "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
// controlled fields
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
// fields visible to authorized member
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
$query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
$query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
$query[] = "title='" . SQL::escape($fields['title']) . "'";
$query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
$query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
$query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
$query[] = "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'";
$query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'";
$query[] = "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'";
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
$query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
$query[] = "hits=0";
$query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
$query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : (isset($fields['edit_id']) ? $fields['edit_id'] : '0'));
$query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
$query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape(isset($fields['edit_id']) ? $fields['edit_id'] : '0');
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'article:submit') . "'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
// reset user assignment, if any
$query[] = "assign_name=''";
$query[] = "assign_id=0";
$query[] = "assign_address=''";
$query[] = "assign_date='" . SQL::escape(NULL_DATE) . "'";
// set or change the publication date
if (isset($fields['publish_date']) && $fields['publish_date'] > NULL_DATE) {
$query[] = "publish_name='" . SQL::escape(isset($fields['publish_name']) ? $fields['publish_name'] : $fields['edit_name']) . "'";
if (isset($fields['publish_id']) || isset($fields['edit_id'])) {
$query[] = "publish_id=" . SQL::escape(isset($fields['publish_id']) ? $fields['publish_id'] : $fields['edit_id']);
}
$query[] = "publish_address='" . SQL::escape(isset($fields['publish_address']) ? $fields['publish_address'] : $fields['edit_address']) . "'";
$query[] = "publish_date='" . SQL::escape($fields['publish_date']) . "'";
}
// always create a random handle for this article
if (!isset($fields['handle']) || strlen($fields['handle']) < 32) {
$fields['handle'] = md5(mt_rand());
}
$query[] = "handle='" . SQL::escape($fields['handle']) . "'";
$query[] = "rating_count='" . SQL::escape(isset($fields['rating_count']) ? $fields['rating_count'] : '0') . "'";
// allow anonymous surfer to access this page during his session
if (!Surfer::get_id()) {
Surfer::add_handle($fields['handle']);
}
// insert a new record
$query = "INSERT INTO " . SQL::table_name('articles') . " SET " . implode(', ', $query);
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// assign the page to related categories
Categories::remember('article:' . $fields['id'], isset($fields['publish_date']) ? $fields['publish_date'] : NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// turn author to page editor and update author's watch list
if (isset($fields['edit_id']) && $fields['edit_id']) {
Members::assign('user:'******'edit_id'], 'article:' . $fields['id']);
Members::assign('article:' . $fields['id'], 'user:'******'edit_id']);
}
// clear the cache
Articles::clear($fields);
// return the id of the new item
return $fields['id'];
}
/**
* post a new file or an updated file
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @param string to support editors -- see files/edit.php
* @return the id of the new file, or FALSE on error
*
* @see agents/messages.php
* @see files/author.php
* @see files/edit.php
**/
public static function post(&$fields)
{
global $context;
// no anchor reference
if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// protect access from anonymous users
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
// cascade anchor access rights
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
// make the file name searchable on initial post
if (!isset($fields['id']) && !isset($fields['keywords']) && isset($fields['file_name']) && $fields['file_name'] != 'none') {
$fields['keywords'] = ' ' . str_replace(array('%20', '_', '.', '-'), ' ', $fields['file_name']);
}
// columns updated
$query = array();
// update an existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// an actual upload has taken place --change modification date and reset detach data
if (isset($fields['file_name']) && $fields['file_name'] != 'none') {
$query[] = "assign_address=''";
$query[] = "assign_date=''";
$query[] = "assign_id=''";
$query[] = "assign_name=''";
$query[] = "create_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "create_date='" . SQL::escape($fields['edit_date']) . "'";
$query[] = "create_id=" . SQL::escape($fields['edit_id']);
$query[] = "create_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='file:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "file_name='" . SQL::escape($fields['file_name']) . "'";
$query[] = "file_size='" . SQL::escape($fields['file_size']) . "'";
}
// fields that are visible only to people allowed to update a file
if (Surfer::is_member()) {
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
}
// regular fields
$query[] = "alternate_href='" . SQL::escape(isset($fields['alternate_href']) ? $fields['alternate_href'] : '') . "'";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
if (isset($fields['description'])) {
$query[] = "description='" . SQL::escape($fields['description']) . "'";
}
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "file_href='" . SQL::escape(isset($fields['file_href']) ? $fields['file_href'] : '') . "'";
$query[] = "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'";
$query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : '10000') . "'";
$query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
$query[] = "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'";
// build the full query
$query = "UPDATE " . SQL::table_name('files') . " SET " . join(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// insert a new record
} elseif (isset($fields['file_name']) && $fields['file_name'] && isset($fields['file_size']) && $fields['file_size']) {
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
$query[] = "alternate_href='" . SQL::escape(isset($fields['alternate_href']) ? $fields['alternate_href'] : '') . "'";
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
$query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
$query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
$query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
$query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
$query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
$query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
$query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='file:create'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
$query[] = "file_name='" . SQL::escape($fields['file_name']) . "'";
$query[] = "file_href='" . SQL::escape(isset($fields['file_href']) ? $fields['file_href'] : '') . "'";
$query[] = "file_size='" . SQL::escape($fields['file_size']) . "'";
$query[] = "hits=0";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'";
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : '10000') . "'";
$query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
$query[] = "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'";
// build the full query
$query = "INSERT INTO " . SQL::table_name('files') . " SET " . join(', ', $query);
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// nothing done
} else {
Logger::error(i18n::s('Nothing has been received. Ensure you are below size limits set for this server.'));
return FALSE;
}
// clear the cache for files
Files::clear($fields);
// end of job
return $fields['id'];
}
/**
* post a new date or an updated date
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return integer the id of the new or updated record, else 0 on error
*
* @see dates/edit.php
**/
public static function post(&$fields)
{
global $context;
// no date
if (!$fields['date_stamp']) {
Logger::error(i18n::s('Please provide a date.'));
return 0;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return 0;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('dates') . " SET " . "date_stamp='" . SQL::escape($fields['date_stamp']) . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
if (SQL::query($query) === FALSE) {
return 0;
}
// insert a new record
} else {
// always remember the date
$query = "INSERT INTO " . SQL::table_name('dates') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "date_stamp='" . SQL::escape($fields['date_stamp']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
if (SQL::query($query) === FALSE) {
return 0;
}
// id of the new record
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for dates
Dates::clear($fields);
// end of job
return $fields['id'];
}
/**
* post a new image or an updated image
*
* Accept following situations:
* - id+image: update an existing entry in the database
* - id+no image: only update the database
* - no id+image: create a new entry in the database
* - no id+no image: create a new entry in the database
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the image, or FALSE on error
**/
public static function post(&$fields)
{
global $context;
// no anchor reference
if (!isset($fields['anchor']) || !$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values
if (!isset($fields['use_thumbnail']) || !Surfer::get_id()) {
$fields['use_thumbnail'] = 'Y';
}
// only authenticated users can select to not moderate image sizes
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
$query = "UPDATE " . SQL::table_name('images') . " SET ";
if (isset($fields['image_name']) && $fields['image_name'] != 'none') {
$query .= "image_name='" . SQL::escape($fields['image_name']) . "'," . "thumbnail_name='" . SQL::escape($fields['thumbnail_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "',";
}
$query .= "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'" . " WHERE id = " . SQL::escape($fields['id']);
// actual update
if (SQL::query($query) === FALSE) {
return FALSE;
}
// insert a new record
} elseif (isset($fields['image_name']) && $fields['image_name'] && isset($fields['image_size']) && $fields['image_size']) {
$query = "INSERT INTO " . SQL::table_name('images') . " SET ";
$query .= "anchor='" . SQL::escape($fields['anchor']) . "'," . "image_name='" . SQL::escape($fields['image_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "thumbnail_name='" . SQL::escape(isset($fields['thumbnail_name']) ? $fields['thumbnail_name'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
// actual update
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// nothing done
} else {
Logger::error(i18n::s('No image has been added.'));
return FALSE;
}
// clear the cache
Images::clear($fields);
// end of job
return $fields['id'];
}
/**
* post a new category
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new category, or FALSE on error
*
* @see categories/edit.php
* @see categories/populate.php
* @see categories/set_keyword.php
**/
public static function post(&$fields)
{
global $context;
$anchor = $overlay = NULL;
// title cannot be empty
if (!isset($fields['title']) || !$fields['title']) {
Logger::error(i18n::s('No title has been provided.'));
return FALSE;
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
if (!isset($fields['rank'])) {
$fields['rank'] = 10000;
}
if (isset($fields['edit_action'])) {
$fields['edit_action'] = preg_replace('/feed$/i', 'create', $fields['edit_action']);
$fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
}
// cascade anchor access rights
if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
} else {
$fields['active'] = $fields['active_set'];
}
// create overlay from anchor if not done previously
if (!isset($fields['overlay']) && is_object($anchor)) {
$overlay = $anchor->get_overlay('categories_overlay');
if (is_object($overlay)) {
// allow for change detection
$overlay->snapshot();
// update the overlay from form content
$overlay->parse_fields($fields);
// save content of the overlay in the category itself
$fields['overlay'] = $overlay->save();
$fields['overlay_id'] = $overlay->get_id();
}
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
$fields['expiry_date'] = NULL_DATE;
}
// build path information
$path = '';
if (isset($fields['anchor']) && $fields['anchor']) {
$path .= Categories::build_path($fields['anchor']) . '|';
}
$path .= $fields['title'];
// set layout for categories
if (!isset($fields['categories_layout']) || !$fields['categories_layout']) {
$fields['categories_layout'] = $anchor ? $anchor->item['categories_layout'] : 'decorated';
} elseif ($fields['categories_layout'] == 'custom') {
if (isset($fields['categories_custom_layout']) && $fields['categories_custom_layout']) {
$fields['categories_layout'] = $fields['categories_custom_layout'];
} else {
$fields['categories_layout'] = 'decorated';
}
}
// set layout for sections
if (!isset($fields['sections_layout']) || !$fields['sections_layout']) {
$fields['sections_layout'] = $anchor ? $anchor->item['sections_layout'] : 'decorated';
} elseif ($fields['sections_layout'] == 'custom') {
if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
$fields['sections_layout'] = $fields['sections_custom_layout'];
} else {
$fields['sections_layout'] = 'decorated';
}
}
// set layout for articles
if (!isset($fields['articles_layout']) || !$fields['articles_layout']) {
$fields['articles_layout'] = $anchor ? $anchor->item['articles_layout'] : 'decorated';
} elseif ($fields['articles_layout'] == 'custom') {
if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
$fields['articles_layout'] = $fields['articles_custom_layout'];
} else {
$fields['articles_layout'] = 'decorated';
}
}
// set layout for users
if (!isset($fields['users_layout']) || !$fields['users_layout']) {
$fields['users_layout'] = $anchor ? $anchor->item['users_layout'] : 'decorated';
} elseif ($fields['users_layout'] == 'custom') {
if (isset($fields['users_custom_layout']) && $fields['users_custom_layout']) {
$fields['users_layout'] = $fields['users_custom_layout'];
} else {
$fields['users_layout'] = 'decorated';
}
}
// set overlay for sub-categories
if (!isset($fields['categories_overlay'])) {
$fields['categories_overlay'] = $anchor ? $anchor->item['categories_overlay'] : '';
}
// insert a new record
$query = "INSERT INTO " . SQL::table_name('categories') . " SET ";
if (isset($fields['id']) && $fields['id']) {
$query .= "id='" . SQL::escape($fields['id']) . "', ";
}
if (isset($fields['nick_name']) && $fields['nick_name']) {
$query .= "nick_name='" . SQL::escape($fields['nick_name']) . "',";
}
$query .= "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "'," . "active='" . SQL::escape($fields['active']) . "'," . "active_set='" . SQL::escape($fields['active_set']) . "'," . "articles_layout='" . SQL::escape($fields['articles_layout']) . "'," . "background_color='" . SQL::escape(isset($fields['background_color']) ? $fields['background_color'] : '') . "'," . "categories_count=" . SQL::escape(isset($fields['categories_count']) ? $fields['categories_count'] : 5) . "," . "categories_layout='" . SQL::escape($fields['categories_layout']) . "'," . "categories_overlay='" . SQL::escape(isset($fields['categories_overlay']) ? $fields['categories_overlay'] : '') . "'," . "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'," . "create_date='" . SQL::escape($fields['create_date']) . "'," . "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . "," . "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "display='" . SQL::escape(isset($fields['display']) ? $fields['display'] : '') . "'," . "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'category:create') . "'," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "expiry_date='" . SQL::escape($fields['expiry_date']) . "'," . "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'," . "hits=" . SQL::escape(isset($fields['hits']) ? $fields['hits'] : 0) . "," . "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'," . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'," . "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'," . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'," . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "path='" . SQL::escape($path) . "'," . "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'," . "rank='" . SQL::escape($fields['rank']) . "'," . "sections_layout='" . SQL::escape($fields['sections_layout']) . "'," . "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'," . "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'," . "title='" . SQL::escape($fields['title']) . "'," . "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'," . "users_layout='" . SQL::escape($fields['users_layout']) . "'";
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// call remember for the overlay if any intancied here
if (is_object($overlay)) {
$overlay->remember('insert', $fields, 'category:' . $fields['id']);
}
// clear the whole cache, because a rendering option for things anchored to this category could being changed
Categories::clear($fields);
// return the id of the new item
return $fields['id'];
}
/**
* post a new user profile
*
* @param array an array of fields
* @return the id of the new user profile, or FALSE on error
*
* @see control/populate.php
* @see users/edit.php
* @see users/populate.php
* @see query.php
**/
public static function post(&$fields)
{
global $context;
// nick_name is required
if (!isset($fields['nick_name']) || !trim($fields['nick_name'])) {
Logger::error(i18n::s('Please indicate a nick name.'));
return FALSE;
}
// some weird users put spaces around
$fields['nick_name'] = trim($fields['nick_name']);
// names used on shadow records are quite long (eg, tom@foo.bar.com)
if (preg_match('/^(.+)@(.+)$/', $fields['nick_name'], $matches)) {
// if short name is free
if (!Users::get($matches[1])) {
// use it instead (eg, tom)
$fields['nick_name'] = $matches[1];
}
}
// nickname may be already used
if (Users::get($fields['nick_name'])) {
Logger::error(i18n::s('Another member already has this nick name. Please select a different one.'));
return FALSE;
}
// ensure we have a full name
if (!isset($fields['full_name']) || !trim($fields['full_name'])) {
$fields['full_name'] = $fields['nick_name'];
}
// password is required
if (!isset($fields['password']) || !trim($fields['password'])) {
Logger::error(i18n::s('Please indicate a password.'));
return FALSE;
}
// hash password if coming from a human facing a form
if (isset($fields['confirm']) && $fields['confirm'] == $fields['password']) {
$fields['password'] = md5($fields['password']);
}
// open community, accept subscribers and members
if (!isset($fields['capability']) || !in_array($fields['capability'], array('A', 'M', 'S', '?'))) {
$fields['capability'] = 'M';
}
// control user capability
if (!Surfer::is_associate()) {
// closed community, accept only subscribers
if (isset($context['users_with_approved_members']) && $context['users_with_approved_members'] == 'Y') {
$fields['capability'] = 'S';
} elseif (isset($context['users_with_email_validation']) && $context['users_with_email_validation'] == 'Y') {
$fields['capability'] = 'S';
}
}
// remember who is changing this record
Surfer::check_default_editor($fields);
// save new settings in session and in cookie
if (isset($fields['id']) && Surfer::is($fields['id'])) {
// change preferred editor
$_SESSION['surfer_editor'] = $fields['editor'];
Safe::setcookie('surfer_editor', $fields['editor'], NULL, '/');
// change preferred language
if (isset($fields['language']) && $_SESSION['surfer_language'] != $fields['language']) {
$_SESSION['surfer_language'] = $fields['language'];
$_SESSION['l10n_modules'] = array();
}
}
// fields to update
$query = array();
// on import
if (isset($fields['id'])) {
$query[] = "id=" . SQL::escape($fields['id']);
}
if (!isset($fields['active']) || !trim($fields['active'])) {
$fields['active'] = 'Y';
}
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "aim_address='" . SQL::escape(isset($fields['aim_address']) ? $fields['aim_address'] : '') . "'";
$query[] = "alternate_number='" . SQL::escape(isset($fields['alternate_number']) ? $fields['alternate_number'] : '') . "'";
// protect from hackers
if (isset($fields['avatar_url'])) {
$fields['avatar_url'] = encode_link($fields['avatar_url']);
}
$query[] = "avatar_url='" . SQL::escape(isset($fields['avatar_url']) ? $fields['avatar_url'] : '') . "'";
if (!isset($fields['birth_date']) || !$fields['birth_date']) {
$fields['birth_date'] = NULL_DATE;
}
$query[] = "birth_date='" . SQL::escape($fields['birth_date']) . "'";
$query[] = "capability='" . SQL::escape($fields['capability']) . "'";
$query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
if (isset($fields['create_id']) || $fields['edit_id']) {
$query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
}
$query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
$query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
$query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'new') . "'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
if (isset($fields['selected_editor'])) {
$fields['editor'] = $fields['selected_editor'];
} elseif (isset($context['users_default_editor'])) {
$fields['editor'] = $context['users_default_editor'];
} else {
$fields['editor'] = 'yacs';
}
$query[] = "editor='" . SQL::escape($fields['editor']) . "'";
$query[] = "email='" . SQL::escape(isset($fields['email']) ? $fields['email'] : '') . "'";
$query[] = "from_where='" . SQL::escape(isset($fields['from_where']) ? $fields['from_where'] : '') . "'";
$query[] = "full_name='" . SQL::escape(isset($fields['full_name']) ? $fields['full_name'] : '') . "'";
// always create a handle for this user
$fields['handle'] = md5(rand());
$query[] = "handle='" . SQL::escape($fields['handle']) . "'";
$query[] = "icq_address='" . SQL::escape(isset($fields['icq_address']) ? $fields['icq_address'] : '') . "'";
if (!isset($fields['interface']) || $fields['interface'] != 'C') {
$fields['interface'] = 'I';
}
$query[] = "interface='" . SQL::escape($fields['interface']) . "'";
$query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
$query[] = "irc_address='" . SQL::escape(isset($fields['irc_address']) ? $fields['irc_address'] : '') . "'";
$query[] = "jabber_address='" . SQL::escape(isset($fields['jabber_address']) ? $fields['jabber_address'] : '') . "'";
$query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : 'none') . "'";
$query[] = "msn_address='" . SQL::escape(isset($fields['msn_address']) ? $fields['msn_address'] : '') . "'";
$query[] = "nick_name='" . SQL::escape($fields['nick_name']) . "'";
$query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "password='******'password']) ? $fields['password'] : '') . "'";
$query[] = "pgp_key='" . SQL::escape(isset($fields['pgp_key']) ? $fields['pgp_key'] : '') . "'";
$query[] = "phone_number='" . SQL::escape(isset($fields['phone_number']) ? $fields['phone_number'] : '') . "'";
if (!isset($fields['post_date']) || $fields['post_date'] <= NULL_DATE) {
$fields['post_date'] = $fields['edit_date'];
}
$query[] = "post_date='" . SQL::escape($fields['post_date']) . "'";
$query[] = "posts=" . SQL::escape(isset($fields['posts']) ? $fields['posts'] : '0');
$query[] = "signature='" . SQL::escape(isset($fields['signature']) ? $fields['signature'] : '') . "'";
$query[] = "skype_address='" . SQL::escape(isset($fields['skype_address']) ? $fields['skype_address'] : '') . "'";
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
$query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
$query[] = "twitter_address='" . SQL::escape(isset($fields['twitter_address']) ? $fields['twitter_address'] : '') . "'";
$query[] = "vcard_agent='" . SQL::escape(isset($fields['vcard_agent']) ? $fields['vcard_agent'] : '') . "'";
$query[] = "vcard_label='" . SQL::escape(isset($fields['vcard_label']) ? $fields['vcard_label'] : '') . "'";
$query[] = "vcard_organization='" . SQL::escape(isset($fields['vcard_organization']) ? $fields['vcard_organization'] : '') . "'";
$query[] = "vcard_title='" . SQL::escape(isset($fields['vcard_title']) ? $fields['vcard_title'] : '') . "'";
$query[] = "web_address='" . SQL::escape(isset($fields['web_address']) ? $fields['web_address'] : '') . "'";
if (!isset($fields['with_newsletters']) || $fields['with_newsletters'] != 'N') {
$fields['with_newsletters'] = 'Y';
}
$query[] = "with_newsletters='" . $fields['with_newsletters'] . "'";
if (!isset($fields['without_alerts']) || $fields['without_alerts'] != 'Y') {
$fields['without_alerts'] = 'N';
}
$query[] = "without_alerts='" . $fields['without_alerts'] . "'";
if (!isset($fields['without_confirmations']) || $fields['without_confirmations'] != 'Y') {
$fields['without_confirmations'] = 'N';
}
$query[] = "without_confirmations='" . $fields['without_confirmations'] . "'";
if (!isset($fields['without_messages']) || $fields['without_messages'] != 'Y') {
$fields['without_messages'] = 'N';
}
$query[] = "without_messages='" . $fields['without_messages'] . "'";
$query[] = "yahoo_address='" . SQL::escape(isset($fields['yahoo_address']) ? $fields['yahoo_address'] : '') . "'";
// insert statement
$query = "INSERT INTO " . SQL::table_name('users') . " SET " . implode(', ', $query);
// actual insert
if (SQL::query($query, FALSE, $context['users_connection']) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!($fields['id'] = SQL::get_last_id($context['users_connection']))) {
logger::remember('users/users.php: unable to retrieve id of new record');
return FALSE;
}
// list the user in categories
Categories::remember('user:'******'id'], NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// clear the cache for users
Users::clear($fields);
// send a confirmation message
if (isset($fields['email']) && trim($fields['email']) && isset($context['with_email']) && $context['with_email'] == 'Y') {
// message title
$subject = sprintf(i18n::s('Your account at %s'), strip_tags($context['site_name']));
// top of the message
$message = '<p>' . i18n::s('Welcome!') . '</p>' . '<p>' . sprintf(i18n::s('This message relates to your account at %s.'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>';
// mention nick name
$message .= '<p>' . sprintf(i18n::s('Your nick name is %s'), $fields['nick_name']) . '</p>';
// direct link to login page --see users/login.php
$link = $context['url_to_home'] . $context['url_to_root'] . Users::get_login_url('login', $fields['id'], rand(1000, 9999), $fields['handle']);
$message .= '<p>' . i18n::s('Record this message and use the following link to authenticate to the site at any time:') . '</p>' . '<p><a href="' . $link . '">' . $link . '</a></p>';
// caution note
$message .= '<p>' . i18n::s('Caution: This hyperlink contains your login credentials encrypted. Please be aware anyone who uses this link will have full access to your account.') . '</p>';
// confirmation link
if (isset($context['users_with_email_validation']) && $context['users_with_email_validation'] == 'Y') {
$message .= '<p>' . i18n::s('Click on the link below to activate your new account.') . '</p>';
// use the secret handle
$link = $context['url_to_home'] . $context['url_to_root'] . Users::get_url($fields['handle'], 'validate');
$message .= '<p><a href="' . $link . '">' . $link . '</a></p>';
}
// bottom of the message
$message .= '<p>' . sprintf(i18n::s('On-line help is available at %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '">' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Thank you for your interest into %s.'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>';
// enable threading
$headers = Mailer::set_thread('user:'******'id']);
// post the confirmation message
Mailer::notify(NULL, $fields['email'], $subject, $message, $headers);
}
// automatic login
if (!Surfer::get_id() && is_callable(array('Surfer', 'set'))) {
Surfer::set($fields, TRUE);
}
// return the id of the new item
return $fields['id'];
}
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// an error occured
} elseif (count($context['error'])) {
$item = $_REQUEST;
$with_form = TRUE;
// process uploaded data
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
// display the form on error
if ($error = Servers::post($_REQUEST)) {
Logger::error($error);
$item = $_REQUEST;
$with_form = TRUE;
// reward the poster for new posts
} elseif (!$item['id']) {
// the follow-up page
$next = $context['url_to_home'] . $context['url_to_root'] . Servers::get_url(SQL::get_last_id($context['connection']));
// the action
$action = 'server:create';
// increment the post counter of the surfer
Users::increment_posts(Surfer::get_id());
// forward to the updated page
Safe::redirect($next);
// update of an existing server
} else {
// the follow-up page
$next = $context['url_to_home'] . $context['url_to_root'] . Servers::get_url($_REQUEST['id']);
// forward to the updated page
Safe::redirect($next);
}
// display the form on GET
} else {
