/**
* Writes the group data into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
parent::writeToPersistence();
$sql_fields = "\n\t\t\tlabel_prg='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\tdescription_prg='" . SensitiveIO::sanitizeSQLString($this->_description) . "',\n\t\t\tprofile_prg='" . SensitiveIO::sanitizeSQLString(parent::getId()) . "'\n\t\t";
if ($this->_groupId) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_prg='" . $this->_groupId . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_groupId) {
$this->_groupId = $q->getLastInsertedID();
}
/* Delete all records and re-insert the good ones */
$sql = "\n\t\t\tdelete from\n\t\t\t\tprofileUsersByGroup\n\t\t\twhere\n\t\t\t\tgroupId_gu='" . $this->_groupId . "'\n\t\t";
$q = new CMS_query($sql);
if (is_array($this->_users) && $this->_users) {
$sql = '';
foreach ($this->_users as $user) {
$sql .= $sql ? ', ' : '';
$sql .= "('" . $this->_groupId . "' ,'" . $user . "') ";
}
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tprofileUsersByGroup (groupId_gu, userId_gu)\n\t\t\t\tvalues \n\t\t\t\t\t" . $sql;
$q = new CMS_query($sql);
}
//Clear polymod cache
//CMS_cache::clearTypeCacheByMetas('polymod', array('resource' => 'users'));
CMS_cache::clearTypeCache('polymod');
return true;
}
/**
* Writes the page into persistence (MySQL for now), along with base data.
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
parent::writeToPersistence();
$isNew = $this->_pageID === NULL;
// Inform modules of the page creation
$modules = CMS_modulesCatalog::getAll('id');
foreach ($modules as $codename => $module) {
if (method_exists($module, 'pagePreSave')) {
$module->pagePreSave($this, $isNew);
}
}
//save page data
$sql_fields = "\n\t\t\tresource_pag='" . parent::getID() . "',\n\t\t\tremindedEditorsStack_pag='" . SensitiveIO::sanitizeSQLString($this->_remindedEditors->getTextDefinition()) . "',\n\t\t\tlastReminder_pag='" . $this->_lastReminder->getDBValue() . "',\n\t\t\ttemplate_pag='" . $this->_templateID . "',\n\t\t\tlastFileCreation_pag='" . $this->_lastFileCreation->getDBValue() . "',\n\t\t\turl_pag='" . SensitiveIO::sanitizeSQLString($this->_pageURL) . "',\n\t\t\tprotected_pag='" . ($this->_protected ? 1 : 0) . "',\n\t\t\thttps_pag='" . ($this->_https ? 1 : 0) . "'\n\t\t";
if ($this->_pageID) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tpages\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_pag='" . $this->_pageID . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tpages\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_pageID) {
$this->_pageID = $q->getLastInsertedID();
}
//save base data if modified
if ($this->_editedBaseData) {
$sql_fields = "\n\t\t\t\tpage_pbd='" . $this->_pageID . "',\n\t\t\t\ttitle_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["title"]) . "',\n\t\t\t\tlinkTitle_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["linkTitle"]) . "',\n\t\t\t\tkeywords_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["keywords"]) . "',\n\t\t\t\tdescription_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["description"]) . "',\n\t\t\t\treminderPeriodicity_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["reminderPeriodicity"]) . "',\n\t\t\t\treminderOn_pbd='" . $this->_editedBaseData["reminderOn"]->getDBValue() . "',\n\t\t\t\treminderOnMessage_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["reminderOnMessage"]) . "',\n\t\t\t\tcategory_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["category"]) . "',\n\t\t\t\tauthor_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["author"]) . "',\n\t\t\t\treplyto_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["replyto"]) . "',\n\t\t\t\tcopyright_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["copyright"]) . "',\n\t\t\t\tlanguage_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["language"]) . "',\n\t\t\t\trobots_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["robots"]) . "',\n\t\t\t\tpragma_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["pragma"]) . "',\n\t\t\t\trefresh_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["refresh"]) . "',\n\t\t\t\tredirect_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["redirect"]->getTextDefinition()) . "',\n\t\t\t\trefreshUrl_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["refreshUrl"]) . "',\n\t\t\t\tmetas_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["metas"]) . "',\n\t\t\t\tcodename_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["codename"]) . "'\n\t\t\t";
if ($this->_baseDataID) {
$sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_edited\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tid_pbd='" . $this->_baseDataID . "'\n\t\t\t\t";
} else {
$sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\tpagesBaseData_edited\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if (!$q->hasError() && !$this->_baseDataID) {
$this->_baseDataID = $q->getLastInsertedID();
}
}
// Inform modules of the page creation
$modules = CMS_modulesCatalog::getAll('id');
foreach ($modules as $codename => $module) {
if (method_exists($module, 'pagePostSave')) {
$module->pagePostSave($this, $isNew);
}
}
return true;
}
/**
* Writes the resource into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
$this->_status->writeToPersistence();
$sql_fields = "\n\t\t\tstatus_res='" . $this->_status->getID() . "',\n\t\t\teditorsStack_res='" . SensitiveIO::sanitizeSQLString($this->_editors->getTextDefinition()) . "'\n\t\t";
if ($this->_id) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tresources\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_res='" . $this->_id . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tresources\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_id) {
$this->_id = $q->getLastInsertedID();
}
return true;
}
/**
* Get field order SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param mixed $direction : the direction to search (asc/desc)
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false)
{
$statusSuffix = $public ? "_public" : "_edited";
$supportedOperator = array();
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError("Unknown search operator : " . $operator . ", use default search instead");
$operator = false;
}
$sql = '';
//only add tables used by subfields
foreach ($this->_subfields as $subFieldID => $subFieldDefinition) {
$types[$subFieldDefinition['type']] = true;
}
//choose table
if (isset($types['integer']) && $types['integer'] == true) {
$fromTable = 'mod_subobject_integer';
} elseif (isset($types['date']) && $types['date'] == true) {
$fromTable = 'mod_subobject_date';
} elseif (isset($types['text']) && $types['text'] == true) {
$fromTable = 'mod_subobject_text';
} elseif (isset($types['string']) && $types['string'] == true) {
$fromTable = 'mod_subobject_string';
}
if (!$fromTable) {
$fromTable = 'mod_subobject_integer';
}
// create sql
$sql = "\n\t\tselect\n\t\t\tdistinct objectID\n\t\tfrom\n\t\t\t" . $fromTable . $statusSuffix . "\n\t\twhere\n\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t{$where}\n\t\torder by value " . $direction;
return $sql;
}
/**
* Writes the news into persistence (MySQL for now), along with base data.
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
$sql_fields = "\n\t\t\tform_fld='" . SensitiveIO::sanitizeSQLString($this->_formID) . "',\n\t\t\tname_fld='" . SensitiveIO::sanitizeSQLString($this->_name) . "',\n\t\t\tlabel_fld='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\ttype_fld='" . SensitiveIO::sanitizeSQLString($this->_type) . "',\n\t\t\tdataValidation_fld='" . SensitiveIO::sanitizeSQLString($this->_dataValidation) . "',\n\t\t\tdefaultValue_fld='" . SensitiveIO::sanitizeSQLString($this->_value) . "',\n\t\t\trequired_fld='" . SensitiveIO::sanitizeSQLString($this->_required) . "',\n\t\t\tactive_fld='" . SensitiveIO::sanitizeSQLString($this->_active) . "',\n\t\t\torder_fld='" . SensitiveIO::sanitizeSQLString($this->_order) . "',\n\t\t\toptions_fld='" . SensitiveIO::sanitizeSQLString(serialize($this->_options)) . "',\n\t\t\tparams_fld='" . SensitiveIO::sanitizeSQLString(serialize($this->_params)) . "'\n\t\t\t";
if ($this->_fieldID) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_cms_forms_fields\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_fld='" . $this->_fieldID . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_cms_forms_fields\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
$this->raiseError("Failed to write");
return false;
} elseif (!$this->_fieldID) {
$this->_fieldID = $q->getLastInsertedID();
}
//then write options in a second query, (cause in the first query it cause a strange error with PDO
/*$sql_fields = "
options_fld=:options
";
$sqlParameters = array(
'options' => serialize($this->_options),
);
$sql = "
update
mod_cms_forms_fields
set
".$sql_fields."
where
id_fld='".$this->_fieldID."'
";
$q = new CMS_query();
$q->executePreparedQuery($sql, $sqlParameters);
if ($q->hasError()) {
$this->raiseError("Failed to write");
return false;
}*/
return true;
}
/**
* Writes the row into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
if (!$this->_uuid) {
$this->_uuid = io::uuid();
}
$sql_fields = "\n\t\t\tlabel_row='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\tdefinitionFile_row='" . SensitiveIO::sanitizeSQLString($this->_definitionFile) . "',\n\t\t\tmodulesStack_row='" . $this->_modules->getTextDefinition() . "',\n\t\t\tgroupsStack_row='" . SensitiveIO::sanitizeSQLString($this->_groups->getTextDefinition()) . "',\n\t\t\tuseable_row='" . SensitiveIO::sanitizeSQLString($this->_useable) . "',\n\t\t\tdescription_row='" . SensitiveIO::sanitizeSQLString($this->_description) . "',\n\t\t\ttplfilter_row='" . SensitiveIO::sanitizeSQLString(implode(';', $this->_tplfilter)) . "',\n\t\t\timage_row='" . SensitiveIO::sanitizeSQLString($this->_image) . "',\n\t\t\tuuid_row='" . SensitiveIO::sanitizeSQLString($this->_uuid) . "'\n\t\t";
if ($this->_id) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_standard_rows\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_row='" . $this->_id . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_standard_rows\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t";
}
//pr($sql);
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_id) {
$this->_id = $q->getLastInsertedID();
}
return true;
}
/**
* Get field search SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param mixed $value : the value to search
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false)
{
$supportedOperator = array();
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError("Unknown search operator : " . $operator . ", use default search instead");
$operator = false;
}
$statusSuffix = $public ? "_public" : "_edited";
$value = $value == '-' ? '0' : $value;
$sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand value = '" . $value . "'\n\t\t\t\t{$where}";
return $sql;
}
/**
* Get the search.
*
* @param integer $searchType : the type of the search (see constants)
* @return array of CMS_page the result pages
* @access public
*/
function getSearch($keywords, $user, $public = false, $withPageContent = false)
{
if (is_a($user, 'CMS_profile_user')) {
$cms_language = $user->getLanguage();
} else {
$cms_language = new CMS_language('fr');
}
$results = array();
$count = 0;
/*$messages = array();
$message = '';*/
$where = $order = '';
$foundLinkToIDs = $foundLinkFromIDs = $foundPagesFromTemplate = $foundPagesFromRow = $matches = array();
// Clean keywords
$keywords = SensitiveIO::sanitizeSQLString($keywords);
$keywords = strtr($keywords, ",;", " ");
$blocks = array();
$blocks = array_map("trim", array_unique(explode(" ", $keywords)));
$cleanedBlocks = array();
foreach ($blocks as $block) {
if ($block !== '' || sensitiveIO::isPositiveInteger($block)) {
$block = str_replace(array('%', '_'), array('\\%', '\\_'), $block);
$cleanedBlocks[] = $block;
}
}
// Separate block codes
if ($cleanedBlocks) {
$allDatas = array();
$allCodes = CMS_search::getAllCodes();
foreach ($allCodes as $code) {
$datas = array();
foreach (array_keys($cleanedBlocks) as $key) {
if (strstr($cleanedBlocks[$key], $code . ':')) {
$datas[] = $cleanedBlocks[$key];
unset($cleanedBlocks[$key]);
}
}
if ($datas) {
$allDatas[$code] = $datas;
}
}
$allDatas[self::SEARCH_TYPE_DEFAULT] = $cleanedBlocks;
// Get IDs from all specific codes
$foundIDs = array();
$allLinksNumber = 0;
foreach ($allCodes as $code) {
switch ($code) {
case self::SEARCH_TYPE_LINKTO:
if (isset($allDatas[self::SEARCH_TYPE_LINKTO])) {
$foundLinkToIDs = array();
$where = '';
$count = 0;
foreach ($allDatas[self::SEARCH_TYPE_LINKTO] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " start_lre = '" . $tabValues[1] . "' ";
}
}
if ($where) {
$select = ' stop_lre ';
$from = 'linx_real_public';
$sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
$q = new CMS_query($sql);
$arr = array();
while ($arr = $q->getArray()) {
$foundLinkToIDs[] = $arr["stop_lre"];
}
// Count links number
$allLinksNumber += count($foundLinkToIDs);
$where = $select = '';
}
}
break;
case self::SEARCH_TYPE_LINKFROM:
if (isset($allDatas[self::SEARCH_TYPE_LINKFROM])) {
$foundLinkFromIDs = array();
$where = '';
$count = 0;
/*$messagesIDs = array();*/
foreach ($allDatas[self::SEARCH_TYPE_LINKFROM] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " stop_lre = '" . $tabValues[1] . "' ";
}
}
if ($where) {
$select = ' start_lre ';
$from = 'linx_real_public';
$sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
$q = new CMS_query($sql);
$arr = array();
while ($arr = $q->getArray()) {
$foundLinkFromIDs[] = $arr["start_lre"];
}
// Count links number
$allLinksNumber += count($foundLinkFromIDs);
$where = $select = '';
}
}
break;
case self::SEARCH_TYPE_TEMPLATE:
if (isset($allDatas[self::SEARCH_TYPE_TEMPLATE])) {
$foundPagesFromTemplate = array();
foreach ($allDatas[self::SEARCH_TYPE_TEMPLATE] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$foundPagesFromTemplate = array_unique(array_merge(CMS_pageTemplatesCatalog::getPagesByTemplate($tabValues[1]), $foundPagesFromTemplate));
}
}
$allLinksNumber += count($foundPagesFromTemplate);
}
break;
case self::SEARCH_TYPE_ROW:
if (isset($allDatas[self::SEARCH_TYPE_ROW])) {
$foundPagesFromRow = array();
foreach ($allDatas[self::SEARCH_TYPE_ROW] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$foundPagesFromRow = array_unique(array_merge(CMS_rowsCatalog::getPagesByRow($tabValues[1]), CMS_rowsCatalog::getPagesByRow($tabValues[1], false, true), $foundPagesFromRow));
}
}
$allLinksNumber += count($foundPagesFromRow);
}
break;
}
}
$foundIDs = array_unique(array_merge($foundLinkToIDs, $foundLinkFromIDs, $foundPagesFromTemplate, $foundPagesFromRow));
// Main sql requests (for pageId, pages codenames and keywords)
if ($allDatas[self::SEARCH_TYPE_DEFAULT]) {
$count = 0;
$where = '';
foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $key => $block) {
if (SensitiveIO::isPositiveInteger($block)) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " (page_pbd like '%" . $block . "%')";
unset($allDatas[self::SEARCH_TYPE_DEFAULT][$key]);
}
}
$order = '';
if ($allDatas[self::SEARCH_TYPE_DEFAULT]) {
$suffix = $public ? '_public' : '_edited';
if (!$withPageContent) {
//Search in page metadatas
//$count = 0;
foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $block) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " (\n\t\t\t\t\t\t\t\ttitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor linkTitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor keywords_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor description_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor category_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor codename_pbd = '" . $block . "'\n\t\t\t\t\t\t\t)";
}
if ($foundIDs) {
$where .= " and page_pbd in (" . implode($foundIDs, ',') . ") ";
}
// Set SQL
$sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tpage_pbd\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tpagesBaseData" . $suffix . "\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t";
$q = new CMS_query($sql);
//pr($sql);
$results = array();
$count = 0;
$foundIDs = array();
while ($id = $q->getValue('page_pbd')) {
$foundIDs[] = $id;
}
$order = "\n\t\t\t\t\t \t\torder by title_pbd asc\n\t\t\t\t\t\t";
} else {
//Search in page content (fulltext search)
$keywords = implode(' ', $allDatas[self::SEARCH_TYPE_DEFAULT]);
$selects = array('pagesBaseData' . $suffix => array('page' => 'page_pbd', 'match' => 'title_pbd,linkTitle_pbd,keywords_pbd,description_pbd,codename_pbd'), 'blocksVarchars' . $suffix => array('page' => 'page', 'match' => 'value'), 'blocksTexts' . $suffix => array('page' => 'page', 'match' => 'value', 'entities' => true), 'blocksImages' . $suffix => array('page' => 'page', 'match' => 'label'), 'blocksFiles' . $suffix => array('page' => 'page', 'match' => 'label'));
$matches = array();
foreach ($selects as $table => $select) {
// Set SQL
$sql = "\n\t\t\t\t\t\t\t\tselect \n\t\t\t\t\t\t\t\t\t" . $select['page'] . " as pageId, MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "') as m1\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " , MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') as m2 " : '') . "\n\t\t\t\t\t\t\t\tfrom \n\t\t\t\t\t\t\t\t\t" . $table . "\n\t\t\t\t\t\t\t\twhere \n\t\t\t\t\t\t\t\t\tMATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "')\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " or MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') " : '') . "\n\t\t\t\t\t\t\t\t";
//pr($sql);
$q = new CMS_query($sql);
while ($r = $q->getArray()) {
if (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m1'] > $matches[$r['pageId']]) {
$matches[$r['pageId']] = $r['m1'];
}
if (isset($r['m2']) && (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m2'] > $matches[$r['pageId']])) {
$matches[$r['pageId']] = $r['m2'];
}
}
}
//sort page Ids by relevance
arsort($matches, SORT_NUMERIC);
//$matches = array_keys($matches);
$order = "\n\t\t\t\t\t \t\torder by field(page_pbd, " . implode(',', array_reverse(array_keys($matches))) . ") desc\n\t\t\t\t\t\t";
$foundIDs = $foundIDs ? array_intersect(array_keys($matches), $foundIDs) : array_keys($matches);
}
} else {
$order = " order by page_pbd ";
}
}
if ($foundIDs) {
$select = ' page_pbd ';
$from = $public ? 'pagesBaseData_public' : 'pagesBaseData_edited';
$where .= $where && $foundIDs ? " and " : '';
$where .= $foundIDs ? " page_pbd in (" . implode($foundIDs, ',') . ") " : '';
if ($where) {
// Set SQL
$sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t" . $order . "\n\t\t\t\t\t";
$q = new CMS_query($sql);
//pr($sql);
$results = array();
$count = 0;
while ($arr = $q->getArray()) {
$id = $arr["page_pbd"];
if ($user->hasPageClearance($id, CLEARANCE_PAGE_VIEW)) {
$count++;
$results[$id] = $id;
}
}
}
}
} else {
// No results
$count = 0;
}
return array('nbresult' => $count, 'nblinksresult' => $allLinksNumber, 'results' => $results, 'score' => $matches);
}
/**
* Writes the cmsprofile into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
$sql_fields = "\n\t\t\tadministrationClearance_pr='" . SensitiveIO::sanitizeSQLString($this->_adminClearance) . "',\n\t\t\tpageClearancesStack_pr='" . SensitiveIO::sanitizeSQLString($this->_pageClearances->getTextDefinition()) . "',\n\t\t\tvalidationClearancesStack_pr='" . SensitiveIO::sanitizeSQLString($this->_validationClearances->getTextDefinition()) . "',\n\t\t\tmoduleClearancesStack_pr='" . SensitiveIO::sanitizeSQLString($this->_moduleClearances->getTextDefinition()) . "',\n\t\t\ttemplateGroupsDeniedStack_pr='" . SensitiveIO::sanitizeSQLString($this->_templateGroupsDenied->getTextDefinition()) . "',\n\t\t\trowGroupsDeniedStack_pr='" . SensitiveIO::sanitizeSQLString($this->_rowGroupsDenied->getTextDefinition()) . "'\n\t\t";
if ($this->_id) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tprofiles\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_pr='" . $this->_id . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tprofiles\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
//pr($sql);
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_id) {
$this->_id = $q->getLastInsertedID();
}
if (!sensitiveIO::isPositiveInteger($this->_moduleCategoriesClearances->getProfileID())) {
$this->_moduleCategoriesClearances->setProfileID($this->_id);
}
// Write moduleCategories clearances to persistence also
return $this->_moduleCategoriesClearances->writeToPersistence();
}
/**
* Get field order SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param mixed $direction : the direction to search (asc/desc)
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false)
{
$statusSuffix = $public ? "_public" : "_edited";
//operators are not supported for now : TODO
$supportedOperator = array();
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError("Unkown search operator : " . $operator . ", use default search instead");
$operator = false;
}
$sql = '';
//only add tables used by subfields
foreach ($this->_subfields as $subFieldID => $subFieldDefinition) {
$types[$subFieldDefinition['type']] = true;
}
//choose table
$fromTable = 'mod_subobject_string';
// create sql
$sql = "\n select\n distinct objectID\n from\n " . $fromTable . $statusSuffix . "\n where\n objectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n and objectSubFieldID = '1'\n {$where}\n order by value " . $direction;
return $sql;
}
/**
* Get field order SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param mixed $direction : the direction to search (asc/desc)
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false)
{
global $cms_language;
$statusSuffix = $public ? "_public" : "_edited";
$supportedOperator = array('label', 'atmorder');
if ($operator && !in_array($operator, $supportedOperator)) {
$this->_raiseError(get_class($this) . " : getFieldSearchSQL : unkown search operator : " . $operator . ", use default search instead");
$operator = false;
}
if ($operator == 'label' && !is_object($cms_language)) {
$this->_raiseError(get_class($this) . " : getFieldSearchSQL : unkown cms_language to use for label search order, use default search instead");
$operator = false;
}
$sql = '';
$fromTable = 'mod_subobject_integer';
if (!$operator) {
// create sql
$sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\t" . $fromTable . $statusSuffix . "\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t{$where}\n\t\t\torder by value " . $direction;
} else {
switch ($operator) {
case 'label':
$sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\t\t\t\tmodulesCategories_i18nm\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t\t\t\tand category_mcl = value\n\t\t\t\t\t\t\tand language_mcl = '" . $cms_language->getCode() . "'\n\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\torder by label_mcl " . $direction;
break;
case 'atmorder':
$sqlTemp = "select distinct(modulesCategories.root_mca) as root from " . $fromTable . $statusSuffix . ", modulesCategories where id_mca = value\n\t\t\t\t\t\t\t{$where}";
$q = new CMS_query($sqlTemp);
$roots = $q->getAll();
$catOrder = array();
foreach ($roots as $aRoot) {
$sqlRoot = "select * from modulesCategories where root_mca = " . $aRoot['root'] . ' or id_mca = ' . $aRoot['root'];
$qRoot = new CMS_query($sqlRoot);
$allCats = $qRoot->getAll();
foreach ($allCats as $aCategory) {
$catOrder[$aCategory['id_mca']] = $aCategory['order_mca'];
}
}
$allCatsSql = "select modulesCategories.* from " . $fromTable . $statusSuffix . ", modulesCategories where id_mca = value\n\t\t\t\t\t\t\t{$where}";
// get all categories matching the objects
$q = new CMS_query($allCatsSql);
$cats = $q->getAll();
$rootCalculated = false;
$allCatsWeights = array();
foreach ($cats as $aCat) {
$lineage = $aCat['lineage_mca'];
$lineage_parts = explode(";", $lineage);
$catWeight = 0;
$depth = 1;
//CMS_grandFather::log($lineage);
foreach ($lineage_parts as $value) {
$catWeight += isset($catOrder[$value]) ? $catOrder[$value] * pow(0.001, $depth) : 0;
$depth++;
}
$allCatsWeights[$aCat['id_mca']] = $catWeight;
}
$orderClauses = 'ORDER BY CASE ';
foreach ($allCatsWeights as $cat => $weight) {
$orderClauses .= "\n\t\t\t\t\t\t\tWHEN value = " . $cat . " THEN " . $weight;
}
$orderClauses .= ' END ' . $direction;
$sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t" . $orderClauses;
//CMS_grandFather::log($sql);
break;
}
}
return $sql;
}
/**
* Test user auto login to see if it is active
*
* @return boolean true if autologin is active, false otherwise
* @access public
* @static
*/
function autoLoginActive()
{
if (!isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
return false;
}
$attrs = @explode("|", base64_decode($_COOKIE[CMS_session::getAutoLoginCookieName()]));
$id_ses = (int) $attrs[0];
$session_id = $attrs[1];
if ($id_ses > 0 && $session_id) {
$sql = "\n\t\t\t\tselect\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tsessions\n\t\t\t\twhere\n\t\t\t\t\tid_ses = '" . SensitiveIO::sanitizeSQLString($id_ses) . "'\n\t\t\t\t\tand phpid_ses = '" . SensitiveIO::sanitizeSQLString($session_id) . "'\n\t\t\t\t\tand cookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t";
if (CHECK_REMOTE_IP_MASK && isset($_SERVER['REMOTE_ADDR'])) {
//Check for a range in IPv4 or for the exact address in IPv6
if (filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$a_ip_seq = explode(".", $_SERVER['REMOTE_ADDR']);
$sql .= "and remote_addr_ses like '" . SensitiveIO::sanitizeSQLString($a_ip_seq[0] . "." . $a_ip_seq[1] . ".") . "%'\n\t\t\t\t\t";
} else {
$sql .= "and remote_addr_ses = '" . SensitiveIO::sanitizeSQLString($_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t\t";
}
}
$q = new CMS_query($sql);
if ($q->getNumRows() == 1) {
return true;
}
}
return false;
}
/**
* Return categories found in given module in current language
*
* @static
* @access public
* @param array $attrs, search criteria
* Array (
* "module" => string
* "language" => CMS_language
* "level" => integer (Default -1)
* "root" => integer (Default -1)
* "cms_user" => CMS_profile
* "clearanceLevel" => mixed (default : false)
* - false : CLEARANCE_MODULE_VIEW
* - true : CLEARANCE_MODULE_EDIT
* - constant value : clearanceLevel value
* "strict" => boolean (default : false)
* )
* @return array(CMS_moduleCategory)
*/
function getAll($attrs)
{
$items = array();
if (!$attrs["module"]) {
CMS_grandFather::raiseError("Not a valid module codename given");
return $items;
}
if (!isset($attrs["clearanceLevel"])) {
$attrs["clearanceLevel"] = false;
}
if (!isset($attrs["strict"])) {
$attrs["strict"] = false;
}
//for backward compatibility
if (isset($attrs["editableOnly"]) && $attrs["editableOnly"]) {
$attrs["clearanceLevel"] = true;
}
// Prepare SQL
$s_where = $s_table = '';
// Limit to module
if ($attrs["module"]) {
$s_where .= "\n\t\t\t\tand module_mca='" . SensitiveIO::sanitizeSQLString($attrs["module"]) . "'";
}
// Limit to user permissions on module categories
if (isset($attrs["cms_user"]) && is_a($attrs["cms_user"], 'CMS_profile')) {
$a_where = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($attrs["cms_user"], $attrs["module"], true, $attrs["clearanceLevel"], $attrs['strict']);
//pr(array_keys($a_where));
if (is_array($a_where) && $a_where) {
$a_where = array_keys($a_where);
$s_where .= ' and id_mca in (' . @implode(',', $a_where) . ')';
} else {
//user as no permissions on categories so return nothing
return array();
}
}
// Limit to parent and/or root categories given
if (isset($attrs["level"]) && $attrs["level"] !== false && (int) $attrs["level"] > -1) {
$s_where .= "\n\t\t\t\tand parent_mca='" . SensitiveIO::sanitizeSQLString($attrs["level"]) . "'";
}
if (isset($attrs["root"]) && $attrs["root"] !== false && (int) $attrs["root"] > -1) {
$s_where .= "\n\t\t\t\tand root_mca='" . SensitiveIO::sanitizeSQLString($attrs["root"]) . "'";
}
if (isset($attrs["language"]) && is_a($attrs["language"], 'CMS_language')) {
$s_table .= ',modulesCategories_i18nm ';
$s_where .= "and id_mca=category_mcl and language_mcl='" . SensitiveIO::sanitizeSQLString($attrs["language"]->getCode()) . "'";
}
$sql = "\n\t\t\tselect\n\t\t\t\tid_mca as id\n\t\t\tfrom\n\t\t\t\tmodulesCategories\n\t\t\t\t{$s_table}\n\t\t\twhere\n\t\t\t\t1 = 1\n\t\t\t\t{$s_where}\n\t\t\tgroup by\n\t\t\t\tid_mca\n\t\t\torder by\n\t\t\t\torder_mca asc\n\t\t";
//pr($sql);
$q = new CMS_query($sql);
while ($id = $q->getValue('id')) {
$obj = CMS_moduleCategories_catalog::getByID($id, $attrs["language"]);
if (!$obj->hasError()) {
$items[] = $obj;
}
}
return $items;
}
/**
* Return a list of all objects ids used by a field
*
* @param integer $fieldID : the field id
* @param boolean $public are the needed datas public ? (default false)
* @return array(integer objectID => integer objectID)
* @access public
*/
static function getUsedObjectsID($fieldID, $public = false)
{
$return = array();
if (sensitiveIO::isPositiveInteger($fieldID)) {
$statusSuffix = $public ? "_public" : "_edited";
$sql = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct value as id\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t\tand value != 0";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
while ($id = $q->getValue('id')) {
$return[$id] = $id;
}
}
}
return $return;
}
/**
* Writes the module into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
$sql_fields = "\n\t\t\tlabel_mod='" . SensitiveIO::sanitizeSQLString($this->_labelMessageID) . "',\n\t\t\tcodename_mod='" . SensitiveIO::sanitizeSQLString($this->_codename) . "',\n\t\t\tadministrationFrontend_mod='" . SensitiveIO::sanitizeSQLString($this->_administrationFrontend) . "',\n\t\t\thasParameters_mod='" . SensitiveIO::sanitizeSQLString($this->_hasParameters) . "',\n\t\t\tisPolymod_mod='" . SensitiveIO::sanitizeSQLString($this->_isPolymod) . "'\n\t\t";
if ($this->_id) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmodules\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_mod='" . $this->_id . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmodules\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_id) {
$this->_id = $q->getLastInsertedID();
}
//create module files for module
$this->createModuleFiles();
return true;
}
/**
* Writes the contactData into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
$sql_fields = "\n\t\t\tservice_cd='" . SensitiveIO::sanitizeSQLString($this->_service) . "',\n\t\t\tjobTitle_cd='" . SensitiveIO::sanitizeSQLString($this->_jobTitle) . "',\n\t\t\taddressField1_cd='" . SensitiveIO::sanitizeSQLString($this->_addressField1) . "',\n\t\t\taddressField2_cd='" . SensitiveIO::sanitizeSQLString($this->_addressField2) . "',\n\t\t\taddressField3_cd='" . SensitiveIO::sanitizeSQLString($this->_addressField3) . "',\n\t\t\tzip_cd='" . SensitiveIO::sanitizeSQLString($this->_zip) . "',\n\t\t\tcity_cd='" . SensitiveIO::sanitizeSQLString($this->_city) . "',\n\t\t\tstate_cd='" . SensitiveIO::sanitizeSQLString($this->_state) . "',\n\t\t\tcountry_cd='" . SensitiveIO::sanitizeSQLString($this->_country) . "',\n\t\t\tphone_cd='" . SensitiveIO::sanitizeSQLString($this->_phone) . "',\n\t\t\tcellphone_cd='" . SensitiveIO::sanitizeSQLString($this->_cellphone) . "',\n\t\t\tfax_cd='" . SensitiveIO::sanitizeSQLString($this->_fax) . "',\n\t\t\temail_cd='" . SensitiveIO::sanitizeSQLString($this->_email) . "',\n\t\t\tcompany_cd='" . SensitiveIO::sanitizeSQLString($this->_company) . "',\n\t\t\tgender_cd='" . SensitiveIO::sanitizeSQLString($this->_gender) . "'\n\t\t";
if ($this->_id) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tcontactDatas\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_cd='" . $this->_id . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tcontactDatas\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_id) {
$this->_id = $q->getLastInsertedID();
}
return true;
}
/**
* Get field search SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object
* @param mixed $value : the value to search
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false)
{
$statusSuffix = $public ? "_public" : "_edited";
$sql = "\n\t\tselect\n\t\t\tdistinct objectID\n\t\tfrom\n\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\twhere\n\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\tand value " . (is_array($value) ? "in (" . SensitiveIO::sanitizeSQLString(implode(',', $value)) . ")" : "= '" . SensitiveIO::sanitizeSQLString($value) . "'") . "\n\t\t\t{$where}\n\t\t";
return $sql;
}
/**
* Get field search SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param mixed $value : the value to search
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false)
{
$supportedOperator = array('like', '!=', '=', 'any', 'all', 'phrase', 'beginswith');
$supportedOperatorForArray = array('in', 'not in', 'any', 'all');
// No operator : use default search
if (!$operator) {
return parent::getFieldSearchSQL($fieldID, $value, $operator, $where, $public);
}
// Check supported operators
if ($operator && !in_array($operator, array_merge($supportedOperator, $supportedOperatorForArray))) {
$this->raiseError("Unknown search operator : " . $operator . ", use default search instead");
$operator = false;
}
// Check operators for array value
if (is_array($value) && $operator && !in_array($operator, $supportedOperatorForArray)) {
$this->raiseError("Can't use this operator : " . $operator . " with an array value, return empty sql");
return '';
}
$statusSuffix = $public ? "_public" : "_edited";
$cleanedWords = array();
if (is_array($value)) {
if ($operator == 'any' || $operator == 'all') {
// in this case, we do a specific cleanup
foreach ($value as $i => $val) {
$cleanedWords[] = str_replace(array('%', '_'), array('\\%', '\\_'), $val);
}
} else {
foreach ($value as $i => $val) {
$value[$i] = "'" . SensitiveIO::sanitizeSQLString($val) . "'";
}
$value = '(' . implode(',', $value) . ')';
}
} elseif (strtolower($value) == 'null') {
$value = "''";
} else {
if ($operator == 'any' || $operator == 'all') {
$words = array();
$words = array_map("trim", array_unique(explode(" ", $value)));
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
$cleanedWords[] = $aWord;
}
}
} elseif ($operator != 'phrase' && $operator != 'beginswith') {
// we keep this for backward compatibility, where the user can specify his search with % at the beginning / end
$value = "'" . SensitiveIO::sanitizeSQLString($value) . "'";
}
}
$whereClause = '';
switch ($operator) {
case 'any':
$whereClause .= '(';
//then add keywords
$count = '0';
foreach ($cleanedWords as $aWord) {
$whereClause .= $count ? ' or ' : '';
$count++;
$whereClause .= "value like '%" . $aWord . "%'";
if (htmlentities($aWord) != $aWord) {
$whereClause .= " or value like '%" . htmlentities($aWord) . "%'";
}
}
$whereClause .= ')';
break;
case 'all':
$whereClause .= '(';
//then add keywords
$count = '0';
foreach ($cleanedWords as $aWord) {
$whereClause .= $count ? ' and ' : '';
$count++;
if (htmlentities($aWord) != $aWord) {
$whereClause .= "(value like '%" . $aWord . "%' or value like '%" . htmlentities($aWord) . "%')";
} else {
$whereClause .= "value like '%" . $aWord . "%'";
}
}
$whereClause .= ')';
break;
case 'phrase':
$value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value));
if (htmlentities($value) != $value) {
$whereClause .= "(value like '%" . $value . "%' or value like '%" . htmlentities($value) . "%')";
} else {
$whereClause .= "value like '%" . $value . "%'";
}
break;
case 'beginswith':
$value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value));
if (htmlentities($value) != $value) {
$whereClause .= "(value like '" . $value . "%' or value like '" . htmlentities($value) . "%')";
} else {
$whereClause .= "value like '" . $value . "%'";
}
break;
default:
$whereClause .= " value " . $operator . " " . $value;
break;
}
$sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand " . $whereClause . "\n\t\t\t\t{$where}";
return $sql;
}
/**
* Writes object into persistence (MySQL for now), along with base data.
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
//get Order if needed
if (!$this->_objectFieldValues["order"] && sensitiveIO::isPositiveInteger($this->_objectFieldValues["objectID"])) {
$this->_objectFieldValues["order"] = $this->getFieldsNextOrder();
}
if (!$this->_objectFieldValues["uuid"]) {
$this->_objectFieldValues["uuid"] = io::uuid();
}
$sql_fields = "\n\t\t\tobject_id_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["objectID"]) . "',\n\t\t\tlabel_id_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["labelID"]) . "',\n\t\t\tdesc_id_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["descriptionID"]) . "',\n\t\t\ttype_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["type"]) . "',\n\t\t\torder_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["order"]) . "',\n\t\t\tsystem_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["system"]) . "',\n\t\t\trequired_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["required"]) . "',\n\t\t\tindexable_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["indexable"]) . "',\n\t\t\tsearchlist_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["searchlist"]) . "',\n\t\t\tsearchable_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["searchable"]) . "',\n\t\t\tparams_mof='" . SensitiveIO::sanitizeSQLString(serialize($this->_objectFieldValues["params"])) . "',\n\t\t\tuuid_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["uuid"]) . "'\n\t\t";
//save data
if ($this->_fieldID) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_object_field\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_mof='" . $this->_fieldID . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_object_field\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
$this->raiseError("Can't save object");
return false;
} elseif (!$this->_fieldID) {
$this->_fieldID = $q->getLastInsertedID();
}
//unset fields catalog in cache
CMS_cache::clearTypeCache('atm-polymod-structure');
//Clear polymod cache
//CMS_cache::clearTypeCacheByMetas('polymod', array('module' => CMS_poly_object_catalog::getModuleCodenameForField($this->_fieldID)));
CMS_cache::clearTypeCache('polymod');
return true;
}
/**
* Cleans a value submited by user before givening it to SQL.
*
* @access private
* @param string $s, the string to clean
* @return string
*/
protected function _sanitizeSQLString($s)
{
$s = SensitiveIO::stripPHPTags(trim($s));
$s = str_replace("%", "", $s);
return SensitiveIO::sanitizeSQLString($s);
}
/**
* Get field order SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param mixed $direction : the direction to search (asc/desc)
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false)
{
$statusSuffix = $public ? "_public" : "_edited";
//operators are not supported for now : TODO
$supportedOperator = array();
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError('Unkown search operator : ' . $operator . ', use default search instead');
$operator = false;
}
$sql = '';
//choose table
$fromTable = 'mod_subobject_string';
// create sql
$sql = "\n\t\tselect\n\t\t\tdistinct objectID\n\t\tfrom\n\t\t\t" . $fromTable . $statusSuffix . "\n\t\twhere\n\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\tand objectSubFieldID = '0'\n\t\t\t{$where}\n\t\torder by (value+0) " . $direction;
return $sql;
}
/**
* Is user belongs to given group ?
*
* @return boolean
* @access public
* @static
*/
static function userBelongsToGroup($userID, $groupID)
{
if (!sensitiveIO::isPositiveInteger($userID) || !sensitiveIO::isPositiveInteger($groupID)) {
CMS_grandFather::raiseError('User id and group id must be positive integers');
return false;
}
$sql = "\n\t\t\tselect\n\t\t\t\t1\n\t\t\tfrom\n\t\t\t\tprofileUsersByGroup\n\t\t\twhere\n\t\t\t\tuserId_gu = '" . SensitiveIO::sanitizeSQLString($userID) . "'\n\t\t\t\tand groupId_gu = '" . SensitiveIO::sanitizeSQLString($groupID) . "'\n\t\t";
$q = new CMS_query($sql);
return $q->getNumRows() ? true : false;
}
/**
* Write to persistence
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
$sql_fields = "\n\t\t\t\tuser_log='" . SensitiveIO::sanitizeSQLString($this->_user->getUserId()) . "',\n\t\t\t\taction_log='" . SensitiveIO::sanitizeSQLString($this->_action) . "',\n\t\t\t\tdatetime_log='" . SensitiveIO::sanitizeSQLString($this->_datetime->getDBValue()) . "',\n\t\t\t\ttextData_log='" . SensitiveIO::sanitizeSQLString($this->_textData) . "',\n\t\t\t\tlabel_log='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\t\tmodule_log='" . SensitiveIO::sanitizeSQLString($this->_module) . "',\n\t\t\t\tresource_log='" . SensitiveIO::sanitizeSQLString($this->_resource) . "',\n\t\t\t\trsAfterLocation_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getLocation()) . "',\n\t\t\t\trsAfterProposedFor_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getProposedFor()) . "',\n\t\t\t\trsAfterEditions_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getEditions()) . "',\n\t\t\t\trsAfterValidationsRefused_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getValidationRefused()) . "',\n\t\t\t\trsAfterPublication_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getPublication()) . "'\t\n\t\t\t";
if ($this->_id) {
$sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tlog\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tid_log='" . $this->_id . "'\n\t\t\t\t";
} else {
$sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\tlog\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} else {
$this->_id = $q->getLastInsertedID();
}
return true;
}
/**
* Writes the clientSpace into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
if ($this->_templateID && $this->_tagID) {
$table = "mod_standard_clientSpaces";
$table .= $this->_editionMode ? "_edition" : "_edited";
//delete from table
$sql = "\n\t\t\t\tdelete from\n\t\t\t\t\t" . $table . "\n\t\t\t\twhere\n\t\t\t\t\ttemplate_cs='" . $this->_templateID . "'\n\t\t\t\t\tand tagID_cs='" . SensitiveIO::sanitizeSQLString($this->_tagID) . "'\n\t\t\t";
$q = new CMS_query($sql);
//insert new rows datas if any
if (is_array($this->_rows) && $this->_rows) {
$sql = "insert into\n\t\t\t\t\t\t\t" . $table . "\n\t\t\t\t\t\t\t(`template_cs`, `tagID_cs`, `rowsDefinition_cs`, `type_cs`, `order_cs`) \n\t\t\t\t\t\tVALUES ";
$count = 0;
foreach ($this->_rows as $order => $row) {
if (SensitiveIO::isPositiveInteger($row->getID())) {
$sql .= $count ? ',' : '';
$sql .= "('" . $this->_templateID . "', '" . SensitiveIO::sanitizeSQLString($this->_tagID) . "', '" . SensitiveIO::sanitizeSQLString($row->getTagID()) . "', '" . $row->getID() . "', '" . $order . "')";
$count++;
}
}
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
}
}
return true;
}
return false;
}
/**
* Writes the news into persistence (MySQL for now), along with base data.
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
//save data
$closed = $this->_public === true ? 0 : 1;
$sql_fields = "\n\t\t\towner_frm='" . $this->_ownerID . "',\n\t\t\tlanguage_frm='" . SensitiveIO::sanitizeSQLString($this->_language->getCode()) . "',\n\t\t\tname_frm='" . SensitiveIO::sanitizeSQLString($this->_name) . "',\n\t\t\tsource_frm='" . SensitiveIO::sanitizeSQLString($this->_source) . "',\n\t\t\tresponses_frm='" . SensitiveIO::sanitizeSQLString($this->_responses) . "',\n\t\t\tclosed_frm='" . $closed . "'";
if ($this->_formID) {
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_cms_forms_formulars\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_frm='" . $this->_formID . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_cms_forms_formulars\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
if ($q->hasError()) {
$this->raiseError("Failed to write");
return false;
} elseif (!$this->_formID) {
$this->_formID = $q->getLastInsertedID();
}
//then create the 4 defaut actions for this form if hasn't any
if (!$this->hasActions()) {
//Form answer excedeed
$alreadyFoldAction = new CMS_forms_action();
$alreadyFoldAction->setInteger("form", $this->_formID);
$alreadyFoldAction->setInteger("type", CMS_forms_action::ACTION_ALREADY_FOLD);
$alreadyFoldAction->setString("value", 'text');
$alreadyFoldAction->writeToPersistence();
//Save form results in DB
$dbAction = new CMS_forms_action();
$dbAction->setInteger("form", $this->_formID);
$dbAction->setInteger("type", CMS_forms_action::ACTION_DB);
$dbAction->writeToPersistence();
//form OK
$okAction = new CMS_forms_action();
$okAction->setInteger("form", $this->_formID);
$okAction->setInteger("type", CMS_forms_action::ACTION_FORMOK);
$okAction->setString("value", 'text');
$okAction->writeToPersistence();
//form NOK
$nokAction = new CMS_forms_action();
$nokAction->setInteger("form", $this->_formID);
$nokAction->setInteger("type", CMS_forms_action::ACTION_FORMNOK);
$nokAction->setString("value", 'text');
$nokAction->writeToPersistence();
}
return true;
}
/**
* Get field order SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param mixed $direction : the direction to search (asc/desc)
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false)
{
$statusSuffix = $public ? "_public" : "_edited";
//operators are not supported for now : TODO
$supportedOperator = array();
if ($operator && !in_array($operator, $supportedOperator)) {
$this->_raiseError(get_class($this) . " : getFieldSearchSQL : unkown search operator : " . $operator . ", use default search instead");
$operator = false;
}
$sql = '';
//choose table
$fromTable = 'mod_subobject_integer';
$params = $this->getParamsValues();
if ($params['isGroup']) {
// create sql
$sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\tprofilesUsersGroups\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand objectSubFieldID = '0'\n\t\t\t\tand value = id_prg\n\t\t\t\t{$where}\n\t\t\torder by label_prg " . $direction;
} else {
// create sql
$sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\tprofilesUsers\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand objectSubFieldID = '0'\n\t\t\t\tand value = id_pru\n\t\t\t\t{$where}\n\t\t\torder by lastName_pru " . $direction . ", firstName_pru " . $direction;
}
return $sql;
}
/**
* Writes the template into persistence (MySQL for now).
*
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence()
{
$sql_fields = "\n\t\t\tlabel_pt='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\timage_pt='" . SensitiveIO::sanitizeSQLString($this->_image) . "',\n\t\t\tdefinitionFile_pt='" . SensitiveIO::sanitizeSQLString($this->_definitionFile) . "',\n\t\t\tgroupsStack_pt='" . SensitiveIO::sanitizeSQLString($this->_groups->getTextDefinition()) . "',\n\t\t\tmodulesStack_pt='" . SensitiveIO::sanitizeSQLString($this->_modules->getTextDefinition()) . "',\n\t\t\tinUse_pt='" . $this->_useable . "',\n\t\t\tdescription_pt='" . SensitiveIO::sanitizeSQLString($this->_description) . "',\n\t\t\twebsitesdenied_pt='" . SensitiveIO::sanitizeSQLString($this->_websitesdenied->getTextDefinition()) . "',\n\t\t\tprivate_pt='" . $this->_private . "',\n\t\t\tprintingCSOrder_pt='" . SensitiveIO::sanitizeSQLString(implode(";", $this->_printingClientSpaces)) . "'\n\t\t";
if ($this->_id) {
// Some changes must be applied
// to all private templates similar to this one using same xml file
if ($this->_definitionFile) {
$sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpageTemplates\n\t\t\t\t\tset\n\t\t\t\t\t\tlabel_pt='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\t\t\t\timage_pt='" . SensitiveIO::sanitizeSQLString($this->_image) . "',\n\t\t\t\t\t\tgroupsStack_pt='" . SensitiveIO::sanitizeSQLString($this->_groups->getTextDefinition()) . "',\n\t\t\t\t\t\tmodulesStack_pt='" . SensitiveIO::sanitizeSQLString($this->_modules->getTextDefinition()) . "',\n\t\t\t\t\t\tprintingCSOrder_pt='" . SensitiveIO::sanitizeSQLString(implode(";", $this->_printingClientSpaces)) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tdefinitionFile_pt like '" . SensitiveIO::sanitizeSQLString($this->_definitionFile) . "'\n\t\t\t\t";
$q = new CMS_query($sql);
}
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tpageTemplates\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_pt='" . $this->_id . "'\n\t\t\t";
} else {
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tpageTemplates\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields;
}
$q = new CMS_query($sql);
//pr($sql);
if ($q->hasError()) {
return false;
} elseif (!$this->_id) {
$this->_id = $q->getLastInsertedID();
}
return true;
}
/**
* Duplicate this block
* Used to duplicate a CMS_page.
*
* @param CMS_page $destinationPage, the page receiving a copy of this block
* @param boolean $public The precision needed for USERSPACE location
* @return CMS_block object
*/
function duplicate(&$destinationPage, $public = false)
{
if (SensitiveIO::isPositiveInteger($this->_dbID)) {
$table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public);
$str_set = "\n\t\t\t\t\tpage='" . $destinationPage->getID() . "',\n\t\t\t\t\tclientSpaceID='" . $this->_clientSpaceID . "',\n\t\t\t\t\trowID='" . $this->_rowID . "',\n\t\t\t\t\tblockID='" . $this->_tagID . "',\n\t\t\t\t\ttype='CMS_block_cms_forms',\n\t\t\t\t\tvalue='" . SensitiveIO::sanitizeSQLString(serialize($this->_value)) . "'\n\t\t\t";
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\t" . $table . "\n\t\t\t\tset\n\t\t\t\t\t" . $str_set . "\n\t\t\t";
$q = new CMS_query($sql);
if (!$q->hasError()) {
//Table Edition
$sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\tset\n\t\t\t\t\t\tid='" . $id . "',\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t";
$q = new CMS_query($sql);
return !$q->hasError();
} else {
$this->raiseError("Duplicate, insertion failed: " . $sql);
}
} else {
$this->raiseError("Duplicate, object does not have a DB ID, not initialized");
}
return false;
}
/**
* Duplicate this block
* Used to duplicate a CMS_page.
*
* @param CMS_page $destinationPage, the page receiving a copy of this block
* @param boolean $public The precision needed for USERSPACE location
* @return CMS_block object
*/
function duplicate(&$destinationPage, $public = false)
{
if (SensitiveIO::isPositiveInteger($this->_dbID) && $this->_file) {
$table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public);
//Copy linked file
//In new file name, delete reference to old page and add refernce to new one
$_newFilename = "p" . $destinationPage->getID() . io::substr($this->_file, io::strpos($this->_file, "_"), io::strlen($this->_file));
if (@is_file(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file) && @copy(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename) && @chmod(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename, octdec(FILES_CHMOD))) {
//Public
if ($public) {
if (!@copy(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $this->_file, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename) || !@chmod(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename, octdec(FILES_CHMOD))) {
$this->raiseError("Duplicate, copy of new file failed : " . PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename);
}
}
$_newEnlargedFilename = '';
//With enlarged file
if ($this->_enlargedFile != '') {
$_newEnlargedFilename = "p" . $destinationPage->getID() . io::substr($this->_enlargedFile, io::strpos($this->_enlargedFile, "_"), io::strlen($this->_enlargedFile));
//Edited
if (!@copy(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_enlargedFile, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newEnlargedFilename) || !@chmod(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newEnlargedFilename, octdec(FILES_CHMOD))) {
$this->raiseError("Duplicate, copy of new enlarged file failed : " . PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newEnlargedFilename);
}
//Public
if ($public) {
if (!@copy(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $this->_enlargedFile, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newEnlargedFilename) || !@chmod(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newEnlargedFilename, octdec(FILES_CHMOD))) {
$this->raiseError("Duplicate, copy of new enlarged file failed : " . PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newEnlargedFilename);
}
}
}
//Save new datas
$str_set = "\n\t\t\t\t\t\tpage='" . $destinationPage->getID() . "',\n\t\t\t\t\t\tclientSpaceID='" . $this->_clientSpaceID . "',\n\t\t\t\t\t\trowID='" . $this->_rowID . "',\n\t\t\t\t\t\tblockID='" . $this->_tagID . "',\n\t\t\t\t\t\tlabel='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($this->_label)) . "',\n\t\t\t\t\t\tfile='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($_newFilename)) . "',\n\t\t\t\t\t\texternalLink='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($this->_externalLink)) . "',\n\t\t\t\t\t\tenlargedFile='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($_newEnlargedFilename)) . "'\n\t\t\t\t";
$sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $table . "\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t";
$q = new CMS_query($sql);
if (!$q->hasError()) {
//Table Edition
$sql = "\n\t\t\t\t\t\tinsert into\n\t\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\t\tset\n\t\t\t\t\t\t\tid='" . $q->getLastInsertedID() . "',\n\t\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t\t";
$q = new CMS_query($sql);
return !$q->hasError();
} else {
$this->raiseError("Duplicate, SQL insertion of new filename failed : " . $sql);
}
} else {
$this->raiseError("Duplicate, copy of file failed :" . PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file);
}
}
return false;
}
/**
* Duplicate this block
* Used to duplicate a CMS_page.
*
* @param CMS_page $destinationPage, the page receiving a copy of this block
* @param boolean $public The precision needed for USERSPACE location
* @return CMS_block object
*/
function duplicate(&$destinationPage, $public = false)
{
if (SensitiveIO::isPositiveInteger($this->_dbID)) {
$link = $this->_link;
if ($link->hasValidHREF()) {
if ($link->getLinkType() == RESOURCE_LINK_TYPE_FILE) {
//get file path
$file = $link->getFileLink(false, MOD_STANDARD_CODENAME, RESOURCE_DATA_LOCATION_EDITED, PATH_RELATIVETO_FILESYSTEM, true);
$path = $link->getFileLink(true, MOD_STANDARD_CODENAME, RESOURCE_DATA_LOCATION_EDITED, PATH_RELATIVETO_FILESYSTEM, false);
if ($file && file_exists($path . '/' . $file)) {
//Copy linked file
//In new file name, delete reference to old page and add refernce to new one
$_newFilename = "p" . $destinationPage->getID() . io::substr($file, io::strpos($file, "_"), io::strlen($file));
if (@is_file(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $file) && CMS_file::copyTo(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $file, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename) && CMS_file::chmodFile(FILES_CHMOD, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename)) {
//Public
if ($public) {
if (!is_file(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $file) || !CMS_file::copyTo(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $file, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename) || !CMS_file::chmodFile(FILES_CHMOD, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename)) {
$this->raiseError("Duplicate, file copy failed : " . PATH_MODULES_FILES_STANDARD_FS . "/public/" . $file);
}
}
$link->setFileLink($_newFilename);
}
}
}
$table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public);
//Save new datas
$str_set = "\n\t\t\t\t\t\tpage='" . $destinationPage->getID() . "',\n\t\t\t\t\t\tclientSpaceID='" . $this->_clientSpaceID . "',\n\t\t\t\t\t\trowID='" . $this->_rowID . "',\n\t\t\t\t\t\tblockID='" . $this->_tagID . "',\n\t\t\t\t\t\ttype='CMS_block_link',\n\t\t\t\t\t\tvalue='" . SensitiveIO::sanitizeSQLString($link->getTextDefinition()) . "'\n\t\t\t\t";
$sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $table . "\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t";
$q = new CMS_query($sql);
if (!$q->hasError()) {
//Table Edition
$sql = "\n\t\t\t\t\t\tinsert into\n\t\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\t\tset\n\t\t\t\t\t\t\tid='" . $q->getLastInsertedID() . "',\n\t\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t\t";
$q = new CMS_query($sql);
return !$q->hasError();
} else {
$this->raiseError("Duplicate, SQL insertion of new filename failed: " . $sql);
}
} else {
$this->raiseError("Duplicate, copy of file failed :" . PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file);
}
}
return false;
}
