public static function get_message($condition, array $parameters) { $row = self::$db_querier->select_single_row_query('SELECT member.*, shoutbox.* FROM ' . ShoutboxSetup::$shoutbox_table . ' shoutbox LEFT JOIN ' . DB_TABLE_MEMBER . ' member ON member.user_id = shoutbox.user_id ' . $condition, $parameters); $message = new ShoutboxMessage(); $message->set_properties($row); return $message; }
private function check_authorizations(ShoutboxMessage $message) { if (!$message->is_authorized_to_delete()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } if (AppContext::get_current_user()->is_readonly()) { $controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($controller); } }
private function build_view() { $this->lang = LangLoader::get('common', 'shoutbox'); $this->view = new FileTemplate('shoutbox/ShoutboxAjaxMessagesBoxController.tpl'); $this->view->add_lang($this->lang); $config = ShoutboxConfig::load(); $this->view->put('C_DISPLAY_DATE', $config->is_date_displayed()); $result = PersistenceContext::get_querier()->select('SELECT * FROM ' . ShoutboxSetup::$shoutbox_table . ' s LEFT JOIN ' . DB_TABLE_MEMBER . ' m ON m.user_id = s.user_id ORDER BY s.timestamp DESC ' . ($config->is_shout_max_messages_number_enabled() ? 'LIMIT ' . $config->get_shout_max_messages_number() : '')); while ($row = $result->fetch()) { $shoutbox_message = new ShoutboxMessage(); $shoutbox_message->set_properties($row); $this->view->assign_block_vars('messages', array_merge($shoutbox_message->get_array_tpl_vars())); } $result->dispose(); }
private function build_view() { $user_accounts_config = UserAccountsConfig::load(); $messages_number = ShoutboxService::count(); $page = AppContext::get_request()->get_getint('page', 1); $pagination = $this->get_pagination($messages_number, $page); $is_guest = !AppContext::get_current_user()->check_level(User::MEMBER_LEVEL); $result = PersistenceContext::get_querier()->select('SELECT member.*, shoutbox.*, ext_field.user_avatar FROM ' . ShoutboxSetup::$shoutbox_table . ' shoutbox LEFT JOIN ' . DB_TABLE_MEMBER . ' member ON member.user_id = shoutbox.user_id LEFT JOIN ' . DB_TABLE_MEMBER_EXTENDED_FIELDS . ' ext_field ON ext_field.user_id = member.user_id ORDER BY shoutbox.timestamp DESC LIMIT :number_items_per_page OFFSET :display_from', array('number_items_per_page' => $pagination->get_number_items_per_page(), 'display_from' => $pagination->get_display_from())); while ($row = $result->fetch()) { $message = new ShoutboxMessage(); $message->set_properties($row); //Avatar $user_avatar = !empty($row['user_avatar']) ? Url::to_rel($row['user_avatar']) : ($user_accounts_config->is_default_avatar_enabled() ? Url::to_rel('/templates/' . AppContext::get_current_user()->get_theme() . '/images/' . $user_accounts_config->get_default_avatar_name()) : ''); $this->view->assign_block_vars('messages', array_merge($message->get_array_tpl_vars($page), array('C_AVATAR' => $row['user_avatar'] || $user_accounts_config->is_default_avatar_enabled(), 'C_USER_GROUPS' => !empty($row['groups']), 'U_AVATAR' => $user_avatar))); //user's groups if ($message->get_author_user()->get_groups()) { $groups_cache = GroupsCache::load(); $user_groups = $message->get_author_user()->get_groups(); foreach ($user_groups as $user_group_id) { if ($groups_cache->group_exists($user_group_id)) { $group = $groups_cache->get_group($user_group_id); $this->view->assign_block_vars('messages.user_groups', array('C_GROUP_PICTURE' => !empty($group['img']), 'GROUP_PICTURE' => $group['img'], 'GROUP_NAME' => $group['name'])); } } } } $result->dispose(); $this->view->put_all(array('C_NO_MESSAGE' => $result->get_rows_count() == 0, 'C_PAGINATION' => $messages_number > ShoutboxConfig::load()->get_items_number_per_page(), 'PAGINATION' => $pagination->display())); if (ShoutboxAuthorizationsService::check_authorizations()->write() && !AppContext::get_current_user()->is_readonly()) { $this->view->put('FORM', ShoutboxFormController::get_view()); } else { $this->view->put('MSG', MessageHelper::display($this->lang['error.post.unauthorized'], MessageHelper::WARNING)); } return $this->view; }
public function execute(HTTPRequestCustom $request) { if ($this->check_authorizations()) { $pseudo = TextHelper::strprotect(utf8_decode($request->get_string('pseudo', ''))); $contents = TextHelper::htmlentities($request->get_string('contents', ''), ENT_COMPAT, 'UTF-8'); $contents = TextHelper::htmlspecialchars_decode(TextHelper::html_entity_decode($contents, ENT_COMPAT, 'windows-1252')); if ($pseudo && $contents) { //Mod anti-flood, autorisé aux membres qui bénificie de l'autorisation de flooder. $check_time = AppContext::get_current_user()->get_id() !== -1 && ContentManagementConfig::load()->is_anti_flood_enabled() ? PersistenceContext::get_querier()->get_column_value(PREFIX . "shoutbox", 'MAX(timestamp)', 'WHERE user_id = :id', array('id' => AppContext::get_current_user()->get_id())) : ''; if (!empty($check_time) && !AppContext::get_current_user()->check_max_value(AUTH_FLOOD)) { if ($check_time >= time() - ContentManagementConfig::load()->get_anti_flood_duration()) { $code = -1; } } //Vérifie que le message ne contient pas du flood de lien. $config_shoutbox = ShoutboxConfig::load(); $contents = FormatingHelper::strparse($contents, $config_shoutbox->get_forbidden_formatting_tags()); if (!TextHelper::check_nbr_links($contents, $config_shoutbox->get_max_links_number_per_message(), true)) { //Nombre de liens max dans le message. $code = -2; } $shoutbox_message = new ShoutboxMessage(); $shoutbox_message->init_default_properties(); $shoutbox_message->set_login($pseudo); $shoutbox_message->set_user_id(AppContext::get_current_user()->get_id()); $shoutbox_message->set_contents($contents); $shoutbox_message->set_creation_date(new Date()); $code = ShoutboxService::add($shoutbox_message); } else { $code = -3; } } else { $code = -4; } return new JSONResponse(array('code' => $code)); }