/**
* Constructor.
* @param {array} $files Uploaded file(s).
*/
public function __construct($files)
{
$numItems = count($files['tmp_name']);
for ($i = 0; $i < $numItems; $i++) {
$error = $files['error'][$i];
// File input in form for which no file has been selected
if ($error == UPLOAD_ERR_NO_FILE) {
continue;
}
// Something actually went wrong with an upload
if ($error != UPLOAD_ERR_OK) {
$msg = sprintf('[%s] Upload error for file <code>%s</code>: %s', get_class(), htmlspecialchars($files['name'][$i]), self::getUploadErrorString($error));
ae_Log::error($msg);
$json = str_replace('\\/', '/', json_encode($files));
ae_Log::debug('File ' . $i . ': ' . $json);
continue;
}
$type = self::getMIMEType($files['tmp_name'][$i], $files['type'][$i]);
$m = new ae_MediaModel();
$m->setName($files['name'][$i]);
$m->setTmpName($files['tmp_name'][$i]);
$m->setDatetime(date('Y-m-d H:i:s'));
$m->setType($type);
$m->setUserId(ae_Security::getCurrentUserId());
$m->setStatus(ae_MediaModel::STATUS_AVAILABLE);
$m->setMetaInfo(self::getMetaInfo($m));
$this->items[] = $m;
}
}
/**
* Save the page to DB. If an ID is set, it will update
* the page, otherwise it will create a new one.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if ($this->datetime == '0000-00-00 00:00:00') {
$this->setDatetime(date('Y-m-d H:i:s'));
}
if (!ae_Validate::id($this->userId)) {
$this->setUserId(ae_Security::getCurrentUserId());
}
if ($this->permalink == '') {
$this->setPermalink($this->title);
}
$params = array(':title' => $this->title, ':permalink' => $this->permalink, ':content' => $this->content, ':datetime' => $this->datetime, ':user' => $this->userId, ':comments' => $this->commentsStatus, ':status' => $this->status);
// Create new page
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_PAGES . '` (
pa_title,
pa_permalink,
pa_content,
pa_datetime,
pa_user,
pa_comments,
pa_status
) VALUES (
:title,
:permalink,
:content,
:datetime,
:user,
:comments,
:status
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_PAGES . '` (
pa_id,
pa_title,
pa_permalink,
pa_content,
pa_datetime,
pa_user,
pa_comments,
pa_status
) VALUES (
:id,
:title,
:permalink,
:content,
:datetime,
:user,
:comments,
:status
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . AE_TABLE_PAGES . '` SET
pa_title = :title,
pa_permalink = :permalink,
pa_content = :content,
pa_datetime = :datetime,
pa_edit = :editDatetime,
pa_user = :user,
pa_comments = :comments,
pa_status = :status
WHERE
pa_id = :id
';
$params[':id'] = $this->id;
$params[':editDatetime'] = date('Y-m-d H:i:s');
} else {
$msg = sprintf('[%s] Supposed to insert new page with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If a new page was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
}
return TRUE;
}
public function testMisc()
{
$this->assertFalse(ae_Security::getCurrentUserId());
$this->assertNotEquals(trim(ae_Security::getSessionVerify()), '');
$this->assertFalse(ae_Security::isLoggedIn());
}
/**
* Create the post.
* @return {int} ID of the new post.
*/
function createPost()
{
if (!isset($_POST['post-title'], $_POST['post-permalink'], $_POST['post-content'], $_POST['post-tags'], $_POST['post-publish-month'], $_POST['post-publish-day'], $_POST['post-publish-year'], $_POST['post-publish-hour'], $_POST['post-publish-minute'], $_POST['submit'])) {
header('Location: ../admin.php?error=missing_data_for_post');
exit;
}
$datetime = sprintf('%04d-%02d-%02d %02d:%02d:00', $_POST['post-publish-year'], $_POST['post-publish-month'], $_POST['post-publish-day'], $_POST['post-publish-hour'], $_POST['post-publish-minute']);
$permalink = trim($_POST['post-permalink']);
$status = $_POST['submit'] == 'draft' ? ae_PostModel::STATUS_DRAFT : ae_PostModel::STATUS_PUBLISHED;
$post = new ae_PostModel();
if (isset($_POST['edit-id'])) {
$post->setId($_POST['edit-id']);
}
$post->setTitle($_POST['post-title']);
if ($permalink != '') {
$post->setPermalink($permalink);
}
$post->setContent($_POST['post-content']);
$post->setDatetime(isset($_POST['post-schedule']) ? $datetime : date('Y-m-d H:i:s'));
$post->setCommentsStatus($_POST['post-comments-status']);
$post->setStatus($status);
$post->setTags($_POST['post-tags']);
$post->setUserId(ae_Security::getCurrentUserId());
$post->save();
return $post->getId();
}
try {
$co->setPostId($_POST['comment-post']);
} catch (Exception $exc) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=invalid_data#comment-form');
exit;
}
// Forgivable errors with default values for fallback
try {
$co->setAuthorName($_POST['comment-author-name']);
$co->setAuthorEmail($_POST['comment-author-email']);
$co->setAuthorUrl($url);
$co->setAuthorIp($_SERVER['REMOTE_ADDR']);
$co->setContent($content);
$co->setStatus(COMMENT_DEFAULT_STATUS);
if (ae_Security::isLoggedIn()) {
$co->setUserId(ae_Security::getCurrentUserId());
}
$filter = array('LIMIT' => FALSE, 'WHERE' => 'cf_status = :status');
$params = array(':status' => ae_CommentfilterModel::STATUS_ACTIVE);
$cfList = new ae_CommentfilterList($filter, $params, FALSE);
$keep = $cfList->applyFilters($co);
if (!$keep) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=comment_deleted_by_filter');
exit;
}
$co->save();
} catch (Exception $exc) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=failed_to_save#comment-form');
exit;
}
header('Location: ../?p=' . $_POST['comment-post'] . '&saved#comment-' . $co->getId());
