/**
* Escapes special characters in a string for use in an SQL statement
*
* @param string
* @return string
*/
public function escape($value)
{
if (is_float($value)) {
return str_replace(',', '.', (double) $value);
}
return $this->model->escape($value);
}
protected function getSql()
{
$model = new waModel();
$where = array();
if ($discountcard = waRequest::get('discountcard')) {
$where[] = "discountcard LIKE '" . $model->escape($discountcard) . "'";
}
$sql = "FROM `shop_discountcards`" . ($where ? " WHERE " . implode(" AND ", $where) : "") . " ORDER BY `id` DESC";
return $sql;
}
protected function getTables($prefix)
{
// @todo: use db adapter to get tables
$tables = array();
$prefix = $this->model->escape($prefix, 'l');
$sql = "SHOW TABLES LIKE '{$prefix}'";
$tables = array_merge($tables, $this->model->query($sql)->fetchAll(null, true));
$sql = "SHOW TABLES LIKE '{$prefix}\\_%'";
$tables = array_merge($tables, $this->model->query($sql)->fetchAll(null, true));
return $tables;
}
public function execute()
{
$term = waRequest::request('term');
$limit = waRequest::request('limit', 30, 'int');
if (mb_strlen($term) < 2) {
return;
}
$type = waRequest::request('type', null, waRequest::TYPE_STRING_TRIM);
$model = new waModel();
if (strpos($term, '@') !== FALSE) {
$contacts = new contactsCollection('/search/email*=' . $term);
} else {
$contacts = new contactsCollection();
$t_a = preg_split("/\\s+/", $term);
$cond = array();
foreach ($t_a as $t) {
$t = trim($t);
if ($t) {
$t = $model->escape($t, 'like');
if ($type === 'person') {
$cond[] = "(c.firstname LIKE '{$t}%' OR c.middlename LIKE '{$t}%' OR c.lastname LIKE '{$t}%')";
} else {
if ($type === 'company') {
$cond[] = "c.name LIKE '{$t}%'";
} else {
$cond[] = "(c.firstname LIKE '{$t}%' OR c.middlename LIKE '{$t}%' OR c.lastname LIKE '{$t}%' OR c.name LIKE '{$t}%')";
}
}
}
}
if ($cond) {
$contacts->addWhere(implode(" AND ", $cond));
}
}
if ($type) {
if ($type === 'person') {
$contacts->addWhere("is_company = 0");
} else {
if ($type === 'company') {
$contacts->addWhere("is_company = 1");
}
}
}
$this->response = array();
$term_safe = htmlspecialchars($term);
foreach ($contacts->getContacts('id,name,company,email', 0, $limit) as $c) {
$name = $this->prepare($c['name'], $term_safe);
$email = $this->prepare(ifset($c['email'][0], ''), $term_safe);
$company = $this->prepare($c['company'], $term_safe);
$this->response[] = array('label' => implode(', ', array_filter(array($name, $company, $email))), 'value' => $c['id'], 'name' => $c['name'], 'email' => ifset($c['email'][0], ''), 'company' => $c['company']);
}
}
protected function getSql()
{
$model = new waModel();
$where = array();
if ($discountcard = waRequest::get('discountcard')) {
$where[] = "`discountcard` LIKE '" . $model->escape($discountcard) . "'";
}
if ($order_id = waRequest::get('order_id')) {
$order_id = $this->decodeOrderId($order_id);
$where[] = "`order_id` = '" . $order_id . "'";
}
$sql = "FROM `shop_discountcards_order`" . ($where ? " WHERE " . implode(" AND ", $where) : "") . " ORDER BY `order_id` DESC";
return $sql;
}
public static function getUserCategoryId($contact_id = null)
{
if ($contact_id === null) {
$contact_id = wa()->getUser()->getId();
}
$model = new waModel();
$sql = "SELECT * FROM `wa_contact_categories` WHERE `contact_id` = '" . $model->escape($contact_id) . "'";
$categories = $model->query($sql)->fetchAll();
$category_ids = array();
$category_ids[] = 0;
foreach ($categories as $category) {
$category_ids[] = $category['category_id'];
}
return $category_ids;
}
public function execute()
{
if (file_exists($this->getConfig()->getPath('config', 'db'))) {
$this->redirect($this->getConfig()->getBackendUrl(true));
}
if ($config = waRequest::post()) {
$database = $config['database'];
$error = false;
try {
$config['database'] = null;
$model = new waModel($config);
} catch (waDbException $e) {
$error = _w('Failed to connect to specified MySQL database server.');
}
$config['database'] = $database;
if (!$error) {
if (!$model->database($database)) {
try {
// try create database
$sql = "CREATE DATABASE " . $model->escape($database);
$model->exec($sql);
} catch (waDbException $e) {
$error = sprintf(_w('Failed to connect to the “%s” database.'), $database);
}
}
}
if (!$error) {
// try save config
$file = $this->getConfig()->getPath('config');
if (!is_writable($file)) {
$error = sprintf(_w("Not enough access permissions to write in the folder %s"), $file);
} else {
$data = array('default' => $config);
if (!waUtils::varExportToFile($data, $file . '/db.php')) {
$error = sprintf(_w("Error creating file %s"), $file . '/routing.php');
} else {
// check routing.php
if (!file_exists($file . '/routing.php')) {
$apps = wa()->getApps();
$data = array();
$domain = $this->getConfig()->getDomain();
$site = false;
foreach ($apps as $app_id => $app) {
if ($app_id == 'site') {
$site = true;
} elseif (!empty($app['frontend'])) {
$data[$domain][] = array('url' => $app_id . '/', 'app' => $app_id);
}
}
if ($site) {
$data[$domain][] = array('url' => '*', 'app' => 'site');
}
waUtils::varExportToFile($data, $file . '/routing.php');
}
// redirect to backend
$this->redirect($this->getConfig()->getBackendUrl(true));
}
}
}
if ($error) {
$this->view->assign('error', $error);
}
}
}
/**
* @param $url
* @param waModel $context
* @param int $length
* @param string $field
* @return string
*/
public static function genUniqueUrl($url, $context, &$counter = 0, $length = 512, $field = 'url')
{
$counter = 0;
$url = preg_replace('/\\s+/', '-', $url);
$url = shopHelper::transliterate($url);
if (strlen($url) == 0) {
$url = (time() << 24) + $counter++;
} else {
$url = mb_substr($url, 0, $length);
}
$url = mb_strtolower($url);
$pattern = mb_substr($context->escape($url, 'like'), 0, $length - 3) . '%';
$sql = "SELECT `{$field}` FROM {$context->getTableName()} WHERE url LIKE '{$pattern}' ORDER BY LENGTH(`{$field}`)";
$alike = $context->query($sql)->fetchAll('url');
if (is_array($alike) && isset($alike[$url])) {
$last = array_shift($alike);
$counter = 1;
do {
$modifier = "-{$counter}";
$_length = mb_strlen($modifier);
$url = mb_substr($last['url'], 0, $length - $_length) . $modifier;
} while (isset($alike[$url]) && ++$counter < 100);
if (isset($alike[$url])) {
$short_uuid = (time() << 24) + $counter++;
$_length = mb_strlen($short_uuid);
$url = mb_substr($last['url'], 0, $length - $_length) . $short_uuid;
}
}
return mb_strtolower($url);
}
public function contactsAutocomplete($q, $limit = null)
{
$m = new waModel();
// The plan is: try queries one by one (starting with fast ones),
// until we find 5 rows total.
$sqls = array();
// Name starts with requested string
$sqls[] = "SELECT c.id, c.name\n FROM wa_contact AS c\n WHERE c.name LIKE '" . $m->escape($q, 'like') . "%'\n LIMIT {LIMIT}";
// Email starts with requested string
$sqls[] = "SELECT c.id, c.name, e.email\n FROM wa_contact AS c\n JOIN wa_contact_emails AS e\n ON e.contact_id=c.id\n WHERE e.email LIKE '" . $m->escape($q, 'like') . "%'\n LIMIT {LIMIT}";
// Phone contains requested string
if (preg_match('~^[wp0-9\\-\\+\\#\\*\\(\\)\\. ]+$~', $q)) {
$dq = preg_replace("/[^\\d]+/", '', $q);
$sqls[] = "SELECT c.id, c.name, d.value as phone\n FROM wa_contact AS c\n JOIN wa_contact_data AS d\n ON d.contact_id=c.id AND d.field='phone'\n WHERE d.value LIKE '%" . $m->escape($dq, 'like') . "%'\n LIMIT {LIMIT}";
}
// Name contains requested string
$sqls[] = "SELECT c.id, c.name\n FROM wa_contact AS c\n WHERE c.name LIKE '_%" . $m->escape($q, 'like') . "%'\n LIMIT {LIMIT}";
// Email contains requested string
$sqls[] = "SELECT c.id, c.name, e.email\n FROM wa_contact AS c\n JOIN wa_contact_emails AS e\n ON e.contact_id=c.id\n WHERE e.email LIKE '_%" . $m->escape($q, 'like') . "%'\n LIMIT {LIMIT}";
$limit = $limit !== null ? $limit : 5;
$result = array();
$term_safe = htmlspecialchars($q);
foreach ($sqls as $sql) {
if (count($result) >= $limit) {
break;
}
foreach ($m->query(str_replace('{LIMIT}', $limit, $sql)) as $c) {
if (empty($result[$c['id']])) {
$name = $this->prepare($c['name'], $term_safe);
$email = $this->prepare(ifset($c['email'], ''), $term_safe);
$phone = $this->prepare(ifset($c['phone'], ''), $term_safe);
$phone && ($phone = '<i class="icon16 phone"></i>' . $phone);
$email && ($email = '<i class="icon16 email"></i>' . $email);
$result[$c['id']] = array('id' => $c['id'], 'value' => $c['id'], 'name' => $c['name'], 'label' => implode(' ', array_filter(array($name, $email, $phone))));
if (count($result) >= $limit) {
break 2;
}
}
}
}
foreach ($result as &$c) {
$contact = new waContact($c['id']);
$c['label'] = "<i class='icon16 userpic20' style='background-image: url(\"" . $contact->getPhoto(20) . "\");'></i>" . $c['label'];
}
unset($c);
return array_values($result);
}
<?php
$model = new waModel();
// remove characters +-()
$model->exec("UPDATE wa_contact_data SET value = REPLACE(value, '+', '') WHERE field = 'phone' AND value LIKE '%+%'");
$model->exec("UPDATE wa_contact_data SET value = REPLACE(value, '-', '') WHERE field = 'phone' AND value LIKE '%-%'");
$model->exec("UPDATE wa_contact_data SET value = REPLACE(value, '(', '') WHERE field = 'phone' AND value LIKE '%(%'");
$model->exec("UPDATE wa_contact_data SET value = REPLACE(value, ')', '') WHERE field = 'phone' AND value LIKE '%)%'");
// remove spaces between digits
$rows = $model->query("SELECT id, value FROM wa_contact_data WHERE field='phone' AND value LIKE '% %'");
foreach ($rows as $row) {
$sql = "UPDATE wa_contact_data SET value = '" . $model->escape(preg_replace('/(\\d)\\s+(\\d)/i', '$1$2', trim($row['value']))) . "' WHERE id = " . (int) $row['id'];
$model->exec($sql);
}
public function search($query)
{
$model = new waModel();
return array('where' => array("p.name LIKE '" . $model->escape($query, 'like') . "'"));
}
