/**
* @return string Returns a escaped query.
*/
public static function prepare($connection, $query, array $data)
{
// Check dependencies
Validator::required(isset($connection, $query), __METHOD__);
// Count the number of placeholders and compare it with the number of arguments
// If it doesn't match, calculate the difference and skip this number of placeholders before starting the replacement
// This avoids problems with placeholders in user-input
// $skip = Number of placeholders which need to be skipped
$skip = 0;
$temp = '';
$num = array('placeholder' => substr_count($query, '?'), 'data' => count($data));
if ($num['data'] - $num['placeholder'] < 0) {
Log::notice($connection, __METHOD__, __LINE__, 'Could not completely prepare query. Query has more placeholders than values.');
}
foreach ($data as $value) {
// Escape
$value = mysqli_real_escape_string($connection, $value);
// Recalculate number of placeholders
$num['placeholder'] = substr_count($query, '?');
// Calculate number of skips
if ($num['placeholder'] > $num['data']) {
$skip = $num['placeholder'] - $num['data'];
}
if ($skip > 0) {
// Need to skip $skip placeholders, because the user input contained placeholders
// Calculate a substring which does not contain the user placeholders
// 1 or -1 is the length of the placeholder (placeholder = ?)
$pos = -1;
for ($i = $skip; $i > 0; $i--) {
$pos = strpos($query, '?', $pos + 1);
}
$pos++;
$temp = substr($query, 0, $pos);
// First part of $query
$query = substr($query, $pos);
// Last part of $query
}
// Put a backslash in front of every character that is part of the regular
// expression syntax. Avoids a backreference when using preg_replace.
$value = preg_quote($value);
// Replace
$query = preg_replace('/\\?/', $value, $query, 1);
if ($skip > 0) {
// Reassemble the parts of $query
$query = $temp . $query;
}
// Reset skip
$skip = 0;
// Decrease number of data elements
$num['data']--;
}
return $query;
}
/**
* Creates a smaller version of a photo when its size is bigger than a preset size.
* Photo must be big enough and Imagick must be installed and activated.
* @return boolean Returns true when successful.
*/
private function createMedium($url, $filename, $width, $height)
{
// Excepts the following:
// (string) $url = Path to the photo-file
// (string) $filename = Name of the photo-file
// (int) $width = Width of the photo
// (int) $height = Height of the photo
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Quality of medium-photo
$quality = 90;
// Set to true when creation of medium-photo failed
$error = false;
// Size of the medium-photo
// When changing these values,
// also change the size detection in the front-end
$newWidth = 1920;
$newHeight = 1080;
// Check permissions
if (hasPermissions(LYCHEE_UPLOADS_MEDIUM) === false) {
// Permissions are missing
Log::notice(Database::get(), __METHOD__, __LINE__, 'Skipped creation of medium-photo, because uploads/medium/ is missing or not readable and writable.');
$error = true;
}
// Is photo big enough?
// Is Imagick installed and activated?
if ($error === false && ($width > $newWidth || $height > $newHeight) && (extension_loaded('imagick') && Settings::get()['imagick'] === '1')) {
$newUrl = LYCHEE_UPLOADS_MEDIUM . $filename;
// Read image
$medium = new Imagick();
$medium->readImage($url);
// Adjust image
$medium->scaleImage($newWidth, $newHeight, true);
$medium->stripImage();
$medium->setImageCompressionQuality($quality);
// Save image
try {
$medium->writeImage($newUrl);
} catch (ImagickException $err) {
Log::notice(Database::get(), __METHOD__, __LINE__, 'Could not save medium-photo (' . $err->getMessage() . ')');
$error = true;
}
$medium->clear();
$medium->destroy();
} else {
// Photo too small or
// Medium is deactivated or
// Imagick not installed
$error = true;
}
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($error === true) {
return false;
}
return true;
}
