function api_mycss()
{
$sql = "SELECT `css` FROM `css` WHERE `uid` = '" . intval(uid()) . "' LIMIT 1";
$data = get_var($sql);
if (db_errno() != 0) {
apiController::send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . db_error());
}
return apiController::send_result($data);
}
function db_query($query, $database = "", $conn = "")
{
global $cfg;
if ($conn) {
/* connection is provided*/
$response = $database ? mysql_db_query($database, $query, $conn) : mysql_query($query, $conn);
} else {
$response = $database ? mysql_db_query($database, $query) : mysql_query($query);
}
if (!$response) {
//error reporting
$alert = '[' . $query . ']' . "\n\n" . db_error();
Sys::log(LOG_ALERT, 'DB Error #' . db_errno(), $alert, $cfg && $cfg->alertONSQLError());
//echo $msg; #uncomment during debuging or dev.
}
return $response;
}
function db_init()
{
$password = substr(md5(time() . rand(1, 9999)), rand(1, 20), 12);
$sql_contents = preg_replace("/(#.+[\r|\n]*)/", '', file_get_contents(AROOT . 'misc' . DS . 'install.sql'));
// 更换变量
$sql_contents = str_replace('{password}', md5($password), $sql_contents);
$sqls = split_sql_file($sql_contents);
foreach ($sqls as $sql) {
run_sql($sql);
}
if (db_errno() == 0) {
info_page('数据库初始化成功,请使用【member@teamtoy.net】和【' . $password . '】<a href="/" target="new">登入并添加用户</a>');
exit;
} else {
info_page(db_error());
exit;
}
}
function db_init()
{
$password = substr(md5(time() . rand(1, 9999)), rand(1, 20), 12);
$sql_contents = preg_replace("/(#.+[\r|\n]*)/", '', file_get_contents(AROOT . 'misc' . DS . 'install.sql'));
// 更换变量
$sql_contents = str_replace('{password}', md5($password), $sql_contents);
$sqls = split_sql_file($sql_contents);
foreach ($sqls as $sql) {
run_sql($sql);
}
if (db_errno() == 0) {
info_page(__('DATABASE_INIT_FINISHED', $password));
exit;
} else {
info_page(db_error());
exit;
}
}
function turn()
{
if (!is_admin()) {
return render(array('code' => LR_API_FORBIDDEN, 'message' => __('API_MESSAGE_ONLY_ADMIN')), 'rest');
}
$on = intval(v('on'));
$folder_name = z(t(v('folder_name')));
if (strlen($folder_name) < 1) {
return render(array('code' => LR_API_ARGS_ERROR, 'message' => 'FOLDER NAME CANNOT BE EMPTY'), 'rest');
}
$sql = "REPLACE `plugin` (`folder_name` , `on`) VALUES ( '" . s($folder_name) . "' , '" . intval($on) . "' )";
run_sql($sql);
if (db_errno() == 0) {
return render(array('code' => 0, 'message' => 'ok'), 'rest');
} else {
return render(array('code' => LR_API_DB_ERROR, 'message' => db_error()), 'rest');
}
}
function plugin_simple_token()
{
$do = z(t(v('do')));
switch ($do) {
case 'create':
case 'refresh':
$new_token = substr(md5(uid() . time("Y h j G") . rand(1, 9999)), 0, rand(9, 20));
$new_token = uid() . substr(md5($new_token), 0, 10);
$sql = "REPLACE INTO `stoken` ( `uid` , `token` , `on` ) VALUES ( '" . intval(uid()) . "' , '" . s($new_token) . "' , '1' )";
run_sql($sql);
if (db_errno() == 0) {
return ajax_echo('done');
} else {
return ajax_echo('error');
}
break;
case 'close':
$sql = "UPDATE `stoken` SET `on` = '0' WHERE `uid` = '" . intval(uid()) . "' LIMIT 1";
run_sql($sql);
if (db_errno() == 0) {
return ajax_echo('done');
} else {
return ajax_echo('error');
}
break;
case 'reopen':
$sql = "UPDATE `stoken` SET `on` = '1' WHERE `uid` = '" . intval(uid()) . "' LIMIT 1";
run_sql($sql);
if (db_errno() == 0) {
return ajax_echo('done');
} else {
return ajax_echo('error');
}
break;
default:
$data['tinfo'] = get_line("SELECT * FROM `stoken` WHERE `uid` = '" . intval(uid()) . "' LIMIT 1");
render($data, 'ajax', 'plugin', 'simple_token');
}
}
$checkin_date = "'" . $_POST["checkin_date"] . "'";
$checkout_date = !empty($_POST["checkout_date"]) ? "'" . $_POST["checkout_date"] . "'" : 'NULL';
$residence_id = $_POST["residence_id"];
$payment_mode = $_POST["payment_mode"];
$agents_ac_no = !empty($_POST["agents_ac_no"]) ? $_POST["agents_ac_no"] : 'NULL';
$roomid = $_POST["roomid"];
$checkedin_by = 1;
//$_POST["checkedin_by"];
$invoice_no = !empty($_POST["invoice_no"]) ? $_POST["invoice_no"] : 'NULL';
$results = db_query('
INSERT INTO booking (guestid, booking_type, meal_plan, no_adults, no_child, checkin_date, checkout_date,
residence_id, payment_mode, agents_ac_no, roomid, checkedin_by, invoice_no, billed)
VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 0)', array($guestid, $booking_type, $meal_plan, $no_adults, $no_child, $checkin_date, $checkout_date, $residence_id, $payment_mode, $agents_ac_no, $roomid, $checkedin_by, $invoice_no));
if (!$results || $results->rowCount() == 0) {
//should log mysql errors to a file instead of displaying them to the user
echo 'Invalid query: ' . db_errno() . "<br>" . ": " . db_error() . "<br>";
echo "Guests NOT BOOKED.";
//return;
} else {
echo "<div align=\"center\"><h1>Guests successful checked in.</h1></div>";
//create bill - let user creat bill/create bill automatically
$results = db_query('INSERT INTO bills (book_id, billno, date_billed) SELECT booking.book_id, booking.book_id, booking.checkin_date FROM booking WHERE booking.billed = 0');
$msg[0] = "Sorry no bill created";
$msg[1] = "Bill successfull created";
AddSuccess($results, $msg);
//if bill succesful created update billed to 1 in bookings- todo
//get the actual updated book_id, currently this simply updates all bookings
$results = db_query('UPDATE booking SET billed = 1 WHERE billed = 0');
$msg[0] = "Sorry Booking not updated";
$msg[1] = "Booking successful updated";
AddSuccess($results, $msg);
function runQuery($query, $function, $label)
{
global $dbh;
if (!($result = db_query($query, $dbh))) {
// query execution failed, set the log and status:
setLogAndStatus($query, db_errno($dbh), db_error($dbh), $function, $label);
return 0;
} else {
return $result;
}
}
function plugin_check_mail()
{
if (intval(kget('mqueue_on')) != 1) {
return false;
}
$sql = "SELECT * FROM `mail_queue` WHERE `timeline` > '" . date("Y-m-d H:i:s", strtotime("-1 hour")) . "' LIMIT 1";
if ($line = get_line($sql)) {
session_write_close();
$info = unserialize($line['data']);
if (phpmailer_send_mail($info['to'], $info['subject'], $info['body'], kget('mqueue_username'), kget('mqueue_server'), kget('mqueue_port'), kget('mqueue_username'), kget('mqueue_password'))) {
$sql = "DELETE FROM `mail_queue` WHERE `id` = '" . intval($line['id']) . "' LIMIT 1";
} else {
$sql = "UPDATE `mail_queue` SET `timeline` = '" . date("Y-m-d H:i:s", strtotime("-2 hours")) . "' LIMIT 1 ";
}
run_sql($sql);
}
include_once AROOT . 'controller' . DS . 'api.class.php';
if (db_errno() != 0) {
apiController::send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . db_error());
}
return apiController::send_result(array('to_send' => get_var("SELECT COUNT(*) FROM `mail_queue` WHERE `timeline` > '" . date("Y-m-d H:i:s", strtotime("-1 hour")) . "' ")));
}
function sql($statment, &$o)
{
/*
Supported options that can be passed in $o options array (as array keys):
'silentErrors': If true, errors will be returned in $o['error'] rather than displaying them on screen and exiting.
*/
global $Translation;
static $connected = false, $db_link;
$dbServer = config('dbServer');
$dbUsername = config('dbUsername');
$dbPassword = config('dbPassword');
$dbDatabase = config('dbDatabase');
ob_start();
if (!$connected) {
/****** Connect to MySQL ******/
if (!extension_loaded('mysql') && !extension_loaded('mysqli')) {
echo error_message('PHP is not configured to connect to MySQL on this machine. Please see <a href="http://www.php.net/manual/en/ref.mysql.php">this page</a> for help on how to configure MySQL.');
$e = ob_get_contents();
ob_end_clean();
if ($o['silentErrors']) {
$o['error'] = $e;
return FALSE;
} else {
echo $e;
exit;
}
}
if (!($db_link = @db_connect($dbServer, $dbUsername, $dbPassword))) {
echo error_message(db_error($db_link, true));
$e = ob_get_contents();
ob_end_clean();
if ($o['silentErrors']) {
$o['error'] = $e;
return FALSE;
} else {
echo $e;
exit;
}
}
/****** Select DB ********/
if (!db_select_db($dbDatabase, $db_link)) {
echo error_message(db_error($db_link));
$e = ob_get_contents();
ob_end_clean();
if ($o['silentErrors']) {
$o['error'] = $e;
return FALSE;
} else {
echo $e;
exit;
}
}
$connected = true;
}
if (!($result = @db_query($statment, $db_link))) {
if (!stristr($statment, "show columns")) {
// retrieve error codes
$errorNum = db_errno($db_link);
$errorMsg = db_error($db_link);
echo error_message(htmlspecialchars($errorMsg) . "\n\n<!--\n" . $Translation['query:'] . "\n {$statment}\n-->\n\n");
$e = ob_get_contents();
ob_end_clean();
if ($o['silentErrors']) {
$o['error'] = $errorMsg;
return false;
} else {
echo $e;
exit;
}
}
}
ob_end_clean();
return $result;
}
function upload($files, $inline = false)
{
$i = array();
if (!is_array($files)) {
$files = array($files);
}
foreach ($files as $file) {
if (($fileId = is_numeric($file) ? $file : AttachmentFile::upload($file)) && is_numeric($fileId)) {
$sql = 'INSERT INTO ' . ATTACHMENT_TABLE . ' SET `type`=' . db_input($this->getType()) . ',object_id=' . db_input($this->getId()) . ',file_id=' . db_input($fileId) . ',inline=' . db_input($inline ? 1 : 0);
// File may already be associated with the draft (in the
// event it was deleted and re-added)
if (db_query($sql, function ($errno) {
return $errno != 1062;
}) || db_errno() == 1062) {
$i[] = $fileId;
}
}
}
return $i;
}
function db_prepare($stmt)
{
global $ost, $__db;
$res = $__db->prepare($stmt);
if (!$res && $ost) {
// Include a backtrace in the error email
$msg = '[' . $stmt . "]\n\n" . db_error();
$ost->logDBError('DB Error #' . db_errno(), $msg);
}
return $res;
}
function db_query($query, $database = "", $conn = "")
{
global $ost;
if ($conn) {
/* connection is provided*/
$res = $database ? mysql_db_query($database, $query, $conn) : mysql_query($query, $conn);
} else {
$res = $database ? mysql_db_query($database, $query) : mysql_query($query);
}
if (!$res && $ost) {
//error reporting
$msg = '[' . $query . ']' . "\n\n" . db_error();
$ost->logDBError('DB Error #' . db_errno(), $msg);
//echo $msg; #uncomment during debuging or dev.
}
return $res;
}
function setBackup()
{
global $dbname, $dbh;
global $PARAM, $SUBS, $MSG, $MONTHS;
if (!is_dir(getAdmSetting('BACKUP_DIR'))) {
MkDir(getAdmSetting('BACKUP_DIR'), 0777);
}
if ($PARAM['upload'] == 1) {
global $bckFile, $bckFile_name;
if ($bckFile_name == '') {
$SUBS['ERROR'] = $MSG[20108];
$SUBS['BACKUP_ERROR'] = fileParse('_admin_error.htmlt');
} else {
if (!($UPLOAD = @file($bckFile))) {
setLogAndStatus("Reading", $bckFile, 0, "setBackup()", 'READ_UPLOAD');
}
$file = date('d F Y H_i_s');
$filename = getAdmSetting('BACKUP_DIR') . "/{$file}.sql";
$upload = '## ' . $MSG[20109] . date(' d F Y H:i:s') . "\n";
$upload .= "## {$MSG['20110']} {$bckFile_name}\n";
$upload .= join('', $UPLOAD);
if (!($fp = fopen($filename, 'w'))) {
setLogAndStatus("Opening", $filename, 0, "setBackup()", 'OPEN_FILE');
}
fwrite($fp, $upload);
fclose($fp);
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20050";
printPage('_admin_done.htmlt');
return;
}
}
//export database backup
if ($PARAM['export'] == 1) {
$file = date('d F Y H_i_s');
$filename = getAdmSetting('BACKUP_DIR') . "/{$file}.sql";
if (!($fp = fopen($filename, 'w'))) {
setLogAndStatus("Opening", 0, $filename, "setBackup()", 'OPEN_FILE');
}
//write comments if any
if ($PARAM['bckComments'] != '') {
$comments = '##' . ereg_replace("\n", "\n##", $PARAM['bckComments']) . "\n";
fwrite($fp, $comments);
}
if (!($res = db_list_tables($dbname, $dbh))) {
setLogAndStatus("db_list_tables()", 0, $dbname, "setBackup()", 'LIST_TABLES');
}
$num_tables = db_num_rows($res);
$i = 0;
while ($i < $num_tables) {
$table = db_tablename($res, $i);
$fields = db_list_fields($dbname, $table, $dbh);
$columns = db_num_fields($fields);
$tablelist = '';
for ($j = 0; $j < $columns; $j++) {
if ($columns - $j == 1) {
$tablelist .= db_field_name($fields, $j);
} else {
$tablelist .= db_field_name($fields, $j) . ',';
}
}
$schema = "REPLACE INTO {$table} ({$tablelist}) VALUES (";
$query = "SELECT * FROM {$dbname}.{$table}";
$result = runQuery($query, 'setBackup()', 'SELECT_TABLES');
while ($row = db_fetch_row($result)) {
$schema_insert = '';
for ($j = 0; $j < $columns; $j++) {
if (!isset($row[$j])) {
$schema_insert .= ' NULL,';
} else {
$schema_insert .= ' ' . dbQuote($row[$j]) . ',';
}
}
$schema_insert = $schema . ereg_replace(',$', '', $schema_insert);
$schema_insert .= ");\r\n";
fwrite($fp, $schema_insert);
}
$i++;
}
fclose($fp);
// the ZIP thing --------------------
$fp = fopen($filename, "rb");
$data = fread($fp, filesize($filename));
fclose($fp);
$name = array(baseName($filename));
$data = array($data);
$content = makezip($name, $data);
$fp = fopen('./zip/' . basename($filename) . '.ZIP', "wb");
fputs($fp, $content);
fclose($fp);
// the ZIP thing --------------------
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20052";
printPage('_admin_done.htmlt');
return;
}
//prepare for import or delete
$backups = opendir(getAdmSetting('BACKUP_DIR'));
while (($file = readdir($backups)) != false) {
if (!is_dir($file)) {
$BCKUPS[eregi_replace('[^a-z0-9]', '_', $file)] = getAdmSetting('BACKUP_DIR') . "/{$file}";
}
}
closedir($backups);
reset($PARAM);
while (list($k, $v) = each($PARAM)) {
if (ereg('^bck_(.*)$', $k, $R)) {
$BACKUPS[] = $R[1];
}
}
reset($PARAM);
//delete backups
if ($PARAM['delete'] == 1) {
if (count($BACKUPS) == 0) {
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20008";
printPage('_admin_done.htmlt');
return;
}
for ($i = 0; $i < count($BACKUPS); $i++) {
if (!@unlink($BCKUPS[$BACKUPS[$i]])) {
setLogAndStatus("Deleting", $BCKUPS[$BACKUPS[$i]], "setBackup()", 'DEL_BACKUP');
}
}
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20054";
printPage('_admin_done.htmlt');
return;
}
//import database backup
if ($PARAM['import'] == 1) {
if (count($BACKUPS) > 1) {
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20053";
printPage('_admin_done.htmlt');
return;
}
if (count($BACKUPS) == 0) {
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20008";
printPage('_admin_done.htmlt');
return;
}
//get backup file
$file = fread(fopen($BCKUPS[$BACKUPS[0]], 'r'), filesize($BCKUPS[$BACKUPS[0]]));
////---- [Mrasnika's] Edition 21.03.2002
split_sql_file($BACKUP, $file);
//reset tables
if (!($res = db_list_tables($dbname, $dbh))) {
setLogAndStatus("db_list_tables()", 1, $dbname, "databaseBackup()", 'LIST_TABLES_2');
}
$num_tables = db_num_rows($res);
$i = 0;
while ($i < $num_tables) {
$table = db_tablename($res, $i);
$query = "DELETE FROM {$dbname}.{$table}";
$result = runQuery($query, 'setBackup()', 'RESET_TABLES');
$i++;
}
//fill tables
while (list($k, $query) = each($BACKUP)) {
if (!ereg('^#', $query)) {
if (!($result = db_query($query, $dbh))) {
setLogAndStatus($query, db_errno($dbh), db_error($dbh), "databaseBackup()", 'RESTORE_DB');
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20055";
printPage('_admin_done.htmlt');
return;
}
}
}
$SUBS['COMMAND'] = $PARAM['cmd'] . "&err=20056";
printPage('_admin_done.htmlt');
return;
}
$backups = opendir(getAdmSetting('BACKUP_DIR'));
$last = 0;
while (($file = readdir($backups)) != false) {
if (!is_dir($file)) {
$date = stat(getAdmSetting('BACKUP_DIR') . "/{$file}");
if ($last < $date[9]) {
$month = intval(date('m'));
$SUBS['LAST'] = $MSG[20051] . date(' d ', $date[9]) . $MONTHS[$month] . date(' Y H.i.s', $date[9]);
}
$SUBS['SIZE'] = sprintf('%0.2f KB', $date[7] / 1024);
$SUBS['NAME'] = eregi_replace('_', ':', $file);
$SUBS['CHECK'] = eregi_replace('[^a-z0-9]', '_', $file);
//checkbox name
$SUBS['WHERE'] = getAdmSetting('BACKUP_DIR') . "/{$file}";
if (!($BACKUP = @file(getAdmSetting('BACKUP_DIR') . "/{$file}"))) {
setLogAndStatus("Reading", 0, getAdmSetting('BACKUP_DIR') . "/{$file}", "setBackup()", 'READ_FILE');
}
$comments = '';
//get comments from the beginning of the file
for ($i = 0; $i < count($BACKUP); $i++) {
if (eregi('^##(.*)$', $BACKUP[$i], $R)) {
$comments .= $R[1];
}
}
if ($comments != '') {
$SUBS['COMMENTS'] = ' ' . ereg_replace("\n", '<BR> ', htmlEncode($comments));
$SUBS['COMMENTS'] = ereg_replace('<BR> $', '', $SUBS['COMMENTS']);
} else {
$SUBS['COMMENTS'] = '';
}
$SUBS['BACKUPS'] .= fileParse('_admin_backup_row.htmlt');
}
}
closedir($backups);
if ($PARAM['err'] != '') {
$SUBS['ERROR'] = $MSG[$PARAM['err']];
$SUBS['BACKUP_ERROR'] = fileParse('_admin_error.htmlt');
}
printPage('_admin_backup.htmlt');
}
if (!$res or !($replyID = db_insert_id())) {
$errors['err'] = 'Unable to create the reply. Internal error';
} else {
$msg = 'Premade reply created';
}
} elseif ($_POST['a'] == 'update') {
//update
$res = db_query('UPDATE ' . KB_PREMADE_TABLE . ' ' . $sql . ' WHERE premade_id=' . db_input($_POST['id']));
if ($res && db_affected_rows()) {
$msg = 'Premade reply updated';
$answer = db_fetch_array(db_query('SELECT * FROM ' . KB_PREMADE_TABLE . ' WHERE premade_id=' . db_input($id)));
} else {
$errors['err'] = 'Internal update error occured. Try again';
}
}
if ($errors['err'] && db_errno() == 1062) {
$errors['title'] = 'Title already exists!';
}
} else {
$errors['err'] = $errors['err'] ? $errors['err'] : 'Error(s) occured. Try again';
}
break;
case 'process':
if (!$_POST['canned'] || !is_array($_POST['canned'])) {
$errors['err'] = 'You must select at least one item';
} else {
$msg = '';
$ids = implode(',', $_POST['canned']);
$selected = count($_POST['canned']);
if (isset($_POST['enable'])) {
if (db_query('UPDATE ' . KB_PREMADE_TABLE . ' SET isenabled=1,updated=NOW() WHERE isenabled=0 AND premade_id IN(' . $ids . ')')) {
function db_halt($message = '', $sql = '')
{
global $errmsg;
$dberror = db_error();
$dberrno = db_errno();
if ($sql) {
$errmsg .= "<b>SQL</b>: " . htmlspecialchars($sql) . "<br>";
}
$errmsg .= "<b>Error</b>: {$dberror}<br>";
$errmsg .= "<b>Errno. </b>: {$dberrno}<br>";
return false;
}
function db_halt($message = '', $sql = '')
{
global $db_prefix;
$timestamp = time();
$errmsg = '';
$dberror = db_error();
$dberrno = db_errno();
$dberror = str_replace($db_prefix, '***', $dberror);
$sql = str_replace($db_prefix, '***', $sql);
$errmsg = "<b>Bo-Blog Database System Tips</b>: {$message}\n\n";
$errmsg .= "<b>Time</b>: " . gmdate("Y-n-j g:ia", $timestamp + $GLOBALS["timeoffset"] * 3600) . "\n";
$errmsg .= "<b>Script</b>: " . $GLOBALS['PHP_SELF'] . "\n\n";
if ($sql) {
$errmsg .= "<b>SQL</b>: " . htmlspecialchars($sql) . "\n";
}
$errmsg .= "<b>Error</b>: {$dberror}\n";
$errmsg .= "<b>Errno.</b>: {$dberrno}";
@header("Content-Type: text/html; charset=utf-8");
echo "</table></table></table></table></table>\n";
echo "<p style=\"font-family: Verdana, Tahoma; font-size: 11px; background: #FFFFFF;\">";
echo nl2br($errmsg);
echo '</p>';
exit;
}
function db_query($query, $logError = true)
{
global $ost;
$res = mysql_query($query);
if (!$res && $logError && $ost) {
//error reporting
$msg = '[' . $query . ']' . "\n\n" . db_error();
$ost->logDBError('DB Error #' . db_errno(), $msg);
//echo $msg; #uncomment during debuging or dev.
}
return $res;
}
/**
Report errors only
@param $sql - if this function is being called from exec_install_sql,
assume that the prefix has already been applied if applicable.
*/
function exec_install_sql_statement($sql, &$error)
{
$result = db_query($sql);
if ($result) {
$error = NULL;
return TRUE;
} else {
$errno = db_errno();
$error = array('error' => db_error() . ' (' . $errno . ')', 'detail' => $sql);
// Need to keep this up to date, for any errors which are not
// strictly errors!
if ($errno == 1062) {
// row already exists
return TRUE;
} else {
if ($errno == 1060) {
// column already exists
return TRUE;
} else {
if ($errno == 1091) {
// column cannot be dropped because it no longer exists.
return TRUE;
} else {
if ($errno == 1050) {
// table already exists
return TRUE;
} else {
return FALSE;
}
}
}
}
}
}
function api_checklist_add()
{
$content = z(t(v('text')));
if (!not_empty($content)) {
return apiController::send_error(LR_API_ARGS_ERROR, 'TEXT CAN\'T EMPTY');
}
$tid = intval(v('tid'));
if (intval($tid) < 1) {
return apiController::send_error(LR_API_ARGS_ERROR, 'TID NOT EXISTS');
}
// check user
$tinfo = get_todo_info_by_id($tid);
if (intval($tinfo['details']['is_public']) == 0 && uid() != $tinfo['owner_uid']) {
return apiController::send_error(LR_API_FORBIDDEN, 'ONLY PUBLIC TODO CAN ADD CHECKLIST BY OTHERS');
}
$sql = "INSERT INTO `checklist` ( `tid` , `title` , `content` , `timeline` , `uid` ) VALUES ( '" . intval($tid) . "' , '" . s($content) . "' , '" . s($content) . "' , NOW() , '" . intval(uid()) . "' ) ";
run_sql($sql);
if (db_errno() != 0) {
return apiController::send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
} else {
return apiController::send_result(get_line("SELECT * FROM `checklist` WHERE `id` = '" . intval(last_id()) . "' LIMIT 1", db()));
}
}
/**
@param $extension - its a hack, but we pass this in, so its easier to filter it out of the alternate extensions list.
*/
function insert_s_file_type_extensions($content_type, $default_extension, $alt_extensions_r)
{
$content_type = validate_content_type($content_type);
if (is_exists_file_type($content_type)) {
$default_extension = strtolower(trim($default_extension));
if (strlen($default_extension) > 0) {
if (delete_s_file_type_extensions($content_type)) {
if (is_array($alt_extensions_r)) {
$extensions_r = array_merge(array($default_extension), $alt_extensions_r);
} else {
$extensions_r[] = $default_extension;
}
while (list(, $extension) = each($extensions_r)) {
$extension = strtolower(trim($extension));
if (strlen($extension) > 0) {
$query = "INSERT INTO s_file_type_extension ( content_type, extension, default_ind )" . "VALUES ('{$content_type}', '" . $extension . "', '" . ($extension == $default_extension ? 'Y' : 'N') . "')";
$insert = db_query($query);
$rows_affected = db_affected_rows();
if ($insert && $rows_affected !== -1) {
if ($rows_affected > 0) {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($content_type, $default_extension, $extensions_r));
}
} else {
$errno = db_errno();
if ($errno != 1062) {
// ignore duplicate row exception
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($content_type, $default_extension, $extensions_r));
return FALSE;
}
}
}
}
return TRUE;
} else {
return FALSE;
}
} else {
return TRUE;
}
} else {
return FALSE;
}
}
/**
* 团队成员列表
*
* 不包含密码信息
*
* @param string token , 必填
* @return user list array
* @author EasyChen
*/
public function team_members()
{
$sql = "SELECT * FROM `user` WHERE `is_closed` = 0 LIMIT 500";
if (!($data = get_data($sql))) {
if (db_errno() == 0) {
return self::send_error(LR_API_DB_EMPTY_RESULT, __('API_MESSAGE_EMPTY_RESULT_DATA'));
} else {
return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . mysql_error());
}
}
// clean password field
foreach ($data as $k => $v) {
$data[$k]['password'] = null;
unset($data[$k]['password']);
if (strlen($data[$k]['groups']) > 0) {
$data[$k]['groups'] = explode('|', trim($data[$k]['groups'], '|'));
}
}
return self::send_result($data);
}
function register($email, $userName, $passwd)
{
$dsql = array();
$dsql[] = "'" . s($userName) . "'";
$dsql[] = "'" . s(pinyin(strtolower($userName))) . "'";
$dsql[] = "'" . s($email) . "'";
$dsql[] = "'" . s(md5($passwd)) . "'";
$dsql[] = "'" . s(date("Y-m-d H:i:s")) . "'";
$sql = "REPLACE INTO `user` ( `name` , `pinyin` , `email` , `password` , `timeline` ) VALUES ( " . join(' , ', $dsql) . " )";
run_sql($sql);
if (db_errno() != 0) {
die('DATABASE_ERROR' . db_error());
}
}
function publish_feed($content, $uid, $type = 0, $tid = 0)
{
if (is_mobile_request()) {
$device = 'mobile';
} else {
$device = 'web';
}
$tid = intval($tid);
if ($type == 2 && $tid > 0) {
$comment_count = get_var("SELECT COUNT(*) FROM `todo_history` WHERE `tid` = '" . intval($tid) . "' AND `type` = 2 ", db());
} else {
$comment_count = 0;
}
$sql = "INSERT INTO `feed` ( `content` , `tid` , `uid` , `type` ,`timeline` , `device` , `comment_count` ) VALUES ( '" . s($content) . "' , '" . intval($tid) . "', '" . intval($uid) . "' , '" . intval($type) . "' , NOW() , '" . s($device) . "' , '" . intval($comment_count) . "' )";
run_sql($sql);
$lid = last_id();
if (db_errno() != 0) {
return false;
} else {
if ($comment_count > 0 && $type == 2 && $tid > 0) {
$sql = "UPDATE `feed` SET `comment_count` = '" . intval($comment_count) . "' WHERE `tid` = '" . intval($tid) . "' AND `comment_count` != '" . intval($comment_count) . "' ";
run_sql($sql);
}
return $lid;
}
}
function AddSuccess($results, $msg)
{
if (!$results || $results->rowCount() == 0) {
//should log mysql errors to a file instead of displaying them to the user
echo 'Invalid query: ' . db_errno() . "<br>" . ": " . db_error() . "<br>";
echo "<div align=\"center\"><h1>{$msg['0']}</h1></div>";
} else {
echo "<div align=\"center\"><h1>{$msg['1']}</h1></div>";
}
}
