/** * Send a message (DB control) * @param int $sender_srl member_srl of sender * @param int $receiver_srl member_srl of receiver_srl * @param string $title * @param string $content * @param boolean $sender_log (default true) * @return Object */ function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = TRUE) { // Encode the title and content. $title = htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); $content = removeHackTag($content); $title = utf8_mbencode($title); $content = utf8_mbencode($content); $message_srl = getNextSequence(); $related_srl = getNextSequence(); // messages to save in the sendor's message box $sender_args = new stdClass(); $sender_args->sender_srl = $sender_srl; $sender_args->receiver_srl = $receiver_srl; $sender_args->message_type = 'S'; $sender_args->title = $title; $sender_args->content = $content; $sender_args->readed = 'N'; $sender_args->regdate = date("YmdHis"); $sender_args->message_srl = $message_srl; $sender_args->related_srl = $related_srl; $sender_args->list_order = $sender_args->message_srl * -1; // messages to save in the receiver's message box $receiver_args = new stdClass(); $receiver_args->message_srl = $related_srl; $receiver_args->related_srl = 0; $receiver_args->list_order = $related_srl * -1; $receiver_args->sender_srl = $sender_srl; if (!$receiver_args->sender_srl) { $receiver_args->sender_srl = $receiver_srl; } $receiver_args->receiver_srl = $receiver_srl; $receiver_args->message_type = 'R'; $receiver_args->title = $title; $receiver_args->content = $content; $receiver_args->readed = 'N'; $receiver_args->regdate = date("YmdHis"); // Call a trigger (before) $trigger_obj = new stdClass(); $trigger_obj->sender_srl = $sender_srl; $trigger_obj->receiver_srl = $receiver_srl; $trigger_obj->message_srl = $message_srl; $trigger_obj->related_srl = $related_srl; $trigger_obj->title = $title; $trigger_obj->content = $content; $trigger_obj->sender_log = $sender_log; $trigger_output = ModuleHandler::triggerCall('communication.sendMessage', 'before', $trigger_obj); if (!$trigger_output->toBool()) { return $trigger_output; } $oDB = DB::getInstance(); $oDB->begin(); // messages to save in the sendor's message box if ($sender_srl && $sender_log) { $output = executeQuery('communication.sendMessage', $sender_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } } // messages to save in the receiver's message box $output = executeQuery('communication.sendMessage', $receiver_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } // Call a trigger (after) ModuleHandler::triggerCall('communication.sendMessage', 'after', $trigger_obj); $oDB->commit(); // create a flag that message is sent (in file format) $this->updateFlagFile($receiver_srl); return new Object(0, 'success_sended'); }
/** * Update the document * @param object $source_obj * @param object $obj * @param bool $manual_updated * @return object */ function updateDocument($source_obj, $obj, $manual_updated = FALSE) { if (!$manual_updated && !checkCSRF()) { return new Object(-1, 'msg_invalid_request'); } if (!$source_obj->document_srl || !$obj->document_srl) { return new Object(-1, 'msg_invalied_request'); } if (!$obj->status && $obj->is_secret == 'Y') { $obj->status = 'SECRET'; } if (!$obj->status) { $obj->status = 'PUBLIC'; } // Call a trigger (before) $output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj); if (!$output->toBool()) { return $output; } // begin transaction $oDB =& DB::getInstance(); $oDB->begin(); $oModuleModel = getModel('module'); if (!$obj->module_srl) { $obj->module_srl = $source_obj->get('module_srl'); } $module_srl = $obj->module_srl; $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl); $document_config = $oModuleModel->getModulePartConfig('document', $module_srl); if (!$document_config) { $document_config = new stdClass(); } if (!isset($document_config->use_history)) { $document_config->use_history = 'N'; } $bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace'; if ($bUseHistory) { $args = new stdClass(); $args->history_srl = getNextSequence(); $args->document_srl = $obj->document_srl; $args->module_srl = $module_srl; if ($document_config->use_history == 'Y') { $args->content = $source_obj->get('content'); } $args->nick_name = $source_obj->get('nick_name'); $args->member_srl = $source_obj->get('member_srl'); $args->regdate = $source_obj->get('last_update'); $args->ipaddress = $source_obj->get('ipaddress'); $output = executeQuery("document.insertHistory", $args); } else { $obj->ipaddress = $source_obj->get('ipaddress'); } // List variables if ($obj->comment_status) { $obj->commentStatus = $obj->comment_status; } if (!$obj->commentStatus) { $obj->commentStatus = 'DENY'; } if ($obj->commentStatus == 'DENY') { $this->_checkCommentStatusForOldVersion($obj); } if ($obj->allow_trackback != 'Y') { $obj->allow_trackback = 'N'; } if ($obj->homepage) { $obj->homepage = removeHackTag($obj->homepage); if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } } if ($obj->notify_message != 'Y') { $obj->notify_message = 'N'; } // can modify regdate only manager $grant = Context::get('grant'); if (!$grant->manager) { unset($obj->regdate); } // Serialize the $extra_vars if (!is_string($obj->extra_vars)) { $obj->extra_vars = serialize($obj->extra_vars); } // Remove the columns for automatic saving unset($obj->_saved_doc_srl); unset($obj->_saved_doc_title); unset($obj->_saved_doc_content); unset($obj->_saved_doc_message); $oDocumentModel = getModel('document'); // Set the category_srl to 0 if the changed category is not exsiting. if ($source_obj->get('category_srl') != $obj->category_srl) { $category_list = $oDocumentModel->getCategoryList($obj->module_srl); if (!$category_list[$obj->category_srl]) { $obj->category_srl = 0; } } // Change the update order $obj->update_order = getNextSequence() * -1; // Hash the password if it exists if ($obj->password) { $obj->password = getModel('member')->hashPassword($obj->password); } // If an author is identical to the modifier or history is used, use the logged-in user's information. $logged_info = Context::get('logged_info'); if (Context::get('is_logged') && !$manual_updated && $module_info->use_anonymous != 'Y') { if ($source_obj->get('member_srl') == $logged_info->member_srl) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = htmlspecialchars_decode($logged_info->user_name); $obj->nick_name = htmlspecialchars_decode($logged_info->nick_name); $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // For the document written by logged-in user however no nick_name exists if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // If the tile is empty, extract string from the contents. $obj->title = htmlspecialchars($obj->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); settype($obj->title, "string"); if ($obj->title == '') { $obj->title = cut_str(strip_tags($obj->content), 20, '...'); } // If no tile extracted from the contents, leave it untitled. if ($obj->title == '') { $obj->title = 'Untitled'; } // Remove XE's own tags from the contents. $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // if use editor of nohtml, Remove HTML tags from the contents. if (!$manual_updated) { if (Mobile::isFromMobilePhone() && $obj->use_editor != 'Y') { if ($obj->use_html != 'Y') { $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); } $obj->content = nl2br($obj->content); } else { $oEditorModel = getModel('editor'); $editor_config = $oEditorModel->getEditorConfig($obj->module_srl); if (strpos($editor_config->sel_editor_colorset, 'nohtml') !== FALSE) { $obj->content = preg_replace('/\\<br(\\s*)?\\/?\\>/i', PHP_EOL, $obj->content); $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); $obj->content = str_replace(array("\r\n", "\r", "\n"), '<br />', $obj->content); } } } // Change not extra vars but language code of the original document if document's lang_code is different from author's setting. if ($source_obj->get('lang_code') != Context::getLangType()) { // Change not extra vars but language code of the original document if document's lang_code doesn't exist. if (!$source_obj->get('lang_code')) { $lang_code_args = new stdClass(); $lang_code_args->document_srl = $source_obj->get('document_srl'); $lang_code_args->lang_code = Context::getLangType(); $output = executeQuery('document.updateDocumentsLangCode', $lang_code_args); } else { $extra_content = new stdClass(); $extra_content->title = $obj->title; $extra_content->content = $obj->content; $document_args = new stdClass(); $document_args->document_srl = $source_obj->get('document_srl'); $document_output = executeQuery('document.getDocument', $document_args); $obj->title = $document_output->data->title; $obj->content = $document_output->data->content; } } // Remove iframe and script if not a top adminisrator in the session. if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // if temporary document, regdate is now setting if ($source_obj->get('status') == $this->getConfigStatus('temp')) { $obj->regdate = date('YmdHis'); } // Fix encoding of non-BMP UTF-8 characters. $obj->title = utf8_mbencode($obj->title); $obj->content = utf8_mbencode($obj->content); // Insert data into the DB $output = executeQuery('document.updateDocument', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // Remove all extra variables $extra_vars = array(); if (Context::get('act') != 'procFileDelete') { $this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType()); // Insert extra variables if the document successfully inserted. $extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl); if (count($extra_keys)) { foreach ($extra_keys as $idx => $extra_item) { $value = NULL; if (isset($obj->{'extra_vars' . $idx})) { $tmp = $obj->{'extra_vars' . $idx}; if (is_array($tmp)) { $value = implode('|@|', $tmp); } else { $value = trim($tmp); } } else { if (isset($obj->{$extra_item->name})) { $value = trim($obj->{$extra_item->name}); } } if ($value == NULL) { continue; } $extra_vars[$extra_item->name] = $value; $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid); } } // Inert extra vars for multi-language support of title and contents. if ($extra_content->title) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType()); } if ($extra_content->content) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType()); } } // Update the category if the category_srl exists. if ($source_obj->get('category_srl') != $obj->category_srl || $source_obj->get('module_srl') == $logged_info->member_srl) { if ($source_obj->get('category_srl') != $obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl')); } if ($obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $obj->category_srl); } } // Call a trigger (after) if ($obj->update_log_setting === 'Y') { $obj->extra_vars = serialize($extra_vars); if ($this->grant->manager) { $obj->is_admin = 'Y'; } $update_output = $this->insertDocumentUpdateLog($obj, $source_obj); if (!$update_output->toBool()) { $oDB->rollback(); return $update_output; } } ModuleHandler::triggerCall('document.updateDocument', 'after', $obj); // commit $oDB->commit(); // Remove the thumbnail file FileHandler::removeDir(sprintf('files/thumbnails/%s', getNumberingPath($obj->document_srl, 3))); $output->add('document_srl', $obj->document_srl); //remove from cache Rhymix\Framework\Cache::delete('document_item:' . getNumberingPath($obj->document_srl) . $obj->document_srl); return $output; }
/** * Fix the comment * @param object $obj * @param bool $is_admin * @param bool $manual_updated * @return object */ function updateComment($obj, $is_admin = FALSE, $manual_updated = FALSE) { if (!$manual_updated && !checkCSRF()) { return new Object(-1, 'msg_invalid_request'); } if (!is_object($obj)) { $obj = new stdClass(); } $obj->__isupdate = TRUE; // call a trigger (before) $output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj); if (!$output->toBool()) { return $output; } // create a comment model object $oCommentModel = getModel('comment'); // get the original data $source_obj = $oCommentModel->getComment($obj->comment_srl); if (!$source_obj->getMemberSrl()) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // check if permission is granted if (!$is_admin && !$source_obj->isGranted()) { return new Object(-1, 'msg_not_permitted'); } if ($obj->password) { $obj->password = getModel('member')->hashPassword($obj->password); } if ($obj->homepage) { $obj->homepage = removeHackTag($obj->homepage); if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } } // set modifier's information if logged-in and posting author and modifier are matched. $logged_info = Context::get('logged_info'); if (Context::get('is_logged')) { if ($source_obj->member_srl == $logged_info->member_srl) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = $logged_info->user_name; $obj->nick_name = $logged_info->nick_name; $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // if nick_name of the logged-in author doesn't exist if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } if (!$obj->content) { $obj->content = $source_obj->get('content'); } // remove Rhymix's wn tags from contents $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // if use editor of nohtml, Remove HTML tags from the contents. if (!$manual_updated) { if (Mobile::isFromMobilePhone() && $obj->use_editor != 'Y') { if ($obj->use_html != 'Y') { $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); } $obj->content = nl2br($obj->content); } else { $oEditorModel = getModel('editor'); $editor_config = $oEditorModel->getEditorConfig($obj->module_srl); if (strpos($editor_config->sel_comment_editor_colorset, 'nohtml') !== FALSE) { $obj->content = preg_replace('/\\<br(\\s*)?\\/?\\>/i', PHP_EOL, $obj->content); $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); $obj->content = str_replace(array("\r\n", "\r", "\n"), '<br />', $obj->content); } } } // remove iframe and script if not a top administrator on the session if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } $obj->content = utf8_mbencode($obj->content); // begin transaction $oDB = DB::getInstance(); $oDB->begin(); // Update $output = executeQuery('comment.updateComment', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // call a trigger (after) ModuleHandler::triggerCall('comment.updateComment', 'after', $obj); // commit $oDB->commit(); $output->add('comment_srl', $obj->comment_srl); return $output; }