require_once "config.php";
require_once "database.php";
$db = new Connector();
$db->connect($config);
if (isset($_GET) && isset($_GET["reinit"]) && $_GET["reinit"] == "true") {
// Reset database
require_once "models/journal_definitions.php";
require_once "models/journals.php";
require_once "models/articles.php";
$definitions_model = new Journal_definitions();
$journal_model = new Journals();
$article_model = new Articles();
// Clear tables
$definitions_model->clear($db);
$journal_model->clear($db);
$article_model->clear($db);
}
// Parsing the journal list csv file
if ($config["journal_list_run"] === true) {
require_once "parsers/parse_journal_list.php";
new Journal_list($config, $db);
}
// Parsing pubmed central XML
if ($config["pubmed_central_run"] === true) {
require_once "parsers/pubmed_central_xml.php";
new Pubmed_central_parser($config, $db);
}
// Parsing Ovid XML
if ($config["ovid_run"] === true) {
require_once "parsers/ovid_xml.php";
new Ovid_parser($config, $db);
// not found
} elseif (!isset($item['id'])) {
include '../error.php';
// publication is restricted
} elseif (!$permitted) {
// anonymous users are invited to log in
if (!Surfer::is_logged()) {
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'users/login.php?url=' . urlencode(Articles::get_url($item['id'], 'unpublish')));
}
// permission denied to authenticated user
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// update the database
} elseif ($error = Articles::unpublish($item['id'])) {
$context['text'] .= $error;
} else {
// clear the cache
Articles::clear($item);
// display the updated page
Safe::redirect(Articles::get_permalink($item));
}
// clear the tab we are in, if any
if (is_object($anchor)) {
$context['current_focus'] = $anchor->get_focus();
}
// path to this page
$context['path_bar'] = Surfer::get_path_bar($anchor);
// page title
$context['page_title'] = i18n::s('Draft');
// render the skin
render_skin();
/**
* change only some attributes
*
* @param array an array of fields
* @return TRUE on success, or FALSE on error
**/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// quey components
$query = array();
// change access rights
if (isset($fields['active_set'])) {
// anchor cannot be empty
if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// determine the actual right
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
// remember these in this record
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
// cascade anchor access rights
Anchors::cascade('article:' . $fields['id'], $fields['active']);
}
// anchor this page to another place
if (isset($fields['anchor'])) {
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
$query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
$query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
}
// other fields that can be modified individually
if (isset($fields['behaviors'])) {
$query[] = "behaviors='" . SQL::escape($fields['behaviors']) . "'";
}
if (isset($fields['extra'])) {
$query[] = "extra='" . SQL::escape($fields['extra']) . "'";
}
if (isset($fields['description'])) {
$query[] = "description='" . SQL::escape($fields['description']) . "'";
}
if (isset($fields['file_overlay'])) {
$query[] = "file_overlay='" . SQL::escape($fields['file_overlay']) . "'";
}
if (isset($fields['handle']) && $fields['handle']) {
$query[] = "handle='" . SQL::escape($fields['handle']) . "'";
}
if (isset($fields['icon_url'])) {
$query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'";
}
if (isset($fields['introduction'])) {
$query[] = "introduction='" . SQL::escape($fields['introduction']) . "'";
}
if (isset($fields['language'])) {
$query[] = "language='" . SQL::escape($fields['language']) . "'";
}
if (isset($fields['locked'])) {
$query[] = "locked='" . SQL::escape($fields['locked']) . "'";
}
if (isset($fields['meta'])) {
$query[] = "meta='" . SQL::escape($fields['meta']) . "'";
}
if (isset($fields['nick_name'])) {
$query[] = "nick_name='" . SQL::escape($fields['nick_name']) . "'";
}
if (isset($fields['options'])) {
$query[] = "options='" . SQL::escape($fields['options']) . "'";
}
if (isset($fields['overlay'])) {
$query[] = "overlay='" . SQL::escape($fields['overlay']) . "'";
}
if (isset($fields['overlay_id'])) {
$query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'";
}
if (isset($fields['owner_id'])) {
$query[] = "owner_id=" . SQL::escape($fields['owner_id']);
}
if (isset($fields['publish_date'])) {
$query[] = "publish_name='" . SQL::escape(isset($fields['publish_name']) ? $fields['publish_name'] : $fields['edit_name']) . "'";
$query[] = "publish_id=" . SQL::escape(isset($fields['publish_id']) ? $fields['publish_id'] : $fields['edit_id']);
$query[] = "publish_address='" . SQL::escape(isset($fields['publish_address']) ? $fields['publish_address'] : $fields['edit_address']) . "'";
$query[] = "publish_date='" . SQL::escape($fields['publish_date']) . "'";
}
if (isset($fields['prefix'])) {
$query[] = "prefix='" . SQL::escape($fields['prefix']) . "'";
}
if (isset($fields['rank'])) {
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
}
if (isset($fields['source'])) {
$query[] = "source='" . SQL::escape($fields['source']) . "'";
}
if (isset($fields['suffix'])) {
$query[] = "suffix='" . SQL::escape($fields['suffix']) . "'";
}
if (isset($fields['thumbnail_url'])) {
$query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'";
}
if (isset($fields['tags'])) {
$query[] = "tags='" . SQL::escape($fields['tags']) . "'";
}
if (isset($fields['title'])) {
$fields['title'] = strip_tags($fields['title'], '<br>');
$query[] = "title='" . SQL::escape($fields['title']) . "'";
}
if (isset($fields['trailer'])) {
$query[] = "trailer='" . SQL::escape($fields['trailer']) . "'";
}
if (isset($fields['rating_sum'])) {
$query[] = "rating_sum='" . SQL::escape($fields['rating_sum']) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='article:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query = "UPDATE " . SQL::table_name('articles') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// list the article in categories
Categories::remember('article:' . $fields['id'], isset($fields['publish_date']) ? $fields['publish_date'] : NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// clear the cache
Articles::clear($fields);
// end of job
return TRUE;
}
/**
* transcode some references
*
* @see images/images.php
*
* @param array of pairs of strings to be used in preg_replace()
*/
function transcode($transcoded)
{
global $context;
// no item bound
if (!isset($this->item['id'])) {
return;
}
// prepare preg_replace()
$from = array();
$to = array();
foreach ($transcoded as $pair) {
$from[] = $pair[0];
$to[] = $pair[1];
}
// transcode various fields
$this->item['introduction'] = preg_replace($from, $to, $this->item['introduction']);
$this->item['description'] = preg_replace($from, $to, $this->item['description']);
// update the database
$query = "UPDATE " . SQL::table_name('articles') . " SET " . " introduction = '" . SQL::escape($this->item['introduction']) . "'," . " description = '" . SQL::escape($this->item['description']) . "'" . " WHERE id = " . SQL::escape($this->item['id']);
SQL::query($query);
// always clear the cache
Articles::clear($this->item);
}
/**
* change only some (minor) attributes
*/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// following fields are forbidden with this function
if (isset($fields['password']) || isset($fields['nickname']) || isset($field['editor'])) {
Logger::error(i18n::s('This action is forbidden with users::put_attributes function.'));
return FALSE;
}
// remember who is changing this record
Surfer::check_default_editor($fields);
// query components
$query = array();
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// protect from hackers
if (isset($fields['avatar_url'])) {
$fields['avatar_url'] = encode_link($fields['avatar_url']);
}
// build SET part of the query
foreach ($fields as $key => $field) {
if ($key == 'id') {
continue;
}
$query[] = $key . "='" . SQL::escape($field) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// actual update query
$query = "UPDATE " . SQL::table_name('users') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// list the user in categories
if (isset($fields['tags']) && $fields['tags']) {
Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']);
}
// clear the cache
Articles::clear($fields);
// end of job
return TRUE;
}