Exemplo n.º 1
0
 function translate()
 {
     $translate = array();
     if (!$this->saved_content['Text']) {
         $translate[] = 'Text';
     }
     $trFrom = $trSect = $trText = array();
     if (!empty($translate)) {
         $newest = $DB->asArray("SELECT t1.section, t1.* FROM content AS t1\n                LEFT JOIN content t2 ON t1.section = t2.section\n                AND t1.language = t2.language\n                AND t1.revision < t2.revision\n                WHERE t2.section IS NULL\n                AND t1.id='" . Database::escape($id) . "'\n                AND (t1.section='" . implode("' OR t1.section='", Database::escape($translate, true)) . "')\n                ORDER BY t1.revision DESC", true);
         foreach ($newest as $s => $translation) {
             $trFrom[] = $translation['language'];
             $trText[] = $translation['content'];
             $trSect[] = $s;
         }
     }
     if (!$obj->Name && !$_POST['etitle']) {
         if ($info = $DB->metadata->getRow(array('id' => $obj->ID, 'field' => 'Name'), 'value, metameta')) {
             $trFrom[] = $info['metameta'];
             $trText[] = $info['value'];
             $trSect[] = 'Name';
         }
     }
     $translation = array();
     if (!empty($trText)) {
         $translation = @array_combine($trSect, google::translate($trText, $trFrom, $language));
     }
     return $translation;
 }
Exemplo n.º 2
0
 /**
  * View contents of folders to which the user has access
  * @param $url URL to send the rendered links to. "$" in the URL will be replaced with the ID of the link
  * @return HTML
  */
 function fullStructure($url = false)
 {
     global $DB, $USER, $Controller;
     $r = '';
     if ($Controller->{ADMIN_GROUP}(OVERRIDE)->isMember($USER)) {
         $objs = array($Controller->fileRoot);
     } else {
         $privilegeIDS = array_merge((array) $USER->ID, $USER->groupIds);
         $objs = $Controller->get($DB->asList("SELECT spine.id FROM spine RIGHT JOIN privileges ON spine.id = privileges.id WHERE spine.class = 'Folder' AND privileges.beneficiary IN ('" . join("','", Database::escape($privilegeIDS, true)) . "') AND privileges.privileges > 0"), ANYTHING, false, false);
     }
     $folders = array();
     foreach ($objs as $obj) {
         $p = $obj;
         while ($p = $p->Dir) {
             if (!$p->may($USER, READ)) {
                 break;
             } elseif (isset($objs[$p->ID])) {
                 continue 2;
             }
         }
         if (is_a($obj, 'Folder')) {
             if (!in_array($obj->filename, $this->ignore)) {
                 $folders[$obj->filename] = $obj;
             }
         }
     }
     ksort($folders);
     return listify(array_map(array($this, 'displayLink'), $folders, array_fill(0, count($folders), $url)));
 }
Exemplo n.º 3
0
    function process()
    {
        global $current_user;
        /* @var $current_user CurrentUser */
        $current_user->can_throw('add_comments');
        /*
         [writemodule] => CommentsWriteModule
         [reply_to] => 1
         [doc_id] => 440
         [comment] => ghjkhjk
        */
        $document_id = max(0, (int) Request::post('doc_id'));
        $table = Request::post('table');
        $comment = Request::post('comment');
        $reply_to = max(0, (int) Request::post('reply_to'));
        Database::query('START TRANSACTION');
        $query = 'SELECT max(`id`) as `id` FROM `comments` WHERE `doc_id` = ' . $document_id . ' AND `table`=' . Database::escape($table) . '';
        $maxid = 1 + max(0, Database::sql2single($query));
        $query = 'INSERT INTO `comments` SET 
		`id`=' . $maxid . ',
		`table`=' . Database::escape($table) . ', 
		`comment`=' . Database::escape($comment) . ',
		`parent`=' . $reply_to . ',
		`doc_id`=' . $document_id . ',
		`id_author`=' . $current_user->id . ',
		`time`=' . time();
        Database::query($query);
        Database::query('COMMIT');
    }
Exemplo n.º 4
0
 function write()
 {
     global $current_user;
     /*@var $current_user CurrentUser*/
     $current_user->can_throw('books_edit');
     $id = isset(Request::$post['id']) ? Request::$post['id'] : 0;
     $id = max(0, (int) $id);
     $row = Database::sql2row('SELECT * FROM genre WHERE `id`=' . $id);
     if (!$row) {
         return;
     }
     if (!$id) {
         throw new Exception('Illegal id');
     }
     $description = prepare_review(isset(Request::$post['description']) ? Request::$post['description'] : '');
     if (!$description) {
         throw new Exception('Empty description');
     }
     $description = prepare_review($description);
     $query = 'UPDATE `genre` SET `description`=' . Database::escape($description) . ' WHERE `id`=' . $id;
     Database::query($query);
     ob_end_clean();
     header('Location:' . Config::need('www_path') . '/genres/' . $row['name']);
     $current_user->gainActionPoints('genres_edit', $id, BiberLog::TargetType_genre);
     exit;
 }
Exemplo n.º 5
0
	function sendMessage($id_author, $to_users, $subject, $body, $time, $thread_id = false) {
		if (!is_array($to_users))
			throw new Exception('$to_users must be an array');
		Database::query('START TRANSACTION');
		$query = 'INSERT INTO `users_messages` SET
			`id_author`=' . $id_author . ',
			`time`=' . $time . ',
			`subject`=' . Database::escape($subject) . ',
			`html`=' .  Database::escape($body);
		Database::query($query);
		// если есть тред - пишем в тот же тред
		$lastId = Database::lastInsertId();
		$thread_id = $thread_id ? $thread_id : $lastId;
		if ($thread_id) {
			$q = array();
			foreach ($to_users as $receiver_id) {
				$is_new = ($receiver_id == $id_author) ? 0 : 1;
				$q[] = '(' . $lastId . ',' . $thread_id . ',' . $receiver_id . ',' . $is_new . ',0)';
			}
			if (count($q)) {
				$query = 'INSERT INTO `users_messages_index`(message_id,thread_id,id_recipient,is_new,is_deleted) VALUES ' . implode(',', $q);
				Database::query($query);
			}
		}
		Database::query('COMMIT');
	}
Exemplo n.º 6
0
 function edit_event()
 {
     $id = $_POST['id'] ? $_POST['id'] : 'NULL';
     $_POST['template_id'] = max(1, (int) $_POST['template_id']);
     Database::query('INSERT INTO `lib_events` SET
         `id` = ' . $id . ',
         `title`=' . Database::escape($_POST['title']) . ',
         `male`=' . Database::escape($_POST['male']) . ',
         `age_start_days`=' . Database::escape($_POST['age_start_days']) . ',
         `age_end_days`=' . Database::escape($_POST['age_end_days']) . ',
         `description`=' . Database::escape($_POST['description']) . ',
         
         `template_id`=' . Database::escape($_POST['template_id']) . '
             ON DUPLICATE KEY UPDATE
         `title`=' . Database::escape($_POST['title']) . ',
         `male`=' . Database::escape($_POST['male']) . ',
         `age_start_days`=' . Database::escape($_POST['age_start_days']) . ',
         `age_end_days`=' . Database::escape($_POST['age_end_days']) . ',
         `description`=' . Database::escape($_POST['description']) . ',
         
         `template_id`=' . Database::escape($_POST['template_id']) . '
             ');
     $id = $id == 'NULL' ? Database::lastInsertId() : $id;
     header('Location: /admin/event/' . $id . '/edit');
 }
Exemplo n.º 7
0
	function write() {
		global $current_user;
		/* @var $current_user CurrentUser */
		if (!$current_user->authorized)
			throw new Exception('Access denied');

		$id = isset(Request::$post['id']) ? Request::$post['id'] : 0;
		$id = max(0, (int) $id);
		$parent_id = isset(Request::$post['parent_id']) ? Request::$post['parent_id'] : false;
		$parent_id = max(0, (int) $parent_id);
		if (!$id)
			throw new Exception('Illegal id');

		$title = isset(Request::$post['title']) ? Request::$post['title'] : false;
		$description = isset(Request::$post['description']) ? Request::$post['description'] : false;


		if ($parent_id == $id)
			throw new Exception('Illegal parent');

		if ($parent_id) {
			$query = 'SELECT `id` FROM `series` WHERE `id`=' . $parent_id;
			if (!Database::sql2single($query))
				throw new Exception('No such parent');
		}

		if (!$title)
			throw new Exception('Empty title');

		$description = prepare_review($description);
		$title = prepare_review($title, '');

		$query = 'UPDATE `series` SET `id_parent`=' . $parent_id . ',`title`=' . Database::escape($title) . ', `description`=' . Database::escape($description) . ' WHERE `id`=' . $id;
		Database::query($query);
	}
Exemplo n.º 8
0
	function getOne() {
		$query = 'SELECT * FROM `genre` WHERE `name`=' . Database::escape($this->genre_name);
		$data = Database::sql2row($query);
		if (!isset($data['name']))
			return;
		$this->data['genres'][$data['id']] = array(
		    'name' => $data['name'],
		    'id' => $data['id'],
		    'id_parent' => $data['id_parent'],
		    'title' => $data['title'],
		    'books_count' => $data['books_count']
		);

		if (!$data['id_parent']) {
			$this->data['genres'][$data['id']]['subgenres'] = $this->getAll($data['id']);
			return;
		}

		$query = 'SELECT `id_book` FROM `book_genre` BG JOIN `book` B ON B.id = BG.id_book WHERE BG.id_genre = ' . $data['id'] . ' ORDER BY B.mark DESC LIMIT 20';
		$bids = Database::sql2array($query, 'id_book');
		$books = Books::getByIdsLoaded(array_keys($bids));
		Books::LoadBookPersons(array_keys($bids));

		foreach ($books as $book) {
			$book = Books::getById($book->id);
			list($aid, $aname) = $book->getAuthor(1, 1, 1); // именно наш автор, если их там много
			$this->data['genres'][$data['id']]['books'][] = array('id' => $book->id,
			    'cover' => $book->getCover(),
			    'title' => $book->getTitle(true),
			    'author' => $aname,
			    'author_id' => $aid,
			    'lastSave' => $book->data['modify_time']);
		}
	}
Exemplo n.º 9
0
	function getLikes() {
		if (!$this->genre_id)
			return;
		$query = 'SELECT * FROM `genre` WHERE `name`=' . Database::escape($this->genre_id);
		$data = Database::sql2row($query);
		if($data['id']){
			
		}
	}
Exemplo n.º 10
0
	function setStatus($status_code, $message) {
		$query = 'UPDATE `features` SET
			`status`=' . (int) $status_code . ',
			`last_run`=' . time() . ',
			`last_message`=' . Database::escape($message) . '
				WHERE
			`id`=' . $this->id;
		Database::query($query);
	}
Exemplo n.º 11
0
 public function getPostByUrl($url)
 {
     $where = "Blog ='" . Database::escape($this->getId()) . "' AND Url = '" . Database::escape($url) . "'";
     $lista = BlogPost::SELECT($where);
     if (count($lista)) {
         return $lista[0];
     }
     return null;
 }
Exemplo n.º 12
0
 public static function getByName($name)
 {
     $name = Database::escape($name);
     $items = self::SELECT("`Name` = '{$name}'");
     if (1 != count($items)) {
         return null;
     }
     return $items[0];
 }
 private final function set_filter($array)
 {
     if (isset($array['comparison'])) {
         $clause = "`{$array['column']}` {$array['comparison']} '" . Database::escape($array['value']) . "'";
     } else {
         $clause = "`{$array['column']}` = '" . Database::escape($array['value']) . "'";
     }
     $this->where_clause[] = $clause;
 }
Exemplo n.º 14
0
	function write() {
		global $current_user;
		/* @var $current_user CurrentUser */
		if (!$current_user->authorized)
			throw new Exception('Access denied');

		$data = array(
		    'target_id' => max(0, (int) Request::$post['target_id']),
		    'target_type' => max(0, (int) Request::$post['target_type']),
		    'comment' => prepare_review(Request::$post['annotation']),
		    'rate' => min(6, max(0, (int) Request::$post['rate'])) + 1,
		);


		$event = new Event();


		if (!$data['comment']) {
			// inserting rate
			if ($data['rate'] && ($data['target_type'] == 0)) {
				$time = time();
				if ($data['rate'] > 1) {
					$query = 'INSERT INTO `book_rate` SET `id_book`=' . $data['target_id'] . ',`id_user`=' . $current_user->id . ',`rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ' ON DUPLICATE KEY UPDATE
				`rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . '';
					Database::query($query);
				}
				//recalculating rate
				$query = 'SELECT COUNT(1) as cnt, SUM(`rate`) as rate FROM `book_rate` WHERE `id_book`=' . $data['target_id'];
				$res = Database::sql2row($query);
				$book_mark = round($res['rate'] / $res['cnt'] * 10);
				$query = 'UPDATE `book` SET `mark`=' . $book_mark . ' WHERE `id`=' . $data['target_id'];
				Database::query($query);
				$event->event_BookRateAdd($current_user->id, $data['target_id'], $data['rate'] - 1);
			}
		} else {
			if (!$data['target_id'])
				return;
			$query = 'INSERT INTO `reviews` SET
				`id_target`=' . $data['target_id'] . ',
				`target_type`=' . $data['target_type'] . ',
				`id_user`=' . $current_user->id . ',
				`time`=' . time() . ',
				`comment`=' . Database::escape($data['comment']) . ',
				`rate`=' . ($data['rate'] - 1) . '
					ON DUPLICATE KEY UPDATE
				`time`=' . time() . ',
				`comment`=' . Database::escape($data['comment']) . ',
				`rate`=' . ($data['rate'] - 1) . '';
			Database::query($query);
			//event
			$event->event_BookReviewAdd($current_user->id, $data['target_id'],$data['target_type'], $data['rate'] - 1 , $data['comment']);
		}


		$event->push();
	}
Exemplo n.º 15
0
 /**
  *  Para insertar un nuevo registro, debo pasar la ruta de
  *  una imagen válida (puede ser de un archivo local o uno remoto con http://...)
  */
 public static function INSERT($image_path)
 {
     // Compruebo si el archivo es en realidad una imagen:
     //$finfo = finfo_open(FILEINFO_MIME_TYPE);
     //$mime = finfo_file($finfo, $image_path);
     $temp_hash = md5(microtime());
     Rack::Write('temp', $temp_hash, $image_path);
     $temp_path = Rack::Path('temp', $temp_hash);
     $is = getimagesize($temp_path);
     $mime = $is['mime'];
     switch ($mime) {
         case 'image/jpeg':
             $gd = @imagecreatefromjpeg($temp_path);
             break;
         case 'image/png':
             $gd = @imagecreatefrompng($temp_path);
             break;
         case 'image/gif':
             $gd = @imagecreatefromgif($temp_path);
             break;
         case 'image/bmp':
             $gd = @imagecreatefrombmp($temp_path);
             break;
         default:
             return null;
     }
     if (is_resource($gd)) {
         $width = imagesx($gd);
         $height = imagesy($gd);
         $hash = md5_file($temp_path);
         $list = Image::SELECT("Hash='" . Database::escape($hash) . "'");
         if (count($list)) {
             // La imagen ya existe :S
             $image = $list[0];
             $image->_setCounter($image->getCounter() + 1);
         } else {
             // Creo un nuevo registro de imagen :)
             $image = parent::INSERT();
             $image->_setWidth($width);
             $image->_setHeight($height);
             $image->_setMime($mime);
             $image->_setHash($hash);
             $image->_setSize(@filesize($temp_path));
             $image->_setCounter(1);
             // Copiar imagen a la carpeta de imágenes con el id de $image->getId(); (o con el hash)
             Rack::Write('img', md5($image->ID()), $temp_path);
         }
         Rack::Remove('temp', $temp_hash);
         return $image;
     } else {
         // Error al abrir la imagen
         Rack::Remove('temp', $temp_hash);
         return null;
     }
 }
Exemplo n.º 16
0
    function _new()
    {
        $name = Request::$post['name'][0];
        $value = Request::$post['value'][0];
        $comment = Request::$post['comment'][$key];
        $query = 'INSERT INTO `settings` SET
			`name`=' . Database::escape($name) . ',
			`comment`=' . Database::escape($comment) . ',
			`value`=' . Database::escape($value);
        Database::query($query);
    }
Exemplo n.º 17
0
	function getNew() {
		$uid = Request::get(0);
		if ($uid != 'me') {
			if ($uid)
				$uid = Database::sql2single('SELECT `id` FROM `users` WHERE `nickname`=' . Database::escape($uid));
		}
		if($uid)
		XMLClass::$varNode->setAttribute('to', $uid);
		$this->data['message'] = array();
		$this->data['message']['thread_id'] = $this->thread_id;
	}
Exemplo n.º 18
0
 function _new()
 {
     $title = trim(Request::post('title'));
     if (!$title) {
         throw new Exception('title missed');
     }
     $query = 'INSERT INTO `rightholders` SET `title`=' . Database::escape($title);
     Database::query($query);
     @ob_end_clean();
     header('Location: /admin/rightholders/' . Database::lastInsertId());
     exit;
 }
Exemplo n.º 19
0
	function __construct($id = false, $data = false) {
		$this->loaded = false;
		if ($id && !is_numeric($id)) {
			$query = 'SELECT `id` FROM `users` WHERE `nickname`=' . Database::escape($id);
			$id = (int) Database::sql2single($query);
		}
		if ($id) {
			$this->id = max(0, $id);
		}
		if ($data)
			$this->load($data);
	}
Exemplo n.º 20
0
 function _upsert($data)
 {
     $q = array();
     foreach ($data as $field => $value) {
         $q[] = '`' . $field . '`=' . Database::escape($value);
     }
     if (count($q)) {
         Database::query('INSERT INTO `feature_groups` SET ' . implode(',', $q) . ' ON DUPLICATE KEY UPDATE  ' . implode(',', $q));
     }
     @ob_end_clean();
     header('Location: ' . Config::need('www_path') . '/features');
     exit(0);
 }
Exemplo n.º 21
0
 public function del_two_way($accountId)
 {
     /* Update query, om de secret te verwijderen. */
     $update = Database::query("UPDATE customer SET secret = null WHERE id = " . Database::escape($accountId));
     /* Kijken of de query is gelukt. */
     if ($update) {
         /* Gelukt, verwijder nu de two-way verificatie van de huidige sessie. */
         unset($_SESSION['login']['secret']);
     } else {
         /* Query mislukt, gooi foutmelding terug. */
         throw new Exception($update);
     }
 }
Exemplo n.º 22
0
 public static function add(&$data)
 {
     // Fields
     $SessionId = md5(microtime());
     $Ip = Database::escape($_SERVER['REMOTE_ADDR']);
     $UserAgent = Database::escape($_SERVER['HTTP_USER_AGENT']);
     $Created = time();
     $Data = Database::escape(serialize($data));
     $sql = "INSERT INTO `SystemSession` (`id`, `__timestamp__`, `__operation__`, `SessionId`, `Ip`, `UserAgent`, `Created`, `Data`) VALUES (NULL, " . time() . ", 'INSERT', '{$SessionId}', '{$Ip}', '{$UserAgent}', '{$Created}', '{$Data}')";
     // Run query
     $result = Database::sql($sql);
     $id = Database::getInsertId();
     return self::ROW($id);
 }
Exemplo n.º 23
0
 public static function ROW($id)
 {
     $id = intval($id);
     if (array_key_exists($id, self::$data)) {
         return self::$data[$id];
     } else {
         $rows = self::SELECT("id='" . Database::escape($id) . "'");
         if (count($rows)) {
             return $rows[0];
         } else {
             return null;
         }
     }
 }
Exemplo n.º 24
0
	function _update($data, $tableName) {
		$q = array();
		$this->dropCache();
		foreach ($data as $field => $value) {
			if (isset($this->fieldsMap[$field])) {
				$q[] = '`' . $field . '`=' . Database::escape($value);
			}else
				throw new Exception('_create failed: illegal field #' . $field);
		}
		if (count($q)) {
			Database::query('UPDATE `' . $tableName . '` SET ' . implode(',', $q) . ' WHERE `id`=' . $this->id);
			return $lid = Database::lastInsertId();
		}
	}
Exemplo n.º 25
0
 function add_album_relation()
 {
     $album_id = $_POST['album_id'];
     $nick = $_POST['nick'];
     $role = $_POST['role'];
     $user_id = Database::sql2single('SELECT `id` FROM `user` WHERE `nickname`=' . Database::escape($nick));
     Database::query('INSERT INTO `album_family` SET
         `album_id`=' . $album_id . ',
         `user_id`=' . $user_id . ',
         `family_role`=' . $role . ',
         `add_time`=' . time() . '
             ON DUPLICATE KEY UPDATE
          `family_role`=' . $role . '');
 }
Exemplo n.º 26
0
    function write()
    {
        $id = Request::post('entry_id');
        $title = Request::post('title');
        $body = Request::post('body');
        $id_parent = Request::post('answer_to');
        global $current_user;
        $query = 'SELECT * FROM `blog_entries` WHERE `id`=' . $id;
        $data = Database::sql2row($query);
        $entry = new Entrie($data);
        if (!$current_user->authorized) {
            throw new Exception('must be autorized');
        }
        if (!$body) {
            throw new Exception('body missed');
        }
        if (!$title) {
            throw new Exception('title missed');
        }
        if ($id_parent) {
            // answer
            $query = 'SELECT * FROM `blog_entries_comments` WHERE `id`=' . $id_parent;
            $parent_comment = Database::sql2row($query);
            if ($parent_comment['id_parent'] > 0) {
                $answer_to = $id_parent;
                $id_parent = $parent_comment['id_parent'];
            } else {
                $answer_to = $id_parent;
                $id_parent = $parent_comment['id'];
            }
        } else {
            $answer_to = 0;
            $id_parent = 0;
        }
        $query = 'INSERT INTO `blog_entries_comments` SET
			`id_entry`=' . $id . ',
			`id_user`=' . $current_user->id . ',
			`id_parent`=' . $id_parent . ',
			`time`=' . time() . ',
			`title`=' . Database::escape($title) . ',
			`comment`=' . Database::escape($body) . ',
			`answer_to`=' . $answer_to;
        Database::query($query);
        $comment_id = Database::lastInsertId();
        $entry->updateCommentsCount();
        header('Location: ' . '/blog/' . $entry->user->getNickName() . '/' . $entry->id . '#comment-' . $comment_id);
        exit(0);
    }
Exemplo n.º 27
0
 function addComment()
 {
     global $current_user;
     $subscribe = false;
     if (isset(Request::$post['subscribe'])) {
         if (Request::$post['subscribe']) {
             $subscribe = true;
         }
     }
     if (!$current_user->id) {
         return;
     }
     $comment = isset(Request::$post['comment']) ? Request::$post['comment'] : false;
     $comment = trim(prepare_review($comment, '<em><i><strong><b><u><s>'));
     if (!$comment) {
         throw new Exception('comment body expected');
     }
     $post_id = Request::$post['id'];
     $data = array();
     if ($post_id) {
         if (isset(Request::$post['comment_id']) && ($comment_id = Request::$post['comment_id'])) {
             $data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment, $comment_id);
             if ($data) {
                 Notify::notifyEventCommentAnswer($data['commenter_id'], $post_id, $data['comment_id']);
             }
         } else {
             $data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment);
             if ($data) {
                 Notify::notifyEventComment($data['user_id'], $post_id, $data['comment_id']);
             }
         }
     }
     if ($data) {
         if ($subscribe) {
             // на своё и так и так подписаны
             if ($data['post']['user_id'] != $current_user->id) {
                 $query = 'SELECT `id` FROM `events` WHERE `mongoid`=' . Database::escape($post_id);
                 $intid = Database::sql2single($query);
                 if ($intid) {
                     /* @var $current_user User */
                     $current_user->setNotifyRule(UserNotify::UN_COMMENT_ANSWER, UserNotify::UNT_NOTIFY);
                     $current_user->save();
                     Notify::notifySubscribe($current_user->id, $intid);
                 }
             }
         }
     }
 }
Exemplo n.º 28
0
 /**
  * Permission-test overload to allow display if there are any files or folders that allow so
  * @see solidbase/lib/Base#may()
  */
 function may($beneficiary, $accessLevel)
 {
     $p = parent::may($beneficiary, $accessLevel);
     if (is_bool($p)) {
         return $p;
     }
     if ($accessLevel & READ) {
         if (!isset($this->READ[$beneficiary->ID])) {
             global $DB;
             $privilegeIDS = array_merge((array) $beneficiary->ID, $beneficiary->groupIds);
             $this->READ[$beneficiary->ID] = $DB->exists("SELECT `spine`.`id` as id FROM `spine` RIGHT JOIN `privileges` ON `spine`.`id` = `privileges`.`id` WHERE `spine`.`class` IN ('File','Folder') AND `privileges`.`beneficiary` IN ('" . join("','", Database::escape($privilegeIDS, true)) . "') AND (`privileges`.`privileges` & " . READ . ") > 0");
         }
         return $this->READ[$beneficiary->ID] ? true : 0;
     }
     return 0;
 }
Exemplo n.º 29
0
 public static function setPartnerCookie($id_partner)
 {
     global $current_user;
     /* @var $current_user CurrentUser */
     if ($id_partner) {
         $query = 'SELECT `id` FROM `partners` WHERE `pid`=' . Database::escape($id_partner);
         $pid = Database::sql2single($query);
         if ($pid) {
             if ($current_user) {
                 $time = Config::need('cookie_lifetime_partner', 5 * 60 * 60 * 24);
                 $current_user->setCookie('partner_id', $pid, time() + $time);
             }
             header('Location: ' . Request::$url, true, 302);
         }
     }
 }
Exemplo n.º 30
0
 public static function set_cookie($user_id)
 {
     $cookie_key = Config::need('COOKIE_KEY', 'u');
     $hash_coookie_key = $cookie_key . '_sh';
     $uid_coookie_key = $cookie_key . '_id';
     $hash = md5(time() . $user_id);
     Database::query('UPDATE `user` SET `lastAccessTime`=' . time() . ',`session`=' . Database::escape($hash) . ' WHERE `id`=' . $user_id);
     $expire = time() + 7 * 24 * 60 * 60;
     $path = '/';
     $domain = '.' . Config::need('www_domain');
     $secure = false;
     $httponly = false;
     setcookie($uid_coookie_key, $user_id, $expire, $path, $domain, $secure, $httponly);
     setcookie($hash_coookie_key, $hash, $expire, $path, $domain, $secure, $httponly);
     $_COOKIE[$uid_coookie_key] = $user_id;
     $_COOKIE[$hash_coookie_key] = $hash;
     self::authorize_cookie();
 }