Exemplo n.º 1
1
function bb2_db_escape($string)
{
    include_once PLOG_CLASS_PATH . "class/database/db.class.php";
    return Db::qstr($string);
}
 function update($blockedHost)
 {
     $query = "UPDATE " . $this->getPrefix() . "host_blocking_rules\n                      SET host = '" . $blockedHost->getHost() . "',\n                      mask = " . $blockedHost->getMask() . ",\n                      blog_id = " . $blockedHost->getBlogId() . ",\n                      block_type = " . $blockedHost->getType() . ",\n                      reason = '" . Db::qstr($blockedHost->getReason()) . "'\n                      WHERE id = " . $blockedHost->getId();
     $result = $this->Execute($query);
     return $result;
 }
 /**
  * Deletes a sent message
  *
  * @param messageId The id of the message that we'd like to delete
  * @return true if successful or false otherwise
  */
 function deleteMessage($messageId)
 {
     $prefix = $this->getPrefix();
     $query = "DELETE FROM {$prefix}mailcentre_sent\n                      WHERE id = '" . Db::qstr($messageId) . "'";
     $result = $this->Execute($query);
     // if there was an error with the query or no rows were affected,
     // then something went definitely wrong...
     if (!$result) {
         return false;
     }
     if ($this->_db->Affected_Rows() == 0) {
         return false;
     }
     return true;
 }
 function verifyRequest($userNameHash, $requestHash)
 {
     // make sure that the request is correct
     $users = new Users();
     // it's not a good idea to do this but it makes things a bit easier...
     $prefix = $users->getPrefix();
     $query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email, \n\t\t\t          u.about AS about, u.full_name AS full_name, u.properties AS properties, \n\t\t\t\t\t  IF(p.permission_id = 1, 1, 0 ) AS site_admin, u.resource_picture_id AS resource_picture_id,\n\t\t\t\t\t  u.status AS status\n\t\t\t\t\t  FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id \n\t\t\t\t\t  WHERE MD5(u.user) = '" . Db::qstr($userNameHash) . "'";
     $userInfo = $users->_getUserInfoFromQuery($query);
     // try to see if we can load the user...
     if (!$userInfo) {
         return false;
     }
     // and if so, validate the hash
     $originalRequestHash = SummaryTools::calculatePasswordResetHash($userInfo);
     if ($requestHash != $originalRequestHash) {
         return false;
     }
     return $userInfo;
 }
 /**
  * updates a rule
  *
  * @param rule a FilteredContent object containing the data
  * we'd like to update.
  * @return True upon success or false otherwise.
  */
 function updateFilteredContent($rule)
 {
     $query = "UPDATE " . $this->getPrefix() . "filtered_content SET " . "blog_id = " . $rule->getBlogId() . ", " . "reg_exp = '" . Db::qstr($rule->getRegExp(true)) . "', " . "reason = '" . Db::qstr($rule->getReason()) . "' " . " WHERE blog_id = " . $rule->getBlogId() . " AND id = " . $rule->getId() . ";";
     $result = $this->Execute($query);
     if (!$result) {
         return false;
     }
     return true;
 }
Exemplo n.º 6
0
 /**
  * Updates a link in the database.
  *
  * @param myLink A MyLink object with the information we'd like to update.
  * @return True if successful or false otherwise.
  */
 function updateMyLink($myLink)
 {
     $query = "UPDATE " . $this->getPrefix() . "mylinks SET\n                      name = '" . Db::qstr($myLink->getName()) . "',\n                      description = '" . Db::qstr($myLink->getDescription()) . "',\n                      url = '" . Db::qstr($myLink->getUrl()) . "',\n                      category_id = " . $myLink->getCategoryId() . ",\n                      date = date,\n\t\t\t\t\t  properties = '" . Db::qstr(serialize($myLink->getProperties())) . "',\n\t\t\t\t\t  rss_feed = '" . Db::qstr($myLink->getRssFeed()) . "'\n                      WHERE id = " . $myLink->getId() . " AND blog_id = " . $myLink->getBlogId() . ";";
     $result = $this->Execute($query);
     if (!$result) {
         return false;
     } else {
         if ($result) {
             // mark the corresponding link categories as modified now
             $linkCategories = new MyLinksCategories();
             $linkCategories->updateCategoryModificationDate($myLink->getCategoryId());
         }
         return true;
     }
 }
 /**
  * Returns an array of SearchResult objects containing information about the search, such as the
  * relevance (not very relevant, though :)), and the ArticleObject
  *
  * @param blogId The id of the blog whose articles we would like to search
  * @param query The query string we'd like to use.
  * @param minRelevance Minimum value of the relevance field, to get rid of less meaningful
  * results
  * @param maxResults Maximum number of results that will be returned.
  * @return An array of SearchResult objects
  */
 function searchComments($blogId, $query, $minRelevance = 0, $maxResults = 0, $status = POST_STATUS_PUBLISHED, $userId = -1, $date = 0)
 {
     $prefix = $this->getPrefix();
     $query = $this->_adaptSearchString($query);
     // MARKWU: I also need to take care when there are multiplu search term
     // Split the search term by space
     $query_array = explode(' ', $query);
     // For each search terms, I should make a like query for it
     $where_string = "(";
     $where_string .= "((c.normalized_topic LIKE '%{$query_array[0]}%') OR (c.normalized_text LIKE '%{$query_array[0]}%'))";
     for ($i = 1; $i < count($query_array); $i = $i + 1) {
         $where_string .= " AND ((c.normalized_topic LIKE '%{$query_array[$i]}%') OR (c.normalized_text LIKE '%{$query_array[$i]}%'))";
     }
     $where_string .= " OR ((c.normalized_topic LIKE '%{$query}%') OR (c.normalized_text LIKE '%{$query}%'))";
     $where_string .= ")";
     // Make the whole sql query string
     $searchQuery = "SELECT a.id AS id, t.topic AS topic, t.text AS text, a.date AS date,\n\t\t\t                       a.user_id AS user_id, a.blog_id AS blog_id, a.num_reads AS num_reads, \n\t\t\t\t\t\t\t       a.properties AS properties, t.normalized_text AS normalized_text,\n\t\t\t\t\t\t\t       t.normalized_topic AS normalized_topic, a.status AS status, a.slug AS slug, \n\t\t\t\t\t\t\t       1 AS relevance \n\t\t\t\t\t\t\t FROM {$prefix}articles_comments c, {$prefix}articles a, {$prefix}articles_text t\n\t\t\t\t\t\t\t WHERE {$where_string} AND c.article_id = a.id AND a.status = {$status} AND c.status = 0\n\t\t\t\t\t\t\t       AND t.article_id = a.id";
     if ($blogId > 0) {
         $searchQuery .= " AND a.blog_id = '" . Db::qstr($blogId) . "' ";
     }
     if ($userId > 0) {
         $searchQuery .= " AND a.user_id = '" . Db::qstr($userId) . "' ";
     }
     if ($date > 0) {
         $searchQuery .= " AND a.date+0 LIKE '{$date}%' ";
     }
     $searchQuery .= " ORDER BY relevance";
     // print $searchQuery;
     // print "<hr />";
     return $this->_getQueryResults($searchQuery, SEARCH_RESULT_COMMENT);
 }
 /**
  * removes a trackback from the database
  *
  * @param trackbackId
  * @param articleId
  * @return True if successful or false otherwise
  */
 function deletePostTrackback($trackbackId, $articleId = -1)
 {
     $prefix = $this->getPrefix();
     $query = "DELETE FROM {$prefix}trackbacks WHERE id = '" . Db::qstr($trackbackId) . "'";
     if ($articleId > 0) {
         $query .= " AND article_id = '" . Db::qstr($articleId) . "'";
     }
     return $this->Execute($query);
 }
 /**
  * update last modification field
  */
 function updateLastModification($categoryId, $lastModification)
 {
     $query = "UPDATE " . $this->getPrefix() . "mylinks_categories\n\t\t\t\t\t  SET last_modification = '" . Db::qstr($lastModification) . "' \n\t\t\t\t\t  WHERE id = '" . Db::qstr($categoryId) . "'";
     $this->_db->debug = false;
     $result = $this->_db->Execute($query);
     return $result;
 }
 /**
  * adds a custom field value to the given article
  *
  * @param fieldId
  * @param fieldValue
  * @param articleId
  * @param blogId
  * @return True if successful or false otherwise
  */
 function addCustomFieldValue($fieldId, $fieldValue, $articleId, $blogId)
 {
     $filter = new Textfilter();
     $query = "INSERT INTO " . $this->getPrefix() . "custom_fields_values\n\t\t\t          (field_id, field_value, normalized_value, blog_id, article_id)\n\t\t\t\t\t  VALUES (\n\t\t\t\t\t  {$fieldId}, '" . Db::qstr($fieldValue) . "','" . $filter->normalizeText(Db::qstr($fieldValue)) . "',\n\t\t\t\t\t  {$blogId}, {$articleId}\n\t\t\t\t\t  )";
     $result = $this->Execute($query);
     return $result;
 }
 function updatePoll(&$poll)
 {
     $prefix = $this->getPrefix();
     $q = "update {$prefix}plogpoll_polls " . "set subject='" . Db::qstr($poll->getSubject()) . "'," . "responses='" . Db::qstr(serialize($poll->getResponses())) . "'," . "responsedata='" . Db::qstr(serialize($poll->getResponseData())) . "'" . " where id=" . $poll->getId();
     return $this->Execute($q);
 }
Exemplo n.º 12
0
 /**
  * disables a blog
  *
  * @param blogId
  */
 function disableBlog($blogId)
 {
     $query = "UPDATE " . $this->getPrefix() . "blogs\n                          SET status = '" . BLOG_STATUS_DISABLED . "'\n                          WHERE id = '" . Db::qstr($blogId) . "'";
     $result = $this->Execute($query);
     if (!$result) {
         return false;
     }
     if ($this->_db->Affected_Rows() == 0) {
         return false;
     }
     return true;
 }
 /**
  * updates a resource in the database.
  *
  * @param resource A GalleryResource object with the information of the
  * resource we'd like to update.
  * @return Returns true if successful or false otherwise
  */
 function updateResource($resource)
 {
     $tf = new TextFilter();
     $query = "UPDATE " . $this->getPrefix() . "gallery_resources\n                      SET album_id = " . $resource->getAlbumId() . ",\n                      description = '" . Db::qstr($resource->getDescription()) . "',\n                      flags = " . $resource->getFlags() . ",\n                      resource_type = " . $resource->getResourceType() . ",\n                      file_path = '" . $resource->getFilePath() . "',\n                      file_name = '" . $resource->getFileName() . "',\n                      metadata = '" . Db::qstr(serialize($resource->getMetadata())) . "',\n\t\t\t\t\t  thumbnail_format ='" . $resource->getThumbnailFormat() . "',\n                      date = '" . $resource->getDate() . "',\n                      normalized_description = '" . Db::qstr($tf->normalizeText($resource->getDescription())) . "'\n                      WHERE id = " . $resource->getId();
     $result = $this->Execute($query);
     if (!$result) {
         return false;
     } else {
         return true;
     }
 }
 /**
  * returns the lastest $maxItems comments received in the blog
  *
  * @param blogId
  * @param maxItems
  * @return An array of ArticleComment objects
  */
 function getBlogComments($blogId, $maxItems = 0, $articleStatus = POST_STATUS_PUBLISHED)
 {
     $prefix = $this->getPrefix();
     $query = "SELECT c.id AS id, c.article_id AS article_id, c.topic AS topic, \n\t\t\t                 c.text AS text, c.date AS date, c.user_email AS user_email,\n\t\t\t\t\t\t\t c.user_url AS user_url, c.user_name AS user_name, c.parent_id AS parent_id,\n\t\t\t\t\t\t\t c.client_ip AS client_ip, c.send_notification AS send_notification,\n\t\t\t\t\t\t\t c.status AS status      \n\t\t\t\t\t  FROM {$prefix}articles_comments c, {$prefix}articles a\n\t\t\t          WHERE a.blog_id = '" . Db::qstr($blogId) . "' AND a.id = c.article_id\n\t\t\t\t\t        AND a.status = {$articleStatus} \n\t\t\t\t\t  ORDER BY date DESC";
     if ($maxItems > 0) {
         $query .= " LIMIT 0, {$maxItems}";
     }
     $result = $this->Execute($query);
     if (!$result) {
         return false;
     }
     if ($result->RowCount() == 0) {
         return array();
     }
     $comments = array();
     $articles = new Articles();
     while ($row = $result->FetchRow()) {
         // load the article to which this comment belongs
         $comment = $this->_fillCommentInformation($row);
         $article = $articles->getBlogArticle($comment->getArticleId(), $blogId);
         $comment->setArticle($article);
         // and store everything in the array
         $comments[] = $comment;
     }
     $result->Close();
     return $comments;
 }
 /**
  * returns how many categories a blog has
  *
  * @param blogId
  * @param includeHidden
  * @return an integer
  */
 function getBlogNumCategories($blogId, $includeHidden = false)
 {
     // table name
     $prefix = $this->getPrefix();
     $table = "{$prefix}articles_categories";
     // conditions
     $cond = "blog_id = '" . Db::qstr($blogId) . "'";
     if (!$includeHidden) {
         $cond .= " AND in_main_page = 1";
     }
     // return the total number
     $total = $this->getNumItems($table, $cond);
     return $total;
 }
 /**
  * update a field in the database
  *
  * @param field
  * @return True if successful or false otherwise
  */
 function updateCustomField($field)
 {
     $query = "UPDATE " . $this->getPrefix() . "custom_fields_definition\n\t\t\t          SET field_name = '" . Db::qstr($field->getName()) . "',\n\t\t\t\t\t  field_description = '" . Db::qstr($field->getDescription()) . "',\n\t\t\t\t\t  field_type = " . Db::qstr($field->getType()) . ",\n\t\t\t\t\t  date = date,\n\t\t\t\t\t  hidden = " . $field->isHidden() . "\n\t\t\t\t\t  WHERE id = " . $field->getId();
     $result = $this->Execute($query);
     return $result;
 }
 /**
  * @private
  */
 function _insertValue($key, $value)
 {
     $type = $this->_getType($value);
     switch ($type) {
         case TYPE_INTEGER:
         case TYPE_BOOLEAN:
         case TYPE_FLOAT:
             $query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n                              VALUES( '{$key}', '{$value}', {$type} )";
             break;
         case TYPE_STRING:
             // need to add quotes here
             $query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n                              VALUES( '{$key}', '" . Db::qstr($value) . "', {$type} )";
             break;
         case TYPE_ARRAY:
         case TYPE_OBJECT:
             // need to serialize here
             $serValue = addslashes(serialize($value));
             $query = "INSERT INTO " . $this->_dbPrefix . "config (config_key,config_value,value_type)\n                              VALUES( '{$key}', '{$serValue}', {$type} )";
             break;
         default:
             throw new Exception("_insertValue: _getType produced an unexpected value of {$type}");
             die;
     }
     $result = $this->_db->Execute($query);
     if ($result) {
         return true;
     } else {
         return false;
     }
 }
 /**
  * returns the usernames of the users who have permissions in a blog
  *
  * @param blogId
  * @retur An array of UserInfo objects
  */
 function getBlogUsers($blogId)
 {
     $query = "SELECT * FROM " . $this->getPrefix() . "users_permissions WHERE blog_id = '" . Db::qstr($blogId) . "'";
     $result = $this->Execute($query);
     if (!$result) {
         return false;
     }
     $blogUsers = array();
     $users = new Users();
     while ($row = $result->FetchRow()) {
         $blogUsers[] = $users->getUserInfoFromId($row["user_id"]);
     }
     return $blogUsers;
 }
Exemplo n.º 19
0
 /**
  * removes the text of an article
  * 
  * @param articleId
  * @private
  * @return true if successful or false otherwise
  * @see Articles::deleteArticle
  */
 function deleteArticleText($articleId)
 {
     $query = "DELETE FROM " . $this->getPrefix() . "articles_text WHERE article_id = '" . Db::qstr($articleId) . "'";
     return $this->Execute($query);
 }
Exemplo n.º 20
0
 function updateResources()
 {
     $dbPrefix = $this->dbPrefix;
     $query = "SELECT * FROM {$dbPrefix}gallery_resources";
     $result = $this->db->Execute($query);
     while ($row = $result->FetchRow()) {
         $resId = $row["id"];
         //$normName = $this->t->normalizeText( $row["name"] );
         $normDescription = Db::qstr($this->t->normalizeText($row["description"]));
         $query = "UPDATE {$dbPrefix}gallery_resources\n                          SET normalized_description = '{$normDescription}', date = date\n                          WHERE id = {$resId}";
         $res = $this->db->Execute($query);
         if (!$res) {
             $this->message .= "There was an error updating the resources table.<br/>";
             return false;
         }
     }
     $this->message .= "Resources table updated successfully!<br/>";
     return true;
 }
 /**
  * returns all the albums of the blog in an array. The key of the array is the
  * parent id of all the albums in the position, and each position is either an
  * array with all the albums that share the same parent id or empty if none
  *
  * @param userId 
  * @param albumId
  * @return An associative array
  */
 function getUserAlbumsGroupedByParentId($userId, $albumId = 0)
 {
     $prefix = $this->getPrefix();
     $query = "SELECT id, owner_id, description,\n        \t                 name, flags, parent_id,\n        \t                 date, properties, show_album \n        \t          FROM {$prefix}gallery_albums \n\t\t\t          WHERE owner_id = '" . Db::qstr($userId) . "'\n\t\t\t\t\t  ORDER BY name ASC";
     $result = $this->Execute($query);
     if (!$result) {
         return array();
     }
     $albums = array();
     $ids = array();
     $ids[] = 0;
     while ($row = $result->FetchRow()) {
         $album = new GalleryAlbum($row["owner_id"], $row["name"], $row["description"], $row["flags"], $row["parent_id"], $row["date"], unserialize($row["properties"]), $row["show_album"], $row["id"]);
         $key = $album->getParentId();
         if (!array_key_exists($key, $albums) || $albums["{$key}"] == "") {
             $albums["{$key}"] = array();
         }
         $albums["{$key}"][] = $album;
         $ids[] = $album->getId();
     }
     return $albums;
 }
Exemplo n.º 22
0
 /**
  * check if the email account has been registered
  * @return true if the email account has been registered
  */
 function emailExists($email)
 {
     $query = "SELECT email \n                      FROM " . $this->getPrefix() . "users \n                      WHERE email = '" . Db::qstr($email) . "'";
     $result = $this->_db->Execute($query);
     if ($result && $result->RecordCount() >= 1) {
         return true;
     } else {
         return false;
     }
 }
Exemplo n.º 23
0
 /**
  * returns how many referrers the blog has
  *
  *Ê@param blogId
  * @param articleId
  * @return a number
  */
 function getBlogTotalReferers($blogId, $articleId = -1)
 {
     $prefix = $this->getPrefix();
     $table = "{$prefix}referers";
     $cond = "blog_id = '" . Db::qstr($blogId) . "'";
     if ($articleId > -1) {
         $cond .= " AND article_id = '" . Db::qstr($articleId) . "'";
     }
     return $this->getNumItems($table, $cond);
 }