/**
* Creates a new page
*/
private function _insertPage($data)
{
error_reporting(E_ALL);
$sql = "INSERT INTO " . TABLE_PREFIX . "page (title, slug, created_on, published_on, parent_id, layout_id, status_id, created_by_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
$pdo = Record::getConnection();
$stm = $pdo->prepare($sql);
$stm->execute($data);
return Record::lastInsertId();
}
public function edit_option()
{
$this->clean_post($_POST);
$tables = array();
$tables = isset($_POST['post_in_tables']) ? explode(',', str_replace(' ', '', $_POST['post_in_tables'])) : null;
if (!AuthUser::hasPermission('shopping_cart_edit') || empty($tables)) {
Flash::set('error', __('You are not allowed to perform this operation.'));
redirect(get_url('plugin/shopping_cart/'));
}
$item_pk = isset($_POST['post_in_item']) ? $_POST['post_in_item'] : null;
if (isset($_POST['post_in_item'])) {
// update
Record::query(" UPDATE " . $tables[0] . " SET\n a_id = '" . $_POST['attribute'] . "', \n name = '" . $_POST['name'] . "', \n description = '" . $_POST['description'] . "',\n add_price = '" . $_POST['add_price'] . "',\n priority = '" . $_POST['priority'] . "'\n WHERE id = '{$item_pk}'\n ");
/*
Record::query("delete from ".$tables[1]." where prod = '$item_pk' ");
Record::query("delete from ".$tables[2]." where prod = '$item_pk' ");
foreach($_POST['category'] as $v) {
Record::query("insert into ".$tables[1]." (prod, cat) values ('$item_pk', '$v')");
}
foreach($_POST['attributes'] as $v) {
Record::query("insert into ".$tables[2]." (prod, attr) values ('$item_pk', '$v')");
}
*/
} else {
// insert
$DBlastid = Record::query(" INSERT INTO " . $tables[0] . "\n (name, a_id, description, add_price, priority)\n VALUES\n ('" . $_POST['name'] . "', '" . $_POST['attribute'][0] . "', '" . $_POST['description'] . "', '" . $_POST['add_price'] . "', '" . $_POST['priority'] . "')\n ");
$item_pk = Record::lastInsertId($DBlastid);
}
Flash::set('success', __('Data has been saved successful.'));
redirect(get_url("plugin/shopping_cart"));
}
/**
* Executed through the Observer system each time a page is found.
*
* @global <type> $__CMS_CONN__
* @param Page $page The object instance for the page that was found.
* @return <type> Nothing.
*/
function comment_save(&$page)
{
// Check if we need to save a comment
if (!isset($_POST['comment'])) {
return;
}
$data = $_POST['comment'];
if (is_null($data)) {
return;
}
$captcha = Plugin::getSetting('use_captcha', 'comment');
if ($captcha && $captcha == '1') {
if (isset($data['secure'])) {
if ($data['secure'] == "" or empty($data['secure']) or $data['secure'] != $_SESSION['security_number']) {
return;
}
} else {
return;
}
}
if ($page->comment_status != Comment::OPEN) {
return;
}
if (!isset($data['author_name']) or trim($data['author_name']) == '') {
return;
}
if (!isset($data['author_email']) or trim($data['author_email']) == '') {
return;
}
if (!preg_match('/[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+(?:\\.[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+)*\\@[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+(?:\\.[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+)+/i', $data['author_email'])) {
return;
}
if (!isset($data['body']) or trim($data['body']) == '') {
return;
}
use_helper('Kses');
$allowed_tags = array('a' => array('href' => array(), 'title' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array());
$auto_approve_comment = Plugin::getSetting('auto_approve_comment', 'comment');
// Check for and correct problems with website link
if (isset($data['author_link']) && $data['author_link'] !== '') {
if (strpos($data['author_link'], 'http://') !== 0 && strpos($data['author_link'], 'https://') !== 0) {
$data['author_link'] = 'http://' . $data['author_link'];
}
}
global $__CMS_CONN__;
$sql = 'INSERT INTO ' . TABLE_PREFIX . 'comment (page_id, author_name, author_email, author_link, ip, body, is_approved, created_on) VALUES (' . '\'' . $page->id . '\', ' . $__CMS_CONN__->quote(strip_tags($data['author_name'])) . ', ' . $__CMS_CONN__->quote(strip_tags($data['author_email'])) . ', ' . $__CMS_CONN__->quote(strip_tags($data['author_link'])) . ', ' . $__CMS_CONN__->quote($data['author_ip']) . ', ' . $__CMS_CONN__->quote(kses($data['body'], $allowed_tags)) . ', ' . $__CMS_CONN__->quote($auto_approve_comment) . ', ' . $__CMS_CONN__->quote(date('Y-m-d H:i:s')) . ')';
$__CMS_CONN__->exec($sql);
// @todo FIXME - If code above used Comment object for saving data there would be
// no need to reload it from database. Using lastInsertId() is unrealiable anyway.
$comment_id = Record::lastInsertId();
$comment = Comment::findById($comment_id);
Observer::notify('comment_after_add', $comment);
if (Plugin::isEnabled('statistics_api')) {
$event = array('event_type' => 'comment_added', 'description' => __('A comment was added.'), 'ipaddress' => $comment->ip, 'username' => $comment->author_name);
Observer::notify('stats_comment_after_add', $event);
}
}
/**
* Videos
*/
public function video_create()
{
$record = Record::insert('ecommerce_product_video', $_POST['product_video']);
echo Record::lastInsertId();
}
