Exemplo n.º 1
0
 static function display_recent_comments($num = 4, $page = 'blog')
 {
     // Load comments and titles for the entries
     $sql = "SELECT\n                    `name`,\n                    `comment`,\n                    `" . DB_PREFIX . "comments`.`created`,\n                    `title`,\n                    `slug`\n\t\t\t\tFROM `" . DB_PREFIX . "comments`\n\t\t\t\tLEFT JOIN `" . DB_PREFIX . "entries`\n\t\t\t\t\tUSING( `entry_id` )\n\t\t\t\tORDER BY `" . DB_PREFIX . "comments`.`created` DESC\n\t\t\t\tLIMIT {$num}";
     try {
         $stmt = DB_Connect::create()->db->query($sql);
         FB::log($sql);
         $list = NULL;
         foreach ($stmt->fetchAll(PDO::FETCH_OBJ) as $entry) {
             $text = Utilities::text_preview(stripslashes($entry->title), 5, FALSE);
             $url = $entry->slug;
             $comment = Utilities::text_preview($entry->comment, 10, FALSE);
             $link = "/{$page}/{$entry->slug}";
             $list .= "\n                        <li>{$entry->name} posted on <a href=\"{$link}\">{$text}</a>: {$comment}</li>";
         }
         $stmt->closeCursor();
         return "\n                    <ul id=\"recent-comments\">{$list}\n                    </ul>";
     } catch (Exception $e) {
         FB::log($e);
         throw new Exception("Couldn't load popular entries.");
     }
 }
Exemplo n.º 2
0
 /**
  * Writes data to the database; either updates or creates an entry
  *
  * @return bool        Returns true on success or false on error
  */
 public function save_entry()
 {
     // Initialize all variables to prevent any notices
     $entry_id = '';
     $page_id = '';
     $title = NULL;
     $entry = NULL;
     $excerpt = NULL;
     $slug = "";
     $tags = NULL;
     $extra = array();
     $var_names = array('entry_id', 'page_id', 'title', 'entry', 'excerpt', 'slug', 'tags', 'author', 'created');
     // Loop through the POST array and define all variables
     foreach ($_POST as $key => $val) {
         if (!in_array($key, array('page', 'action', 'token', 'form-submit')) && !in_array($key, $var_names)) {
             $extra[$key] = $val;
         } else {
             if ($key === "entry" || $key === "excerpt") {
                 ${$key} = $val;
             } else {
                 // If it's not the body of the entry, escape all entities
                 ${$key} = htmlentities($val, ENT_QUOTES, 'UTF-8', FALSE);
             }
         }
     }
     foreach ($_FILES as $key => $val) {
         // If a file was uploaded, handle it here
         if (is_array($_FILES[$key]) && $_FILES[$key]['error'] === 0) {
             // First, see if the file is an image
             ${$key} = ImageControl::check_image($_FILES[$key]);
             // If not, just save the file
             if (!${$key}) {
                 ${$key} = Utilities::store_uploaded_file($_FILES[$key]);
             }
             $extra[$key] = ${$key};
         } else {
             if (!empty($_POST[$key . '-value'])) {
                 $extra[$key] = SIV::clean_output($_POST[$key . '-value'], FALSE, FALSE);
             }
         }
     }
     // If a slug wasn't set, save a URL version of the title
     $slug = empty($slug) ? Utilities::make_url($title) : $slug;
     // Make sure an order value exists
     $order = !empty($order) ? $order : 0;
     // If an excerpt wasn't set, create a text preview
     $excerpt = empty($excerpt) ? strip_tags(Utilities::text_preview($entry)) : $excerpt;
     // Store the author's name and a timestamp
     $author = $_SESSION['user']['name'];
     $created = time();
     // Set up the query to insert or update the entry
     $sql = "INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "entries`\n                (" . self::ENTRY_FIELDS . "\n                )\n                VALUES\n                (\n                    :entry_id,\n                    (\n                        SELECT `page_id`\n                        FROM `" . DB_NAME . "`.`" . DB_PREFIX . "pages`\n                        WHERE `page_slug`=:page_slug\n                        LIMIT 1\n                    ), :title, :entry, :excerpt, :slug, :tags,\n                    :order, :extra, :author, :created\n                )\n                ON DUPLICATE KEY UPDATE\n                    `title`=:title,\n                    `entry`=:entry,\n                    `excerpt`=:excerpt,\n                    `slug`=:slug,\n                    `tags`=:tags,\n                    `order`=:order,\n                    `extra`=:extra;";
     try {
         $stmt = $this->db->prepare($sql);
         $stmt->bindParam(":entry_id", $entry_id, PDO::PARAM_INT);
         $stmt->bindParam(":page_slug", $page, PDO::PARAM_INT);
         $stmt->bindParam(":title", $title, PDO::PARAM_STR);
         $stmt->bindParam(":entry", $entry, PDO::PARAM_STR);
         $stmt->bindParam(":excerpt", $excerpt, PDO::PARAM_STR);
         $stmt->bindParam(":slug", $slug, PDO::PARAM_STR);
         $stmt->bindParam(":order", $order, PDO::PARAM_INT);
         $stmt->bindParam(":tags", $tags, PDO::PARAM_STR);
         $stmt->bindParam(":extra", serialize($extra), PDO::PARAM_STR);
         $stmt->bindParam(":author", $author, PDO::PARAM_STR);
         $stmt->bindParam(":created", $created, PDO::PARAM_STR);
         $stmt->execute();
         if ($stmt->errorCode() !== '00000') {
             $err = $stmt->errorInfo();
             ECMS_Error::log_exception(new Exception($err[2]));
         }
         $stmt->closeCursor();
         return TRUE;
     } catch (Exception $e) {
         $this->_log_exception($e);
     }
 }
Exemplo n.º 3
0
 /**
  * Replaces template tags with entry data
  *
  * @param object $entry     The entry object
  * @param array $params     Parameters for replacement
  * @param array $matches    The matches from preg_replace_callback()
  * @return string           The replaced template value
  */
 public static function replace_tags($entry, $params, $matches)
 {
     // Unserialize the object
     $entry = unserialize($entry);
     // Make sure the template tag has a matching array element
     if (property_exists($entry, $matches[1]) || property_exists($entry, 'extra_props') && array_key_exists($matches[1], $entry->extra_props)) {
         // Grab the value from the Entry object
         $val = $entry->{$matches[1]};
         // Run htmlentities() is the parameter is set to TRUE
         if ($params['htmlentities'] === TRUE) {
             $val = htmlentities($val, ENT_QUOTES);
         }
         // Run strip_tags() if the parameter is set to TRUE
         if ($params['strip_tags'] === TRUE) {
             $whitelist = STRIP_TAGS_WHITELIST;
             if (isset($params['strip_tags_whitelist'])) {
                 $whitelist = $params['strip_tags_whitelist'];
             }
             $val = Utilities::strip_tags_attr($val, $whitelist);
         }
         // Create a text preview if one the parameter is set to TRUE
         if ($params['text_preview'] === TRUE && $matches[1] == 'entry') {
             $val = Utilities::text_preview($val, $params['text_preview_length']);
         }
         return $val;
     } else {
         return '{' . $matches[1] . '}';
     }
 }