Exemplo n.º 1
0
function savelisting($option)
{
    global $Itemid, $mtconf, $mainframe, $link_id;
    // Check for request forgeries
    JRequest::checkToken() or jexit('Invalid Token');
    $database =& JFactory::getDBO();
    $my =& JFactory::getUser();
    require_once JPATH_COMPONENT_ADMINISTRATOR . DS . 'mfields.class.php';
    require_once JPATH_COMPONENT_ADMINISTRATOR . DS . 'tools.mtree.php';
    $raw_filenames = array();
    # Get cat_id / remove_image / link_image
    $cat_id = JRequest::getInt('cat_id', 0);
    $other_cats = explode(',', JRequest::getString('other_cats', null, 'post'));
    JArrayHelper::toInteger($other_cats);
    if (isset($other_cats) && empty($other_cats[0])) {
        $other_cats = array();
    }
    # Check if any malicious user is trying to submit link
    if ($mtconf->get('user_addlisting') == 1 && $my->id < 1 && $link_id == 0 || $mtconf->get('user_addlisting') == -1 && $link_id == 0 || $mtconf->get('user_allowmodify') == 0 && $link_id > 0) {
        echo _NOT_EXIST;
    } else {
        # Allowed
        $row = new mtLinks($database);
        $post = JRequest::get('post');
        if (!@$row->bind($post)) {
            echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
            exit;
        }
        $isNew = $row->link_id < 1 ? 1 : 0;
        # Assignment for new record
        if ($isNew) {
            $jdate = JFactory::getDate();
            $row->link_created = $jdate->toMySQL();
            $row->publish_up = $jdate->toMySQL();
            $row->ordering = 999;
            // Set an expire date for listing if enabled in configuration
            if ($mtconf->get('days_to_expire') > 0) {
                $jdate->setOffset(intval($mtconf->get('days_to_expire')) * 24);
                $row->publish_down = $jdate->toMySQL(true);
                $jdate->setOffset(intval($mtconf->get('days_to_expire')) * -24);
            }
            if ($my->id > 0) {
                $row->user_id = $my->id;
            } else {
                $database->setQuery('SELECT id FROM #__users WHERE usertype = \'Super Administrator\' LIMIT 1');
                $row->user_id = $database->loadResult();
            }
            if (empty($row->alias)) {
                $row->alias = JFilterOutput::stringURLSafe($row->link_name);
            }
            // Approval for adding listing
            if ($mtconf->get('needapproval_addlisting')) {
                $row->link_approved = '0';
            } else {
                $row->link_approved = 1;
                $row->link_published = 1;
                $row->updateLinkCount(1);
                $cache =& JFactory::getCache('com_mtree');
                $cache->clean();
            }
            # Modification to existing record
        } else {
            # Validate that this user is the rightful owner
            $database->setQuery("SELECT user_id FROM #__mt_links WHERE link_id = '" . $row->link_id . "'");
            $user_id = $database->loadResult();
            if ($user_id != $my->id) {
                echo _NOT_EXIST;
            } else {
                // Get the name of the old photo and last modified date
                $sql = "SELECT link_id, link_modified, link_created FROM #__mt_links WHERE link_id='" . $row->link_id . "'";
                $database->setQuery($sql);
                $old = $database->loadObject();
                // Retrive last modified date
                $old_modified = $old->link_modified;
                $link_created = $old->link_created;
                // $row->link_published = 1;
                $row->user_id = $my->id;
                // Get other info from original listing
                // $database->setQuery( "SELECT link_name, link_desc, link_hits, link_votes, link_rating, link_featured, link_created, link_visited, ordering, publish_down, publish_up, attribs, internal_notes, link_published, link_approved FROM #__mt_links WHERE link_id = '$row->link_id'" );
                $database->setQuery("SELECT * FROM #__mt_links WHERE link_id = '{$row->link_id}'");
                $original = $database->loadObject();
                $original_link_id = $row->link_id;
                $row->link_modified = $row->getLinkModified($original_link_id, $post);
                foreach ($original as $k => $v) {
                    if (in_array($k, array('link_hits', 'link_votes', 'link_rating', 'link_featured', 'link_created', 'link_visited', 'ordering', 'publish_down', 'publish_up', 'attribs', 'internal_notes', 'link_published', 'link_approved'))) {
                        $row->{$k} = $v;
                    }
                }
                if (!isset($row->metadesc) && isset($original->metadesc) && !empty($original->metadesc)) {
                    $row->metadesc = $original->metadesc;
                }
                if (!isset($row->metakey) && isset($original->metakey) && !empty($original->metakey)) {
                    $row->metakey = $original->metakey;
                }
                // Remove any listing that is waiting for approval for this listing
                $database->setQuery('SELECT link_id FROM #__mt_links WHERE link_approved = \'' . -1 * $row->link_id . '\' LIMIT 1');
                $tmp_pending_link_id = $database->loadResult();
                if ($tmp_pending_link_id > 0) {
                    $database->setQuery('SELECT CONCAT(' . $database->quote(JPATH_SITE . $mtconf->get('relative_path_to_attachments')) . ',raw_filename) FROM #__mt_cfvalues_att WHERE link_id = ' . $database->quote($tmp_pending_link_id));
                    $raw_filenames = array_merge($raw_filenames, $database->loadResultArray());
                    $database->setQuery("DELETE FROM #__mt_cfvalues WHERE link_id = '" . $tmp_pending_link_id . "'");
                    $database->query();
                    $database->setQuery("DELETE FROM #__mt_cfvalues_att WHERE link_id = '" . $tmp_pending_link_id . "'");
                    $database->query();
                    $database->setQuery("DELETE FROM #__mt_links WHERE link_id = '" . $tmp_pending_link_id . "' LIMIT 1");
                    $database->query();
                    $database->setQuery("DELETE FROM #__mt_cl WHERE link_id = '" . $tmp_pending_link_id . "'");
                    $database->query();
                    $database->setQuery("SELECT filename FROM #__mt_images WHERE link_id = '" . $tmp_pending_link_id . "'");
                    $tmp_pending_images = $database->loadResultArray();
                    if (count($tmp_pending_images)) {
                        foreach ($tmp_pending_images as $tmp_pending_image) {
                            unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image') . $tmp_pending_image);
                            unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image') . $tmp_pending_image);
                            unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image') . $tmp_pending_image);
                        }
                    }
                    $database->setQuery("DELETE FROM #__mt_images WHERE link_id = '" . $tmp_pending_link_id . "'");
                    $database->query();
                }
                // Approval for modify listing
                if ($original->link_published && $original->link_approved) {
                    if ($mtconf->get('needapproval_modifylisting')) {
                        $row->link_approved = -1 * $row->link_id;
                        $row->link_id = null;
                    } else {
                        $row->link_approved = 1;
                        $cache =& JFactory::getCache('com_mtree');
                        $cache->clean();
                        // Get old state (approved, published)
                        $database->setQuery("SELECT cat_id FROM #__mt_cl AS cl WHERE link_id ='" . $row->link_id . "' AND main = 1 LIMIT 1");
                        $old_state = $database->loadObject();
                        if ($row->cat_id != $old_state->cat_id) {
                            $row->updateLinkCount(1);
                            $row->updateLinkCount(-1, $old_state->cat_id);
                        }
                    }
                }
            }
        }
        // End of $isNew
        # Load field type
        $database->setQuery('SELECT cf_id, field_type, hidden, published FROM #__mt_customfields');
        $fieldtype = $database->loadObjectList('cf_id');
        $hidden_cfs = array();
        foreach ($fieldtype as $ft) {
            if ($ft->hidden && $ft->published) {
                $hidden_cfs[] = $ft->cf_id;
            }
        }
        # Load original custom field values, for use in mosetstree plugins
        $sql = "SELECT cf_id, value FROM #__mt_cfvalues WHERE link_id='" . $row->link_id . "' AND attachment <= 0";
        if (!empty($hidden_cfs)) {
            $sql .= " AND cf_id NOT IN (" . implode(',', $hidden_cfs) . ")";
        }
        $database->setQuery($sql);
        $original_cfs = $database->loadAssocList('cf_id');
        if (!empty($original_cfs)) {
            foreach ($original_cfs as $key_cf_id => $value) {
                $original_cfs[$key_cf_id] = $value['value'];
            }
        }
        # Erase Previous Records, make way for the new data
        $sql = "DELETE FROM #__mt_cfvalues WHERE link_id='" . $row->link_id . "' AND attachment <= 0";
        if (!empty($hidden_cfs)) {
            $sql .= " AND cf_id NOT IN (" . implode(',', $hidden_cfs) . ")";
        }
        $database->setQuery($sql);
        if (!$database->query()) {
            echo "<script> alert('" . $database->getErrorMsg() . "'); window.history.go(-1); </script>\n";
            exit;
        }
        if (!empty($fieldtype)) {
            $load_ft = array();
            foreach ($fieldtype as $ft) {
                if (!in_array($ft->field_type, $load_ft)) {
                    $load_ft[] = $ft->field_type;
                }
            }
            $database->setQuery('SELECT ft_class FROM #__mt_fieldtypes WHERE field_type IN (\'' . implode('\',\'', $load_ft) . '\')');
            $ft_classes = $database->loadResultArray();
            foreach ($ft_classes as $ft_class) {
                eval($ft_class);
            }
        }
        # Collect all active custom field's id
        $active_cfs = array();
        $additional_cfs = array();
        $core_params = array();
        foreach ($post as $k => $v) {
            $v = JRequest::getVar($k, '', 'post', '', 2);
            if (substr($k, 0, 2) == "cf" && (!is_array($v) && (!empty($v) || $v == '0') || is_array($v) && !empty($v[0]))) {
                if (strpos(substr($k, 2), '_') === false && is_numeric(substr($k, 2))) {
                    // This custom field uses only one input. ie: cf17, cf23, cf2
                    $active_cfs[intval(substr($k, 2))] = $v;
                    if (is_array($v) && array_key_exists(intval(substr($k, 2)), $original_cfs)) {
                        $original_cfs[intval(substr($k, 2))] = explode('|', $original_cfs[intval(substr($k, 2))]);
                    }
                } else {
                    // This custom field uses more than one input. The date field is an example of cf that uses this. ie: cf13_0, cf13_1, cf13_2
                    $ids = explode('_', substr($k, 2));
                    if (count($ids) == 2 && is_numeric($ids[0]) && is_numeric($ids[1])) {
                        $additional_cfs[intval($ids[0])][intval($ids[1])] = $v;
                    }
                }
            } elseif (substr($k, 0, 7) == 'keep_cf') {
                $cf_id = intval(substr($k, 7));
                $keep_att_ids[] = $cf_id;
                # Perform parseValue on Core Fields
            } elseif (substr($k, 0, 2) != "cf" && isset($row->{$k})) {
                if (strpos(strtolower($k), 'link_') === false) {
                    $core_field_type = 'core' . $k;
                } else {
                    $core_field_type = 'core' . str_replace('link_', '', $k);
                }
                $class = 'mFieldType_' . $core_field_type;
                if (class_exists($class)) {
                    if (empty($core_params)) {
                        $database->setQuery('SELECT field_type, params FROM #__mt_customfields WHERE iscore = 1');
                        $core_params = $database->loadObjectList('field_type');
                    }
                    $mFieldTypeObject = new $class(array('params' => $core_params[$core_field_type]->params));
                    $v = call_user_func(array(&$mFieldTypeObject, 'parseValue'), $v);
                    $row->{$k} = $v;
                }
            }
        }
        # OK. Store new or updated listing into database
        if (!$row->store()) {
            echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
            exit;
        } else {
            if (!$isNew && $row->link_id > 0) {
                // Find if there are any additional categories assigned to the listinig
                if ($original_link_id != $row->link_id) {
                    $database->setQuery('SELECT DISTINCT cat_id FROM #__mt_cl WHERE link_id = ' . $database->Quote($original_link_id) . ' and main=\'0\' ');
                    $tmp_cats = $database->loadResultArray();
                    if (!empty($tmp_cats)) {
                        foreach ($tmp_cats as $tmp_cat_id) {
                            $database->setQuery('INSERT INTO #__mt_cl (`link_id`,`cat_id`,`main`) VALUES(' . $database->Quote($row->link_id) . ',' . $database->Quote($tmp_cat_id) . ',\'0\')');
                            $database->query();
                        }
                    }
                    unset($tmp_cats);
                }
            }
        }
        # Update "Also appear in these categories" aka other categories
        if ($mtconf->get('allow_user_assign_more_than_one_category')) {
            $mtCL = new mtCL_main0($database);
            $mtCL->load($row->link_id);
            $mtCL->update($other_cats);
        }
        // $files_cfs is used to store attachment custom fields.
        // This will be used in the next foreach loop to
        // prevent it from storing it's value to #__mt_cfvalues
        // table
        $file_cfs = array();
        // $file_values is used to store parsed data through
        // mFieldType_* which will be done in the next foreach
        // loop
        $file_values = array();
        $files = JRequest::get('files');
        foreach ($files as $k => $v) {
            if (substr($k, 0, 2) == "cf" && is_numeric(substr($k, 2)) && $v['error'] == 0) {
                $active_cfs[intval(substr($k, 2))] = $v;
                $file_cfs[] = substr($k, 2);
            }
        }
        if (!empty($active_cfs)) {
            $database->setQuery('SELECT cf_id, params FROM #__mt_customfields WHERE iscore = 0 AND cf_id IN (\'' . implode('\',\'', array_keys($active_cfs)) . '\') LIMIT ' . count($active_cfs));
            $params = $database->loadObjectList('cf_id');
            foreach ($active_cfs as $cf_id => $v) {
                if (class_exists('mFieldType_' . $fieldtype[$cf_id]->field_type)) {
                    $class = 'mFieldType_' . $fieldtype[$cf_id]->field_type;
                } else {
                    $class = 'mFieldType';
                }
                # Perform parseValue on Custom Fields
                $mFieldTypeObject = new $class(array('id' => $cf_id, 'params' => $params[$cf_id]->params));
                if (array_key_exists($cf_id, $additional_cfs) && !empty($additional_cfs[$cf_id])) {
                    $arr_v = $additional_cfs[$cf_id];
                    array_unshift($arr_v, $v);
                    $v =& $mFieldTypeObject->parseValue($arr_v);
                    $active_cfs[$cf_id] = $v;
                } else {
                    $v =& $mFieldTypeObject->parseValue($v);
                }
                if (in_array($cf_id, $file_cfs)) {
                    $file_values[$cf_id] = $v;
                }
                if ((!empty($v) || $v == '0') && !in_array($cf_id, $file_cfs)) {
                    # -- Now add the row
                    $sql = 'INSERT INTO #__mt_cfvalues (`cf_id`, `link_id`, `value`)' . ' VALUES (' . $database->quote($cf_id) . ', ' . $database->quote($row->link_id) . ', ' . $database->quote(is_array($v) ? implode("|", $v) : $v) . ')';
                    $database->setQuery($sql);
                    if (!$database->query()) {
                        echo "<script> alert('" . $database->getErrorMsg() . "'); window.history.go(-1); </script>\n";
                        exit;
                    }
                }
                unset($mFieldTypeObject);
            }
            // End of foreach
        }
        # If this link is pending approval for modification, copy over hidden values
        if (!$isNew && $mtconf->get('needapproval_modifylisting') && !empty($hidden_cfs)) {
            $sql = 'INSERT INTO #__mt_cfvalues (`cf_id`, `link_id`, `value`)' . ' SELECT `cf_id`, \'' . $row->link_id . '\', `value` FROM #__mt_cfvalues WHERE link_id = ' . $original_link_id . ' AND cf_id IN (' . implode(',', $hidden_cfs) . ')';
            $database->setQuery($sql);
            $database->query();
        }
        # Remove all attachment except those that are kept
        if (isset($keep_att_ids) && !empty($keep_att_ids)) {
            $database->setQuery('SELECT CONCAT(' . $database->quote(JPATH_SITE . $mtconf->get('relative_path_to_attachments')) . ',raw_filename) FROM #__mt_cfvalues_att WHERE link_id = ' . $database->quote($row->link_id) . ' AND cf_id NOT IN (\'' . implode('\',\'', $keep_att_ids) . '\')');
            $raw_filenames = array_merge($raw_filenames, $database->loadResultArray());
            $database->setQuery('DELETE FROM #__mt_cfvalues_att WHERE link_id = \'' . $row->link_id . '\' AND cf_id NOT IN (\'' . implode('\',\'', $keep_att_ids) . '\')');
            $database->query();
            $database->setQuery('DELETE FROM #__mt_cfvalues WHERE link_id = \'' . $row->link_id . '\' AND cf_id NOT IN (\'' . implode('\',\'', $keep_att_ids) . '\') AND attachment > 0');
            $database->query();
        } else {
            $database->setQuery('SELECT CONCAT(' . $database->quote(JPATH_SITE . $mtconf->get('relative_path_to_attachments')) . ',raw_filename) FROM #__mt_cfvalues_att WHERE link_id = ' . $database->quote($row->link_id));
            $raw_filenames = array_merge($raw_filenames, $database->loadResultArray());
            $database->setQuery('DELETE FROM #__mt_cfvalues_att WHERE link_id = \'' . $row->link_id . '\'');
            $database->query();
            $database->setQuery('DELETE FROM #__mt_cfvalues WHERE link_id = \'' . $row->link_id . '\' AND attachment > 0');
            $database->query();
        }
        if (!$isNew && isset($keep_att_ids) && !empty($keep_att_ids) && $mtconf->get('needapproval_modifylisting') && $row->link_published == 1) {
            $database->setQuery("SELECT * FROM #__mt_cfvalues_att WHERE link_id = '" . $original_link_id . "' AND cf_id IN ('" . implode("','", $keep_att_ids) . "')");
            $listing_atts = $database->loadObjectList();
            foreach ($listing_atts as $listing_att) {
                $file_extension = pathinfo($listing_att->raw_filename);
                $file_extension = strtolower($file_extension['extension']);
                $database->setQuery('INSERT INTO #__mt_cfvalues_att (`link_id`,`cf_id`,`raw_filename`,`filename`,`filesize`,`extension`) ' . 'VALUES (' . $row->link_id . ', ' . $database->Quote($listing_att->cf_id) . ', ' . $database->Quote($listing_att->raw_filename) . ', ' . $database->Quote($listing_att->filename) . ', ' . $database->Quote($listing_att->filesize) . ', ' . $database->Quote($listing_att->extension) . ')');
                $database->query();
                $att_id = $database->insertid();
                $database->setQuery('UPDATE #__mt_cfvalues_att SET raw_filename = ' . $database->Quote($att_id . '.' . $file_extension) . ' WHERE att_id = ' . $database->Quote($att_id) . ' LIMIT 1');
                $database->query();
                copy($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_attachments') . $listing_att->raw_filename, $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_attachments') . $att_id . "." . $file_extension);
            }
            $database->setQuery('INSERT INTO #__mt_cfvalues (cf_id,link_id,value,attachment) ' . "\nSELECT cf_id,'" . $row->link_id . "',value,attachment " . "FROM #__mt_cfvalues " . "WHERE link_id = '" . $original_link_id . "' AND cf_id IN ('" . implode("','", $keep_att_ids) . "')");
            $database->query();
        }
        jimport('joomla.filesystem.file');
        foreach ($files as $k => $v) {
            if (substr($k, 0, 2) == "cf" && is_numeric(substr($k, 2)) && $v['error'] == 0) {
                $cf_id = intval(substr($k, 2));
                if (array_key_exists($cf_id, $file_values)) {
                    $file = $file_values[$cf_id];
                    if (!empty($file['data'])) {
                        $data = $file['data'];
                    } else {
                        $fp = fopen($v['tmp_name'], "r");
                        $data = fread($fp, $v['size']);
                        fclose($fp);
                    }
                } else {
                    $file = $v;
                    $fp = fopen($v['tmp_name'], "r");
                    $data = fread($fp, $v['size']);
                    fclose($fp);
                }
                $database->setQuery('SELECT CONCAT(' . $database->quote(JPATH_SITE . $mtconf->get('relative_path_to_attachments')) . ',raw_filename) FROM #__mt_cfvalues_att WHERE link_id = ' . $database->quote($row->link_id) . ' AND cf_id = ' . $database->quote($cf_id));
                $raw_filenames = array_merge($raw_filenames, $database->loadResultArray());
                $database->setQuery('DELETE FROM #__mt_cfvalues_att WHERE link_id = ' . $database->quote($row->link_id) . ' AND cf_id = ' . $database->quote($cf_id));
                $database->query();
                $database->setQuery('DELETE FROM #__mt_cfvalues WHERE cf_id = ' . $database->quote($cf_id) . ' AND link_id = ' . $database->quote($row->link_id) . ' AND attachment > 0');
                $database->query();
                $database->setQuery('INSERT INTO #__mt_cfvalues_att (link_id, cf_id, raw_filename, filename, filesize, extension) ' . ' VALUES(' . $database->quote($row->link_id) . ', ' . $database->quote($cf_id) . ', ' . $database->quote($file['name']) . ', ' . $database->quote($file['name']) . ', ' . $database->quote($file['size']) . ', ' . $database->quote($file['type']) . ')');
                if ($database->query() !== false) {
                    $att_id = $database->insertid();
                    $file_extension = strrchr($file['name'], '.');
                    if ($file_extension === false) {
                        $file_extension = '';
                    }
                    if (JFile::write(JPATH_SITE . $mtconf->get('relative_path_to_attachments') . $att_id . $file_extension, $data)) {
                        $database->setQuery('UPDATE #__mt_cfvalues_att SET raw_filename = ' . $database->quote($att_id . $file_extension) . ' WHERE att_id = ' . $database->quote($att_id) . ' LIMIT 1');
                        $database->query();
                        $sql = 'INSERT INTO #__mt_cfvalues (`cf_id`, `link_id`, `value`, `attachment`) ' . 'VALUES (' . $database->quote($cf_id) . ', ' . $database->quote($row->link_id) . ', ' . $database->quote($file['name']) . ',1)';
                        $database->setQuery($sql);
                        $database->query();
                    } else {
                        // Move failed, remove record from previously INSERTed row in #__mt_cfvalues_att
                        $database->setQuery('DELETE FROM #__mt_cfvalues_att WHERE att_id = ' . $database->quote($att_id) . ' LIMIT 1');
                        $database->query();
                    }
                }
            }
        }
        if (!empty($raw_filenames)) {
            JFile::delete($raw_filenames);
        }
        if ($mtconf->get('allow_imgupload') || !$mtconf->get('allow_imgupload') && $mtconf->get('needapproval_modifylisting')) {
            if ($mtconf->get('allow_imgupload')) {
                $keep_img_ids = JRequest::getVar('keep_img', null, 'post');
                JArrayHelper::toInteger($keep_img_ids, array());
                // If image upload is disabled, it will get the image IDs from database and make sure
                // the images are not lost after approval
            } else {
                $database->setQuery('SELECT img_id FROM #__mt_images WHERE link_id = ' . $database->quote($original_link_id));
                $keep_img_ids = $database->loadResultArray();
            }
            $redirectMsg = '';
            if (is_writable($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image')) && is_writable($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image')) && is_writable($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image'))) {
                // Duplicate listing images for approval
                if (!$isNew && !empty($keep_img_ids) && is_array($keep_img_ids) && $mtconf->get('needapproval_modifylisting')) {
                    foreach ($keep_img_ids as $keep_img_id) {
                        $database->setQuery('SELECT * FROM #__mt_images WHERE link_id = ' . $database->quote($original_link_id) . ' AND img_id = ' . $database->quote($keep_img_id) . ' LIMIT 1');
                        $original_image = $database->loadObject();
                        $file_extension = pathinfo($original_image->filename);
                        $file_extension = strtolower($file_extension['extension']);
                        $database->setQuery('INSERT INTO #__mt_images (link_id,filename,ordering) ' . "\n VALUES ('" . $row->link_id . "', '" . $original_image->filename . '_' . $row->link_id . "', '" . $original_image->ordering . "')");
                        $database->query();
                        $new_img_ids[$keep_img_id] = $database->insertid();
                        $database->setQuery("UPDATE #__mt_images SET filename = '" . $new_img_ids[$keep_img_id] . '_' . $row->link_id . '.' . $file_extension . "' WHERE img_id = '" . $new_img_ids[$keep_img_id] . "' LIMIT 1");
                        $database->query();
                        copy($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image') . $original_image->filename, $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image') . $new_img_ids[$keep_img_id] . '_' . $row->link_id . '.' . $file_extension);
                        copy($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image') . $original_image->filename, $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image') . $new_img_ids[$keep_img_id] . '_' . $row->link_id . '.' . $file_extension);
                        copy($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image') . $original_image->filename, $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image') . $new_img_ids[$keep_img_id] . '_' . $row->link_id . '.' . $file_extension);
                    }
                }
                # Remove all images except those that are kept when modification does not require approval
                $image_filenames = array();
                if (!$mtconf->get('needapproval_modifylisting')) {
                    if (isset($keep_img_ids) && !empty($keep_img_ids)) {
                        $database->setQuery('SELECT filename FROM #__mt_images WHERE link_id = \'' . $row->link_id . '\' AND img_id NOT IN (\'' . implode('\',\'', $keep_img_ids) . '\')');
                        $image_filenames = $database->loadResultArray();
                        $database->setQuery('DELETE FROM #__mt_images WHERE link_id = \'' . $row->link_id . '\' AND img_id NOT IN (\'' . implode('\',\'', $keep_img_ids) . '\')');
                        $database->query();
                    } else {
                        $database->setQuery('SELECT filename FROM #__mt_images WHERE link_id = \'' . $row->link_id . '\'');
                        $image_filenames = $database->loadResultArray();
                        $database->setQuery('DELETE FROM #__mt_images WHERE link_id = \'' . $row->link_id . '\'');
                        $database->query();
                    }
                }
                if (!empty($image_filenames)) {
                    foreach ($image_filenames as $image_filename) {
                        unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image') . $image_filename);
                        unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image') . $image_filename);
                        unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image') . $image_filename);
                    }
                }
                $files_exceed_limit = false;
                if (isset($files['image'])) {
                    for ($i = 0; $i < count($files['image']['name']) && ($i < $mtconf->get('images_per_listing') - count($keep_img_ids) || $mtconf->get('images_per_listing') == '0'); $i++) {
                        if ($mtconf->get('image_maxsize') > 0 && $files['image']['size'][$i] > $mtconf->get('image_maxsize')) {
                            // Uploaded file exceed file limit
                            $files_exceed_limit = true;
                        } elseif (!empty($files['image']['name'][$i]) && $files['image']['error'][$i] == 0 && $files['image']['size'][$i] > 0) {
                            $file_extension = pathinfo($files['image']['name'][$i]);
                            $file_extension = strtolower($file_extension['extension']);
                            $mtImage = new mtImage();
                            $mtImage->setMethod($mtconf->get('resize_method'));
                            $mtImage->setQuality($mtconf->get('resize_quality'));
                            $mtImage->setSize($mtconf->get('resize_listing_size'));
                            $mtImage->setTmpFile($files['image']['tmp_name'][$i]);
                            $mtImage->setType($files['image']['type'][$i]);
                            $mtImage->setName($files['image']['name'][$i]);
                            $mtImage->setSquare($mtconf->get('squared_thumbnail'));
                            $mtImage->resize();
                            $mtImage->setDirectory($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image'));
                            $mtImage->saveToDirectory();
                            $mtImage->setSize($mtconf->get('resize_medium_listing_size'));
                            $mtImage->setSquare(false);
                            $mtImage->resize();
                            $mtImage->setDirectory($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image'));
                            $mtImage->saveToDirectory();
                            move_uploaded_file($files['image']['tmp_name'][$i], $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image') . $files['image']['name'][$i]);
                            $database->setQuery('INSERT INTO #__mt_images (link_id, filename, ordering) ' . ' VALUES(' . $database->quote($row->link_id) . ', ' . $database->quote($files['image']['name'][$i]) . ', \'9999\')');
                            $database->query();
                            $img_id = $database->insertid();
                            rename($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image') . $files['image']['name'][$i], $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_small_image') . $img_id . '.' . $file_extension);
                            rename($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image') . $files['image']['name'][$i], $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_medium_image') . $img_id . '.' . $file_extension);
                            rename($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image') . $files['image']['name'][$i], $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_listing_original_image') . $img_id . '.' . $file_extension);
                            $database->setQuery('UPDATE #__mt_images SET filename = ' . $database->quote($img_id . '.' . $file_extension) . ' WHERE img_id = ' . $database->quote($img_id));
                            $database->query();
                        }
                    }
                }
                if ($files_exceed_limit) {
                    if ($mtconf->get('image_maxsize') > 1048576) {
                        $image_upload_limit = round($mtconf->get('image_maxsize') / 1048576) . 'MB';
                    } else {
                        $image_upload_limit = round($mtconf->get('image_maxsize') / 1024) . 'KB';
                    }
                    $redirectMsg .= sprintf(JText::_('Image is not saved because it exceeded file size limit'), $image_upload_limit);
                }
                $img_sort_hash = JRequest::getVar('img_sort_hash', null, 'post');
                if (!empty($img_sort_hash)) {
                    $arr_img_sort_hashes = split("[&]*img\\[\\]=\\d*", $img_sort_hash);
                    $i = 1;
                    foreach ($arr_img_sort_hashes as $arr_img_sort_hash) {
                        if (!empty($arr_img_sort_hash) && $arr_img_sort_hash > 0) {
                            $sql = 'UPDATE #__mt_images SET ordering = ' . $database->quote($i) . ' WHERE img_id = ';
                            if (isset($new_img_ids) && !empty($new_img_ids)) {
                                $sql .= $database->quote(intval($new_img_ids[$arr_img_sort_hash]));
                            } else {
                                $sql .= $database->quote(intval($arr_img_sort_hash));
                            }
                            $sql .= ' LIMIT 1';
                            $database->setQuery($sql);
                            $database->query();
                            $i++;
                        }
                    }
                }
                $images = new mtImages($database);
                $images->reorder('link_id=' . $row->link_id);
            } else {
                if (isset($files['image'])) {
                    $redirectMsg .= JText::_('Image directories not writable');
                }
            }
        }
        # Send e-mail notification to user/admin upon adding a new listing
        // Get owner's email
        if ($my->id > 0) {
            $database->setQuery("SELECT email, name, username FROM #__users WHERE id = '" . $my->id . "' LIMIT 1");
            $author = $database->loadObject();
        } else {
            if (!empty($row->email)) {
                $author->email = $row->email;
            } else {
                $author->email = JText::_('Not specified');
            }
            $author->username = JText::_('None');
            $author->name = JText::_('Non registered user');
        }
        $uri =& JURI::getInstance();
        if ($isNew) {
            # To User
            if ($mtconf->get('notifyuser_newlisting') == 1 && ($my->id > 0 || !empty($author->email) && preg_match("/[\\w\\.\\-]+@\\w+[\\w\\.\\-]*?\\.\\w{1,4}/", $author->email) == true)) {
                if ($row->link_approved == 0) {
                    $subject = sprintf(JText::_('New listing email subject waiting approval'), $row->link_name);
                    $msg = JText::_('New listing email msg waiting approval');
                } else {
                    $subject = sprintf(JText::_('New listing email subject approved'), $row->link_name);
                    $msg = sprintf(JText::_('New listing email msg approved'), $row->link_name, $uri->toString(array('scheme', 'host', 'port')) . JRoute::_("index.php?option=com_mtree&task=viewlink&link_id={$row->link_id}&Itemid={$Itemid}"), $mtconf->getjconf('fromname'));
                }
                JUTility::sendMail($mtconf->getjconf('mailfrom'), $mtconf->getjconf('fromname'), $author->email, $subject, wordwrap($msg));
            }
            # To Admin
            if ($mtconf->get('notifyadmin_newlisting') == 1) {
                if ($row->link_approved == 0) {
                    $subject = sprintf(JText::_('New listing email subject waiting approval'), $row->link_name);
                    $msg = sprintf(JText::_('Admin new listing msg waiting approval'), $row->link_name, $row->link_name, $row->link_id, $author->name, $author->username, $author->email);
                } else {
                    $subject = sprintf(JText::_('New listing email subject approved'), $row->link_name);
                    $msg = sprintf(JText::_('Admin new listing msg approved'), $row->link_name, $uri->toString(array('scheme', 'host', 'port')) . JRoute::_("index.php?option=com_mtree&task=viewlink&link_id={$row->link_id}&Itemid={$Itemid}"), $row->link_name, $row->link_id, $author->name, $author->username, $author->email);
                }
                mosMailToAdmin($subject, $msg);
            }
        } elseif ($row->link_published == 1) {
            # To User
            if ($mtconf->get('notifyuser_modifylisting') == 1 && $my->id > 0) {
                if ($row->link_approved < 0) {
                    $subject = sprintf(JText::_('Modify listing email subject waiting approval'), $row->link_name);
                    $msg = sprintf(JText::_('Modify listing email msg waiting approval'), $row->link_name, $uri->toString(array('scheme', 'host', 'port')) . JRoute::_("index.php?option=com_mtree&task=viewlink&link_id={$old->link_id}&Itemid={$Itemid}"));
                } else {
                    $subject = sprintf(JText::_('Modify listing email subject approved'), $row->link_name);
                    $msg = sprintf(JText::_('Modify listing email msg approved'), $row->link_name, $uri->toString(array('scheme', 'host', 'port')) . JRoute::_("index.php?option=com_mtree&task=viewlink&link_id={$old->link_id}&Itemid={$Itemid}"), $mtconf->getjconf('fromname'));
                }
                JUTility::sendMail($mtconf->getjconf('mailfrom'), $mtconf->getjconf('fromname'), $author->email, $subject, wordwrap($msg));
            }
            # To Admin
            if ($mtconf->get('notifyadmin_modifylisting') == 1) {
                $diff_desc = diff_main($original->link_desc, $row->link_desc, true);
                diff_cleanup_semantic($diff_desc);
                $diff_desc = diff_prettyhtml($diff_desc);
                $msg = "<style type=\"text/css\">\n";
                $msg .= "ins{text-decoration:underline}\n";
                $msg .= "del{text-decoration:line-through}\n";
                $msg .= "</style>";
                if ($row->link_approved < 0) {
                    $subject = sprintf(JText::_('Modify listing email subject waiting approval'), $row->link_name);
                    $msg .= nl2br(sprintf(JText::_('Admin modify listing msg waiting approval'), $row->link_name, $uri->toString(array('scheme', 'host', 'port')) . JRoute::_("index.php?option=com_mtree&task=viewlink&link_id={$old->link_id}&Itemid={$Itemid}"), $row->link_name, $row->link_id, $author->name, $author->username, $author->email, $diff_desc));
                } else {
                    $subject = sprintf(JText::_('Modify listing email subject approved'), $row->link_name);
                    $msg .= nl2br(sprintf(JText::_('Admin modify listing msg approved'), $row->link_name, $uri->toString(array('scheme', 'host', 'port')) . JRoute::_("index.php?option=com_mtree&task=viewlink&link_id={$old->link_id}&Itemid={$Itemid}"), $row->link_name, $row->link_id, $author->name, $author->username, $author->email, $diff_desc));
                }
                mosMailToAdmin($subject, $msg, 1);
            }
        }
        // Fire mosetstree onAfterModifyListing plugin
        $dispatcher =& JDispatcher::getInstance();
        JPluginHelper::importPlugin('mosetstree');
        $dispatcher->trigger('onAfterModifyListing', array((array) $original, $original_cfs, (array) $row, $active_cfs, $old->link_id, $cat_id));
        if (isset($original) && $original->link_published && $original->link_approved) {
            if ($isNew && $mtconf->get('needapproval_addlisting')) {
                $redirect_url = "index.php?option={$option}&task=listcats&cat_id={$cat_id}&Itemid={$Itemid}";
            } elseif (!$isNew && $mtconf->get('needapproval_modifylisting')) {
                $redirect_url = "index.php?option={$option}&task=viewlink&link_id={$old->link_id}&Itemid={$Itemid}";
            } else {
                $redirect_url = "index.php?option={$option}&task=viewlink&link_id={$row->link_id}&Itemid={$Itemid}";
            }
        } else {
            $redirect_url = "index.php?option={$option}&task=mypage&Itemid={$Itemid}";
        }
        $mainframe->redirect(JRoute::_($redirect_url), ($isNew ? $mtconf->get('needapproval_addlisting') ? JText::_('Listing will be reviewed') : JText::_('Listing have been added') : ($mtconf->get('needapproval_modifylisting') ? JText::_('Listing modification will be reviewed') : JText::_('Listing have been updated'))) . (!empty($redirectMsg) ? '<br /> ' . $redirectMsg : ''));
    }
}
Exemplo n.º 2
0
function savecat($option)
{
    global $mtconf, $mainframe;
    $database =& JFactory::getDBO();
    $my =& JFactory::getUser();
    $jdate = JFactory::getDate();
    $now = $jdate->toMySQL();
    $template_all_subcats = JRequest::getInt('template_all_subcats', 0, 'post');
    $related_cats = explode(',', JRequest::getVar('other_cats', '', 'post'));
    $remove_image = JRequest::getInt('remove_image', 0);
    $cat_image = JRequest::getVar('cat_image', null, 'files');
    if ($related_cats[0] == '') {
        $related_cats = array();
    }
    $post = JRequest::get('post');
    $post['cat_desc'] = JRequest::getVar('cat_desc', '', 'POST', 'string', JREQUEST_ALLOWHTML);
    $row = new mtCats($database);
    if (!$row->bind($post)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (empty($row->alias)) {
        $row->alias = JFilterOutput::stringURLSafe($row->cat_name);
    }
    # Get the name of the old photo
    if ($row->cat_id > 0) {
        $sql = 'SELECT cat_image FROM #__mt_cats WHERE cat_id = ' . $database->quote($row->cat_id);
        $database->setQuery($sql);
        $old_image = $database->loadResult();
    } else {
        $old_image = '';
    }
    # Remove previous old image
    $msg = '';
    if ($remove_image || $old_image != '' && array_key_exists('tmp_name', $cat_image) && !empty($cat_image['tmp_name'])) {
        $row->cat_image = '';
        if (file_exists($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_original_image') . $old_image) && file_exists($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_small_image') . $old_image) && is_writable($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_small_image')) && is_writable($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_original_image'))) {
            if (!unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_original_image') . $old_image) || !unlink($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_small_image') . $old_image)) {
                $msg .= JText::_('Error deleting old image');
            }
        }
    }
    # Create Thumbnail
    if ($cat_image['name'] != '') {
        if (!is_writable($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_small_image')) || !is_writable($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_original_image'))) {
            $msg .= JText::_('Image directories not writable');
        } else {
            $mtImage = new mtImage();
            $mtImage->setDirectory($mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_small_image'));
            $mtImage->setMethod($mtconf->get('resize_method'));
            $mtImage->setQuality($mtconf->get('resize_quality'));
            $mtImage->setSize($mtconf->get('resize_cat_size'));
            $mtImage->setTmpFile($cat_image['tmp_name']);
            $mtImage->setType($cat_image['type']);
            if ($row->cat_id > 0) {
                $mtImage->setName($row->cat_id . '_' . $cat_image['name']);
                $row->cat_image = $row->cat_id . '_' . $cat_image['name'];
            } else {
                $mtImage->setName($cat_image['name']);
                $row->cat_image = $cat_image['name'];
            }
            $mtImage->setSquare(false);
            $mtImage->resize();
            $mtImage->saveToDirectory();
            move_uploaded_file($cat_image['tmp_name'], $mtconf->getjconf('absolute_path') . $mtconf->get('relative_path_to_cat_original_image') . $row->cat_image);
        }
    }
    # Is this a new category?
    // Category created by conventional "Add Category" link
    if ($row->cat_id == 0) {
        $new_cat = true;
        $row->cat_created = $now;
    } else {
        $database->setQuery('SELECT cat_approved FROM #__mt_cats WHERE cat_id = ' . $database->quote($row->cat_id));
        $cat_approved = $database->loadResult();
        // Approved new category submitted by users
        if ($row->cat_approved == 1 && $cat_approved == 0 && $row->lft == 0 && $row->rgt == 0) {
            $new_cat = true;
            $row->cat_created = $now;
        } else {
            $new_cat = false;
        }
    }
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    } else {
        # If this is a newlink, rename the photo to listingID_photoName.jpg
        if ($new_cat && $cat_image['name'] != '') {
            // Get last inserted listing ID
            $mysql_last_insert_id = $database->insertid();
            if ($mysql_last_insert_id > 0) {
                if (rename($mtconf->getjconf('absolute_path') . $mtconf->get('cat_image_dir') . $cat_image['name'], $mtconf->getjconf('absolute_path') . $mtconf->get('cat_image_dir') . $mysql_last_insert_id . "_" . $cat_image['name'])) {
                    $database->setQuery('UPDATE #__mt_cats SET cat_image = ' . $database->quote($mysql_last_insert_id . "_" . $cat_image['name']) . ' WHERE cat_id = ' . $database->quote($mysql_last_insert_id) . ' LIMIT 1');
                    $database->query();
                }
            }
        }
    }
    # Change all subcats to use this template
    if ($template_all_subcats == 1) {
        $row->updateSubCatsTemplate();
    }
    # Update the Category Counts for all cat_parent(s)
    if ($new_cat) {
        $row->updateLftRgt();
        $row->updateCatCount(1);
    }
    $row->reorder("cat_parent='{$row->cat_parent}'");
    # Update the related categories
    $mtRelCats = new mtRelCats($database);
    $mtRelCats->setcatid($row->cat_id);
    $mtRelCats->update($related_cats);
    $returntask = JRequest::getCmd('returntask', '', 'post');
    // /*
    if ($returntask != '') {
        $mainframe->redirect("index2.php?option={$option}&task={$returntask}", $msg);
    } else {
        $task = JRequest::getCmd('task', '', 'post');
        if ($task == "applycat") {
            $mainframe->redirect("index2.php?option={$option}&task=editcat&cat_id={$row->cat_id}", $msg);
        } else {
            $mainframe->redirect("index2.php?option={$option}&task=listcats&cat_id={$row->cat_parent}", $msg);
        }
    }
    // */
}