function update($data)
{
global $wpdb;
$version = wpdb::escape($data['version']);
$reason = wpdb::escape($data['reason']);
$hits = intval($data['hits']);
$created_at = date('Y-m-d H:i:s', mktime(0, 0, 0, intval($data['month']), intval($data['day']), intval($data['year'])));
$wpdb->query("UPDATE {$wpdb->prefix}drainhole_version SET version='{$version}', hits='{$hits}', created_at='{$created_at}', reason='{$reason}' WHERE id='{$this->id}'");
}
public function findAllByAttributes(array $attributes = array(), $orderby = NULL, $order = 'DESC', $limit = '', $select = '*')
{
$orderby = $orderby ? $orderby : $this->_pk;
$query = 'SELECT ' . $select . ' FROM ' . $this->_table();
$where = '';
foreach ($attributes as $key => $value) {
$where .= ($where ? ' AND ' : ' WHERE ') . $key . " = '" . $this->_wpdb->escape($value) . "'";
}
$result = array();
foreach ($this->_wpdb->get_results($query . $where . ' ORDER BY ' . $orderby . ' ' . $order . ' ' . $limit, 'ARRAY_A') as $objectData) {
$className = get_class($this);
$result[] = new $className($objectData);
}
return $result;
}
function upgrade_from_0()
{
// Copy old tables
$old = $wpdb->get_results("SELECT * FROM drainhole_files");
if (count($old) > 0) {
DH_Hole::create(array('url' => get_option('drainhole_store'), 'directory' => realpath(ABSPATH) . '/' . get_option('drainhole_store')));
$hole = DH_Hole::get($wpdb->insert_id);
foreach ($old as $row) {
$version = wpdb::escape($row->version);
$file = wpdb::escape($row->file);
$wpdb->query("INSERT INTO {$wpdb->prefix}drainhole_files (file,hole_id,version,downloads,updated_at) VALUES ('{$file}',{$hole->id},'{$version}','{$row->downloads}',NOW())");
$file = DH_File::get($wpdb->insert_id);
$file->sync_modified_time($hole);
}
}
// Delete old tables
$wpdb->query("DROP TABLE drainhole_files");
$wpdb->query("DROP TABLE drainhole_access");
}
/**
* Create a new statistic item in the database. Certain data is extracted from the web environment (REMOTE_ADDR and HTTP_REFERER)
*
* @static
* @param int $file File ID
* @return int Access statistic ID
**/
function create($file, $version)
{
global $wpdb;
$user = wp_get_current_user();
if ($user) {
$user = $user->data->ID;
} else {
$user = 0;
}
if (isset($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
}
$ip = sprintf('%u', ip2long($ip));
$referrer = DH_Access::get_referrer(wpdb::escape($_SERVER['HTTP_REFERER']));
$wpdb->query("INSERT INTO {$wpdb->prefix}drainhole_access (file_id,created_at,ip,referrer,version_id,user_id) VALUES ({$file},NOW(),{$ip},'{$referrer}','{$version}','{$user}')");
return $wpdb->insert_id;
}
/**
* Quote the supplied input using mysql_real_escape_string() because WordPress
* is really gross.
*
* @param string $input
* @return string
*/
public function quoteInternal($input)
{
return "'" . $this->wpdb->escape($input) . "'";
}
/**
* Update a hole
*
* @static
* @param array $data Array of values (urlx,directoryx,role)
* @return boolean
**/
function update($data)
{
global $wpdb;
$directory = DH_Hole::sanitize_dir($data['directoryx']);
if ($directory != $this->directory && $directory != '' && is_writable(dirname($directory)) && file_exists($this->directory)) {
wp_mkdir_p(dirname($directory));
@rename($this->directory, $directory);
}
$this->hotlink = isset($data['hotlink']) ? true : false;
$this->directory = $directory;
$url = DH_Hole::sanitize_url($data['urlx']);
// Check for duplicate name
if ($url != $this->url && $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}drainhole_holes WHERE url LIKE '{$url}'") != 0) {
return false;
}
if ($data['role'] == '-') {
$this->role = 'NULL';
} else {
$this->role = "'" . $data['role'] . "'";
}
$this->url = $url;
$this->role_error_url = wpdb::escape($data['redirect_urlx']);
$url = wpdb::escape($this->url);
$directory = wpdb::escape($this->directory);
return $wpdb->query("UPDATE {$wpdb->prefix}drainhole_holes SET url='{$url}', directory='{$directory}', role={$this->role}, role_error_url='{$this->role_error_url}', hotlink='{$this->hotlink}' WHERE id='{$this->id}'");
}
/**
* Determine whether the current user has permission to download the file
*
* @param DH_Hole $hole Hole in which the file lives
* @return boolean true if they can access it, false otherwise
**/
function have_access($hole)
{
$user = wp_get_current_user();
// Check forced access
if ($this->options['force_access']) {
if (preg_match('/id=([a-zA-Z0-9]*)/', $_SERVER['REQUEST_URI'], $matches) > 0) {
// Now check that we can find a user with the appropriate details
global $wpdb;
$id = wpdb::escape($matches[1]);
$user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE MD5(CONCAT(user_login,MD5(user_pass),'{$this->file}'))='{$id}'");
if (!$user) {
return false;
}
} else {
return false;
}
}
if ($hole->role != '') {
if ($user->ID > 0) {
if ($hole->role == 'paid' && class_exists('SH_Cart')) {
// See if user has paid for this
if (!SH_Cart::has_user_purchased($this->id)) {
return false;
}
} else {
global $wp_roles;
$caps = $wp_roles->get_role($hole->role);
// Get highest level of the role
for ($x = 10; $x >= 0; $x--) {
if (isset($caps->capabilities['level_' . $x])) {
break;
}
}
// Can this user access that level
if (!isset($user->allcaps['level_' . $x])) {
return false;
}
}
} else {
return false;
}
}
// Check hotlinking
if ($hole->hotlink) {
// Check that the referrer is from our site
if (isset($_SERVER['HTTP_REFERER']) && strlen($_SERVER['HTTP_REFERER']) > 0 && substr($_SERVER['HTTP_REFERER'], 0, strlen(get_bloginfo('home'))) != get_bloginfo('home')) {
return false;
}
}
$result = apply_filters('drain_hole_access', $this);
if (is_object($result)) {
return true;
}
return $result;
}
