/**
* get HTML admin subfields parameters (used to enter object search parameters values in admin)
*
* @return string : the html admin
* @access public
*/
function getHTMLSubFieldsParametersSearch($language, $prefixName)
{
global $polymodCodename;
$input = '';
//get params values
$params = $this->getParamsValues();
$values = $params['searchedObjects'];
//get object definition
$objectDef = $this->getObjectDefinition();
//load object fields
$objectFields = CMS_poly_object_catalog::getFieldsDefinition($this->_objectID);
//Add all subobjects or special fields (like categories) to search if any
foreach ($objectFields as $fieldID => $field) {
//check if field is searchable
if ($field->getValue('searchable')) {
//check if field has a method to provide a list of names
$objectType = $field->getTypeObject();
if (method_exists($objectType, 'getListOfNamesForObject')) {
$objectsNames = $objectType->getListOfNamesForObject(false, array(), false);
if (is_array($objectsNames) && $objectsNames) {
$s_object_listbox = CMS_moduleCategories_catalog::getListBox(array('field_name' => $prefixName . 'searchedObjects[' . $fieldID . ']', 'items_possible' => $objectsNames, 'default_value' => $values[$fieldID], 'attributes' => 'class="admin_input_text" style="width:250px;"'));
$input .= '
<tr>
<td class="admin" align="right">' . $field->getLabel($language) . ' :</td>
<td class="admin">' . $s_object_listbox . '</td>
</tr>';
}
}
}
}
$input = $input ? '<table border="0" cellpadding="3" cellspacing="0" style="border-left:1px solid #4d4d4d;">' . $input . '</table>' : '';
return $input;
}
/**
* Get all searched objects ids
*
* @access private
* @return array of object ids unsorted
*/
protected function _getIds()
{
$IDs = array();
$statusSuffix = $this->_public ? "_public" : "_edited";
//loop on each conditions
foreach ($this->_whereConditions as $type => $typeWhereConditions) {
foreach ($typeWhereConditions as $whereConditionsValues) {
$value = $whereConditionsValues['value'];
$operator = $whereConditionsValues['operator'];
$sql = '';
switch ($type) {
case "object":
//add previously found IDs to where clause
$where = $IDs ? ' and id_moo in (' . $this->_getSQLTmpList() . ')' : '';
//to remove deleted objects from results
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tid_moo as objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_object_polyobjects\n\t\t\t\t\twhere\n\t\t\t\t\t\tobject_type_id_moo = '" . $this->_object->getID() . "'\n\t\t\t\t\t\tand deleted_moo = '0'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t";
break;
case "item":
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
//check operator
$supportedOperator = array('=', '!=', '>=', '>', '<=', '<');
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError("Unknown search operator : " . $operator . ", use default search instead");
$operator = false;
}
if (!$operator) {
$operator = '=';
}
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_string" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_date" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t";
break;
case "items":
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
//check operator
$supportedOperator = array('in', 'not in');
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError("Unknown search operator : " . $operator . ", use default search instead");
$operator = false;
}
if (!$operator) {
$operator = 'in';
}
//no values to found so break search
if ((!is_array($value) || !$value) && $operator == 'in') {
$IDs = array();
break;
}
//no filter to do so break search
if ((!is_array($value) || !$value) && $operator == 'not in') {
break;
}
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_string" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_date" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t";
break;
case "profile":
//if user has no right on module, he cannot search object on it
if (!$value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_VIEW)) {
break;
}
//if object has categories, check rights on it
if ($this->_object->hasCategories()) {
//get field of categories for searched object type (assume it uses categories)
$categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->_object->getId());
//BUG : in websites without APPLICATION_ENFORCES_ACCESS_CONTROL, backend rights on categories are checked on visibility instead of edition
if (!$this->_public) {
$clearance = CLEARANCE_MODULE_EDIT;
$strict = true;
} else {
$clearance = CLEARANCE_MODULE_VIEW;
$strict = false;
}
//get a list of all viewvable categories for current user
$cats = array_keys(CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($value, $this->_object->getValue('module'), true, $clearance, $strict));
foreach ($categoriesFields as $categoriesField) {
//load category field if not exists
if (!isset($this->_fieldsDefinitions[$categoriesField]) || !is_object($this->_fieldsDefinitions[$categoriesField])) {
//get object fields definition
$this->_fieldsDefinitions = CMS_poly_object_catalog::getFieldsDefinition($this->_object->getID());
}
if (!isset($this->_fieldsDefinitions[$categoriesField])) {
break;
}
//we can see objects without categories only if is not public or field is not required and user has admin right on module
if ($this->_public && !$this->_fieldsDefinitions[$categoriesField]->getValue('required') || !$this->_public && $value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_EDIT)) {
//add deleted cats to searchs
$viewvableCats = array_merge(CMS_moduleCategories_catalog::getDeletedCategories($this->_object->getValue('module')), $cats);
//add zero value for objects without categories
$viewvableCats[] = 0;
} else {
$viewvableCats = $cats;
//add zero value for objects without categories
$viewvableCats[] = 0;
}
//if no viewvable categories, user has no rights to view anything
if (!$viewvableCats) {
break;
}
$removedIDs = array();
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
$sqlTmp = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '" . $categoriesField . "'\n\t\t\t\t\t\t\t\t\tand value not in (" . @implode(',', $viewvableCats) . ")\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t";
$qTmp = new CMS_query($sqlTmp);
while ($r = $qTmp->getArray()) {
if ($r['objectID'] && isset($IDs[$r['objectID']])) {
$removedIDs[$r['objectID']] = $r['objectID'];
}
}
//add (again) ids which has a category visible and a category not visible
if ($removedIDs) {
$sqlTmp = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\tobjectFieldID = '" . $categoriesField . "'\n\t\t\t\t\t\t\t\t\t\tand value in (" . @implode(',', $viewvableCats) . ")\n\t\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t";
$qTmp = new CMS_query($sqlTmp);
while ($r = $qTmp->getArray()) {
if ($r['objectID'] && isset($removedIDs[$r['objectID']])) {
unset($removedIDs[$r['objectID']]);
}
}
//then finally remove ids
foreach ($removedIDs as $idToRemove) {
unset($IDs[$idToRemove]);
}
}
//if no IDs break
if (!$IDs) {
break;
}
//if field is required and if it is a public search, object must have this category in DB
if ($this->_fieldsDefinitions[$categoriesField]->getValue('required') && $this->_public) {
//update tmp table with found ids
$this->_updateTmpList($IDs);
$sqlTmp = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\tobjectFieldID = '" . $categoriesField . "'\n\t\t\t\t\t\t\t\t\t\tand objectID in (" . $this->_getSQLTmpList() . ")\n\t\t\t\t\t\t\t\t";
$qTmp = new CMS_query($sqlTmp);
$IDs = array();
while ($r = $qTmp->getArray()) {
$IDs[$r['objectID']] = $r['objectID'];
}
}
//if no IDs break
if (!$IDs) {
break;
}
}
//if no IDs break
if (!$IDs) {
break;
}
} elseif (!$this->_public && !$value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_EDIT)) {
break;
} elseif ($this->_public && !$value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_VIEW)) {
break;
}
//update tmp table with found ids
$this->_updateTmpList($IDs);
//add previously found IDs to where clause
$where = $IDs ? ' id_moo in (' . $this->_getSQLTmpList() . ')' : '';
$sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\tdistinct id_moo as objectID\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\tmod_object_polyobjects\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t";
break;
case "keywords":
if ($value) {
//check operators
$supportedOperator = array('any', 'all', 'phrase', 'beginswith');
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError("Unkown search operator : " . $operator . ", use default search instead");
$operator = 'any';
} elseif (!$operator) {
$operator = 'any';
}
//if ASE module exists (and is active) and object is indexed, and search is public, use it to do this search
if ($operator == 'any' && class_exists('CMS_module_ase') && CMS_module_ase::isActive() && $this->_object->getValue('indexable') && $this->_public) {
//get language code for stemming
$languageCode = '';
if ($languageFieldIDs = CMS_poly_object_catalog::objectHasLanguageField($this->_object->getID())) {
$languageFieldID = array_shift($languageFieldIDs);
//if any query use this field, use the queried value for stemming strategy
if (isset($this->_whereConditions[$languageFieldID]) && $this->_whereConditions[$languageFieldID]) {
$languageCode = $this->_whereConditions[$languageFieldID][0]['value'];
}
}
//otherwise, we use current language
if (!$languageCode) {
global $cms_language;
$languageCode = $cms_language->getCode();
}
if (!$languageCode) {
$languageCode = io::strtolower(APPLICATION_DEFAULT_LANGUAGE);
}
$module = $this->_object->getValue('module');
//create Xapian search object
$search = new CMS_XapianQuery(trim($value), array($module), $languageCode, true);
//load module interface
if (!($moduleInterface = CMS_ase_interface_catalog::getModuleInterface($module))) {
$this->raiseError('No active Xapian interface for module : ' . $module);
return false;
}
//add previously found IDs to search filters
$moduleInterface->addFilter('items', $IDs);
//set module interface to search engine
$search->setModuleInterface($module, $moduleInterface);
//set page number and max results for xapian query
//we must do a complete search all the time so we start from page 0
$page = 0;
//we limit to a maximum of 1000 results
$maxResults = 1000;
//then search
if (!$search->query($page, $maxResults)) {
$this->raiseError('Error in Xapian query for search : ' . io::htmlspecialchars($value));
return false;
}
//pr($search->getQueryDesc(true));
//if no results : break
if (!$search->getMatchesNumbers()) {
break;
}
$xapianResults = $search->getMatches();
} else {
//get fields
if (!isset($this->_fieldsDefinitions[$type]) || !is_object($this->_fieldsDefinitions[$type])) {
//get object fields definition
$this->_fieldsDefinitions = CMS_poly_object_catalog::getFieldsDefinition($this->_object->getID());
}
//search only in "searchable" fields
$fields = array();
$aseExists = class_exists('CMS_module_ase') && CMS_module_ase::isActive() && $this->_object->getValue('indexable') ? true : false;
foreach ($this->_fieldsDefinitions as $fieldDefinition) {
if ($fieldDefinition->getValue($aseExists ? 'indexable' : 'searchable')) {
$fields[] = $fieldDefinition->getID();
}
}
if (!$fields) {
//if no fields after cleaning, return
break;
}
//add previously found IDs to where clause
$where = $IDs ? ' objectID in (' . $this->_getSQLTmpList() . ') and ' : '';
//filter on specified fields
$where .= $fields ? ' objectFieldID in (' . implode(',', $fields) . ') and ' : '';
//clean user keywords (never trust user input, user is evil)
$value = strtr($value, ",;", " ");
$words = array();
$words = array_map("trim", array_unique(explode(" ", $value)));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
break;
}
switch ($operator) {
case 'any':
$where .= '(';
//then add keywords
$count = '0';
foreach ($cleanedWords as $aWord) {
$where .= $count ? ' or ' : '';
$count++;
$where .= "value like '%" . $aWord . "%'";
if (htmlentities($aWord) != $aWord) {
$where .= " or value like '%" . htmlentities($aWord) . "%'";
}
}
$where .= ')';
break;
case 'all':
$where .= '(';
//then add keywords
$count = '0';
foreach ($cleanedWords as $aWord) {
$where .= $count ? ' and ' : '';
$count++;
if (htmlentities($aWord) != $aWord) {
$where .= "(value like '%" . $aWord . "%' or value like '%" . htmlentities($aWord) . "%')";
} else {
$where .= "value like '%" . $aWord . "%'";
}
}
$where .= ')';
break;
case 'phrase':
$value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value));
if (htmlentities($value) != $value) {
$where .= "(value like '%" . $value . "%' or value like '%" . htmlentities($value) . "%')";
} else {
$where .= "value like '%" . $value . "%'";
}
break;
case 'beginswith':
$value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value));
if (htmlentities($value) != $value) {
$where .= "(value like '" . $value . "%' or value like '" . htmlentities($value) . "%')";
} else {
$where .= "value like '" . $value . "%'";
}
break;
}
$sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\tunion distinct\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\tunion distinct\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_string" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\tunion distinct\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_date" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t";
}
}
break;
case "publication date after":
// Date start
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
$sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\tand publicationDateStart_rs >= '" . $value->getDBValue(true) . "'\n\t\t\t\t\t\t\t\tand publicationDateStart_rs != '0000-00-00'\n\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t";
break;
case "publication date before":
// Date End
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
$sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\tand publicationDateStart_rs <= '" . $value->getDBValue(true) . "'\n\t\t\t\t\t\t\t\tand publicationDateStart_rs != '0000-00-00'\n\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t";
break;
case "publication date end":
// End Date of publication
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
$sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\tand (publicationDateEnd_rs >= '" . $value->getDBValue(true) . "'\n\t\t\t\t\t\t\t\tor publicationDateEnd_rs = '0000-00-00')\n\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t";
break;
case "status":
// Publication status
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
switch ($value) {
case 'online':
$sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand location_rs='" . RESOURCE_LOCATION_USERSPACE . "'\n\t\t\t\t\t\t\t\t\tand publication_rs='" . RESOURCE_PUBLICATION_PUBLIC . "'\n\t\t\t\t\t\t\t\t\tand publicationDateStart_rs <= '" . date('Y-m-d') . "'\n\t\t\t\t\t\t\t\t\tand publicationDateStart_rs != '0000-00-00'\n\t\t\t\t\t\t\t\t\tand (publicationDateEnd_rs >= '" . date('Y-m-d') . "'\n\t\t\t\t\t\t\t\t\tor publicationDateEnd_rs = '0000-00-00')\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t";
break;
case 'offline':
$sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand (publication_rs='" . RESOURCE_PUBLICATION_NEVERVALIDATED . "' or publication_rs='" . RESOURCE_PUBLICATION_VALIDATED . "')\n\t\t\t\t\t\t\t\t\tand (publicationDateStart_rs > '" . date('Y-m-d') . "' or publicationDateEnd_rs < '" . date('Y-m-d') . "')\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t";
break;
case 'validated':
$sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand editions_rs=0\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t";
break;
case 'awaiting':
$sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand editions_rs!=0\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t";
break;
}
break;
default:
//add previously found IDs to where clause
$where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : '';
if (!isset($this->_fieldsDefinitions[$type]) || !is_object($this->_fieldsDefinitions[$type])) {
//get object fields definition
$this->_fieldsDefinitions = CMS_poly_object_catalog::getFieldsDefinition($this->_object->getID());
}
//get type object for field
if (isset($this->_fieldsDefinitions[$type])) {
$objectField = $this->_fieldsDefinitions[$type]->getTypeObject();
$sql = $objectField->getFieldSearchSQL($type, $value, $operator, $where, $this->_public);
} else {
$this->raiseError('Unknown field ' . $type . ' to filter with value ' . print_r($value, true));
}
break;
}
if ($sql || isset($xapianResults) || isset($fullTextResults)) {
if ($sql) {
//pr($sql);
//$this->raiseError($sql);
$q = new CMS_query($sql);
$IDs = array();
if (!$q->hasError()) {
while ($id = $q->getValue('objectID')) {
$IDs[$id] = $id;
}
}
} elseif (isset($xapianResults)) {
$IDs = array();
foreach ($xapianResults as $id) {
$IDs[$id] = $id;
}
//if we only have objectID as orderCondition or if order by relevance is queried, use order provided by Xapian
if (isset($this->_orderConditions['objectID']) && $this->_orderConditions['objectID'] && sizeof($this->_orderConditions) <= 1 || isset($this->_orderConditions['relevance']) && $this->_orderConditions['relevance']) {
if ($this->_orderConditions['relevance'] == 'desc') {
$this->_orderConditions = array('itemsOrdered' => array('order' => array_reverse($IDs, true)));
} else {
$this->_orderConditions = array('itemsOrdered' => array('order' => $IDs));
}
if (isset($this->_orderConditions['relevance']) && $this->_orderConditions['relevance']) {
unset($this->_orderConditions['relevance']);
}
}
} else {
//if we only have objectID as orderCondition or if order by relevance is queried, use order provided by MySQL Fulltext
if (isset($this->_orderConditions['relevance']) && $this->_orderConditions['relevance']) {
if ($this->_orderConditions['relevance'] == 'desc') {
$this->_orderConditions = array('itemsOrdered' => array('order' => array_reverse($fullTextResults, true)));
} else {
$this->_orderConditions = array('itemsOrdered' => array('order' => $fullTextResults));
}
unset($this->_orderConditions['relevance']);
}
}
//if no results, no need to continue
if (!$IDs) {
$IDs = array();
$this->_numRows = 0;
return $IDs;
}
//update tmp table with found ids
$this->_updateTmpList($IDs);
} else {
//if no sql request, then no results (can be used by 'profile'), no need to continue
$IDs = array();
$this->_numRows = sizeof($IDs);
return $IDs;
}
}
}
$this->_numRows = sizeof($IDs);
return $IDs;
}
<tr>
<td width="150" class="admin">
' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_LANGUAGE) . ' :</td>
<td width="350" class="admin">';
$all_languages = CMS_languagesCatalog::getAllLanguages(MOD_CMS_FORMS_CODENAME);
foreach ($all_languages as $aLanguage) {
$checked = $aLanguage->getCode() == $items_language->getCode() ? ' checked="checked"' : '';
$content .= '
<label><input name="items_language" type="radio" value="' . $aLanguage->getCode() . '"' . $checked . ' onclick="submit();" /> ' . $aLanguage->getLabel() . '</label>';
}
$content .= '</td>
</tr>';
// Categories
$a_all_categories = CMS_forms_formularCategories::getAllCategoriesAsArray($cms_language, true);
if (sizeof($a_all_categories)) {
$s_categories_listbox = CMS_moduleCategories_catalog::getListBox(array('field_name' => 'items_ctg', 'items_possible' => $a_all_categories, 'default_value' => CMS_session::getSessionVar("items_ctg"), 'attributes' => 'class="admin_input_text" style="width:250px;"'));
$content .= '
<tr>
<td class="admin">' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_CATEGORY, false, MOD_CMS_FORMS_CODENAME) . ' :</td>
<td class="admin">' . $s_categories_listbox . '</td>
</tr>';
}
$content .= '
<tr>
<td class="admin" colspan="2">
<input type="submit" class="admin_input_submit" value="' . $cms_language->getMessage(MESSAGE_PAGE_ACTION_SHOW) . '" /></td>
</tr>
</form>
</table></fieldset><br />';
$content .= $cms_language->getMessage(MESSAGE_PAGE_HEADING1, false, MOD_CMS_FORMS_CODENAME) . '<br /><br />';
$items = $search->search();
/**
* Import module from given array datas
*
* @param array $data The module datas to import
* @param array $params The import parameters.
* array(
* create => false|true : create missing objects (default : true)
* update => false|true : update existing objects (default : true)
* files => false|true : use files from PATH_TMP_FS (default : true)
* )
* @param CMS_language $cms_language The CMS_langage to use
* @param array $idsRelation : Reference : The relations between import datas ids and real imported ids
* @param string $infos : Reference : The import infos returned
* @return boolean : true on success, false on failure
* @access public
*/
function fromArray($data, $params, $cms_language, &$idsRelation, &$infos)
{
if (!$this->getID()) {
if (!isset($params['create']) || $params['create'] == true) {
//if module does not exists yet, add codename and default admin frontend
$this->setCodename($data['codename']);
$this->setAdminFrontend('index.php');
} else {
$infos .= 'Module does not exists and parameter does not allow to create it ...' . "\n";
return false;
}
}
if (!$this->getID() && (!isset($params['create']) || $params['create'] == true) || $this->getID() && (!isset($params['update']) || $params['update'] == true)) {
if (isset($data['labels'])) {
//create labels
$this->setLabel($cms_language->createMessage($this->_codename, $data['labels']));
}
if (!$this->writeToPersistence()) {
$infos .= 'Error writing module ...' . "\n";
return false;
} elseif (isset($data['parameters']) && is_array($data['parameters']) && $data['parameters']) {
//write module parameters
$this->_hasParameters = 1;
$filename = PATH_MODULES_FS . "/" . $this->_codename . "_rc.xml";
if (!file_exists($filename)) {
$file = new CMS_file($filename);
$file->writeToPersistence(true);
}
$this->setAndWriteParameters($data['parameters']);
$this->writeToPersistence();
}
}
//append codename to parameters
$params['module'] = $this->_codename;
//add categories
if (isset($data['categories']) && $data['categories']) {
if (!CMS_moduleCategories_catalog::fromArray($data['categories'], $params, $cms_language, $idsRelation, $infos)) {
$infos .= 'Error during categories import ...' . "\n";
return false;
}
}
if (!isset($params['files']) || $params['files'] == true) {
//add JS
if (isset($data['js']) && $data['js']) {
foreach ($data['js'] as $jsFile) {
if ($jsFile && file_exists(PATH_TMP_FS . $jsFile)) {
if (file_exists(PATH_REALROOT_FS . $jsFile) && (!isset($params['updateJs']) || $params['updateJs'] == true) || (!isset($params['create']) || $params['create'] == true)) {
if (CMS_file::moveTo(PATH_TMP_FS . $jsFile, PATH_REALROOT_FS . $jsFile)) {
CMS_file::chmodFile(FILES_CHMOD, PATH_REALROOT_FS . $jsFile);
} else {
$infos .= 'Error during copy of file ' . $jsFile . ' ...' . "\n";
}
}
}
}
}
}
if (!isset($params['files']) || $params['files'] == true) {
//add CSS
if (isset($data['css']) && $data['css']) {
foreach ($data['css'] as $cssFile) {
if ($cssFile && file_exists(PATH_TMP_FS . $cssFile)) {
if (file_exists(PATH_REALROOT_FS . $cssFile) && (!isset($params['updateCss']) || $params['updateCss'] == true) || (!isset($params['create']) || $params['create'] == true)) {
if (CMS_file::moveTo(PATH_TMP_FS . $cssFile, PATH_REALROOT_FS . $cssFile)) {
CMS_file::chmodFile(FILES_CHMOD, PATH_REALROOT_FS . $cssFile);
} else {
$infos .= 'Error during copy of file ' . $cssFile . ' ...' . "\n";
}
}
}
}
}
}
if (!isset($params['files']) || $params['files'] == true) {
//add IMG
if (isset($data['img']) && $data['img']) {
foreach ($data['img'] as $imgFile) {
if ($imgFile && file_exists(PATH_TMP_FS . $imgFile)) {
if (file_exists(PATH_REALROOT_FS . $imgFile) && (!isset($params['updateImg']) || $params['updateImg'] == true) || (!isset($params['create']) || $params['create'] == true)) {
if (CMS_file::moveTo(PATH_TMP_FS . $imgFile, PATH_REALROOT_FS . $imgFile)) {
CMS_file::chmodFile(FILES_CHMOD, PATH_REALROOT_FS . $imgFile);
} else {
$infos .= 'Error during copy of file ' . $imgFile . ' ...' . "\n";
}
}
}
}
}
}
if (!isset($params['files']) || $params['files'] == true) {
//add rows
if (isset($data['rows']) && $data['rows']) {
if (!CMS_rowsCatalog::fromArray($data['rows'], $params, $cms_language, $idsRelation, $infos)) {
$infos .= 'Error during rows import ...' . "\n";
return false;
}
}
}
return true;
}
/**
* filter array of categories ID with user clearance
*
* @param array $categories, IDs of categories to filter
* @param integer $clearance, default is CLEARANCE_MODULE_VIEW
* @param string $module : the module codename
* @param boolean $strict : strict filtering of categories : do not allow parent categories of lower levels
* @return array
* @access public
*/
function filterModuleCategoriesClearance($categories, $clearance = CLEARANCE_MODULE_VIEW, $module = false, $strict = false)
{
if (!is_array($categories)) {
return array();
}
$filteredCategories = array();
//get denied cats (including deleted cats)
$deniedCats = $this->getRootModuleCategoriesDenied($module);
if (!is_array($deniedCats)) {
$deniedCats = array();
}
if (!$strict) {
switch ($clearance) {
case CLEARANCE_MODULE_VIEW:
$matchingCats = $this->getRootModuleCategoriesReadable($module);
break;
case CLEARANCE_MODULE_EDIT:
$matchingCats = $this->getRootModuleCategoriesWritable($module);
break;
case CLEARANCE_MODULE_MANAGE:
$matchingCats = $this->getRootModuleCategoriesManagable($module);
break;
}
if (!is_array($matchingCats)) {
$matchingCats = array();
}
if ($this->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
//only remove catsDenied
foreach ($deniedCats as $deniedCatID) {
unset($categories[$deniedCatID]);
}
return $categories;
}
//construct n level tree with all of these categories and array of lineages
$nLevelArray = array();
foreach ($categories as $catID) {
//get category lineage
$lineage = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($catID);
if ($lineage) {
$lineageArray[$catID] = $lineage;
//then create n level table
$ln = sensitiveIO::sanitizeExecCommand('if (!isset($nLevelArray[' . str_replace(';', '][', $lineage) . '])) $nLevelArray[' . str_replace(';', '][', $lineage) . '] = array();');
eval($ln);
}
}
$filteredCategories = $this->_filterModuleCategoriesClearanceRecursion($nLevelArray, $matchingCats, $deniedCats, false);
$returnedFilteredCategories = array();
foreach ($filteredCategories as $catID) {
$returnedFilteredCategories[$catID] = $catID;
}
} else {
$returnedFilteredCategories = array();
foreach ($categories as $catID) {
if (!in_array($catID, $deniedCats) && $this->hasModuleCategoryClearance($catID, $clearance, $module)) {
$returnedFilteredCategories[$catID] = $catID;
}
}
}
return $returnedFilteredCategories;
}
/**
* Builds where statement with a key and its value
* The key can be known, this class will create statements in consequence
* or not known so key is understood as a field name and this
* method will append a statement such $key='$value'
*
* @access public
* @param string $key name of statement to set
* @param string $value , the value to give
*/
function addWhereCondition($type, $value)
{
switch ($type) {
case "language":
array_push($this->_where, "language_frm='" . SensitiveIO::sanitizeSQLString($value->getCode()) . "'");
break;
case "profile":
if (APPLICATION_ENFORCES_ACCESS_CONTROL != false) {
$a_where = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($value, MOD_CMS_FORMS_CODENAME, true);
array_push($this->_tables, "modulesCategories");
array_push($this->_where, "id_mca=category_fca");
array_push($this->_tables, "mod_cms_forms_categories");
array_push($this->_where, "id_frm=form_fca");
if (sizeof($a_where)) {
$a_where = array_keys($a_where);
array_push($this->_where, 'category_fca in (' . @implode(',', $a_where) . ')');
} else {
$a_where = array_keys($a_where);
array_push($this->_where, 'category_fca = NULL');
}
}
break;
case "category":
$value = $this->_sanitizeSQLString($value);
if (SensitiveIO::isPositiveInteger($value) && ($s_lineage = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($value))) {
array_push($this->_tables, "modulesCategories");
array_push($this->_tables, "mod_cms_forms_categories");
array_push($this->_where, "id_mca=category_fca");
array_push($this->_where, "id_frm=form_fca");
array_push($this->_where, "(lineage_mca = '" . SensitiveIO::sanitizeSQLString($s_lineage) . "' or lineage_mca like '" . SensitiveIO::sanitizeSQLString($s_lineage) . ";%')");
}
break;
case "keywords":
$value = $this->_sanitizeSQLString($value);
$kwrds = @explode(" ", $value);
$kwrds = SensitiveIO::sanitizeSQLString(@implode("%", $kwrds));
if (trim($kwrds) != '%') {
array_push($this->_where, "name_frm like '%" . $kwrds . "%'");
}
break;
default:
$value = $this->_sanitizeSQLString($value);
array_push($this->_where, $type . "='" . SensitiveIO::sanitizeSQLString($value) . "'");
break;
}
$this->_tables = @array_unique($this->_tables);
$this->_where = @array_unique($this->_where);
}
if ($cms_message) {
$dialog->setActionMessage($cms_message);
}
// Insert prefered text editor for textarea field
$toolbarset = !$cms_module->getParameters("editor_toolbar") ? 'Basic' : $cms_module->getParameters("editor_toolbar");
$attrs = array('form' => 'frmitem', 'field' => 'source_' . $item->getID(), 'value' => $item->getAttribute('source'), 'language' => $cms_language, 'width' => 600, 'height' => 600, 'rows' => 8, 'toolbarset' => $toolbarset);
$text_editor = CMS_textEditor::getEditorFromParams($attrs);
$dialog->setJavascript($text_editor->getJavascript());
// Get listboxes for categories
$a_all_categories = CMS_moduleCategories_catalog::getAllCategoriesAsArray($cms_user, $cms_module->getCodename(), $cms_language);
if (!sizeof($a_all_categories)) {
//user has no right on categories so he can't edit/create items
header("Location: " . $cms_module->getAdminFrontendPath(PATH_RELATIVETO_WEBROOT) . "?cms_message_id=65&" . session_name() . "=" . session_id());
exit;
}
$s_categories_listboxes = CMS_moduleCategories_catalog::getListBoxes(array('field_name' => 'ids', 'items_possible' => $a_all_categories, 'items_selected' => $item_relations->getCategoriesIds(), 'select_width' => '250px', 'select_height' => '120px', 'form_name' => 'frmitem'));
// Default check statuses for radios
$public = array();
$public[1] = $item->getAttribute('public') === true ? ' checked="checked"' : '';
$public[0] = $item->getAttribute('public') === false ? ' checked="checked"' : '';
$content = '
<table border="0" cellpadding="3" cellspacing="2">
<form name="frmitem" action="' . $_SERVER["SCRIPT_NAME"] . '" method="post" enctype="multipart/form-data" onSubmit="getSelectedOptionsInField_ids();">
<input type="hidden" name="cms_action" value="validate" />
<input type="hidden" name="language" value="' . CMS_session::getSessionVar("items_language") . '" />
<input id="itemId" type="hidden" name="item" value="' . $item->getID() . '" />
<tr>
<td class="admin" align="right">
<span class="admin_text_alert">*</span> ' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_LABEL, false, MOD_CMS_FORMS_CODENAME) . ' :</td>
<td class="admin">
<input type="text" size="30" class="admin_input_text" name="name" value="' . io::htmlspecialchars($item->getAttribute('name')) . '" /></td>
/**
* Get field search SQL request (used by class CMS_object_search)
*
* @param integer $fieldID : this field id in object (aka $this->_field->getID())
* @param integer $value : the category value to search
* @param string $operator : additionnal search operator
* @param string $where : where clauses to add to SQL
* @param boolean $public : values are public or edited ? (default is edited)
* @return string : the SQL request
* @access public
*/
function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false)
{
$statusSuffix = $public ? "_public" : "_edited";
$supportedOperator = array('editableOnly', 'strict', 'not in', 'not in strict');
if ($operator && !in_array($operator, $supportedOperator)) {
$this->raiseError("Unkown search operator : " . $operator . ", use default search instead");
$operator = false;
}
if ($operator == 'editableOnly') {
global $cms_user;
//get module codename
$moduleCodename = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID());
//get a list of all viewvable categories for current user
$editableCats = array_keys(CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($cms_user, $moduleCodename, true, true));
//if no viewvable categories, user has no rights to view anything
if (!$editableCats) {
return false;
}
//add previously found IDs to where clause
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand value in (" . @implode(',', $editableCats) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t";
$q = new CMS_query($sql);
$IDs = array();
if (!$q->hasError()) {
while ($id = $q->getValue('objectID')) {
$IDs[$id] = $id;
}
}
//if no results, no need to continue
if (!$IDs) {
return false;
}
$where = $IDs ? ' and objectID in (' . implode(',', $IDs) . ')' : '';
}
if ($value == CMS_moduleCategory::LINEAGE_PARK_POSITION) {
//if it is a public search, and field is mandatory, no objects should be returned
if ($this->_field->getValue('required') && $public) {
return false;
}
$module = CMS_poly_object_catalog::getModuleCodenameForField($fieldID);
//add deleted cats to searchs
$viewvableCats = CMS_moduleCategories_catalog::getDeletedCategories($module);
//add zero value for objects without categories
$viewvableCats[] = 0;
//get object type id
$objectID = CMS_poly_object_catalog::getObjectIDForField($fieldID);
//first we get objects with deleted or no categories (value 0)
$sqlTmp = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\tand value in (" . implode(',', $viewvableCats) . ")\n\t\t\t\t\t{$where}\n\t\t\t\t";
$qTmp = new CMS_query($sqlTmp);
$deletedIDs = array();
while ($r = $qTmp->getArray()) {
if ($r['objectID']) {
$deletedIDs[$r['objectID']] = $r['objectID'];
}
}
//then if we get objects with no categories at all (not referenced in mod_subobject_integer table)
$sqlTmp = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t{$where}\n\t\t\t\t";
$qTmp = new CMS_query($sqlTmp);
$noCatsIDs = $catsIDs = array();
while ($r = $qTmp->getArray()) {
if ($r['objectID']) {
$catsIDs[$r['objectID']] = $r['objectID'];
}
}
$IDs = array();
if (preg_match_all('#\\d+#', $where, $IDs)) {
$IDs = array_shift($IDs);
}
$noCatsIDs = array_diff($IDs, $catsIDs);
$IDs = array_merge($deletedIDs, $noCatsIDs);
//if no results, no need to continue
if (!$IDs) {
return false;
}
//then we mix the too results and we return it as a fake SQL request to keep system compatibility
$sql = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct id_moo as objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_object_polyobjects\n\t\t\t\twhere \n\t\t\t\t\tid_moo in (" . implode(',', $IDs) . ")\n\t\t\t\t";
} else {
if ($operator == 'strict') {
if (!is_array($value)) {
$value = array($value);
}
//get categories searched
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\tand value in (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t";
} elseif ($operator == 'not in strict') {
if (!is_array($value)) {
$value = array($value);
}
//get categories searched
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\tand value not in (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t";
} else {
if (!is_array($value)) {
$value = array($value);
}
$lineages = array();
foreach ($value as $catID) {
if ($catID) {
//get lineage of category searched
$lineages[] = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($catID);
}
}
$sql = '';
if ($operator == 'not in') {
foreach ($lineages as $lineage) {
$sql .= $sql ? ' and ' : '';
$sql .= "\n\t\t\t\t\t\tlineage_mca != '" . SensitiveIO::sanitizeSQLString($lineage) . "'\n\t\t\t\t\t\tand lineage_mca not like '" . SensitiveIO::sanitizeSQLString($lineage) . ";%' ";
}
} else {
foreach ($lineages as $lineage) {
$sql .= $sql ? ' or ' : '';
$sql .= "\n\t\t\t\t\t\tlineage_mca = '" . SensitiveIO::sanitizeSQLString($lineage) . "'\n\t\t\t\t\t\tor lineage_mca like '" . SensitiveIO::sanitizeSQLString($lineage) . ";%' ";
}
}
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca=value\n\t\t\t\t\t\t" . ($sql ? " and (" . $sql . ") " : '') . "\n\t\t\t\t\t\t{$where}";
}
}
return $sql;
}
/**
* Destroy the module
*
* @return void
* @access public
*/
function destroy()
{
global $cms_user;
// Check module exists and is polymod
if (!$this->isDestroyable()) {
return false;
}
// CHECK USED ROWS
$rowsIds = CMS_rowsCatalog::getByModules(array($this->_codename), false, false);
//delete all module rows
foreach ($rowsIds as $rowId) {
$row = CMS_rowsCatalog::getByID($rowId);
if (is_object($row)) {
$row->destroy();
}
}
// TREAT CATEGORIES
$attrs = array("module" => $this->_codename, "language" => CMS_languagesCatalog::getDefaultLanguage(), "level" => -1, "root" => -1, "cms_user" => $cms_user, "clearanceLevel" => CLEARANCE_MODULE_EDIT, "strict" => false);
$cats = CMS_moduleCategories_catalog::getAll($attrs);
if ($cats) {
foreach ($cats as $cat) {
// Destroy category
$cat->destroy();
}
}
// TREAT MODULE & VALIDATIONS RIGHTS
$sql = "\n\t\t\tselect \n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tprofiles\n\t\t\twhere\n\t\t\t\tmoduleClearancesStack_pr like '" . io::sanitizeSQLString($this->_codename) . ",%'\n\t\t\t\t or moduleClearancesStack_pr like '%;" . io::sanitizeSQLString($this->_codename) . ",%'\n\t\t ";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
while ($r = $q->getArray()) {
$stack = new CMS_stack();
$stack->setTextDefinition($r['moduleClearancesStack_pr']);
$stack->delAllWithOneKey($this->_codename);
$qInsert = new CMS_query("update profiles set moduleClearancesStack_pr='" . io::sanitizeSQLString($stack->getTextDefinition()) . "' where id_pr='" . $r['id_pr'] . "'");
}
}
$sql = "\n\t\t\tselect \n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tprofiles\n\t\t\twhere\n\t\t\t\tvalidationClearancesStack_pr like '" . io::sanitizeSQLString($this->_codename) . ";%'\n\t\t\t\t or validationClearancesStack_pr like '%;" . io::sanitizeSQLString($this->_codename) . ";%'\n\t\t\t\t or validationClearancesStack_pr = '" . io::sanitizeSQLString($this->_codename) . "'\n\t\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
while ($r = $q->getArray()) {
$stack = new CMS_stack();
$stack->setTextDefinition($r['validationClearancesStack_pr']);
$stack->delAllWithOneKey($this->_codename);
$qInsert = new CMS_query("update profiles set validationClearancesStack_pr='" . io::sanitizeSQLString($stack->getTextDefinition()) . "' where id_pr='" . $r['id_pr'] . "'");
}
}
//remove module files
if (CMS_file::deltreeSimulation(PATH_MODULES_FILES_FS . '/' . $this->_codename, true)) {
CMS_file::deltree(PATH_MODULES_FILES_FS . '/' . $this->_codename, true);
}
//remove JS and CSS
if (is_dir(PATH_JS_FS . '/modules/' . $this->_codename) && CMS_file::deltreeSimulation(PATH_JS_FS . '/modules/' . $this->_codename, true)) {
CMS_file::deltree(PATH_JS_FS . '/modules/' . $this->_codename, true);
}
if (is_dir(PATH_CSS_FS . '/modules/' . $this->_codename) && CMS_file::deltreeSimulation(PATH_CSS_FS . '/modules/' . $this->_codename, true)) {
CMS_file::deltree(PATH_CSS_FS . '/modules/' . $this->_codename, true);
}
$cssFiles = $this->getCSSFiles('', true);
foreach ($cssFiles as $mediaCssFiles) {
foreach ($mediaCssFiles as $cssFile) {
CMS_file::deleteFile(PATH_REALROOT_FS . '/' . $cssFile);
}
}
//Clear polymod cache
//CMS_cache::clearTypeCacheByMetas('polymod', array('module' => $this->_codename));
CMS_cache::clearTypeCache('polymod');
// Destroy module
return parent::destroy();
}
/**
* Import module from given array datas
*
* @param array $data The module datas to import
* @param array $params The import parameters.
* array(
* module => false|true : the module to create categories (required)
* create => false|true : create missing objects (default : true)
* update => false|true : update existing objects (default : true)
* files => false|true : use files from PATH_TMP_FS (default : true)
* )
* @param CMS_language $cms_language The CMS_langage to use
* @param array $idsRelation : Reference : The relations between import datas ids and real imported ids
* @param string $infos : Reference : The import infos returned
* @return boolean : true on success, false on failure
* @access public
*/
static function fromArray($data, $params, $cms_language, &$idsRelation, &$infos)
{
if (!isset($params['module'])) {
$infos .= 'Error : missing module codename for categories importation ...' . "\n";
return false;
}
$module = CMS_modulesCatalog::getByCodename($params['module']);
if ($module->hasError()) {
$infos .= 'Error : invalid module for categories importation : ' . $params['module'] . "\n";
return false;
}
$return = true;
foreach ($data as $categoryDatas) {
$importType = '';
if (isset($categoryDatas['uuid']) && ($id = CMS_moduleCategories_catalog::categoryExists($params['module'], $categoryDatas['uuid']))) {
//category already exist : load it if we can update it
if (!isset($params['update']) || $params['update'] == true) {
$category = CMS_moduleCategories_catalog::getByID($id);
$importType = ' (Update)';
}
} else {
//create new category if we can
if (!isset($params['create']) || $params['create'] == true) {
//if category to create has parent, try to get it
if (isset($categoryDatas['parent']) && $categoryDatas['parent']) {
//check for uuid translation
if (isset($idsRelation['categories-uuid'][$categoryDatas['parent']])) {
$categoryDatas['parent'] = $idsRelation['categories-uuid'][$categoryDatas['parent']];
}
//parent already exist : load it
$parentId = CMS_moduleCategories_catalog::categoryExists($params['module'], $categoryDatas['parent']);
}
if (isset($categoryDatas['root']) && $categoryDatas['root']) {
//check for uuid translation
if (isset($idsRelation['categories-uuid'][$categoryDatas['root']])) {
$categoryDatas['root'] = $idsRelation['categories-uuid'][$categoryDatas['root']];
}
//root already exist : load it
$rootId = CMS_moduleCategories_catalog::categoryExists($params['module'], $categoryDatas['root']);
}
//create category
$category = new CMS_moduleCategory(0, $cms_language);
$importType = ' (Creation)';
//set module
$category->setAttribute('moduleCodename', $params['module']);
if (isset($rootId)) {
$category->setAttribute('rootID', $rootId);
}
if (isset($parentId)) {
$category->setAttribute('parentID', $parentId);
}
}
}
if (isset($category)) {
if ($category->fromArray($categoryDatas, $params, $cms_language, $idsRelation, $infos)) {
$return &= true;
$infos .= 'Category "' . $category->getLabel($cms_language) . '" successfully imported' . $importType . "\n";
} else {
$return = false;
$infos .= 'Error during import of category ' . $categoryDatas['id'] . $importType . "\n";
}
}
}
return $return;
}
/**
* Import row from given array datas
*
* @param array $data The module datas to import
* @param array $params The import parameters.
* array(
* module => false|true : the module to create categories (required)
* create => false|true : create missing objects (default : true)
* update => false|true : update existing objects (default : true)
* files => false|true : use files from PATH_TMP_FS (default : true)
* )
* @param CMS_language $cms_language The CMS_langage to use
* @param array $idsRelation : Reference : The relations between import datas ids and real imported ids
* @param string $infos : Reference : The import infos returned
* @return boolean : true on success, false on failure
* @access public
*/
function fromArray($data, $params, $cms_language, &$idsRelation, &$infos)
{
if (!isset($params['module'])) {
$infos .= 'Error : missing module codename for categories importation ...' . "\n";
return false;
}
$module = CMS_modulesCatalog::getByCodename($params['module']);
if ($module->hasError()) {
$infos .= 'Error : invalid module for categories importation : ' . $params['module'] . "\n";
return false;
}
if (!$this->getID() && CMS_moduleCategories_catalog::uuidExists($data['uuid'])) {
//check imported uuid. If categories does not have an Id, the uuid must be unique or must be regenerated
$uuid = io::uuid();
//store old uuid relation
$idsRelation['categories-uuid'][$data['uuid']] = $uuid;
$data['uuid'] = $uuid;
}
//set category uuid if not exists
if (!$this->_uuid) {
$this->_uuid = $data['uuid'];
}
if (!isset($params['files']) || $params['files'] == true) {
if (isset($data['icon'])) {
$icon = $data['icon'];
if ($icon && file_exists(PATH_TMP_FS . $icon)) {
//destroy old file if any
if ($this->getIconPath(false, PATH_RELATIVETO_WEBROOT, true)) {
@unlink($this->getIconPath(true, PATH_RELATIVETO_FILESYSTEM, true));
$this->setAttribute('icon', '');
}
//move and rename uploaded file
$filename = PATH_TMP_FS . $icon;
$basename = pathinfo($filename, PATHINFO_BASENAME);
if (!$this->getID()) {
//need item ID
$this->writeToPersistence();
}
//create file path
$path = $this->getIconPath(true, PATH_RELATIVETO_FILESYSTEM, false) . '/';
$extension = pathinfo($icon, PATHINFO_EXTENSION);
$newBasename = "cat-" . $this->getID() . "-icon." . $extension;
$newFilename = $path . '/' . $newBasename;
if (CMS_file::moveTo($filename, $newFilename)) {
CMS_file::chmodFile(FILES_CHMOD, $newFilename);
//set it
$this->setAttribute('icon', $newBasename);
}
} elseif (!$icon) {
//destroy old file if any
if ($this->getIconPath(false, PATH_RELATIVETO_WEBROOT, true)) {
@unlink($this->getIconPath(true, PATH_RELATIVETO_FILESYSTEM, true));
$this->setAttribute('icon', '');
}
}
}
}
if (isset($data['labels'])) {
foreach ($data['labels'] as $language => $label) {
$this->setLabel($label, $language);
}
}
if (isset($data['descriptions'])) {
foreach ($data['descriptions'] as $language => $desc) {
$this->setDescription($desc, $language);
}
}
if (!isset($params['files']) || $params['files'] == true) {
if (isset($data['files']) && is_array($data['files'])) {
foreach ($data['files'] as $language => $file) {
if ($file && file_exists(PATH_TMP_FS . $file)) {
//destroy old file if any
if ($this->getFilePath($language, false, PATH_RELATIVETO_WEBROOT, true)) {
@unlink($this->getFilePath($language, true, PATH_RELATIVETO_FILESYSTEM, true));
$this->setFile('', $language);
}
//move and rename uploaded file
$filename = PATH_TMP_FS . $file;
$basename = pathinfo($filename, PATHINFO_BASENAME);
if (!$this->getID()) {
//need item ID
$this->writeToPersistence();
}
//create file path
$path = $this->getFilePath($language, true, PATH_RELATIVETO_FILESYSTEM, false) . '/';
$extension = pathinfo($file, PATHINFO_EXTENSION);
$newBasename = "cat-" . $this->getID() . "-file-" . $language . "." . $extension;
$newFilename = $path . '/' . $newBasename;
if (CMS_file::moveTo($filename, $newFilename)) {
CMS_file::chmodFile(FILES_CHMOD, $newFilename);
//set it
$this->setFile($newBasename, $language);
}
} elseif (!$file) {
//destroy old file if any
if ($this->getFilePath($language, false, PATH_RELATIVETO_WEBROOT, true)) {
@unlink($this->getFilePath($language, true, PATH_RELATIVETO_FILESYSTEM, true));
$this->setFile('', $language);
}
}
}
}
}
//write object
if (!$this->writeToPersistence()) {
$infos .= 'Error : can not write category ...' . "\n";
return false;
}
//if current category id has changed from imported id, set relation
if (isset($data['id']) && $data['id'] && $this->getID() != $data['id']) {
$idsRelation['categories'][$data['id']] = $this->getID();
if (isset($data['uuid']) && $data['uuid']) {
$idsRelation['categories'][$data['uuid']] = $this->getID();
}
}
//set category order
if (isset($data['order']) && $data['order']) {
CMS_moduleCategories_catalog::moveCategoryIndex($this, $data['order']);
}
//set categories childs
if (isset($data['childs']) && $data['childs']) {
return CMS_moduleCategories_catalog::fromArray($data['childs'], $params, $cms_language, $idsRelation, $infos);
}
return true;
}
}
} else {
$cms_message = $cms_language->getMessage(MESSAGE_PAGE_ACTION_ERROR_PROTECTED);
$category->raiseError('Error during modification of category ' . $category->getID() . '. Category is protected.');
}
break;
case 'move':
$category = new CMS_moduleCategory($categoryId);
if (!$category->isProtected()) {
$newParent = new CMS_moduleCategory($newParentId);
if (!$newParentId) {
$newParent->setAttribute('moduleCodename', $codename);
}
$index++;
//+1 because interface start index to 0 and system start it to 1
if (CMS_moduleCategories_catalog::moveCategory($category, $newParent, $index)) {
$content = array('success' => true);
} else {
$cms_message = $cms_language->getMessage(MESSAGE_ERROR_CATEGORY_MOVE);
}
} else {
$cms_message = $cms_language->getMessage(MESSAGE_PAGE_ACTION_ERROR_PROTECTED);
$category->raiseError('Error during modification of category ' . $category->getID() . '. Category is protected.');
}
break;
default:
CMS_grandFather::raiseError('Unknown action to do ...');
$view->show();
break;
}
//set user message if any
/**
* Returns each category ID and label in a module given user can see
*
* @access public
* @param CMS_language $cms_language, the language of the labels
* @param boolean $restrictToUsedCat, restrict returned categories to used ones only (default false)
* @return array(string) the statements or false if profile hasn't any access to any categories
*/
function getAllCategoriesAsArray($language = false, $restrictToUsedCat = false)
{
global $cms_user;
$categories = CMS_moduleCategories_catalog::getAllCategoriesAsArray($cms_user, MOD_CMS_FORMS_CODENAME, $language);
//pr($categories);
if (!$restrictToUsedCat) {
return $categories;
} else {
//Get all used categories IDS for this object field
$usedCategories = CMS_forms_formularCategories::getAllUsedCategoriesForField($language);
if (sizeof($usedCategories)) {
//get all categories lineage
$catArbo = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($cms_user, MOD_CMS_FORMS_CODENAME, true);
//pr($catArbo);
//need to remove all unused categories from list
$categoriesToKeep = array();
foreach ($usedCategories as $catID) {
$cats = explode(';', $catArbo[$catID]);
foreach ($cats as $aCat) {
$categoriesToKeep[$aCat] = $aCat;
}
}
//pr($categoriesToKeep);
//then remove unused categories from initial list
foreach ($categories as $catID => $catLabel) {
if (!isset($categoriesToKeep[$catID])) {
unset($categories[$catID]);
}
}
//pr($categories);
return $categories;
} else {
//no categories used
return array();
}
}
}
unset($all_languages[$cms_language->getCode()]);
array_unshift($all_languages, $userlanguage);
}
// Current category object to manipulate
if ($catId) {
$item = new CMS_moduleCategory($catId);
$item->setAttribute('language', $cms_language);
$item->setAttribute('moduleCodename', $codename);
$parentCategory = $item->getParent();
} else {
// Parent category
$item = new CMS_moduleCategory();
$item->setAttribute('language', $cms_language);
$item->setAttribute('moduleCodename', $codename);
if ($fatherId) {
$parentCategory = CMS_moduleCategories_catalog::getById($fatherId);
$parentCategory->setAttribute('language', $cms_language);
}
}
if (!function_exists("build_category_tree_options")) {
/**
* Recursive function to build the categories tree.
*
* @param CMS_moduleCategory $category
* @param integer $count, to determine category in-tree depth
* @return string HTML formated
*/
function build_category_tree_options($category, $count)
{
global $codename, $cms_language, $parentCategory, $cms_module, $cms_user, $catId;
//if category is not itself (to avoid infinite loop in lineage)
$i_current_clearance = (int) $stack_clearances->getElementValueFromKey($aRoot->getID());
// Show all sub categories
$content .= build_items_tree($aRoot, 0, $i_current_clearance);
}
$content .= '
</ul>
<input type="hidden" id="type-' . $hash . '" value="' . ($isUser ? 'user' : 'group') . '" />
<input type="hidden" id="catIds-' . $hash . '" value="' . implode(',', $items_ids) . '" />
<input type="hidden" id="profile-' . $hash . '" value="' . ($isUser ? $userId : $groupId) . '" />
<input type="hidden" id="module-' . $hash . '" value="' . $moduleCodename . '" />
</div>';
}
} else {
//get siblings
if ($moduleCodename != MOD_STANDARD_CODENAME) {
$item = CMS_moduleCategories_catalog::getByID($item);
$attrs = array("module" => $moduleCodename, "language" => $cms_language, "level" => $item->getID(), "root" => false, "attrs" => false, "cms_user" => &$cms_user);
$siblings = CMS_module::getModuleCategories($attrs);
} else {
$item = CMS_tree::getPageByID($item);
$siblings = CMS_tree::getSiblings($item);
}
$clearances = array_reverse($modules_clearances, true);
// Current item clearance
$i_current_clearance = false;
foreach ($clearances as $clearance) {
if ($i_current_clearance === false) {
if ($moduleCodename != MOD_STANDARD_CODENAME) {
if ($profile->hasModuleCategoryClearance($item->getID(), $clearance, $moduleCodename)) {
$i_current_clearance = $clearance;
}
