public function __construct($id, CodeKBUser &$user) { $this->_id = $id; $this->_user =& $user; $db = new CodeKBDatabase(); $db->dosql("SELECT name, " . "entry, " . "fs_name, " . "size, " . "symbol, " . "highlight, " . "created, " . "modified " . "FROM files " . "WHERE id = {$db->number($this->_id)}"); if ($db->countrows() == 0) { throw new CodeKBException(__METHOD__, "file", "nosuchfile"); } $this->_entry = new CodeKBEntry($db->column("entry"), $this->_user); if ($this->_user->entrycan("download", $this->_entry)) { $this->_downloadable = true; } $this->_name = $db->column("name"); $this->_fsname = $db->column("fs_name"); $this->_size = $db->column("size"); $this->_symbol = $db->column("symbol"); $this->_highlight = $db->column("highlight"); $this->_created = $db->column("created"); $this->_modified = $db->column("modified"); // For mysql... if ($this->_modified == "0000-00-00 00:00:00") { $this->_modified = null; } }
public function addfile($file, $type, $symbol) { // return values // 1 failed to upload if (!$this->_user->entrycan("changeentry", $this)) { return false; } global $HTTP_POST_FILES; $fs_name = null; if (is_uploaded_file($HTTP_POST_FILES[$file]['tmp_name'])) { $fs_name = CodeKBFile::upload($file); } if (!$fs_name) { throw new CodeKBException(__METHOD__, "file", "uploadfailed", null, 1); } else { $size = $HTTP_POST_FILES[$file]['size']; } $db = new CodeKBDatabase(); $db->start(); // We need a random id $succ = false; while ($succ == false) { $id = mt_rand(); $db->dosql("SELECT id " . "FROM files " . "WHERE id = {$db->number($id)}"); if ($db->countrows() == 0) { break; } } $db->dosql("INSERT INTO files (id, entry, name, fs_name, size, symbol, highlight) " . "VALUES ({$db->number($id)}, " . "{$db->number($this->_id)}, " . "'{$db->string($HTTP_POST_FILES[$file]['name'])}', " . "'{$db->string($fs_name)}', " . "{$db->number($size)}, " . "'{$db->string($symbol)}', " . "'{$db->string($type)}')"); $db->commit(); if ($db->success()) { return $id; } // Insert failed so remove zombie file $file = new CodeKBFile($id, $this->_user); $file->delete(); unset($file); throw new CodeKBException(__METHOD__, "entry", "fileaddfailed"); }
function showsearch() { global $lang; global $conf; global $site; global $user; $site->title($lang['search']['results']); $site->addfooter("search.php", "search", $lang['search']['extended']); if ($_POST['cancel']) { redirect("category.php"); } if (!$_POST['query'] && !$_POST['author'] && !$_POST['cats']) { $site->addcontent(notice($lang['search']['noquery'])); return false; } $start_search = microtime(true); $db = new CodeKBDatabase(); $searchquery = buildsearchquery($db->type()); try { $db->dosql($searchquery); } catch (Exception $e) { $site->addcontent(notice($lang['search']['wrongquery'])); } $end_search = microtime(true); $search = new CodeKBTemplate("search"); $search->push("extended", url("search.php", $lang['search']['extended'])); $text = phrasereplace($lang['search']['xresultsiny'], "%1%", $db->countrows()); $text = phrasereplace($text, "%2%", round($end_search - $start_search, 2)); $search->push("info", $text); $resultcode = ""; while ($val = $db->row()) { try { $tmpentry = new CodeKBEntry($val['id'], $user); unset($tmpentry); } catch (Exception $e) { continue; } $resultitem = new CodeKBTemplate("result"); $content = url("entry.php?id=" . $val['id'], icon($val['symbol'], $val['name'])) . " \n"; $content .= url("entry.php?id=" . $val['id'], htmlentities($val['name']), $val['name']); $resultitem->push("title", $content); $content = $db->datetime($val['created']) . " (" . htmlentities($val['author']) . ")"; $resultitem->push("subtitle", $content); $resultitem->push("description", htmlentities($val['description'])); $resultcode .= $resultitem->__toString(); unset($resultitem); } $search->push("results", $resultcode); $site->addcontent($search); return true; }
public function register($name, $pass) { // return values // 1 duplicate user $pass = sha1($pass); global $lang; if ($name == $lang['admin']['nobody']) { throw new CodeKBException(__METHOD__, "admin", "duplicateuser", $name, 1); } $db = new CodeKBDatabase(); $db->start(); $db->dosql("SELECT id " . "FROM users " . "WHERE name = '{$db->string($name)}'"); if ($db->countrows() > 0) { $db->abort(); throw new CodeKBException(__METHOD__, "admin", "duplicateuser", $name, 1); } // We need a random id $succ = false; while ($succ == false) { $id = mt_rand(); $db->dosql("SELECT id " . "FROM users " . "WHERE id = {$db->number($id)}"); if ($db->countrows() == 0) { break; } } $db->dosql("INSERT INTO users (id, name, pass) " . "VALUES ({$db->number($id)}, " . "'{$db->string($name)}', " . "'{$db->string($pass)}')"); $db->commit(); if ($db->success()) { return true; } throw new CodeKBException(__METHOD__, "admin", "failedadduser", $name); }
public function joingroup($user, $group) { // return values // 1 already in group $db = new CodeKBDatabase(); $db->start(); $db->dosql("SELECT userid " . "FROM group_user " . "WHERE userid = {$db->number($user)} AND " . "groupid = {$db->number($group)}"); if ($db->countrows() > 0) { $db->abort(); throw new CodeKBException(__METHOD__, "admin", "alreadyingroup", null, 1); } $db->dosql("INSERT INTO group_user (groupid, userid) " . "VALUES ({$db->number($group)}, " . "{$db->number($user)})"); $db->commit(); if ($db->success()) { return true; } throw new CodeKBException(__METHOD__, "admin", "failedjoin"); }
public function change($name, $description, $parent = -1) { // return values // 1 child cannot be parent // 2 duplicate category if (!$this->_user->can("changecat", $this)) { return false; } $db = new CodeKBDatabase(); $db->start(); if ($parent == -1) { $db->dosql("SELECT parent " . "FROM categories " . "WHERE id = {$db->number($this->_id)}"); $parent = $db->column("parent"); } else { $i = $parent; if ($i == $this->_id) { throw new CodeKBException(__METHOD__, "category", "childnoparent", $name, 1); } while ($i != 0) { $db->dosql("SELECT parent " . "FROM categories " . "WHERE id = {$db->number($i)}"); $i = $db->column("parent"); if ($i == $this->_id) { $db->abort(); throw new CodeKBException(__METHOD__, "category", "childnoparent", $name, 1); } } } $db->dosql("SELECT id " . "FROM categories " . "WHERE parent = {$db->number($parent)} AND " . "id <> {$db->number($this->_id)} AND " . "name = '{$db->string($name)}'"); if ($db->countrows() > 0) { $db->abort(); throw new CodeKBException(__METHOD__, "category", "duplicate", $name, 2); } $db->dosql("UPDATE categories " . "SET name = '{$db->string($name)}', " . "description = '{$db->string($description)}', " . "parent = {$db->number($parent)} " . "WHERE id = {$db->number($this->_id)}"); $db->commit(); if ($db->success()) { $this->_name = $name; $this->_description = $description; if ($parent != -1) { $this->_parent = $parent; } return true; } $db->abort(); throw new CodeKBException(__METHOD__, "category", "failedchange", $name); }