public function squery($sql) { if (!preg_match("/^SELECT/i", $sql)) { $fp = fopen(LOG_FILE, 'a'); fwrite($fp, "{$sql}\n"); fclose($fp); } return parent::squery($sql); }
/** * Добавление Комментария/Сообщения * */ function addComment() { $DB = new DB('master'); if ($_SESSION['last_comment_add'] + 5 > time()) { return false; } $_SESSION['last_comment_add'] = time(); /* Данные комментария */ $blog = $_POST['blogID']; $user = get_uid(); $parent = $_POST['parent']; $alert = array(); if (strlen($_POST['msg']) > blogs::MAX_DESC_CHARS) { $error_flag = 1; $alert[2] = "Максимальный размер сообщения " . blogs::MAX_DESC_CHARS . " символов!"; $msg =& $_POST['msg']; } else { $msg = $_POST['msg']; $msg = preg_replace("/<ul.*>/Ui", "<ul>", $msg); $msg = preg_replace("/<li.*>/Ui", "<li>", $msg); $msg = change_q_x_a(antispam($msg), false, false); } $msg_name = substr(change_q_x(antispam($_POST['title']), true), 0, 96); $yt_link = substr(change_q_x(antispam(str_replace('watch?v=', 'v/', $_POST['yt_link'])), true), 0, 128); if ($yt_link != '') { if (strpos($yt_link, 'http://ru.youtube.com/v/') !== 0 && strpos($yt_link, 'http://youtube.com/v/') !== 0 && strpos($yt_link, 'http://www.youtube.com/v/') !== 0) { $error_flag = 1; $alert[4] = "Неверная ссылка."; } } if (is_empty_html($msg)) { $msg = ''; } // загрузка файлов $attach = $_FILES['attach']; if (is_array($attach) && sizeof($attach) <= 10) { if (is_array($attach) && !empty($attach['name'])) { foreach ($attach['name'] as $key => $v) { if (!$attach['name'][$key]) { continue; } $files[] = new CFile(array('name' => $attach['name'][$key], 'type' => $attach['type'][$key], 'tmp_name' => $attach['tmp_name'][$key], 'error' => $attach['error'][$key], 'size' => $attach['size'][$key])); } } if ($group == 7) { $max_image_size = array('width' => 400, 'height' => 600, 'less' => 0); } else { $max_image_size = array('width' => 470, 'height' => 1000, 'less' => 0); } list($files, $alert_, $error_flag___) = self::uploadFile($files, $max_image_size); $error_flag = max($error_flag___, $error_flag); if (is_array($alert_)) { $alert = array_merge($alert, $alert_); } } else { if (is_array($attach) && !empty($attach['name'])) { $error_flag = 1; $alert[2] = "Файлов не должно быть больше 10"; } } if (!$msg && !count($files)) { $error_flag = 1; $alert[2] = "Поле заполнено некорректно"; } if (($msg || $files['f_name'][0]) && get_uid() && !$error_flag) { //if($files['f_name'][0]) //error_reporting(E_ALL); $eUser = $DB->row("SELECT email, uid FROM corporative_blog LEFT JOIN users ON users.uid = corporative_blog.id_user WHERE corporative_blog.id = ?", $parent); $e_user = new users(); $e_user->GetUser($e_user->GetField($eUser['uid'], $ee, 'login')); $sql = "INSERT INTO corporative_blog (title, yt_link, msg, id_blog, id_user, id_reply) VALUES(?, ?, ?, ?, ?, ?) RETURNING id;"; $res = $DB->row($sql, $msg_name, $yt_link, $msg, $blog, $user, $parent); $idCom = $res['id']; // $idCom = front::og("db")->select("SELECT id FROM corporative_blog WHERE title = ? AND msg = ? AND id_blog = ? AND id_user = ?", $msg_name, $msg, $blog, $user)->fetchOne(); if (substr($e_user->subscr, 2, 1) == '1' && $idCom && $eUser['uid'] != $user) { $p_user = new users(); $p_user->GetUser($p_user->GetField($user, $ee, 'login')); $smail = new smail(); $link = "http://free-lance.ru/about/corporative/post/{$blog}/link/{$idCom}/#c{$idCom}"; $smail->CorporativeBlogNewComment(array("title" => $msg_name, "msgtext" => $msg), $p_user, $e_user, $link); } if (is_array($files)) { $asql = ''; for ($i = 0; $i < count($files['f_name']); $i++) { if ($files['f_name'][$i]) { $asql .= ", (currval('corporative_blog_id_seq'), '{$files['f_name'][$i]}', '{$files['tn'][$i]}')"; } } if ($asql) { $asql = substr($asql, 2); } } if ($asql) { $DB->squery("INSERT INTO corporative_blog_attach(msg_id, \"name\", small) VALUES {$asql}"); } $tags = $_POST['tags']; if ($tags) { $tags_arr = $tags; //explode(",", $tags); array_unique($tags_arr); $this->tagsDelete($idCom); $tg = tags::Add($tags_arr); $this->tagsAdd($idCom, $tg); } //Уведомление о комментарии //list($alert1, $error_flag, $error) = $sql_error; //list($alert1, $error_flag, $error) = $blog_obj->NewThread(get_uid(), $gr, $base, $name, $msg, $files, getRemoteIP(), $mod, 0, $tags, $yt_link, $ontop); } //if ($alert1) $alert = $alert + $alert1; //vardump($alert); front::og("tpl")->error_flag = $error_flag; // front::og("tpl")->alert = $alert; front::og("tpl")->post = array("blog" => $blog, "user" => $user, "parent" => $parent, "msg" => $msg, "title" => $msg_name, "yt_link" => $yt_link, "tags" => $_POST['tags']); return array($error_flag, $error, $idCom); }
/** * Восстановление удаленного комментария * * @param integer $id ИД комментария * @param integer $author UID автора комментария * @return boolean */ public function restore($id, $author = 0) { $DB = new DB('master'); $model = $this->model(); if ($this->_options['readonly']) { return false; } if (!isset($model['comments']['fields']['deleted'])) { return false; } $sql[] = "UPDATE " . $model['comments']['table'] . " SET "; $flds = $model['comments']['fields']['deleted'] . " = NULL"; if (isset($model['comments']['fields']['deleted_time'])) { $flds .= ", " . $model['comments']['fields']['deleted_time'] . " = NULL"; } if (($author == get_uid(false) || !$model['permissions']) && !empty($model['comments']['fields']['moderator_status']) && !is_pro()) { $flds .= ', ' . $model['comments']['fields']['moderator_status'] . ' = 0'; } $sql[] = $flds; $sql[] = "WHERE " . $model['comments']['fields']['id'] . " = " . $id; $sql[] = "RETURNING " . $model['comments']['fields']['id'] . ', ' . $model['comments']['fields']['msgtext']; $sql = implode(" ", $sql); if (($res = $DB->squery($sql)) && pg_affected_rows($res)) { list($newid, $msgtext) = pg_fetch_row($res); if (($author == get_uid(false) || !$model['permissions']) && !empty($model['comments']['fields']['moderator_status']) && !is_pro(true, $author)) { /*require_once( $_SERVER['DOCUMENT_ROOT'] . '/classes/stop_words.php' ); $stop_words = new stop_words(); $nStopWordsCnt = $stop_words->calculate( $msgtext ); $nSortOrder = !empty($model['moderation_sort_order']) ? $model['moderation_sort_order'] : 3; $GLOBALS['DB']->insert( 'moderation', array('rec_id' => $id, 'rec_type' => $model['moderation_rec_type'], 'stop_words_cnt' => $nStopWordsCnt, 'sort_order' => $nSortOrder) );*/ } return $newid; } return false; }