/** * TODO: This code is old and is not used by any package in the bitweaver CVS anymore. * We will clean up this code as soon as we migrated all legacy code */ function store(&$pParamHash) { //deprecated( "This method has been replaced by a method in LibertyMime. Please try to migrate your code." ); global $gLibertySystem, $gBitSystem, $gBitUser; $this->mDb->StartTrans(); if (LibertyAttachable::verify($pParamHash) && (isset($pParamHash['skip_content_store']) || LibertyContent::store($pParamHash))) { if (!empty($pParamHash['STORAGE']) && count($pParamHash['STORAGE'])) { foreach (array_keys($pParamHash['STORAGE']) as $guid) { $storeRows =& $pParamHash['STORAGE'][$guid]; // short hand variable assignment // If it is empty then nothing more to do. Avoid error in foreach. if (empty($storeRows)) { continue; } foreach ($storeRows as $key => $value) { $storeRow =& $pParamHash['STORAGE'][$guid][$key]; $storeRow['plugin_guid'] = $guid; if (!@BitBase::verifyId($pParamHash['content_id'])) { $storeRow['content_id'] = NULL; } else { $storeRow['content_id'] = $pParamHash['content_id']; // copy in content_id } if (!empty($pParamHash['user_id'])) { $storeRow['user_id'] = $pParamHash['user_id']; // copy in the user_id } else { $storeRow['user_id'] = $gBitUser->mUserId; } // do we have a verify function for this storage type, and do things verify? $verifyFunc = $gLibertySystem->getPluginFunction($guid, 'verify_function'); if ($verifyFunc && $verifyFunc($storeRow)) { // For backwards compatibility with a single upload. if (@BitBase::verifyId($pParamHash['attachment_id'])) { $storeRow['upload']['attachment_id'] = $storeRow['attachment_id'] = $pParamHash['attachment_id']; } else { if (!isset($storeRow['skip_insert'])) { if (defined('LINKED_ATTACHMENTS') && @BitBase::verifyId($pParamHash['content_id'])) { $storeRow['upload']['attachment_id'] = $storeRow['attachment_id'] = $pParamHash['content_id']; } else { $storeRow['upload']['attachment_id'] = $storeRow['attachment_id'] = defined('LINKED_ATTACHMENTS') ? $this->mDb->GenID('liberty_content_id_seq') : $this->mDb->GenID('liberty_attachments_id_seq'); } } } // if we have uploaded a file, we can take care of that generically if (!empty($storeRow['upload']) && is_array($storeRow['upload']) && !empty($storeRow['upload']['size'])) { if (empty($storeRow['upload']['type'])) { $ext = substr($storeRow['upload']['name'], strrpos($storeRow['upload']['name'], '.') + 1); $storeRow['upload']['type'] = $gBitSystem->lookupMimeType($ext); } $storeRow['upload']['dest_branch'] = $this->getStorageBranch($storeRow['attachment_id'], $storeRow['user_id'], $this->getStorageSubDirName()); if (!empty($pParamHash['thumbnail_sizes'])) { $storeRow['upload']['thumbnail_sizes'] = $pParamHash['thumbnail_sizes']; } $storagePath = liberty_process_upload($storeRow['upload']); // We're gonna store to local file system & liberty_files table if (empty($storagePath)) { $this->mErrors['file'] = tra("Could not store file") . ": " . $storeRow['upload']['name'] . '.'; $storeRow['attachment_id'] = NULL; $storeRow['upload']['attachment_id'] = NULL; } else { $storeRow['upload']['dest_file_path'] = $storagePath; } } if (@BitBase::verifyId($storeRow['attachment_id']) && ($storeFunc = $gLibertySystem->getPluginFunction($storeRow['plugin_guid'], 'store_function'))) { $this->mStorage = $storeFunc($storeRow); } // don't insert if we already have an entry with this attachment_id if (@BitBase::verifyId($storeRow['attachment_id']) && !isset($storeRow['skip_insert']) && !LibertyMime::loadAttachment($storeRow['attachment_id'])) { $sql = "INSERT INTO `" . BIT_DB_PREFIX . "liberty_attachments` ( `content_id`, `attachment_id`, `attachment_plugin_guid`, `foreign_id`, `user_id` ) VALUES ( ?, ?, ?, ?, ? )"; $rs = $this->mDb->query($sql, array($storeRow['content_id'], $storeRow['attachment_id'], $storeRow['plugin_guid'], (int) $storeRow['foreign_id'], $storeRow['user_id'])); } } } } } // set the primary attachment id $this->setPrimaryAttachment($pParamHash['liberty_attachments']['primary'], $pParamHash['content_id'], empty($pParamHash['liberty_attachments']['auto_primary']) || $pParamHash['liberty_attachments']['auto_primary'] ? TRUE : FALSE); } $this->mDb->CompleteTrans(); return count($this->mErrors) == 0; }
function mime_default_expunge($pAttachmentId) { global $gBitSystem, $gBitUser; $ret = FALSE; if (@BitBase::verifyId($pAttachmentId)) { if ($fileHash = LibertyMime::loadAttachment($pAttachmentId)) { if ($gBitUser->isAdmin() || $gBitUser->mUserId == $fileHash['user_id'] && isset($fileHash['source_file']) && !empty($fileHash['source_file'])) { // make sure this is a valid storage directory before removing it if (preg_match("#^" . realpath(STORAGE_PKG_PATH) . "/attachments/\\d+/\\d+/#", $fileHash['source_file']) && is_file($fileHash['source_file'])) { unlink_r(dirname($fileHash['source_file'])); } $query = "DELETE FROM `" . BIT_DB_PREFIX . "liberty_files` WHERE `file_id` = ?"; $gBitSystem->mDb->query($query, array($fileHash['foreign_id'])); $ret = TRUE; } } } return $ret; }
/** * @version $Header$ * * @author xing <*****@*****.**> * @package treasury * @copyright 2003-2006 bitweaver * @license LGPL {@link http://www.gnu.org/licenses/lgpl.html} **/ /** * Setup */ require_once '../kernel/setup_inc.php'; require_once LIBERTY_PKG_PATH . 'LibertyMime.php'; // fetch the attachment details if (@(!BitBase::verifyId($_REQUEST['attachment_id'])) || !($attachment = LibertyMime::loadAttachment($_REQUEST['attachment_id'], $_REQUEST))) { $gBitSystem->fatalError(tra("The Attachment ID given is not valid")); } $gBitSmarty->assign('attachment', $attachment); // first we need to check the permissions of the content the attachment belongs to since they inherit them if ($gContent = LibertyBase::getLibertyObject($attachment['content_id'])) { $gContent->verifyViewPermission(); $gBitSmarty->assign('gContent', $gContent); if ($download_function = $gLibertySystem->getPluginFunction($attachment['attachment_plugin_guid'], 'download_function', 'mime')) { if ($download_function($attachment)) { LibertyMime::addDownloadHit($attachment['attachment_id']); die; } else { if (!empty($attachment['errors'])) { $msg = ''; foreach ($attachment['errors'] as $error) {
/** * This function generates a list of records from the liberty_content database for use in a list page **/ function getList(&$pParamHash) { global $gBitSystem, $gBitUser; if (empty($pParamHash['sort_mode'])) { if (empty($_REQUEST["sort_mode"])) { $pParamHash['sort_mode'] = 'event_time_asc'; } else { $pParamHash['sort_mode'] = $_REQUEST['sort_mode']; } } // Hack until sort_mode can be filtered to acceptable values $pParamHash['sort_mode'] = 'event_time_asc'; LibertyContent::prepGetList($pParamHash); $selectSql = ''; $joinSql = ''; $whereSql = ''; $bindVars = array(); array_push($bindVars, $this->mContentTypeGuid); $this->getServicesSql('content_list_sql_function', $selectSql, $joinSql, $whereSql, $bindVars); // this will set $find, $sort_mode, $max_records and $offset extract($pParamHash); if (is_array($find)) { // you can use an array of pages $whereSql .= " AND lc.`title` IN( " . implode(',', array_fill(0, count($find), '?')) . " )"; $bindVars = array_merge($bindVars, $find); } else { if (is_string($find)) { // or a string $whereSql .= " AND UPPER( lc.`title` )like ? "; $bindVars[] = '%' . strtoupper($find) . '%'; } else { if (@$this->verifyId($pUserId)) { // or a string $whereSql .= " AND lc.`creator_user_id` = ? "; $bindVars[] = array($pUserId); } } } if (!empty($event_before)) { $whereSql .= " AND lc.`event_time` <= ? "; $bindVars[] = $event_before; } if (!empty($event_after)) { $whereSql .= " AND lc.`event_time` > ? "; $bindVars[] = $event_after; } $query = "SELECT e.*, et.`name` as `type_name`, lc.`title`, lc.`data`, lc.`modifier_user_id` AS `modifier_user_id`, lc.`user_id` AS `creator_user_id`,\n\t\t\tlc.`last_modified` AS `last_modified`, lc.`event_time` AS `event_time`, lc.`format_guid`, lcps.`pref_value` AS `show_start_time`, lcpe.`pref_value` AS `show_end_time`,\n\t\t\tla.`attachment_id` AS primary_attachment_id\n\t\t\t{$selectSql}\n\t\t\tFROM `" . BIT_DB_PREFIX . "events` e\n\t\t\tLEFT JOIN `" . BIT_DB_PREFIX . "events_types` et ON (e.`type_id` = et.`type_id`)\n\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_content` lc ON( lc.`content_id` = e.`content_id` )\n\t\t\tLEFT JOIN `" . BIT_DB_PREFIX . "liberty_content_prefs` lcps ON (lc.`content_id` = lcps.`content_id` AND lcps.`pref_name` = 'show_start_time')\n\t\t\tLEFT JOIN `" . BIT_DB_PREFIX . "liberty_attachments` la ON (lc.`content_id` = la.`content_id` AND la.`is_primary` = 'y')\n\t\t\tLEFT JOIN `" . BIT_DB_PREFIX . "liberty_content_prefs` lcpe ON (lc.`content_id` = lcpe.`content_id` AND lcpe.`pref_name` = 'show_end_time')\n\t\t\t{$joinSql}\n\t\t\tWHERE lc.`content_type_guid` = ? {$whereSql}\n\t\t\tORDER BY " . $this->mDb->convertSortmode($sort_mode); $query_cant = "SELECT COUNT( * )\n\t\t\t\tFROM `" . BIT_DB_PREFIX . "events` e\n\t\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_content` lc ON( lc.`content_id` = e.`content_id` ) {$joinSql}\n\t\t\t\tWHERE lc.`content_type_guid` = ? {$whereSql}"; $result = $this->mDb->query($query, $bindVars, $max_records, $offset); $ret = array(); while ($res = $result->fetchRow()) { if (!empty($parse_split)) { $res = array_merge($this->parseSplit($res), $res); } $res['display_url'] = $this->getDisplayUrl($res['events_id'], $res); $res['primary_attachment'] = LibertyMime::loadAttachment($res['primary_attachment_id']); $ret[] = $res; } $pParamHash["data"] = $ret; $pParamHash["cant"] = $this->mDb->getOne($query_cant, $bindVars); LibertyContent::postGetList($pParamHash); return $ret; }
/** * This function generates a list of records from the liberty_content database for use in a list page * @param $pParamHash contains an array of conditions to sort by * @return array of articles * @access public **/ public function getList(&$pParamHash) { global $gBitSystem, $gBitUser, $gLibertySystem; if (empty($pParamHash['sort_mode'])) { // no idea what this is supposed to do //$pParamHash['sort_mode'] = $gBitSystem->isFeatureActive('articles_auto_approve') ? 'order_key_desc' : 'publish_date_desc'; $pParamHash['sort_mode'] = 'publish_date_desc'; } LibertyContent::prepGetList($pParamHash); $joinSql = ''; $selectSql = ''; $bindVars = array(); array_push($bindVars, $this->mContentTypeGuid); $this->getServicesSql('content_list_sql_function', $selectSql, $joinSql, $whereSql, $bindVars, NULL, $pParamHash); $find = $pParamHash['find']; if (is_array($find)) { // you can use an array of articles $whereSql .= " AND lc.`title` IN( " . implode(',', array_fill(0, count($find), '?')) . " )"; $bindVars = array_merge($bindVars, $find); } elseif (is_string($find)) { // or a string $whereSql .= " AND UPPER( lc.`title` ) LIKE ? "; $bindVars[] = '%' . strtoupper($find) . '%'; } elseif (@$this->verifyId($pParamHash['user_id'])) { // or gate on a user $whereSql .= " AND lc.`user_id` = ? "; $bindVars[] = (int) $pParamHash['user_id']; } if (@$this->verifyId($pParamHash['status_id'])) { $whereSql .= " AND a.`status_id` = ? "; $bindVars[] = $pParamHash['status_id']; } if (@$this->verifyId($pParamHash['type_id'])) { $whereSql .= " AND a.`article_type_id` = ? "; $bindVars[] = (int) $pParamHash['type_id']; } // TODO: we need to check if the article wants to be viewed before / after respective dates // someone better at SQL please get this working without an additional db call - xing $now = $gBitSystem->getUTCTime(); if (!empty($pParamHash['show_future']) && !empty($pParamHash['show_expired']) && $gBitUser->hasPermission('p_articles_admin')) { // this will show all articles at once - future, current and expired } elseif (!empty($pParamHash['show_future']) && $gBitUser->hasPermission('p_articles_admin')) { // hide expired articles $whereSql .= " AND ( a.`expire_date` > ? OR atype.`show_post_expire` = ? ) "; $bindVars[] = (int) $now; $bindVars[] = 'y'; } elseif (!empty($pParamHash['show_expired']) && $gBitUser->hasPermission('p_articles_admin')) { // hide future articles $whereSql .= " AND ( a.`publish_date` < ? OR atype.`show_pre_publ` = ? ) "; $bindVars[] = (int) $now; $bindVars[] = 'y'; } elseif (!empty($pParamHash['get_future'])) { // show only future // if we're trying to view these articles, we better have the perms to do so if (!$gBitUser->hasPermission('p_articles_admin')) { return array(); } $whereSql .= " AND a.`publish_date` > ?"; $bindVars[] = (int) $now; } elseif (!empty($pParamHash['get_expired'])) { // show only expired articles // if we're trying to view these articles, we better have the perms to do so if (!$gBitUser->hasPermission('p_articles_admin')) { return array(); } $whereSql .= " AND a.`expire_date` < ? "; $bindVars[] = (int) $now; } else { // hide future and expired articles - this is the default behaviour // we need all these AND and ORs to ensure that other conditions such as status_id are respected as well $whereSql .= " AND (( a.`publish_date` > a.`expire_date` ) OR (( a.`publish_date` < ? OR atype.`show_pre_publ` = ? ) AND ( a.`expire_date` > ? OR atype.`show_post_expire` = ? ))) "; $bindVars[] = (int) $now; $bindVars[] = 'y'; $bindVars[] = (int) $now; $bindVars[] = 'y'; } if (@$this->verifyId($pParamHash['topic_id'])) { $whereSql .= " AND a.`topic_id` = ? "; $bindVars[] = (int) $pParamHash['topic_id']; } elseif (!empty($pParamHash['topic'])) { $whereSql .= " AND UPPER( atopic.`topic_name` ) = ? "; $bindVars[] = strtoupper($pParamHash['topic']); } else { $whereSql .= " AND ( atopic.`active_topic` != 'n' OR atopic.`active_topic` IS NULL ) "; //$whereSql .= " AND atopic.`active_topic` != 'n' "; } // Oracle is very particular about naming multiple columns, so need to explicity name them ORA-00918: column ambiguously defined $query = "SELECT\n\t\t\t\ta.`article_id`, a.`description`, a.`author_name`, a.`publish_date`, a.`expire_date`, a.`rating`,\n\t\t\t\tatopic.`topic_id`, atopic.`topic_name`, atopic.`has_topic_image`, atopic.`active_topic`,\n\t\t\t\tastatus.`status_id`, astatus.`status_name`,\n\t\t\t\tlch.`hits`,\n\t\t\t\tatype.*, lc.*, la.`attachment_id` AS `primary_attachment_id`, lf.`file_name` AS `image_attachment_path` {$selectSql}\n\t\t\tFROM `" . BIT_DB_PREFIX . "articles` a\n\t\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_content` lc ON( lc.`content_id` = a.`content_id` )\n\t\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "article_status` astatus ON( astatus.`status_id` = a.`status_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "liberty_content_hits` lch ON( lc.`content_id` = lch.`content_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "article_topics` atopic ON( atopic.`topic_id` = a.`topic_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "article_types` atype ON( atype.`article_type_id` = a.`article_type_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "liberty_attachments` la ON( la.`content_id` = lc.`content_id` AND la.`is_primary` = 'y' )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "liberty_files` lf ON( lf.`file_id` = la.`foreign_id` )\n\t\t\t\t{$joinSql}\n\t\t\tWHERE lc.`content_type_guid` = ? {$whereSql}\n\t\t\tORDER BY " . $this->mDb->convertSortmode($pParamHash['sort_mode']); $query_cant = "SELECT COUNT( * )FROM `" . BIT_DB_PREFIX . "articles` a\n\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_content` lc ON lc.`content_id` = a.`content_id`\n\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "article_topics` atopic ON atopic.`topic_id` = a.`topic_id` {$joinSql}\n\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "article_types` atype ON atype.`article_type_id` = a.`article_type_id`\n\t\t\tWHERE lc.`content_type_guid` = ? {$whereSql}"; $result = $this->mDb->query($query, $bindVars, $pParamHash['max_records'], $pParamHash['offset']); $ret = array(); $comment = new LibertyComment(); while ($res = $result->fetchRow()) { // get this stuff parsed $res = array_merge($this->parseSplit($res, $gBitSystem->getConfig('articles_description_length', 500)), $res); $res['thumbnail_url'] = static::getImageThumbnails($res); $res['num_comments'] = $comment->getNumComments($res['content_id']); $res['display_url'] = self::getDisplayUrlFromHash($res); $res['display_link'] = $this->getDisplayLink($res['title'], $res); // fetch the primary attachment that we can display the file on the front page if needed $res['primary_attachment'] = LibertyMime::loadAttachment($res['primary_attachment_id']); $ret[] = $res; } $pParamHash["cant"] = $this->mDb->getOne($query_cant, $bindVars); LibertyContent::postGetList($pParamHash); return $ret; }