/** * Prepare comment data for storage in the database * * Nothing peculiar to HTML display is done at this stage. Essentially the * comment is stored raw, for later manipulation for the display purposes. * * @param array $vars The comment data * @param int $id The post id receiving this comment * @param int $replyto If supplied, the id of the comment being replied to */ function prepFieldsForDB($vars, $id, $replyto = 0) { $rval['postername'] = StringHandling::removeMagicQuotes($vars["name"]); if (empty($rval['postername'])) { $rval['postername'] = "Anonymous"; } $rval['posteremail'] = StringHandling::removeMagicQuotes($vars["email"]); $rval['title'] = StringHandling::removeMagicQuotes($vars["title"]); $rval['posterwebsite'] = StringHandling::removeMagicQuotes($vars["website"]); $rval['commenttext'] = StringHandling::clean($vars["comment"]); $rval['pubemail'] = $vars["public_email"] == 1 ? 1 : 0; $rval['pubwebsite'] = $vars["public_website"] == 1 ? 1 : 0; $rval['posternotify'] = $vars["notify"] == 1 ? 1 : 0; $rval['posttime'] = time(); $rval['ip'] = $_SERVER['REMOTE_ADDR']; $rval['onhold'] = $this->needsModeration($rval['commenttext']) ? 1 : 0; $rval['postid'] = $id; if ($replyto > 0) { $rval['parentid'] = $replyto; } $rval['type'] = 'comment'; return $rval; }
/** * Authenticate the user * * @param string $user Username * @param string $pass Password * @param bool $setcookie If true, set a cookie */ function userauth($user, $pass, $setcookie = FALSE) { $query = "SELECT `id` FROM `" . T_AUTHORS . "` WHERE `nickname`='" . StringHandling::removeMagicQuotes(&$user) . "' AND `password`='" . StringHandling::removeMagicQuotes(&$pass) . "'"; $rs = $this->_adb->GetRow($query); if ($rs) { $_SESSION['user_id'] = $rs[0]; return true; } else { return false; } }
function admin_plugin_sections_run(&$bBlog) { // Again, the plugin API needs work. if (isset($_GET['sectdo'])) { $sectdo = $_GET['sectdo']; } elseif (isset($_POST['sectdo'])) { $sectdo = $_POST['sectdo']; } else { $sectdo = ''; } switch ($sectdo) { case 'new': // sections are being editied $nicename = StringHandling::removeMagicQuotes($_POST['nicename']); $urlname = StringHandling::removeMagicQuotes($_POST['urlname']); $bBlog->_adb->Execute("insert into " . T_SECTIONS . " set nicename=" . $bBlog->_adb->quote($nicename) . ", name=" . $bBlog->_adb->quote($urlname)); $insid = $bBlog->_adb->insert_id(); break; case "Delete": // delete section // have to remove all references to the section in the posts $sname = StringHandling::removeMagicQuotes($_POST['sname']); $sect_id = $bBlog->section_ids_by_name[$sname]; if ($sect_id > 0) { $ph = $bBlog->_ph; $posts_in_section_q = $ph->make_post_query(array("sectionid" => $sect_id)); $posts_in_section = $ph->get_posts($posts_in_section_q, TRUE); if ($posts_in_section) { foreach ($posts_in_section as $post) { unset($tmpr); $tmpr = array(); $tmpsections = explode(":", $post->sections); foreach ($tmpsections as $tmpsection) { if ($tmpsection != $sect_id) { $tmpr[] = $tmpsection; } } $newsects = implode(":", $tmpr); // update the posts to remove the section $bBlog->_adb->Execute("update " . T_POSTS . " set sections='{$newsects}' where postid={$post->postid}"); } // end foreach ($post_in_section as $post) } // end if($posts_in_section) // delete the section $bBlog->_adb->Execute("delete from " . T_SECTIONS . " where sectionid={$sect_id}"); } // else show error // else show error case "Save": $sect_id = $bBlog->sect_by_name[$_POST['sname']]; if ($sect_id < 1) { break; } $sql = "update " . T_SECTIONS . " set nicename='" . my_addslashes($_POST['nicename']) . "' where sectionid='{$sect_id}'"; $bBlog->_adb->Execute($sql); break; default: // show form break; } $bBlog->get_sections(); $bBlog->assign('esections', $bBlog->sections); }