static function display_recent_comments($num = 4, $page = 'blog')
{
// Load comments and titles for the entries
$sql = "SELECT\n `name`,\n `comment`,\n `" . DB_PREFIX . "comments`.`created`,\n `title`,\n `slug`\n\t\t\t\tFROM `" . DB_PREFIX . "comments`\n\t\t\t\tLEFT JOIN `" . DB_PREFIX . "entries`\n\t\t\t\t\tUSING( `entry_id` )\n\t\t\t\tORDER BY `" . DB_PREFIX . "comments`.`created` DESC\n\t\t\t\tLIMIT {$num}";
try {
$stmt = DB_Connect::create()->db->query($sql);
FB::log($sql);
$list = NULL;
foreach ($stmt->fetchAll(PDO::FETCH_OBJ) as $entry) {
$text = Utilities::text_preview(stripslashes($entry->title), 5, FALSE);
$url = $entry->slug;
$comment = Utilities::text_preview($entry->comment, 10, FALSE);
$link = "/{$page}/{$entry->slug}";
$list .= "\n <li>{$entry->name} posted on <a href=\"{$link}\">{$text}</a>: {$comment}</li>";
}
$stmt->closeCursor();
return "\n <ul id=\"recent-comments\">{$list}\n </ul>";
} catch (Exception $e) {
FB::log($e);
throw new Exception("Couldn't load popular entries.");
}
}
/**
* Writes data to the database; either updates or creates an entry
*
* @return bool Returns true on success or false on error
*/
public function save_entry()
{
// Initialize all variables to prevent any notices
$entry_id = '';
$page_id = '';
$title = NULL;
$entry = NULL;
$excerpt = NULL;
$slug = "";
$tags = NULL;
$extra = array();
$var_names = array('entry_id', 'page_id', 'title', 'entry', 'excerpt', 'slug', 'tags', 'author', 'created');
// Loop through the POST array and define all variables
foreach ($_POST as $key => $val) {
if (!in_array($key, array('page', 'action', 'token', 'form-submit')) && !in_array($key, $var_names)) {
$extra[$key] = $val;
} else {
if ($key === "entry" || $key === "excerpt") {
${$key} = $val;
} else {
// If it's not the body of the entry, escape all entities
${$key} = htmlentities($val, ENT_QUOTES, 'UTF-8', FALSE);
}
}
}
foreach ($_FILES as $key => $val) {
// If a file was uploaded, handle it here
if (is_array($_FILES[$key]) && $_FILES[$key]['error'] === 0) {
// First, see if the file is an image
${$key} = ImageControl::check_image($_FILES[$key]);
// If not, just save the file
if (!${$key}) {
${$key} = Utilities::store_uploaded_file($_FILES[$key]);
}
$extra[$key] = ${$key};
} else {
if (!empty($_POST[$key . '-value'])) {
$extra[$key] = SIV::clean_output($_POST[$key . '-value'], FALSE, FALSE);
}
}
}
// If a slug wasn't set, save a URL version of the title
$slug = empty($slug) ? Utilities::make_url($title) : $slug;
// Make sure an order value exists
$order = !empty($order) ? $order : 0;
// If an excerpt wasn't set, create a text preview
$excerpt = empty($excerpt) ? strip_tags(Utilities::text_preview($entry)) : $excerpt;
// Store the author's name and a timestamp
$author = $_SESSION['user']['name'];
$created = time();
// Set up the query to insert or update the entry
$sql = "INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "entries`\n (" . self::ENTRY_FIELDS . "\n )\n VALUES\n (\n :entry_id,\n (\n SELECT `page_id`\n FROM `" . DB_NAME . "`.`" . DB_PREFIX . "pages`\n WHERE `page_slug`=:page_slug\n LIMIT 1\n ), :title, :entry, :excerpt, :slug, :tags,\n :order, :extra, :author, :created\n )\n ON DUPLICATE KEY UPDATE\n `title`=:title,\n `entry`=:entry,\n `excerpt`=:excerpt,\n `slug`=:slug,\n `tags`=:tags,\n `order`=:order,\n `extra`=:extra;";
try {
$stmt = $this->db->prepare($sql);
$stmt->bindParam(":entry_id", $entry_id, PDO::PARAM_INT);
$stmt->bindParam(":page_slug", $page, PDO::PARAM_INT);
$stmt->bindParam(":title", $title, PDO::PARAM_STR);
$stmt->bindParam(":entry", $entry, PDO::PARAM_STR);
$stmt->bindParam(":excerpt", $excerpt, PDO::PARAM_STR);
$stmt->bindParam(":slug", $slug, PDO::PARAM_STR);
$stmt->bindParam(":order", $order, PDO::PARAM_INT);
$stmt->bindParam(":tags", $tags, PDO::PARAM_STR);
$stmt->bindParam(":extra", serialize($extra), PDO::PARAM_STR);
$stmt->bindParam(":author", $author, PDO::PARAM_STR);
$stmt->bindParam(":created", $created, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->errorCode() !== '00000') {
$err = $stmt->errorInfo();
ECMS_Error::log_exception(new Exception($err[2]));
}
$stmt->closeCursor();
return TRUE;
} catch (Exception $e) {
$this->_log_exception($e);
}
}
/**
* Replaces template tags with entry data
*
* @param object $entry The entry object
* @param array $params Parameters for replacement
* @param array $matches The matches from preg_replace_callback()
* @return string The replaced template value
*/
public static function replace_tags($entry, $params, $matches)
{
// Unserialize the object
$entry = unserialize($entry);
// Make sure the template tag has a matching array element
if (property_exists($entry, $matches[1]) || property_exists($entry, 'extra_props') && array_key_exists($matches[1], $entry->extra_props)) {
// Grab the value from the Entry object
$val = $entry->{$matches[1]};
// Run htmlentities() is the parameter is set to TRUE
if ($params['htmlentities'] === TRUE) {
$val = htmlentities($val, ENT_QUOTES);
}
// Run strip_tags() if the parameter is set to TRUE
if ($params['strip_tags'] === TRUE) {
$whitelist = STRIP_TAGS_WHITELIST;
if (isset($params['strip_tags_whitelist'])) {
$whitelist = $params['strip_tags_whitelist'];
}
$val = Utilities::strip_tags_attr($val, $whitelist);
}
// Create a text preview if one the parameter is set to TRUE
if ($params['text_preview'] === TRUE && $matches[1] == 'entry') {
$val = Utilities::text_preview($val, $params['text_preview_length']);
}
return $val;
} else {
return '{' . $matches[1] . '}';
}
}
