Пример #1
0
    /**
     * Get array of contacts data by Email
     *
     * @param string $data
     * @return array of CMS_profile_user
     * @access public
     */
    static function getByEmail($data)
    {
        if (!SensitiveIO::isValidEmail($data)) {
            CMS_grandFather::raiseError('$data must be a valid email : ' . $data);
            return array();
        }
        $aUsers = array();
        //create the request to look for the data
        $sql = 'select `id_cd` 
			from `contactDatas`
			where `email_cd` = "' . sensitiveIO::sanitizeSQLString($data) . '"';
        //launching the request
        $q = new CMS_query($sql);
        //checking if ok and looping on results
        if (!$q->hasError()) {
            while (($oTmpUserId = $q->getValue("id_cd")) !== false) {
                //creating the user and filling the data
                $oTmpUser = CMS_profile_usersCatalog::getByID($oTmpUserId);
                if (!$oTmpUser->hasError()) {
                    $oTmpUser->getContactData();
                    if (!$oTmpUser->hasError()) {
                        $aUsers[] = $oTmpUser;
                    }
                }
            }
            unset($oTmpUser, $oTmpUserId);
        }
        return $aUsers;
    }
Пример #2
0
 /**
  * Set the script informations.
  *
  * @return boolean true on success, false on failure
  * @access public
  */
 function setParameters($module, $parameters)
 {
     if (!$this->_scriptName) {
         return false;
     }
     $sql = "\n\t\t\tupdate\n\t\t\t\tscriptsStatuses\n\t\t\tset\n\t\t\t\tmodule_ss='" . sensitiveIO::sanitizeSQLString($module) . "',\n\t\t\t\tparameters_ss='" . sensitiveIO::sanitizeSQLString($parameters) . "'\n\t\t\twhere\n\t\t\t\tscriptName_ss='" . $this->_scriptName . "'";
     $q = new CMS_query($sql);
     return true;
 }
Пример #3
0
 /**
  * Check if website currently exists
  * Static function.
  *
  * @param integer $id The DB ID of the CMS_website to check
  * @return boolean
  * @access public
  */
 static function exists($id)
 {
     static $websites;
     if (!isset($websites[$id])) {
         $websites[$id] = false;
         $sql = "\n\t\t\t\tselect\n\t\t\t\t\tid_web\n\t\t\t\tfrom\n\t\t\t\t\twebsites\n\t\t\t\twhere\n\t\t\t\t\tid_web = " . sensitiveIO::sanitizeSQLString($id) . "\n\t\t\t";
         $q = new CMS_query($sql);
         if ($q->getNumRows()) {
             $websites[$id] = true;
         }
     }
     return $websites[$id];
 }
Пример #4
0
 /**
  * Get the search.
  *
  * @param integer $searchType : the type of the search (see constants)
  * @return array of CMS_page the result pages
  * @access public
  */
 function getSearch($keywords, $user, $public = false, $withPageContent = false)
 {
     if (is_a($user, 'CMS_profile_user')) {
         $cms_language = $user->getLanguage();
     } else {
         $cms_language = new CMS_language('fr');
     }
     $results = array();
     $count = 0;
     /*$messages = array();
     		$message = '';*/
     $where = $order = '';
     $foundLinkToIDs = $foundLinkFromIDs = $foundPagesFromTemplate = $foundPagesFromRow = $matches = array();
     // Clean keywords
     $keywords = SensitiveIO::sanitizeSQLString($keywords);
     $keywords = strtr($keywords, ",;", "  ");
     $blocks = array();
     $blocks = array_map("trim", array_unique(explode(" ", $keywords)));
     $cleanedBlocks = array();
     foreach ($blocks as $block) {
         if ($block !== '' || sensitiveIO::isPositiveInteger($block)) {
             $block = str_replace(array('%', '_'), array('\\%', '\\_'), $block);
             $cleanedBlocks[] = $block;
         }
     }
     // Separate block codes
     if ($cleanedBlocks) {
         $allDatas = array();
         $allCodes = CMS_search::getAllCodes();
         foreach ($allCodes as $code) {
             $datas = array();
             foreach (array_keys($cleanedBlocks) as $key) {
                 if (strstr($cleanedBlocks[$key], $code . ':')) {
                     $datas[] = $cleanedBlocks[$key];
                     unset($cleanedBlocks[$key]);
                 }
             }
             if ($datas) {
                 $allDatas[$code] = $datas;
             }
         }
         $allDatas[self::SEARCH_TYPE_DEFAULT] = $cleanedBlocks;
         // Get IDs from all specific codes
         $foundIDs = array();
         $allLinksNumber = 0;
         foreach ($allCodes as $code) {
             switch ($code) {
                 case self::SEARCH_TYPE_LINKTO:
                     if (isset($allDatas[self::SEARCH_TYPE_LINKTO])) {
                         $foundLinkToIDs = array();
                         $where = '';
                         $count = 0;
                         foreach ($allDatas[self::SEARCH_TYPE_LINKTO] as $block) {
                             $tabValues = explode(':', $block);
                             if (SensitiveIO::isPositiveInteger($tabValues[1])) {
                                 $where .= $count ? ' or ' : '';
                                 $count++;
                                 $where .= " start_lre = '" . $tabValues[1] . "' ";
                             }
                         }
                         if ($where) {
                             $select = ' stop_lre ';
                             $from = 'linx_real_public';
                             $sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
                             $q = new CMS_query($sql);
                             $arr = array();
                             while ($arr = $q->getArray()) {
                                 $foundLinkToIDs[] = $arr["stop_lre"];
                             }
                             // Count links number
                             $allLinksNumber += count($foundLinkToIDs);
                             $where = $select = '';
                         }
                     }
                     break;
                 case self::SEARCH_TYPE_LINKFROM:
                     if (isset($allDatas[self::SEARCH_TYPE_LINKFROM])) {
                         $foundLinkFromIDs = array();
                         $where = '';
                         $count = 0;
                         /*$messagesIDs = array();*/
                         foreach ($allDatas[self::SEARCH_TYPE_LINKFROM] as $block) {
                             $tabValues = explode(':', $block);
                             if (SensitiveIO::isPositiveInteger($tabValues[1])) {
                                 $where .= $count ? ' or ' : '';
                                 $count++;
                                 $where .= " stop_lre = '" . $tabValues[1] . "' ";
                             }
                         }
                         if ($where) {
                             $select = ' start_lre ';
                             $from = 'linx_real_public';
                             $sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
                             $q = new CMS_query($sql);
                             $arr = array();
                             while ($arr = $q->getArray()) {
                                 $foundLinkFromIDs[] = $arr["start_lre"];
                             }
                             // Count links number
                             $allLinksNumber += count($foundLinkFromIDs);
                             $where = $select = '';
                         }
                     }
                     break;
                 case self::SEARCH_TYPE_TEMPLATE:
                     if (isset($allDatas[self::SEARCH_TYPE_TEMPLATE])) {
                         $foundPagesFromTemplate = array();
                         foreach ($allDatas[self::SEARCH_TYPE_TEMPLATE] as $block) {
                             $tabValues = explode(':', $block);
                             if (SensitiveIO::isPositiveInteger($tabValues[1])) {
                                 $foundPagesFromTemplate = array_unique(array_merge(CMS_pageTemplatesCatalog::getPagesByTemplate($tabValues[1]), $foundPagesFromTemplate));
                             }
                         }
                         $allLinksNumber += count($foundPagesFromTemplate);
                     }
                     break;
                 case self::SEARCH_TYPE_ROW:
                     if (isset($allDatas[self::SEARCH_TYPE_ROW])) {
                         $foundPagesFromRow = array();
                         foreach ($allDatas[self::SEARCH_TYPE_ROW] as $block) {
                             $tabValues = explode(':', $block);
                             if (SensitiveIO::isPositiveInteger($tabValues[1])) {
                                 $foundPagesFromRow = array_unique(array_merge(CMS_rowsCatalog::getPagesByRow($tabValues[1]), CMS_rowsCatalog::getPagesByRow($tabValues[1], false, true), $foundPagesFromRow));
                             }
                         }
                         $allLinksNumber += count($foundPagesFromRow);
                     }
                     break;
             }
         }
         $foundIDs = array_unique(array_merge($foundLinkToIDs, $foundLinkFromIDs, $foundPagesFromTemplate, $foundPagesFromRow));
         // Main sql requests (for pageId, pages codenames and keywords)
         if ($allDatas[self::SEARCH_TYPE_DEFAULT]) {
             $count = 0;
             $where = '';
             foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $key => $block) {
                 if (SensitiveIO::isPositiveInteger($block)) {
                     $where .= $count ? ' or ' : '';
                     $count++;
                     $where .= " (page_pbd like '%" . $block . "%')";
                     unset($allDatas[self::SEARCH_TYPE_DEFAULT][$key]);
                 }
             }
             $order = '';
             if ($allDatas[self::SEARCH_TYPE_DEFAULT]) {
                 $suffix = $public ? '_public' : '_edited';
                 if (!$withPageContent) {
                     //Search in page metadatas
                     //$count = 0;
                     foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $block) {
                         $where .= $count ? ' or ' : '';
                         $count++;
                         $where .= " (\n\t\t\t\t\t\t\t\ttitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor linkTitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor keywords_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor description_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor category_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor codename_pbd = '" . $block . "'\n\t\t\t\t\t\t\t)";
                     }
                     if ($foundIDs) {
                         $where .= " and page_pbd in (" . implode($foundIDs, ',') . ") ";
                     }
                     // Set SQL
                     $sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tpage_pbd\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tpagesBaseData" . $suffix . "\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t";
                     $q = new CMS_query($sql);
                     //pr($sql);
                     $results = array();
                     $count = 0;
                     $foundIDs = array();
                     while ($id = $q->getValue('page_pbd')) {
                         $foundIDs[] = $id;
                     }
                     $order = "\n\t\t\t\t\t \t\torder by title_pbd asc\n\t\t\t\t\t\t";
                 } else {
                     //Search in page content (fulltext search)
                     $keywords = implode(' ', $allDatas[self::SEARCH_TYPE_DEFAULT]);
                     $selects = array('pagesBaseData' . $suffix => array('page' => 'page_pbd', 'match' => 'title_pbd,linkTitle_pbd,keywords_pbd,description_pbd,codename_pbd'), 'blocksVarchars' . $suffix => array('page' => 'page', 'match' => 'value'), 'blocksTexts' . $suffix => array('page' => 'page', 'match' => 'value', 'entities' => true), 'blocksImages' . $suffix => array('page' => 'page', 'match' => 'label'), 'blocksFiles' . $suffix => array('page' => 'page', 'match' => 'label'));
                     $matches = array();
                     foreach ($selects as $table => $select) {
                         // Set SQL
                         $sql = "\n\t\t\t\t\t\t\t\tselect \n\t\t\t\t\t\t\t\t\t" . $select['page'] . " as pageId, MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "') as m1\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " , MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') as m2 " : '') . "\n\t\t\t\t\t\t\t\tfrom \n\t\t\t\t\t\t\t\t\t" . $table . "\n\t\t\t\t\t\t\t\twhere \n\t\t\t\t\t\t\t\t\tMATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "')\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " or MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') " : '') . "\n\t\t\t\t\t\t\t\t";
                         //pr($sql);
                         $q = new CMS_query($sql);
                         while ($r = $q->getArray()) {
                             if (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m1'] > $matches[$r['pageId']]) {
                                 $matches[$r['pageId']] = $r['m1'];
                             }
                             if (isset($r['m2']) && (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m2'] > $matches[$r['pageId']])) {
                                 $matches[$r['pageId']] = $r['m2'];
                             }
                         }
                     }
                     //sort page Ids by relevance
                     arsort($matches, SORT_NUMERIC);
                     //$matches = array_keys($matches);
                     $order = "\n\t\t\t\t\t \t\torder by field(page_pbd, " . implode(',', array_reverse(array_keys($matches))) . ") desc\n\t\t\t\t\t\t";
                     $foundIDs = $foundIDs ? array_intersect(array_keys($matches), $foundIDs) : array_keys($matches);
                 }
             } else {
                 $order = " order by page_pbd ";
             }
         }
         if ($foundIDs) {
             $select = ' page_pbd ';
             $from = $public ? 'pagesBaseData_public' : 'pagesBaseData_edited';
             $where .= $where && $foundIDs ? " and " : '';
             $where .= $foundIDs ? " page_pbd in (" . implode($foundIDs, ',') . ") " : '';
             if ($where) {
                 // Set SQL
                 $sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t" . $order . "\n\t\t\t\t\t";
                 $q = new CMS_query($sql);
                 //pr($sql);
                 $results = array();
                 $count = 0;
                 while ($arr = $q->getArray()) {
                     $id = $arr["page_pbd"];
                     if ($user->hasPageClearance($id, CLEARANCE_PAGE_VIEW)) {
                         $count++;
                         $results[$id] = $id;
                     }
                 }
             }
         }
     } else {
         // No results
         $count = 0;
     }
     return array('nbresult' => $count, 'nblinksresult' => $allLinksNumber, 'results' => $results, 'score' => $matches);
 }
Пример #5
0
 /**
  * Search messages
  * Static function.
  *
  * @param string module : module to search messages
  * @param string search : search message by value
  * @param array languagesOnly : limit search to given languages codes
  * @param array options : search options
  * @param string direction : search is ordered by results id. Specify order direction (asc or desc). Default : asc
  * @param integer start : search start offset
  * @param integer limit : search limit (default : 0 : unlimited)
  * @param integer resultsnb : return results count by reference
  * @return array(id => msg)
  * @access public
  */
 static function searchMessages($module, $search = '', $languagesOnly = array(), $options = array(), $direction = 'asc', $start = 0, $limit = 0, &$resultsnb)
 {
     $start = (int) $start;
     $limit = (int) $limit;
     $direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
     $emptyOnly = $idsOnly = false;
     if (is_array($options)) {
         $emptyOnly = isset($options['empty']) && $options['empty'] ? true : false;
         $idsOnly = isset($options['ids']) && is_array($options['ids']) ? $options['ids'] : false;
     }
     $keywordsWhere = $languagesWhere = $emptyWhere = $orderBy = $orderClause = $idsWhere = '';
     //get ids for which one message is missing
     if ($emptyOnly) {
         $qLanguages = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct language_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
         $qIds = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct id_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
         $allIds = $qIds->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
         $missingIds = array();
         while ($language = $qLanguages->getValue('language_mes')) {
             $qLang = new CMS_query("\n\t\t\t\t\tselect \n\t\t\t\t\t\tdistinct id_mes\n\t\t\t\t\tfrom \n\t\t\t\t\t\tmessages\n\t\t\t\t\twhere\n\t\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\t\t\tand language_mes='" . $language . "'\n\t\t\t\t\t\tand message_mes != ''\n\t\t\t\t");
             $ids = $qLang->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
             $missingIds = array_merge($missingIds, array_diff($allIds, $ids));
         }
         if (!$missingIds) {
             $resultsnb = 0;
             return array();
         }
         $emptyWhere = ' and id_mes in (' . implode($missingIds, ',') . ')';
     }
     if ($idsOnly) {
         $idsWhere = ' and id_mes in (' . io::sanitizeSQLString(implode($idsOnly, ',')) . ')';
     }
     if ($search) {
         //clean user keywords (never trust user input, user is evil)
         $search = strtr($search, ",;", "  ");
         if (isset($options['phrase']) && $options['phrase']) {
             $search = str_replace(array('%', '_'), array('\\%', '\\_'), $search);
             if (htmlentities($search) != $search) {
                 $keywordsWhere .= " and (\n\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($search)) . "%'\n\t\t\t\t\t)";
             } else {
                 $keywordsWhere .= " and message_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%'";
             }
         } else {
             $words = array();
             $words = array_map("trim", array_unique(explode(" ", io::strtolower($search))));
             $cleanedWords = array();
             foreach ($words as $aWord) {
                 if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
                     $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
                     $cleanedWords[] = $aWord;
                 }
             }
             if (!$cleanedWords) {
                 //if no words after cleaning, return
                 return array();
             }
             foreach ($cleanedWords as $cleanedWord) {
                 $keywordsWhere .= $keywordsWhere ? " and " : '';
                 if (htmlentities($aWord) != $aWord) {
                     $keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($cleanedWord)) . "%'\n\t\t\t\t\t\t)";
                 } else {
                     $keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\t\t)";
                 }
             }
             $keywordsWhere = ' and (' . $keywordsWhere . ')';
         }
     }
     if (is_array($languagesOnly) && $languagesOnly) {
         $languagesWhere = ' and language_mes in (\'' . implode($languagesOnly, '\',\'') . '\')';
     }
     $orderClause = "order by\n\t\t\tid_mes\n\t\t\t" . $direction;
     $sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $languagesWhere . "\n\t\t\t" . $emptyWhere . "\n\t\t\t" . $idsWhere . "\n\t\t";
     $q = new CMS_query($sql);
     if (!$q->getNumRows()) {
         $resultsnb = 0;
         return array();
     }
     $messageIds = array();
     $messageIds = $q->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
     $sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id,\n\t\t\t\tmodule_mes as module,\n\t\t\t\tlanguage_mes as language,\n\t\t\t\tmessage_mes as message\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\tand id_mes in (" . implode($messageIds, ',') . ")\n\t\t\t\t" . $orderClause . "\n\t\t";
     $q = new CMS_query($sql);
     if (!$q->getNumRows()) {
         $resultsnb = 0;
         return array();
     }
     $messageGroups = array();
     $messageGroups = $q->getAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC);
     $resultsnb = count($messageGroups);
     if ($limit) {
         $messageGroups = array_slice($messageGroups, $start, $limit, true);
     }
     $messages = array();
     foreach ($messageGroups as $key => $messageGroup) {
         $messages[$key]['id'] = $key;
         foreach ($messageGroup as $message) {
             $messages[$key][$message['language']] = $message['message'];
         }
     }
     return $messages;
 }
Пример #6
0
 /**
  * Builds where statement with a key and its value
  * The key can be a known string, this class will create statements in consequence
  * or it can be a field id
  *
  * @access public
  * @param string $key name of statement to set
  * @param string $value , the value to give
  * @param string $operator, additional optional search operator
  * @return void or false if an error occured
  */
 function addWhereCondition($type, $value, $operator = false)
 {
     if (!$type || !$value && !$operator) {
         return;
     }
     //clean value
     if (!is_object($value) && !is_array($value)) {
         $value = sensitiveIO::sanitizeSQLString($value);
     } elseif (is_array($value)) {
         $value = array_map(array('sensitiveIO', 'sanitizeSQLString'), $value);
     }
     $operator = $operator ? io::decodeEntities($operator) : false;
     $statusSuffix = $this->_public ? "_public" : "_edited";
     switch ($type) {
         case "object":
             if ($value && !is_a($value, 'CMS_poly_object_definition')) {
                 $this->raiseError('Value must be a valid CMS_poly_object_definition.');
                 return false;
             }
             $this->_object = $value;
             $this->_whereConditions['object'][] = array('value' => $value, 'operator' => $operator);
             break;
         case "item":
             if (!sensitiveIO::isPositiveInteger($value)) {
                 $this->raiseError("Value must be a positive Integer.");
                 return false;
             }
             $this->_whereConditions['item'][] = array('value' => $value, 'operator' => $operator);
             break;
         case "items":
             if (!$value) {
                 $this->raiseError('Value must be a populated array.');
                 return false;
             }
             $this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
             break;
         case 'archives':
             if ($this->_public && $this->_object->isPrimaryResource() && ($value == 1 || $value == 'true' || $value == true)) {
                 unset($this->_whereConditions['publication date before']);
                 unset($this->_whereConditions['publication date end']);
             }
             break;
         case "itemsOrdered":
             if (!$value) {
                 $this->raiseError('Value must be a populated array.');
                 return false;
             }
             $this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
             $this->_orderConditions['itemsOrdered']['order'] = $value;
             break;
         case "profile":
             if (!is_a($value, 'CMS_profile_user')) {
                 $this->raiseError('Value must be a valid CMS_profile_user.');
                 return false;
             }
             $this->_whereConditions['profile'][] = array('value' => $value, 'operator' => $operator);
             break;
         case "category":
             //this search type is deprecated, keep it for compatibility but now it is replaced by direct field id access
             //get field of categories for searched object type (assume it uses categories)
             $categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->_object->getId());
             $this->_whereConditions[$categoriesFields[0]][] = array('value' => $value, 'operator' => $operator);
             break;
         case "keywords":
             if ($value) {
                 $this->_whereConditions['keywords'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         case "publication date after":
             // Date start
             if ($this->_object->isPrimaryResource()) {
                 if (!is_a($value, 'CMS_date')) {
                     $this->raiseError('Value must be a valid CMS_date.');
                     return false;
                 }
                 $this->_whereConditions['publication date after'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         case "publication date before":
             // Date End
             if ($this->_object->isPrimaryResource()) {
                 if (!is_a($value, 'CMS_date')) {
                     $this->raiseError('Value must be a valid CMS_date.');
                     return false;
                 }
                 $this->_whereConditions['publication date before'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         case "publication date end":
             // End Date of publication
             if ($this->_object->isPrimaryResource()) {
                 if (!is_a($value, 'CMS_date')) {
                     $this->raiseError('Value must be a valid CMS_date.');
                     return false;
                 }
                 $this->_whereConditions['publication date end'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         case "status":
             // Publication status
             if ($this->_object->isPrimaryResource()) {
                 if (!in_array($value, array('online', 'offline', 'validated', 'awaiting'))) {
                     $this->raiseError('Status value must be one of them : online, offline, public, awaiting');
                     return false;
                 }
                 $this->_whereConditions['status'][] = array('value' => $value, 'operator' => $operator);
             }
             break;
         default:
             if (sensitiveIO::IsPositiveInteger($type)) {
                 $this->_whereConditions[$type][] = array('value' => $value, 'operator' => $operator);
                 break;
             }
             $this->raiseError('Unknown type : ' . $type . ' or value ' . $value);
             return false;
             break;
     }
 }
Пример #7
0
 /**
  * Run queued scripts.
  * This method is used when background scripts are not used.
  * It process a number of scripts defined by REGENERATION_THREADS constant
  *
  * @return void
  * @access public
  * @static
  */
 static function runQueuedScripts()
 {
     //the sql which selects scripts to regenerate at a time
     $sql_select = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tregenerator\n\t\t\tlimit\n\t\t\t\t" . sensitiveIO::sanitizeSQLString(REGENERATION_THREADS) . "\n\t\t";
     $q = new CMS_query($sql_select);
     $modules = array();
     while ($data = $q->getArray()) {
         //instanciate script module
         if (!isset($modules[$data['module_reg']])) {
             $modules[$data['module_reg']] = CMS_modulesCatalog::getByCodename($data['module_reg']);
         }
         //then send script task to module (return task title by reference)
         $task = $modules[$data['module_reg']]->scriptTask(unserialize($data['parameters_reg']));
         //delete the current script task
         $sql_delete = "\n\t\t\t\tdelete\n\t\t\t\tfrom\n\t\t\t\t\tregenerator\n\t\t\t\twhere\n\t\t\t\t\tid_reg='" . $data['id_reg'] . "'";
         $q_delete = new CMS_query($sql_delete);
     }
 }
Пример #8
0
 /**
  * Is given module is a poly module ?
  *
  * @param string $codename the codename of the module to check
  * @return boolean true if yes, false otherwise
  * @access public
  */
 static function isPolymod($codename)
 {
     $sql = "select\n\t\t\t\t\t1\n\t\t\t\tfrom\n\t\t\t\t\tmodules\n\t\t\t\twhere\n\t\t\t\t\tcodename_mod='" . sensitiveIO::sanitizeSQLString($codename) . "'\n\t\t\t\t\tand isPolymod_mod='1'\n\t\t\t\t";
     $q = new CMS_query($sql);
     return $q->getNumRows() ? true : false;
 }
Пример #9
0
 /**
  * Get by resource
  *
  * @param CMS_
  * @return array(CMS_log)
  * @access public
  */
 static function getByResourceAction($moduleCodename, $resourceId, $action, $limit = false)
 {
     $sql = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tlog\n\t\t\twhere\n\t\t\t\tmodule_log='" . sensitiveIO::sanitizeSQLString($moduleCodename) . "'\n\t\t\t\tand resource_log='" . sensitiveIO::sanitizeSQLString($resourceId) . "'";
     if (is_array($action)) {
         $sql .= " and action_log in (" . sensitiveIO::sanitizeSQLString(implode(',', $action)) . ")";
     } else {
         $sql .= " and action_log='" . sensitiveIO::sanitizeSQLString($action) . "'";
     }
     $sql .= "\n\t\t\torder by\n\t\t\t\tdatetime_log desc\n\t\t";
     if ($limit && sensitiveIO::isPositiveInteger($limit)) {
         $sql .= " limit 0, " . $limit;
     }
     $logs = array();
     $q = new CMS_query($sql);
     if ($q->getNumRows()) {
         $users = array();
         while ($r = $q->getArray()) {
             if (!isset($users[$r["user_log"]])) {
                 $users[$r["user_log"]] = CMS_profile_usersCatalog::getByID($r["user_log"]);
             }
             $lg = new CMS_log($r, $users[$r["user_log"]]);
             if (!$lg->hasError()) {
                 $logs[] = $lg;
             }
         }
     }
     return $logs;
 }
Пример #10
0
 /**
  * Search users
  * Static function.
  *
  * @param string search : search user by lastname, firstname or login
  * @param string letter : search user by first lastname letter
  * @param integer group : search user by group ID
  * @param string order : order by fieldname (without suffix). default : lastname, firstname
  * @param integer start : search start offset
  * @param integer limit : search limit (default : 0 : unlimited)
  * @param boolean activeOnly : return only active users (default : false)
  * @param boolean returnObjects : return CMS_profile_user objects (default) or array of userId
  * @return array(CMS_profile_user)
  * @access public
  */
 static function search($search = '', $letter = '', $group = '', $order = '', $direction = 'asc', $start = 0, $limit = 0, $activeOnly = false, $returnObjects = true, &$score = array())
 {
     $start = (int) $start;
     $limit = (int) $limit;
     $group = (int) $group;
     $direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
     $keywordsWhere = $letterWhere = $groupWhere = $orderBy = $orderClause = $idWhere = '';
     $select = 'id_pru';
     if (io::strpos($search, ':noroot:') !== false) {
         $idWhere = " and id_pru != '" . ROOT_PROFILEUSER_ID . "'";
         $search = trim(str_replace(':noroot:', '', $search));
     }
     if (io::substr($search, 0, 5) == 'user:'******'" . sensitiveIO::sanitizeSQLString(io::substr($search, 5)) . "'";
         $search = '';
     }
     if (io::substr($search, 0, 6) == 'group:' && sensitiveIO::isPositiveInteger(io::substr($search, 6))) {
         $group = io::substr($search, 6);
         $search = '';
     }
     if ($search) {
         //clean user keywords (never trust user input, user is evil)
         $keyword = strtr($search, ",;", "  ");
         $words = array();
         $words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
         $cleanedWords = array();
         foreach ($words as $aWord) {
             if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
                 $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
                 if (htmlentities($aWord) != $aWord) {
                     $cleanedWords[] = htmlentities($aWord);
                 }
                 $cleanedWords[] = $aWord;
             }
         }
         if (!$cleanedWords) {
             //if no words after cleaning, return
             return array();
         }
         foreach ($cleanedWords as $cleanedWord) {
             $keywordsWhere .= $keywordsWhere ? " and " : '';
             $keywordsWhere .= " (\n\t\t\t\t\tlastName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor firstName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor login_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
         }
         $keywordsWhere = ' and ((' . $keywordsWhere . ')';
         $select .= " , MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') as m ";
         $keywordsWhere .= " or MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') )";
     }
     if ($letter && io::strlen($letter) === 1) {
         $letterWhere = " and lastName_pru like '" . sensitiveIO::sanitizeSQLString($letter) . "%'";
     }
     if ($group) {
         $groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($group, false);
         if (!$groupUsers) {
             return array();
         }
         $groupWhere = " and id_pru in (" . implode(',', $groupUsers) . ")";
     }
     if ($order != 'score') {
         if ($order) {
             $found = false;
             $sql = "DESCRIBE profilesUsers";
             $q = new CMS_query($sql);
             while ($field = $q->getValue('Field')) {
                 if ($field == $order . '_pru') {
                     $found = true;
                 }
             }
             if ($found) {
                 $orderBy = $order . '_pru';
             } else {
                 $orderBy = 'lastName_pru,firstName_pru';
             }
         } else {
             $orderBy = 'lastName_pru,firstName_pru';
         }
         if ($orderBy) {
             $orderClause = "order by\n\t\t\t\t\t" . $orderBy . "\n\t\t\t\t\t" . $direction;
         }
     } elseif ($search) {
         $orderClause = " order by m " . $direction;
     }
     $sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tprofilesUsers\n\t\t\twhere \n\t\t\t deleted_pru='0'\n\t\t\t" . ($activeOnly ? " and  active_pru='1' " : '') . "\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $letterWhere . "\n\t\t\t" . $groupWhere . "\n\t\t\t" . $idWhere . "\n\t\t\t" . $orderClause . "\n\t\t";
     if ($limit) {
         $sql .= "limit \n\t\t\t\t" . $start . ", " . $limit;
     }
     $q = new CMS_query($sql);
     //pr($sql);
     //pr($q->getNumRows());
     $users = array();
     while ($r = $q->getArray()) {
         $id = $r['id_pru'];
         //set match score if exists
         if (isset($r['m'])) {
             $score[$id] = $r['m'];
         }
         if ($returnObjects) {
             $usr = CMS_profile_usersCatalog::getByID($id);
             if (is_a($usr, "CMS_profile_user") && !$usr->hasError()) {
                 if ($activeOnly && $usr->isActive() || !$activeOnly) {
                     $users[] = $usr;
                 }
             }
         } else {
             $users[] = $id;
         }
     }
     //pr($score);
     return $users;
 }
Пример #11
0
 /**
  * Return all the rows available
  *
  * @param CMS_profile_user $cms_user : restrict to user rights on modules (default : false)
  * @param integer $tplId : restrict to rows usable in given template (default : false)
  * @param string $csId : restrict to rows usable in given clientspace (default : false)
  * @param integer $start : start position
  * @param integer $limit : limit position
  * @param integer $count : number of rows found (passed by reference)
  * @access public
  */
 static function getAll($includeInactive = false, $keyword = '', $groups = array(), $rowIds = array(), $user = false, $tplId = false, $csId = false, $start = 0, $limit = 0, $returnObjects = true, &$score = array())
 {
     $select = 'id_row';
     $where = '';
     //keywords
     if ($keyword) {
         //clean user keywords (never trust user input, user is evil)
         $keyword = strtr($keyword, ",;", "  ");
         $words = array();
         $words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
         $cleanedWords = array();
         foreach ($words as $aWord) {
             if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
                 $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
                 $cleanedWords[] = $aWord;
             }
         }
         if (!$cleanedWords) {
             //if no words after cleaning, return
             return array();
         }
         $keywordWhere = '';
         foreach ($cleanedWords as $cleanedWord) {
             $keywordWhere .= $keywordWhere ? ' and ' : '';
             $keywordWhere .= " (\n\t\t\t\t\tdescription_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor label_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
         }
         $where .= $where ? ' and ' : '';
         $where .= " ((" . $keywordWhere . ") or MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') )";
         $select .= " , MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') as m ";
     }
     $sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tmod_standard_rows\n\t\t";
     //groups
     if ($groups) {
         foreach ($groups as $group) {
             $where .= $where ? ' and ' : '';
             $where .= " (\n\t\t\t\t\tgroupsStack_row='" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t)";
         }
     }
     //useable
     if (!$includeInactive) {
         $where .= $where ? ' and ' : '';
         $where .= " useable_row=1 ";
     }
     //rowIds
     if ($rowIds) {
         $where .= $where ? ' and ' : '';
         $where .= " id_row in (" . implode(',', $rowIds) . ") ";
     }
     if ($tplId) {
         $where .= $where ? ' and ' : '';
         $where .= " (\n\t\t\t\ttplfilter_row=''\n\t\t\t\tor tplfilter_row='" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t) ";
     }
     //user
     if (is_object($user) && !$user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
         $groupsDenied = $user->getRowGroupsDenied();
         $groupsDenied = $groupsDenied->getElements();
         if ($groupsDenied) {
             $where .= $where ? ' and (' : '(';
             foreach ($groupsDenied as $group) {
                 $where .= " (\n\t\t\t\t\t\tgroupsStack_row != '" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t) and";
             }
             //remove last "or" and append )
             $where = io::substr($where, 0, -3) . ')';
         }
     }
     $sql = $sql . ($where ? ' where ' . $where : '');
     //order
     if (io::strpos($sql, 'MATCH') === false) {
         $sql .= " order by label_row ";
     } else {
         $sql .= " order by m desc ";
     }
     //limit
     if ($start || $limit) {
         $sql .= " limit " . sensitiveIO::sanitizeSQLString($start) . "," . sensitiveIO::sanitizeSQLString($limit);
     }
     //pr($sql);
     $q = new CMS_query($sql);
     $rows = array();
     while ($r = $q->getArray()) {
         $id = $r['id_row'];
         //set match score if exists
         if (isset($r['m'])) {
             $score[$id] = $r['m'];
         }
         if ($returnObjects) {
             $row = new CMS_row($id);
             if (!$row->hasError()) {
                 $rows[$row->getID()] = $row;
             }
         } else {
             $rows[$id] = $id;
         }
     }
     return $rows;
 }
Пример #12
0
 /**
  * Get toolbar by code
  *
  * @param string $code the toolbar code to get
  * @param CMS_profile_user $user the toolbar elements to set
  * @return array the toolbars
  * @access public
  * @static
  */
 function getByCode($code, &$user)
 {
     $sql = "\n\t\t\tselect\n\t\t\t\tid_tool\n\t\t\tfrom\n\t\t\t\ttoolbars\n\t\t\twhere\n\t\t\t\tcode_tool = '" . sensitiveIO::sanitizeSQLString($code) . "'\n\t\t";
     $q = new CMS_query($sql);
     return $q->getNumRows() ? new CMS_wysiwyg_toolbar($q->getValue("id_tool"), $user) : false;
 }
Пример #13
0
 if ($cms_action == "finalisation") {
     //Application Label
     if (!isset($_POST["label"]) || !$_POST["label"]) {
         $error .= $error_step8_label . '<br />';
     } else {
         //set values in standard_rc.xml file
         $module = CMS_modulesCatalog::getByCodename('standard');
         $moduleParameters = $module->getParameters(false, true);
         $moduleParameters['APPLICATION_LABEL'][0] = $_POST["label"];
         $module->setAndWriteParameters($moduleParameters);
         //change root page Name
         //in edited table
         $sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_edited \n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
         $q = new CMS_query($sql);
         //in public table
         $sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_public\n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
         $q = new CMS_query($sql);
     }
     //No application email
     if (isset($_POST["no_application_email"]) && $_POST["no_application_email"] == 1) {
         //set values in standard_rc.xml file
         $module = CMS_modulesCatalog::getByCodename('standard');
         $moduleParameters = $module->getParameters(false, true);
         $moduleParameters['NO_APPLICATION_MAIL'][0] = 1;
         $module->setAndWriteParameters($moduleParameters);
     }
     //Change resources creation date to force all regenerations at first launch
     $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tresourceStatuses\n\t\t\t\tset\n\t\t\t\t\tpublicationDateStart_rs = NOW(),\n\t\t\t\t\tpublication_rs = '1'\n\t\t\t\twhere\n\t\t\t\t\tpublication_rs = '2'\n\t\t\t";
     $q = new CMS_query($sql);
     //change default user language
     if ($install_language == 'en') {
Пример #14
0
 /**
  * Return a template ID corresponding of a given clone ID
  *
  * @param integer cloneID : the clone ID to get template ID
  * @return integer : the template ID or false if none found
  * @access public
  */
 static function getTemplateIDForCloneID($cloneID)
 {
     $sql = "\n\t\t\tselect\n\t\t\t\tdefinitionFile_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tid_pt = '" . sensitiveIO::sanitizeSQLString($cloneID) . "'\n\t\t";
     $q = new CMS_query($sql);
     if (!$q->getNumRows()) {
         return false;
     } else {
         $definition = $q->getValue('definitionFile_pt');
     }
     if (!$definition) {
         return false;
     }
     $sql = "\n\t\t\tselect\n\t\t\t\tid_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tprivate_pt='0'\n\t\t\t\tand definitionFile_pt = '" . $definition . "'\n\t\t";
     $q = new CMS_query($sql);
     if ($q->getNumRows()) {
         return $q->getValue('id_pt');
     } else {
         return false;
     }
 }
 /**
  * Returns boolean depending on wheather label exists or not
  * Static function.
  * 
  * @param string $label
  * @param integer $groupId
  * @access public
  */
 static function labelExists($label, $groupId = 0)
 {
     if ((SensitiveIO::isPositiveInteger($groupId) || $groupId == 0) && $label) {
         $sqlWhere = '';
         if ($groupId) {
             $sqlWhere = "\n\t\t\t\t\tid_prg  != '" . $groupId . "' \n\t\t\t\t and ";
         }
         $sql = "\n\t\t\t\tselect distinct\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\twhere\n\t\t\t\t\t" . $sqlWhere . "\n\t\t\t\t\tlabel_prg='" . trim(sensitiveIO::sanitizeSQLString($label)) . "'\n\t\t\t";
         $q = new CMS_query($sql);
         return $q->getNumRows();
     }
     // As label may exist
     return true;
 }
Пример #16
0
 /**
  * Duplicate this block
  * Used to duplicate a CMS_page.
  *
  * @param CMS_page $destinationPage, the page receiving a copy of this block
  * @param boolean $public The precision needed for USERSPACE location
  * @return CMS_block object
  */
 function duplicate(&$destinationPage, $public = false)
 {
     if (SensitiveIO::isPositiveInteger($this->_dbID)) {
         $table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public);
         $str_set = "\n\t\t\t\t\tpage='" . sensitiveIO::sanitizeSQLString($destinationPage->getID()) . "',\n\t\t\t\t\tclientSpaceID='" . sensitiveIO::sanitizeSQLString($this->_clientSpaceID) . "',\n\t\t\t\t\trowID='" . sensitiveIO::sanitizeSQLString($this->_rowID) . "',\n\t\t\t\t\tblockID='" . sensitiveIO::sanitizeSQLString($this->_tagID) . "',\n\t\t\t\t\ttype='CMS_block_polymod',\n\t\t\t\t\tvalue='" . sensitiveIO::sanitizeSQLString(serialize($this->_value)) . "'\n\t\t\t";
         $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\t" . $table . "\n\t\t\t\tset\n\t\t\t\t\t" . $str_set . "\n\t\t\t";
         $q = new CMS_query($sql);
         if (!$q->hasError()) {
             //Table Edition
             $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\tset\n\t\t\t\t\t\tid='',\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t";
             $q = new CMS_query($sql);
             return !$q->hasError();
         } else {
             $this->raiseError("Insertion failed: " . $sql);
         }
     } else {
         $this->raiseError("Object does not have a DB ID, not initialized");
     }
     return false;
 }
Пример #17
0
 /**
  * Return a list of all fields for a given module which uses external references such as users or pages
  * Used to track cache reference usage
  *
  * @param string $codename the module codename to get plugins
  * @return array(int refID => string ref type)
  * @access public
  */
 static function getFieldsReferencesUsage($codename = false)
 {
     static $moduleReferences;
     if (!$codename) {
         $codename = 'all';
     }
     if (!isset($moduleReferences[$codename])) {
         $moduleReferences[$codename] = array();
         $sql = "select\n\t\t\t\t\t\tid_mof, type_mof\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_object_definition,\n\t\t\t\t\t\tmod_object_field\n\t\t\t\t\twhere ";
         if ($codename != 'all') {
             $sql .= " module_mod='" . sensitiveIO::sanitizeSQLString($codename) . "' and ";
         }
         $sql .= "\n\t\t\t\t\t\tobject_id_mof = id_mod\n\t\t\t\t\t\tand type_mof = 'CMS_object_usergroup' or type_mof = 'CMS_object_page' \n\t\t\t";
         $q = new CMS_query($sql);
         if ($q->getNumRows()) {
             while ($r = $q->getArray()) {
                 if ($r['type_mof'] == 'CMS_object_page') {
                     $moduleReferences[$codename][$r['id_mof']]['module'][] = MOD_STANDARD_CODENAME;
                 } elseif ($r['type_mof'] == 'CMS_object_usergroup') {
                     $moduleReferences[$codename][$r['id_mof']]['resource'][] = 'users';
                 }
             }
         }
     }
     return $moduleReferences[$codename];
 }
Пример #18
0
 /**
  * Writes the block data into persistence (destroys previous and insert new)
  *
  * @param integer $pageID The page which contains the client space, DB ID
  * @param integer $clientSpaceID The client space which contains the row, DB ID
  * @param integer $rowID The row which contains the block, DB ID
  * @param integer $location The location we want to completly remove the block from
  * @param boolean $public The precision needed for USERSPACE location
  * @param array(mixed=>mixed) $data The data indexed by data type (value, file, alt_tag, ...), 
  * @return boolean true on success, false on failure
  * @access public
  */
 function writeToPersistence($pageID, $clientSpaceID, $rowID, $location, $public, $data)
 {
     parent::writeToPersistence($pageID, $clientSpaceID, $rowID, $location, $public, $data);
     //delete the old data
     $this->delFromLocation($pageID, $clientSpaceID, $rowID, $location, $public);
     $table = $this->_getDataTableName($location, $public);
     $sql = "\n\t\t\tinsert into\n\t\t\t\t" . $table . "\n\t\t\tset\n\t\t\t\tpage='" . sensitiveIO::sanitizeSQLString($pageID) . "',\n\t\t\t\tclientSpaceID='" . sensitiveIO::sanitizeSQLString($clientSpaceID) . "',\n\t\t\t\trowID='" . sensitiveIO::sanitizeSQLString($rowID) . "',\n\t\t\t\tblockID='" . sensitiveIO::sanitizeSQLString($this->_tagID) . "',\n\t\t\t\ttype='CMS_block_cms_forms',\n\t\t\t\tvalue='" . sensitiveIO::sanitizeSQLString(serialize($data["value"])) . "'\n\t\t";
     $q = new CMS_query($sql);
     if ($q->hasError()) {
         return false;
     } else {
         return true;
     }
 }
Пример #19
0
 /**
  * Get search results objects for module by Id
  *
  * @param array : the results score ids
  * @return array : results elements (cms_page)
  * @access public
  */
 function getSearchResults($resultsIds, &$user)
 {
     if (!$resultsIds || !is_array($resultsIds)) {
         return array();
     }
     $cms_language = $user->getLanguage();
     //get results object types
     $sql = "\n\t\t\tselect\n\t\t\t\tobject_type_id_moo as type, id_moo as id\n\t\t\tfrom\n\t\t\t\tmod_object_polyobjects\n\t\t\twhere\n\t\t\t\tid_moo in (" . sensitiveIO::sanitizeSQLString(implode(',', $resultsIds)) . ")\n\t\t";
     $q = new CMS_query($sql);
     $resultsType = array();
     while ($r = $q->getArray()) {
         $resultsType[$r['type']][] = $r['id'];
     }
     $results = array();
     foreach ($resultsType as $type => $ids) {
         //load current object definition
         $object = CMS_poly_object_catalog::getObjectDefinition($type);
         //create search object for current object
         $search = new CMS_object_search($object);
         $search->addWhereCondition("items", $ids);
         $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS);
         //launch search
         $objectLabel = $object->getLabel($cms_language);
         // Check if need to use a specific display for search results
         $resultsDefinition = $object->getValue('resultsDefinition');
         if ($resultsDefinition) {
             $definitionParsing = new CMS_polymod_definition_parsing($resultsDefinition, true, CMS_polymod_definition_parsing::PARSE_MODE);
             $itemsResourcesFiles = '';
             // Add specific css and js files we use the resultsDefinition
             if (file_exists(PATH_CSS_FS . '/modules/' . $this->getCodename() . '.css')) {
                 $itemsResourcesFiles .= '<link rel="stylesheet" type="text/css" href="' . PATH_CSS_WR . '/modules/' . $this->getCodename() . '.css" />';
             }
             $jsFiles = $this->getJSFiles();
             if ($jsFiles) {
                 foreach ($jsFiles as $jsfile) {
                     $itemsResourcesFiles .= '<script type="text/javascript" src="' . $jsfile . '"></script>' . "\n";
                 }
             }
         } else {
             //load fields objects for object
             $objectFields = CMS_poly_object_catalog::getFieldsDefinition($object->getID());
         }
         //loop on results items
         while ($item = $search->getNextResult()) {
             //Resource related informations
             $htmlStatus = $pubRange = '';
             $lock = $deleted = $primaryResource = false;
             if ($object->isPrimaryResource()) {
                 $status = $item->getStatus();
                 if (is_object($status)) {
                     $htmlStatus = $status->getHTML(false, $user, $this->getCodename(), $item->getID());
                     $pubRange = $status->getPublicationRange($cms_language);
                     $lock = $item->getLock();
                     $deleted = $item->getProposedLocation() == RESOURCE_LOCATION_DELETED;
                 }
                 $primaryResource = true;
             }
             //Edit
             $edit = false;
             if (!$deleted && (!$lock || $lock == $user->getUserId())) {
                 $edit = array('url' => PATH_ADMIN_MODULES_WR . '/' . MOD_POLYMOD_CODENAME . '/item.php', 'type' => 'window', 'params' => array('module' => $this->getCodename(), 'type' => $type, 'item' => $item->getID()));
             }
             //Previz
             $view = false;
             if ($object->getValue("previewURL")) {
                 $view = array('url' => $item->getPrevizPageURL(), 'type' => 'frame');
             }
             //HTML description
             $description = POLYMOD_DEBUG ? '<span class="atm-text-alert"> (ID : ' . $item->getID() . ')</span>' : '';
             if ($resultsDefinition) {
                 //set execution parameters
                 $parameters = array();
                 $parameters['module'] = $this->getCodename();
                 $parameters['objectID'] = $object->getID();
                 $parameters['public'] = false;
                 $parameters['item'] = $item;
                 $description .= $definitionParsing->getContent(CMS_polymod_definition_parsing::OUTPUT_RESULT, $parameters);
                 if ($itemsResourcesFiles) {
                     $description = $itemsResourcesFiles . $description;
                 }
             } else {
                 $itemFieldsObjects = $item->getFieldsObjects();
                 //Add all needed fields to description
                 foreach ($itemFieldsObjects as $fieldID => $itemField) {
                     //if field is a poly object
                     if ($objectFields[$fieldID]->getValue('searchlist')) {
                         $description .= $objectFields[$fieldID]->getLabel($cms_language) . ' : <strong>' . $itemField->getHTMLDescription() . '</strong><br />';
                     }
                 }
             }
             $results[$item->getID()] = array('id' => $item->getID(), 'type' => $objectLabel, 'status' => $htmlStatus, 'pubrange' => $pubRange, 'label' => $item->getLabel(), 'description' => $description, 'resource' => $primaryResource ? array('module' => $this->getCodename(), 'resource' => $item->getID(), 'action' => 'unlock') : false, 'edit' => $edit, 'view' => $view);
         }
     }
     return $results;
 }
Пример #20
0
 /**
  * Get form field by it's name
  * 
  * @param string $fieldName : the form field name to get
  * @param boolean $outputobjects : return array of CMS_forms_field instead of array of ids (default : false)
  * @param boolean $withDesactivedFields : add desactived fields to returned list (default : false)
  * @access public
  * @return array of CMS_forms_field
  */
 function getFieldByName($fieldName, $outputobjects = false, $withDesactivedFields = false)
 {
     $sql = "\n\t\t\tselect\n\t\t\t\tid_fld as id\n\t\t\tfrom\n\t\t\t\tmod_cms_forms_fields\n\t\t\twhere\n\t\t\t\tform_fld='" . $this->getID() . "'\n\t\t\t\tand name_fld='" . sensitiveIO::sanitizeSQLString($fieldName) . "'\n\t\t";
     if (!$withDesactivedFields) {
         $sql .= " and active_fld = '1'";
     }
     $q = new CMS_query($sql);
     if ($q->getNumRows()) {
         if ($outputobjects) {
             return new CMS_forms_field($q->getValue('id'));
         } else {
             return $q->getValue('id');
         }
     }
 }
Пример #21
0
 /**
  * Authenticate user
  * This method can 
  * - authenticate user throught authentification process
  * - load already authenticated user in current session (or SSO)
  * - disconnect user
  *
  * @param array $params : indexed array of authentification parameters (default : nothing)
  * Accepted array keys are :
  * - authenticate : boolean : default true if disconnect is not set
  * - disconnect : boolean : default false
  * - login : string : user login to authenticate
  * - password : string : user password to authenticate
  * - remember : boolean : default false
  * - tokenName : string
  * - token : string
  * - type : string : type of authentification (admin|frontend) : default APPLICATION_USER_TYPE contant
  * - ... and any parameter needed by authentifications processes handled by modules
  * @return void
  * @access public
  * @static
  */
 public static function authenticate($params = array())
 {
     //first clean old sessions datas from database
     CMS_session::_cleanSessions();
     // Get Zend Auth instance
     $auth = Zend_Auth::getInstance();
     // Use CMS_auth as session storage space
     $auth->setStorage(new Zend_Auth_Storage_Session('atm-auth'));
     //set authentification type
     if (!isset($params['type'])) {
         $params['type'] = APPLICATION_USER_TYPE;
     }
     //set permanent auth status
     if (isset($params['remember']) && $params['remember']) {
         self::$_permanent = true;
     } else {
         $params['remember'] = false;
     }
     //clear auth storage if disconnection is queried and set default authenticate value
     if (isset($params['disconnect']) && $params['disconnect']) {
         //log disconection if user exists
         $storageValue = $auth->getStorage()->read();
         if (io::isPositiveInteger($storageValue)) {
             //load user
             $user = CMS_profile_usersCatalog::getByID($storageValue);
             if ($user) {
                 //log new session
                 $log = new CMS_log();
                 $log->logMiscAction(CMS_log::LOG_ACTION_DISCONNECT, $user, 'IP: ' . @$_SERVER['REMOTE_ADDR'] . ', UA: ' . @$_SERVER['HTTP_USER_AGENT']);
             }
         }
         //clear session content
         CMS_session::deleteSession(true);
         if (!isset($params['authenticate'])) {
             $params['authenticate'] = false;
         }
     } else {
         $params['disconnect'] = false;
         if (!isset($params['authenticate'])) {
             $params['authenticate'] = true;
         }
     }
     //init authenticated boolean
     $authenticated = false;
     //keep old storage value, because storage will be reseted by each module authentification
     $storageValue = $auth->getStorage()->read();
     //loop on each authentification types suupported
     foreach (array('credentials', 'session', 'cookie', 'sso') as $authType) {
         //load modules
         $modules = CMS_modulesCatalog::getAll('id');
         //get last module
         $module = array_pop($modules);
         //set authentification type as param
         $params['authType'] = $authType;
         //then try it for each modules
         do {
             //if module has auth method, try it
             if (method_exists($module, 'getAuthAdapter')) {
                 //overwrite auth storage value with old value
                 $auth->getStorage()->write($storageValue);
                 //get module auth adapter
                 $authAdapter = $module->getAuthAdapter($params);
                 //authenticate user
                 self::$_result = $auth->authenticate($authAdapter);
                 //To debug Auth process easily, discomment this line
                 //CMS_grandFather::log($_SERVER['SCRIPT_NAME'].' - '.$module->getCodename().' - Auth type : '.$authType.'/'.$params['type'].' - Auth result : '.self::$_result->getCode().($auth->hasIdentity() ? ' - Identity : '.$auth->getIdentity() : '').' - Message : '.(sizeof(self::$_result->getMessages()) == 1 ? array_pop(self::$_result->getMessages()) : print_r(self::$_result->getMessages(), true)));
                 switch (self::$_result->getCode()) {
                     case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
                         //user crendentials does not exists (ex: no login/pass provided)
                         //nothing for now
                         break;
                     case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
                         //invalid login/pass
                         //nothing for now
                         break;
                     case Zend_Auth_Result::SUCCESS:
                         if ($auth->hasIdentity()) {
                             // get user from identity found
                             $user = $authAdapter->getUser($auth->getIdentity());
                             //check if user is valid
                             if (isset($user) && $user && !$user->hasError() && !$user->isDeleted() && $user->isActive()) {
                                 $authenticated = true;
                                 //overwrite auth identity with valid user Id
                                 $auth->getStorage()->write($user->getUserId());
                             } else {
                                 unset($user);
                             }
                         }
                         break;
                     case Zend_Auth_Result::FAILURE:
                         //user found but has error during loading (user inactive or deleted)
                         //nothing for now
                         break;
                     default:
                         //other unidentified cases : thrown an error
                         CMS_grandFather::raiseError('Authentification return code ' . self::$_result->getCode() . ' for module ' . $module->getCodename() . ' with parameters ' . print_r($params, true));
                         break;
                 }
             }
             //get next last module
             $module = array_pop($modules);
         } while (!$authenticated && $module);
         //if user is authenticated, break authentification foreach
         if ($authenticated) {
             break;
         }
     }
     //if authenticated : set or refresh session datas in table, regenerate session Id
     if ($authenticated && $user) {
         $q = new CMS_query("\n\t\t\tselect \n\t\t\t\tid_ses, cookie_expire_ses\n\t\t\tfrom \n\t\t\t\tsessions \n\t\t\twhere \n\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString(Zend_Session::getId()) . "' \n\t\t\t\tand user_ses='" . sensitiveIO::sanitizeSQLString($user->getUserId()) . "'");
         //get old session Id
         $oldSessionId = Zend_Session::getId();
         if ($q->getNumRows() > 0) {
             //if session already exists : update it
             //regenerate session Id randomly (arround 1/100 times)
             //removed : cause session instability
             /*if (!rand(0, 100)) {
             			//session id should not be regenerated each times because in case of a lot of concurrent calls, session can be destroyed
             			Zend_Session::regenerateId();
             		}*/
             $r = $q->getArray();
             $id = $r['id_ses'];
             //Cookie
             if (self::$_permanent || $r['cookie_expire_ses'] != '0000-00-00 00:00:00') {
                 self::$_permanent = true;
                 // Cookie expire in APPLICATION_COOKIE_EXPIRATION days
                 $expires = time() + 60 * 60 * 24 * APPLICATION_COOKIE_EXPIRATION;
                 CMS_session::setCookie(CMS_session::getAutoLoginCookieName(), base64_encode($id . '|' . Zend_Session::getId()), $expires);
             }
             //DB session
             $sql = "\n\t\t\t\t\tupdate \n\t\t\t\t\t\tsessions \n\t\t\t\t\tset\n\t\t\t\t\t\tlastTouch_ses=NOW(),\n\t\t\t\t\t\tuser_ses='" . sensitiveIO::sanitizeSQLString($user->getUserId()) . "',\n\t\t\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString(Zend_Session::getId()) . "',\n\t\t\t\t\t\tremote_addr_ses='" . sensitiveIO::sanitizeSQLString(@$_SERVER['REMOTE_ADDR']) . "'";
             if (self::$_permanent) {
                 $sql .= ",\n\t\t\t\t\t\tcookie_expire_ses = DATE_ADD(NOW(), INTERVAL " . APPLICATION_COOKIE_EXPIRATION . " DAY)";
             }
             $sql .= "\n\t\t\t\t\twhere\n\t\t\t\t\t \tid_ses='" . sensitiveIO::sanitizeSQLString($id) . "'";
             $q = new CMS_query($sql);
             //if autologin : log it
             if (in_array(CMS_auth::AUTH_AUTOLOGIN_VALID, self::$_result->getMessages())) {
                 //log autologin session
                 $log = new CMS_log();
                 $log->logMiscAction(CMS_log::LOG_ACTION_AUTO_LOGIN, $user, 'IP: ' . @$_SERVER['REMOTE_ADDR'] . ', UA: ' . @$_SERVER['HTTP_USER_AGENT']);
             }
         } else {
             //otherwhise, create user session
             //regenerate session Id
             Zend_Session::regenerateId();
             //delete old session record if any
             $q = new CMS_query("\n\t\t\t\t\tdelete\n\t\t\t\t\tfrom \n\t\t\t\t\t\tsessions \n\t\t\t\t\twhere \n\t\t\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString($oldSessionId) . "'");
             //insert new session record
             $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\tsessions\n\t\t\t\t\tset\n\t\t\t\t\t\tlastTouch_ses=NOW(),\n\t\t\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString(Zend_Session::getId()) . "',\n\t\t\t\t\t\tuser_ses='" . sensitiveIO::sanitizeSQLString($user->getUserId()) . "',\n\t\t\t\t\t\tremote_addr_ses='" . sensitiveIO::sanitizeSQLString(@$_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t";
             if (self::$_permanent) {
                 $sql .= ",\n\t\t\t\t\tcookie_expire_ses = DATE_ADD(NOW(), INTERVAL " . APPLICATION_COOKIE_EXPIRATION . " DAY)";
             }
             $q = new CMS_query($sql);
             if (!$q->hasError() && self::$_permanent) {
                 // Cookie expire in APPLICATION_COOKIE_EXPIRATION days
                 $expires = time() + 60 * 60 * 24 * APPLICATION_COOKIE_EXPIRATION;
                 CMS_session::setCookie(CMS_session::getAutoLoginCookieName(), base64_encode($q->getLastInsertedID() . '|' . Zend_Session::getId()), $expires);
             }
             //log new session
             $log = new CMS_log();
             $log->logMiscAction(CMS_log::LOG_ACTION_LOGIN, $user, 'Permanent cookie: ' . (self::$_permanent ? 'Yes' : 'No') . ', IP: ' . @$_SERVER['REMOTE_ADDR'] . ', UA: ' . @$_SERVER['HTTP_USER_AGENT']);
         }
         //set user as currently logged user
         self::$_userID = $user->getUserId();
     } else {
         if (APPLICATION_USER_TYPE == "frontend" && APPLICATION_ENFORCES_ACCESS_CONTROL) {
             //set public user as currently logged user
             self::$_userID = ANONYMOUS_PROFILEUSER_ID;
         }
     }
     //for backward compatibility
     $_SESSION["cms_context"] = new CMS_context();
 }
 /**
  * Check if item is deleted
  *
  * @param integer $itemID The item ID to check as deleted
  * @return boolean true if ite is deleted, false otherwise
  */
 function isDeletedItem($itemID)
 {
     static $deletedItems;
     if (!isset($deletedItems[$itemID])) {
         //set deleted status to item
         $sql = "\n\t\t\t\tselect\n\t\t\t\t\t1\n\t\t\t\tfrom\n\t\t\t\t\tmod_object_polyobjects\n\t\t\t\twhere\n\t\t\t\t\tid_moo = '" . sensitiveIO::sanitizeSQLString($itemID) . "'\n\t\t\t\t\tand deleted_moo = '1'\n\t\t\t";
         $q = new CMS_query($sql);
         $deletedItems[$itemID] = $q->getNumRows() ? true : false;
     }
     return $deletedItems[$itemID];
 }
Пример #23
0
 /**
  * Attach a page to the tree (references it in the linx_tree tables)
  * Static function.
  *
  * @param mixed $page The page to attach
  * @param mixed $ancestor The father to attach to
  * @param boolean $publicTree Do we want to fetch the public tree or the edited one ?
  * @return boolean true on success, false on failure
  * @access private
  */
 static function attachPageToTree($page, $ancestor, $publicTree = false)
 {
     //check argument is a page
     if (!is_a($page, "CMS_page") && !sensitiveIO::isPositiveInteger($page)) {
         CMS_grandFather::raiseError("Page must be instance of CMS_page or positive integer");
         return false;
     }
     $pageId = is_object($page) ? $page->getID() : $page;
     //check argument is a page
     if (!is_a($ancestor, "CMS_page") && !sensitiveIO::isPositiveInteger($ancestor)) {
         CMS_grandFather::raiseError("Ancestor must be instance of CMS_page or positive integer");
         return false;
     }
     $ancestorId = is_object($ancestor) ? $ancestor->getID() : $ancestor;
     $table = $publicTree ? "linx_tree_public" : "linx_tree_edited";
     //check that the page ain't already in the tree
     if (CMS_tree::hasAncestor($pageId, $publicTree)) {
         return true;
     }
     if ($publicTree) {
         //get the edited sibling order of the page if any
         $sql = "\n\t\t\t\tselect\n\t\t\t\t\torder_ltr as eo\n\t\t\t\tfrom\n\t\t\t\t\tlinx_tree_edited\n\t\t\t\twhere\n\t\t\t\t\tsibling_ltr='" . sensitiveIO::sanitizeSQLString($pageId) . "'\n\t\t\t";
         $q = new CMS_query($sql);
         if ($q->getNumRows()) {
             $sibling_order = $q->getValue("eo");
         }
         if (!sensitiveIO::isPositiveInteger($sibling_order)) {
             //get the current sibling order of the ancestor
             $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tmax(order_ltr) as mo\n\t\t\t\t\tfrom\n\t\t\t\t\t\t" . $table . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tfather_ltr='" . sensitiveIO::sanitizeSQLString($ancestorId) . "'\n\t\t\t\t";
             $q = new CMS_query($sql);
             $sibling_order = $q->getValue("mo") + 1;
         }
     } else {
         //get the current sibling order of the ancestor
         $sql = "\n\t\t\t\tselect\n\t\t\t\t\tmax(order_ltr) as mo\n\t\t\t\tfrom\n\t\t\t\t\t" . $table . "\n\t\t\t\twhere\n\t\t\t\t\tfather_ltr='" . sensitiveIO::sanitizeSQLString($ancestorId) . "'\n\t\t\t";
         $q = new CMS_query($sql);
         $sibling_order = $q->getValue("mo") + 1;
     }
     //add page to the table
     $sql = "\n\t\t\tinsert into\n\t\t\t\t" . $table . "\n\t\t\tset\n\t\t\t\tfather_ltr='" . sensitiveIO::sanitizeSQLString($ancestorId) . "',\n\t\t\t\tsibling_ltr='" . sensitiveIO::sanitizeSQLString($pageId) . "',\n\t\t\t\torder_ltr='" . $sibling_order . "'\n\t\t";
     $q = new CMS_query($sql);
     return true;
 }