/**
* Get array of contacts data by Email
*
* @param string $data
* @return array of CMS_profile_user
* @access public
*/
static function getByEmail($data)
{
if (!SensitiveIO::isValidEmail($data)) {
CMS_grandFather::raiseError('$data must be a valid email : ' . $data);
return array();
}
$aUsers = array();
//create the request to look for the data
$sql = 'select `id_cd`
from `contactDatas`
where `email_cd` = "' . sensitiveIO::sanitizeSQLString($data) . '"';
//launching the request
$q = new CMS_query($sql);
//checking if ok and looping on results
if (!$q->hasError()) {
while (($oTmpUserId = $q->getValue("id_cd")) !== false) {
//creating the user and filling the data
$oTmpUser = CMS_profile_usersCatalog::getByID($oTmpUserId);
if (!$oTmpUser->hasError()) {
$oTmpUser->getContactData();
if (!$oTmpUser->hasError()) {
$aUsers[] = $oTmpUser;
}
}
}
unset($oTmpUser, $oTmpUserId);
}
return $aUsers;
}
/**
* Set the script informations.
*
* @return boolean true on success, false on failure
* @access public
*/
function setParameters($module, $parameters)
{
if (!$this->_scriptName) {
return false;
}
$sql = "\n\t\t\tupdate\n\t\t\t\tscriptsStatuses\n\t\t\tset\n\t\t\t\tmodule_ss='" . sensitiveIO::sanitizeSQLString($module) . "',\n\t\t\t\tparameters_ss='" . sensitiveIO::sanitizeSQLString($parameters) . "'\n\t\t\twhere\n\t\t\t\tscriptName_ss='" . $this->_scriptName . "'";
$q = new CMS_query($sql);
return true;
}
/**
* Check if website currently exists
* Static function.
*
* @param integer $id The DB ID of the CMS_website to check
* @return boolean
* @access public
*/
static function exists($id)
{
static $websites;
if (!isset($websites[$id])) {
$websites[$id] = false;
$sql = "\n\t\t\t\tselect\n\t\t\t\t\tid_web\n\t\t\t\tfrom\n\t\t\t\t\twebsites\n\t\t\t\twhere\n\t\t\t\t\tid_web = " . sensitiveIO::sanitizeSQLString($id) . "\n\t\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
$websites[$id] = true;
}
}
return $websites[$id];
}
/**
* Get the search.
*
* @param integer $searchType : the type of the search (see constants)
* @return array of CMS_page the result pages
* @access public
*/
function getSearch($keywords, $user, $public = false, $withPageContent = false)
{
if (is_a($user, 'CMS_profile_user')) {
$cms_language = $user->getLanguage();
} else {
$cms_language = new CMS_language('fr');
}
$results = array();
$count = 0;
/*$messages = array();
$message = '';*/
$where = $order = '';
$foundLinkToIDs = $foundLinkFromIDs = $foundPagesFromTemplate = $foundPagesFromRow = $matches = array();
// Clean keywords
$keywords = SensitiveIO::sanitizeSQLString($keywords);
$keywords = strtr($keywords, ",;", " ");
$blocks = array();
$blocks = array_map("trim", array_unique(explode(" ", $keywords)));
$cleanedBlocks = array();
foreach ($blocks as $block) {
if ($block !== '' || sensitiveIO::isPositiveInteger($block)) {
$block = str_replace(array('%', '_'), array('\\%', '\\_'), $block);
$cleanedBlocks[] = $block;
}
}
// Separate block codes
if ($cleanedBlocks) {
$allDatas = array();
$allCodes = CMS_search::getAllCodes();
foreach ($allCodes as $code) {
$datas = array();
foreach (array_keys($cleanedBlocks) as $key) {
if (strstr($cleanedBlocks[$key], $code . ':')) {
$datas[] = $cleanedBlocks[$key];
unset($cleanedBlocks[$key]);
}
}
if ($datas) {
$allDatas[$code] = $datas;
}
}
$allDatas[self::SEARCH_TYPE_DEFAULT] = $cleanedBlocks;
// Get IDs from all specific codes
$foundIDs = array();
$allLinksNumber = 0;
foreach ($allCodes as $code) {
switch ($code) {
case self::SEARCH_TYPE_LINKTO:
if (isset($allDatas[self::SEARCH_TYPE_LINKTO])) {
$foundLinkToIDs = array();
$where = '';
$count = 0;
foreach ($allDatas[self::SEARCH_TYPE_LINKTO] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " start_lre = '" . $tabValues[1] . "' ";
}
}
if ($where) {
$select = ' stop_lre ';
$from = 'linx_real_public';
$sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
$q = new CMS_query($sql);
$arr = array();
while ($arr = $q->getArray()) {
$foundLinkToIDs[] = $arr["stop_lre"];
}
// Count links number
$allLinksNumber += count($foundLinkToIDs);
$where = $select = '';
}
}
break;
case self::SEARCH_TYPE_LINKFROM:
if (isset($allDatas[self::SEARCH_TYPE_LINKFROM])) {
$foundLinkFromIDs = array();
$where = '';
$count = 0;
/*$messagesIDs = array();*/
foreach ($allDatas[self::SEARCH_TYPE_LINKFROM] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " stop_lre = '" . $tabValues[1] . "' ";
}
}
if ($where) {
$select = ' start_lre ';
$from = 'linx_real_public';
$sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
$q = new CMS_query($sql);
$arr = array();
while ($arr = $q->getArray()) {
$foundLinkFromIDs[] = $arr["start_lre"];
}
// Count links number
$allLinksNumber += count($foundLinkFromIDs);
$where = $select = '';
}
}
break;
case self::SEARCH_TYPE_TEMPLATE:
if (isset($allDatas[self::SEARCH_TYPE_TEMPLATE])) {
$foundPagesFromTemplate = array();
foreach ($allDatas[self::SEARCH_TYPE_TEMPLATE] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$foundPagesFromTemplate = array_unique(array_merge(CMS_pageTemplatesCatalog::getPagesByTemplate($tabValues[1]), $foundPagesFromTemplate));
}
}
$allLinksNumber += count($foundPagesFromTemplate);
}
break;
case self::SEARCH_TYPE_ROW:
if (isset($allDatas[self::SEARCH_TYPE_ROW])) {
$foundPagesFromRow = array();
foreach ($allDatas[self::SEARCH_TYPE_ROW] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$foundPagesFromRow = array_unique(array_merge(CMS_rowsCatalog::getPagesByRow($tabValues[1]), CMS_rowsCatalog::getPagesByRow($tabValues[1], false, true), $foundPagesFromRow));
}
}
$allLinksNumber += count($foundPagesFromRow);
}
break;
}
}
$foundIDs = array_unique(array_merge($foundLinkToIDs, $foundLinkFromIDs, $foundPagesFromTemplate, $foundPagesFromRow));
// Main sql requests (for pageId, pages codenames and keywords)
if ($allDatas[self::SEARCH_TYPE_DEFAULT]) {
$count = 0;
$where = '';
foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $key => $block) {
if (SensitiveIO::isPositiveInteger($block)) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " (page_pbd like '%" . $block . "%')";
unset($allDatas[self::SEARCH_TYPE_DEFAULT][$key]);
}
}
$order = '';
if ($allDatas[self::SEARCH_TYPE_DEFAULT]) {
$suffix = $public ? '_public' : '_edited';
if (!$withPageContent) {
//Search in page metadatas
//$count = 0;
foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $block) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " (\n\t\t\t\t\t\t\t\ttitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor linkTitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor keywords_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor description_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor category_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor codename_pbd = '" . $block . "'\n\t\t\t\t\t\t\t)";
}
if ($foundIDs) {
$where .= " and page_pbd in (" . implode($foundIDs, ',') . ") ";
}
// Set SQL
$sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tpage_pbd\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tpagesBaseData" . $suffix . "\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t";
$q = new CMS_query($sql);
//pr($sql);
$results = array();
$count = 0;
$foundIDs = array();
while ($id = $q->getValue('page_pbd')) {
$foundIDs[] = $id;
}
$order = "\n\t\t\t\t\t \t\torder by title_pbd asc\n\t\t\t\t\t\t";
} else {
//Search in page content (fulltext search)
$keywords = implode(' ', $allDatas[self::SEARCH_TYPE_DEFAULT]);
$selects = array('pagesBaseData' . $suffix => array('page' => 'page_pbd', 'match' => 'title_pbd,linkTitle_pbd,keywords_pbd,description_pbd,codename_pbd'), 'blocksVarchars' . $suffix => array('page' => 'page', 'match' => 'value'), 'blocksTexts' . $suffix => array('page' => 'page', 'match' => 'value', 'entities' => true), 'blocksImages' . $suffix => array('page' => 'page', 'match' => 'label'), 'blocksFiles' . $suffix => array('page' => 'page', 'match' => 'label'));
$matches = array();
foreach ($selects as $table => $select) {
// Set SQL
$sql = "\n\t\t\t\t\t\t\t\tselect \n\t\t\t\t\t\t\t\t\t" . $select['page'] . " as pageId, MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "') as m1\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " , MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') as m2 " : '') . "\n\t\t\t\t\t\t\t\tfrom \n\t\t\t\t\t\t\t\t\t" . $table . "\n\t\t\t\t\t\t\t\twhere \n\t\t\t\t\t\t\t\t\tMATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "')\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " or MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') " : '') . "\n\t\t\t\t\t\t\t\t";
//pr($sql);
$q = new CMS_query($sql);
while ($r = $q->getArray()) {
if (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m1'] > $matches[$r['pageId']]) {
$matches[$r['pageId']] = $r['m1'];
}
if (isset($r['m2']) && (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m2'] > $matches[$r['pageId']])) {
$matches[$r['pageId']] = $r['m2'];
}
}
}
//sort page Ids by relevance
arsort($matches, SORT_NUMERIC);
//$matches = array_keys($matches);
$order = "\n\t\t\t\t\t \t\torder by field(page_pbd, " . implode(',', array_reverse(array_keys($matches))) . ") desc\n\t\t\t\t\t\t";
$foundIDs = $foundIDs ? array_intersect(array_keys($matches), $foundIDs) : array_keys($matches);
}
} else {
$order = " order by page_pbd ";
}
}
if ($foundIDs) {
$select = ' page_pbd ';
$from = $public ? 'pagesBaseData_public' : 'pagesBaseData_edited';
$where .= $where && $foundIDs ? " and " : '';
$where .= $foundIDs ? " page_pbd in (" . implode($foundIDs, ',') . ") " : '';
if ($where) {
// Set SQL
$sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t" . $order . "\n\t\t\t\t\t";
$q = new CMS_query($sql);
//pr($sql);
$results = array();
$count = 0;
while ($arr = $q->getArray()) {
$id = $arr["page_pbd"];
if ($user->hasPageClearance($id, CLEARANCE_PAGE_VIEW)) {
$count++;
$results[$id] = $id;
}
}
}
}
} else {
// No results
$count = 0;
}
return array('nbresult' => $count, 'nblinksresult' => $allLinksNumber, 'results' => $results, 'score' => $matches);
}
/**
* Search messages
* Static function.
*
* @param string module : module to search messages
* @param string search : search message by value
* @param array languagesOnly : limit search to given languages codes
* @param array options : search options
* @param string direction : search is ordered by results id. Specify order direction (asc or desc). Default : asc
* @param integer start : search start offset
* @param integer limit : search limit (default : 0 : unlimited)
* @param integer resultsnb : return results count by reference
* @return array(id => msg)
* @access public
*/
static function searchMessages($module, $search = '', $languagesOnly = array(), $options = array(), $direction = 'asc', $start = 0, $limit = 0, &$resultsnb)
{
$start = (int) $start;
$limit = (int) $limit;
$direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
$emptyOnly = $idsOnly = false;
if (is_array($options)) {
$emptyOnly = isset($options['empty']) && $options['empty'] ? true : false;
$idsOnly = isset($options['ids']) && is_array($options['ids']) ? $options['ids'] : false;
}
$keywordsWhere = $languagesWhere = $emptyWhere = $orderBy = $orderClause = $idsWhere = '';
//get ids for which one message is missing
if ($emptyOnly) {
$qLanguages = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct language_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
$qIds = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct id_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
$allIds = $qIds->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
$missingIds = array();
while ($language = $qLanguages->getValue('language_mes')) {
$qLang = new CMS_query("\n\t\t\t\t\tselect \n\t\t\t\t\t\tdistinct id_mes\n\t\t\t\t\tfrom \n\t\t\t\t\t\tmessages\n\t\t\t\t\twhere\n\t\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\t\t\tand language_mes='" . $language . "'\n\t\t\t\t\t\tand message_mes != ''\n\t\t\t\t");
$ids = $qLang->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
$missingIds = array_merge($missingIds, array_diff($allIds, $ids));
}
if (!$missingIds) {
$resultsnb = 0;
return array();
}
$emptyWhere = ' and id_mes in (' . implode($missingIds, ',') . ')';
}
if ($idsOnly) {
$idsWhere = ' and id_mes in (' . io::sanitizeSQLString(implode($idsOnly, ',')) . ')';
}
if ($search) {
//clean user keywords (never trust user input, user is evil)
$search = strtr($search, ",;", " ");
if (isset($options['phrase']) && $options['phrase']) {
$search = str_replace(array('%', '_'), array('\\%', '\\_'), $search);
if (htmlentities($search) != $search) {
$keywordsWhere .= " and (\n\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($search)) . "%'\n\t\t\t\t\t)";
} else {
$keywordsWhere .= " and message_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%'";
}
} else {
$words = array();
$words = array_map("trim", array_unique(explode(" ", io::strtolower($search))));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
return array();
}
foreach ($cleanedWords as $cleanedWord) {
$keywordsWhere .= $keywordsWhere ? " and " : '';
if (htmlentities($aWord) != $aWord) {
$keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($cleanedWord)) . "%'\n\t\t\t\t\t\t)";
} else {
$keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\t\t)";
}
}
$keywordsWhere = ' and (' . $keywordsWhere . ')';
}
}
if (is_array($languagesOnly) && $languagesOnly) {
$languagesWhere = ' and language_mes in (\'' . implode($languagesOnly, '\',\'') . '\')';
}
$orderClause = "order by\n\t\t\tid_mes\n\t\t\t" . $direction;
$sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $languagesWhere . "\n\t\t\t" . $emptyWhere . "\n\t\t\t" . $idsWhere . "\n\t\t";
$q = new CMS_query($sql);
if (!$q->getNumRows()) {
$resultsnb = 0;
return array();
}
$messageIds = array();
$messageIds = $q->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
$sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id,\n\t\t\t\tmodule_mes as module,\n\t\t\t\tlanguage_mes as language,\n\t\t\t\tmessage_mes as message\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\tand id_mes in (" . implode($messageIds, ',') . ")\n\t\t\t\t" . $orderClause . "\n\t\t";
$q = new CMS_query($sql);
if (!$q->getNumRows()) {
$resultsnb = 0;
return array();
}
$messageGroups = array();
$messageGroups = $q->getAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC);
$resultsnb = count($messageGroups);
if ($limit) {
$messageGroups = array_slice($messageGroups, $start, $limit, true);
}
$messages = array();
foreach ($messageGroups as $key => $messageGroup) {
$messages[$key]['id'] = $key;
foreach ($messageGroup as $message) {
$messages[$key][$message['language']] = $message['message'];
}
}
return $messages;
}
/**
* Builds where statement with a key and its value
* The key can be a known string, this class will create statements in consequence
* or it can be a field id
*
* @access public
* @param string $key name of statement to set
* @param string $value , the value to give
* @param string $operator, additional optional search operator
* @return void or false if an error occured
*/
function addWhereCondition($type, $value, $operator = false)
{
if (!$type || !$value && !$operator) {
return;
}
//clean value
if (!is_object($value) && !is_array($value)) {
$value = sensitiveIO::sanitizeSQLString($value);
} elseif (is_array($value)) {
$value = array_map(array('sensitiveIO', 'sanitizeSQLString'), $value);
}
$operator = $operator ? io::decodeEntities($operator) : false;
$statusSuffix = $this->_public ? "_public" : "_edited";
switch ($type) {
case "object":
if ($value && !is_a($value, 'CMS_poly_object_definition')) {
$this->raiseError('Value must be a valid CMS_poly_object_definition.');
return false;
}
$this->_object = $value;
$this->_whereConditions['object'][] = array('value' => $value, 'operator' => $operator);
break;
case "item":
if (!sensitiveIO::isPositiveInteger($value)) {
$this->raiseError("Value must be a positive Integer.");
return false;
}
$this->_whereConditions['item'][] = array('value' => $value, 'operator' => $operator);
break;
case "items":
if (!$value) {
$this->raiseError('Value must be a populated array.');
return false;
}
$this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
break;
case 'archives':
if ($this->_public && $this->_object->isPrimaryResource() && ($value == 1 || $value == 'true' || $value == true)) {
unset($this->_whereConditions['publication date before']);
unset($this->_whereConditions['publication date end']);
}
break;
case "itemsOrdered":
if (!$value) {
$this->raiseError('Value must be a populated array.');
return false;
}
$this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
$this->_orderConditions['itemsOrdered']['order'] = $value;
break;
case "profile":
if (!is_a($value, 'CMS_profile_user')) {
$this->raiseError('Value must be a valid CMS_profile_user.');
return false;
}
$this->_whereConditions['profile'][] = array('value' => $value, 'operator' => $operator);
break;
case "category":
//this search type is deprecated, keep it for compatibility but now it is replaced by direct field id access
//get field of categories for searched object type (assume it uses categories)
$categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->_object->getId());
$this->_whereConditions[$categoriesFields[0]][] = array('value' => $value, 'operator' => $operator);
break;
case "keywords":
if ($value) {
$this->_whereConditions['keywords'][] = array('value' => $value, 'operator' => $operator);
}
break;
case "publication date after":
// Date start
if ($this->_object->isPrimaryResource()) {
if (!is_a($value, 'CMS_date')) {
$this->raiseError('Value must be a valid CMS_date.');
return false;
}
$this->_whereConditions['publication date after'][] = array('value' => $value, 'operator' => $operator);
}
break;
case "publication date before":
// Date End
if ($this->_object->isPrimaryResource()) {
if (!is_a($value, 'CMS_date')) {
$this->raiseError('Value must be a valid CMS_date.');
return false;
}
$this->_whereConditions['publication date before'][] = array('value' => $value, 'operator' => $operator);
}
break;
case "publication date end":
// End Date of publication
if ($this->_object->isPrimaryResource()) {
if (!is_a($value, 'CMS_date')) {
$this->raiseError('Value must be a valid CMS_date.');
return false;
}
$this->_whereConditions['publication date end'][] = array('value' => $value, 'operator' => $operator);
}
break;
case "status":
// Publication status
if ($this->_object->isPrimaryResource()) {
if (!in_array($value, array('online', 'offline', 'validated', 'awaiting'))) {
$this->raiseError('Status value must be one of them : online, offline, public, awaiting');
return false;
}
$this->_whereConditions['status'][] = array('value' => $value, 'operator' => $operator);
}
break;
default:
if (sensitiveIO::IsPositiveInteger($type)) {
$this->_whereConditions[$type][] = array('value' => $value, 'operator' => $operator);
break;
}
$this->raiseError('Unknown type : ' . $type . ' or value ' . $value);
return false;
break;
}
}
/**
* Run queued scripts.
* This method is used when background scripts are not used.
* It process a number of scripts defined by REGENERATION_THREADS constant
*
* @return void
* @access public
* @static
*/
static function runQueuedScripts()
{
//the sql which selects scripts to regenerate at a time
$sql_select = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tregenerator\n\t\t\tlimit\n\t\t\t\t" . sensitiveIO::sanitizeSQLString(REGENERATION_THREADS) . "\n\t\t";
$q = new CMS_query($sql_select);
$modules = array();
while ($data = $q->getArray()) {
//instanciate script module
if (!isset($modules[$data['module_reg']])) {
$modules[$data['module_reg']] = CMS_modulesCatalog::getByCodename($data['module_reg']);
}
//then send script task to module (return task title by reference)
$task = $modules[$data['module_reg']]->scriptTask(unserialize($data['parameters_reg']));
//delete the current script task
$sql_delete = "\n\t\t\t\tdelete\n\t\t\t\tfrom\n\t\t\t\t\tregenerator\n\t\t\t\twhere\n\t\t\t\t\tid_reg='" . $data['id_reg'] . "'";
$q_delete = new CMS_query($sql_delete);
}
}
/**
* Is given module is a poly module ?
*
* @param string $codename the codename of the module to check
* @return boolean true if yes, false otherwise
* @access public
*/
static function isPolymod($codename)
{
$sql = "select\n\t\t\t\t\t1\n\t\t\t\tfrom\n\t\t\t\t\tmodules\n\t\t\t\twhere\n\t\t\t\t\tcodename_mod='" . sensitiveIO::sanitizeSQLString($codename) . "'\n\t\t\t\t\tand isPolymod_mod='1'\n\t\t\t\t";
$q = new CMS_query($sql);
return $q->getNumRows() ? true : false;
}
/**
* Get by resource
*
* @param CMS_
* @return array(CMS_log)
* @access public
*/
static function getByResourceAction($moduleCodename, $resourceId, $action, $limit = false)
{
$sql = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tlog\n\t\t\twhere\n\t\t\t\tmodule_log='" . sensitiveIO::sanitizeSQLString($moduleCodename) . "'\n\t\t\t\tand resource_log='" . sensitiveIO::sanitizeSQLString($resourceId) . "'";
if (is_array($action)) {
$sql .= " and action_log in (" . sensitiveIO::sanitizeSQLString(implode(',', $action)) . ")";
} else {
$sql .= " and action_log='" . sensitiveIO::sanitizeSQLString($action) . "'";
}
$sql .= "\n\t\t\torder by\n\t\t\t\tdatetime_log desc\n\t\t";
if ($limit && sensitiveIO::isPositiveInteger($limit)) {
$sql .= " limit 0, " . $limit;
}
$logs = array();
$q = new CMS_query($sql);
if ($q->getNumRows()) {
$users = array();
while ($r = $q->getArray()) {
if (!isset($users[$r["user_log"]])) {
$users[$r["user_log"]] = CMS_profile_usersCatalog::getByID($r["user_log"]);
}
$lg = new CMS_log($r, $users[$r["user_log"]]);
if (!$lg->hasError()) {
$logs[] = $lg;
}
}
}
return $logs;
}
/**
* Search users
* Static function.
*
* @param string search : search user by lastname, firstname or login
* @param string letter : search user by first lastname letter
* @param integer group : search user by group ID
* @param string order : order by fieldname (without suffix). default : lastname, firstname
* @param integer start : search start offset
* @param integer limit : search limit (default : 0 : unlimited)
* @param boolean activeOnly : return only active users (default : false)
* @param boolean returnObjects : return CMS_profile_user objects (default) or array of userId
* @return array(CMS_profile_user)
* @access public
*/
static function search($search = '', $letter = '', $group = '', $order = '', $direction = 'asc', $start = 0, $limit = 0, $activeOnly = false, $returnObjects = true, &$score = array())
{
$start = (int) $start;
$limit = (int) $limit;
$group = (int) $group;
$direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
$keywordsWhere = $letterWhere = $groupWhere = $orderBy = $orderClause = $idWhere = '';
$select = 'id_pru';
if (io::strpos($search, ':noroot:') !== false) {
$idWhere = " and id_pru != '" . ROOT_PROFILEUSER_ID . "'";
$search = trim(str_replace(':noroot:', '', $search));
}
if (io::substr($search, 0, 5) == 'user:'******'" . sensitiveIO::sanitizeSQLString(io::substr($search, 5)) . "'";
$search = '';
}
if (io::substr($search, 0, 6) == 'group:' && sensitiveIO::isPositiveInteger(io::substr($search, 6))) {
$group = io::substr($search, 6);
$search = '';
}
if ($search) {
//clean user keywords (never trust user input, user is evil)
$keyword = strtr($search, ",;", " ");
$words = array();
$words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
if (htmlentities($aWord) != $aWord) {
$cleanedWords[] = htmlentities($aWord);
}
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
return array();
}
foreach ($cleanedWords as $cleanedWord) {
$keywordsWhere .= $keywordsWhere ? " and " : '';
$keywordsWhere .= " (\n\t\t\t\t\tlastName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor firstName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor login_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
}
$keywordsWhere = ' and ((' . $keywordsWhere . ')';
$select .= " , MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') as m ";
$keywordsWhere .= " or MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') )";
}
if ($letter && io::strlen($letter) === 1) {
$letterWhere = " and lastName_pru like '" . sensitiveIO::sanitizeSQLString($letter) . "%'";
}
if ($group) {
$groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($group, false);
if (!$groupUsers) {
return array();
}
$groupWhere = " and id_pru in (" . implode(',', $groupUsers) . ")";
}
if ($order != 'score') {
if ($order) {
$found = false;
$sql = "DESCRIBE profilesUsers";
$q = new CMS_query($sql);
while ($field = $q->getValue('Field')) {
if ($field == $order . '_pru') {
$found = true;
}
}
if ($found) {
$orderBy = $order . '_pru';
} else {
$orderBy = 'lastName_pru,firstName_pru';
}
} else {
$orderBy = 'lastName_pru,firstName_pru';
}
if ($orderBy) {
$orderClause = "order by\n\t\t\t\t\t" . $orderBy . "\n\t\t\t\t\t" . $direction;
}
} elseif ($search) {
$orderClause = " order by m " . $direction;
}
$sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tprofilesUsers\n\t\t\twhere \n\t\t\t deleted_pru='0'\n\t\t\t" . ($activeOnly ? " and active_pru='1' " : '') . "\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $letterWhere . "\n\t\t\t" . $groupWhere . "\n\t\t\t" . $idWhere . "\n\t\t\t" . $orderClause . "\n\t\t";
if ($limit) {
$sql .= "limit \n\t\t\t\t" . $start . ", " . $limit;
}
$q = new CMS_query($sql);
//pr($sql);
//pr($q->getNumRows());
$users = array();
while ($r = $q->getArray()) {
$id = $r['id_pru'];
//set match score if exists
if (isset($r['m'])) {
$score[$id] = $r['m'];
}
if ($returnObjects) {
$usr = CMS_profile_usersCatalog::getByID($id);
if (is_a($usr, "CMS_profile_user") && !$usr->hasError()) {
if ($activeOnly && $usr->isActive() || !$activeOnly) {
$users[] = $usr;
}
}
} else {
$users[] = $id;
}
}
//pr($score);
return $users;
}
/**
* Return all the rows available
*
* @param CMS_profile_user $cms_user : restrict to user rights on modules (default : false)
* @param integer $tplId : restrict to rows usable in given template (default : false)
* @param string $csId : restrict to rows usable in given clientspace (default : false)
* @param integer $start : start position
* @param integer $limit : limit position
* @param integer $count : number of rows found (passed by reference)
* @access public
*/
static function getAll($includeInactive = false, $keyword = '', $groups = array(), $rowIds = array(), $user = false, $tplId = false, $csId = false, $start = 0, $limit = 0, $returnObjects = true, &$score = array())
{
$select = 'id_row';
$where = '';
//keywords
if ($keyword) {
//clean user keywords (never trust user input, user is evil)
$keyword = strtr($keyword, ",;", " ");
$words = array();
$words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
return array();
}
$keywordWhere = '';
foreach ($cleanedWords as $cleanedWord) {
$keywordWhere .= $keywordWhere ? ' and ' : '';
$keywordWhere .= " (\n\t\t\t\t\tdescription_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor label_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
}
$where .= $where ? ' and ' : '';
$where .= " ((" . $keywordWhere . ") or MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') )";
$select .= " , MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') as m ";
}
$sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tmod_standard_rows\n\t\t";
//groups
if ($groups) {
foreach ($groups as $group) {
$where .= $where ? ' and ' : '';
$where .= " (\n\t\t\t\t\tgroupsStack_row='" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t)";
}
}
//useable
if (!$includeInactive) {
$where .= $where ? ' and ' : '';
$where .= " useable_row=1 ";
}
//rowIds
if ($rowIds) {
$where .= $where ? ' and ' : '';
$where .= " id_row in (" . implode(',', $rowIds) . ") ";
}
if ($tplId) {
$where .= $where ? ' and ' : '';
$where .= " (\n\t\t\t\ttplfilter_row=''\n\t\t\t\tor tplfilter_row='" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t) ";
}
//user
if (is_object($user) && !$user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
$groupsDenied = $user->getRowGroupsDenied();
$groupsDenied = $groupsDenied->getElements();
if ($groupsDenied) {
$where .= $where ? ' and (' : '(';
foreach ($groupsDenied as $group) {
$where .= " (\n\t\t\t\t\t\tgroupsStack_row != '" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t) and";
}
//remove last "or" and append )
$where = io::substr($where, 0, -3) . ')';
}
}
$sql = $sql . ($where ? ' where ' . $where : '');
//order
if (io::strpos($sql, 'MATCH') === false) {
$sql .= " order by label_row ";
} else {
$sql .= " order by m desc ";
}
//limit
if ($start || $limit) {
$sql .= " limit " . sensitiveIO::sanitizeSQLString($start) . "," . sensitiveIO::sanitizeSQLString($limit);
}
//pr($sql);
$q = new CMS_query($sql);
$rows = array();
while ($r = $q->getArray()) {
$id = $r['id_row'];
//set match score if exists
if (isset($r['m'])) {
$score[$id] = $r['m'];
}
if ($returnObjects) {
$row = new CMS_row($id);
if (!$row->hasError()) {
$rows[$row->getID()] = $row;
}
} else {
$rows[$id] = $id;
}
}
return $rows;
}
/**
* Get toolbar by code
*
* @param string $code the toolbar code to get
* @param CMS_profile_user $user the toolbar elements to set
* @return array the toolbars
* @access public
* @static
*/
function getByCode($code, &$user)
{
$sql = "\n\t\t\tselect\n\t\t\t\tid_tool\n\t\t\tfrom\n\t\t\t\ttoolbars\n\t\t\twhere\n\t\t\t\tcode_tool = '" . sensitiveIO::sanitizeSQLString($code) . "'\n\t\t";
$q = new CMS_query($sql);
return $q->getNumRows() ? new CMS_wysiwyg_toolbar($q->getValue("id_tool"), $user) : false;
}
if ($cms_action == "finalisation") {
//Application Label
if (!isset($_POST["label"]) || !$_POST["label"]) {
$error .= $error_step8_label . '<br />';
} else {
//set values in standard_rc.xml file
$module = CMS_modulesCatalog::getByCodename('standard');
$moduleParameters = $module->getParameters(false, true);
$moduleParameters['APPLICATION_LABEL'][0] = $_POST["label"];
$module->setAndWriteParameters($moduleParameters);
//change root page Name
//in edited table
$sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_edited \n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
$q = new CMS_query($sql);
//in public table
$sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_public\n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
$q = new CMS_query($sql);
}
//No application email
if (isset($_POST["no_application_email"]) && $_POST["no_application_email"] == 1) {
//set values in standard_rc.xml file
$module = CMS_modulesCatalog::getByCodename('standard');
$moduleParameters = $module->getParameters(false, true);
$moduleParameters['NO_APPLICATION_MAIL'][0] = 1;
$module->setAndWriteParameters($moduleParameters);
}
//Change resources creation date to force all regenerations at first launch
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tresourceStatuses\n\t\t\t\tset\n\t\t\t\t\tpublicationDateStart_rs = NOW(),\n\t\t\t\t\tpublication_rs = '1'\n\t\t\t\twhere\n\t\t\t\t\tpublication_rs = '2'\n\t\t\t";
$q = new CMS_query($sql);
//change default user language
if ($install_language == 'en') {
/**
* Return a template ID corresponding of a given clone ID
*
* @param integer cloneID : the clone ID to get template ID
* @return integer : the template ID or false if none found
* @access public
*/
static function getTemplateIDForCloneID($cloneID)
{
$sql = "\n\t\t\tselect\n\t\t\t\tdefinitionFile_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tid_pt = '" . sensitiveIO::sanitizeSQLString($cloneID) . "'\n\t\t";
$q = new CMS_query($sql);
if (!$q->getNumRows()) {
return false;
} else {
$definition = $q->getValue('definitionFile_pt');
}
if (!$definition) {
return false;
}
$sql = "\n\t\t\tselect\n\t\t\t\tid_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tprivate_pt='0'\n\t\t\t\tand definitionFile_pt = '" . $definition . "'\n\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
return $q->getValue('id_pt');
} else {
return false;
}
}
/**
* Returns boolean depending on wheather label exists or not
* Static function.
*
* @param string $label
* @param integer $groupId
* @access public
*/
static function labelExists($label, $groupId = 0)
{
if ((SensitiveIO::isPositiveInteger($groupId) || $groupId == 0) && $label) {
$sqlWhere = '';
if ($groupId) {
$sqlWhere = "\n\t\t\t\t\tid_prg != '" . $groupId . "' \n\t\t\t\t and ";
}
$sql = "\n\t\t\t\tselect distinct\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\twhere\n\t\t\t\t\t" . $sqlWhere . "\n\t\t\t\t\tlabel_prg='" . trim(sensitiveIO::sanitizeSQLString($label)) . "'\n\t\t\t";
$q = new CMS_query($sql);
return $q->getNumRows();
}
// As label may exist
return true;
}
/**
* Duplicate this block
* Used to duplicate a CMS_page.
*
* @param CMS_page $destinationPage, the page receiving a copy of this block
* @param boolean $public The precision needed for USERSPACE location
* @return CMS_block object
*/
function duplicate(&$destinationPage, $public = false)
{
if (SensitiveIO::isPositiveInteger($this->_dbID)) {
$table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public);
$str_set = "\n\t\t\t\t\tpage='" . sensitiveIO::sanitizeSQLString($destinationPage->getID()) . "',\n\t\t\t\t\tclientSpaceID='" . sensitiveIO::sanitizeSQLString($this->_clientSpaceID) . "',\n\t\t\t\t\trowID='" . sensitiveIO::sanitizeSQLString($this->_rowID) . "',\n\t\t\t\t\tblockID='" . sensitiveIO::sanitizeSQLString($this->_tagID) . "',\n\t\t\t\t\ttype='CMS_block_polymod',\n\t\t\t\t\tvalue='" . sensitiveIO::sanitizeSQLString(serialize($this->_value)) . "'\n\t\t\t";
$sql = "\n\t\t\t\tinsert into\n\t\t\t\t\t" . $table . "\n\t\t\t\tset\n\t\t\t\t\t" . $str_set . "\n\t\t\t";
$q = new CMS_query($sql);
if (!$q->hasError()) {
//Table Edition
$sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\tset\n\t\t\t\t\t\tid='',\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t";
$q = new CMS_query($sql);
return !$q->hasError();
} else {
$this->raiseError("Insertion failed: " . $sql);
}
} else {
$this->raiseError("Object does not have a DB ID, not initialized");
}
return false;
}
/**
* Return a list of all fields for a given module which uses external references such as users or pages
* Used to track cache reference usage
*
* @param string $codename the module codename to get plugins
* @return array(int refID => string ref type)
* @access public
*/
static function getFieldsReferencesUsage($codename = false)
{
static $moduleReferences;
if (!$codename) {
$codename = 'all';
}
if (!isset($moduleReferences[$codename])) {
$moduleReferences[$codename] = array();
$sql = "select\n\t\t\t\t\t\tid_mof, type_mof\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_object_definition,\n\t\t\t\t\t\tmod_object_field\n\t\t\t\t\twhere ";
if ($codename != 'all') {
$sql .= " module_mod='" . sensitiveIO::sanitizeSQLString($codename) . "' and ";
}
$sql .= "\n\t\t\t\t\t\tobject_id_mof = id_mod\n\t\t\t\t\t\tand type_mof = 'CMS_object_usergroup' or type_mof = 'CMS_object_page' \n\t\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
while ($r = $q->getArray()) {
if ($r['type_mof'] == 'CMS_object_page') {
$moduleReferences[$codename][$r['id_mof']]['module'][] = MOD_STANDARD_CODENAME;
} elseif ($r['type_mof'] == 'CMS_object_usergroup') {
$moduleReferences[$codename][$r['id_mof']]['resource'][] = 'users';
}
}
}
}
return $moduleReferences[$codename];
}
/**
* Writes the block data into persistence (destroys previous and insert new)
*
* @param integer $pageID The page which contains the client space, DB ID
* @param integer $clientSpaceID The client space which contains the row, DB ID
* @param integer $rowID The row which contains the block, DB ID
* @param integer $location The location we want to completly remove the block from
* @param boolean $public The precision needed for USERSPACE location
* @param array(mixed=>mixed) $data The data indexed by data type (value, file, alt_tag, ...),
* @return boolean true on success, false on failure
* @access public
*/
function writeToPersistence($pageID, $clientSpaceID, $rowID, $location, $public, $data)
{
parent::writeToPersistence($pageID, $clientSpaceID, $rowID, $location, $public, $data);
//delete the old data
$this->delFromLocation($pageID, $clientSpaceID, $rowID, $location, $public);
$table = $this->_getDataTableName($location, $public);
$sql = "\n\t\t\tinsert into\n\t\t\t\t" . $table . "\n\t\t\tset\n\t\t\t\tpage='" . sensitiveIO::sanitizeSQLString($pageID) . "',\n\t\t\t\tclientSpaceID='" . sensitiveIO::sanitizeSQLString($clientSpaceID) . "',\n\t\t\t\trowID='" . sensitiveIO::sanitizeSQLString($rowID) . "',\n\t\t\t\tblockID='" . sensitiveIO::sanitizeSQLString($this->_tagID) . "',\n\t\t\t\ttype='CMS_block_cms_forms',\n\t\t\t\tvalue='" . sensitiveIO::sanitizeSQLString(serialize($data["value"])) . "'\n\t\t";
$q = new CMS_query($sql);
if ($q->hasError()) {
return false;
} else {
return true;
}
}
/**
* Get search results objects for module by Id
*
* @param array : the results score ids
* @return array : results elements (cms_page)
* @access public
*/
function getSearchResults($resultsIds, &$user)
{
if (!$resultsIds || !is_array($resultsIds)) {
return array();
}
$cms_language = $user->getLanguage();
//get results object types
$sql = "\n\t\t\tselect\n\t\t\t\tobject_type_id_moo as type, id_moo as id\n\t\t\tfrom\n\t\t\t\tmod_object_polyobjects\n\t\t\twhere\n\t\t\t\tid_moo in (" . sensitiveIO::sanitizeSQLString(implode(',', $resultsIds)) . ")\n\t\t";
$q = new CMS_query($sql);
$resultsType = array();
while ($r = $q->getArray()) {
$resultsType[$r['type']][] = $r['id'];
}
$results = array();
foreach ($resultsType as $type => $ids) {
//load current object definition
$object = CMS_poly_object_catalog::getObjectDefinition($type);
//create search object for current object
$search = new CMS_object_search($object);
$search->addWhereCondition("items", $ids);
$search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS);
//launch search
$objectLabel = $object->getLabel($cms_language);
// Check if need to use a specific display for search results
$resultsDefinition = $object->getValue('resultsDefinition');
if ($resultsDefinition) {
$definitionParsing = new CMS_polymod_definition_parsing($resultsDefinition, true, CMS_polymod_definition_parsing::PARSE_MODE);
$itemsResourcesFiles = '';
// Add specific css and js files we use the resultsDefinition
if (file_exists(PATH_CSS_FS . '/modules/' . $this->getCodename() . '.css')) {
$itemsResourcesFiles .= '<link rel="stylesheet" type="text/css" href="' . PATH_CSS_WR . '/modules/' . $this->getCodename() . '.css" />';
}
$jsFiles = $this->getJSFiles();
if ($jsFiles) {
foreach ($jsFiles as $jsfile) {
$itemsResourcesFiles .= '<script type="text/javascript" src="' . $jsfile . '"></script>' . "\n";
}
}
} else {
//load fields objects for object
$objectFields = CMS_poly_object_catalog::getFieldsDefinition($object->getID());
}
//loop on results items
while ($item = $search->getNextResult()) {
//Resource related informations
$htmlStatus = $pubRange = '';
$lock = $deleted = $primaryResource = false;
if ($object->isPrimaryResource()) {
$status = $item->getStatus();
if (is_object($status)) {
$htmlStatus = $status->getHTML(false, $user, $this->getCodename(), $item->getID());
$pubRange = $status->getPublicationRange($cms_language);
$lock = $item->getLock();
$deleted = $item->getProposedLocation() == RESOURCE_LOCATION_DELETED;
}
$primaryResource = true;
}
//Edit
$edit = false;
if (!$deleted && (!$lock || $lock == $user->getUserId())) {
$edit = array('url' => PATH_ADMIN_MODULES_WR . '/' . MOD_POLYMOD_CODENAME . '/item.php', 'type' => 'window', 'params' => array('module' => $this->getCodename(), 'type' => $type, 'item' => $item->getID()));
}
//Previz
$view = false;
if ($object->getValue("previewURL")) {
$view = array('url' => $item->getPrevizPageURL(), 'type' => 'frame');
}
//HTML description
$description = POLYMOD_DEBUG ? '<span class="atm-text-alert"> (ID : ' . $item->getID() . ')</span>' : '';
if ($resultsDefinition) {
//set execution parameters
$parameters = array();
$parameters['module'] = $this->getCodename();
$parameters['objectID'] = $object->getID();
$parameters['public'] = false;
$parameters['item'] = $item;
$description .= $definitionParsing->getContent(CMS_polymod_definition_parsing::OUTPUT_RESULT, $parameters);
if ($itemsResourcesFiles) {
$description = $itemsResourcesFiles . $description;
}
} else {
$itemFieldsObjects = $item->getFieldsObjects();
//Add all needed fields to description
foreach ($itemFieldsObjects as $fieldID => $itemField) {
//if field is a poly object
if ($objectFields[$fieldID]->getValue('searchlist')) {
$description .= $objectFields[$fieldID]->getLabel($cms_language) . ' : <strong>' . $itemField->getHTMLDescription() . '</strong><br />';
}
}
}
$results[$item->getID()] = array('id' => $item->getID(), 'type' => $objectLabel, 'status' => $htmlStatus, 'pubrange' => $pubRange, 'label' => $item->getLabel(), 'description' => $description, 'resource' => $primaryResource ? array('module' => $this->getCodename(), 'resource' => $item->getID(), 'action' => 'unlock') : false, 'edit' => $edit, 'view' => $view);
}
}
return $results;
}
/**
* Get form field by it's name
*
* @param string $fieldName : the form field name to get
* @param boolean $outputobjects : return array of CMS_forms_field instead of array of ids (default : false)
* @param boolean $withDesactivedFields : add desactived fields to returned list (default : false)
* @access public
* @return array of CMS_forms_field
*/
function getFieldByName($fieldName, $outputobjects = false, $withDesactivedFields = false)
{
$sql = "\n\t\t\tselect\n\t\t\t\tid_fld as id\n\t\t\tfrom\n\t\t\t\tmod_cms_forms_fields\n\t\t\twhere\n\t\t\t\tform_fld='" . $this->getID() . "'\n\t\t\t\tand name_fld='" . sensitiveIO::sanitizeSQLString($fieldName) . "'\n\t\t";
if (!$withDesactivedFields) {
$sql .= " and active_fld = '1'";
}
$q = new CMS_query($sql);
if ($q->getNumRows()) {
if ($outputobjects) {
return new CMS_forms_field($q->getValue('id'));
} else {
return $q->getValue('id');
}
}
}
/**
* Authenticate user
* This method can
* - authenticate user throught authentification process
* - load already authenticated user in current session (or SSO)
* - disconnect user
*
* @param array $params : indexed array of authentification parameters (default : nothing)
* Accepted array keys are :
* - authenticate : boolean : default true if disconnect is not set
* - disconnect : boolean : default false
* - login : string : user login to authenticate
* - password : string : user password to authenticate
* - remember : boolean : default false
* - tokenName : string
* - token : string
* - type : string : type of authentification (admin|frontend) : default APPLICATION_USER_TYPE contant
* - ... and any parameter needed by authentifications processes handled by modules
* @return void
* @access public
* @static
*/
public static function authenticate($params = array())
{
//first clean old sessions datas from database
CMS_session::_cleanSessions();
// Get Zend Auth instance
$auth = Zend_Auth::getInstance();
// Use CMS_auth as session storage space
$auth->setStorage(new Zend_Auth_Storage_Session('atm-auth'));
//set authentification type
if (!isset($params['type'])) {
$params['type'] = APPLICATION_USER_TYPE;
}
//set permanent auth status
if (isset($params['remember']) && $params['remember']) {
self::$_permanent = true;
} else {
$params['remember'] = false;
}
//clear auth storage if disconnection is queried and set default authenticate value
if (isset($params['disconnect']) && $params['disconnect']) {
//log disconection if user exists
$storageValue = $auth->getStorage()->read();
if (io::isPositiveInteger($storageValue)) {
//load user
$user = CMS_profile_usersCatalog::getByID($storageValue);
if ($user) {
//log new session
$log = new CMS_log();
$log->logMiscAction(CMS_log::LOG_ACTION_DISCONNECT, $user, 'IP: ' . @$_SERVER['REMOTE_ADDR'] . ', UA: ' . @$_SERVER['HTTP_USER_AGENT']);
}
}
//clear session content
CMS_session::deleteSession(true);
if (!isset($params['authenticate'])) {
$params['authenticate'] = false;
}
} else {
$params['disconnect'] = false;
if (!isset($params['authenticate'])) {
$params['authenticate'] = true;
}
}
//init authenticated boolean
$authenticated = false;
//keep old storage value, because storage will be reseted by each module authentification
$storageValue = $auth->getStorage()->read();
//loop on each authentification types suupported
foreach (array('credentials', 'session', 'cookie', 'sso') as $authType) {
//load modules
$modules = CMS_modulesCatalog::getAll('id');
//get last module
$module = array_pop($modules);
//set authentification type as param
$params['authType'] = $authType;
//then try it for each modules
do {
//if module has auth method, try it
if (method_exists($module, 'getAuthAdapter')) {
//overwrite auth storage value with old value
$auth->getStorage()->write($storageValue);
//get module auth adapter
$authAdapter = $module->getAuthAdapter($params);
//authenticate user
self::$_result = $auth->authenticate($authAdapter);
//To debug Auth process easily, discomment this line
//CMS_grandFather::log($_SERVER['SCRIPT_NAME'].' - '.$module->getCodename().' - Auth type : '.$authType.'/'.$params['type'].' - Auth result : '.self::$_result->getCode().($auth->hasIdentity() ? ' - Identity : '.$auth->getIdentity() : '').' - Message : '.(sizeof(self::$_result->getMessages()) == 1 ? array_pop(self::$_result->getMessages()) : print_r(self::$_result->getMessages(), true)));
switch (self::$_result->getCode()) {
case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
//user crendentials does not exists (ex: no login/pass provided)
//nothing for now
break;
case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
//invalid login/pass
//nothing for now
break;
case Zend_Auth_Result::SUCCESS:
if ($auth->hasIdentity()) {
// get user from identity found
$user = $authAdapter->getUser($auth->getIdentity());
//check if user is valid
if (isset($user) && $user && !$user->hasError() && !$user->isDeleted() && $user->isActive()) {
$authenticated = true;
//overwrite auth identity with valid user Id
$auth->getStorage()->write($user->getUserId());
} else {
unset($user);
}
}
break;
case Zend_Auth_Result::FAILURE:
//user found but has error during loading (user inactive or deleted)
//nothing for now
break;
default:
//other unidentified cases : thrown an error
CMS_grandFather::raiseError('Authentification return code ' . self::$_result->getCode() . ' for module ' . $module->getCodename() . ' with parameters ' . print_r($params, true));
break;
}
}
//get next last module
$module = array_pop($modules);
} while (!$authenticated && $module);
//if user is authenticated, break authentification foreach
if ($authenticated) {
break;
}
}
//if authenticated : set or refresh session datas in table, regenerate session Id
if ($authenticated && $user) {
$q = new CMS_query("\n\t\t\tselect \n\t\t\t\tid_ses, cookie_expire_ses\n\t\t\tfrom \n\t\t\t\tsessions \n\t\t\twhere \n\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString(Zend_Session::getId()) . "' \n\t\t\t\tand user_ses='" . sensitiveIO::sanitizeSQLString($user->getUserId()) . "'");
//get old session Id
$oldSessionId = Zend_Session::getId();
if ($q->getNumRows() > 0) {
//if session already exists : update it
//regenerate session Id randomly (arround 1/100 times)
//removed : cause session instability
/*if (!rand(0, 100)) {
//session id should not be regenerated each times because in case of a lot of concurrent calls, session can be destroyed
Zend_Session::regenerateId();
}*/
$r = $q->getArray();
$id = $r['id_ses'];
//Cookie
if (self::$_permanent || $r['cookie_expire_ses'] != '0000-00-00 00:00:00') {
self::$_permanent = true;
// Cookie expire in APPLICATION_COOKIE_EXPIRATION days
$expires = time() + 60 * 60 * 24 * APPLICATION_COOKIE_EXPIRATION;
CMS_session::setCookie(CMS_session::getAutoLoginCookieName(), base64_encode($id . '|' . Zend_Session::getId()), $expires);
}
//DB session
$sql = "\n\t\t\t\t\tupdate \n\t\t\t\t\t\tsessions \n\t\t\t\t\tset\n\t\t\t\t\t\tlastTouch_ses=NOW(),\n\t\t\t\t\t\tuser_ses='" . sensitiveIO::sanitizeSQLString($user->getUserId()) . "',\n\t\t\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString(Zend_Session::getId()) . "',\n\t\t\t\t\t\tremote_addr_ses='" . sensitiveIO::sanitizeSQLString(@$_SERVER['REMOTE_ADDR']) . "'";
if (self::$_permanent) {
$sql .= ",\n\t\t\t\t\t\tcookie_expire_ses = DATE_ADD(NOW(), INTERVAL " . APPLICATION_COOKIE_EXPIRATION . " DAY)";
}
$sql .= "\n\t\t\t\t\twhere\n\t\t\t\t\t \tid_ses='" . sensitiveIO::sanitizeSQLString($id) . "'";
$q = new CMS_query($sql);
//if autologin : log it
if (in_array(CMS_auth::AUTH_AUTOLOGIN_VALID, self::$_result->getMessages())) {
//log autologin session
$log = new CMS_log();
$log->logMiscAction(CMS_log::LOG_ACTION_AUTO_LOGIN, $user, 'IP: ' . @$_SERVER['REMOTE_ADDR'] . ', UA: ' . @$_SERVER['HTTP_USER_AGENT']);
}
} else {
//otherwhise, create user session
//regenerate session Id
Zend_Session::regenerateId();
//delete old session record if any
$q = new CMS_query("\n\t\t\t\t\tdelete\n\t\t\t\t\tfrom \n\t\t\t\t\t\tsessions \n\t\t\t\t\twhere \n\t\t\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString($oldSessionId) . "'");
//insert new session record
$sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\tsessions\n\t\t\t\t\tset\n\t\t\t\t\t\tlastTouch_ses=NOW(),\n\t\t\t\t\t\tphpid_ses='" . sensitiveIO::sanitizeSQLString(Zend_Session::getId()) . "',\n\t\t\t\t\t\tuser_ses='" . sensitiveIO::sanitizeSQLString($user->getUserId()) . "',\n\t\t\t\t\t\tremote_addr_ses='" . sensitiveIO::sanitizeSQLString(@$_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t";
if (self::$_permanent) {
$sql .= ",\n\t\t\t\t\tcookie_expire_ses = DATE_ADD(NOW(), INTERVAL " . APPLICATION_COOKIE_EXPIRATION . " DAY)";
}
$q = new CMS_query($sql);
if (!$q->hasError() && self::$_permanent) {
// Cookie expire in APPLICATION_COOKIE_EXPIRATION days
$expires = time() + 60 * 60 * 24 * APPLICATION_COOKIE_EXPIRATION;
CMS_session::setCookie(CMS_session::getAutoLoginCookieName(), base64_encode($q->getLastInsertedID() . '|' . Zend_Session::getId()), $expires);
}
//log new session
$log = new CMS_log();
$log->logMiscAction(CMS_log::LOG_ACTION_LOGIN, $user, 'Permanent cookie: ' . (self::$_permanent ? 'Yes' : 'No') . ', IP: ' . @$_SERVER['REMOTE_ADDR'] . ', UA: ' . @$_SERVER['HTTP_USER_AGENT']);
}
//set user as currently logged user
self::$_userID = $user->getUserId();
} else {
if (APPLICATION_USER_TYPE == "frontend" && APPLICATION_ENFORCES_ACCESS_CONTROL) {
//set public user as currently logged user
self::$_userID = ANONYMOUS_PROFILEUSER_ID;
}
}
//for backward compatibility
$_SESSION["cms_context"] = new CMS_context();
}
/**
* Check if item is deleted
*
* @param integer $itemID The item ID to check as deleted
* @return boolean true if ite is deleted, false otherwise
*/
function isDeletedItem($itemID)
{
static $deletedItems;
if (!isset($deletedItems[$itemID])) {
//set deleted status to item
$sql = "\n\t\t\t\tselect\n\t\t\t\t\t1\n\t\t\t\tfrom\n\t\t\t\t\tmod_object_polyobjects\n\t\t\t\twhere\n\t\t\t\t\tid_moo = '" . sensitiveIO::sanitizeSQLString($itemID) . "'\n\t\t\t\t\tand deleted_moo = '1'\n\t\t\t";
$q = new CMS_query($sql);
$deletedItems[$itemID] = $q->getNumRows() ? true : false;
}
return $deletedItems[$itemID];
}
/**
* Attach a page to the tree (references it in the linx_tree tables)
* Static function.
*
* @param mixed $page The page to attach
* @param mixed $ancestor The father to attach to
* @param boolean $publicTree Do we want to fetch the public tree or the edited one ?
* @return boolean true on success, false on failure
* @access private
*/
static function attachPageToTree($page, $ancestor, $publicTree = false)
{
//check argument is a page
if (!is_a($page, "CMS_page") && !sensitiveIO::isPositiveInteger($page)) {
CMS_grandFather::raiseError("Page must be instance of CMS_page or positive integer");
return false;
}
$pageId = is_object($page) ? $page->getID() : $page;
//check argument is a page
if (!is_a($ancestor, "CMS_page") && !sensitiveIO::isPositiveInteger($ancestor)) {
CMS_grandFather::raiseError("Ancestor must be instance of CMS_page or positive integer");
return false;
}
$ancestorId = is_object($ancestor) ? $ancestor->getID() : $ancestor;
$table = $publicTree ? "linx_tree_public" : "linx_tree_edited";
//check that the page ain't already in the tree
if (CMS_tree::hasAncestor($pageId, $publicTree)) {
return true;
}
if ($publicTree) {
//get the edited sibling order of the page if any
$sql = "\n\t\t\t\tselect\n\t\t\t\t\torder_ltr as eo\n\t\t\t\tfrom\n\t\t\t\t\tlinx_tree_edited\n\t\t\t\twhere\n\t\t\t\t\tsibling_ltr='" . sensitiveIO::sanitizeSQLString($pageId) . "'\n\t\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
$sibling_order = $q->getValue("eo");
}
if (!sensitiveIO::isPositiveInteger($sibling_order)) {
//get the current sibling order of the ancestor
$sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tmax(order_ltr) as mo\n\t\t\t\t\tfrom\n\t\t\t\t\t\t" . $table . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tfather_ltr='" . sensitiveIO::sanitizeSQLString($ancestorId) . "'\n\t\t\t\t";
$q = new CMS_query($sql);
$sibling_order = $q->getValue("mo") + 1;
}
} else {
//get the current sibling order of the ancestor
$sql = "\n\t\t\t\tselect\n\t\t\t\t\tmax(order_ltr) as mo\n\t\t\t\tfrom\n\t\t\t\t\t" . $table . "\n\t\t\t\twhere\n\t\t\t\t\tfather_ltr='" . sensitiveIO::sanitizeSQLString($ancestorId) . "'\n\t\t\t";
$q = new CMS_query($sql);
$sibling_order = $q->getValue("mo") + 1;
}
//add page to the table
$sql = "\n\t\t\tinsert into\n\t\t\t\t" . $table . "\n\t\t\tset\n\t\t\t\tfather_ltr='" . sensitiveIO::sanitizeSQLString($ancestorId) . "',\n\t\t\t\tsibling_ltr='" . sensitiveIO::sanitizeSQLString($pageId) . "',\n\t\t\t\torder_ltr='" . $sibling_order . "'\n\t\t";
$q = new CMS_query($sql);
return true;
}