public function change($name, $author, $symbol, $description, $documentation) { if (!$this->_user->entrycan("changeentry", $this)) { return false; } if (!$author && $this->_user->name()) { $author = $this->_user->name(); } $db = new CodeKBDatabase(); $db->dosql("UPDATE entries " . "SET name = '{$db->string($name)}', " . "author = '{$db->string($author)}', " . "symbol = '{$db->string($symbol)}', " . "description = '{$db->string($description)}', " . "documentation = '{$db->string($documentation)}', " . "modified = now()" . "WHERE id = {$db->number($this->_id)}"); if ($db->success()) { $this->_name = $name; $this->_author = $author; $this->_symbol = $symbol; $this->_description = $description; return true; } throw new CodeKBException(__METHOD__, "entry", "failedchange", $name); }
function showlisting() { global $lang; global $user; global $site; global $conf; global $category; $site->title($category->name()); if ($user->can("addcat", $category)) { $site->addmenu("category.php?id=" . $category->id() . "&action=new", $lang['menu']['addcat'], $lang['menu']['addcatalt']); $site->addfooter("category.php?id=" . $category->id() . "&action=new", "newcat", $lang['menu']['addcat'], $lang['menu']['addcatalt']); } if ($user->can("addentry", $category)) { $site->addmenu("entry.php?cat=" . $category->id() . "&action=new", $lang['menu']['addentry'], $lang['menu']['addentryalt']); $site->addfooter("entry.php?cat=" . $category->id() . "&action=new", "newentry", $lang['menu']['addentry'], $lang['menu']['addentryalt']); } if ($category->id() != 0 && $user->can("changecat", $category)) { $site->addfooter("category.php?id=" . $category->id() . "&action=change", "configure", $lang['menu']['changecat'], $lang['menu']['changecatalt']); } if ($category->id() != 0 && $user->can("delcat", $category)) { $site->addfooter("category.php?id=" . $category->id() . "&action=delete", "delete", $lang['menu']['delcat'], $lang['menu']['delcatalt']); } $site->addfooter("help.php?on=category", "help", $lang['menu']['help'], $lang['menu']['helpalt']); // Sorting stuff $sort = $_SESSION['sort'] ? $_SESSION['sort'] : urldecode($_COOKIE['codekb_sort']); $order = $_SESSION['order'] != "" ? $_SESSION['order'] : urldecode($_COOKIE['codekb_order']); $age = $_SESSION['age'] != "" ? $_SESSION['age'] : urldecode($_COOKIE['codekb_age']); $whichage = $_SESSION['wage'] != "" ? $_SESSION['wage'] : urldecode($_COOKIE['codekb_wage']); $entriesperpage = $_SESSION['epp'] != "" ? $_SESSION['epp'] : urldecode($_COOKIE['codekb_epp']); if (!$entriesperpage) { $entriesperpage = $conf['layout']['entriesperpage']; } switch ($sort) { case $lang['sort']['sortbycreatedate']: $sort = "created"; break; case $lang['sort']['sortbymodifydate']: $sort = "modified"; break; case $lang['sort']['sortbyname']: default: $sort = "name"; } switch ($order) { case $lang['sort']['descending']: $order = "DESC"; break; case $lang['sort']['ascending']: default: $order = "ASC"; } $sortorder = $sort . " " . $order; if ($age != $lang['search']['all'] && $whichage) { if ($whichage == $lang['sort']['sortbymodifydate']) { $wage = "modified"; } else { $wage = "created"; } switch ($age) { case $lang['search']['1day']: $age = 86400; break; case $lang['search']['7days']: $age = 604800; break; case $lang['search']['1month']: $age = 2592000; break; case $lang['search']['3months']: $age = 7776000; break; case $lang['search']['6months']: $age = 15552000; break; case $lang['search']['1year']: $age = 31536000; break; default: $age = time(); } $filter = "AND entries." . CodeKBDatabase::string($wage) . " > '" . CodeKBDatabase::string(date("Y-m-d H:i:s", time() - $age)) . "' "; } if ($_GET['offset']) { $offset = $_GET['offset']; } else { $offset = 0; } $list = new CodeKBTemplate("listing"); // Categories $categories = $category->listcategories(); $i = 0; $count = 4; $listcode = ""; foreach ($categories as $cat) { $listitem = new CodeKBTemplate("listitem"); if ($i % $count == 0) { $listitem->push("first", true); } $listitem->push("icon", url("category.php?id=" . $cat['id'], icon("category", $cat['name']), $cat['name']) . "\n"); $listitem->push("name", url("category.php?id=" . $cat['id'], htmlentities($cat['name']), $cat['name'])); // Do we want to show subcategory and entry counts? if ($conf['layout']['showcounts']) { $listitem->push("catdescr", $lang['category']['subcats']); $listitem->push("entdescr", $lang['category']['entries']); $catcount = $category->listcategories(null, $conf['layout']['showcountsrecursive'] ? "1" : "0", $cat['id']); $listitem->push("count", true); $listitem->push("catcount", count($catcount)); $entrycount = count($category->listentries(null, null, $cat['id'])); if ($conf['layout']['showcountsrecursive']) { foreach ($catcount as $val) { $entrycount += count($category->listentries(null, null, $val['id'])); } } $listitem->push("entrycount", $entrycount); } $listitem->push("description", htmlentities($cat['description'])); $i++; if ($i % $count == 0) { $listitem->push("last", true); } $listcode .= $listitem->__toString(); unset($listitem); } $list->push("categories", $listcode); // Entries $entries = $category->listentries($sortorder, $filter); $list->push("changeview", url("category.php?id=" . $category->id() . "&action=sort", $lang['sort']['changeview'], $lang['sort']['changeviewalt'])); $entriescount = count($entries); if ($entriesperpage == $lang['search']['all']) { $entriesperpage = $entriescount; } if ($offset >= $entriescount) { $offset = $entriescount - 1; } if (!is_numeric($offset) || $offset <= 0) { $offset = 0; } if ($entriescount > 0) { $pages = ceil($entriescount / $entriesperpage); $currentpage = ceil($offset / $entriesperpage) + 1; $pagesting = ""; if ($pages > 1) { // Go to the given offset for ($i = 0; $i < $offset * $entriesperpage - 1; $i++) { if (is_array($entries)) { array_shift($entries); } } $pagestring .= url("category.php?id=" . $category->id() . "&offset=" . ($offset <= 0 ? "0" : $offset - 1), $lang['search']['last'], $lang['search']['lastalt']) . " "; for ($i = 1; $i <= $pages; $i++) { if ($i == $currentpage) { $pagestring .= $i . " "; } else { $pagestring .= url("category.php?id=" . $category->id() . "&offset=" . ($i - 1), $i, phrasereplace($lang['search']['page'], "%1%", $i)) . " "; } } $pagestring .= url("category.php?id=" . $category->id() . "&offset=" . ($offset >= $entriescount - 1 ? $entriescount - 1 : $offset + 1), $lang['search']['next'], $lang['search']['nextalt']); } $list->push("pages", $pagestring); } $i = 0; $count = 3; $listcode = ""; foreach ($entries as $entry) { $listitem = new CodeKBTemplate("listitem"); if ($i % $count == 0) { $listitem->push("first", true); } $listitem->push("icon", url("entry.php?id=" . $entry['id'] . "&cat=" . $category->id(), icon($entry['symbol'], $entry['name']), $entry['name']) . "\n"); $listitem->push("name", url("entry.php?id=" . $entry['id'] . "&cat=" . $category->id(), htmlentities($entry['name']), $entry['name'])); $listitem->push("description", htmlentities($entry['description'])); $i++; if ($entriesperpage != $lang['search']['all'] && $i == $entriesperpage) { $listitem->push("last", true); break; } if ($i % $count == 0 || $i == $entriescount) { $listitem->push("last", true); } $listcode .= $listitem->__toString(); unset($listitem); } $list->push("entries", $listcode); $site->addcontent($list); return true; }
function icon($name, $text) { $db = new CodeKBDatabase(); $db->dosql("SELECT symbol " . "FROM symbols " . "WHERE name = '{$db->string($name)}'"); $symbol = $db->column("symbol"); if (is_null($symbol)) { return ""; } global $conf; return img("/icons/" . $symbol, $text ? $text : $name, "vertical-align: middle;"); }
function buildsearchquery($type) { global $lang; $query = "SELECT DISTINCT entries.id, " . "entries.name, " . "entries.author, " . "entries.description, " . "entries.symbol, " . "entries.created, " . "entries.modified " . "FROM "; $keywords = preg_split("/\\s+/", trim($_POST['query'])); $count = count($keywords); if ($type == "pgsql") { for ($i = 0; $i < $count; $i++) { $query .= "entries_fti i" . $i . ", "; } } if (is_array($_POST['cats'])) { $query .= " entry_cat, "; } $query .= "entries WHERE "; if ($type == "pgsql") { $query .= "entries.oid = i0.id AND "; } if ($_POST['author']) { $query .= "lower(entries.author) = lower('" . CodeKBDatabase::string($_POST['author']) . "') AND "; } $a = 1; $b = count($_POST['cats']); while (is_array($_POST['cats']) && !is_null($val = array_shift($_POST['cats']))) { if ($a == 1) { $query .= "entries.id = entry_cat.entry AND ( "; } $query .= "entry_cat.cat = " . CodeKBDatabase::number($val) . " "; if ($a != $b) { $query .= "OR "; } else { $query .= ") AND "; } $a++; } if ($_POST['age'] != $lang['search']['all'] && $_POST['whichage']) { if ($_POST['whichage'] == $lang['sort']['sortbymodifydate']) { $wage = "modified"; } else { $wage = "created"; } switch ($_POST['age']) { case $lang['search']['1day']: $age = 86400; break; case $lang['search']['7days']: $age = 604800; break; case $lang['search']['1month']: $age = 2592000; break; case $lang['search']['3months']: $age = 7776000; break; case $lang['search']['6months']: $age = 15552000; break; case $lang['search']['1year']: $age = 31536000; break; default: $age = time(); } $query .= "entries." . CodeKBDatabase::string($wage) . " > '" . CodeKBDatabase::string(date("Y-m-d H:i:s", time() - $age)) . "' AND "; } $i = 0; if ($type == "mysql") { $query .= "("; } while (is_array($keywords) && !is_null($val = array_shift($keywords))) { if ($val == "*" || $val == "?") { $val = ""; } if ($type == "pgsql") { $query .= ($i == 0 ? "" : "AND ") . "i" . $i . ".string ~ lower('^" . CodeKBDatabase::string($val) . "') "; if ($i > 0) { $query .= "AND i" . ($i - 1) . ".id = i" . $i . ".id "; } $i++; } if ($type == "mysql") { $query .= ($i == 0 ? "" : "OR ") . " entries.description LIKE '%" . CodeKBDatabase::string($val) . "%' OR entries.documentation LIKE '%" . CodeKBDatabase::string($val) . "%' "; } $i++; } if ($type == "mysql") { $query .= ") "; } $sortorder = false; switch ($_POST['sort']) { case $lang['sort']['sortbycreatedate']: $sort = "entries.created"; break; case $lang['sort']['sortbymodifydate']: $sort = "entries.modified"; break; case $lang['sort']['sortbyname']: default: $sort = "entries.name"; } switch ($_POST['order']) { case $lang['sort']['descending']: $order = "DESC"; break; case $lang['sort']['ascending']: default: $order = "ASC"; } $query .= "ORDER BY " . $sort . " " . $order; echo $query; return $query; }
function change($name, $highlight, $symbol, $newupload = null) { // return values // 1 upload failed if (!$this->_user->entrycan("changeentry", $this->_entry)) { return false; } // Do we want to exchange our file with a new one? if ($newupload) { // First upload new one and then delete the old global $HTTP_POST_FILES; $fs_name = null; if (is_uploaded_file($HTTP_POST_FILES[$newupload]['tmp_name'])) { $fs_name = $this->upload($newupload); } if (!$fs_name) { throw new CodeKBException(__METHOD__, "file", "failedchange", $name, 1); } else { $size = $HTTP_POST_FILES[$newupload]['size']; } } else { $fs_name = $this->_fsname; $size = $this->_size; } $db = new CodeKBDatabase(); $db->dosql("UPDATE files " . "SET name = '{$db->string($name)}', " . "fs_name = '{$db->string($fs_name)}', " . "size = {$db->number($size)}, " . "highlight = '{$db->string($highlight)}', " . "symbol = '{$db->string($symbol)}', " . "modified = now() " . "WHERE id = {$db->number($this->_id)}"); if (!$db->success()) { throw new CodeKBException(__METHOD__, "file", "failedchange", $name); } // Remove old file if ($newupload) { $this->delink(); } $this->_name = $name; $this->_fs_name = $fs_name; $this->_size = $size; $this->_highlight = $highlight; $this->_symbol = $symbol; return true; }
private function getrights($cat, $cache = true) { // 1 see // 2 download // 4 change entries // 8 add entries // 16 delete entries // 32 change categories // 64 add categories // 128 delete categories // First look if we have these rights in the cache already if ($cache && !is_null($this->_cache[$cat])) { return $this->_cache[$cat]; } $rights = array(); // Get the maximum rights from given user's groups $db = new CodeKBDatabase(); $db->dosql("SELECT max(rights.rights) AS rightval " . "FROM rights, users, categories, groups, group_user " . "WHERE (" . ($this->_name != null ? "users.name = '{$db->string($this->_name)}' OR" : "") . " users.name is null) AND " . "users.id = group_user.userid AND " . "groups.id = group_user.groupid AND " . "categories.id = {$db->number($cat)} AND " . "categories.id = rights.category AND " . "groups.id = rights.groupid"); $val = $db->column("rightval"); if ($val >= 128) { $val -= 128; $rights[] = "delcat"; } if ($val >= 64) { $val -= 64; $rights[] = "addcat"; } if ($val >= 32) { $val -= 32; $rights[] = "changecat"; } if ($val >= 16) { $val -= 16; $rights[] = "delentry"; } if ($val >= 8) { $val -= 8; $rights[] = "addentry"; } if ($val >= 4) { $val -= 4; $rights[] = "changeentry"; } if ($val >= 2) { $val -= 2; $rights[] = "download"; } if ($val == 1) { $val -= 1; $rights[] = "see"; } global $conf; // In case we want to cache the access rights if ($conf['perf']['rightscache'] > 0) { $this->_cache[$cat] = $rights; if (count($this->_cache) > $conf['perf']['rightscache']) { array_shift($this->_cache); } } return $rights; }
public function deleteuser($user) { // return values // 1 trying to delete admin user global $conf; $db = new CodeKBDatabase(); $db->start(); $db->dosql("SELECT id " . "FROM users " . "WHERE name = '{$db->string($conf['access']['admin'])}' AND " . "id = {$db->number($user)}"); if ($db->countrows() > 0) { $db->abort(); throw new CodeKBException(__METHOD__, "admin", "deleteadmin", null, 1); } $db->dosql("DELETE FROM group_user " . "WHERE userid = {$db->number($user)}"); $db->dosql("DELETE FROM users " . "WHERE id = {$db->number($user)}"); $db->commit(); if ($db->success()) { return true; } throw new CodeKBException(__METHOD__, "admin", "faileddeluser"); }
public function change($name, $description, $parent = -1) { // return values // 1 child cannot be parent // 2 duplicate category if (!$this->_user->can("changecat", $this)) { return false; } $db = new CodeKBDatabase(); $db->start(); if ($parent == -1) { $db->dosql("SELECT parent " . "FROM categories " . "WHERE id = {$db->number($this->_id)}"); $parent = $db->column("parent"); } else { $i = $parent; if ($i == $this->_id) { throw new CodeKBException(__METHOD__, "category", "childnoparent", $name, 1); } while ($i != 0) { $db->dosql("SELECT parent " . "FROM categories " . "WHERE id = {$db->number($i)}"); $i = $db->column("parent"); if ($i == $this->_id) { $db->abort(); throw new CodeKBException(__METHOD__, "category", "childnoparent", $name, 1); } } } $db->dosql("SELECT id " . "FROM categories " . "WHERE parent = {$db->number($parent)} AND " . "id <> {$db->number($this->_id)} AND " . "name = '{$db->string($name)}'"); if ($db->countrows() > 0) { $db->abort(); throw new CodeKBException(__METHOD__, "category", "duplicate", $name, 2); } $db->dosql("UPDATE categories " . "SET name = '{$db->string($name)}', " . "description = '{$db->string($description)}', " . "parent = {$db->number($parent)} " . "WHERE id = {$db->number($this->_id)}"); $db->commit(); if ($db->success()) { $this->_name = $name; $this->_description = $description; if ($parent != -1) { $this->_parent = $parent; } return true; } $db->abort(); throw new CodeKBException(__METHOD__, "category", "failedchange", $name); }