function translate() { $translate = array(); if (!$this->saved_content['Text']) { $translate[] = 'Text'; } $trFrom = $trSect = $trText = array(); if (!empty($translate)) { $newest = $DB->asArray("SELECT t1.section, t1.* FROM content AS t1\n LEFT JOIN content t2 ON t1.section = t2.section\n AND t1.language = t2.language\n AND t1.revision < t2.revision\n WHERE t2.section IS NULL\n AND t1.id='" . Database::escape($id) . "'\n AND (t1.section='" . implode("' OR t1.section='", Database::escape($translate, true)) . "')\n ORDER BY t1.revision DESC", true); foreach ($newest as $s => $translation) { $trFrom[] = $translation['language']; $trText[] = $translation['content']; $trSect[] = $s; } } if (!$obj->Name && !$_POST['etitle']) { if ($info = $DB->metadata->getRow(array('id' => $obj->ID, 'field' => 'Name'), 'value, metameta')) { $trFrom[] = $info['metameta']; $trText[] = $info['value']; $trSect[] = 'Name'; } } $translation = array(); if (!empty($trText)) { $translation = @array_combine($trSect, google::translate($trText, $trFrom, $language)); } return $translation; }
/** * View contents of folders to which the user has access * @param $url URL to send the rendered links to. "$" in the URL will be replaced with the ID of the link * @return HTML */ function fullStructure($url = false) { global $DB, $USER, $Controller; $r = ''; if ($Controller->{ADMIN_GROUP}(OVERRIDE)->isMember($USER)) { $objs = array($Controller->fileRoot); } else { $privilegeIDS = array_merge((array) $USER->ID, $USER->groupIds); $objs = $Controller->get($DB->asList("SELECT spine.id FROM spine RIGHT JOIN privileges ON spine.id = privileges.id WHERE spine.class = 'Folder' AND privileges.beneficiary IN ('" . join("','", Database::escape($privilegeIDS, true)) . "') AND privileges.privileges > 0"), ANYTHING, false, false); } $folders = array(); foreach ($objs as $obj) { $p = $obj; while ($p = $p->Dir) { if (!$p->may($USER, READ)) { break; } elseif (isset($objs[$p->ID])) { continue 2; } } if (is_a($obj, 'Folder')) { if (!in_array($obj->filename, $this->ignore)) { $folders[$obj->filename] = $obj; } } } ksort($folders); return listify(array_map(array($this, 'displayLink'), $folders, array_fill(0, count($folders), $url))); }
function process() { global $current_user; /* @var $current_user CurrentUser */ $current_user->can_throw('add_comments'); /* [writemodule] => CommentsWriteModule [reply_to] => 1 [doc_id] => 440 [comment] => ghjkhjk */ $document_id = max(0, (int) Request::post('doc_id')); $table = Request::post('table'); $comment = Request::post('comment'); $reply_to = max(0, (int) Request::post('reply_to')); Database::query('START TRANSACTION'); $query = 'SELECT max(`id`) as `id` FROM `comments` WHERE `doc_id` = ' . $document_id . ' AND `table`=' . Database::escape($table) . ''; $maxid = 1 + max(0, Database::sql2single($query)); $query = 'INSERT INTO `comments` SET `id`=' . $maxid . ', `table`=' . Database::escape($table) . ', `comment`=' . Database::escape($comment) . ', `parent`=' . $reply_to . ', `doc_id`=' . $document_id . ', `id_author`=' . $current_user->id . ', `time`=' . time(); Database::query($query); Database::query('COMMIT'); }
function write() { global $current_user; /*@var $current_user CurrentUser*/ $current_user->can_throw('books_edit'); $id = isset(Request::$post['id']) ? Request::$post['id'] : 0; $id = max(0, (int) $id); $row = Database::sql2row('SELECT * FROM genre WHERE `id`=' . $id); if (!$row) { return; } if (!$id) { throw new Exception('Illegal id'); } $description = prepare_review(isset(Request::$post['description']) ? Request::$post['description'] : ''); if (!$description) { throw new Exception('Empty description'); } $description = prepare_review($description); $query = 'UPDATE `genre` SET `description`=' . Database::escape($description) . ' WHERE `id`=' . $id; Database::query($query); ob_end_clean(); header('Location:' . Config::need('www_path') . '/genres/' . $row['name']); $current_user->gainActionPoints('genres_edit', $id, BiberLog::TargetType_genre); exit; }
function sendMessage($id_author, $to_users, $subject, $body, $time, $thread_id = false) { if (!is_array($to_users)) throw new Exception('$to_users must be an array'); Database::query('START TRANSACTION'); $query = 'INSERT INTO `users_messages` SET `id_author`=' . $id_author . ', `time`=' . $time . ', `subject`=' . Database::escape($subject) . ', `html`=' . Database::escape($body); Database::query($query); // если есть тред - пишем в тот же тред $lastId = Database::lastInsertId(); $thread_id = $thread_id ? $thread_id : $lastId; if ($thread_id) { $q = array(); foreach ($to_users as $receiver_id) { $is_new = ($receiver_id == $id_author) ? 0 : 1; $q[] = '(' . $lastId . ',' . $thread_id . ',' . $receiver_id . ',' . $is_new . ',0)'; } if (count($q)) { $query = 'INSERT INTO `users_messages_index`(message_id,thread_id,id_recipient,is_new,is_deleted) VALUES ' . implode(',', $q); Database::query($query); } } Database::query('COMMIT'); }
function edit_event() { $id = $_POST['id'] ? $_POST['id'] : 'NULL'; $_POST['template_id'] = max(1, (int) $_POST['template_id']); Database::query('INSERT INTO `lib_events` SET `id` = ' . $id . ', `title`=' . Database::escape($_POST['title']) . ', `male`=' . Database::escape($_POST['male']) . ', `age_start_days`=' . Database::escape($_POST['age_start_days']) . ', `age_end_days`=' . Database::escape($_POST['age_end_days']) . ', `description`=' . Database::escape($_POST['description']) . ', `template_id`=' . Database::escape($_POST['template_id']) . ' ON DUPLICATE KEY UPDATE `title`=' . Database::escape($_POST['title']) . ', `male`=' . Database::escape($_POST['male']) . ', `age_start_days`=' . Database::escape($_POST['age_start_days']) . ', `age_end_days`=' . Database::escape($_POST['age_end_days']) . ', `description`=' . Database::escape($_POST['description']) . ', `template_id`=' . Database::escape($_POST['template_id']) . ' '); $id = $id == 'NULL' ? Database::lastInsertId() : $id; header('Location: /admin/event/' . $id . '/edit'); }
function write() { global $current_user; /* @var $current_user CurrentUser */ if (!$current_user->authorized) throw new Exception('Access denied'); $id = isset(Request::$post['id']) ? Request::$post['id'] : 0; $id = max(0, (int) $id); $parent_id = isset(Request::$post['parent_id']) ? Request::$post['parent_id'] : false; $parent_id = max(0, (int) $parent_id); if (!$id) throw new Exception('Illegal id'); $title = isset(Request::$post['title']) ? Request::$post['title'] : false; $description = isset(Request::$post['description']) ? Request::$post['description'] : false; if ($parent_id == $id) throw new Exception('Illegal parent'); if ($parent_id) { $query = 'SELECT `id` FROM `series` WHERE `id`=' . $parent_id; if (!Database::sql2single($query)) throw new Exception('No such parent'); } if (!$title) throw new Exception('Empty title'); $description = prepare_review($description); $title = prepare_review($title, ''); $query = 'UPDATE `series` SET `id_parent`=' . $parent_id . ',`title`=' . Database::escape($title) . ', `description`=' . Database::escape($description) . ' WHERE `id`=' . $id; Database::query($query); }
function getOne() { $query = 'SELECT * FROM `genre` WHERE `name`=' . Database::escape($this->genre_name); $data = Database::sql2row($query); if (!isset($data['name'])) return; $this->data['genres'][$data['id']] = array( 'name' => $data['name'], 'id' => $data['id'], 'id_parent' => $data['id_parent'], 'title' => $data['title'], 'books_count' => $data['books_count'] ); if (!$data['id_parent']) { $this->data['genres'][$data['id']]['subgenres'] = $this->getAll($data['id']); return; } $query = 'SELECT `id_book` FROM `book_genre` BG JOIN `book` B ON B.id = BG.id_book WHERE BG.id_genre = ' . $data['id'] . ' ORDER BY B.mark DESC LIMIT 20'; $bids = Database::sql2array($query, 'id_book'); $books = Books::getByIdsLoaded(array_keys($bids)); Books::LoadBookPersons(array_keys($bids)); foreach ($books as $book) { $book = Books::getById($book->id); list($aid, $aname) = $book->getAuthor(1, 1, 1); // именно наш автор, если их там много $this->data['genres'][$data['id']]['books'][] = array('id' => $book->id, 'cover' => $book->getCover(), 'title' => $book->getTitle(true), 'author' => $aname, 'author_id' => $aid, 'lastSave' => $book->data['modify_time']); } }
function getLikes() { if (!$this->genre_id) return; $query = 'SELECT * FROM `genre` WHERE `name`=' . Database::escape($this->genre_id); $data = Database::sql2row($query); if($data['id']){ } }
function setStatus($status_code, $message) { $query = 'UPDATE `features` SET `status`=' . (int) $status_code . ', `last_run`=' . time() . ', `last_message`=' . Database::escape($message) . ' WHERE `id`=' . $this->id; Database::query($query); }
public function getPostByUrl($url) { $where = "Blog ='" . Database::escape($this->getId()) . "' AND Url = '" . Database::escape($url) . "'"; $lista = BlogPost::SELECT($where); if (count($lista)) { return $lista[0]; } return null; }
public static function getByName($name) { $name = Database::escape($name); $items = self::SELECT("`Name` = '{$name}'"); if (1 != count($items)) { return null; } return $items[0]; }
private final function set_filter($array) { if (isset($array['comparison'])) { $clause = "`{$array['column']}` {$array['comparison']} '" . Database::escape($array['value']) . "'"; } else { $clause = "`{$array['column']}` = '" . Database::escape($array['value']) . "'"; } $this->where_clause[] = $clause; }
function write() { global $current_user; /* @var $current_user CurrentUser */ if (!$current_user->authorized) throw new Exception('Access denied'); $data = array( 'target_id' => max(0, (int) Request::$post['target_id']), 'target_type' => max(0, (int) Request::$post['target_type']), 'comment' => prepare_review(Request::$post['annotation']), 'rate' => min(6, max(0, (int) Request::$post['rate'])) + 1, ); $event = new Event(); if (!$data['comment']) { // inserting rate if ($data['rate'] && ($data['target_type'] == 0)) { $time = time(); if ($data['rate'] > 1) { $query = 'INSERT INTO `book_rate` SET `id_book`=' . $data['target_id'] . ',`id_user`=' . $current_user->id . ',`rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ' ON DUPLICATE KEY UPDATE `rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ''; Database::query($query); } //recalculating rate $query = 'SELECT COUNT(1) as cnt, SUM(`rate`) as rate FROM `book_rate` WHERE `id_book`=' . $data['target_id']; $res = Database::sql2row($query); $book_mark = round($res['rate'] / $res['cnt'] * 10); $query = 'UPDATE `book` SET `mark`=' . $book_mark . ' WHERE `id`=' . $data['target_id']; Database::query($query); $event->event_BookRateAdd($current_user->id, $data['target_id'], $data['rate'] - 1); } } else { if (!$data['target_id']) return; $query = 'INSERT INTO `reviews` SET `id_target`=' . $data['target_id'] . ', `target_type`=' . $data['target_type'] . ', `id_user`=' . $current_user->id . ', `time`=' . time() . ', `comment`=' . Database::escape($data['comment']) . ', `rate`=' . ($data['rate'] - 1) . ' ON DUPLICATE KEY UPDATE `time`=' . time() . ', `comment`=' . Database::escape($data['comment']) . ', `rate`=' . ($data['rate'] - 1) . ''; Database::query($query); //event $event->event_BookReviewAdd($current_user->id, $data['target_id'],$data['target_type'], $data['rate'] - 1 , $data['comment']); } $event->push(); }
/** * Para insertar un nuevo registro, debo pasar la ruta de * una imagen válida (puede ser de un archivo local o uno remoto con http://...) */ public static function INSERT($image_path) { // Compruebo si el archivo es en realidad una imagen: //$finfo = finfo_open(FILEINFO_MIME_TYPE); //$mime = finfo_file($finfo, $image_path); $temp_hash = md5(microtime()); Rack::Write('temp', $temp_hash, $image_path); $temp_path = Rack::Path('temp', $temp_hash); $is = getimagesize($temp_path); $mime = $is['mime']; switch ($mime) { case 'image/jpeg': $gd = @imagecreatefromjpeg($temp_path); break; case 'image/png': $gd = @imagecreatefrompng($temp_path); break; case 'image/gif': $gd = @imagecreatefromgif($temp_path); break; case 'image/bmp': $gd = @imagecreatefrombmp($temp_path); break; default: return null; } if (is_resource($gd)) { $width = imagesx($gd); $height = imagesy($gd); $hash = md5_file($temp_path); $list = Image::SELECT("Hash='" . Database::escape($hash) . "'"); if (count($list)) { // La imagen ya existe :S $image = $list[0]; $image->_setCounter($image->getCounter() + 1); } else { // Creo un nuevo registro de imagen :) $image = parent::INSERT(); $image->_setWidth($width); $image->_setHeight($height); $image->_setMime($mime); $image->_setHash($hash); $image->_setSize(@filesize($temp_path)); $image->_setCounter(1); // Copiar imagen a la carpeta de imágenes con el id de $image->getId(); (o con el hash) Rack::Write('img', md5($image->ID()), $temp_path); } Rack::Remove('temp', $temp_hash); return $image; } else { // Error al abrir la imagen Rack::Remove('temp', $temp_hash); return null; } }
function _new() { $name = Request::$post['name'][0]; $value = Request::$post['value'][0]; $comment = Request::$post['comment'][$key]; $query = 'INSERT INTO `settings` SET `name`=' . Database::escape($name) . ', `comment`=' . Database::escape($comment) . ', `value`=' . Database::escape($value); Database::query($query); }
function getNew() { $uid = Request::get(0); if ($uid != 'me') { if ($uid) $uid = Database::sql2single('SELECT `id` FROM `users` WHERE `nickname`=' . Database::escape($uid)); } if($uid) XMLClass::$varNode->setAttribute('to', $uid); $this->data['message'] = array(); $this->data['message']['thread_id'] = $this->thread_id; }
function _new() { $title = trim(Request::post('title')); if (!$title) { throw new Exception('title missed'); } $query = 'INSERT INTO `rightholders` SET `title`=' . Database::escape($title); Database::query($query); @ob_end_clean(); header('Location: /admin/rightholders/' . Database::lastInsertId()); exit; }
function __construct($id = false, $data = false) { $this->loaded = false; if ($id && !is_numeric($id)) { $query = 'SELECT `id` FROM `users` WHERE `nickname`=' . Database::escape($id); $id = (int) Database::sql2single($query); } if ($id) { $this->id = max(0, $id); } if ($data) $this->load($data); }
function _upsert($data) { $q = array(); foreach ($data as $field => $value) { $q[] = '`' . $field . '`=' . Database::escape($value); } if (count($q)) { Database::query('INSERT INTO `feature_groups` SET ' . implode(',', $q) . ' ON DUPLICATE KEY UPDATE ' . implode(',', $q)); } @ob_end_clean(); header('Location: ' . Config::need('www_path') . '/features'); exit(0); }
public function del_two_way($accountId) { /* Update query, om de secret te verwijderen. */ $update = Database::query("UPDATE customer SET secret = null WHERE id = " . Database::escape($accountId)); /* Kijken of de query is gelukt. */ if ($update) { /* Gelukt, verwijder nu de two-way verificatie van de huidige sessie. */ unset($_SESSION['login']['secret']); } else { /* Query mislukt, gooi foutmelding terug. */ throw new Exception($update); } }
public static function add(&$data) { // Fields $SessionId = md5(microtime()); $Ip = Database::escape($_SERVER['REMOTE_ADDR']); $UserAgent = Database::escape($_SERVER['HTTP_USER_AGENT']); $Created = time(); $Data = Database::escape(serialize($data)); $sql = "INSERT INTO `SystemSession` (`id`, `__timestamp__`, `__operation__`, `SessionId`, `Ip`, `UserAgent`, `Created`, `Data`) VALUES (NULL, " . time() . ", 'INSERT', '{$SessionId}', '{$Ip}', '{$UserAgent}', '{$Created}', '{$Data}')"; // Run query $result = Database::sql($sql); $id = Database::getInsertId(); return self::ROW($id); }
public static function ROW($id) { $id = intval($id); if (array_key_exists($id, self::$data)) { return self::$data[$id]; } else { $rows = self::SELECT("id='" . Database::escape($id) . "'"); if (count($rows)) { return $rows[0]; } else { return null; } } }
function _update($data, $tableName) { $q = array(); $this->dropCache(); foreach ($data as $field => $value) { if (isset($this->fieldsMap[$field])) { $q[] = '`' . $field . '`=' . Database::escape($value); }else throw new Exception('_create failed: illegal field #' . $field); } if (count($q)) { Database::query('UPDATE `' . $tableName . '` SET ' . implode(',', $q) . ' WHERE `id`=' . $this->id); return $lid = Database::lastInsertId(); } }
function add_album_relation() { $album_id = $_POST['album_id']; $nick = $_POST['nick']; $role = $_POST['role']; $user_id = Database::sql2single('SELECT `id` FROM `user` WHERE `nickname`=' . Database::escape($nick)); Database::query('INSERT INTO `album_family` SET `album_id`=' . $album_id . ', `user_id`=' . $user_id . ', `family_role`=' . $role . ', `add_time`=' . time() . ' ON DUPLICATE KEY UPDATE `family_role`=' . $role . ''); }
function write() { $id = Request::post('entry_id'); $title = Request::post('title'); $body = Request::post('body'); $id_parent = Request::post('answer_to'); global $current_user; $query = 'SELECT * FROM `blog_entries` WHERE `id`=' . $id; $data = Database::sql2row($query); $entry = new Entrie($data); if (!$current_user->authorized) { throw new Exception('must be autorized'); } if (!$body) { throw new Exception('body missed'); } if (!$title) { throw new Exception('title missed'); } if ($id_parent) { // answer $query = 'SELECT * FROM `blog_entries_comments` WHERE `id`=' . $id_parent; $parent_comment = Database::sql2row($query); if ($parent_comment['id_parent'] > 0) { $answer_to = $id_parent; $id_parent = $parent_comment['id_parent']; } else { $answer_to = $id_parent; $id_parent = $parent_comment['id']; } } else { $answer_to = 0; $id_parent = 0; } $query = 'INSERT INTO `blog_entries_comments` SET `id_entry`=' . $id . ', `id_user`=' . $current_user->id . ', `id_parent`=' . $id_parent . ', `time`=' . time() . ', `title`=' . Database::escape($title) . ', `comment`=' . Database::escape($body) . ', `answer_to`=' . $answer_to; Database::query($query); $comment_id = Database::lastInsertId(); $entry->updateCommentsCount(); header('Location: ' . '/blog/' . $entry->user->getNickName() . '/' . $entry->id . '#comment-' . $comment_id); exit(0); }
function addComment() { global $current_user; $subscribe = false; if (isset(Request::$post['subscribe'])) { if (Request::$post['subscribe']) { $subscribe = true; } } if (!$current_user->id) { return; } $comment = isset(Request::$post['comment']) ? Request::$post['comment'] : false; $comment = trim(prepare_review($comment, '<em><i><strong><b><u><s>')); if (!$comment) { throw new Exception('comment body expected'); } $post_id = Request::$post['id']; $data = array(); if ($post_id) { if (isset(Request::$post['comment_id']) && ($comment_id = Request::$post['comment_id'])) { $data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment, $comment_id); if ($data) { Notify::notifyEventCommentAnswer($data['commenter_id'], $post_id, $data['comment_id']); } } else { $data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment); if ($data) { Notify::notifyEventComment($data['user_id'], $post_id, $data['comment_id']); } } } if ($data) { if ($subscribe) { // на своё и так и так подписаны if ($data['post']['user_id'] != $current_user->id) { $query = 'SELECT `id` FROM `events` WHERE `mongoid`=' . Database::escape($post_id); $intid = Database::sql2single($query); if ($intid) { /* @var $current_user User */ $current_user->setNotifyRule(UserNotify::UN_COMMENT_ANSWER, UserNotify::UNT_NOTIFY); $current_user->save(); Notify::notifySubscribe($current_user->id, $intid); } } } } }
/** * Permission-test overload to allow display if there are any files or folders that allow so * @see solidbase/lib/Base#may() */ function may($beneficiary, $accessLevel) { $p = parent::may($beneficiary, $accessLevel); if (is_bool($p)) { return $p; } if ($accessLevel & READ) { if (!isset($this->READ[$beneficiary->ID])) { global $DB; $privilegeIDS = array_merge((array) $beneficiary->ID, $beneficiary->groupIds); $this->READ[$beneficiary->ID] = $DB->exists("SELECT `spine`.`id` as id FROM `spine` RIGHT JOIN `privileges` ON `spine`.`id` = `privileges`.`id` WHERE `spine`.`class` IN ('File','Folder') AND `privileges`.`beneficiary` IN ('" . join("','", Database::escape($privilegeIDS, true)) . "') AND (`privileges`.`privileges` & " . READ . ") > 0"); } return $this->READ[$beneficiary->ID] ? true : 0; } return 0; }
public static function setPartnerCookie($id_partner) { global $current_user; /* @var $current_user CurrentUser */ if ($id_partner) { $query = 'SELECT `id` FROM `partners` WHERE `pid`=' . Database::escape($id_partner); $pid = Database::sql2single($query); if ($pid) { if ($current_user) { $time = Config::need('cookie_lifetime_partner', 5 * 60 * 60 * 24); $current_user->setCookie('partner_id', $pid, time() + $time); } header('Location: ' . Request::$url, true, 302); } } }
public static function set_cookie($user_id) { $cookie_key = Config::need('COOKIE_KEY', 'u'); $hash_coookie_key = $cookie_key . '_sh'; $uid_coookie_key = $cookie_key . '_id'; $hash = md5(time() . $user_id); Database::query('UPDATE `user` SET `lastAccessTime`=' . time() . ',`session`=' . Database::escape($hash) . ' WHERE `id`=' . $user_id); $expire = time() + 7 * 24 * 60 * 60; $path = '/'; $domain = '.' . Config::need('www_domain'); $secure = false; $httponly = false; setcookie($uid_coookie_key, $user_id, $expire, $path, $domain, $secure, $httponly); setcookie($hash_coookie_key, $hash, $expire, $path, $domain, $secure, $httponly); $_COOKIE[$uid_coookie_key] = $user_id; $_COOKIE[$hash_coookie_key] = $hash; self::authorize_cookie(); }