function publications_userapi_pageintrees($args) { extract($args); if (!isset($pid) || !is_numeric($pid) || !isset($tree_roots) || !is_array($tree_roots)) { return false; } $xartable = xarDB::getTables(); $dbconn = xarDB::getConn(); // For the page to be somewhere in a tree, identified by the root of that tree, // it's xar_left column must be between the xar_left and xar_right columns // of the tree root. $query = 'SELECT COUNT(*)' . ' FROM ' . $xartable['publications'] . ' AS testpage' . ' INNER JOIN ' . $xartable['publications'] . ' AS testtrees' . ' ON testpage.leftpage_id BETWEEN testtrees.leftpage_id AND testtrees.rightpage_id' . ' AND testtrees.id IN (?' . str_repeat(',?', count($tree_roots) - 1) . ')' . ' WHERE testpage.id = ?'; // Add the pid onto the tree roots to form the full bind variable set. $tree_roots[] = $pid; $result = $dbconn->execute($query, $tree_roots); if (!$result || $result->EOF) { return false; } list($count) = $result->fields; if ($count > 0) { return true; } else { return false; } }
/** * get next article * Note : the following parameters are all optional (except id and ptid) * * @param $args['id'] the article ID we want to have the next article of * @param $args['ptid'] publication type ID (for news, sections, reviews, ...) * @param $args['sort'] sort order ('date','title','hits','rating',...) * @param $args['owner'] the ID of the author * @param $args['state'] array of requested status(es) for the publications * @param $args['enddate'] publications published before enddate * (unix timestamp format) * @return array of article fields, or false on failure */ function publications_userapi_getnext($args) { // Get arguments from argument array extract($args); // Optional argument if (empty($sort)) { $sort = 'date'; } if (!isset($state)) { // frontpage or approved $state = array(PUBLICATIONS_STATE_FRONTPAGE, PUBLICATIONS_STATE_APPROVED); } // Default fields in publications (for now) $fields = array('id', 'title'); // Security check if (!xarSecurityCheck('ViewPublications')) { return; } // Database information $dbconn = xarDB::getConn(); // Get the field names and LEFT JOIN ... ON ... parts from publications // By passing on the $args, we can let leftjoin() create the WHERE for // the publications-specific columns too now $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args); // Create the query $query = "SELECT {$publicationsdef['id']}, {$publicationsdef['title']}, {$publicationsdef['pubtype_id']}, {$publicationsdef['owner']}\n FROM {$publicationsdef['table']} WHERE "; // we rely on leftjoin() to create the necessary publications clauses now if (!empty($publicationsdef['where'])) { $query .= " {$publicationsdef['where']} AND "; } // Get current article $current = xarModAPIFunc('publications', 'user', 'get', array('id' => $id)); // Create the ORDER BY part switch ($sort) { case 'title': $query .= $publicationsdef['title'] . ' > ' . $dbconn->qstr($current['title']) . ' ORDER BY ' . $publicationsdef['title'] . ' ASC, ' . $publicationsdef['id'] . ' ASC'; break; case 'id': $query .= $publicationsdef['id'] . ' > ' . $current['id'] . ' ORDER BY ' . $publicationsdef['id'] . ' ASC'; break; case 'data': default: $query .= $publicationsdef['pubdate'] . ' > ' . $dbconn->qstr($current['pubdate']) . ' ORDER BY ' . $publicationsdef['pubdate'] . ' ASC, ' . $publicationsdef['id'] . ' ASC'; } // Run the query - finally :-) $result =& $dbconn->SelectLimit($query, 1, 0); if (!$result) { return; } $item = array(); list($item['id'], $item['title'], $item['pubtype_id'], $item['owner']) = $result->fields; $result->Close(); // TODO: grab categories & check against them too // check security - don't generate an exception here if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) { return array(); } return $item; }
/** * @returns int (calendar id on success, false on failure) */ function calendar_adminapi_create_calendars($args) { extract($args); // argument check if (!isset($calname)) { $msg = xarML('Calendar name not specified', 'admin', 'create', 'calendar'); throw new Exception($msg); } // TODO: should I move these two issets to the admin function // admin/create_calendars.php? --amoro if (!isset($mod_id)) { $module = xarController::$request->getInfo(); $mod_id = xarMod::getRegID($module[0]); } if (!isset($role_id)) { $role_id = xarSession::getVar('role_id'); } // Load up database details. $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); $caltable = $xartable['calendars']; // Insert instance details. $nextId = $dbconn->GenId($caltable); $query = 'INSERT INTO ' . $caltable . ' ( xar_id, xar_role_id, xar_mod_id, xar_name ) VALUES (?, ?, ?, ?)'; $result =& $dbconn->Execute($query, array($nextId, $role_id, $mod_id, $calname)); if (!$result) { return; } // Get ID of row inserted. $calendid = $dbconn->PO_Insert_ID($caltable, 'xar_id'); // If not database type also add file info // Allow duplicate files here, to make it easier to delete them // WARNING: if somebody changes this you should also change the // delete function to avoid major dataloss!!! --amoro if ($addtype != 'db') { $filestable = $xartable['calfiles']; $cal_filestable = $xartable['calendars_files']; $nextID = $dbconn->GenId($filestable); $query = 'INSERT INTO ' . $filestable . ' ( xar_id, xar_path ) VALUES (?, ?)'; $result =& $dbconn->Execute($query, array($nextID, $fileuri)); // Get ID of row inserted. $fileid = $dbconn->PO_Insert_ID($filestable, 'xar_id'); $query = 'INSERT INTO ' . $cal_filestable . ' ( xar_calendars_id, xar_files_id ) VALUES (?, ?)'; $result =& $dbconn->Execute($query, array($calendid, $fileid)); } return $calendid; }
/** * Create a new publication type * * @param $args['name'] name of the publication type * @param $args['descr'] description of the publication type * @param $args['config'] configuration of the publication type * @return int publication type ID on success, false on failure */ function publications_adminapi_createpubtype($args) { // Get arguments from argument array extract($args); // Argument check - make sure that all required arguments are present // and in the right format, if not then set an appropriate error // message and return // Note : since we have several arguments we want to check here, we'll // report all those that are invalid at the same time... $invalid = array(); if (!isset($name) || !is_string($name) || empty($name)) { $invalid[] = 'name'; } if (!isset($config) || !is_array($config) || count($config) == 0) { $invalid[] = 'configuration'; } if (count($invalid) > 0) { $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'createpubtype', 'Publications'); throw new BadParameterException(null, $msg); } if (empty($descr)) { $descr = $name; } // Publication type names *must* be lower-case for now $name = strtolower($name); // Security check - we require ADMIN rights here if (!xarSecurityCheck('AdminPublications')) { return; } if (!xarModAPILoad('publications', 'user')) { return; } // Make sure we have all the configuration fields we need $pubfields = xarModAPIFunc('publications', 'user', 'getpubfields'); foreach ($pubfields as $field => $value) { if (!isset($config[$field])) { $config[$field] = ''; } } // Get database setup $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); $pubtypestable = $xartable['publication_types']; // Get next ID in table $nextId = $dbconn->GenId($pubtypestable); // Insert the publication type $query = "INSERT INTO {$pubtypestable} (pubtype_id, pubtypename,\n pubtypedescr, pubtypeconfig)\n VALUES (?,?,?,?)"; $bindvars = array($nextId, $name, $descr, serialize($config)); $result =& $dbconn->Execute($query, $bindvars); if (!$result) { return; } // Get ptid to return $ptid = $dbconn->PO_Insert_ID($pubtypestable, 'pubtype_id'); // Don't call creation hooks here... //xarModCallHooks('item', 'create', $ptid, 'ptid'); return $ptid; }
/** * count the number of items per month * @param $args['cids'] not supported here (yet ?) * @param $args['ptid'] publication type ID we're interested in * @param $args['state'] array of requested status(es) for the publications * @return array array(month => count), or false on failure */ function publications_userapi_getmonthcount($args) { // Get database setup $dbconn = xarDB::getConn(); // Get the field names and LEFT JOIN ... ON ... parts from publications // By passing on the $args, we can let leftjoin() create the WHERE for // the publications-specific columns too now $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args); // Bug 1590 - Create custom query supported by each database. $dbtype = xarDB::getType(); switch ($dbtype) { case 'mysql': $query = "SELECT LEFT(FROM_UNIXTIME(start_date),7) AS mymonth, COUNT(*) FROM " . $publicationsdef['table']; // echo $query;exit; break; case 'postgres': $query = "SELECT TO_CHAR(ABSTIME(pubdate),'YYYY-MM') AS mymonth, COUNT(*) FROM " . $publicationsdef['table']; break; case 'mssql': $query = "SELECT LEFT(CONVERT(VARCHAR,DATEADD(ss,pubdate,'1/1/1970'),120),7) as mymonth, COUNT(*) FROM " . $publicationsdef['table']; break; // TODO: Add SQL queries for Oracle, etc. // TODO: Add SQL queries for Oracle, etc. default: return; } if (!empty($publicationsdef['where'])) { $query .= ' WHERE ' . $publicationsdef['where']; } switch ($dbtype) { case 'mssql': $query .= " GROUP BY LEFT(CONVERT(VARCHAR,DATEADD(ss,pubdate,'1/1/1970'),120),7)"; break; default: $query .= ' GROUP BY mymonth'; break; } $result =& $dbconn->Execute($query); if (!$result) { return; } $months = array(); while (!$result->EOF) { list($month, $count) = $result->fields; $months[$month] = $count; $result->MoveNext(); } return $months; }
/** * Delete a publication type * * @param $args['ptid'] ID of the publication type * @return bool true on success, false on failure */ function publications_adminapi_deletepubtype($args) { // Get arguments from argument array extract($args); // Argument check - make sure that all required arguments are present // and in the right format, if not then set an appropriate error // message and return if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) { $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications'); throw new BadParameterException(null, $msg); } // Security check - we require ADMIN rights here if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) { return; } // Load user API to obtain item information function if (!xarModAPILoad('publications', 'user')) { return; } // Get current publication types $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes'); if (!isset($pubtypes[$ptid])) { $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications'); throw new BadParameterException(null, $msg); } // Get database setup $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); $pubtypestable = $xartable['publication_types']; // Delete the publication type $query = "DELETE FROM {$pubtypestable}\n WHERE pubtype_id = ?"; $result =& $dbconn->Execute($query, array($ptid)); if (!$result) { return; } $publicationstable = $xartable['publications']; // Delete all publications for this publication type $query = "DELETE FROM {$publicationstable}\n WHERE pubtype_id = ?"; $result =& $dbconn->Execute($query, array($ptid)); if (!$result) { return; } // TODO: call some kind of itemtype delete hooks here, once we have those //xarModCallHooks('itemtype', 'delete', $ptid, // array('module' => 'publications', // 'itemtype' =>'ptid')); return true; }
/** * get the number of publications per publication type * @param $args['state'] array of requested status(es) for the publications * @return array array(id => count), or false on failure */ function publications_userapi_getpubcount($args) { if (!empty($args['state'])) { $statestring = 'all'; } else { if (is_array($args['state'])) { sort($args['state']); $statestring = join('+', $args['state']); } else { $statestring = $args['state']; } } if (xarVarIsCached('Publications.PubCount', $statestring)) { return xarVarGetCached('Publications.PubCount', $statestring); } $pubcount = array(); $dbconn = xarDB::getConn(); $tables = xarDB::getTables(); sys::import('xaraya.structures.query'); $q = new Query('SELECT', $tables['publications']); $q->addfield('pubtype_id'); $q->addfield('COUNT(state) AS count'); $q->addgroup('pubtype_id'); if (!empty($args['state'])) { } else { if (is_array($args['state'])) { $q->in('state', $args['state']); } else { $q->eq('state', $args['state']); } } // $q->qecho(); if (!$q->run()) { return; } $pubcount = array(); foreach ($q->output() as $key => $value) { $pubcount[$value['pubtype_id']] = $value['count']; } xarVarSetCached('Publications.PubCount', $statestring, $pubcount); return $pubcount; }
function publications_treeapi_getleftright($args) { // Expand the arguments. extract($args); // Database. $dbconn = xarDB::getConn(); if ($id != 0) { // Insert point is a real item. $query = 'SELECT xar_parent, xar_left, xar_right' . ' FROM ' . $tablename . ' WHERE ' . $idname . ' = ?'; $result = $dbconn->execute($query, array((int) $id)); if (!$result->EOF) { list($parent, $left, $right) = $result->fields; $return = array('parent' => (int) $parent, 'left' => (int) $left, 'right' => (int) $right); } else { // Item not found. // TODO: raise error. return; } } else { // Insert point is the virtual root. // This query should return EOF when the table is empty, // but it doesn't (on MySQL, at least - I'm sure a MAX() of // no rows returns no rows in Oracle). $query = 'SELECT 0, MIN(xar_left)-1 as xar_left, MAX(xar_right)+1 as xar_right' . ' FROM ' . $tablename; $result = $dbconn->execute($query); $parent = 0; if (!$result->EOF) { list($parent, $left, $right) = $result->fields; $return = array('parent' => (int) $parent, 'left' => (int) $left, 'right' => (int) $right); // Hack for MySQL where EOF does not work on MIN/MAX group functions. if (!isset($left)) { $return = array('parent' => 0, 'left' => 1, 'right' => 2); } } else { $return = array('parent' => 0, 'left' => 1, 'right' => 2); } } return $return; }
/** * return the field names and correct values for querying (or joining on) * the publications table * example 1 : SELECT ..., $title, $body1,... * FROM $table * WHERE $title LIKE 'Hello world%' * AND $where * * example 2 : SELECT ..., $title, $body1,... * FROM ... * LEFT JOIN $table * ON $field = <name of articleid field in your module> * WHERE ... * AND $title LIKE 'Hello world%' * AND $where * * Note : the following arguments are all optional : * * @param $args['ids'] optional array of ids that we are selecting on * @param $args['owner'] the ID of the author * @param $args['ptid'] publication type ID (for news, sections, reviews, ...) or array of pubtype IDs * @param $args['state'] array of requested status(es) for the publications * @param $args['search'] search text parameter(s) * @param $args['searchfields'] array of fields to search in * @param $args['searchtype'] start, end, like, eq, gt, ... (TODO) * @param $args['pubdate'] publications published in a certain year (YYYY), month (YYYY-MM) or day (YYYY-MM-DD) * @param $args['startdate'] publications published at startdate or later * (unix timestamp format) * @param $args['enddate'] publications published before enddate * (unix timestamp format) * @param $args['where'] additional where clauses (myfield gt 1234) * @param $args['locale'] language/locale (if not using multi-sites, categories etc.) * @return array('table' => 'nuke_publications', * 'field' => 'nuke_publications.id', * 'where' => 'nuke_publications.id IN (...)', * 'title' => 'nuke_publications.title', * ... * 'body1' => 'nuke_publications.body1') */ function publications_userapi_leftjoin($args) { // Get arguments from argument array extract($args); // Optional argument if (empty($ids) || !is_array($ids)) { $ids = array(); } // Note : no security checks here // Table definition $xartable = xarDB::getTables(); $dbconn = xarDB::getConn(); $publicationstable = $xartable['publications']; $leftjoin = array(); // Add available columns in the publications table (for now) $columns = array('id', 'name', 'title', 'description', 'summary', 'owner', 'pubtype_id', 'notes', 'state', 'body1', 'locale', 'create_date', 'start_date'); foreach ($columns as $column) { $leftjoin[$column] = $publicationstable . '.' . $column; } // Specify LEFT JOIN ... ON ... [WHERE ...] parts $leftjoin['table'] = $publicationstable; $leftjoin['field'] = $leftjoin['id']; // Specify the WHERE part // FIXME: <mrb> someone better informed about this should replace // the xar-varprepforstore with qstr() method where appropriate $whereclauses = array(); if (!empty($owner) && is_numeric($owner)) { $whereclauses[] = $leftjoin['owner'] . ' = ' . $owner; } if (!empty($ptid)) { if (is_numeric($ptid)) { $whereclauses[] = $leftjoin['pubtype_id'] . ' = ' . $ptid; } elseif (is_array($ptid) && count($ptid) > 0) { $seenptid = array(); foreach ($ptid as $id) { if (empty($id) || !is_numeric($id)) { continue; } $seenptid[$id] = 1; } if (count($seenptid) == 1) { $ptids = array_keys($seenptid); $whereclauses[] = $leftjoin['pubtypeid'] . ' = ' . $ptids[0]; } elseif (count($seenptid) > 1) { $ptids = join(', ', array_keys($seenptid)); $whereclauses[] = $leftjoin['pubtypeid'] . ' IN (' . $ptids . ')'; } } } if (!empty($state) && is_array($state)) { if (count($state) == 1 && is_numeric($state[0])) { $whereclauses[] = $leftjoin['state'] . ' = ' . $state[0]; } elseif (count($state) > 1) { $allstate = join(', ', $state); $whereclauses[] = $leftjoin['state'] . ' IN (' . $allstate . ')'; } } if (!empty($pubdate)) { // published in a certain year if (preg_match('/^(\\d{4})$/', $pubdate, $matches)) { $startdate = gmmktime(0, 0, 0, 1, 1, $matches[1]); $enddate = gmmktime(0, 0, 0, 1, 1, $matches[1] + 1); if ($enddate > time()) { $enddate = time(); } // published in a certain month } elseif (preg_match('/^(\\d{4})-(\\d+)$/', $pubdate, $matches)) { $startdate = gmmktime(0, 0, 0, $matches[2], 1, $matches[1]); // PHP allows month > 12 :-) $enddate = gmmktime(0, 0, 0, $matches[2] + 1, 1, $matches[1]); if ($enddate > time()) { $enddate = time(); } // published in a certain day } elseif (preg_match('/^(\\d{4})-(\\d+)-(\\d+)$/', $pubdate, $matches)) { $startdate = gmmktime(0, 0, 0, $matches[2], $matches[3], $matches[1]); // PHP allows day > 3x :-) $enddate = gmmktime(0, 0, 0, $matches[2], $matches[3] + 1, $matches[1]); if ($enddate > time()) { $enddate = time(); } // published at a certain timestamp } elseif (preg_match('/^(\\d+)$/', $pubdate, $matches)) { if ($pubdate <= time()) { $whereclauses[] = $leftjoin['create_date'] . ' = ' . $pubdate; } } } if (!empty($startdate) && is_numeric($startdate)) { $whereclauses[] = $leftjoin['create_date'] . ' >= ' . $startdate; } /* if (!empty($enddate) && is_numeric($enddate)) { $whereclauses[] = $leftjoin['create_date'] . ' < ' . $enddate; } */ /* Example: automatically filter by the current locale - cfr. bug 3454 if (empty($locale)) { $locale = xarMLSGetCurrentLocale(); } */ if (!empty($locale) && is_string($locale)) { $whereclauses[] = $leftjoin['locale'] . " = " . $dbconn->qstr($locale); } if (count($ids) > 0) { $allids = join(', ', $ids); $whereclauses[] = $publicationstable . '.id IN (' . $allids . ')'; } if (!empty($where)) { // find all single-quoted pieces of text and replace them first, to allow where clauses // like : title eq 'this and that' and body1 eq 'here or there' $idx = 0; $found = array(); if (preg_match_all("/'(.*?)'/", $where, $matches)) { foreach ($matches[1] as $match) { $found[$idx] = $match; $match = preg_quote($match); $match = str_replace("#", "\\#", $match); $where = trim(preg_replace("#'{$match}'#", "'~{$idx}~'", $where)); $idx++; } } // cfr. BL compiler - adapt as needed (I don't think == and === are accepted in SQL) $findLogic = array(' eq ', ' ne ', ' lt ', ' gt ', ' id ', ' nd ', ' le ', ' ge '); $replaceLogic = array(' = ', ' != ', ' < ', ' > ', ' = ', ' != ', ' <= ', ' >= '); $where = str_replace($findLogic, $replaceLogic, $where); $parts = preg_split('/\\s+(and|or)\\s+/', $where, -1, PREG_SPLIT_DELIM_CAPTURE); $join = ''; $mywhere = ''; foreach ($parts as $part) { if ($part == 'and' || $part == 'or') { $join = $part; continue; } $pieces = preg_split('/\\s+/', $part); $name = array_shift($pieces); // sanity check on SQL if (count($pieces) < 2) { continue; } if (isset($leftjoin[$name])) { // Note: this is a potential security hole, so don't allow end-users to // fill in the where clause without filtering quotes etc. ! if (empty($idx)) { $mywhere .= $join . ' ' . $leftjoin[$name] . ' ' . join(' ', $pieces) . ' '; } else { $mywhere .= $join . ' ' . $leftjoin[$name] . ' '; foreach ($pieces as $piece) { // replace the pieces again if necessary if (preg_match("#'~(\\d+)~'#", $piece, $matches) && isset($found[$matches[1]])) { $original = $found[$matches[1]]; $piece = preg_replace("#'~(\\d+)~'#", "'{$original}'", $piece); } $mywhere .= $piece . ' '; } } } } if (!empty($mywhere)) { $whereclauses[] = '(' . $mywhere . ')'; } } if (empty($searchfields)) { $searchfields = array('title', 'description', 'summary', 'body1'); } if (!empty($search)) { // TODO : improve + make use of full-text indexing for recent MySQL versions ? $normal = array(); $find = array(); // 0. Check for "'equal whole string' searchType" if (!empty($searchtype) && $searchtype == 'equal whole string') { $normal[] = $search; $search = ""; $searchtype = 'eq'; } // 0. Check for fulltext or fulltext boolean searchtypes (MySQL only) // CHECKME: switch to other search type if $search is less than min. length ? if (!empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') { $fulltext = xarModVars::get('publications', 'fulltextsearch'); if (!empty($fulltext)) { $fulltextfields = explode(',', $fulltext); } else { $fulltextfields = array(); } $matchfields = array(); foreach ($fulltextfields as $field) { if (empty($leftjoin[$field])) { continue; } $matchfields[] = $leftjoin[$field]; } // TODO: switch mode automatically if + - etc. are detected ? $matchmode = ''; if ($searchtype == 'fulltext boolean') { $matchmode = ' IN BOOLEAN MODE'; } $find[] = 'MATCH (' . join(', ', $matchfields) . ') AGAINST (' . $dbconn->qstr($search) . $matchmode . ')'; // Add this to field list too when sorting by relevance in boolean mode (cfr. getall() sort) $leftjoin['relevance'] = 'MATCH (' . join(', ', $matchfields) . ') AGAINST (' . $dbconn->qstr($search) . $matchmode . ') AS relevance'; // check if we have any other fields to search in $morefields = array_diff($searchfields, $fulltextfields); if (!empty($morefields)) { // FIXME: sort order may not be by relevance if we mix fulltext with other searches $searchfields = $morefields; $searchtype = ''; } else { // we're done here $searchfields = array(); $search = ''; } } // 1. find quoted text if (preg_match_all('#"(.*?)"#', $search, $matches)) { foreach ($matches[1] as $match) { $normal[] = $match; $match = preg_quote($match); $search = trim(preg_replace("#\"{$match}\"#", '', $search)); } } if (preg_match_all("/'(.*?)'/", $search, $matches)) { foreach ($matches[1] as $match) { $normal[] = $match; $match = preg_quote($match); $search = trim(preg_replace("#'{$match}'#", '', $search)); } } // 2. find mandatory +text to include // 3. find mandatory -text to exclude // 4. find normal text $more = preg_split('/\\s+/', $search, -1, PREG_SPLIT_NO_EMPTY); $normal = array_merge($normal, $more); foreach ($normal as $text) { // TODO: use XARADODB to escape wildcards (and use portable ones) ?? $text = str_replace('%', '\\%', $text); $text = str_replace('_', '\\_', $text); foreach ($searchfields as $field) { if (empty($leftjoin[$field])) { continue; } if (empty($searchtype) || $searchtype == 'like') { $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text . '%'); } elseif ($searchtype == 'start') { $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr($text . '%'); } elseif ($searchtype == 'end') { $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text); } elseif ($searchtype == 'eq') { $find[] = $leftjoin[$field] . " = " . $dbconn->qstr($text); } else { // TODO: other search types ? $find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text . '%'); } } } $whereclauses[] = '(' . join(' OR ', $find) . ')'; } if (count($whereclauses) > 0) { $leftjoin['where'] = join(' AND ', $whereclauses); } else { $leftjoin['where'] = ''; } return $leftjoin; }
function publications_treeapi_insertprep($args) { // An insertion point (an ID in the table) is required. // Special insertion point ID is 0, which refers to the // virtual root of all trees. An item can not be // inserted on the same level as the virtual root. extract($args); // TODO: validate params: insertpoint, offset, tablename, idname // Default operation is 'before' - i.e. put the new item in the place // of the insertpoint and move everything to the right one place. if (!xarVarValidate('enum:before:after:firstchild:lastchild', $offset, true)) { $offset = 'firstchild'; } if (!isset($insertpoint)) { $insertpoint = 0; } if (!isset($idname)) { $idname = 'xar_id'; } // Cannot insert on the same level as the virtual root. if ($insertpoint == 0) { if ($offset == 'before') { $offset = 'firstchild'; } if ($offset == 'after') { $offset = 'lastchild'; } } $dbconn = xarDB::getConn(); $result = xarMod::apiFunc('publications', 'tree', 'getleftright', array('tablename' => $tablename, 'idname' => $idname, 'id' => $insertpoint)); if (!$result) { return; } extract($result); // Locate the new insert point. if ($offset == 'before') { $shift = $left; } if ($offset == 'after') { $shift = $right + 1; } if ($offset == 'firstchild') { $shift = $left + 1; $parent = $insertpoint; } if ($offset == 'lastchild') { $shift = $right; $parent = $insertpoint; } // Create a space of two traversal points. // The new item will not have children, so the traversal // points will be sequential. $query = 'UPDATE ' . $tablename . ' SET xar_left = xar_left + 2 ' . ' WHERE xar_left >= ?'; $result = $dbconn->execute($query, array($shift)); if (!$result) { return; } $query = 'UPDATE ' . $tablename . ' SET xar_right = xar_right + 2 ' . ' WHERE xar_right >= ?'; $result = $dbconn->execute($query, array($shift)); if (!$result) { return; } // Return the new parent/left/right values return array('parent' => $parent, 'left' => $shift, 'right' => $shift + 1); }
/** * count number of items depending on additional module criteria * * @param $args['catid'] string of category id(s) that we're counting in, or * @param $args['cids'] array of cids that we are counting in (OR/AND) * @param $args['andcids'] true means AND-ing categories listed in cids * * @param $args['owner'] the ID of the author * @param $args['ptid'] publication type ID (for news, sections, reviews, ...) * @param $args['state'] array of requested status(es) for the publications * @param $args['startdate'] publications published at startdate or later * (unix timestamp format) * @param $args['enddate'] publications published before enddate * (unix timestamp format) * @return int number of items */ function publications_userapi_countitems($args) { // Database information $dbconn = xarDB::getConn(); // Get the field names and LEFT JOIN ... ON ... parts from publications // By passing on the $args, we can let leftjoin() create the WHERE for // the publications-specific columns too now $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args); // TODO: make sure this is SQL standard // Start building the query if ($dbconn->databaseType == 'sqlite') { $query = 'SELECT COUNT(*) FROM ( SELECT DISTINCT ' . $publicationsdef['field'] . ' FROM ' . $publicationsdef['table']; // WATCH OUT, UNBALANCED } else { $query = 'SELECT COUNT(DISTINCT ' . $publicationsdef['field'] . ')'; $query .= ' FROM ' . $publicationsdef['table']; } if (!isset($args['cids'])) { $args['cids'] = array(); } if (!isset($args['andcids'])) { $args['andcids'] = false; } if (count($args['cids']) > 0 || !empty($args['catid'])) { // Load API if (!xarModAPILoad('categories', 'user')) { return; } // Get the LEFT JOIN ... ON ... and WHERE (!) parts from categories $args['modid'] = xarModGetIDFromName('publications'); if (isset($args['ptid']) && !isset($args['itemtype'])) { $args['itemtype'] = $args['ptid']; } $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args); $query .= ' LEFT JOIN ' . $categoriesdef['table']; $query .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id']; $query .= $categoriesdef['more']; $docid = 1; } // Create the WHERE part $where = array(); // we rely on leftjoin() to create the necessary publications clauses now if (!empty($publicationsdef['where'])) { $where[] = $publicationsdef['where']; } if (!empty($docid)) { // we rely on leftjoin() to create the necessary categories clauses $where[] = $categoriesdef['where']; } if (count($where) > 0) { $query .= ' WHERE ' . join(' AND ', $where); } // Balance parentheses if ($dbconn->databaseType == 'sqlite') { $query .= ')'; } // Run the query - finally :-) $result =& $dbconn->Execute($query); if (!$result) { return; } if ($result->EOF) { return; } $num = $result->fields[0]; $result->Close(); return $num; }
/** * get the number of publications per publication type and category * * @param $args['state'] array of requested status(es) for the publications * @param $args['ptid'] publication type ID * @param $args['cids'] array of category IDs (OR/AND) * @param $args['andcids'] true means AND-ing categories listed in cids * @param $args['groupcids'] the number of categories you want items grouped by * @param $args['reverse'] default is ptid => cid, reverse (1) is cid => ptid * @return array array( $ptid => array( $cid => $count) ), * or false on failure */ function publications_userapi_getpubcatcount($args) { /* static $pubcatcount = array(); if (count($pubcatcount) > 0) { return $pubcatcount; } */ $pubcatcount = array(); // Get database setup $dbconn = xarDB::getConn(); // Get the LEFT JOIN ... ON ... and WHERE parts from publications $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args); // Load API if (!xarModAPILoad('categories', 'user')) { return; } $args['modid'] = xarMod::getRegID('publications'); if (isset($args['ptid']) && !isset($args['itemtype'])) { $args['itemtype'] = $args['ptid']; } // Get the LEFT JOIN ... ON ... and WHERE parts from categories $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args); // Get count $query = 'SELECT ' . $publicationsdef['pubtype_id'] . ', ' . $categoriesdef['category_id'] . ', COUNT(*) FROM ' . $publicationsdef['table'] . ' LEFT JOIN ' . $categoriesdef['table'] . ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['field'] . $categoriesdef['more'] . ' WHERE ' . $categoriesdef['where'] . ' AND ' . $publicationsdef['where'] . ' GROUP BY ' . $publicationsdef['pubtype_id'] . ', ' . $categoriesdef['category_id']; $result =& $dbconn->Execute($query); if (!$result) { return; } if ($result->EOF) { if (!empty($args['ptid']) && empty($args['reverse'])) { $pubcatcount[$args['ptid']] = array(); } return $pubcatcount; } while (!$result->EOF) { // we may have 1 or more cid fields here, depending on what we're // counting (cfr. AND in categories) $fields = $result->fields; $ptid = array_shift($fields); $count = array_pop($fields); // TODO: use multi-level array for multi-category grouping ? $cid = join('+', $fields); if (empty($args['reverse'])) { $pubcatcount[$ptid][$cid] = $count; } else { $pubcatcount[$cid][$ptid] = $count; } $result->MoveNext(); } foreach ($pubcatcount as $id1 => $val) { $total = 0; foreach ($val as $id2 => $count) { $total += $count; } $pubcatcount[$id1]['total'] = $total; } return $pubcatcount; }
/** * count number of items depending on additional module criteria * * @param array group * @return array number of items with descriptors */ function publications_adminapi_getstats($args) { extract($args); $allowedfields = array('pubtype_id', 'state', 'owner', 'locale', 'pubdate_year', 'pubdate_month', 'pubdate_day'); if (empty($group)) { $group = array(); } $newfields = array(); $newgroups = array(); foreach ($group as $field) { if (empty($field) || !in_array($field, $allowedfields)) { continue; } if ($field == 'pubdate_year') { $dbtype = xarDB::getType(); switch ($dbtype) { case 'mysql': $newfields[] = "LEFT(FROM_UNIXTIME(start_date),4) AS myyear"; $newgroups[] = "myyear"; break; case 'postgres': $newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY') AS myyear"; // CHECKME: do we need to use TO_CHAR(...) for the group field too ? $newgroups[] = "myyear"; break; case 'mssql': $newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),4) as myyear"; $newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),4)"; break; // TODO: Add SQL queries for Oracle, etc. // TODO: Add SQL queries for Oracle, etc. default: continue; } } elseif ($field == 'pubdate_month') { $dbtype = xarDB::getType(); switch ($dbtype) { case 'mysql': $newfields[] = "LEFT(FROM_UNIXTIME(start_date),7) AS mymonth"; $newgroups[] = "mymonth"; break; case 'postgres': $newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY-MM') AS mymonth"; // CHECKME: do we need to use TO_CHAR(...) for the group field too ? $newgroups[] = "mymonth"; break; case 'mssql': $newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),7) as mymonth"; $newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),7)"; break; // TODO: Add SQL queries for Oracle, etc. // TODO: Add SQL queries for Oracle, etc. default: continue; } } elseif ($field == 'pubdate_day') { $dbtype = xarDB::getType(); switch ($dbtype) { case 'mysql': $newfields[] = "LEFT(FROM_UNIXTIME(start_date),10) AS myday"; $newgroups[] = "myday"; break; case 'postgres': $newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY-MM-DD') AS myday"; // CHECKME: do we need to use TO_CHAR(...) for the group field too ? $newgroups[] = "myday"; break; case 'mssql': $newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),10) as myday"; $newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),10)"; break; // TODO: Add SQL queries for Oracle, etc. // TODO: Add SQL queries for Oracle, etc. default: continue; } } else { $newfields[] = $field; $newgroups[] = $field; } } if (empty($newfields) || count($newfields) < 1) { $newfields = array('pubtype_id', 'state', 'owner'); $newgroups = array('pubtype_id', 'state', 'owner'); } // Database information $dbconn = xarDB::getConn(); $xartables = xarDB::getTables(); $query = 'SELECT ' . join(', ', $newfields) . ', COUNT(*) FROM ' . $xartables['publications'] . ' GROUP BY ' . join(', ', $newgroups) . ' ORDER BY ' . join(', ', $newgroups); $result =& $dbconn->Execute($query); if (!$result) { return; } $stats = array(); while (!$result->EOF) { if (count($newfields) > 3) { list($field1, $field2, $field3, $field4, $count) = $result->fields; $stats[$field1][$field2][$field3][$field4] = $count; } elseif (count($newfields) == 3) { list($field1, $field2, $field3, $count) = $result->fields; $stats[$field1][$field2][$field3] = $count; } elseif (count($newfields) == 2) { list($field1, $field2, $count) = $result->fields; $stats[$field1][$field2] = $count; } elseif (count($newfields) == 1) { list($field1, $count) = $result->fields; $stats[$field1] = $count; } $result->MoveNext(); } $result->Close(); return $stats; }
function publications_admin_updateconfig() { // Confirm authorisation code if (!xarSecConfirmAuthKey()) { return; } // Get parameters //A lot of these probably are bools, still might there be a need to change the template to return //'true' and 'false' to use those... if (!xarVarFetch('settings', 'array', $settings, array(), XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('usetitleforurl', 'int', $usetitleforurl, xarModVars::get('publications', 'usetitleforurl'), XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('defaultstate', 'isset', $defaultstate, 0, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('defaultsort', 'isset', $defaultsort, 'date', XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('usealias', 'int', $usealias, 0, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('ptid', 'isset', $ptid, xarModVars::get('publications', 'defaultpubtype'), XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('multilanguage', 'int', $multilanguage, 0, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('tab', 'str:1:10', $data['tab'], 'global', XARVAR_NOT_REQUIRED)) { return; } if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) { return; } if ($data['tab'] == 'global') { if (!xarVarFetch('defaultpubtype', 'isset', $defaultpubtype, 1, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('sortpubtypes', 'isset', $sortpubtypes, 'id', XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('defaultlanguage', 'str:1:100', $defaultlanguage, xarModVars::get('publications', 'defaultlanguage'), XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('debugmode', 'checkbox', $debugmode, xarModVars::get('publications', 'debugmode'), XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('defaultfrontpage', 'str', $defaultfrontpage, xarModVars::get('publications', 'defaultfrontpage'), XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('defaultbackpage', 'str', $defaultbackpage, xarModVars::get('publications', 'defaultbackpage'), XARVAR_NOT_REQUIRED)) { return; } xarModVars::set('publications', 'defaultpubtype', $defaultpubtype); xarModVars::set('publications', 'sortpubtypes', $sortpubtypes); xarModVars::set('publications', 'defaultlanguage', $defaultlanguage); xarModVars::set('publications', 'debugmode', $debugmode); xarModVars::set('publications', 'usealias', $usealias); xarModVars::set('publications', 'usetitleforurl', $usetitleforurl); xarModVars::set('publications', 'defaultfrontpage', $defaultfrontpage); xarModVars::set('publications', 'defaultbackpage', $defaultbackpage); // Allow multilanguage only if the languages property is present sys::import('modules.dynamicdata.class.properties.registration'); $types = PropertyRegistration::Retrieve(); if (isset($types[30039])) { xarModVars::set('publications', 'multilanguage', $multilanguage); } else { xarModVars::set('publications', 'multilanguage', 0); } // Get the special pages. foreach (array('defaultpage', 'errorpage', 'notfoundpage', 'noprivspage') as $special_name) { unset($special_id); if (!xarVarFetch($special_name, 'id', $special_id, 0, XARVAR_NOT_REQUIRED)) { return; } xarModVars::set('publications', $special_name, $special_id); } if (xarDB::getType() == 'mysql') { if (!xarVarFetch('fulltext', 'isset', $fulltext, '', XARVAR_NOT_REQUIRED)) { return; } $oldval = xarModVars::get('publications', 'fulltextsearch'); $index = 'i_' . xarDB::getPrefix() . '_publications_fulltext'; if (empty($fulltext) && !empty($oldval)) { // Get database setup $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); $publicationstable = $xartable['publications']; // Drop fulltext index on publications table $query = "ALTER TABLE {$publicationstable} DROP INDEX {$index}"; $result =& $dbconn->Execute($query); if (!$result) { return; } xarModVars::set('publications', 'fulltextsearch', ''); } elseif (!empty($fulltext) && empty($oldval)) { $searchfields = array('title', 'description', 'summary', 'body1', 'notes'); // $searchfields = explode(',',$fulltext); // Get database setup $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); $publicationstable = $xartable['publications']; // Add fulltext index on publications table $query = "ALTER TABLE {$publicationstable} ADD FULLTEXT {$index} (" . join(', ', $searchfields) . ")"; $result =& $dbconn->Execute($query); if (!$result) { return; } xarModVars::set('publications', 'fulltextsearch', join(',', $searchfields)); } } // Module settings $data['module_settings'] = xarMod::apiFunc('base', 'admin', 'getmodulesettings', array('module' => 'publications')); $data['module_settings']->setFieldList('items_per_page, use_module_alias, module_alias_name, enable_short_urls, user_menu_link', 'use_module_icons'); $isvalid = $data['module_settings']->checkInput(); if (!$isvalid) { return xarTplModule('base', 'admin', 'modifyconfig', $data); } else { $itemid = $data['module_settings']->updateItem(); } // Pull the base category ids from the template and save them $picker = DataPropertyMaster::getProperty(array('name' => 'categorypicker')); $picker->checkInput('basecid'); } elseif ($data['tab'] == 'pubtypes') { // Get the publication type for this display and save the settings to it $pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types')); $pubtypeobject->getItem(array('itemid' => $ptid)); $configsettings = $pubtypeobject->properties['configuration']->getValue(); $checkbox = DataPropertyMaster::getProperty(array('name' => 'checkbox')); $boxes = array('show_hitount', 'show_ratings', 'show_keywords', 'show_comments', 'show_prevnext', 'show_archives', 'show_publinks', 'show_pubcount', 'show_map', 'prevnextart', 'dot_transform', 'title_transform', 'show_categories', 'show_catcount', 'show_prevnext', 'allow_translations'); foreach ($boxes as $box) { $isvalid = $checkbox->checkInput($box); if ($isvalid) { $settings[$box] = $checkbox->value; } } // foreach ($configsettings as $key => $value) // if (!isset($settings[$key])) $settings[$key] = 0; $isvalid = true; // Get the default access rules $access = DataPropertyMaster::getProperty(array('name' => 'access')); $validprop = $access->checkInput("access_add"); $addaccess = $access->value; $isvalid = $isvalid && $validprop; $validprop = $access->checkInput("access_display"); $displayaccess = $access->value; $isvalid = $isvalid && $validprop; $validprop = $access->checkInput("access_modify"); $modifyaccess = $access->value; $isvalid = $isvalid && $validprop; $validprop = $access->checkInput("access_delete"); $deleteaccess = $access->value; $isvalid = $isvalid && $validprop; $allaccess = array('add' => $addaccess, 'display' => $displayaccess, 'modify' => $modifyaccess, 'delete' => $deleteaccess); $pubtypeobject->properties['access']->setValue(serialize($allaccess)); $pubtypeobject->properties['configuration']->setValue(serialize($settings)); $pubtypeobject->updateItem(array('itemid' => $ptid)); $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes'); if ($usealias) { xarModSetAlias($pubtypes[$ptid]['name'], 'publications'); } else { xarModDelAlias($pubtypes[$ptid]['name'], 'publications'); } } elseif ($data['tab'] == 'redirects') { $redirects = DataPropertyMaster::getProperty(array('name' => 'array')); $redirects->display_column_definition['value'] = array(array("From", "To"), array(2, 2), array("", ""), array("", "")); $isvalid = $redirects->checkInput("redirects"); xarModVars::set('publications', 'redirects', $redirects->value); } xarController::redirect(xarModURL('publications', 'admin', 'modifyconfig', array('ptid' => $ptid, 'tab' => $data['tab']))); return true; }
function publications_treeapi_moveitem($args) { extract($args); $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); // Obtain current information on the reference item $refitem = xarMod::apiFunc('publications', 'user', 'getpage', array('pid' => $refid)); $query = 'SELECT xar_left, xar_right, xar_parent' . ' FROM ' . $tablename . ' WHERE ' . $idname . ' = ?'; // Run the query (reference item). $result = $dbconn->execute($query, array($refid)); if (!$result) { return; } if ($result->EOF) { $msg = xarML('Reference item "#(1)" does not exist', $refid); throw new BadParameterException(null, $msg); } list($ref_left, $ref_right, $ref_parent) = $result->fields; // Run the query (item to be moved). $result = $dbconn->execute($query, array((int) $itemid)); if (!$result) { return; } if ($result->EOF) { $msg = xarML('Moving item "#(1)" does not exist', $itemid); throw new BadParameterException(null, $msg); } list($item_left, $item_right, $item_parent) = $result->fields; // Checking if the reference ID is of a child or itself if ($ref_left >= $item_left && $ref_left <= $item_right) { $msg = xarML('Group references siblings'); throw new BadParameterException(null, $msg); } // Find the point of insertion. switch (strtolower($offset)) { case 'lastchild': // last child of reference item $insertion_point = $ref_right; break; case 'after': // after reference item, same level $insertion_point = $ref_right + 1; break; case 'firstchild': // first child reference item $insertion_point = $ref_left + 1; break; case 'before': // before reference item, same level $insertion_point = $ref_left; break; default: $msg = xarML('Offset not "#(1)" valid', $offset); throw new BadParameterException(null, $msg); } $size = $item_right - $item_left + 1; $distance = $insertion_point - $item_left; // If necessary to move then evaluate if ($distance != 0) { if ($distance > 0) { // moving forward $distance = $insertion_point - $item_right - 1; $deslocation_outside = -$size; $between_string = $item_right + 1 . ' AND ' . ($insertion_point - 1); } else { // $distance < 0 (moving backward) $deslocation_outside = $size; $between_string = $insertion_point . ' AND ' . ($item_left - 1); } // This seems SQL-92 standard... Its a good test to see if // the databases we are supporting are complying with it. This can be // broken down in 3 simple UPDATES which shouldnt be a problem with any database. $query = 'UPDATE ' . $tablename . ' SET xar_left = CASE' . ' WHEN xar_left BETWEEN ' . $item_left . ' AND ' . $item_right . ' THEN xar_left + (' . $distance . ')' . ' WHEN xar_left BETWEEN ' . $between_string . ' THEN xar_left + (' . $deslocation_outside . ')' . ' ELSE xar_left' . ' END,' . ' xar_right = CASE' . ' WHEN xar_right BETWEEN ' . $item_left . ' AND ' . $item_right . ' THEN xar_right + (' . $distance . ')' . ' WHEN xar_right BETWEEN ' . $between_string . ' THEN xar_right + (' . $deslocation_outside . ')' . ' ELSE xar_right' . ' END'; $result = $dbconn->execute($query); if (!$result) { return; } // Find the right parent for this item. if (strtolower($offset) == 'lastchild' || strtolower($offset) == 'firstchild') { $parent_id = $refid; } else { $parent_id = $ref_parent; } // Update parent id $query = 'UPDATE ' . $tablename . ' SET xar_parent = ?' . ' WHERE ' . $idname . ' = ?'; $result = $dbconn->execute($query, array((int) $parent_id, (int) $itemid)); if (!$result) { return; } } return true; }
/** * Delete a calendar from database * Usage : if (xarMod::apiFunc('calendar', 'admin', 'delete', $calendar)) {...} * * @param $args['calid'] ID of the calendar * @returns bool * @return true on success, false on failure */ function calendar_adminapi_delete_calendar($args) { // Get arguments from argument array extract($args); // Argument check if (!isset($calid)) { $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'calendar ID', 'admin', 'delete', 'Calendar'); throw new Exception($msg); } // TODO: Security check /* if (!xarMod::apiLoad('calendar', 'user')) return; $args['mask'] = 'DeleteCalendars'; if (!xarMod::apiFunc('calendar','user','checksecurity',$args)) { $msg = xarML('Not authorized to delete #(1) items', 'Calendar'); throw new Exception($msg); } */ // Call delete hooks for categories, hitcount etc. $args['module'] = 'calendar'; $args['itemid'] = $calid; xarModCallHooks('item', 'delete', $calid, $args); // Get database setup $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); $calendarstable = $xartable['calendars']; $cal_filestable = $xartable['calendars_files']; $calfiles = $xartable['calfiles']; // Get files associated with that calendar $query = "SELECT xar_files_id FROM {$cal_filestable}\n WHERE xar_calendars_id = ? LIMIT 1 "; $result =& $dbconn->Execute($query, array($calid)); if (!$result) { return; } for (; !$result->EOF; $result->MoveNext()) { // there should be only one result list($file_id) = $result->fields; } if (isset($file_id) || !empty($file_id)) { $query = "DELETE FROM {$calfiles}\n WHERE xar_id = ?"; $result =& $dbconn->Execute($query, array($file_id)); if (!$result) { return; } } // Delete item $query = "DELETE FROM {$calendarstable}\n WHERE xar_id = ?"; $result =& $dbconn->Execute($query, array($calid)); if (!$result) { return; } $query = "DELETE FROM {$cal_filestable}\n WHERE xar_calendars_id = ?"; $result =& $dbconn->Execute($query, array($calid)); if (!$result) { return; } $result->Close(); return true; }
/** * get a list of article authors depending on additional module criteria * * @param $args['cids'] array of cids that we are counting for (OR/AND) * @param $args['andcids'] true means AND-ing categories listed in cids * * @param $args['owner'] the ID of the author * @param $args['ptid'] publication type ID (for news, sections, reviews, ...) * @param $args['state'] array of requested status(es) for the publications * @param $args['startdate'] publications published at startdate or later * (unix timestamp format) * @param $args['enddate'] publications published before enddate * (unix timestamp format) * @return array of author id => author name */ function publications_userapi_getauthors($args) { // Database information $dbconn = xarDB::getConn(); // Get the field names and LEFT JOIN ... ON ... parts from publications // By passing on the $args, we can let leftjoin() create the WHERE for // the publications-specific columns too now $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args); // Load API if (!xarModAPILoad('roles', 'user')) { return; } // Get the field names and LEFT JOIN ... ON ... parts from users $usersdef = xarModAPIFunc('roles', 'user', 'leftjoin'); // TODO: make sure this is SQL standard // Start building the query $query = 'SELECT DISTINCT ' . $publicationsdef['owner'] . ', ' . $usersdef['name']; $query .= ' FROM ' . $publicationsdef['table']; // Add the LEFT JOIN ... ON ... parts from users $query .= ' LEFT JOIN ' . $usersdef['table']; $query .= ' ON ' . $usersdef['field'] . ' = ' . $publicationsdef['owner']; if (!isset($args['cids'])) { $args['cids'] = array(); } if (!isset($args['andcids'])) { $args['andcids'] = false; } if (count($args['cids']) > 0) { // Load API if (!xarModAPILoad('categories', 'user')) { return; } // Get the LEFT JOIN ... ON ... and WHERE (!) parts from categories $args['modid'] = xarModGetIDFromName('publications'); if (isset($args['ptid']) && !isset($args['itemtype'])) { $args['itemtype'] = $args['ptid']; } $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args); $query .= ' LEFT JOIN ' . $categoriesdef['table']; $query .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id']; $query .= $categoriesdef['more']; $docid = 1; } // Create the WHERE part $where = array(); // we rely on leftjoin() to create the necessary publications clauses now if (!empty($publicationsdef['where'])) { $where[] = $publicationsdef['where']; } if (!empty($docid)) { // we rely on leftjoin() to create the necessary categories clauses $where[] = $categoriesdef['where']; } if (count($where) > 0) { $query .= ' WHERE ' . join(' AND ', $where); } // Order by author name $query .= ' ORDER BY ' . $usersdef['name'] . ' ASC'; // Run the query - finally :-) $result =& $dbconn->Execute($query); if (!$result) { return; } $authors = array(); while (!$result->EOF) { list($uid, $name) = $result->fields; $authors[$uid] = array('id' => $uid, 'name' => $name); $result->MoveNext(); } $result->Close(); return $authors; }
/** * Update a publication type * * @param id $args['ptid'] ID of the publication type * @param string $args['name'] name of the publication type (not allowed here) * @param string $args['description'] description of the publication type * @param array $args['config'] configuration of the publication type * @return bool true on success, false on failure */ function publications_adminapi_updatepubtype($args) { // Get arguments from argument array extract($args); // Argument check - make sure that all required arguments are present // and in the right format, if not then set an appropriate error // message and return // Note : since we have several arguments we want to check here, we'll // report all those that are invalid at the same time... $invalid = array(); if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) { $invalid[] = 'publication type ID'; } /* if (!isset($name) || !is_string($name) || empty($name)) { $invalid[] = 'name'; } */ if (!isset($descr) || !is_string($descr) || empty($descr)) { $invalid[] = 'description'; } if (!isset($config) || !is_array($config) || count($config) == 0) { $invalid[] = 'configuration'; } if (count($invalid) > 0) { $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'updatepubtype', 'Publications'); throw new BadParameterException(null, $msg); } // Security check - we require ADMIN rights here if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) { return; } // Load user API to obtain item information function if (!xarModAPILoad('publications', 'user')) { return; } // Get current publication types $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes'); if (!isset($pubtypes[$ptid])) { $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'updatepubtype', 'Publications'); throw new BadParameterException(null, $msg); } // Make sure we have all the configuration fields we need $pubfields = xarModAPIFunc('publications', 'user', 'getpubfields'); foreach ($pubfields as $field => $value) { if (!isset($config[$field])) { $config[$field] = ''; } } // Get database setup $dbconn = xarDB::getConn(); $xartable = xarDB::getTables(); $pubtypestable = $xartable['publication_types']; // Update the publication type (don't allow updates on name) $query = "UPDATE {$pubtypestable}\n SET pubtypedescr = ?,\n pubtypeconfig = ?\n WHERE pubtype_id = ?"; $bindvars = array($descr, serialize($config), $ptid); $result =& $dbconn->Execute($query, $bindvars); if (!$result) { return; } return true; }
/** * get overview of all publications * Note : the following parameters are all optional * * @param $args['numitems'] number of publications to get * @param $args['sort'] sort order ('create_date','title','hits','rating','author','id','summary','notes',...) * @param $args['startnum'] starting article number * @param $args['ids'] array of article ids to get * @param $args['owner'] the ID of the author * @param $args['ptid'] publication type ID (for news, sections, reviews, ...) * @param $args['state'] array of requested status(es) for the publications * @param $args['search'] search parameter(s) * @param $args['searchfields'] array of fields to search in * @param $args['searchtype'] start, end, like, eq, gt, ... (TODO) * @param $args['cids'] array of category IDs for which to get publications (OR/AND) * (for all categories don?t set it) * @param $args['andcids'] true means AND-ing categories listed in cids * @param $args['create_date'] publications published in a certain year (YYYY), month (YYYY-MM) or day (YYYY-MM-DD) * @param $args['startdate'] publications published at startdate or later * (unix timestamp format) * @param $args['enddate'] publications published before enddate * (unix timestamp format) * @param $args['fields'] array with all the fields to return per publication * Default list is : 'id','title','summary','owner', * 'create_date','pubtype_id','notes','state','body1' * Optional fields : 'cids','author','counter','rating','dynamicdata' * @param $args['extra'] array with extra fields to return per article (in addition * to the default list). So you can EITHER specify *all* the * fields you want with 'fields', OR take all the default * ones and add some optional fields with 'extra' * @param $args['where'] additional where clauses (e.g. myfield gt 1234) * @param $args['locale'] language/locale (if not using multi-sites, categories etc.) * @return array Array of publications, or false on failure */ function publications_userapi_getall($args) { // Get arguments from argument array extract($args); // Optional argument if (!isset($startnum)) { $startnum = 1; } if (empty($cids)) { $cids = array(); } if (!isset($andcids)) { $andcids = false; } if (empty($ptid)) { $ptid = null; } // Default fields in publications (for now) $columns = array('id', 'name', 'title', 'description', 'summary', 'body1', 'owner', 'pubtype_id', 'notes', 'state', 'start_date'); // Optional fields in publications (for now) // + 'cids' = list of categories an article belongs to // + 'author' = user name of owner // + 'counter' = number of times this article was displayed (hitcount) // + 'rating' = rating for this article (ratings) // + 'dynamicdata' = dynamic data fields for this article (dynamicdata) // + 'relevance' = relevance for this article (MySQL full-text search only) // $optional = array('cids','author','counter','rating','dynamicdata','relevance'); if (!isset($fields)) { $fields = $columns; } if (isset($extra) && is_array($extra) && count($extra) > 0) { $fields = array_merge($fields, $extra); } if (empty($sort)) { if (!empty($search) && !empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') { if ($searchtype == 'fulltext boolean' && !in_array('relevance', $fields)) { // add the relevance to the field list for sorting $fields[] = 'relevance'; } // let the database sort by relevance (= default for fulltext) $sortlist = array(); } else { // default sort by create_date $sortlist = array('create_date'); } } elseif (is_array($sort)) { $sortlist = $sort; } else { $sortlist = explode(',', $sort); } $publications = array(); // Security check if (!xarSecurityCheck('ViewPublications')) { return; } // Fields requested by the calling function $required = array(); foreach ($fields as $field) { $required[$field] = 1; } // mandatory fields for security $required['id'] = 1; $required['title'] = 1; $required['pubtype_id'] = 1; $required['create_date'] = 1; $required['owner'] = 1; // not to be confused with author (name) :-) // force cids as required when categories are given if (count($cids) > 0) { $required['cids'] = 1; } // TODO: put all this in dynamic data and retrieve everything via there (including hooked stuff) // Database information $dbconn = xarDB::getConn(); // Get the field names and LEFT JOIN ... ON ... parts from publications // By passing on the $args, we can let leftjoin() create the WHERE for // the publications-specific columns too now $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args); // TODO : how to handle the case where name is empty, but uname isn't if (!empty($required['owner'])) { // Load API if (!xarModAPILoad('roles', 'user')) { return; } // Get the field names and LEFT JOIN ... ON ... parts from users $usersdef = xarModAPIFunc('roles', 'user', 'leftjoin'); if (empty($usersdef)) { return; } } $regid = xarMod::getRegID('publications'); if (!empty($required['cids'])) { // Load API if (!xarModAPILoad('categories', 'user')) { return; } // Get the LEFT JOIN ... ON ... and WHERE (!) parts from categories $categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', array('cids' => $cids, 'andcids' => $andcids, 'itemtype' => isset($ptid) ? $ptid : null, 'modid' => $regid)); if (empty($categoriesdef)) { return; } } if (!empty($required['counter']) && xarModIsHooked('hitcount', 'publications', $ptid)) { // Load API if (!xarModAPILoad('hitcount', 'user')) { return; } // Get the LEFT JOIN ... ON ... and WHERE (!) parts from hitcount $hitcountdef = xarModAPIFunc('hitcount', 'user', 'leftjoin', array('modid' => $regid, 'itemtype' => isset($ptid) ? $ptid : null)); } if (!empty($required['rating']) && xarModIsHooked('ratings', 'publications', $ptid)) { // Load API if (!xarModAPILoad('ratings', 'user')) { return; } // Get the LEFT JOIN ... ON ... and WHERE (!) parts from ratings $ratingsdef = xarModAPIFunc('ratings', 'user', 'leftjoin', array('modid' => $regid, 'itemtype' => isset($ptid) ? $ptid : null)); } // Create the SELECT part $select = array(); foreach ($required as $field => $val) { // we'll handle this later if ($field == 'cids') { continue; } elseif ($field == 'dynamicdata') { continue; } elseif ($field == 'owner') { $select[] = $usersdef['name']; } elseif ($field == 'counter') { if (!empty($hitcountdef['hits'])) { $select[] = $hitcountdef['hits']; } } elseif ($field == 'rating') { if (!empty($ratingsdef['rating'])) { $select[] = $ratingsdef['rating']; } } else { $select[] = $publicationsdef[$field]; } } // FIXME: <rabbitt> PostgreSQL requires that all fields in an 'Order By' be in the SELECT // this has been added to remove the error that not having it creates // FIXME: <mikespub> Oracle doesn't allow having the same field in a query twice if you // don't specify an alias (at least in sub-queries, which is what SelectLimit uses) // if (!in_array($publicationsdef['create_date'], $select)) { // $select[] = $publicationsdef['create_date']; // } // we need distinct for multi-category OR selects where publications fit in more than 1 category if (count($cids) > 0) { $query = 'SELECT DISTINCT ' . join(', ', $select); } else { $query = 'SELECT ' . join(', ', $select); } // Create the FROM ... [LEFT JOIN ... ON ...] part $from = $publicationsdef['table']; $addme = 0; if (!empty($required['owner'])) { // Add the LEFT JOIN ... ON ... parts from users $from .= ' LEFT JOIN ' . $usersdef['table']; $from .= ' ON ' . $usersdef['field'] . ' = ' . $publicationsdef['owner']; $addme = 1; } if (!empty($required['counter']) && isset($hitcountdef)) { // add this for SQL compliance when there are multiple JOINs // bug 4429: sqlite doesnt like the parentheses if ($addme && $dbconn->databaseType != 'sqlite') { $from = '(' . $from . ')'; } // Add the LEFT JOIN ... ON ... parts from hitcount $from .= ' LEFT JOIN ' . $hitcountdef['table']; $from .= ' ON ' . $hitcountdef['field'] . ' = ' . $publicationsdef['id']; $addme = 1; } if (!empty($required['rating']) && isset($ratingsdef)) { // add this for SQL compliance when there are multiple JOINs // bug 4429: sqlite doesnt like the parentheses if ($addme && $dbconn->databaseType != 'sqlite') { $from = '(' . $from . ')'; } // Add the LEFT JOIN ... ON ... parts from ratings $from .= ' LEFT JOIN ' . $ratingsdef['table']; $from .= ' ON ' . $ratingsdef['field'] . ' = ' . $publicationsdef['id']; $addme = 1; } if (count($cids) > 0) { // add this for SQL compliance when there are multiple JOINs // bug 4429: sqlite doesnt like the parentheses if ($addme && $dbconn->databaseType != 'sqlite') { $from = '(' . $from . ')'; } // Add the LEFT JOIN ... ON ... parts from categories $from .= ' LEFT JOIN ' . $categoriesdef['table']; $from .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id']; if (!empty($categoriesdef['more']) && $dbconn->databaseType != 'sqlite') { $from = '(' . $from . ')'; $from .= $categoriesdef['more']; } } $query .= ' FROM ' . $from; // TODO: check the order of the conditions for brain-dead databases ? // Create the WHERE part $where = array(); // we rely on leftjoin() to create the necessary publications clauses now if (!empty($publicationsdef['where'])) { $where[] = $publicationsdef['where']; } if (!empty($required['counter']) && !empty($hitcountdef['where'])) { $where[] = $hitcountdef['where']; } if (!empty($required['rating']) && !empty($ratingsdef['where'])) { $where[] = $ratingsdef['where']; } if (count($cids) > 0) { // we rely on leftjoin() to create the necessary categories clauses $where[] = $categoriesdef['where']; } if (count($where) > 0) { $query .= ' WHERE ' . join(' AND ', $where); } // TODO: support other non-publications fields too someday ? // Create the ORDER BY part if (count($sortlist) > 0) { $sortparts = array(); $seenid = 0; foreach ($sortlist as $criteria) { // ignore empty sort criteria if (empty($criteria)) { continue; } // split off trailing ASC or DESC if (preg_match('/^(.+)\\s+(ASC|DESC)\\s*$/i', $criteria, $matches)) { $criteria = trim($matches[1]); $sortorder = strtoupper($matches[2]); } else { $sortorder = ''; } if ($criteria == 'title') { $sortparts[] = $publicationsdef['title'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC'); // } elseif ($criteria == 'create_date' || $criteria == 'date') { // $sortparts[] = $publicationsdef['create_date'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC'); } elseif ($criteria == 'hits' && !empty($hitcountdef['hits'])) { $sortparts[] = $hitcountdef['hits'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC'); } elseif ($criteria == 'rating' && !empty($ratingsdef['rating'])) { $sortparts[] = $ratingsdef['rating'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC'); } elseif ($criteria == 'owner' && !empty($usersdef['name'])) { $sortparts[] = $usersdef['name'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC'); } elseif ($criteria == 'relevance' && !empty($publicationsdef['relevance'])) { $sortparts[] = 'relevance' . ' ' . (!empty($sortorder) ? $sortorder : 'DESC'); } elseif ($criteria == 'id') { $sortparts[] = $publicationsdef['id'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC'); $seenid = 1; // other publications fields, e.g. summary, notes, ... } elseif (!empty($publicationsdef[$criteria])) { $sortparts[] = $publicationsdef[$criteria] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC'); } else { // ignore unknown sort fields } } // add sorting by id for unique sort order if (count($sortparts) < 2 && empty($seenid)) { $sortparts[] = $publicationsdef['id'] . ' DESC'; } $query .= ' ORDER BY ' . join(', ', $sortparts); } elseif (!empty($search) && !empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') { // For fulltext, let the database return the publications by relevance here (= default) // For fulltext in boolean mode, add MATCH () ... AS relevance ... ORDER BY relevance DESC (cfr. leftjoin) if (!empty($required['relevance']) && $searchtype == 'fulltext boolean') { $query .= ' ORDER BY relevance DESC, ' . $publicationsdef['create_date'] . ' DESC, ' . $publicationsdef['id'] . ' DESC'; } } else { // default is 'create_date' $query .= ' ORDER BY ' . $publicationsdef['create_date'] . ' DESC, ' . $publicationsdef['id'] . ' DESC'; } //echo $query; // Run the query - finally :-) if (isset($numitems) && is_numeric($numitems)) { $result =& $dbconn->SelectLimit($query, $numitems, $startnum - 1); } else { $result =& $dbconn->Execute($query); } if (!$result) { return; } $itemids_per_type = array(); // Put publications into result array for (; !$result->EOF; $result->MoveNext()) { $data = $result->fields; $item = array(); // loop over all required fields again foreach ($required as $field => $val) { if ($field == 'cids' || $field == 'dynamicdata' || $val != 1) { continue; } $value = array_shift($data); if ($field == 'rating') { $value = intval($value); } $item[$field] = $value; } // check security - don't generate an exception here if (empty($required['cids']) && !xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) { continue; } $publications[] = $item; if (!empty($required['dynamicdata'])) { $pubtype = $item['pubtype_id']; if (!isset($itemids_per_type[$pubtype])) { $itemids_per_type[$pubtype] = array(); } $itemids_per_type[$pubtype][] = $item['id']; } } $result->Close(); if (!empty($required['cids']) && count($publications) > 0) { // Get all the categories at once $ids = array(); foreach ($publications as $article) { $ids[] = $article['id']; } // Load API if (!xarModAPILoad('categories', 'user')) { return; } // Get the links for the Array of iids we have $cids = xarModAPIFunc('categories', 'user', 'getlinks', array('iids' => $ids, 'reverse' => 1, 'modid' => $regid)); // Inserting the corresponding Category ID in the Publication Description $delete = array(); $cachesec = array(); foreach ($publications as $key => $article) { if (isset($cids[$article['id']]) && count($cids[$article['id']]) > 0) { $publications[$key]['cids'] = $cids[$article['id']]; foreach ($cids[$article['id']] as $cid) { if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$article['pubtype_id']}:{$cid}:{$article['owner']}:{$article['id']}")) { $delete[$key] = 1; break; } if (!isset($cachesec[$cid])) { // TODO: combine with ViewCategoryLink check when we can combine module-specific // security checks with "parent" security checks transparently ? $cachesec[$cid] = xarSecurityCheck('ReadCategories', 0, 'Category', "All:{$cid}"); } if (!$cachesec[$cid]) { $delete[$key] = 1; break; } } } else { if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$article['pubtype_id']}:All:{$article['owner']}:{$article['id']}")) { $delete[$key] = 1; continue; } } } if (count($delete) > 0) { foreach ($delete as $key => $val) { unset($publications[$key]); } } } if (!empty($required['dynamicdata']) && count($publications) > 0) { foreach ($itemids_per_type as $pubtype => $itemids) { if (!xarModIsHooked('dynamicdata', 'publications', $pubtype)) { continue; } list($properties, $items) = xarModAPIFunc('dynamicdata', 'user', 'getitemsforview', array('module' => 'publications', 'itemtype' => $pubtype, 'itemids' => $itemids, 'state' => 1)); if (empty($properties) || count($properties) == 0) { continue; } foreach ($publications as $key => $article) { // otherwise publications (of different pub types) with dd properties having the same // names reset previously set values to empty string for each iteration based on the pubtype if ($article['pubtype_id'] != $pubtype) { continue; } foreach (array_keys($properties) as $name) { if (isset($items[$article['id']]) && isset($items[$article['id']][$name])) { $value = $items[$article['id']][$name]; } else { $value = $properties[$name]->default; } $publications[$key][$name] = $value; // TODO: clean up this temporary fix if (!empty($value)) { $publications[$key][$name . '_output'] = $properties[$name]->showOutput(array('value' => $value)); } } } } } return $publications; }