public function undelete($id) { //SQL injection safe $pid = (int) $id; $qry = 'SELECT uid FROM ' . PREFIX . 'codo_posts WHERE post_id=' . $pid; $res = $this->db->query($qry); $result = $res->fetch(); if ($result) { $puid = $result['uid']; if ($puid == \CODOF\User\CurrentUser\CurrentUser::id()) { $has_permission = \CODOF\Access\Access::hasPermission(array('edit my posts', 'edit all posts')); } else { $has_permission = \CODOF\Access\Access::hasPermission('edit all posts'); } if ($has_permission) { $post = new \CODOF\Forum\Post($this->db); //Delete post ie set status as 0 $post->undelete($pid); echo 'success'; } else { echo "Unauthorized request to delete post " . $id; exit; } } else { echo 'no post found'; } }
public function get_recent_posts($uid) { $posts = array(); $id = (int) $uid; $access_conditions = ''; if ($id != \CODOF\User\CurrentUser\CurrentUser::id()) { $topic = new \CODOF\Forum\Topic(false); $access_conditions = "AND " . $topic->getViewTopicPermissionConditions(); } $qry = 'SELECT c.cat_alias,c.cat_img,p.omessage AS message, t.title, t.topic_id,' . ' u.id, u.name, u.avatar, t.topic_created,t.no_posts,t.no_views, p.post_created,p.post_id ' . ' FROM ' . PREFIX . 'codo_posts AS p ' . ' LEFT JOIN ' . PREFIX . 'codo_categories AS c ON p.cat_id=c.cat_id ' . ' LEFT JOIN ' . PREFIX . 'codo_topics AS t ON t.topic_id=p.topic_id ' . ' LEFT JOIN ' . PREFIX . 'codo_users AS u ON t.uid=u.id ' . ' WHERE p.uid = ' . $id . ' AND p.post_status<>0 ' . $access_conditions . ' ORDER BY p.post_created DESC ' . ' LIMIT 20 OFFSET 0'; $obj = $this->db->query($qry); if ($obj) { $posts = $this->gen_posts_arr($obj->fetchAll()); } $category = new \CODOF\Forum\Category(); return array("topics" => $posts, "RURI" => RURI, "DURI" => DURI, "CAT_IMGS" => CAT_IMGS, "CURR_THEME" => CURR_THEME, "reply_txt" => _t("replies"), "views_txt" => _t("views"), "posted" => _t("posted"), "created" => _t("created"), "no_topics" => _t("You have no recent posts"), "new_topic" => _t("Create new topic"), "can_create" => $category->canCreateTopicInAtleastOne()); }
/** * * cid tid uid type * 10 null 1 2 * 10 2 1 3 * * @param type $cid * @param type $tid * @param type $pid * @param type $offset * @return type */ public function getData($cid, $tid, $pid, $offset) { /** * Alternative with JOIN * select `u`.`id`, `u`.`username`, `u`.`mail`, `t`.`title`, `p`.`imessage`, `p`.`omessage`, `s`.`type` from `codo_users` as `u` inner join `codo_notify_subscribers` as `s` on `s`.`uid` = `u`.`id` join(SELECT id, MAX(tid) AS tid FROM codo_notify_subscribers GROUP BY uid) s2 ON s2.id=s.id AND s.tid=s2.tid left join `codo_posts` as `p` on `p`.`post_id` = 54 left join `codo_topics` as `t` on `t`.`topic_id` = 18 where `s`.`type` = 3 and `s`.`cid` = 3 and `p`.`topic_id` = 18 and `s`.`uid` <> 1 limit 400 offset 0 * */ $data = \DB::table(PREFIX . 'codo_notify_subscribers AS s')->select('u.id', 'u.username', 'u.mail', 't.title', 'p.imessage', 'p.omessage', 's.type', 'c.cat_name')->join(PREFIX . 'codo_users AS u', 's.uid', '=', 'u.id')->leftJoin(PREFIX . 'codo_posts AS p', 'p.post_id', '=', \DB::raw($pid))->leftJoin(PREFIX . 'codo_topics AS t', 't.topic_id', '=', \DB::raw($tid))->leftJoin(PREFIX . 'codo_categories AS c', 'c.cat_id', '=', \DB::raw($cid))->where('s.type', '=', CODOF\Forum\Notification\Subscriber::$NOTIFIED)->where('s.cid', '=', $cid)->where(function ($query) use($tid) { $query->where('s.tid', '=', 0)->orWhere('s.tid', '=', \DB::raw($tid)); })->where('p.topic_id', '=', $tid)->where('s.uid', '<>', \CODOF\User\CurrentUser\CurrentUser::id())->skip($offset)->take(400)->get(); return $data; }
/** * * Used when editing post , updates post with new message * @param type $pid * @param type $imesg * @param type $omesg */ public function update_post($pid, $imesg, $omesg) { $time = time(); $old = \DB::table(PREFIX . 'codo_posts')->where('post_id', $pid)->select('imessage', 'post_created', 'post_modified')->first(); \DB::table(PREFIX . 'codo_edits')->insert(array('post_id' => $pid, 'uid' => \CODOF\User\CurrentUser\CurrentUser::id(), 'text' => \CODOF\Format::imessage($old['imessage']), 'time' => $old['post_modified'] == null ? $old['post_created'] : $old['post_modified'])); $qry = 'UPDATE ' . PREFIX . 'codo_posts SET imessage=:imesg, omessage=:omesg, post_modified=:time' . ' WHERE post_id=:pid'; $stmt = $this->db->prepare($qry); $stmt->execute(array(":imesg" => \CODOF\Format::imessage($imesg), ":omesg" => \CODOF\Format::omessage($omesg), ":time" => $time, ":pid" => $pid)); }
/** * * Marks a topic as read * @param int $cid Category id * @param int $tid Topic id */ public function mark_topic_as_read($cid, $tid) { if (\CODOF\User\CurrentUser\CurrentUser::loggedIn()) { $tid = (int) $tid; $cid = (int) $cid; $uid = \CODOF\User\CurrentUser\CurrentUser::id(); $time = time(); $pre = PREFIX; $res = \DB::select("SELECT COUNT(topic_id) AS cnt FROM {$pre}codo_unread_topics WHERE topic_id={$tid} AND uid={$uid}"); if ($res[0]['cnt']) { $qry = "UPDATE " . PREFIX . "codo_unread_topics SET read_time={$time} WHERE topic_id={$tid} AND uid={$uid}"; $this->db->query($qry); } else { $qry = "INSERT INTO " . PREFIX . "codo_unread_topics VALUES({$cid}, {$tid}, {$uid}, {$time})"; $this->db->query($qry); } } }
/** * Get subscription level for a category * @param int $cid * @return int */ public function levelForCategory($cid) { $result = \DB::table(PREFIX . 'codo_notify_subscribers')->select('type')->where('cid', '=', $cid)->where('tid', '=', '0')->where('uid', '=', \CODOF\User\CurrentUser\CurrentUser::id())->first(); //default subscription is 2 return empty($result) ? self::$DEFAULT : $result['type']; }
/** * Marks notification prior or euqal to $eventTime as read * @param int $eventTime * @return bool */ protected function markAsRead($eventTime) { return \DB::table(PREFIX . 'codo_notify')->where('is_read', '=', '0')->where('uid', '=', \CODOF\User\CurrentUser\CurrentUser::id())->where('created', '<=', $eventTime)->update(array("is_read" => '1')); }
private function assign_admin_vars($tuid) { if ($tuid == \CODOF\User\CurrentUser\CurrentUser::id()) { //this topic belongs to current user $this->smarty->assign('can_edit_topic', json_encode(Access::hasPermission(array('edit my topics', 'edit all topics')))); $this->smarty->assign('can_delete_topic', json_encode(Access::hasPermission(array('delete my topics', 'delete all topics')))); } else { $this->smarty->assign('can_edit_topic', json_encode(Access::hasPermission('edit all topics'))); $this->smarty->assign('can_delete_topic', json_encode(Access::hasPermission('delete all topics'))); } }