Changeset 2292
- Timestamp:
- 12/11/10 07:22:57 (18 months ago)
- Location:
- branches/1.5
- Files:
-
- 16 modified
-
hotaru_settings_default.php (modified) (3 diffs)
-
index.php (modified) (2 diffs)
-
libs/AdminPages.php (modified) (17 diffs)
-
libs/Avatar.php (modified) (14 diffs)
-
libs/Comment.php (modified) (28 diffs)
-
libs/Database.php (modified) (1 diff)
-
libs/Debug.php (modified) (3 diffs)
-
libs/EmailFunctions.php (modified) (4 diffs)
-
libs/Initialize.php (modified) (1 diff)
-
libs/InspektExtras.php (modified) (4 diffs)
-
libs/Maintenance.php (modified) (23 diffs)
-
libs/PageHandling.php (modified) (1 diff)
-
libs/ThemeSettings.php (modified) (5 diffs)
-
libs/UserBase.php (modified) (42 diffs)
-
libs/UserInfo.php (modified) (16 diffs)
-
libs/Widget.php (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/1.5/hotaru_settings_default.php
r2237 r2292 1 1 <?php 2 /* Configuration file for Hotaru CMS �@*/2 /* Configuration file for Hotaru CMS */ 3 3 4 4 // Paths … … 6 6 7 7 // Database details 8 define("DB_USER", 'root'); // Add your own database details 8 define("DB_USER", 'root'); // Add your own database details 9 9 define("DB_PASSWORD", ''); 10 10 define("DB_NAME", 'hotaru'); … … 17 17 define('DB_CHARSET', 'utf8'); // Database Character Set (UTF8 is Recommended), e.g. "utf8" 18 18 define("DB_COLLATE", 'utf8_unicode_ci'); // Database Collation (UTF8 is Recommended), e.g. "utf8_unicode_ci" 19 20 ?> -
branches/1.5/index.php
r2238 r2292 24 24 * @link http://www.hotarucms.org/ 25 25 */ 26 // includes 26 27 27 if( file_exists('hotaru_settings.php') ) { 28 28 require_once('hotaru_settings.php'); … … 38 38 } 39 39 } 40 ?> -
branches/1.5/libs/AdminPages.php
r2267 r2292 26 26 class AdminPages 27 27 { 28 /** 28 29 /** 29 30 * Admin Pages 30 31 */ … … 32 33 { 33 34 $h->vars['admin_sidebar_layout'] = 'vertical'; 34 35 35 36 $h->pluginHook('admin_pages'); 36 37 37 38 switch ($page) { 38 case "admin_login":39 case 'admin_login': 39 40 $h->sidebars = false; 40 41 $h->adminLoginLogout('login'); 41 42 break; 42 case "admin_logout":43 case 'admin_logout': 43 44 $h->adminLoginLogout('logout'); 44 45 break; 45 case "admin_account":46 case 'admin_account': 46 47 $h->vars['admin_account'] = $this->adminAccount($h); 47 48 break; 48 case "settings":49 case 'settings': 49 50 $h->vars['admin_settings'] = $this->settings($h); 50 51 break; 51 case "maintenance":52 case 'maintenance': 52 53 $this->maintenanceAction($h); 53 54 $h->vars['admin_plugin_settings'] = $this->listPluginSettings($h); 54 55 $h->vars['admin_plugin_tables'] = $this->listDbTables($h, true); 55 56 break; 56 case "blocked":57 case 'blocked': 57 58 $h->vars['admin_blocked_list'] = $this->blocked($h); 58 59 break; 59 case "plugin_management":60 case 'plugin_management': 60 61 $h->sidebars = false; 61 62 $h->vars['admin_sidebar_layout'] = 'horizontal'; 62 63 $this->adminPlugins($h); 63 64 break; 64 case "plugin_search":65 case 'plugin_search': 65 66 $h->sidebars = false; 66 67 $h->vars['admin_sidebar_layout'] = 'horizontal'; 67 68 //$this->adminPluginSearch($h); 68 69 break; 69 case "plugin_settings":70 case 'plugin_settings': 70 71 $h->vars['settings_plugin'] = $h->cage->get->testAlnumLines('plugin'); // get plugin name from url 71 if (!$h->vars['settings_plugin']) { 72 if (!$h->vars['settings_plugin']) { 72 73 $h->vars['settings_plugin'] = $h->cage->post->testAlnumLines('plugin'); // get plugin name from form 73 74 } 74 75 $h->vars['plugin_settings_csrf_error'] = ''; 75 if ($h->cage->post->testAlpha('submitted') == 'true') { 76 if ($h->cage->post->testAlpha('submitted') == 'true') { 76 77 $h->vars['plugin_settings_csrf_error'] = (!$h->csrf()) ? true : false; 77 78 } 78 79 $alt_template = $h->cage->get->testPage('alt_template'); 79 if ($alt_template) { $h->displayTemplate($alt_template, $h->vars['settings_plugin']); exit; } 80 break; 81 case "theme_settings": 80 if ($alt_template) { 81 $h->displayTemplate($alt_template, $h->vars['settings_plugin']); 82 exit; 83 } 84 break; 85 case 'theme_settings': 82 86 $h->vars['settings_theme'] = $h->cage->get->testAlnumLines('theme'); // get plugin name from url 83 if (!$h->vars['settings_theme']) { 87 if (!$h->vars['settings_theme']) { 84 88 $h->vars['settings_theme'] = $h->cage->post->testAlnumLines('theme'); // get plugin name from form 85 89 } 86 90 $h->vars['theme_settings_csrf_error'] = ''; 87 if ($h->cage->post->testAlpha('submitted') == 'true') { 91 if ($h->cage->post->testAlpha('submitted') == 'true') { 88 92 $h->vars['theme_settings_csrf_error'] = (!$h->csrf()) ? true : false; 89 93 } … … 94 98 break; 95 99 } 96 100 97 101 // Display the main theme's index.php template 98 102 $h->displayTemplate('admin_index'); 99 103 } 100 101 102 /* ************************************************************* 103 * 104 * ACCOUNT PAGE 105 * 106 * *********************************************************** */ 107 108 104 105 /* * ************************************************************ 106 * 107 * ACCOUNT PAGE 108 * 109 * *********************************************************** */ 110 109 111 /** 110 112 * Call the updateAccount method in UserAuth 111 */ 113 */ 112 114 public function adminAccount($h) 113 115 { 114 116 return $h->currentUser->updateAccount($h); 115 117 } 116 117 118 /* ************************************************************* 119 * 120 * SETTINGS PAGE 121 * 122 * *********************************************************** */ 123 124 118 119 /* * ************************************************************ 120 * 121 * SETTINGS PAGE 122 * 123 * *********************************************************** */ 124 125 125 /** 126 126 * Process the settings form 127 */ 127 */ 128 128 public function settings($h) 129 129 { 130 $loaded_settings = $this->getAllAdminSettings($h->db); // get all admin settings from the database 131 130 // get all admin settings from the database 131 $loaded_settings = $this->getAllAdminSettings($h->db); 132 132 133 $error = 0; 133 134 if ($h->cage->post->noTags('settings_update') 135 134 135 if ($h->cage->post->noTags('settings_update') == 'true') { 136 136 137 // if either the login or forgot password form is submitted, check the CSRF key 137 if (!$h->csrf()) { $error = 1; } 138 138 if (!$h->csrf()) { 139 $error = 1; 140 } 141 139 142 foreach ($loaded_settings as $setting_name) { 140 143 if ($h->cage->post->keyExists($setting_name->settings_name)) { … … 142 145 if (!$error && $setting_value && $setting_value != $setting_name->settings_value) { 143 146 $this->adminSettingUpdate($h, $setting_name->settings_name, $setting_value); 144 145 147 } else { 146 148 if (!$setting_value) { … … 152 154 // values that are allowed to be empty: 153 155 $exempt = array('SMTP_USERNAME', 'SMTP_PASSWORD'); 154 if ($setting_name->settings_show == 'N') { array_push($exempt, $setting_name->settings_name); } 155 if (!in_array($setting_name->settings_name, $exempt)) { 156 if ($setting_name->settings_show == 'N') { 157 array_push($exempt, $setting_name->settings_name); 158 } 159 if (!in_array($setting_name->settings_name, $exempt)) { 156 160 // otherwise flag as an error: 157 161 $error = 1; 158 } 162 } 159 163 } 160 164 } 161 165 162 166 $hook = "SystemInfo:hotaru_feedback"; 163 $cron_data = array('hook' =>$hook);167 $cron_data = array('hook' => $hook); 164 168 $h->pluginHook('cron_delete_job', 'cron', $cron_data); 165 169 166 170 $hook = "SystemInfo:hotaru_version"; 167 $cron_data = array('hook' =>$hook);171 $cron_data = array('hook' => $hook); 168 172 $h->pluginHook('cron_delete_job', 'cron', $cron_data); 169 173 170 174 if ($error == 0) { 171 175 $h->message = $h->lang['admin_settings_update_success']; … … 176 180 } 177 181 } 178 182 179 183 // Activate themes from theme settings pages - called via JavaScript 180 if ($h->cage->post->testAlnumLines('admin') == 'theme_settings' ) 181 { 182 $theme = strtolower($h->cage->post->testAlnumLines('theme') . "/" ); 184 if ($h->cage->post->testAlnumLines('admin') == 'theme_settings') { 185 $theme = strtolower($h->cage->post->testAlnumLines('theme')."/"); 183 186 $this->adminSettingUpdate($h, 'THEME', $theme); 184 $h->deleteFiles(CACHE .'css_js_cache'); // clear the CSS/JS cache185 $json_array = array('activate' =>'true', 'message'=>$h->lang["admin_settings_theme_activate_success"], 'color'=>'green');186 187 $h->deleteFiles(CACHE.'css_js_cache'); // clear the CSS/JS cache 188 $json_array = array('activate' => 'true', 'message' => $h->lang["admin_settings_theme_activate_success"], 'color' => 'green'); 189 187 190 // Send back result data 188 191 echo json_encode($json_array); 189 192 exit; 190 193 } 191 192 $loaded_settings = $this->getAllAdminSettings($h->db); 193 194 return $loaded_settings; 195 } 196 197 194 195 return $this->getAllAdminSettings($h->db); 196 } 197 198 198 /** 199 199 * Returns all setting-value pairs … … 203 203 public function getAllAdminSettings($db) 204 204 { 205 $sql = "SELECT settings_name, settings_value, settings_default, settings_note, settings_show FROM " .TABLE_SETTINGS;205 $sql = "SELECT settings_name, settings_value, settings_default, settings_note, settings_show FROM ".TABLE_SETTINGS; 206 206 $results = $db->get_results($db->prepare($sql)); 207 if ($results) { return $results; } else { return false; } 208 } 209 210 207 if ($results) { 208 return $results; 209 } 210 return FALSE; 211 } 212 211 213 /** 212 214 * Update an admin setting … … 218 220 { 219 221 $exists = $this->adminSettingExists($h->db, $setting); 220 222 221 223 if (!$exists) { 222 $sql = "INSERT INTO " . TABLE_SETTINGS ." (settings_name, settings_value, settings_updateby) VALUES (%s, %s, %d)";224 $sql = "INSERT INTO ".TABLE_SETTINGS." (settings_name, settings_value, settings_updateby) VALUES (%s, %s, %d)"; 223 225 $h->db->query($h->db->prepare($sql, $setting, $value, $h->currentUser->id)); 224 226 } else { 225 $sql = "UPDATE " . TABLE_SETTINGS ." SET settings_name = %s, settings_value = %s, settings_updateby = %d WHERE (settings_name = %s)";227 $sql = "UPDATE ".TABLE_SETTINGS." SET settings_name = %s, settings_value = %s, settings_updateby = %d WHERE (settings_name = %s)"; 226 228 $h->db->query($h->db->prepare($sql, $setting, $value, $h->currentUser->id, $setting)); 227 229 } 228 230 } 229 230 231 231 232 /** 232 233 * Determine if a setting already exists … … 239 240 public function adminSettingExists($db, $setting = '') 240 241 { 241 $sql = "SELECT settings_name FROM " . TABLE_SETTINGS ." WHERE (settings_name = %s)";242 $sql = "SELECT settings_name FROM ".TABLE_SETTINGS." WHERE (settings_name = %s)"; 242 243 $returned_setting = $db->get_var($db->prepare($sql, $setting)); 243 if ($returned_setting) { return $returned_setting; } else { return false; } 244 } 245 246 247 /* ************************************************************* 248 * 249 * MAINTENANCE PAGE 250 * 251 * *********************************************************** */ 252 253 244 if ($returned_setting) { 245 return $returned_setting; 246 } 247 return false; 248 } 249 250 /* * ************************************************************ 251 * 252 * MAINTENANCE PAGE 253 * 254 * *********************************************************** */ 255 254 256 /** 255 257 * Check action called in Maintenance template … … 257 259 public function maintenanceAction($h) 258 260 { 259 require_once(LIBS . 'Maintenance.php');260 261 $maintenance = new Maintenance(); 261 262 $maintenance->getSiteAnnouncement($h); 262 263 263 264 // check if we're viewing a debug file 264 265 $debug_file = $h->cage->get->noPath('debug'); … … 270 271 exit; 271 272 } 272 273 273 274 // check if we're performing an action 274 275 $action = $h->cage->get->testAlnumLines('action'); 275 276 if ($action == 'announcement') { $maintenance->addSiteAnnouncement($h); } 277 if ($action == 'open') { $h->openCloseSite('open'); } 278 if ($action == 'close') { $h->openCloseSite('close'); } 279 if ($action == 'clear_all_cache') { 280 $h->clearCache('db_cache', false); 281 $h->clearCache('css_js_cache', false); 282 $h->clearCache('rss_cache', false); 283 $h->clearCache('html_cache', false); 284 $h->clearCache('lang_cache', false); 285 @unlink(BASE. 'cache/smartloader_cache.php'); 286 $h->message = $h->lang['admin_maintenance_clear_all_cache_success']; 287 $h->messageType = 'green'; 288 } 289 if ($action == 'clear_db_cache') { $h->clearCache('db_cache'); } 290 if ($action == 'clear_css_js_cache') { $h->clearCache('css_js_cache'); } 291 if ($action == 'clear_rss_cache') { $h->clearCache('rss_cache'); } 292 if ($action == 'clear_html_cache') { $h->clearCache('html_cache'); } 293 if ($action == 'clear_lang_cache') { $h->clearCache('lang_cache'); } 294 if ($action == 'optimize') { $h->optimizeTables(); } 295 if ($action == 'empty') { $h->emptyTable($h->cage->get->testAlnumLines('table')); } 296 if ($action == 'drop') { $h->dropTable($h->cage->get->testAlnumLines('table')); } 297 if ($action == 'remove_settings') { $h->removeSettings($h->cage->get->testAlnumLines('settings')); } 298 if ($action == 'system_report') { $h->generateReport(); } 299 if ($action == 'email_report') { $h->generateReport('email'); } 300 if ($action == 'delete_debugs') { 301 $h->clearCache('debug_logs'); 302 $h->vars['debug_files'] = $h->getFiles(CACHE . 'debug_logs'); 303 } 304 276 277 switch ($h->cage->get->testAlnumLines('action')) { 278 case 'announcement': 279 $maintenance->addSiteAnnouncement($h); 280 break; 281 case 'open': 282 $h->openCloseSite('open'); 283 break; 284 case 'close': 285 $h->openCloseSite('close'); 286 break; 287 case 'clear_all_cache': 288 $h->clearCache('db_cache', false); 289 $h->clearCache('css_js_cache', false); 290 $h->clearCache('rss_cache', false); 291 $h->clearCache('html_cache', false); 292 $h->clearCache('lang_cache', false); 293 @unlink(BASE.'cache/smartloader_cache.php'); 294 $h->message = $h->lang['admin_maintenance_clear_all_cache_success']; 295 $h->messageType = 'green'; 296 break; 297 $h->openCloseSite('close'); 298 break; 299 case 'clear_db_cache': 300 $h->clearCache('db_cache'); 301 break; 302 case 'clear_css_js_cache': 303 $h->clearCache('css_js_cache'); 304 break; 305 case 'clear_rss_cache': 306 $h->clearCache('rss_cache'); 307 break; 308 case 'clear_html_cache': 309 $h->clearCache('html_cache'); 310 break; 311 case 'clear_lang_cache': 312 $h->clearCache('lang_cache'); 313 break; 314 case 'optimize': 315 $h->optimizeTables(); 316 break; 317 case 'empty': 318 $h->emptyTable($h->cage->get->testAlnumLines('table')); 319 break; 320 case 'drop': 321 $h->dropTable($h->cage->get->testAlnumLines('table')); 322 break; 323 case 'remove_settings': 324 $h->removeSettings($h->cage->get->testAlnumLines('settings')); 325 break; 326 case 'system_report': 327 $h->generateReport(); 328 break; 329 case 'email_report': 330 $h->generateReport('email'); 331 break; 332 case 'delete_debugs': 333 $h->clearCache('debug_logs'); 334 $h->vars['debug_files'] = $h->getFiles(CACHE.'debug_logs'); 335 break; 336 } 337 305 338 // get list of debug logs 306 $h->vars['debug_files'] = $h->getFiles(CACHE . 'debug_logs'); 307 } 308 309 339 $h->vars['debug_files'] = $h->getFiles(CACHE.'debug_logs'); 340 } 341 310 342 /** 311 343 * List all plugins with settings … … 315 347 public function listPluginSettings($h) 316 348 { 349 $sql = "SELECT DISTINCT plugin_folder FROM ".TABLE_PLUGINSETTINGS; 350 $results = $h->db->get_results($h->db->prepare($sql)); 351 352 if (!$results) { 353 return false; 354 } 355 317 356 $plugin_settings = array(); 318 $sql = "SELECT DISTINCT plugin_folder FROM " . DB_PREFIX . "pluginsettings"; 319 $results = $h->db->get_results($h->db->prepare($sql)); 320 321 if (!$results) { return false; } 322 357 323 358 foreach ($results as $item) { 324 359 array_push($plugin_settings, $item->plugin_folder); 325 360 } 326 361 327 362 return $plugin_settings; 328 363 } 329 330 364 331 365 /** 332 366 * List all created tables - used for emtying tables in Maintenance … … 337 371 { 338 372 $db_tables = array(); 339 373 340 374 if ($exclude_tables) { 341 375 $exclude = array( … … 356 390 357 391 $h->db->selectDB(DB_NAME); 358 359 if (!$h->db->get_col("SHOW TABLES",0)) { return $db_tables; } 360 361 foreach ( $h->db->get_col("SHOW TABLES",0) as $table_name ) 362 { 392 393 if (!$h->db->get_col("SHOW TABLES", 0)) { 394 return $db_tables; 395 } 396 397 foreach ($h->db->get_col("SHOW TABLES", 0) as $table_name) { 363 398 if ($exclude_tables) { 364 399 if (!in_array($table_name, $exclude)) { … … 369 404 } 370 405 } 371 406 372 407 return $db_tables; 373 408 } 374 375 376 /* ************************************************************* 377 * 378 * BLOCKED PAGE 379 * 380 * *********************************************************** */ 381 382 409 410 /************************************************************** 411 * 412 * BLOCKED PAGE 413 * 414 *************************************************************/ 415 383 416 /** 384 417 * Determine and respond to actions from the Blocked list … … 386 419 public function blocked($h) 387 420 { 388 require_once(LIBS . 'Blocked.php');389 421 $blocked = new Blocked(); 390 422 $blocked_items = $blocked->buildBlockedList($h); 391 423 392 424 return $blocked_items; 393 425 } 394 395 396 /* ************************************************************* 397 * 398 * PLUGIN MANAGEMENT PAGE 399 * 400 * *********************************************************** */ 401 402 403 /** 426 427 /* * ************************************************************ 428 * 429 * PLUGIN MANAGEMENT PAGE 430 * 431 * *********************************************************** */ 432 433 /** 404 434 * Call functions based on user actions in Plugin Management 405 435 */ … … 408 438 $pfolder = $h->cage->get->testAlnumLines('plugin'); 409 439 $h->plugin->folder = $pfolder; // assign this plugin to Hotaru 410 440 411 441 $action = $h->cage->get->testAlnumLines('action'); 412 442 $order = $h->cage->get->testAlnumLines('order'); 413 443 414 444 $plugman = new PluginManagement(); 415 445 416 446 switch ($action) { 417 case "activate":447 case 'activate': 418 448 $plugman->activateDeactivate($h, 1); 419 449 break; 420 case "deactivate":450 case 'deactivate': 421 451 $plugman->activateDeactivate($h, 0); 422 break; 423 case "activate_all":452 break; 453 case 'activate_all': 424 454 $plugman->activateDeactivateAll($h, 1); 425 455 break; 426 case "deactivate_all":456 case 'deactivate_all': 427 457 $plugman->activateDeactivateAll($h, 0); 428 break; 429 case "uninstall_all":458 break; 459 case 'uninstall_all': 430 460 $plugman->uninstallAll($h); 431 break; 432 case "install":461 break; 462 case 'install': 433 463 $plugman->install($h); 434 464 break; 435 case "uninstall":465 case 'uninstall': 436 466 $plugman->uninstall($h); 437 break; 438 case "orderup":439 $plugman->pluginOrder($h, $order, "up");440 break; 441 case "orderdown":442 $plugman->pluginOrder($h, $order, "down");443 break; 444 case "update":467 break; 468 case 'orderup': 469 $plugman->pluginOrder($h, $order, 'up'); 470 break; 471 case 'orderdown': 472 $plugman->pluginOrder($h, $order, 'down'); 473 break; 474 case 'update': 445 475 $plugman->activateDeactivate($h, 0); 446 476 $plugman->update($h); 447 477 $plugman->activateDeactivate($h, 1); 448 478 break; 449 case "version_check":479 case 'version_check': 450 480 $plugman->versionCheck($h); 451 481 break; 452 default: 453 // nothing to do here... 454 break; 455 } 456 482 } 483 457 484 $plugman->refreshPluginDetails($h); 458 485 459 486 // get and sort all the plugins ready for display: 460 487 $allplugins = $plugman->getPlugins($h); // get plugins 461 488 462 489 $installed_plugins = array_filter($allplugins, array($plugman, 'getInstalledPlugins')); 463 490 $h->vars['installed_plugins'] = sksort($installed_plugins, "order", "int", true); 464 491 465 492 $uninstalled_plugins = array_filter($allplugins, array($plugman, 'getUninstalledPlugins')); 466 493 $h->vars['uninstalled_plugins'] = sksort($uninstalled_plugins, 'name', 'char', true); 467 494 468 495 return true; 469 496 } 497 470 498 } 471 ?> -
branches/1.5/libs/Avatar.php
r2035 r2292 1 1 <?php 2 2 3 /** 3 4 * Avatar class. Plugins that provide avatars should hook into this. … … 37 38 class Avatar 38 39 { 39 public $user_id = 0; 40 public $user_ name = '';41 public $user_ email= '';42 public $ size = 32;43 public $ rating = 'g'; // "global" used by Gravatar44 public $ valid = true;45 46 40 41 public $user_id = 0; 42 public $user_name = ''; 43 public $user_email = ''; 44 public $size = 32; 45 public $rating = 'g'; // "global" used by Gravatar 46 public $valid = true; 47 47 48 /** 48 49 * constructor … … 53 54 * @param $rating avatar rating (g, pg, r or x in Gravatar) 54 55 */ 55 public function __construct($h, $user_id = 0, $size = 32, $rating = 'g') 56 { 57 if (!$user_id) { return false; } 58 56 public function __construct($h, $user_id = 0, $size = 32, $rating = 'g') 57 { 58 if (!$user_id) { 59 return false; 60 } 61 59 62 $this->user_id = $user_id; 60 63 61 64 $user = new UserBase(); 62 65 $user->getUserBasic($h, $this->user_id); 63 66 $this->user_email = $user->email; 64 67 $this->user_name = $user->name; 65 68 66 69 $this->size = $size; 67 70 $this->rating = $rating; 68 71 69 72 $this->setVars($h); 70 73 } 71 72 74 73 75 /** 74 76 * Add Avatar properties to a vars array for plugins to use … … 77 79 { 78 80 $vars = array( 79 'user_id' =>$this->user_id,80 'user_name' =>$this->user_name,81 'user_email' =>$this->user_email,82 'size' =>$this->size,83 'rating' =>$this->rating84 85 81 'user_id' => $this->user_id, 82 'user_name' => $this->user_name, 83 'user_email' => $this->user_email, 84 'size' => $this->size, 85 'rating' => $this->rating 86 ); 87 86 88 $h->pluginHook('avatar_set_avatar', '', $vars); 87 89 } 88 89 90 90 91 /** 91 92 * test the avatar to see if it's valid … … 95 96 public function testAvatar($h) 96 97 { 97 if (!$this->user_id) { return false; } 98 98 if (!$this->user_id) { 99 return false; 100 } 101 99 102 $result = $h->pluginHook('avatar_test_avatar'); 100 103 101 104 if (!$result) { 102 105 $this->valid = false; 103 106 return false; 104 } 105 107 } 108 106 109 $this->valid = true; 107 110 return $result[key($result)]; // returns the result (i.e. Gravatar url in the case of Gravatar) 108 109 } 110 111 111 } 112 112 113 /** 113 114 * get the plain avatar with no surrounding HTML div … … 117 118 public function getAvatar($h) 118 119 { 119 if (!$this->user_id) { return false; } 120 120 if (!$this->user_id) { 121 return false; 122 } 123 121 124 $result = $h->pluginHook('avatar_get_avatar'); 122 125 if ($result) { … … 126 129 return $avatar; // returns the last avatar sent to this hook 127 130 } 128 131 129 132 return false; 130 133 } 131 132 134 133 135 /** 134 136 * option to display the avatar linked to ther user's profile (image obtained from plugin) … … 136 138 public function linkAvatar($h) 137 139 { 138 if (!$this->user_id) { return false; } 139 140 $output = "<a href='" . $h->url(array('user' => $this->user_name)) . "' title='" . $this->user_name . "'>"; 140 if (!$this->user_id) { 141 return false; 142 } 143 144 $output = '<a href="'.$h->url(array('user' => $this->user_name)).'" title="'.$this->user_name.'">'; 141 145 $result = $h->pluginHook('avatar_get_avatar'); 142 146 if ($result) { … … 149 153 return $output; 150 154 } 151 152 155 153 156 /** 154 157 * option to display the profile-linked avatar wrapped in a div (image obtained from plugin) … … 156 159 public function wrapAvatar($h) 157 160 { 158 if (!$this->user_id) { return false; } 159 161 if (!$this->user_id) { 162 return false; 163 } 164 160 165 $output = "<div class='avatar_wrapper'>"; 161 $output .= "<a href='" . $h->url(array('user' => $this->user_name)) . "' title='" . $this->user_name ."'>";166 $output .= "<a href='".$h->url(array('user' => $this->user_name))."' title='".$this->user_name."'>"; 162 167 $result = $h->pluginHook('avatar_get_avatar'); 163 168 if ($result) { … … 171 176 return $output; 172 177 } 173 174 178 175 179 /** 176 180 * option to display the avatar linked to ther user's profile (image already set) … … 178 182 public function linkAvatarImage($h, $avatar_image = '') 179 183 { 180 if (!$this->user_id) { return false; } 181 182 $output = "<a href='" . $h->url(array('user' => $this->user_name)) . "' title='" . $this->user_name . "'>"; 184 if (!$this->user_id) { 185 return false; 186 } 187 188 $output = "<a href='".$h->url(array('user' => $this->user_name))."' title='".$this->user_name."'>"; 183 189 $output .= $avatar_image; // avatar in img tags 184 190 $output .= "</a>"; 185 191 return $output; 186 192 } 187 188 193 189 194 /** 190 195 * option to display the profile-linked avatar wrapped in a div (image already set) … … 192 197 public function wrapAvatarImage($h, $avatar_image = '') 193 198 { 194 if (!$this->user_id) { return false; } 195 199 if (!$this->user_id) { 200 return false; 201 } 202 196 203 $output = "<div class='avatar_wrapper'>"; 197 $output .= "<a href='" . $h->url(array('user' => $this->user_name)) . "' title='" . $this->user_name ."'>";204 $output .= "<a href='".$h->url(array('user' => $this->user_name))."' title='".$this->user_name."'>"; 198 205 $output .= $avatar_image; // avatar in img tags 199 206 $output .= "</a>"; … … 201 208 return $output; 202 209 } 210 203 211 } 204 ?> -
branches/1.5/libs/Comment.php
r2168 r2292 24 24 * @link http://www.hotarucms.org/ 25 25 */ 26 27 26 class Comment 28 27 { 29 protected $id = 0; 30 protected $parent = 0; 31 protected $postId = 0; 32 protected $author = 0; 33 protected $date = ''; 34 protected $status = 'approved'; 35 protected $votes_up = 0; 36 protected $votes_down = 0; 37 protected $content = ''; 38 protected $type = 'newcomment'; // or "editcomment" 39 protected $subscribe = 0; 40 protected $levels = 0; // max nesting levels 41 protected $depth = 0; // this nesting level 42 protected $email = ''; 28 29 protected $id = 0; 30 protected $parent = 0; 31 protected $postId = 0; 32 protected $author = 0; 33 protected $date = ''; 34 protected $status = 'approved'; 35 protected $votes_up = 0; 36 protected $votes_down = 0; 37 protected $content = ''; 38 protected $type = 'newcomment'; // or "editcomment" 39 protected $subscribe = 0; 40 protected $levels = 0; // max nesting levels 41 protected $depth = 0; // this nesting level 42 protected $email = ''; 43 43 protected $allowableTags = ''; 44 44 protected $itemsPerPage = 20; 45 protected $pagination = ''; 46 protected $thisForm = ''; 47 protected $allForms = 'checked'; 48 protected $avatars = ''; 49 protected $avatarSize = 16; 50 protected $voting = ''; 51 protected $order = 'asc'; // oldest comments first 52 53 45 protected $pagination = ''; 46 protected $thisForm = ''; 47 protected $allForms = 'checked'; 48 protected $avatars = ''; 49 protected $avatarSize = 16; 50 protected $voting = ''; 51 protected $order = 'asc'; // oldest comments first 52 54 53 /** 55 54 * Access modifier to set protected properties … … 57 56 public function __set($var, $val) 58 57 { 59 $this->$var = $val; 60 } 61 62 58 $this->$var = $val; 59 } 60 63 61 /** 64 62 * Access modifier to get protected properties … … 68 66 return $this->$var; 69 67 } 70 71 68 72 69 /** 73 70 * Count comments … … 79 76 function countComments($h, $digits_only = true, $no_comments_text = '') 80 77 { 81 $sql = "SELECT COUNT(comment_id) FROM " . TABLE_COMMENTS ." WHERE comment_post_id = %d AND comment_status = %s";78 $sql = "SELECT COUNT(comment_id) FROM ".TABLE_COMMENTS." WHERE comment_post_id = %d AND comment_status = %s"; 82 79 $query = $h->db->prepare($sql, $h->post->id, 'approved'); 83 80 84 81 $h->smartCache('on', 'comments', 60, $query); // start using cache 85 82 $num_comments = $h->db->get_var($query); 86 83 $h->smartCache('off'); // stop using cache 87 88 if ($digits_only) { return $num_comments; } // just return the number 89 84 85 if ($digits_only) { 86 return $num_comments; 87 } // just return the number 88 90 89 if ($num_comments == 1) { 91 return "1 " .$h->lang['comments_singular_link'];90 return "1 ".$h->lang['comments_singular_link']; 92 91 } elseif ($num_comments > 1) { 93 return $num_comments . " " .$h->lang['comments_plural_link'];94 } 95 92 return $num_comments." ".$h->lang['comments_plural_link']; 93 } 94 96 95 return $no_comments_text; // shows "Leave a comment" above comment form when no comments 97 96 } 98 99 97 100 98 /** 101 99 * Count all user comments … … 106 104 function countUserComments($h, $user_id = 0) 107 105 { 108 if (!$user_id) { $user_id = $h->currentUser->id; } 109 110 $sql = "SELECT COUNT(comment_id) FROM " . TABLE_COMMENTS . " WHERE comment_user_id = %d AND comment_status = %s"; 111 $query = $h->db->prepare($sql, $user_id , 'approved'); 112 106 if (!$user_id) { 107 $user_id = $h->currentUser->id; 108 } 109 110 $sql = "SELECT COUNT(comment_id) FROM ".TABLE_COMMENTS." WHERE comment_user_id = %d AND comment_status = %s"; 111 $query = $h->db->prepare($sql, $user_id, 'approved'); 112 113 113 $h->smartCache('on', 'comments', 60, $query); // start using cache 114 114 $num_comments = $h->db->get_var($query); 115 115 $h->smartCache('off'); // stop using cache 116 117 return $num_comments; 118 } 119 120 116 117 return $num_comments; 118 } 119 121 120 /** 122 121 * Read all comment parents … … 127 126 function readAllParents($h, $post_id, $order = "ASC") 128 127 { 129 $sql = "SELECT * FROM " . TABLE_COMMENTS . " WHERE comment_post_id = %d AND comment_parent = %d AND comment_status = %s ORDER BY comment_date " .$order;128 $sql = "SELECT * FROM ".TABLE_COMMENTS." WHERE comment_post_id = %d AND comment_parent = %d AND comment_status = %s ORDER BY comment_date ".$order; 130 129 $query = $h->db->prepare($sql, $post_id, 0, 'approved'); 131 130 132 131 $h->smartCache('on', 'comments', 60, $query); // start using cache 133 132 $parents = $h->db->get_results($query); 134 133 $h->smartCache('off'); // stop using cache 135 136 if($parents) { return $parents; } else { return false; } 137 } 138 139 134 135 if ($parents) { 136 return $parents; 137 } 138 return false; 139 } 140 140 141 /** 141 142 * Read all comment children … … 146 147 function readAllChildren($h, $parent) 147 148 { 149 if(!$parent){ 150 return FALSE; 151 } 148 152 $fields = "comment_id, comment_post_id, comment_user_id, comment_parent, comment_date, comment_status, comment_content, comment_votes_up, comment_votes_down, comment_subscribe"; 149 150 $sql = "SELECT " . $fields . " FROM " . TABLE_COMMENTS ." WHERE comment_parent = %d AND comment_status = %s ORDER BY comment_date";153 154 $sql = "SELECT ".$fields." FROM ".TABLE_COMMENTS." WHERE comment_parent = %d AND comment_status = %s ORDER BY comment_date"; 151 155 $query = $h->db->prepare($sql, $parent, 'approved'); 152 156 153 157 $h->smartCache('on', 'comments', 60, $query); // start using cache 154 158 $children = $h->db->get_results($query); 155 159 $h->smartCache('off'); // stop using cache 156 157 if($children) { return $children; } else { return false; } 158 } 159 160 160 161 if ($children) { 162 return $children; 163 } 164 return false; 165 } 166 161 167 /** 162 168 * Get comment from database … … 167 173 function getComment($h, $comment_id = 0) 168 174 { 169 $sql = "SELECT * FROM " . TABLE_COMMENTS ." WHERE comment_id = %d";175 $sql = "SELECT * FROM ".TABLE_COMMENTS." WHERE comment_id = %d"; 170 176 $query = $h->db->prepare($sql, $comment_id); 171 177 172 178 $h->smartCache('on', 'comments', 60, $query); // start using cache 173 179 $comment = $h->db->get_row($query); 174 180 $h->smartCache('off'); // stop using cache 175 176 if($comment) { return $comment; } else { return false; } 177 } 178 179 181 182 if ($comment) { 183 return $comment; 184 } 185 return false; 186 } 187 180 188 /** 181 189 * Get all comments from database … … 187 195 { 188 196 // limiting is used in the rssFeed function. Other than that, pagination does limiting for us. 189 if(!$limit) { $limit = ''; } else { $limit = " LIMIT " .$limit; }190 197 $limit = ($limit) ? " LIMIT ".$limit : ''; 198 191 199 if ($post_id) { 192 200 // get all comments from specified post 193 $sql = "SELECT * FROM " . TABLE_COMMENTS . " WHERE comment_post_id = %d AND comment_status = %s ORDER BY comment_date " .$order;201 $sql = "SELECT * FROM ".TABLE_COMMENTS." WHERE comment_post_id = %d AND comment_status = %s ORDER BY comment_date ".$order; 194 202 $query = $h->db->prepare($sql, $post_id, 'approved'); 195 203 $h->smartCache('on', 'comments', 60, $query); // start using cache … … 197 205 } else { 198 206 // get all comments 199 if ($userid) { 200 $sql = "SELECT * FROM " . TABLE_COMMENTS . " WHERE comment_archived = %s AND comment_status = %s AND comment_user_id = %d ORDER BY comment_date " . $order .$limit;207 if ($userid) { 208 $sql = "SELECT * FROM ".TABLE_COMMENTS." WHERE comment_archived = %s AND comment_status = %s AND comment_user_id = %d ORDER BY comment_date ".$order.$limit; 201 209 $query = $h->db->prepare($sql, 'N', 'approved', $userid); 202 210 $h->smartCache('on', 'comments', 60, $query); // start using cache 203 211 $comments = $h->db->get_results($query); 204 212 } else { 205 $sql = "SELECT * FROM " . TABLE_COMMENTS . " WHERE comment_archived = %s AND comment_status = %s ORDER BY comment_date " . $order .$limit;213 $sql = "SELECT * FROM ".TABLE_COMMENTS." WHERE comment_archived = %s AND comment_status = %s ORDER BY comment_date ".$order.$limit; 206 214 $query = $h->db->prepare($sql, 'N', 'approved'); 207 $h->smartCache('on', 'comments', 60, $query 208 $comments = $h->db->get_results($query 215 $h->smartCache('on', 'comments', 60, $query); // start using cache 216 $comments = $h->db->get_results($query); 209 217 } 210 218 } 211 219 $h->smartCache('off'); // stop using cache 212 213 if($comments) { return $comments; } else { return false; } 214 } 215 216 220 221 if ($comments) { 222 return $comments; 223 } 224 return false; 225 } 226 217 227 /** 218 228 * Get all comments from database … … 224 234 { 225 235 // get all comments 226 if ($userid) { 227 $sql = "SELECT count(*) AS number FROM " . TABLE_COMMENTS . " WHERE comment_archived = %s AND comment_status = %s AND comment_user_id = %d ORDER BY comment_date " .$order;236 if ($userid) { 237 $sql = "SELECT count(*) AS number FROM ".TABLE_COMMENTS." WHERE comment_archived = %s AND comment_status = %s AND comment_user_id = %d ORDER BY comment_date ".$order; 228 238 $query = $h->db->prepare($sql, 'N', 'approved', $userid); 229 239 $h->smartCache('on', 'comments', 60, $query); // start using cache 230 240 $comment_count = $h->db->get_var($query); 231 241 } else { 232 $sql = "SELECT count(*) AS number FROM " . TABLE_COMMENTS . " WHERE comment_archived = %s AND comment_status = %s ORDER BY comment_date " .$order;242 $sql = "SELECT count(*) AS number FROM ".TABLE_COMMENTS." WHERE comment_archived = %s AND comment_status = %s ORDER BY comment_date ".$order; 233 243 $query = $h->db->prepare($sql, 'N', 'approved'); 234 244 $h->smartCache('on', 'comments', 60, $query); // start using cache … … 236 246 } 237 247 $h->smartCache('off'); // stop using cache 238 239 if($comment_count) { return $comment_count; } else { return false; } 240 } 241 242 248 249 if ($comment_count) { 250 return $comment_count; 251 } 252 return false; 253 } 254 243 255 /** 244 256 * Get all comments from database … … 250 262 { 251 263 // get all comments 252 if ($userid) { 253 $sql = "SELECT * FROM " . TABLE_COMMENTS . " WHERE comment_status = %s AND comment_user_id = %d ORDER BY comment_date " .$order;264 if ($userid) { 265 $sql = "SELECT * FROM ".TABLE_COMMENTS." WHERE comment_status = %s AND comment_user_id = %d ORDER BY comment_date ".$order; 254 266 $query = $h->db->prepare($sql, 'approved', $userid); 255 267 } else { 256 $sql = "SELECT * FROM " . TABLE_COMMENTS . " WHERE comment_status = %s ORDER BY comment_date " .$order;268 $sql = "SELECT * FROM ".TABLE_COMMENTS." WHERE comment_status = %s ORDER BY comment_date ".$order; 257 269 $query = $h->db->prepare($sql, 'approved'); 258 270 } 259 260 if($query) { return $query; } else { return false; } 261 } 262 263 271 272 if ($query) { 273 return $query; 274 } 275 return false; 276 } 277 264 278 /** 265 279 * Read comment … … 269 283 function readComment($h, $comment = array()) 270 284 { 285 271 286 $this->id = $comment->comment_id; 272 287 $this->parent = $comment->comment_parent; … … 279 294 $this->content = urldecode($comment->comment_content); 280 295 $this->subscribe = $comment->comment_subscribe; 281 296 282 297 $h->pluginHook('comment_read_comment'); 283 298 284 299 return $this; 285 300 } 286 287 301 288 302 /** 289 303 * Add comment … … 293 307 function addComment($h) 294 308 { 295 $sql = "INSERT INTO " . TABLE_COMMENTS ." SET comment_post_id = %d, comment_user_id = %d, comment_parent = %d, comment_date = CURRENT_TIMESTAMP, comment_status = %s, comment_content = %s, comment_subscribe = %d, comment_updateby = %d";296 309 $sql = "INSERT INTO ".TABLE_COMMENTS." SET comment_post_id = %d, comment_user_id = %d, comment_parent = %d, comment_date = CURRENT_TIMESTAMP, comment_status = %s, comment_content = %s, comment_subscribe = %d, comment_updateby = %d"; 310 297 311 $h->db->query($h->db->prepare($sql, $this->postId, $this->author, $this->parent, $this->status, urlencode(trim(stripslashes($this->content))), $this->subscribe, $h->currentUser->id)); 298 312 299 313 $last_insert_id = $h->db->get_var($h->db->prepare("SELECT LAST_INSERT_ID()")); 300 314 301 315 $this->id = $last_insert_id; 302 $h->vars['last_insert_id'] = $last_insert_id; 303 316 $h->vars['last_insert_id'] = $last_insert_id; // make it available outside this class 317 304 318 $h->pluginHook('comment_post_add_comment'); 305 319 } 306 320 307 308 321 /** 309 322 * Edit comment … … 313 326 function editComment($h) 314 327 { 315 $sql = "UPDATE " . TABLE_COMMENTS ." SET comment_status = %s, comment_content = %s, comment_subscribe = %d, comment_updateby = %d WHERE comment_id = %d";328 $sql = "UPDATE ".TABLE_COMMENTS." SET comment_status = %s, comment_content = %s, comment_subscribe = %d, comment_updateby = %d WHERE comment_id = %d"; 316 329 $h->db->query($h->db->prepare($sql, $this->status, urlencode(trim(stripslashes($this->content))), $this->subscribe, $h->currentUser->id, $this->id)); 317 330 318 331 $h->comment->id = $this->id; // a small hack to get the id for use in plugins. 319 332 $h->pluginHook('comment_update_comment'); 320 333 321 334 return true; 322 335 } 323 324 336 325 337 /** 326 338 * Physically delete a comment from the database 327 339 * 328 */ 340 */ 329 341 public function deleteComment($h, $comment_id = 0) 330 342 { 331 if (!$comment_id) { $comment_id = $this->id; } 332 if (!$comment_id) { return false; } 333 334 $sql = "DELETE FROM " . TABLE_COMMENTS . " WHERE comment_id = %d"; 343 if (!$comment_id) { 344 $comment_id = $this->id; 345 } 346 if (!$comment_id) { 347 return false; 348 } 349 350 $sql = "DELETE FROM ".TABLE_COMMENTS." WHERE comment_id = %d"; 335 351 $h->db->query($h->db->prepare($sql, $comment_id)); 336 352 337 353 // delete any votes for this comment 338 $sql = "DELETE FROM " . TABLE_COMMENTVOTES ." WHERE cvote_comment_id = %d";354 $sql = "DELETE FROM ".TABLE_COMMENTVOTES." WHERE cvote_comment_id = %d"; 339 355 $h->db->query($h->db->prepare($sql, $this->id)); 340 356 341 357 $h->comment->id = $comment_id; // a small hack to get the id for use in plugins. 342 358 $h->pluginHook('comment_delete_comment'); 343 359 344 360 // Need to clear both these caches to be sure related items are updated in widgets, etc.: 345 $h->clearCache('html_cache', false); 346 $h->clearCache('db_cache', false); 347 } 348 349 361 $h->clearCache('html_cache', false); 362 $h->clearCache('db_cache', false); 363 } 364 350 365 /** 351 366 * Physically delete all comments by a specified user (and responses) … … 354 369 * @return bool 355 370 */ 356 public function deleteComments($h, $user_id = 0) 357 { 358 if (!$user_id) { return false; } 359 360 $sql = "SELECT comment_id FROM " . DB_PREFIX . "comments WHERE comment_user_id = %d"; 371 public function deleteComments($h, $user_id = 0) 372 { 373 if (!$user_id) { 374 return false; 375 } 376 377 $sql = "SELECT comment_id FROM ".TABLE_COMMENTS." WHERE comment_user_id = %d"; 361 378 $results = $h->db->get_results($h->db->prepare($sql, $user_id)); 362 379 363 380 if ($results) { 364 381 foreach ($results as $r) { 365 382 $h->comment->id = $r->comment_id; // used by other plugins in "comment_delete_comment" function/hook 366 $this->deleteComment($h, $h->comment->id); 383 $this->deleteComment($h, $h->comment->id); // delete parent comment 367 384 $this->deleteCommentTree($h, $h->comment->id); // delete all children of that comment regardless of user 368 385 } 369 386 } 370 387 371 388 return true; 372 389 } 373 374 390 375 391 /** 376 392 * Recurse through comment tree, deleting all … … 389 405 } 390 406 } 391 407 392 408 return false; 393 409 } 394 410 } 395 396 411 397 412 /** 398 413 * Recurse through comment tree, setting all to 'pending' … … 412 427 } 413 428 } 414 429 415 430 return false; 416 431 } 417 432 } 418 419 433 420 434 /** 421 435 * Determine if the comment form is open or closed … … 427 441 { 428 442 if ($type == 'select') { 429 $sql = "SELECT post_comments FROM " . TABLE_POSTS ." WHERE post_id = %d";443 $sql = "SELECT post_comments FROM ".TABLE_POSTS." WHERE post_id = %d"; 430 444 $form_status = $h->db->get_var($h->db->prepare($sql, $h->post->id)); 431 432 if ($form_status) { return $form_status; } else { return 'open'; } // default 'open' 433 } 434 445 446 if ($form_status) { 447 return $form_status; 448 } else { 449 return 'open'; 450 } // default 'open' 451 } 452 435 453 if ($type == 'open' || $type == 'closed') { 436 454 $h->comment->form = $type; 437 $sql = "UPDATE " . TABLE_POSTS ." SET post_comments = %s WHERE post_id = %d";455 $sql = "UPDATE ".TABLE_POSTS." SET post_comments = %s WHERE post_id = %d"; 438 456 $h->db->query($h->db->prepare($sql, $type, $h->post->id)); 439 457 } 440 458 } 441 442 459 443 460 /** 444 461 * Unsubscribe from a thread … … 450 467 { 451 468 $h->readPost($post_id); 452 453 $sql = "UPDATE " . TABLE_COMMENTS ." SET comment_subscribe = %d WHERE comment_post_id = %d AND comment_user_id = %d";469 470 $sql = "UPDATE ".TABLE_COMMENTS." SET comment_subscribe = %d WHERE comment_post_id = %d AND comment_user_id = %d"; 454 471 $h->db->query($h->db->prepare($sql, 0, $h->post->id, $h->currentUser->id)); 455 472 456 473 // Check if the currentUser is the post author 457 474 if ($h->post->author == $h->currentUser->id) { 458 // Check if the user subscribed to comments as a submitter459 if ($h->post->subscribe == 1) { 460 $sql = "UPDATE " . TABLE_POSTS ." SET post_subscribe = %d WHERE post_id = %d AND post_author = %d";475 // Check if the user subscribed to comments as a submitter 476 if ($h->post->subscribe == 1) { 477 $sql = "UPDATE ".TABLE_POSTS." SET post_subscribe = %d WHERE post_id = %d AND post_author = %d"; 461 478 $h->db->query($h->db->prepare($sql, 0, $h->post->id, $h->currentUser->id)); 462 } 479 } 463 480 } 464 481 return true; 465 482 } 466 467 483 468 484 /** 469 485 * Update thread subscription … … 474 490 function updateSubscribe($h, $post_id) 475 491 { 476 if ($this->subscribe == 1) 477 { 478 $sql = "UPDATE " . TABLE_COMMENTS . " SET comment_subscribe = %d WHERE comment_post_id = %d AND comment_user_id = %d"; 492 if ($this->subscribe == 1) { 493 $sql = "UPDATE ".TABLE_COMMENTS." SET comment_subscribe = %d WHERE comment_post_id = %d AND comment_user_id = %d"; 479 494 $h->db->query($h->db->prepare($sql, 1, $h->post->id, $h->currentUser->id)); 480 } 481 else 482 { 495 } else { 483 496 $this->unsubscribe($h, $post_id); 484 497 } 485 498 } 486 487 499 488 500 /** 489 501 * Count how many approved comments a user has had … … 494 506 public function commentsApproved($h, $userid) 495 507 { 496 $sql = "SELECT COUNT(*) FROM " . TABLE_COMMENTS ." WHERE comment_status = %s AND comment_user_id = %d";508 $sql = "SELECT COUNT(*) FROM ".TABLE_COMMENTS." WHERE comment_status = %s AND comment_user_id = %d"; 497 509 $query = $h->db->prepare($sql, 'approved', $userid); 498 510 499 511 $h->smartCache('on', 'comments', 60, $query); // start using cache 500 512 $count = $h->db->get_var($query); 501 513 $h->smartCache('off'); // stop using cache 502 514 503 515 return $count; 504 516 } 505 506 517 507 518 /** 508 519 * Count daily comments for this commenter … … 514 525 $start = date('YmdHis', time_block()); 515 526 $end = date('YmdHis', strtotime("-1 day")); 516 $sql = "SELECT COUNT(comment_id) FROM " . TABLE_COMMENTS ." WHERE comment_archived = %s AND comment_user_id = %d AND (comment_date >= %s AND comment_date <= %s)";527 $sql = "SELECT COUNT(comment_id) FROM ".TABLE_COMMENTS." WHERE comment_archived = %s AND comment_user_id = %d AND (comment_date >= %s AND comment_date <= %s)"; 517 528 $query = $h->db->prepare($sql, 'N', $this->author, $end, $start); 518 529 519 530 $h->smartCache('on', 'comments', 60, $query); // start using cache 520 531 $count = $h->db->get_var($query); 521 532 $h->smartCache('off'); // stop using cache 522 533 523 534 return $count; 524 535 } 525 526 536 527 537 /** 528 538 * Count urls in comment … … 534 544 { 535 545 $text = $this->content; 536 546 537 547 //$http = substr_count($text, "http"); 538 548 $href = substr_count($text, "href"); 539 549 $url = substr_count($text, "[url"); 540 550 541 551 return $href + $url; 542 552 } 543 544 553 545 554 /** 546 555 * Stats for Admin homepage … … 550 559 */ 551 560 public function stats($h, $stat_type = '') 552 { 561 { 553 562 switch ($stat_type) { 554 default:555 $sql = "SELECT comment_status, count(comment_id) FROM " . TABLE_COMMENTS . " GROUP BY comment_status";556 $query = $h->db->prepare($sql);557 $h->smartCache('on', 'comments', 60, $query); // start using cache558 $comments = $h->db->get_results($query, 'ARRAY_N');559 break;560 case 'archived':561 $sql = "SELECT count(comment_id) FROM " . TABLE_COMMENTS . " WHERE comment_archived = %s";562 $query = $h->db->prepare($sql, 'Y');563 $h->smartCache('on', 'comments', 60, $query); // start using cache564 $comments = $h->db->get_var($query);565 break;563 case 'archived': 564 $sql = "SELECT count(comment_id) FROM ".TABLE_COMMENTS." WHERE comment_archived = %s"; 565 $query = $h->db->prepare($sql, 'Y'); 566 $h->smartCache('on', 'comments', 60, $query); // start using cache 567 $comments = $h->db->get_var($query); 568 break; 569 default: 570 $sql = "SELECT comment_status, count(comment_id) FROM ".TABLE_COMMENTS." GROUP BY comment_status"; 571 $query = $h->db->prepare($sql); 572 $h->smartCache('on', 'comments', 60, $query); // start using cache 573 $comments = $h->db->get_results($query, 'ARRAY_N'); 574 break; 566 575 } 567 576 … … 569 578 570 579 return $comments; 571 572 } 580 } 581 573 582 } 574 ?> -
branches/1.5/libs/Database.php
r2285 r2292 307 307 // Extract var out of cached results based col,row vals 308 308 if ($this->last_result[$row]) { 309 unset($this->last_result['CLASSNAME']); 309 310 $values = array_values(get_object_vars($this->last_result[$row])); 310 311 } -
branches/1.5/libs/Debug.php
r2255 r2292 1 1 <?php 2 2 3 /** 3 4 * Debugging functions … … 24 25 * @link http://www.hotarucms.org/ 25 26 */ 26 class Debug { 27 class Debug 28 { 27 29 28 30 /** … … 75 77 } 76 78 77 if(!file_exists($filename)) 78 { 79 if (!file_exists($filename)) { 79 80 file_put_contents($filename, "<?php die();?>\n"); 80 81 } -
branches/1.5/libs/EmailFunctions.php
r2276 r2292 25 25 * @link http://www.hotarucms.org/ 26 26 */ 27 class EmailFunctions { 27 class EmailFunctions 28 { 28 29 29 30 /** … … 88 89 switch ($type) { 89 90 case 'log': 90 require_once(LIBS.'Debug.php'); 91 $content = $headers."\n".$to."\n".$subject."\n".$body."\n\n"; 92 $content .= "**************************************************************\n\n"; 93 Debug::log('email_log', $content); 91 Debug::log('email_log', $headers."\n".$to."\n".$subject."\n".$body."\n\n**************************************************************\n\n"); 94 92 break; 95 93 case 'screen': … … 112 110 break; 113 111 default: 114 if (SMTP == 'true') { 115 // Only create a new smtp object if we don't already have one: 116 require_once "Mail.php"; 117 $smtp = Mail::factory('smtp', array( 118 'host' => SMTP_HOST, 119 'port' => SMTP_PORT, 120 'auth' => TRUE, 121 'username' => SMTP_USERNAME, 122 'password' => SMTP_PASSWORD 123 )); 112 if (SMTP != 'true') { 113 return mail($to, $subject, $body, $headers); 114 } 124 115 125 $mail = $smtp->send($to, $headers, $body); 116 // Only create a new smtp object if we don't already have one: 117 require_once "Mail.php"; 118 $smtp = Mail::factory('smtp', array( 119 'host' => SMTP_HOST, 120 'port' => SMTP_PORT, 121 'auth' => TRUE, 122 'username' => SMTP_USERNAME, 123 'password' => SMTP_PASSWORD 124 )); 126 125 127 if (PEAR::isError($mail)) { 128 echo("<p>".$mail->getMessage()."</p>"); 129 exit; 130 } 131 } else { 132 $sentmail = mail($to, $subject, $body, $headers); 126 $mail = $smtp->send($to, $headers, $body); 127 if (PEAR::isError($mail)) { 128 echo("<p>".$mail->getMessage()."</p>"); 129 exit; 133 130 } 134 131 } … … 136 133 137 134 } 138 139 ?> -
branches/1.5/libs/Initialize.php
r2257 r2292 112 112 // define database tables 113 113 $tableConstants = array( 114 "TABLE_BLOCKED" => "blocked",115 "TABLE_CATEGORIES" => "categories",116 "TABLE_COMMENTS" => "comments",117 "TABLE_COMMENTVOTES" => "commentvotes",118 "TABLE_FRIENDS" => "friends",119 "TABLE_MESSAGING" => "messaging",120 "TABLE_MISCDATA" => "miscdata",121 "TABLE_PLUGINS" => "plugins",122 "TABLE_PLUGINHOOKS" => "pluginhooks",123 "TABLE_PLUGINSETTINGS" => "pluginsettings",124 "TABLE_POSTS" => "posts",125 "TABLE_POSTMETA" => "postmeta",126 "TABLE_POSTVOTES" => "postvotes",127 "TABLE_SETTINGS" => "settings",128 "TABLE_TAGS" => "tags",129 "TABLE_TEMPDATA" => "tempdata",130 "TABLE_USERS" => "users",131 "TABLE_USERMETA" => "usermeta",132 "TABLE_USERACTIVITY" => "useractivity",133 "TABLE_WIDGETS" => "widgets"114 'TABLE_BLOCKED' => 'blocked', 115 'TABLE_CATEGORIES' => 'categories', 116 'TABLE_COMMENTS' => 'comments', 117 'TABLE_FRIENDS' => 'friends', 118 'TABLE_MESSAGING' => 'messaging', 119 'TABLE_MISCDATA' => 'miscdata', 120 'TABLE_PLUGINS' => 'plugins', 121 'TABLE_PLUGINHOOKS' => 'pluginhooks', 122 'TABLE_PLUGINSETTINGS' => 'pluginsettings', 123 'TABLE_POSTS' => 'posts', 124 'TABLE_POSTMETA' => 'postmeta', 125 'TABLE_POSTVOTES' => 'postvotes', 126 'TABLE_SETTINGS' => 'settings', 127 'TABLE_TAGS' => 'tags', 128 'TABLE_TEMPDATA' => 'tempdata', 129 'TABLE_USERS' => 'users', 130 'TABLE_USERMETA' => 'usermeta', 131 'TABLE_USERACTIVITY' => 'useractivity', 132 'TABLE_WIDGETS' => 'widgets', 133 'TABLE_TOKENS' => 'tokens' 134 134 ); 135 136 135 foreach ($tableConstants as $key => $value) { 137 136 if (!defined($key)) { -
branches/1.5/libs/InspektExtras.php
r2191 r2292 24 24 * @link http://www.hotarucms.org/ 25 25 */ 26 27 require_once(EXTENSIONS . 'Inspekt/Inspekt/AccessorAbstract.php'); 28 29 class testAlnumLines extends AccessorAbstract 26 require_once(EXTENSIONS.'Inspekt/Inspekt/AccessorAbstract.php'); 27 28 class testAlnumLines extends AccessorAbstract 30 29 { 30 31 31 /** 32 * a function to test for chars, digits, underscores and dashes.33 *34 * @return bool35 */32 * a function to test for chars, digits, underscores and dashes. 33 * 34 * @return bool 35 */ 36 36 protected function inspekt($val) 37 37 { … … 42 42 } 43 43 } 44 44 45 } 45 46 46 47 47 class testPage extends AccessorAbstract 48 48 { 49 49 50 /** 50 * a function to test for a valid pagename51 *52 * @return bool53 */51 * a function to test for a valid pagename 52 * 53 * @return bool 54 */ 54 55 protected function inspekt($val) 55 56 { … … 60 61 } 61 62 } 63 62 64 } 63 64 65 65 66 class testUsername extends AccessorAbstract 66 67 { 68 67 69 /** 68 * a function to test for a valid username69 *70 * @return bool71 */70 * a function to test for a valid username 71 * 72 * @return bool 73 */ 72 74 protected function inspekt($val) 73 75 { … … 78 80 } 79 81 } 82 80 83 } 81 82 84 83 85 class testPassword extends AccessorAbstract 84 86 { 87 85 88 /** 86 * a function to test for a valid password87 *88 * @return bool89 */89 * a function to test for a valid password 90 * 91 * @return bool 92 */ 90 93 protected function inspekt($val) 91 94 { 92 95 if (preg_match('/^([a-z0-9!@*#_-]{8,60})+$/i', $val)) { 93 96 return $val; 94 } else {95 return false;96 97 } 98 return false; 97 99 } 100 98 101 } 99 100 102 101 103 class getFriendlyUrl extends AccessorAbstract 102 104 { 105 103 106 /** 104 * a function to makea url friendly105 *106 * @return string107 */107 * a function to makea url friendly 108 * 109 * @return string 110 */ 108 111 protected function inspekt($val) 109 112 { 110 113 return make_url_friendly($val); 111 114 } 115 112 116 } 113 114 117 115 118 class sanitizeAll extends AccessorAbstract 116 119 { 120 117 121 /** 118 * a function to sanitize a string with htmlentities and strip_tags119 *120 * @return string121 */122 * a function to sanitize a string with htmlentities and strip_tags 123 * 124 * @return string 125 */ 122 126 protected function inspekt($val) 123 127 { 124 128 return sanitize($val, 'all'); 125 129 } 130 126 131 } 127 128 132 129 133 class sanitizeTags extends AccessorAbstract 130 134 { 135 131 136 /** 132 * a function to sanitize a string with strip_tags133 *134 * @return string135 */137 * a function to sanitize a string with strip_tags 138 * 139 * @return string 140 */ 136 141 protected function inspekt($val) 137 142 { 138 143 return sanitize($val, 'tags'); 139 144 } 145 140 146 } 141 147 142 148 class sanitizeEnts extends AccessorAbstract 143 149 { 150 144 151 /** 145 * a function to sanitize with htmlentities146 *147 * @return string148 */152 * a function to sanitize with htmlentities 153 * 154 * @return string 155 */ 149 156 protected function inspekt($val) 150 157 { 151 158 return sanitize($val, 'ents'); 152 159 } 160 153 161 } 154 155 162 156 163 class getHtmLawed extends AccessorAbstract 157 164 { 165 158 166 /** 159 * a function to filter HTML160 *161 * @return string162 */167 * a function to filter HTML 168 * 169 * @return string 170 */ 163 171 protected function inspekt($text) 164 172 { 165 / * make_tag_strict is OFF because we don't want to convert <u>, etc. to css166 otherwise the strip_tags won't be able to allow them when requested in sanitize(). */173 // make_tag_strict is OFF because we don't want to convert <u>, etc. to CSS 174 // otherwise the strip_tags won't be able to allow them when requested in sanitize(). 167 175 $config = array('safe' => 1, 'make_tag_strict' => 0); 168 169 // Allow plugins to alter the value of $config/ 170 // Plugins should return an array, e.g. array('safe' => 1); 171 /* 172 require_once(BASE . 'Hotaru.php'); 173 $h = new Hotaru(); 174 $results = $h->pluginHook('hotaru_inspekt_htmlawed_config'); 175 if (is_array($results)) { 176 foreach ($results as $res) { 177 // THIS LOOKS WEIRD. IT NEEDS A RETHINK /Nick 178 $config = $res; // $config takes on the value returned from the last plugin using this hook. 179 } 180 } 181 */ 182 183 require_once(EXTENSIONS . 'htmLawed/htmLawed.php'); 184 185 if (!get_magic_quotes_gpc()) { 186 return htmLawed($text, $config); 187 } 188 else 189 { 190 return htmLawed(stripslashes($text), $config); 191 } 192 return false; 176 require_once EXTENSIONS.'htmlawed/htmlawed.php'; 177 $text = (!get_magic_quotes_gpc()) ? $text : stripslashes($text); 178 return htmLawed($text, $config); 193 179 } 180 194 181 } 195 196 ?> -
branches/1.5/libs/Maintenance.php
r2055 r2292 1 1 <?php 2 2 3 /** 3 4 * Functions for maintaining the health of Hotaru CMS … … 26 27 class Maintenance 27 28 { 28 /** 29 * System Report is in libs/Debug.php 30 */ 31 32 29 33 30 /** 34 31 * Calls the delete_files function, then displays a message. … … 41 38 { 42 39 // clear language from memory (lang_cache only) 43 if ($folder == 'lang_cache') { $h->lang = array(); } 44 40 if ($folder == 'lang_cache') { 41 $h->lang = array(); 42 } 43 45 44 // go delete the files 46 $success = $this->deleteFiles(CACHE .$folder);47 45 $success = $this->deleteFiles(CACHE.$folder); 46 48 47 // lang_cache only: 49 if ($folder == 'lang_cache') { 48 if ($folder == 'lang_cache') { 50 49 $langObj = new Language(); 51 50 $h->lang = $langObj->includeLanguagePack($h->lang, 'main'); 52 51 $h->lang = $langObj->includeLanguagePack($h->lang, 'admin'); 53 52 } 54 53 55 54 // no need to show a message, return now 56 if (!$msg) { return $success; } 57 55 if (!$msg) { 56 return $success; 57 } 58 58 59 // prepare messages 59 60 if ($success) { … … 62 63 } else { 63 64 $h->message = $h->lang['admin_maintenance_clear_cache_failure']; 64 $h->messageType = 'red'; 65 } 66 65 $h->messageType = 'red'; 66 } 67 67 68 // return boolean result 68 69 return $success; 69 70 } 70 71 71 72 72 /** 73 73 * Remove plugin settings … … 78 78 public function removeSettings($h, $folder, $msg = true) 79 79 { 80 if (!$folder) { $folder = $h->plugin->folder; } 81 $sql = "DELETE FROM " . DB_PREFIX . "pluginsettings WHERE plugin_folder = %s"; 80 if (!$folder) { 81 $folder = $h->plugin->folder; 82 } 83 $sql = "DELETE FROM ".TABLE_PLUGINSETTINGS."pluginsettings WHERE plugin_folder = %s"; 82 84 $h->db->get_results($h->db->prepare($sql, $folder)); 83 85 84 86 if ($msg) { 85 87 $h->message = $h->lang['admin_maintenance_settings_removed']; … … 87 89 } 88 90 } 89 90 91 91 92 /** 92 93 * Deletes rows from pluginsettings that match a given setting or plugin … … 98 99 { 99 100 if ($setting) { 100 $sql = "DELETE FROM " . TABLE_PLUGINSETTINGS ." WHERE plugin_setting = %s";101 $sql = "DELETE FROM ".TABLE_PLUGINSETTINGS." WHERE plugin_setting = %s"; 101 102 $h->db->query($h->db->prepare($sql, $setting)); 102 } 103 elseif ($folder) 104 { 105 $sql = "DELETE FROM " . TABLE_PLUGINSETTINGS . " WHERE plugin_folder = %s"; 103 } elseif ($folder) { 104 $sql = "DELETE FROM ".TABLE_PLUGINSETTINGS." WHERE plugin_folder = %s"; 106 105 $h->db->query($h->db->prepare($sql, $folder)); 107 106 } 108 107 109 108 // optimize the table 110 $h->db->query("OPTIMIZE TABLE " . TABLE_PLUGINSETTINGS); 111 } 112 113 109 $h->db->query("OPTIMIZE TABLE ".TABLE_PLUGINSETTINGS); 110 } 111 114 112 /** 115 113 * Delete all files in the specified directory except placeholder.txt … … 117 115 * @param string $dir - path to the cache folder 118 116 * @return bool 119 */ 117 */ 120 118 public function deleteFiles($dir) 121 119 { 122 $handle =opendir($dir);123 120 $handle = opendir($dir); 121 124 122 $success = false; 125 while (($file = readdir($handle))!==false) { 126 if (is_file($dir.'/'.$file)) { 127 if ($file != 'placeholder.txt') { 128 if (@unlink($dir.'/'.$file)) { 129 // ignore setting $success for the JavascriptConstants file which is ALWAYS present (even gets regenerated after deletion) 130 if ($file != 'JavascriptConstants.js') { $success = true; } 131 } else { 132 $success = false; 123 while (($file = readdir($handle)) !== false) { 124 if (is_file($dir.'/'.$file)) { 125 if ($file != 'placeholder.txt') { 126 if (@unlink($dir.'/'.$file)) { 127 // ignore setting $success for the JavascriptConstants file which is ALWAYS present (even gets regenerated after deletion) 128 if ($file != 'JavascriptConstants.js') { 129 $success = true; 130 } 131 } else { 132 $success = false; 133 } 133 134 } 134 135 } 135 }136 136 } 137 137 closedir($handle); 138 138 return $success; 139 139 } 140 141 140 142 141 /** 143 142 * Optimize all database tables … … 146 145 { 147 146 $h->db->selectDB(DB_NAME); 148 149 foreach ( $h->db->get_col("SHOW TABLES",0) as $table_name ) 150 { 151 $h->db->query("OPTIMIZE TABLE " . $table_name); 152 } 153 147 148 foreach ($h->db->get_col("SHOW TABLES", 0) as $table_name) { 149 $h->db->query("OPTIMIZE TABLE ".$table_name); 150 } 151 154 152 $h->message = $h->lang['admin_maintenance_optimize_success']; 155 153 $h->messageType = 'green'; 156 154 } 157 158 155 159 156 /** 160 157 * Empty plugin database table … … 165 162 public function emptyTable($h, $table_name, $msg = true) 166 163 { 167 $h->db->query("DELETE FROM " .$table_name);168 164 $h->db->query("DELETE FROM ".$table_name); 165 169 166 if ($msg) { 170 167 $h->message = $h->lang['admin_maintenance_table_emptied']; … … 172 169 } 173 170 } 174 175 171 176 172 /** 177 173 * Delete plugin database table … … 181 177 public function dropTable($h, $table_name, $msg = true) 182 178 { 183 $h->db->query("DROP TABLE " .$table_name);184 179 $h->db->query("DROP TABLE ".$table_name); 180 185 181 if ($msg) { 186 182 $h->message = $h->lang['admin_maintenance_table_deleted']; … … 188 184 } 189 185 } 190 191 186 192 187 /** 193 188 * Open or close the site for maintenance … … 198 193 public function openCloseSite($h, $switch = 'open') 199 194 { 200 if ($switch == 'open') { 195 if ($switch == 'open') { 201 196 // open 202 $sql = "UPDATE " . TABLE_SETTINGS ." SET settings_value = %s WHERE settings_name = %s";197 $sql = "UPDATE ".TABLE_SETTINGS." SET settings_value = %s WHERE settings_name = %s"; 203 198 $h->db->query($h->db->prepare($sql, 'true', 'SITE_OPEN')); 204 199 $h->message = $h->lang['admin_maintenance_site_opened']; … … 206 201 } else { 207 202 //close 208 $sql = "UPDATE " . TABLE_SETTINGS ." SET settings_value = %s WHERE settings_name = %s";203 $sql = "UPDATE ".TABLE_SETTINGS." SET settings_value = %s WHERE settings_name = %s"; 209 204 $h->db->query($h->db->prepare($sql, 'false', 'SITE_OPEN')); 210 205 $h->message = $h->lang['admin_maintenance_site_closed']; … … 212 207 } 213 208 } 214 215 209 216 210 /** 217 211 * Site closed: Exit … … 225 219 226 220 // include current theme style and default style 227 if (file_exists(BASE . 'content/themes/' . $h->pageHandling->default .'css/style.css')) {228 echo "<link rel='stylesheet' href='" . SITEURL . "content/themes/" . $h->pageHandling->default ."css/style.css' type='text/css'>\n";229 } 230 if (file_exists(BASE . 'content/themes/' . THEME .'css/style.css')) {231 echo "<link rel='stylesheet' href='" . SITEURL . "content/themes/" . THEME ."css/style.css' type='text/css'>\n";221 if (file_exists(BASE.'content/themes/'.$h->pageHandling->default.'css/style.css')) { 222 echo "<link rel='stylesheet' href='".SITEURL."content/themes/".$h->pageHandling->default."css/style.css' type='text/css'>\n"; 223 } 224 if (file_exists(BASE.'content/themes/'.THEME.'css/style.css')) { 225 echo "<link rel='stylesheet' href='".SITEURL."content/themes/".THEME."css/style.css' type='text/css'>\n"; 232 226 } 233 227 echo "</HEAD>\n<BODY>\n"; 234 228 echo "<div id='site_closed'>\n"; 235 229 236 230 // show custom maintenance page if one exists: 237 if (file_exists(THEMES . THEME . 'closed.php')) 238 { 231 if (file_exists(THEMES.THEME.'closed.php')) { 239 232 $h->displayTemplate('closed'); 240 } 241 else 242 { 233 } else { 243 234 // show default maintenance page: 244 235 echo $lang['main_hotaru_site_closed']; 245 echo "<br /><span id='site_closed_admin_link'>[<a href='" . SITEURL ."admin_index.php?page=admin_login'>Admin Login</a>]</span>";246 } 247 236 echo "<br /><span id='site_closed_admin_link'>[<a href='".SITEURL."admin_index.php?page=admin_login'>Admin Login</a>]</span>"; 237 } 238 248 239 echo "\n</div>\n</BODY>\n</HTML>\n"; 249 250 die(); exit;251 }252 253 240 241 die(); 242 exit; 243 } 244 254 245 /** 255 246 * Get Site Annoucement for Maintenance Page (AdminPages.php) … … 258 249 { 259 250 // get announcement from database 260 $sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA." WHERE miscdata_key = %s";251 $sql = "SELECT miscdata_value FROM ".TABLE_MISCDATA." WHERE miscdata_key = %s"; 261 252 $query = $h->db->prepare($sql, 'site_announcement'); 262 253 263 254 if ($h->pageName != 'maintenance') { 264 255 $h->smartCache('on', 'miscdata', 60, $query); // start using cache 265 256 } 266 257 267 258 $result = $h->db->get_var($query); 268 259 269 260 if ($h->pageName != 'maintenance') { 270 261 $h->smartCache('off'); // stop using cache 271 262 } 272 263 273 264 // assign results to $h 274 265 if ($result) { … … 280 271 $h->vars['admin_announcement_enabled'] = ""; 281 272 } 282 283 } 284 285 273 } 274 286 275 /** 287 276 * Add Site Annoucement from Maintenance Page (AdminPages.php) … … 298 287 $h->vars['admin_announcement_enabled'] = ""; 299 288 } 300 289 301 290 // prepare annoucment for database entry: 302 $value = array('announcement' =>urlencode($h->vars['admin_announcement']), 'enabled'=>$h->vars['admin_announcement_enabled']);291 $value = array('announcement' => urlencode($h->vars['admin_announcement']), 'enabled' => $h->vars['admin_announcement_enabled']); 303 292 $value = serialize($value); 304 293 305 294 // update existing db record 306 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";295 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 307 296 $h->db->query($h->db->prepare($sql, $value, $h->currentUser->id, 'site_announcement')); 308 297 309 298 // clear the database cache: 310 299 $h->clearCache('db_cache', false); 311 300 312 301 $h->message = $h->lang['admin_maintenance_announcement_updated']; 313 302 $h->messageType = 'green'; 314 303 } 315 316 304 317 305 /** 318 306 * Get all files in the specified directory except placeholder.txt … … 321 309 * @param array $exclude - array of file/folder names to exclude 322 310 * @return array 323 */ 311 */ 324 312 public function getFiles($dir, $exclude = array()) 325 313 { … … 327 315 $exceptions = array('.svn', '.', '..', 'placeholder.txt'); 328 316 $exceptions = array_merge($exceptions, $exclude); 329 330 $handle =opendir($dir);331 332 while (($file = readdir($handle)) !==false) {317 318 $handle = opendir($dir); 319 320 while (($file = readdir($handle)) !== false) { 333 321 if (!in_array($file, $exceptions)) { 334 322 array_push($files, $file); … … 336 324 } 337 325 closedir($handle); 338 339 if ($files) { return $files; } else { return false; } 340 } 326 327 if ($files) { 328 return $files; 329 } 330 return false; 331 } 332 341 333 } 342 ?> -
branches/1.5/libs/PageHandling.php
r2273 r2292 115 115 } 116 116 117 return (bool) ($real_page == $page);117 return (bool) ($real_page === $page); 118 118 } 119 119 -
branches/1.5/libs/ThemeSettings.php
r1662 r2292 1 1 <?php 2 2 3 /** 3 4 * Theme Settings … … 26 27 class ThemeSettings 27 28 { 29 28 30 /** 29 31 * Read and return plugin info from top of a plugin file. … … 34 36 public function readThemeMeta($h, $theme = 'default') 35 37 { 36 if (!$theme) { $theme = rtrim(THEME, '/'); } 37 38 if (!$theme) { 39 $theme = rtrim(THEME, '/'); 40 } 41 38 42 // Include the generic_pmd class that reads post metadata from the a plugin 39 require_once(EXTENSIONS .'GenericPHPConfig/class.metadata.php');43 require_once(EXTENSIONS.'GenericPHPConfig/class.metadata.php'); 40 44 $metaReader = new generic_pmd(); 41 $plugin_metadata = $metaReader->read(THEMES . $theme . '/index.php'); 42 43 if ($plugin_metadata) { return $plugin_metadata; } else { return false; } 45 $plugin_metadata = $metaReader->read(THEMES.$theme.'/index.php'); 46 47 if ($plugin_metadata) { 48 return $plugin_metadata; 49 } else { 50 return false; 51 } 44 52 } 45 46 53 47 54 /** 48 55 * Get and unserialize serialized settings … … 54 61 public function getThemeSettings($h, $theme = '', $return = 'value') 55 62 { 56 if (!$theme) { $theme = rtrim(THEME, '/'); } 57 63 if (!$theme) { 64 $theme = rtrim(THEME, '/'); 65 } 66 58 67 // Get settings from the database if they exist... 59 $sql = "SELECT miscdata_value, miscdata_default FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s"; 60 $settings = $h->db->get_row($h->db->prepare($sql, $theme . '_settings')); 61 if (!$settings) { return false; } 62 68 $sql = "SELECT miscdata_value, miscdata_default FROM ".TABLE_MISCDATA." WHERE miscdata_key = %s"; 69 $settings = $h->db->get_row($h->db->prepare($sql, $theme.'_settings')); 70 if (!$settings) { 71 return false; 72 } 73 63 74 if ($return == 'value') { 64 75 $settings = unserialize($settings->miscdata_value); 65 } else { 76 } else { 66 77 $settings = unserialize($settings->miscdata_default); 67 78 } 68 69 if ($settings) { return $settings; } else { return false; } 79 80 if ($settings) { 81 return $settings; 82 } 83 return FALSE; 70 84 } 71 72 85 73 86 /** 74 87 * Update theme settings … … 77 90 * @param string $theme theme folder name 78 91 * @param string $column 'value', 'default' or 'both' 79 92 80 93 */ 81 94 public function updateThemeSettings($h, $settings = array(), $theme = '', $column = 'value') 82 95 { 83 if (!$theme) { $theme = rtrim(THEME, '/'); } 84 96 if (!$theme) { 97 $theme = rtrim(THEME, '/'); 98 } 99 85 100 $settings = serialize($settings); 86 if (isset($h->currentUser->id)) { $updateby = $h->currentUser->id; } else { $updateby = 1; } 87 101 $updateby = (isset($h->currentUser->id)) ? $h->currentUser->id : 1; 88 102 $exists = $h->getThemeSettings($theme); 89 if (!$exists) 90 { 91 $sql = "INSERT INTO " . TABLE_MISCDATA . " (miscdata_key, miscdata_value, miscdata_default, miscdata_updateby) VALUES (%s, %s, %s, %d)"; 92 $h->db->query($h->db->prepare($sql, $theme . '_settings', $settings, $settings, $updateby)); 93 } 94 else 95 { 103 104 if (!$exists) { 105 $sql = "INSERT INTO ".TABLE_MISCDATA." (miscdata_key, miscdata_value, miscdata_default, miscdata_updateby) VALUES (%s, %s, %s, %d)"; 106 $h->db->query($h->db->prepare($sql, $theme.'_settings', $settings, $settings, $updateby)); 107 } else { 96 108 switch ($column) { 97 109 case 'default': 98 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_default = %s, miscdata_updateby = %d WHERE miscdata_key = %s";99 $h->db->query($h->db->prepare($sql, $settings, $updateby, $theme .'_settings'));110 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_default = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 111 $h->db->query($h->db->prepare($sql, $settings, $updateby, $theme.'_settings')); 100 112 break; 101 113 case 'both': 102 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_value = %s, miscdata_default = %s, miscdata_updateby = %d WHERE miscdata_key = %s";103 $h->db->query($h->db->prepare($sql, $settings, $settings, $updateby, $theme .'_settings'));114 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s, miscdata_default = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 115 $h->db->query($h->db->prepare($sql, $settings, $settings, $updateby, $theme.'_settings')); 104 116 default: 105 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";106 $h->db->query($h->db->prepare($sql, $settings, $updateby, $theme .'_settings'));117 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 118 $h->db->query($h->db->prepare($sql, $settings, $updateby, $theme.'_settings')); 107 119 } 108 120 } 109 110 121 // optimize the table 111 $h->db->query("OPTIMIZE TABLE " .TABLE_MISCDATA);122 $h->db->query("OPTIMIZE TABLE ".TABLE_MISCDATA); 112 123 } 113 124 } 114 ?> -
branches/1.5/libs/UserBase.php
r2162 r2292 1 1 <?php 2 2 3 /** 3 4 * Base User functions for basic info, settings and permissions … … 26 27 class UserBase 27 28 { 28 protected $id = 0; 29 protected $name = ''; 30 protected $role = 'member'; 31 protected $password = 'password'; 32 protected $email = ''; 33 protected $emailValid = 0; 34 protected $loggedIn = false; 35 protected $perms = array(); // permissions 36 protected $settings = array(); // settings 37 protected $profile = array(); // profile 38 protected $ip = 0; 29 30 protected $id = 0; 31 protected $name = ''; 32 protected $role = 'member'; 33 protected $password = 'password'; 34 protected $email = ''; 35 protected $emailValid = 0; 36 protected $loggedIn = false; 37 protected $perms = array(); // permissions 38 protected $settings = array(); // settings 39 protected $profile = array(); // profile 40 protected $ip = 0; 39 41 protected $lastActivity = 0; 40 42 41 42 43 /** 43 44 * Access modifier to set protected properties … … 45 46 public function __set($var, $val) 46 47 { 47 $this->$var = $val; 48 } 49 50 48 $this->$var = $val; 49 } 50 51 51 /** 52 52 * Access modifier to get protected properties … … 56 56 return $this->$var; 57 57 } 58 59 58 60 59 /** 61 60 * Set permission … … 73 72 $this->perms[$perm_name] = $setting; 74 73 } 75 76 74 77 75 /** 78 76 * Set ALL permissions … … 86 84 } 87 85 } 88 89 86 90 87 /** 91 88 * Get permission … … 96 93 public function getPermission($perm_name) 97 94 { 98 if (isset($this->perms[$perm_name])) { 95 if (isset($this->perms[$perm_name])) { 99 96 return $this->perms[$perm_name]; 100 97 } 101 98 return FALSE; 102 99 } 103 104 100 105 101 /** 106 102 * Get ALL permissions (serialized) … … 112 108 return $this->perms; 113 109 } 114 115 110 116 111 /** 117 112 * Get basic user details … … 123 118 * 124 119 * Note: Needs either userid or username, not both 125 */ 120 */ 126 121 public function getUserBasic($h, $userid = 0, $username = '', $no_cache = false) 127 122 { 128 123 // Prepare SQL 129 if ($userid != 0) {// use userid124 if ($userid != 0) { // use userid 130 125 $where = "user_id = %d"; 131 126 $param = $userid; 132 } elseif ($username != '') { 127 } elseif ($username != '') { // use username 133 128 $where = "user_username = %s"; 134 129 $param = $username; … … 136 131 return FALSE; 137 132 } 138 133 139 134 // Build SQL 140 $query = "SELECT user_id, user_username, user_password, user_role, user_email, user_email_valid, user_ip, user_permissions FROM " . TABLE_USERS . " WHERE " .$where;135 $query = "SELECT user_id, user_username, user_password, user_role, user_email, user_email_valid, user_ip, user_permissions FROM ".TABLE_USERS." WHERE ".$where; 141 136 $sql = $h->db->prepare($query, $param); 142 143 if (!isset($h->vars['tempUserCache'])) { $h->vars['tempUserCache'] = array(); } 144 137 138 if (!isset($h->vars['tempUserCache'])) { 139 $h->vars['tempUserCache'] = array(); 140 } 141 145 142 // If this query has already been read once this page load, we should have it in memory... 146 143 if (!$no_cache && array_key_exists($sql, $h->vars['tempUserCache'])) { … … 152 149 $h->vars['tempUserCache'][$sql] = $user_info; 153 150 } 154 155 if (!$user_info) { return false; } 156 151 152 if (!$user_info) { 153 return false; 154 } 155 157 156 $this->id = $user_info->user_id; 158 157 $this->name = $user_info->user_username; … … 162 161 $this->emailValid = $user_info->user_email_valid; 163 162 $this->ip = $user_info->user_ip; 164 163 165 164 return $user_info; 166 165 } 167 168 166 169 167 /** 170 168 * Get full user details (i.e. permissions and settings, too) … … 176 174 * 177 175 * Note: Needs either userid or username, not both 178 */ 176 */ 179 177 public function getUser($h, $userid = 0, $username = '', $no_cache = false) 180 178 { 181 179 $user_info = $this->getUserBasic($h, $userid, $username, $no_cache); 182 if (!$user_info) { return false; } 183 180 if (!$user_info) { 181 return false; 182 } 183 184 184 // If a new plugin is installed, we need a way of adding any new default permissions 185 185 // that plugin provides. So, we get all defaults, then overwrite with existing perms. 186 187 186 // get default permissions for the site 188 187 $default_perms = $this->getDefaultPermissions($h, $this->role); 189 190 // get existing permissions for the user 188 189 // get existing permissions for the user 191 190 $existing_perms = unserialize($user_info->user_permissions); 192 191 193 192 // merge permissions 194 if (!$default_perms) { $default_perms = array(); } 195 if (!$existing_perms) { $existing_perms = array(); } 193 if (!$default_perms) { 194 $default_perms = array(); 195 } 196 if (!$existing_perms) { 197 $existing_perms = array(); 198 } 196 199 $updated_perms = array_merge($default_perms, $existing_perms); 197 200 198 201 $this->setAllPermissions($updated_perms); 199 202 $user_info->user_permissions = serialize($updated_perms); // update $user_info 200 201 203 // get user settings: 202 204 $this->settings = $this->getProfileSettingsData($h, 'user_settings', $this->id); 203 205 $user_info->user_settings = $this->settings; // update $user_info 204 206 205 207 return $user_info; 206 208 } 207 208 209 209 210 /** 210 211 * Add a new user … … 214 215 // get default permissions 215 216 $permissions = $this->getDefaultPermissions($h, $this->role); 216 217 217 218 // get user ip 218 219 $userip = $h->cage->server->testIp('REMOTE_ADDR'); 219 220 220 221 // add user to the database 221 $sql = "INSERT INTO " . TABLE_USERS ." (user_username, user_role, user_date, user_password, user_email, user_permissions, user_ip) VALUES (%s, %s, CURRENT_TIMESTAMP, %s, %s, %s, %s)";222 $sql = "INSERT INTO ".TABLE_USERS." (user_username, user_role, user_date, user_password, user_email, user_permissions, user_ip) VALUES (%s, %s, CURRENT_TIMESTAMP, %s, %s, %s, %s)"; 222 223 $h->db->query($h->db->prepare($sql, $this->name, $this->role, $this->password, $this->email, serialize($permissions), $userip)); 223 224 } 224 225 225 226 226 /** 227 227 * Update a user … … 231 231 //determine if the current user is the same as this object's user 232 232 $updatedby = ($userid != $this->id) ? $userid : $this->id; 233 233 234 234 if ($this->id != 0) { 235 $sql = "UPDATE " . TABLE_USERS ." SET user_username = %s, user_role = %s, user_password = %s, user_email = %s, user_permissions = %s, user_ip = %s, user_updateby = %d WHERE user_id = %d";235 $sql = "UPDATE ".TABLE_USERS." SET user_username = %s, user_role = %s, user_password = %s, user_email = %s, user_permissions = %s, user_ip = %s, user_updateby = %d WHERE user_id = %d"; 236 236 $h->db->query($h->db->prepare($sql, $this->name, $this->role, $this->password, $this->email, serialize($this->getAllPermissions()), $this->ip, $updatedby, $this->id)); 237 237 return TRUE; … … 240 240 return FALSE; 241 241 } 242 243 242 244 243 /** 245 244 * Physically delete this user … … 248 247 * @param array $user_id (optional) 249 248 */ 250 public function deleteUser($h, $user_id = 0) 251 { 252 if (!$user_id) { $user_id = $this->id; } 253 254 $h->pluginHook('userbase_delete_user', '', array('user_id'=>$user_id)); 255 256 $sql = "DELETE FROM " . TABLE_USERS . " WHERE user_id = %d"; 249 public function deleteUser($h, $user_id = 0) 250 { 251 if (!$user_id) { 252 $user_id = $this->id; 253 } 254 255 $h->pluginHook('userbase_delete_user', '', array('user_id' => $user_id)); 256 257 $sql = "DELETE FROM ".TABLE_USERS." WHERE user_id = %d"; 257 258 $h->db->query($h->db->prepare($sql, $user_id)); 258 259 $sql = "DELETE FROM " . TABLE_USERMETA ." WHERE usermeta_userid = %d";259 260 $sql = "DELETE FROM ".TABLE_USERMETA." WHERE usermeta_userid = %d"; 260 261 $h->db->query($h->db->prepare($sql, $user_id)); 261 262 } 262 263 263 264 264 /** … … 270 270 * @return array $perms 271 271 */ 272 public function getDefaultPermissions($h, $role = '', $defaults = 'site', $options_only = false) 272 public function getDefaultPermissions($h, $role = '', $defaults = 'site', $options_only = false) 273 273 { 274 274 $perms = array(); // to be filled with default permissions for this user 275 276 275 // get site or base permissions (i.e. the originals) 277 $field = ($defaults == 'site') ? 'miscdata_value' :'miscdata_default';278 276 $field = ($defaults == 'site') ? 'miscdata_value' : 'miscdata_default'; 277 279 278 // get default permissions from the database: 280 $query = "SELECT " . $field . " FROM " . TABLE_MISCDATA ." WHERE miscdata_key = %s LIMIT 1";279 $query = "SELECT ".$field." FROM ".TABLE_MISCDATA." WHERE miscdata_key = %s LIMIT 1"; 281 280 $sql = $h->db->prepare($query, 'permissions'); 282 281 283 282 // Create temp cache array 284 if (!isset($h->vars['tempPermissionsCache'])) { $h->vars['tempPermissionsCache'] = array(); } 285 283 if (!isset($h->vars['tempPermissionsCache'])) { 284 $h->vars['tempPermissionsCache'] = array(); 285 } 286 286 287 // If this query has already been read once this page load, we should have it in memory... 287 288 if (array_key_exists($sql, $h->vars['tempPermissionsCache'])) { … … 293 294 $h->vars['tempPermissionsCache'][$sql] = $db_perms; 294 295 } 295 296 296 297 $permissions = unserialize($db_perms); 297 298 298 299 if (!$permissions) { 299 300 // must return an empty array for array_merge, not false. 300 301 return array(); 301 302 } 302 303 303 304 if ($options_only) { 304 305 // the editPermissions function in the Users plugin needs these 305 return $permissions['options']; 306 } 307 306 return $permissions['options']; 307 } 308 308 309 if ($role == 'all') { 309 310 // plugins need all permissions and options when installed 310 311 return $permissions; 311 312 } 312 313 313 314 unset($permissions['options']); // don't need the options anymore 314 315 foreach ($permissions as $perm => $roles) { 315 316 foreach ($permissions as $perm => $roles) { 316 317 if (isset($roles[$role])) { 317 318 $perms[$perm] = $roles[$role]; // perm for this role … … 320 321 } 321 322 } 322 323 323 324 return $perms; 324 325 } 325 326 326 327 327 /** 328 328 * Update Default permissions … … 332 332 * @param bool $remove - false if adding perms, true if deleting them 333 333 */ 334 public function updateDefaultPermissions($h, $new_perms = array(), $defaults = 'both', $remove = false) 335 { 336 if (!$new_perms) { return false; } 337 334 public function updateDefaultPermissions($h, $new_perms = array(), $defaults = 'both', $remove = false) 335 { 336 if (!$new_perms) { 337 return false; 338 } 339 338 340 // get and merge permissions 339 if ($defaults == 'site') 340 { 341 if ($defaults == 'site') { 341 342 if ($remove) { 342 343 $site_perms = $new_perms; 343 344 } else { 344 $site_perms = $this->getDefaultPermissions($h, 'all', 'site'); //get site defaults345 $site_perms = $this->getDefaultPermissions($h, 'all', 'site'); //get site defaults 345 346 $site_perms = array_merge_recursive($site_perms, $new_perms); // merge 346 347 } 347 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_value = %s WHERE miscdata_key = %s";348 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s WHERE miscdata_key = %s"; 348 349 $h->db->query($h->db->prepare($sql, serialize($site_perms), 'permissions')); 349 } 350 elseif ($defaults == 'base') 351 { 350 } elseif ($defaults == 'base') { 352 351 if ($remove) { 353 352 $base_perms = $new_perms; 354 353 } else { 355 $base_perms = $this->getDefaultPermissions($h, 'all', 'base'); // get base defaults354 $base_perms = $this->getDefaultPermissions($h, 'all', 'base'); // get base defaults 356 355 $base_perms = array_merge_recursive($base_perms, $new_perms); // merge 357 356 } 358 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_default = %s WHERE miscdata_key = %s";357 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_default = %s WHERE miscdata_key = %s"; 359 358 $h->db->query($h->db->prepare($sql, serialize($base_perms), 'permissions')); 360 } 361 else 362 { 359 } else { 363 360 if ($remove) { 364 361 $site_perms = $new_perms; 365 362 $base_perms = $new_perms; 366 363 } else { 367 $site_perms = $this->getDefaultPermissions($h, 'all', 'site'); //get site defaults364 $site_perms = $this->getDefaultPermissions($h, 'all', 'site'); //get site defaults 368 365 $site_perms = array_merge_recursive($site_perms, $new_perms); // merge 369 $base_perms = $this->getDefaultPermissions($h, 'all', 'base'); // get base defaults366 $base_perms = $this->getDefaultPermissions($h, 'all', 'base'); // get base defaults 370 367 $base_perms = array_merge_recursive($base_perms, $new_perms); // merge 371 368 } 372 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_value = %s, miscdata_default = %s WHERE miscdata_key = %s";369 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s, miscdata_default = %s WHERE miscdata_key = %s"; 373 370 $h->db->query($h->db->prepare($sql, serialize($site_perms), serialize($base_perms), 'permissions')); 374 371 } 375 372 } 376 377 373 378 374 /** 379 375 * update permissions in the database … … 383 379 public function updatePermissions($h) 384 380 { 385 $sql = "UPDATE " . TABLE_USERS ." SET user_permissions = %s WHERE user_id = %d";381 $sql = "UPDATE ".TABLE_USERS." SET user_permissions = %s WHERE user_id = %d"; 386 382 $h->db->query($h->db->prepare($sql, serialize($this->getAllPermissions()), $this->id)); 387 383 388 384 // for undermods and above, set their emailValid to true when updating permissions or changing role 389 385 $safe_array = array('undermod', 'member', 'moderator', 'supermod', 'admin'); 390 386 if (!$this->emailValid && in_array($this->role, $safe_array)) { 391 $sql = "UPDATE " . TABLE_USERS ." SET user_email_valid = %d WHERE user_id = %d";387 $sql = "UPDATE ".TABLE_USERS." SET user_email_valid = %d WHERE user_id = %d"; 392 388 $h->db->query($h->db->prepare($sql, 1, $this->id)); 393 389 } 394 390 } 395 396 397 /** 398 * Get a user's profile or settings data 399 * 400 * @return array|false 401 */ 391 392 /** 393 * Get a user's profile or settings data 394 * 395 * @return array|false 396 */ 402 397 public function getProfileSettingsData($h, $type = 'user_profile', $userid = 0, $check_exists_only = false) 403 398 { 404 if (!$userid) { $userid = $this->id; } 405 406 $query = "SELECT usermeta_value FROM " . DB_PREFIX . "usermeta WHERE usermeta_userid = %d AND usermeta_key = %s LIMIT 1"; 399 if (!$userid) { 400 $userid = $this->id; 401 } 402 403 $query = "SELECT usermeta_value FROM ".TABLE_USERMETA." WHERE usermeta_userid = %d AND usermeta_key = %s LIMIT 1"; 407 404 $sql = $h->db->prepare($query, $userid, $type); 408 409 if (isset($h->vars[$sql])) { 410 $result = $h->vars[$sql]; 405 406 if (isset($h->vars[$sql])) { 407 $result = $h->vars[$sql]; 411 408 } else { 412 409 $h->smartCache('on', 'usermeta', 60, $sql); // start using database cache 413 410 $result = $h->db->get_var($sql); 414 $h->vars[$sql] = $result; 411 $h->vars[$sql] = $result; // cache result in memory (saves for just this page load) 415 412 $h->smartCache('off'); // stop using database cache 416 413 } 417 414 418 415 // if we're only testing to see if the settings exist, return here: 419 if($check_exists_only && $result) { return true; } 420 if($check_exists_only && !$result) { return false; } 421 422 if ($result) { 416 if ($check_exists_only && $result) { 417 return true; 418 } 419 if ($check_exists_only && !$result) { 420 return false; 421 } 422 423 if ($result) { 423 424 $result = unserialize($result); 424 425 if ($type == 'user_settings') { … … 433 434 return false; 434 435 } 435 436 return $result; 437 } 438 439 436 437 return $result; 438 } 439 440 440 /** 441 441 * Save a user's profile or settings data … … 445 445 public function saveProfileSettingsData($h, $data = array(), $type = 'user_profile', $userid = 0) 446 446 { 447 if (!$data) { return false; } 448 if (!$userid) { $userid = $this->id; } 449 447 if (!$data) { 448 return false; 449 } 450 if (!$userid) { 451 $userid = $this->id; 452 } 453 450 454 $result = $h->getProfileSettingsData($type, $userid, true); 451 455 452 456 if (!$result) { 453 $sql = "INSERT INTO " . TABLE_USERMETA ." (usermeta_userid, usermeta_key, usermeta_value, usermeta_updateby) VALUES(%d, %s, %s, %d)";457 $sql = "INSERT INTO ".TABLE_USERMETA." (usermeta_userid, usermeta_key, usermeta_value, usermeta_updateby) VALUES(%d, %s, %s, %d)"; 454 458 $h->db->get_row($h->db->prepare($sql, $userid, $type, serialize($data), $h->currentUser->id)); 455 459 } else { 456 $sql = "UPDATE " . TABLE_USERMETA ." SET usermeta_value = %s, usermeta_updateby = %d WHERE usermeta_userid = %d AND usermeta_key = %s";460 $sql = "UPDATE ".TABLE_USERMETA." SET usermeta_value = %s, usermeta_updateby = %d WHERE usermeta_userid = %d AND usermeta_key = %s"; 457 461 $h->db->get_row($h->db->prepare($sql, serialize($data), $h->currentUser->id, $userid, $type)); 458 462 } 459 463 460 464 return true; 461 465 } 462 463 466 464 467 /** 465 468 * Get the default user settings … … 470 473 public function getDefaultSettings($h, $type = 'site') 471 474 { 472 if ($type == 'site') { 473 $field = 'miscdata_value'; 474 } elseif ($type == 'base') { 475 if ($type == 'site') { 476 $field = 'miscdata_value'; 477 } elseif ($type == 'base') { 475 478 $field = 'miscdata_default'; 476 } else { 477 return false; 478 } 479 480 $query = "SELECT " . $field . " FROM " . TABLE_MISCDATA ." WHERE miscdata_key = %s LIMIT 1";479 } else { 480 return false; 481 } 482 483 $query = "SELECT ".$field." FROM ".TABLE_MISCDATA." WHERE miscdata_key = %s LIMIT 1"; 481 484 $sql = $h->db->prepare($query, 'user_settings'); 482 483 if (isset($h->vars['default_user_settings'][$sql])) { 484 $result = $h->vars['default_user_settings'][$sql]; 485 486 if (isset($h->vars['default_user_settings'][$sql])) { 487 $result = $h->vars['default_user_settings'][$sql]; 485 488 } else { 486 489 $h->smartCache('on', 'miscdata', 60, $sql); // start using database cache … … 489 492 $h->smartCache('off'); // stop using database cache 490 493 } 491 494 492 495 if ($result) { 493 496 return unserialize($result); 494 } else { 495 return false; 496 } 497 } 498 499 497 } 498 return false; 499 } 500 500 501 /** 501 502 * Update the default user settings … … 507 508 public function updateDefaultSettings($h, $settings, $type = 'site') 508 509 { 509 if (!$settings) { return false; } else { $settings = serialize($settings); } 510 510 if (!$settings) { 511 return false; 512 } 513 $settings = serialize($settings); 514 511 515 if ($type == 'site') { 512 516 // update the site defaults 513 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";517 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 514 518 $h->db->query($h->db->prepare($sql, $settings, $h->currentUser->id, 'user_settings')); 515 519 } elseif ($type == 'base') { 516 520 // update the base defaults 517 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_default = %s, miscdata_updateby = %d WHERE miscdata_key = %s";521 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_default = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 518 522 $h->db->query($h->db->prepare($sql, $settings, $h->currentUser->id, 'user_settings')); 519 523 } 520 524 } 521 522 525 523 526 /** … … 527 530 * @return array|false 528 531 */ 529 public function getRoles($h, $type = 'all') 530 { 531 switch ($type) 532 { 532 public function getRoles($h, $type = 'all') 533 { 534 switch ($type) { 533 535 case 'default': 534 536 return $this->getDefaultRoles(); … … 543 545 } 544 546 545 546 547 /** 547 548 * Get Unique User Roles … … 549 550 * @return array|false 550 551 */ 551 public function getUniqueRoles($h) 552 public function getUniqueRoles($h) 552 553 { 553 554 $unique_roles = $this->getDefaultRoles(); 554 555 555 556 // Add any custom roles: 556 557 $custom_roles = $this->getCustomRoles($h); 557 if ($custom_roles) 558 { 559 foreach ($custom_roles as $role) 560 { 561 if (!in_array($role, $unique_roles)) 562 { 558 if ($custom_roles) { 559 foreach ($custom_roles as $role) { 560 if (!in_array($role, $unique_roles)) { 563 561 array_push($unique_roles, $role); 564 562 } 565 563 } 566 564 } 567 568 if ($unique_roles) { return $unique_roles; } else { return false; } 569 } 570 565 566 if ($unique_roles) { 567 return $unique_roles; 568 } 569 return false; 570 } 571 571 572 572 /** … … 575 575 * @return array|false 576 576 */ 577 public function getDefaultRoles() 578 { 579 return array('admin', 'supermod', 'moderator', 'member', 'undermod', 'pending', 'suspended', 'banned', 'killspammed'); 580 } 581 577 public function getDefaultRoles() 578 { 579 return array('admin', 'supermod', 'moderator', 'member', 'undermod', 'pending', 'suspended', 'banned', 'killspammed'); 580 } 582 581 583 582 /** … … 586 585 * @return array|false 587 586 */ 588 public function getCustomRoles($h) 589 { 590 $sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA ." WHERE miscdata_key = %s LIMIT 1";587 public function getCustomRoles($h) 588 { 589 $sql = "SELECT miscdata_value FROM ".TABLE_MISCDATA." WHERE miscdata_key = %s LIMIT 1"; 591 590 $result = $h->db->get_var($h->db->prepare($sql, 'custom_roles')); 592 if (!$result) { return false; } 593 591 if (!$result) { 592 return false; 593 } 594 594 595 $custom_roles = unserialize($result); // result should be an array 595 596 596 return $custom_roles; 597 } 598 597 return $custom_roles; 598 } 599 599 600 600 /** … … 604 604 * @return bool 605 605 */ 606 public function addCustomRole($h, $new_role = '', $base_role = 'default') 607 { 608 if (!$new_role) { return false; } 606 public function addCustomRole($h, $new_role = '', $base_role = 'default') 607 { 608 if (!$new_role) { 609 return false; 610 } 609 611 610 612 $new_role = mb_strtolower($new_role, 'UTF-8'); … … 612 614 // test if this role name is reserved: 613 615 $default_roles = $this->getDefaultRoles(); 614 if (in_array($new_role, $default_roles)) { return false; } 616 if (in_array($new_role, $default_roles)) { 617 return false; 618 } 615 619 616 620 // test if this role name is already a custom role: 617 621 $custom_roles = $this->getCustomRoles($h); 618 if ($custom_roles && (in_array($new_role, $custom_roles))) { return false; } 622 if ($custom_roles && (in_array($new_role, $custom_roles))) { 623 return false; 624 } 619 625 620 626 // add new role to custom roles 621 if (!$custom_roles) { $custom_roles = array(); } 627 if (!$custom_roles) { 628 $custom_roles = array(); 629 } 622 630 array_push($custom_roles, $new_role); 623 631 624 632 // check custom_roles row exists in the database: 625 $sql = "SELECT miscdata_id FROM " . TABLE_MISCDATA ." WHERE miscdata_key = %s LIMIT 1";633 $sql = "SELECT miscdata_id FROM ".TABLE_MISCDATA." WHERE miscdata_key = %s LIMIT 1"; 626 634 $result = $h->db->get_var($h->db->prepare($sql, 'custom_roles')); 627 635 628 636 // update or insert accordingly 629 if ($result) 630 { 631 $sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 637 if ($result) { 638 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 632 639 $h->db->query($h->db->prepare($sql, serialize($custom_roles), $h->currentUser->id, 'custom_roles')); 633 } 634 else 635 { 636 $sql = "INSERT INTO " . TABLE_MISCDATA . " (miscdata_key, miscdata_value, miscdata_updateby) VALUES(%s, %s, %d)"; 640 } else { 641 $sql = "INSERT INTO ".TABLE_MISCDATA." (miscdata_key, miscdata_value, miscdata_updateby) VALUES(%s, %s, %d)"; 637 642 $h->db->query($h->db->prepare($sql, 'custom_roles', serialize($custom_roles), $h->currentUser->id)); 638 643 } … … 651 656 } 652 657 653 654 658 /** 655 659 * Remove Custom User Role … … 659 663 * @return bool 660 664 */ 661 public function removeCustomRole($h, $remove_role = '', $move_to = '') 662 { 663 if (!$remove_role) { return false; } 665 public function removeCustomRole($h, $remove_role = '', $move_to = '') 666 { 667 if (!$remove_role) { 668 return false; 669 } 664 670 665 671 $remove_role = mb_strtolower($remove_role, 'UTF-8'); … … 667 673 // return false if this is a default role: 668 674 $default_roles = $this->getDefaultRoles(); 669 if (in_array($remove_role, $default_roles)) { return false; } 675 if (in_array($remove_role, $default_roles)) { 676 return false; 677 } 670 678 671 679 // return false if this is not a custom role: 672 680 $custom_roles = $this->getCustomRoles($h); 673 if (!$custom_roles || (!in_array($remove_role, $custom_roles))) { return false; } 681 if (!$custom_roles || (!in_array($remove_role, $custom_roles))) { 682 return false; 683 } 674 684 675 685 // update all users with the old role 676 if ($move_to) { $this->bulkRoleChange($h, $remove_role, $move_to); } 686 if ($move_to) { 687 $this->bulkRoleChange($h, $remove_role, $move_to); 688 } 677 689 678 690 // remove role from custom roles 679 691 $custom_roles = array_remove($custom_roles, $remove_role); // custom Hotaru function 680 681 692 // update custom_roles record 682 $sql = "UPDATE " . TABLE_MISCDATA ." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";693 $sql = "UPDATE ".TABLE_MISCDATA." SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s"; 683 694 $h->db->query($h->db->prepare($sql, serialize($custom_roles), $h->currentUser->id, 'custom_roles')); 684 695 … … 696 707 } 697 708 698 699 709 /** 700 710 * Bulk User Role Change … … 704 714 * @return bool 705 715 */ 706 public function bulkRoleChange($h, $from = '', $to = '') 707 { 708 if (!$from || !$to) { return false; } 716 public function bulkRoleChange($h, $from = '', $to = '') 717 { 718 if (!$from || !$to) { 719 return false; 720 } 709 721 710 722 // check $from and $to exist 711 723 $unique_roles = $this->getUniqueRoles($h); 712 if (!in_array($from, $unique_roles)) { return false; } 713 if (!in_array($to, $unique_roles)) { return false; } 714 715 $sql = "SELECT user_id FROM " . TABLE_USERS . " WHERE user_role = %s"; 724 if (!in_array($from, $unique_roles)) { 725 return false; 726 } 727 if (!in_array($to, $unique_roles)) { 728 return false; 729 } 730 731 $sql = "SELECT user_id FROM ".TABLE_USERS." WHERE user_role = %s"; 716 732 $items = $h->db->get_results($h->db->prepare($sql, $from)); 717 if ($items) 718 { 733 if ($items) { 719 734 // Change role and permissions for each user being moved 720 foreach ($items as $item) 721 { 735 foreach ($items as $item) { 722 736 $user = new UserAuth(); 723 737 $user->getUser($h, $item->user_id); … … 728 742 } 729 743 } 730 744 731 745 return true; 732 746 } 733 734 747 735 748 /** … … 741 754 * @return array 742 755 */ 743 public function copyRolePerms($h, $perms = array(), $new_role = '', $base_role = 'default') 744 { 745 if (!$perms || !$new_role) { return array(); } 756 public function copyRolePerms($h, $perms = array(), $new_role = '', $base_role = 'default') 757 { 758 if (!$perms || !$new_role) { 759 return array(); 760 } 746 761 747 762 $new_perms = array(); 748 763 749 foreach ($perms as $perm => $roles) 750 { 751 foreach ($roles as $role => $value) 752 { 753 if ($role == $base_role) 754 { 764 foreach ($perms as $perm => $roles) { 765 foreach ($roles as $role => $value) { 766 if ($role == $base_role) { 755 767 $new_perms[$perm][$new_role] = $value; 756 768 } 757 } 769 } 758 770 } 759 771 760 772 return $new_perms; 761 773 } 762 763 774 764 775 /** … … 770 781 * @return array 771 782 */ 772 public function removeRolePerms($h, $perms = array(), $delete_role = '') 773 { 774 if (!$perms || !$delete_role) { return array(); } 775 776 foreach ($perms as $perm => $roles) 777 { 778 foreach ($roles as $role => $value) 779 { 780 if ($role == $delete_role) 781 { 783 public function removeRolePerms($h, $perms = array(), $delete_role = '') 784 { 785 if (!$perms || !$delete_role) { 786 return array(); 787 } 788 789 foreach ($perms as $perm => $roles) { 790 foreach ($roles as $role => $value) { 791 if ($role == $delete_role) { 782 792 unset($perms[$perm][$delete_role]); 783 793 } 784 } 794 } 785 795 } 786 796 787 797 return $perms; 788 798 } 799 789 800 } -
branches/1.5/libs/UserInfo.php
r2168 r2292 26 26 class UserInfo extends UserBase 27 27 { 28 28 29 /** 29 30 * Get the username for a given user id … … 34 35 public function getUserNameFromId($h, $id = 0) 35 36 { 36 $sql = "SELECT user_username FROM " . TABLE_USERS ." WHERE user_id = %d LIMIT 1";37 37 $sql = "SELECT user_username FROM ".TABLE_USERS." WHERE user_id = %d LIMIT 1"; 38 38 39 $username = $h->db->get_var($h->db->prepare($sql, $id)); 39 if ($username) { return $username; } else { return false; } 40 } 41 42 40 if ($username) { 41 return $username; 42 } 43 return false; 44 } 45 43 46 /** 44 47 * Get the user id for a given username … … 49 52 public function getUserIdFromName($h, $username = '') 50 53 { 51 $sql = "SELECT user_id FROM " . TABLE_USERS ." WHERE user_username = %s LIMIT 1";52 54 $sql = "SELECT user_id FROM ".TABLE_USERS." WHERE user_username = %s LIMIT 1"; 55 53 56 $userid = $h->db->get_var($h->db->prepare($sql, $username)); 54 if ($userid) { return $userid; } else { return false; } 55 } 56 57 57 if ($userid) { 58 return $userid; 59 } 60 return false; 61 } 62 58 63 /** 59 64 * Get the email from user id … … 64 69 public function getEmailFromId($h, $userid = 0) 65 70 { 66 $sql = "SELECT user_email FROM " . TABLE_USERS ." WHERE user_id = %d LIMIT 1";67 71 $sql = "SELECT user_email FROM ".TABLE_USERS." WHERE user_id = %d LIMIT 1"; 72 68 73 $email = $h->db->get_var($h->db->prepare($sql, $userid)); 69 if ($email) { return $email; } else { return false; } 70 } 71 72 74 if ($email) { 75 return $email; 76 } 77 return false; 78 } 79 73 80 /** 74 81 * Get the user id from email … … 79 86 public function getUserIdFromEmail($h, $email = '') 80 87 { 81 $sql = "SELECT user_id FROM " . TABLE_USERS ." WHERE user_email = %s LIMIT 1";82 88 $sql = "SELECT user_id FROM ".TABLE_USERS." WHERE user_email = %s LIMIT 1"; 89 83 90 $userid = $h->db->get_var($h->db->prepare($sql, $email)); 84 if ($userid) { return $userid; } else { return false; } 85 } 86 87 88 /** 91 if ($userid) { 92 return $userid; 93 } 94 return false; 95 } 96 97 /** 89 98 * Checks if the user has an 'admin' role 90 99 * … … 93 102 public function isAdmin($db, $username) 94 103 { 95 $sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_username = %s AND user_role = %s LIMIT 1"; 96 $role = $db->get_row($db->prepare($sql, $username, 'admin')); 97 98 if ($role) { return true; } else { return false; } 99 } 100 101 104 $sql = "SELECT * FROM ".TABLE_USERS." WHERE user_username = %s AND user_role = %s LIMIT 1"; 105 return (bool) $db->get_row($db->prepare($sql, $username, 'admin')); 106 } 107 102 108 /** 103 109 * Check if a user exists … … 113 119 // id found 114 120 if ($id != 0) { 115 if ($db->get_var($db->prepare("SELECT user_id FROM " . TABLE_USERS ." WHERE user_id = %d LIMIT 1", $id))) {121 if ($db->get_var($db->prepare("SELECT user_id FROM ".TABLE_USERS." WHERE user_id = %d LIMIT 1", $id))) { 116 122 return 'id'; // id exists 117 } 118 } 119 123 } 124 } 125 120 126 // name found 121 127 if ($username != '') { 122 if ($db->get_var($db->prepare("SELECT user_id FROM " . TABLE_USERS ." WHERE user_username = %s LIMIT 1", $username))) {128 if ($db->get_var($db->prepare("SELECT user_id FROM ".TABLE_USERS." WHERE user_username = %s LIMIT 1", $username))) { 123 129 return 'name'; // username exists 124 130 } 125 } 126 131 } 132 127 133 // email found 128 134 if ($email != '') { 129 if ($db->get_var($db->prepare("SELECT user_id FROM " . TABLE_USERS ." WHERE user_email = %s LIMIT 1", $email))) {135 if ($db->get_var($db->prepare("SELECT user_id FROM ".TABLE_USERS." WHERE user_email = %s LIMIT 1", $email))) { 130 136 return 'email'; // email exists 131 137 } 132 } 133 138 } 139 134 140 // Error - no arguments provided 135 141 if (($id == 0) && ($username == '') && ($email == '')) { 136 142 return 'error'; // no arguments provided 137 } 138 143 } 144 139 145 return 'no'; // User doesn't exist 140 146 } 141 142 147 143 148 /** 144 149 * Check if an username exists in the database (used in forgotten password) … … 151 156 public function nameExists($h, $username = '', $role = '', $exclude = 0) 152 157 { 153 if (!$username) { return false; } 154 155 if (!$exclude) { 156 if ($role) { 157 $sql = "SELECT user_username FROM " . TABLE_USERS . " WHERE user_username = %s AND user_role = %s LIMIT 1"; 158 $valid_username = $h->db->get_var($h->db->prepare($sql, $username, $role)); 159 } else { 160 $sql = "SELECT user_username FROM " . TABLE_USERS . " WHERE user_username = %s LIMIT 1"; 161 $valid_username = $h->db->get_var($h->db->prepare($sql, $username)); 162 } 163 } else { 164 if ($role) { 165 $sql = "SELECT user_username FROM " . TABLE_USERS . " WHERE user_username = %s AND user_role = %s AND user_id != %d LIMIT 1"; 166 $valid_username = $h->db->get_var($h->db->prepare($sql, $username, $role, $exclude)); 167 } else { 168 $sql = "SELECT user_username FROM " . TABLE_USERS . " WHERE user_username = %s AND user_id != %d LIMIT 1"; 169 $valid_username = $h->db->get_var($h->db->prepare($sql, $username, $exclude)); 170 } 171 } 172 173 if ($valid_username) { return $valid_username; } else { return false; } 174 } 175 176 158 if (!$username) { 159 return false; 160 } 161 162 $q_role = ($role) ? 'AND user_role = %s' : ''; 163 $q_exclude = (!$exclude) ? ' AND user_id != %d' : ''; 164 $sql = "SELECT user_username FROM ".TABLE_USERS." WHERE user_username = %s".$q_role.$q_exclude." LIMIT 1"; 165 $valid_username = $h->db->get_var($h->db->prepare($sql, $username, $role, $exclude)); 166 if ($valid_username) { 167 return $valid_username; 168 } 169 170 return FALSE; 171 } 172 177 173 /** 178 174 * Check if an email exists in the database (used in forgotten password) … … 185 181 public function emailExists($h, $email = '', $role = '', $exclude = 0) 186 182 { 187 if (!$email) { return false; } 188 189 if (!$exclude) { 190 if ($role) { 191 $sql = "SELECT user_email FROM " . TABLE_USERS . " WHERE user_email = %s AND user_role = %s LIMIT 1"; 192 $valid_email = $h->db->get_var($h->db->prepare($sql, $email, $role)); 193 } else { 194 $sql = "SELECT user_email FROM " . TABLE_USERS . " WHERE user_email = %s LIMIT 1"; 195 $valid_email = $h->db->get_var($h->db->prepare($sql, $email)); 196 } 197 } else { 198 if ($role) { 199 $sql = "SELECT user_email FROM " . TABLE_USERS . " WHERE user_email = %s AND user_role = %s AND user_id != %d LIMIT 1"; 200 $valid_email = $h->db->get_var($h->db->prepare($sql, $email, $role, $exclude)); 201 } else { 202 $sql = "SELECT user_email FROM " . TABLE_USERS . " WHERE user_email = %s AND user_id != %d LIMIT 1"; 203 $valid_email = $h->db->get_var($h->db->prepare($sql, $email, $exclude)); 204 } 205 } 206 207 if ($valid_email) { return $valid_email; } else { return false; } 208 } 209 210 183 if (!$email) { 184 return false; 185 } 186 187 $q_role = ($role) ? 'AND user_role = %s' : ''; 188 $q_exclude = (!$exclude) ? ' AND user_id != %d' : ''; 189 $sql = "SELECT user_email FROM ".TABLE_USERS." WHERE user_username = %s".$q_role.$q_exclude." LIMIT 1"; 190 $valid_email = $h->db->get_var($h->db->prepare($sql, $email, $role, $exclude)); 191 if ($valid_email) { 192 return $valid_email; 193 } 194 195 return FALSE; 196 } 197 211 198 /** 212 199 * Get all users with permission to access admin … … 214 201 public function getMods($h, $permission = 'can_access_admin', $value = 'yes') 215 202 { 216 $sql = "SELECT user_id FROM " . TABLE_USERS ." WHERE (user_role = %s) || (user_role = %s) || (user_role = %s)";203 $sql = "SELECT user_id FROM ".TABLE_USERS." WHERE (user_role = %s) || (user_role = %s) || (user_role = %s)"; 217 204 $users = $h->db->get_results($h->db->prepare($sql, 'admin', 'supermod', 'moderator')); 218 219 if (!$users) { return false; } 220 205 206 if (!$users) { 207 return false; 208 } 209 221 210 $mods = array(); 222 211 223 212 foreach ($users as $user) { 224 213 $details = new UserBase(); … … 233 222 return $mods; 234 223 } 235 236 224 237 225 /** 238 226 * Get the ids and names of all users or those with a specified role, sorted alphabetically … … 243 231 public function userIdNameList($h, $role = '') 244 232 { 245 if ($role) { 246 $sql = "SELECT user_id, user_username FROM " . TABLE_USERS ." WHERE user_role = %s ORDER BY user_username ASC";233 if ($role) { 234 $sql = "SELECT user_id, user_username FROM ".TABLE_USERS." WHERE user_role = %s ORDER BY user_username ASC"; 247 235 $results = $h->db->get_results($h->db->prepare($sql, $role)); 248 236 } else { 249 $sql = "SELECT user_id, user_username FROM " . TABLE_USERS ." ORDER BY user_username ASC";237 $sql = "SELECT user_id, user_username FROM ".TABLE_USERS." ORDER BY user_username ASC"; 250 238 $results = $h->db->get_results($sql); 251 239 } 252 240 253 241 return $results; 254 242 } 255 256 243 257 244 /** 258 245 * Get settings for all users … … 262 249 public function userSettingsList($h, $userid = 0) 263 250 { 264 if ($userid) { 251 if ($userid) { 265 252 $settings = $h->getProfileSettingsData($type = 'user_settings', $userid); 266 253 return $settings; 267 254 } else { 268 $sql = "SELECT usermeta_userid, usermeta_value FROM " . DB_PREFIX . "usermetaWHERE usermeta_key = %s";255 $sql = "SELECT usermeta_userid, usermeta_value FROM ".TABLE_USERMETA." WHERE usermeta_key = %s"; 269 256 $results = $h->db->get_results($h->db->prepare($sql, 'user_settings')); 270 257 } 271 258 272 259 return $results; 273 260 } 274 275 261 276 262 /** 277 263 * Get full details of all users or batches of users, sorted alphabetically … … 286 272 if (!$id_array) { 287 273 // get all users 288 $sql = "SELECT * FROM " . TABLE_USERS ." ORDER BY user_username ASC";274 $sql = "SELECT * FROM ".TABLE_USERS." ORDER BY user_username ASC"; 289 275 $results = $h->db->get_results($sql); 290 276 } else { 291 277 // for grabbing 292 if ($range) { $limit = " LIMIT " . $start . ", " . $range; } 293 $sql = "SELECT * FROM " . TABLE_USERS . " WHERE "; 294 for ($i=0; $i < count($id_array); $i++) { 278 if ($range) { 279 $limit = " LIMIT ".$start.", ".$range; 280 } 281 $sql = "SELECT * FROM ".TABLE_USERS." WHERE "; 282 for ($i = 0; $i < count($id_array); $i++) { 295 283 $sql .= "user_id = %d OR "; 296 284 } 297 285 $sql = rstrtrim($sql, "OR "); // strip trailing OR 298 $sql .= " ORDER BY user_username ASC" .$limit;299 286 $sql .= " ORDER BY user_username ASC".$limit; 287 300 288 $prepare_array[0] = $sql; 301 289 $prepare_array = array_merge($prepare_array, $id_array); … … 304 292 return $results; 305 293 } 306 307 294 308 295 /** 309 296 * Stats for Admin homepage … … 314 301 public function stats($h) 315 302 { 316 $sql = "SELECT user_role, count(user_id) FROM " . TABLE_USERS ." GROUP BY user_role";303 $sql = "SELECT user_role, count(user_id) FROM ".TABLE_USERS." GROUP BY user_role"; 317 304 $query = $h->db->prepare($sql); 318 305 $h->smartCache('on', 'users', 60, $query); // start using cache 319 306 $users = $h->db->get_results($query, 'ARRAY_N'); 320 307 $h->smartCache('off'); // stop using cache 321 308 322 309 return $users; 323 310 } 311 324 312 } -
branches/1.5/libs/Widget.php
r2185 r2292 24 24 * @link http://www.hotarucms.org/ 25 25 */ 26 27 26 class Widget 28 27 { 28 29 29 /** 30 30 * Initialize widgets … … 33 33 { 34 34 // Get settings from the database if they exist... 35 $widgets_settings = $h->getSerializedSettings('widgets'); 36 35 $widgets_settings = $h->getSerializedSettings('widgets'); 36 37 37 if ($widgets_settings) { 38 38 // delete completely any widgets from uninstalled plugins: … … 47 47 } 48 48 } 49 49 50 50 $widgets = $this->getWidgets($h); 51 51 52 52 if ($widgets) { 53 53 $count = 1; 54 54 foreach ($widgets as $widget) { 55 55 56 56 // Assign order number if not already assigned one. 57 57 if (!isset($widgets_settings['widgets'][$widget->widget_function]['order'])) { 58 58 $widgets_settings['widgets'][$widget->widget_function]['order'] = $count; 59 59 } 60 60 61 61 // Assign widget number if not already assigned one. 62 62 if (!isset($widgets_settings['widgets'][$widget->widget_function]['block'])) { 63 63 $widgets_settings['widgets'][$widget->widget_function]['block'] = 1; 64 64 } 65 65 66 66 // Enable the widget if enabled status is not currently set... 67 67 if (!isset($widgets_settings['widgets'][$widget->widget_function]['enabled'])) { 68 68 $widgets_settings['widgets'][$widget->widget_function]['enabled'] = true; 69 69 } 70 70 71 71 // But! Disable it if the plugin for that widget is not currently active. 72 if (!$h->isActive($widget->widget_plugin) 72 if (!$h->isActive($widget->widget_plugin)) { 73 73 $widgets_settings['widgets'][$widget->widget_function]['enabled'] = false; 74 74 } 75 75 76 76 // Add plugin name, function suffix and arguments to widget_settings: 77 77 $widgets_settings['widgets'][$widget->widget_function]['plugin'] = $widget->widget_plugin; … … 79 79 $widgets_settings['widgets'][$widget->widget_function]['function'] = $widget->widget_function; 80 80 $widgets_settings['widgets'][$widget->widget_function]['args'] = $widget->widget_args; 81 81 82 82 $count++; 83 83 } 84 84 } 85 85 86 86 $h->updateSetting('widgets_settings', serialize($widgets_settings), 'widgets'); 87 87 } 88 89 88 90 89 /** 91 90 * Add widget … … 100 99 $sql = "SELECT count(widget_id) FROM " . DB_PREFIX . "widgets WHERE widget_plugin = %s AND widget_function = %s AND widget_args = %s"; 101 100 $result = $h->db->get_var($h->db->prepare($sql, $plugin, $function, $args)); 102 101 103 102 if (!$result) { 104 103 $sql = "INSERT INTO " . DB_PREFIX . "widgets (widget_plugin, widget_function, widget_args, widget_updateby) VALUES(%s, %s, %s, %d)"; … … 108 107 $h->db->query("OPTIMIZE TABLE " . DB_PREFIX . "widgets"); 109 108 } 110 111 109 112 110 /** 113 111 * Get widgets from widget db table … … 118 116 { 119 117 $exists = $h->db->table_exists('widgets'); 120 121 if (!$exists) { return false; } 122 123 // Get settings from the database if they exist... 124 $sql = "SELECT widget_plugin, widget_function, widget_args FROM " . DB_PREFIX . 'widgets'; 118 119 if (!$exists) { 120 return false; 121 } 122 123 // Get settings from the database if they exist... 124 $sql = "SELECT widget_plugin, widget_function, widget_args FROM ".DB_PREFIX.'widgets'; 125 125 $widgets_settings = $h->db->get_results($h->db->prepare($sql)); 126 126 return $widgets_settings; 127 127 } 128 129 128 130 129 /** 131 130 * Get widgets from widgets_settings array … … 140 139 { 141 140 // Get settings from the database if they exist... 142 $widgets_settings = $h->getSerializedSettings('widgets'); 143 144 if (!$widgets_settings['widgets']) { return false; } 145 146 $widgets = $widgets_settings['widgets']; // associative array 147 141 $widgets_settings = $h->getSerializedSettings('widgets'); 142 143 if (!$widgets_settings['widgets']) { 144 return false; 145 } 146 147 $widgets = $widgets_settings['widgets']; // associative array 148 148 // return an individual widget 149 if ($widget_name && isset($widgets[$widget_name])) { 150 if (!$h->isActive($widgets[$widget_name]['plugin'])) { 151 return false; 152 } else { 153 return $widgets[$widget_name]; 154 } 155 } 156 157 $widgets = $this->orderWidgets($widgets); 158 149 if ($widget_name && isset($widgets[$widget_name])) { 150 if (!$h->isActive($widgets[$widget_name]['plugin'])) { 151 return false; 152 } else { 153 return $widgets[$widget_name]; 154 } 155 } 156 157 $widgets = $this->orderWidgets($widgets); // sorts plugins by "order" 158 159 159 return $widgets; 160 160 } 161 162 161 163 162 /** 164 163 * Delete a widget from the widget db table … … 172 171 // Cached results tell us the widget's plugin is uninstalled, but if we 173 172 // know the plugin, let's double check before deleting it: 174 $sql = "SELECT plugin_id FROM " . TABLE_PLUGINS ." WHERE plugin_folder = %s";173 $sql = "SELECT plugin_id FROM ".TABLE_PLUGINS." WHERE plugin_folder = %s"; 175 174 $result = $h->db->get_var($h->db->prepare($sql, $plugin)); 176 if ($result) { return false; } //plugin still installed, don't delete 177 } 178 179 // Get settings from the database if they exist... 180 $sql = "DELETE FROM " . DB_PREFIX . "widgets WHERE widget_function = %s"; 175 if ($result) { 176 return false; 177 } //plugin still installed, don't delete 178 } 179 180 // Get settings from the database if they exist... 181 $sql = "DELETE FROM ".DB_PREFIX."widgets WHERE widget_function = %s"; 181 182 $h->db->query($h->db->prepare($sql, $function)); 182 183 $h->db->query("OPTIMIZE TABLE " . TABLE_WIDGETS);184 } 185 183 184 $h->db->query("OPTIMIZE TABLE ".DB_PREFIX."widgets"); 185 } 186 186 187 /** 187 188 * Sort the widgets by order number … … 192 193 public function orderWidgets($widgets = array()) 193 194 { 194 if (!$widgets) { return false; } 195 if (!$widgets) { 196 return false; 197 } 195 198 return sksort($widgets, "order", "int", true); 196 199 } 197 198 200 199 201 /** 200 202 * Get last block … … 205 207 public function getLastWidgetBlock($widgets) 206 208 { 207 if (!$widgets) { return 1; } 208 209 if (!$widgets) { 210 return 1; 211 } 212 209 213 $highest = 1; 210 214 foreach ($widgets as $widget => $details) { 211 if (isset($details['block']) && ($details['block'] > $highest)) { $highest = $details['block']; } 215 if (isset($details['block']) && ($details['block'] > $highest)) { 216 $highest = $details['block']; 217 } 212 218 } 213 219 return $highest; 214 220 } 215 216 221 217 222 /** 218 223 * Get plugin name from widget function name … … 223 228 { 224 229 // Get settings from the database if they exist... 225 $sql = "SELECT widget_plugin FROM " . TABLE_WIDGETS . ' WHERE widget_function = %s LIMIT 1';230 $sql = "SELECT widget_plugin FROM ".DB_PREFIX."widgets WHERE widget_function = %s LIMIT 1"; 226 231 $widget_plugin = $h->db->get_var($h->db->prepare($sql, $function)); 227 232 return $widget_plugin; … … 229 234 230 235 } 231 232 ?>
