class.dc.blog.php @ 3033:5691f5e1ccc6

Visit:

Revision 3033:5691f5e1ccc6, 61.8 KB checked in by franck <carnet.franck.paul@…>, 10 years ago (diff)
Add with or without password filter rather than password order, add also format filter (xhtml, wiki, …). Addresses #1775

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12	if (!defined('DC_RC_PATH')) { return; }
13
14	/**
15	@ingroup DC_CORE
16	@nosubgrouping
17	@brief Dotclear blog class.
18
19	Dotclear blog class instance is provided by dcCore $blog property.
20	*/
21	class dcBlog
22	{
23	/** @var dcCore dcCore instance */
24	protected $core;
25	/** @var connection Database connection object */
26	public $con;
27	/** @var string Database table prefix */
28	public $prefix;
29
30	/** @var string Blog ID */
31	public $id;
32	/** @var string Blog unique ID */
33	public $uid;
34	/** @var string Blog name */
35	public $name;
36	/** @var string Blog description */
37	public $desc;
38	/** @var string Blog URL */
39	public $url;
40	/** @var string Blog host */
41	public $host;
42	/** @var string Blog creation date */
43	public $creadt;
44	/** @var string Blog last update date */
45	public $upddt;
46	/** @var string Blog status */
47	public $status;
48
49	/** @var dcSettings dcSettings object */
50	public $settings;
51	/** @var string Blog theme path */
52	public $themes_path;
53	/** @var string Blog public path */
54	public $public_path;
55
56	private $post_status = array();
57	private $comment_status = array();
58
59	private $categories;
60
61	/** @var boolean Disallow entries password protection */
62	public $without_password = true;
63
64	/**
65	Inits dcBlog object
66
67	@param core <b>dcCore</b> Dotclear core reference
68	@param id <b>string</b> Blog ID
69	*/
70	public function __construct($core, $id)
71	{
72	$this->con =& $core->con;
73	$this->prefix = $core->prefix;
74	$this->core =& $core;
75
76	if (($b = $this->core->getBlog($id)) !== false)
77	{
78	$this->id = $id;
79	$this->uid = $b->blog_uid;
80	$this->name = $b->blog_name;
81	$this->desc = $b->blog_desc;
82	$this->url = $b->blog_url;
83	$this->host = http::getHostFromURL($this->url);
84	$this->creadt = strtotime($b->blog_creadt);
85	$this->upddt = strtotime($b->blog_upddt);
86	$this->status = $b->blog_status;
87
88	$this->settings = new dcSettings($this->core,$this->id);
89
90	$this->themes_path = path::fullFromRoot($this->settings->system->themes_path,DC_ROOT);
91	$this->public_path = path::fullFromRoot($this->settings->system->public_path,DC_ROOT);
92
93	$this->post_status['-2'] = __('Pending');
94	$this->post_status['-1'] = __('Scheduled');
95	$this->post_status['0'] = __('Unpublished');
96	$this->post_status['1'] = __('Published');
97
98	$this->comment_status['-2'] = __('Junk');
99	$this->comment_status['-1'] = __('Pending');
100	$this->comment_status['0'] = __('Unpublished');
101	$this->comment_status['1'] = __('Published');
102
103	# --BEHAVIOR-- coreBlogConstruct
104	$this->core->callBehavior('coreBlogConstruct',$this);
105	}
106	}
107
108	/// @name Common public methods
109	//@{
110	/**
111	Returns blog URL ending with a question mark.
112	*/
113	public function getQmarkURL()
114	{
115	if (substr($this->url,-1) != '?') {
116	return $this->url.'?';
117	}
118
119	return $this->url;
120	}
121
122	/**
123	Reruens jQuery version selected for the blog.
124	*/
125	public function getJsJQuery()
126	{
127	$version = $this->settings->system->jquery_version;
128	if ($version == '') {
129	$version = DC_DEFAULT_JQUERY; // defined in inc/prepend.php
130	}
131	return 'jquery/'.$version;
132	}
133
134	/**
135	Returns an entry status name given to a code. Status are translated, never
136	use it for tests. If status code does not exist, returns <i>unpublished</i>.
137
138	@param s <b>integer</b> Status code
139	@return <b>string</b> Blog status name
140	*/
141	public function getPostStatus($s)
142	{
143	if (isset($this->post_status[$s])) {
144	return $this->post_status[$s];
145	}
146	return $this->post_status['0'];
147	}
148
149	/**
150	Returns an array of available entry status codes and names.
151
152	@return <b>array</b> Simple array with codes in keys and names in value
153	*/
154	public function getAllPostStatus()
155	{
156	return $this->post_status;
157	}
158
159	/**
160	Returns an array of available comment status codes and names.
161
162	@return <b>array</b> Simple array with codes in keys and names in value
163	*/
164	public function getAllCommentStatus()
165	{
166	return $this->comment_status;
167	}
168
169	/**
170	Disallows entries password protection. You need to set it to
171	<var>false</var> while serving a public blog.
172
173	@param v <b>boolean</b>
174	*/
175	public function withoutPassword($v)
176	{
177	$this->without_password = (boolean) $v;
178	}
179	//@}
180
181	/// @name Triggers methods
182	//@{
183	/**
184	Updates blog last update date. Should be called every time you change
185	an element related to the blog.
186	*/
187	public function triggerBlog()
188	{
189	$cur = $this->con->openCursor($this->prefix.'blog');
190
191	$cur->blog_upddt = date('Y-m-d H:i:s');
192
193	$cur->update("WHERE blog_id = '".$this->con->escape($this->id)."' ");
194
195	# --BEHAVIOR-- coreBlogAfterTriggerBlog
196	$this->core->callBehavior('coreBlogAfterTriggerBlog',$cur);
197	}
198
199	/**
200	Updates comment and trackback counters in post table. Should be called
201	every time a comment or trackback is added, removed or changed its status.
202
203	@param id <b>integer</b> Comment ID
204	@param del <b>boolean</b> If comment is delete, set this to true
205	*/
206	public function triggerComment($id,$del=false)
207	{
208	$this->triggerComments($id,$del);
209	}
210
211	/**
212	Updates comments and trackbacks counters in post table. Should be called
213	every time comments or trackbacks are added, removed or changed their status.
214
215	@param ids <b>mixed</b> Comment(s) ID(s)
216	@param del <b>boolean</b> If comment is delete, set this to true
217	@param affected_posts <b>mixed</b> Posts(s) ID(s)
218	*/
219	public function triggerComments($ids, $del=false, $affected_posts=null)
220	{
221	$comments_ids = dcUtils::cleanIds($ids);
222
223	# Get posts affected by comments edition
224	if (empty($affected_posts)) {
225	$strReq =
226	'SELECT post_id '.
227	'FROM '.$this->prefix.'comment '.
228	'WHERE comment_id'.$this->con->in($comments_ids).
229	'GROUP BY post_id';
230
231	$rs = $this->con->select($strReq);
232
233	$affected_posts = array();
234	while ($rs->fetch()) {
235	$affected_posts[] = (integer) $rs->post_id;
236	}
237	}
238
239	if (!is_array($affected_posts) \|\| empty($affected_posts)) {
240	return;
241	}
242
243	# Count number of comments if exists for affected posts
244	$strReq =
245	'SELECT post_id, COUNT(post_id) AS nb_comment, comment_trackback '.
246	'FROM '.$this->prefix.'comment '.
247	'WHERE comment_status = 1 '.
248	'AND post_id'.$this->con->in($affected_posts).
249	'GROUP BY post_id,comment_trackback';
250
251	$rs = $this->con->select($strReq);
252
253	$posts = array();
254	while ($rs->fetch()) {
255	if ($rs->comment_trackback) {
256	$posts[$rs->post_id]['trackback'] = $rs->nb_comment;
257	} else {
258	$posts[$rs->post_id]['comment'] = $rs->nb_comment;
259	}
260	}
261
262	# Update number of comments on affected posts
263	$cur = $this->con->openCursor($this->prefix.'post');
264	foreach($affected_posts as $post_id)
265	{
266	$cur->clean();
267
268	if (!array_key_exists($post_id,$posts)) {
269	$cur->nb_trackback = 0;
270	$cur->nb_comment = 0;
271	} else {
272	$cur->nb_trackback = empty($posts[$post_id]['trackback']) ? 0 : $posts[$post_id]['trackback'];
273	$cur->nb_comment = empty($posts[$post_id]['comment']) ? 0 : $posts[$post_id]['comment'];
274	}
275
276	$cur->update('WHERE post_id = '.$post_id);
277	}
278	}
279	//@}
280
281	/// @name Categories management methods
282	//@{
283	public function categories()
284	{
285	if (!($this->categories instanceof dcCategories)) {
286	$this->categories = new dcCategories($this->core);
287	}
288
289	return $this->categories;
290	}
291
292	/**
293	Retrieves categories. <var>$params</var> is an associative array which can
294	take the following parameters:
295
296	- post_type: Get only entries with given type (default "post")
297	- cat_url: filter on cat_url field
298	- cat_id: filter on cat_id field
299	- start: start with a given category
300	- level: categories level to retrieve
301
302	@param params <b>array</b> Parameters
303	@return <b>record</b>
304	*/
305	public function getCategories($params=array())
306	{
307	$c_params = array();
308	if (isset($params['post_type'])) {
309	$c_params['post_type'] = $params['post_type'];
310	unset($params['post_type']);
311	}
312	$counter = $this->getCategoriesCounter($c_params);
313
314	if (isset($params['without_empty']) && ($params['without_empty'] == false)) {
315	$without_empty = false;
316	} else {
317	$without_empty = $this->core->auth->userID() == false; # Get all categories if in admin display
318	}
319
320	$start = isset($params['start']) ? (integer) $params['start'] : 0;
321	$l = isset($params['level']) ? (integer) $params['level'] : 0;
322
323	$rs = $this->categories()->getChildren($start,null,'desc');
324
325	# Get each categories total posts count
326	$data = array();
327	$stack = array();
328	$level = 0;
329	$cols = $rs->columns();
330	while ($rs->fetch())
331	{
332	$nb_post = isset($counter[$rs->cat_id]) ? (integer) $counter[$rs->cat_id] : 0;
333
334	if ($rs->level > $level) {
335	$nb_total = $nb_post;
336	$stack[$rs->level] = (integer) $nb_post;
337	} elseif ($rs->level == $level) {
338	$nb_total = $nb_post;
339	$stack[$rs->level] += $nb_post;
340	} else {
341	$nb_total = $stack[$rs->level+1] + $nb_post;
342	if (isset($stack[$rs->level])) {
343	$stack[$rs->level] += $nb_total;
344	} else {
345	$stack[$rs->level] = $nb_total;
346	}
347	unset($stack[$rs->level+1]);
348	}
349
350	if ($nb_total == 0 && $without_empty) {
351	continue;
352	}
353
354	$level = $rs->level;
355
356	$t = array();
357	foreach ($cols as $c) {
358	$t[$c] = $rs->f($c);
359	}
360	$t['nb_post'] = $nb_post;
361	$t['nb_total'] = $nb_total;
362
363	if ($l == 0 \|\| ($l > 0 && $l == $rs->level)) {
364	array_unshift($data,$t);
365	}
366	}
367
368	# We need to apply filter after counting
369	if (isset($params['cat_id']) && $params['cat_id'] !== '')
370	{
371	$found = false;
372	foreach ($data as $v) {
373	if ($v['cat_id'] == $params['cat_id']) {
374	$found = true;
375	$data = array($v);
376	break;
377	}
378	}
379	if (!$found) {
380	$data = array();
381	}
382	}
383
384	if (isset($params['cat_url']) && ($params['cat_url'] !== '')
385	&& !isset($params['cat_id']))
386	{
387	$found = false;
388	foreach ($data as $v) {
389	if ($v['cat_url'] == $params['cat_url']) {
390	$found = true;
391	$data = array($v);
392	break;
393	}
394	}
395	if (!$found) {
396	$data = array();
397	}
398	}
399
400	return staticRecord::newFromArray($data);
401	}
402
403	/**
404	Retrieves a category by its ID.
405
406	@param id <b>integer</b> Category ID
407	@return <b>record</b>
408	*/
409	public function getCategory($id)
410	{
411	return $this->getCategories(array('cat_id' => $id));
412	}
413
414	/**
415	Retrieves parents of a given category.
416
417	@param id <b>integer</b> Category ID
418	@return <b>record</b>
419	*/
420	public function getCategoryParents($id)
421	{
422	return $this->categories()->getParents($id);
423	}
424
425	/**
426	Retrieves first parent of a given category.
427
428	@param id <b>integer</b> Category ID
429	@return <b>record</b>
430	*/
431	public function getCategoryParent($id)
432	{
433	return $this->categories()->getParent($id);
434	}
435
436	/**
437	Retrieves all category's first children
438
439	@param id <b>integer</b> Category ID
440	@return <b>record</b>
441	*/
442	public function getCategoryFirstChildren($id)
443	{
444	return $this->getCategories(array('start' => $id,'level' => $id == 0 ? 1 : 2));
445	}
446
447	private function getCategoriesCounter($params=array())
448	{
449	$strReq =
450	'SELECT C.cat_id, COUNT(P.post_id) AS nb_post '.
451	'FROM '.$this->prefix.'category AS C '.
452	'JOIN '.$this->prefix."post P ON (C.cat_id = P.cat_id AND P.blog_id = '".$this->con->escape($this->id)."' ) ".
453	"WHERE C.blog_id = '".$this->con->escape($this->id)."' ";
454
455	if (!$this->core->auth->userID()) {
456	$strReq .= 'AND P.post_status = 1 ';
457	}
458
459	if (!empty($params['post_type'])) {
460	$strReq .= 'AND P.post_type '.$this->con->in($params['post_type']);
461	}
462
463	$strReq .= 'GROUP BY C.cat_id ';
464
465	$rs = $this->con->select($strReq);
466	$counters = array();
467	while ($rs->fetch()) {
468	$counters[$rs->cat_id] = $rs->nb_post;
469	}
470
471	return $counters;
472	}
473
474	/**
475	Creates a new category. Takes a cursor as input and returns the new category
476	ID.
477
478	@param cur <b>cursor</b> Category cursor
479	@return <b>integer</b> New category ID
480	*/
481	public function addCategory($cur,$parent=0)
482	{
483	if (!$this->core->auth->check('categories',$this->id)) {
484	throw new Exception(__('You are not allowed to add categories'));
485	}
486
487	$url = array();
488	if ($parent != 0)
489	{
490	$rs = $this->getCategory($parent);
491	if ($rs->isEmpty()) {
492	$url = array();
493	} else {
494	$url[] = $rs->cat_url;
495	}
496	}
497
498	if ($cur->cat_url == '') {
499	$url[] = text::tidyURL($cur->cat_title,false);
500	} else {
501	$url[] = $cur->cat_url;
502	}
503
504	$cur->cat_url = implode('/',$url);
505
506	$this->getCategoryCursor($cur);
507	$cur->blog_id = (string) $this->id;
508
509	# --BEHAVIOR-- coreBeforeCategoryCreate
510	$this->core->callBehavior('coreBeforeCategoryCreate',$this,$cur);
511
512	$id = $this->categories()->addNode($cur,$parent);
513	# Update category's cursor
514	$rs = $this->getCategory($id);
515	if (!$rs->isEmpty()) {
516	$cur->cat_lft = $rs->cat_lft;
517	$cur->cat_rgt = $rs->cat_rgt;
518	}
519
520	# --BEHAVIOR-- coreAfterCategoryCreate
521	$this->core->callBehavior('coreAfterCategoryCreate',$this,$cur);
522	$this->triggerBlog();
523
524	return $cur->cat_id;
525	}
526
527	/**
528	Updates an existing category.
529
530	@param id <b>integer</b> Category ID
531	@param cur <b>cursor</b> Category cursor
532	*/
533	public function updCategory($id,$cur)
534	{
535	if (!$this->core->auth->check('categories',$this->id)) {
536	throw new Exception(__('You are not allowed to update categories'));
537	}
538
539	if ($cur->cat_url == '')
540	{
541	$url = array();
542	$rs = $this->categories()->getParents($id);
543	while ($rs->fetch()) {
544	if ($rs->index() == $rs->count()-1) {
545	$url[] = $rs->cat_url;
546	}
547	}
548
549
550	$url[] = text::tidyURL($cur->cat_title,false);
551	$cur->cat_url = implode('/',$url);
552	}
553
554	$this->getCategoryCursor($cur,$id);
555
556	# --BEHAVIOR-- coreBeforeCategoryUpdate
557	$this->core->callBehavior('coreBeforeCategoryUpdate',$this,$cur);
558
559	$cur->update(
560	'WHERE cat_id = '.(integer) $id.' '.
561	"AND blog_id = '".$this->con->escape($this->id)."' ");
562
563	# --BEHAVIOR-- coreAfterCategoryUpdate
564	$this->core->callBehavior('coreAfterCategoryUpdate',$this,$cur);
565
566	$this->triggerBlog();
567	}
568
569	/**
570	Set category position
571
572	@param id <b>integer</b> Category ID
573	@param left <b>integer</b> Category ID before
574	@param right <b>integer</b> Category ID after
575	*/
576	public function updCategoryPosition($id,$left,$right)
577	{
578	$this->categories()->updatePosition($id,$left,$right);
579	$this->triggerBlog();
580	}
581
582	/**
583	DEPRECATED METHOD. Use dcBlog::setCategoryParent and dcBlog::moveCategory
584	instead.
585
586	@param id <b>integer</b> Category ID
587	@param order <b>integer</b> Category position
588	*/
589	public function updCategoryOrder($id,$order)
590	{
591	return;
592	}
593
594	/**
595	Set a category parent
596
597	@param id <b>integer</b> Category ID
598	@param parent <b>integer</b> Parent Category ID
599	*/
600	public function setCategoryParent($id,$parent)
601	{
602	$this->categories()->setNodeParent($id,$parent);
603	$this->triggerBlog();
604	}
605
606	/**
607	Set category position
608
609	@param id <b>integer</b> Category ID
610	@param sibling <b>integer</b> Sibling Category ID
611	@param move <b>integer</b> Order (before\|after)
612	*/
613	public function setCategoryPosition($id,$sibling,$move)
614	{
615	$this->categories()->setNodePosition($id,$sibling,$move);
616	$this->triggerBlog();
617	}
618
619	/**
620	Deletes a category.
621
622	@param id <b>integer</b> Category ID
623	*/
624	public function delCategory($id)
625	{
626	if (!$this->core->auth->check('categories',$this->id)) {
627	throw new Exception(__('You are not allowed to delete categories'));
628	}
629
630	$strReq = 'SELECT COUNT(post_id) AS nb_post '.
631	'FROM '.$this->prefix.'post '.
632	'WHERE cat_id = '.(integer) $id.' '.
633	"AND blog_id = '".$this->con->escape($this->id)."' ";
634
635	$rs = $this->con->select($strReq);
636
637	if ($rs->nb_post > 0) {
638	throw new Exception(__('This category is not empty.'));
639	}
640
641	$this->categories()->deleteNode($id,true);
642	$this->triggerBlog();
643	}
644
645	/**
646	Reset categories order and relocate them to first level
647	*/
648	public function resetCategoriesOrder()
649	{
650	if (!$this->core->auth->check('categories',$this->id)) {
651	throw new Exception(__('You are not allowed to reset categories order'));
652	}
653
654	$this->categories()->resetOrder();
655	$this->triggerBlog();
656	}
657
658	private function checkCategory($title,$url,$id=null)
659	{
660	# Let's check if URL is taken...
661	$strReq =
662	'SELECT cat_url FROM '.$this->prefix.'category '.
663	"WHERE cat_url = '".$this->con->escape($url)."' ".
664	($id ? 'AND cat_id <> '.(integer) $id. ' ' : '').
665	"AND blog_id = '".$this->con->escape($this->id)."' ".
666	'ORDER BY cat_url DESC';
667
668	$rs = $this->con->select($strReq);
669
670	if (!$rs->isEmpty())
671	{
672	if ($this->con->driver() == 'mysql' \|\| $this->con->driver() == 'mysqli') {
673	$clause = "REGEXP '^".$this->con->escape($url)."[0-9]+$'";
674	} elseif ($this->con->driver() == 'pgsql') {
675	$clause = "~ '^".$this->con->escape($url)."[0-9]+$'";
676	} else {
677	$clause = "LIKE '".$this->con->escape($url)."%'";
678	}
679	$strReq =
680	'SELECT cat_url FROM '.$this->prefix.'category '.
681	"WHERE cat_url ".$clause.' '.
682	($id ? 'AND cat_id <> '.(integer) $id. ' ' : '').
683	"AND blog_id = '".$this->con->escape($this->id)."' ".
684	'ORDER BY cat_url DESC ';
685
686	$rs = $this->con->select($strReq);
687	$a = array();
688	while ($rs->fetch()) {
689	$a[] = $rs->cat_url;
690	}
691
692	natsort($a);
693	$t_url = end($a);
694
695	if (preg_match('/(.*?)([0-9]+)$/',$t_url,$m)) {
696	$i = (integer) $m[2];
697	$url = $m[1];
698	} else {
699	$i = 1;
700	}
701
702	return $url.($i+1);
703	}
704
705	# URL is empty?
706	if ($url == '') {
707	throw new Exception(__('Empty category URL'));
708	}
709
710	return $url;
711	}
712
713	private function getCategoryCursor($cur,$id=null)
714	{
715	if ($cur->cat_title == '') {
716	throw new Exception(__('You must provide a category title'));
717	}
718
719	# If we don't have any cat_url, let's do one
720	if ($cur->cat_url == '') {
721	$cur->cat_url = text::tidyURL($cur->cat_title,false);
722	}
723
724	# Still empty ?
725	if ($cur->cat_url == '') {
726	throw new Exception(__('You must provide a category URL'));
727	} else {
728	$cur->cat_url = text::tidyURL($cur->cat_url,true);
729	}
730
731	# Check if title or url are unique
732	$cur->cat_url = $this->checkCategory($cur->cat_title,$cur->cat_url,$id);
733
734	if ($cur->cat_desc !== null) {
735	$cur->cat_desc = $this->core->HTMLfilter($cur->cat_desc);
736	}
737	}
738	//@}
739
740	/// @name Entries management methods
741	//@{
742	/**
743	Retrieves entries. <b>$params</b> is an array taking the following
744	optionnal parameters:
745
746	- no_content: Don't retrieve entry content (excerpt and content)
747	- post_type: Get only entries with given type (default "post", array for many types and '' for no type)
748	- post_id: (integer or array) Get entry with given post_id
749	- post_url: Get entry with given post_url field
750	- user_id: (integer) Get entries belonging to given user ID
751	- cat_id: (string or array) Get entries belonging to given category ID
752	- cat_id_not: deprecated (use cat_id with "id ?not" instead)
753	- cat_url: (string or array) Get entries belonging to given category URL
754	- cat_url_not: deprecated (use cat_url with "url ?not" instead)
755	- post_status: (integer) Get entries with given post_status
756	- post_selected: (boolean) Get select flaged entries
757	- post_year: (integer) Get entries with given year
758	- post_month: (integer) Get entries with given month
759	- post_day: (integer) Get entries with given day
760	- post_lang: Get entries with given language code
761	- search: Get entries corresponding of the following search string
762	- columns: (array) More columns to retrieve
763	- sql: Append SQL string at the end of the query
764	- from: Append SQL string after "FROM" statement in query
765	- order: Order of results (default "ORDER BY post_dt DES")
766	- limit: Limit parameter
767	- sql_only : return the sql request instead of results. Only ids are selected
768	- exclude_post_id : (integer or array) Exclude entries with given post_id
769
770	Please note that on every cat_id or cat_url, you can add ?not to exclude
771	the category and ?sub to get subcategories.
772
773	@param params <b>array</b> Parameters
774	@param count_only <b>boolean</b> Only counts results
775	@return <b>record</b> A record with some more capabilities or the SQL request
776	*/
777	public function getPosts($params=array(),$count_only=false)
778	{
779	# --BEHAVIOR-- coreBlogBeforeGetPosts
780	$params = new ArrayObject($params);
781	$this->core->callBehavior('coreBlogBeforeGetPosts',$params);
782
783	if ($count_only)
784	{
785	$strReq = 'SELECT count(DISTINCT P.post_id) ';
786	}
787	elseif (!empty($params['sql_only']))
788	{
789	$strReq = 'SELECT P.post_id ';
790	}
791	else
792	{
793	if (!empty($params['no_content'])) {
794	$content_req = '';
795	} else {
796	$content_req =
797	'post_excerpt, post_excerpt_xhtml, '.
798	'post_content, post_content_xhtml, post_notes, ';
799	}
800
801	if (!empty($params['columns']) && is_array($params['columns'])) {
802	$content_req .= implode(', ',$params['columns']).', ';
803	}
804
805
806	$strReq =
807	'SELECT P.post_id, P.blog_id, P.user_id, P.cat_id, post_dt, '.
808	'post_tz, post_creadt, post_upddt, post_format, post_password, '.
809	'post_url, post_lang, post_title, '.$content_req.
810	'post_type, post_meta, post_status, post_selected, post_position, '.
811	'post_open_comment, post_open_tb, nb_comment, nb_trackback, '.
812	'U.user_name, U.user_firstname, U.user_displayname, U.user_email, '.
813	'U.user_url, '.
814	'C.cat_title, C.cat_url, C.cat_desc ';
815	}
816
817	$strReq .=
818	'FROM '.$this->prefix.'post P '.
819	'INNER JOIN '.$this->prefix.'user U ON U.user_id = P.user_id '.
820	'LEFT OUTER JOIN '.$this->prefix.'category C ON P.cat_id = C.cat_id ';
821
822	if (!empty($params['from'])) {
823	$strReq .= $params['from'].' ';
824	}
825
826	$strReq .=
827	"WHERE P.blog_id = '".$this->con->escape($this->id)."' ";
828
829	if (!$this->core->auth->check('contentadmin',$this->id)) {
830	$strReq .= 'AND ((post_status = 1 ';
831
832	if ($this->without_password) {
833	$strReq .= 'AND post_password IS NULL ';
834	}
835	$strReq .= ') ';
836
837	if ($this->core->auth->userID()) {
838	$strReq .= "OR P.user_id = '".$this->con->escape($this->core->auth->userID())."')";
839	} else {
840	$strReq .= ') ';
841	}
842	}
843
844	#Adding parameters
845	if (isset($params['post_type']))
846	{
847	if (is_array($params['post_type']) \|\| $params['post_type'] != '') {
848	$strReq .= 'AND post_type '.$this->con->in($params['post_type']);
849	}
850	}
851	else
852	{
853	$strReq .= "AND post_type = 'post' ";
854	}
855
856	if (isset($params['post_id']) && $params['post_id'] !== '') {
857	if (is_array($params['post_id'])) {
858	array_walk($params['post_id'],create_function('&$v,$k','if($v!==null){$v=(integer)$v;}'));
859	} else {
860	$params['post_id'] = array((integer) $params['post_id']);
861	}
862	$strReq .= 'AND P.post_id '.$this->con->in($params['post_id']);
863	}
864
865	if (isset($params['exclude_post_id']) && $params['exclude_post_id'] !== '') {
866	if (is_array($params['exclude_post_id'])) {
867	array_walk($params['exclude_post_id'],create_function('&$v,$k','if($v!==null){$v=(integer)$v;}'));
868	} else {
869	$params['exclude_post_id'] = array((integer) $params['exclude_post_id']);
870	}
871	$strReq .= 'AND P.post_id NOT '.$this->con->in($params['exclude_post_id']);
872	}
873
874	if (isset($params['post_url']) && $params['post_url'] !== '') {
875	$strReq .= "AND post_url = '".$this->con->escape($params['post_url'])."' ";
876	}
877
878	if (!empty($params['user_id'])) {
879	$strReq .= "AND U.user_id = '".$this->con->escape($params['user_id'])."' ";
880	}
881
882	if (isset($params['cat_id']) && $params['cat_id'] !== '')
883	{
884	if (!is_array($params['cat_id'])) {
885	$params['cat_id'] = array($params['cat_id']);
886	}
887	if (!empty($params['cat_id_not'])) {
888	array_walk($params['cat_id'],create_function('&$v,$k','$v=$v." ?not";'));
889	}
890	$strReq .= 'AND '.$this->getPostsCategoryFilter($params['cat_id'],'cat_id').' ';
891	}
892	elseif (isset($params['cat_url']) && $params['cat_url'] !== '')
893	{
894	if (!is_array($params['cat_url'])) {
895	$params['cat_url'] = array($params['cat_url']);
896	}
897	if (!empty($params['cat_url_not'])) {
898	array_walk($params['cat_url'],create_function('&$v,$k','$v=$v." ?not";'));
899	}
900	$strReq .= 'AND '.$this->getPostsCategoryFilter($params['cat_url'],'cat_url').' ';
901	}
902
903	/* Other filters */
904	if (isset($params['post_status'])) {
905	$strReq .= 'AND post_status = '.(integer) $params['post_status'].' ';
906	}
907
908	if (isset($params['post_selected'])) {
909	$strReq .= 'AND post_selected = '.(integer) $params['post_selected'].' ';
910	}
911
912	if (!empty($params['post_year'])) {
913	$strReq .= 'AND '.$this->con->dateFormat('post_dt','%Y').' = '.
914	"'".sprintf('%04d',$params['post_year'])."' ";
915	}
916
917	if (!empty($params['post_month'])) {
918	$strReq .= 'AND '.$this->con->dateFormat('post_dt','%m').' = '.
919	"'".sprintf('%02d',$params['post_month'])."' ";
920	}
921
922	if (!empty($params['post_day'])) {
923	$strReq .= 'AND '.$this->con->dateFormat('post_dt','%d').' = '.
924	"'".sprintf('%02d',$params['post_day'])."' ";
925	}
926
927	if (!empty($params['post_lang'])) {
928	$strReq .= "AND P.post_lang = '".$this->con->escape($params['post_lang'])."' ";
929	}
930
931	if (!empty($params['search']))
932	{
933	$words = text::splitWords($params['search']);
934
935	if (!empty($words))
936	{
937	# --BEHAVIOR-- corePostSearch
938	if ($this->core->hasBehavior('corePostSearch')) {
939	$this->core->callBehavior('corePostSearch',$this->core,array(&$words,&$strReq,&$params));
940	}
941
942	if ($words)
943	{
944	foreach ($words as $i => $w) {
945	$words[$i] = "post_words LIKE '%".$this->con->escape($w)."%'";
946	}
947	$strReq .= 'AND '.implode(' AND ',$words).' ';
948	}
949	}
950	}
951
952	if (isset($params['media'])) {
953	if ($params['media'] == '0') {
954	$strReq .= 'AND NOT ';
955	} else {
956	$strReq .= 'AND ';
957	}
958	$strReq .= 'EXISTS (SELECT M.post_id FROM '.$this->prefix.'post_media M '.
959	'WHERE M.post_id = P.post_id ';
960	if (isset($params['link_type'])) {
961	$strReq .= " AND M.link_type ".$this->con->in($params['link_type'])." ";
962	}
963	$strReq .= ")";
964	}
965
966	if (!empty($params['where'])) {
967	$strReq .= $params['where'].' ';
968	}
969
970	if (!empty($params['sql'])) {
971	$strReq .= $params['sql'].' ';
972	}
973
974	if (!$count_only)
975	{
976	if (!empty($params['order'])) {
977	$strReq .= 'ORDER BY '.$this->con->escape($params['order']).' ';
978	} else {
979	$strReq .= 'ORDER BY post_dt DESC ';
980	}
981	}
982
983	if (!$count_only && !empty($params['limit'])) {
984	$strReq .= $this->con->limit($params['limit']);
985	}
986
987	if (!empty($params['sql_only'])) {
988	return $strReq;
989	}
990
991	$rs = $this->con->select($strReq);
992	$rs->core = $this->core;
993	$rs->_nb_media = array();
994	$rs->extend('rsExtPost');
995
996	# --BEHAVIOR-- coreBlogGetPosts
997	$this->core->callBehavior('coreBlogGetPosts',$rs);
998
999	return $rs;
1000	}
1001
1002	/**
1003	Returns a record with post id, title and date for next or previous post
1004	according to the post ID.
1005	$dir could be 1 (next post) or -1 (previous post).
1006
1007	@param post_id <b>integer</b> Post ID
1008	@param dir <b>integer</b> Search direction
1009	@param restrict_to_category <b>boolean</b> Restrict to post with same category
1010	@param restrict_to_lang <b>boolean</b> Restrict to post with same lang
1011	@return record
1012	*/
1013	public function getNextPost($post,$dir,$restrict_to_category=false, $restrict_to_lang=false)
1014	{
1015	$dt = $post->post_dt;
1016	$post_id = (integer) $post->post_id;
1017
1018	if($dir > 0) {
1019	$sign = '>';
1020	$order = 'ASC';
1021	}
1022	else {
1023	$sign = '<';
1024	$order = 'DESC';
1025	}
1026
1027	$params['post_type'] = $post->post_type;
1028	$params['limit'] = 1;
1029	$params['order'] = 'post_dt '.$order.', P.post_id '.$order;
1030	$params['sql'] =
1031	'AND ( '.
1032	" (post_dt = '".$this->con->escape($dt)."' AND P.post_id ".$sign." ".$post_id.") ".
1033	" OR post_dt ".$sign." '".$this->con->escape($dt)."' ".
1034	') ';
1035
1036	if ($restrict_to_category) {
1037	$params['sql'] .= $post->cat_id ? 'AND P.cat_id = '.(integer) $post->cat_id.' ' : 'AND P.cat_id IS NULL ';
1038	}
1039
1040	if ($restrict_to_lang) {
1041	$params['sql'] .= $post->post_lang ? 'AND P.post_lang = \''. $this->con->escape($post->post_lang) .'\' ': 'AND P.post_lang IS NULL ';
1042	}
1043
1044	$rs = $this->getPosts($params);
1045
1046	if ($rs->isEmpty()) {
1047	return null;
1048	}
1049
1050	return $rs;
1051	}
1052
1053	/**
1054	Retrieves different languages and post count on blog, based on post_lang
1055	field. <var>$params</var> is an array taking the following optionnal
1056	parameters:
1057
1058	- post_type: Get only entries with given type (default "post", '' for no type)
1059	- lang: retrieve post count for selected lang
1060	- order: order statement (default post_lang DESC)
1061
1062	@param params <b>array</b> Parameters
1063	@return record
1064	*/
1065	public function getLangs($params=array())
1066	{
1067	$strReq = 'SELECT COUNT(post_id) as nb_post, post_lang '.
1068	'FROM '.$this->prefix.'post '.
1069	"WHERE blog_id = '".$this->con->escape($this->id)."' ".
1070	"AND post_lang <> '' ".
1071	"AND post_lang IS NOT NULL ";
1072
1073	if (!$this->core->auth->check('contentadmin',$this->id)) {
1074	$strReq .= 'AND ((post_status = 1 ';
1075
1076	if ($this->without_password) {
1077	$strReq .= 'AND post_password IS NULL ';
1078	}
1079	$strReq .= ') ';
1080
1081	if ($this->core->auth->userID()) {
1082	$strReq .= "OR user_id = '".$this->con->escape($this->core->auth->userID())."')";
1083	} else {
1084	$strReq .= ') ';
1085	}
1086	}
1087
1088	if (isset($params['post_type'])) {
1089	if ($params['post_type'] != '') {
1090	$strReq .= "AND post_type = '".$this->con->escape($params['post_type'])."' ";
1091	}
1092	} else {
1093	$strReq .= "AND post_type = 'post' ";
1094	}
1095
1096	if (isset($params['lang'])) {
1097	$strReq .= "AND post_lang = '".$this->con->escape($params['lang'])."' ";
1098	}
1099
1100	$strReq .= 'GROUP BY post_lang ';
1101
1102	$order = 'desc';
1103	if (!empty($params['order']) && preg_match('/^(desc\|asc)$/i',$params['order'])) {
1104	$order = $params['order'];
1105	}
1106	$strReq .= 'ORDER BY post_lang '.$order.' ';
1107
1108	return $this->con->select($strReq);
1109	}
1110
1111	/**
1112	Returns a record with all distinct blog dates and post count.
1113	<var>$params</var> is an array taking the following optionnal parameters:
1114
1115	- type: (day\|month\|year) Get days, months or years
1116	- year: (integer) Get dates for given year
1117	- month: (integer) Get dates for given month
1118	- day: (integer) Get dates for given day
1119	- cat_id: (integer) Category ID filter
1120	- cat_url: Category URL filter
1121	- post_lang: lang of the posts
1122	- next: Get date following match
1123	- previous: Get date before match
1124	- order: Sort by date "ASC" or "DESC"
1125
1126	@param params <b>array</b> Parameters array
1127	@return record
1128	*/
1129	public function getDates($params=array())
1130	{
1131	$dt_f = '%Y-%m-%d';
1132	$dt_fc = '%Y%m%d';
1133	if (isset($params['type'])) {
1134	if ($params['type'] == 'year') {
1135	$dt_f = '%Y-01-01';
1136	$dt_fc = '%Y0101';
1137	} elseif ($params['type'] == 'month') {
1138	$dt_f = '%Y-%m-01';
1139	$dt_fc = '%Y%m01';
1140	}
1141	}
1142	$dt_f .= ' 00:00:00';
1143	$dt_fc .= '000000';
1144
1145	$cat_field = $catReq = $limit = '';
1146
1147	if (isset($params['cat_id']) && $params['cat_id'] !== '') {
1148	$catReq = 'AND P.cat_id = '.(integer) $params['cat_id'].' ';
1149	$cat_field = ', C.cat_url ';
1150	} elseif (isset($params['cat_url']) && $params['cat_url'] !== '') {
1151	$catReq = "AND C.cat_url = '".$this->con->escape($params['cat_url'])."' ";
1152	$cat_field = ', C.cat_url ';
1153	}
1154	if (!empty($params['post_lang'])) {
1155	$catReq = 'AND P.post_lang = \''. $params['post_lang'].'\' ';
1156	}
1157
1158	$strReq = 'SELECT DISTINCT('.$this->con->dateFormat('post_dt',$dt_f).') AS dt '.
1159	$cat_field.
1160	',COUNT(P.post_id) AS nb_post '.
1161	'FROM '.$this->prefix.'post P LEFT JOIN '.$this->prefix.'category C '.
1162	'ON P.cat_id = C.cat_id '.
1163	"WHERE P.blog_id = '".$this->con->escape($this->id)."' ".
1164	$catReq;
1165
1166	if (!$this->core->auth->check('contentadmin',$this->id)) {
1167	$strReq .= 'AND ((post_status = 1 ';
1168
1169	if ($this->without_password) {
1170	$strReq .= 'AND post_password IS NULL ';
1171	}
1172	$strReq .= ') ';
1173
1174	if ($this->core->auth->userID()) {
1175	$strReq .= "OR P.user_id = '".$this->con->escape($this->core->auth->userID())."')";
1176	} else {
1177	$strReq .= ') ';
1178	}
1179	}
1180
1181	if (!empty($params['post_type'])) {
1182	$strReq .= "AND post_type ".$this->con->in($params['post_type'])." ";
1183	} else {
1184	$strReq .= "AND post_type = 'post' ";
1185	}
1186
1187	if (!empty($params['year'])) {
1188	$strReq .= 'AND '.$this->con->dateFormat('post_dt','%Y')." = '".sprintf('%04d',$params['year'])."' ";
1189	}
1190
1191	if (!empty($params['month'])) {
1192	$strReq .= 'AND '.$this->con->dateFormat('post_dt','%m')." = '".sprintf('%02d',$params['month'])."' ";
1193	}
1194
1195	if (!empty($params['day'])) {
1196	$strReq .= 'AND '.$this->con->dateFormat('post_dt','%d')." = '".sprintf('%02d',$params['day'])."' ";
1197	}
1198
1199	# Get next or previous date
1200	if (!empty($params['next']) \|\| !empty($params['previous']))
1201	{
1202	if (!empty($params['next'])) {
1203	$pdir = ' > ';
1204	$params['order'] = 'asc';
1205	$dt = $params['next'];
1206	} else {
1207	$pdir = ' < ';
1208	$params['order'] = 'desc';
1209	$dt = $params['previous'];
1210	}
1211
1212	$dt = date('YmdHis',strtotime($dt));
1213
1214	$strReq .= 'AND '.$this->con->dateFormat('post_dt',$dt_fc).$pdir."'".$dt."' ";
1215	$limit = $this->con->limit(1);
1216	}
1217
1218	$strReq .= 'GROUP BY dt '.$cat_field;
1219
1220	$order = 'desc';
1221	if (!empty($params['order']) && preg_match('/^(desc\|asc)$/i',$params['order'])) {
1222	$order = $params['order'];
1223	}
1224
1225	$strReq .=
1226	'ORDER BY dt '.$order.' '.
1227	$limit;
1228
1229	$rs = $this->con->select($strReq);
1230	$rs->extend('rsExtDates');
1231	return $rs;
1232	}
1233
1234	/**
1235	Creates a new entry. Takes a cursor as input and returns the new entry
1236	ID.
1237
1238	@param cur <b>cursor</b> Post cursor
1239	@return <b>integer</b> New post ID
1240	*/
1241	public function addPost($cur)
1242	{
1243	if (!$this->core->auth->check('usage,contentadmin',$this->id)) {
1244	throw new Exception(__('You are not allowed to create an entry'));
1245	}
1246
1247	$this->con->writeLock($this->prefix.'post');
1248	try
1249	{
1250	# Get ID
1251	$rs = $this->con->select(
1252	'SELECT MAX(post_id) '.
1253	'FROM '.$this->prefix.'post '
1254	);
1255
1256	$cur->post_id = (integer) $rs->f(0) + 1;
1257	$cur->blog_id = (string) $this->id;
1258	$cur->post_creadt = date('Y-m-d H:i:s');
1259	$cur->post_upddt = date('Y-m-d H:i:s');
1260	$cur->post_tz = $this->core->auth->getInfo('user_tz');
1261
1262	# Post excerpt and content
1263	$this->getPostContent($cur,$cur->post_id);
1264
1265	$this->getPostCursor($cur);
1266
1267	$cur->post_url = $this->getPostURL($cur->post_url,$cur->post_dt,$cur->post_title,$cur->post_id);
1268
1269	if (!$this->core->auth->check('publish,contentadmin',$this->id)) {
1270	$cur->post_status = -2;
1271	}
1272
1273	# --BEHAVIOR-- coreBeforePostCreate
1274	$this->core->callBehavior('coreBeforePostCreate',$this,$cur);
1275
1276	$cur->insert();
1277	$this->con->unlock();
1278	}
1279	catch (Exception $e)
1280	{
1281	$this->con->unlock();
1282	throw $e;
1283	}
1284
1285	# --BEHAVIOR-- coreAfterPostCreate
1286	$this->core->callBehavior('coreAfterPostCreate',$this,$cur);
1287
1288	$this->triggerBlog();
1289
1290	return $cur->post_id;
1291	}
1292
1293	/**
1294	Updates an existing post.
1295
1296	@param id <b>integer</b> Post ID
1297	@param cur <b>cursor</b> Post cursor
1298	*/
1299	public function updPost($id,$cur)
1300	{
1301	if (!$this->core->auth->check('usage,contentadmin',$this->id)) {
1302	throw new Exception(__('You are not allowed to update entries'));
1303	}
1304
1305	$id = (integer) $id;
1306
1307	if (empty($id)) {
1308	throw new Exception(__('No such entry ID'));
1309	}
1310
1311	# Post excerpt and content
1312	$this->getPostContent($cur,$id);
1313
1314	$this->getPostCursor($cur);
1315
1316	if ($cur->post_url !== null) {
1317	$cur->post_url = $this->getPostURL($cur->post_url,$cur->post_dt,$cur->post_title,$id);
1318	}
1319
1320	if (!$this->core->auth->check('publish,contentadmin',$this->id)) {
1321	$cur->unsetField('post_status');
1322	}
1323
1324	$cur->post_upddt = date('Y-m-d H:i:s');
1325
1326	#If user is only "usage", we need to check the post's owner
1327	if (!$this->core->auth->check('contentadmin',$this->id))
1328	{
1329	$strReq = 'SELECT post_id '.
1330	'FROM '.$this->prefix.'post '.
1331	'WHERE post_id = '.$id.' '.
1332	"AND user_id = '".$this->con->escape($this->core->auth->userID())."' ";
1333
1334	$rs = $this->con->select($strReq);
1335
1336	if ($rs->isEmpty()) {
1337	throw new Exception(__('You are not allowed to edit this entry'));
1338	}
1339	}
1340
1341	# --BEHAVIOR-- coreBeforePostUpdate
1342	$this->core->callBehavior('coreBeforePostUpdate',$this,$cur);
1343
1344	$cur->update('WHERE post_id = '.$id.' ');
1345
1346	# --BEHAVIOR-- coreAfterPostUpdate
1347	$this->core->callBehavior('coreAfterPostUpdate',$this,$cur);
1348
1349	$this->triggerBlog();
1350	}
1351
1352	/**
1353	Updates post status.
1354
1355	@param id <b>integer</b> Post ID
1356	@param status <b>integer</b> Post status
1357	*/
1358	public function updPostStatus($id,$status)
1359	{
1360	$this->updPostsStatus($id,$status);
1361	}
1362
1363	/**
1364	Updates posts status.
1365
1366	@param ids <b>mixed</b> Post(s) ID(s)
1367	@param status <b>integer</b> Post status
1368	*/
1369	public function updPostsStatus($ids,$status)
1370	{
1371	if (!$this->core->auth->check('publish,contentadmin',$this->id)) {
1372	throw new Exception(__('You are not allowed to change this entry status'));
1373	}
1374
1375	$posts_ids = dcUtils::cleanIds($ids);
1376	$status = (integer) $status;
1377
1378	$strReq = "WHERE blog_id = '".$this->con->escape($this->id)."' ".
1379	"AND post_id ".$this->con->in($posts_ids);
1380
1381	#If user can only publish, we need to check the post's owner
1382	if (!$this->core->auth->check('contentadmin',$this->id))
1383	{
1384	$strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' ";
1385	}
1386
1387	$cur = $this->con->openCursor($this->prefix.'post');
1388
1389	$cur->post_status = $status;
1390	$cur->post_upddt = date('Y-m-d H:i:s');
1391
1392	$cur->update($strReq);
1393	$this->triggerBlog();
1394	}
1395
1396	/**
1397	Updates post selection.
1398
1399	@param id <b>integer</b> Post ID
1400	@param selected <b>integer</b> Is selected post
1401	*/
1402	public function updPostSelected($id,$selected)
1403	{
1404	$this->updPostsSelected($id,$selected);
1405	}
1406
1407	/**
1408	Updates posts selection.
1409
1410	@param ids <b>mixed</b> Post(s) ID(s)
1411	@param selected <b>integer</b> Is selected post(s)
1412	*/
1413	public function updPostsSelected($ids,$selected)
1414	{
1415	if (!$this->core->auth->check('usage,contentadmin',$this->id)) {
1416	throw new Exception(__('You are not allowed to change this entry category'));
1417	}
1418
1419	$posts_ids = dcUtils::cleanIds($ids);
1420	$selected = (boolean) $selected;
1421
1422	$strReq = "WHERE blog_id = '".$this->con->escape($this->id)."' ".
1423	"AND post_id ".$this->con->in($posts_ids);
1424
1425	# If user is only usage, we need to check the post's owner
1426	if (!$this->core->auth->check('contentadmin',$this->id))
1427	{
1428	$strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' ";
1429	}
1430
1431	$cur = $this->con->openCursor($this->prefix.'post');
1432
1433	$cur->post_selected = (integer) $selected;
1434	$cur->post_upddt = date('Y-m-d H:i:s');
1435
1436	$cur->update($strReq);
1437	$this->triggerBlog();
1438	}
1439
1440	/**
1441	Updates post category. <var>$cat_id</var> can be null.
1442
1443	@param id <b>integer</b> Post ID
1444	@param cat_id <b>integer</b> Category ID
1445	*/
1446	public function updPostCategory($id,$cat_id)
1447	{
1448	$this->updPostsCategory($id,$cat_id);
1449	}
1450
1451	/**
1452	Updates posts category. <var>$cat_id</var> can be null.
1453
1454	@param ids <b>mixed</b> Post(s) ID(s)
1455	@param cat_id <b>integer</b> Category ID
1456	*/
1457	public function updPostsCategory($ids,$cat_id)
1458	{
1459	if (!$this->core->auth->check('usage,contentadmin',$this->id)) {
1460	throw new Exception(__('You are not allowed to change this entry category'));
1461	}
1462
1463	$posts_ids = dcUtils::cleanIds($ids);
1464	$cat_id = (integer) $cat_id;
1465
1466	$strReq = "WHERE blog_id = '".$this->con->escape($this->id)."' ".
1467	"AND post_id ".$this->con->in($posts_ids);
1468
1469	# If user is only usage, we need to check the post's owner
1470	if (!$this->core->auth->check('contentadmin',$this->id))
1471	{
1472	$strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' ";
1473	}
1474
1475	$cur = $this->con->openCursor($this->prefix.'post');
1476
1477	$cur->cat_id = ($cat_id ? $cat_id : null);
1478	$cur->post_upddt = date('Y-m-d H:i:s');
1479
1480	$cur->update($strReq);
1481	$this->triggerBlog();
1482	}
1483
1484	/**
1485	Updates posts category. <var>$new_cat_id</var> can be null.
1486
1487	@param old_cat_id <b>integer</b> Old category ID
1488	@param new_cat_id <b>integer</b> New category ID
1489	*/
1490	public function changePostsCategory($old_cat_id,$new_cat_id)
1491	{
1492	if (!$this->core->auth->check('contentadmin,categories',$this->id)) {
1493	throw new Exception(__('You are not allowed to change entries category'));
1494	}
1495
1496	$old_cat_id = (integer) $old_cat_id;
1497	$new_cat_id = (integer) $new_cat_id;
1498
1499	$cur = $this->con->openCursor($this->prefix.'post');
1500
1501	$cur->cat_id = ($new_cat_id ? $new_cat_id : null);
1502	$cur->post_upddt = date('Y-m-d H:i:s');
1503
1504	$cur->update(
1505	'WHERE cat_id = '.$old_cat_id.' '.
1506	"AND blog_id = '".$this->con->escape($this->id)."' "
1507	);
1508	$this->triggerBlog();
1509	}
1510
1511	/**
1512	Deletes a post.
1513
1514	@param id <b>integer</b> Post ID
1515	*/
1516	public function delPost($id)
1517	{
1518	$this->delPosts($id);
1519	}
1520
1521	/**
1522	Deletes multiple posts.
1523
1524	@param ids <b>mixed</b> Post(s) ID(s)
1525	*/
1526	public function delPosts($ids)
1527	{
1528	if (!$this->core->auth->check('delete,contentadmin',$this->id)) {
1529	throw new Exception(__('You are not allowed to delete entries'));
1530	}
1531
1532	$posts_ids = dcUtils::cleanIds($ids);
1533
1534	if (empty($posts_ids)) {
1535	throw new Exception(__('No such entry ID'));
1536	}
1537
1538	$strReq = 'DELETE FROM '.$this->prefix.'post '.
1539	"WHERE blog_id = '".$this->con->escape($this->id)."' ".
1540	"AND post_id ".$this->con->in($posts_ids);
1541
1542	#If user can only delete, we need to check the post's owner
1543	if (!$this->core->auth->check('contentadmin',$this->id))
1544	{
1545	$strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' ";
1546	}
1547
1548	$this->con->execute($strReq);
1549	$this->triggerBlog();
1550	}
1551
1552	/**
1553	Publishes all entries flaged as "scheduled".
1554	*/
1555	public function publishScheduledEntries()
1556	{
1557	$strReq = 'SELECT post_id, post_dt, post_tz '.
1558	'FROM '.$this->prefix.'post '.
1559	'WHERE post_status = -1 '.
1560	"AND blog_id = '".$this->con->escape($this->id)."' ";
1561
1562	$rs = $this->con->select($strReq);
1563
1564	$now = dt::toUTC(time());
1565	$to_change = new ArrayObject();
1566
1567	if ($rs->isEmpty()) {
1568	return;
1569	}
1570
1571	while ($rs->fetch())
1572	{
1573	# Now timestamp with post timezone
1574	$now_tz = $now + dt::getTimeOffset($rs->post_tz,$now);
1575
1576	# Post timestamp
1577	$post_ts = strtotime($rs->post_dt);
1578
1579	# If now_tz >= post_ts, we publish the entry
1580	if ($now_tz >= $post_ts) {
1581	$to_change[] = (integer) $rs->post_id;
1582	}
1583	}
1584	if (count($to_change))
1585	{
1586	# --BEHAVIOR-- coreBeforeScheduledEntriesPublish
1587	$this->core->callBehavior('coreBeforeScheduledEntriesPublish',$this,$to_change);
1588
1589	$strReq =
1590	'UPDATE '.$this->prefix.'post SET '.
1591	'post_status = 1 '.
1592	"WHERE blog_id = '".$this->con->escape($this->id)."' ".
1593	'AND post_id '.$this->con->in((array)$to_change).' ';
1594	$this->con->execute($strReq);
1595	$this->triggerBlog();
1596
1597	# --BEHAVIOR-- coreAfterScheduledEntriesPublish
1598	$this->core->callBehavior('coreAfterScheduledEntriesPublish',$this,$to_change);
1599	}
1600
1601	}
1602
1603	/**
1604	Retrieves all users having posts on current blog.
1605
1606	@param post_type <b>string</b> post_type filter (post)
1607	@return record
1608	*/
1609	public function getPostsUsers($post_type='post')
1610	{
1611	$strReq = 'SELECT P.user_id, user_name, user_firstname, '.
1612	'user_displayname, user_email '.
1613	'FROM '.$this->prefix.'post P, '.$this->prefix.'user U '.
1614	'WHERE P.user_id = U.user_id '.
1615	"AND blog_id = '".$this->con->escape($this->id)."' ";
1616
1617	if ($post_type) {
1618	$strReq .= "AND post_type = '".$this->con->escape($post_type)."' ";
1619	}
1620
1621	$strReq .= 'GROUP BY P.user_id, user_name, user_firstname, user_displayname, user_email ';
1622
1623	return $this->con->select($strReq);
1624	}
1625
1626	private function getPostsCategoryFilter($arr,$field='cat_id')
1627	{
1628	$field = $field == 'cat_id' ? 'cat_id' : 'cat_url';
1629
1630	$sub = array();
1631	$not = array();
1632	$queries = array();
1633
1634	foreach ($arr as $v)
1635	{
1636	$v = trim($v);
1637	$args = preg_split('/\s[?]\s/',$v,-1,PREG_SPLIT_NO_EMPTY);
1638	$id = array_shift($args);
1639	$args = array_flip($args);
1640
1641	if (isset($args['not'])) { $not[$id] = 1; }
1642	if (isset($args['sub'])) { $sub[$id] = 1; }
1643	if ($field == 'cat_id') {
1644	if (preg_match('/^null$/i',$id)) {
1645	$queries[$id] = 'P.cat_id IS NULL';
1646	}
1647	else {
1648	$queries[$id] = 'P.cat_id = '.(integer) $id;
1649	}
1650	} else {
1651	$queries[$id] = "C.cat_url = '".$this->con->escape($id)."' ";
1652	}
1653	}
1654
1655	if (!empty($sub)) {
1656	$rs = $this->con->select(
1657	'SELECT cat_id, cat_url, cat_lft, cat_rgt FROM '.$this->prefix.'category '.
1658	"WHERE blog_id = '".$this->con->escape($this->id)."' ".
1659	'AND '.$field.' '.$this->con->in(array_keys($sub))
1660	);
1661
1662	while ($rs->fetch()) {
1663	$queries[$rs->f($field)] = '(C.cat_lft BETWEEN '.$rs->cat_lft.' AND '.$rs->cat_rgt.')';
1664	}
1665	}
1666
1667	# Create queries
1668	$sql = array(
1669	0 => array(), # wanted categories
1670	1 => array() # excluded categories
1671	);
1672
1673	foreach ($queries as $id => $q) {
1674	$sql[(integer) isset($not[$id])][] = $q;
1675	}
1676
1677	$sql[0] = implode(' OR ',$sql[0]);
1678	$sql[1] = implode(' OR ',$sql[1]);
1679
1680	if ($sql[0]) {
1681	$sql[0] = '('.$sql[0].')';
1682	} else {
1683	unset($sql[0]);
1684	}
1685
1686	if ($sql[1]) {
1687	$sql[1] = '(P.cat_id IS NULL OR NOT('.$sql[1].'))';
1688	} else {
1689	unset($sql[1]);
1690	}
1691
1692	return implode(' AND ',$sql);
1693	}
1694
1695	private function getPostCursor($cur,$post_id=null)
1696	{
1697	if ($cur->post_title == '') {
1698	throw new Exception(__('No entry title'));
1699	}
1700
1701	if ($cur->post_content == '') {
1702	throw new Exception(__('No entry content'));
1703	}
1704
1705	if ($cur->post_password === '') {
1706	$cur->post_password = null;
1707	}
1708
1709	if ($cur->post_dt == '') {
1710	$offset = dt::getTimeOffset($this->core->auth->getInfo('user_tz'));
1711	$now = time() + $offset;
1712	$cur->post_dt = date('Y-m-d H:i:00',$now);
1713	}
1714
1715	$post_id = is_int($post_id) ? $post_id : $cur->post_id;
1716
1717	if ($cur->post_content_xhtml == '') {
1718	throw new Exception(__('No entry content'));
1719	}
1720
1721	# Words list
1722	if ($cur->post_title !== null && $cur->post_excerpt_xhtml !== null
1723	&& $cur->post_content_xhtml !== null)
1724	{
1725	$words =
1726	$cur->post_title.' '.
1727	$cur->post_excerpt_xhtml.' '.
1728	$cur->post_content_xhtml;
1729
1730	$cur->post_words = implode(' ',text::splitWords($words));
1731	}
1732	}
1733
1734	private function getPostContent($cur,$post_id)
1735	{
1736	$post_excerpt = $cur->post_excerpt;
1737	$post_excerpt_xhtml = $cur->post_excerpt_xhtml;
1738	$post_content = $cur->post_content;
1739	$post_content_xhtml = $cur->post_content_xhtml;
1740
1741	$this->setPostContent(
1742	$post_id,$cur->post_format,$cur->post_lang,
1743	$post_excerpt,$post_excerpt_xhtml,
1744	$post_content,$post_content_xhtml
1745	);
1746
1747	$cur->post_excerpt = $post_excerpt;
1748	$cur->post_excerpt_xhtml = $post_excerpt_xhtml;
1749	$cur->post_content = $post_content;
1750	$cur->post_content_xhtml = $post_content_xhtml;
1751	}
1752
1753	/**
1754	Creates post HTML content, taking format and lang into account.
1755
1756	@param post_id <b>integer</b> Post ID
1757	@param format <b>string</b> Post format
1758	@param lang <b>string</b> Post lang
1759	@param excerpt <b>string</b> Post excerpt
1760	@param[out] excerpt_xhtml <b>string</b> Post excerpt HTML
1761	@param content <b>string</b> Post content
1762	@param[out] content_xhtml <b>string</b> Post content HTML
1763	*/
1764	public function setPostContent($post_id,$format,$lang,&$excerpt,&$excerpt_xhtml,&$content,&$content_xhtml)
1765	{
1766	if ($format == 'wiki')
1767	{
1768	$this->core->initWikiPost();
1769	$this->core->wiki2xhtml->setOpt('note_prefix','pnote-'.$post_id);
1770	switch ($this->settings->system->note_title_tag) {
1771	case 1:
1772	$tag = 'h3';
1773	break;
1774	case 2:
1775	$tag = 'p';
1776	break;
1777	default:
1778	$tag = 'h4';
1779	break;
1780	}
1781	$this->core->wiki2xhtml->setOpt('note_str','<div class="footnotes"><'.$tag.' class="footnotes-title">'.
1782	__('Notes').'</'.$tag.'>%s</div>');
1783	$this->core->wiki2xhtml->setOpt('note_str_single','<div class="footnotes"><'.$tag.' class="footnotes-title">'.
1784	__('Note').'</'.$tag.'>%s</div>');
1785	if (strpos($lang,'fr') === 0) {
1786	$this->core->wiki2xhtml->setOpt('active_fr_syntax',1);
1787	}
1788	}
1789
1790	if ($excerpt) {
1791	$excerpt_xhtml = $this->core->callFormater($format,$excerpt);
1792	$excerpt_xhtml = $this->core->HTMLfilter($excerpt_xhtml);
1793	} else {
1794	$excerpt_xhtml = '';
1795	}
1796
1797	if ($content) {
1798	$content_xhtml = $this->core->callFormater($format,$content);
1799	$content_xhtml = $this->core->HTMLfilter($content_xhtml);
1800	} else {
1801	$content_xhtml = '';
1802	}
1803
1804	# --BEHAVIOR-- coreAfterPostContentFormat
1805	$this->core->callBehavior('coreAfterPostContentFormat',array(
1806	'excerpt' => &$excerpt,
1807	'content' => &$content,
1808	'excerpt_xhtml' => &$excerpt_xhtml,
1809	'content_xhtml' => &$content_xhtml
1810	));
1811	}
1812
1813	/**
1814	Returns URL for a post according to blog setting <var>post_url_format</var>.
1815	It will try to guess URL and append some figures if needed.
1816
1817	@param url <b>string</b> Origin URL, could be empty
1818	@param post_dt <b>string</b> Post date (in YYYY-MM-DD HH:mm:ss)
1819	@param post_title <b>string</b> Post title
1820	@param post_id <b>integer</b> Post ID
1821	@return <b>string</b> result URL
1822	*/
1823	public function getPostURL($url,$post_dt,$post_title,$post_id)
1824	{
1825	$url = trim($url);
1826
1827	$url_patterns = array(
1828	'{y}' => date('Y',strtotime($post_dt)),
1829	'{m}' => date('m',strtotime($post_dt)),
1830	'{d}' => date('d',strtotime($post_dt)),
1831	'{t}' => text::tidyURL($post_title),
1832	'{id}' => (integer) $post_id
1833	);
1834
1835	# If URL is empty, we create a new one
1836	if ($url == '')
1837	{
1838	# Transform with format
1839	$url = str_replace(
1840	array_keys($url_patterns),
1841	array_values($url_patterns),
1842	$this->settings->system->post_url_format
1843	);
1844	}
1845	else
1846	{
1847	$url = text::tidyURL($url);
1848	}
1849
1850	# Let's check if URL is taken...
1851	$strReq = 'SELECT post_url FROM '.$this->prefix.'post '.
1852	"WHERE post_url = '".$this->con->escape($url)."' ".
1853	'AND post_id <> '.(integer) $post_id. ' '.
1854	"AND blog_id = '".$this->con->escape($this->id)."' ".
1855	'ORDER BY post_url DESC';
1856
1857	$rs = $this->con->select($strReq);
1858
1859	if (!$rs->isEmpty())
1860	{
1861	if ($this->con->driver() == 'mysql' \|\| $this->con->driver() == 'mysqli') {
1862	$clause = "REGEXP '^".$this->con->escape($url)."[0-9]+$'";
1863	} elseif ($this->con->driver() == 'pgsql') {
1864	$clause = "~ '^".$this->con->escape($url)."[0-9]+$'";
1865	} else {
1866	$clause = "LIKE '".$this->con->escape($url)."%'";
1867	}
1868	$strReq = 'SELECT post_url FROM '.$this->prefix.'post '.
1869	"WHERE post_url ".$clause.' '.
1870	'AND post_id <> '.(integer) $post_id.' '.
1871	"AND blog_id = '".$this->con->escape($this->id)."' ".
1872	'ORDER BY post_url DESC ';
1873
1874	$rs = $this->con->select($strReq);
1875	$a = array();
1876	while ($rs->fetch()) {
1877	$a[] = $rs->post_url;
1878	}
1879
1880	natsort($a);
1881	$t_url = end($a);
1882
1883	if (preg_match('/(.*?)([0-9]+)$/',$t_url,$m)) {
1884	$i = (integer) $m[2];
1885	$url = $m[1];
1886	} else {
1887	$i = 1;
1888	}
1889
1890	return $url.($i+1);
1891	}
1892
1893	# URL is empty?
1894	if ($url == '') {
1895	throw new Exception(__('Empty entry URL'));
1896	}
1897
1898	return $url;
1899	}
1900	//@}
1901
1902	/// @name Comments management methods
1903	//@{
1904	/**
1905	Retrieves comments. <b>$params</b> is an array taking the following
1906	optionnal parameters:
1907
1908	- no_content: Don't retrieve comment content
1909	- post_type: Get only entries with given type (default no type, array for many types)
1910	- post_id: (integer) Get comments belonging to given post_id
1911	- cat_id: (integer or array) Get comments belonging to entries of given category ID
1912	- comment_id: (integer or array) Get comment with given ID (or IDs)
1913	- comment_site: (string) Get comments with given comment_site
1914	- comment_status: (integer) Get comments with given comment_status
1915	- comment_trackback: (integer) Get only comments (0) or trackbacks (1)
1916	- comment_ip: (string) Get comments with given IP address
1917	- post_url: Get entry with given post_url field
1918	- user_id: (integer) Get entries belonging to given user ID
1919	- q_author: Search comments by author
1920	- sql: Append SQL string at the end of the query
1921	- from: Append SQL string after "FROM" statement in query
1922	- order: Order of results (default "ORDER BY comment_dt DES")
1923	- limit: Limit parameter
1924	- sql_only : return the sql request instead of results. Only ids are selected
1925
1926	@param params <b>array</b> Parameters
1927	@param count_only <b>boolean</b> Only counts results
1928	@return <b>record</b> A record with some more capabilities
1929	*/
1930	public function getComments($params=array(),$count_only=false)
1931	{
1932	if ($count_only)
1933	{
1934	$strReq = 'SELECT count(comment_id) ';
1935	}
1936	elseif (!empty($params['sql_only']))
1937	{
1938	$strReq = 'SELECT P.post_id ';
1939	}
1940	else
1941	{
1942	if (!empty($params['no_content'])) {
1943	$content_req = '';
1944	} else {
1945	$content_req = 'comment_content, ';
1946	}
1947
1948	if (!empty($params['columns']) && is_array($params['columns'])) {
1949	$content_req .= implode(', ',$params['columns']).', ';
1950	}
1951
1952	$strReq =
1953	'SELECT C.comment_id, comment_dt, comment_tz, comment_upddt, '.
1954	'comment_author, comment_email, comment_site, '.
1955	$content_req.' comment_trackback, comment_status, '.
1956	'comment_spam_status, comment_spam_filter, comment_ip, '.
1957	'P.post_title, P.post_url, P.post_id, P.post_password, P.post_type, '.
1958	'P.post_dt, P.user_id, U.user_email, U.user_url ';
1959	}
1960
1961	$strReq .=
1962	'FROM '.$this->prefix.'comment C '.
1963	'INNER JOIN '.$this->prefix.'post P ON C.post_id = P.post_id '.
1964	'INNER JOIN '.$this->prefix.'user U ON P.user_id = U.user_id ';
1965
1966	if (!empty($params['from'])) {
1967	$strReq .= $params['from'].' ';
1968	}
1969
1970	$strReq .=
1971	"WHERE P.blog_id = '".$this->con->escape($this->id)."' ";
1972
1973	if (!$this->core->auth->check('contentadmin',$this->id)) {
1974	$strReq .= 'AND ((comment_status = 1 AND P.post_status = 1 ';
1975
1976	if ($this->without_password) {
1977	$strReq .= 'AND post_password IS NULL ';
1978	}
1979	$strReq .= ') ';
1980
1981	if ($this->core->auth->userID()) {
1982	$strReq .= "OR P.user_id = '".$this->con->escape($this->core->auth->userID())."')";
1983	} else {
1984	$strReq .= ') ';
1985	}
1986	}
1987
1988	if (!empty($params['post_type']))
1989	{
1990	$strReq .= 'AND post_type '.$this->con->in($params['post_type']);
1991	}
1992
1993	if (isset($params['post_id']) && $params['post_id'] !== '') {
1994	$strReq .= 'AND P.post_id = '.(integer) $params['post_id'].' ';
1995	}
1996
1997	if (isset($params['cat_id']) && $params['cat_id'] !== '') {
1998	$strReq .= 'AND P.cat_id = '.(integer) $params['cat_id'].' ';
1999	}
2000
2001	if (isset($params['comment_id']) && $params['comment_id'] !== '') {
2002	if (is_array($params['comment_id'])) {
2003	array_walk($params['comment_id'],create_function('&$v,$k','if($v!==null){$v=(integer)$v;}'));
2004	} else {
2005	$params['comment_id'] = array((integer) $params['comment_id']);
2006	}
2007	$strReq .= 'AND comment_id '.$this->con->in($params['comment_id']);
2008	}
2009
2010	if (isset($params['comment_site'])) {
2011	$comment_site = $this->con->escape(str_replace('*','%',$params['comment_site']));
2012	$strReq .= "AND comment_site LIKE '".$comment_site."' ";
2013	}
2014
2015	if (isset($params['comment_status'])) {
2016	$strReq .= 'AND comment_status = '.(integer) $params['comment_status'].' ';
2017	}
2018
2019	if (!empty($params['comment_status_not']))
2020	{
2021	$strReq .= 'AND comment_status <> '.(integer) $params['comment_status_not'].' ';
2022	}
2023
2024	if (isset($params['comment_trackback'])) {
2025	$strReq .= 'AND comment_trackback = '.(integer) (boolean) $params['comment_trackback'].' ';
2026	}
2027
2028	if (isset($params['comment_ip'])) {
2029	$comment_ip = $this->con->escape(str_replace('*','%',$params['comment_ip']));
2030	$strReq .= "AND comment_ip LIKE '".$comment_ip."' ";
2031	}
2032
2033	if (isset($params['q_author'])) {
2034	$q_author = $this->con->escape(str_replace('*','%',strtolower($params['q_author'])));
2035	$strReq .= "AND LOWER(comment_author) LIKE '".$q_author."' ";
2036	}
2037
2038	if (!empty($params['search']))
2039	{
2040	$words = text::splitWords($params['search']);
2041
2042	if (!empty($words))
2043	{
2044	# --BEHAVIOR coreCommentSearch
2045	if ($this->core->hasBehavior('coreCommentSearch')) {
2046	$this->core->callBehavior('coreCommentSearch',$this->core,array(&$words,&$strReq,&$params));
2047	}
2048
2049	if ($words)
2050	{
2051	foreach ($words as $i => $w) {
2052	$words[$i] = "comment_words LIKE '%".$this->con->escape($w)."%'";
2053	}
2054	$strReq .= 'AND '.implode(' AND ',$words).' ';
2055	}
2056	}
2057	}
2058
2059	if (!empty($params['sql'])) {
2060	$strReq .= $params['sql'].' ';
2061	}
2062
2063	if (!$count_only)
2064	{
2065	if (!empty($params['order'])) {
2066	$strReq .= 'ORDER BY '.$this->con->escape($params['order']).' ';
2067	} else {
2068	$strReq .= 'ORDER BY comment_dt DESC ';
2069	}
2070	}
2071
2072	if (!$count_only && !empty($params['limit'])) {
2073	$strReq .= $this->con->limit($params['limit']);
2074	}
2075
2076	if (!empty($params['sql_only'])) {
2077	return $strReq;
2078	}
2079
2080	$rs = $this->con->select($strReq);
2081	$rs->core = $this->core;
2082	$rs->extend('rsExtComment');
2083
2084	# --BEHAVIOR-- coreBlogGetComments
2085	$this->core->callBehavior('coreBlogGetComments',$rs);
2086
2087	return $rs;
2088	}
2089
2090	/**
2091	Creates a new comment. Takes a cursor as input and returns the new comment
2092	ID.
2093
2094	@param cur <b>cursor</b> Comment cursor
2095	@return <b>integer</b> New comment ID
2096	*/
2097	public function addComment($cur)
2098	{
2099	$this->con->writeLock($this->prefix.'comment');
2100	try
2101	{
2102	# Get ID
2103	$rs = $this->con->select(
2104	'SELECT MAX(comment_id) '.
2105	'FROM '.$this->prefix.'comment '
2106	);
2107
2108	$cur->comment_id = (integer) $rs->f(0) + 1;
2109	$cur->comment_upddt = date('Y-m-d H:i:s');
2110
2111	$offset = dt::getTimeOffset($this->settings->system->blog_timezone);
2112	$cur->comment_dt = date('Y-m-d H:i:s',time() + $offset);
2113	$cur->comment_tz = $this->settings->system->blog_timezone;
2114
2115	$this->getCommentCursor($cur);
2116
2117	if ($cur->comment_ip === null) {
2118	$cur->comment_ip = http::realIP();
2119	}
2120
2121	# --BEHAVIOR-- coreBeforeCommentCreate
2122	$this->core->callBehavior('coreBeforeCommentCreate',$this,$cur);
2123
2124	$cur->insert();
2125	$this->con->unlock();
2126	}
2127	catch (Exception $e)
2128	{
2129	$this->con->unlock();
2130	throw $e;
2131	}
2132
2133	# --BEHAVIOR-- coreAfterCommentCreate
2134	$this->core->callBehavior('coreAfterCommentCreate',$this,$cur);
2135
2136	$this->triggerComment($cur->comment_id);
2137	if ($cur->comment_status != -2) {
2138	$this->triggerBlog();
2139	}
2140	return $cur->comment_id;
2141	}
2142
2143	/**
2144	Updates an existing comment.
2145
2146	@param id <b>integer</b> Comment ID
2147	@param cur <b>cursor</b> Comment cursor
2148	*/
2149	public function updComment($id,$cur)
2150	{
2151	if (!$this->core->auth->check('usage,contentadmin',$this->id)) {
2152	throw new Exception(__('You are not allowed to update comments'));
2153	}
2154
2155	$id = (integer) $id;
2156
2157	if (empty($id)) {
2158	throw new Exception(__('No such comment ID'));
2159	}
2160
2161	$rs = $this->getComments(array('comment_id' => $id));
2162
2163	if ($rs->isEmpty()) {
2164	throw new Exception(__('No such comment ID'));
2165	}
2166
2167	#If user is only usage, we need to check the post's owner
2168	if (!$this->core->auth->check('contentadmin',$this->id))
2169	{
2170	if ($rs->user_id != $this->core->auth->userID()) {
2171	throw new Exception(__('You are not allowed to update this comment'));
2172	}
2173	}
2174
2175	$this->getCommentCursor($cur);
2176
2177	$cur->comment_upddt = date('Y-m-d H:i:s');
2178
2179	if (!$this->core->auth->check('publish,contentadmin',$this->id)) {
2180	$cur->unsetField('comment_status');
2181	}
2182
2183	# --BEHAVIOR-- coreBeforeCommentUpdate
2184	$this->core->callBehavior('coreBeforeCommentUpdate',$this,$cur,$rs);
2185
2186	$cur->update('WHERE comment_id = '.$id.' ');
2187
2188	# --BEHAVIOR-- coreAfterCommentUpdate
2189	$this->core->callBehavior('coreAfterCommentUpdate',$this,$cur,$rs);
2190
2191	$this->triggerComment($id);
2192	$this->triggerBlog();
2193	}
2194
2195	/**
2196	Updates comment status.
2197
2198	@param id <b>integer</b> Comment ID
2199	@param status <b>integer</b> Comment status
2200	*/
2201	public function updCommentStatus($id,$status)
2202	{
2203	$this->updCommentsStatus($id,$status);
2204	}
2205
2206	/**
2207	Updates comments status.
2208
2209	@param ids <b>mixed</b> Comment(s) ID(s)
2210	@param status <b>integer</b> Comment status
2211	*/
2212	public function updCommentsStatus($ids,$status)
2213	{
2214	if (!$this->core->auth->check('publish,contentadmin',$this->id)) {
2215	throw new Exception(__("You are not allowed to change this comment's status"));
2216	}
2217
2218	$co_ids = dcUtils::cleanIds($ids);
2219	$status = (integer) $status;
2220
2221	$strReq =
2222	'UPDATE '.$this->prefix.'comment '.
2223	'SET comment_status = '.$status.' ';
2224	$strReq .=
2225	'WHERE comment_id'.$this->con->in($co_ids).
2226	'AND post_id in (SELECT tp.post_id '.
2227	'FROM '.$this->prefix.'post tp '.
2228	"WHERE tp.blog_id = '".$this->con->escape($this->id)."' ";
2229	if (!$this->core->auth->check('contentadmin',$this->id))
2230	{
2231	$strReq .=
2232	"AND user_id = '".$this->con->escape($this->core->auth->userID())."' ";
2233	}
2234	$strReq .= ')';
2235	$this->con->execute($strReq);
2236	$this->triggerComments($co_ids);
2237	$this->triggerBlog();
2238	}
2239
2240	/**
2241	Delete a comment
2242
2243	@param id <b>integer</b> Comment ID
2244	*/
2245	public function delComment($id)
2246	{
2247	$this->delComments($id);
2248	}
2249
2250	/**
2251	Delete comments
2252
2253	@param ids <b>mixed</b> Comment(s) ID(s)
2254	*/
2255	public function delComments($ids)
2256	{
2257	if (!$this->core->auth->check('delete,contentadmin',$this->id)) {
2258	throw new Exception(__('You are not allowed to delete comments'));
2259	}
2260
2261	$co_ids = dcUtils::cleanIds($ids);
2262
2263	if (empty($co_ids)) {
2264	throw new Exception(__('No such comment ID'));
2265	}
2266
2267	# Retrieve posts affected by comments edition
2268	$affected_posts = array();
2269	$strReq =
2270	'SELECT post_id '.
2271	'FROM '.$this->prefix.'comment '.
2272	'WHERE comment_id'.$this->con->in($co_ids).
2273	'GROUP BY post_id';
2274
2275	$rs = $this->con->select($strReq);
2276
2277	while ($rs->fetch()) {
2278	$affected_posts[] = (integer) $rs->post_id;
2279	}
2280
2281	$strReq =
2282	'DELETE FROM '.$this->prefix.'comment '.
2283	'WHERE comment_id'.$this->con->in($co_ids).' '.
2284	'AND post_id in (SELECT tp.post_id '.
2285	'FROM '.$this->prefix.'post tp '.
2286	"WHERE tp.blog_id = '".$this->con->escape($this->id)."' ";
2287	#If user can only delete, we need to check the post's owner
2288	if (!$this->core->auth->check('contentadmin',$this->id))
2289	{
2290	$strReq .=
2291	"AND tp.user_id = '".$this->con->escape($this->core->auth->userID())."' ";
2292	}
2293	$strReq .= ")";
2294	$this->con->execute($strReq);
2295	$this->triggerComments($co_ids, true, $affected_posts);
2296	$this->triggerBlog();
2297	}
2298
2299	public function delJunkComments()
2300	{
2301	if (!$this->core->auth->check('delete,contentadmin',$this->id)) {
2302	throw new Exception(__('You are not allowed to delete comments'));
2303	}
2304
2305	$strReq =
2306	'DELETE FROM '.$this->prefix.'comment '.
2307	'WHERE comment_status = -2 '.
2308	'AND post_id in (SELECT tp.post_id '.
2309	'FROM '.$this->prefix.'post tp '.
2310	"WHERE tp.blog_id = '".$this->con->escape($this->id)."' ";
2311	#If user can only delete, we need to check the post's owner
2312	if (!$this->core->auth->check('contentadmin',$this->id))
2313	{
2314	$strReq .=
2315	"AND tp.user_id = '".$this->con->escape($this->core->auth->userID())."' ";
2316	}
2317	$strReq .= ")";
2318	$this->con->execute($strReq);
2319	$this->triggerBlog();
2320	}
2321
2322	private function getCommentCursor($cur)
2323	{
2324	if ($cur->comment_content !== null && $cur->comment_content == '') {
2325	throw new Exception(__('You must provide a comment'));
2326	}
2327
2328	if ($cur->comment_author !== null && $cur->comment_author == '') {
2329	throw new Exception(__('You must provide an author name'));
2330	}
2331
2332	if ($cur->comment_email != '' && !text::isEmail($cur->comment_email)) {
2333	throw new Exception(__('Email address is not valid.'));
2334	}
2335
2336	if ($cur->comment_site !== null && $cur->comment_site != '') {
2337	if (!preg_match('\|^http(s?)://\|i',$cur->comment_site, $matches)) {
2338	$cur->comment_site = 'http://'.$cur->comment_site;
2339	}else{
2340	$cur->comment_site = strtolower($matches[0]).substr($cur->comment_site, strlen($matches[0]));
2341	}
2342	}
2343
2344	if ($cur->comment_status === null) {
2345	$cur->comment_status = (integer) $this->settings->system->comments_pub;
2346	}
2347
2348	# Words list
2349	if ($cur->comment_content !== null)
2350	{
2351	$cur->comment_words = implode(' ',text::splitWords($cur->comment_content));
2352	}
2353	}
2354	//@}
2355	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/core/class.dc.blog.php @ 3033:5691f5e1ccc6

Download in other formats:

Sites map