')); if (!$this->saved()) { $this->set('date','now()'); } parent::save(); return $this; } /* Functions that output things */ function render($template = 'comment',$backup_path=null) { return parent::renderObj($template,array('comment'=>$this),'content',$backup_path); } function output($template = 'comment',$backup_path=null) { parent::output($template,array('comment'=>$this),'content',$backup_path); } } ?>success()) { return $this; } if ($PARAMETERS) { // create based on parameters foreach ($PARAMETERS as $key=>$value) { $this->set($key,$value); } } } function render($template = 'tag',$backup_path=null) { return parent::renderObj($template,array('tag'=>$this),'content',$backup_path); } function output($template = 'tag',$backup_path=null) { parent::output($template,array('tag'=>$this),'content',$backup_path); } function contentCount() { $docs = $this->POD->getContents(array('t.id'=>$this->get('id')),'d.date desc'); return $docs->totalCount(); } function save() { $this->success = false; if ($this->get('value')) { if (!$this->saved()) { $this->set('date','now()'); } parent::save(); } else { $this->throwError("No value!"); $this->error_code = 500; } return $this; } } ?>success()) { return $this; } // Load a document from the database or from defaults, based on the parameters if (isset($PARAMETERS['id']) && (sizeof($PARAMETERS)==1)) { // load by ID $this->getContentById($PARAMETERS['id']); if (!$this->success()) { return; } } else if (isset($PARAMETERS['stub']) && (sizeof($PARAMETERS)==1)) { // load by unique stub $this->getContentByStub($PARAMETERS['stub']); if (!$this->success()) { return; } } else if ($PARAMETERS) { // create based on parameters $this->POD->tolog("content->new Create doc from parameters"); $fill = true; if (isset($PARAMETERS['id'])) { $d = $this->POD->checkcache('Content','id',$PARAMETERS['id']); if ($d) { $fill = false; $this->DATA = $d; } } if ($fill) { foreach ($PARAMETERS as $key=>$value) { $this->set($key,$value); } if (!$this->get('id')) { if (!$this->POD->isAuthenticated()) { $this->success = false; $this->throwError("No current user! Can't create content!"); return null; } $this->set('userId',$this->POD->currentUser()->get('id')); } $this->stuffDoc(); $this->POD->cachestore($this); } } else { // this is a brand new content object // we still need to call generatePermalink because some other stuff gets set up $this->generatePermalink(); } if ( $this->POD->isAuthenticated() && (($this->get('userId') == $this->POD->currentUser()->get('id')) || ($this->POD->currentUser()->get('adminUser')) || ($this->get('createdBy') == $this->POD->currentUser()->get('id')) ||!$this->get('id')) ) { // if there is a user logged in, and this user is the creator of this content, set the editable flag to true. $this->IS_EDITABLE = true; } if ($this->get('privacy') == "friends_only") { if ($this->POD->isAuthenticated() && $this->author()->isFriendsWith($this->POD->currentUser())) { // OK! we are authenticated and this person is friends with the author. } else if ($this->isEditable()) { // i own this, so of course I can see it } else { $this->throwError("Access Denied: Friends Only!"); $this->error_code = 402; $this->success = false; $this->DATA = array(); return $this; } } if ($this->get('privacy') == "owner_only") { if ($this->isEditable()) { // i own this, so of course I can see it } else { $this->throwError("Access Denied: Owner Only!"); $this->error_code = 402; $this->success = false; $this->DATA = array(); return $this; } } if ($this->get('privacy') == "group_only") { $group = $this->POD->getGroup(array('id'=>$this->get('groupId'))); if ($group->success()) { if ($this->POD->isAuthenticated() && $group->isMember($this->POD->currentUser())) { // OK! we are authenticated and this person is a member of the group that this doc is in. } else if ($this->isEditable()) { // i own this, so of course I can see it } else { $this->throwError("Access Denied: Group Members Only!"); $this->error_code = 402; $this->success = false; $this->DATA = array(); return $this; } } } if (isset($PARAMETERS['lockdown']) && $PARAMETERS['lockdown'] == "owner") { // check to make sure we can access this if ( !$this->POD->isAuthenticated() || ($this->get('userId') != $this->POD->currentUser()->get('id')) ) { $this->throwError("Access Denied"); $this->error_code = 401; $this->success = false; return $this; } } $this->success = true; return $this; } /********************************************************************************************* * Accessors *********************************************************************************************/ function children() { if (!$this->get('id')) { return null; } if (!$this->CHILDREN) { $this->CHILDREN = $this->POD->getContents(array('parentId'=>$this->get('id'))); if (!$this->CHILDREN->success()) { return null; } } return $this->CHILDREN; } function comments() { if (!$this->get('id')) { return null; } if (!$this->COMMENTS) { $this->COMMENTS = $this->POD->getComments(array('contentId'=>$this->get('id'))); if (!$this->COMMENTS->success()) { return null; } } return $this->COMMENTS; } function addFile($file_name,$uploaded_file,$description=null) { // pass in an array of parameters from the $_FILES array and this will automatically create the file record. $this->success = false; // if the file already exists, update it. if (!$file = $this->files()->contains('file_name',$file_name)) { // create a new file $file = $this->POD->getFile(); } if ($uploaded_file['tmp_name']) { $file->set('file_name',$file_name); $file->set('original_name',$uploaded_file['name']); $file->set('tmp_name',$uploaded_file['tmp_name']); $file->set('contentId',$this->get('id')); $file->set('description',$description); $file->save(); if (!$file->success()) { $this->throwError($file->error()); } else { $this->success = true; return $file; } } else if ($uploaded_file['error']!= 0 && $uploaded_file['error']!= UPLOAD_ERR_NO_FILE) { if ($uploaded_file['error'] == UPLOAD_ERR_INI_SIZE) { $this->throwError('The file ' . $file_name . ' exceeds the maximum allowed upload size on this server.'); } if ($uploaded_file['error'] == UPLOAD_ERR_FORM_SIZE) { $this->throwError('The file ' . $file_name . ' exceeds the maximum allowed upload size for this form.'); } if ($uploaded_file['error'] == UPLOAD_ERR_PARTIAL) { $this->throwError('The file ' . $file_name . ' did not successfully upload.'); } if ($uploaded_file['error'] == UPLOAD_ERR_NO_TMP_DIR) { $this->throwError('PeoplePods cannot find a temporary folder to store the uploaded files.'); } if ($uploaded_file['error'] == UPLOAD_ERR_CANT_WRITE) { $this->throwError('PeoplePods cannot write to the temporary folder.'); } if ($uploaded_file['error'] == UPLOAD_ERR_EXTENSION) { $this->throwError('A PHP extension stopped the file upload.'); } return false; } else { // sometimes an invalid record gets into $_FILES where no tmp_name is specified // this normally happens when a javascript form validator has caused the file input to submit // even though there is no file! // we don't want to throw an error if this happens, we just want to silently ignore this record. $file->set('description',$description); $file->save(); $this->success = true; } return $this->success; } function files() { if (!$this->get('id')) { return null; } if (!$this->FILES) { $this->FILES = new Stack($this->POD,'file',array('contentId'=>$this->get('id')),null,100,0); if (!$this->FILES->success()) { return null; } } return $this->FILES; } function tags() { if (!$this->get('id')) { return null; } if (!$this->TAGS) { $this->TAGS = new Stack($this->POD,'tag',array('tr.contentId'=>$this->get('id')),null,100,0); if (!$this->TAGS->success()) { return null; } } return $this->TAGS; } function isEditable() { return $this->IS_EDITABLE; } function isFavorite() { return $this->IS_FAVORITE; } function asArray() { $data = parent::asArray(); // remove some fields return $data; } /* Functions that load things */ function save($strip_html = true) { // set up some options $this->success = false; $this->POD->tolog("content->save()"); if (!$this->POD->isAuthenticated()) { $this->throwError("No current user! Can't save content!"); return null; } if (!$this->isEditable()) { $this->throwError("Access Denied"); $this->error_code = 401; return null; } if ($strip_html) { $this->set('body',$this->POD->sanitizeInput($this->get('body'))); } $this->set('body',stripslashes($this->get('body'))); $this->set('headline',stripslashes(strip_tags($this->get('headline')))); $this->set('link',stripslashes(strip_tags($this->get('link')))); if (!$this->saved()) { $this->set('date','now()'); $this->set('editDate','now()'); $this->set('minutes','0'); $this->set('changeDate','now()'); $this->set('yes_votes','0'); $this->set('no_votes','0'); } else { $this->set('editDate','now()'); $this->set('changeDate','now()'); } if ($this->get('privacy')=='') { $this->set('privacy','public'); } // do this down here instead of at the top to catch cases where the headline is blank after stripping html if ($this->get('headline')=='') { $this->success = false; $this->throwError("Missing required fields"); $this->error_code = 500; return null; } if (!$this->get('type')) { $this->set('type','document'); } if (!$this->get('status')) { $this->set('status','new'); } if ($this->get('createdBy') == '') { $this->set('createdBy',$this->POD->currentUser()->get('id')); } if ($this->get('userId') == '') { $this->set('userId',$this->get('createdBy')); } if (!$this->get('stub')) { $stub = $this->get('headline'); $stub = preg_replace("/\s+/","-",$stub); $stub = preg_replace("/[^a-zA-Z0-9\-]/","",$stub); $stub = strtolower($stub); } else { $stub = $this->get('stub'); } $newstub = $stub; // check and see if any content already use this stub. $stubcheck = $this->POD->getContent(array('stub'=>$stub)); $counter = 2; while ($stubcheck->success() && $stubcheck->get('id')!=$this->get('id')) { $newstub = $stub . "_" . $counter++; $stubcheck = $this->POD->getContent(array('stub'=>$newstub)); } $this->set('stub',$newstub); parent::save(); if (!$this->success()) { $this->POD->cacheclear($this); return null; } $this->stuffDoc(); $this->POD->cachestore($this); $this->POD->tolog("content->save() ADD WATCH"); $this->POD->currentUser()->addWatch($this); $this->success= true; $this->POD->tolog("content->save(): Content saved!"); } function changeStatus($status) { if ($this->get('id') && $this->isEditable()) { $this->set('status',$status); $status = mysql_real_escape_string($status); $sql = "UPDATE content SET status='$status', changeDate=NOW(),flagDate=NOW() where id=" . $this->get('id'); $this->POD->tolog($sql,2); $result = mysql_query($sql,$this->POD->DATABASE); $num = mysql_affected_rows($this->POD->DATABASE); if ($num < 1 || !$result) { $this->success = false; $this->throwError("SQL Error: Content Update failed!"); $this->error_code = 500; return null; } else { $this->success = true; $this->POD->cachestore($this); return $this; } } else { $this->success = false; $this->throwError("Status change failed: permission denied"); $this->error_code = 500; return null; } } function delete($force= null) { $this->success = false; if ($this->get('id')) { if ($this->isEditable() || $force) { $this->POD->cacheclear($this); $sql = "DELETE FROM content WHERE id=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $this->files()->reset(); while ($file = $this->files()->getNext()) { $file->delete(); } $sql = "DELETE FROM tagRef WHERE contentId=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $sql = "DELETE FROM comments WHERE contentId=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $sql = "DELETE FROM flags WHERE type='content' and itemId=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $sql = "UPDATE content SET parentId=null WHERE parentId=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $this->COMMENTS = null; $this->TAGS = null; $this->CHILDREN = null; $this->DATA = array(); $this->success = true; } else { $this->throwError("You do not have permission to delete this content."); $this->error_code=403; } } else { // hasn't been saved yet $this->throwError("No such content"); $this->error_code = 404; } } function getContentById($did) { $this->success = null; if ($did != '' && preg_match("/\d+/",$did)) { $d = $this->POD->checkcache('Content','id',$did); if ($d) { $this->POD->tolog("content->getContentById(): USING CACHE"); $this->DATA = $d; } else { $this->load('id',$did); if ($this->success()) { $this->stuffDoc(); $this->POD->cachestore($this); } else { return $this; } } $this->success = true; return $this; } else { $this->throwError("No content id specified"); $this->error_code=500; } } function getContentByStub($stub) { $this->POD->tolog("content->getContentByStub($stub)"); $d = $this->POD->checkcache('Content','stub',$stub); if ($d) { $this->POD->tolog("content->getContentByStub(): USING CACHE"); $this->DATA = $d; } else { $this->load('stub',$stub); if ($this->success()) { $this->stuffDoc(); $this->POD->cachestore($this); $this->success = true; } } return $this; } /************************************************************************************* * TAGS *************************************************************************************/ function hasTag($tagvalue) { return $this->TAGS->contains('value',$tagvalue); } function removeTag($tag) { $this->success = false; if ($this->get('id')) { $t = new Tag($this->POD); $t->load('value',$tag); if ($t->success()) { $sql = "DELETE FROM tagRef WHERE contentId=" . $this->get('id') . " AND tagId=" . $t->get('id') . ';'; $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $this->success = true; $this->tags()->fill(); return $t; }else { $this->throwError("Tag not found"); $this->error_code = 404; } } else { $this->throwError("Content not saved yet!"); $this->error_code = 500; } return null; } function addTag($tag) { $this->success = false; if ($this->get('id')) { $t = new Tag($this->POD); $t->load('value',$tag); if (!$t->success()) { $this->POD->tolog("content->addTag: Adding tag $tag"); $t->set('value',$tag); $t->save(); } $sql = "DELETE FROM tagRef WHERE contentId=" . $this->get('id') . " AND tagId=" . $t->get('id') . ';'; $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $sql = "INSERT INTO tagRef(contentId,tagId,type) VALUES (" . $this->get('id') . "," . $t->get('id') . ",'pub');"; $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $this->tags()->add($t); $this->success = true; return $t; } else { $this->throwError("Content not saved yet!"); $this->error_code = 500; return null; } } function tagsFromString($string,$delimiter=' ') { $tags = explode($delimiter,$string); $this->tags()->reset(); $current_tags = new Stack($this->POD,'tags'); foreach ($this->tags() as $tag) { $current_tags->add($tag); } foreach ($current_tags as $tag) { error_log("REMOVING TAG" . $tag->get('value')); $this->removeTag($tag->get('value')); } foreach ($tags as $tag) { if ($tag != '') { $this->addTag($tag); } } } function tagsAsString($delimiter=' ') { if ($this->tags()) { return $this->tags()->implode($delimiter,'value'); } else { return null; } } /************************************************************************************* * COMMENTS *************************************************************************************/ function markCommentsAsRead() { if (!$this->get('id')) { $this->throwError("Content not saved yet!"); $this->error_code = 500; return; } if (!$this->POD->isAuthenticated()) { $this->throwError("Access denied"); $this->error_code = 401; return; } $this->POD->currentUser()->addWatch($this); } function goToFirstUnreadComment() { $last = null; if ($this->get('lastCommentId')) { $last = $this->get('lastCommentId'); } else { if ($this->POD->isAuthenticated()) { $last = $this->POD->currentUser()->isWatched($this); } } $this->comments()->reset(); while ($this->comments()->peekAhead() && $this->comments()->peekAhead()->get('id') <= $last) { $this->comments()->getNext(); } } function addComment($comment,$type=null) { $this->success= false; if (!$this->get('id')) { $this->throwError("Content not saved yet!"); $this->error_code = 500; return; } if (!$this->POD->isAuthenticated()) { $this->throwError("Access denied"); $this->error_code = 401; return; } $newcomment = $this->POD->getComment(); $newcomment->set('contentId',$this->get('id')); $newcomment->set('comment',$comment); $newcomment->set('type',$type); $newcomment->set('userId',$this->POD->currentUser()->get('id')); $newcomment->save(); if ($newcomment->success()) { $sql = "UPDATE content SET commentDate=NOW(),changeDate=NOW() where id=" . $this->get('id'); $this->POD->tolog($sql,2); $result = mysql_query($sql,$this->POD->DATABASE); if (!$result) { $this->throwError("SQL Error: commentDate update failed!"); $this->error_code = 500; } $this->comments()->add($newcomment); $this->POD->currentUser()->addWatch($this); $this->success = true; return $newcomment; } else { $this->throwError($newcomment->error()); $this->error_code = $newcomment->errorCode(); return; } } /************************************************************************************* * Groups *************************************************************************************/ function group($field=null) { if ($this->get('groupId') && !$this->GROUP) { $this->GROUP = $this->POD->getGroup(array('id'=>$this->get('groupId'))); } if ($field != null) { return $this->GROUP->get($field); } else { return $this->GROUP; } } // this is a special function that bypasses normal update security to allow a group owner or manager to change the group and privacy settings of a content. function setGroup($groupId) { $this->success = false; if (!$this->get('id')) { $this->throwError("Content not saved yet!"); $this->error_code = 500; return; } if (!$this->POD->isAuthenticated()) { $this->throwError("Access denied"); $this->error_code = 401; return; } if ($groupId == "" || !$groupId) { $group = $this->POD->getGroup(array('id'=>$this->get('groupId'))); } else { $group = $this->POD->getGroup(array('id'=>$groupId)); } if (!$group->success()) { $this->throwError($group->error()); $this->error_code = $group->errorCode(); return; } $membership = $group->isMember($this->POD->currentUser()); if ($group->success()) { if (!($membership == "owner" || $membership == "manager")) { $this->throwError("Access denied: Insufficient Group Privileges"); $this->error_code = 401; return; } } else { $this->throwError("Couldn't check membership: " . $group->error()); return; } $this->set('groupId',$groupId); if ($groupId == '') { $groupId = "NULL"; } else { $groupId= "'" . mysql_real_escape_string($groupId) . "'"; } $privacy = mysql_real_escape_string($this->get('privacy')); $sql = "UPDATE content SET groupId=$groupId, privacy='$privacy', changeDate=NOW() where id=" . $this->get('id'); $this->POD->tolog($sql,2); $result = mysql_query($sql,$this->POD->DATABASE); $num = mysql_affected_rows($this->POD->DATABASE); if ($num < 1 || !$result) { $this->success = false; $this->throwError("SQL Error: Set group failed!"); $this->error_code = 500; return null; } else { $this->success = true; $this->POD->cachestore($this); return $this; } } /************************************************************************************* * VOTING *************************************************************************************/ function vote($vote) { $this->success = false; if (strtolower($vote) == "y") { $vote = 1; } if (strtolower($vote)=="n") { $vote = 0; } if (($vote != '1') && ($vote != '0')) { $this->error_code = 500; $this->throwError("Invalid vote!"); return null; } if (!$this->get('id')) { $this->error_code = 500; $this->throwError("Content has not been saved"); return null; } $this->addFlag('vote',$this->POD->currentUser(),$vote); if (!$this->success()) { return false; } else { if ($vote == "1") { $this->VOTE = "Y"; } else { $this->VOTE="N"; } $this->getVotes(); } return true; } function unvote() { $val = $this->removeFlag('vote',$this->POD->currentUser()); if (!$this->success()) { return $false; } else { $this->getVotes(); } return $this; } /* Helper functions */ function permalink($field="headline",$return = false) { $string = "get('permalink') . "\" title=\"" . htmlentities($this->get('headline')) . "\">" . $this->get($field) . ""; if ($return) { return $string; } else { echo $string; } } function authorisFriendsWith($person) { return $this->author()->isFriendsWith($person); } function stuffDoc() { $this->POD->tolog("content->stuffDoc " . $this->get('id')); if ($this->get('minutes')!='') { $this->set('timesince', $this->POD->timesince($this->get('minutes'))); } $tot = $this->get('yes_votes') + $this->get('no_votes'); if ($tot > 0) { $this->set('yes_percent',intval(($this->get('yes_votes') / $tot) * 100)); $this->set('no_percent',intval(($this->get('no_votes') / $tot) * 100)); } $this->loadMeta(); $this->generatePermalink(); } function getVotes() { $this->success = false; if (!$this->get('id')) { $this->error_code = 500; $this->throwError("Content has not been saved"); $this->POD->tolog("content->getVotes FAILED!"); return null; } $this->POD->tolog("content->getVotes for doc " . $this->get('id')); $yes_votes = new Stack($this->POD,'content',array('flag.name'=>'vote','flag.value'=>'1','flag.itemId'=>$this->get('id'))); $no_votes = new Stack($this->POD,'content',array('flag.name'=>'vote','flag.value'=>'0','flag.itemId'=>$this->get('id'))); $this->set('yes_votes',$yes_votes->totalCount()); $this->set('no_votes',$no_votes->totalCount()); $tot = $this->get('yes_votes') + $this->get('no_votes'); if ($tot > 0) { $this->set('yes_percent',intval(($this->get('yes_votes') / $tot) * 100)); $this->set('no_percent',intval(($this->get('no_votes') / $tot) * 100)); } // can't save, because security model won't let non-owners update! // $this->save(); $sql = "UPDATE content SET yes_votes=" . $this->get('yes_votes') . ",no_votes=" . $this->get('no_votes') . " WHERE id=" . $this->get('id'); $this->POD->tolog($sql,2); $res = mysql_query($sql,$this->POD->DATABASE); $this->success = true; } function generatePermalink() { $path = $this->POD->libOptions('default_document_path'); if ($this->POD->libOptions($this->get('type') . '_document_path')) { $path = $this->POD->libOptions($this->get('type') . '_document_path'); } $this->set('permalink',$this->POD->siteRoot(false) . "/$path/" . $this->get('stub')); $path = $this->POD->libOptions('default_document_editpath'); if ($this->POD->libOptions($this->get('type') . '_document_editpath')) { $path = $this->POD->libOptions($this->get('type') . '_document_editpath'); } $this->set('editpath',$this->POD->siteRoot(false) . "/$path"); $this->set('editlink',$this->POD->siteRoot(false) . "/$path?id=" . $this->get('id')); } function shareStory($email,$message,$from) { list($subject,$body) = $this->POD->mailCreate("share",array(DOC_NAME=>$this->get('headline'),DOC_LINK=>$this->get('permalink'),MEMBER_NAME=>$from->get('nick'),MEMBER_PERMALINK=>$from->get('permalink'),MESSAGE=>$message)); $headers = "From: " . $this->POD->libOptions('fromAddress') . "\r\n" . "X-Mailer: php"; mail($email,$subject, $body, $headers); } function getTagIdByValue($value) { $t = new Tag($this->POD); $t->load('value',$value); if ($t->success()) { return $t->get('id'); } else { $t->set('value',$value); $t->save(); return $t->get('id'); } } /* Functions that output things */ function render($template = 'output',$backup_path=null) { return parent::renderObj($template,array('content'=>$this,'doc'=>$this),'content',$backup_path); } function output($template = 'output',$backup_path=null) { parent::output($template,array('content'=>$this,'doc'=>$this),'content',$backup_path); } } success()) { return $this; } $this->success = false; if (isset($PARAMETERS['authSecret']) && (sizeof($PARAMETERS)==1)) { $this->POD->tolog("user->new(): Attempting to verify user..."); $this->getUserByAuthSecret($PARAMETERS['authSecret']); } else if (isset($PARAMETERS['passwordResetCode']) && (sizeof($PARAMETERS)==1)) { $this->POD->tolog("user->new(): Load by reset code..."); $this->getUserByPasswordResetCode($PARAMETERS['passwordResetCode']); } else if (isset($PARAMETERS['id']) && (sizeof($PARAMETERS)==1)) { $this->POD->tolog("user->new(): Load user by id " . $PARAMETERS['id']); $this->getUserById($PARAMETERS['id']); } else if (isset($PARAMETERS['email']) && (sizeof($PARAMETERS)==1)) { $this->POD->tolog("user->new(): Load user by email"); $this->getUserByEmail($PARAMETERS['email']); } else if (isset($PARAMETERS['nick']) && (sizeof($PARAMETERS)==1)) { $this->POD->tolog("user->new(): Load user by nick"); $this->getUserByNick($PARAMETERS['nick']); } else if (isset($PARAMETERS['nick']) && isset($PARAMETERS['email']) && ($PARAMETERS['password'] || $PARAMETERS['id'])) { $this->POD->tolog("user->new(): Creating user from parameters"); $fill = true; if (isset($PARAMETERS['id'])) { $d = $this->POD->checkcache('Person','id',$PARAMETERS['id']); if ($d) { $fill = false; $this->DATA = $d; $this->success = true; } } if ($fill) { foreach ($PARAMETERS as $key => $value) { if ($key != 'POD') { $this->set($key,$value); } } $this->success = true; $this->stuffUser(); $this->loadMeta(); $this->POD->cachestore($this); } } else { $this->success = true; $this->POD->tolog("user->new(): Empty User"); } // if we failed to create the user by this point, we're screwed. if (!$this->success()) { return; } return $this; } /********************************************************************************************* * Accessors *********************************************************************************************/ function addFile($file_name,$uploaded_file,$description=null) { // pass in an array of parameters from the $_FILES array and this will automatically create the file record. $this->success = false; // if the file already exists, update it. if (!$file = $this->files()->contains('file_name',$file_name)) { // create a new file $file = $this->POD->getFile(); } if ($uploaded_file['tmp_name']) { $file->set('file_name',$file_name); $file->set('original_name',$uploaded_file['name']); $file->set('tmp_name',$uploaded_file['tmp_name']); $file->set('description',$description); $file->set('userId',$this->id); $file->save(); if (!$file->success()) { $this->throwError($file->error()); } else { $this->success = true; return $file; } } else { // sometimes an invalid record gets into $_FILES where no tmp_name is specified // this normally happens when a javascript form validator has caused the file input to submit // even though there is no file! // we don't want to throw an error if this happens, we just want to silently ignore this record. $file->set('description',$description); $file->save(); $this->success = true; return null; } return $this->success; } function files($count=100,$offset=0) { if (!$this->get('id')) { return null; } if (!$this->FILES) { $this->FILES = new Stack($this->POD,'file',array('contentId'=>'null','userId'=>$this->get('id')),null,$count,$offset); if (!$this->FILES->success()) { return null; } } return $this->FILES; } function friends($count = 20,$offset=0) { if (!$this->get('id')) { return null; } if (!$this->FRIENDS || $count != 20 || $offset != 0) { $this->FRIENDS = new Stack($this->POD,'user',array('flag.name'=>'friends','flag.userId'=>$this->get('id')),"flag.date DESC",$count,$offset); if (!$this->FRIENDS->success()) { return null; } } return $this->FRIENDS; } function followers($count=20,$offset=0) { if (!$this->get('id')) { return null; } if (!$this->FOLLOWERS || $count != 20 || $offset != 0) { $this->FOLLOWERS = new Stack($this->POD,'user',array('flag.name'=>'friends','flag.itemId'=>$this->get('id')),"flag.date DESC",$count,$offset); if (!$this->FOLLOWERS->success()) { return null; } } return $this->FOLLOWERS; } function favorites($count=20,$offset=0) { if (!$this->get('id')) { return null; } if (!$this->FAVORITES) { $this->FAVORITES = new Stack($this->POD,'content',array('flag.name'=>'favorite','flag.userId'=>$this->get('id')),'flag.date DESC',$count,$offset); if (!$this->FAVORITES->success()) { return null; } } return $this->FAVORITES; } function watched($count=20,$offset=0) { if (!$this->get('id')) { return null; } if (!$this->WATCHED) { $this->WATCHED = new Stack($this->POD,'content',array('flag.name'=>'watching','flag.userId'=>$this->get('id')),'d.commentDate DESC',$count,$offset); if (!$this->WATCHED->success()) { return null; } } return $this->WATCHED; } function asArray() { $data = parent::asArray(); // remove some fields unset($data['email']); unset($data['verificationKey']); unset($data['authSecret']); unset($data['password']); unset($data['passwordResetCode']); return $data; } /* Loader Functions */ function save($nomail = false) { $profilePath = $this->POD->libOptions('profilePath'); $this->success = false; $this->POD->tolog("user->save() " . $this->get('nick')); // clean up input $this->set('nick',stripslashes(strip_tags($this->get('nick')))); $this->set('email',stripslashes(strip_tags($this->get('email')))); if ($this->get('nick') == "") { $this->throwError("Missing required field nick."); $this->error_code=201; return null; } if ($this->get('email') == "") { $this->throwError("Missing required field email."); $this->error_code=202; return null; } // Do I need to create a user or update a user? if (!$this->saved()) { // CREATE NEW USER! $this->set('memberSince','now()'); // new users must specify a password, though we will not store it in the db if ($this->get('password') == "") { $this->throwError("Missing required field password."); $this->error_code=203; return null; } $error = $this->checkUsernames($this->get('nick'),$this->get('email'),''); if ($error == "nick_taken") { $this->throwError("Oops! The name you specified is already being used by someone else on the site. Please pick a new one."); $this->error_code = 204; return; } else if ($error == "email_taken") { $this->throwError("Ooops! The email address you specified is already registered on the site."); $this->error_code = 205; return; } // FIX THIS // Should use an oop method for handling invites. if ($this->get('invite_code') != '') { $this->POD->tolog('user->save() Looking for invite.'); $sql = "SELECT * FROM invites WHERE code='" . $this->get('invite_code') . "';"; $this->POD->tolog($sql,2); $res = mysql_query($sql,$this->POD->DATABASE); $num = mysql_num_rows($res); if ($num > 0) { $this->POD->tolog("user->save() INVITE FOUND"); $invite = mysql_fetch_assoc($res); $sql = "DELETE FROM invites WHERE id=" . $invite['id']; $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); } } $authSecret = md5($this->get('email') . $this->get('password')); $this->set('safe_nick',urlencode(preg_replace("/\s/","_",$this->get('nick')))); $this->set('permalink',"$profilePath/" . $this->get('safe_nick')); $this->set('authSecret',$authSecret); // now that we've generated the authSecret, we can clear the password $this->set('password',null); if ($invite) { $this->POD->tolog('user->save() Invite found, processing...'); $invitedBy = $invite['userId']; $this->set('invitedBy',$invitedBy); // members who are invited by other members do not need to confirm their emails $this->set('verificationKey',null); parent::save(); if (!$this->success()) { $this->POD->cacheclear($this); return null; } $this->POD->changeActor(array('id'=>$this->get('id'))); if (isset($invite['groupId'])) { $this->POD->tolog('user->save() Adding user to group'); $group = $this->POD->getGroup(array('id'=>$invite['groupId'])); $group->addMember($this,'member',true); } $inviter = $this->POD->getPerson(array('id'=>$invitedBy)); // add the person who invited me as a friend, and send an email $this->addFriend($inviter); // cause the friend who invited me to add me as a friend, but do not send email $inviter->addFriend($this,false); } else { // new members have to confirm their email address $this->set('verificationKey',md5($this->get('password').$this->get('email'))); parent::save(); if (!$this->success()) { $this->POD->cacheclear($this); return null; } } $this->success = true; if (!$nomail) { $this->POD->tolog("user->save() user created, sending welcome email"); $this->welcomeEmail(); } } else { // UPDATE USER $this->POD->tolog("user->save() Updating user " . $this->get('nick')); $error = $this->checkUsernames($this->get('nick'),$this->get('email'),$this->get('id')); if ($error == "nick_taken") { $this->throwError("Oops! The name you specified is already being used by someone else on the site. Please pick a new one."); $this->error_code = 208; $this->POD->cacheclear($this); return; } else if ($error == "email_taken") { $this->throwError("Oops! The email address you specified is already registered on the site. You might need to POD->DATABASEPath/login.php\">log in."); $this->error_code = 209; $this->POD->cacheclear($this); return; } if ($this->get('password')) { $this->set('authSecret',md5($this->get('email') . $this->get('password'))); $this->set('password',null); } parent::save(); if (!$this->success()) { $this->POD->cacheclear($this); return null; } } $this->stuffUser(); $this->success = true; $this->POD->cachestore($this); return $this; } // end function save() function delete() { $this->success = false; if ($this->get('id')=='') { $this->throwError("User not saved yet!"); $this->error_code = 222; return false; } // can only be deleted by self or adminUser if ($this->POD->isAuthenticated() && (($this->POD->currentUser()->get('id') == $this->get('id')) || ($this->POD->currentUser()->get('adminUser')))) { if ($this->get('id')) { $this->POD->cacheclear($this); $id = $this->get('id'); // get all the documents, delete them // this should delete any watch, favorite, votes, etc. $docs = $this->POD->getContents(array('userId'=>$id),null,1000000); while ($doc = $docs->getNext()) { $doc->delete(); if (!$doc->success()) { $this->throwError($doc->error()); $this->error_code = $doc->errorCode(); return false; } } $this->files()->reset(); while ($file = $this->files()->getNext()) { $file->delete(); } // get rid of any remaining comments by this user in other threads mysql_query("DELETE FROM comments WHERE userId=$id"); // group memberships mysql_query("DELETE FROM groupMember WHERE userId=$id"); // meta mysql_query("DELETE FROM meta WHERE type='user' and itemId=$id"); // outgoing flags mysql_query("DELETE FROM flags WHERE userId=$id"); // incoming flags mysql_query("DELETE FROM flags WHERE type='user' and itemId=$id"); // delete the messages mysql_query("DELETE FROM messages WHERE fromId=$id OR toId=$id"); // delete the user totally mysql_query("DELETE FROM users WHERE id=$id"); $this->DATA = array(); $this->success = true; } } else { $this->throwError("Access denied"); $this->error_code = 401; } return $this->success; } function permalink($field = 'nick',$return = false) { $string = "get('permalink') . "\" class=\"person_permalink\" title=\"" . htmlentities($this->get('nick')) . "\">" . $this->get($field) . ""; if ($return) { return $string; } else { echo $string; } } function stuffUser() { $profilePath = $this->POD->siteRoot(false) .$this->POD->libOptions('profilePath'); if ($this->get('id')) { $this->set('safe_nick',urlencode(preg_replace("/\s/","_",$this->get('nick')))); $this->set('permalink',"$profilePath/" . $this->get('safe_nick')); } } function getContents($PARAMETERS = null,$sort="date DESC",$count=20,$offset=0) { $PARAMETERS['userId'] = $this->get('id'); return $this->POD->getContents($PARAMETERS,$sort,$count,$offset); } function getUserByNick($nick) { $no_u_nick = preg_replace("/\_/"," ",$nick); $d = $this->POD->checkcache('Person','nick',$nick); if ($d) { $this->success = true; $this->DATA = $d; } else { $this->load('nick',$nick); if (!$this->success()) { $this->load('nick',$no_u_nick); } $this->stuffUser(); $this->loadMeta(); $this->POD->cachestore($this); } return $this; } function getUserByEmail($email) { $this->load('email',$email); $this->stuffUser(); $this->loadMeta(); $this->POD->cachestore($this); return $this; } function getUserById($uid) { $this->success = false; $d = $this->POD->checkcache('Person','id',$uid); if ($d) { $this->success = true; $this->POD->tolog("user->getUserById(): USING CACHE"); $this->DATA = $d; } else { $this->POD->tolog("user->getUserById(); NOT USING CACHE"); $this->load('id',$uid); if ($this->success()) { $this->stuffUser(); $this->loadMeta(); $this->POD->cachestore($this); $this->success = true; } } return $this; } function getUserByAuthSecret($authSecret) { $this->success = false; $d = $this->POD->checkcache('Person','auth',$authSecret); if ($d) { $this->success = true; $this->POD->tolog("user->getUserByAuthSecret(): USING CACHE"); $this->DATA = $d; $sql = "UPDATE users SET lastVisit=NOW() WHERE id=" . $this->get('id'); $this->set('lastVisit',time()); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); } else { $this->load('authSecret',$authSecret); $this->POD->tolog("user->getUserByAuthSecret(): NOT USING CACHE"); if ($this->success()) { $sql = "UPDATE users SET lastVisit=NOW() WHERE id=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $this->set('lastVisit',time()); $this->stuffUser(); $this->loadMeta(); $this->POD->cachestore($this); } } return $this; } function getUserByPasswordResetCode($resetCode) { $this->load('passwordResetCode',$resetCode); $this->stuffUser(); $this->loadMeta(); $this->POD->cachestore($this); return $this; } /* Output Functions */ function render($template = 'output',$backup_path=null) { return parent::renderObj($template,array('user'=>$this),'people',$backup_path); } function output($template = 'output',$backup_path=null) { parent::output($template,array('user'=>$this),'people',$backup_path); } /* Awesome functions */ /* * Recommend Friends based on Friend-of-Friend network * */ function recommendFriends($minimumoverlap = 2,$max=20) { $this->friends(500)->reset(); $fof = array(); while ($u = $this->friends()->getNext()) { while ($x = $u->friends()->getNext()) { if (isset($fof[$x->get('id')])){ $fof[$x->get('id')]['count']++; } else{ $fof[$x->get('id')]['user'] = $x; $fof[$x->get('id')]['count'] = 1; } } } $results = new Stack($this->POD,'user'); foreach ($fof as $rec) { if ($results->count() <= $max) { $p = $rec['user']; if ($rec['count'] >= $minimumoverlap && !$this->isFriendsWith($p) && $p->success() && $this->get('id') != $p->get('id')){ $results->add($p); } } } $this->friends()->reset(); return $results; } function friendList() { return $this->friends()->extract('id'); } function getVote($doc) { $val = $doc->hasFlag('vote',$this); $this->success = $doc->success(); if (!$this->success()) { $this->throwError($doc->error()); $this->error_code = $doc->errorCode(); } return $val; } function publishActivity($type,$message,$bundle_message=null,$target = null,$target_alert=null,$gid=null) { $act = $this->POD->getActivity(); $act->publish($this->id,$type,$message,$bundle_message,$target,$target_alert,$gid); } /************************************************************************************* * Comment Watching *************************************************************************************/ function isWatched($doc) { $this->success = false; $val = $doc->hasFlag('watching',$this); $this->success = $doc->success(); if (!$this->success()) { $this->throwError('isWatched ' . $doc->error()); $this->error_code = $doc->errorCode(); } return $val; } function removeWatch($doc) { $val = $doc->removeFlag('watching',$this); $this->success = $doc->success(); if (!$this->success()) { $this->throwError('removeWatch ' . $doc->error()); $this->error_code = $doc->errorCode(); } else { if ($this->watched()->full()) { $this->watched()->fill(); } } return $doc; } function addWatch($doc,$start_from_beginning = false) { if ($doc->comments()->count() > 0) { $doc->comments()->reset(); while ($c = $doc->comments()->getNext()) { $lastcomment = $c->get('id'); } $doc->comments()->reset(); } else { $lastcomment = 1; } if ($start_from_beginning) { $lastcomment = 1; } // we need to purge any pre-existing flag. $doc->removeFlag('watching',$this); $val = $doc->addFlag('watching',$this,$lastcomment); $this->success = $doc->success(); if (!$this->success()) { $this->throwError('addWatch ' . $doc->error()); $this->error_code = $doc->errorCode(); } else { if ($this->watched()->full()) { $this->watched()->fill(); } } return $doc; } function toggleWatch($doc) { if ($this->isWatched($doc)) { $this->removeWatch($doc); return 0; } else { $this->addWatch($doc); return 1; } } /************************************************************************************* * FAVORITES *************************************************************************************/ function isFavorite($doc) { $val = $doc->hasFlag('favorite',$this); $this->success = $doc->success(); if (!$this->success()) { $this->throwError('isFavorite ' . $doc->error()); $this->error_code = $doc->errorCode(); } return $val; } function removeFavorite($doc) { $val = $doc->removeFlag('favorite',$this); $this->success = $doc->success(); if (!$this->success()) { $this->throwError('removeFavorite ' . $doc->error()); $this->error_code = $doc->errorCode(); } else { if ($this->favorites()->full()) { $this->favorites()->fill(); } } return $doc; } function addFavorite($doc) { $val = $doc->addFlag('favorite',$this); $this->success = $doc->success(); if (!$this->success()) { $this->throwError('addFavorite ' . $doc->error()); $this->error_code = $doc->errorCode(); } else { if ($this->favorites()->full()) { $this->favorites()->fill(); } } return $doc; } function toggleFavorite($doc) { $val = $doc->toggleFlag('favorite',$this); $this->success = $doc->success(); if (!$this->success()) { $this->throwError('toggleFavorite ' . $doc->error()); $this->error_code = $doc->errorCode(); } else { if ($this->favorites()->full()) { $this->favorites()->fill(); } } return $val; } /************************************************************************************* * FRIENDS *************************************************************************************/ function isFriendsWith($person) { $val = $person->hasFlag('friends',$this); $this->success = $person->success(); if (!$this->success()) { $this->throwError('isFriendsWith ' . $person->error()); $this->error_code = $person->errorCode(); } return $val; } function removeFriend($person) { $val = $person->removeFlag('friends',$this); $this->success = $person->success(); if (!$this->success()) { $this->throwError('removeFriend ' .$person->error()); $this->error_code = $person->errorCode(); } else { if ($this->favorites()->full()) { $this->favorites()->fill(); } } return $person; } function addFriend($person,$sendEmail=true) { $this->POD->tolog("user->addFriend(): Adding friend relationship between " . $this->get('nick') . " and " . $person->get('nick')); $wasAlreadyFriends = $this->isFriendsWith($person); $val = $person->addFlag('friends',$this); $this->success = $person->success(); if (!$this->success()) { $this->throwError('addFriend ' . $person->error()); $this->error_code = $person->errorCode(); } else { if ($sendEmail && !$wasAlreadyFriends) { if ($this->POD->libOptions('friendEmail')) { $this->sendEmail("addFriend",array('to'=>$person->get('email'))); } } if ($this->friends()->full()) { $this->friends()->fill(); } } return $person; } /************************************************************************************* * HELPERS *************************************************************************************/ function sendEmail($email_name,$vars = null) { $this->success = null; // set up some variables // we know that we'll have a user, because the email is going to them. $sender = $this; $to = $this->get('email'); $document = null; $group = null; $message = null; $code = null; $subject = "Email from " . $this->POD->libOptions('siteName'); // we might also have a document, like when someone shares a post with someone else if (isset($vars['document'])) { $document = $vars['document']; } // we might also have a group, like when someone invites someone to a group if (isset($vars['group'])) { $group = $vars['group']; } // and we might have a custom message, like when someone sends a personal note. if (isset($vars['message'])) { $message = $vars['message']; } // by default, we assume this is an email going to this user. but maybe we're sending a note or inviting someone. if (isset($vars['to'])) { $to = $vars['to']; } // finally, we may have an invite code or some other kind of secret code. if (isset($vars['code'])) { $code = $vars['code']; } // using output buffering, we can just include the output of the appropriate email template and capture it in a string // the email templates should also reset $subject ob_start(); include($this->POD->libOptions('templateDir') . "/emails/" . $email_name . ".php"); $body = ob_get_contents(); ob_end_clean(); $headers = "From: " . $this->POD->libOptions('fromAddress') . "\r\n" . "X-Mailer: PeoplePods - XOXCO.com"; $this->POD->tolog("Sending email: $subject to $to"); if (mail($to, $subject, $body, $headers)) { $this->success = true; } else { $this->POD->tolog("Failed to send email $email_name to " . $to); } return $this->success; } function sendInvite($email,$message,$groupId = null) { // send an invite to someone. optionally include a group to be invited to. $touser = $this->POD->getPerson(array('email'=>$email)); if ($touser->success()) { // this person is already a member. // add friend and/or invite to group if (isset($groupId)) { $group = $this->POD->getGroup(array('id'=>$groupId)); // add group invitee membership $this->POD->tolog('user->sendInvite(): inviting existing user to group'); $group->addMember($touser,'invitee',true); $this->sendEmail('invite',array('group'=>$group,'message'=>$message,'to'=>$touser->get('email'))); } else { $this->POD->tolog('user->sendInvite(): adding friend on site'); $this->addFriend($touser); } } else { if (isset($groupId)) { $this->POD->tolog('user->sendInvite(): inviting new user to group'); $group = $this->POD->getGroup(array('id'=>$groupId)); // generate invite key $vkey = md5($email . time() . $this->get('nick')); $sql = "INSERT INTO invites (userId,groupId,date,code) VALUES (" . $this->get('id') . "," . $group->get('id') . ",NOW(),'" . $vkey . "');"; $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $this->sendEmail('invite',array('group'=>$group,'message'=>$message,'to'=>$email,'code'=>$vkey)); } else { $this->POD->tolog('user->sendInvite(): inviting new user to join'); // generate invite key $vkey = md5($email . time() . $this->get('nick')); $sql = "INSERT INTO invites (userId,date,code) VALUES (" . $this->get('id') . ",NOW(),'" . $vkey . "');"; $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); $this->sendEmail('invite',array('message'=>$message,'to'=>$email,'code'=>$vkey)); } } } function isVerified() { return ($this->get('verificationKey')==''); } function verify($code) { $this->success = null; $this->POD->tolog("user->verify(): Does $code = " . $this->get('verificationKey')); if ($code == $this->get('verificationKey')) { $this->POD->tolog("user->verify(): VERIFIED"); $this->set('verificationKey',null); $this->save(); } else { $this->error_code = 221; $this->throwError("Could not verify: verification code incorrect"); } } function sendMessage($message) { $this->success = null; $msg = new Message(array('POD'=>$this->POD,'toId'=>$this->get('id'),'message'=>$message)); $msg->save(); if ($msg->success()) { $this->success = true; return $msg; } else { $this->throwError($msg->error()); $this->error_code = $msg->errorCode(); return null; } } function sendPasswordReset() { // send a password reset message to this user via email return $this->sendEmail('passwordReset'); } function welcomeEmail() { // send a welcome/verify your email message to this user via email return $this->sendEmail('welcome'); } function checkUsernames($nick,$email,$id) { $nick = mysql_real_escape_string(stripslashes($nick)); $email = mysql_real_escape_string(stripslashes($email)); $idsql = ''; if ($id != '') { $idsql = "AND users.id!=$id "; } $sql = "SELECT nick='$nick' as nicktaken,email='$email' as emailtaken FROM users WHERE (nick='$nick' OR email='$email') $idsql;"; $this->POD->tolog($sql,2); $res = mysql_query($sql,$this->POD->DATABASE); $num = mysql_num_fields($res); if ($num > 0) { $error = mysql_fetch_assoc($res); mysql_free_result($res); if ($error['nicktaken']==1) { return 'nick_taken'; } if ($error['emailtaken']==1) { return 'email_taken'; } } else { return; } } } // end Person class // -------------------------------------------------------------------------------------------------------- // // -------------------------------------------------------------------------------------------------------- // // -------------------------------------------------------------------------------------------------------- // // -------------------------------------------------------------------------------------------------------- // // -------------------------------------------------------------------------------------------------------- // // -------------------------------------------------------------------------------------------------------- // ?> success = null; parent::Obj($POD,'group'); $groupPath = $this->POD->siteRoot(false) . "/" . $this->POD->libOptions('groupPath'); if (isset($PARAMETERS['id']) && (sizeof($PARAMETERS) == 1)) { $this->loadById($PARAMETERS['id']); if (!$this->success()) { return; } } else if (isset($PARAMETERS['stub']) && (sizeof($PARAMETERS)==1)) { $this->loadByStub($PARAMETERS['stub']); if (!$this->success()) { return; } } else { $fill = true; if (isset($PARAMETERS['id'])) { $d = $this->POD->checkcache('Group','id',$PARAMETERS['id']); if ($d) { $fill = false; $this->DATA = $d; } } if ($PARAMETERS) { // fill in the deets with the parameters passed in_array foreach ($PARAMETERS as $key=>$value) { $this->set($key,$value); } } if ($fill && $this->get('id')) { $this->loadMeta(); } } $this->set('permalink',"$groupPath/" . $this->get('stub')); $this->success = true; } /************************************************************************************* * Accessors *************************************************************************************/ function members() { if (!$this->get('id')) { return null; } if (!$this->MEMBERS) { $this->MEMBERS = $this->POD->getPeople(array('mem.type:!='=>'invitee','mem.groupId'=>$this->get('id')),'mem.date DESC',100,0); if (!$this->MEMBERS->success()) { return null; } } return $this->MEMBERS; } function content() { if (!$this->get('id')) { return null; } if (!$this->DOCUMENTS) { $this->DOCUMENTS = new Stack($this->POD,'content',array('d.groupId'=>$this->get('id'))); if (!$this->DOCUMENTS->success()) { return null; } } return $this->DOCUMENTS; } /************************************************************************************* * CRUD *************************************************************************************/ function loadById($id) { $d = $this->POD->checkcache('Group','id',$id); $groupPath = $this->POD->siteRoot(false) . "/" . $this->POD->libOptions('groupPath'); if ($d) { $this->DATA = $d; $this->set('permalink',"$groupPath/" . $this->get('stub')); } else { $this->POD->tolog("I AM LOADING FROM THE DB A GROUP!"); $this->load('id',$id); if ($this->success()) { $this->loadMeta(); $this->set('permalink',"$groupPath/" . $this->get('stub')); } } } function loadByStub($stub) { $groupPath = $this->POD->siteRoot(false) . "/" . $this->POD->libOptions('groupPath'); $this->load('stub',$stub); if ($this->success()) { $this->loadMeta(); $this->set('permalink',"$groupPath/" . $this->get('stub')); } } function save() { $this->success = null; if (!$this->POD->isAuthenticated()) { $this->success = false; $this->throwError("No current user! Can't save group!"); $this->error_code = 500; return null; } if ($this->get('id')) { // if we are updating this group, make sure this user has permission to do so! $membership = $this->isMember($this->POD->currentUser()); if ($membership != 'owner' && $membership!='manager' && !$this->POD->currentUser()->get('adminUser')) { $this->success = false; $this->throwError("Access denied! Only group owner or manager can create group!"); $this->error_code = 401; return null; } } else { $this->set('userId',$this->POD->currentUser()->get('id')); } if ($this->get('groupname') && $this->get('description') && $this->get('userId')) { $this->set('groupname',stripslashes(strip_tags($this->get('groupname')))); $this->set('description',stripslashes(strip_tags($this->get('description')))); if (!$this->get('stub')) { $stub = $this->get('groupname'); $stub = preg_replace("/\s+/","-",$stub); $stub = preg_replace("/[^a-zA-Z0-9\-]/","",$stub); $stub = strtolower($stub); $this->set('stub',$stub); } $stub = $this->get('stub'); $newstub = $stub; // check and see if any documents already use this stub. $stubcheck = $this->POD->getGroup(array('stub'=>$stub)); $counter = 2; while ($stubcheck->success() && $stubcheck->get('id')!=$this->get('id')) { $newstub = $stub . "_" . $counter++; $stubcheck = $this->POD->getGroup(array('stub'=>$newstub)); } $stub = $newstub; $this->set('stub',$stub); if (!$this->saved()) { $this->set('date','now()'); $this->set('changeDate','now()'); } else { $this->set('changeDate','now()'); } parent::save(); $this->DOCUMENTS = new Stack($this->POD,'content',array('d.groupId'=>$this->get('id'))); $this->MEMBERS = new Stack($this->POD,'user',array('mem.groupId'=>$this->get('id')),'mem.date DESC',20,0); $this->addMember($this->POD->getPerson(array('id'=>$this->get('userId'))),'owner'); $this->success = true; return $this; } else { $this->success = null; $this->throwError("Missing required field"); $this->error_code = 500; return null; } } function delete($delete_documents = false) { $this->success = false; // only allow delete by the owner of this group! if ($this->POD->isAuthenticated() && (($this->isMember($this->POD->currentUser())=="owner") || $this->POD->currentUser()->get('adminUser'))) { if ($delete_documents) { $this->content()->reset(); while ($doc = $this->content()->getNext()) { $doc->delete(); } } else { $this->content()->reset(); while ($doc = $this->content()->getNext()) { $doc->set('groupId',null); } if ($this->get('type')=="private") { $sql = "UPDATE content SET privacy='owner_only' WHERE privacy='group_only' and groupId=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); } $sql = "UPDATE content SET groupId=null WHERE groupId=" . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql,$this->POD->DATABASE); } mysql_query("DELETE FROM groupMember WHERE groupId=" . $this->get('id'),$this->POD->DATABASE); mysql_query("DELETE FROM invites WHERE groupId=" . $this->get('id'),$this->POD->DATABASE); mysql_query("DELETE FROM meta WHERE type='group' and itemId=". $this->get('id'),$this->POD->DATABASE); mysql_query("DELETE FROM groups WHERE id=". $this->get('id'),$this->POD->DATABASE); $this->DATA = null; $this->success = true; return $this->success; } else { $this->success = false; $this->throwError("Access denied"); $this->error_code = 401; return $this->success; } } function permalink($field='groupname',$return=false) { $string = "get('permalink') . "\" title=\"" . htmlentities($this->get('groupname')) . "\">" . $this->get($field) . ""; if ($return) { return $string; } else { echo $string; } } /************************************************************************************* * MEMBERS *************************************************************************************/ function removeMember($person) { $this->success = null; $this->POD->tolog("group->removeMember()"); if (!$this->POD->isAuthenticated()) { $this->success = false; $this->throwError("No current user! Can't save group!"); $this->error_code = 500; return null; } if (!$person->get('id')) { $this->throwError("Person not saved yet!"); $this->error_code = 500; return null; } if (!$this->get('id')) { $this->throwError("Group not saved yet!"); $this->error_code = 500; return null; } $membership = $this->isMember($person); $my_membership = $this->isMember($this->POD->currentUser()); if (($person->get('id') != $this->POD->currentUser()->get('id')) && ($my_membership != 'owner') && ($my_membership!='manager') && !$this->POD->currentUser()->get('adminUser')) { $this->success = false; $this->throwError("Access denied! Only group owner or manager can remove someone from a group!"); $this->error_code = 401; return null; } if ($membership == "owner") { $this->throwError("Group owner cannot quit!"); $this->error_code = 401; $this->success = null; return null; } else { $sql = "DELETE FROM groupMember WHERE userId=" . $person->get('id') . " AND groupId=" . $this->get('id'); $this->POD->tolog($sql,2); $res = mysql_query($sql); $this->success = true; $this->members()->fill(); if (!$this->members()->success()) { $this->throwError($this->members()->error()); return null; } $fact = $person->get('id') . "-ismemberof-" . $this->get('id'); $this->POD->cachefact($fact,false); return true; } } function changeMemberType($person,$type) { $this->success = false; $this->POD->tolog("group->changeMemberType() $type"); if (!$this->POD->isAuthenticated()) { $this->success = false; $this->throwError("No current user! Can't save group!"); $this->error_code = 500; return null; } $membership = $this->isMember($person); $my_membership = $this->isMember($this->POD->currentUser()); if (!$membership) { $this->success = false; $this->throwError("Person is not member of this group."); $this->error_code = 500; return null; } if (($person->get('id') != $this->POD->currentUser()->get('id')) && ($my_membership != 'owner') && ($my_membership!='manager') && !$this->POD->currentUser()->get('adminUser')) { $this->success = false; $this->throwError("Access denied! Only group owner or manager can change someone's member type."); $this->error_code = 401; return null; } if ($membership == "owner") { $this->throwError("Group owner can't be demoted!"); $this->error_code = 401; $this->success = false; return null; } if (($type == "manager" || $type=="owner") && !($my_membership=="manager" || $my_membership=="owner")) { $this->throwError("Only a group owner or manager can promote members to manager or owner"); $this->error_code = 401; $this->success = false; return null; } $fact = $person->get('id') . "-ismemberof-" . $this->get('id'); $this->POD->cachefact($fact,$type); $type = mysql_real_escape_string($type); $sql = "UPDATE groupMember SET type='$type',date=NOW() WHERE userId=" . $person->get('id') . " AND groupId=" . $this->get('id'); $this->POD->tolog($sql,2); $res = mysql_query($sql,$this->POD->DATABASE); $num = mysql_affected_rows($this->POD->DATABASE); if ($num < 1 || !$res) { $this->success = false; $this->throwError("SQL Error: GroupMember Update failed!"); $this->error_code = 500; return null; } $this->success = true; return $type; } function addMember($person,$type='member',$invited = null) { $this->success = null; $this->POD->tolog("group->addMember()"); if (!$this->POD->isAuthenticated()) { $this->success = false; $this->throwError("No current user! Can't add a member to a group!"); $this->error_code = 500; return null; } if (!$person->get('id')) { $this->throwError("Person not saved yet!"); $this->error_code = 500; return null; } if (!$this->get('id')) { $this->throwError("Group not saved yet!"); $this->error_code = 500; return null; } // FIX THIS /* // if this is a private group, make sure there is an invite already $sql = "SELECT type FROM groupMember WHERE userId=" . $person->get('id') . " and groupId=" . $this->get('id'); $res = mysql_query($sql,$this->POD->DATABASE); $invites = mysql_num_rows($res); if ($invites > 0) { $membership = mysql_fetch_assoc($res); } if (!$invited && $this->get('type') == "private" && $membership != 'invitee') { // this is a private group and you don't have an invite. return null; } */ if (!$this->isMember($person)) { $this->POD->tolog("group->addMember() adding member"); $sql = "INSERT INTO groupMember (groupId,userId,type,date) values (" . $this->get('id') . "," . $person->get('id') . ",'" . $type . "',NOW());"; $this->POD->tolog($sql,2); $result = mysql_query($sql); $num = mysql_affected_rows($this->POD->DATABASE); if ($num < 1 || !$result) { $this->success = false; $this->throwError("SQL Error: GroupMember Insert failed!"); $this->error_code = 500; return null; } $this->members()->add($person); if (!$this->members()->success()) { $this->throwError($this->members()->error()); return null; } $fact = $person->get('id') . "-ismemberof-" . $this->get('id'); $this->POD->cachefact($fact,$type); } else { $this->POD->tolog("group->addMember() already a member!"); } $this->success = true; return $type; } function isMember($person) { $this->success = false; $this->error = null; if (!$person || !$person->get('id')) { // this doesn't necessarily mean an error has happened // maybe the user isn't authenticated... //$this->throwError("Person not saved yet!"); //$this->error_code = 500; return null; } if (!$this->get('id')) { $this->throwError("Group not saved yet!"); $this->error_code = 500; return null; } $fact = $person->get('id') . "-ismemberof-" . $this->get('id'); if ($val = $this->POD->factcache($fact)) { $this->success = true; return $val; } $sql = "SELECT type FROM groupMember WHERE userId=" . $person->get('id') . " and groupId= " . $this->get('id'); $this->POD->tolog($sql,2); $res = mysql_query($sql,$this->POD->DATABASE); $num = mysql_num_rows($res); $this->success = true; if ($num > 0) { $g = mysql_fetch_assoc($res); $this->POD->cachefact($fact,$g['type']); return $g['type']; } else { $this->POD->cachefact($fact,false); return null; } } /************************************************************************************* * Content *************************************************************************************/ function addContent($doc) { $this->success = null; if (!$doc->get('id')) { $this->throwError("Content not saved yet!"); $this->error_code = 500; return null; } if (!$doc->isEditable()) { $this->throwError("Access Denied! Not authenticated"); $this->error_code = 401; return null; } if (!$this->get('id')) { $this->throwError("Group not saved yet!"); $this->error_code = 500; return null; } if (!$this->POD->isAuthenticated()) { $this->throwError("Access Denied! Not authenticated"); $this->error_code = 401; return null; } $membership = $this->isMember($this->POD->currentUser()); $this->success = false; if (!$membership && !$this->POD->currentUser()->get('adminUser')) { $this->throwError("Access Denied! Not a member"); $this->error_code = 401; return null; } if ($doc->get('groupId') && $doc->get('groupId') != $this->get('id')) { $this->throwError("Content already belongs to a group!"); $this->error_code=401; return null; } if ($doc->get('groupId') == $this->get('id')) { // already in the group $this->success = true; return true; } // set the group. don't change privacy here. (so if a public content is added to a private group, it remains public.) $doc->setGroup($this->get('id')); if (!$doc->success()) { $this->throwError($doc->error()); $this->error_code = $doc->errorCode(); return null; } $this->success = true; $this->content()->add($doc); return $doc; } function removeContent($doc) { $this->success = false; if (!$doc->get('id')) { $this->throwError("Content not saved yet!"); $this->error_code = 500; return null; } if (!$this->get('id')) { $this->throwError("Group not saved yet!"); $this->error_code = 500; return null; } if ($doc->get('groupId') && $doc->get('groupId') != $this->get('id')) { $this->throwError("Content doesn't belong to this group!"); $this->error_code=401; return null; } if (!$doc->get('groupId')) { $this->success = true; return true; } if ($doc->get('groupId') == $this->get('id')) { if ($doc->get('privacy') == "group_only") { $doc->set('privacy','owner_only'); } $doc->setGroup(null); if (!$doc->success()) { $this->throwError($doc->error()); $this->error_code = $doc->errorCode(); return null; } $this->success = true; $this->content()->fill(); return $doc; } } /* Functions that output things */ function render($template = 'output',$backup_path=null) { return parent::renderObj($template,array('group'=>$this),'groups',$backup_path); } function output($template = 'output',$backup_path=null) { parent::output($template,array('group'=>$this),'groups',$backup_path); } } ?>POD = $POD; if (!$this->POD) { return false; } if (!$this->POD->isAuthenticated()) { return false; } // get unread count. $sql = "SELECT count(1) as count FROM messages WHERE userId=" . $this->POD->currentUser()->get('id') . " and status='new';"; $this->POD->tolog($sql,2); $res = mysql_query($sql,$this->POD->DATABASE); if ($ur = mysql_fetch_assoc($res)) { $this->UNREAD_COUNT = $ur['count']; } mysql_free_result($res); $conditions = array(); $conditions['userId'] = $this->POD->currentUser()->get('id'); $sort = 'GROUP by friendId ORDER BY max(date) DESC'; $tables = 'FROM messages m'; $select = 'SELECT m.friendId as id, m.userId as ownerId,m.friendId,max(m.date) as latestMessage,(TIME_TO_SEC(TIMEDIFF(NOW(),max(date))) / 60) as minutes'; parent::Stack($POD,'threads',$conditions,$sort,$count,$offset,$tables,$select); return $this; } function unreadCount() { return $this->UNREAD_COUNT; } function newThread($friendId) { return new Thread($this->POD,array('id'=>$friendId,'ownerId'=>$this->POD->currentUser()->get('id'),'friendId'=>$friendId)); } } Class Thread extends Obj { public $MESSAGES; public $RECIPIENT; protected $UNREAD_COUNT = 0; function Thread($POD,$threadInfo=null) { parent::Obj($POD,'thread'); if (!$this->success()) { return $this; } if (isset($threadInfo)) { foreach ($threadInfo as $key => $value) { $this->set($key,$value); } $this->RECIPIENT = $this->POD->getPerson(array('id'=>$this->get('friendId'))); // get unread count. $sql = "SELECT count(1) as count FROM messages WHERE userId=" . $this->get('ownerId') ." AND friendId=" . $this->get('friendId') . " and status='new';"; $this->POD->tolog($sql,2); $res = mysql_query($sql,$this->POD->DATABASE); if ($ur = mysql_fetch_assoc($res)) { $this->UNREAD_COUNT = $ur['count']; } mysql_free_result($res); $this->set('permalink',$this->POD->siteRoot(false) . $this->POD->libOptions('messagePath') . "/" . $this->RECIPIENT->get('safe_nick')); $this->MESSAGES = new Stack($this->POD,'messages',array('userId'=>$this->get('ownerId'),'friendId'=>$this->get('friendId')),null,1000); } $this->success = true; return $this; } function messages() { return $this->MESSAGES; } function recipient() { return $this->RECIPIENT; } function unreadCount() { return $this->UNREAD_COUNT; } function markAsRead() { $this->MESSAGES->reset(); while ($message = $this->MESSAGES->getNext()) { $message->set('status','read'); $message->save(); } $this->UNREAD_COUNT = 0; } function render($template = 'thread',$backup_path=null) { return parent::renderObj($template,array('thread'=>$this),'messages',$backup_path); } function output($template = 'thread',$backup_path=null) { parent::output($template,array('thread'=>$this),'messages',$backup_path); } function reply($message) { $this->success = null; $msg = new Message($this->POD,array('toId'=>$this->RECIPIENT->get('id'),'message'=>$message)); $msg->save(); if ($msg->success()) { $this->MESSAGES->exists(); $this->MESSAGES->add($msg); $this->success = true; return $msg; } else { $this->throwError($msg->error()); $this->error_code = $msg->errorCode(); return null; } } function clear() { $this->success = null; while ($message = $this->MESSAGES->getNext()) { $message->delete(); if (!$message->success()) { $this->throwError($message->error()); $this->error_code = $message->errorCode(); return null; } } $this->MESSAGES->fill(); $this->success = true; } } Class Message extends Obj { public $FROM; public $TO; function Message($POD,$PARAMETERS=null) { parent::Obj($POD,'message'); if (!$this->success()) { return $this; } $this->POD->tolog("New Message"); // var_dump($this->POD); if (isset($PARAMETERS['id']) && (sizeof($PARAMETERS)==2)) { // load by ID $this->load('id',$PARAMETERS['id']); } else if ($PARAMETERS) { foreach ($PARAMETERS as $key=>$value) { if ($key != 'POD') { $this->set($key,$value); } } } if ($this->get('id')) { $this->FROM = $this->POD->getPerson(array('id'=>$this->get('fromId'))); $this->TO = $this->POD->getPerson(array('id'=>$this->get('toId'))); } $this->success = true; return $this; } function from() { return $this->FROM; } function to() { return $this->TO; } function render($template = 'message',$backup_path=null) { return parent::render($template,array('message'=>$this),'messages',$backup_path); } function output($template = 'message',$backup_path=null) { parent::output($template,array('message'=>$this),'messages',$backup_path); } function save() { $this->success = false; if (!$this->POD->isAuthenticated()) { $this->throwError("Access Denied"); $this->error_code = 401; return null; } if ($this->get('message') == "" || $this->get('toId') == "") { $this->throwError("Fields missing!"); $this->error_code = 500; return null; } $this->set('message',strip_tags($this->get('message'))); if (!$this->saved()) { $this->set('fromId',$this->POD->currentUser()->get('id')); // for messages, we need to insert two near duplicate rows, // one for the sender and one for the recipient // we can do this by just swapping the values. // first create the recipient $this->set('userId',$this->get('toId')); $this->set('friendId',$this->get('fromId')); $this->set('status','new'); $this->set('date','now()'); parent::save(); // now create the sender version $this->set('userId',$this->get('fromId')); $this->set('friendId',$this->get('toId')); $this->set('id',null); parent::save(); $this->FROM = $this->POD->getPerson(array('id'=>$this->get('fromId'))); $this->TO = $this->POD->getPerson(array('id'=>$this->get('toId'))); if ($this->POD->libOptions('contactEmail')) { $this->FROM->sendEmail("contact",array('to'=>$this->TO->get('email'),'message'=>$this->get('message'))); } } else { parent::save(); } return $this; } function delete() { $this->success = false; if ($this->get('id')) { if (!$this->POD->isAuthenticated()) { $this->throwError("Access denied"); $this->error_code = 501; return null; } if (!$this->get('userId') == $this->POD->currentUser()->get('id')) { $this->throwError("Access denied"); $this->error_code = 501; return null; } $sql = "DELETE FROM messages WHERE id=" . $this->get('id'); $this->POD->tolog($sql,2); $res = mysql_query($sql); $this->success = true; $this->DATA = array(); return $this; } else { // hasn't been saved yet $this->throwError("No such message"); $this->error_code = 404; return null; } } } ?>success()) { return null; } if ($PARAMETERS['id'] && (sizeof($PARAMETERS)==1)) { $this->load('id',$PARAMETERS['id']); } else if ($PARAMETERS) { foreach ($PARAMETERS as $key=>$value) { if ($key != 'POD') { $this->set($key,$value); } } } if ($this->get('id')) { // if this is an existing file, set up some path stuff if (preg_match("/^image/",$this->get('mime_type'))) { $this->isImage = true; } $this->generatePermalink(); } $this->loadMeta(); $this->success = true; return $this; } function save($local_ok = false) { $this->success = false; if (!$this->POD->isAuthenticated()) { $this->error_code = 401; $this->error = "Permission Denied"; return null; } if (!$this->get('file_name')) { $this->error = "Could not save file. Required field file_name missing."; $this->error_code = 500; return; } if (!$this->get('original_name')) { $this->error = "Could not save new file. Required field original_name missing."; $this->error_code = 500; return; } $this->set('original_name',basename($this->get('original_name'))); // if (!$this->get('extension')) { $this->set('extension',strtolower(array_pop(explode('.',$this->get('original_name'))))); // } if ($this->get('extension')=="jpeg") { $this->set('extension','jpg'); } $this->set('mime_type',$this->mime_content_type($this->get('original_name'))); if (!$this->get('mime_type')) { $this->error = "Could not save file. Required field mime_type missing."; $this->error_code = 500; return; } if (!$this->get('id')) { if (!$this->get('tmp_name')) { $this->error = "Could not save new file. Required field tmp_name missing."; $this->error_code = 500; return; } } if (!$this->get('userId')) { $this->set('userId',$this->POD->currentUser()->get('id')); } if (!$this->saved()) { $this->set('date','now()'); $this->set('changeDate','now()'); } else { $this->set('changeDate','now()'); } parent::save(); if ($this->get('tmp_name')) { // do file operations $this->isImage = false; // is this an image or some other sort of file? if (preg_match("/^image/",$this->get('mime_type'))) { $fileDir = $this->POD->libOptions('imgDir'); $this->isImage = true; $this->POD->tolog("file->save() isImage!"); } else { $fileDir = $this->POD->libOptions('docDir'); } $new_name = "$fileDir/" . $this->get('id') . ".original." . $this->get('extension'); $this->POD->tolog("file->save() New file name: $new_name"); // clean up old versions $this->cleanup(); // is it an uploaded file? if (is_uploaded_file($this->get('tmp_name'))) { // move uploaded file if (!move_uploaded_file($this->get('tmp_name'),$new_name)) { $this->delete(); $this->success = false; $this->error = "file->save() Could not move uploaded file to $new_name"; $this->error_code = 500; return null; } } else if ($local_ok) { // is it a local file? // move normal file if (!copy($this->get('tmp_name'),$new_name)) { $this->delete(); $this->success = false; $this->error = "file->save() Could not move local file to $new_name!"; $this->error_code = 500; return null; } } else { $this->delete(); $this->success = false; $this->error = "file->save() Could not handle local file (local_ok = false)!"; $this->error_code = 500; return null; } // is it an image? if ($this->isImage) { // crop and resize image $this->POD->tolog("file->save() Time to crop an image!"); $this->createThumbs($new_name,$this->get('type')); if (!$this->success()) { $error = $this->error(); $this->delete(); $this->throwError($error); $this->success = false; return null; } } // did we succeed? // if not, undo db stuff } else { $this->POD->tolog("file->save() Updated file info without changing file"); } $this->generatePermalink(); $this->success = true; } function generatePermalink() { if ($this->isImage) { $this->set('path',$this->POD->libOptions('imgDir') . "/" . $this->get('id') . ".original." . $this->get('extension'),false); } else { $this->set('path',$this->POD->libOptions('docDir') . "/" . $this->get('id') . ".original." . $this->get('extension'),false); } if ($this->POD->libOptions('enable_core_files') && !$this->isImage()) { $path = $this->POD->libOptions('default_files_path'); $filePath = $this->POD->siteRoot(false) . "/$path/" . $this->get('id'); $this->set('original_file',"$filePath/original." . $this->extension,false); if ($this->isImage) { $this->set('resized',"$filePath/resized." . $this->extension,false); $this->set('thumbnail',"$filePath/thumbnail." . $this->extension,false); } } else { if ($this->isImage) { $filePath = $this->POD->libOptions('imgPath'); } else { $filePath = $this->POD->libOptions('docPath'); } $this->set('original_file',"$filePath/" . $this->get('id') . ".original." . $this->get('extension'),false); if ($this->isImage) { $this->set('resized',"$filePath/" . $this->get('id') . ".resized." . $this->get('extension'),false); $this->set('thumbnail',"$filePath/" . $this->get('id') . ".thumbnail." . $this->get('extension'),false); } } } function cleanup() { if ($this->isImage) { $fileDir = $this->POD->libOptions('imgDir'); /* unlink("$fileDir/" . $this->get('id') . ".original." . $this->get('extension')); unlink("$fileDir/" . $this->get('id') . ".resized." . $this->get('extension')); unlink("$fileDir/" . $this->get('id') . ".thumbnail." . $this->get('extension')); */ // find any dynamically generated resizes $files = opendir($fileDir); while ($file = readdir($files)) { if (preg_match("/" . $this->id . "\./",$file)) { unlink($fileDir . "/" . $file); } } } else { $fileDir = $this->POD->libOptions('docDir'); unlink("$fileDir/" . $this->get('id') . ".original." . $this->get('extension')); } } function delete() { $this->success = false; if (!$this->POD->isAuthenticated()) { $this->error_code = 401; $this->error = "Permission Denied"; return null; } if (!$this->get('id')) { $this->error_code = 500; $this->error = "File not saved yet."; return null; } if (($this->get('userId') != $this->POD->currentUser()->get('id')) && ($this->parent('userId') != $this->POD->currentUser()->get('id')) && (!$this->POD->currentUser()->get('adminUser'))) { // the only people who can delete a comment are the commenter, the owner of the document commented upon, or an admin user // if this person is none of those people, fail! $this->error_code = 401; $this->error = "Permission Denied"; return null; } $this->cleanup(); $sql = "DELETE FROM files WHERE id = " . $this->get('id'); $this->POD->tolog($sql,2); mysql_query($sql); $this->DATA = array(); $this->success = true; return true; } function download($size = "original") { $this->success = false; if ($this->isImage) { $filePath = $this->POD->libOptions('imgDir'); } else { $filePath = $this->POD->libOptions('docDir'); } $filePath .= "/" . $this->get('id') . ".$size." . $this->get('extension'); $fsize = filesize($filePath); if ($fsize > 0) { header('Content-Type: ' . $this->get('mime_type')); header('Content-Disposition: attachment; filename="'.$this->get('original_name').'"'); header("Content-Transfer-Encoding: binary"); header('Content-Length: ' . $fsize); ob_clean(); flush(); readfile($filePath); $this->success = true; } else { $this->error = "Couldn't open file $filePath"; $this->error_code = 500; $this->success = false; } return $this->success; } function isImage() { return $this->isImage; } function src($max_width_or_preset='resized',$square=false) { $preset = false; $this->success = false; if (preg_match("/\d+/",$max_width_or_preset)) { $name = $max_width_or_preset; $max_width = $max_width_or_preset; if ($square) { $name .="-square"; } } else { $preset = true; $name = $max_width_or_preset; } $fileDir = $this->POD->libOptions('imgDir'); $file_name = "$fileDir/" . $this->get('id') . ".{$name}." . $this->get('extension'); if (!file_exists($file_name)) { if (!$preset) { $this->resizeImage($max_width,$square,$name); if (!$this->success()) { return false; } } else { // presets are automatically generated // but for some reason this one wasn't found // so regenerating probably won't help. // so just fail. return false; } } // if ($this->POD->libOptions('enable_core_files')) { // $path = $this->POD->libOptions('default_files_path'); // $filePath = $this->POD->siteRoot(false) . "/$path/" . $this->get('id') . "/$name"; // } else { $path = $this->POD->libOptions('imgPath'); $filePath = "$path/" . $this->get('id') . ".$name." . $this->get('extension'); // } return $filePath; } function getImageSize() { if($this->isImage()) { list($x,$y)=getimagesize($this->path); return array($x,$y); } else { return array(0,0); } } function resizeImage($max_width,$square=false,$name=null) { $max_image_size = 3000*3000; $this->success = false; if ($this->isImage()) { // make sure we have the proper functions to handle an image if (!function_exists('imagecreatefromjpeg') || !function_exists('imagecreatefrompng') || !function_exists('imagecreatefromgif')) { $this->throwError("file->resizeImage() image processing functions not present!"); $this->error_code = 500; return false; } // locate the source image $fileDir = $this->POD->libOptions('imgDir'); $source_name = "$fileDir/" . $this->get('id') . ".original." . $this->get('extension'); list($width,$height) = getimagesize($source_name); if (($width * $height) > $max_image_size) { $this->throwError("{$width}x{$height} is bigger than the maximum size of 3000x3000"); return false; } // load the image into memory if ($this->get('extension') == "jpg") { $source = imagecreatefromjpeg($source_name); } else if ($this->get('extension') == "png") { $source = imagecreatefrompng($source_name); } else if ($this->get('extension') == "gif") { $source = imagecreatefromgif($source_name); } $resized = false; // if we want a square image, first, we center crop the image into a square if ($square) { if ($height >= $width) { $yoff = intval(($height - $width) / 2); $side = $width; } else if ($width >= $height) { $xoff = intval(($width - $height) / 2); $side = $height; } else { $side = $width; $xoff = 0; $yoff = 0; } $dest = imagecreatetruecolor($side,$side); imagealphablending($dest, false); imagecopyresampled($dest,$source,0,0,$xoff,$yoff,$width,$height,$width,$height); imagedestroy($source); $source = $dest; $height = $side; $width = $side; $resized = true; } // now, we need to resize this image down to the right size. if ($width > $max_width) { $width_percent = $max_width / $width; $newHeight = intval($height * $width_percent); $dest = imagecreatetruecolor($max_width,$newHeight); imagealphablending($dest, false); imagecopyresampled($dest,$source,0,0,0,0,$max_width,$newHeight,$width,$height); $resized = true; } if (!$resized) { $dest = $source; } if ($name==null) { $name = $max_width; if ($square) { $name .="-square"; } } $resized_name = "$fileDir/" . $this->get('id') . ".{$name}." . $this->get('extension'); if ($this->get('extension') == "jpg") { $res = imagejpeg($dest,$resized_name,100); } else if ($this->get('extension') == "png") { imagesavealpha($dest, true); $res = imagepng($dest,$resized_name,0); } else if ($this->get('extension') == "gif") { $res = imagegif($dest,$resized_name); } if (!$res) { $this->throwError("file->resizeImage() Could not create image $resized_name"); $this->error_code = 500; return false; } $this->success = true; } else { $this->throwError("Can't resize a file that isn't an image."); } return $this->success; } function createThumbs() { $this->success = false; // we have different settings for photos when they are attached to user accounts vs posts $type = "people"; if ($this->get('contentId')) { $type="document"; } if ($this->POD->libOptions($type . "ImageResize")) { $large_width = $this->POD->libOptions($type . "ImageMaxWidth"); $small_width = $this->POD->libOptions($type . "IconMaxWidth"); $square = ($this->POD->libOptions($type."IconSquare")!=''); $this->resizeImage($large_width,false,'resized'); if (!$this->success()) { return false; } $this->resizeImage($small_width,$square,'thumbnail'); if (!$this->success()) { return false; } } return true; } function render($template = 'output',$backup_path=null) { return parent::renderObj($template,array('file'=>$this),'files',$backup_path); } function output($template = 'output',$backup_path=null) { parent::output($template,array('file'=>$this),'files',$backup_path); } function mime_content_type($filename) { $mime_types = array( 'txt' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html', 'php' => 'text/html', 'css' => 'text/css', 'js' => 'application/javascript', 'json' => 'application/json', 'xml' => 'application/xml', 'swf' => 'application/x-shockwave-flash', 'flv' => 'video/x-flv', // images 'png' => 'image/png', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'bmp' => 'image/bmp', 'ico' => 'image/vnd.microsoft.icon', 'tiff' => 'image/tiff', 'tif' => 'image/tiff', 'svg' => 'image/svg+xml', 'svgz' => 'image/svg+xml', // archives 'zip' => 'application/zip', 'rar' => 'application/x-rar-compressed', 'exe' => 'application/x-msdownload', 'msi' => 'application/x-msdownload', 'cab' => 'application/vnd.ms-cab-compressed', // audio/video 'mp3' => 'audio/mpeg', 'qt' => 'video/quicktime', 'mov' => 'video/quicktime', // adobe 'pdf' => 'application/pdf', 'psd' => 'image/vnd.adobe.photoshop', 'ai' => 'application/postscript', 'eps' => 'application/postscript', 'ps' => 'application/postscript', // ms office 'doc' => 'application/msword', 'rtf' => 'application/rtf', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', // open office 'odt' => 'application/vnd.oasis.opendocument.text', 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', ); $ext = strtolower(array_pop(explode('.',$filename))); if (array_key_exists($ext, $mime_types)) { return $mime_types[$ext]; } elseif (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME); $mimetype = finfo_file($finfo, $filename); finfo_close($finfo); return $mimetype; } else { return 'application/octet-stream'; } } } # end of class ?>success()) { return $this; } // load item by id or accept params if (isset($PARAMETERS['gid']) && sizeof($PARAMETERS)==1) { $this->load('gid',$PARAMETERS['gid']); } else if (isset($PARAMETERS['id']) && sizeof($PARAMETERS)==1) { $this->load('id',$PARAMETERS['id']); } else if ($PARAMETERS) { foreach ($PARAMETERS as $key=>$val) { $this->set($key,$val); } } return $this; } function output() { // $item['message'] = preg_replace("/\%person\.(.*?)\%/e",'$u->permalink("\\1",true)',$item['message']); $message = $this->message; $message = preg_replace("/\@type/",$this->type,$message); $message = preg_replace("/\@timesince/",$this->POD->timesince($this->minutes),$message); $message = preg_replace("/\@count/",$this->count,$message); $message = preg_replace("/\@target\.(\w+)/e",'$this->unbundle("\\1");',$message); $message = preg_replace("/\@user\.(\w+)/e",'$this->author()->permalink("\\1",true);',$message); echo "

{$this->id}. " . $message . "