PageRenderTime 133ms CodeModel.GetById 24ms RepoModel.GetById 1ms app.codeStats 0ms

/src/library/MediaPlace.php

https://github.com/soverc/writehive_server
PHP | 436 lines | 368 code | 66 blank | 2 comment | 36 complexity | d9aa9244d396a9edcfb5f94bbe60a45d MD5 | raw file
  1. <?php
  2. ini_set('date.timezone', 'America/New_York');
  3. class MediaPlace
  4. {
  5. private $_dbx;
  6. public function __construct()
  7. {
  8. $this->_dbx = new mysqli('10.179.168.196', 'mpdb', 'mpFj8*Qm159788', 'mediaplace');
  9. //$this->_dbx = new mysqli('localhost', 'root', '', 'mediaplace');
  10. }
  11. public function valid_api_key($_key)
  12. {
  13. $_user = $this->_dbx->query("SELECT user_id FROM `user` WHERE account_key = '".$this->__sanitize($_key)."'");
  14. $_user = $_user->fetch_object();
  15. if ($_user->user_id) {
  16. return(true);
  17. } else {
  18. return(false);
  19. }
  20. }
  21. public function log($_method, $_data)
  22. {
  23. $_sql = "INSERT INTO json_rpc_log (
  24. method,
  25. raw_data,
  26. `key`,
  27. ts
  28. ) VALUES (
  29. '{$this->__sanitize($_method)}',
  30. '".$this->_dbx->real_escape_string($_data)."',
  31. '".$this->_dbx->real_escape_string($_data->_key)."',
  32. NOW()
  33. )";
  34. if ($this->_dbx->query($_sql)) {
  35. return(true);
  36. } else {
  37. return(false);
  38. }
  39. }
  40. public function load_plugin_config()
  41. {
  42. $sSectionSql = "SELECT * FROM `pluginConfigurationSections`;";
  43. $rSections = $this->_dbx->query($sSectionSql);
  44. $aIni = array();
  45. while ($oSection = $rSections->fetch_object()) {
  46. $aIni[$oSection->sSectionName] = array();
  47. $sVariableSql = "SELECT * FROM `pluginConfigurationKeys` WHERE `iConfigurationSectionId` = {$oSection->iSectionId};";
  48. $rVariables = $this->_dbx->query($sVariableSql);
  49. while ($oVariable = $rVariables->fetch_object()) {
  50. $aIni[$oSection->sSectionName][$oVariable->sConfigurationName] = $oVariable->sConfigurationValue;
  51. }
  52. }
  53. return $aIni;
  54. }
  55. public function login($_username, $_password)
  56. {
  57. $_userSql = "SELECT * FROM `user` WHERE display_name = '".$this->__sanitize($_username)."' AND (passwd = PASSWORD('".addslashes($_password)."') OR passwd = MD5(SHA1('".addslashes($_password)."')))";
  58. $_user = $this->_dbx->query($_userSql);
  59. $_user = $_user->fetch_object();
  60. if (!is_object($_user)) {
  61. return FALSE;
  62. }
  63. if ($_user->user_id) {
  64. return $_user;
  65. } else {
  66. return FALSE;
  67. }
  68. }
  69. public function api_login($_key) {
  70. $_user = $this->_dbx->query("SELECT * FROM `user` WHERE account_key = '{$this->__sanitize($_key)}'");
  71. $_user = $_user->fetch_object();
  72. if ($_user->user_id) {
  73. return($_user);
  74. } else {
  75. return(false);
  76. }
  77. }
  78. public function fetch_user($_id)
  79. {
  80. $_user = $this->_dbx->query("SELECT * FROM `user` WHERE id = {$this->__sanitize($_id)}");
  81. $_user = $_user->fetch_object();
  82. if ($_user->user_id) {
  83. return($_user);
  84. } else {
  85. return(false);
  86. }
  87. }
  88. public function article_search($_query)
  89. {
  90. $_results = array();
  91. $_q = "SELECT a.*, c.label AS cat_label, s.label AS subcat_label, u.display_name, u.display_pic ";
  92. $_q .= "FROM `article` a INNER JOIN categories c ON (c.id = a.category_id) ";
  93. $_q .= "LEFT JOIN categories d ON (d.id = a.secondcategory_id) ";
  94. $_q .= "LEFT JOIN subcategories s ON (s.id = a.subcategory_id) ";
  95. $_q .= "INNER JOIN `user` u ON (u.user_id = a.author_id) WHERE ";
  96. $_q .= "a.title LIKE '%{$this->__sanitize($_query['criteria'])}%' OR a.content LIKE '%{$this->__sanitize($_query['criteria'])}%' ";
  97. $_q .= "OR a.description LIKE '%{$this->__sanitize($_query['criteria'])}%' OR ";
  98. $_q .= "a.tag_words LIKE ".((isset($_query['tag_words'])) ? "'%{$this->__sanitize($_query['tag_words'])}%'" : "'%{$this->__sanitize($_query['criteria'])}%'");
  99. if (isset($_query['start_date']) && isset($_query['end_date'])) {
  100. $_q .= " OR (a.date_created BETWEEN '".date('Y-m-d', strtotime($this->__sanitize($_query['start_date'])))."' AND '".date('Y-m-d', strtotime($this->__sanitize($_query['end_date'])))."')";
  101. }
  102. elseif (isset($_query['start_date'])) {
  103. $_q .= " OR (a.date_created >= ".date('Y-m-d', strtotime($this->__sanitize($_query['start_date'])))."')";
  104. }
  105. elseif (isset($_query['end_date'])) {
  106. $_q .= " OR (a.date_created <= ".date('Y-m-d', strtotime($this->__sanitize($_query['end_date'])))."')";
  107. }
  108. if (isset($_query['category'])) {
  109. $_q .= " AND a.category_id = {$this->__sanitize($_query['category'])}";
  110. }
  111. if (isset($_query['secondcategory'])) {
  112. $_q .= " AND s.id = {$this->__sanitize($_query['secondcategory'])}";
  113. }
  114. $_q .= ' ORDER BY a.`date_created` DESC ';
  115. if (isset($_query['limit'])) {
  116. $limit = $_query['limit'];
  117. } else {
  118. $limit = 60;
  119. }
  120. $_q .= ' LIMIT '.$limit.' ';
  121. $_search = $this->_dbx->query($_q);
  122. while ($_article = $_search->fetch_object()) {
  123. if ($_article->active) {
  124. $_article->content = $this->__secure_desanitize($_article->content);
  125. //secure preview
  126. $_article->content = nl2br( trim( strip_tags( $_article->content ) ));
  127. $_article->comments = $this->__article_comments($_article->article_id);
  128. $_article->syndications = $this->__article_syndications($_article->article_id);
  129. $_article->purchases = $this->__article_purchases($_article->article_id);
  130. $_article->views = $this->__article_views($_article->article_id);
  131. $_results[] = $_article;
  132. }
  133. }
  134. return($_results);
  135. }
  136. public function article_deactivate($_article_id, $_author_key=NULL)
  137. {
  138. $_q = "SELECT `user_id` from `user` WHERE `account_key` = '".$this->__sanitize($_author_key)."' ";
  139. $_result = $this->_dbx->query($_q);
  140. if (!$_result) {
  141. return false;
  142. }
  143. $_user = $_result->fetch_object();
  144. $_user_id = $_user->user_id;
  145. $_q = "UPDATE `article` SET `active` = 0 WHERE `article_id` = '{$this->__sanitize($_article_id)}' AND `author_id` = '{$this->__sanitize($_user_id)}'";
  146. if ($this->_dbx->query($_q)) {
  147. return true;
  148. } else {
  149. return false;
  150. }
  151. }
  152. public function article_fetch($_article_id)
  153. {
  154. $_sql = 'SELECT a.*,
  155. u.display_name AS author_name,
  156. c.label AS cat_label,
  157. d.label AS secondcat_label, s.label as subcat_label, e.label AS secondsubcat_label
  158. FROM `article` AS a
  159. INNER JOIN `user` AS u ON (u.user_id = a.author_id)
  160. INNER JOIN categories AS c ON (c.id = a.category_id)
  161. LEFT JOIN categories AS d ON (d.id = a.secondcategory_id)
  162. LEFT JOIN subcategories AS s ON (s.id = a.subcategory_id)
  163. LEFT JOIN subcategories AS e ON (e.id = a.secondsubcategory_id)
  164. WHERE a.article_id = \''.$this->__sanitize($_article_id).'\'';
  165. $_result = $this->_dbx->query( $_sql );
  166. $_article = $_result->fetch_object();
  167. $_article->content = $this->__secure_desanitize($_article->content);
  168. $_article->comments = $this->__article_comments($_article->article_id);
  169. $_article->syndications = $this->__article_syndications($_article->article_id);
  170. $_article->purchases = $this->__article_purchases($_article->article_id);
  171. $_article->views = $this->__article_views($_article->article_id);
  172. return $_article;
  173. }
  174. public function grab_all_categories()
  175. {
  176. $_categories = array();
  177. $_cats = $this->_dbx->query("SELECT * FROM categories ORDER BY `order` ASC");
  178. while ($_cat = $_cats->fetch_object()) {
  179. $_categories[] = $_cat;
  180. }
  181. return($_categories);
  182. }
  183. public function grab_categories()
  184. {
  185. $_categories = array();
  186. $_cats = $this->_dbx->query("SELECT * FROM categories WHERE active = 1 ORDER BY `order` ASC");
  187. while ($_cat = $_cats->fetch_object()) {
  188. $_categories[] = $_cat;
  189. }
  190. return($_categories);
  191. }
  192. public function grab_subcategories($_category)
  193. {
  194. $_categories = array();
  195. $_cats = $this->_dbx->query("SELECT * FROM subcategories WHERE category_id = {$this->__sanitize($_category)}");
  196. while ($_cat = $_cats->fetch_object()) {
  197. $_categories[] = $_cat;
  198. }
  199. return($_categories);
  200. }
  201. public function article_post($_data)
  202. {
  203. $guid = whv_uuid();
  204. $_sql = "INSERT INTO `article` (
  205. article_id,
  206. author_id,
  207. content,
  208. title,
  209. description,
  210. name,
  211. category_id,
  212. secondcategory_id,
  213. subcategory_id,
  214. secondsubcategory_id,
  215. group_id,
  216. private,
  217. tag_words,
  218. cost,
  219. date_created,
  220. from_blog,
  221. from_url,
  222. allow_free
  223. ) VALUES (
  224. '".$guid."',
  225. '{$this->__sanitize($_data->author_id)}',
  226. '{$this->__secure_sanitize($_data->content)}',
  227. '{$this->__secure_sanitize($_data->title)}',
  228. '{$this->__sanitize($_data->description)}',
  229. '{$this->__sanitize($_data->name)}',
  230. '{$this->__sanitize($_data->category_id)}',
  231. '{$this->__sanitize($_data->secondcategory_id)}',
  232. '{$this->__sanitize($_data->subcategory_id)}',
  233. '{$this->__sanitize($_data->secondsubcategory_id)}',
  234. '{$this->__sanitize($_data->group_id)}',
  235. '{$this->__sanitize($_data->private)}',
  236. '{$this->__sanitize($_data->tag_words)}',
  237. '{$this->__sanitize($_data->cost)}',
  238. NOW(),
  239. '{$this->__sanitize($_data->from_blog)}',
  240. '{$this->__sanitize($_data->from_url)}',
  241. '{$this->__sanitize($_data->allow_free)}'
  242. )";
  243. if ($this->_dbx->query($_sql)) {
  244. return $guid;
  245. } else {
  246. return(false);
  247. }
  248. }
  249. public function article_increment_syndications($_article, $_user)
  250. {
  251. if ($this->_dbx->query("INSERT INTO `syndicated` (uid, aid, syndicated) VALUES ('".$this->__sanitize($_user)."', '".$this->__sanitize($_article)."', NOW())")) {
  252. return(true);
  253. } else {
  254. return(false);
  255. }
  256. }
  257. public function comments_grab($_article)
  258. {
  259. $_comments = array();
  260. $_comm = $this->_dbx->query("SELECT * FROM comments WHERE article_id = '{$this->__sanitize($_article)}'");
  261. while ($_comment = $_comm->fetch_object()) {
  262. $_comment->content = $this->__secure_desanitize($_comment->content);
  263. $_comments[] = $_comment;
  264. }
  265. return($_comments);
  266. }
  267. public function comment_post($_comment)
  268. {
  269. $_sql = "INSERT INTO comments (
  270. article_id,
  271. author_name,
  272. author_email,
  273. author_url,
  274. author_ip,
  275. date_created,
  276. content,
  277. parent_id,
  278. site_id,
  279. from_blog,
  280. from_url
  281. ) VALUES (
  282. '{$this->__sanitize($_comment->article_id)}',
  283. '{$this->__sanitize($_comment->author_name)}',
  284. '{$this->__sanitize($_comment->author_email)}',
  285. '{$this->__sanitize($_comment->author_url)}',
  286. '{$this->__sanitize($_comment->author_ip)}',
  287. NOW(),
  288. '{$this->__secure_sanitize($_comment->content)}',
  289. '{$this->__sanitize($_comment->parent_id)}',
  290. '{$this->__sanitize($_comment->site_id)}',
  291. '{$this->__sanitize($_comment->from_blog)}',
  292. '{$this->__sanitize($_comment->from_url)}'
  293. )";
  294. if ($this->_dbx->query($_sql)) {
  295. return(true);
  296. } else {
  297. return(false);
  298. }
  299. }
  300. public function my_groups($_user)
  301. {
  302. $_owned = array();
  303. $_joined = array();
  304. $_all = array();
  305. $_oq = $this->_dbx->query("SELECT * FROM groups WHERE creator = '".$this->__sanitize($_user)."'");
  306. $_jq = $this->_dbx->query("SELECT j.*, g.* FROM group_members j INNER JOIN groups g ON (j.gid = g.id) WHERE uid = '".$this->__sanitize($_user)."'");
  307. while ($_row = $_oq->fetch_object()) {
  308. $_owned[] = $_row;
  309. }
  310. while ($_row = $_jq->fetch_object()) {
  311. $_joined[] = $_row;
  312. }
  313. foreach ($_owned as $_group) {
  314. $_all[] = $_group;
  315. }
  316. foreach ($_joined as $_group) {
  317. $_all[] = $_group;
  318. }
  319. return(array(
  320. 'owned' => $_owned,
  321. 'joined' => $_joined,
  322. 'all' => $_all
  323. ));
  324. }
  325. private function __sanitize($_string)
  326. {
  327. return(addslashes(strip_tags($_string)));
  328. }
  329. private function __secure_sanitize($_string)
  330. {
  331. return(addslashes(htmlentities($_string)));
  332. }
  333. private function __secure_desanitize($_string)
  334. {
  335. return(html_entity_decode($_string));
  336. }
  337. private function __article_comments($_article)
  338. {
  339. $_comments = $this->_dbx->query("SELECT COUNT(id) AS comment_count FROM comments WHERE article_id = '".$this->__sanitize($_article)."'");
  340. $_comments = $_comments->fetch_object();
  341. return($_comments->comment_count);
  342. }
  343. private function __article_syndications($_article)
  344. {
  345. $_syndications = $this->_dbx->query("SELECT COUNT(aid) AS syndication_count FROM syndicated WHERE aid = '".$this->__sanitize($_article)."'");
  346. $_syndications = $_syndications->fetch_object();
  347. return($_syndications->syndication_count);
  348. }
  349. private function __article_purchases($_article)
  350. {
  351. $_purchases = $this->_dbx->query("SELECT COUNT(article_id) AS purchase_count FROM invoices WHERE article_id = '".$this->__sanitize($_article)."'");
  352. $_purchases = $_purchases->fetch_object();
  353. return($_purchases->purchase_count);
  354. }
  355. private function __article_views($_article)
  356. {
  357. $_views = $this->_dbx->query("SELECT COUNT(entity_id) AS view_count FROM views WHERE entity_id = '".$this->__sanitize($_article)."' AND entity_type = 'article'");
  358. $_views = $_views->fetch_object();
  359. return($_views->view_count);
  360. }
  361. }
  362. function whv_uuid() {
  363. return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
  364. mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
  365. mt_rand( 0, 0x0fff ) | 0x4000,
  366. mt_rand( 0, 0x3fff ) | 0x8000,
  367. mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff )
  368. );
  369. }