* hoping to diminish execution time\r
*\r
* The class is a singleton, meaning that there will be only one object of it\r
- * active at all times. The object can be requested using MANAGER::instance()\r
+ * active at all times. The object can be requested using Manager::instance()\r
*\r
* @license http://nucleuscms.org/license.txt GNU General Public License\r
* @copyright Copyright (C) 2002-2009 The Nucleus Group\r
- * @version $Id: MANAGER.php 1624 2012-01-09 11:36:20Z sakamocchi $\r
+ * @version $Id: MANAGER.php 1731 2012-04-08 15:10:35Z sakamocchi $\r
*/\r
-class MANAGER\r
+class Manager\r
{\r
-\r
/**\r
* Cached ITEM, BLOG, PLUGIN, KARMA and MEMBER objects. When these objects are requested\r
* through the global $manager object (getItem, getBlog, ...), only the first call\r
* The $items, $blogs, ... arrays map an id to an object (for plugins, the name is used\r
* rather than an ID)\r
*/\r
- var $items;\r
- var $blogs;\r
- var $plugins;\r
- var $karma;\r
- var $templates;\r
- var $members;\r
-\r
+ private $items;\r
+ private $blogs;\r
+ private $plugins;\r
+ private $karma;\r
+ private $templates;\r
+ private $members;\r
+ \r
/**\r
* cachedInfo to avoid repeated SQL queries (see pidInstalled/pluginInstalled/getPidFromName)\r
* e.g. which plugins exists?\r
*\r
* $cachedInfo['installedPlugins'] = array($pid -> $name)\r
*/\r
- var $cachedInfo;\r
-\r
+ private $cachedInfo;\r
+ \r
/**\r
* The plugin subscriptionlist\r
*\r
* The subcription array has the following structure\r
* $subscriptions[$EventName] = array containing names of plugin classes to be\r
* notified when that event happens\r
+ * \r
+ * NOTE: this is referred by Comments::addComment() for spamcheck API\r
+ * TODO: we should add new methods to get this\r
*/\r
- var $subscriptions;\r
-\r
+ public $subscriptions;\r
+ \r
+ /**\r
+ * Ticket functions. These are uses by the admin area to make it impossible to simulate certain GET/POST\r
+ * requests. tickets are user specific\r
+ */\r
+ private $currentRequestTicket = '';\r
+ \r
/**\r
* Returns the only instance of this class. Creates the instance if it\r
* does not yet exists. Users should use this function as\r
- * $manager =& MANAGER::instance(); to get a reference to the object\r
+ * $manager =& Manager::instance(); to get a reference to the object\r
* instead of a copy\r
*/\r
- function &instance()\r
+ public function &instance()\r
{\r
static $instance = array();\r
if ( empty($instance) )\r
{\r
- $instance[0] = new MANAGER();\r
+ $instance[0] = new Manager();\r
}\r
return $instance[0];\r
}\r
-\r
+ \r
/**\r
* The constructor of this class initializes the object caches\r
*/\r
- function MANAGER()\r
+ public function __construct()\r
{\r
$this->items = array();\r
$this->blogs = array();\r
$this->cachedInfo = array();\r
return;\r
}\r
-\r
+ \r
/**\r
* Returns the requested item object. If it is not in the cache, it will\r
* first be loaded and then placed in the cache.\r
* Intended use: $item =& $manager->getItem(1234)\r
*/\r
- function &getItem($itemid, $allowdraft, $allowfuture)\r
+ public function &getItem($itemid, $allowdraft, $allowfuture)\r
{\r
$item =& $this->items[$itemid];\r
-\r
+ \r
// check the draft and future rules if the item was already cached\r
if ( $item )\r
{\r
- if ((!$allowdraft) && ($item['draft']))\r
+ if ( (!$allowdraft) && ($item['draft']) )\r
+ {\r
return 0;\r
-\r
+ }\r
+ \r
$blog =& $this->getBlog(getBlogIDFromItemID($itemid));\r
+ \r
if ( (!$allowfuture) && ($item['timestamp'] > $blog->getCorrectTime()) )\r
{\r
return 0;\r
}\r
}\r
+ \r
if ( !$item )\r
{\r
// load class if needed\r
$this->loadClass('ITEM');\r
// load item object\r
- $item = ITEM::getitem($itemid, $allowdraft, $allowfuture);\r
+ $item = Item::getitem($itemid, $allowdraft, $allowfuture);\r
$this->items[$itemid] = $item;\r
}\r
return $item;\r
}\r
-\r
+ \r
/**\r
* Loads a class if it has not yet been loaded\r
*/\r
- function loadClass($name)\r
+ public function loadClass($name)\r
{\r
$this->_loadClass($name, $name . '.php');\r
return;\r
}\r
-\r
+ \r
/**\r
* Checks if an item exists\r
*/\r
- function existsItem($id,$future,$draft)\r
+ public function existsItem($id,$future,$draft)\r
{\r
$this->_loadClass('ITEM','ITEM.php');\r
- return ITEM::exists($id,$future,$draft);\r
+ return Item::exists($id,$future,$draft);\r
}\r
-\r
+ \r
/**\r
* Checks if a category exists\r
*/\r
- function existsCategory($id)\r
+ public function existsCategory($id)\r
{\r
- return (quickQuery('SELECT COUNT(*) as result FROM '.sql_table('category').' WHERE catid='.intval($id)) > 0);\r
+ return (DB::getValue('SELECT COUNT(*) as result FROM '.sql_table('category').' WHERE catid='.intval($id)) > 0);\r
}\r
-\r
+ \r
/**\r
* Returns the blog object for a given blogid\r
*/\r
- function &getBlog($blogid)\r
+ public function &getBlog($blogid)\r
{\r
$blog =& $this->blogs[$blogid];\r
-\r
+ \r
if ( !$blog )\r
{\r
// load class if needed\r
$this->_loadClass('BLOG','BLOG.php');\r
// load blog object\r
- $blog = new BLOG($blogid);\r
+ $blog = new Blog($blogid);\r
$this->blogs[$blogid] =& $blog;\r
}\r
return $blog;\r
}\r
-\r
+ \r
/**\r
* Checks if a blog exists\r
*/\r
- function existsBlog($name)\r
+ public function existsBlog($name)\r
{\r
$this->_loadClass('BLOG','BLOG.php');\r
- return BLOG::exists($name);\r
+ return Blog::exists($name);\r
}\r
-\r
+ \r
/**\r
* Checks if a blog id exists\r
*/\r
- function existsBlogID($id)\r
+ public function existsBlogID($id)\r
{\r
$this->_loadClass('BLOG','BLOG.php');\r
- return BLOG::existsID($id);\r
+ return Blog::existsID($id);\r
}\r
-\r
+ \r
/**\r
* Returns a previously read template\r
*/\r
- function &getTemplate($templateName)\r
+ public function &getTemplate($templateName)\r
{\r
$template =& $this->templates[$templateName];\r
-\r
+ \r
if ( !$template )\r
{\r
- $template = TEMPLATE::read($templateName);\r
+ $template = Template::read($templateName);\r
$this->templates[$templateName] =& $template;\r
}\r
return $template;\r
}\r
-\r
+ \r
/**\r
* Returns a KARMA object (karma votes)\r
*/\r
- function &getKarma($itemid)\r
+ public function &getKarma($itemid)\r
{\r
$karma =& $this->karma[$itemid];\r
-\r
- if ( !$karma ) {\r
+ \r
+ if ( !$karma )\r
+ {\r
// load class if needed\r
$this->_loadClass('KARMA','KARMA.php');\r
// create KARMA object\r
- $karma = new KARMA($itemid);\r
+ $karma = new Karma($itemid);\r
$this->karma[$itemid] =& $karma;\r
}\r
return $karma;\r
}\r
-\r
+ \r
/**\r
* Returns a MEMBER object\r
*/\r
- function &getMember($memberid)\r
+ public function &getMember($memberid)\r
{\r
$mem =& $this->members[$memberid];\r
-\r
+ \r
if ( !$mem )\r
{\r
// load class if needed\r
$this->_loadClass('MEMBER','MEMBER.php');\r
// create MEMBER object\r
- $mem =& MEMBER::createFromID($memberid);\r
+ $mem =& Member::createFromID($memberid);\r
$this->members[$memberid] =& $mem;\r
}\r
return $mem;\r
}\r
-\r
+ \r
/**\r
* Set the global parser preferences\r
*/\r
- function setParserProperty($name, $value)\r
+ public function setParserProperty($name, $value)\r
{\r
$this->parserPrefs[$name] = $value;\r
return;\r
/**\r
* Get the global parser preferences\r
*/\r
- function getParserProperty($name)\r
+ public function getParserProperty($name)\r
{\r
return $this->parserPrefs[$name];\r
}\r
-\r
+ \r
/**\r
- * A helper function to load a class\r
- * \r
- * private\r
- */\r
- function _loadClass($name, $filename)\r
+ * A helper function to load a class\r
+ * \r
+ * private\r
+ */\r
+ private function _loadClass($name, $filename)\r
{\r
if ( !class_exists($name) )\r
{\r
}\r
return;\r
}\r
-\r
+ \r
/**\r
- * MANAGER::_loadPlugin()\r
+ * Manager::_loadPlugin()\r
* loading a certain plugin\r
* \r
* @param string $name plugin name\r
* @return void\r
*/\r
- function _loadPlugin($name)\r
+ private function _loadPlugin($name)\r
{\r
+ global $DIR_PLUGINS, $MYSQL_HANDLER, $MYSQL_PREFIX;\r
+ \r
+ if ( class_exists($name) )\r
+ {\r
+ return;\r
+ }\r
+ \r
+ $fileName = "{$DIR_PLUGINS}{$name}.php";\r
+ \r
+ if ( !file_exists($fileName) )\r
+ {\r
+ if ( !defined('_MANAGER_PLUGINFILE_NOTFOUND') )\r
+ {\r
+ define('_MANAGER_PLUGINFILE_NOTFOUND', 'Plugin %s was not loaded (File not found)');\r
+ }\r
+ ActionLog::add(WARNING, sprintf(_MANAGER_PLUGINFILE_NOTFOUND, $name)); \r
+ return 0;\r
+ }\r
+ \r
+ // load plugin\r
+ include($fileName);\r
+ \r
+ // check if class exists (avoid errors in eval'd code)\r
if ( !class_exists($name) )\r
{\r
- global $DIR_PLUGINS;\r
- \r
- $fileName = $DIR_PLUGINS . $name . '.php';\r
- \r
- if ( !file_exists($fileName) )\r
- {\r
- if ( !defined('_MANAGER_PLUGINFILE_NOTFOUND') )\r
- {\r
- define('_MANAGER_PLUGINFILE_NOTFOUND', 'Plugin %s was not loaded (File not found)');\r
- }\r
- ACTIONLOG::add(WARNING, sprintf(_MANAGER_PLUGINFILE_NOTFOUND, $name)); \r
- return 0;\r
- }\r
- \r
- // load plugin\r
- include($fileName);\r
- \r
- // check if class exists (avoid errors in eval'd code)\r
- if ( !class_exists($name) )\r
- {\r
- ACTIONLOG::add(WARNING, sprintf(_MANAGER_PLUGINFILE_NOCLASS, $name));\r
- return 0;\r
- }\r
- \r
- // add to plugin array\r
- eval('$this->plugins[$name] = new ' . $name . '();');\r
- \r
- // get plugid\r
- $this->plugins[$name]->setID($this->getPidFromName($name));\r
- \r
- // unload plugin if a prefix is used and the plugin cannot handle this^\r
- global $MYSQL_PREFIX;\r
- if ( ($MYSQL_PREFIX != '')\r
- && !$this->plugins[$name]->supportsFeature('SqlTablePrefix') )\r
- {\r
- unset($this->plugins[$name]);\r
- ACTIONLOG::add(WARNING, sprintf(_MANAGER_PLUGINTABLEPREFIX_NOTSUPPORT, $name));\r
- return 0;\r
- }\r
- \r
- // unload plugin if using non-mysql handler and plugin does not support it \r
- global $MYSQL_HANDLER;\r
- if ( (!in_array('mysql',$MYSQL_HANDLER))\r
- && !$this->plugins[$name]->supportsFeature('SqlApi') )\r
- {\r
- unset($this->plugins[$name]);\r
- ACTIONLOG::add(WARNING, sprintf(_MANAGER_PLUGINSQLAPI_NOTSUPPORT, $name));\r
- return 0;\r
- }\r
- \r
- // call init method\r
- $this->plugins[$name]->init();\r
+ ActionLog::add(WARNING, sprintf(_MANAGER_PLUGINFILE_NOCLASS, $name));\r
+ return 0;\r
}\r
+ \r
+ // add to plugin array\r
+ $this->plugins[$name] = new $name();\r
+ \r
+ // get plugid\r
+ $this->plugins[$name]->setID($this->getPidFromName($name));\r
+ \r
+ // unload plugin if a prefix is used and the plugin cannot handle this\r
+ if ( ($MYSQL_PREFIX != '')\r
+ && !$this->plugins[$name]->supportsFeature('SqlTablePrefix') )\r
+ {\r
+ unset($this->plugins[$name]);\r
+ ActionLog::add(WARNING, sprintf(_MANAGER_PLUGINTABLEPREFIX_NOTSUPPORT, $name));\r
+ return 0;\r
+ }\r
+ \r
+ // unload plugin if using non-mysql handler and plugin does not support it \r
+ if ( (!in_array('mysql',$MYSQL_HANDLER))\r
+ && !$this->plugins[$name]->supportsFeature('SqlApi') )\r
+ {\r
+ unset($this->plugins[$name]);\r
+ ActionLog::add(WARNING, sprintf(_MANAGER_PLUGINSQLAPI_NOTSUPPORT, $name));\r
+ return 0;\r
+ }\r
+ \r
+ // call init method\r
+ $this->plugins[$name]->init();\r
+ \r
return;\r
}\r
\r
/**\r
+ * Manager:getPlugin()\r
* Returns a PLUGIN object\r
+ * \r
+ * @param string $name name of plugin\r
+ * @return object plugin object\r
*/\r
- function &getPlugin($name)\r
+ public function &getPlugin($name)\r
{\r
// retrieve the name of the plugin in the right capitalisation\r
$name = $this->getUpperCaseName ($name);\r
+ \r
// get the plugin \r
$plugin =& $this->plugins[$name]; \r
-\r
+ \r
if ( !$plugin )\r
{\r
// load class if needed\r
}\r
return $plugin;\r
}\r
-\r
+ \r
/**\r
- * Checks if the given plugin IS loaded or not\r
- */\r
- function &pluginLoaded($name)\r
+ * Manager::pluginLoaded()\r
+ * Checks if the given plugin IS loaded or not\r
+ * \r
+ * @param string $name name of plugin\r
+ * @return object plugin object\r
+ */\r
+ public function &pluginLoaded($name)\r
{\r
$plugin =& $this->plugins[$name];\r
return $plugin;\r
}\r
- \r
- function &pidLoaded($pid)\r
+ \r
+ /**\r
+ * Manager::pidLoaded()\r
+ * \r
+ * @param integer $pid id for plugin\r
+ * @return object plugin object\r
+ */\r
+ public function &pidLoaded($pid)\r
{\r
$plugin=false;\r
reset($this->plugins);\r
}\r
return $plugin;\r
}\r
-\r
+ \r
/**\r
- * checks if the given plugin IS installed or not\r
- */\r
- function pluginInstalled($name)\r
+ * Manager::pluginInstalled()\r
+ * checks if the given plugin IS installed or not\r
+ * \r
+ * @param string $name name of plugin\r
+ * @return boolean exists or not\r
+ */\r
+ public function pluginInstalled($name)\r
{\r
$this->_initCacheInfo('installedPlugins');\r
return ($this->getPidFromName($name) != -1);\r
}\r
\r
- function pidInstalled($pid)\r
+ /**\r
+ * Manager::pidInstalled()\r
+ * checks if the given plugin IS installed or not\r
+ * \r
+ * @param integer $pid id of plugin\r
+ * @return boolean exists or not\r
+ */\r
+ public function pidInstalled($pid)\r
{\r
$this->_initCacheInfo('installedPlugins');\r
return ($this->cachedInfo['installedPlugins'][$pid] != '');\r
}\r
-\r
- function getPidFromName($name)\r
+ \r
+ /**\r
+ * Manager::getPidFromName()\r
+ * \r
+ * @param string $name name of plugin\r
+ * @return mixed id for plugin or -1 if not exists\r
+ */\r
+ public function getPidFromName($name)\r
{\r
$this->_initCacheInfo('installedPlugins');\r
foreach ( $this->cachedInfo['installedPlugins'] as $pid => $pfile )\r
}\r
return -1;\r
}\r
-\r
+ \r
+ /**\r
+ * Manager::getPluginNameFromPid()\r
+ * \r
+ * @param string $pid ID for plugin\r
+ * @return string name of plugin\r
+ */\r
+ public function getPluginNameFromPid($pid)\r
+ {\r
+ if ( !array_key_exists($pid, $this->cachedInfo['installedPlugins']) )\r
+ {\r
+ $query = 'SELECT pfile FROM %s WHERE pid=%d;';\r
+ $query = sprintf($query, sql_table('plugin'), (integer) $pid);\r
+ return DB::getValue($query);\r
+ }\r
+ return $this->cachedInfo['installedPlugins'][$pid];\r
+ }\r
+ \r
/**\r
- * Retrieve the name of a plugin in the right capitalisation\r
- */\r
- function getUpperCaseName ($name)\r
+ * Manager::getUpperCaseName()\r
+ * Retrieve the name of a plugin in the right capitalisation\r
+ * \r
+ * @param string $name name of plugin\r
+ * @return string name according to UpperCamelCase\r
+ */\r
+ public function getUpperCaseName ($name)\r
{\r
$this->_initCacheInfo('installedPlugins');\r
foreach ( $this->cachedInfo['installedPlugins'] as $pid => $pfile )\r
return -1;\r
}\r
\r
- function clearCachedInfo($what)\r
+ /**\r
+ * Manager::clearCachedInfo()\r
+ * \r
+ * @param string $what\r
+ * @return void\r
+ */\r
+ public function clearCachedInfo($what)\r
{\r
unset($this->cachedInfo[$what]);\r
return;\r
}\r
-\r
+ \r
/**\r
+ * Manager::_initCacheInfo()\r
* Loads some info on the first call only\r
+ * \r
+ * @param string $what 'installedPlugins'\r
+ * @return void\r
*/\r
- function _initCacheInfo($what)\r
+ private function _initCacheInfo($what)\r
{\r
- if ( isset($this->cachedInfo[$what]) && is_array($this->cachedInfo[$what]) )\r
+ if ( array_key_exists($what, $this->cachedInfo)\r
+ && is_array($this->cachedInfo[$what]) )\r
{\r
return;\r
}\r
+ \r
switch ($what)\r
{\r
// 'installedPlugins' = array ($pid => $name)\r
case 'installedPlugins':\r
$this->cachedInfo['installedPlugins'] = array();\r
- $res = sql_query('SELECT pid, pfile FROM ' . sql_table('plugin'));\r
- while ( $o = sql_fetch_object($res) )\r
+ $res = DB::getResult('SELECT pid, pfile FROM ' . sql_table('plugin'));\r
+ foreach ( $res as $row )\r
{\r
- $this->cachedInfo['installedPlugins'][$o->pid] = $o->pfile;\r
+ $this->cachedInfo['installedPlugins'][$row['pid']] = $row['pfile'];\r
}\r
break;\r
}\r
return;\r
}\r
-\r
+ \r
/**\r
+ * Manager::notify()\r
* A function to notify plugins that something has happened. Only the plugins\r
* that are subscribed to the event will get notified.\r
* Upon the first call, the list of subscriptions will be fetched from the\r
* database. The plugins itsself will only get loaded when they are first needed\r
*\r
- * @param $eventName\r
- * Name of the event (method to be called on plugins)\r
- * @param $data\r
- * Can contain any type of data, depending on the event type. Usually this is\r
- * an itemid, blogid, ... but it can also be an array containing multiple values\r
+ * @param string $eventName Name of the event (method to be called on plugins)\r
+ * @param string $data Can contain any type of data,\r
+ * depending on the event type. Usually this is an itemid, blogid, ...\r
+ * but it can also be an array containing multiple values\r
+ * @return void\r
*/\r
- function notify($eventName, $data)\r
+ public function notify($eventName, $data)\r
{\r
// load subscription list if needed\r
if ( !is_array($this->subscriptions) )\r
\r
// get listening objects\r
$listeners = false;\r
- if ( isset($this->subscriptions[$eventName]) )\r
+ if ( array_key_exists($eventName, $this->subscriptions)\r
+ && !empty($this->subscriptions[$eventName]) )\r
{\r
$listeners = $this->subscriptions[$eventName];\r
}\r
-\r
+ \r
// notify all of them\r
if ( is_array($listeners) )\r
{\r
{\r
// load class if needed\r
$this->_loadPlugin($listener);\r
+ \r
// do notify (if method exists)\r
- if ( isset($this->plugins[$listener])\r
- && method_exists($this->plugins[$listener], 'event_' . $eventName))\r
+ if ( array_key_exists($listener, $this->plugins)\r
+ && !empty($this->plugins[$listener])\r
+ && method_exists($this->plugins[$listener], 'event_' . $eventName) )\r
{\r
call_user_func(array(&$this->plugins[$listener],'event_' . $eventName), $data);\r
}\r
}\r
return;\r
}\r
-\r
+ \r
/**\r
+ * Manager::_loadSubscriptions()\r
* Loads plugin subscriptions\r
+ * \r
+ * @param void\r
+ * @return void\r
*/\r
- function _loadSubscriptions()\r
+ private function _loadSubscriptions()\r
{\r
// initialize as array\r
$this->subscriptions = array();\r
-\r
- $res = sql_query('SELECT p.pfile as pfile, e.event as event FROM '.sql_table('plugin_event').' as e, '.sql_table('plugin').' as p WHERE e.pid=p.pid ORDER BY p.porder ASC');\r
- while ( $o = sql_fetch_object($res) )\r
+ \r
+ $query = "SELECT p.pfile as pfile, e.event as event"\r
+ . " FROM %s as e, %s as p"\r
+ . " WHERE e.pid=p.pid ORDER BY p.porder ASC";\r
+ $query = sprintf($query, sql_table('plugin_event'), sql_table('plugin'));\r
+ $res = DB::getResult($query);\r
+ \r
+ foreach ( $res as $row )\r
{\r
- $pluginName = $o->pfile;\r
- $eventName = $o->event;\r
+ $pluginName = $row['pfile'];\r
+ $eventName = $row['event'];\r
$this->subscriptions[$eventName][] = $pluginName;\r
}\r
return;\r
}\r
-\r
- /*\r
- Ticket functions. These are uses by the admin area to make it impossible to simulate certain GET/POST\r
- requests. tickets are user specific\r
- */\r
-\r
- var $currentRequestTicket = '';\r
-\r
+ \r
/**\r
+ * Manager::getNumberOfSubscribers()\r
+ * \r
+ * @param string $event name of events\r
+ * @return integer number of event subscriber\r
+ */\r
+ public function getNumberOfSubscribers($event)\r
+ {\r
+ $query = 'SELECT COUNT(*) as count FROM %s WHERE event=%s;';\r
+ $query = sprintf($query, sql_table('plugin_event'), DB::quoteValue($event));\r
+ return (integer) DB::getValue($query);\r
+ }\r
+ \r
+ /**\r
+ * Manager::addTicketToUrl()\r
* GET requests: Adds ticket to URL (URL should NOT be html-encoded!, ticket is added at the end)\r
+ * \r
+ * @param string url string for URI\r
+ * @return void\r
*/\r
- function addTicketToUrl($url)\r
+ public function addTicketToUrl($url)\r
{\r
$ticketCode = 'ticket=' . $this->_generateTicket();\r
- if ( strstr($url, '?') )\r
+ if ( i18n::strpos($url, '?') === FALSE )\r
{\r
- $ticketCode = "{$url}&{$ticketCode}";\r
+ $ticketCode = "{$url}?{$ticketCode}";\r
}\r
else\r
{\r
- $ticketCode = "{$url}?{$ticketCode}";\r
+ $ticketCode = "{$url}&{$ticketCode}";\r
}\r
return $ticketCode;\r
}\r
-\r
+ \r
/**\r
+ * Manager::addTicketHidden()\r
* POST requests: Adds ticket as hidden formvar\r
+ * \r
+ * @param void\r
+ * @return void\r
*/\r
- function addTicketHidden()\r
+ public function addTicketHidden()\r
{\r
$ticket = $this->_generateTicket();\r
- echo '<input type="hidden" name="ticket" value="', ENTITY::hsc($ticket), '" />';\r
+ echo '<input type="hidden" name="ticket" value="', Entity::hsc($ticket), '" />';\r
return;\r
}\r
-\r
+ \r
/**\r
+ * Manager::getNewTicket()\r
* Get a new ticket\r
* (xmlHTTPRequest AutoSaveDraft uses this to refresh the ticket)\r
+ * \r
+ * @param void\r
+ * @return string string of ticket\r
*/\r
- function getNewTicket()\r
+ public function getNewTicket()\r
{\r
$this->currentRequestTicket = '';\r
return $this->_generateTicket();\r
}\r
-\r
+ \r
/**\r
+ * Manager::checkTicket()\r
* Checks the ticket that was passed along with the current request\r
+ * \r
+ * @param void\r
+ * @return boolean correct or not\r
*/\r
- function checkTicket()\r
+ public function checkTicket()\r
{\r
global $member;\r
-\r
+ \r
// get ticket from request\r
$ticket = requestVar('ticket');\r
-\r
+ \r
// no ticket -> don't allow\r
if ( $ticket == '' )\r
{\r
- return false;\r
+ return FALSE;\r
}\r
-\r
+ \r
// remove expired tickets first\r
$this->_cleanUpExpiredTickets();\r
-\r
+ \r
// get member id\r
if (!$member->isLoggedIn())\r
{\r
{\r
$memberId = $member->getID();\r
}\r
-\r
+ \r
// check if ticket is a valid one\r
- $query = 'SELECT COUNT(*) as result FROM ' . sql_table('tickets') . ' WHERE member=' . intval($memberId). ' and ticket=\''.sql_real_escape_string($ticket).'\'';\r
-\r
+ $query = sprintf('SELECT COUNT(*) as result FROM %s WHERE member=%d and ticket=%s',\r
+ sql_table('tickets'),\r
+ intval($memberId),\r
+ DB::quoteValue($ticket)\r
+ );\r
+ \r
/*\r
* NOTE:\r
* [in the original implementation, the checked ticket was deleted. This would lead to invalid\r
* leaving the keys in the database is not a real problem, since they're member-specific and\r
* only valid for a period of one hour]\r
*/\r
- if ( quickQuery($query) == 1 )\r
+ if ( DB::getValue($query) != 1 )\r
{\r
- return true;\r
- }\r
- // not a valid ticket\r
- else\r
- {\r
- return false;\r
+ return FALSE;\r
}\r
+ \r
+ return TRUE;\r
}\r
\r
/**\r
- * (internal method) Removes the expired tickets\r
+ * Manager::_cleanUpExpiredTickets()\r
+ * Removes the expired tickets\r
+ * \r
+ * @param void\r
+ * @return void\r
*/\r
- function _cleanUpExpiredTickets()\r
+ private function _cleanUpExpiredTickets()\r
{\r
// remove tickets older than 1 hour\r
$oldTime = time() - 60 * 60;\r
- $query = 'DELETE FROM ' . sql_table('tickets'). ' WHERE ctime < \'' . date('Y-m-d H:i:s',$oldTime) .'\'';\r
- sql_query($query);\r
+ $query = 'DELETE FROM %s WHERE ctime < %s';\r
+ $query = sprintf($query, sql_table('tickets'), DB::formatDateTime($oldTime));\r
+ DB::execute($query);\r
return;\r
}\r
-\r
+ \r
/**\r
- * (internal method) Generates/returns a ticket (one ticket per page request)\r
+ * Manager::_generateTicket()\r
+ * Generates/returns a ticket (one ticket per page request)\r
+ * \r
+ * @param void\r
+ * @return void\r
*/\r
- function _generateTicket()\r
+ private function _generateTicket()\r
{\r
if ( $this->currentRequestTicket == '' )\r
{\r
{\r
$memberId = $member->getID();\r
}\r
-\r
+ \r
$ok = false;\r
while ( !$ok )\r
{\r
// generate a random token\r
srand((double)microtime()*1000000);\r
$ticket = md5(uniqid(rand(), true));\r
-\r
+ \r
// add in database as non-active\r
- $query = 'INSERT INTO ' . sql_table('tickets') . ' (ticket, member, ctime) ';\r
- $query .= 'VALUES (\'' . sql_real_escape_string($ticket). '\', \'' . intval($memberId). '\', \'' . date('Y-m-d H:i:s',time()) . '\')';\r
- if ( sql_query($query) )\r
+ $query = 'INSERT INTO %s (ticket, member, ctime) VALUES (%s, %d, %s)';\r
+ $query = sprintf($query, sql_table('tickets'), DB::quoteValue($ticket), (integer) $memberId, DB::formatDateTime());\r
+ \r
+ if ( DB::execute($query) !== FALSE )\r
{\r
$ok = true;\r
}\r
OSDN Git Service
