<?php
/**
- * GForge Forums Facility
+ * FusionForge forums
*
- * Copyright 2002 GForge, LLC
- * http://gforge.org/
+ * Copyright 1999-2000, Tim Perdue/Sourceforge
+ * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
- * @version $Id$
+ * This file is part of FusionForge.
*
- * This file is part of GForge.
- *
- * GForge is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * GForge is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with GForge; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
*/
-
-/*
- Message Forums
- By Tim Perdue, Sourceforge, 11/99
-
- Massive rewrite by Tim Perdue 7/2000 (nested/views/save)
-
- Complete OO rewrite by Tim Perdue 12/2002
-*/
-
require_once $gfcommon.'include/Error.class.php';
require_once $gfcommon.'forum/ForumMessage.class.php';
// This string is used when sending the notification mail for identifying the
$this->setError(_('Forum Description Must Be At Least 10 Characters'));
return false;
}
- if (eregi('[^_\.0-9a-z-]',$forum_name)) {
+ if (!preg_match('/^([_\.0-9a-z-])*$/i',$forum_name)) {
$this->setError(_('Illegal Characters in Forum Name'));
return false;
}
if ($send_all_posts_to) {
+ $send_all_posts_to = str_replace(';', ',', $send_all_posts_to);
$invalid_mails = validate_emails($send_all_posts_to);
if (count($invalid_mails) > 0) {
$this->setInvalidEmailError();
}
$project_name = $this->Group->getUnixName();
- $result_list_samename = db_query('SELECT 1 FROM mail_group_list WHERE list_name = \''.$project_name.'-'.$forum_name.'\' AND group_id='.$this->Group->getID().'');
+ $result_list_samename = db_query_params ('SELECT 1 FROM mail_group_list WHERE list_name=$1 AND group_id=$2',
+
+ array ($project_name.'-'.strtolower($forum_name),
+ $this->Group->getID())) ;
if (db_numrows($result_list_samename) > 0){
$this->setError(_('Mailing List Exists with same name'));
}
}
- $sql="INSERT INTO forum_group_list (group_id,forum_name,is_public,description,send_all_posts_to,allow_anonymous,moderation_level)
- VALUES ('".$this->Group->getId()."',
- '". strtolower($forum_name) ."',
- '$is_public',
- '". htmlspecialchars($description) ."',
- '$send_all_posts_to',
- '$allow_anonymous','$moderation_level')";
-
db_begin();
- $result=db_query($sql);
+ $result = db_query_params('INSERT INTO forum_group_list (group_id,forum_name,is_public,description,send_all_posts_to,allow_anonymous,moderation_level) VALUES ($1,$2,$3,$4,$5,$6,$7)',
+ array ($this->Group->getID(),
+ strtolower($forum_name),
+ $is_public,
+ htmlspecialchars($description),
+ $send_all_posts_to,
+ $allow_anonymous,
+ $moderation_level)) ;
if (!$result) {
db_rollback();
$this->setError(_('Error Adding Forum').db_error());
}
$this->group_forum_id=db_insertid($result,'forum_group_list','group_forum_id');
$this->fetchData($this->group_forum_id);
+
if ($create_default_message) {
$fm=new ForumMessage($this);
- if (!$fm->create("Welcome to ".$forum_name,"Welcome to ".$forum_name)) {
+ // Use the system side default language
+ setup_gettext_from_sys_lang ();
+ $string=sprintf(_('Welcome to %1$s'), $forum_name);
+ // and switch back to the user preference
+ setup_gettext_from_context();
+ if (!$fm->create($string, $string)) {
$this->setError($fm->getErrorMessage());
return false;
}
}
db_commit();
+
+ $this->Group->normalizeAllRoles () ;
+
return true;
}
) AS threads
FROM forum_group_list_vw AS fgl
WHERE group_forum_id='$group_forum_id'";
+ $res = db_query_mysql ($sql);
} else {
- $sql="SELECT * FROM forum_group_list_vw
- WHERE group_forum_id='$group_forum_id'";
+ $res = db_query_params ('SELECT * FROM forum_group_list_vw WHERE group_forum_id=$1',
+ array ($group_forum_id)) ;
}
- $res=db_query($sql);
if (!$res || db_numrows($res) < 1) {
$this->setError(_('Invalid forum group identifier'));
return false;
* @return int The next thread_id #.
*/
function getNextThreadID() {
- global $sys_database_type;
-
- if ($sys_database_type == "mysql") {
- $sql="call newval('forum_thread_seq', @res)";
- $result=db_mquery($sql);
- if (!$result) {
- echo db_error();
- return false;
- }
- $sql="select @res";
- } else {
- $sql="SELECT nextval('forum_thread_seq')";
- }
- $result=db_query($sql);
+ $result = db_query_params ('SELECT nextval($1)',
+ array ('forum_thread_seq')) ;
if (!$result || db_numrows($result) < 1) {
echo db_error();
return false;
return $this->save_date;
} else {
if (session_loggedin()) {
- $sql="SELECT save_date FROM forum_saved_place
- WHERE user_id='".user_getid()."' AND forum_id='". $this->getID() ."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT save_date FROM forum_saved_place WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
if ($result && db_numrows($result) > 0) {
$this->save_date=db_result($result,0,'save_date');
return $this->save_date;
* @return array The array of user_id's.
*/
function getMonitoringIDs() {
- $sql="SELECT user_id FROM forum_monitored_forums WHERE forum_id='".$this->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('SELECT user_id FROM forum_monitored_forums WHERE forum_id=$1',
+ array ($this->getID())) ;
return util_result_column_to_array($result);
}
* @return array The array of user_id's.
*/
function getForumAdminIDs() {
- $sql = "SELECT user_group.user_id
- FROM user_group, role_setting
- WHERE role_setting.section_name='forum'
- AND role_setting.ref_id='".$this->getID()."'
- AND role_setting.value > 1
- AND user_group.role_id = role_setting.role_id";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT user_group.user_id FROM user_group, role_setting
+ WHERE role_setting.section_name=$1
+ AND role_setting.ref_id=$2
+ AND role_setting.value::integer > 1
+ AND user_group.role_id = role_setting.role_id',
+ array ('forum',
+ $this->getID())) ;
return util_result_column_to_array($result);
}
*
* @return boolean success.
*/
- function setMonitor() {
- if (!session_loggedin()) {
- $this->setError(_('You can only monitor if you are logged in'));
- return false;
+ function setMonitor ($u = -1) {
+ if ($u == -1) {
+ if (!session_loggedin()) {
+ $this->setError(_('You can only monitor if you are logged in'));
+ return false;
+ }
+ $u = user_getid() ;
}
- $sql="SELECT * FROM forum_monitored_forums
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
- $result = db_query($sql);
-
+ $result = db_query_params ('SELECT * FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+ array ($u,
+ $this->getID())) ;
if (!$result || db_numrows($result) < 1) {
/*
User is not already monitoring thread, so
insert a row so monitoring can begin
*/
$sql="INSERT INTO forum_monitored_forums (forum_id,user_id)
- VALUES ('".$this->getID()."','".user_getid()."')";
+ VALUES ('".$this->getID()."','$u')";
- $result = db_query($sql);
+ $result = db_query_params ('INSERT INTO forum_monitored_forums (forum_id,user_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ user_getid())) ;
if (!$result) {
$this->setError(_('Unable To Add Monitor').' : '.db_error());
*
* @return boolean success.
*/
- function stopMonitor() {
- if (!session_loggedin()) {
- $this->setError(_('You can only monitor if you are logged in'));
- return false;
+ function stopMonitor ($u = -1) {
+ if ($u == -1) {
+ if (!session_loggedin()) {
+ $this->setError(_('You can only monitor if you are logged in'));
+ return false;
+ }
+ $u = user_getid() ;
}
- $sql="DELETE FROM forum_monitored_forums
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
- return db_query($sql);
+ return db_query_params ('DELETE FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+ array ($u,
+ $this->getID())) ;
}
/**
if (!session_loggedin()) {
return false;
}
- $sql="SELECT count(*) AS count FROM forum_monitored_forums WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT count(*) AS count FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
$row_count = db_fetch_array($result);
return $result && $row_count['count'] > 0;
}
$this->setError(_('You Can Only Save Your Place If You Are Logged In'));
return false;
}
- $sql="SELECT * FROM forum_saved_place
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."'";
-
- $result = db_query($sql);
+ $result = db_query_params ('SELECT * FROM forum_saved_place WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
if (!$result || db_numrows($result) < 1) {
/*
User is not already monitoring thread, so
insert a row so monitoring can begin
*/
- $sql="INSERT INTO forum_saved_place (forum_id,user_id,save_date)
- VALUES ('".$this->getID()."','".user_getid()."','".time()."')";
-
- $result = db_query($sql);
+ $result = db_query_params ('INSERT INTO forum_saved_place (forum_id,user_id,save_date) VALUES ($1,$2,$3)',
+ array ($this->getID(),
+ user_getid(),
+ time())) ;
if (!$result) {
$this->setError(_('Forum::savePlace()').': '.db_error());
}
} else {
- $sql="UPDATE forum_saved_place
- SET save_date='".time()."'
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."'";
- $result = db_query($sql);
+ $result = db_query_params ('UPDATE forum_saved_place SET save_date=$1 WHERE user_id=$2 AND forum_id=$3',
+ array (time(),
+ user_getid(),
+ $this->getID())) ;
if (!$result) {
$this->setError('Forum::savePlace() '.db_error());
$this->setError(_('Forum Description Must Be At Least 10 Characters'));
return false;
}
- if (eregi('[^_\.0-9a-z-]',$forum_name)) {
+ if (!preg_match('/^([_\.0-9a-z-])*$/i',$forum_name)) {
$this->setError(_('Illegal Characters in Forum Name'));
return false;
}
if ($send_all_posts_to) {
+ $send_all_posts_to = str_replace(';', ',', $send_all_posts_to);
$invalid_mails = validate_emails($send_all_posts_to);
if (count($invalid_mails) > 0) {
$this->setInvalidEmailError();
return false;
}
- $res=db_query("UPDATE forum_group_list SET
- forum_name='". strtolower($forum_name) ."',
- description='". htmlspecialchars($description) ."',
- send_all_posts_to='".$send_all_posts_to ."',
- allow_anonymous='" .$allow_anonymous . "',
- moderation_level='" .$moderation_level . "',
- is_public='" .$is_public . "'
- WHERE group_id='".$this->Group->getID()."'
- AND group_forum_id='".$this->getID()."'");
-
+ $res = db_query_params ('UPDATE forum_group_list SET
+ forum_name=$1,
+ description=$2,
+ send_all_posts_to=$3,
+ allow_anonymous=$4,
+ moderation_level=$5,
+ is_public=$6
+ WHERE group_id=$7
+ AND group_forum_id=$8',
+ array (strtolower($forum_name),
+ htmlspecialchars($description),
+ $send_all_posts_to,
+ $allow_anonymous,
+ $moderation_level,
+ $is_public,
+ $this->Group->getID(),
+ $this->getID())) ;
+
if (!$res || db_affected_rows($res) < 1) {
$this->setError(_('Error On Update:').': '.db_error());
return false;
return false;
}
db_begin();
- db_query("DELETE FROM forum_agg_msg_count
- WHERE group_forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_agg_msg_count WHERE group_forum_id=$1',
+ array ($this->getID())) ;
//echo '1'.db_error();
- db_query("DELETE FROM forum_monitored_forums
- WHERE forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_monitored_forums WHERE forum_id=$1',
+ array ($this->getID())) ;
//echo '2'.db_error();
- db_query("DELETE FROM forum_saved_place
- WHERE forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_saved_place WHERE forum_id=$1',
+ array ($this->getID())) ;
//echo '3'.db_error();
- $res = db_query("SELECT msg_id from forum where group_forum_id='".$this->getID()."'");//get the messages for this forum, to delete its attachments
- $delete_ids = array();
- for ($i=0;$i<db_numrows($res);$i++) {
- $aux = db_fetch_array($res);
- $delete_ids[] = $aux[0];
- }
- foreach ($delete_ids as $id) {
- db_query("DELETE FROM forum_attachment where msg_id='$id'");
- }
-
- db_query("DELETE FROM forum
- WHERE group_forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_attachment WHERE msg_id IN (SELECT msg_id from forum where group_forum_id=$1)',
+ array ($this->getID())) ;
+ db_query_params ('DELETE FROM forum WHERE group_forum_id=$1',
+ array ($this->getID())) ;
//echo '4'.db_error();
- db_query("DELETE FROM forum_group_list
- WHERE group_forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_group_list WHERE group_forum_id=$1',
+ array ($this->getID())) ;
//echo '5'.db_error();
+ //delete forum's role setting
+ db_query_params ('DELETE FROM role_setting WHERE section_name=$1 AND ref_id=$2',
+ array ('forum',
+ $this->getID())) ;
+
db_commit();
+
+ $this->Group->normalizeAllRoles () ;
+
return true;
}
return -1;
} else {
if (!isset($this->current_user_perm)) {
- $sql="SELECT role_setting.value
+ $res = db_query_params ('SELECT role_setting.value::integer
FROM role_setting, user_group
- WHERE role_setting.ref_id='". $this->getID() ."'
- AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."'
- AND role_setting.section_name='forum'";
- $this->current_user_perm=db_result(db_query($sql),0,0);
+ WHERE role_setting.ref_id=$1
+ AND user_group.role_id=role_setting.role_id
+ AND user_group.user_id=$2
+ AND role_setting.section_name=$3',
+ array ($this->getID(),
+ user_getid(),
+ 'forum')) ;
+ $this->current_user_perm=db_result($res,0,0);
// Return no access if no access rights defined.
if (!$this->current_user_perm)