summaryrefslogtreecommitdiff
path: root/demos/blog/protected/Common/BlogDataModule.php
diff options
context:
space:
mode:
Diffstat (limited to 'demos/blog/protected/Common/BlogDataModule.php')
-rw-r--r--demos/blog/protected/Common/BlogDataModule.php1414
1 files changed, 707 insertions, 707 deletions
diff --git a/demos/blog/protected/Common/BlogDataModule.php b/demos/blog/protected/Common/BlogDataModule.php
index 26dfc5cf..a071ba9a 100644
--- a/demos/blog/protected/Common/BlogDataModule.php
+++ b/demos/blog/protected/Common/BlogDataModule.php
@@ -1,708 +1,708 @@
-<?php
-/**
- * BlogDataModule class file
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @link http://www.pradosoft.com/
- * @copyright Copyright &copy; 2006 PradoSoft
- * @license http://www.pradosoft.com/license/
- * @version $Id$
- */
-
-/**
- * BlogDataModule class
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @link http://www.pradosoft.com/
- * @copyright Copyright &copy; 2006 PradoSoft
- * @license http://www.pradosoft.com/license/
- */
-class BlogDataModule extends TModule
-{
- const DB_FILE_EXT='.db';
- const DEFAULT_DB_FILE='Application.Data.Blog';
- private $_db=null;
- private $_dbFile=null;
-
- public function init($config)
- {
- $this->connectDatabase();
- }
-
- public function getDbFile()
- {
- if($this->_dbFile===null)
- $this->_dbFile=Prado::getPathOfNamespace(self::DEFAULT_DB_FILE,self::DB_FILE_EXT);
- return $this->_dbFile;
- }
-
- public function setDbFile($value)
- {
- if(($this->_dbFile=Prado::getPathOfNamespace($value,self::DB_FILE_EXT))===null)
- throw new BlogException(500,'blogdatamodule_dbfile_invalid',$value);
- }
-
- protected function createDatabase()
- {
- $schemaFile=dirname(__FILE__).'/schema.sql';
- $statements=explode(';',file_get_contents($schemaFile));
- foreach($statements as $statement)
- {
- if(trim($statement)!=='')
- {
- try {
- $command=$this->_db->createCommand($statement);
- $command->execute();
- }
- catch(TDbException $e)
- {
- throw new BlogException(500,'blogdatamodule_createdatabase_failed',$e->getErrorMessage(),$statement);
- }
- }
- }
- }
-
- protected function connectDatabase()
- {
- $dbFile=$this->getDbFile();
- $newDb=!is_file($dbFile);
-
- try {
- $this->_db=new TDbConnection("sqlite:".$dbFile);
- $this->_db->Active=true;
- }
- catch(TDbException $e)
- {
- throw new BlogException(500,'blogdatamodule_dbconnect_failed',$e->getErrorMessage());
- }
-
- if($newDb)
- $this->createDatabase();
- }
-
- protected function generateModifier($filter,$orderBy,$limit)
- {
- $modifier='';
- if($filter!=='')
- $modifier=' WHERE '.$filter;
- if($orderBy!=='')
- $modifier.=' ORDER BY '.$orderBy;
- if($limit!=='')
- $modifier.=' LIMIT '.$limit;
- return $modifier;
- }
-
- public function query($sql)
- {
- try {
- $command=$this->_db->createCommand($sql);
- return $command->query();
- }
- catch(TDbException $e)
- {
- throw new BlogException(500,'blogdatamodule_query_failed',$e->getErrorMessage(),$sql);
- }
- }
-
- protected function populateUserRecord($row)
- {
- $userRecord=new UserRecord;
- $userRecord->ID=(integer)$row['id'];
- $userRecord->Name=$row['name'];
- $userRecord->FullName=$row['full_name'];
- $userRecord->Role=(integer)$row['role'];
- $userRecord->Password=$row['passwd'];
- $userRecord->VerifyCode=$row['vcode'];
- $userRecord->Email=$row['email'];
- $userRecord->CreateTime=(integer)$row['reg_time'];
- $userRecord->Status=(integer)$row['status'];
- $userRecord->Website=$row['website'];
- return $userRecord;
- }
-
- public function queryUsers($filter='',$orderBy='',$limit='')
- {
- if($filter!=='')
- $filter='WHERE '.$filter;
- $sql="SELECT * FROM tblUsers $filter $orderBy $limit";
- $rows=$this->query($sql);
- $users=array();
- foreach($rows as $row)
- $users[]=$this->populateUserRecord($row);
- return $users;
- }
-
- public function queryUserCount($filter)
- {
- if($filter!=='')
- $filter='WHERE '.$filter;
- $sql="SELECT COUNT(id) AS user_count FROM tblUsers $filter";
- $result=$this->query($sql);
- if(($row=$result->read())!==false)
- return $row['user_count'];
- else
- return 0;
- }
-
- public function queryUserByID($id)
- {
- $sql="SELECT * FROM tblUsers WHERE id=$id";
- $result=$this->query($sql);
- if(($row=$result->read())!==false)
- return $this->populateUserRecord($row);
- else
- return null;
- }
-
- public function queryUserByName($name)
- {
- $command=$this->_db->createCommand("SELECT * FROM tblUsers WHERE name=?");
- $command->bindValue(1, $name);
-
- $result=$command->query();
-
- if(($row=$result->read())!==false)
- return $this->populateUserRecord($row);
- else
- return null;
- }
-
- public function insertUser($user)
- {
- $command=$this->_db->createCommand("INSERT INTO tblUsers ".
- "(name,full_name,role,passwd,email,reg_time,status,website) ".
- "VALUES (?,?,?,?,?,?,?,?)");
- $command->bindValue(1, $user->Name);
- $command->bindValue(2, $user->FullName);
- $command->bindValue(3, $user->Role);
- $command->bindValue(4, $user->Password);
- $command->bindValue(5, $user->Email);
- $command->bindValue(6, time());
- $command->bindValue(7, $user->Status);
- $command->bindValue(8, $user->Website);
- $command->execute();
-
- $user->ID=$this->_db->getLastInsertID();
- }
-
- public function updateUser($user)
- {
- $command=$this->_db->createCommand("UPDATE tblUsers SET
- name=?,
- full_name=?,
- role=?,
- passwd=?,
- vcode=?,
- email=?,
- status=?,
- website=?
- WHERE id=?");
- $command->bindValue(1, $user->Name);
- $command->bindValue(2, $user->FullName);
- $command->bindValue(3, $user->Role);
- $command->bindValue(4, $user->Password);
- $command->bindValue(5, $user->VerifyCode);
- $command->bindValue(6, $user->Email);
- $command->bindValue(7, $user->Status);
- $command->bindValue(8, $user->Website);
- $command->bindValue(9, $user->ID);
- $command->execute();
- }
-
- public function deleteUser($id)
- {
- $command=$this->_db->createCommand("DELETE FROM tblUsers WHERE id=?");
- $command->bindValue(1, $id);
- $command->execute();
- }
-
- protected function populatePostRecord($row)
- {
- $postRecord=new PostRecord;
- $postRecord->ID=(integer)$row['id'];
- $postRecord->AuthorID=(integer)$row['author_id'];
- if($row['author_full_name']!=='')
- $postRecord->AuthorName=$row['author_full_name'];
- else
- $postRecord->AuthorName=$row['author_name'];
- $postRecord->CreateTime=(integer)$row['create_time'];
- $postRecord->ModifyTime=(integer)$row['modify_time'];
- $postRecord->Title=$row['title'];
- $postRecord->Content=$row['content'];
- $postRecord->Status=(integer)$row['status'];
- $postRecord->CommentCount=(integer)$row['comment_count'];
- return $postRecord;
- }
-
- public function queryPosts($postFilter,$categoryFilter,$orderBy,$limit)
- {
- //FIXME this is insecure by design since it misses proper escaping
- $filter='';
- if($postFilter!=='')
- $filter.=" AND $postFilter";
- if($categoryFilter!=='')
- $filter.=" AND a.id IN (SELECT post_id AS id FROM tblPost2Category WHERE $categoryFilter)";
- $sql="SELECT a.id AS id,
- a.author_id AS author_id,
- b.name AS author_name,
- b.full_name AS author_full_name,
- a.create_time AS create_time,
- a.modify_time AS modify_time,
- a.title AS title,
- a.content AS content,
- a.status AS status,
- a.comment_count AS comment_count
- FROM tblPosts a, tblUsers b
- WHERE a.author_id=b.id $filter $orderBy $limit";
- $rows=$this->query($sql);
- $posts=array();
- foreach($rows as $row)
- $posts[]=$this->populatePostRecord($row);
- return $posts;
- }
-
- public function queryPostsSearch($keywords,$orderBy,$limit)
- {
- $sql="SELECT a.id AS id,
- a.author_id AS author_id,
- b.name AS author_name,
- b.full_name AS author_full_name,
- a.create_time AS create_time,
- a.modify_time AS modify_time,
- a.title AS title,
- a.content AS content,
- a.status AS status,
- a.comment_count AS comment_count
- FROM tblPosts a, tblUsers b
- WHERE a.author_id=b.id AND a.status=0";
-
- foreach($keywords as $keyword)
- $sql.=" AND (content LIKE ? OR title LIKE ?)";
-
- $sql.=" $orderBy $limit";
-
- $command=$this->_db->createCommand($sql);
-
- $i=1;
- foreach($keywords as $keyword)
- {
- $command->bindValue($i, "%".$keyword."%");
- $i++;
- }
-
- $rows=$command->query();
-
- $posts=array();
- foreach($rows as $row)
- $posts[]=$this->populatePostRecord($row);
- return $posts;
-
- }
-
- public function queryPostCount($postFilter,$categoryFilter)
- {
- //FIXME this is insecure by design since it misses proper escaping
- $filter='';
- if($postFilter!=='')
- $filter.=" AND $postFilter";
- if($categoryFilter!=='')
- $filter.=" AND a.id IN (SELECT post_id AS id FROM tblPost2Category WHERE $categoryFilter)";
- $sql="SELECT COUNT(a.id) AS post_count
- FROM tblPosts a, tblUsers b
- WHERE a.author_id=b.id $filter";
- $result=$this->query($sql);
- if(($row=$result->read())!==false)
- return $row['post_count'];
- else
- return 0;
- }
-
- public function queryPostByID($id)
- {
- $sql="SELECT a.id AS id,
- a.author_id AS author_id,
- b.name AS author_name,
- b.full_name AS author_full_name,
- a.create_time AS create_time,
- a.modify_time AS modify_time,
- a.title AS title,
- a.content AS content,
- a.status AS status,
- a.comment_count AS comment_count
- FROM tblPosts a, tblUsers b
- WHERE a.id=? AND a.author_id=b.id";
-
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $id);
-
- $result=$command->query();
-
- if(($row=$result->read())!==false)
- return $this->populatePostRecord($row);
- else
- return null;
- }
-
- public function insertPost($post,$catIDs)
- {
- $command=$this->_db->createCommand("INSERT INTO tblPosts
- (author_id,create_time,modify_time,title,content,status)
- VALUES (?,?,?,?,?,?)");
- $command->bindValue(1, $post->AuthorID);
- $command->bindValue(2, $post->CreateTime);
- $command->bindValue(3, $post->ModifyTime);
- $command->bindValue(4, $post->Title);
- $command->bindValue(5, $post->Content);
- $command->bindValue(6, $post->Status);
-
- $command->execute();
- $post->ID=$this->_db->getLastInsertID();
- foreach($catIDs as $catID)
- $this->insertPostCategory($post->ID,$catID);
- }
-
- public function updatePost($post,$newCatIDs=null)
- {
- if($newCatIDs!==null)
- {
- $cats=$this->queryCategoriesByPostID($post->ID);
- $catIDs=array();
- foreach($cats as $cat)
- $catIDs[]=$cat->ID;
- $deleteIDs=array_diff($catIDs,$newCatIDs);
- foreach($deleteIDs as $id)
- $this->deletePostCategory($post->ID,$id);
- $insertIDs=array_diff($newCatIDs,$catIDs);
- foreach($insertIDs as $id)
- $this->insertPostCategory($post->ID,$id);
- }
-
- $command=$this->_db->createCommand("UPDATE tblPosts SET
- modify_time=?,
- title=?,
- content=?,
- status=?
- WHERE id=?");
- $command->bindValue(1, $post->ModifyTime);
- $command->bindValue(2, $post->Title);
- $command->bindValue(3, $post->Content);
- $command->bindValue(4, $post->Status);
- $command->bindValue(5, $post->ID);
-
- $command->execute();
- }
-
- public function deletePost($id)
- {
- $cats=$this->queryCategoriesByPostID($id);
- foreach($cats as $cat)
- $this->deletePostCategory($id,$cat->ID);
-
- $command=$this->_db->createCommand("DELETE FROM tblComments WHERE post_id=?");
- $command->bindValue(1, $id);
- $command->execute();
-
- $command=$this->_db->createCommand("DELETE FROM tblPosts WHERE id=?");
- $command->bindValue(1, $id);
- $command->execute();
- }
-
- protected function populateCommentRecord($row)
- {
- $commentRecord=new CommentRecord;
- $commentRecord->ID=(integer)$row['id'];
- $commentRecord->PostID=(integer)$row['post_id'];
- $commentRecord->AuthorName=$row['author_name'];
- $commentRecord->AuthorEmail=$row['author_email'];
- $commentRecord->AuthorWebsite=$row['author_website'];
- $commentRecord->AuthorIP=$row['author_ip'];
- $commentRecord->CreateTime=(integer)$row['create_time'];
- $commentRecord->Content=$row['content'];
- $commentRecord->Status=(integer)$row['status'];
- return $commentRecord;
- }
-
- public function queryComments($filter,$orderBy,$limit)
- {
- //FIXME this is insecure by design since it misses proper escaping
- if($filter!=='')
- $filter='WHERE '.$filter;
- $sql="SELECT * FROM tblComments $filter $orderBy $limit";
- $rows=$this->query($sql);
- $comments=array();
- foreach($rows as $row)
- $comments[]=$this->populateCommentRecord($row);
- return $comments;
- }
-
- public function queryCommentsByPostID($id)
- {
- $sql="SELECT * FROM tblComments WHERE post_id=? ORDER BY create_time DESC";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $id);
-
- $rows=$command->query();
-
- $comments=array();
- foreach($rows as $row)
- $comments[]=$this->populateCommentRecord($row);
- return $comments;
- }
-
- public function insertComment($comment)
- {
- $sql="INSERT INTO tblComments
- (post_id,author_name,author_email,author_website,author_ip,create_time,status,content)
- VALUES (?,?,?,?,?,?,?,?)";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $comment->PostID);
- $command->bindValue(2, $comment->AuthorName);
- $command->bindValue(3, $comment->AuthorEmail);
- $command->bindValue(4, $comment->AuthorWebsite);
- $command->bindValue(5, $comment->AuthorIP);
- $command->bindValue(6, $comment->CreateTime);
- $command->bindValue(7, $comment->Status);
- $command->bindValue(8, $comment->Content);
-
- $command->execute();
- $comment->ID=$this->_db->getLastInsertID();
- $this->query("UPDATE tblPosts SET comment_count=comment_count+1 WHERE id={$comment->PostID}");
- }
-
- public function updateComment($comment)
- {
- $sql="UPDATE tblComments SET status=? WHERE id=?";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $comment->Status);
- $command->bindValue(2, $comment->ID);
-
- $command->execute();
- }
-
- public function deleteComment($id)
- {
- $sql="SELECT post_id FROM tblComments WHERE id=?";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $id);
- $result=$command->query();
-
- if(($row=$result->read())!==false)
- {
- $command=$this->_db->createCommand("DELETE FROM tblComments WHERE id=?");
- $command->bindValue(1, $id);
- $command->execute();
-
- $command=$this->_db->createCommand("UPDATE tblPosts SET comment_count=comment_count-1 WHERE id=?");
- $command->bindValue(1, $row['post_id']);
- $command->execute();
- }
- }
-
- protected function populateCategoryRecord($row)
- {
- $catRecord=new CategoryRecord;
- $catRecord->ID=(integer)$row['id'];
- $catRecord->Name=$row['name'];
- $catRecord->Description=$row['description'];
- $catRecord->PostCount=$row['post_count'];
- return $catRecord;
- }
-
- public function queryCategories()
- {
- $sql="SELECT * FROM tblCategories ORDER BY name ASC";
- $rows=$this->query($sql);
- $cats=array();
- foreach($rows as $row)
- $cats[]=$this->populateCategoryRecord($row);
- return $cats;
- }
-
- public function queryCategoriesByPostID($postID)
- {
- $sql="SELECT a.id AS id,
- a.name AS name,
- a.description AS description,
- a.post_count AS post_count
- FROM tblCategories a, tblPost2Category b
- WHERE a.id=b.category_id AND b.post_id=? ORDER BY a.name";
-
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $postID);
- $rows=$command->query();
-
- $cats=array();
- foreach($rows as $row)
- $cats[]=$this->populateCategoryRecord($row);
- return $cats;
- }
-
- public function queryCategoryByID($id)
- {
- $sql="SELECT * FROM tblCategories WHERE id=?";
-
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $id);
- $result=$command->query();
-
- if(($row=$result->read())!==false)
- return $this->populateCategoryRecord($row);
- else
- return null;
- }
-
- public function queryCategoryByName($name)
- {
- $sql="SELECT * FROM tblCategories WHERE name=?";
-
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $name);
- $result=$command->query();
-
- if(($row=$result->read())!==false)
- return $this->populateCategoryRecord($row);
- else
- return null;
- }
-
- public function insertCategory($category)
- {
- $sql="INSERT INTO tblCategories
- (name,description)
- VALUES (?,?)";
-
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $category->Name);
- $command->bindValue(2, $category->Description);
- $command->execute();
-
- $category->ID=$this->_db->getLastInsertID();
- }
-
- public function updateCategory($category)
- {
- $sql="UPDATE tblCategories SET name=?, description=?, post_count=? WHERE id=?";
-
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $category->Name);
- $command->bindValue(2, $category->Description);
- $command->bindValue(3, $category->PostCount);
- $command->bindValue(4, $category->ID);
-
- $command->execute();
- }
-
- public function deleteCategory($id)
- {
- $sql="DELETE FROM tblPost2Category WHERE category_id=?";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $id);
- $command->execute();
-
- $sql="DELETE FROM tblCategories WHERE id=?";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $id);
- $command->execute();
- }
-
- public function insertPostCategory($postID,$categoryID)
- {
- $sql="INSERT INTO tblPost2Category (post_id, category_id) VALUES (?, ?)";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $postID);
- $command->bindValue(2, $categoryID);
- $command->execute();
-
- $sql="UPDATE tblCategories SET post_count=post_count+1 WHERE id=?";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $categoryID);
- $command->execute();
-
- }
-
- public function deletePostCategory($postID,$categoryID)
- {
- $sql="DELETE FROM tblPost2Category WHERE post_id=? AND category_id=?";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $postID);
- $command->bindValue(2, $categoryID);
- $result=$command->query();
-
- if($result->getRowCount()>0)
- {
- $sql="UPDATE tblCategories SET post_count=post_count-1 WHERE id=?";
- $command=$this->_db->createCommand($sql);
- $command->bindValue(1, $categoryID);
- $command->execute();
- }
- }
-
- public function queryEarliestPostTime()
- {
- $sql="SELECT MIN(create_time) AS create_time FROM tblPosts";
- $result=$this->query($sql);
- if(($row=$result->read())!==false)
- return $row['create_time'];
- else
- return time();
- }
-}
-
-class UserRecord
-{
- const ROLE_USER=0;
- const ROLE_ADMIN=1;
- const STATUS_NORMAL=0;
- const STATUS_DISABLED=1;
- const STATUS_PENDING=2;
- public $ID;
- public $Name;
- public $FullName;
- public $Role;
- public $Password;
- public $VerifyCode;
- public $Email;
- public $CreateTime;
- public $Status;
- public $Website;
-}
-
-class PostRecord
-{
- const STATUS_PUBLISHED=0;
- const STATUS_DRAFT=1;
- const STATUS_PENDING=2;
- const STATUS_STICKY=3;
- public $ID;
- public $AuthorID;
- public $AuthorName;
- public $CreateTime;
- public $ModifyTime;
- public $Title;
- public $Content;
- public $Status;
- public $CommentCount;
-}
-
-class CommentRecord
-{
- public $ID;
- public $PostID;
- public $AuthorName;
- public $AuthorEmail;
- public $AuthorWebsite;
- public $AuthorIP;
- public $CreateTime;
- public $Status;
- public $Content;
-}
-
-class CategoryRecord
-{
- public $ID;
- public $Name;
- public $Description;
- public $PostCount;
-}
-
+<?php
+/**
+ * BlogDataModule class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @version $Id$
+ */
+
+/**
+ * BlogDataModule class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2006 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ */
+class BlogDataModule extends TModule
+{
+ const DB_FILE_EXT='.db';
+ const DEFAULT_DB_FILE='Application.Data.Blog';
+ private $_db=null;
+ private $_dbFile=null;
+
+ public function init($config)
+ {
+ $this->connectDatabase();
+ }
+
+ public function getDbFile()
+ {
+ if($this->_dbFile===null)
+ $this->_dbFile=Prado::getPathOfNamespace(self::DEFAULT_DB_FILE,self::DB_FILE_EXT);
+ return $this->_dbFile;
+ }
+
+ public function setDbFile($value)
+ {
+ if(($this->_dbFile=Prado::getPathOfNamespace($value,self::DB_FILE_EXT))===null)
+ throw new BlogException(500,'blogdatamodule_dbfile_invalid',$value);
+ }
+
+ protected function createDatabase()
+ {
+ $schemaFile=dirname(__FILE__).'/schema.sql';
+ $statements=explode(';',file_get_contents($schemaFile));
+ foreach($statements as $statement)
+ {
+ if(trim($statement)!=='')
+ {
+ try {
+ $command=$this->_db->createCommand($statement);
+ $command->execute();
+ }
+ catch(TDbException $e)
+ {
+ throw new BlogException(500,'blogdatamodule_createdatabase_failed',$e->getErrorMessage(),$statement);
+ }
+ }
+ }
+ }
+
+ protected function connectDatabase()
+ {
+ $dbFile=$this->getDbFile();
+ $newDb=!is_file($dbFile);
+
+ try {
+ $this->_db=new TDbConnection("sqlite:".$dbFile);
+ $this->_db->Active=true;
+ }
+ catch(TDbException $e)
+ {
+ throw new BlogException(500,'blogdatamodule_dbconnect_failed',$e->getErrorMessage());
+ }
+
+ if($newDb)
+ $this->createDatabase();
+ }
+
+ protected function generateModifier($filter,$orderBy,$limit)
+ {
+ $modifier='';
+ if($filter!=='')
+ $modifier=' WHERE '.$filter;
+ if($orderBy!=='')
+ $modifier.=' ORDER BY '.$orderBy;
+ if($limit!=='')
+ $modifier.=' LIMIT '.$limit;
+ return $modifier;
+ }
+
+ public function query($sql)
+ {
+ try {
+ $command=$this->_db->createCommand($sql);
+ return $command->query();
+ }
+ catch(TDbException $e)
+ {
+ throw new BlogException(500,'blogdatamodule_query_failed',$e->getErrorMessage(),$sql);
+ }
+ }
+
+ protected function populateUserRecord($row)
+ {
+ $userRecord=new UserRecord;
+ $userRecord->ID=(integer)$row['id'];
+ $userRecord->Name=$row['name'];
+ $userRecord->FullName=$row['full_name'];
+ $userRecord->Role=(integer)$row['role'];
+ $userRecord->Password=$row['passwd'];
+ $userRecord->VerifyCode=$row['vcode'];
+ $userRecord->Email=$row['email'];
+ $userRecord->CreateTime=(integer)$row['reg_time'];
+ $userRecord->Status=(integer)$row['status'];
+ $userRecord->Website=$row['website'];
+ return $userRecord;
+ }
+
+ public function queryUsers($filter='',$orderBy='',$limit='')
+ {
+ if($filter!=='')
+ $filter='WHERE '.$filter;
+ $sql="SELECT * FROM tblUsers $filter $orderBy $limit";
+ $rows=$this->query($sql);
+ $users=array();
+ foreach($rows as $row)
+ $users[]=$this->populateUserRecord($row);
+ return $users;
+ }
+
+ public function queryUserCount($filter)
+ {
+ if($filter!=='')
+ $filter='WHERE '.$filter;
+ $sql="SELECT COUNT(id) AS user_count FROM tblUsers $filter";
+ $result=$this->query($sql);
+ if(($row=$result->read())!==false)
+ return $row['user_count'];
+ else
+ return 0;
+ }
+
+ public function queryUserByID($id)
+ {
+ $sql="SELECT * FROM tblUsers WHERE id=$id";
+ $result=$this->query($sql);
+ if(($row=$result->read())!==false)
+ return $this->populateUserRecord($row);
+ else
+ return null;
+ }
+
+ public function queryUserByName($name)
+ {
+ $command=$this->_db->createCommand("SELECT * FROM tblUsers WHERE name=?");
+ $command->bindValue(1, $name);
+
+ $result=$command->query();
+
+ if(($row=$result->read())!==false)
+ return $this->populateUserRecord($row);
+ else
+ return null;
+ }
+
+ public function insertUser($user)
+ {
+ $command=$this->_db->createCommand("INSERT INTO tblUsers ".
+ "(name,full_name,role,passwd,email,reg_time,status,website) ".
+ "VALUES (?,?,?,?,?,?,?,?)");
+ $command->bindValue(1, $user->Name);
+ $command->bindValue(2, $user->FullName);
+ $command->bindValue(3, $user->Role);
+ $command->bindValue(4, $user->Password);
+ $command->bindValue(5, $user->Email);
+ $command->bindValue(6, time());
+ $command->bindValue(7, $user->Status);
+ $command->bindValue(8, $user->Website);
+ $command->execute();
+
+ $user->ID=$this->_db->getLastInsertID();
+ }
+
+ public function updateUser($user)
+ {
+ $command=$this->_db->createCommand("UPDATE tblUsers SET
+ name=?,
+ full_name=?,
+ role=?,
+ passwd=?,
+ vcode=?,
+ email=?,
+ status=?,
+ website=?
+ WHERE id=?");
+ $command->bindValue(1, $user->Name);
+ $command->bindValue(2, $user->FullName);
+ $command->bindValue(3, $user->Role);
+ $command->bindValue(4, $user->Password);
+ $command->bindValue(5, $user->VerifyCode);
+ $command->bindValue(6, $user->Email);
+ $command->bindValue(7, $user->Status);
+ $command->bindValue(8, $user->Website);
+ $command->bindValue(9, $user->ID);
+ $command->execute();
+ }
+
+ public function deleteUser($id)
+ {
+ $command=$this->_db->createCommand("DELETE FROM tblUsers WHERE id=?");
+ $command->bindValue(1, $id);
+ $command->execute();
+ }
+
+ protected function populatePostRecord($row)
+ {
+ $postRecord=new PostRecord;
+ $postRecord->ID=(integer)$row['id'];
+ $postRecord->AuthorID=(integer)$row['author_id'];
+ if($row['author_full_name']!=='')
+ $postRecord->AuthorName=$row['author_full_name'];
+ else
+ $postRecord->AuthorName=$row['author_name'];
+ $postRecord->CreateTime=(integer)$row['create_time'];
+ $postRecord->ModifyTime=(integer)$row['modify_time'];
+ $postRecord->Title=$row['title'];
+ $postRecord->Content=$row['content'];
+ $postRecord->Status=(integer)$row['status'];
+ $postRecord->CommentCount=(integer)$row['comment_count'];
+ return $postRecord;
+ }
+
+ public function queryPosts($postFilter,$categoryFilter,$orderBy,$limit)
+ {
+ //FIXME this is insecure by design since it misses proper escaping
+ $filter='';
+ if($postFilter!=='')
+ $filter.=" AND $postFilter";
+ if($categoryFilter!=='')
+ $filter.=" AND a.id IN (SELECT post_id AS id FROM tblPost2Category WHERE $categoryFilter)";
+ $sql="SELECT a.id AS id,
+ a.author_id AS author_id,
+ b.name AS author_name,
+ b.full_name AS author_full_name,
+ a.create_time AS create_time,
+ a.modify_time AS modify_time,
+ a.title AS title,
+ a.content AS content,
+ a.status AS status,
+ a.comment_count AS comment_count
+ FROM tblPosts a, tblUsers b
+ WHERE a.author_id=b.id $filter $orderBy $limit";
+ $rows=$this->query($sql);
+ $posts=array();
+ foreach($rows as $row)
+ $posts[]=$this->populatePostRecord($row);
+ return $posts;
+ }
+
+ public function queryPostsSearch($keywords,$orderBy,$limit)
+ {
+ $sql="SELECT a.id AS id,
+ a.author_id AS author_id,
+ b.name AS author_name,
+ b.full_name AS author_full_name,
+ a.create_time AS create_time,
+ a.modify_time AS modify_time,
+ a.title AS title,
+ a.content AS content,
+ a.status AS status,
+ a.comment_count AS comment_count
+ FROM tblPosts a, tblUsers b
+ WHERE a.author_id=b.id AND a.status=0";
+
+ foreach($keywords as $keyword)
+ $sql.=" AND (content LIKE ? OR title LIKE ?)";
+
+ $sql.=" $orderBy $limit";
+
+ $command=$this->_db->createCommand($sql);
+
+ $i=1;
+ foreach($keywords as $keyword)
+ {
+ $command->bindValue($i, "%".$keyword."%");
+ $i++;
+ }
+
+ $rows=$command->query();
+
+ $posts=array();
+ foreach($rows as $row)
+ $posts[]=$this->populatePostRecord($row);
+ return $posts;
+
+ }
+
+ public function queryPostCount($postFilter,$categoryFilter)
+ {
+ //FIXME this is insecure by design since it misses proper escaping
+ $filter='';
+ if($postFilter!=='')
+ $filter.=" AND $postFilter";
+ if($categoryFilter!=='')
+ $filter.=" AND a.id IN (SELECT post_id AS id FROM tblPost2Category WHERE $categoryFilter)";
+ $sql="SELECT COUNT(a.id) AS post_count
+ FROM tblPosts a, tblUsers b
+ WHERE a.author_id=b.id $filter";
+ $result=$this->query($sql);
+ if(($row=$result->read())!==false)
+ return $row['post_count'];
+ else
+ return 0;
+ }
+
+ public function queryPostByID($id)
+ {
+ $sql="SELECT a.id AS id,
+ a.author_id AS author_id,
+ b.name AS author_name,
+ b.full_name AS author_full_name,
+ a.create_time AS create_time,
+ a.modify_time AS modify_time,
+ a.title AS title,
+ a.content AS content,
+ a.status AS status,
+ a.comment_count AS comment_count
+ FROM tblPosts a, tblUsers b
+ WHERE a.id=? AND a.author_id=b.id";
+
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $id);
+
+ $result=$command->query();
+
+ if(($row=$result->read())!==false)
+ return $this->populatePostRecord($row);
+ else
+ return null;
+ }
+
+ public function insertPost($post,$catIDs)
+ {
+ $command=$this->_db->createCommand("INSERT INTO tblPosts
+ (author_id,create_time,modify_time,title,content,status)
+ VALUES (?,?,?,?,?,?)");
+ $command->bindValue(1, $post->AuthorID);
+ $command->bindValue(2, $post->CreateTime);
+ $command->bindValue(3, $post->ModifyTime);
+ $command->bindValue(4, $post->Title);
+ $command->bindValue(5, $post->Content);
+ $command->bindValue(6, $post->Status);
+
+ $command->execute();
+ $post->ID=$this->_db->getLastInsertID();
+ foreach($catIDs as $catID)
+ $this->insertPostCategory($post->ID,$catID);
+ }
+
+ public function updatePost($post,$newCatIDs=null)
+ {
+ if($newCatIDs!==null)
+ {
+ $cats=$this->queryCategoriesByPostID($post->ID);
+ $catIDs=array();
+ foreach($cats as $cat)
+ $catIDs[]=$cat->ID;
+ $deleteIDs=array_diff($catIDs,$newCatIDs);
+ foreach($deleteIDs as $id)
+ $this->deletePostCategory($post->ID,$id);
+ $insertIDs=array_diff($newCatIDs,$catIDs);
+ foreach($insertIDs as $id)
+ $this->insertPostCategory($post->ID,$id);
+ }
+
+ $command=$this->_db->createCommand("UPDATE tblPosts SET
+ modify_time=?,
+ title=?,
+ content=?,
+ status=?
+ WHERE id=?");
+ $command->bindValue(1, $post->ModifyTime);
+ $command->bindValue(2, $post->Title);
+ $command->bindValue(3, $post->Content);
+ $command->bindValue(4, $post->Status);
+ $command->bindValue(5, $post->ID);
+
+ $command->execute();
+ }
+
+ public function deletePost($id)
+ {
+ $cats=$this->queryCategoriesByPostID($id);
+ foreach($cats as $cat)
+ $this->deletePostCategory($id,$cat->ID);
+
+ $command=$this->_db->createCommand("DELETE FROM tblComments WHERE post_id=?");
+ $command->bindValue(1, $id);
+ $command->execute();
+
+ $command=$this->_db->createCommand("DELETE FROM tblPosts WHERE id=?");
+ $command->bindValue(1, $id);
+ $command->execute();
+ }
+
+ protected function populateCommentRecord($row)
+ {
+ $commentRecord=new CommentRecord;
+ $commentRecord->ID=(integer)$row['id'];
+ $commentRecord->PostID=(integer)$row['post_id'];
+ $commentRecord->AuthorName=$row['author_name'];
+ $commentRecord->AuthorEmail=$row['author_email'];
+ $commentRecord->AuthorWebsite=$row['author_website'];
+ $commentRecord->AuthorIP=$row['author_ip'];
+ $commentRecord->CreateTime=(integer)$row['create_time'];
+ $commentRecord->Content=$row['content'];
+ $commentRecord->Status=(integer)$row['status'];
+ return $commentRecord;
+ }
+
+ public function queryComments($filter,$orderBy,$limit)
+ {
+ //FIXME this is insecure by design since it misses proper escaping
+ if($filter!=='')
+ $filter='WHERE '.$filter;
+ $sql="SELECT * FROM tblComments $filter $orderBy $limit";
+ $rows=$this->query($sql);
+ $comments=array();
+ foreach($rows as $row)
+ $comments[]=$this->populateCommentRecord($row);
+ return $comments;
+ }
+
+ public function queryCommentsByPostID($id)
+ {
+ $sql="SELECT * FROM tblComments WHERE post_id=? ORDER BY create_time DESC";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $id);
+
+ $rows=$command->query();
+
+ $comments=array();
+ foreach($rows as $row)
+ $comments[]=$this->populateCommentRecord($row);
+ return $comments;
+ }
+
+ public function insertComment($comment)
+ {
+ $sql="INSERT INTO tblComments
+ (post_id,author_name,author_email,author_website,author_ip,create_time,status,content)
+ VALUES (?,?,?,?,?,?,?,?)";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $comment->PostID);
+ $command->bindValue(2, $comment->AuthorName);
+ $command->bindValue(3, $comment->AuthorEmail);
+ $command->bindValue(4, $comment->AuthorWebsite);
+ $command->bindValue(5, $comment->AuthorIP);
+ $command->bindValue(6, $comment->CreateTime);
+ $command->bindValue(7, $comment->Status);
+ $command->bindValue(8, $comment->Content);
+
+ $command->execute();
+ $comment->ID=$this->_db->getLastInsertID();
+ $this->query("UPDATE tblPosts SET comment_count=comment_count+1 WHERE id={$comment->PostID}");
+ }
+
+ public function updateComment($comment)
+ {
+ $sql="UPDATE tblComments SET status=? WHERE id=?";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $comment->Status);
+ $command->bindValue(2, $comment->ID);
+
+ $command->execute();
+ }
+
+ public function deleteComment($id)
+ {
+ $sql="SELECT post_id FROM tblComments WHERE id=?";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $id);
+ $result=$command->query();
+
+ if(($row=$result->read())!==false)
+ {
+ $command=$this->_db->createCommand("DELETE FROM tblComments WHERE id=?");
+ $command->bindValue(1, $id);
+ $command->execute();
+
+ $command=$this->_db->createCommand("UPDATE tblPosts SET comment_count=comment_count-1 WHERE id=?");
+ $command->bindValue(1, $row['post_id']);
+ $command->execute();
+ }
+ }
+
+ protected function populateCategoryRecord($row)
+ {
+ $catRecord=new CategoryRecord;
+ $catRecord->ID=(integer)$row['id'];
+ $catRecord->Name=$row['name'];
+ $catRecord->Description=$row['description'];
+ $catRecord->PostCount=$row['post_count'];
+ return $catRecord;
+ }
+
+ public function queryCategories()
+ {
+ $sql="SELECT * FROM tblCategories ORDER BY name ASC";
+ $rows=$this->query($sql);
+ $cats=array();
+ foreach($rows as $row)
+ $cats[]=$this->populateCategoryRecord($row);
+ return $cats;
+ }
+
+ public function queryCategoriesByPostID($postID)
+ {
+ $sql="SELECT a.id AS id,
+ a.name AS name,
+ a.description AS description,
+ a.post_count AS post_count
+ FROM tblCategories a, tblPost2Category b
+ WHERE a.id=b.category_id AND b.post_id=? ORDER BY a.name";
+
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $postID);
+ $rows=$command->query();
+
+ $cats=array();
+ foreach($rows as $row)
+ $cats[]=$this->populateCategoryRecord($row);
+ return $cats;
+ }
+
+ public function queryCategoryByID($id)
+ {
+ $sql="SELECT * FROM tblCategories WHERE id=?";
+
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $id);
+ $result=$command->query();
+
+ if(($row=$result->read())!==false)
+ return $this->populateCategoryRecord($row);
+ else
+ return null;
+ }
+
+ public function queryCategoryByName($name)
+ {
+ $sql="SELECT * FROM tblCategories WHERE name=?";
+
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $name);
+ $result=$command->query();
+
+ if(($row=$result->read())!==false)
+ return $this->populateCategoryRecord($row);
+ else
+ return null;
+ }
+
+ public function insertCategory($category)
+ {
+ $sql="INSERT INTO tblCategories
+ (name,description)
+ VALUES (?,?)";
+
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $category->Name);
+ $command->bindValue(2, $category->Description);
+ $command->execute();
+
+ $category->ID=$this->_db->getLastInsertID();
+ }
+
+ public function updateCategory($category)
+ {
+ $sql="UPDATE tblCategories SET name=?, description=?, post_count=? WHERE id=?";
+
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $category->Name);
+ $command->bindValue(2, $category->Description);
+ $command->bindValue(3, $category->PostCount);
+ $command->bindValue(4, $category->ID);
+
+ $command->execute();
+ }
+
+ public function deleteCategory($id)
+ {
+ $sql="DELETE FROM tblPost2Category WHERE category_id=?";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $id);
+ $command->execute();
+
+ $sql="DELETE FROM tblCategories WHERE id=?";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $id);
+ $command->execute();
+ }
+
+ public function insertPostCategory($postID,$categoryID)
+ {
+ $sql="INSERT INTO tblPost2Category (post_id, category_id) VALUES (?, ?)";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $postID);
+ $command->bindValue(2, $categoryID);
+ $command->execute();
+
+ $sql="UPDATE tblCategories SET post_count=post_count+1 WHERE id=?";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $categoryID);
+ $command->execute();
+
+ }
+
+ public function deletePostCategory($postID,$categoryID)
+ {
+ $sql="DELETE FROM tblPost2Category WHERE post_id=? AND category_id=?";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $postID);
+ $command->bindValue(2, $categoryID);
+ $result=$command->query();
+
+ if($result->getRowCount()>0)
+ {
+ $sql="UPDATE tblCategories SET post_count=post_count-1 WHERE id=?";
+ $command=$this->_db->createCommand($sql);
+ $command->bindValue(1, $categoryID);
+ $command->execute();
+ }
+ }
+
+ public function queryEarliestPostTime()
+ {
+ $sql="SELECT MIN(create_time) AS create_time FROM tblPosts";
+ $result=$this->query($sql);
+ if(($row=$result->read())!==false)
+ return $row['create_time'];
+ else
+ return time();
+ }
+}
+
+class UserRecord
+{
+ const ROLE_USER=0;
+ const ROLE_ADMIN=1;
+ const STATUS_NORMAL=0;
+ const STATUS_DISABLED=1;
+ const STATUS_PENDING=2;
+ public $ID;
+ public $Name;
+ public $FullName;
+ public $Role;
+ public $Password;
+ public $VerifyCode;
+ public $Email;
+ public $CreateTime;
+ public $Status;
+ public $Website;
+}
+
+class PostRecord
+{
+ const STATUS_PUBLISHED=0;
+ const STATUS_DRAFT=1;
+ const STATUS_PENDING=2;
+ const STATUS_STICKY=3;
+ public $ID;
+ public $AuthorID;
+ public $AuthorName;
+ public $CreateTime;
+ public $ModifyTime;
+ public $Title;
+ public $Content;
+ public $Status;
+ public $CommentCount;
+}
+
+class CommentRecord
+{
+ public $ID;
+ public $PostID;
+ public $AuthorName;
+ public $AuthorEmail;
+ public $AuthorWebsite;
+ public $AuthorIP;
+ public $CreateTime;
+ public $Status;
+ public $Content;
+}
+
+class CategoryRecord
+{
+ public $ID;
+ public $Name;
+ public $Description;
+ public $PostCount;
+}
+
?> \ No newline at end of file
generated by cgit v1.2.3 (git 2.51.0) at 2025-10-31 21:09:47 +0000