From 4b1c2b06196b91ebc6d68015a35bcdb6e7739333 Mon Sep 17 00:00:00 2001 From: Banana Date: Sat, 26 Oct 2019 12:21:01 +0200 Subject: [PATCH] moved status check out of class from object. Moderation of links via stats page. Updated changelog --- ChangeLog | 5 + webroot/lib/link.class.php | 249 ++++++++++------------ webroot/lib/management.class.php | 230 +++++++++++--------- webroot/view/_displaySubmitStatus.inc.php | 2 +- webroot/view/_foot.php | 1 + webroot/view/editlink.inc.php | 22 +- webroot/view/editlink.php | 2 +- webroot/view/linkinfo.inc.php | 5 +- webroot/view/overview.inc.php | 12 +- webroot/view/overview.php | 8 +- webroot/view/stats.php | 16 +- 11 files changed, 296 insertions(+), 256 deletions(-) diff --git a/ChangeLog b/ChangeLog index e34389a..efc8c76 100755 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ version 2.2alpha - Guardian of Ice - (tba) * code cleanups * using mysql transactions if needed * pagination + * authentication with an extra url now (index.php?m=auth) + * management actions shown only if authenticated + * small stats overview + * links can now be deleted... + * awaiting moderation links can new be moderated version 2.1alpha - Guardian of Fire - (2019-09-29) diff --git a/webroot/lib/link.class.php b/webroot/lib/link.class.php index 70eb169..fa09003 100644 --- a/webroot/lib/link.class.php +++ b/webroot/lib/link.class.php @@ -26,7 +26,9 @@ * */ -class Link { +class Link +{ + /** * the database object * @var object @@ -39,36 +41,22 @@ class Link { */ private $_data; - /** - * Show private links too - * @var bool - */ - private $_showPrivate = false; - - public function __construct($databaseConnectionObject) { + public function __construct($databaseConnectionObject) + { $this->DB = $databaseConnectionObject; } - /** - * Show private links or not - * @param $bool - */ - public function setShowPrivate($bool) { - if(is_bool($bool)) { - $this->_showPrivate = $bool; - } - } - /** * load all the info we have about a link by given hash * @param string $hash * @return mixed */ - public function load($hash) { + public function load($hash) + { $this->_data = array(); - if(!empty($hash)) { + if (!empty($hash)) { $queryStr = "SELECT any_value(`id`) as id, any_value(`link`) as link, @@ -79,16 +67,10 @@ class Link { any_value(`title`) as title, any_value(`image`) as image, any_value(`hash`) as hash - FROM `".DB_PREFIX."_link` - WHERE `hash` = '".$this->DB->real_escape_string($hash)."'"; - if($this->_showPrivate === true) { - $queryStr .= " AND `status` IN (2,1)"; - } - else { - $queryStr .= " AND `status` = 2"; - } + FROM `" . DB_PREFIX . "_link` + WHERE `hash` = '" . $this->DB->real_escape_string($hash) . "'"; $query = $this->DB->query($queryStr); - if(!empty($query) && $query->num_rows == 1) { + if (!empty($query) && $query->num_rows == 1) { $this->_data = $query->fetch_assoc(); # add stuff @@ -108,10 +90,11 @@ class Link { * @param $hash * @return array */ - public function loadShortInfo($hash) { + public function loadShortInfo($hash) + { $this->_data = array(); - if(!empty($hash)) { + if (!empty($hash)) { $queryStr = "SELECT any_value(`id`) as id, any_value(`link`) as link, @@ -119,16 +102,11 @@ class Link { any_value(`title`) as title, any_value(`image`) as image, any_value(`hash`) as hash - FROM `".DB_PREFIX."_link` - WHERE `hash` = '".$this->DB->real_escape_string($hash)."'"; - if($this->_showPrivate === true) { - $queryStr .= " AND `status` IN (2,1)"; - } - else { - $queryStr .= " AND `status` = 2"; - } + FROM `" . DB_PREFIX . "_link` + WHERE `hash` = '" . $this->DB->real_escape_string($hash) . "'"; + $query = $this->DB->query($queryStr); - if(!empty($query) && $query->num_rows == 1) { + if (!empty($query) && $query->num_rows == 1) { $this->_data = $query->fetch_assoc(); # add stuff @@ -140,14 +118,15 @@ class Link { } /** - * return all or data fpr given key on the current loaded link + * return all or data for given key on the current loaded link * @param bool $key * @return array|mixed */ - public function getData($key=false) { + public function getData($key = false) + { $ret = $this->_data; - if(!empty($key) && isset($this->_data[$key])) { + if (!empty($key) && isset($this->_data[$key])) { $ret = $this->_data[$key]; } @@ -157,7 +136,8 @@ class Link { /** * reload the current id from DB */ - public function reload() { + public function reload() + { $this->load($this->_data['hash']); } @@ -166,27 +146,28 @@ class Link { * @param array $data * @return boolean|int */ - public function create($data,$returnId=false) { + public function create($data, $returnId = false) + { $ret = false; - if(!isset($data['link']) || empty($data['link'])) return false; - if(!isset($data['hash']) || empty($data['hash'])) return false; - if(!isset($data['title']) || empty($data['title'])) return false; + if (!isset($data['link']) || empty($data['link'])) return false; + if (!isset($data['hash']) || empty($data['hash'])) return false; + if (!isset($data['title']) || empty($data['title'])) return false; - $queryStr = "INSERT INTO `".DB_PREFIX."_link` SET - `link` = '".$this->DB->real_escape_string($data['link'])."', + $queryStr = "INSERT INTO `" . DB_PREFIX . "_link` SET + `link` = '" . $this->DB->real_escape_string($data['link']) . "', `created` = NOW(), - `status` = '".$this->DB->real_escape_string($data['status'])."', - `description` = '".$this->DB->real_escape_string($data['description'])."', - `title` = '".$this->DB->real_escape_string($data['title'])."', - `image` = '".$this->DB->real_escape_string($data['image'])."', - `hash` = '".$this->DB->real_escape_string($data['hash'])."', - `search` = '".$this->DB->real_escape_string($data['search'])."'"; - - $this->DB->query($queryStr); - if($returnId === true) { - $ret = $this->DB->insert_id; - } + `status` = '" . $this->DB->real_escape_string($data['status']) . "', + `description` = '" . $this->DB->real_escape_string($data['description']) . "', + `title` = '" . $this->DB->real_escape_string($data['title']) . "', + `image` = '" . $this->DB->real_escape_string($data['image']) . "', + `hash` = '" . $this->DB->real_escape_string($data['hash']) . "', + `search` = '" . $this->DB->real_escape_string($data['search']) . "'"; + + $this->DB->query($queryStr); + if ($returnId === true) { + $ret = $this->DB->insert_id; + } return $ret; } @@ -196,69 +177,69 @@ class Link { * @param array $data * @return boolean|int */ - public function update($data) { + public function update($data) + { $ret = false; - if(isset($data['title']) && !empty($data['title'])) { + if (isset($data['title']) && !empty($data['title'])) { # categories and tag stuff $catArr = Summoner::prepareTagOrCategoryStr($data['category']); $tagArr = Summoner::prepareTagOrCategoryStr($data['tag']); $search = $data['title']; - $search .= ' '.$data['description']; - $search .= ' '.implode(" ",$tagArr); - $search .= ' '.implode(" ",$catArr); + $search .= ' ' . $data['description']; + $search .= ' ' . implode(" ", $tagArr); + $search .= ' ' . implode(" ", $catArr); $this->DB->begin_transaction(MYSQLI_TRANS_START_READ_WRITE); # did the image url change? $_imageUrlChanged = false; - if($this->_data['image'] != $data['image']) { + if ($this->_data['image'] != $data['image']) { $_imageUrlChanged = true; } - $queryStr = "UPDATE `".DB_PREFIX."_link` SET - `status` = '".$this->DB->real_escape_string($data['private'])."', - `description` = '".$this->DB->real_escape_string($data['description'])."', - `title` = '".$this->DB->real_escape_string($data['title'])."', - `image` = '".$this->DB->real_escape_string($data['image'])."', - `search` = '".$this->DB->real_escape_string($search)."' - WHERE `hash` = '".$this->DB->real_escape_string($this->_data['hash'])."'"; + $queryStr = "UPDATE `" . DB_PREFIX . "_link` SET + `status` = '" . $this->DB->real_escape_string($data['private']) . "', + `description` = '" . $this->DB->real_escape_string($data['description']) . "', + `title` = '" . $this->DB->real_escape_string($data['title']) . "', + `image` = '" . $this->DB->real_escape_string($data['image']) . "', + `search` = '" . $this->DB->real_escape_string($search) . "' + WHERE `hash` = '" . $this->DB->real_escape_string($this->_data['hash']) . "'"; $query = $this->DB->query($queryStr); - if($query !== false) { + if ($query !== false) { $catObj = new Category($this->DB); $tagObj = new Tag($this->DB); // clean the relations first $this->_removeTagRelation(false); $this->_removeCategoryRelation(false); - if(!empty($catArr)) { - foreach($catArr as $c) { + if (!empty($catArr)) { + foreach ($catArr as $c) { $catObj->initbystring($c); $catObj->setRelation($this->_data['id']); } } - if(!empty($tagArr)) { - foreach($tagArr as $t) { + if (!empty($tagArr)) { + foreach ($tagArr as $t) { $tagObj->initbystring($t); $tagObj->setRelation($this->_data['id']); } } # decide to store or remove the image - if(isset($data['localImage'])) { - $image = ABSOLUTE_PATH.'/'.LOCAL_STORAGE.'/thumbnail-'.$this->_data['hash']; - if($data['localImage'] === true) { - if(!file_exists($image) || $_imageUrlChanged === true) { - Summoner::downloadFile($data['image'],$image); + if (isset($data['localImage'])) { + $image = ABSOLUTE_PATH . '/' . LOCAL_STORAGE . '/thumbnail-' . $this->_data['hash']; + if ($data['localImage'] === true) { + if (!file_exists($image) || $_imageUrlChanged === true) { + Summoner::downloadFile($data['image'], $image); } - } - elseif($data['localImage'] === false) { - if(file_exists($image)) { + } elseif ($data['localImage'] === false) { + if (file_exists($image)) { unlink($image); } } @@ -266,8 +247,7 @@ class Link { $this->DB->commit(); $ret = true; - } - else { + } else { $this->DB->rollback(); } @@ -280,18 +260,19 @@ class Link { * load all the tags we have to the already loaded link * needs $this->load called first */ - private function _tags() { + private function _tags() + { $ret = array(); - if(!empty($this->_data['hash'])) { + if (!empty($this->_data['hash'])) { $queryStr = "SELECT DISTINCT tag, tagId - FROM `".DB_PREFIX."_combined` - WHERE `hash` = '".$this->DB->real_escape_string($this->_data['hash'])."'"; + FROM `" . DB_PREFIX . "_combined` + WHERE `hash` = '" . $this->DB->real_escape_string($this->_data['hash']) . "'"; $query = $this->DB->query($queryStr); - if(!empty($query) && $query->num_rows > 0) { - while($result = $query->fetch_assoc()) { - if($result['tag'] !== NULL) { + if (!empty($query) && $query->num_rows > 0) { + while ($result = $query->fetch_assoc()) { + if ($result['tag'] !== NULL) { $ret[$result['tagId']] = $result['tag']; } } @@ -306,18 +287,19 @@ class Link { * load all the categories we have to the already loaded link * needs $this->load called first */ - private function _categories() { + private function _categories() + { $ret = array(); - if(!empty($this->_data['hash'])) { + if (!empty($this->_data['hash'])) { $queryStr = "SELECT DISTINCT category, categoryId - FROM `".DB_PREFIX."_combined` - WHERE `hash` = '".$this->DB->real_escape_string($this->_data['hash'])."'"; + FROM `" . DB_PREFIX . "_combined` + WHERE `hash` = '" . $this->DB->real_escape_string($this->_data['hash']) . "'"; $query = $this->DB->query($queryStr); - if(!empty($query) && $query->num_rows > 0) { - while($result = $query->fetch_assoc()) { - if($result['category'] !== NULL) { + if (!empty($query) && $query->num_rows > 0) { + while ($result = $query->fetch_assoc()) { + if ($result['category'] !== NULL) { $ret[$result['categoryId']] = $result['category']; } } @@ -331,21 +313,21 @@ class Link { * remove all or given tag relation to the current loaded link * @param mixed $tagid */ - private function _removeTagRelation($tagid) { - if(!empty($this->_data['id'])) { + private function _removeTagRelation($tagid) + { + if (!empty($this->_data['id'])) { $queryStr = false; - if($tagid === false) { + if ($tagid === false) { $queryStr = "DELETE - FROM `".DB_PREFIX."_tagrelation` - WHERE `linkid` = '".$this->DB->real_escape_string($this->_data['id'])."'"; - } - elseif(is_numeric($tagid)) { + FROM `" . DB_PREFIX . "_tagrelation` + WHERE `linkid` = '" . $this->DB->real_escape_string($this->_data['id']) . "'"; + } elseif (is_numeric($tagid)) { $queryStr = "DELETE - FROM `".DB_PREFIX."_tagrelation` - WHERE `linkid` = '".$this->DB->real_escape_string($this->_data['id'])."' - AND `tagid` = '".$this->DB->real_escape_string($tagid)."'"; + FROM `" . DB_PREFIX . "_tagrelation` + WHERE `linkid` = '" . $this->DB->real_escape_string($this->_data['id']) . "' + AND `tagid` = '" . $this->DB->real_escape_string($tagid) . "'"; } - if(!empty($queryStr)) { + if (!empty($queryStr)) { $this->DB->query($queryStr); } } @@ -355,21 +337,21 @@ class Link { * remove all or given category relation to the current loaded link * @param mixed $categoryid */ - private function _removeCategoryRelation($categoryid) { - if(!empty($this->_data['id'])) { + private function _removeCategoryRelation($categoryid) + { + if (!empty($this->_data['id'])) { $queryStr = false; - if($categoryid === false) { + if ($categoryid === false) { $queryStr = "DELETE - FROM `".DB_PREFIX."_categoryrelation` - WHERE `linkid` = '".$this->DB->real_escape_string($this->_data['id'])."'"; - } - elseif(is_numeric($categoryid)) { + FROM `" . DB_PREFIX . "_categoryrelation` + WHERE `linkid` = '" . $this->DB->real_escape_string($this->_data['id']) . "'"; + } elseif (is_numeric($categoryid)) { $queryStr = "DELETE - FROM `".DB_PREFIX."_categoryrelation` - WHERE `linkid` = '".$this->DB->real_escape_string($this->_data['id'])."' - AND `categoryid` = '".$this->DB->real_escape_string($categoryid)."'"; + FROM `" . DB_PREFIX . "_categoryrelation` + WHERE `linkid` = '" . $this->DB->real_escape_string($this->_data['id']) . "' + AND `categoryid` = '" . $this->DB->real_escape_string($categoryid) . "'"; } - if(!empty($queryStr)) { + if (!empty($queryStr)) { $this->DB->query($queryStr); } } @@ -379,12 +361,13 @@ class Link { * determine of we have a local stored image * if so populate the localImage attribute */ - private function _image() { - if(!empty($this->_data['hash'])) { + private function _image() + { + if (!empty($this->_data['hash'])) { $this->_data['imageToShow'] = $this->_data['image']; - $image = ABSOLUTE_PATH.'/'.LOCAL_STORAGE.'/thumbnail-'.$this->_data['hash']; - if(file_exists($image)) { - $this->_data['imageToShow'] = LOCAL_STORAGE.'/thumbnail-'.$this->_data['hash']; + $image = ABSOLUTE_PATH . '/' . LOCAL_STORAGE . '/thumbnail-' . $this->_data['hash']; + if (file_exists($image)) { + $this->_data['imageToShow'] = LOCAL_STORAGE . '/thumbnail-' . $this->_data['hash']; $this->_data['localImage'] = true; } } @@ -393,10 +376,10 @@ class Link { /** * check if the status is private and set the info */ - private function _private() { - if(!empty($this->_data['status']) && $this->_data['status'] == "1") { + private function _private() + { + if (!empty($this->_data['status']) && $this->_data['status'] == "1") { $this->_data['private'] = "1"; } } } - diff --git a/webroot/lib/management.class.php b/webroot/lib/management.class.php index 07ad6c4..cc63c9d 100644 --- a/webroot/lib/management.class.php +++ b/webroot/lib/management.class.php @@ -27,19 +27,10 @@ */ class Management { - /** - * the database object - * @var object - */ - private $DB; - /** - * Show private links too - * @var bool - */ - private $_showPrivate = false; + const LINK_QUERY_STATUS = 2; - protected $COMBINED_SELECT_VALUES = "any_value(`id`) as id, + const COMBINED_SELECT_VALUES = "any_value(`id`) as id, any_value(`link`) as link, any_value(`created`) as created, any_value(`status`) as `status`, @@ -52,6 +43,20 @@ class Management { any_value(`categoryId`) as categoryId, any_value(`tagId`) as tagId"; + /** + * the database object + * @var object + */ + private $DB; + + /** + * Type of links based on status to show + * @var bool + */ + private $_queryStatus = self::LINK_QUERY_STATUS; + + + public function __construct($databaseConnectionObject) { $this->DB = $databaseConnectionObject; } @@ -61,8 +66,20 @@ class Management { * @param $bool */ public function setShowPrivate($bool) { - if(is_bool($bool)) { - $this->_showPrivate = $bool; + $this->_queryStatus = self::LINK_QUERY_STATUS; + if($bool === true) { + $this->_queryStatus = 1; + } + } + + /** + * Show awaiting moderation links or not + * @param $bool + */ + public function setShowAwm($bool) { + $this->_queryStatus = self::LINK_QUERY_STATUS; + if($bool === true) { + $this->_queryStatus = 3; } } @@ -80,16 +97,11 @@ class Management { if($stats === true) { $queryStr = "SELECT - COUNT(*) as amount, - any_value(cr.categoryid) as categoryId - FROM `".DB_PREFIX."_categoryrelation` AS cr, `".DB_PREFIX."_link` AS l - WHERE cr.linkid = l.id"; - if($this->_showPrivate === true) { - $queryStr .= " AND l.status IN (2,1)"; - } - else { - $queryStr .= " AND l.status = 2"; - } + COUNT(*) AS amount, + any_value(cr.categoryid) AS categoryId + FROM `".DB_PREFIX."_categoryrelation` AS cr, `".DB_PREFIX."_link` AS t + WHERE cr.linkid = t.id"; + $queryStr .= " AND ".$this->_decideLinkTypeForQuery(); $queryStr .= " GROUP BY categoryid"; $query = $this->DB->query($queryStr); @@ -137,16 +149,11 @@ class Management { if($stats === true) { $queryStr = "SELECT - COUNT(*) as amount, - any_value(tr.tagid) as tagId - FROM `".DB_PREFIX."_tagrelation` AS tr, `".DB_PREFIX."_link` AS l - WHERE tr.linkid = l.id"; - if($this->_showPrivate === true) { - $queryStr .= " AND l.status IN (2,1)"; - } - else { - $queryStr .= " AND l.status = 2"; - } + COUNT(*) AS amount, + any_value(tr.tagid) AS tagId + FROM `".DB_PREFIX."_tagrelation` AS tr, `".DB_PREFIX."_link` AS t + WHERE tr.linkid = t.id"; + $queryStr .= " AND ".$this->_decideLinkTypeForQuery(); $queryStr .= "GROUP BY tagId"; $query = $this->DB->query($queryStr); @@ -188,13 +195,8 @@ class Management { public function latestLinks($limit=5) { $ret = array(); - $queryStr = "SELECT `title`, `link` FROM `".DB_PREFIX."_link`"; - if($this->_showPrivate === true) { - $queryStr .= " WHERE `status` IN (2,1)"; - } - else { - $queryStr .= " WHERE `status` = 2"; - } + $queryStr = "SELECT `title`, `link` FROM `".DB_PREFIX."_link` AS t"; + $queryStr .= " WHERE ".$this->_decideLinkTypeForQuery(); $queryStr .= " ORDER BY `created` DESC"; if(!empty($limit)) { $queryStr .= " LIMIT $limit"; @@ -239,24 +241,21 @@ class Management { public function linksByCategory($id, $string, $limit=5, $offset=false) { $ret = array(); - $querySelect = "SELECT ".$this->COMBINED_SELECT_VALUES; - $queryFrom = " FROM `".DB_PREFIX."_combined`"; - $queryWhere = " WHERE `status` = 2"; - if($this->_showPrivate === true) { - $queryWhere = " WHERE `status` IN (2,1)"; - } + $querySelect = "SELECT ".self::COMBINED_SELECT_VALUES; + $queryFrom = " FROM `".DB_PREFIX."_combined` AS t"; + $queryWhere = " WHERE ".$this->_decideLinkTypeForQuery(); if(!empty($id) && is_numeric($id)) { - $queryWhere .= " AND `categoryId` = '" . $this->DB->real_escape_string($id) . "'"; + $queryWhere .= " AND t.categoryId = '" . $this->DB->real_escape_string($id) . "'"; } elseif(!empty($string) && is_string($string)) { - $queryWhere .= " AND `category` = '" . $this->DB->real_escape_string($string) . "'"; + $queryWhere .= " AND t.category = '" . $this->DB->real_escape_string($string) . "'"; } else { return $ret; } - $queryOrder = "GROUP BY `hash` - ORDER BY `created` DESC"; + $queryOrder = "GROUP BY t.hash + ORDER BY t.created DESC"; $queryLimit = ''; if(!empty($limit)) { $queryLimit .= " LIMIT $limit"; @@ -268,12 +267,11 @@ class Management { if(!empty($query) && $query->num_rows > 0) { while($result = $query->fetch_assoc()) { $linkObj = new Link($this->DB); - $linkObj->setShowPrivate($this->_showPrivate); $ret['results'][] = $linkObj->loadShortInfo($result['hash']); unset($linkObj); } - $query = $this->DB->query("SELECT COUNT(DISTINCT(hash)) AS amount ".$queryFrom.$queryWhere); + $query = $this->DB->query("SELECT COUNT(DISTINCT(t.hash)) AS amount ".$queryFrom.$queryWhere); $result = $query->fetch_assoc(); $ret['amount'] = $result['amount']; } @@ -293,24 +291,21 @@ class Management { public function linksByTag($id, $string, $limit=5, $offset=false) { $ret = array(); - $querySelect = "SELECT ".$this->COMBINED_SELECT_VALUES; - $queryFrom = " FROM `".DB_PREFIX."_combined`"; - $queryWhere = " WHERE `status` = 2"; - if($this->_showPrivate === true) { - $queryWhere = " WHERE `status` IN (2,1)"; - } + $querySelect = "SELECT ".self::COMBINED_SELECT_VALUES; + $queryFrom = " FROM `".DB_PREFIX."_combined` AS t"; + $queryWhere = " WHERE ".$this->_decideLinkTypeForQuery(); if(!empty($id) && is_numeric($id)) { - $queryWhere .= " AND `tagId` = '" . $this->DB->real_escape_string($id) . "'"; + $queryWhere .= " AND t.tagId = '" . $this->DB->real_escape_string($id) . "'"; } elseif(!empty($string) && is_string($string)) { - $queryWhere .= " AND `tag` = '" . $this->DB->real_escape_string($string) . "'"; + $queryWhere .= " AND t.tag = '" . $this->DB->real_escape_string($string) . "'"; } else { return $ret; } - $queryOrder = "GROUP BY `hash` - ORDER BY `created` DESC"; + $queryOrder = "GROUP BY t.hash + ORDER BY t.created DESC"; $queryLimit = ''; if(!empty($limit)) { $queryLimit .= " LIMIT $limit"; @@ -322,12 +317,11 @@ class Management { if(!empty($query) && $query->num_rows > 0) { while($result = $query->fetch_assoc()) { $linkObj = new Link($this->DB); - $linkObj->setShowPrivate($this->_showPrivate); $ret['results'][] = $linkObj->loadShortInfo($result['hash']); unset($linkObj); } - $query = $this->DB->query("SELECT COUNT(DISTINCT(hash)) AS amount ".$queryFrom.$queryWhere); + $query = $this->DB->query("SELECT COUNT(DISTINCT(t.hash)) AS amount ".$queryFrom.$queryWhere); $result = $query->fetch_assoc(); $ret['amount'] = $result['amount']; } @@ -345,11 +339,8 @@ class Management { $ret = array(); $querySelect = "SELECT `hash`"; - $queryFrom = " FROM `".DB_PREFIX."_link`"; - $queryWhere = " WHERE `status` = 2"; - if($this->_showPrivate === true) { - $queryWhere = " WHERE `status` IN (2,1)"; - } + $queryFrom = " FROM `".DB_PREFIX."_link` AS t"; + $queryWhere = " WHERE ".$this->_decideLinkTypeForQuery(); $queryOrder = " ORDER BY `created` DESC"; $queryLimit = ""; if(!empty($limit)) { @@ -362,12 +353,11 @@ class Management { if(!empty($query) && $query->num_rows > 0) { while($result = $query->fetch_assoc()) { $linkObj = new Link($this->DB); - $linkObj->setShowPrivate($this->_showPrivate); $ret['results'][] = $linkObj->loadShortInfo($result['hash']); unset($linkObj); } - $query = $this->DB->query("SELECT COUNT(hash) AS amount ".$queryFrom.$queryWhere); + $query = $this->DB->query("SELECT COUNT(t.hash) AS amount ".$queryFrom.$queryWhere); $result = $query->fetch_assoc(); $ret['amount'] = $result['amount']; } @@ -384,16 +374,11 @@ class Management { $ret = array(); if(!empty($categoryid) && is_numeric($categoryid)) { - $queryStr = "SELECT ".$this->COMBINED_SELECT_VALUES." - FROM `".DB_PREFIX."_combined`"; - if($this->_showPrivate === true) { - $queryStr .= " WHERE `status` IN (2,1)"; - } - else { - $queryStr .= " WHERE `status` = 2"; - } - $queryStr .= " AND `categoryId` = '" . $this->DB->real_escape_string($categoryid) . "' - ORDER BY `created` DESC + $queryStr = "SELECT ".self::COMBINED_SELECT_VALUES." + FROM `".DB_PREFIX."_combined` AS t"; + $queryStr .= " WHERE ".$this->_decideLinkTypeForQuery(); + $queryStr .= " AND t.categoryId = '" . $this->DB->real_escape_string($categoryid) . "' + ORDER BY t.created DESC LIMIT 1"; $query = $this->DB->query($queryStr); if(!empty($query) && $query->num_rows > 0) { @@ -412,14 +397,9 @@ class Management { $ret = false; if(!empty($url)) { - $queryStr = "SELECT * FROM `".DB_PREFIX."_link`"; - if($this->_showPrivate === true) { - $queryStr .= " WHERE `status` IN (2,1)"; - } - else { - $queryStr .= " WHERE `status` = 2"; - } - $queryStr .= " AND `link` = '".$this->DB->real_escape_string($url)."'"; + $queryStr = "SELECT * FROM `".DB_PREFIX."_link` AS t"; + $queryStr .= " WHERE ".$this->_decideLinkTypeForQuery(); + $queryStr .= " AND t.link = '".$this->DB->real_escape_string($url)."'"; $query = $this->DB->query($queryStr); if(!empty($query) && $query->num_rows > 0) { @@ -441,14 +421,9 @@ class Management { if(!empty($searchStr)) { $queryStr = "SELECT *, MATCH (`search`) AGAINST ('".$this->DB->real_escape_string($searchStr)."' IN BOOLEAN MODE) AS score - FROM `".DB_PREFIX."_link` + FROM `".DB_PREFIX."_link` AS t WHERE MATCH (`search`) AGAINST ('".$this->DB->real_escape_string($searchStr)."' IN BOOLEAN MODE)"; - if($this->_showPrivate === true) { - $queryStr .= " WHERE `status` IN (2,1)"; - } - else { - $queryStr .= " WHERE `status` = 2"; - } + $queryStr .= " WHERE ".$this->_decideLinkTypeForQuery(); $queryStr .= " ORDER BY score DESC"; $query = $this->DB->query($queryStr); @@ -467,13 +442,9 @@ class Management { public function linkAmount() { $ret = 0; - $queryStr = "SELECT COUNT(*) AS amount FROM `".DB_PREFIX."_link`"; - if($this->_showPrivate === true) { - $queryStr .= " WHERE `status` IN (2,1)"; - } - else { - $queryStr .= " WHERE `status` = 2"; - } + $queryStr = "SELECT COUNT(*) AS amount + FROM `".DB_PREFIX."_link` AS t"; + $queryStr .= " WHERE ".$this->_decideLinkTypeForQuery(); $query = $this->DB->query($queryStr); if(!empty($query) && $query->num_rows > 0) { @@ -540,6 +511,39 @@ class Management { return $ret; } + + /** + * Load link by given hash. Do not use Link class directly. + * Otherwise the authentication will be ignored. + * @param $hash + * @param bool $fullInfo + * @return array|mixed + */ + public function loadLink($hash,$fullInfo=true) { + $ret = array(); + + if (!empty($hash)) { + + $querySelect = "SELECT `hash`"; + $queryFrom = " FROM `" . DB_PREFIX . "_link` AS t"; + $queryWhere = " WHERE " . $this->_decideLinkTypeForQuery(); + $queryWhere .= " AND t.hash = '" . $this->DB->real_escape_string($hash) . "'"; + + $query = $this->DB->query($querySelect.$queryFrom.$queryWhere); + if (!empty($query) && $query->num_rows == 1) { + $linkObj = new Link($this->DB); + if($fullInfo === true) { + $ret = $linkObj->load($hash); + } + else { + $ret = $linkObj->loadShortInfo($hash); + } + } + } + + return $ret; + } + /** * for simpler management we have the search data in a separate column * it is not fancy or even technical nice but it damn works @@ -555,7 +559,6 @@ class Management { if(!empty($allLinks)) { foreach($allLinks as $link) { $LinkObj = new Link($this->DB); - $LinkObj->setShowPrivate($this->_showPrivate); $l = $LinkObj->load($link['hash']); $searchStr = $l['title']; @@ -578,5 +581,24 @@ class Management { } } } + + /** + * Return the query string for the correct status type + * @return string + */ + private function _decideLinkTypeForQuery() { + switch ($this->_queryStatus) { + case 1: + $ret = "t.status IN (2,1)"; + break; + case 3: + $ret = "t.status = 3"; + break; + + default: + $ret = "t.status = 2"; + } + return $ret; + } } diff --git a/webroot/view/_displaySubmitStatus.inc.php b/webroot/view/_displaySubmitStatus.inc.php index 7de6151..6ac5dcb 100644 --- a/webroot/view/_displaySubmitStatus.inc.php +++ b/webroot/view/_displaySubmitStatus.inc.php @@ -1,7 +1,7 @@
© 2016 - Insipid + - Stats
diff --git a/webroot/view/editlink.inc.php b/webroot/view/editlink.inc.php index 48dd0ee..30e4368 100644 --- a/webroot/view/editlink.inc.php +++ b/webroot/view/editlink.inc.php @@ -39,12 +39,25 @@ if(isset($_GET['id']) && !empty($_GET['id'])) { $_id = Summoner::validate($_id,'nospace') ? $_id : false; } -$linkObj = new Link($DB); -$linkObj->setShowPrivate(Summoner::simpleAuthCheck()); -$linkObj->load($_id); -$linkData = $linkObj->getData(); +$_isAwm = false; +if(isset($_GET['awm']) && !empty($_GET['awm'])) { + $_isAwm = trim($_GET['awm']); + $_isAwm = Summoner::validate($_isAwm,'digit') ? true : false; + $Management->setShowAwm($_isAwm); +} + +$linkData = $Management->loadLink($_id); if(empty($linkData)) { header("HTTP/1.0 404 Not Found"); + exit(); +} + +$linkObj = new Link($DB); +$linkObj->load($_id); + +if($_isAwm === true) { + $submitFeedback['message'] = 'To accept this link (link has moderation status), just save it. Otherwise just delete.'; + $submitFeedback['status'] = 'success'; } if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['editlink'])) { @@ -60,7 +73,6 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['editlink'])) $formData['localImage'] = true; } - $formData['description'] = trim($fData['description']); $formData['title'] = trim($fData['title']); $formData['image'] = trim($fData['image']); diff --git a/webroot/view/editlink.php b/webroot/view/editlink.php index bf345f5..6a2651c 100644 --- a/webroot/view/editlink.php +++ b/webroot/view/editlink.php @@ -94,7 +94,7 @@

URL:

-

+

diff --git a/webroot/view/linkinfo.inc.php b/webroot/view/linkinfo.inc.php index a310e9c..a0d8d95 100644 --- a/webroot/view/linkinfo.inc.php +++ b/webroot/view/linkinfo.inc.php @@ -32,11 +32,10 @@ if(isset($_GET['id']) && !empty($_GET['id'])) { $_id = Summoner::validate($_id,'nospace') ? $_id : false; } -$linkObj = new Link($DB); -$linkObj->setShowPrivate(Summoner::simpleAuthCheck()); -$linkData = $linkObj->load($_id); +$linkData = $Management->loadLink($_id); if(empty($linkData)) { header("HTTP/1.0 404 Not Found"); + exit(); } $_displayEditButton = false; diff --git a/webroot/view/overview.inc.php b/webroot/view/overview.inc.php index 8910eb0..18ad320 100644 --- a/webroot/view/overview.inc.php +++ b/webroot/view/overview.inc.php @@ -47,10 +47,11 @@ $subHeadline = false; $tagCollection = array(); $categoryCollection = array(); $pagination = array('pages' => 0); +$displayEditButton = false; +$isAwm = false; -$_displayEditButton = false; if(Summoner::simpleAuthCheck() === true) { - $_displayEditButton = true; + $displayEditButton = true; } switch($_requestMode) { @@ -86,6 +87,13 @@ switch($_requestMode) { $subHeadline = 'All the categories '; } break; + case 'awm': + Summoner::simpleAuth(); + $isAwm = true; + $subHeadline = 'Awaiting moderation'; + $Management->setShowAwm(true); + $linkCollection = $Management->links(RESULTS_PER_PAGE, (RESULTS_PER_PAGE * ($_curPage-1))); + break; case 'all': default: # show all diff --git a/webroot/view/overview.php b/webroot/view/overview.php index 4a40e09..4fa3504 100644 --- a/webroot/view/overview.php +++ b/webroot/view/overview.php @@ -116,7 +116,11 @@
@@ -138,7 +142,7 @@ - +
@@ -165,7 +169,7 @@
- +
diff --git a/webroot/view/stats.php b/webroot/view/stats.php index dcf7628..0a4ddd3 100644 --- a/webroot/view/stats.php +++ b/webroot/view/stats.php @@ -51,26 +51,32 @@
-
-
+
+

Links

# of Links:

View all

-
+

Tags

# of Tags:

View all

-
+

Categories

# of Categories:

View all

-
+

Moderation

# Moderation needed:

+

View all

+
+
+

Local image storage

+

# Moderation needed:

+

Delete all

-- 2.39.5