123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661 |
- <?php
- /**
- * Bibliotheca
- *
- * Copyright 2018-2023 Johannes Keßler
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/gpl-3.0.
- */
- /**
- * Class ManageCollections to manage collections
- */
- class ManageCollections {
- /**
- * The database object
- *
- * @var mysqli
- */
- private mysqli $_DB;
- /**
- * The user object to query with
- *
- * @var Doomguy
- */
- private Doomguy $_User;
- /**
- * ManageCollections constructor.
- *
- * @param mysqli $databaseConnectionObject
- * @param Doomguy $userObj
- */
- public function __construct(mysqli $databaseConnectionObject, Doomguy $userObj) {
- $this->_DB = $databaseConnectionObject;
- $this->_User = $userObj;
- }
- /**
- * Get all available collections for display based on current user
- *
- * @return array
- */
- public function getCollections(): array{
- $ret = array();
- $queryStr = "SELECT `c`.`id`, `c`.`name`, `c`.`description`, `c`.`created`,
- `c`.`owner`, `c`.`group`, `c`.`rights`,
- `u`.`name` AS username, `g`.`name` AS groupname
- FROM `".DB_PREFIX."_collection` AS c
- LEFT JOIN `".DB_PREFIX."_user` AS u ON `c`.`owner` = `u`.`id`
- LEFT JOIN `".DB_PREFIX."_group` AS g ON `c`.`group` = `g`.`id`
- WHERE ".$this->_User->getSQLRightsString("write", "c")."
- ORDER BY `c`.`name`";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if ($query !== false && $query->num_rows > 0) {
- while (($result = $query->fetch_assoc()) != false) {
- $ret[$result['id']] = $result;
- }
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- return $ret;
- }
- /**
- * Retrieve the groups for selection based on user rights
- *
- * @return array
- */
- public function getGroupsForSelection(): array {
- $ret = array();
- $queryStr = "SELECT `id`, `name`, `description`
- FROM `".DB_PREFIX."_group`
- WHERE ".$this->_User->getSQLRightsString()."
- ORDER BY `name`";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- while(($result = $query->fetch_assoc()) != false) {
- $ret[$result['id']] = $result;
- }
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- return $ret;
- }
- /**
- * Fetch all available users for selection based on current user rights
- *
- * @return array
- */
- public function getUsersForSelection(): array {
- $ret = array();
- $queryStr = "SELECT `id`, `name`, `login`
- FROM `".DB_PREFIX."_user`
- WHERE ".$this->_User->getSQLRightsString()."";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- while(($result = $query->fetch_assoc()) != false) {
- $ret[$result['id']] = $result;
- }
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- return $ret;
- }
- /**
- * Fetch all available tools based on current user rights
- *
- * @return array
- */
- public function getToolsForSelection(): array {
- $ret = array();
- $queryStr = "SELECT `id`, `name`, `description`
- FROM `".DB_PREFIX."_tool`
- WHERE ".$this->_User->getSQLRightsString()."";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- while(($result = $query->fetch_assoc()) != false) {
- $ret[$result['id']] = $result;
- }
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- return $ret;
- }
- /**
- * Create new collection entry in collection table. Provide valid data
- * only $name will be checked again
- *
- * @param array $data
- * @return bool
- */
- public function createCollection(array $data): bool {
- $ret = false;
- if(!empty($data['name']) === true
- && $this->_validNewCollectionName($data['name']) === true
- ) {
- try {
- $this->_DB->begin_transaction(MYSQLI_TRANS_START_READ_WRITE);
- $queryStr = "INSERT INTO `".DB_PREFIX."_collection`
- SET `name` = '".$this->_DB->real_escape_string($data['name'])."',
- `description` = '".$this->_DB->real_escape_string($data['description'])."',
- `owner` = '".$this->_DB->real_escape_string($data['owner'])."',
- `group` = '".$this->_DB->real_escape_string($data['group'])."',
- `rights` = '".$this->_DB->real_escape_string($data['rights'])."',
- `defaultSearchField` = '".$this->_DB->real_escape_string($data['defaultSearchField'])."',
- `defaultSortField` = '".$this->_DB->real_escape_string($data['defaultSortField'])."',
- `defaultSortOrder` = '".$this->_DB->real_escape_string($data['defaultSortOrder'])."',
- `advancedSearchTableFields` = '".$this->_DB->real_escape_string($data['advancedSearchTableFields'])."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- $this->_DB->query($queryStr);
- $newId = $this->_DB->insert_id;
- $this->_updateToolRelation($newId,$data['tool']);
- $this->_DB->commit();
- // mysql implicit commit with create table
- // rollback does not really solve if there is an error
- $queryEntry2lookup = "CREATE TABLE `".DB_PREFIX."_collection_entry2lookup_".$newId."` (
- `fk_field` int NOT NULL,
- `fk_entry` int NOT NULL,
- `value` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL,
- KEY `fk_entry` (`fk_entry`),
- KEY `fk_field` (`fk_field`),
- FULLTEXT KEY `value` (`value`)
- ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryEntry2lookup));
- $this->_DB->query($queryEntry2lookup);
- $queryCollectionFields = "CREATE TABLE `".DB_PREFIX."_collection_fields_".$newId."` (
- `fk_field_id` int NOT NULL,
- `sort` int NOT NULL,
- UNIQUE KEY `fk_field_id` (`fk_field_id`),
- KEY `sort` (`sort`)
- ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryCollectionFields));
- $this->_DB->query($queryCollectionFields);
- $queryCollectionEntry = "CREATE TABLE `".DB_PREFIX."_collection_entry_".$newId."` (
- `id` int NOT NULL AUTO_INCREMENT,
- `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
- `modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
- `modificationuser` int NOT NULL,
- `owner` int NOT NULL,
- `group` int NOT NULL,
- `rights` char(9) COLLATE utf8mb4_bin NOT NULL,
- PRIMARY KEY (`id`)
- ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryCollectionEntry));
- $this->_DB->query($queryCollectionEntry);
- $ret = true;
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- $this->_DB->rollback();
- }
- }
- return $ret;
- }
- /**
- * Load the information from collection table for given $id
- *
- * @param string $id Number
- * @return array
- */
- public function getEditData(string $id): array {
- $ret = array();
- if (Summoner::validate($id, 'digit')) {
- $queryStr = "SELECT `c`.`id`, `c`.`name`, `c`.`description`, `c`.`created`,
- `c`.`owner`, `c`.`group`, `c`.`rights`, `c`.`defaultSearchField`,
- `c`.`defaultSortField`, `c`.`advancedSearchTableFields`,
- `c`.`defaultSortOrder`,
- `u`.`name` AS username, `g`.`name` AS groupname
- FROM `".DB_PREFIX."_collection` AS c
- LEFT JOIN `".DB_PREFIX."_user` AS u ON `c`.`owner` = `u`.`id`
- LEFT JOIN `".DB_PREFIX."_group` AS g ON `c`.`group` = `g`.`id`
- WHERE ".$this->_User->getSQLRightsString("write", "c")."
- AND `c`.`id` = '".$this->_DB->real_escape_string($id)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- $ret = $query->fetch_assoc();
- $ret['rights'] = Summoner::prepareRightsArray($ret['rights']);
- $ret['tool'] = $this->getAvailableTools($id);
- $ret['advancedSearchTableFields'] = $this->_loadAdvancedSearchTableFields($ret['advancedSearchTableFields']);
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- }
- return $ret;
- }
- /**
- * Update collection with given data identified by given id
- * See method for the fields
- *
- * @param array $data
- * @return bool
- */
- public function updateCollection(array $data): bool {
- $ret = false;
- if(DEBUG) Summoner::sysLog("[DEBUG] ".__METHOD__." data: ".Summoner::cleanForLog($data));
- if(!empty($data['name']) === true
- && $this->_validUpdateCollectionName($data['name'], $data['id']) === true
- && Summoner::validate($data['id'], 'digit')
- ) {
- $queryStr = "UPDATE `".DB_PREFIX."_collection`
- SET `name` = '".$this->_DB->real_escape_string($data['name'])."',
- `description` = '".$this->_DB->real_escape_string($data['description'])."',
- `owner` = '".$this->_DB->real_escape_string($data['owner'])."',
- `group` = '".$this->_DB->real_escape_string($data['group'])."',
- `rights` = '".$this->_DB->real_escape_string($data['rights'])."',
- `defaultSearchField` = '".$this->_DB->real_escape_string($data['defaultSearchField'])."',
- `defaultSortField` = '".$this->_DB->real_escape_string($data['defaultSortField'])."',
- `defaultSortOrder` = '".$this->_DB->real_escape_string($data['defaultSortOrder'])."',
- `advancedSearchTableFields` = '".$this->_DB->real_escape_string($data['advancedSearchTableFields'])."'
- WHERE `id` = '".$this->_DB->real_escape_string($data['id'])."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $this->_DB->query($queryStr);
- $this->_updateToolRelation($data['id'],$data['tool']);
- if($data['doRightsForEntries'] === true) {
- $this->_updateEntryRights($data['id'], $data['owner'], $data['group'], $data['rights']);
- }
- $ret = true;
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- // update the search field if it is a field from the collection entry table
- // and add the index. The lookup table has already a fulltext index on value
- $queryCheck = "SHOW COLUMNS FROM `".DB_PREFIX."_collection_entry_".$data['id']."`
- LIKE '".$this->_DB->real_escape_string($data['defaultSearchField'])."'";
- $queryStr = "CREATE FULLTEXT INDEX ".$this->_DB->real_escape_string($data['defaultSearchField'])."
- ON `".DB_PREFIX."_collection_entry_".$data['id']."`
- (`".$this->_DB->real_escape_string($data['defaultSearchField'])."`)";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryCheck));
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryCheck);
- if($query !== false && $query->num_rows > 0) {
- $this->_DB->query($queryStr);
- // altering or adding an index while data exists
- // ignores the collation (?)
- // optimize does a recreation and the column collation
- // is considered
- $this->_DB->query("OPTIMIZE TABLE `".DB_PREFIX."_collection_entry_".$data['id']."`");
- }
- } catch (Exception $e) {
- if($e->getCode() == "1061") {
- // duplicate key message if the index is already there.
- Summoner::sysLog("[NOTICE] ".__METHOD__." mysql query: ".$e->getMessage());
- }
- else {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql query: ".$e->getMessage());
- }
- }
- }
- return $ret;
- }
- /**
- * Delete collection identified by given id
- * This removes everything and drops tables!
- *
- * @param string $id Number
- * @return bool
- */
- public function deleteCollection(string $id): bool {
- $ret = false;
- if(!empty($id) && Summoner::validate($id, 'digit')) {
- $queryStr = "DELETE FROM `".DB_PREFIX."_collection`
- WHERE `id` = '".$this->_DB->real_escape_string($id)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- $queryStrTool = "DELETE FROM `".DB_PREFIX."_tool2collection`
- WHERE `fk_collection_id` = '".$this->_DB->real_escape_string($id)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStrTool));
- $queryStre2l = "DROP TABLE `".DB_PREFIX."_collection_entry2lookup_".$this->_DB->real_escape_string($id)."`";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStre2l));
- $queryStrEntry = "DROP TABLE `".DB_PREFIX."_collection_entry_".$this->_DB->real_escape_string($id)."`";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStrEntry));
- $queryStrFields = "DROP TABLE `".DB_PREFIX."_collection_fields_".$this->_DB->real_escape_string($id)."`";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStrFields));
- // mysql implicit commit with drop command
- // transaction does not really help here.
- // https://dev.mysql.com/doc/refman/8.0/en/implicit-commit.html
- try {
- $this->_DB->begin_transaction(MYSQLI_TRANS_START_READ_WRITE);
- $this->_DB->query($queryStr);
- $this->_DB->query($queryStrTool);
- $this->_DB->commit();
- $this->_DB->query($queryStre2l);
- $this->_DB->query($queryStrEntry);
- $this->_DB->query($queryStrFields);
- Summoner::recursive_remove_directory(PATH_STORAGE.'/'.$id);
- $ret = true;
- }
- catch (Exception $e) {
- $this->_DB->rollback();
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- }
- return $ret;
- }
- /**
- * Load the tools configured to the given collection
- *
- * @param string $id Number
- * @return array
- */
- public function getAvailableTools(string $id): array {
- $ret = array();
- $queryStr = "SELECT `t`.`id`, `t`.`name`, `t`.`description`, `t`.`action`, `t`.`target`
- FROM `".DB_PREFIX."_tool2collection` AS t2c
- LEFT JOIN `".DB_PREFIX."_tool` AS t ON t.id = t2c.fk_tool_id
- WHERE t2c.fk_collection_id = '".$this->_DB->real_escape_string($id)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- while(($result = $query->fetch_assoc()) != false) {
- $ret[$result['id']] = $result;
- }
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- return $ret;
- }
- /**
- * Selects the text entry fields, gets their data, combines the words and writes it into the search field
- * for every entry in the current loaded collection
- *
- * @param string $collectionId The id of the collection
- * @param array $searchFields The available search fields of the given collection
- * @return bool
- */
- public function updateSearchData(string $collectionId, array $searchFields): bool {
- $ret = false;
- // simple search fields for loaded collection
- // Every field witch has a column in the entry table is a simple search field.
- // Name starts with entry. Here we want only the text fields
- // Those fields are the data for the combined search field
- $dataFields = array();
- $_fieldAvailable = false;
- if(!empty($searchFields)) {
- foreach($searchFields as $k=>$v) {
- if($v['identifier'] == "combSearch") {
- $_fieldAvailable = true;
- continue;
- }
- if(isset($v['searchtype']) && str_contains($v['searchtype'], 'Text')) {
- $dataFields[$k] = $v['identifier'];
- }
- }
- }
- // only if the combSearch field is available in the collection
- if(!$_fieldAvailable) return $ret;
- // get the search data for every entry in the collection
- $entryData = array();
- if(!empty($dataFields)) {
- $fieldStr = implode(",",$dataFields);
- $queryStr = "SELECT id,".$fieldStr." FROM `".DB_PREFIX."_collection_entry_".$collectionId."`";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- $entryData = $query->fetch_all(MYSQLI_ASSOC);
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- }
- // build the search data and update the entries
- if(!empty($entryData)) {
- foreach($entryData as $d) {
- $entryid = $d['id'];
- unset($d['id']);
- $searchData = implode(" ",$d);
- $searchData = implode(" ", Summoner::words($searchData));
- $queryStr = "UPDATE `".DB_PREFIX."_collection_entry_".$collectionId."`
- SET `combSearch` = '".$this->_DB->real_escape_string($searchData)."'
- WHERE `id` = '".$entryid."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $this->_DB->query($queryStr);
- $ret = true;
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- }
- }
- return $ret;
- }
- /**
- * Check if given name can be used as a new one
- *
- * @param string $name
- * @return bool
- */
- private function _validNewCollectionName(string $name): bool {
- $ret = false;
- if (Summoner::validate($name, 'nospace')) {
- $queryStr = "SELECT `id` FROM `".DB_PREFIX."_collection`
- WHERE `name` = '".$this->_DB->real_escape_string($name)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if ($query !== false && $query->num_rows < 1) {
- $ret = true;
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- }
- return $ret;
- }
- /**
- * Check if given name can be used as a new name for id
- *
- * @param string $name
- * @param string $id Number
- * @return bool
- */
- private function _validUpdateCollectionName(string $name, string $id): bool {
- $ret = false;
- if (Summoner::validate($name, 'nospace')
- && Summoner::validate($id,'digit')
- ) {
- $queryStr = "SELECT `id` FROM `".DB_PREFIX."_collection`
- WHERE `name` = '".$this->_DB->real_escape_string($name)."'
- AND `id` != '".$this->_DB->real_escape_string($id)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $query = $this->_DB->query($queryStr);
- if ($query !== false && $query->num_rows < 1) {
- $ret = true;
- }
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- }
- return $ret;
- }
- /**
- * Update the given colletion ($id) with the given tool array
- *
- * @param string $id Number
- * @param array $tool
- * @return bool
- */
- private function _updateToolRelation(string $id, array $tool): bool {
- $ret = false;
- $queryStr = "DELETE FROM `".DB_PREFIX."_tool2collection`
- WHERE `fk_collection_id` = '".$this->_DB->real_escape_string($id)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $this->_DB->begin_transaction(MYSQLI_TRANS_START_READ_WRITE);
- $this->_DB->query($queryStr);
- if(!empty($tool)) {
- foreach($tool as $k=>$v) {
- if(!empty($v)) {
- $insertQueryStr = "INSERT IGNORE INTO `".DB_PREFIX."_tool2collection`
- SET `fk_tool_id` = '".$this->_DB->real_escape_string($v)."',
- `fk_collection_id` = '".$this->_DB->real_escape_string($id)."'";
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($insertQueryStr));
- $this->_DB->query($insertQueryStr);
- }
- }
- }
- $this->_DB->commit();
- $ret = true;
- }
- catch (Exception $e) {
- $this->_DB->rollback();
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- return $ret;
- }
- /**
- * Update the rights from the group to the entries in this collection
- *
- * @param string $collectionId
- * @param string $owner
- * @param string $group
- * @param string $rights
- */
- private function _updateEntryRights(string $collectionId, string $owner='', string $group='', string $rights=''): void {
- if(!empty($collectionId)) {
- $queryStr = "UPDATE `".DB_PREFIX."_collection_entry_".$collectionId."` SET";
- if(Summoner::validate($owner, "digit")) {
- $queryStr .= " `owner` = '".$this->_DB->real_escape_string($owner)."',";
- }
- if(Summoner::validate($group, "digit")) {
- $queryStr .= " `group` = '".$this->_DB->real_escape_string($group)."',";
- }
- if(Summoner::validate($rights, "rights")) {
- $queryStr .= " `rights` = '".$this->_DB->real_escape_string($rights)."',";
- }
- $queryStr = trim($queryStr, ",");
- if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
- try {
- $this->_DB->query($queryStr);
- }
- catch (Exception $e) {
- Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
- }
- }
- }
- /**
- * Make a key=>value array of a comma seperated string and use the value as key
- *
- * @param string $data
- * @return array
- */
- private function _loadAdvancedSearchTableFields(string $data): array {
- $ret = array();
- $_t = explode(',',$data);
- foreach($_t as $e) {
- $ret[$e] = $e;
- }
- return $ret;
- }
- }
|