PHP db_es函数代码示例

function svn_data_get_revision_detail($group_id, $commit_id, $rev_id = 0, $order = '')
{
    $order_str = "";
    if ($order) {
        if ($order != 'filename') {
            // SQLi Warning: no real possibility to escape $order here.
            // We rely on a proper filtering of user input by calling methods.
            $order_str = " ORDER BY " . $order;
        } else {
            $order_str = " ORDER BY dir, file";
        }
    }
    //check user access rights
    $pm = ProjectManager::instance();
    $project = $pm->getProject($group_id);
    $forbidden = svn_utils_get_forbidden_paths(user_getname(), $project->getSVNRootPath());
    $where_forbidden = "";
    if (!empty($forbidden)) {
        while (list($no_access, ) = each($forbidden)) {
            $where_forbidden .= " AND svn_dirs.dir not like '%" . db_es(substr($no_access, 1)) . "%' ";
        }
    }
    // if the subversion revision id is given then it akes precedence on
    // the internal commit_id (this is to make it easy for users to build
    // URL to access a revision
    if ($rev_id) {
        // To be done -> get the commit ID from the svn-commit table
        $sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.revision=" . db_ei($rev_id) . " " . "AND svn_commits.group_id=" . db_ei($group_id) . " " . $where_forbidden . $order_str;
    } else {
        $sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.id=" . db_ei($commit_id) . " " . $where_forbidden . $order_str;
    }
    $result = db_query($sql);
    return $result;
}

 /**
  *	return a resultset of Group
  *
  *	@return	resultset
  */
 function getAllGroups()
 {
     global $Language;
     if (user_isloggedin()) {
         // For  surperuser), we can see all the trackers (both public and non public)
         if (user_is_super_user()) {
             $access_condition = '';
         } else {
             $access_condition = " AND access != '" . db_es(Project::ACCESS_PRIVATE) . "' ";
         }
     } else {
         if (isset($GLOBALS['Language'])) {
             $this->setError($Language->getText('include_exit', 'perm_denied'));
         }
         return false;
     }
     $sql = "SELECT group_id,group_name,unix_group_name FROM groups\n\t\t\tWHERE group_id <> 100 AND status = 'A'\n\t\t\t{$access_condition}\n\t\t\tORDER BY group_name ASC";
     //echo $sql;
     $result = db_query($sql);
     $rows = db_numrows($result);
     if (!$result || $rows < 1) {
         if (isset($GLOBALS['Language'])) {
             $this->setError($Language->getText('include_common_groupfactory', 'none_found', db_error()));
         }
         return false;
     }
     return $result;
 }

function verify_login_valid()
{
    global $Language;
    $request =& HTTPRequest::instance();
    if (!$request->existAndNonEmpty('form_loginname')) {
        $GLOBALS['Response']->addFeedback('error', $Language->getText('include_session', 'missing_pwd'));
        return 0;
    }
    // first check just confirmation hash
    $res = db_query('SELECT confirm_hash,status FROM user WHERE ' . 'user_name=\'' . db_es($request->get('form_loginname')) . '\'');
    if (db_numrows($res) < 1) {
        $GLOBALS['Response']->addFeedback('error', $Language->getText('account_verify', 'err_user'));
        return 0;
    }
    $usr = db_fetch_array($res);
    //if sys_user_approval=1 then check if the admin aldready validates the account
    if ($GLOBALS['sys_user_approval'] == 0 || $usr['status'] == 'V' || $usr['status'] == 'W') {
        if (strcmp($request->get('confirm_hash'), $usr['confirm_hash'])) {
            $GLOBALS['Response']->addFeedback('error', $Language->getText('account_verify', 'err_hash'));
            return 0;
        }
    } else {
        $GLOBALS['Response']->addFeedback('error', $Language->getText('account_verify', 'err_status'));
        return 0;
    }
    // then check valid login
    return UserManager::instance()->login($request->get('form_loginname'), $request->get('form_pw'), true);
}

 /**
  * Fill the arrays $this->source_refs_datas and $this->target_refs_datas
  * for the current CrossReferenceFactory  
  */
 function fetchDatas()
 {
     $sql = "SELECT * \n                FROM cross_references \n                WHERE  (target_gid=" . db_ei($this->entity_gid) . " AND target_id='" . db_ei($this->entity_id) . "' AND target_type='" . db_es($this->entity_type) . "' )\n                     OR (source_gid=" . db_ei($this->entity_gid) . " AND source_id='" . db_ei($this->entity_id) . "' AND source_type='" . db_es($this->entity_type) . "' )";
     $res = db_query($sql);
     if ($res && db_numrows($res) > 0) {
         $this->source_refs_datas = array();
         $this->target_refs_datas = array();
         while ($field_array = db_fetch_array($res)) {
             $target_id = $field_array['target_id'];
             $target_gid = $field_array['target_gid'];
             $target_type = $field_array['target_type'];
             $target_key = $field_array['target_keyword'];
             $source_id = $field_array['source_id'];
             $source_gid = $field_array['source_gid'];
             $source_type = $field_array['source_type'];
             $source_key = $field_array['source_keyword'];
             $user_id = $field_array['user_id'];
             $created_at = $field_array['created_at'];
             if ($target_id == $this->entity_id && $target_gid == $this->entity_gid && $target_type == $this->entity_type) {
                 $this->source_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
             }
             if ($source_id == $this->entity_id && $source_gid == $this->entity_gid && $source_type == $this->entity_type) {
                 $this->target_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
             }
         }
     }
 }

function new_utils_get_new_releases($start_time, &$select, &$from, &$where)
{
    $frsrf = new FRSReleaseFactory();
    $select = "SELECT groups.group_name AS group_name, " . "groups.group_id AS group_id, " . "groups.unix_group_name AS unix_group_name, " . "frs_release.release_id AS release_id, " . "frs_release.name AS release_version, " . "frs_release.release_date AS release_date, " . "frs_package.package_id AS package_id ";
    $from = "FROM groups,frs_package,frs_release ";
    $where = "WHERE frs_release.release_date > " . db_ei($start_time) . " " . "AND frs_release.package_id = frs_package.package_id " . "AND frs_package.group_id = groups.group_id " . "AND frs_release.status_id=" . $frsrf->STATUS_ACTIVE . " " . "AND groups.access != '" . db_es(Project::ACCESS_PRIVATE) . "'";
}

/**
* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
* 
* 
* 
*/
function service_create_service($arr, $group_id, $template, $force_enable = false)
{
    // Convert link to real values
    // NOTE: if you change link variables here, change them also in src/www/project/admin/servicebar.php and src/www/include/Layout.class.php
    $link = $arr['link'];
    $pm = ProjectManager::instance();
    if ($template['system']) {
        $link = str_replace('$projectname', $pm->getProject($group_id)->getUnixName(), $link);
        $link = str_replace('$sys_default_domain', $GLOBALS['sys_default_domain'], $link);
        $link = str_replace('$group_id', $group_id, $link);
        if ($GLOBALS['sys_force_ssl']) {
            $sys_default_protocol = 'https';
        } else {
            $sys_default_protocol = 'http';
        }
        $link = str_replace('$sys_default_protocol', $sys_default_protocol, $link);
    } else {
        //for non-system templates
        $link = service_replace_template_name_in_link($link, $template, $pm->getProject($group_id));
    }
    $is_used = isset($template['is_used']) ? $template['is_used'] : $arr['is_used'];
    $server_id = isset($template['server_id']) ? $template['server_id'] : $arr['server_id'];
    $sql = "INSERT INTO service (group_id, label, description, short_name, link, is_active, is_used, scope, rank, location, server_id, is_in_iframe) VALUES (" . db_ei($group_id) . ", '" . db_es($arr['label']) . "', '" . db_es($arr['description']) . "', '" . db_es($arr['short_name']) . "', '" . db_es($link) . "', " . db_ei($arr['is_active']) . ", " . ($force_enable ? 1 : db_ei($is_used)) . ", '" . db_es($arr['scope']) . "', " . db_ei($arr['rank']) . ",  '" . db_es($arr['location']) . "', " . db_ei($server_id) . ", " . db_ei($arr['is_in_iframe']) . ")";
    $result = db_query($sql);
    if ($result) {
        // activate corresponding references
        $reference_manager =& ReferenceManager::instance();
        if ($arr['short_name'] != "") {
            $reference_manager->addSystemReferencesForService($template['id'], $group_id, $arr['short_name']);
        }
        return true;
    } else {
        return false;
    }
}

function group_getid_by_name($groupname)
{
    $res = db_query("SELECT group_id FROM groups WHERE unix_group_name='" . db_es($groupname) . "'");
    if (db_numrows($res) == 0) {
        return false;
    } else {
        return db_result($res, 0, 'group_id');
    }
}

/**
 * get_public_active_projects_asc() - Get a list of rows for public active projects (initially in trove/full_list)
 *
 * @param  int Opional Maximum number of rows to limit query length·
 */
function get_public_active_projects_asc($max_query_limit = -1)
{
    $private_access = db_es(Project::ACCESS_PRIVATE);
    $res_grp = db_query("\n        SELECT group_id, group_name, unix_group_name, short_description, register_time\n        FROM groups\n        WHERE status = 'A' AND access != '{$private_access}' AND group_id > 4 AND register_time > 0\n        ORDER BY group_name ASC\n\t\t\t");
    $projects = array();
    while ($row_grp = db_fetch_array($res_grp)) {
        if (!forge_check_perm('project_read', $row_grp['group_id'])) {
            continue;
        }
        $projects[] = $row_grp;
    }
    return $projects;
}

function trove_genfullpaths($mynode, $myfullpath, $myfullpathids)
{
    // first generate own path
    $res_update = db_query('UPDATE trove_cat SET fullpath=\'' . db_es($myfullpath) . '\',fullpath_ids=\'' . db_es($myfullpathids) . '\' WHERE trove_cat_id=' . db_ei($mynode));
    $res_child = db_query('SELECT trove_cat_id,fullname FROM ' . 'trove_cat WHERE parent=' . db_ei($mynode));
    while ($row_child = db_fetch_array($res_child)) {
        //for the root node everything works a bit different ...
        if (!$mynode) {
            trove_genfullpaths($row_child['trove_cat_id'], $row_child['fullname'], $row_child['trove_cat_id']);
        } else {
            trove_genfullpaths($row_child['trove_cat_id'], $myfullpath . ' :: ' . $row_child['fullname'], $myfullpathids . ' :: ' . $row_child['trove_cat_id']);
        }
    }
}

function register_valid()
{
    global $Language;
    $request =& HTTPRequest::instance();
    if (!$request->isPost() || !$request->exist('Update')) {
        return 0;
    }
    if (!$request->existAndNonEmpty('form_realname')) {
        $GLOBALS['Response']->addFeedback('error', $Language->getText('account_change_realname', 'error'));
        return 0;
    }
    // if we got this far, it must be good
    $sql = "UPDATE user SET realname='" . db_es($request->get('form_realname')) . "' WHERE user_id=" . user_getid();
    db_query($sql);
    return 1;
}

 protected function updateSpecificProperties($row)
 {
     $db_update_needed = false;
     foreach (array('field_base') as $prop) {
         if (isset($row[$prop]) && $this->{$prop} != $row[$prop]) {
             $this->{$prop} = $row[$prop];
             $db_update_needed = true;
         }
     }
     if ($db_update_needed) {
         $sql = sprintf("UPDATE plugin_graphontrackers_pie_chart SET\n                       field_base = '%s'\n                       WHERE id = %d", db_es($this->field_base), db_ei($this->id));
         $res = db_query($sql);
         return db_affected_rows($res);
     }
     return false;
 }

 function getAllProject($offset, $limit, $condition, $pattern)
 {
     $projects = array();
     if (count($condition) > 0) {
         $statements = '(';
         $i = 0;
         $nbConditions = count($condition) - 1;
         for ($i; $i < $nbConditions; $i++) {
             $statements .= db_es($condition[$i]) . ' LIKE "%' . db_es($pattern) . '%" OR ';
         }
         $statements .= db_es($condition[$i]) . ' LIKE "%' . db_es($pattern) . '%") AND ';
     }
     $sql = 'SELECT SQL_CALC_FOUND_ROWS group_name, group_id, unix_group_name, is_public FROM groups WHERE ' . $statements . ' status = "A" ORDER BY register_time DESC LIMIT ' . db_ei($offset) . ', ' . db_ei($limit);
     $res = db_query($sql);
     $sql = 'SELECT FOUND_ROWS() as nb';
     $res_numrows = db_query($sql);
     $row = db_fetch_array($res_numrows);
     return array('projects' => $res, 'numrows' => $row['nb']);
 }

 /**
  *  updateDateFieldReminderSettings - use this to update the date-fields reminder settings in the database.
  *
  *  @param  $field_id   The date field concerned by the notification.
  *  @param  $group_artifact_id  The tracker id
  *  @param  $start  When will the notification start taking effect, with regards to date occurence (in days)
  *  @param  $type   What is the type of the notification (after date occurence, before date occurence)
  *  @param  $frequency  At which frequency (in days) the notification wil occur
  *  @param  $recurse    How many times the notification mail will be sent
  *  @param  $submitter  Is submitter notified ?
  *  @param  $assignee   Is assignee notified ?
  *  @param  $cc Is cc notified ?
  *  @param  $commenter  Is commetner notified ?
  *
  *  @return true on success, false on failure.
  */
 function updateDateFieldReminderSettings(ArtifactType $at, ArtifactField $field, $group_artifact_id, $start, $notif_type, $frequency, $recurse, $people_notified)
 {
     $res = $this->getDateFieldReminderSettings($field->getID(), $group_artifact_id);
     if ($res && !db_error($res)) {
         $notified_users = implode(",", $people_notified);
         if (db_numrows($res) == 0) {
             // No reminder, create it
             $insert = 'INSERT INTO artifact_date_reminder_settings' . '(field_id, group_artifact_id, notification_start, notification_type, frequency, recurse, notified_people)' . ' VALUES' . ' (' . db_ei($field->getId()) . ',' . db_ei($group_artifact_id) . ',' . db_ei($start) . ',' . db_ei($notif_type) . ',' . db_ei($frequency) . ',' . db_ei($recurse) . ',"' . db_es($notified_users) . '")';
             $inserted = db_query($insert);
             if ($inserted) {
                 $this->populateProcessingForField($at, $field->getId(), $group_artifact_id);
                 return true;
             }
             return false;
         } else {
             //update reminder settings
             $update = sprintf('UPDATE artifact_date_reminder_settings' . ' SET notification_start=%d' . ' , notification_type=%d' . ' , frequency=%d' . ' , recurse=%d' . ' , notified_people="%s"' . ' WHERE group_artifact_id=%d' . ' AND field_id=%d', db_ei($start), db_ei($notif_type), db_ei($frequency), db_ei($recurse), db_es($notified_users), db_ei($group_artifact_id), db_ei($field->getId()));
             $result = db_query($update);
             return $result;
         }
     } else {
         return false;
     }
 }

require_once 'pre.php';
require_once 'common/mail/Mail.class.php';
require_once 'common/event/EventManager.class.php';
$em =& EventManager::instance();
$em->processEvent('before_change_email-confirm', array());
$request =& HTTPRequest::instance();
$confirm_hash = substr(md5($GLOBALS['session_hash'] . time()), 0, 16);
$res_user = db_query("SELECT * FROM user WHERE user_id=" . user_getid());
if (db_numrows($res_user) < 1) {
    exit_error("Invalid User", "That user does not exist.");
}
$row_user = db_fetch_array($res_user);
$mail_is_sent = false;
$form_newemail = $request->get('form_newemail');
if (validate_email($form_newemail)) {
    db_query("UPDATE user SET confirm_hash='" . $confirm_hash . "',email_new='" . db_es($form_newemail) . "' " . "WHERE user_id=" . $row_user['user_id']);
    $message = stripcslashes($Language->getText('account_change_email-confirm', 'message', array($GLOBALS['sys_name'], get_server_url() . "/account/change_email-complete.php?confirm_hash=" . $confirm_hash)));
    $mail = new Mail();
    $mail->setTo($form_newemail, true);
    $mail->setSubject($GLOBALS['sys_name'] . ': ' . $Language->getText('account_change_email-confirm', 'title'));
    $mail->setBody($message);
    $mail->setFrom($GLOBALS['sys_noreply']);
    $mail_is_sent = $mail->send();
    if (!$mail_is_sent) {
        $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'mail_failed', array($GLOBALS['sys_email_admin'])));
    }
} else {
    $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_utils', 'invalid_email'));
}
site_header(array('title' => $Language->getText('account_change_email-confirm', 'title')));
?>

function file_utils_update_proc($pid, $pname, $prank)
{
    global $group_id, $Language;
    $sql = sprintf('UPDATE frs_processor' . ' SET name = "%s",rank = %d' . ' WHERE processor_id=%d' . ' AND group_id=%d', db_es($pname), db_ei($prank), db_ei($pid), db_ei($group_id));
    $result = db_query($sql);
    if ($result) {
        $GLOBALS['Response']->addFeedback('info', $Language->getText('file_file_utils', 'update_proc_success'));
    } else {
        $GLOBALS['Response']->addFeedback('error', $Language->getText('file_file_utils', 'update_proc_fail'));
    }
}