first commit

front/publications_fonctions.php

@@ -0,0 +1,355 @@
+<?php
+
+
+	function getUser($id){
+			
+		global $DB;	
+
+		$query = "SELECT realname as nom , firstname as prenom from glpi_users where id = {$id} ";		
+		$result = $DB->query($query);
+		$User = array(); 
+		  if ($result->num_rows > 0) {
+				 
+			   while($row = $result->fetch_assoc()) {
+				  $User[] = $row;
+				}
+				
+		   }
+		return $User[0];
+	} 
+
+	function getAllPublications(){
+			
+		global $DB;	
+		
+			
+		$query = "SELECT * from publication where is_deleted = 0 ORDER BY id_publication DESC LIMIT {$_GET['next']}, 6";		
+		$result = $DB->query($query);
+		$List = array(); 
+		  if ($result->num_rows > 0) {
+				 
+			   while($row = $result->fetch_assoc()) {
+				  $List[] = $row;
+				}
+				
+		   }
+		return $List;
+	} 
+	
+	function getPublication($id){
+			
+		global $DB;	
+			
+		$stmt = $DB->prepare('SELECT * from publication where is_deleted = 0 and id_publication = ? '); 
+		$stmt->bind_param("i", $id);
+		$stmt->execute();
+		$result = $stmt->get_result();
+		$List = array();
+		while ($row = $result->fetch_assoc()) {
+			 $List[] = $row;
+		}	
+		
+        if(count($List) > 0) return $List[0];
+		
+		return null;
+		
+	} 
+	
+	function getTopEmoj($id_publication){
+			
+		global $DB;	
+			
+		$stmt = $DB->prepare("SELECT *,count(*) FROM `publication_reactions` WHERE `id_publication`= ? and type = 'jaime' GROUP by `reaction`  
+                              ORDER BY `count(*)`  DESC LIMIT 3"); 
+		$stmt->bind_param("i", $id_publication);
+		$stmt->execute();
+		$result = $stmt->get_result();
+		$List = array();
+		while ($row = $result->fetch_assoc()) {
+			 $List[] = $row;
+		}		
+		
+		return $List;
+	} 
+	
+	function getPublicationsFiles($id){
+			
+		global $DB;	
+			
+		$stmt = $DB->prepare('SELECT * from publication_file where id_publication = ? and is_deleted = 0 '); 
+		$stmt->bind_param("i", $id);
+		$stmt->execute();
+		$result = $stmt->get_result();
+		$List = array();
+		while ($row = $result->fetch_assoc()) {
+			 $List[] = $row;
+		}	
+
+        if(count($List) > 0) return $List;		
+		
+		return null;
+	} 
+	
+	function getTotalPublications(){
+			
+		global $DB;	
+		
+			
+		$query = "SELECT count(*) as total from publication ";		
+		$result = $DB->query($query);
+		$List = array(); 
+		  if ($result->num_rows > 0) {
+				 
+			   while($row = $result->fetch_assoc()) {
+				  $List[] = $row;
+				}
+				
+		   }
+		return $List[0]['total'];
+	}
+
+	
+    //get total of jaime or comment
+	function getTotal($id ,$type){
+			
+		global $DB;	
+		
+			
+		$query = "SELECT count(*) as total from publication_reactions where id_publication = {$id} and type ='".$type."'";		
+		$result = $DB->query($query);
+		$List = array(); 
+		  if ($result->num_rows > 0) {
+				 
+			   while($row = $result->fetch_assoc()) {
+				  $List[] = $row;
+				}
+				
+		   }
+		return $List[0]['total'];
+	} 
+    
+	//get all Commentaires by id publication
+	function getCommentaires($id){
+			
+		global $DB;	
+		
+			
+		$query = "SELECT * from publication_reactions where id_publication = {$id} and type ='comment'  ORDER BY publication_reactions.id ASC";		
+		$result = $DB->query($query);
+		$List = array(); 
+		  if ($result->num_rows > 0) {
+				 
+			   while($row = $result->fetch_assoc()) {
+				  $List[] = $row;
+				}
+				
+		   }
+		return $List;
+	} 
+	
+	function isJaime($id_publication ,$id_user){
+			
+		global $DB;	
+		
+			
+		$query = "SELECT * from publication_reactions where id_publication = {$id_publication} and id_user = {$id_user}  and type='jaime' ";		
+		$result = $DB->query($query);
+		$List = array();
+		  if ($result->num_rows > 0) {
+				while($row = $result->fetch_assoc()) {
+				  $List[] = $row;
+				}
+				return $List[0]['reaction'];
+		   }
+		return false;
+	} 
+
+
+   function getUserID($idCommentaire){
+		global $DB;
+		$query = "SELECT id_user from publication_reactions where id='".(int) $idCommentaire."'";		
+							$result = $DB->query($query);
+							$List = array(); 
+							  if ($result->num_rows > 0) {
+									 
+								   while($row = $result->fetch_assoc()) {
+									  $List[] = $row;
+									}
+									
+							   }
+						   
+			return $List[0]['id_user'] ;
+	}	
+	
+	function getUserIdByPublication($idPublication){
+		global $DB;
+		
+		$stmt = $DB->prepare('SELECT id_user from publication where id_publication = ? '); 
+		$stmt->bind_param("i", $idPublication);
+		$stmt->execute();
+		$result = $stmt->get_result();
+		$List = array();
+		while ($row = $result->fetch_assoc()) {
+			 $List[] = $row;
+		}		
+		
+		return $List[0]['id_user'] ;
+	}
+	
+	 function cleanHtmlXss($text){
+			 $text  = Toolbox::unclean_html_cross_side_scripting_deep($text);
+			 $text  = html_entity_decode($text, ENT_NOQUOTES, 'UTF-8');
+			 //$text  = addslashes($text);
+			 $text  = Toolbox::clean_cross_side_scripting_deep($text);
+			 return $text;
+	 }	 
+	 
+	 function updatePublication(array $request , array $requestFiles){ 
+		 global $DB;
+		 	$userId = getUserIdByPublication($request['id_publication']);
+			if($userId == $_SESSION["glpiID"] ){	 
+				$a = !empty($request["titre"]) ? 1 : 0;	
+				$b = !empty($requestFiles['files']['name'][0]) ? 1 : 0;
+				$c = count(getPublicationsFiles($request['id_publication'])) > 0 ? 1 : 0;
+									
+				if ( ($a+ $b +$c) > 0) {				
+					 $stmt = $DB->prepare("UPDATE publication SET titre = ?  where id_publication = ? ");
+					 $stmt->bind_param("si", cleanHtmlXss($request["titre"]) , $request['id_publication']);
+					 $stmt->execute();
+					 
+					 $idsFileToDelete = $request['id_file_delete'];
+					 if(count($idsFileToDelete) > 0){ 
+						 foreach ($idsFileToDelete as $value) {echo $value;
+							 $stmt = $DB->prepare("UPDATE publication_file SET is_deleted = 1  where id_file = ? ");
+							 $stmt->bind_param("i", $value);
+							 $stmt->execute();
+						 }
+					 }
+					 
+					uploadFiles($requestFiles , $request['id_publication']);
+					 
+									
+				}	
+		    }			
+								 
+	 }
+	 
+	 
+	 function CanAddPublication(){ 
+		
+		if( $_SESSION['glpiactiveprofile']['name'] == "Super-Admin"  || 
+		    $_SESSION['glpiactiveprofile']['name'] == "Directeur RH" ||
+            $_SESSION['glpiactiveprofile']['name'] == "Charge de Communication" ) return true;
+			
+		return false;						 
+	 }
+	 
+	 function addPublication(array $request , array $requestFiles){ 
+		 global $DB;
+		 
+        if( CanAddPublication() == true){	
+		
+            $a = !empty($request["titre"]) ? 1 : 0;	
+            $b = !empty($requestFiles['files']['name'][0]) ? 1 : 0;
+			
+								
+		    if ( ($a+ $b ) > 0) {				
+				$stmt = $DB->prepare("INSERT INTO publication( id_user , titre ,date) VALUES ( ? , ? , NOW())");
+				$stmt->bind_param("is",$_SESSION["glpiID"],cleanHtmlXss($request["titre"]));
+				$stmt->execute();
+				$lastId = $DB->insert_id();
+				 				 				 
+				uploadFiles($requestFiles , $lastId);
+                 
+								
+			}
+		}			
+								 
+	 }
+	 
+	 function deletePublication(array $request){
+		 global $DB;
+		 $userId = getUserIdByPublication($request['id_publication']);
+				if($userId == $_SESSION["glpiID"] ){
+					$stmt = $DB->prepare("UPDATE publication SET is_deleted = 1  where id_publication = ? ");
+					$stmt->bind_param("i", $request['id_publication']);
+					$stmt->execute(); 
+
+					$stmt = $DB->prepare("UPDATE publication_file SET is_deleted = 1  where id_publication = ? ");
+					$stmt->bind_param("i", $request['id_publication']);
+					$stmt->execute(); 
+				}				
+	 }
+	 
+	 function uploadFiles(array $requestFiles , $id_publication){ 
+	 
+		 global $DB;
+		 
+		        $countfiles = count($requestFiles['files']['name']);
+												
+				
+				for($index = 0; $index < $countfiles;$index++){
+
+				   if(isset($requestFiles['files']['name'][$index]) && $requestFiles['files']['name'][$index] != ''){
+					  // File name
+					  $filename = $requestFiles['files']['name'][$index];
+
+					  // Get extension
+					  $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+
+					  // Valid image extension
+					  $valid_ext = array("png","jpeg","jpg");
+
+					  // Check extension
+					  if(in_array($ext, $valid_ext)){
+
+						 // File path
+						 $datetime = date("Ymdhis");
+						 $extensionToMinuscule = strtolower($ext);
+						 $path =$datetime.$index.".".$extensionToMinuscule;
+						 
+						 if(move_uploaded_file($requestFiles['files']['tmp_name'][$index],"../file_upload/".$path)){							
+                            $stmt = $DB->prepare("INSERT INTO publication_file( id_publication , type , lien ,filename ) VALUES ( ? , 'image' , ? ,? )");
+				            $stmt->bind_param("iss",$id_publication,  $path ,$filename);
+				            $stmt->execute();							
+						 }
+					  }
+				   }
+				} 
+				
+				
+		 
+	 }
+	 
+	 function addCommentaire(array $request){
+		global $DB;
+		 
+			$stmt = $DB->prepare("INSERT INTO publication_reactions( id_publication , id_user , type , commentaire ) VALUES ( ? , ? , 'comment' , ?)");
+			$stmt->bind_param("iis",$request["id_publication"],$_SESSION["glpiID"]  , cleanHtmlXss($request["commentaire"]));
+			$stmt->execute();													 		
+			header('Content-type: application/json;charset=utf-8');						 		
+			$tab = json_encode(array('id' => $DB->insert_id() , 'commentaire' => cleanHtmlXss($request["commentaire"]) ));
+			echo json_encode($tab);		 
+	 }
+	 
+	 function updateCommentaire(array $request){
+		global $DB;
+		 
+			$userId = getUserID($request['idCommentaire']);
+				if($userId == $_SESSION["glpiID"] ){
+					$stmt = $DB->prepare("UPDATE publication_reactions SET commentaire = ?  where id = ? ");
+					$stmt->bind_param("si", cleanHtmlXss($request["commentaire"]) , $request['idCommentaire']);
+					$stmt->execute();
+				 }	 
+	 }
+	 
+	 function deleteCommentaire(array $request){
+		global $DB;
+		
+		$userId = getUserID($request['idCommentaire']);
+				  if($userId == $_SESSION["glpiID"] ){
+					  $stmt = $DB->prepare("DELETE FROM `publication_reactions`  where id= ? ");
+					  $stmt->bind_param("i" , $request['idCommentaire']);
+					  $stmt->execute();				
+				  }
+	 }