diff --git a/includes/SmartLine/SmartLine.php b/includes/SmartLine/SmartLine.php
index 739623f..5e31b77 100644
--- a/includes/SmartLine/SmartLine.php
+++ b/includes/SmartLine/SmartLine.php
@@ -1,555 +1,558 @@
* SmartLine 0.1
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2007-07-28 01:36 [DcK] Initial release
* 2010-07-02 00:39 [Dck] Documentation
* @package Zed
* @subpackage SmartLine
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2007 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @link
* @filesource
* The standard, regular output (like STDOUT on POSIX systems)
if (!defined('STDOUT')) {
define('STDOUT', 1);
* The error output (like STDERR on POSIX systems)
if (!defined('STDERR')) {
define('STDERR', -1);
// SECTION Ibis - L10n
//Ensures $lang is a standard array
if (empty($lang) || !is_array($lang)) {
$lang = [];
$lang = array_merge($lang, [
'InvalidCommand' => "Invalid command %s. Use <strong>showcommands</strong> to show all commands.",
'RegisteredButNotExistingCommand' => "[CRITICAL ERROR] The command %s has correctly been registered but its method or class doesn't exist.",
'NotYetHelpForThiscommand' => "This command hasn't been documented yet.",
'DefaultHelp' => "This SmartLine is a command line interface.
<br /><br /><strong>showcommands</strong> prints the list.
<br /><strong>help &lt;command&gt;</strong> prints help for this command.",
'Help' => [
'help' => "<strong>help &lt;command&gt;</strong> prints command help.",
'showcommands' => 'show available commands'
* Error handler called during SmartLine command execution.
* Any error occurring during command execution will be set in STDERR.
* To get an array with all the errors:
* <code>$errors = $yourSmartLine->gets_all(STDERR)</code>
* Or to prints all the error:
* <code>$yourSmartLine->prints_all(STDERR)</code>
* Or to pops (gets and deletes) only the last error:
* <code>$lastError = $yourSmartLine->gets(STDERR)</code>
* @link set_error_handler, PHP manual
* @link Error handling examples, PHP manual
* @param int $level The PHP error level
* @param string $error The error description
* @param string $file The script where the error occurred
* @param int $line The line where the error occurred
function SmartLineHandler($level, $error, $file, $line) {
switch ($level) {
case E_NOTICE:
$type = 'Notice';
$type = 'Warning';
case E_ERROR:
$type = 'Error';
$type = "#$level";
$_SESSION['SmartLineOutput'][STDERR][] = "[PHP $type] $error in $file line $line.";
return true;
//SmartLineCommand is a class implementing a SmartLine command.
//If you want to create a more complex command, extends this class.
* The SmartLine command base class.
* To add a command, create an instance of the class, like:
* <code>
* class HelloWorldSmartLineCommand extends SmartLineCommand {
* public function run ($argv, $argc) {
* $this->SmartLine->puts('Hello World!');
* }
* }
* </code>
* Then, registers your command:
* <code>
* $yourSmartLine->register_object('hello', 'HelloWorldSmartLineCommand');
* </code>
* @see SmartLine::register_object
class SmartLineCommand {
* Initializes a new instance of the SmartLine Command
* @param SmartLine $SmartLine the SmartLine the command belongs
public function __construct ($SmartLine) {
$this->SmartLine = $SmartLine;
* Gets the command help text or indicates help should be fetched from $lang array
* @return string|bool a string containing the command help or the bool value false, to enable the default behavior (ie prints $lang['help']['nameOfTheCommand'])
public function help () {
return false;
* Runs the command
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
public function run ($argv, $argc) {
static protected function parseBoolean (string $arg) : bool {
return match (strtolower($arg)) {
"on", "enable", "enabled", "1", "up", "true" => true,
"off", "disable", "disabled", "0", "down", "false" => false,
default => throw new InvalidArgumentException(
"Boolean string expected, got '$arg' instead."
* The SmartLine where this instance of the command is registered
* @var SmartLine
public $SmartLine;
* This class represents a SmartLine instance
* If you use only register_object, you can use it directly.
* If you use register_method, extends this class in your SmartLine.
class SmartLine {
* Initializes a new instance of the SmartLine object.
public function __construct () {
//Assumes we've an empty array where store registered commands.
$this->commands = [];
//Let's register standard commands
$this->register_object('showcommands', 'ShowCommandsSmartLineCommand');
$this->register_object('help', 'HelpSmartLineCommand');
* Registers a private method as command.
* @param string $command The name of the command to register
* @param string $method The method to register [OPTIONAL]. If omitted, the method registered will be the method having the same name as the command.
* @param bool $useArgvArgc If true, indicates the method uses $argv, $argc as parameters. If false, indicates the method uses its parameters (default behavior). [OPTIONAL]
* @return bool true if the command have successfully been registered ; otherwise, false.
public function register_method ($command, $method = null, $useArgvArgc = false) {
if (is_null($function)) {
$method = $command;
if (!method_exists($this, $method)) {
$this->lastError = "Registration failed. Unknown method $method";
return false;
$className = ucfirst($method) . 'SmartLineCommand';
//If class exists, add a uniqid after function
while (class_exists($method)) {
$className = uniqid(ucfirst($method)) . 'SmartLineCommand';
//Creates the class
if ($useArgvArgc) {
$call = "$this->SmartLine->$method(\$argv, \$argc);";
} else {
//We don't know how many args we've, so we use call_user_func_array
$call = "array_shift(\$argv);
array(&\$this->SmartLine, '$method'),
$code = "class $className extends SmartLineCommand {
public function run (\$argv, \$argc) {
$this->register_object($command, $className);
return true;
* Registers an object extending SmartLineCommand as command.
* @param string $command The name of the command to register
* @param SmartLineCommand|string $object The object extending SmartLineCommand. This can be the name of the class (string) or an instance already initialized of the object (SmartLineCommand).
* @return bool true if the command have successfully been registered ; otherwise, false.
public function register_object ($command, $object) {
if (is_object($object)) {
//Sets SmartLine property
$object->SmartLine = $this;
} elseif (is_string($object) && class_exists($object)) {
//Creates a new instance of $object
$object = new $object($this);
} else {
$this->lastError = "Registration failed. register_object second parameter must be a class name (string) or an already initialized instance of such class (object) and not a " . gettype($object);
return false;
if (!$this->caseSensitive) {
$command = strtolower($command);
$this->commands[$command] = $object;
return true;
* Determines whether the specified command have been registered.
* @param string $command The name of the command to check
* @return true if the specified command have been registered ; otherwise, false.
public function isRegistered ($command) {
if (!$this->caseSensitive) {
$command = strtolower($command);
return array_key_exists($command, $this->commands);
* Executes the specified expression.
* If an error occurs during the command execution:
* the STDERR output will contains the errors,
* the value returned by this methods will be false.
* To execute the command and prints error:
* <code>
* $fooSmartLine = new SmartLine();
* //...
* $result = $fooSmartLine->execute($expression);
* $fooSmartLine->prints_all();
* if (!$result) {
* //Errors!
* echo "<h3>Errors</h3>";
* $fooSmartLine->prints_all(STDERR);
* }
* </code>
* @param string $expression The expression containing the command to execute
* @return bool true if the command have been successfully executed ; otherwise, false.
public function execute ($expression) {
//Does nothing if blank line
if (!$expression) {
//Prepares $argv and $argc
$argv = $this->expression2argv($expression);
$argc = count($argv);
//Gets command
$command = $this->caseSensitive ? $argv[0] : strtolower($argv[0]);
//If command doesn't exist, throws an error
if (!array_key_exists($command, $this->commands)) {
global $lang;
$this->puts(sprintf($lang['InvalidCommand'], $command), STDERR);
return false;
//Executes command, intercepting error and returns result
try {
$result = $this->commands[$command]->run($argv, $argc);
} catch (Exception $ex) {
$this->puts("<pre>$ex</pre>", STDERR);
return $result;
* Adds a message to the specified output queue.
* @param string $message the message to queue
* @param int $output The output queue (common values are STDERR and STDOUT constants). It's an optional parameter ; if omitted, the default value will be STDOUT.
public function puts ($message, $output = STDOUT) {
$_SESSION['SmartLineOutput'][$output][] = $message;
* Truncates the specified output queue.
* @param int $output The output queue (common values are STDERR and STDOUT constants). It's an optional parameter ; if omitted, the default value will be STDOUT.
public function truncate ($output = STDOUT) {
* Pops (gets and clears) the first message from the specified output queue.
* @param int $output The output queue (common values are STDERR and STDOUT constants). It's an optional parameter ; if omitted, the default value will be STDOUT.
* @return string the message
public function gets ($output = STDOUT) {
if ($this->count($output) > 0) {
return array_pop($_SESSION['SmartLineOutput'][$output]);
* Gets the number of messages in the specified output queue.
* @param int $output The output queue (common values are STDERR and STDOUT constants). It's an optional parameter ; if omitted, the default value will be STDOUT.
public function count ($output = STDOUT) {
return isset($_SESSION['SmartLineOutput'][$output])
? count($_SESSION['SmartLineOutput'][$output])
: 0;
* Gets all the message from the specified output queue.
* @param int $output The output queue (common values are STDERR and STDOUT constants). It's an optional parameter ; if omitted, the default value will be STDOUT.
* @param string $prefix The string to prepend each message with. It's an optional parameter ; if omitted, '<p>'.
* @param string $suffix The string to append each message with. It's an optional parameter ; if omitted, '</p>'.
* @return Array an array of string, each item a message from the specified output queue
public function gets_all ($output = STDOUT, $prefix = '<p>', $suffix = '</p>') {
$count = $this->count($output);
if ($count == 0) {
$buffer = "";
for ($i = 0 ; $i < $count ; $i++) {
$buffer .= $prefix . $_SESSION['SmartLineOutput'][$output][$i] . $suffix;
unset ($_SESSION['SmartLineOutput'][$output]);
return $buffer;
* Prints all the message from the specified output queue.
* @param int $output The output queue (common values are STDERR and STDOUT constants). It's an optional parameter ; if omitted, the default value will be STDOUT.
* @param string $prefix The string to prepend each message with. It's an optional parameter ; if omitted, '<p>'.
* @param string $suffix The string to append each message with. It's an optional parameter ; if omitted, '</p>'.
public function prints_all ($output = STDOUT, $prefix = '<p>', $suffix = '</p>') {
$count = $this->count($output);
if ($count == 0) {
for ($i = 0 ; $i < $count ; $i++) {
echo $prefix, $_SESSION['SmartLineOutput'][$output][$i], $suffix;
unset ($_SESSION['SmartLineOutput'][$output]);
* Gets the command help
* @param string $command The command to get help from
* @param string The command help
public function gethelp ($command) {
return $this->commands[$command]->help();
* Gets an an argv array from the specified expression
* @param string $expression The expression to transform into a argv array
* @return Array An array of string, the first item the command, the others those arguments.
private function expression2argv ($expression) {
//Checks if expression contains "
$pos1 = strpos($expression, '"');
//We isolate "subexpression"
if ($pos1 !== false) {
$pos2 = $pos1;
do {
$pos2 = strpos($expression, '"', $pos2 + 1);
} while ($pos2 !== false && ($expression[$pos2 - 1] == "\\" && $expression[$pos2 - 2] != "\\"));
if ($pos2 === false) {
//If final quote is missing, throws a warning and autoadds it.
$this->puts("[Warning] Final \" missing in $expression.", STDERR);
$argv = $this->expression2argv(substr($expression, 0, $pos1));
$argv[] = substr($expression, $pos1 + 1);
return $argv;
return array_merge(
$this->expression2argv(substr($expression, 0, $pos1)),
[substr($expression, $pos1 + 1, $pos2 - $pos1 - 1)],
$this->expression2argv(substr($expression, $pos2 + 1))
//Standard expression (ie without ")
$argv = [];
$items = explode(' ', $expression);
foreach ($items as $item) {
$item = trim($item);
if (!$item) {
//blank, we ignore
$argv[] = $item;
return $argv;
+ //The list of commands
+ public array $commands = [];
//Contains last error
public $lastError = '';
//If true, command isn't equal to Command
public $caseSensitive = true;
* These commands are available in all default smartlines instance
* The standard command "showcommands"
* This command returns a list, with all the available commands
class ShowCommandsSmartLineCommand extends SmartLineCommand {
* Runs the command
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
public function run ($argv, $argc) {
$commands = array_keys($this->SmartLine->commands);
$this->SmartLine->puts(implode(' ', $commands));
* The standard command "help"
* This command prints command help.
* Help could be defined
* in the command classes, as a return value from the help method ;
* in the $lang['Help'] array, at the command key (e.g. $lang['Help']['quux'] for the quux command).
class HelpSmartLineCommand extends SmartLineCommand {
* Runs the command
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
public function run ($argv, $argc) {
global $lang;
if ($argc == 1) {
} elseif (!$this->SmartLine->isRegistered($argv[1])) {
$this->SmartLine->puts(sprintf($lang['InvalidCommand'], str_replace(' ', '&nbsp;', $argv[1])), STDERR);
} else {
$command = strtolower($argv[1]);
if (!$help = $this->SmartLine->gethelp($command)) {
if (array_key_exists($command, $lang['Help'])) {
$help = $lang['Help'][$command];
} else {
$help = $lang['NotYetHelpForThiscommand'];
diff --git a/includes/geo/place.php b/includes/geo/place.php
index e81c941..c95c55b 100644
--- a/includes/geo/place.php
+++ b/includes/geo/place.php
@@ -1,230 +1,232 @@
* Geo place class.
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-01-28 01:48 Autogenerated by Pluton Scaffolding
* @package Zed
* @subpackage Geo
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Default local location format
* The local_location format is a PCRE regular expression
* By default, local_location format is an (x, y, z) expression
define('LOCATION_LOCAL_DEFAULT_FORMAT', '/^\([0-9]+( )*,( )*[0-9]+( )*,( )*[0-9]+\)$/');
* Geo place
* A place is a city or a hypership district.
* It's identified by a 9 chars geocode like B0001001.
* The 5 first chars indicates the body (class GeoBody) where the place is and
* the 3 last digits is the place number.
* This class maps the geo_places table.
class GeoPlace {
public $id;
public $body_code;
public $code;
public $name;
public $description;
public $location_local_format;
public $start;
public $hidden;
+ public string $lastError = "";
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
* Loads the object place (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('body_code', $_POST)) {
$this->body_code = $_POST['body_code'];
if (array_key_exists('code', $_POST)) {
$this->code = $_POST['code'];
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
if (array_key_exists('status', $_POST)) {
$this->status = $_POST['status'];
if (array_key_exists('location_local_format', $_POST)) {
$this->location_local_format = $_POST['location_local_format'];
* Loads the object place (ie fill the properties) from the database
function load_from_database () {
global $db;
$sql = "SELECT * FROM " . TABLE_PLACES . " WHERE place_id = '" . $this->id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query geo_places", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "place unknown: " . $this->id;
return false;
$this->body_code = $row['body_code'];
$this->code = $row['place_code'];
$this->name = $row['place_name'];
$this->description = $row['place_description'];
$this->location_local_format = $row['location_local_format'];
//Explodes place_status SET field in boolean variables
if ($row['place_status']) {
$flags = explode(',', $row['place_status']);
foreach ($flags as $flag) {
$this->$flag = true;
return true;
* Gets status field value
* @return string the status field value (e.g. "requiresPTA,default")
function getStatus () {
$flags = ['start', 'hidden'];
foreach ($flags as $flag) {
if ($this->$flag == true) {
$status[] = $flag;
return implode(',', $status);
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$body_code = $db->escape($this->body_code);
$code = $db->escape($this->code);
$name = $db->escape($this->name);
$description = $db->escape($this->description);
$status = $this->getStatus();
$location_local_format = $db->escape($this->location_local_format);
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_PLACES . " (`place_id`, `body_code`, `place_code`, `place_name`, `place_description`, `place_status`, `location_local_format`) VALUES ($id, '$body_code', '$code', '$name', '$description', '$status', '$location_local_format')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Determines if the specified local location looks valid
* @param string $local_location the local location
* @return boolean true if the specified local location looks valid ; otherwise, false.
function is_valid_local_location ($local_location) {
$format = $this->location_local_format ?: LOCATION_LOCAL_DEFAULT_FORMAT;
return preg_match($format, $local_location) > 0;
* Gets a string representation of the current place
* @return string A Bxxxxxyyy string like B00001001, which represents the current place.
function __tostring () {
return 'B' . $this->body_code . $this->code;
* Creates a Place instance, from the specified body/place code
* @param $code the place's code
* @return GeoPlace the place instance
static function from_code ($code) {
global $db;
$sql = "SELECT * FROM " . TABLE_PLACES . " WHERE CONCAT('B', body_code, place_code) LIKE '$code'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query geo_places", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
return null;
$place = new GeoPlace();
$place->id = $row['place_id'];
$place->body_code = $row['body_code'];
$place->code = $row['place_code'];
$place->name = $row['place_name'];
$place->description = $row['place_description'];
$place->location_local_format = $row['location_local_format'];
//Explodes place_status SET field in boolean variables
if ($row['place_status']) {
$flags = explode(',', $row['place_status']);
foreach ($flags as $flag) {
$place->$flag = true;
return $place;
* Gets a start location
* @return string The global location code of a start location
* @TODO sql optimisation (query contains ORDER BY RAND())
static function get_start_location () {
global $db;
$sql = "SELECT CONCAT('B', body_code, place_code) FROM " . TABLE_PLACES . " WHERE FIND_IN_SET('start', place_status) > 0 ORDER BY rand() LIMIT 1";
return $db->queryScalar($sql);
diff --git a/includes/geo/scene.php b/includes/geo/scene.php
index 391a6bc..32c0fb6 100644
--- a/includes/geo/scene.php
+++ b/includes/geo/scene.php
@@ -1,213 +1,213 @@
* Geo scene class.
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* @package Zed
* @subpackage Geo
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
if (!defined('SCENE_DIR')) {
* The directory containing scenes files
define('SCENE_DIR', 'content/scenes');
* Geo scene class
* This class provides methods to determine and renders the local scene.
class GeoScene {
* Last error or warning
* @var string
- public $lastError;
+ public $lastError = "";
* File scene to serve
* @var string
public $sceneFile;
* The location of the scene to print
* @var GeoLocation
public $location;
* Initializes a new GeoScene instance
* @param GeoLocation $location location the scene is to print
function __construct ($location) {
$this->location = $location;
//Gets local scene
if ($location->containsLocalLocation) {
if ($this->get_local_scene()) {
//Gets global scene
if ($location->containsGlobalLocation) {
if ($this->get_global_scene()) {
//If not scene found, let's set a warning
$this->lastError = "No scene found.";
* Gets local scene
* @return boolean true if a scene have been found ; otherwise, false.
private function get_local_scene () {
//From the index
$index = GeoSceneIndex::Load(SCENE_DIR);
if ($tpl = $index->get_local_template($this->location->global, $this->location->local)) {
$this->sceneFile = SCENE_DIR . '/' . $tpl;
return true;
//From filename
$expression = $this->location->global . ' ' . $this->location->local;
if ($this->try_get_scene($expression)) {
return true;
return false;
* Gets global scene
* @return boolean true if a scene have been found ; otherwise, false.
private function get_global_scene () {
$location = $this->location;
if ($location->place) {
if ($this->try_get_scene($location->global)) {
return true;
if ($location->body) {
if ($this->try_get_scene('B' . $location->body->code)) {
return true;
return false;
* Gets file extension
* @param string $file the file path
* @return string the file extension
public static function get_file_extension (string $file) : string {
$pathinfo = pathinfo($file);
return $pathinfo['extension'] ?? "";
* Renders the file
* @todo Add standard code to render .swf Flash/ShockWave files.
public function render () {
if ($file = $this->sceneFile) {
switch ($ext = GeoScene::get_file_extension($file)) {
case 'png':
case 'jpg':
case 'gif':
case 'bmp':
echo "<img src=\"$file\" />";
case 'tpl':
global $smarty, $Config;
//$this->location is the object reference
//Some objects like the hypership move, so we also need to know where there are.
//From the template, this object location is assigned to $location
//To get $this->location from template, use $CurrentPerso->location
if ($this->location->body) {
$smarty->assign("location", new GeoLocation($this->location->body->location));
} elseif ($this->location->ship) {
$smarty->assign("location", new GeoLocation($this->location->ship->location));
//Gets zone information
if ($zone = ContentZone::at($this->location->global, $this->location->local)) {
$smarty->assign('zone', $zone);
//Scene-specific variables
$smarty->assign("SCENE_URL", defined('SCENE_URL') ? SCENE_URL : '/' . SCENE_DIR);
if ($Config['builder']['hotglue']['enable']) {
$smarty->assign("HOTGLUE", $Config['builder']['hotglue']['URL']);
lang_load('scenes.conf', $this->location->global);
//Displays scene
case 'php':
message_die(HACK_ERROR, ".php scene files not allowed without review", '', __LINE__, __FILE__);
message_die(GENERAL_ERROR, "Can't handle $ext extension for $file scene", 'GeoScene render error', __LINE__, __FILE__);
echo "\n\n";
* Tries to get the scene file.
* It will tries to find in the scene directory a file with $code as name,
* and .tpl .png .gif .bmp .swf .html or .php as extension.
* @param string the location code (and filename)
* @return bool true if a scene file have been found and set ; otherwise, false.
private function try_get_scene ($code) {
$file = SCENE_DIR . "/$code";
$extensions = ['tpl', 'png', 'jpg', 'gif', 'bmp', 'swf', 'html', 'php'];
foreach ($extensions as $ext) {
if (file_exists("$file.$ext")) {
$this->sceneFile = "$file.$ext";
return true;
return false;
diff --git a/includes/objects/application.php b/includes/objects/application.php
index 99883d9..2849508 100644
--- a/includes/objects/application.php
+++ b/includes/objects/application.php
@@ -1,190 +1,192 @@
* Application class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-02-10 02:40 Autogenerated by Pluton Scaffolding
* Some API bits
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Application class
* This class maps the Application table.
* This class also provides methods application API helper methods, to generate
* an application user key or to gets the perso ID from such a key.
class Application {
public $id;
public $code;
public $name;
public $api_key;
public $description;
+ public string $lastError = "";
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
* Loads the object Application (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('code', $_POST)) {
$this->code = $_POST['code'];
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
if (array_key_exists('api_key', $_POST)) {
$this->api_key = $_POST['api_key'];
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
* Loads the object Application (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM applications WHERE application_id = '" . $id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query applications", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Application unknown: " . $this->id;
return false;
$this->code = $row['application_code'];
$this->name = $row['application_name'];
$this->api_key = $row['api_key'];
$this->description = $row['application_description'];
return true;
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$code = $db->escape($this->code);
$name = $db->escape($this->name);
$api_key = $db->escape($this->api_key);
$description = $db->escape($this->description);
//Updates or inserts
$sql = "REPLACE INTO applications (`application_id`, `application_code`, `application_name`, `api_key`, `application_description`) VALUES ($id, '$code', '$name', '$api_key', '$description')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* ----------------------------------------------------------------------- *
* Application API methods
* ----------------------------------------------------------------------- *
* Loads an Application object from its API key
* @param string Application API key GUID
* @return Application the application matching the API key
static function from_api_key ($key) {
global $db;
$key = $db->escape($key);
$sql = "SELECT * FROM applications WHERE api_key = '" . $key . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query applications", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
return null;
//Fills app information
$app = new Application();
$app->id = $row['application_id'];
$app->code = $row['application_code'];
$app->name = $row['application_name'];
$app->api_key = $row['api_key'];
$app->description = $row['application_description'];
return $app;
* Gets the perso ID from an application user key
* @param string $userkey User application key GUID
* @return int the perso ID
function get_perso_id ($userkey) {
global $db;
$id = $db->escape($this->id);
$userkey = $db->escape($userkey);
$sql = "SELECT perso_id FROM applications_userkeys WHERE api_userkey = '$userkey' AND application_id = '$id'";
return $db->queryScalar($sql);
* Generates a key for the specified perso and current application.
* @param int $perso_id The perso ID
* @param string $userkey User application key GUID (optional)
* @return Application User application key GUID
function generate_userkey ($perso_id = null, $userkey = null) {
global $CurrentPerso;
//Ensures we've a key and someone to be assigned it
if ($userkey === null) {
$userkey = new_guid();
$perso = ($perso_id === null) ? $CurrentPerso : Perso::get($perso_id);
//Saves key
$perso->set_flag('' . $this->id, $userkey);
//Returns it
return $userkey;
diff --git a/includes/objects/content.php b/includes/objects/content.php
index 06602d0..aaaee92 100644
--- a/includes/objects/content.php
+++ b/includes/objects/content.php
@@ -1,343 +1,345 @@
* Content class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-02-24 15:57 Autogenerated by Pluton Scaffolding
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* @deprecated
* Content class
* This class maps the content view.
* This view shows the content_files and content_locations tables.
* This class also provides helper methods, to handle files, generate thumbnails
* or get local content from a specific location.
* [DESIGN BY CONTRACT] This class works only with the following assertions:
* i. Each content have EXACTLY ONE location
* ii. Location fields will not be modified
* If a content have more than one location, only the first occurrence in
* content_locations table will be considered.
* If a content have no location, it will be ignored.
* If you edit content location, then call saveToDatabase, you will create
* a new location but future instances will contain first not deleted location.
* @todo remove dbc temporary limitations (cf. /do.php upload_content and infra)
* @todo create a class ContentLocation and move location fields there
* @todo validate SQL schema and add in config.php TABLE_CONTENT tables
* @deprecated
class Content {
/* -------------------------------------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
public $id;
public $path;
public $user_id;
public $perso_id;
public $title;
public $location_global = null;
public $location_local = null;
public $location_k = null;
public $perso_name;
public $perso_nickname;
+ public string $lastError = "";
/* -------------------------------------------------------------
Constructor, __toString
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
* Initializes a new Content instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
* Returns a string representation of current Content instance
* @return string the content title or path if title is blank.
function __toString () {
return $this->title ?: $this->path;
/* -------------------------------------------------------------
Load/save class
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
* Loads the object Content (ie fill the properties) from the $_POST array
* @param boolean $allowSensibleFields if false, allow only location_local, location_k and title to be defined ; otherwise, allow all fields.
function load_from_form ($allowSensibleFields = false) {
if (array_key_exists('title', $_POST)) {
$this->title = $_POST['title'];
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
if (array_key_exists('location_k', $_POST)) {
$this->location_k = $_POST['location_k'];
if ($allowSensibleFields) {
if (array_key_exists('path', $_POST)) {
$this->path = $_POST['path'];
if (array_key_exists('user_id', $_POST)) {
$this->user_id = $_POST['user_id'];
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
* Loads the object Content (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM content WHERE content_id = '" . $id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query content", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Content unknown: " . $this->id;
return false;
return true;
* Loads the object from row
function load_from_row ($row) {
$this->id = $row['content_id'];
$this->path = $row['content_path'];
$this->user_id = $row['user_id'];
$this->perso_id = $row['perso_id'];
$this->title = $row['content_title'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->location_k = $row['location_k'];
if (array_key_exists('perso_name', $row)) {
$this->perso_name = $row['perso_name'];
if (array_key_exists('perso_nickname', $row)) {
$this->perso_nickname = $row['perso_nickname'];
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$path = $db->escape($this->path);
$user_id = $db->escape($this->user_id);
$perso_id = $db->escape($this->perso_id);
$title = $db->escape($this->title);
$location_global = ($this->location_global !== null) ? "'" . $db->escape($this->location_global) . "'" : 'NULL';
$location_local = ($this->location_local !== null) ? "'" . $db->escape($this->location_local) . "'" : 'NULL';
$location_k = ($this->location_k !== null) ? "'" . $db->escape($this->location_k) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO content_files (`content_id`, `content_path`, `user_id`, `perso_id`, `content_title`) VALUES ($id, '$path', '$user_id', '$perso_id', '$title')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save content", '', __LINE__, __FILE__, $sql);
if (!$this->id) {
//Gets new record id value
$this->id = $db->nextId();
//Saves location
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$sql = "REPLACE INTO content_locations (location_global, location_local, location_k, content_id) VALUES ($location_global, $location_local, $location_k, $id)";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save content location", '', __LINE__, __FILE__, $sql);
/* -------------------------------------------------------------
File handling helper methods
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
* Determines if the extension is valid
* @param string $ext The extension (without dot)
* @return boolean true if this extension is valid ; otherwise, false.
public static function is_valid_extension ($ext) {
return match (strtolower($ext)) {
'jpg', 'gif', 'png', 'bmp', 'xbm' => true,
default => false,
* Creates a directory
* @param string $dir the directory to create
function create_directory ($directory) {
if (!file_exists($directory)) {
@mkdir($directory); //Creates new directory, chmod 777
* Handles uploaded file
* @return bool true if the file have been handled
function handle_uploaded_file ($fileArray) {
if (!is_array($fileArray) || $fileArray['error'] != 0) {
return false;
$this->path = $this->getLogicalPath($fileArray["name"]);
if (!self::is_valid_extension(get_extension($this->path))) {
return false;
$storagePath = $this->getStoragePath();
if (move_uploaded_file($fileArray['tmp_name'], $storagePath)) {
return true;
return false;
* @return string The storage path for this file on disk
function getStoragePath () : string {
$storageDir = CONTENT_USERS_DIR . "/" . $this->user_id;
$logicalDir = 'content/users/' . $this->user_id;
if (!str_starts_with($this->path, $logicalDir)) {
throw new InvalidArgumentException(<<<EOF
Logical path is '$this->path', but should start with '$logicalDir'.
return str_replace($logicalDir, $storageDir, $this->path);
* @param string $name The final destination filename
* @return string The URL to use to serve the file.
function getLogicalPath (string $name) : string {
return "content/users/$this->user_id/$name";
* Generates a thumbnail using ImageMagick binary
* @return boolean true if the thumbnail command returns 0 as program exit code ; otherwise, false
function generate_thumbnail () {
global $Config;
//Builds thumbnail filename
$sourceFile = $this->getStoragePath();
$pos = strrpos($this->path, '.');
$thumbnailFile = substr($sourceFile, 0, $pos) . 'Square' . substr($sourceFile, $pos);
//Executes imagemagick command
$command = $Config['ImageMagick']['convert'] . " \"$sourceFile\" -resize 162x162 \"$thumbnailFile\"";
@system($command, $code);
//Returns true if the command have exited with errorcode 0 (= ok)
return ($code == 0);
/* -------------------------------------------------------------
Gets content
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
* Gets content at specified location
* @param string $location_global global content location
* @param string $location_local local content location
* @return Array array of Content instances
static function get_local_content ($location_global, $location_local) {
global $db;
//Get contents at this location
$location_global = $db->escape($location_global);
$location_local = $db->escape($location_local);
$sql = "SELECT c.*, p.perso_nickname, p.perso_name FROM content c, persos p WHERE c.location_global = '$location_global' AND c.location_local = '$location_local' AND p.perso_id = c.perso_id ORDER BY location_k ASC";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get content", '', __LINE__, __FILE__, $sql);
//Fills content array
$contents = [];
while ($row = $db->fetchRow($result)) {
$content = new Content();
$contents[] = $content;
return $contents;
diff --git a/includes/objects/invite.php b/includes/objects/invite.php
index f6b40ff..a2cc4d6 100644
--- a/includes/objects/invite.php
+++ b/includes/objects/invite.php
@@ -1,197 +1,199 @@
* User invite class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-06-29 02:13 Initial version [DcK]
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* User invite class
* This class maps the users_invites table.
class Invite {
public $code;
public $date;
public $from_user_id;
public $from_perso_id;
+ public string $lastError = "";
* The user_id who have been claimed the invite
* Will be NULL as long as the invite haven't been claimed
* @var int
public $to_user_id = null;
* Initializes a new instance
* @param int $code the primary key
function __construct ($code = null) {
if ($code) {
$this->code = $code;
} else {
//New invite code
$this->date = time();
* Generates a unique invite code and sets it in the code property.
function generate_code () {
global $db;
do {
$this->code = generate_random_string("AAA111");
$sql = "SELECT COUNT(*) FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$this->code' LOCK IN SHARE MODE;";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
$row = $db->fetchRow($result);
} while ($row[0]);
* Loads the object Invite (ie fill the properties) from the database
function load_from_database () {
global $db;
$code = $db->escape($this->code);
$sql = "SELECT * FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '" . $code . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query invite codes", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Invite code unknown: " . $this->code;
return false;
$this->code = $row['invite_code'];
$this->date = $row['invite_date'];
$this->from_user_id = $row['invite_from_user_id'];
$this->from_perso_id = $row['invite_from_perso_id'];
$this->to_user_id = $row['invite_to_user_id'];
return true;
* Determines whether the current invite code have been claimed by an user.
* @return true if the code have been claimed ; otherwise, false.
function is_claimed () {
return (bool)$this->to_user_id;
* Saves to database
function save_to_database () {
global $db;
$code = $db->escape($this->code);
$date = $db->escape($this->date);
$from_user_id = $db->escape($this->from_user_id);
$from_perso_id = $db->escape($this->from_perso_id);
$to_user_id = $this->to_user_id ? "'" . $db->escape($this->to_user_id) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_USERS_INVITES . " (`invite_code`, `invite_date`, `invite_from_user_id`, `invite_from_perso_id`, `invite_to_user_id`) VALUES ('$code', '$date', '$from_user_id', '$from_perso_id', $to_user_id)";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save invite code", '', __LINE__, __FILE__, $sql);
* Deletes the invite
function delete () {
global $db;
$code = $db->escape($this->code);
$sql = "DELETE FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$code'";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save delete code", '', __LINE__, __FILE__, $sql);
* Creates an invite code
* @param int $user_id user id
* @param int $perso_id perso id
* @return string the invite code
static function create ($user_id, $perso_id) {
$invite = new Invite();
$invite->from_perso_id = $perso_id;
$invite->from_user_id = $user_id;
return $invite->code;
* Gets invites generated by the specified perso ID
* @param int $perso_id the perso whom to get the invites
* @return Array an array of string, each line being an invite code
static function get_invites_from ($perso_id) {
global $db;
$sql = "SELECT invite_code FROM " . TABLE_USERS_INVITES
. " WHERE invite_from_perso_id = $perso_id AND invite_to_user_id IS NULL ORDER BY invite_date ASC";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
$codes = [];
while ($row = $db->fetchRow($result)) {
$codes[] = $row['invite_code'];
return $codes;
* Gets the perso ID who invited the specified perso
* @param int $perso_id the perso whom to get the invites
* @return int|null the perso whom to get the invites ; or null, if nobody have invited him
static function who_invited ($perso_id) {
global $db;
$perso = Perso::get($perso_id);
if ($user_id = $perso->user_id) {
$sql = "SELECT invite_from_perso_id FROM " . TABLE_USERS_INVITES . " WHERE invite_to_user_id = '$user_id'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
if ($row = $db->fetchRow($result)) {
return $row[0];
return null;
diff --git a/includes/objects/message.php b/includes/objects/message.php
index 985bd4c..c8dc343 100644
--- a/includes/objects/message.php
+++ b/includes/objects/message.php
@@ -1,170 +1,172 @@
* Message class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-01-28 01:47 Autogenerated by Pluton Scaffolding
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Message class
* This class maps the messages table.
* It also provides a static method to get perso's messages.
class Message {
public $id;
public $date;
public $from;
public $to;
public $text;
public $flag;
+ public string $lastError = "";
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
} else {
$this->date = time();
$this->flag = 0; //unread
* Loads the object Message (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
if (array_key_exists('from', $_POST)) {
$this->from = $_POST['from'];
if (array_key_exists('to', $_POST)) {
$this->to = $_POST['to'];
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
if (array_key_exists('flag', $_POST)) {
$this->flag = $_POST['flag'];
* Loads the object Message (ie fill the properties) from the database
function load_from_database () {
global $db;
$sql = "SELECT * FROM messages WHERE message_id = '" . $this->id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query messages", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Message unknown: " . $this->id;
return false;
$this->date = $row['message_date'];
$this->from = $row['message_from'];
$this->to = $row['message_to'];
$this->text = $row['message_text'];
$this->flag = $row['message_flag'];
return true;
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$date = $db->escape($this->date);
$from = $db->escape($this->from);
$to = $db->escape($this->to);
$text = $db->escape($this->text);
$flag = $db->escape($this->flag);
//Updates or inserts
$sql = "REPLACE INTO messages (`message_id`, `message_date`, `message_from`, `message_to`, `message_text`, `message_flag`) VALUES ($id, '$date', '$from', '$to', '$text', '$flag')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Sends the message
function send () {
//TODO: triggers new message notifier
* Deletes the message
function delete () {
//A message is deleted if its flag value is 2
if ($this->flag != 2) {
$this->flag = 2;
* Gets messages from the specified perso
static function get_messages ($perso_id, $mark_as_read = true, &$countNewMessages = 0) {
global $db;
$ids = [];
$sql = "SELECT message_id FROM " . TABLE_MESSAGES . " WHERE message_to = " . $db->escape($perso_id) . " AND message_flag < 2 ORDER BY message_id DESC";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get messages", '', __LINE__, __FILE__, $sql);
$messages = [];
while ($row = $db->fetchRow($result)) {
$message = new Message($row[0]);
$messages[] = $message;
$ids[] = $message->id;
if ($message->flag == 0) {
//New message
if ($mark_as_read && count($ids)) {
$ids = join(', ', $ids);
$sql = "UPDATE " . TABLE_MESSAGES . " SET message_flag = '1' WHERE message_id IN ($ids)";
return $messages;
diff --git a/includes/objects/motd.php b/includes/objects/motd.php
index 3684b2f..ef8bac3 100644
--- a/includes/objects/motd.php
+++ b/includes/objects/motd.php
@@ -1,101 +1,103 @@
* MOTD class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-02-03 21:11 Import from Azhàr code
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* MOTD class
* This class maps the motd table.
class MOTD {
public $id;
public $perso_id;
public $text;
public $date;
+ public string $lastError = "";
* Initializes a new instance of a MOTD object
* @param int $id The MOTD ID
function __construct ($id = '') {
if ($id) {
$this->id = $id;
return $this->load_from_database();
} else {
$this->date = time();
return true;
* Loads the object MOTD (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('perso_id', $_POST)) {
$this->user_id = $_POST['user_id'];
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
* Loads the object MOTD (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_MOTD . " WHERE motd_id = '" . $id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_motd", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "MOTD unknown: " . $this->id;
return false;
$this->perso_id = $row['perso_id'];
$this->text = $row['motd_text'];
$this->date = $row['motd_date'];
return true;
* Saves the object to the database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$perso_id = $db->escape($this->perso_id);
$text = $db->escape($this->text);
$date = $db->escape($this->date);
$sql = "REPLACE INTO " . TABLE_MOTD . " (`motd_id`, `perso_id`, `motd_text`, `motd_date`) VALUES ($id, '$perso_id', '$text', '$date')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
diff --git a/includes/objects/perso.php b/includes/objects/perso.php
index ada9027..2b6459a 100644
--- a/includes/objects/perso.php
+++ b/includes/objects/perso.php
@@ -1,610 +1,612 @@
* Perso class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-01-27 00:39 Autogenerated by Pluton Scaffolding
* 0.2 2010-01-29 14:39 Adding flags support
* 0.3 2010-02-06 17:50 Adding static perso hashtable
* 0.4 2012-07-04 11:37 Refactoring: moving code from index.php
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010, 2012 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Perso class
* This class maps the persos table.
* The class also provides methods
* to move or locate a perso,
* to gets and sets perso's flags and notes (tables persos_flags and persos_notes),
* to gets user's perso or check if a perso is online,
* to handle on select and logout events.
class Perso {
public $id;
public $user_id;
public $name;
public $nickname;
public $race;
public $sex;
public $avatar;
+ public $location;
public $location_global;
public $location_local;
public $flags;
- public $lastError;
+ public string $lastError = "";
public static $hashtable_id = [];
public static $hashtable_name = [];
* Initializes a new instance
* @param mixed $data perso ID or nickname
function __construct ($data = null) {
if ($data) {
if (is_numeric($data)) {
$this->id = $data;
} else {
$this->nickname = $data;
if (!$this->load_from_database()) {
message_die(GENERAL_ERROR, $this->lastError, "Can't authenticate perso");
} else {
* Initializes a new Perso instance if needed or get already available one.
* @param mixed $data perso ID or nickname
* @return Perso the perso instance
static function get ($data = null) : Perso {
if ($data) {
//Checks in the hashtables if we already have loaded this instance
if (is_numeric($data)) {
if (array_key_exists($data, Perso::$hashtable_id)) {
return Perso::$hashtable_id[$data];
} else {
if (array_key_exists($data, Perso::$hashtable_name)) {
return Perso::$hashtable_name[$data];
return new Perso($data);
* Loads the object Perso (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('user_id', $_POST)) {
$this->user_id = $_POST['user_id'];
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
if (array_key_exists('nickname', $_POST)) {
$this->nickname = $_POST['nickname'];
if (array_key_exists('race', $_POST)) {
$this->race = $_POST['race'];
if (array_key_exists('sex', $_POST)) {
$this->sex = $_POST['sex'];
if (array_key_exists('avatar', $_POST)) {
$this->avatar = $_POST['avatar'];
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
* Loads the object Perso (ie fill the properties) from the database
function load_from_database () {
global $db;
//Gets perso
if ($this->id) {
$id = $db->escape($this->id);
$sql .= " WHERE perso_id = '" . $id . "'";
} else {
$nickname = $db->escape($this->nickname);
$sql .= " WHERE perso_nickname = '" . $nickname . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query persos", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Perso unknown: " . $this->id;
return false;
$this->id = $row['perso_id'];
$this->user_id = $row['user_id'];
$this->name = $row['perso_name'];
$this->nickname = $row['perso_nickname'];
$this->race = $row['perso_race'];
$this->sex = $row['perso_sex'];
$this->avatar = $row['perso_avatar'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
//Gets flags
$sql = "SELECT flag_key, flag_value FROM " . TABLE_PERSOS_FLAGS .
" WHERE perso_id = $this->id";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get flags", '', __LINE__, __FILE__, $sql);
while ($row = $db->fetchRow($result)) {
$this->flags[$row["flag_key"]] = $row["flag_value"];
//Gets location
$this->location = new GeoLocation(
//Puts object in hashtables
Perso::$hashtable_id[$this->id] = $this;
Perso::$hashtable_name[$this->nickname] = $this;
return true;
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$user_id = $db->escape($this->user_id);
$name = $db->escape($this->name);
$nickname = $db->escape($this->nickname);
$race = $db->escape($this->race);
$sex = $db->escape($this->sex);
$avatar = $db->escape($this->avatar);
$location_global = $this->location_global ? "'" . $db->escape($this->location_global) . "'" : 'NULL';
$location_local = $this->location_local ? "'" . $db->escape($this->location_local) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_PERSOS . " (`perso_id`, `user_id`, `perso_name`, `perso_nickname`, `perso_race`, `perso_sex`, `perso_avatar`, `location_global`, `location_local`) VALUES ($id, '$user_id', '$name', '$nickname', '$race', '$sex', '$avatar', $location_global, $location_local)";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Updates the specified field in the database record
* @param string $field The field to save
function save_field ($field) {
global $db;
if (!$this->id) {
message_die(GENERAL_ERROR, "You're trying to update a perso record not yet saved in the database: $field");
$id = $db->escape($this->id);
$value = $db->escape($this->$field);
$sql = "UPDATE " . TABLE_PERSOS . " SET `$field` = '$value' WHERE perso_id = '$id'";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
* Gets perso location
* @return string The location names
public function where () {
return $this->location->__toString();
* Moves the perso to a new location
* @param string $global the global target location
* @param string $global the local target location
public function move_to ($global = null, $local = null) {
//Sets global location
if ($global != null) {
$this->location_global = $global;
//Sets local location
if ($local != null) {
$this->location_local = $local;
//Updates database record
if ($global != null && $local != null) {
global $db;
$perso_id = $db->escape($this->id);
$g = $db->escape($this->location_global);
$l = $db->escape($this->location_local);
" SET location_global = '$g', location_local = '$l'" .
" WHERE perso_id = '$perso_id'";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save new $global $local location.", '', __LINE__, __FILE__, $sql);
} elseif ($global != null) {
} elseif ($local != null) {
//Updates location member
$this->location = new GeoLocation(
* Gets the specified flag value
* @param string $key flag key
* @param mixed $defaultValue default value if the flag doesn't exist
* @return mixed the flag value (string) or null if not existing
public function get_flag ($key, $defaultValue = null) {
return $this->flag_exists($key) ? $this->flags[$key] : $defaultValue;
* Determines if the specified flag exists
* @param string $key the flag key to check
* @return boolean true if the specified flag exists ; otherwise, false.
public function flag_exists ($key) {
return array_key_exists($key, $this->flags);
* Sets the specified flag
* @param string $key flag key
* @param string $value flag value (optional, default value: 1)
public function set_flag ($key, $value = 1) {
//Checks if flag isn't already set at this value
if ($this->flags != null && array_key_exists($key, $this->flags) && $this->flags[$key] === $value) {
//Saves flag to database
global $db;
$id = $db->escape($this->id);
$key = $db->escape($key);
$value = $db->escape($value);
$sql = "REPLACE " . TABLE_PERSOS_FLAGS . " SET perso_id = '$id', flag_key = '$key', flag_value = '$value'";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save flag", '', __LINE__, __FILE__, $sql);
//Sets flag in this perso instance
$this->flags[$key] = $value;
* Deletes the specified flag
* @param string $key flag key
public function delete_flag ($key) {
global $db;
if (!array_key_exists($key, $this->flags)) {
$id = $db->escape($this->id);
$key = $db->escape($key);
" WHERE flag_key = '$key' AND perso_id = '$id' LIMIT 1";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete flag", '', __LINE__, __FILE__, $sql);
* Ensures the current perso have the specified flag or exits.
* @param string $flag the flag to assert
* @param int $threshold value the flags must strictly be greater than (optional, the default value is 0)
* Example:
* <code>
* $perso->set_flag('', 1);
* //The perso wants to read quux, which we allow with the flag
* $perso->request_flag(''); //will be okay
* //The perso wants also to write quux, which we all allow if = 2
* //The threshold will so be 1, as 2 > 1
* $perso->request_flag('', 1); //Will exits, with a "You don't have permission" message
* </code>
public function request_flag ($flag, $threshold = 0) {
if (!array_key_exists($flag, $this->flags) || $this->flags[$flag] <= $threshold) {
message_die(HACK_ERROR, "You don't have $flag permission.", "Permissions");
* Gets the specified note
* @param string $code the note code
* @return string the note content
public function get_note ($code) {
global $db;
$id = $db->escape($this->id);
$code = $db->escape($code);
$sql = "SELECT note_text FROM " . TABLE_PERSOS_NOTES . " WHERE perso_id = '$id' AND note_code LIKE '$code'";
return $db->queryScalar($sql);
* Sets the specified note
* @param string $code the note code
* @param string $text the note content
public function set_note ($code, $text) {
global $db;
$id = $db->escape($this->id);
$code = $db->escape($code);
$text = $db->escape($text);
$sql = "REPLACE INTO " . TABLE_PERSOS_NOTES . " (perso_id, note_code, note_text) VALUES ('$id', '$code', '$text')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save note", '', __LINE__, __FILE__, $sql);
* Counts the amount of notes the perso have saved
* @return int the amount of notes assigned to the this perso
public function count_notes () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS_NOTES . " WHERE perso_id = '$id'";
return $db->queryScalar($sql);
* Determines if the specified ID is available
* @param integer $id The perso ID to check
* @return boolean true if the specified ID is available ; otherwise, false
public static function is_available_id ($id) {
global $db;
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access users table", '', __LINE__, __FILE__, $sql);
$row = $db->fetchRow($result);
return ($row[0] == 0);
* Generates a unique ID for the current object
private function generate_id () {
do {
$this->id = rand(2001, 5999);
} while (!Perso::is_available_id($this->id));
* Checks if the nickname is available
* @param string $nickname the nickname to check
public static function is_available_nickname ($nickname) {
global $db;
$nickname = $db->escape($nickname);
$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE perso_nickname LIKE '$nickname' LOCK IN SHARE MODE;";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
$row = $db->fetchRow($result);
return ($row[0] == 0);
* Counts the perso a user have
* @param int user_id the user ID
* @return int the user's perso count
public static function get_persos_count ($user_id) : int {
global $db;
$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE user_id = $user_id";
return (int)$db->queryScalar($sql);
* Gets an array with all the perso of the specified user
* @param int $user_id the user ID
public static function get_persos (int $user_id) : array {
global $db;
$user_id = $db->escape($user_id);
$sql = "SELECT perso_id FROM " . TABLE_PERSOS . " WHERE user_id = $user_id";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get persos", '', __LINE__, __FILE__, $sql);
$persos = [];
while ($row = $db->fetchRow($result)) {
$persos[] = Perso::get($row['perso_id']);
return $persos;
* Gets the first perso a user have
* (typically to be used when get_persos_count returns 1 to autoselect)
* @param int user_id the user ID
public static function get_first_perso ($user_id) {
global $db;
$sql = "SELECT perso_id FROM " . TABLE_PERSOS ." WHERE user_id = $user_id LIMIT 1";
if ($perso_id = $db->queryScalar($sql)) {
return new Perso($perso_id);
* Determines whether the perso is online
* @return bool true if the perso is online ; otherwise, false.
public function is_online () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT MAX(online) FROM " . TABLE_SESSIONS ." WHERE perso_id = $id";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query the table", '', __LINE__, __FILE__, $sql);
$row = $db->fetchRow($result);
return ($row[0] == 1);
* This event method is called when the user selects a new perso
public function on_select () {
set_info('perso_id', $this->id);
$this->set_flag("site.lastlogin", $_SERVER['REQUEST_TIME']);
define("PersoSelected", true);
* This event method is called when the user logs off its account or perso
public function on_logout () {
//Clears perso information in $_SESSION and session table
set_info('perso_id', null);
* This event method is called when the perso is created
public function on_create () {
//Notifies host
* Creates a new perso, from a parameter form
* @param User $user The user to attach the perso to
* @param Perso $perso A reference to the created perso (don't initialize it, give it a null value)
* @param array $errors A reference to the arrays containing errors (should be an empty array, or the method will always return false)
* @return boolean true if the perso has ben created ; otherwise, false
public static function create_perso_from_form (User $user, &$perso, &$errors) {
$perso = new Perso();
$perso->user_id = $user->id;
//Validates forms
if (!$perso->name) {
$errors[] = lang_get("NoFullnameSpecified");
if (!$perso->race) {
$errors[] = lang_get("NoRaceSpecified");
$perso->race = "being";
if (!$perso->sex) {
$errors[] = lang_get("NoSexSpecified");
if (!$perso->nickname) {
$errors[] = lang_get("NoNicknameSpecified");
} elseif (!Perso::is_available_nickname($perso->nickname)) {
$errors[] = lang_get("UnavailableNickname");
if (count($errors)) {
return false;
//Creates perso
return true;
* Notifies the person having invited this perso
public function notify_inviter() {
$message = new Message();
$message->from = 0;
$message->to = invite::who_invited($this->id);
$message->text = sprintf(
get_server_url() . get_url('who', $this->nickname)
diff --git a/includes/objects/port.php b/includes/objects/port.php
index a43d168..3d24223 100644
--- a/includes/objects/port.php
+++ b/includes/objects/port.php
@@ -1,211 +1,213 @@
* Port class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-02-09 19:17 Autogenerated by Pluton Scaffolding
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Port class
* This class maps the ports table.
* The class also provides helper methods to handle ports at specified location.
class Port {
public $id;
public $location_global;
public $location_local;
public $name;
public $hidden;
public $requiresPTA;
public $default;
+ public string $lastError = "";
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
* Loads the object Port (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
if (array_key_exists('hidden', $_POST)) {
$this->hidden = (bool)$_POST['hidden'];
if (array_key_exists('requiresPTA', $_POST)) {
$this->requiresPTA = (bool)$_POST['requiresPTA'];
if (array_key_exists('default', $_POST)) {
$this->hidden = (bool)$_POST['default'];
* Loads the object Port (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_PORTS . " WHERE port_id = '" . $id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query ports", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Port unknown: " . $this->id;
return false;
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->name = $row['port_name'];
//Explodes place_status SET field in boolean variables
if ($row['place_status']) {
$flags = explode(',', $row['port_status']);
foreach ($flags as $flag) {
$this->$flag = true;
return true;
* Gets status field value
* @return string the status field value (e.g. "requiresPTA,default")
function getStatus () {
$flags = ['hidden', 'requiresPTA', 'default'];
foreach ($flags as $flag) {
if ($this->$flag) {
$status[] = $flag;
return implode(',', $status);
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$location_global = $db->escape($this->location_global);
$location_local = $db->escape($this->location_local);
$name = $db->escape($this->name);
$status = $this->getStatus();
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_PORTS . " (`port_id`, `location_global`, `location_local`, `port_name`, `port_status`) VALUES ($id, '$location_global', '$location_local', '$name', '$status')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Determines if the specified location have a port
* @param string $location_global the global location
* @return boolean true if there is a spatioport exactly at the specified location ; otherwise, false.
static function have_port ($location_global) {
return (get_port_id($location_global) !== null);
* Gets the port situated exactly at the specified global location
* @param string $location_global the global location
* @return int the port ID
static function get_port_id ($location_global) {
global $db;
$location_global = $db->escape($location_global);
$sql = "SELECT port_id FROM " . TABLE_PORTS . " WHERE location_global = '$location_global'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get ports", '', __LINE__, __FILE__, $sql);
if ($row = $db->fetchRow($result)) {
return $row['port_id'];
return null;
* Gets default port, from specified global location
* @param string $location_global the global location
* @return Port the port near this location ; null if there isn't port there.
static function from_location ($location_global) {
$havePlace = strlen($location_global) == 9;
$port_id = null;
if ($havePlace) {
//Checks if there's a port at specified location
$port_id = self::get_port_id($location_global);
if ($port_id == null) {
//Nearest default port.
//If place have been specified (B0001001), we've to found elsewhere
//==> B00001%
global $db;
$loc = $db->escape(substr($location_global, 0, 6));
$sql = "SELECT port_id FROM " . TABLE_PORTS . " WHERE location_global LIKE '$loc%'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get port", '', __LINE__, __FILE__, $sql);
if ($row = $db->fetchRow($result)) {
$port_id = $row['port_id'];
} else {
return null;
return new Port($port_id);
diff --git a/includes/objects/profile.php b/includes/objects/profile.php
index d6cf5c3..3dfd103 100644
--- a/includes/objects/profile.php
+++ b/includes/objects/profile.php
@@ -1,156 +1,158 @@
* Profile class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-01-02 16:49 Autogenerated by Pluton Scaffolding
* Import from Azhàr
* 0.2 2010-07-05 03:56 Tags
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Profile class
* This class maps the profiles table.
* The class also provides methods to handle and cache tags.
class Profile {
public $perso_id;
public string $text = "";
public $updated;
public $fixedwidth;
+ public string $lastError = "";
* Initializes a new instance of the Profile class
* @param int $perso_id the perso ID
function __construct ($perso_id) {
$this->perso_id = $perso_id;
* Loads the object Profile (ie fill the properties) from the $_POST array
function load_from_form ($read_boolean = true) {
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
if (array_key_exists('updated', $_POST)) {
$this->updated = $_POST['updated'];
if ($read_boolean) {
if (array_key_exists('fixedwidth', $_POST)) {
$this->fixedwidth = $_POST['fixedwidth'];
* Loads the object Profile (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->perso_id);
$sql = "SELECT * FROM " . TABLE_PROFILES . " WHERE perso_id = '$id'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_profiles", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Profile unknown: " . $this->perso_id;
return false;
$this->text = $row['profile_text'];
$this->updated = $row['profile_updated'];
$this->fixedwidth = $row['profile_fixedwidth'];
return true;
* Saves the object to the database
function save_to_database () {
global $db;
$perso_id = $db->escape($this->perso_id);
$text = $db->escape($this->text);
$updated = $db->escape($this->updated);
$fixedwidth = $this->fixedwidth ? 1 : 0;
$sql = "REPLACE INTO " . TABLE_PROFILES . " (`perso_id`, `profile_text`, `profile_updated`, `profile_fixedwidth`) VALUES ('$perso_id', '$text', '$updated', '$fixedwidth')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
/// Tags
* Gets the profile's tags
* @return string The profile's tags
function get_tags () {
global $db;
$id = $db->escape($this->perso_id);
$sql = "SELECT tag_code, tag_class FROM " . TABLE_PROFILES_TAGS
. " WHERE perso_id = '$id'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get tags", '', __LINE__, __FILE__, $sql);
$tags = [];
while ($row = $db->fetchRow($result)) {
$tags[$row['tag_class']][] = $row['tag_code'];
return $tags;
* Gets the profile's cached tags
* @return string The profile's tags
function get_cached_tags () {
$cache = Cache::load();
$key = 'zed_profile_tags_' . $this->perso_id;
if (!$tags_html = $cache->get($key)) {
//Regenerates tags cached html snippet
global $smarty;
$tags = $this->get_tags();
if (count($tags)) {
$smarty->assign('tags', $tags);
$tags_html = $smarty->fetch('profile_tags.tpl');
} else {
$tags_html = " ";
$cache->set($key, $tags_html);
return $tags_html;
diff --git a/includes/objects/profilecomment.php b/includes/objects/profilecomment.php
index 6c111d7..b752474 100644
--- a/includes/objects/profilecomment.php
+++ b/includes/objects/profilecomment.php
@@ -1,140 +1,142 @@
* Profile comments class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-01-03 01:02 Autogenerated by Pluton Scaffolding
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Profile comments class
* This class maps the profiles_comments table.
class ProfileComment {
public $id;
public $perso_id;
public $author;
public $authorname; //should be read-only
public $date;
public $text;
+ public string $lastError = "";
* Initializes a new instance of the ProfileComment class
* @param int $id the comment ID
function __construct ($id = '') {
if ($id) {
$this->id = $id;
} else {
$this->date = time();
* Loads the object comment (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
if (array_key_exists('author', $_POST)) {
$this->author = $_POST['author'];
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
* Loads the object comment (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT c.*, p.perso_name as author FROM " . TABLE_PROFILES_COMMENTS . " c, " . TABLE_PERSOS . " p WHERE c.comment_id = '$id' AND p.perso_id = c.comment_author";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_profiles_comments", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "comment unknown: " . $this->id;
return false;
$this->perso_id = $row['perso_id'];
$this->author = $row['comment_author'];
$this->authorname = $row['author'];
$this->date = $row['comment_date'];
$this->text = $row['comment_text'];
return true;
* Saves the object to the database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$perso_id = $db->escape($this->perso_id);
$author = $db->escape($this->author);
$date = $db->escape($this->date);
$text = $db->escape($this->text);
$sql = "REPLACE INTO " . TABLE_PROFILES_COMMENTS . " (`comment_id`, `perso_id`, `comment_author`, `comment_date`, `comment_text`) VALUES ($id, '$perso_id', '$author', '$date', '$text')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Publishes the comment
* @todo Add events on publish
function publish () {
* Gets comments
* @param int $perso_id The Perso ID
static function get_comments ($perso_id) {
global $db;
$sql = "SELECT comment_id FROM " . TABLE_PROFILES_COMMENTS . " WHERE perso_id = " . $db->escape($perso_id);
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get comments", '', __LINE__, __FILE__, $sql);
$comments = [];
while ($row = $db->fetchRow($result)) {
$comments[] = new ProfileComment($row[0]);
return $comments;
diff --git a/includes/objects/profilephoto.php b/includes/objects/profilephoto.php
index 723b5c7..4533273 100644
--- a/includes/objects/profilephoto.php
+++ b/includes/objects/profilephoto.php
@@ -1,217 +1,219 @@
* Profile photo class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-01-03 21:00 Autogenerated by Pluton Scaffolding
* 0.2 2010-02-02 00:52 Thumbnail ImageMagick generation code
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Profile photo class
* This class maps the profile_photos table.
* It also provides helper methods to handle avatars or get all the photos
* from a specified perso.
class ProfilePhoto {
public $id;
public $perso_id;
public $name;
public $description;
public $avatar;
+ public string $lastError = "";
* Initializes a new instance of the ProfilePhoto class
function __construct ($id = '') {
if ($id) {
$this->id = $id;
* Loads the object photo (ie fill the properties) from the $_POST array
* @param bool $readBoolean if false, don't read the bool avatar field to avoid to set by error false if the field weren't in the form.
function load_from_form ($readBoolean = true) {
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
if ($readBoolean) {
$this->avatar = (bool)$_POST['avatar'];
* Loads the object photo (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_PROFILES_PHOTOS . " WHERE photo_id = '" . $id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_profiles_photos", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "photo unknown: " . $this->id;
return false;
$this->perso_id = $row['perso_id'];
$this->name = $row['photo_name'];
$this->description = $row['photo_description'];
$this->avatar = $row['photo_avatar'];
return true;
* Promotes the photo to avatar
function promote_to_avatar () {
global $db;
//1 - locally
$sql = "UPDATE " . TABLE_PROFILES_PHOTOS . " SET photo_avatar = 0 WHERE perso_id = " . $this->perso_id;
$this->avatar = true;
//2 - in perso table
$perso = Perso::get($this->perso_id);
$perso->avatar = $this->name;
* Saves the object to the database
function save_to_database () {
global $db;
//Escapes fields
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$perso_id = $db->escape($this->perso_id);
$name = $db->escape($this->name);
$description = $db->escape($this->description);
$avatar = $this->avatar ? 1 : 0;
$sql = "REPLACE INTO " . TABLE_PROFILES_PHOTOS . " (`photo_id`, `perso_id`, `photo_name`, `photo_description`, `photo_avatar`) VALUES ($id, '$perso_id', '$name', '$description', $avatar)";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Deletes the photo
function delete () {
global $db;
//Deletes from disk
$pic_tn = PHOTOS_DIR . '/' . $this->name;
$pic_genuine = PHOTOS_DIR . '/tn/' . $this->name;
//Deletes from database
$id = $db->escape($this->id);
$sql = "DELETE FROM " . TABLE_PROFILES_PHOTOS . " WHERE photo_id = '$id' LIMIT 1";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete photo", '', __LINE__, __FILE__, $sql);
* Generates a thumbnail using ImageMagick binary
* @return boolean true if the thumbnail command returns 0 as program exit code ; otherwise, false
function generate_thumbnail () {
global $Config;
$sourceFile = PHOTOS_DIR . DIRECTORY_SEPARATOR . $this->name;
$thumbnailFile = PHOTOS_DIR . DIRECTORY_SEPARATOR . 'tn' . DIRECTORY_SEPARATOR . $this->name;
$command = $Config['ImageMagick']['convert'] . " $sourceFile -resize 1000x80 $thumbnailFile";
@system($command, $code);
return ($code == 0);
* Gets photos from the specified perso
* @param int $perso_id the perso ID
* @param bool $allowUnsafe if false, don't include not safe for work photos
* @return ProfilePhoto[]
static function get_photos ($perso_id, $allowUnsafe = true) : array {
global $db;
$sql = "SELECT photo_id FROM " . TABLE_PROFILES_PHOTOS . " WHERE perso_id = " . $db->escape($perso_id);
if (!$allowUnsafe) {
$sql .= " AND photo_safe = 0";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get photos", '', __LINE__, __FILE__, $sql);
$photos = [];
while ($row = $db->fetchRow($result)) {
$photos[] = new ProfilePhoto($row[0]);
return $photos;
* Gets perso avatar
* @param integer $perso_id the perso to get the avatar ID
* @param string $username the username to put in title tag
static function get_avatar ($perso_id, $username = '') {
global $db;
$perso_id = $db->escape($perso_id);
$sql = "SELECT photo_description, photo_name FROM " . TABLE_PROFILES_PHOTOS . " WHERE perso_id = '$perso_id' and photo_avatar = 1";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get avatar", '', __LINE__, __FILE__, $sql);
if ($row = $db->fetchRow($result)) {
if (!$username) {
$username = get_name($perso_id);
$description = $row['photo_description'] ? "$row[photo_description] ($username's avatar)" : "$username's avatar";
$url = PHOTOS_URL . '/tn/' . $row['photo_name'];
return "<img src=\"$url\" title=\"$username\" alt=\"$description\" />";
} else {
return null;
diff --git a/includes/objects/request.php b/includes/objects/request.php
index b4d432f..98f10a4 100644
--- a/includes/objects/request.php
+++ b/includes/objects/request.php
@@ -1,143 +1,145 @@
* Request class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2011, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2011-06-13 21:16 Autogenerated by Pluton Scaffolding
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2011 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Request class
* This class maps the requests table.
class Request {
public $id;
public $code;
public $title;
public $date;
public $author;
public $to;
public $message;
public $location_global;
public $location_local;
public $status;
+ public string $lastError = "";
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
} else {
$this->date = time();
$this->status = 'NEW';
* Loads the object Request (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('code', $_POST)) {
$this->code = $_POST['code'];
if (array_key_exists('title', $_POST)) {
$this->title = $_POST['title'];
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
if (array_key_exists('author', $_POST)) {
$this->author = $_POST['author'];
if (array_key_exists('to', $_POST)) {
$this->to = $_POST['to'];
if (array_key_exists('message', $_POST)) {
$this->message = $_POST['message'];
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
if (array_key_exists('status', $_POST)) {
$this->status = $_POST['status'];
* Loads the object Request (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_REQUESTS . " WHERE request_id = '" . $id . "'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query requests", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Request unknown: " . $this->id;
return false;
$this->code = $row['request_code'];
$this->title = $row['request_title'];
$this->date = $row['request_date'];
$this->author = $row['request_author'];
$this->message = $row['request_message'];
$this->to = $row['request_to'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->status = $row['request_status'];
return true;
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$code = $db->escape($this->code);
$title = $db->escape($this->title);
$date = $db->escape($this->date);
$author = $db->escape($this->author);
$message = $db->escape($this->message);
$to = $db->escape($this->to);
$location_global = $db->escape($this->location_global);
$location_local = $db->escape($this->location_local);
$status = $db->escape($this->status);
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_REQUESTS . " (`request_id`, `request_code`, `request_title`, `request_date`, `request_author`, `request_message`, `request_to`, `location_global`, `location_local`, `request_status`) VALUES ($id, '$code', '$title', '$date', '$author', '$message', '$to', '$location_global', '$location_local', '$status')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$this->id) {
//Gets new record id value
$this->id = $db->nextId();
diff --git a/includes/objects/requestreply.php b/includes/objects/requestreply.php
index 181b902..8dee932 100644
--- a/includes/objects/requestreply.php
+++ b/includes/objects/requestreply.php
@@ -1,110 +1,112 @@
* RequestReply class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2011, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2011-06-13 21:20 Autogenerated by Pluton Scaffolding
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2011 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* RequestReply class
* This class maps the requests_replies table.
class RequestReply {
public $id;
public $request_id;
public $author;
public $date;
public $text;
+ public string $lastError = "";
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
* Loads the object RequestReply (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('request_id', $_POST)) {
$this->request_id = $_POST['request_id'];
if (array_key_exists('author', $_POST)) {
$this->author = $_POST['author'];
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
* Loads the object RequestReply (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_REQUESTS_REPLIES . " WHERE request_reply_id = '" . $id . "'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query requests_replies", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "RequestReply unknown: " . $this->id;
return false;
$this->request_id = $row['request_id'];
$this->author = $row['request_reply_author'];
$this->date = $row['request_reply_date'];
$this->text = $row['request_reply_text'];
return true;
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$request_id = $db->escape($this->request_id);
$author = $db->escape($this->author);
$date = $db->escape($this->date);
$text = $db->escape($this->text);
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_REQUESTS_REPLIES . "(`request_reply_id`, `request_id`, `request_reply_author`, `request_reply_date`, `request_reply_text`) VALUES ('$id', '$request_id', '$author', '$date', '$text')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$this->id) {
//Gets new record id value
$this->id = $db->nextId();
diff --git a/includes/objects/ship.php b/includes/objects/ship.php
index 5bd700e..03c1fc4 100644
--- a/includes/objects/ship.php
+++ b/includes/objects/ship.php
@@ -1,341 +1,343 @@
* Ship class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* 0.1 2010-02-05 18:51 Autogenerated by Pluton Scaffolding
* 0.2 2010-02-06 17:30 Ship API
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* Ship class
* This class maps the ship table.
* It also provides helper methods to handle landing and fly out,
* or locate the ship.
* The class also provides methods for the ship API.
class Ship {
* ----------------------------------------------------------------------- *
* Ship class definition
* ----------------------------------------------------------------------- *
public $id;
public $name;
public $location_global;
public $location_local;
public $api_key;
public $description;
+ public string $lastError = "";
private static $hashtable = [];
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
if (preg_match("/^S[0-9]{5}$/", $id)) {
$id = substr($id, 1);
$this->id = $id;
* Initializes a new Ship instance if needed or gets already available one.
* @param mixed $data ship ID
* @return Ship the ship instance
static function get ($data = null) {
if ($data !== null) {
if (preg_match("/^S[0-9]{5}$/", $id)) {
$id = substr($data, 1);
} else {
$id = $data;
//Checks in the hashtable if we already have loaded this instance
if (array_key_exists($id, self::$hashtable)) {
return self::$hashtable[$data];
$ship = new Ship($data);
return $ship;
* Loads the object Ship (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
if (array_key_exists('location_global', $_POST)) {
$this->location = $_POST['location_global'];
if (array_key_exists('location_local', $_POST)) {
$this->location = $_POST['location_local'];
if (array_key_exists('api_key', $_POST)) {
$this->api_key = $_POST['api_key'];
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
* Loads the object Ship (ie fill the properties) from the database
function load_from_database () {
global $db;
$id = $db->escape($this->id);
$sql = "SELECT * FROM ships WHERE ship_id = '" . $id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query Ships", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "Ship unknown: " . $this->id;
return false;
$this->name = $row['ship_name'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->api_key = $row['api_key'];
$this->description = $row['ship_description'];
//Puts object in hashtable
self::$hashtable[$this->id] = $this;
return true;
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$name = $db->escape($this->name);
$location_global = $db->escape($this->location_global);
$location_local = $db->escape($this->location_local);
$api_key = $db->escape($this->api_key);
$description = $db->escape($this->description);
//Updates or inserts
$sql = "REPLACE INTO ships (`ship_id`, `ship_name`, `location_global`, `location_local`, `api_key`, `ship_description`) VALUES ($id, '$name', '$location_global', '$location_location', '$api_key', '$description')";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Gets the ship code, as a string representation of the instance.
* @return the ship's code
function __toString () {
return $this->get_code();
* Get ships at specified location
* @param string $location_global global location
* @param string $location_local local location
* @return array An array of Ship items, each one a ship at the specified location
static function get_ships_at ($location_global, $location_local = null) {
global $db;
//Gets ships
$sql = "SELECT ship_id, location_global, location_local FROM " . TABLE_SHIPS . " WHERE location_global IS NOT NULL";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get ships", '', __LINE__, __FILE__, $sql);
$ships = [];
$location = new GeoLocation($location_global, $location_local);
while ($row = $db->fetchRow($result)) {
$shipLocation = new GeoLocation($row['location_global'], $row['location_local']);
if ($location->equals($shipLocation)) {
$ships[] = self::get($row['ship_id']);
return $ships;
* ----------------------------------------------------------------------- *
* Helper methods
* ----------------------------------------------------------------------- *
* Gets ship code, e.g. S00001
* @return string the ship code
function get_code () {
return sprintf("S%05d", $this->id);
* Determines if the ship is at a spatioport (or assimilated)
* @return bool true if the ship is at a spatioport ; false if the ship is in space
function in_spatioport () {
return $this->location_local !== null;
* Flies in the sip
* @param string $location_local the spatioport location
* @todo Completes location global e.g. B00001 -> B00001003
function fly_in ($location_local = null) {
$this->location_local = ($location_local == null) ? 0 : $location_local;
* Flies out.
function fly_out () {
$this->location_local = null;
* ----------------------------------------------------------------------- *
* Ship API methods
* ----------------------------------------------------------------------- *
* Requests the specified perso to authenticate to this ship
* @param mixed $perso_data the perso id or name
function request_perso_authenticate ($perso_data) {
$perso = Perso::get($perso_data);
$flag = sprintf("request.api.ship.auth.%s", $this->get_code());
* Determines if a perso is authenticated to this ship
* @param mixed $perso_data the perso id or name
* @return boolean true if the specified perso name is authenticated to this ship ; otherwise, false.
function is_perso_authenticated ($perso_data) {
$flag = sprintf("api.ship.auth.%s", $this->get_code());
return Perso::get($perso_data)->flags[$flag] == 1;
* Requests the specified perso to confirm the ship API session
* @param string $session_id a session ID provided by calling application
* @param mixed $perso_data the perso id or name
function request_perso_confirm_session ($session_id, $perso_data) {
$perso = Perso::get($perso_data);
$flag = sprintf("request.api.ship.session.%s.%s", $this->get_code(), $session_id);
* Cleans ship API temporary sessions
static function clean_ship_sessions () {
//Cleans old sessions
global $db;
$sql = "DELETE FROM " . TABLE_REGISTRY . " WHERE registry_key LIKE 'api.ship.session.%' AND registry_updated < NOW() - 7200";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete old ship API sessions", '', __LINE__, __FILE__, $sql);
* Gets perso id from specified session
* @param string $session_id a session ID provided by calling application
* @return mixed the session
function get_perso_from_session ($session_id) {
//Cleans old session
//Reads api.ship.session.S00001.$session_id
//This registry key contains perso_id if it exists and valid
$key = sprintf("api.ship.session.%s.%s", $this->get_code(), $session_id);
return registry_get($key);
* Loads a Ship object from its API key
* @param string $key API key GUID
* @return Ship the ship matching the API key
static function from_api_key ($key) {
global $db;
$key = $db->escape($key);
$sql = "SELECT * FROM ships WHERE api_key = '" . $key . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query ships", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
return null;
//Fills ship information
$ship = new Ship();
$ship->id = $row['ship_id'];
$ship->name = $row['ship_name'];
$ship->location = $row['ship_location'];
$ship->api_key = $row['api_key'];
$ship->description = $row['ship_description'];
return $ship;
diff --git a/includes/objects/user.php b/includes/objects/user.php
index 49172eb..0f4bd76 100644
--- a/includes/objects/user.php
+++ b/includes/objects/user.php
@@ -1,264 +1,266 @@
* User class
* Zed. The immensity of stars. The HyperShip. The people.
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
* [DESIGN BY CONTRACT NOTE] No more than one OpenID per user
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license BSD
* @version 0.1
* @link
* @link
* @filesource
* User class
* This class maps the users and users_openid tables.
* It also provides helper methods to check if a login is available,
* or to retrieve a username from e-mail address.
class User {
public $id;
public $name;
public $password;
public $active = 0;
public $actkey;
public $email;
public $regdate;
+ public string $lastError = "";
public static $hashtable_id = [];
public static $hashtable_name = [];
public array $session = [];
* Initializes a new instance
* @param int $id the primary key
function __construct ($id = null) {
if ($id) {
$this->id = $id;
* Initializes a new User instance if needed or get already available one.
* @param mixed $data user ID or name
* @return User the user instance
static function get ($data = null) {
if ($data) {
//Checks in the hashtables if we already have loaded this instance
if (is_numeric($data)) {
if (array_key_exists($data, User::$hashtable_id)) {
return User::$hashtable_id[$data];
} else {
if (array_key_exists($data, User::$hashtable_name)) {
return User::$hashtable_name[$data];
$user = new User($data);
return $user;
* Loads the object User (ie fill the properties) from the $_POST array
function load_from_form () {
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
if (array_key_exists('password', $_POST)) {
$this->password = $_POST['password'];
if (array_key_exists('active', $_POST)) {
$this->active = $_POST['active'];
if (array_key_exists('actkey', $_POST)) {
$this->actkey = $_POST['actkey'];
if (array_key_exists('email', $_POST)) {
$this->email = $_POST['email'];
if (array_key_exists('regdate', $_POST)) {
$this->regdate = $_POST['regdate'];
* Loads the object User (ie fill the properties) from the database
function load_from_database () {
global $db;
$sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
if (!$row = $db->fetchRow($result)) {
$this->lastError = "User unknown: " . $this->id;
return false;
$this->name = $row['username'];
$this->password = $row['user_password'];
$this->active = $row['user_active'];
$this->actkey = $row['user_actkey'];
$this->email = $row['user_email'];
$this->regdate = $row['user_regdate'];
//Puts object in hashtables
Perso::$hashtable_id[$this->id] = $this;
Perso::$hashtable_name[$this->name] = $this;
return true;
* Saves to database
function save_to_database () {
global $db;
$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$name = $db->escape($this->name);
$password = $db->escape($this->password);
$active = $db->escape($this->active);
$actkey = $db->escape($this->actkey);
$email = $db->escape($this->email);
$regdate = $this->regdate ? "'" . $db->escape($this->regdate) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_USERS . " (`user_id`, `username`, `user_password`, `user_active`, `user_actkey`, `user_email`, `user_regdate`) VALUES ($id, '$name', '$password', '$active', '$actkey', '$email', $regdate)";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
if (!$id) {
//Gets new record id value
$this->id = $db->nextId();
* Updates the specified field in the database record
function save_field ($field) {
global $db;
if (!$this->id) {
message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
$id = $db->escape($this->id);
$value = $db->escape($this->$field);
$sql = "UPDATE " . TABLE_USERS . " SET `$field` = '$value' WHERE user_id = '$id'";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
* Generates a unique user id
function generate_id () {
global $db;
do {
$this->id = rand(2001, 5999);
$sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id LOCK IN SHARE MODE;";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access users table", '', __LINE__, __FILE__, $sql);
$row = $db->fetchRow($result);
} while ($row[0]);
* Fills password field with encrypted version of the specified clear password
* @param string $newpassword The user's new password
public function set_password ($newpassword) {
$this->password = md5($newpassword);
* Deletes OpenID for this user
public function delete_OpenID () {
* Sets OpenID for this user
* @param string $url OpenID endpoint URL
public function set_OpenID ($url) {
global $db;
if (!$this->id) {
$url = $db->escape($url);
$sql = "DELETE FROM " . TABLE_USERS_AUTH . " WHERE auth_type = 'OpenID' AND user_id = $this->id";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete old OpenID", '', __LINE__, __FILE__, $sql);
if ($url != '') {
$sql = "INSERT INTO " . TABLE_USERS_AUTH . " (auth_type, auth_identity, user_id) VALUES ('OpenID', '$url', $this->id)";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't add new OpenID", '', __LINE__, __FILE__, $sql);
* Checks if a login is available
* @param string $login the login to check
* @return bool true if the specified login is available ; otherwise, false.
public static function is_available_login ($login) : bool {
global $db;
$sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username LIKE '$login' LOCK IN SHARE MODE;";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
$row = $db->fetchRow($result);
return !$row[0];
* Gets username from specified e-mail
* @param string $mail the mail to search
* @return string|bool the username matching the mail if found ; otherwise, false.
public static function get_username_from_email ($mail) {
global $db;
$sql = "SELECT username FROM " . TABLE_USERS . " WHERE user_email LIKE '$mail' LOCK IN SHARE MODE;";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
if ($row = $db->fetchRow($result)) {
return $row['username'];
return false;

