Page MenuHomeCode

No OneTemporary

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/Engines/Database/Database.php b/Engines/Database/Database.php
new file mode 100644
index 0000000..da306b8
--- /dev/null
+++ b/Engines/Database/Database.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Zed\Engines\Database;
+
+use Keruald\Database\DatabaseEngine;
+use Keruald\Database\Database as BaseDatabase;
+use Keruald\Database\Exceptions\EngineSetupException;
+
+class Database {
+
+ /**
+ * Gets the database instance, initializing it if needed
+ *
+ * The correct database instance to initialize will be determined from the
+ * $Config['database']['engine'] preference. Expected value is an instance
+ * of DatabaseEngine.
+ *
+ * Example:
+ * <code>
+ * $Config['database']['engine'] = 'Foo\Quux';
+ * $db = Database::load(); // Database::load() will call Foo\Quux::load();
+ * </code>
+ */
+ static function load (array &$config) : DatabaseEngine {
+ try {
+ return BaseDatabase::initialize($config);
+ } catch (EngineSetupException $ex) {
+ message_die(GENERAL_ERROR, $ex->getMessage(), "Setup issue :: DB");
+ }
+ }
+}
diff --git a/api.php b/api.php
index 3253188..d6ddfb9 100644
--- a/api.php
+++ b/api.php
@@ -1,332 +1,336 @@
<?php
/**
* API entry point
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage EntryPoints
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
* @todo Consider to output documentation on / and /ship queries
* @todo /app/getdata
*/
+use Zed\Engines\Database\Database;
//API preferences
define('URL', 'http://' . $_SERVER['HTTP_HOST'] . '/index.php');
//Pluton library
require_once('includes/core.php');
require_once('includes/config.php');
//API libs
require_once('includes/api/api_helpers.php');
require_once('includes/api/cerbere.php');
//Use our URL controller method if you want to mod_rewrite the API
$Config['SiteURL'] = get_server_url() . $_SERVER["PHP_SELF"];
$url = get_current_url_fragments();
+//Database
+$db = Database::load($Config['Database']);
+
switch ($module = $url[0]) {
/* -------------------------------------------------------------
Site API
/time
/location
/coordinates
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
case '':
//Nothing to do
//TODO: offer documentation instead
die();
case 'time':
//Hypership time
api_output(get_hypership_time(), "time");
break;
case 'location':
//Checks credentials
cerbere();
//Gets location info
require_once("includes/geo/location.php");
$location = new GeoLocation($url[1], $url[2]);
api_output($location, "location");
break;
case 'coordinates':
//Checks credentials
cerbere();
//Get coordinates
api_output(GeoGalaxy::getCoordinates(), 'galaxy', 'object');
break;
/* -------------------------------------------------------------
Ship API
/authenticate
/appauthenticate
/appauthenticated
/move
/land
/flyout
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
case 'ship':
//Ship API
//Gets ship from Ship API key (distinct of regular API keys)
require_once('includes/objects/ship.php');
$ship = Ship::from_api_key($_REQUEST['key']) or cerbere_die("Invalid ship API key");
switch ($command = $url[1]) {
case '':
//Nothing to do
//TODO: offer documentation instead
die();
case 'authenticate':
//TODO: web authenticate
break;
case 'appauthenticate':
//Allows desktop application to authenticate an user
$tmp_session_id = $url[2] or cerbere_die("/appauthenticate/ must be followed by any session identifier");
if ($_REQUEST['name']) {
//Perso will be offered auth invite at next login.
//Handy for devices like PDA, where it's not easy to auth.
$perso = new Perso($_REQUEST['name']);
if ($perso->lastError) {
cerbere_die($perso->lastError);
}
if (!$ship->is_perso_authenticated($perso->id)) {
$ship->request_perso_authenticate($perso->id);
}
$ship->request_perso_confirm_session($tmp_session_id, $perso->id);
} else {
//Delivers an URL. App have to redirects user to this URL
//launching a browser or printing the link.
$ship_code = $ship->get_code();
registry_set("api.ship.session.$ship_code.$tmp_session_id", -1);
$url = get_server_url() . get_url() . "?action=api.ship.appauthenticate&session_id=" . $tmp_session_id;
api_output($url, "URL");
}
break;
case 'appauthenticated':
//Checks the user authentication
$tmp_session_id = $url[2] or cerbere_die("/appauthenticated/ must be followed by any session identifier you used in /appauthenticate");
$perso_id = $ship->get_perso_from_session($tmp_session_id);
if (!$isPersoAuth = $ship->is_perso_authenticated($perso_id)) {
//Global auth not ok/revoked.
$auth->status = -1;
} else {
$perso = Perso::get($perso_id);
$auth->status = 1;
$auth->perso->id = $perso->id;
$auth->perso->nickname = $perso->nickname;
$auth->perso->name = $perso->name;
//$auth->perso->location = $perso->location;
//Is the perso on board? Yes if its global location is S...
$auth->perso->onBoard = (
$perso->location_global[0] == 'S' &&
substr($perso->location_global, 1, 5) == $ship->id
);
if ($auth->perso->onBoard) {
//If so, give local location
$auth->perso->location_local = $perso->location_local;
}
}
api_output($auth, "auth");
break;
case 'move':
//Moves the ship to a new location, given absolute coordinates
//TODO: handle relative moves
if (count($url) < 2) {
cerbere_die("/move/ must be followed by a location expression");
}
//Gets location class
//It's allow: (1) to normalize locations between formats
// (2) to ensure the syntax
//==> if the ship want to communicate free forms coordinates, must be added on GeoLocation a free format
try {
$location = new GeoLocation($url[2]);
} catch (Exception $ex) {
$reply->success = 0;
$reply->error = $ex->getMessage();
api_output($reply, "move");
break;
}
$ship->location_global = $location->global;
$ship->save_to_database();
$reply->success = 1;
$reply->location = $ship->location;
api_output($reply, "move");
break;
case 'land':
case 'flyin':
//Flies in
try {
$location = new GeoLocation($location);
} catch (Exception $ex) {
$reply->success = 0;
$reply->error = $ex->getMessage();
api_output($reply, "land");
break;
}
break;
case 'flyout':
//Flies out
break;
}
break;
/* -------------------------------------------------------------
Application API
/checkuserkey
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
case 'app':
//Application API
require_once("includes/objects/application.php");
$app = Application::from_api_key($_REQUEST['key']) or cerbere_die("Invalid application API key");
switch ($command = $url[1]) {
case '':
//Nothing to do
//TODO: offer documentation instead
die();
case 'checkuserkey':
if (count($url) < 2) {
cerbere_die("/checkuserkey/ must be followed by an user key");
}
$reply = (boolean)$app->get_perso_id($url[2]);
api_output($reply, "check");
break;
case 'pushuserdata':
if (count($url) < 3) {
cerbere_die("/pushuserdata/ must be followed by an user key");
}
$perso_id = $app->get_perso_id($url[2]) or cerbere_die("Invalid application user key");
//then, falls to 'pushdata'
case 'pushdata':
$data_id = $_REQUEST['data'] ?: new_guid();
//Gets data
switch ($mode = $_REQUEST['mode']) {
case '':
cerbere_die("Add in your data posted or in the URL mode=file to read data from the file posted (one file per api call) or mode=request to read data from \$_REQUEST['data'].");
case 'request':
$data = $_REQUEST['data'];
$format = "raw";
break;
case 'file':
$file = $_FILES['datafile']['tmp_name'] or cerbere_die("File is missing");
if (!is_uploaded_file($file)) {
cerbere_die("Invalid form request");
}
$data = "";
if (preg_match('/\.tar$/', $file)) {
$format = "tar";
$data = file_get_contents($file);
} elseif (preg_match('/\.tar\.bz2$/', $file)) {
$format = "tar";
} elseif (preg_match('/\.bz2$/', $file)) {
$format = "raw";
} else {
$format = "raw";
$data = file_get_contents($file);
}
if ($data === "") {
//.bz2
$bz = bzopen($file, "r") or cerbere_die("Couldn't open $file");
while (!feof($bz)) {
$data .= bzread($bz, BUFFER_SIZE);
}
bzclose($bz);
}
unlink($file);
break;
default:
cerbere_die("Invalid mode. Expected: file, request");
}
//Saves data
global $db;
- $data_id = $db->sql_escape($data_id);
- $data = $db->sql_escape($data);
+ $data_id = $db->escape($data_id);
+ $data = $db->escape($data);
$perso_id = $perso_id ?: 'NULL';
$sql = "REPLACE INTO applications_data (application_id, data_id, data_content, data_format, perso_id) VALUES ('$app->id', '$data_id', '$data', '$format', $perso_id)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save data", '', __LINE__, __FILE__, $sql);
}
//cerbere_die("Can't save data");
//Returns
api_output($data_id);
break;
case 'getuserdata':
// /api.php/getuserdata/data_id/perso_key
// /api.php/getdata/data_id
if (count($url) < 3) {
cerbere_die("/getuserdata/ must be followed by an user key");
}
$perso_id = $app->get_perso_id($url[2]) or cerbere_die("Invalid application user key");
//then, falls to 'getdata'
case 'getdata':
if (count($url) < 2) {
cerbere_die('/' . $url[0] . '/ must be followed by the data ID');
}
if (!$perso_id) {
$perso_id = 'NULL';
}
- $data_id = $db->sql_escape($url[1]);
+ $data_id = $db->escape($url[1]);
$sql = "SELECT data_content FROM applications_data WHERE application_id = '$app->id' AND data_id = '$data_id' AND perso_id = $perso_id";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query the table", '', __LINE__, __FILE__, $sql);
}
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
}
break;
default:
echo "Unknown module:";
dprint_r($url);
break;
}
break;
default:
echo "Unknown module:";
dprint_r($url);
break;
}
diff --git a/composer.json b/composer.json
index d66294c..5b0a9d7 100644
--- a/composer.json
+++ b/composer.json
@@ -1,30 +1,31 @@
{
"name": "zed/zed",
"description": "Hypership and galaxy",
"type": "project",
"require": {
"smarty/smarty": "dev-master",
+ "keruald/database": "^0.1.0",
"keruald/globalfunctions": "^0.5.1",
"keruald/omnitools": "^0.5.0",
"hypership/geo": "^0.1.0"
},
"require-dev": {
"nasqueron/codestyle": "^0.0.1",
"phan/phan": "^5.3.1",
"squizlabs/php_codesniffer": "^3.6",
"phpunit/phpunit": "^9.5"
},
"autoload": {
"psr-4": {
"Zed\\Engines\\": "Engines",
"Zed\\Tests\\": "dev/tests"
}
},
"license": "BSD-2-Clause",
"authors": [
{
"name": "Sébastien Santoro",
"email": "dereckson@espace-win.org"
}
]
}
diff --git a/controllers/header.php b/controllers/header.php
index 2587532..53e68fc 100644
--- a/controllers/header.php
+++ b/controllers/header.php
@@ -1,65 +1,65 @@
<?php
/**
* Header
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This controller handle the header (MOTD, html header)
*
* @package Zed
* @subpackage Controllers
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo cache MOTD fragments (sql performance)
*/
//
// MOTD
//
//TODO: this is a potentially very intensive SQL query
$sql = 'SELECT p.perso_nickname as username, p.perso_name as name, m.motd_text FROM ' . TABLE_PERSOS . ' p, ' . TABLE_MOTD . ' m WHERE p.perso_id = m.perso_id ORDER BY rand() LIMIT 1';
-if (!$result = $db->sql_query($sql)) {
+if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't query MOTD", '', __LINE__, __FILE__, $sql);
}
-$row = $db->sql_fetchrow($result);
+$row = $db->fetchRow($result);
$smarty->assign('WALL_TEXT', $row['motd_text']);
$smarty->assign('WALL_USER', $row['name']);
$smarty->assign('WALL_USER_URL', get_url('who', $row['username']));
//
// HTML output
//
//Defines DOJO if needed, and assigns DOJO/DIJIT smarty variables
if (!defined('DOJO')) {
/**
* Determines if the dojo library have or not been loaded
*
* If true, there's a code like <script src="js/dojo/dojo/dojo.js"><script>
* in the <head> block of the code.
*/
define('DOJO', defined('DIJIT'));
}
if (defined('DIJIT')) {
$smarty->assign('DIJIT', true);
}
$smarty->assign('DOJO', DOJO);
//Prints the template
$smarty->display('header.tpl');
/**
* This constant indicates the header have been printed
*/
define('HEADER_PRINTED', true);
diff --git a/controllers/page.php b/controllers/page.php
index d687556..a6deb55 100644
--- a/controllers/page.php
+++ b/controllers/page.php
@@ -1,137 +1,137 @@
<?php
/**
* Page
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This controller handle the /page URL.
*
* It allows to prints a content page.
*
* The code of the content page to print must be included in the URL:
* /page/quux will print the quux page.
*
* To edit a page, append ?mode=edit to the URL.
*
* It uses the page_edit.tpl view to edit and the raw.tpl view to print pages.
*
* Versions of the edited pages are saved in a separate table
* but it's not a wiki, it's for backup purposes.
*
* @package Zed
* @subpackage Controllers
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo move "handle editor form" and some of the "gets page" code to a includes/objects/page.php file (rationale: cleaner model/controller separation)
*/
-if (!$code = $db->sql_escape($url[1])) {
+if (!$code = $db->escape($url[1])) {
message_die(HACK_ERROR, "/page/ must be followed by page code");
}
//
// Handles editor form
//
if ($_POST['code']) {
//Ask flag admin.pages.editor
$CurrentPerso->request_flag('admin.pages.editor');
//Gets version
$sql = "SELECT MAX(page_version) + 1 FROM " . TABLE_PAGES_EDITS .
" WHERE page_code = '$code'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't fetch pages", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
$page_version = ($row[0] == "") ? 0 : $row[0];
//Gets other fields
- $page_code = $db->sql_escape($code);
- $page_title = $db->sql_escape($_POST['title']);
- $page_content = $db->sql_escape($_POST['content']);
- $page_edit_reason = $db->sql_escape($_POST['edit_reason']);
+ $page_code = $db->escape($code);
+ $page_title = $db->escape($_POST['title']);
+ $page_content = $db->escape($_POST['content']);
+ $page_edit_reason = $db->escape($_POST['edit_reason']);
$page_edit_user_id = $CurrentPerso->user_id;
$page_edit_time = time();
//Saves archive version
$sql = "INSERT INTO " . TABLE_PAGES_EDITS . " (`page_code`, `page_version`, `page_title`, `page_content`, `page_edit_reason`, `page_edit_user_id`, `page_edit_time`) VALUES ('$page_code', '$page_version', '$page_title', '$page_content', '$page_edit_reason', '$page_edit_user_id', '$page_edit_time')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save page", '', __LINE__, __FILE__, $sql);
}
//Saves prod version
$sql = "REPLACE INTO " . TABLE_PAGES . " (`page_code`, `page_title`, `page_content`) VALUES ('$page_code', '$page_title', '$page_content')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save page", '', __LINE__, __FILE__, $sql);
}
$smarty->assign('NOTIFY', "Page $page_code saved, version $page_version.");
}
//
// Gets page
//
$sql = "SELECT page_title, page_content, page_code FROM " . TABLE_PAGES . " WHERE page_code LIKE '$code'";
-if ( !($result = $db->sql_query($sql)) ) {
+if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Can't get pages", '', __LINE__, __FILE__, $sql);
}
-$row = $db->sql_fetchrow($result);
+$row = $db->fetchRow($result);
switch ($_GET['mode']) {
case 'edit':
$CurrentPerso->request_flag('admin.pages.editor');
$template = 'page_edit.tpl';
if ($row) {
$smarty->assign('PAGE_TITLE', $row['page_title']);
$smarty->assign('page', $row);
} else {
$smarty->assign('PAGE_TITLE', $code);
$page['page_code'] = $code;
$smarty->assign('page', $page);
unset($page);
}
$smarty->assign('PAGE_JS', 'FCKeditor/fckeditor.js');
break;
default:
if ($row) {
$smarty->assign('PAGE_TITLE', $row['page_title']);
$content = $row['page_content'];
} else {
$smarty->assign('PAGE_TITLE', lang_get('PageNotFound'));
$content = lang_get('PageNotFound');
}
//Adds edit link
if ($CurrentPerso->flags['admin.pages.editor']) {
$content .= '<p class="info" style="text-align: right">[ <a href="?mode=edit">Edit page</a> ]</p>';
}
$template = 'raw.tpl';
$smarty->assign('CONTENT', $content);
break;
}
//
// HTML output
//
//Serves header
include('header.php');
//Serves content
$smarty->display($template);
//Serves footer
include('footer.php');
diff --git a/controllers/profile.php b/controllers/profile.php
index 080087c..78aa619 100644
--- a/controllers/profile.php
+++ b/controllers/profile.php
@@ -1,359 +1,359 @@
<?php
/**
* User profile
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This is a controller allowing user profile view and edit.
*
* It handles the following URLs:
* /who/<perso nickname> views the nickname's profile,
* /who/random views a random profile,
* /who/edit/profile edits its profile
* /who/edit/account edits its account (disabled on Zed, cf. settings),
* /who/edit/photo(s) manages its profile's photos,
* /who/edit/photo/edit/<photo id> edits a photo properties,
* /who/edit/photo/delete/<photo id> deletes a photo,
* /who/edit/photo/avatar/<photo id> promotes a photo to avatar.
*
* The following views are used:
* profile.tpl,
* profile_edit.tpl,
* user_account.tpl,
* profile_photo.tpl,
* profile_photo_edit.tpl.
*
* The following models are used:
* Profile,
* ProfilePhoto,
* ProfileComment.
*
* The view profile_tags.tpl is indirectly used by the Profile model.
*
* This code is maintained in // with Azhàr.
*
* @package Zed
* @subpackage Controllers
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
//Loads language file
lang_load('profile.conf');
//Gets perso nickname from URL
$who = $url[1];
switch ($who) {
case 'edit':
$mode = 'edit';
$who = $CurrentPerso->nickname;
break;
case 'random':
$mode = 'view';
- $who = $db->sql_query_express("SELECT perso_id FROM " . TABLE_PROFILES . " ORDER BY rand() LIMIT 1");
+ $who = $db->queryScalar("SELECT perso_id FROM " . TABLE_PROFILES . " ORDER BY rand() LIMIT 1");
break;
default:
$mode = 'view';
}
if (!$who) {
message_die(GENERAL_ERROR, "Who?", "URL error");
}
//Libs
require_once('includes/objects/profile.php');
require_once('includes/objects/profilecomment.php');
require_once('includes/objects/profilephoto.php');
//Gets perso information
require_once('includes/objects/perso.php');
$perso = Perso::get($who);
if ($perso->lastError) {
message_die(GENERAL_ERROR, $perso->lastError, "Error");
}
$smarty->assign('perso', $perso);
//Gets profile
$profile = new Profile($perso->id);
//Handles form
$message_type = $_POST['message_type'] ?? "";
if (isset($_POST['EditProfile'])) {
$profile->load_from_form();
$profile->updated = time();
$profile->save_to_database();
$mode = 'view';
} elseif (isset($_POST['UserAccount'])) {
$smarty->assign('WAP', "This form have been deprecated. You can write instead settings in the SmartLine");
} elseif ($message_type === 'private_message') {
//Sends a message
require_once('includes/objects/message.php');
$msg = new Message();
$msg->from = $CurrentPerso->id;
$msg->to = $perso->id;
$msg->text = $_POST['message'];
$msg->send();
if ($msg->from == $msg->to) {
$smarty->assign('NOTIFY', lang_get('MessageSentSelf'));
} else {
$smarty->assign('NOTIFY', lang_get('MessageSent'));
}
} elseif ($message_type== 'profile_comment') {
//New profile comment
$comment = new ProfileComment();
$comment->author = $CurrentPerso->id;
$comment->perso_id = $perso->id;
$comment->text = $_POST['message'];
$comment->publish();
$smarty->assign('NOTIFY', lang_get('CommentPublished'));
} elseif (isset($_FILES['photo'])) {
#We've a file !
$hash = md5(microtime() . serialize($_FILES));
$extension = get_extension($_FILES['photo']['name']);
$filename = $CurrentPerso->id . '_' . $hash . '.' . $extension;
#We ignore $_FILES[photo][error] 4, this means no file has been uploaded
#(so user doesn't want upload a new file)
#See http:/www.php.net/features.file-upload and http://www.php.net/manual/en/features.file-upload.errors.php about common errors
#Not valid before PHP 4.2.0
switch ($_FILES['photo']['error']) {
case 0:
#There is no error, the file uploaded with success.
if (!move_uploaded_file($_FILES['photo']['tmp_name'], PHOTOS_DIR . '/' . $filename)) {
$errors[] = "Upload successful, but error saving it.";
} else {
//Attaches the picture to the profile
$photo = new ProfilePhoto();
$photo->name = $filename;
$photo->perso_id = $CurrentPerso->id;
$photo->description = $_POST['description'];
if ($photo->avatar) {
$photo->promote_to_avatar();
}
$photo->save_to_database();
//Generates thumbnail
if (!$photo->generate_thumbnail()) {
$smarty->assign('WAP', "Error generating thumbnail.");
}
$smarty->assign('NOTIFY', lang_get('PhotoUploaded'));
$mode = 'view';
}
break;
case 1:
$errors[] = "The file is too large.";
break;
#TODO : more explicit error messages
default:
$errors[] = "Unknown error (#" . $_FILES['photo']['error'] . ")";
break;
}
if (count($errors)) {
$smarty->assign('WAP', join('<br />', $errors));
}
} elseif (isset($_POST['id'])) {
//Edits photo properties
$photo = new ProfilePhoto($_POST['id']);
if ($photo->lastError) {
$smarty->assign('WAP', $photo->lastError);
$mode = 'view';
} elseif ($photo->perso_id != $CurrentPerso->id) {
$smarty->assign('WAP', lang_get('NotYourPic'));
$mode = 'view';
} else {
//OK
$wereAvatar = $photo->avatar;
$photo->load_from_form();
if (!$wereAvatar && $photo->avatar) {
//Promote to avatar
$photo->promote_to_avatar();
}
$photo->save_to_database();
}
}
//Prepares output
$smarty->assign('PROFILE_TEXT', $profile->text);
$smarty->assign('PROFILE_FIXEDWIDTH', $profile->fixedwidth);
if ($mode == 'view') {
require_once('includes/objects/profilephoto.php');
//Self profile?
$self = $CurrentPerso->id == $profile->perso_id;
//Gets profiles comments, photos, tags
$comments = ProfileComment::get_comments($profile->perso_id);
$photos = ProfilePhoto::get_photos($profile->perso_id);
$tags = $profile->get_cached_tags();
//Records timestamp, to be able to track new comments
if ($self) {
$CurrentPerso->set_flag('profile.lastvisit', time());
}
//Template
$smarty->assign('PROFILE_COMMENTS', $comments);
$smarty->assign('PROFILE_SELF', $self);
if ($tags) {
$smarty->assign('PROFILE_TAGS', $tags);
}
$smarty->assign('USERNAME', $perso->nickname);
$smarty->assign('NAME', $perso->name ?: $perso->nickname);
$template = 'profile.tpl';
} elseif ($mode == 'edit') {
switch ($url[2]) {
case 'profile':
$smarty->assign('USERNAME', $perso->name);
$smarty->assign('DIJIT', true);
$smarty->append('PAGE_CSS', THEME . '/forms.css');
$template = 'profile_edit.tpl';
break;
case 'account':
$smarty->assign('user', $CurrentUser);
$smarty->assign('DIJIT', true);
$smarty->append('PAGE_CSS', THEME . '/forms.css');
$template = 'user_account.tpl';
break;
case '':
$smarty->assign('NOTIFY', "What do you want to edit ? Append /profile, /account or /photos to the URL");
break;
case 'photo':
case 'photos':
$smarty->assign('USERNAME', $perso->name);
$action = $url[3] ?? "";
$id = $url[4] ?? null;
switch ($action) {
case '':
//Nothing to do
break;
case 'delete':
//Deletes a picture
if (!$id = $url[4]) {
$smarty->assign('WAP', "URL error. Parameter missing: picture id.");
} else {
$photo = new ProfilePhoto($id);
if ($photo->lastError) {
//Probably an non existent id (e.g. double F5, photo already deleted)
$smarty->assign('WAP', $photo->lastError);
} elseif ($photo->perso_id != $CurrentPerso->id) {
$smarty->assign('WAP', lang_get('NotYourPic'));
} else {
//OK we can delete it
$photo->delete();
$smarty->assign('NOTIFY', lang_get('PictureDeleted'));
}
}
break;
case 'edit':
if (!is_null($id)) {
$smarty->assign('WAP', "URL error. Parameter missing: picture id.");
} else {
$photo = new ProfilePhoto($id);
if ($photo->lastError) {
//Probably an non existent id (e.g. double F5, photo already deleted)
$smarty->assign('WAP', $photo->lastError);
} elseif ($photo->perso_id != $CurrentPerso->id) {
$smarty->assign('WAP', lang_get('NotYourPic'));
} else {
//Photo information edit form
$smarty->assign('photo', $photo);
$template = 'profile_photo_edit.tpl';
}
}
break;
case 'avatar':
//Promotes a picture to avatar
if (!is_null($id)) {
$smarty->assign('WAP', "URL error. Parameter missing: picture id.");
} else {
$photo = new ProfilePhoto($id);
if ($photo->lastError) {
$smarty->assign('WAP', $photo->lastError);
} elseif ($photo->perso_id != $CurrentPerso->id) {
$smarty->assign('WAP', lang_get('NotYourPic'));
} else {
//OK, promote it to avatar
$photo->promote_to_avatar();
$photo->save_to_database();
$smarty->assign('NOTIFY', lang_get('PromotedToAvatar'));
}
}
break;
default:
$smarty->assign('WAP', "Unknown URL. To delete a picture it's /delete/<picture id>. To edit it /edit/<picture id>");
break;
}
if (!isset($template)) {
$photos = ProfilePhoto::get_photos($profile->perso_id);
if (!array_key_exists('NOTIFY', $smarty->tpl_vars)) {
$smarty->assign('NOTIFY', "Your feedback is valued. Report any bug or suggestion on the graffiti wall.");
}
$template = 'profile_photo.tpl';
}
break;
default:
$smarty->assign('WAP', "URL error. You can use /edit with profile, account or photos.");
break;
}
}
//
// HTML output
//
$has_photos = isset($photo) || count($photos ?? []) > 0;
if ($has_photos) {
$smarty
->assign('URL_PICS', PHOTOS_URL)
->assign('PICS', $photos ?? [])
->append('PAGE_CSS', 'lightbox.css')
->append('PAGE_JS', 'prototype.js')
->append('PAGE_JS', 'effects.js')
->append('PAGE_JS', 'lightbox.js');
}
//Serves header
$smarty->append('PAGE_CSS', THEME . "/profile.css");
$smarty->assign('PAGE_TITLE', $perso->name);
include('header.php');
//Serves content
if (isset($template)) {
$smarty->display($template);
}
//Serves footer
include('footer.php');
diff --git a/controllers/usersearch.php b/controllers/usersearch.php
index ba5659b..7affff8 100644
--- a/controllers/usersearch.php
+++ b/controllers/usersearch.php
@@ -1,118 +1,118 @@
<?php
/**
* User search
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This is a controller doing nothing else than call header and footer.
*
* The controller uses the usersearch.tpl and directory views (cf. Azhàr code)
*
* Not yet implemented, It should handle /users URL
*
* @package Zed
* @subpackage Controllers
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo implement it
*/
//Libs
require_once('includes/objects/ProfilePhoto.php');
//
// Does the search
//
//Search type
switch ($resource = $url[1]) {
case '':
break;
case 'online':
$sql = "SELECT u.username, u.user_id, u.user_longname FROM " .
TABLE_USERS . " u, " . TABLE_SESSIONS .
" s WHERE s.online = 1 AND u.user_id = s.user_id
ORDER BY HeureLimite DESC";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query the table", '', __LINE__, __FILE__, $sql);
}
$i = 0;
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$users[$i]->id = $row['user_id'];
$users[$i]->username = $row['username'];
$users[$i]->longname = $row['user_longname'];
$i++;
}
$title = sprintf(lang_get('UsersOnline'), $i, s($i));
break;
case 'directory':
$sql = 'SELECT username, user_longname FROM ' . TABLE_USERS .
' WHERE user_active < 2 ORDER by user_longname ASC';
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query the table", '', __LINE__, __FILE__, $sql);
}
$i = 0;
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$users[$i]->username = $row['username'];
$users[$i]->longname = $row['user_longname'];
$i++;
}
$title = lang_get('Directory');
$mode = 'directory';
break;
default:
$smarty->assign('WAP', lang_get('Nay'));
break;
}
switch ($mode) {
case 'directory':
$template = 'directory.tpl';
$smarty->assign('USERS', $users);
break;
default:
//Prepares avatars
if (count($users)) {
foreach ($users as $user) {
$name = $user->longname ?: $user->username;
$user->avatar = ProfilePhoto::get_avatar($user->id, $name);
}
}
$template = 'usersearch.tpl';
$smarty->assign('TITLE', $title);
$smarty->assign('USERS', $users);
break;
}
//
// HTML output
//
//Serves header
$smarty->append('PAGE_CSS', 'usersearch.css');
$smarty->assign('PAGE_TITLE', $title);
include('header.php');
//Serves content
if ($template) {
$smarty->display($template);
}
//Serves footer
include('footer.php');
diff --git a/cron.php b/cron.php
index 65ba8e8..ae5b04f 100644
--- a/cron.php
+++ b/cron.php
@@ -1,56 +1,56 @@
<?php
/**
* Cron
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This file contains tasks to execute periodically.
* When editing this file, ensure it works from the command line, so it's
* possible to run it from a crontab calling PHP CLI.
*
* @package Zed
* @subpackage Utilities
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
* @todo Adds some periodicity (e.g. hourly, daily, monthly)
*/
////////////////////////////////////////////////////////////////////////////////
///
/// Initialization
///
//Pluton library
include('includes/core.php');
//Debug mode?
$debug = false;
////////////////////////////////////////////////////////////////////////////////
///
/// Daily tasks
///
//Orders perso table by nickname.
//Rationale: prints an ordered perso select list, help for new persos, printed at end
$queries[] = "ALTER TABLE " . TABLE_PERSOS . " ORDER BY perso_nickname";
////////////////////////////////////////////////////////////////////////////////
///
/// Executes tasks
///
foreach ($queries as $query) {
- if (!$db->sql_query($sql) && $debug) {
+ if (!$db->query($sql) && $debug) {
message_die(SQL_ERROR, "Can't execute query", '', __LINE__, __FILE__, $sql);
}
}
diff --git a/do.php b/do.php
index 7e17232..0e27288 100644
--- a/do.php
+++ b/do.php
@@ -1,466 +1,470 @@
<?php
/**
* AJAX callbacks
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* As main controller could potentially be interrupted (e.g. if site.requests
* flag is at 1, user is redirected to controllers/userrequest.php), all AJAX
* queries should be handled by this script and not directly by the controllers.
*
* Standard return values:
* -7 user is logged but perso isn't selected,
* -9 user is not logged.
*
* @package Zed
* @subpackage EntryPoints
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
+use Zed\Engines\Database\Database;
use Zed\Engines\Templates\Smarty\Engine as SmartyEngine;
use Hypership\Geo\Point3D;
////////////////////////////////////////////////////////////////////////////////
///
/// Constants
///
//We define one negative number constant by standard erroneous return value.
/**
* Magic number which indicates the user is not logged in.
*/
define('USER_NOT_LOGGED', -9);
/**
* Magic number which indicates the user is logged in, but haven't selected its perso.
*/
define('PERSO_NOT_SELECTED', -7);
////////////////////////////////////////////////////////////////////////////////
///
/// Initialization
///
include('includes/core.php');
+//Database
+$db = Database::load($Config['Database']);
+
//Session
$IP = $_SERVER["REMOTE_ADDR"];
require_once('includes/story/story.php'); //this class can be stored in session
session_start();
$_SESSION['ID'] = session_id();
session_update(); //updates or creates the session
//Gets current perso
require_once('includes/objects/perso.php');
$CurrentUser = get_logged_user(); //Gets current user infos
if ($perso_id = $CurrentUser->session['perso_id']) {
$CurrentPerso = new Perso($perso_id);
}
//Requires user and perso
if ($CurrentUser->id < 1000) {
echo USER_NOT_LOGGED;
exit;
}
if (!$CurrentPerso) {
echo PERSO_NOT_SELECTED;
exit;
}
//Loads Smarty (as it handles l10n, it will be used by lang_get)
$smarty = SmartyEngine::load()->getSmarty();
//Loads language files
initialize_lang();
lang_load('core.conf');
////////////////////////////////////////////////////////////////////////////////
///
/// Actions definitions
///
/**
* Actions class
*
* Each method is called by first part of your URL, other parts are arguments
* e.g. /do.php/validate_quux_request/52 = Actions::validate_quux_request(52);
*
* You can also use $_GET, $_POST or better $_REQUEST.
*
* Don't print the value but return it, so we can in the future implement custom
* formats like api_output();
*/
class Actions {
/**
* Checks the arguments hash and determines whether it is valid.
*
* @param Array $args the arguments, the last being the hash
* @return boolean true if the hash is valid ; otherwise, false.
*/
static private function is_hash_valid ($args) {
global $Config;
return array_pop($args) == md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
}
/**
* Handles a allow/deny perso request.
*
* @param string $request_flag the request flag to clear
* @param string $store 'perso' or 'registry'
* @param string $key the perso flag or registry key
* @param string $value the value to store
* @param string $hash the security hash
* @return boolean true if the request is valid and have been processed ; otherwise, false.
*/
static function perso_request ($request_flag, $store, $key, $value, $hash) {
global $CurrentPerso;
//Ensures we've the correct amount of arguments
if (func_num_args() < 4) {
return false;
}
//Checks hash
$args = func_get_args();
if (!self::is_hash_valid($args)) {
return false;
}
//Sets flag
switch ($store) {
case 'perso':
$CurrentPerso->set_flag($key, $value);
break;
case 'registry':
registry_set($key, $value);
break;
default:
//Unknown storage location
return false;
}
//Clears request flag
if ((string)$request_flag !== "0") {
$CurrentPerso->delete_flag($request_flag);
}
return true;
}
/**
* Sets current perso's local location.
*
* We don't require a security hash. If the users want to play with it, no problem.
* You generally move inside a global location as you wish.
* So, if you write a story capturing a perso, use flags to handle this escape!
*
* @param string $location_local the local location
* @return GeoLocation the current perso's GeoLocation object
*/
static function set_local_location ($location_local) {
global $CurrentPerso;
//Ensures we've the correct amount of arguments
if (func_num_args() < 1) {
return null;
}
//Moves current perso to specified location
$location_local = urldecode($location_local);
$CurrentPerso->move_to(null, $location_local);
//Returns GeoLocation relevant instance
return $CurrentPerso->location;
}
/**
* Moves the current perso's, setting a new local location.
*
* We don't require a security hash. If the users want to play with it, no problem.
* You generally move inside a global location as you wish.
* So, if you write a story capturing a perso, use flags to handle this escape!
*
* @param string $move the move (coordinates or direction)
* @param int $factor a number multiplying the specified move [optional]
* @return GeoLocation the current perso's GeoLocation object
*
* e.g. to move from 2 units to east, you can use one of those instructions:
* local_move('east', 2);
* local_move('2,0,0');
* local_move('1,0,0', 2);
*
* Valid moves string are north, east, south, west, up and down.
* Valid moves coordinates are x,y,z (3 integers, comma as separator)
*/
static function local_move ($move, $factor = 1) {
global $CurrentPerso;
//Ensures we've the correct amount of arguments
if (func_num_args() < 1) {
return null;
}
//Parses $move
switch ($move) {
case 'north':
$move = [0, 1, 0];
break;
case 'east':
$move = [1, 0, 0];
break;
case 'south':
$move = [0, -1, 0];
break;
case 'west':
$move = [-1, 0, 0];
break;
case 'up':
$move = [0, 0, 1];
break;
case 'down':
$move = [0, 0, -1];
break;
default:
$move = explode(',', $move, 3);
foreach ($move as $coordinate) {
if (!is_numeric($coordinate)) {
return null;
}
}
}
//Moves current perso to specified location
if ($location_local = Point3D::fromString($CurrentPerso->location->local)) {
$location_local->translate(
(float)$move[0] * $factor,
(float)$move[1] * $factor,
(float)$move[2] * $factor
);
$CurrentPerso->move_to(null, $location_local->sprintf("(%d, %d, %d)"));
//Returns GeoLocation relevant instance
return $CurrentPerso->location;
}
//Old local location weren't a Point3D
return null;
}
/**
* Moves the current perso's, setting a new local location, using polar+z coordinates.
* Polar+z coordinates are polar coordinates, plus a cartesian z dimension.
*
* We don't require a security hash. If the users want to play with it, no problem.
* You generally move inside a global location as you wish.
* So, if you write a story capturing a perso, use flags to handle this escape!
*
* @param string $move the move (coordinates or direction)
* @param int $factor a number multiplying the specified move [optional]
* @return GeoLocation the current perso's GeoLocation object
*
* Valid moves string are cw, ccw, out, in, up and down.
* r: out = +12 in = -12
* °: cw = +20° ccw = -20
* Valid moves coordinates are r,°,z (3 integers, comma as separator)
* (the medium value can also be integer + °)
*
* e.g. to move of two units (the unit is 20°) clockwise:
* polarz_local_move('cw', 2);
* polarz_local_move('(0, 20°, 0)', 2);
* polarz_local_move('(0, 40°, 0)');
* Or if you really want to use radians (PI/9 won't be parsed):
* polarz_local_move('(0, 0.6981317007977318, 0)';
*
*/
static function polarz_local_move ($move, $factor = 1) {
global $CurrentPerso;
//Ensures we've the correct amount of arguments
if (func_num_args() < 1) {
return null;
}
//Parses $move
$move = urldecode($move);
switch ($move) {
case 'cw':
$move = [0, '20°', 0];
break;
case 'ccw':
$move = [0, '-20°', 0];
break;
case 'in':
$move = [+12, 0, 0];
break;
case 'out':
$move = [-12, 0, 0];
break;
case 'up':
$move = [0, 0, 1];
break;
case 'down':
$move = [0, 0, -1];
break;
default:
$move = explode(',', $move, 3);
foreach ($move as $coordinate) {
if (!is_numeric($coordinate) && !preg_match("/^[0-9]+ *°$/", $coordinate)) {
return null;
}
}
}
dieprint_r($move);
//Moves current perso to specified location
throw new Exception("Move is not implemented.");
//Old local location weren't a 3D point
return null;
}
/**
* Moves the current perso's, setting a new global and local location.
*
* @param string $location_global The global location
* @param string $location_local The local location
* @return GeoLocation the current perso's GeoLocation object
*/
static function global_move ($location_global, $location_local = null) {
//Ensures we've the correct amount of arguments
if (func_num_args() < 1) {
return null;
}
//Checks hash
$args = func_get_args();
if (!self::is_hash_valid($args)) {
return false;
}
//Moves
global $CurrentPerso;
$CurrentPerso->move_to($location_global, $location_local);
return $CurrentPerso->location;
}
/**
* Handles upload content form.
*
* @return string new content path
*/
static function upload_content () {
global $CurrentPerso, $CurrentUser;
require_once('includes/objects/content.php');
//Initializes a new content instance
$content = new Content();
$content->load_from_form();
$content->user_id = $CurrentUser->id;
$content->perso_id = $CurrentPerso->id;
$content->location_global = $CurrentPerso->location_global;
//Saves file
if ($content->handle_uploaded_file($_FILES['artwork'])) {
$content->save_to_database();
$content->generate_thumbnail();
return true;
}
return false;
}
/**
* Gets multimedia content for the specified location
*
* @param string $location_global The global location (local is to specified in ?location_local parameter)
* @return Array an array of Content instances
*/
static function get_content ($location_global) {
//Ensures we've the correct amount of arguments
if (func_num_args() < 1) {
return null;
}
//Checks hash
$args = func_get_args();
if (!self::is_hash_valid($args)) {
return false;
}
//Checks local location is specified somewhere (usually in $_GET)
if (!array_key_exists('location_local', $_REQUEST)) {
return false;
}
//Gets content
require_once('includes/objects/content.php');
return Content::get_local_content($location_global, $_REQUEST['location_local']);
}
}
////////////////////////////////////////////////////////////////////////////////
///
/// Handles request
///
//Parses URL
$Config['SiteURL'] = get_server_url() . $_SERVER["PHP_SELF"];
$args = get_current_url_fragments();
$method = array_shift($args);
if ($_REQUEST['debug']) {
//Debug version
//Most of E_STRICT errors are evaluated at the compile time thus such errors
//are not reported
ini_set('display_errors', 'stderr');
error_reporting(-1);
if (method_exists('Actions', $method)) {
$result = call_user_func_array(['Actions', $method], $args);
echo json_encode($result);
} else {
echo "<p>Method doesn't exist: $method</p>";
}
if (array_key_exists('redirectTo', $_REQUEST)) {
//If user JS disabled, you can add ?redirectTo= followed by an URL
echo "<p>Instead to print a callback value, redirects to <a href=\"$_REQUEST[redirectTo]\">$_REQUEST[redirectTo]</a></p>";
}
} else {
//Prod version doesn't prints warning <== silence operator
if (method_exists('Actions', $method)) {
$result = @call_user_func_array(['Actions', $method], $args);
if (array_key_exists('redirectTo', $_REQUEST)) {
//If user JS disabled, you can add ?redirectTo= followed by an URL
header("location: " . $_REQUEST['redirectTo']);
} else {
echo json_encode($result);
}
}
}
diff --git a/includes/SmartLine/ZedCommands.php b/includes/SmartLine/ZedCommands.php
index 77ddd1b..db81754 100644
--- a/includes/SmartLine/ZedCommands.php
+++ b/includes/SmartLine/ZedCommands.php
@@ -1,507 +1,507 @@
<?php
/**
* Zed SmartLine commands.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This is the SmartLine subcontroller.
*
* The SmartLine is a widget allowing to add some basic CLI capability.
*
* It executes any command given in GET or POST request (parameter C).
*
* This files also provides SmartLine history helper: a method log_C to log
* a SmartLine command and some procedural code assigning a SmartLineHistory.
*
* This code is inspired from Viper, a corporate PHP intranet I wrote in 2004.
* There, the SmartLine allowed to change color theme or to find quickly user,
* account, order or server information in a CRM context.
*
* @package Zed
* @subpackage SmartLine
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo SettingsSmartLineCommand - understand why dojo floating pane isn't rendered if we est $controller instead to redirect
*/
///
/// Register commands
///
$smartLine->register_object('goto', 'GotoSmartLineCommand');
$smartLine->register_object('guid', 'GUIDSmartLineCommand');
$smartLine->register_object('invite', 'InviteSmartLineCommand');
$smartLine->register_object('invites', 'InviteSmartLineCommand');
$smartLine->register_object('list', 'ListSmartLineCommand');
$smartLine->register_object('requests', 'RequestsSmartLineCommand');
$smartLine->register_object('settings', 'SettingsSmartLineCommand');
$smartLine->register_object('unixtime', 'UnixTimeSmartLineCommand');
$smartLine->register_object('version', 'VersionSmartLineCommand');
$smartLine->register_object('whereami', 'WhereAmISmartLineCommand');
$smartLine->register_object('whoami', 'WhoAmISmartLineCommand');
///
/// Help (todo: move $lang array in lang folder)
///
$lang['Help']['goto'] = "Go to a location";
$lang['Help']['guid'] = "Generate a GUID";
$lang['Help']['invite'] = "Generate an invite. To see the generated invites, invite list.";
$lang['Help']['list'] = "Lists specified objects (bodies, locations or places)";
$lang['Help']['requests'] = "Checks if there are waiting requests";
$lang['Help']['settings'] = 'Go to settings page';
$lang['Help']['unixtime'] = "Prints current unixtime (seconds elapsed since 1970-01-01 00:00, UTC) or the specified unixtime date.";
$lang['Help']['version'] = "Gets Zed's software version info (Mercurial repository version, node id and if you're on the dev or prod site)";
$lang['Help']['whereami'] = "Where am I?";
$lang['Help']['whoami'] = "Who am I?";
/**
* The goto command
*
* Moves to the current perso to the specified location.
*/
class GotoSmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*
* @todo allow .goto global local (e.g. .goto B0001001 T2C3)
* @todo determine if we allow rewrite rules to bypass can_travel rules
*/
public function run ($argv, $argc) {
global $CurrentPerso;
if ($argc == 1) {
$this->SmartLine->puts("Where do you want to go?", STDERR);
return;
}
if ($argc > 2) {
$ignored_string = implode(" ", array_slice($argv, 2));
$this->SmartLine->puts("Warning: ignoring $ignored_string", STDERR);
}
require_once("includes/geo/location.php");
require_once("includes/travel/travel.php");
$here = new GeoLocation($CurrentPerso->location_global, $CurrentPerso->location_local);
$travel = Travel::load(); //maps content/travel.xml
//Parses the expression, by order of priority, as :
// - a rewrite rule
// - a new global location
// - a new local location (inside the current global location)
if (!$travel->try_parse_rewrite_rule($argv[1], $here, $place)) {
try {
$place = new GeoLocation($argv[1]);
if ($place->equals($CurrentPerso->location_global)) {
$this->SmartLine->puts("You're already there.");
return;
}
} catch (Exception $ex) {
//Global location failed, trying local location
try {
$place = new GeoLocation($CurrentPerso->location_global, $argv[1]);
} catch (Exception $ex) {
$this->SmartLine->puts($ex->getMessage(), STDERR);
return;
}
if ($place->equals($here)) {
$this->SmartLine->puts("You're already there.");
return;
}
}
}
//Could we really go there?
if (!$travel->can_travel($here, $place)) {
$this->SmartLine->puts("You can't reach that location.");
return;
}
//Moves
$CurrentPerso->move_to($place->global, $place->local);
$this->SmartLine->puts("You travel to that location.");
return;
}
}
/**
* The GUID command
*
* Prints a new GUID.
*
* guid 8 will print 8 guid
*/
class GUIDSmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
if ($argc > 1 && is_numeric($argv[1])) {
for ($i = 0 ; $i < $argv[1] ; $i++) {
$this->SmartLine->puts(new_guid());
}
return;
}
$this->SmartLine->puts(new_guid());
}
}
/**
* The invite command
*
* Manages invites.
*
* invite [add]
* creates a new invite code
*
* invite del <invite code>
* deletes the specified invite
*
* invite list
* prints current invite codes
*/
class InviteSmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
require_once('includes/objects/invite.php');
global $CurrentUser, $CurrentPerso;
$command = ($argc > 1) ? strtolower($argv[1]) : '';
switch ($command) {
case 'list':
$codes = Invite::get_invites_from($CurrentPerso->id);
if (!count($codes)) {
$this->SmartLine->puts("No invite code.");
} else {
foreach ($codes as $code) {
$this->SmartLine->puts($code);
}
}
break;
case 'add':
case '':
$code = Invite::create($CurrentUser->id, $CurrentPerso->id);
$url = get_server_url() . get_url('invite', $code);
$this->SmartLine->puts("New invite code created: $code<br />Invite URL: $url");
break;
case 'del':
$code = $argv[2];
if (!preg_match("/^([A-Z]){3}([0-9]){3}$/i", $code)) {
$this->SmartLine->puts("Invalid code format. Use invite list to get all your invite codes.", STDERR);
} else {
$invite = new Invite($code);
if ($CurrentPerso->id == $invite->from_perso_id) {
$invite->delete();
$this->SmartLine->puts("Deleted");
} else {
$this->SmartLine->puts("Invalid code. Use invite list to get all your invite codes.", STDERR);
}
}
break;
default:
$this->SmartLine->puts("Usage: invite [add|list|del <code>]", STDERR);
break;
}
}
}
/**
* The list command
*
* Prints a list of bodies, locations or places.
*
* This can easily be extended to output any list from any table.
*/
class ListSmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
if ($argc == 1) {
$this->SmartLine->puts("Available lists: bodies, locations, places");
return;
}
switch ($objects = $argv[1]) {
case 'bodies':
$list = $this->get_list(TABLE_BODIES, "CONCAT('B', body_code)", "body_name");
$this->SmartLine->puts($list);
break;
case 'locations':
$list = $this->get_list(TABLE_LOCATIONS, "location_code", "location_name");
$this->SmartLine->puts($list);
break;
case 'places':
if ($argv[2] == "-a" || $argv[2] == "--all") {
//Global bodies places list
$list = $this->get_list(TABLE_PLACES, "CONCAT('B', body_code, place_code)", "place_name");
} else {
//Local places (or equivalent) list
global $CurrentPerso;
switch ($CurrentPerso->location_global[0]) {
case 'B':
$body_code = substr($CurrentPerso->location_global, 1, 5);
$list = $this->get_list(TABLE_PLACES, "CONCAT('B', body_code, place_code)", "place_name", "body_code = $body_code");
break;
case 'S':
$this->SmartLine->puts("I don't have a map of the spaceship.", STDERR);
return;
default:
$this->SmartLine->puts("Unknown location type. Can only handle B or S.", STDERR);
return;
}
}
$this->SmartLine->puts($list);
break;
default:
$this->SmartLine->puts("Unknown objects to list: $objects", STDERR);
}
}
/**
* Gets a custom list from the specified table and fields.
*
* The list will ascendingly ordered by the specified key.
*
* @param $table the table to query from the database
* @param $key the first field to fetch, as key
* @param $value the second field to fetch, as value
* @param $where the WHERE clause, without the WHERE keyword (optional)
*/
public function get_list ($table, $key, $value, $where = null) {
global $db;
$sql = "SELECT $key as `key`, $value as value FROM $table ";
if ($where) {
$sql .= "WHERE $where ";
}
$sql .= "ORDER BY `key` ASC";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to fetch list", '', __LINE__, __FILE__, $sql);
}
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$rows .= "<tr><td>$row[key]</td><td>$row[value]</td></tr>";
}
$this->SmartLine->truncate(STDERR); //kludge
return "<table cellspacing=\"8\"><thead style=\"color: white\" scope=\"row\"><tr><th>Key</th><th>Value</th></thead><tbody>$rows</tbody></table>";
}
}
/**
* The requests command
*
* Redirects user the the requests page.
*
* By default only redirect if a flag indicates there's a new request.
*
* To forcefully goes to the request page, requests --force
*/
class RequestsSmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
global $CurrentPerso;
$force = ($argc > 1) && ($argv[1] == "-f" || $argv[1] == "--force");
if ($force || (array_key_exists('site.requests', $CurrentPerso->flags) && $CurrentPerso->flags['site.requests'])) {
global $controller;
$controller = 'controllers/persorequest.php';
} else {
$this->SmartLine->puts("No request waiting.");
}
}
}
/**
* The settings command
*
* Redirects user the the settings page.
*/
class SettingsSmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
if (headers_sent()) {
global $controller;
$controller = 'controllers/settings.php';
} else {
header('location: ' . get_url('settings'));
}
}
}
/**
* The unixtime command
*
* Prints current unixtime (seconds elapsed since 1970-01-01 00:00, UTC)
* or if an unixtime is specified as argument, the matching date.
*/
class UnixTimeSmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
date_default_timezone_set('UTC');
if ($argc == 1) {
$this->SmartLine->puts(time());
} elseif ($argc == 2 && is_numeric($argv[1])) {
$this->SmartLine->puts(strftime("%Y-%m-%d %X", $argv[1]));
$this->SmartLine->puts(get_hypership_time($argv[1]));
} else {
array_shift($argv);
$date = implode(' ', $argv);
if ($time = strtotime($date) !== false) {
$this->SmartLine->puts("Unixtime from $date: <span class=\"highlight\">$time</span>");
} else {
$this->SmartLine->puts("$date isn't a unixtime nor a valid date strtotime is able to parse.", STDERR);
}
}
}
}
/**
* The version command
*
* Prints current hg revision, if we're in prod or dev environment and
* the current revision's hash.
*
* The version and env information is extracted from
* .hg/tags.cache (indicating we're in a Mercurial repo and so in a dev environment), or from
* version.txt file (indicating we've deployed code in a production environment)
*
* e.g. r130 (development environment)
* Hash: 057bf394741706fd2136541e3bb07c9e60b4963d
*/
class VersionSmartLineCommand extends SmartLineCommand {
private static function getGitHash (string $gitFolder = '.git') : string {
$head = trim(file_get_contents("$gitFolder/HEAD"));
if (substr($head, 0, 5) === "ref: ") {
// Follows reference
$ref = substr($head, 5);
return file_get_contents("$gitFolder/$ref");
}
return $head;
}
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
if (file_exists('.hg/tags.cache')) {
//Gets .hg revision
$content = file_get_contents('.hg/tags.cache');
$info = explode(' ', $content, 2);
$info[] = "development environment";
$this->SmartLine->puts("r$info[0] ($info[2])");
$this->SmartLine->puts("Hash: $info[1]");
} elseif (file_exists('.git/HEAD')) {
$hash = self::getGitHash();
$this->SmartLine->puts("Hash: $hash");
} elseif (file_exists('version.txt')) {
$content = file('version.txt');
foreach ($content as $line) {
$this->SmartLine->puts($line);
}
} else {
$this->SmartLine->puts("No version information available.", STDERR);
return false;
}
return true;
}
}
/**
* The whereami (Where am I?) command
*
* Prints current position, e.g. B00001001 - Tour, Hypership
*/
class WhereAmISmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
global $CurrentPerso;
require_once("includes/geo/location.php");
$place = new GeoLocation($CurrentPerso->location_global);
$this->SmartLine->puts($CurrentPerso->location_global . ' - ' . $place);
}
}
/**
* The whoami (Who am I?) command
*
* Prints current position, e.g. B00001001 - Tour, Hypership
*/
class WhoAmISmartLineCommand extends SmartLineCommand {
/**
* Runs the command
*
* @param array $argv an array of string, each item a command argument
* @param int $argc the number of arguments
*/
public function run ($argv, $argc) {
global $CurrentPerso;
$reply = "<span id=\"whoami.nickname\">$CurrentPerso->nickname</span> (<span id=\"whoami.name\">$CurrentPerso->name</span>), <span id=\"whoami.race\">$CurrentPerso->race</span>";
$this->SmartLine->puts($reply);
}
}
diff --git a/includes/SmartLine/ZedSmartLine.php b/includes/SmartLine/ZedSmartLine.php
index f2131a2..ba3ce92 100644
--- a/includes/SmartLine/ZedSmartLine.php
+++ b/includes/SmartLine/ZedSmartLine.php
@@ -1,110 +1,110 @@
<?php
/**
* The Zed SmartLine subcontroller.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This is the SmartLine subcontroller.
*
* The SmartLine is a widget allowing to add some basic CLI capability.
*
* It executes any command given in GET or POST request (parameter C).
*
* This files also provides SmartLine history helper: a method log_C to log
* a SmartLine command and some procedural code assigning a SmartLineHistory.
*
* This code is inspired from Viper, a corporate PHP intranet I wrote in 2004.
* There, the SmartLine allowed to change color theme or to find quickly user,
* account, order or server information in a CRM context.
*
* @package Zed
* @subpackage SmartLine
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo Caches SmartLine history
*/
///
/// Helpers
///
/**
* Logs a Smartline command
*
* @param string $command the command to log
* @param bool $isError indicates if the command is an error
*/
function log_C ($command, $isError = false) {
global $db, $CurrentPerso;
$isError = $isError ? 1 : 0;
- $command = $db->sql_escape($command);
+ $command = $db->escape($command);
$sql = "INSERT INTO " . TABLE_LOG_SMARTLINE . " (perso_id, command_time, command_text, isError)
VALUES ($CurrentPerso->id, UNIX_TIMESTAMP(), '$command', $isError)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't log SmartLine command", '', __LINE__, __FILE__, $sql);
}
}
///
/// Executes command
///
if (isset($_REQUEST['C'])) {
$command = $_REQUEST['C'];
//Initializes SmartLine object
require_once("SmartLine.php");
$smartLine = new SmartLine();
require_once("ZedCommands.php");
//Executes SmartLine
$controller = '';
$smartLine->execute($command);
$error = $smartLine->count(STDERR) > 0;
if ($smartLine->count(STDOUT) > 0) {
$smarty->assign("SmartLine_STDOUT", $smartLine->gets_all(STDOUT, '', '<br />'));
}
if ($error) {
$smarty->assign("SmartLine_STDERR", $smartLine->gets_all(STDERR, '', '<br />'));
}
if ($controller != '') {
include($controller);
}
log_C($command, $error);
}
///
/// Gets SmartLine history
///
-$perso_id = $db->sql_escape($CurrentPerso->id);
+$perso_id = $db->escape($CurrentPerso->id);
$sql = "SELECT command_time, command_text FROM log_smartline
WHERE isError = 0 AND perso_id = '$perso_id'
ORDER BY command_time DESC LIMIT 100";
-if (!$result = $db->sql_query($sql)) {
+if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get SmartLine history", '', __LINE__, __FILE__, $sql);
}
$i = 0;
-while ($row = $db->sql_fetchrow($result)) {
+while ($row = $db->fetchRow($result)) {
$commands[$i]['time'] = get_hypership_time($row['command_time']);
$commands[$i]['text'] = $row['command_text'];
$i++;
}
$smarty->assign("SmartLineHistory", $commands);
diff --git a/includes/api/cerbere.php b/includes/api/cerbere.php
index 6d2e4d7..8b16632 100644
--- a/includes/api/cerbere.php
+++ b/includes/api/cerbere.php
@@ -1,123 +1,123 @@
<?php
/**
* API security
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This file provides a cerbere function, to assert the user is correctly
* authenticated in the API call.
*
* @package Zed
* @subpackage API
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Determines if localhost calls could be passed.
*
* If true, any call from localhost is valid. Otherwise, normal security rules are applied.
*/
define('ALLOW_LOCALHOST', false);
/**
* Determines if error should be printed.
*
* If true, the error will be printed according the FORMAT_ERROR setting. Otherwise, a blank page will be served.
*/
define('OUTPUT_ERROR', true);
/**
* Determines if the error must be formatted.
*
* If true, any error will be sent to api_output ; otherwise, it will be printed as is.
*/
define('FORMAT_ERROR', false);
if (!defined('TABLE_API_KEYS')) {
/**
* The table where are located the API keys
*/
define('TABLE_API_KEYS', 'api_keys');
}
/**
* Checks if credentials are okay and exits if not
*
* If the credentials aren't valid, it will prints an error message if
* OUTPUT_ERROR is defined and true.
*
* This error message will be formatted through the api_output function if
* FORMAT_ERROR is defined and true ; otherwise, it will be print as is.
*
* To help debug, you can also define ALLOW_LOCALHOST. If this constant is
* defined and true, any call from localhost will be accepted, without checking
* the key.
*
* @see cerbere_die
*/
function cerbere () {
//If ALLOW_LOCALHOST is true, we allow 127.0.0.1 queries
//If you use one of your local IP in your webserver vhost like 10.0.0.3
//it could be easier to create yourself a test key
if (ALLOW_LOCALHOST && $_SERVER['REMOTE_ADDR'] == '127.0.0.1') {
return;
}
//No key, no authentication
if (!$guid = $_REQUEST['key']) {
cerbere_die('You must add credentials to your request.');
}
//Authenticates user
global $db;
- $guid = $db->sql_escape($guid);
+ $guid = $db->escape($guid);
$sql = "SELECT key_active FROM " . TABLE_API_KEYS .
" WHERE key_guid like '$guid'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get key", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
if ($row['key_active']) {
//key_hits++
$sql = "UPDATE " . TABLE_API_KEYS . " SET key_hits = key_hits + 1" .
" WHERE key_guid like '$guid'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't record api call", '', __LINE__, __FILE__, $sql);
}
} else {
cerbere_die("Key disabled.");
}
} else {
cerbere_die("Key doesn't exist.");
}
}
/**
* Prints a message in raw or API format, then exits.
*
* The error message will be formatted through api_output if the constant
* FORMAT_ERROR is defined and true. Otherwise, it will be printed as is.
*
* @param string $message The error message to print
*/
function cerbere_die ($message) {
if (OUTPUT_ERROR) {
if (FORMAT_ERROR) {
api_output($message, 'error');
} else {
echo $message;
}
}
exit;
}
diff --git a/includes/auth/UserPasswordAuthentication.php b/includes/auth/UserPasswordAuthentication.php
index ec2bfd8..a413ee1 100644
--- a/includes/auth/UserPasswordAuthentication.php
+++ b/includes/auth/UserPasswordAuthentication.php
@@ -1,141 +1,141 @@
<?php
/**
* User/password authentication class.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2013, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2013 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* UserPasswordAuthentication class
*
* Authenticates a user with an username and a password
*/
/**
* Login/pass authentication
*/
class UserPasswordAuthentication implements IAuthentication {
/**
* The username
* @var string
*/
private $username;
/**
* The password in clear text
* @var string
*/
private $password;
/**
* The last authentication error
* @var string
*/
private $error;
/**
* The user_id matching the username
* @var int
*/
private $user_id;
/**
* Indicates if the error MUST be returned to the user
* @var string
*/
private $mustThrowError = false;
/**
* Initializes a new instance of the UserPasswordAuthentication class
*
* @param string $username The username
* @param string $passwordThe password
*/
public function __construct ($username, $password) {
$this->username = $username;
$this->password = $password;
}
/**
* Gets the hash of the password
*
* @param string $password The password in clear text
* @return string The hashed password
*/
function getPasswordHash ($password) {
return md5($password); //TODO: replace this by a salted MD5 or better, by another algo.
}
/**
* Determines if the login/pass is valid
*
* @return bool true if the login/pass is valid; otherwise, false.
*/
function isValid () {
global $db;
$sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$this->username'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't query users table.", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
$this->user_id = $row['user_id'];
if (!$row['user_password']) {
$this->error = "This account exists but haven't a password defined. Use OpenID or contact dereckson (at) espace-win.org to fix that.";
$mustThrowError = true;
} elseif ($row['user_password'] != $this->getPasswordHash($this->password)) {
//PASS NOT OK
$this->error = "Incorrect password.";
} else {
return true;
}
} else {
$this->error = "Login not found.";
$mustThrowError = true;
}
return false;
}
/**
* Gets the last authentication error
*
* @return string The last error
*/
function getError () {
return $this->error;
}
/**
* Gets the user_id matching the username
* You first need to validate the username, calling the isValid method.
*
* @return int The user ID
*/
function getUserID () {
return $this->user_id;
}
/**
* Determines if the next authentication method could be tried if this one failed.
*
* @return bool true if authentication can go on to the next method; otherwise, false
*/
function canTryNextAuthenticationMethod () {
return !$this->mustThrowError;
}
}
diff --git a/includes/auth/YubiCloudAuthentication.php b/includes/auth/YubiCloudAuthentication.php
index 52ad016..a9554ca 100644
--- a/includes/auth/YubiCloudAuthentication.php
+++ b/includes/auth/YubiCloudAuthentication.php
@@ -1,192 +1,192 @@
<?php
/**
* YubiCloud authentication class.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2013, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2013 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
require_once('Auth/Yubico.php');
/**
* YubiCloudAuthentication class
*
* Authenticates a user through YubiCloud
*/
class YubiCloudAuthentication implements IAuthentication {
/**
* The key
* @var string
*/
private $key;
/**
* The username who should match the key
* @var string
*/
private $username;
/**
* The user_id
* @var int
*/
private $user_id;
/**
* Indicates if the error MUST be returned to the user
* @var string
*/
private $mustThrowError = false;
/**
* The last validation error
* @var string
*/
public $error;
/**
* Initializes a new instance of the key
*
* @param string $key The key
*/
public function __construct ($key, $username = null) {
$this->username = $username;
$this->key = $key;
}
/**
* Validates the specified key's characters to determine if it looks like an OTP
*
* @return boolean true if the input seems an OTP key; otherwise, false.
*/
function looksValidOTP () {
return preg_match("/^[cbdefghijklnrtuv]{32,48}$/", $this->key);
}
/**
* Gets public identity
*
* @return string Public identity
*/
function getPublicIdentity () {
return substr($this->key, 0, 12);
}
/**
* Validates an OTP key against the YubiCloud servers
*
* @return boolean true if the input is a valid OTP key; otherwise, false.
*/
function isValid () {
global $Config;
//No need to lost time to query server if format is incorrect.
if (!$this->looksValidOTP()) {
$this->error = "Not the expected YubiKey OTP format.";
return false;
}
//Query YubiCloud. We stop validation tests if that fails.
$yubi = new Auth_Yubico(
$Config['YubiCloud']['ClientID'],
$Config['YubiCloud']['SecretKey']
);
$auth = $yubi->verify($this->key);
if (@PEAR::isError($auth)) {
$this->error = $auth->getMessage();
return false;
}
//Note: We first query the YubiCloud server, then we check if we can use the key
// as the key is an OTP (*one time* password), this allow to invalidate it.
// If we wouldn't do that, an attacker can reuse this password for another site.
if (!$this->computeUserID()) {
$this->error = "Valid YubiKey OTP. But the key doesn't match any account.";
$this->mustThrowError = true;
return false;
}
//Finally, if someone puts also a login, we'll check this user ID match this username
if ($this->username) {
$user = User::get($this->user_id);
if ($this->username != $user->name) {
$this->error = "Valid YubiKey OTP but fix or remove your username.";
$this->mustThrowError = true;
return false;
}
}
return true;
}
/**
* Gets the user_id matching the username
*
* You first need to validate the username, calling the isValid method.
*/
function computeUserID () {
global $db;
/**
* Here a MySQL record for a valid OTP
* +---------+-----------+---------------+-----------------+---------+
* | auth_id | auth_type | auth_identity | auth_properties | user_id |
* +---------+-----------+---------------+-----------------+---------+
* | 2 | YubiKey | cccccccccccc | NULL | 1234 |
* +---------+-----------+---------------+-----------------+---------+
*/
$authentication_identity = $this->getPublicIdentity();
$sql = "SELECT user_id FROM " . TABLE_USERS_AUTH
. " WHERE auth_type = 'YubiKey' AND auth_identity = '$authentication_identity'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't query users authentication table.", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
$this->user_id = $row['user_id'];
return true;
}
return false;
}
/**
* Gets the last authentication error
*
* @return string The last authentication error
*/
function getError () {
return $this->error;
}
/**
* Gets the user_id matching the key
*
* You first need to query the authentication table, calling the computeUserID method.
* This is automatically done by IsValid, as we need to validate key matches someone.
*
* @return int the user ID
*/
function getUserID () {
return $this->user_id;
}
/**
* Determines if the next authentication method could be tried if this one failed.
*
* @return bool true if authentication can go on to the next method; otherwise, false
*/
function canTryNextAuthenticationMethod () {
return !$this->mustThrowError;
}
}
diff --git a/includes/config.php b/includes/config.php
index 590f82a..fe85029 100644
--- a/includes/config.php
+++ b/includes/config.php
@@ -1,276 +1,278 @@
<?php
/**
* Autogenerable configuration file
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage Keruald
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
use Keruald\OmniTools\OS\Environment;
+use Keruald\Database\Engines\MySQLiEngine;
////////////////////////////////////////////////////////////////////////////////
/// ///
/// I. SQL configuration ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//SQL configuration
-$Config['database']['engine'] = 'MySQLi'; //MySQL, MySQLi
+$Config['database']['engine'] = MySQLiEngine::class;
$Config['database']['host'] = 'localhost';
$Config['database']['username'] = 'zed';
$Config['database']['password'] = 'zed';
$Config['database']['database'] = 'zed';
+$Config['database']['dontThrowExceptions'] = true;
//SQL tables
$prefix = '';
define('TABLE_API_KEYS', $prefix . 'api_keys');
define('TABLE_COMMENTS', $prefix . 'comments');
define('TABLE_CONTENT_FILES', $prefix . 'content_files');
define('TABLE_CONTENT_LOCATIONS', $prefix . 'content_locations');
define('TABLE_CONTENT_ZONES', $prefix . 'content_zones');
define('TABLE_CONTENT_ZONES_LOCATIONS', $prefix . 'content_zones_locations');
define('TABLE_LOG', $prefix . 'log');
define('TABLE_LOG_SMARTLINE', $prefix . 'log_smartline');
define('TABLE_MESSAGES', $prefix . 'messages');
define('TABLE_MOTD', $prefix . 'motd');
define('TABLE_PAGES', $prefix . 'pages');
define('TABLE_PAGES_EDITS', $prefix . 'pages_edits');
define('TABLE_PERSOS', $prefix . 'persos');
define('TABLE_PERSOS_FLAGS', $prefix . 'persos_flags');
define('TABLE_PERSOS_NOTES', $prefix . 'persos_notes');
define('TABLE_PORTS', $prefix . 'ports');
define('TABLE_PROFILES', $prefix . 'profiles');
define('TABLE_PROFILES_COMMENTS', $prefix . 'profiles_comments');
define('TABLE_PROFILES_PHOTOS', $prefix . 'profiles_photos');
define('TABLE_PROFILES_TAGS', $prefix . 'profiles_tags');
define('TABLE_REGISTRY', $prefix . 'registry');
define('TABLE_REQUESTS', $prefix . 'requests');
define('TABLE_REQUESTS_REPLIES', $prefix . 'requests_replies');
define('TABLE_SESSIONS', $prefix . 'sessions');
define('TABLE_SHIPS', $prefix . 'ships');
define('TABLE_USERS', $prefix . 'users');
define('TABLE_USERS_INVITES', $prefix . 'users_invites');
define('TABLE_USERS_AUTH', $prefix . 'users_auth');
//Geo tables
define('TABLE_BODIES', $prefix . 'geo_bodies');
define('TABLE_LOCATIONS', $prefix . 'geo_locations'); //Well... it's a view
define('TABLE_PLACES', $prefix . 'geo_places');
////////////////////////////////////////////////////////////////////////////////
/// ///
/// II. Site configuration ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//Default theme
$Config['DefaultTheme'] = "Zed";
//Dates
date_default_timezone_set("UTC");
//Secret key, used for some verification hashes in URLs or forms.
$Config['SecretKey'] = 'Lorem ipsum dolor';
//When reading files, buffer size
define('BUFFER_SIZE', 4096);
////////////////////////////////////////////////////////////////////////////////
/// ///
/// III. Script URLs ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/*
* Apache httpd, without mod_rewrite:
*
* Subdirectory:
* - $Config['SiteURL'] = 'http://zed.dereckson.be/hypership/index.php';
* - $Config['BaseURL'] = '/hypership/index.php';
*
* Root directory:
* - $Config['SiteURL'] = 'http://zed.dereckson.be/index.php';
* - $Config['BaseURL'] = '/index.php';
*
* Apache httpd, with mod_rewrite:
*
* Subdirectory:
* - $Config['SiteURL'] = 'http://zed.dereckson.be/hypership';
* - $Config['BaseURL'] = '/hypership';
*
* In .htaccess or your vhost definition:
* RewriteEngine On
* RewriteBase /hypership/
* RewriteCond %{REQUEST_FILENAME} !-f
* RewriteCond %{REQUEST_FILENAME} !-d
* RewriteRule . /hypership/index.php [L]
*
* Root directory:
* - $Config['SiteURL'] = 'http://zed.dereckson.be';
* - $Config['BaseURL'] = '';
*
* In .htaccess or your vhost definition:
* RewriteEngine On
* RewriteBase /
* RewriteCond %{REQUEST_FILENAME} !-f
* RewriteCond %{REQUEST_FILENAME} !-d
* RewriteRule . /index.php [L]
*
* nginx:
*
* Use same config.php settings than Apache httpd, with mod_rewrite.
*
* In your server block:
* location / {
* #Serves static files if they exists, with one month cache
* if (-f $request_filename) {
* expires 30d;
* break;
* }
*
* #Sends all non existing file or directory requests to index.php
* if (!-e request_filename) {
* rewrite ^(.+)$ /index.php last;
* #Or if you use a subdirectory:
* #rewrite ^(.+)$ /hypership/index.php last;
* }
* }
*
* location ~ \.php$ {
* #Your instructions to pass query to your FastCGI process, like:
* fastcgi_pass 127.0.0.1:9000;
* fastcgi_param SCRIPT_FILENAME /var/www/zed$fastcgi_script_name;
* include fastcgi_params;
* }
*
*
* If you don't want to specify the server domain, you can use get_server_url:
* $Config['SiteURL'] = get_server_url() . '/hypership';
* $Config['SiteURL'] = get_server_url();
*
*
*
* !!! No trailing slash !!!
*
*/
$Config['SiteURL'] = get_server_url();
$Config['BaseURL'] = '';
//AJAX callbacks URL
$Config['DoURL'] = $Config['SiteURL'] . "/do.php";
////////////////////////////////////////////////////////////////////////////////
/// ///
/// IV. Static content ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//Where the static content is located?
//Static content = 4 directories: js, css, img and content
//On default installation, those directories are at site root.
//To improve site performance, you can use a CDN for that.
//
//Recommended setting: $Config['StaticContentURL'] = $Config['SiteURL'];
//Or if Zed is the site root: $Config['StaticContentURL'] = '';
//With CoralCDN: $Config['StaticContentURL'] = . '.nyud.net';
//
$Config['StaticContentURL'] = '';
//$Config['StaticContentURL'] = get_server_url() . '.nyud.net';
//Site content
define('CONTENT_DIR', Environment::getOr('CONTENT_DIR', 'content'));
//Scenes
define('SCENE_DIR', CONTENT_DIR . "/scenes");
define('SCENE_URL', $Config['StaticContentURL'] . '/content/scenes');
//Stories
define('STORIES_DIR', CONTENT_DIR . "/stories");
//Profile's photos
define('PHOTOS_DIR', CONTENT_DIR . "/users/_photos");
define('PHOTOS_URL', $Config['StaticContentURL'] . '/content/users/_photos');
//ImageMagick paths
//Be careful on Windows platform convert could match the NTFS convert command.
$Config['ImageMagick']['convert'] = 'convert';
$Config['ImageMagick']['mogrify'] = 'mogrify';
$Config['ImageMagick']['composite'] = 'composite';
$Config['ImageMagick']['identify'] = 'identify';
////////////////////////////////////////////////////////////////////////////////
/// ///
/// V. Caching ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/*
* Some data (Smarty, OpenID and sessions) are cached in the cache directory.
*
* Security tip: you can move this cache directory outside the webserver tree.
*/
define('CACHE_DIR', Environment::getOr('CACHE_DIR', 'cache'));
/*
* Furthermore, you can also enable a cache engine, like memcached, to store
* data from heavy database queries, or frequently accessed stuff.
*
* To use memcached:
* - $Config['cache']['engine'] = 'memcached';
* - $Config['cache']['server'] = 'localhost';
* - $Config['cache']['port'] = 11211;
*
* To disable cache:
* - $Config['cache']['engine'] = 'void';
* (or don't write nothing at all)
*/
$Config['cache']['engine'] = 'void';
////////////////////////////////////////////////////////////////////////////////
/// ///
/// VI. Sessions and authentication code ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//If you want to use a common table of sessions / user handling
//with several websites, specify a different resource id for each site.
$Config['ResourceID'] = 21;
//Enable OpenID authentication
//$Config['OpenID'] = true;
//Enable YubiKey authentication
//API 12940
//For YubiCloud API key - create yours at https://upgrade.yubico.com/getapikey/
//$Config['YubiCloud']['ClientID'] = 12345;
//$Config['YubiCloud']['SecretKey'] = 'Base64SecretKeyHere';
//PHP variables
ini_set('session.save_path', CACHE_DIR . '/sessions');
//4 days, for week-end story pause and continue url
ini_set('session.gc_maxlifetime', 345600);
////////////////////////////////////////////////////////////////////////////////
/// ///
/// VII. Builder ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//Zed can invoke a slightly modified version of HOTGLUE to build zones.
$Config['builder']['hotglue']['enable'] = true;
$Config['builder']['hotglue']['URL'] = '/apps/hotglue/index.php';
diff --git a/includes/content/file.php b/includes/content/file.php
index 9890072..c1a4b10 100644
--- a/includes/content/file.php
+++ b/includes/content/file.php
@@ -1,284 +1,284 @@
<?php
/**
* Content file class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2012-12-03 02:57 Forked from Content
*
* @package Zed
* @subpackage Content
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Content class
*
* This class maps the content_files table.
*
*/
class ContentFile {
/* -------------------------------------------------------------
Properties
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
public $id;
public $path;
public $user_id;
public $perso_id;
public $title;
/* -------------------------------------------------------------
Constructor, __toString
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Initializes a new ContentFile instance
*
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Returns a string representation of current Content instance
*
* @return string the content title or path if title is blank.
*/
function __toString () {
return $this->title ?: $this->path;
}
/* -------------------------------------------------------------
Load/save class
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Loads the object ContentFile (ie fill the properties) from the $_POST array
*
* @param boolean $allowSensibleFields if false, allow only title to be defined ; otherwise, allow all fields.
*/
function load_from_form ($allowSensibleFields = false) {
if (array_key_exists('title', $_POST)) {
$this->title = $_POST['title'];
}
if ($allowSensibleFields) {
if (array_key_exists('path', $_POST)) {
$this->path = $_POST['path'];
}
if (array_key_exists('user_id', $_POST)) {
$this->user_id = $_POST['user_id'];
}
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
}
}
}
/**
* Loads the object ContentFile (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM content_files WHERE content_id = '" . $id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query content", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Content unknown: " . $this->id;
return false;
}
$this->load_from_row($row);
return true;
}
/**
* Loads the object from row
*/
function load_from_row ($row) {
$this->id = $row['content_id'];
$this->path = $row['content_path'];
$this->user_id = $row['user_id'];
$this->perso_id = $row['perso_id'];
$this->title = $row['content_title'];
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $path = $db->sql_escape($this->path);
- $user_id = $db->sql_escape($this->user_id);
- $perso_id = $db->sql_escape($this->perso_id);
- $title = $db->sql_escape($this->title);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $path = $db->escape($this->path);
+ $user_id = $db->escape($this->user_id);
+ $perso_id = $db->escape($this->perso_id);
+ $title = $db->escape($this->title);
//Updates or inserts
$sql = "REPLACE INTO content_files (`content_id`, `content_path`, `user_id`, `perso_id`, `content_title`) VALUES ($id, '$path', '$user_id', '$perso_id', '$title')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save content", '', __LINE__, __FILE__, $sql);
}
if (!$this->id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/* -------------------------------------------------------------
File handling helper methods
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Determines if the extension is valid
*
* @param string $ext The extension (without dot)
* @return boolean true if this extension is valid ; otherwise, false.
*/
function is_valid_extension ($ext) {
$ext = strtolower($ext);
return (is_valid_image_extension($ext) || is_valid_audio_extension($ext)
|| is_valid_video_extension($ext));
}
/**
* Determines if the extension is valid
*
* @param string $ext The extension (without dot)
* @return boolean true if this extension is valid ; otherwise, false.
*/
function is_valid_image_extension ($ext) {
switch ($ext = strtolower($ext)) {
//Pictures
case 'jpg':
case 'gif':
case 'png':
case 'bmp':
case 'xbm':
return true;
//Denied extension
default:
return false;
}
}
/**
* Determines if the extension is a valid audio file one
*
* @param string $ext The extension (without dot)
* @return boolean true if this extension is valid ; otherwise, false.
*/
function is_valid_audio_extension ($ext) {
switch ($ext = strtolower($ext)) {
//Sounds (HTML5 <audio> formats)
case 'mp3':
case 'ogg':
case 'aac':
case 'wav':
case 'wave':
return true;
//Denied extension
default:
return false;
}
}
/**
* Determines if the extension is a valid video file one
*
* @param string $ext The extension (without dot)
* @return boolean true if this extension is valid ; otherwise, false.
*
* @todo add H.264 extension
*/
function is_valid_video_extension ($ext) {
switch ($ext = strtolower($ext)) {
//Video (HTML5 <video> formats)
case 'ogg':
case 'webm':
return true;
//Denied extension
default:
return false;
}
}
/**
* Creates a directory
*
* @param string $dir the directory to create
*
* @todo set contents chmod in config
*/
function create_directory ($directory) {
if (!file_exists($directory)) {
@mkdir($directory); //Creates new directory, chmod 777
}
}
/**
* Handles uploaded file
*
* @return bool true if the file have been handled
*/
function handle_uploaded_file ($fileArray) {
if (count($fileArray) && $fileArray['error'] == 0) {
$this->create_directory("content/users/$this->user_id");
$this->path = "content/users/$this->user_id/$fileArray[name]";
if (!self::is_valid_extension(get_extension($fileArray[name]))) {
return false;
}
if (move_uploaded_file($fileArray['tmp_name'], $this->path)) {
return true;
} else {
$this->path = null;
return false;
}
} else {
return false;
}
}
/**
* Generates a thumbnail using ImageMagick binary
*
* @return boolean true if the thumbnail command returns 0 as program exit code ; otherwise, false
*/
function generate_thumbnail () {
global $Config;
//Builds thumbnail filename
$sourceFile = $this->path;
$pos = strrpos($this->path, '.');
$thumbnailFile = substr($sourceFile, 0, $pos) . 'Square' . substr($sourceFile, $pos);
//Executes imagemagick command
$command = $Config['ImageMagick']['convert'] . " \"$sourceFile\" -resize 162x162 \"$thumbnailFile\"";
@system($command, $code);
//Returns true if the command have exited with errorcode 0 (= ok)
return ($code == 0);
}
}
diff --git a/includes/content/location.php b/includes/content/location.php
index 13b9eee..9fcb6d5 100644
--- a/includes/content/location.php
+++ b/includes/content/location.php
@@ -1,233 +1,233 @@
<?php
/**
* Content location class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-12-03 2:58 Forked from Content class
*
* @package Zed
* @subpackage Content
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Content location class
*
* This class maps the content_locations table.
*
* A content location is defined by 3 parameters:
* - location_global
* - location_local
* - location_k, an index for the content at the specified location
*
* This class allows to get or set the content_id at this
* (global, local, k) location.
*
* This class also provides a static helper method to
* get local content from a specific location.
*/
class ContentLocation {
/* -------------------------------------------------------------
Properties
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
public $location_global = null;
public $location_local = null;
public $location_k = null;
public $content_id;
/* -------------------------------------------------------------
Constructor, __toString
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Initializes a new ContentLocation instance
*
* @param string $location_global the global location
* @param string $location_local the local location
* @param int $location_k the item indice for the specified location
*/
function __construct ($location_global = null, $location_local = null, $location_k = null) {
$this->location_global = $location_global;
$this->location_local = $location_local;
if ($location_k) {
$this->location_k = $location_k;
$this->load_from_database();
} else {
$this->location_k = self::get_free_location_k($location_global, $location_local);
}
}
/**
* Returns a string representation of current Content instance
*
* @return string the content title or path if title is blank.
*/
function __toString () {
$location_global = $this->location_global ?: '?';
$location_local = $this->location_local ?: '?';
$location_k = $this->location_k ?: '?';
return "($location_global, $location_local, $location_k)";
}
/* -------------------------------------------------------------
Load/save class
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Loads the object ContentLocation (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $location_global = "'" . $db->sql_escape($this->location_global) . "'";
- $location_local = "'" . $db->sql_escape($this->location_local) . "'";
- $location_k = "'" . $db->sql_escape($this->location_k) . "'";
+ $location_global = "'" . $db->escape($this->location_global) . "'";
+ $location_local = "'" . $db->escape($this->location_local) . "'";
+ $location_k = "'" . $db->escape($this->location_k) . "'";
$sql = "SELECT * FROM content_locations WHERE location_global = '$location_global' AND location_local = '$location_local' AND location_k = '$location_k'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query content", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Content location unknown: " . $this->content_id;
return false;
}
$this->load_from_row($row);
return true;
}
/**
* Loads the object from row
*/
function load_from_row ($row) {
$this->content_id = $row['content_id'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->location_k = $row['location_k'];
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $location_global = "'" . $db->sql_escape($this->location_global) . "'";
- $location_local = "'" . $db->sql_escape($this->location_local) . "'";
- $location_k = "'" . $db->sql_escape($this->location_k) . "'";
- $content_id = $this->content_id ? "'" . $db->sql_escape($this->content_id) . "'" : 'NULL';
+ $location_global = "'" . $db->escape($this->location_global) . "'";
+ $location_local = "'" . $db->escape($this->location_local) . "'";
+ $location_k = "'" . $db->escape($this->location_k) . "'";
+ $content_id = $this->content_id ? "'" . $db->escape($this->content_id) . "'" : 'NULL';
$sql = "REPLACE INTO content_locations (location_global, location_local, location_k, content_id) VALUES ($location_global, $location_local, $location_k, $content_id)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save content location", '', __LINE__, __FILE__, $sql);
}
}
/* -------------------------------------------------------------
Helper methods
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Gets the next k free value for the specified location
*
* @param string $location_global the global location
* @param string $location_local the local location
*
* @param int $location_k the next free local content indice
*/
function get_free_location_k ($location_global, $location_local) {
$location_global = "'" . $db->sql_escape($location_global) . "'";
$location_local = "'" . $db->sql_escape($location_local) . "'";
$sql = "SELECT MAX(location_k) + 1 FROM content_locations WHERE location_global = '$location_global' AND location_local = '$location_local'";
if (!$result = $db->sql_query($sql)) {
message_die(SQL_ERROR, "Can't get content location k", '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
return $row[0];
}
/**
* Deletes this content location from the database
*/
function delete() {
$location_global = "'" . $db->sql_escape($this->location_global) . "'";
$location_local = "'" . $db->sql_escape($this->location_local) . "'";
$location_k = "'" . $db->sql_escape($this->location_k) . "'";
$sql = "DELETE FROM content_locations WHERE location_global = '$location_global' AND location_local = '$location_local' AND location_k = '$location_k' LIMIT 1";
if (!$db->sql_query($sql)) {
message_die(SQL_ERROR, "Can't delete current content location", '', __LINE__, __FILE__, $sql);
}
}
/**
* Moves the content into new location
*
* @param string $location_global the target global location
* @param string $location_local the target local location
* @param int $location_k the target local content indice [facultative]
*/
function move ($location_global, $location_local, $location_k = null) {
if ($this->content_id) {
$this->delete();
}
if ($location_k) {
$this->location_k = $location_k;
} else {
$this->location_k = self::get_free_location_k($location_global, $location_local);
}
if ($this->content_id) {
$this->save_to_database();
}
}
/* -------------------------------------------------------------
Gets content
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Gets content at specified location
*
* @param string $location_global global content location
* @param string $location_local local content location
* @return Array array of ContentFile instances
*
* The returned array indices are the local_k.
*/
static function get_local_content ($location_global, $location_local) {
global $db;
//Get contents at this location
- $location_global = $db->sql_escape($location_global);
- $location_local = $db->sql_escape($location_local);
+ $location_global = $db->escape($location_global);
+ $location_local = $db->escape($location_local);
$sql = "SELECT c.* FROM content c WHERE c.location_global = '$location_global' AND c.location_local = '$location_local' ORDER BY location_k ASC";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get content", '', __LINE__, __FILE__, $sql);
}
//Fills content array
$contents = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$k = $row['location_k'];
$contents[$k] = new ContentFile();
$contents[$k]->load_from_row($row);
}
return $contents;
}
}
diff --git a/includes/content/zone.php b/includes/content/zone.php
index 418e475..6ef97e5 100644
--- a/includes/content/zone.php
+++ b/includes/content/zone.php
@@ -1,203 +1,203 @@
<?php
/**
* Zone class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage Content
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Content zone class
*
* A zone is a physical place, independent from the location.
* This mechanism allows to more easily move zones.
*
* This class maps the content_zones table.
*/
class ContentZone {
public $id;
public $title;
public $type;
public $params;
public $deleted = false;
/**
* Initializes a new instance of a zone object
*
* @param int $id The zone ID
*/
function __construct ($id = '') {
if ($id) {
$this->id = $id;
return $this->load_from_database();
}
}
/**
* Loads the object zone (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('title', $_POST)) {
$this->user_id = $_POST['title'];
}
if (array_key_exists('type', $_POST)) {
$this->user_id = $_POST['type'];
}
if (array_key_exists('params', $_POST)) {
$this->user_id = $_POST['params'];
}
if (array_key_exists('deleted', $_POST)) {
$this->user_id = $_POST['deleted'];
}
}
/**
* Loads the object zone (ie fill the properties) from the $row array
*/
function load_from_row ($row) {
$this->id = $row['zone_id'];
$this->title = $row['zone_title'];
$this->type = $row['zone_type'];
$this->params = $row['zone_params'];
$this->deleted = (bool)$row['zone_deleted'];
}
/**
* Loads the object zone (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_CONTENT_ZONES . " WHERE zone_id = '" . $id . "'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, 'Unable to query content_zones', '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = 'Zone unknown: ' . $this->id;
return false;
}
$this->load_from_row($row);
return true;
}
/**
* Saves the object to the database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $title = $db->sql_escape($this->title);
- $type = $db->sql_escape($this->type);
- $params = $db->sql_escape($this->params);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $title = $db->escape($this->title);
+ $type = $db->escape($this->type);
+ $params = $db->escape($this->params);
$deleted = $this->deleted ? 1 : 0;
$sql = "REPLACE INTO " . TABLE_CONTENT_ZONES . " (`zone_id`, `zone_title`, `zone_type`, `zone_params`, `zone_deleted`) VALUES ($id, '$title', '$type', '$params', $deleted)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$this->id) {
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Assigns the zone at the specified location.
*
* @param string $location_global the global location
* @param string $location_global the local location
* @param bool $delete_old_locations if true, delete old locations
*/
function assign_to ($location_global, $location_local, $delete_old_locations = true) {
if (!$this->id) {
$this->save_to_database();
}
global $db;
if ($delete_old_locations) {
$sql = "DELETE FROM " . TABLE_CONTENT_ZONES_LOCATIONS . " WHERE zone_id = " . $this->id;
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to delete", '', __LINE__, __FILE__, $sql);
}
}
- $g = $db->sql_escape($location_global);
- $l = $db->sql_escape($location_local);
+ $g = $db->escape($location_global);
+ $l = $db->escape($location_local);
$sql = "REPLACE INTO " . TABLE_CONTENT_ZONES_LOCATIONS . " (location_global, location_local, zone_id) VALUES ('$g', '$l', $this->id)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to set zone location", '', __LINE__, __FILE__, $sql);
}
}
/**
* Gets the zone at specified location
*
* @param string $location_global the global location
* @param string $location_global the local location
* @param bool $create if the zone doesn't exist, create it [optional] [default value: false]
* @return ContentZone the zone, or null if the zone doesn't exist and $create is false
*/
static function at ($location_global, $location_local, $create = false) {
global $db;
- $g = $db->sql_escape($location_global);
- $l = $db->sql_escape($location_local);
+ $g = $db->escape($location_global);
+ $l = $db->escape($location_local);
$sql = "SELECT * FROM " . TABLE_CONTENT_ZONES_LOCATIONS . " WHERE location_global = '$g' AND location_local = '$l'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to set zone location", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
return new ContentZone($row['zone_id']);
} elseif ($create) {
$zone = new ContentZone();
$zone->assign_to($location_global, $location_local);
return $zone;
} else {
return null;
}
}
/**
* Gets all the zones matching the specified location queries
*
* @param string $location_global_query the global location query
* @param string $location_local_query the local location query
* @return Array a ContentZone array, with each item a zone found
*
* [SECURITY] They are passed as is in SQL [R]LIKE queries, you can't inject users expression.
*
* The following properties are added to the ContentZone items of the returned array:
* - location_global
* - location_local
*/
static function search ($location_global_query, $location_local_query, $use_regexp_for_local = false) {
global $db;
$zones = [];
$op = $use_regexp_for_local ? 'RLIKE' : 'LIKE';
$sql = "SELECT * FROM " . TABLE_CONTENT_ZONES_LOCATIONS . " WHERE location_global LIKE '$location_global_query' AND location_local $op '$location_local_query'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to set zone location", '', __LINE__, __FILE__, $sql);
}
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$zone = new ContentZone($row['zone_id']);
$zone->location_global = $row['location_global'];
$zone->location_local = $row['location_local'];
$zones[] = $zone;
}
return $zones;
}
}
diff --git a/includes/core.php b/includes/core.php
index 4423b13..94990ea 100644
--- a/includes/core.php
+++ b/includes/core.php
@@ -1,694 +1,690 @@
<?php
/**
* Core: helper methods and main libraries loader
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage Keruald
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
////////////////////////////////////////////////////////////////////////////////
/// ///
/// Configures PHP and loads site-wide used libraries ///
/// ///
////////////////////////////////////////////////////////////////////////////////
require_once(__DIR__ . "/../vendor/autoload.php");
include_once("autoload.php");
error_reporting(E_ALL & ~E_NOTICE);
include_once("config.php");
include_once("error.php");
-include_once("db/Database.php");
-$db = Database::load();
-Database::cleanupConfiguration();
-
include_once("sessions.php");
////////////////////////////////////////////////////////////////////////////////
/// ///
/// Information helper methods ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/**
* Gets the nickname from the specified perso ID
*
* @param integer $perso_id The specified perso ID
* @return string The perso's nickname
*/
function get_name ($perso_id) {
global $db;
- $perso_id = $db->sql_escape($perso_id);
+ $perso_id = $db->escape($perso_id);
$sql = 'SELECT perso_nickname FROM '. TABLE_PERSOS . " WHERE perso_id = '$perso_id'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't query persos table.", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return $row['perso_nickname'];
}
/**
* Gets the user ID from the specified username
*
* @param string $username The username
* @return integer the user ID
*/
function get_userid ($username) {
global $db;
- $username = $db->sql_escape($username);
+ $username = $db->escape($username);
$sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't query users table.", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return $row['user_id'];
}
/**
* Gets an information from the application global registry
*
* @param string $key the registry's key
* @return string The key value
*/
function registry_get ($key) {
global $db;
- $key = $db->sql_escape($key);
+ $key = $db->escape($key);
$sql = "SELECT registry_value FROM " . TABLE_REGISTRY . " WHERE registry_key = '$key'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't read registry.", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return $row['registry_value'];
}
/**
* Sets an information in the application global registry
*
* @param string $key the registry key
* @param string $value the value to store at the specified registry key
*/
function registry_set ($key, $value) {
global $db;
- $key = $db->sql_escape($key);
- $value = $db->sql_escape($value);
+ $key = $db->escape($key);
+ $value = $db->escape($value);
$sql = "REPLACE INTO " . TABLE_REGISTRY . " (registry_key, registry_value) VALUES ('$key', '$value')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't update registry", '', __LINE__, __FILE__, $sql);
}
}
////////////////////////////////////////////////////////////////////////////////
/// ///
/// Misc helper methods ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/**
* Generates a random string, according the specified format.
*
* <code>
* echo generate_random_string('AAA111'); //this could output SDQ245.
* </code>
*
* @author Pierre Habart <p.habart@ifrance.com>
*
* @param string $format The format e.g. AAA111
* @return string a random string
*/
function generate_random_string ($format) {
mt_srand((double)microtime()*1000000);
$str_to_return="";
$t_alphabet=explode(",", "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z");
$t_number=explode(",", "1,2,3,4,5,6,7,8,9,0");
for ($i=0;$i<strlen($format);$i++) {
if (preg_match("/^[a-zA-Z]/", $format[$i])) {
$add=$t_alphabet[mt_rand() % sizeof($t_alphabet)];
if (preg_match("/^[a-z]/", $format[$i])) {
$add=strtolower($add);
}
} elseif(preg_match("/^[0-9]/", $format[$i])) {
$add=$t_number[mt_rand() % sizeof($t_number)];
} else {
$add="?";
}
$str_to_return.=$add;
}
return $str_to_return;
}
//Plural management
/**
* Returns "s" when the $amount request a plural
* This function is a French plural helper.
*
* @param $amount the amount of objects
* @return string 's' if $amount implies a plural ; '' if it implies a singular.
*/
function s ($amount) {
if ($amount >= 2 || $amount <= -2) {
return "s";
}
}
/**
* Returns "x" when the $amount request a plural
* This function is a French plural helper.
*
* @param $amount the amount of objects
* @return string 'x' if $amount implies a plural ; '' if it implies a singular.
*/
function x ($amount) {
if ($amount >= 2 || $amount <= -2) {
return "x";
}
}
//Debug
/**
* Prints human-readable information about a variable.
*
* It behaves like the print_r command, but the output is enclosed in pre tags,
* to have a preformatted HTML output.
*
* @param mixed $expression The expression to be printed
*/
function dprint_r ($expression) {
echo '<pre>';
print_r($expression);
echo '</pre>';
}
//GUID
/**
* Generates a GUID, or more precisely an UUID
* @link http://en.wikipedia.org/wiki/Universally_Unique_Identifier Wikipedia, Universally Unique Identifier.
*
* A UUID is a 36 chars string of 32 hexadecimal and 4 dashes, with a
* very high probability to be unique.
*
* @return string the UUID
*/
function new_guid() {
$characters = explode(",", "a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9");
$guid = "";
for ($i = 0 ; $i < 36 ; $i++) {
if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
$guid .= "-";
} else {
$guid .= $characters[mt_rand() % sizeof($characters)];
}
}
return $guid;
}
/**
* Determines if the expression is a valid UUID (a guid without {}).
* @see new_guid
*
* @param string $expression the expression to check
* @return boolean true if the specified expression is a valid UUID ; otherwise, false.
*/
function is_guid ($expression) {
//We avoid regexp to speed up the check
//A guid is a 36 characters string
if (strlen($expression) != 36) {
return false;
}
$expression = strtolower($expression);
for ($i = 0 ; $i < 36 ; $i++) {
if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
//with dashes
if ($expression[$i] != "-") {
return false;
}
} else {
//and numbers
if (!is_numeric($expression[$i]) && $expression[$i] != 'a' && $expression[$i] != 'b' && $expression[$i] != 'c' && $expression[$i] != 'd' && $expression[$i] != 'e' && $expression[$i] != 'f' ) {
return false;
}
}
}
return true;
}
/**
* Gets file extension
*
* @param string $file the file to get the extension
* @return string the extension from the specified file
*/
function get_extension ($file) {
$dotPosition = strrpos($file, ".");
return substr($file, $dotPosition + 1);
}
/**
* Determines if a string starts with specified substring
*
* @param string $haystack the string to check
* @param string $needle the substring to determines if it's the start
* @param boolean $case_sensitive determines if the search must be case sensitive
* @return boolean true if $haystack starts with $needle ; otherwise, false.
*/
function string_starts_with ($haystack, $needle, $case_sensitive = true) {
if (!$case_sensitive) {
$haystack = strtoupper($haystack);
$needle = strtoupper($needle);
}
if ($haystack == $needle) {
return true;
}
return strpos($haystack, $needle) === 0;
}
/**
* Inserts a message into the supralog
*
* @param string $category the entry category
* @param string $message the message to log
- * @param string $source the entry source.
+ * @param string|null $source the entry source.
*/
-function supralog ($category, $message, $source = null) {
+function supralog (string $category, string $message, ?string $source = null) {
global $db, $CurrentUser, $CurrentPerso;
- $category = $db->sql_query_express($category);
- $message = $db->sql_query_express($message);
- $source = $db->sql_query_express($source ?: $_SERVER['SERVER_ADDR']);
+ $category = $db->escape($category);
+ $message = $db->escape($message);
+ $source = $db->escape($source ?: $_SERVER['SERVER_ADDR']);
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO " . TABLE_LOG .
" (entry_ip, user_id, perso_id, entry_category, entry_message, entry_source) VALUES
('$ip', $CurrentUser->id, $CurrentPerso->id, '$category', '$message', '$source')";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Can't log this entry.", '', __LINE__, __FILE__, $sql);
}
}
////////////////////////////////////////////////////////////////////////////////
/// ///
/// Localization (l10n) ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/**
* Defines the LANG constant, to lang to print
*
* This information is contained in the session, or if not yet defined,
* it's to determine according the user's browser preferences.
* @see find_lang
*/
function initialize_lang () {
//If $_SESSION['lang'] doesn't exist yet, find a common language
if (!array_key_exists('lang', $_SESSION)) {
$lang = find_lang();
$_SESSION['lang'] = $lang ?: '-';
}
if ($_SESSION['lang'] != '-') {
define('LANG', $_SESSION['lang']);
}
}
/**
* Gets a common lang spoken by the site and the user's browser
* @see get_http_accept_languages
*
* @return string the language
*/
function find_lang () {
if (file_exists('lang') && is_dir('lang')) {
//Gets lang/ subdirectories: this is the list of available languages
$handle = opendir('lang');
while ($file = readdir($handle)) {
if ($file != '.' && $file != '..' && is_dir("lang/$file")) {
$langs[] = $file;
}
}
//The array $langs contains now the language available.
//Gets the langs the user should want:
if (!$userlangs = get_http_accept_languages()) {
return;
}
//Gets the intersection between the both languages arrays
//If it matches, returns first result
$intersect = array_intersect($userlangs, $langs);
if (count($intersect)) {
return $intersect[0];
}
//Now it's okay with Opera and Firefox but Internet Explorer will
//by default return en-US and not en or fr-BE and not fr, so second pass
foreach ($userlangs as $userlang) {
$lang = explode('-', $userlang);
if (count($lang) > 1) {
$userlangs2[] = $lang[0];
}
}
$intersect = array_intersect($userlangs2, $langs);
if (count($intersect)) {
return $intersect[0];
}
}
}
/**
* Gets the languages accepted by the browser, by order of priority.
*
* This will read the HTTP_ACCEPT_LANGUAGE variable sent by the browser in the
* HTTP request.
*
* @return Array an array of string, each item a language accepted by browser
*/
function get_http_accept_languages () {
//What language to print is sent by browser in HTTP_ACCEPT_LANGUAGE var.
//This will be something like en,fr;q=0.8,fr-fr;q=0.5,en-us;q=0.3
if (!array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER)) {
return null;
}
$http_accept_language = explode(',', $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
foreach ($http_accept_language as $language) {
$userlang = explode(';q=', $language);
if (count($userlang) == 1) {
$userlangs[] = [1, $language];
} else {
$userlangs[] = [$userlang[1], $userlang[0]];
}
}
rsort($userlangs);
foreach ($userlangs as $userlang) {
$result[] = $userlang[1];
}
return $result;
}
/**
* Loads specified language Smarty configuration file
*
* @param string $file the file to load
* @param mixed $sections array of section names, single section or null
*/
function lang_load ($file, $sections = null) {
global $smarty;
//Loads English file as fallback if some parameters are missing
if (file_exists("lang/en/$file")) {
$smarty->configLoad("lang/en/$file", $sections);
}
//Loads wanted file (if it exists and a language have been defined)
if (defined('LANG') && LANG != 'en' && file_exists('lang/' . LANG . '/' . $file)) {
$smarty->configLoad('lang/' . LANG . '/' . $file, $sections);
}
}
/**
* Gets a specified language expression defined in configuration file
*
* @param string $key the configuration key matching the value to get
* @return string The value in the configuration file
*/
function lang_get ($key) {
global $smarty;
$smartyConfValue = $smarty->config_vars[$key];
return $smartyConfValue ?: "#$key#";
}
////////////////////////////////////////////////////////////////////////////////
/// ///
/// Zed date and time helper methods ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/**
* Converts a YYYYMMDD or YYYY-MM-DD timestamp to unixtime
* @link http://en.wikipedia.org/wiki/Unix_time Unix time
*
* @param string $timestamp the timestamp to convert
* @return integer the unixtime
*/
function to_unixtime ($timestamp) {
switch (strlen($timestamp)) {
case 8:
//YYYYMMDD
return mktime(0, 0, 0, substr($timestamp, 4, 2), substr($timestamp, 6, 2), substr($timestamp, 0, 4));
case 10:
//YYYY-MM-DD
return mktime(0, 0, 0, substr($timestamp, 5, 2), substr($timestamp, 8, 2), substr($timestamp, 0, 4));
default:
throw new Exception("timestamp is not a valid YYYYMMDD or YYYY-MM-DD timestamp: $timestamp");
}
}
/**
* Converts a unixtime to the YYYYMMDD or YYYY-MM-DD timestamp format
* @see to_unixtime
*
* @param int $unixtime the time to convert
* @param int $format 8 or 10. If 8 (default), will output YYYYMMDD. If 10, YYYY-MM-DD.
* @return string the timestamp
*/
function to_timestamp ($unixtime = null, $format = 8) {
//If no parameter is specified (or null, or false), current time is used
//==== allows to_timestamp(0) to return correct 1970-1-1 value.
if ($unixtime === null || $unixtime === false) {
$unixtime = time();
}
switch ($format) {
case 8:
//YYYYMMDD
return date('Ymd', $unixtime);
case 10:
//YYYY-MM-DD
return date('Y-m-d', $unixtime);
default:
throw new Exception("format must be 8 (YYYYMMDD) or 10 (YYYY-MM-DD) and not $format.");
}
}
/**
* Converts a unixtime to the Hypership time format or gets the current hypership time.
* @link http://en.wikipedia.org/wiki/Unix_time
* @link http://www.purl.org/NET/Zed/blog/HyperShipTime
*
* @param int $unixtime The unixtime to convert to HyperShip time. If omitted, the current unixtime.
* @return string The HyperShip time
*/
function get_hypership_time ($unixtime = null) {
//If unixtime is not specified, it's now
if ($unixtime === null) {
$unixtime = time();
}
//Hypership time is a count of days since launch @ 2010-07-03 00:00:00
//Followed by a fraction of the current day /1000, like the internet time
//but in UTC timezone and not Switzerland CET/CEST.
//We don't need to use floor(), as we output the result at int, truncating
//automatically decimal values instead of round it (like in C).
$seconds = $unixtime - 1278115200;
$days = $seconds / 86400;
$fraction = (abs($seconds) % 86400) / 86.4;
return sprintf("%d.%03d", $days, $fraction);
}
////////////////////////////////////////////////////////////////////////////////
/// ///
/// URL helpers functions ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/**
* Gets the URL matching the specified resource.
*
* Example:
* <code>
* $url = get_url('ship', $ship);
* echo $url; //if $ship contains S00001, this should print /ship/S00001
* </code>
*
* @param string $resource,... the resources
* @return string the URL matching the specified resource
*/
function get_url () {
global $Config;
if (func_num_args() > 0) {
$pieces = func_get_args();
return $Config['BaseURL'] . '/' . implode('/', $pieces);
} elseif ($Config['BaseURL'] == "" || $Config['BaseURL'] == $_SERVER["PHP_SELF"]) {
return "/";
} else {
return $Config['BaseURL'];
}
}
/**
* Gets the current page URL
*
* @return string the current page URL
*/
function get_page_url () {
$url = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
if (substr($url, -10) == $_SERVER["PHP_SELF"]) {
return substr($url, 0, -9);
}
return $url;
}
/**
* Gets the server URL
* @todo find a way to detect https:// on non standard port
*
* @return string the server URL
*/
function get_server_url () {
switch ($port = $_SERVER['SERVER_PORT']) {
case '80':
return "http://$_SERVER[SERVER_NAME]";
case '443':
return "https://$_SERVER[SERVER_NAME]";
default:
return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
}
}
/**
* Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
*
* This function allows the entry point controllers to get the current URL
* in a consistent way, for any redirection configuration
*
* So with /foo/bar, /index.php/foo/bar, /zed/index.php/foo/bar or /zed/foo/bar
* get_current_url will return /foo/bar
*
* @return string the relevant URL part
*/
function get_current_url () {
global $Config;
//Gets relevant URL part from relevant $_SERVER variables
if (array_key_exists('PATH_INFO', $_SERVER)) {
//Without mod_rewrite, and url like /index.php/controller
//we use PATH_INFO. It's the easiest case.
return $_SERVER["PATH_INFO"];
}
//In other cases, we'll need to get the relevant part of the URL
$current_url = get_server_url() . $_SERVER['REQUEST_URI'];
//Relevant URL part starts after the site URL
$len = strlen($Config['SiteURL']);
//We need to assert it's the correct site
if (substr($current_url, 0, $len) != $Config['SiteURL']) {
dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL<br /><strong>Current value:</strong> $Config[SiteURL]<br /><strong>Expected value:</strong> a string starting by " . get_server_url(), "Setup");
}
if (array_key_exists('REDIRECT_URL', $_SERVER)) {
//With mod_rewrite, we can use REDIRECT_URL
//We takes the end of the URL, ie *FROM* $len position
return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
}
//Last possibility: use REQUEST_URI, but remove QUERY_STRING
//If you need to edit here, use $_SERVER['REQUEST_URI']
//but you need to discard $_SERVER['QUERY_STRING']
//We takes the end of the URL, ie *FROM* $len position
$url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
//But if there are a query string (?action=... we need to discard it)
if ($_SERVER['QUERY_STRING']) {
return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
}
return $url;
}
/**
* Gets an array of url fragments to be processed by controller
* @see get_current_url
*
* This method is used by the controllers entry points to know the URL and
* call relevant subcontrollers.
*
* @return Array an array of string, one for each URL fragment
*/
function get_current_url_fragments () {
return explode('/', substr(get_current_url(), 1));
}
////////////////////////////////////////////////////////////////////////////////
/// ///
/// URL xmlHttpRequest helpers functions ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/**
* Gets an hash value to check the integrity of URLs in /do.php calls
*
* @param Array $args the args to compute the hash
* @return the hash parameter for your xmlHttpRequest url
*/
function get_xhr_hash ($args) {
global $Config;
array_shift($args);
return md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
}
/**
* Gets the URL to call do.php, the xmlHttpRequest controller
*
* @return string the xmlHttpRequest url, with an integrity hash
*/
function get_xhr_hashed_url () {
global $Config;
$args = func_get_args();
$args[] = get_xhr_hash($args);
return $Config['DoURL'] . '/' . implode('/', $args);
}
/**
* Gets the URL to call do.php, the xmlHttpRequest controller
*
* @return string the xmlHttpRequest url
*/
function get_xhr_url () {
global $Config;
$args = func_get_args();
return $Config['DoURL'] . '/' .implode('/', $args);
}
diff --git a/includes/db/Database.php b/includes/db/Database.php
deleted file mode 100644
index a40e44d..0000000
--- a/includes/db/Database.php
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-
-/**
- * Database calling class.
- *
- * Zed. The immensity of stars. The HyperShip. The people.
- *
- * (c) 2015, Dereckson, some rights reserved.
- * Released under BSD license.
- *
- * This file provides a calling class, which read the configuration, ensures
- * the database class for the db engine given in config exists and initializes
- * it.
- *
- * The class to call is determined from the following preference:
- * <code>
- * $Config['database']['engine'] = 'MySQL'; //will use DatabaseMySQL class.
- * </code>
- *
- * @package Zed
- * @subpackage Database
- * @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
- * @copyright 2015 Sébastien Santoro aka Dereckson
- * @license http://www.opensource.org/licenses/bsd-license.php BSD
- * @link http://scherzo.dereckson.be/doc/zed
- * @link http://zed.dereckson.be/
- * @filesource
- */
-
-/**
- * Databasecaller
- */
-class Database {
- /**
- * Gets the database instance, initializing it if needed
- *
- * The correct database instance to initialize will be determined from the
- * $Config['database']['engine'] preference.
- *
- * The database class to use will be Database + (preference engine, capitalized)
- *
- * This method will creates an instance of the specified object,
- * calling the load static method from this object class.
- *
- * Example:
- * <code>
- * $Config['database']['engine'] = 'quux';
- * $db = Database::load(); //Database:load() will call DatabaseQuux:load();
- * </code>
- *
- * @return Database the database instance
- */
- static function load () {
- global $Config;
- if (
- !array_key_exists('database', $Config) ||
- !array_key_exists('engine', $Config['database'])
- ) {
- //database is not configured or engine is not specified
- message_die(GENERAL_ERROR, 'A database engine (a MySQL variant is recommended) should be configured. Please ensure you have a ["database"]["engine"] value in the configuration.', "Setup issue");
- } else {
- //engine is specified in the configuration
- $engine = $Config['database']['engine'];
- }
-
- $engine_file = 'includes/db/' . $engine . '.php';
- $engine_class = 'Database' . ucfirst($engine);
-
- if (!file_exists($engine_file)) {
- message_die(GENERAL_ERROR, "Can't initialize $engine database engine.<br />$engine_file not found.", 'Setup issue');
- }
-
- require_once($engine_file);
- if (!class_exists($engine_class)) {
- message_die(GENERAL_ERROR, "Can't initialize $engine database engine.<br />$engine_class class not found.", 'Setup issue');
- }
- return call_user_func([$engine_class, 'load']);
- }
-
- static function cleanupConfiguration () {
- global $Config;
- unset($Config['database']['password']);
- }
-}
diff --git a/includes/db/MySQLi.php b/includes/db/MySQLi.php
deleted file mode 100644
index 764263f..0000000
--- a/includes/db/MySQLi.php
+++ /dev/null
@@ -1,171 +0,0 @@
-<?php
-
-/**
- * MySQLi layer and helper class
- *
- * Zed. The immensity of stars. The HyperShip. The people.
- *
- * (c) 2010, 2014, Dereckson, some rights reserved.
- * Released under BSD license.
- *
- * @package Zed
- * @subpackage Keruald
- * @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
- * @copyright 2014 Sébastien Santoro aka Dereckson
- * @license http://www.opensource.org/licenses/bsd-license.php BSD
- * @link http://scherzo.dereckson.be/doc/zed
- * @link http://zed.dereckson.be/
- * @filesource
- */
-
-/**
- * SQL layer and helper class: MySQLi
- *
- * @package Keruald
- * @subpackage Keruald
- * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
- * @license Released under BSD license
- * @version 0.1
- */
-class DatabaseMySQLi {
- /*
- * @var int the connection identifier
- */
- private $db;
-
- /**
- * Initializes a new instance of the database abstraction class, for MySQLi engine
- */
- function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
- //Checks extension requirement
- if (!class_exists("mysqli")) {
- message_die(GENERAL_ERROR, "You've chosen to use a MySQLi database engine, but the MySQLi extension is missing.", "Setup issue");
- }
-
- //Connects to MySQL server
- $this->db = new mysqli($host, $username, $password) or $this->sql_die();
-
- //Selects database
- if ($database != '') {
- $this->db->select_db($database);
- }
- }
-
- /**
- * Outputs a can't connect to the SQL server message and exits.
- * It's called on connect failure
- */
- private function sql_die () {
- //You can custom here code when you can't connect to SQL server
- //e.g. in a demo or appliance context, include('start.html'); exit;
- die ("Can't connect to SQL server.");
- }
-
- /**
- * Sends a unique query to the database
- *
- * @return mixed if the query is successful, a mysqli_result instance ; otherwise, false
- */
- function sql_query ($query) {
- return $this->db->query($query);
- }
-
- /**
- * Fetches a row of result into an associative array
- *
- * @return array an associative array with columns names as keys and row values as values
- */
- function sql_fetchrow ($result) {
- return $result->fetch_array();
- }
-
- /**
- * Gets last SQL error information
- *
- * @return array an array with two keys, code and message, containing error information
- */
- function sql_error () {
- return [
- 'code' => $this->db->errno,
- 'message' => $this->db->error
- ];
- }
-
- /**
- * Gets the number of rows affected or returned by a query
- *
- * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
- */
- function sql_numrows ($result) {
- return $result->num_rows;
- }
-
- /**
- * Gets the primary key value of the last query (works only in INSERT context)
- *
- * @return int the primary key value
- */
- function sql_nextid () {
- return $this->db->insert_id;
- }
-
- /**
- * Express query method, returns an immediate and unique result
- *
- * @param string $query the query to execute
- * @param string $error_message the error message
- * @param boolean $return_as_string return result as string, and not as an array
- * @return mixed the row or the scalar result
- */
- function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
- if ($query === '' || $query === false || $query === null) {
- //No query, no value
- return '';
- } elseif (!$result = $this->sql_query($query)) {
- //An error have occurred
- message_die(SQL_ERROR, $error_message, '', '', '', $query);
- } else {
- //Fetches row
- $row = $this->sql_fetchrow($result);
-
- //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
- return $return_as_string ? $row[0] : $row;
- }
- }
-
- /*
- * Escapes a SQL expression
- * @param string expression The expression to escape
- * @return string The escaped expression
- */
- function sql_escape ($expression) {
- return $this->db->real_escape_string($expression);
- }
-
- /**
- * Sets charset
- */
- function set_charset ($encoding) {
- $this->db->set_charset($encoding);
- }
-
- /**
- * Loads a database instance, connected and ready to process queries.
- */
- static function load () {
- global $Config;
-
- //Creates an instance of this database class with configuration values
- $db = new self(
- $Config['database']['host'],
- $Config['database']['username'],
- $Config['database']['password'],
- $Config['database']['database']
- );
-
- //Sets SQL connexion in UTF-8.
- $db->set_charset('utf8');
-
- return $db;
- }
-}
diff --git a/includes/error.php b/includes/error.php
index 2f3b0a4..c3ec7b8 100644
--- a/includes/error.php
+++ b/includes/error.php
@@ -1,197 +1,197 @@
<?php
/**
* Error handler
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This error handler uses the same idea and message_die method signature
* of the phpBB 2 one.
*
* @package Zed
* @subpackage Keruald
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo delete old_message_die method and write alternative HTML textual output
* in the message_die method
*/
///
/// Error constants
///
/**
* SQL_ERROR is the constant meaning the error is a SQL error.
*
* As a message_die function parameter, it allows to add SQL specific debug information.
*/
define ("SQL_ERROR", 65);
/**
* HACK_ERROR is the constant meaning access is non authorized to the resource.
*
* It encompasses two problematics:
* the URL points to a resource belonging to another user or for the current user have no access right (for malformed URL, pick instead GENERAL_ERROR) ;
* the user is anonymous, instead to be logged in.
*
* A suggested way to handle the second problematic is to store in hidden input
* fields or better in the session the previous form data, and to print a login
* form.
*
* If you implement this, you don't even need to distinguishes between the two
* cases, as once logged in, the regular HACK_ERROR could also be printed.
*/
define ("HACK_ERROR", 99);
/**
* GENERAL_ERROR is the constant meaning the error is general, ie not covered by
* another more specific error constant.
*/
define ("GENERAL_ERROR", 117);
///
/// Error helper functions
///
/**
* Output a general error, with human-readable information about the specified
* expression as error message ; terminates the current script.
*
* @see message_die
*
* @param mixed $expression the expression to be printed
* @param string $title the message title (optional, default will be 'Debug')
*/
function dieprint_r ($expression, $title = '') {
if (!$title) {
$title = 'Debug'; //if title is omitted or false/null, default title
}
message_die(GENERAL_ERROR, '<pre>' . print_r($expression, true) .'</pre>', $title);
}
/**
* Outputs an error message and terminates the current script.
*
* Error will be output through Smarty one of the following templates :
* error_block.tpl if the header have already been printed ;
* error.tpl if the error occurred before the header were called and printed.
*
* If smarty couldn't be loaded, old_message_die method will be called, which
* produces a table output.
*
* @param int $msg_code an integer constant identifying the error (HACK_ERROR, SQL_ERROR, GENERAL_ERROR)
* @param string $msg_text the error message text (optional, but recommended)
* @param string $msg_title the error message title (optional)
* @param int $err_line the line number of the file where the error occurred (optional, suggested value is __LINE__)
* @param string $err_line the path of file where the error occurred (optional, suggested value is __FILE__)
* @param string $sql the SQL query (optional, used only if msg_code is SQL_ERROR)
*/
function message_die ($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') {
global $smarty, $db;
if ($smarty) {
$debug_text = $msg_text;
if ($err_line && $err_file) {
$debug_text .= ' &mdash; ' . $err_file. ', ' . lang_get('line') . ' ' . $err_line ;
}
switch ($msg_code) {
case HACK_ERROR:
$smarty->assign('TITLE', lang_get('UnauthorizedAccess'));
break;
case SQL_ERROR:
$smarty->assign('TITLE', lang_get('SQLError'));
- $sql_error = $db->sql_error();
+ $sql_error = $db->error();
if ($sql_error['message'] != '') {
$debug_text .= '<br />' . lang_get('Error') . ' n° ' . $sql_error['code'] . lang_get('_t') .
' ' .$sql_error['message'];
}
$debug_text .= "</p><h2>Query:</h2><p>$sql";
break;
default:
$smarty->assign('WAP', "Message code error.<br />Expected: HACK_ERROR, SQL_ERROR, GENERAL_ERROR");
//Falls to GENERAL_ERROR
case GENERAL_ERROR:
if ($msg_title) {
$smarty->assign('TITLE', $msg_title);
} else {
$smarty->assign('TITLE', lang_get('GeneralError'));
}
break;
}
$smarty->assign('ERROR_TEXT', $debug_text);
$template = (defined('HEADER_PRINTED') && HEADER_PRINTED) ? "error_block.tpl" : "error.tpl";
$smarty->display($template);
exit;
} else {
old_message_die($msg_code, $msg_text, $msg_title, $err_line, $err_file, $sql);
}
}
/**
* Outputs an error message and terminates the current script.
*
* This is the message_die method from Espace Win, used on Zed as fallback if Smarty isn't initialized yet.
* Former "german style" error HTML markups have been removed.
*
* @param int $msg_code an integer constant identifying the error (HACK_ERROR, SQL_ERROR, GENERAL_ERROR)
* @param string $msg_text the error message text (optional, but recommended)
* @param string $msg_title the error message title (optional)
* @param int $err_line the line number of the file where the error occurred (optional, suggested value is __LINE__)
* @param string $err_line the path of file where the error occurred (optional, suggested value is __FILE__)
* @param string $sql the SQL query (optional, used only if msg_code is SQL_ERROR)
*
* @deprecated since 0.1
*/
function old_message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') {
global $db, $Utilisateur;
$sql_store = $sql;
if ($msg_code == HACK_ERROR && $Utilisateur[user_id] < 1000) {
die("You must be logged in to access to this resource.");
} elseif ($msg_code == HACK_ERROR) {
$title = "You aren't allowed to access this resource.";
$debug_text = $msg_text;
} elseif ($msg_code == SQL_ERROR) {
$title = "SQL error";
- $sql_error = $db->sql_error();
+ $sql_error = $db->error();
$debug_text = $msg_text;
if ($err_line != '' && $err_file != '') {
$debug_text .= ' in ' . $err_file. ', line ' . $err_line ;
}
if ($sql_error['message'] != '') {
$debug_text .= '<br />Error #' . $sql_error['code'] . ': ' . $sql_error['message'];
}
if ($sql_store != '') {
$debug_text .= "<br /><strong>$sql_store</strong>";
}
} elseif ($msg_code == GENERAL_ERROR) {
$title = $msg_title;
$debug_text = $msg_text;
if ($err_line && $err_file) {
$debug_text .= "<br />$err_file, line $err_line";
}
}
echo '<div id="fatal_error"><h2 class="fatal_error_title">';
echo $title;
echo '</h2><p class="fatal_error_message">';
echo $debug_text;
echo '</p></div';
die;
}
diff --git a/includes/geo/body.php b/includes/geo/body.php
index 5154a52..1436e31 100644
--- a/includes/geo/body.php
+++ b/includes/geo/body.php
@@ -1,194 +1,194 @@
<?php
/**
* Geo body class.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* A 3D grid of objects
*
* 0.1 2010-01-27 21:51 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Geo
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Geo body class
*/
class GeoBody {
public $code;
public $name;
public $hypership;
public $asteroid;
public $moon;
public $planet;
public $star;
public $orbital;
public $hidden;
public $location;
public $description;
public $lastError;
/**
* Initializes a new instance
*
* @param int $code the primary key
*/
function __construct ($code = null) {
if ($code) {
$this->code = $code;
$this->load_from_database();
}
}
/**
* Loads the object body (ie fill the properties) from the $_POST array
*
* @param bool $readBoolean if false, don't read any form item matching a boolean field to avoid to set it to false if there are absent from a form.
*/
function load_from_form ($readBoolean = true) {
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if ($readBoolean) {
if (array_key_exists('hypership', $_POST)) {
$this->hypership = $_POST['hypership'];
}
if (array_key_exists('star', $_POST)) {
$this->start = $_POST['star'];
}
if (array_key_exists('asteroid', $_POST)) {
$this->hypership = $_POST['asteroid'];
}
if (array_key_exists('moon', $_POST)) {
$this->start = $_POST['moon'];
}
if (array_key_exists('planet', $_POST)) {
$this->start = $_POST['planet'];
}
if (array_key_exists('orbital', $_POST)) {
$this->start = $_POST['orbital'];
}
if (array_key_exists('hidden', $_POST)) {
$this->start = $_POST['hidden'];
}
}
if (array_key_exists('location', $_POST)) {
$this->location = $_POST['location'];
}
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
}
}
/**
* Loads the object body (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
$sql = "SELECT * FROM " . TABLE_BODIES . " WHERE body_code = '" . $this->code . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query geo_bodies", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "body unknown: " . $this->code;
return false;
}
$this->name = $row['body_name'];
$this->location = $row['body_location'];
$this->description = $row['body_description'];
if ($row['body_status']) {
$flags = explode(',', $row['body_status']);
foreach ($flags as $flag) {
$this->$flag = true;
}
}
return true;
}
/**
* Gets the status field
*
* @return string the status field value (e.g. "asteroid,hidden")
*/
function getStatus () {
$flags = ['hypership','asteroid','moon','planet','star','orbital','hidden'];
foreach ($flags as $flag) {
if ($this->$flag) {
$status[] = $flag;
}
}
return implode(',', $status);
}
/**
* Gets the kind of place the body is (e.g. asteroid)
*
* @return string the kind of place
*/
function kind () {
//If a location can be described by 2 flags, order the relevant flags list
//by priority, as it'll return the first triggered.
//e.g. a moon converted in hypership will be "hypership" and not "moon".
$relevantFlags = ['hypership','asteroid','moon','planet','star','orbital'];
foreach ($relevantFlags as $flag) {
if ($this->$flag) {
return $flag;
}
}
return "";
}
/**
* Gets the name of the body, as a string representation of the object
*
* @return string the name of the body
*/
function __toString () {
return $this->name;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $code = $this->code ? "'" . $db->sql_escape($this->code) . "'" : 'NULL';
- $name = $db->sql_escape($this->name);
+ $code = $this->code ? "'" . $db->escape($this->code) . "'" : 'NULL';
+ $name = $db->escape($this->name);
$status = getStatus();
- $location = $db->sql_escape($this->location);
- $description = $db->sql_escape($this->description);
+ $location = $db->escape($this->location);
+ $description = $db->escape($this->description);
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_BODIES . " (`body_code`, `body_name`, `body_status`, `body_location`, `body_description`) VALUES ($code, '$name', '$status', '$location', '$description')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$code) {
//Gets new record code value
- $this->code = $db->sql_nextid();
+ $this->code = $db->nextId();
}
}
}
diff --git a/includes/geo/galaxy.php b/includes/geo/galaxy.php
index cc604ae..d85d438 100644
--- a/includes/geo/galaxy.php
+++ b/includes/geo/galaxy.php
@@ -1,60 +1,60 @@
<?php
/**
* Geo galaxy class.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* A 3D grid of objects
*
* 0.1 2010-02-08 14:02 Initial version [DcK]
* 0.2 2010-07-25 9:20 Spherical conversion, get objects
*
* @package Zed
* @subpackage Geo
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
use Hypership\Geo\Point3D;
/**
* Geo galaxy class
*/
class GeoGalaxy {
/*
* ----------------------------------------------------------------------- *
* Objects fetchers
* ----------------------------------------------------------------------- *
*/
/**
* Gets all the coordinates of the objects in the galaxy.
*
* @return array An array of array. Each item is [string object_name, string object_type, Point3D coordinates]
*/
static function getCoordinates () {
global $db;
$sql = "SELECT * FROM geo_coordinates";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't query geo_coordinates view.", '', __LINE__, __FILE__, $sql);
}
$objects = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
//Demios ship xyz: [-50, 30, 40]
//Kaos asteroid xyz: [150, -129, 10]
$objects[] = [$row[0], $row[1], Point3D::fromString($row[2])];
}
return $objects;
}
}
diff --git a/includes/geo/location.php b/includes/geo/location.php
index 9626797..e383a44 100644
--- a/includes/geo/location.php
+++ b/includes/geo/location.php
@@ -1,446 +1,446 @@
<?php
/**
* Geo location class.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-01-28 18:52 DcK
*
* @package Zed
* @subpackage Geo
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
use Hypership\Geo\Point3D;
require_once('body.php');
require_once('place.php');
require_once('includes/objects/ship.php');
/**
* Geo location class
*
* This class contains properties to get, set or compare a location and
* explore the geo classes linked to.
*
* It quickly allow to parse through the location classes in templates and
* controllers.
*
* @todo Initialize $point3D from $body or $ship own locations
* @todo Improve GeoLocation documentation (especially magic properties)
*/
class GeoLocation {
/**
* An array of strings containing location data.
*
* In the current class implementation,
* the first element is the global location
* and the second element is the local location.
*
* @var Array
*/
private $data;
/**
* A body object
*
* It contains a GeoBody value when the global location is a body
* ie if $this->data[0][0] == 'B'
*
* Otherwise, its value is null.
*
* @var GeoBody
*/
public $body = null;
/**
* A place object
*
* It contains a GeoPlacevalue when the global location is a place
* ie if $this->data[0][0] == 'B' && strlen($this->data[0]) == 9
*
* Otherwise, its value is null.
*
* @var GeoPlace
*/
public $place = null;
/**
* A point identified by x, y, z coordinates
*/
public Point3D|null $point3D = null;
/**
* A ship object
*
* It contains a Ship value when the global location is a ship
* ie if $this->data[0][0] == 'S'
*
* Otherwise, its value is null.
*
* @var Ship
*/
public $ship = null;
/**
* Initializes a new location instance
*
* @param string $global the global location
* @param string local the locallocation
*
* @todo Improve local location handling
*/
function __construct ($global = null, $local = null) {
if (!$global) {
$this->data = [];
} elseif (preg_match("/[BS][0-9]{5}[0-9]{3}/", $global)) {
$this->data[0] = $global;
} elseif (preg_match("/[BS][0-9]{5}/", $global)) {
$this->data[0] = $global;
} elseif (preg_match("/^xyz\:/", $global)) {
$coords = sscanf($global, "xyz: [%d, %d, %d]");
if (count($coords) == 3) {
$this->data[0] = $global;
} else {
throw new Exception("Invalid expression: $global");
}
} else {
global $db;
- $name = $db->sql_escape($global);
+ $name = $db->escape($global);
$sql = "SELECT location_code FROM " . TABLE_LOCATIONS . " WHERE location_name LIKE '$name'";
- $code = $db->sql_query_express($sql);
+ $code = $db->queryScalar($sql);
if ($code) {
$this->data[0] = $code;
return;
}
throw new Exception("Invalid expression: $global");
}
//TODO: handle $local in a better way: from the global location, gets
//a local location handler. Or a some inheritance, like a class
//HypershipGeoLocation extending GeoLocation.
if ($local !== null) {
$this->data[1] = $local;
}
$this->load_classes();
}
/**
* Gets $place, $body and $ship instances if they're needed
*/
function load_classes () {
//No data, no class to load
if (!count($this->data)) {
return;
}
//Loads global classes
$global = $this->data[0];
$code = substr($global, 1, 5);
switch ($global[0]) {
case 'B':
switch (strlen($global)) {
case 9:
$this->place = GeoPlace::from_code($global);
case 6:
$this->body = new GeoBody($code);
break;
}
break;
case 'S':
$this->ship = new Ship($code);
break;
case 'x':
$coords = sscanf($global, "xyz: [%f, %f, %f]");
if (count($coords) == 3) {
$this->point3D = new Point3D(...$coords);
}
break;
}
}
/**
* Magic method called when a unknown property is get.
*
* Handles $global, $local, $type, $body_code, $ship_code, $place_code,
* $body_kind, $containsGlobalLocation, $containsLocalLocation.
*/
function __get ($variable) {
switch ($variable) {
/* main variables */
case 'global':
return $this->data[0];
break;
case 'local':
return (count($this->data) > 1) ? $this->data[1] : null;
break;
/* global location */
case 'type':
return $this->data[0][0];
case 'body_code':
if ($this->data[0][0] == 'B') {
return substr($this->data[0], 1, 5);
}
return null;
case 'place_code':
if ($this->data[0][0] == 'B') {
return substr($this->data[0], 6, 3);
}
return null;
case 'ship_code':
if ($this->data[0][0] == 'S') {
return substr($this->data[0], 1, 5);
}
return null;
case 'body_kind':
if ($this->data[0][0] == 'B' && $this->body != null) {
if ($kind = $this->body->kind()) {
return $kind;
}
} elseif ($this->data[0][0] == 'S') {
return 'ship';
}
return 'place';
case 'containsGlobalLocation':
return count($this->data) > 0;
case 'containsLocalLocation':
return count($this->data) > 1;
default:
throw new Exception("Unknown variable: $variable");
break;
}
}
/**
* Checks if the place exists
*
* @return bool true if the place exists ; otherwise, false.
*
* @todo Handle alias
*/
function exists () {
$n = count($this->data);
//If not defined, it doesn't exist
if ($n == 0) {
return false;
}
//Checks global location
switch ($this->data[0][0]) {
case 'B':
switch (strlen($this->data[0])) {
case 9:
if (!$place = GeoPlace::from_code($this->data[0])) {
return false;
}
break;
case 6:
$body = new GeoBody(substr($this->data[0], 1));
if ($body->lastError) {
return false;
}
break;
default:
message_die(GENERAL_ERROR, "Invalid global location expression size: " . $this->data[0], "GeoLocation exists method", __LINE__, __FILE__);
}
break;
case 'S':
$ship = new Ship(substr($this->data[0], 1));
if ($body->lastError) {
return false;
}
break;
default:
message_die(GENERAL_ERROR, "Invalid global location expression size: " . $this->data[0], "GeoLocation exists method", __LINE__, __FILE__);
return false;
}
if ($n > 1) {
if (!isset($place)) {
message_die(GENERAL_ERROR, "Can't check if a local place exists for the following location: " . $this->data[0], "GeoLocation exists method", __LINE__, __FILE__);
}
if (!$place->is_valid_local_location($this->data[1])) {
return false;
}
}
return true;
}
/**
* Checks if the place is equals at the specified expression or place
*
* @return bool true if the places are equals ; otherwise, false.
*
* @todo Create a better set of rules to define when 2 locations are equal.
*/
function equals ($expression) {
//Are global location equals?
//TODO: create a better set of rules to define when 2 locations are equal.
if (is_a($expression, 'GeoLocation')) {
if (!$this->equals($expression->data[0])) {
return false;
}
if (count($expression->data) + count($this->data) > 2) {
return $expression->data[1] == $this->data[1];
}
}
if ($expression == $this->data[0]) {
return true;
}
$n1 = strlen($expression);
$n2 = strlen($this->data[0]);
if ($n1 > $n2) {
return substr($expression, 0, $n2) == $this->data[0];
}
return false;
}
/**
* Represents the current location instance as a string
*
* @return string a string representing the current location
*/
function __toString () {
if (!$this->data[0]) {
return "";
}
switch ($this->data[0][0]) {
case 'S':
$ship = new Ship($this->ship_code);
$location[] = $ship->name;
break;
case 'B':
$body = new GeoBody($this->body_code);
$location[] = $body->name ?: lang_get('UnknownBody');
if (strlen($this->data[0]) == 9) {
$place = GeoPlace::from_code($this->data[0]);
$location[] = $place->name ? $place->name : lang_get('UnknownPlace');
}
break;
case 'x':
$pt = $this->point3D->toSpherical();
return sprintf("(%d, %d°, %d°)", $pt[0], $pt[1], $pt[2]);
default:
message_die(GENERAL_ERROR, "Unknown location identifier: $type.<br />Expected: B or S.");
}
return implode(", ", array_reverse($location));
}
/**
* Magic method called when a unknown property is set.
*
* Handles $global, $local, $type, $body_code, $ship_code, $place_code
*/
function __set ($variable, $value) {
switch ($variable) {
/* main variables */
case 'global':
$this->data[0] = $value;
break;
case 'local':
$this->data[1] = $value;
break;
/* global location */
case 'type':
if ($value == 'B' || $value == 'S') {
if (!$this->data[0]) {
$this->data[0] = $value;
} else {
$this->data[0][0] = $value;
}
}
break;
case 'body_code':
if (preg_match("/[0-9]{1,5}/", $value)) {
$value = sprintf("%05d", $value);
if (!$this->data[0]) {
$this->data[0] = "B" . $value;
return;
} elseif ($this->data[0][0] == 'B') {
$this->data[0] = "B" . $value . substr($this->data[0], 6);
return;
}
throw new Exception("Global location isn't a body.");
}
throw new Exception("$value isn't a valid body code");
case 'ship_code':
if (preg_match("/[0-9]{1,5}/", $value)) {
$value = sprintf("%05d", $value);
if (!$this->data[0]) {
$this->data[0] = "S" . $value;
return;
} elseif ($this->data[0][0] == 'S') {
$this->data[0] = "S" . $value . substr($this->data[0], 6);
return;
}
throw new Exception("Global location isn't a ship.");
}
throw new Exception("$value isn't a valid ship code");
case 'place_code':
if (!preg_match("/[0-9]{1,3}/", $value)) {
throw new Exception("$value isn't a valid place code");
}
$value = sprintf("%03d", $value);
if ($this->data[0][0] == 'B') {
$this->data[0] = substr($this->data[0], 0, 6) . $value;
}
throw new Exception("Global location isn't a body.");
default:
throw new Exception("Unknown variable: $variable");
break;
}
}
}
diff --git a/includes/geo/place.php b/includes/geo/place.php
index 70025f2..e81c941 100644
--- a/includes/geo/place.php
+++ b/includes/geo/place.php
@@ -1,230 +1,230 @@
<?php
/**
* Geo place class.
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-01-28 01:48 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Geo
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Default local location format
*
* The local_location format is a PCRE regular expression
*
* By default, local_location format is an (x, y, z) expression
*/
define('LOCATION_LOCAL_DEFAULT_FORMAT', '/^\([0-9]+( )*,( )*[0-9]+( )*,( )*[0-9]+\)$/');
/**
* Geo place
*
* A place is a city or a hypership district.
*
* It's identified by a 9 chars geocode like B0001001.
* The 5 first chars indicates the body (class GeoBody) where the place is and
* the 3 last digits is the place number.
*
* This class maps the geo_places table.
*/
class GeoPlace {
public $id;
public $body_code;
public $code;
public $name;
public $description;
public $location_local_format;
public $start;
public $hidden;
/**
* Initializes a new instance
*
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Loads the object place (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('body_code', $_POST)) {
$this->body_code = $_POST['body_code'];
}
if (array_key_exists('code', $_POST)) {
$this->code = $_POST['code'];
}
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
}
if (array_key_exists('status', $_POST)) {
$this->status = $_POST['status'];
}
if (array_key_exists('location_local_format', $_POST)) {
$this->location_local_format = $_POST['location_local_format'];
}
}
/**
* Loads the object place (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
$sql = "SELECT * FROM " . TABLE_PLACES . " WHERE place_id = '" . $this->id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query geo_places", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "place unknown: " . $this->id;
return false;
}
$this->body_code = $row['body_code'];
$this->code = $row['place_code'];
$this->name = $row['place_name'];
$this->description = $row['place_description'];
$this->location_local_format = $row['location_local_format'];
//Explodes place_status SET field in boolean variables
if ($row['place_status']) {
$flags = explode(',', $row['place_status']);
foreach ($flags as $flag) {
$this->$flag = true;
}
}
return true;
}
/**
* Gets status field value
*
* @return string the status field value (e.g. "requiresPTA,default")
*/
function getStatus () {
$flags = ['start', 'hidden'];
foreach ($flags as $flag) {
if ($this->$flag == true) {
$status[] = $flag;
}
}
return implode(',', $status);
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $body_code = $db->sql_escape($this->body_code);
- $code = $db->sql_escape($this->code);
- $name = $db->sql_escape($this->name);
- $description = $db->sql_escape($this->description);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $body_code = $db->escape($this->body_code);
+ $code = $db->escape($this->code);
+ $name = $db->escape($this->name);
+ $description = $db->escape($this->description);
$status = $this->getStatus();
- $location_local_format = $db->sql_escape($this->location_local_format);
+ $location_local_format = $db->escape($this->location_local_format);
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_PLACES . " (`place_id`, `body_code`, `place_code`, `place_name`, `place_description`, `place_status`, `location_local_format`) VALUES ($id, '$body_code', '$code', '$name', '$description', '$status', '$location_local_format')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Determines if the specified local location looks valid
*
* @param string $local_location the local location
* @return boolean true if the specified local location looks valid ; otherwise, false.
*/
function is_valid_local_location ($local_location) {
$format = $this->location_local_format ?: LOCATION_LOCAL_DEFAULT_FORMAT;
return preg_match($format, $local_location) > 0;
}
/**
* Gets a string representation of the current place
*
* @return string A Bxxxxxyyy string like B00001001, which represents the current place.
*/
function __tostring () {
return 'B' . $this->body_code . $this->code;
}
/**
* Creates a Place instance, from the specified body/place code
*
* @param $code the place's code
* @return GeoPlace the place instance
*/
static function from_code ($code) {
global $db;
$sql = "SELECT * FROM " . TABLE_PLACES . " WHERE CONCAT('B', body_code, place_code) LIKE '$code'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query geo_places", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
return null;
}
$place = new GeoPlace();
$place->id = $row['place_id'];
$place->body_code = $row['body_code'];
$place->code = $row['place_code'];
$place->name = $row['place_name'];
$place->description = $row['place_description'];
$place->location_local_format = $row['location_local_format'];
//Explodes place_status SET field in boolean variables
if ($row['place_status']) {
$flags = explode(',', $row['place_status']);
foreach ($flags as $flag) {
$place->$flag = true;
}
}
return $place;
}
/**
* Gets a start location
*
* @return string The global location code of a start location
*
* @TODO sql optimisation (query contains ORDER BY RAND())
*/
static function get_start_location () {
global $db;
$sql = "SELECT CONCAT('B', body_code, place_code) FROM " . TABLE_PLACES . " WHERE FIND_IN_SET('start', place_status) > 0 ORDER BY rand() LIMIT 1";
- return $db->sql_query_express($sql);
+ return $db->queryScalar($sql);
}
}
diff --git a/includes/login.php b/includes/login.php
index 677f928..a541b11 100644
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,158 +1,158 @@
<?php
/**
* Login/logout
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage Keruald
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo Pick between DumbStore and FileStore and cleans the file accordingly.
*/
///
/// OpenID helper code
///
$useOpenID = isset($Config['OpenID']) && $Config['OpenID'];
if ($useOpenID) {
require_once('Auth/OpenID/Consumer.php');
require_once('Auth/OpenID/FileStore.php');
}
/**
* Gets an Auth_OpenID_Consumer instance
*
* @return Auth_OpenID_Consumer the instance
*/
function get_openid_consumer () {
if (!file_exists('/dev/urandom')) {
//We don't have a reliable source of random numbers
define('Auth_OpenID_RAND_SOURCE', null);
}
$fs = new Auth_OpenID_FileStore(CACHE_DIR . '/openid');
return new Auth_OpenID_Consumer($fs);
}
/**
* Logs in the user if the OpenID is recognized.
* Otherwise, sets an error message.
*
* @param string $url The OpenID URL
*/
function openid_login ($url) {
global $db, $_SESSION, $LoginError, $LoginSuccessful;
- $url = $db->sql_escape($url);
+ $url = $db->escape($url);
$sql = 'SELECT user_id FROM ' . TABLE_USERS_AUTH
. " WHERE auth_type = 'OpenID' AND auth_identity LIKE '$url'";
- if ($user_id = $db->sql_query_express($sql)) {
+ if ($user_id = $db->queryScalar($sql)) {
$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id LIKE '$_SESSION[ID]'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't update session table", '', __LINE__, __FILE__, $sql);
}
$LoginSuccessful = true;
setcookie("LastOpenID", $url, time() + 2592000);
header("location: " . get_url());
} else {
$LoginError = "Read the source to get an invite.";
}
}
///
/// Login procedural code
///
$action = isset($_GET['action']) ? $_GET['action'] : '';
if ($action == 'openid.login') {
//Gets Auth_OpenID_Consumer instance, completes the OpenID transaction
//and processes the result.
if (!$useOpenID()) {
header("Status: 403 Forbidden");
die("OpenID disabled.");
}
$consumer = get_openid_consumer();
$reply = $consumer->complete(get_server_url() . $_SERVER['REQUEST_URI']);
if ($reply->status == Auth_OpenID_SUCCESS) {
openid_login($reply->endpoint->claimed_id);
} elseif ($reply->message) {
//TODO: $reply->message could be rather long and won't fit in the UI
//space. You can wish to add code to print $LoginError elsewhere if
//too long.
$LoginError = "[OpenID] $reply->message";
} else {
$LoginError = "[OpenID] $reply->status";
}
} elseif (isset($_POST['LogIn'])) {
//User have filled login form
if ($_POST['openid'] && $useOpenID) {
//Gets Auth_OpenID_Consumer instance
$consumer = get_openid_consumer();
//Starts the OpenID transaction and redirects user to provider url
if ($request = $consumer->begin($_POST['openid'])) {
$url = $request->redirectURL(get_server_url(), "$Config[SiteURL]/?action=openid.login", false);
header("location: $url");
$LoginError = '<a href="' . $url . '">Click here to continue login</a>';
} else {
$LoginError = 'Invalid OpenID URL.';
}
} else {
//Login
//Authentications way, the user/password in last.
//OpenID is handled by a separate logic.
$Login = $_POST['username'];
$authentications = [];
if ($useYubiCloud = array_key_exists('YubiCloud', $Config) ) {
$authentications[] = new YubiCloudAuthentication($_POST['password'], $Login);
}
if ($Login) {
$authentications[] = new UserPasswordAuthentication($Login, $_POST['password']);
}
$loginSuccessful = false;
foreach ($authentications as $authentication) {
if ($authentication->isValid()) {
$loginSuccessful = true;
//Logs in user
login($authentication->getUserID(), $Login);
} else {
$loginError = $authentication->getError();
}
if (!$authentication->canTryNextAuthenticationMethod()) {
break;
}
}
//Tests if the password wouldn't match an invite code
//If so, redirects people using login page as invitation claim page
if (!$LoginSuccessful) {
- $code = $db->sql_escape($_POST['password']);
+ $code = $db->escape($_POST['password']);
$sql = "SELECT * FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$code'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get invites", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
$url = get_url('invite', $_POST['password']);
header('location: ' . $url);
}
}
}
} elseif (isset($_POST['LogOut']) || $action == "user.logout") {
Logout();
}
diff --git a/includes/objects/application.php b/includes/objects/application.php
index 47f246d..99883d9 100644
--- a/includes/objects/application.php
+++ b/includes/objects/application.php
@@ -1,190 +1,190 @@
<?php
/**
* Application class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-02-10 02:40 Autogenerated by Pluton Scaffolding
* Some API bits
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
require_once('perso.php');
/**
* Application class
*
* This class maps the Application table.
*
* This class also provides methods application API helper methods, to generate
* an application user key or to gets the perso ID from such a key.
*/
class Application {
public $id;
public $code;
public $name;
public $api_key;
public $description;
/**
* Initializes a new instance
*
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Loads the object Application (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('code', $_POST)) {
$this->code = $_POST['code'];
}
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if (array_key_exists('api_key', $_POST)) {
$this->api_key = $_POST['api_key'];
}
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
}
}
/**
* Loads the object Application (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM applications WHERE application_id = '" . $id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query applications", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Application unknown: " . $this->id;
return false;
}
$this->code = $row['application_code'];
$this->name = $row['application_name'];
$this->api_key = $row['api_key'];
$this->description = $row['application_description'];
return true;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $code = $db->sql_escape($this->code);
- $name = $db->sql_escape($this->name);
- $api_key = $db->sql_escape($this->api_key);
- $description = $db->sql_escape($this->description);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $code = $db->escape($this->code);
+ $name = $db->escape($this->name);
+ $api_key = $db->escape($this->api_key);
+ $description = $db->escape($this->description);
//Updates or inserts
$sql = "REPLACE INTO applications (`application_id`, `application_code`, `application_name`, `api_key`, `application_description`) VALUES ($id, '$code', '$name', '$api_key', '$description')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/*
* ----------------------------------------------------------------------- *
* Application API methods
* ----------------------------------------------------------------------- *
*/
/**
* Loads an Application object from its API key
*
* @param string Application API key GUID
* @return Application the application matching the API key
*/
static function from_api_key ($key) {
global $db;
- $key = $db->sql_escape($key);
+ $key = $db->escape($key);
$sql = "SELECT * FROM applications WHERE api_key = '" . $key . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query applications", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
return null;
}
//Fills app information
$app = new Application();
$app->id = $row['application_id'];
$app->code = $row['application_code'];
$app->name = $row['application_name'];
$app->api_key = $row['api_key'];
$app->description = $row['application_description'];
return $app;
}
/**
* Gets the perso ID from an application user key
*
* @param string $userkey User application key GUID
* @return int the perso ID
*/
function get_perso_id ($userkey) {
global $db;
- $id = $db->sql_escape($this->id);
- $userkey = $db->sql_escape($userkey);
+ $id = $db->escape($this->id);
+ $userkey = $db->escape($userkey);
$sql = "SELECT perso_id FROM applications_userkeys WHERE api_userkey = '$userkey' AND application_id = '$id'";
- return $db->sql_query_express($sql);
+ return $db->queryScalar($sql);
}
/**
* Generates a key for the specified perso and current application.
*
* @param int $perso_id The perso ID
* @param string $userkey User application key GUID (optional)
* @return Application User application key GUID
*/
function generate_userkey ($perso_id = null, $userkey = null) {
global $CurrentPerso;
//Ensures we've a key and someone to be assigned it
if ($userkey === null) {
$userkey = new_guid();
}
$perso = ($perso_id === null) ? $CurrentPerso : Perso::get($perso_id);
//Saves key
$perso->set_flag('api.app.keys.' . $this->id, $userkey);
//Returns it
return $userkey;
}
}
diff --git a/includes/objects/content.php b/includes/objects/content.php
index 9479600..9baaed5 100644
--- a/includes/objects/content.php
+++ b/includes/objects/content.php
@@ -1,323 +1,323 @@
<?php
/**
* Content class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-02-24 15:57 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @deprecated
*/
/**
* Content class
*
* This class maps the content view.
*
* This view shows the content_files and content_locations tables.
*
* This class also provides helper methods, to handle files, generate thumbnails
* or get local content from a specific location.
*
* [DESIGN BY CONTRACT] This class works only with the following assertions:
* i. Each content have EXACTLY ONE location
* ii. Location fields will not be modified
*
* If a content have more than one location, only the first occurrence in
* content_locations table will be considered.
*
* If a content have no location, it will be ignored.
*
* If you edit content location, then call saveToDatabase, you will create
* a new location but future instances will contain first not deleted location.
*
* @todo remove dbc temporary limitations (cf. /do.php upload_content and infra)
* @todo create a class ContentLocation and move location fields there
* @todo validate SQL schema and add in config.php TABLE_CONTENT tables
*
* @deprecated
*/
class Content {
/* -------------------------------------------------------------
Properties
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
public $id;
public $path;
public $user_id;
public $perso_id;
public $title;
public $location_global = null;
public $location_local = null;
public $location_k = null;
public $perso_name;
public $perso_nickname;
/* -------------------------------------------------------------
Constructor, __toString
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Initializes a new Content instance
*
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Returns a string representation of current Content instance
*
* @return string the content title or path if title is blank.
*/
function __toString () {
return $this->title ?: $this->path;
}
/* -------------------------------------------------------------
Load/save class
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Loads the object Content (ie fill the properties) from the $_POST array
*
* @param boolean $allowSensibleFields if false, allow only location_local, location_k and title to be defined ; otherwise, allow all fields.
*/
function load_from_form ($allowSensibleFields = false) {
if (array_key_exists('title', $_POST)) {
$this->title = $_POST['title'];
}
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
}
if (array_key_exists('location_k', $_POST)) {
$this->location_k = $_POST['location_k'];
}
if ($allowSensibleFields) {
if (array_key_exists('path', $_POST)) {
$this->path = $_POST['path'];
}
if (array_key_exists('user_id', $_POST)) {
$this->user_id = $_POST['user_id'];
}
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
}
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
}
}
}
/**
* Loads the object Content (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM content WHERE content_id = '" . $id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query content", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Content unknown: " . $this->id;
return false;
}
$this->load_from_row($row);
return true;
}
/**
* Loads the object from row
*/
function load_from_row ($row) {
$this->id = $row['content_id'];
$this->path = $row['content_path'];
$this->user_id = $row['user_id'];
$this->perso_id = $row['perso_id'];
$this->title = $row['content_title'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->location_k = $row['location_k'];
if (array_key_exists('perso_name', $row)) {
$this->perso_name = $row['perso_name'];
}
if (array_key_exists('perso_nickname', $row)) {
$this->perso_nickname = $row['perso_nickname'];
}
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $path = $db->sql_escape($this->path);
- $user_id = $db->sql_escape($this->user_id);
- $perso_id = $db->sql_escape($this->perso_id);
- $title = $db->sql_escape($this->title);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $path = $db->escape($this->path);
+ $user_id = $db->escape($this->user_id);
+ $perso_id = $db->escape($this->perso_id);
+ $title = $db->escape($this->title);
- $location_global = ($this->location_global !== null) ? "'" . $db->sql_escape($this->location_global) . "'" : 'NULL';
- $location_local = ($this->location_local !== null) ? "'" . $db->sql_escape($this->location_local) . "'" : 'NULL';
- $location_k = ($this->location_k !== null) ? "'" . $db->sql_escape($this->location_k) . "'" : 'NULL';
+ $location_global = ($this->location_global !== null) ? "'" . $db->escape($this->location_global) . "'" : 'NULL';
+ $location_local = ($this->location_local !== null) ? "'" . $db->escape($this->location_local) . "'" : 'NULL';
+ $location_k = ($this->location_k !== null) ? "'" . $db->escape($this->location_k) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO content_files (`content_id`, `content_path`, `user_id`, `perso_id`, `content_title`) VALUES ($id, '$path', '$user_id', '$perso_id', '$title')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save content", '', __LINE__, __FILE__, $sql);
}
if (!$this->id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
//Saves location
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
$sql = "REPLACE INTO content_locations (location_global, location_local, location_k, content_id) VALUES ($location_global, $location_local, $location_k, $id)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save content location", '', __LINE__, __FILE__, $sql);
}
}
/* -------------------------------------------------------------
File handling helper methods
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Determines if the extension is valid
*
* @param string $ext The extension (without dot)
* @return boolean true if this extension is valid ; otherwise, false.
*/
function is_valid_extension ($ext) {
switch ($ext = strtolower($ext)) {
//Pictures
case 'jpg':
case 'gif':
case 'png':
case 'bmp':
case 'xbm':
return true;
//Denied extension
default:
return false;
}
}
/**
* Creates a directory
*
* @param string $dir the directory to create
*/
function create_directory ($directory) {
if (!file_exists($directory)) {
@mkdir($directory); //Creates new directory, chmod 777
}
}
/**
* Handles uploaded file
*
* @return bool true if the file have been handled
*/
function handle_uploaded_file ($fileArray) {
if (count($fileArray) && $fileArray['error'] == 0) {
$this->create_directory("content/users/$this->user_id");
$this->path = "content/users/$this->user_id/$fileArray[name]";
if (!self::is_valid_extension(get_extension($fileArray[name]))) {
return false;
}
if (move_uploaded_file($fileArray['tmp_name'], $this->path)) {
return true;
} else {
$this->path = null;
return false;
}
} else {
return false;
}
}
/**
* Generates a thumbnail using ImageMagick binary
*
* @return boolean true if the thumbnail command returns 0 as program exit code ; otherwise, false
*/
function generate_thumbnail () {
global $Config;
//Builds thumbnail filename
$sourceFile = $this->path;
$pos = strrpos($this->path, '.');
$thumbnailFile = substr($sourceFile, 0, $pos) . 'Square' . substr($sourceFile, $pos);
//Executes imagemagick command
$command = $Config['ImageMagick']['convert'] . " \"$sourceFile\" -resize 162x162 \"$thumbnailFile\"";
@system($command, $code);
//Returns true if the command have exited with errorcode 0 (= ok)
return ($code == 0);
}
/* -------------------------------------------------------------
Gets content
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/**
* Gets content at specified location
*
* @param string $location_global global content location
* @param string $location_local local content location
* @return Array array of Content instances
*/
static function get_local_content ($location_global, $location_local) {
global $db;
//Get contents at this location
- $location_global = $db->sql_escape($location_global);
- $location_local = $db->sql_escape($location_local);
+ $location_global = $db->escape($location_global);
+ $location_local = $db->escape($location_local);
$sql = "SELECT c.*, p.perso_nickname, p.perso_name FROM content c, persos p WHERE c.location_global = '$location_global' AND c.location_local = '$location_local' AND p.perso_id = c.perso_id ORDER BY location_k ASC";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get content", '', __LINE__, __FILE__, $sql);
}
//Fills content array
$contents = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$content = new Content();
$content->load_from_row($row);
$contents[] = $content;
}
return $contents;
}
}
diff --git a/includes/objects/invite.php b/includes/objects/invite.php
index b3c8dc9..f6b40ff 100644
--- a/includes/objects/invite.php
+++ b/includes/objects/invite.php
@@ -1,197 +1,197 @@
<?php
/**
* User invite class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-06-29 02:13 Initial version [DcK]
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* User invite class
*
* This class maps the users_invites table.
*/
class Invite {
public $code;
public $date;
public $from_user_id;
public $from_perso_id;
/**
* The user_id who have been claimed the invite
* Will be NULL as long as the invite haven't been claimed
*
* @var int
*/
public $to_user_id = null;
/**
* Initializes a new instance
*
* @param int $code the primary key
*/
function __construct ($code = null) {
if ($code) {
$this->code = $code;
$this->load_from_database();
} else {
//New invite code
$this->generate_code();
$this->date = time();
}
}
/**
* Generates a unique invite code and sets it in the code property.
*/
function generate_code () {
global $db;
do {
$this->code = generate_random_string("AAA111");
$sql = "SELECT COUNT(*) FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$this->code' LOCK IN SHARE MODE;";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
} while ($row[0]);
}
/**
* Loads the object Invite (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $code = $db->sql_escape($this->code);
+ $code = $db->escape($this->code);
$sql = "SELECT * FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '" . $code . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query invite codes", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Invite code unknown: " . $this->code;
return false;
}
$this->code = $row['invite_code'];
$this->date = $row['invite_date'];
$this->from_user_id = $row['invite_from_user_id'];
$this->from_perso_id = $row['invite_from_perso_id'];
$this->to_user_id = $row['invite_to_user_id'];
return true;
}
/**
* Determines whether the current invite code have been claimed by an user.
*
* @return true if the code have been claimed ; otherwise, false.
*/
function is_claimed () {
return (bool)$this->to_user_id;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $code = $db->sql_escape($this->code);
- $date = $db->sql_escape($this->date);
- $from_user_id = $db->sql_escape($this->from_user_id);
- $from_perso_id = $db->sql_escape($this->from_perso_id);
- $to_user_id = $this->to_user_id ? "'" . $db->sql_escape($this->to_user_id) . "'" : 'NULL';
+ $code = $db->escape($this->code);
+ $date = $db->escape($this->date);
+ $from_user_id = $db->escape($this->from_user_id);
+ $from_perso_id = $db->escape($this->from_perso_id);
+ $to_user_id = $this->to_user_id ? "'" . $db->escape($this->to_user_id) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_USERS_INVITES . " (`invite_code`, `invite_date`, `invite_from_user_id`, `invite_from_perso_id`, `invite_to_user_id`) VALUES ('$code', '$date', '$from_user_id', '$from_perso_id', $to_user_id)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save invite code", '', __LINE__, __FILE__, $sql);
}
}
/**
* Deletes the invite
*/
function delete () {
global $db;
- $code = $db->sql_escape($this->code);
+ $code = $db->escape($this->code);
$sql = "DELETE FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$code'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save delete code", '', __LINE__, __FILE__, $sql);
}
}
/**
* Creates an invite code
*
* @param int $user_id user id
* @param int $perso_id perso id
* @return string the invite code
*/
static function create ($user_id, $perso_id) {
$invite = new Invite();
$invite->from_perso_id = $perso_id;
$invite->from_user_id = $user_id;
$invite->save_to_database();
return $invite->code;
}
/**
* Gets invites generated by the specified perso ID
*
* @param int $perso_id the perso whom to get the invites
* @return Array an array of string, each line being an invite code
*/
static function get_invites_from ($perso_id) {
global $db;
$sql = "SELECT invite_code FROM " . TABLE_USERS_INVITES
. " WHERE invite_from_perso_id = $perso_id AND invite_to_user_id IS NULL ORDER BY invite_date ASC";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
}
$codes = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$codes[] = $row['invite_code'];
}
return $codes;
}
/**
* Gets the perso ID who invited the specified perso
*
* @param int $perso_id the perso whom to get the invites
* @return int|null the perso whom to get the invites ; or null, if nobody have invited him
*/
static function who_invited ($perso_id) {
global $db;
$perso = Perso::get($perso_id);
if ($user_id = $perso->user_id) {
$sql = "SELECT invite_from_perso_id FROM " . TABLE_USERS_INVITES . " WHERE invite_to_user_id = '$user_id'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
return $row[0];
}
}
return null;
}
}
diff --git a/includes/objects/message.php b/includes/objects/message.php
index 169dcf1..6b1c1f5 100644
--- a/includes/objects/message.php
+++ b/includes/objects/message.php
@@ -1,168 +1,168 @@
<?php
/**
* Message class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-01-28 01:47 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Message class
*
* This class maps the messages table.
*
* It also provides a static method to get perso's messages.
*/
class Message {
public $id;
public $date;
public $from;
public $to;
public $text;
public $flag;
/**
* Initializes a new instance
*
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
} else {
$this->date = time();
$this->flag = 0; //unread
}
}
/**
* Loads the object Message (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
}
if (array_key_exists('from', $_POST)) {
$this->from = $_POST['from'];
}
if (array_key_exists('to', $_POST)) {
$this->to = $_POST['to'];
}
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
}
if (array_key_exists('flag', $_POST)) {
$this->flag = $_POST['flag'];
}
}
/**
* Loads the object Message (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
$sql = "SELECT * FROM messages WHERE message_id = '" . $this->id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query messages", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Message unknown: " . $this->id;
return false;
}
$this->date = $row['message_date'];
$this->from = $row['message_from'];
$this->to = $row['message_to'];
$this->text = $row['message_text'];
$this->flag = $row['message_flag'];
return true;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $date = $db->sql_escape($this->date);
- $from = $db->sql_escape($this->from);
- $to = $db->sql_escape($this->to);
- $text = $db->sql_escape($this->text);
- $flag = $db->sql_escape($this->flag);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $date = $db->escape($this->date);
+ $from = $db->escape($this->from);
+ $to = $db->escape($this->to);
+ $text = $db->escape($this->text);
+ $flag = $db->escape($this->flag);
//Updates or inserts
$sql = "REPLACE INTO messages (`message_id`, `message_date`, `message_from`, `message_to`, `message_text`, `message_flag`) VALUES ($id, '$date', '$from', '$to', '$text', '$flag')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Sends the message
*/
function send () {
$this->save_to_database();
//TODO: triggers new message notifier
}
/**
* Deletes the message
*/
function delete () {
//A message is deleted if its flag value is 2
if ($this->flag != 2) {
$this->flag = 2;
$this->save_to_database();
}
}
/**
* Gets messages from the specified perso
*/
static function get_messages ($perso_id, $mark_as_read = true, &$countNewMessages = 0) {
global $db;
$ids = [];
- $sql = "SELECT message_id FROM " . TABLE_MESSAGES . " WHERE message_to = " . $db->sql_escape($perso_id) . " AND message_flag < 2 ORDER BY message_id DESC";
- if (!$result = $db->sql_query($sql)) {
+ $sql = "SELECT message_id FROM " . TABLE_MESSAGES . " WHERE message_to = " . $db->escape($perso_id) . " AND message_flag < 2 ORDER BY message_id DESC";
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get messages", '', __LINE__, __FILE__, $sql);
}
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$message = new Message($row[0]);
$messages[] = $message;
$ids[] = $message->id;
if ($message->flag == 0) {
//New message
$countNewMessages++;
}
}
if ($mark_as_read && count($ids)) {
$ids = join(', ', $ids);
$sql = "UPDATE " . TABLE_MESSAGES . " SET message_flag = '1' WHERE message_id IN ($ids)";
- $db->sql_query($sql);
+ $db->query($sql);
}
return $messages;
}
}
diff --git a/includes/objects/motd.php b/includes/objects/motd.php
index e33a565..3684b2f 100644
--- a/includes/objects/motd.php
+++ b/includes/objects/motd.php
@@ -1,101 +1,101 @@
<?php
/**
* MOTD class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-02-03 21:11 Import from Azhàr code
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* MOTD class
*
* This class maps the motd table.
*/
class MOTD {
public $id;
public $perso_id;
public $text;
public $date;
/**
* Initializes a new instance of a MOTD object
*
* @param int $id The MOTD ID
*/
function __construct ($id = '') {
if ($id) {
$this->id = $id;
return $this->load_from_database();
} else {
$this->date = time();
return true;
}
}
/**
* Loads the object MOTD (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('perso_id', $_POST)) {
$this->user_id = $_POST['user_id'];
}
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
}
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
}
}
/**
* Loads the object MOTD (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_MOTD . " WHERE motd_id = '" . $id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_motd", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "MOTD unknown: " . $this->id;
return false;
}
$this->perso_id = $row['perso_id'];
$this->text = $row['motd_text'];
$this->date = $row['motd_date'];
return true;
}
/**
* Saves the object to the database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $perso_id = $db->sql_escape($this->perso_id);
- $text = $db->sql_escape($this->text);
- $date = $db->sql_escape($this->date);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $perso_id = $db->escape($this->perso_id);
+ $text = $db->escape($this->text);
+ $date = $db->escape($this->date);
$sql = "REPLACE INTO " . TABLE_MOTD . " (`motd_id`, `perso_id`, `motd_text`, `motd_date`) VALUES ($id, '$perso_id', '$text', '$date')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
}
}
diff --git a/includes/objects/perso.php b/includes/objects/perso.php
index 1dd6e03..ada9027 100644
--- a/includes/objects/perso.php
+++ b/includes/objects/perso.php
@@ -1,610 +1,610 @@
<?php
/**
* Perso class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-01-27 00:39 Autogenerated by Pluton Scaffolding
* 0.2 2010-01-29 14:39 Adding flags support
* 0.3 2010-02-06 17:50 Adding static perso hashtable
* 0.4 2012-07-04 11:37 Refactoring: moving code from index.php
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010, 2012 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
require_once("includes/geo/location.php");
/**
* Perso class
*
* This class maps the persos table.
*
* The class also provides methods
* to move or locate a perso,
* to gets and sets perso's flags and notes (tables persos_flags and persos_notes),
* to gets user's perso or check if a perso is online,
* to handle on select and logout events.
*
*/
class Perso {
public $id;
public $user_id;
public $name;
public $nickname;
public $race;
public $sex;
public $avatar;
public $location_global;
public $location_local;
public $flags;
public $lastError;
public static $hashtable_id = [];
public static $hashtable_name = [];
/**
* Initializes a new instance
*
* @param mixed $data perso ID or nickname
*/
function __construct ($data = null) {
if ($data) {
if (is_numeric($data)) {
$this->id = $data;
} else {
$this->nickname = $data;
}
if (!$this->load_from_database()) {
message_die(GENERAL_ERROR, $this->lastError, "Can't authenticate perso");
}
} else {
$this->generate_id();
}
}
/**
* Initializes a new Perso instance if needed or get already available one.
*
* @param mixed $data perso ID or nickname
* @return Perso the perso instance
*/
static function get ($data = null) : Perso {
if ($data) {
//Checks in the hashtables if we already have loaded this instance
if (is_numeric($data)) {
if (array_key_exists($data, Perso::$hashtable_id)) {
return Perso::$hashtable_id[$data];
}
} else {
if (array_key_exists($data, Perso::$hashtable_name)) {
return Perso::$hashtable_name[$data];
}
}
}
return new Perso($data);
}
/**
* Loads the object Perso (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('user_id', $_POST)) {
$this->user_id = $_POST['user_id'];
}
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if (array_key_exists('nickname', $_POST)) {
$this->nickname = $_POST['nickname'];
}
if (array_key_exists('race', $_POST)) {
$this->race = $_POST['race'];
}
if (array_key_exists('sex', $_POST)) {
$this->sex = $_POST['sex'];
}
if (array_key_exists('avatar', $_POST)) {
$this->avatar = $_POST['avatar'];
}
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
}
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
}
}
/**
* Loads the object Perso (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
//Gets perso
$sql = "SELECT * FROM " . TABLE_PERSOS;
if ($this->id) {
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql .= " WHERE perso_id = '" . $id . "'";
} else {
- $nickname = $db->sql_escape($this->nickname);
+ $nickname = $db->escape($this->nickname);
$sql .= " WHERE perso_nickname = '" . $nickname . "'";
}
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query persos", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Perso unknown: " . $this->id;
return false;
}
$this->id = $row['perso_id'];
$this->user_id = $row['user_id'];
$this->name = $row['perso_name'];
$this->nickname = $row['perso_nickname'];
$this->race = $row['perso_race'];
$this->sex = $row['perso_sex'];
$this->avatar = $row['perso_avatar'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
//Gets flags
$sql = "SELECT flag_key, flag_value FROM " . TABLE_PERSOS_FLAGS .
" WHERE perso_id = $this->id";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get flags", '', __LINE__, __FILE__, $sql);
}
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$this->flags[$row["flag_key"]] = $row["flag_value"];
}
//Gets location
$this->location = new GeoLocation(
$this->location_global,
$this->location_local
);
//Puts object in hashtables
Perso::$hashtable_id[$this->id] = $this;
Perso::$hashtable_name[$this->nickname] = $this;
return true;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $user_id = $db->sql_escape($this->user_id);
- $name = $db->sql_escape($this->name);
- $nickname = $db->sql_escape($this->nickname);
- $race = $db->sql_escape($this->race);
- $sex = $db->sql_escape($this->sex);
- $avatar = $db->sql_escape($this->avatar);
- $location_global = $this->location_global ? "'" . $db->sql_escape($this->location_global) . "'" : 'NULL';
- $location_local = $this->location_local ? "'" . $db->sql_escape($this->location_local) . "'" : 'NULL';
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $user_id = $db->escape($this->user_id);
+ $name = $db->escape($this->name);
+ $nickname = $db->escape($this->nickname);
+ $race = $db->escape($this->race);
+ $sex = $db->escape($this->sex);
+ $avatar = $db->escape($this->avatar);
+ $location_global = $this->location_global ? "'" . $db->escape($this->location_global) . "'" : 'NULL';
+ $location_local = $this->location_local ? "'" . $db->escape($this->location_local) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_PERSOS . " (`perso_id`, `user_id`, `perso_name`, `perso_nickname`, `perso_race`, `perso_sex`, `perso_avatar`, `location_global`, `location_local`) VALUES ($id, '$user_id', '$name', '$nickname', '$race', '$sex', '$avatar', $location_global, $location_local)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Updates the specified field in the database record
*
* @param string $field The field to save
*/
function save_field ($field) {
global $db;
if (!$this->id) {
message_die(GENERAL_ERROR, "You're trying to update a perso record not yet saved in the database: $field");
}
- $id = $db->sql_escape($this->id);
- $value = $db->sql_escape($this->$field);
+ $id = $db->escape($this->id);
+ $value = $db->escape($this->$field);
$sql = "UPDATE " . TABLE_PERSOS . " SET `$field` = '$value' WHERE perso_id = '$id'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
}
}
/**
* Gets perso location
*
* @return string The location names
*/
public function where () {
return $this->location->__toString();
}
/**
* Moves the perso to a new location
*
* @param string $global the global target location
* @param string $global the local target location
*/
public function move_to ($global = null, $local = null) {
//Sets global location
if ($global != null) {
$this->location_global = $global;
}
//Sets local location
if ($local != null) {
$this->location_local = $local;
}
//Updates database record
if ($global != null && $local != null) {
global $db;
- $perso_id = $db->sql_escape($this->id);
- $g = $db->sql_escape($this->location_global);
- $l = $db->sql_escape($this->location_local);
+ $perso_id = $db->escape($this->id);
+ $g = $db->escape($this->location_global);
+ $l = $db->escape($this->location_local);
$sql = "UPDATE " . TABLE_PERSOS .
" SET location_global = '$g', location_local = '$l'" .
" WHERE perso_id = '$perso_id'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save new $global $local location.", '', __LINE__, __FILE__, $sql);
}
} elseif ($global != null) {
$this->save_field('location_global');
} elseif ($local != null) {
$this->save_field('location_local');
}
//Updates location member
$this->location = new GeoLocation(
$this->location_global,
$this->location_local
);
}
/**
* Gets the specified flag value
*
* @param string $key flag key
* @param mixed $defaultValue default value if the flag doesn't exist
* @return mixed the flag value (string) or null if not existing
*/
public function get_flag ($key, $defaultValue = null) {
return $this->flag_exists($key) ? $this->flags[$key] : $defaultValue;
}
/**
* Determines if the specified flag exists
*
* @param string $key the flag key to check
* @return boolean true if the specified flag exists ; otherwise, false.
*/
public function flag_exists ($key) {
return array_key_exists($key, $this->flags);
}
/**
* Sets the specified flag
*
* @param string $key flag key
* @param string $value flag value (optional, default value: 1)
*/
public function set_flag ($key, $value = 1) {
//Checks if flag isn't already set at this value
if ($this->flags != null && array_key_exists($key, $this->flags) && $this->flags[$key] === $value) {
return;
}
//Saves flag to database
global $db;
- $id = $db->sql_escape($this->id);
- $key = $db->sql_escape($key);
- $value = $db->sql_escape($value);
+ $id = $db->escape($this->id);
+ $key = $db->escape($key);
+ $value = $db->escape($value);
$sql = "REPLACE " . TABLE_PERSOS_FLAGS . " SET perso_id = '$id', flag_key = '$key', flag_value = '$value'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save flag", '', __LINE__, __FILE__, $sql);
}
//Sets flag in this perso instance
$this->flags[$key] = $value;
}
/**
* Deletes the specified flag
*
* @param string $key flag key
*/
public function delete_flag ($key) {
global $db;
if (!array_key_exists($key, $this->flags)) {
return;
}
- $id = $db->sql_escape($this->id);
- $key = $db->sql_escape($key);
+ $id = $db->escape($this->id);
+ $key = $db->escape($key);
$sql = "DELETE FROM " . TABLE_PERSOS_FLAGS .
" WHERE flag_key = '$key' AND perso_id = '$id' LIMIT 1";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete flag", '', __LINE__, __FILE__, $sql);
}
}
/**
* Ensures the current perso have the specified flag or exits.
*
*
* @param string $flag the flag to assert
* @param int $threshold value the flags must strictly be greater than (optional, the default value is 0)
*
* Example:
* <code>
* $perso->set_flag('quux.foo', 1);
* //The perso wants to read quux, which we allow with the flag quux.foo
* $perso->request_flag('quux.foo'); //will be okay
*
* //The perso wants also to write quux, which we all allow if quux.foo = 2
* //The threshold will so be 1, as 2 > 1
* $perso->request_flag('quux.foo', 1); //Will exits, with a "You don't have quux.foo permission" message
* </code>
*/
public function request_flag ($flag, $threshold = 0) {
if (!array_key_exists($flag, $this->flags) || $this->flags[$flag] <= $threshold) {
message_die(HACK_ERROR, "You don't have $flag permission.", "Permissions");
}
}
/**
* Gets the specified note
*
* @param string $code the note code
* @return string the note content
*/
public function get_note ($code) {
global $db;
- $id = $db->sql_escape($this->id);
- $code = $db->sql_escape($code);
+ $id = $db->escape($this->id);
+ $code = $db->escape($code);
$sql = "SELECT note_text FROM " . TABLE_PERSOS_NOTES . " WHERE perso_id = '$id' AND note_code LIKE '$code'";
- return $db->sql_query_express($sql);
+ return $db->queryScalar($sql);
}
/**
* Sets the specified note
*
* @param string $code the note code
* @param string $text the note content
*/
public function set_note ($code, $text) {
global $db;
- $id = $db->sql_escape($this->id);
- $code = $db->sql_escape($code);
- $text = $db->sql_escape($text);
+ $id = $db->escape($this->id);
+ $code = $db->escape($code);
+ $text = $db->escape($text);
$sql = "REPLACE INTO " . TABLE_PERSOS_NOTES . " (perso_id, note_code, note_text) VALUES ('$id', '$code', '$text')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't save note", '', __LINE__, __FILE__, $sql);
}
}
/**
* Counts the amount of notes the perso have saved
*
* @return int the amount of notes assigned to the this perso
*/
public function count_notes () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS_NOTES . " WHERE perso_id = '$id'";
- return $db->sql_query_express($sql);
+ return $db->queryScalar($sql);
}
/*
* Determines if the specified ID is available
*
* @param integer $id The perso ID to check
* @return boolean true if the specified ID is available ; otherwise, false
*/
public static function is_available_id ($id) {
global $db;
$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE perso_id = $id LOCK IN SHARE MODE";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access users table", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return ($row[0] == 0);
}
/**
* Generates a unique ID for the current object
*/
private function generate_id () {
do {
$this->id = rand(2001, 5999);
} while (!Perso::is_available_id($this->id));
}
/**
* Checks if the nickname is available
*
* @param string $nickname the nickname to check
*/
public static function is_available_nickname ($nickname) {
global $db;
- $nickname = $db->sql_escape($nickname);
+ $nickname = $db->escape($nickname);
$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE perso_nickname LIKE '$nickname' LOCK IN SHARE MODE;";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return ($row[0] == 0);
}
/**
* Counts the perso a user have
*
* @param int user_id the user ID
* @return int the user's perso count
*/
public static function get_persos_count ($user_id) : int {
global $db;
$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE user_id = $user_id";
- return (int)$db->sql_query_express($sql);
+ return (int)$db->queryScalar($sql);
}
/**
* Gets an array with all the perso of the specified user
*
* @param int $user_id the user ID
*/
public static function get_persos (int $user_id) : array {
global $db;
- $user_id = $db->sql_escape($user_id);
+ $user_id = $db->escape($user_id);
$sql = "SELECT perso_id FROM " . TABLE_PERSOS . " WHERE user_id = $user_id";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get persos", '', __LINE__, __FILE__, $sql);
}
$persos = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$persos[] = Perso::get($row['perso_id']);
}
return $persos;
}
/**
* Gets the first perso a user have
* (typically to be used when get_persos_count returns 1 to autoselect)
*
* @param int user_id the user ID
*/
public static function get_first_perso ($user_id) {
global $db;
$sql = "SELECT perso_id FROM " . TABLE_PERSOS ." WHERE user_id = $user_id LIMIT 1";
- if ($perso_id = $db->sql_query_express($sql)) {
+ if ($perso_id = $db->queryScalar($sql)) {
return new Perso($perso_id);
}
}
/**
* Determines whether the perso is online
*
* @return bool true if the perso is online ; otherwise, false.
*/
public function is_online () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT MAX(online) FROM " . TABLE_SESSIONS ." WHERE perso_id = $id";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query the table", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return ($row[0] == 1);
}
/**
* This event method is called when the user selects a new perso
*/
public function on_select () {
//Session
set_info('perso_id', $this->id);
$this->set_flag("site.lastlogin", $_SERVER['REQUEST_TIME']);
define("PersoSelected", true);
}
/**
* This event method is called when the user logs off its account or perso
*/
public function on_logout () {
//Clears perso information in $_SESSION and session table
set_info('perso_id', null);
clean_session();
}
/**
* This event method is called when the perso is created
*/
public function on_create () {
//Notifies host
$this->notify_inviter();
}
/**
* Creates a new perso, from a parameter form
*
* @param User $user The user to attach the perso to
* @param Perso $perso A reference to the created perso (don't initialize it, give it a null value)
* @param array $errors A reference to the arrays containing errors (should be an empty array, or the method will always return false)
* @return boolean true if the perso has ben created ; otherwise, false
*/
public static function create_perso_from_form (User $user, &$perso, &$errors) {
$perso = new Perso();
$perso->load_from_form();
$perso->user_id = $user->id;
//Validates forms
if (!$perso->name) {
$errors[] = lang_get("NoFullnameSpecified");
}
if (!$perso->race) {
$errors[] = lang_get("NoRaceSpecified");
$perso->race = "being";
}
if (!$perso->sex) {
$errors[] = lang_get("NoSexSpecified");
}
if (!$perso->nickname) {
$errors[] = lang_get("NoNicknameSpecified");
} elseif (!Perso::is_available_nickname($perso->nickname)) {
$errors[] = lang_get("UnavailableNickname");
}
if (count($errors)) {
return false;
}
//Creates perso
$perso->save_to_database();
$perso->on_create();
return true;
}
/**
* Notifies the person having invited this perso
*/
public function notify_inviter() {
require_once('includes/objects/message.php');
require_once('includes/objects/invite.php');
$message = new Message();
$message->from = 0;
$message->to = invite::who_invited($this->id);
$message->text = sprintf(
lang_get('InvitePersoCreated'),
$this->name,
get_server_url() . get_url('who', $this->nickname)
);
$message->send();
}
}
diff --git a/includes/objects/port.php b/includes/objects/port.php
index 59a1da1..a43d168 100644
--- a/includes/objects/port.php
+++ b/includes/objects/port.php
@@ -1,211 +1,211 @@
<?php
/**
* Port class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-02-09 19:17 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
require_once("includes/geo/location.php");
/**
* Port class
*
* This class maps the ports table.
*
* The class also provides helper methods to handle ports at specified location.
*/
class Port {
public $id;
public $location_global;
public $location_local;
public $name;
public $hidden;
public $requiresPTA;
public $default;
/**
* Initializes a new instance
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Loads the object Port (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
}
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
}
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if (array_key_exists('hidden', $_POST)) {
$this->hidden = (bool)$_POST['hidden'];
}
if (array_key_exists('requiresPTA', $_POST)) {
$this->requiresPTA = (bool)$_POST['requiresPTA'];
}
if (array_key_exists('default', $_POST)) {
$this->hidden = (bool)$_POST['default'];
}
}
/**
* Loads the object Port (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_PORTS . " WHERE port_id = '" . $id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query ports", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Port unknown: " . $this->id;
return false;
}
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->name = $row['port_name'];
//Explodes place_status SET field in boolean variables
if ($row['place_status']) {
$flags = explode(',', $row['port_status']);
foreach ($flags as $flag) {
$this->$flag = true;
}
}
return true;
}
/**
* Gets status field value
*
* @return string the status field value (e.g. "requiresPTA,default")
*/
function getStatus () {
$flags = ['hidden', 'requiresPTA', 'default'];
foreach ($flags as $flag) {
if ($this->$flag) {
$status[] = $flag;
}
}
return implode(',', $status);
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $location_global = $db->sql_escape($this->location_global);
- $location_local = $db->sql_escape($this->location_local);
- $name = $db->sql_escape($this->name);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $location_global = $db->escape($this->location_global);
+ $location_local = $db->escape($this->location_local);
+ $name = $db->escape($this->name);
$status = $this->getStatus();
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_PORTS . " (`port_id`, `location_global`, `location_local`, `port_name`, `port_status`) VALUES ($id, '$location_global', '$location_local', '$name', '$status')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Determines if the specified location have a port
*
* @param string $location_global the global location
* @return boolean true if there is a spatioport exactly at the specified location ; otherwise, false.
*/
static function have_port ($location_global) {
return (get_port_id($location_global) !== null);
}
/**
* Gets the port situated exactly at the specified global location
*
* @param string $location_global the global location
* @return int the port ID
*/
static function get_port_id ($location_global) {
global $db;
- $location_global = $db->sql_escape($location_global);
+ $location_global = $db->escape($location_global);
$sql = "SELECT port_id FROM " . TABLE_PORTS . " WHERE location_global = '$location_global'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get ports", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
return $row['port_id'];
}
return null;
}
/**
* Gets default port, from specified global location
*
* @param string $location_global the global location
* @return Port the port near this location ; null if there isn't port there.
*/
static function from_location ($location_global) {
$havePlace = strlen($location_global) == 9;
$port_id = null;
if ($havePlace) {
//Checks if there's a port at specified location
$port_id = self::get_port_id($location_global);
}
if ($port_id == null) {
//Nearest default port.
//If place have been specified (B0001001), we've to found elsewhere
//==> B00001%
global $db;
- $loc = $db->sql_escape(substr($location_global, 0, 6));
+ $loc = $db->escape(substr($location_global, 0, 6));
$sql = "SELECT port_id FROM " . TABLE_PORTS . " WHERE location_global LIKE '$loc%'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get port", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
$port_id = $row['port_id'];
} else {
return null;
}
}
return new Port($port_id);
}
}
diff --git a/includes/objects/profile.php b/includes/objects/profile.php
index 6cc22d6..d6cf5c3 100644
--- a/includes/objects/profile.php
+++ b/includes/objects/profile.php
@@ -1,156 +1,156 @@
<?php
/**
* Profile class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-01-02 16:49 Autogenerated by Pluton Scaffolding
* Import from Azhàr
* 0.2 2010-07-05 03:56 Tags
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Profile class
*
* This class maps the profiles table.
*
* The class also provides methods to handle and cache tags.
*/
class Profile {
public $perso_id;
public string $text = "";
public $updated;
public $fixedwidth;
/**
* Initializes a new instance of the Profile class
*
* @param int $perso_id the perso ID
*/
function __construct ($perso_id) {
$this->perso_id = $perso_id;
$this->load_from_database();
}
/**
* Loads the object Profile (ie fill the properties) from the $_POST array
*/
function load_from_form ($read_boolean = true) {
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
}
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
}
if (array_key_exists('updated', $_POST)) {
$this->updated = $_POST['updated'];
}
if ($read_boolean) {
if (array_key_exists('fixedwidth', $_POST)) {
$this->fixedwidth = $_POST['fixedwidth'];
}
}
}
/**
* Loads the object Profile (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->perso_id);
+ $id = $db->escape($this->perso_id);
$sql = "SELECT * FROM " . TABLE_PROFILES . " WHERE perso_id = '$id'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_profiles", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Profile unknown: " . $this->perso_id;
return false;
}
$this->text = $row['profile_text'];
$this->updated = $row['profile_updated'];
$this->fixedwidth = $row['profile_fixedwidth'];
return true;
}
/**
* Saves the object to the database
*/
function save_to_database () {
global $db;
- $perso_id = $db->sql_escape($this->perso_id);
- $text = $db->sql_escape($this->text);
- $updated = $db->sql_escape($this->updated);
+ $perso_id = $db->escape($this->perso_id);
+ $text = $db->escape($this->text);
+ $updated = $db->escape($this->updated);
$fixedwidth = $this->fixedwidth ? 1 : 0;
$sql = "REPLACE INTO " . TABLE_PROFILES . " (`perso_id`, `profile_text`, `profile_updated`, `profile_fixedwidth`) VALUES ('$perso_id', '$text', '$updated', '$fixedwidth')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
}
///
/// Tags
///
/**
* Gets the profile's tags
*
* @return string The profile's tags
*/
function get_tags () {
global $db;
- $id = $db->sql_escape($this->perso_id);
+ $id = $db->escape($this->perso_id);
$sql = "SELECT tag_code, tag_class FROM " . TABLE_PROFILES_TAGS
. " WHERE perso_id = '$id'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get tags", '', __LINE__, __FILE__, $sql);
}
$tags = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$tags[$row['tag_class']][] = $row['tag_code'];
}
return $tags;
}
/**
* Gets the profile's cached tags
*
* @return string The profile's tags
*/
function get_cached_tags () {
require_once('includes/cache/cache.php');
$cache = Cache::load();
$key = 'zed_profile_tags_' . $this->perso_id;
if (!$tags_html = $cache->get($key)) {
//Regenerates tags cached html snippet
global $smarty;
$tags = $this->get_tags();
if (count($tags)) {
$smarty->assign('tags', $tags);
$tags_html = $smarty->fetch('profile_tags.tpl');
} else {
$tags_html = " ";
}
$cache->set($key, $tags_html);
}
return $tags_html;
}
}
diff --git a/includes/objects/profilecomment.php b/includes/objects/profilecomment.php
index c342af3..6c111d7 100644
--- a/includes/objects/profilecomment.php
+++ b/includes/objects/profilecomment.php
@@ -1,140 +1,140 @@
<?php
/**
* Profile comments class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-01-03 01:02 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Profile comments class
*
* This class maps the profiles_comments table.
*/
class ProfileComment {
public $id;
public $perso_id;
public $author;
public $authorname; //should be read-only
public $date;
public $text;
/**
* Initializes a new instance of the ProfileComment class
*
* @param int $id the comment ID
*/
function __construct ($id = '') {
if ($id) {
$this->id = $id;
$this->load_from_database();
} else {
$this->date = time();
}
}
/**
* Loads the object comment (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
}
if (array_key_exists('author', $_POST)) {
$this->author = $_POST['author'];
}
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
}
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
}
}
/**
* Loads the object comment (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT c.*, p.perso_name as author FROM " . TABLE_PROFILES_COMMENTS . " c, " . TABLE_PERSOS . " p WHERE c.comment_id = '$id' AND p.perso_id = c.comment_author";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_profiles_comments", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "comment unknown: " . $this->id;
return false;
}
$this->perso_id = $row['perso_id'];
$this->author = $row['comment_author'];
$this->authorname = $row['author'];
$this->date = $row['comment_date'];
$this->text = $row['comment_text'];
return true;
}
/**
* Saves the object to the database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $perso_id = $db->sql_escape($this->perso_id);
- $author = $db->sql_escape($this->author);
- $date = $db->sql_escape($this->date);
- $text = $db->sql_escape($this->text);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $perso_id = $db->escape($this->perso_id);
+ $author = $db->escape($this->author);
+ $date = $db->escape($this->date);
+ $text = $db->escape($this->text);
$sql = "REPLACE INTO " . TABLE_PROFILES_COMMENTS . " (`comment_id`, `perso_id`, `comment_author`, `comment_date`, `comment_text`) VALUES ($id, '$perso_id', '$author', '$date', '$text')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Publishes the comment
* @todo Add events on publish
*/
function publish () {
$this->save_to_database();
}
/**
* Gets comments
*
* @param int $perso_id The Perso ID
*/
static function get_comments ($perso_id) {
global $db;
- $sql = "SELECT comment_id FROM " . TABLE_PROFILES_COMMENTS . " WHERE perso_id = " . $db->sql_escape($perso_id);
- if (!$result = $db->sql_query($sql)) {
+ $sql = "SELECT comment_id FROM " . TABLE_PROFILES_COMMENTS . " WHERE perso_id = " . $db->escape($perso_id);
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get comments", '', __LINE__, __FILE__, $sql);
}
$comments = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$comments[] = new ProfileComment($row[0]);
}
return $comments;
}
}
diff --git a/includes/objects/profilephoto.php b/includes/objects/profilephoto.php
index b07cacd..723b5c7 100644
--- a/includes/objects/profilephoto.php
+++ b/includes/objects/profilephoto.php
@@ -1,217 +1,217 @@
<?php
/**
* Profile photo class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-01-03 21:00 Autogenerated by Pluton Scaffolding
* 0.2 2010-02-02 00:52 Thumbnail ImageMagick generation code
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Profile photo class
*
* This class maps the profile_photos table.
*
* It also provides helper methods to handle avatars or get all the photos
* from a specified perso.
*/
class ProfilePhoto {
public $id;
public $perso_id;
public $name;
public $description;
public $avatar;
/**
* Initializes a new instance of the ProfilePhoto class
*/
function __construct ($id = '') {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Loads the object photo (ie fill the properties) from the $_POST array
*
* @param bool $readBoolean if false, don't read the bool avatar field to avoid to set by error false if the field weren't in the form.
*/
function load_from_form ($readBoolean = true) {
if (array_key_exists('perso_id', $_POST)) {
$this->perso_id = $_POST['perso_id'];
}
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
}
if ($readBoolean) {
$this->avatar = (bool)$_POST['avatar'];
}
}
/**
* Loads the object photo (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_PROFILES_PHOTOS . " WHERE photo_id = '" . $id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query azhar_profiles_photos", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "photo unknown: " . $this->id;
return false;
}
$this->perso_id = $row['perso_id'];
$this->name = $row['photo_name'];
$this->description = $row['photo_description'];
$this->avatar = $row['photo_avatar'];
return true;
}
/**
* Promotes the photo to avatar
*/
function promote_to_avatar () {
global $db;
//1 - locally
$sql = "UPDATE " . TABLE_PROFILES_PHOTOS . " SET photo_avatar = 0 WHERE perso_id = " . $this->perso_id;
- $db->sql_query_express($sql);
+ $db->queryScalar($sql);
$this->avatar = true;
//2 - in perso table
$perso = Perso::get($this->perso_id);
$perso->avatar = $this->name;
$perso->saveToDatabase();
}
/**
* Saves the object to the database
*/
function save_to_database () {
global $db;
//Escapes fields
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $perso_id = $db->sql_escape($this->perso_id);
- $name = $db->sql_escape($this->name);
- $description = $db->sql_escape($this->description);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $perso_id = $db->escape($this->perso_id);
+ $name = $db->escape($this->name);
+ $description = $db->escape($this->description);
$avatar = $this->avatar ? 1 : 0;
//Saves
$sql = "REPLACE INTO " . TABLE_PROFILES_PHOTOS . " (`photo_id`, `perso_id`, `photo_name`, `photo_description`, `photo_avatar`) VALUES ($id, '$perso_id', '$name', '$description', $avatar)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Deletes the photo
*/
function delete () {
global $db;
//Deletes from disk
$pic_tn = PHOTOS_DIR . '/' . $this->name;
$pic_genuine = PHOTOS_DIR . '/tn/' . $this->name;
unlink($pic_tn);
unlink($pic_genuine);
//Deletes from database
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "DELETE FROM " . TABLE_PROFILES_PHOTOS . " WHERE photo_id = '$id' LIMIT 1";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete photo", '', __LINE__, __FILE__, $sql);
}
}
/**
* Generates a thumbnail using ImageMagick binary
*
* @return boolean true if the thumbnail command returns 0 as program exit code ; otherwise, false
*/
function generate_thumbnail () {
global $Config;
$sourceFile = PHOTOS_DIR . DIRECTORY_SEPARATOR . $this->name;
$thumbnailFile = PHOTOS_DIR . DIRECTORY_SEPARATOR . 'tn' . DIRECTORY_SEPARATOR . $this->name;
$command = $Config['ImageMagick']['convert'] . " $sourceFile -resize 1000x80 $thumbnailFile";
@system($command, $code);
return ($code == 0);
}
/**
* Gets photos from the specified perso
*
* @param int $perso_id the perso ID
* @param bool $allowUnsafe if false, don't include not safe for work photos
* @return ProfilePhoto[]
*/
static function get_photos ($perso_id, $allowUnsafe = true) : array {
global $db;
- $sql = "SELECT photo_id FROM " . TABLE_PROFILES_PHOTOS . " WHERE perso_id = " . $db->sql_escape($perso_id);
+ $sql = "SELECT photo_id FROM " . TABLE_PROFILES_PHOTOS . " WHERE perso_id = " . $db->escape($perso_id);
if (!$allowUnsafe) {
$sql .= " AND photo_safe = 0";
}
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get photos", '', __LINE__, __FILE__, $sql);
}
$photos = [];
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$photos[] = new ProfilePhoto($row[0]);
}
return $photos;
}
/**
* Gets perso avatar
*
* @param integer $perso_id the perso to get the avatar ID
* @param string $username the username to put in title tag
*/
static function get_avatar ($perso_id, $username = '') {
global $db;
- $perso_id = $db->sql_escape($perso_id);
+ $perso_id = $db->escape($perso_id);
$sql = "SELECT photo_description, photo_name FROM " . TABLE_PROFILES_PHOTOS . " WHERE perso_id = '$perso_id' and photo_avatar = 1";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to get avatar", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
if (!$username) {
$username = get_name($perso_id);
}
$description = $row['photo_description'] ? "$row[photo_description] ($username's avatar)" : "$username's avatar";
$url = PHOTOS_URL . '/tn/' . $row['photo_name'];
return "<img src=\"$url\" title=\"$username\" alt=\"$description\" />";
} else {
return null;
}
}
}
diff --git a/includes/objects/request.php b/includes/objects/request.php
index deaa118..b4d432f 100644
--- a/includes/objects/request.php
+++ b/includes/objects/request.php
@@ -1,143 +1,143 @@
<?php
/**
* Request class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2011, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2011-06-13 21:16 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2011 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* Request class
*
* This class maps the requests table.
*/
class Request {
public $id;
public $code;
public $title;
public $date;
public $author;
public $to;
public $message;
public $location_global;
public $location_local;
public $status;
/**
* Initializes a new instance
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
} else {
$this->date = time();
$this->status = 'NEW';
}
}
/**
* Loads the object Request (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('code', $_POST)) {
$this->code = $_POST['code'];
}
if (array_key_exists('title', $_POST)) {
$this->title = $_POST['title'];
}
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
}
if (array_key_exists('author', $_POST)) {
$this->author = $_POST['author'];
}
if (array_key_exists('to', $_POST)) {
$this->to = $_POST['to'];
}
if (array_key_exists('message', $_POST)) {
$this->message = $_POST['message'];
}
if (array_key_exists('location_global', $_POST)) {
$this->location_global = $_POST['location_global'];
}
if (array_key_exists('location_local', $_POST)) {
$this->location_local = $_POST['location_local'];
}
if (array_key_exists('status', $_POST)) {
$this->status = $_POST['status'];
}
}
/**
* Loads the object Request (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_REQUESTS . " WHERE request_id = '" . $id . "'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query requests", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Request unknown: " . $this->id;
return false;
}
$this->code = $row['request_code'];
$this->title = $row['request_title'];
$this->date = $row['request_date'];
$this->author = $row['request_author'];
$this->message = $row['request_message'];
$this->to = $row['request_to'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->status = $row['request_status'];
return true;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $code = $db->sql_escape($this->code);
- $title = $db->sql_escape($this->title);
- $date = $db->sql_escape($this->date);
- $author = $db->sql_escape($this->author);
- $message = $db->sql_escape($this->message);
- $to = $db->sql_escape($this->to);
- $location_global = $db->sql_escape($this->location_global);
- $location_local = $db->sql_escape($this->location_local);
- $status = $db->sql_escape($this->status);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $code = $db->escape($this->code);
+ $title = $db->escape($this->title);
+ $date = $db->escape($this->date);
+ $author = $db->escape($this->author);
+ $message = $db->escape($this->message);
+ $to = $db->escape($this->to);
+ $location_global = $db->escape($this->location_global);
+ $location_local = $db->escape($this->location_local);
+ $status = $db->escape($this->status);
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_REQUESTS . " (`request_id`, `request_code`, `request_title`, `request_date`, `request_author`, `request_message`, `request_to`, `location_global`, `location_local`, `request_status`) VALUES ($id, '$code', '$title', '$date', '$author', '$message', '$to', '$location_global', '$location_local', '$status')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$this->id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
}
diff --git a/includes/objects/requestreply.php b/includes/objects/requestreply.php
index 2d5c35c..181b902 100644
--- a/includes/objects/requestreply.php
+++ b/includes/objects/requestreply.php
@@ -1,110 +1,110 @@
<?php
/**
* RequestReply class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2011, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2011-06-13 21:20 Autogenerated by Pluton Scaffolding
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2011 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* RequestReply class
*
* This class maps the requests_replies table.
*/
class RequestReply {
public $id;
public $request_id;
public $author;
public $date;
public $text;
/**
* Initializes a new instance
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Loads the object RequestReply (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('request_id', $_POST)) {
$this->request_id = $_POST['request_id'];
}
if (array_key_exists('author', $_POST)) {
$this->author = $_POST['author'];
}
if (array_key_exists('date', $_POST)) {
$this->date = $_POST['date'];
}
if (array_key_exists('text', $_POST)) {
$this->text = $_POST['text'];
}
}
/**
* Loads the object RequestReply (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM " . TABLE_REQUESTS_REPLIES . " WHERE request_reply_id = '" . $id . "'";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Unable to query requests_replies", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "RequestReply unknown: " . $this->id;
return false;
}
$this->request_id = $row['request_id'];
$this->author = $row['request_reply_author'];
$this->date = $row['request_reply_date'];
$this->text = $row['request_reply_text'];
return true;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $request_id = $db->sql_escape($this->request_id);
- $author = $db->sql_escape($this->author);
- $date = $db->sql_escape($this->date);
- $text = $db->sql_escape($this->text);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $request_id = $db->escape($this->request_id);
+ $author = $db->escape($this->author);
+ $date = $db->escape($this->date);
+ $text = $db->escape($this->text);
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_REQUESTS_REPLIES . "(`request_reply_id`, `request_id`, `request_reply_author`, `request_reply_date`, `request_reply_text`) VALUES ('$id', '$request_id', '$author', '$date', '$text')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$this->id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
}
diff --git a/includes/objects/ship.php b/includes/objects/ship.php
index 1987eac..5bd700e 100644
--- a/includes/objects/ship.php
+++ b/includes/objects/ship.php
@@ -1,341 +1,341 @@
<?php
/**
* Ship class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* 0.1 2010-02-05 18:51 Autogenerated by Pluton Scaffolding
* 0.2 2010-02-06 17:30 Ship API
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
require_once("perso.php");
require_once("includes/geo/location.php");
/**
* Ship class
*
* This class maps the ship table.
*
* It also provides helper methods to handle landing and fly out,
* or locate the ship.
*
* The class also provides methods for the ship API.
*/
class Ship {
/*
* ----------------------------------------------------------------------- *
* Ship class definition
* ----------------------------------------------------------------------- *
*/
public $id;
public $name;
public $location_global;
public $location_local;
public $api_key;
public $description;
private static $hashtable = [];
/**
* Initializes a new instance
*
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
if (preg_match("/^S[0-9]{5}$/", $id)) {
$id = substr($id, 1);
}
$this->id = $id;
$this->load_from_database();
}
}
/**
* Initializes a new Ship instance if needed or gets already available one.
*
* @param mixed $data ship ID
* @return Ship the ship instance
*/
static function get ($data = null) {
if ($data !== null) {
if (preg_match("/^S[0-9]{5}$/", $id)) {
$id = substr($data, 1);
} else {
$id = $data;
}
//Checks in the hashtable if we already have loaded this instance
if (array_key_exists($id, self::$hashtable)) {
return self::$hashtable[$data];
}
}
$ship = new Ship($data);
return $ship;
}
/**
* Loads the object Ship (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if (array_key_exists('location_global', $_POST)) {
$this->location = $_POST['location_global'];
}
if (array_key_exists('location_local', $_POST)) {
$this->location = $_POST['location_local'];
}
if (array_key_exists('api_key', $_POST)) {
$this->api_key = $_POST['api_key'];
}
if (array_key_exists('description', $_POST)) {
$this->description = $_POST['description'];
}
}
/**
* Loads the object Ship (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
- $id = $db->sql_escape($this->id);
+ $id = $db->escape($this->id);
$sql = "SELECT * FROM ships WHERE ship_id = '" . $id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query Ships", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "Ship unknown: " . $this->id;
return false;
}
$this->name = $row['ship_name'];
$this->location_global = $row['location_global'];
$this->location_local = $row['location_local'];
$this->api_key = $row['api_key'];
$this->description = $row['ship_description'];
//Puts object in hashtable
self::$hashtable[$this->id] = $this;
return true;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $name = $db->sql_escape($this->name);
- $location_global = $db->sql_escape($this->location_global);
- $location_local = $db->sql_escape($this->location_local);
- $api_key = $db->sql_escape($this->api_key);
- $description = $db->sql_escape($this->description);
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $name = $db->escape($this->name);
+ $location_global = $db->escape($this->location_global);
+ $location_local = $db->escape($this->location_local);
+ $api_key = $db->escape($this->api_key);
+ $description = $db->escape($this->description);
//Updates or inserts
$sql = "REPLACE INTO ships (`ship_id`, `ship_name`, `location_global`, `location_local`, `api_key`, `ship_description`) VALUES ($id, '$name', '$location_global', '$location_location', '$api_key', '$description')";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Gets the ship code, as a string representation of the instance.
*
* @return the ship's code
*/
function __toString () {
return $this->get_code();
}
/**
* Get ships at specified location
*
* @param string $location_global global location
* @param string $location_local local location
* @return array An array of Ship items, each one a ship at the specified location
*/
static function get_ships_at ($location_global, $location_local = null) {
global $db;
//Gets ships
$sql = "SELECT ship_id, location_global, location_local FROM " . TABLE_SHIPS . " WHERE location_global IS NOT NULL";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get ships", '', __LINE__, __FILE__, $sql);
}
$ships = [];
$location = new GeoLocation($location_global, $location_local);
- while ($row = $db->sql_fetchrow($result)) {
+ while ($row = $db->fetchRow($result)) {
$shipLocation = new GeoLocation($row['location_global'], $row['location_local']);
if ($location->equals($shipLocation)) {
$ships[] = self::get($row['ship_id']);
}
}
return $ships;
}
/*
* ----------------------------------------------------------------------- *
* Helper methods
* ----------------------------------------------------------------------- *
*/
/**
* Gets ship code, e.g. S00001
*
* @return string the ship code
*/
function get_code () {
return sprintf("S%05d", $this->id);
}
/**
* Determines if the ship is at a spatioport (or assimilated)
*
* @return bool true if the ship is at a spatioport ; false if the ship is in space
*/
function in_spatioport () {
return $this->location_local !== null;
}
/**
* Flies in the sip
*
* @param string $location_local the spatioport location
*
* @todo Completes location global e.g. B00001 -> B00001003
*/
function fly_in ($location_local = null) {
$this->location_local = ($location_local == null) ? 0 : $location_local;
}
/**
* Flies out.
*/
function fly_out () {
$this->location_local = null;
}
/*
* ----------------------------------------------------------------------- *
* Ship API methods
* ----------------------------------------------------------------------- *
*/
/**
* Requests the specified perso to authenticate to this ship
*
* @param mixed $perso_data the perso id or name
*/
function request_perso_authenticate ($perso_data) {
$perso = Perso::get($perso_data);
$flag = sprintf("request.api.ship.auth.%s", $this->get_code());
$perso->set_flag($flag);
$perso->set_flag("site.requests");
}
/**
* Determines if a perso is authenticated to this ship
*
* @param mixed $perso_data the perso id or name
* @return boolean true if the specified perso name is authenticated to this ship ; otherwise, false.
*/
function is_perso_authenticated ($perso_data) {
$flag = sprintf("api.ship.auth.%s", $this->get_code());
return Perso::get($perso_data)->flags[$flag] == 1;
}
/**
* Requests the specified perso to confirm the ship API session
*
* @param string $session_id a session ID provided by calling application
* @param mixed $perso_data the perso id or name
*/
function request_perso_confirm_session ($session_id, $perso_data) {
$perso = Perso::get($perso_data);
$flag = sprintf("request.api.ship.session.%s.%s", $this->get_code(), $session_id);
$perso->set_flag($flag);
$perso->set_flag("site.requests");
}
/**
* Cleans ship API temporary sessions
*/
static function clean_ship_sessions () {
//Cleans old sessions
global $db;
$sql = "DELETE FROM " . TABLE_REGISTRY . " WHERE registry_key LIKE 'api.ship.session.%' AND registry_updated < NOW() - 7200";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete old ship API sessions", '', __LINE__, __FILE__, $sql);
}
}
/**
* Gets perso id from specified session
*
* @param string $session_id a session ID provided by calling application
* @return mixed the session
*/
function get_perso_from_session ($session_id) {
//Cleans old session
self::clean_ship_sessions();
//Reads api.ship.session.S00001.$session_id
//This registry key contains perso_id if it exists and valid
$key = sprintf("api.ship.session.%s.%s", $this->get_code(), $session_id);
return registry_get($key);
}
/**
* Loads a Ship object from its API key
*
* @param string $key API key GUID
* @return Ship the ship matching the API key
*/
static function from_api_key ($key) {
global $db;
- $key = $db->sql_escape($key);
+ $key = $db->escape($key);
$sql = "SELECT * FROM ships WHERE api_key = '" . $key . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query ships", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
return null;
}
//Fills ship information
$ship = new Ship();
$ship->id = $row['ship_id'];
$ship->name = $row['ship_name'];
$ship->location = $row['ship_location'];
$ship->api_key = $row['api_key'];
$ship->description = $row['ship_description'];
return $ship;
}
}
diff --git a/includes/objects/user.php b/includes/objects/user.php
index 4eff382..49172eb 100644
--- a/includes/objects/user.php
+++ b/includes/objects/user.php
@@ -1,264 +1,264 @@
<?php
/**
* User class
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* [DESIGN BY CONTRACT NOTE] No more than one OpenID per user
*
* @package Zed
* @subpackage Model
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
/**
* User class
*
* This class maps the users and users_openid tables.
*
* It also provides helper methods to check if a login is available,
* or to retrieve a username from e-mail address.
*/
class User {
public $id;
public $name;
public $password;
public $active = 0;
public $actkey;
public $email;
public $regdate;
public static $hashtable_id = [];
public static $hashtable_name = [];
public array $session = [];
/**
* Initializes a new instance
*
* @param int $id the primary key
*/
function __construct ($id = null) {
if ($id) {
$this->id = $id;
$this->load_from_database();
}
}
/**
* Initializes a new User instance if needed or get already available one.
*
* @param mixed $data user ID or name
* @return User the user instance
*/
static function get ($data = null) {
if ($data) {
//Checks in the hashtables if we already have loaded this instance
if (is_numeric($data)) {
if (array_key_exists($data, User::$hashtable_id)) {
return User::$hashtable_id[$data];
}
} else {
if (array_key_exists($data, User::$hashtable_name)) {
return User::$hashtable_name[$data];
}
}
}
$user = new User($data);
return $user;
}
/**
* Loads the object User (ie fill the properties) from the $_POST array
*/
function load_from_form () {
if (array_key_exists('name', $_POST)) {
$this->name = $_POST['name'];
}
if (array_key_exists('password', $_POST)) {
$this->password = $_POST['password'];
}
if (array_key_exists('active', $_POST)) {
$this->active = $_POST['active'];
}
if (array_key_exists('actkey', $_POST)) {
$this->actkey = $_POST['actkey'];
}
if (array_key_exists('email', $_POST)) {
$this->email = $_POST['email'];
}
if (array_key_exists('regdate', $_POST)) {
$this->regdate = $_POST['regdate'];
}
}
/**
* Loads the object User (ie fill the properties) from the database
*/
function load_from_database () {
global $db;
$sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
}
- if (!$row = $db->sql_fetchrow($result)) {
+ if (!$row = $db->fetchRow($result)) {
$this->lastError = "User unknown: " . $this->id;
return false;
}
$this->name = $row['username'];
$this->password = $row['user_password'];
$this->active = $row['user_active'];
$this->actkey = $row['user_actkey'];
$this->email = $row['user_email'];
$this->regdate = $row['user_regdate'];
//Puts object in hashtables
Perso::$hashtable_id[$this->id] = $this;
Perso::$hashtable_name[$this->name] = $this;
return true;
}
/**
* Saves to database
*/
function save_to_database () {
global $db;
- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
- $name = $db->sql_escape($this->name);
- $password = $db->sql_escape($this->password);
- $active = $db->sql_escape($this->active);
- $actkey = $db->sql_escape($this->actkey);
- $email = $db->sql_escape($this->email);
- $regdate = $this->regdate ? "'" . $db->sql_escape($this->regdate) . "'" : 'NULL';
+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
+ $name = $db->escape($this->name);
+ $password = $db->escape($this->password);
+ $active = $db->escape($this->active);
+ $actkey = $db->escape($this->actkey);
+ $email = $db->escape($this->email);
+ $regdate = $this->regdate ? "'" . $db->escape($this->regdate) . "'" : 'NULL';
//Updates or inserts
$sql = "REPLACE INTO " . TABLE_USERS . " (`user_id`, `username`, `user_password`, `user_active`, `user_actkey`, `user_email`, `user_regdate`) VALUES ($id, '$name', '$password', '$active', '$actkey', '$email', $regdate)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
}
if (!$id) {
//Gets new record id value
- $this->id = $db->sql_nextid();
+ $this->id = $db->nextId();
}
}
/**
* Updates the specified field in the database record
*/
function save_field ($field) {
global $db;
if (!$this->id) {
message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
}
- $id = $db->sql_escape($this->id);
- $value = $db->sql_escape($this->$field);
+ $id = $db->escape($this->id);
+ $value = $db->escape($this->$field);
$sql = "UPDATE " . TABLE_USERS . " SET `$field` = '$value' WHERE user_id = '$id'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
}
}
/**
* Generates a unique user id
*/
function generate_id () {
global $db;
do {
$this->id = rand(2001, 5999);
$sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id LOCK IN SHARE MODE;";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't access users table", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
} while ($row[0]);
}
/**
* Fills password field with encrypted version of the specified clear password
*
* @param string $newpassword The user's new password
*/
public function set_password ($newpassword) {
$this->password = md5($newpassword);
}
/**
* Deletes OpenID for this user
*/
public function delete_OpenID () {
$this->set_OpenID('');
}
/**
* Sets OpenID for this user
*
* @param string $url OpenID endpoint URL
*/
public function set_OpenID ($url) {
global $db;
if (!$this->id) {
$this->save_to_database();
}
- $url = $db->sql_escape($url);
+ $url = $db->escape($url);
$sql = "DELETE FROM " . TABLE_USERS_AUTH . " WHERE auth_type = 'OpenID' AND user_id = $this->id";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't delete old OpenID", '', __LINE__, __FILE__, $sql);
}
if ($url != '') {
$sql = "INSERT INTO " . TABLE_USERS_AUTH . " (auth_type, auth_identity, user_id) VALUES ('OpenID', '$url', $this->id)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't add new OpenID", '', __LINE__, __FILE__, $sql);
}
}
}
/**
* Checks if a login is available
*
* @param string $login the login to check
* @return bool true if the specified login is available ; otherwise, false.
*/
public static function is_available_login ($login) : bool {
global $db;
$sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username LIKE '$login' LOCK IN SHARE MODE;";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return !$row[0];
}
/**
* Gets username from specified e-mail
*
* @param string $mail the mail to search
* @return string|bool the username matching the mail if found ; otherwise, false.
*/
public static function get_username_from_email ($mail) {
global $db;
$sql = "SELECT username FROM " . TABLE_USERS . " WHERE user_email LIKE '$mail' LOCK IN SHARE MODE;";
- if (!$result = $db->sql_query($sql)) {
+ if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
}
- if ($row = $db->sql_fetchrow($result)) {
+ if ($row = $db->fetchRow($result)) {
return $row['username'];
}
return false;
}
}
diff --git a/includes/sessions.php b/includes/sessions.php
index c33058e..87cbe60 100644
--- a/includes/sessions.php
+++ b/includes/sessions.php
@@ -1,160 +1,160 @@
<?php
/**
* Sessions
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* This file provides functions to manage sessions. It's not currently properly
* documented, as it's a temporary old session file, which will be updated soon.
*
* @package Zed
* @subpackage Keruald
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo Replaces this code by the unified Keruald session class.
*/
function session_update () {
global $db, $IP, $Config;
//Nettoyage de la session
/* Initialisation */
$time_online = 5 * 60; // Temps après lequel l'utilisateur n'est plus considéré comme online
$time_session = 2 * 60 * 60; // Durée de vie de la session
$heureActuelle = time(); //Timestamp UNIX et non MySQL
/* On fait le ménage */
$sql = "UPDATE " . TABLE_SESSIONS . " SET online=0 WHERE HeureLimite < $heureActuelle";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, 'Impossible de mettre à jour les sessions (utilisateurs offline)', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE SessionLimite < $heureActuelle";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Impossible d'effacer les sessions expirées", '', __LINE__, __FILE__, $sql);
}
/* Création / mise à jour de la session utilisateur */
if (!$_SESSION['ID']) {
$_SESSION['ID'] = md5(generate_random_string("AAAA1234"));
}
$sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id LIKE '$_SESSION[ID]'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Problème critique avec les sessions.", '', __LINE__, __FILE__, $sql);
}
- if ($db->sql_numrows($result) == 0) {
+ if ($result->numRows() === 0) {
$sql = "INSERT INTO " . TABLE_SESSIONS . " (IP, session_id, `Where`, HeureLimite, SessionLimite) VALUES ('$IP', '$_SESSION[ID]', $Config[ResourceID], $heureActuelle + $time_online, $heureActuelle + $time_session)";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Impossible de créer une nouvelle session", '', __LINE__, __FILE__, $sql);
}
} else {
$sql = "UPDATE " . TABLE_SESSIONS . " SET online=1, HeureLimite = $heureActuelle + $time_online, SessionLimite= $heureActuelle + $time_session WHERE session_id = '$_SESSION[ID]'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Impossible de mettre à jour la session", '', __LINE__, __FILE__, $sql);
}
}
}
function nbc () {
//Renvoi du nombre d'usagers connectés
global $db, $Config;
$sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE online=1 AND `Where` = $Config[ResourceID]";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Impossible d'obtenir le nombre d'utilisateurs connectés sur le site web", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return $row[0];
}
function get_info ($info) {
//Renvoie une variable de la session
global $db;
$sql = "SELECT $info FROM " . TABLE_SESSIONS . " WHERE session_id LIKE '$_SESSION[ID]'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Impossible d'obtenir $info", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
return $row[$info];
}
function get_logged_user () {
//Renvoie toutes les informations d'un utilisateur
global $db;
$sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id LIKE '$_SESSION[ID]'";
- if ( !($result = $db->sql_query($sql)) ) {
+ if ( !($result = $db->query($sql)) ) {
message_die(SQL_ERROR, "Impossible d'obtenir les informations de l'utilisateur", '', __LINE__, __FILE__, $sql);
}
- $row = $db->sql_fetchrow($result);
+ $row = $db->fetchRow($result);
require_once('includes/objects/user.php');
$user = User::get($row['user_id']);
$user->session = $row;
return $user;
}
function set_info ($info, $value) {
//Définit une variable session
global $db;
- $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
+ $value = ($value === null) ? 'NULL' : "'" . $db->escape($value) . "'";
$sql = "UPDATE " . TABLE_SESSIONS . " SET $info = $value WHERE session_id LIKE '$_SESSION[ID]'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Impossible de définir $info", '', __LINE__, __FILE__, $sql);
}
}
/**
* Destroys $_SESSION array values, help ID
*/
function clean_session () {
foreach ($_SESSION as $key => $value) {
if ($key != 'ID') {
unset($_SESSION[$key]);
}
}
}
/**
* Logs in user
*/
function login ($user_id, $username) {
global $db;
$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id LIKE '$_SESSION[ID]'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Impossible de procéder à la connexion", '', __LINE__, __FILE__, $sql);
}
//We send a cookie to print automatically the last username on the login
//page during 30 days.
if ($username) {
setcookie("LastUsername", $username, time() + 2592000);
}
}
/**
* Logs out user
*/
function logout () {
//Anonymous user in session table
global $db;
$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '-1', perso_id = NULL WHERE session_id LIKE '$_SESSION[ID]'";
- if (!$db->sql_query($sql)) {
+ if (!$db->query($sql)) {
message_die(SQL_ERROR, "Impossible de procéder à la déconnexion", '', __LINE__, __FILE__, $sql);
}
clean_session();
}
diff --git a/includes/settings/preferences.xml b/includes/settings/preferences.xml
index da7554f..731be1c 100644
--- a/includes/settings/preferences.xml
+++ b/includes/settings/preferences.xml
@@ -1,148 +1,148 @@
<?xml version="1.0" encoding="UTF-8"?>
<settings>
<page id="account" title="Account">
<setting id="username">
<key>Username</key>
<field>text</field>
<object>CurrentUser</object>
<property>name</property>
</setting>
<setting id="password">
<key>Password</key>
<field>password</field>
<object>CurrentUser</object>
<handler>
<get>
return "";
</get>
<set>
<![CDATA[
if ($value) {
global $CurrentUser;
$CurrentUser->set_password($value);
return true;
}
]]>
</set>
</handler>
</setting>
<setting id="email">
<key>Email</key>
<field>text</field>
<object>CurrentUser</object>
<property>email</property>
</setting>
<setting id="OpenID">
<key>OpenID</key>
<field>text</field>
<handler>
<get>
<![CDATA[
global $db, $CurrentUser;
$sql = "SELECT auth_identity FROM " . TABLE_USERS_AUTH . " WHERE auth_type = 'OpenID' AND user_id = $CurrentUser->id LIMIT 1";
-return $db->sql_query_express($sql);
+return $db->queryScalar($sql);
]]>
</get>
<set>
<![CDATA[
global $db, $CurrentUser, $smarty;
-$openid = $db->sql_escape($value);
+$openid = $db->escape($value);
$sql = "SELECT user_id FROM users_auth WHERE auth_type = 'OpenID' AND auth_identity LIKE '$openid'";
-if ($user_id = $db->sql_query_express($sql)) {
+if ($user_id = $db->queryScalar($sql)) {
if ($user_id == $CurrentUser->id) {
$smarty->assign('WAP', "This OpenID is already linked to your account.");
} else {
$smarty->assign('WAP', "This OpenID is currently linked to another account.");
supralog('security', "User tried to add OpenID $openid which belongs to $user_id", "preferences");
}
return false;
}
$CurrentUser->set_OpenID($value);
return true;
]]>
</set>
</handler>
</setting>
</page>
<page id="perso" title="Information">
<setting id="longname">
<key>Name</key>
<field>text</field>
<object>CurrentPerso</object>
<property>name</property>
</setting>
<setting id="nickname">
<key>Nickname</key>
<field>validationtext</field>
<regExp>[a-z][a-z0-9 ]+</regExp>
<object>CurrentPerso</object>
<property>nickname</property>
</setting>
<setting id="race">
<key>Race</key>
<field>text</field>
<object>CurrentPerso</object>
<property>race</property>
</setting>
<setting id="sex">
<key>Sex</key>
<field>filteredlist</field>
<object>CurrentPerso</object>
<property>sex</property>
<choices>
<choice>
<key>male</key>
<value>M</value>
</choice>
<choice>
<key>female</key>
<value>F</value>
</choice>
<choice>
<key>neutral</key>
<value>N</value>
</choice>
<choice>
<key>both</key>
<value>2</value>
</choice>
</choices>
</setting>
</page>
<page id="smartline" title="SmartLine">
<setting id="show">
<key>SmartlineShow</key>
<field>checkbox</field>
<handler>
<set><![CDATA[
global $CurrentPerso;
$flag_value = $value ? 1 : 0;
$CurrentPerso->set_flag('site.smartline.show', $flag_value);
return true;
]]></set>
<get><![CDATA[
global $CurrentPerso;
return (bool)$CurrentPerso->get_flag('site.smartline.show', true);
]]></get>
</handler>
</setting>
<setting id="method">
<key>SmartlineMethod</key>
<field>checkbox</field>
<handler>
<set><![CDATA[
global $CurrentPerso;
$CurrentPerso->set_flag('site.smartline.method', $value ? 'post' : 'get');
return true;
]]></set>
<get><![CDATA[
global $CurrentPerso;
$flag = $CurrentPerso->get_flag('site.smartline.method', 'post');
return $flag != "get";
]]></get>
</handler>
</setting>
</page>
</settings>
diff --git a/index.php b/index.php
index 2f0e8c4..4573118 100644
--- a/index.php
+++ b/index.php
@@ -1,132 +1,136 @@
<?php
/**
* Application entry point
*
* Zed. The immensity of stars. The HyperShip. The people.
*
* (c) 2010, Dereckson, some rights reserved.
* Released under BSD license.
*
* @package Zed
* @subpackage EntryPoints
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
+use Zed\Engines\Database\Database;
use Zed\Engines\Perso\PersoSelector;
use Zed\Engines\Templates\Smarty\Engine as SmartyEngine;
////////////////////////////////////////////////////////////////////////////////
///
/// Initialization
///
//Keruald (formerly Pluton) library
include('includes/core.php');
+//Database
+$db = Database::load($Config['database']);
+
//Session
$IP = $_SERVER["REMOTE_ADDR"];
require_once('includes/story/story.php'); //this class can be stored in session
session_start();
$_SESSION['ID'] = session_id();
session_update(); //updates or creates the session
include("includes/login.php"); //login/logout
$CurrentUser = get_logged_user(); //Gets current user information
//Skin and accent to load
define('THEME', $CurrentUser->session['Skin']);
define('ACCENT', $CurrentUser->session['Skin_accent']);
//Loads Smarty
$smarty = SmartyEngine::load()->getSmarty();
//Loads language files
initialize_lang();
lang_load('core.conf');
//Gets URL
$url = get_current_url_fragments();
//If the user isn't logged in (is anonymous), prints login/invite page & dies.
if ($CurrentUser->id < 1000) {
include('controllers/anonymous.php');
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// Perso (=character) selector
///
$CurrentPerso = PersoSelector::load($CurrentUser, $smarty);
////////////////////////////////////////////////////////////////////////////////
///
/// Tasks to execute before calling the URL controller:
/// - assert the perso is somewhere
/// - executes the smartline
///
//If the perso location is unknown, ejects it to an asteroid
if (!$CurrentPerso->location_global) {
require_once('includes/geo/place.php');
$smarty->assign('NOTIFY', lang_get('NewLocationNotify'));
$CurrentPerso->move_to(GeoPlace::get_start_location());
}
//SmartLine
include("includes/SmartLine/ZedSmartLine.php");
//Redirects user to user request controller if site.requests flag on
if (defined('PersoSelected') && array_key_exists('site.requests', $CurrentPerso->flags) && $CurrentPerso->flags['site.requests']) {
include('controllers/persorequest.php');
}
////////////////////////////////////////////////////////////////////////////////
///
/// Calls the specific controller to serve the requested page
///
switch ($controller = $url[0]) {
case '':
include('controllers/home.php');
break;
case 'builder':
case 'explore':
case 'page':
case 'request':
case 'settings':
case 'ship':
include("controllers/$controller.php");
break;
case 'who':
include('controllers/profile.php'); //Azhàr controller
break;
case 'push':
include('controllers/motd.php'); //Azhàr controller
break;
case 'quux':
//It's like a test/debug console/sandbox, you put what you want into
if (file_exists('dev/quux.php')) {
include('dev/quux.php');
} else {
message_die(GENERAL_ERROR, "Quux lost in Hollywood.", "Nay");
}
break;
default:
//TODO: returns a prettier 404 page
header("Status: 404 Not Found");
dieprint_r($url, 'Unknown URL');
}

File Metadata

Mime Type
text/x-diff
Expires
Mon, Nov 11, 11:09 (2 w, 3 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
20950
Default Alt Text
(335 KB)

Event Timeline