diff --git a/includes/content/zone.php b/includes/content/zone.php index 23a21a8..e0d7713 100755 --- a/includes/content/zone.php +++ b/includes/content/zone.php @@ -1,205 +1,203 @@ * @copyright 2010 Sébastien Santoro aka Dereckson * @license http://www.opensource.org/licenses/bsd-license.php BSD * @version 0.1 * @link http://scherzo.dereckson.be/doc/zed * @link http://zed.dereckson.be/ * @filesource */ /** * Content zone class * * A zone is a physical place, independent from the location. * This mechanism allows to more easily move zones. * * This class maps the content_zones table. */ class ContentZone { public $id; public $title; public $type; public $params; public $deleted = false; /** * Initializes a new instance of a zone object * * @param int $id The zone ID */ function __construct ($id = '') { if ($id) { $this->id = $id; return $this->load_from_database(); } } /** * Loads the object zone (ie fill the properties) from the $_POST array */ function load_from_form () { if (array_key_exists('title', $_POST)) { $this->user_id = $_POST['title']; } if (array_key_exists('type', $_POST)) { $this->user_id = $_POST['type']; } if (array_key_exists('params', $_POST)) { $this->user_id = $_POST['params']; } if (array_key_exists('deleted', $_POST)) { $this->user_id = $_POST['deleted']; } } /** * Loads the object zone (ie fill the properties) from the $row array */ function load_from_row ($row) { $this->id = $row['zone_id']; $this->title = $row['zone_title']; $this->type = $row['zone_type']; $this->params = $row['zone_params']; $this->deleted = $row['zone_deleted'] ? true : false; } /** * Loads the object zone (ie fill the properties) from the database */ function load_from_database () { global $db; $id = $db->sql_escape($this->id); $sql = "SELECT * FROM " . TABLE_CONTENT_ZONES . " WHERE zone_id = '" . $id . "'"; if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, 'Unable to query content_zones', '', __LINE__, __FILE__, $sql); } if (!$row = $db->sql_fetchrow($result)) { $this->lastError = 'Zone unknown: ' . $this->id; return false; } $this->load_from_row($row); return true; } /** * Saves the object to the database */ function save_to_database () { global $db; $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL'; $title = $db->sql_escape($this->title); $type = $db->sql_escape($this->type); $params = $db->sql_escape($this->params); $deleted = $this->deleted ? 1 : 0; $sql = "REPLACE INTO " . TABLE_CONTENT_ZONES . " (`zone_id`, `zone_title`, `zone_type`, `zone_params`, `zone_deleted`) VALUES ($id, '$title', '$type', '$params', $deleted)"; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql); } if (!$this->id) { $this->id = $db->sql_nextid(); } } /** * Assigns the zone at the specified location. * * @param string $location_global the global location * @param string $location_global the local location * @param bool $delete_old_locations if true, delete old locations */ function assign_to ($location_global, $location_local, $delete_old_locations = true) { if (!$this->id) { $this->save_to_database(); } global $db; if ($delete_old_locations) { $sql = "DELETE FROM " . TABLE_CONTENT_ZONES_LOCATIONS . " WHERE zone_id = " . $this->id; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to delete", '', __LINE__, __FILE__, $sql); } } $g = $db->sql_escape($location_global); $l = $db->sql_escape($location_local); $sql = "REPLACE INTO " . TABLE_CONTENT_ZONES_LOCATIONS . " (location_global, location_local, zone_id) VALUES ('$g', '$l', $this->id)"; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to set zone location", '', __LINE__, __FILE__, $sql); } } /** * Gets the zone at specified location * * @param string $location_global the global location * @param string $location_global the local location * @param bool $create if the zone doesn't exist, create it [optional] [default value: false] * @return ContentZone the zone, or null if the zone doesn't exist and $create is false */ static function at ($location_global, $location_local, $create = false) { global $db; $g = $db->sql_escape($location_global); $l = $db->sql_escape($location_local); $sql = "SELECT * FROM " . TABLE_CONTENT_ZONES_LOCATIONS . " WHERE location_global = '$g' AND location_local = '$l'"; if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to set zone location", '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { return new ContentZone($row['zone_id']); } elseif ($create) { $zone = new ContentZone(); $zone->assign_to($location_global, $location_local); return $zone; } else { return null; } } /** * Gets all the zones matching the specified location queries * * @param string $location_global_query the global location query * @param string $location_local_query the local location query * @return Array a ContentZone array, with each item a zone found * * [SECURITY] They are passed as is in SQL [R]LIKE queries, you can't inject users expression. * * The following properties are added to the ContentZone items of the returned array: * - location_global * - location_local */ static function search ($location_global_query, $location_local_query, $use_regexp_for_local = false) { global $db; $zones = []; $op = $use_regexp_for_local ? 'RLIKE' : 'LIKE'; $sql = "SELECT * FROM " . TABLE_CONTENT_ZONES_LOCATIONS . " WHERE location_global LIKE '$location_global_query' AND location_local $op '$location_local_query'"; if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to set zone location", '', __LINE__, __FILE__, $sql); } while ($row = $db->sql_fetchrow($result)) { $zone = new ContentZone($row['zone_id']); $zone->location_global = $row['location_global']; $zone->location_local = $row['location_local']; $zones[] = $zone; } return $zones; } } - -?> diff --git a/includes/objects/invite.php b/includes/objects/invite.php index 0a7868b..784e2d8 100755 --- a/includes/objects/invite.php +++ b/includes/objects/invite.php @@ -1,199 +1,197 @@ * @copyright 2010 Sébastien Santoro aka Dereckson * @license http://www.opensource.org/licenses/bsd-license.php BSD * @version 0.1 * @link http://scherzo.dereckson.be/doc/zed * @link http://zed.dereckson.be/ * @filesource */ /** * User invite class * * This class maps the users_invites table. */ class Invite { public $code; public $date; public $from_user_id; public $from_perso_id; /** * The user_id who have been claimed the invite * Will be NULL as long as the invite haven't been claimed * * @var int */ public $to_user_id = NULL; /** * Initializes a new instance * * @param int $code the primary key */ function __construct ($code = NULL) { if ($code) { $this->code = $code; $this->load_from_database(); } else { //New invite code $this->generate_code(); $this->date = time(); } } /** * Generates a unique invite code and sets it in the code property. */ function generate_code () { global $db; do { $this->code = generate_random_string("AAA111"); $sql = "SELECT COUNT(*) FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$this->code' LOCK IN SHARE MODE;"; if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); } while ($row[0]); } /** * Loads the object Invite (ie fill the properties) from the database */ function load_from_database () { global $db; $code = $db->sql_escape($this->code); $sql = "SELECT * FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '" . $code . "'"; if ( !($result = $db->sql_query($sql)) ) { message_die(SQL_ERROR, "Unable to query invite codes", '', __LINE__, __FILE__, $sql); } if (!$row = $db->sql_fetchrow($result)) { $this->lastError = "Invite code unknown: " . $this->code; return false; } $this->code = $row['invite_code']; $this->date = $row['invite_date']; $this->from_user_id = $row['invite_from_user_id']; $this->from_perso_id = $row['invite_from_perso_id']; $this->to_user_id = $row['invite_to_user_id']; return true; } /** * Determines whether the current invite code have been claimed by an user. * * @return true if the code have been claimed ; otherwise, false. */ function is_claimed () { return (bool)$this->to_user_id; } /** * Saves to database */ function save_to_database () { global $db; $code = $db->sql_escape($this->code); $date = $db->sql_escape($this->date); $from_user_id = $db->sql_escape($this->from_user_id); $from_perso_id = $db->sql_escape($this->from_perso_id); $to_user_id = $this->to_user_id ? "'" . $db->sql_escape($this->to_user_id) . "'" : 'NULL'; //Updates or inserts $sql = "REPLACE INTO " . TABLE_USERS_INVITES . " (`invite_code`, `invite_date`, `invite_from_user_id`, `invite_from_perso_id`, `invite_to_user_id`) VALUES ('$code', '$date', '$from_user_id', '$from_perso_id', $to_user_id)"; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to save invite code", '', __LINE__, __FILE__, $sql); } } /** * Deletes the invite */ function delete () { global $db; $code = $db->sql_escape($this->code); $sql = "DELETE FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$code'"; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to save delete code", '', __LINE__, __FILE__, $sql); } } /** * Creates an invite code * * @param int $user_id user id * @param int $perso_id perso id * @return string the invite code */ static function create ($user_id, $perso_id) { $invite = new Invite(); $invite->from_perso_id = $perso_id; $invite->from_user_id = $user_id; $invite->save_to_database(); return $invite->code; } /** * Gets invites generated by the specified perso ID * * @param int $perso_id the perso whom to get the invites * @return Array an array of string, each line being an invite code */ static function get_invites_from ($perso_id) { global $db; $sql = "SELECT invite_code FROM " . TABLE_USERS_INVITES . " WHERE invite_from_perso_id = $perso_id AND invite_to_user_id IS NULL ORDER BY invite_date ASC"; if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql); } $codes = []; while ($row = $db->sql_fetchrow($result)) { $codes[] = $row['invite_code']; } return $codes; } /** * Gets the perso ID who invited the specified perso * * @param int $perso_id the perso whom to get the invites * @return int|null the perso whom to get the invites ; or null, if nobody have invited him */ static function who_invited ($perso_id) { global $db; $perso = Perso::get($perso_id); if ($user_id = $perso->user_id) { $sql = "SELECT invite_from_perso_id FROM " . TABLE_USERS_INVITES . " WHERE invite_to_user_id = '$user_id'"; if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { return $row[0]; } } return null; } } - -?> diff --git a/includes/objects/message.php b/includes/objects/message.php index 3bd77ed..3d8cfd1 100755 --- a/includes/objects/message.php +++ b/includes/objects/message.php @@ -1,168 +1,166 @@ * @copyright 2010 Sébastien Santoro aka Dereckson * @license http://www.opensource.org/licenses/bsd-license.php BSD * @version 0.1 * @link http://scherzo.dereckson.be/doc/zed * @link http://zed.dereckson.be/ * @filesource */ /** * Message class * * This class maps the messages table. * * It also provides a static method to get perso's messages. */ class Message { public $id; public $date; public $from; public $to; public $text; public $flag; /** * Initializes a new instance * * @param int $id the primary key */ function __construct ($id = null) { if ($id) { $this->id = $id; $this->load_from_database(); } else { $this->date = time(); $this->flag = 0; //unread } } /** * Loads the object Message (ie fill the properties) from the $_POST array */ function load_from_form () { if (array_key_exists('date', $_POST)) { $this->date = $_POST['date']; } if (array_key_exists('from', $_POST)) { $this->from = $_POST['from']; } if (array_key_exists('to', $_POST)) { $this->to = $_POST['to']; } if (array_key_exists('text', $_POST)) { $this->text = $_POST['text']; } if (array_key_exists('flag', $_POST)) { $this->flag = $_POST['flag']; } } /** * Loads the object Message (ie fill the properties) from the database */ function load_from_database () { global $db; $sql = "SELECT * FROM messages WHERE message_id = '" . $this->id . "'"; if ( !($result = $db->sql_query($sql)) ) { message_die(SQL_ERROR, "Unable to query messages", '', __LINE__, __FILE__, $sql); } if (!$row = $db->sql_fetchrow($result)) { $this->lastError = "Message unknown: " . $this->id; return false; } $this->date = $row['message_date']; $this->from = $row['message_from']; $this->to = $row['message_to']; $this->text = $row['message_text']; $this->flag = $row['message_flag']; return true; } /** * Saves to database */ function save_to_database () { global $db; $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL'; $date = $db->sql_escape($this->date); $from = $db->sql_escape($this->from); $to = $db->sql_escape($this->to); $text = $db->sql_escape($this->text); $flag = $db->sql_escape($this->flag); //Updates or inserts $sql = "REPLACE INTO messages (`message_id`, `message_date`, `message_from`, `message_to`, `message_text`, `message_flag`) VALUES ($id, '$date', '$from', '$to', '$text', '$flag')"; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql); } if (!$id) { //Gets new record id value $this->id = $db->sql_nextid(); } } /** * Sends the message */ function send () { $this->save_to_database(); //TODO: triggers new message notifier } /** * Deletes the message */ function delete () { //A message is deleted if its flag value is 2 if ($this->flag != 2) { $this->flag = 2; $this->save_to_database(); } } /** * Gets messages from the specified perso */ static function get_messages ($perso_id, $mark_as_read = true, &$countNewMessages = 0) { global $db; $sql = "SELECT message_id FROM " . TABLE_MESSAGES . " WHERE message_to = " . $db->sql_escape($perso_id) . " AND message_flag < 2 ORDER BY message_id DESC"; if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to get messages", '', __LINE__, __FILE__, $sql); } while ($row = $db->sql_fetchrow($result)) { $message = new Message($row[0]); $messages[] = $message; $ids[] = $message->id; if ($message->flag == 0) { //New message $countNewMessages++; } } if ($mark_as_read && count($ids)) { $ids = join($ids, ', '); $sql = "UPDATE " . TABLE_MESSAGES . " SET message_flag = '1' WHERE message_id IN ($ids)"; $db->sql_query($sql); } return $messages; } } - -?> diff --git a/includes/objects/motd.php b/includes/objects/motd.php index ddd0126..e33a565 100755 --- a/includes/objects/motd.php +++ b/includes/objects/motd.php @@ -1,103 +1,101 @@ * @copyright 2010 Sébastien Santoro aka Dereckson * @license http://www.opensource.org/licenses/bsd-license.php BSD * @version 0.1 * @link http://scherzo.dereckson.be/doc/zed * @link http://zed.dereckson.be/ * @filesource */ /** * MOTD class * * This class maps the motd table. */ class MOTD { public $id; public $perso_id; public $text; public $date; /** * Initializes a new instance of a MOTD object * * @param int $id The MOTD ID */ function __construct ($id = '') { if ($id) { $this->id = $id; return $this->load_from_database(); } else { $this->date = time(); return true; } } /** * Loads the object MOTD (ie fill the properties) from the $_POST array */ function load_from_form () { if (array_key_exists('perso_id', $_POST)) { $this->user_id = $_POST['user_id']; } if (array_key_exists('text', $_POST)) { $this->text = $_POST['text']; } if (array_key_exists('date', $_POST)) { $this->date = $_POST['date']; } } /** * Loads the object MOTD (ie fill the properties) from the database */ function load_from_database () { global $db; $id = $db->sql_escape($this->id); $sql = "SELECT * FROM " . TABLE_MOTD . " WHERE motd_id = '" . $id . "'"; if ( !($result = $db->sql_query($sql)) ) { message_die(SQL_ERROR, "Unable to query azhar_motd", '', __LINE__, __FILE__, $sql); } if (!$row = $db->sql_fetchrow($result)) { $this->lastError = "MOTD unknown: " . $this->id; return false; } $this->perso_id = $row['perso_id']; $this->text = $row['motd_text']; $this->date = $row['motd_date']; return true; } /** * Saves the object to the database */ function save_to_database () { global $db; $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL'; $perso_id = $db->sql_escape($this->perso_id); $text = $db->sql_escape($this->text); $date = $db->sql_escape($this->date); $sql = "REPLACE INTO " . TABLE_MOTD . " (`motd_id`, `perso_id`, `motd_text`, `motd_date`) VALUES ($id, '$perso_id', '$text', '$date')"; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql); } } } - -?> diff --git a/includes/objects/profilecomment.php b/includes/objects/profilecomment.php index 8619775..7adec57 100755 --- a/includes/objects/profilecomment.php +++ b/includes/objects/profilecomment.php @@ -1,140 +1,138 @@ * @copyright 2010 Sébastien Santoro aka Dereckson * @license http://www.opensource.org/licenses/bsd-license.php BSD * @version 0.1 * @link http://scherzo.dereckson.be/doc/zed * @link http://zed.dereckson.be/ * @filesource */ /** * Profile comments class * * This class maps the profiles_comments table. */ class ProfileComment { public $id; public $perso_id; public $author; public $authorname; //should be read-only public $date; public $text; /** * Initializes a new instance of the ProfileComment class * * @param int $id the comment ID */ function __construct ($id = '') { if ($id) { $this->id = $id; $this->load_from_database(); } else { $this->date = time(); } } /** * Loads the object comment (ie fill the properties) from the $_POST array */ function load_from_form () { if (array_key_exists('perso_id', $_POST)) { $this->perso_id = $_POST['perso_id']; } if (array_key_exists('author', $_POST)) { $this->author = $_POST['author']; } if (array_key_exists('date', $_POST)) { $this->date = $_POST['date']; } if (array_key_exists('text', $_POST)) { $this->text = $_POST['text']; } } /** * Loads the object comment (ie fill the properties) from the database */ function load_from_database () { global $db; $id = $db->sql_escape($this->id); $sql = "SELECT c.*, p.perso_name as author FROM " . TABLE_PROFILES_COMMENTS . " c, " . TABLE_PERSOS . " p WHERE c.comment_id = '$id' AND p.perso_id = c.comment_author"; if ( !($result = $db->sql_query($sql)) ) { message_die(SQL_ERROR, "Unable to query azhar_profiles_comments", '', __LINE__, __FILE__, $sql); } if (!$row = $db->sql_fetchrow($result)) { $this->lastError = "comment unknown: " . $this->id; return false; } $this->perso_id = $row['perso_id']; $this->author = $row['comment_author']; $this->authorname = $row['author']; $this->date = $row['comment_date']; $this->text = $row['comment_text']; return true; } /** * Saves the object to the database */ function save_to_database () { global $db; $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL'; $perso_id = $db->sql_escape($this->perso_id); $author = $db->sql_escape($this->author); $date = $db->sql_escape($this->date); $text = $db->sql_escape($this->text); $sql = "REPLACE INTO " . TABLE_PROFILES_COMMENTS . " (`comment_id`, `perso_id`, `comment_author`, `comment_date`, `comment_text`) VALUES ($id, '$perso_id', '$author', '$date', '$text')"; if (!$db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql); } if (!$id) { //Gets new record id value $this->id = $db->sql_nextid(); } } /** * Publishes the comment * @todo Add events on publish */ function publish () { $this->save_to_database(); } /** * Gets comments * * @param int $perso_id The Perso ID */ static function get_comments ($perso_id) { global $db; $sql = "SELECT comment_id FROM " . TABLE_PROFILES_COMMENTS . " WHERE perso_id = " . $db->sql_escape($perso_id); if (!$result = $db->sql_query($sql)) { message_die(SQL_ERROR, "Unable to get comments", '', __LINE__, __FILE__, $sql); } while ($row = $db->sql_fetchrow($result)) { $comments[] = new ProfileComment($row[0]); } return $comments; } } - -?>