Rev 519 | Rev 521 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
297 | freddie | 1 | <?php |
2 | |||
3 | require '_config.php'; |
||
4 | |||
5 | class Taios_Page |
||
6 | { |
||
7 | function __construct($title, $url = "") |
||
8 | { |
||
9 | $this->title = $title; |
||
10 | $this->url = $url; |
||
11 | |||
12 | $this->drawnHeader = false; |
||
13 | $this->drawnMiddle = false; |
||
14 | $this->drawnFooter = false; |
||
15 | |||
487 | tom | 16 | try { |
17 | $this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, |
||
18 | array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" )); |
||
19 | } catch (PDOException $e) { |
||
20 | $this->drawError("Failed to connect to database!"); |
||
21 | } |
||
297 | freddie | 22 | } |
23 | |||
24 | function drawHeader() |
||
25 | { |
||
26 | if (!$this->drawnHeader) |
||
27 | { |
||
28 | write('<!DOCTYPE html>'); |
||
490 | tom | 29 | write('<html lang="en">'); |
297 | freddie | 30 | write('<head>'); |
31 | write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">'); |
||
32 | write('<title>Tim32 · ' . $this->title . '</title>'); |
||
490 | tom | 33 | write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />'); |
463 | tom | 34 | write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />'); |
485 | muzer | 35 | write('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>'); |
36 | write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>'); |
||
297 | freddie | 37 | write('</head>'); |
38 | write('<body>'); |
||
39 | write('<div class="sidebar">'); |
||
40 | write('<div class="sidebar-header">'); |
||
483 | muzer | 41 | write('<a href="' . $this->url . '"><h1>Tim32</h1></a>'); |
297 | freddie | 42 | write('</div>'); |
43 | write('<div class="sidebar-menu">'); |
||
44 | $this->drawMenuItem('Home', 'index.php'); |
||
45 | $this->drawMenuItem('Blog', 'blog/'); |
||
46 | $this->drawMenuItem('Projects', 'projects/'); |
||
47 | $this->drawMenuItem('Forums', 'forums/'); |
||
48 | $this->drawMenuItem('Wiki', 'wiki/'); |
||
49 | $this->drawMenuItem('Photos', 'photos/'); |
||
50 | write('<br />'); |
||
485 | muzer | 51 | |
52 | if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) { |
||
297 | freddie | 53 | $this->drawMenuItem('Administration', 'admin/'); |
54 | $this->drawMenuItem('Logout', 'logout-do.php'); |
||
485 | muzer | 55 | } else if ($this->isLoggedIn()) { |
471 | muzer | 56 | $this->drawMenuItem('Logout', 'logout-do.php'); |
485 | muzer | 57 | |
58 | if ($this->getLoggedInUser()->username != "cake") { |
||
471 | muzer | 59 | $this->drawMenuItem('You are banned', NULL); |
485 | muzer | 60 | } else { |
472 | tom | 61 | $this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder'); |
485 | muzer | 62 | } |
63 | } else { |
||
297 | freddie | 64 | $this->drawMenuItem('Login', 'login.php'); |
65 | $this->drawMenuItem('Register', 'register.php'); |
||
66 | } |
||
485 | muzer | 67 | |
297 | freddie | 68 | write('<br />'); |
69 | $this->drawnHeader = true; |
||
70 | } |
||
71 | } |
||
72 | |||
485 | muzer | 73 | function drawMenuItem($t, $u) { |
74 | if ($u == NULL) { |
||
471 | muzer | 75 | write('<p style="color:red">' . $t . '</p>'); |
485 | muzer | 76 | } else { |
471 | muzer | 77 | write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>'); |
78 | } |
||
297 | freddie | 79 | } |
80 | |||
81 | function drawMiddle() |
||
82 | { |
||
485 | muzer | 83 | if (!$this->drawnMiddle) { |
297 | freddie | 84 | write('</div>'); |
85 | write('</div>'); |
||
86 | write('<div class="content">'); |
||
483 | muzer | 87 | write('<a href="./"><h2>' . $this->title . '</h2></a>'); |
297 | freddie | 88 | |
89 | $this->drawnMiddle = true; |
||
90 | } |
||
91 | } |
||
92 | |||
93 | function drawFooter() |
||
94 | { |
||
95 | if (!$this->drawnFooter) |
||
96 | { |
||
97 | write('</div>'); |
||
98 | write('</body>'); |
||
99 | write('</html>'); |
||
100 | |||
101 | $this->drawnFooter = true; |
||
102 | } |
||
103 | |||
104 | die(); |
||
105 | } |
||
106 | |||
107 | function drawError($text, $die = true) |
||
108 | { |
||
109 | $this->drawHeader(); |
||
110 | $this->drawMiddle(); |
||
111 | |||
112 | write('<h4 style="color: red;">Error: ' . $text . '</h4>'); |
||
113 | |||
490 | tom | 114 | if ($die) { |
297 | freddie | 115 | $this->drawFooter(); |
116 | die(); |
||
117 | } |
||
118 | } |
||
119 | |||
120 | function drawBlogPostTree($id, $first = false) |
||
121 | { |
||
122 | $post = $this->getBlogPost($id); |
||
123 | if ($first) |
||
124 | { |
||
125 | write('<h3><a href="post.php?id=' . $id . '">' . $post->title. '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>'); |
||
126 | } |
||
127 | else |
||
128 | { |
||
129 | write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
||
130 | } |
||
131 | write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
||
132 | write('<p>' . $this->replaceBBCode($post->content) . '</p>'); |
||
133 | |||
134 | if ($this->isUserNormal($this->getLoggedInUser())) |
||
135 | { |
||
136 | echo '<p class="bold"><a href="add-post.php?id=' . $id . '">Add Comment</a>'; |
||
137 | if ($this->isUserAdmin($this->getLoggedInUser()) || $this->getLoggedInUser()->ID == $post->author->ID) |
||
138 | { |
||
139 | echo ' · <a href="edit-post.php?id=' . $id . '">Edit Post</a>'; |
||
140 | echo ' · <a href="del-post.php?id=' . $id . '">Delete Post</a>'; |
||
141 | } |
||
142 | write('</p><br />'); |
||
143 | } |
||
144 | |||
497 | muzer | 145 | $ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id)); |
297 | freddie | 146 | for ($i = 0; $i < count($ids); $i++) |
147 | { |
||
148 | write('<div class="indent">'); |
||
149 | $this->drawBlogPostTree($ids[$i]); |
||
150 | write('</div>'); |
||
151 | } |
||
152 | } |
||
153 | |||
154 | function drawBlogCategoriesMenu() |
||
155 | { |
||
156 | $cats = array(); |
||
157 | |||
158 | $ids = $this->findIDs('BlogPosts', 'WHERE ParentID = -1'); |
||
159 | for ($i = 0; $i < count($ids); $i++) |
||
160 | { |
||
161 | $cat = $this->getBlogPost($ids[$i])->category; |
||
483 | muzer | 162 | if (!in_array($cat, $cats) && ($cat != "Drafts" || $this->isUserGM($this->getLoggedInUser()))) |
297 | freddie | 163 | { |
164 | array_push($cats, $cat); |
||
165 | } |
||
166 | } |
||
167 | |||
168 | write('<h3>Categories</h3>'); |
||
169 | for ($i = 0; $i < count($cats); $i++) |
||
170 | { |
||
171 | $this->drawMenuItem($cats[$i], 'blog/index.php?cat=' . $cats[$i]); |
||
172 | } |
||
173 | } |
||
174 | |||
175 | function replaceBBCode($str) |
||
176 | { |
||
437 | tom | 177 | $newstr = $str; |
484 | muzer | 178 | $newstr = str_replace("<", "<", $newstr); |
179 | $newstr = str_replace(">", ">", $newstr); |
||
481 | muzer | 180 | $newstr = str_replace("\n", "<br />", $newstr); |
362 | tom | 181 | $newstr = str_replace("\\'", "'", $newstr); |
182 | $newstr = str_replace("\\\"",'"', $newstr); |
||
297 | freddie | 183 | $newstr = str_replace(' ', ' ', $newstr); |
184 | |||
185 | $bbcode = array( |
||
485 | muzer | 186 | '/\[b\](.+?)\[\/b\]/is', |
187 | '/\[i\](.+?)\[\/i\]/is', |
||
188 | '/\[u\](.+?)\[\/u\]/is', |
||
495 | muzer | 189 | '/\[s\](.+?)\[\/s\]/is', |
485 | muzer | 190 | '/\[url\](.+?)\[\/url\]/is', |
486 | muzer | 191 | '/\[w\](.+?)\[\/w\]/is', |
485 | muzer | 192 | '/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is', |
486 | muzer | 193 | '/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is', |
485 | muzer | 194 | '/\[code\](.+?)\[\/code\]/is', |
195 | '/\[img\](.+?)\[\/img\]/is', |
||
196 | '/\[ul\](.+?)\[\/ul\]/is', |
||
197 | '/\[ol\](.+?)\[\/ol\]/is', |
||
198 | '/\[li\](.+?)\[\/li\]/is', |
||
199 | '/\[mono\](.+?)\[\/mono\]/is', |
||
200 | '/\[tcp\](.+?)\[\/tcp\]/is' |
||
297 | freddie | 201 | ); |
202 | |||
203 | $html = array( |
||
485 | muzer | 204 | '<b>$1</b>', |
205 | '<i>$1</i>', |
||
206 | '<u>$1</u>', |
||
495 | muzer | 207 | '<del>$1</del>', |
485 | muzer | 208 | '<a href="$1">$1</a>', |
486 | muzer | 209 | '<a href="/wiki/index.php?page=$1">$1</a>', |
485 | muzer | 210 | '<a href="$1">$2</a>', |
486 | muzer | 211 | '<a href="/wiki/index.php?page=$1">$2</a>', |
485 | muzer | 212 | '</p><div class="code">$1</div><p>', |
213 | '<img src="$1" alt="BBCode-included image" />', |
||
214 | '<ul>$1</ul>', |
||
215 | '<ol>$1</ol>', |
||
216 | '<li>$1</li>', |
||
217 | '<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>', |
||
218 | '<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="http://tim32.org/~freddie/timlan/goTCP.png" alt="Open TCP Editor" /></span>' |
||
297 | freddie | 219 | ); |
220 | |||
221 | $newstr = preg_replace($bbcode, $html, $newstr); |
||
222 | |||
223 | return $newstr; |
||
224 | } |
||
225 | |||
519 | freddie | 226 | function acceptFile($fname) |
227 | { |
||
228 | if (!ALLOW_FILES) |
||
229 | { |
||
230 | $page->drawError("This system doesn't allow file uploading."); |
||
231 | return false; |
||
232 | } |
||
233 | |||
234 | $this->checkLoggedIn(); |
||
235 | if ($this->getLoggedInUser()->accessID >= 2) |
||
236 | { |
||
237 | $page->drawError('You do not have permission to access this page.'); |
||
238 | } |
||
239 | |||
240 | $allowedExts = array("gif", "jpeg", "jpg", "png", "tga"); |
||
241 | $temp = explode(".", $_FILES[$fname]["name"]); |
||
242 | $extension = end($temp); |
||
243 | if ((($_FILES[$fname]["type"] == "image/gif") |
||
244 | || ($_FILES[$fname]["type"] == "image/jpeg") |
||
245 | || ($_FILES[$fname]["type"] == "image/jpg") |
||
246 | || ($_FILES[$fname]["type"] == "image/pjpeg") |
||
247 | || ($_FILES[$fname]["type"] == "image/x-png") |
||
248 | || ($_FILES[$fname]["type"] == "image/png") |
||
520 | freddie | 249 | || ($_FILES[$fname]["type"] == "image/x-targa") |
250 | || ($_FILES[$fname]["type"] == "image/x-tga")) |
||
519 | freddie | 251 | && ($_FILES[$fname]["size"] < 200000) // file size limit (bytes) |
252 | && in_array($extension, $allowedExts)) |
||
253 | { |
||
254 | if ($_FILES[$fname]["error"] > 0) |
||
255 | { |
||
256 | $page->drawError("File Upload Error: " . $_FILES[$fname]["error"]); |
||
257 | } |
||
258 | else |
||
259 | { |
||
260 | $lname = "upload/" . $this->rndString(12) . "." . $extension; |
||
261 | |||
262 | while (file_exists($lname)) |
||
263 | { |
||
264 | $lname = "upload/" . $this->rndString(12) . "." . $extension; |
||
265 | } |
||
266 | |||
267 | move_uploaded_file($_FILES[$fname]["tmp_name"], $lname); |
||
268 | return $lname; |
||
269 | } |
||
270 | } |
||
271 | else |
||
272 | { |
||
273 | $page->drawError("Invalid file"); |
||
274 | } |
||
275 | |||
276 | return false; |
||
277 | } |
||
278 | |||
297 | freddie | 279 | function redirect($u) |
280 | { |
||
281 | header('Location: ' . $u); |
||
282 | die(); |
||
283 | } |
||
284 | |||
285 | function isLoggedIn() |
||
286 | { |
||
287 | $cookie = $_COOKIE['Tim32_Login']; |
||
288 | if (!empty($cookie)) |
||
289 | { |
||
290 | $clist = explode('|~|', $cookie); |
||
291 | $user = $this->getUserByUsername($clist[0]); |
||
292 | if ($user) |
||
293 | { |
||
294 | if ($user->password == $clist[1]) |
||
295 | { |
||
296 | return true; |
||
297 | } |
||
298 | } |
||
299 | } |
||
300 | |||
301 | return false; |
||
302 | } |
||
303 | |||
304 | function isUserAdmin() |
||
305 | { |
||
306 | if ($this->isLoggedIn()) |
||
307 | { |
||
308 | if ($this->getLoggedInUser()->accessID <= 0) |
||
309 | { |
||
310 | return true; |
||
311 | } |
||
312 | } |
||
313 | |||
314 | return false; |
||
315 | } |
||
316 | |||
317 | function isUserGM() |
||
318 | { |
||
319 | if ($this->isLoggedIn()) |
||
320 | { |
||
321 | if ($this->getLoggedInUser()->accessID <= 1) |
||
322 | { |
||
323 | return true; |
||
324 | } |
||
325 | } |
||
326 | |||
327 | return false; |
||
328 | } |
||
329 | |||
330 | function isUserNormal() |
||
331 | { |
||
332 | if ($this->isLoggedIn()) |
||
333 | { |
||
334 | if ($this->getLoggedInUser()->accessID <= 2) |
||
335 | { |
||
336 | return true; |
||
337 | } |
||
338 | } |
||
339 | |||
340 | return false; |
||
341 | } |
||
342 | |||
471 | muzer | 343 | function isUserBanned() |
344 | { |
||
345 | if ($this->isLoggedIn()) |
||
346 | { |
||
347 | if ($this->getLoggedInUser()->accessID >= 3) |
||
348 | { |
||
349 | return true; |
||
350 | } |
||
351 | } |
||
352 | |||
353 | return false; |
||
354 | } |
||
355 | |||
384 | tom | 356 | function checkChallengeStatus($challengeID, $previous, $next) |
357 | { |
||
358 | $currentChallengeID = $this->getLoggedInUser()->challengeID; |
||
359 | |||
360 | if (!$this->isLoggedIn()) |
||
361 | { |
||
362 | $this->redirect('index.php'); |
||
363 | } |
||
364 | else if ($currentChallengeID > $challengeID) |
||
365 | { |
||
366 | $this->redirect($next . '.php'); |
||
367 | } |
||
368 | else if ($currentChallengeID < $challengeID) |
||
369 | { |
||
370 | $this->redirect($previous . '.php'); |
||
371 | } |
||
372 | } |
||
373 | |||
297 | freddie | 374 | function checkLoggedIn() |
375 | { |
||
376 | if (!$this->isLoggedIn()) |
||
377 | { |
||
378 | $this->drawError('You need to be logged in.'); |
||
379 | } |
||
380 | } |
||
381 | |||
489 | tom | 382 | function query($query, $args = array()) |
297 | freddie | 383 | { |
487 | tom | 384 | $statement = $this->db->prepare($query); |
385 | if (!$statement->execute($args)) { |
||
386 | $this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo()); |
||
387 | } |
||
388 | |||
389 | return $statement->fetchAll(); |
||
297 | freddie | 390 | } |
391 | |||
490 | tom | 392 | function findIDs($table, $query = '', $args = array()) |
297 | freddie | 393 | { |
394 | $array = array(); |
||
395 | |||
490 | tom | 396 | $results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args); |
487 | tom | 397 | foreach ($results as $row) { |
297 | freddie | 398 | array_push($array, $row['ID']); |
399 | } |
||
400 | |||
401 | return $array; |
||
402 | } |
||
403 | |||
404 | function getUserByID($id) |
||
405 | { |
||
490 | tom | 406 | foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) { |
407 | $user = new User(); |
||
297 | freddie | 408 | $user->ID = $row['ID']; |
409 | $user->accessID = $row['AccessID']; |
||
410 | $user->username = $row['Username']; |
||
411 | $user->password = $row['Password']; |
||
508 | freddie | 412 | $user->salt = $row['Salt']; |
297 | freddie | 413 | $user->emailAddress = $row['EmailAddress']; |
414 | $user->name = $row['Name']; |
||
507 | freddie | 415 | $user->csrftoken = $row['CSRFToken']; |
297 | freddie | 416 | $user->challengeID = $row['ChallengeID']; |
417 | |||
418 | return $user; |
||
419 | } |
||
420 | |||
421 | return false; |
||
422 | } |
||
423 | |||
490 | tom | 424 | function getUserByUsername($username) { |
425 | foreach ($this->query("SELECT * FROM Users WHERE Username = ?", array($username)) as $row) { |
||
297 | freddie | 426 | return $this->getUserByID($row['ID']); |
427 | } |
||
428 | |||
429 | return false; |
||
430 | } |
||
431 | |||
491 | tom | 432 | function getLoggedInUser() { |
433 | if ($this->isLoggedIn()) { |
||
297 | freddie | 434 | $clist = explode('|~|', $_COOKIE['Tim32_Login']); |
435 | return $this->getUserByUsername($clist[0]); |
||
436 | } |
||
437 | |||
438 | return false; |
||
439 | } |
||
440 | |||
491 | tom | 441 | function getBlogPost($id) { |
442 | foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 443 | $post = new BlogPost; |
444 | $post->ID = $row['ID']; |
||
491 | tom | 445 | |
446 | if ($row['ParentID'] == -1) { |
||
297 | freddie | 447 | $post->parent = -1; |
491 | tom | 448 | } else { |
297 | freddie | 449 | $post->parent = $this->getBlogPost($row['ParentID']); |
450 | } |
||
491 | tom | 451 | |
297 | freddie | 452 | $post->author = $this->getUserByID($row['AuthorID']); |
453 | $post->user = $this->getUserByID($row['AuthorID']); // For some older pages |
||
485 | muzer | 454 | $post->title = htmlspecialchars($row['Title']); |
455 | $post->content = htmlspecialchars($row['Content']); |
||
297 | freddie | 456 | $post->datePosted = strtotime($row['DatePosted']); |
457 | $post->category = $row['Category']; |
||
458 | $post->spam = $row['Spam']; |
||
459 | |||
460 | return $post; |
||
461 | } |
||
462 | |||
463 | $this->drawError('Cannot find blog post, #' . $id); |
||
464 | } |
||
465 | |||
491 | tom | 466 | function getProject($id) { |
467 | foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 468 | $project = new Project; |
469 | |||
470 | $project->ID = $row['ID']; |
||
471 | $project->author = $this->getUserByID($row['AuthorID']); |
||
472 | $project->title = $row['Title']; |
||
473 | $project->description = $row['Description']; |
||
474 | $project->logoURL = $row['LogoURL']; |
||
475 | $project->downloadURL = $row['DownloadURL']; |
||
476 | $project->websiteURL = $row['WebsiteURL']; |
||
477 | $project->latestVersion = $row['LatestVersion']; |
||
478 | $project->lastUpdate = strtotime($row['LastUpdate']); |
||
479 | |||
480 | return $project; |
||
481 | } |
||
482 | |||
483 | return false; |
||
484 | } |
||
485 | |||
491 | tom | 486 | function getForumCategory($id) { |
487 | foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 488 | $f = new ForumCategory; |
489 | |||
490 | $f->ID = $row['ID']; |
||
491 | $f->parent = $this->getForumCategory($row['ParentID']); |
||
492 | $f->title = $row['Title']; |
||
493 | $f->description = $row['Description']; |
||
494 | |||
495 | return $f; |
||
496 | } |
||
497 | |||
498 | return false; |
||
499 | } |
||
500 | |||
491 | tom | 501 | function getForumPost($id) { |
502 | foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 503 | $f = new ForumPost; |
504 | |||
505 | $f->ID = $row['ID']; |
||
506 | $f->author = $this->getUserByID($row['AuthorID']); |
||
507 | $f->category = $this->getForumCategory($row['CategoryID']); |
||
508 | $f->parent = $this->getForumPost($row['ParentID']); |
||
509 | $f->title = $row['Title']; |
||
510 | $f->content = $row['Content']; |
||
511 | $f->datePosted = strtotime($row['DatePosted']); |
||
512 | $f->spam = $row['Spam']; |
||
513 | |||
514 | return $f; |
||
515 | } |
||
516 | |||
517 | return false; |
||
518 | } |
||
519 | |||
491 | tom | 520 | function delBlogPost($id) { |
521 | foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) { |
||
522 | $this->delBlogPost($i); |
||
297 | freddie | 523 | } |
491 | tom | 524 | |
525 | $this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
||
297 | freddie | 526 | } |
527 | |||
500 | freddie | 528 | function saltAndBurn($pass, $salt) { |
503 | freddie | 529 | return sha1($salt . $pass); |
500 | freddie | 530 | } |
531 | |||
508 | freddie | 532 | function rndString($len = 8) { |
533 | $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp'; |
||
514 | freddie | 534 | $clen = strlen($chars); |
508 | freddie | 535 | |
536 | $res = ''; |
||
537 | for ($i = $len - 1; $i >= 0; $i--) { |
||
513 | freddie | 538 | $res .= $chars[rand(0, $clen - 1)]; |
508 | freddie | 539 | } |
540 | |||
541 | return $res; |
||
542 | } |
||
543 | |||
510 | freddie | 544 | function getCSRFToken($id) { |
508 | freddie | 545 | $token = $this->rndString(); |
512 | freddie | 546 | $this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
508 | freddie | 547 | return $token; |
548 | } |
||
549 | |||
510 | freddie | 550 | function checkCSRFToken($id, $token) { |
508 | freddie | 551 | $user = $this->getUserByID($id); |
552 | if ($token !== $user->csrftoken) { |
||
553 | die("a death"); |
||
554 | } |
||
555 | |||
510 | freddie | 556 | $this->getCSRFToken($id); // change to something else so we can't re-use it |
508 | freddie | 557 | } |
558 | |||
491 | tom | 559 | function getGetID() { |
297 | freddie | 560 | $id = $_GET['id']; |
491 | tom | 561 | if (empty($id)) { |
297 | freddie | 562 | $id = 1; |
563 | } |
||
564 | |||
565 | return $id; |
||
566 | } |
||
567 | |||
491 | tom | 568 | function getPostID() { |
297 | freddie | 569 | $id = $_POST['id']; |
491 | tom | 570 | if (empty($id)) { |
297 | freddie | 571 | $id = 1; |
572 | } |
||
573 | |||
574 | return $id; |
||
575 | } |
||
576 | |||
577 | } |
||
578 | |||
579 | class User |
||
580 | { |
||
581 | public $ID; |
||
582 | public $accessID; |
||
583 | public $username; |
||
584 | public $password; |
||
508 | freddie | 585 | public $salt; |
297 | freddie | 586 | public $emailAddress; |
587 | public $name; |
||
507 | freddie | 588 | public $csrftoken; |
443 | tom | 589 | |
297 | freddie | 590 | public $challengeID; |
591 | } |
||
592 | |||
593 | class BlogPost |
||
594 | { |
||
595 | public $ID; |
||
596 | public $parent; |
||
597 | public $author; |
||
598 | public $title; |
||
599 | public $content; |
||
600 | public $datePosted; |
||
601 | public $category; |
||
602 | public $spam; |
||
603 | } |
||
604 | |||
605 | class Project |
||
606 | { |
||
607 | public $ID; |
||
608 | public $author; |
||
609 | public $title; |
||
610 | public $description; |
||
426 | tom | 611 | |
434 | tom | 612 | |
297 | freddie | 613 | public $logoURL; |
614 | public $downloadURL; |
||
615 | public $websiteURL; |
||
616 | public $latestVersion; |
||
617 | public $lastUpdate; |
||
618 | } |
||
619 | |||
620 | class ForumCategory |
||
621 | { |
||
622 | public $ID; |
||
623 | public $parent; |
||
624 | public $title; |
||
625 | public $description; |
||
401 | tom | 626 | |
297 | freddie | 627 | } |
628 | |||
629 | class ForumPost |
||
630 | { |
||
631 | public $id; |
||
632 | public $author; |
||
633 | public $category; |
||
634 | public $parent; |
||
635 | public $title; |
||
636 | public $content; |
||
637 | public $datePosted; |
||
638 | public $spam; |
||
639 | } |
||
640 | |||
641 | function write($str) |
||
642 | { |
||
643 | echo $str; |
||
644 | echo "\n"; |
||
645 | } |
||
646 | |||
647 | ?> |