Rev 521 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
297 | freddie | 1 | <?php |
2 | |||
3 | require '_config.php'; |
||
4 | |||
5 | class Taios_Page |
||
6 | { |
||
7 | function __construct($title, $url = "") |
||
8 | { |
||
9 | $this->title = $title; |
||
10 | $this->url = $url; |
||
11 | |||
12 | $this->drawnHeader = false; |
||
13 | $this->drawnMiddle = false; |
||
14 | $this->drawnFooter = false; |
||
15 | |||
487 | tom | 16 | try { |
17 | $this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, |
||
18 | array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" )); |
||
19 | } catch (PDOException $e) { |
||
20 | $this->drawError("Failed to connect to database!"); |
||
21 | } |
||
297 | freddie | 22 | } |
23 | |||
24 | function drawHeader() |
||
25 | { |
||
26 | if (!$this->drawnHeader) |
||
27 | { |
||
28 | write('<!DOCTYPE html>'); |
||
490 | tom | 29 | write('<html lang="en">'); |
297 | freddie | 30 | write('<head>'); |
31 | write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">'); |
||
522 | muzer | 32 | write('<title>Tim32 · ' . htmlentities($this->title, ENT_QUOTES) . '</title>'); |
490 | tom | 33 | write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />'); |
463 | tom | 34 | write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />'); |
522 | muzer | 35 | write('<script type="text/javascript" src="//code.jquery.com/jquery-1.9.0.min.js"></script>'); |
485 | muzer | 36 | write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>'); |
297 | freddie | 37 | write('</head>'); |
38 | write('<body>'); |
||
39 | write('<div class="sidebar">'); |
||
40 | write('<div class="sidebar-header">'); |
||
483 | muzer | 41 | write('<a href="' . $this->url . '"><h1>Tim32</h1></a>'); |
297 | freddie | 42 | write('</div>'); |
43 | write('<div class="sidebar-menu">'); |
||
44 | $this->drawMenuItem('Home', 'index.php'); |
||
45 | $this->drawMenuItem('Blog', 'blog/'); |
||
46 | $this->drawMenuItem('Projects', 'projects/'); |
||
47 | $this->drawMenuItem('Forums', 'forums/'); |
||
48 | $this->drawMenuItem('Wiki', 'wiki/'); |
||
49 | $this->drawMenuItem('Photos', 'photos/'); |
||
50 | write('<br />'); |
||
485 | muzer | 51 | |
52 | if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) { |
||
297 | freddie | 53 | $this->drawMenuItem('Administration', 'admin/'); |
54 | $this->drawMenuItem('Logout', 'logout-do.php'); |
||
485 | muzer | 55 | } else if ($this->isLoggedIn()) { |
471 | muzer | 56 | $this->drawMenuItem('Logout', 'logout-do.php'); |
485 | muzer | 57 | |
58 | if ($this->getLoggedInUser()->username != "cake") { |
||
471 | muzer | 59 | $this->drawMenuItem('You are banned', NULL); |
485 | muzer | 60 | } else { |
472 | tom | 61 | $this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder'); |
485 | muzer | 62 | } |
63 | } else { |
||
297 | freddie | 64 | $this->drawMenuItem('Login', 'login.php'); |
65 | $this->drawMenuItem('Register', 'register.php'); |
||
66 | } |
||
485 | muzer | 67 | |
297 | freddie | 68 | write('<br />'); |
69 | $this->drawnHeader = true; |
||
70 | } |
||
71 | } |
||
72 | |||
485 | muzer | 73 | function drawMenuItem($t, $u) { |
74 | if ($u == NULL) { |
||
471 | muzer | 75 | write('<p style="color:red">' . $t . '</p>'); |
485 | muzer | 76 | } else { |
471 | muzer | 77 | write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>'); |
78 | } |
||
297 | freddie | 79 | } |
80 | |||
81 | function drawMiddle() |
||
82 | { |
||
485 | muzer | 83 | if (!$this->drawnMiddle) { |
297 | freddie | 84 | write('</div>'); |
85 | write('</div>'); |
||
86 | write('<div class="content">'); |
||
483 | muzer | 87 | write('<a href="./"><h2>' . $this->title . '</h2></a>'); |
297 | freddie | 88 | |
89 | $this->drawnMiddle = true; |
||
90 | } |
||
91 | } |
||
92 | |||
93 | function drawFooter() |
||
94 | { |
||
95 | if (!$this->drawnFooter) |
||
96 | { |
||
97 | write('</div>'); |
||
98 | write('</body>'); |
||
99 | write('</html>'); |
||
100 | |||
101 | $this->drawnFooter = true; |
||
102 | } |
||
103 | |||
104 | die(); |
||
105 | } |
||
106 | |||
107 | function drawError($text, $die = true) |
||
108 | { |
||
109 | $this->drawHeader(); |
||
110 | $this->drawMiddle(); |
||
111 | |||
112 | write('<h4 style="color: red;">Error: ' . $text . '</h4>'); |
||
113 | |||
490 | tom | 114 | if ($die) { |
297 | freddie | 115 | $this->drawFooter(); |
116 | die(); |
||
117 | } |
||
118 | } |
||
119 | |||
120 | function drawBlogPostTree($id, $first = false) |
||
121 | { |
||
122 | $post = $this->getBlogPost($id); |
||
123 | if ($first) |
||
124 | { |
||
522 | muzer | 125 | write('<h3><a href="post.php?id=' . $id . '">' . htmlentities($post->title, ENT_QUOTES). '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>'); |
297 | freddie | 126 | } |
127 | else |
||
128 | { |
||
522 | muzer | 129 | write('<a href="post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>'); |
297 | freddie | 130 | } |
522 | muzer | 131 | write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>'); |
297 | freddie | 132 | write('<p>' . $this->replaceBBCode($post->content) . '</p>'); |
133 | |||
134 | if ($this->isUserNormal($this->getLoggedInUser())) |
||
135 | { |
||
136 | echo '<p class="bold"><a href="add-post.php?id=' . $id . '">Add Comment</a>'; |
||
137 | if ($this->isUserAdmin($this->getLoggedInUser()) || $this->getLoggedInUser()->ID == $post->author->ID) |
||
138 | { |
||
139 | echo ' · <a href="edit-post.php?id=' . $id . '">Edit Post</a>'; |
||
140 | echo ' · <a href="del-post.php?id=' . $id . '">Delete Post</a>'; |
||
141 | } |
||
142 | write('</p><br />'); |
||
143 | } |
||
144 | |||
497 | muzer | 145 | $ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id)); |
297 | freddie | 146 | for ($i = 0; $i < count($ids); $i++) |
147 | { |
||
148 | write('<div class="indent">'); |
||
149 | $this->drawBlogPostTree($ids[$i]); |
||
150 | write('</div>'); |
||
151 | } |
||
152 | } |
||
153 | |||
154 | function drawBlogCategoriesMenu() |
||
155 | { |
||
156 | $cats = array(); |
||
157 | |||
158 | $ids = $this->findIDs('BlogPosts', 'WHERE ParentID = -1'); |
||
159 | for ($i = 0; $i < count($ids); $i++) |
||
160 | { |
||
161 | $cat = $this->getBlogPost($ids[$i])->category; |
||
483 | muzer | 162 | if (!in_array($cat, $cats) && ($cat != "Drafts" || $this->isUserGM($this->getLoggedInUser()))) |
297 | freddie | 163 | { |
164 | array_push($cats, $cat); |
||
165 | } |
||
166 | } |
||
167 | |||
168 | write('<h3>Categories</h3>'); |
||
169 | for ($i = 0; $i < count($cats); $i++) |
||
170 | { |
||
522 | muzer | 171 | $this->drawMenuItem(htmlentities($cats[$i], ENT_QUOTES), 'blog/index.php?cat=' . $cats[$i]); |
297 | freddie | 172 | } |
173 | } |
||
174 | |||
175 | function replaceBBCode($str) |
||
176 | { |
||
522 | muzer | 177 | $newstr = htmlentities($str, ENT_QUOTES); |
481 | muzer | 178 | $newstr = str_replace("\n", "<br />", $newstr); |
297 | freddie | 179 | $newstr = str_replace(' ', ' ', $newstr); |
180 | |||
181 | $bbcode = array( |
||
485 | muzer | 182 | '/\[b\](.+?)\[\/b\]/is', |
183 | '/\[i\](.+?)\[\/i\]/is', |
||
184 | '/\[u\](.+?)\[\/u\]/is', |
||
495 | muzer | 185 | '/\[s\](.+?)\[\/s\]/is', |
485 | muzer | 186 | '/\[url\](.+?)\[\/url\]/is', |
486 | muzer | 187 | '/\[w\](.+?)\[\/w\]/is', |
485 | muzer | 188 | '/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is', |
486 | muzer | 189 | '/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is', |
485 | muzer | 190 | '/\[code\](.+?)\[\/code\]/is', |
191 | '/\[img\](.+?)\[\/img\]/is', |
||
192 | '/\[ul\](.+?)\[\/ul\]/is', |
||
193 | '/\[ol\](.+?)\[\/ol\]/is', |
||
194 | '/\[li\](.+?)\[\/li\]/is', |
||
195 | '/\[mono\](.+?)\[\/mono\]/is', |
||
196 | '/\[tcp\](.+?)\[\/tcp\]/is' |
||
297 | freddie | 197 | ); |
198 | |||
199 | $html = array( |
||
485 | muzer | 200 | '<b>$1</b>', |
201 | '<i>$1</i>', |
||
202 | '<u>$1</u>', |
||
495 | muzer | 203 | '<del>$1</del>', |
485 | muzer | 204 | '<a href="$1">$1</a>', |
486 | muzer | 205 | '<a href="/wiki/index.php?page=$1">$1</a>', |
485 | muzer | 206 | '<a href="$1">$2</a>', |
486 | muzer | 207 | '<a href="/wiki/index.php?page=$1">$2</a>', |
485 | muzer | 208 | '</p><div class="code">$1</div><p>', |
209 | '<img src="$1" alt="BBCode-included image" />', |
||
210 | '<ul>$1</ul>', |
||
211 | '<ol>$1</ol>', |
||
212 | '<li>$1</li>', |
||
213 | '<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>', |
||
522 | muzer | 214 | '<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="//tim32.org/timlan/goTCP.png" alt="Open TCP Editor" /></span>' |
297 | freddie | 215 | ); |
216 | |||
217 | $newstr = preg_replace($bbcode, $html, $newstr); |
||
218 | |||
219 | return $newstr; |
||
220 | } |
||
221 | |||
519 | freddie | 222 | function acceptFile($fname) |
223 | { |
||
224 | if (!ALLOW_FILES) |
||
225 | { |
||
521 | freddie | 226 | $this->drawError("This system doesn't allow file uploading."); |
519 | freddie | 227 | return false; |
228 | } |
||
229 | |||
230 | $this->checkLoggedIn(); |
||
231 | if ($this->getLoggedInUser()->accessID >= 2) |
||
232 | { |
||
521 | freddie | 233 | $this->drawError('You do not have permission to access this page.'); |
519 | freddie | 234 | } |
235 | |||
236 | $allowedExts = array("gif", "jpeg", "jpg", "png", "tga"); |
||
237 | $temp = explode(".", $_FILES[$fname]["name"]); |
||
238 | $extension = end($temp); |
||
239 | if ((($_FILES[$fname]["type"] == "image/gif") |
||
240 | || ($_FILES[$fname]["type"] == "image/jpeg") |
||
241 | || ($_FILES[$fname]["type"] == "image/jpg") |
||
242 | || ($_FILES[$fname]["type"] == "image/pjpeg") |
||
243 | || ($_FILES[$fname]["type"] == "image/x-png") |
||
244 | || ($_FILES[$fname]["type"] == "image/png") |
||
520 | freddie | 245 | || ($_FILES[$fname]["type"] == "image/x-targa") |
246 | || ($_FILES[$fname]["type"] == "image/x-tga")) |
||
519 | freddie | 247 | && ($_FILES[$fname]["size"] < 200000) // file size limit (bytes) |
248 | && in_array($extension, $allowedExts)) |
||
249 | { |
||
250 | if ($_FILES[$fname]["error"] > 0) |
||
251 | { |
||
521 | freddie | 252 | $this->drawError("File Upload Error: " . $_FILES[$fname]["error"]); |
519 | freddie | 253 | } |
254 | else |
||
255 | { |
||
256 | $lname = "upload/" . $this->rndString(12) . "." . $extension; |
||
257 | |||
258 | while (file_exists($lname)) |
||
259 | { |
||
260 | $lname = "upload/" . $this->rndString(12) . "." . $extension; |
||
261 | } |
||
262 | |||
521 | freddie | 263 | move_uploaded_file($_FILES[$fname]["tmp_name"], $this->url . $lname); |
264 | return ROOT_PATH . $lname; |
||
519 | freddie | 265 | } |
266 | } |
||
267 | else |
||
268 | { |
||
521 | freddie | 269 | $this->drawError("Invalid file"); |
519 | freddie | 270 | } |
271 | |||
272 | return false; |
||
273 | } |
||
274 | |||
297 | freddie | 275 | function redirect($u) |
276 | { |
||
277 | header('Location: ' . $u); |
||
278 | die(); |
||
279 | } |
||
280 | |||
281 | function isLoggedIn() |
||
282 | { |
||
283 | $cookie = $_COOKIE['Tim32_Login']; |
||
284 | if (!empty($cookie)) |
||
285 | { |
||
286 | $clist = explode('|~|', $cookie); |
||
287 | $user = $this->getUserByUsername($clist[0]); |
||
288 | if ($user) |
||
289 | { |
||
290 | if ($user->password == $clist[1]) |
||
291 | { |
||
292 | return true; |
||
293 | } |
||
294 | } |
||
295 | } |
||
296 | |||
297 | return false; |
||
298 | } |
||
299 | |||
300 | function isUserAdmin() |
||
301 | { |
||
302 | if ($this->isLoggedIn()) |
||
303 | { |
||
304 | if ($this->getLoggedInUser()->accessID <= 0) |
||
305 | { |
||
306 | return true; |
||
307 | } |
||
308 | } |
||
309 | |||
310 | return false; |
||
311 | } |
||
312 | |||
313 | function isUserGM() |
||
314 | { |
||
315 | if ($this->isLoggedIn()) |
||
316 | { |
||
317 | if ($this->getLoggedInUser()->accessID <= 1) |
||
318 | { |
||
319 | return true; |
||
320 | } |
||
321 | } |
||
322 | |||
323 | return false; |
||
324 | } |
||
325 | |||
326 | function isUserNormal() |
||
327 | { |
||
328 | if ($this->isLoggedIn()) |
||
329 | { |
||
330 | if ($this->getLoggedInUser()->accessID <= 2) |
||
331 | { |
||
332 | return true; |
||
333 | } |
||
334 | } |
||
335 | |||
336 | return false; |
||
337 | } |
||
338 | |||
471 | muzer | 339 | function isUserBanned() |
340 | { |
||
341 | if ($this->isLoggedIn()) |
||
342 | { |
||
343 | if ($this->getLoggedInUser()->accessID >= 3) |
||
344 | { |
||
345 | return true; |
||
346 | } |
||
347 | } |
||
348 | |||
349 | return false; |
||
350 | } |
||
351 | |||
384 | tom | 352 | function checkChallengeStatus($challengeID, $previous, $next) |
353 | { |
||
354 | $currentChallengeID = $this->getLoggedInUser()->challengeID; |
||
355 | |||
356 | if (!$this->isLoggedIn()) |
||
357 | { |
||
358 | $this->redirect('index.php'); |
||
359 | } |
||
360 | else if ($currentChallengeID > $challengeID) |
||
361 | { |
||
362 | $this->redirect($next . '.php'); |
||
363 | } |
||
364 | else if ($currentChallengeID < $challengeID) |
||
365 | { |
||
366 | $this->redirect($previous . '.php'); |
||
367 | } |
||
368 | } |
||
369 | |||
297 | freddie | 370 | function checkLoggedIn() |
371 | { |
||
372 | if (!$this->isLoggedIn()) |
||
373 | { |
||
374 | $this->drawError('You need to be logged in.'); |
||
375 | } |
||
376 | } |
||
377 | |||
489 | tom | 378 | function query($query, $args = array()) |
297 | freddie | 379 | { |
487 | tom | 380 | $statement = $this->db->prepare($query); |
381 | if (!$statement->execute($args)) { |
||
382 | $this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo()); |
||
383 | } |
||
384 | |||
385 | return $statement->fetchAll(); |
||
297 | freddie | 386 | } |
387 | |||
490 | tom | 388 | function findIDs($table, $query = '', $args = array()) |
297 | freddie | 389 | { |
390 | $array = array(); |
||
391 | |||
490 | tom | 392 | $results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args); |
487 | tom | 393 | foreach ($results as $row) { |
297 | freddie | 394 | array_push($array, $row['ID']); |
395 | } |
||
396 | |||
397 | return $array; |
||
398 | } |
||
399 | |||
400 | function getUserByID($id) |
||
401 | { |
||
490 | tom | 402 | foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) { |
403 | $user = new User(); |
||
297 | freddie | 404 | $user->ID = $row['ID']; |
405 | $user->accessID = $row['AccessID']; |
||
406 | $user->username = $row['Username']; |
||
407 | $user->password = $row['Password']; |
||
508 | freddie | 408 | $user->salt = $row['Salt']; |
297 | freddie | 409 | $user->emailAddress = $row['EmailAddress']; |
410 | $user->name = $row['Name']; |
||
507 | freddie | 411 | $user->csrftoken = $row['CSRFToken']; |
297 | freddie | 412 | $user->challengeID = $row['ChallengeID']; |
413 | |||
414 | return $user; |
||
415 | } |
||
416 | |||
417 | return false; |
||
418 | } |
||
419 | |||
490 | tom | 420 | function getUserByUsername($username) { |
522 | muzer | 421 | foreach ($this->query("SELECT ID FROM Users WHERE Username = ?", array($username)) as $row) { |
297 | freddie | 422 | return $this->getUserByID($row['ID']); |
423 | } |
||
424 | |||
425 | return false; |
||
426 | } |
||
427 | |||
491 | tom | 428 | function getLoggedInUser() { |
429 | if ($this->isLoggedIn()) { |
||
297 | freddie | 430 | $clist = explode('|~|', $_COOKIE['Tim32_Login']); |
431 | return $this->getUserByUsername($clist[0]); |
||
432 | } |
||
433 | |||
434 | return false; |
||
435 | } |
||
436 | |||
491 | tom | 437 | function getBlogPost($id) { |
438 | foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 439 | $post = new BlogPost; |
440 | $post->ID = $row['ID']; |
||
491 | tom | 441 | |
442 | if ($row['ParentID'] == -1) { |
||
297 | freddie | 443 | $post->parent = -1; |
491 | tom | 444 | } else { |
297 | freddie | 445 | $post->parent = $this->getBlogPost($row['ParentID']); |
446 | } |
||
491 | tom | 447 | |
297 | freddie | 448 | $post->author = $this->getUserByID($row['AuthorID']); |
449 | $post->user = $this->getUserByID($row['AuthorID']); // For some older pages |
||
522 | muzer | 450 | $post->title = $row['Title']; |
451 | $post->content = $row['Content']; |
||
297 | freddie | 452 | $post->datePosted = strtotime($row['DatePosted']); |
453 | $post->category = $row['Category']; |
||
454 | $post->spam = $row['Spam']; |
||
455 | |||
456 | return $post; |
||
457 | } |
||
458 | |||
459 | $this->drawError('Cannot find blog post, #' . $id); |
||
460 | } |
||
461 | |||
491 | tom | 462 | function getProject($id) { |
463 | foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 464 | $project = new Project; |
465 | |||
466 | $project->ID = $row['ID']; |
||
467 | $project->author = $this->getUserByID($row['AuthorID']); |
||
468 | $project->title = $row['Title']; |
||
469 | $project->description = $row['Description']; |
||
470 | $project->logoURL = $row['LogoURL']; |
||
471 | $project->downloadURL = $row['DownloadURL']; |
||
472 | $project->websiteURL = $row['WebsiteURL']; |
||
473 | $project->latestVersion = $row['LatestVersion']; |
||
474 | $project->lastUpdate = strtotime($row['LastUpdate']); |
||
475 | |||
476 | return $project; |
||
477 | } |
||
478 | |||
479 | return false; |
||
480 | } |
||
481 | |||
491 | tom | 482 | function getForumCategory($id) { |
483 | foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 484 | $f = new ForumCategory; |
485 | |||
486 | $f->ID = $row['ID']; |
||
487 | $f->parent = $this->getForumCategory($row['ParentID']); |
||
488 | $f->title = $row['Title']; |
||
489 | $f->description = $row['Description']; |
||
490 | |||
491 | return $f; |
||
492 | } |
||
493 | |||
494 | return false; |
||
495 | } |
||
496 | |||
491 | tom | 497 | function getForumPost($id) { |
498 | foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 499 | $f = new ForumPost; |
500 | |||
501 | $f->ID = $row['ID']; |
||
502 | $f->author = $this->getUserByID($row['AuthorID']); |
||
503 | $f->category = $this->getForumCategory($row['CategoryID']); |
||
504 | $f->parent = $this->getForumPost($row['ParentID']); |
||
505 | $f->title = $row['Title']; |
||
506 | $f->content = $row['Content']; |
||
507 | $f->datePosted = strtotime($row['DatePosted']); |
||
508 | $f->spam = $row['Spam']; |
||
509 | |||
510 | return $f; |
||
511 | } |
||
512 | |||
513 | return false; |
||
514 | } |
||
515 | |||
491 | tom | 516 | function delBlogPost($id) { |
517 | foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) { |
||
518 | $this->delBlogPost($i); |
||
297 | freddie | 519 | } |
491 | tom | 520 | |
521 | $this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
||
297 | freddie | 522 | } |
523 | |||
500 | freddie | 524 | function saltAndBurn($pass, $salt) { |
503 | freddie | 525 | return sha1($salt . $pass); |
500 | freddie | 526 | } |
527 | |||
508 | freddie | 528 | function rndString($len = 8) { |
529 | $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp'; |
||
514 | freddie | 530 | $clen = strlen($chars); |
508 | freddie | 531 | |
532 | $res = ''; |
||
533 | for ($i = $len - 1; $i >= 0; $i--) { |
||
513 | freddie | 534 | $res .= $chars[rand(0, $clen - 1)]; |
508 | freddie | 535 | } |
536 | |||
537 | return $res; |
||
538 | } |
||
539 | |||
510 | freddie | 540 | function getCSRFToken($id) { |
508 | freddie | 541 | $token = $this->rndString(); |
512 | freddie | 542 | $this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
508 | freddie | 543 | return $token; |
544 | } |
||
545 | |||
510 | freddie | 546 | function checkCSRFToken($id, $token) { |
508 | freddie | 547 | $user = $this->getUserByID($id); |
548 | if ($token !== $user->csrftoken) { |
||
549 | die("a death"); |
||
550 | } |
||
551 | |||
510 | freddie | 552 | $this->getCSRFToken($id); // change to something else so we can't re-use it |
508 | freddie | 553 | } |
554 | |||
491 | tom | 555 | function getGetID() { |
297 | freddie | 556 | $id = $_GET['id']; |
491 | tom | 557 | if (empty($id)) { |
297 | freddie | 558 | $id = 1; |
559 | } |
||
560 | |||
561 | return $id; |
||
562 | } |
||
563 | |||
491 | tom | 564 | function getPostID() { |
297 | freddie | 565 | $id = $_POST['id']; |
491 | tom | 566 | if (empty($id)) { |
297 | freddie | 567 | $id = 1; |
568 | } |
||
569 | |||
570 | return $id; |
||
571 | } |
||
572 | |||
573 | } |
||
574 | |||
575 | class User |
||
576 | { |
||
577 | public $ID; |
||
578 | public $accessID; |
||
579 | public $username; |
||
580 | public $password; |
||
508 | freddie | 581 | public $salt; |
297 | freddie | 582 | public $emailAddress; |
583 | public $name; |
||
507 | freddie | 584 | public $csrftoken; |
443 | tom | 585 | |
297 | freddie | 586 | public $challengeID; |
587 | } |
||
588 | |||
589 | class BlogPost |
||
590 | { |
||
591 | public $ID; |
||
592 | public $parent; |
||
593 | public $author; |
||
594 | public $title; |
||
595 | public $content; |
||
596 | public $datePosted; |
||
597 | public $category; |
||
598 | public $spam; |
||
599 | } |
||
600 | |||
601 | class Project |
||
602 | { |
||
603 | public $ID; |
||
604 | public $author; |
||
605 | public $title; |
||
606 | public $description; |
||
426 | tom | 607 | |
434 | tom | 608 | |
297 | freddie | 609 | public $logoURL; |
610 | public $downloadURL; |
||
611 | public $websiteURL; |
||
612 | public $latestVersion; |
||
613 | public $lastUpdate; |
||
614 | } |
||
615 | |||
616 | class ForumCategory |
||
617 | { |
||
618 | public $ID; |
||
619 | public $parent; |
||
620 | public $title; |
||
621 | public $description; |
||
401 | tom | 622 | |
297 | freddie | 623 | } |
624 | |||
625 | class ForumPost |
||
626 | { |
||
627 | public $id; |
||
628 | public $author; |
||
629 | public $category; |
||
630 | public $parent; |
||
631 | public $title; |
||
632 | public $content; |
||
633 | public $datePosted; |
||
634 | public $spam; |
||
635 | } |
||
636 | |||
637 | function write($str) |
||
638 | { |
||
639 | echo $str; |
||
640 | echo "\n"; |
||
641 | } |
||
642 | |||
643 | ?> |