WebSVN - taios - Blame - Rev 523

Rev	Author	Line No.	Line
297	freddie	1	<?php
		2
		3	require '_config.php';
		4
		5	class Taios_Page
		6	{
		7	function __construct($title, $url = "")
		8	{
		9	$this->title = $title;
		10	$this->url = $url;
		11
		12	$this->drawnHeader = false;
		13	$this->drawnMiddle = false;
		14	$this->drawnFooter = false;
		15
487	tom	16	try {
		17	$this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD,
		18	array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" ));
		19	} catch (PDOException $e) {
		20	$this->drawError("Failed to connect to database!");
		21	}
297	freddie	22	}
		23
		24	function drawHeader()
		25	{
		26	if (!$this->drawnHeader)
		27	{
		28	write('<!DOCTYPE html>');
490	tom	29	write('<html lang="en">');
297	freddie	30	write('<head>');
		31	write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">');
523	muzer	32	write('<title>Tim32 · ' . $this->title . '</title>');
490	tom	33	write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />');
463	tom	34	write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />');
522	muzer	35	write('<script type="text/javascript" src="//code.jquery.com/jquery-1.9.0.min.js"></script>');
485	muzer	36	write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>');
297	freddie	37	write('</head>');
		38	write('<body>');
		39	write('<div class="sidebar">');
		40	write('<div class="sidebar-header">');
483	muzer	41	write('<a href="' . $this->url . '"><h1>Tim32</h1></a>');
297	freddie	42	write('</div>');
		43	write('<div class="sidebar-menu">');
		44	$this->drawMenuItem('Home', 'index.php');
		45	$this->drawMenuItem('Blog', 'blog/');
		46	$this->drawMenuItem('Projects', 'projects/');
		47	$this->drawMenuItem('Forums', 'forums/');
		48	$this->drawMenuItem('Wiki', 'wiki/');
		49	$this->drawMenuItem('Photos', 'photos/');
		50	write('<br />');
485	muzer	51
		52	if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) {
297	freddie	53	$this->drawMenuItem('Administration', 'admin/');
		54	$this->drawMenuItem('Logout', 'logout-do.php');
485	muzer	55	} else if ($this->isLoggedIn()) {
471	muzer	56	$this->drawMenuItem('Logout', 'logout-do.php');
485	muzer	57
		58	if ($this->getLoggedInUser()->username != "cake") {
471	muzer	59	$this->drawMenuItem('You are banned', NULL);
485	muzer	60	} else {
472	tom	61	$this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder');
485	muzer	62	}
		63	} else {
297	freddie	64	$this->drawMenuItem('Login', 'login.php');
		65	$this->drawMenuItem('Register', 'register.php');
		66	}
485	muzer	67
297	freddie	68	write('<br />');
		69	$this->drawnHeader = true;
		70	}
		71	}
		72
485	muzer	73	function drawMenuItem($t, $u) {
		74	if ($u == NULL) {
471	muzer	75	write('<p style="color:red">' . $t . '</p>');
485	muzer	76	} else {
471	muzer	77	write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>');
		78	}
297	freddie	79	}
		80
		81	function drawMiddle()
		82	{
485	muzer	83	if (!$this->drawnMiddle) {
297	freddie	84	write('</div>');
		85	write('</div>');
		86	write('<div class="content">');
483	muzer	87	write('<a href="./"><h2>' . $this->title . '</h2></a>');
297	freddie	88
		89	$this->drawnMiddle = true;
		90	}
		91	}
		92
		93	function drawFooter()
		94	{
		95	if (!$this->drawnFooter)
		96	{
		97	write('</div>');
		98	write('</body>');
		99	write('</html>');
		100
		101	$this->drawnFooter = true;
		102	}
		103
		104	die();
		105	}
		106
		107	function drawError($text, $die = true)
		108	{
		109	$this->drawHeader();
		110	$this->drawMiddle();
		111
		112	write('<h4 style="color: red;">Error: ' . $text . '</h4>');
		113
490	tom	114	if ($die) {
297	freddie	115	$this->drawFooter();
		116	die();
		117	}
		118	}
		119
		120	function drawBlogPostTree($id, $first = false)
		121	{
		122	$post = $this->getBlogPost($id);
		123	if ($first)
		124	{
522	muzer	125	write('<h3><a href="post.php?id=' . $id . '">' . htmlentities($post->title, ENT_QUOTES). '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>');
297	freddie	126	}
		127	else
		128	{
522	muzer	129	write('<a href="post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>');
297	freddie	130	}
522	muzer	131	write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>');
297	freddie	132	write('<p>' . $this->replaceBBCode($post->content) . '</p>');
		133
		134	if ($this->isUserNormal($this->getLoggedInUser()))
		135	{
		136	echo '<p class="bold"><a href="add-post.php?id=' . $id . '">Add Comment</a>';
		137	if ($this->isUserAdmin($this->getLoggedInUser()) \|\| $this->getLoggedInUser()->ID == $post->author->ID)
		138	{
		139	echo '   &middot   <a href="edit-post.php?id=' . $id . '">Edit Post</a>';
		140	echo '   &middot   <a href="del-post.php?id=' . $id . '">Delete Post</a>';
		141	}
		142	write('</p><br />');
		143	}
		144
497	muzer	145	$ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id));
297	freddie	146	for ($i = 0; $i < count($ids); $i++)
		147	{
		148	write('<div class="indent">');
		149	$this->drawBlogPostTree($ids[$i]);
		150	write('</div>');
		151	}
		152	}
		153
		154	function drawBlogCategoriesMenu()
		155	{
		156	$cats = array();
		157
		158	$ids = $this->findIDs('BlogPosts', 'WHERE ParentID = -1');
		159	for ($i = 0; $i < count($ids); $i++)
		160	{
		161	$cat = $this->getBlogPost($ids[$i])->category;
483	muzer	162	if (!in_array($cat, $cats) && ($cat != "Drafts" \|\| $this->isUserGM($this->getLoggedInUser())))
297	freddie	163	{
		164	array_push($cats, $cat);
		165	}
		166	}
		167
		168	write('<h3>Categories</h3>');
		169	for ($i = 0; $i < count($cats); $i++)
		170	{
522	muzer	171	$this->drawMenuItem(htmlentities($cats[$i], ENT_QUOTES), 'blog/index.php?cat=' . $cats[$i]);
297	freddie	172	}
		173	}
		174
		175	function replaceBBCode($str)
		176	{
522	muzer	177	$newstr = htmlentities($str, ENT_QUOTES);
481	muzer	178	$newstr = str_replace("\n", "<br />", $newstr);
297	freddie	179	$newstr = str_replace(' ', '  ', $newstr);
		180
		181	$bbcode = array(
485	muzer	182	'/\[b\](.+?)\[\/b\]/is',
		183	'/\[i\](.+?)\[\/i\]/is',
		184	'/\[u\](.+?)\[\/u\]/is',
495	muzer	185	'/\[s\](.+?)\[\/s\]/is',
485	muzer	186	'/\[url\](.+?)\[\/url\]/is',
486	muzer	187	'/\[w\](.+?)\[\/w\]/is',
485	muzer	188	'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is',
486	muzer	189	'/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is',
485	muzer	190	'/\[code\](.+?)\[\/code\]/is',
		191	'/\[img\](.+?)\[\/img\]/is',
		192	'/\[ul\](.+?)\[\/ul\]/is',
		193	'/\[ol\](.+?)\[\/ol\]/is',
		194	'/\[li\](.+?)\[\/li\]/is',
		195	'/\[mono\](.+?)\[\/mono\]/is',
		196	'/\[tcp\](.+?)\[\/tcp\]/is'
297	freddie	197	);
		198
		199	$html = array(
485	muzer	200	'<b>$1</b>',
		201	'<i>$1</i>',
		202	'<u>$1</u>',
495	muzer	203	'<del>$1</del>',
485	muzer	204	'<a href="$1">$1</a>',
486	muzer	205	'<a href="/wiki/index.php?page=$1">$1</a>',
485	muzer	206	'<a href="$1">$2</a>',
486	muzer	207	'<a href="/wiki/index.php?page=$1">$2</a>',
485	muzer	208	'</p><div class="code">$1</div><p>',
		209	'<img src="$1" alt="BBCode-included image" />',
		210	'<ul>$1</ul>',
		211	'<ol>$1</ol>',
		212	'<li>$1</li>',
		213	'<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>',
522	muzer	214	'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="//tim32.org/timlan/goTCP.png" alt="Open TCP Editor" /></span>'
297	freddie	215	);
		216
		217	$newstr = preg_replace($bbcode, $html, $newstr);
		218
		219	return $newstr;
		220	}
		221
519	freddie	222	function acceptFile($fname)
		223	{
		224	if (!ALLOW_FILES)
		225	{
521	freddie	226	$this->drawError("This system doesn't allow file uploading.");
519	freddie	227	return false;
		228	}
		229
		230	$this->checkLoggedIn();
		231	if ($this->getLoggedInUser()->accessID >= 2)
		232	{
521	freddie	233	$this->drawError('You do not have permission to access this page.');
519	freddie	234	}
		235
		236	$allowedExts = array("gif", "jpeg", "jpg", "png", "tga");
		237	$temp = explode(".", $_FILES[$fname]["name"]);
		238	$extension = end($temp);
		239	if ((($_FILES[$fname]["type"] == "image/gif")
		240	\|\| ($_FILES[$fname]["type"] == "image/jpeg")
		241	\|\| ($_FILES[$fname]["type"] == "image/jpg")
		242	\|\| ($_FILES[$fname]["type"] == "image/pjpeg")
		243	\|\| ($_FILES[$fname]["type"] == "image/x-png")
		244	\|\| ($_FILES[$fname]["type"] == "image/png")
520	freddie	245	\|\| ($_FILES[$fname]["type"] == "image/x-targa")
		246	\|\| ($_FILES[$fname]["type"] == "image/x-tga"))
519	freddie	247	&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes)
		248	&& in_array($extension, $allowedExts))
		249	{
		250	if ($_FILES[$fname]["error"] > 0)
		251	{
521	freddie	252	$this->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
519	freddie	253	}
		254	else
		255	{
		256	$lname = "upload/" . $this->rndString(12) . "." . $extension;
		257
		258	while (file_exists($lname))
		259	{
		260	$lname = "upload/" . $this->rndString(12) . "." . $extension;
		261	}
		262
521	freddie	263	move_uploaded_file($_FILES[$fname]["tmp_name"], $this->url . $lname);
		264	return ROOT_PATH . $lname;
519	freddie	265	}
		266	}
		267	else
		268	{
521	freddie	269	$this->drawError("Invalid file");
519	freddie	270	}
		271
		272	return false;
		273	}
		274
297	freddie	275	function redirect($u)
		276	{
		277	header('Location: ' . $u);
		278	die();
		279	}
		280
		281	function isLoggedIn()
		282	{
		283	$cookie = $_COOKIE['Tim32_Login'];
		284	if (!empty($cookie))
		285	{
		286	$clist = explode('\|~\|', $cookie);
		287	$user = $this->getUserByUsername($clist[0]);
		288	if ($user)
		289	{
		290	if ($user->password == $clist[1])
		291	{
		292	return true;
		293	}
		294	}
		295	}
		296
		297	return false;
		298	}
		299
		300	function isUserAdmin()
		301	{
		302	if ($this->isLoggedIn())
		303	{
		304	if ($this->getLoggedInUser()->accessID <= 0)
		305	{
		306	return true;
		307	}
		308	}
		309
		310	return false;
		311	}
		312
		313	function isUserGM()
		314	{
		315	if ($this->isLoggedIn())
		316	{
		317	if ($this->getLoggedInUser()->accessID <= 1)
		318	{
		319	return true;
		320	}
		321	}
		322
		323	return false;
		324	}
		325
		326	function isUserNormal()
		327	{
		328	if ($this->isLoggedIn())
		329	{
		330	if ($this->getLoggedInUser()->accessID <= 2)
		331	{
		332	return true;
		333	}
		334	}
		335
		336	return false;
		337	}
		338
471	muzer	339	function isUserBanned()
		340	{
		341	if ($this->isLoggedIn())
		342	{
		343	if ($this->getLoggedInUser()->accessID >= 3)
		344	{
		345	return true;
		346	}
		347	}
		348
		349	return false;
		350	}
		351
384	tom	352	function checkChallengeStatus($challengeID, $previous, $next)
		353	{
		354	$currentChallengeID = $this->getLoggedInUser()->challengeID;
		355
		356	if (!$this->isLoggedIn())
		357	{
		358	$this->redirect('index.php');
		359	}
		360	else if ($currentChallengeID > $challengeID)
		361	{
		362	$this->redirect($next . '.php');
		363	}
		364	else if ($currentChallengeID < $challengeID)
		365	{
		366	$this->redirect($previous . '.php');
		367	}
		368	}
		369
297	freddie	370	function checkLoggedIn()
		371	{
		372	if (!$this->isLoggedIn())
		373	{
		374	$this->drawError('You need to be logged in.');
		375	}
		376	}
		377
489	tom	378	function query($query, $args = array())
297	freddie	379	{
487	tom	380	$statement = $this->db->prepare($query);
		381	if (!$statement->execute($args)) {
		382	$this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo());
		383	}
		384
		385	return $statement->fetchAll();
297	freddie	386	}
		387
490	tom	388	function findIDs($table, $query = '', $args = array())
297	freddie	389	{
		390	$array = array();
		391
490	tom	392	$results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args);
487	tom	393	foreach ($results as $row) {
297	freddie	394	array_push($array, $row['ID']);
		395	}
		396
		397	return $array;
		398	}
		399
		400	function getUserByID($id)
		401	{
490	tom	402	foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) {
		403	$user = new User();
297	freddie	404	$user->ID = $row['ID'];
		405	$user->accessID = $row['AccessID'];
		406	$user->username = $row['Username'];
		407	$user->password = $row['Password'];
508	freddie	408	$user->salt = $row['Salt'];
297	freddie	409	$user->emailAddress = $row['EmailAddress'];
		410	$user->name = $row['Name'];
507	freddie	411	$user->csrftoken = $row['CSRFToken'];
297	freddie	412	$user->challengeID = $row['ChallengeID'];
		413
		414	return $user;
		415	}
		416
		417	return false;
		418	}
		419
490	tom	420	function getUserByUsername($username) {
522	muzer	421	foreach ($this->query("SELECT ID FROM Users WHERE Username = ?", array($username)) as $row) {
297	freddie	422	return $this->getUserByID($row['ID']);
		423	}
		424
		425	return false;
		426	}
		427
491	tom	428	function getLoggedInUser() {
		429	if ($this->isLoggedIn()) {
297	freddie	430	$clist = explode('\|~\|', $_COOKIE['Tim32_Login']);
		431	return $this->getUserByUsername($clist[0]);
		432	}
		433
		434	return false;
		435	}
		436
491	tom	437	function getBlogPost($id) {
		438	foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) {
297	freddie	439	$post = new BlogPost;
		440	$post->ID = $row['ID'];
491	tom	441
		442	if ($row['ParentID'] == -1) {
297	freddie	443	$post->parent = -1;
491	tom	444	} else {
297	freddie	445	$post->parent = $this->getBlogPost($row['ParentID']);
		446	}
491	tom	447
297	freddie	448	$post->author = $this->getUserByID($row['AuthorID']);
		449	$post->user = $this->getUserByID($row['AuthorID']); // For some older pages
522	muzer	450	$post->title = $row['Title'];
		451	$post->content = $row['Content'];
297	freddie	452	$post->datePosted = strtotime($row['DatePosted']);
		453	$post->category = $row['Category'];
		454	$post->spam = $row['Spam'];
		455
		456	return $post;
		457	}
		458
		459	$this->drawError('Cannot find blog post, #' . $id);
		460	}
		461
491	tom	462	function getProject($id) {
		463	foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) {
297	freddie	464	$project = new Project;
		465
		466	$project->ID = $row['ID'];
		467	$project->author = $this->getUserByID($row['AuthorID']);
		468	$project->title = $row['Title'];
		469	$project->description = $row['Description'];
		470	$project->logoURL = $row['LogoURL'];
		471	$project->downloadURL = $row['DownloadURL'];
		472	$project->websiteURL = $row['WebsiteURL'];
		473	$project->latestVersion = $row['LatestVersion'];
		474	$project->lastUpdate = strtotime($row['LastUpdate']);
		475
		476	return $project;
		477	}
		478
		479	return false;
		480	}
		481
491	tom	482	function getForumCategory($id) {
		483	foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) {
297	freddie	484	$f = new ForumCategory;
		485
		486	$f->ID = $row['ID'];
		487	$f->parent = $this->getForumCategory($row['ParentID']);
		488	$f->title = $row['Title'];
		489	$f->description = $row['Description'];
		490
		491	return $f;
		492	}
		493
		494	return false;
		495	}
		496
491	tom	497	function getForumPost($id) {
		498	foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) {
297	freddie	499	$f = new ForumPost;
		500
		501	$f->ID = $row['ID'];
		502	$f->author = $this->getUserByID($row['AuthorID']);
		503	$f->category = $this->getForumCategory($row['CategoryID']);
		504	$f->parent = $this->getForumPost($row['ParentID']);
		505	$f->title = $row['Title'];
		506	$f->content = $row['Content'];
		507	$f->datePosted = strtotime($row['DatePosted']);
		508	$f->spam = $row['Spam'];
		509
		510	return $f;
		511	}
		512
		513	return false;
		514	}
		515
491	tom	516	function delBlogPost($id) {
		517	foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) {
		518	$this->delBlogPost($i);
297	freddie	519	}
491	tom	520
		521	$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id));
297	freddie	522	}
		523
500	freddie	524	function saltAndBurn($pass, $salt) {
503	freddie	525	return sha1($salt . $pass);
500	freddie	526	}
		527
508	freddie	528	function rndString($len = 8) {
		529	$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
514	freddie	530	$clen = strlen($chars);
508	freddie	531
		532	$res = '';
		533	for ($i = $len - 1; $i >= 0; $i--) {
513	freddie	534	$res .= $chars[rand(0, $clen - 1)];
508	freddie	535	}
		536
		537	return $res;
		538	}
		539
510	freddie	540	function getCSRFToken($id) {
508	freddie	541	$token = $this->rndString();
512	freddie	542	$this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id));
508	freddie	543	return $token;
		544	}
		545
510	freddie	546	function checkCSRFToken($id, $token) {
508	freddie	547	$user = $this->getUserByID($id);
		548	if ($token !== $user->csrftoken) {
		549	die("a death");
		550	}
		551
510	freddie	552	$this->getCSRFToken($id); // change to something else so we can't re-use it
508	freddie	553	}
		554
491	tom	555	function getGetID() {
297	freddie	556	$id = $_GET['id'];
491	tom	557	if (empty($id)) {
297	freddie	558	$id = 1;
		559	}
		560
		561	return $id;
		562	}
		563
491	tom	564	function getPostID() {
297	freddie	565	$id = $_POST['id'];
491	tom	566	if (empty($id)) {
297	freddie	567	$id = 1;
		568	}
		569
		570	return $id;
		571	}
		572
		573	}
		574
		575	class User
		576	{
		577	public $ID;
		578	public $accessID;
		579	public $username;
		580	public $password;
508	freddie	581	public $salt;
297	freddie	582	public $emailAddress;
		583	public $name;
507	freddie	584	public $csrftoken;
443	tom	585
297	freddie	586	public $challengeID;
		587	}
		588
		589	class BlogPost
		590	{
		591	public $ID;
		592	public $parent;
		593	public $author;
		594	public $title;
		595	public $content;
		596	public $datePosted;
		597	public $category;
		598	public $spam;
		599	}
		600
		601	class Project
		602	{
		603	public $ID;
		604	public $author;
		605	public $title;
		606	public $description;
426	tom	607
434	tom	608
297	freddie	609	public $logoURL;
		610	public $downloadURL;
		611	public $websiteURL;
		612	public $latestVersion;
		613	public $lastUpdate;
		614	}
		615
		616	class ForumCategory
		617	{
		618	public $ID;
		619	public $parent;
		620	public $title;
		621	public $description;
401	tom	622
297	freddie	623	}
		624
		625	class ForumPost
		626	{
		627	public $id;
		628	public $author;
		629	public $category;
		630	public $parent;
		631	public $title;
		632	public $content;
		633	public $datePosted;
		634	public $spam;
		635	}
		636
		637	function write($str)
		638	{
		639	echo $str;
		640	echo "\n";
		641	}
		642
		643	?>

Subversion Repositories taios

(root)/_taios.php @ 92 - Rev 523