Rev 514 | Rev 520 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
297 | freddie | 1 | <?php |
2 | |||
3 | require '_config.php'; |
||
4 | |||
5 | class Taios_Page |
||
6 | { |
||
7 | function __construct($title, $url = "") |
||
8 | { |
||
9 | $this->title = $title; |
||
10 | $this->url = $url; |
||
11 | |||
12 | $this->drawnHeader = false; |
||
13 | $this->drawnMiddle = false; |
||
14 | $this->drawnFooter = false; |
||
15 | |||
487 | tom | 16 | try { |
17 | $this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, |
||
18 | array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" )); |
||
19 | } catch (PDOException $e) { |
||
20 | $this->drawError("Failed to connect to database!"); |
||
21 | } |
||
297 | freddie | 22 | } |
23 | |||
24 | function drawHeader() |
||
25 | { |
||
26 | if (!$this->drawnHeader) |
||
27 | { |
||
28 | write('<!DOCTYPE html>'); |
||
490 | tom | 29 | write('<html lang="en">'); |
297 | freddie | 30 | write('<head>'); |
31 | write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">'); |
||
32 | write('<title>Tim32 · ' . $this->title . '</title>'); |
||
490 | tom | 33 | write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />'); |
463 | tom | 34 | write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />'); |
485 | muzer | 35 | write('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>'); |
36 | write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>'); |
||
297 | freddie | 37 | write('</head>'); |
38 | write('<body>'); |
||
39 | write('<div class="sidebar">'); |
||
40 | write('<div class="sidebar-header">'); |
||
483 | muzer | 41 | write('<a href="' . $this->url . '"><h1>Tim32</h1></a>'); |
297 | freddie | 42 | write('</div>'); |
43 | write('<div class="sidebar-menu">'); |
||
44 | $this->drawMenuItem('Home', 'index.php'); |
||
45 | $this->drawMenuItem('Blog', 'blog/'); |
||
46 | $this->drawMenuItem('Projects', 'projects/'); |
||
47 | $this->drawMenuItem('Forums', 'forums/'); |
||
48 | $this->drawMenuItem('Wiki', 'wiki/'); |
||
49 | $this->drawMenuItem('Photos', 'photos/'); |
||
50 | write('<br />'); |
||
485 | muzer | 51 | |
52 | if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) { |
||
297 | freddie | 53 | $this->drawMenuItem('Administration', 'admin/'); |
54 | $this->drawMenuItem('Logout', 'logout-do.php'); |
||
485 | muzer | 55 | } else if ($this->isLoggedIn()) { |
471 | muzer | 56 | $this->drawMenuItem('Logout', 'logout-do.php'); |
485 | muzer | 57 | |
58 | if ($this->getLoggedInUser()->username != "cake") { |
||
471 | muzer | 59 | $this->drawMenuItem('You are banned', NULL); |
485 | muzer | 60 | } else { |
472 | tom | 61 | $this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder'); |
485 | muzer | 62 | } |
63 | } else { |
||
297 | freddie | 64 | $this->drawMenuItem('Login', 'login.php'); |
65 | $this->drawMenuItem('Register', 'register.php'); |
||
66 | } |
||
485 | muzer | 67 | |
297 | freddie | 68 | write('<br />'); |
69 | $this->drawnHeader = true; |
||
70 | } |
||
71 | } |
||
72 | |||
485 | muzer | 73 | function drawMenuItem($t, $u) { |
74 | if ($u == NULL) { |
||
471 | muzer | 75 | write('<p style="color:red">' . $t . '</p>'); |
485 | muzer | 76 | } else { |
471 | muzer | 77 | write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>'); |
78 | } |
||
297 | freddie | 79 | } |
80 | |||
81 | function drawMiddle() |
||
82 | { |
||
485 | muzer | 83 | if (!$this->drawnMiddle) { |
297 | freddie | 84 | write('</div>'); |
85 | write('</div>'); |
||
86 | write('<div class="content">'); |
||
483 | muzer | 87 | write('<a href="./"><h2>' . $this->title . '</h2></a>'); |
297 | freddie | 88 | |
89 | $this->drawnMiddle = true; |
||
90 | } |
||
91 | } |
||
92 | |||
93 | function drawFooter() |
||
94 | { |
||
95 | if (!$this->drawnFooter) |
||
96 | { |
||
97 | write('</div>'); |
||
98 | write('</body>'); |
||
99 | write('</html>'); |
||
100 | |||
101 | $this->drawnFooter = true; |
||
102 | } |
||
103 | |||
104 | die(); |
||
105 | } |
||
106 | |||
107 | function drawError($text, $die = true) |
||
108 | { |
||
109 | $this->drawHeader(); |
||
110 | $this->drawMiddle(); |
||
111 | |||
112 | write('<h4 style="color: red;">Error: ' . $text . '</h4>'); |
||
113 | |||
490 | tom | 114 | if ($die) { |
297 | freddie | 115 | $this->drawFooter(); |
116 | die(); |
||
117 | } |
||
118 | } |
||
119 | |||
120 | function drawBlogPostTree($id, $first = false) |
||
121 | { |
||
122 | $post = $this->getBlogPost($id); |
||
123 | if ($first) |
||
124 | { |
||
125 | write('<h3><a href="post.php?id=' . $id . '">' . $post->title. '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>'); |
||
126 | } |
||
127 | else |
||
128 | { |
||
129 | write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
||
130 | } |
||
131 | write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
||
132 | write('<p>' . $this->replaceBBCode($post->content) . '</p>'); |
||
133 | |||
134 | if ($this->isUserNormal($this->getLoggedInUser())) |
||
135 | { |
||
136 | echo '<p class="bold"><a href="add-post.php?id=' . $id . '">Add Comment</a>'; |
||
137 | if ($this->isUserAdmin($this->getLoggedInUser()) || $this->getLoggedInUser()->ID == $post->author->ID) |
||
138 | { |
||
139 | echo ' · <a href="edit-post.php?id=' . $id . '">Edit Post</a>'; |
||
140 | echo ' · <a href="del-post.php?id=' . $id . '">Delete Post</a>'; |
||
141 | } |
||
142 | write('</p><br />'); |
||
143 | } |
||
144 | |||
497 | muzer | 145 | $ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id)); |
297 | freddie | 146 | for ($i = 0; $i < count($ids); $i++) |
147 | { |
||
148 | write('<div class="indent">'); |
||
149 | $this->drawBlogPostTree($ids[$i]); |
||
150 | write('</div>'); |
||
151 | } |
||
152 | } |
||
153 | |||
154 | function drawBlogCategoriesMenu() |
||
155 | { |
||
156 | $cats = array(); |
||
157 | |||
158 | $ids = $this->findIDs('BlogPosts', 'WHERE ParentID = -1'); |
||
159 | for ($i = 0; $i < count($ids); $i++) |
||
160 | { |
||
161 | $cat = $this->getBlogPost($ids[$i])->category; |
||
483 | muzer | 162 | if (!in_array($cat, $cats) && ($cat != "Drafts" || $this->isUserGM($this->getLoggedInUser()))) |
297 | freddie | 163 | { |
164 | array_push($cats, $cat); |
||
165 | } |
||
166 | } |
||
167 | |||
168 | write('<h3>Categories</h3>'); |
||
169 | for ($i = 0; $i < count($cats); $i++) |
||
170 | { |
||
171 | $this->drawMenuItem($cats[$i], 'blog/index.php?cat=' . $cats[$i]); |
||
172 | } |
||
173 | } |
||
174 | |||
175 | function replaceBBCode($str) |
||
176 | { |
||
437 | tom | 177 | $newstr = $str; |
484 | muzer | 178 | $newstr = str_replace("<", "<", $newstr); |
179 | $newstr = str_replace(">", ">", $newstr); |
||
481 | muzer | 180 | $newstr = str_replace("\n", "<br />", $newstr); |
362 | tom | 181 | $newstr = str_replace("\\'", "'", $newstr); |
182 | $newstr = str_replace("\\\"",'"', $newstr); |
||
297 | freddie | 183 | $newstr = str_replace(' ', ' ', $newstr); |
184 | |||
185 | $bbcode = array( |
||
485 | muzer | 186 | '/\[b\](.+?)\[\/b\]/is', |
187 | '/\[i\](.+?)\[\/i\]/is', |
||
188 | '/\[u\](.+?)\[\/u\]/is', |
||
495 | muzer | 189 | '/\[s\](.+?)\[\/s\]/is', |
485 | muzer | 190 | '/\[url\](.+?)\[\/url\]/is', |
486 | muzer | 191 | '/\[w\](.+?)\[\/w\]/is', |
485 | muzer | 192 | '/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is', |
486 | muzer | 193 | '/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is', |
485 | muzer | 194 | '/\[code\](.+?)\[\/code\]/is', |
195 | '/\[img\](.+?)\[\/img\]/is', |
||
196 | '/\[ul\](.+?)\[\/ul\]/is', |
||
197 | '/\[ol\](.+?)\[\/ol\]/is', |
||
198 | '/\[li\](.+?)\[\/li\]/is', |
||
199 | '/\[mono\](.+?)\[\/mono\]/is', |
||
200 | '/\[tcp\](.+?)\[\/tcp\]/is' |
||
297 | freddie | 201 | ); |
202 | |||
203 | $html = array( |
||
485 | muzer | 204 | '<b>$1</b>', |
205 | '<i>$1</i>', |
||
206 | '<u>$1</u>', |
||
495 | muzer | 207 | '<del>$1</del>', |
485 | muzer | 208 | '<a href="$1">$1</a>', |
486 | muzer | 209 | '<a href="/wiki/index.php?page=$1">$1</a>', |
485 | muzer | 210 | '<a href="$1">$2</a>', |
486 | muzer | 211 | '<a href="/wiki/index.php?page=$1">$2</a>', |
485 | muzer | 212 | '</p><div class="code">$1</div><p>', |
213 | '<img src="$1" alt="BBCode-included image" />', |
||
214 | '<ul>$1</ul>', |
||
215 | '<ol>$1</ol>', |
||
216 | '<li>$1</li>', |
||
217 | '<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>', |
||
218 | '<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="http://tim32.org/~freddie/timlan/goTCP.png" alt="Open TCP Editor" /></span>' |
||
297 | freddie | 219 | ); |
220 | |||
221 | $newstr = preg_replace($bbcode, $html, $newstr); |
||
222 | |||
223 | return $newstr; |
||
224 | } |
||
225 | |||
519 | freddie | 226 | function acceptFile($fname) |
227 | { |
||
228 | if (!ALLOW_FILES) |
||
229 | { |
||
230 | $page->drawError("This system doesn't allow file uploading."); |
||
231 | return false; |
||
232 | } |
||
233 | |||
234 | $this->checkLoggedIn(); |
||
235 | if ($this->getLoggedInUser()->accessID >= 2) |
||
236 | { |
||
237 | $page->drawError('You do not have permission to access this page.'); |
||
238 | } |
||
239 | |||
240 | $allowedExts = array("gif", "jpeg", "jpg", "png", "tga"); |
||
241 | $temp = explode(".", $_FILES[$fname]["name"]); |
||
242 | $extension = end($temp); |
||
243 | if ((($_FILES[$fname]["type"] == "image/gif") |
||
244 | || ($_FILES[$fname]["type"] == "image/jpeg") |
||
245 | || ($_FILES[$fname]["type"] == "image/jpg") |
||
246 | || ($_FILES[$fname]["type"] == "image/pjpeg") |
||
247 | || ($_FILES[$fname]["type"] == "image/x-png") |
||
248 | || ($_FILES[$fname]["type"] == "image/png") |
||
249 | || ($_FILES[$fname]["type"] == "image/tga")) |
||
250 | && ($_FILES[$fname]["size"] < 200000) // file size limit (bytes) |
||
251 | && in_array($extension, $allowedExts)) |
||
252 | { |
||
253 | if ($_FILES[$fname]["error"] > 0) |
||
254 | { |
||
255 | $page->drawError("File Upload Error: " . $_FILES[$fname]["error"]); |
||
256 | } |
||
257 | else |
||
258 | { |
||
259 | $lname = "upload/" . $this->rndString(12) . "." . $extension; |
||
260 | |||
261 | while (file_exists($lname)) |
||
262 | { |
||
263 | $lname = "upload/" . $this->rndString(12) . "." . $extension; |
||
264 | } |
||
265 | |||
266 | move_uploaded_file($_FILES[$fname]["tmp_name"], $lname); |
||
267 | return $lname; |
||
268 | } |
||
269 | } |
||
270 | else |
||
271 | { |
||
272 | $page->drawError("Invalid file"); |
||
273 | } |
||
274 | |||
275 | return false; |
||
276 | } |
||
277 | |||
297 | freddie | 278 | function redirect($u) |
279 | { |
||
280 | header('Location: ' . $u); |
||
281 | die(); |
||
282 | } |
||
283 | |||
284 | function isLoggedIn() |
||
285 | { |
||
286 | $cookie = $_COOKIE['Tim32_Login']; |
||
287 | if (!empty($cookie)) |
||
288 | { |
||
289 | $clist = explode('|~|', $cookie); |
||
290 | $user = $this->getUserByUsername($clist[0]); |
||
291 | if ($user) |
||
292 | { |
||
293 | if ($user->password == $clist[1]) |
||
294 | { |
||
295 | return true; |
||
296 | } |
||
297 | } |
||
298 | } |
||
299 | |||
300 | return false; |
||
301 | } |
||
302 | |||
303 | function isUserAdmin() |
||
304 | { |
||
305 | if ($this->isLoggedIn()) |
||
306 | { |
||
307 | if ($this->getLoggedInUser()->accessID <= 0) |
||
308 | { |
||
309 | return true; |
||
310 | } |
||
311 | } |
||
312 | |||
313 | return false; |
||
314 | } |
||
315 | |||
316 | function isUserGM() |
||
317 | { |
||
318 | if ($this->isLoggedIn()) |
||
319 | { |
||
320 | if ($this->getLoggedInUser()->accessID <= 1) |
||
321 | { |
||
322 | return true; |
||
323 | } |
||
324 | } |
||
325 | |||
326 | return false; |
||
327 | } |
||
328 | |||
329 | function isUserNormal() |
||
330 | { |
||
331 | if ($this->isLoggedIn()) |
||
332 | { |
||
333 | if ($this->getLoggedInUser()->accessID <= 2) |
||
334 | { |
||
335 | return true; |
||
336 | } |
||
337 | } |
||
338 | |||
339 | return false; |
||
340 | } |
||
341 | |||
471 | muzer | 342 | function isUserBanned() |
343 | { |
||
344 | if ($this->isLoggedIn()) |
||
345 | { |
||
346 | if ($this->getLoggedInUser()->accessID >= 3) |
||
347 | { |
||
348 | return true; |
||
349 | } |
||
350 | } |
||
351 | |||
352 | return false; |
||
353 | } |
||
354 | |||
384 | tom | 355 | function checkChallengeStatus($challengeID, $previous, $next) |
356 | { |
||
357 | $currentChallengeID = $this->getLoggedInUser()->challengeID; |
||
358 | |||
359 | if (!$this->isLoggedIn()) |
||
360 | { |
||
361 | $this->redirect('index.php'); |
||
362 | } |
||
363 | else if ($currentChallengeID > $challengeID) |
||
364 | { |
||
365 | $this->redirect($next . '.php'); |
||
366 | } |
||
367 | else if ($currentChallengeID < $challengeID) |
||
368 | { |
||
369 | $this->redirect($previous . '.php'); |
||
370 | } |
||
371 | } |
||
372 | |||
297 | freddie | 373 | function checkLoggedIn() |
374 | { |
||
375 | if (!$this->isLoggedIn()) |
||
376 | { |
||
377 | $this->drawError('You need to be logged in.'); |
||
378 | } |
||
379 | } |
||
380 | |||
489 | tom | 381 | function query($query, $args = array()) |
297 | freddie | 382 | { |
487 | tom | 383 | $statement = $this->db->prepare($query); |
384 | if (!$statement->execute($args)) { |
||
385 | $this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo()); |
||
386 | } |
||
387 | |||
388 | return $statement->fetchAll(); |
||
297 | freddie | 389 | } |
390 | |||
490 | tom | 391 | function findIDs($table, $query = '', $args = array()) |
297 | freddie | 392 | { |
393 | $array = array(); |
||
394 | |||
490 | tom | 395 | $results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args); |
487 | tom | 396 | foreach ($results as $row) { |
297 | freddie | 397 | array_push($array, $row['ID']); |
398 | } |
||
399 | |||
400 | return $array; |
||
401 | } |
||
402 | |||
403 | function getUserByID($id) |
||
404 | { |
||
490 | tom | 405 | foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) { |
406 | $user = new User(); |
||
297 | freddie | 407 | $user->ID = $row['ID']; |
408 | $user->accessID = $row['AccessID']; |
||
409 | $user->username = $row['Username']; |
||
410 | $user->password = $row['Password']; |
||
508 | freddie | 411 | $user->salt = $row['Salt']; |
297 | freddie | 412 | $user->emailAddress = $row['EmailAddress']; |
413 | $user->name = $row['Name']; |
||
507 | freddie | 414 | $user->csrftoken = $row['CSRFToken']; |
297 | freddie | 415 | $user->challengeID = $row['ChallengeID']; |
416 | |||
417 | return $user; |
||
418 | } |
||
419 | |||
420 | return false; |
||
421 | } |
||
422 | |||
490 | tom | 423 | function getUserByUsername($username) { |
424 | foreach ($this->query("SELECT * FROM Users WHERE Username = ?", array($username)) as $row) { |
||
297 | freddie | 425 | return $this->getUserByID($row['ID']); |
426 | } |
||
427 | |||
428 | return false; |
||
429 | } |
||
430 | |||
491 | tom | 431 | function getLoggedInUser() { |
432 | if ($this->isLoggedIn()) { |
||
297 | freddie | 433 | $clist = explode('|~|', $_COOKIE['Tim32_Login']); |
434 | return $this->getUserByUsername($clist[0]); |
||
435 | } |
||
436 | |||
437 | return false; |
||
438 | } |
||
439 | |||
491 | tom | 440 | function getBlogPost($id) { |
441 | foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 442 | $post = new BlogPost; |
443 | $post->ID = $row['ID']; |
||
491 | tom | 444 | |
445 | if ($row['ParentID'] == -1) { |
||
297 | freddie | 446 | $post->parent = -1; |
491 | tom | 447 | } else { |
297 | freddie | 448 | $post->parent = $this->getBlogPost($row['ParentID']); |
449 | } |
||
491 | tom | 450 | |
297 | freddie | 451 | $post->author = $this->getUserByID($row['AuthorID']); |
452 | $post->user = $this->getUserByID($row['AuthorID']); // For some older pages |
||
485 | muzer | 453 | $post->title = htmlspecialchars($row['Title']); |
454 | $post->content = htmlspecialchars($row['Content']); |
||
297 | freddie | 455 | $post->datePosted = strtotime($row['DatePosted']); |
456 | $post->category = $row['Category']; |
||
457 | $post->spam = $row['Spam']; |
||
458 | |||
459 | return $post; |
||
460 | } |
||
461 | |||
462 | $this->drawError('Cannot find blog post, #' . $id); |
||
463 | } |
||
464 | |||
491 | tom | 465 | function getProject($id) { |
466 | foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 467 | $project = new Project; |
468 | |||
469 | $project->ID = $row['ID']; |
||
470 | $project->author = $this->getUserByID($row['AuthorID']); |
||
471 | $project->title = $row['Title']; |
||
472 | $project->description = $row['Description']; |
||
473 | $project->logoURL = $row['LogoURL']; |
||
474 | $project->downloadURL = $row['DownloadURL']; |
||
475 | $project->websiteURL = $row['WebsiteURL']; |
||
476 | $project->latestVersion = $row['LatestVersion']; |
||
477 | $project->lastUpdate = strtotime($row['LastUpdate']); |
||
478 | |||
479 | return $project; |
||
480 | } |
||
481 | |||
482 | return false; |
||
483 | } |
||
484 | |||
491 | tom | 485 | function getForumCategory($id) { |
486 | foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 487 | $f = new ForumCategory; |
488 | |||
489 | $f->ID = $row['ID']; |
||
490 | $f->parent = $this->getForumCategory($row['ParentID']); |
||
491 | $f->title = $row['Title']; |
||
492 | $f->description = $row['Description']; |
||
493 | |||
494 | return $f; |
||
495 | } |
||
496 | |||
497 | return false; |
||
498 | } |
||
499 | |||
491 | tom | 500 | function getForumPost($id) { |
501 | foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) { |
||
297 | freddie | 502 | $f = new ForumPost; |
503 | |||
504 | $f->ID = $row['ID']; |
||
505 | $f->author = $this->getUserByID($row['AuthorID']); |
||
506 | $f->category = $this->getForumCategory($row['CategoryID']); |
||
507 | $f->parent = $this->getForumPost($row['ParentID']); |
||
508 | $f->title = $row['Title']; |
||
509 | $f->content = $row['Content']; |
||
510 | $f->datePosted = strtotime($row['DatePosted']); |
||
511 | $f->spam = $row['Spam']; |
||
512 | |||
513 | return $f; |
||
514 | } |
||
515 | |||
516 | return false; |
||
517 | } |
||
518 | |||
491 | tom | 519 | function delBlogPost($id) { |
520 | foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) { |
||
521 | $this->delBlogPost($i); |
||
297 | freddie | 522 | } |
491 | tom | 523 | |
524 | $this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
||
297 | freddie | 525 | } |
526 | |||
500 | freddie | 527 | function saltAndBurn($pass, $salt) { |
503 | freddie | 528 | return sha1($salt . $pass); |
500 | freddie | 529 | } |
530 | |||
508 | freddie | 531 | function rndString($len = 8) { |
532 | $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp'; |
||
514 | freddie | 533 | $clen = strlen($chars); |
508 | freddie | 534 | |
535 | $res = ''; |
||
536 | for ($i = $len - 1; $i >= 0; $i--) { |
||
513 | freddie | 537 | $res .= $chars[rand(0, $clen - 1)]; |
508 | freddie | 538 | } |
539 | |||
540 | return $res; |
||
541 | } |
||
542 | |||
510 | freddie | 543 | function getCSRFToken($id) { |
508 | freddie | 544 | $token = $this->rndString(); |
512 | freddie | 545 | $this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
508 | freddie | 546 | return $token; |
547 | } |
||
548 | |||
510 | freddie | 549 | function checkCSRFToken($id, $token) { |
508 | freddie | 550 | $user = $this->getUserByID($id); |
551 | if ($token !== $user->csrftoken) { |
||
552 | die("a death"); |
||
553 | } |
||
554 | |||
510 | freddie | 555 | $this->getCSRFToken($id); // change to something else so we can't re-use it |
508 | freddie | 556 | } |
557 | |||
491 | tom | 558 | function getGetID() { |
297 | freddie | 559 | $id = $_GET['id']; |
491 | tom | 560 | if (empty($id)) { |
297 | freddie | 561 | $id = 1; |
562 | } |
||
563 | |||
564 | return $id; |
||
565 | } |
||
566 | |||
491 | tom | 567 | function getPostID() { |
297 | freddie | 568 | $id = $_POST['id']; |
491 | tom | 569 | if (empty($id)) { |
297 | freddie | 570 | $id = 1; |
571 | } |
||
572 | |||
573 | return $id; |
||
574 | } |
||
575 | |||
576 | } |
||
577 | |||
578 | class User |
||
579 | { |
||
580 | public $ID; |
||
581 | public $accessID; |
||
582 | public $username; |
||
583 | public $password; |
||
508 | freddie | 584 | public $salt; |
297 | freddie | 585 | public $emailAddress; |
586 | public $name; |
||
507 | freddie | 587 | public $csrftoken; |
443 | tom | 588 | |
297 | freddie | 589 | public $challengeID; |
590 | } |
||
591 | |||
592 | class BlogPost |
||
593 | { |
||
594 | public $ID; |
||
595 | public $parent; |
||
596 | public $author; |
||
597 | public $title; |
||
598 | public $content; |
||
599 | public $datePosted; |
||
600 | public $category; |
||
601 | public $spam; |
||
602 | } |
||
603 | |||
604 | class Project |
||
605 | { |
||
606 | public $ID; |
||
607 | public $author; |
||
608 | public $title; |
||
609 | public $description; |
||
426 | tom | 610 | |
434 | tom | 611 | |
297 | freddie | 612 | public $logoURL; |
613 | public $downloadURL; |
||
614 | public $websiteURL; |
||
615 | public $latestVersion; |
||
616 | public $lastUpdate; |
||
617 | } |
||
618 | |||
619 | class ForumCategory |
||
620 | { |
||
621 | public $ID; |
||
622 | public $parent; |
||
623 | public $title; |
||
624 | public $description; |
||
401 | tom | 625 | |
297 | freddie | 626 | } |
627 | |||
628 | class ForumPost |
||
629 | { |
||
630 | public $id; |
||
631 | public $author; |
||
632 | public $category; |
||
633 | public $parent; |
||
634 | public $title; |
||
635 | public $content; |
||
636 | public $datePosted; |
||
637 | public $spam; |
||
638 | } |
||
639 | |||
640 | function write($str) |
||
641 | { |
||
642 | echo $str; |
||
643 | echo "\n"; |
||
644 | } |
||
645 | |||
646 | ?> |