WebSVN - taios - Blame - Rev 519

Rev	Author	Line No.	Line
297	freddie	1	<?php
		2
		3	require '_config.php';
		4
		5	class Taios_Page
		6	{
		7	function __construct($title, $url = "")
		8	{
		9	$this->title = $title;
		10	$this->url = $url;
		11
		12	$this->drawnHeader = false;
		13	$this->drawnMiddle = false;
		14	$this->drawnFooter = false;
		15
487	tom	16	try {
		17	$this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD,
		18	array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" ));
		19	} catch (PDOException $e) {
		20	$this->drawError("Failed to connect to database!");
		21	}
297	freddie	22	}
		23
		24	function drawHeader()
		25	{
		26	if (!$this->drawnHeader)
		27	{
		28	write('<!DOCTYPE html>');
490	tom	29	write('<html lang="en">');
297	freddie	30	write('<head>');
		31	write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">');
		32	write('<title>Tim32 · ' . $this->title . '</title>');
490	tom	33	write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />');
463	tom	34	write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />');
485	muzer	35	write('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>');
		36	write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>');
297	freddie	37	write('</head>');
		38	write('<body>');
		39	write('<div class="sidebar">');
		40	write('<div class="sidebar-header">');
483	muzer	41	write('<a href="' . $this->url . '"><h1>Tim32</h1></a>');
297	freddie	42	write('</div>');
		43	write('<div class="sidebar-menu">');
		44	$this->drawMenuItem('Home', 'index.php');
		45	$this->drawMenuItem('Blog', 'blog/');
		46	$this->drawMenuItem('Projects', 'projects/');
		47	$this->drawMenuItem('Forums', 'forums/');
		48	$this->drawMenuItem('Wiki', 'wiki/');
		49	$this->drawMenuItem('Photos', 'photos/');
		50	write('<br />');
485	muzer	51
		52	if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) {
297	freddie	53	$this->drawMenuItem('Administration', 'admin/');
		54	$this->drawMenuItem('Logout', 'logout-do.php');
485	muzer	55	} else if ($this->isLoggedIn()) {
471	muzer	56	$this->drawMenuItem('Logout', 'logout-do.php');
485	muzer	57
		58	if ($this->getLoggedInUser()->username != "cake") {
471	muzer	59	$this->drawMenuItem('You are banned', NULL);
485	muzer	60	} else {
472	tom	61	$this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder');
485	muzer	62	}
		63	} else {
297	freddie	64	$this->drawMenuItem('Login', 'login.php');
		65	$this->drawMenuItem('Register', 'register.php');
		66	}
485	muzer	67
297	freddie	68	write('<br />');
		69	$this->drawnHeader = true;
		70	}
		71	}
		72
485	muzer	73	function drawMenuItem($t, $u) {
		74	if ($u == NULL) {
471	muzer	75	write('<p style="color:red">' . $t . '</p>');
485	muzer	76	} else {
471	muzer	77	write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>');
		78	}
297	freddie	79	}
		80
		81	function drawMiddle()
		82	{
485	muzer	83	if (!$this->drawnMiddle) {
297	freddie	84	write('</div>');
		85	write('</div>');
		86	write('<div class="content">');
483	muzer	87	write('<a href="./"><h2>' . $this->title . '</h2></a>');
297	freddie	88
		89	$this->drawnMiddle = true;
		90	}
		91	}
		92
		93	function drawFooter()
		94	{
		95	if (!$this->drawnFooter)
		96	{
		97	write('</div>');
		98	write('</body>');
		99	write('</html>');
		100
		101	$this->drawnFooter = true;
		102	}
		103
		104	die();
		105	}
		106
		107	function drawError($text, $die = true)
		108	{
		109	$this->drawHeader();
		110	$this->drawMiddle();
		111
		112	write('<h4 style="color: red;">Error: ' . $text . '</h4>');
		113
490	tom	114	if ($die) {
297	freddie	115	$this->drawFooter();
		116	die();
		117	}
		118	}
		119
		120	function drawBlogPostTree($id, $first = false)
		121	{
		122	$post = $this->getBlogPost($id);
		123	if ($first)
		124	{
		125	write('<h3><a href="post.php?id=' . $id . '">' . $post->title. '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>');
		126	}
		127	else
		128	{
		129	write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>');
		130	}
		131	write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>');
		132	write('<p>' . $this->replaceBBCode($post->content) . '</p>');
		133
		134	if ($this->isUserNormal($this->getLoggedInUser()))
		135	{
		136	echo '<p class="bold"><a href="add-post.php?id=' . $id . '">Add Comment</a>';
		137	if ($this->isUserAdmin($this->getLoggedInUser()) \|\| $this->getLoggedInUser()->ID == $post->author->ID)
		138	{
		139	echo '   &middot   <a href="edit-post.php?id=' . $id . '">Edit Post</a>';
		140	echo '   &middot   <a href="del-post.php?id=' . $id . '">Delete Post</a>';
		141	}
		142	write('</p><br />');
		143	}
		144
497	muzer	145	$ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id));
297	freddie	146	for ($i = 0; $i < count($ids); $i++)
		147	{
		148	write('<div class="indent">');
		149	$this->drawBlogPostTree($ids[$i]);
		150	write('</div>');
		151	}
		152	}
		153
		154	function drawBlogCategoriesMenu()
		155	{
		156	$cats = array();
		157
		158	$ids = $this->findIDs('BlogPosts', 'WHERE ParentID = -1');
		159	for ($i = 0; $i < count($ids); $i++)
		160	{
		161	$cat = $this->getBlogPost($ids[$i])->category;
483	muzer	162	if (!in_array($cat, $cats) && ($cat != "Drafts" \|\| $this->isUserGM($this->getLoggedInUser())))
297	freddie	163	{
		164	array_push($cats, $cat);
		165	}
		166	}
		167
		168	write('<h3>Categories</h3>');
		169	for ($i = 0; $i < count($cats); $i++)
		170	{
		171	$this->drawMenuItem($cats[$i], 'blog/index.php?cat=' . $cats[$i]);
		172	}
		173	}
		174
		175	function replaceBBCode($str)
		176	{
437	tom	177	$newstr = $str;
484	muzer	178	$newstr = str_replace("<", "<", $newstr);
		179	$newstr = str_replace(">", ">", $newstr);
481	muzer	180	$newstr = str_replace("\n", "<br />", $newstr);
362	tom	181	$newstr = str_replace("\\'", "'", $newstr);
		182	$newstr = str_replace("\\\"",'"', $newstr);
297	freddie	183	$newstr = str_replace(' ', '  ', $newstr);
		184
		185	$bbcode = array(
485	muzer	186	'/\[b\](.+?)\[\/b\]/is',
		187	'/\[i\](.+?)\[\/i\]/is',
		188	'/\[u\](.+?)\[\/u\]/is',
495	muzer	189	'/\[s\](.+?)\[\/s\]/is',
485	muzer	190	'/\[url\](.+?)\[\/url\]/is',
486	muzer	191	'/\[w\](.+?)\[\/w\]/is',
485	muzer	192	'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is',
486	muzer	193	'/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is',
485	muzer	194	'/\[code\](.+?)\[\/code\]/is',
		195	'/\[img\](.+?)\[\/img\]/is',
		196	'/\[ul\](.+?)\[\/ul\]/is',
		197	'/\[ol\](.+?)\[\/ol\]/is',
		198	'/\[li\](.+?)\[\/li\]/is',
		199	'/\[mono\](.+?)\[\/mono\]/is',
		200	'/\[tcp\](.+?)\[\/tcp\]/is'
297	freddie	201	);
		202
		203	$html = array(
485	muzer	204	'<b>$1</b>',
		205	'<i>$1</i>',
		206	'<u>$1</u>',
495	muzer	207	'<del>$1</del>',
485	muzer	208	'<a href="$1">$1</a>',
486	muzer	209	'<a href="/wiki/index.php?page=$1">$1</a>',
485	muzer	210	'<a href="$1">$2</a>',
486	muzer	211	'<a href="/wiki/index.php?page=$1">$2</a>',
485	muzer	212	'</p><div class="code">$1</div><p>',
		213	'<img src="$1" alt="BBCode-included image" />',
		214	'<ul>$1</ul>',
		215	'<ol>$1</ol>',
		216	'<li>$1</li>',
		217	'<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>',
		218	'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="http://tim32.org/~freddie/timlan/goTCP.png" alt="Open TCP Editor" /></span>'
297	freddie	219	);
		220
		221	$newstr = preg_replace($bbcode, $html, $newstr);
		222
		223	return $newstr;
		224	}
		225
519	freddie	226	function acceptFile($fname)
		227	{
		228	if (!ALLOW_FILES)
		229	{
		230	$page->drawError("This system doesn't allow file uploading.");
		231	return false;
		232	}
		233
		234	$this->checkLoggedIn();
		235	if ($this->getLoggedInUser()->accessID >= 2)
		236	{
		237	$page->drawError('You do not have permission to access this page.');
		238	}
		239
		240	$allowedExts = array("gif", "jpeg", "jpg", "png", "tga");
		241	$temp = explode(".", $_FILES[$fname]["name"]);
		242	$extension = end($temp);
		243	if ((($_FILES[$fname]["type"] == "image/gif")
		244	\|\| ($_FILES[$fname]["type"] == "image/jpeg")
		245	\|\| ($_FILES[$fname]["type"] == "image/jpg")
		246	\|\| ($_FILES[$fname]["type"] == "image/pjpeg")
		247	\|\| ($_FILES[$fname]["type"] == "image/x-png")
		248	\|\| ($_FILES[$fname]["type"] == "image/png")
		249	\|\| ($_FILES[$fname]["type"] == "image/tga"))
		250	&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes)
		251	&& in_array($extension, $allowedExts))
		252	{
		253	if ($_FILES[$fname]["error"] > 0)
		254	{
		255	$page->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
		256	}
		257	else
		258	{
		259	$lname = "upload/" . $this->rndString(12) . "." . $extension;
		260
		261	while (file_exists($lname))
		262	{
		263	$lname = "upload/" . $this->rndString(12) . "." . $extension;
		264	}
		265
		266	move_uploaded_file($_FILES[$fname]["tmp_name"], $lname);
		267	return $lname;
		268	}
		269	}
		270	else
		271	{
		272	$page->drawError("Invalid file");
		273	}
		274
		275	return false;
		276	}
		277
297	freddie	278	function redirect($u)
		279	{
		280	header('Location: ' . $u);
		281	die();
		282	}
		283
		284	function isLoggedIn()
		285	{
		286	$cookie = $_COOKIE['Tim32_Login'];
		287	if (!empty($cookie))
		288	{
		289	$clist = explode('\|~\|', $cookie);
		290	$user = $this->getUserByUsername($clist[0]);
		291	if ($user)
		292	{
		293	if ($user->password == $clist[1])
		294	{
		295	return true;
		296	}
		297	}
		298	}
		299
		300	return false;
		301	}
		302
		303	function isUserAdmin()
		304	{
		305	if ($this->isLoggedIn())
		306	{
		307	if ($this->getLoggedInUser()->accessID <= 0)
		308	{
		309	return true;
		310	}
		311	}
		312
		313	return false;
		314	}
		315
		316	function isUserGM()
		317	{
		318	if ($this->isLoggedIn())
		319	{
		320	if ($this->getLoggedInUser()->accessID <= 1)
		321	{
		322	return true;
		323	}
		324	}
		325
		326	return false;
		327	}
		328
		329	function isUserNormal()
		330	{
		331	if ($this->isLoggedIn())
		332	{
		333	if ($this->getLoggedInUser()->accessID <= 2)
		334	{
		335	return true;
		336	}
		337	}
		338
		339	return false;
		340	}
		341
471	muzer	342	function isUserBanned()
		343	{
		344	if ($this->isLoggedIn())
		345	{
		346	if ($this->getLoggedInUser()->accessID >= 3)
		347	{
		348	return true;
		349	}
		350	}
		351
		352	return false;
		353	}
		354
384	tom	355	function checkChallengeStatus($challengeID, $previous, $next)
		356	{
		357	$currentChallengeID = $this->getLoggedInUser()->challengeID;
		358
		359	if (!$this->isLoggedIn())
		360	{
		361	$this->redirect('index.php');
		362	}
		363	else if ($currentChallengeID > $challengeID)
		364	{
		365	$this->redirect($next . '.php');
		366	}
		367	else if ($currentChallengeID < $challengeID)
		368	{
		369	$this->redirect($previous . '.php');
		370	}
		371	}
		372
297	freddie	373	function checkLoggedIn()
		374	{
		375	if (!$this->isLoggedIn())
		376	{
		377	$this->drawError('You need to be logged in.');
		378	}
		379	}
		380
489	tom	381	function query($query, $args = array())
297	freddie	382	{
487	tom	383	$statement = $this->db->prepare($query);
		384	if (!$statement->execute($args)) {
		385	$this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo());
		386	}
		387
		388	return $statement->fetchAll();
297	freddie	389	}
		390
490	tom	391	function findIDs($table, $query = '', $args = array())
297	freddie	392	{
		393	$array = array();
		394
490	tom	395	$results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args);
487	tom	396	foreach ($results as $row) {
297	freddie	397	array_push($array, $row['ID']);
		398	}
		399
		400	return $array;
		401	}
		402
		403	function getUserByID($id)
		404	{
490	tom	405	foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) {
		406	$user = new User();
297	freddie	407	$user->ID = $row['ID'];
		408	$user->accessID = $row['AccessID'];
		409	$user->username = $row['Username'];
		410	$user->password = $row['Password'];
508	freddie	411	$user->salt = $row['Salt'];
297	freddie	412	$user->emailAddress = $row['EmailAddress'];
		413	$user->name = $row['Name'];
507	freddie	414	$user->csrftoken = $row['CSRFToken'];
297	freddie	415	$user->challengeID = $row['ChallengeID'];
		416
		417	return $user;
		418	}
		419
		420	return false;
		421	}
		422
490	tom	423	function getUserByUsername($username) {
		424	foreach ($this->query("SELECT * FROM Users WHERE Username = ?", array($username)) as $row) {
297	freddie	425	return $this->getUserByID($row['ID']);
		426	}
		427
		428	return false;
		429	}
		430
491	tom	431	function getLoggedInUser() {
		432	if ($this->isLoggedIn()) {
297	freddie	433	$clist = explode('\|~\|', $_COOKIE['Tim32_Login']);
		434	return $this->getUserByUsername($clist[0]);
		435	}
		436
		437	return false;
		438	}
		439
491	tom	440	function getBlogPost($id) {
		441	foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) {
297	freddie	442	$post = new BlogPost;
		443	$post->ID = $row['ID'];
491	tom	444
		445	if ($row['ParentID'] == -1) {
297	freddie	446	$post->parent = -1;
491	tom	447	} else {
297	freddie	448	$post->parent = $this->getBlogPost($row['ParentID']);
		449	}
491	tom	450
297	freddie	451	$post->author = $this->getUserByID($row['AuthorID']);
		452	$post->user = $this->getUserByID($row['AuthorID']); // For some older pages
485	muzer	453	$post->title = htmlspecialchars($row['Title']);
		454	$post->content = htmlspecialchars($row['Content']);
297	freddie	455	$post->datePosted = strtotime($row['DatePosted']);
		456	$post->category = $row['Category'];
		457	$post->spam = $row['Spam'];
		458
		459	return $post;
		460	}
		461
		462	$this->drawError('Cannot find blog post, #' . $id);
		463	}
		464
491	tom	465	function getProject($id) {
		466	foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) {
297	freddie	467	$project = new Project;
		468
		469	$project->ID = $row['ID'];
		470	$project->author = $this->getUserByID($row['AuthorID']);
		471	$project->title = $row['Title'];
		472	$project->description = $row['Description'];
		473	$project->logoURL = $row['LogoURL'];
		474	$project->downloadURL = $row['DownloadURL'];
		475	$project->websiteURL = $row['WebsiteURL'];
		476	$project->latestVersion = $row['LatestVersion'];
		477	$project->lastUpdate = strtotime($row['LastUpdate']);
		478
		479	return $project;
		480	}
		481
		482	return false;
		483	}
		484
491	tom	485	function getForumCategory($id) {
		486	foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) {
297	freddie	487	$f = new ForumCategory;
		488
		489	$f->ID = $row['ID'];
		490	$f->parent = $this->getForumCategory($row['ParentID']);
		491	$f->title = $row['Title'];
		492	$f->description = $row['Description'];
		493
		494	return $f;
		495	}
		496
		497	return false;
		498	}
		499
491	tom	500	function getForumPost($id) {
		501	foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) {
297	freddie	502	$f = new ForumPost;
		503
		504	$f->ID = $row['ID'];
		505	$f->author = $this->getUserByID($row['AuthorID']);
		506	$f->category = $this->getForumCategory($row['CategoryID']);
		507	$f->parent = $this->getForumPost($row['ParentID']);
		508	$f->title = $row['Title'];
		509	$f->content = $row['Content'];
		510	$f->datePosted = strtotime($row['DatePosted']);
		511	$f->spam = $row['Spam'];
		512
		513	return $f;
		514	}
		515
		516	return false;
		517	}
		518
491	tom	519	function delBlogPost($id) {
		520	foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) {
		521	$this->delBlogPost($i);
297	freddie	522	}
491	tom	523
		524	$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id));
297	freddie	525	}
		526
500	freddie	527	function saltAndBurn($pass, $salt) {
503	freddie	528	return sha1($salt . $pass);
500	freddie	529	}
		530
508	freddie	531	function rndString($len = 8) {
		532	$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
514	freddie	533	$clen = strlen($chars);
508	freddie	534
		535	$res = '';
		536	for ($i = $len - 1; $i >= 0; $i--) {
513	freddie	537	$res .= $chars[rand(0, $clen - 1)];
508	freddie	538	}
		539
		540	return $res;
		541	}
		542
510	freddie	543	function getCSRFToken($id) {
508	freddie	544	$token = $this->rndString();
512	freddie	545	$this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id));
508	freddie	546	return $token;
		547	}
		548
510	freddie	549	function checkCSRFToken($id, $token) {
508	freddie	550	$user = $this->getUserByID($id);
		551	if ($token !== $user->csrftoken) {
		552	die("a death");
		553	}
		554
510	freddie	555	$this->getCSRFToken($id); // change to something else so we can't re-use it
508	freddie	556	}
		557
491	tom	558	function getGetID() {
297	freddie	559	$id = $_GET['id'];
491	tom	560	if (empty($id)) {
297	freddie	561	$id = 1;
		562	}
		563
		564	return $id;
		565	}
		566
491	tom	567	function getPostID() {
297	freddie	568	$id = $_POST['id'];
491	tom	569	if (empty($id)) {
297	freddie	570	$id = 1;
		571	}
		572
		573	return $id;
		574	}
		575
		576	}
		577
		578	class User
		579	{
		580	public $ID;
		581	public $accessID;
		582	public $username;
		583	public $password;
508	freddie	584	public $salt;
297	freddie	585	public $emailAddress;
		586	public $name;
507	freddie	587	public $csrftoken;
443	tom	588
297	freddie	589	public $challengeID;
		590	}
		591
		592	class BlogPost
		593	{
		594	public $ID;
		595	public $parent;
		596	public $author;
		597	public $title;
		598	public $content;
		599	public $datePosted;
		600	public $category;
		601	public $spam;
		602	}
		603
		604	class Project
		605	{
		606	public $ID;
		607	public $author;
		608	public $title;
		609	public $description;
426	tom	610
434	tom	611
297	freddie	612	public $logoURL;
		613	public $downloadURL;
		614	public $websiteURL;
		615	public $latestVersion;
		616	public $lastUpdate;
		617	}
		618
		619	class ForumCategory
		620	{
		621	public $ID;
		622	public $parent;
		623	public $title;
		624	public $description;
401	tom	625
297	freddie	626	}
		627
		628	class ForumPost
		629	{
		630	public $id;
		631	public $author;
		632	public $category;
		633	public $parent;
		634	public $title;
		635	public $content;
		636	public $datePosted;
		637	public $spam;
		638	}
		639
		640	function write($str)
		641	{
		642	echo $str;
		643	echo "\n";
		644	}
		645
		646	?>

Subversion Repositories taios

(root)/_taios.php @ 519 - Rev 519