WebSVN - taios - Blame - Rev 521

Rev	Author	Line No.	Line
297	freddie	1	<?php
		2
		3	require '_config.php';
		4
		5	class Taios_Page
		6	{
		7	function __construct($title, $url = "")
		8	{
		9	$this->title = $title;
		10	$this->url = $url;
		11
		12	$this->drawnHeader = false;
		13	$this->drawnMiddle = false;
		14	$this->drawnFooter = false;
		15
487	tom	16	try {
		17	$this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD,
		18	array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" ));
		19	} catch (PDOException $e) {
		20	$this->drawError("Failed to connect to database!");
		21	}
297	freddie	22	}
		23
		24	function drawHeader()
		25	{
		26	if (!$this->drawnHeader)
		27	{
		28	write('<!DOCTYPE html>');
490	tom	29	write('<html lang="en">');
297	freddie	30	write('<head>');
		31	write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">');
		32	write('<title>Tim32 · ' . $this->title . '</title>');
490	tom	33	write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />');
463	tom	34	write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />');
485	muzer	35	write('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>');
		36	write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>');
297	freddie	37	write('</head>');
		38	write('<body>');
		39	write('<div class="sidebar">');
		40	write('<div class="sidebar-header">');
483	muzer	41	write('<a href="' . $this->url . '"><h1>Tim32</h1></a>');
297	freddie	42	write('</div>');
		43	write('<div class="sidebar-menu">');
		44	$this->drawMenuItem('Home', 'index.php');
		45	$this->drawMenuItem('Blog', 'blog/');
		46	$this->drawMenuItem('Projects', 'projects/');
		47	$this->drawMenuItem('Forums', 'forums/');
		48	$this->drawMenuItem('Wiki', 'wiki/');
		49	$this->drawMenuItem('Photos', 'photos/');
		50	write('<br />');
485	muzer	51
		52	if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) {
297	freddie	53	$this->drawMenuItem('Administration', 'admin/');
		54	$this->drawMenuItem('Logout', 'logout-do.php');
485	muzer	55	} else if ($this->isLoggedIn()) {
471	muzer	56	$this->drawMenuItem('Logout', 'logout-do.php');
485	muzer	57
		58	if ($this->getLoggedInUser()->username != "cake") {
471	muzer	59	$this->drawMenuItem('You are banned', NULL);
485	muzer	60	} else {
472	tom	61	$this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder');
485	muzer	62	}
		63	} else {
297	freddie	64	$this->drawMenuItem('Login', 'login.php');
		65	$this->drawMenuItem('Register', 'register.php');
		66	}
485	muzer	67
297	freddie	68	write('<br />');
		69	$this->drawnHeader = true;
		70	}
		71	}
		72
485	muzer	73	function drawMenuItem($t, $u) {
		74	if ($u == NULL) {
471	muzer	75	write('<p style="color:red">' . $t . '</p>');
485	muzer	76	} else {
471	muzer	77	write('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>');
		78	}
297	freddie	79	}
		80
		81	function drawMiddle()
		82	{
485	muzer	83	if (!$this->drawnMiddle) {
297	freddie	84	write('</div>');
		85	write('</div>');
		86	write('<div class="content">');
483	muzer	87	write('<a href="./"><h2>' . $this->title . '</h2></a>');
297	freddie	88
		89	$this->drawnMiddle = true;
		90	}
		91	}
		92
		93	function drawFooter()
		94	{
		95	if (!$this->drawnFooter)
		96	{
		97	write('</div>');
		98	write('</body>');
		99	write('</html>');
		100
		101	$this->drawnFooter = true;
		102	}
		103
		104	die();
		105	}
		106
		107	function drawError($text, $die = true)
		108	{
		109	$this->drawHeader();
		110	$this->drawMiddle();
		111
		112	write('<h4 style="color: red;">Error: ' . $text . '</h4>');
		113
490	tom	114	if ($die) {
297	freddie	115	$this->drawFooter();
		116	die();
		117	}
		118	}
		119
		120	function drawBlogPostTree($id, $first = false)
		121	{
		122	$post = $this->getBlogPost($id);
		123	if ($first)
		124	{
		125	write('<h3><a href="post.php?id=' . $id . '">' . $post->title. '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>');
		126	}
		127	else
		128	{
		129	write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>');
		130	}
		131	write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>');
		132	write('<p>' . $this->replaceBBCode($post->content) . '</p>');
		133
		134	if ($this->isUserNormal($this->getLoggedInUser()))
		135	{
		136	echo '<p class="bold"><a href="add-post.php?id=' . $id . '">Add Comment</a>';
		137	if ($this->isUserAdmin($this->getLoggedInUser()) \|\| $this->getLoggedInUser()->ID == $post->author->ID)
		138	{
		139	echo '   &middot   <a href="edit-post.php?id=' . $id . '">Edit Post</a>';
		140	echo '   &middot   <a href="del-post.php?id=' . $id . '">Delete Post</a>';
		141	}
		142	write('</p><br />');
		143	}
		144
497	muzer	145	$ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id));
297	freddie	146	for ($i = 0; $i < count($ids); $i++)
		147	{
		148	write('<div class="indent">');
		149	$this->drawBlogPostTree($ids[$i]);
		150	write('</div>');
		151	}
		152	}
		153
		154	function drawBlogCategoriesMenu()
		155	{
		156	$cats = array();
		157
		158	$ids = $this->findIDs('BlogPosts', 'WHERE ParentID = -1');
		159	for ($i = 0; $i < count($ids); $i++)
		160	{
		161	$cat = $this->getBlogPost($ids[$i])->category;
483	muzer	162	if (!in_array($cat, $cats) && ($cat != "Drafts" \|\| $this->isUserGM($this->getLoggedInUser())))
297	freddie	163	{
		164	array_push($cats, $cat);
		165	}
		166	}
		167
		168	write('<h3>Categories</h3>');
		169	for ($i = 0; $i < count($cats); $i++)
		170	{
		171	$this->drawMenuItem($cats[$i], 'blog/index.php?cat=' . $cats[$i]);
		172	}
		173	}
		174
		175	function replaceBBCode($str)
		176	{
437	tom	177	$newstr = $str;
484	muzer	178	$newstr = str_replace("<", "<", $newstr);
		179	$newstr = str_replace(">", ">", $newstr);
481	muzer	180	$newstr = str_replace("\n", "<br />", $newstr);
362	tom	181	$newstr = str_replace("\\'", "'", $newstr);
		182	$newstr = str_replace("\\\"",'"', $newstr);
297	freddie	183	$newstr = str_replace(' ', '  ', $newstr);
		184
		185	$bbcode = array(
485	muzer	186	'/\[b\](.+?)\[\/b\]/is',
		187	'/\[i\](.+?)\[\/i\]/is',
		188	'/\[u\](.+?)\[\/u\]/is',
495	muzer	189	'/\[s\](.+?)\[\/s\]/is',
485	muzer	190	'/\[url\](.+?)\[\/url\]/is',
486	muzer	191	'/\[w\](.+?)\[\/w\]/is',
485	muzer	192	'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is',
486	muzer	193	'/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is',
485	muzer	194	'/\[code\](.+?)\[\/code\]/is',
		195	'/\[img\](.+?)\[\/img\]/is',
		196	'/\[ul\](.+?)\[\/ul\]/is',
		197	'/\[ol\](.+?)\[\/ol\]/is',
		198	'/\[li\](.+?)\[\/li\]/is',
		199	'/\[mono\](.+?)\[\/mono\]/is',
		200	'/\[tcp\](.+?)\[\/tcp\]/is'
297	freddie	201	);
		202
		203	$html = array(
485	muzer	204	'<b>$1</b>',
		205	'<i>$1</i>',
		206	'<u>$1</u>',
495	muzer	207	'<del>$1</del>',
485	muzer	208	'<a href="$1">$1</a>',
486	muzer	209	'<a href="/wiki/index.php?page=$1">$1</a>',
485	muzer	210	'<a href="$1">$2</a>',
486	muzer	211	'<a href="/wiki/index.php?page=$1">$2</a>',
485	muzer	212	'</p><div class="code">$1</div><p>',
		213	'<img src="$1" alt="BBCode-included image" />',
		214	'<ul>$1</ul>',
		215	'<ol>$1</ol>',
		216	'<li>$1</li>',
		217	'<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>',
		218	'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="http://tim32.org/~freddie/timlan/goTCP.png" alt="Open TCP Editor" /></span>'
297	freddie	219	);
		220
		221	$newstr = preg_replace($bbcode, $html, $newstr);
		222
		223	return $newstr;
		224	}
		225
519	freddie	226	function acceptFile($fname)
		227	{
		228	if (!ALLOW_FILES)
		229	{
521	freddie	230	$this->drawError("This system doesn't allow file uploading.");
519	freddie	231	return false;
		232	}
		233
		234	$this->checkLoggedIn();
		235	if ($this->getLoggedInUser()->accessID >= 2)
		236	{
521	freddie	237	$this->drawError('You do not have permission to access this page.');
519	freddie	238	}
		239
		240	$allowedExts = array("gif", "jpeg", "jpg", "png", "tga");
		241	$temp = explode(".", $_FILES[$fname]["name"]);
		242	$extension = end($temp);
		243	if ((($_FILES[$fname]["type"] == "image/gif")
		244	\|\| ($_FILES[$fname]["type"] == "image/jpeg")
		245	\|\| ($_FILES[$fname]["type"] == "image/jpg")
		246	\|\| ($_FILES[$fname]["type"] == "image/pjpeg")
		247	\|\| ($_FILES[$fname]["type"] == "image/x-png")
		248	\|\| ($_FILES[$fname]["type"] == "image/png")
520	freddie	249	\|\| ($_FILES[$fname]["type"] == "image/x-targa")
		250	\|\| ($_FILES[$fname]["type"] == "image/x-tga"))
519	freddie	251	&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes)
		252	&& in_array($extension, $allowedExts))
		253	{
		254	if ($_FILES[$fname]["error"] > 0)
		255	{
521	freddie	256	$this->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
519	freddie	257	}
		258	else
		259	{
		260	$lname = "upload/" . $this->rndString(12) . "." . $extension;
		261
		262	while (file_exists($lname))
		263	{
		264	$lname = "upload/" . $this->rndString(12) . "." . $extension;
		265	}
		266
521	freddie	267	move_uploaded_file($_FILES[$fname]["tmp_name"], $this->url . $lname);
		268	return ROOT_PATH . $lname;
519	freddie	269	}
		270	}
		271	else
		272	{
521	freddie	273	$this->drawError("Invalid file");
519	freddie	274	}
		275
		276	return false;
		277	}
		278
297	freddie	279	function redirect($u)
		280	{
		281	header('Location: ' . $u);
		282	die();
		283	}
		284
		285	function isLoggedIn()
		286	{
		287	$cookie = $_COOKIE['Tim32_Login'];
		288	if (!empty($cookie))
		289	{
		290	$clist = explode('\|~\|', $cookie);
		291	$user = $this->getUserByUsername($clist[0]);
		292	if ($user)
		293	{
		294	if ($user->password == $clist[1])
		295	{
		296	return true;
		297	}
		298	}
		299	}
		300
		301	return false;
		302	}
		303
		304	function isUserAdmin()
		305	{
		306	if ($this->isLoggedIn())
		307	{
		308	if ($this->getLoggedInUser()->accessID <= 0)
		309	{
		310	return true;
		311	}
		312	}
		313
		314	return false;
		315	}
		316
		317	function isUserGM()
		318	{
		319	if ($this->isLoggedIn())
		320	{
		321	if ($this->getLoggedInUser()->accessID <= 1)
		322	{
		323	return true;
		324	}
		325	}
		326
		327	return false;
		328	}
		329
		330	function isUserNormal()
		331	{
		332	if ($this->isLoggedIn())
		333	{
		334	if ($this->getLoggedInUser()->accessID <= 2)
		335	{
		336	return true;
		337	}
		338	}
		339
		340	return false;
		341	}
		342
471	muzer	343	function isUserBanned()
		344	{
		345	if ($this->isLoggedIn())
		346	{
		347	if ($this->getLoggedInUser()->accessID >= 3)
		348	{
		349	return true;
		350	}
		351	}
		352
		353	return false;
		354	}
		355
384	tom	356	function checkChallengeStatus($challengeID, $previous, $next)
		357	{
		358	$currentChallengeID = $this->getLoggedInUser()->challengeID;
		359
		360	if (!$this->isLoggedIn())
		361	{
		362	$this->redirect('index.php');
		363	}
		364	else if ($currentChallengeID > $challengeID)
		365	{
		366	$this->redirect($next . '.php');
		367	}
		368	else if ($currentChallengeID < $challengeID)
		369	{
		370	$this->redirect($previous . '.php');
		371	}
		372	}
		373
297	freddie	374	function checkLoggedIn()
		375	{
		376	if (!$this->isLoggedIn())
		377	{
		378	$this->drawError('You need to be logged in.');
		379	}
		380	}
		381
489	tom	382	function query($query, $args = array())
297	freddie	383	{
487	tom	384	$statement = $this->db->prepare($query);
		385	if (!$statement->execute($args)) {
		386	$this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo());
		387	}
		388
		389	return $statement->fetchAll();
297	freddie	390	}
		391
490	tom	392	function findIDs($table, $query = '', $args = array())
297	freddie	393	{
		394	$array = array();
		395
490	tom	396	$results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args);
487	tom	397	foreach ($results as $row) {
297	freddie	398	array_push($array, $row['ID']);
		399	}
		400
		401	return $array;
		402	}
		403
		404	function getUserByID($id)
		405	{
490	tom	406	foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) {
		407	$user = new User();
297	freddie	408	$user->ID = $row['ID'];
		409	$user->accessID = $row['AccessID'];
		410	$user->username = $row['Username'];
		411	$user->password = $row['Password'];
508	freddie	412	$user->salt = $row['Salt'];
297	freddie	413	$user->emailAddress = $row['EmailAddress'];
		414	$user->name = $row['Name'];
507	freddie	415	$user->csrftoken = $row['CSRFToken'];
297	freddie	416	$user->challengeID = $row['ChallengeID'];
		417
		418	return $user;
		419	}
		420
		421	return false;
		422	}
		423
490	tom	424	function getUserByUsername($username) {
		425	foreach ($this->query("SELECT * FROM Users WHERE Username = ?", array($username)) as $row) {
297	freddie	426	return $this->getUserByID($row['ID']);
		427	}
		428
		429	return false;
		430	}
		431
491	tom	432	function getLoggedInUser() {
		433	if ($this->isLoggedIn()) {
297	freddie	434	$clist = explode('\|~\|', $_COOKIE['Tim32_Login']);
		435	return $this->getUserByUsername($clist[0]);
		436	}
		437
		438	return false;
		439	}
		440
491	tom	441	function getBlogPost($id) {
		442	foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) {
297	freddie	443	$post = new BlogPost;
		444	$post->ID = $row['ID'];
491	tom	445
		446	if ($row['ParentID'] == -1) {
297	freddie	447	$post->parent = -1;
491	tom	448	} else {
297	freddie	449	$post->parent = $this->getBlogPost($row['ParentID']);
		450	}
491	tom	451
297	freddie	452	$post->author = $this->getUserByID($row['AuthorID']);
		453	$post->user = $this->getUserByID($row['AuthorID']); // For some older pages
485	muzer	454	$post->title = htmlspecialchars($row['Title']);
		455	$post->content = htmlspecialchars($row['Content']);
297	freddie	456	$post->datePosted = strtotime($row['DatePosted']);
		457	$post->category = $row['Category'];
		458	$post->spam = $row['Spam'];
		459
		460	return $post;
		461	}
		462
		463	$this->drawError('Cannot find blog post, #' . $id);
		464	}
		465
491	tom	466	function getProject($id) {
		467	foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) {
297	freddie	468	$project = new Project;
		469
		470	$project->ID = $row['ID'];
		471	$project->author = $this->getUserByID($row['AuthorID']);
		472	$project->title = $row['Title'];
		473	$project->description = $row['Description'];
		474	$project->logoURL = $row['LogoURL'];
		475	$project->downloadURL = $row['DownloadURL'];
		476	$project->websiteURL = $row['WebsiteURL'];
		477	$project->latestVersion = $row['LatestVersion'];
		478	$project->lastUpdate = strtotime($row['LastUpdate']);
		479
		480	return $project;
		481	}
		482
		483	return false;
		484	}
		485
491	tom	486	function getForumCategory($id) {
		487	foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) {
297	freddie	488	$f = new ForumCategory;
		489
		490	$f->ID = $row['ID'];
		491	$f->parent = $this->getForumCategory($row['ParentID']);
		492	$f->title = $row['Title'];
		493	$f->description = $row['Description'];
		494
		495	return $f;
		496	}
		497
		498	return false;
		499	}
		500
491	tom	501	function getForumPost($id) {
		502	foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) {
297	freddie	503	$f = new ForumPost;
		504
		505	$f->ID = $row['ID'];
		506	$f->author = $this->getUserByID($row['AuthorID']);
		507	$f->category = $this->getForumCategory($row['CategoryID']);
		508	$f->parent = $this->getForumPost($row['ParentID']);
		509	$f->title = $row['Title'];
		510	$f->content = $row['Content'];
		511	$f->datePosted = strtotime($row['DatePosted']);
		512	$f->spam = $row['Spam'];
		513
		514	return $f;
		515	}
		516
		517	return false;
		518	}
		519
491	tom	520	function delBlogPost($id) {
		521	foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) {
		522	$this->delBlogPost($i);
297	freddie	523	}
491	tom	524
		525	$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id));
297	freddie	526	}
		527
500	freddie	528	function saltAndBurn($pass, $salt) {
503	freddie	529	return sha1($salt . $pass);
500	freddie	530	}
		531
508	freddie	532	function rndString($len = 8) {
		533	$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
514	freddie	534	$clen = strlen($chars);
508	freddie	535
		536	$res = '';
		537	for ($i = $len - 1; $i >= 0; $i--) {
513	freddie	538	$res .= $chars[rand(0, $clen - 1)];
508	freddie	539	}
		540
		541	return $res;
		542	}
		543
510	freddie	544	function getCSRFToken($id) {
508	freddie	545	$token = $this->rndString();
512	freddie	546	$this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id));
508	freddie	547	return $token;
		548	}
		549
510	freddie	550	function checkCSRFToken($id, $token) {
508	freddie	551	$user = $this->getUserByID($id);
		552	if ($token !== $user->csrftoken) {
		553	die("a death");
		554	}
		555
510	freddie	556	$this->getCSRFToken($id); // change to something else so we can't re-use it
508	freddie	557	}
		558
491	tom	559	function getGetID() {
297	freddie	560	$id = $_GET['id'];
491	tom	561	if (empty($id)) {
297	freddie	562	$id = 1;
		563	}
		564
		565	return $id;
		566	}
		567
491	tom	568	function getPostID() {
297	freddie	569	$id = $_POST['id'];
491	tom	570	if (empty($id)) {
297	freddie	571	$id = 1;
		572	}
		573
		574	return $id;
		575	}
		576
		577	}
		578
		579	class User
		580	{
		581	public $ID;
		582	public $accessID;
		583	public $username;
		584	public $password;
508	freddie	585	public $salt;
297	freddie	586	public $emailAddress;
		587	public $name;
507	freddie	588	public $csrftoken;
443	tom	589
297	freddie	590	public $challengeID;
		591	}
		592
		593	class BlogPost
		594	{
		595	public $ID;
		596	public $parent;
		597	public $author;
		598	public $title;
		599	public $content;
		600	public $datePosted;
		601	public $category;
		602	public $spam;
		603	}
		604
		605	class Project
		606	{
		607	public $ID;
		608	public $author;
		609	public $title;
		610	public $description;
426	tom	611
434	tom	612
297	freddie	613	public $logoURL;
		614	public $downloadURL;
		615	public $websiteURL;
		616	public $latestVersion;
		617	public $lastUpdate;
		618	}
		619
		620	class ForumCategory
		621	{
		622	public $ID;
		623	public $parent;
		624	public $title;
		625	public $description;
401	tom	626
297	freddie	627	}
		628
		629	class ForumPost
		630	{
		631	public $id;
		632	public $author;
		633	public $category;
		634	public $parent;
		635	public $title;
		636	public $content;
		637	public $datePosted;
		638	public $spam;
		639	}
		640
		641	function write($str)
		642	{
		643	echo $str;
		644	echo "\n";
		645	}
		646
		647	?>

Subversion Repositories taios

(root)/_taios.php @ 521 - Rev 521