(root)/_taios.php - Rev 520
Rev 519 |
Rev 521 |
Go to most recent revision |
Blame |
Compare with Previous |
Last modification |
View Log
| RSS feed
<?php
require '_config.php';
class Taios_Page
{
function __construct
($title, $url = "")
{
$this->title = $title;
$this->url = $url;
$this->drawnHeader = false;
$this->drawnMiddle = false;
$this->drawnFooter = false;
try
{
$this->db = new PDO
("mysql:dbname=Tim32;host=" . MYSQL_HOST
, MYSQL_USER
, MYSQL_PASSWORD
,
array( PDO
::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" ));
} catch
(PDOException
$e) {
$this->drawError("Failed to connect to database!");
}
}
function drawHeader
()
{
if (!$this->drawnHeader)
{
write
('<!DOCTYPE html>');
write
('<html lang="en">');
write
('<head>');
write
('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">');
write
('<title>Tim32 · ' . $this->title . '</title>');
write
('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />');
write
('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />');
write
('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>');
write
('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>');
write
('</head>');
write
('<body>');
write
('<div class="sidebar">');
write
('<div class="sidebar-header">');
write
('<a href="' . $this->url . '"><h1>Tim32</h1></a>');
write
('</div>');
write
('<div class="sidebar-menu">');
$this->drawMenuItem('Home', 'index.php');
$this->drawMenuItem('Blog', 'blog/');
$this->drawMenuItem('Projects', 'projects/');
$this->drawMenuItem('Forums', 'forums/');
$this->drawMenuItem('Wiki', 'wiki/');
$this->drawMenuItem('Photos', 'photos/');
write
('<br />');
if ($this->isLoggedIn() && $this->isUserNormal($this->getLoggedInUser())) {
$this->drawMenuItem('Administration', 'admin/');
$this->drawMenuItem('Logout', 'logout-do.php');
} else if ($this->isLoggedIn()) {
$this->drawMenuItem('Logout', 'logout-do.php');
if ($this->getLoggedInUser()->username != "cake") {
$this->drawMenuItem('You are banned', NULL);
} else {
$this->drawMenuItem('<span style="color:#032865">#undefined</span>', '/challenge/cakefolder');
}
} else {
$this->drawMenuItem('Login', 'login.php');
$this->drawMenuItem('Register', 'register.php');
}
write
('<br />');
$this->drawnHeader = true;
}
}
function drawMenuItem
($t, $u) {
if ($u == NULL) {
write
('<p style="color:red">' . $t . '</p>');
} else {
write
('<p><a href="' . $this->url . $u . '">' . $t . '</a></p>');
}
}
function drawMiddle
()
{
if (!$this->drawnMiddle) {
write
('</div>');
write
('</div>');
write
('<div class="content">');
write
('<a href="./"><h2>' . $this->title . '</h2></a>');
$this->drawnMiddle = true;
}
}
function drawFooter
()
{
if (!$this->drawnFooter)
{
write
('</div>');
write
('</body>');
write
('</html>');
$this->drawnFooter = true;
}
die();
}
function drawError
($text, $die = true)
{
$this->drawHeader();
$this->drawMiddle();
write
('<h4 style="color: red;">Error: ' . $text . '</h4>');
if ($die) {
$this->drawFooter();
die();
}
}
function drawBlogPostTree
($id, $first = false)
{
$post = $this->getBlogPost($id);
if ($first)
{
write
('<h3><a href="post.php?id=' . $id . '">' . $post->title. '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>');
}
else
{
write
('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>');
}
write
('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>');
write
('<p>' . $this->replaceBBCode($post->content) . '</p>');
if ($this->isUserNormal($this->getLoggedInUser()))
{
echo '<p class="bold"><a href="add-post.php?id=' . $id . '">Add Comment</a>';
if ($this->isUserAdmin($this->getLoggedInUser()) || $this->getLoggedInUser()->ID == $post->author->ID)
{
echo ' · <a href="edit-post.php?id=' . $id . '">Edit Post</a>';
echo ' · <a href="del-post.php?id=' . $id . '">Delete Post</a>';
}
write
('</p><br />');
}
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id));
for ($i = 0; $i < count($ids); $i++)
{
write
('<div class="indent">');
$this->drawBlogPostTree($ids[$i]);
write
('</div>');
}
}
function drawBlogCategoriesMenu
()
{
$cats = array();
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID = -1');
for ($i = 0; $i < count($ids); $i++)
{
$cat = $this->getBlogPost($ids[$i])->category;
if (!in_array($cat, $cats) && ($cat != "Drafts" || $this->isUserGM($this->getLoggedInUser())))
{
array_push($cats, $cat);
}
}
write
('<h3>Categories</h3>');
for ($i = 0; $i < count($cats); $i++)
{
$this->drawMenuItem($cats[$i], 'blog/index.php?cat=' . $cats[$i]);
}
}
function replaceBBCode
($str)
{
$newstr = $str;
$newstr = str_replace("<", "<", $newstr);
$newstr = str_replace(">", ">", $newstr);
$newstr = str_replace("\n", "<br />", $newstr);
$newstr = str_replace("\\'", "'", $newstr);
$newstr = str_replace("\\\"",'"', $newstr);
$newstr = str_replace(' ', ' ', $newstr);
$bbcode = array(
'/\[b\](.+?)\[\/b\]/is',
'/\[i\](.+?)\[\/i\]/is',
'/\[u\](.+?)\[\/u\]/is',
'/\[s\](.+?)\[\/s\]/is',
'/\[url\](.+?)\[\/url\]/is',
'/\[w\](.+?)\[\/w\]/is',
'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is',
'/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is',
'/\[code\](.+?)\[\/code\]/is',
'/\[img\](.+?)\[\/img\]/is',
'/\[ul\](.+?)\[\/ul\]/is',
'/\[ol\](.+?)\[\/ol\]/is',
'/\[li\](.+?)\[\/li\]/is',
'/\[mono\](.+?)\[\/mono\]/is',
'/\[tcp\](.+?)\[\/tcp\]/is'
);
$html = array(
'<b>$1</b>',
'<i>$1</i>',
'<u>$1</u>',
'<del>$1</del>',
'<a href="$1">$1</a>',
'<a href="/wiki/index.php?page=$1">$1</a>',
'<a href="$1">$2</a>',
'<a href="/wiki/index.php?page=$1">$2</a>',
'</p><div class="code">$1</div><p>',
'<img src="$1" alt="BBCode-included image" />',
'<ul>$1</ul>',
'<ol>$1</ol>',
'<li>$1</li>',
'<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>',
'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="http://tim32.org/~freddie/timlan/goTCP.png" alt="Open TCP Editor" /></span>'
);
$newstr = preg_replace($bbcode, $html, $newstr);
return $newstr;
}
function acceptFile
($fname)
{
if (!ALLOW_FILES
)
{
$page->drawError("This system doesn't allow file uploading.");
return false;
}
$this->checkLoggedIn();
if ($this->getLoggedInUser()->accessID >= 2)
{
$page->drawError('You do not have permission to access this page.');
}
$allowedExts = array("gif", "jpeg", "jpg", "png", "tga");
$temp = explode(".", $_FILES[$fname]["name"]);
$extension = end($temp);
if ((($_FILES[$fname]["type"] == "image/gif")
|| ($_FILES[$fname]["type"] == "image/jpeg")
|| ($_FILES[$fname]["type"] == "image/jpg")
|| ($_FILES[$fname]["type"] == "image/pjpeg")
|| ($_FILES[$fname]["type"] == "image/x-png")
|| ($_FILES[$fname]["type"] == "image/png")
|| ($_FILES[$fname]["type"] == "image/x-targa")
|| ($_FILES[$fname]["type"] == "image/x-tga"))
&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes)
&& in_array($extension, $allowedExts))
{
if ($_FILES[$fname]["error"] > 0)
{
$page->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
}
else
{
$lname = "upload/" . $this->rndString(12) . "." . $extension;
while (file_exists($lname))
{
$lname = "upload/" . $this->rndString(12) . "." . $extension;
}
move_uploaded_file($_FILES[$fname]["tmp_name"], $lname);
return $lname;
}
}
else
{
$page->drawError("Invalid file");
}
return false;
}
function redirect
($u)
{
header('Location: ' . $u);
die();
}
function isLoggedIn
()
{
$cookie = $_COOKIE['Tim32_Login'];
if (!empty($cookie))
{
$clist = explode('|~|', $cookie);
$user = $this->getUserByUsername($clist[0]);
if ($user)
{
if ($user->password == $clist[1])
{
return true;
}
}
}
return false;
}
function isUserAdmin
()
{
if ($this->isLoggedIn())
{
if ($this->getLoggedInUser()->accessID <= 0)
{
return true;
}
}
return false;
}
function isUserGM
()
{
if ($this->isLoggedIn())
{
if ($this->getLoggedInUser()->accessID <= 1)
{
return true;
}
}
return false;
}
function isUserNormal
()
{
if ($this->isLoggedIn())
{
if ($this->getLoggedInUser()->accessID <= 2)
{
return true;
}
}
return false;
}
function isUserBanned
()
{
if ($this->isLoggedIn())
{
if ($this->getLoggedInUser()->accessID >= 3)
{
return true;
}
}
return false;
}
function checkChallengeStatus
($challengeID, $previous, $next)
{
$currentChallengeID = $this->getLoggedInUser()->challengeID;
if (!$this->isLoggedIn())
{
$this->redirect('index.php');
}
else if ($currentChallengeID > $challengeID)
{
$this->redirect($next . '.php');
}
else if ($currentChallengeID < $challengeID)
{
$this->redirect($previous . '.php');
}
}
function checkLoggedIn
()
{
if (!$this->isLoggedIn())
{
$this->drawError('You need to be logged in.');
}
}
function query
($query, $args = array())
{
$statement = $this->db->prepare($query);
if (!$statement->execute($args)) {
$this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo());
}
return $statement->fetchAll();
}
function findIDs
($table, $query = '', $args = array())
{
$array = array();
$results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args);
foreach ($results as $row) {
array_push($array, $row['ID']);
}
return $array;
}
function getUserByID
($id)
{
foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) {
$user = new User
();
$user->ID = $row['ID'];
$user->accessID = $row['AccessID'];
$user->username = $row['Username'];
$user->password = $row['Password'];
$user->salt = $row['Salt'];
$user->emailAddress = $row['EmailAddress'];
$user->name = $row['Name'];
$user->csrftoken = $row['CSRFToken'];
$user->challengeID = $row['ChallengeID'];
return $user;
}
return false;
}
function getUserByUsername
($username) {
foreach ($this->query("SELECT * FROM Users WHERE Username = ?", array($username)) as $row) {
return $this->getUserByID($row['ID']);
}
return false;
}
function getLoggedInUser
() {
if ($this->isLoggedIn()) {
$clist = explode('|~|', $_COOKIE['Tim32_Login']);
return $this->getUserByUsername($clist[0]);
}
return false;
}
function getBlogPost
($id) {
foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) {
$post = new BlogPost
;
$post->ID = $row['ID'];
if ($row['ParentID'] == -1) {
$post->parent = -1;
} else {
$post->parent = $this->getBlogPost($row['ParentID']);
}
$post->author = $this->getUserByID($row['AuthorID']);
$post->user = $this->getUserByID($row['AuthorID']); // For some older pages
$post->title = htmlspecialchars($row['Title']);
$post->content = htmlspecialchars($row['Content']);
$post->datePosted = strtotime($row['DatePosted']);
$post->category = $row['Category'];
$post->spam = $row['Spam'];
return $post;
}
$this->drawError('Cannot find blog post, #' . $id);
}
function getProject
($id) {
foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) {
$project = new Project
;
$project->ID = $row['ID'];
$project->author = $this->getUserByID($row['AuthorID']);
$project->title = $row['Title'];
$project->description = $row['Description'];
$project->logoURL = $row['LogoURL'];
$project->downloadURL = $row['DownloadURL'];
$project->websiteURL = $row['WebsiteURL'];
$project->latestVersion = $row['LatestVersion'];
$project->lastUpdate = strtotime($row['LastUpdate']);
return $project;
}
return false;
}
function getForumCategory
($id) {
foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) {
$f = new ForumCategory
;
$f->ID = $row['ID'];
$f->parent = $this->getForumCategory($row['ParentID']);
$f->title = $row['Title'];
$f->description = $row['Description'];
return $f;
}
return false;
}
function getForumPost
($id) {
foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) {
$f = new ForumPost
;
$f->ID = $row['ID'];
$f->author = $this->getUserByID($row['AuthorID']);
$f->category = $this->getForumCategory($row['CategoryID']);
$f->parent = $this->getForumPost($row['ParentID']);
$f->title = $row['Title'];
$f->content = $row['Content'];
$f->datePosted = strtotime($row['DatePosted']);
$f->spam = $row['Spam'];
return $f;
}
return false;
}
function delBlogPost
($id) {
foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) {
$this->delBlogPost($i);
}
$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id));
}
function saltAndBurn
($pass, $salt) {
return sha1($salt . $pass);
}
function rndString
($len = 8) {
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
$clen = strlen($chars);
$res = '';
for ($i = $len - 1; $i >= 0; $i--) {
$res .= $chars[rand(0, $clen - 1)];
}
return $res;
}
function getCSRFToken
($id) {
$token = $this->rndString();
$this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id));
return $token;
}
function checkCSRFToken
($id, $token) {
$user = $this->getUserByID($id);
if ($token !== $user->csrftoken) {
die("a death");
}
$this->getCSRFToken($id); // change to something else so we can't re-use it
}
function getGetID
() {
$id = $_GET['id'];
if (empty($id)) {
$id = 1;
}
return $id;
}
function getPostID
() {
$id = $_POST['id'];
if (empty($id)) {
$id = 1;
}
return $id;
}
}
class User
{
public $ID;
public $accessID;
public $username;
public $password;
public $salt;
public $emailAddress;
public $name;
public $csrftoken;
public $challengeID;
}
class BlogPost
{
public $ID;
public $parent;
public $author;
public $title;
public $content;
public $datePosted;
public $category;
public $spam;
}
class Project
{
public $ID;
public $author;
public $title;
public $description;
public $logoURL;
public $downloadURL;
public $websiteURL;
public $latestVersion;
public $lastUpdate;
}
class ForumCategory
{
public $ID;
public $parent;
public $title;
public $description;
}
class ForumPost
{
public $id;
public $author;
public $category;
public $parent;
public $title;
public $content;
public $datePosted;
public $spam;
}
function write
($str)
{
echo $str;
echo "\n";
}
?>