mysql)) {
$this->mysql_init();
}
return $this->mysql;
}
private function mysql_init() {
global $db_config;
require($this->conf);
$this->mysql = mysql_connect($db_config['host'],
$db_config['user'],
$db_config['password']);
mysql_set_charset($db_config['charset'], $this->mysql);
mysql_select_db($db_config['name'], $this->mysql);
$this->db_prefix = $db_config['prefix'];
unset($db_config);
}
private function mysql_table($table_name) {
$mysql = $this->mysql();
$prefix = $this->db_prefix;
return $prefix.mysql_real_escape_string($table_name, $mysql);
}
private function mysql_escape($string) {
$mysql = $this->mysql();
return mysql_real_escape_string($string, $mysql);
}
private function mysql_query($query) {
$mysql = $this->mysql();
return mysql_query($query, $mysql);
}
public function mysql_error() {
$mysql = $this->mysql();
return mysql_error($mysql);
}
// High-Level SQL functions ////////////////////////////////////////////
// The 'auth' table
public function getUID($username) {
$t = $this->mysql_table('auth');
$v = $this->mysql_escape($username);
$query =
"SELECT * \n".
"FROM $t \n".
"WHERE name='$v' ;";
$q = $this->mysql_query($query);
$user = mysql_fetch_array($q);
if (isset($user['uid'])) {
return (int)$user['uid'];
} else {
return false;
}
}
public function getUsername($uid) {
if (!is_int($uid)) return false;
$t = $this->mysql_table('auth');
$query =
"SELECT * \n".
"FROM $t \n".
"WHERE uid=$uid ;";
$q = $this->mysql_query($query);
$user = mysql_fetch_array($q);
if (isset($user['name'])) {
return $user['name'];
} else {
return false;
}
}
public function setUsername($uid, $username) {
if (!is_int($uid)) return false;
if ($this->getUID($username) !== false) {
return false;
}
$table = $this->mysql_table('auth');
$name = $this->mysql_escape($username);
$query =
"UPDATE $table \n".
"SET name='$name' \n".
"WHERE uid=$uid ;";
$q = $this->mysql_query($query);
return ($q?true:false);
}
public function getPasswordHash($uid) {
if (!is_int($uid)) return false;
$table = $this->mysql_table('auth');
$query =
"SELECT * \n".
"FROM $table \n".
"WHERE uid=$uid ;";
$q = $this->mysql_query($query);
$user = mysql_fetch_array($q);
if (isset($user['hash'])) {
return $user['hash'];
} else {
return false;
}
}
public function setPassword($uid, $password) {
if (!is_int($uid)) return false;
$table = $this->mysql_table('auth');
$hasher = $this->hasher();
@$hash = $hasher->HashPassword($password);
$query =
"UPDATE $table \n".
"SET hash='$hash' \n".
"WHERE uid=$uid ;";
$q = $this->mysql_query($query);
return ($q?true:false);
}
public function addUser($username, $password) {
$user_exits = $this->getUID($username);
if ($user_exists) {
return false;
}
$table = $this->mysql_table('auth');
$user = $this->mysql_escape($username);
$hasher = $this->hasher();
@$hash = $hasher->HashPassword($password);
$status = 0;
$query =
"INSERT INTO $table ( name, hash , status) \n".
"VALUES ('$user', '$hash', $status) ;";
$this->mysql_query($query);
$uid = $this->getUID($username);
return $uid;
}
public function getStatus($uid) {
if (!is_int($uid)) return false;
$table = $this->mysql_table('auth');
$query =
"SELECT * \n".
"FROM $table \n".
"WHERE uid=$uid ;";
$q = $this->mysql_query($query);
$user = mysql_fetch_array($q);
if (isset($user['status'])) {
return (int)$user['status'];
} else {
return false;
}
}
public function setStatus($uid, $status) {
if (!is_int($uid)) return false;
$table = $this->mysql_table('auth');
$s = $this->mysql_escape($status);
$query =
"UPDATE $table * \n".
"SET status=$s \n".
"WHERE uid=$uid ;";
$q = $this->mysql_query($query);
return ($q?true:false);
}
public function countUsers() {
$table = $this->mysql_table('auth');
$query = "SELECT COUNT(*) FROM $table;";
$q = $this->mysql_query($query);
$row = mysql_fetch_array($q);
$count = $row[0];
return $count;
}
public function listGroups() {
$table = $this->mysql_table('auth');
$query =
"SELECT uid \n".
"FROM $table \n".
"WHERE status=3 ;";
$q = $this->mysql_query($query);
$groups = array();
while (($row = mysql_fetch_array($q)) !==false) {
$groups[] = (int)$row[0];
}
return $groups;
}
public function listGroupNames() {
$table = $this->mysql_table('auth');
$query =
"SELECT name \n".
"FROM $table \n".
"WHERE status=3 ;";
$q = $this->mysql_query($query);
$groups = array();
while (($row = mysql_fetch_array($q)) !==false) {
$groups[] = $row[0].'';
}
return $groups;
}
public function listUsers() {
$table = $this->mysql_table('auth');
$query =
"SELECT uid \n".
"FROM $table \n".
"WHERE status < 3 ;";
$q = $this->mysql_query($query);
$users = array();
while (($row = mysql_fetch_array($q)) !==false) {
$users[] = (int)$row[0];
}
return $users;
}
// The 'users' table
public function findUser($setting, $value) {
$t = $this->mysql_table('users');
$k = $this->mysql_escape($setting);
$v = $this->mysql_escape($value);
$query =
"SELECT * \n".
"FROM $t \n".
"WHERE k = '$k' \n".
"AND UPPER(v)=UPPER('$v') ;";
$q = $this->mysql_query($query);
$user = mysql_fetch_array($q);
if (isset($user['uid'])) {
return $user['uid'];
} else {
return false;
}
}
public function getUserConf($uid, $setting) {
if (!is_int($uid)) return false;
$t = $this->mysql_table('users');
$k = $this->mysql_escape($setting);
$query =
"SELECT * \n".
"FROM $t \n".
"WHERE k='$k' \n".
"AND uid=$uid ;";
$q = $this->mysql_query($query);
$row = mysql_fetch_array($q);
if (isset($row['v'])) {
return $row['v'];
} else {
return false;
}
}
public function setUserConf($uid, $setting, $value) {
if (!is_int($uid)) return false;
$isset = ($this->getUserConf($uid, $setting) !== false);
$t = $this->mysql_table('users');
$k = $this->mysql_escape($setting);
$v = $this->mysql_escape($value);
if ($isset) {
$query =
"UPDATE $t \n".
"SET v = '$v' \n".
"WHERE k = '$k' \n".
"AND uid = $uid ;";
} else {
$query =
"INSERT INTO $t ( uid, k , v ) \n".
"VALUES ($uid, '$k', '$v') ;";
}
$q = $this->mysql_query($query);
return ($q?true:false);
}
public function getUsersInGroup($groupname) {
$table = $this->mysql_table('users');
$group = $this->mysql_escape($groupname);
$query =
"SELECT uid \n".
"FROM $table \n".
"WHERE k='groups' \n".
"AND v LIKE '%,$group,%' ;";
$q = $this->mysql_query($query);
$users = array();
while (($row = mysql_fetch_array($q)) !==false) {
$users[] = $row[0];
}
return $users;
}
// The 'plugins' table
public function getPluginConf($plugin, $key) {
$t = $this->mysql_table('plugins');
$p = $this->mysql_escape($plugin);
$k = $this->mysql_escape($key);
$query =
"SELECT * \n".
"FROM $t \n".
"WHERE k='$k' \n".
"AND plugin='$p' ;";
$q = $this->mysql_query($query);
$row = mysql_fetch_array($q);
if (isset($row['v'])) {
return $row['v'];
} else {
return false;
}
}
public function setPluginConf($plugin, $key, $value) {
$isset = ($this->getPluginConf($plugin, $key) !== false);
$t = $this->mysql_table('plugins');
$p = $this->mysql_escape($plugin);
$k = $this->mysql_escape($key);
$v = $this->mysql_escape($value);
if ($isset) {
$query =
"UPDATE $t \n".
"SET v = '$v' \n".
"WHERE k = '$k' \n".
"AND plugin = '$p' ;";
} else {
$query =
"INSERT INTO $t (plugin, k , v ) \n".
"VALUES ('$p' , '$k', '$v') ;";
}
$q = $this->mysql_query($query);
return ($q?true:false);
}
// The 'conf' table
public function getSysConf($key) {
$t = $this->mysql_table('conf');
$k = $this->mysql_escape($key);
$query =
"SELECT * \n".
"FROM $t \n".
"WHERE k='$k' ;";
$q = $this->mysql_query($query);
$row = mysql_fetch_array($q);
if (isset($row['v'])) {
return $row['v'];
} else {
return false;
}
}
public function setSysConf($key, $value) {
$isset = (getSysConf($key) !== false);
$t = $this->mysql_table('conf');
$k = $this->mysql_escape($key);
$v = $this->mysql_escape($value);
if ($isset) {
$query =
"UPDATE $t \n".
"SET v = '$v' \n".
"WHERE k = '$k' ;";
} else {
$query =
"INSERT INTO $t ( k , v ) \n".
"VALUES ('$k', '$v') ;";
}
$q = $this->mysql_query($query);
return ($q?true:false);
}
// If the remaining code has to deal with SQL, you're doing it wrong. //
public function baseUrl() {
if (!isset($this->base)) {
$this->base = $this->getSysConf('baseurl');
}
return $this->base;
}
public function hasher() {
if (!isset($this->pw_hasher)) {
require_once('PasswordHash.class.php');
$this->pw_hasher = new PasswordHash(8, false);
}
return $this->pw_hasher;
}
public function template() {
if (!isset($this->template)) {
require_once(VIEWPATH.'/Template.class.php');
$this->template = new Template($this->baseUrl(), $this);
}
return $this->template;
}
public function pluginManager() {
if (!isset($this->pluginManager)) {
require_once('PluginManager.class.php');
$this->pluginManager = new PluginManager();
}
return $this->pluginManager;
}
public function login($username, $password) {
$uid = $this->getUID($username);
if ($uid===false) {
// user does not exist
return 2;
}
$hash = $this->getPasswordHash($uid);
$hasher = $this->hasher();
if ($hasher->CheckPassword($password, $hash)) {
// success
$_SESSION['uid'] = $uid;
return 0;
} else {
// wrong password
return 1;
}
}
public function isLoggedIn() {
if ( isset($_SESSION['uid']) && ($_SESSION['uid']!='') ) {
return $_SESSION['uid'];
} else {
return false;
}
}
public function logout() {
$_SESSION['uid'] = '';
}
public function shortUrl($longUrl) {
$ch = curl_init('http://ur1.ca');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFILEDS,
'longurl='.urlencode($longUrl));
$html = curl_exec();
preg_match('/Your ur1 is: /',$html,$matches);
$shortUrl = $matches[1];
curl_close($ch);
return $shortUrl;
}
public function __construct($conf_file) {
$this->conf = $conf_file;
if (!file_exists($this->conf)) {
$this->base = $_SERVER['REQUEST_URI'];
$t = $this->template();
$t->header('Message Manager');
$t->paragraph(
'Awe shiz, dude, conf.php doesn\'t exist, you '.
'need to go through the '.
'installer.');
$t->footer();
exit();
}
session_start();
}
public function getAuthObj($uid) {
if (!isset($this->users[$uid])) {
$is_group = ($this->getStatus($uid)===3);
if ($is_group) {
require_once('Group.class.php');
$this->users[$uid] = new Group($uid);
} else {
require_once('User.class.php');
$this->users[$uid] = new User($uid);
}
}
return $this->users[$uid];
}
/**
* Strip out empty group names and duplicates, sort.
*/
private function sanitizeArray($in) {
$out = array();
foreach ($in as $item) {
if (($item !== '')&&(!in_array($item, $out))) {
$out[] = $item;
}
}
natsort($out);
return $out;
}
/**
* Translate an array into a value suitable to be stored into a
* key-value store in the database.
*/
public function arrayToValue($list) {
$out_list = $this->sanitizeArray($list);
return ','.implode(',', $out_list).',';
}
/**
* Translate a value from arrayToValue() back into an array.
*/
public function valueToArray($value) {
$raw_list = explode(',', $value);
$out_list = $this->sanitizeArray($raw_list);
return $out_list;
}
}